commit bb232b9d52e9aaac9ee282ee7cc9ff22cbba547e
Author: NAStools <dev@nas.tools>
Date:   Tue Nov 1 16:45:16 2016 -0700

    Imported Upstream version 1.1.14

diff --git a/.gitignore b/.gitignore
new file mode 100755
index 0000000..8bf3c55
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,85 @@
+# Main binaries created in *nix builds
+/zerotier-one
+/zerotier-idtool
+/zerotier-cli
+/zerotier-selftest
+/zerotier
+
+# OS-created garbage files from various platforms
+.DS_Store
+.Apple*
+Thumbs.db
+
+# Windows build droppings
+/windows/ZeroTierOne.sdf
+/windows/ZeroTierOne.v11.suo
+/windows/x64
+/windows/Win32
+/windows/*/x64
+/windows/*/Win32
+/windows/ZeroTierOne/Release
+/windows/ZeroTierOneService/obj
+/windows/ZeroTierOneService/bin
+/windows/Build
+/windows/Debug
+/windows/Release
+/windows/WebUIWrapper/bin
+/windows/WebUIWrapper/obj
+/ext/installfiles/windows/ZeroTier One-SetupFiles
+/ext/installfiles/windows/Prerequisites
+/ext/installfiles/windows/*-cache
+/ZeroTier One.msi
+
+# *nix/Mac build droppings
+/build-*
+/ZeroTierOneInstaller-*
+/examples/docker/zerotier-one
+/examples/docker/test-*.env
+/world/mkworld
+/world/*.c25519
+zt1-src.tar.gz
+
+# Miscellaneous temporaries, build files, etc.
+*.log
+*.opensdf
+*.user
+*.cache
+*.obj
+*.tlog
+*.pid
+*.pkg
+*.o
+*.a
+*.dylib
+*.so
+*.so.*
+*.o-*
+*.core
+*.deb
+*.rpm
+*.autosave
+*.tmp
+doc/*.1
+doc/*.2
+doc/*.8
+.depend
+node_modules
+debian/files
+debian/zerotier-one
+debian/zerotier-one*.debhelper
+debian/*.log
+debian/zerotier-one.substvars
+
+# Java/Android/JNI build droppings
+java/obj/
+java/libs/
+java/bin/
+java/classes/
+java/doc/
+java/build_win64/
+java/build_win32/
+/java/mac32_64/
+windows/WinUI/obj/
+windows/WinUI/bin/
+windows/ZeroTierOne/Debug/
+/ext/installfiles/windows/chocolatey/zerotier-one/*.nupkg
diff --git a/AUTHORS.md b/AUTHORS.md
new file mode 100644
index 0000000..aa9e911
--- /dev/null
+++ b/AUTHORS.md
@@ -0,0 +1,80 @@
+## Primary Authors
+
+ * ZeroTier Core and ZeroTier One virtual networking service<br>
+   Adam Ierymenko / adam.ierymenko@zerotier.com
+
+ * Java JNI Interface to enable Android application development, and Android app itself (code for that is elsewhere)<br>
+   Grant Limberg / glimberg@gmail.com
+
+ * ZeroTier SDK (formerly known as Network Containers)<br>
+   Joseph Henry / joseph.henry@zerotier.com
+
+## Third Party Contributors
+
+ * A number of fixes and improvements to the new controller, other stuff.<br>
+   Kees Bos / https://github.com/keesbos/
+
+ * Debugging and testing, OpenWRT support fixes.<br>
+   Moritz Warning / moritzwarning@web.de
+
+ * Debian GNU/Linux packaging, manual pages, and license compliance edits.<br>
+   Ben Finney <ben+zerotier@benfinney.id.au>
+
+ * Several others made smaller contributions, which GitHub tracks here:<br>
+   https://github.com/zerotier/ZeroTierOne/graphs/contributors/
+
+## Third-Party Code
+
+These are included in ext/ for platforms that do not have them available in common repositories. Otherwise they may be linked and the package may ship with them as dependencies.
+
+ * LZ4 compression algorithm by Yann Collet
+
+   * Files: ext/lz4/*
+   * Home page: http://code.google.com/p/lz4/
+   * License grant: BSD attribution
+
+ * http-parser by Joyent, Inc. (many authors)
+
+   * Files: ext/http-parser/*
+   * Home page: https://github.com/joyent/http-parser/
+   * License grant: MIT/Expat
+
+ * json-parser by James McLaughlin
+
+   * Files: ext/json-parser/*
+   * Home page: https://github.com/udp/json-parser/
+   * License grant: BSD attribution
+
+ * TunTapOSX by Mattias Nissler
+
+   * Files: ext/tap-mac/tuntap/*
+   * Home page: http://tuntaposx.sourceforge.net/
+   * License grant: BSD attribution no-endorsement
+   * ZeroTier Modifications: change interface name to zt#, increase max MTU, increase max devices
+
+ * tap-windows6 by the OpenVPN project
+
+   * Files: windows/TapDriver6/*
+   * Home page:
+       https://github.com/OpenVPN/tap-windows6/
+   * License grant: GNU GPL v2
+   * ZeroTier Modifications: change name of driver to ZeroTier, add ioctl() to get L2 multicast memberships (source is in ext/ and modifications inherit GPL)
+
+ * Salsa20 stream cipher, Curve25519 elliptic curve cipher, Ed25519
+   digital signature algorithm, and Poly1305 MAC algorithm, all by
+   Daniel J. Bernstein
+
+   * Files:
+       node/Salsa20.hpp
+       node/C25519.hpp
+       node/Poly1305.hpp
+   * Home page: http://cr.yp.to/
+   * License grant: public domain
+
+ * MiniUPNPC and libnatpmp by Thomas Bernard
+
+   * Files:
+       ext/libnatpmp/*
+       ext/miniupnpc/*
+   * Home page: http://miniupnp.free.fr/
+   * License grant: BSD attribution no-endorsement
diff --git a/COPYING b/COPYING
new file mode 100644
index 0000000..23d42df
--- /dev/null
+++ b/COPYING
@@ -0,0 +1,17 @@
+ZeroTier One, an endpoint server for the ZeroTier virtual network layer.
+Copyright © 2011–2016 ZeroTier, Inc.
+
+ZeroTier One is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or (at
+your option) any later version.
+
+See the file ‘LICENSE.GPL-3’ for the text of the GNU GPL version 3.
+If that file is not present, see <http://www.gnu.org/licenses/>.
+
+..
+    Local variables:
+    coding: utf-8
+    mode: text
+    End:
+    vim: fileencoding=utf-8 filetype=text :
diff --git a/LICENSE.GPL-2 b/LICENSE.GPL-2
new file mode 100644
index 0000000..d159169
--- /dev/null
+++ b/LICENSE.GPL-2
@@ -0,0 +1,339 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+                            NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
diff --git a/LICENSE.GPL-3 b/LICENSE.GPL-3
new file mode 100644
index 0000000..94a9ed0
--- /dev/null
+++ b/LICENSE.GPL-3
@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<http://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<http://www.gnu.org/philosophy/why-not-lgpl.html>.
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..5a5f660
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,18 @@
+# Common makefile -- loads make rules for each platform
+
+OSTYPE=$(shell uname -s)
+
+ifeq ($(OSTYPE),Darwin)
+	include make-mac.mk
+endif
+
+ifeq ($(OSTYPE),Linux)
+	include make-linux.mk
+endif
+
+ifeq ($(OSTYPE),FreeBSD)
+	include make-freebsd.mk
+endif
+ifeq ($(OSTYPE),OpenBSD)
+	include make-freebsd.mk
+endif
diff --git a/OFFICIAL-RELEASE-STEPS.md b/OFFICIAL-RELEASE-STEPS.md
new file mode 100644
index 0000000..37e6791
--- /dev/null
+++ b/OFFICIAL-RELEASE-STEPS.md
@@ -0,0 +1,63 @@
+ZeroTier Official Release Steps
+======
+
+This is mostly for ZeroTier internal use, but others who want to do builds might find it helpful.
+
+Note: Many of these steps will require GPG and other signing keys that are kept in cold storage and must be mounted.
+
+# Bumping the Version and Preparing Installers
+
+The version must be incremented in all of the following files:
+
+    /version.h
+    /zerotier-one.spec
+    /debian/changelog
+    /ext/installfiles/mac/ZeroTier One.pkgproj
+    /ext/installfiles/windows/chocolatey/zerotier-one.nuspec
+    /ext/installfiles/windows/ZeroTier One.aip
+
+The final .AIP file can only be edited on Windows with [Advanced Installer Enterprise](http://www.advancedinstaller.com/). In addition to incrementing the version be sure that a new product code is generated. (The "upgrade code" GUID on the other hand must never change.)
+
+# Building for Supported Platforms
+
+## Macintosh
+
+Mac's easy. Just type:
+
+    make official
+
+You will need [Packages](http://s.sudre.free.fr/Software/Packages/about.html) and our release signing key in the keychain.
+
+## Linux
+
+Mount the GPG key for *contact@zerotier.com* and then on an x86_64 box with a recent version of Docker and an Internet connection run:
+
+    make distclean
+    cd linux-build-farm
+    ./build.sh
+
+This will build i386 and x86_64 packages. Now ssh into our build Raspberry Pi and type `make debian` there to build the Raspbian armhf package. Copy it to `debian-jessie/` inside `linux-build-farm` so that it will be included in the repositories we generate. Now generate the YUM and APT repos:
+
+    rm -rf ~/.aptly*
+    rm -rf /tmp/zt-rpm-repo
+    ./make-apt-repos.sh
+    ./make-rpm-repos.sh
+
+This will require the passphrase for *contact@zerotier.com*.
+
+The contents of ~/.aptly/public must be published as `debian/` on `download.zerotier.com`. The contents of /tmp/zt-rpm-repo are published as `redhat/` on same.
+
+## Windows
+
+First load the Visual Studio solution and rebuild the UI and ZeroTier One in both x64 and i386 `Release` mode. Then load [Advanced Installer Enterprise](http://www.advancedinstaller.com/), check that the version is correct, and build. The build will fail if any build artifacts are missing, and Windows must have our product singing key (from DigiCert) available to sign the resulting MSI file. The MSI must then be tested on at least a few different CLEAN Windows VMs to ensure that the installer is valid and properly signed.
+
+*After the MSI is published to download.zerotier.com in the proper RELEASE/#.#.#/dist subfolder for its version* the Chocolatey package must be rebuilt and published. Open a command prompt, change to `ext/installfiles/windows/chocolatey`, and type `choco pack`. Then use `choco push` to push it to Chocolatey (API key required).
+
+    choco pack
+    choco push zerotier-one.#.#.#.nupkg -s https://chocolatey.org/
+
+Note that this does not cover rebuilding the drivers or their containing MSI projects, as this is typically not necessary and they are shipped in binary form in the repository for convenience.
+
+## iOS, Android
+
+... no docs here yet since this is done entirely out of band with regular installs.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..a34a1a5
--- /dev/null
+++ b/README.md
@@ -0,0 +1,101 @@
+ZeroTier - A Planetary Ethernet Switch
+======
+
+ZeroTier is a software-based managed Ethernet switch for planet Earth.
+
+It erases the LAN/WAN distinction and makes VPNs, tunnels, proxies, and other kludges arising from the inflexible nature of physical networks obsolete. Everything is encrypted end-to-end and traffic takes the most direct (peer to peer) path available.
+
+This repository contains ZeroTier One, a service that provides ZeroTier network connectivity to devices running Windows, Mac, Linux, iOS, Android, and FreeBSD and makes joining virtual networks as easy as joining IRC or Slack channels. It also contains the OS-independent core ZeroTier protocol implementation in [node/](node/).
+
+Visit [ZeroTier's site](https://www.zerotier.com/) for more information and [pre-built binary packages](https://www.zerotier.com/download.shtml). Apps for Android and iOS are available for free in the Google Play and Apple app stores.
+
+### Getting Started
+
+ZeroTier's basic operation is easy to understand. Devices have 10-digit *ZeroTier addresses* like `89e92ceee5` and networks have 16-digit network IDs like `8056c2e21c000001`. All it takes for a device to join a network is its 16-digit ID, and all it takes for a network to authorize a device is its 10-digit address. Everything else is automatic.
+
+A "device" can be anything really: desktops, laptops, phones, servers, VMs/VPSes, containers, and even (soon) apps.
+
+For testing we provide a public virtual network called *Earth* with network ID `8056c2e21c000001`. On Linux and Mac you can do this with:
+
+    sudo zerotier-cli join 8056c2e21c000001
+
+Now wait about 30 seconds and check your system with `ip addr list` or `ifconfig`. You'll see a new interface whose name starts with *zt* and it should quickly get an IPv4 and an IPv6 address. Once you see it get an IP, try pinging `earth.zerotier.net` at `29.209.112.93`. If you've joined Earth from more than one system, try pinging your other machine.
+
+*(IPv4 addresses for Earth are assigned from the block 28.0.0.0/7, which is not a part of the public Internet but is non-standard for private networks. It's used to avoid IP conflicts during testing. Your networks can run any IP addressing scheme you want.)*
+
+If you don't want to belong to a giant Ethernet party line anymore, just type:
+
+    sudo zerotier-cli leave 8056c2e21c000001
+
+The *zt* interface will disappear. You're no longer on the network.
+
+To create networks of your own you'll need a network controller. You can use [our hosted controller at my.zerotier.com](https://my.zerotier.com) which is free for up to 100 devices on an unlimited number of networks, or you can build your own controller and run it through its local JSON API. See [README.md in controller/](controller/) for more information.
+
+### Building from Source
+
+For Mac, Linux, and BSD, just type "make" (or "gmake" on BSD). You won't need much installed; here are the requirements for various platforms:
+
+ * **Mac**: Xcode command line tools. It should build on OSX 10.7 or newer.
+ * **Linux**: gcc/g++ (4.9 or newer recommended) or clang/clang++ (3.4 or newer recommended) Makefile will use clang by default if available. The Linux build will auto-detect the presence of development headers for *json-parser*, *http-parser*, *li8bnatpmp*, and *libminiupnpc* and will link against the system libraries for these if they are present and recent enough. Otherwise the bundled versions in [ext/](ext/) will be used. Type `make install` to install the binaries and other files on the system, though this will not create init.d or systemd links.
+ * **FreeBSD**: C++ compiler (G++ usually) and GNU make (gmake).
+
+Each supported platform has its own *make-XXX.mk* file that contains the actual make rules for the platform. The right .mk file is included by the main Makefile based on the GNU make *OSTYPE* variable. Take a look at the .mk file for your platform for other targets, debug build rules, etc.
+
+Typing `make selftest` will build a *zerotier-selftest* binary which unit tests various internals and reports on a few aspects of the build environment. It's a good idea to try this on novel platforms or architectures.
+
+Windows, of course, is special. We build for Windows with Microsoft Visual Studio 2012 on Windows 7. A solution file is located in the *windows/* subfolder. Newer versions of Visual Studio (and Windows) may work but haven't been tested. Older versions almost certainly will not, since they lack things like *stdint.h* and certain STL features. MinGW or other ports of gcc/clang to Windows should also work but haven't been tested.
+
+32 and 64 bit X86 and ARM (e.g. Raspberry Pi, Android) are officially supported. Community members have built for MIPS and Sparc without issues.
+
+### Running
+
+Running *zerotier-one* with -h will show help.
+
+On Linux and BSD you can start the service with:
+
+    sudo ./zerotier-one -d
+
+A home folder for your system will automatically be created.
+
+The service is controlled via the JSON API, which by default is available at 127.0.0.1 port 9993. We include a *zerotier-cli* command line utility to make API calls for standard things like joining and leaving networks. The *authtoken.secret* file in the home folder contains the secret token for accessing this API. See README.md in [service/](service/) for API documentation.
+
+Here's where home folders live (by default) on each OS:
+
+ * **Linux**: `/var/lib/zerotier-one`
+ * **FreeBSD**: `/var/db/zerotier-one`
+ * **Mac**: `/Library/Application Support/ZeroTier/One`
+ * **Windows**: `\ProgramData\ZeroTier\One` (That's for Windows 7. The base 'shared app data' folder might be different on different Windows versions.)
+
+Running ZeroTier One on a Mac is the same, but OSX requires a kernel extension. We ship a signed binary build of the ZeroTier tap device driver, which can be installed on Mac with:
+
+    sudo make install-mac-tap
+
+This will create the home folder for Mac, place *tap.kext* there, and set its modes correctly to enable ZeroTier One to manage it with *kextload* and *kextunload*.
+
+### Troubleshooting
+
+For most users, it just works.
+
+If you are running a local system firewall, we recommend adding a rule permitting UDP port 9993 inbound and outbound. If you installed binaries for Windows this should be done automatically. Other platforms might require manual editing of local firewall rules depending on your configuration.
+
+The Mac firewall can be found under "Security" in System Preferences. Linux has a variety of firewall configuration systems and tools. If you're using Ubuntu's *ufw*, you can do this:
+
+    sudo ufw allow 9993/udp
+
+On CentOS check `/etc/sysconfig/iptables` for IPTables rules. For other distributions consult your distribution's documentation. You'll also have to check the UIs or documentation for commercial third party firewall applications like Little Snitch (Mac), McAfee Firewall Enterprise (Windows), etc. if you are running any of those. Some corporate environments might have centrally managed firewall software, so you might also have to contact IT.
+
+ZeroTier One peers will automatically locate each other and communicate directly over a local wired LAN *if UDP port 9993 inbound is open*. If that port is filtered, they won't be able to see each others' LAN announcement packets. If you're experiencing poor performance between devices on the same physical network, check their firewall settings. Without LAN auto-location peers must attempt "loopback" NAT traversal, which sometimes fails and in any case requires that every packet traverse your external router twice.
+
+Users behind certain types of firewalls and "symmetric" NAT devices may not able able to connect to external peers directly at all. ZeroTier has limited support for port prediction and will *attempt* to traverse symmetric NATs, but this doesn't always work. If P2P connectivity fails you'll be bouncing UDP packets off our relay servers resulting in slower performance. Some NAT router(s) have a configurable NAT mode, and setting this to "full cone" will eliminate this problem. If you do this you may also see a magical improvement for things like VoIP phones, Skype, BitTorrent, WebRTC, certain games, etc., since all of these use NAT traversal techniques similar to ours.
+
+If you're interested, there's a [technical deep dive about NAT traversal on our blog](https://www.zerotier.com/blog/?p=226). A troubleshooting tool to help you diagnose NAT issues is planned for the future as are uPnP/IGD/NAT-PMP and IPv6 transport.
+
+If a firewall between you and the Internet blocks ZeroTier's UDP traffic, you will fall back to last-resort TCP tunneling to rootservers over port 443 (https impersonation). This will work almost anywhere but is *very slow* compared to UDP or direct peer to peer connectivity.
+
+### Contributing
+
+Please make pull requests against the `dev` branch. The `master` branch is release, and `edge` is for unstable and work in progress changes and is not likely to work.
+
+### License
+
+The ZeroTier source code is open source and is licensed under the GNU GPL v3 (not LGPL). If you'd like to embed it in a closed-source commercial product or appliance, please e-mail [contact@zerotier.com](mailto:contact@zerotier.com) to discuss commercial licensing. Otherwise it can be used for free.
diff --git a/artwork/AppIcon.png b/artwork/AppIcon.png
new file mode 100644
index 0000000..b96076b
Binary files /dev/null and b/artwork/AppIcon.png differ
diff --git a/artwork/AppIcon@2x.png b/artwork/AppIcon@2x.png
new file mode 100644
index 0000000..6f1952e
Binary files /dev/null and b/artwork/AppIcon@2x.png differ
diff --git a/artwork/AppIcon@3x.png b/artwork/AppIcon@3x.png
new file mode 100644
index 0000000..b32d323
Binary files /dev/null and b/artwork/AppIcon@3x.png differ
diff --git a/artwork/AppIcon_29x29.png b/artwork/AppIcon_29x29.png
new file mode 100644
index 0000000..762af5c
Binary files /dev/null and b/artwork/AppIcon_29x29.png differ
diff --git a/artwork/AppIcon_40x40.png b/artwork/AppIcon_40x40.png
new file mode 100644
index 0000000..b0a44c4
Binary files /dev/null and b/artwork/AppIcon_40x40.png differ
diff --git a/artwork/AppIcon_58x58.png b/artwork/AppIcon_58x58.png
new file mode 100644
index 0000000..6778218
Binary files /dev/null and b/artwork/AppIcon_58x58.png differ
diff --git a/artwork/AppIcon_80x80.png b/artwork/AppIcon_80x80.png
new file mode 100644
index 0000000..3d630d4
Binary files /dev/null and b/artwork/AppIcon_80x80.png differ
diff --git a/artwork/AppIcon_87x87.png b/artwork/AppIcon_87x87.png
new file mode 100644
index 0000000..cd864eb
Binary files /dev/null and b/artwork/AppIcon_87x87.png differ
diff --git a/artwork/AppIcon_iPad@2x.png b/artwork/AppIcon_iPad@2x.png
new file mode 100644
index 0000000..0d3d7a7
Binary files /dev/null and b/artwork/AppIcon_iPad@2x.png differ
diff --git a/artwork/AppIcon_iPadPro@2x.png b/artwork/AppIcon_iPadPro@2x.png
new file mode 100644
index 0000000..9a8cfcf
Binary files /dev/null and b/artwork/AppIcon_iPadPro@2x.png differ
diff --git a/artwork/ZeroTierIcon-WithBorder.png b/artwork/ZeroTierIcon-WithBorder.png
new file mode 100644
index 0000000..b7f06d7
Binary files /dev/null and b/artwork/ZeroTierIcon-WithBorder.png differ
diff --git a/artwork/ZeroTierIcon.icns b/artwork/ZeroTierIcon.icns
new file mode 100644
index 0000000..17e60d5
Binary files /dev/null and b/artwork/ZeroTierIcon.icns differ
diff --git a/artwork/ZeroTierIcon.ico b/artwork/ZeroTierIcon.ico
new file mode 100644
index 0000000..2d190c4
Binary files /dev/null and b/artwork/ZeroTierIcon.ico differ
diff --git a/artwork/ZeroTierIcon.png b/artwork/ZeroTierIcon.png
new file mode 100644
index 0000000..4d9641b
Binary files /dev/null and b/artwork/ZeroTierIcon.png differ
diff --git a/artwork/ZeroTierIcon512x512.png b/artwork/ZeroTierIcon512x512.png
new file mode 100644
index 0000000..d225c2e
Binary files /dev/null and b/artwork/ZeroTierIcon512x512.png differ
diff --git a/artwork/logo.html b/artwork/logo.html
new file mode 100644
index 0000000..69c06a2
--- /dev/null
+++ b/artwork/logo.html
@@ -0,0 +1,37 @@
+<html>
+<head>
+<style type="text/css">
+html,body {
+	background: #aaaaaa;
+	margin: 0;
+	padding: 0;
+	font-family: "Helvetica";
+	font-weight: bold;
+	font-size: 12pt;
+	height: 100%;
+	width: 100%;
+}
+div.icon {
+	background: #ffb354;
+	color: #000000;
+	font-size: 150pt;
+	border-radius: 2.5rem;
+	display: inline-block;
+	width: 1.3em;
+	height: 1.3em;
+	padding: 0;
+	margin: 0;
+	line-height: 1.4em;
+	vertical-align: middle;
+	text-align: center;
+}
+</style>
+</head>
+<body>
+<br><br><br><br><br><br>
+<!-- Yes, our logo is a Unicode character. It sort of just turned out that way. -->
+<center>
+<div class="icon">&#x23c1;</div>
+</center>
+</body>
+</html>
\ No newline at end of file
diff --git a/attic/Filter.cpp b/attic/Filter.cpp
new file mode 100644
index 0000000..a701e8b
--- /dev/null
+++ b/attic/Filter.cpp
@@ -0,0 +1,408 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <algorithm>
+
+#include "RuntimeEnvironment.hpp"
+#include "Logger.hpp"
+#include "Filter.hpp"
+#include "Utils.hpp"
+
+namespace ZeroTier {
+
+const char *const Filter::UNKNOWN_NAME = "(unknown)";
+const Range<unsigned int> Filter::ANY;
+
+static inline Range<unsigned int> __parseRange(char *r)
+	throw(std::invalid_argument)
+{
+	char *saveptr = (char *)0;
+	unsigned int a = 0;
+	unsigned int b = 0;
+	unsigned int fn = 0;
+	for(char *f=Utils::stok(r,"-",&saveptr);(f);f=Utils::stok((char *)0,"-",&saveptr)) {
+		if (*f) {
+			switch(fn++) {
+				case 0:
+					if (*f != '*')
+						a = b = (unsigned int)strtoul(f,(char **)0,10);
+					break;
+				case 1:
+					if (*f != '*')
+						b = (unsigned int)strtoul(f,(char **)0,10);
+					break;
+				default:
+					throw std::invalid_argument("rule range must be <int>, <int>-<int>, or *");
+			}
+		}
+	}
+	return Range<unsigned int>(a,b);
+}
+
+Filter::Rule::Rule(const char *s)
+	throw(std::invalid_argument)
+{
+	char *saveptr = (char *)0;
+	char tmp[256];
+	if (!Utils::scopy(tmp,sizeof(tmp),s))
+		throw std::invalid_argument("rule string too long");
+	unsigned int fn = 0;
+	for(char *f=Utils::stok(tmp,";",&saveptr);(f);f=Utils::stok((char *)0,";",&saveptr)) {
+		if (*f) {
+			switch(fn++) {
+				case 0:
+					_etherType = __parseRange(f);
+					break;
+				case 1:
+					_protocol = __parseRange(f);
+					break;
+				case 2:
+					_port = __parseRange(f);
+					break;
+				default:
+					throw std::invalid_argument("rule string has unknown extra fields");
+			}
+		}
+	}
+	if (fn != 3)
+		throw std::invalid_argument("rule string must contain 3 fields");
+}
+
+bool Filter::Rule::operator()(unsigned int etype,const void *data,unsigned int len) const
+	throw(std::invalid_argument)
+{
+	if ((!_etherType)||(_etherType(etype))) { // ethertype is ANY, or matches
+		// Ethertype determines meaning of protocol and port
+		switch(etype) {
+			case ZT_ETHERTYPE_IPV4:
+				if (len > 20) {
+					if ((!_protocol)||(_protocol(((const uint8_t *)data)[9]))) { // protocol is ANY or match
+						if (!_port) // port is ANY
+							return true;
+
+						// Don't match on fragments beyond fragment 0. If we've blocked
+						// fragment 0, further fragments will fall on deaf ears anyway.
+						if ((Utils::ntoh(((const uint16_t *)data)[3]) & 0x1fff))
+							return false;
+
+						// Internet header length determines where data begins, in multiples of 32 bits
+						unsigned int ihl = 4 * (((const uint8_t *)data)[0] & 0x0f);
+
+						switch(((const uint8_t *)data)[9]) { // port's meaning depends on IP protocol
+							case ZT_IPPROTO_ICMP:
+								// For ICMP, port is ICMP type
+								return _port(((const uint8_t *)data)[ihl]);
+							case ZT_IPPROTO_TCP:
+							case ZT_IPPROTO_UDP:
+							case ZT_IPPROTO_SCTP:
+							case ZT_IPPROTO_UDPLITE:
+								// For these, port is destination port. Protocol designers were
+								// nice enough to put the field in the same place.
+								return _port(((const uint16_t *)data)[(ihl / 2) + 1]);
+							default:
+								// port has no meaning for other IP types, so ignore it
+								return true;
+						}
+
+						return false; // no match on port
+					}
+				} else throw std::invalid_argument("undersized IPv4 packet");
+				break;
+
+			case ZT_ETHERTYPE_IPV6:
+				if (len > 40) {
+					int nextHeader = ((const uint8_t *)data)[6];
+					unsigned int pos = 40;
+					while ((pos < len)&&(nextHeader >= 0)&&(nextHeader != 59)) { // 59 == no next header
+						fprintf(stderr,"[rule] V6: start header parse, header %.2x pos %d\n",nextHeader,pos);
+
+						switch(nextHeader) {
+							case 0: // hop-by-hop options
+							case 60: // destination options
+							case 43: // routing
+							case 135: // mobility (mobile IPv6 options)
+								if (_protocol((unsigned int)nextHeader))
+									return true; // match if our goal was to match any of these
+								nextHeader = ((const uint8_t *)data)[pos];
+								pos += 8 + (8 * ((const uint8_t *)data)[pos + 1]);
+								break;
+							case 44: // fragment
+								if (_protocol(44))
+									return true; // match if our goal was to match fragments
+								nextHeader = ((const uint8_t *)data)[pos];
+								pos += 8;
+								break;
+							case ZT_IPPROTO_AH: // AH
+								return _protocol(ZT_IPPROTO_AH); // true if AH is matched protocol, otherwise false since packet will be IPsec
+							case ZT_IPPROTO_ESP: // ESP
+								return _protocol(ZT_IPPROTO_ESP); // true if ESP is matched protocol, otherwise false since packet will be IPsec
+							case ZT_IPPROTO_ICMPV6:
+								// Only match ICMPv6 if we've selected it specifically
+								if (_protocol(ZT_IPPROTO_ICMPV6)) {
+									// Port is interpreted as ICMPv6 type
+									if ((!_port)||(_port(((const uint8_t *)data)[pos])))
+										return true;
+								}
+								break;
+							case ZT_IPPROTO_TCP:
+							case ZT_IPPROTO_UDP:
+							case ZT_IPPROTO_SCTP:
+							case ZT_IPPROTO_UDPLITE:
+								// If we encounter any of these, match if protocol matches or is wildcard as
+								// we'll consider these the "real payload" if present.
+								if ((!_protocol)||(_protocol(nextHeader))) {
+									if ((!_port)||(_port(((const uint16_t *)data)[(pos / 2) + 1])))
+										return true; // protocol matches or is ANY, port is ANY or matches
+								}
+								break;
+							default: {
+								char foo[128];
+								Utils::snprintf(foo,sizeof(foo),"unrecognized IPv6 header type %d",(int)nextHeader);
+								throw std::invalid_argument(foo);
+							}
+						}
+
+						fprintf(stderr,"[rule] V6: end header parse, next header %.2x, new pos %d\n",nextHeader,pos);
+					}
+				} else throw std::invalid_argument("undersized IPv6 packet");
+				break;
+
+			default:
+				// For other ethertypes, protocol and port are ignored. What would they mean?
+				return true;
+		}
+	}
+
+	return false;
+}
+
+std::string Filter::Rule::toString() const
+{
+	char buf[128];
+	std::string s;
+
+	switch(_etherType.magnitude()) {
+		case 0:
+			s.push_back('*');
+			break;
+		case 1:
+			Utils::snprintf(buf,sizeof(buf),"%u",_etherType.start);
+			s.append(buf);
+			break;
+		default:
+			Utils::snprintf(buf,sizeof(buf),"%u-%u",_etherType.start,_etherType.end);
+			s.append(buf);
+			break;
+	}
+	s.push_back(';');
+	switch(_protocol.magnitude()) {
+		case 0:
+			s.push_back('*');
+			break;
+		case 1:
+			Utils::snprintf(buf,sizeof(buf),"%u",_protocol.start);
+			s.append(buf);
+			break;
+		default:
+			Utils::snprintf(buf,sizeof(buf),"%u-%u",_protocol.start,_protocol.end);
+			s.append(buf);
+			break;
+	}
+	s.push_back(';');
+	switch(_port.magnitude()) {
+		case 0:
+			s.push_back('*');
+			break;
+		case 1:
+			Utils::snprintf(buf,sizeof(buf),"%u",_port.start);
+			s.append(buf);
+			break;
+		default:
+			Utils::snprintf(buf,sizeof(buf),"%u-%u",_port.start,_port.end);
+			s.append(buf);
+			break;
+	}
+
+	return s;
+}
+
+Filter::Filter(const char *s)
+	throw(std::invalid_argument)
+{
+	char tmp[16384];
+	if (!Utils::scopy(tmp,sizeof(tmp),s))
+		throw std::invalid_argument("filter string too long");
+	char *saveptr = (char *)0;
+	unsigned int fn = 0;
+	for(char *f=Utils::stok(tmp,",",&saveptr);(f);f=Utils::stok((char *)0,",",&saveptr)) {
+		try {
+			_rules.push_back(Rule(f));
+			++fn;
+		} catch (std::invalid_argument &exc) {
+			char tmp[256];
+			Utils::snprintf(tmp,sizeof(tmp),"invalid rule at index %u: %s",fn,exc.what());
+			throw std::invalid_argument(tmp);
+		}
+	}
+	std::sort(_rules.begin(),_rules.end());
+}
+
+std::string Filter::toString() const
+{
+	std::string s;
+
+	for(std::vector<Rule>::const_iterator r(_rules.begin());r!=_rules.end();++r) {
+		if (s.length() > 0)
+			s.push_back(',');
+		s.append(r->toString());
+	}
+
+	return s;
+}
+
+void Filter::add(const Rule &r)
+{
+	for(std::vector<Rule>::iterator rr(_rules.begin());rr!=_rules.end();++rr) {
+		if (r == *rr)
+			return;
+	}
+	_rules.push_back(r);
+	std::sort(_rules.begin(),_rules.end());
+}
+
+const char *Filter::etherTypeName(const unsigned int etherType)
+	throw()
+{
+	switch(etherType) {
+		case ZT_ETHERTYPE_IPV4:  return "ETHERTYPE_IPV4";
+		case ZT_ETHERTYPE_ARP:   return "ETHERTYPE_ARP";
+		case ZT_ETHERTYPE_RARP:  return "ETHERTYPE_RARP";
+		case ZT_ETHERTYPE_ATALK: return "ETHERTYPE_ATALK";
+		case ZT_ETHERTYPE_AARP:  return "ETHERTYPE_AARP";
+		case ZT_ETHERTYPE_IPX_A: return "ETHERTYPE_IPX_A";
+		case ZT_ETHERTYPE_IPX_B: return "ETHERTYPE_IPX_B";
+		case ZT_ETHERTYPE_IPV6:  return "ETHERTYPE_IPV6";
+	}
+	return UNKNOWN_NAME;
+}
+
+const char *Filter::ipProtocolName(const unsigned int ipp)
+	throw()
+{
+	switch(ipp) {
+		case ZT_IPPROTO_ICMP:    return "IPPROTO_ICMP";
+		case ZT_IPPROTO_IGMP:    return "IPPROTO_IGMP";
+		case ZT_IPPROTO_TCP:     return "IPPROTO_TCP";
+		case ZT_IPPROTO_UDP:     return "IPPROTO_UDP";
+		case ZT_IPPROTO_GRE:     return "IPPROTO_GRE";
+		case ZT_IPPROTO_ESP:     return "IPPROTO_ESP";
+		case ZT_IPPROTO_AH:      return "IPPROTO_AH";
+		case ZT_IPPROTO_ICMPV6:  return "IPPROTO_ICMPV6";
+		case ZT_IPPROTO_OSPF:    return "IPPROTO_OSPF";
+		case ZT_IPPROTO_IPIP:    return "IPPROTO_IPIP";
+		case ZT_IPPROTO_IPCOMP:  return "IPPROTO_IPCOMP";
+		case ZT_IPPROTO_L2TP:    return "IPPROTO_L2TP";
+		case ZT_IPPROTO_SCTP:    return "IPPROTO_SCTP";
+		case ZT_IPPROTO_FC:      return "IPPROTO_FC";
+		case ZT_IPPROTO_UDPLITE: return "IPPROTO_UDPLITE";
+		case ZT_IPPROTO_HIP:     return "IPPROTO_HIP";
+	}
+	return UNKNOWN_NAME;
+}
+
+const char *Filter::icmpTypeName(const unsigned int icmpType)
+	throw()
+{
+	switch(icmpType) {
+		case ZT_ICMP_ECHO_REPLY:                  return "ICMP_ECHO_REPLY";
+		case ZT_ICMP_DESTINATION_UNREACHABLE:     return "ICMP_DESTINATION_UNREACHABLE";
+		case ZT_ICMP_SOURCE_QUENCH:               return "ICMP_SOURCE_QUENCH";
+		case ZT_ICMP_REDIRECT:                    return "ICMP_REDIRECT";
+		case ZT_ICMP_ALTERNATE_HOST_ADDRESS:      return "ICMP_ALTERNATE_HOST_ADDRESS";
+		case ZT_ICMP_ECHO_REQUEST:                return "ICMP_ECHO_REQUEST";
+		case ZT_ICMP_ROUTER_ADVERTISEMENT:        return "ICMP_ROUTER_ADVERTISEMENT";
+		case ZT_ICMP_ROUTER_SOLICITATION:         return "ICMP_ROUTER_SOLICITATION";
+		case ZT_ICMP_TIME_EXCEEDED:               return "ICMP_TIME_EXCEEDED";
+		case ZT_ICMP_BAD_IP_HEADER:               return "ICMP_BAD_IP_HEADER";
+		case ZT_ICMP_TIMESTAMP:                   return "ICMP_TIMESTAMP";
+		case ZT_ICMP_TIMESTAMP_REPLY:             return "ICMP_TIMESTAMP_REPLY";
+		case ZT_ICMP_INFORMATION_REQUEST:         return "ICMP_INFORMATION_REQUEST";
+		case ZT_ICMP_INFORMATION_REPLY:           return "ICMP_INFORMATION_REPLY";
+		case ZT_ICMP_ADDRESS_MASK_REQUEST:        return "ICMP_ADDRESS_MASK_REQUEST";
+		case ZT_ICMP_ADDRESS_MASK_REPLY:          return "ICMP_ADDRESS_MASK_REPLY";
+		case ZT_ICMP_TRACEROUTE:                  return "ICMP_TRACEROUTE";
+		case ZT_ICMP_MOBILE_HOST_REDIRECT:        return "ICMP_MOBILE_HOST_REDIRECT";
+		case ZT_ICMP_MOBILE_REGISTRATION_REQUEST: return "ICMP_MOBILE_REGISTRATION_REQUEST";
+		case ZT_ICMP_MOBILE_REGISTRATION_REPLY:   return "ICMP_MOBILE_REGISTRATION_REPLY";
+	}
+	return UNKNOWN_NAME;
+}
+
+const char *Filter::icmp6TypeName(const unsigned int icmp6Type)
+	throw()
+{
+	switch(icmp6Type) {
+		case ZT_ICMP6_DESTINATION_UNREACHABLE:              return "ICMP6_DESTINATION_UNREACHABLE";
+		case ZT_ICMP6_PACKET_TOO_BIG:                       return "ICMP6_PACKET_TOO_BIG";
+		case ZT_ICMP6_TIME_EXCEEDED:                        return "ICMP6_TIME_EXCEEDED";
+		case ZT_ICMP6_PARAMETER_PROBLEM:                    return "ICMP6_PARAMETER_PROBLEM";
+		case ZT_ICMP6_ECHO_REQUEST:                         return "ICMP6_ECHO_REQUEST";
+		case ZT_ICMP6_ECHO_REPLY:                           return "ICMP6_ECHO_REPLY";
+		case ZT_ICMP6_MULTICAST_LISTENER_QUERY:             return "ICMP6_MULTICAST_LISTENER_QUERY";
+		case ZT_ICMP6_MULTICAST_LISTENER_REPORT:            return "ICMP6_MULTICAST_LISTENER_REPORT";
+		case ZT_ICMP6_MULTICAST_LISTENER_DONE:              return "ICMP6_MULTICAST_LISTENER_DONE";
+		case ZT_ICMP6_ROUTER_SOLICITATION:                  return "ICMP6_ROUTER_SOLICITATION";
+		case ZT_ICMP6_ROUTER_ADVERTISEMENT:                 return "ICMP6_ROUTER_ADVERTISEMENT";
+		case ZT_ICMP6_NEIGHBOR_SOLICITATION:                return "ICMP6_NEIGHBOR_SOLICITATION";
+		case ZT_ICMP6_NEIGHBOR_ADVERTISEMENT:               return "ICMP6_NEIGHBOR_ADVERTISEMENT";
+		case ZT_ICMP6_REDIRECT_MESSAGE:                     return "ICMP6_REDIRECT_MESSAGE";
+		case ZT_ICMP6_ROUTER_RENUMBERING:                   return "ICMP6_ROUTER_RENUMBERING";
+		case ZT_ICMP6_NODE_INFORMATION_QUERY:               return "ICMP6_NODE_INFORMATION_QUERY";
+		case ZT_ICMP6_NODE_INFORMATION_RESPONSE:            return "ICMP6_NODE_INFORMATION_RESPONSE";
+		case ZT_ICMP6_INV_NEIGHBOR_SOLICITATION:            return "ICMP6_INV_NEIGHBOR_SOLICITATION";
+		case ZT_ICMP6_INV_NEIGHBOR_ADVERTISEMENT:           return "ICMP6_INV_NEIGHBOR_ADVERTISEMENT";
+		case ZT_ICMP6_MLDV2:                                return "ICMP6_MLDV2";
+		case ZT_ICMP6_HOME_AGENT_ADDRESS_DISCOVERY_REQUEST: return "ICMP6_HOME_AGENT_ADDRESS_DISCOVERY_REQUEST";
+		case ZT_ICMP6_HOME_AGENT_ADDRESS_DISCOVERY_REPLY:   return "ICMP6_HOME_AGENT_ADDRESS_DISCOVERY_REPLY";
+		case ZT_ICMP6_MOBILE_PREFIX_SOLICITATION:           return "ICMP6_MOBILE_PREFIX_SOLICITATION";
+		case ZT_ICMP6_MOBILE_PREFIX_ADVERTISEMENT:          return "ICMP6_MOBILE_PREFIX_ADVERTISEMENT";
+		case ZT_ICMP6_CERTIFICATION_PATH_SOLICITATION:      return "ICMP6_CERTIFICATION_PATH_SOLICITATION";
+		case ZT_ICMP6_CERTIFICATION_PATH_ADVERTISEMENT:     return "ICMP6_CERTIFICATION_PATH_ADVERTISEMENT";
+		case ZT_ICMP6_MULTICAST_ROUTER_ADVERTISEMENT:       return "ICMP6_MULTICAST_ROUTER_ADVERTISEMENT";
+		case ZT_ICMP6_MULTICAST_ROUTER_SOLICITATION:        return "ICMP6_MULTICAST_ROUTER_SOLICITATION";
+		case ZT_ICMP6_MULTICAST_ROUTER_TERMINATION:         return "ICMP6_MULTICAST_ROUTER_TERMINATION";
+		case ZT_ICMP6_RPL_CONTROL_MESSAGE:                  return "ICMP6_RPL_CONTROL_MESSAGE";
+	}
+	return UNKNOWN_NAME;
+}
+
+} // namespace ZeroTier
diff --git a/attic/Filter.hpp b/attic/Filter.hpp
new file mode 100644
index 0000000..4bea371
--- /dev/null
+++ b/attic/Filter.hpp
@@ -0,0 +1,284 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+#ifndef _ZT_FILTER_HPP
+#define _ZT_FILTER_HPP
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <string>
+#include <vector>
+#include <utility>
+#include <stdexcept>
+
+#include "Range.hpp"
+
+/* Ethernet frame types that might be relevant to us */
+#define ZT_ETHERTYPE_IPV4 0x0800
+#define ZT_ETHERTYPE_ARP 0x0806
+#define ZT_ETHERTYPE_RARP 0x8035
+#define ZT_ETHERTYPE_ATALK 0x809b
+#define ZT_ETHERTYPE_AARP 0x80f3
+#define ZT_ETHERTYPE_IPX_A 0x8137
+#define ZT_ETHERTYPE_IPX_B 0x8138
+#define ZT_ETHERTYPE_IPV6 0x86dd
+
+/* IP protocols we might care about */
+#define ZT_IPPROTO_ICMP 0x01
+#define ZT_IPPROTO_IGMP 0x02
+#define ZT_IPPROTO_TCP 0x06
+#define ZT_IPPROTO_UDP 0x11
+#define ZT_IPPROTO_GRE 0x2f
+#define ZT_IPPROTO_ESP 0x32
+#define ZT_IPPROTO_AH 0x33
+#define ZT_IPPROTO_ICMPV6 0x3a
+#define ZT_IPPROTO_OSPF 0x59
+#define ZT_IPPROTO_IPIP 0x5e
+#define ZT_IPPROTO_IPCOMP 0x6c
+#define ZT_IPPROTO_L2TP 0x73
+#define ZT_IPPROTO_SCTP 0x84
+#define ZT_IPPROTO_FC 0x85
+#define ZT_IPPROTO_UDPLITE 0x88
+#define ZT_IPPROTO_HIP 0x8b
+
+/* IPv4 ICMP types */
+#define ZT_ICMP_ECHO_REPLY 0
+#define ZT_ICMP_DESTINATION_UNREACHABLE 3
+#define ZT_ICMP_SOURCE_QUENCH 4
+#define ZT_ICMP_REDIRECT 5
+#define ZT_ICMP_ALTERNATE_HOST_ADDRESS 6
+#define ZT_ICMP_ECHO_REQUEST 8
+#define ZT_ICMP_ROUTER_ADVERTISEMENT 9
+#define ZT_ICMP_ROUTER_SOLICITATION 10
+#define ZT_ICMP_TIME_EXCEEDED 11
+#define ZT_ICMP_BAD_IP_HEADER 12
+#define ZT_ICMP_TIMESTAMP 13
+#define ZT_ICMP_TIMESTAMP_REPLY 14
+#define ZT_ICMP_INFORMATION_REQUEST 15
+#define ZT_ICMP_INFORMATION_REPLY 16
+#define ZT_ICMP_ADDRESS_MASK_REQUEST 17
+#define ZT_ICMP_ADDRESS_MASK_REPLY 18
+#define ZT_ICMP_TRACEROUTE 30
+#define ZT_ICMP_MOBILE_HOST_REDIRECT 32
+#define ZT_ICMP_MOBILE_REGISTRATION_REQUEST 35
+#define ZT_ICMP_MOBILE_REGISTRATION_REPLY 36
+
+/* IPv6 ICMP types */
+#define ZT_ICMP6_DESTINATION_UNREACHABLE 1
+#define ZT_ICMP6_PACKET_TOO_BIG 2
+#define ZT_ICMP6_TIME_EXCEEDED 3
+#define ZT_ICMP6_PARAMETER_PROBLEM 4
+#define ZT_ICMP6_ECHO_REQUEST 128
+#define ZT_ICMP6_ECHO_REPLY 129
+#define ZT_ICMP6_MULTICAST_LISTENER_QUERY 130
+#define ZT_ICMP6_MULTICAST_LISTENER_REPORT 131
+#define ZT_ICMP6_MULTICAST_LISTENER_DONE 132
+#define ZT_ICMP6_ROUTER_SOLICITATION 133
+#define ZT_ICMP6_ROUTER_ADVERTISEMENT 134
+#define ZT_ICMP6_NEIGHBOR_SOLICITATION 135
+#define ZT_ICMP6_NEIGHBOR_ADVERTISEMENT 136
+#define ZT_ICMP6_REDIRECT_MESSAGE 137
+#define ZT_ICMP6_ROUTER_RENUMBERING 138
+#define ZT_ICMP6_NODE_INFORMATION_QUERY 139
+#define ZT_ICMP6_NODE_INFORMATION_RESPONSE 140
+#define ZT_ICMP6_INV_NEIGHBOR_SOLICITATION 141
+#define ZT_ICMP6_INV_NEIGHBOR_ADVERTISEMENT 142
+#define ZT_ICMP6_MLDV2 143
+#define ZT_ICMP6_HOME_AGENT_ADDRESS_DISCOVERY_REQUEST 144
+#define ZT_ICMP6_HOME_AGENT_ADDRESS_DISCOVERY_REPLY 145
+#define ZT_ICMP6_MOBILE_PREFIX_SOLICITATION 146
+#define ZT_ICMP6_MOBILE_PREFIX_ADVERTISEMENT 147
+#define ZT_ICMP6_CERTIFICATION_PATH_SOLICITATION 148
+#define ZT_ICMP6_CERTIFICATION_PATH_ADVERTISEMENT 149
+#define ZT_ICMP6_MULTICAST_ROUTER_ADVERTISEMENT 151
+#define ZT_ICMP6_MULTICAST_ROUTER_SOLICITATION 152
+#define ZT_ICMP6_MULTICAST_ROUTER_TERMINATION 153
+#define ZT_ICMP6_RPL_CONTROL_MESSAGE 155
+
+namespace ZeroTier {
+
+class RuntimeEnvironment;
+
+/**
+ * A simple Ethernet frame level filter
+ *
+ * This doesn't specify actions, since it's used as a deny filter. The rule
+ * in ZT1 is "that which is not explicitly prohibited is allowed." (Except for
+ * ethertypes, which are handled by a whitelist.)
+ */
+class Filter
+{
+public:
+	/**
+	 * Value returned by etherTypeName, etc. on unknown
+	 *
+	 * These static methods return precisely this, so a pointer equality
+	 * check will work.
+	 */
+	static const char *const UNKNOWN_NAME;
+
+	/**
+	 * An empty range as a more idiomatic way of specifying a wildcard match
+	 */
+	static const Range<unsigned int> ANY;
+
+	/**
+	 * A filter rule
+	 */
+	class Rule
+	{
+	public:
+		Rule()
+			throw() :
+			_etherType(),
+			_protocol(),
+			_port()
+		{
+		}
+
+		/**
+		 * Construct a rule from a string-serialized value
+		 *
+		 * @param s String formatted rule, such as returned by toString()
+		 * @throws std::invalid_argument String formatted rule is not valid
+		 */
+		Rule(const char *s)
+			throw(std::invalid_argument);
+
+		/**
+		 * Construct a new rule
+		 *
+		 * @param etype Ethernet type or empty range for ANY
+		 * @param prot Protocol or empty range for ANY (meaning depends on ethertype, e.g. IP protocol numbers)
+		 * @param prt Port or empty range for ANY (only applies to some protocols)
+		 */
+		Rule(const Range<unsigned int> &etype,const Range<unsigned int> &prot,const Range<unsigned int> &prt)
+			throw() :
+			_etherType(etype),
+			_protocol(prot),
+			_port(prt)
+		{
+		}
+
+		inline const Range<unsigned int> &etherType() const throw() { return _etherType; }
+		inline const Range<unsigned int> &protocol() const throw() { return _protocol; }
+		inline const Range<unsigned int> &port() const throw() { return _port; }
+
+		/**
+		 * Test this rule against a frame
+		 *
+		 * @param etype Type of ethernet frame
+		 * @param data Ethernet frame data
+		 * @param len Length of ethernet frame
+		 * @return True if rule matches
+		 * @throws std::invalid_argument Frame invalid or not parseable
+		 */
+		bool operator()(unsigned int etype,const void *data,unsigned int len) const
+			throw(std::invalid_argument);
+
+		/**
+		 * Serialize rule as string
+		 *
+		 * @return Human readable representation of rule
+		 */
+		std::string toString() const;
+
+		inline bool operator==(const Rule &r) const throw() { return ((_etherType == r._etherType)&&(_protocol == r._protocol)&&(_port == r._port)); }
+		inline bool operator!=(const Rule &r) const throw() { return !(*this == r); }
+		inline bool operator<(const Rule &r) const
+			throw()
+		{
+			if (_etherType < r._etherType)
+				return true;
+			else if (_etherType == r._etherType) {
+				if (_protocol < r._protocol)
+					return true;
+				else if (_protocol == r._protocol) {
+					if (_port < r._port)
+						return true;
+				}
+			}
+			return false;
+		}
+		inline bool operator>(const Rule &r) const throw() { return (r < *this); }
+		inline bool operator<=(const Rule &r) const throw() { return !(r < *this); }
+		inline bool operator>=(const Rule &r) const throw() { return !(*this < r); }
+
+	private:
+		Range<unsigned int> _etherType;
+		Range<unsigned int> _protocol;
+		Range<unsigned int> _port;
+	};
+
+	Filter() {}
+
+	/**
+	 * @param s String-serialized filter representation
+	 */
+	Filter(const char *s)
+		throw(std::invalid_argument);
+
+	/**
+	 * @return Comma-delimited list of string-format rules
+	 */
+	std::string toString() const;
+
+	/**
+	 * Add a rule to this filter
+	 *
+	 * @param r Rule to add to filter
+	 */
+	void add(const Rule &r);
+
+	inline bool operator()(unsigned int etype,const void *data,unsigned int len) const
+		throw(std::invalid_argument)
+	{
+		for(std::vector<Rule>::const_iterator r(_rules.begin());r!=_rules.end();++r) {
+			if ((*r)(etype,data,len))
+				return true;
+		}
+		return false;
+	}
+
+	static const char *etherTypeName(const unsigned int etherType)
+		throw();
+	static const char *ipProtocolName(const unsigned int ipp)
+		throw();
+	static const char *icmpTypeName(const unsigned int icmpType)
+		throw();
+	static const char *icmp6TypeName(const unsigned int icmp6Type)
+		throw();
+
+private:
+	std::vector<Rule> _rules;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/attic/OSXEthernetTap.cpp.pcap-with-bridge-test b/attic/OSXEthernetTap.cpp.pcap-with-bridge-test
new file mode 100644
index 0000000..baae0a4
--- /dev/null
+++ b/attic/OSXEthernetTap.cpp.pcap-with-bridge-test
@@ -0,0 +1,650 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include <unistd.h>
+#include <signal.h>
+
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/ioctl.h>
+#include <sys/wait.h>
+#include <sys/select.h>
+#include <sys/cdefs.h>
+#include <sys/uio.h>
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <net/route.h>
+#include <net/if.h>
+#include <net/if_arp.h>
+#include <net/if_dl.h>
+#include <net/if_media.h>
+#include <netinet6/in6_var.h>
+#include <netinet/in_var.h>
+#include <netinet/icmp6.h>
+
+#include <pcap/pcap.h>
+
+// OSX compile fix... in6_var defines this in a struct which namespaces it for C++ ... why?!?
+struct prf_ra {
+	u_char onlink : 1;
+	u_char autonomous : 1;
+	u_char reserved : 6;
+} prf_ra;
+
+#include <netinet6/nd6.h>
+#include <ifaddrs.h>
+
+// These are KERNEL_PRIVATE... why?
+#ifndef SIOCAUTOCONF_START
+#define SIOCAUTOCONF_START _IOWR('i', 132, struct in6_ifreq)    /* accept rtadvd on this interface */
+#endif
+#ifndef SIOCAUTOCONF_STOP
+#define SIOCAUTOCONF_STOP _IOWR('i', 133, struct in6_ifreq)    /* stop accepting rtadv for this interface */
+#endif
+
+#ifndef ETH_ALEN
+#define ETH_ALEN 6
+#endif
+
+// --------------------------------------------------------------------------
+// --------------------------------------------------------------------------
+// This source is from:
+// http://www.opensource.apple.com/source/Libinfo/Libinfo-406.17/gen.subproj/getifmaddrs.c?txt
+// It's here because OSX 10.6 does not have this convenience function.
+
+#define	SALIGN	(sizeof(uint32_t) - 1)
+#define	SA_RLEN(sa)	((sa)->sa_len ? (((sa)->sa_len + SALIGN) & ~SALIGN) : \
+(SALIGN + 1))
+#define	MAX_SYSCTL_TRY	5
+#define	RTA_MASKS	(RTA_GATEWAY | RTA_IFP | RTA_IFA)
+
+/* FreeBSD uses NET_RT_IFMALIST and RTM_NEWMADDR from <sys/socket.h> */
+/* We can use NET_RT_IFLIST2 and RTM_NEWMADDR2 on Darwin */
+//#define DARWIN_COMPAT
+
+//#ifdef DARWIN_COMPAT
+#define GIM_SYSCTL_MIB NET_RT_IFLIST2
+#define GIM_RTM_ADDR RTM_NEWMADDR2
+//#else
+//#define GIM_SYSCTL_MIB NET_RT_IFMALIST
+//#define GIM_RTM_ADDR RTM_NEWMADDR
+//#endif
+
+// Not in 10.6 includes so use our own
+struct _intl_ifmaddrs {
+	struct _intl_ifmaddrs *ifma_next;
+	struct sockaddr *ifma_name;
+	struct sockaddr *ifma_addr;
+	struct sockaddr *ifma_lladdr;
+};
+
+static inline int _intl_getifmaddrs(struct _intl_ifmaddrs **pif)
+{
+	int icnt = 1;
+	int dcnt = 0;
+	int ntry = 0;
+	size_t len;
+	size_t needed;
+	int mib[6];
+	int i;
+	char *buf;
+	char *data;
+	char *next;
+	char *p;
+	struct ifma_msghdr2 *ifmam;
+	struct _intl_ifmaddrs *ifa, *ift;
+	struct rt_msghdr *rtm;
+	struct sockaddr *sa;
+
+	mib[0] = CTL_NET;
+	mib[1] = PF_ROUTE;
+	mib[2] = 0;             /* protocol */
+	mib[3] = 0;             /* wildcard address family */
+	mib[4] = GIM_SYSCTL_MIB;
+	mib[5] = 0;             /* no flags */
+	do {
+		if (sysctl(mib, 6, NULL, &needed, NULL, 0) < 0)
+			return (-1);
+		if ((buf = (char *)malloc(needed)) == NULL)
+			return (-1);
+		if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0) {
+			if (errno != ENOMEM || ++ntry >= MAX_SYSCTL_TRY) {
+				free(buf);
+				return (-1);
+			}
+			free(buf);
+			buf = NULL;
+		}
+	} while (buf == NULL);
+
+	for (next = buf; next < buf + needed; next += rtm->rtm_msglen) {
+		rtm = (struct rt_msghdr *)(void *)next;
+		if (rtm->rtm_version != RTM_VERSION)
+			continue;
+		switch (rtm->rtm_type) {
+			case GIM_RTM_ADDR:
+				ifmam = (struct ifma_msghdr2 *)(void *)rtm;
+				if ((ifmam->ifmam_addrs & RTA_IFA) == 0)
+					break;
+				icnt++;
+				p = (char *)(ifmam + 1);
+				for (i = 0; i < RTAX_MAX; i++) {
+					if ((RTA_MASKS & ifmam->ifmam_addrs &
+						 (1 << i)) == 0)
+						continue;
+					sa = (struct sockaddr *)(void *)p;
+					len = SA_RLEN(sa);
+					dcnt += len;
+					p += len;
+				}
+				break;
+		}
+	}
+
+	data = (char *)malloc(sizeof(struct _intl_ifmaddrs) * icnt + dcnt);
+	if (data == NULL) {
+		free(buf);
+		return (-1);
+	}
+
+	ifa = (struct _intl_ifmaddrs *)(void *)data;
+	data += sizeof(struct _intl_ifmaddrs) * icnt;
+
+	memset(ifa, 0, sizeof(struct _intl_ifmaddrs) * icnt);
+	ift = ifa;
+
+	for (next = buf; next < buf + needed; next += rtm->rtm_msglen) {
+		rtm = (struct rt_msghdr *)(void *)next;
+		if (rtm->rtm_version != RTM_VERSION)
+			continue;
+
+		switch (rtm->rtm_type) {
+			case GIM_RTM_ADDR:
+				ifmam = (struct ifma_msghdr2 *)(void *)rtm;
+				if ((ifmam->ifmam_addrs & RTA_IFA) == 0)
+					break;
+
+				p = (char *)(ifmam + 1);
+				for (i = 0; i < RTAX_MAX; i++) {
+					if ((RTA_MASKS & ifmam->ifmam_addrs &
+						 (1 << i)) == 0)
+						continue;
+					sa = (struct sockaddr *)(void *)p;
+					len = SA_RLEN(sa);
+					switch (i) {
+						case RTAX_GATEWAY:
+							ift->ifma_lladdr =
+							(struct sockaddr *)(void *)data;
+							memcpy(data, p, len);
+							data += len;
+							break;
+
+						case RTAX_IFP:
+							ift->ifma_name =
+							(struct sockaddr *)(void *)data;
+							memcpy(data, p, len);
+							data += len;
+							break;
+
+						case RTAX_IFA:
+							ift->ifma_addr =
+							(struct sockaddr *)(void *)data;
+							memcpy(data, p, len);
+							data += len;
+							break;
+
+						default:
+							data += len;
+							break;
+					}
+					p += len;
+				}
+				ift->ifma_next = ift + 1;
+				ift = ift->ifma_next;
+				break;
+		}
+	}
+
+	free(buf);
+
+	if (ift > ifa) {
+		ift--;
+		ift->ifma_next = NULL;
+		*pif = ifa;
+	} else {
+		*pif = NULL;
+		free(ifa);
+	}
+	return (0);
+}
+
+static inline void _intl_freeifmaddrs(struct _intl_ifmaddrs *ifmp)
+{
+	free(ifmp);
+}
+
+// --------------------------------------------------------------------------
+// --------------------------------------------------------------------------
+
+#include <string>
+#include <map>
+#include <set>
+#include <algorithm>
+
+#include "../node/Constants.hpp"
+#include "../node/Utils.hpp"
+#include "../node/Mutex.hpp"
+#include "../node/Dictionary.hpp"
+#include "OSUtils.hpp"
+#include "OSXEthernetTap.hpp"
+
+// ff:ff:ff:ff:ff:ff with no ADI
+static const ZeroTier::MulticastGroup _blindWildcardMulticastGroup(ZeroTier::MAC(0xff),0);
+
+static inline bool _setIpv6Stuff(const char *ifname,bool performNUD,bool acceptRouterAdverts)
+{
+	struct in6_ndireq nd;
+	struct in6_ifreq ifr;
+
+	int s = socket(AF_INET6,SOCK_DGRAM,0);
+	if (s <= 0)
+		return false;
+
+	memset(&nd,0,sizeof(nd));
+	strncpy(nd.ifname,ifname,sizeof(nd.ifname));
+
+	if (ioctl(s,SIOCGIFINFO_IN6,&nd)) {
+		close(s);
+		return false;
+	}
+
+	unsigned long oldFlags = (unsigned long)nd.ndi.flags;
+
+	if (performNUD)
+		nd.ndi.flags |= ND6_IFF_PERFORMNUD;
+	else nd.ndi.flags &= ~ND6_IFF_PERFORMNUD;
+
+	if (oldFlags != (unsigned long)nd.ndi.flags) {
+		if (ioctl(s,SIOCSIFINFO_FLAGS,&nd)) {
+			close(s);
+			return false;
+		}
+	}
+
+	memset(&ifr,0,sizeof(ifr));
+	strncpy(ifr.ifr_name,ifname,sizeof(ifr.ifr_name));
+	if (ioctl(s,acceptRouterAdverts ? SIOCAUTOCONF_START : SIOCAUTOCONF_STOP,&ifr)) {
+		close(s);
+		return false;
+	}
+
+	close(s);
+	return true;
+}
+
+namespace ZeroTier {
+
+static std::set<std::string> globalDeviceNames;
+static Mutex globalTapCreateLock;
+
+OSXEthernetTap::OSXEthernetTap(
+	const char *homePath,
+	const MAC &mac,
+	unsigned int mtu,
+	unsigned int metric,
+	uint64_t nwid,
+	const char *friendlyName,
+	void (*handler)(void *,uint64_t,const MAC &,const MAC &,unsigned int,unsigned int,const void *data,unsigned int len),
+	void *arg) :
+	_handler(handler),
+	_arg(arg),
+	_pcap((void *)0),
+	_nwid(nwid),
+	_mac(mac),
+	_homePath(homePath),
+	_mtu(mtu),
+	_metric(metric),
+	_enabled(true)
+{
+	char errbuf[PCAP_ERRBUF_SIZE];
+	char devname[64],ethaddr[64],mtustr[32],metstr[32],nwids[32];
+
+	Utils::snprintf(nwids,sizeof(nwids),"%.16llx",nwid);
+
+	if (mtu > 2800)
+		throw std::runtime_error("max tap MTU is 2800");
+
+	Mutex::Lock _gl(globalTapCreateLock);
+
+	std::string desiredDevice;
+	Dictionary devmap;
+	{
+		std::string devmapbuf;
+		if (OSUtils::readFile((_homePath + ZT_PATH_SEPARATOR_S + "devicemap").c_str(),devmapbuf)) {
+			devmap.fromString(devmapbuf);
+			desiredDevice = devmap.get(nwids,"");
+		}
+	}
+
+	if ((desiredDevice.length() >= 9)&&(desiredDevice.substr(0,6) == "bridge")) {
+		// length() >= 9 matches bridge### or bridge####
+		_dev = desiredDevice;
+	} else {
+		if (globalDeviceNames.size() >= (10000 - 128)) // sanity check... this would be nuts
+			throw std::runtime_error("too many devices!");
+		unsigned int pseudoBridgeNo = (unsigned int)((nwid ^ (nwid >> 32)) % (10000 - 128)) + 128; // range: bridge128 to bridge9999
+		sprintf(devname,"bridge%u",pseudoBridgeNo);
+		while (globalDeviceNames.count(std::string(devname)) > 0) {
+			++pseudoBridgeNo;
+			if (pseudoBridgeNo > 9999)
+				pseudoBridgeNo = 64;
+			sprintf(devname,"bridge%u",pseudoBridgeNo);
+		}
+		_dev = devname;
+	}
+
+	// Configure MAC address and MTU, bring interface up
+	long cpid = (long)vfork();
+	if (cpid == 0) {
+		::execl("/sbin/ifconfig","/sbin/ifconfig",_dev.c_str(),"create",(const char *)0);
+		::_exit(-1);
+	} else if (cpid > 0) {
+		int exitcode = -1;
+		::waitpid(cpid,&exitcode,0);
+		if (exitcode != 0)
+			throw std::runtime_error("ifconfig failure setting link-layer address and activating tap interface");
+	} else throw std::runtime_error("unable to fork()");
+	Utils::snprintf(ethaddr,sizeof(ethaddr),"%.2x:%.2x:%.2x:%.2x:%.2x:%.2x",(int)mac[0],(int)mac[1],(int)mac[2],(int)mac[3],(int)mac[4],(int)mac[5]);
+	Utils::snprintf(mtustr,sizeof(mtustr),"%u",_mtu);
+	Utils::snprintf(metstr,sizeof(metstr),"%u",_metric);
+	cpid = (long)vfork();
+	if (cpid == 0) {
+		::execl("/sbin/ifconfig","/sbin/ifconfig",_dev.c_str(),"lladdr",ethaddr,"mtu",mtustr,"metric",metstr,"up",(const char *)0);
+		::_exit(-1);
+	} else if (cpid > 0) {
+		int exitcode = -1;
+		::waitpid(cpid,&exitcode,0);
+		if (exitcode != 0)
+			throw std::runtime_error("ifconfig failure setting link-layer address and activating tap interface");
+	} else throw std::runtime_error("unable to fork()");
+
+	_setIpv6Stuff(_dev.c_str(),true,false);
+
+	_pcap = (void *)pcap_create(_dev.c_str(),errbuf);
+	if (!_pcap) {
+		cpid = (long)vfork();
+		if (cpid == 0) {
+			::execl("/sbin/ifconfig","/sbin/ifconfig",_dev.c_str(),"destroy",(const char *)0);
+			::_exit(-1);
+		} else if (cpid > 0) {
+			int exitcode = -1;
+			::waitpid(cpid,&exitcode,0);
+		}
+		throw std::runtime_error((std::string("pcap_create() on new bridge device failed: ") + errbuf).c_str());
+	}
+	pcap_set_promisc(reinterpret_cast<pcap_t *>(_pcap),1);
+	pcap_set_timeout(reinterpret_cast<pcap_t *>(_pcap),120000);
+	pcap_set_immediate_mode(reinterpret_cast<pcap_t *>(_pcap),1);
+	if (pcap_set_buffer_size(reinterpret_cast<pcap_t *>(_pcap),1024 * 1024 * 16) != 0) // 16MB
+		fprintf(stderr,"WARNING: pcap_set_buffer_size() failed!\n");
+	if (pcap_set_snaplen(reinterpret_cast<pcap_t *>(_pcap),4096) != 0)
+		fprintf(stderr,"WARNING: pcap_set_snaplen() failed!\n");
+	if (pcap_activate(reinterpret_cast<pcap_t *>(_pcap)) != 0) {
+		pcap_close(reinterpret_cast<pcap_t *>(_pcap));
+		cpid = (long)vfork();
+		if (cpid == 0) {
+			::execl("/sbin/ifconfig","/sbin/ifconfig",_dev.c_str(),"destroy",(const char *)0);
+			::_exit(-1);
+		} else if (cpid > 0) {
+			int exitcode = -1;
+			::waitpid(cpid,&exitcode,0);
+		}
+		throw std::runtime_error("pcap_activate() on new bridge device failed.");
+	}
+
+	globalDeviceNames.insert(_dev);
+
+	devmap[nwids] = _dev;
+	OSUtils::writeFile((_homePath + ZT_PATH_SEPARATOR_S + "devicemap").c_str(),devmap.toString());
+
+	_thread = Thread::start(this);
+}
+
+OSXEthernetTap::~OSXEthernetTap()
+{
+	_enabled = false;
+
+	Mutex::Lock _gl(globalTapCreateLock);
+	globalDeviceNames.erase(_dev);
+
+	long cpid = (long)vfork();
+	if (cpid == 0) {
+		::execl("/sbin/ifconfig","/sbin/ifconfig",_dev.c_str(),"destroy",(const char *)0);
+		::_exit(-1);
+	} else if (cpid > 0) {
+		int exitcode = -1;
+		::waitpid(cpid,&exitcode,0);
+		if (exitcode == 0) {
+			// Destroying the interface nukes pcap and terminates the thread.
+			Thread::join(_thread);
+		}
+	}
+
+	pcap_close(reinterpret_cast<pcap_t *>(_pcap));
+}
+
+static bool ___removeIp(const std::string &_dev,const InetAddress &ip)
+{
+	long cpid = (long)vfork();
+	if (cpid == 0) {
+		execl("/sbin/ifconfig","/sbin/ifconfig",_dev.c_str(),"inet",ip.toIpString().c_str(),"-alias",(const char *)0);
+		_exit(-1);
+	} else if (cpid > 0) {
+		int exitcode = -1;
+		waitpid(cpid,&exitcode,0);
+		return (exitcode == 0);
+	}
+	return false; // never reached, make compiler shut up about return value
+}
+
+bool OSXEthernetTap::addIp(const InetAddress &ip)
+{
+	if (!ip)
+		return false;
+
+	std::vector<InetAddress> allIps(ips());
+	if (std::binary_search(allIps.begin(),allIps.end(),ip))
+		return true;
+
+	// Remove and reconfigure if address is the same but netmask is different
+	for(std::vector<InetAddress>::iterator i(allIps.begin());i!=allIps.end();++i) {
+		if ((i->ipsEqual(ip))&&(i->netmaskBits() != ip.netmaskBits())) {
+			if (___removeIp(_dev,*i))
+				break;
+		}
+	}
+
+	long cpid = (long)vfork();
+	if (cpid == 0) {
+		::execl("/sbin/ifconfig","/sbin/ifconfig",_dev.c_str(),ip.isV4() ? "inet" : "inet6",ip.toString().c_str(),"alias",(const char *)0);
+		::_exit(-1);
+	} else if (cpid > 0) {
+		int exitcode = -1;
+		::waitpid(cpid,&exitcode,0);
+		return (exitcode == 0);
+	} // else return false...
+
+	return false;
+}
+
+bool OSXEthernetTap::removeIp(const InetAddress &ip)
+{
+	if (!ip)
+		return true;
+	std::vector<InetAddress> allIps(ips());
+	if (!std::binary_search(allIps.begin(),allIps.end(),ip)) {
+		if (___removeIp(_dev,ip))
+			return true;
+	}
+	return false;
+}
+
+std::vector<InetAddress> OSXEthernetTap::ips() const
+{
+	struct ifaddrs *ifa = (struct ifaddrs *)0;
+	if (getifaddrs(&ifa))
+		return std::vector<InetAddress>();
+
+	std::vector<InetAddress> r;
+
+	struct ifaddrs *p = ifa;
+	while (p) {
+		if ((!strcmp(p->ifa_name,_dev.c_str()))&&(p->ifa_addr)&&(p->ifa_netmask)&&(p->ifa_addr->sa_family == p->ifa_netmask->sa_family)) {
+			switch(p->ifa_addr->sa_family) {
+				case AF_INET: {
+					struct sockaddr_in *sin = (struct sockaddr_in *)p->ifa_addr;
+					struct sockaddr_in *nm = (struct sockaddr_in *)p->ifa_netmask;
+					r.push_back(InetAddress(&(sin->sin_addr.s_addr),4,Utils::countBits((uint32_t)nm->sin_addr.s_addr)));
+				}	break;
+				case AF_INET6: {
+					struct sockaddr_in6 *sin = (struct sockaddr_in6 *)p->ifa_addr;
+					struct sockaddr_in6 *nm = (struct sockaddr_in6 *)p->ifa_netmask;
+					uint32_t b[4];
+					memcpy(b,nm->sin6_addr.s6_addr,sizeof(b));
+					r.push_back(InetAddress(sin->sin6_addr.s6_addr,16,Utils::countBits(b[0]) + Utils::countBits(b[1]) + Utils::countBits(b[2]) + Utils::countBits(b[3])));
+				}	break;
+			}
+		}
+		p = p->ifa_next;
+	}
+
+	if (ifa)
+		freeifaddrs(ifa);
+
+	std::sort(r.begin(),r.end());
+	std::unique(r.begin(),r.end());
+
+	return r;
+}
+
+void OSXEthernetTap::put(const MAC &from,const MAC &to,unsigned int etherType,const void *data,unsigned int len)
+{
+	char putBuf[4096];
+	if ((len <= _mtu)&&(_enabled)) {
+		to.copyTo(putBuf,6);
+		from.copyTo(putBuf + 6,6);
+		*((uint16_t *)(putBuf + 12)) = htons((uint16_t)etherType);
+		memcpy(putBuf + 14,data,len);
+		len += 14;
+		int r = pcap_inject(reinterpret_cast<pcap_t *>(_pcap),putBuf,len);
+		if (r <= 0) {
+			printf("%s: pcap_inject() failed\n",_dev.c_str());
+			return;
+		}
+		printf("%s: inject %s -> %s etherType==%u len=%u r==%d\n",_dev.c_str(),from.toString().c_str(),to.toString().c_str(),etherType,len,r);
+	}
+}
+
+std::string OSXEthernetTap::deviceName() const
+{
+	return _dev;
+}
+
+void OSXEthernetTap::setFriendlyName(const char *friendlyName)
+{
+}
+
+void OSXEthernetTap::scanMulticastGroups(std::vector<MulticastGroup> &added,std::vector<MulticastGroup> &removed)
+{
+	std::vector<MulticastGroup> newGroups;
+
+	struct _intl_ifmaddrs *ifmap = (struct _intl_ifmaddrs *)0;
+	if (!_intl_getifmaddrs(&ifmap)) {
+		struct _intl_ifmaddrs *p = ifmap;
+		while (p) {
+			if (p->ifma_addr->sa_family == AF_LINK) {
+				struct sockaddr_dl *in = (struct sockaddr_dl *)p->ifma_name;
+				struct sockaddr_dl *la = (struct sockaddr_dl *)p->ifma_addr;
+				if ((la->sdl_alen == 6)&&(in->sdl_nlen <= _dev.length())&&(!memcmp(_dev.data(),in->sdl_data,in->sdl_nlen)))
+					newGroups.push_back(MulticastGroup(MAC(la->sdl_data + la->sdl_nlen,6),0));
+			}
+			p = p->ifma_next;
+		}
+		_intl_freeifmaddrs(ifmap);
+	}
+
+	std::vector<InetAddress> allIps(ips());
+	for(std::vector<InetAddress>::iterator ip(allIps.begin());ip!=allIps.end();++ip)
+		newGroups.push_back(MulticastGroup::deriveMulticastGroupForAddressResolution(*ip));
+
+	std::sort(newGroups.begin(),newGroups.end());
+	std::unique(newGroups.begin(),newGroups.end());
+
+	for(std::vector<MulticastGroup>::iterator m(newGroups.begin());m!=newGroups.end();++m) {
+		if (!std::binary_search(_multicastGroups.begin(),_multicastGroups.end(),*m))
+			added.push_back(*m);
+	}
+	for(std::vector<MulticastGroup>::iterator m(_multicastGroups.begin());m!=_multicastGroups.end();++m) {
+		if (!std::binary_search(newGroups.begin(),newGroups.end(),*m))
+			removed.push_back(*m);
+	}
+
+	_multicastGroups.swap(newGroups);
+}
+
+static void _pcapHandler(u_char *ptr,const struct pcap_pkthdr *hdr,const u_char *data)
+{
+	OSXEthernetTap *tap = reinterpret_cast<OSXEthernetTap *>(ptr);
+	if (hdr->caplen > 14) {
+		MAC to(data,6);
+		MAC from(data + 6,6);
+		if (from == tap->_mac) {
+			unsigned int etherType = ntohs(((const uint16_t *)data)[6]);
+			printf("%s: %s -> %s etherType==%u len==%u\n",tap->_dev.c_str(),from.toString().c_str(),to.toString().c_str(),etherType,(unsigned int)hdr->caplen);
+			// TODO: VLAN support
+			tap->_handler(tap->_arg,tap->_nwid,from,to,etherType,0,(const void *)(data + 14),hdr->len - 14);
+		}
+	}
+}
+
+void OSXEthernetTap::threadMain()
+	throw()
+{
+	pcap_loop(reinterpret_cast<pcap_t *>(_pcap),-1,&_pcapHandler,reinterpret_cast<u_char *>(this));
+}
+
+} // namespace ZeroTier
diff --git a/attic/OSXEthernetTap.cpp.utun-work-in-progress b/attic/OSXEthernetTap.cpp.utun-work-in-progress
new file mode 100644
index 0000000..f40483e
--- /dev/null
+++ b/attic/OSXEthernetTap.cpp.utun-work-in-progress
@@ -0,0 +1,831 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include <unistd.h>
+#include <signal.h>
+
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/ioctl.h>
+#include <sys/wait.h>
+#include <sys/select.h>
+#include <sys/cdefs.h>
+#include <sys/uio.h>
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <sys/sys_domain.h>
+#include <sys/kern_control.h>
+#include <net/if_utun.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <net/route.h>
+#include <net/if.h>
+#include <net/if_arp.h>
+#include <net/if_dl.h>
+#include <net/if_media.h>
+#include <netinet6/in6_var.h>
+#include <netinet/in_var.h>
+#include <netinet/icmp6.h>
+
+// OSX compile fix... in6_var defines this in a struct which namespaces it for C++ ... why?!?
+struct prf_ra {
+	u_char onlink : 1;
+	u_char autonomous : 1;
+	u_char reserved : 6;
+} prf_ra;
+
+#include <netinet6/nd6.h>
+#include <ifaddrs.h>
+
+// These are KERNEL_PRIVATE... why?
+#ifndef SIOCAUTOCONF_START
+#define SIOCAUTOCONF_START _IOWR('i', 132, struct in6_ifreq)    /* accept rtadvd on this interface */
+#endif
+#ifndef SIOCAUTOCONF_STOP
+#define SIOCAUTOCONF_STOP _IOWR('i', 133, struct in6_ifreq)    /* stop accepting rtadv for this interface */
+#endif
+
+// --------------------------------------------------------------------------
+// --------------------------------------------------------------------------
+// This source is from:
+// http://www.opensource.apple.com/source/Libinfo/Libinfo-406.17/gen.subproj/getifmaddrs.c?txt
+// It's here because OSX 10.6 does not have this convenience function.
+
+#define	SALIGN	(sizeof(uint32_t) - 1)
+#define	SA_RLEN(sa)	((sa)->sa_len ? (((sa)->sa_len + SALIGN) & ~SALIGN) : \
+(SALIGN + 1))
+#define	MAX_SYSCTL_TRY	5
+#define	RTA_MASKS	(RTA_GATEWAY | RTA_IFP | RTA_IFA)
+
+/* FreeBSD uses NET_RT_IFMALIST and RTM_NEWMADDR from <sys/socket.h> */
+/* We can use NET_RT_IFLIST2 and RTM_NEWMADDR2 on Darwin */
+//#define DARWIN_COMPAT
+
+//#ifdef DARWIN_COMPAT
+#define GIM_SYSCTL_MIB NET_RT_IFLIST2
+#define GIM_RTM_ADDR RTM_NEWMADDR2
+//#else
+//#define GIM_SYSCTL_MIB NET_RT_IFMALIST
+//#define GIM_RTM_ADDR RTM_NEWMADDR
+//#endif
+
+// Not in 10.6 includes so use our own
+struct _intl_ifmaddrs {
+	struct _intl_ifmaddrs *ifma_next;
+	struct sockaddr *ifma_name;
+	struct sockaddr *ifma_addr;
+	struct sockaddr *ifma_lladdr;
+};
+
+static inline int _intl_getifmaddrs(struct _intl_ifmaddrs **pif)
+{
+	int icnt = 1;
+	int dcnt = 0;
+	int ntry = 0;
+	size_t len;
+	size_t needed;
+	int mib[6];
+	int i;
+	char *buf;
+	char *data;
+	char *next;
+	char *p;
+	struct ifma_msghdr2 *ifmam;
+	struct _intl_ifmaddrs *ifa, *ift;
+	struct rt_msghdr *rtm;
+	struct sockaddr *sa;
+
+	mib[0] = CTL_NET;
+	mib[1] = PF_ROUTE;
+	mib[2] = 0;             /* protocol */
+	mib[3] = 0;             /* wildcard address family */
+	mib[4] = GIM_SYSCTL_MIB;
+	mib[5] = 0;             /* no flags */
+	do {
+		if (sysctl(mib, 6, NULL, &needed, NULL, 0) < 0)
+			return (-1);
+		if ((buf = (char *)malloc(needed)) == NULL)
+			return (-1);
+		if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0) {
+			if (errno != ENOMEM || ++ntry >= MAX_SYSCTL_TRY) {
+				free(buf);
+				return (-1);
+			}
+			free(buf);
+			buf = NULL;
+		}
+	} while (buf == NULL);
+
+	for (next = buf; next < buf + needed; next += rtm->rtm_msglen) {
+		rtm = (struct rt_msghdr *)(void *)next;
+		if (rtm->rtm_version != RTM_VERSION)
+			continue;
+		switch (rtm->rtm_type) {
+			case GIM_RTM_ADDR:
+				ifmam = (struct ifma_msghdr2 *)(void *)rtm;
+				if ((ifmam->ifmam_addrs & RTA_IFA) == 0)
+					break;
+				icnt++;
+				p = (char *)(ifmam + 1);
+				for (i = 0; i < RTAX_MAX; i++) {
+					if ((RTA_MASKS & ifmam->ifmam_addrs &
+						 (1 << i)) == 0)
+						continue;
+					sa = (struct sockaddr *)(void *)p;
+					len = SA_RLEN(sa);
+					dcnt += len;
+					p += len;
+				}
+				break;
+		}
+	}
+
+	data = (char *)malloc(sizeof(struct _intl_ifmaddrs) * icnt + dcnt);
+	if (data == NULL) {
+		free(buf);
+		return (-1);
+	}
+
+	ifa = (struct _intl_ifmaddrs *)(void *)data;
+	data += sizeof(struct _intl_ifmaddrs) * icnt;
+
+	memset(ifa, 0, sizeof(struct _intl_ifmaddrs) * icnt);
+	ift = ifa;
+
+	for (next = buf; next < buf + needed; next += rtm->rtm_msglen) {
+		rtm = (struct rt_msghdr *)(void *)next;
+		if (rtm->rtm_version != RTM_VERSION)
+			continue;
+
+		switch (rtm->rtm_type) {
+			case GIM_RTM_ADDR:
+				ifmam = (struct ifma_msghdr2 *)(void *)rtm;
+				if ((ifmam->ifmam_addrs & RTA_IFA) == 0)
+					break;
+
+				p = (char *)(ifmam + 1);
+				for (i = 0; i < RTAX_MAX; i++) {
+					if ((RTA_MASKS & ifmam->ifmam_addrs &
+						 (1 << i)) == 0)
+						continue;
+					sa = (struct sockaddr *)(void *)p;
+					len = SA_RLEN(sa);
+					switch (i) {
+						case RTAX_GATEWAY:
+							ift->ifma_lladdr =
+							(struct sockaddr *)(void *)data;
+							memcpy(data, p, len);
+							data += len;
+							break;
+
+						case RTAX_IFP:
+							ift->ifma_name =
+							(struct sockaddr *)(void *)data;
+							memcpy(data, p, len);
+							data += len;
+							break;
+
+						case RTAX_IFA:
+							ift->ifma_addr =
+							(struct sockaddr *)(void *)data;
+							memcpy(data, p, len);
+							data += len;
+							break;
+
+						default:
+							data += len;
+							break;
+					}
+					p += len;
+				}
+				ift->ifma_next = ift + 1;
+				ift = ift->ifma_next;
+				break;
+		}
+	}
+
+	free(buf);
+
+	if (ift > ifa) {
+		ift--;
+		ift->ifma_next = NULL;
+		*pif = ifa;
+	} else {
+		*pif = NULL;
+		free(ifa);
+	}
+	return (0);
+}
+
+static inline void _intl_freeifmaddrs(struct _intl_ifmaddrs *ifmp)
+{
+	free(ifmp);
+}
+
+// --------------------------------------------------------------------------
+// --------------------------------------------------------------------------
+
+#include <string>
+#include <map>
+#include <set>
+#include <algorithm>
+
+#include "../node/Constants.hpp"
+#include "../node/Utils.hpp"
+#include "../node/Mutex.hpp"
+#include "../node/Dictionary.hpp"
+#include "Arp.hpp"
+#include "OSUtils.hpp"
+#include "OSXEthernetTap.hpp"
+
+// ff:ff:ff:ff:ff:ff with no ADI
+static const ZeroTier::MulticastGroup _blindWildcardMulticastGroup(ZeroTier::MAC(0xff),0);
+
+static inline bool _setIpv6Stuff(const char *ifname,bool performNUD,bool acceptRouterAdverts)
+{
+	struct in6_ndireq nd;
+	struct in6_ifreq ifr;
+
+	int s = socket(AF_INET6,SOCK_DGRAM,0);
+	if (s <= 0)
+		return false;
+
+	memset(&nd,0,sizeof(nd));
+	strncpy(nd.ifname,ifname,sizeof(nd.ifname));
+
+	if (ioctl(s,SIOCGIFINFO_IN6,&nd)) {
+		close(s);
+		return false;
+	}
+
+	unsigned long oldFlags = (unsigned long)nd.ndi.flags;
+
+	if (performNUD)
+		nd.ndi.flags |= ND6_IFF_PERFORMNUD;
+	else nd.ndi.flags &= ~ND6_IFF_PERFORMNUD;
+
+	if (oldFlags != (unsigned long)nd.ndi.flags) {
+		if (ioctl(s,SIOCSIFINFO_FLAGS,&nd)) {
+			close(s);
+			return false;
+		}
+	}
+
+	memset(&ifr,0,sizeof(ifr));
+	strncpy(ifr.ifr_name,ifname,sizeof(ifr.ifr_name));
+	if (ioctl(s,acceptRouterAdverts ? SIOCAUTOCONF_START : SIOCAUTOCONF_STOP,&ifr)) {
+		close(s);
+		return false;
+	}
+
+	close(s);
+	return true;
+}
+
+// Create an OSX-native utun device (utun# where # is desiredNumber)
+// Adapted from public domain utun example code by Jonathan Levin
+static int _make_utun(int desiredNumber)
+{
+	struct sockaddr_ctl sc;
+	struct ctl_info ctlInfo;
+	struct ifreq ifr;
+
+	memset(&ctlInfo, 0, sizeof(ctlInfo));
+	if (strlcpy(ctlInfo.ctl_name, UTUN_CONTROL_NAME, sizeof(ctlInfo.ctl_name)) >= sizeof(ctlInfo.ctl_name)) {
+		return -1;
+	}
+
+	int fd = socket(PF_SYSTEM, SOCK_DGRAM, SYSPROTO_CONTROL);
+	if (fd == -1)
+		return -1;
+	if (ioctl(fd, CTLIOCGINFO, &ctlInfo) == -1) {
+		close(fd);
+		return -1;
+	}
+
+	sc.sc_id = ctlInfo.ctl_id;
+	sc.sc_len = sizeof(sc);
+	sc.sc_family = AF_SYSTEM;
+	sc.ss_sysaddr = AF_SYS_CONTROL;
+	sc.sc_unit = desiredNumber + 1;
+
+	if (connect(fd, (struct sockaddr *)&sc, sizeof(sc)) == -1) {
+		close(fd);
+		return -1;
+	}
+
+	memset(&ifr,0,sizeof(ifr));
+	sprintf(ifr.ifr_name,"utun%d",desiredNumber);
+	if (ioctl(fd,SIOCGIFFLAGS,(void *)&ifr) < 0) {
+		printf("SIOCGIFFLAGS failed\n");
+	}
+	ifr.ifr_flags &= ~IFF_POINTOPOINT;
+	if (ioctl(fd,SIOCSIFFLAGS,(void *)&ifr) < 0) {
+		printf("clear IFF_POINTOPOINT failed\n");
+	}
+
+	return fd;
+}
+
+namespace ZeroTier {
+
+static long globalTapsRunning = 0;
+static Mutex globalTapCreateLock;
+
+OSXEthernetTap::OSXEthernetTap(
+	const char *homePath,
+	const MAC &mac,
+	unsigned int mtu,
+	unsigned int metric,
+	uint64_t nwid,
+	const char *friendlyName,
+	void (*handler)(void *,uint64_t,const MAC &,const MAC &,unsigned int,unsigned int,const void *data,unsigned int len),
+	void *arg) :
+	_handler(handler),
+	_arg(arg),
+	_arp((Arp *)0),
+	_nwid(nwid),
+	_homePath(homePath),
+	_mtu(mtu),
+	_metric(metric),
+	_fd(0),
+	_utun(false),
+	_enabled(true)
+{
+	char devpath[64],ethaddr[64],mtustr[32],metstr[32],nwids[32];
+	struct stat stattmp;
+
+	Utils::snprintf(nwids,sizeof(nwids),"%.16llx",nwid);
+
+	if (mtu > 2800)
+		throw std::runtime_error("max tap MTU is 2800");
+
+	Mutex::Lock _gl(globalTapCreateLock);
+
+	// Read remembered previous device name, if any -- we'll try to reuse
+	Dictionary devmap;
+	std::string desiredDevice;
+	{
+		std::string devmapbuf;
+		if (OSUtils::readFile((_homePath + ZT_PATH_SEPARATOR_S + "devicemap").c_str(),devmapbuf)) {
+			devmap.fromString(devmapbuf);
+			desiredDevice = devmap.get(nwids,"");
+		}
+	}
+
+	if (::stat((_homePath + ZT_PATH_SEPARATOR_S + "tap.kext").c_str(),&stattmp) == 0) {
+		// Try to init kext if it's there, otherwise revert to utun mode
+
+		if (::stat("/dev/zt0",&stattmp)) {
+			long kextpid = (long)vfork();
+			if (kextpid == 0) {
+				::chdir(homePath);
+				OSUtils::redirectUnixOutputs("/dev/null",(const char *)0);
+				::execl("/sbin/kextload","/sbin/kextload","-q","-repository",homePath,"tap.kext",(const char *)0);
+				::_exit(-1);
+			} else if (kextpid > 0) {
+				int exitcode = -1;
+				::waitpid(kextpid,&exitcode,0);
+			}
+			::usleep(500); // give tap device driver time to start up and try again
+			if (::stat("/dev/zt0",&stattmp))
+				_utun = true;
+		}
+
+		if (!_utun) {
+			// See if we can re-use the last device we had.
+			bool recalledDevice = false;
+			if (desiredDevice.length() > 2) {
+				Utils::snprintf(devpath,sizeof(devpath),"/dev/%s",desiredDevice.c_str());
+				if (stat(devpath,&stattmp) == 0) {
+					_fd = ::open(devpath,O_RDWR);
+					if (_fd > 0) {
+						_dev = desiredDevice;
+						recalledDevice = true;
+					}
+				}
+			}
+
+			// Open the first unused tap device if we didn't recall a previous one.
+			if (!recalledDevice) {
+				for(int i=0;i<64;++i) {
+					Utils::snprintf(devpath,sizeof(devpath),"/dev/zt%d",i);
+					if (stat(devpath,&stattmp)) {
+						_utun = true;
+						break;
+					}
+					_fd = ::open(devpath,O_RDWR);
+					if (_fd > 0) {
+						char foo[16];
+						Utils::snprintf(foo,sizeof(foo),"zt%d",i);
+						_dev = foo;
+						break;
+					}
+				}
+			}
+			if (_fd <= 0)
+				_utun = true;
+		}
+	} else {
+		_utun = true;
+	}
+
+	if (_utun) {
+		// Use OSX built-in utun device if kext is not available or doesn't work
+
+		int utunNo = 0;
+
+		if ((desiredDevice.length() > 4)&&(desiredDevice.substr(0,4) == "utun")) {
+			utunNo = Utils::strToInt(desiredDevice.substr(4).c_str());
+			if (utunNo >= 0)
+				_fd = _make_utun(utunNo);
+		}
+
+		if (_fd <= 0) {
+			// Start at utun8 to leave lower utuns unused since other stuff might
+			// want them -- OpenVPN, cjdns, etc. I'm not sure if those are smart
+			// enough to scan upward like this.
+			for(utunNo=8;utunNo<=256;++utunNo) {
+				if ((_fd = _make_utun(utunNo)) > 0)
+					break;
+			}
+		}
+
+		if (_fd <= 0)
+			throw std::runtime_error("unable to find/load ZeroTier tap driver OR use built-in utun driver in OSX; permission or system problem or too many open devices?");
+
+		Utils::snprintf(devpath,sizeof(devpath),"utun%d",utunNo);
+		_dev = devpath;
+
+		// Configure address and bring it up
+		Utils::snprintf(mtustr,sizeof(mtustr),"%u",_mtu);
+		Utils::snprintf(metstr,sizeof(metstr),"%u",_metric);
+		long cpid = (long)vfork();
+		if (cpid == 0) {
+			::execl("/sbin/ifconfig","/sbin/ifconfig",_dev.c_str(),"mtu",mtustr,"metric",metstr,"up",(const char *)0);
+			::_exit(-1);
+		} else if (cpid > 0) {
+			int exitcode = -1;
+			::waitpid(cpid,&exitcode,0);
+			if (exitcode) {
+				::close(_fd);
+				throw std::runtime_error("ifconfig failure activating utun interface");
+			}
+		}
+
+	} else {
+		// Use our ZeroTier OSX tun/tap driver for zt# Ethernet tap device
+
+		if (fcntl(_fd,F_SETFL,fcntl(_fd,F_GETFL) & ~O_NONBLOCK) == -1) {
+			::close(_fd);
+			throw std::runtime_error("unable to set flags on file descriptor for TAP device");
+		}
+
+		// Configure MAC address and MTU, bring interface up
+		Utils::snprintf(ethaddr,sizeof(ethaddr),"%.2x:%.2x:%.2x:%.2x:%.2x:%.2x",(int)mac[0],(int)mac[1],(int)mac[2],(int)mac[3],(int)mac[4],(int)mac[5]);
+		Utils::snprintf(mtustr,sizeof(mtustr),"%u",_mtu);
+		Utils::snprintf(metstr,sizeof(metstr),"%u",_metric);
+		long cpid = (long)vfork();
+		if (cpid == 0) {
+			::execl("/sbin/ifconfig","/sbin/ifconfig",_dev.c_str(),"lladdr",ethaddr,"mtu",mtustr,"metric",metstr,"up",(const char *)0);
+			::_exit(-1);
+		} else if (cpid > 0) {
+			int exitcode = -1;
+			::waitpid(cpid,&exitcode,0);
+			if (exitcode) {
+				::close(_fd);
+				throw std::runtime_error("ifconfig failure setting link-layer address and activating tap interface");
+			}
+		}
+
+		_setIpv6Stuff(_dev.c_str(),true,false);
+	}
+
+	// Set close-on-exec so that devices cannot persist if we fork/exec for update
+	fcntl(_fd,F_SETFD,fcntl(_fd,F_GETFD) | FD_CLOEXEC);
+
+	::pipe(_shutdownSignalPipe);
+
+	++globalTapsRunning;
+
+	devmap[nwids] = _dev;
+	OSUtils::writeFile((_homePath + ZT_PATH_SEPARATOR_S + "devicemap").c_str(),devmap.toString());
+
+	_thread = Thread::start(this);
+}
+
+OSXEthernetTap::~OSXEthernetTap()
+{
+	Mutex::Lock _gl(globalTapCreateLock);
+
+	::write(_shutdownSignalPipe[1],(const void *)this,1); // writing a byte causes thread to exit
+	Thread::join(_thread);
+
+	::close(_fd);
+	::close(_shutdownSignalPipe[0]);
+	::close(_shutdownSignalPipe[1]);
+
+	if (_utun) {
+		delete _arp;
+	} else {
+		if (--globalTapsRunning <= 0) {
+			globalTapsRunning = 0; // sanity check -- should not be possible
+
+			char tmp[16384];
+			sprintf(tmp,"%s/%s",_homePath.c_str(),"tap.kext");
+			long kextpid = (long)vfork();
+			if (kextpid == 0) {
+				OSUtils::redirectUnixOutputs("/dev/null",(const char *)0);
+				::execl("/sbin/kextunload","/sbin/kextunload",tmp,(const char *)0);
+				::_exit(-1);
+			} else if (kextpid > 0) {
+				int exitcode = -1;
+				::waitpid(kextpid,&exitcode,0);
+			}
+		}
+	}
+}
+
+void OSXEthernetTap::setEnabled(bool en)
+{
+	_enabled = en;
+	// TODO: interface status change
+}
+
+bool OSXEthernetTap::enabled() const
+{
+	return _enabled;
+}
+
+static bool ___removeIp(const std::string &_dev,const InetAddress &ip)
+{
+	long cpid = (long)vfork();
+	if (cpid == 0) {
+		execl("/sbin/ifconfig","/sbin/ifconfig",_dev.c_str(),"inet",ip.toIpString().c_str(),"-alias",(const char *)0);
+		_exit(-1);
+	} else if (cpid > 0) {
+		int exitcode = -1;
+		waitpid(cpid,&exitcode,0);
+		return (exitcode == 0);
+	}
+	return false; // never reached, make compiler shut up about return value
+}
+
+bool OSXEthernetTap::addIp(const InetAddress &ip)
+{
+	if (!ip)
+		return false;
+
+	std::vector<InetAddress> allIps(ips());
+	if (std::binary_search(allIps.begin(),allIps.end(),ip))
+		return true;
+
+	// Remove and reconfigure if address is the same but netmask is different
+	for(std::vector<InetAddress>::iterator i(allIps.begin());i!=allIps.end();++i) {
+		if ((i->ipsEqual(ip))&&(i->netmaskBits() != ip.netmaskBits())) {
+			if (___removeIp(_dev,*i))
+				break;
+		}
+	}
+
+	if (_utun) {
+		long cpid = (long)vfork();
+		if (cpid == 0) {
+			if (ip.ss_family == AF_INET6) {
+				::execl("/sbin/ifconfig","/sbin/ifconfig",_dev.c_str(),"inet6",ip.toString().c_str(),"alias",(const char *)0);
+			} else {
+				::execl("/sbin/ifconfig","/sbin/ifconfig",_dev.c_str(),ip.toString().c_str(),ip.toIpString().c_str(),"alias",(const char *)0);
+			}
+			::_exit(-1);
+		} else if (cpid > 0) {
+			int exitcode = -1;
+			::waitpid(cpid,&exitcode,0);
+
+			if (exitcode == 0) {
+				if (ip.ss_family == AF_INET) {
+					// Add route to network over tun for IPv4 -- otherwise it behaves
+					// as a simple point to point tunnel instead of a true route.
+					cpid = (long)vfork();
+					if (cpid == 0) {
+						::close(STDERR_FILENO);
+						::close(STDOUT_FILENO);
+						::execl("/sbin/route","/sbin/route","add",ip.network().toString().c_str(),ip.toIpString().c_str(),(const char *)0);
+						::exit(-1);
+					} else if (cpid > 0) {
+						int exitcode = -1;
+						::waitpid(cpid,&exitcode,0);
+						return (exitcode == 0);
+					}
+				} else return true;
+			}
+		}
+	} else {
+		long cpid = (long)vfork();
+		if (cpid == 0) {
+			::execl("/sbin/ifconfig","/sbin/ifconfig",_dev.c_str(),ip.isV4() ? "inet" : "inet6",ip.toString().c_str(),"alias",(const char *)0);
+			::_exit(-1);
+		} else if (cpid > 0) {
+			int exitcode = -1;
+			::waitpid(cpid,&exitcode,0);
+			return (exitcode == 0);
+		}
+	}
+
+	return false;
+}
+
+bool OSXEthernetTap::removeIp(const InetAddress &ip)
+{
+	if (!ip)
+		return true;
+	std::vector<InetAddress> allIps(ips());
+	if (!std::binary_search(allIps.begin(),allIps.end(),ip)) {
+		if (___removeIp(_dev,ip))
+			return true;
+	}
+	return false;
+}
+
+std::vector<InetAddress> OSXEthernetTap::ips() const
+{
+	struct ifaddrs *ifa = (struct ifaddrs *)0;
+	if (getifaddrs(&ifa))
+		return std::vector<InetAddress>();
+
+	std::vector<InetAddress> r;
+
+	struct ifaddrs *p = ifa;
+	while (p) {
+		if ((!strcmp(p->ifa_name,_dev.c_str()))&&(p->ifa_addr)&&(p->ifa_netmask)&&(p->ifa_addr->sa_family == p->ifa_netmask->sa_family)) {
+			switch(p->ifa_addr->sa_family) {
+				case AF_INET: {
+					struct sockaddr_in *sin = (struct sockaddr_in *)p->ifa_addr;
+					struct sockaddr_in *nm = (struct sockaddr_in *)p->ifa_netmask;
+					r.push_back(InetAddress(&(sin->sin_addr.s_addr),4,Utils::countBits((uint32_t)nm->sin_addr.s_addr)));
+				}	break;
+				case AF_INET6: {
+					struct sockaddr_in6 *sin = (struct sockaddr_in6 *)p->ifa_addr;
+					struct sockaddr_in6 *nm = (struct sockaddr_in6 *)p->ifa_netmask;
+					uint32_t b[4];
+					memcpy(b,nm->sin6_addr.s6_addr,sizeof(b));
+					r.push_back(InetAddress(sin->sin6_addr.s6_addr,16,Utils::countBits(b[0]) + Utils::countBits(b[1]) + Utils::countBits(b[2]) + Utils::countBits(b[3])));
+				}	break;
+			}
+		}
+		p = p->ifa_next;
+	}
+
+	if (ifa)
+		freeifaddrs(ifa);
+
+	std::sort(r.begin(),r.end());
+	std::unique(r.begin(),r.end());
+
+	return r;
+}
+
+void OSXEthernetTap::put(const MAC &from,const MAC &to,unsigned int etherType,const void *data,unsigned int len)
+{
+	char putBuf[4096];
+	if ((_fd > 0)&&(len <= _mtu)&&(_enabled)) {
+		to.copyTo(putBuf,6);
+		from.copyTo(putBuf + 6,6);
+		*((uint16_t *)(putBuf + 12)) = htons((uint16_t)etherType);
+		memcpy(putBuf + 14,data,len);
+		len += 14;
+		::write(_fd,putBuf,len);
+	}
+}
+
+std::string OSXEthernetTap::deviceName() const
+{
+	return _dev;
+}
+
+void OSXEthernetTap::setFriendlyName(const char *friendlyName)
+{
+}
+
+void OSXEthernetTap::scanMulticastGroups(std::vector<MulticastGroup> &added,std::vector<MulticastGroup> &removed)
+{
+	std::vector<MulticastGroup> newGroups;
+
+	struct _intl_ifmaddrs *ifmap = (struct _intl_ifmaddrs *)0;
+	if (!_intl_getifmaddrs(&ifmap)) {
+		struct _intl_ifmaddrs *p = ifmap;
+		while (p) {
+			if (p->ifma_addr->sa_family == AF_LINK) {
+				struct sockaddr_dl *in = (struct sockaddr_dl *)p->ifma_name;
+				struct sockaddr_dl *la = (struct sockaddr_dl *)p->ifma_addr;
+				if ((la->sdl_alen == 6)&&(in->sdl_nlen <= _dev.length())&&(!memcmp(_dev.data(),in->sdl_data,in->sdl_nlen)))
+					newGroups.push_back(MulticastGroup(MAC(la->sdl_data + la->sdl_nlen,6),0));
+			}
+			p = p->ifma_next;
+		}
+		_intl_freeifmaddrs(ifmap);
+	}
+
+	std::vector<InetAddress> allIps(ips());
+	for(std::vector<InetAddress>::iterator ip(allIps.begin());ip!=allIps.end();++ip)
+		newGroups.push_back(MulticastGroup::deriveMulticastGroupForAddressResolution(*ip));
+
+	std::sort(newGroups.begin(),newGroups.end());
+	std::unique(newGroups.begin(),newGroups.end());
+
+	for(std::vector<MulticastGroup>::iterator m(newGroups.begin());m!=newGroups.end();++m) {
+		if (!std::binary_search(_multicastGroups.begin(),_multicastGroups.end(),*m))
+			added.push_back(*m);
+	}
+	for(std::vector<MulticastGroup>::iterator m(_multicastGroups.begin());m!=_multicastGroups.end();++m) {
+		if (!std::binary_search(newGroups.begin(),newGroups.end(),*m))
+			removed.push_back(*m);
+	}
+
+	_multicastGroups.swap(newGroups);
+}
+
+void OSXEthernetTap::threadMain()
+	throw()
+{
+	fd_set readfds,nullfds;
+	MAC to,from;
+	int n,nfds,r;
+	char getBuf[8194];
+
+	Thread::sleep(500);
+
+	FD_ZERO(&readfds);
+	FD_ZERO(&nullfds);
+	nfds = (int)std::max(_shutdownSignalPipe[0],_fd) + 1;
+
+	r = 0;
+	for(;;) {
+		FD_SET(_shutdownSignalPipe[0],&readfds);
+		FD_SET(_fd,&readfds);
+		select(nfds,&readfds,&nullfds,&nullfds,(struct timeval *)0);
+
+		if (FD_ISSET(_shutdownSignalPipe[0],&readfds)) // writes to shutdown pipe terminate thread
+			break;
+
+		if (FD_ISSET(_fd,&readfds)) {
+			n = (int)::read(_fd,getBuf + r,sizeof(getBuf) - r);
+			if (n < 0) {
+				if ((errno != EINTR)&&(errno != ETIMEDOUT))
+					break;
+			} else {
+				// Some tap drivers like to send the ethernet frame and the
+				// payload in two chunks, so handle that by accumulating
+				// data until we have at least a frame.
+				r += n;
+				if (r > 14) {
+					if (r > ((int)_mtu + 14)) // sanity check for weird TAP behavior on some platforms
+						r = _mtu + 14;
+
+					if (_enabled) {
+						to.setTo(getBuf,6);
+						from.setTo(getBuf + 6,6);
+						unsigned int etherType = ntohs(((const uint16_t *)getBuf)[6]);
+						// TODO: VLAN support
+						_handler(_arg,_nwid,from,to,etherType,0,(const void *)(getBuf + 14),r - 14);
+					}
+
+					r = 0;
+				}
+			}
+		}
+	}
+}
+
+} // namespace ZeroTier
diff --git a/attic/OSXEthernetTap.hpp.pcap-with-bridge-test b/attic/OSXEthernetTap.hpp.pcap-with-bridge-test
new file mode 100644
index 0000000..33f1948
--- /dev/null
+++ b/attic/OSXEthernetTap.hpp.pcap-with-bridge-test
@@ -0,0 +1,96 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+#ifndef ZT_OSXETHERNETTAP_HPP
+#define ZT_OSXETHERNETTAP_HPP
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <stdexcept>
+#include <string>
+#include <vector>
+
+#include "../node/Constants.hpp"
+#include "../node/MAC.hpp"
+#include "../node/InetAddress.hpp"
+#include "../node/MulticastGroup.hpp"
+
+#include "Thread.hpp"
+
+namespace ZeroTier {
+
+/**
+ * OSX Ethernet tap using ZeroTier kernel extension zt# devices
+ */
+class OSXEthernetTap
+{
+public:
+	OSXEthernetTap(
+		const char *homePath,
+		const MAC &mac,
+		unsigned int mtu,
+		unsigned int metric,
+		uint64_t nwid,
+		const char *friendlyName,
+		void (*handler)(void *,uint64_t,const MAC &,const MAC &,unsigned int,unsigned int,const void *,unsigned int),
+		void *arg);
+
+	~OSXEthernetTap();
+
+	inline void setEnabled(bool en) { _enabled = en; }
+	inline bool enabled() const { return _enabled; }
+	bool addIp(const InetAddress &ip);
+	bool removeIp(const InetAddress &ip);
+	std::vector<InetAddress> ips() const;
+	void put(const MAC &from,const MAC &to,unsigned int etherType,const void *data,unsigned int len);
+	std::string deviceName() const;
+	void setFriendlyName(const char *friendlyName);
+	void scanMulticastGroups(std::vector<MulticastGroup> &added,std::vector<MulticastGroup> &removed);
+
+	void threadMain()
+		throw();
+
+	// Private members of OSXEthernetTap have public visibility to be accessable
+	// from an internal bounce function; don't modify directly.
+	void (*_handler)(void *,uint64_t,const MAC &,const MAC &,unsigned int,unsigned int,const void *,unsigned int);
+	void *_arg;
+	void *_pcap; // pcap_t *
+	uint64_t _nwid;
+	MAC _mac;
+	Thread _thread;
+	std::string _homePath;
+	std::string _dev;
+	std::vector<MulticastGroup> _multicastGroups;
+	unsigned int _mtu;
+	unsigned int _metric;
+	volatile bool _enabled;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/attic/OSXEthernetTap.hpp.utun-work-in-progress b/attic/OSXEthernetTap.hpp.utun-work-in-progress
new file mode 100644
index 0000000..8ece87b
--- /dev/null
+++ b/attic/OSXEthernetTap.hpp.utun-work-in-progress
@@ -0,0 +1,101 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+#ifndef ZT_OSXETHERNETTAP_HPP
+#define ZT_OSXETHERNETTAP_HPP
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <stdexcept>
+#include <string>
+#include <vector>
+
+#include "../node/Constants.hpp"
+#include "../node/MAC.hpp"
+#include "../node/InetAddress.hpp"
+#include "../node/MulticastGroup.hpp"
+
+#include "Thread.hpp"
+
+namespace ZeroTier {
+
+class Arp;
+
+/**
+ * OSX Ethernet tap supporting either ZeroTier tun/tap kext or OSX-native utun
+ */
+class OSXEthernetTap
+{
+public:
+	OSXEthernetTap(
+		const char *homePath,
+		const MAC &mac,
+		unsigned int mtu,
+		unsigned int metric,
+		uint64_t nwid,
+		const char *friendlyName,
+		void (*handler)(void *,uint64_t,const MAC &,const MAC &,unsigned int,unsigned int,const void *,unsigned int),
+		void *arg);
+
+	~OSXEthernetTap();
+
+	void setEnabled(bool en);
+	bool enabled() const;
+	bool addIp(const InetAddress &ip);
+	bool removeIp(const InetAddress &ip);
+	std::vector<InetAddress> ips() const;
+	void put(const MAC &from,const MAC &to,unsigned int etherType,const void *data,unsigned int len);
+	std::string deviceName() const;
+	void setFriendlyName(const char *friendlyName);
+	void scanMulticastGroups(std::vector<MulticastGroup> &added,std::vector<MulticastGroup> &removed);
+
+	inline bool isNativeUtun() const { return _utun; }
+
+	void threadMain()
+		throw();
+
+private:
+	void (*_handler)(void *,uint64_t,const MAC &,const MAC &,unsigned int,unsigned int,const void *,unsigned int);
+	void *_arg;
+	Arp *_arp; // created and used if utun is enabled
+	uint64_t _nwid;
+	Thread _thread;
+	std::string _homePath;
+	std::string _dev;
+	std::vector<MulticastGroup> _multicastGroups;
+	unsigned int _mtu;
+	unsigned int _metric;
+	int _fd;
+	int _shutdownSignalPipe[2];
+	bool _utun;
+	volatile bool _enabled;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/attic/README.md b/attic/README.md
new file mode 100644
index 0000000..768bccd
--- /dev/null
+++ b/attic/README.md
@@ -0,0 +1,4 @@
+Retired Code and Miscellaneous Junk
+======
+
+This directory is for old code that isn't used but we don't want to lose track of, and for anything else random like debug scripts.
diff --git a/attic/SECURITY.md b/attic/SECURITY.md
new file mode 100644
index 0000000..5ca125e
--- /dev/null
+++ b/attic/SECURITY.md
@@ -0,0 +1,84 @@
+ZeroTier Security
+======
+
+## Summary
+
+
+## Using ZeroTier Securely
+
+### Overall Recommendations
+
+*TL;DR: same as anything else: defense in depth defense in depth defense in depth.*
+
+We encourage our users to treat private ZeroTier networks as being rougly equivalent in security to WPA2-enterprise securied WiFi or on-premise wired Ethernet. (Public networks on the other hand are open by design.) That means they're networks with perimeters, but like all networks the compromise of any participating device or network controller allows an attacker to breach this perimeter.
+
+**Never trust the network.** Many modern security professionals discourage reliance on network perimeters as major components in any security strategy, and we strongly agree regardless of whether your network is physical or virtual.
+
+As part of a defense in depth approach **we specifically encourage the use of other secure protocols and authentication systems over ZeroTier networks**. While the use of secure encrypted protocols like SSH and SSL over ZeroTier adds a bit more overhead, it greatly reduces the chance of total compromise.
+
+Imagine that the per-day probability of a major "0-day" security flaw in ZeroTier and OpenSSH are both roughly 0.001 or one per thousand days. Using both at the same time gives you a cumulative 0-day risk of roughly 0.000001 or one per one million days.
+
+Those are made-up numbers. In reality these probabilities can't be known ahead of time. History shows that a 0-day could be found in anything tomorrow, next week, or never. But layers of security give you an overall posture that is the product -- more than the sum -- of its parts. That's how defense in depth works.
+
+### ZeroTier Specifics
+
+#### Protect Your Identity
+
+Each ZeroTier device has an identity. The secret portion of this identity is stored in a file called "identity.secret." *Protect this file.* If it's stolen your device's identity (as represented by its 10-digit ZeroTier address) can easily be stolen or impersonated and your traffic can be decrypted or man-in-the-middle'd.
+
+#### Protect Your Controller
+
+The second major component of ZeroTier network security is the network controller. It's responsible for issuing certificates and configuration information to all network members. That makes it a certificate authority. Compromise of the controller allows an attacker to join or disrupt any network the controller controls. It does *not*, however, allow an attacker to decrypt peer to peer unicast traffic.
+
+If you are using our controller-as-a-service at [my.zerotier.com](https://my.zerotier.com), you are delegating this responsibility to us.
+
+## Security Priorities
+
+These are our security "must-haves." If the system fails in any of these objectives it is broken.
+
+* ZeroTier must be secure against remote vulnerabilities. This includes things like unauthorized remote control, remote penetration of the device using ZeroTier as a vector, or remote injection of malware.
+
+* The content (but not meta-data) of communication must be secure against eavesdropping on the wire by any known means. (We can't warrant against secret vulnerabilities against ciphers, etc., or anything else we don't know about.)
+
+* Communication must be secure against man-in-the-middle attacks and remote device impersonation.
+
+## Security Non-Priorities
+
+There are a few aspects of security we knowingly do not address, since doing so would be beyond scope or would conflict too greatly with other priorities.
+
+* ZeroTier makes no effort to conceal communication meta-data such as source and destination addresses and the amount of information transferred between peers. To do this more or less requires onion routing or other "heavy" approaches to anonymity, and this is beyond scope.
+
+* ZeroTier does not implement complex certificate chains, X.509, or other feature-rich (some would say feature-laden) cryptographic stuff. We only implement the crypto we need to get the job done.
+
+* We don't take extraordinary measures to preserve security under conditions in which an endpoint device has been penetrated by other means (e.g. "rooted" by third party malware) or physicall compromised. If someone steals your keys they've stolen your keys, and if they've "pwned" your device they can easily eavesdrop on everything directly.
+
+## Insecurities and Areas for Improvement
+
+The only perfectly secure system is one that is off. All real world systems have potential security weaknesses. If possible, we like to know what these are and acknowledge their existence.
+
+In some cases we plan to improve these. In other cases we have deliberately decided to "punt" on them in favor of some other priority (see philosophy). We may or may not revisit this decision in the future.
+
+* We don't implement forward secrecy / ephemeral keys. A [discussion of this can be found at the closed GitHub issue for this feature](https://github.com/zerotier/ZeroTierOne/issues/204). In short: we've decided to "punt" on this feature because it introduces complexity and state negotiation. One of the design goals of ZeroTier is "reliability convergence" -- the reliability of ZeroTier virtual networks should rapidly converge with that of the underlying physical wire. Any state that must be negotiated prior to communication multiplies the probability of delay or failure due to packet loss. We *may* revisit this decision at a later date.
+
+## Secure Coding Practices
+
+The first line of defense employed against remote vulnerabilities and other major security flaws is the use of secure coding practices. These are, in no particular order:
+
+* All parsing of remote messages is performed via higher level safe bounds-checked data structures and interfaces. See node/Buffer.hpp for one of the core elements of this.
+ 
+* C++ exceptions are used to ensure that any unhandled failure or error condition (such as a bounds checking violation) results in the safe and complete termination of message processing. Invalid messages are dropped and ignored.
+ 
+* Minimalism is a secure coding practice. There is an exponential relationship between complexity and the probability of bugs, and complex designs are much harder to audit and reason about.
+
+* Our build scripts try to enable any OS and compiler level security features such as ASLR and "stack canaries" on non-debug builds.
+
+## Cryptographic Security Practices
+
+* We use [boring crypto](https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf). A single symmetric algorithm (Salsa20/12), a single asymmetric algorithm (Curve25519 ECDH-256), and a single MAC (Poly1305). The way these algorithms are used is identical to how they're used in the NaCl reference implementation. The protocol supports selection of alternative algorithms but only for "future proofing" in the case that a serious flaw is discovered in any of these. Avoding algorithm bloat and cryptographic state negotiation helps guard against down-grade, "oracle," and other protocol level attacks.
+
+* Authenticated encryption is employed with authentication being performed prior to any other operations on received messages. See also: [the cryptographic doom principle](https://moxie.org/blog/the-cryptographic-doom-principle/).
+
+* "Never branch on anything secret" -- deterministic-time comparisons and other operations are used in cryptographic operations. See Utils::secureEq() in node/Utils.hpp.
+
+* OS-derived crypographic random numbers (/dev/urandom or Windows CryptGenRandom) are further randomized using encryption by a secondary key with a secondary source of entropy to guard against CSPRNG bugs. Such OS-level CSPRNG bugs have been found in the past. See Utils::getSecureRandom() in node/Utils.hpp.
+
diff --git a/attic/big-http-test/2015-11-10_01_50000.out.xz b/attic/big-http-test/2015-11-10_01_50000.out.xz
new file mode 100644
index 0000000..d3e2a66
Binary files /dev/null and b/attic/big-http-test/2015-11-10_01_50000.out.xz differ
diff --git a/attic/big-http-test/2015-11-10_02_50000.out.xz b/attic/big-http-test/2015-11-10_02_50000.out.xz
new file mode 100644
index 0000000..0154da7
Binary files /dev/null and b/attic/big-http-test/2015-11-10_02_50000.out.xz differ
diff --git a/attic/big-http-test/2015-11-10_03_12500_ec2-east-only.out.xz b/attic/big-http-test/2015-11-10_03_12500_ec2-east-only.out.xz
new file mode 100644
index 0000000..3ae3555
Binary files /dev/null and b/attic/big-http-test/2015-11-10_03_12500_ec2-east-only.out.xz differ
diff --git a/attic/big-http-test/Dockerfile b/attic/big-http-test/Dockerfile
new file mode 100644
index 0000000..e19b3fe
--- /dev/null
+++ b/attic/big-http-test/Dockerfile
@@ -0,0 +1,24 @@
+FROM centos:latest
+
+MAINTAINER https://www.zerotier.com/
+
+EXPOSE 9993/udp
+
+ADD nodesource-el.repo /etc/yum.repos.d/nodesource-el.repo
+RUN yum -y update && yum install -y nodejs && yum clean all
+
+RUN mkdir -p /var/lib/zerotier-one
+RUN mkdir -p /var/lib/zerotier-one/networks.d
+RUN touch /var/lib/zerotier-one/networks.d/ffffffffffffffff.conf
+
+ADD package.json /
+RUN npm install
+
+ADD zerotier-one /
+RUN chmod a+x /zerotier-one
+
+ADD agent.js /
+ADD docker-main.sh /
+RUN chmod a+x /docker-main.sh
+
+CMD ["./docker-main.sh"]
diff --git a/attic/big-http-test/README.md b/attic/big-http-test/README.md
new file mode 100644
index 0000000..23a9560
--- /dev/null
+++ b/attic/big-http-test/README.md
@@ -0,0 +1,12 @@
+HTTP one-to-all test
+======
+
+*This is really internal use code. You're free to test it out but expect to do some editing/tweaking to make it work. We used this to run some massive scale tests of our new geo-cluster-based root server infrastructure prior to taking it live.*
+
+Before using this code you will want to edit agent.js to change SERVER_HOST to the IP address of where you will run server.js. This should typically be an open Internet IP, since this makes reporting not dependent upon the thing being tested. Also note that this thing does no security of any kind. It's designed for one-off tests run over a short period of time, not to be anything that runs permanently. You will also want to edit the Dockerfile if you want to build containers and change the network ID to the network you want to run tests over.
+
+This code can be deployed across a large number of VMs or containers to test and benchmark HTTP traffic within a virtual network at scale. The agent acts as a server and can query other agents, while the server collects agent data and tells agents about each other. It's designed to use RFC4193-based ZeroTier IPv6 addresses within the cluster, which allows the easy provisioning of a large cluster without IP conflicts.
+
+The Dockerfile builds an image that launches the agent. The image must be "docker run" with "--device=/dev/net/tun --privileged" to permit it to open a tun/tap device within the container. (Unfortunately CAP_NET_ADMIN may not work due to a bug in Docker and/or Linux.) You can run a bunch with a command like:
+
+    for ((n=0;n<10;n++)); do docker run --device=/dev/net/tun --privileged -d zerotier/http-test; done
diff --git a/attic/big-http-test/agent.js b/attic/big-http-test/agent.js
new file mode 100644
index 0000000..9ab2e01
--- /dev/null
+++ b/attic/big-http-test/agent.js
@@ -0,0 +1,196 @@
+// ZeroTier distributed HTTP test agent
+
+// ---------------------------------------------------------------------------
+// Customizable parameters:
+
+// Time between startup and first test attempt
+var TEST_STARTUP_LAG = 10000;
+
+// Maximum interval between test attempts (actual timing is random % this)
+var TEST_INTERVAL_MAX = (60000 * 10);
+
+// Test timeout in ms
+var TEST_TIMEOUT = 30000;
+
+// Where should I get other agents' IDs and POST results?
+var SERVER_HOST = '52.26.196.147';
+var SERVER_PORT = 18080;
+
+// Which port do agents use to serve up test data to each other?
+var AGENT_PORT = 18888;
+
+// Payload size in bytes
+var PAYLOAD_SIZE = 5000;
+
+// ---------------------------------------------------------------------------
+
+var ipaddr = require('ipaddr.js');
+var os = require('os');
+var http = require('http');
+var async = require('async');
+
+var express = require('express');
+var app = express();
+
+// Find our ZeroTier-assigned RFC4193 IPv6 address
+var thisAgentId = null;
+var interfaces = os.networkInterfaces();
+if (!interfaces) {
+	console.error('FATAL: os.networkInterfaces() failed.');
+	process.exit(1);
+}
+for(var ifname in interfaces) {
+	var ifaddrs = interfaces[ifname];
+	if (Array.isArray(ifaddrs)) {
+		for(var i=0;i<ifaddrs.length;++i) {
+			if (ifaddrs[i].family == 'IPv6') {
+				try {
+					var ipbytes = ipaddr.parse(ifaddrs[i].address).toByteArray();
+					if ((ipbytes.length === 16)&&(ipbytes[0] == 0xfd)&&(ipbytes[9] == 0x99)&&(ipbytes[10] == 0x93)) {
+						thisAgentId = '';
+						for(var j=0;j<16;++j) {
+							var tmp = ipbytes[j].toString(16);
+							if (tmp.length === 1)
+								thisAgentId += '0';
+							thisAgentId += tmp;
+						}
+					}
+				} catch (e) {
+					console.error(e);
+				}
+			}
+		}
+	}
+}
+if (thisAgentId === null) {
+	console.error('FATAL: no ZeroTier-assigned RFC4193 IPv6 addresses found on any local interface!');
+	process.exit(1);
+}
+
+//console.log(thisAgentId);
+
+// Create a random (and therefore not very compressable) payload
+var payload = new Buffer(PAYLOAD_SIZE);
+for(var xx=0;xx<PAYLOAD_SIZE;++xx) {
+	payload.writeUInt8(Math.round(Math.random() * 255.0),xx);
+}
+
+function agentIdToIp(agentId)
+{
+	var ip = '';
+	ip += agentId.substr(0,4);
+	ip += ':';
+	ip += agentId.substr(4,4);
+	ip += ':';
+	ip += agentId.substr(8,4);
+	ip += ':';
+	ip += agentId.substr(12,4);
+	ip += ':';
+	ip += agentId.substr(16,4);
+	ip += ':';
+	ip += agentId.substr(20,4);
+	ip += ':';
+	ip += agentId.substr(24,4);
+	ip += ':';
+	ip += agentId.substr(28,4);
+	return ip;
+};
+
+var lastTestResult = null;
+var allOtherAgents = {};
+
+function doTest()
+{
+	var submit = http.request({
+		host: SERVER_HOST,
+		port: SERVER_PORT,
+		path: '/'+thisAgentId,
+		method: 'POST'
+	},function(res) {
+		var body = '';
+		res.on('data',function(chunk) { body += chunk.toString(); });
+		res.on('end',function() {
+
+			if (body) {
+				try {
+					var peers = JSON.parse(body);
+					if (Array.isArray(peers)) {
+						for(var xx=0;xx<peers.length;++xx)
+							allOtherAgents[peers[xx]] = true;
+					}
+				} catch (e) {}
+			}
+
+			var agents = Object.keys(allOtherAgents);
+			if (agents.length > 1) {
+
+				var target = agents[Math.floor(Math.random() * agents.length)];
+				while (target === thisAgentId)
+					target = agents[Math.floor(Math.random() * agents.length)];
+
+				var testRequest = null;
+				var timeoutId = null;
+				timeoutId = setTimeout(function() {
+					if (testRequest !== null)
+						testRequest.abort();
+					timeoutId = null;
+				},TEST_TIMEOUT);
+				var startTime = Date.now();
+
+				testRequest = http.get({
+					host: agentIdToIp(target),
+					port: AGENT_PORT,
+					path: '/'
+				},function(res) {
+					var bytes = 0;
+					res.on('data',function(chunk) { bytes += chunk.length; });
+					res.on('end',function() {
+						lastTestResult = {
+							source: thisAgentId,
+							target: target,
+							time: (Date.now() - startTime),
+							bytes: bytes,
+							timedOut: (timeoutId === null),
+							error: null
+						};
+						if (timeoutId !== null)
+							clearTimeout(timeoutId);
+						return setTimeout(doTest,Math.round(Math.random() * TEST_INTERVAL_MAX) + 1);
+					});
+				}).on('error',function(e) {
+					lastTestResult = {
+						source: thisAgentId,
+						target: target,
+						time: (Date.now() - startTime),
+						bytes: 0,
+						timedOut: (timeoutId === null),
+						error: e.toString()
+					};
+					if (timeoutId !== null)
+						clearTimeout(timeoutId);
+					return setTimeout(doTest,Math.round(Math.random() * TEST_INTERVAL_MAX) + 1);
+				});
+
+			} else {
+				return setTimeout(doTest,1000);
+			}
+
+		});
+	}).on('error',function(e) {
+		console.log('POST failed: '+e.toString());
+		return setTimeout(doTest,1000);
+	});
+	if (lastTestResult !== null) {
+		submit.write(JSON.stringify(lastTestResult));
+		lastTestResult = null;
+	}
+	submit.end();
+};
+
+// Agents just serve up a test payload
+app.get('/',function(req,res) { return res.status(200).send(payload); });
+
+var expressServer = app.listen(AGENT_PORT,function () {
+	// Start timeout-based loop
+	setTimeout(doTest(),TEST_STARTUP_LAG);
+});
diff --git a/attic/big-http-test/big-test-kill.sh b/attic/big-http-test/big-test-kill.sh
new file mode 100755
index 0000000..fa7f3cc
--- /dev/null
+++ b/attic/big-http-test/big-test-kill.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+# Kills all running Docker containers on all big-test-hosts
+
+export PATH=/bin:/usr/bin:/usr/local/bin:/usr/sbin:/sbin
+
+pssh -h big-test-hosts -x '-t -t' -i -OUserKnownHostsFile=/dev/null -OStrictHostKeyChecking=no -t 0 -p 256 "sudo docker ps -aq | xargs -r sudo docker rm -f"
+
+exit 0
diff --git a/attic/big-http-test/big-test-start.sh b/attic/big-http-test/big-test-start.sh
new file mode 100755
index 0000000..2411eed
--- /dev/null
+++ b/attic/big-http-test/big-test-start.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# More than 500 container seems to result in a lot of sporadic failures, probably due to Linux kernel scaling issues with virtual network ports
+# 250 with a 16GB RAM VM like Amazon m4.xlarge seems good
+NUM_CONTAINERS=250
+CONTAINER_IMAGE=zerotier/http-test
+SCALE_UP_DELAY=10
+
+export PATH=/bin:/usr/bin:/usr/local/bin:/usr/sbin:/sbin
+
+pssh -h big-test-hosts -x '-t -t' -i -OUserKnownHostsFile=/dev/null -OStrictHostKeyChecking=no -t 0 -p 256 "sudo sysctl -w net.netfilter.nf_conntrack_max=262144 ; for ((n=0;n<$NUM_CONTAINERS;n++)); do sudo docker run --device=/dev/net/tun --privileged -d $CONTAINER_IMAGE; sleep $SCALE_UP_DELAY; done"
+
+exit 0
diff --git a/attic/big-http-test/crunch-results.js b/attic/big-http-test/crunch-results.js
new file mode 100644
index 0000000..50e5c49
--- /dev/null
+++ b/attic/big-http-test/crunch-results.js
@@ -0,0 +1,65 @@
+//
+// Pipe the output of server.js into this to convert raw test results into bracketed statistics
+// suitable for graphing.
+//
+
+// Time duration per statistical bracket
+var BRACKET_SIZE = 10000;
+
+// Number of bytes expected from each test
+var EXPECTED_BYTES = 5000;
+
+var readline = require('readline');
+var rl = readline.createInterface({
+	input: process.stdin,
+	output: process.stdout,
+	terminal: false
+});
+
+var count = 0.0;
+var overallCount = 0.0;
+var totalFailures = 0.0;
+var totalOverallFailures = 0.0;
+var totalMs = 0;
+var totalData = 0;
+var devices = {};
+var lastBracketTs = 0;
+
+rl.on('line',function(line) {
+	line = line.trim();
+	var ls = line.split(',');
+	if (ls.length == 7) {
+		var ts = parseInt(ls[0]);
+		var fromId = ls[1];
+		var toId = ls[2];
+		var ms = parseFloat(ls[3]);
+		var bytes = parseInt(ls[4]);
+		var timedOut = (ls[5] == 'true') ? true : false;
+		var errMsg = ls[6];
+
+		count += 1.0;
+		overallCount += 1.0;
+		if ((bytes !== EXPECTED_BYTES)||(timedOut)) {
+			totalFailures += 1.0;
+			totalOverallFailures += 1.0;
+		}
+		totalMs += ms;
+		totalData += bytes;
+
+		devices[fromId] = true;
+		devices[toId] = true;
+
+		if (lastBracketTs === 0)
+			lastBracketTs = ts;
+
+		if (((ts - lastBracketTs) >= BRACKET_SIZE)&&(count > 0.0)) {
+			console.log(count.toString()+','+overallCount.toString()+','+(totalMs / count)+','+(totalFailures / count)+','+(totalOverallFailures / overallCount)+','+totalData+','+Object.keys(devices).length);
+
+			count = 0.0;
+			totalFailures = 0.0;
+			totalMs = 0;
+			totalData = 0;
+			lastBracketTs = ts;
+		}
+	} // else ignore junk
+});
diff --git a/attic/big-http-test/docker-main.sh b/attic/big-http-test/docker-main.sh
new file mode 100755
index 0000000..29cdced
--- /dev/null
+++ b/attic/big-http-test/docker-main.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+export PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin
+
+/zerotier-one -d >>zerotier-one.out 2>&1
+
+# Wait for ZeroTier to start and join the network
+while [ ! -d "/proc/sys/net/ipv6/conf/zt0" ]; do
+	sleep 0.25
+done
+
+# Wait just a bit longer for stuff to settle
+sleep 5
+
+exec node --harmony /agent.js >>agent.out 2>&1
+#exec node --harmony /agent.js
diff --git a/attic/big-http-test/nodesource-el.repo b/attic/big-http-test/nodesource-el.repo
new file mode 100644
index 0000000..b785d3d
--- /dev/null
+++ b/attic/big-http-test/nodesource-el.repo
@@ -0,0 +1,6 @@
+[nodesource]
+name=Node.js Packages for Enterprise Linux 7 - $basearch
+baseurl=https://rpm.nodesource.com/pub_4.x/el/7/$basearch
+failovermethod=priority
+enabled=1
+gpgcheck=0
diff --git a/attic/big-http-test/package.json b/attic/big-http-test/package.json
new file mode 100644
index 0000000..173a6f9
--- /dev/null
+++ b/attic/big-http-test/package.json
@@ -0,0 +1,16 @@
+{
+  "name": "zerotier-test-http",
+  "version": "1.0.0",
+  "description": "ZeroTier in-network HTTP test",
+  "main": "agent.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "ZeroTier, Inc.",
+  "license": "GPL-3.0",
+  "dependencies": {
+    "async": "^1.5.0",
+    "express": "^4.13.3",
+    "ipaddr.js": "^1.0.3"
+  }
+}
diff --git a/attic/big-http-test/server.js b/attic/big-http-test/server.js
new file mode 100644
index 0000000..629784d
--- /dev/null
+++ b/attic/big-http-test/server.js
@@ -0,0 +1,53 @@
+// ZeroTier distributed HTTP test coordinator and result-reporting server
+
+// ---------------------------------------------------------------------------
+// Customizable parameters:
+
+var SERVER_PORT = 18080;
+
+// ---------------------------------------------------------------------------
+
+var fs = require('fs');
+
+var express = require('express');
+var app = express();
+
+app.use(function(req,res,next) {
+	req.rawBody = '';
+	req.on('data', function(chunk) { req.rawBody += chunk.toString(); });
+	req.on('end', function() { return next(); });
+});
+
+var knownAgents = {};
+
+app.post('/:agentId',function(req,res) {
+	var agentId = req.params.agentId;
+	if ((!agentId)||(agentId.length !== 32))
+		return res.status(404).send('');
+
+	if (req.rawBody) {
+		var receiveTime = Date.now();
+		var resultData = null;
+		try {
+			resultData = JSON.parse(req.rawBody);
+			console.log(Date.now().toString()+','+resultData.source+','+resultData.target+','+resultData.time+','+resultData.bytes+','+resultData.timedOut+',"'+((resultData.error) ? resultData.error : '')+'"');
+		} catch (e) {}
+	}
+
+	knownAgents[agentId] = true;
+	var thisUpdate = [];
+	var agents = Object.keys(knownAgents);
+	if (agents.length < 100)
+		thisUpdate = agents;
+	else {
+		for(var xx=0;xx<100;++xx)
+			thisUpdate.push(agents[Math.floor(Math.random() * agents.length)]);
+	}
+
+	return res.status(200).send(JSON.stringify(thisUpdate));
+});
+
+var expressServer = app.listen(SERVER_PORT,function () {
+	console.log('LISTENING ON '+SERVER_PORT);
+	console.log('');
+});
diff --git a/attic/historic/anode_protocol.txt b/attic/historic/anode_protocol.txt
new file mode 100644
index 0000000..0adb923
--- /dev/null
+++ b/attic/historic/anode_protocol.txt
@@ -0,0 +1,764 @@
+*****************************************************************************
+Anode Protocol Specification Draft
+Version 0.8
+
+(c)2009-2010 Adam Ierymenko
+*****************************************************************************
+
+Table of Contents
+
+*****************************************************************************
+
+1. Introduction
+
+Anode provides three components that work together to provide a global,
+secure, and mobile addressing system for computer networks:
+
+1) An addressing system based on public key cryptography enabling network
+   devices or applications to assign themselves secure, unique, and globally
+   reachable network addresses in a flat address space.
+
+2) A system enabling network participants holding global addresses to locate
+   one another on local or global networks with "zero configuration."
+
+3) A communications protocol for communication between addressed network
+   participants that requires no special operating system support and no
+   changes to existing network infrastructure.
+
+Using Anode, both fixed and mobile applications and devices can communicate
+directly as if they were all connected to the same VPN. Anode restores the
+original vision of the Internet as a "flat" network where anything can talk
+to anything, and adds the added benefits of address mobility and strong
+protection against address spoofing and other protocol level attacks.
+
+1.1. Design Philosophy
+
+Anode's design philosophy is the classical "KISS" principle: "Keep It Simple
+Stupid." Anode's design principles are:
+
+#1: Do not try to solve too many problems at once, and stay in scope.
+
+Anode does not attempt to solve too many problems at once. It attempts to
+solve the problems of mobile addressing, address portability, and "flat"
+addressing in the presence of NAT or other barriers.
+
+It does not attempt to duplicate the full functionality of SSL, X.509, SSH,
+XMPP, an enterprise service bus, a pub/sub architecture, BitTorrent, etc. All
+of those protocols and services can be used over Anode if their functionality
+is desired.
+
+#2: Avoid state management.
+
+State multiplies the complexity and failure modes of network protocols. State
+also tends to get in the way of the achievement of new features implicitly
+(see principle #4). Avoid state whenever possible.
+
+#3: Avoid algorithm and dependency bloat.
+
+Anode uses only elliptic curve Diffie-Hellman (EC-DH) and AES-256. No other
+cryptographic algorithms or hash functions are presently necessary. This
+yields implementations compact enough for embedded devices.
+
+Anode also requires few or no dependencies, depending on whether the two
+needed cryptographic algorithms are obtained through a library or included.
+No other protocols or libraries are required in an implementation.
+
+#4: Achieve features implicitly.
+
+Use a simple stateless design that allows features to be achieved implicitly
+rather than specified explicitly. For example, Anode can do multi-homing and
+could be used to build a mesh network, but neither of these features is
+explicitly specified.
+
+*****************************************************************************
+
+2. Core Concepts and Algorithms
+
+This section describes addresses, zones, common algorithms, and other core
+concepts.
+
+2.1. Zones
+
+A zone is a 32-bit integer encoded into every Anode address. Zones serve to
+assist in the location of peers by address on global IP networks. They are
+not presently significant for local communications, though they could be
+used to partition addresses into groups or link them with configuration
+options.
+
+Each zone has a corresponding zone file which can be fetched in a number of
+ways (see below). A zone file is a flat text format dictionary of the format
+"key=value" separated by carriage returns. Line feeds are ignored, and any
+character may be escaped with a backslash (\) character. Blank lines are
+ignored.
+
+The following entries must appear in a zone file:
+
+n=<zone name>
+d=<zone description>
+c=<zone contact, e-mail address of zone administrator>
+r=<zone revision, monotonically increasing integer with each edit>
+ttl=<seconds before zone file should be re-checked for changes>
+
+Additional fields may appear as well, including fields specific to special
+applications or protocols supported within the zone. Some of these are
+defined in this document.
+
+Zone file fetching mechanisms are described below. Multiple mechanisms are
+specified to enable fallback in the event that one mechanism is not available.
+
+2.1.1. Zone File Retrieval
+
+Zone files are retrieved via HTTP, with the HTTP address being formed in one
+of two ways.
+
+The preferred DNS method:
+
+To fetch a zone file via DNS, use the zone ID to generate a host name and URI
+of the form:
+
+  http://a--XXXXXXXX.net/z
+
+The XXXXXXXX field is the zone ID in hexadecimal.
+
+The fallback IP method:
+
+For fallback in the absence of DNS, the zone ID can be used directly as an
+IPv4 or IPv4-mapped-to-IPv6 IP address. A URI is generated of the form:
+
+  http://ip_address/z
+
+Support for this method requires that a zone ID be chosen to correspond to a
+permanent IPv4 (preferably mappable to IPv6 space as well) IP address.
+
+2.1.2. Zone ID Reservation
+
+By convention, a zone ID is considered reserved when a domain of the form
+"a--XXXXXXXX.net" (where XXXXXXXX is the ID in hex) is registered.
+
+It is recommended that this be done even for zone IDs not used for global
+address location in order to globally reserve them.
+
+2.2. Addresses
+
+Anode addresses are binary strings containing a 32-bit zone ID, a public key,
+and possibly other fields. Only one address type is presently defined:
+
+|---------------------------------------------------------------------------|
+| Name         | Type ID | Elliptic Curve Parameters         | Total Length |
+|---------------------------------------------------------------------------|
+| ANODE-256-40 | 1       | NIST-P-256                        | 40           |
+|---------------------------------------------------------------------------|
+
+|---------------------------------------------------------------------------|
+| Name         | Binary Layout                                              |
+|---------------------------------------------------------------------------|
+| ANODE-256-40 | <type[1]><zone[4]><unused[2]><public key[33]>              |
+|---------------------------------------------------------------------------|
+
+The public key is a "compressed" form elliptic curve public key as described
+in RFC5480.
+
+The unused section of the address must be zero. These bytes are reserved for
+future use.
+
+2.2.1. ASCII Format For Addresses
+
+Addresses are encoded in ASCII using base-32, which provides a quotable and
+printable encoding that is of manageable length and is case-insensitive. For
+example, an ANODE-256-40 address is 64 characters long in base-32 encoding.
+
+2.3. Relaying
+
+An Anode peer may optionally relay packets to any other reachable peer.
+Relaying is accomplished by sending a packet to a peer with the recipient set
+to the final recipient. The receiving peer will, if relaying is allowed and if
+it knows of or can reach the recipient, forward the packet.
+
+No error is returned if relaying fails, so relay paths are treated as possible
+paths for communication until a return is received in the same way as direct
+paths.
+
+Relaying can be used by peers to send messages indirectly, locate one
+another, and determine network location information to facilitate the
+establishment of direct communications.
+
+Peers may refuse to relay or may limit the transmission rate at which packets
+can be relayed.
+
+2.3.1. Zone Relays
+
+If a zone's addresses are globally reachable on global IP networks, it must
+have one or more zone relays. These must have globally reachable public
+static IP addresses.
+
+Zone relays are specified in the zone file in the following format:
+
+  zr.<address checksum>=<ip>[,<ip>]:<udp port>:<tcp port>:<anode addresses>
+
+The address checksum is the sum of the bytes in the Anode address modulus
+the number of "zr" entries, in hexadecimal. For example, if a zone had four
+global relays its zone file could contain the lines:
+
+  zr.0=1.2.3.4:4343:4344:klj4j3...
+  zr.1=2.3.4.5:4343:4344:00194j...
+  zr.2=3.4.5.6:4343:4344:1j42zz...
+  zr.3=4.5.6.7:4343:4344:z94j1q...
+
+The relay would be chosen by taking the sum of the bytes in the address
+modulo 4. For example, if the bytes of an address sum to 5081 then relay
+zr.1 would be used to communicate with that address.
+
+If more than one IP address is listed for a given relay, the peer must choose
+at random from among the addresses of the desired type (IPv4 or IPv6).
+
+Each relay must have one Anode address for every address type supported within
+the zone. (At present there is only one address type defined.)
+
+Peers should prefer UDP and fall back to TCP only if UDP is not available.
+
+To make itself available, a peer must make itself known to its designated zone
+relay. This is accomplished by sending a PING message.
+
+2.4. Key Agreement and Derivation
+
+Key agreement is performed using elliptic curve Diffie-Hellman. This yields
+a raw key whose size depends on the elliptic curve parameters in use.
+
+The following algorithm is used to derive a key of any length from a raw
+key generated through key agreement:
+
+1) Zero the derived key buffer.
+2) Determine the largest of the original raw key or the derived key.
+3) Loop from 0 to the largest length determined in step 2, XOR each byte of
+   the derived key buffer with the corresponding byte of the original key
+   buffer with each index being modulus the length of the respective buffer.
+
+2.5. Message Authentication
+
+For message authentication, CMAC-AES (with AES-256) is used. This is also
+known in some literature as OMAC1-AES. The key is derived from key agreement
+between the key pair of the sending peer and the address of the recipient.
+
+2.6. AES-DIGEST
+
+To maintain cryptographic algorithm frugality, a cryptographic hash function
+is constructed from the AES-256 cipher. This hash function uses the common
+Davis-Meyer construction with Merkle-Damgård length padding.
+
+It is described by the following pseudocode:
+
+  byte previous_digest[16] 
+  byte digest[16] = { 0,0,... } 
+  byte block[32] = { 0,0,... } 
+  integer block_counter = 0 
+
+  ; digest message 
+  for each byte b of message 
+    block[block_counter] = b 
+    block_counter = block_counter + 1 
+    if block_counter == 32 then 
+      block_counter = 0 
+      save digest[] in previous_digest[] 
+      encrypt digest[] with aes-256 using block[] as 256-bit aes-256 key 
+      xor digest[] with previous_digest[] 
+    end if 
+  next 
+
+  ; append end marker, do final block 
+  block[block_counter] = 0x80 
+  block_counter = block_counter + 1 
+  zero rest of block[] from block_counter to 15 
+  save digest[] in previous_digest[] 
+  encrypt digest[] with aes-256 using block[] as 256-bit aes-256 key 
+  xor digest[] with previous_digest[] 
+
+  ; Merkle-Damgård length padding 
+  zero first 8 bytes of block[] 
+  fill last 8 bytes of block[] w/64-bit length in big-endian order 
+  save digest[] in previous_digest[] 
+  encrypt digest[] with aes-256 using block[] as 256-bit aes-128 key 
+  xor digest[] with previous_digest[] 
+
+  ; digest[] now contains 128-bit message digest 
+
+2.7. Short Address Identifiers (Address IDs)
+
+A short 8-byte version of the Anode address is used in the protocol to reduce
+transmission overhead when both sides are already aware of the other's full
+address.
+
+The short address identifier is formed by computing the AES-DIGEST of the
+full address and then XORing the first 8 bytes of the digest with the last
+8 bytes to yield an 8-byte shortened digest.
+
+2.8. DNS Resolution of Anode Addresses
+
+Anode addresses can be saved in DNS TXT records in the following format:
+
+anode:<address in base32 ASCII encoding>
+
+This permits Anode addresses to be resolved from normal DNS host name.
+
+2.9. Packet Transmission Mechanisms
+
+2.9.1. UDP Transmission
+
+The recommended method of sending Anode packets is UDP. Each packet is simply
+sent as a UDP packet.
+
+2.9.2. TCP Transmission
+
+To send packets over TCP, each packet is prefixed by its size as a 16-bit
+integer.
+
+2.9.3. HTTP Transmission
+
+Anode packets may be submitted in HTTP POST transactions for transport over
+networks where HTTP is the only available protocol.
+
+Anode packets are simply prefixed with a 16-byte packet size and concatenated
+together just as they are in a TCP stream. One or more packets may be sent
+with each HTTP POST transaction for improved performance.
+
+Since this method is intended for use in "hostile" or highly restricted
+circumstances, no additional details such as special headers or MIME types
+are specified to allow maximum flexibility. Peers should ignore anything
+other than the payload.
+
+2.10. Endpoints
+
+An endpoint indicates a place where Anode packets may be sent. The following
+endpoint types are specified:
+
+|---------------------------------------------------------------------------|
+| Endpoint Type | Description   | Address Format                            |
+|---------------------------------------------------------------------------|
+| 0x00          | Unspecified   | (none)                                    |
+| 0x01          | Ethernet      | <mac[6]>                                  |
+| 0x02          | UDP/IPv4      | <ip[4]><port[2]>                          |
+| 0x03          | TCP/IPv4      | <ip[4]><port[2]>                          |
+| 0x04          | UDP/IPv6      | <ip[16]><port[2]>                         |
+| 0x05          | TCP/IPv6      | <ip[16]><port[2]>                         |
+| 0x06          | HTTP          | <null-terminated full URI>                |
+|---------------------------------------------------------------------------|
+
+Endpoints are encoded by beginning with a single byte indicating the endpoint
+type followed by the address information required for the given type.
+
+Note that IP ports bear no relationship to Anode protocol ports.
+
+2.11. Notes
+
+All integers in the protocol are transmitted in network (big endian) byte
+order.
+
+*****************************************************************************
+
+3. Common Packet Format
+
+A common header is used for all Anode packets:
+
+|---------------------------------------------------------------------------|
+| Field                    | Length | Description                           |
+|---------------------------------------------------------------------------|
+| Hop Count                | 1      | 8-bit hop count (not included in MAC) |
+| Flags                    | 1      | 8-bit flags                           |
+| MAC                      | 8      | 8 byte shortened CMAC-AES of packet   |
+| Sender Address           | ?      | Full address or short ID of sender    |
+| Recipient Address        | ?      | Full address or short ID of recipient |
+| Peer IDs                 | 1      | Two 4-bit peer IDs: sender, recipient |
+| Message Type             | 1      | 8-bit message type                    |
+| Message                  | ?      | Message payload                       |
+|---------------------------------------------------------------------------|
+
+3.1. Hop Count
+
+The hop count begins at zero and must be incremented by each peer that relays
+the packet to another peer. The hop count must not wrap to zero at 255.
+
+Because the hop count is modified in transit, it is not included in MAC
+calculation or authentication.
+
+The hop count is used to prioritize endpoints that are direct over endpoints
+that involve relaying, or to prioritize closer routes over more distant
+ones.
+
+3.2. Flags and Flag Behavior
+
+|---------------------------------------------------------------------------|
+| Flag  | Description                                                       |
+|---------------------------------------------------------------------------|
+| 0x01  | Sender address fully specified                                    |
+| 0x02  | Recipient address fully specified                                 |
+| 0x04  | Authentication error response                                     |
+|---------------------------------------------------------------------------|
+
+If flag 0x01 is set, then the sender address will be the full address rather
+than a short address identifier. The length of the address can be determined
+from the first byte of the address, which always specifies the address type.
+Flag 0x02 has the same meaning for the recipient address.
+
+A peer must send fully specified sender addresses until it receives a response
+from the recipient. At this point the sender may assume that the recipient
+knows its address and use short a short sender address instead. This
+assumption should time out, with a recommended timeout of 60 seconds.
+
+There is presently no need to send fully specified recipient addresses, but
+the flag is present in case it is needed and must be honored.
+
+Flag 0x04 indicates that this is an error response containing a failed
+authentication error. Since authentication failed, this packet may not have
+a valid MAC. Packets with this flag must never have any effect other than
+to inform of an error. This error, since it is unauthenticated, must never
+have any side effects such as terminating a connection.
+
+3.3. MAC
+
+The MAC is calculated as follows:
+
+1) Temporarily set the 64-bit/8-byte MAC field in the packet to the packet's
+   size as a 64-bit big-endian integer.
+2) Calculate the MAC for the entire packet (excluding the first byte) using
+   the key agreed upon between the sender and the recipient, resulting in a
+   16 byte full CMAC-AES MAC.
+3) Derive the 8 byte packet MAC by XORing the first 8 bytes of the full 16
+   byte CMAC-AES MAC with the last 8 bytes. Place this into the packet's MAC
+   field.
+
+3.4. Peer IDs
+
+Peer IDs provide a method for up to 15 different peers to share an address,
+each with a unique ID allowing packets to be routed to them individually.
+
+A peer ID of zero indicates "any" or "unspecified." Real peers must have a
+nonzero peer ID. In the normal single peer per address case, any peer ID may
+be used. If multiple peers are to share an address, some implementation-
+dependent method must be used to ensure that each peer has a unique peer ID.
+
+Relaying peers must follow these rules based on the recipient peer ID when
+relaying messages:
+
+ - IF the peer ID is zero or if the peer ID is not known, the message must
+   be forwarded to a random endpoint for the given recipient address.
+ - IF the peer ID is nonzero and matches one or more known endpoints for the
+   given recipient address and peer ID, the message must only be sent to
+   a matching endpoint.
+
+A receiving peer should process any message that it receives regardless of
+whether its recipient peer ID is correct. The peer ID is primarily for relays.
+
+Peers should typically send messages with a nonzero recipient peer ID when
+responding to or involved in a conversation with a specific peer (e.g. a
+streaming connection), and send zero recipient peer IDs otherwise.
+
+3.5. Short Address Conflict Disambiguation
+
+In the unlikely event of two Anode addresses with the same short identifier,
+the recipient should use MAC validation to disambiguate. The peer ID must not
+be relied upon for this purpose.
+
+*****************************************************************************
+
+4. Basic Signaling and Transport Protocol
+
+4.1. Message Types
+
+|---------------------------------------------------------------------------|
+| Type        | ID   | Description                                          |
+|---------------------------------------------------------------------------|
+| ERROR       | 0x00 | Error response                                       |
+| PING        | 0x01 | Echo request                                         |
+| PONG        | 0x02 | Echo response                                        |
+| EPC_REQ     | 0x03 | Endpoint check request                               |
+| EPC         | 0x04 | Endpoint check response                              |
+| EPI         | 0x05 | Endpoint information                                 |
+| NAT_T       | 0x06 | NAT traversal message                                |
+| NETID_REQ   | 0x07 | Request network address identification and/or test   |
+| NETID       | 0x08 | Response to network address identification request   |
+| DGRAM       | 0x09 | Simple UDP-like datagram                             |
+|---------------------------------------------------------------------------|
+
+4.2. Message Details
+
+4.2.1. ERROR
+
+|---------------------------------------------------------------------------|
+| Field             | Length | Description                                  |
+|---------------------------------------------------------------------------|
+| Error Code        | 2      | 16-bit error code                            |
+| Error Arguments   | ?      | Error arguments, depending on error type     |
+|---------------------------------------------------------------------------|
+
+Error arguments are empty unless otherwise stated below.
+
+Error codes:
+
+|---------------------------------------------------------------------------|
+| Error Code | Description                                                  |
+|---------------------------------------------------------------------------|
+| 0x01       | Message not valid                                            |
+| 0x02       | Message authentication or decryption failed                  |
+| 0x03       | Relaying and related features not authorized                 |
+| 0x04       | Relay recipient not reachable                                |
+|---------------------------------------------------------------------------|
+
+Generation of errors is optional. A peer may choose to ignore invalid
+messages or to throttle the sending of errors.
+
+4.2.2. PING
+
+(Payload unspecified.)
+
+Request echo of payload as PONG message.
+
+4.2.3. PONG
+
+(Payload unspecified.)
+
+Echoed payload of received PING message.
+
+4.2.4. EPC_REQ
+
+|---------------------------------------------------------------------------|
+| Field             | Length | Description                                  |
+|---------------------------------------------------------------------------|
+| Request ID        | 4      | 32-bit request ID                            |
+|---------------------------------------------------------------------------|
+
+Request echo of request ID in EPC message, used to check and learn endpoints.
+
+To learn a network endpoint for a peer, CHECK_REQ is sent. If CHECK is
+returned with a valid request ID, the endpoint is considered valid.
+
+4.2.5. EPC
+
+|---------------------------------------------------------------------------|
+| Field             | Length | Description                                  |
+|---------------------------------------------------------------------------|
+| Request ID        | 4      | 32-bit request ID echoed back                |
+|---------------------------------------------------------------------------|
+
+Response to EPC_REQ containing request ID.
+
+4.2.6. EPI
+
+|---------------------------------------------------------------------------|
+| Field             | Length | Description                                  |
+|---------------------------------------------------------------------------|
+| Flags             | 1      | 8-bit flags                                  |
+| Endpoint          | ?      | Endpoint type and address                    |
+| NAT-T mode        | 1      | 8-bit NAT traversal mode                     |
+| NAT-T options     | ?      | Options related to specified NAT-T mode      |
+|---------------------------------------------------------------------------|
+
+EPI stands for EndPoint Identification, and is sent to notify another peer of
+a network endpoint where the sending peer is reachable.
+
+If the receiving peer is interested in communicating with the sending peer,
+the receiving peer must send EPC_REQ to the sending peer at the specified
+endpoint to check the validity of that endpoint. The endpoint is learned if a
+valid EPC is returned.
+
+If the endpoint in EPI is unspecified, the actual source of the EPI message
+is the endpoint. This allows EPI messages to be broadcast on a local LAN
+segment to advertise the presence of an address on a local network. EPI
+broadcasts on local IP networks must be made to UDP port 8737.
+
+Usually EPI is sent via relays (usually zone relays) to inform a peer of an
+endpoint for direct communication.
+
+There are presently no flags, so flags must be zero.
+
+4.2.7. NAT_T
+
+|---------------------------------------------------------------------------|
+| Field             | Length | Description                                  |
+|---------------------------------------------------------------------------|
+| NAT-T mode        | 1      | 8-bit NAT traversal mode                     |
+| NAT-T options     | ?      | Options related to specified NAT-T mode      |
+|---------------------------------------------------------------------------|
+
+NAT_T is used to send messages specific to certain NAT traversal modes.
+
+4.2.8. NETID_REQ
+
+|---------------------------------------------------------------------------|
+| Field             | Length | Description                                  |
+|---------------------------------------------------------------------------|
+| Request ID        | 4      | 32-bit request ID                            |
+| Endpoint          | ?      | Endpoint type and address information        |
+|---------------------------------------------------------------------------|
+
+When a NETID_REQ message is received, the recipient attempts to echo it back
+as a NETID message to the specified endpoint address. If the endpoint is
+unspecified, the recipient must fill it in with the actual origin of the
+NETID_REQ message. This allows a peer to cooperate with another peer (usually
+a zone relay) to empirically determine its externally visible network
+address information.
+
+A peer may ignore NETID_REQ or respond with an error if it does not allow
+relaying.
+
+4.2.9. NETID
+
+|---------------------------------------------------------------------------|
+| Field             | Length | Description                                  |
+|---------------------------------------------------------------------------|
+| Request ID        | 4      | 32-bit request ID echoed back                |
+| Endpoint Type     | 1      | 8-bit endpoint type                          |
+| Endpoint Address  | ?      | Endpoint Address (size depends on type)      |
+|---------------------------------------------------------------------------|
+
+NETID is sent in response to NETID_REQ to the specified endpoint address. It
+always contains the endpoint address to which it was sent.
+
+4.2.10. DGRAM
+
+|---------------------------------------------------------------------------|
+| Field             | Length | Description                                  |
+|---------------------------------------------------------------------------|
+| Source Port       | 2      | 16-bit source port                           |
+| Destination Port  | 2      | 16-bit destination port                      |
+| Payload           | ?      | Datagram packet payload                      |
+|---------------------------------------------------------------------------|
+
+A datagram is a UDP-like message without flow control or delivery assurance.
+
+*****************************************************************************
+
+5. Stream Protocol
+
+The stream protocol is very similar to TCP, though it omits some features
+that are not required since they are taken care of by the encapsulating
+protocol. SCTP was also an inspiration in the design.
+
+5.1. Message Types
+
+|---------------------------------------------------------------------------|
+| Type      | ID | Description                                              |
+|---------------------------------------------------------------------------|
+| S_OPEN    | 20 | Initiate a streaming connection (like TCP SYN)           |
+| S_CLOSE   | 21 | Terminate a streaming connection (like TCP RST/FIN)      |
+| S_DATA    | 22 | Data packet                                              |
+| S_ACK     | 23 | Acknowedge receipt of one or more data packets           |
+| S_DACK    | 24 | Combination of DATA and ACK                              |
+|---------------------------------------------------------------------------|
+
+5.2. Message Details
+
+5.2.1. S_OPEN
+
+|---------------------------------------------------------------------------|
+| Field             | Length | Description                                  |
+|---------------------------------------------------------------------------|
+| Sender Link ID    | 2      | 16-bit sender link ID                        |
+| Destination Port  | 2      | 16-bit destination port                      |
+| Window Size       | 2      | 16-bit window size in 1024-byte increments   |
+| Init. Seq. Number | 4      | 32-bit initial sequence number               |
+| Flags             | 1      | 8-bit flags                                  |
+|---------------------------------------------------------------------------|
+
+The OPEN message corresponds to TCP SYN, and initiates a connection. It
+specifies the initial window size for the sender and the sender's initial
+sequence number, which should be randomly chosen to prevent replay attacks.
+
+If OPEN is successful, the recipient sends its own OPEN to establish the
+connetion. If OPEN is unsuccessful, CLOSE is sent with its initial and current
+sequence numbers equal and an appropriate reason such as "connection refused."
+
+The sender link ID must be unique for a given recipient.
+
+If flag 01 is set, the sender link ID is actually a source port where the
+sender might be listening for connections as well. This exactly duplicates
+the behavior of standard TCP. Otherwise, the sender link ID is simply an
+arbitrary number that the sender uses to identify the connection with this
+recipient and there is no port of origin. Ports of origin are optional for
+Anode streaming connections to permit greater scalability.
+
+5.2.2. S_CLOSE
+
+|---------------------------------------------------------------------------|
+| Field             | Length | Description                                  |
+|---------------------------------------------------------------------------|
+| Sender Link ID    | 2      | 16-bit sender link ID                        |
+| Destination Port  | 2      | 16-bit destination port                      |
+| Flags             | 1      | 8-bit flags                                  |
+| Reason            | 1      | 8-bit close reason                           |
+| Init. Seq. Number | 4      | 32-bit initial sequence number               |
+| Sequence Number   | 4      | 32-bit current sequence number               |
+|---------------------------------------------------------------------------|
+
+The CLOSE message serves a function similar to TCP FIN. The initial sequence
+number is the original starting sequence number sent with S_OPEN, while the
+current sequence number is the sequence number corresponding to the close
+and must be ACKed to complete the close operation. The use of the initial
+sequence number helps to serve as a key to prevent replay attacks.
+
+CLOSE is also used to indicate a failed OPEN attempt. In this case the current
+sequence number will be equal to the initial sequence number and no ACK will
+be expected.
+
+There are currently no flags, so flags must be zero.
+
+The reason field describes the reason for the close:
+
+|---------------------------------------------------------------------------|
+| Reason Code | Description                                                 |
+|---------------------------------------------------------------------------|
+| 00          | Application closed connection                               |
+| 01          | Connection refused                                          |
+| 02          | Protocol error                                              |
+| 03          | Timed out                                                   |
+|---------------------------------------------------------------------------|
+
+Established connections will usually be closed with reason 00, while reason
+01 is usually provided if an OPEN is received but the port is not bound.
+
+5.2.3. S_DATA
+
+|---------------------------------------------------------------------------|
+| Field             | Length | Description                                  |
+|---------------------------------------------------------------------------|
+| Sender Link ID    | 2      | 16-bit sender link ID                        |
+| Destination Port  | 2      | 16-bit destination port                      |
+| Sequence Number   | 4      | 32-bit sequence number                       |
+| Payload           | ?      | Data payload                                 |
+|---------------------------------------------------------------------------|
+
+The DATA message carries a packet of data, with the sequence number
+determining order. The sequence number is monotonically incremented with
+each data packet, and wraps at the maximum value of an unsigned 32-bit
+integer.
+
+5.2.4. S_ACK
+
+|---------------------------------------------------------------------------|
+| Field             | Length | Description                                  |
+|---------------------------------------------------------------------------|
+| Sender Link ID    | 2      | 16-bit sender link ID                        |
+| Destination Port  | 2      | 16-bit destination port                      |
+| Window Size       | 2      | 16-bit window size in 1024-byte increments   |
+| Acknowledgements  | ?      | One or more acknowledgements (see below)     |
+|---------------------------------------------------------------------------|
+
+Each acknowledgement is a 32-bit integer followed by an 8-bit integer (5 bytes
+total). The 32-bit integer is the first sequence number to acknowledge, and
+the 8-bit integer is the number of sequential following sequence numbers to
+acknowledge. For example "1, 4" would acknowledge sequence numbers 1, 2, 3,
+and 4.
+
+5.2.5. S_DACK
+
+|---------------------------------------------------------------------------|
+| Field             | Length | Description                                  |
+|---------------------------------------------------------------------------|
+| Sender Link ID    | 2      | 16-bit sender link ID                        |
+| Destination Port  | 2      | 16-bit destination port                      |
+| Window Size       | 2      | 16-bit window size in 1024-byte increments   |
+| Num. Acks         | 1      | 8-bit number of acknowledgements             |
+| Acknowledgements  | ?      | One or more acknowledgements                 |
+| Payload           | ?      | Data payload                                 |
+|---------------------------------------------------------------------------|
+
+The DACK message combines ACK and DATA, allowing two peers that are both
+transmitting data to efficiently ACK without a separate packet.
diff --git a/attic/old-linux-installer/buildinstaller.sh b/attic/old-linux-installer/buildinstaller.sh
new file mode 100755
index 0000000..21f2f73
--- /dev/null
+++ b/attic/old-linux-installer/buildinstaller.sh
@@ -0,0 +1,134 @@
+#!/bin/bash
+
+# This script builds the installer for *nix systems. Windows must do everything
+# completely differently, as usual.
+
+export PATH=/bin:/usr/bin:/sbin:/usr/sbin
+
+if [ ! -f zerotier-one ]; then
+	echo "Could not find 'zerotier-one' binary, please build before running this script."
+	exit 2
+fi
+
+machine=`uname -m`
+system=`uname -s`
+
+vmajor=`cat version.h | grep -F ZEROTIER_ONE_VERSION_MAJOR | cut -d ' ' -f 3`
+vminor=`cat version.h | grep -F ZEROTIER_ONE_VERSION_MINOR | cut -d ' ' -f 3`
+revision=`cat version.h | grep -F ZEROTIER_ONE_VERSION_REVISION | cut -d ' ' -f 3`
+
+if [ -z "$vmajor" -o -z "$vminor" -o -z "$revision" ]; then
+	echo "Unable to extract version info from version.h, aborting installer build."
+	exit 2
+fi
+
+rm -rf build-installer
+mkdir build-installer
+
+case "$system" in
+
+	Linux)
+		# Canonicalize $machine for some architectures... we use x86
+		# and x64 for Intel stuff. ARM and others should be fine if
+		# we ever ship officially for those.
+		debian_arch=$machine
+		case "$machine" in
+			i386|i486|i586|i686)
+				machine="x86"
+				debian_arch="i386"
+				;;
+			x86_64|amd64|x64)
+				machine="x64"
+				debian_arch="amd64"
+				;;
+			armv6l|arm|armhf|arm7l|armv7l)
+				machine="armv6l"
+				debian_arch="armhf"
+				;;
+		esac
+
+		echo "Assembling Linux installer for $machine and version $vmajor.$vminor.$revision"
+
+		mkdir -p 'build-installer/var/lib/zerotier-one/ui'
+		cp -fp 'ext/installfiles/linux/uninstall.sh' 'build-installer/var/lib/zerotier-one'
+		cp -fp 'zerotier-one' 'build-installer/var/lib/zerotier-one'
+		for f in ui/*.html ui/*.js ui/*.css ui/*.jsx ; do
+			cp -fp "$f" 'build-installer/var/lib/zerotier-one/ui'
+		done
+		mkdir -p 'build-installer/tmp'
+		cp -fp 'ext/installfiles/linux/init.d/zerotier-one' 'build-installer/tmp/init.d_zerotier-one'
+		cp -fp 'ext/installfiles/linux/systemd/zerotier-one.service' 'build-installer/tmp/systemd_zerotier-one.service'
+
+		targ="ZeroTierOneInstaller-linux-${machine}-${vmajor}_${vminor}_${revision}"
+		# Use gzip in Linux since some minimal Linux systems do not have bunzip2
+		rm -f build-installer-tmp.tar.gz
+		cd build-installer
+		tar -cf - * | gzip -9 >../build-installer-tmp.tar.gz
+		cd ..
+		rm -f $targ
+		cat ext/installfiles/linux/install.tmpl.sh build-installer-tmp.tar.gz >$targ
+		chmod 0755 $targ
+		rm -f build-installer-tmp.tar.gz
+		ls -l $targ
+
+		if [ -f /usr/bin/dpkg-deb -a "$UID" -eq 0 ]; then
+			echo
+			echo Found dpkg-deb and you are root, trying to build Debian package.
+
+			rm -rf build-installer-deb
+
+			debbase="build-installer-deb/zerotier-one_${vmajor}.${vminor}.${revision}_$debian_arch"
+			debfolder="${debbase}/DEBIAN"
+			mkdir -p $debfolder
+
+			cat 'ext/installfiles/linux/DEBIAN/control.in' | sed "s/__VERSION__/${vmajor}.${vminor}.${revision}/" | sed "s/__ARCH__/${debian_arch}/" >$debfolder/control
+			cat $debfolder/control
+			cp -f 'ext/installfiles/linux/DEBIAN/conffiles' "${debfolder}/conffiles"
+
+			mkdir -p "${debbase}/var/lib/zerotier-one/updates.d"
+			cp -f $targ "${debbase}/var/lib/zerotier-one/updates.d"
+
+			rm -f "${debfolder}/postinst" "${debfolder}/prerm"
+
+			echo '#!/bin/bash' >${debfolder}/postinst
+			echo "/var/lib/zerotier-one/updates.d/${targ} >>/dev/null 2>&1" >>${debfolder}/postinst
+			echo "/bin/rm -f /var/lib/zerotier-one/updates.d/*" >>${debfolder}/postinst
+			chmod a+x ${debfolder}/postinst
+
+			echo '#!/bin/bash' >${debfolder}/prerm
+			echo 'export PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin' >>${debfolder}/prerm
+			echo 'if [ "$1" != "upgrade" ]; then' >>${debfolder}/prerm
+			echo '	/var/lib/zerotier-one/uninstall.sh >>/dev/null 2>&1' >>${debfolder}/prerm
+			echo 'fi' >>${debfolder}/prerm
+			chmod a+x ${debfolder}/prerm
+
+			dpkg-deb --build $debbase
+
+			mv -f build-installer-deb/*.deb .
+			rm -rf build-installer-deb
+		fi
+
+		if [ -f /usr/bin/rpmbuild ]; then
+			echo
+			echo Found rpmbuild, trying to build RedHat/CentOS package.
+
+			rm -f /tmp/zerotier-one.spec
+			curr_dir=`pwd`
+			cat ext/installfiles/linux/RPM/zerotier-one.spec.in | sed "s/__VERSION__/${vmajor}.${vminor}.${revision}/g" | sed "s/__INSTALLER__/${targ}/g" >/tmp/zerotier-one.spec
+
+			rpmbuild -ba /tmp/zerotier-one.spec
+
+			rm -f /tmp/zerotier-one.spec
+		fi
+
+		;;
+
+	*)
+		echo "Unsupported platform: $system"
+		exit 2
+
+esac
+
+rm -rf build-installer
+
+exit 0
diff --git a/attic/old-linux-installer/install.tmpl.sh b/attic/old-linux-installer/install.tmpl.sh
new file mode 100644
index 0000000..2d18d24
--- /dev/null
+++ b/attic/old-linux-installer/install.tmpl.sh
@@ -0,0 +1,182 @@
+#!/bin/bash
+
+export PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin
+shopt -s expand_aliases
+
+dryRun=0
+
+echo "*** ZeroTier One install/update ***"
+echo
+
+if [ "$UID" -ne 0 ]; then
+	echo "Not running as root so doing dry run (no modifications to system)..."
+	dryRun=1
+fi
+
+if [ $dryRun -gt 0 ]; then
+	alias ln="echo '>> ln'"
+	alias rm="echo '>> rm'"
+	alias mv="echo '>> mv'"
+	alias cp="echo '>> cp'"
+	alias chown="echo '>> chown'"
+	alias chgrp="echo '>> chgrp'"
+	alias chmod="echo '>> chmod'"
+	alias chkconfig="echo '>> chkconfig'"
+	alias zerotier-cli="echo '>> zerotier-cli'"
+	alias service="echo '>> service'"
+	alias systemctl="echo '>> systemctl'"
+fi
+
+scriptPath="`dirname "$0"`/`basename "$0"`"
+if [ ! -r "$scriptPath" ]; then
+	scriptPath="$0"
+	if [ ! -r "$scriptPath" ]; then
+		echo "Installer cannot determine its own path; $scriptPath is not readable."
+		exit 2
+	fi
+fi
+
+# Check for systemd vs. old school SysV init
+SYSTEMDUNITDIR=
+if [ -e /bin/systemctl -o -e /usr/bin/systemctl -o -e /usr/local/bin/systemctl -o -e /sbin/systemctl -o -e /usr/sbin/systemctl ]; then
+	# Second check: test if systemd appears to actually be running. Apparently Ubuntu
+	# thought it was a good idea to ship with systemd installed but not used. Issue #133
+	if [ -d /var/run/systemd/system -o -d /run/systemd/system ]; then
+		if [ -e /usr/bin/pkg-config ]; then
+			SYSTEMDUNITDIR=`/usr/bin/pkg-config systemd --variable=systemdsystemunitdir`
+		fi
+		if [ -z "$SYSTEMDUNITDIR" -o ! -d "$SYSTEMDUNITDIR" ]; then
+			if [ -d /usr/lib/systemd/system ]; then
+				SYSTEMDUNITDIR=/usr/lib/systemd/system
+			fi
+			if [ -d /etc/systemd/system ]; then
+				SYSTEMDUNITDIR=/etc/systemd/system
+			fi
+		fi
+	fi
+fi
+
+# Find the end of this script, which is where we have appended binary data.
+endMarkerIndex=`grep -a -b -E '^################' "$scriptPath" | head -c 16 | cut -d : -f 1`
+if [ "$endMarkerIndex" -le 100 ]; then
+	echo 'Internal error: unable to find end of script / start of binary data marker.'
+	exit 2
+fi
+blobStart=`expr $endMarkerIndex + 17`
+if [ "$blobStart" -le "$endMarkerIndex" ]; then
+	echo 'Internal error: unable to find end of script / start of binary data marker.'
+	exit 2
+fi
+
+echo -n 'Getting version of existing install... '
+origVersion=NONE
+if [ -x /var/lib/zerotier-one/zerotier-one ]; then
+	origVersion=`/var/lib/zerotier-one/zerotier-one -v`
+fi
+echo $origVersion
+
+echo 'Extracting files...'
+if [ $dryRun -gt 0 ]; then
+	echo ">> tail -c +$blobStart \"$scriptPath\" | gunzip -c | tar -xvop -C / -f -"
+	tail -c +$blobStart "$scriptPath" | gunzip -c | tar -t -f - | sed 's/^/>>   /'
+else
+	tail -c +$blobStart "$scriptPath" | gunzip -c | tar -xvop --no-overwrite-dir -C / -f -
+fi
+
+if [ $dryRun -eq 0 -a ! -x "/var/lib/zerotier-one/zerotier-one" ]; then
+	echo 'Archive extraction failed, cannot find zerotier-one binary in "/var/lib/zerotier-one".'
+	exit 2
+fi
+
+echo -n 'Getting version of new install... '
+newVersion=`/var/lib/zerotier-one/zerotier-one -v`
+echo $newVersion
+
+echo 'Creating symlinks...'
+
+rm -f /usr/bin/zerotier-cli /usr/bin/zerotier-idtool
+ln -sf /var/lib/zerotier-one/zerotier-one /usr/bin/zerotier-cli
+ln -sf /var/lib/zerotier-one/zerotier-one /usr/bin/zerotier-idtool
+
+echo 'Installing zerotier-one service...'
+
+if [ -n "$SYSTEMDUNITDIR" -a -d "$SYSTEMDUNITDIR" ]; then
+	# SYSTEMD
+
+	# If this was updated or upgraded from an init.d based system, clean up the old
+	# init.d stuff before installing directly via systemd.
+	if [ -f /etc/init.d/zerotier-one ]; then
+		if [ -e /sbin/chkconfig -o -e /usr/sbin/chkconfig -o -e /bin/chkconfig -o -e /usr/bin/chkconfig ]; then
+			chkconfig zerotier-one off
+		fi
+		rm -f /etc/init.d/zerotier-one
+	fi
+
+	cp -f /tmp/systemd_zerotier-one.service "$SYSTEMDUNITDIR/zerotier-one.service"
+	chown 0 "$SYSTEMDUNITDIR/zerotier-one.service"
+	chgrp 0 "$SYSTEMDUNITDIR/zerotier-one.service"
+	chmod 0644 "$SYSTEMDUNITDIR/zerotier-one.service"
+	rm -f /tmp/systemd_zerotier-one.service /tmp/init.d_zerotier-one
+
+	systemctl enable zerotier-one.service
+
+	echo
+	echo 'Done! Installed and service configured to start at system boot.'
+	echo
+	echo "To start now or restart the service if it's already running:"
+	echo '  sudo systemctl restart zerotier-one.service'
+else
+	# SYSV INIT -- also covers upstart which supports SysVinit backward compatibility
+
+	cp -f /tmp/init.d_zerotier-one /etc/init.d/zerotier-one
+	chmod 0755 /etc/init.d/zerotier-one
+	rm -f /tmp/systemd_zerotier-one.service /tmp/init.d_zerotier-one
+
+	if [ -f /sbin/chkconfig -o -f /usr/sbin/chkconfig -o -f /usr/bin/chkconfig -o -f /bin/chkconfig ]; then
+		chkconfig zerotier-one on
+	else
+		# Yes Virginia, some systems lack chkconfig.
+		if [ -d /etc/rc0.d ]; then
+			rm -f /etc/rc0.d/???zerotier-one
+			ln -sf /etc/init.d/zerotier-one /etc/rc0.d/K89zerotier-one
+		fi
+		if [ -d /etc/rc1.d ]; then
+			rm -f /etc/rc1.d/???zerotier-one
+			ln -sf /etc/init.d/zerotier-one /etc/rc1.d/K89zerotier-one
+		fi
+		if [ -d /etc/rc2.d ]; then
+			rm -f /etc/rc2.d/???zerotier-one
+			ln -sf /etc/init.d/zerotier-one /etc/rc2.d/S11zerotier-one
+		fi
+		if [ -d /etc/rc3.d ]; then
+			rm -f /etc/rc3.d/???zerotier-one
+			ln -sf /etc/init.d/zerotier-one /etc/rc3.d/S11zerotier-one
+		fi
+		if [ -d /etc/rc4.d ]; then
+			rm -f /etc/rc4.d/???zerotier-one
+			ln -sf /etc/init.d/zerotier-one /etc/rc4.d/S11zerotier-one
+		fi
+		if [ -d /etc/rc5.d ]; then
+			rm -f /etc/rc5.d/???zerotier-one
+			ln -sf /etc/init.d/zerotier-one /etc/rc5.d/S11zerotier-one
+		fi
+		if [ -d /etc/rc6.d ]; then
+			rm -f /etc/rc6.d/???zerotier-one
+			ln -sf /etc/init.d/zerotier-one /etc/rc6.d/K89zerotier-one
+		fi
+	fi
+
+	echo
+	echo 'Done! Installed and service configured to start at system boot.'
+	echo
+	echo "To start now or restart the service if it's already running:"
+	echo '  sudo service zerotier-one restart'
+fi
+
+exit 0
+
+# Do not remove the last line or add a carriage return to it! The installer
+# looks for an unterminated line beginning with 16 #'s in itself to find
+# the binary blob data, which is appended after it.
+
+################
\ No newline at end of file
diff --git a/attic/old-linux-installer/uninstall.sh b/attic/old-linux-installer/uninstall.sh
new file mode 100755
index 0000000..d9495a1
--- /dev/null
+++ b/attic/old-linux-installer/uninstall.sh
@@ -0,0 +1,76 @@
+#!/bin/bash
+
+export PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin
+
+if [ "$UID" -ne 0 ]; then
+	echo "Must be run as root; try: sudo $0"
+	exit 1
+fi
+
+# Detect systemd vs. regular init
+SYSTEMDUNITDIR=
+if [ -e /bin/systemctl -o -e /usr/bin/systemctl -o -e /usr/local/bin/systemctl -o -e /sbin/systemctl -o -e /usr/sbin/systemctl ]; then
+	if [ -e /usr/bin/pkg-config ]; then
+		SYSTEMDUNITDIR=`/usr/bin/pkg-config systemd --variable=systemdsystemunitdir`
+	fi
+	if [ -z "$SYSTEMDUNITDIR" -o ! -d "$SYSTEMDUNITDIR" ]; then
+		if [ -d /usr/lib/systemd/system ]; then
+			SYSTEMDUNITDIR=/usr/lib/systemd/system
+		fi
+		if [ -d /etc/systemd/system ]; then
+			SYSTEMDUNITDIR=/etc/systemd/system
+		fi
+	fi
+fi
+
+echo "Killing any running zerotier-one service..."
+if [ -n "$SYSTEMDUNITDIR" -a -d "$SYSTEMDUNITDIR" ]; then
+	systemctl stop zerotier-one.service
+	systemctl disable zerotier-one.service
+else
+	if [ -f /sbin/service -o -f /usr/sbin/service -o -f /bin/service -o -f /usr/bin/service ]; then
+		service zerotier-one stop
+	fi
+fi
+
+sleep 1
+if [ -f /var/lib/zerotier-one/zerotier-one.pid ]; then
+	kill -TERM `cat /var/lib/zerotier-one/zerotier-one.pid`
+	sleep 1
+fi
+if [ -f /var/lib/zerotier-one/zerotier-one.pid ]; then
+	kill -KILL `cat /var/lib/zerotier-one/zerotier-one.pid`
+fi
+
+if [ -f /etc/init.d/zerotier-one ]; then
+	echo "Removing SysV init items..."
+	if [ -f /sbin/chkconfig -o -f /usr/sbin/chkconfig -o -f /bin/chkconfig -o -f /usr/bin/chkconfig ]; then
+		chkconfig zerotier-one off
+	fi
+	rm -f /etc/init.d/zerotier-one
+	find /etc/rc*.d -type f -name '???zerotier-one' -print0 | xargs -0 rm -f
+fi
+
+if [ -n "$SYSTEMDUNITDIR" -a -d "$SYSTEMDUNITDIR" -a -f "$SYSTEMDUNITDIR/zerotier-one.service" ]; then
+	echo "Removing systemd service..."
+	rm -f "$SYSTEMDUNITDIR/zerotier-one.service"
+fi
+
+echo "Erasing binary and support files..."
+if [ -d /var/lib/zerotier-one ]; then
+	cd /var/lib/zerotier-one
+	rm -rf zerotier-one *.persist identity.public *.log *.pid *.sh updates.d networks.d iddb.d root-topology ui
+fi
+
+echo "Erasing anything installed into system bin directories..."
+rm -f /usr/local/bin/zerotier-cli /usr/bin/zerotier-cli /usr/local/bin/zerotier-idtool /usr/bin/zerotier-idtool
+
+echo "Done."
+echo
+echo "Your ZeroTier One identity is still preserved in /var/lib/zerotier-one"
+echo "as identity.secret and can be manually deleted if you wish. Save it if"
+echo "you wish to re-use the address of this node, as it cannot be regenerated."
+
+echo
+
+exit 0
diff --git a/cli/README.md b/cli/README.md
new file mode 100644
index 0000000..dabbd30
--- /dev/null
+++ b/cli/README.md
@@ -0,0 +1,6 @@
+ZeroTier Newer-Spiffier Command Line Interface
+======
+
+This will be the future home of our new unified CLI for ZeroTier One, controllers, and Central (my.zerotier.com etc.).
+
+IT IS NOT DONE AND DOES NOT WORK EVEN A LITTLE BIT. GO AWAY.
diff --git a/cli/zerotier.cpp b/cli/zerotier.cpp
new file mode 100644
index 0000000..f9eec5d
--- /dev/null
+++ b/cli/zerotier.cpp
@@ -0,0 +1,335 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+// Note: unlike the rest of ZT's code base, this requires C++11 due to
+// the JSON library it uses and other things.
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+
+#include "../node/Constants.hpp"
+#include "../version.h"
+#include "../osdep/OSUtils.hpp"
+#include "../ext/json/json.hpp"
+
+#ifdef __WINDOWS__
+#include <WinSock2.h>
+#include <windows.h>
+#include <tchar.h>
+#include <wchar.h>
+#else
+#include <ctype.h>
+#include <unistd.h>
+#endif
+
+#include <iostream>
+#include <string>
+#include <map>
+#include <vector>
+#include <tuple>
+
+#include <curl/curl.h>
+
+using json = nlohmann::json;
+using namespace ZeroTier;
+
+#define ZT_CLI_FLAG_VERBOSE 'v'
+#define ZT_CLI_FLAG_UNSAFE_SSL 'X'
+
+struct CLIState
+{
+	std::string atname;
+	std::string command;
+	std::vector<std::string> args;
+	std::map<char,std::string> opts;
+	json settings;
+};
+
+namespace {
+
+static std::string trimString(const std::string &s)
+{
+	unsigned long end = (unsigned long)s.length();
+	while (end) {
+		char c = s[end - 1];
+		if ((c == ' ')||(c == '\r')||(c == '\n')||(!c)||(c == '\t'))
+			--end;
+		else break;
+	}
+	unsigned long start = 0;
+	while (start < end) {
+		char c = s[start];
+		if ((c == ' ')||(c == '\r')||(c == '\n')||(!c)||(c == '\t'))
+			++start;
+		else break;
+	}
+	return s.substr(start,end - start);
+}
+
+static inline std::string getSettingsFilePath()
+{
+#ifdef __WINDOWS__
+#else
+	const char *home = getenv("HOME");
+	if (!home)
+		home = "/";
+	return (std::string(home) + "/.zerotierCliSettings");
+#endif
+}
+
+static bool saveSettings(const json &settings)
+{
+	std::string sfp(getSettingsFilePath().c_str());
+	std::string buf(settings.dump(2));
+	if (OSUtils::writeFile(sfp.c_str(),buf)) {
+		OSUtils::lockDownFile(sfp.c_str(),false);
+		return true;
+	}
+	return false;
+}
+
+static void dumpHelp()
+{
+	std::cout << "ZeroTier Newer-Spiffier CLI " << ZEROTIER_ONE_VERSION_MAJOR << "." << ZEROTIER_ONE_VERSION_MINOR << "." << ZEROTIER_ONE_VERSION_REVISION << std::endl;
+	std::cout << "(c)2016 ZeroTier, Inc. / Licensed under the GNU GPL v3" << std::endl;
+	std::cout << std::endl;
+	std::cout << "Configuration path: " << getSettingsFilePath() << std::endl;
+	std::cout << std::endl;
+	std::cout << "Usage: zerotier [-option] [@name] <command> [<command options>]" << std::endl;
+	std::cout << std::endl;
+	std::cout << "Options:" << std::endl;
+	std::cout << "  -v                                  - Verbose JSON output" << std::endl;
+	std::cout << "  -X                                  - Do not check SSL certs (CAUTION!)" << std::endl;
+	std::cout << std::endl;
+	std::cout << "CLI Configuration Commands:" << std::endl;
+	std::cout << "  cli-set <setting> <value>           - Set a CLI option ('cli-set help')" << std::endl;
+	std::cout << "  cli-ls                              - List configured @things" << std::endl;
+	std::cout << "  cli-rm @name                        - Remove a configured @thing" << std::endl;
+	std::cout << "  cli-add-zt @name <url> <auth>       - Add a ZeroTier service" << std::endl;
+	std::cout << "  cli-add-central @name <url> <auth>  - Add ZeroTier Central instance" << std::endl;
+	std::cout << std::endl;
+	std::cout << "ZeroTier One Service Commands:" << std::endl;
+	std::cout << "  ls                                  - List currently joined networks" << std::endl;
+	std::cout << "  join <network> [opt=value ...]      - Join a network" << std::endl;
+	std::cout << "  leave <network>                     - Leave a network" << std::endl;
+	std::cout << "  peers                               - List ZeroTier VL1 peers" << std::endl;
+	std::cout << "  show [<network/peer address>]       - Get info about self or object" << std::endl;
+	std::cout << std::endl;
+	std::cout << "Network Controller Commands:" << std::endl;
+	std::cout << "  net-create                          - Create a new network" << std::endl;
+	std::cout << "  net-rm <network>                    - Delete a network (CAUTION!)" << std::endl;
+	std::cout << "  net-ls                              - List administered networks" << std::endl;
+	std::cout << "  net-members <network>               - List members of a network" << std::endl;
+	std::cout << "  net-show <network> [<address>]      - Get network or member info" << std::endl;
+	std::cout << "  net-auth <network> <address>        - Authorize a member" << std::endl;
+	std::cout << "  net-set <path> <value>              - See 'net-set help'" << std::endl;
+	std::cout << std::endl;
+	std::cout << "Identity Commands:" << std::endl;
+	std::cout << "  id-generate [<vanity prefix>]       - Generate a ZeroTier identity" << std::endl;
+	std::cout << "  id-validate <identity>              - Locally validate an identity" << std::endl;
+	std::cout << "  id-sign <identity> <file>           - Sign a file" << std::endl;
+	std::cout << "  id-verify <secret> <file> <sig>     - Verify a file's signature" << std::endl;
+	std::cout << "  id-getpublic <secret>               - Get full identity's public portion" << std::endl;
+	std::cout << std::endl;
+}
+
+static size_t _curlStringAppendCallback(void *contents,size_t size,size_t nmemb,void *stdstring)
+{
+	size_t totalSize = size * nmemb;
+	reinterpret_cast<std::string *>(stdstring)->append((const char *)contents,totalSize);
+	return totalSize;
+}
+
+static std::tuple<int,std::string> GET(const CLIState &state,const std::map<std::string,std::string> &headers,const std::string &url)
+{
+	std::string body;
+	char errbuf[CURL_ERROR_SIZE];
+	char urlbuf[4096];
+
+	CURL *curl = curl_easy_init();
+	if (!curl) {
+		std::cerr << "FATAL: curl_easy_init() failed" << std::endl;
+		exit(-1);
+	}
+
+	curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,_curlStringAppendCallback);
+	curl_easy_setopt(curl,CURLOPT_WRITEDATA,(void *)&body);
+	curl_easy_setopt(curl,CURLOPT_USERAGENT,"ZeroTier-CLI");
+	curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(state.opts.count(ZT_CLI_FLAG_UNSAFE_SSL) > 0) ? 0L : 1L);
+	curl_easy_setopt(curl,CURLOPT_ERRORBUFFER,errbuf);
+	curl_easy_setopt(curl,CURLOPT_FOLLOWLOCATION,0L);
+
+	Utils::scopy(urlbuf,sizeof(urlbuf),url.c_str());
+	curl_easy_setopt(curl,CURLOPT_URL,urlbuf);
+
+	struct curl_slist *hdrs = (struct curl_slist *)0;
+	for(std::map<std::string,std::string>::const_iterator i(headers.begin());i!=headers.end();++i) {
+		std::string htmp(i->first);
+		htmp.append(": ");
+		htmp.append(i->second);
+		hdrs = curl_slist_append(hdrs,htmp.c_str());
+	}
+	if (hdrs)
+		curl_easy_setopt(curl,CURLOPT_HTTPHEADER,hdrs);
+
+	memset(errbuf,0,sizeof(errbuf));
+	CURLcode res = curl_easy_perform(curl);
+	errbuf[CURL_ERROR_SIZE-1] = (char)0; // sanity check
+
+	if (res != CURLE_OK)
+		return std::make_tuple(-1,std::string(errbuf));
+
+	int rc = (int)curl_easy_getinfo(curl,CURLINFO_RESPONSE_CODE);
+
+	curl_easy_cleanup(curl);
+	if (hdrs)
+		curl_slist_free_all(hdrs);
+
+	return std::make_tuple(rc,body);
+}
+
+} // anonymous namespace
+
+//////////////////////////////////////////////////////////////////////////////
+
+#ifdef __WINDOWS__
+int _tmain(int argc, _TCHAR* argv[])
+#else
+int main(int argc,char **argv)
+#endif
+{
+#ifdef __WINDOWS__
+	{
+		WSADATA wsaData;
+		WSAStartup(MAKEWORD(2,2),&wsaData);
+	}
+#endif
+
+	curl_global_init(CURL_GLOBAL_DEFAULT);
+
+	CLIState state;
+
+	for(int i=1;i<argc;++i) {
+		if ((i == 1)&&(argv[i][0] == '@')) {
+			state.atname = argv[i];
+		} else if (state.command.length() == 0) {
+			if (argv[i][0] == '-') {
+				if (!argv[i][1]) {
+					dumpHelp();
+					return -1;
+				} else if (argv[i][2]) {
+					state.opts[argv[i][1]] = argv[i] + 2;
+				} else {
+					state.opts[argv[i][1]] = "";
+				}
+			} else {
+				state.command = argv[i];
+			}
+		} else {
+			state.args.push_back(std::string(argv[i]));
+		}
+	}
+
+	{
+		std::string buf;
+		if (OSUtils::readFile(getSettingsFilePath().c_str(),buf))
+			state.settings = json::parse(buf);
+
+		if (state.settings.empty()) {
+			// Default settings
+			state.settings = {
+				{ "configVersion", 1 },
+				{ "things", {
+					{ "my.zerotier.com", {
+						{ "type", "central" },
+						{ "url", "https://my.zerotier.com/" },
+						{ "auth", "" }
+					}},
+					{ "local", {
+						{ "type", "one" },
+						{ "url", "" },
+						{ "auth", "" }
+					}}
+				}},
+				{ "defaultController", "@my.zerotier.com" },
+				{ "defaultOne", "@local" }
+			};
+
+			std::string oneHome(OSUtils::platformDefaultHomePath());
+			std::string authToken,portStr;
+			bool initSuccess = false;
+			if (OSUtils::readFile((oneHome + ZT_PATH_SEPARATOR_S + "authtoken.secret").c_str(),authToken)&&OSUtils::readFile((oneHome + ZT_PATH_SEPARATOR_S + "zerotier-one.port").c_str(),portStr)) {
+				portStr = trimString(portStr);
+				authToken = trimString(authToken);
+				int port = Utils::strToInt(portStr.c_str());
+				if (((port > 0)&&(port < 65536))&&(authToken.length() > 0)) {
+					state.settings["things"]["local"]["url"] = (std::string("http://127.0.0.1:") + portStr + "/");
+					state.settings["things"]["local"]["auth"] = authToken;
+					initSuccess = true;
+				}
+			}
+
+			if (!saveSettings(state.settings)) {
+				std::cerr << "FATAL: unable to write " << getSettingsFilePath() << std::endl;
+				exit(-1);
+			}
+
+			if (initSuccess) {
+				std::cerr << "INFO: initialized new config at " << getSettingsFilePath() << std::endl;
+			} else {
+				std::cerr << "INFO: initialized new config at " << getSettingsFilePath() << " but could not auto-init local ZeroTier One service config from " << oneHome << " -- you will need to set local service URL and port manually if you want to control a local instance of ZeroTier One. (This happens if you are not root/administrator.)" << std::endl;
+			}
+		}
+	}
+
+	if ((state.command.length() == 0)||(state.command == "help")) {
+		dumpHelp();
+		return -1;
+	} else if (state.command == "cli-set") {
+	} else if (state.command == "cli-ls") {
+	} else if (state.command == "cli-rm") {
+	} else if (state.command == "cli-add-zt") {
+	} else if (state.command == "cli-add-central") {
+	} else if (state.command == "ls") {
+	} else if (state.command == "join") {
+	} else if (state.command == "leave") {
+	} else if (state.command == "peers") {
+	} else if (state.command == "show") {
+	} else if (state.command == "net-create") {
+	} else if (state.command == "net-rm") {
+	} else if (state.command == "net-ls") {
+	} else if (state.command == "net-members") {
+	} else if (state.command == "net-show") {
+	} else if (state.command == "net-auth") {
+	} else if (state.command == "net-set") {
+	} else if (state.command == "id-generate") {
+	} else if (state.command == "id-validate") {
+	} else if (state.command == "id-sign") {
+	} else if (state.command == "id-verify") {
+	} else if (state.command == "id-getpublic") {
+	} else {
+		dumpHelp();
+		return -1;
+	}
+
+	curl_global_cleanup();
+
+	return 0;
+}
diff --git a/controller/README.md b/controller/README.md
new file mode 100644
index 0000000..8b789a3
--- /dev/null
+++ b/controller/README.md
@@ -0,0 +1,261 @@
+Network Controller Microservice
+======
+
+ZeroTier's 16-digit network IDs are really just a concatenation of the 10-digit ZeroTier address of a network controller followed by a 6-digit (24-bit) network number on that controller. Fans of software defined networking will recognize this as a variation of the familiar [separation of data plane and control plane](http://sdntutorials.com/difference-between-control-plane-and-data-plane/) SDN design pattern.
+
+This code implements the *node/NetworkController.hpp* interface and provides a SQLite3-backed network controller microservice. Including it in the build allows ZeroTier One to act as a controller and create/manage networks.
+
+This is the same code we use to run [my.zerotier.com](https://my.zerotier.com/), which is a web UI and API that runs in front of a pool of controllers.
+
+### Building
+
+On Linux, Mac, or BSD you can create a controller-enabled build with:
+
+    make ZT_ENABLE_NETWORK_CONTROLLER=1
+
+You will need the development headers and libraries for SQLite3 installed.
+
+### Running
+
+After building and installing (`make install`) a controller-enabled build of ZeroTier One, start it and try:
+
+    sudo zerotier-cli /controller
+
+You should see something like:
+
+    {
+        "controller": true,
+        "apiVersion": 2,
+        "clock": 1468002975497,
+        "instanceId": "8ab354604debe1da27ee627c9ef94a48"
+    }
+
+When started, a controller-enabled build of ZeroTier One will automatically create and initialize a `controller.db` file in its home folder. This is where all the controller's data and persistent state lives. If you're upgrading an old controller it will upgrade its database schema automatically on first launch. Make a backup of the old controller's database first since you can't go backward.
+
+Controllers periodically make backups of their database as `controller.db.backup`. This is done so that this file can be more easily copied/rsync'ed to other systems without worrying about corruption. SQLite3 supports multiple processes accessing the same database file, so `sqlite3 /path/to/controller.db .dump` also works but can be slow on a busy controller.
+
+Controllers can in theory host up to 2^24 networks and serve many millions of devices (or more), but we recommend running multiple controllers for a lot of networks to spread load and be more fault tolerant.
+
+### Dockerizing Controllers
+
+ZeroTier network controllers can easily be run in Docker or other container systems. Since containers do not need to actually join networks, extra privilege options like "--device=/dev/net/tun --privileged" are not needed. You'll just need to map the local JSON API port of the running controller and allow it to access the Internet (over UDP/9993 at a minimum) so things can reach and query it.
+
+### Implementing High Availability Fail-Over
+
+ZeroTier network controllers are not single points of failure for networks-- in the sense that if a controller goes down *existing* members of a network can continue to communicate. But new members (or those that have been offline for a while) can't join, existing members can't be de-authorized, and other changes to the network's configuration can't be made. This means that short "glitches" in controller availability are not a major problem but long periods of unavailability can be.
+
+Because controllers are just regular ZeroTier nodes and controller queries are in-band, controllers can trivially be moved without worrying about changes to underlying physical IPs. This makes high-availability fail-over very easy to implement.
+
+Just set up two cloud hosts, preferably in different data centers (e.g. two different AWS regions or Digital Ocean SF and NYC). Now set up the hot spare controller to constantly mirror `controller.db.backup` from its active sibling.
+
+If the active controller goes down, rename `controller.db.backup` to `controller.db` on the hot spare and start the ZeroTier One service there. The spare will take over and has now become the active controller. If the original active node comes back, it should take on the role of spare and should not start its service. Instead it should start mirroring the active controller's backup and wait until it is needed.
+
+The details of actually implementing this kind of HA fail-over on Linux or other OSes are beyond the scope of these docs and there are many ways to do it. Docker orchestration tools like Kubernetes can also be used to accomplish this if you've dockerized your controller.
+
+### Network Controller API
+
+The controller API is hosted via the same JSON API endpoint that ZeroTier One uses for local control (usually at 127.0.0.1 port 9993). All controller options are routed under the `/controller` base path.
+
+The controller microservice does not implement any fine-grained access control (authentication is via authtoken.secret just like the regular JSON API) or other complex mangement features. It just takes network and network member configurations and reponds to controller queries. We have an enterprise product called [ZeroTier Central](https://my.zerotier.com/) that we host as a service (and that companies can license to self-host) that does this.
+
+All working network IDs on a controller must begin with the controller's ZeroTier address. The API will *allow* "foreign" networks to be added but the controller will have no way of doing anything with them.
+
+Also note that the API is *very* sensitive about types. Integers must be integers and strings strings, etc. Incorrectly typed and unrecognized fields are just ignored.
+
+#### `/controller`
+
+ * Purpose: Check for controller function and return controller status
+ * Methods: GET
+ * Returns: { object }
+
+| Field              | Type        | Description                                       | Writable |
+| ------------------ | ----------- | ------------------------------------------------- | -------- |
+| controller         | boolean     | Always 'true'                                     | no       |
+| apiVersion         | integer     | Controller API version, currently 2               | no       |
+| clock              | integer     | Current clock on controller, ms since epoch       | no       |
+| instanceId         | string      | A random ID generated on first controller DB init | no       |
+
+The instance ID can be used to check whether a controller's database has been reset or otherwise switched.
+
+#### `/controller/network`
+
+ * Purpose: List all networks hosted by this controller
+ * Methods: GET
+ * Returns: [ string, ... ]
+
+This returns an array of 16-digit hexadecimal network IDs.
+
+#### `/controller/network/<network ID>`
+
+ * Purpose: Create, configure, and delete hosted networks
+ * Methods: GET, POST, DELETE
+ * Returns: { object }
+
+By making queries to this path you can create, configure, and delete networks. DELETE is final, so don't do it unless you really mean it.
+
+When POSTing new networks take care that their IDs are not in use, otherwise you may overwrite an existing one. To create a new network with a random unused ID, POST to `/controller/network/##########______`. The #'s are the controller's 10-digit ZeroTier address and they're followed by six underscores. Check the `nwid` field of the returned JSON object for your network's newly allocated ID. Subsequent POSTs to this network must refer to its actual path.
+
+| Field                 | Type          | Description                                       | Writable |
+| --------------------- | ------------- | ------------------------------------------------- | -------- |
+| nwid                  | string        | 16-digit network ID                               | no       |
+| controllerInstanceId  | string        | Controller database instance ID                   | no       |
+| clock                 | integer       | Current clock, ms since epoch                     | no       |
+| name                  | string        | A short name for this network                     | YES      |
+| private               | boolean       | Is access control enabled?                        | YES      |
+| enableBroadcast       | boolean       | Ethernet ff:ff:ff:ff:ff:ff allowed?               | YES      |
+| allowPassiveBridging  | boolean       | Allow any member to bridge (very experimental)    | YES      |
+| v4AssignMode          | string        | If 'zt', auto-assign IPv4 from pool(s)            | YES      |
+| v6AssignMode          | string        | IPv6 address auto-assign modes; see below         | YES      |
+| multicastLimit        | integer       | Maximum recipients for a multicast packet         | YES      |
+| creationTime          | integer       | Time network was first created                    | no       |
+| revision              | integer       | Network config revision counter                   | no       |
+| memberRevisionCounter | integer       | Network member revision counter                   | no       |
+| authorizedMemberCount | integer       | Number of authorized members (for private nets)   | no       |
+| relays                | array[object] | Alternative relays; see below                     | YES      |
+| routes                | array[object] | Managed IPv4 and IPv6 routes; see below           | YES      |
+| ipAssignmentPools     | array[object] | IP auto-assign ranges; see below                  | YES      |
+| rules                 | array[object] | Traffic rules; see below                          | YES      |
+
+(The `ipLocalRoutes` field appeared in older versions but is no longer present. Routes will now show up in `routes`.)
+
+Two important things to know about networks:
+
+ - Networks without rules won't carry any traffic. See below for an example with rules to permit IPv4 and IPv6.
+ - Managed IP address assignments and IP assignment pools that do not fall within a route configured in `routes` are ignored and won't be used or sent to members.
+ - The default for `private` is `true` and this is probably what you want. Turning `private` off means *anyone* can join your network with only its 16-digit network ID. It's also impossible to de-authorize a member as these networks don't issue or enforce certificates. Such "party line" networks are used for decentralized app backplanes, gaming, and testing but are not common in ordinary use.
+
+**IPv6 Auto-Assign Modes:**
+
+This field is (for legacy reasons) a comma-delimited list of strings. These can be `rfc4193`, `6plane`, and `zt`. RFC4193 and 6PLANE are special addressing modes that deterministically assign IPv6 addresses based on the network ID and the ZeroTier address of each member. The `zt` mode enables IPv6 auto-assignment from arbitrary IPv6 IP ranges configured in `ipAssignmentPools`.
+
+**Relay object format:**
+
+Relay objects define network-specific preferred relay nodes. Traffic to peers on this network will preferentially use these relays if they are available, and otherwise will fall back to the global rootserver infrastructure.
+
+| Field                 | Type          | Description                                       | Writable |
+| --------------------- | ------------- | ------------------------------------------------- | -------- |
+| address               | string        | 10-digit ZeroTier address of relay                | YES      |
+| phyAddress            | string        | Optional IP/port suggestion for finding relay     | YES      |
+
+**IP assignment pool object format:**
+
+| Field                 | Type          | Description                                       | Writable |
+| --------------------- | ------------- | ------------------------------------------------- | -------- |
+| ipRangeStart          | string        | Starting IP address in range                      | YES      |
+| ipRangeEnd            | string        | Ending IP address in range (inclusive)            | YES      |
+
+Pools are only used if auto-assignment is on for the given address type (IPv4 or IPv6) and if the entire range falls within a managed route.
+
+IPv6 ranges work just like IPv4 ranges and look like this:
+
+    {
+        "ipRangeStart": "fd00:feed:feed:beef:0000:0000:0000:0000",
+        "ipRangeEnd": "fd00:feed:feed:beef:ffff:ffff:ffff:ffff"
+    }
+
+(You can POST a shortened-form IPv6 address but the API will always report back un-shortened canonical form addresses.)
+
+That defines a range within network `fd00:feed:feed:beef::/64` that contains up to 2^64 addresses. If an IPv6 range is large enough, the controller will assign addresses by placing each member's device ID into the address in a manner similar to the RFC4193 and 6PLANE modes. Otherwise it will assign addresses at random.
+
+**Rule object format:**
+
+Rules are matched in order of ruleNo. If no rules match, the default action is `drop`. To allow all traffic, create a single rule with all *null* fields and an action of `accept`.
+
+In the future there will be many, many more types of rules. As of today only filtering by Ethernet packet type is supported.
+
+| Field                 | Type          | Description                                       | Writable |
+| --------------------- | ------------- | ------------------------------------------------- | -------- |
+| ruleNo                | integer       | Rule sorting key                                  | YES      |
+| etherType             | integer       | Ethernet frame type (e.g. 34525 for IPv6)         | YES      |
+| action                | string        | Currently either `allow` or `drop`                | YES      |
+
+**An Example: The Configuration for Earth**
+
+Here is an example of a correctly configured ZeroTier network with IPv4 auto-assigned addresses from 28.0.0.0/7 (a "de-facto private" space) and RFC4193 IPv6 addressing. Users might recognize this as *Earth*, our public "global LAN party" that's used for demos and testing and occasionally gaming.
+
+For your own networks you'll probably want to change `private` to `true` unless you like company. These rules on the other hand probably are what you want. These allow IPv4, IPv4 ARP, and IPv6 Ethernet frames. To allow only IPv4 omit the one for Ethernet type 34525 (IPv6).
+
+    {
+        "nwid": "8056c2e21c000001",
+        "controllerInstanceId": "8ab354604debe1da27ee627c9ef94a48",
+        "clock": 1468004857100,
+        "name": "earth.zerotier.net",
+        "private": false,
+        "enableBroadcast": false,
+        "allowPassiveBridging": false,
+        "v4AssignMode": "zt",
+        "v6AssignMode": "rfc4193",
+        "multicastLimit": 64,
+        "creationTime": 1442292573165,
+        "revision": 234,
+        "memberRevisionCounter": 3326,
+        "authorizedMemberCount": 2873,
+        "relays": [],
+        "routes": [
+            {"target":"28.0.0.0/7","via":null,"flags":0,"metric":0}],
+        "ipAssignmentPools": [
+            {"ipRangeStart":"28.0.0.1","ipRangeEnd":"29.255.255.254"}],
+        "rules": [
+        {
+            "ruleNo": 20,
+            "etherType": 2048,
+            "action": "accept"
+        },{
+            "ruleNo": 21,
+            "etherType": 2054,
+            "action": "accept"
+        },{
+            "ruleNo": 30,
+            "etherType": 34525,
+            "action": "accept"
+        }]
+    }
+
+#### `/controller/network/<network ID>/member`
+
+ * Purpose: Get a set of all members on this network
+ * Methods: GET
+ * Returns: { object }
+
+This returns a JSON object containing all member IDs as keys and their `memberRevisionCounter` values as values.
+
+#### `/controller/network/<network ID>/active`
+
+ * Purpose: Get a set of all active members on this network
+ * Methods: GET
+ * Returns: { object }
+
+This returns an object containing all currently online members and the most recent `recentLog` entries for their last request.
+
+#### `/controller/network/<network ID>/member/<address>`
+
+ * Purpose: Create, authorize, or remove a network member
+ * Methods: GET, POST, DELETE
+ * Returns: { object }
+
+| Field                 | Type          | Description                                       | Writable |
+| --------------------- | ------------- | ------------------------------------------------- | -------- |
+| nwid                  | string        | 16-digit network ID                               | no       |
+| clock                 | integer       | Current clock, ms since epoch                     | no       |
+| address               | string        | Member's 10-digit ZeroTier address                | no       |
+| authorized            | boolean       | Is member authorized? (for private networks)      | YES      |
+| activeBridge          | boolean       | Member is able to bridge to other Ethernet nets   | YES      |
+| identity              | string        | Member's public ZeroTier identity (if known)      | no       |
+| ipAssignments         | array[string] | Managed IP address assignments                    | YES      |
+| memberRevision        | integer       | Member revision counter                           | no       |
+| recentLog             | array[object] | Recent member activity log; see below             | no       |
+
+Note that managed IP assignments are only used if they fall within a managed route. Otherwise they are ignored.
+
+**Recent log object format:**
+
+| Field                 | Type          | Description                                       |
+| --------------------- | ------------- | ------------------------------------------------- |
+| ts                    | integer       | Time of request, ms since epoch                   |
+| authorized            | boolean       | Was member authorized?                            |
+| clientMajorVersion    | integer       | Client major version or -1 if unknown             |
+| clientMinorVersion    | integer       | Client minor version or -1 if unknown             |
+| clientRevision        | integer       | Client revision or -1 if unknown                  |
+| fromAddr              | string        | Physical address if known                         |
+
+The controller can only know a member's `fromAddr` if it's able to establish a direct path to it. Members behind very restrictive firewalls may not have this information since the controller will be receiving the member's requests by way of a relay. ZeroTier does not back-trace IP paths as packets are relayed since this would add a lot of protocol overhead.
diff --git a/controller/SqliteNetworkController.cpp b/controller/SqliteNetworkController.cpp
new file mode 100644
index 0000000..6505174
--- /dev/null
+++ b/controller/SqliteNetworkController.cpp
@@ -0,0 +1,2195 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <sys/time.h>
+#include <sys/types.h>
+
+#include <algorithm>
+#include <utility>
+#include <stdexcept>
+#include <set>
+
+#include "../include/ZeroTierOne.h"
+#include "../node/Constants.hpp"
+
+#ifdef ZT_USE_SYSTEM_JSON_PARSER
+#include <json-parser/json.h>
+#else
+#include "../ext/json-parser/json.h"
+#endif
+
+#include "SqliteNetworkController.hpp"
+
+#include "../node/Node.hpp"
+#include "../node/Utils.hpp"
+#include "../node/CertificateOfMembership.hpp"
+#include "../node/NetworkConfig.hpp"
+#include "../node/Dictionary.hpp"
+#include "../node/InetAddress.hpp"
+#include "../node/MAC.hpp"
+#include "../node/Address.hpp"
+
+#include "../osdep/OSUtils.hpp"
+
+// Include ZT_NETCONF_SCHEMA_SQL constant to init database
+#include "schema.sql.c"
+
+// Stored in database as schemaVersion key in Config.
+// If not present, database is assumed to be empty and at the current schema version
+// and this key/value is added automatically.
+#define ZT_NETCONF_SQLITE_SCHEMA_VERSION 4
+#define ZT_NETCONF_SQLITE_SCHEMA_VERSION_STR "4"
+
+// API version reported via JSON control plane
+#define ZT_NETCONF_CONTROLLER_API_VERSION 2
+
+// Number of requests to remember in member history
+#define ZT_NETCONF_DB_MEMBER_HISTORY_LENGTH 8
+
+// Min duration between requests for an address/nwid combo to prevent floods
+#define ZT_NETCONF_MIN_REQUEST_PERIOD 1000
+
+// Delay between backups in milliseconds
+#define ZT_NETCONF_BACKUP_PERIOD 300000
+
+// Nodes are considered active if they've queried in less than this long
+#define ZT_NETCONF_NODE_ACTIVE_THRESHOLD ((ZT_NETWORK_AUTOCONF_DELAY * 2) + 5000)
+
+// Flags for Network 'flags' field in table
+#define ZT_DB_NETWORK_FLAG_ZT_MANAGED_V4_AUTO_ASSIGN 1
+#define ZT_DB_NETWORK_FLAG_ZT_MANAGED_V6_RFC4193 2
+#define ZT_DB_NETWORK_FLAG_ZT_MANAGED_V6_6PLANE 4
+#define ZT_DB_NETWORK_FLAG_ZT_MANAGED_V6_AUTO_ASSIGN 8
+
+// Flags with all V6 managed mode flags flipped off -- for masking in update operation and in string form for SQL building
+#define ZT_DB_NETWORK_FLAG_ZT_MANAGED_V6_MASK_S "268435441"
+
+// Uncomment to trace Sqlite for debugging
+//#define ZT_NETCONF_SQLITE_TRACE 1
+
+namespace ZeroTier {
+
+namespace {
+
+static std::string _jsonEscape(const char *s)
+{
+	if (!s)
+		return std::string();
+	std::string buf;
+	for(const char *p=s;(*p);++p) {
+		switch(*p) {
+			case '\t': buf.append("\\t");  break;
+			case '\b': buf.append("\\b");  break;
+			case '\r': buf.append("\\r");  break;
+			case '\n': buf.append("\\n");  break;
+			case '\f': buf.append("\\f");  break;
+			case '"':  buf.append("\\\""); break;
+			case '\\': buf.append("\\\\"); break;
+			case '/':  buf.append("\\/");  break;
+			default:   buf.push_back(*p);  break;
+		}
+	}
+	return buf;
+}
+static std::string _jsonEscape(const std::string &s) { return _jsonEscape(s.c_str()); }
+
+// Converts an InetAddress to a blob and an int for storage in database
+static void _ipToBlob(const InetAddress &a,char *ipBlob,int &ipVersion) /* blob[16] */
+{
+	switch(a.ss_family) {
+		case AF_INET:
+			memset(ipBlob,0,12);
+			memcpy(ipBlob + 12,a.rawIpData(),4);
+			ipVersion = 4;
+			break;
+		case AF_INET6:
+			memcpy(ipBlob,a.rawIpData(),16);
+			ipVersion = 6;
+			break;
+	}
+}
+
+// Member.recentHistory is stored in a BLOB as an array of strings containing JSON objects.
+// This is kind of hacky but efficient and quick to parse and send to the client.
+class MemberRecentHistory : public std::list<std::string>
+{
+public:
+	inline std::string toBlob() const
+	{
+		std::string b;
+		for(const_iterator i(begin());i!=end();++i) {
+			b.append(*i);
+			b.push_back((char)0);
+		}
+		return b;
+	}
+
+	inline void fromBlob(const char *blob,unsigned int len)
+	{
+		for(unsigned int i=0,k=0;i<len;++i) {
+			if (!blob[i]) {
+				push_back(std::string(blob + k,i - k));
+				k = i + 1;
+			}
+		}
+	}
+};
+
+struct MemberRecord
+{
+	sqlite3_int64 rowid;
+	char nodeId[16];
+	bool authorized;
+	bool activeBridge;
+	uint64_t lastRequestTime;
+	MemberRecentHistory recentHistory;
+
+	MemberRecord() :
+		rowid(0),
+		authorized(false),
+		activeBridge(false),
+		lastRequestTime(0)
+	{
+		nodeId[0] = (char)0;
+	}
+};
+
+struct NetworkRecord
+{
+	char id[24];
+	const char *name;
+	int flags;
+	bool isPrivate;
+	bool enableBroadcast;
+	bool allowPassiveBridging;
+	int multicastLimit;
+	uint64_t creationTime;
+	uint64_t revision;
+	uint64_t memberRevisionCounter;
+
+	NetworkRecord() :
+		name((const char *)0),
+		flags(0),
+		isPrivate(true),
+		enableBroadcast(false),
+		allowPassiveBridging(false),
+		multicastLimit(0),
+		creationTime(0),
+		revision(0),
+		memberRevisionCounter(0)
+	{
+		id[0] = (char)0;
+	}
+};
+
+#ifdef ZT_NETCONF_SQLITE_TRACE
+static void sqliteTraceFunc(void *ptr,const char *s)
+{
+	fprintf(stderr,"SQLITE: %s\n",s);
+}
+#endif
+
+} // anonymous namespace
+
+SqliteNetworkController::SqliteNetworkController(Node *node,const char *dbPath,const char *circuitTestPath) :
+	_node(node),
+	_backupThreadRun(true),
+	_backupNeeded(true),
+	_dbPath(dbPath),
+	_circuitTestPath(circuitTestPath),
+	_db((sqlite3 *)0)
+{
+	if (sqlite3_open_v2(dbPath,&_db,SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE,(const char *)0) != SQLITE_OK)
+		throw std::runtime_error("SqliteNetworkController cannot open database file");
+	sqlite3_busy_timeout(_db,10000);
+
+	sqlite3_exec(_db,"PRAGMA synchronous = OFF",0,0,0);
+	sqlite3_exec(_db,"PRAGMA journal_mode = MEMORY",0,0,0);
+
+	sqlite3_stmt *s = (sqlite3_stmt *)0;
+	if ((sqlite3_prepare_v2(_db,"SELECT v FROM Config WHERE k = 'schemaVersion';",-1,&s,(const char **)0) == SQLITE_OK)&&(s)) {
+		int schemaVersion = -1234;
+		if (sqlite3_step(s) == SQLITE_ROW) {
+			schemaVersion = sqlite3_column_int(s,0);
+		}
+
+		sqlite3_finalize(s);
+
+		if (schemaVersion == -1234) {
+			sqlite3_close(_db);
+			throw std::runtime_error("SqliteNetworkController schemaVersion not found in Config table (init failure?)");
+		}
+
+		if (schemaVersion < 2) {
+			// Create NodeHistory table to upgrade from version 1 to version 2
+			if (sqlite3_exec(_db,
+					"CREATE TABLE NodeHistory (\n"
+					"  nodeId char(10) NOT NULL REFERENCES Node(id) ON DELETE CASCADE,\n"
+					"  networkId char(16) NOT NULL REFERENCES Network(id) ON DELETE CASCADE,\n"
+					"  networkVisitCounter INTEGER NOT NULL DEFAULT(0),\n"
+					"  networkRequestAuthorized INTEGER NOT NULL DEFAULT(0),\n"
+					"  requestTime INTEGER NOT NULL DEFAULT(0),\n"
+					"  clientMajorVersion INTEGER NOT NULL DEFAULT(0),\n"
+					"  clientMinorVersion INTEGER NOT NULL DEFAULT(0),\n"
+					"  clientRevision INTEGER NOT NULL DEFAULT(0),\n"
+					"  networkRequestMetaData VARCHAR(1024),\n"
+					"  fromAddress VARCHAR(128)\n"
+					");\n"
+					"CREATE INDEX NodeHistory_nodeId ON NodeHistory (nodeId);\n"
+					"CREATE INDEX NodeHistory_networkId ON NodeHistory (networkId);\n"
+					"CREATE INDEX NodeHistory_requestTime ON NodeHistory (requestTime);\n"
+					"UPDATE \"Config\" SET \"v\" = 2 WHERE \"k\" = 'schemaVersion';\n"
+				,0,0,0) != SQLITE_OK) {
+				char err[1024];
+				Utils::snprintf(err,sizeof(err),"SqliteNetworkController cannot upgrade the database to version 2: %s",sqlite3_errmsg(_db));
+				sqlite3_close(_db);
+				throw std::runtime_error(err);
+			} else {
+				schemaVersion = 2;
+			}
+		}
+
+		if (schemaVersion < 3) {
+			// Create Route table to upgrade from version 2 to version 3 and migrate old
+			// data. Also delete obsolete Gateway table that was never actually used, and
+			// migrate Network flags to a bitwise flags field instead of ASCII cruft.
+			if (sqlite3_exec(_db,
+					"DROP TABLE Gateway;\n"
+					"CREATE TABLE Route (\n"
+					"  networkId char(16) NOT NULL REFERENCES Network(id) ON DELETE CASCADE,\n"
+					"  target blob(16) NOT NULL,\n"
+					"  via blob(16),\n"
+					"  targetNetmaskBits integer NOT NULL,\n"
+					"  ipVersion integer NOT NULL,\n"
+					"  flags integer NOT NULL,\n"
+					"  metric integer NOT NULL\n"
+					");\n"
+					"CREATE INDEX Route_networkId ON Route (networkId);\n"
+					"INSERT INTO Route SELECT DISTINCT networkId,\"ip\" AS \"target\",NULL AS \"via\",ipNetmaskBits AS targetNetmaskBits,ipVersion,0 AS \"flags\",0 AS \"metric\" FROM IpAssignment WHERE nodeId IS NULL AND \"type\" = 1;\n"
+					"ALTER TABLE Network ADD COLUMN \"flags\" integer NOT NULL DEFAULT(0);\n"
+					"UPDATE Network SET \"flags\" = (\"flags\" | 1) WHERE v4AssignMode = 'zt';\n"
+					"UPDATE Network SET \"flags\" = (\"flags\" | 2) WHERE v6AssignMode = 'rfc4193';\n"
+					"UPDATE Network SET \"flags\" = (\"flags\" | 4) WHERE v6AssignMode = '6plane';\n"
+					"ALTER TABLE Member ADD COLUMN \"flags\" integer NOT NULL DEFAULT(0);\n"
+					"DELETE FROM IpAssignment WHERE nodeId IS NULL AND \"type\" = 1;\n"
+					"UPDATE \"Config\" SET \"v\" = 3 WHERE \"k\" = 'schemaVersion';\n"
+				,0,0,0) != SQLITE_OK) {
+				char err[1024];
+				Utils::snprintf(err,sizeof(err),"SqliteNetworkController cannot upgrade the database to version 3: %s",sqlite3_errmsg(_db));
+				sqlite3_close(_db);
+				throw std::runtime_error(err);
+			} else {
+				schemaVersion = 3;
+			}
+		}
+
+		if (schemaVersion < 4) {
+			// Turns out this was overkill and a huge performance drag. Will be revisiting this
+			// more later but for now a brief snapshot of recent history stored in Member is fine.
+			// Also prepare for implementation of proof of work requests.
+			if (sqlite3_exec(_db,
+					"DROP TABLE NodeHistory;\n"
+					"ALTER TABLE Member ADD COLUMN lastRequestTime integer NOT NULL DEFAULT(0);\n"
+					"ALTER TABLE Member ADD COLUMN lastPowDifficulty integer NOT NULL DEFAULT(0);\n"
+					"ALTER TABLE Member ADD COLUMN lastPowTime integer NOT NULL DEFAULT(0);\n"
+					"ALTER TABLE Member ADD COLUMN recentHistory blob;\n"
+					"CREATE INDEX Member_networkId_lastRequestTime ON Member(networkId, lastRequestTime);\n"
+					"UPDATE \"Config\" SET \"v\" = 4 WHERE \"k\" = 'schemaVersion';\n"
+				,0,0,0) != SQLITE_OK) {
+				char err[1024];
+				Utils::snprintf(err,sizeof(err),"SqliteNetworkController cannot upgrade the database to version 3: %s",sqlite3_errmsg(_db));
+				sqlite3_close(_db);
+				throw std::runtime_error(err);
+			} else {
+				schemaVersion = 4;
+			}
+		}
+
+		if (schemaVersion != ZT_NETCONF_SQLITE_SCHEMA_VERSION) {
+			sqlite3_close(_db);
+			throw std::runtime_error("SqliteNetworkController database schema version mismatch");
+		}
+	} else {
+		// Prepare statement will fail if Config table doesn't exist, which means our DB
+		// needs to be initialized.
+		if (sqlite3_exec(_db,ZT_NETCONF_SCHEMA_SQL"INSERT INTO Config (k,v) VALUES ('schemaVersion',"ZT_NETCONF_SQLITE_SCHEMA_VERSION_STR");",0,0,0) != SQLITE_OK) {
+			char err[1024];
+			Utils::snprintf(err,sizeof(err),"SqliteNetworkController cannot initialize database and/or insert schemaVersion into Config table: %s",sqlite3_errmsg(_db));
+			sqlite3_close(_db);
+			throw std::runtime_error(err);
+		}
+	}
+
+	if (
+
+			/* Network */
+			  (sqlite3_prepare_v2(_db,"SELECT name,private,enableBroadcast,allowPassiveBridging,\"flags\",multicastLimit,creationTime,revision,memberRevisionCounter,(SELECT COUNT(1) FROM Member WHERE Member.networkId = Network.id AND Member.authorized > 0) FROM Network WHERE id = ?",-1,&_sGetNetworkById,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"SELECT revision FROM Network WHERE id = ?",-1,&_sGetNetworkRevision,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"UPDATE Network SET revision = ? WHERE id = ?",-1,&_sSetNetworkRevision,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"INSERT INTO Network (id,name,creationTime,revision) VALUES (?,?,?,1)",-1,&_sCreateNetwork,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"DELETE FROM Network WHERE id = ?",-1,&_sDeleteNetwork,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"SELECT id FROM Network ORDER BY id ASC",-1,&_sListNetworks,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"UPDATE Network SET memberRevisionCounter = (memberRevisionCounter + 1) WHERE id = ?",-1,&_sIncrementMemberRevisionCounter,(const char **)0) != SQLITE_OK)
+
+			/* Node */
+			||(sqlite3_prepare_v2(_db,"SELECT identity FROM Node WHERE id = ?",-1,&_sGetNodeIdentity,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"INSERT OR REPLACE INTO Node (id,identity) VALUES (?,?)",-1,&_sCreateOrReplaceNode,(const char **)0) != SQLITE_OK)
+
+			/* Rule */
+			||(sqlite3_prepare_v2(_db,"SELECT etherType FROM Rule WHERE networkId = ? AND \"action\" = 'accept'",-1,&_sGetEtherTypesFromRuleTable,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"INSERT INTO Rule (networkId,ruleNo,nodeId,sourcePort,destPort,vlanId,vlanPcP,etherType,macSource,macDest,ipSource,ipDest,ipTos,ipProtocol,ipSourcePort,ipDestPort,flags,invFlags,\"action\") VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)",-1,&_sCreateRule,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"SELECT ruleNo,nodeId,sourcePort,destPort,vlanId,vlanPcp,etherType,macSource,macDest,ipSource,ipDest,ipTos,ipProtocol,ipSourcePort,ipDestPort,\"flags\",invFlags,\"action\" FROM Rule WHERE networkId = ? ORDER BY ruleNo ASC",-1,&_sListRules,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"DELETE FROM Rule WHERE networkId = ?",-1,&_sDeleteRulesForNetwork,(const char **)0) != SQLITE_OK)
+
+			/* IpAssignmentPool */
+			||(sqlite3_prepare_v2(_db,"SELECT ipRangeStart,ipRangeEnd FROM IpAssignmentPool WHERE networkId = ? AND ipVersion = ?",-1,&_sGetIpAssignmentPools,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"SELECT ipRangeStart,ipRangeEnd,ipVersion FROM IpAssignmentPool WHERE networkId = ? ORDER BY ipRangeStart ASC",-1,&_sGetIpAssignmentPools2,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"INSERT INTO IpAssignmentPool (networkId,ipRangeStart,ipRangeEnd,ipVersion) VALUES (?,?,?,?)",-1,&_sCreateIpAssignmentPool,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"DELETE FROM IpAssignmentPool WHERE networkId = ?",-1,&_sDeleteIpAssignmentPoolsForNetwork,(const char **)0) != SQLITE_OK)
+
+			/* IpAssignment */
+			||(sqlite3_prepare_v2(_db,"SELECT ip,ipNetmaskBits,ipVersion FROM IpAssignment WHERE networkId = ? AND nodeId = ? AND \"type\" = 0 ORDER BY ip ASC",-1,&_sGetIpAssignmentsForNode,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"SELECT 1 FROM IpAssignment WHERE networkId = ? AND ip = ? AND ipVersion = ? AND \"type\" = ?",-1,&_sCheckIfIpIsAllocated,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"INSERT INTO IpAssignment (networkId,nodeId,\"type\",ip,ipNetmaskBits,ipVersion) VALUES (?,?,?,?,?,?)",-1,&_sAllocateIp,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"DELETE FROM IpAssignment WHERE networkId = ? AND nodeId = ? AND \"type\" = ?",-1,&_sDeleteIpAllocations,(const char **)0) != SQLITE_OK)
+
+			/* Relay */
+			||(sqlite3_prepare_v2(_db,"SELECT \"address\",\"phyAddress\" FROM Relay WHERE \"networkId\" = ? ORDER BY \"address\" ASC",-1,&_sGetRelays,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"DELETE FROM Relay WHERE networkId = ?",-1,&_sDeleteRelaysForNetwork,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"INSERT INTO Relay (\"networkId\",\"address\",\"phyAddress\") VALUES (?,?,?)",-1,&_sCreateRelay,(const char **)0) != SQLITE_OK)
+
+			/* Member */
+			||(sqlite3_prepare_v2(_db,"SELECT rowid,authorized,activeBridge,memberRevision,\"flags\",lastRequestTime,recentHistory FROM Member WHERE networkId = ? AND nodeId = ?",-1,&_sGetMember,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"SELECT m.authorized,m.activeBridge,m.memberRevision,n.identity,m.flags,m.lastRequestTime,m.recentHistory FROM Member AS m LEFT OUTER JOIN Node AS n ON n.id = m.nodeId WHERE m.networkId = ? AND m.nodeId = ?",-1,&_sGetMember2,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"INSERT INTO Member (networkId,nodeId,authorized,activeBridge,memberRevision) VALUES (?,?,?,0,(SELECT memberRevisionCounter FROM Network WHERE id = ?))",-1,&_sCreateMember,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"SELECT nodeId FROM Member WHERE networkId = ? AND activeBridge > 0 AND authorized > 0",-1,&_sGetActiveBridges,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"SELECT m.nodeId,m.memberRevision FROM Member AS m WHERE m.networkId = ? ORDER BY m.nodeId ASC",-1,&_sListNetworkMembers,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"UPDATE Member SET authorized = ?,memberRevision = (SELECT memberRevisionCounter FROM Network WHERE id = ?) WHERE rowid = ?",-1,&_sUpdateMemberAuthorized,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"UPDATE Member SET activeBridge = ?,memberRevision = (SELECT memberRevisionCounter FROM Network WHERE id = ?) WHERE rowid = ?",-1,&_sUpdateMemberActiveBridge,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"UPDATE Member SET \"lastRequestTime\" = ?, \"recentHistory\" = ? WHERE rowid = ?",-1,&_sUpdateMemberHistory,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"DELETE FROM Member WHERE networkId = ? AND nodeId = ?",-1,&_sDeleteMember,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"DELETE FROM Member WHERE networkId = ?",-1,&_sDeleteAllNetworkMembers,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"SELECT nodeId,recentHistory FROM Member WHERE networkId = ? AND lastRequestTime >= ?",-1,&_sGetActiveNodesOnNetwork,(const char **)0) != SQLITE_OK)
+
+			/* Route */
+			||(sqlite3_prepare_v2(_db,"INSERT INTO Route (networkId,target,via,targetNetmaskBits,ipVersion,flags,metric) VALUES (?,?,?,?,?,?,?)",-1,&_sCreateRoute,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"SELECT DISTINCT target,via,targetNetmaskBits,ipVersion,flags,metric FROM \"Route\" WHERE networkId = ? ORDER BY ipVersion,target,via",-1,&_sGetRoutes,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"DELETE FROM \"Route\" WHERE networkId = ?",-1,&_sDeleteRoutes,(const char **)0) != SQLITE_OK)
+
+			/* Config */
+			||(sqlite3_prepare_v2(_db,"SELECT \"v\" FROM \"Config\" WHERE \"k\" = ?",-1,&_sGetConfig,(const char **)0) != SQLITE_OK)
+			||(sqlite3_prepare_v2(_db,"INSERT OR REPLACE INTO \"Config\" (\"k\",\"v\") VALUES (?,?)",-1,&_sSetConfig,(const char **)0) != SQLITE_OK)
+
+		 ) {
+		std::string err(std::string("SqliteNetworkController unable to initialize one or more prepared statements: ") + sqlite3_errmsg(_db));
+		sqlite3_close(_db);
+		throw std::runtime_error(err);
+	}
+
+	/* Generate a 128-bit / 32-character "instance ID" if one isn't already
+	 * defined. Clients can use this to determine if this is the same controller
+	 * database they know and love. */
+	sqlite3_reset(_sGetConfig);
+	sqlite3_bind_text(_sGetConfig,1,"instanceId",10,SQLITE_STATIC);
+	if (sqlite3_step(_sGetConfig) != SQLITE_ROW) {
+		unsigned char sr[32];
+		Utils::getSecureRandom(sr,32);
+		for(unsigned int i=0;i<32;++i)
+			_instanceId.push_back("0123456789abcdef"[(unsigned int)sr[i] & 0xf]);
+
+		sqlite3_reset(_sSetConfig);
+		sqlite3_bind_text(_sSetConfig,1,"instanceId",10,SQLITE_STATIC);
+		sqlite3_bind_text(_sSetConfig,2,_instanceId.c_str(),-1,SQLITE_STATIC);
+		if (sqlite3_step(_sSetConfig) != SQLITE_DONE)
+			throw std::runtime_error("SqliteNetworkController unable to read or initialize instanceId");
+	} else {
+		const char *iid = reinterpret_cast<const char *>(sqlite3_column_text(_sGetConfig,0));
+		if (!iid)
+			throw std::runtime_error("SqliteNetworkController unable to read instanceId (it's NULL)");
+		_instanceId = iid;
+	}
+
+#ifdef ZT_NETCONF_SQLITE_TRACE
+	sqlite3_trace(_db,sqliteTraceFunc,(void *)0);
+#endif
+
+	_backupThread = Thread::start(this);
+}
+
+SqliteNetworkController::~SqliteNetworkController()
+{
+	_backupThreadRun = false;
+	Thread::join(_backupThread);
+
+	Mutex::Lock _l(_lock);
+	if (_db) {
+		sqlite3_finalize(_sGetNetworkById);
+		sqlite3_finalize(_sGetMember);
+		sqlite3_finalize(_sCreateMember);
+		sqlite3_finalize(_sGetNodeIdentity);
+		sqlite3_finalize(_sCreateOrReplaceNode);
+		sqlite3_finalize(_sGetEtherTypesFromRuleTable);
+		sqlite3_finalize(_sGetActiveBridges);
+		sqlite3_finalize(_sGetIpAssignmentsForNode);
+		sqlite3_finalize(_sGetIpAssignmentPools);
+		sqlite3_finalize(_sCheckIfIpIsAllocated);
+		sqlite3_finalize(_sAllocateIp);
+		sqlite3_finalize(_sDeleteIpAllocations);
+		sqlite3_finalize(_sGetRelays);
+		sqlite3_finalize(_sListNetworks);
+		sqlite3_finalize(_sListNetworkMembers);
+		sqlite3_finalize(_sGetMember2);
+		sqlite3_finalize(_sGetIpAssignmentPools2);
+		sqlite3_finalize(_sListRules);
+		sqlite3_finalize(_sCreateRule);
+		sqlite3_finalize(_sCreateNetwork);
+		sqlite3_finalize(_sGetNetworkRevision);
+		sqlite3_finalize(_sSetNetworkRevision);
+		sqlite3_finalize(_sDeleteRelaysForNetwork);
+		sqlite3_finalize(_sCreateRelay);
+		sqlite3_finalize(_sDeleteIpAssignmentPoolsForNetwork);
+		sqlite3_finalize(_sDeleteRulesForNetwork);
+		sqlite3_finalize(_sCreateIpAssignmentPool);
+		sqlite3_finalize(_sUpdateMemberAuthorized);
+		sqlite3_finalize(_sUpdateMemberActiveBridge);
+		sqlite3_finalize(_sUpdateMemberHistory);
+		sqlite3_finalize(_sDeleteMember);
+		sqlite3_finalize(_sDeleteAllNetworkMembers);
+		sqlite3_finalize(_sGetActiveNodesOnNetwork);
+		sqlite3_finalize(_sDeleteNetwork);
+		sqlite3_finalize(_sCreateRoute);
+		sqlite3_finalize(_sGetRoutes);
+		sqlite3_finalize(_sDeleteRoutes);
+		sqlite3_finalize(_sIncrementMemberRevisionCounter);
+		sqlite3_finalize(_sGetConfig);
+		sqlite3_finalize(_sSetConfig);
+		sqlite3_close(_db);
+	}
+}
+
+NetworkController::ResultCode SqliteNetworkController::doNetworkConfigRequest(const InetAddress &fromAddr,const Identity &signingId,const Identity &identity,uint64_t nwid,const Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> &metaData,NetworkConfig &nc)
+{
+	if (((!signingId)||(!signingId.hasPrivate()))||(signingId.address().toInt() != (nwid >> 24))) {
+		return NetworkController::NETCONF_QUERY_INTERNAL_SERVER_ERROR;
+	}
+
+	const uint64_t now = OSUtils::now();
+
+	NetworkRecord network;
+	Utils::snprintf(network.id,sizeof(network.id),"%.16llx",(unsigned long long)nwid);
+
+	MemberRecord member;
+	Utils::snprintf(member.nodeId,sizeof(member.nodeId),"%.10llx",(unsigned long long)identity.address().toInt());
+
+	{ // begin lock
+		Mutex::Lock _l(_lock);
+
+		// Check rate limit circuit breaker to prevent flooding
+		{
+			uint64_t &lrt = _lastRequestTime[std::pair<uint64_t,uint64_t>(identity.address().toInt(),nwid)];
+			if ((now - lrt) <= ZT_NETCONF_MIN_REQUEST_PERIOD)
+				return NetworkController::NETCONF_QUERY_IGNORE;
+			lrt = now;
+		}
+
+		_backupNeeded = true;
+
+		// Create Node record or do full identity check if we already have one
+
+		sqlite3_reset(_sGetNodeIdentity);
+		sqlite3_bind_text(_sGetNodeIdentity,1,member.nodeId,10,SQLITE_STATIC);
+		if (sqlite3_step(_sGetNodeIdentity) == SQLITE_ROW) {
+			try {
+				Identity alreadyKnownIdentity((const char *)sqlite3_column_text(_sGetNodeIdentity,0));
+				if (alreadyKnownIdentity != identity)
+					return NetworkController::NETCONF_QUERY_ACCESS_DENIED;
+			} catch ( ... ) { // identity stored in database is not valid or is NULL
+				return NetworkController::NETCONF_QUERY_ACCESS_DENIED;
+			}
+		} else {
+			std::string idstr(identity.toString(false));
+			sqlite3_reset(_sCreateOrReplaceNode);
+			sqlite3_bind_text(_sCreateOrReplaceNode,1,member.nodeId,10,SQLITE_STATIC);
+			sqlite3_bind_text(_sCreateOrReplaceNode,2,idstr.c_str(),-1,SQLITE_STATIC);
+			if (sqlite3_step(_sCreateOrReplaceNode) != SQLITE_DONE) {
+				return NetworkController::NETCONF_QUERY_INTERNAL_SERVER_ERROR;
+			}
+		}
+
+		// Fetch Network record
+
+		sqlite3_reset(_sGetNetworkById);
+		sqlite3_bind_text(_sGetNetworkById,1,network.id,16,SQLITE_STATIC);
+		if (sqlite3_step(_sGetNetworkById) == SQLITE_ROW) {
+			network.name = (const char *)sqlite3_column_text(_sGetNetworkById,0);
+			network.isPrivate = (sqlite3_column_int(_sGetNetworkById,1) > 0);
+			network.enableBroadcast = (sqlite3_column_int(_sGetNetworkById,2) > 0);
+			network.allowPassiveBridging = (sqlite3_column_int(_sGetNetworkById,3) > 0);
+			network.flags = sqlite3_column_int(_sGetNetworkById,4);
+			network.multicastLimit = sqlite3_column_int(_sGetNetworkById,5);
+			network.creationTime = (uint64_t)sqlite3_column_int64(_sGetNetworkById,6);
+			network.revision = (uint64_t)sqlite3_column_int64(_sGetNetworkById,7);
+			network.memberRevisionCounter = (uint64_t)sqlite3_column_int64(_sGetNetworkById,8);
+		} else {
+			return NetworkController::NETCONF_QUERY_OBJECT_NOT_FOUND;
+		}
+
+		// Fetch or create Member record
+
+		sqlite3_reset(_sGetMember);
+		sqlite3_bind_text(_sGetMember,1,network.id,16,SQLITE_STATIC);
+		sqlite3_bind_text(_sGetMember,2,member.nodeId,10,SQLITE_STATIC);
+		if (sqlite3_step(_sGetMember) == SQLITE_ROW) {
+			member.rowid = sqlite3_column_int64(_sGetMember,0);
+			member.authorized = (sqlite3_column_int(_sGetMember,1) > 0);
+			member.activeBridge = (sqlite3_column_int(_sGetMember,2) > 0);
+			member.lastRequestTime = (uint64_t)sqlite3_column_int64(_sGetMember,5);
+			const char *rhblob = (const char *)sqlite3_column_blob(_sGetMember,6);
+			if (rhblob)
+				member.recentHistory.fromBlob(rhblob,(unsigned int)sqlite3_column_bytes(_sGetMember,6));
+		} else {
+			member.authorized = (network.isPrivate ? false : true);
+			member.activeBridge = false;
+			sqlite3_reset(_sCreateMember);
+			sqlite3_bind_text(_sCreateMember,1,network.id,16,SQLITE_STATIC);
+			sqlite3_bind_text(_sCreateMember,2,member.nodeId,10,SQLITE_STATIC);
+			sqlite3_bind_int(_sCreateMember,3,(member.authorized ? 1 : 0));
+			sqlite3_bind_text(_sCreateMember,4,network.id,16,SQLITE_STATIC);
+			if (sqlite3_step(_sCreateMember) != SQLITE_DONE) {
+				return NetworkController::NETCONF_QUERY_INTERNAL_SERVER_ERROR;
+			}
+			member.rowid = sqlite3_last_insert_rowid(_db);
+
+			sqlite3_reset(_sIncrementMemberRevisionCounter);
+			sqlite3_bind_text(_sIncrementMemberRevisionCounter,1,network.id,16,SQLITE_STATIC);
+			sqlite3_step(_sIncrementMemberRevisionCounter);
+		}
+
+		// Update Member.history
+
+		{
+			char mh[1024];
+			Utils::snprintf(mh,sizeof(mh),
+				"{\"ts\":%llu,\"authorized\":%s,\"clientMajorVersion\":%u,\"clientMinorVersion\":%u,\"clientRevision\":%u,\"fromAddr\":",
+				(unsigned long long)now,
+				((member.authorized) ? "true" : "false"),
+				metaData.getUI(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_MAJOR_VERSION,0),
+				metaData.getUI(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_MINOR_VERSION,0),
+				metaData.getUI(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_REVISION,0));
+			member.recentHistory.push_front(std::string(mh));
+			if (fromAddr) {
+				member.recentHistory.front().push_back('"');
+				member.recentHistory.front().append(_jsonEscape(fromAddr.toString()));
+				member.recentHistory.front().append("\"}");
+			} else {
+				member.recentHistory.front().append("null}");
+			}
+
+			while (member.recentHistory.size() > ZT_NETCONF_DB_MEMBER_HISTORY_LENGTH)
+				member.recentHistory.pop_back();
+			std::string rhblob(member.recentHistory.toBlob());
+
+			sqlite3_reset(_sUpdateMemberHistory);
+			sqlite3_clear_bindings(_sUpdateMemberHistory);
+			sqlite3_bind_int64(_sUpdateMemberHistory,1,(sqlite3_int64)now);
+			sqlite3_bind_blob(_sUpdateMemberHistory,2,(const void *)rhblob.data(),(int)rhblob.length(),SQLITE_STATIC);
+			sqlite3_bind_int64(_sUpdateMemberHistory,3,member.rowid);
+			sqlite3_step(_sUpdateMemberHistory);
+		}
+
+		// Don't proceed if member is not authorized! ---------------------------
+
+		if (!member.authorized)
+			return NetworkController::NETCONF_QUERY_ACCESS_DENIED;
+
+		// Create network configuration -- we create both legacy and new types and send both for backward compatibility
+
+		// New network config structure
+		nc.networkId = Utils::hexStrToU64(network.id);
+		nc.type = network.isPrivate ? ZT_NETWORK_TYPE_PRIVATE : ZT_NETWORK_TYPE_PUBLIC;
+		nc.timestamp = now;
+		nc.revision = network.revision;
+		nc.issuedTo = member.nodeId;
+		if (network.enableBroadcast) nc.flags |= ZT_NETWORKCONFIG_FLAG_ENABLE_BROADCAST;
+		if (network.allowPassiveBridging) nc.flags |= ZT_NETWORKCONFIG_FLAG_ALLOW_PASSIVE_BRIDGING;
+		memcpy(nc.name,network.name,std::min((unsigned int)ZT_MAX_NETWORK_SHORT_NAME_LENGTH,(unsigned int)strlen(network.name)));
+
+		{	// TODO: right now only etherTypes are supported in rules
+			std::vector<int> allowedEtherTypes;
+			sqlite3_reset(_sGetEtherTypesFromRuleTable);
+			sqlite3_bind_text(_sGetEtherTypesFromRuleTable,1,network.id,16,SQLITE_STATIC);
+			while (sqlite3_step(_sGetEtherTypesFromRuleTable) == SQLITE_ROW) {
+				if (sqlite3_column_type(_sGetEtherTypesFromRuleTable,0) == SQLITE_NULL) {
+					allowedEtherTypes.clear();
+					allowedEtherTypes.push_back(0); // NULL 'allow' matches ANY
+					break;
+				} else {
+					int et = sqlite3_column_int(_sGetEtherTypesFromRuleTable,0);
+					if ((et >= 0)&&(et <= 0xffff))
+						allowedEtherTypes.push_back(et);
+				}
+			}
+			std::sort(allowedEtherTypes.begin(),allowedEtherTypes.end());
+			allowedEtherTypes.erase(std::unique(allowedEtherTypes.begin(),allowedEtherTypes.end()),allowedEtherTypes.end());
+
+			for(long i=0;i<(long)allowedEtherTypes.size();++i) {
+				if ((nc.ruleCount + 2) > ZT_MAX_NETWORK_RULES)
+					break;
+				if (allowedEtherTypes[i] > 0) {
+					nc.rules[nc.ruleCount].t = ZT_NETWORK_RULE_MATCH_ETHERTYPE;
+					nc.rules[nc.ruleCount].v.etherType = (uint16_t)allowedEtherTypes[i];
+					++nc.ruleCount;
+				}
+				nc.rules[nc.ruleCount++].t = ZT_NETWORK_RULE_ACTION_ACCEPT;
+			}
+		}
+
+		nc.multicastLimit = network.multicastLimit;
+
+		bool amActiveBridge = false;
+		{
+			sqlite3_reset(_sGetActiveBridges);
+			sqlite3_bind_text(_sGetActiveBridges,1,network.id,16,SQLITE_STATIC);
+			while (sqlite3_step(_sGetActiveBridges) == SQLITE_ROW) {
+				const char *ab = (const char *)sqlite3_column_text(_sGetActiveBridges,0);
+				if ((ab)&&(strlen(ab) == 10)) {
+					const uint64_t ab2 = Utils::hexStrToU64(ab);
+					nc.addSpecialist(Address(ab2),ZT_NETWORKCONFIG_SPECIALIST_TYPE_ACTIVE_BRIDGE);
+					if (!strcmp(member.nodeId,ab))
+						amActiveBridge = true;
+				}
+			}
+		}
+
+		// Do not send relays to 1.1.0 since it had a serious bug in using them
+		// 1.1.0 will still work, it'll just fall back to roots instead of using network preferred relays
+		if (!((metaData.getUI(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_MAJOR_VERSION,0) == 1)&&(metaData.getUI(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_MINOR_VERSION,0) == 1)&&(metaData.getUI(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_REVISION,0) == 0))) {
+			sqlite3_reset(_sGetRelays);
+			sqlite3_bind_text(_sGetRelays,1,network.id,16,SQLITE_STATIC);
+			while (sqlite3_step(_sGetRelays) == SQLITE_ROW) {
+				const char *n = (const char *)sqlite3_column_text(_sGetRelays,0);
+				const char *a = (const char *)sqlite3_column_text(_sGetRelays,1);
+				if ((n)&&(a)) {
+					Address node(n);
+					InetAddress addr(a);
+					if (node)
+						nc.addSpecialist(node,ZT_NETWORKCONFIG_SPECIALIST_TYPE_NETWORK_PREFERRED_RELAY);
+				}
+			}
+		}
+
+		sqlite3_reset(_sGetRoutes);
+		sqlite3_bind_text(_sGetRoutes,1,network.id,16,SQLITE_STATIC);
+		while ((sqlite3_step(_sGetRoutes) == SQLITE_ROW)&&(nc.routeCount < ZT_MAX_NETWORK_ROUTES)) {
+			ZT_VirtualNetworkRoute *r = &(nc.routes[nc.routeCount]);
+			memset(r,0,sizeof(ZT_VirtualNetworkRoute));
+			switch(sqlite3_column_int(_sGetRoutes,3)) { // ipVersion
+				case 4:
+					*(reinterpret_cast<InetAddress *>(&(r->target))) = InetAddress((const void *)((const char *)sqlite3_column_blob(_sGetRoutes,0) + 12),4,(unsigned int)sqlite3_column_int(_sGetRoutes,2));
+					break;
+				case 6:
+					*(reinterpret_cast<InetAddress *>(&(r->target))) = InetAddress((const void *)sqlite3_column_blob(_sGetRoutes,0),16,(unsigned int)sqlite3_column_int(_sGetRoutes,2));
+					break;
+				default:
+					continue;
+			}
+			if (sqlite3_column_type(_sGetRoutes,1) != SQLITE_NULL) {
+				switch(sqlite3_column_int(_sGetRoutes,3)) { // ipVersion
+					case 4:
+						*(reinterpret_cast<InetAddress *>(&(r->via))) = InetAddress((const void *)((const char *)sqlite3_column_blob(_sGetRoutes,1) + 12),4,0);
+						break;
+					case 6:
+						*(reinterpret_cast<InetAddress *>(&(r->via))) = InetAddress((const void *)sqlite3_column_blob(_sGetRoutes,1),16,0);
+						break;
+					default:
+						continue;
+				}
+			}
+			r->flags = (uint16_t)sqlite3_column_int(_sGetRoutes,4);
+			r->metric = (uint16_t)sqlite3_column_int(_sGetRoutes,5);
+			++nc.routeCount;
+		}
+
+		// Assign special IPv6 addresses if these are enabled
+		if (((network.flags & ZT_DB_NETWORK_FLAG_ZT_MANAGED_V6_RFC4193) != 0)&&(nc.staticIpCount < ZT_MAX_ZT_ASSIGNED_ADDRESSES)) {
+			nc.staticIps[nc.staticIpCount++] = InetAddress::makeIpv6rfc4193(nwid,identity.address().toInt());
+			nc.flags |= ZT_NETWORKCONFIG_FLAG_ENABLE_IPV6_NDP_EMULATION;
+		}
+		if (((network.flags & ZT_DB_NETWORK_FLAG_ZT_MANAGED_V6_6PLANE) != 0)&&(nc.staticIpCount < ZT_MAX_ZT_ASSIGNED_ADDRESSES)) {
+			nc.staticIps[nc.staticIpCount++] = InetAddress::makeIpv66plane(nwid,identity.address().toInt());
+			nc.flags |= ZT_NETWORKCONFIG_FLAG_ENABLE_IPV6_NDP_EMULATION;
+		}
+
+		// Get managed addresses that are assigned to this member
+		bool haveManagedIpv4AutoAssignment = false;
+		bool haveManagedIpv6AutoAssignment = false; // "special" NDP-emulated address types do not count
+		sqlite3_reset(_sGetIpAssignmentsForNode);
+		sqlite3_bind_text(_sGetIpAssignmentsForNode,1,network.id,16,SQLITE_STATIC);
+		sqlite3_bind_text(_sGetIpAssignmentsForNode,2,member.nodeId,10,SQLITE_STATIC);
+		while (sqlite3_step(_sGetIpAssignmentsForNode) == SQLITE_ROW) {
+			const unsigned char *const ipbytes = (const unsigned char *)sqlite3_column_blob(_sGetIpAssignmentsForNode,0);
+			if ((!ipbytes)||(sqlite3_column_bytes(_sGetIpAssignmentsForNode,0) != 16))
+				continue;
+			//const int ipNetmaskBits = sqlite3_column_int(_sGetIpAssignmentsForNode,1);
+			const int ipVersion = sqlite3_column_int(_sGetIpAssignmentsForNode,2);
+
+			InetAddress ip;
+			if (ipVersion == 4)
+				ip = InetAddress(ipbytes + 12,4,0);
+			else if (ipVersion == 6)
+				ip = InetAddress(ipbytes,16,0);
+			else continue;
+
+			// IP assignments are only pushed if there is a corresponding local route. We also now get the netmask bits from
+			// this route, ignoring the netmask bits field of the assigned IP itself. Using that was worthless and a source
+			// of user error / poor UX.
+			int routedNetmaskBits = 0;
+			for(unsigned int rk=0;rk<nc.routeCount;++rk) {
+				if ( (!nc.routes[rk].via.ss_family) && (reinterpret_cast<const InetAddress *>(&(nc.routes[rk].target))->containsAddress(ip)) )
+					routedNetmaskBits = reinterpret_cast<const InetAddress *>(&(nc.routes[rk].target))->netmaskBits();
+			}
+
+			if (routedNetmaskBits > 0) {
+				if (nc.staticIpCount < ZT_MAX_ZT_ASSIGNED_ADDRESSES) {
+					ip.setPort(routedNetmaskBits);
+					nc.staticIps[nc.staticIpCount++] = ip;
+				}
+				if (ipVersion == 4)
+					haveManagedIpv4AutoAssignment = true;
+				else if (ipVersion == 6)
+					haveManagedIpv6AutoAssignment = true;
+			}
+		}
+
+		// Auto-assign IPv6 address if auto-assignment is enabled and it's needed
+		if ( ((network.flags & ZT_DB_NETWORK_FLAG_ZT_MANAGED_V6_AUTO_ASSIGN) != 0) && (!haveManagedIpv6AutoAssignment) && (!amActiveBridge) ) {
+			sqlite3_reset(_sGetIpAssignmentPools);
+			sqlite3_bind_text(_sGetIpAssignmentPools,1,network.id,16,SQLITE_STATIC);
+			sqlite3_bind_int(_sGetIpAssignmentPools,2,6); // 6 == IPv6
+			while (sqlite3_step(_sGetIpAssignmentPools) == SQLITE_ROW) {
+				const uint8_t *const ipRangeStartB = reinterpret_cast<const unsigned char *>(sqlite3_column_blob(_sGetIpAssignmentPools,0));
+				const uint8_t *const ipRangeEndB = reinterpret_cast<const unsigned char *>(sqlite3_column_blob(_sGetIpAssignmentPools,1));
+				if ((!ipRangeStartB)||(!ipRangeEndB)||(sqlite3_column_bytes(_sGetIpAssignmentPools,0) != 16)||(sqlite3_column_bytes(_sGetIpAssignmentPools,1) != 16))
+					continue;
+
+				uint64_t s[2],e[2],x[2],xx[2];
+				memcpy(s,ipRangeStartB,16);
+				memcpy(e,ipRangeEndB,16);
+				s[0] = Utils::ntoh(s[0]);
+				s[1] = Utils::ntoh(s[1]);
+				e[0] = Utils::ntoh(e[0]);
+				e[1] = Utils::ntoh(e[1]);
+				x[0] = s[0];
+				x[1] = s[1];
+
+				for(unsigned int trialCount=0;trialCount<1000;++trialCount) {
+					if ((trialCount == 0)&&(e[1] > s[1])&&((e[1] - s[1]) >= 0xffffffffffULL)) {
+						// First see if we can just cram a ZeroTier ID into the higher 64 bits. If so do that.
+						xx[0] = Utils::hton(x[0]);
+						xx[1] = Utils::hton(x[1] + identity.address().toInt());
+					} else {
+						// Otherwise pick random addresses -- this technically doesn't explore the whole range if the lower 64 bit range is >= 1 but that won't matter since that would be huge anyway
+						Utils::getSecureRandom((void *)xx,16);
+						if ((e[0] > s[0]))
+							xx[0] %= (e[0] - s[0]);
+						else xx[0] = 0;
+						if ((e[1] > s[1]))
+							xx[1] %= (e[1] - s[1]);
+						else xx[1] = 0;
+						xx[0] = Utils::hton(x[0] + xx[0]);
+						xx[1] = Utils::hton(x[1] + xx[1]);
+					}
+
+					InetAddress ip6((const void *)xx,16,0);
+
+					// Check if this IP is within a local-to-Ethernet routed network
+					int routedNetmaskBits = 0;
+					for(unsigned int rk=0;rk<nc.routeCount;++rk) {
+						if ( (!nc.routes[rk].via.ss_family) && (nc.routes[rk].target.ss_family == AF_INET6) && (reinterpret_cast<const InetAddress *>(&(nc.routes[rk].target))->containsAddress(ip6)) )
+							routedNetmaskBits = reinterpret_cast<const InetAddress *>(&(nc.routes[rk].target))->netmaskBits();
+					}
+
+					// If it's routed, then try to claim and assign it and if successful end loop
+					if (routedNetmaskBits > 0) {
+						sqlite3_reset(_sCheckIfIpIsAllocated);
+						sqlite3_bind_text(_sCheckIfIpIsAllocated,1,network.id,16,SQLITE_STATIC);
+						sqlite3_bind_blob(_sCheckIfIpIsAllocated,2,(const void *)ip6.rawIpData(),16,SQLITE_STATIC);
+						sqlite3_bind_int(_sCheckIfIpIsAllocated,3,6); // 6 == IPv6
+						sqlite3_bind_int(_sCheckIfIpIsAllocated,4,(int)0 /*ZT_IP_ASSIGNMENT_TYPE_ADDRESS*/);
+						if (sqlite3_step(_sCheckIfIpIsAllocated) != SQLITE_ROW) {
+							// No rows returned, so the IP is available
+							sqlite3_reset(_sAllocateIp);
+							sqlite3_bind_text(_sAllocateIp,1,network.id,16,SQLITE_STATIC);
+							sqlite3_bind_text(_sAllocateIp,2,member.nodeId,10,SQLITE_STATIC);
+							sqlite3_bind_int(_sAllocateIp,3,(int)0 /*ZT_IP_ASSIGNMENT_TYPE_ADDRESS*/);
+							sqlite3_bind_blob(_sAllocateIp,4,(const void *)ip6.rawIpData(),16,SQLITE_STATIC);
+							sqlite3_bind_int(_sAllocateIp,5,routedNetmaskBits); // IP netmask bits from matching route
+							sqlite3_bind_int(_sAllocateIp,6,6); // 6 == IPv6
+							if (sqlite3_step(_sAllocateIp) == SQLITE_DONE) {
+								ip6.setPort(routedNetmaskBits);
+								if (nc.staticIpCount < ZT_MAX_ZT_ASSIGNED_ADDRESSES)
+									nc.staticIps[nc.staticIpCount++] = ip6;
+								break;
+							}
+						}
+					}
+				}
+			}
+		}
+
+		// Auto-assign IPv4 address if auto-assignment is enabled and it's needed
+		if ( ((network.flags & ZT_DB_NETWORK_FLAG_ZT_MANAGED_V4_AUTO_ASSIGN) != 0) && (!haveManagedIpv4AutoAssignment) && (!amActiveBridge) ) {
+			sqlite3_reset(_sGetIpAssignmentPools);
+			sqlite3_bind_text(_sGetIpAssignmentPools,1,network.id,16,SQLITE_STATIC);
+			sqlite3_bind_int(_sGetIpAssignmentPools,2,4); // 4 == IPv4
+			while (sqlite3_step(_sGetIpAssignmentPools) == SQLITE_ROW) {
+				const unsigned char *ipRangeStartB = reinterpret_cast<const unsigned char *>(sqlite3_column_blob(_sGetIpAssignmentPools,0));
+				const unsigned char *ipRangeEndB = reinterpret_cast<const unsigned char *>(sqlite3_column_blob(_sGetIpAssignmentPools,1));
+				if ((!ipRangeStartB)||(!ipRangeEndB)||(sqlite3_column_bytes(_sGetIpAssignmentPools,0) != 16)||(sqlite3_column_bytes(_sGetIpAssignmentPools,1) != 16))
+					continue;
+
+				uint32_t ipRangeStart = Utils::ntoh(*(reinterpret_cast<const uint32_t *>(ipRangeStartB + 12)));
+				uint32_t ipRangeEnd = Utils::ntoh(*(reinterpret_cast<const uint32_t *>(ipRangeEndB + 12)));
+				if ((ipRangeEnd <= ipRangeStart)||(ipRangeStart == 0))
+					continue;
+				uint32_t ipRangeLen = ipRangeEnd - ipRangeStart;
+
+				// Start with the LSB of the member's address
+				uint32_t ipTrialCounter = (uint32_t)(identity.address().toInt() & 0xffffffff);
+
+				for(uint32_t k=ipRangeStart,trialCount=0;(k<=ipRangeEnd)&&(trialCount < 1000);++k,++trialCount) {
+					uint32_t ip = (ipRangeLen > 0) ? (ipRangeStart + (ipTrialCounter % ipRangeLen)) : ipRangeStart;
+					++ipTrialCounter;
+					if ((ip & 0x000000ff) == 0x000000ff)
+						continue; // don't allow addresses that end in .255
+
+					// Check if this IP is within a local-to-Ethernet routed network
+					int routedNetmaskBits = 0;
+					for(unsigned int rk=0;rk<nc.routeCount;++rk) {
+						if ((!nc.routes[rk].via.ss_family)&&(nc.routes[rk].target.ss_family == AF_INET)) {
+							uint32_t targetIp = Utils::ntoh((uint32_t)(reinterpret_cast<const struct sockaddr_in *>(&(nc.routes[rk].target))->sin_addr.s_addr));
+							int targetBits = Utils::ntoh((uint16_t)(reinterpret_cast<const struct sockaddr_in *>(&(nc.routes[rk].target))->sin_port));
+							if ((ip & (0xffffffff << (32 - targetBits))) == targetIp) {
+								routedNetmaskBits = targetBits;
+								break;
+							}
+						}
+					}
+
+					// If it's routed, then try to claim and assign it and if successful end loop
+					if (routedNetmaskBits > 0) {
+						uint32_t ipBlob[4]; // actually a 16-byte blob, we put IPv4s in the last 4 bytes
+						ipBlob[0] = 0; ipBlob[1] = 0; ipBlob[2] = 0; ipBlob[3] = Utils::hton(ip);
+						sqlite3_reset(_sCheckIfIpIsAllocated);
+						sqlite3_bind_text(_sCheckIfIpIsAllocated,1,network.id,16,SQLITE_STATIC);
+						sqlite3_bind_blob(_sCheckIfIpIsAllocated,2,(const void *)ipBlob,16,SQLITE_STATIC);
+						sqlite3_bind_int(_sCheckIfIpIsAllocated,3,4); // 4 == IPv4
+						sqlite3_bind_int(_sCheckIfIpIsAllocated,4,(int)0 /*ZT_IP_ASSIGNMENT_TYPE_ADDRESS*/);
+						if (sqlite3_step(_sCheckIfIpIsAllocated) != SQLITE_ROW) {
+							// No rows returned, so the IP is available
+							sqlite3_reset(_sAllocateIp);
+							sqlite3_bind_text(_sAllocateIp,1,network.id,16,SQLITE_STATIC);
+							sqlite3_bind_text(_sAllocateIp,2,member.nodeId,10,SQLITE_STATIC);
+							sqlite3_bind_int(_sAllocateIp,3,(int)0 /*ZT_IP_ASSIGNMENT_TYPE_ADDRESS*/);
+							sqlite3_bind_blob(_sAllocateIp,4,(const void *)ipBlob,16,SQLITE_STATIC);
+							sqlite3_bind_int(_sAllocateIp,5,routedNetmaskBits); // IP netmask bits from matching route
+							sqlite3_bind_int(_sAllocateIp,6,4); // 4 == IPv4
+							if (sqlite3_step(_sAllocateIp) == SQLITE_DONE) {
+								if (nc.staticIpCount < ZT_MAX_ZT_ASSIGNED_ADDRESSES) {
+									struct sockaddr_in *const v4ip = reinterpret_cast<struct sockaddr_in *>(&(nc.staticIps[nc.staticIpCount++]));
+									v4ip->sin_family = AF_INET;
+									v4ip->sin_port = Utils::hton((uint16_t)routedNetmaskBits);
+									v4ip->sin_addr.s_addr = Utils::hton(ip);
+								}
+								break;
+							}
+						}
+					}
+				}
+			}
+		}
+	} // end lock
+
+	// Perform signing outside lock to enable concurrency
+	if (network.isPrivate) {
+		CertificateOfMembership com(now,ZT_NETWORK_COM_DEFAULT_REVISION_MAX_DELTA,nwid,identity.address());
+		if (com.sign(signingId)) {
+			nc.com = com;
+		} else {
+			return NETCONF_QUERY_INTERNAL_SERVER_ERROR;
+		}
+	}
+
+	return NetworkController::NETCONF_QUERY_OK;
+}
+
+unsigned int SqliteNetworkController::handleControlPlaneHttpGET(
+	const std::vector<std::string> &path,
+	const std::map<std::string,std::string> &urlArgs,
+	const std::map<std::string,std::string> &headers,
+	const std::string &body,
+	std::string &responseBody,
+	std::string &responseContentType)
+{
+	Mutex::Lock _l(_lock);
+	return _doCPGet(path,urlArgs,headers,body,responseBody,responseContentType);
+}
+
+unsigned int SqliteNetworkController::handleControlPlaneHttpPOST(
+	const std::vector<std::string> &path,
+	const std::map<std::string,std::string> &urlArgs,
+	const std::map<std::string,std::string> &headers,
+	const std::string &body,
+	std::string &responseBody,
+	std::string &responseContentType)
+{
+	if (path.empty())
+		return 404;
+	Mutex::Lock _l(_lock);
+
+	_backupNeeded = true;
+
+	if (path[0] == "network") {
+
+		if ((path.size() >= 2)&&(path[1].length() == 16)) {
+			uint64_t nwid = Utils::hexStrToU64(path[1].c_str());
+			char nwids[24];
+			Utils::snprintf(nwids,sizeof(nwids),"%.16llx",(unsigned long long)nwid);
+
+			int64_t revision = 0;
+			sqlite3_reset(_sGetNetworkRevision);
+			sqlite3_bind_text(_sGetNetworkRevision,1,nwids,16,SQLITE_STATIC);
+			bool networkExists = false;
+			if (sqlite3_step(_sGetNetworkRevision) == SQLITE_ROW) {
+				networkExists = true;
+				revision = sqlite3_column_int64(_sGetNetworkRevision,0);
+			}
+
+			if (path.size() >= 3) {
+
+				if (!networkExists)
+					return 404;
+
+				if ((path.size() == 4)&&(path[2] == "member")&&(path[3].length() == 10)) {
+					uint64_t address = Utils::hexStrToU64(path[3].c_str());
+					char addrs[24];
+					Utils::snprintf(addrs,sizeof(addrs),"%.10llx",address);
+
+					int64_t addToNetworkRevision = 0;
+
+					int64_t memberRowId = 0;
+					sqlite3_reset(_sGetMember);
+					sqlite3_bind_text(_sGetMember,1,nwids,16,SQLITE_STATIC);
+					sqlite3_bind_text(_sGetMember,2,addrs,10,SQLITE_STATIC);
+					bool memberExists = false;
+					if (sqlite3_step(_sGetMember) == SQLITE_ROW) {
+						memberExists = true;
+						memberRowId = sqlite3_column_int64(_sGetMember,0);
+					}
+
+					if (!memberExists) {
+						sqlite3_reset(_sCreateMember);
+						sqlite3_bind_text(_sCreateMember,1,nwids,16,SQLITE_STATIC);
+						sqlite3_bind_text(_sCreateMember,2,addrs,10,SQLITE_STATIC);
+						sqlite3_bind_int(_sCreateMember,3,0);
+						sqlite3_bind_text(_sCreateMember,4,nwids,16,SQLITE_STATIC);
+						if (sqlite3_step(_sCreateMember) != SQLITE_DONE)
+							return 500;
+						memberRowId = (int64_t)sqlite3_last_insert_rowid(_db);
+
+						sqlite3_reset(_sIncrementMemberRevisionCounter);
+						sqlite3_bind_text(_sIncrementMemberRevisionCounter,1,nwids,16,SQLITE_STATIC);
+						sqlite3_step(_sIncrementMemberRevisionCounter);
+						addToNetworkRevision = 1;
+					}
+
+					json_value *j = json_parse(body.c_str(),body.length());
+					if (j) {
+						if (j->type == json_object) {
+							for(unsigned int k=0;k<j->u.object.length;++k) {
+
+								if (!strcmp(j->u.object.values[k].name,"authorized")) {
+									if (j->u.object.values[k].value->type == json_boolean) {
+										sqlite3_reset(_sUpdateMemberAuthorized);
+										sqlite3_bind_int(_sUpdateMemberAuthorized,1,(j->u.object.values[k].value->u.boolean == 0) ? 0 : 1);
+										sqlite3_bind_text(_sUpdateMemberAuthorized,2,nwids,16,SQLITE_STATIC);
+										sqlite3_bind_int64(_sUpdateMemberAuthorized,3,memberRowId);
+										if (sqlite3_step(_sUpdateMemberAuthorized) != SQLITE_DONE)
+											return 500;
+
+										sqlite3_reset(_sIncrementMemberRevisionCounter);
+										sqlite3_bind_text(_sIncrementMemberRevisionCounter,1,nwids,16,SQLITE_STATIC);
+										sqlite3_step(_sIncrementMemberRevisionCounter);
+										addToNetworkRevision = 1;
+									}
+								} else if (!strcmp(j->u.object.values[k].name,"activeBridge")) {
+									if (j->u.object.values[k].value->type == json_boolean) {
+										sqlite3_reset(_sUpdateMemberActiveBridge);
+										sqlite3_bind_int(_sUpdateMemberActiveBridge,1,(j->u.object.values[k].value->u.boolean == 0) ? 0 : 1);
+										sqlite3_bind_text(_sUpdateMemberActiveBridge,2,nwids,16,SQLITE_STATIC);
+										sqlite3_bind_int64(_sUpdateMemberActiveBridge,3,memberRowId);
+										if (sqlite3_step(_sUpdateMemberActiveBridge) != SQLITE_DONE)
+											return 500;
+
+										sqlite3_reset(_sIncrementMemberRevisionCounter);
+										sqlite3_bind_text(_sIncrementMemberRevisionCounter,1,nwids,16,SQLITE_STATIC);
+										sqlite3_step(_sIncrementMemberRevisionCounter);
+										addToNetworkRevision = 1;
+									}
+								} else if (!strcmp(j->u.object.values[k].name,"ipAssignments")) {
+									if (j->u.object.values[k].value->type == json_array) {
+										sqlite3_reset(_sDeleteIpAllocations);
+										sqlite3_bind_text(_sDeleteIpAllocations,1,nwids,16,SQLITE_STATIC);
+										sqlite3_bind_text(_sDeleteIpAllocations,2,addrs,10,SQLITE_STATIC);
+										sqlite3_bind_int(_sDeleteIpAllocations,3,(int)0 /*ZT_IP_ASSIGNMENT_TYPE_ADDRESS*/);
+										if (sqlite3_step(_sDeleteIpAllocations) != SQLITE_DONE)
+											return 500;
+										for(unsigned int kk=0;kk<j->u.object.values[k].value->u.array.length;++kk) {
+											json_value *ipalloc = j->u.object.values[k].value->u.array.values[kk];
+											if (ipalloc->type == json_string) {
+												InetAddress a(ipalloc->u.string.ptr);
+												char ipBlob[16];
+												int ipVersion = 0;
+												_ipToBlob(a,ipBlob,ipVersion);
+												if (ipVersion > 0) {
+													sqlite3_reset(_sAllocateIp);
+													sqlite3_bind_text(_sAllocateIp,1,nwids,16,SQLITE_STATIC);
+													sqlite3_bind_text(_sAllocateIp,2,addrs,10,SQLITE_STATIC);
+													sqlite3_bind_int(_sAllocateIp,3,(int)0 /*ZT_IP_ASSIGNMENT_TYPE_ADDRESS*/);
+													sqlite3_bind_blob(_sAllocateIp,4,(const void *)ipBlob,16,SQLITE_STATIC);
+													sqlite3_bind_int(_sAllocateIp,5,(int)a.netmaskBits()); // NOTE: this field is now ignored but set it anyway
+													sqlite3_bind_int(_sAllocateIp,6,ipVersion);
+													if (sqlite3_step(_sAllocateIp) != SQLITE_DONE)
+														return 500;
+												}
+											}
+										}
+										addToNetworkRevision = 1;
+									}
+								} else if (!strcmp(j->u.object.values[k].name,"identity")) {
+									// Identity is technically an immutable field, but if the member's Node has
+									// no identity we allow it to be populated. This is primarily for migrating
+									// node data from another controller.
+									json_value *idstr = j->u.object.values[k].value;
+									if (idstr->type == json_string) {
+										bool alreadyHaveIdentity = false;
+
+										sqlite3_reset(_sGetNodeIdentity);
+										sqlite3_bind_text(_sGetNodeIdentity,1,addrs,10,SQLITE_STATIC);
+										if (sqlite3_step(_sGetNodeIdentity) == SQLITE_ROW) {
+											const char *tmp2 = (const char *)sqlite3_column_text(_sGetNodeIdentity,0);
+											if ((tmp2)&&(tmp2[0]))
+												alreadyHaveIdentity = true;
+										}
+
+										if (!alreadyHaveIdentity) {
+											try {
+												Identity id2(idstr->u.string.ptr);
+												if (id2) {
+													std::string idstr2(id2.toString(false)); // object must persist until after sqlite3_step() for SQLITE_STATIC
+													sqlite3_reset(_sCreateOrReplaceNode);
+													sqlite3_bind_text(_sCreateOrReplaceNode,1,addrs,10,SQLITE_STATIC);
+													sqlite3_bind_text(_sCreateOrReplaceNode,2,idstr2.c_str(),-1,SQLITE_STATIC);
+													sqlite3_step(_sCreateOrReplaceNode);
+												}
+											} catch ( ... ) {} // ignore invalid identities
+										}
+									}
+								}
+
+							}
+						}
+						json_value_free(j);
+					}
+
+					if ((addToNetworkRevision > 0)&&(revision > 0)) {
+						sqlite3_reset(_sSetNetworkRevision);
+						sqlite3_bind_int64(_sSetNetworkRevision,1,revision + addToNetworkRevision);
+						sqlite3_bind_text(_sSetNetworkRevision,2,nwids,16,SQLITE_STATIC);
+						sqlite3_step(_sSetNetworkRevision);
+					}
+
+					return _doCPGet(path,urlArgs,headers,body,responseBody,responseContentType);
+				} else if ((path.size() == 3)&&(path[2] == "test")) {
+					ZT_CircuitTest *test = (ZT_CircuitTest *)malloc(sizeof(ZT_CircuitTest));
+					memset(test,0,sizeof(ZT_CircuitTest));
+
+					Utils::getSecureRandom(&(test->testId),sizeof(test->testId));
+					test->credentialNetworkId = nwid;
+					test->ptr = (void *)this;
+
+					json_value *j = json_parse(body.c_str(),body.length());
+					if (j) {
+						if (j->type == json_object) {
+							for(unsigned int k=0;k<j->u.object.length;++k) {
+
+								if (!strcmp(j->u.object.values[k].name,"hops")) {
+									if (j->u.object.values[k].value->type == json_array) {
+										for(unsigned int kk=0;kk<j->u.object.values[k].value->u.array.length;++kk) {
+											json_value *hop = j->u.object.values[k].value->u.array.values[kk];
+											if (hop->type == json_array) {
+												for(unsigned int kkk=0;kkk<hop->u.array.length;++kkk) {
+													if (hop->u.array.values[kkk]->type == json_string) {
+														test->hops[test->hopCount].addresses[test->hops[test->hopCount].breadth++] = Utils::hexStrToU64(hop->u.array.values[kkk]->u.string.ptr) & 0xffffffffffULL;
+													}
+												}
+												++test->hopCount;
+											}
+										}
+									}
+								} else if (!strcmp(j->u.object.values[k].name,"reportAtEveryHop")) {
+									if (j->u.object.values[k].value->type == json_boolean)
+										test->reportAtEveryHop = (j->u.object.values[k].value->u.boolean == 0) ? 0 : 1;
+								}
+
+							}
+						}
+						json_value_free(j);
+					}
+
+					if (!test->hopCount) {
+						::free((void *)test);
+						return 500;
+					}
+
+					test->timestamp = OSUtils::now();
+
+					_CircuitTestEntry &te = _circuitTests[test->testId];
+					te.test = test;
+					te.jsonResults = "";
+
+					_node->circuitTestBegin(test,&(SqliteNetworkController::_circuitTestCallback));
+
+					char json[1024];
+					Utils::snprintf(json,sizeof(json),"{\"testId\":\"%.16llx\"}",test->testId);
+					responseBody = json;
+					responseContentType = "application/json";
+
+					return 200;
+				} // else 404
+
+			} else {
+				std::vector<std::string> path_copy(path);
+
+				if (!networkExists) {
+					if (path[1].substr(10) == "______") {
+						// A special POST /network/##########______ feature lets users create a network
+						// with an arbitrary unused network number at this controller.
+						nwid = 0;
+
+						uint64_t nwidPrefix = (Utils::hexStrToU64(path[1].substr(0,10).c_str()) << 24) & 0xffffffffff000000ULL;
+						uint64_t nwidPostfix = 0;
+						Utils::getSecureRandom(&nwidPostfix,sizeof(nwidPostfix));
+						uint64_t nwidOriginalPostfix = nwidPostfix;
+						do {
+							uint64_t tryNwid = nwidPrefix | (nwidPostfix & 0xffffffULL);
+							if (!nwidPostfix)
+								tryNwid |= 1;
+							Utils::snprintf(nwids,sizeof(nwids),"%.16llx",(unsigned long long)tryNwid);
+
+							sqlite3_reset(_sGetNetworkRevision);
+							sqlite3_bind_text(_sGetNetworkRevision,1,nwids,16,SQLITE_STATIC);
+							if (sqlite3_step(_sGetNetworkRevision) != SQLITE_ROW) {
+								nwid = tryNwid;
+								break;
+							}
+
+							++nwidPostfix;
+						} while (nwidPostfix != nwidOriginalPostfix);
+
+						// 503 means we have no more free IDs for this prefix. You shouldn't host anywhere
+						// near 16 million networks on the same controller, so shouldn't happen.
+						if (!nwid)
+							return 503;
+					}
+
+					sqlite3_reset(_sCreateNetwork);
+					sqlite3_bind_text(_sCreateNetwork,1,nwids,16,SQLITE_STATIC);
+					sqlite3_bind_text(_sCreateNetwork,2,"",0,SQLITE_STATIC);
+					sqlite3_bind_int64(_sCreateNetwork,3,(long long)OSUtils::now());
+					if (sqlite3_step(_sCreateNetwork) != SQLITE_DONE)
+						return 500;
+					path_copy[1].assign(nwids);
+				}
+
+				json_value *j = json_parse(body.c_str(),body.length());
+				if (j) {
+					if (j->type == json_object) {
+						for(unsigned int k=0;k<j->u.object.length;++k) {
+							sqlite3_stmt *stmt = (sqlite3_stmt *)0;
+
+							if (!strcmp(j->u.object.values[k].name,"name")) {
+								if ((j->u.object.values[k].value->type == json_string)&&(j->u.object.values[k].value->u.string.ptr[0])) {
+									if (sqlite3_prepare_v2(_db,"UPDATE Network SET \"name\" = ? WHERE id = ?",-1,&stmt,(const char **)0) == SQLITE_OK)
+										sqlite3_bind_text(stmt,1,j->u.object.values[k].value->u.string.ptr,-1,SQLITE_STATIC);
+								}
+							} else if (!strcmp(j->u.object.values[k].name,"private")) {
+								if (j->u.object.values[k].value->type == json_boolean) {
+									if (sqlite3_prepare_v2(_db,"UPDATE Network SET \"private\" = ? WHERE id = ?",-1,&stmt,(const char **)0) == SQLITE_OK)
+										sqlite3_bind_int(stmt,1,(j->u.object.values[k].value->u.boolean == 0) ? 0 : 1);
+								}
+							} else if (!strcmp(j->u.object.values[k].name,"enableBroadcast")) {
+								if (j->u.object.values[k].value->type == json_boolean) {
+									if (sqlite3_prepare_v2(_db,"UPDATE Network SET enableBroadcast = ? WHERE id = ?",-1,&stmt,(const char **)0) == SQLITE_OK)
+										sqlite3_bind_int(stmt,1,(j->u.object.values[k].value->u.boolean == 0) ? 0 : 1);
+								}
+							} else if (!strcmp(j->u.object.values[k].name,"allowPassiveBridging")) {
+								if (j->u.object.values[k].value->type == json_boolean) {
+									if (sqlite3_prepare_v2(_db,"UPDATE Network SET allowPassiveBridging = ? WHERE id = ?",-1,&stmt,(const char **)0) == SQLITE_OK)
+										sqlite3_bind_int(stmt,1,(j->u.object.values[k].value->u.boolean == 0) ? 0 : 1);
+								}
+							} else if (!strcmp(j->u.object.values[k].name,"v4AssignMode")) {
+								if ((j->u.object.values[k].value->type == json_string)&&(!strcmp(j->u.object.values[k].value->u.string.ptr,"zt"))) {
+									if (sqlite3_prepare_v2(_db,"UPDATE Network SET \"flags\" = (\"flags\" | ?) WHERE id = ?",-1,&stmt,(const char **)0) == SQLITE_OK)
+										sqlite3_bind_int(stmt,1,(int)ZT_DB_NETWORK_FLAG_ZT_MANAGED_V4_AUTO_ASSIGN);
+								} else {
+									if (sqlite3_prepare_v2(_db,"UPDATE Network SET \"flags\" = (\"flags\" & ?) WHERE id = ?",-1,&stmt,(const char **)0) == SQLITE_OK)
+										sqlite3_bind_int(stmt,1,(int)(ZT_DB_NETWORK_FLAG_ZT_MANAGED_V4_AUTO_ASSIGN ^ 0xfffffff));
+								}
+							} else if (!strcmp(j->u.object.values[k].name,"v6AssignMode")) {
+								int fl = 0;
+								if (j->u.object.values[k].value->type == json_string) {
+									char *saveptr = (char *)0;
+									for(char *f=Utils::stok(j->u.object.values[k].value->u.string.ptr,",",&saveptr);(f);f=Utils::stok((char *)0,",",&saveptr)) {
+										if (!strcmp(f,"rfc4193"))
+											fl |= ZT_DB_NETWORK_FLAG_ZT_MANAGED_V6_RFC4193;
+										else if (!strcmp(f,"6plane"))
+											fl |= ZT_DB_NETWORK_FLAG_ZT_MANAGED_V6_6PLANE;
+										else if (!strcmp(f,"zt"))
+											fl |= ZT_DB_NETWORK_FLAG_ZT_MANAGED_V6_AUTO_ASSIGN;
+									}
+								}
+								if (sqlite3_prepare_v2(_db,"UPDATE Network SET \"flags\" = ((\"flags\" & " ZT_DB_NETWORK_FLAG_ZT_MANAGED_V6_MASK_S ") | ?) WHERE id = ?",-1,&stmt,(const char **)0) == SQLITE_OK)
+									sqlite3_bind_int(stmt,1,fl);
+							} else if (!strcmp(j->u.object.values[k].name,"multicastLimit")) {
+								if (j->u.object.values[k].value->type == json_integer) {
+									if (sqlite3_prepare_v2(_db,"UPDATE Network SET multicastLimit = ? WHERE id = ?",-1,&stmt,(const char **)0) == SQLITE_OK)
+										sqlite3_bind_int(stmt,1,(int)j->u.object.values[k].value->u.integer);
+								}
+							} else if (!strcmp(j->u.object.values[k].name,"relays")) {
+								if (j->u.object.values[k].value->type == json_array) {
+									std::map<Address,InetAddress> nodeIdToPhyAddress;
+									for(unsigned int kk=0;kk<j->u.object.values[k].value->u.array.length;++kk) {
+										json_value *relay = j->u.object.values[k].value->u.array.values[kk];
+										const char *address = (const char *)0;
+										const char *phyAddress = (const char *)0;
+										if ((relay)&&(relay->type == json_object)) {
+											for(unsigned int rk=0;rk<relay->u.object.length;++rk) {
+												if ((!strcmp(relay->u.object.values[rk].name,"address"))&&(relay->u.object.values[rk].value->type == json_string))
+													address = relay->u.object.values[rk].value->u.string.ptr;
+												else if ((!strcmp(relay->u.object.values[rk].name,"phyAddress"))&&(relay->u.object.values[rk].value->type == json_string))
+													phyAddress = relay->u.object.values[rk].value->u.string.ptr;
+											}
+										}
+										if ((address)&&(phyAddress))
+											nodeIdToPhyAddress[Address(address)] = InetAddress(phyAddress);
+									}
+
+									sqlite3_reset(_sDeleteRelaysForNetwork);
+									sqlite3_bind_text(_sDeleteRelaysForNetwork,1,nwids,16,SQLITE_STATIC);
+									sqlite3_step(_sDeleteRelaysForNetwork);
+
+									for(std::map<Address,InetAddress>::iterator rl(nodeIdToPhyAddress.begin());rl!=nodeIdToPhyAddress.end();++rl) {
+										sqlite3_reset(_sCreateRelay);
+										sqlite3_bind_text(_sCreateRelay,1,nwids,16,SQLITE_STATIC);
+										std::string a(rl->first.toString()),b(rl->second.toString()); // don't destroy strings until sqlite3_step()
+										sqlite3_bind_text(_sCreateRelay,2,a.c_str(),-1,SQLITE_STATIC);
+										sqlite3_bind_text(_sCreateRelay,3,b.c_str(),-1,SQLITE_STATIC);
+										sqlite3_step(_sCreateRelay);
+									}
+								}
+							} else if (!strcmp(j->u.object.values[k].name,"routes")) {
+								sqlite3_reset(_sDeleteRoutes);
+								sqlite3_bind_text(_sDeleteRoutes,1,nwids,16,SQLITE_STATIC);
+								sqlite3_step(_sDeleteRoutes);
+								if (j->u.object.values[k].value->type == json_array) {
+									for(unsigned int kk=0;kk<j->u.object.values[k].value->u.array.length;++kk) {
+										json_value *r = j->u.object.values[k].value->u.array.values[kk];
+										if ((r)&&(r->type == json_object)) {
+											InetAddress r_target,r_via;
+											int r_flags = 0;
+											int r_metric = 0;
+											for(unsigned int rk=0;rk<r->u.object.length;++rk) {
+												if ((!strcmp(r->u.object.values[rk].name,"target"))&&(r->u.object.values[rk].value->type == json_string))
+													r_target = InetAddress(std::string(r->u.object.values[rk].value->u.string.ptr));
+												else if ((!strcmp(r->u.object.values[rk].name,"via"))&&(r->u.object.values[rk].value->type == json_string))
+													r_via = InetAddress(std::string(r->u.object.values[rk].value->u.string.ptr),0);
+												else if ((!strcmp(r->u.object.values[rk].name,"flags"))&&(r->u.object.values[rk].value->type == json_integer))
+													r_flags = (int)(r->u.object.values[rk].value->u.integer & 0xffff);
+												else if ((!strcmp(r->u.object.values[rk].name,"metric"))&&(r->u.object.values[rk].value->type == json_integer))
+													r_metric = (int)(r->u.object.values[rk].value->u.integer & 0xffff);
+											}
+											if ((r_target)&&((!r_via)||(r_via.ss_family == r_target.ss_family))) {
+												int r_ipVersion = 0;
+												char r_targetBlob[16];
+												char r_viaBlob[16];
+												_ipToBlob(r_target,r_targetBlob,r_ipVersion);
+												if (r_ipVersion) {
+													int r_targetNetmaskBits = r_target.netmaskBits();
+													if ((r_ipVersion == 4)&&(r_targetNetmaskBits > 32)) r_targetNetmaskBits = 32;
+													else if ((r_ipVersion == 6)&&(r_targetNetmaskBits > 128)) r_targetNetmaskBits = 128;
+													sqlite3_reset(_sCreateRoute);
+													sqlite3_bind_text(_sCreateRoute,1,nwids,16,SQLITE_STATIC);
+													sqlite3_bind_blob(_sCreateRoute,2,(const void *)r_targetBlob,16,SQLITE_STATIC);
+													if (r_via) {
+														_ipToBlob(r_via,r_viaBlob,r_ipVersion);
+														sqlite3_bind_blob(_sCreateRoute,3,(const void *)r_viaBlob,16,SQLITE_STATIC);
+													} else {
+														sqlite3_bind_null(_sCreateRoute,3);
+													}
+													sqlite3_bind_int(_sCreateRoute,4,r_targetNetmaskBits);
+													sqlite3_bind_int(_sCreateRoute,5,r_ipVersion);
+													sqlite3_bind_int(_sCreateRoute,6,r_flags);
+													sqlite3_bind_int(_sCreateRoute,7,r_metric);
+													sqlite3_step(_sCreateRoute);
+												}
+											}
+										}
+									}
+								}
+							} else if (!strcmp(j->u.object.values[k].name,"ipAssignmentPools")) {
+								if (j->u.object.values[k].value->type == json_array) {
+									std::vector< std::pair<InetAddress,InetAddress> > pools;
+									for(unsigned int kk=0;kk<j->u.object.values[k].value->u.array.length;++kk) {
+										json_value *pool = j->u.object.values[k].value->u.array.values[kk];
+										const char *iprs = (const char *)0;
+										const char *ipre = (const char *)0;
+										if ((pool)&&(pool->type == json_object)) {
+											for(unsigned int rk=0;rk<pool->u.object.length;++rk) {
+												if ((!strcmp(pool->u.object.values[rk].name,"ipRangeStart"))&&(pool->u.object.values[rk].value->type == json_string))
+													iprs = pool->u.object.values[rk].value->u.string.ptr;
+												else if ((!strcmp(pool->u.object.values[rk].name,"ipRangeEnd"))&&(pool->u.object.values[rk].value->type == json_string))
+													ipre = pool->u.object.values[rk].value->u.string.ptr;
+											}
+										}
+										if ((iprs)&&(ipre)) {
+											InetAddress iprs2(iprs);
+											InetAddress ipre2(ipre);
+											if (iprs2.ss_family == ipre2.ss_family) {
+												iprs2.setPort(0);
+												ipre2.setPort(0);
+												pools.push_back(std::pair<InetAddress,InetAddress>(iprs2,ipre2));
+											}
+										}
+									}
+									std::sort(pools.begin(),pools.end());
+									pools.erase(std::unique(pools.begin(),pools.end()),pools.end());
+
+									sqlite3_reset(_sDeleteIpAssignmentPoolsForNetwork);
+									sqlite3_bind_text(_sDeleteIpAssignmentPoolsForNetwork,1,nwids,16,SQLITE_STATIC);
+									sqlite3_step(_sDeleteIpAssignmentPoolsForNetwork);
+
+									for(std::vector< std::pair<InetAddress,InetAddress> >::const_iterator p(pools.begin());p!=pools.end();++p) {
+										char ipBlob1[16],ipBlob2[16];
+										sqlite3_reset(_sCreateIpAssignmentPool);
+										sqlite3_bind_text(_sCreateIpAssignmentPool,1,nwids,16,SQLITE_STATIC);
+										if (p->first.ss_family == AF_INET) {
+											memset(ipBlob1,0,12);
+											memcpy(ipBlob1 + 12,p->first.rawIpData(),4);
+											memset(ipBlob2,0,12);
+											memcpy(ipBlob2 + 12,p->second.rawIpData(),4);
+											sqlite3_bind_blob(_sCreateIpAssignmentPool,2,(const void *)ipBlob1,16,SQLITE_STATIC);
+											sqlite3_bind_blob(_sCreateIpAssignmentPool,3,(const void *)ipBlob2,16,SQLITE_STATIC);
+											sqlite3_bind_int(_sCreateIpAssignmentPool,4,4);
+										} else if (p->first.ss_family == AF_INET6) {
+											sqlite3_bind_blob(_sCreateIpAssignmentPool,2,p->first.rawIpData(),16,SQLITE_STATIC);
+											sqlite3_bind_blob(_sCreateIpAssignmentPool,3,p->second.rawIpData(),16,SQLITE_STATIC);
+											sqlite3_bind_int(_sCreateIpAssignmentPool,4,6);
+										} else continue;
+										sqlite3_step(_sCreateIpAssignmentPool);
+									}
+								}
+							} else if (!strcmp(j->u.object.values[k].name,"rules")) {
+								if (j->u.object.values[k].value->type == json_array) {
+									sqlite3_reset(_sDeleteRulesForNetwork);
+									sqlite3_bind_text(_sDeleteRulesForNetwork,1,nwids,16,SQLITE_STATIC);
+									sqlite3_step(_sDeleteRulesForNetwork);
+
+									for(unsigned int kk=0;kk<j->u.object.values[k].value->u.array.length;++kk) {
+										json_value *rj = j->u.object.values[k].value->u.array.values[kk];
+										if ((rj)&&(rj->type == json_object)) {
+											struct { // NULL pointers indicate missing or NULL -- wildcards
+												const json_int_t *ruleNo;
+												const char *nodeId;
+												const char *sourcePort;
+												const char *destPort;
+												const json_int_t *vlanId;
+												const json_int_t *vlanPcp;
+												const json_int_t *etherType;
+												const char *macSource;
+												const char *macDest;
+												const char *ipSource;
+												const char *ipDest;
+												const json_int_t *ipTos;
+												const json_int_t *ipProtocol;
+												const json_int_t *ipSourcePort;
+												const json_int_t *ipDestPort;
+												const json_int_t *flags;
+												const json_int_t *invFlags;
+												const char *action;
+											} rule;
+											memset(&rule,0,sizeof(rule));
+
+											for(unsigned int rk=0;rk<rj->u.object.length;++rk) {
+												if ((!strcmp(rj->u.object.values[rk].name,"ruleNo"))&&(rj->u.object.values[rk].value->type == json_integer))
+													rule.ruleNo = &(rj->u.object.values[rk].value->u.integer);
+												else if ((!strcmp(rj->u.object.values[rk].name,"nodeId"))&&(rj->u.object.values[rk].value->type == json_string))
+													rule.nodeId = rj->u.object.values[rk].value->u.string.ptr;
+												else if ((!strcmp(rj->u.object.values[rk].name,"sourcePort"))&&(rj->u.object.values[rk].value->type == json_string))
+													rule.sourcePort = rj->u.object.values[rk].value->u.string.ptr;
+												else if ((!strcmp(rj->u.object.values[rk].name,"destPort"))&&(rj->u.object.values[rk].value->type == json_string))
+													rule.destPort = rj->u.object.values[rk].value->u.string.ptr;
+												else if ((!strcmp(rj->u.object.values[rk].name,"vlanId"))&&(rj->u.object.values[rk].value->type == json_integer))
+													rule.vlanId = &(rj->u.object.values[rk].value->u.integer);
+												else if ((!strcmp(rj->u.object.values[rk].name,"vlanPcp"))&&(rj->u.object.values[rk].value->type == json_integer))
+													rule.vlanPcp = &(rj->u.object.values[rk].value->u.integer);
+												else if ((!strcmp(rj->u.object.values[rk].name,"etherType"))&&(rj->u.object.values[rk].value->type == json_integer))
+													rule.etherType = &(rj->u.object.values[rk].value->u.integer);
+												else if ((!strcmp(rj->u.object.values[rk].name,"macSource"))&&(rj->u.object.values[rk].value->type == json_string))
+													rule.macSource = rj->u.object.values[rk].value->u.string.ptr;
+												else if ((!strcmp(rj->u.object.values[rk].name,"macDest"))&&(rj->u.object.values[rk].value->type == json_string))
+													rule.macDest = rj->u.object.values[rk].value->u.string.ptr;
+												else if ((!strcmp(rj->u.object.values[rk].name,"ipSource"))&&(rj->u.object.values[rk].value->type == json_string))
+													rule.ipSource = rj->u.object.values[rk].value->u.string.ptr;
+												else if ((!strcmp(rj->u.object.values[rk].name,"ipDest"))&&(rj->u.object.values[rk].value->type == json_string))
+													rule.ipDest = rj->u.object.values[rk].value->u.string.ptr;
+												else if ((!strcmp(rj->u.object.values[rk].name,"ipTos"))&&(rj->u.object.values[rk].value->type == json_integer))
+													rule.ipTos = &(rj->u.object.values[rk].value->u.integer);
+												else if ((!strcmp(rj->u.object.values[rk].name,"ipProtocol"))&&(rj->u.object.values[rk].value->type == json_integer))
+													rule.ipProtocol = &(rj->u.object.values[rk].value->u.integer);
+												else if ((!strcmp(rj->u.object.values[rk].name,"ipSourcePort"))&&(rj->u.object.values[rk].value->type == json_integer))
+													rule.ipSourcePort = &(rj->u.object.values[rk].value->u.integer);
+												else if ((!strcmp(rj->u.object.values[rk].name,"ipDestPort"))&&(rj->u.object.values[rk].value->type == json_integer))
+													rule.ipDestPort = &(rj->u.object.values[rk].value->u.integer);
+												else if ((!strcmp(rj->u.object.values[rk].name,"flags"))&&(rj->u.object.values[rk].value->type == json_integer))
+													rule.flags = &(rj->u.object.values[rk].value->u.integer);
+												else if ((!strcmp(rj->u.object.values[rk].name,"invFlags"))&&(rj->u.object.values[rk].value->type == json_integer))
+													rule.invFlags = &(rj->u.object.values[rk].value->u.integer);
+												else if ((!strcmp(rj->u.object.values[rk].name,"action"))&&(rj->u.object.values[rk].value->type == json_string))
+													rule.action = rj->u.object.values[rk].value->u.string.ptr;
+											}
+
+											if ((rule.ruleNo)&&(rule.action)&&(rule.action[0])) {
+												char mactmp1[16],mactmp2[16];
+												sqlite3_reset(_sCreateRule);
+												sqlite3_bind_text(_sCreateRule,1,nwids,16,SQLITE_STATIC);
+												sqlite3_bind_int64(_sCreateRule,2,*rule.ruleNo);
+
+												// Optional values: null by default
+												for(int i=3;i<=18;++i)
+													sqlite3_bind_null(_sCreateRule,i);
+												if ((rule.nodeId)&&(strlen(rule.nodeId) == 10)) sqlite3_bind_text(_sCreateRule,3,rule.nodeId,10,SQLITE_STATIC);
+												if ((rule.sourcePort)&&(strlen(rule.sourcePort) == 10)) sqlite3_bind_text(_sCreateRule,4,rule.sourcePort,10,SQLITE_STATIC);
+												if ((rule.destPort)&&(strlen(rule.destPort) == 10)) sqlite3_bind_text(_sCreateRule,5,rule.destPort,10,SQLITE_STATIC);
+												if (rule.vlanId) sqlite3_bind_int(_sCreateRule,6,(int)*rule.vlanId);
+												if (rule.vlanPcp) sqlite3_bind_int(_sCreateRule,7,(int)*rule.vlanPcp);
+												if (rule.etherType) sqlite3_bind_int(_sCreateRule,8,(int)*rule.etherType & (int)0xffff);
+												if (rule.macSource) {
+													MAC m(rule.macSource);
+													Utils::snprintf(mactmp1,sizeof(mactmp1),"%.12llx",(unsigned long long)m.toInt());
+													sqlite3_bind_text(_sCreateRule,9,mactmp1,-1,SQLITE_STATIC);
+												}
+												if (rule.macDest) {
+													MAC m(rule.macDest);
+													Utils::snprintf(mactmp2,sizeof(mactmp2),"%.12llx",(unsigned long long)m.toInt());
+													sqlite3_bind_text(_sCreateRule,10,mactmp2,-1,SQLITE_STATIC);
+												}
+												if (rule.ipSource) sqlite3_bind_text(_sCreateRule,11,rule.ipSource,-1,SQLITE_STATIC);
+												if (rule.ipDest) sqlite3_bind_text(_sCreateRule,12,rule.ipDest,-1,SQLITE_STATIC);
+												if (rule.ipTos) sqlite3_bind_int(_sCreateRule,13,(int)*rule.ipTos);
+												if (rule.ipProtocol) sqlite3_bind_int(_sCreateRule,14,(int)*rule.ipProtocol);
+												if (rule.ipSourcePort) sqlite3_bind_int(_sCreateRule,15,(int)*rule.ipSourcePort & (int)0xffff);
+												if (rule.ipDestPort) sqlite3_bind_int(_sCreateRule,16,(int)*rule.ipDestPort & (int)0xffff);
+												if (rule.flags) sqlite3_bind_int64(_sCreateRule,17,(int64_t)*rule.flags);
+												if (rule.invFlags) sqlite3_bind_int64(_sCreateRule,18,(int64_t)*rule.invFlags);
+
+												sqlite3_bind_text(_sCreateRule,19,rule.action,-1,SQLITE_STATIC);
+												sqlite3_step(_sCreateRule);
+											}
+										}
+									}
+								}
+							}
+
+							if (stmt) {
+								sqlite3_bind_text(stmt,2,nwids,16,SQLITE_STATIC);
+								sqlite3_step(stmt);
+								sqlite3_finalize(stmt);
+							}
+						}
+					}
+					json_value_free(j);
+				}
+
+				sqlite3_reset(_sSetNetworkRevision);
+				sqlite3_bind_int64(_sSetNetworkRevision,1,revision += 1);
+				sqlite3_bind_text(_sSetNetworkRevision,2,nwids,16,SQLITE_STATIC);
+				sqlite3_step(_sSetNetworkRevision);
+
+				return _doCPGet(path_copy,urlArgs,headers,body,responseBody,responseContentType);
+			}
+
+		} // else 404
+
+	} // else 404
+
+	return 404;
+}
+
+unsigned int SqliteNetworkController::handleControlPlaneHttpDELETE(
+	const std::vector<std::string> &path,
+	const std::map<std::string,std::string> &urlArgs,
+	const std::map<std::string,std::string> &headers,
+	const std::string &body,
+	std::string &responseBody,
+	std::string &responseContentType)
+{
+	if (path.empty())
+		return 404;
+	Mutex::Lock _l(_lock);
+
+	_backupNeeded = true;
+
+	if (path[0] == "network") {
+
+		if ((path.size() >= 2)&&(path[1].length() == 16)) {
+			uint64_t nwid = Utils::hexStrToU64(path[1].c_str());
+			char nwids[24];
+			Utils::snprintf(nwids,sizeof(nwids),"%.16llx",(unsigned long long)nwid);
+
+			sqlite3_reset(_sGetNetworkById);
+			sqlite3_bind_text(_sGetNetworkById,1,nwids,16,SQLITE_STATIC);
+			if (sqlite3_step(_sGetNetworkById) != SQLITE_ROW)
+				return 404;
+
+			if (path.size() >= 3) {
+
+				if ((path.size() == 4)&&(path[2] == "member")&&(path[3].length() == 10)) {
+					uint64_t address = Utils::hexStrToU64(path[3].c_str());
+					char addrs[24];
+					Utils::snprintf(addrs,sizeof(addrs),"%.10llx",address);
+
+					sqlite3_reset(_sGetMember);
+					sqlite3_bind_text(_sGetMember,1,nwids,16,SQLITE_STATIC);
+					sqlite3_bind_text(_sGetMember,2,addrs,10,SQLITE_STATIC);
+					if (sqlite3_step(_sGetMember) != SQLITE_ROW)
+						return 404;
+
+					sqlite3_reset(_sDeleteIpAllocations);
+					sqlite3_bind_text(_sDeleteIpAllocations,1,nwids,16,SQLITE_STATIC);
+					sqlite3_bind_text(_sDeleteIpAllocations,2,addrs,10,SQLITE_STATIC);
+					sqlite3_bind_int(_sDeleteIpAllocations,3,(int)0 /*ZT_IP_ASSIGNMENT_TYPE_ADDRESS*/);
+					if (sqlite3_step(_sDeleteIpAllocations) == SQLITE_DONE) {
+						sqlite3_reset(_sDeleteMember);
+						sqlite3_bind_text(_sDeleteMember,1,nwids,16,SQLITE_STATIC);
+						sqlite3_bind_text(_sDeleteMember,2,addrs,10,SQLITE_STATIC);
+						if (sqlite3_step(_sDeleteMember) != SQLITE_DONE)
+							return 500;
+					} else return 500;
+
+					return 200;
+				}
+
+			} else {
+
+				sqlite3_reset(_sDeleteNetwork);
+				sqlite3_bind_text(_sDeleteNetwork,1,nwids,16,SQLITE_STATIC);
+				if (sqlite3_step(_sDeleteNetwork) == SQLITE_DONE) {
+					sqlite3_reset(_sDeleteAllNetworkMembers);
+					sqlite3_bind_text(_sDeleteAllNetworkMembers,1,nwids,16,SQLITE_STATIC);
+					sqlite3_step(_sDeleteAllNetworkMembers);
+					return 200;
+				} else return 500;
+
+			}
+		} // else 404
+
+	} // else 404
+
+	return 404;
+}
+
+void SqliteNetworkController::threadMain()
+	throw()
+{
+	uint64_t lastBackupTime = OSUtils::now();
+	uint64_t lastCleanupTime = OSUtils::now();
+
+	while (_backupThreadRun) {
+		if ((OSUtils::now() - lastCleanupTime) >= 5000) {
+			const uint64_t now = OSUtils::now();
+			lastCleanupTime = now;
+
+			Mutex::Lock _l(_lock);
+
+			// Clean out really old circuit tests to prevent memory build-up
+			for(std::map< uint64_t,_CircuitTestEntry >::iterator ct(_circuitTests.begin());ct!=_circuitTests.end();) {
+				if (!ct->second.test) {
+					_circuitTests.erase(ct++);
+				} else if ((now - ct->second.test->timestamp) >= ZT_SQLITENETWORKCONTROLLER_CIRCUIT_TEST_TIMEOUT) {
+					_node->circuitTestEnd(ct->second.test);
+					::free((void *)ct->second.test);
+					_circuitTests.erase(ct++);
+				} else ++ct;
+			}
+		}
+
+		if (((OSUtils::now() - lastBackupTime) >= ZT_NETCONF_BACKUP_PERIOD)&&(_backupNeeded)) {
+			lastBackupTime = OSUtils::now();
+
+			char backupPath[4096],backupPath2[4096];
+			Utils::snprintf(backupPath,sizeof(backupPath),"%s.backupInProgress",_dbPath.c_str());
+			Utils::snprintf(backupPath2,sizeof(backupPath),"%s.backup",_dbPath.c_str());
+			OSUtils::rm(backupPath); // delete any unfinished backups
+
+			sqlite3 *bakdb = (sqlite3 *)0;
+			sqlite3_backup *bak = (sqlite3_backup *)0;
+			if (sqlite3_open_v2(backupPath,&bakdb,SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE,(const char *)0) != SQLITE_OK) {
+				fprintf(stderr,"SqliteNetworkController: CRITICAL: backup failed on sqlite3_open_v2()"ZT_EOL_S);
+				continue;
+			}
+			bak = sqlite3_backup_init(bakdb,"main",_db,"main");
+			if (!bak) {
+				sqlite3_close(bakdb);
+				OSUtils::rm(backupPath); // delete any unfinished backups
+				fprintf(stderr,"SqliteNetworkController: CRITICAL: backup failed on sqlite3_backup_init()"ZT_EOL_S);
+				continue;
+			}
+
+			int rc = SQLITE_OK;
+			for(;;) {
+				if (!_backupThreadRun) {
+					sqlite3_backup_finish(bak);
+					sqlite3_close(bakdb);
+					OSUtils::rm(backupPath);
+					return;
+				}
+				_lock.lock();
+				rc = sqlite3_backup_step(bak,64);
+				_lock.unlock();
+				if ((rc == SQLITE_OK)||(rc == SQLITE_LOCKED)||(rc == SQLITE_BUSY))
+					Thread::sleep(50);
+				else break;
+			}
+
+			sqlite3_backup_finish(bak);
+			sqlite3_close(bakdb);
+
+			OSUtils::rm(backupPath2);
+			::rename(backupPath,backupPath2);
+
+			_backupNeeded = false;
+		}
+
+		Thread::sleep(250);
+	}
+}
+
+unsigned int SqliteNetworkController::_doCPGet(
+	const std::vector<std::string> &path,
+	const std::map<std::string,std::string> &urlArgs,
+	const std::map<std::string,std::string> &headers,
+	const std::string &body,
+	std::string &responseBody,
+	std::string &responseContentType)
+{
+	// Assumes _lock is locked
+	char json[65536];
+
+	if ((path.size() > 0)&&(path[0] == "network")) {
+
+		if ((path.size() >= 2)&&(path[1].length() == 16)) {
+			uint64_t nwid = Utils::hexStrToU64(path[1].c_str());
+			char nwids[24];
+			Utils::snprintf(nwids,sizeof(nwids),"%.16llx",(unsigned long long)nwid);
+
+			if (path.size() >= 3) {
+				// /network/<nwid>/...
+
+				if (path[2] == "member") {
+
+					if (path.size() >= 4) {
+						// Get specific member info
+
+						uint64_t address = Utils::hexStrToU64(path[3].c_str());
+						char addrs[24];
+						Utils::snprintf(addrs,sizeof(addrs),"%.10llx",address);
+
+						sqlite3_reset(_sGetMember2);
+						sqlite3_bind_text(_sGetMember2,1,nwids,16,SQLITE_STATIC);
+						sqlite3_bind_text(_sGetMember2,2,addrs,10,SQLITE_STATIC);
+						if (sqlite3_step(_sGetMember2) == SQLITE_ROW) {
+							const char *memberIdStr = (const char *)sqlite3_column_text(_sGetMember2,3);
+
+							Utils::snprintf(json,sizeof(json),
+								"{\n"
+								"\t\"nwid\": \"%s\",\n"
+								"\t\"address\": \"%s\",\n"
+								"\t\"controllerInstanceId\": \"%s\",\n"
+								"\t\"authorized\": %s,\n"
+								"\t\"activeBridge\": %s,\n"
+								"\t\"memberRevision\": %llu,\n"
+								"\t\"clock\": %llu,\n"
+								"\t\"identity\": \"%s\",\n"
+								"\t\"ipAssignments\": [",
+								nwids,
+								addrs,
+								_instanceId.c_str(),
+								(sqlite3_column_int(_sGetMember2,0) > 0) ? "true" : "false",
+								(sqlite3_column_int(_sGetMember2,1) > 0) ? "true" : "false",
+								(unsigned long long)sqlite3_column_int64(_sGetMember2,2),
+								(unsigned long long)OSUtils::now(),
+								_jsonEscape(memberIdStr).c_str());
+							responseBody = json;
+
+							sqlite3_reset(_sGetIpAssignmentsForNode);
+							sqlite3_bind_text(_sGetIpAssignmentsForNode,1,nwids,16,SQLITE_STATIC);
+							sqlite3_bind_text(_sGetIpAssignmentsForNode,2,addrs,10,SQLITE_STATIC);
+							bool firstIp = true;
+							while (sqlite3_step(_sGetIpAssignmentsForNode) == SQLITE_ROW) {
+								int ipversion = sqlite3_column_int(_sGetIpAssignmentsForNode,2);
+								char ipBlob[16];
+								memcpy(ipBlob,(const void *)sqlite3_column_blob(_sGetIpAssignmentsForNode,0),16);
+								InetAddress ip(
+									(const void *)(ipversion == 6 ? ipBlob : &ipBlob[12]),
+									(ipversion == 6 ? 16 : 4),
+									(unsigned int)sqlite3_column_int(_sGetIpAssignmentsForNode,1)
+								);
+								responseBody.append(firstIp ? "\"" : ",\"");
+								responseBody.append(_jsonEscape(ip.toIpString()));
+								responseBody.push_back('"');
+								firstIp = false;
+							}
+
+							responseBody.append("],\n\t\"recentLog\": [");
+
+							const void *histb = sqlite3_column_blob(_sGetMember2,6);
+							if (histb) {
+								MemberRecentHistory rh;
+								rh.fromBlob((const char *)histb,sqlite3_column_bytes(_sGetMember2,6));
+								for(MemberRecentHistory::const_iterator i(rh.begin());i!=rh.end();++i) {
+									if (i != rh.begin())
+										responseBody.push_back(',');
+									responseBody.append(*i);
+								}
+							}
+
+							responseBody.append("]\n}\n");
+
+							responseContentType = "application/json";
+							return 200;
+						} // else 404
+
+					} else {
+						// List members
+
+						sqlite3_reset(_sListNetworkMembers);
+						sqlite3_bind_text(_sListNetworkMembers,1,nwids,16,SQLITE_STATIC);
+						responseBody.push_back('{');
+						bool firstMember = true;
+						while (sqlite3_step(_sListNetworkMembers) == SQLITE_ROW) {
+							responseBody.append(firstMember ? "\"" : ",\"");
+							firstMember = false;
+							responseBody.append((const char *)sqlite3_column_text(_sListNetworkMembers,0));
+							responseBody.append("\":");
+							responseBody.append((const char *)sqlite3_column_text(_sListNetworkMembers,1));
+						}
+						responseBody.push_back('}');
+						responseContentType = "application/json";
+						return 200;
+
+					}
+
+				} else if ((path[2] == "active")&&(path.size() == 3)) {
+
+					sqlite3_reset(_sGetActiveNodesOnNetwork);
+					sqlite3_bind_text(_sGetActiveNodesOnNetwork,1,nwids,16,SQLITE_STATIC);
+					sqlite3_bind_int64(_sGetActiveNodesOnNetwork,2,(int64_t)(OSUtils::now() - ZT_NETCONF_NODE_ACTIVE_THRESHOLD));
+
+					responseBody.push_back('{');
+					bool firstActiveMember = true;
+					while (sqlite3_step(_sGetActiveNodesOnNetwork) == SQLITE_ROW) {
+						const char *nodeId = (const char *)sqlite3_column_text(_sGetActiveNodesOnNetwork,0);
+						const char *rhblob = (const char *)sqlite3_column_blob(_sGetActiveNodesOnNetwork,1);
+						if ((nodeId)&&(rhblob)) {
+							MemberRecentHistory rh;
+							rh.fromBlob(rhblob,sqlite3_column_bytes(_sGetActiveNodesOnNetwork,1));
+							if (rh.size() > 0) {
+								if (firstActiveMember) {
+									firstActiveMember = false;
+								} else {
+									responseBody.push_back(',');
+								}
+								responseBody.push_back('"');
+								responseBody.append(nodeId);
+								responseBody.append("\":");
+								responseBody.append(rh.front());
+							}
+						}
+					}
+					responseBody.push_back('}');
+
+					responseContentType = "application/json";
+					return 200;
+
+				} else if ((path[2] == "test")&&(path.size() >= 4)) {
+
+					std::map< uint64_t,_CircuitTestEntry >::iterator cte(_circuitTests.find(Utils::hexStrToU64(path[3].c_str())));
+					if ((cte != _circuitTests.end())&&(cte->second.test)) {
+
+						responseBody = "[";
+						responseBody.append(cte->second.jsonResults);
+						responseBody.push_back(']');
+						responseContentType = "application/json";
+
+						return 200;
+
+					} // else 404
+
+				} // else 404
+
+			} else {
+
+				sqlite3_reset(_sGetNetworkById);
+				sqlite3_bind_text(_sGetNetworkById,1,nwids,16,SQLITE_STATIC);
+				if (sqlite3_step(_sGetNetworkById) == SQLITE_ROW) {
+					unsigned int fl = (unsigned int)sqlite3_column_int(_sGetNetworkById,4);
+					std::string v6modes;
+					if ((fl & ZT_DB_NETWORK_FLAG_ZT_MANAGED_V6_RFC4193) != 0)
+						v6modes.append("rfc4193");
+					if ((fl & ZT_DB_NETWORK_FLAG_ZT_MANAGED_V6_6PLANE) != 0) {
+						if (v6modes.length() > 0)
+							v6modes.push_back(',');
+						v6modes.append("6plane");
+					}
+					if ((fl & ZT_DB_NETWORK_FLAG_ZT_MANAGED_V6_AUTO_ASSIGN) != 0) {
+						if (v6modes.length() > 0)
+							v6modes.push_back(',');
+						v6modes.append("zt");
+					}
+
+					Utils::snprintf(json,sizeof(json),
+						"{\n"
+						"\t\"nwid\": \"%s\",\n"
+						"\t\"controllerInstanceId\": \"%s\",\n"
+						"\t\"clock\": %llu,\n"
+						"\t\"name\": \"%s\",\n"
+						"\t\"private\": %s,\n"
+						"\t\"enableBroadcast\": %s,\n"
+						"\t\"allowPassiveBridging\": %s,\n"
+						"\t\"v4AssignMode\": \"%s\",\n"
+						"\t\"v6AssignMode\": \"%s\",\n"
+						"\t\"multicastLimit\": %d,\n"
+						"\t\"creationTime\": %llu,\n"
+						"\t\"revision\": %llu,\n"
+						"\t\"memberRevisionCounter\": %llu,\n"
+						"\t\"authorizedMemberCount\": %llu,\n"
+						"\t\"relays\": [",
+						nwids,
+						_instanceId.c_str(),
+						(unsigned long long)OSUtils::now(),
+						_jsonEscape((const char *)sqlite3_column_text(_sGetNetworkById,0)).c_str(),
+						(sqlite3_column_int(_sGetNetworkById,1) > 0) ? "true" : "false",
+						(sqlite3_column_int(_sGetNetworkById,2) > 0) ? "true" : "false",
+						(sqlite3_column_int(_sGetNetworkById,3) > 0) ? "true" : "false",
+						(((fl & ZT_DB_NETWORK_FLAG_ZT_MANAGED_V4_AUTO_ASSIGN) != 0) ? "zt" : ""),
+						v6modes.c_str(),
+						sqlite3_column_int(_sGetNetworkById,5),
+						(unsigned long long)sqlite3_column_int64(_sGetNetworkById,6),
+						(unsigned long long)sqlite3_column_int64(_sGetNetworkById,7),
+						(unsigned long long)sqlite3_column_int64(_sGetNetworkById,8),
+						(unsigned long long)sqlite3_column_int64(_sGetNetworkById,9));
+					responseBody = json;
+
+					sqlite3_reset(_sGetRelays);
+					sqlite3_bind_text(_sGetRelays,1,nwids,16,SQLITE_STATIC);
+					bool firstRelay = true;
+					while (sqlite3_step(_sGetRelays) == SQLITE_ROW) {
+						responseBody.append(firstRelay ? "\n\t\t" : ",\n\t\t");
+						firstRelay = false;
+						responseBody.append("{\"address\":\"");
+						responseBody.append((const char *)sqlite3_column_text(_sGetRelays,0));
+						responseBody.append("\",\"phyAddress\":\"");
+						responseBody.append(_jsonEscape((const char *)sqlite3_column_text(_sGetRelays,1)));
+						responseBody.append("\"}");
+					}
+
+					responseBody.append("],\n\t\"routes\": [");
+
+					sqlite3_reset(_sGetRoutes);
+					sqlite3_bind_text(_sGetRoutes,1,nwids,16,SQLITE_STATIC);
+					bool firstRoute = true;
+					while (sqlite3_step(_sGetRoutes) == SQLITE_ROW) {
+						responseBody.append(firstRoute ? "\n\t\t" : ",\n\t\t");
+						firstRoute = false;
+						responseBody.append("{\"target\":");
+						char tmp[128];
+						const unsigned char *ip = (const unsigned char *)sqlite3_column_blob(_sGetRoutes,0);
+						switch(sqlite3_column_int(_sGetRoutes,3)) { // ipVersion
+							case 4:
+								Utils::snprintf(tmp,sizeof(tmp),"\"%d.%d.%d.%d/%d\"",(int)ip[12],(int)ip[13],(int)ip[14],(int)ip[15],sqlite3_column_int(_sGetRoutes,2));
+								break;
+							case 6:
+								Utils::snprintf(tmp,sizeof(tmp),"\"%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x/%d\"",(int)ip[0],(int)ip[1],(int)ip[2],(int)ip[3],(int)ip[4],(int)ip[5],(int)ip[6],(int)ip[7],(int)ip[8],(int)ip[9],(int)ip[10],(int)ip[11],(int)ip[12],(int)ip[13],(int)ip[14],(int)ip[15],sqlite3_column_int(_sGetRoutes,2));
+								break;
+						}
+						responseBody.append(tmp);
+						if (sqlite3_column_type(_sGetRoutes,1) == SQLITE_NULL) {
+							responseBody.append(",\"via\":null");
+						} else {
+							responseBody.append(",\"via\":");
+							ip = (const unsigned char *)sqlite3_column_blob(_sGetRoutes,1);
+							switch(sqlite3_column_int(_sGetRoutes,3)) { // ipVersion
+								case 4:
+									Utils::snprintf(tmp,sizeof(tmp),"\"%d.%d.%d.%d\"",(int)ip[12],(int)ip[13],(int)ip[14],(int)ip[15]);
+									break;
+								case 6:
+									Utils::snprintf(tmp,sizeof(tmp),"\"%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x\"",(int)ip[0],(int)ip[1],(int)ip[2],(int)ip[3],(int)ip[4],(int)ip[5],(int)ip[6],(int)ip[7],(int)ip[8],(int)ip[9],(int)ip[10],(int)ip[11],(int)ip[12],(int)ip[13],(int)ip[14],(int)ip[15]);
+									break;
+							}
+							responseBody.append(tmp);
+						}
+						responseBody.append(",\"flags\":");
+						responseBody.append((const char *)sqlite3_column_text(_sGetRoutes,4));
+						responseBody.append(",\"metric\":");
+						responseBody.append((const char *)sqlite3_column_text(_sGetRoutes,5));
+						responseBody.push_back('}');
+					}
+
+					responseBody.append("],\n\t\"ipAssignmentPools\": [");
+
+					sqlite3_reset(_sGetIpAssignmentPools2);
+					sqlite3_bind_text(_sGetIpAssignmentPools2,1,nwids,16,SQLITE_STATIC);
+					bool firstIpAssignmentPool = true;
+					while (sqlite3_step(_sGetIpAssignmentPools2) == SQLITE_ROW) {
+						const char *ipRangeStartB = reinterpret_cast<const char *>(sqlite3_column_blob(_sGetIpAssignmentPools2,0));
+						const char *ipRangeEndB = reinterpret_cast<const char *>(sqlite3_column_blob(_sGetIpAssignmentPools2,1));
+						if ((ipRangeStartB)&&(ipRangeEndB)) {
+							InetAddress ipps,ippe;
+							int ipVersion = sqlite3_column_int(_sGetIpAssignmentPools2,2);
+							if (ipVersion == 4) {
+								ipps.set((const void *)(ipRangeStartB + 12),4,0);
+								ippe.set((const void *)(ipRangeEndB + 12),4,0);
+							} else if (ipVersion == 6) {
+								ipps.set((const void *)ipRangeStartB,16,0);
+								ippe.set((const void *)ipRangeEndB,16,0);
+							}
+							if (ipps) {
+								responseBody.append(firstIpAssignmentPool ? "\n\t\t" : ",\n\t\t");
+								firstIpAssignmentPool = false;
+								Utils::snprintf(json,sizeof(json),"{\"ipRangeStart\":\"%s\",\"ipRangeEnd\":\"%s\"}",
+									_jsonEscape(ipps.toIpString()).c_str(),
+									_jsonEscape(ippe.toIpString()).c_str());
+								responseBody.append(json);
+							}
+						}
+					}
+
+					responseBody.append("],\n\t\"rules\": [");
+
+					sqlite3_reset(_sListRules);
+					sqlite3_bind_text(_sListRules,1,nwids,16,SQLITE_STATIC);
+					bool firstRule = true;
+					while (sqlite3_step(_sListRules) == SQLITE_ROW) {
+						responseBody.append(firstRule ? "\n\t{\n" : ",{\n");
+						firstRule = false;
+						Utils::snprintf(json,sizeof(json),"\t\t\"ruleNo\": %lld,\n",sqlite3_column_int64(_sListRules,0));
+						responseBody.append(json);
+						if (sqlite3_column_type(_sListRules,1) != SQLITE_NULL) {
+							Utils::snprintf(json,sizeof(json),"\t\t\"nodeId\": \"%s\",\n",(const char *)sqlite3_column_text(_sListRules,1));
+							responseBody.append(json);
+						}
+						if (sqlite3_column_type(_sListRules,2) != SQLITE_NULL) {
+							Utils::snprintf(json,sizeof(json),"\t\t\"sourcePort\": \"%s\",\n",(const char *)sqlite3_column_text(_sListRules,2));
+							responseBody.append(json);
+						}
+						if (sqlite3_column_type(_sListRules,3) != SQLITE_NULL) {
+							Utils::snprintf(json,sizeof(json),"\t\t\"destPort\": \"%s\",\n",(const char *)sqlite3_column_text(_sListRules,3));
+							responseBody.append(json);
+						}
+						if (sqlite3_column_type(_sListRules,4) != SQLITE_NULL) {
+							Utils::snprintf(json,sizeof(json),"\t\t\"vlanId\": %d,\n",sqlite3_column_int(_sListRules,4));
+							responseBody.append(json);
+						}
+						if (sqlite3_column_type(_sListRules,5) != SQLITE_NULL) {
+							Utils::snprintf(json,sizeof(json),"\t\t\"vlanPcp\": %d,\n",sqlite3_column_int(_sListRules,5));
+							responseBody.append(json);
+						}
+						if (sqlite3_column_type(_sListRules,6) != SQLITE_NULL) {
+							Utils::snprintf(json,sizeof(json),"\t\t\"etherType\": %d,\n",sqlite3_column_int(_sListRules,6));
+							responseBody.append(json);
+						}
+						if (sqlite3_column_type(_sListRules,7) != SQLITE_NULL) {
+							Utils::snprintf(json,sizeof(json),"\t\t\"macSource\": \"%s\",\n",MAC((const char *)sqlite3_column_text(_sListRules,7)).toString().c_str());
+							responseBody.append(json);
+						}
+						if (sqlite3_column_type(_sListRules,8) != SQLITE_NULL) {
+							Utils::snprintf(json,sizeof(json),"\t\t\"macDest\": \"%s\",\n",MAC((const char *)sqlite3_column_text(_sListRules,8)).toString().c_str());
+							responseBody.append(json);
+						}
+						if (sqlite3_column_type(_sListRules,9) != SQLITE_NULL) {
+							Utils::snprintf(json,sizeof(json),"\t\t\"ipSource\": \"%s\",\n",_jsonEscape((const char *)sqlite3_column_text(_sListRules,9)).c_str());
+							responseBody.append(json);
+						}
+						if (sqlite3_column_type(_sListRules,10) != SQLITE_NULL) {
+							Utils::snprintf(json,sizeof(json),"\t\t\"ipDest\": \"%s\",\n",_jsonEscape((const char *)sqlite3_column_text(_sListRules,10)).c_str());
+							responseBody.append(json);
+						}
+						if (sqlite3_column_type(_sListRules,11) != SQLITE_NULL) {
+							Utils::snprintf(json,sizeof(json),"\t\t\"ipTos\": %d,\n",sqlite3_column_int(_sListRules,11));
+							responseBody.append(json);
+						}
+						if (sqlite3_column_type(_sListRules,12) != SQLITE_NULL) {
+							Utils::snprintf(json,sizeof(json),"\t\t\"ipProtocol\": %d,\n",sqlite3_column_int(_sListRules,12));
+							responseBody.append(json);
+						}
+						if (sqlite3_column_type(_sListRules,13) != SQLITE_NULL) {
+							Utils::snprintf(json,sizeof(json),"\t\t\"ipSourcePort\": %d,\n",sqlite3_column_int(_sListRules,13));
+							responseBody.append(json);
+						}
+						if (sqlite3_column_type(_sListRules,14) != SQLITE_NULL) {
+							Utils::snprintf(json,sizeof(json),"\t\t\"ipDestPort\": %d,\n",sqlite3_column_int(_sListRules,14));
+							responseBody.append(json);
+						}
+						if (sqlite3_column_type(_sListRules,15) != SQLITE_NULL) {
+							Utils::snprintf(json,sizeof(json),"\t\t\"flags\": %lu,\n",(unsigned long)sqlite3_column_int64(_sListRules,15));
+							responseBody.append(json);
+						}
+						if (sqlite3_column_type(_sListRules,16) != SQLITE_NULL) {
+							Utils::snprintf(json,sizeof(json),"\t\t\"invFlags\": %lu,\n",(unsigned long)sqlite3_column_int64(_sListRules,16));
+							responseBody.append(json);
+						}
+						responseBody.append("\t\t\"action\": \"");
+						responseBody.append(_jsonEscape( (sqlite3_column_type(_sListRules,17) == SQLITE_NULL) ? "drop" : (const char *)sqlite3_column_text(_sListRules,17) ));
+						responseBody.append("\"\n\t}");
+					}
+
+					responseBody.append("]\n}\n");
+					responseContentType = "application/json";
+					return 200;
+				} // else 404
+			}
+		} else if (path.size() == 1) {
+			// list networks
+			sqlite3_reset(_sListNetworks);
+			responseContentType = "application/json";
+			responseBody = "[";
+			bool first = true;
+			while (sqlite3_step(_sListNetworks) == SQLITE_ROW) {
+				if (first) {
+					first = false;
+					responseBody.push_back('"');
+				} else responseBody.append(",\"");
+				responseBody.append((const char *)sqlite3_column_text(_sListNetworks,0));
+				responseBody.push_back('"');
+			}
+			responseBody.push_back(']');
+			return 200;
+		} // else 404
+
+	} else {
+		// GET /controller returns status and API version if controller is supported
+		Utils::snprintf(json,sizeof(json),"{\n\t\"controller\": true,\n\t\"apiVersion\": %d,\n\t\"clock\": %llu,\n\t\"instanceId\": \"%s\"\n}\n",ZT_NETCONF_CONTROLLER_API_VERSION,(unsigned long long)OSUtils::now(),_instanceId.c_str());
+		responseBody = json;
+		responseContentType = "application/json";
+		return 200;
+	}
+
+	return 404;
+}
+
+void SqliteNetworkController::_circuitTestCallback(ZT_Node *node,ZT_CircuitTest *test,const ZT_CircuitTestReport *report)
+{
+	char tmp[65535];
+	SqliteNetworkController *const self = reinterpret_cast<SqliteNetworkController *>(test->ptr);
+
+	if (!test)
+		return;
+	if (!report)
+		return;
+
+	Mutex::Lock _l(self->_lock);
+	std::map< uint64_t,_CircuitTestEntry >::iterator cte(self->_circuitTests.find(test->testId));
+
+	if (cte == self->_circuitTests.end()) { // sanity check: a circuit test we didn't launch?
+		self->_node->circuitTestEnd(test);
+		::free((void *)test);
+		return;
+	}
+
+	Utils::snprintf(tmp,sizeof(tmp),
+		"%s{\n"
+		"\t\"timestamp\": %llu,"ZT_EOL_S
+		"\t\"testId\": \"%.16llx\","ZT_EOL_S
+		"\t\"upstream\": \"%.10llx\","ZT_EOL_S
+		"\t\"current\": \"%.10llx\","ZT_EOL_S
+		"\t\"receivedTimestamp\": %llu,"ZT_EOL_S
+		"\t\"remoteTimestamp\": %llu,"ZT_EOL_S
+		"\t\"sourcePacketId\": \"%.16llx\","ZT_EOL_S
+		"\t\"flags\": %llu,"ZT_EOL_S
+		"\t\"sourcePacketHopCount\": %u,"ZT_EOL_S
+		"\t\"errorCode\": %u,"ZT_EOL_S
+		"\t\"vendor\": %d,"ZT_EOL_S
+		"\t\"protocolVersion\": %u,"ZT_EOL_S
+		"\t\"majorVersion\": %u,"ZT_EOL_S
+		"\t\"minorVersion\": %u,"ZT_EOL_S
+		"\t\"revision\": %u,"ZT_EOL_S
+		"\t\"platform\": %d,"ZT_EOL_S
+		"\t\"architecture\": %d,"ZT_EOL_S
+		"\t\"receivedOnLocalAddress\": \"%s\","ZT_EOL_S
+		"\t\"receivedFromRemoteAddress\": \"%s\""ZT_EOL_S
+		"}",
+		((cte->second.jsonResults.length() > 0) ? ",\n" : ""),
+		(unsigned long long)report->timestamp,
+		(unsigned long long)test->testId,
+		(unsigned long long)report->upstream,
+		(unsigned long long)report->current,
+		(unsigned long long)OSUtils::now(),
+		(unsigned long long)report->remoteTimestamp,
+		(unsigned long long)report->sourcePacketId,
+		(unsigned long long)report->flags,
+		report->sourcePacketHopCount,
+		report->errorCode,
+		(int)report->vendor,
+		report->protocolVersion,
+		report->majorVersion,
+		report->minorVersion,
+		report->revision,
+		(int)report->platform,
+		(int)report->architecture,
+		reinterpret_cast<const InetAddress *>(&(report->receivedOnLocalAddress))->toString().c_str(),
+		reinterpret_cast<const InetAddress *>(&(report->receivedFromRemoteAddress))->toString().c_str());
+
+	cte->second.jsonResults.append(tmp);
+}
+
+} // namespace ZeroTier
diff --git a/controller/SqliteNetworkController.hpp b/controller/SqliteNetworkController.hpp
new file mode 100644
index 0000000..145788c
--- /dev/null
+++ b/controller/SqliteNetworkController.hpp
@@ -0,0 +1,181 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+#ifndef ZT_SQLITENETWORKCONTROLLER_HPP
+#define ZT_SQLITENETWORKCONTROLLER_HPP
+
+#include <stdint.h>
+
+#include <sqlite3.h>
+
+#include <string>
+#include <map>
+#include <vector>
+
+#include "../node/Constants.hpp"
+#include "../node/NetworkController.hpp"
+#include "../node/Mutex.hpp"
+#include "../osdep/Thread.hpp"
+
+// Number of in-memory last log entries to maintain per user
+#define ZT_SQLITENETWORKCONTROLLER_IN_MEMORY_LOG_SIZE 32
+
+// How long do circuit tests last before they're forgotten?
+#define ZT_SQLITENETWORKCONTROLLER_CIRCUIT_TEST_TIMEOUT 60000
+
+namespace ZeroTier {
+
+class Node;
+
+class SqliteNetworkController : public NetworkController
+{
+public:
+	SqliteNetworkController(Node *node,const char *dbPath,const char *circuitTestPath);
+	virtual ~SqliteNetworkController();
+
+	virtual NetworkController::ResultCode doNetworkConfigRequest(
+		const InetAddress &fromAddr,
+		const Identity &signingId,
+		const Identity &identity,
+		uint64_t nwid,
+		const Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> &metaData,
+		NetworkConfig &nc);
+
+	unsigned int handleControlPlaneHttpGET(
+		const std::vector<std::string> &path,
+		const std::map<std::string,std::string> &urlArgs,
+		const std::map<std::string,std::string> &headers,
+		const std::string &body,
+		std::string &responseBody,
+		std::string &responseContentType);
+	unsigned int handleControlPlaneHttpPOST(
+		const std::vector<std::string> &path,
+		const std::map<std::string,std::string> &urlArgs,
+		const std::map<std::string,std::string> &headers,
+		const std::string &body,
+		std::string &responseBody,
+		std::string &responseContentType);
+	unsigned int handleControlPlaneHttpDELETE(
+		const std::vector<std::string> &path,
+		const std::map<std::string,std::string> &urlArgs,
+		const std::map<std::string,std::string> &headers,
+		const std::string &body,
+		std::string &responseBody,
+		std::string &responseContentType);
+
+	// threadMain() for backup thread -- do not call directly
+	void threadMain()
+		throw();
+
+private:
+	/* deprecated
+	enum IpAssignmentType {
+		// IP assignment is a static IP address
+		ZT_IP_ASSIGNMENT_TYPE_ADDRESS = 0,
+		// IP assignment is a network -- a route via this interface, not an address
+		ZT_IP_ASSIGNMENT_TYPE_NETWORK = 1
+	};
+	*/
+
+	unsigned int _doCPGet(
+		const std::vector<std::string> &path,
+		const std::map<std::string,std::string> &urlArgs,
+		const std::map<std::string,std::string> &headers,
+		const std::string &body,
+		std::string &responseBody,
+		std::string &responseContentType);
+
+	static void _circuitTestCallback(ZT_Node *node,ZT_CircuitTest *test,const ZT_CircuitTestReport *report);
+
+	Node *_node;
+	Thread _backupThread;
+	volatile bool _backupThreadRun;
+	volatile bool _backupNeeded;
+	std::string _dbPath;
+	std::string _circuitTestPath;
+	std::string _instanceId;
+
+	// Circuit tests outstanding
+	struct _CircuitTestEntry
+	{
+		ZT_CircuitTest *test;
+		std::string jsonResults;
+	};
+	std::map< uint64_t,_CircuitTestEntry > _circuitTests;
+
+	// Last request time by address, for rate limitation
+	std::map< std::pair<uint64_t,uint64_t>,uint64_t > _lastRequestTime;
+
+	sqlite3 *_db;
+
+	sqlite3_stmt *_sGetNetworkById;
+	sqlite3_stmt *_sGetMember;
+	sqlite3_stmt *_sCreateMember;
+	sqlite3_stmt *_sGetNodeIdentity;
+	sqlite3_stmt *_sCreateOrReplaceNode;
+	sqlite3_stmt *_sGetEtherTypesFromRuleTable;
+	sqlite3_stmt *_sGetActiveBridges;
+	sqlite3_stmt *_sGetIpAssignmentsForNode;
+	sqlite3_stmt *_sGetIpAssignmentPools;
+	sqlite3_stmt *_sCheckIfIpIsAllocated;
+	sqlite3_stmt *_sAllocateIp;
+	sqlite3_stmt *_sDeleteIpAllocations;
+	sqlite3_stmt *_sGetRelays;
+	sqlite3_stmt *_sListNetworks;
+	sqlite3_stmt *_sListNetworkMembers;
+	sqlite3_stmt *_sGetMember2;
+	sqlite3_stmt *_sGetIpAssignmentPools2;
+	sqlite3_stmt *_sListRules;
+	sqlite3_stmt *_sCreateRule;
+	sqlite3_stmt *_sCreateNetwork;
+	sqlite3_stmt *_sGetNetworkRevision;
+	sqlite3_stmt *_sSetNetworkRevision;
+	sqlite3_stmt *_sDeleteRelaysForNetwork;
+	sqlite3_stmt *_sCreateRelay;
+	sqlite3_stmt *_sDeleteIpAssignmentPoolsForNetwork;
+	sqlite3_stmt *_sDeleteRulesForNetwork;
+	sqlite3_stmt *_sCreateIpAssignmentPool;
+	sqlite3_stmt *_sUpdateMemberAuthorized;
+	sqlite3_stmt *_sUpdateMemberActiveBridge;
+	sqlite3_stmt *_sUpdateMemberHistory;
+	sqlite3_stmt *_sDeleteMember;
+	sqlite3_stmt *_sDeleteAllNetworkMembers;
+	sqlite3_stmt *_sGetActiveNodesOnNetwork;
+	sqlite3_stmt *_sDeleteNetwork;
+	sqlite3_stmt *_sCreateRoute;
+	sqlite3_stmt *_sGetRoutes;
+	sqlite3_stmt *_sDeleteRoutes;
+	sqlite3_stmt *_sIncrementMemberRevisionCounter;
+	sqlite3_stmt *_sGetConfig;
+	sqlite3_stmt *_sSetConfig;
+
+	Mutex _lock;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/controller/schema.sql b/controller/schema.sql
new file mode 100644
index 0000000..105db92
--- /dev/null
+++ b/controller/schema.sql
@@ -0,0 +1,119 @@
+CREATE TABLE Config (
+  k varchar(16) PRIMARY KEY NOT NULL,
+  v varchar(1024) NOT NULL
+);
+
+CREATE TABLE Network (
+  id char(16) PRIMARY KEY NOT NULL,
+  name varchar(128) NOT NULL,
+  private integer NOT NULL DEFAULT(1),
+  enableBroadcast integer NOT NULL DEFAULT(1),
+  allowPassiveBridging integer NOT NULL DEFAULT(0),
+  multicastLimit integer NOT NULL DEFAULT(32),
+  creationTime integer NOT NULL DEFAULT(0),
+  revision integer NOT NULL DEFAULT(1),
+  memberRevisionCounter integer NOT NULL DEFAULT(1),
+  flags integer NOT NULL DEFAULT(0)
+);
+
+CREATE TABLE AuthToken (
+  id integer PRIMARY KEY NOT NULL,
+  networkId char(16) NOT NULL REFERENCES Network(id) ON DELETE CASCADE,
+  authMode integer NOT NULL DEFAULT(1),
+  useCount integer NOT NULL DEFAULT(0),
+  maxUses integer NOT NULL DEFAULT(0),
+  expiresAt integer NOT NULL DEFAULT(0),
+  token varchar(256) NOT NULL
+);
+
+CREATE INDEX AuthToken_networkId_token ON AuthToken(networkId,token);
+
+CREATE TABLE Node (
+  id char(10) PRIMARY KEY NOT NULL,
+  identity varchar(4096) NOT NULL
+);
+
+CREATE TABLE IpAssignment (
+  networkId char(16) NOT NULL REFERENCES Network(id) ON DELETE CASCADE,
+  nodeId char(10) REFERENCES Node(id) ON DELETE CASCADE,
+  type integer NOT NULL DEFAULT(0),
+  ip blob(16) NOT NULL,
+  ipNetmaskBits integer NOT NULL DEFAULT(0),
+  ipVersion integer NOT NULL DEFAULT(4)
+);
+
+CREATE UNIQUE INDEX IpAssignment_networkId_ip ON IpAssignment (networkId, ip);
+
+CREATE INDEX IpAssignment_networkId_nodeId ON IpAssignment (networkId, nodeId);
+
+CREATE TABLE IpAssignmentPool (
+  networkId char(16) NOT NULL REFERENCES Network(id) ON DELETE CASCADE,
+  ipRangeStart blob(16) NOT NULL,
+  ipRangeEnd blob(16) NOT NULL,
+  ipVersion integer NOT NULL DEFAULT(4)
+);
+
+CREATE UNIQUE INDEX IpAssignmentPool_networkId_ipRangeStart ON IpAssignmentPool (networkId,ipRangeStart);
+
+CREATE TABLE Member (
+  networkId char(16) NOT NULL REFERENCES Network(id) ON DELETE CASCADE,
+  nodeId char(10) NOT NULL REFERENCES Node(id) ON DELETE CASCADE,
+  authorized integer NOT NULL DEFAULT(0),
+  activeBridge integer NOT NULL DEFAULT(0),
+  memberRevision integer NOT NULL DEFAULT(0),
+  flags integer NOT NULL DEFAULT(0),
+  lastRequestTime integer NOT NULL DEFAULT(0),
+  lastPowDifficulty integer NOT NULL DEFAULT(0),
+  lastPowTime integer NOT NULL DEFAULT(0),
+  recentHistory blob,
+  PRIMARY KEY (networkId, nodeId)
+);
+
+CREATE INDEX Member_networkId_nodeId ON Member(networkId,nodeId);
+CREATE INDEX Member_networkId_activeBridge ON Member(networkId, activeBridge);
+CREATE INDEX Member_networkId_memberRevision ON Member(networkId, memberRevision);
+CREATE INDEX Member_networkId_lastRequestTime ON Member(networkId, lastRequestTime);
+
+CREATE TABLE Route (
+  networkId char(16) NOT NULL REFERENCES Network(id) ON DELETE CASCADE,
+  target blob(16) NOT NULL,
+  via blob(16),
+  targetNetmaskBits integer NOT NULL,
+  ipVersion integer NOT NULL,
+  flags integer NOT NULL,
+  metric integer NOT NULL
+);
+
+CREATE INDEX Route_networkId ON Route (networkId);
+
+CREATE TABLE Relay (
+  networkId char(16) NOT NULL REFERENCES Network(id) ON DELETE CASCADE,
+  address char(10) NOT NULL,
+  phyAddress varchar(64) NOT NULL
+);
+
+CREATE UNIQUE INDEX Relay_networkId_address ON Relay (networkId,address);
+
+CREATE TABLE Rule (
+  networkId char(16) NOT NULL REFERENCES Network(id) ON DELETE CASCADE,
+  ruleNo integer NOT NULL,
+  nodeId char(10) REFERENCES Node(id),
+  sourcePort char(10),
+  destPort char(10),
+  vlanId integer,
+  vlanPcp integer,
+  etherType integer,
+  macSource char(12),
+  macDest char(12),
+  ipSource varchar(64),
+  ipDest varchar(64),
+  ipTos integer,
+  ipProtocol integer,
+  ipSourcePort integer,
+  ipDestPort integer,
+  flags integer,
+  invFlags integer,
+  "action" varchar(4096) NOT NULL DEFAULT('accept')
+);
+
+CREATE UNIQUE INDEX Rule_networkId_ruleNo ON Rule (networkId, ruleNo);
diff --git a/controller/schema.sql.c b/controller/schema.sql.c
new file mode 100644
index 0000000..dab3413
--- /dev/null
+++ b/controller/schema.sql.c
@@ -0,0 +1,121 @@
+#define ZT_NETCONF_SCHEMA_SQL \
+"CREATE TABLE Config (\n"\
+"  k varchar(16) PRIMARY KEY NOT NULL,\n"\
+"  v varchar(1024) NOT NULL\n"\
+");\n"\
+"\n"\
+"CREATE TABLE Network (\n"\
+"  id char(16) PRIMARY KEY NOT NULL,\n"\
+"  name varchar(128) NOT NULL,\n"\
+"  private integer NOT NULL DEFAULT(1),\n"\
+"  enableBroadcast integer NOT NULL DEFAULT(1),\n"\
+"  allowPassiveBridging integer NOT NULL DEFAULT(0),\n"\
+"  multicastLimit integer NOT NULL DEFAULT(32),\n"\
+"  creationTime integer NOT NULL DEFAULT(0),\n"\
+"  revision integer NOT NULL DEFAULT(1),\n"\
+"  memberRevisionCounter integer NOT NULL DEFAULT(1),\n"\
+"  flags integer NOT NULL DEFAULT(0)\n"\
+");\n"\
+"\n"\
+"CREATE TABLE AuthToken (\n"\
+"  id integer PRIMARY KEY NOT NULL,\n"\
+"  networkId char(16) NOT NULL REFERENCES Network(id) ON DELETE CASCADE,\n"\
+"  authMode integer NOT NULL DEFAULT(1),\n"\
+"  useCount integer NOT NULL DEFAULT(0),\n"\
+"  maxUses integer NOT NULL DEFAULT(0),\n"\
+"  expiresAt integer NOT NULL DEFAULT(0),\n"\
+"  token varchar(256) NOT NULL\n"\
+");\n"\
+"\n"\
+"CREATE INDEX AuthToken_networkId_token ON AuthToken(networkId,token);\n"\
+"\n"\
+"CREATE TABLE Node (\n"\
+"  id char(10) PRIMARY KEY NOT NULL,\n"\
+"  identity varchar(4096) NOT NULL\n"\
+");\n"\
+"\n"\
+"CREATE TABLE IpAssignment (\n"\
+"  networkId char(16) NOT NULL REFERENCES Network(id) ON DELETE CASCADE,\n"\
+"  nodeId char(10) REFERENCES Node(id) ON DELETE CASCADE,\n"\
+"  type integer NOT NULL DEFAULT(0),\n"\
+"  ip blob(16) NOT NULL,\n"\
+"  ipNetmaskBits integer NOT NULL DEFAULT(0),\n"\
+"  ipVersion integer NOT NULL DEFAULT(4)\n"\
+");\n"\
+"\n"\
+"CREATE UNIQUE INDEX IpAssignment_networkId_ip ON IpAssignment (networkId, ip);\n"\
+"\n"\
+"CREATE INDEX IpAssignment_networkId_nodeId ON IpAssignment (networkId, nodeId);\n"\
+"\n"\
+"CREATE TABLE IpAssignmentPool (\n"\
+"  networkId char(16) NOT NULL REFERENCES Network(id) ON DELETE CASCADE,\n"\
+"  ipRangeStart blob(16) NOT NULL,\n"\
+"  ipRangeEnd blob(16) NOT NULL,\n"\
+"  ipVersion integer NOT NULL DEFAULT(4)\n"\
+");\n"\
+"\n"\
+"CREATE UNIQUE INDEX IpAssignmentPool_networkId_ipRangeStart ON IpAssignmentPool (networkId,ipRangeStart);\n"\
+"\n"\
+"CREATE TABLE Member (\n"\
+"  networkId char(16) NOT NULL REFERENCES Network(id) ON DELETE CASCADE,\n"\
+"  nodeId char(10) NOT NULL REFERENCES Node(id) ON DELETE CASCADE,\n"\
+"  authorized integer NOT NULL DEFAULT(0),\n"\
+"  activeBridge integer NOT NULL DEFAULT(0),\n"\
+"  memberRevision integer NOT NULL DEFAULT(0),\n"\
+"  flags integer NOT NULL DEFAULT(0),\n"\
+"  lastRequestTime integer NOT NULL DEFAULT(0),\n"\
+"  lastPowDifficulty integer NOT NULL DEFAULT(0),\n"\
+"  lastPowTime integer NOT NULL DEFAULT(0),\n"\
+"  recentHistory blob,\n"\
+"  PRIMARY KEY (networkId, nodeId)\n"\
+");\n"\
+"\n"\
+"CREATE INDEX Member_networkId_nodeId ON Member(networkId,nodeId);\n"\
+"CREATE INDEX Member_networkId_activeBridge ON Member(networkId, activeBridge);\n"\
+"CREATE INDEX Member_networkId_memberRevision ON Member(networkId, memberRevision);\n"\
+"CREATE INDEX Member_networkId_lastRequestTime ON Member(networkId, lastRequestTime);\n"\
+"\n"\
+"CREATE TABLE Route (\n"\
+"  networkId char(16) NOT NULL REFERENCES Network(id) ON DELETE CASCADE,\n"\
+"  target blob(16) NOT NULL,\n"\
+"  via blob(16),\n"\
+"  targetNetmaskBits integer NOT NULL,\n"\
+"  ipVersion integer NOT NULL,\n"\
+"  flags integer NOT NULL,\n"\
+"  metric integer NOT NULL\n"\
+");\n"\
+"\n"\
+"CREATE INDEX Route_networkId ON Route (networkId);\n"\
+"\n"\
+"CREATE TABLE Relay (\n"\
+"  networkId char(16) NOT NULL REFERENCES Network(id) ON DELETE CASCADE,\n"\
+"  address char(10) NOT NULL,\n"\
+"  phyAddress varchar(64) NOT NULL\n"\
+");\n"\
+"\n"\
+"CREATE UNIQUE INDEX Relay_networkId_address ON Relay (networkId,address);\n"\
+"\n"\
+"CREATE TABLE Rule (\n"\
+"  networkId char(16) NOT NULL REFERENCES Network(id) ON DELETE CASCADE,\n"\
+"  ruleNo integer NOT NULL,\n"\
+"  nodeId char(10) REFERENCES Node(id),\n"\
+"  sourcePort char(10),\n"\
+"  destPort char(10),\n"\
+"  vlanId integer,\n"\
+"  vlanPcp integer,\n"\
+"  etherType integer,\n"\
+"  macSource char(12),\n"\
+"  macDest char(12),\n"\
+"  ipSource varchar(64),\n"\
+"  ipDest varchar(64),\n"\
+"  ipTos integer,\n"\
+"  ipProtocol integer,\n"\
+"  ipSourcePort integer,\n"\
+"  ipDestPort integer,\n"\
+"  flags integer,\n"\
+"  invFlags integer,\n"\
+"  \"action\" varchar(4096) NOT NULL DEFAULT('accept')\n"\
+");\n"\
+"\n"\
+"CREATE UNIQUE INDEX Rule_networkId_ruleNo ON Rule (networkId, ruleNo);\n"\
+""
diff --git a/controller/schema2c.sh b/controller/schema2c.sh
new file mode 100755
index 0000000..4f4f164
--- /dev/null
+++ b/controller/schema2c.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# Run this file to package the .sql file into a .c file whenever the SQL changes.
+
+rm -f schema.sql.c
+echo '#define ZT_NETCONF_SCHEMA_SQL \' >schema.sql.c
+cat schema.sql | sed 's/"/\\"/g' | sed 's/^/"/' | sed 's/$/\\n"\\/' >>schema.sql.c
+echo '""' >>schema.sql.c
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..aa2fb53
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,38 @@
+zerotier-one (1.1.14) unstable; urgency=medium
+
+  * See https://github.com/zerotier/ZeroTierOne for release notes.
+
+ -- Adam Ierymenko <adam.ierymenko@zerotier.com>  Tue, 21 Jul 2016 07:14:12 -0700
+
+zerotier-one (1.1.12) unstable; urgency=medium
+
+  * See https://github.com/zerotier/ZeroTierOne for release notes.
+
+ -- Adam Ierymenko <adam.ierymenko@zerotier.com>  Tue, 12 Jul 2016 03:02:22 -0700
+
+zerotier-one (1.1.10) unstable; urgency=medium
+
+  * See https://github.com/zerotier/ZeroTierOne for release notes.
+  * ZeroTier Debian packages no longer depend on http-parser since its ABI is too unstable.
+
+ -- Adam Ierymenko <adam.ierymenko@zerotier.com>  Tue, 12 Jul 2016 12:29:00 -0700
+
+zerotier-one (1.1.8) unstable; urgency=low
+
+  * See https://github.com/zerotier/ZeroTierOne for release notes.
+
+ -- Adam Ierymenko <adam.ierymenko@zerotier.com>  Fri, 08 Jul 2016 01:56:00 -0700
+
+zerotier-one (1.1.6) unstable; urgency=medium
+
+  * First Debian release on ZeroTier, Inc. private apt repository.
+
+  * See https://github.com/zerotier/ZeroTierOne for release notes.
+
+ -- Adam Ierymenko <adam.ierymenko@zerotier.com>  Fri, 24 Jun 2016 10:00:00 -0700
+
+zerotier-one (1.1.5) UNRELEASED; urgency=medium
+
+  * Development package -- first clean Debian packaging test.
+
+ -- Adam Ierymenko <adam.ierymenko@zerotier.com>  Wed, 08 Jun 2016 10:05:01 -0700
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000..f11c82a
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+9
\ No newline at end of file
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..46b8307
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,19 @@
+Source: zerotier-one
+Maintainer: Adam Ierymenko <adam.ierymenko@zerotier.com>
+Section: net
+Priority: optional
+Standards-Version: 3.9.6
+Build-Depends: debhelper (>= 9), liblz4-dev, libnatpmp-dev, dh-systemd, ruby-ronn
+Vcs-Git: git://github.com/zerotier/ZeroTierOne
+Vcs-Browser: https://github.com/zerotier/ZeroTierOne
+Homepage: https://www.zerotier.com/
+
+Package: zerotier-one
+Architecture: any
+Depends:  ${shlibs:Depends}, ${misc:Depends}, liblz4-1, libnatpmp1, iproute2
+Homepage: https://www.zerotier.com/
+Description: ZeroTier network virtualization service
+ ZeroTier One lets you join ZeroTier virtual networks and
+ have them appear as tun/tap ports on your system. See
+ https://www.zerotier.com/ for instructions and
+ documentation.
diff --git a/debian/control.wheezy b/debian/control.wheezy
new file mode 100644
index 0000000..0cbd151
--- /dev/null
+++ b/debian/control.wheezy
@@ -0,0 +1,19 @@
+Source: zerotier-one
+Maintainer: Adam Ierymenko <adam.ierymenko@zerotier.com>
+Section: net
+Priority: optional
+Standards-Version: 3.9.4
+Build-Depends: debhelper (>= 9), ruby-ronn
+Vcs-Git: git://github.com/zerotier/ZeroTierOne
+Vcs-Browser: https://github.com/zerotier/ZeroTierOne
+Homepage: https://www.zerotier.com/
+
+Package: zerotier-one
+Architecture: any
+Depends:  ${shlibs:Depends}, ${misc:Depends}, iproute
+Homepage: https://www.zerotier.com/
+Description: ZeroTier network virtualization service
+ ZeroTier One lets you join ZeroTier virtual networks and
+ have them appear as tun/tap ports on your system. See
+ https://www.zerotier.com/ for instructions and
+ documentation.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..cd728a0
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,24 @@
+Format: http://dep.debian.net/deps/dep5
+Upstream-Name: zerotier-one
+Source: https://github.com/zerotier/ZeroTierOne
+
+Files: *
+Copyright: 2011-2016 ZeroTier, Inc.
+License: GPL-3.0+
+
+License: GPL-3.0+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".
diff --git a/debian/format b/debian/format
new file mode 100644
index 0000000..46ebe02
--- /dev/null
+++ b/debian/format
@@ -0,0 +1 @@
+3.0 (quilt)
\ No newline at end of file
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..cf0b04f
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,16 @@
+#!/usr/bin/make -f
+
+CFLAGS=-O3 -fstack-protector-strong
+CXXFLAGS=-O3 -fstack-protector-strong
+
+%:
+	dh $@ --with systemd
+
+override_dh_auto_build:
+	make ZT_USE_MINIUPNPC=1 -j 2
+
+override_dh_systemd_start:
+	dh_systemd_start --restart-after-upgrade
+
+override_dh_installinit:
+	dh_installinit --name=zerotier-one -- defaults
diff --git a/debian/rules.wheezy b/debian/rules.wheezy
new file mode 100755
index 0000000..e51d794
--- /dev/null
+++ b/debian/rules.wheezy
@@ -0,0 +1,11 @@
+#!/usr/bin/make -f
+
+CFLAGS=-O3 -fstack-protector
+CXXFLAGS=-O3 -fstack-protector
+
+%:
+	dh $@
+
+override_dh_auto_build:
+	make ZT_USE_MINIUPNPC=1 -j 2
+
diff --git a/debian/zerotier-one.init b/debian/zerotier-one.init
new file mode 100644
index 0000000..41a22a5
--- /dev/null
+++ b/debian/zerotier-one.init
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides:          zerotier-one
+# Required-Start:    $remote_fs $syslog
+# Required-Stop:     $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:
+# Short-Description: ZeroTier One network virtualization service
+### END INIT INFO
+
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+DESC="zerotier-one daemon"
+NAME=zerotier-one
+DAEMON=/usr/sbin/zerotier-one
+PIDFILE=/var/lib/zerotier-one/zerotier-one.pid
+SCRIPTNAME=/etc/init.d/"$NAME"
+EXTRA_OPTS=-d
+
+test -f $DAEMON || exit 0
+
+. /lib/lsb/init-functions
+
+case "$1" in
+start)	log_daemon_msg "Starting ZeroTier One" "zerotier-one"
+        start_daemon -p $PIDFILE $DAEMON $EXTRA_OPTS
+        log_end_msg $?
+	;;
+stop)	log_daemon_msg "Stopping ZeroTier One" "zerotier-one"
+        killproc -p $PIDFILE $DAEMON
+        RETVAL=$?
+        [ $RETVAL -eq 0 ] && [ -e "$PIDFILE" ] && rm -f $PIDFILE
+        log_end_msg $RETVAL
+        ;;
+restart) log_daemon_msg "Restarting ZeroTier One" "zerotier-one" 
+        $0 stop
+        $0 start
+        ;;
+reload|force-reload) log_daemon_msg "Reloading ZeroTier One" "zerotier-one"
+        log_end_msg 0
+        ;;
+status)
+        status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $?
+        ;;
+*)	log_action_msg "Usage: /etc/init.d/cron {start|stop|status|restart|reload|force-reload}"
+        exit 2
+        ;;
+esac
+exit 0
diff --git a/debian/zerotier-one.service b/debian/zerotier-one.service
new file mode 100644
index 0000000..a0126b7
--- /dev/null
+++ b/debian/zerotier-one.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=ZeroTier One
+After=network.target
+
+[Service]
+ExecStart=/usr/sbin/zerotier-one
+Restart=always
+KillMode=process
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/zerotier-one.upstart b/debian/zerotier-one.upstart
new file mode 100644
index 0000000..7753580
--- /dev/null
+++ b/debian/zerotier-one.upstart
@@ -0,0 +1,14 @@
+description "ZeroTier One upstart startup script"
+
+author "Adam Ierymenko <adam.ierymenko@zerotier.com>"
+
+start on (local-filesystems and net-device-up IFACE!=lo)
+stop on runlevel [!2345]
+
+respawn
+respawn limit 2 300
+
+#pre-start script
+#end script
+
+exec /usr/sbin/zerotier-one
diff --git a/doc/README.md b/doc/README.md
new file mode 100644
index 0000000..707c64a
--- /dev/null
+++ b/doc/README.md
@@ -0,0 +1,6 @@
+Manual Pages and Other Documentation
+=====
+
+Use "./build.sh" to build the manual pages.
+
+You'll need either NodeJS/npm installed (script will then automatically install the npm *marked-man* package) or */usr/bin/ronn*. The latter is a Ruby program packaged on some distributions as *rubygem-ronn* or *ruby-ronn* or installable as *gem install ronn*. The Node *marked-man* package and *ronn* from rubygems are two roughly equivalent alternatives for compiling MarkDown into roff/man format.
diff --git a/doc/build.sh b/doc/build.sh
new file mode 100755
index 0000000..9df72a3
--- /dev/null
+++ b/doc/build.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+export PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin
+
+if [ ! -f zerotier-cli.1.md ]; then
+	echo 'This script must be run from the doc/ subfolder of the ZeroTier tree.'
+fi
+
+rm -f *.1 *.2 *.8
+
+if [ -e /usr/bin/ronn -o -e /usr/local/bin/ronn ]; then
+	# Use 'ronn' which is available as a package on many distros including Debian
+	ronn -r zerotier-cli.1.md
+	ronn -r zerotier-idtool.1.md
+	ronn -r zerotier-one.8.md
+else
+	# Use 'marked-man' from npm
+	NODE=/usr/bin/node
+	if [ ! -e $NODE ]; then
+		if [ -e /usr/bin/nodejs ]; then
+			NODE=/usr/bin/nodejs
+		elif [ -e /usr/local/bin/node ]; then
+			NODE=/usr/local/bin/node
+		elif [ -e /usr/local/bin/nodejs ]; then
+			NODE=/usr/local/bin/nodejs
+		else
+			echo 'Unable to find ronn or node/npm -- cannot build man pages!'
+			exit 1
+		fi
+	fi
+
+	if [ ! -f node_modules/marked-man/bin/marked-man ]; then
+		echo 'Installing npm package "marked-man" -- MarkDown to ROFF converter...'
+		npm install marked-man
+	fi
+
+	$NODE node_modules/marked-man/bin/marked-man zerotier-cli.1.md >zerotier-cli.1
+	$NODE node_modules/marked-man/bin/marked-man zerotier-idtool.1.md >zerotier-idtool.1
+	$NODE node_modules/marked-man/bin/marked-man zerotier-one.8.md >zerotier-one.8
+fi
+
+exit 0
diff --git a/doc/contact@zerotier.com.gpg b/doc/contact@zerotier.com.gpg
new file mode 100644
index 0000000..dc7d645
--- /dev/null
+++ b/doc/contact@zerotier.com.gpg
@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: GPGTools - https://gpgtools.org
+
+mQINBFdQq7oBEADEVhyRiaL8dEjMPlI/idO8tA7adjhfvejxrJ3Axxi9YIuIKhWU
+5hNjDjZAiV9iSCMfJN3TjC3EDA+7nFyU6nDKeAMkXPbaPk7ti+Tb1nA4TJsBfBlm
+CC14aGWLItpp8sI00FUzorxLWRmU4kOkrRUJCq2kAMzbYWmHs0hHkWmvj8gGu6mJ
+WU3sDIjvdsm3hlgtqr9grPEnj+gA7xetGs3oIfp6YDKymGAV49HZmVAvSeoqfL1p
+pEKlNQ1aO9uNfHLdx6+4pS1miyo7D1s7ru2IcqhTDhg40cHTL/VldC3d8vXRFLIi
+Uo2tFZ6J1jyQP5c1K4rTpw3UNVne3ob7uCME+T1+ePeuM5Y/cpcCvAhJhO0rrlr0
+dP3lOKrVdZg4qhtFAspC85ivcuxWNWnfTOBrgnvxCA1fmBX+MLNUEDsuu55LBNQT
+5+WyrSchSlsczq+9EdomILhixUflDCShHs+Efvh7li6Pg56fwjEfj9DJYFhRvEvQ
+7GZ7xtysFzx4AYD4/g5kCDsMTbc9W4Jv+JrMt3JsXt2zqwI0P4R1cIAu0J6OZ4Xa
+dJ7Ci1WisQuJRcCUtBTUxcYAClNGeors5Nhl4zDrNIM7zIJp+GfPYdWKVSuW10mC
+r3OS9QctMSeVPX/KE85TexeRtmyd4zUdio49+WKgoBhM8Z9MpTaafn2OPQARAQAB
+tFBaZXJvVGllciwgSW5jLiAoWmVyb1RpZXIgU3VwcG9ydCBhbmQgUmVsZWFzZSBT
+aWduaW5nIEtleSkgPGNvbnRhY3RAemVyb3RpZXIuY29tPokCNwQTAQoAIQUCV1Cr
+ugIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRAWVxmII+UqYViGEACnC3+3
+lRzfv7f7JLWo23FSHjlF3IiWfYd+47BLDx706SDih1H6Qt8CqRy706bWbtictEJ/
+xTaWgTEDzY/lRalYO5NAFTgK9h2zBP1t8zdEA/rmtVPOWOzd6jr0q3l3pKQTeMF0
+6g+uaMDG1OkBz6MCwdg9counz6oa8OHK76tXNIBEnGOPBW375z1O+ExyddQOHDcS
+IIsUlFmtIL1yBa7Q5NSfLofPLfS0/o2FItn0riSaAh866nXHynQemjTrqkUxf5On
+65RLM+AJQaEkX17vDlsSljHrtYLKrhEueqeq50e89c2Ya4ucmSVeC9lrSqfyvGOO
+P3aT/hrmeE9XBf7a9vozq7XhtViEC/ZSd1/z/oeypv4QYenfw8CtXP5bW1mKNK/M
+8xnrnYwo9BUMclX2ZAvu1rTyiUvGre9fEGfhlS0rjmCgYfMgBZ+R/bFGiNdn6gAd
+PSY/8fP8KFZl0xUzh2EnWe/bptoZ67CKkDbVZnfWtuKA0Ui7anitkjZiv+6wanv4
++5A3k/H3D4JofIjRNgx/gdVPhJfWjAoutIgGeIWrkfcAP9EpsR5swyc4KuE6kJ/Y
+wXXVDQiju0xE1EdNx/S1UOeq0EHhOFqazuu00ojATekUPWenNjPWIjBYQ0Ag4ycL
+KU558PFLzqYaHphdWYgxfGR+XSgzVTN1r7lW87kCDQRXUKu6ARAA2wWOywNMzEiP
+ZK6CqLYGZqrpfx+drOxSowwfwjP3odcK8shR/3sxOmYVqZi0XVZtb9aJVz578rNb
+e4Vfugql1Yt6w3V84z/mtfj6ZbTOOU5yAGZQixm6fkXAnpG5Eer/C8Aw8dH1EreP
+Na1gIVcUzlpg2Ql23qjr5LqvGtUB4BqJSF4X8efNi/y0hj/GaivUMqCF6+Vvh3GG
+fhvzhgBPku/5wK2XwBL9BELqaQ/tWOXuztMw0xFH/De75IH3LIvQYCuv1pnM4hJL
+XYnpAGAWfmFtmXNnPVon6g542Z6c0G/qi657xA5vr6OSSbazDJXNiHXhgBYEzRrH
+napcohTQwFKEA3Q4iftrsTDX/eZVTrO9x6qKxwoBVTGwSE52InWAxkkcnZM6tkfV
+n7Ukc0oixZ6E70Svls27zFgaWbUFJQ6JFoC6h+5AYbaga6DwKCYOP3AR+q0ZkcH/
+oJIdvKuhF9zDZbQhd76b4gK3YXnMpVsj9sQ9P23gh61RkAQ1HIlGOBrHS/XYcvpk
+DcfIlJXKC3V1ggrG+BpKu46kiiYmRR1/yM0EXH2n99XhLNSxxFxxWhjyw8RcR6iG
+ovDxWAULW+bJHjaNJdgb8Kab7j2nT2odUjUHMP42uLJgvS5LgRn39IvtzjoScAqg
+8I817m8yLU/91D2f5qmJIwFI6ELwImkAEQEAAYkCHwQYAQoACQUCV1CrugIbDAAK
+CRAWVxmII+UqYWSSEACxaR/hhr8xUIXkIV52BeD+2BOS8FNOi0aM67L4fEVplrsV
+Op9fvAnUNmoiQo+RFdUdaD2Rpq+yUjQHHbj92mlk6Cmaon46wU+5bAWGYpV1Uf+o
+wbKw1Xv83Uj9uHo7zv9WDtOUXUiTe/S792icTfRYrKbwkfI8iCltgNhTQNX0lFX/
+Sr2y1/dGCTCMEuA/ClqGKCm9lIYdu+4z32V9VXTSX85DsUjLOCO/hl9SHaelJgmi
+IJzRY1XLbNDK4IH5eWtbaprkTNIGt00QhsnM5w+rn1tO80giSxXFpKBE+/pAx8PQ
+RdVFzxHtTUGMCkZcgOJolk8y+DJWtX8fP+3a4Vq11a3qKJ19VXk3qnuC1aeW7OQF
+j6ISyHsNNsnBw5BRaS5tdrpLXw6Z7TKr1eq+FylmoOK0pIw5xOdRmSVoFm4lVcI5
+e5EwB7IIRF00IFqrXe8dCT0oDT9RXc6CNh6GIs9D9YKwDPRD/NKQlYoegfa13Jz7
+S3RIXtOXudT1+A1kaBpGKnpXOYD3w7jW2l0zAd6a53AAGy4SnL1ac4cml76NIWiF
+m2KYzvMJZBk5dAtFa0SgLK4fg8X6Ygoo9E0JsXxSrW9I1JVfo6Ia//YOBMtt4XuN
+Awqahjkq87yxOYYTnJmr2OZtQuFboymfMhNqj3G2DYmZ/ZIXXPgwHx0fnd3R0Q==
+=JgAv
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/doc/manpage_encoding_declaration.UTF-8 b/doc/manpage_encoding_declaration.UTF-8
new file mode 100644
index 0000000..991db0a
--- /dev/null
+++ b/doc/manpage_encoding_declaration.UTF-8
@@ -0,0 +1 @@
+'\" -*- coding: utf-8 -*-
diff --git a/doc/zerotier-cli.1.md b/doc/zerotier-cli.1.md
new file mode 100644
index 0000000..6252d45
--- /dev/null
+++ b/doc/zerotier-cli.1.md
@@ -0,0 +1,68 @@
+zerotier-cli(1) -- control local ZeroTier virtual network service
+=================================================================
+
+## SYNOPSIS
+
+`zerotier-cli` [-switches] <command> [arguments]
+
+## DESCRIPTION
+
+**zerotier-cli** provides a simple command line interface to the local JSON API of the ZeroTier virtual network endpoint service zerotier-one(8).
+
+By default **zerotier-cli** must be run as root or with `sudo`. If you want to allow an unprivileged user to use **zerotier-cli** to control the system ZeroTier service, you can create a local copy of the ZeroTier service authorization token in the user's home directory:
+
+    sudo cp /var/lib/zerotier-one/authtoken.secret /home/user/.zeroTierOneAuthToken
+    chown user /home/user/.zeroTierOneAuthToken
+    chmod 0600 /home/user/.zeroTierOneAuthToken
+
+(The location of ZeroTier's service home may differ by platform. See zerotier-one(8).)
+
+Note that this gives the user the power to connect or disconnect the system to or from any virtual network, which is a significant permission.
+
+**zerotier-cli** has several command line arguments that are visible in `help` output. The two most commonly used are `-j` for raw JSON output and `-D<path>` to specify an alternative ZeroTier service working directory. Raw JSON output is easier to parse in scripts and also contains verbose details not present in the tabular output. The `-D<path>` option specifies where the service's zerotier-one.port and authtoken.secret files are located if the service is not running at the default location for your system.
+
+## COMMANDS
+
+ * `help`:
+   Displays **zerotier-cli** help.
+
+ * `info`:
+   Shows information about this device including its 10-digit ZeroTier address and apparent connection status. Use `-j` for more verbose output.
+
+ * `listpeers`:
+   This command lists the ZeroTier VL1 (virtual layer 1, the peer to peer network) peers this service knows about and has recently (within the past 30 minutes or so) communicated with. These are not necessarily all the devices on your virtual network(s), and may also include a few devices not on any virtual network you've joined. These are typically either root servers or network controllers.
+
+ * `listnetworks`:
+   This lists the networks your system belongs to and some information about them, such as any ZeroTier-managed IP addresses you have been assigned. (IP addresses assigned manually to ZeroTier interfaces will not be listed here. Use the standard network interface commands to see these.)
+
+ * `join`:
+   To join a network just use `join` and its 16-digit hex network ID. That's it. Then use `listnetworks` to see the status. You'll either get a reply from the network controller with a certificate and other info such as IP assignments, or you'll get "access denied." In this case you'll need the administrator of this network to authorize your device by its 10-digit device ID (visible with `info`) on the network's controller.
+
+ * `leave`:
+   Leaving a network is as easy as joining it. This disconnects from the network and deletes its interface from the system. Note that peers on the network may hang around in `listpeers` for up to 30 minutes until they time out due to lack of traffic. But if they no longer share a network with you, they can't actually communicate with you in any meaningful way.
+
+## EXAMPLES
+
+Join "Earth," ZeroTier's big public party line network:
+
+    $ sudo zerotier-cli join 8056c2e21c000001
+    $ sudo zerotier-cli listnetworks
+    ( wait until you get an Earth IP )
+    $ ping earth.zerotier.net
+    ( you should now be able to ping our Earth test IP )
+
+Leave "Earth":
+
+    $ sudo zerotier-cli leave 8056c2e21c000001
+
+List VL1 peers:
+
+    $ sudo zerotier-cli listpeers
+
+## COPYRIGHT
+
+(c)2011-2016 ZeroTier, Inc. -- https://www.zerotier.com/ -- https://github.com/zerotier
+
+## SEE ALSO
+
+zerotier-one(8), zerotier-idtool(1)
diff --git a/doc/zerotier-idtool.1.md b/doc/zerotier-idtool.1.md
new file mode 100644
index 0000000..52a586c
--- /dev/null
+++ b/doc/zerotier-idtool.1.md
@@ -0,0 +1,65 @@
+zerotier-idtool(1) -- tool for creating and manipulating ZeroTier identities
+============================================================================
+
+## SYNOPSIS
+
+`zerotier-idtool` <command> [args]
+
+## DESCRIPTION
+
+**zerotier-idtool** is a command line utility for doing things with ZeroTier identities. A ZeroTier identity consists of a public/private key pair (or just the public if it's only an identity.public) and a 10-digit hexadecimal ZeroTier address derived from the public key by way of a proof of work based hash function.
+
+## COMMANDS
+
+When command arguments call for a public or secret (full) identity, the identity can be specified as a path to a file or directly on the command line.
+
+ * `help`:
+   Display help. (Also running with no command does this.)
+
+ * `generate` [secret file] [public file] [vanity]:
+   Generate a new ZeroTier identity. If a secret file is specified, the full identity including the private key will be written to this file. If the public file is specified, the public portion will be written there. If no file paths are specified the full secret identity is output to STDOUT. The vanity prefix is a series of hexadecimal digits that the generated identity's address should start with. Typically this isn't used, and if it's specified generation can take a very long time due to the intrinsic cost of generating identities with their proof of work function. Generating an identity with a known 16-bit (4 digit) prefix on a 2.8ghz Core i5 (using one core) takes an average of two hours.
+
+ * `validate` <identity, only public part required>:
+   Locally validate an identity's key and proof of work function correspondence.
+
+ * `getpublic` <full identity with secret>:
+   Extract the public portion of an identity.secret and print to STDOUT.
+
+ * `sign` <full identity with secret> <file to sign>:
+   Sign a file's contents with SHA512+ECC-256 (ed25519). The signature is output in hex to STDOUT.
+
+ * `verify` <identity, only public part required> <file to check> <signature in hex>:
+   Verify a signature created with `sign`.
+
+ * `mkcom` <full identity with secret> [id,value,maxdelta] [...]:
+   Create and sign a network membership certificate. This is not generally useful since network controllers do this automatically and is included mostly for testing purposes.
+
+## EXAMPLES
+
+Generate and dump a new identity:
+
+    $ zerotier-idtool generate
+
+Generate and write a new identity, both secret and public parts:
+
+    $ zerotier-idtool generate identity.secret identity.public
+
+Generate a vanity address that begins with the hex digits "beef" (this will take a while!):
+
+    $ zerotier-idtool generate beef.secret beef.public beef
+
+Sign a file with an identity's secret key:
+
+    $ zerotier-idtool sign identity.secret last_will_and_testament.txt
+
+Verify a file's signature with a public key:
+
+    $ zerotier-idtool verify identity.public last_will_and_testament.txt
+
+## COPYRIGHT
+
+(c)2011-2016 ZeroTier, Inc. -- https://www.zerotier.com/ -- https://github.com/zerotier
+
+## SEE ALSO
+
+zerotier-one(8), zerotier-cli(1)
diff --git a/doc/zerotier-one.8.md b/doc/zerotier-one.8.md
new file mode 100644
index 0000000..bd31d5c
--- /dev/null
+++ b/doc/zerotier-one.8.md
@@ -0,0 +1,95 @@
+zerotier-one(8) -- ZeroTier virtual network endpoint service
+============================================================
+
+## SYNOPSIS
+
+`zerotier-one` [-switches] [working directory]
+
+## DESCRIPTION
+
+**zerotier-one** is the service/daemon responsible for connecting a Unix (Linux/BSD/OSX) system to one or more ZeroTier virtual networks and presenting those networks to the system as virtual network ports. You can think of it as a peer to peer VPN client.
+
+It's typically run by init systems like systemd (Linux) or launchd (Mac) rather than directly by the user, and it must be run as root unless you give it the `-U` switch and don't plan on actually joining networks (e.g. to run a network controller microservice only).
+
+The **zerotier-one** service keeps its state and other files in a working directory. If this directory is not specified at launch it defaults to "/var/lib/zerotier-one" on Linux, "/Library/Application Support/ZeroTier/One" on Mac, and "/var/db/zerotier-one" on FreeBSD and other similar BSDs. The working directory should persist. It shouldn't be automatically cleaned by system cleanup daemons or stored in a volatile location. Loss of its identity.secret file results in loss of this system's unique 10-digit ZeroTier address and key.
+
+Multiple instances of **zerotier-one** can be run on the same system as long as they are run with different primary ports (see switches) and a different working directory. But since a single service can join any number of networks, typically there's no point in doing this.
+
+The **zerotier-one** service is controlled via a JSON API available at 127.0.0.1:<primary port> with the default primary port being 9993. Access to this API requires an authorization token normally found in the authtoken.secret file in the service's working directory. On some platforms access may be guarded by other measures such as socket peer UID/GID lookup if additional security options are enabled (this is not the default).
+
+The first time the service is started in a fresh working directory, it generates a ZeroTier identity. On slow systems this process can take ten seconds or more due to an anti-DDOS/anti-counterfeit proof of work function used by ZeroTier in address generation. This only happens once, and once generated the result is saved in identity.secret in the working directory. This file represents and defines/claims your ZeroTier address and associated ECC-256 key pair.
+
+## SWITCHES
+
+ * `-h`:
+   Display help.
+
+ * `-v`:
+   Display ZeroTier One version.
+
+ * `-U`:
+   Skip privilege check and allow to be run by non-privileged user. This is typically used when **zerotier-one** is built with the network controller option included. In this case the ZeroTier service might only be acting as a network controller and might never actually join networks, in which case it does not require elevated system permissions.
+
+ * `-p<port>`:
+   Specify a different primary port. If this is not given the default is 9993. If zero is given a random port is chosen each time.
+
+ * `-d`:
+   Fork and run as a daemon.
+
+ * `-i`:
+   Invoke the **zerotier-idtool** personality, in which case the binary behaves like zerotier-idtool(1). This happens automatically if the name of the binary (or a symlink to it) is zerotier-idtool.
+
+ * `-q`:
+   Invoke the **zerotier-cli** personality, in which case the binary behaves like zerotier-cli(1). This happens automatically if the name of the binary (or a symlink to it) is zerotier-cli.
+
+## EXAMPLES
+
+Run as daemon with OS default working directory and default port:
+
+    $ sudo zerotier-one -d
+
+Run as daemon with a different working directory and port:
+
+    $ sudo zerotier-one -d -p12345 /tmp/zerotier-working-directory-test
+
+## FILES
+
+These are found in the service's working directory.
+
+ * `identity.public`:
+   The public portion of your ZeroTier identity, which is your 10-digit hex address and the associated public key.
+
+ * `identity.secret`:
+   Your full ZeroTier identity including its private key. This file identifies the system on the network, which means you can move a ZeroTier address around by copying this file and you should back up this file if you want to save your system's static ZeroTier address. This file must be protected, since theft of its secret key will allow anyone to impersonate your device on any network and decrypt traffic. For network controllers this file is particularly sensitive since it constitutes the private key for a certificate authority for the controller's networks.
+
+ * `authtoken.secret`:
+   The secret token used to authenticate requests to the service's local JSON API. If it does not exist it is generated from a secure random source on service start. To use, send it in the "X-ZT1-Auth" header with HTTP requests to 127.0.0.1:<primary port>.
+
+ * `devicemap`:
+   Remembers mappings of zt# interface numbers to ZeroTier networks so they'll persist across restarts. On some systems that support longer interface names that can encode the network ID (such as FreeBSD) this file may not be present.
+
+ * `zerotier-one.pid`:
+   ZeroTier's PID. This file is deleted on normal shutdown.
+
+ * `zerotier-one.port`:
+   ZeroTier's primary port, which is also where its JSON API is found at 127.0.0.1:<this port>. This file is created on startup and is read by zerotier-cli(1) to determine where it should find the control API.
+
+ * `controller.db`:
+   If the ZeroTier One service is built with the network controller enabled, this file contains the controller's SQLite3 database.
+
+ * `controller.db.backup`:
+   If the ZeroTier One service is built with the network controller enabled, it periodically backs up its controller.db database in this file (currently every 5 minutes if there have been changes). Since this file is not a currently in use SQLite3 database it's safer to back up without corruption. On new backups the file is rotated out rather than being rewritten in place.
+
+ * `iddb.d/` (directory):
+   Caches the public identity of every peer ZeroTier has spoken with in the last 60 days. This directory and its contents can be deleted, but this may result in slower connection initations since it will require that we go out and re-fetch full identities for peers we're speaking to.
+
+ * `networks.d` (directory):
+   This caches network configurations and certificate information for networks you belong to. ZeroTier scans this directory for <network ID>.conf files on startup to recall its networks, so "touch"ing an empty <network ID>.conf file in this directory is a way of pre-configuring ZeroTier to join a specific network on startup without using the API. If the config file is empty ZeroTIer will just fetch it from the network's controller.
+
+## COPYRIGHT
+
+(c)2011-2016 ZeroTier, Inc. -- https://www.zerotier.com/ -- https://github.com/zerotier
+
+## SEE ALSO
+
+zerotier-cli(1), zerotier-idtool(1)
diff --git a/ext/README.md b/ext/README.md
new file mode 100644
index 0000000..be9484c
--- /dev/null
+++ b/ext/README.md
@@ -0,0 +1,10 @@
+Miscellaneous Stuff
+======
+
+This subfolder contains:
+
+ * Bundled third party libraries that are compiled into the binary on platforms and Linux distributions where they are not available on the system.
+
+ * Pre-compiled binaries for some platforms, such as pre-built and signed drivers for Mac and Windows.
+
+ * Miscellaneous files used by installers and packages on various platform targets.
diff --git a/ext/bin/tap-mac/tap.kext/Contents/Info.plist b/ext/bin/tap-mac/tap.kext/Contents/Info.plist
new file mode 100644
index 0000000..c20eefa
--- /dev/null
+++ b/ext/bin/tap-mac/tap.kext/Contents/Info.plist
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleDevelopmentRegion</key>
+	<string>English</string>
+	<key>CFBundleExecutable</key>
+	<string>tap</string>
+	<key>CFBundleIdentifier</key>
+	<string>com.zerotier.tap</string>
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+	<key>CFBundleName</key>
+	<string>tap</string>
+	<key>CFBundlePackageType</key>
+	<string>KEXT</string>
+	<key>CFBundleShortVersionString</key>
+	<string>20150118</string>
+	<key>CFBundleSignature</key>
+	<string>????</string>
+	<key>CFBundleVersion</key>
+	<string>1.0</string>
+	<key>OSBundleLibraries</key>
+	<dict>
+		<key>com.apple.kpi.mach</key>
+		<string>8.0</string>
+		<key>com.apple.kpi.bsd</key>
+		<string>8.0</string>
+		<key>com.apple.kpi.libkern</key>
+		<string>8.0</string>
+		<key>com.apple.kpi.unsupported</key>
+		<string>8.0</string>
+	</dict>
+</dict>
+</plist>
+
diff --git a/ext/bin/tap-mac/tap.kext/Contents/MacOS/tap b/ext/bin/tap-mac/tap.kext/Contents/MacOS/tap
new file mode 100755
index 0000000..48bf962
Binary files /dev/null and b/ext/bin/tap-mac/tap.kext/Contents/MacOS/tap differ
diff --git a/ext/bin/tap-mac/tap.kext/Contents/_CodeSignature/CodeResources b/ext/bin/tap-mac/tap.kext/Contents/_CodeSignature/CodeResources
new file mode 100644
index 0000000..0710b40
--- /dev/null
+++ b/ext/bin/tap-mac/tap.kext/Contents/_CodeSignature/CodeResources
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>files</key>
+	<dict/>
+	<key>files2</key>
+	<dict/>
+	<key>rules</key>
+	<dict>
+		<key>^Resources/</key>
+		<true/>
+		<key>^Resources/.*\.lproj/</key>
+		<dict>
+			<key>optional</key>
+			<true/>
+			<key>weight</key>
+			<real>1000</real>
+		</dict>
+		<key>^Resources/.*\.lproj/locversion.plist$</key>
+		<dict>
+			<key>omit</key>
+			<true/>
+			<key>weight</key>
+			<real>1100</real>
+		</dict>
+		<key>^version.plist$</key>
+		<true/>
+	</dict>
+	<key>rules2</key>
+	<dict>
+		<key>.*\.dSYM($|/)</key>
+		<dict>
+			<key>weight</key>
+			<real>11</real>
+		</dict>
+		<key>^(.*/)?\.DS_Store$</key>
+		<dict>
+			<key>omit</key>
+			<true/>
+			<key>weight</key>
+			<real>2000</real>
+		</dict>
+		<key>^(Frameworks|SharedFrameworks|PlugIns|Plug-ins|XPCServices|Helpers|MacOS|Library/(Automator|Spotlight|LoginItems))/</key>
+		<dict>
+			<key>nested</key>
+			<true/>
+			<key>weight</key>
+			<real>10</real>
+		</dict>
+		<key>^.*</key>
+		<true/>
+		<key>^Info\.plist$</key>
+		<dict>
+			<key>omit</key>
+			<true/>
+			<key>weight</key>
+			<real>20</real>
+		</dict>
+		<key>^PkgInfo$</key>
+		<dict>
+			<key>omit</key>
+			<true/>
+			<key>weight</key>
+			<real>20</real>
+		</dict>
+		<key>^Resources/</key>
+		<dict>
+			<key>weight</key>
+			<real>20</real>
+		</dict>
+		<key>^Resources/.*\.lproj/</key>
+		<dict>
+			<key>optional</key>
+			<true/>
+			<key>weight</key>
+			<real>1000</real>
+		</dict>
+		<key>^Resources/.*\.lproj/locversion.plist$</key>
+		<dict>
+			<key>omit</key>
+			<true/>
+			<key>weight</key>
+			<real>1100</real>
+		</dict>
+		<key>^[^/]+$</key>
+		<dict>
+			<key>nested</key>
+			<true/>
+			<key>weight</key>
+			<real>10</real>
+		</dict>
+		<key>^embedded\.provisionprofile$</key>
+		<dict>
+			<key>weight</key>
+			<real>20</real>
+		</dict>
+		<key>^version\.plist$</key>
+		<dict>
+			<key>weight</key>
+			<real>20</real>
+		</dict>
+	</dict>
+</dict>
+</plist>
diff --git a/ext/bin/tap-windows-ndis5/x64/WdfCoinstaller01011.dll b/ext/bin/tap-windows-ndis5/x64/WdfCoinstaller01011.dll
new file mode 100644
index 0000000..d49d291
Binary files /dev/null and b/ext/bin/tap-windows-ndis5/x64/WdfCoinstaller01011.dll differ
diff --git a/ext/bin/tap-windows-ndis5/x64/zttap200.cat b/ext/bin/tap-windows-ndis5/x64/zttap200.cat
new file mode 100644
index 0000000..a3769e4
Binary files /dev/null and b/ext/bin/tap-windows-ndis5/x64/zttap200.cat differ
diff --git a/ext/bin/tap-windows-ndis5/x64/zttap200.inf b/ext/bin/tap-windows-ndis5/x64/zttap200.inf
new file mode 100644
index 0000000..dc1a742
--- /dev/null
+++ b/ext/bin/tap-windows-ndis5/x64/zttap200.inf
@@ -0,0 +1,79 @@
+[Version]
+Signature="$WINDOWS NT$"
+Class=Net
+ClassGuid={4d36e972-e325-11ce-bfc1-08002be10318}
+Provider=%Provider%
+CatalogFile=zttap200.cat
+DriverVer=01/23/2014,15.19.17.816
+
+[Strings]
+DeviceDescription = "ZeroTier One Virtual Network Port"
+Provider = "ZeroTier Networks LLC"
+
+; To build for x86, take NTamd64 off this and off the named section manually, build, then put it back!
+[Manufacturer]
+%Provider%=zttap200,NTamd64
+
+[zttap200]
+%DeviceDescription%=zttap200.ndi,zttap200
+
+[ztTap200.NTamd64]
+%DeviceDescription%=zttap200.ndi,zttap200
+
+[zttap200.ndi]
+CopyFiles       = zttap200.driver,zttap200.files
+AddReg          = zttap200.reg
+AddReg          = zttap200.params.reg
+Characteristics = 0x81
+
+[zttap200.ndi.Services]
+AddService = zttap200,        2, zttap200.service
+
+[zttap200.reg]
+HKR, Ndi,            Service,      0, "zttap200"
+HKR, Ndi\Interfaces, UpperRange,   0, "ndis5"
+HKR, Ndi\Interfaces, LowerRange,   0, "ethernet"
+HKR, ,               Manufacturer, 0, "%Provider%"
+HKR, ,               ProductName,  0, "%DeviceDescription%"
+
+[zttap200.params.reg]
+HKR, Ndi\params\MTU,                  ParamDesc, 0, "MTU"
+HKR, Ndi\params\MTU,                  Type,      0, "int"
+HKR, Ndi\params\MTU,                  Default,   0, "2800"
+HKR, Ndi\params\MTU,                  Optional,  0, "0"
+HKR, Ndi\params\MTU,                  Min,       0, "100"
+HKR, Ndi\params\MTU,                  Max,       0, "2800"
+HKR, Ndi\params\MTU,                  Step,      0, "1"
+HKR, Ndi\params\MediaStatus,          ParamDesc, 0, "Media Status"
+HKR, Ndi\params\MediaStatus,          Type,      0, "enum"
+HKR, Ndi\params\MediaStatus,          Default,   0, "0"
+HKR, Ndi\params\MediaStatus,          Optional,  0, "0"
+HKR, Ndi\params\MediaStatus\enum,     "0",       0, "Application Controlled"
+HKR, Ndi\params\MediaStatus\enum,     "1",       0, "Always Connected"
+HKR, Ndi\params\MAC,                  ParamDesc, 0, "MAC Address"
+HKR, Ndi\params\MAC,                  Type,      0, "edit"
+HKR, Ndi\params\MAC,                  Optional,  0, "1"
+
+[zttap200.service]
+DisplayName = %DeviceDescription%
+ServiceType = 1
+StartType = 3
+ErrorControl = 1
+LoadOrderGroup = NDIS
+ServiceBinary = %12%\zttap200.sys
+
+[SourceDisksNames]
+1 = %DeviceDescription%, zttap200.sys
+
+[SourceDisksFiles]
+zttap200.sys = 1
+
+[DestinationDirs]
+zttap200.files  = 11
+zttap200.driver = 12
+
+[zttap200.files]
+;
+
+[zttap200.driver]
+zttap200.sys,,,6     ; COPYFLG_NOSKIP | COPYFLG_NOVERSIONCHECK
diff --git a/ext/bin/tap-windows-ndis5/x64/zttap200.sys b/ext/bin/tap-windows-ndis5/x64/zttap200.sys
new file mode 100644
index 0000000..339351f
Binary files /dev/null and b/ext/bin/tap-windows-ndis5/x64/zttap200.sys differ
diff --git a/ext/bin/tap-windows-ndis5/x86/WdfCoinstaller01011.dll b/ext/bin/tap-windows-ndis5/x86/WdfCoinstaller01011.dll
new file mode 100644
index 0000000..e943ea4
Binary files /dev/null and b/ext/bin/tap-windows-ndis5/x86/WdfCoinstaller01011.dll differ
diff --git a/ext/bin/tap-windows-ndis5/x86/zttap200.cat b/ext/bin/tap-windows-ndis5/x86/zttap200.cat
new file mode 100644
index 0000000..d90ecbb
Binary files /dev/null and b/ext/bin/tap-windows-ndis5/x86/zttap200.cat differ
diff --git a/ext/bin/tap-windows-ndis5/x86/zttap200.inf b/ext/bin/tap-windows-ndis5/x86/zttap200.inf
new file mode 100644
index 0000000..99aac9f
--- /dev/null
+++ b/ext/bin/tap-windows-ndis5/x86/zttap200.inf
@@ -0,0 +1,76 @@
+[Version]
+Signature="$WINDOWS NT$"
+Class=Net
+ClassGuid={4d36e972-e325-11ce-bfc1-08002be10318}
+Provider=%Provider%
+CatalogFile=zttap200.cat
+DriverVer=01/24/2014,17.25.51.226
+
+[Strings]
+DeviceDescription = "ZeroTier One Virtual Network Port"
+Provider = "ZeroTier Networks LLC"
+
+; To build for x86, take NTamd64 off this and off the named section manually, build, then put it back!
+[Manufacturer]
+%Provider%=zttap200
+
+[zttap200]
+%DeviceDescription%=zttap200.ndi,zttap200
+
+[zttap200.ndi]
+CopyFiles       = zttap200.driver,zttap200.files
+AddReg          = zttap200.reg
+AddReg          = zttap200.params.reg
+Characteristics = 0x81
+
+[zttap200.ndi.Services]
+AddService = zttap200,        2, zttap200.service
+
+[zttap200.reg]
+HKR, Ndi,            Service,      0, "zttap200"
+HKR, Ndi\Interfaces, UpperRange,   0, "ndis5"
+HKR, Ndi\Interfaces, LowerRange,   0, "ethernet"
+HKR, ,               Manufacturer, 0, "%Provider%"
+HKR, ,               ProductName,  0, "%DeviceDescription%"
+
+[zttap200.params.reg]
+HKR, Ndi\params\MTU,                  ParamDesc, 0, "MTU"
+HKR, Ndi\params\MTU,                  Type,      0, "int"
+HKR, Ndi\params\MTU,                  Default,   0, "2800"
+HKR, Ndi\params\MTU,                  Optional,  0, "0"
+HKR, Ndi\params\MTU,                  Min,       0, "100"
+HKR, Ndi\params\MTU,                  Max,       0, "2800"
+HKR, Ndi\params\MTU,                  Step,      0, "1"
+HKR, Ndi\params\MediaStatus,          ParamDesc, 0, "Media Status"
+HKR, Ndi\params\MediaStatus,          Type,      0, "enum"
+HKR, Ndi\params\MediaStatus,          Default,   0, "0"
+HKR, Ndi\params\MediaStatus,          Optional,  0, "0"
+HKR, Ndi\params\MediaStatus\enum,     "0",       0, "Application Controlled"
+HKR, Ndi\params\MediaStatus\enum,     "1",       0, "Always Connected"
+HKR, Ndi\params\MAC,                  ParamDesc, 0, "MAC Address"
+HKR, Ndi\params\MAC,                  Type,      0, "edit"
+HKR, Ndi\params\MAC,                  Optional,  0, "1"
+
+[zttap200.service]
+DisplayName = %DeviceDescription%
+ServiceType = 1
+StartType = 3
+ErrorControl = 1
+LoadOrderGroup = NDIS
+ServiceBinary = %12%\zttap200.sys
+
+[SourceDisksNames]
+1 = %DeviceDescription%, zttap200.sys
+
+[SourceDisksFiles]
+zttap200.sys = 1
+
+[DestinationDirs]
+zttap200.files  = 11
+zttap200.driver = 12
+
+[zttap200.files]
+;
+
+[zttap200.driver]
+zttap200.sys,,,6     ; COPYFLG_NOSKIP | COPYFLG_NOVERSIONCHECK
diff --git a/ext/bin/tap-windows-ndis5/x86/zttap200.sys b/ext/bin/tap-windows-ndis5/x86/zttap200.sys
new file mode 100644
index 0000000..b7b11fb
Binary files /dev/null and b/ext/bin/tap-windows-ndis5/x86/zttap200.sys differ
diff --git a/ext/bin/tap-windows-ndis6/x64/ZeroTierOne_NDIS6_x64.msi b/ext/bin/tap-windows-ndis6/x64/ZeroTierOne_NDIS6_x64.msi
new file mode 100644
index 0000000..818796f
Binary files /dev/null and b/ext/bin/tap-windows-ndis6/x64/ZeroTierOne_NDIS6_x64.msi differ
diff --git a/ext/bin/tap-windows-ndis6/x64/zttap300.cat b/ext/bin/tap-windows-ndis6/x64/zttap300.cat
new file mode 100644
index 0000000..8b9114c
Binary files /dev/null and b/ext/bin/tap-windows-ndis6/x64/zttap300.cat differ
diff --git a/ext/bin/tap-windows-ndis6/x64/zttap300.inf b/ext/bin/tap-windows-ndis6/x64/zttap300.inf
new file mode 100644
index 0000000..453797b
--- /dev/null
+++ b/ext/bin/tap-windows-ndis6/x64/zttap300.inf
@@ -0,0 +1,143 @@
+;
+; ZeroTier One Virtual Network Port NDIS6 Driver
+;
+; Based on the OpenVPN tap-windows6 driver version 9.21.1 git
+; commit 48f027cfca52b16b5fd23d82e6016ed8a91fc4d3.
+; See: https://github.com/OpenVPN/tap-windows6
+;
+; Modified by ZeroTier, Inc. - https://www.zerotier.com/
+;
+; (1) Comment out 'tun' functionality and related features such as DHCP
+;     emulation, since we don't use any of that. Just want straight 'tap'.
+; (2) Added custom IOCTL to enumerate L2 multicast memberships.
+; (3) Increase maximum number of multicast memberships to 128.
+; (4) Set default and max device MTU to 2800.
+; (5) Rename/rebrand driver as ZeroTier network port driver.
+;
+; Original copyright below. Modifications released under GPLv2 as well.
+;
+; ****************************************************************************
+; * Copyright (C) 2002-2014 OpenVPN Technologies, Inc.                       *
+; *  This program is free software; you can redistribute it and/or modify    *
+; *  it under the terms of the GNU General Public License version 2          *
+; *  as published by the Free Software Foundation.                           *
+; ****************************************************************************
+;
+
+[Version]
+Signature = "$Windows NT$"
+CatalogFile = zttap300.cat
+ClassGUID = {4d36e972-e325-11ce-bfc1-08002be10318}
+Provider = %Provider%
+Class = Net
+DriverVer=08/13/2015,6.2.9200.20557
+
+[Strings]
+DeviceDescription = "ZeroTier One Virtual Port"
+Provider = "ZeroTier Networks LLC" ; We're ZeroTier, Inc. now but kernel mode certs are $300+ so fuqdat.
+
+; To build for x86, take NTamd64 off this and off the named section manually, build, then put it back!
+[Manufacturer]
+%Provider%=zttap300,NTamd64
+
+[zttap300]
+%DeviceDescription% = zttap300.ndi, root\zttap300 ; Root enumerated
+%DeviceDescription% = zttap300.ndi, zttap300      ; Legacy
+
+[zttap300.NTamd64]
+%DeviceDescription% = zttap300.ndi, root\zttap300 ; Root enumerated
+%DeviceDescription% = zttap300.ndi, zttap300      ; Legacy
+
+;----------------- Characteristics ------------
+;    NCF_PHYSICAL = 0x04
+;    NCF_VIRTUAL = 0x01
+;    NCF_SOFTWARE_ENUMERATED = 0x02
+;    NCF_HIDDEN = 0x08
+;    NCF_NO_SERVICE = 0x10
+;    NCF_HAS_UI = 0x80
+;----------------- Characteristics ------------
+[zttap300.ndi]
+CopyFiles       = zttap300.driver, zttap300.files
+AddReg          = zttap300.reg
+AddReg          = zttap300.params.reg
+Characteristics = 0x81
+*IfType            = 0x6 ; IF_TYPE_ETHERNET_CSMACD
+*MediaType         = 0x0 ; NdisMedium802_3
+*PhysicalMediaType = 14  ; NdisPhysicalMedium802_3
+
+[zttap300.ndi.Services]
+AddService = zttap300,        2, zttap300.service
+
+[zttap300.reg]
+HKR, Ndi,            Service,      0, "zttap300"
+HKR, Ndi\Interfaces, UpperRange,   0, "ndis5" ; yes, 'ndis5' is correct... yup, Windows.
+HKR, Ndi\Interfaces, LowerRange,   0, "ethernet"
+HKR, ,               Manufacturer, 0, "%Provider%"
+HKR, ,               ProductName,  0, "%DeviceDescription%"
+
+[zttap300.params.reg]
+HKR, Ndi\params\MTU,                  ParamDesc, 0, "MTU"
+HKR, Ndi\params\MTU,                  Type,      0, "int"
+HKR, Ndi\params\MTU,                  Default,   0, "2800"
+HKR, Ndi\params\MTU,                  Optional,  0, "0"
+HKR, Ndi\params\MTU,                  Min,       0, "100"
+HKR, Ndi\params\MTU,                  Max,       0, "2800"
+HKR, Ndi\params\MTU,                  Step,      0, "1"
+HKR, Ndi\params\MediaStatus,          ParamDesc, 0, "Media Status"
+HKR, Ndi\params\MediaStatus,          Type,      0, "enum"
+HKR, Ndi\params\MediaStatus,          Default,   0, "0"
+HKR, Ndi\params\MediaStatus,          Optional,  0, "0"
+HKR, Ndi\params\MediaStatus\enum,     "0",       0, "Application Controlled"
+HKR, Ndi\params\MediaStatus\enum,     "1",       0, "Always Connected"
+HKR, Ndi\params\MAC,                  ParamDesc, 0, "MAC Address"
+HKR, Ndi\params\MAC,                  Type,      0, "edit"
+HKR, Ndi\params\MAC,                  Optional,  0, "1"
+HKR, Ndi\params\AllowNonAdmin,        ParamDesc, 0, "Non-Admin Access"
+HKR, Ndi\params\AllowNonAdmin,        Type,      0, "enum"
+HKR, Ndi\params\AllowNonAdmin,        Default,   0, "0"
+HKR, Ndi\params\AllowNonAdmin,        Optional,  0, "0"
+HKR, Ndi\params\AllowNonAdmin\enum,   "0",       0, "Not Allowed"
+HKR, Ndi\params\AllowNonAdmin\enum,   "1",       0, "Allowed"
+
+;---------- Service Type -------------
+;    SERVICE_KERNEL_DRIVER     = 0x01
+;    SERVICE_WIN32_OWN_PROCESS = 0x10
+;---------- Service Type -------------
+
+;---------- Start Mode ---------------
+;    SERVICE_BOOT_START   = 0x0
+;    SERVICE_SYSTEM_START = 0x1
+;    SERVICE_AUTO_START   = 0x2
+;    SERVICE_DEMAND_START = 0x3
+;    SERVICE_DISABLED     = 0x4
+;---------- Start Mode ---------------
+
+[zttap300.service]
+DisplayName = %DeviceDescription%
+ServiceType = 1
+StartType = 3
+ErrorControl = 1
+LoadOrderGroup = NDIS
+ServiceBinary = %12%\zttap300.sys
+
+;----------------- Copy Flags ------------
+;    COPYFLG_NOSKIP = 0x02
+;    COPYFLG_NOVERSIONCHECK = 0x04
+;----------------- Copy Flags ------------
+
+[SourceDisksNames]
+1 = %DeviceDescription%, zttap300.sys
+
+[SourceDisksFiles]
+zttap300.sys = 1
+
+[DestinationDirs]
+zttap300.files  = 11
+zttap300.driver = 12
+
+[zttap300.files]
+;
+
+[zttap300.driver]
+zttap300.sys,,,6     ; COPYFLG_NOSKIP | COPYFLG_NOVERSIONCHECK
+
diff --git a/ext/bin/tap-windows-ndis6/x64/zttap300.sys b/ext/bin/tap-windows-ndis6/x64/zttap300.sys
new file mode 100644
index 0000000..3d846a5
Binary files /dev/null and b/ext/bin/tap-windows-ndis6/x64/zttap300.sys differ
diff --git a/ext/bin/tap-windows-ndis6/x86/ZeroTierOne_NDIS6_x86.msi b/ext/bin/tap-windows-ndis6/x86/ZeroTierOne_NDIS6_x86.msi
new file mode 100644
index 0000000..b9e2d7e
Binary files /dev/null and b/ext/bin/tap-windows-ndis6/x86/ZeroTierOne_NDIS6_x86.msi differ
diff --git a/ext/bin/tap-windows-ndis6/x86/zttap300.cat b/ext/bin/tap-windows-ndis6/x86/zttap300.cat
new file mode 100644
index 0000000..44347f5
Binary files /dev/null and b/ext/bin/tap-windows-ndis6/x86/zttap300.cat differ
diff --git a/ext/bin/tap-windows-ndis6/x86/zttap300.inf b/ext/bin/tap-windows-ndis6/x86/zttap300.inf
new file mode 100644
index 0000000..453797b
--- /dev/null
+++ b/ext/bin/tap-windows-ndis6/x86/zttap300.inf
@@ -0,0 +1,143 @@
+;
+; ZeroTier One Virtual Network Port NDIS6 Driver
+;
+; Based on the OpenVPN tap-windows6 driver version 9.21.1 git
+; commit 48f027cfca52b16b5fd23d82e6016ed8a91fc4d3.
+; See: https://github.com/OpenVPN/tap-windows6
+;
+; Modified by ZeroTier, Inc. - https://www.zerotier.com/
+;
+; (1) Comment out 'tun' functionality and related features such as DHCP
+;     emulation, since we don't use any of that. Just want straight 'tap'.
+; (2) Added custom IOCTL to enumerate L2 multicast memberships.
+; (3) Increase maximum number of multicast memberships to 128.
+; (4) Set default and max device MTU to 2800.
+; (5) Rename/rebrand driver as ZeroTier network port driver.
+;
+; Original copyright below. Modifications released under GPLv2 as well.
+;
+; ****************************************************************************
+; * Copyright (C) 2002-2014 OpenVPN Technologies, Inc.                       *
+; *  This program is free software; you can redistribute it and/or modify    *
+; *  it under the terms of the GNU General Public License version 2          *
+; *  as published by the Free Software Foundation.                           *
+; ****************************************************************************
+;
+
+[Version]
+Signature = "$Windows NT$"
+CatalogFile = zttap300.cat
+ClassGUID = {4d36e972-e325-11ce-bfc1-08002be10318}
+Provider = %Provider%
+Class = Net
+DriverVer=08/13/2015,6.2.9200.20557
+
+[Strings]
+DeviceDescription = "ZeroTier One Virtual Port"
+Provider = "ZeroTier Networks LLC" ; We're ZeroTier, Inc. now but kernel mode certs are $300+ so fuqdat.
+
+; To build for x86, take NTamd64 off this and off the named section manually, build, then put it back!
+[Manufacturer]
+%Provider%=zttap300,NTamd64
+
+[zttap300]
+%DeviceDescription% = zttap300.ndi, root\zttap300 ; Root enumerated
+%DeviceDescription% = zttap300.ndi, zttap300      ; Legacy
+
+[zttap300.NTamd64]
+%DeviceDescription% = zttap300.ndi, root\zttap300 ; Root enumerated
+%DeviceDescription% = zttap300.ndi, zttap300      ; Legacy
+
+;----------------- Characteristics ------------
+;    NCF_PHYSICAL = 0x04
+;    NCF_VIRTUAL = 0x01
+;    NCF_SOFTWARE_ENUMERATED = 0x02
+;    NCF_HIDDEN = 0x08
+;    NCF_NO_SERVICE = 0x10
+;    NCF_HAS_UI = 0x80
+;----------------- Characteristics ------------
+[zttap300.ndi]
+CopyFiles       = zttap300.driver, zttap300.files
+AddReg          = zttap300.reg
+AddReg          = zttap300.params.reg
+Characteristics = 0x81
+*IfType            = 0x6 ; IF_TYPE_ETHERNET_CSMACD
+*MediaType         = 0x0 ; NdisMedium802_3
+*PhysicalMediaType = 14  ; NdisPhysicalMedium802_3
+
+[zttap300.ndi.Services]
+AddService = zttap300,        2, zttap300.service
+
+[zttap300.reg]
+HKR, Ndi,            Service,      0, "zttap300"
+HKR, Ndi\Interfaces, UpperRange,   0, "ndis5" ; yes, 'ndis5' is correct... yup, Windows.
+HKR, Ndi\Interfaces, LowerRange,   0, "ethernet"
+HKR, ,               Manufacturer, 0, "%Provider%"
+HKR, ,               ProductName,  0, "%DeviceDescription%"
+
+[zttap300.params.reg]
+HKR, Ndi\params\MTU,                  ParamDesc, 0, "MTU"
+HKR, Ndi\params\MTU,                  Type,      0, "int"
+HKR, Ndi\params\MTU,                  Default,   0, "2800"
+HKR, Ndi\params\MTU,                  Optional,  0, "0"
+HKR, Ndi\params\MTU,                  Min,       0, "100"
+HKR, Ndi\params\MTU,                  Max,       0, "2800"
+HKR, Ndi\params\MTU,                  Step,      0, "1"
+HKR, Ndi\params\MediaStatus,          ParamDesc, 0, "Media Status"
+HKR, Ndi\params\MediaStatus,          Type,      0, "enum"
+HKR, Ndi\params\MediaStatus,          Default,   0, "0"
+HKR, Ndi\params\MediaStatus,          Optional,  0, "0"
+HKR, Ndi\params\MediaStatus\enum,     "0",       0, "Application Controlled"
+HKR, Ndi\params\MediaStatus\enum,     "1",       0, "Always Connected"
+HKR, Ndi\params\MAC,                  ParamDesc, 0, "MAC Address"
+HKR, Ndi\params\MAC,                  Type,      0, "edit"
+HKR, Ndi\params\MAC,                  Optional,  0, "1"
+HKR, Ndi\params\AllowNonAdmin,        ParamDesc, 0, "Non-Admin Access"
+HKR, Ndi\params\AllowNonAdmin,        Type,      0, "enum"
+HKR, Ndi\params\AllowNonAdmin,        Default,   0, "0"
+HKR, Ndi\params\AllowNonAdmin,        Optional,  0, "0"
+HKR, Ndi\params\AllowNonAdmin\enum,   "0",       0, "Not Allowed"
+HKR, Ndi\params\AllowNonAdmin\enum,   "1",       0, "Allowed"
+
+;---------- Service Type -------------
+;    SERVICE_KERNEL_DRIVER     = 0x01
+;    SERVICE_WIN32_OWN_PROCESS = 0x10
+;---------- Service Type -------------
+
+;---------- Start Mode ---------------
+;    SERVICE_BOOT_START   = 0x0
+;    SERVICE_SYSTEM_START = 0x1
+;    SERVICE_AUTO_START   = 0x2
+;    SERVICE_DEMAND_START = 0x3
+;    SERVICE_DISABLED     = 0x4
+;---------- Start Mode ---------------
+
+[zttap300.service]
+DisplayName = %DeviceDescription%
+ServiceType = 1
+StartType = 3
+ErrorControl = 1
+LoadOrderGroup = NDIS
+ServiceBinary = %12%\zttap300.sys
+
+;----------------- Copy Flags ------------
+;    COPYFLG_NOSKIP = 0x02
+;    COPYFLG_NOVERSIONCHECK = 0x04
+;----------------- Copy Flags ------------
+
+[SourceDisksNames]
+1 = %DeviceDescription%, zttap300.sys
+
+[SourceDisksFiles]
+zttap300.sys = 1
+
+[DestinationDirs]
+zttap300.files  = 11
+zttap300.driver = 12
+
+[zttap300.files]
+;
+
+[zttap300.driver]
+zttap300.sys,,,6     ; COPYFLG_NOSKIP | COPYFLG_NOVERSIONCHECK
+
diff --git a/ext/bin/tap-windows-ndis6/x86/zttap300.sys b/ext/bin/tap-windows-ndis6/x86/zttap300.sys
new file mode 100644
index 0000000..664398e
Binary files /dev/null and b/ext/bin/tap-windows-ndis6/x86/zttap300.sys differ
diff --git a/ext/http-parser/AUTHORS b/ext/http-parser/AUTHORS
new file mode 100644
index 0000000..5323b68
--- /dev/null
+++ b/ext/http-parser/AUTHORS
@@ -0,0 +1,68 @@
+# Authors ordered by first contribution.
+Ryan Dahl <ry@tinyclouds.org>
+Jeremy Hinegardner <jeremy@hinegardner.org>
+Sergey Shepelev <temotor@gmail.com>
+Joe Damato <ice799@gmail.com>
+tomika <tomika_nospam@freemail.hu>
+Phoenix Sol <phoenix@burninglabs.com>
+Cliff Frey <cliff@meraki.com>
+Ewen Cheslack-Postava <ewencp@cs.stanford.edu>
+Santiago Gala <sgala@apache.org>
+Tim Becker <tim.becker@syngenio.de>
+Jeff Terrace <jterrace@gmail.com>
+Ben Noordhuis <info@bnoordhuis.nl>
+Nathan Rajlich <nathan@tootallnate.net>
+Mark Nottingham <mnot@mnot.net>
+Aman Gupta <aman@tmm1.net>
+Tim Becker <tim.becker@kuriositaet.de>
+Sean Cunningham <sean.cunningham@mandiant.com>
+Peter Griess <pg@std.in>
+Salman Haq <salman.haq@asti-usa.com>
+Cliff Frey <clifffrey@gmail.com>
+Jon Kolb <jon@b0g.us>
+Fouad Mardini <f.mardini@gmail.com>
+Paul Querna <pquerna@apache.org>
+Felix Geisendörfer <felix@debuggable.com>
+koichik <koichik@improvement.jp>
+Andre Caron <andre.l.caron@gmail.com>
+Ivo Raisr <ivosh@ivosh.net>
+James McLaughlin <jamie@lacewing-project.org>
+David Gwynne <loki@animata.net>
+Thomas LE ROUX <thomas@november-eleven.fr>
+Randy Rizun <rrizun@ortivawireless.com>
+Andre Louis Caron <andre.louis.caron@usherbrooke.ca>
+Simon Zimmermann <simonz05@gmail.com>
+Erik Dubbelboer <erik@dubbelboer.com>
+Martell Malone <martellmalone@gmail.com>
+Bertrand Paquet <bpaquet@octo.com>
+BogDan Vatra <bogdan@kde.org>
+Peter Faiman <peter@thepicard.org>
+Corey Richardson <corey@octayn.net>
+Tóth Tamás <tomika_nospam@freemail.hu>
+Cam Swords <cam.swords@gmail.com>
+Chris Dickinson <christopher.s.dickinson@gmail.com>
+Uli Köhler <ukoehler@btronik.de>
+Charlie Somerville <charlie@charliesomerville.com>
+Patrik Stutz <patrik.stutz@gmail.com>
+Fedor Indutny <fedor.indutny@gmail.com>
+runner <runner.mei@gmail.com>
+Alexis Campailla <alexis@janeasystems.com>
+David Wragg <david@wragg.org>
+Vinnie Falco <vinnie.falco@gmail.com>
+Alex Butum <alexbutum@linux.com>
+Rex Feng <rexfeng@gmail.com>
+Alex Kocharin <alex@kocharin.ru>
+Mark Koopman <markmontymark@yahoo.com>
+Helge Heß <me@helgehess.eu>
+Alexis La Goutte <alexis.lagoutte@gmail.com>
+George Miroshnykov <george.miroshnykov@gmail.com>
+Maciej Małecki <me@mmalecki.com>
+Marc O'Morain <github.com@marcomorain.com>
+Jeff Pinner <jpinner@twitter.com>
+Timothy J Fontaine <tjfontaine@gmail.com>
+Akagi201 <akagi201@gmail.com>
+Romain Giraud <giraud.romain@gmail.com>
+Jay Satiro <raysatiro@yahoo.com>
+Arne Steen <Arne.Steen@gmx.de>
+Kjell Schubert <kjell.schubert@gmail.com>
+Olivier Mengué <dolmen@cpan.org>
diff --git a/ext/http-parser/LICENSE-MIT b/ext/http-parser/LICENSE-MIT
new file mode 100644
index 0000000..58010b3
--- /dev/null
+++ b/ext/http-parser/LICENSE-MIT
@@ -0,0 +1,23 @@
+http_parser.c is based on src/http/ngx_http_parse.c from NGINX copyright
+Igor Sysoev.
+
+Additional changes are licensed under the same terms as NGINX and
+copyright Joyent, Inc. and other Node contributors. All rights reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to
+deal in the Software without restriction, including without limitation the
+rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+sell copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+IN THE SOFTWARE. 
diff --git a/ext/http-parser/README.md b/ext/http-parser/README.md
new file mode 100644
index 0000000..439b309
--- /dev/null
+++ b/ext/http-parser/README.md
@@ -0,0 +1,246 @@
+HTTP Parser
+===========
+
+[![Build Status](https://api.travis-ci.org/nodejs/http-parser.svg?branch=master)](https://travis-ci.org/nodejs/http-parser)
+
+This is a parser for HTTP messages written in C. It parses both requests and
+responses. The parser is designed to be used in performance HTTP
+applications. It does not make any syscalls nor allocations, it does not
+buffer data, it can be interrupted at anytime. Depending on your
+architecture, it only requires about 40 bytes of data per message
+stream (in a web server that is per connection).
+
+Features:
+
+  * No dependencies
+  * Handles persistent streams (keep-alive).
+  * Decodes chunked encoding.
+  * Upgrade support
+  * Defends against buffer overflow attacks.
+
+The parser extracts the following information from HTTP messages:
+
+  * Header fields and values
+  * Content-Length
+  * Request method
+  * Response status code
+  * Transfer-Encoding
+  * HTTP version
+  * Request URL
+  * Message body
+
+
+Usage
+-----
+
+One `http_parser` object is used per TCP connection. Initialize the struct
+using `http_parser_init()` and set the callbacks. That might look something
+like this for a request parser:
+```c
+http_parser_settings settings;
+settings.on_url = my_url_callback;
+settings.on_header_field = my_header_field_callback;
+/* ... */
+
+http_parser *parser = malloc(sizeof(http_parser));
+http_parser_init(parser, HTTP_REQUEST);
+parser->data = my_socket;
+```
+
+When data is received on the socket execute the parser and check for errors.
+
+```c
+size_t len = 80*1024, nparsed;
+char buf[len];
+ssize_t recved;
+
+recved = recv(fd, buf, len, 0);
+
+if (recved < 0) {
+  /* Handle error. */
+}
+
+/* Start up / continue the parser.
+ * Note we pass recved==0 to signal that EOF has been received.
+ */
+nparsed = http_parser_execute(parser, &settings, buf, recved);
+
+if (parser->upgrade) {
+  /* handle new protocol */
+} else if (nparsed != recved) {
+  /* Handle error. Usually just close the connection. */
+}
+```
+
+HTTP needs to know where the end of the stream is. For example, sometimes
+servers send responses without Content-Length and expect the client to
+consume input (for the body) until EOF. To tell http_parser about EOF, give
+`0` as the fourth parameter to `http_parser_execute()`. Callbacks and errors
+can still be encountered during an EOF, so one must still be prepared
+to receive them.
+
+Scalar valued message information such as `status_code`, `method`, and the
+HTTP version are stored in the parser structure. This data is only
+temporally stored in `http_parser` and gets reset on each new message. If
+this information is needed later, copy it out of the structure during the
+`headers_complete` callback.
+
+The parser decodes the transfer-encoding for both requests and responses
+transparently. That is, a chunked encoding is decoded before being sent to
+the on_body callback.
+
+
+The Special Problem of Upgrade
+------------------------------
+
+HTTP supports upgrading the connection to a different protocol. An
+increasingly common example of this is the WebSocket protocol which sends
+a request like
+
+        GET /demo HTTP/1.1
+        Upgrade: WebSocket
+        Connection: Upgrade
+        Host: example.com
+        Origin: http://example.com
+        WebSocket-Protocol: sample
+
+followed by non-HTTP data.
+
+(See [RFC6455](https://tools.ietf.org/html/rfc6455) for more information the
+WebSocket protocol.)
+
+To support this, the parser will treat this as a normal HTTP message without a
+body, issuing both on_headers_complete and on_message_complete callbacks. However
+http_parser_execute() will stop parsing at the end of the headers and return.
+
+The user is expected to check if `parser->upgrade` has been set to 1 after
+`http_parser_execute()` returns. Non-HTTP data begins at the buffer supplied
+offset by the return value of `http_parser_execute()`.
+
+
+Callbacks
+---------
+
+During the `http_parser_execute()` call, the callbacks set in
+`http_parser_settings` will be executed. The parser maintains state and
+never looks behind, so buffering the data is not necessary. If you need to
+save certain data for later usage, you can do that from the callbacks.
+
+There are two types of callbacks:
+
+* notification `typedef int (*http_cb) (http_parser*);`
+    Callbacks: on_message_begin, on_headers_complete, on_message_complete.
+* data `typedef int (*http_data_cb) (http_parser*, const char *at, size_t length);`
+    Callbacks: (requests only) on_url,
+               (common) on_header_field, on_header_value, on_body;
+
+Callbacks must return 0 on success. Returning a non-zero value indicates
+error to the parser, making it exit immediately.
+
+For cases where it is necessary to pass local information to/from a callback,
+the `http_parser` object's `data` field can be used.
+An example of such a case is when using threads to handle a socket connection,
+parse a request, and then give a response over that socket. By instantiation
+of a thread-local struct containing relevant data (e.g. accepted socket,
+allocated memory for callbacks to write into, etc), a parser's callbacks are
+able to communicate data between the scope of the thread and the scope of the
+callback in a threadsafe manner. This allows http-parser to be used in
+multi-threaded contexts.
+
+Example:
+```c
+ typedef struct {
+  socket_t sock;
+  void* buffer;
+  int buf_len;
+ } custom_data_t;
+
+
+int my_url_callback(http_parser* parser, const char *at, size_t length) {
+  /* access to thread local custom_data_t struct.
+  Use this access save parsed data for later use into thread local
+  buffer, or communicate over socket
+  */
+  parser->data;
+  ...
+  return 0;
+}
+
+...
+
+void http_parser_thread(socket_t sock) {
+ int nparsed = 0;
+ /* allocate memory for user data */
+ custom_data_t *my_data = malloc(sizeof(custom_data_t));
+
+ /* some information for use by callbacks.
+ * achieves thread -> callback information flow */
+ my_data->sock = sock;
+
+ /* instantiate a thread-local parser */
+ http_parser *parser = malloc(sizeof(http_parser));
+ http_parser_init(parser, HTTP_REQUEST); /* initialise parser */
+ /* this custom data reference is accessible through the reference to the
+ parser supplied to callback functions */
+ parser->data = my_data;
+
+ http_parser_settings settings; /* set up callbacks */
+ settings.on_url = my_url_callback;
+
+ /* execute parser */
+ nparsed = http_parser_execute(parser, &settings, buf, recved);
+
+ ...
+ /* parsed information copied from callback.
+ can now perform action on data copied into thread-local memory from callbacks.
+ achieves callback -> thread information flow */
+ my_data->buffer;
+ ...
+}
+
+```
+
+In case you parse HTTP message in chunks (i.e. `read()` request line
+from socket, parse, read half headers, parse, etc) your data callbacks
+may be called more than once. Http-parser guarantees that data pointer is only
+valid for the lifetime of callback. You can also `read()` into a heap allocated
+buffer to avoid copying memory around if this fits your application.
+
+Reading headers may be a tricky task if you read/parse headers partially.
+Basically, you need to remember whether last header callback was field or value
+and apply the following logic:
+
+    (on_header_field and on_header_value shortened to on_h_*)
+     ------------------------ ------------ --------------------------------------------
+    | State (prev. callback) | Callback   | Description/action                         |
+     ------------------------ ------------ --------------------------------------------
+    | nothing (first call)   | on_h_field | Allocate new buffer and copy callback data |
+    |                        |            | into it                                    |
+     ------------------------ ------------ --------------------------------------------
+    | value                  | on_h_field | New header started.                        |
+    |                        |            | Copy current name,value buffers to headers |
+    |                        |            | list and allocate new buffer for new name  |
+     ------------------------ ------------ --------------------------------------------
+    | field                  | on_h_field | Previous name continues. Reallocate name   |
+    |                        |            | buffer and append callback data to it      |
+     ------------------------ ------------ --------------------------------------------
+    | field                  | on_h_value | Value for current header started. Allocate |
+    |                        |            | new buffer and copy callback data to it    |
+     ------------------------ ------------ --------------------------------------------
+    | value                  | on_h_value | Value continues. Reallocate value buffer   |
+    |                        |            | and append callback data to it             |
+     ------------------------ ------------ --------------------------------------------
+
+
+Parsing URLs
+------------
+
+A simplistic zero-copy URL parser is provided as `http_parser_parse_url()`.
+Users of this library may wish to use it to parse URLs constructed from
+consecutive `on_url` callbacks.
+
+See examples of reading in headers:
+
+* [partial example](http://gist.github.com/155877) in C
+* [from http-parser tests](http://github.com/joyent/http-parser/blob/37a0ff8/test.c#L403) in C
+* [from Node library](http://github.com/joyent/node/blob/842eaf4/src/http.js#L284) in Javascript
diff --git a/ext/http-parser/http_parser.c b/ext/http-parser/http_parser.c
new file mode 100644
index 0000000..3c896ff
--- /dev/null
+++ b/ext/http-parser/http_parser.c
@@ -0,0 +1,2469 @@
+/* Based on src/http/ngx_http_parse.c from NGINX copyright Igor Sysoev
+ *
+ * Additional changes are licensed under the same terms as NGINX and
+ * copyright Joyent, Inc. and other Node contributors. All rights reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+#include "http_parser.h"
+#include <assert.h>
+#include <stddef.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
+
+#ifndef ULLONG_MAX
+# define ULLONG_MAX ((uint64_t) -1) /* 2^64-1 */
+#endif
+
+#ifndef MIN
+# define MIN(a,b) ((a) < (b) ? (a) : (b))
+#endif
+
+#ifndef ARRAY_SIZE
+# define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0]))
+#endif
+
+#ifndef BIT_AT
+# define BIT_AT(a, i)                                                \
+  (!!((unsigned int) (a)[(unsigned int) (i) >> 3] &                  \
+   (1 << ((unsigned int) (i) & 7))))
+#endif
+
+#ifndef ELEM_AT
+# define ELEM_AT(a, i, v) ((unsigned int) (i) < ARRAY_SIZE(a) ? (a)[(i)] : (v))
+#endif
+
+#define SET_ERRNO(e)                                                 \
+do {                                                                 \
+  parser->http_errno = (e);                                          \
+} while(0)
+
+#define CURRENT_STATE() p_state
+#define UPDATE_STATE(V) p_state = (enum state) (V);
+#define RETURN(V)                                                    \
+do {                                                                 \
+  parser->state = CURRENT_STATE();                                   \
+  return (V);                                                        \
+} while (0);
+#define REEXECUTE()                                                  \
+  goto reexecute;                                                    \
+
+
+#ifdef __GNUC__
+# define LIKELY(X) __builtin_expect(!!(X), 1)
+# define UNLIKELY(X) __builtin_expect(!!(X), 0)
+#else
+# define LIKELY(X) (X)
+# define UNLIKELY(X) (X)
+#endif
+
+
+/* Run the notify callback FOR, returning ER if it fails */
+#define CALLBACK_NOTIFY_(FOR, ER)                                    \
+do {                                                                 \
+  assert(HTTP_PARSER_ERRNO(parser) == HPE_OK);                       \
+                                                                     \
+  if (LIKELY(settings->on_##FOR)) {                                  \
+    parser->state = CURRENT_STATE();                                 \
+    if (UNLIKELY(0 != settings->on_##FOR(parser))) {                 \
+      SET_ERRNO(HPE_CB_##FOR);                                       \
+    }                                                                \
+    UPDATE_STATE(parser->state);                                     \
+                                                                     \
+    /* We either errored above or got paused; get out */             \
+    if (UNLIKELY(HTTP_PARSER_ERRNO(parser) != HPE_OK)) {             \
+      return (ER);                                                   \
+    }                                                                \
+  }                                                                  \
+} while (0)
+
+/* Run the notify callback FOR and consume the current byte */
+#define CALLBACK_NOTIFY(FOR)            CALLBACK_NOTIFY_(FOR, p - data + 1)
+
+/* Run the notify callback FOR and don't consume the current byte */
+#define CALLBACK_NOTIFY_NOADVANCE(FOR)  CALLBACK_NOTIFY_(FOR, p - data)
+
+/* Run data callback FOR with LEN bytes, returning ER if it fails */
+#define CALLBACK_DATA_(FOR, LEN, ER)                                 \
+do {                                                                 \
+  assert(HTTP_PARSER_ERRNO(parser) == HPE_OK);                       \
+                                                                     \
+  if (FOR##_mark) {                                                  \
+    if (LIKELY(settings->on_##FOR)) {                                \
+      parser->state = CURRENT_STATE();                               \
+      if (UNLIKELY(0 !=                                              \
+                   settings->on_##FOR(parser, FOR##_mark, (LEN)))) { \
+        SET_ERRNO(HPE_CB_##FOR);                                     \
+      }                                                              \
+      UPDATE_STATE(parser->state);                                   \
+                                                                     \
+      /* We either errored above or got paused; get out */           \
+      if (UNLIKELY(HTTP_PARSER_ERRNO(parser) != HPE_OK)) {           \
+        return (ER);                                                 \
+      }                                                              \
+    }                                                                \
+    FOR##_mark = NULL;                                               \
+  }                                                                  \
+} while (0)
+
+/* Run the data callback FOR and consume the current byte */
+#define CALLBACK_DATA(FOR)                                           \
+    CALLBACK_DATA_(FOR, p - FOR##_mark, p - data + 1)
+
+/* Run the data callback FOR and don't consume the current byte */
+#define CALLBACK_DATA_NOADVANCE(FOR)                                 \
+    CALLBACK_DATA_(FOR, p - FOR##_mark, p - data)
+
+/* Set the mark FOR; non-destructive if mark is already set */
+#define MARK(FOR)                                                    \
+do {                                                                 \
+  if (!FOR##_mark) {                                                 \
+    FOR##_mark = p;                                                  \
+  }                                                                  \
+} while (0)
+
+/* Don't allow the total size of the HTTP headers (including the status
+ * line) to exceed HTTP_MAX_HEADER_SIZE.  This check is here to protect
+ * embedders against denial-of-service attacks where the attacker feeds
+ * us a never-ending header that the embedder keeps buffering.
+ *
+ * This check is arguably the responsibility of embedders but we're doing
+ * it on the embedder's behalf because most won't bother and this way we
+ * make the web a little safer.  HTTP_MAX_HEADER_SIZE is still far bigger
+ * than any reasonable request or response so this should never affect
+ * day-to-day operation.
+ */
+#define COUNT_HEADER_SIZE(V)                                         \
+do {                                                                 \
+  parser->nread += (V);                                              \
+  if (UNLIKELY(parser->nread > (HTTP_MAX_HEADER_SIZE))) {            \
+    SET_ERRNO(HPE_HEADER_OVERFLOW);                                  \
+    goto error;                                                      \
+  }                                                                  \
+} while (0)
+
+
+#define PROXY_CONNECTION "proxy-connection"
+#define CONNECTION "connection"
+#define CONTENT_LENGTH "content-length"
+#define TRANSFER_ENCODING "transfer-encoding"
+#define UPGRADE "upgrade"
+#define CHUNKED "chunked"
+#define KEEP_ALIVE "keep-alive"
+#define CLOSE "close"
+
+
+static const char *method_strings[] =
+  {
+#define XX(num, name, string) #string,
+  HTTP_METHOD_MAP(XX)
+#undef XX
+  };
+
+
+/* Tokens as defined by rfc 2616. Also lowercases them.
+ *        token       = 1*<any CHAR except CTLs or separators>
+ *     separators     = "(" | ")" | "<" | ">" | "@"
+ *                    | "," | ";" | ":" | "\" | <">
+ *                    | "/" | "[" | "]" | "?" | "="
+ *                    | "{" | "}" | SP | HT
+ */
+static const char tokens[256] = {
+/*   0 nul    1 soh    2 stx    3 etx    4 eot    5 enq    6 ack    7 bel  */
+        0,       0,       0,       0,       0,       0,       0,       0,
+/*   8 bs     9 ht    10 nl    11 vt    12 np    13 cr    14 so    15 si   */
+        0,       0,       0,       0,       0,       0,       0,       0,
+/*  16 dle   17 dc1   18 dc2   19 dc3   20 dc4   21 nak   22 syn   23 etb */
+        0,       0,       0,       0,       0,       0,       0,       0,
+/*  24 can   25 em    26 sub   27 esc   28 fs    29 gs    30 rs    31 us  */
+        0,       0,       0,       0,       0,       0,       0,       0,
+/*  32 sp    33  !    34  "    35  #    36  $    37  %    38  &    39  '  */
+        0,      '!',      0,      '#',     '$',     '%',     '&',    '\'',
+/*  40  (    41  )    42  *    43  +    44  ,    45  -    46  .    47  /  */
+        0,       0,      '*',     '+',      0,      '-',     '.',      0,
+/*  48  0    49  1    50  2    51  3    52  4    53  5    54  6    55  7  */
+       '0',     '1',     '2',     '3',     '4',     '5',     '6',     '7',
+/*  56  8    57  9    58  :    59  ;    60  <    61  =    62  >    63  ?  */
+       '8',     '9',      0,       0,       0,       0,       0,       0,
+/*  64  @    65  A    66  B    67  C    68  D    69  E    70  F    71  G  */
+        0,      'a',     'b',     'c',     'd',     'e',     'f',     'g',
+/*  72  H    73  I    74  J    75  K    76  L    77  M    78  N    79  O  */
+       'h',     'i',     'j',     'k',     'l',     'm',     'n',     'o',
+/*  80  P    81  Q    82  R    83  S    84  T    85  U    86  V    87  W  */
+       'p',     'q',     'r',     's',     't',     'u',     'v',     'w',
+/*  88  X    89  Y    90  Z    91  [    92  \    93  ]    94  ^    95  _  */
+       'x',     'y',     'z',      0,       0,       0,      '^',     '_',
+/*  96  `    97  a    98  b    99  c   100  d   101  e   102  f   103  g  */
+       '`',     'a',     'b',     'c',     'd',     'e',     'f',     'g',
+/* 104  h   105  i   106  j   107  k   108  l   109  m   110  n   111  o  */
+       'h',     'i',     'j',     'k',     'l',     'm',     'n',     'o',
+/* 112  p   113  q   114  r   115  s   116  t   117  u   118  v   119  w  */
+       'p',     'q',     'r',     's',     't',     'u',     'v',     'w',
+/* 120  x   121  y   122  z   123  {   124  |   125  }   126  ~   127 del */
+       'x',     'y',     'z',      0,      '|',      0,      '~',       0 };
+
+
+static const int8_t unhex[256] =
+  {-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1
+  ,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1
+  ,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1
+  , 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,-1,-1,-1,-1,-1,-1
+  ,-1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1
+  ,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1
+  ,-1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1
+  ,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1
+  };
+
+
+#if HTTP_PARSER_STRICT
+# define T(v) 0
+#else
+# define T(v) v
+#endif
+
+
+static const uint8_t normal_url_char[32] = {
+/*   0 nul    1 soh    2 stx    3 etx    4 eot    5 enq    6 ack    7 bel  */
+        0    |   0    |   0    |   0    |   0    |   0    |   0    |   0,
+/*   8 bs     9 ht    10 nl    11 vt    12 np    13 cr    14 so    15 si   */
+        0    | T(2)   |   0    |   0    | T(16)  |   0    |   0    |   0,
+/*  16 dle   17 dc1   18 dc2   19 dc3   20 dc4   21 nak   22 syn   23 etb */
+        0    |   0    |   0    |   0    |   0    |   0    |   0    |   0,
+/*  24 can   25 em    26 sub   27 esc   28 fs    29 gs    30 rs    31 us  */
+        0    |   0    |   0    |   0    |   0    |   0    |   0    |   0,
+/*  32 sp    33  !    34  "    35  #    36  $    37  %    38  &    39  '  */
+        0    |   2    |   4    |   0    |   16   |   32   |   64   |  128,
+/*  40  (    41  )    42  *    43  +    44  ,    45  -    46  .    47  /  */
+        1    |   2    |   4    |   8    |   16   |   32   |   64   |  128,
+/*  48  0    49  1    50  2    51  3    52  4    53  5    54  6    55  7  */
+        1    |   2    |   4    |   8    |   16   |   32   |   64   |  128,
+/*  56  8    57  9    58  :    59  ;    60  <    61  =    62  >    63  ?  */
+        1    |   2    |   4    |   8    |   16   |   32   |   64   |   0,
+/*  64  @    65  A    66  B    67  C    68  D    69  E    70  F    71  G  */
+        1    |   2    |   4    |   8    |   16   |   32   |   64   |  128,
+/*  72  H    73  I    74  J    75  K    76  L    77  M    78  N    79  O  */
+        1    |   2    |   4    |   8    |   16   |   32   |   64   |  128,
+/*  80  P    81  Q    82  R    83  S    84  T    85  U    86  V    87  W  */
+        1    |   2    |   4    |   8    |   16   |   32   |   64   |  128,
+/*  88  X    89  Y    90  Z    91  [    92  \    93  ]    94  ^    95  _  */
+        1    |   2    |   4    |   8    |   16   |   32   |   64   |  128,
+/*  96  `    97  a    98  b    99  c   100  d   101  e   102  f   103  g  */
+        1    |   2    |   4    |   8    |   16   |   32   |   64   |  128,
+/* 104  h   105  i   106  j   107  k   108  l   109  m   110  n   111  o  */
+        1    |   2    |   4    |   8    |   16   |   32   |   64   |  128,
+/* 112  p   113  q   114  r   115  s   116  t   117  u   118  v   119  w  */
+        1    |   2    |   4    |   8    |   16   |   32   |   64   |  128,
+/* 120  x   121  y   122  z   123  {   124  |   125  }   126  ~   127 del */
+        1    |   2    |   4    |   8    |   16   |   32   |   64   |   0, };
+
+#undef T
+
+enum state
+  { s_dead = 1 /* important that this is > 0 */
+
+  , s_start_req_or_res
+  , s_res_or_resp_H
+  , s_start_res
+  , s_res_H
+  , s_res_HT
+  , s_res_HTT
+  , s_res_HTTP
+  , s_res_first_http_major
+  , s_res_http_major
+  , s_res_first_http_minor
+  , s_res_http_minor
+  , s_res_first_status_code
+  , s_res_status_code
+  , s_res_status_start
+  , s_res_status
+  , s_res_line_almost_done
+
+  , s_start_req
+
+  , s_req_method
+  , s_req_spaces_before_url
+  , s_req_schema
+  , s_req_schema_slash
+  , s_req_schema_slash_slash
+  , s_req_server_start
+  , s_req_server
+  , s_req_server_with_at
+  , s_req_path
+  , s_req_query_string_start
+  , s_req_query_string
+  , s_req_fragment_start
+  , s_req_fragment
+  , s_req_http_start
+  , s_req_http_H
+  , s_req_http_HT
+  , s_req_http_HTT
+  , s_req_http_HTTP
+  , s_req_first_http_major
+  , s_req_http_major
+  , s_req_first_http_minor
+  , s_req_http_minor
+  , s_req_line_almost_done
+
+  , s_header_field_start
+  , s_header_field
+  , s_header_value_discard_ws
+  , s_header_value_discard_ws_almost_done
+  , s_header_value_discard_lws
+  , s_header_value_start
+  , s_header_value
+  , s_header_value_lws
+
+  , s_header_almost_done
+
+  , s_chunk_size_start
+  , s_chunk_size
+  , s_chunk_parameters
+  , s_chunk_size_almost_done
+
+  , s_headers_almost_done
+  , s_headers_done
+
+  /* Important: 's_headers_done' must be the last 'header' state. All
+   * states beyond this must be 'body' states. It is used for overflow
+   * checking. See the PARSING_HEADER() macro.
+   */
+
+  , s_chunk_data
+  , s_chunk_data_almost_done
+  , s_chunk_data_done
+
+  , s_body_identity
+  , s_body_identity_eof
+
+  , s_message_done
+  };
+
+
+#define PARSING_HEADER(state) (state <= s_headers_done)
+
+
+enum header_states
+  { h_general = 0
+  , h_C
+  , h_CO
+  , h_CON
+
+  , h_matching_connection
+  , h_matching_proxy_connection
+  , h_matching_content_length
+  , h_matching_transfer_encoding
+  , h_matching_upgrade
+
+  , h_connection
+  , h_content_length
+  , h_transfer_encoding
+  , h_upgrade
+
+  , h_matching_transfer_encoding_chunked
+  , h_matching_connection_token_start
+  , h_matching_connection_keep_alive
+  , h_matching_connection_close
+  , h_matching_connection_upgrade
+  , h_matching_connection_token
+
+  , h_transfer_encoding_chunked
+  , h_connection_keep_alive
+  , h_connection_close
+  , h_connection_upgrade
+  };
+
+enum http_host_state
+  {
+    s_http_host_dead = 1
+  , s_http_userinfo_start
+  , s_http_userinfo
+  , s_http_host_start
+  , s_http_host_v6_start
+  , s_http_host
+  , s_http_host_v6
+  , s_http_host_v6_end
+  , s_http_host_v6_zone_start
+  , s_http_host_v6_zone
+  , s_http_host_port_start
+  , s_http_host_port
+};
+
+/* Macros for character classes; depends on strict-mode  */
+#define CR                  '\r'
+#define LF                  '\n'
+#define LOWER(c)            (unsigned char)(c | 0x20)
+#define IS_ALPHA(c)         (LOWER(c) >= 'a' && LOWER(c) <= 'z')
+#define IS_NUM(c)           ((c) >= '0' && (c) <= '9')
+#define IS_ALPHANUM(c)      (IS_ALPHA(c) || IS_NUM(c))
+#define IS_HEX(c)           (IS_NUM(c) || (LOWER(c) >= 'a' && LOWER(c) <= 'f'))
+#define IS_MARK(c)          ((c) == '-' || (c) == '_' || (c) == '.' || \
+  (c) == '!' || (c) == '~' || (c) == '*' || (c) == '\'' || (c) == '(' || \
+  (c) == ')')
+#define IS_USERINFO_CHAR(c) (IS_ALPHANUM(c) || IS_MARK(c) || (c) == '%' || \
+  (c) == ';' || (c) == ':' || (c) == '&' || (c) == '=' || (c) == '+' || \
+  (c) == '$' || (c) == ',')
+
+#define STRICT_TOKEN(c)     (tokens[(unsigned char)c])
+
+#if HTTP_PARSER_STRICT
+#define TOKEN(c)            (tokens[(unsigned char)c])
+#define IS_URL_CHAR(c)      (BIT_AT(normal_url_char, (unsigned char)c))
+#define IS_HOST_CHAR(c)     (IS_ALPHANUM(c) || (c) == '.' || (c) == '-')
+#else
+#define TOKEN(c)            ((c == ' ') ? ' ' : tokens[(unsigned char)c])
+#define IS_URL_CHAR(c)                                                         \
+  (BIT_AT(normal_url_char, (unsigned char)c) || ((c) & 0x80))
+#define IS_HOST_CHAR(c)                                                        \
+  (IS_ALPHANUM(c) || (c) == '.' || (c) == '-' || (c) == '_')
+#endif
+
+/**
+ * Verify that a char is a valid visible (printable) US-ASCII
+ * character or %x80-FF
+ **/
+#define IS_HEADER_CHAR(ch)                                                     \
+  (ch == CR || ch == LF || ch == 9 || ((unsigned char)ch > 31 && ch != 127))
+
+#define start_state (parser->type == HTTP_REQUEST ? s_start_req : s_start_res)
+
+
+#if HTTP_PARSER_STRICT
+# define STRICT_CHECK(cond)                                          \
+do {                                                                 \
+  if (cond) {                                                        \
+    SET_ERRNO(HPE_STRICT);                                           \
+    goto error;                                                      \
+  }                                                                  \
+} while (0)
+# define NEW_MESSAGE() (http_should_keep_alive(parser) ? start_state : s_dead)
+#else
+# define STRICT_CHECK(cond)
+# define NEW_MESSAGE() start_state
+#endif
+
+
+/* Map errno values to strings for human-readable output */
+#define HTTP_STRERROR_GEN(n, s) { "HPE_" #n, s },
+static struct {
+  const char *name;
+  const char *description;
+} http_strerror_tab[] = {
+  HTTP_ERRNO_MAP(HTTP_STRERROR_GEN)
+};
+#undef HTTP_STRERROR_GEN
+
+int http_message_needs_eof(const http_parser *parser);
+
+/* Our URL parser.
+ *
+ * This is designed to be shared by http_parser_execute() for URL validation,
+ * hence it has a state transition + byte-for-byte interface. In addition, it
+ * is meant to be embedded in http_parser_parse_url(), which does the dirty
+ * work of turning state transitions URL components for its API.
+ *
+ * This function should only be invoked with non-space characters. It is
+ * assumed that the caller cares about (and can detect) the transition between
+ * URL and non-URL states by looking for these.
+ */
+static enum state
+parse_url_char(enum state s, const char ch)
+{
+  if (ch == ' ' || ch == '\r' || ch == '\n') {
+    return s_dead;
+  }
+
+#if HTTP_PARSER_STRICT
+  if (ch == '\t' || ch == '\f') {
+    return s_dead;
+  }
+#endif
+
+  switch (s) {
+    case s_req_spaces_before_url:
+      /* Proxied requests are followed by scheme of an absolute URI (alpha).
+       * All methods except CONNECT are followed by '/' or '*'.
+       */
+
+      if (ch == '/' || ch == '*') {
+        return s_req_path;
+      }
+
+      if (IS_ALPHA(ch)) {
+        return s_req_schema;
+      }
+
+      break;
+
+    case s_req_schema:
+      if (IS_ALPHA(ch)) {
+        return s;
+      }
+
+      if (ch == ':') {
+        return s_req_schema_slash;
+      }
+
+      break;
+
+    case s_req_schema_slash:
+      if (ch == '/') {
+        return s_req_schema_slash_slash;
+      }
+
+      break;
+
+    case s_req_schema_slash_slash:
+      if (ch == '/') {
+        return s_req_server_start;
+      }
+
+      break;
+
+    case s_req_server_with_at:
+      if (ch == '@') {
+        return s_dead;
+      }
+
+    /* FALLTHROUGH */
+    case s_req_server_start:
+    case s_req_server:
+      if (ch == '/') {
+        return s_req_path;
+      }
+
+      if (ch == '?') {
+        return s_req_query_string_start;
+      }
+
+      if (ch == '@') {
+        return s_req_server_with_at;
+      }
+
+      if (IS_USERINFO_CHAR(ch) || ch == '[' || ch == ']') {
+        return s_req_server;
+      }
+
+      break;
+
+    case s_req_path:
+      if (IS_URL_CHAR(ch)) {
+        return s;
+      }
+
+      switch (ch) {
+        case '?':
+          return s_req_query_string_start;
+
+        case '#':
+          return s_req_fragment_start;
+      }
+
+      break;
+
+    case s_req_query_string_start:
+    case s_req_query_string:
+      if (IS_URL_CHAR(ch)) {
+        return s_req_query_string;
+      }
+
+      switch (ch) {
+        case '?':
+          /* allow extra '?' in query string */
+          return s_req_query_string;
+
+        case '#':
+          return s_req_fragment_start;
+      }
+
+      break;
+
+    case s_req_fragment_start:
+      if (IS_URL_CHAR(ch)) {
+        return s_req_fragment;
+      }
+
+      switch (ch) {
+        case '?':
+          return s_req_fragment;
+
+        case '#':
+          return s;
+      }
+
+      break;
+
+    case s_req_fragment:
+      if (IS_URL_CHAR(ch)) {
+        return s;
+      }
+
+      switch (ch) {
+        case '?':
+        case '#':
+          return s;
+      }
+
+      break;
+
+    default:
+      break;
+  }
+
+  /* We should never fall out of the switch above unless there's an error */
+  return s_dead;
+}
+
+size_t http_parser_execute (http_parser *parser,
+                            const http_parser_settings *settings,
+                            const char *data,
+                            size_t len)
+{
+  char c, ch;
+  int8_t unhex_val;
+  const char *p = data;
+  const char *header_field_mark = 0;
+  const char *header_value_mark = 0;
+  const char *url_mark = 0;
+  const char *body_mark = 0;
+  const char *status_mark = 0;
+  enum state p_state = (enum state) parser->state;
+  const unsigned int lenient = parser->lenient_http_headers;
+
+  /* We're in an error state. Don't bother doing anything. */
+  if (HTTP_PARSER_ERRNO(parser) != HPE_OK) {
+    return 0;
+  }
+
+  if (len == 0) {
+    switch (CURRENT_STATE()) {
+      case s_body_identity_eof:
+        /* Use of CALLBACK_NOTIFY() here would erroneously return 1 byte read if
+         * we got paused.
+         */
+        CALLBACK_NOTIFY_NOADVANCE(message_complete);
+        return 0;
+
+      case s_dead:
+      case s_start_req_or_res:
+      case s_start_res:
+      case s_start_req:
+        return 0;
+
+      default:
+        SET_ERRNO(HPE_INVALID_EOF_STATE);
+        return 1;
+    }
+  }
+
+
+  if (CURRENT_STATE() == s_header_field)
+    header_field_mark = data;
+  if (CURRENT_STATE() == s_header_value)
+    header_value_mark = data;
+  switch (CURRENT_STATE()) {
+  case s_req_path:
+  case s_req_schema:
+  case s_req_schema_slash:
+  case s_req_schema_slash_slash:
+  case s_req_server_start:
+  case s_req_server:
+  case s_req_server_with_at:
+  case s_req_query_string_start:
+  case s_req_query_string:
+  case s_req_fragment_start:
+  case s_req_fragment:
+    url_mark = data;
+    break;
+  case s_res_status:
+    status_mark = data;
+    break;
+  default:
+    break;
+  }
+
+  for (p=data; p != data + len; p++) {
+    ch = *p;
+
+    if (PARSING_HEADER(CURRENT_STATE()))
+      COUNT_HEADER_SIZE(1);
+
+reexecute:
+    switch (CURRENT_STATE()) {
+
+      case s_dead:
+        /* this state is used after a 'Connection: close' message
+         * the parser will error out if it reads another message
+         */
+        if (LIKELY(ch == CR || ch == LF))
+          break;
+
+        SET_ERRNO(HPE_CLOSED_CONNECTION);
+        goto error;
+
+      case s_start_req_or_res:
+      {
+        if (ch == CR || ch == LF)
+          break;
+        parser->flags = 0;
+        parser->content_length = ULLONG_MAX;
+
+        if (ch == 'H') {
+          UPDATE_STATE(s_res_or_resp_H);
+
+          CALLBACK_NOTIFY(message_begin);
+        } else {
+          parser->type = HTTP_REQUEST;
+          UPDATE_STATE(s_start_req);
+          REEXECUTE();
+        }
+
+        break;
+      }
+
+      case s_res_or_resp_H:
+        if (ch == 'T') {
+          parser->type = HTTP_RESPONSE;
+          UPDATE_STATE(s_res_HT);
+        } else {
+          if (UNLIKELY(ch != 'E')) {
+            SET_ERRNO(HPE_INVALID_CONSTANT);
+            goto error;
+          }
+
+          parser->type = HTTP_REQUEST;
+          parser->method = HTTP_HEAD;
+          parser->index = 2;
+          UPDATE_STATE(s_req_method);
+        }
+        break;
+
+      case s_start_res:
+      {
+        parser->flags = 0;
+        parser->content_length = ULLONG_MAX;
+
+        switch (ch) {
+          case 'H':
+            UPDATE_STATE(s_res_H);
+            break;
+
+          case CR:
+          case LF:
+            break;
+
+          default:
+            SET_ERRNO(HPE_INVALID_CONSTANT);
+            goto error;
+        }
+
+        CALLBACK_NOTIFY(message_begin);
+        break;
+      }
+
+      case s_res_H:
+        STRICT_CHECK(ch != 'T');
+        UPDATE_STATE(s_res_HT);
+        break;
+
+      case s_res_HT:
+        STRICT_CHECK(ch != 'T');
+        UPDATE_STATE(s_res_HTT);
+        break;
+
+      case s_res_HTT:
+        STRICT_CHECK(ch != 'P');
+        UPDATE_STATE(s_res_HTTP);
+        break;
+
+      case s_res_HTTP:
+        STRICT_CHECK(ch != '/');
+        UPDATE_STATE(s_res_first_http_major);
+        break;
+
+      case s_res_first_http_major:
+        if (UNLIKELY(ch < '0' || ch > '9')) {
+          SET_ERRNO(HPE_INVALID_VERSION);
+          goto error;
+        }
+
+        parser->http_major = ch - '0';
+        UPDATE_STATE(s_res_http_major);
+        break;
+
+      /* major HTTP version or dot */
+      case s_res_http_major:
+      {
+        if (ch == '.') {
+          UPDATE_STATE(s_res_first_http_minor);
+          break;
+        }
+
+        if (!IS_NUM(ch)) {
+          SET_ERRNO(HPE_INVALID_VERSION);
+          goto error;
+        }
+
+        parser->http_major *= 10;
+        parser->http_major += ch - '0';
+
+        if (UNLIKELY(parser->http_major > 999)) {
+          SET_ERRNO(HPE_INVALID_VERSION);
+          goto error;
+        }
+
+        break;
+      }
+
+      /* first digit of minor HTTP version */
+      case s_res_first_http_minor:
+        if (UNLIKELY(!IS_NUM(ch))) {
+          SET_ERRNO(HPE_INVALID_VERSION);
+          goto error;
+        }
+
+        parser->http_minor = ch - '0';
+        UPDATE_STATE(s_res_http_minor);
+        break;
+
+      /* minor HTTP version or end of request line */
+      case s_res_http_minor:
+      {
+        if (ch == ' ') {
+          UPDATE_STATE(s_res_first_status_code);
+          break;
+        }
+
+        if (UNLIKELY(!IS_NUM(ch))) {
+          SET_ERRNO(HPE_INVALID_VERSION);
+          goto error;
+        }
+
+        parser->http_minor *= 10;
+        parser->http_minor += ch - '0';
+
+        if (UNLIKELY(parser->http_minor > 999)) {
+          SET_ERRNO(HPE_INVALID_VERSION);
+          goto error;
+        }
+
+        break;
+      }
+
+      case s_res_first_status_code:
+      {
+        if (!IS_NUM(ch)) {
+          if (ch == ' ') {
+            break;
+          }
+
+          SET_ERRNO(HPE_INVALID_STATUS);
+          goto error;
+        }
+        parser->status_code = ch - '0';
+        UPDATE_STATE(s_res_status_code);
+        break;
+      }
+
+      case s_res_status_code:
+      {
+        if (!IS_NUM(ch)) {
+          switch (ch) {
+            case ' ':
+              UPDATE_STATE(s_res_status_start);
+              break;
+            case CR:
+              UPDATE_STATE(s_res_line_almost_done);
+              break;
+            case LF:
+              UPDATE_STATE(s_header_field_start);
+              break;
+            default:
+              SET_ERRNO(HPE_INVALID_STATUS);
+              goto error;
+          }
+          break;
+        }
+
+        parser->status_code *= 10;
+        parser->status_code += ch - '0';
+
+        if (UNLIKELY(parser->status_code > 999)) {
+          SET_ERRNO(HPE_INVALID_STATUS);
+          goto error;
+        }
+
+        break;
+      }
+
+      case s_res_status_start:
+      {
+        if (ch == CR) {
+          UPDATE_STATE(s_res_line_almost_done);
+          break;
+        }
+
+        if (ch == LF) {
+          UPDATE_STATE(s_header_field_start);
+          break;
+        }
+
+        MARK(status);
+        UPDATE_STATE(s_res_status);
+        parser->index = 0;
+        break;
+      }
+
+      case s_res_status:
+        if (ch == CR) {
+          UPDATE_STATE(s_res_line_almost_done);
+          CALLBACK_DATA(status);
+          break;
+        }
+
+        if (ch == LF) {
+          UPDATE_STATE(s_header_field_start);
+          CALLBACK_DATA(status);
+          break;
+        }
+
+        break;
+
+      case s_res_line_almost_done:
+        STRICT_CHECK(ch != LF);
+        UPDATE_STATE(s_header_field_start);
+        break;
+
+      case s_start_req:
+      {
+        if (ch == CR || ch == LF)
+          break;
+        parser->flags = 0;
+        parser->content_length = ULLONG_MAX;
+
+        if (UNLIKELY(!IS_ALPHA(ch))) {
+          SET_ERRNO(HPE_INVALID_METHOD);
+          goto error;
+        }
+
+        parser->method = (enum http_method) 0;
+        parser->index = 1;
+        switch (ch) {
+          case 'A': parser->method = HTTP_ACL; break;
+          case 'B': parser->method = HTTP_BIND; break;
+          case 'C': parser->method = HTTP_CONNECT; /* or COPY, CHECKOUT */ break;
+          case 'D': parser->method = HTTP_DELETE; break;
+          case 'G': parser->method = HTTP_GET; break;
+          case 'H': parser->method = HTTP_HEAD; break;
+          case 'L': parser->method = HTTP_LOCK; /* or LINK */ break;
+          case 'M': parser->method = HTTP_MKCOL; /* or MOVE, MKACTIVITY, MERGE, M-SEARCH, MKCALENDAR */ break;
+          case 'N': parser->method = HTTP_NOTIFY; break;
+          case 'O': parser->method = HTTP_OPTIONS; break;
+          case 'P': parser->method = HTTP_POST;
+            /* or PROPFIND|PROPPATCH|PUT|PATCH|PURGE */
+            break;
+          case 'R': parser->method = HTTP_REPORT; /* or REBIND */ break;
+          case 'S': parser->method = HTTP_SUBSCRIBE; /* or SEARCH */ break;
+          case 'T': parser->method = HTTP_TRACE; break;
+          case 'U': parser->method = HTTP_UNLOCK; /* or UNSUBSCRIBE, UNBIND, UNLINK */ break;
+          default:
+            SET_ERRNO(HPE_INVALID_METHOD);
+            goto error;
+        }
+        UPDATE_STATE(s_req_method);
+
+        CALLBACK_NOTIFY(message_begin);
+
+        break;
+      }
+
+      case s_req_method:
+      {
+        const char *matcher;
+        if (UNLIKELY(ch == '\0')) {
+          SET_ERRNO(HPE_INVALID_METHOD);
+          goto error;
+        }
+
+        matcher = method_strings[parser->method];
+        if (ch == ' ' && matcher[parser->index] == '\0') {
+          UPDATE_STATE(s_req_spaces_before_url);
+        } else if (ch == matcher[parser->index]) {
+          ; /* nada */
+        } else if (IS_ALPHA(ch)) {
+
+          switch (parser->method << 16 | parser->index << 8 | ch) {
+#define XX(meth, pos, ch, new_meth) \
+            case (HTTP_##meth << 16 | pos << 8 | ch): \
+              parser->method = HTTP_##new_meth; break;
+
+            XX(POST,      1, 'U', PUT)
+            XX(POST,      1, 'A', PATCH)
+            XX(CONNECT,   1, 'H', CHECKOUT)
+            XX(CONNECT,   2, 'P', COPY)
+            XX(MKCOL,     1, 'O', MOVE)
+            XX(MKCOL,     1, 'E', MERGE)
+            XX(MKCOL,     2, 'A', MKACTIVITY)
+            XX(MKCOL,     3, 'A', MKCALENDAR)
+            XX(SUBSCRIBE, 1, 'E', SEARCH)
+            XX(REPORT,    2, 'B', REBIND)
+            XX(POST,      1, 'R', PROPFIND)
+            XX(PROPFIND,  4, 'P', PROPPATCH)
+            XX(PUT,       2, 'R', PURGE)
+            XX(LOCK,      1, 'I', LINK)
+            XX(UNLOCK,    2, 'S', UNSUBSCRIBE)
+            XX(UNLOCK,    2, 'B', UNBIND)
+            XX(UNLOCK,    3, 'I', UNLINK)
+#undef XX
+
+            default:
+              SET_ERRNO(HPE_INVALID_METHOD);
+              goto error;
+          }
+        } else if (ch == '-' &&
+                   parser->index == 1 &&
+                   parser->method == HTTP_MKCOL) {
+          parser->method = HTTP_MSEARCH;
+        } else {
+          SET_ERRNO(HPE_INVALID_METHOD);
+          goto error;
+        }
+
+        ++parser->index;
+        break;
+      }
+
+      case s_req_spaces_before_url:
+      {
+        if (ch == ' ') break;
+
+        MARK(url);
+        if (parser->method == HTTP_CONNECT) {
+          UPDATE_STATE(s_req_server_start);
+        }
+
+        UPDATE_STATE(parse_url_char(CURRENT_STATE(), ch));
+        if (UNLIKELY(CURRENT_STATE() == s_dead)) {
+          SET_ERRNO(HPE_INVALID_URL);
+          goto error;
+        }
+
+        break;
+      }
+
+      case s_req_schema:
+      case s_req_schema_slash:
+      case s_req_schema_slash_slash:
+      case s_req_server_start:
+      {
+        switch (ch) {
+          /* No whitespace allowed here */
+          case ' ':
+          case CR:
+          case LF:
+            SET_ERRNO(HPE_INVALID_URL);
+            goto error;
+          default:
+            UPDATE_STATE(parse_url_char(CURRENT_STATE(), ch));
+            if (UNLIKELY(CURRENT_STATE() == s_dead)) {
+              SET_ERRNO(HPE_INVALID_URL);
+              goto error;
+            }
+        }
+
+        break;
+      }
+
+      case s_req_server:
+      case s_req_server_with_at:
+      case s_req_path:
+      case s_req_query_string_start:
+      case s_req_query_string:
+      case s_req_fragment_start:
+      case s_req_fragment:
+      {
+        switch (ch) {
+          case ' ':
+            UPDATE_STATE(s_req_http_start);
+            CALLBACK_DATA(url);
+            break;
+          case CR:
+          case LF:
+            parser->http_major = 0;
+            parser->http_minor = 9;
+            UPDATE_STATE((ch == CR) ?
+              s_req_line_almost_done :
+              s_header_field_start);
+            CALLBACK_DATA(url);
+            break;
+          default:
+            UPDATE_STATE(parse_url_char(CURRENT_STATE(), ch));
+            if (UNLIKELY(CURRENT_STATE() == s_dead)) {
+              SET_ERRNO(HPE_INVALID_URL);
+              goto error;
+            }
+        }
+        break;
+      }
+
+      case s_req_http_start:
+        switch (ch) {
+          case 'H':
+            UPDATE_STATE(s_req_http_H);
+            break;
+          case ' ':
+            break;
+          default:
+            SET_ERRNO(HPE_INVALID_CONSTANT);
+            goto error;
+        }
+        break;
+
+      case s_req_http_H:
+        STRICT_CHECK(ch != 'T');
+        UPDATE_STATE(s_req_http_HT);
+        break;
+
+      case s_req_http_HT:
+        STRICT_CHECK(ch != 'T');
+        UPDATE_STATE(s_req_http_HTT);
+        break;
+
+      case s_req_http_HTT:
+        STRICT_CHECK(ch != 'P');
+        UPDATE_STATE(s_req_http_HTTP);
+        break;
+
+      case s_req_http_HTTP:
+        STRICT_CHECK(ch != '/');
+        UPDATE_STATE(s_req_first_http_major);
+        break;
+
+      /* first digit of major HTTP version */
+      case s_req_first_http_major:
+        if (UNLIKELY(ch < '1' || ch > '9')) {
+          SET_ERRNO(HPE_INVALID_VERSION);
+          goto error;
+        }
+
+        parser->http_major = ch - '0';
+        UPDATE_STATE(s_req_http_major);
+        break;
+
+      /* major HTTP version or dot */
+      case s_req_http_major:
+      {
+        if (ch == '.') {
+          UPDATE_STATE(s_req_first_http_minor);
+          break;
+        }
+
+        if (UNLIKELY(!IS_NUM(ch))) {
+          SET_ERRNO(HPE_INVALID_VERSION);
+          goto error;
+        }
+
+        parser->http_major *= 10;
+        parser->http_major += ch - '0';
+
+        if (UNLIKELY(parser->http_major > 999)) {
+          SET_ERRNO(HPE_INVALID_VERSION);
+          goto error;
+        }
+
+        break;
+      }
+
+      /* first digit of minor HTTP version */
+      case s_req_first_http_minor:
+        if (UNLIKELY(!IS_NUM(ch))) {
+          SET_ERRNO(HPE_INVALID_VERSION);
+          goto error;
+        }
+
+        parser->http_minor = ch - '0';
+        UPDATE_STATE(s_req_http_minor);
+        break;
+
+      /* minor HTTP version or end of request line */
+      case s_req_http_minor:
+      {
+        if (ch == CR) {
+          UPDATE_STATE(s_req_line_almost_done);
+          break;
+        }
+
+        if (ch == LF) {
+          UPDATE_STATE(s_header_field_start);
+          break;
+        }
+
+        /* XXX allow spaces after digit? */
+
+        if (UNLIKELY(!IS_NUM(ch))) {
+          SET_ERRNO(HPE_INVALID_VERSION);
+          goto error;
+        }
+
+        parser->http_minor *= 10;
+        parser->http_minor += ch - '0';
+
+        if (UNLIKELY(parser->http_minor > 999)) {
+          SET_ERRNO(HPE_INVALID_VERSION);
+          goto error;
+        }
+
+        break;
+      }
+
+      /* end of request line */
+      case s_req_line_almost_done:
+      {
+        if (UNLIKELY(ch != LF)) {
+          SET_ERRNO(HPE_LF_EXPECTED);
+          goto error;
+        }
+
+        UPDATE_STATE(s_header_field_start);
+        break;
+      }
+
+      case s_header_field_start:
+      {
+        if (ch == CR) {
+          UPDATE_STATE(s_headers_almost_done);
+          break;
+        }
+
+        if (ch == LF) {
+          /* they might be just sending \n instead of \r\n so this would be
+           * the second \n to denote the end of headers*/
+          UPDATE_STATE(s_headers_almost_done);
+          REEXECUTE();
+        }
+
+        c = TOKEN(ch);
+
+        if (UNLIKELY(!c)) {
+          SET_ERRNO(HPE_INVALID_HEADER_TOKEN);
+          goto error;
+        }
+
+        MARK(header_field);
+
+        parser->index = 0;
+        UPDATE_STATE(s_header_field);
+
+        switch (c) {
+          case 'c':
+            parser->header_state = h_C;
+            break;
+
+          case 'p':
+            parser->header_state = h_matching_proxy_connection;
+            break;
+
+          case 't':
+            parser->header_state = h_matching_transfer_encoding;
+            break;
+
+          case 'u':
+            parser->header_state = h_matching_upgrade;
+            break;
+
+          default:
+            parser->header_state = h_general;
+            break;
+        }
+        break;
+      }
+
+      case s_header_field:
+      {
+        const char* start = p;
+        for (; p != data + len; p++) {
+          ch = *p;
+          c = TOKEN(ch);
+
+          if (!c)
+            break;
+
+          switch (parser->header_state) {
+            case h_general:
+              break;
+
+            case h_C:
+              parser->index++;
+              parser->header_state = (c == 'o' ? h_CO : h_general);
+              break;
+
+            case h_CO:
+              parser->index++;
+              parser->header_state = (c == 'n' ? h_CON : h_general);
+              break;
+
+            case h_CON:
+              parser->index++;
+              switch (c) {
+                case 'n':
+                  parser->header_state = h_matching_connection;
+                  break;
+                case 't':
+                  parser->header_state = h_matching_content_length;
+                  break;
+                default:
+                  parser->header_state = h_general;
+                  break;
+              }
+              break;
+
+            /* connection */
+
+            case h_matching_connection:
+              parser->index++;
+              if (parser->index > sizeof(CONNECTION)-1
+                  || c != CONNECTION[parser->index]) {
+                parser->header_state = h_general;
+              } else if (parser->index == sizeof(CONNECTION)-2) {
+                parser->header_state = h_connection;
+              }
+              break;
+
+            /* proxy-connection */
+
+            case h_matching_proxy_connection:
+              parser->index++;
+              if (parser->index > sizeof(PROXY_CONNECTION)-1
+                  || c != PROXY_CONNECTION[parser->index]) {
+                parser->header_state = h_general;
+              } else if (parser->index == sizeof(PROXY_CONNECTION)-2) {
+                parser->header_state = h_connection;
+              }
+              break;
+
+            /* content-length */
+
+            case h_matching_content_length:
+              parser->index++;
+              if (parser->index > sizeof(CONTENT_LENGTH)-1
+                  || c != CONTENT_LENGTH[parser->index]) {
+                parser->header_state = h_general;
+              } else if (parser->index == sizeof(CONTENT_LENGTH)-2) {
+                if (parser->flags & F_CONTENTLENGTH) {
+                  SET_ERRNO(HPE_UNEXPECTED_CONTENT_LENGTH);
+                  goto error;
+                }
+                parser->header_state = h_content_length;
+                parser->flags |= F_CONTENTLENGTH;
+              }
+              break;
+
+            /* transfer-encoding */
+
+            case h_matching_transfer_encoding:
+              parser->index++;
+              if (parser->index > sizeof(TRANSFER_ENCODING)-1
+                  || c != TRANSFER_ENCODING[parser->index]) {
+                parser->header_state = h_general;
+              } else if (parser->index == sizeof(TRANSFER_ENCODING)-2) {
+                parser->header_state = h_transfer_encoding;
+              }
+              break;
+
+            /* upgrade */
+
+            case h_matching_upgrade:
+              parser->index++;
+              if (parser->index > sizeof(UPGRADE)-1
+                  || c != UPGRADE[parser->index]) {
+                parser->header_state = h_general;
+              } else if (parser->index == sizeof(UPGRADE)-2) {
+                parser->header_state = h_upgrade;
+              }
+              break;
+
+            case h_connection:
+            case h_content_length:
+            case h_transfer_encoding:
+            case h_upgrade:
+              if (ch != ' ') parser->header_state = h_general;
+              break;
+
+            default:
+              assert(0 && "Unknown header_state");
+              break;
+          }
+        }
+
+        COUNT_HEADER_SIZE(p - start);
+
+        if (p == data + len) {
+          --p;
+          break;
+        }
+
+        if (ch == ':') {
+          UPDATE_STATE(s_header_value_discard_ws);
+          CALLBACK_DATA(header_field);
+          break;
+        }
+
+        SET_ERRNO(HPE_INVALID_HEADER_TOKEN);
+        goto error;
+      }
+
+      case s_header_value_discard_ws:
+        if (ch == ' ' || ch == '\t') break;
+
+        if (ch == CR) {
+          UPDATE_STATE(s_header_value_discard_ws_almost_done);
+          break;
+        }
+
+        if (ch == LF) {
+          UPDATE_STATE(s_header_value_discard_lws);
+          break;
+        }
+
+        /* FALLTHROUGH */
+
+      case s_header_value_start:
+      {
+        MARK(header_value);
+
+        UPDATE_STATE(s_header_value);
+        parser->index = 0;
+
+        c = LOWER(ch);
+
+        switch (parser->header_state) {
+          case h_upgrade:
+            parser->flags |= F_UPGRADE;
+            parser->header_state = h_general;
+            break;
+
+          case h_transfer_encoding:
+            /* looking for 'Transfer-Encoding: chunked' */
+            if ('c' == c) {
+              parser->header_state = h_matching_transfer_encoding_chunked;
+            } else {
+              parser->header_state = h_general;
+            }
+            break;
+
+          case h_content_length:
+            if (UNLIKELY(!IS_NUM(ch))) {
+              SET_ERRNO(HPE_INVALID_CONTENT_LENGTH);
+              goto error;
+            }
+
+            parser->content_length = ch - '0';
+            break;
+
+          case h_connection:
+            /* looking for 'Connection: keep-alive' */
+            if (c == 'k') {
+              parser->header_state = h_matching_connection_keep_alive;
+            /* looking for 'Connection: close' */
+            } else if (c == 'c') {
+              parser->header_state = h_matching_connection_close;
+            } else if (c == 'u') {
+              parser->header_state = h_matching_connection_upgrade;
+            } else {
+              parser->header_state = h_matching_connection_token;
+            }
+            break;
+
+          /* Multi-value `Connection` header */
+          case h_matching_connection_token_start:
+            break;
+
+          default:
+            parser->header_state = h_general;
+            break;
+        }
+        break;
+      }
+
+      case s_header_value:
+      {
+        const char* start = p;
+        enum header_states h_state = (enum header_states) parser->header_state;
+        for (; p != data + len; p++) {
+          ch = *p;
+          if (ch == CR) {
+            UPDATE_STATE(s_header_almost_done);
+            parser->header_state = h_state;
+            CALLBACK_DATA(header_value);
+            break;
+          }
+
+          if (ch == LF) {
+            UPDATE_STATE(s_header_almost_done);
+            COUNT_HEADER_SIZE(p - start);
+            parser->header_state = h_state;
+            CALLBACK_DATA_NOADVANCE(header_value);
+            REEXECUTE();
+          }
+
+          if (!lenient && !IS_HEADER_CHAR(ch)) {
+            SET_ERRNO(HPE_INVALID_HEADER_TOKEN);
+            goto error;
+          }
+
+          c = LOWER(ch);
+
+          switch (h_state) {
+            case h_general:
+            {
+              const char* p_cr;
+              const char* p_lf;
+              size_t limit = data + len - p;
+
+              limit = MIN(limit, HTTP_MAX_HEADER_SIZE);
+
+              p_cr = (const char*) memchr(p, CR, limit);
+              p_lf = (const char*) memchr(p, LF, limit);
+              if (p_cr != NULL) {
+                if (p_lf != NULL && p_cr >= p_lf)
+                  p = p_lf;
+                else
+                  p = p_cr;
+              } else if (UNLIKELY(p_lf != NULL)) {
+                p = p_lf;
+              } else {
+                p = data + len;
+              }
+              --p;
+
+              break;
+            }
+
+            case h_connection:
+            case h_transfer_encoding:
+              assert(0 && "Shouldn't get here.");
+              break;
+
+            case h_content_length:
+            {
+              uint64_t t;
+
+              if (ch == ' ') break;
+
+              if (UNLIKELY(!IS_NUM(ch))) {
+                SET_ERRNO(HPE_INVALID_CONTENT_LENGTH);
+                parser->header_state = h_state;
+                goto error;
+              }
+
+              t = parser->content_length;
+              t *= 10;
+              t += ch - '0';
+
+              /* Overflow? Test against a conservative limit for simplicity. */
+              if (UNLIKELY((ULLONG_MAX - 10) / 10 < parser->content_length)) {
+                SET_ERRNO(HPE_INVALID_CONTENT_LENGTH);
+                parser->header_state = h_state;
+                goto error;
+              }
+
+              parser->content_length = t;
+              break;
+            }
+
+            /* Transfer-Encoding: chunked */
+            case h_matching_transfer_encoding_chunked:
+              parser->index++;
+              if (parser->index > sizeof(CHUNKED)-1
+                  || c != CHUNKED[parser->index]) {
+                h_state = h_general;
+              } else if (parser->index == sizeof(CHUNKED)-2) {
+                h_state = h_transfer_encoding_chunked;
+              }
+              break;
+
+            case h_matching_connection_token_start:
+              /* looking for 'Connection: keep-alive' */
+              if (c == 'k') {
+                h_state = h_matching_connection_keep_alive;
+              /* looking for 'Connection: close' */
+              } else if (c == 'c') {
+                h_state = h_matching_connection_close;
+              } else if (c == 'u') {
+                h_state = h_matching_connection_upgrade;
+              } else if (STRICT_TOKEN(c)) {
+                h_state = h_matching_connection_token;
+              } else if (c == ' ' || c == '\t') {
+                /* Skip lws */
+              } else {
+                h_state = h_general;
+              }
+              break;
+
+            /* looking for 'Connection: keep-alive' */
+            case h_matching_connection_keep_alive:
+              parser->index++;
+              if (parser->index > sizeof(KEEP_ALIVE)-1
+                  || c != KEEP_ALIVE[parser->index]) {
+                h_state = h_matching_connection_token;
+              } else if (parser->index == sizeof(KEEP_ALIVE)-2) {
+                h_state = h_connection_keep_alive;
+              }
+              break;
+
+            /* looking for 'Connection: close' */
+            case h_matching_connection_close:
+              parser->index++;
+              if (parser->index > sizeof(CLOSE)-1 || c != CLOSE[parser->index]) {
+                h_state = h_matching_connection_token;
+              } else if (parser->index == sizeof(CLOSE)-2) {
+                h_state = h_connection_close;
+              }
+              break;
+
+            /* looking for 'Connection: upgrade' */
+            case h_matching_connection_upgrade:
+              parser->index++;
+              if (parser->index > sizeof(UPGRADE) - 1 ||
+                  c != UPGRADE[parser->index]) {
+                h_state = h_matching_connection_token;
+              } else if (parser->index == sizeof(UPGRADE)-2) {
+                h_state = h_connection_upgrade;
+              }
+              break;
+
+            case h_matching_connection_token:
+              if (ch == ',') {
+                h_state = h_matching_connection_token_start;
+                parser->index = 0;
+              }
+              break;
+
+            case h_transfer_encoding_chunked:
+              if (ch != ' ') h_state = h_general;
+              break;
+
+            case h_connection_keep_alive:
+            case h_connection_close:
+            case h_connection_upgrade:
+              if (ch == ',') {
+                if (h_state == h_connection_keep_alive) {
+                  parser->flags |= F_CONNECTION_KEEP_ALIVE;
+                } else if (h_state == h_connection_close) {
+                  parser->flags |= F_CONNECTION_CLOSE;
+                } else if (h_state == h_connection_upgrade) {
+                  parser->flags |= F_CONNECTION_UPGRADE;
+                }
+                h_state = h_matching_connection_token_start;
+                parser->index = 0;
+              } else if (ch != ' ') {
+                h_state = h_matching_connection_token;
+              }
+              break;
+
+            default:
+              UPDATE_STATE(s_header_value);
+              h_state = h_general;
+              break;
+          }
+        }
+        parser->header_state = h_state;
+
+        COUNT_HEADER_SIZE(p - start);
+
+        if (p == data + len)
+          --p;
+        break;
+      }
+
+      case s_header_almost_done:
+      {
+        if (UNLIKELY(ch != LF)) {
+          SET_ERRNO(HPE_LF_EXPECTED);
+          goto error;
+        }
+
+        UPDATE_STATE(s_header_value_lws);
+        break;
+      }
+
+      case s_header_value_lws:
+      {
+        if (ch == ' ' || ch == '\t') {
+          UPDATE_STATE(s_header_value_start);
+          REEXECUTE();
+        }
+
+        /* finished the header */
+        switch (parser->header_state) {
+          case h_connection_keep_alive:
+            parser->flags |= F_CONNECTION_KEEP_ALIVE;
+            break;
+          case h_connection_close:
+            parser->flags |= F_CONNECTION_CLOSE;
+            break;
+          case h_transfer_encoding_chunked:
+            parser->flags |= F_CHUNKED;
+            break;
+          case h_connection_upgrade:
+            parser->flags |= F_CONNECTION_UPGRADE;
+            break;
+          default:
+            break;
+        }
+
+        UPDATE_STATE(s_header_field_start);
+        REEXECUTE();
+      }
+
+      case s_header_value_discard_ws_almost_done:
+      {
+        STRICT_CHECK(ch != LF);
+        UPDATE_STATE(s_header_value_discard_lws);
+        break;
+      }
+
+      case s_header_value_discard_lws:
+      {
+        if (ch == ' ' || ch == '\t') {
+          UPDATE_STATE(s_header_value_discard_ws);
+          break;
+        } else {
+          switch (parser->header_state) {
+            case h_connection_keep_alive:
+              parser->flags |= F_CONNECTION_KEEP_ALIVE;
+              break;
+            case h_connection_close:
+              parser->flags |= F_CONNECTION_CLOSE;
+              break;
+            case h_connection_upgrade:
+              parser->flags |= F_CONNECTION_UPGRADE;
+              break;
+            case h_transfer_encoding_chunked:
+              parser->flags |= F_CHUNKED;
+              break;
+            default:
+              break;
+          }
+
+          /* header value was empty */
+          MARK(header_value);
+          UPDATE_STATE(s_header_field_start);
+          CALLBACK_DATA_NOADVANCE(header_value);
+          REEXECUTE();
+        }
+      }
+
+      case s_headers_almost_done:
+      {
+        STRICT_CHECK(ch != LF);
+
+        if (parser->flags & F_TRAILING) {
+          /* End of a chunked request */
+          UPDATE_STATE(s_message_done);
+          CALLBACK_NOTIFY_NOADVANCE(chunk_complete);
+          REEXECUTE();
+        }
+
+        /* Cannot use chunked encoding and a content-length header together
+           per the HTTP specification. */
+        if ((parser->flags & F_CHUNKED) &&
+            (parser->flags & F_CONTENTLENGTH)) {
+          SET_ERRNO(HPE_UNEXPECTED_CONTENT_LENGTH);
+          goto error;
+        }
+
+        UPDATE_STATE(s_headers_done);
+
+        /* Set this here so that on_headers_complete() callbacks can see it */
+        parser->upgrade =
+          ((parser->flags & (F_UPGRADE | F_CONNECTION_UPGRADE)) ==
+           (F_UPGRADE | F_CONNECTION_UPGRADE) ||
+           parser->method == HTTP_CONNECT);
+
+        /* Here we call the headers_complete callback. This is somewhat
+         * different than other callbacks because if the user returns 1, we
+         * will interpret that as saying that this message has no body. This
+         * is needed for the annoying case of recieving a response to a HEAD
+         * request.
+         *
+         * We'd like to use CALLBACK_NOTIFY_NOADVANCE() here but we cannot, so
+         * we have to simulate it by handling a change in errno below.
+         */
+        if (settings->on_headers_complete) {
+          switch (settings->on_headers_complete(parser)) {
+            case 0:
+              break;
+
+            case 2:
+              parser->upgrade = 1;
+
+            case 1:
+              parser->flags |= F_SKIPBODY;
+              break;
+
+            default:
+              SET_ERRNO(HPE_CB_headers_complete);
+              RETURN(p - data); /* Error */
+          }
+        }
+
+        if (HTTP_PARSER_ERRNO(parser) != HPE_OK) {
+          RETURN(p - data);
+        }
+
+        REEXECUTE();
+      }
+
+      case s_headers_done:
+      {
+        int hasBody;
+        STRICT_CHECK(ch != LF);
+
+        parser->nread = 0;
+
+        hasBody = parser->flags & F_CHUNKED ||
+          (parser->content_length > 0 && parser->content_length != ULLONG_MAX);
+        if (parser->upgrade && (parser->method == HTTP_CONNECT ||
+                                (parser->flags & F_SKIPBODY) || !hasBody)) {
+          /* Exit, the rest of the message is in a different protocol. */
+          UPDATE_STATE(NEW_MESSAGE());
+          CALLBACK_NOTIFY(message_complete);
+          RETURN((p - data) + 1);
+        }
+
+        if (parser->flags & F_SKIPBODY) {
+          UPDATE_STATE(NEW_MESSAGE());
+          CALLBACK_NOTIFY(message_complete);
+        } else if (parser->flags & F_CHUNKED) {
+          /* chunked encoding - ignore Content-Length header */
+          UPDATE_STATE(s_chunk_size_start);
+        } else {
+          if (parser->content_length == 0) {
+            /* Content-Length header given but zero: Content-Length: 0\r\n */
+            UPDATE_STATE(NEW_MESSAGE());
+            CALLBACK_NOTIFY(message_complete);
+          } else if (parser->content_length != ULLONG_MAX) {
+            /* Content-Length header given and non-zero */
+            UPDATE_STATE(s_body_identity);
+          } else {
+            if (!http_message_needs_eof(parser)) {
+              /* Assume content-length 0 - read the next */
+              UPDATE_STATE(NEW_MESSAGE());
+              CALLBACK_NOTIFY(message_complete);
+            } else {
+              /* Read body until EOF */
+              UPDATE_STATE(s_body_identity_eof);
+            }
+          }
+        }
+
+        break;
+      }
+
+      case s_body_identity:
+      {
+        uint64_t to_read = MIN(parser->content_length,
+                               (uint64_t) ((data + len) - p));
+
+        assert(parser->content_length != 0
+            && parser->content_length != ULLONG_MAX);
+
+        /* The difference between advancing content_length and p is because
+         * the latter will automaticaly advance on the next loop iteration.
+         * Further, if content_length ends up at 0, we want to see the last
+         * byte again for our message complete callback.
+         */
+        MARK(body);
+        parser->content_length -= to_read;
+        p += to_read - 1;
+
+        if (parser->content_length == 0) {
+          UPDATE_STATE(s_message_done);
+
+          /* Mimic CALLBACK_DATA_NOADVANCE() but with one extra byte.
+           *
+           * The alternative to doing this is to wait for the next byte to
+           * trigger the data callback, just as in every other case. The
+           * problem with this is that this makes it difficult for the test
+           * harness to distinguish between complete-on-EOF and
+           * complete-on-length. It's not clear that this distinction is
+           * important for applications, but let's keep it for now.
+           */
+          CALLBACK_DATA_(body, p - body_mark + 1, p - data);
+          REEXECUTE();
+        }
+
+        break;
+      }
+
+      /* read until EOF */
+      case s_body_identity_eof:
+        MARK(body);
+        p = data + len - 1;
+
+        break;
+
+      case s_message_done:
+        UPDATE_STATE(NEW_MESSAGE());
+        CALLBACK_NOTIFY(message_complete);
+        if (parser->upgrade) {
+          /* Exit, the rest of the message is in a different protocol. */
+          RETURN((p - data) + 1);
+        }
+        break;
+
+      case s_chunk_size_start:
+      {
+        assert(parser->nread == 1);
+        assert(parser->flags & F_CHUNKED);
+
+        unhex_val = unhex[(unsigned char)ch];
+        if (UNLIKELY(unhex_val == -1)) {
+          SET_ERRNO(HPE_INVALID_CHUNK_SIZE);
+          goto error;
+        }
+
+        parser->content_length = unhex_val;
+        UPDATE_STATE(s_chunk_size);
+        break;
+      }
+
+      case s_chunk_size:
+      {
+        uint64_t t;
+
+        assert(parser->flags & F_CHUNKED);
+
+        if (ch == CR) {
+          UPDATE_STATE(s_chunk_size_almost_done);
+          break;
+        }
+
+        unhex_val = unhex[(unsigned char)ch];
+
+        if (unhex_val == -1) {
+          if (ch == ';' || ch == ' ') {
+            UPDATE_STATE(s_chunk_parameters);
+            break;
+          }
+
+          SET_ERRNO(HPE_INVALID_CHUNK_SIZE);
+          goto error;
+        }
+
+        t = parser->content_length;
+        t *= 16;
+        t += unhex_val;
+
+        /* Overflow? Test against a conservative limit for simplicity. */
+        if (UNLIKELY((ULLONG_MAX - 16) / 16 < parser->content_length)) {
+          SET_ERRNO(HPE_INVALID_CONTENT_LENGTH);
+          goto error;
+        }
+
+        parser->content_length = t;
+        break;
+      }
+
+      case s_chunk_parameters:
+      {
+        assert(parser->flags & F_CHUNKED);
+        /* just ignore this shit. TODO check for overflow */
+        if (ch == CR) {
+          UPDATE_STATE(s_chunk_size_almost_done);
+          break;
+        }
+        break;
+      }
+
+      case s_chunk_size_almost_done:
+      {
+        assert(parser->flags & F_CHUNKED);
+        STRICT_CHECK(ch != LF);
+
+        parser->nread = 0;
+
+        if (parser->content_length == 0) {
+          parser->flags |= F_TRAILING;
+          UPDATE_STATE(s_header_field_start);
+        } else {
+          UPDATE_STATE(s_chunk_data);
+        }
+        CALLBACK_NOTIFY(chunk_header);
+        break;
+      }
+
+      case s_chunk_data:
+      {
+        uint64_t to_read = MIN(parser->content_length,
+                               (uint64_t) ((data + len) - p));
+
+        assert(parser->flags & F_CHUNKED);
+        assert(parser->content_length != 0
+            && parser->content_length != ULLONG_MAX);
+
+        /* See the explanation in s_body_identity for why the content
+         * length and data pointers are managed this way.
+         */
+        MARK(body);
+        parser->content_length -= to_read;
+        p += to_read - 1;
+
+        if (parser->content_length == 0) {
+          UPDATE_STATE(s_chunk_data_almost_done);
+        }
+
+        break;
+      }
+
+      case s_chunk_data_almost_done:
+        assert(parser->flags & F_CHUNKED);
+        assert(parser->content_length == 0);
+        STRICT_CHECK(ch != CR);
+        UPDATE_STATE(s_chunk_data_done);
+        CALLBACK_DATA(body);
+        break;
+
+      case s_chunk_data_done:
+        assert(parser->flags & F_CHUNKED);
+        STRICT_CHECK(ch != LF);
+        parser->nread = 0;
+        UPDATE_STATE(s_chunk_size_start);
+        CALLBACK_NOTIFY(chunk_complete);
+        break;
+
+      default:
+        assert(0 && "unhandled state");
+        SET_ERRNO(HPE_INVALID_INTERNAL_STATE);
+        goto error;
+    }
+  }
+
+  /* Run callbacks for any marks that we have leftover after we ran our of
+   * bytes. There should be at most one of these set, so it's OK to invoke
+   * them in series (unset marks will not result in callbacks).
+   *
+   * We use the NOADVANCE() variety of callbacks here because 'p' has already
+   * overflowed 'data' and this allows us to correct for the off-by-one that
+   * we'd otherwise have (since CALLBACK_DATA() is meant to be run with a 'p'
+   * value that's in-bounds).
+   */
+
+  assert(((header_field_mark ? 1 : 0) +
+          (header_value_mark ? 1 : 0) +
+          (url_mark ? 1 : 0)  +
+          (body_mark ? 1 : 0) +
+          (status_mark ? 1 : 0)) <= 1);
+
+  CALLBACK_DATA_NOADVANCE(header_field);
+  CALLBACK_DATA_NOADVANCE(header_value);
+  CALLBACK_DATA_NOADVANCE(url);
+  CALLBACK_DATA_NOADVANCE(body);
+  CALLBACK_DATA_NOADVANCE(status);
+
+  RETURN(len);
+
+error:
+  if (HTTP_PARSER_ERRNO(parser) == HPE_OK) {
+    SET_ERRNO(HPE_UNKNOWN);
+  }
+
+  RETURN(p - data);
+}
+
+
+/* Does the parser need to see an EOF to find the end of the message? */
+int
+http_message_needs_eof (const http_parser *parser)
+{
+  if (parser->type == HTTP_REQUEST) {
+    return 0;
+  }
+
+  /* See RFC 2616 section 4.4 */
+  if (parser->status_code / 100 == 1 || /* 1xx e.g. Continue */
+      parser->status_code == 204 ||     /* No Content */
+      parser->status_code == 304 ||     /* Not Modified */
+      parser->flags & F_SKIPBODY) {     /* response to a HEAD request */
+    return 0;
+  }
+
+  if ((parser->flags & F_CHUNKED) || parser->content_length != ULLONG_MAX) {
+    return 0;
+  }
+
+  return 1;
+}
+
+
+int
+http_should_keep_alive (const http_parser *parser)
+{
+  if (parser->http_major > 0 && parser->http_minor > 0) {
+    /* HTTP/1.1 */
+    if (parser->flags & F_CONNECTION_CLOSE) {
+      return 0;
+    }
+  } else {
+    /* HTTP/1.0 or earlier */
+    if (!(parser->flags & F_CONNECTION_KEEP_ALIVE)) {
+      return 0;
+    }
+  }
+
+  return !http_message_needs_eof(parser);
+}
+
+
+const char *
+http_method_str (enum http_method m)
+{
+  return ELEM_AT(method_strings, m, "<unknown>");
+}
+
+
+void
+http_parser_init (http_parser *parser, enum http_parser_type t)
+{
+  void *data = parser->data; /* preserve application data */
+  memset(parser, 0, sizeof(*parser));
+  parser->data = data;
+  parser->type = t;
+  parser->state = (t == HTTP_REQUEST ? s_start_req : (t == HTTP_RESPONSE ? s_start_res : s_start_req_or_res));
+  parser->http_errno = HPE_OK;
+}
+
+void
+http_parser_settings_init(http_parser_settings *settings)
+{
+  memset(settings, 0, sizeof(*settings));
+}
+
+const char *
+http_errno_name(enum http_errno err) {
+  assert(((size_t) err) < ARRAY_SIZE(http_strerror_tab));
+  return http_strerror_tab[err].name;
+}
+
+const char *
+http_errno_description(enum http_errno err) {
+  assert(((size_t) err) < ARRAY_SIZE(http_strerror_tab));
+  return http_strerror_tab[err].description;
+}
+
+static enum http_host_state
+http_parse_host_char(enum http_host_state s, const char ch) {
+  switch(s) {
+    case s_http_userinfo:
+    case s_http_userinfo_start:
+      if (ch == '@') {
+        return s_http_host_start;
+      }
+
+      if (IS_USERINFO_CHAR(ch)) {
+        return s_http_userinfo;
+      }
+      break;
+
+    case s_http_host_start:
+      if (ch == '[') {
+        return s_http_host_v6_start;
+      }
+
+      if (IS_HOST_CHAR(ch)) {
+        return s_http_host;
+      }
+
+      break;
+
+    case s_http_host:
+      if (IS_HOST_CHAR(ch)) {
+        return s_http_host;
+      }
+
+    /* FALLTHROUGH */
+    case s_http_host_v6_end:
+      if (ch == ':') {
+        return s_http_host_port_start;
+      }
+
+      break;
+
+    case s_http_host_v6:
+      if (ch == ']') {
+        return s_http_host_v6_end;
+      }
+
+    /* FALLTHROUGH */
+    case s_http_host_v6_start:
+      if (IS_HEX(ch) || ch == ':' || ch == '.') {
+        return s_http_host_v6;
+      }
+
+      if (s == s_http_host_v6 && ch == '%') {
+        return s_http_host_v6_zone_start;
+      }
+      break;
+
+    case s_http_host_v6_zone:
+      if (ch == ']') {
+        return s_http_host_v6_end;
+      }
+
+    /* FALLTHROUGH */
+    case s_http_host_v6_zone_start:
+      /* RFC 6874 Zone ID consists of 1*( unreserved / pct-encoded) */
+      if (IS_ALPHANUM(ch) || ch == '%' || ch == '.' || ch == '-' || ch == '_' ||
+          ch == '~') {
+        return s_http_host_v6_zone;
+      }
+      break;
+
+    case s_http_host_port:
+    case s_http_host_port_start:
+      if (IS_NUM(ch)) {
+        return s_http_host_port;
+      }
+
+      break;
+
+    default:
+      break;
+  }
+  return s_http_host_dead;
+}
+
+static int
+http_parse_host(const char * buf, struct http_parser_url *u, int found_at) {
+  enum http_host_state s;
+
+  const char *p;
+  size_t buflen = u->field_data[UF_HOST].off + u->field_data[UF_HOST].len;
+
+  assert(u->field_set & (1 << UF_HOST));
+
+  u->field_data[UF_HOST].len = 0;
+
+  s = found_at ? s_http_userinfo_start : s_http_host_start;
+
+  for (p = buf + u->field_data[UF_HOST].off; p < buf + buflen; p++) {
+    enum http_host_state new_s = http_parse_host_char(s, *p);
+
+    if (new_s == s_http_host_dead) {
+      return 1;
+    }
+
+    switch(new_s) {
+      case s_http_host:
+        if (s != s_http_host) {
+          u->field_data[UF_HOST].off = p - buf;
+        }
+        u->field_data[UF_HOST].len++;
+        break;
+
+      case s_http_host_v6:
+        if (s != s_http_host_v6) {
+          u->field_data[UF_HOST].off = p - buf;
+        }
+        u->field_data[UF_HOST].len++;
+        break;
+
+      case s_http_host_v6_zone_start:
+      case s_http_host_v6_zone:
+        u->field_data[UF_HOST].len++;
+        break;
+
+      case s_http_host_port:
+        if (s != s_http_host_port) {
+          u->field_data[UF_PORT].off = p - buf;
+          u->field_data[UF_PORT].len = 0;
+          u->field_set |= (1 << UF_PORT);
+        }
+        u->field_data[UF_PORT].len++;
+        break;
+
+      case s_http_userinfo:
+        if (s != s_http_userinfo) {
+          u->field_data[UF_USERINFO].off = p - buf ;
+          u->field_data[UF_USERINFO].len = 0;
+          u->field_set |= (1 << UF_USERINFO);
+        }
+        u->field_data[UF_USERINFO].len++;
+        break;
+
+      default:
+        break;
+    }
+    s = new_s;
+  }
+
+  /* Make sure we don't end somewhere unexpected */
+  switch (s) {
+    case s_http_host_start:
+    case s_http_host_v6_start:
+    case s_http_host_v6:
+    case s_http_host_v6_zone_start:
+    case s_http_host_v6_zone:
+    case s_http_host_port_start:
+    case s_http_userinfo:
+    case s_http_userinfo_start:
+      return 1;
+    default:
+      break;
+  }
+
+  return 0;
+}
+
+void
+http_parser_url_init(struct http_parser_url *u) {
+  memset(u, 0, sizeof(*u));
+}
+
+int
+http_parser_parse_url(const char *buf, size_t buflen, int is_connect,
+                      struct http_parser_url *u)
+{
+  enum state s;
+  const char *p;
+  enum http_parser_url_fields uf, old_uf;
+  int found_at = 0;
+
+  u->port = u->field_set = 0;
+  s = is_connect ? s_req_server_start : s_req_spaces_before_url;
+  old_uf = UF_MAX;
+
+  for (p = buf; p < buf + buflen; p++) {
+    s = parse_url_char(s, *p);
+
+    /* Figure out the next field that we're operating on */
+    switch (s) {
+      case s_dead:
+        return 1;
+
+      /* Skip delimeters */
+      case s_req_schema_slash:
+      case s_req_schema_slash_slash:
+      case s_req_server_start:
+      case s_req_query_string_start:
+      case s_req_fragment_start:
+        continue;
+
+      case s_req_schema:
+        uf = UF_SCHEMA;
+        break;
+
+      case s_req_server_with_at:
+        found_at = 1;
+
+      /* FALLTROUGH */
+      case s_req_server:
+        uf = UF_HOST;
+        break;
+
+      case s_req_path:
+        uf = UF_PATH;
+        break;
+
+      case s_req_query_string:
+        uf = UF_QUERY;
+        break;
+
+      case s_req_fragment:
+        uf = UF_FRAGMENT;
+        break;
+
+      default:
+        assert(!"Unexpected state");
+        return 1;
+    }
+
+    /* Nothing's changed; soldier on */
+    if (uf == old_uf) {
+      u->field_data[uf].len++;
+      continue;
+    }
+
+    u->field_data[uf].off = p - buf;
+    u->field_data[uf].len = 1;
+
+    u->field_set |= (1 << uf);
+    old_uf = uf;
+  }
+
+  /* host must be present if there is a schema */
+  /* parsing http:///toto will fail */
+  if ((u->field_set & (1 << UF_SCHEMA)) &&
+      (u->field_set & (1 << UF_HOST)) == 0) {
+    return 1;
+  }
+
+  if (u->field_set & (1 << UF_HOST)) {
+    if (http_parse_host(buf, u, found_at) != 0) {
+      return 1;
+    }
+  }
+
+  /* CONNECT requests can only contain "hostname:port" */
+  if (is_connect && u->field_set != ((1 << UF_HOST)|(1 << UF_PORT))) {
+    return 1;
+  }
+
+  if (u->field_set & (1 << UF_PORT)) {
+    /* Don't bother with endp; we've already validated the string */
+    unsigned long v = strtoul(buf + u->field_data[UF_PORT].off, NULL, 10);
+
+    /* Ports have a max value of 2^16 */
+    if (v > 0xffff) {
+      return 1;
+    }
+
+    u->port = (uint16_t) v;
+  }
+
+  return 0;
+}
+
+void
+http_parser_pause(http_parser *parser, int paused) {
+  /* Users should only be pausing/unpausing a parser that is not in an error
+   * state. In non-debug builds, there's not much that we can do about this
+   * other than ignore it.
+   */
+  if (HTTP_PARSER_ERRNO(parser) == HPE_OK ||
+      HTTP_PARSER_ERRNO(parser) == HPE_PAUSED) {
+    SET_ERRNO((paused) ? HPE_PAUSED : HPE_OK);
+  } else {
+    assert(0 && "Attempting to pause parser in error state");
+  }
+}
+
+int
+http_body_is_final(const struct http_parser *parser) {
+    return parser->state == s_message_done;
+}
+
+unsigned long
+http_parser_version(void) {
+  return HTTP_PARSER_VERSION_MAJOR * 0x10000 |
+         HTTP_PARSER_VERSION_MINOR * 0x00100 |
+         HTTP_PARSER_VERSION_PATCH * 0x00001;
+}
diff --git a/ext/http-parser/http_parser.h b/ext/http-parser/http_parser.h
new file mode 100644
index 0000000..105ae51
--- /dev/null
+++ b/ext/http-parser/http_parser.h
@@ -0,0 +1,362 @@
+/* Copyright Joyent, Inc. and other Node contributors. All rights reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+#ifndef http_parser_h
+#define http_parser_h
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Also update SONAME in the Makefile whenever you change these. */
+#define HTTP_PARSER_VERSION_MAJOR 2
+#define HTTP_PARSER_VERSION_MINOR 7
+#define HTTP_PARSER_VERSION_PATCH 0
+
+#include <sys/types.h>
+#if defined(_WIN32) && !defined(__MINGW32__) && \
+  (!defined(_MSC_VER) || _MSC_VER<1600) && !defined(__WINE__)
+#include <BaseTsd.h>
+#include <stddef.h>
+typedef __int8 int8_t;
+typedef unsigned __int8 uint8_t;
+typedef __int16 int16_t;
+typedef unsigned __int16 uint16_t;
+typedef __int32 int32_t;
+typedef unsigned __int32 uint32_t;
+typedef __int64 int64_t;
+typedef unsigned __int64 uint64_t;
+#else
+#include <stdint.h>
+#endif
+
+/* Compile with -DHTTP_PARSER_STRICT=0 to make less checks, but run
+ * faster
+ */
+#ifndef HTTP_PARSER_STRICT
+# define HTTP_PARSER_STRICT 1
+#endif
+
+/* Maximium header size allowed. If the macro is not defined
+ * before including this header then the default is used. To
+ * change the maximum header size, define the macro in the build
+ * environment (e.g. -DHTTP_MAX_HEADER_SIZE=<value>). To remove
+ * the effective limit on the size of the header, define the macro
+ * to a very large number (e.g. -DHTTP_MAX_HEADER_SIZE=0x7fffffff)
+ */
+#ifndef HTTP_MAX_HEADER_SIZE
+# define HTTP_MAX_HEADER_SIZE (80*1024)
+#endif
+
+typedef struct http_parser http_parser;
+typedef struct http_parser_settings http_parser_settings;
+
+
+/* Callbacks should return non-zero to indicate an error. The parser will
+ * then halt execution.
+ *
+ * The one exception is on_headers_complete. In a HTTP_RESPONSE parser
+ * returning '1' from on_headers_complete will tell the parser that it
+ * should not expect a body. This is used when receiving a response to a
+ * HEAD request which may contain 'Content-Length' or 'Transfer-Encoding:
+ * chunked' headers that indicate the presence of a body.
+ *
+ * Returning `2` from on_headers_complete will tell parser that it should not
+ * expect neither a body nor any futher responses on this connection. This is
+ * useful for handling responses to a CONNECT request which may not contain
+ * `Upgrade` or `Connection: upgrade` headers.
+ *
+ * http_data_cb does not return data chunks. It will be called arbitrarily
+ * many times for each string. E.G. you might get 10 callbacks for "on_url"
+ * each providing just a few characters more data.
+ */
+typedef int (*http_data_cb) (http_parser*, const char *at, size_t length);
+typedef int (*http_cb) (http_parser*);
+
+
+/* Request Methods */
+#define HTTP_METHOD_MAP(XX)         \
+  XX(0,  DELETE,      DELETE)       \
+  XX(1,  GET,         GET)          \
+  XX(2,  HEAD,        HEAD)         \
+  XX(3,  POST,        POST)         \
+  XX(4,  PUT,         PUT)          \
+  /* pathological */                \
+  XX(5,  CONNECT,     CONNECT)      \
+  XX(6,  OPTIONS,     OPTIONS)      \
+  XX(7,  TRACE,       TRACE)        \
+  /* WebDAV */                      \
+  XX(8,  COPY,        COPY)         \
+  XX(9,  LOCK,        LOCK)         \
+  XX(10, MKCOL,       MKCOL)        \
+  XX(11, MOVE,        MOVE)         \
+  XX(12, PROPFIND,    PROPFIND)     \
+  XX(13, PROPPATCH,   PROPPATCH)    \
+  XX(14, SEARCH,      SEARCH)       \
+  XX(15, UNLOCK,      UNLOCK)       \
+  XX(16, BIND,        BIND)         \
+  XX(17, REBIND,      REBIND)       \
+  XX(18, UNBIND,      UNBIND)       \
+  XX(19, ACL,         ACL)          \
+  /* subversion */                  \
+  XX(20, REPORT,      REPORT)       \
+  XX(21, MKACTIVITY,  MKACTIVITY)   \
+  XX(22, CHECKOUT,    CHECKOUT)     \
+  XX(23, MERGE,       MERGE)        \
+  /* upnp */                        \
+  XX(24, MSEARCH,     M-SEARCH)     \
+  XX(25, NOTIFY,      NOTIFY)       \
+  XX(26, SUBSCRIBE,   SUBSCRIBE)    \
+  XX(27, UNSUBSCRIBE, UNSUBSCRIBE)  \
+  /* RFC-5789 */                    \
+  XX(28, PATCH,       PATCH)        \
+  XX(29, PURGE,       PURGE)        \
+  /* CalDAV */                      \
+  XX(30, MKCALENDAR,  MKCALENDAR)   \
+  /* RFC-2068, section 19.6.1.2 */  \
+  XX(31, LINK,        LINK)         \
+  XX(32, UNLINK,      UNLINK)       \
+
+enum http_method
+  {
+#define XX(num, name, string) HTTP_##name = num,
+  HTTP_METHOD_MAP(XX)
+#undef XX
+  };
+
+
+enum http_parser_type { HTTP_REQUEST, HTTP_RESPONSE, HTTP_BOTH };
+
+
+/* Flag values for http_parser.flags field */
+enum flags
+  { F_CHUNKED               = 1 << 0
+  , F_CONNECTION_KEEP_ALIVE = 1 << 1
+  , F_CONNECTION_CLOSE      = 1 << 2
+  , F_CONNECTION_UPGRADE    = 1 << 3
+  , F_TRAILING              = 1 << 4
+  , F_UPGRADE               = 1 << 5
+  , F_SKIPBODY              = 1 << 6
+  , F_CONTENTLENGTH         = 1 << 7
+  };
+
+
+/* Map for errno-related constants
+ *
+ * The provided argument should be a macro that takes 2 arguments.
+ */
+#define HTTP_ERRNO_MAP(XX)                                           \
+  /* No error */                                                     \
+  XX(OK, "success")                                                  \
+                                                                     \
+  /* Callback-related errors */                                      \
+  XX(CB_message_begin, "the on_message_begin callback failed")       \
+  XX(CB_url, "the on_url callback failed")                           \
+  XX(CB_header_field, "the on_header_field callback failed")         \
+  XX(CB_header_value, "the on_header_value callback failed")         \
+  XX(CB_headers_complete, "the on_headers_complete callback failed") \
+  XX(CB_body, "the on_body callback failed")                         \
+  XX(CB_message_complete, "the on_message_complete callback failed") \
+  XX(CB_status, "the on_status callback failed")                     \
+  XX(CB_chunk_header, "the on_chunk_header callback failed")         \
+  XX(CB_chunk_complete, "the on_chunk_complete callback failed")     \
+                                                                     \
+  /* Parsing-related errors */                                       \
+  XX(INVALID_EOF_STATE, "stream ended at an unexpected time")        \
+  XX(HEADER_OVERFLOW,                                                \
+     "too many header bytes seen; overflow detected")                \
+  XX(CLOSED_CONNECTION,                                              \
+     "data received after completed connection: close message")      \
+  XX(INVALID_VERSION, "invalid HTTP version")                        \
+  XX(INVALID_STATUS, "invalid HTTP status code")                     \
+  XX(INVALID_METHOD, "invalid HTTP method")                          \
+  XX(INVALID_URL, "invalid URL")                                     \
+  XX(INVALID_HOST, "invalid host")                                   \
+  XX(INVALID_PORT, "invalid port")                                   \
+  XX(INVALID_PATH, "invalid path")                                   \
+  XX(INVALID_QUERY_STRING, "invalid query string")                   \
+  XX(INVALID_FRAGMENT, "invalid fragment")                           \
+  XX(LF_EXPECTED, "LF character expected")                           \
+  XX(INVALID_HEADER_TOKEN, "invalid character in header")            \
+  XX(INVALID_CONTENT_LENGTH,                                         \
+     "invalid character in content-length header")                   \
+  XX(UNEXPECTED_CONTENT_LENGTH,                                      \
+     "unexpected content-length header")                             \
+  XX(INVALID_CHUNK_SIZE,                                             \
+     "invalid character in chunk size header")                       \
+  XX(INVALID_CONSTANT, "invalid constant string")                    \
+  XX(INVALID_INTERNAL_STATE, "encountered unexpected internal state")\
+  XX(STRICT, "strict mode assertion failed")                         \
+  XX(PAUSED, "parser is paused")                                     \
+  XX(UNKNOWN, "an unknown error occurred")
+
+
+/* Define HPE_* values for each errno value above */
+#define HTTP_ERRNO_GEN(n, s) HPE_##n,
+enum http_errno {
+  HTTP_ERRNO_MAP(HTTP_ERRNO_GEN)
+};
+#undef HTTP_ERRNO_GEN
+
+
+/* Get an http_errno value from an http_parser */
+#define HTTP_PARSER_ERRNO(p)            ((enum http_errno) (p)->http_errno)
+
+
+struct http_parser {
+  /** PRIVATE **/
+  unsigned int type : 2;         /* enum http_parser_type */
+  unsigned int flags : 8;        /* F_* values from 'flags' enum; semi-public */
+  unsigned int state : 7;        /* enum state from http_parser.c */
+  unsigned int header_state : 7; /* enum header_state from http_parser.c */
+  unsigned int index : 7;        /* index into current matcher */
+  unsigned int lenient_http_headers : 1;
+
+  uint32_t nread;          /* # bytes read in various scenarios */
+  uint64_t content_length; /* # bytes in body (0 if no Content-Length header) */
+
+  /** READ-ONLY **/
+  unsigned short http_major;
+  unsigned short http_minor;
+  unsigned int status_code : 16; /* responses only */
+  unsigned int method : 8;       /* requests only */
+  unsigned int http_errno : 7;
+
+  /* 1 = Upgrade header was present and the parser has exited because of that.
+   * 0 = No upgrade header present.
+   * Should be checked when http_parser_execute() returns in addition to
+   * error checking.
+   */
+  unsigned int upgrade : 1;
+
+  /** PUBLIC **/
+  void *data; /* A pointer to get hook to the "connection" or "socket" object */
+};
+
+
+struct http_parser_settings {
+  http_cb      on_message_begin;
+  http_data_cb on_url;
+  http_data_cb on_status;
+  http_data_cb on_header_field;
+  http_data_cb on_header_value;
+  http_cb      on_headers_complete;
+  http_data_cb on_body;
+  http_cb      on_message_complete;
+  /* When on_chunk_header is called, the current chunk length is stored
+   * in parser->content_length.
+   */
+  http_cb      on_chunk_header;
+  http_cb      on_chunk_complete;
+};
+
+
+enum http_parser_url_fields
+  { UF_SCHEMA           = 0
+  , UF_HOST             = 1
+  , UF_PORT             = 2
+  , UF_PATH             = 3
+  , UF_QUERY            = 4
+  , UF_FRAGMENT         = 5
+  , UF_USERINFO         = 6
+  , UF_MAX              = 7
+  };
+
+
+/* Result structure for http_parser_parse_url().
+ *
+ * Callers should index into field_data[] with UF_* values iff field_set
+ * has the relevant (1 << UF_*) bit set. As a courtesy to clients (and
+ * because we probably have padding left over), we convert any port to
+ * a uint16_t.
+ */
+struct http_parser_url {
+  uint16_t field_set;           /* Bitmask of (1 << UF_*) values */
+  uint16_t port;                /* Converted UF_PORT string */
+
+  struct {
+    uint16_t off;               /* Offset into buffer in which field starts */
+    uint16_t len;               /* Length of run in buffer */
+  } field_data[UF_MAX];
+};
+
+
+/* Returns the library version. Bits 16-23 contain the major version number,
+ * bits 8-15 the minor version number and bits 0-7 the patch level.
+ * Usage example:
+ *
+ *   unsigned long version = http_parser_version();
+ *   unsigned major = (version >> 16) & 255;
+ *   unsigned minor = (version >> 8) & 255;
+ *   unsigned patch = version & 255;
+ *   printf("http_parser v%u.%u.%u\n", major, minor, patch);
+ */
+unsigned long http_parser_version(void);
+
+void http_parser_init(http_parser *parser, enum http_parser_type type);
+
+
+/* Initialize http_parser_settings members to 0
+ */
+void http_parser_settings_init(http_parser_settings *settings);
+
+
+/* Executes the parser. Returns number of parsed bytes. Sets
+ * `parser->http_errno` on error. */
+size_t http_parser_execute(http_parser *parser,
+                           const http_parser_settings *settings,
+                           const char *data,
+                           size_t len);
+
+
+/* If http_should_keep_alive() in the on_headers_complete or
+ * on_message_complete callback returns 0, then this should be
+ * the last message on the connection.
+ * If you are the server, respond with the "Connection: close" header.
+ * If you are the client, close the connection.
+ */
+int http_should_keep_alive(const http_parser *parser);
+
+/* Returns a string version of the HTTP method. */
+const char *http_method_str(enum http_method m);
+
+/* Return a string name of the given error */
+const char *http_errno_name(enum http_errno err);
+
+/* Return a string description of the given error */
+const char *http_errno_description(enum http_errno err);
+
+/* Initialize all http_parser_url members to 0 */
+void http_parser_url_init(struct http_parser_url *u);
+
+/* Parse a URL; return nonzero on failure */
+int http_parser_parse_url(const char *buf, size_t buflen,
+                          int is_connect,
+                          struct http_parser_url *u);
+
+/* Pause or un-pause the parser; a nonzero value pauses */
+void http_parser_pause(http_parser *parser, int paused);
+
+/* Checks if this is the final chunk of the body. */
+int http_body_is_final(const http_parser *parser);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/ext/installfiles/linux/zerotier-one.init.rhel6 b/ext/installfiles/linux/zerotier-one.init.rhel6
new file mode 100755
index 0000000..3ff2f18
--- /dev/null
+++ b/ext/installfiles/linux/zerotier-one.init.rhel6
@@ -0,0 +1,138 @@
+#!/bin/bash
+#
+# zerotier-one		Start the ZeroTier One network virtualization service
+#
+# chkconfig: 2345 55 25
+# description: ZeroTier One allows systems to join and participate in \
+#              ZeroTier virtual networks. See https://www.zerotier.com/
+#
+# processname: zerotier-one
+# config: /var/lib/zerotier-one/identity.public
+# config: /var/lib/zerotier-one/identity.secret
+# config: /var/lib/zerotier-one/local.conf
+# config: /var/lib/zerotier-one/authtoken.secret
+# pidfile: /var/lib/zerotier-one/zerotier-one.pid
+
+### BEGIN INIT INFO
+# Provides: zerotier-one
+# Required-Start: $local_fs $network $syslog
+# Required-Stop: $local_fs $syslog
+# Should-Start: $syslog
+# Should-Stop: $network $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Start the ZeroTier One network virtualization service
+# Description:       ZeroTier One allows systems to join and participate in
+#		     ZeroTier virtual networks. See https://www.zerotier.com/
+### END INIT INFO
+
+# source function library
+. /etc/rc.d/init.d/functions
+
+# pull in sysconfig settings
+[ -f /etc/sysconfig/zerotier-one ] && . /etc/sysconfig/zerotier-one
+
+RETVAL=0
+prog="zerotier-one"
+lockfile=/var/lock/subsys/$prog
+ZT="/usr/sbin/zerotier-one"
+PID_FILE=/var/lib/zerotier-one/zerotier-one.pid
+
+runlevel=$(set -- $(runlevel); eval "echo \$$#" )
+
+start()
+{
+	[ -x $ZT ] || exit 5
+	echo -n $"Starting $prog: "
+	$ZT $ZT_OPTIONS -d && success || failure
+	RETVAL=$?
+	[ $RETVAL -eq 0 ] && touch $lockfile
+	echo
+	return $RETVAL
+}
+
+stop()
+{
+	echo -n $"Stopping $prog: "
+	killproc -p $PID_FILE $ZT
+	RETVAL=$?
+	if [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; then
+	    trap '' TERM
+	    killall $prog 2>/dev/null
+	    trap TERM
+	fi
+	[ $RETVAL -eq 0 ] && rm -f $lockfile
+	echo
+}
+
+reload()
+{
+	stop
+	start
+}
+
+restart() {
+	stop
+	start
+}
+
+force_reload() {
+	restart
+}
+
+rh_status() {
+	status -p $PID_FILE zerotier-one
+}
+
+rh_status_q() {
+	rh_status >/dev/null 2>&1
+}
+
+case "$1" in
+	start)
+		rh_status_q && exit 0
+		start
+		;;
+	stop)
+		if ! rh_status_q; then
+			rm -f $lockfile
+			exit 0
+		fi
+		stop
+		;;
+	restart)
+		restart
+		;;
+	reload)
+		rh_status_q || exit 7
+		reload
+		;;
+	force-reload)
+		force_reload
+		;;
+	condrestart|try-restart)
+		rh_status_q || exit 0
+		if [ -f $lockfile ] ; then
+			do_restart_sanity_check
+			if [ $RETVAL -eq 0 ] ; then
+				stop
+				# avoid race
+				sleep 3
+				start
+			else
+				RETVAL=6
+			fi
+		fi
+		;;
+	status)
+		rh_status
+		RETVAL=$?
+		if [ $RETVAL -eq 3 -a -f $lockfile ] ; then
+			RETVAL=2
+		fi
+		;;
+	*)
+		echo $"Usage: $0 {start|stop|restart|reload|force-reload|condrestart|try-restart|status}"
+		RETVAL=2
+esac
+exit $RETVAL
diff --git a/ext/installfiles/mac/ZeroTier One.pkgproj b/ext/installfiles/mac/ZeroTier One.pkgproj
new file mode 100755
index 0000000..d973052
--- /dev/null
+++ b/ext/installfiles/mac/ZeroTier One.pkgproj	
@@ -0,0 +1,985 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PROJECT</key>
+	<dict>
+		<key>PACKAGE_FILES</key>
+		<dict>
+			<key>DEFAULT_INSTALL_LOCATION</key>
+			<string>/</string>
+			<key>HIERARCHY</key>
+			<dict>
+				<key>CHILDREN</key>
+				<array>
+					<dict>
+						<key>CHILDREN</key>
+						<array>
+							<dict>
+								<key>CHILDREN</key>
+								<array/>
+								<key>GID</key>
+								<integer>80</integer>
+								<key>PATH</key>
+								<string>Utilities</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+							<dict>
+								<key>CHILDREN</key>
+								<array/>
+								<key>GID</key>
+								<integer>80</integer>
+								<key>PATH</key>
+								<string>mac-ui-macgap1-wrapper/bin/ZeroTier One.app</string>
+								<key>PATH_TYPE</key>
+								<integer>1</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>3</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+						</array>
+						<key>GID</key>
+						<integer>80</integer>
+						<key>PATH</key>
+						<string>Applications</string>
+						<key>PATH_TYPE</key>
+						<integer>0</integer>
+						<key>PERMISSIONS</key>
+						<integer>509</integer>
+						<key>TYPE</key>
+						<integer>1</integer>
+						<key>UID</key>
+						<integer>0</integer>
+					</dict>
+					<dict>
+						<key>CHILDREN</key>
+						<array>
+							<dict>
+								<key>CHILDREN</key>
+								<array>
+									<dict>
+										<key>CHILDREN</key>
+										<array>
+											<dict>
+												<key>CHILDREN</key>
+												<array>
+													<dict>
+														<key>CHILDREN</key>
+														<array/>
+														<key>GID</key>
+														<integer>0</integer>
+														<key>PATH</key>
+														<string>get-proxy-settings.sh</string>
+														<key>PATH_TYPE</key>
+														<integer>1</integer>
+														<key>PERMISSIONS</key>
+														<integer>493</integer>
+														<key>TYPE</key>
+														<integer>3</integer>
+														<key>UID</key>
+														<integer>0</integer>
+													</dict>
+													<dict>
+														<key>CHILDREN</key>
+														<array/>
+														<key>GID</key>
+														<integer>0</integer>
+														<key>PATH</key>
+														<string>launch.sh</string>
+														<key>PATH_TYPE</key>
+														<integer>1</integer>
+														<key>PERMISSIONS</key>
+														<integer>493</integer>
+														<key>TYPE</key>
+														<integer>3</integer>
+														<key>UID</key>
+														<integer>0</integer>
+													</dict>
+													<dict>
+														<key>CHILDREN</key>
+														<array/>
+														<key>GID</key>
+														<integer>0</integer>
+														<key>PATH</key>
+														<string>../../bin/tap-mac/tap.kext</string>
+														<key>PATH_TYPE</key>
+														<integer>1</integer>
+														<key>PERMISSIONS</key>
+														<integer>493</integer>
+														<key>TYPE</key>
+														<integer>3</integer>
+														<key>UID</key>
+														<integer>0</integer>
+													</dict>
+													<dict>
+														<key>CHILDREN</key>
+														<array>
+															<dict>
+																<key>CHILDREN</key>
+																<array/>
+																<key>GID</key>
+																<integer>0</integer>
+																<key>PATH</key>
+																<string>ui/index.html</string>
+																<key>PATH_TYPE</key>
+																<integer>1</integer>
+																<key>PERMISSIONS</key>
+																<integer>420</integer>
+																<key>TYPE</key>
+																<integer>3</integer>
+																<key>UID</key>
+																<integer>0</integer>
+															</dict>
+															<dict>
+																<key>CHILDREN</key>
+																<array/>
+																<key>GID</key>
+																<integer>0</integer>
+																<key>PATH</key>
+																<string>ui/main.js</string>
+																<key>PATH_TYPE</key>
+																<integer>1</integer>
+																<key>PERMISSIONS</key>
+																<integer>420</integer>
+																<key>TYPE</key>
+																<integer>3</integer>
+																<key>UID</key>
+																<integer>0</integer>
+															</dict>
+															<dict>
+																<key>CHILDREN</key>
+																<array/>
+																<key>GID</key>
+																<integer>0</integer>
+																<key>PATH</key>
+																<string>ui/react.min.js</string>
+																<key>PATH_TYPE</key>
+																<integer>1</integer>
+																<key>PERMISSIONS</key>
+																<integer>420</integer>
+																<key>TYPE</key>
+																<integer>3</integer>
+																<key>UID</key>
+																<integer>0</integer>
+															</dict>
+															<dict>
+																<key>CHILDREN</key>
+																<array/>
+																<key>GID</key>
+																<integer>0</integer>
+																<key>PATH</key>
+																<string>ui/simpleajax.min.js</string>
+																<key>PATH_TYPE</key>
+																<integer>1</integer>
+																<key>PERMISSIONS</key>
+																<integer>420</integer>
+																<key>TYPE</key>
+																<integer>3</integer>
+																<key>UID</key>
+																<integer>0</integer>
+															</dict>
+															<dict>
+																<key>CHILDREN</key>
+																<array/>
+																<key>GID</key>
+																<integer>0</integer>
+																<key>PATH</key>
+																<string>ui/zerotier.css</string>
+																<key>PATH_TYPE</key>
+																<integer>1</integer>
+																<key>PERMISSIONS</key>
+																<integer>420</integer>
+																<key>TYPE</key>
+																<integer>3</integer>
+																<key>UID</key>
+																<integer>0</integer>
+															</dict>
+															<dict>
+																<key>CHILDREN</key>
+																<array/>
+																<key>GID</key>
+																<integer>0</integer>
+																<key>PATH</key>
+																<string>ui/ztui.min.js</string>
+																<key>PATH_TYPE</key>
+																<integer>1</integer>
+																<key>PERMISSIONS</key>
+																<integer>420</integer>
+																<key>TYPE</key>
+																<integer>3</integer>
+																<key>UID</key>
+																<integer>0</integer>
+															</dict>
+														</array>
+														<key>GID</key>
+														<integer>0</integer>
+														<key>PATH</key>
+														<string>ui</string>
+														<key>PATH_TYPE</key>
+														<integer>0</integer>
+														<key>PERMISSIONS</key>
+														<integer>493</integer>
+														<key>TYPE</key>
+														<integer>2</integer>
+														<key>UID</key>
+														<integer>0</integer>
+													</dict>
+													<dict>
+														<key>CHILDREN</key>
+														<array/>
+														<key>GID</key>
+														<integer>0</integer>
+														<key>PATH</key>
+														<string>uninstall.sh</string>
+														<key>PATH_TYPE</key>
+														<integer>1</integer>
+														<key>PERMISSIONS</key>
+														<integer>493</integer>
+														<key>TYPE</key>
+														<integer>3</integer>
+														<key>UID</key>
+														<integer>0</integer>
+													</dict>
+													<dict>
+														<key>CHILDREN</key>
+														<array/>
+														<key>GID</key>
+														<integer>0</integer>
+														<key>PATH</key>
+														<string>../../../zerotier-one</string>
+														<key>PATH_TYPE</key>
+														<integer>1</integer>
+														<key>PERMISSIONS</key>
+														<integer>493</integer>
+														<key>TYPE</key>
+														<integer>3</integer>
+														<key>UID</key>
+														<integer>0</integer>
+													</dict>
+												</array>
+												<key>GID</key>
+												<integer>80</integer>
+												<key>PATH</key>
+												<string>One</string>
+												<key>PATH_TYPE</key>
+												<integer>0</integer>
+												<key>PERMISSIONS</key>
+												<integer>493</integer>
+												<key>TYPE</key>
+												<integer>2</integer>
+												<key>UID</key>
+												<integer>0</integer>
+											</dict>
+										</array>
+										<key>GID</key>
+										<integer>80</integer>
+										<key>PATH</key>
+										<string>ZeroTier</string>
+										<key>PATH_TYPE</key>
+										<integer>0</integer>
+										<key>PERMISSIONS</key>
+										<integer>493</integer>
+										<key>TYPE</key>
+										<integer>2</integer>
+										<key>UID</key>
+										<integer>0</integer>
+									</dict>
+								</array>
+								<key>GID</key>
+								<integer>80</integer>
+								<key>PATH</key>
+								<string>Application Support</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+							<dict>
+								<key>CHILDREN</key>
+								<array/>
+								<key>GID</key>
+								<integer>0</integer>
+								<key>PATH</key>
+								<string>Automator</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+							<dict>
+								<key>CHILDREN</key>
+								<array/>
+								<key>GID</key>
+								<integer>0</integer>
+								<key>PATH</key>
+								<string>Documentation</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+							<dict>
+								<key>CHILDREN</key>
+								<array/>
+								<key>GID</key>
+								<integer>0</integer>
+								<key>PATH</key>
+								<string>Filesystems</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+							<dict>
+								<key>CHILDREN</key>
+								<array/>
+								<key>GID</key>
+								<integer>0</integer>
+								<key>PATH</key>
+								<string>Frameworks</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+							<dict>
+								<key>CHILDREN</key>
+								<array/>
+								<key>GID</key>
+								<integer>0</integer>
+								<key>PATH</key>
+								<string>Input Methods</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+							<dict>
+								<key>CHILDREN</key>
+								<array/>
+								<key>GID</key>
+								<integer>0</integer>
+								<key>PATH</key>
+								<string>Internet Plug-Ins</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+							<dict>
+								<key>CHILDREN</key>
+								<array/>
+								<key>GID</key>
+								<integer>0</integer>
+								<key>PATH</key>
+								<string>LaunchAgents</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+							<dict>
+								<key>CHILDREN</key>
+								<array>
+									<dict>
+										<key>CHILDREN</key>
+										<array/>
+										<key>GID</key>
+										<integer>0</integer>
+										<key>PATH</key>
+										<string>com.zerotier.one.plist</string>
+										<key>PATH_TYPE</key>
+										<integer>1</integer>
+										<key>PERMISSIONS</key>
+										<integer>420</integer>
+										<key>TYPE</key>
+										<integer>3</integer>
+										<key>UID</key>
+										<integer>0</integer>
+									</dict>
+								</array>
+								<key>GID</key>
+								<integer>0</integer>
+								<key>PATH</key>
+								<string>LaunchDaemons</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+							<dict>
+								<key>CHILDREN</key>
+								<array/>
+								<key>GID</key>
+								<integer>0</integer>
+								<key>PATH</key>
+								<string>PreferencePanes</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+							<dict>
+								<key>CHILDREN</key>
+								<array/>
+								<key>GID</key>
+								<integer>0</integer>
+								<key>PATH</key>
+								<string>Preferences</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+							<dict>
+								<key>CHILDREN</key>
+								<array/>
+								<key>GID</key>
+								<integer>80</integer>
+								<key>PATH</key>
+								<string>Printers</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+							<dict>
+								<key>CHILDREN</key>
+								<array/>
+								<key>GID</key>
+								<integer>0</integer>
+								<key>PATH</key>
+								<string>PrivilegedHelperTools</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+							<dict>
+								<key>CHILDREN</key>
+								<array/>
+								<key>GID</key>
+								<integer>0</integer>
+								<key>PATH</key>
+								<string>QuickLook</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+							<dict>
+								<key>CHILDREN</key>
+								<array/>
+								<key>GID</key>
+								<integer>0</integer>
+								<key>PATH</key>
+								<string>QuickTime</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+							<dict>
+								<key>CHILDREN</key>
+								<array/>
+								<key>GID</key>
+								<integer>0</integer>
+								<key>PATH</key>
+								<string>Screen Savers</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+							<dict>
+								<key>CHILDREN</key>
+								<array/>
+								<key>GID</key>
+								<integer>0</integer>
+								<key>PATH</key>
+								<string>Scripts</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+							<dict>
+								<key>CHILDREN</key>
+								<array/>
+								<key>GID</key>
+								<integer>0</integer>
+								<key>PATH</key>
+								<string>Services</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+							<dict>
+								<key>CHILDREN</key>
+								<array/>
+								<key>GID</key>
+								<integer>0</integer>
+								<key>PATH</key>
+								<string>Widgets</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+						</array>
+						<key>GID</key>
+						<integer>0</integer>
+						<key>PATH</key>
+						<string>Library</string>
+						<key>PATH_TYPE</key>
+						<integer>0</integer>
+						<key>PERMISSIONS</key>
+						<integer>493</integer>
+						<key>TYPE</key>
+						<integer>1</integer>
+						<key>UID</key>
+						<integer>0</integer>
+					</dict>
+					<dict>
+						<key>CHILDREN</key>
+						<array>
+							<dict>
+								<key>CHILDREN</key>
+								<array>
+									<dict>
+										<key>CHILDREN</key>
+										<array/>
+										<key>GID</key>
+										<integer>0</integer>
+										<key>PATH</key>
+										<string>Extensions</string>
+										<key>PATH_TYPE</key>
+										<integer>0</integer>
+										<key>PERMISSIONS</key>
+										<integer>493</integer>
+										<key>TYPE</key>
+										<integer>1</integer>
+										<key>UID</key>
+										<integer>0</integer>
+									</dict>
+								</array>
+								<key>GID</key>
+								<integer>0</integer>
+								<key>PATH</key>
+								<string>Library</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>493</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+						</array>
+						<key>GID</key>
+						<integer>0</integer>
+						<key>PATH</key>
+						<string>System</string>
+						<key>PATH_TYPE</key>
+						<integer>0</integer>
+						<key>PERMISSIONS</key>
+						<integer>493</integer>
+						<key>TYPE</key>
+						<integer>1</integer>
+						<key>UID</key>
+						<integer>0</integer>
+					</dict>
+					<dict>
+						<key>CHILDREN</key>
+						<array>
+							<dict>
+								<key>CHILDREN</key>
+								<array/>
+								<key>GID</key>
+								<integer>0</integer>
+								<key>PATH</key>
+								<string>Shared</string>
+								<key>PATH_TYPE</key>
+								<integer>0</integer>
+								<key>PERMISSIONS</key>
+								<integer>1023</integer>
+								<key>TYPE</key>
+								<integer>1</integer>
+								<key>UID</key>
+								<integer>0</integer>
+							</dict>
+						</array>
+						<key>GID</key>
+						<integer>80</integer>
+						<key>PATH</key>
+						<string>Users</string>
+						<key>PATH_TYPE</key>
+						<integer>0</integer>
+						<key>PERMISSIONS</key>
+						<integer>493</integer>
+						<key>TYPE</key>
+						<integer>1</integer>
+						<key>UID</key>
+						<integer>0</integer>
+					</dict>
+				</array>
+				<key>GID</key>
+				<integer>0</integer>
+				<key>PATH</key>
+				<string>/</string>
+				<key>PATH_TYPE</key>
+				<integer>0</integer>
+				<key>PERMISSIONS</key>
+				<integer>493</integer>
+				<key>TYPE</key>
+				<integer>1</integer>
+				<key>UID</key>
+				<integer>0</integer>
+			</dict>
+			<key>PAYLOAD_TYPE</key>
+			<integer>0</integer>
+			<key>VERSION</key>
+			<integer>3</integer>
+		</dict>
+		<key>PACKAGE_SCRIPTS</key>
+		<dict>
+			<key>POSTINSTALL_PATH</key>
+			<dict>
+				<key>PATH</key>
+				<string>postinst.sh</string>
+				<key>PATH_TYPE</key>
+				<integer>1</integer>
+			</dict>
+			<key>PREINSTALL_PATH</key>
+			<dict>
+				<key>PATH</key>
+				<string>preinst.sh</string>
+				<key>PATH_TYPE</key>
+				<integer>1</integer>
+			</dict>
+			<key>RESOURCES</key>
+			<array/>
+		</dict>
+		<key>PACKAGE_SETTINGS</key>
+		<dict>
+			<key>AUTHENTICATION</key>
+			<integer>1</integer>
+			<key>CONCLUSION_ACTION</key>
+			<integer>0</integer>
+			<key>IDENTIFIER</key>
+			<string>com.zerotier.pkg.ZeroTierOne</string>
+			<key>OVERWRITE_PERMISSIONS</key>
+			<false/>
+			<key>VERSION</key>
+			<string>1.1.14</string>
+		</dict>
+		<key>PROJECT_COMMENTS</key>
+		<dict>
+			<key>NOTES</key>
+			<data>
+			PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE1M
+			IDQuMDEvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvVFIvaHRtbDQv
+			c3RyaWN0LmR0ZCI+CjxodG1sPgo8aGVhZD4KPG1ldGEgaHR0cC1l
+			cXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7
+			IGNoYXJzZXQ9VVRGLTgiPgo8bWV0YSBodHRwLWVxdWl2PSJDb250
+			ZW50LVN0eWxlLVR5cGUiIGNvbnRlbnQ9InRleHQvY3NzIj4KPHRp
+			dGxlPjwvdGl0bGU+CjxtZXRhIG5hbWU9IkdlbmVyYXRvciIgY29u
+			dGVudD0iQ29jb2EgSFRNTCBXcml0ZXIiPgo8bWV0YSBuYW1lPSJD
+			b2NvYVZlcnNpb24iIGNvbnRlbnQ9IjE0MDQuNDciPgo8c3R5bGUg
+			dHlwZT0idGV4dC9jc3MiPgpwLnAxIHttYXJnaW46IDAuMHB4IDAu
+			MHB4IDAuMHB4IDAuMHB4OyBsaW5lLWhlaWdodDogMTQuMHB4OyBm
+			b250OiAxMi4wcHggSGVsdmV0aWNhOyBjb2xvcjogIzAwMDAwMDsg
+			LXdlYmtpdC10ZXh0LXN0cm9rZTogIzAwMDAwMH0Kc3Bhbi5zMSB7
+			Zm9udC1rZXJuaW5nOiBub25lfQo8L3N0eWxlPgo8L2hlYWQ+Cjxi
+			b2R5Pgo8cCBjbGFzcz0icDEiPjxzcGFuIGNsYXNzPSJzMSI+WmVy
+			b1RpZXIgT25lIC0gTmV0d29yayBWaXJ0dWFsaXphdGlvbiBFdmVy
+			eXdoZXJlPC9zcGFuPjwvcD4KPHAgY2xhc3M9InAxIj48c3BhbiBj
+			bGFzcz0iczEiPihjKTIwMTEtMjAxNiBaZXJvVGllciwgSW5jLjwv
+			c3Bhbj48L3A+CjxwIGNsYXNzPSJwMSI+PHNwYW4gY2xhc3M9InMx
+			Ij5jb250YWN0QHplcm90aWVyLmNvbTwvc3Bhbj48L3A+CjxwIGNs
+			YXNzPSJwMSI+PHNwYW4gY2xhc3M9InMxIj48YnI+Cjwvc3Bhbj48
+			L3A+CjxwIGNsYXNzPSJwMSI+PHNwYW4gY2xhc3M9InMxIj5UbyB1
+			bmluc3RhbGwgbWFudWFsbHksIHR5cGUgdGhlIGZvbGxvd2luZyBp
+			biBhIHRlcm1pbmFsIHdpbmRvdzo8L3NwYW4+PC9wPgo8cCBjbGFz
+			cz0icDEiPjxzcGFuIGNsYXNzPSJzMSI+PGJyPgo8L3NwYW4+PC9w
+			Pgo8cCBjbGFzcz0icDEiPjxzcGFuIGNsYXNzPSJzMSI+c3VkbyAi
+			L0xpYnJhcnkvQXBwbGljYXRpb24gU3VwcG9ydC9aZXJvVGllci9P
+			bmUvdW5pbnN0YWxsLnNoIjwvc3Bhbj48L3A+CjwvYm9keT4KPC9o
+			dG1sPgo=
+			</data>
+		</dict>
+		<key>PROJECT_SETTINGS</key>
+		<dict>
+			<key>BUILD_PATH</key>
+			<dict>
+				<key>PATH</key>
+				<string>../../..</string>
+				<key>PATH_TYPE</key>
+				<integer>1</integer>
+			</dict>
+			<key>EXCLUDED_FILES</key>
+			<array>
+				<dict>
+					<key>PATTERNS_ARRAY</key>
+					<array>
+						<dict>
+							<key>REGULAR_EXPRESSION</key>
+							<false/>
+							<key>STRING</key>
+							<string>.DS_Store</string>
+							<key>TYPE</key>
+							<integer>0</integer>
+						</dict>
+					</array>
+					<key>PROTECTED</key>
+					<true/>
+					<key>PROXY_NAME</key>
+					<string>Remove .DS_Store files</string>
+					<key>PROXY_TOOLTIP</key>
+					<string>Remove ".DS_Store" files created by the Finder.</string>
+					<key>STATE</key>
+					<true/>
+				</dict>
+				<dict>
+					<key>PATTERNS_ARRAY</key>
+					<array>
+						<dict>
+							<key>REGULAR_EXPRESSION</key>
+							<false/>
+							<key>STRING</key>
+							<string>.pbdevelopment</string>
+							<key>TYPE</key>
+							<integer>0</integer>
+						</dict>
+					</array>
+					<key>PROTECTED</key>
+					<true/>
+					<key>PROXY_NAME</key>
+					<string>Remove .pbdevelopment files</string>
+					<key>PROXY_TOOLTIP</key>
+					<string>Remove ".pbdevelopment" files created by ProjectBuilder or Xcode.</string>
+					<key>STATE</key>
+					<true/>
+				</dict>
+				<dict>
+					<key>PATTERNS_ARRAY</key>
+					<array>
+						<dict>
+							<key>REGULAR_EXPRESSION</key>
+							<false/>
+							<key>STRING</key>
+							<string>CVS</string>
+							<key>TYPE</key>
+							<integer>1</integer>
+						</dict>
+						<dict>
+							<key>REGULAR_EXPRESSION</key>
+							<false/>
+							<key>STRING</key>
+							<string>.cvsignore</string>
+							<key>TYPE</key>
+							<integer>0</integer>
+						</dict>
+						<dict>
+							<key>REGULAR_EXPRESSION</key>
+							<false/>
+							<key>STRING</key>
+							<string>.cvspass</string>
+							<key>TYPE</key>
+							<integer>0</integer>
+						</dict>
+						<dict>
+							<key>REGULAR_EXPRESSION</key>
+							<false/>
+							<key>STRING</key>
+							<string>.svn</string>
+							<key>TYPE</key>
+							<integer>1</integer>
+						</dict>
+						<dict>
+							<key>REGULAR_EXPRESSION</key>
+							<false/>
+							<key>STRING</key>
+							<string>.git</string>
+							<key>TYPE</key>
+							<integer>1</integer>
+						</dict>
+						<dict>
+							<key>REGULAR_EXPRESSION</key>
+							<false/>
+							<key>STRING</key>
+							<string>.gitignore</string>
+							<key>TYPE</key>
+							<integer>0</integer>
+						</dict>
+					</array>
+					<key>PROTECTED</key>
+					<true/>
+					<key>PROXY_NAME</key>
+					<string>Remove SCM metadata</string>
+					<key>PROXY_TOOLTIP</key>
+					<string>Remove helper files and folders used by the CVS, SVN or Git Source Code Management systems.</string>
+					<key>STATE</key>
+					<false/>
+				</dict>
+				<dict>
+					<key>PATTERNS_ARRAY</key>
+					<array>
+						<dict>
+							<key>REGULAR_EXPRESSION</key>
+							<false/>
+							<key>STRING</key>
+							<string>classes.nib</string>
+							<key>TYPE</key>
+							<integer>0</integer>
+						</dict>
+						<dict>
+							<key>REGULAR_EXPRESSION</key>
+							<false/>
+							<key>STRING</key>
+							<string>designable.db</string>
+							<key>TYPE</key>
+							<integer>0</integer>
+						</dict>
+						<dict>
+							<key>REGULAR_EXPRESSION</key>
+							<false/>
+							<key>STRING</key>
+							<string>info.nib</string>
+							<key>TYPE</key>
+							<integer>0</integer>
+						</dict>
+					</array>
+					<key>PROTECTED</key>
+					<true/>
+					<key>PROXY_NAME</key>
+					<string>Optimize nib files</string>
+					<key>PROXY_TOOLTIP</key>
+					<string>Remove "classes.nib", "info.nib" and "designable.nib" files within .nib bundles.</string>
+					<key>STATE</key>
+					<false/>
+				</dict>
+				<dict>
+					<key>PATTERNS_ARRAY</key>
+					<array>
+						<dict>
+							<key>REGULAR_EXPRESSION</key>
+							<false/>
+							<key>STRING</key>
+							<string>Resources Disabled</string>
+							<key>TYPE</key>
+							<integer>1</integer>
+						</dict>
+					</array>
+					<key>PROTECTED</key>
+					<true/>
+					<key>PROXY_NAME</key>
+					<string>Remove Resources Disabled folders</string>
+					<key>PROXY_TOOLTIP</key>
+					<string>Remove "Resources Disabled" folders.</string>
+					<key>STATE</key>
+					<false/>
+				</dict>
+				<dict>
+					<key>SEPARATOR</key>
+					<true/>
+				</dict>
+			</array>
+			<key>NAME</key>
+			<string>ZeroTier One</string>
+		</dict>
+	</dict>
+	<key>TYPE</key>
+	<integer>1</integer>
+	<key>VERSION</key>
+	<integer>2</integer>
+</dict>
+</plist>
diff --git a/ext/installfiles/mac/com.zerotier.one.plist b/ext/installfiles/mac/com.zerotier.one.plist
new file mode 100644
index 0000000..e3c227d
--- /dev/null
+++ b/ext/installfiles/mac/com.zerotier.one.plist
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>Label</key>
+	<string>com.zerotier.one</string>
+	<key>UserName</key>
+	<string>root</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>/Library/Application Support/ZeroTier/One/launch.sh</string>
+	</array>
+	<key>WorkingDirectory</key>
+	<string>/Library/Application Support/ZeroTier/One</string>
+	<key>StandardOutPath</key>
+	<string>/dev/null</string>
+	<key>StandardErrorPath</key>
+	<string>/dev/null</string>
+	<key>KeepAlive</key>
+	<true/>
+</dict>
+</plist>
diff --git a/ext/installfiles/mac/get-proxy-settings.sh b/ext/installfiles/mac/get-proxy-settings.sh
new file mode 100755
index 0000000..16ba0b4
--- /dev/null
+++ b/ext/installfiles/mac/get-proxy-settings.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+# Outputs host and port for system HTTP proxy or zeroes if none or not
+# configured.
+
+export PATH=/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin
+
+enabled=`system_profiler SPNetworkDataType|grep "HTTP Proxy Enabled"|awk {'sub(/^.*:[ \t]*/, "", $0); print $0;'} 2>/dev/null`
+port=`system_profiler SPNetworkDataType|grep "HTTP Proxy Port"|awk {'sub(/^.*:[ \t]*/, "", $0); print $0;'} 2>/dev/null`
+serv=`system_profiler SPNetworkDataType|grep "HTTP Proxy Server"|awk {'sub(/^.*:[ \t]*/, "", $0); print $0;'} 2>/dev/null`
+
+if [ "$enabled" = "Yes" ]; then
+	if [ "$serv" ]; then
+		if [ ! "$port" ]; then
+			port=80
+		fi
+
+		echo $serv $port
+	else
+		echo 0.0.0.0 0
+	fi
+else
+	echo 0.0.0.0 0
+fi
+
+exit 0
diff --git a/ext/installfiles/mac/launch.sh b/ext/installfiles/mac/launch.sh
new file mode 100755
index 0000000..41c4b9c
--- /dev/null
+++ b/ext/installfiles/mac/launch.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+zthome="/Library/Application Support/ZeroTier/One"
+export PATH="$zthome:/bin:/usr/bin:/sbin:/usr/sbin"
+
+# Launch ZeroTier One (not as daemon... launchd monitors it)
+exec zerotier-one
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/Info.plist b/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/Info.plist
new file mode 100644
index 0000000..c67923c
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/Info.plist	
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>BuildMachineOSBuild</key>
+	<string>15B42</string>
+	<key>CFBundleDevelopmentRegion</key>
+	<string>en</string>
+	<key>CFBundleExecutable</key>
+	<string>ZeroTier One</string>
+	<key>CFBundleIconFile</key>
+	<string>ZeroTierIcon</string>
+	<key>CFBundleIdentifier</key>
+	<string>com.zerotier.ZeroTier-One</string>
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+	<key>CFBundleName</key>
+	<string>ZeroTier One</string>
+	<key>CFBundlePackageType</key>
+	<string>APPL</string>
+	<key>CFBundleShortVersionString</key>
+	<string>1.0</string>
+	<key>CFBundleSignature</key>
+	<string>????</string>
+	<key>CFBundleSupportedPlatforms</key>
+	<array>
+		<string>MacOSX</string>
+	</array>
+	<key>CFBundleVersion</key>
+	<string>1</string>
+	<key>DTCompiler</key>
+	<string>com.apple.compilers.llvm.clang.1_0</string>
+	<key>DTPlatformBuild</key>
+	<string>7B1005</string>
+	<key>DTPlatformVersion</key>
+	<string>GM</string>
+	<key>DTSDKBuild</key>
+	<string>15A278</string>
+	<key>DTSDKName</key>
+	<string>macosx10.11</string>
+	<key>DTXcode</key>
+	<string>0711</string>
+	<key>DTXcodeBuild</key>
+	<string>7B1005</string>
+	<key>LSApplicationCategoryType</key>
+	<string>public.app-category.utilities</string>
+	<key>LSMinimumSystemVersion</key>
+	<string>10.7</string>
+	<key>NSAppTransportSecurity</key>
+	<dict>
+		<key>NSAllowsArbitraryLoads</key>
+		<true/>
+	</dict>
+	<key>NSMainNibFile</key>
+	<string>MainMenu</string>
+	<key>NSPrincipalClass</key>
+	<string>NSApplication</string>
+</dict>
+</plist>
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/MacOS/ZeroTier One b/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/MacOS/ZeroTier One
new file mode 100755
index 0000000..8e38b86
Binary files /dev/null and b/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/MacOS/ZeroTier One differ
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/PkgInfo b/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/PkgInfo
new file mode 100644
index 0000000..bd04210
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/PkgInfo	
@@ -0,0 +1 @@
+APPL????
\ No newline at end of file
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/Resources/ZeroTierIcon.icns b/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/Resources/ZeroTierIcon.icns
new file mode 100644
index 0000000..17e60d5
Binary files /dev/null and b/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/Resources/ZeroTierIcon.icns differ
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/Resources/en.lproj/Credits.rtf b/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/Resources/en.lproj/Credits.rtf
new file mode 100644
index 0000000..6f388f6
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/Resources/en.lproj/Credits.rtf	
@@ -0,0 +1,13 @@
+{\rtf1\ansi\ansicpg1252\cocoartf1347\cocoasubrtf570
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;}
+\vieww9600\viewh8400\viewkind0
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720
+
+\f0\b\fs24 \cf0 (c)2011-2015 ZeroTier, Inc.\
+Licensed under the GNU GPLv3\
+\
+UI Wrapper MacGap (c) Twitter, Inc.\
+Licensed under the MIT License\
+http://macgap.com/\
+}
\ No newline at end of file
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/Resources/en.lproj/InfoPlist.strings b/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/Resources/en.lproj/InfoPlist.strings
new file mode 100644
index 0000000..5e45963
Binary files /dev/null and b/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/Resources/en.lproj/InfoPlist.strings differ
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/Resources/en.lproj/MainMenu.nib b/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/Resources/en.lproj/MainMenu.nib
new file mode 100644
index 0000000..bac7faa
Binary files /dev/null and b/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/Resources/en.lproj/MainMenu.nib differ
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/Resources/en.lproj/Window.nib b/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/Resources/en.lproj/Window.nib
new file mode 100644
index 0000000..e7b174a
Binary files /dev/null and b/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/Resources/en.lproj/Window.nib differ
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/_CodeSignature/CodeResources b/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/_CodeSignature/CodeResources
new file mode 100644
index 0000000..5e334db
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/_CodeSignature/CodeResources	
@@ -0,0 +1,187 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>files</key>
+	<dict>
+		<key>Resources/ZeroTierIcon.icns</key>
+		<data>
+		430Gd+4+jnim7WxXEEugp6G+Tgk=
+		</data>
+		<key>Resources/en.lproj/Credits.rtf</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			ePttkAH2X1GJ6OL0UhDBAktxB3Y=
+			</data>
+			<key>optional</key>
+			<true/>
+		</dict>
+		<key>Resources/en.lproj/InfoPlist.strings</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			MiLKDDnrUKr4EmuvhS5VQwxHGK8=
+			</data>
+			<key>optional</key>
+			<true/>
+		</dict>
+		<key>Resources/en.lproj/MainMenu.nib</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			8JZXf4/3df3LD+o74Y8WM0dV8io=
+			</data>
+			<key>optional</key>
+			<true/>
+		</dict>
+		<key>Resources/en.lproj/Window.nib</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			aP0mIANPPnnTMmxYlELioz9ZO1I=
+			</data>
+			<key>optional</key>
+			<true/>
+		</dict>
+	</dict>
+	<key>files2</key>
+	<dict>
+		<key>Resources/ZeroTierIcon.icns</key>
+		<data>
+		430Gd+4+jnim7WxXEEugp6G+Tgk=
+		</data>
+		<key>Resources/en.lproj/Credits.rtf</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			ePttkAH2X1GJ6OL0UhDBAktxB3Y=
+			</data>
+			<key>optional</key>
+			<true/>
+		</dict>
+		<key>Resources/en.lproj/InfoPlist.strings</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			MiLKDDnrUKr4EmuvhS5VQwxHGK8=
+			</data>
+			<key>optional</key>
+			<true/>
+		</dict>
+		<key>Resources/en.lproj/MainMenu.nib</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			8JZXf4/3df3LD+o74Y8WM0dV8io=
+			</data>
+			<key>optional</key>
+			<true/>
+		</dict>
+		<key>Resources/en.lproj/Window.nib</key>
+		<dict>
+			<key>hash</key>
+			<data>
+			aP0mIANPPnnTMmxYlELioz9ZO1I=
+			</data>
+			<key>optional</key>
+			<true/>
+		</dict>
+	</dict>
+	<key>rules</key>
+	<dict>
+		<key>^Resources/</key>
+		<true/>
+		<key>^Resources/.*\.lproj/</key>
+		<dict>
+			<key>optional</key>
+			<true/>
+			<key>weight</key>
+			<real>1000</real>
+		</dict>
+		<key>^Resources/.*\.lproj/locversion.plist$</key>
+		<dict>
+			<key>omit</key>
+			<true/>
+			<key>weight</key>
+			<real>1100</real>
+		</dict>
+		<key>^version.plist$</key>
+		<true/>
+	</dict>
+	<key>rules2</key>
+	<dict>
+		<key>.*\.dSYM($|/)</key>
+		<dict>
+			<key>weight</key>
+			<real>11</real>
+		</dict>
+		<key>^(.*/)?\.DS_Store$</key>
+		<dict>
+			<key>omit</key>
+			<true/>
+			<key>weight</key>
+			<real>2000</real>
+		</dict>
+		<key>^(Frameworks|SharedFrameworks|PlugIns|Plug-ins|XPCServices|Helpers|MacOS|Library/(Automator|Spotlight|LoginItems))/</key>
+		<dict>
+			<key>nested</key>
+			<true/>
+			<key>weight</key>
+			<real>10</real>
+		</dict>
+		<key>^.*</key>
+		<true/>
+		<key>^Info\.plist$</key>
+		<dict>
+			<key>omit</key>
+			<true/>
+			<key>weight</key>
+			<real>20</real>
+		</dict>
+		<key>^PkgInfo$</key>
+		<dict>
+			<key>omit</key>
+			<true/>
+			<key>weight</key>
+			<real>20</real>
+		</dict>
+		<key>^Resources/</key>
+		<dict>
+			<key>weight</key>
+			<real>20</real>
+		</dict>
+		<key>^Resources/.*\.lproj/</key>
+		<dict>
+			<key>optional</key>
+			<true/>
+			<key>weight</key>
+			<real>1000</real>
+		</dict>
+		<key>^Resources/.*\.lproj/locversion.plist$</key>
+		<dict>
+			<key>omit</key>
+			<true/>
+			<key>weight</key>
+			<real>1100</real>
+		</dict>
+		<key>^[^/]+$</key>
+		<dict>
+			<key>nested</key>
+			<true/>
+			<key>weight</key>
+			<real>10</real>
+		</dict>
+		<key>^embedded\.provisionprofile$</key>
+		<dict>
+			<key>weight</key>
+			<real>20</real>
+		</dict>
+		<key>^version\.plist$</key>
+		<dict>
+			<key>weight</key>
+			<real>20</real>
+		</dict>
+	</dict>
+</dict>
+</plist>
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/LICENSE b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/LICENSE
new file mode 100644
index 0000000..c7fd4a4
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/LICENSE
@@ -0,0 +1,25 @@
+MacGap was ported from phonegap-mac, and is under the same license (MIT)
+
+The MIT License
+*****************
+
+Copyright (c) <2012> <Nitobi Software Inc., et. al., >
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.
+ 
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap.xcodeproj/project.pbxproj b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap.xcodeproj/project.pbxproj
new file mode 100644
index 0000000..775c596
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap.xcodeproj/project.pbxproj
@@ -0,0 +1,489 @@
+// !$*UTF8*$!
+{
+	archiveVersion = 1;
+	classes = {
+	};
+	objectVersion = 46;
+	objects = {
+
+/* Begin PBXBuildFile section */
+		1495814F15C15CCC00E1CFE5 /* Notice.m in Sources */ = {isa = PBXBuildFile; fileRef = 1495814E15C15CCC00E1CFE5 /* Notice.m */; };
+		6F169DA718CC332E005EDDF3 /* Command.m in Sources */ = {isa = PBXBuildFile; fileRef = 6F169DA618CC332E005EDDF3 /* Command.m */; };
+		6F169DAA18CC35FD005EDDF3 /* CallbackDelegate.m in Sources */ = {isa = PBXBuildFile; fileRef = 6F169DA918CC35FD005EDDF3 /* CallbackDelegate.m */; };
+		6F169DAC18CD8A4A005EDDF3 /* JavaScriptCore.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 6F169DAB18CD8A4A005EDDF3 /* JavaScriptCore.framework */; };
+		6F169DB118CD906F005EDDF3 /* MenuItemProxy.m in Sources */ = {isa = PBXBuildFile; fileRef = 6F169DAE18CD906F005EDDF3 /* MenuItemProxy.m */; };
+		6F169DB218CD906F005EDDF3 /* MenuProxy.m in Sources */ = {isa = PBXBuildFile; fileRef = 6F169DB018CD906F005EDDF3 /* MenuProxy.m */; };
+		6FD672B618FE618E00C0DAAD /* UserDefaults.m in Sources */ = {isa = PBXBuildFile; fileRef = 6FD672B518FE618E00C0DAAD /* UserDefaults.m */; };
+		6FD6E4ED18C2D48C00DFFBE6 /* fonts.m in Sources */ = {isa = PBXBuildFile; fileRef = 6FD6E4EC18C2D48C00DFFBE6 /* fonts.m */; };
+		88746BEE14CCA435001E160E /* JSEventHelper.m in Sources */ = {isa = PBXBuildFile; fileRef = 88746BED14CCA435001E160E /* JSEventHelper.m */; };
+		88C0646014BDE10A00E4BCE2 /* Window.m in Sources */ = {isa = PBXBuildFile; fileRef = 88C0645F14BDE10A00E4BCE2 /* Window.m */; };
+		88C0646614BDEC5800E4BCE2 /* Window.xib in Resources */ = {isa = PBXBuildFile; fileRef = 88C0646414BDEC5800E4BCE2 /* Window.xib */; };
+		88C0646D14BDF6A600E4BCE2 /* WindowController.m in Sources */ = {isa = PBXBuildFile; fileRef = 88C0646C14BDF6A600E4BCE2 /* WindowController.m */; };
+		C14EFCA71B0986AF00894B5F /* ZeroTierIcon.icns in Resources */ = {isa = PBXBuildFile; fileRef = C14EFCA61B0986AF00894B5F /* ZeroTierIcon.icns */; };
+		C1C2B9911AFB0CF10060D7C2 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = C1C2B9901AFB0CF10060D7C2 /* Security.framework */; };
+		F2B80016179E0FC100B069A8 /* Clipboard.m in Sources */ = {isa = PBXBuildFile; fileRef = F2B80015179E0FC100B069A8 /* Clipboard.m */; };
+		FA32509D14BA813600BF0781 /* WebKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = FA32509C14BA813600BF0781 /* WebKit.framework */; };
+		FA3250C314BA85E700BF0781 /* ContentView.m in Sources */ = {isa = PBXBuildFile; fileRef = FA3250BC14BA85E700BF0781 /* ContentView.m */; };
+		FA3250C514BA85E700BF0781 /* Utils.m in Sources */ = {isa = PBXBuildFile; fileRef = FA3250BE14BA85E700BF0781 /* Utils.m */; };
+		FA3250C714BA85E700BF0781 /* WebViewDelegate.m in Sources */ = {isa = PBXBuildFile; fileRef = FA3250C014BA85E700BF0781 /* WebViewDelegate.m */; };
+		FA3250D314BA860800BF0781 /* App.m in Sources */ = {isa = PBXBuildFile; fileRef = FA3250C914BA860800BF0781 /* App.m */; };
+		FA3250D514BA860800BF0781 /* Dock.m in Sources */ = {isa = PBXBuildFile; fileRef = FA3250CB14BA860800BF0781 /* Dock.m */; };
+		FA3250D914BA860800BF0781 /* Path.m in Sources */ = {isa = PBXBuildFile; fileRef = FA3250CF14BA860800BF0781 /* Path.m */; };
+		FA3250DB14BA860800BF0781 /* Sound.m in Sources */ = {isa = PBXBuildFile; fileRef = FA3250D114BA860800BF0781 /* Sound.m */; };
+		FA3F7742168F70790027B324 /* Cocoa.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = FA3F7741168F70780027B324 /* Cocoa.framework */; };
+		FAE451C914BA79C600190544 /* InfoPlist.strings in Resources */ = {isa = PBXBuildFile; fileRef = FAE451C714BA79C600190544 /* InfoPlist.strings */; };
+		FAE451CB14BA79C600190544 /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = FAE451CA14BA79C600190544 /* main.m */; };
+		FAE451CF14BA79C600190544 /* Credits.rtf in Resources */ = {isa = PBXBuildFile; fileRef = FAE451CD14BA79C600190544 /* Credits.rtf */; };
+		FAE451D214BA79C600190544 /* AppDelegate.m in Sources */ = {isa = PBXBuildFile; fileRef = FAE451D114BA79C600190544 /* AppDelegate.m */; };
+		FAE451D514BA79C600190544 /* MainMenu.xib in Resources */ = {isa = PBXBuildFile; fileRef = FAE451D314BA79C600190544 /* MainMenu.xib */; };
+/* End PBXBuildFile section */
+
+/* Begin PBXCopyFilesBuildPhase section */
+		FA3250DD14BA876F00BF0781 /* CopyFiles */ = {
+			isa = PBXCopyFilesBuildPhase;
+			buildActionMask = 2147483647;
+			dstPath = "";
+			dstSubfolderSpec = 10;
+			files = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXCopyFilesBuildPhase section */
+
+/* Begin PBXFileReference section */
+		1495814D15C15CCC00E1CFE5 /* Notice.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Notice.h; path = Classes/Commands/Notice.h; sourceTree = "<group>"; };
+		1495814E15C15CCC00E1CFE5 /* Notice.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = Notice.m; path = Classes/Commands/Notice.m; sourceTree = "<group>"; };
+		6F169DA518CC332E005EDDF3 /* Command.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Command.h; path = Classes/Commands/Command.h; sourceTree = "<group>"; };
+		6F169DA618CC332E005EDDF3 /* Command.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = Command.m; path = Classes/Commands/Command.m; sourceTree = "<group>"; };
+		6F169DA818CC35FD005EDDF3 /* CallbackDelegate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CallbackDelegate.h; path = Classes/CallbackDelegate.h; sourceTree = "<group>"; };
+		6F169DA918CC35FD005EDDF3 /* CallbackDelegate.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = CallbackDelegate.m; path = Classes/CallbackDelegate.m; sourceTree = "<group>"; };
+		6F169DAB18CD8A4A005EDDF3 /* JavaScriptCore.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = JavaScriptCore.framework; path = System/Library/Frameworks/JavaScriptCore.framework; sourceTree = SDKROOT; };
+		6F169DAD18CD906F005EDDF3 /* MenuItemProxy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = MenuItemProxy.h; path = Classes/Commands/MenuItemProxy.h; sourceTree = "<group>"; };
+		6F169DAE18CD906F005EDDF3 /* MenuItemProxy.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = MenuItemProxy.m; path = Classes/Commands/MenuItemProxy.m; sourceTree = "<group>"; };
+		6F169DAF18CD906F005EDDF3 /* MenuProxy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = MenuProxy.h; path = Classes/Commands/MenuProxy.h; sourceTree = "<group>"; };
+		6F169DB018CD906F005EDDF3 /* MenuProxy.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = MenuProxy.m; path = Classes/Commands/MenuProxy.m; sourceTree = "<group>"; };
+		6FD672B418FE618E00C0DAAD /* UserDefaults.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = UserDefaults.h; path = Classes/Commands/UserDefaults.h; sourceTree = "<group>"; };
+		6FD672B518FE618E00C0DAAD /* UserDefaults.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = UserDefaults.m; path = Classes/Commands/UserDefaults.m; sourceTree = "<group>"; };
+		6FD6E4EB18C2D48200DFFBE6 /* fonts.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = fonts.h; path = Classes/Commands/fonts.h; sourceTree = "<group>"; };
+		6FD6E4EC18C2D48C00DFFBE6 /* fonts.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = fonts.m; path = Classes/Commands/fonts.m; sourceTree = "<group>"; };
+		88746BEC14CCA435001E160E /* JSEventHelper.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = JSEventHelper.h; path = Classes/JSEventHelper.h; sourceTree = "<group>"; };
+		88746BED14CCA435001E160E /* JSEventHelper.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = JSEventHelper.m; path = Classes/JSEventHelper.m; sourceTree = "<group>"; };
+		88C0645E14BDE10A00E4BCE2 /* Window.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Window.h; path = Classes/Window.h; sourceTree = "<group>"; };
+		88C0645F14BDE10A00E4BCE2 /* Window.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = Window.m; path = Classes/Window.m; sourceTree = "<group>"; };
+		88C0646514BDEC5800E4BCE2 /* en */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = en; path = en.lproj/Window.xib; sourceTree = "<group>"; };
+		88C0646B14BDF6A600E4BCE2 /* WindowController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WindowController.h; sourceTree = "<group>"; };
+		88C0646C14BDF6A600E4BCE2 /* WindowController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = WindowController.m; sourceTree = "<group>"; };
+		C14EFCA61B0986AF00894B5F /* ZeroTierIcon.icns */ = {isa = PBXFileReference; lastKnownFileType = image.icns; name = ZeroTierIcon.icns; path = ../../../../artwork/ZeroTierIcon.icns; sourceTree = "<group>"; };
+		C1C2B9901AFB0CF10060D7C2 /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = System/Library/Frameworks/Security.framework; sourceTree = SDKROOT; };
+		F2B80014179E0FC100B069A8 /* Clipboard.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Clipboard.h; sourceTree = "<group>"; };
+		F2B80015179E0FC100B069A8 /* Clipboard.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = Clipboard.m; sourceTree = "<group>"; };
+		FA32509C14BA813600BF0781 /* WebKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = WebKit.framework; path = System/Library/Frameworks/WebKit.framework; sourceTree = SDKROOT; };
+		FA3250BA14BA85E700BF0781 /* Constants.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = Constants.h; path = Classes/Constants.h; sourceTree = "<group>"; };
+		FA3250BB14BA85E700BF0781 /* ContentView.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = ContentView.h; path = Classes/ContentView.h; sourceTree = "<group>"; };
+		FA3250BC14BA85E700BF0781 /* ContentView.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = ContentView.m; path = Classes/ContentView.m; sourceTree = "<group>"; };
+		FA3250BD14BA85E700BF0781 /* Utils.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = Utils.h; path = Classes/Utils.h; sourceTree = "<group>"; };
+		FA3250BE14BA85E700BF0781 /* Utils.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = Utils.m; path = Classes/Utils.m; sourceTree = "<group>"; };
+		FA3250BF14BA85E700BF0781 /* WebViewDelegate.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = WebViewDelegate.h; path = Classes/WebViewDelegate.h; sourceTree = "<group>"; };
+		FA3250C014BA85E700BF0781 /* WebViewDelegate.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = WebViewDelegate.m; path = Classes/WebViewDelegate.m; sourceTree = "<group>"; };
+		FA3250C814BA860800BF0781 /* App.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = App.h; path = Classes/Commands/App.h; sourceTree = "<group>"; };
+		FA3250C914BA860800BF0781 /* App.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = App.m; path = Classes/Commands/App.m; sourceTree = "<group>"; };
+		FA3250CA14BA860800BF0781 /* Dock.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = Dock.h; path = Classes/Commands/Dock.h; sourceTree = "<group>"; };
+		FA3250CB14BA860800BF0781 /* Dock.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = Dock.m; path = Classes/Commands/Dock.m; sourceTree = "<group>"; };
+		FA3250CE14BA860800BF0781 /* Path.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = Path.h; path = Classes/Commands/Path.h; sourceTree = "<group>"; };
+		FA3250CF14BA860800BF0781 /* Path.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = Path.m; path = Classes/Commands/Path.m; sourceTree = "<group>"; };
+		FA3250D014BA860800BF0781 /* Sound.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = Sound.h; path = Classes/Commands/Sound.h; sourceTree = "<group>"; };
+		FA3250D114BA860800BF0781 /* Sound.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = Sound.m; path = Classes/Commands/Sound.m; sourceTree = "<group>"; };
+		FA3F7741168F70780027B324 /* Cocoa.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Cocoa.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.8.sdk/System/Library/Frameworks/Cocoa.framework; sourceTree = DEVELOPER_DIR; };
+		FAE451BA14BA79C600190544 /* ZeroTier One.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = "ZeroTier One.app"; sourceTree = BUILT_PRODUCTS_DIR; };
+		FAE451BE14BA79C600190544 /* Cocoa.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Cocoa.framework; path = System/Library/Frameworks/Cocoa.framework; sourceTree = SDKROOT; };
+		FAE451C114BA79C600190544 /* AppKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AppKit.framework; path = System/Library/Frameworks/AppKit.framework; sourceTree = SDKROOT; };
+		FAE451C214BA79C600190544 /* CoreData.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreData.framework; path = System/Library/Frameworks/CoreData.framework; sourceTree = SDKROOT; };
+		FAE451C314BA79C600190544 /* Foundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Foundation.framework; path = System/Library/Frameworks/Foundation.framework; sourceTree = SDKROOT; };
+		FAE451C614BA79C600190544 /* MacGap-Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "MacGap-Info.plist"; sourceTree = "<group>"; };
+		FAE451C814BA79C600190544 /* en */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = en; path = en.lproj/InfoPlist.strings; sourceTree = "<group>"; };
+		FAE451CA14BA79C600190544 /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = "<group>"; };
+		FAE451CC14BA79C600190544 /* MacGap-Prefix.pch */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "MacGap-Prefix.pch"; sourceTree = "<group>"; };
+		FAE451CE14BA79C600190544 /* en */ = {isa = PBXFileReference; lastKnownFileType = text.rtf; name = en; path = en.lproj/Credits.rtf; sourceTree = "<group>"; };
+		FAE451D014BA79C600190544 /* AppDelegate.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = AppDelegate.h; sourceTree = "<group>"; };
+		FAE451D114BA79C600190544 /* AppDelegate.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = AppDelegate.m; sourceTree = "<group>"; };
+		FAE451D414BA79C600190544 /* en */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = en; path = en.lproj/MainMenu.xib; sourceTree = "<group>"; };
+/* End PBXFileReference section */
+
+/* Begin PBXFrameworksBuildPhase section */
+		FAE451B714BA79C600190544 /* Frameworks */ = {
+			isa = PBXFrameworksBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				C1C2B9911AFB0CF10060D7C2 /* Security.framework in Frameworks */,
+				6F169DAC18CD8A4A005EDDF3 /* JavaScriptCore.framework in Frameworks */,
+				FA3F7742168F70790027B324 /* Cocoa.framework in Frameworks */,
+				FA32509D14BA813600BF0781 /* WebKit.framework in Frameworks */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXFrameworksBuildPhase section */
+
+/* Begin PBXGroup section */
+		FA3250E014BA87B800BF0781 /* Classes */ = {
+			isa = PBXGroup;
+			children = (
+				FA3250E114BA87DD00BF0781 /* Commands */,
+				FA3250BA14BA85E700BF0781 /* Constants.h */,
+				6F169DA818CC35FD005EDDF3 /* CallbackDelegate.h */,
+				6F169DA918CC35FD005EDDF3 /* CallbackDelegate.m */,
+				FA3250BB14BA85E700BF0781 /* ContentView.h */,
+				FA3250BC14BA85E700BF0781 /* ContentView.m */,
+				FA3250BF14BA85E700BF0781 /* WebViewDelegate.h */,
+				FA3250C014BA85E700BF0781 /* WebViewDelegate.m */,
+				88C0646B14BDF6A600E4BCE2 /* WindowController.h */,
+				88C0646C14BDF6A600E4BCE2 /* WindowController.m */,
+			);
+			name = Classes;
+			sourceTree = "<group>";
+		};
+		FA3250E114BA87DD00BF0781 /* Commands */ = {
+			isa = PBXGroup;
+			children = (
+				6F169DA518CC332E005EDDF3 /* Command.h */,
+				6F169DA618CC332E005EDDF3 /* Command.m */,
+				1495814D15C15CCC00E1CFE5 /* Notice.h */,
+				1495814E15C15CCC00E1CFE5 /* Notice.m */,
+				FA3250CA14BA860800BF0781 /* Dock.h */,
+				FA3250CB14BA860800BF0781 /* Dock.m */,
+				6FD6E4EB18C2D48200DFFBE6 /* fonts.h */,
+				6FD6E4EC18C2D48C00DFFBE6 /* fonts.m */,
+				FA3250BD14BA85E700BF0781 /* Utils.h */,
+				FA3250BE14BA85E700BF0781 /* Utils.m */,
+				6FD672B418FE618E00C0DAAD /* UserDefaults.h */,
+				6FD672B518FE618E00C0DAAD /* UserDefaults.m */,
+				FA3250CE14BA860800BF0781 /* Path.h */,
+				FA3250CF14BA860800BF0781 /* Path.m */,
+				FA3250D014BA860800BF0781 /* Sound.h */,
+				FA3250D114BA860800BF0781 /* Sound.m */,
+				FA3250C814BA860800BF0781 /* App.h */,
+				FA3250C914BA860800BF0781 /* App.m */,
+				6F169DAD18CD906F005EDDF3 /* MenuItemProxy.h */,
+				6F169DAE18CD906F005EDDF3 /* MenuItemProxy.m */,
+				6F169DAF18CD906F005EDDF3 /* MenuProxy.h */,
+				6F169DB018CD906F005EDDF3 /* MenuProxy.m */,
+				88C0645E14BDE10A00E4BCE2 /* Window.h */,
+				88C0645F14BDE10A00E4BCE2 /* Window.m */,
+				88746BEC14CCA435001E160E /* JSEventHelper.h */,
+				88746BED14CCA435001E160E /* JSEventHelper.m */,
+				F2B80014179E0FC100B069A8 /* Clipboard.h */,
+				F2B80015179E0FC100B069A8 /* Clipboard.m */,
+			);
+			name = Commands;
+			sourceTree = "<group>";
+		};
+		FAE451AF14BA79C600190544 = {
+			isa = PBXGroup;
+			children = (
+				FA3F7741168F70780027B324 /* Cocoa.framework */,
+				FAE451C414BA79C600190544 /* MacGap */,
+				FAE451BD14BA79C600190544 /* Frameworks */,
+				FAE451BB14BA79C600190544 /* Products */,
+			);
+			sourceTree = "<group>";
+		};
+		FAE451BB14BA79C600190544 /* Products */ = {
+			isa = PBXGroup;
+			children = (
+				FAE451BA14BA79C600190544 /* ZeroTier One.app */,
+			);
+			name = Products;
+			sourceTree = "<group>";
+		};
+		FAE451BD14BA79C600190544 /* Frameworks */ = {
+			isa = PBXGroup;
+			children = (
+				C1C2B9901AFB0CF10060D7C2 /* Security.framework */,
+				6F169DAB18CD8A4A005EDDF3 /* JavaScriptCore.framework */,
+				FA32509C14BA813600BF0781 /* WebKit.framework */,
+				FAE451BE14BA79C600190544 /* Cocoa.framework */,
+				FAE451C014BA79C600190544 /* Other Frameworks */,
+			);
+			name = Frameworks;
+			sourceTree = "<group>";
+		};
+		FAE451C014BA79C600190544 /* Other Frameworks */ = {
+			isa = PBXGroup;
+			children = (
+				FAE451C114BA79C600190544 /* AppKit.framework */,
+				FAE451C214BA79C600190544 /* CoreData.framework */,
+				FAE451C314BA79C600190544 /* Foundation.framework */,
+			);
+			name = "Other Frameworks";
+			sourceTree = "<group>";
+		};
+		FAE451C414BA79C600190544 /* MacGap */ = {
+			isa = PBXGroup;
+			children = (
+				FA3250E014BA87B800BF0781 /* Classes */,
+				FAE451D014BA79C600190544 /* AppDelegate.h */,
+				FAE451D114BA79C600190544 /* AppDelegate.m */,
+				C14EFCA61B0986AF00894B5F /* ZeroTierIcon.icns */,
+				FAE451D314BA79C600190544 /* MainMenu.xib */,
+				88C0646414BDEC5800E4BCE2 /* Window.xib */,
+				FAE451C514BA79C600190544 /* Supporting Files */,
+			);
+			path = MacGap;
+			sourceTree = "<group>";
+		};
+		FAE451C514BA79C600190544 /* Supporting Files */ = {
+			isa = PBXGroup;
+			children = (
+				FAE451C614BA79C600190544 /* MacGap-Info.plist */,
+				FAE451C714BA79C600190544 /* InfoPlist.strings */,
+				FAE451CA14BA79C600190544 /* main.m */,
+				FAE451CC14BA79C600190544 /* MacGap-Prefix.pch */,
+				FAE451CD14BA79C600190544 /* Credits.rtf */,
+			);
+			name = "Supporting Files";
+			sourceTree = "<group>";
+		};
+/* End PBXGroup section */
+
+/* Begin PBXNativeTarget section */
+		FAE451B914BA79C600190544 /* MacGap */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = FAE451D814BA79C600190544 /* Build configuration list for PBXNativeTarget "MacGap" */;
+			buildPhases = (
+				FAE451B814BA79C600190544 /* Resources */,
+				FAE451B614BA79C600190544 /* Sources */,
+				FAE451B714BA79C600190544 /* Frameworks */,
+				FA3250DD14BA876F00BF0781 /* CopyFiles */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+			);
+			name = MacGap;
+			productName = MacGap;
+			productReference = FAE451BA14BA79C600190544 /* ZeroTier One.app */;
+			productType = "com.apple.product-type.application";
+		};
+/* End PBXNativeTarget section */
+
+/* Begin PBXProject section */
+		FAE451B114BA79C600190544 /* Project object */ = {
+			isa = PBXProject;
+			attributes = {
+				LastUpgradeCheck = 0710;
+				ORGANIZATIONNAME = Twitter;
+			};
+			buildConfigurationList = FAE451B414BA79C600190544 /* Build configuration list for PBXProject "MacGap" */;
+			compatibilityVersion = "Xcode 3.2";
+			developmentRegion = English;
+			hasScannedForEncodings = 0;
+			knownRegions = (
+				en,
+			);
+			mainGroup = FAE451AF14BA79C600190544;
+			productRefGroup = FAE451BB14BA79C600190544 /* Products */;
+			projectDirPath = "";
+			projectRoot = "";
+			targets = (
+				FAE451B914BA79C600190544 /* MacGap */,
+			);
+		};
+/* End PBXProject section */
+
+/* Begin PBXResourcesBuildPhase section */
+		FAE451B814BA79C600190544 /* Resources */ = {
+			isa = PBXResourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				C14EFCA71B0986AF00894B5F /* ZeroTierIcon.icns in Resources */,
+				FAE451C914BA79C600190544 /* InfoPlist.strings in Resources */,
+				FAE451CF14BA79C600190544 /* Credits.rtf in Resources */,
+				FAE451D514BA79C600190544 /* MainMenu.xib in Resources */,
+				88C0646614BDEC5800E4BCE2 /* Window.xib in Resources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXResourcesBuildPhase section */
+
+/* Begin PBXSourcesBuildPhase section */
+		FAE451B614BA79C600190544 /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				6F169DAA18CC35FD005EDDF3 /* CallbackDelegate.m in Sources */,
+				FA3250D314BA860800BF0781 /* App.m in Sources */,
+				FA3250D514BA860800BF0781 /* Dock.m in Sources */,
+				FA3250D914BA860800BF0781 /* Path.m in Sources */,
+				FA3250DB14BA860800BF0781 /* Sound.m in Sources */,
+				FA3250C314BA85E700BF0781 /* ContentView.m in Sources */,
+				FA3250C514BA85E700BF0781 /* Utils.m in Sources */,
+				FA3250C714BA85E700BF0781 /* WebViewDelegate.m in Sources */,
+				FAE451CB14BA79C600190544 /* main.m in Sources */,
+				6F169DB118CD906F005EDDF3 /* MenuItemProxy.m in Sources */,
+				FAE451D214BA79C600190544 /* AppDelegate.m in Sources */,
+				6F169DA718CC332E005EDDF3 /* Command.m in Sources */,
+				6FD672B618FE618E00C0DAAD /* UserDefaults.m in Sources */,
+				88C0646014BDE10A00E4BCE2 /* Window.m in Sources */,
+				6F169DB218CD906F005EDDF3 /* MenuProxy.m in Sources */,
+				88C0646D14BDF6A600E4BCE2 /* WindowController.m in Sources */,
+				6FD6E4ED18C2D48C00DFFBE6 /* fonts.m in Sources */,
+				88746BEE14CCA435001E160E /* JSEventHelper.m in Sources */,
+				1495814F15C15CCC00E1CFE5 /* Notice.m in Sources */,
+				F2B80016179E0FC100B069A8 /* Clipboard.m in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXSourcesBuildPhase section */
+
+/* Begin PBXVariantGroup section */
+		88C0646414BDEC5800E4BCE2 /* Window.xib */ = {
+			isa = PBXVariantGroup;
+			children = (
+				88C0646514BDEC5800E4BCE2 /* en */,
+			);
+			name = Window.xib;
+			sourceTree = "<group>";
+		};
+		FAE451C714BA79C600190544 /* InfoPlist.strings */ = {
+			isa = PBXVariantGroup;
+			children = (
+				FAE451C814BA79C600190544 /* en */,
+			);
+			name = InfoPlist.strings;
+			sourceTree = "<group>";
+		};
+		FAE451CD14BA79C600190544 /* Credits.rtf */ = {
+			isa = PBXVariantGroup;
+			children = (
+				FAE451CE14BA79C600190544 /* en */,
+			);
+			name = Credits.rtf;
+			sourceTree = "<group>";
+		};
+		FAE451D314BA79C600190544 /* MainMenu.xib */ = {
+			isa = PBXVariantGroup;
+			children = (
+				FAE451D414BA79C600190544 /* en */,
+			);
+			name = MainMenu.xib;
+			sourceTree = "<group>";
+		};
+/* End PBXVariantGroup section */
+
+/* Begin XCBuildConfiguration section */
+		FAE451D614BA79C600190544 /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				ALWAYS_SEARCH_USER_PATHS = NO;
+				CLANG_ENABLE_OBJC_ARC = YES;
+				COPY_PHASE_STRIP = NO;
+				ENABLE_TESTABILITY = YES;
+				GCC_C_LANGUAGE_STANDARD = gnu99;
+				GCC_DYNAMIC_NO_PIC = NO;
+				GCC_ENABLE_OBJC_EXCEPTIONS = YES;
+				GCC_OPTIMIZATION_LEVEL = 0;
+				GCC_PREPROCESSOR_DEFINITIONS = (
+					"DEBUG=1",
+					"$(inherited)",
+				);
+				GCC_SYMBOLS_PRIVATE_EXTERN = NO;
+				GCC_VERSION = "";
+				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
+				GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES;
+				GCC_WARN_ABOUT_RETURN_TYPE = YES;
+				GCC_WARN_UNUSED_VARIABLE = YES;
+				MACOSX_DEPLOYMENT_TARGET = 10.7;
+				ONLY_ACTIVE_ARCH = YES;
+				PRODUCT_NAME = "ZeroTier One";
+				SDKROOT = "";
+			};
+			name = Debug;
+		};
+		FAE451D714BA79C600190544 /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				ALWAYS_SEARCH_USER_PATHS = NO;
+				CLANG_ENABLE_OBJC_ARC = YES;
+				COPY_PHASE_STRIP = YES;
+				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
+				GCC_C_LANGUAGE_STANDARD = gnu99;
+				GCC_ENABLE_OBJC_EXCEPTIONS = YES;
+				GCC_VERSION = "";
+				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
+				GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES;
+				GCC_WARN_ABOUT_RETURN_TYPE = YES;
+				GCC_WARN_UNUSED_VARIABLE = YES;
+				MACOSX_DEPLOYMENT_TARGET = 10.7;
+				PRODUCT_NAME = "ZeroTier One";
+				SDKROOT = "";
+			};
+			name = Release;
+		};
+		FAE451D914BA79C600190544 /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				CLANG_CXX_LANGUAGE_STANDARD = "compiler-default";
+				CLANG_CXX_LIBRARY = "compiler-default";
+				COMBINE_HIDPI_IMAGES = YES;
+				FRAMEWORK_SEARCH_PATHS = (
+					"$(inherited)",
+					"\"$(SRCROOT)/MacGap\"",
+				);
+				GCC_PRECOMPILE_PREFIX_HEADER = YES;
+				GCC_PREFIX_HEADER = "MacGap/MacGap-Prefix.pch";
+				GCC_VERSION = "";
+				INFOPLIST_FILE = "MacGap/MacGap-Info.plist";
+				MACOSX_DEPLOYMENT_TARGET = 10.7;
+				PRODUCT_BUNDLE_IDENTIFIER = "com.zerotier.$(PRODUCT_NAME:rfc1034identifier)";
+				PRODUCT_NAME = "ZeroTier One";
+				SDKROOT = macosx;
+				WRAPPER_EXTENSION = app;
+			};
+			name = Debug;
+		};
+		FAE451DA14BA79C600190544 /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				CLANG_CXX_LANGUAGE_STANDARD = "compiler-default";
+				CLANG_CXX_LIBRARY = "compiler-default";
+				COMBINE_HIDPI_IMAGES = YES;
+				FRAMEWORK_SEARCH_PATHS = (
+					"$(inherited)",
+					"\"$(SRCROOT)/MacGap\"",
+				);
+				GCC_PRECOMPILE_PREFIX_HEADER = YES;
+				GCC_PREFIX_HEADER = "MacGap/MacGap-Prefix.pch";
+				GCC_VERSION = "";
+				INFOPLIST_FILE = "MacGap/MacGap-Info.plist";
+				MACOSX_DEPLOYMENT_TARGET = 10.7;
+				PRODUCT_BUNDLE_IDENTIFIER = "com.zerotier.$(PRODUCT_NAME:rfc1034identifier)";
+				PRODUCT_NAME = "ZeroTier One";
+				SDKROOT = macosx;
+				WRAPPER_EXTENSION = app;
+			};
+			name = Release;
+		};
+/* End XCBuildConfiguration section */
+
+/* Begin XCConfigurationList section */
+		FAE451B414BA79C600190544 /* Build configuration list for PBXProject "MacGap" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				FAE451D614BA79C600190544 /* Debug */,
+				FAE451D714BA79C600190544 /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		FAE451D814BA79C600190544 /* Build configuration list for PBXNativeTarget "MacGap" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				FAE451D914BA79C600190544 /* Debug */,
+				FAE451DA14BA79C600190544 /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+/* End XCConfigurationList section */
+	};
+	rootObject = FAE451B114BA79C600190544 /* Project object */;
+}
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap.xcodeproj/project.xcworkspace/contents.xcworkspacedata b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap.xcodeproj/project.xcworkspace/contents.xcworkspacedata
new file mode 100644
index 0000000..88f36fc
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap.xcodeproj/project.xcworkspace/contents.xcworkspacedata
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Workspace
+   version = "1.0">
+   <FileRef
+      location = "self:MacGap.xcodeproj">
+   </FileRef>
+</Workspace>
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap.xcodeproj/project.xcworkspace/xcshareddata/MacGap.xccheckout b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap.xcodeproj/project.xcworkspace/xcshareddata/MacGap.xccheckout
new file mode 100644
index 0000000..7fdde85
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap.xcodeproj/project.xcworkspace/xcshareddata/MacGap.xccheckout
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>IDESourceControlProjectFavoriteDictionaryKey</key>
+	<false/>
+	<key>IDESourceControlProjectIdentifier</key>
+	<string>4D486E78-E297-4CC3-AAAE-1A58EDAC87E6</string>
+	<key>IDESourceControlProjectName</key>
+	<string>MacGap</string>
+	<key>IDESourceControlProjectOriginsDictionary</key>
+	<dict>
+		<key>ABA3617E9F0148F844A82502F0D808DE6591AA97</key>
+		<string>http://adam.ierymenko@git.int.zerotier.com/zerotier/zerotierone</string>
+	</dict>
+	<key>IDESourceControlProjectPath</key>
+	<string>ext/mac-ui-macgap1-wrapper/src/MacGap.xcodeproj</string>
+	<key>IDESourceControlProjectRelativeInstallPathDictionary</key>
+	<dict>
+		<key>ABA3617E9F0148F844A82502F0D808DE6591AA97</key>
+		<string>../../../../..</string>
+	</dict>
+	<key>IDESourceControlProjectURL</key>
+	<string>http://adam.ierymenko@git.int.zerotier.com/zerotier/zerotierone</string>
+	<key>IDESourceControlProjectVersion</key>
+	<integer>111</integer>
+	<key>IDESourceControlProjectWCCIdentifier</key>
+	<string>ABA3617E9F0148F844A82502F0D808DE6591AA97</string>
+	<key>IDESourceControlProjectWCConfigurations</key>
+	<array>
+		<dict>
+			<key>IDESourceControlRepositoryExtensionIdentifierKey</key>
+			<string>public.vcs.git</string>
+			<key>IDESourceControlWCCIdentifierKey</key>
+			<string>ABA3617E9F0148F844A82502F0D808DE6591AA97</string>
+			<key>IDESourceControlWCCName</key>
+			<string>ZeroTierOne</string>
+		</dict>
+	</array>
+</dict>
+</plist>
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap.xcodeproj/project.xcworkspace/xcuserdata/Alex.xcuserdatad/UserInterfaceState.xcuserstate b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap.xcodeproj/project.xcworkspace/xcuserdata/Alex.xcuserdatad/UserInterfaceState.xcuserstate
new file mode 100644
index 0000000..2028181
Binary files /dev/null and b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap.xcodeproj/project.xcworkspace/xcuserdata/Alex.xcuserdatad/UserInterfaceState.xcuserstate differ
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap.xcodeproj/project.xcworkspace/xcuserdata/api.xcuserdatad/WorkspaceSettings.xcsettings b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap.xcodeproj/project.xcworkspace/xcuserdata/api.xcuserdatad/WorkspaceSettings.xcsettings
new file mode 100644
index 0000000..659c876
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap.xcodeproj/project.xcworkspace/xcuserdata/api.xcuserdatad/WorkspaceSettings.xcsettings
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>HasAskedToTakeAutomaticSnapshotBeforeSignificantChanges</key>
+	<true/>
+	<key>SnapshotAutomaticallyBeforeSignificantChanges</key>
+	<true/>
+</dict>
+</plist>
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap.xcodeproj/project.xcworkspace/xcuserdata/liamks.xcuserdatad/UserInterfaceState.xcuserstate b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap.xcodeproj/project.xcworkspace/xcuserdata/liamks.xcuserdatad/UserInterfaceState.xcuserstate
new file mode 100644
index 0000000..822ed3c
Binary files /dev/null and b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap.xcodeproj/project.xcworkspace/xcuserdata/liamks.xcuserdatad/UserInterfaceState.xcuserstate differ
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap.xcodeproj/project.xcworkspace/xcuserdata/liamks.xcuserdatad/WorkspaceSettings.xcsettings b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap.xcodeproj/project.xcworkspace/xcuserdata/liamks.xcuserdatad/WorkspaceSettings.xcsettings
new file mode 100644
index 0000000..6ff33e6
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap.xcodeproj/project.xcworkspace/xcuserdata/liamks.xcuserdatad/WorkspaceSettings.xcsettings
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>IDEWorkspaceUserSettings_HasAskedToTakeAutomaticSnapshotBeforeSignificantChanges</key>
+	<true/>
+	<key>IDEWorkspaceUserSettings_SnapshotAutomaticallyBeforeSignificantChanges</key>
+	<true/>
+</dict>
+</plist>
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/AppDelegate.h b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/AppDelegate.h
new file mode 100644
index 0000000..bf7370b
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/AppDelegate.h
@@ -0,0 +1,18 @@
+//
+//  AppDelegate.h
+//  MacGap
+//
+//  Created by Alex MacCaw on 08/01/2012.
+//  Copyright (c) 2012 Twitter. All rights reserved.
+//
+
+#import <Cocoa/Cocoa.h>
+#import "Classes/ContentView.h"
+
+#import "WindowController.h"
+
+@interface AppDelegate : NSObject <NSApplicationDelegate>
+
+@property (retain, nonatomic) WindowController *windowController;
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/AppDelegate.m b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/AppDelegate.m
new file mode 100644
index 0000000..45923bb
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/AppDelegate.m
@@ -0,0 +1,159 @@
+//
+//  AppDelegate.m
+//  MacGap
+//
+//  Created by Alex MacCaw on 08/01/2012.
+//  Copyright (c) 2012 Twitter. All rights reserved.
+//
+
+#import "AppDelegate.h"
+#include <sys/stat.h>
+#include <sys/types.h>
+
+@implementation AppDelegate
+
+@synthesize windowController;
+
+- (void) applicationWillFinishLaunching:(NSNotification *)aNotification
+{
+}
+
+-(BOOL)applicationShouldHandleReopen:(NSApplication*)application
+                   hasVisibleWindows:(BOOL)visibleWindows{
+    if(!visibleWindows){
+        [self.windowController.window makeKeyAndOrderFront: nil];
+    }
+    return YES;
+}
+
+- (BOOL)applicationShouldTerminateAfterLastWindowClosed:(NSApplication *)theApplication {
+    return YES;
+}
+
+- (void) applicationDidFinishLaunching:(NSNotification *)aNotification { 
+    char buf[16384],userAuthTokenPath[4096];
+    struct stat systemAuthTokenStat,userAuthTokenStat;
+
+    FILE *pf = fopen("/Library/Application Support/ZeroTier/One/zerotier-one.port","r");
+    long port = 9993; // default
+    if (pf) {
+        long n = fread(buf,1,sizeof(buf)-1,pf);
+        if (n > 0) {
+            buf[n] = (char)0;
+            port = strtol(buf,(char **)0,10);
+        }
+        fclose(pf);
+    }
+
+    char url[16384];
+    memset(url,0,sizeof(url));
+
+    const char *homeDir = getenv("HOME");
+    if (homeDir) {
+        snprintf(userAuthTokenPath,sizeof(userAuthTokenPath),"%s/Library/Application Support/ZeroTier/One/authtoken.secret",homeDir);
+
+        bool userAuthTokenOutOfDate = false;
+        memset(&systemAuthTokenStat,0,sizeof(systemAuthTokenStat));
+        memset(&userAuthTokenStat,0,sizeof(userAuthTokenStat));
+        if (stat("/Library/Application Support/ZeroTier/One/authtoken.secret",&systemAuthTokenStat) == 0) {
+            if (stat(userAuthTokenPath,&userAuthTokenStat) == 0) {
+                if (userAuthTokenStat.st_mtimespec.tv_sec < systemAuthTokenStat.st_mtimespec.tv_sec)
+                    userAuthTokenOutOfDate = true;
+            }
+        }
+
+        if (!userAuthTokenOutOfDate) {
+            pf = fopen(userAuthTokenPath,"r");
+            if (pf) {
+                long n = fread(buf,1,sizeof(buf)-1,pf);
+                if (n > 0) {
+                    buf[n] = (char)0;
+                    snprintf(url,sizeof(url),"http://127.0.0.1:%ld/index.html?authToken=%s",port,buf);
+                }
+                fclose(pf);
+            }
+        }
+    }
+
+    if (!url[0]) {
+        // Create authorization reference
+        OSStatus status;
+        AuthorizationRef authorizationRef;
+        
+        // AuthorizationCreate and pass NULL as the initial
+        // AuthorizationRights set so that the AuthorizationRef gets created
+        // successfully, and then later call AuthorizationCopyRights to
+        // determine or extend the allowable rights.
+        // http://developer.apple.com/qa/qa2001/qa1172.html
+        status = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &authorizationRef);
+        if (status != errAuthorizationSuccess)
+        {
+            NSLog(@"Error Creating Initial Authorization: %d", status);
+            return;
+        }
+        
+        // kAuthorizationRightExecute == "system.privilege.admin"
+        AuthorizationItem right = {kAuthorizationRightExecute, 0, NULL, 0};
+        AuthorizationRights rights = {1, &right};
+        AuthorizationFlags flags = kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed |
+        kAuthorizationFlagPreAuthorize | kAuthorizationFlagExtendRights;
+        
+        // Call AuthorizationCopyRights to determine or extend the allowable rights.
+        status = AuthorizationCopyRights(authorizationRef, &rights, NULL, flags, NULL);
+        if (status != errAuthorizationSuccess)
+        {
+            NSLog(@"Copy Rights Unsuccessful: %d", status);
+            return;
+        }
+        
+        // use rm tool with -rf
+        char *tool = "/bin/cat";
+        char *args[] = {"/Library/Application Support/ZeroTier/One/authtoken.secret", NULL};
+        FILE *pipe = NULL;
+        
+        status = AuthorizationExecuteWithPrivileges(authorizationRef, tool, kAuthorizationFlagDefaults, args, &pipe);
+        if (status != errAuthorizationSuccess)
+        {
+            NSLog(@"Error: %d", status);
+        }
+        
+        if (pipe) {
+            long n = (long)fread(buf,1,sizeof(buf)-1,pipe);
+            if (n > 0) {
+                buf[n] = (char)0;
+                snprintf(url,sizeof(url),"http://127.0.0.1:%ld/index.html?authToken=%s",port,buf);
+
+                if (homeDir) {
+                    snprintf(userAuthTokenPath,sizeof(userAuthTokenPath),"%s/Library/Application Support/ZeroTier",homeDir);
+                    mkdir(userAuthTokenPath,0755);
+                    snprintf(userAuthTokenPath,sizeof(userAuthTokenPath),"%s/Library/Application Support/ZeroTier/One",homeDir);
+                    mkdir(userAuthTokenPath,0755);
+                    snprintf(userAuthTokenPath,sizeof(userAuthTokenPath),"%s/Library/Application Support/ZeroTier/One/authtoken.secret",homeDir);
+                    pf = fopen(userAuthTokenPath,"w");
+                    if (pf) {
+                        fwrite(buf,1,strlen(buf),pf);
+                        fclose(pf);
+                        chmod(userAuthTokenPath,0600);
+                    }
+                }
+            }
+            fclose(pipe);
+        }
+
+        // The only way to guarantee that a credential acquired when you
+        // request a right is not shared with other authorization instances is
+        // to destroy the credential.  To do so, call the AuthorizationFree
+        // function with the flag kAuthorizationFlagDestroyRights.
+        // http://developer.apple.com/documentation/Security/Conceptual/authorization_concepts/02authconcepts/chapter_2_section_7.html
+        status = AuthorizationFree(authorizationRef, kAuthorizationFlagDestroyRights);
+    }
+
+    NSString *urlStr = [[NSString alloc] initWithCString:url];
+    self.windowController = [[WindowController alloc] initWithURL: urlStr];
+    [self.windowController showWindow: [NSApplication sharedApplication].delegate];
+    self.windowController.contentView.webView.alphaValue = 1.0;
+    self.windowController.contentView.alphaValue = 1.0;
+    [self.windowController showWindow:self];
+}
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/CallbackDelegate.h b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/CallbackDelegate.h
new file mode 100755
index 0000000..0f31ee4
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/CallbackDelegate.h
@@ -0,0 +1,20 @@
+//
+//  CallbackDelegate.h
+//  MacGap
+//
+//  Created by Joe Hildebrand on 1/10/12.
+//  Copyright (c) 2012 Twitter. All rights reserved.
+//
+
+#import "Command.h"
+
+@interface CallbackDelegate : Command {
+}
+
+@property JSObjectRef callback;
+
+- (id) initWithContext:(JSContextRef)aContext forCallback:(WebScriptObject*)aCallback;
+- (id) call;
+- (id) callWithParams:(id)firstOrNil, ... NS_REQUIRES_NIL_TERMINATION;
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/CallbackDelegate.m b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/CallbackDelegate.m
new file mode 100755
index 0000000..5ce8fbe
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/CallbackDelegate.m
@@ -0,0 +1,168 @@
+//
+//  CallbackDelegate.m
+//  MacGap
+//
+//  Created by Joe Hildebrand on 1/10/12.
+//  Copyright (c) 2012 Twitter. All rights reserved.
+//
+
+#import "CallbackDelegate.h"
+#import <JavaScriptCore/JavaScript.h>
+
+@implementation CallbackDelegate
+
+@synthesize callback;
+
+- (id) initWithContext:(JSContextRef)aContext forCallback:(WebScriptObject*)aCallback
+{
+    if (!aCallback)
+        return nil;
+    if ([aCallback isKindOfClass:[WebUndefined class]])
+        return nil;
+    
+    self = [super initWithContext:aContext];
+    if (!self)
+        return nil;
+
+    callback = [aCallback JSObject];
+    JSValueProtect(context, callback);
+    return self;
+}
+
+- (void) dealloc
+{
+    if (callback)
+    {
+        JSValueUnprotect(context, callback);
+        callback = nil;
+    }
+}
+
+- (id) objectFromValue:(JSValueRef)val
+{
+    JSStringRef jstr;
+    NSString *rets;
+    
+    switch(JSValueGetType(context, val))
+    {
+        case kJSTypeUndefined:
+        case kJSTypeNull:
+            return nil;
+        case kJSTypeBoolean:
+            return [NSNumber numberWithBool:JSValueToBoolean(context, val)];
+        case kJSTypeNumber:
+            return [NSNumber numberWithDouble:JSValueToNumber(context, val, NULL)];
+        case kJSTypeString:
+            jstr = JSValueToStringCopy(context, val, NULL);
+            size_t sz = JSStringGetMaximumUTF8CStringSize(jstr);
+            char *buf = (char*)malloc(sz);
+            JSStringGetUTF8CString(jstr, buf, sz);
+            rets = [NSString stringWithUTF8String:buf];
+            free(buf);
+            return rets;
+        case kJSTypeObject:
+            // TODO: dictionary or something
+            return nil;
+        default:
+            NSAssert(false, @"Invalid JavaScript type");
+            return nil;
+    }
+}
+
+- (JSValueRef) valueFromObject:(id)obj
+{
+    JSValueRef val = nil;
+    if (!obj)
+    {
+        val = JSValueMakeNull(context);
+    }
+    else if ([obj isKindOfClass:[NSString class]])
+    {
+        JSStringRef jstr = JSStringCreateWithUTF8CString([obj UTF8String]);
+        val = JSValueMakeString(context, jstr); 
+        JSStringRelease(jstr);         
+    }
+    else if ([obj isKindOfClass:[NSNumber class]])
+    {
+        val = JSValueMakeNumber(context, [obj doubleValue]);
+    }
+    else if ([obj isKindOfClass:[NSDictionary class]])
+    {
+        JSObjectRef o = JSObjectMake(context, NULL, NULL);
+        for (NSString *key in obj) 
+        {
+            JSStringRef kstr = JSStringCreateWithUTF8CString([key UTF8String]);
+            JSValueRef v = [self valueFromObject:[obj objectForKey:key]];
+            
+            JSObjectSetProperty(context, o, kstr, v, kJSPropertyAttributeNone, NULL);
+            JSStringRelease(kstr);         
+        }
+        val = o;
+    }
+    else if ([obj isKindOfClass:[NSArray class]])
+    {
+        NSUInteger pcount = [obj count];
+        JSValueRef jsArgs[pcount];
+        NSUInteger i=0;
+        for (id v in obj)
+        {
+            jsArgs[i++] = [self valueFromObject:v];
+        }
+        val = JSObjectMakeArray(context, pcount, jsArgs, NULL);
+    }
+    else if ([obj isKindOfClass:[NSDate class]])
+    {
+        NSTimeInterval secs = [obj timeIntervalSince1970];
+        JSValueRef jsArgs[1];
+        // call the Date(milliseconds) constructor in JS
+        jsArgs[0] = JSValueMakeNumber(context, secs * 1000.0);
+        val = JSObjectMakeDate(context, 1, jsArgs, NULL);
+    }
+    else
+    {
+        NSLog(@"Warning: unknown object type for: %@", obj);
+        val = JSValueMakeUndefined(context);
+    }
+    return val;
+}
+
+- (id) call
+{
+    NSAssert(callback, @"Callback required");
+    if (!JSObjectIsFunction(context, callback))
+        return nil;
+    
+    JSValueRef jsArgs[0];
+    JSValueRef ret = JSObjectCallAsFunction(context, callback, NULL, 0, jsArgs, NULL);
+    return [self objectFromValue:ret];    
+}
+
+- (id) callWithParams:(id)firstOrNil, ...
+{
+    NSAssert(callback, @"Callback required");
+    if (!JSObjectIsFunction(context, callback))
+        return nil;
+    NSUInteger pcount = 0;
+    id p;
+    va_list args;
+    va_start(args, firstOrNil);
+    for (p=firstOrNil; p; p=va_arg(args, id))
+    {
+        pcount++;
+    }
+    va_end(args);
+    
+    JSValueRef jsArgs[pcount];
+    NSUInteger j = 0;
+    va_start(args, firstOrNil);
+    for (p=firstOrNil; p; p=va_arg(args, id))
+    {
+        jsArgs[j++] = [self valueFromObject:p];
+    }
+    va_end(args);
+    
+    JSValueRef ret = JSObjectCallAsFunction(context, callback, NULL, j, jsArgs, NULL);
+    return [self objectFromValue:ret];
+}
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/App.h b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/App.h
new file mode 100644
index 0000000..f65ba61
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/App.h
@@ -0,0 +1,21 @@
+#import <Foundation/Foundation.h>
+
+#import "WindowController.h"
+
+@interface App : NSObject {
+
+}
+
+@property (nonatomic, retain) WebView *webView;
+
+- (id) initWithWebView:(WebView *)view;
+
+- (void) terminate;
+- (void) activate;
+- (void) hide;
+- (void) unhide;
+- (void) beep;
+- (void) bounce;
+- (void) setCustomUserAgent:(NSString *)userAgentString;
+- (NSNumber*) systemIdleTime;
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/App.m b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/App.m
new file mode 100644
index 0000000..6d47a17
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/App.m
@@ -0,0 +1,128 @@
+#import "App.h"
+
+#import "JSEventHelper.h"
+
+@implementation App
+
+@synthesize webView;
+
+- (id) initWithWebView:(WebView *) view{
+    self = [super init];
+    
+    if (self) {
+        self.webView = view;
+        [[[NSWorkspace sharedWorkspace] notificationCenter] addObserver: self 
+                                                               selector: @selector(receiveSleepNotification:) 
+                                                                   name: NSWorkspaceWillSleepNotification object: NULL];
+        [[[NSWorkspace sharedWorkspace] notificationCenter] addObserver: self 
+                                                               selector: @selector(receiveWakeNotification:) 
+                                                                   name: NSWorkspaceDidWakeNotification object: NULL];
+        [[[NSWorkspace sharedWorkspace] notificationCenter] addObserver: self
+                                                               selector: @selector(receiveActivateNotification:)
+                                                                   name: NSWorkspaceDidActivateApplicationNotification object: NULL];
+    }
+
+    return self;
+}
+
+- (void) terminate {
+    [NSApp terminate:nil];
+}
+
+- (void) activate {
+    [NSApp activateIgnoringOtherApps:YES];
+}
+
+- (void) hide {
+    [NSApp hide:nil];
+}
+
+- (void) unhide {
+    [NSApp unhide:nil];
+}
+
+- (void)beep {
+    NSBeep();
+}
+
+- (void) bounce {
+    [NSApp requestUserAttention:NSInformationalRequest];
+}
+
+- (void)setCustomUserAgent:(NSString *)userAgentString {
+    [self.webView setCustomUserAgent: userAgentString];
+}
+
+- (void) open:(NSString*)url {
+    [[NSWorkspace sharedWorkspace] openURL:[NSURL URLWithString:url]];
+}
+
+- (void) launch:(NSString *)name {
+    [[NSWorkspace sharedWorkspace] launchApplication:name];
+}
+
+- (void)receiveSleepNotification:(NSNotification*)note{
+    [JSEventHelper triggerEvent:@"sleep" forWebView:self.webView];
+}
+
+- (void) receiveWakeNotification:(NSNotification*)note{
+    [JSEventHelper triggerEvent:@"wake" forWebView:self.webView];
+}
+
+- (void) receiveActivateNotification:(NSNotification*)notification{
+    NSDictionary* userInfo = [notification userInfo];
+    NSRunningApplication* runningApplication = [userInfo objectForKey:NSWorkspaceApplicationKey];
+    if (runningApplication) {
+        NSMutableDictionary* applicationDidGetFocusDict = [[NSMutableDictionary alloc] initWithCapacity:2];
+        [applicationDidGetFocusDict setObject:runningApplication.localizedName
+                                       forKey:@"localizedName"];
+        [applicationDidGetFocusDict setObject:[runningApplication.bundleURL absoluteString]
+                                       forKey:@"bundleURL"];
+        
+        [JSEventHelper triggerEvent:@"appActivated" withArgs:applicationDidGetFocusDict forWebView:self.webView];
+    }
+}
+
+
+
+
+/*
+ To get the elapsed time since the previous input event—keyboard, mouse, or tablet—specify kCGAnyInputEventType.
+ */
+- (NSNumber*)systemIdleTime {
+    CFTimeInterval timeSinceLastEvent = CGEventSourceSecondsSinceLastEventType(kCGEventSourceStateHIDSystemState, kCGAnyInputEventType);
+    
+    return [NSNumber numberWithDouble:timeSinceLastEvent];
+}
+
+
+
+
++ (NSString*) webScriptNameForSelector:(SEL)selector
+{
+	id	result = nil;
+	
+	if (selector == @selector(open:)) {
+		result = @"open";
+	} else if (selector == @selector(launch:)) {
+        result = @"launch";
+    } else if (selector == @selector(setCustomUserAgent:)) {
+        result = @"setCustomUserAgent";
+    } else if (selector == @selector(systemIdleTime)) {
+        result = @"systemIdleTime";
+    }
+
+    return result;
+}
+
++ (BOOL) isSelectorExcludedFromWebScript:(SEL)selector
+{
+    return NO;
+}
+
++ (BOOL) isKeyExcludedFromWebScript:(const char*)name
+{
+	return YES;
+}
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Command.h b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Command.h
new file mode 100755
index 0000000..65d6b6d
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Command.h
@@ -0,0 +1,18 @@
+//
+//  Command.h
+//  MacGap
+//
+//  Created by Joe Hildebrand on 1/10/12.
+//  Copyright (c) 2012 Twitter. All rights reserved.
+//
+
+#import <Foundation/Foundation.h>
+#import <Webkit/WebScriptObject.h>
+
+@interface Command : NSObject {
+    JSContextRef context;
+}
+
+- (id) initWithContext:(JSContextRef)aContext;
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Command.m b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Command.m
new file mode 100755
index 0000000..39b8563
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Command.m
@@ -0,0 +1,28 @@
+//
+//  Command.m
+//  MacGap
+//
+//  Created by Joe Hildebrand on 1/10/12.
+//  Copyright (c) 2012 Twitter. All rights reserved.
+//
+
+#import "Command.h"
+#import <JavaScriptCore/JSContextRef.h>
+
+@implementation Command 
+
+- (id) initWithContext:(JSContextRef)aContext {
+    self = [super init];
+    if (!self)
+        return nil;
+    context = aContext;
+    JSGlobalContextRetain((JSGlobalContextRef)context);
+    return self;
+}
+
+- (void)dealloc
+{
+    if (context)
+        JSGlobalContextRelease((JSGlobalContextRef)context);
+}
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Dock.h b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Dock.h
new file mode 100644
index 0000000..b3c533d
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Dock.h
@@ -0,0 +1,11 @@
+#import <Foundation/Foundation.h>
+
+@interface Dock : NSObject {
+    
+}
+- (void) setBadge:(NSString*)value;
+- (NSString *) badge;
+
+@property (readwrite, copy) NSString *badge;
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Dock.m b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Dock.m
new file mode 100644
index 0000000..a4494d1
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Dock.m
@@ -0,0 +1,31 @@
+#import "Dock.h"
+
+@implementation Dock
+
+@synthesize badge;
+
+- (void) setBadge:(NSString *)value
+{
+    NSDockTile *tile = [[NSApplication sharedApplication] dockTile];
+    [tile setBadgeLabel:value];
+}
+
+- (NSString *) badge
+{
+    NSDockTile *tile = [[NSApplication sharedApplication] dockTile];
+    return [tile badgeLabel];
+}
+
+#pragma mark WebScripting Protocol
+
++ (BOOL) isSelectorExcludedFromWebScript:(SEL)selector
+{
+    return NO;
+}
+
++ (BOOL) isKeyExcludedFromWebScript:(const char*)name
+{
+	return NO;
+}
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/MenuItemProxy.h b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/MenuItemProxy.h
new file mode 100755
index 0000000..d765978
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/MenuItemProxy.h
@@ -0,0 +1,31 @@
+//
+//  MenuItemProxy.h
+//  MacGap
+//
+//  Created by Joe Hildebrand on 1/15/12.
+//  Copyright (c) 2012 Twitter. All rights reserved.
+//
+
+#import "Command.h"
+#import "CallbackDelegate.h"
+
+@class MenuProxy;
+
+@interface MenuItemProxy : Command {
+    NSMenuItem *item;
+    CallbackDelegate *callback;
+}
+
++ (MenuItemProxy*) proxyWithContext:(JSContextRef)aContext andMenuItem:(NSMenuItem*)anItem;
+
+- (MenuProxy*)addSubmenu;
+
+- (void) remove;
+- (void) setCallback:(WebScriptObject*)aCallback;
+- (void) setKey:(NSString*)keyCommand;
+- (void) setTitle:(NSString*)title;
+- (void) enable;
+- (void) disable;
+- (MenuProxy*)submenu;
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/MenuItemProxy.m b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/MenuItemProxy.m
new file mode 100755
index 0000000..7b9702c
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/MenuItemProxy.m
@@ -0,0 +1,150 @@
+//
+//  MenuItemProxy.m
+//  MacGap
+//
+//  Created by Joe Hildebrand on 1/15/12.
+//  Copyright (c) 2012 Twitter. All rights reserved.
+//
+
+#import "MenuItemProxy.h"
+#import "MenuProxy.h"
+
+@implementation MenuItemProxy
+
+- (id) initWithContext:(JSContextRef)aContext andMenuItem:(NSMenuItem*)anItem
+{
+    NSAssert(anItem, @"anItem required");
+    self = [super initWithContext:aContext];
+    if (!self)
+        return nil;
+    item = anItem;
+    item.representedObject = self;
+
+    return self;
+}
+
++ (MenuItemProxy*) proxyWithContext:(JSContextRef)aContext andMenuItem:(NSMenuItem*)anItem
+{
+    MenuItemProxy *proxy = [anItem representedObject];
+    if (proxy)
+    {
+        NSLog(@"MIP Cache hit");
+        NSAssert([proxy class] == [MenuItemProxy class], @"Bad proxy");
+        return proxy;
+    }
+    return [[MenuItemProxy alloc] initWithContext:aContext andMenuItem:anItem];
+}
+
+- (NSString*) description
+{
+    return [item description];
+}
+
+- (MenuProxy*)addSubmenu
+{
+    NSMenu *s = [item submenu];
+    if (!s)
+    {
+        s = [[NSMenu alloc] initWithTitle:@"FFFFFFOOOOO"];
+        [item setSubmenu:s];
+    }
+    return [MenuProxy proxyWithContext:context andMenu:s];
+}
+
+- (void) remove
+{
+    NSMenu *menu = [item menu];
+    [menu removeItem:item];
+}
+
+- (void)callCallback:(id)sender
+{
+    [callback callWithParams:[sender title], nil];
+}
+
+- (void) setCallback:(WebScriptObject*)aCallback
+{
+    NSAssert(item, @"item required");
+    callback = [[CallbackDelegate alloc] initWithContext:context forCallback:aCallback];
+    [item setAction:@selector(callCallback:)];
+    [item setTarget:self];
+}
+
+- (void)setKey:(NSString*)keyCommand
+{
+    NSString *aKey = [MenuProxy getKeyFromString:keyCommand];
+    [item setKeyEquivalent:aKey];
+    
+    NSUInteger modifiers = [MenuProxy getModifiersFromString:keyCommand];
+    [item setKeyEquivalentModifierMask:modifiers];
+}
+
+- (void) setTitle:(NSString*)title
+{
+    [item setTitle:title];
+}
+
+- (MenuProxy*)submenu;
+{
+    // TODO: make this work as a property
+    NSMenu *s = [item submenu];
+    if (!s)
+        return nil;
+    return [MenuProxy proxyWithContext:context andMenu:s];
+}
+
+- (void) enable
+{
+    [item setEnabled:YES];
+}
+
+- (void) disable
+{
+    [item setEnabled:NO];
+}
+
+#pragma mark WebScripting protocol
+
++ (BOOL) isSelectorExcludedFromWebScript:(SEL)selector
+{
+    return [self webScriptNameForSelector:selector] == nil;
+}
+
++ (BOOL) isKeyExcludedFromWebScript:(const char*)name
+{
+	return YES;
+}
+
++ (NSString*) webScriptNameForSelector:(SEL)selector
+{
+	id	result = nil;
+	
+    if (selector == @selector(addSubmenu)) {
+		result = @"addSubmenu";
+	}
+	else if (selector == @selector(remove)) {
+		result = @"remove";
+	}
+	else if (selector == @selector(setCallback:)) {
+		result = @"setCallback";
+	}
+	else if (selector == @selector(setKey:)) {
+		result = @"setKey";
+	}
+	else if (selector == @selector(setTitle:)) {
+		result = @"setTitle";
+	}
+	else if (selector == @selector(submenu)) {
+		result = @"submenu";
+	}
+    else if (selector == @selector(enable)) {
+		result = @"enable";
+	}
+    else if (selector == @selector(disable)) {
+		result = @"disable";
+	}
+	
+	return result;
+}
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/MenuProxy.h b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/MenuProxy.h
new file mode 100755
index 0000000..afd6c6e
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/MenuProxy.h
@@ -0,0 +1,31 @@
+//
+//  MenuProxy.h
+//  MacGap
+//
+//  Created by Joe Hildebrand on 1/14/12.
+//  Copyright (c) 2012 Twitter. All rights reserved.
+//
+
+#import "Command.h"
+
+@class MenuItemProxy;
+
+@interface MenuProxy : Command {
+    NSMenu *menu;
+}
+
++ (MenuProxy*)proxyWithContext:(JSContextRef)aContext andMenu:(NSMenu*)aMenu;
+
+- (MenuItemProxy*)addItemWithTitle:(NSString*)title
+                     keyEquivalent:(NSString*)aKey
+                          callback:(WebScriptObject*)aCallback
+                           atIndex:(NSInteger)index;
+
+- (MenuItemProxy*)addSeparator;
+- (MenuItemProxy*)itemForKey:(id)key;
+- (MenuProxy*)removeItem:(id)key;
+
++ (NSString*)getKeyFromString:(NSString*)keyCommand;
++ (NSUInteger*)getModifiersFromString:(NSString*)keyCommand;
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/MenuProxy.m b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/MenuProxy.m
new file mode 100755
index 0000000..5bc10a7
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/MenuProxy.m
@@ -0,0 +1,233 @@
+//
+//  MenuProxy.m
+//  MacGap
+//
+//  Created by Joe Hildebrand on 1/14/12.
+//  Copyright (c) 2012 Twitter. All rights reserved.
+//
+
+#import <objc/runtime.h>
+#import <JavaScriptCore/JavaScript.h>
+
+#import "MenuProxy.h"
+#import "MenuItemProxy.h"
+
+static char REPRESENTED_OBJECT;
+
+@interface NSMenu (represented)
+@property (strong) id representedObject;
+@end
+
+@implementation NSMenu (represented)
+
+- (id) representedObject
+{
+    return objc_getAssociatedObject(self, &REPRESENTED_OBJECT);
+}
+
+- (void) setRepresentedObject:(id)representedObject
+{
+    objc_setAssociatedObject(self, 
+                             &REPRESENTED_OBJECT,
+                             representedObject, 
+                             OBJC_ASSOCIATION_RETAIN);
+}
+
+@end
+
+@implementation MenuProxy
+
+- (id) initWithContext:(JSContextRef)aContext andMenu:(NSMenu*)aMenu
+{
+    self = [super initWithContext:aContext];
+    if (!self)
+        return nil;
+    menu = aMenu;
+    menu.representedObject = self;
+    return self;
+}
+
++ (MenuProxy*)proxyWithContext:(JSContextRef)aContext andMenu:(NSMenu*)aMenu
+{
+    // singleton-ish.
+    MenuProxy *ret = [aMenu representedObject];
+    if (ret)
+    {
+        NSLog(@"MP cache hit");
+        return ret;
+    }
+    return [[MenuProxy alloc] initWithContext:aContext andMenu:aMenu];
+}
+
+- (void) dealloc
+{
+    menu.representedObject = nil;
+}
+
+- (NSString*) description
+{
+    return [menu description];
+}
+
+static BOOL isNullish(id o)
+{
+    if (!o)
+        return YES;
+    if ([o isKindOfClass:[WebUndefined class]])
+        return YES;
+    return NO;
+}
+
+- (MenuItemProxy*)addItemWithTitle:(NSString*)title
+                     keyEquivalent:(NSString*)keyCommand
+                          callback:(WebScriptObject*)aCallback
+                           atIndex:(NSInteger)index
+{
+    if (isNullish(title))
+        title = @"";
+    
+    NSString *aKey = [MenuProxy getKeyFromString:keyCommand];
+    NSMenuItem *item = nil;
+    
+    if(index) {
+        item = [menu insertItemWithTitle:title action:nil keyEquivalent:aKey atIndex:index ];
+    } else {
+        item = [menu addItemWithTitle:title action:nil keyEquivalent:aKey ];
+        
+    }
+    
+    // Set the modifiers.
+    NSUInteger modifiers = [MenuProxy getModifiersFromString:keyCommand];
+    [item setKeyEquivalentModifierMask:modifiers];
+   
+    if(!menu.supermenu) {
+        NSMenu *s = [[NSMenu alloc] initWithTitle:title];
+        [item setSubmenu:s];
+    }
+   
+    MenuItemProxy *mip = [MenuItemProxy proxyWithContext:context andMenuItem:item];
+    if (!isNullish(aCallback))
+        [mip setCallback:aCallback];
+    
+   
+    return mip;
+}
+
++ (NSString*)getKeyFromString:(NSString*)keyCommand {
+    if (isNullish(keyCommand))
+        keyCommand = @"";
+
+    // Obtain the key (if there are modifiers, it will be the last character).
+    NSString *aKey = @"";
+    if ([keyCommand length] > 0) {
+        aKey = [keyCommand substringFromIndex:[keyCommand length] - 1];
+    }
+
+    return aKey;
+}
+
++ (NSUInteger*)getModifiersFromString:(NSString*)keyCommand {
+    // aKeys may optionally specify one or more modifiers.
+    NSUInteger modifiers = 0;
+    
+    if ([keyCommand rangeOfString:@"caps"].location != NSNotFound) modifiers += NSAlphaShiftKeyMask;
+    if ([keyCommand rangeOfString:@"shift"].location != NSNotFound) modifiers += NSShiftKeyMask;
+    if ([keyCommand rangeOfString:@"cmd"].location != NSNotFound) modifiers += NSCommandKeyMask;
+    if ([keyCommand rangeOfString:@"ctrl"].location != NSNotFound) modifiers += NSControlKeyMask;
+    if ([keyCommand rangeOfString:@"opt"].location != NSNotFound) modifiers += NSAlternateKeyMask;
+    if ([keyCommand rangeOfString:@"alt"].location != NSNotFound) modifiers += NSAlternateKeyMask;
+
+    return modifiers;
+}
+
+- (MenuItemProxy*)addSeparator
+{
+    NSMenuItem *sep = [NSMenuItem separatorItem];
+    [menu addItem:sep];
+    return [MenuItemProxy proxyWithContext:context andMenuItem:sep];
+}
+
+- (MenuItemProxy*)itemForKey:(id)key
+{
+    if (isNullish(key))
+        return nil;
+    NSMenuItem *item = nil;
+    if ([key isKindOfClass:[NSNumber class]])
+    {
+        item = [menu itemAtIndex:[key intValue]];
+    }
+    else if ([key isKindOfClass:[NSString class]])
+    {
+        item = [menu itemWithTitle:key];
+        if (!item)
+        {
+            // Try again, with ... appended. e.g. "Save..."
+            item = [menu itemWithTitle:
+                    [key stringByAppendingString:@"\u2026"]];
+        }
+    }
+    if (!item)
+        return nil;
+
+    return [MenuItemProxy proxyWithContext:context andMenuItem:item];    
+}
+
+- (MenuProxy*)removeItem:(id)key
+{
+    if (isNullish(key))
+        return nil;
+    
+    NSMenuItem *item = nil;
+    if ([key isKindOfClass:[NSNumber class]])
+    {
+        item = [menu itemAtIndex:[key intValue]];
+    }
+    else if ([key isKindOfClass:[NSString class]])
+    {
+        item = [menu itemWithTitle:key];
+        if (!item)
+        {
+            // Try again, with ... appended. e.g. "Save..."
+            item = [menu itemWithTitle:
+                    [key stringByAppendingString:@"\u2026"]];
+        }
+    }
+    if (!item)
+        return nil;
+    
+    [menu removeItem:item];
+    return [MenuProxy proxyWithContext:context andMenu:menu];
+}
+
++ (BOOL) isSelectorExcludedFromWebScript:(SEL)selector
+{
+    return [self webScriptNameForSelector:selector] == nil;
+}
+
++ (BOOL) isKeyExcludedFromWebScript:(const char*)name
+{
+	return YES;
+}
+
++ (NSString*) webScriptNameForSelector:(SEL)selector
+{
+	id	result = nil;
+   
+    if (selector == @selector(addItemWithTitle:keyEquivalent:callback:atIndex:)) {
+		result = @"addItem";
+	}
+    else if (selector == @selector(addSeparator)) {
+        result = @"addSeparator";
+    }
+	else if (selector == @selector(itemForKey:)) {
+		result = @"getItem";
+	}
+    else if (selector == @selector(removeItem:)) {
+		result = @"removeMenu";
+	}
+   
+	return result;
+}
+
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Notice.h b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Notice.h
new file mode 100644
index 0000000..51077a4
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Notice.h
@@ -0,0 +1,26 @@
+//
+//  Notice.h
+//  MacGap
+//
+//  Created by Christian Sullivan on 7/26/12.
+//  Copyright (c) 2012 Twitter. All rights reserved.
+//
+
+#import <Foundation/Foundation.h>
+#import "WindowController.h"
+
+#define APP_NOTICE_NOTIFICATION @"Notice"
+
+@interface Notice : NSObject <NSUserNotificationCenterDelegate> {
+    
+}
+
+@property (nonatomic, retain) WebView *webView;
+
+- (id) initWithWebView:(WebView *)view;
+- (void) notify:(NSDictionary*)message;
+- (void) close:(NSString*)notificationId;
++ (BOOL) available;
+
+@end
+
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Notice.m b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Notice.m
new file mode 100644
index 0000000..a4095f9
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Notice.m
@@ -0,0 +1,108 @@
+//
+//  Notice.m
+//  MacGap
+//
+//  Created by Christian Sullivan on 7/26/12.
+//  Copyright (c) 2012 Twitter. All rights reserved.
+//
+
+#import "Notice.h"
+
+#import "JSEventHelper.h"
+
+@implementation Notice
+
+- (id) initWithWebView:(WebView*)view
+{
+    if(self = [super init]) {
+        self.webView = view;
+	    [[NSUserNotificationCenter defaultUserNotificationCenter] setDelegate:self];
+    }
+    return self;
+}
+
+- (void) notify:(NSDictionary *)message {
+    NSUserNotification *notification = [[NSUserNotification alloc] init];
+    [notification setTitle:[message valueForKey:@"title"]];
+    [notification setInformativeText:[message valueForKey:@"content"]];
+    [notification setDeliveryDate:[NSDate dateWithTimeInterval:0 sinceDate:[NSDate date]]];
+    BOOL playSound = true; // optional parameter, false only when {sound: false}
+    @try {
+        NSNumber *s = [message valueForKey:@"sound"];
+        if ([[s className] isEqual: @"__NSCFBoolean"]) {
+            playSound = [s boolValue];
+        }
+    }
+    @catch (NSException *exception) {
+    }
+    if (playSound) {
+        [notification setSoundName:NSUserNotificationDefaultSoundName];
+    }
+    NSString *id = @""; // optional, needed for close
+    @try {
+        id = [message valueForKey:@"id"];
+    }
+    @catch (NSException *exception) {
+    }
+    [notification setUserInfo:[NSDictionary dictionaryWithObjectsAndKeys:id, @"id", nil]];
+    NSUserNotificationCenter *center = [NSUserNotificationCenter defaultUserNotificationCenter];
+    [center scheduleNotification:notification];
+}
+
+// close all notifications with id == notificationId or close all notifications if notificationId == "*"
+- (void) close:(NSString*)notificationId {
+    NSUserNotificationCenter *center = [NSUserNotificationCenter defaultUserNotificationCenter];
+    for(NSUserNotification * deliveredNote in center.deliveredNotifications) {
+        if ([notificationId isEqualToString:@"*"] || [deliveredNote.userInfo[@"id"] isEqualToString:notificationId]) {
+            [center removeDeliveredNotification: deliveredNote];
+        }
+    }
+}
+
++ (BOOL) available {
+    if ([NSUserNotificationCenter respondsToSelector:@selector(defaultUserNotificationCenter)])
+        return YES;
+    
+    return NO;
+}
+
+- (void) userNotificationCenter:(NSUserNotificationCenter *)center didActivateNotification:(NSUserNotification *)notification
+{
+    NSString *notificationId = [notification.userInfo valueForKey:@"id"];
+    [JSEventHelper triggerEvent:@"macgap.notify.activated" forDetail:notificationId forWebView:self.webView];
+}
+
+#pragma mark WebScripting Protocol
+
++ (BOOL) isSelectorExcludedFromWebScript:(SEL)selector
+{
+    BOOL result = YES;
+    if (selector == @selector(notify:))
+        result = NO;
+    if (selector == @selector(close:))
+        result = NO;
+    
+    return result;
+}
+
++ (NSString*) webScriptNameForSelector:(SEL)selector
+{
+	id	result = nil;
+	
+	if (selector == @selector(notify:)) {
+		result = @"notify";
+	}
+	if (selector == @selector(close:)) {
+		result = @"close";
+	}
+	
+	return result;
+}
+
+// right now exclude all properties (eg keys)
++ (BOOL) isKeyExcludedFromWebScript:(const char*)name
+{
+	return YES;
+}
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Path.h b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Path.h
new file mode 100644
index 0000000..f931340
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Path.h
@@ -0,0 +1,21 @@
+#import <Foundation/Foundation.h>
+
+@interface Path : NSObject {
+    
+}
+
+- (NSString *) application;
+- (NSString *) resource;
+- (NSString *) documents;
+- (NSString *) library;
+- (NSString *) home;
+- (NSString *) temp;
+
+@property (readonly,copy) NSString* application;
+@property (readonly,copy) NSString* resource;
+@property (readonly,copy) NSString* documents;
+@property (readonly,copy) NSString* library;
+@property (readonly,copy) NSString* home;
+@property (readonly,copy) NSString* temp;
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Path.m b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Path.m
new file mode 100644
index 0000000..8c54100
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Path.m
@@ -0,0 +1,53 @@
+#import "Path.h"
+
+@implementation Path
+
+@synthesize application;
+@synthesize resource;
+@synthesize documents;
+@synthesize library;
+@synthesize home;
+@synthesize temp;
+
+- (NSString *)application {
+    return [[NSBundle mainBundle] bundlePath];
+}
+
+- (NSString *)resource {
+    return [[NSBundle mainBundle] resourcePath];
+}
+
+- (NSString *)documents {
+    NSArray *paths = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES);
+    return [paths objectAtIndex:0];
+}
+
+- (NSString *)library {
+    NSArray *paths = NSSearchPathForDirectoriesInDomains(NSLibraryDirectory, NSUserDomainMask, YES);
+    NSLog( @"%@", paths );
+    return [paths objectAtIndex:0];
+}
+
+- (NSString *)home {
+    return NSHomeDirectory();
+}
+
+- (NSString *)temp {
+    return NSTemporaryDirectory();
+}
+
+#pragma mark WebScripting Protocol
+
+/* checks whether a selector is acceptable to be called from JavaScript */
++ (BOOL) isSelectorExcludedFromWebScript:(SEL)selector
+{
+    return NO;
+}
+
+// right now exclude all properties (eg keys)
++ (BOOL) isKeyExcludedFromWebScript:(const char*)name
+{
+	return NO;
+}
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Sound.h b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Sound.h
new file mode 100644
index 0000000..0670764
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Sound.h
@@ -0,0 +1,17 @@
+#import <Cocoa/Cocoa.h>
+#import "Command.h"
+#import "CallbackDelegate.h"
+
+
+@interface Sound : Command {
+
+}
+
+// pending callbacks for sounds being played, to keep
+// ARC from freeing them too early
+@property (nonatomic, strong) NSMutableSet *pending;
+
+- (void) play:(NSString*)file onComplete:(WebScriptObject*)callback;
+- (void) playSystem:(NSString*)name onComplete:(WebScriptObject*)callback;
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Sound.m b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Sound.m
new file mode 100644
index 0000000..9f4a44d
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/Sound.m
@@ -0,0 +1,97 @@
+#import "Sound.h"
+
+
+@interface PlayDelegate : CallbackDelegate <NSSoundDelegate> {
+}
+
+@property (nonatomic, weak) Sound *sound;
+
+- (id) initWithContext:(JSContextRef)aContext
+           forCallback:(WebScriptObject*)aCallback
+             withSound:(Sound*)aSound;
+@end
+
+@implementation PlayDelegate
+
+@synthesize sound;
+
+- (id) initWithContext:(JSContextRef)aContext
+           forCallback:(WebScriptObject*)aCallback
+             withSound:(Sound*)aSound
+{
+        self = [super initWithContext:aContext forCallback:aCallback];
+        if (!self)
+                return nil;
+        sound = aSound;
+        return self;
+}
+
+- (void)sound:(NSSound *)aSound didFinishPlaying:(BOOL)finishedPlaying {
+        [self callWithParams:[aSound name], nil];
+        [sound.pending removeObject:self];
+}
+
+@end
+
+@implementation Sound
+
+@synthesize pending;
+
+- (id) initWithContext:(JSContextRef)aContext {
+    self = [super initWithContext:aContext];
+    if (!self) {
+        return nil;
+    }
+    
+    pending = [NSMutableSet new];
+    return self;
+}
+
+- (void) playSound:(NSSound*)sound onComplete:(WebScriptObject*)callback {
+    if (callback != (id)[WebUndefined undefined]) {
+        PlayDelegate *d = [[PlayDelegate alloc] initWithContext:context
+                                                    forCallback:callback
+                                                      withSound:self];
+        [pending addObject:d];
+        [sound setDelegate:d];
+    }
+    [sound play];
+}
+
+- (void) play:(NSString*)file onComplete:(WebScriptObject*)callback {
+	NSURL* fileUrl  = [NSURL fileURLWithPath:[[Utils sharedInstance] pathForResource:file]];
+	DebugNSLog(@"Sound file:%@", [fileUrl description]);
+	
+	NSSound* sound = [[NSSound alloc] initWithContentsOfURL:fileUrl byReference:YES];
+    [self playSound:sound onComplete:callback];
+}
+
+- (void) playSystem:(NSString*)name onComplete:(WebScriptObject*)callback {
+    NSSound *systemSound = [NSSound soundNamed:name];
+    [self playSound:systemSound onComplete:callback];
+}
+
+#pragma mark WebScripting Protocol
+
++ (BOOL) isSelectorExcludedFromWebScript:(SEL)selector {
+    return [self webScriptNameForSelector:selector] == nil;
+}
+
++ (BOOL) isKeyExcludedFromWebScript:(const char*)name {
+	return YES;
+}
+
++ (NSString*) webScriptNameForSelector:(SEL)selector {
+    id	result = nil;
+
+    if (selector == @selector(play:onComplete:)) {
+            result = @"play";
+    }
+    else if (selector == @selector(playSystem:onComplete:)) {
+            result = @"playSystem";
+    }
+
+    return result;
+}
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/UserDefaults.h b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/UserDefaults.h
new file mode 100644
index 0000000..269191b
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/UserDefaults.h
@@ -0,0 +1,43 @@
+//
+//  UserDefaults.h
+//  MacGap
+//
+//  Created by Jeff Hanbury on 16/04/2014.
+//  Copyright (c) 2014 Twitter. All rights reserved.
+//
+
+#import <Foundation/Foundation.h>
+
+#import "WindowController.h"
+
+@interface UserDefaults : NSObject
+
+@property (nonatomic, retain) WebView *webView;
+
+- (id) initWithWebView:(WebView *)view;
+- (NSString*) getMyDefaults;
+- (NSDictionary*) myDefaultsDictionary;
+- (void) removeObjectForKey:(NSString*)key;
+- (NSArray*) getUserDefaultsKeys;
+
+- (NSString*) addPrefix:(NSString*)key;
+
+- (void) setString:(NSString*)key withValue:(NSString*)value;
+- (NSString*) getString:(NSString*)key;
+
+- (void) setInteger:(NSString*)key withValue:(NSString*)value;
+- (NSNumber*) getInteger:(NSString*)key;
+
+- (void) setBool:(NSString*)key withValue:(NSString*)value;
+- (NSNumber*) getBool:(NSString*)key;
+
+- (void) setFloat:(NSString*)key withValue:(NSString*)value;
+- (NSNumber*) getFloat:(NSString*)key;
+
+// Could also be implemented:
+//– setObject:forKey:
+//– setDouble:forKey:
+//– setURL:forKey:
+
+@end
+
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/UserDefaults.m b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/UserDefaults.m
new file mode 100644
index 0000000..4856871
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/UserDefaults.m
@@ -0,0 +1,211 @@
+//
+//  UserDefaults.m
+//  MacGap
+//
+//  Created by Jeff Hanbury on 16/04/2014.
+//  Copyright (c) 2014 Twitter. All rights reserved.
+//
+
+#import "UserDefaults.h"
+#import "JSEventHelper.h"
+
+@interface UserDefaults() {
+
+}
+
+-(void) setupNotificationCenter;
+
+@end
+
+
+@implementation UserDefaults
+
+- (id) initWithWebView:(WebView *) view{
+    self = [super init];
+    
+    if (self) {
+        self.webView = view;
+        [self setupNotificationCenter];
+    }
+    
+    return self;
+}
+
+
+-(void) setupNotificationCenter{
+    [[NSNotificationCenter defaultCenter] addObserver:self
+                                             selector:@selector(defaultsChanged:)
+                                                 name:NSUserDefaultsDidChangeNotification
+                                               object:nil];
+}
+
+- (void)defaultsChanged:(NSNotification *)notification {
+    NSDictionary* returnDict = [self myDefaultsDictionary];
+    [JSEventHelper triggerEvent:@"userDefaultsChanged" withArgs:returnDict forWebView:self.webView];
+}
+
+- (NSString*) getMyDefaults {
+    NSDictionary* myDefaults = [self myDefaultsDictionary];
+
+    return [[Utils sharedInstance] convertDictionaryToJSON:myDefaults];
+}
+
+- (NSDictionary*) myDefaultsDictionary {
+    NSString* prefix = [kWebScriptNamespace stringByAppendingString:@"_"];
+    NSMutableDictionary* returnDict = [[NSMutableDictionary alloc] init];
+
+    // Get the user defaults.
+    NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults];
+    
+    // Build up a dictionary containing just the items beginning with our
+    // prefix.
+    for (NSString* key in [self getUserDefaultsKeys]) {
+        if ([key hasPrefix:prefix]) {
+            id val = [defaults valueForKey:key];
+            [returnDict setObject:val forKey:key];
+        }
+    }
+
+    return returnDict;
+}
+
+- (NSArray*) getUserDefaultsKeys {
+    NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];
+    return [[prefs dictionaryRepresentation] allKeys];
+}
+
+- (void) removeObjectForKey:(NSString*)key {
+    NSString* prefixedKey;
+    prefixedKey = [self addPrefix:key];
+
+    [[NSUserDefaults standardUserDefaults] removeObjectForKey:prefixedKey];
+    [[NSUserDefaults standardUserDefaults] synchronize];
+}
+
+// Check we have a standard prefix for JS-modified keys, for security purposes.
+// If not, add it. This stops JavaScript from ever being able to modify keys
+// it did not create.
+- (NSString*) addPrefix:(NSString*)key {
+    NSString* prefix;
+    prefix = [kWebScriptNamespace stringByAppendingString:@"_"];
+    
+    if (![key hasPrefix:prefix]) {
+        key = [prefix stringByAppendingString:key];
+    }
+    return key;
+}
+
+// String
+
+- (void) setString:(NSString*)key withValue:(NSString*)value {
+    NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];
+    NSString* prefixedKey;
+    prefixedKey = [self addPrefix:key];
+    [prefs setObject:value forKey:prefixedKey];
+}
+
+- (NSString*) getString:(NSString *)key {
+    NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];
+    return [prefs stringForKey:key];
+}
+
+// All the following must convert their type to NSNumber for JavaScript.
+
+// Integer
+
+- (void) setInteger:(NSString*)key withValue:(NSString*)value {
+    NSString* prefixedKey;
+    prefixedKey = [self addPrefix:key];
+
+    NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];
+    NSInteger myInt = [value intValue];
+    [prefs setInteger:myInt forKey:prefixedKey];
+}
+
+- (NSNumber*) getInteger:(NSString *)key {
+    NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];
+    return [NSNumber numberWithInteger:[prefs integerForKey:key]];
+}
+
+// Boolean
+
+- (void) setBool:(NSString*)key withValue:(NSString*)value {
+    NSString* prefixedKey;
+    prefixedKey = [self addPrefix:key];
+
+    NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];
+    BOOL myBool = [value boolValue];
+    [prefs setBool:myBool forKey:prefixedKey];
+}
+
+- (NSNumber*) getBool:(NSString *)key {
+    NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];
+    return [NSNumber numberWithBool:[prefs boolForKey:key]];
+}
+
+// Float
+
+- (void) setFloat:(NSString*)key withValue:(NSString*)value {
+    NSString* prefixedKey;
+    prefixedKey = [self addPrefix:key];
+
+    NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];
+    float myFloat = [value floatValue];
+    [prefs setFloat:myFloat forKey:prefixedKey];
+}
+
+- (NSNumber*) getFloat:(NSString *)key {
+    NSUserDefaults *prefs = [NSUserDefaults standardUserDefaults];
+    return [NSNumber numberWithFloat:[prefs floatForKey:key]];
+}
+
+
+#pragma mark WebScripting Protocol
+
++ (BOOL) isSelectorExcludedFromWebScript:(SEL)selector {
+    return NO;
+}
+
++ (NSString*) webScriptNameForSelector:(SEL)selector {
+	id	result = nil;
+	
+	if (selector == @selector(getMyDefaults)) {
+		result = @"getMyDefaults";
+    }
+    
+	if (selector == @selector(removeObjectForKey:)) {
+		result = @"removeObjectForKey";
+    }
+    
+    else if (selector == @selector(setString:withValue:)) {
+		result = @"setString";
+    } else if (selector == @selector(getString:)) {
+        result = @"getString";
+    }
+    
+    else if (selector == @selector(setInteger:withValue:)) {
+		result = @"setInteger";
+    } else if (selector == @selector(getInteger:)) {
+        result = @"getInteger";
+    }
+    
+    else if (selector == @selector(setBool:withValue:)) {
+		result = @"setBool";
+    } else if (selector == @selector(getBool:)) {
+        result = @"getBool";
+    }
+
+    else if (selector == @selector(setFloat:withValue:)) {
+		result = @"setFloat";
+    } else if (selector == @selector(getFloat:)) {
+        result = @"getFloat";
+    }
+
+	return result;
+}
+
++ (BOOL) isKeyExcludedFromWebScript:(const char*)name {
+	return NO;
+}
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/fonts.h b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/fonts.h
new file mode 100644
index 0000000..62c7b7e
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/fonts.h
@@ -0,0 +1,9 @@
+@interface Fonts : NSObject {
+}
+
+- (NSArray*) availableFonts;
+- (NSArray*) availableFontFamilies;
+- (NSArray*) availableMembersOfFontFamily:(NSString*)fontFamily;
+- (CGFloat)  defaultLineHeightForFont:(NSString *)theFontName ofSize:(CGFloat)theFontSize;
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/fonts.m b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/fonts.m
new file mode 100644
index 0000000..b17818a
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Commands/fonts.m
@@ -0,0 +1,48 @@
+#import "fonts.h"
+
+@implementation Fonts
+
+
+- (NSArray*) availableFonts {
+    return [[NSFontManager sharedFontManager] availableFonts];
+}
+
+- (NSArray*) availableFontFamilies {
+    return [[NSFontManager sharedFontManager] availableFontFamilies];
+}
+
+- (NSArray*) availableMembersOfFontFamily:(NSString *)fontFamily {
+    return [[NSFontManager sharedFontManager] availableMembersOfFontFamily:fontFamily];
+}
+
+- (CGFloat) defaultLineHeightForFont:(NSString*)theFontName ofSize:(CGFloat)theFontSize {
+    NSFont *theFont = [NSFont fontWithName:theFontName size:theFontSize];
+    NSLayoutManager *lm = [[NSLayoutManager alloc] init];
+    
+    return [lm defaultLineHeightForFont:theFont];
+}
+
+
+#pragma mark WebScripting Protocol
+
++ (BOOL) isSelectorExcludedFromWebScript:(SEL)selector {
+    return NO;
+}
+
++ (NSString*) webScriptNameForSelector:(SEL)selector {
+	id	result = nil;
+	
+	if (selector == @selector(availableMembersOfFontFamily:)) {
+		result = @"availableMembersOfFontFamily";
+    } else if (selector == @selector(defaultLineHeightForFont:ofSize:)) {
+        result = @"defaultLineHeightForFont";
+    }
+
+	return result;
+}
+
++ (BOOL) isKeyExcludedFromWebScript:(const char*)name {
+	return NO;
+}
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Constants.h b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Constants.h
new file mode 100644
index 0000000..1fe59d6
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Constants.h
@@ -0,0 +1,7 @@
+// Application constants
+
+#define kStartPage @"http://127.0.0.1:9993/"
+
+#define kStartFolder @"."
+
+#define kWebScriptNamespace @"macgap"
\ No newline at end of file
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/ContentView.h b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/ContentView.h
new file mode 100644
index 0000000..65890a5
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/ContentView.h
@@ -0,0 +1,15 @@
+#import <Cocoa/Cocoa.h>
+#import <WebKit/WebKit.h>
+
+@class WebViewDelegate;
+
+@interface ContentView : NSView {
+	IBOutlet WebView* webView;
+	WebViewDelegate* delegate;
+}
+
+@property (retain) WebView* webView;
+@property (retain) WebViewDelegate* delegate;
+@property (strong) IBOutlet NSMenu *mainMenu;
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/ContentView.m b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/ContentView.m
new file mode 100644
index 0000000..6558a19
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/ContentView.m
@@ -0,0 +1,68 @@
+#import "ContentView.h"
+#import "WebViewDelegate.h"
+#import "AppDelegate.h"
+#import "JSEventHelper.h"
+
+@interface WebPreferences (WebPreferencesPrivate)
+    - (void)_setLocalStorageDatabasePath:(NSString *)path;
+    - (void) setLocalStorageEnabled: (BOOL) localStorageEnabled;
+    - (void) setDatabasesEnabled:(BOOL)databasesEnabled;
+    - (void) setDeveloperExtrasEnabled:(BOOL)developerExtrasEnabled;
+    - (void) setWebGLEnabled:(BOOL)webGLEnabled;
+    - (void) setOfflineWebApplicationCacheEnabled:(BOOL)offlineWebApplicationCacheEnabled;
+@end
+
+@implementation ContentView
+
+@synthesize webView, delegate, mainMenu;
+
+- (void) awakeFromNib
+{
+    WebPreferences *webPrefs = [WebPreferences standardPreferences];
+    
+    NSString *cappBundleName = [[[NSBundle mainBundle] infoDictionary] objectForKey:@"CFBundleName"];    
+    NSString *applicationSupportFile = [@"~/Library/Application Support/" stringByExpandingTildeInPath];
+    NSString *savePath = [NSString pathWithComponents:[NSArray arrayWithObjects:applicationSupportFile, cappBundleName, @"LocalStorage", nil]];
+    [webPrefs _setLocalStorageDatabasePath:savePath];
+    [webPrefs setLocalStorageEnabled:YES];
+    [webPrefs setDatabasesEnabled:YES];
+    [webPrefs setDeveloperExtrasEnabled:[[NSUserDefaults standardUserDefaults] boolForKey: @"developer"]];
+    [webPrefs setOfflineWebApplicationCacheEnabled:YES];
+    [webPrefs setWebGLEnabled:YES];
+    
+    [self.webView setPreferences:webPrefs];
+    
+    NSHTTPCookieStorage *cookieStorage = [NSHTTPCookieStorage 
+                                          sharedHTTPCookieStorage]; 
+    [cookieStorage setCookieAcceptPolicy:NSHTTPCookieAcceptPolicyAlways];
+    
+    [self.webView setApplicationNameForUserAgent: @"MacGap"];
+    
+	self.delegate = [[WebViewDelegate alloc] initWithMenu:[NSApp mainMenu]];
+//	[self.webView setFrameLoadDelegate:self.delegate];
+//	[self.webView setUIDelegate:self.delegate];
+//	[self.webView setResourceLoadDelegate:self.delegate];
+//	[self.webView setDownloadDelegate:self.delegate];
+//	[self.webView setPolicyDelegate:self.delegate];
+    [self.webView setDrawsBackground:NO];
+    [self.webView setShouldCloseWithWindow:NO];
+    
+    [self.webView setGroupName:@"MacGap"];
+
+}
+
+- (void) windowResized:(NSNotification*)notification;
+{
+	NSWindow* window = (NSWindow*)notification.object;
+	NSSize size = [window frame].size;
+	
+	DebugNSLog(@"window width = %f, window height = %f", size.width, size.height);
+    
+    bool isFullScreen = (window.styleMask & NSFullScreenWindowMask) == NSFullScreenWindowMask;
+    int titleBarHeight = isFullScreen ? 0 : [[Utils sharedInstance] titleBarHeight:window];
+    
+	[self.webView setFrame:NSMakeRect(0, 0, size.width, size.height - titleBarHeight)];
+    [JSEventHelper triggerEvent:@"orientationchange" forWebView:self.webView];
+}
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/JSEventHelper.h b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/JSEventHelper.h
new file mode 100644
index 0000000..401f3e3
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/JSEventHelper.h
@@ -0,0 +1,20 @@
+//
+//  Helper.h
+//  MacGap
+//
+//  Created by Liam Kaufman Simpkins on 12-01-22.
+//  Copyright (c) 2012 Twitter. All rights reserved.
+//
+
+#import <Foundation/Foundation.h>
+#import "WindowController.h"
+
+@interface JSEventHelper : NSObject
+
++ (void) triggerEvent:(NSString *)event forWebView:(WebView *)webView;
++ (void) triggerEvent:(NSString *)event withArgs:(NSDictionary *)args forWebView:(WebView *)webView;
++ (void) triggerEvent:(NSString *)event withArgs:(NSDictionary *)args forObject:(NSString *)objName forWebView:(WebView *)webView;
++ (void) triggerEvent:(NSString *)event forDetail:(NSString *)detail forWebView:(WebView *)webView;
++ (void) triggerEvent:(NSString *)event forDetail:(NSString *)detail forObject:(NSString *)objName forWebView:(WebView *)webView;
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/JSEventHelper.m b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/JSEventHelper.m
new file mode 100644
index 0000000..65406b3
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/JSEventHelper.m
@@ -0,0 +1,41 @@
+//
+//  Helper.m
+//  MacGap
+//
+//  Created by Liam Kaufman Simpkins on 12-01-22.
+//  Copyright (c) 2012 Twitter. All rights reserved.
+//
+
+#import "JSEventHelper.h"
+
+@implementation JSEventHelper
+
++ (void) triggerEvent:(NSString *)event forWebView:(WebView *)webView {
+    [self triggerEvent:event withArgs:[NSMutableDictionary dictionary] forObject:@"document" forWebView:webView];
+}
+
++ (void) triggerEvent:(NSString *)event withArgs:(NSDictionary *)args forWebView:(WebView *)webView {
+    [self triggerEvent:event withArgs:args forObject:@"document" forWebView:webView];
+}
+
++ (void) triggerEvent:(NSString *)event withArgs:(NSDictionary *)args forObject:(NSString *)objName forWebView:(WebView *)webView {
+    
+    // Convert args Dictionary to JSON.
+    NSString* jsonString = [[Utils sharedInstance] convertDictionaryToJSON:args];
+    
+    // Create the event JavaScript and run it.
+    NSString * str = [NSString stringWithFormat:@"var e = document.createEvent('Events'); e.initEvent('%@', true, false);  e.data=%@; %@.dispatchEvent(e); ", event, jsonString, objName];
+    [webView stringByEvaluatingJavaScriptFromString:str];
+}
+
++ (void) triggerEvent:(NSString *)event forDetail:(NSString *)detail forWebView:(WebView *)webView {
+    [self triggerEvent:event forDetail:detail forObject:@"document" forWebView:webView];
+}
+
++ (void) triggerEvent:(NSString *)event forDetail:(NSString *)detail forObject:(NSString *)objName forWebView:(WebView *)webView {
+    NSString *detailEscaped = [detail stringByAddingPercentEscapesUsingEncoding: NSUTF8StringEncoding];
+    NSString *str = [NSString stringWithFormat:@"var e = new CustomEvent('%@', { 'detail': decodeURIComponent(\"%@\") }); %@.dispatchEvent(e); ", event, detailEscaped, objName];
+    [webView stringByEvaluatingJavaScriptFromString:str];
+}
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Utils.h b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Utils.h
new file mode 100644
index 0000000..f573d88
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Utils.h
@@ -0,0 +1,20 @@
+#import <Foundation/Foundation.h>
+#import <Webkit/WebScriptObject.h>
+
+#define DEG_EPS 0.001
+#define fequal(a,b) (fabs((a) - (b)) < DEG_EPS)
+#define fequalzero(a) (fabs(a) < DEG_EPS)
+
+@class LoadingView;
+
+@interface Utils : NSObject {
+}
+
+- (float) titleBarHeight:(NSWindow*)aWindow;
+- (NSString*) pathForResource:(NSString*)resourcepath;
+- (NSString*) convertDictionaryToJSON:(NSDictionary*)dict;
+- (NSArray*) convertJSarrayToNSArray:(WebScriptObject*)jsArray;
+
++ (Utils*) sharedInstance;
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Utils.m b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Utils.m
new file mode 100644
index 0000000..8d85c29
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Utils.m
@@ -0,0 +1,93 @@
+#import "Utils.h"
+#import <Webkit/WebScriptObject.h>
+
+static Utils* sharedInstance = nil;
+
+@implementation Utils
+
+- (float) titleBarHeight:(NSWindow*)aWindow
+{
+    NSRect frame = [aWindow frame];
+    NSRect contentRect = [NSWindow contentRectForFrameRect: frame
+												 styleMask: NSTitledWindowMask];
+	
+    return (frame.size.height - contentRect.size.height);
+}
+
+- (NSString*) pathForResource:(NSString*)resourcepath
+{
+    NSBundle * mainBundle = [NSBundle mainBundle];
+    NSMutableArray *directoryParts = [NSMutableArray arrayWithArray:[resourcepath componentsSeparatedByString:@"/"]];
+    NSString       *filename       = [directoryParts lastObject];
+    [directoryParts removeLastObject];
+	
+    NSString *directoryStr = [NSString stringWithFormat:@"%@/%@", kStartFolder, [directoryParts componentsJoinedByString:@"/"]];
+    return [mainBundle pathForResource:filename
+								ofType:@""
+						   inDirectory:directoryStr];
+}
+
+- (NSString*) convertDictionaryToJSON:(NSDictionary*)dict {
+    // Convert defaults Dictionary to JSON.
+    NSError *error;
+    NSData *jsonData = [NSJSONSerialization
+                        dataWithJSONObject:dict
+                        options:NSJSONWritingPrettyPrinted // Pass 0 if you don't care about the readability of the generated string
+                        error:&error];
+    
+    NSString *jsonString;
+    if (! jsonData) {
+        NSLog(@"Got an error converting to JSON: %@", error);
+    }
+    else {
+        jsonString = [[NSString alloc] initWithData:jsonData encoding:NSUTF8StringEncoding];
+    }
+    
+    return jsonString;
+}
+
+// Convert JavaScript array (arrives as a WebScriptObject) into an NSArray of strings.
+- (NSArray*) convertJSarrayToNSArray:(WebScriptObject*)jsArray {
+    NSInteger count = [[jsArray valueForKey:@"length"] integerValue];
+    
+    NSMutableArray *args = [NSMutableArray array];
+    for (int i = 0; i < count; i++) {
+        NSString *item = [jsArray webScriptValueAtIndex:i];
+        if ([item isKindOfClass:[NSString class]]) {
+            [args addObject:item];
+        }
+    }
+    
+    return args;
+}
+
+#pragma mark -
+#pragma mark Singleton methods
+
++ (Utils*) sharedInstance
+{
+    @synchronized(self)
+    {
+        if (sharedInstance == nil){
+			sharedInstance = [[Utils alloc] init];
+		 }
+    }
+    return sharedInstance;
+}
+
++ (id) allocWithZone:(NSZone *)zone {
+    @synchronized(self) {
+        if (sharedInstance == nil) {
+            sharedInstance = [super allocWithZone:zone];
+            return sharedInstance;  // assignment and return on first allocation
+        }
+    }
+    return nil; // on subsequent allocation attempts return nil
+}
+
+- (id) copyWithZone:(NSZone *)zone
+{
+    return self;
+}
+
+@end
\ No newline at end of file
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/WebViewDelegate.h b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/WebViewDelegate.h
new file mode 100644
index 0000000..49c6da6
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/WebViewDelegate.h
@@ -0,0 +1,49 @@
+#import <Cocoa/Cocoa.h>
+#import <WebKit/WebKit.h>
+
+@class Sound;
+@class Dock;
+@class Growl;
+@class Notice;
+@class Path;
+@class App;
+@class Window;
+@class Clipboard;
+@class Fonts;
+@class MenuProxy;
+@class UserDefaults;
+
+@class WindowController;
+
+@interface WebViewDelegate : NSObject {
+	Sound* sound;
+    Dock* dock;
+    Growl* growl;
+    Notice* notice;
+    Path* path;
+    App* app;
+    Window* window;
+    Clipboard* clipboard;
+    Fonts* fonts;
+    NSMenu *mainMenu;
+    UserDefaults* userDefaults;
+}
+
+
+
+@property (nonatomic, retain) Sound* sound;
+@property (nonatomic, retain) Dock* dock;
+@property (nonatomic, retain) Growl* growl;
+@property (nonatomic, retain) Notice* notice;
+@property (nonatomic, retain) Path* path;
+@property (nonatomic, retain) App* app;
+@property (nonatomic, retain) Window* window;
+@property (nonatomic, retain) Clipboard* clipboard;
+@property (nonatomic, retain) Fonts* fonts;
+@property (nonatomic, retain) MenuProxy* menu;
+@property (nonatomic, retain) UserDefaults* userDefaults;
+
+@property (nonatomic, retain) WindowController *requestedWindow;
+
+- (id) initWithMenu:(NSMenu*)menu;
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/WebViewDelegate.m b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/WebViewDelegate.m
new file mode 100644
index 0000000..5057801
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/WebViewDelegate.m
@@ -0,0 +1,206 @@
+#import "WebViewDelegate.h"
+#import "Sound.h"
+#import "Dock.h"
+#import "Notice.h"
+#import "Path.h"
+#import "App.h"
+#import "Window.h"
+#import "WindowController.h"
+#import "Clipboard.h"
+#import "Fonts.h"
+#import "MenuProxy.h"
+#import "UserDefaults.h"
+
+@implementation WebViewDelegate
+
+@synthesize sound;
+@synthesize dock;
+@synthesize growl;
+@synthesize notice;
+@synthesize path;
+@synthesize app;
+@synthesize window;
+@synthesize requestedWindow;
+@synthesize clipboard;
+@synthesize fonts;
+@synthesize menu;
+@synthesize userDefaults;
+
+- (id) initWithMenu:(NSMenu*)aMenu
+{
+    self = [super init];
+    if (!self)
+        return nil;
+    
+    mainMenu = aMenu;
+    return self;
+}
+
+- (void) webView:(WebView*)webView didClearWindowObject:(WebScriptObject*)windowScriptObject forFrame:(WebFrame *)frame
+{
+    JSContextRef context = [frame globalContext];
+    if (self.sound == nil) { self.sound = [[Sound alloc] initWithContext:context]; }
+	if (self.dock == nil) { self.dock = [Dock new]; }
+	if (self.path == nil) { self.path = [Path new]; }
+	if (self.clipboard == nil) { self.clipboard = [Clipboard new]; }
+	if (self.fonts == nil) { self.fonts = [Fonts new]; }
+
+    if (self.notice == nil && [Notice available] == YES) {
+       self.notice = [[Notice alloc] initWithWebView:webView];
+    }
+	
+    if (self.app == nil) { 
+        self.app = [[App alloc] initWithWebView:webView]; 
+    }
+    
+    if (self.window == nil) { 
+        self.window = [[Window alloc] initWithWebView:webView]; 
+    }
+    
+    if (self.menu == nil) {
+        self.menu = [MenuProxy proxyWithContext:context andMenu:mainMenu];
+    }
+    
+	if (self.userDefaults == nil) {
+        self.userDefaults = [[UserDefaults alloc] initWithWebView:webView];
+    }
+    
+    [windowScriptObject setValue:self forKey:kWebScriptNamespace];
+}
+
+
+- (void)webView:(WebView *)sender runOpenPanelForFileButtonWithResultListener:(id < WebOpenPanelResultListener >)resultListener allowMultipleFiles:(BOOL)allowMultipleFiles{
+   
+    NSOpenPanel * openDlg = [NSOpenPanel openPanel];
+    
+    [openDlg setCanChooseFiles:YES];
+    [openDlg setCanChooseDirectories:NO];
+    
+    [openDlg beginWithCompletionHandler:^(NSInteger result){
+        if (result == NSFileHandlingPanelOKButton) {
+            NSArray * files = [[openDlg URLs] valueForKey: @"relativePath"];
+            [resultListener chooseFilenames: files];
+        } else {
+            [resultListener cancel];
+        }
+    }];
+}
+
+- (void) webView:(WebView*)webView addMessageToConsole:(NSDictionary*)message
+{
+	if (![message isKindOfClass:[NSDictionary class]]) { 
+		return;
+	}
+	
+	NSLog(@"JavaScript console: %@:%@: %@", 
+		  [[message objectForKey:@"sourceURL"] lastPathComponent],	// could be nil
+		  [message objectForKey:@"lineNumber"],
+		  [message objectForKey:@"message"]);
+}
+
+- (void)webView:(WebView *)sender runJavaScriptAlertPanelWithMessage:(NSString *)message initiatedByFrame:(WebFrame *)frame
+{
+    NSAlert *alert = [[NSAlert alloc] init];
+    [alert addButtonWithTitle:@"OK"];
+    [alert setMessageText:message];
+    [alert setAlertStyle:NSWarningAlertStyle];
+    [alert runModal];
+}
+
+- (BOOL)webView:(WebView *)sender runJavaScriptConfirmPanelWithMessage:(NSString *)message initiatedByFrame:(WebFrame *)frame
+{
+    NSAlert *alert = [[NSAlert alloc] init];
+    [alert addButtonWithTitle:@"Yes"];
+    [alert addButtonWithTitle:@"No"];
+    [alert setMessageText:message];
+    [alert setAlertStyle:NSWarningAlertStyle];
+    
+    if ([alert runModal] == NSAlertFirstButtonReturn)
+        return YES;
+    else
+        return NO;
+}
+
+/*
+ By default the size of a database is set to 0 [1]. When a database is being created
+ it calls this delegate method to get an increase in quota size - or call an error.
+ PS this method is defined in WebUIDelegatePrivate and may make it difficult, but
+ not impossible [2], to get an app accepted into the mac app store.
+ 
+ Further reading:
+ [1] http://stackoverflow.com/questions/353808/implementing-a-webview-database-quota-delegate
+ [2] http://stackoverflow.com/questions/4527905/how-do-i-enable-local-storage-in-my-webkit-based-application/4608549#4608549
+ */
+- (void)webView:(WebView *)sender frame:(WebFrame *)frame exceededDatabaseQuotaForSecurityOrigin:(id) origin database:(NSString *)databaseIdentifier
+{
+    static const unsigned long long defaultQuota = 5 * 1024 * 1024;
+    if ([origin respondsToSelector: @selector(setQuota:)]) {
+        [origin performSelector:@selector(setQuota:) withObject:[NSNumber numberWithLongLong: defaultQuota]];
+    } else { 
+        NSLog(@"could not increase quota for %lld", defaultQuota); 
+    }
+}
+
+- (NSArray *)webView:(WebView *)sender contextMenuItemsForElement:(NSDictionary *)element defaultMenuItems:(NSArray *)defaultMenuItems 
+{
+    NSMutableArray *webViewMenuItems = [defaultMenuItems mutableCopy];
+    
+    if (webViewMenuItems)
+    {
+        NSEnumerator *itemEnumerator = [defaultMenuItems objectEnumerator];
+        NSMenuItem *menuItem = nil;
+        while ((menuItem = [itemEnumerator nextObject]))
+        {
+            NSInteger tag = [menuItem tag];
+            
+            switch (tag)
+            {
+                case WebMenuItemTagOpenLinkInNewWindow:
+                case WebMenuItemTagDownloadLinkToDisk:
+                case WebMenuItemTagCopyLinkToClipboard:
+                case WebMenuItemTagOpenImageInNewWindow:
+                case WebMenuItemTagDownloadImageToDisk:
+                case WebMenuItemTagCopyImageToClipboard:
+                case WebMenuItemTagOpenFrameInNewWindow:
+                case WebMenuItemTagGoBack:
+                case WebMenuItemTagGoForward:
+                case WebMenuItemTagStop:
+                case WebMenuItemTagOpenWithDefaultApplication:
+                case WebMenuItemTagReload:
+                    [webViewMenuItems removeObjectIdenticalTo: menuItem];
+            }
+        }
+    }
+    
+    return webViewMenuItems;
+}
+
+- (WebView *)webView:(WebView *)sender createWebViewWithRequest:(NSURLRequest *)request{
+    requestedWindow = [[WindowController alloc] initWithRequest:request];
+    return requestedWindow.contentView.webView;    
+}
+
+- (void)webViewShow:(WebView *)sender{
+    [requestedWindow showWindow:sender];
+}
+
+- (void)webView:(WebView *)webView decidePolicyForNewWindowAction:(NSDictionary *)actionInformation request:(NSURLRequest *)request newFrameName:(NSString *)frameName decisionListener:(id < WebPolicyDecisionListener >)listener
+{
+    [[NSWorkspace sharedWorkspace] openURL:[request URL]];
+    [listener ignore];
+}
+
+#pragma mark WebScripting protocol
+
++ (BOOL) isSelectorExcludedFromWebScript:(SEL)selector
+{
+	return YES;
+}
+
++ (BOOL) isKeyExcludedFromWebScript:(const char*)name
+{
+	return NO;
+}
+
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Window.h b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Window.h
new file mode 100644
index 0000000..f721376
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Window.h
@@ -0,0 +1,23 @@
+#import <Foundation/Foundation.h>
+
+#import "WindowController.h"
+
+@interface Window : NSObject{
+    CGRect _oldRestoreFrame;
+}
+
+@property (retain, nonatomic) WindowController *windowController;
+@property (nonatomic, retain) WebView *webView;
+
+- (id) initWithWebView:(WebView *)view;
+- (void) open:(NSDictionary *)properties;
+- (void) move:(NSDictionary *)properties;
+- (void) resize:(NSDictionary *) properties;
+- (Boolean) isMaximized;
+- (CGFloat) getX;
+- (CGFloat) getY;
+- (void) maximize;
+- (void) restore;
+- (void) toggleFullscreen;
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Window.m b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Window.m
new file mode 100644
index 0000000..2444f62
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Classes/Window.m
@@ -0,0 +1,94 @@
+#import "Window.h"
+
+@implementation Window
+
+@synthesize windowController, webView;
+
+- (id) initWithWebView:(WebView*)view
+{
+    if(self = [super init]) {
+        self.webView = view;
+    }
+    return self;
+}
+
+- (void) open:(NSDictionary *)properties
+{
+    self.windowController = [[WindowController alloc] initWithURL:[properties valueForKey:@"url"]];
+    [self.windowController showWindow: [NSApplication sharedApplication].delegate];
+    [self.windowController.window makeKeyWindow];
+}
+
+- (void) minimize {
+    [[NSApp mainWindow] miniaturize:[NSApp mainWindow]];
+}
+
+- (void) toggleFullscreen {
+    [[NSApp mainWindow] toggleFullScreen:[NSApp mainWindow]];
+}
+
+- (void) maximize {
+    CGRect a = [NSApp mainWindow].frame;
+    _oldRestoreFrame = CGRectMake(a.origin.x, a.origin.y, a.size.width, a.size.height);
+    [[NSApp mainWindow] setFrame:[[NSScreen mainScreen] visibleFrame] display:YES];
+}
+
+- (Boolean) isMaximized {
+    NSRect a = [NSApp mainWindow].frame;
+    NSRect b = [[NSScreen mainScreen] visibleFrame];
+    return a.origin.x == b.origin.x && a.origin.y == b.origin.y && a.size.width == b.size.width && a.size.height == b.size.height;
+}
+
+- (CGFloat) getX {
+    NSRect frame = [self.webView window].frame;
+    return frame.origin.x;
+}
+
+- (CGFloat) getY {
+    NSRect frame = [self.webView window].frame;
+    return frame.origin.y;
+}
+
+- (void) move:(NSDictionary *)properties
+{
+    NSRect frame = [self.webView window].frame;
+    frame.origin.x = [[properties valueForKey:@"x"] doubleValue];
+    frame.origin.y = [[properties valueForKey:@"y"] doubleValue];
+    [[self.webView window] setFrame:frame display:YES];
+    
+}
+
+- (void) resize:(NSDictionary *) properties
+{
+    NSRect frame = [self.webView window].frame;
+    frame.size.width = [[properties valueForKey:@"width"] doubleValue];
+    frame.size.height = [[properties valueForKey:@"height"] doubleValue];
+    [[self.webView window] setFrame:frame display:YES];    
+}
+
+
++ (BOOL) isSelectorExcludedFromWebScript:(SEL)selector
+{
+    return NO;
+}
+
++ (NSString*) webScriptNameForSelector:(SEL)selector{
+	id	result = nil;
+	
+	if (selector == @selector(open:)) {
+		result = @"open";
+	}else if (selector == @selector(move:)){
+        result = @"move";
+    }else if (selector == @selector(resize:)){
+        result = @"resize";
+    }
+	
+	return result;
+}
+
++ (BOOL) isKeyExcludedFromWebScript:(const char*)name
+{
+	return YES;
+}
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Clipboard.h b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Clipboard.h
new file mode 100644
index 0000000..6c1a2f5
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Clipboard.h
@@ -0,0 +1,10 @@
+#import <Foundation/Foundation.h>
+
+@interface Clipboard : NSObject {
+    
+}
+
+- (void) copy:(NSString*)text;
+- (NSString *) paste;
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Clipboard.m b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Clipboard.m
new file mode 100644
index 0000000..1c18dea
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/Clipboard.m
@@ -0,0 +1,51 @@
+//
+//  clipboard.m
+//  MacGap
+//
+//  Created by David Zorychta on 2013-07-22.
+//  Copyright (c) 2013 Twitter. All rights reserved.
+//
+
+#import "Clipboard.h"
+
+@implementation Clipboard
+
+- (void) copy:(NSString*)text {
+    [[NSPasteboard generalPasteboard] clearContents];
+    [[NSPasteboard generalPasteboard] setString:text  forType:NSStringPboardType];
+}
+
+- (NSString *) paste {
+    NSPasteboard *pasteboard = [NSPasteboard generalPasteboard];
+    NSArray *classArray = [NSArray arrayWithObject:[NSString class]];
+    NSDictionary *options = [NSDictionary dictionary];
+    BOOL ok = [pasteboard canReadObjectForClasses:classArray options:options];
+    if (ok) {
+        NSArray *objectsToPaste = [pasteboard readObjectsForClasses:classArray options:options];
+        return (NSString *) [objectsToPaste objectAtIndex:0];
+    }
+    return @"";
+}
+
++ (NSString*) webScriptNameForSelector:(SEL)selector
+{
+	id	result = nil;
+	
+	if (selector == @selector(copy:)) {
+        result = @"copy";
+    }
+	
+	return result;
+}
+
++ (BOOL) isSelectorExcludedFromWebScript:(SEL)selector
+{
+    return NO;
+}
+
++ (BOOL) isKeyExcludedFromWebScript:(const char*)name
+{
+	return YES;
+}
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/MacGap-Info.plist b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/MacGap-Info.plist
new file mode 100644
index 0000000..7f71ea2
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/MacGap-Info.plist
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleDevelopmentRegion</key>
+	<string>en</string>
+	<key>CFBundleExecutable</key>
+	<string>ZeroTier One</string>
+	<key>CFBundleIconFile</key>
+	<string>ZeroTierIcon</string>
+	<key>CFBundleIdentifier</key>
+	<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+	<key>CFBundleName</key>
+	<string>ZeroTier One</string>
+	<key>CFBundlePackageType</key>
+	<string>APPL</string>
+	<key>CFBundleShortVersionString</key>
+	<string>1.0</string>
+	<key>CFBundleSignature</key>
+	<string>????</string>
+	<key>CFBundleVersion</key>
+	<string>1</string>
+	<key>LSApplicationCategoryType</key>
+	<string>public.app-category.utilities</string>
+	<key>LSMinimumSystemVersion</key>
+	<string>${MACOSX_DEPLOYMENT_TARGET}</string>
+	<key>NSMainNibFile</key>
+	<string>MainMenu</string>
+	<key>NSPrincipalClass</key>
+	<string>NSApplication</string>
+	<key>NSAppTransportSecurity</key>
+	<dict>
+		<key>NSAllowsArbitraryLoads</key>
+		<true/>
+	</dict>
+</dict>
+</plist>
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/MacGap-Prefix.pch b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/MacGap-Prefix.pch
new file mode 100644
index 0000000..ad05e84
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/MacGap-Prefix.pch
@@ -0,0 +1,15 @@
+//
+// Prefix header for all source files of the 'MacGap' target in the 'MacGap' project
+//
+
+#ifdef __OBJC__
+    #ifdef _DEBUG
+    #define DebugNSLog(format, ...) NSLog(format, ## __VA_ARGS__)
+    #else
+    #define DebugNSLog(format, ...)
+    #endif
+
+    #import <Cocoa/Cocoa.h>
+    #import "Constants.h"
+    #import "Utils.h"
+#endif
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/WindowController.h b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/WindowController.h
new file mode 100644
index 0000000..72927ef
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/WindowController.h
@@ -0,0 +1,13 @@
+#import <Cocoa/Cocoa.h>
+#import "ContentView.h"
+
+@interface WindowController : NSWindowController {
+    
+}
+
+- (id) initWithURL:(NSString *) url;
+- (id) initWithRequest: (NSURLRequest *)request;
+@property (retain) NSURL * url;
+@property (retain) IBOutlet ContentView *contentView;
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/WindowController.m b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/WindowController.m
new file mode 100644
index 0000000..2765a2e
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/WindowController.m
@@ -0,0 +1,54 @@
+#import "WindowController.h"
+
+
+@interface WindowController() {
+
+}
+
+-(void) notificationCenter;
+
+@end
+
+@implementation WindowController
+
+@synthesize  contentView, url;
+
+- (id) initWithURL:(NSString *) relativeURL{
+    self = [super initWithWindowNibName:@"Window"];
+    self.url = [NSURL URLWithString:relativeURL relativeToURL:[[NSBundle mainBundle] resourceURL]];
+    
+    [self.window setFrameAutosaveName:@"MacGapWindow"];
+    [self notificationCenter];
+
+    return self;
+}
+
+-(id) initWithRequest: (NSURLRequest *)request{
+    self = [super initWithWindowNibName:@"Window"];
+    [self notificationCenter];
+    [[self.contentView.webView mainFrame] loadRequest:request];
+    
+    return self;
+}
+
+-(void) notificationCenter{
+    [[NSNotificationCenter defaultCenter] addObserver:self.contentView 
+                                             selector:@selector(windowResized:) 
+                                                 name:NSWindowDidResizeNotification 
+                                               object:[self window]];   
+}
+
+- (void)windowDidLoad
+{
+    [super windowDidLoad];
+    
+    if (self.url != nil) {
+        [self.contentView.webView setMainFrameURL:[self.url absoluteString]];
+    }
+    
+    
+    // Implement this method to handle any initialization after your 
+    // window controller's window has been loaded from its nib file.
+}
+
+@end
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/en.lproj/Credits.rtf b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/en.lproj/Credits.rtf
new file mode 100644
index 0000000..6f388f6
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/en.lproj/Credits.rtf
@@ -0,0 +1,13 @@
+{\rtf1\ansi\ansicpg1252\cocoartf1347\cocoasubrtf570
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;}
+\vieww9600\viewh8400\viewkind0
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720
+
+\f0\b\fs24 \cf0 (c)2011-2015 ZeroTier, Inc.\
+Licensed under the GNU GPLv3\
+\
+UI Wrapper MacGap (c) Twitter, Inc.\
+Licensed under the MIT License\
+http://macgap.com/\
+}
\ No newline at end of file
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/en.lproj/InfoPlist.strings b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/en.lproj/InfoPlist.strings
new file mode 100644
index 0000000..477b28f
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/en.lproj/InfoPlist.strings
@@ -0,0 +1,2 @@
+/* Localized versions of Info.plist keys */
+
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/en.lproj/MainMenu.xib b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/en.lproj/MainMenu.xib
new file mode 100644
index 0000000..dd67a86
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/en.lproj/MainMenu.xib
@@ -0,0 +1,3404 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<archive type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="8.00">
+	<data>
+		<int key="IBDocument.SystemTarget">1070</int>
+		<string key="IBDocument.SystemVersion">14D136</string>
+		<string key="IBDocument.InterfaceBuilderVersion">7702</string>
+		<string key="IBDocument.AppKitVersion">1347.57</string>
+		<string key="IBDocument.HIToolboxVersion">758.70</string>
+		<object class="NSMutableDictionary" key="IBDocument.PluginVersions">
+			<string key="NS.key.0">com.apple.InterfaceBuilder.CocoaPlugin</string>
+			<string key="NS.object.0">7702</string>
+		</object>
+		<array key="IBDocument.IntegratedClassDependencies">
+			<string>NSCustomObject</string>
+			<string>NSMenu</string>
+			<string>NSMenuItem</string>
+		</array>
+		<array key="IBDocument.PluginDependencies">
+			<string>com.apple.InterfaceBuilder.CocoaPlugin</string>
+		</array>
+		<object class="NSMutableDictionary" key="IBDocument.Metadata">
+			<string key="NS.key.0">PluginDependencyRecalculationVersion</string>
+			<integer value="1" key="NS.object.0"/>
+		</object>
+		<array class="NSMutableArray" key="IBDocument.RootObjects" id="1048">
+			<object class="NSCustomObject" id="1021">
+				<string key="NSClassName">NSApplication</string>
+			</object>
+			<object class="NSCustomObject" id="1014">
+				<string key="NSClassName">FirstResponder</string>
+			</object>
+			<object class="NSCustomObject" id="1050">
+				<string key="NSClassName">NSApplication</string>
+			</object>
+			<object class="NSCustomObject" id="976324537">
+				<string key="NSClassName">AppDelegate</string>
+			</object>
+			<object class="NSMenu" id="649796088">
+				<string key="NSTitle">AMainMenu</string>
+				<array class="NSMutableArray" key="NSMenuItems">
+					<object class="NSMenuItem" id="694149608">
+						<reference key="NSMenu" ref="649796088"/>
+						<string key="NSTitle">ZeroTier One</string>
+						<string key="NSKeyEquiv"/>
+						<int key="NSKeyEquivModMask">1048576</int>
+						<int key="NSMnemonicLoc">2147483647</int>
+						<object class="NSCustomResource" key="NSOnImage" id="35465992">
+							<string key="NSClassName">NSImage</string>
+							<string key="NSResourceName">NSMenuCheckmark</string>
+						</object>
+						<object class="NSCustomResource" key="NSMixedImage" id="502551668">
+							<string key="NSClassName">NSImage</string>
+							<string key="NSResourceName">NSMenuMixedState</string>
+						</object>
+						<string key="NSAction">submenuAction:</string>
+						<reference key="NSTarget" ref="110575045"/>
+						<object class="NSMenu" key="NSSubmenu" id="110575045">
+							<string key="NSTitle">ZeroTier One</string>
+							<array class="NSMutableArray" key="NSMenuItems">
+								<object class="NSMenuItem" id="238522557">
+									<reference key="NSMenu" ref="110575045"/>
+									<string key="NSTitle">About ZeroTier One</string>
+									<string key="NSKeyEquiv"/>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="304266470">
+									<reference key="NSMenu" ref="110575045"/>
+									<bool key="NSIsDisabled">YES</bool>
+									<bool key="NSIsSeparator">YES</bool>
+									<string key="NSTitle"/>
+									<string key="NSKeyEquiv"/>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="609285721">
+									<reference key="NSMenu" ref="110575045"/>
+									<string key="NSTitle">Preferences…</string>
+									<string key="NSKeyEquiv">,</string>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="481834944">
+									<reference key="NSMenu" ref="110575045"/>
+									<bool key="NSIsDisabled">YES</bool>
+									<bool key="NSIsSeparator">YES</bool>
+									<string key="NSTitle"/>
+									<string key="NSKeyEquiv"/>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="1046388886">
+									<reference key="NSMenu" ref="110575045"/>
+									<string key="NSTitle">Services</string>
+									<string key="NSKeyEquiv"/>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+									<string key="NSAction">submenuAction:</string>
+									<reference key="NSTarget" ref="752062318"/>
+									<object class="NSMenu" key="NSSubmenu" id="752062318">
+										<string key="NSTitle">Services</string>
+										<array class="NSMutableArray" key="NSMenuItems"/>
+										<string key="NSName">_NSServicesMenu</string>
+									</object>
+								</object>
+								<object class="NSMenuItem" id="646227648">
+									<reference key="NSMenu" ref="110575045"/>
+									<bool key="NSIsDisabled">YES</bool>
+									<bool key="NSIsSeparator">YES</bool>
+									<string key="NSTitle"/>
+									<string key="NSKeyEquiv"/>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="755159360">
+									<reference key="NSMenu" ref="110575045"/>
+									<string key="NSTitle">Hide ZeroTier One</string>
+									<string key="NSKeyEquiv">h</string>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="342932134">
+									<reference key="NSMenu" ref="110575045"/>
+									<string key="NSTitle">Hide Others</string>
+									<string key="NSKeyEquiv">h</string>
+									<int key="NSKeyEquivModMask">1572864</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="908899353">
+									<reference key="NSMenu" ref="110575045"/>
+									<string key="NSTitle">Show All</string>
+									<string key="NSKeyEquiv"/>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="1056857174">
+									<reference key="NSMenu" ref="110575045"/>
+									<bool key="NSIsDisabled">YES</bool>
+									<bool key="NSIsSeparator">YES</bool>
+									<string key="NSTitle"/>
+									<string key="NSKeyEquiv"/>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="632727374">
+									<reference key="NSMenu" ref="110575045"/>
+									<string key="NSTitle">Quit ZeroTier One</string>
+									<string key="NSKeyEquiv">q</string>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+							</array>
+							<string key="NSName">_NSAppleMenu</string>
+						</object>
+					</object>
+					<object class="NSMenuItem" id="379814623">
+						<reference key="NSMenu" ref="649796088"/>
+						<string key="NSTitle">File</string>
+						<string key="NSKeyEquiv"/>
+						<int key="NSKeyEquivModMask">1048576</int>
+						<int key="NSMnemonicLoc">2147483647</int>
+						<reference key="NSOnImage" ref="35465992"/>
+						<reference key="NSMixedImage" ref="502551668"/>
+						<string key="NSAction">submenuAction:</string>
+						<reference key="NSTarget" ref="720053764"/>
+						<object class="NSMenu" key="NSSubmenu" id="720053764">
+							<string key="NSTitle">File</string>
+							<array class="NSMutableArray" key="NSMenuItems">
+								<object class="NSMenuItem" id="705341025">
+									<reference key="NSMenu" ref="720053764"/>
+									<string key="NSTitle">New</string>
+									<string key="NSKeyEquiv">n</string>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="722745758">
+									<reference key="NSMenu" ref="720053764"/>
+									<string key="NSTitle">Open…</string>
+									<string key="NSKeyEquiv">o</string>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="1025936716">
+									<reference key="NSMenu" ref="720053764"/>
+									<string key="NSTitle">Open Recent</string>
+									<string key="NSKeyEquiv"/>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+									<string key="NSAction">submenuAction:</string>
+									<reference key="NSTarget" ref="1065607017"/>
+									<object class="NSMenu" key="NSSubmenu" id="1065607017">
+										<string key="NSTitle">Open Recent</string>
+										<array class="NSMutableArray" key="NSMenuItems">
+											<object class="NSMenuItem" id="759406840">
+												<reference key="NSMenu" ref="1065607017"/>
+												<string key="NSTitle">Clear Menu</string>
+												<string key="NSKeyEquiv"/>
+												<int key="NSKeyEquivModMask">1048576</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+										</array>
+										<string key="NSName">_NSRecentDocumentsMenu</string>
+									</object>
+								</object>
+								<object class="NSMenuItem" id="425164168">
+									<reference key="NSMenu" ref="720053764"/>
+									<bool key="NSIsDisabled">YES</bool>
+									<bool key="NSIsSeparator">YES</bool>
+									<string key="NSTitle"/>
+									<string key="NSKeyEquiv"/>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="776162233">
+									<reference key="NSMenu" ref="720053764"/>
+									<string key="NSTitle">Close</string>
+									<string key="NSKeyEquiv">w</string>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="1023925487">
+									<reference key="NSMenu" ref="720053764"/>
+									<string key="NSTitle">Save…</string>
+									<string key="NSKeyEquiv">s</string>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="579971712">
+									<reference key="NSMenu" ref="720053764"/>
+									<string key="NSTitle">Revert to Saved</string>
+									<string key="NSKeyEquiv"/>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="1010469920">
+									<reference key="NSMenu" ref="720053764"/>
+									<bool key="NSIsDisabled">YES</bool>
+									<bool key="NSIsSeparator">YES</bool>
+									<string key="NSTitle"/>
+									<string key="NSKeyEquiv"/>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="294629803">
+									<reference key="NSMenu" ref="720053764"/>
+									<string key="NSTitle">Page Setup...</string>
+									<string key="NSKeyEquiv">P</string>
+									<int key="NSKeyEquivModMask">1179648</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+									<string key="NSToolTip"/>
+								</object>
+								<object class="NSMenuItem" id="49223823">
+									<reference key="NSMenu" ref="720053764"/>
+									<string key="NSTitle">Print…</string>
+									<string key="NSKeyEquiv">p</string>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+							</array>
+						</object>
+					</object>
+					<object class="NSMenuItem" id="952259628">
+						<reference key="NSMenu" ref="649796088"/>
+						<string key="NSTitle">Edit</string>
+						<string key="NSKeyEquiv"/>
+						<int key="NSKeyEquivModMask">1048576</int>
+						<int key="NSMnemonicLoc">2147483647</int>
+						<reference key="NSOnImage" ref="35465992"/>
+						<reference key="NSMixedImage" ref="502551668"/>
+						<string key="NSAction">submenuAction:</string>
+						<reference key="NSTarget" ref="789758025"/>
+						<object class="NSMenu" key="NSSubmenu" id="789758025">
+							<string key="NSTitle">Edit</string>
+							<array class="NSMutableArray" key="NSMenuItems">
+								<object class="NSMenuItem" id="1058277027">
+									<reference key="NSMenu" ref="789758025"/>
+									<string key="NSTitle">Undo</string>
+									<string key="NSKeyEquiv">z</string>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="790794224">
+									<reference key="NSMenu" ref="789758025"/>
+									<string key="NSTitle">Redo</string>
+									<string key="NSKeyEquiv">Z</string>
+									<int key="NSKeyEquivModMask">1179648</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="1040322652">
+									<reference key="NSMenu" ref="789758025"/>
+									<bool key="NSIsDisabled">YES</bool>
+									<bool key="NSIsSeparator">YES</bool>
+									<string key="NSTitle"/>
+									<string key="NSKeyEquiv"/>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="296257095">
+									<reference key="NSMenu" ref="789758025"/>
+									<string key="NSTitle">Cut</string>
+									<string key="NSKeyEquiv">x</string>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="860595796">
+									<reference key="NSMenu" ref="789758025"/>
+									<string key="NSTitle">Copy</string>
+									<string key="NSKeyEquiv">c</string>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="29853731">
+									<reference key="NSMenu" ref="789758025"/>
+									<string key="NSTitle">Paste</string>
+									<string key="NSKeyEquiv">v</string>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="82994268">
+									<reference key="NSMenu" ref="789758025"/>
+									<string key="NSTitle">Paste and Match Style</string>
+									<string key="NSKeyEquiv">V</string>
+									<int key="NSKeyEquivModMask">1572864</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="437104165">
+									<reference key="NSMenu" ref="789758025"/>
+									<string key="NSTitle">Delete</string>
+									<string key="NSKeyEquiv"/>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="583158037">
+									<reference key="NSMenu" ref="789758025"/>
+									<string key="NSTitle">Select All</string>
+									<string key="NSKeyEquiv">a</string>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="212016141">
+									<reference key="NSMenu" ref="789758025"/>
+									<bool key="NSIsDisabled">YES</bool>
+									<bool key="NSIsSeparator">YES</bool>
+									<string key="NSTitle"/>
+									<string key="NSKeyEquiv"/>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="892235320">
+									<reference key="NSMenu" ref="789758025"/>
+									<string key="NSTitle">Find</string>
+									<string key="NSKeyEquiv"/>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+									<string key="NSAction">submenuAction:</string>
+									<reference key="NSTarget" ref="963351320"/>
+									<object class="NSMenu" key="NSSubmenu" id="963351320">
+										<string key="NSTitle">Find</string>
+										<array class="NSMutableArray" key="NSMenuItems">
+											<object class="NSMenuItem" id="447796847">
+												<reference key="NSMenu" ref="963351320"/>
+												<string key="NSTitle">Find…</string>
+												<string key="NSKeyEquiv">f</string>
+												<int key="NSKeyEquivModMask">1048576</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+												<int key="NSTag">1</int>
+											</object>
+											<object class="NSMenuItem" id="738670835">
+												<reference key="NSMenu" ref="963351320"/>
+												<string key="NSTitle">Find and Replace…</string>
+												<string key="NSKeyEquiv">f</string>
+												<int key="NSKeyEquivModMask">1572864</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+												<int key="NSTag">12</int>
+											</object>
+											<object class="NSMenuItem" id="326711663">
+												<reference key="NSMenu" ref="963351320"/>
+												<string key="NSTitle">Find Next</string>
+												<string key="NSKeyEquiv">g</string>
+												<int key="NSKeyEquivModMask">1048576</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+												<int key="NSTag">2</int>
+											</object>
+											<object class="NSMenuItem" id="270902937">
+												<reference key="NSMenu" ref="963351320"/>
+												<string key="NSTitle">Find Previous</string>
+												<string key="NSKeyEquiv">G</string>
+												<int key="NSKeyEquivModMask">1179648</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+												<int key="NSTag">3</int>
+											</object>
+											<object class="NSMenuItem" id="159080638">
+												<reference key="NSMenu" ref="963351320"/>
+												<string key="NSTitle">Use Selection for Find</string>
+												<string key="NSKeyEquiv">e</string>
+												<int key="NSKeyEquivModMask">1048576</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+												<int key="NSTag">7</int>
+											</object>
+											<object class="NSMenuItem" id="88285865">
+												<reference key="NSMenu" ref="963351320"/>
+												<string key="NSTitle">Jump to Selection</string>
+												<string key="NSKeyEquiv">j</string>
+												<int key="NSKeyEquivModMask">1048576</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+										</array>
+									</object>
+								</object>
+								<object class="NSMenuItem" id="972420730">
+									<reference key="NSMenu" ref="789758025"/>
+									<string key="NSTitle">Spelling and Grammar</string>
+									<string key="NSKeyEquiv"/>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+									<string key="NSAction">submenuAction:</string>
+									<reference key="NSTarget" ref="769623530"/>
+									<object class="NSMenu" key="NSSubmenu" id="769623530">
+										<string key="NSTitle">Spelling and Grammar</string>
+										<array class="NSMutableArray" key="NSMenuItems">
+											<object class="NSMenuItem" id="679648819">
+												<reference key="NSMenu" ref="769623530"/>
+												<string key="NSTitle">Show Spelling and Grammar</string>
+												<string key="NSKeyEquiv">:</string>
+												<int key="NSKeyEquivModMask">1048576</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="96193923">
+												<reference key="NSMenu" ref="769623530"/>
+												<string key="NSTitle">Check Document Now</string>
+												<string key="NSKeyEquiv">;</string>
+												<int key="NSKeyEquivModMask">1048576</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="859480356">
+												<reference key="NSMenu" ref="769623530"/>
+												<bool key="NSIsDisabled">YES</bool>
+												<bool key="NSIsSeparator">YES</bool>
+												<string key="NSTitle"/>
+												<string key="NSKeyEquiv"/>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="948374510">
+												<reference key="NSMenu" ref="769623530"/>
+												<string key="NSTitle">Check Spelling While Typing</string>
+												<string key="NSKeyEquiv"/>
+												<int key="NSKeyEquivModMask">1048576</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="967646866">
+												<reference key="NSMenu" ref="769623530"/>
+												<string key="NSTitle">Check Grammar With Spelling</string>
+												<string key="NSKeyEquiv"/>
+												<int key="NSKeyEquivModMask">1048576</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="795346622">
+												<reference key="NSMenu" ref="769623530"/>
+												<string key="NSTitle">Correct Spelling Automatically</string>
+												<string key="NSKeyEquiv"/>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+										</array>
+									</object>
+								</object>
+								<object class="NSMenuItem" id="507821607">
+									<reference key="NSMenu" ref="789758025"/>
+									<string key="NSTitle">Substitutions</string>
+									<string key="NSKeyEquiv"/>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+									<string key="NSAction">submenuAction:</string>
+									<reference key="NSTarget" ref="698887838"/>
+									<object class="NSMenu" key="NSSubmenu" id="698887838">
+										<string key="NSTitle">Substitutions</string>
+										<array class="NSMutableArray" key="NSMenuItems">
+											<object class="NSMenuItem" id="65139061">
+												<reference key="NSMenu" ref="698887838"/>
+												<string key="NSTitle">Show Substitutions</string>
+												<string key="NSKeyEquiv"/>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="19036812">
+												<reference key="NSMenu" ref="698887838"/>
+												<bool key="NSIsDisabled">YES</bool>
+												<bool key="NSIsSeparator">YES</bool>
+												<string key="NSTitle"/>
+												<string key="NSKeyEquiv"/>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="605118523">
+												<reference key="NSMenu" ref="698887838"/>
+												<string key="NSTitle">Smart Copy/Paste</string>
+												<string key="NSKeyEquiv">f</string>
+												<int key="NSKeyEquivModMask">1048576</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+												<int key="NSTag">1</int>
+											</object>
+											<object class="NSMenuItem" id="197661976">
+												<reference key="NSMenu" ref="698887838"/>
+												<string key="NSTitle">Smart Quotes</string>
+												<string key="NSKeyEquiv">g</string>
+												<int key="NSKeyEquivModMask">1048576</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+												<int key="NSTag">2</int>
+											</object>
+											<object class="NSMenuItem" id="672708820">
+												<reference key="NSMenu" ref="698887838"/>
+												<string key="NSTitle">Smart Dashes</string>
+												<string key="NSKeyEquiv"/>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="708854459">
+												<reference key="NSMenu" ref="698887838"/>
+												<string key="NSTitle">Smart Links</string>
+												<string key="NSKeyEquiv">G</string>
+												<int key="NSKeyEquivModMask">1179648</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+												<int key="NSTag">3</int>
+											</object>
+											<object class="NSMenuItem" id="537092702">
+												<reference key="NSMenu" ref="698887838"/>
+												<string key="NSTitle">Text Replacement</string>
+												<string key="NSKeyEquiv"/>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+										</array>
+									</object>
+								</object>
+								<object class="NSMenuItem" id="288088188">
+									<reference key="NSMenu" ref="789758025"/>
+									<string key="NSTitle">Transformations</string>
+									<string key="NSKeyEquiv"/>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+									<string key="NSAction">submenuAction:</string>
+									<reference key="NSTarget" ref="579392910"/>
+									<object class="NSMenu" key="NSSubmenu" id="579392910">
+										<string key="NSTitle">Transformations</string>
+										<array class="NSMutableArray" key="NSMenuItems">
+											<object class="NSMenuItem" id="1060694897">
+												<reference key="NSMenu" ref="579392910"/>
+												<string key="NSTitle">Make Upper Case</string>
+												<string key="NSKeyEquiv"/>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="879586729">
+												<reference key="NSMenu" ref="579392910"/>
+												<string key="NSTitle">Make Lower Case</string>
+												<string key="NSKeyEquiv"/>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="56570060">
+												<reference key="NSMenu" ref="579392910"/>
+												<string key="NSTitle">Capitalize</string>
+												<string key="NSKeyEquiv"/>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+										</array>
+									</object>
+								</object>
+								<object class="NSMenuItem" id="676164635">
+									<reference key="NSMenu" ref="789758025"/>
+									<string key="NSTitle">Speech</string>
+									<string key="NSKeyEquiv"/>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+									<string key="NSAction">submenuAction:</string>
+									<reference key="NSTarget" ref="785027613"/>
+									<object class="NSMenu" key="NSSubmenu" id="785027613">
+										<string key="NSTitle">Speech</string>
+										<array class="NSMutableArray" key="NSMenuItems">
+											<object class="NSMenuItem" id="731782645">
+												<reference key="NSMenu" ref="785027613"/>
+												<string key="NSTitle">Start Speaking</string>
+												<string key="NSKeyEquiv"/>
+												<int key="NSKeyEquivModMask">1048576</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="680220178">
+												<reference key="NSMenu" ref="785027613"/>
+												<string key="NSTitle">Stop Speaking</string>
+												<string key="NSKeyEquiv"/>
+												<int key="NSKeyEquivModMask">1048576</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+										</array>
+									</object>
+								</object>
+							</array>
+						</object>
+					</object>
+					<object class="NSMenuItem" id="302598603">
+						<reference key="NSMenu" ref="649796088"/>
+						<string key="NSTitle">Format</string>
+						<string key="NSKeyEquiv"/>
+						<int key="NSMnemonicLoc">2147483647</int>
+						<reference key="NSOnImage" ref="35465992"/>
+						<reference key="NSMixedImage" ref="502551668"/>
+						<string key="NSAction">submenuAction:</string>
+						<reference key="NSTarget" ref="941447902"/>
+						<object class="NSMenu" key="NSSubmenu" id="941447902">
+							<string key="NSTitle">Format</string>
+							<array class="NSMutableArray" key="NSMenuItems">
+								<object class="NSMenuItem" id="792887677">
+									<reference key="NSMenu" ref="941447902"/>
+									<string key="NSTitle">Font</string>
+									<string key="NSKeyEquiv"/>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+									<string key="NSAction">submenuAction:</string>
+									<reference key="NSTarget" ref="786677654"/>
+									<object class="NSMenu" key="NSSubmenu" id="786677654">
+										<string key="NSTitle">Font</string>
+										<array class="NSMutableArray" key="NSMenuItems">
+											<object class="NSMenuItem" id="159677712">
+												<reference key="NSMenu" ref="786677654"/>
+												<string key="NSTitle">Show Fonts</string>
+												<string key="NSKeyEquiv">t</string>
+												<int key="NSKeyEquivModMask">1048576</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="305399458">
+												<reference key="NSMenu" ref="786677654"/>
+												<string key="NSTitle">Bold</string>
+												<string key="NSKeyEquiv">b</string>
+												<int key="NSKeyEquivModMask">1048576</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+												<int key="NSTag">2</int>
+											</object>
+											<object class="NSMenuItem" id="814362025">
+												<reference key="NSMenu" ref="786677654"/>
+												<string key="NSTitle">Italic</string>
+												<string key="NSKeyEquiv">i</string>
+												<int key="NSKeyEquivModMask">1048576</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+												<int key="NSTag">1</int>
+											</object>
+											<object class="NSMenuItem" id="330926929">
+												<reference key="NSMenu" ref="786677654"/>
+												<string key="NSTitle">Underline</string>
+												<string key="NSKeyEquiv">u</string>
+												<int key="NSKeyEquivModMask">1048576</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="533507878">
+												<reference key="NSMenu" ref="786677654"/>
+												<bool key="NSIsDisabled">YES</bool>
+												<bool key="NSIsSeparator">YES</bool>
+												<string key="NSTitle"/>
+												<string key="NSKeyEquiv"/>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="158063935">
+												<reference key="NSMenu" ref="786677654"/>
+												<string key="NSTitle">Bigger</string>
+												<string key="NSKeyEquiv">+</string>
+												<int key="NSKeyEquivModMask">1048576</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+												<int key="NSTag">3</int>
+											</object>
+											<object class="NSMenuItem" id="885547335">
+												<reference key="NSMenu" ref="786677654"/>
+												<string key="NSTitle">Smaller</string>
+												<string key="NSKeyEquiv">-</string>
+												<int key="NSKeyEquivModMask">1048576</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+												<int key="NSTag">4</int>
+											</object>
+											<object class="NSMenuItem" id="901062459">
+												<reference key="NSMenu" ref="786677654"/>
+												<bool key="NSIsDisabled">YES</bool>
+												<bool key="NSIsSeparator">YES</bool>
+												<string key="NSTitle"/>
+												<string key="NSKeyEquiv"/>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="767671776">
+												<reference key="NSMenu" ref="786677654"/>
+												<string key="NSTitle">Kern</string>
+												<string key="NSKeyEquiv"/>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+												<string key="NSAction">submenuAction:</string>
+												<reference key="NSTarget" ref="175441468"/>
+												<object class="NSMenu" key="NSSubmenu" id="175441468">
+													<string key="NSTitle">Kern</string>
+													<array class="NSMutableArray" key="NSMenuItems">
+														<object class="NSMenuItem" id="252969304">
+															<reference key="NSMenu" ref="175441468"/>
+															<string key="NSTitle">Use Default</string>
+															<string key="NSKeyEquiv"/>
+															<int key="NSMnemonicLoc">2147483647</int>
+															<reference key="NSOnImage" ref="35465992"/>
+															<reference key="NSMixedImage" ref="502551668"/>
+														</object>
+														<object class="NSMenuItem" id="766922938">
+															<reference key="NSMenu" ref="175441468"/>
+															<string key="NSTitle">Use None</string>
+															<string key="NSKeyEquiv"/>
+															<int key="NSMnemonicLoc">2147483647</int>
+															<reference key="NSOnImage" ref="35465992"/>
+															<reference key="NSMixedImage" ref="502551668"/>
+														</object>
+														<object class="NSMenuItem" id="677519740">
+															<reference key="NSMenu" ref="175441468"/>
+															<string key="NSTitle">Tighten</string>
+															<string key="NSKeyEquiv"/>
+															<int key="NSMnemonicLoc">2147483647</int>
+															<reference key="NSOnImage" ref="35465992"/>
+															<reference key="NSMixedImage" ref="502551668"/>
+														</object>
+														<object class="NSMenuItem" id="238351151">
+															<reference key="NSMenu" ref="175441468"/>
+															<string key="NSTitle">Loosen</string>
+															<string key="NSKeyEquiv"/>
+															<int key="NSMnemonicLoc">2147483647</int>
+															<reference key="NSOnImage" ref="35465992"/>
+															<reference key="NSMixedImage" ref="502551668"/>
+														</object>
+													</array>
+												</object>
+											</object>
+											<object class="NSMenuItem" id="691570813">
+												<reference key="NSMenu" ref="786677654"/>
+												<string key="NSTitle">Ligature</string>
+												<string key="NSKeyEquiv"/>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+												<string key="NSAction">submenuAction:</string>
+												<reference key="NSTarget" ref="1058217995"/>
+												<object class="NSMenu" key="NSSubmenu" id="1058217995">
+													<string key="NSTitle">Ligature</string>
+													<array class="NSMutableArray" key="NSMenuItems">
+														<object class="NSMenuItem" id="706297211">
+															<reference key="NSMenu" ref="1058217995"/>
+															<string key="NSTitle">Use Default</string>
+															<string key="NSKeyEquiv"/>
+															<int key="NSMnemonicLoc">2147483647</int>
+															<reference key="NSOnImage" ref="35465992"/>
+															<reference key="NSMixedImage" ref="502551668"/>
+														</object>
+														<object class="NSMenuItem" id="568384683">
+															<reference key="NSMenu" ref="1058217995"/>
+															<string key="NSTitle">Use None</string>
+															<string key="NSKeyEquiv"/>
+															<int key="NSMnemonicLoc">2147483647</int>
+															<reference key="NSOnImage" ref="35465992"/>
+															<reference key="NSMixedImage" ref="502551668"/>
+														</object>
+														<object class="NSMenuItem" id="663508465">
+															<reference key="NSMenu" ref="1058217995"/>
+															<string key="NSTitle">Use All</string>
+															<string key="NSKeyEquiv"/>
+															<int key="NSMnemonicLoc">2147483647</int>
+															<reference key="NSOnImage" ref="35465992"/>
+															<reference key="NSMixedImage" ref="502551668"/>
+														</object>
+													</array>
+												</object>
+											</object>
+											<object class="NSMenuItem" id="769124883">
+												<reference key="NSMenu" ref="786677654"/>
+												<string key="NSTitle">Baseline</string>
+												<string key="NSKeyEquiv"/>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+												<string key="NSAction">submenuAction:</string>
+												<reference key="NSTarget" ref="18263474"/>
+												<object class="NSMenu" key="NSSubmenu" id="18263474">
+													<string key="NSTitle">Baseline</string>
+													<array class="NSMutableArray" key="NSMenuItems">
+														<object class="NSMenuItem" id="257962622">
+															<reference key="NSMenu" ref="18263474"/>
+															<string key="NSTitle">Use Default</string>
+															<string key="NSKeyEquiv"/>
+															<int key="NSMnemonicLoc">2147483647</int>
+															<reference key="NSOnImage" ref="35465992"/>
+															<reference key="NSMixedImage" ref="502551668"/>
+														</object>
+														<object class="NSMenuItem" id="644725453">
+															<reference key="NSMenu" ref="18263474"/>
+															<string key="NSTitle">Superscript</string>
+															<string key="NSKeyEquiv"/>
+															<int key="NSMnemonicLoc">2147483647</int>
+															<reference key="NSOnImage" ref="35465992"/>
+															<reference key="NSMixedImage" ref="502551668"/>
+														</object>
+														<object class="NSMenuItem" id="1037576581">
+															<reference key="NSMenu" ref="18263474"/>
+															<string key="NSTitle">Subscript</string>
+															<string key="NSKeyEquiv"/>
+															<int key="NSMnemonicLoc">2147483647</int>
+															<reference key="NSOnImage" ref="35465992"/>
+															<reference key="NSMixedImage" ref="502551668"/>
+														</object>
+														<object class="NSMenuItem" id="941806246">
+															<reference key="NSMenu" ref="18263474"/>
+															<string key="NSTitle">Raise</string>
+															<string key="NSKeyEquiv"/>
+															<int key="NSMnemonicLoc">2147483647</int>
+															<reference key="NSOnImage" ref="35465992"/>
+															<reference key="NSMixedImage" ref="502551668"/>
+														</object>
+														<object class="NSMenuItem" id="1045724900">
+															<reference key="NSMenu" ref="18263474"/>
+															<string key="NSTitle">Lower</string>
+															<string key="NSKeyEquiv"/>
+															<int key="NSMnemonicLoc">2147483647</int>
+															<reference key="NSOnImage" ref="35465992"/>
+															<reference key="NSMixedImage" ref="502551668"/>
+														</object>
+													</array>
+												</object>
+											</object>
+											<object class="NSMenuItem" id="739652853">
+												<reference key="NSMenu" ref="786677654"/>
+												<bool key="NSIsDisabled">YES</bool>
+												<bool key="NSIsSeparator">YES</bool>
+												<string key="NSTitle"/>
+												<string key="NSKeyEquiv"/>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="1012600125">
+												<reference key="NSMenu" ref="786677654"/>
+												<string key="NSTitle">Show Colors</string>
+												<string key="NSKeyEquiv">C</string>
+												<int key="NSKeyEquivModMask">1048576</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="214559597">
+												<reference key="NSMenu" ref="786677654"/>
+												<bool key="NSIsDisabled">YES</bool>
+												<bool key="NSIsSeparator">YES</bool>
+												<string key="NSTitle"/>
+												<string key="NSKeyEquiv"/>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="596732606">
+												<reference key="NSMenu" ref="786677654"/>
+												<string key="NSTitle">Copy Style</string>
+												<string key="NSKeyEquiv">c</string>
+												<int key="NSKeyEquivModMask">1572864</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="393423671">
+												<reference key="NSMenu" ref="786677654"/>
+												<string key="NSTitle">Paste Style</string>
+												<string key="NSKeyEquiv">v</string>
+												<int key="NSKeyEquivModMask">1572864</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+										</array>
+										<string key="NSName">_NSFontMenu</string>
+									</object>
+								</object>
+								<object class="NSMenuItem" id="215659978">
+									<reference key="NSMenu" ref="941447902"/>
+									<string key="NSTitle">Text</string>
+									<string key="NSKeyEquiv"/>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+									<string key="NSAction">submenuAction:</string>
+									<reference key="NSTarget" ref="446991534"/>
+									<object class="NSMenu" key="NSSubmenu" id="446991534">
+										<string key="NSTitle">Text</string>
+										<array class="NSMutableArray" key="NSMenuItems">
+											<object class="NSMenuItem" id="875092757">
+												<reference key="NSMenu" ref="446991534"/>
+												<string key="NSTitle">Align Left</string>
+												<string key="NSKeyEquiv">{</string>
+												<int key="NSKeyEquivModMask">1048576</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="630155264">
+												<reference key="NSMenu" ref="446991534"/>
+												<string key="NSTitle">Center</string>
+												<string key="NSKeyEquiv">|</string>
+												<int key="NSKeyEquivModMask">1048576</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="945678886">
+												<reference key="NSMenu" ref="446991534"/>
+												<string key="NSTitle">Justify</string>
+												<string key="NSKeyEquiv"/>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="512868991">
+												<reference key="NSMenu" ref="446991534"/>
+												<string key="NSTitle">Align Right</string>
+												<string key="NSKeyEquiv">}</string>
+												<int key="NSKeyEquivModMask">1048576</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="163117631">
+												<reference key="NSMenu" ref="446991534"/>
+												<bool key="NSIsDisabled">YES</bool>
+												<bool key="NSIsSeparator">YES</bool>
+												<string key="NSTitle"/>
+												<string key="NSKeyEquiv"/>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="31516759">
+												<reference key="NSMenu" ref="446991534"/>
+												<string key="NSTitle">Writing Direction</string>
+												<string key="NSKeyEquiv"/>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+												<string key="NSAction">submenuAction:</string>
+												<reference key="NSTarget" ref="956096989"/>
+												<object class="NSMenu" key="NSSubmenu" id="956096989">
+													<string key="NSTitle">Writing Direction</string>
+													<array class="NSMutableArray" key="NSMenuItems">
+														<object class="NSMenuItem" id="257099033">
+															<reference key="NSMenu" ref="956096989"/>
+															<bool key="NSIsDisabled">YES</bool>
+															<string key="NSTitle">Paragraph</string>
+															<string key="NSKeyEquiv"/>
+															<int key="NSMnemonicLoc">2147483647</int>
+															<reference key="NSOnImage" ref="35465992"/>
+															<reference key="NSMixedImage" ref="502551668"/>
+														</object>
+														<object class="NSMenuItem" id="551969625">
+															<reference key="NSMenu" ref="956096989"/>
+															<string type="base64-UTF8" key="NSTitle">CURlZmF1bHQ</string>
+															<string key="NSKeyEquiv"/>
+															<int key="NSMnemonicLoc">2147483647</int>
+															<reference key="NSOnImage" ref="35465992"/>
+															<reference key="NSMixedImage" ref="502551668"/>
+														</object>
+														<object class="NSMenuItem" id="249532473">
+															<reference key="NSMenu" ref="956096989"/>
+															<string type="base64-UTF8" key="NSTitle">CUxlZnQgdG8gUmlnaHQ</string>
+															<string key="NSKeyEquiv"/>
+															<int key="NSMnemonicLoc">2147483647</int>
+															<reference key="NSOnImage" ref="35465992"/>
+															<reference key="NSMixedImage" ref="502551668"/>
+														</object>
+														<object class="NSMenuItem" id="607364498">
+															<reference key="NSMenu" ref="956096989"/>
+															<string type="base64-UTF8" key="NSTitle">CVJpZ2h0IHRvIExlZnQ</string>
+															<string key="NSKeyEquiv"/>
+															<int key="NSMnemonicLoc">2147483647</int>
+															<reference key="NSOnImage" ref="35465992"/>
+															<reference key="NSMixedImage" ref="502551668"/>
+														</object>
+														<object class="NSMenuItem" id="508151438">
+															<reference key="NSMenu" ref="956096989"/>
+															<bool key="NSIsDisabled">YES</bool>
+															<bool key="NSIsSeparator">YES</bool>
+															<string key="NSTitle"/>
+															<string key="NSKeyEquiv"/>
+															<int key="NSMnemonicLoc">2147483647</int>
+															<reference key="NSOnImage" ref="35465992"/>
+															<reference key="NSMixedImage" ref="502551668"/>
+														</object>
+														<object class="NSMenuItem" id="981751889">
+															<reference key="NSMenu" ref="956096989"/>
+															<bool key="NSIsDisabled">YES</bool>
+															<string key="NSTitle">Selection</string>
+															<string key="NSKeyEquiv"/>
+															<int key="NSMnemonicLoc">2147483647</int>
+															<reference key="NSOnImage" ref="35465992"/>
+															<reference key="NSMixedImage" ref="502551668"/>
+														</object>
+														<object class="NSMenuItem" id="380031999">
+															<reference key="NSMenu" ref="956096989"/>
+															<string type="base64-UTF8" key="NSTitle">CURlZmF1bHQ</string>
+															<string key="NSKeyEquiv"/>
+															<int key="NSMnemonicLoc">2147483647</int>
+															<reference key="NSOnImage" ref="35465992"/>
+															<reference key="NSMixedImage" ref="502551668"/>
+														</object>
+														<object class="NSMenuItem" id="825984362">
+															<reference key="NSMenu" ref="956096989"/>
+															<string type="base64-UTF8" key="NSTitle">CUxlZnQgdG8gUmlnaHQ</string>
+															<string key="NSKeyEquiv"/>
+															<int key="NSMnemonicLoc">2147483647</int>
+															<reference key="NSOnImage" ref="35465992"/>
+															<reference key="NSMixedImage" ref="502551668"/>
+														</object>
+														<object class="NSMenuItem" id="560145579">
+															<reference key="NSMenu" ref="956096989"/>
+															<string type="base64-UTF8" key="NSTitle">CVJpZ2h0IHRvIExlZnQ</string>
+															<string key="NSKeyEquiv"/>
+															<int key="NSMnemonicLoc">2147483647</int>
+															<reference key="NSOnImage" ref="35465992"/>
+															<reference key="NSMixedImage" ref="502551668"/>
+														</object>
+													</array>
+												</object>
+											</object>
+											<object class="NSMenuItem" id="908105787">
+												<reference key="NSMenu" ref="446991534"/>
+												<bool key="NSIsDisabled">YES</bool>
+												<bool key="NSIsSeparator">YES</bool>
+												<string key="NSTitle"/>
+												<string key="NSKeyEquiv"/>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="644046920">
+												<reference key="NSMenu" ref="446991534"/>
+												<string key="NSTitle">Show Ruler</string>
+												<string key="NSKeyEquiv"/>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="231811626">
+												<reference key="NSMenu" ref="446991534"/>
+												<string key="NSTitle">Copy Ruler</string>
+												<string key="NSKeyEquiv">c</string>
+												<int key="NSKeyEquivModMask">1310720</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+											<object class="NSMenuItem" id="883618387">
+												<reference key="NSMenu" ref="446991534"/>
+												<string key="NSTitle">Paste Ruler</string>
+												<string key="NSKeyEquiv">v</string>
+												<int key="NSKeyEquivModMask">1310720</int>
+												<int key="NSMnemonicLoc">2147483647</int>
+												<reference key="NSOnImage" ref="35465992"/>
+												<reference key="NSMixedImage" ref="502551668"/>
+											</object>
+										</array>
+									</object>
+								</object>
+							</array>
+						</object>
+					</object>
+					<object class="NSMenuItem" id="586577488">
+						<reference key="NSMenu" ref="649796088"/>
+						<string key="NSTitle">View</string>
+						<string key="NSKeyEquiv"/>
+						<int key="NSKeyEquivModMask">1048576</int>
+						<int key="NSMnemonicLoc">2147483647</int>
+						<reference key="NSOnImage" ref="35465992"/>
+						<reference key="NSMixedImage" ref="502551668"/>
+						<string key="NSAction">submenuAction:</string>
+						<reference key="NSTarget" ref="466310130"/>
+						<object class="NSMenu" key="NSSubmenu" id="466310130">
+							<string key="NSTitle">View</string>
+							<array class="NSMutableArray" key="NSMenuItems">
+								<object class="NSMenuItem" id="102151532">
+									<reference key="NSMenu" ref="466310130"/>
+									<string key="NSTitle">Show Toolbar</string>
+									<string key="NSKeyEquiv">t</string>
+									<int key="NSKeyEquivModMask">1572864</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="237841660">
+									<reference key="NSMenu" ref="466310130"/>
+									<string key="NSTitle">Customize Toolbar…</string>
+									<string key="NSKeyEquiv"/>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+							</array>
+						</object>
+					</object>
+					<object class="NSMenuItem" id="713487014">
+						<reference key="NSMenu" ref="649796088"/>
+						<string key="NSTitle">Window</string>
+						<string key="NSKeyEquiv"/>
+						<int key="NSKeyEquivModMask">1048576</int>
+						<int key="NSMnemonicLoc">2147483647</int>
+						<reference key="NSOnImage" ref="35465992"/>
+						<reference key="NSMixedImage" ref="502551668"/>
+						<string key="NSAction">submenuAction:</string>
+						<reference key="NSTarget" ref="835318025"/>
+						<object class="NSMenu" key="NSSubmenu" id="835318025">
+							<string key="NSTitle">Window</string>
+							<array class="NSMutableArray" key="NSMenuItems">
+								<object class="NSMenuItem" id="1011231497">
+									<reference key="NSMenu" ref="835318025"/>
+									<string key="NSTitle">Minimize</string>
+									<string key="NSKeyEquiv">m</string>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="575023229">
+									<reference key="NSMenu" ref="835318025"/>
+									<string key="NSTitle">Zoom</string>
+									<string key="NSKeyEquiv"/>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="299356726">
+									<reference key="NSMenu" ref="835318025"/>
+									<bool key="NSIsDisabled">YES</bool>
+									<bool key="NSIsSeparator">YES</bool>
+									<string key="NSTitle"/>
+									<string key="NSKeyEquiv"/>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+								<object class="NSMenuItem" id="625202149">
+									<reference key="NSMenu" ref="835318025"/>
+									<string key="NSTitle">Bring All to Front</string>
+									<string key="NSKeyEquiv"/>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+							</array>
+							<string key="NSName">_NSWindowsMenu</string>
+						</object>
+					</object>
+					<object class="NSMenuItem" id="448692316">
+						<reference key="NSMenu" ref="649796088"/>
+						<string key="NSTitle">Help</string>
+						<string key="NSKeyEquiv"/>
+						<int key="NSMnemonicLoc">2147483647</int>
+						<reference key="NSOnImage" ref="35465992"/>
+						<reference key="NSMixedImage" ref="502551668"/>
+						<string key="NSAction">submenuAction:</string>
+						<reference key="NSTarget" ref="992780483"/>
+						<object class="NSMenu" key="NSSubmenu" id="992780483">
+							<string key="NSTitle">Help</string>
+							<array class="NSMutableArray" key="NSMenuItems">
+								<object class="NSMenuItem" id="105068016">
+									<reference key="NSMenu" ref="992780483"/>
+									<string key="NSTitle">ZeroTier One Help</string>
+									<string key="NSKeyEquiv">?</string>
+									<int key="NSKeyEquivModMask">1048576</int>
+									<int key="NSMnemonicLoc">2147483647</int>
+									<reference key="NSOnImage" ref="35465992"/>
+									<reference key="NSMixedImage" ref="502551668"/>
+								</object>
+							</array>
+							<string key="NSName">_NSHelpMenu</string>
+						</object>
+					</object>
+				</array>
+				<string key="NSName">_NSMainMenu</string>
+			</object>
+		</array>
+		<object class="IBObjectContainer" key="IBDocument.Objects">
+			<array key="connectionRecords">
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">terminate:</string>
+						<reference key="source" ref="1050"/>
+						<reference key="destination" ref="632727374"/>
+					</object>
+					<int key="connectionID">449</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">orderFrontStandardAboutPanel:</string>
+						<reference key="source" ref="1021"/>
+						<reference key="destination" ref="238522557"/>
+					</object>
+					<int key="connectionID">142</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBOutletConnection" key="connection">
+						<string key="label">delegate</string>
+						<reference key="source" ref="1021"/>
+						<reference key="destination" ref="976324537"/>
+					</object>
+					<int key="connectionID">547</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">performMiniaturize:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="1011231497"/>
+					</object>
+					<int key="connectionID">37</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">arrangeInFront:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="625202149"/>
+					</object>
+					<int key="connectionID">39</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">print:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="49223823"/>
+					</object>
+					<int key="connectionID">86</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">runPageLayout:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="294629803"/>
+					</object>
+					<int key="connectionID">87</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">clearRecentDocuments:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="759406840"/>
+					</object>
+					<int key="connectionID">127</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">performClose:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="776162233"/>
+					</object>
+					<int key="connectionID">193</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">toggleContinuousSpellChecking:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="948374510"/>
+					</object>
+					<int key="connectionID">222</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">undo:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="1058277027"/>
+					</object>
+					<int key="connectionID">223</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">copy:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="860595796"/>
+					</object>
+					<int key="connectionID">224</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">checkSpelling:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="96193923"/>
+					</object>
+					<int key="connectionID">225</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">paste:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="29853731"/>
+					</object>
+					<int key="connectionID">226</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">stopSpeaking:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="680220178"/>
+					</object>
+					<int key="connectionID">227</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">cut:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="296257095"/>
+					</object>
+					<int key="connectionID">228</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">showGuessPanel:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="679648819"/>
+					</object>
+					<int key="connectionID">230</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">redo:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="790794224"/>
+					</object>
+					<int key="connectionID">231</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">selectAll:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="583158037"/>
+					</object>
+					<int key="connectionID">232</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">startSpeaking:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="731782645"/>
+					</object>
+					<int key="connectionID">233</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">delete:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="437104165"/>
+					</object>
+					<int key="connectionID">235</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">performZoom:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="575023229"/>
+					</object>
+					<int key="connectionID">240</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">performFindPanelAction:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="447796847"/>
+					</object>
+					<int key="connectionID">241</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">centerSelectionInVisibleArea:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="88285865"/>
+					</object>
+					<int key="connectionID">245</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">toggleGrammarChecking:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="967646866"/>
+					</object>
+					<int key="connectionID">347</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">toggleSmartInsertDelete:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="605118523"/>
+					</object>
+					<int key="connectionID">355</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">toggleAutomaticQuoteSubstitution:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="197661976"/>
+					</object>
+					<int key="connectionID">356</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">toggleAutomaticLinkDetection:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="708854459"/>
+					</object>
+					<int key="connectionID">357</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">saveDocument:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="1023925487"/>
+					</object>
+					<int key="connectionID">362</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">revertDocumentToSaved:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="579971712"/>
+					</object>
+					<int key="connectionID">364</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">runToolbarCustomizationPalette:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="237841660"/>
+					</object>
+					<int key="connectionID">365</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">toggleToolbarShown:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="102151532"/>
+					</object>
+					<int key="connectionID">366</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">hide:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="755159360"/>
+					</object>
+					<int key="connectionID">367</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">hideOtherApplications:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="342932134"/>
+					</object>
+					<int key="connectionID">368</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">unhideAllApplications:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="908899353"/>
+					</object>
+					<int key="connectionID">370</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">newDocument:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="705341025"/>
+					</object>
+					<int key="connectionID">373</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">openDocument:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="722745758"/>
+					</object>
+					<int key="connectionID">374</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">raiseBaseline:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="941806246"/>
+					</object>
+					<int key="connectionID">426</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">lowerBaseline:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="1045724900"/>
+					</object>
+					<int key="connectionID">427</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">copyFont:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="596732606"/>
+					</object>
+					<int key="connectionID">428</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">subscript:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="1037576581"/>
+					</object>
+					<int key="connectionID">429</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">superscript:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="644725453"/>
+					</object>
+					<int key="connectionID">430</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">tightenKerning:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="677519740"/>
+					</object>
+					<int key="connectionID">431</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">underline:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="330926929"/>
+					</object>
+					<int key="connectionID">432</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">orderFrontColorPanel:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="1012600125"/>
+					</object>
+					<int key="connectionID">433</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">useAllLigatures:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="663508465"/>
+					</object>
+					<int key="connectionID">434</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">loosenKerning:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="238351151"/>
+					</object>
+					<int key="connectionID">435</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">pasteFont:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="393423671"/>
+					</object>
+					<int key="connectionID">436</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">unscript:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="257962622"/>
+					</object>
+					<int key="connectionID">437</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">useStandardKerning:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="252969304"/>
+					</object>
+					<int key="connectionID">438</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">useStandardLigatures:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="706297211"/>
+					</object>
+					<int key="connectionID">439</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">turnOffLigatures:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="568384683"/>
+					</object>
+					<int key="connectionID">440</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">turnOffKerning:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="766922938"/>
+					</object>
+					<int key="connectionID">441</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">toggleAutomaticSpellingCorrection:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="795346622"/>
+					</object>
+					<int key="connectionID">456</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">orderFrontSubstitutionsPanel:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="65139061"/>
+					</object>
+					<int key="connectionID">458</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">toggleAutomaticDashSubstitution:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="672708820"/>
+					</object>
+					<int key="connectionID">461</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">toggleAutomaticTextReplacement:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="537092702"/>
+					</object>
+					<int key="connectionID">463</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">uppercaseWord:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="1060694897"/>
+					</object>
+					<int key="connectionID">464</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">capitalizeWord:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="56570060"/>
+					</object>
+					<int key="connectionID">467</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">lowercaseWord:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="879586729"/>
+					</object>
+					<int key="connectionID">468</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">pasteAsPlainText:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="82994268"/>
+					</object>
+					<int key="connectionID">486</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">performFindPanelAction:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="326711663"/>
+					</object>
+					<int key="connectionID">487</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">performFindPanelAction:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="270902937"/>
+					</object>
+					<int key="connectionID">488</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">performFindPanelAction:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="159080638"/>
+					</object>
+					<int key="connectionID">489</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">showHelp:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="105068016"/>
+					</object>
+					<int key="connectionID">493</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">alignCenter:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="630155264"/>
+					</object>
+					<int key="connectionID">518</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">pasteRuler:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="883618387"/>
+					</object>
+					<int key="connectionID">519</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">toggleRuler:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="644046920"/>
+					</object>
+					<int key="connectionID">520</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">alignRight:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="512868991"/>
+					</object>
+					<int key="connectionID">521</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">copyRuler:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="231811626"/>
+					</object>
+					<int key="connectionID">522</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">alignJustified:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="945678886"/>
+					</object>
+					<int key="connectionID">523</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">alignLeft:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="875092757"/>
+					</object>
+					<int key="connectionID">524</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">makeBaseWritingDirectionNatural:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="551969625"/>
+					</object>
+					<int key="connectionID">525</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">makeBaseWritingDirectionLeftToRight:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="249532473"/>
+					</object>
+					<int key="connectionID">526</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">makeBaseWritingDirectionRightToLeft:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="607364498"/>
+					</object>
+					<int key="connectionID">527</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">makeTextWritingDirectionNatural:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="380031999"/>
+					</object>
+					<int key="connectionID">528</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">makeTextWritingDirectionLeftToRight:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="825984362"/>
+					</object>
+					<int key="connectionID">529</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">makeTextWritingDirectionRightToLeft:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="560145579"/>
+					</object>
+					<int key="connectionID">530</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBActionConnection" key="connection">
+						<string key="label">performFindPanelAction:</string>
+						<reference key="source" ref="1014"/>
+						<reference key="destination" ref="738670835"/>
+					</object>
+					<int key="connectionID">535</int>
+				</object>
+				<object class="IBConnectionRecord">
+					<object class="IBOutletConnection" key="connection">
+						<string key="label">delegate</string>
+						<reference key="source" ref="649796088"/>
+						<reference key="destination" ref="1021"/>
+					</object>
+					<int key="connectionID">545</int>
+				</object>
+			</array>
+			<object class="IBMutableOrderedSet" key="objectRecords">
+				<array key="orderedObjects">
+					<object class="IBObjectRecord">
+						<int key="objectID">0</int>
+						<array key="object" id="0"/>
+						<reference key="children" ref="1048"/>
+						<nil key="parent"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">-2</int>
+						<reference key="object" ref="1021"/>
+						<reference key="parent" ref="0"/>
+						<string key="objectName">File's Owner</string>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">-1</int>
+						<reference key="object" ref="1014"/>
+						<reference key="parent" ref="0"/>
+						<string key="objectName">First Responder</string>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">-3</int>
+						<reference key="object" ref="1050"/>
+						<reference key="parent" ref="0"/>
+						<string key="objectName">Application</string>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">29</int>
+						<reference key="object" ref="649796088"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="713487014"/>
+							<reference ref="694149608"/>
+							<reference ref="952259628"/>
+							<reference ref="379814623"/>
+							<reference ref="586577488"/>
+							<reference ref="302598603"/>
+							<reference ref="448692316"/>
+						</array>
+						<reference key="parent" ref="0"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">19</int>
+						<reference key="object" ref="713487014"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="835318025"/>
+						</array>
+						<reference key="parent" ref="649796088"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">56</int>
+						<reference key="object" ref="694149608"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="110575045"/>
+						</array>
+						<reference key="parent" ref="649796088"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">217</int>
+						<reference key="object" ref="952259628"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="789758025"/>
+						</array>
+						<reference key="parent" ref="649796088"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">83</int>
+						<reference key="object" ref="379814623"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="720053764"/>
+						</array>
+						<reference key="parent" ref="649796088"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">81</int>
+						<reference key="object" ref="720053764"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="1023925487"/>
+							<reference ref="49223823"/>
+							<reference ref="722745758"/>
+							<reference ref="705341025"/>
+							<reference ref="1025936716"/>
+							<reference ref="294629803"/>
+							<reference ref="776162233"/>
+							<reference ref="425164168"/>
+							<reference ref="579971712"/>
+							<reference ref="1010469920"/>
+						</array>
+						<reference key="parent" ref="379814623"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">75</int>
+						<reference key="object" ref="1023925487"/>
+						<reference key="parent" ref="720053764"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">78</int>
+						<reference key="object" ref="49223823"/>
+						<reference key="parent" ref="720053764"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">72</int>
+						<reference key="object" ref="722745758"/>
+						<reference key="parent" ref="720053764"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">82</int>
+						<reference key="object" ref="705341025"/>
+						<reference key="parent" ref="720053764"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">124</int>
+						<reference key="object" ref="1025936716"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="1065607017"/>
+						</array>
+						<reference key="parent" ref="720053764"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">77</int>
+						<reference key="object" ref="294629803"/>
+						<reference key="parent" ref="720053764"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">73</int>
+						<reference key="object" ref="776162233"/>
+						<reference key="parent" ref="720053764"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">79</int>
+						<reference key="object" ref="425164168"/>
+						<reference key="parent" ref="720053764"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">112</int>
+						<reference key="object" ref="579971712"/>
+						<reference key="parent" ref="720053764"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">74</int>
+						<reference key="object" ref="1010469920"/>
+						<reference key="parent" ref="720053764"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">125</int>
+						<reference key="object" ref="1065607017"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="759406840"/>
+						</array>
+						<reference key="parent" ref="1025936716"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">126</int>
+						<reference key="object" ref="759406840"/>
+						<reference key="parent" ref="1065607017"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">205</int>
+						<reference key="object" ref="789758025"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="437104165"/>
+							<reference ref="583158037"/>
+							<reference ref="1058277027"/>
+							<reference ref="212016141"/>
+							<reference ref="296257095"/>
+							<reference ref="29853731"/>
+							<reference ref="860595796"/>
+							<reference ref="1040322652"/>
+							<reference ref="790794224"/>
+							<reference ref="892235320"/>
+							<reference ref="972420730"/>
+							<reference ref="676164635"/>
+							<reference ref="507821607"/>
+							<reference ref="288088188"/>
+							<reference ref="82994268"/>
+						</array>
+						<reference key="parent" ref="952259628"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">202</int>
+						<reference key="object" ref="437104165"/>
+						<reference key="parent" ref="789758025"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">198</int>
+						<reference key="object" ref="583158037"/>
+						<reference key="parent" ref="789758025"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">207</int>
+						<reference key="object" ref="1058277027"/>
+						<reference key="parent" ref="789758025"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">214</int>
+						<reference key="object" ref="212016141"/>
+						<reference key="parent" ref="789758025"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">199</int>
+						<reference key="object" ref="296257095"/>
+						<reference key="parent" ref="789758025"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">203</int>
+						<reference key="object" ref="29853731"/>
+						<reference key="parent" ref="789758025"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">197</int>
+						<reference key="object" ref="860595796"/>
+						<reference key="parent" ref="789758025"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">206</int>
+						<reference key="object" ref="1040322652"/>
+						<reference key="parent" ref="789758025"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">215</int>
+						<reference key="object" ref="790794224"/>
+						<reference key="parent" ref="789758025"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">218</int>
+						<reference key="object" ref="892235320"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="963351320"/>
+						</array>
+						<reference key="parent" ref="789758025"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">216</int>
+						<reference key="object" ref="972420730"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="769623530"/>
+						</array>
+						<reference key="parent" ref="789758025"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">200</int>
+						<reference key="object" ref="769623530"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="948374510"/>
+							<reference ref="96193923"/>
+							<reference ref="679648819"/>
+							<reference ref="967646866"/>
+							<reference ref="859480356"/>
+							<reference ref="795346622"/>
+						</array>
+						<reference key="parent" ref="972420730"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">219</int>
+						<reference key="object" ref="948374510"/>
+						<reference key="parent" ref="769623530"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">201</int>
+						<reference key="object" ref="96193923"/>
+						<reference key="parent" ref="769623530"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">204</int>
+						<reference key="object" ref="679648819"/>
+						<reference key="parent" ref="769623530"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">220</int>
+						<reference key="object" ref="963351320"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="270902937"/>
+							<reference ref="88285865"/>
+							<reference ref="159080638"/>
+							<reference ref="326711663"/>
+							<reference ref="447796847"/>
+							<reference ref="738670835"/>
+						</array>
+						<reference key="parent" ref="892235320"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">213</int>
+						<reference key="object" ref="270902937"/>
+						<reference key="parent" ref="963351320"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">210</int>
+						<reference key="object" ref="88285865"/>
+						<reference key="parent" ref="963351320"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">221</int>
+						<reference key="object" ref="159080638"/>
+						<reference key="parent" ref="963351320"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">208</int>
+						<reference key="object" ref="326711663"/>
+						<reference key="parent" ref="963351320"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">209</int>
+						<reference key="object" ref="447796847"/>
+						<reference key="parent" ref="963351320"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">57</int>
+						<reference key="object" ref="110575045"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="238522557"/>
+							<reference ref="755159360"/>
+							<reference ref="908899353"/>
+							<reference ref="632727374"/>
+							<reference ref="646227648"/>
+							<reference ref="609285721"/>
+							<reference ref="481834944"/>
+							<reference ref="304266470"/>
+							<reference ref="1046388886"/>
+							<reference ref="1056857174"/>
+							<reference ref="342932134"/>
+						</array>
+						<reference key="parent" ref="694149608"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">58</int>
+						<reference key="object" ref="238522557"/>
+						<reference key="parent" ref="110575045"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">134</int>
+						<reference key="object" ref="755159360"/>
+						<reference key="parent" ref="110575045"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">150</int>
+						<reference key="object" ref="908899353"/>
+						<reference key="parent" ref="110575045"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">136</int>
+						<reference key="object" ref="632727374"/>
+						<reference key="parent" ref="110575045"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">144</int>
+						<reference key="object" ref="646227648"/>
+						<reference key="parent" ref="110575045"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">129</int>
+						<reference key="object" ref="609285721"/>
+						<reference key="parent" ref="110575045"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">143</int>
+						<reference key="object" ref="481834944"/>
+						<reference key="parent" ref="110575045"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">236</int>
+						<reference key="object" ref="304266470"/>
+						<reference key="parent" ref="110575045"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">131</int>
+						<reference key="object" ref="1046388886"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="752062318"/>
+						</array>
+						<reference key="parent" ref="110575045"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">149</int>
+						<reference key="object" ref="1056857174"/>
+						<reference key="parent" ref="110575045"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">145</int>
+						<reference key="object" ref="342932134"/>
+						<reference key="parent" ref="110575045"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">130</int>
+						<reference key="object" ref="752062318"/>
+						<reference key="parent" ref="1046388886"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">24</int>
+						<reference key="object" ref="835318025"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="299356726"/>
+							<reference ref="625202149"/>
+							<reference ref="575023229"/>
+							<reference ref="1011231497"/>
+						</array>
+						<reference key="parent" ref="713487014"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">92</int>
+						<reference key="object" ref="299356726"/>
+						<reference key="parent" ref="835318025"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">5</int>
+						<reference key="object" ref="625202149"/>
+						<reference key="parent" ref="835318025"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">239</int>
+						<reference key="object" ref="575023229"/>
+						<reference key="parent" ref="835318025"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">23</int>
+						<reference key="object" ref="1011231497"/>
+						<reference key="parent" ref="835318025"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">295</int>
+						<reference key="object" ref="586577488"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="466310130"/>
+						</array>
+						<reference key="parent" ref="649796088"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">296</int>
+						<reference key="object" ref="466310130"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="102151532"/>
+							<reference ref="237841660"/>
+						</array>
+						<reference key="parent" ref="586577488"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">297</int>
+						<reference key="object" ref="102151532"/>
+						<reference key="parent" ref="466310130"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">298</int>
+						<reference key="object" ref="237841660"/>
+						<reference key="parent" ref="466310130"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">211</int>
+						<reference key="object" ref="676164635"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="785027613"/>
+						</array>
+						<reference key="parent" ref="789758025"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">212</int>
+						<reference key="object" ref="785027613"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="680220178"/>
+							<reference ref="731782645"/>
+						</array>
+						<reference key="parent" ref="676164635"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">195</int>
+						<reference key="object" ref="680220178"/>
+						<reference key="parent" ref="785027613"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">196</int>
+						<reference key="object" ref="731782645"/>
+						<reference key="parent" ref="785027613"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">346</int>
+						<reference key="object" ref="967646866"/>
+						<reference key="parent" ref="769623530"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">348</int>
+						<reference key="object" ref="507821607"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="698887838"/>
+						</array>
+						<reference key="parent" ref="789758025"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">349</int>
+						<reference key="object" ref="698887838"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="605118523"/>
+							<reference ref="197661976"/>
+							<reference ref="708854459"/>
+							<reference ref="65139061"/>
+							<reference ref="19036812"/>
+							<reference ref="672708820"/>
+							<reference ref="537092702"/>
+						</array>
+						<reference key="parent" ref="507821607"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">350</int>
+						<reference key="object" ref="605118523"/>
+						<reference key="parent" ref="698887838"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">351</int>
+						<reference key="object" ref="197661976"/>
+						<reference key="parent" ref="698887838"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">354</int>
+						<reference key="object" ref="708854459"/>
+						<reference key="parent" ref="698887838"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">375</int>
+						<reference key="object" ref="302598603"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="941447902"/>
+						</array>
+						<reference key="parent" ref="649796088"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">376</int>
+						<reference key="object" ref="941447902"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="792887677"/>
+							<reference ref="215659978"/>
+						</array>
+						<reference key="parent" ref="302598603"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">377</int>
+						<reference key="object" ref="792887677"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="786677654"/>
+						</array>
+						<reference key="parent" ref="941447902"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">388</int>
+						<reference key="object" ref="786677654"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="159677712"/>
+							<reference ref="305399458"/>
+							<reference ref="814362025"/>
+							<reference ref="330926929"/>
+							<reference ref="533507878"/>
+							<reference ref="158063935"/>
+							<reference ref="885547335"/>
+							<reference ref="901062459"/>
+							<reference ref="767671776"/>
+							<reference ref="691570813"/>
+							<reference ref="769124883"/>
+							<reference ref="739652853"/>
+							<reference ref="1012600125"/>
+							<reference ref="214559597"/>
+							<reference ref="596732606"/>
+							<reference ref="393423671"/>
+						</array>
+						<reference key="parent" ref="792887677"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">389</int>
+						<reference key="object" ref="159677712"/>
+						<reference key="parent" ref="786677654"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">390</int>
+						<reference key="object" ref="305399458"/>
+						<reference key="parent" ref="786677654"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">391</int>
+						<reference key="object" ref="814362025"/>
+						<reference key="parent" ref="786677654"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">392</int>
+						<reference key="object" ref="330926929"/>
+						<reference key="parent" ref="786677654"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">393</int>
+						<reference key="object" ref="533507878"/>
+						<reference key="parent" ref="786677654"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">394</int>
+						<reference key="object" ref="158063935"/>
+						<reference key="parent" ref="786677654"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">395</int>
+						<reference key="object" ref="885547335"/>
+						<reference key="parent" ref="786677654"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">396</int>
+						<reference key="object" ref="901062459"/>
+						<reference key="parent" ref="786677654"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">397</int>
+						<reference key="object" ref="767671776"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="175441468"/>
+						</array>
+						<reference key="parent" ref="786677654"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">398</int>
+						<reference key="object" ref="691570813"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="1058217995"/>
+						</array>
+						<reference key="parent" ref="786677654"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">399</int>
+						<reference key="object" ref="769124883"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="18263474"/>
+						</array>
+						<reference key="parent" ref="786677654"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">400</int>
+						<reference key="object" ref="739652853"/>
+						<reference key="parent" ref="786677654"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">401</int>
+						<reference key="object" ref="1012600125"/>
+						<reference key="parent" ref="786677654"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">402</int>
+						<reference key="object" ref="214559597"/>
+						<reference key="parent" ref="786677654"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">403</int>
+						<reference key="object" ref="596732606"/>
+						<reference key="parent" ref="786677654"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">404</int>
+						<reference key="object" ref="393423671"/>
+						<reference key="parent" ref="786677654"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">405</int>
+						<reference key="object" ref="18263474"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="257962622"/>
+							<reference ref="644725453"/>
+							<reference ref="1037576581"/>
+							<reference ref="941806246"/>
+							<reference ref="1045724900"/>
+						</array>
+						<reference key="parent" ref="769124883"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">406</int>
+						<reference key="object" ref="257962622"/>
+						<reference key="parent" ref="18263474"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">407</int>
+						<reference key="object" ref="644725453"/>
+						<reference key="parent" ref="18263474"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">408</int>
+						<reference key="object" ref="1037576581"/>
+						<reference key="parent" ref="18263474"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">409</int>
+						<reference key="object" ref="941806246"/>
+						<reference key="parent" ref="18263474"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">410</int>
+						<reference key="object" ref="1045724900"/>
+						<reference key="parent" ref="18263474"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">411</int>
+						<reference key="object" ref="1058217995"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="706297211"/>
+							<reference ref="568384683"/>
+							<reference ref="663508465"/>
+						</array>
+						<reference key="parent" ref="691570813"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">412</int>
+						<reference key="object" ref="706297211"/>
+						<reference key="parent" ref="1058217995"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">413</int>
+						<reference key="object" ref="568384683"/>
+						<reference key="parent" ref="1058217995"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">414</int>
+						<reference key="object" ref="663508465"/>
+						<reference key="parent" ref="1058217995"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">415</int>
+						<reference key="object" ref="175441468"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="252969304"/>
+							<reference ref="766922938"/>
+							<reference ref="677519740"/>
+							<reference ref="238351151"/>
+						</array>
+						<reference key="parent" ref="767671776"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">416</int>
+						<reference key="object" ref="252969304"/>
+						<reference key="parent" ref="175441468"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">417</int>
+						<reference key="object" ref="766922938"/>
+						<reference key="parent" ref="175441468"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">418</int>
+						<reference key="object" ref="677519740"/>
+						<reference key="parent" ref="175441468"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">419</int>
+						<reference key="object" ref="238351151"/>
+						<reference key="parent" ref="175441468"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">450</int>
+						<reference key="object" ref="288088188"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="579392910"/>
+						</array>
+						<reference key="parent" ref="789758025"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">451</int>
+						<reference key="object" ref="579392910"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="1060694897"/>
+							<reference ref="879586729"/>
+							<reference ref="56570060"/>
+						</array>
+						<reference key="parent" ref="288088188"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">452</int>
+						<reference key="object" ref="1060694897"/>
+						<reference key="parent" ref="579392910"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">453</int>
+						<reference key="object" ref="859480356"/>
+						<reference key="parent" ref="769623530"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">454</int>
+						<reference key="object" ref="795346622"/>
+						<reference key="parent" ref="769623530"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">457</int>
+						<reference key="object" ref="65139061"/>
+						<reference key="parent" ref="698887838"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">459</int>
+						<reference key="object" ref="19036812"/>
+						<reference key="parent" ref="698887838"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">460</int>
+						<reference key="object" ref="672708820"/>
+						<reference key="parent" ref="698887838"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">462</int>
+						<reference key="object" ref="537092702"/>
+						<reference key="parent" ref="698887838"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">465</int>
+						<reference key="object" ref="879586729"/>
+						<reference key="parent" ref="579392910"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">466</int>
+						<reference key="object" ref="56570060"/>
+						<reference key="parent" ref="579392910"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">485</int>
+						<reference key="object" ref="82994268"/>
+						<reference key="parent" ref="789758025"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">490</int>
+						<reference key="object" ref="448692316"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="992780483"/>
+						</array>
+						<reference key="parent" ref="649796088"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">491</int>
+						<reference key="object" ref="992780483"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="105068016"/>
+						</array>
+						<reference key="parent" ref="448692316"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">492</int>
+						<reference key="object" ref="105068016"/>
+						<reference key="parent" ref="992780483"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">496</int>
+						<reference key="object" ref="215659978"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="446991534"/>
+						</array>
+						<reference key="parent" ref="941447902"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">497</int>
+						<reference key="object" ref="446991534"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="875092757"/>
+							<reference ref="630155264"/>
+							<reference ref="945678886"/>
+							<reference ref="512868991"/>
+							<reference ref="163117631"/>
+							<reference ref="31516759"/>
+							<reference ref="908105787"/>
+							<reference ref="644046920"/>
+							<reference ref="231811626"/>
+							<reference ref="883618387"/>
+						</array>
+						<reference key="parent" ref="215659978"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">498</int>
+						<reference key="object" ref="875092757"/>
+						<reference key="parent" ref="446991534"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">499</int>
+						<reference key="object" ref="630155264"/>
+						<reference key="parent" ref="446991534"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">500</int>
+						<reference key="object" ref="945678886"/>
+						<reference key="parent" ref="446991534"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">501</int>
+						<reference key="object" ref="512868991"/>
+						<reference key="parent" ref="446991534"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">502</int>
+						<reference key="object" ref="163117631"/>
+						<reference key="parent" ref="446991534"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">503</int>
+						<reference key="object" ref="31516759"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="956096989"/>
+						</array>
+						<reference key="parent" ref="446991534"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">504</int>
+						<reference key="object" ref="908105787"/>
+						<reference key="parent" ref="446991534"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">505</int>
+						<reference key="object" ref="644046920"/>
+						<reference key="parent" ref="446991534"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">506</int>
+						<reference key="object" ref="231811626"/>
+						<reference key="parent" ref="446991534"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">507</int>
+						<reference key="object" ref="883618387"/>
+						<reference key="parent" ref="446991534"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">508</int>
+						<reference key="object" ref="956096989"/>
+						<array class="NSMutableArray" key="children">
+							<reference ref="257099033"/>
+							<reference ref="551969625"/>
+							<reference ref="249532473"/>
+							<reference ref="607364498"/>
+							<reference ref="508151438"/>
+							<reference ref="981751889"/>
+							<reference ref="380031999"/>
+							<reference ref="825984362"/>
+							<reference ref="560145579"/>
+						</array>
+						<reference key="parent" ref="31516759"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">509</int>
+						<reference key="object" ref="257099033"/>
+						<reference key="parent" ref="956096989"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">510</int>
+						<reference key="object" ref="551969625"/>
+						<reference key="parent" ref="956096989"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">511</int>
+						<reference key="object" ref="249532473"/>
+						<reference key="parent" ref="956096989"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">512</int>
+						<reference key="object" ref="607364498"/>
+						<reference key="parent" ref="956096989"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">513</int>
+						<reference key="object" ref="508151438"/>
+						<reference key="parent" ref="956096989"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">514</int>
+						<reference key="object" ref="981751889"/>
+						<reference key="parent" ref="956096989"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">515</int>
+						<reference key="object" ref="380031999"/>
+						<reference key="parent" ref="956096989"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">516</int>
+						<reference key="object" ref="825984362"/>
+						<reference key="parent" ref="956096989"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">517</int>
+						<reference key="object" ref="560145579"/>
+						<reference key="parent" ref="956096989"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">534</int>
+						<reference key="object" ref="738670835"/>
+						<reference key="parent" ref="963351320"/>
+					</object>
+					<object class="IBObjectRecord">
+						<int key="objectID">546</int>
+						<reference key="object" ref="976324537"/>
+						<reference key="parent" ref="0"/>
+					</object>
+				</array>
+			</object>
+			<dictionary class="NSMutableDictionary" key="flattenedProperties">
+				<string key="-1.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="-2.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="-3.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="112.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="124.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="125.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="126.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="129.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="130.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="131.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="134.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="136.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="143.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="144.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="145.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="149.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="150.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="19.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="195.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="196.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="197.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="198.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="199.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="200.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="201.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="202.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="203.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="204.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="205.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="206.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="207.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="208.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="209.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="210.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="211.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="212.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="213.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="214.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="215.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="216.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="217.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="218.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="219.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="220.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="221.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="23.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="236.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="239.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="24.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="29.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="295.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="296.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="297.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="298.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="346.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="348.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="349.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="350.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="351.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="354.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="375.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="376.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="377.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="388.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="389.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="390.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="391.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="392.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="393.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="394.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="395.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="396.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="397.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="398.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="399.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="400.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="401.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="402.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="403.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="404.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="405.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="406.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="407.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="408.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="409.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="410.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="411.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="412.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="413.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="414.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="415.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="416.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="417.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="418.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="419.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="450.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="451.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="452.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="453.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="454.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="457.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="459.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="460.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="462.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="465.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="466.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="485.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="490.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="491.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="492.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="496.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="497.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="498.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="499.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="5.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="500.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="501.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="502.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="503.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="504.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="505.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="506.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="507.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="508.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="509.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="510.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="511.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="512.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="513.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="514.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="515.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="516.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="517.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="534.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="546.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="56.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="57.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="58.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="72.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="73.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="74.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="75.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="77.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="78.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="79.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="81.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="82.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="83.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+				<string key="92.IBPluginDependency">com.apple.InterfaceBuilder.CocoaPlugin</string>
+			</dictionary>
+			<dictionary class="NSMutableDictionary" key="unlocalizedProperties"/>
+			<nil key="activeLocalization"/>
+			<dictionary class="NSMutableDictionary" key="localizations"/>
+			<nil key="sourceID"/>
+			<int key="maxID">547</int>
+		</object>
+		<object class="IBClassDescriber" key="IBDocument.Classes">
+			<array class="NSMutableArray" key="referencedPartialClassDescriptions">
+				<object class="IBPartialClassDescription">
+					<string key="className">AppDelegate</string>
+					<string key="superclassName">NSObject</string>
+					<object class="IBClassDescriptionSource" key="sourceIdentifier">
+						<string key="majorKey">IBProjectSource</string>
+						<string key="minorKey">../MacGap/AppDelegate.h</string>
+					</object>
+				</object>
+			</array>
+			<array class="NSMutableArray" key="referencedPartialClassDescriptionsV3.2+">
+				<object class="IBPartialClassDescription">
+					<string key="className">NSApplication</string>
+					<string key="superclassName">NSResponder</string>
+					<object class="IBClassDescriptionSource" key="sourceIdentifier">
+						<string key="majorKey">IBFrameworkSource</string>
+						<string key="minorKey">AppKit.framework/Headers/NSApplication.h</string>
+					</object>
+				</object>
+				<object class="IBPartialClassDescription">
+					<string key="className">NSBrowser</string>
+					<string key="superclassName">NSControl</string>
+					<object class="IBClassDescriptionSource" key="sourceIdentifier">
+						<string key="majorKey">IBFrameworkSource</string>
+						<string key="minorKey">AppKit.framework/Headers/NSBrowser.h</string>
+					</object>
+				</object>
+				<object class="IBPartialClassDescription">
+					<string key="className">NSControl</string>
+					<string key="superclassName">NSView</string>
+					<object class="IBClassDescriptionSource" key="sourceIdentifier">
+						<string key="majorKey">IBFrameworkSource</string>
+						<string key="minorKey">AppKit.framework/Headers/NSControl.h</string>
+					</object>
+				</object>
+				<object class="IBPartialClassDescription">
+					<string key="className">NSDocument</string>
+					<string key="superclassName">NSObject</string>
+					<dictionary class="NSMutableDictionary" key="actions">
+						<string key="printDocument:">id</string>
+						<string key="revertDocumentToSaved:">id</string>
+						<string key="runPageLayout:">id</string>
+						<string key="saveDocument:">id</string>
+						<string key="saveDocumentAs:">id</string>
+						<string key="saveDocumentTo:">id</string>
+					</dictionary>
+					<dictionary class="NSMutableDictionary" key="actionInfosByName">
+						<object class="IBActionInfo" key="printDocument:">
+							<string key="name">printDocument:</string>
+							<string key="candidateClassName">id</string>
+						</object>
+						<object class="IBActionInfo" key="revertDocumentToSaved:">
+							<string key="name">revertDocumentToSaved:</string>
+							<string key="candidateClassName">id</string>
+						</object>
+						<object class="IBActionInfo" key="runPageLayout:">
+							<string key="name">runPageLayout:</string>
+							<string key="candidateClassName">id</string>
+						</object>
+						<object class="IBActionInfo" key="saveDocument:">
+							<string key="name">saveDocument:</string>
+							<string key="candidateClassName">id</string>
+						</object>
+						<object class="IBActionInfo" key="saveDocumentAs:">
+							<string key="name">saveDocumentAs:</string>
+							<string key="candidateClassName">id</string>
+						</object>
+						<object class="IBActionInfo" key="saveDocumentTo:">
+							<string key="name">saveDocumentTo:</string>
+							<string key="candidateClassName">id</string>
+						</object>
+					</dictionary>
+					<object class="IBClassDescriptionSource" key="sourceIdentifier">
+						<string key="majorKey">IBFrameworkSource</string>
+						<string key="minorKey">AppKit.framework/Headers/NSDocument.h</string>
+					</object>
+				</object>
+				<object class="IBPartialClassDescription">
+					<string key="className">NSDocumentController</string>
+					<string key="superclassName">NSObject</string>
+					<dictionary class="NSMutableDictionary" key="actions">
+						<string key="clearRecentDocuments:">id</string>
+						<string key="newDocument:">id</string>
+						<string key="openDocument:">id</string>
+						<string key="saveAllDocuments:">id</string>
+					</dictionary>
+					<dictionary class="NSMutableDictionary" key="actionInfosByName">
+						<object class="IBActionInfo" key="clearRecentDocuments:">
+							<string key="name">clearRecentDocuments:</string>
+							<string key="candidateClassName">id</string>
+						</object>
+						<object class="IBActionInfo" key="newDocument:">
+							<string key="name">newDocument:</string>
+							<string key="candidateClassName">id</string>
+						</object>
+						<object class="IBActionInfo" key="openDocument:">
+							<string key="name">openDocument:</string>
+							<string key="candidateClassName">id</string>
+						</object>
+						<object class="IBActionInfo" key="saveAllDocuments:">
+							<string key="name">saveAllDocuments:</string>
+							<string key="candidateClassName">id</string>
+						</object>
+					</dictionary>
+					<object class="IBClassDescriptionSource" key="sourceIdentifier">
+						<string key="majorKey">IBFrameworkSource</string>
+						<string key="minorKey">AppKit.framework/Headers/NSDocumentController.h</string>
+					</object>
+				</object>
+				<object class="IBPartialClassDescription">
+					<string key="className">NSFormatter</string>
+					<string key="superclassName">NSObject</string>
+					<object class="IBClassDescriptionSource" key="sourceIdentifier">
+						<string key="majorKey">IBFrameworkSource</string>
+						<string key="minorKey">Foundation.framework/Headers/NSFormatter.h</string>
+					</object>
+				</object>
+				<object class="IBPartialClassDescription">
+					<string key="className">NSMatrix</string>
+					<string key="superclassName">NSControl</string>
+					<object class="IBClassDescriptionSource" key="sourceIdentifier">
+						<string key="majorKey">IBFrameworkSource</string>
+						<string key="minorKey">AppKit.framework/Headers/NSMatrix.h</string>
+					</object>
+				</object>
+				<object class="IBPartialClassDescription">
+					<string key="className">NSMenu</string>
+					<string key="superclassName">NSObject</string>
+					<object class="IBClassDescriptionSource" key="sourceIdentifier">
+						<string key="majorKey">IBFrameworkSource</string>
+						<string key="minorKey">AppKit.framework/Headers/NSMenu.h</string>
+					</object>
+				</object>
+				<object class="IBPartialClassDescription">
+					<string key="className">NSMenuItem</string>
+					<string key="superclassName">NSObject</string>
+					<object class="IBClassDescriptionSource" key="sourceIdentifier">
+						<string key="majorKey">IBFrameworkSource</string>
+						<string key="minorKey">AppKit.framework/Headers/NSMenuItem.h</string>
+					</object>
+				</object>
+				<object class="IBPartialClassDescription">
+					<string key="className">NSMovieView</string>
+					<string key="superclassName">NSView</string>
+					<object class="IBClassDescriptionSource" key="sourceIdentifier">
+						<string key="majorKey">IBFrameworkSource</string>
+						<string key="minorKey">AppKit.framework/Headers/NSMovieView.h</string>
+					</object>
+				</object>
+				<object class="IBPartialClassDescription">
+					<string key="className">NSPopover</string>
+					<string key="superclassName">NSResponder</string>
+					<object class="IBClassDescriptionSource" key="sourceIdentifier">
+						<string key="majorKey">IBFrameworkSource</string>
+						<string key="minorKey">AppKit.framework/Headers/NSPopover.h</string>
+					</object>
+				</object>
+				<object class="IBPartialClassDescription">
+					<string key="className">NSResponder</string>
+					<string key="superclassName">NSObject</string>
+					<object class="IBClassDescriptionSource" key="sourceIdentifier">
+						<string key="majorKey">IBFrameworkSource</string>
+						<string key="minorKey">AppKit.framework/Headers/NSResponder.h</string>
+					</object>
+				</object>
+				<object class="IBPartialClassDescription">
+					<string key="className">NSTableView</string>
+					<string key="superclassName">NSControl</string>
+					<object class="IBClassDescriptionSource" key="sourceIdentifier">
+						<string key="majorKey">IBFrameworkSource</string>
+						<string key="minorKey">AppKit.framework/Headers/NSTableView.h</string>
+					</object>
+				</object>
+				<object class="IBPartialClassDescription">
+					<string key="className">NSText</string>
+					<string key="superclassName">NSView</string>
+					<object class="IBClassDescriptionSource" key="sourceIdentifier">
+						<string key="majorKey">IBFrameworkSource</string>
+						<string key="minorKey">AppKit.framework/Headers/NSText.h</string>
+					</object>
+				</object>
+				<object class="IBPartialClassDescription">
+					<string key="className">NSTextView</string>
+					<string key="superclassName">NSText</string>
+					<object class="IBClassDescriptionSource" key="sourceIdentifier">
+						<string key="majorKey">IBFrameworkSource</string>
+						<string key="minorKey">AppKit.framework/Headers/NSTextView.h</string>
+					</object>
+				</object>
+				<object class="IBPartialClassDescription">
+					<string key="className">NSView</string>
+					<string key="superclassName">NSResponder</string>
+					<object class="IBClassDescriptionSource" key="sourceIdentifier">
+						<string key="majorKey">IBFrameworkSource</string>
+						<string key="minorKey">AppKit.framework/Headers/NSView.h</string>
+					</object>
+				</object>
+				<object class="IBPartialClassDescription">
+					<string key="className">NSViewController</string>
+					<string key="superclassName">NSResponder</string>
+					<object class="NSMutableDictionary" key="outlets">
+						<string key="NS.key.0">view</string>
+						<string key="NS.object.0">NSView</string>
+					</object>
+					<object class="NSMutableDictionary" key="toOneOutletInfosByName">
+						<string key="NS.key.0">view</string>
+						<object class="IBToOneOutletInfo" key="NS.object.0">
+							<string key="name">view</string>
+							<string key="candidateClassName">NSView</string>
+						</object>
+					</object>
+					<object class="IBClassDescriptionSource" key="sourceIdentifier">
+						<string key="majorKey">IBFrameworkSource</string>
+						<string key="minorKey">AppKit.framework/Headers/NSViewController.h</string>
+					</object>
+				</object>
+				<object class="IBPartialClassDescription">
+					<string key="className">NSWindow</string>
+					<string key="superclassName">NSResponder</string>
+					<object class="IBClassDescriptionSource" key="sourceIdentifier">
+						<string key="majorKey">IBFrameworkSource</string>
+						<string key="minorKey">AppKit.framework/Headers/NSWindow.h</string>
+					</object>
+				</object>
+				<object class="IBPartialClassDescription">
+					<string key="className">WebView</string>
+					<string key="superclassName">NSView</string>
+					<dictionary class="NSMutableDictionary" key="actions">
+						<string key="goBack:">id</string>
+						<string key="goForward:">id</string>
+						<string key="makeTextLarger:">id</string>
+						<string key="makeTextSmaller:">id</string>
+						<string key="makeTextStandardSize:">id</string>
+						<string key="reload:">id</string>
+						<string key="reloadFromOrigin:">id</string>
+						<string key="stopLoading:">id</string>
+						<string key="takeStringURLFrom:">id</string>
+						<string key="toggleContinuousSpellChecking:">id</string>
+						<string key="toggleSmartInsertDelete:">id</string>
+					</dictionary>
+					<dictionary class="NSMutableDictionary" key="actionInfosByName">
+						<object class="IBActionInfo" key="goBack:">
+							<string key="name">goBack:</string>
+							<string key="candidateClassName">id</string>
+						</object>
+						<object class="IBActionInfo" key="goForward:">
+							<string key="name">goForward:</string>
+							<string key="candidateClassName">id</string>
+						</object>
+						<object class="IBActionInfo" key="makeTextLarger:">
+							<string key="name">makeTextLarger:</string>
+							<string key="candidateClassName">id</string>
+						</object>
+						<object class="IBActionInfo" key="makeTextSmaller:">
+							<string key="name">makeTextSmaller:</string>
+							<string key="candidateClassName">id</string>
+						</object>
+						<object class="IBActionInfo" key="makeTextStandardSize:">
+							<string key="name">makeTextStandardSize:</string>
+							<string key="candidateClassName">id</string>
+						</object>
+						<object class="IBActionInfo" key="reload:">
+							<string key="name">reload:</string>
+							<string key="candidateClassName">id</string>
+						</object>
+						<object class="IBActionInfo" key="reloadFromOrigin:">
+							<string key="name">reloadFromOrigin:</string>
+							<string key="candidateClassName">id</string>
+						</object>
+						<object class="IBActionInfo" key="stopLoading:">
+							<string key="name">stopLoading:</string>
+							<string key="candidateClassName">id</string>
+						</object>
+						<object class="IBActionInfo" key="takeStringURLFrom:">
+							<string key="name">takeStringURLFrom:</string>
+							<string key="candidateClassName">id</string>
+						</object>
+						<object class="IBActionInfo" key="toggleContinuousSpellChecking:">
+							<string key="name">toggleContinuousSpellChecking:</string>
+							<string key="candidateClassName">id</string>
+						</object>
+						<object class="IBActionInfo" key="toggleSmartInsertDelete:">
+							<string key="name">toggleSmartInsertDelete:</string>
+							<string key="candidateClassName">id</string>
+						</object>
+					</dictionary>
+					<object class="IBClassDescriptionSource" key="sourceIdentifier">
+						<string key="majorKey">IBFrameworkSource</string>
+						<string key="minorKey">WebKit.framework/Headers/WebView.h</string>
+					</object>
+				</object>
+			</array>
+		</object>
+		<int key="IBDocument.localizationMode">0</int>
+		<string key="IBDocument.TargetRuntimeIdentifier">IBCocoaFramework</string>
+		<bool key="IBDocument.previouslyAttemptedUpgradeToXcode5">NO</bool>
+		<object class="NSMutableDictionary" key="IBDocument.PluginDeclaredDevelopmentDependencies">
+			<string key="NS.key.0">com.apple.InterfaceBuilder.CocoaPlugin.InterfaceBuilder3</string>
+			<integer value="4600" key="NS.object.0"/>
+		</object>
+		<bool key="IBDocument.PluginDeclaredDependenciesTrackSystemTargetVersion">YES</bool>
+		<int key="IBDocument.defaultPropertyAccessControl">3</int>
+		<dictionary class="NSMutableDictionary" key="IBDocument.LastKnownImageSizes">
+			<string key="NSMenuCheckmark">{12, 12}</string>
+			<string key="NSMenuMixedState">{10, 2}</string>
+		</dictionary>
+	</data>
+</archive>
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/en.lproj/Window.xib b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/en.lproj/Window.xib
new file mode 100644
index 0000000..fa70aca
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/en.lproj/Window.xib
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="9060" systemVersion="15B42" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none">
+    <dependencies>
+        <deployment identifier="macosx"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="9060"/>
+        <plugIn identifier="com.apple.WebKitIBPlugin" version="9060"/>
+    </dependencies>
+    <objects>
+        <customObject id="-2" userLabel="File's Owner" customClass="WindowController">
+            <connections>
+                <outlet property="contentView" destination="2" id="23"/>
+                <outlet property="window" destination="1" id="25"/>
+            </connections>
+        </customObject>
+        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
+        <customObject id="-3" userLabel="Application" customClass="NSObject"/>
+        <window title="Window" allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" oneShot="NO" animationBehavior="default" id="1">
+            <windowStyleMask key="styleMask" titled="YES" closable="YES" miniaturizable="YES" resizable="YES"/>
+            <rect key="contentRect" x="575" y="564" width="500" height="500"/>
+            <rect key="screenRect" x="0.0" y="0.0" width="1920" height="1178"/>
+            <view key="contentView" id="2" customClass="ContentView">
+                <rect key="frame" x="0.0" y="0.0" width="500" height="500"/>
+                <autoresizingMask key="autoresizingMask"/>
+                <subviews>
+                    <webView id="5">
+                        <rect key="frame" x="0.0" y="0.0" width="500" height="500"/>
+                        <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                        <animations/>
+                        <webPreferences key="preferences" defaultFontSize="12" defaultFixedFontSize="12">
+                            <nil key="identifier"/>
+                        </webPreferences>
+                    </webView>
+                </subviews>
+                <animations/>
+                <connections>
+                    <outlet property="webView" destination="5" id="19"/>
+                </connections>
+            </view>
+            <connections>
+                <binding destination="-2" name="title" keyPath="contentView.webView.mainFrameTitle" id="31"/>
+            </connections>
+        </window>
+    </objects>
+</document>
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/main.m b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/main.m
new file mode 100644
index 0000000..4ad50ad
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/MacGap/main.m
@@ -0,0 +1,14 @@
+//
+//  main.m
+//  MacGap
+//
+//  Created by Alex MacCaw on 08/01/2012.
+//  Copyright (c) 2012 Twitter. All rights reserved.
+//
+
+#import <Cocoa/Cocoa.h>
+
+int main(int argc, char *argv[])
+{
+    return NSApplicationMain(argc, (const char **)argv);
+}
diff --git a/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/README.md b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/README.md
new file mode 100644
index 0000000..daf3eae
--- /dev/null
+++ b/ext/installfiles/mac/mac-ui-macgap1-wrapper/src/README.md
@@ -0,0 +1,6 @@
+Mac Web UI Wrapper
+======
+
+This is a modified version of MacGap1 which launches a WebKit view and accesses the local ZeroTier service at its web URL. It builds the URL from the authtoken.secret file in the system home (or the user home) and the zerotier-one.port file that ZeroTier creates to advertise its control port.
+
+It's based on the original MacGap1 source by Twitter, Inc. which is licensed under the MIT license.
diff --git a/ext/installfiles/mac/postinst.sh b/ext/installfiles/mac/postinst.sh
new file mode 100755
index 0000000..da15f9c
--- /dev/null
+++ b/ext/installfiles/mac/postinst.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+
+export PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin
+
+OSX_RELEASE=`sw_vers -productVersion | cut -d . -f 1,2`
+
+launchctl unload /Library/LaunchDaemons/com.zerotier.one.plist >>/dev/null 2>&1
+sleep 1
+
+cd "/Library/Application Support/ZeroTier/One"
+
+if [ "$OSX_RELEASE" = "10.7" ]; then
+	# OSX 10.7 cannot use the new tap driver since the new way of kext signing
+	# is not backward compatible. Pull the old one for 10.7 users and replace.
+	# We use https to fetch and check hash as an extra added measure.
+	rm -f tap.kext.10_7.tar.gz
+	curl -s https://download.zerotier.com/tap.kext.10_7.tar.gz >tap.kext.10_7.tar.gz
+	if [ -s tap.kext.10_7.tar.gz -a "`shasum -a 256 tap.kext.10_7.tar.gz | cut -d ' ' -f 1`" = "e133d4832cef571621d3618f417381b44f51a76ed625089fb4e545e65d3ef2a9" ]; then
+		rm -rf tap.kext
+		tar -xzf tap.kext.10_7.tar.gz
+	fi
+	rm -f tap.kext.10_7.tar.gz
+fi
+
+rm -rf node.log node.log.old root-topology shutdownIfUnreadable autoupdate.log updates.d
+chown -R 0 tap.kext
+chgrp -R 0 tap.kext
+if [ ! -f authtoken.secret ]; then
+	head -c 4096 /dev/urandom | md5 | head -c 24 >authtoken.secret
+	chown 0 authtoken.secret
+	chgrp 0 authtoken.secret
+	chmod 0600 authtoken.secret
+fi
+rm -f zerotier-cli zerotier-idtool
+ln -sf zerotier-one zerotier-cli
+ln -sf zerotier-one zerotier-idtool
+
+mkdir -p /usr/local/bin
+cd /usr/local/bin
+rm -f zerotier-cli zerotier-idtool
+ln -sf "/Library/Application Support/ZeroTier/One/zerotier-one" zerotier-cli
+ln -sf "/Library/Application Support/ZeroTier/One/zerotier-one" zerotier-idtool
+
+launchctl load /Library/LaunchDaemons/com.zerotier.one.plist >>/dev/null 2>&1
+
+exit 0
diff --git a/ext/installfiles/mac/preinst.sh b/ext/installfiles/mac/preinst.sh
new file mode 100755
index 0000000..c2cb494
--- /dev/null
+++ b/ext/installfiles/mac/preinst.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+export PATH=/bin:/usr/bin:/sbin:/usr/sbin
+
+if [ -f /Library/LaunchDaemons/com.zerotier.one.plist ]; then
+	launchctl unload /Library/LaunchDaemons/com.zerotier.one.plist >>/dev/null 2>&1
+fi
+
+sleep 1
+
+if [ -d "/Library/Application Support/ZeroTier/One" ]; then
+	cd "/Library/Application Support/ZeroTier/One"
+	if [ -f "zerotier-one.pid" ]; then
+		ztpid=`cat zerotier-one.pid`
+		if [ "$ztpid" -gt "0" ]; then
+			kill `cat zerotier-one.pid`
+		fi
+	fi
+fi
+
+sleep 1
+
+cd "/Applications"
+rm -rf "ZeroTier One.app"
+
+exit 0
diff --git a/ext/installfiles/mac/ui/Makefile b/ext/installfiles/mac/ui/Makefile
new file mode 100644
index 0000000..4be0322
--- /dev/null
+++ b/ext/installfiles/mac/ui/Makefile
@@ -0,0 +1,6 @@
+all:
+	mkdir -p build
+	jsx --target es3 -x jsx . ./build
+	rm -f ztui.min.js
+	minify build/*.js >>ztui.min.js
+	rm -rf build
diff --git a/ext/installfiles/mac/ui/README.md b/ext/installfiles/mac/ui/README.md
new file mode 100644
index 0000000..bd5eddb
--- /dev/null
+++ b/ext/installfiles/mac/ui/README.md
@@ -0,0 +1,10 @@
+ZeroTier HTML5 UI
+======
+
+This is the new (as of 1.0.3) ZeroTier One UI. It's implemented in HTML5 and React.
+
+If you make changes to the .jsx files, type 'make'. You will need NodeJS, react-tools, and minify installed and available in your path.
+
+For this to work, these files must be installed in the 'ui' subfolder of the ZeroTier home path. For development it's nice to symlink this to the 'ui' folder in your working directory. If the 'ui' subfolder is not present, the UI static files will not be served by the embedded web server.
+
+Packaging for Mac and Windows is accomplished by way of the wrappers in ext/. For Mac this is done with a modified version of MacGap. Windows uses a custom project that embeds a web view.
diff --git a/ext/installfiles/mac/ui/ZeroTierNetwork.jsx b/ext/installfiles/mac/ui/ZeroTierNetwork.jsx
new file mode 100644
index 0000000..f842d75
--- /dev/null
+++ b/ext/installfiles/mac/ui/ZeroTierNetwork.jsx
@@ -0,0 +1,74 @@
+var ZeroTierNetwork = React.createClass({
+	getInitialState: function() {
+		return {};
+	},
+
+	leaveNetwork: function(event) {
+		Ajax.call({
+			url: 'network/'+this.props.nwid+'?auth='+this.props.authToken,
+			cache: false,
+			type: 'DELETE',
+			success: function(data) {
+				if (this.props.onNetworkDeleted)
+					this.props.onNetworkDeleted(this.props.nwid);
+			}.bind(this),
+			error: function(error) {
+			}.bind(this)
+		});
+		event.preventDefault();
+	},
+
+	render: function() {
+		return (
+			<div className="zeroTierNetwork">
+				<div className="networkInfo">
+					<span className="networkId">{this.props.nwid}</span>&nbsp;
+					<span className="networkName">{this.props.name}</span>
+				</div>
+				<div className="networkProps">
+					<div className="row">
+						<div className="name">Status</div>
+						<div className="value">{this.props['status']}</div>
+					</div>
+					<div className="row">
+						<div className="name">Type</div>
+						<div className="value">{this.props['type']}</div>
+					</div>
+					<div className="row">
+						<div className="name">MAC</div>
+						<div className="value zeroTierAddress">{this.props['mac']}</div>
+					</div>
+					<div className="row">
+						<div className="name">MTU</div>
+						<div className="value">{this.props['mtu']}</div>
+					</div>
+					<div className="row">
+						<div className="name">Broadcast</div>
+						<div className="value">{(this.props['broadcastEnabled']) ? 'ENABLED' : 'DISABLED'}</div>
+					</div>
+					<div className="row">
+						<div className="name">Bridging</div>
+						<div className="value">{(this.props['bridge']) ? 'ACTIVE' : 'DISABLED'}</div>
+					</div>
+					<div className="row">
+						<div className="name">Device</div>
+						<div className="value">{(this.props['portDeviceName']) ? this.props['portDeviceName'] : '(none)'}</div>
+					</div>
+					<div className="row">
+						<div className="name">Managed&nbsp;IPs</div>
+						<div className="value ipList">
+							{
+								this.props['assignedAddresses'].map(function(ipAssignment) {
+									return (
+										<div key={ipAssignment} className="ipAddress">{ipAssignment}</div>
+									);
+								})
+							}
+						</div>
+					</div>
+				</div>
+				<button type="button" className="leaveNetworkButton" onClick={this.leaveNetwork}>Leave&nbsp;Network</button>
+			</div>
+		);
+	}
+});
diff --git a/ext/installfiles/mac/ui/ZeroTierNode.jsx b/ext/installfiles/mac/ui/ZeroTierNode.jsx
new file mode 100644
index 0000000..b4c2922
--- /dev/null
+++ b/ext/installfiles/mac/ui/ZeroTierNode.jsx
@@ -0,0 +1,158 @@
+var ZeroTierNode = React.createClass({
+	getInitialState: function() {
+		return {
+			address: '----------',
+			online: false,
+			version: '_._._',
+			_networks: [],
+			_peers: []
+		};
+	},
+
+	ago: function(ms) {
+		if (ms > 0) {
+			var tmp = Math.round((Date.now() - ms) / 1000);
+			return ((tmp > 0) ? tmp : 0);
+		} else return 0;
+	},
+
+	updatePeers: function() {
+		Ajax.call({
+			url: 'peer?auth='+this.props.authToken,
+			cache: false,
+			type: 'GET',
+			success: function(data) {
+				if (data) {
+					var pl = JSON.parse(data);
+					if (Array.isArray(pl)) {
+						this.setState({_peers: pl});
+					}
+				}
+			}.bind(this),
+			error: function() {
+			}.bind(this)
+		});
+	},
+	updateNetworks: function() {
+		Ajax.call({
+			url: 'network?auth='+this.props.authToken,
+			cache: false,
+			type: 'GET',
+			success: function(data) {
+				if (data) {
+					var nwl = JSON.parse(data);
+					if (Array.isArray(nwl)) {
+						this.setState({_networks: nwl});
+					}
+				}
+			}.bind(this),
+			error: function() {
+			}.bind(this)
+		});
+	},
+	updateAll: function() {
+		Ajax.call({
+			url: 'status?auth='+this.props.authToken,
+			cache: false,
+			type: 'GET',
+			success: function(data) {
+				this.alertedToFailure = false;
+				if (data) {
+					var status = JSON.parse(data);
+					this.setState(status);
+					document.title = 'ZeroTier One [' + status.address + ']';
+				}
+				this.updateNetworks();
+				this.updatePeers();
+			}.bind(this),
+			error: function() {
+				this.setState(this.getInitialState());
+				if (!this.alertedToFailure) {
+					this.alertedToFailure = true;
+					alert('Authorization token invalid or ZeroTier One service not running.');
+				}
+			}.bind(this)
+		});
+	},
+	joinNetwork: function(event) {
+		event.preventDefault();
+		if ((this.networkToJoin)&&(this.networkToJoin.length === 16)) {
+			Ajax.call({
+				url: 'network/'+this.networkToJoin+'?auth='+this.props.authToken,
+				cache: false,
+				type: 'POST',
+				success: function(data) {
+					this.networkToJoin = '';
+					if (this.networkInputElement)
+						this.networkInputElement.value = '';
+					this.updateNetworks();
+				}.bind(this),
+				error: function() {
+				}.bind(this)
+			});
+		} else {
+			alert('To join a network, enter its 16-digit network ID.');
+		}
+	},
+	handleNetworkIdEntry: function(event) {
+		this.networkInputElement = event.target;
+		var nid = this.networkInputElement.value;
+		if (nid) {
+			nid = nid.toLowerCase();
+			var nnid = '';
+			for(var i=0;((i<nid.length)&&(i<16));++i) {
+				if ("0123456789abcdef".indexOf(nid.charAt(i)) >= 0)
+					nnid += nid.charAt(i);
+			}
+			this.networkToJoin = nnid;
+			this.networkInputElement.value = nnid;
+		} else {
+			this.networkToJoin = '';
+			this.networkInputElement.value = '';
+		}
+	},
+
+	handleNetworkDelete: function(nwid) {
+		var networks = [];
+		for(var i=0;i<this.state._networks.length;++i) {
+			if (this.state._networks[i].nwid !== nwid)
+				networks.push(this.state._networks[i]);
+		}
+		this.setState({_networks: networks});
+	},
+
+	componentDidMount: function() {
+		this.updateAll();
+		this.updateIntervalId = setInterval(this.updateAll,2500);
+	},
+	componentWillUnmount: function() {
+		clearInterval(this.updateIntervalId);
+	},
+	render: function() {
+		return (
+			<div className="zeroTierNode">
+				<div className="middle"><div className="middleCell">
+					<div className="middleScroll">
+						<div className="networks" key="_networks">
+							{
+								this.state._networks.map(function(network) {
+									network['authToken'] = this.props.authToken;
+									network['onNetworkDeleted'] = this.handleNetworkDelete;
+									return React.createElement('div',{className: 'network',key: network.nwid},React.createElement(ZeroTierNetwork,network));
+								}.bind(this))
+							}
+						</div>
+					</div>
+				</div></div>
+				<div className="bottom">
+					<div className="left">
+						<span className="statusLine"><span className="zeroTierAddress">{this.state.address}</span>&nbsp;&nbsp;{this.state.online ? (this.state.tcpFallbackActive ? 'TUNNELED' : 'ONLINE') : 'OFFLINE'}&nbsp;&nbsp;{this.state.version}</span>
+					</div>
+					<div className="right">
+						<form onSubmit={this.joinNetwork}><input type="text" maxlength="16" placeholder="[ Network ID ]" onChange={this.handleNetworkIdEntry} size="16"/><button type="button" onClick={this.joinNetwork}>Join</button></form>
+					</div>
+				</div>
+			</div>
+		);
+	}
+});
diff --git a/ext/installfiles/mac/ui/index.html b/ext/installfiles/mac/ui/index.html
new file mode 100644
index 0000000..44edb39
--- /dev/null
+++ b/ext/installfiles/mac/ui/index.html
@@ -0,0 +1,58 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+	<meta http-equiv="X-UA-Compatible" content="IE=edge">
+	<meta charset="utf-8">
+	<meta name="viewport" content="width=device-width, initial-scale=1">
+	<title>ZeroTier One</title>
+	<link rel="stylesheet" href="zerotier.css">
+	<script src="simpleajax.min.js"></script>
+	<!-- <script src="https://fb.me/react-0.13.2.js"></script> -->
+	<script src="react.min.js"></script>
+	<script src="ztui.min.js"></script>
+</head>
+<body><div style="width: 100%; height: 100%;" id="main"></div></body>
+<script src="main.js"></script>
+<script>
+/* Windows hacks */
+function isIE() {
+	var myNav = navigator.userAgent.toLowerCase();
+	return (myNav.indexOf('msie') != -1) ? parseInt(myNav.split('msie')[1]) : false;
+}
+var ieVersion = isIE();
+function resizeMiddleScrollClasses() {
+	var elems = document.getElementsByTagName('*'), i;
+	for (i in elems) {
+		if ((' ' + elems[i].className + ' ').indexOf(' middleScroll ') > -1) {
+			elems[i].style.height = (document.body.clientHeight - (elems[i].parentNode.parentNode.previousElementSibling.clientHeight + elems[i].parentNode.parentNode.nextElementSibling.clientHeight)) + "px";
+		}
+	}
+}
+if (ieVersion !== false) {
+	if (ieVersion < 7) {
+		alert("Upgrade Internet Explorer on your system to use this interface. (detected version: " + ieVersion + ")");
+	} else {
+		resizeMiddleScrollClasses();
+		window.onresize = resizeMiddleScrollClasses;
+	}
+}
+
+/* MacGap hacks */
+if (typeof macgap !== 'undefined') {
+	if (macgap.menu) {
+		var tmp = macgap.menu.getItem("Help");
+		if (tmp)
+			tmp.remove();
+		tmp = macgap.menu.getItem("Format");
+		if (tmp)
+			tmp.remove();
+		tmp = macgap.menu.getItem("View");
+		if (tmp)
+			tmp.remove();
+		tmp = macgap.menu.getItem("File");
+		if (tmp)
+			tmp.remove();
+	}
+}
+</script>
+</html>
diff --git a/ext/installfiles/mac/ui/main.js b/ext/installfiles/mac/ui/main.js
new file mode 100644
index 0000000..a164712
--- /dev/null
+++ b/ext/installfiles/mac/ui/main.js
@@ -0,0 +1,51 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+function getUrlParameter(parameter)
+{
+	var currLocation = window.location.search;
+	if (currLocation.indexOf('?') < 0)
+		return '';
+	var parArr = currLocation.split("?")[1].split("&");
+	for(var i = 0; i < parArr.length; i++){
+		parr = parArr[i].split("=");
+		if (parr[0] == parameter) {
+			return decodeURIComponent(parr[1]);
+		}
+	}
+	return '';
+}
+
+var ztAuthToken = getUrlParameter('authToken');
+if ((!ztAuthToken)||(ztAuthToken.length <= 0)) {
+	ztAuthToken = prompt('No authToken specified in URL. Enter token from\nauthtoken.secret to authorize.');
+}
+
+React.render(
+	React.createElement(ZeroTierNode, {authToken: ztAuthToken}),
+	document.getElementById('main')
+);
diff --git a/ext/installfiles/mac/ui/react.min.js b/ext/installfiles/mac/ui/react.min.js
new file mode 100644
index 0000000..9040c97
--- /dev/null
+++ b/ext/installfiles/mac/ui/react.min.js
@@ -0,0 +1,15 @@
+/**
+ * React v0.13.2
+ *
+ * Copyright 2013-2015, Facebook, Inc.
+ * All rights reserved.
+ *
+ * This source code is licensed under the BSD-style license found in the
+ * LICENSE file in the root directory of this source tree. An additional grant
+ * of patent rights can be found in the PATENTS file in the same directory.
+ *
+ */
+!function(e){if("object"==typeof exports&&"undefined"!=typeof module)module.exports=e();else if("function"==typeof define&&define.amd)define([],e);else{var t;t="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:this,t.React=e()}}(function(){return function e(t,n,r){function o(a,u){if(!n[a]){if(!t[a]){var s="function"==typeof require&&require;if(!u&&s)return s(a,!0);if(i)return i(a,!0);var l=new Error("Cannot find module '"+a+"'");throw l.code="MODULE_NOT_FOUND",l}var c=n[a]={exports:{}};t[a][0].call(c.exports,function(e){var n=t[a][1][e];return o(n?n:e)},c,c.exports,e,t,n,r)}return n[a].exports}for(var i="function"==typeof require&&require,a=0;a<r.length;a++)o(r[a]);return o}({1:[function(e,t,n){"use strict";var r=e(19),o=e(32),i=e(34),a=e(33),u=e(38),s=e(39),l=e(55),c=(e(56),e(40)),p=e(51),d=e(54),f=e(64),h=e(68),m=e(73),v=e(76),g=e(79),y=e(82),C=e(27),E=e(115),b=e(142);d.inject();var _=l.createElement,x=l.createFactory,D=l.cloneElement,M=m.measure("React","render",h.render),N={Children:{map:o.map,forEach:o.forEach,count:o.count,only:b},Component:i,DOM:c,PropTypes:v,initializeTouchEvents:function(e){r.useTouchEvents=e},createClass:a.createClass,createElement:_,cloneElement:D,createFactory:x,createMixin:function(e){return e},constructAndRenderComponent:h.constructAndRenderComponent,constructAndRenderComponentByID:h.constructAndRenderComponentByID,findDOMNode:E,render:M,renderToString:y.renderToString,renderToStaticMarkup:y.renderToStaticMarkup,unmountComponentAtNode:h.unmountComponentAtNode,isValidElement:l.isValidElement,withContext:u.withContext,__spread:C};"undefined"!=typeof __REACT_DEVTOOLS_GLOBAL_HOOK__&&"function"==typeof __REACT_DEVTOOLS_GLOBAL_HOOK__.inject&&__REACT_DEVTOOLS_GLOBAL_HOOK__.inject({CurrentOwner:s,InstanceHandles:f,Mount:h,Reconciler:g,TextComponent:p});N.version="0.13.2",t.exports=N},{115:115,142:142,19:19,27:27,32:32,33:33,34:34,38:38,39:39,40:40,51:51,54:54,55:55,56:56,64:64,68:68,73:73,76:76,79:79,82:82}],2:[function(e,t,n){"use strict";var r=e(117),o={componentDidMount:function(){this.props.autoFocus&&r(this.getDOMNode())}};t.exports=o},{117:117}],3:[function(e,t,n){"use strict";function r(){var e=window.opera;return"object"==typeof e&&"function"==typeof e.version&&parseInt(e.version(),10)<=12}function o(e){return(e.ctrlKey||e.altKey||e.metaKey)&&!(e.ctrlKey&&e.altKey)}function i(e){switch(e){case T.topCompositionStart:return R.compositionStart;case T.topCompositionEnd:return R.compositionEnd;case T.topCompositionUpdate:return R.compositionUpdate}}function a(e,t){return e===T.topKeyDown&&t.keyCode===b}function u(e,t){switch(e){case T.topKeyUp:return-1!==E.indexOf(t.keyCode);case T.topKeyDown:return t.keyCode!==b;case T.topKeyPress:case T.topMouseDown:case T.topBlur:return!0;default:return!1}}function s(e){var t=e.detail;return"object"==typeof t&&"data"in t?t.data:null}function l(e,t,n,r){var o,l;if(_?o=i(e):w?u(e,r)&&(o=R.compositionEnd):a(e,r)&&(o=R.compositionStart),!o)return null;M&&(w||o!==R.compositionStart?o===R.compositionEnd&&w&&(l=w.getData()):w=v.getPooled(t));var c=g.getPooled(o,n,r);if(l)c.data=l;else{var p=s(r);null!==p&&(c.data=p)}return h.accumulateTwoPhaseDispatches(c),c}function c(e,t){switch(e){case T.topCompositionEnd:return s(t);case T.topKeyPress:var n=t.which;return n!==N?null:(P=!0,I);case T.topTextInput:var r=t.data;return r===I&&P?null:r;default:return null}}function p(e,t){if(w){if(e===T.topCompositionEnd||u(e,t)){var n=w.getData();return v.release(w),w=null,n}return null}switch(e){case T.topPaste:return null;case T.topKeyPress:return t.which&&!o(t)?String.fromCharCode(t.which):null;case T.topCompositionEnd:return M?null:t.data;default:return null}}function d(e,t,n,r){var o;if(o=D?c(e,r):p(e,r),!o)return null;var i=y.getPooled(R.beforeInput,n,r);return i.data=o,h.accumulateTwoPhaseDispatches(i),i}var f=e(15),h=e(20),m=e(21),v=e(22),g=e(91),y=e(95),C=e(139),E=[9,13,27,32],b=229,_=m.canUseDOM&&"CompositionEvent"in window,x=null;m.canUseDOM&&"documentMode"in document&&(x=document.documentMode);var D=m.canUseDOM&&"TextEvent"in window&&!x&&!r(),M=m.canUseDOM&&(!_||x&&x>8&&11>=x),N=32,I=String.fromCharCode(N),T=f.topLevelTypes,R={beforeInput:{phasedRegistrationNames:{bubbled:C({onBeforeInput:null}),captured:C({onBeforeInputCapture:null})},dependencies:[T.topCompositionEnd,T.topKeyPress,T.topTextInput,T.topPaste]},compositionEnd:{phasedRegistrationNames:{bubbled:C({onCompositionEnd:null}),captured:C({onCompositionEndCapture:null})},dependencies:[T.topBlur,T.topCompositionEnd,T.topKeyDown,T.topKeyPress,T.topKeyUp,T.topMouseDown]},compositionStart:{phasedRegistrationNames:{bubbled:C({onCompositionStart:null}),captured:C({onCompositionStartCapture:null})},dependencies:[T.topBlur,T.topCompositionStart,T.topKeyDown,T.topKeyPress,T.topKeyUp,T.topMouseDown]},compositionUpdate:{phasedRegistrationNames:{bubbled:C({onCompositionUpdate:null}),captured:C({onCompositionUpdateCapture:null})},dependencies:[T.topBlur,T.topCompositionUpdate,T.topKeyDown,T.topKeyPress,T.topKeyUp,T.topMouseDown]}},P=!1,w=null,O={eventTypes:R,extractEvents:function(e,t,n,r){return[l(e,t,n,r),d(e,t,n,r)]}};t.exports=O},{139:139,15:15,20:20,21:21,22:22,91:91,95:95}],4:[function(e,t,n){"use strict";function r(e,t){return e+t.charAt(0).toUpperCase()+t.substring(1)}var o={boxFlex:!0,boxFlexGroup:!0,columnCount:!0,flex:!0,flexGrow:!0,flexPositive:!0,flexShrink:!0,flexNegative:!0,fontWeight:!0,lineClamp:!0,lineHeight:!0,opacity:!0,order:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0,fillOpacity:!0,strokeDashoffset:!0,strokeOpacity:!0,strokeWidth:!0},i=["Webkit","ms","Moz","O"];Object.keys(o).forEach(function(e){i.forEach(function(t){o[r(t,e)]=o[e]})});var a={background:{backgroundImage:!0,backgroundPosition:!0,backgroundRepeat:!0,backgroundColor:!0},border:{borderWidth:!0,borderStyle:!0,borderColor:!0},borderBottom:{borderBottomWidth:!0,borderBottomStyle:!0,borderBottomColor:!0},borderLeft:{borderLeftWidth:!0,borderLeftStyle:!0,borderLeftColor:!0},borderRight:{borderRightWidth:!0,borderRightStyle:!0,borderRightColor:!0},borderTop:{borderTopWidth:!0,borderTopStyle:!0,borderTopColor:!0},font:{fontStyle:!0,fontVariant:!0,fontWeight:!0,fontSize:!0,lineHeight:!0,fontFamily:!0}},u={isUnitlessNumber:o,shorthandPropertyExpansions:a};t.exports=u},{}],5:[function(e,t,n){"use strict";var r=e(4),o=e(21),i=(e(106),e(111)),a=e(131),u=e(141),s=(e(150),u(function(e){return a(e)})),l="cssFloat";o.canUseDOM&&void 0===document.documentElement.style.cssFloat&&(l="styleFloat");var c={createMarkupForStyles:function(e){var t="";for(var n in e)if(e.hasOwnProperty(n)){var r=e[n];null!=r&&(t+=s(n)+":",t+=i(n,r)+";")}return t||null},setValueForStyles:function(e,t){var n=e.style;for(var o in t)if(t.hasOwnProperty(o)){var a=i(o,t[o]);if("float"===o&&(o=l),a)n[o]=a;else{var u=r.shorthandPropertyExpansions[o];if(u)for(var s in u)n[s]="";else n[o]=""}}}};t.exports=c},{106:106,111:111,131:131,141:141,150:150,21:21,4:4}],6:[function(e,t,n){"use strict";function r(){this._callbacks=null,this._contexts=null}var o=e(28),i=e(27),a=e(133);i(r.prototype,{enqueue:function(e,t){this._callbacks=this._callbacks||[],this._contexts=this._contexts||[],this._callbacks.push(e),this._contexts.push(t)},notifyAll:function(){var e=this._callbacks,t=this._contexts;if(e){a(e.length===t.length),this._callbacks=null,this._contexts=null;for(var n=0,r=e.length;r>n;n++)e[n].call(t[n]);e.length=0,t.length=0}},reset:function(){this._callbacks=null,this._contexts=null},destructor:function(){this.reset()}}),o.addPoolingTo(r),t.exports=r},{133:133,27:27,28:28}],7:[function(e,t,n){"use strict";function r(e){return"SELECT"===e.nodeName||"INPUT"===e.nodeName&&"file"===e.type}function o(e){var t=x.getPooled(T.change,P,e);E.accumulateTwoPhaseDispatches(t),_.batchedUpdates(i,t)}function i(e){C.enqueueEvents(e),C.processEventQueue()}function a(e,t){R=e,P=t,R.attachEvent("onchange",o)}function u(){R&&(R.detachEvent("onchange",o),R=null,P=null)}function s(e,t,n){return e===I.topChange?n:void 0}function l(e,t,n){e===I.topFocus?(u(),a(t,n)):e===I.topBlur&&u()}function c(e,t){R=e,P=t,w=e.value,O=Object.getOwnPropertyDescriptor(e.constructor.prototype,"value"),Object.defineProperty(R,"value",k),R.attachEvent("onpropertychange",d)}function p(){R&&(delete R.value,R.detachEvent("onpropertychange",d),R=null,P=null,w=null,O=null)}function d(e){if("value"===e.propertyName){var t=e.srcElement.value;t!==w&&(w=t,o(e))}}function f(e,t,n){return e===I.topInput?n:void 0}function h(e,t,n){e===I.topFocus?(p(),c(t,n)):e===I.topBlur&&p()}function m(e,t,n){return e!==I.topSelectionChange&&e!==I.topKeyUp&&e!==I.topKeyDown||!R||R.value===w?void 0:(w=R.value,P)}function v(e){return"INPUT"===e.nodeName&&("checkbox"===e.type||"radio"===e.type)}function g(e,t,n){return e===I.topClick?n:void 0}var y=e(15),C=e(17),E=e(20),b=e(21),_=e(85),x=e(93),D=e(134),M=e(136),N=e(139),I=y.topLevelTypes,T={change:{phasedRegistrationNames:{bubbled:N({onChange:null}),captured:N({onChangeCapture:null})},dependencies:[I.topBlur,I.topChange,I.topClick,I.topFocus,I.topInput,I.topKeyDown,I.topKeyUp,I.topSelectionChange]}},R=null,P=null,w=null,O=null,S=!1;b.canUseDOM&&(S=D("change")&&(!("documentMode"in document)||document.documentMode>8));var A=!1;b.canUseDOM&&(A=D("input")&&(!("documentMode"in document)||document.documentMode>9));var k={get:function(){return O.get.call(this)},set:function(e){w=""+e,O.set.call(this,e)}},L={eventTypes:T,extractEvents:function(e,t,n,o){var i,a;if(r(t)?S?i=s:a=l:M(t)?A?i=f:(i=m,a=h):v(t)&&(i=g),i){var u=i(e,t,n);if(u){var c=x.getPooled(T.change,u,o);return E.accumulateTwoPhaseDispatches(c),c}}a&&a(e,t,n)}};t.exports=L},{134:134,136:136,139:139,15:15,17:17,20:20,21:21,85:85,93:93}],8:[function(e,t,n){"use strict";var r=0,o={createReactRootIndex:function(){return r++}};t.exports=o},{}],9:[function(e,t,n){"use strict";function r(e,t,n){e.insertBefore(t,e.childNodes[n]||null)}var o=e(12),i=e(70),a=e(145),u=e(133),s={dangerouslyReplaceNodeWithMarkup:o.dangerouslyReplaceNodeWithMarkup,updateTextContent:a,processUpdates:function(e,t){for(var n,s=null,l=null,c=0;c<e.length;c++)if(n=e[c],n.type===i.MOVE_EXISTING||n.type===i.REMOVE_NODE){var p=n.fromIndex,d=n.parentNode.childNodes[p],f=n.parentID;u(d),s=s||{},s[f]=s[f]||[],s[f][p]=d,l=l||[],l.push(d)}var h=o.dangerouslyRenderMarkup(t);if(l)for(var m=0;m<l.length;m++)l[m].parentNode.removeChild(l[m]);for(var v=0;v<e.length;v++)switch(n=e[v],n.type){case i.INSERT_MARKUP:r(n.parentNode,h[n.markupIndex],n.toIndex);break;case i.MOVE_EXISTING:r(n.parentNode,s[n.parentID][n.fromIndex],n.toIndex);break;case i.TEXT_CONTENT:a(n.parentNode,n.textContent);break;case i.REMOVE_NODE:}}};t.exports=s},{12:12,133:133,145:145,70:70}],10:[function(e,t,n){"use strict";function r(e,t){return(e&t)===t}var o=e(133),i={MUST_USE_ATTRIBUTE:1,MUST_USE_PROPERTY:2,HAS_SIDE_EFFECTS:4,HAS_BOOLEAN_VALUE:8,HAS_NUMERIC_VALUE:16,HAS_POSITIVE_NUMERIC_VALUE:48,HAS_OVERLOADED_BOOLEAN_VALUE:64,injectDOMPropertyConfig:function(e){var t=e.Properties||{},n=e.DOMAttributeNames||{},a=e.DOMPropertyNames||{},s=e.DOMMutationMethods||{};e.isCustomAttribute&&u._isCustomAttributeFunctions.push(e.isCustomAttribute);for(var l in t){o(!u.isStandardName.hasOwnProperty(l)),u.isStandardName[l]=!0;var c=l.toLowerCase();if(u.getPossibleStandardName[c]=l,n.hasOwnProperty(l)){var p=n[l];u.getPossibleStandardName[p]=l,u.getAttributeName[l]=p}else u.getAttributeName[l]=c;u.getPropertyName[l]=a.hasOwnProperty(l)?a[l]:l,s.hasOwnProperty(l)?u.getMutationMethod[l]=s[l]:u.getMutationMethod[l]=null;var d=t[l];u.mustUseAttribute[l]=r(d,i.MUST_USE_ATTRIBUTE),u.mustUseProperty[l]=r(d,i.MUST_USE_PROPERTY),u.hasSideEffects[l]=r(d,i.HAS_SIDE_EFFECTS),u.hasBooleanValue[l]=r(d,i.HAS_BOOLEAN_VALUE),u.hasNumericValue[l]=r(d,i.HAS_NUMERIC_VALUE),u.hasPositiveNumericValue[l]=r(d,i.HAS_POSITIVE_NUMERIC_VALUE),u.hasOverloadedBooleanValue[l]=r(d,i.HAS_OVERLOADED_BOOLEAN_VALUE),o(!u.mustUseAttribute[l]||!u.mustUseProperty[l]),o(u.mustUseProperty[l]||!u.hasSideEffects[l]),o(!!u.hasBooleanValue[l]+!!u.hasNumericValue[l]+!!u.hasOverloadedBooleanValue[l]<=1)}}},a={},u={ID_ATTRIBUTE_NAME:"data-reactid",isStandardName:{},getPossibleStandardName:{},getAttributeName:{},getPropertyName:{},getMutationMethod:{},mustUseAttribute:{},mustUseProperty:{},hasSideEffects:{},hasBooleanValue:{},hasNumericValue:{},hasPositiveNumericValue:{},hasOverloadedBooleanValue:{},_isCustomAttributeFunctions:[],isCustomAttribute:function(e){for(var t=0;t<u._isCustomAttributeFunctions.length;t++){var n=u._isCustomAttributeFunctions[t];if(n(e))return!0}return!1},getDefaultValueForProperty:function(e,t){var n,r=a[e];return r||(a[e]=r={}),t in r||(n=document.createElement(e),r[t]=n[t]),r[t]},injection:i};t.exports=u},{133:133}],11:[function(e,t,n){"use strict";function r(e,t){return null==t||o.hasBooleanValue[e]&&!t||o.hasNumericValue[e]&&isNaN(t)||o.hasPositiveNumericValue[e]&&1>t||o.hasOverloadedBooleanValue[e]&&t===!1}var o=e(10),i=e(143),a=(e(150),{createMarkupForID:function(e){return o.ID_ATTRIBUTE_NAME+"="+i(e)},createMarkupForProperty:function(e,t){if(o.isStandardName.hasOwnProperty(e)&&o.isStandardName[e]){if(r(e,t))return"";var n=o.getAttributeName[e];return o.hasBooleanValue[e]||o.hasOverloadedBooleanValue[e]&&t===!0?n:n+"="+i(t)}return o.isCustomAttribute(e)?null==t?"":e+"="+i(t):null},setValueForProperty:function(e,t,n){if(o.isStandardName.hasOwnProperty(t)&&o.isStandardName[t]){var i=o.getMutationMethod[t];if(i)i(e,n);else if(r(t,n))this.deleteValueForProperty(e,t);else if(o.mustUseAttribute[t])e.setAttribute(o.getAttributeName[t],""+n);else{var a=o.getPropertyName[t];o.hasSideEffects[t]&&""+e[a]==""+n||(e[a]=n)}}else o.isCustomAttribute(t)&&(null==n?e.removeAttribute(t):e.setAttribute(t,""+n))},deleteValueForProperty:function(e,t){if(o.isStandardName.hasOwnProperty(t)&&o.isStandardName[t]){var n=o.getMutationMethod[t];if(n)n(e,void 0);else if(o.mustUseAttribute[t])e.removeAttribute(o.getAttributeName[t]);else{var r=o.getPropertyName[t],i=o.getDefaultValueForProperty(e.nodeName,r);o.hasSideEffects[t]&&""+e[r]===i||(e[r]=i)}}else o.isCustomAttribute(t)&&e.removeAttribute(t)}});t.exports=a},{10:10,143:143,150:150}],12:[function(e,t,n){"use strict";function r(e){return e.substring(1,e.indexOf(" "))}var o=e(21),i=e(110),a=e(112),u=e(125),s=e(133),l=/^(<[^ \/>]+)/,c="data-danger-index",p={dangerouslyRenderMarkup:function(e){s(o.canUseDOM);for(var t,n={},p=0;p<e.length;p++)s(e[p]),t=r(e[p]),t=u(t)?t:"*",n[t]=n[t]||[],n[t][p]=e[p];var d=[],f=0;for(t in n)if(n.hasOwnProperty(t)){var h,m=n[t];for(h in m)if(m.hasOwnProperty(h)){var v=m[h];m[h]=v.replace(l,"$1 "+c+'="'+h+'" ')}for(var g=i(m.join(""),a),y=0;y<g.length;++y){var C=g[y];C.hasAttribute&&C.hasAttribute(c)&&(h=+C.getAttribute(c),C.removeAttribute(c),s(!d.hasOwnProperty(h)),d[h]=C,f+=1)}}return s(f===d.length),s(d.length===e.length),d},dangerouslyReplaceNodeWithMarkup:function(e,t){s(o.canUseDOM),s(t),s("html"!==e.tagName.toLowerCase());var n=i(t,a)[0];e.parentNode.replaceChild(n,e)}};t.exports=p},{110:110,112:112,125:125,133:133,21:21}],13:[function(e,t,n){"use strict";var r=e(139),o=[r({ResponderEventPlugin:null}),r({SimpleEventPlugin:null}),r({TapEventPlugin:null}),r({EnterLeaveEventPlugin:null}),r({ChangeEventPlugin:null}),r({SelectEventPlugin:null}),r({BeforeInputEventPlugin:null}),r({AnalyticsEventPlugin:null}),r({MobileSafariClickEventPlugin:null})];t.exports=o},{139:139}],14:[function(e,t,n){"use strict";var r=e(15),o=e(20),i=e(97),a=e(68),u=e(139),s=r.topLevelTypes,l=a.getFirstReactDOM,c={mouseEnter:{registrationName:u({onMouseEnter:null}),dependencies:[s.topMouseOut,s.topMouseOver]},mouseLeave:{registrationName:u({onMouseLeave:null}),dependencies:[s.topMouseOut,s.topMouseOver]}},p=[null,null],d={eventTypes:c,extractEvents:function(e,t,n,r){if(e===s.topMouseOver&&(r.relatedTarget||r.fromElement))return null;if(e!==s.topMouseOut&&e!==s.topMouseOver)return null;var u;if(t.window===t)u=t;else{var d=t.ownerDocument;u=d?d.defaultView||d.parentWindow:window}var f,h;if(e===s.topMouseOut?(f=t,h=l(r.relatedTarget||r.toElement)||u):(f=u,h=t),f===h)return null;var m=f?a.getID(f):"",v=h?a.getID(h):"",g=i.getPooled(c.mouseLeave,m,r);g.type="mouseleave",g.target=f,g.relatedTarget=h;var y=i.getPooled(c.mouseEnter,v,r);return y.type="mouseenter",y.target=h,y.relatedTarget=f,o.accumulateEnterLeaveDispatches(g,y,m,v),p[0]=g,p[1]=y,p}};t.exports=d},{139:139,15:15,20:20,68:68,97:97}],15:[function(e,t,n){"use strict";var r=e(138),o=r({bubbled:null,captured:null}),i=r({topBlur:null,topChange:null,topClick:null,topCompositionEnd:null,topCompositionStart:null,topCompositionUpdate:null,topContextMenu:null,topCopy:null,topCut:null,topDoubleClick:null,topDrag:null,topDragEnd:null,topDragEnter:null,topDragExit:null,topDragLeave:null,topDragOver:null,topDragStart:null,topDrop:null,topError:null,topFocus:null,topInput:null,topKeyDown:null,topKeyPress:null,topKeyUp:null,topLoad:null,topMouseDown:null,topMouseMove:null,topMouseOut:null,topMouseOver:null,topMouseUp:null,topPaste:null,topReset:null,topScroll:null,topSelectionChange:null,topSubmit:null,topTextInput:null,topTouchCancel:null,topTouchEnd:null,topTouchMove:null,topTouchStart:null,topWheel:null}),a={topLevelTypes:i,PropagationPhases:o};t.exports=a},{138:138}],16:[function(e,t,n){var r=e(112),o={listen:function(e,t,n){return e.addEventListener?(e.addEventListener(t,n,!1),{remove:function(){e.removeEventListener(t,n,!1)}}):e.attachEvent?(e.attachEvent("on"+t,n),{remove:function(){e.detachEvent("on"+t,n)}}):void 0},capture:function(e,t,n){return e.addEventListener?(e.addEventListener(t,n,!0),{remove:function(){e.removeEventListener(t,n,!0)}}):{remove:r}},registerDefault:function(){}};t.exports=o},{112:112}],17:[function(e,t,n){"use strict";var r=e(18),o=e(19),i=e(103),a=e(118),u=e(133),s={},l=null,c=function(e){if(e){var t=o.executeDispatch,n=r.getPluginModuleForEvent(e);n&&n.executeDispatch&&(t=n.executeDispatch),o.executeDispatchesInOrder(e,t),e.isPersistent()||e.constructor.release(e)}},p=null,d={injection:{injectMount:o.injection.injectMount,injectInstanceHandle:function(e){p=e},getInstanceHandle:function(){return p},injectEventPluginOrder:r.injectEventPluginOrder,injectEventPluginsByName:r.injectEventPluginsByName},eventNameDispatchConfigs:r.eventNameDispatchConfigs,registrationNameModules:r.registrationNameModules,putListener:function(e,t,n){u(!n||"function"==typeof n);var r=s[t]||(s[t]={});r[e]=n},getListener:function(e,t){var n=s[t];return n&&n[e]},deleteListener:function(e,t){var n=s[t];n&&delete n[e]},deleteAllListeners:function(e){for(var t in s)delete s[t][e]},extractEvents:function(e,t,n,o){for(var a,u=r.plugins,s=0,l=u.length;l>s;s++){var c=u[s];if(c){var p=c.extractEvents(e,t,n,o);p&&(a=i(a,p))}}return a},enqueueEvents:function(e){e&&(l=i(l,e))},processEventQueue:function(){var e=l;l=null,a(e,c),u(!l)},__purge:function(){s={}},__getListenerBank:function(){return s}};t.exports=d},{103:103,118:118,133:133,18:18,19:19}],18:[function(e,t,n){"use strict";function r(){if(u)for(var e in s){var t=s[e],n=u.indexOf(e);if(a(n>-1),!l.plugins[n]){a(t.extractEvents),l.plugins[n]=t;var r=t.eventTypes;for(var i in r)a(o(r[i],t,i))}}}function o(e,t,n){a(!l.eventNameDispatchConfigs.hasOwnProperty(n)),l.eventNameDispatchConfigs[n]=e;var r=e.phasedRegistrationNames;if(r){for(var o in r)if(r.hasOwnProperty(o)){var u=r[o];i(u,t,n)}return!0}return e.registrationName?(i(e.registrationName,t,n),!0):!1}function i(e,t,n){a(!l.registrationNameModules[e]),l.registrationNameModules[e]=t,l.registrationNameDependencies[e]=t.eventTypes[n].dependencies}var a=e(133),u=null,s={},l={plugins:[],eventNameDispatchConfigs:{},registrationNameModules:{},registrationNameDependencies:{},injectEventPluginOrder:function(e){a(!u),u=Array.prototype.slice.call(e),r()},injectEventPluginsByName:function(e){var t=!1;for(var n in e)if(e.hasOwnProperty(n)){var o=e[n];s.hasOwnProperty(n)&&s[n]===o||(a(!s[n]),s[n]=o,t=!0)}t&&r()},getPluginModuleForEvent:function(e){var t=e.dispatchConfig;if(t.registrationName)return l.registrationNameModules[t.registrationName]||null;for(var n in t.phasedRegistrationNames)if(t.phasedRegistrationNames.hasOwnProperty(n)){var r=l.registrationNameModules[t.phasedRegistrationNames[n]];if(r)return r}return null},_resetEventPlugins:function(){u=null;for(var e in s)s.hasOwnProperty(e)&&delete s[e];l.plugins.length=0;var t=l.eventNameDispatchConfigs;for(var n in t)t.hasOwnProperty(n)&&delete t[n];var r=l.registrationNameModules;for(var o in r)r.hasOwnProperty(o)&&delete r[o]}};t.exports=l},{133:133}],19:[function(e,t,n){"use strict";function r(e){return e===v.topMouseUp||e===v.topTouchEnd||e===v.topTouchCancel}function o(e){return e===v.topMouseMove||e===v.topTouchMove}function i(e){return e===v.topMouseDown||e===v.topTouchStart}function a(e,t){var n=e._dispatchListeners,r=e._dispatchIDs;if(Array.isArray(n))for(var o=0;o<n.length&&!e.isPropagationStopped();o++)t(e,n[o],r[o]);else n&&t(e,n,r)}function u(e,t,n){e.currentTarget=m.Mount.getNode(n);var r=t(e,n);return e.currentTarget=null,r}function s(e,t){a(e,t),e._dispatchListeners=null,e._dispatchIDs=null}function l(e){var t=e._dispatchListeners,n=e._dispatchIDs;if(Array.isArray(t)){for(var r=0;r<t.length&&!e.isPropagationStopped();r++)if(t[r](e,n[r]))return n[r]}else if(t&&t(e,n))return n;return null}function c(e){var t=l(e);return e._dispatchIDs=null,e._dispatchListeners=null,t}function p(e){var t=e._dispatchListeners,n=e._dispatchIDs;h(!Array.isArray(t));var r=t?t(e,n):null;return e._dispatchListeners=null,e._dispatchIDs=null,r}function d(e){return!!e._dispatchListeners}var f=e(15),h=e(133),m={Mount:null,injectMount:function(e){m.Mount=e}},v=f.topLevelTypes,g={isEndish:r,isMoveish:o,isStartish:i,executeDirectDispatch:p,executeDispatch:u,executeDispatchesInOrder:s,executeDispatchesInOrderStopAtTrue:c,hasDispatches:d,injection:m,useTouchEvents:!1};t.exports=g},{133:133,15:15}],20:[function(e,t,n){"use strict";function r(e,t,n){var r=t.dispatchConfig.phasedRegistrationNames[n];return v(e,r)}function o(e,t,n){var o=t?m.bubbled:m.captured,i=r(e,n,o);i&&(n._dispatchListeners=f(n._dispatchListeners,i),n._dispatchIDs=f(n._dispatchIDs,e))}function i(e){e&&e.dispatchConfig.phasedRegistrationNames&&d.injection.getInstanceHandle().traverseTwoPhase(e.dispatchMarker,o,e)}function a(e,t,n){if(n&&n.dispatchConfig.registrationName){var r=n.dispatchConfig.registrationName,o=v(e,r);o&&(n._dispatchListeners=f(n._dispatchListeners,o),n._dispatchIDs=f(n._dispatchIDs,e))}}function u(e){e&&e.dispatchConfig.registrationName&&a(e.dispatchMarker,null,e)}function s(e){h(e,i)}function l(e,t,n,r){d.injection.getInstanceHandle().traverseEnterLeave(n,r,a,e,t)}function c(e){h(e,u)}var p=e(15),d=e(17),f=e(103),h=e(118),m=p.PropagationPhases,v=d.getListener,g={accumulateTwoPhaseDispatches:s,accumulateDirectDispatches:c,accumulateEnterLeaveDispatches:l};t.exports=g},{103:103,118:118,15:15,17:17}],21:[function(e,t,n){"use strict";var r=!("undefined"==typeof window||!window.document||!window.document.createElement),o={canUseDOM:r,canUseWorkers:"undefined"!=typeof Worker,canUseEventListeners:r&&!(!window.addEventListener&&!window.attachEvent),canUseViewport:r&&!!window.screen,isInWorker:!r};t.exports=o},{}],22:[function(e,t,n){"use strict";function r(e){this._root=e,this._startText=this.getText(),this._fallbackText=null}var o=e(28),i=e(27),a=e(128);i(r.prototype,{getText:function(){return"value"in this._root?this._root.value:this._root[a()]},getData:function(){if(this._fallbackText)return this._fallbackText;var e,t,n=this._startText,r=n.length,o=this.getText(),i=o.length;for(e=0;r>e&&n[e]===o[e];e++);var a=r-e;for(t=1;a>=t&&n[r-t]===o[i-t];t++);var u=t>1?1-t:void 0;return this._fallbackText=o.slice(e,u),this._fallbackText}}),o.addPoolingTo(r),t.exports=r},{128:128,27:27,28:28}],23:[function(e,t,n){"use strict";var r,o=e(10),i=e(21),a=o.injection.MUST_USE_ATTRIBUTE,u=o.injection.MUST_USE_PROPERTY,s=o.injection.HAS_BOOLEAN_VALUE,l=o.injection.HAS_SIDE_EFFECTS,c=o.injection.HAS_NUMERIC_VALUE,p=o.injection.HAS_POSITIVE_NUMERIC_VALUE,d=o.injection.HAS_OVERLOADED_BOOLEAN_VALUE;if(i.canUseDOM){var f=document.implementation;r=f&&f.hasFeature&&f.hasFeature("http://www.w3.org/TR/SVG11/feature#BasicStructure","1.1")}var h={isCustomAttribute:RegExp.prototype.test.bind(/^(data|aria)-[a-z_][a-z\d_.\-]*$/),Properties:{accept:null,acceptCharset:null,accessKey:null,action:null,allowFullScreen:a|s,allowTransparency:a,alt:null,async:s,autoComplete:null,autoPlay:s,cellPadding:null,cellSpacing:null,charSet:a,checked:u|s,classID:a,className:r?a:u,cols:a|p,colSpan:null,content:null,contentEditable:null,contextMenu:a,controls:u|s,coords:null,crossOrigin:null,data:null,dateTime:a,defer:s,dir:null,disabled:a|s,download:d,draggable:null,encType:null,form:a,formAction:a,formEncType:a,formMethod:a,formNoValidate:s,formTarget:a,frameBorder:a,headers:null,height:a,hidden:a|s,high:null,href:null,hrefLang:null,htmlFor:null,httpEquiv:null,icon:null,id:u,label:null,lang:null,list:a,loop:u|s,low:null,manifest:a,marginHeight:null,marginWidth:null,max:null,maxLength:a,media:a,mediaGroup:null,method:null,min:null,multiple:u|s,muted:u|s,name:null,noValidate:s,open:s,optimum:null,pattern:null,placeholder:null,poster:null,preload:null,radioGroup:null,readOnly:u|s,rel:null,required:s,role:a,rows:a|p,rowSpan:null,sandbox:null,scope:null,scoped:s,scrolling:null,seamless:a|s,selected:u|s,shape:null,size:a|p,sizes:a,span:p,spellCheck:null,src:null,srcDoc:u,srcSet:a,start:c,step:null,style:null,tabIndex:null,target:null,title:null,type:null,useMap:null,value:u|l,width:a,wmode:a,autoCapitalize:null,autoCorrect:null,itemProp:a,itemScope:a|s,itemType:a,itemID:a,itemRef:a,property:null,unselectable:a},DOMAttributeNames:{acceptCharset:"accept-charset",className:"class",htmlFor:"for",httpEquiv:"http-equiv"},DOMPropertyNames:{autoCapitalize:"autocapitalize",autoComplete:"autocomplete",autoCorrect:"autocorrect",autoFocus:"autofocus",autoPlay:"autoplay",encType:"encoding",hrefLang:"hreflang",radioGroup:"radiogroup",spellCheck:"spellcheck",srcDoc:"srcdoc",srcSet:"srcset"}};t.exports=h},{10:10,21:21}],24:[function(e,t,n){"use strict";function r(e){l(null==e.props.checkedLink||null==e.props.valueLink)}function o(e){r(e),l(null==e.props.value&&null==e.props.onChange)}function i(e){r(e),l(null==e.props.checked&&null==e.props.onChange)}function a(e){this.props.valueLink.requestChange(e.target.value)}function u(e){this.props.checkedLink.requestChange(e.target.checked)}var s=e(76),l=e(133),c={button:!0,checkbox:!0,image:!0,hidden:!0,radio:!0,reset:!0,submit:!0},p={Mixin:{propTypes:{value:function(e,t,n){return!e[t]||c[e.type]||e.onChange||e.readOnly||e.disabled?null:new Error("You provided a `value` prop to a form field without an `onChange` handler. This will render a read-only field. If the field should be mutable use `defaultValue`. Otherwise, set either `onChange` or `readOnly`.")},checked:function(e,t,n){return!e[t]||e.onChange||e.readOnly||e.disabled?null:new Error("You provided a `checked` prop to a form field without an `onChange` handler. This will render a read-only field. If the field should be mutable use `defaultChecked`. Otherwise, set either `onChange` or `readOnly`.")},onChange:s.func}},getValue:function(e){return e.props.valueLink?(o(e),e.props.valueLink.value):e.props.value},getChecked:function(e){return e.props.checkedLink?(i(e),e.props.checkedLink.value):e.props.checked},getOnChange:function(e){return e.props.valueLink?(o(e),a):e.props.checkedLink?(i(e),u):e.props.onChange}};t.exports=p},{133:133,76:76}],25:[function(e,t,n){"use strict";function r(e){e.remove()}var o=e(30),i=e(103),a=e(118),u=e(133),s={trapBubbledEvent:function(e,t){u(this.isMounted());var n=this.getDOMNode();u(n);var r=o.trapBubbledEvent(e,t,n);this._localEventListeners=i(this._localEventListeners,r)},componentWillUnmount:function(){this._localEventListeners&&a(this._localEventListeners,r)}};t.exports=s},{103:103,118:118,133:133,30:30}],26:[function(e,t,n){"use strict";var r=e(15),o=e(112),i=r.topLevelTypes,a={eventTypes:null,extractEvents:function(e,t,n,r){if(e===i.topTouchStart){var a=r.target;a&&!a.onclick&&(a.onclick=o)}}};t.exports=a},{112:112,15:15}],27:[function(e,t,n){"use strict";function r(e,t){if(null==e)throw new TypeError("Object.assign target cannot be null or undefined");for(var n=Object(e),r=Object.prototype.hasOwnProperty,o=1;o<arguments.length;o++){var i=arguments[o];if(null!=i){var a=Object(i);for(var u in a)r.call(a,u)&&(n[u]=a[u])}}return n}t.exports=r},{}],28:[function(e,t,n){"use strict";var r=e(133),o=function(e){var t=this;if(t.instancePool.length){var n=t.instancePool.pop();return t.call(n,e),n}return new t(e)},i=function(e,t){var n=this;if(n.instancePool.length){var r=n.instancePool.pop();return n.call(r,e,t),r}return new n(e,t)},a=function(e,t,n){var r=this;if(r.instancePool.length){var o=r.instancePool.pop();return r.call(o,e,t,n),o}return new r(e,t,n)},u=function(e,t,n,r,o){var i=this;if(i.instancePool.length){var a=i.instancePool.pop();return i.call(a,e,t,n,r,o),a}return new i(e,t,n,r,o)},s=function(e){var t=this;r(e instanceof t),e.destructor&&e.destructor(),t.instancePool.length<t.poolSize&&t.instancePool.push(e)},l=10,c=o,p=function(e,t){var n=e;return n.instancePool=[],n.getPooled=t||c,n.poolSize||(n.poolSize=l),n.release=s,n},d={addPoolingTo:p,oneArgumentPooler:o,twoArgumentPooler:i,threeArgumentPooler:a,fiveArgumentPooler:u};t.exports=d},{133:133}],29:[function(e,t,n){"use strict";var r=e(115),o={getDOMNode:function(){return r(this)}};t.exports=o},{115:115}],30:[function(e,t,n){"use strict";function r(e){return Object.prototype.hasOwnProperty.call(e,m)||(e[m]=f++,p[e[m]]={}),p[e[m]]}var o=e(15),i=e(17),a=e(18),u=e(59),s=e(102),l=e(27),c=e(134),p={},d=!1,f=0,h={topBlur:"blur",topChange:"change",topClick:"click",topCompositionEnd:"compositionend",topCompositionStart:"compositionstart",topCompositionUpdate:"compositionupdate",topContextMenu:"contextmenu",topCopy:"copy",topCut:"cut",topDoubleClick:"dblclick",topDrag:"drag",topDragEnd:"dragend",topDragEnter:"dragenter",topDragExit:"dragexit",topDragLeave:"dragleave",topDragOver:"dragover",topDragStart:"dragstart",topDrop:"drop",topFocus:"focus",topInput:"input",topKeyDown:"keydown",topKeyPress:"keypress",topKeyUp:"keyup",topMouseDown:"mousedown",topMouseMove:"mousemove",topMouseOut:"mouseout",topMouseOver:"mouseover",topMouseUp:"mouseup",topPaste:"paste",topScroll:"scroll",topSelectionChange:"selectionchange",topTextInput:"textInput",topTouchCancel:"touchcancel",topTouchEnd:"touchend",topTouchMove:"touchmove",topTouchStart:"touchstart",topWheel:"wheel"},m="_reactListenersID"+String(Math.random()).slice(2),v=l({},u,{ReactEventListener:null,injection:{injectReactEventListener:function(e){e.setHandleTopLevel(v.handleTopLevel),v.ReactEventListener=e}},setEnabled:function(e){v.ReactEventListener&&v.ReactEventListener.setEnabled(e)},isEnabled:function(){return!(!v.ReactEventListener||!v.ReactEventListener.isEnabled())},listenTo:function(e,t){for(var n=t,i=r(n),u=a.registrationNameDependencies[e],s=o.topLevelTypes,l=0,p=u.length;p>l;l++){var d=u[l];i.hasOwnProperty(d)&&i[d]||(d===s.topWheel?c("wheel")?v.ReactEventListener.trapBubbledEvent(s.topWheel,"wheel",n):c("mousewheel")?v.ReactEventListener.trapBubbledEvent(s.topWheel,"mousewheel",n):v.ReactEventListener.trapBubbledEvent(s.topWheel,"DOMMouseScroll",n):d===s.topScroll?c("scroll",!0)?v.ReactEventListener.trapCapturedEvent(s.topScroll,"scroll",n):v.ReactEventListener.trapBubbledEvent(s.topScroll,"scroll",v.ReactEventListener.WINDOW_HANDLE):d===s.topFocus||d===s.topBlur?(c("focus",!0)?(v.ReactEventListener.trapCapturedEvent(s.topFocus,"focus",n),v.ReactEventListener.trapCapturedEvent(s.topBlur,"blur",n)):c("focusin")&&(v.ReactEventListener.trapBubbledEvent(s.topFocus,"focusin",n),v.ReactEventListener.trapBubbledEvent(s.topBlur,"focusout",n)),i[s.topBlur]=!0,i[s.topFocus]=!0):h.hasOwnProperty(d)&&v.ReactEventListener.trapBubbledEvent(d,h[d],n),i[d]=!0)}},trapBubbledEvent:function(e,t,n){
+return v.ReactEventListener.trapBubbledEvent(e,t,n)},trapCapturedEvent:function(e,t,n){return v.ReactEventListener.trapCapturedEvent(e,t,n)},ensureScrollValueMonitoring:function(){if(!d){var e=s.refreshScrollValues;v.ReactEventListener.monitorScrollValue(e),d=!0}},eventNameDispatchConfigs:i.eventNameDispatchConfigs,registrationNameModules:i.registrationNameModules,putListener:i.putListener,getListener:i.getListener,deleteListener:i.deleteListener,deleteAllListeners:i.deleteAllListeners});t.exports=v},{102:102,134:134,15:15,17:17,18:18,27:27,59:59}],31:[function(e,t,n){"use strict";var r=e(79),o=e(116),i=e(132),a=e(147),u={instantiateChildren:function(e,t,n){var r=o(e);for(var a in r)if(r.hasOwnProperty(a)){var u=r[a],s=i(u,null);r[a]=s}return r},updateChildren:function(e,t,n,u){var s=o(t);if(!s&&!e)return null;var l;for(l in s)if(s.hasOwnProperty(l)){var c=e&&e[l],p=c&&c._currentElement,d=s[l];if(a(p,d))r.receiveComponent(c,d,n,u),s[l]=c;else{c&&r.unmountComponent(c,l);var f=i(d,null);s[l]=f}}for(l in e)!e.hasOwnProperty(l)||s&&s.hasOwnProperty(l)||r.unmountComponent(e[l]);return s},unmountChildren:function(e){for(var t in e){var n=e[t];r.unmountComponent(n)}}};t.exports=u},{116:116,132:132,147:147,79:79}],32:[function(e,t,n){"use strict";function r(e,t){this.forEachFunction=e,this.forEachContext=t}function o(e,t,n,r){var o=e;o.forEachFunction.call(o.forEachContext,t,r)}function i(e,t,n){if(null==e)return e;var i=r.getPooled(t,n);f(e,o,i),r.release(i)}function a(e,t,n){this.mapResult=e,this.mapFunction=t,this.mapContext=n}function u(e,t,n,r){var o=e,i=o.mapResult,a=!i.hasOwnProperty(n);if(a){var u=o.mapFunction.call(o.mapContext,t,r);i[n]=u}}function s(e,t,n){if(null==e)return e;var r={},o=a.getPooled(r,t,n);return f(e,u,o),a.release(o),d.create(r)}function l(e,t,n,r){return null}function c(e,t){return f(e,l,null)}var p=e(28),d=e(61),f=e(149),h=(e(150),p.twoArgumentPooler),m=p.threeArgumentPooler;p.addPoolingTo(r,h),p.addPoolingTo(a,m);var v={forEach:i,map:s,count:c};t.exports=v},{149:149,150:150,28:28,61:61}],33:[function(e,t,n){"use strict";function r(e,t){var n=D.hasOwnProperty(t)?D[t]:null;N.hasOwnProperty(t)&&y(n===_.OVERRIDE_BASE),e.hasOwnProperty(t)&&y(n===_.DEFINE_MANY||n===_.DEFINE_MANY_MERGED)}function o(e,t){if(t){y("function"!=typeof t),y(!d.isValidElement(t));var n=e.prototype;t.hasOwnProperty(b)&&M.mixins(e,t.mixins);for(var o in t)if(t.hasOwnProperty(o)&&o!==b){var i=t[o];if(r(n,o),M.hasOwnProperty(o))M[o](e,i);else{var a=D.hasOwnProperty(o),l=n.hasOwnProperty(o),c=i&&i.__reactDontBind,p="function"==typeof i,f=p&&!a&&!l&&!c;if(f)n.__reactAutoBindMap||(n.__reactAutoBindMap={}),n.__reactAutoBindMap[o]=i,n[o]=i;else if(l){var h=D[o];y(a&&(h===_.DEFINE_MANY_MERGED||h===_.DEFINE_MANY)),h===_.DEFINE_MANY_MERGED?n[o]=u(n[o],i):h===_.DEFINE_MANY&&(n[o]=s(n[o],i))}else n[o]=i}}}}function i(e,t){if(t)for(var n in t){var r=t[n];if(t.hasOwnProperty(n)){var o=n in M;y(!o);var i=n in e;y(!i),e[n]=r}}}function a(e,t){y(e&&t&&"object"==typeof e&&"object"==typeof t);for(var n in t)t.hasOwnProperty(n)&&(y(void 0===e[n]),e[n]=t[n]);return e}function u(e,t){return function(){var n=e.apply(this,arguments),r=t.apply(this,arguments);if(null==n)return r;if(null==r)return n;var o={};return a(o,n),a(o,r),o}}function s(e,t){return function(){e.apply(this,arguments),t.apply(this,arguments)}}function l(e,t){var n=t.bind(e);return n}function c(e){for(var t in e.__reactAutoBindMap)if(e.__reactAutoBindMap.hasOwnProperty(t)){var n=e.__reactAutoBindMap[t];e[t]=l(e,f.guard(n,e.constructor.displayName+"."+t))}}var p=e(34),d=(e(39),e(55)),f=e(58),h=e(65),m=e(66),v=(e(75),e(74),e(84)),g=e(27),y=e(133),C=e(138),E=e(139),b=(e(150),E({mixins:null})),_=C({DEFINE_ONCE:null,DEFINE_MANY:null,OVERRIDE_BASE:null,DEFINE_MANY_MERGED:null}),x=[],D={mixins:_.DEFINE_MANY,statics:_.DEFINE_MANY,propTypes:_.DEFINE_MANY,contextTypes:_.DEFINE_MANY,childContextTypes:_.DEFINE_MANY,getDefaultProps:_.DEFINE_MANY_MERGED,getInitialState:_.DEFINE_MANY_MERGED,getChildContext:_.DEFINE_MANY_MERGED,render:_.DEFINE_ONCE,componentWillMount:_.DEFINE_MANY,componentDidMount:_.DEFINE_MANY,componentWillReceiveProps:_.DEFINE_MANY,shouldComponentUpdate:_.DEFINE_ONCE,componentWillUpdate:_.DEFINE_MANY,componentDidUpdate:_.DEFINE_MANY,componentWillUnmount:_.DEFINE_MANY,updateComponent:_.OVERRIDE_BASE},M={displayName:function(e,t){e.displayName=t},mixins:function(e,t){if(t)for(var n=0;n<t.length;n++)o(e,t[n])},childContextTypes:function(e,t){e.childContextTypes=g({},e.childContextTypes,t)},contextTypes:function(e,t){e.contextTypes=g({},e.contextTypes,t)},getDefaultProps:function(e,t){e.getDefaultProps?e.getDefaultProps=u(e.getDefaultProps,t):e.getDefaultProps=t},propTypes:function(e,t){e.propTypes=g({},e.propTypes,t)},statics:function(e,t){i(e,t)}},N={replaceState:function(e,t){v.enqueueReplaceState(this,e),t&&v.enqueueCallback(this,t)},isMounted:function(){var e=h.get(this);return e&&e!==m.currentlyMountingInstance},setProps:function(e,t){v.enqueueSetProps(this,e),t&&v.enqueueCallback(this,t)},replaceProps:function(e,t){v.enqueueReplaceProps(this,e),t&&v.enqueueCallback(this,t)}},I=function(){};g(I.prototype,p.prototype,N);var T={createClass:function(e){var t=function(e,t){this.__reactAutoBindMap&&c(this),this.props=e,this.context=t,this.state=null;var n=this.getInitialState?this.getInitialState():null;y("object"==typeof n&&!Array.isArray(n)),this.state=n};t.prototype=new I,t.prototype.constructor=t,x.forEach(o.bind(null,t)),o(t,e),t.getDefaultProps&&(t.defaultProps=t.getDefaultProps()),y(t.prototype.render);for(var n in D)t.prototype[n]||(t.prototype[n]=null);return t.type=t,t},injection:{injectMixin:function(e){x.push(e)}}};t.exports=T},{133:133,138:138,139:139,150:150,27:27,34:34,39:39,55:55,58:58,65:65,66:66,74:74,75:75,84:84}],34:[function(e,t,n){"use strict";function r(e,t){this.props=e,this.context=t}{var o=e(84),i=e(133);e(150)}r.prototype.setState=function(e,t){i("object"==typeof e||"function"==typeof e||null==e),o.enqueueSetState(this,e),t&&o.enqueueCallback(this,t)},r.prototype.forceUpdate=function(e){o.enqueueForceUpdate(this),e&&o.enqueueCallback(this,e)};t.exports=r},{133:133,150:150,84:84}],35:[function(e,t,n){"use strict";var r=e(44),o=e(68),i={processChildrenUpdates:r.dangerouslyProcessChildrenUpdates,replaceNodeWithMarkupByID:r.dangerouslyReplaceNodeWithMarkupByID,unmountIDFromEnvironment:function(e){o.purgeID(e)}};t.exports=i},{44:44,68:68}],36:[function(e,t,n){"use strict";var r=e(133),o=!1,i={unmountIDFromEnvironment:null,replaceNodeWithMarkupByID:null,processChildrenUpdates:null,injection:{injectEnvironment:function(e){r(!o),i.unmountIDFromEnvironment=e.unmountIDFromEnvironment,i.replaceNodeWithMarkupByID=e.replaceNodeWithMarkupByID,i.processChildrenUpdates=e.processChildrenUpdates,o=!0}}};t.exports=i},{133:133}],37:[function(e,t,n){"use strict";function r(e){var t=e._currentElement._owner||null;if(t){var n=t.getName();if(n)return" Check the render method of `"+n+"`."}return""}var o=e(36),i=e(38),a=e(39),u=e(55),s=(e(56),e(65)),l=e(66),c=e(71),p=e(73),d=e(75),f=(e(74),e(79)),h=e(85),m=e(27),v=e(113),g=e(133),y=e(147),C=(e(150),1),E={construct:function(e){this._currentElement=e,this._rootNodeID=null,this._instance=null,this._pendingElement=null,this._pendingStateQueue=null,this._pendingReplaceState=!1,this._pendingForceUpdate=!1,this._renderedComponent=null,this._context=null,this._mountOrder=0,this._isTopLevel=!1,this._pendingCallbacks=null},mountComponent:function(e,t,n){this._context=n,this._mountOrder=C++,this._rootNodeID=e;var r=this._processProps(this._currentElement.props),o=this._processContext(this._currentElement._context),i=c.getComponentClassForElement(this._currentElement),a=new i(r,o);a.props=r,a.context=o,a.refs=v,this._instance=a,s.set(a,this);var u=a.state;void 0===u&&(a.state=u=null),g("object"==typeof u&&!Array.isArray(u)),this._pendingStateQueue=null,this._pendingReplaceState=!1,this._pendingForceUpdate=!1;var p,d=l.currentlyMountingInstance;l.currentlyMountingInstance=this;try{a.componentWillMount&&(a.componentWillMount(),this._pendingStateQueue&&(a.state=this._processPendingState(a.props,a.context))),p=this._renderValidatedComponent()}finally{l.currentlyMountingInstance=d}this._renderedComponent=this._instantiateReactComponent(p,this._currentElement.type);var h=f.mountComponent(this._renderedComponent,e,t,this._processChildContext(n));return a.componentDidMount&&t.getReactMountReady().enqueue(a.componentDidMount,a),h},unmountComponent:function(){var e=this._instance;if(e.componentWillUnmount){var t=l.currentlyUnmountingInstance;l.currentlyUnmountingInstance=this;try{e.componentWillUnmount()}finally{l.currentlyUnmountingInstance=t}}f.unmountComponent(this._renderedComponent),this._renderedComponent=null,this._pendingStateQueue=null,this._pendingReplaceState=!1,this._pendingForceUpdate=!1,this._pendingCallbacks=null,this._pendingElement=null,this._context=null,this._rootNodeID=null,s.remove(e)},_setPropsInternal:function(e,t){var n=this._pendingElement||this._currentElement;this._pendingElement=u.cloneAndReplaceProps(n,m({},n.props,e)),h.enqueueUpdate(this,t)},_maskContext:function(e){var t=null;if("string"==typeof this._currentElement.type)return v;var n=this._currentElement.type.contextTypes;if(!n)return v;t={};for(var r in n)t[r]=e[r];return t},_processContext:function(e){var t=this._maskContext(e);return t},_processChildContext:function(e){var t=this._instance,n=t.getChildContext&&t.getChildContext();if(n){g("object"==typeof t.constructor.childContextTypes);for(var r in n)g(r in t.constructor.childContextTypes);return m({},e,n)}return e},_processProps:function(e){return e},_checkPropTypes:function(e,t,n){var o=this.getName();for(var i in e)if(e.hasOwnProperty(i)){var a;try{g("function"==typeof e[i]),a=e[i](t,i,o,n)}catch(u){a=u}a instanceof Error&&(r(this),n===d.prop)}},receiveComponent:function(e,t,n){var r=this._currentElement,o=this._context;this._pendingElement=null,this.updateComponent(t,r,e,o,n)},performUpdateIfNecessary:function(e){null!=this._pendingElement&&f.receiveComponent(this,this._pendingElement||this._currentElement,e,this._context),(null!==this._pendingStateQueue||this._pendingForceUpdate)&&this.updateComponent(e,this._currentElement,this._currentElement,this._context,this._context)},_warnIfContextsDiffer:function(e,t){e=this._maskContext(e),t=this._maskContext(t);for(var n=Object.keys(t).sort(),r=(this.getName()||"ReactCompositeComponent",0);r<n.length;r++)n[r]},updateComponent:function(e,t,n,r,o){var i=this._instance,a=i.context,u=i.props;t!==n&&(a=this._processContext(n._context),u=this._processProps(n.props),i.componentWillReceiveProps&&i.componentWillReceiveProps(u,a));var s=this._processPendingState(u,a),l=this._pendingForceUpdate||!i.shouldComponentUpdate||i.shouldComponentUpdate(u,s,a);l?(this._pendingForceUpdate=!1,this._performComponentUpdate(n,u,s,a,e,o)):(this._currentElement=n,this._context=o,i.props=u,i.state=s,i.context=a)},_processPendingState:function(e,t){var n=this._instance,r=this._pendingStateQueue,o=this._pendingReplaceState;if(this._pendingReplaceState=!1,this._pendingStateQueue=null,!r)return n.state;for(var i=m({},o?r[0]:n.state),a=o?1:0;a<r.length;a++){var u=r[a];m(i,"function"==typeof u?u.call(n,i,e,t):u)}return i},_performComponentUpdate:function(e,t,n,r,o,i){var a=this._instance,u=a.props,s=a.state,l=a.context;a.componentWillUpdate&&a.componentWillUpdate(t,n,r),this._currentElement=e,this._context=i,a.props=t,a.state=n,a.context=r,this._updateRenderedComponent(o,i),a.componentDidUpdate&&o.getReactMountReady().enqueue(a.componentDidUpdate.bind(a,u,s,l),a)},_updateRenderedComponent:function(e,t){var n=this._renderedComponent,r=n._currentElement,o=this._renderValidatedComponent();if(y(r,o))f.receiveComponent(n,o,e,this._processChildContext(t));else{var i=this._rootNodeID,a=n._rootNodeID;f.unmountComponent(n),this._renderedComponent=this._instantiateReactComponent(o,this._currentElement.type);var u=f.mountComponent(this._renderedComponent,i,e,this._processChildContext(t));this._replaceNodeWithMarkupByID(a,u)}},_replaceNodeWithMarkupByID:function(e,t){o.replaceNodeWithMarkupByID(e,t)},_renderValidatedComponentWithoutOwnerOrContext:function(){var e=this._instance,t=e.render();return t},_renderValidatedComponent:function(){var e,t=i.current;i.current=this._processChildContext(this._currentElement._context),a.current=this;try{e=this._renderValidatedComponentWithoutOwnerOrContext()}finally{i.current=t,a.current=null}return g(null===e||e===!1||u.isValidElement(e)),e},attachRef:function(e,t){var n=this.getPublicInstance(),r=n.refs===v?n.refs={}:n.refs;r[e]=t.getPublicInstance()},detachRef:function(e){var t=this.getPublicInstance().refs;delete t[e]},getName:function(){var e=this._currentElement.type,t=this._instance&&this._instance.constructor;return e.displayName||t&&t.displayName||e.name||t&&t.name||null},getPublicInstance:function(){return this._instance},_instantiateReactComponent:null};p.measureMethods(E,"ReactCompositeComponent",{mountComponent:"mountComponent",updateComponent:"updateComponent",_renderValidatedComponent:"_renderValidatedComponent"});var b={Mixin:E};t.exports=b},{113:113,133:133,147:147,150:150,27:27,36:36,38:38,39:39,55:55,56:56,65:65,66:66,71:71,73:73,74:74,75:75,79:79,85:85}],38:[function(e,t,n){"use strict";var r=e(27),o=e(113),i=(e(150),{current:o,withContext:function(e,t){var n,o=i.current;i.current=r({},o,e);try{n=t()}finally{i.current=o}return n}});t.exports=i},{113:113,150:150,27:27}],39:[function(e,t,n){"use strict";var r={current:null};t.exports=r},{}],40:[function(e,t,n){"use strict";function r(e){return o.createFactory(e)}var o=e(55),i=(e(56),e(140)),a=i({a:"a",abbr:"abbr",address:"address",area:"area",article:"article",aside:"aside",audio:"audio",b:"b",base:"base",bdi:"bdi",bdo:"bdo",big:"big",blockquote:"blockquote",body:"body",br:"br",button:"button",canvas:"canvas",caption:"caption",cite:"cite",code:"code",col:"col",colgroup:"colgroup",data:"data",datalist:"datalist",dd:"dd",del:"del",details:"details",dfn:"dfn",dialog:"dialog",div:"div",dl:"dl",dt:"dt",em:"em",embed:"embed",fieldset:"fieldset",figcaption:"figcaption",figure:"figure",footer:"footer",form:"form",h1:"h1",h2:"h2",h3:"h3",h4:"h4",h5:"h5",h6:"h6",head:"head",header:"header",hr:"hr",html:"html",i:"i",iframe:"iframe",img:"img",input:"input",ins:"ins",kbd:"kbd",keygen:"keygen",label:"label",legend:"legend",li:"li",link:"link",main:"main",map:"map",mark:"mark",menu:"menu",menuitem:"menuitem",meta:"meta",meter:"meter",nav:"nav",noscript:"noscript",object:"object",ol:"ol",optgroup:"optgroup",option:"option",output:"output",p:"p",param:"param",picture:"picture",pre:"pre",progress:"progress",q:"q",rp:"rp",rt:"rt",ruby:"ruby",s:"s",samp:"samp",script:"script",section:"section",select:"select",small:"small",source:"source",span:"span",strong:"strong",style:"style",sub:"sub",summary:"summary",sup:"sup",table:"table",tbody:"tbody",td:"td",textarea:"textarea",tfoot:"tfoot",th:"th",thead:"thead",time:"time",title:"title",tr:"tr",track:"track",u:"u",ul:"ul","var":"var",video:"video",wbr:"wbr",circle:"circle",defs:"defs",ellipse:"ellipse",g:"g",line:"line",linearGradient:"linearGradient",mask:"mask",path:"path",pattern:"pattern",polygon:"polygon",polyline:"polyline",radialGradient:"radialGradient",rect:"rect",stop:"stop",svg:"svg",text:"text",tspan:"tspan"},r);t.exports=a},{140:140,55:55,56:56}],41:[function(e,t,n){"use strict";var r=e(2),o=e(29),i=e(33),a=e(55),u=e(138),s=a.createFactory("button"),l=u({onClick:!0,onDoubleClick:!0,onMouseDown:!0,onMouseMove:!0,onMouseUp:!0,onClickCapture:!0,onDoubleClickCapture:!0,onMouseDownCapture:!0,onMouseMoveCapture:!0,onMouseUpCapture:!0}),c=i.createClass({displayName:"ReactDOMButton",tagName:"BUTTON",mixins:[r,o],render:function(){var e={};for(var t in this.props)!this.props.hasOwnProperty(t)||this.props.disabled&&l[t]||(e[t]=this.props[t]);return s(e,this.props.children)}});t.exports=c},{138:138,2:2,29:29,33:33,55:55}],42:[function(e,t,n){"use strict";function r(e){e&&(null!=e.dangerouslySetInnerHTML&&(g(null==e.children),g(null!=e.dangerouslySetInnerHTML.__html)),g(null==e.style||"object"==typeof e.style))}function o(e,t,n,r){var o=d.findReactContainerForID(e);if(o){var i=o.nodeType===D?o.ownerDocument:o;E(t,i)}r.getPutListenerQueue().enqueuePutListener(e,t,n)}function i(e){R.call(T,e)||(g(I.test(e)),T[e]=!0)}function a(e){i(e),this._tag=e,this._renderedChildren=null,this._previousStyleCopy=null,this._rootNodeID=null}var u=e(5),s=e(10),l=e(11),c=e(30),p=e(35),d=e(68),f=e(69),h=e(73),m=e(27),v=e(114),g=e(133),y=(e(134),e(139)),C=(e(150),c.deleteListener),E=c.listenTo,b=c.registrationNameModules,_={string:!0,number:!0},x=y({style:null}),D=1,M=null,N={area:!0,base:!0,br:!0,col:!0,embed:!0,hr:!0,img:!0,input:!0,keygen:!0,link:!0,meta:!0,param:!0,source:!0,track:!0,wbr:!0},I=/^[a-zA-Z][a-zA-Z:_\.\-\d]*$/,T={},R={}.hasOwnProperty;a.displayName="ReactDOMComponent",a.Mixin={construct:function(e){this._currentElement=e},mountComponent:function(e,t,n){this._rootNodeID=e,r(this._currentElement.props);var o=N[this._tag]?"":"</"+this._tag+">";return this._createOpenTagMarkupAndPutListeners(t)+this._createContentMarkup(t,n)+o},_createOpenTagMarkupAndPutListeners:function(e){var t=this._currentElement.props,n="<"+this._tag;for(var r in t)if(t.hasOwnProperty(r)){var i=t[r];if(null!=i)if(b.hasOwnProperty(r))o(this._rootNodeID,r,i,e);else{r===x&&(i&&(i=this._previousStyleCopy=m({},t.style)),i=u.createMarkupForStyles(i));var a=l.createMarkupForProperty(r,i);a&&(n+=" "+a)}}if(e.renderToStaticMarkup)return n+">";var s=l.createMarkupForID(this._rootNodeID);return n+" "+s+">"},_createContentMarkup:function(e,t){var n="";("listing"===this._tag||"pre"===this._tag||"textarea"===this._tag)&&(n="\n");var r=this._currentElement.props,o=r.dangerouslySetInnerHTML;if(null!=o){if(null!=o.__html)return n+o.__html}else{var i=_[typeof r.children]?r.children:null,a=null!=i?null:r.children;if(null!=i)return n+v(i);if(null!=a){var u=this.mountChildren(a,e,t);return n+u.join("")}}return n},receiveComponent:function(e,t,n){var r=this._currentElement;this._currentElement=e,this.updateComponent(t,r,e,n)},updateComponent:function(e,t,n,o){r(this._currentElement.props),this._updateDOMProperties(t.props,e),this._updateDOMChildren(t.props,e,o)},_updateDOMProperties:function(e,t){var n,r,i,a=this._currentElement.props;for(n in e)if(!a.hasOwnProperty(n)&&e.hasOwnProperty(n))if(n===x){var u=this._previousStyleCopy;for(r in u)u.hasOwnProperty(r)&&(i=i||{},i[r]="");this._previousStyleCopy=null}else b.hasOwnProperty(n)?C(this._rootNodeID,n):(s.isStandardName[n]||s.isCustomAttribute(n))&&M.deletePropertyByID(this._rootNodeID,n);for(n in a){var l=a[n],c=n===x?this._previousStyleCopy:e[n];if(a.hasOwnProperty(n)&&l!==c)if(n===x)if(l?l=this._previousStyleCopy=m({},l):this._previousStyleCopy=null,c){for(r in c)!c.hasOwnProperty(r)||l&&l.hasOwnProperty(r)||(i=i||{},i[r]="");for(r in l)l.hasOwnProperty(r)&&c[r]!==l[r]&&(i=i||{},i[r]=l[r])}else i=l;else b.hasOwnProperty(n)?o(this._rootNodeID,n,l,t):(s.isStandardName[n]||s.isCustomAttribute(n))&&M.updatePropertyByID(this._rootNodeID,n,l)}i&&M.updateStylesByID(this._rootNodeID,i)},_updateDOMChildren:function(e,t,n){var r=this._currentElement.props,o=_[typeof e.children]?e.children:null,i=_[typeof r.children]?r.children:null,a=e.dangerouslySetInnerHTML&&e.dangerouslySetInnerHTML.__html,u=r.dangerouslySetInnerHTML&&r.dangerouslySetInnerHTML.__html,s=null!=o?null:e.children,l=null!=i?null:r.children,c=null!=o||null!=a,p=null!=i||null!=u;null!=s&&null==l?this.updateChildren(null,t,n):c&&!p&&this.updateTextContent(""),null!=i?o!==i&&this.updateTextContent(""+i):null!=u?a!==u&&M.updateInnerHTMLByID(this._rootNodeID,u):null!=l&&this.updateChildren(l,t,n)},unmountComponent:function(){this.unmountChildren(),c.deleteAllListeners(this._rootNodeID),p.unmountIDFromEnvironment(this._rootNodeID),this._rootNodeID=null}},h.measureMethods(a,"ReactDOMComponent",{mountComponent:"mountComponent",updateComponent:"updateComponent"}),m(a.prototype,a.Mixin,f.Mixin),a.injection={injectIDOperations:function(e){a.BackendIDOperations=M=e}},t.exports=a},{10:10,11:11,114:114,133:133,134:134,139:139,150:150,27:27,30:30,35:35,5:5,68:68,69:69,73:73}],43:[function(e,t,n){"use strict";var r=e(15),o=e(25),i=e(29),a=e(33),u=e(55),s=u.createFactory("form"),l=a.createClass({displayName:"ReactDOMForm",tagName:"FORM",mixins:[i,o],render:function(){return s(this.props)},componentDidMount:function(){this.trapBubbledEvent(r.topLevelTypes.topReset,"reset"),this.trapBubbledEvent(r.topLevelTypes.topSubmit,"submit")}});t.exports=l},{15:15,25:25,29:29,33:33,55:55}],44:[function(e,t,n){"use strict";var r=e(5),o=e(9),i=e(11),a=e(68),u=e(73),s=e(133),l=e(144),c={dangerouslySetInnerHTML:"`dangerouslySetInnerHTML` must be set using `updateInnerHTMLByID()`.",style:"`style` must be set using `updateStylesByID()`."},p={updatePropertyByID:function(e,t,n){var r=a.getNode(e);s(!c.hasOwnProperty(t)),null!=n?i.setValueForProperty(r,t,n):i.deleteValueForProperty(r,t)},deletePropertyByID:function(e,t,n){var r=a.getNode(e);s(!c.hasOwnProperty(t)),i.deleteValueForProperty(r,t,n)},updateStylesByID:function(e,t){var n=a.getNode(e);r.setValueForStyles(n,t)},updateInnerHTMLByID:function(e,t){var n=a.getNode(e);l(n,t)},updateTextContentByID:function(e,t){var n=a.getNode(e);o.updateTextContent(n,t)},dangerouslyReplaceNodeWithMarkupByID:function(e,t){var n=a.getNode(e);o.dangerouslyReplaceNodeWithMarkup(n,t)},dangerouslyProcessChildrenUpdates:function(e,t){for(var n=0;n<e.length;n++)e[n].parentNode=a.getNode(e[n].parentID);o.processUpdates(e,t)}};u.measureMethods(p,"ReactDOMIDOperations",{updatePropertyByID:"updatePropertyByID",deletePropertyByID:"deletePropertyByID",updateStylesByID:"updateStylesByID",updateInnerHTMLByID:"updateInnerHTMLByID",updateTextContentByID:"updateTextContentByID",dangerouslyReplaceNodeWithMarkupByID:"dangerouslyReplaceNodeWithMarkupByID",dangerouslyProcessChildrenUpdates:"dangerouslyProcessChildrenUpdates"}),t.exports=p},{11:11,133:133,144:144,5:5,68:68,73:73,9:9}],45:[function(e,t,n){"use strict";var r=e(15),o=e(25),i=e(29),a=e(33),u=e(55),s=u.createFactory("iframe"),l=a.createClass({displayName:"ReactDOMIframe",tagName:"IFRAME",mixins:[i,o],render:function(){return s(this.props)},componentDidMount:function(){this.trapBubbledEvent(r.topLevelTypes.topLoad,"load")}});t.exports=l},{15:15,25:25,29:29,33:33,55:55}],46:[function(e,t,n){"use strict";var r=e(15),o=e(25),i=e(29),a=e(33),u=e(55),s=u.createFactory("img"),l=a.createClass({displayName:"ReactDOMImg",tagName:"IMG",mixins:[i,o],render:function(){return s(this.props)},componentDidMount:function(){this.trapBubbledEvent(r.topLevelTypes.topLoad,"load"),this.trapBubbledEvent(r.topLevelTypes.topError,"error")}});t.exports=l},{15:15,25:25,29:29,33:33,55:55}],47:[function(e,t,n){"use strict";function r(){this.isMounted()&&this.forceUpdate()}var o=e(2),i=e(11),a=e(24),u=e(29),s=e(33),l=e(55),c=e(68),p=e(85),d=e(27),f=e(133),h=l.createFactory("input"),m={},v=s.createClass({displayName:"ReactDOMInput",tagName:"INPUT",mixins:[o,a.Mixin,u],getInitialState:function(){var e=this.props.defaultValue;return{initialChecked:this.props.defaultChecked||!1,initialValue:null!=e?e:null}},render:function(){var e=d({},this.props);e.defaultChecked=null,e.defaultValue=null;var t=a.getValue(this);e.value=null!=t?t:this.state.initialValue;var n=a.getChecked(this);return e.checked=null!=n?n:this.state.initialChecked,e.onChange=this._handleChange,h(e,this.props.children)},componentDidMount:function(){var e=c.getID(this.getDOMNode());m[e]=this},componentWillUnmount:function(){var e=this.getDOMNode(),t=c.getID(e);delete m[t]},componentDidUpdate:function(e,t,n){var r=this.getDOMNode();null!=this.props.checked&&i.setValueForProperty(r,"checked",this.props.checked||!1);var o=a.getValue(this);null!=o&&i.setValueForProperty(r,"value",""+o)},_handleChange:function(e){var t,n=a.getOnChange(this);n&&(t=n.call(this,e)),p.asap(r,this);var o=this.props.name;if("radio"===this.props.type&&null!=o){for(var i=this.getDOMNode(),u=i;u.parentNode;)u=u.parentNode;for(var s=u.querySelectorAll("input[name="+JSON.stringify(""+o)+'][type="radio"]'),l=0,d=s.length;d>l;l++){var h=s[l];if(h!==i&&h.form===i.form){var v=c.getID(h);f(v);var g=m[v];f(g),p.asap(r,g)}}}return t}});t.exports=v},{11:11,133:133,2:2,24:24,27:27,29:29,33:33,55:55,68:68,85:85}],48:[function(e,t,n){"use strict";var r=e(29),o=e(33),i=e(55),a=(e(150),i.createFactory("option")),u=o.createClass({displayName:"ReactDOMOption",tagName:"OPTION",mixins:[r],componentWillMount:function(){},render:function(){return a(this.props,this.props.children)}});t.exports=u},{150:150,29:29,33:33,55:55}],49:[function(e,t,n){"use strict";function r(){if(this._pendingUpdate){this._pendingUpdate=!1;var e=u.getValue(this);null!=e&&this.isMounted()&&i(this,e)}}function o(e,t,n){if(null==e[t])return null;if(e.multiple){if(!Array.isArray(e[t]))return new Error("The `"+t+"` prop supplied to <select> must be an array if `multiple` is true.")}else if(Array.isArray(e[t]))return new Error("The `"+t+"` prop supplied to <select> must be a scalar value if `multiple` is false.")}function i(e,t){var n,r,o,i=e.getDOMNode().options;if(e.props.multiple){for(n={},r=0,o=t.length;o>r;r++)n[""+t[r]]=!0;for(r=0,o=i.length;o>r;r++){var a=n.hasOwnProperty(i[r].value);i[r].selected!==a&&(i[r].selected=a)}}else{for(n=""+t,r=0,o=i.length;o>r;r++)if(i[r].value===n)return void(i[r].selected=!0);i.length&&(i[0].selected=!0)}}var a=e(2),u=e(24),s=e(29),l=e(33),c=e(55),p=e(85),d=e(27),f=c.createFactory("select"),h=l.createClass({displayName:"ReactDOMSelect",tagName:"SELECT",mixins:[a,u.Mixin,s],propTypes:{defaultValue:o,value:o},render:function(){var e=d({},this.props);return e.onChange=this._handleChange,e.value=null,f(e,this.props.children)},componentWillMount:function(){this._pendingUpdate=!1},componentDidMount:function(){var e=u.getValue(this);null!=e?i(this,e):null!=this.props.defaultValue&&i(this,this.props.defaultValue)},componentDidUpdate:function(e){var t=u.getValue(this);null!=t?(this._pendingUpdate=!1,i(this,t)):!e.multiple!=!this.props.multiple&&(null!=this.props.defaultValue?i(this,this.props.defaultValue):i(this,this.props.multiple?[]:""))},_handleChange:function(e){var t,n=u.getOnChange(this);return n&&(t=n.call(this,e)),this._pendingUpdate=!0,p.asap(r,this),t}});t.exports=h},{2:2,24:24,27:27,29:29,33:33,55:55,85:85}],50:[function(e,t,n){"use strict";function r(e,t,n,r){return e===n&&t===r}function o(e){var t=document.selection,n=t.createRange(),r=n.text.length,o=n.duplicate();o.moveToElementText(e),o.setEndPoint("EndToStart",n);var i=o.text.length,a=i+r;return{start:i,end:a}}function i(e){var t=window.getSelection&&window.getSelection();if(!t||0===t.rangeCount)return null;var n=t.anchorNode,o=t.anchorOffset,i=t.focusNode,a=t.focusOffset,u=t.getRangeAt(0),s=r(t.anchorNode,t.anchorOffset,t.focusNode,t.focusOffset),l=s?0:u.toString().length,c=u.cloneRange();c.selectNodeContents(e),c.setEnd(u.startContainer,u.startOffset);var p=r(c.startContainer,c.startOffset,c.endContainer,c.endOffset),d=p?0:c.toString().length,f=d+l,h=document.createRange();h.setStart(n,o),h.setEnd(i,a);var m=h.collapsed;return{start:m?f:d,end:m?d:f}}function a(e,t){var n,r,o=document.selection.createRange().duplicate();"undefined"==typeof t.end?(n=t.start,r=n):t.start>t.end?(n=t.end,r=t.start):(n=t.start,r=t.end),o.moveToElementText(e),o.moveStart("character",n),o.setEndPoint("EndToStart",o),o.moveEnd("character",r-n),o.select()}function u(e,t){if(window.getSelection){var n=window.getSelection(),r=e[c()].length,o=Math.min(t.start,r),i="undefined"==typeof t.end?o:Math.min(t.end,r);if(!n.extend&&o>i){var a=i;i=o,o=a}var u=l(e,o),s=l(e,i);if(u&&s){var p=document.createRange();p.setStart(u.node,u.offset),n.removeAllRanges(),o>i?(n.addRange(p),n.extend(s.node,s.offset)):(p.setEnd(s.node,s.offset),n.addRange(p))}}}var s=e(21),l=e(126),c=e(128),p=s.canUseDOM&&"selection"in document&&!("getSelection"in window),d={getOffsets:p?o:i,setOffsets:p?a:u};t.exports=d},{126:126,128:128,21:21}],51:[function(e,t,n){"use strict";var r=e(11),o=e(35),i=e(42),a=e(27),u=e(114),s=function(e){};a(s.prototype,{construct:function(e){this._currentElement=e,this._stringText=""+e,this._rootNodeID=null,this._mountIndex=0},mountComponent:function(e,t,n){this._rootNodeID=e;var o=u(this._stringText);return t.renderToStaticMarkup?o:"<span "+r.createMarkupForID(e)+">"+o+"</span>"},receiveComponent:function(e,t){if(e!==this._currentElement){this._currentElement=e;var n=""+e;n!==this._stringText&&(this._stringText=n,i.BackendIDOperations.updateTextContentByID(this._rootNodeID,n))}},unmountComponent:function(){o.unmountIDFromEnvironment(this._rootNodeID)}}),t.exports=s},{11:11,114:114,27:27,35:35,42:42}],52:[function(e,t,n){"use strict";function r(){this.isMounted()&&this.forceUpdate()}var o=e(2),i=e(11),a=e(24),u=e(29),s=e(33),l=e(55),c=e(85),p=e(27),d=e(133),f=(e(150),l.createFactory("textarea")),h=s.createClass({displayName:"ReactDOMTextarea",tagName:"TEXTAREA",mixins:[o,a.Mixin,u],getInitialState:function(){var e=this.props.defaultValue,t=this.props.children;null!=t&&(d(null==e),Array.isArray(t)&&(d(t.length<=1),t=t[0]),e=""+t),null==e&&(e="");var n=a.getValue(this);return{initialValue:""+(null!=n?n:e)}},render:function(){var e=p({},this.props);return d(null==e.dangerouslySetInnerHTML),e.defaultValue=null,e.value=null,e.onChange=this._handleChange,f(e,this.state.initialValue)},componentDidUpdate:function(e,t,n){var r=a.getValue(this);if(null!=r){var o=this.getDOMNode();i.setValueForProperty(o,"value",""+r)}},_handleChange:function(e){var t,n=a.getOnChange(this);return n&&(t=n.call(this,e)),c.asap(r,this),t}});t.exports=h},{11:11,133:133,150:150,2:2,24:24,27:27,29:29,33:33,55:55,85:85}],53:[function(e,t,n){"use strict";function r(){this.reinitializeTransaction()}var o=e(85),i=e(101),a=e(27),u=e(112),s={initialize:u,close:function(){d.isBatchingUpdates=!1}},l={initialize:u,close:o.flushBatchedUpdates.bind(o)},c=[l,s];a(r.prototype,i.Mixin,{getTransactionWrappers:function(){return c}});var p=new r,d={isBatchingUpdates:!1,batchedUpdates:function(e,t,n,r,o){var i=d.isBatchingUpdates;d.isBatchingUpdates=!0,i?e(t,n,r,o):p.perform(e,null,t,n,r,o)}};t.exports=d},{101:101,112:112,27:27,85:85}],54:[function(e,t,n){"use strict";function r(e){return h.createClass({tagName:e.toUpperCase(),render:function(){return new T(e,null,null,null,null,this.props)}})}function o(){P.EventEmitter.injectReactEventListener(R),P.EventPluginHub.injectEventPluginOrder(s),P.EventPluginHub.injectInstanceHandle(w),P.EventPluginHub.injectMount(O),P.EventPluginHub.injectEventPluginsByName({SimpleEventPlugin:L,EnterLeaveEventPlugin:l,ChangeEventPlugin:a,MobileSafariClickEventPlugin:d,SelectEventPlugin:A,BeforeInputEventPlugin:i}),P.NativeComponent.injectGenericComponentClass(g),P.NativeComponent.injectTextComponentClass(I),P.NativeComponent.injectAutoWrapper(r),P.Class.injectMixin(f),P.NativeComponent.injectComponentClasses({button:y,form:C,iframe:_,img:E,input:x,option:D,select:M,textarea:N,html:F("html"),head:F("head"),body:F("body")}),P.DOMProperty.injectDOMPropertyConfig(p),P.DOMProperty.injectDOMPropertyConfig(U),P.EmptyComponent.injectEmptyComponent("noscript"),P.Updates.injectReconcileTransaction(S),P.Updates.injectBatchingStrategy(v),P.RootIndex.injectCreateReactRootIndex(c.canUseDOM?u.createReactRootIndex:k.createReactRootIndex),P.Component.injectEnvironment(m),P.DOMComponent.injectIDOperations(b)}var i=e(3),a=e(7),u=e(8),s=e(13),l=e(14),c=e(21),p=e(23),d=e(26),f=e(29),h=e(33),m=e(35),v=e(53),g=e(42),y=e(41),C=e(43),E=e(46),b=e(44),_=e(45),x=e(47),D=e(48),M=e(49),N=e(52),I=e(51),T=e(55),R=e(60),P=e(62),w=e(64),O=e(68),S=e(78),A=e(87),k=e(88),L=e(89),U=e(86),F=e(109);t.exports={inject:o}},{109:109,13:13,14:14,21:21,23:23,26:26,29:29,3:3,33:33,35:35,41:41,42:42,43:43,44:44,45:45,46:46,47:47,48:48,49:49,51:51,52:52,53:53,55:55,60:60,62:62,64:64,68:68,7:7,78:78,8:8,86:86,87:87,88:88,
+89:89}],55:[function(e,t,n){"use strict";var r=e(38),o=e(39),i=e(27),a=(e(150),{key:!0,ref:!0}),u=function(e,t,n,r,o,i){this.type=e,this.key=t,this.ref=n,this._owner=r,this._context=o,this.props=i};u.prototype={_isReactElement:!0},u.createElement=function(e,t,n){var i,s={},l=null,c=null;if(null!=t){c=void 0===t.ref?null:t.ref,l=void 0===t.key?null:""+t.key;for(i in t)t.hasOwnProperty(i)&&!a.hasOwnProperty(i)&&(s[i]=t[i])}var p=arguments.length-2;if(1===p)s.children=n;else if(p>1){for(var d=Array(p),f=0;p>f;f++)d[f]=arguments[f+2];s.children=d}if(e&&e.defaultProps){var h=e.defaultProps;for(i in h)"undefined"==typeof s[i]&&(s[i]=h[i])}return new u(e,l,c,o.current,r.current,s)},u.createFactory=function(e){var t=u.createElement.bind(null,e);return t.type=e,t},u.cloneAndReplaceProps=function(e,t){var n=new u(e.type,e.key,e.ref,e._owner,e._context,t);return n},u.cloneElement=function(e,t,n){var r,s=i({},e.props),l=e.key,c=e.ref,p=e._owner;if(null!=t){void 0!==t.ref&&(c=t.ref,p=o.current),void 0!==t.key&&(l=""+t.key);for(r in t)t.hasOwnProperty(r)&&!a.hasOwnProperty(r)&&(s[r]=t[r])}var d=arguments.length-2;if(1===d)s.children=n;else if(d>1){for(var f=Array(d),h=0;d>h;h++)f[h]=arguments[h+2];s.children=f}return new u(e.type,l,c,p,e._context,s)},u.isValidElement=function(e){var t=!(!e||!e._isReactElement);return t},t.exports=u},{150:150,27:27,38:38,39:39}],56:[function(e,t,n){"use strict";function r(){if(y.current){var e=y.current.getName();if(e)return" Check the render method of `"+e+"`."}return""}function o(e){var t=e&&e.getPublicInstance();if(!t)return void 0;var n=t.constructor;return n?n.displayName||n.name||void 0:void 0}function i(){var e=y.current;return e&&o(e)||void 0}function a(e,t){e._store.validated||null!=e.key||(e._store.validated=!0,s('Each child in an array or iterator should have a unique "key" prop.',e,t))}function u(e,t,n){D.test(e)&&s("Child objects should have non-numeric keys so ordering is preserved.",t,n)}function s(e,t,n){var r=i(),a="string"==typeof n?n:n.displayName||n.name,u=r||a,s=_[e]||(_[e]={});if(!s.hasOwnProperty(u)){s[u]=!0;var l="";if(t&&t._owner&&t._owner!==y.current){var c=o(t._owner);l=" It was passed a child from "+c+"."}}}function l(e,t){if(Array.isArray(e))for(var n=0;n<e.length;n++){var r=e[n];m.isValidElement(r)&&a(r,t)}else if(m.isValidElement(e))e._store.validated=!0;else if(e){var o=E(e);if(o){if(o!==e.entries)for(var i,s=o.call(e);!(i=s.next()).done;)m.isValidElement(i.value)&&a(i.value,t)}else if("object"==typeof e){var l=v.extractIfFragment(e);for(var c in l)l.hasOwnProperty(c)&&u(c,l[c],t)}}}function c(e,t,n,o){for(var i in t)if(t.hasOwnProperty(i)){var a;try{b("function"==typeof t[i]),a=t[i](n,i,e,o)}catch(u){a=u}a instanceof Error&&!(a.message in x)&&(x[a.message]=!0,r(this))}}function p(e,t){var n=t.type,r="string"==typeof n?n:n.displayName,o=t._owner?t._owner.getPublicInstance().constructor.displayName:null,i=e+"|"+r+"|"+o;if(!M.hasOwnProperty(i)){M[i]=!0;var a="";r&&(a=" <"+r+" />");var u="";o&&(u=" The element was created by "+o+".")}}function d(e,t){return e!==e?t!==t:0===e&&0===t?1/e===1/t:e===t}function f(e){if(e._store){var t=e._store.originalProps,n=e.props;for(var r in n)n.hasOwnProperty(r)&&(t.hasOwnProperty(r)&&d(t[r],n[r])||(p(r,e),t[r]=n[r]))}}function h(e){if(null!=e.type){var t=C.getComponentClassForElement(e),n=t.displayName||t.name;t.propTypes&&c(n,t.propTypes,e.props,g.prop),"function"==typeof t.getDefaultProps}}var m=e(55),v=e(61),g=e(75),y=(e(74),e(39)),C=e(71),E=e(124),b=e(133),_=(e(150),{}),x={},D=/^\d+$/,M={},N={checkAndWarnForMutatedProps:f,createElement:function(e,t,n){var r=m.createElement.apply(this,arguments);if(null==r)return r;for(var o=2;o<arguments.length;o++)l(arguments[o],e);return h(r),r},createFactory:function(e){var t=N.createElement.bind(null,e);return t.type=e,t},cloneElement:function(e,t,n){for(var r=m.cloneElement.apply(this,arguments),o=2;o<arguments.length;o++)l(arguments[o],r.type);return h(r),r}};t.exports=N},{124:124,133:133,150:150,39:39,55:55,61:61,71:71,74:74,75:75}],57:[function(e,t,n){"use strict";function r(e){c[e]=!0}function o(e){delete c[e]}function i(e){return!!c[e]}var a,u=e(55),s=e(65),l=e(133),c={},p={injectEmptyComponent:function(e){a=u.createFactory(e)}},d=function(){};d.prototype.componentDidMount=function(){var e=s.get(this);e&&r(e._rootNodeID)},d.prototype.componentWillUnmount=function(){var e=s.get(this);e&&o(e._rootNodeID)},d.prototype.render=function(){return l(a),a()};var f=u.createElement(d),h={emptyElement:f,injection:p,isNullComponentID:i};t.exports=h},{133:133,55:55,65:65}],58:[function(e,t,n){"use strict";var r={guard:function(e,t){return e}};t.exports=r},{}],59:[function(e,t,n){"use strict";function r(e){o.enqueueEvents(e),o.processEventQueue()}var o=e(17),i={handleTopLevel:function(e,t,n,i){var a=o.extractEvents(e,t,n,i);r(a)}};t.exports=i},{17:17}],60:[function(e,t,n){"use strict";function r(e){var t=p.getID(e),n=c.getReactRootIDFromNodeID(t),r=p.findReactContainerForID(n),o=p.getFirstReactDOM(r);return o}function o(e,t){this.topLevelType=e,this.nativeEvent=t,this.ancestors=[]}function i(e){for(var t=p.getFirstReactDOM(h(e.nativeEvent))||window,n=t;n;)e.ancestors.push(n),n=r(n);for(var o=0,i=e.ancestors.length;i>o;o++){t=e.ancestors[o];var a=p.getID(t)||"";v._handleTopLevel(e.topLevelType,t,a,e.nativeEvent)}}function a(e){var t=m(window);e(t)}var u=e(16),s=e(21),l=e(28),c=e(64),p=e(68),d=e(85),f=e(27),h=e(123),m=e(129);f(o.prototype,{destructor:function(){this.topLevelType=null,this.nativeEvent=null,this.ancestors.length=0}}),l.addPoolingTo(o,l.twoArgumentPooler);var v={_enabled:!0,_handleTopLevel:null,WINDOW_HANDLE:s.canUseDOM?window:null,setHandleTopLevel:function(e){v._handleTopLevel=e},setEnabled:function(e){v._enabled=!!e},isEnabled:function(){return v._enabled},trapBubbledEvent:function(e,t,n){var r=n;return r?u.listen(r,t,v.dispatchEvent.bind(null,e)):null},trapCapturedEvent:function(e,t,n){var r=n;return r?u.capture(r,t,v.dispatchEvent.bind(null,e)):null},monitorScrollValue:function(e){var t=a.bind(null,e);u.listen(window,"scroll",t)},dispatchEvent:function(e,t){if(v._enabled){var n=o.getPooled(e,t);try{d.batchedUpdates(i,n)}finally{o.release(n)}}}};t.exports=v},{123:123,129:129,16:16,21:21,27:27,28:28,64:64,68:68,85:85}],61:[function(e,t,n){"use strict";var r=(e(55),e(150),{create:function(e){return e},extract:function(e){return e},extractIfFragment:function(e){return e}});t.exports=r},{150:150,55:55}],62:[function(e,t,n){"use strict";var r=e(10),o=e(17),i=e(36),a=e(33),u=e(57),s=e(30),l=e(71),c=e(42),p=e(73),d=e(81),f=e(85),h={Component:i.injection,Class:a.injection,DOMComponent:c.injection,DOMProperty:r.injection,EmptyComponent:u.injection,EventPluginHub:o.injection,EventEmitter:s.injection,NativeComponent:l.injection,Perf:p.injection,RootIndex:d.injection,Updates:f.injection};t.exports=h},{10:10,17:17,30:30,33:33,36:36,42:42,57:57,71:71,73:73,81:81,85:85}],63:[function(e,t,n){"use strict";function r(e){return i(document.documentElement,e)}var o=e(50),i=e(107),a=e(117),u=e(119),s={hasSelectionCapabilities:function(e){return e&&("INPUT"===e.nodeName&&"text"===e.type||"TEXTAREA"===e.nodeName||"true"===e.contentEditable)},getSelectionInformation:function(){var e=u();return{focusedElem:e,selectionRange:s.hasSelectionCapabilities(e)?s.getSelection(e):null}},restoreSelection:function(e){var t=u(),n=e.focusedElem,o=e.selectionRange;t!==n&&r(n)&&(s.hasSelectionCapabilities(n)&&s.setSelection(n,o),a(n))},getSelection:function(e){var t;if("selectionStart"in e)t={start:e.selectionStart,end:e.selectionEnd};else if(document.selection&&"INPUT"===e.nodeName){var n=document.selection.createRange();n.parentElement()===e&&(t={start:-n.moveStart("character",-e.value.length),end:-n.moveEnd("character",-e.value.length)})}else t=o.getOffsets(e);return t||{start:0,end:0}},setSelection:function(e,t){var n=t.start,r=t.end;if("undefined"==typeof r&&(r=n),"selectionStart"in e)e.selectionStart=n,e.selectionEnd=Math.min(r,e.value.length);else if(document.selection&&"INPUT"===e.nodeName){var i=e.createTextRange();i.collapse(!0),i.moveStart("character",n),i.moveEnd("character",r-n),i.select()}else o.setOffsets(e,t)}};t.exports=s},{107:107,117:117,119:119,50:50}],64:[function(e,t,n){"use strict";function r(e){return f+e.toString(36)}function o(e,t){return e.charAt(t)===f||t===e.length}function i(e){return""===e||e.charAt(0)===f&&e.charAt(e.length-1)!==f}function a(e,t){return 0===t.indexOf(e)&&o(t,e.length)}function u(e){return e?e.substr(0,e.lastIndexOf(f)):""}function s(e,t){if(d(i(e)&&i(t)),d(a(e,t)),e===t)return e;var n,r=e.length+h;for(n=r;n<t.length&&!o(t,n);n++);return t.substr(0,n)}function l(e,t){var n=Math.min(e.length,t.length);if(0===n)return"";for(var r=0,a=0;n>=a;a++)if(o(e,a)&&o(t,a))r=a;else if(e.charAt(a)!==t.charAt(a))break;var u=e.substr(0,r);return d(i(u)),u}function c(e,t,n,r,o,i){e=e||"",t=t||"",d(e!==t);var l=a(t,e);d(l||a(e,t));for(var c=0,p=l?u:s,f=e;;f=p(f,t)){var h;if(o&&f===e||i&&f===t||(h=n(f,l,r)),h===!1||f===t)break;d(c++<m)}}var p=e(81),d=e(133),f=".",h=f.length,m=100,v={createReactRootID:function(){return r(p.createReactRootIndex())},createReactID:function(e,t){return e+t},getReactRootIDFromNodeID:function(e){if(e&&e.charAt(0)===f&&e.length>1){var t=e.indexOf(f,1);return t>-1?e.substr(0,t):e}return null},traverseEnterLeave:function(e,t,n,r,o){var i=l(e,t);i!==e&&c(e,i,n,r,!1,!0),i!==t&&c(i,t,n,o,!0,!1)},traverseTwoPhase:function(e,t,n){e&&(c("",e,t,n,!0,!1),c(e,"",t,n,!1,!0))},traverseAncestors:function(e,t,n){c("",e,t,n,!0,!1)},_getFirstCommonAncestorID:l,_getNextDescendantID:s,isAncestorIDOf:a,SEPARATOR:f};t.exports=v},{133:133,81:81}],65:[function(e,t,n){"use strict";var r={remove:function(e){e._reactInternalInstance=void 0},get:function(e){return e._reactInternalInstance},has:function(e){return void 0!==e._reactInternalInstance},set:function(e,t){e._reactInternalInstance=t}};t.exports=r},{}],66:[function(e,t,n){"use strict";var r={currentlyMountingInstance:null,currentlyUnmountingInstance:null};t.exports=r},{}],67:[function(e,t,n){"use strict";var r=e(104),o={CHECKSUM_ATTR_NAME:"data-react-checksum",addChecksumToMarkup:function(e){var t=r(e);return e.replace(">"," "+o.CHECKSUM_ATTR_NAME+'="'+t+'">')},canReuseMarkup:function(e,t){var n=t.getAttribute(o.CHECKSUM_ATTR_NAME);n=n&&parseInt(n,10);var i=r(e);return i===n}};t.exports=o},{104:104}],68:[function(e,t,n){"use strict";function r(e,t){for(var n=Math.min(e.length,t.length),r=0;n>r;r++)if(e.charAt(r)!==t.charAt(r))return r;return e.length===t.length?-1:n}function o(e){var t=R(e);return t&&K.getID(t)}function i(e){var t=a(e);if(t)if(L.hasOwnProperty(t)){var n=L[t];n!==e&&(w(!c(n,t)),L[t]=e)}else L[t]=e;return t}function a(e){return e&&e.getAttribute&&e.getAttribute(k)||""}function u(e,t){var n=a(e);n!==t&&delete L[n],e.setAttribute(k,t),L[t]=e}function s(e){return L.hasOwnProperty(e)&&c(L[e],e)||(L[e]=K.findReactNodeByID(e)),L[e]}function l(e){var t=b.get(e)._rootNodeID;return C.isNullComponentID(t)?null:(L.hasOwnProperty(t)&&c(L[t],t)||(L[t]=K.findReactNodeByID(t)),L[t])}function c(e,t){if(e){w(a(e)===t);var n=K.findReactContainerForID(t);if(n&&T(n,e))return!0}return!1}function p(e){delete L[e]}function d(e){var t=L[e];return t&&c(t,e)?void(W=t):!1}function f(e){W=null,E.traverseAncestors(e,d);var t=W;return W=null,t}function h(e,t,n,r,o){var i=D.mountComponent(e,t,r,I);e._isTopLevel=!0,K._mountImageIntoNode(i,n,o)}function m(e,t,n,r){var o=N.ReactReconcileTransaction.getPooled();o.perform(h,null,e,t,n,o,r),N.ReactReconcileTransaction.release(o)}var v=e(10),g=e(30),y=(e(39),e(55)),C=(e(56),e(57)),E=e(64),b=e(65),_=e(67),x=e(73),D=e(79),M=e(84),N=e(85),I=e(113),T=e(107),R=e(127),P=e(132),w=e(133),O=e(144),S=e(147),A=(e(150),E.SEPARATOR),k=v.ID_ATTRIBUTE_NAME,L={},U=1,F=9,B={},V={},j=[],W=null,K={_instancesByReactRootID:B,scrollMonitor:function(e,t){t()},_updateRootComponent:function(e,t,n,r){return K.scrollMonitor(n,function(){M.enqueueElementInternal(e,t),r&&M.enqueueCallbackInternal(e,r)}),e},_registerComponent:function(e,t){w(t&&(t.nodeType===U||t.nodeType===F)),g.ensureScrollValueMonitoring();var n=K.registerContainer(t);return B[n]=e,n},_renderNewRootComponent:function(e,t,n){var r=P(e,null),o=K._registerComponent(r,t);return N.batchedUpdates(m,r,o,t,n),r},render:function(e,t,n){w(y.isValidElement(e));var r=B[o(t)];if(r){var i=r._currentElement;if(S(i,e))return K._updateRootComponent(r,e,t,n).getPublicInstance();K.unmountComponentAtNode(t)}var a=R(t),u=a&&K.isRenderedByReact(a),s=u&&!r,l=K._renderNewRootComponent(e,t,s).getPublicInstance();return n&&n.call(l),l},constructAndRenderComponent:function(e,t,n){var r=y.createElement(e,t);return K.render(r,n)},constructAndRenderComponentByID:function(e,t,n){var r=document.getElementById(n);return w(r),K.constructAndRenderComponent(e,t,r)},registerContainer:function(e){var t=o(e);return t&&(t=E.getReactRootIDFromNodeID(t)),t||(t=E.createReactRootID()),V[t]=e,t},unmountComponentAtNode:function(e){w(e&&(e.nodeType===U||e.nodeType===F));var t=o(e),n=B[t];return n?(K.unmountComponentFromNode(n,e),delete B[t],delete V[t],!0):!1},unmountComponentFromNode:function(e,t){for(D.unmountComponent(e),t.nodeType===F&&(t=t.documentElement);t.lastChild;)t.removeChild(t.lastChild)},findReactContainerForID:function(e){var t=E.getReactRootIDFromNodeID(e),n=V[t];return n},findReactNodeByID:function(e){var t=K.findReactContainerForID(e);return K.findComponentRoot(t,e)},isRenderedByReact:function(e){if(1!==e.nodeType)return!1;var t=K.getID(e);return t?t.charAt(0)===A:!1},getFirstReactDOM:function(e){for(var t=e;t&&t.parentNode!==t;){if(K.isRenderedByReact(t))return t;t=t.parentNode}return null},findComponentRoot:function(e,t){var n=j,r=0,o=f(t)||e;for(n[0]=o.firstChild,n.length=1;r<n.length;){for(var i,a=n[r++];a;){var u=K.getID(a);u?t===u?i=a:E.isAncestorIDOf(u,t)&&(n.length=r=0,n.push(a.firstChild)):n.push(a.firstChild),a=a.nextSibling}if(i)return n.length=0,i}n.length=0,w(!1)},_mountImageIntoNode:function(e,t,n){if(w(t&&(t.nodeType===U||t.nodeType===F)),n){var o=R(t);if(_.canReuseMarkup(e,o))return;var i=o.getAttribute(_.CHECKSUM_ATTR_NAME);o.removeAttribute(_.CHECKSUM_ATTR_NAME);var a=o.outerHTML;o.setAttribute(_.CHECKSUM_ATTR_NAME,i);var u=r(e,a);" (client) "+e.substring(u-20,u+20)+"\n (server) "+a.substring(u-20,u+20),w(t.nodeType!==F)}w(t.nodeType!==F),O(t,e)},getReactRootID:o,getID:i,setID:u,getNode:s,getNodeFromInstance:l,purgeID:p};x.measureMethods(K,"ReactMount",{_renderNewRootComponent:"_renderNewRootComponent",_mountImageIntoNode:"_mountImageIntoNode"}),t.exports=K},{10:10,107:107,113:113,127:127,132:132,133:133,144:144,147:147,150:150,30:30,39:39,55:55,56:56,57:57,64:64,65:65,67:67,73:73,79:79,84:84,85:85}],69:[function(e,t,n){"use strict";function r(e,t,n){h.push({parentID:e,parentNode:null,type:c.INSERT_MARKUP,markupIndex:m.push(t)-1,textContent:null,fromIndex:null,toIndex:n})}function o(e,t,n){h.push({parentID:e,parentNode:null,type:c.MOVE_EXISTING,markupIndex:null,textContent:null,fromIndex:t,toIndex:n})}function i(e,t){h.push({parentID:e,parentNode:null,type:c.REMOVE_NODE,markupIndex:null,textContent:null,fromIndex:t,toIndex:null})}function a(e,t){h.push({parentID:e,parentNode:null,type:c.TEXT_CONTENT,markupIndex:null,textContent:t,fromIndex:null,toIndex:null})}function u(){h.length&&(l.processChildrenUpdates(h,m),s())}function s(){h.length=0,m.length=0}var l=e(36),c=e(70),p=e(79),d=e(31),f=0,h=[],m=[],v={Mixin:{mountChildren:function(e,t,n){var r=d.instantiateChildren(e,t,n);this._renderedChildren=r;var o=[],i=0;for(var a in r)if(r.hasOwnProperty(a)){var u=r[a],s=this._rootNodeID+a,l=p.mountComponent(u,s,t,n);u._mountIndex=i,o.push(l),i++}return o},updateTextContent:function(e){f++;var t=!0;try{var n=this._renderedChildren;d.unmountChildren(n);for(var r in n)n.hasOwnProperty(r)&&this._unmountChildByName(n[r],r);this.setTextContent(e),t=!1}finally{f--,f||(t?s():u())}},updateChildren:function(e,t,n){f++;var r=!0;try{this._updateChildren(e,t,n),r=!1}finally{f--,f||(r?s():u())}},_updateChildren:function(e,t,n){var r=this._renderedChildren,o=d.updateChildren(r,e,t,n);if(this._renderedChildren=o,o||r){var i,a=0,u=0;for(i in o)if(o.hasOwnProperty(i)){var s=r&&r[i],l=o[i];s===l?(this.moveChild(s,u,a),a=Math.max(s._mountIndex,a),s._mountIndex=u):(s&&(a=Math.max(s._mountIndex,a),this._unmountChildByName(s,i)),this._mountChildByNameAtIndex(l,i,u,t,n)),u++}for(i in r)!r.hasOwnProperty(i)||o&&o.hasOwnProperty(i)||this._unmountChildByName(r[i],i)}},unmountChildren:function(){var e=this._renderedChildren;d.unmountChildren(e),this._renderedChildren=null},moveChild:function(e,t,n){e._mountIndex<n&&o(this._rootNodeID,e._mountIndex,t)},createChild:function(e,t){r(this._rootNodeID,t,e._mountIndex)},removeChild:function(e){i(this._rootNodeID,e._mountIndex)},setTextContent:function(e){a(this._rootNodeID,e)},_mountChildByNameAtIndex:function(e,t,n,r,o){var i=this._rootNodeID+t,a=p.mountComponent(e,i,r,o);e._mountIndex=n,this.createChild(e,a)},_unmountChildByName:function(e,t){this.removeChild(e),e._mountIndex=null}}};t.exports=v},{31:31,36:36,70:70,79:79}],70:[function(e,t,n){"use strict";var r=e(138),o=r({INSERT_MARKUP:null,MOVE_EXISTING:null,REMOVE_NODE:null,TEXT_CONTENT:null});t.exports=o},{138:138}],71:[function(e,t,n){"use strict";function r(e){if("function"==typeof e.type)return e.type;var t=e.type,n=p[t];return null==n&&(p[t]=n=l(t)),n}function o(e){return s(c),new c(e.type,e.props)}function i(e){return new d(e)}function a(e){return e instanceof d}var u=e(27),s=e(133),l=null,c=null,p={},d=null,f={injectGenericComponentClass:function(e){c=e},injectTextComponentClass:function(e){d=e},injectComponentClasses:function(e){u(p,e)},injectAutoWrapper:function(e){l=e}},h={getComponentClassForElement:r,createInternalComponent:o,createInstanceForText:i,isTextComponent:a,injection:f};t.exports=h},{133:133,27:27}],72:[function(e,t,n){"use strict";var r=e(133),o={isValidOwner:function(e){return!(!e||"function"!=typeof e.attachRef||"function"!=typeof e.detachRef)},addComponentAsRefTo:function(e,t,n){r(o.isValidOwner(n)),n.attachRef(t,e)},removeComponentAsRefFrom:function(e,t,n){r(o.isValidOwner(n)),n.getPublicInstance().refs[t]===e.getPublicInstance()&&n.detachRef(t)}};t.exports=o},{133:133}],73:[function(e,t,n){"use strict";function r(e,t,n){return n}var o={enableMeasure:!1,storedMeasure:r,measureMethods:function(e,t,n){},measure:function(e,t,n){return n},injection:{injectMeasure:function(e){o.storedMeasure=e}}};t.exports=o},{}],74:[function(e,t,n){"use strict";var r={};t.exports=r},{}],75:[function(e,t,n){"use strict";var r=e(138),o=r({prop:null,context:null,childContext:null});t.exports=o},{138:138}],76:[function(e,t,n){"use strict";function r(e){function t(t,n,r,o,i){if(o=o||b,null==n[r]){var a=C[i];return t?new Error("Required "+a+" `"+r+"` was not specified in "+("`"+o+"`.")):null}return e(n,r,o,i)}var n=t.bind(null,!1);return n.isRequired=t.bind(null,!0),n}function o(e){function t(t,n,r,o){var i=t[n],a=m(i);if(a!==e){var u=C[o],s=v(i);return new Error("Invalid "+u+" `"+n+"` of type `"+s+"` "+("supplied to `"+r+"`, expected `"+e+"`."))}return null}return r(t)}function i(){return r(E.thatReturns(null))}function a(e){function t(t,n,r,o){var i=t[n];if(!Array.isArray(i)){var a=C[o],u=m(i);return new Error("Invalid "+a+" `"+n+"` of type "+("`"+u+"` supplied to `"+r+"`, expected an array."))}for(var s=0;s<i.length;s++){var l=e(i,s,r,o);if(l instanceof Error)return l}return null}return r(t)}function u(){function e(e,t,n,r){if(!g.isValidElement(e[t])){var o=C[r];return new Error("Invalid "+o+" `"+t+"` supplied to "+("`"+n+"`, expected a ReactElement."))}return null}return r(e)}function s(e){function t(t,n,r,o){if(!(t[n]instanceof e)){var i=C[o],a=e.name||b;return new Error("Invalid "+i+" `"+n+"` supplied to "+("`"+r+"`, expected instance of `"+a+"`."))}return null}return r(t)}function l(e){function t(t,n,r,o){for(var i=t[n],a=0;a<e.length;a++)if(i===e[a])return null;var u=C[o],s=JSON.stringify(e);return new Error("Invalid "+u+" `"+n+"` of value `"+i+"` "+("supplied to `"+r+"`, expected one of "+s+"."))}return r(t)}function c(e){function t(t,n,r,o){var i=t[n],a=m(i);if("object"!==a){var u=C[o];return new Error("Invalid "+u+" `"+n+"` of type "+("`"+a+"` supplied to `"+r+"`, expected an object."))}for(var s in i)if(i.hasOwnProperty(s)){var l=e(i,s,r,o);if(l instanceof Error)return l}return null}return r(t)}function p(e){function t(t,n,r,o){for(var i=0;i<e.length;i++){var a=e[i];if(null==a(t,n,r,o))return null}var u=C[o];return new Error("Invalid "+u+" `"+n+"` supplied to "+("`"+r+"`."))}return r(t)}function d(){function e(e,t,n,r){if(!h(e[t])){var o=C[r];return new Error("Invalid "+o+" `"+t+"` supplied to "+("`"+n+"`, expected a ReactNode."))}return null}return r(e)}function f(e){function t(t,n,r,o){var i=t[n],a=m(i);if("object"!==a){var u=C[o];return new Error("Invalid "+u+" `"+n+"` of type `"+a+"` "+("supplied to `"+r+"`, expected `object`."))}for(var s in e){var l=e[s];if(l){var c=l(i,s,r,o);if(c)return c}}return null}return r(t)}function h(e){switch(typeof e){case"number":case"string":case"undefined":return!0;case"boolean":return!e;case"object":if(Array.isArray(e))return e.every(h);if(null===e||g.isValidElement(e))return!0;e=y.extractIfFragment(e);for(var t in e)if(!h(e[t]))return!1;return!0;default:return!1}}function m(e){var t=typeof e;return Array.isArray(e)?"array":e instanceof RegExp?"object":t}function v(e){var t=m(e);if("object"===t){if(e instanceof Date)return"date";if(e instanceof RegExp)return"regexp"}return t}var g=e(55),y=e(61),C=e(74),E=e(112),b="<<anonymous>>",_=u(),x=d(),D={array:o("array"),bool:o("boolean"),func:o("function"),number:o("number"),object:o("object"),string:o("string"),any:i(),arrayOf:a,element:_,instanceOf:s,node:x,objectOf:c,oneOf:l,oneOfType:p,shape:f};t.exports=D},{112:112,55:55,61:61,74:74}],77:[function(e,t,n){"use strict";function r(){this.listenersToPut=[]}var o=e(28),i=e(30),a=e(27);a(r.prototype,{enqueuePutListener:function(e,t,n){this.listenersToPut.push({rootNodeID:e,propKey:t,propValue:n})},putListeners:function(){for(var e=0;e<this.listenersToPut.length;e++){var t=this.listenersToPut[e];i.putListener(t.rootNodeID,t.propKey,t.propValue)}},reset:function(){this.listenersToPut.length=0},destructor:function(){this.reset()}}),o.addPoolingTo(r),t.exports=r},{27:27,28:28,30:30}],78:[function(e,t,n){"use strict";function r(){this.reinitializeTransaction(),this.renderToStaticMarkup=!1,this.reactMountReady=o.getPooled(null),this.putListenerQueue=s.getPooled()}var o=e(6),i=e(28),a=e(30),u=e(63),s=e(77),l=e(101),c=e(27),p={initialize:u.getSelectionInformation,close:u.restoreSelection},d={initialize:function(){var e=a.isEnabled();return a.setEnabled(!1),e},close:function(e){a.setEnabled(e)}},f={initialize:function(){this.reactMountReady.reset()},close:function(){this.reactMountReady.notifyAll()}},h={initialize:function(){this.putListenerQueue.reset()},close:function(){this.putListenerQueue.putListeners()}},m=[h,p,d,f],v={getTransactionWrappers:function(){return m},getReactMountReady:function(){return this.reactMountReady},getPutListenerQueue:function(){return this.putListenerQueue},destructor:function(){o.release(this.reactMountReady),this.reactMountReady=null,s.release(this.putListenerQueue),this.putListenerQueue=null}};c(r.prototype,l.Mixin,v),i.addPoolingTo(r),t.exports=r},{101:101,27:27,28:28,30:30,6:6,63:63,77:77}],79:[function(e,t,n){"use strict";function r(){o.attachRefs(this,this._currentElement)}var o=e(80),i=(e(56),{mountComponent:function(e,t,n,o){var i=e.mountComponent(t,n,o);return n.getReactMountReady().enqueue(r,e),i},unmountComponent:function(e){o.detachRefs(e,e._currentElement),e.unmountComponent()},receiveComponent:function(e,t,n,i){var a=e._currentElement;if(t!==a||null==t._owner){var u=o.shouldUpdateRefs(a,t);u&&o.detachRefs(e,a),e.receiveComponent(t,n,i),u&&n.getReactMountReady().enqueue(r,e)}},performUpdateIfNecessary:function(e,t){e.performUpdateIfNecessary(t)}});t.exports=i},{56:56,80:80}],80:[function(e,t,n){"use strict";function r(e,t,n){"function"==typeof e?e(t.getPublicInstance()):i.addComponentAsRefTo(t,e,n)}function o(e,t,n){"function"==typeof e?e(null):i.removeComponentAsRefFrom(t,e,n)}var i=e(72),a={};a.attachRefs=function(e,t){var n=t.ref;null!=n&&r(n,e,t._owner)},a.shouldUpdateRefs=function(e,t){return t._owner!==e._owner||t.ref!==e.ref},a.detachRefs=function(e,t){var n=t.ref;null!=n&&o(n,e,t._owner)},t.exports=a},{72:72}],81:[function(e,t,n){"use strict";var r={injectCreateReactRootIndex:function(e){o.createReactRootIndex=e}},o={createReactRootIndex:null,injection:r};t.exports=o},{}],82:[function(e,t,n){"use strict";function r(e){p(i.isValidElement(e));var t;try{var n=a.createReactRootID();return t=s.getPooled(!1),t.perform(function(){var r=c(e,null),o=r.mountComponent(n,t,l);return u.addChecksumToMarkup(o)},null)}finally{s.release(t)}}function o(e){p(i.isValidElement(e));var t;try{var n=a.createReactRootID();return t=s.getPooled(!0),t.perform(function(){var r=c(e,null);return r.mountComponent(n,t,l)},null)}finally{s.release(t)}}var i=e(55),a=e(64),u=e(67),s=e(83),l=e(113),c=e(132),p=e(133);t.exports={renderToString:r,renderToStaticMarkup:o}},{113:113,132:132,133:133,55:55,64:64,67:67,83:83}],83:[function(e,t,n){"use strict";function r(e){this.reinitializeTransaction(),this.renderToStaticMarkup=e,this.reactMountReady=i.getPooled(null),this.putListenerQueue=a.getPooled()}var o=e(28),i=e(6),a=e(77),u=e(101),s=e(27),l=e(112),c={initialize:function(){this.reactMountReady.reset()},close:l},p={initialize:function(){this.putListenerQueue.reset()},close:l},d=[p,c],f={getTransactionWrappers:function(){return d},getReactMountReady:function(){return this.reactMountReady},getPutListenerQueue:function(){return this.putListenerQueue},destructor:function(){i.release(this.reactMountReady),this.reactMountReady=null,a.release(this.putListenerQueue),this.putListenerQueue=null}};s(r.prototype,u.Mixin,f),o.addPoolingTo(r),t.exports=r},{101:101,112:112,27:27,28:28,6:6,77:77}],84:[function(e,t,n){"use strict";function r(e){e!==i.currentlyMountingInstance&&l.enqueueUpdate(e)}function o(e,t){p(null==a.current);var n=s.get(e);return n?n===i.currentlyUnmountingInstance?null:n:null}var i=e(66),a=e(39),u=e(55),s=e(65),l=e(85),c=e(27),p=e(133),d=(e(150),{enqueueCallback:function(e,t){p("function"==typeof t);var n=o(e);return n&&n!==i.currentlyMountingInstance?(n._pendingCallbacks?n._pendingCallbacks.push(t):n._pendingCallbacks=[t],void r(n)):null},enqueueCallbackInternal:function(e,t){p("function"==typeof t),e._pendingCallbacks?e._pendingCallbacks.push(t):e._pendingCallbacks=[t],r(e)},enqueueForceUpdate:function(e){var t=o(e,"forceUpdate");t&&(t._pendingForceUpdate=!0,r(t))},enqueueReplaceState:function(e,t){var n=o(e,"replaceState");n&&(n._pendingStateQueue=[t],n._pendingReplaceState=!0,r(n))},enqueueSetState:function(e,t){var n=o(e,"setState");if(n){var i=n._pendingStateQueue||(n._pendingStateQueue=[]);i.push(t),r(n)}},enqueueSetProps:function(e,t){var n=o(e,"setProps");if(n){p(n._isTopLevel);var i=n._pendingElement||n._currentElement,a=c({},i.props,t);n._pendingElement=u.cloneAndReplaceProps(i,a),r(n)}},enqueueReplaceProps:function(e,t){var n=o(e,"replaceProps");if(n){p(n._isTopLevel);var i=n._pendingElement||n._currentElement;n._pendingElement=u.cloneAndReplaceProps(i,t),r(n)}},enqueueElementInternal:function(e,t){e._pendingElement=t,r(e)}});t.exports=d},{133:133,150:150,27:27,39:39,55:55,65:65,66:66,85:85}],85:[function(e,t,n){"use strict";function r(){v(N.ReactReconcileTransaction&&E)}function o(){this.reinitializeTransaction(),this.dirtyComponentsLength=null,this.callbackQueue=c.getPooled(),this.reconcileTransaction=N.ReactReconcileTransaction.getPooled()}function i(e,t,n,o,i){r(),E.batchedUpdates(e,t,n,o,i)}function a(e,t){return e._mountOrder-t._mountOrder}function u(e){var t=e.dirtyComponentsLength;v(t===g.length),g.sort(a);for(var n=0;t>n;n++){var r=g[n],o=r._pendingCallbacks;if(r._pendingCallbacks=null,f.performUpdateIfNecessary(r,e.reconcileTransaction),o)for(var i=0;i<o.length;i++)e.callbackQueue.enqueue(o[i],r.getPublicInstance())}}function s(e){return r(),E.isBatchingUpdates?void g.push(e):void E.batchedUpdates(s,e)}function l(e,t){v(E.isBatchingUpdates),y.enqueue(e,t),C=!0}var c=e(6),p=e(28),d=(e(39),e(73)),f=e(79),h=e(101),m=e(27),v=e(133),g=(e(150),[]),y=c.getPooled(),C=!1,E=null,b={initialize:function(){this.dirtyComponentsLength=g.length},close:function(){this.dirtyComponentsLength!==g.length?(g.splice(0,this.dirtyComponentsLength),D()):g.length=0}},_={initialize:function(){this.callbackQueue.reset()},close:function(){this.callbackQueue.notifyAll()}},x=[b,_];m(o.prototype,h.Mixin,{getTransactionWrappers:function(){return x},destructor:function(){this.dirtyComponentsLength=null,c.release(this.callbackQueue),this.callbackQueue=null,N.ReactReconcileTransaction.release(this.reconcileTransaction),this.reconcileTransaction=null},perform:function(e,t,n){return h.Mixin.perform.call(this,this.reconcileTransaction.perform,this.reconcileTransaction,e,t,n)}}),p.addPoolingTo(o);var D=function(){for(;g.length||C;){if(g.length){var e=o.getPooled();e.perform(u,null,e),o.release(e)}if(C){C=!1;var t=y;y=c.getPooled(),t.notifyAll(),c.release(t)}}};D=d.measure("ReactUpdates","flushBatchedUpdates",D);var M={injectReconcileTransaction:function(e){v(e),N.ReactReconcileTransaction=e},injectBatchingStrategy:function(e){v(e),v("function"==typeof e.batchedUpdates),v("boolean"==typeof e.isBatchingUpdates),E=e}},N={ReactReconcileTransaction:null,batchedUpdates:i,enqueueUpdate:s,flushBatchedUpdates:D,injection:M,asap:l};t.exports=N},{101:101,133:133,150:150,27:27,28:28,39:39,6:6,73:73,79:79}],86:[function(e,t,n){"use strict";var r=e(10),o=r.injection.MUST_USE_ATTRIBUTE,i={Properties:{cx:o,cy:o,d:o,dx:o,dy:o,fill:o,fillOpacity:o,fontFamily:o,fontSize:o,fx:o,fy:o,gradientTransform:o,gradientUnits:o,markerEnd:o,markerMid:o,markerStart:o,offset:o,opacity:o,patternContentUnits:o,patternUnits:o,points:o,preserveAspectRatio:o,r:o,rx:o,ry:o,spreadMethod:o,stopColor:o,stopOpacity:o,stroke:o,strokeDasharray:o,strokeLinecap:o,strokeOpacity:o,strokeWidth:o,textAnchor:o,transform:o,version:o,viewBox:o,x1:o,x2:o,x:o,y1:o,y2:o,y:o},DOMAttributeNames:{fillOpacity:"fill-opacity",fontFamily:"font-family",fontSize:"font-size",gradientTransform:"gradientTransform",gradientUnits:"gradientUnits",markerEnd:"marker-end",markerMid:"marker-mid",markerStart:"marker-start",patternContentUnits:"patternContentUnits",patternUnits:"patternUnits",preserveAspectRatio:"preserveAspectRatio",spreadMethod:"spreadMethod",stopColor:"stop-color",stopOpacity:"stop-opacity",strokeDasharray:"stroke-dasharray",strokeLinecap:"stroke-linecap",strokeOpacity:"stroke-opacity",strokeWidth:"stroke-width",textAnchor:"text-anchor",viewBox:"viewBox"}};t.exports=i},{10:10}],87:[function(e,t,n){"use strict";function r(e){if("selectionStart"in e&&u.hasSelectionCapabilities(e))return{start:e.selectionStart,end:e.selectionEnd};if(window.getSelection){var t=window.getSelection();return{anchorNode:t.anchorNode,anchorOffset:t.anchorOffset,focusNode:t.focusNode,focusOffset:t.focusOffset}}if(document.selection){var n=document.selection.createRange();return{parentElement:n.parentElement(),text:n.text,top:n.boundingTop,left:n.boundingLeft}}}function o(e){if(y||null==m||m!==l())return null;var t=r(m);if(!g||!d(g,t)){g=t;var n=s.getPooled(h.select,v,e);return n.type="select",n.target=m,a.accumulateTwoPhaseDispatches(n),n}}var i=e(15),a=e(20),u=e(63),s=e(93),l=e(119),c=e(136),p=e(139),d=e(146),f=i.topLevelTypes,h={select:{phasedRegistrationNames:{bubbled:p({onSelect:null}),captured:p({onSelectCapture:null})},dependencies:[f.topBlur,f.topContextMenu,f.topFocus,f.topKeyDown,f.topMouseDown,f.topMouseUp,f.topSelectionChange]}},m=null,v=null,g=null,y=!1,C={eventTypes:h,extractEvents:function(e,t,n,r){switch(e){case f.topFocus:(c(t)||"true"===t.contentEditable)&&(m=t,v=n,g=null);break;case f.topBlur:m=null,v=null,g=null;break;case f.topMouseDown:
+y=!0;break;case f.topContextMenu:case f.topMouseUp:return y=!1,o(r);case f.topSelectionChange:case f.topKeyDown:case f.topKeyUp:return o(r)}}};t.exports=C},{119:119,136:136,139:139,146:146,15:15,20:20,63:63,93:93}],88:[function(e,t,n){"use strict";var r=Math.pow(2,53),o={createReactRootIndex:function(){return Math.ceil(Math.random()*r)}};t.exports=o},{}],89:[function(e,t,n){"use strict";var r=e(15),o=e(19),i=e(20),a=e(90),u=e(93),s=e(94),l=e(96),c=e(97),p=e(92),d=e(98),f=e(99),h=e(100),m=e(120),v=e(133),g=e(139),y=(e(150),r.topLevelTypes),C={blur:{phasedRegistrationNames:{bubbled:g({onBlur:!0}),captured:g({onBlurCapture:!0})}},click:{phasedRegistrationNames:{bubbled:g({onClick:!0}),captured:g({onClickCapture:!0})}},contextMenu:{phasedRegistrationNames:{bubbled:g({onContextMenu:!0}),captured:g({onContextMenuCapture:!0})}},copy:{phasedRegistrationNames:{bubbled:g({onCopy:!0}),captured:g({onCopyCapture:!0})}},cut:{phasedRegistrationNames:{bubbled:g({onCut:!0}),captured:g({onCutCapture:!0})}},doubleClick:{phasedRegistrationNames:{bubbled:g({onDoubleClick:!0}),captured:g({onDoubleClickCapture:!0})}},drag:{phasedRegistrationNames:{bubbled:g({onDrag:!0}),captured:g({onDragCapture:!0})}},dragEnd:{phasedRegistrationNames:{bubbled:g({onDragEnd:!0}),captured:g({onDragEndCapture:!0})}},dragEnter:{phasedRegistrationNames:{bubbled:g({onDragEnter:!0}),captured:g({onDragEnterCapture:!0})}},dragExit:{phasedRegistrationNames:{bubbled:g({onDragExit:!0}),captured:g({onDragExitCapture:!0})}},dragLeave:{phasedRegistrationNames:{bubbled:g({onDragLeave:!0}),captured:g({onDragLeaveCapture:!0})}},dragOver:{phasedRegistrationNames:{bubbled:g({onDragOver:!0}),captured:g({onDragOverCapture:!0})}},dragStart:{phasedRegistrationNames:{bubbled:g({onDragStart:!0}),captured:g({onDragStartCapture:!0})}},drop:{phasedRegistrationNames:{bubbled:g({onDrop:!0}),captured:g({onDropCapture:!0})}},focus:{phasedRegistrationNames:{bubbled:g({onFocus:!0}),captured:g({onFocusCapture:!0})}},input:{phasedRegistrationNames:{bubbled:g({onInput:!0}),captured:g({onInputCapture:!0})}},keyDown:{phasedRegistrationNames:{bubbled:g({onKeyDown:!0}),captured:g({onKeyDownCapture:!0})}},keyPress:{phasedRegistrationNames:{bubbled:g({onKeyPress:!0}),captured:g({onKeyPressCapture:!0})}},keyUp:{phasedRegistrationNames:{bubbled:g({onKeyUp:!0}),captured:g({onKeyUpCapture:!0})}},load:{phasedRegistrationNames:{bubbled:g({onLoad:!0}),captured:g({onLoadCapture:!0})}},error:{phasedRegistrationNames:{bubbled:g({onError:!0}),captured:g({onErrorCapture:!0})}},mouseDown:{phasedRegistrationNames:{bubbled:g({onMouseDown:!0}),captured:g({onMouseDownCapture:!0})}},mouseMove:{phasedRegistrationNames:{bubbled:g({onMouseMove:!0}),captured:g({onMouseMoveCapture:!0})}},mouseOut:{phasedRegistrationNames:{bubbled:g({onMouseOut:!0}),captured:g({onMouseOutCapture:!0})}},mouseOver:{phasedRegistrationNames:{bubbled:g({onMouseOver:!0}),captured:g({onMouseOverCapture:!0})}},mouseUp:{phasedRegistrationNames:{bubbled:g({onMouseUp:!0}),captured:g({onMouseUpCapture:!0})}},paste:{phasedRegistrationNames:{bubbled:g({onPaste:!0}),captured:g({onPasteCapture:!0})}},reset:{phasedRegistrationNames:{bubbled:g({onReset:!0}),captured:g({onResetCapture:!0})}},scroll:{phasedRegistrationNames:{bubbled:g({onScroll:!0}),captured:g({onScrollCapture:!0})}},submit:{phasedRegistrationNames:{bubbled:g({onSubmit:!0}),captured:g({onSubmitCapture:!0})}},touchCancel:{phasedRegistrationNames:{bubbled:g({onTouchCancel:!0}),captured:g({onTouchCancelCapture:!0})}},touchEnd:{phasedRegistrationNames:{bubbled:g({onTouchEnd:!0}),captured:g({onTouchEndCapture:!0})}},touchMove:{phasedRegistrationNames:{bubbled:g({onTouchMove:!0}),captured:g({onTouchMoveCapture:!0})}},touchStart:{phasedRegistrationNames:{bubbled:g({onTouchStart:!0}),captured:g({onTouchStartCapture:!0})}},wheel:{phasedRegistrationNames:{bubbled:g({onWheel:!0}),captured:g({onWheelCapture:!0})}}},E={topBlur:C.blur,topClick:C.click,topContextMenu:C.contextMenu,topCopy:C.copy,topCut:C.cut,topDoubleClick:C.doubleClick,topDrag:C.drag,topDragEnd:C.dragEnd,topDragEnter:C.dragEnter,topDragExit:C.dragExit,topDragLeave:C.dragLeave,topDragOver:C.dragOver,topDragStart:C.dragStart,topDrop:C.drop,topError:C.error,topFocus:C.focus,topInput:C.input,topKeyDown:C.keyDown,topKeyPress:C.keyPress,topKeyUp:C.keyUp,topLoad:C.load,topMouseDown:C.mouseDown,topMouseMove:C.mouseMove,topMouseOut:C.mouseOut,topMouseOver:C.mouseOver,topMouseUp:C.mouseUp,topPaste:C.paste,topReset:C.reset,topScroll:C.scroll,topSubmit:C.submit,topTouchCancel:C.touchCancel,topTouchEnd:C.touchEnd,topTouchMove:C.touchMove,topTouchStart:C.touchStart,topWheel:C.wheel};for(var b in E)E[b].dependencies=[b];var _={eventTypes:C,executeDispatch:function(e,t,n){var r=o.executeDispatch(e,t,n);r===!1&&(e.stopPropagation(),e.preventDefault())},extractEvents:function(e,t,n,r){var o=E[e];if(!o)return null;var g;switch(e){case y.topInput:case y.topLoad:case y.topError:case y.topReset:case y.topSubmit:g=u;break;case y.topKeyPress:if(0===m(r))return null;case y.topKeyDown:case y.topKeyUp:g=l;break;case y.topBlur:case y.topFocus:g=s;break;case y.topClick:if(2===r.button)return null;case y.topContextMenu:case y.topDoubleClick:case y.topMouseDown:case y.topMouseMove:case y.topMouseOut:case y.topMouseOver:case y.topMouseUp:g=c;break;case y.topDrag:case y.topDragEnd:case y.topDragEnter:case y.topDragExit:case y.topDragLeave:case y.topDragOver:case y.topDragStart:case y.topDrop:g=p;break;case y.topTouchCancel:case y.topTouchEnd:case y.topTouchMove:case y.topTouchStart:g=d;break;case y.topScroll:g=f;break;case y.topWheel:g=h;break;case y.topCopy:case y.topCut:case y.topPaste:g=a}v(g);var C=g.getPooled(o,n,r);return i.accumulateTwoPhaseDispatches(C),C}};t.exports=_},{100:100,120:120,133:133,139:139,15:15,150:150,19:19,20:20,90:90,92:92,93:93,94:94,96:96,97:97,98:98,99:99}],90:[function(e,t,n){"use strict";function r(e,t,n){o.call(this,e,t,n)}var o=e(93),i={clipboardData:function(e){return"clipboardData"in e?e.clipboardData:window.clipboardData}};o.augmentClass(r,i),t.exports=r},{93:93}],91:[function(e,t,n){"use strict";function r(e,t,n){o.call(this,e,t,n)}var o=e(93),i={data:null};o.augmentClass(r,i),t.exports=r},{93:93}],92:[function(e,t,n){"use strict";function r(e,t,n){o.call(this,e,t,n)}var o=e(97),i={dataTransfer:null};o.augmentClass(r,i),t.exports=r},{97:97}],93:[function(e,t,n){"use strict";function r(e,t,n){this.dispatchConfig=e,this.dispatchMarker=t,this.nativeEvent=n;var r=this.constructor.Interface;for(var o in r)if(r.hasOwnProperty(o)){var i=r[o];i?this[o]=i(n):this[o]=n[o]}var u=null!=n.defaultPrevented?n.defaultPrevented:n.returnValue===!1;u?this.isDefaultPrevented=a.thatReturnsTrue:this.isDefaultPrevented=a.thatReturnsFalse,this.isPropagationStopped=a.thatReturnsFalse}var o=e(28),i=e(27),a=e(112),u=e(123),s={type:null,target:u,currentTarget:a.thatReturnsNull,eventPhase:null,bubbles:null,cancelable:null,timeStamp:function(e){return e.timeStamp||Date.now()},defaultPrevented:null,isTrusted:null};i(r.prototype,{preventDefault:function(){this.defaultPrevented=!0;var e=this.nativeEvent;e.preventDefault?e.preventDefault():e.returnValue=!1,this.isDefaultPrevented=a.thatReturnsTrue},stopPropagation:function(){var e=this.nativeEvent;e.stopPropagation?e.stopPropagation():e.cancelBubble=!0,this.isPropagationStopped=a.thatReturnsTrue},persist:function(){this.isPersistent=a.thatReturnsTrue},isPersistent:a.thatReturnsFalse,destructor:function(){var e=this.constructor.Interface;for(var t in e)this[t]=null;this.dispatchConfig=null,this.dispatchMarker=null,this.nativeEvent=null}}),r.Interface=s,r.augmentClass=function(e,t){var n=this,r=Object.create(n.prototype);i(r,e.prototype),e.prototype=r,e.prototype.constructor=e,e.Interface=i({},n.Interface,t),e.augmentClass=n.augmentClass,o.addPoolingTo(e,o.threeArgumentPooler)},o.addPoolingTo(r,o.threeArgumentPooler),t.exports=r},{112:112,123:123,27:27,28:28}],94:[function(e,t,n){"use strict";function r(e,t,n){o.call(this,e,t,n)}var o=e(99),i={relatedTarget:null};o.augmentClass(r,i),t.exports=r},{99:99}],95:[function(e,t,n){"use strict";function r(e,t,n){o.call(this,e,t,n)}var o=e(93),i={data:null};o.augmentClass(r,i),t.exports=r},{93:93}],96:[function(e,t,n){"use strict";function r(e,t,n){o.call(this,e,t,n)}var o=e(99),i=e(120),a=e(121),u=e(122),s={key:a,location:null,ctrlKey:null,shiftKey:null,altKey:null,metaKey:null,repeat:null,locale:null,getModifierState:u,charCode:function(e){return"keypress"===e.type?i(e):0},keyCode:function(e){return"keydown"===e.type||"keyup"===e.type?e.keyCode:0},which:function(e){return"keypress"===e.type?i(e):"keydown"===e.type||"keyup"===e.type?e.keyCode:0}};o.augmentClass(r,s),t.exports=r},{120:120,121:121,122:122,99:99}],97:[function(e,t,n){"use strict";function r(e,t,n){o.call(this,e,t,n)}var o=e(99),i=e(102),a=e(122),u={screenX:null,screenY:null,clientX:null,clientY:null,ctrlKey:null,shiftKey:null,altKey:null,metaKey:null,getModifierState:a,button:function(e){var t=e.button;return"which"in e?t:2===t?2:4===t?1:0},buttons:null,relatedTarget:function(e){return e.relatedTarget||(e.fromElement===e.srcElement?e.toElement:e.fromElement)},pageX:function(e){return"pageX"in e?e.pageX:e.clientX+i.currentScrollLeft},pageY:function(e){return"pageY"in e?e.pageY:e.clientY+i.currentScrollTop}};o.augmentClass(r,u),t.exports=r},{102:102,122:122,99:99}],98:[function(e,t,n){"use strict";function r(e,t,n){o.call(this,e,t,n)}var o=e(99),i=e(122),a={touches:null,targetTouches:null,changedTouches:null,altKey:null,metaKey:null,ctrlKey:null,shiftKey:null,getModifierState:i};o.augmentClass(r,a),t.exports=r},{122:122,99:99}],99:[function(e,t,n){"use strict";function r(e,t,n){o.call(this,e,t,n)}var o=e(93),i=e(123),a={view:function(e){if(e.view)return e.view;var t=i(e);if(null!=t&&t.window===t)return t;var n=t.ownerDocument;return n?n.defaultView||n.parentWindow:window},detail:function(e){return e.detail||0}};o.augmentClass(r,a),t.exports=r},{123:123,93:93}],100:[function(e,t,n){"use strict";function r(e,t,n){o.call(this,e,t,n)}var o=e(97),i={deltaX:function(e){return"deltaX"in e?e.deltaX:"wheelDeltaX"in e?-e.wheelDeltaX:0},deltaY:function(e){return"deltaY"in e?e.deltaY:"wheelDeltaY"in e?-e.wheelDeltaY:"wheelDelta"in e?-e.wheelDelta:0},deltaZ:null,deltaMode:null};o.augmentClass(r,i),t.exports=r},{97:97}],101:[function(e,t,n){"use strict";var r=e(133),o={reinitializeTransaction:function(){this.transactionWrappers=this.getTransactionWrappers(),this.wrapperInitData?this.wrapperInitData.length=0:this.wrapperInitData=[],this._isInTransaction=!1},_isInTransaction:!1,getTransactionWrappers:null,isInTransaction:function(){return!!this._isInTransaction},perform:function(e,t,n,o,i,a,u,s){r(!this.isInTransaction());var l,c;try{this._isInTransaction=!0,l=!0,this.initializeAll(0),c=e.call(t,n,o,i,a,u,s),l=!1}finally{try{if(l)try{this.closeAll(0)}catch(p){}else this.closeAll(0)}finally{this._isInTransaction=!1}}return c},initializeAll:function(e){for(var t=this.transactionWrappers,n=e;n<t.length;n++){var r=t[n];try{this.wrapperInitData[n]=i.OBSERVED_ERROR,this.wrapperInitData[n]=r.initialize?r.initialize.call(this):null}finally{if(this.wrapperInitData[n]===i.OBSERVED_ERROR)try{this.initializeAll(n+1)}catch(o){}}}},closeAll:function(e){r(this.isInTransaction());for(var t=this.transactionWrappers,n=e;n<t.length;n++){var o,a=t[n],u=this.wrapperInitData[n];try{o=!0,u!==i.OBSERVED_ERROR&&a.close&&a.close.call(this,u),o=!1}finally{if(o)try{this.closeAll(n+1)}catch(s){}}}this.wrapperInitData.length=0}},i={Mixin:o,OBSERVED_ERROR:{}};t.exports=i},{133:133}],102:[function(e,t,n){"use strict";var r={currentScrollLeft:0,currentScrollTop:0,refreshScrollValues:function(e){r.currentScrollLeft=e.x,r.currentScrollTop=e.y}};t.exports=r},{}],103:[function(e,t,n){"use strict";function r(e,t){if(o(null!=t),null==e)return t;var n=Array.isArray(e),r=Array.isArray(t);return n&&r?(e.push.apply(e,t),e):n?(e.push(t),e):r?[e].concat(t):[e,t]}var o=e(133);t.exports=r},{133:133}],104:[function(e,t,n){"use strict";function r(e){for(var t=1,n=0,r=0;r<e.length;r++)t=(t+e.charCodeAt(r))%o,n=(n+t)%o;return t|n<<16}var o=65521;t.exports=r},{}],105:[function(e,t,n){function r(e){return e.replace(o,function(e,t){return t.toUpperCase()})}var o=/-(.)/g;t.exports=r},{}],106:[function(e,t,n){"use strict";function r(e){return o(e.replace(i,"ms-"))}var o=e(105),i=/^-ms-/;t.exports=r},{105:105}],107:[function(e,t,n){function r(e,t){return e&&t?e===t?!0:o(e)?!1:o(t)?r(e,t.parentNode):e.contains?e.contains(t):e.compareDocumentPosition?!!(16&e.compareDocumentPosition(t)):!1:!1}var o=e(137);t.exports=r},{137:137}],108:[function(e,t,n){function r(e){return!!e&&("object"==typeof e||"function"==typeof e)&&"length"in e&&!("setInterval"in e)&&"number"!=typeof e.nodeType&&(Array.isArray(e)||"callee"in e||"item"in e)}function o(e){return r(e)?Array.isArray(e)?e.slice():i(e):[e]}var i=e(148);t.exports=o},{148:148}],109:[function(e,t,n){"use strict";function r(e){var t=i.createFactory(e),n=o.createClass({tagName:e.toUpperCase(),displayName:"ReactFullPageComponent"+e,componentWillUnmount:function(){a(!1)},render:function(){return t(this.props)}});return n}var o=e(33),i=e(55),a=e(133);t.exports=r},{133:133,33:33,55:55}],110:[function(e,t,n){function r(e){var t=e.match(c);return t&&t[1].toLowerCase()}function o(e,t){var n=l;s(!!l);var o=r(e),i=o&&u(o);if(i){n.innerHTML=i[1]+e+i[2];for(var c=i[0];c--;)n=n.lastChild}else n.innerHTML=e;var p=n.getElementsByTagName("script");p.length&&(s(t),a(p).forEach(t));for(var d=a(n.childNodes);n.lastChild;)n.removeChild(n.lastChild);return d}var i=e(21),a=e(108),u=e(125),s=e(133),l=i.canUseDOM?document.createElement("div"):null,c=/^\s*<(\w+)/;t.exports=o},{108:108,125:125,133:133,21:21}],111:[function(e,t,n){"use strict";function r(e,t){var n=null==t||"boolean"==typeof t||""===t;if(n)return"";var r=isNaN(t);return r||0===t||i.hasOwnProperty(e)&&i[e]?""+t:("string"==typeof t&&(t=t.trim()),t+"px")}var o=e(4),i=o.isUnitlessNumber;t.exports=r},{4:4}],112:[function(e,t,n){function r(e){return function(){return e}}function o(){}o.thatReturns=r,o.thatReturnsFalse=r(!1),o.thatReturnsTrue=r(!0),o.thatReturnsNull=r(null),o.thatReturnsThis=function(){return this},o.thatReturnsArgument=function(e){return e},t.exports=o},{}],113:[function(e,t,n){"use strict";var r={};t.exports=r},{}],114:[function(e,t,n){"use strict";function r(e){return i[e]}function o(e){return(""+e).replace(a,r)}var i={"&":"&amp;",">":"&gt;","<":"&lt;",'"':"&quot;","'":"&#x27;"},a=/[&><"']/g;t.exports=o},{}],115:[function(e,t,n){"use strict";function r(e){return null==e?null:u(e)?e:o.has(e)?i.getNodeFromInstance(e):(a(null==e.render||"function"!=typeof e.render),void a(!1))}{var o=(e(39),e(65)),i=e(68),a=e(133),u=e(135);e(150)}t.exports=r},{133:133,135:135,150:150,39:39,65:65,68:68}],116:[function(e,t,n){"use strict";function r(e,t,n){var r=e,o=!r.hasOwnProperty(n);o&&null!=t&&(r[n]=t)}function o(e){if(null==e)return e;var t={};return i(e,r,t),t}{var i=e(149);e(150)}t.exports=o},{149:149,150:150}],117:[function(e,t,n){"use strict";function r(e){try{e.focus()}catch(t){}}t.exports=r},{}],118:[function(e,t,n){"use strict";var r=function(e,t,n){Array.isArray(e)?e.forEach(t,n):e&&t.call(n,e)};t.exports=r},{}],119:[function(e,t,n){function r(){try{return document.activeElement||document.body}catch(e){return document.body}}t.exports=r},{}],120:[function(e,t,n){"use strict";function r(e){var t,n=e.keyCode;return"charCode"in e?(t=e.charCode,0===t&&13===n&&(t=13)):t=n,t>=32||13===t?t:0}t.exports=r},{}],121:[function(e,t,n){"use strict";function r(e){if(e.key){var t=i[e.key]||e.key;if("Unidentified"!==t)return t}if("keypress"===e.type){var n=o(e);return 13===n?"Enter":String.fromCharCode(n)}return"keydown"===e.type||"keyup"===e.type?a[e.keyCode]||"Unidentified":""}var o=e(120),i={Esc:"Escape",Spacebar:" ",Left:"ArrowLeft",Up:"ArrowUp",Right:"ArrowRight",Down:"ArrowDown",Del:"Delete",Win:"OS",Menu:"ContextMenu",Apps:"ContextMenu",Scroll:"ScrollLock",MozPrintableKey:"Unidentified"},a={8:"Backspace",9:"Tab",12:"Clear",13:"Enter",16:"Shift",17:"Control",18:"Alt",19:"Pause",20:"CapsLock",27:"Escape",32:" ",33:"PageUp",34:"PageDown",35:"End",36:"Home",37:"ArrowLeft",38:"ArrowUp",39:"ArrowRight",40:"ArrowDown",45:"Insert",46:"Delete",112:"F1",113:"F2",114:"F3",115:"F4",116:"F5",117:"F6",118:"F7",119:"F8",120:"F9",121:"F10",122:"F11",123:"F12",144:"NumLock",145:"ScrollLock",224:"Meta"};t.exports=r},{120:120}],122:[function(e,t,n){"use strict";function r(e){var t=this,n=t.nativeEvent;if(n.getModifierState)return n.getModifierState(e);var r=i[e];return r?!!n[r]:!1}function o(e){return r}var i={Alt:"altKey",Control:"ctrlKey",Meta:"metaKey",Shift:"shiftKey"};t.exports=o},{}],123:[function(e,t,n){"use strict";function r(e){var t=e.target||e.srcElement||window;return 3===t.nodeType?t.parentNode:t}t.exports=r},{}],124:[function(e,t,n){"use strict";function r(e){var t=e&&(o&&e[o]||e[i]);return"function"==typeof t?t:void 0}var o="function"==typeof Symbol&&Symbol.iterator,i="@@iterator";t.exports=r},{}],125:[function(e,t,n){function r(e){return i(!!a),d.hasOwnProperty(e)||(e="*"),u.hasOwnProperty(e)||("*"===e?a.innerHTML="<link />":a.innerHTML="<"+e+"></"+e+">",u[e]=!a.firstChild),u[e]?d[e]:null}var o=e(21),i=e(133),a=o.canUseDOM?document.createElement("div"):null,u={circle:!0,defs:!0,ellipse:!0,g:!0,line:!0,linearGradient:!0,path:!0,polygon:!0,polyline:!0,radialGradient:!0,rect:!0,stop:!0,text:!0},s=[1,'<select multiple="true">',"</select>"],l=[1,"<table>","</table>"],c=[3,"<table><tbody><tr>","</tr></tbody></table>"],p=[1,"<svg>","</svg>"],d={"*":[1,"?<div>","</div>"],area:[1,"<map>","</map>"],col:[2,"<table><tbody></tbody><colgroup>","</colgroup></table>"],legend:[1,"<fieldset>","</fieldset>"],param:[1,"<object>","</object>"],tr:[2,"<table><tbody>","</tbody></table>"],optgroup:s,option:s,caption:l,colgroup:l,tbody:l,tfoot:l,thead:l,td:c,th:c,circle:p,defs:p,ellipse:p,g:p,line:p,linearGradient:p,path:p,polygon:p,polyline:p,radialGradient:p,rect:p,stop:p,text:p};t.exports=r},{133:133,21:21}],126:[function(e,t,n){"use strict";function r(e){for(;e&&e.firstChild;)e=e.firstChild;return e}function o(e){for(;e;){if(e.nextSibling)return e.nextSibling;e=e.parentNode}}function i(e,t){for(var n=r(e),i=0,a=0;n;){if(3===n.nodeType){if(a=i+n.textContent.length,t>=i&&a>=t)return{node:n,offset:t-i};i=a}n=r(o(n))}}t.exports=i},{}],127:[function(e,t,n){"use strict";function r(e){return e?e.nodeType===o?e.documentElement:e.firstChild:null}var o=9;t.exports=r},{}],128:[function(e,t,n){"use strict";function r(){return!i&&o.canUseDOM&&(i="textContent"in document.documentElement?"textContent":"innerText"),i}var o=e(21),i=null;t.exports=r},{21:21}],129:[function(e,t,n){"use strict";function r(e){return e===window?{x:window.pageXOffset||document.documentElement.scrollLeft,y:window.pageYOffset||document.documentElement.scrollTop}:{x:e.scrollLeft,y:e.scrollTop}}t.exports=r},{}],130:[function(e,t,n){function r(e){return e.replace(o,"-$1").toLowerCase()}var o=/([A-Z])/g;t.exports=r},{}],131:[function(e,t,n){"use strict";function r(e){return o(e).replace(i,"-ms-")}var o=e(130),i=/^ms-/;t.exports=r},{130:130}],132:[function(e,t,n){"use strict";function r(e){return"function"==typeof e&&"undefined"!=typeof e.prototype&&"function"==typeof e.prototype.mountComponent&&"function"==typeof e.prototype.receiveComponent}function o(e,t){var n;if((null===e||e===!1)&&(e=a.emptyElement),"object"==typeof e){var o=e;n=t===o.type&&"string"==typeof o.type?u.createInternalComponent(o):r(o.type)?new o.type(o):new c}else"string"==typeof e||"number"==typeof e?n=u.createInstanceForText(e):l(!1);return n.construct(e),n._mountIndex=0,n._mountImage=null,n}var i=e(37),a=e(57),u=e(71),s=e(27),l=e(133),c=(e(150),function(){});s(c.prototype,i.Mixin,{_instantiateReactComponent:o}),t.exports=o},{133:133,150:150,27:27,37:37,57:57,71:71}],133:[function(e,t,n){"use strict";var r=function(e,t,n,r,o,i,a,u){if(!e){var s;if(void 0===t)s=new Error("Minified exception occurred; use the non-minified dev environment for the full error message and additional helpful warnings.");else{var l=[n,r,o,i,a,u],c=0;s=new Error("Invariant Violation: "+t.replace(/%s/g,function(){return l[c++]}))}throw s.framesToPop=1,s}};t.exports=r},{}],134:[function(e,t,n){"use strict";function r(e,t){if(!i.canUseDOM||t&&!("addEventListener"in document))return!1;var n="on"+e,r=n in document;if(!r){var a=document.createElement("div");a.setAttribute(n,"return;"),r="function"==typeof a[n]}return!r&&o&&"wheel"===e&&(r=document.implementation.hasFeature("Events.wheel","3.0")),r}var o,i=e(21);i.canUseDOM&&(o=document.implementation&&document.implementation.hasFeature&&document.implementation.hasFeature("","")!==!0),t.exports=r},{21:21}],135:[function(e,t,n){function r(e){return!(!e||!("function"==typeof Node?e instanceof Node:"object"==typeof e&&"number"==typeof e.nodeType&&"string"==typeof e.nodeName))}t.exports=r},{}],136:[function(e,t,n){"use strict";function r(e){return e&&("INPUT"===e.nodeName&&o[e.type]||"TEXTAREA"===e.nodeName)}var o={color:!0,date:!0,datetime:!0,"datetime-local":!0,email:!0,month:!0,number:!0,password:!0,range:!0,search:!0,tel:!0,text:!0,time:!0,url:!0,week:!0};t.exports=r},{}],137:[function(e,t,n){function r(e){return o(e)&&3==e.nodeType}var o=e(135);t.exports=r},{135:135}],138:[function(e,t,n){"use strict";var r=e(133),o=function(e){var t,n={};r(e instanceof Object&&!Array.isArray(e));for(t in e)e.hasOwnProperty(t)&&(n[t]=t);return n};t.exports=o},{133:133}],139:[function(e,t,n){var r=function(e){var t;for(t in e)if(e.hasOwnProperty(t))return t;return null};t.exports=r},{}],140:[function(e,t,n){"use strict";function r(e,t,n){if(!e)return null;var r={};for(var i in e)o.call(e,i)&&(r[i]=t.call(n,e[i],i,e));return r}var o=Object.prototype.hasOwnProperty;t.exports=r},{}],141:[function(e,t,n){"use strict";function r(e){var t={};return function(n){return t.hasOwnProperty(n)||(t[n]=e.call(this,n)),t[n]}}t.exports=r},{}],142:[function(e,t,n){"use strict";function r(e){return i(o.isValidElement(e)),e}var o=e(55),i=e(133);t.exports=r},{133:133,55:55}],143:[function(e,t,n){"use strict";function r(e){return'"'+o(e)+'"'}var o=e(114);t.exports=r},{114:114}],144:[function(e,t,n){"use strict";var r=e(21),o=/^[ \r\n\t\f]/,i=/<(!--|link|noscript|meta|script|style)[ \r\n\t\f\/>]/,a=function(e,t){e.innerHTML=t};if("undefined"!=typeof MSApp&&MSApp.execUnsafeLocalFunction&&(a=function(e,t){MSApp.execUnsafeLocalFunction(function(){e.innerHTML=t})}),r.canUseDOM){var u=document.createElement("div");u.innerHTML=" ",""===u.innerHTML&&(a=function(e,t){if(e.parentNode&&e.parentNode.replaceChild(e,e),o.test(t)||"<"===t[0]&&i.test(t)){e.innerHTML="\ufeff"+t;var n=e.firstChild;1===n.data.length?e.removeChild(n):n.deleteData(0,1)}else e.innerHTML=t})}t.exports=a},{21:21}],145:[function(e,t,n){"use strict";var r=e(21),o=e(114),i=e(144),a=function(e,t){e.textContent=t};r.canUseDOM&&("textContent"in document.documentElement||(a=function(e,t){i(e,o(t))})),t.exports=a},{114:114,144:144,21:21}],146:[function(e,t,n){"use strict";function r(e,t){if(e===t)return!0;var n;for(n in e)if(e.hasOwnProperty(n)&&(!t.hasOwnProperty(n)||e[n]!==t[n]))return!1;for(n in t)if(t.hasOwnProperty(n)&&!e.hasOwnProperty(n))return!1;return!0}t.exports=r},{}],147:[function(e,t,n){"use strict";function r(e,t){if(null!=e&&null!=t){var n=typeof e,r=typeof t;if("string"===n||"number"===n)return"string"===r||"number"===r;if("object"===r&&e.type===t.type&&e.key===t.key){var o=e._owner===t._owner;return o}}return!1}e(150);t.exports=r},{150:150}],148:[function(e,t,n){function r(e){var t=e.length;if(o(!Array.isArray(e)&&("object"==typeof e||"function"==typeof e)),o("number"==typeof t),o(0===t||t-1 in e),e.hasOwnProperty)try{return Array.prototype.slice.call(e)}catch(n){}for(var r=Array(t),i=0;t>i;i++)r[i]=e[i];return r}var o=e(133);t.exports=r},{133:133}],149:[function(e,t,n){"use strict";function r(e){return v[e]}function o(e,t){return e&&null!=e.key?a(e.key):t.toString(36)}function i(e){return(""+e).replace(g,r)}function a(e){return"$"+i(e)}function u(e,t,n,r,i){var s=typeof e;if(("undefined"===s||"boolean"===s)&&(e=null),null===e||"string"===s||"number"===s||l.isValidElement(e))return r(i,e,""===t?h+o(e,0):t,n),1;var p,v,g,y=0;if(Array.isArray(e))for(var C=0;C<e.length;C++)p=e[C],v=(""!==t?t+m:h)+o(p,C),g=n+y,y+=u(p,v,g,r,i);else{var E=d(e);if(E){var b,_=E.call(e);if(E!==e.entries)for(var x=0;!(b=_.next()).done;)p=b.value,v=(""!==t?t+m:h)+o(p,x++),g=n+y,y+=u(p,v,g,r,i);else for(;!(b=_.next()).done;){var D=b.value;D&&(p=D[1],v=(""!==t?t+m:h)+a(D[0])+m+o(p,0),g=n+y,y+=u(p,v,g,r,i))}}else if("object"===s){f(1!==e.nodeType);var M=c.extract(e);for(var N in M)M.hasOwnProperty(N)&&(p=M[N],v=(""!==t?t+m:h)+a(N)+m+o(p,0),g=n+y,y+=u(p,v,g,r,i))}}return y}function s(e,t,n){return null==e?0:u(e,"",0,t,n)}var l=e(55),c=e(61),p=e(64),d=e(124),f=e(133),h=(e(150),p.SEPARATOR),m=":",v={"=":"=0",".":"=1",":":"=2"},g=/[=.:]/g;t.exports=s},{124:124,133:133,150:150,55:55,61:61,64:64}],150:[function(e,t,n){"use strict";var r=e(112),o=r;t.exports=o},{112:112}]},{},[1])(1)});
\ No newline at end of file
diff --git a/ext/installfiles/mac/ui/simpleajax.min.js b/ext/installfiles/mac/ui/simpleajax.min.js
new file mode 100644
index 0000000..bd15dbd
--- /dev/null
+++ b/ext/installfiles/mac/ui/simpleajax.min.js
@@ -0,0 +1,2 @@
+/** SimpleAjax v1.0.1 - MIT license - https://github.com/freelancephp/SimpleAjax */
+(function(window){var SimpleAjax=window.SimpleAjax={xhr:null,settings:{url:"",type:"GET",dataType:"text",async:true,cache:true,data:null,contentType:"application/x-www-form-urlencoded",success:null,error:null,complete:null,accepts:{text:"text/plain",html:"text/html",xml:"application/xml, text/xml",json:"application/json, text/javascript"}},call:function(a){var b=this,c=window.XMLHttpRequest?new XMLHttpRequest:new ActiveXObject("Microsoft.XMLHTTP"),d=function(a,b){var c={};for(var d in a)c[d]=typeof b[d]=="undefined"?a[d]:b[d];return c}(this.settings,a),e=function(){if(c.readyState==4){if(c.status>=200&&c.status<300||c.status===304){var a=d.dataType=="xml"?c.responseXML:c.responseText;if(d.dataType=="json")a=b.parseJSON(a);if(b.isFunction(d.success))d.success.call(d,a,c.status,c)}else{if(b.isFunction(d.error))d.error.call(d,c,c.status)}if(b.isFunction(d.complete))d.complete.call(d,c,c.status)}};this.xhr=c;if(!d.cache)d.url+=(d.url.indexOf("?")>-1?"&":"?")+"_nocache="+(new Date).getTime();if(d.data){if(d.type=="GET"){d.url+=(d.url.indexOf("?")>-1?"&":"?")+this.param(d.data);d.data=null}else{d.data=this.param(d.data)}}c.open(d.type,d.url,d.async);c.setRequestHeader("Content-type",d.contentType);if(d.dataType&&d.accepts[d.dataType])c.setRequestHeader("Accept",d.accepts[d.dataType]);if(d.async){c.onreadystatechange=e;c.send(d.data)}else{c.send(d.data);e()}return this},get:function(a,b,c){if(this.isFunction(b)){c=b;b=null}return this.call({url:a,type:"GET",data:b,success:c})},post:function(a,b,c){if(this.isFunction(b)){c=b;b=null}return this.call({url:a,type:"POST",data:b,success:c})},load:function(a,b,c,d){if(typeof a=="string")a=document.getElementById(a);return this.call({url:b,type:c?"POST":"GET",data:c||null,complete:d||null,success:function(b){try{a.innerHTML=b}catch(c){var d=document.createElement("div");d.innerHTML=b;while(a.firstChild)a.removeChild(a.firstChild);for(var e=0,f=d.childNodes.length;e<f;e++)a.appendChild(d.childNodes[e])}}})},param:function(a){var b=[];for(var c in a){b.push(encodeURIComponent(c)+"="+encodeURIComponent(a[c]))}return b.join("&")},parseJSON:function(data){if(typeof data!=="string"||!data)return null;return eval("("+this.trim(data)+")")},trim:function(a){return a.replace(/^\s+/,"").replace(/\s+$/,"")},isFunction:function(a){return Object.prototype.toString.call(a)==="[object Function]"}};if(!window.Ajax){window.Ajax=SimpleAjax}})(window)
\ No newline at end of file
diff --git a/ext/installfiles/mac/ui/zerotier.css b/ext/installfiles/mac/ui/zerotier.css
new file mode 100644
index 0000000..9f72024
--- /dev/null
+++ b/ext/installfiles/mac/ui/zerotier.css
@@ -0,0 +1,199 @@
+/* Dark blue-grey: #234447
+ * Light blue-grey: #91a2a3
+ * Light yellow: #ffffcc
+ * Orange: #ffb354 */
+
+html,body {
+	font-family: "Helvetica Neue","Lucida Sans Unicode",sans-serif;
+	font-size: 12pt;
+	margin: 0;
+	padding: 0;
+	width: 100%;
+	height: 100%;
+	overflow: hidden;
+}
+
+.zeroTierAddress {
+	font-family: monospace;
+}
+
+.zeroTierNode {
+	width: 100%;
+	height: 100%;
+	padding: 0;
+	margin: 0;
+	display: table;
+}
+
+.zeroTierNode > .middle {
+	width: 100%;
+	height: 100%;
+	padding: 0;
+	margin: 0;
+	overflow: hidden;
+	display: table-row;
+}
+.zeroTierNode > .middle > .middleCell {
+	width: 100%;
+	height: 100%;
+	display: table-cell;
+	border-bottom: 1px solid #cfcfcf;
+}
+.zeroTierNode > .middle > .middleCell > .middleScroll {
+	display: block;
+	width: 100%;
+	height: 100%;
+	padding: 0;
+	margin: 0;
+	overflow: scroll;
+	overflow-x: hidden;
+	overflow-y: scroll;
+	background: #dddddd;
+}
+.zeroTierNode > .middle > .middleCell > .middleScroll > .networks {
+	display: block;
+	width: 100%;
+	padding: 0 0 0.25rem 0;
+	margin: 0;
+	border: 0;
+	text-align: left;
+	border-collapse: collapse;
+}
+.zeroTierNode > .middle > .middleCell > .middleScroll > .networks > .network {
+	display: block;
+	border-top: 0.12rem solid #dddddd;
+	border-bottom: 0.12rem solid #dddddd;
+	padding: 0.25rem;
+	background: #ffffff;
+}
+
+.zeroTierNode > .bottom {
+	font-size: 12pt;
+	width: 100%;
+	overflow: hidden;
+	display: table-row;
+	color: #000000;
+	background: #dfdfdf;
+}
+.zeroTierNode > .bottom > .left {
+	text-align: left;
+	white-space: nowrap;
+	float: left;
+	padding: 0 0 0 0.5rem;
+	font-size: 12pt;
+	height: 100%;
+}
+.zeroTierNode > .bottom > .left > .statusLine {
+	font-family: monospace;
+	white-space: nowrap;
+	font-size: 11pt;
+	height: 100%;
+}
+.zeroTierNode > .bottom > .right {
+	text-align: right;
+	height: 100%;
+	white-space: nowrap;
+	float: right;
+	font-size: 12pt;
+	background: #ffffff;
+}
+.zeroTierNode > .bottom > .right form {
+	height: 100%;
+}
+.zeroTierNode > .bottom > .right input {
+	font-family: monospace;
+	font-size: 12pt;
+	background: #ffffff;
+	color: #000000;
+	outline: none;
+	outline-style: none;
+	box-shadow: 0;
+	border: 0;
+	margin: 0;
+	padding: 0 0.25rem 0 0.25rem;
+	display: inline;
+	height: 100%;
+}
+.zeroTierNode > .bottom > .right button {
+	display: inline-block;
+	font-size: 12pt;
+	background: #ffb354;
+	border: 1px solid #ffb354;
+	color: #000000;
+	margin: 0;
+	padding: 0.05rem 0.75rem 0.05rem 0.75rem;
+	outline: none;
+	outline-style: none;
+	height: 100%;
+}
+.zeroTierNode > .bottom > .right button:hover {
+	cursor: pointer;
+	outline: none;
+	outline-style: none;
+	border: 1px solid #000000;
+}
+
+.zeroTierNetwork {
+	padding: 0;
+	margin: 0;
+	display: inline-block;
+	text-align: right;
+	width: 100%;
+	position: relative;
+}
+.zeroTierNetwork .networkInfo {
+	padding: 0 0 0.25rem 0;
+	text-align: left;
+	font-size: 12pt;
+}
+.zeroTierNetwork .networkInfo .networkId {
+	font-size: 11pt;
+	font-family: monospace;
+	color: #000000;
+}
+.zeroTierNetwork .networkInfo .networkName {
+	padding: 0 0 0 1rem;
+	float: right;
+	font-size: 12pt;
+}
+.zeroTierNetwork .networkProps {
+	width: 100%;
+	display: table;
+	padding: 0;
+	margin: 0 auto 0 auto;
+	border-top: 1px solid #999999;
+	border-bottom: 1px solid #999999;
+}
+.zeroTierNetwork .networkProps > .row {
+	display: table-row;
+}
+.zeroTierNetwork .networkProps > .row > .name {
+	display: table-cell;
+	font-size: 10pt;
+	padding: 0.1rem 0.5rem 0.1rem 0.5rem;
+}
+.zeroTierNetwork .networkProps > .row > .value {
+	font-size: 10pt;
+	display: table-cell;
+	padding: 0.1rem 0.5rem 0.1rem 0.5rem;
+	background: #eeeeee;
+}
+.zeroTierNetwork .ipList {
+}
+.zeroTierNetwork .ipAddress {
+	font-family: monospace;
+	font-size: 10pt;
+}
+.zeroTierNetwork .leaveNetworkButton {
+	padding: 0.25rem 0.5rem 0.25rem 0.5rem;
+	margin: 0.25rem 0 0 0;
+	font-size: 9pt;
+	background: #ffffff;
+	outline: none;
+	background: #ffb354;
+	border: 1px solid #ffb354;
+	cursor: pointer;
+}
+.zeroTierNetwork .leaveNetworkButton:hover {
+	border: 1px solid #000000;
+}
diff --git a/ext/installfiles/mac/ui/ztui.min.js b/ext/installfiles/mac/ui/ztui.min.js
new file mode 100644
index 0000000..1798283
--- /dev/null
+++ b/ext/installfiles/mac/ui/ztui.min.js
@@ -0,0 +1 @@
+var ZeroTierNetwork=React.createClass({displayName:"ZeroTierNetwork",getInitialState:function(){return{}},leaveNetwork:function(e){Ajax.call({url:"network/"+this.props.nwid+"?auth="+this.props.authToken,cache:!1,type:"DELETE",success:function(e){this.props.onNetworkDeleted&&this.props.onNetworkDeleted(this.props.nwid)}.bind(this),error:function(e){}.bind(this)}),e.preventDefault()},render:function(){return React.createElement("div",{className:"zeroTierNetwork"},React.createElement("div",{className:"networkInfo"},React.createElement("span",{className:"networkId"},this.props.nwid)," ",React.createElement("span",{className:"networkName"},this.props.name)),React.createElement("div",{className:"networkProps"},React.createElement("div",{className:"row"},React.createElement("div",{className:"name"},"Status"),React.createElement("div",{className:"value"},this.props.status)),React.createElement("div",{className:"row"},React.createElement("div",{className:"name"},"Type"),React.createElement("div",{className:"value"},this.props.type)),React.createElement("div",{className:"row"},React.createElement("div",{className:"name"},"MAC"),React.createElement("div",{className:"value zeroTierAddress"},this.props.mac)),React.createElement("div",{className:"row"},React.createElement("div",{className:"name"},"MTU"),React.createElement("div",{className:"value"},this.props.mtu)),React.createElement("div",{className:"row"},React.createElement("div",{className:"name"},"Broadcast"),React.createElement("div",{className:"value"},this.props.broadcastEnabled?"ENABLED":"DISABLED")),React.createElement("div",{className:"row"},React.createElement("div",{className:"name"},"Bridging"),React.createElement("div",{className:"value"},this.props.bridge?"ACTIVE":"DISABLED")),React.createElement("div",{className:"row"},React.createElement("div",{className:"name"},"Device"),React.createElement("div",{className:"value"},this.props.portDeviceName?this.props.portDeviceName:"(none)")),React.createElement("div",{className:"row"},React.createElement("div",{className:"name"},"Managed IPs"),React.createElement("div",{className:"value ipList"},this.props.assignedAddresses.map(function(e){return React.createElement("div",{key:e,className:"ipAddress"},e)})))),React.createElement("button",{type:"button",className:"leaveNetworkButton",onClick:this.leaveNetwork},"Leave Network"))}}); var ZeroTierNode=React.createClass({displayName:"ZeroTierNode",getInitialState:function(){return{address:"----------",online:!1,version:"_._._",_networks:[],_peers:[]}},ago:function(e){if(e>0){var t=Math.round((Date.now()-e)/1e3);return t>0?t:0}return 0},updatePeers:function(){Ajax.call({url:"peer?auth="+this.props.authToken,cache:!1,type:"GET",success:function(e){if(e){var t=JSON.parse(e);Array.isArray(t)&&this.setState({_peers:t})}}.bind(this),error:function(){}.bind(this)})},updateNetworks:function(){Ajax.call({url:"network?auth="+this.props.authToken,cache:!1,type:"GET",success:function(e){if(e){var t=JSON.parse(e);Array.isArray(t)&&this.setState({_networks:t})}}.bind(this),error:function(){}.bind(this)})},updateAll:function(){Ajax.call({url:"status?auth="+this.props.authToken,cache:!1,type:"GET",success:function(e){if(this.alertedToFailure=!1,e){var t=JSON.parse(e);this.setState(t),document.title="ZeroTier One ["+t.address+"]"}this.updateNetworks(),this.updatePeers()}.bind(this),error:function(){this.setState(this.getInitialState()),this.alertedToFailure||(this.alertedToFailure=!0,alert("Authorization token invalid or ZeroTier One service not running."))}.bind(this)})},joinNetwork:function(e){e.preventDefault(),this.networkToJoin&&16===this.networkToJoin.length?Ajax.call({url:"network/"+this.networkToJoin+"?auth="+this.props.authToken,cache:!1,type:"POST",success:function(e){this.networkToJoin="",this.networkInputElement&&(this.networkInputElement.value=""),this.updateNetworks()}.bind(this),error:function(){}.bind(this)}):alert("To join a network, enter its 16-digit network ID.")},handleNetworkIdEntry:function(e){this.networkInputElement=e.target;var t=this.networkInputElement.value;if(t){t=t.toLowerCase();for(var n="",a=0;a<t.length&&16>a;++a)"0123456789abcdef".indexOf(t.charAt(a))>=0&&(n+=t.charAt(a));this.networkToJoin=n,this.networkInputElement.value=n}else this.networkToJoin="",this.networkInputElement.value=""},handleNetworkDelete:function(e){for(var t=[],n=0;n<this.state._networks.length;++n)this.state._networks[n].nwid!==e&&t.push(this.state._networks[n]);this.setState({_networks:t})},componentDidMount:function(){this.updateAll(),this.updateIntervalId=setInterval(this.updateAll,2500)},componentWillUnmount:function(){clearInterval(this.updateIntervalId)},render:function(){return React.createElement("div",{className:"zeroTierNode"},React.createElement("div",{className:"middle"},React.createElement("div",{className:"middleCell"},React.createElement("div",{className:"middleScroll"},React.createElement("div",{className:"networks",key:"_networks"},this.state._networks.map(function(e){return e.authToken=this.props.authToken,e.onNetworkDeleted=this.handleNetworkDelete,React.createElement("div",{className:"network",key:e.nwid},React.createElement(ZeroTierNetwork,e))}.bind(this)))))),React.createElement("div",{className:"bottom"},React.createElement("div",{className:"left"},React.createElement("span",{className:"statusLine"},React.createElement("span",{className:"zeroTierAddress"},this.state.address),"  ",this.state.online?this.state.tcpFallbackActive?"TUNNELED":"ONLINE":"OFFLINE","  ",this.state.version)),React.createElement("div",{className:"right"},React.createElement("form",{onSubmit:this.joinNetwork},React.createElement("input",{type:"text",maxlength:"16",placeholder:"[ Network ID ]",onChange:this.handleNetworkIdEntry,size:"16"}),React.createElement("button",{type:"button",onClick:this.joinNetwork},"Join")))))}});
diff --git a/ext/installfiles/mac/uninstall.sh b/ext/installfiles/mac/uninstall.sh
new file mode 100755
index 0000000..d1effb9
--- /dev/null
+++ b/ext/installfiles/mac/uninstall.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+export PATH=/bin:/usr/bin:/sbin:/usr/sbin
+
+if [ "$UID" -ne 0 ]; then
+	echo "Must be run as root; try: sudo $0"
+	exit 1
+fi
+
+if [ ! -f '/Library/LaunchDaemons/com.zerotier.one.plist' ]; then
+	echo 'ZeroTier One does not seem to be installed.'
+	exit 1
+fi
+
+cd /
+
+echo 'Stopping any running ZeroTier One service...'
+launchctl unload '/Library/LaunchDaemons/com.zerotier.one.plist' >>/dev/null 2>&1
+sleep 1
+killall -TERM zerotier-one >>/dev/null 2>&1
+sleep 1
+killall -KILL zerotier-one >>/dev/null 2>&1
+
+echo "Making sure kext is unloaded..."
+kextunload '/Library/Application Support/ZeroTier/One/tap.kext' >>/dev/null 2>&1
+
+echo "Removing ZeroTier One files..."
+
+rm -rf '/Applications/ZeroTier One.app'
+rm -f '/usr/bin/zerotier-one' '/usr/bin/zerotier-idtool' '/usr/bin/zerotier-cli' '/Library/LaunchDaemons/com.zerotier.one.plist'
+mkdir -p /tmp/ZeroTierOne_uninstall_tmp
+cp "/Library/Application Support/ZeroTier/One/*.secret" /tmp/ZeroTierOne_uninstall_tmp
+rm -rf '/Library/Application Support/ZeroTier/One'
+mkdir -p '/Library/Application Support/ZeroTier/One'
+cp "/tmp/ZeroTierOne_uninstall_tmp/*.secret" '/Library/Application Support/ZeroTier/One'
+chmod 0600 "/Library/Application Support/ZeroTier/One/*.secret"
+rm -rf /tmp/ZeroTierOne_uninstall_tmp
+
+echo 'Uninstall complete.'
+echo
+echo 'Your identity and secret authentication token have been preserved in:'
+echo '  /Library/Application Support/ZeroTier/One'
+echo
+echo 'You can delete this folder and its contents if you do not intend to re-use'
+echo 'them.'
+echo
+
+exit 0
diff --git a/ext/installfiles/windows/ZeroTier One Virtual Network Port (NDIS6_x64).aip b/ext/installfiles/windows/ZeroTier One Virtual Network Port (NDIS6_x64).aip
new file mode 100644
index 0000000..a10cb1e
--- /dev/null
+++ b/ext/installfiles/windows/ZeroTier One Virtual Network Port (NDIS6_x64).aip	
@@ -0,0 +1,156 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<DOCUMENT Type="Advanced Installer" CreateVersion="12.0" version="12.3.1" Modules="enterprise" RootPath="." Language="en" Id="{4070644B-EC9F-4962-B14A-770B9E309DC3}">
+  <COMPONENT cid="caphyon.advinst.msicomp.ProjectOptionsComponent">
+    <ROW Name="HiddenItems" Value="UpdaterComponent;SerValComponent;AutorunComponent;MultipleInstancesComponent;MsiJavaComponent;MsiRegsComponent;MsiExtComponent;MsiAssemblyComponent;MsiServInstComponent;AnalyticsComponent;ActSyncAppComponent;MsiMergeModsComponent;MsiThemeComponent;BackgroundImagesComponent;DictionaryComponent;MsiEnvComponent;ScheduledTasksComponent;CPLAppletComponent;GameUxComponent;FirewallExceptionComponent;UserAccountsComponent;MsiClassComponent;WebApplicationsComponent;MsiOdbcDataSrcComponent;SqlConnectionComponent;SharePointSlnComponent;SilverlightSlnComponent;MsiAppSearchComponent"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiPropsComponent">
+    <ROW Property="AI_BITMAP_DISPLAY_MODE" Value="0"/>
+    <ROW Property="ALLUSERS" Value="1"/>
+    <ROW Property="ARPCOMMENTS" Value="This installer database contains the logic and data required to install [|ProductName]." ValueLocId="*"/>
+    <ROW Property="ARPNOMODIFY" MultiBuildValue="DefaultBuild:1"/>
+    <ROW Property="ARPNOREPAIR" Value="1"/>
+    <ROW Property="ARPPRODUCTICON" Value="ZeroTierIcon.exe" Type="8"/>
+    <ROW Property="ARPSYSTEMCOMPONENT" Value="1"/>
+    <ROW Property="ARPURLINFOABOUT" Value="https://www.zerotier.com/"/>
+    <ROW Property="LIMITUI" MultiBuildValue="DefaultBuild:1"/>
+    <ROW Property="MSIFASTINSTALL" MultiBuildValue="DefaultBuild:2"/>
+    <ROW Property="Manufacturer" Value="ZeroTier"/>
+    <ROW Property="ProductCode" Value="1033:{D7093B7A-71BA-484B-A27C-59ACDAD2206F} " Type="16"/>
+    <ROW Property="ProductLanguage" Value="1033"/>
+    <ROW Property="ProductName" Value="ZeroTier One Virtual Network Port"/>
+    <ROW Property="ProductVersion" Value="1.0.0" Type="32"/>
+    <ROW Property="SecureCustomProperties" Value="OLDPRODUCTS;AI_NEWERPRODUCTFOUND"/>
+    <ROW Property="UpgradeCode" Value="{88AA80DE-14CA-4443-B024-6EC13F3EDDAD}"/>
+    <ROW Property="WindowsType9X" MultiBuildValue="DefaultBuild:Windows 9x/ME" ValueLocId="-"/>
+    <ROW Property="WindowsType9XDisplay" MultiBuildValue="DefaultBuild:Windows 9x/ME" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNT" MultiBuildValue="DefaultBuild:Windows 2000, Windows 2000 Service Pack 1, Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows XP x86, Windows XP x86 Service Pack 1, Windows XP x86 Service Pack 2, Windows XP x86 Service Pack 3, Windows Server 2003 x86, Windows Server 2003 x86 Service Pack 1, Windows Server 2003 x86 Service Pack 2" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNT40" MultiBuildValue="DefaultBuild:Windows NT 4.0" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNT40Display" MultiBuildValue="DefaultBuild:Windows NT 4.0" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNT64" MultiBuildValue="DefaultBuild:Windows XP x64, Windows XP x64 Service Pack 1, Windows XP x64 Service Pack 2, Windows Server 2003 x64, Windows Server 2003 x64 Service Pack 1, Windows Server 2003 x64 Service Pack 2" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNT64Display" MultiBuildValue="DefaultBuild:Windows XP x64, Windows Server 2003 x64" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNTDisplay" MultiBuildValue="DefaultBuild:Windows 2000, Windows XP x86, Windows Server 2003 x86" ValueLocId="-"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiDirsComponent">
+    <ROW Directory="APPDIR" Directory_Parent="TARGETDIR" DefaultDir="APPDIR:." IsPseudoRoot="1"/>
+    <ROW Directory="TARGETDIR" DefaultDir="SourceDir"/>
+    <ROW Directory="zttap300_Dir" Directory_Parent="APPDIR" DefaultDir="zttap300"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiCompsComponent">
+    <ROW Component="ProductInformation" ComponentId="{FFBF63D7-E03E-4ACA-966A-824C3DF6DEED}" Directory_="APPDIR" Attributes="4" KeyPath="Version"/>
+    <ROW Component="zttap300.inf_2" ComponentId="{CB0C4519-617F-4DB5-9BF5-C6CFC6573F9C}" Directory_="zttap300_Dir" Attributes="256" Condition="VersionNT64" KeyPath="zttap300.inf"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiFeatsComponent">
+    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="ProductInformation"/>
+    <ROW Feature="zttap300" Feature_Parent="MainFeature" Title="zttap300" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="zttap300.inf_2"/>
+    <ATTRIBUTE name="CurrentFeature" value="MainFeature"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiFilesComponent">
+    <ROW File="zttap300.cat" Component_="zttap300.inf_2" FileName="zttap300.cat" Attributes="0" SourcePath="..\..\bin\tap-windows-ndis6\x64\zttap300.cat" SelfReg="false"/>
+    <ROW File="zttap300.inf" Component_="zttap300.inf_2" FileName="zttap300.inf" Attributes="0" SourcePath="..\..\bin\tap-windows-ndis6\x64\zttap300.inf" SelfReg="false" NextFile="zttap300.sys"/>
+    <ROW File="zttap300.sys" Component_="zttap300.inf_2" FileName="zttap300.sys" Attributes="0" SourcePath="..\..\bin\tap-windows-ndis6\x64\zttap300.sys" SelfReg="false" NextFile="zttap300.cat"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.BuildComponent">
+    <ROW BuildKey="DefaultBuild" BuildName="DefaultBuild" BuildOrder="1" BuildType="1" PackageFolder="..\..\.." PackageFileName="ZeroTierOne_NDIS6_x64" Languages="en" InstallationType="4" UseLargeSchema="true" MsiPackageType="x64"/>
+    <ATTRIBUTE name="CurrentBuild" value="DefaultBuild"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.DictionaryComponent">
+    <ROW Path="&lt;AI_DICTS&gt;ui.ail"/>
+    <ROW Path="&lt;AI_DICTS&gt;ui_en.ail"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.DigCertStoreComponent">
+    <ROW TimeStampUrl="http://timestamp.verisign.com/scripts/timstamp.dll" SignerDescription="[|ProductName]" SignOptions="7" SignTool="0" Thumbprint="2ad023dc7aa92bf4265b33852a2ed2406d2bee86 Subject: ZeroTier Networks LLC&#10;Issuer: DigiCert High Assurance Code Signing CA-1&#10;Valid from 04/24/2015 to 04/01/2016"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.FragmentComponent">
+    <ROW Fragment="CommonUI.aip" Path="&lt;AI_FRAGS&gt;CommonUI.aip"/>
+    <ROW Fragment="FolderDlg.aip" Path="&lt;AI_THEMES&gt;classic\fragments\FolderDlg.aip"/>
+    <ROW Fragment="MaintenanceTypeDlg.aip" Path="&lt;AI_THEMES&gt;classic\fragments\MaintenanceTypeDlg.aip"/>
+    <ROW Fragment="MaintenanceWelcomeDlg.aip" Path="&lt;AI_THEMES&gt;classic\fragments\MaintenanceWelcomeDlg.aip"/>
+    <ROW Fragment="SequenceDialogs.aip" Path="&lt;AI_THEMES&gt;classic\fragments\SequenceDialogs.aip"/>
+    <ROW Fragment="Sequences.aip" Path="&lt;AI_FRAGS&gt;Sequences.aip"/>
+    <ROW Fragment="StaticUIStrings.aip" Path="&lt;AI_FRAGS&gt;StaticUIStrings.aip"/>
+    <ROW Fragment="UI.aip" Path="&lt;AI_THEMES&gt;classic\fragments\UI.aip"/>
+    <ROW Fragment="Validation.aip" Path="&lt;AI_FRAGS&gt;Validation.aip"/>
+    <ROW Fragment="VerifyRemoveDlg.aip" Path="&lt;AI_THEMES&gt;classic\fragments\VerifyRemoveDlg.aip"/>
+    <ROW Fragment="VerifyRepairDlg.aip" Path="&lt;AI_THEMES&gt;classic\fragments\VerifyRepairDlg.aip"/>
+    <ROW Fragment="WelcomeDlg.aip" Path="&lt;AI_THEMES&gt;classic\fragments\WelcomeDlg.aip"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiBinaryComponent">
+    <ROW Name="aicustact.dll" SourcePath="&lt;AI_CUSTACTS&gt;aicustact.dll"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiConditionComponent">
+    <ROW Feature_="zttap300" Level="0" Condition="((VersionNT &lt; 500) OR (NOT VersionNT))"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiControlEventComponent">
+    <ROW Dialog_="WelcomeDlg" Control_="Next" Event="NewDialog" Argument="FolderDlg" Condition="AI_INSTALL" Ordering="1"/>
+    <ROW Dialog_="FolderDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_INSTALL" Ordering="201"/>
+    <ROW Dialog_="FolderDlg" Control_="Back" Event="NewDialog" Argument="WelcomeDlg" Condition="AI_INSTALL" Ordering="1"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Install" Event="EndDialog" Argument="Return" Condition="AI_INSTALL" Ordering="197"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Back" Event="NewDialog" Argument="FolderDlg" Condition="AI_INSTALL" Ordering="201"/>
+    <ROW Dialog_="MaintenanceWelcomeDlg" Control_="Next" Event="NewDialog" Argument="MaintenanceTypeDlg" Condition="AI_MAINT" Ordering="99"/>
+    <ROW Dialog_="CustomizeDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_MAINT" Ordering="101"/>
+    <ROW Dialog_="CustomizeDlg" Control_="Back" Event="NewDialog" Argument="MaintenanceTypeDlg" Condition="AI_MAINT" Ordering="1"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Install" Event="EndDialog" Argument="Return" Condition="AI_MAINT" Ordering="198"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Back" Event="NewDialog" Argument="CustomizeDlg" Condition="AI_MAINT" Ordering="202"/>
+    <ROW Dialog_="MaintenanceTypeDlg" Control_="ChangeButton" Event="NewDialog" Argument="CustomizeDlg" Condition="AI_MAINT" Ordering="501"/>
+    <ROW Dialog_="MaintenanceTypeDlg" Control_="Back" Event="NewDialog" Argument="MaintenanceWelcomeDlg" Condition="AI_MAINT" Ordering="1"/>
+    <ROW Dialog_="MaintenanceTypeDlg" Control_="RemoveButton" Event="NewDialog" Argument="VerifyRemoveDlg" Condition="AI_MAINT AND InstallMode=&quot;Remove&quot;" Ordering="601"/>
+    <ROW Dialog_="VerifyRemoveDlg" Control_="Back" Event="NewDialog" Argument="MaintenanceTypeDlg" Condition="AI_MAINT AND InstallMode=&quot;Remove&quot;" Ordering="1"/>
+    <ROW Dialog_="MaintenanceTypeDlg" Control_="RepairButton" Event="NewDialog" Argument="VerifyRepairDlg" Condition="AI_MAINT AND InstallMode=&quot;Repair&quot;" Ordering="601"/>
+    <ROW Dialog_="VerifyRepairDlg" Control_="Back" Event="NewDialog" Argument="MaintenanceTypeDlg" Condition="AI_MAINT AND InstallMode=&quot;Repair&quot;" Ordering="1"/>
+    <ROW Dialog_="VerifyRepairDlg" Control_="Repair" Event="EndDialog" Argument="Return" Condition="AI_MAINT AND InstallMode=&quot;Repair&quot;" Ordering="399" Options="1"/>
+    <ROW Dialog_="VerifyRemoveDlg" Control_="Remove" Event="EndDialog" Argument="Return" Condition="AI_MAINT AND InstallMode=&quot;Remove&quot;" Ordering="299" Options="1"/>
+    <ROW Dialog_="PatchWelcomeDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_PATCH" Ordering="201"/>
+    <ROW Dialog_="ResumeDlg" Control_="Install" Event="EndDialog" Argument="Return" Condition="AI_RESUME" Ordering="299"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Install" Event="EndDialog" Argument="Return" Condition="AI_PATCH" Ordering="199"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Back" Event="NewDialog" Argument="PatchWelcomeDlg" Condition="AI_PATCH" Ordering="203"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiCustActComponent">
+    <ROW Action="AI_DOWNGRADE" Type="19" Target="4010"/>
+    <ROW Action="AI_DpiContentScale" Type="1" Source="aicustact.dll" Target="DpiContentScale"/>
+    <ROW Action="AI_InstallModeCheck" Type="1" Source="aicustact.dll" Target="UpdateInstallMode" WithoutSeq="true"/>
+    <ROW Action="AI_PREPARE_UPGRADE" Type="65" Source="aicustact.dll" Target="PrepareUpgrade"/>
+    <ROW Action="AI_RESTORE_LOCATION" Type="65" Source="aicustact.dll" Target="RestoreLocation"/>
+    <ROW Action="AI_ResolveKnownFolders" Type="1" Source="aicustact.dll" Target="AI_ResolveKnownFolders"/>
+    <ROW Action="AI_SHOW_LOG" Type="65" Source="aicustact.dll" Target="LaunchLogFile" WithoutSeq="true"/>
+    <ROW Action="AI_STORE_LOCATION" Type="51" Source="ARPINSTALLLOCATION" Target="[APPDIR]"/>
+    <ROW Action="SET_APPDIR" Type="307" Source="APPDIR" Target="[ProgramFilesFolder][Manufacturer]\[ProductName]" MultiBuildTarget="DefaultBuild:[ProgramFiles64Folder][Manufacturer]\[ProductName]"/>
+    <ROW Action="SET_SHORTCUTDIR" Type="307" Source="SHORTCUTDIR" Target="[ProgramMenuFolder][ProductName]"/>
+    <ROW Action="SET_TARGETDIR_TO_APPDIR" Type="51" Source="TARGETDIR" Target="[APPDIR]"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiDriverPackagesComponent">
+    <ROW InfFileName="zttap300.inf" Flags="6"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiIconsComponent">
+    <ROW Name="ZeroTierIcon.exe" SourcePath="..\..\..\artwork\ZeroTierIcon.ico" Index="0"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiInstExSeqComponent">
+    <ROW Action="AI_DOWNGRADE" Condition="AI_NEWERPRODUCTFOUND AND (UILevel &lt;&gt; 5)" Sequence="210"/>
+    <ROW Action="AI_RESTORE_LOCATION" Condition="APPDIR=&quot;&quot;" Sequence="749"/>
+    <ROW Action="AI_STORE_LOCATION" Condition="(Not Installed) OR REINSTALL" Sequence="1501"/>
+    <ROW Action="AI_PREPARE_UPGRADE" Condition="AI_UPGRADE=&quot;No&quot; AND (Not Installed)" Sequence="1399"/>
+    <ROW Action="AI_ResolveKnownFolders" Sequence="51"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiInstallUISequenceComponent">
+    <ROW Action="AI_RESTORE_LOCATION" Condition="APPDIR=&quot;&quot;" Sequence="749"/>
+    <ROW Action="AI_ResolveKnownFolders" Sequence="52"/>
+    <ROW Action="AI_DpiContentScale" Sequence="51"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiLaunchConditionsComponent">
+    <ROW Condition="( Version9X OR ( NOT VersionNT64 ) OR ( VersionNT64 AND ((VersionNT64 &lt;&gt; 502) OR (((VersionNT64 = 502) AND (ServicePackLevel &gt;= 1)) OR (MsiNTProductType &lt;&gt; 1))) AND ((VersionNT64 &lt;&gt; 502) OR (((VersionNT64 = 502) AND (ServicePackLevel &lt;&gt; 1)) OR (MsiNTProductType &lt;&gt; 1))) AND ((VersionNT64 &lt;&gt; 502) OR (((VersionNT64 = 502) AND (ServicePackLevel &lt;&gt; 2)) OR (MsiNTProductType &lt;&gt; 1))) AND ((VersionNT64 &lt;&gt; 502) OR ((VersionNT64 = 502) AND ((MsiNTProductType = 1) OR (ServicePackLevel &gt;= 1)))) AND ((VersionNT64 &lt;&gt; 502) OR ((VersionNT64 = 502) AND ((MsiNTProductType = 1) OR (ServicePackLevel &lt;&gt; 1)))) AND ((VersionNT64 &lt;&gt; 502) OR ((VersionNT64 = 502) AND ((MsiNTProductType = 1) OR (ServicePackLevel &lt;&gt; 2)))) ) )" Description="[ProductName] cannot be installed on the following Windows versions: [WindowsTypeNT64Display]" DescriptionLocId="AI.LaunchCondition.NoSpecificNT64" IsPredefined="true" Builds="DefaultBuild"/>
+    <ROW Condition="( Version9X OR VersionNT64 OR ( VersionNT AND ((VersionNT &lt;&gt; 500) OR ((VersionNT = 500) AND (ServicePackLevel &gt;= 1))) AND ((VersionNT &lt;&gt; 500) OR ((VersionNT = 500) AND (ServicePackLevel &lt;&gt; 1))) AND ((VersionNT &lt;&gt; 500) OR ((VersionNT = 500) AND (ServicePackLevel &lt;&gt; 2))) AND ((VersionNT &lt;&gt; 500) OR ((VersionNT = 500) AND (ServicePackLevel &lt;&gt; 3))) AND ((VersionNT &lt;&gt; 500) OR ((VersionNT = 500) AND (ServicePackLevel &lt;&gt; 4))) AND (((VersionNT &lt;&gt; 501) OR ((VersionNT = 501) AND (ServicePackLevel &gt;= 1))) OR VersionNT64) AND (((VersionNT &lt;&gt; 501) OR ((VersionNT = 501) AND (ServicePackLevel &lt;&gt; 1))) OR VersionNT64) AND (((VersionNT &lt;&gt; 501) OR ((VersionNT = 501) AND (ServicePackLevel &lt;&gt; 2))) OR VersionNT64) AND (((VersionNT &lt;&gt; 501) OR ((VersionNT = 501) AND (ServicePackLevel &lt;&gt; 3))) OR VersionNT64) AND (((VersionNT &lt;&gt; 502) OR ((VersionNT = 502) AND (ServicePackLevel &gt;= 1))) OR VersionNT64) AND (((VersionNT &lt;&gt; 502) OR ((VersionNT = 502) AND (ServicePackLevel &lt;&gt; 1))) OR VersionNT64) AND (((VersionNT &lt;&gt; 502) OR ((VersionNT = 502) AND (ServicePackLevel &lt;&gt; 2))) OR VersionNT64) ) )" Description="[ProductName] cannot be installed on the following Windows versions: [WindowsTypeNTDisplay]" DescriptionLocId="AI.LaunchCondition.NoSpecificNT" IsPredefined="true" Builds="DefaultBuild"/>
+    <ROW Condition="(VersionNT &lt;&gt; 400)" Description="[ProductName] cannot be installed on the following Windows versions: [WindowsTypeNT40Display]" DescriptionLocId="AI.LaunchCondition.NoNT40" IsPredefined="true" Builds="DefaultBuild"/>
+    <ROW Condition="Privileged" Description="[ProductName] requires administrative privileges to install." DescriptionLocId="AI.LaunchCondition.Privileged" IsPredefined="true" Builds="DefaultBuild"/>
+    <ROW Condition="VersionNT" Description="[ProductName] cannot be installed on [WindowsType9XDisplay]" DescriptionLocId="AI.LaunchCondition.No9X" IsPredefined="true" Builds="DefaultBuild"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiRegsComponent">
+    <ROW Registry="Path" Root="-1" Key="Software\[Manufacturer]\[ProductName]" Name="Path" Value="[APPDIR]" Component_="ProductInformation"/>
+    <ROW Registry="Version" Root="-1" Key="Software\[Manufacturer]\[ProductName]" Name="Version" Value="[ProductVersion]" Component_="ProductInformation"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiThemeComponent">
+    <ATTRIBUTE name="UsedTheme" value="classic"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiUpgradeComponent">
+    <ROW UpgradeCode="[|UpgradeCode]" VersionMin="0.0.1" VersionMax="[|ProductVersion]" Attributes="257" ActionProperty="OLDPRODUCTS"/>
+    <ROW UpgradeCode="[|UpgradeCode]" VersionMin="[|ProductVersion]" Attributes="2" ActionProperty="AI_NEWERPRODUCTFOUND"/>
+  </COMPONENT>
+</DOCUMENT>
diff --git a/ext/installfiles/windows/ZeroTier One Virtual Network Port (NDIS6_x86).aip b/ext/installfiles/windows/ZeroTier One Virtual Network Port (NDIS6_x86).aip
new file mode 100644
index 0000000..831516d
--- /dev/null
+++ b/ext/installfiles/windows/ZeroTier One Virtual Network Port (NDIS6_x86).aip	
@@ -0,0 +1,157 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<DOCUMENT Type="Advanced Installer" CreateVersion="12.0" version="12.3.1" Modules="enterprise" RootPath="." Language="en" Id="{4070644B-EC9F-4962-B14A-770B9E309DC3}">
+  <COMPONENT cid="caphyon.advinst.msicomp.ProjectOptionsComponent">
+    <ROW Name="HiddenItems" Value="UpdaterComponent;SerValComponent;AutorunComponent;MultipleInstancesComponent;MsiJavaComponent;MsiRegsComponent;MsiExtComponent;MsiAssemblyComponent;MsiServInstComponent;AnalyticsComponent;ActSyncAppComponent;MsiMergeModsComponent;MsiThemeComponent;BackgroundImagesComponent;DictionaryComponent;MsiEnvComponent;ScheduledTasksComponent;CPLAppletComponent;GameUxComponent;FirewallExceptionComponent;UserAccountsComponent;MsiClassComponent;WebApplicationsComponent;MsiOdbcDataSrcComponent;SqlConnectionComponent;SharePointSlnComponent;SilverlightSlnComponent;MsiAppSearchComponent"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiPropsComponent">
+    <ROW Property="AI_BITMAP_DISPLAY_MODE" Value="0"/>
+    <ROW Property="ALLUSERS" Value="1"/>
+    <ROW Property="ARPCOMMENTS" Value="This installer database contains the logic and data required to install [|ProductName]." ValueLocId="*"/>
+    <ROW Property="ARPNOMODIFY" MultiBuildValue="DefaultBuild:1"/>
+    <ROW Property="ARPNOREPAIR" Value="1"/>
+    <ROW Property="ARPPRODUCTICON" Value="ZeroTierIcon.exe" Type="8"/>
+    <ROW Property="ARPSYSTEMCOMPONENT" Value="1"/>
+    <ROW Property="ARPURLINFOABOUT" Value="https://www.zerotier.com/"/>
+    <ROW Property="AiFeatIcozttap300" Value="ZeroTierIcon.exe" Type="8"/>
+    <ROW Property="LIMITUI" MultiBuildValue="DefaultBuild:1"/>
+    <ROW Property="MSIFASTINSTALL" MultiBuildValue="DefaultBuild:2"/>
+    <ROW Property="Manufacturer" Value="ZeroTier"/>
+    <ROW Property="ProductCode" Value="1033:{6223AB10-D6CD-4580-B357-91CCD7F355D2} " Type="16"/>
+    <ROW Property="ProductLanguage" Value="1033"/>
+    <ROW Property="ProductName" Value="ZeroTier One Virtual Network Port"/>
+    <ROW Property="ProductVersion" Value="1.0.0" Type="32"/>
+    <ROW Property="SecureCustomProperties" Value="OLDPRODUCTS;AI_NEWERPRODUCTFOUND"/>
+    <ROW Property="UpgradeCode" Value="{88AA80DE-14CA-4443-B024-6EC13F3EDDAD}"/>
+    <ROW Property="WindowsType9X" MultiBuildValue="DefaultBuild:Windows 9x/ME" ValueLocId="-"/>
+    <ROW Property="WindowsType9XDisplay" MultiBuildValue="DefaultBuild:Windows 9x/ME" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNT" MultiBuildValue="DefaultBuild:Windows 2000, Windows 2000 Service Pack 1, Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows XP x86, Windows XP x86 Service Pack 1, Windows XP x86 Service Pack 2, Windows XP x86 Service Pack 3, Windows Server 2003 x86, Windows Server 2003 x86 Service Pack 1, Windows Server 2003 x86 Service Pack 2" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNT40" MultiBuildValue="DefaultBuild:Windows NT 4.0" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNT40Display" MultiBuildValue="DefaultBuild:Windows NT 4.0" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNT64" MultiBuildValue="DefaultBuild:Windows XP x64, Windows XP x64 Service Pack 1, Windows XP x64 Service Pack 2, Windows Server 2003 x64, Windows Server 2003 x64 Service Pack 1, Windows Server 2003 x64 Service Pack 2" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNT64Display" MultiBuildValue="DefaultBuild:Windows XP x64, Windows Server 2003 x64" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNTDisplay" MultiBuildValue="DefaultBuild:Windows 2000, Windows XP x86, Windows Server 2003 x86" ValueLocId="-"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiDirsComponent">
+    <ROW Directory="APPDIR" Directory_Parent="TARGETDIR" DefaultDir="APPDIR:." IsPseudoRoot="1"/>
+    <ROW Directory="TARGETDIR" DefaultDir="SourceDir"/>
+    <ROW Directory="zttap300_Dir" Directory_Parent="APPDIR" DefaultDir="zttap300"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiCompsComponent">
+    <ROW Component="ProductInformation" ComponentId="{FFBF63D7-E03E-4ACA-966A-824C3DF6DEED}" Directory_="APPDIR" Attributes="4" KeyPath="Version"/>
+    <ROW Component="zttap300.inf_1" ComponentId="{07119034-A51F-4871-B503-09D1340FF248}" Directory_="zttap300_Dir" Attributes="0" Condition="(VersionNT &gt;= 500) AND NOT VersionNT64" KeyPath="zttap300.inf"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiFeatsComponent">
+    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="ProductInformation"/>
+    <ROW Feature="zttap300" Feature_Parent="MainFeature" Title="zttap300" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="zttap300.inf_1"/>
+    <ATTRIBUTE name="CurrentFeature" value="MainFeature"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiFilesComponent">
+    <ROW File="zttap300.cat" Component_="zttap300.inf_1" FileName="zttap300.cat" Attributes="0" SourcePath="..\..\bin\tap-windows-ndis6\x86\zttap300.cat" SelfReg="false"/>
+    <ROW File="zttap300.inf" Component_="zttap300.inf_1" FileName="zttap300.inf" Attributes="0" SourcePath="..\..\bin\tap-windows-ndis6\x86\zttap300.inf" SelfReg="false" NextFile="zttap300.sys"/>
+    <ROW File="zttap300.sys" Component_="zttap300.inf_1" FileName="zttap300.sys" Attributes="0" SourcePath="..\..\bin\tap-windows-ndis6\x86\zttap300.sys" SelfReg="false" NextFile="zttap300.cat"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.BuildComponent">
+    <ROW BuildKey="DefaultBuild" BuildName="DefaultBuild" BuildOrder="1" BuildType="1" PackageFolder="..\..\.." PackageFileName="ZeroTierOne_NDIS6_x86" Languages="en" InstallationType="4" UseLargeSchema="true"/>
+    <ATTRIBUTE name="CurrentBuild" value="DefaultBuild"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.DictionaryComponent">
+    <ROW Path="&lt;AI_DICTS&gt;ui.ail"/>
+    <ROW Path="&lt;AI_DICTS&gt;ui_en.ail"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.DigCertStoreComponent">
+    <ROW TimeStampUrl="http://timestamp.verisign.com/scripts/timstamp.dll" SignerDescription="[|ProductName]" SignOptions="7" SignTool="0" Thumbprint="2ad023dc7aa92bf4265b33852a2ed2406d2bee86 Subject: ZeroTier Networks LLC&#10;Issuer: DigiCert High Assurance Code Signing CA-1&#10;Valid from 04/24/2015 to 04/01/2016"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.FragmentComponent">
+    <ROW Fragment="CommonUI.aip" Path="&lt;AI_FRAGS&gt;CommonUI.aip"/>
+    <ROW Fragment="FolderDlg.aip" Path="&lt;AI_THEMES&gt;classic\fragments\FolderDlg.aip"/>
+    <ROW Fragment="MaintenanceTypeDlg.aip" Path="&lt;AI_THEMES&gt;classic\fragments\MaintenanceTypeDlg.aip"/>
+    <ROW Fragment="MaintenanceWelcomeDlg.aip" Path="&lt;AI_THEMES&gt;classic\fragments\MaintenanceWelcomeDlg.aip"/>
+    <ROW Fragment="SequenceDialogs.aip" Path="&lt;AI_THEMES&gt;classic\fragments\SequenceDialogs.aip"/>
+    <ROW Fragment="Sequences.aip" Path="&lt;AI_FRAGS&gt;Sequences.aip"/>
+    <ROW Fragment="StaticUIStrings.aip" Path="&lt;AI_FRAGS&gt;StaticUIStrings.aip"/>
+    <ROW Fragment="UI.aip" Path="&lt;AI_THEMES&gt;classic\fragments\UI.aip"/>
+    <ROW Fragment="Validation.aip" Path="&lt;AI_FRAGS&gt;Validation.aip"/>
+    <ROW Fragment="VerifyRemoveDlg.aip" Path="&lt;AI_THEMES&gt;classic\fragments\VerifyRemoveDlg.aip"/>
+    <ROW Fragment="VerifyRepairDlg.aip" Path="&lt;AI_THEMES&gt;classic\fragments\VerifyRepairDlg.aip"/>
+    <ROW Fragment="WelcomeDlg.aip" Path="&lt;AI_THEMES&gt;classic\fragments\WelcomeDlg.aip"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiBinaryComponent">
+    <ROW Name="aicustact.dll" SourcePath="&lt;AI_CUSTACTS&gt;aicustact.dll"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiConditionComponent">
+    <ROW Feature_="zttap300" Level="0" Condition="((VersionNT &lt; 500) OR (NOT VersionNT))"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiControlEventComponent">
+    <ROW Dialog_="WelcomeDlg" Control_="Next" Event="NewDialog" Argument="FolderDlg" Condition="AI_INSTALL" Ordering="1"/>
+    <ROW Dialog_="FolderDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_INSTALL" Ordering="201"/>
+    <ROW Dialog_="FolderDlg" Control_="Back" Event="NewDialog" Argument="WelcomeDlg" Condition="AI_INSTALL" Ordering="1"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Install" Event="EndDialog" Argument="Return" Condition="AI_INSTALL" Ordering="197"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Back" Event="NewDialog" Argument="FolderDlg" Condition="AI_INSTALL" Ordering="201"/>
+    <ROW Dialog_="MaintenanceWelcomeDlg" Control_="Next" Event="NewDialog" Argument="MaintenanceTypeDlg" Condition="AI_MAINT" Ordering="99"/>
+    <ROW Dialog_="CustomizeDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_MAINT" Ordering="101"/>
+    <ROW Dialog_="CustomizeDlg" Control_="Back" Event="NewDialog" Argument="MaintenanceTypeDlg" Condition="AI_MAINT" Ordering="1"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Install" Event="EndDialog" Argument="Return" Condition="AI_MAINT" Ordering="198"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Back" Event="NewDialog" Argument="CustomizeDlg" Condition="AI_MAINT" Ordering="202"/>
+    <ROW Dialog_="MaintenanceTypeDlg" Control_="ChangeButton" Event="NewDialog" Argument="CustomizeDlg" Condition="AI_MAINT" Ordering="501"/>
+    <ROW Dialog_="MaintenanceTypeDlg" Control_="Back" Event="NewDialog" Argument="MaintenanceWelcomeDlg" Condition="AI_MAINT" Ordering="1"/>
+    <ROW Dialog_="MaintenanceTypeDlg" Control_="RemoveButton" Event="NewDialog" Argument="VerifyRemoveDlg" Condition="AI_MAINT AND InstallMode=&quot;Remove&quot;" Ordering="601"/>
+    <ROW Dialog_="VerifyRemoveDlg" Control_="Back" Event="NewDialog" Argument="MaintenanceTypeDlg" Condition="AI_MAINT AND InstallMode=&quot;Remove&quot;" Ordering="1"/>
+    <ROW Dialog_="MaintenanceTypeDlg" Control_="RepairButton" Event="NewDialog" Argument="VerifyRepairDlg" Condition="AI_MAINT AND InstallMode=&quot;Repair&quot;" Ordering="601"/>
+    <ROW Dialog_="VerifyRepairDlg" Control_="Back" Event="NewDialog" Argument="MaintenanceTypeDlg" Condition="AI_MAINT AND InstallMode=&quot;Repair&quot;" Ordering="1"/>
+    <ROW Dialog_="VerifyRepairDlg" Control_="Repair" Event="EndDialog" Argument="Return" Condition="AI_MAINT AND InstallMode=&quot;Repair&quot;" Ordering="399" Options="1"/>
+    <ROW Dialog_="VerifyRemoveDlg" Control_="Remove" Event="EndDialog" Argument="Return" Condition="AI_MAINT AND InstallMode=&quot;Remove&quot;" Ordering="299" Options="1"/>
+    <ROW Dialog_="PatchWelcomeDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_PATCH" Ordering="201"/>
+    <ROW Dialog_="ResumeDlg" Control_="Install" Event="EndDialog" Argument="Return" Condition="AI_RESUME" Ordering="299"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Install" Event="EndDialog" Argument="Return" Condition="AI_PATCH" Ordering="199"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Back" Event="NewDialog" Argument="PatchWelcomeDlg" Condition="AI_PATCH" Ordering="203"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiCustActComponent">
+    <ROW Action="AI_DOWNGRADE" Type="19" Target="4010"/>
+    <ROW Action="AI_DpiContentScale" Type="1" Source="aicustact.dll" Target="DpiContentScale"/>
+    <ROW Action="AI_InstallModeCheck" Type="1" Source="aicustact.dll" Target="UpdateInstallMode" WithoutSeq="true"/>
+    <ROW Action="AI_PREPARE_UPGRADE" Type="65" Source="aicustact.dll" Target="PrepareUpgrade"/>
+    <ROW Action="AI_RESTORE_LOCATION" Type="65" Source="aicustact.dll" Target="RestoreLocation"/>
+    <ROW Action="AI_ResolveKnownFolders" Type="1" Source="aicustact.dll" Target="AI_ResolveKnownFolders"/>
+    <ROW Action="AI_SHOW_LOG" Type="65" Source="aicustact.dll" Target="LaunchLogFile" WithoutSeq="true"/>
+    <ROW Action="AI_STORE_LOCATION" Type="51" Source="ARPINSTALLLOCATION" Target="[APPDIR]"/>
+    <ROW Action="SET_APPDIR" Type="307" Source="APPDIR" Target="[ProgramFilesFolder][Manufacturer]\[ProductName]"/>
+    <ROW Action="SET_SHORTCUTDIR" Type="307" Source="SHORTCUTDIR" Target="[ProgramMenuFolder][ProductName]"/>
+    <ROW Action="SET_TARGETDIR_TO_APPDIR" Type="51" Source="TARGETDIR" Target="[APPDIR]"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiDriverPackagesComponent">
+    <ROW InfFileName="zttap300.inf" Flags="6"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiIconsComponent">
+    <ROW Name="ZeroTierIcon.exe" SourcePath="..\..\..\artwork\ZeroTierIcon.ico" Index="0"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiInstExSeqComponent">
+    <ROW Action="AI_DOWNGRADE" Condition="AI_NEWERPRODUCTFOUND AND (UILevel &lt;&gt; 5)" Sequence="210"/>
+    <ROW Action="AI_RESTORE_LOCATION" Condition="APPDIR=&quot;&quot;" Sequence="749"/>
+    <ROW Action="AI_STORE_LOCATION" Condition="(Not Installed) OR REINSTALL" Sequence="1501"/>
+    <ROW Action="AI_PREPARE_UPGRADE" Condition="AI_UPGRADE=&quot;No&quot; AND (Not Installed)" Sequence="1399"/>
+    <ROW Action="AI_ResolveKnownFolders" Sequence="51"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiInstallUISequenceComponent">
+    <ROW Action="AI_RESTORE_LOCATION" Condition="APPDIR=&quot;&quot;" Sequence="749"/>
+    <ROW Action="AI_ResolveKnownFolders" Sequence="52"/>
+    <ROW Action="AI_DpiContentScale" Sequence="51"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiLaunchConditionsComponent">
+    <ROW Condition="( Version9X OR ( NOT VersionNT64 ) OR ( VersionNT64 AND ((VersionNT64 &lt;&gt; 502) OR (((VersionNT64 = 502) AND (ServicePackLevel &gt;= 1)) OR (MsiNTProductType &lt;&gt; 1))) AND ((VersionNT64 &lt;&gt; 502) OR (((VersionNT64 = 502) AND (ServicePackLevel &lt;&gt; 1)) OR (MsiNTProductType &lt;&gt; 1))) AND ((VersionNT64 &lt;&gt; 502) OR (((VersionNT64 = 502) AND (ServicePackLevel &lt;&gt; 2)) OR (MsiNTProductType &lt;&gt; 1))) AND ((VersionNT64 &lt;&gt; 502) OR ((VersionNT64 = 502) AND ((MsiNTProductType = 1) OR (ServicePackLevel &gt;= 1)))) AND ((VersionNT64 &lt;&gt; 502) OR ((VersionNT64 = 502) AND ((MsiNTProductType = 1) OR (ServicePackLevel &lt;&gt; 1)))) AND ((VersionNT64 &lt;&gt; 502) OR ((VersionNT64 = 502) AND ((MsiNTProductType = 1) OR (ServicePackLevel &lt;&gt; 2)))) ) )" Description="[ProductName] cannot be installed on the following Windows versions: [WindowsTypeNT64Display]" DescriptionLocId="AI.LaunchCondition.NoSpecificNT64" IsPredefined="true" Builds="DefaultBuild"/>
+    <ROW Condition="( Version9X OR VersionNT64 OR ( VersionNT AND ((VersionNT &lt;&gt; 500) OR ((VersionNT = 500) AND (ServicePackLevel &gt;= 1))) AND ((VersionNT &lt;&gt; 500) OR ((VersionNT = 500) AND (ServicePackLevel &lt;&gt; 1))) AND ((VersionNT &lt;&gt; 500) OR ((VersionNT = 500) AND (ServicePackLevel &lt;&gt; 2))) AND ((VersionNT &lt;&gt; 500) OR ((VersionNT = 500) AND (ServicePackLevel &lt;&gt; 3))) AND ((VersionNT &lt;&gt; 500) OR ((VersionNT = 500) AND (ServicePackLevel &lt;&gt; 4))) AND (((VersionNT &lt;&gt; 501) OR ((VersionNT = 501) AND (ServicePackLevel &gt;= 1))) OR VersionNT64) AND (((VersionNT &lt;&gt; 501) OR ((VersionNT = 501) AND (ServicePackLevel &lt;&gt; 1))) OR VersionNT64) AND (((VersionNT &lt;&gt; 501) OR ((VersionNT = 501) AND (ServicePackLevel &lt;&gt; 2))) OR VersionNT64) AND (((VersionNT &lt;&gt; 501) OR ((VersionNT = 501) AND (ServicePackLevel &lt;&gt; 3))) OR VersionNT64) AND (((VersionNT &lt;&gt; 502) OR ((VersionNT = 502) AND (ServicePackLevel &gt;= 1))) OR VersionNT64) AND (((VersionNT &lt;&gt; 502) OR ((VersionNT = 502) AND (ServicePackLevel &lt;&gt; 1))) OR VersionNT64) AND (((VersionNT &lt;&gt; 502) OR ((VersionNT = 502) AND (ServicePackLevel &lt;&gt; 2))) OR VersionNT64) ) )" Description="[ProductName] cannot be installed on the following Windows versions: [WindowsTypeNTDisplay]" DescriptionLocId="AI.LaunchCondition.NoSpecificNT" IsPredefined="true" Builds="DefaultBuild"/>
+    <ROW Condition="(VersionNT &lt;&gt; 400)" Description="[ProductName] cannot be installed on the following Windows versions: [WindowsTypeNT40Display]" DescriptionLocId="AI.LaunchCondition.NoNT40" IsPredefined="true" Builds="DefaultBuild"/>
+    <ROW Condition="Privileged" Description="[ProductName] requires administrative privileges to install." DescriptionLocId="AI.LaunchCondition.Privileged" IsPredefined="true" Builds="DefaultBuild"/>
+    <ROW Condition="VersionNT" Description="[ProductName] cannot be installed on [WindowsType9XDisplay]" DescriptionLocId="AI.LaunchCondition.No9X" IsPredefined="true" Builds="DefaultBuild"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiRegsComponent">
+    <ROW Registry="Path" Root="-1" Key="Software\[Manufacturer]\[ProductName]" Name="Path" Value="[APPDIR]" Component_="ProductInformation"/>
+    <ROW Registry="Version" Root="-1" Key="Software\[Manufacturer]\[ProductName]" Name="Version" Value="[ProductVersion]" Component_="ProductInformation"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiThemeComponent">
+    <ATTRIBUTE name="UsedTheme" value="classic"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiUpgradeComponent">
+    <ROW UpgradeCode="[|UpgradeCode]" VersionMin="0.0.1" VersionMax="[|ProductVersion]" Attributes="257" ActionProperty="OLDPRODUCTS"/>
+    <ROW UpgradeCode="[|UpgradeCode]" VersionMin="[|ProductVersion]" Attributes="2" ActionProperty="AI_NEWERPRODUCTFOUND"/>
+  </COMPONENT>
+</DOCUMENT>
diff --git a/ext/installfiles/windows/ZeroTier One.aip b/ext/installfiles/windows/ZeroTier One.aip
new file mode 100644
index 0000000..fdbbeea
--- /dev/null
+++ b/ext/installfiles/windows/ZeroTier One.aip	
@@ -0,0 +1,386 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<DOCUMENT Type="Advanced Installer" CreateVersion="10.9" version="12.5.1" Modules="enterprise" RootPath="." Language="en" Id="{DC564647-6BF0-4550-87F4-89C938D0159C}">
+  <COMPONENT cid="caphyon.advinst.msicomp.ProjectOptionsComponent">
+    <ROW Name="HiddenItems" Value="UpdaterComponent;SerValComponent;AutorunComponent;MultipleInstancesComponent;MsiJavaComponent;MsiRegsComponent;MsiExtComponent;MsiAssemblyComponent;MsiDriverPackagesComponent;AnalyticsComponent;ActSyncAppComponent;MsiMergeModsComponent;MsiThemeComponent;BackgroundImagesComponent;DictionaryComponent;ScheduledTasksComponent;CPLAppletComponent;GameUxComponent;UserAccountsComponent;MsiClassComponent;WebApplicationsComponent;MsiOdbcDataSrcComponent;SqlConnectionComponent;SharePointSlnComponent;SilverlightSlnComponent;MsiAppSearchComponent"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiPropsComponent">
+    <ROW Property="AI_BITMAP_DISPLAY_MODE" Value="0"/>
+    <ROW Property="AI_EMBD_MSI_EXTR_PATH" Value="[TempFolder]" ValueLocId="-"/>
+    <ROW Property="AI_EXTERNALUIUNINSTALLERNAME" MultiBuildValue="DefaultBuild:aiui"/>
+    <ROW Property="AI_PREDEF_LCONDS_PROPS" Value="AI_DETECTED_DOTNET_VERSION"/>
+    <ROW Property="AI_PRODUCTNAME_ARP" Value="ZeroTier One"/>
+    <ROW Property="AI_REQUIRED_DOTNET_DISPLAY" MultiBuildValue="DefaultBuild:4.5" ValueLocId="-"/>
+    <ROW Property="AI_REQUIRED_DOTNET_VERSION" MultiBuildValue="DefaultBuild:4.5" ValueLocId="-"/>
+    <ROW Property="AI_UNINSTALLER" Value="msiexec.exe"/>
+    <ROW Property="ALLUSERS" Value="1"/>
+    <ROW Property="ARPCOMMENTS" Value="This installer database contains the logic and data required to install [|ProductName]."/>
+    <ROW Property="ARPCONTACT" Value="contact@zerotier.com"/>
+    <ROW Property="ARPHELPLINK" Value="https://www.zerotier.com/"/>
+    <ROW Property="ARPNOMODIFY" MultiBuildValue="DefaultBuild:1"/>
+    <ROW Property="ARPNOREPAIR" Value="1"/>
+    <ROW Property="ARPPRODUCTICON" Value="ZeroTierIcon.exe" Type="8"/>
+    <ROW Property="ARPSYSTEMCOMPONENT" Value="1"/>
+    <ROW Property="ARPURLINFOABOUT" Value="https://www.zerotier.com/"/>
+    <ROW Property="ARPURLUPDATEINFO" Value="https://www.zerotier.com/"/>
+    <ROW Property="AiFeatIcoZeroTierOne" Value="ZeroTierIcon.exe" Type="8"/>
+    <ROW Property="CTRLS" Value="2"/>
+    <ROW Property="MSIFASTINSTALL" MultiBuildValue="DefaultBuild:2"/>
+    <ROW Property="Manufacturer" Value="ZeroTier, Inc."/>
+    <ROW Property="ProductCode" Value="1033:{856F3AA0-1B20-427F-8509-877EBB751BAA} " Type="16"/>
+    <ROW Property="ProductLanguage" Value="1033"/>
+    <ROW Property="ProductName" Value="ZeroTier One"/>
+    <ROW Property="ProductVersion" Value="1.1.12" Type="32"/>
+    <ROW Property="REBOOT" MultiBuildValue="DefaultBuild:ReallySuppress"/>
+    <ROW Property="RUNAPPLICATION" Value="1" Type="4"/>
+    <ROW Property="SecureCustomProperties" Value="OLDPRODUCTS;AI_NEWERPRODUCTFOUND"/>
+    <ROW Property="UpgradeCode" Value="{B0E2A5F3-88B6-4E77-B922-CB4739B4C4C8}"/>
+    <ROW Property="WindowsType9X" MultiBuildValue="DefaultBuild:Windows 9x/ME" ValueLocId="-"/>
+    <ROW Property="WindowsType9XDisplay" MultiBuildValue="DefaultBuild:Windows 9x/ME" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNT" MultiBuildValue="DefaultBuild:Windows 2000, Windows 2000 Service Pack 1, Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows XP x86, Windows XP x86 Service Pack 1, Windows XP x86 Service Pack 2, Windows XP x86 Service Pack 3, Windows Server 2003 x86, Windows Server 2003 x86 Service Pack 1, Windows Server 2003 x86 Service Pack 2" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNT40" MultiBuildValue="DefaultBuild:Windows NT 4.0" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNT40Display" MultiBuildValue="DefaultBuild:Windows NT 4.0" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNT64" MultiBuildValue="DefaultBuild:Windows XP x64, Windows XP x64 Service Pack 1, Windows XP x64 Service Pack 2, Windows Server 2003 x64, Windows Server 2003 x64 Service Pack 1, Windows Server 2003 x64 Service Pack 2" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNT64Display" MultiBuildValue="DefaultBuild:Windows XP x64, Windows Server 2003 x64" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNTDisplay" MultiBuildValue="DefaultBuild:Windows 2000, Windows XP x86, Windows Server 2003 x86" ValueLocId="-"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiDirsComponent">
+    <ROW Directory="APPDIR" Directory_Parent="TARGETDIR" DefaultDir="APPDIR:." IsPseudoRoot="1" DirectoryOptions="2"/>
+    <ROW Directory="CommonAppDataFolder" Directory_Parent="TARGETDIR" DefaultDir="COMMON~1|CommonAppDataFolder" IsPseudoRoot="1"/>
+    <ROW Directory="One_Dir" Directory_Parent="ZeroTier_Dir" DefaultDir="One"/>
+    <ROW Directory="ProgramFilesFolder" Directory_Parent="TARGETDIR" DefaultDir="PROGRA~1|ProgramFilesFolder" IsPseudoRoot="1"/>
+    <ROW Directory="ProgramMenuFolder" Directory_Parent="TARGETDIR" DefaultDir="PROGRA~2|ProgramMenuFolder" IsPseudoRoot="1"/>
+    <ROW Directory="TARGETDIR" DefaultDir="SourceDir"/>
+    <ROW Directory="ZeroTier_Dir" Directory_Parent="CommonAppDataFolder" DefaultDir="ZeroTier"/>
+    <ROW Directory="networks.d_Dir" Directory_Parent="One_Dir" DefaultDir="networks.d"/>
+    <ROW Directory="regid.201001.com.zerotier_Dir" Directory_Parent="CommonAppDataFolder" DefaultDir="REGID2~1.ZER|regid.2010-01.com.zerotier"/>
+    <ROW Directory="tapwindows_Dir" Directory_Parent="One_Dir" DefaultDir="TAP-WI~1|tap-windows"/>
+    <ROW Directory="x64_Dir" Directory_Parent="tapwindows_Dir" DefaultDir="x64"/>
+    <ROW Directory="x86_Dir" Directory_Parent="tapwindows_Dir" DefaultDir="x86"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiCompsComponent">
+    <ROW Component="AI_CustomARPName" ComponentId="{B80291A9-8CEC-406C-BB08-611D3CEF1BF6}" Directory_="APPDIR" Attributes="4" KeyPath="DisplayName" Options="1"/>
+    <ROW Component="AI_DisableModify" ComponentId="{020DCABD-5D56-49B9-AF48-F07F0B55E590}" Directory_="APPDIR" Attributes="4" KeyPath="NoModify" Options="1"/>
+    <ROW Component="Newtonsoft.Json.dll" ComponentId="{0B2F229D-5425-42FB-9E28-F6D25AB2B4B5}" Directory_="APPDIR" Attributes="0" KeyPath="Newtonsoft.Json.dll"/>
+    <ROW Component="ProductInformation" ComponentId="{DB078D04-EA8E-4A7C-9001-89BAD932F9D9}" Directory_="APPDIR" Attributes="4" KeyPath="Version"/>
+    <ROW Component="ZeroTierOne.exe" ComponentId="{18B51525-77BF-4FD9-9C18-A10D4CFC25BA}" Directory_="APPDIR" Attributes="0" KeyPath="ZeroTierOne.exe"/>
+    <ROW Component="networks.d" ComponentId="{EF54D0DF-889F-41DC-AF5C-4E7F96AB1C8B}" Directory_="networks.d_Dir" Attributes="0"/>
+    <ROW Component="regid.201001.com.zerotier" ComponentId="{A39C80FC-6A8F-454F-9052-10DAC3C3B139}" Directory_="regid.201001.com.zerotier_Dir" Attributes="0"/>
+    <ROW Component="zerotierone_x64.exe" ComponentId="{DFCFB72D-B055-4E60-B6D8-81FF585C2183}" Directory_="One_Dir" Attributes="256" Condition="VersionNT64" KeyPath="zerotierone_x64.exe"/>
+    <ROW Component="zerotierone_x86.exe" ComponentId="{5D2F3366-4FE1-40A4-A81A-66C49FA11F1C}" Directory_="One_Dir" Attributes="0" Condition="NOT VersionNT64" KeyPath="zerotierone_x86.exe"/>
+    <ROW Component="zttap300.cat" ComponentId="{123CD683-FD99-4F0F-8F9B-0222DF409B09}" Directory_="x64_Dir" Attributes="256" Condition="VersionNT64" KeyPath="zttap300.cat_2" Type="0"/>
+    <ROW Component="zttap300.cat_1" ComponentId="{9F913E48-095B-4EA3-98DA-EDAB1593F3E3}" Directory_="x86_Dir" Attributes="0" Condition="NOT VersionNT64" KeyPath="zttap300.cat_3" Type="0"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiFeatsComponent">
+    <ROW Feature="ZeroTierOne" Title="MainFeature" Description="ZeroTier One" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="AI_CustomARPName AI_DisableModify Newtonsoft.Json.dll ProductInformation ZeroTierOne.exe networks.d regid.201001.com.zerotier zerotierone_x64.exe zerotierone_x86.exe zttap300.cat zttap300.cat_1"/>
+    <ATTRIBUTE name="CurrentFeature" value="ZeroTierOne"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiFilesComponent">
+    <ROW File="Newtonsoft.Json.dll" Component_="Newtonsoft.Json.dll" FileName="NEWTON~1.DLL|Newtonsoft.Json.dll" Version="65535.65535.65535.65535" Attributes="0" SourcePath="..\..\..\windows\WinUI\bin\Release\Newtonsoft.Json.dll" SelfReg="false" DigSign="true"/>
+    <ROW File="ZeroTierOne.exe" Component_="ZeroTierOne.exe" FileName="ZEROTI~1.EXE|ZeroTier One.exe" Version="65535.65535.65535.65535" Attributes="0" SourcePath="..\..\..\windows\WinUI\bin\Release\ZeroTier One.exe" SelfReg="false" NextFile="zttap300.cat_2" DigSign="true"/>
+    <ROW File="zerotierone_x64.exe" Component_="zerotierone_x64.exe" FileName="ZEROTI~2.EXE|zerotier-one_x64.exe" Version="65535.65535.65535.65535" Attributes="0" SourcePath="..\..\..\windows\Build\x64\Release\zerotier-one_x64.exe" SelfReg="false" NextFile="ZeroTierOne.exe" DigSign="true"/>
+    <ROW File="zerotierone_x86.exe" Component_="zerotierone_x86.exe" FileName="ZEROTI~1.EXE|zerotier-one_x86.exe" Version="65535.65535.65535.65535" Attributes="0" SourcePath="..\..\..\windows\Build\Win32\Release\zerotier-one_x86.exe" SelfReg="false" NextFile="zerotierone_x64.exe" DigSign="true"/>
+    <ROW File="zttap300.cat_2" Component_="zttap300.cat" FileName="zttap300.cat" Attributes="0" SourcePath="..\..\bin\tap-windows-ndis6\x64\zttap300.cat" SelfReg="false" NextFile="zttap300.sys_2"/>
+    <ROW File="zttap300.cat_3" Component_="zttap300.cat_1" FileName="zttap300.cat" Attributes="0" SourcePath="..\..\bin\tap-windows-ndis6\x86\zttap300.cat" SelfReg="false" NextFile="zttap300.sys_3"/>
+    <ROW File="zttap300.inf" Component_="zttap300.cat" FileName="zttap300.inf" Attributes="0" SourcePath="..\..\bin\tap-windows-ndis6\x64\zttap300.inf" SelfReg="false" NextFile="zttap300.cat_3"/>
+    <ROW File="zttap300.inf_1" Component_="zttap300.cat_1" FileName="zttap300.inf" Attributes="0" SourcePath="..\..\bin\tap-windows-ndis6\x86\zttap300.inf" SelfReg="false" NextFile="Newtonsoft.Json.dll"/>
+    <ROW File="zttap300.sys_2" Component_="zttap300.cat" FileName="zttap300.sys" Attributes="0" SourcePath="..\..\bin\tap-windows-ndis6\x64\zttap300.sys" SelfReg="false" NextFile="zttap300.inf"/>
+    <ROW File="zttap300.sys_3" Component_="zttap300.cat_1" FileName="zttap300.sys" Attributes="0" SourcePath="..\..\bin\tap-windows-ndis6\x86\zttap300.sys" SelfReg="false" NextFile="zttap300.inf_1"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.BuildComponent">
+    <ROW BuildKey="DefaultBuild" BuildName="MSI" BuildOrder="1" BuildType="1" PackageFolder="..\..\.." PackageFileName="ZeroTier One" Languages="en" InstallationType="4" ExtUI="true" UseLargeSchema="true"/>
+    <ATTRIBUTE name="CurrentBuild" value="DefaultBuild"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.CacheComponent">
+    <ATTRIBUTE name="Enable" value="false"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.ChainedPackageComponent">
+    <ROW ChainedPackage="ZeroTierOne_NDIS6_x64.msi" Order="1" Options="108" InstallCondition="(VersionNT64)" RemoveCondition="((REMOVE=&quot;ALL&quot;) AND (NOT UPGRADINGPRODUCTCODE) AND (VersionNT64))"/>
+    <ROW ChainedPackage="ZeroTierOne_NDIS6_x86.msi" Order="2" Options="108" InstallCondition="(NOT VersionNT64)" RemoveCondition="((REMOVE=&quot;ALL&quot;) AND (NOT UPGRADINGPRODUCTCODE) AND (NOT VersionNT64))"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.ChainedPackageFileComponent">
+    <ROW FileId="ZeroTierOne_NDIS6_x64.msi" ChainedPackage="ZeroTierOne_NDIS6_x64.msi" Options="1" TargetPath="ZeroTierOne_NDIS6_x64.msi" Content="..\..\bin\tap-windows-ndis6\x64\ZeroTierOne_NDIS6_x64.msi"/>
+    <ROW FileId="ZeroTierOne_NDIS6_x86.msi" ChainedPackage="ZeroTierOne_NDIS6_x86.msi" Options="1" TargetPath="ZeroTierOne_NDIS6_x86.msi" Content="..\..\bin\tap-windows-ndis6\x86\ZeroTierOne_NDIS6_x86.msi"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.DictionaryComponent">
+    <ROW Path="&lt;AI_DICTS&gt;ui.ail"/>
+    <ROW Path="&lt;AI_DICTS&gt;ui_en.ail"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.DigCertStoreComponent">
+    <ROW TimeStampUrl="http://timestamp.verisign.com/scripts/timstamp.dll" SignerDescription="ZeroTier One" DescriptionUrl="https://www.zerotier.com/" SignOptions="7" SignTool="0" UseSha256="1" Thumbprint="45f6b8ef02b543eeaa08d5f0f08ebe72c2a8a2d5 Subject: ZeroTier, Inc.&#10;Issuer: DigiCert SHA2 High Assurance Code Signing CA&#10;Valid from 03/22/2016 to 05/06/2019"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.FirewallExceptionComponent">
+    <ROW FirewallException="ZeroTierOneUDP9993" DisplayName="ZeroTier One UDP/9993" GroupName="ZeroTierOne" Enabled="1" Scope="*" Condition="1" Profiles="7" Port="9993" Protocol="UDP"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.FragmentComponent">
+    <ROW Fragment="CommonUI.aip" Path="&lt;AI_FRAGS&gt;CommonUI.aip"/>
+    <ROW Fragment="MaintenanceTypeDlg.aip" Path="&lt;AI_THEMES&gt;classic\fragments\MaintenanceTypeDlg.aip"/>
+    <ROW Fragment="MaintenanceWelcomeDlg.aip" Path="&lt;AI_THEMES&gt;classic\fragments\MaintenanceWelcomeDlg.aip"/>
+    <ROW Fragment="SequenceDialogs.aip" Path="&lt;AI_THEMES&gt;classic\fragments\SequenceDialogs.aip"/>
+    <ROW Fragment="Sequences.aip" Path="&lt;AI_FRAGS&gt;Sequences.aip"/>
+    <ROW Fragment="StaticUIStrings.aip" Path="&lt;AI_FRAGS&gt;StaticUIStrings.aip"/>
+    <ROW Fragment="UI.aip" Path="&lt;AI_THEMES&gt;classic\fragments\UI.aip"/>
+    <ROW Fragment="Validation.aip" Path="&lt;AI_FRAGS&gt;Validation.aip"/>
+    <ROW Fragment="VerifyRemoveDlg.aip" Path="&lt;AI_THEMES&gt;classic\fragments\VerifyRemoveDlg.aip"/>
+    <ROW Fragment="VerifyRepairDlg.aip" Path="&lt;AI_THEMES&gt;classic\fragments\VerifyRepairDlg.aip"/>
+    <ROW Fragment="WelcomeDlg.aip" Path="&lt;AI_THEMES&gt;classic\fragments\WelcomeDlg.aip"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiActionTextComponent">
+    <ROW Action="AI_FwConfig" Description="Executing Windows Firewall configurations" Template="Configuring Windows Firewall rule: &quot;[1]&quot;" DescriptionLocId="ActionText.Description.AI_FwConfig" TemplateLocId="ActionText.Template.AI_FwConfig"/>
+    <ROW Action="AI_FwInstall" Description="Generating actions to configure Windows Firewall" DescriptionLocId="ActionText.Description.AI_FwInstall"/>
+    <ROW Action="AI_FwRemove" Description="Executing Windows Firewall configurations" Template="Configuring Windows Firewall rule:  &quot;[1]&quot;" DescriptionLocId="ActionText.Description.AI_FwRemove" TemplateLocId="ActionText.Template.AI_FwRemove"/>
+    <ROW Action="AI_FwRollback" Description="Rolling back Windows Firewall configurations." Template="Rolling back Windows Firewall configurations." DescriptionLocId="ActionText.Description.AI_FwRollback" TemplateLocId="ActionText.Template.AI_FwRollback"/>
+    <ROW Action="AI_FwUninstall" Description="Generating actions to configure Windows Firewall" DescriptionLocId="ActionText.Description.AI_FwUninstall"/>
+    <ROW Action="AI_TxtUpdaterCommit" Description="Commit text file changes. " Template="Commit text file changes." DescriptionLocId="ActionText.Description.AI_TxtUpdaterCommit" TemplateLocId="ActionText.Template.AI_TxtUpdaterCommit"/>
+    <ROW Action="AI_TxtUpdaterConfig" Description="Executing text file updates" Template="Updating text file: &quot;[1]&quot;" DescriptionLocId="ActionText.Description.AI_TxtUpdaterConfig" TemplateLocId="ActionText.Template.AI_TxtUpdaterConfig"/>
+    <ROW Action="AI_TxtUpdaterInstall" Description="Generating actions to configure text files updates" DescriptionLocId="ActionText.Description.AI_TxtUpdaterInstall"/>
+    <ROW Action="AI_TxtUpdaterRollback" Description="Rolling back text file changes. " Template="Rolling back text file changes." DescriptionLocId="ActionText.Description.AI_TxtUpdaterRollback" TemplateLocId="ActionText.Template.AI_TxtUpdaterRollback"/>
+    <ROW Action="AI_XmlCommit" Description="Committing XML file configurations." Template="Committing XML file configurations." DescriptionLocId="ActionText.Description.AI_XmlCommit" TemplateLocId="ActionText.Template.AI_XmlCommit"/>
+    <ROW Action="AI_XmlConfig" Description="Executing XML file configurations" Template="Configuring XML file: &quot;[1]&quot;" DescriptionLocId="ActionText.Description.AI_XmlConfig" TemplateLocId="ActionText.Template.AI_XmlConfig"/>
+    <ROW Action="AI_XmlInstall" Description="Generating actions to configure XML files" DescriptionLocId="ActionText.Description.AI_XmlInstall"/>
+    <ROW Action="AI_XmlRemove" Description="Executing XML file configurations" Template="Configuring XML file: &quot;[1]&quot;" DescriptionLocId="ActionText.Description.AI_XmlRemove" TemplateLocId="ActionText.Template.AI_XmlRemove"/>
+    <ROW Action="AI_XmlRollback" Description="Rolling back XML file configurations." Template="Rolling back XML file configurations." DescriptionLocId="ActionText.Description.AI_XmlRollback" TemplateLocId="ActionText.Template.AI_XmlRollback"/>
+    <ROW Action="AI_XmlUninstall" Description="Generating actions to configure XML files" DescriptionLocId="ActionText.Description.AI_XmlUninstall"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiBinaryComponent">
+    <ROW Name="ExternalUICleaner.dll" SourcePath="&lt;AI_CUSTACTS&gt;ExternalUICleaner.dll"/>
+    <ROW Name="NetFirewall.dll" SourcePath="&lt;AI_CUSTACTS&gt;NetFirewall.dll"/>
+    <ROW Name="ShortcutFlags.dll" SourcePath="&lt;AI_CUSTACTS&gt;ShortcutFlags.dll"/>
+    <ROW Name="SoftwareDetector.dll" SourcePath="&lt;AI_CUSTACTS&gt;SoftwareDetector.dll"/>
+    <ROW Name="TxtUpdater.dll" SourcePath="&lt;AI_CUSTACTS&gt;TxtUpdater.dll"/>
+    <ROW Name="aicustact.dll" SourcePath="&lt;AI_CUSTACTS&gt;aicustact.dll"/>
+    <ROW Name="chainersupport.dll" SourcePath="&lt;AI_CUSTACTS&gt;chainersupport.dll"/>
+    <ROW Name="msichainer.exe" SourcePath="&lt;AI_CUSTACTS&gt;msichainer.exe"/>
+    <ROW Name="xmlCfg.dll" SourcePath="&lt;AI_CUSTACTS&gt;xmlCfg.dll"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiControlComponent">
+    <ROW Dialog_="WelcomeDlg" Control="WelcomeDlgDialogInitializer" Type="DialogInitializer" X="0" Y="0" Width="0" Height="0" Attributes="0" Order="-1" TextLocId="-" HelpLocId="-" ExtDataLocId="-"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiControlEventComponent">
+    <ROW Dialog_="WelcomeDlg" Control_="Next" Event="EndDialog" Argument="Return" Condition="AI_INSTALL" Ordering="1"/>
+    <ROW Dialog_="MaintenanceWelcomeDlg" Control_="Next" Event="NewDialog" Argument="MaintenanceTypeDlg" Condition="AI_MAINT" Ordering="99"/>
+    <ROW Dialog_="CustomizeDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_MAINT" Ordering="101"/>
+    <ROW Dialog_="CustomizeDlg" Control_="Back" Event="NewDialog" Argument="MaintenanceTypeDlg" Condition="AI_MAINT" Ordering="1"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Install" Event="EndDialog" Argument="Return" Condition="AI_MAINT" Ordering="198"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Back" Event="NewDialog" Argument="CustomizeDlg" Condition="AI_MAINT" Ordering="202"/>
+    <ROW Dialog_="MaintenanceTypeDlg" Control_="ChangeButton" Event="NewDialog" Argument="CustomizeDlg" Condition="AI_MAINT" Ordering="501"/>
+    <ROW Dialog_="MaintenanceTypeDlg" Control_="Back" Event="NewDialog" Argument="MaintenanceWelcomeDlg" Condition="AI_MAINT" Ordering="1"/>
+    <ROW Dialog_="MaintenanceTypeDlg" Control_="RemoveButton" Event="NewDialog" Argument="VerifyRemoveDlg" Condition="AI_MAINT AND InstallMode=&quot;Remove&quot;" Ordering="601"/>
+    <ROW Dialog_="VerifyRemoveDlg" Control_="Back" Event="NewDialog" Argument="MaintenanceTypeDlg" Condition="AI_MAINT AND InstallMode=&quot;Remove&quot;" Ordering="1"/>
+    <ROW Dialog_="MaintenanceTypeDlg" Control_="RepairButton" Event="NewDialog" Argument="VerifyRepairDlg" Condition="AI_MAINT AND InstallMode=&quot;Repair&quot;" Ordering="601"/>
+    <ROW Dialog_="VerifyRepairDlg" Control_="Back" Event="NewDialog" Argument="MaintenanceTypeDlg" Condition="AI_MAINT AND InstallMode=&quot;Repair&quot;" Ordering="1"/>
+    <ROW Dialog_="VerifyRepairDlg" Control_="Repair" Event="EndDialog" Argument="Return" Condition="AI_MAINT AND InstallMode=&quot;Repair&quot;" Ordering="399" Options="1"/>
+    <ROW Dialog_="VerifyRemoveDlg" Control_="Remove" Event="EndDialog" Argument="Return" Condition="AI_MAINT AND InstallMode=&quot;Remove&quot;" Ordering="299" Options="1"/>
+    <ROW Dialog_="PatchWelcomeDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_PATCH" Ordering="201"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Install" Event="EndDialog" Argument="Return" Condition="AI_PATCH" Ordering="199"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Back" Event="NewDialog" Argument="PatchWelcomeDlg" Condition="AI_PATCH" Ordering="203"/>
+    <ROW Dialog_="ResumeDlg" Control_="Install" Event="EndDialog" Argument="Return" Condition="AI_RESUME" Ordering="299"/>
+    <ROW Dialog_="WelcomeDlg" Control_="Next" Event="SpawnDialog" Argument="OutOfRbDiskDlg" Condition="AI_INSTALL AND OutOfDiskSpace = 1 AND OutOfNoRbDiskSpace = 0 AND (PROMPTROLLBACKCOST=&quot;P&quot; OR NOT PROMPTROLLBACKCOST)" Ordering="2" Options="2"/>
+    <ROW Dialog_="WelcomeDlg" Control_="Next" Event="EnableRollback" Argument="False" Condition="AI_INSTALL AND OutOfDiskSpace = 1 AND OutOfNoRbDiskSpace = 0 AND PROMPTROLLBACKCOST=&quot;D&quot;" Ordering="3" Options="2"/>
+    <ROW Dialog_="WelcomeDlg" Control_="Next" Event="SpawnDialog" Argument="OutOfDiskDlg" Condition="AI_INSTALL AND ( (OutOfDiskSpace = 1 AND OutOfNoRbDiskSpace = 1) OR (OutOfDiskSpace = 1 AND PROMPTROLLBACKCOST=&quot;F&quot;) )" Ordering="4" Options="2"/>
+    <ROW Dialog_="WelcomeDlg" Control_="WelcomeDlgDialogInitializer" Event="[AI_ButtonText_Next_Orig]" Argument="[ButtonText_Next]" Condition="AI_INSTALL" Ordering="0" Options="2"/>
+    <ROW Dialog_="WelcomeDlg" Control_="WelcomeDlgDialogInitializer" Event="[ButtonText_Next]" Argument="[[AI_CommitButton]]" Condition="AI_INSTALL" Ordering="1" Options="2"/>
+    <ROW Dialog_="WelcomeDlg" Control_="WelcomeDlgDialogInitializer" Event="[AI_Text_Next_Orig]" Argument="[Text_Next]" Condition="AI_INSTALL" Ordering="2" Options="2"/>
+    <ROW Dialog_="WelcomeDlg" Control_="WelcomeDlgDialogInitializer" Event="[Text_Next]" Argument="[Text_Install]" Condition="AI_INSTALL" Ordering="3" Options="2"/>
+    <ROW Dialog_="WelcomeDlg" Control_="Back" Event="[ButtonText_Next]" Argument="[AI_ButtonText_Next_Orig]" Condition="AI_INSTALL" Ordering="0" Options="2"/>
+    <ROW Dialog_="WelcomeDlg" Control_="Back" Event="[Text_Next]" Argument="[AI_Text_Next_Orig]" Condition="AI_INSTALL" Ordering="1" Options="2"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiCreateFolderComponent">
+    <ROW Directory_="networks.d_Dir" Component_="networks.d" ManualDelete="false"/>
+    <ROW Directory_="regid.201001.com.zerotier_Dir" Component_="regid.201001.com.zerotier" ManualDelete="false"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiCustActComponent">
+    <ROW Action="AI_ApplyShortcutFlags" Type="3073" Source="ShortcutFlags.dll" Target="UpdateShortcutFlags" WithoutSeq="true"/>
+    <ROW Action="AI_BACKUP_AI_SETUPEXEPATH" Type="51" Source="AI_SETUPEXEPATH_ORIGINAL" Target="[AI_SETUPEXEPATH]"/>
+    <ROW Action="AI_CommitChainers" Type="11841" Source="chainersupport.dll" Target="CommitChainedPackages" WithoutSeq="true"/>
+    <ROW Action="AI_DATA_SETTER" Type="51" Source="CustomActionData" Target="[~]"/>
+    <ROW Action="AI_DATA_SETTER_1" Type="51" Source="CustomActionData" Target="[~]"/>
+    <ROW Action="AI_DATA_SETTER_2" Type="51" Source="CustomActionData" Target="[~]"/>
+    <ROW Action="AI_DATA_SETTER_3" Type="51" Source="CustomActionData" Target="[~]"/>
+    <ROW Action="AI_DOWNGRADE" Type="19" Target="4010"/>
+    <ROW Action="AI_DetectSoftware" Type="257" Source="SoftwareDetector.dll" Target="OnDetectSoftware"/>
+    <ROW Action="AI_DoRemoveExternalUIStub" Type="3585" Source="ExternalUICleaner.dll" Target="DoRemoveExternalUIStub" WithoutSeq="true"/>
+    <ROW Action="AI_DpiContentScale" Type="1" Source="aicustact.dll" Target="DpiContentScale"/>
+    <ROW Action="AI_FwConfig" Type="11265" Source="NetFirewall.dll" Target="OnFwConfig" WithoutSeq="true"/>
+    <ROW Action="AI_FwInstall" Type="1" Source="NetFirewall.dll" Target="OnFwInstall" AdditionalSeq="AI_DATA_SETTER_2"/>
+    <ROW Action="AI_FwRemove" Type="11265" Source="NetFirewall.dll" Target="OnFwRemove" WithoutSeq="true"/>
+    <ROW Action="AI_FwRollback" Type="11521" Source="NetFirewall.dll" Target="OnFwRollback" WithoutSeq="true"/>
+    <ROW Action="AI_FwUninstall" Type="1" Source="NetFirewall.dll" Target="OnFwUninstall" AdditionalSeq="AI_DATA_SETTER_3"/>
+    <ROW Action="AI_GetArpIconPath" Type="1" Source="aicustact.dll" Target="GetArpIconPath"/>
+    <ROW Action="AI_InstallModeCheck" Type="1" Source="aicustact.dll" Target="UpdateInstallMode" WithoutSeq="true"/>
+    <ROW Action="AI_LaunchApp" Type="1" Source="aicustact.dll" Target="[#ZeroTierOne.exe]"/>
+    <ROW Action="AI_PREPARE_UPGRADE" Type="65" Source="aicustact.dll" Target="PrepareUpgrade"/>
+    <ROW Action="AI_PinShortcuts" Type="1" Source="ShortcutFlags.dll" Target="PinShortcuts"/>
+    <ROW Action="AI_PinToTaskbar" Type="1025" Source="ShortcutFlags.dll" Target="PinToTaskbar" WithoutSeq="true"/>
+    <ROW Action="AI_PrepareChainers" Type="1" Source="chainersupport.dll" Target="PrepareChainedPackages"/>
+    <ROW Action="AI_PrepareShortcutFlags" Type="1" Source="ShortcutFlags.dll" Target="PrepareActionData"/>
+    <ROW Action="AI_RESTORE_AI_SETUPEXEPATH" Type="51" Source="AI_SETUPEXEPATH" Target="[AI_SETUPEXEPATH_ORIGINAL]"/>
+    <ROW Action="AI_RESTORE_LOCATION" Type="65" Source="aicustact.dll" Target="RestoreLocation"/>
+    <ROW Action="AI_RemoveExternalUIStub" Type="1" Source="ExternalUICleaner.dll" Target="RemoveExternalUIStub"/>
+    <ROW Action="AI_ResolveKnownFolders" Type="1" Source="aicustact.dll" Target="AI_ResolveKnownFolders"/>
+    <ROW Action="AI_RollbackChainers" Type="11585" Source="chainersupport.dll" Target="RollbackChainedPackages" WithoutSeq="true"/>
+    <ROW Action="AI_SHOW_LOG" Type="65" Source="aicustact.dll" Target="LaunchLogFile" WithoutSeq="true"/>
+    <ROW Action="AI_STORE_LOCATION" Type="51" Source="ARPINSTALLLOCATION" Target="[APPDIR]"/>
+    <ROW Action="AI_TxtUpdaterCommit" Type="11777" Source="TxtUpdater.dll" Target="OnTxtUpdaterCommit" WithoutSeq="true"/>
+    <ROW Action="AI_TxtUpdaterConfig" Type="11265" Source="TxtUpdater.dll" Target="OnTxtUpdaterConfig" WithoutSeq="true"/>
+    <ROW Action="AI_TxtUpdaterInstall" Type="1" Source="TxtUpdater.dll" Target="OnTxtUpdaterInstall"/>
+    <ROW Action="AI_TxtUpdaterRollback" Type="11521" Source="TxtUpdater.dll" Target="OnTxtUpdaterRollback" WithoutSeq="true"/>
+    <ROW Action="AI_UnpinFromTaskbar" Type="1025" Source="ShortcutFlags.dll" Target="UnpinFromTaskbar" WithoutSeq="true"/>
+    <ROW Action="AI_UnpinShortcuts" Type="1" Source="ShortcutFlags.dll" Target="UnpinShortcuts"/>
+    <ROW Action="AI_XmlCommit" Type="11777" Source="xmlCfg.dll" Target="OnXmlCommit" WithoutSeq="true"/>
+    <ROW Action="AI_XmlConfig" Type="11265" Source="xmlCfg.dll" Target="OnXmlConfig" WithoutSeq="true"/>
+    <ROW Action="AI_XmlInstall" Type="1" Source="xmlCfg.dll" Target="OnXmlInstall" AdditionalSeq="AI_DATA_SETTER"/>
+    <ROW Action="AI_XmlRemove" Type="11265" Source="xmlCfg.dll" Target="OnXmlRemove" WithoutSeq="true"/>
+    <ROW Action="AI_XmlRollback" Type="11521" Source="xmlCfg.dll" Target="OnXmlRollback" WithoutSeq="true"/>
+    <ROW Action="AI_XmlUninstall" Type="1" Source="xmlCfg.dll" Target="OnXmlUninstall" AdditionalSeq="AI_DATA_SETTER_1"/>
+    <ROW Action="SET_APPDIR" Type="307" Source="APPDIR" Target="[ProgramFilesFolder][Manufacturer]\[ProductName]" MultiBuildTarget="DefaultBuild:[ProgramFilesFolder]ZeroTier\One"/>
+    <ROW Action="SET_SHORTCUTDIR" Type="307" Source="SHORTCUTDIR" Target="[ProgramMenuFolder][ProductName]" MultiBuildTarget="DefaultBuild:[ProgramMenuFolder]"/>
+    <ROW Action="SET_TARGETDIR_TO_APPDIR" Type="51" Source="TARGETDIR" Target="[APPDIR]"/>
+    <ROW Action="TapDeviceRemove32" Type="3154" Source="zerotierone_x86.exe" Target="-D"/>
+    <ROW Action="TapDeviceRemove64" Type="3154" Source="zerotierone_x64.exe" Target="-D"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiEmbeddedChainerComponent">
+    <ROW MsiEmbeddedChainer="msichainer.exe" Condition="VersionMsi &gt;= &quot;4.05&quot;" CommandLine="[AI_CHAINER_CMD_LINE]" Source="msichainer.exe" Type="2"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiEnvComponent">
+    <ROW Environment="Path" Name="=-*Path" Value="[~];[APPDIR]" Component_="ZeroTierOne.exe"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiIconsComponent">
+    <ROW Name="ZeroTierIcon.exe" SourcePath="..\..\..\artwork\ZeroTierIcon.ico" Index="0"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiInstExSeqComponent">
+    <ROW Action="AI_DOWNGRADE" Condition="AI_NEWERPRODUCTFOUND AND (UILevel &lt;&gt; 5)" Sequence="210"/>
+    <ROW Action="AI_RESTORE_LOCATION" Condition="APPDIR=&quot;&quot;" Sequence="749"/>
+    <ROW Action="AI_STORE_LOCATION" Condition="(Not Installed) OR REINSTALL" Sequence="1502"/>
+    <ROW Action="AI_PREPARE_UPGRADE" Condition="AI_UPGRADE=&quot;No&quot; AND (Not Installed)" Sequence="1399"/>
+    <ROW Action="AI_ResolveKnownFolders" Sequence="51"/>
+    <ROW Action="AI_PrepareShortcutFlags" Condition="(VersionNT &gt; 501) AND ((NOT Installed) OR (Installed AND (REMOVE&lt;&gt;&quot;ALL&quot;) AND (AI_INSTALL_MODE&lt;&gt;&quot;Remove&quot;)))" Sequence="4501"/>
+    <ROW Action="AI_XmlInstall" Condition="(REMOVE &lt;&gt; &quot;ALL&quot;)" Sequence="5103"/>
+    <ROW Action="AI_DATA_SETTER" Condition="(REMOVE &lt;&gt; &quot;ALL&quot;)" Sequence="5102"/>
+    <ROW Action="AI_XmlUninstall" Condition="(REMOVE)" Sequence="3102"/>
+    <ROW Action="AI_DATA_SETTER_1" Condition="(REMOVE)" Sequence="3101"/>
+    <ROW Action="InstallFinalize" Sequence="6597" SeqType="0" MsiKey="InstallFinalize"/>
+    <ROW Action="AI_RemoveExternalUIStub" Condition="(REMOVE=&quot;ALL&quot;) AND ((VersionNT &gt; 500) OR((VersionNT = 500) AND (ServicePackLevel &gt;= 4)))" Sequence="1501"/>
+    <ROW Action="AI_GetArpIconPath" Sequence="1401"/>
+    <ROW Action="TapDeviceRemove32" Condition="( Installed AND ( REMOVE = &quot;ALL&quot; OR AI_INSTALL_MODE = &quot;Remove&quot; ) AND NOT UPGRADINGPRODUCTCODE ) AND ( NOT VersionNT64 )" Sequence="1601"/>
+    <ROW Action="TapDeviceRemove64" Condition="( Installed AND ( REMOVE = &quot;ALL&quot; OR AI_INSTALL_MODE = &quot;Remove&quot; ) AND NOT UPGRADINGPRODUCTCODE ) AND ( VersionNT64 )" Sequence="1602"/>
+    <ROW Action="AI_PrepareChainers" Condition="VersionMsi &gt;= &quot;4.05&quot;" Sequence="5851"/>
+    <ROW Action="AI_FwInstall" Condition="(VersionNT &gt;= 501) AND (REMOVE &lt;&gt; &quot;ALL&quot;)" Sequence="5802"/>
+    <ROW Action="AI_DATA_SETTER_2" Condition="(VersionNT &gt;= 501) AND (REMOVE &lt;&gt; &quot;ALL&quot;)" Sequence="5801"/>
+    <ROW Action="AI_FwUninstall" Condition="(VersionNT &gt;= 501) AND (REMOVE=&quot;ALL&quot;)" Sequence="1702"/>
+    <ROW Action="AI_DATA_SETTER_3" Condition="(VersionNT &gt;= 501) AND (REMOVE=&quot;ALL&quot;)" Sequence="1701"/>
+    <ROW Action="AI_DetectSoftware" Sequence="101"/>
+    <ROW Action="AI_PinShortcuts" Condition="(VersionNT &gt; 600) AND ((NOT Installed) OR (Installed AND (REMOVE&lt;&gt;&quot;ALL&quot;) AND (AI_INSTALL_MODE&lt;&gt;&quot;Remove&quot;)))" Sequence="4502"/>
+    <ROW Action="AI_UnpinShortcuts" Condition="(VersionNT &gt; 600) AND (REMOVE = &quot;ALL&quot;)" Sequence="3199"/>
+    <ROW Action="AI_TxtUpdaterInstall" Sequence="5101"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiInstallUISequenceComponent">
+    <ROW Action="AI_RESTORE_LOCATION" Condition="APPDIR=&quot;&quot;" Sequence="749"/>
+    <ROW Action="AI_ResolveKnownFolders" Sequence="52"/>
+    <ROW Action="AI_DpiContentScale" Sequence="51"/>
+    <ROW Action="AI_BACKUP_AI_SETUPEXEPATH" Sequence="99"/>
+    <ROW Action="AI_RESTORE_AI_SETUPEXEPATH" Condition="AI_SETUPEXEPATH_ORIGINAL" Sequence="102"/>
+    <ROW Action="ExecuteAction" Sequence="1299" SeqType="0" MsiKey="ExecuteAction"/>
+    <ROW Action="AI_DetectSoftware" Sequence="101"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiLaunchConditionsComponent">
+    <ROW Condition="( Version9X OR ( NOT VersionNT64 ) OR ( VersionNT64 AND ((VersionNT64 &lt;&gt; 502) OR (((VersionNT64 = 502) AND (ServicePackLevel &gt;= 1)) OR (MsiNTProductType &lt;&gt; 1))) AND ((VersionNT64 &lt;&gt; 502) OR (((VersionNT64 = 502) AND (ServicePackLevel &lt;&gt; 1)) OR (MsiNTProductType &lt;&gt; 1))) AND ((VersionNT64 &lt;&gt; 502) OR (((VersionNT64 = 502) AND (ServicePackLevel &lt;&gt; 2)) OR (MsiNTProductType &lt;&gt; 1))) AND ((VersionNT64 &lt;&gt; 502) OR ((VersionNT64 = 502) AND ((MsiNTProductType = 1) OR (ServicePackLevel &gt;= 1)))) AND ((VersionNT64 &lt;&gt; 502) OR ((VersionNT64 = 502) AND ((MsiNTProductType = 1) OR (ServicePackLevel &lt;&gt; 1)))) AND ((VersionNT64 &lt;&gt; 502) OR ((VersionNT64 = 502) AND ((MsiNTProductType = 1) OR (ServicePackLevel &lt;&gt; 2)))) ) )" Description="[ProductName] cannot be installed on the following Windows versions: [WindowsTypeNT64Display]" DescriptionLocId="AI.LaunchCondition.NoSpecificNT64" IsPredefined="true" Builds="DefaultBuild"/>
+    <ROW Condition="( Version9X OR VersionNT64 OR ( VersionNT AND ((VersionNT &lt;&gt; 500) OR ((VersionNT = 500) AND (ServicePackLevel &gt;= 1))) AND ((VersionNT &lt;&gt; 500) OR ((VersionNT = 500) AND (ServicePackLevel &lt;&gt; 1))) AND ((VersionNT &lt;&gt; 500) OR ((VersionNT = 500) AND (ServicePackLevel &lt;&gt; 2))) AND ((VersionNT &lt;&gt; 500) OR ((VersionNT = 500) AND (ServicePackLevel &lt;&gt; 3))) AND ((VersionNT &lt;&gt; 500) OR ((VersionNT = 500) AND (ServicePackLevel &lt;&gt; 4))) AND (((VersionNT &lt;&gt; 501) OR ((VersionNT = 501) AND (ServicePackLevel &gt;= 1))) OR VersionNT64) AND (((VersionNT &lt;&gt; 501) OR ((VersionNT = 501) AND (ServicePackLevel &lt;&gt; 1))) OR VersionNT64) AND (((VersionNT &lt;&gt; 501) OR ((VersionNT = 501) AND (ServicePackLevel &lt;&gt; 2))) OR VersionNT64) AND (((VersionNT &lt;&gt; 501) OR ((VersionNT = 501) AND (ServicePackLevel &lt;&gt; 3))) OR VersionNT64) AND (((VersionNT &lt;&gt; 502) OR ((VersionNT = 502) AND (ServicePackLevel &gt;= 1))) OR VersionNT64) AND (((VersionNT &lt;&gt; 502) OR ((VersionNT = 502) AND (ServicePackLevel &lt;&gt; 1))) OR VersionNT64) AND (((VersionNT &lt;&gt; 502) OR ((VersionNT = 502) AND (ServicePackLevel &lt;&gt; 2))) OR VersionNT64) ) )" Description="[ProductName] cannot be installed on the following Windows versions: [WindowsTypeNTDisplay]" DescriptionLocId="AI.LaunchCondition.NoSpecificNT" IsPredefined="true" Builds="DefaultBuild"/>
+    <ROW Condition="(VersionNT &lt;&gt; 400)" Description="[ProductName] cannot be installed on the following Windows versions: [WindowsTypeNT40Display]" DescriptionLocId="AI.LaunchCondition.NoNT40" IsPredefined="true" Builds="DefaultBuild"/>
+    <ROW Condition="AI_DETECTED_DOTNET_VERSION &gt;= AI_REQUIRED_DOTNET_VERSION" Description="[ProductName] cannot be installed on systems with .NET Framework version lower than [AI_REQUIRED_DOTNET_DISPLAY]." DescriptionLocId="AI.LaunchCondition.DotNET" IsPredefined="true" Builds="DefaultBuild"/>
+    <ROW Condition="Privileged" Description="[ProductName] requires administrative privileges to install." DescriptionLocId="AI.LaunchCondition.Privileged" IsPredefined="true" Builds="DefaultBuild"/>
+    <ROW Condition="VersionNT" Description="[ProductName] cannot be installed on [WindowsType9XDisplay]" DescriptionLocId="AI.LaunchCondition.No9X" IsPredefined="true" Builds="DefaultBuild"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiRegsComponent">
+    <ROW Registry="Comments" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="Comments" Value="[ARPCOMMENTS]" Component_="AI_CustomARPName"/>
+    <ROW Registry="Contact" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="Contact" Value="[ARPCONTACT]" Component_="AI_CustomARPName"/>
+    <ROW Registry="DisplayIcon" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="DisplayIcon" Value="[ARP_ICON_PATH]" Component_="AI_CustomARPName"/>
+    <ROW Registry="DisplayName" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="DisplayName" Value="[AI_PRODUCTNAME_ARP]" Component_="AI_CustomARPName"/>
+    <ROW Registry="DisplayVersion" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="DisplayVersion" Value="[ProductVersion]" Component_="AI_CustomARPName"/>
+    <ROW Registry="HelpLink" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="HelpLink" Value="[ARPHELPLINK]" Component_="AI_CustomARPName"/>
+    <ROW Registry="HelpTelephone" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="HelpTelephone" Value="[ARPHELPTELEPHONE]" Component_="AI_CustomARPName"/>
+    <ROW Registry="InstallLocation" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="InstallLocation" Value="[APPDIR]" Component_="AI_CustomARPName"/>
+    <ROW Registry="ModifyPath" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="ModifyPath" Value="[AI_UNINSTALLER] /I [ProductCode]" Component_="AI_CustomARPName"/>
+    <ROW Registry="NoModify" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="NoModify" Value="#1" Component_="AI_DisableModify"/>
+    <ROW Registry="NoRepair" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="NoRepair" Value="#1" Component_="AI_CustomARPName"/>
+    <ROW Registry="Path" Root="-1" Key="Software\[Manufacturer]\[ProductName]" Name="Path" Value="[APPDIR]" Component_="ProductInformation"/>
+    <ROW Registry="Publisher" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="Publisher" Value="[Manufacturer]" Component_="AI_CustomARPName"/>
+    <ROW Registry="URLInfoAbout" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="URLInfoAbout" Value="[ARPURLINFOABOUT]" Component_="AI_CustomARPName"/>
+    <ROW Registry="URLUpdateInfo" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="URLUpdateInfo" Value="[ARPURLUPDATEINFO]" Component_="AI_CustomARPName"/>
+    <ROW Registry="UninstallPath" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="UninstallPath" Value="[AI_UNINSTALLER] /x [ProductCode]" Component_="AI_CustomARPName"/>
+    <ROW Registry="UninstallString" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="UninstallString" Value="[AI_UNINSTALLER] /x [ProductCode]" Component_="AI_CustomARPName"/>
+    <ROW Registry="Version" Root="-1" Key="Software\[Manufacturer]\[ProductName]" Name="Version" Value="[ProductVersion]" Component_="ProductInformation"/>
+    <ROW Registry="VersionMajor" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="VersionMajor" Value="#0" Component_="AI_CustomARPName"/>
+    <ROW Registry="VersionMinor" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="VersionMinor" Value="#7" Component_="AI_CustomARPName"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiRemoveFileComponent">
+    <ROW FileKey="devcon.log" Component_="ProductInformation" FileName="devcon.log" DirProperty="One_Dir" InstallMode="3"/>
+    <ROW FileKey="devcon_x64.exe" Component_="ProductInformation" FileName="devcon_x64.exe" DirProperty="One_Dir" InstallMode="3"/>
+    <ROW FileKey="devcon_x86.exe" Component_="ProductInformation" FileName="devcon_x86.exe" DirProperty="One_Dir" InstallMode="3"/>
+    <ROW FileKey="node.log" Component_="ProductInformation" FileName="node.log" DirProperty="One_Dir" InstallMode="3"/>
+    <ROW FileKey="node.log.old" Component_="ProductInformation" FileName="node.log.old" DirProperty="One_Dir" InstallMode="3"/>
+    <ROW FileKey="roottopology" Component_="ProductInformation" FileName="root-topology" DirProperty="One_Dir" InstallMode="3"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiServCtrlComponent">
+    <ROW ServiceControl="zerotierone_x64.exe" Name="ZeroTierOneService" Event="163" Wait="1" Component_="zerotierone_x64.exe"/>
+    <ROW ServiceControl="zerotierone_x86.exe" Name="ZeroTierOneService" Event="163" Wait="1" Component_="zerotierone_x86.exe"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiServInstComponent">
+    <ROW ServiceInstall="zerotierone_x64.exe" Name="ZeroTierOneService" DisplayName="ZeroTier One" ServiceType="16" StartType="2" ErrorControl="32769" Component_="zerotierone_x64.exe" Description="Ethernet Virtualization Service"/>
+    <ROW ServiceInstall="zerotierone_x86.exe" Name="ZeroTierOneService" DisplayName="ZeroTier One" ServiceType="16" StartType="2" ErrorControl="32769" Component_="zerotierone_x86.exe" Description="Ethernet Virtualization Service"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiShortsComponent">
+    <ROW Shortcut="ZeroTierOne" Directory_="ProgramMenuFolder" Name="ZEROTI~1|ZeroTier One" Component_="ZeroTierOne.exe" Target="[#ZeroTierOne.exe]" Description="Ethernet Virtualization Control Panel" Hotkey="0" Icon_="ZeroTierIcon.exe" IconIndex="0" ShowCmd="1" WkDir="APPDIR" CustomFlags="1"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiThemeComponent">
+    <ATTRIBUTE name="UsedTheme" value="classic"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiUpgradeComponent">
+    <ROW UpgradeCode="[|UpgradeCode]" VersionMin="0.0.1" VersionMax="[|ProductVersion]" Attributes="257" ActionProperty="OLDPRODUCTS"/>
+    <ROW UpgradeCode="[|UpgradeCode]" VersionMin="[|ProductVersion]" Attributes="2" ActionProperty="AI_NEWERPRODUCTFOUND"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.SoftwareIdentificationComponent">
+    <ATTRIBUTE name="LocalFile" value="regid.199509.com.example_ProductName.swidtag"/>
+    <ATTRIBUTE name="SystemFile" value="regid.199509.com.example_ProductName.swidtag_1"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.TxtUpdateComponent">
+    <ROW Name="Append/Create" TxtUpdateSet="zerotiercli.bat" FindPattern="@ECHO OFF&#13;&#10;if [\[][#zerotierone_x64.exe][\]] == [\[][\]] (&#13;&#10;&#9;[#zerotierone_x86.exe] -q %*&#13;&#10;) else (&#13;&#10;&#9;[#zerotierone_x64.exe] -q %*&#13;&#10;)&#13;&#10;" Options="160" Order="0" FileEncoding="0"/>
+    <ROW Name="Replace" TxtUpdateSet="zerotiercli.bat" FindPattern="YourFindText" ReplacePattern="YourReplaceText" Options="2" Order="1" FileEncoding="-1"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.TxtUpdateSetComponent">
+    <ROW Key="zerotiercli.bat" Component="zerotierone_x64.exe" FileName="zerotier-cli.bat" Directory="APPDIR" Options="17"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.XmlAttributeComponent">
+    <ROW XmlAttribute="xmlnsds" XmlElement="swidsoftware_identification_tag" Name="xmlns:ds" Flags="14" Order="0" Value="http://www.w3.org/2000/09/xmldsig#"/>
+    <ROW XmlAttribute="xmlnsswid" XmlElement="swidsoftware_identification_tag" Name="xmlns:swid" Flags="14" Order="1" Value="http://standards.iso.org/iso/19770/-2/2008/schema.xsd"/>
+    <ROW XmlAttribute="xmlnsxsi" XmlElement="swidsoftware_identification_tag" Name="xmlns:xsi" Flags="14" Order="2" Value="http://www.w3.org/2001/XMLSchema-instance"/>
+    <ROW XmlAttribute="xsischemaLocation" XmlElement="swidsoftware_identification_tag" Name="xsi:schemaLocation" Flags="14" Order="3" Value="http://standards.iso.org/iso/19770/-2/2008/schema.xsd software_identification_tag.xsd"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.XmlElementComponent">
+    <ROW XmlElement="swidbuild" ParentElement="swidnumeric" Name="swid:build" Condition="1" Order="2" Flags="14" Text="12"/>
+    <ROW XmlElement="swidentitlement_required_indicator" ParentElement="swidsoftware_identification_tag" Name="swid:entitlement_required_indicator" Condition="1" Order="0" Flags="14" Text="false"/>
+    <ROW XmlElement="swidmajor" ParentElement="swidnumeric" Name="swid:major" Condition="1" Order="0" Flags="14" Text="1"/>
+    <ROW XmlElement="swidminor" ParentElement="swidnumeric" Name="swid:minor" Condition="1" Order="1" Flags="14" Text="1"/>
+    <ROW XmlElement="swidname" ParentElement="swidproduct_version" Name="swid:name" Condition="1" Order="0" Flags="14" Text="[ProductVersion]"/>
+    <ROW XmlElement="swidname_1" ParentElement="swidsoftware_creator" Name="swid:name" Condition="1" Order="0" Flags="14" Text="ZeroTier, Inc."/>
+    <ROW XmlElement="swidname_2" ParentElement="swidsoftware_licensor" Name="swid:name" Condition="1" Order="0" Flags="14" Text="ZeroTier, Inc."/>
+    <ROW XmlElement="swidname_3" ParentElement="swidtag_creator" Name="swid:name" Condition="1" Order="0" Flags="14" Text="ZeroTier, Inc."/>
+    <ROW XmlElement="swidnumeric" ParentElement="swidproduct_version" Name="swid:numeric" Condition="1" Order="1" Flags="14"/>
+    <ROW XmlElement="swidproduct_title" ParentElement="swidsoftware_identification_tag" Name="swid:product_title" Condition="1" Order="1" Flags="14" Text="[ProductName]"/>
+    <ROW XmlElement="swidproduct_version" ParentElement="swidsoftware_identification_tag" Name="swid:product_version" Condition="1" Order="2" Flags="14"/>
+    <ROW XmlElement="swidregid" ParentElement="swidsoftware_creator" Name="swid:regid" Condition="1" Order="1" Flags="14" Text="regid.2010-01.com.zerotier"/>
+    <ROW XmlElement="swidregid_1" ParentElement="swidsoftware_licensor" Name="swid:regid" Condition="1" Order="1" Flags="14" Text="regid.2010-01.com.zerotier"/>
+    <ROW XmlElement="swidregid_2" ParentElement="swidtag_creator" Name="swid:regid" Condition="1" Order="1" Flags="14" Text="regid.2010-01.com.zerotier"/>
+    <ROW XmlElement="swidreview" ParentElement="swidnumeric" Name="swid:review" Condition="1" Order="3" Flags="14" Text="0"/>
+    <ROW XmlElement="swidsoftware_creator" ParentElement="swidsoftware_identification_tag" Name="swid:software_creator" Condition="1" Order="3" Flags="14"/>
+    <ROW XmlElement="swidsoftware_id" ParentElement="swidsoftware_identification_tag" Name="swid:software_id" Condition="1" Order="5" Flags="14"/>
+    <ROW XmlElement="swidsoftware_identification_tag" Name="swid:software_identification_tag" Condition="1" Order="0" Flags="14"/>
+    <ROW XmlElement="swidsoftware_licensor" ParentElement="swidsoftware_identification_tag" Name="swid:software_licensor" Condition="1" Order="4" Flags="14"/>
+    <ROW XmlElement="swidtag_creator" ParentElement="swidsoftware_identification_tag" Name="swid:tag_creator" Condition="1" Order="6" Flags="14"/>
+    <ROW XmlElement="swidtag_creator_regid" ParentElement="swidsoftware_id" Name="swid:tag_creator_regid" Condition="1" Order="1" Flags="14" Text="regid.2010-01.com.zerotier"/>
+    <ROW XmlElement="swidunique_id" ParentElement="swidsoftware_id" Name="swid:unique_id" Condition="1" Order="0" Flags="14" Text="ZeroTierOne"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.XmlFileComponent">
+    <ROW XmlFile="regid.199509.com.example_ProductName.swidtag" FileName="REGID2~1.SWI|regid.2010-01.com.zerotier_ZeroTierOne.swidtag" DirProperty="APPDIR" Component="ProductInformation" RootElement="swidsoftware_identification_tag" Flags="25" Version="1.0" Encoding="UTF-8" IndentUnits="2"/>
+    <ROW XmlFile="regid.199509.com.example_ProductName.swidtag_1" FileName="REGID2~1.SWI|regid.2010-01.com.zerotier_ZeroTierOne.swidtag" DirProperty="regid.201001.com.zerotier_Dir" Component="ProductInformation" RootElement="swidsoftware_identification_tag" Flags="25" Version="1.0" Encoding="UTF-8" IndentUnits="2"/>
+  </COMPONENT>
+</DOCUMENT>
diff --git a/ext/installfiles/windows/chocolatey/zerotier-one/tools/LICENSE.txt b/ext/installfiles/windows/chocolatey/zerotier-one/tools/LICENSE.txt
new file mode 100644
index 0000000..ce0564a
--- /dev/null
+++ b/ext/installfiles/windows/chocolatey/zerotier-one/tools/LICENSE.txt
@@ -0,0 +1,11 @@
+From: https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/COPYING
+
+LICENSE
+
+ZeroTier One is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3 of the License, or (at
+your option) any later version.
+
+See the file ‘LICENSE.GPL-3’ for the text of the GNU GPL version 3.
+If that file is not present, see <http://www.gnu.org/licenses/>.
diff --git a/ext/installfiles/windows/chocolatey/zerotier-one/tools/VERIFICATION.txt b/ext/installfiles/windows/chocolatey/zerotier-one/tools/VERIFICATION.txt
new file mode 100644
index 0000000..0a5bc76
--- /dev/null
+++ b/ext/installfiles/windows/chocolatey/zerotier-one/tools/VERIFICATION.txt
@@ -0,0 +1,5 @@
+VERIFICATION
+Verification is intended to assist the Chocolatey moderators and community
+in verifying that this package's contents are trustworthy.
+ 
+Our MSI installer should be signed by ZeroTier, Inc. using a certificate from DigiCert.
diff --git a/ext/installfiles/windows/chocolatey/zerotier-one/tools/chocolateyinstall.ps1 b/ext/installfiles/windows/chocolatey/zerotier-one/tools/chocolateyinstall.ps1
new file mode 100644
index 0000000..b29fd99
--- /dev/null
+++ b/ext/installfiles/windows/chocolatey/zerotier-one/tools/chocolateyinstall.ps1
@@ -0,0 +1,8 @@
+$packageName = 'zerotier-one'
+$installerType = 'msi'
+$url = 'https://download.zerotier.com/RELEASES/1.1.12/dist/ZeroTier%20One.msi'
+$url64 = 'https://download.zerotier.com/RELEASES/1.1.12/dist/ZeroTier%20One.msi'
+$silentArgs = '/quiet'
+$validExitCodes = @(0,3010)
+
+Install-ChocolateyPackage $packageName $installerType $silentArgs $url $url64  -validExitCodes $validExitCodes
diff --git a/ext/installfiles/windows/chocolatey/zerotier-one/tools/chocolateyuninstall.ps1 b/ext/installfiles/windows/chocolatey/zerotier-one/tools/chocolateyuninstall.ps1
new file mode 100644
index 0000000..81f7a5a
--- /dev/null
+++ b/ext/installfiles/windows/chocolatey/zerotier-one/tools/chocolateyuninstall.ps1
@@ -0,0 +1,30 @@
+$ErrorActionPreference = 'Stop';
+
+$packageName = 'zerotier-one'
+$softwareName = 'ZeroTier One*'
+$installerType = 'MSI'
+
+$silentArgs = '/qn /norestart'
+$validExitCodes = @(0, 3010, 1605, 1614, 1641)
+$uninstalled = $false
+
+[array]$key = Get-UninstallRegistryKey -SoftwareName $softwareName
+
+if ($key.Count -eq 1) {
+  $key | % { 
+    $silentArgs = "$($_.PSChildName) $silentArgs"
+    $file = ''
+    Uninstall-ChocolateyPackage -PackageName $packageName `
+                                -FileType $installerType `
+                                -SilentArgs "$silentArgs" `
+                                -ValidExitCodes $validExitCodes `
+                                -File "$file"
+  }
+} elseif ($key.Count -eq 0) {
+  Write-Warning "$packageName has already been uninstalled by other means."
+} elseif ($key.Count -gt 1) {
+  Write-Warning "$key.Count matches found!"
+  Write-Warning "To prevent accidental data loss, no programs will be uninstalled."
+  Write-Warning "Please alert package maintainer the following keys were matched:"
+  $key | % {Write-Warning "- $_.DisplayName"}
+}
diff --git a/ext/installfiles/windows/chocolatey/zerotier-one/zerotier-one.nuspec b/ext/installfiles/windows/chocolatey/zerotier-one/zerotier-one.nuspec
new file mode 100644
index 0000000..473007c
--- /dev/null
+++ b/ext/installfiles/windows/chocolatey/zerotier-one/zerotier-one.nuspec
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Read this before creating packages: https://github.com/chocolatey/chocolatey/wiki/CreatePackages -->
+<!-- It is especially important to read the above link to understand additional requirements when publishing packages to the community feed aka dot org (https://chocolatey.org/packages). -->
+
+<!-- Test your packages in a test environment: https://github.com/chocolatey/chocolatey-test-environment -->
+
+<!--
+This is a nuspec. It mostly adheres to https://docs.nuget.org/create/Nuspec-Reference. Chocolatey uses a special version of NuGet.Core that allows us to do more than was initially possible. As such there are certain things to be aware of:
+
+* the package xmlns schema url may cause issues with nuget.exe
+* Any of the following elements can ONLY be used by choco tools - projectSourceUrl, docsUrl, mailingListUrl, bugTrackerUrl, packageSourceUrl, provides, conflicts, replaces 
+* nuget.exe can still install packages with those elements but they are ignored. Any authoring tools or commands will error on those elements 
+-->
+
+<!-- You can embed software files directly into packages, as long as you are not bound by distribution rights. -->
+<!-- * If you are an organization making private packages, you probably have no issues here -->
+<!-- * If you are releasing to the community feed, you need to consider distribution rights. -->
+<!-- Do not remove this test for UTF-8: if “Ω” doesn’t appear as greek uppercase omega letter enclosed in quotation marks, you should use an editor that supports UTF-8, not this one. -->
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <!-- == PACKAGE SPECIFIC SECTION == -->
+    <!-- This section is about this package, although id and version have ties back to the software -->
+    <!-- id is lowercase and if you want a good separator for words, use '-', not '.'. Dots are only acceptable as suffixes for certain types of packages, e.g. .install, .portable, .extension, .template -->
+    <!-- If the software is cross-platform, attempt to use the same id as the debian/rpm package(s) if possible. -->
+    <id>zerotier-one</id>
+    <!-- version should MATCH as closely as possible with the underlying software -->
+    <!-- Is the version a prerelease of a version? https://docs.nuget.org/create/versioning#creating-prerelease-packages -->
+    <!-- Note that unstable versions like 0.0.1 can be considered a released version, but it's possible that one can release a 0.0.1-beta before you release a 0.0.1 version. If the version number is final, that is considered a released version and not a prerelease. -->
+    <version>1.1.12</version>
+    <!-- <packageSourceUrl>Where is this Chocolatey package located (think GitHub)? packageSourceUrl is highly recommended for the community feed</packageSourceUrl>-->
+    <!-- owners is a poor name for maintainers of the package. It sticks around by this name for compatibility reasons. It basically means you. -->
+    <!--<owners>ZeroTier, Inc.</owners>-->
+    <!-- ============================== -->
+
+    <!-- == SOFTWARE SPECIFIC SECTION == -->
+    <!-- This section is about the software itself -->
+    <title>zerotier-one (Install)</title>
+    <authors>ZeroTier, Inc.</authors>
+    <!-- projectUrl is required for the community feed -->
+    <projectUrl>https://www.zerotier.com/</projectUrl>
+    <!--<iconUrl>https://www.zerotier.com/img/ZeroTierIcon.png</iconUrl>-->
+    <!-- <copyright>2011-2016 ZeroTier, Inc.</copyright> -->
+    <!-- If there is a license Url available, it is is required for the community feed -->
+    <!-- <licenseUrl>https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/COPYING</licenseUrl>
+    <requireLicenseAcceptance>true</requireLicenseAcceptance>-->
+    <!--<projectSourceUrl>https://github.com/zerotier/ZeroTierOne</projectSourceUrl>-->
+    <!--<docsUrl>https://www.zerotier.com/</docsUrl>-->
+    <!--<mailingListUrl></mailingListUrl>-->
+    <!--<bugTrackerUrl>https://github.com/zerotier/ZeroTierOne/issues</bugTrackerUrl>-->
+    <tags>zerotier-one admin</tags>
+    <summary>ZeroTier One Virtual Network Endpoint for Windows</summary>
+    <description>ZeroTier is a smart switch for Earth with VLAN capability. See https://www.zerotier.com/ for more information.</description>
+    <!-- <releaseNotes>__REPLACE_OR_REMOVE__MarkDown_Okay</releaseNotes> -->
+    <!-- =============================== -->      
+
+    <!-- Specifying dependencies and version ranges? https://docs.nuget.org/create/versioning#specifying-version-ranges-in-.nuspec-files -->
+    <!--<dependencies>
+      <dependency id="" version="__MINIMUM_VERSION__" />
+      <dependency id="" version="[__EXACT_VERSION__]" />
+      <dependency id="" version="[_MIN_VERSION_INCLUSIVE, MAX_VERSION_INCLUSIVE]" />
+      <dependency id="" version="[_MIN_VERSION_INCLUSIVE, MAX_VERSION_EXCLUSIVE)" />
+      <dependency id="" />
+      <dependency id="chocolatey-uninstall.extension" />
+    </dependencies>-->
+    <!-- chocolatey-uninstall.extension - If supporting 0.9.9.x (or below) and including a chocolateyUninstall.ps1 file to uninstall an EXE/MSI, you probably want to include chocolatey-uninstall.extension as a dependency. Please verify whether you are using a helper function from that package. -->
+
+    <!--<provides>NOT YET IMPLEMENTED</provides>-->
+    <!--<conflicts>NOT YET IMPLEMENTED</conflicts>-->
+    <!--<replaces>NOT YET IMPLEMENTED</replaces>-->
+  </metadata>
+  <files>
+    <!-- this section controls what actually gets packaged into the Chocolatey package -->
+    <file src="tools\**" target="tools" />
+    <!--Building from Linux? You may need this instead: <file src="tools/**" target="tools" />-->
+  </files>
+</package>
diff --git a/ext/json-parser/AUTHORS b/ext/json-parser/AUTHORS
new file mode 100644
index 0000000..6a5c799
--- /dev/null
+++ b/ext/json-parser/AUTHORS
@@ -0,0 +1,20 @@
+All contributors arranged by first commit:
+
+James McLaughlin
+Alex Gartrell
+Peter Scott
+Mathias Kaerlev
+Emiel Mols
+Czarek Tomczak
+Nicholas Braden
+Ivan Kozub
+Árpád Goretity
+Igor Gnatenko
+Haïkel Guémar
+Tobias Waldekranz
+Patrick Donnelly 
+Wilmer van der Gaast
+Jin Wei
+François Cartegnie
+Matthijs Boelstra
+
diff --git a/ext/json-parser/LICENSE b/ext/json-parser/LICENSE
new file mode 100644
index 0000000..1aee375
--- /dev/null
+++ b/ext/json-parser/LICENSE
@@ -0,0 +1,26 @@
+
+  Copyright (C) 2012, 2013 James McLaughlin et al.  All rights reserved.
+ 
+  Redistribution and use in source and binary forms, with or without
+  modification, are permitted provided that the following conditions
+  are met:
+ 
+  1. Redistributions of source code must retain the above copyright
+     notice, this list of conditions and the following disclaimer.
+ 
+  2. Redistributions in binary form must reproduce the above copyright
+     notice, this list of conditions and the following disclaimer in the
+     documentation and/or other materials provided with the distribution.
+ 
+  THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+  ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+  ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+  DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+  OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+  LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+  OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+  SUCH DAMAGE.
+
diff --git a/ext/json-parser/README.md b/ext/json-parser/README.md
new file mode 100644
index 0000000..e0b70b6
--- /dev/null
+++ b/ext/json-parser/README.md
@@ -0,0 +1,97 @@
+Very low footprint JSON parser written in portable ANSI C.
+
+* BSD licensed with no dependencies (i.e. just drop the C file into your project)
+* Never recurses or allocates more memory than it needs
+* Very simple API with operator sugar for C++
+
+[![Build Status](https://secure.travis-ci.org/udp/json-parser.png)](http://travis-ci.org/udp/json-parser)
+
+_Want to serialize?  Check out [json-builder](https://github.com/udp/json-builder)!_
+
+Installing
+----------
+
+There is now a makefile which will produce a libjsonparser static and dynamic library.  However, this
+is _not_ required to build json-parser, and the source files (`json.c` and `json.h`) should be happy
+in any build system you already have in place.
+
+
+API
+---
+
+    json_value * json_parse (const json_char * json,
+                             size_t length);
+
+    json_value * json_parse_ex (json_settings * settings,
+                                const json_char * json,
+                                size_t length,
+                                char * error);
+
+    void json_value_free (json_value *);
+
+The `type` field of `json_value` is one of:
+
+* `json_object` (see `u.object.length`, `u.object.values[x].name`, `u.object.values[x].value`)
+* `json_array` (see `u.array.length`, `u.array.values`)
+* `json_integer` (see `u.integer`)
+* `json_double` (see `u.dbl`)
+* `json_string` (see `u.string.ptr`, `u.string.length`)
+* `json_boolean` (see `u.boolean`)
+* `json_null`
+
+
+Compile-Time Options
+--------------------
+
+    -DJSON_TRACK_SOURCE
+
+Stores the source location (line and column number) inside each `json_value`.
+
+This is useful for application-level error reporting.
+
+
+Runtime Options
+---------------
+
+    settings |= json_enable_comments;
+
+Enables C-style `// line` and `/* block */` comments.
+
+    size_t value_extra
+
+The amount of space (if any) to allocate at the end of each `json_value`, in
+order to give the application space to add metadata.
+
+    void * (* mem_alloc) (size_t, int zero, void * user_data);
+    void (* mem_free) (void *, void * user_data);
+
+Custom allocator routines.  If NULL, the default `malloc` and `free` will be used.
+
+The `user_data` pointer will be forwarded from `json_settings` to allow application
+context to be passed.
+
+
+Changes in version 1.1.0
+------------------------
+
+* UTF-8 byte order marks are now skipped if present
+
+* Allows cross-compilation by honoring --host if given (@wkz)
+
+* Maximum size for error buffer is now exposed in header (@LB--)
+
+* GCC warning for `static` after `const` fixed (@batrick)
+
+* Optional support for C-style line and block comments added (@Jin-W-FS)
+
+* `name_length` field added to object values 
+
+* It is now possible to retrieve the source line/column number of a parsed `json_value` when `JSON_TRACK_SOURCE` is enabled
+
+* The application may now extend `json_value` using the `value_extra` setting
+
+* Un-ambiguate pow call in the case of C++ overloaded pow (@fcartegnie)
+
+* Fix null pointer de-reference when a non-existing array is closed and no root value is present
+
+
diff --git a/ext/json-parser/json.c b/ext/json-parser/json.c
new file mode 100644
index 0000000..166cdcb
--- /dev/null
+++ b/ext/json-parser/json.c
@@ -0,0 +1,1012 @@
+/* vim: set et ts=3 sw=3 sts=3 ft=c:
+ *
+ * Copyright (C) 2012, 2013, 2014 James McLaughlin et al.  All rights reserved.
+ * https://github.com/udp/json-parser
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "json.h"
+
+#ifdef _MSC_VER
+   #ifndef _CRT_SECURE_NO_WARNINGS
+      #define _CRT_SECURE_NO_WARNINGS
+   #endif
+   #pragma warning(disable:4996)
+#endif
+
+const struct _json_value json_value_none;
+
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <math.h>
+
+typedef unsigned int json_uchar;
+
+static unsigned char hex_value (json_char c)
+{
+   if (isdigit(c))
+      return c - '0';
+
+   switch (c) {
+      case 'a': case 'A': return 0x0A;
+      case 'b': case 'B': return 0x0B;
+      case 'c': case 'C': return 0x0C;
+      case 'd': case 'D': return 0x0D;
+      case 'e': case 'E': return 0x0E;
+      case 'f': case 'F': return 0x0F;
+      default: return 0xFF;
+   }
+}
+
+typedef struct
+{
+   unsigned long used_memory;
+
+   unsigned int uint_max;
+   unsigned long ulong_max;
+
+   json_settings settings;
+   int first_pass;
+
+   const json_char * ptr;
+   unsigned int cur_line, cur_col;
+
+} json_state;
+
+static void * default_alloc (size_t size, int zero, void * user_data)
+{
+   return zero ? calloc (1, size) : malloc (size);
+}
+
+static void default_free (void * ptr, void * user_data)
+{
+   free (ptr);
+}
+
+static void * json_alloc (json_state * state, unsigned long size, int zero)
+{
+   if ((state->ulong_max - state->used_memory) < size)
+      return 0;
+
+   if (state->settings.max_memory
+         && (state->used_memory += size) > state->settings.max_memory)
+   {
+      return 0;
+   }
+
+   return state->settings.mem_alloc (size, zero, state->settings.user_data);
+}
+
+static int new_value (json_state * state,
+                      json_value ** top, json_value ** root, json_value ** alloc,
+                      json_type type)
+{
+   json_value * value;
+   int values_size;
+
+   if (!state->first_pass)
+   {
+      value = *top = *alloc;
+      *alloc = (*alloc)->_reserved.next_alloc;
+
+      if (!*root)
+         *root = value;
+
+      switch (value->type)
+      {
+         case json_array:
+
+            if (value->u.array.length == 0)
+               break;
+
+            if (! (value->u.array.values = (json_value **) json_alloc
+               (state, value->u.array.length * sizeof (json_value *), 0)) )
+            {
+               return 0;
+            }
+
+            value->u.array.length = 0;
+            break;
+
+         case json_object:
+
+            if (value->u.object.length == 0)
+               break;
+
+            values_size = sizeof (*value->u.object.values) * value->u.object.length;
+
+            if (! (value->u.object.values = (json_object_entry *) json_alloc
+                  (state, values_size + ((unsigned long) value->u.object.values), 0)) )
+            {
+               return 0;
+            }
+
+            value->_reserved.object_mem = (*(char **) &value->u.object.values) + values_size;
+
+            value->u.object.length = 0;
+            break;
+
+         case json_string:
+
+            if (! (value->u.string.ptr = (json_char *) json_alloc
+               (state, (value->u.string.length + 1) * sizeof (json_char), 0)) )
+            {
+               return 0;
+            }
+
+            value->u.string.length = 0;
+            break;
+
+         default:
+            break;
+      };
+
+      return 1;
+   }
+
+   if (! (value = (json_value *) json_alloc
+         (state, sizeof (json_value) + state->settings.value_extra, 1)))
+   {
+      return 0;
+   }
+
+   if (!*root)
+      *root = value;
+
+   value->type = type;
+   value->parent = *top;
+
+   #ifdef JSON_TRACK_SOURCE
+      value->line = state->cur_line;
+      value->col = state->cur_col;
+   #endif
+
+   if (*alloc)
+      (*alloc)->_reserved.next_alloc = value;
+
+   *alloc = *top = value;
+
+   return 1;
+}
+
+#define whitespace \
+   case '\n': ++ state.cur_line;  state.cur_col = 0; \
+   case ' ': case '\t': case '\r'
+
+#define string_add(b)  \
+   do { if (!state.first_pass) string [string_length] = b;  ++ string_length; } while (0);
+
+#define line_and_col \
+   state.cur_line, state.cur_col
+
+static const long
+   flag_next             = 1 << 0,
+   flag_reproc           = 1 << 1,
+   flag_need_comma       = 1 << 2,
+   flag_seek_value       = 1 << 3, 
+   flag_escaped          = 1 << 4,
+   flag_string           = 1 << 5,
+   flag_need_colon       = 1 << 6,
+   flag_done             = 1 << 7,
+   flag_num_negative     = 1 << 8,
+   flag_num_zero         = 1 << 9,
+   flag_num_e            = 1 << 10,
+   flag_num_e_got_sign   = 1 << 11,
+   flag_num_e_negative   = 1 << 12,
+   flag_line_comment     = 1 << 13,
+   flag_block_comment    = 1 << 14;
+
+json_value * json_parse_ex (json_settings * settings,
+                            const json_char * json,
+                            size_t length,
+                            char * error_buf)
+{
+   json_char error [json_error_max];
+   const json_char * end;
+   json_value * top, * root, * alloc = 0;
+   json_state state = { 0 };
+   long flags;
+   long num_digits = 0, num_e = 0;
+   json_int_t num_fraction = 0;
+
+   /* Skip UTF-8 BOM
+    */
+   if (length >= 3 && ((unsigned char) json [0]) == 0xEF
+                   && ((unsigned char) json [1]) == 0xBB
+                   && ((unsigned char) json [2]) == 0xBF)
+   {
+      json += 3;
+      length -= 3;
+   }
+
+   error[0] = '\0';
+   end = (json + length);
+
+   memcpy (&state.settings, settings, sizeof (json_settings));
+
+   if (!state.settings.mem_alloc)
+      state.settings.mem_alloc = default_alloc;
+
+   if (!state.settings.mem_free)
+      state.settings.mem_free = default_free;
+
+   memset (&state.uint_max, 0xFF, sizeof (state.uint_max));
+   memset (&state.ulong_max, 0xFF, sizeof (state.ulong_max));
+
+   state.uint_max -= 8; /* limit of how much can be added before next check */
+   state.ulong_max -= 8;
+
+   for (state.first_pass = 1; state.first_pass >= 0; -- state.first_pass)
+   {
+      json_uchar uchar;
+      unsigned char uc_b1, uc_b2, uc_b3, uc_b4;
+      json_char * string = 0;
+      unsigned int string_length = 0;
+
+      top = root = 0;
+      flags = flag_seek_value;
+
+      state.cur_line = 1;
+
+      for (state.ptr = json ;; ++ state.ptr)
+      {
+         json_char b = (state.ptr == end ? 0 : *state.ptr);
+         
+         if (flags & flag_string)
+         {
+            if (!b)
+            {  sprintf (error, "Unexpected EOF in string (at %d:%d)", line_and_col);
+               goto e_failed;
+            }
+
+            if (string_length > state.uint_max)
+               goto e_overflow;
+
+            if (flags & flag_escaped)
+            {
+               flags &= ~ flag_escaped;
+
+               switch (b)
+               {
+                  case 'b':  string_add ('\b');  break;
+                  case 'f':  string_add ('\f');  break;
+                  case 'n':  string_add ('\n');  break;
+                  case 'r':  string_add ('\r');  break;
+                  case 't':  string_add ('\t');  break;
+                  case 'u':
+
+                    if (end - state.ptr < 4 || 
+                        (uc_b1 = hex_value (*++ state.ptr)) == 0xFF ||
+                        (uc_b2 = hex_value (*++ state.ptr)) == 0xFF ||
+                        (uc_b3 = hex_value (*++ state.ptr)) == 0xFF ||
+                        (uc_b4 = hex_value (*++ state.ptr)) == 0xFF)
+                    {
+                        sprintf (error, "Invalid character value `%c` (at %d:%d)", b, line_and_col);
+                        goto e_failed;
+                    }
+
+                    uc_b1 = (uc_b1 << 4) | uc_b2;
+                    uc_b2 = (uc_b3 << 4) | uc_b4;
+                    uchar = (uc_b1 << 8) | uc_b2;
+
+                    if ((uchar & 0xF800) == 0xD800) {
+                        json_uchar uchar2;
+                        
+                        if (end - state.ptr < 6 || (*++ state.ptr) != '\\' || (*++ state.ptr) != 'u' ||
+                            (uc_b1 = hex_value (*++ state.ptr)) == 0xFF ||
+                            (uc_b2 = hex_value (*++ state.ptr)) == 0xFF ||
+                            (uc_b3 = hex_value (*++ state.ptr)) == 0xFF ||
+                            (uc_b4 = hex_value (*++ state.ptr)) == 0xFF)
+                        {
+                            sprintf (error, "Invalid character value `%c` (at %d:%d)", b, line_and_col);
+                            goto e_failed;
+                        }
+
+                        uc_b1 = (uc_b1 << 4) | uc_b2;
+                        uc_b2 = (uc_b3 << 4) | uc_b4;
+                        uchar2 = (uc_b1 << 8) | uc_b2;
+                        
+                        uchar = 0x010000 | ((uchar & 0x3FF) << 10) | (uchar2 & 0x3FF);
+                    }
+
+                    if (sizeof (json_char) >= sizeof (json_uchar) || (uchar <= 0x7F))
+                    {
+                       string_add ((json_char) uchar);
+                       break;
+                    }
+
+                    if (uchar <= 0x7FF)
+                    {
+                        if (state.first_pass)
+                           string_length += 2;
+                        else
+                        {  string [string_length ++] = 0xC0 | (uchar >> 6);
+                           string [string_length ++] = 0x80 | (uchar & 0x3F);
+                        }
+
+                        break;
+                    }
+
+                    if (uchar <= 0xFFFF) {
+                        if (state.first_pass)
+                           string_length += 3;
+                        else
+                        {  string [string_length ++] = 0xE0 | (uchar >> 12);
+                           string [string_length ++] = 0x80 | ((uchar >> 6) & 0x3F);
+                           string [string_length ++] = 0x80 | (uchar & 0x3F);
+                        }
+                        
+                        break;
+                    }
+
+                    if (state.first_pass)
+                       string_length += 4;
+                    else
+                    {  string [string_length ++] = 0xF0 | (uchar >> 18);
+                       string [string_length ++] = 0x80 | ((uchar >> 12) & 0x3F);
+                       string [string_length ++] = 0x80 | ((uchar >> 6) & 0x3F);
+                       string [string_length ++] = 0x80 | (uchar & 0x3F);
+                    }
+
+                    break;
+
+                  default:
+                     string_add (b);
+               };
+
+               continue;
+            }
+
+            if (b == '\\')
+            {
+               flags |= flag_escaped;
+               continue;
+            }
+
+            if (b == '"')
+            {
+               if (!state.first_pass)
+                  string [string_length] = 0;
+
+               flags &= ~ flag_string;
+               string = 0;
+
+               switch (top->type)
+               {
+                  case json_string:
+
+                     top->u.string.length = string_length;
+                     flags |= flag_next;
+
+                     break;
+
+                  case json_object:
+
+                     if (state.first_pass)
+                        (*(json_char **) &top->u.object.values) += string_length + 1;
+                     else
+                     {  
+                        top->u.object.values [top->u.object.length].name
+                           = (json_char *) top->_reserved.object_mem;
+
+                        top->u.object.values [top->u.object.length].name_length
+                           = string_length;
+
+                        (*(json_char **) &top->_reserved.object_mem) += string_length + 1;
+                     }
+
+                     flags |= flag_seek_value | flag_need_colon;
+                     continue;
+
+                  default:
+                     break;
+               };
+            }
+            else
+            {
+               string_add (b);
+               continue;
+            }
+         }
+
+         if (state.settings.settings & json_enable_comments)
+         {
+            if (flags & (flag_line_comment | flag_block_comment))
+            {
+               if (flags & flag_line_comment)
+               {
+                  if (b == '\r' || b == '\n' || !b)
+                  {
+                     flags &= ~ flag_line_comment;
+                     -- state.ptr;  /* so null can be reproc'd */
+                  }
+
+                  continue;
+               }
+
+               if (flags & flag_block_comment)
+               {
+                  if (!b)
+                  {  sprintf (error, "%d:%d: Unexpected EOF in block comment", line_and_col);
+                     goto e_failed;
+                  }
+
+                  if (b == '*' && state.ptr < (end - 1) && state.ptr [1] == '/')
+                  {
+                     flags &= ~ flag_block_comment;
+                     ++ state.ptr;  /* skip closing sequence */
+                  }
+
+                  continue;
+               }
+            }
+            else if (b == '/')
+            {
+               if (! (flags & (flag_seek_value | flag_done)) && top->type != json_object)
+               {  sprintf (error, "%d:%d: Comment not allowed here", line_and_col);
+                  goto e_failed;
+               }
+
+               if (++ state.ptr == end)
+               {  sprintf (error, "%d:%d: EOF unexpected", line_and_col);
+                  goto e_failed;
+               }
+
+               switch (b = *state.ptr)
+               {
+                  case '/':
+                     flags |= flag_line_comment;
+                     continue;
+
+                  case '*':
+                     flags |= flag_block_comment;
+                     continue;
+
+                  default:
+                     sprintf (error, "%d:%d: Unexpected `%c` in comment opening sequence", line_and_col, b);
+                     goto e_failed;
+               };
+            }
+         }
+
+         if (flags & flag_done)
+         {
+            if (!b)
+               break;
+
+            switch (b)
+            {
+               whitespace:
+                  continue;
+
+               default:
+
+                  sprintf (error, "%d:%d: Trailing garbage: `%c`",
+                           state.cur_line, state.cur_col, b);
+
+                  goto e_failed;
+            };
+         }
+
+         if (flags & flag_seek_value)
+         {
+            switch (b)
+            {
+               whitespace:
+                  continue;
+
+               case ']':
+
+                  if (top && top->type == json_array)
+                     flags = (flags & ~ (flag_need_comma | flag_seek_value)) | flag_next;
+                  else
+                  {  sprintf (error, "%d:%d: Unexpected ]", line_and_col);
+                     goto e_failed;
+                  }
+
+                  break;
+
+               default:
+
+                  if (flags & flag_need_comma)
+                  {
+                     if (b == ',')
+                     {  flags &= ~ flag_need_comma;
+                        continue;
+                     }
+                     else
+                     {
+                        sprintf (error, "%d:%d: Expected , before %c",
+                                 state.cur_line, state.cur_col, b);
+
+                        goto e_failed;
+                     }
+                  }
+
+                  if (flags & flag_need_colon)
+                  {
+                     if (b == ':')
+                     {  flags &= ~ flag_need_colon;
+                        continue;
+                     }
+                     else
+                     { 
+                        sprintf (error, "%d:%d: Expected : before %c",
+                                 state.cur_line, state.cur_col, b);
+
+                        goto e_failed;
+                     }
+                  }
+
+                  flags &= ~ flag_seek_value;
+
+                  switch (b)
+                  {
+                     case '{':
+
+                        if (!new_value (&state, &top, &root, &alloc, json_object))
+                           goto e_alloc_failure;
+
+                        continue;
+
+                     case '[':
+
+                        if (!new_value (&state, &top, &root, &alloc, json_array))
+                           goto e_alloc_failure;
+
+                        flags |= flag_seek_value;
+                        continue;
+
+                     case '"':
+
+                        if (!new_value (&state, &top, &root, &alloc, json_string))
+                           goto e_alloc_failure;
+
+                        flags |= flag_string;
+
+                        string = top->u.string.ptr;
+                        string_length = 0;
+
+                        continue;
+
+                     case 't':
+
+                        if ((end - state.ptr) < 3 || *(++ state.ptr) != 'r' ||
+                            *(++ state.ptr) != 'u' || *(++ state.ptr) != 'e')
+                        {
+                           goto e_unknown_value;
+                        }
+
+                        if (!new_value (&state, &top, &root, &alloc, json_boolean))
+                           goto e_alloc_failure;
+
+                        top->u.boolean = 1;
+
+                        flags |= flag_next;
+                        break;
+
+                     case 'f':
+
+                        if ((end - state.ptr) < 4 || *(++ state.ptr) != 'a' ||
+                            *(++ state.ptr) != 'l' || *(++ state.ptr) != 's' ||
+                            *(++ state.ptr) != 'e')
+                        {
+                           goto e_unknown_value;
+                        }
+
+                        if (!new_value (&state, &top, &root, &alloc, json_boolean))
+                           goto e_alloc_failure;
+
+                        flags |= flag_next;
+                        break;
+
+                     case 'n':
+
+                        if ((end - state.ptr) < 3 || *(++ state.ptr) != 'u' ||
+                            *(++ state.ptr) != 'l' || *(++ state.ptr) != 'l')
+                        {
+                           goto e_unknown_value;
+                        }
+
+                        if (!new_value (&state, &top, &root, &alloc, json_null))
+                           goto e_alloc_failure;
+
+                        flags |= flag_next;
+                        break;
+
+                     default:
+
+                        if (isdigit (b) || b == '-')
+                        {
+                           if (!new_value (&state, &top, &root, &alloc, json_integer))
+                              goto e_alloc_failure;
+
+                           if (!state.first_pass)
+                           {
+                              while (isdigit (b) || b == '+' || b == '-'
+                                        || b == 'e' || b == 'E' || b == '.')
+                              {
+                                 if ( (++ state.ptr) == end)
+                                 {
+                                    b = 0;
+                                    break;
+                                 }
+
+                                 b = *state.ptr;
+                              }
+
+                              flags |= flag_next | flag_reproc;
+                              break;
+                           }
+
+                           flags &= ~ (flag_num_negative | flag_num_e |
+                                        flag_num_e_got_sign | flag_num_e_negative |
+                                           flag_num_zero);
+
+                           num_digits = 0;
+                           num_fraction = 0;
+                           num_e = 0;
+
+                           if (b != '-')
+                           {
+                              flags |= flag_reproc;
+                              break;
+                           }
+
+                           flags |= flag_num_negative;
+                           continue;
+                        }
+                        else
+                        {  sprintf (error, "%d:%d: Unexpected %c when seeking value", line_and_col, b);
+                           goto e_failed;
+                        }
+                  };
+            };
+         }
+         else
+         {
+            switch (top->type)
+            {
+            case json_object:
+               
+               switch (b)
+               {
+                  whitespace:
+                     continue;
+
+                  case '"':
+
+                     if (flags & flag_need_comma)
+                     {  sprintf (error, "%d:%d: Expected , before \"", line_and_col);
+                        goto e_failed;
+                     }
+
+                     flags |= flag_string;
+
+                     string = (json_char *) top->_reserved.object_mem;
+                     string_length = 0;
+
+                     break;
+                  
+                  case '}':
+
+                     flags = (flags & ~ flag_need_comma) | flag_next;
+                     break;
+
+                  case ',':
+
+                     if (flags & flag_need_comma)
+                     {
+                        flags &= ~ flag_need_comma;
+                        break;
+                     }
+
+                  default:
+                     sprintf (error, "%d:%d: Unexpected `%c` in object", line_and_col, b);
+                     goto e_failed;
+               };
+
+               break;
+
+            case json_integer:
+            case json_double:
+
+               if (isdigit (b))
+               {
+                  ++ num_digits;
+
+                  if (top->type == json_integer || flags & flag_num_e)
+                  {
+                     if (! (flags & flag_num_e))
+                     {
+                        if (flags & flag_num_zero)
+                        {  sprintf (error, "%d:%d: Unexpected `0` before `%c`", line_and_col, b);
+                           goto e_failed;
+                        }
+
+                        if (num_digits == 1 && b == '0')
+                           flags |= flag_num_zero;
+                     }
+                     else
+                     {
+                        flags |= flag_num_e_got_sign;
+                        num_e = (num_e * 10) + (b - '0');
+                        continue;
+                     }
+
+                     top->u.integer = (top->u.integer * 10) + (b - '0');
+                     continue;
+                  }
+
+                  num_fraction = (num_fraction * 10) + (b - '0');
+                  continue;
+               }
+
+               if (b == '+' || b == '-')
+               {
+                  if ( (flags & flag_num_e) && !(flags & flag_num_e_got_sign))
+                  {
+                     flags |= flag_num_e_got_sign;
+
+                     if (b == '-')
+                        flags |= flag_num_e_negative;
+
+                     continue;
+                  }
+               }
+               else if (b == '.' && top->type == json_integer)
+               {
+                  if (!num_digits)
+                  {  sprintf (error, "%d:%d: Expected digit before `.`", line_and_col);
+                     goto e_failed;
+                  }
+
+                  top->type = json_double;
+                  top->u.dbl = (double) top->u.integer;
+
+                  num_digits = 0;
+                  continue;
+               }
+
+               if (! (flags & flag_num_e))
+               {
+                  if (top->type == json_double)
+                  {
+                     if (!num_digits)
+                     {  sprintf (error, "%d:%d: Expected digit after `.`", line_and_col);
+                        goto e_failed;
+                     }
+
+                     top->u.dbl += ((double) num_fraction) / (pow (10.0, (double) num_digits));
+                  }
+
+                  if (b == 'e' || b == 'E')
+                  {
+                     flags |= flag_num_e;
+
+                     if (top->type == json_integer)
+                     {
+                        top->type = json_double;
+                        top->u.dbl = (double) top->u.integer;
+                     }
+
+                     num_digits = 0;
+                     flags &= ~ flag_num_zero;
+
+                     continue;
+                  }
+               }
+               else
+               {
+                  if (!num_digits)
+                  {  sprintf (error, "%d:%d: Expected digit after `e`", line_and_col);
+                     goto e_failed;
+                  }
+
+                  top->u.dbl *= pow (10.0, (double)
+                      (flags & flag_num_e_negative ? - num_e : num_e));
+               }
+
+               if (flags & flag_num_negative)
+               {
+                  if (top->type == json_integer)
+                     top->u.integer = - top->u.integer;
+                  else
+                     top->u.dbl = - top->u.dbl;
+               }
+
+               flags |= flag_next | flag_reproc;
+               break;
+
+            default:
+               break;
+            };
+         }
+
+         if (flags & flag_reproc)
+         {
+            flags &= ~ flag_reproc;
+            -- state.ptr;
+         }
+
+         if (flags & flag_next)
+         {
+            flags = (flags & ~ flag_next) | flag_need_comma;
+
+            if (!top->parent)
+            {
+               /* root value done */
+
+               flags |= flag_done;
+               continue;
+            }
+
+            if (top->parent->type == json_array)
+               flags |= flag_seek_value;
+               
+            if (!state.first_pass)
+            {
+               json_value * parent = top->parent;
+
+               switch (parent->type)
+               {
+                  case json_object:
+
+                     parent->u.object.values
+                        [parent->u.object.length].value = top;
+
+                     break;
+
+                  case json_array:
+
+                     parent->u.array.values
+                           [parent->u.array.length] = top;
+
+                     break;
+
+                  default:
+                     break;
+               };
+            }
+
+            if ( (++ top->parent->u.array.length) > state.uint_max)
+               goto e_overflow;
+
+            top = top->parent;
+
+            continue;
+         }
+      }
+
+      alloc = root;
+   }
+
+   return root;
+
+e_unknown_value:
+
+   sprintf (error, "%d:%d: Unknown value", line_and_col);
+   goto e_failed;
+
+e_alloc_failure:
+
+   strcpy (error, "Memory allocation failure");
+   goto e_failed;
+
+e_overflow:
+
+   sprintf (error, "%d:%d: Too long (caught overflow)", line_and_col);
+   goto e_failed;
+
+e_failed:
+
+   if (error_buf)
+   {
+      if (*error)
+         strcpy (error_buf, error);
+      else
+         strcpy (error_buf, "Unknown error");
+   }
+
+   if (state.first_pass)
+      alloc = root;
+
+   while (alloc)
+   {
+      top = alloc->_reserved.next_alloc;
+      state.settings.mem_free (alloc, state.settings.user_data);
+      alloc = top;
+   }
+
+   if (!state.first_pass)
+      json_value_free_ex (&state.settings, root);
+
+   return 0;
+}
+
+json_value * json_parse (const json_char * json, size_t length)
+{
+   json_settings settings = { 0 };
+   return json_parse_ex (&settings, json, length, 0);
+}
+
+void json_value_free_ex (json_settings * settings, json_value * value)
+{
+   json_value * cur_value;
+
+   if (!value)
+      return;
+
+   value->parent = 0;
+
+   while (value)
+   {
+      switch (value->type)
+      {
+         case json_array:
+
+            if (!value->u.array.length)
+            {
+               settings->mem_free (value->u.array.values, settings->user_data);
+               break;
+            }
+
+            value = value->u.array.values [-- value->u.array.length];
+            continue;
+
+         case json_object:
+
+            if (!value->u.object.length)
+            {
+               settings->mem_free (value->u.object.values, settings->user_data);
+               break;
+            }
+
+            value = value->u.object.values [-- value->u.object.length].value;
+            continue;
+
+         case json_string:
+
+            settings->mem_free (value->u.string.ptr, settings->user_data);
+            break;
+
+         default:
+            break;
+      };
+
+      cur_value = value;
+      value = value->parent;
+      settings->mem_free (cur_value, settings->user_data);
+   }
+}
+
+void json_value_free (json_value * value)
+{
+   json_settings settings = { 0 };
+   settings.mem_free = default_free;
+   json_value_free_ex (&settings, value);
+}
+
diff --git a/ext/json-parser/json.h b/ext/json-parser/json.h
new file mode 100644
index 0000000..f6549ec
--- /dev/null
+++ b/ext/json-parser/json.h
@@ -0,0 +1,283 @@
+
+/* vim: set et ts=3 sw=3 sts=3 ft=c:
+ *
+ * Copyright (C) 2012, 2013, 2014 James McLaughlin et al.  All rights reserved.
+ * https://github.com/udp/json-parser
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef _JSON_H
+#define _JSON_H
+
+#ifndef json_char
+   #define json_char char
+#endif
+
+#ifndef json_int_t
+   #ifndef _MSC_VER
+      #include <inttypes.h>
+      #define json_int_t int64_t
+   #else
+      #define json_int_t __int64
+   #endif
+#endif
+
+#include <stdlib.h>
+
+#ifdef __cplusplus
+
+   #include <string.h>
+
+   extern "C"
+   {
+
+#endif
+
+typedef struct
+{
+   unsigned long max_memory;
+   int settings;
+
+   /* Custom allocator support (leave null to use malloc/free)
+    */
+
+   void * (* mem_alloc) (size_t, int zero, void * user_data);
+   void (* mem_free) (void *, void * user_data);
+
+   void * user_data;  /* will be passed to mem_alloc and mem_free */
+
+   size_t value_extra;  /* how much extra space to allocate for values? */
+
+} json_settings;
+
+#define json_enable_comments  0x01
+
+typedef enum
+{
+   json_none,
+   json_object,
+   json_array,
+   json_integer,
+   json_double,
+   json_string,
+   json_boolean,
+   json_null
+
+} json_type;
+
+extern const struct _json_value json_value_none;
+       
+typedef struct _json_object_entry
+{
+    json_char * name;
+    unsigned int name_length;
+    
+    struct _json_value * value;
+    
+} json_object_entry;
+
+typedef struct _json_value
+{
+   struct _json_value * parent;
+
+   json_type type;
+
+   union
+   {
+      int boolean;
+      json_int_t integer;
+      double dbl;
+
+      struct
+      {
+         unsigned int length;
+         json_char * ptr; /* null terminated */
+
+      } string;
+
+      struct
+      {
+         unsigned int length;
+
+         json_object_entry * values;
+
+         #if defined(__cplusplus) && __cplusplus >= 201103L
+         decltype(values) begin () const
+         {  return values;
+         }
+         decltype(values) end () const
+         {  return values + length;
+         }
+         #endif
+
+      } object;
+
+      struct
+      {
+         unsigned int length;
+         struct _json_value ** values;
+
+         #if defined(__cplusplus) && __cplusplus >= 201103L
+         decltype(values) begin () const
+         {  return values;
+         }
+         decltype(values) end () const
+         {  return values + length;
+         }
+         #endif
+
+      } array;
+
+   } u;
+
+   union
+   {
+      struct _json_value * next_alloc;
+      void * object_mem;
+
+   } _reserved;
+
+   #ifdef JSON_TRACK_SOURCE
+
+      /* Location of the value in the source JSON
+       */
+      unsigned int line, col;
+
+   #endif
+
+
+   /* Some C++ operator sugar */
+
+   #ifdef __cplusplus
+
+      public:
+
+         inline _json_value ()
+         {  memset (this, 0, sizeof (_json_value));
+         }
+
+         inline const struct _json_value &operator [] (int index) const
+         {
+            if (type != json_array || index < 0
+                     || ((unsigned int) index) >= u.array.length)
+            {
+               return json_value_none;
+            }
+
+            return *u.array.values [index];
+         }
+
+         inline const struct _json_value &operator [] (const char * index) const
+         { 
+            if (type != json_object)
+               return json_value_none;
+
+            for (unsigned int i = 0; i < u.object.length; ++ i)
+               if (!strcmp (u.object.values [i].name, index))
+                  return *u.object.values [i].value;
+
+            return json_value_none;
+         }
+
+         inline operator const char * () const
+         {  
+            switch (type)
+            {
+               case json_string:
+                  return u.string.ptr;
+
+               default:
+                  return "";
+            };
+         }
+
+         inline operator json_int_t () const
+         {  
+            switch (type)
+            {
+               case json_integer:
+                  return u.integer;
+
+               case json_double:
+                  return (json_int_t) u.dbl;
+
+               default:
+                  return 0;
+            };
+         }
+
+         inline operator bool () const
+         {  
+            if (type != json_boolean)
+               return false;
+
+            return u.boolean != 0;
+         }
+
+         inline operator double () const
+         {  
+            switch (type)
+            {
+               case json_integer:
+                  return (double) u.integer;
+
+               case json_double:
+                  return u.dbl;
+
+               default:
+                  return 0;
+            };
+         }
+
+   #endif
+
+} json_value;
+       
+json_value * json_parse (const json_char * json,
+                         size_t length);
+
+#define json_error_max 128
+json_value * json_parse_ex (json_settings * settings,
+                            const json_char * json,
+                            size_t length,
+                            char * error);
+
+void json_value_free (json_value *);
+
+
+/* Not usually necessary, unless you used a custom mem_alloc and now want to
+ * use a custom mem_free.
+ */
+void json_value_free_ex (json_settings * settings,
+                         json_value *);
+
+
+#ifdef __cplusplus
+   } /* extern "C" */
+#endif
+
+#endif
+
+
diff --git a/ext/json/LICENSE.MIT b/ext/json/LICENSE.MIT
new file mode 100644
index 0000000..e2ac489
--- /dev/null
+++ b/ext/json/LICENSE.MIT
@@ -0,0 +1,22 @@
+The library is licensed under the MIT License 
+<http://opensource.org/licenses/MIT>:
+
+Copyright (c) 2013-2016 Niels Lohmann
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/ext/json/README.md b/ext/json/README.md
new file mode 100644
index 0000000..cb05d74
--- /dev/null
+++ b/ext/json/README.md
@@ -0,0 +1,508 @@
+![JSON for Modern C++](https://raw.githubusercontent.com/nlohmann/json/master/doc/json.gif)
+
+[![Build Status](https://travis-ci.org/nlohmann/json.svg?branch=master)](https://travis-ci.org/nlohmann/json)
+[![Build Status](https://ci.appveyor.com/api/projects/status/1acb366xfyg3qybk?svg=true)](https://ci.appveyor.com/project/nlohmann/json)
+[![Coverage Status](https://img.shields.io/coveralls/nlohmann/json.svg)](https://coveralls.io/r/nlohmann/json)
+[![Coverity Scan Build Status](https://scan.coverity.com/projects/5550/badge.svg)](https://scan.coverity.com/projects/nlohmann-json)
+[![Try online](https://img.shields.io/badge/try-online-blue.svg)](http://melpon.org/wandbox/permlink/wuiuqYiYqRTdI3rG)
+[![Documentation](https://img.shields.io/badge/docs-doxygen-blue.svg)](http://nlohmann.github.io/json)
+[![GitHub license](https://img.shields.io/badge/license-MIT-blue.svg)](https://raw.githubusercontent.com/nlohmann/json/master/LICENSE.MIT)
+[![Github Releases](https://img.shields.io/github/release/nlohmann/json.svg)](https://github.com/nlohmann/json/releases)
+[![Github Issues](https://img.shields.io/github/issues/nlohmann/json.svg)](http://github.com/nlohmann/json/issues)
+
+## Design goals
+
+There are myriads of [JSON](http://json.org) libraries out there, and each may even have its reason to exist. Our class had these design goals:
+
+- **Intuitive syntax**. In languages such as Python, JSON feels like a first class data type. We used all the operator magic of modern C++ to achieve the same feeling in your code. Check out the [examples below](#examples) and you know, what I mean.
+
+- **Trivial integration**. Our whole code consists of a single header file [`json.hpp`](https://github.com/nlohmann/json/blob/develop/src/json.hpp). That's it. No library, no subproject, no dependencies, no complex build system. The class is written in vanilla C++11. All in all, everything should require no adjustment of your compiler flags or project settings.
+
+- **Serious testing**. Our class is heavily [unit-tested](https://github.com/nlohmann/json/blob/master/test/src/unit.cpp) and covers [100%](https://coveralls.io/r/nlohmann/json) of the code, including all exceptional behavior. Furthermore, we checked with [Valgrind](http://valgrind.org) that there are no memory leaks.
+
+Other aspects were not so important to us:
+
+- **Memory efficiency**. Each JSON object has an overhead of one pointer (the maximal size of a union) and one enumeration element (1 byte). The default generalization uses the following C++ data types: `std::string` for strings, `int64_t`, `uint64_t` or `double` for numbers, `std::map` for objects, `std::vector` for arrays, and `bool` for Booleans. However, you can template the generalized class `basic_json` to your needs.
+
+- **Speed**. We currently implement the parser as naive [recursive descent parser](http://en.wikipedia.org/wiki/Recursive_descent_parser) with hand coded string handling. It is fast enough, but a [LALR-parser](http://en.wikipedia.org/wiki/LALR_parser) with a decent regular expression processor should be even faster (but would consist of more files which makes the integration harder).
+
+See the [contribution guidelines](https://github.com/nlohmann/json/blob/master/.github/CONTRIBUTING.md#please-dont) for more information.
+
+
+## Integration
+
+The single required source, file `json.hpp` is in the `src` directory or [released here](https://github.com/nlohmann/json/releases). All you need to do is add
+
+```cpp
+#include "json.hpp"
+
+// for convenience
+using json = nlohmann::json;
+```
+
+to the files you want to use JSON objects. That's it. Do not forget to set the necessary switches to enable C++11 (e.g., `-std=c++11` for GCC and Clang).
+
+:beer: If you are using OS X and [Homebrew](http://brew.sh), just type `brew tap nlohmann/json` and `brew install nlohmann_json` and you're set. If you want the bleeding edge rather than the latest release, use `brew install nlohmann_json --HEAD`.
+
+
+## Examples
+
+Here are some examples to give you an idea how to use the class.
+
+Assume you want to create the JSON object
+
+```json
+{
+  "pi": 3.141,
+  "happy": true,
+  "name": "Niels",
+  "nothing": null,
+  "answer": {
+    "everything": 42
+  },
+  "list": [1, 0, 2],
+  "object": {
+    "currency": "USD",
+    "value": 42.99
+  }
+}
+```
+
+With the JSON class, you could write:
+
+```cpp
+// create an empty structure (null)
+json j;
+
+// add a number that is stored as double (note the implicit conversion of j to an object)
+j["pi"] = 3.141;
+
+// add a Boolean that is stored as bool
+j["happy"] = true;
+
+// add a string that is stored as std::string
+j["name"] = "Niels";
+
+// add another null object by passing nullptr
+j["nothing"] = nullptr;
+
+// add an object inside the object
+j["answer"]["everything"] = 42;
+
+// add an array that is stored as std::vector (using an initializer list)
+j["list"] = { 1, 0, 2 };
+
+// add another object (using an initializer list of pairs)
+j["object"] = { {"currency", "USD"}, {"value", 42.99} };
+
+// instead, you could also write (which looks very similar to the JSON above)
+json j2 = {
+  {"pi", 3.141},
+  {"happy", true},
+  {"name", "Niels"},
+  {"nothing", nullptr},
+  {"answer", {
+    {"everything", 42}
+  }},
+  {"list", {1, 0, 2}},
+  {"object", {
+    {"currency", "USD"},
+    {"value", 42.99}
+  }}
+};
+```
+
+Note that in all these cases, you never need to "tell" the compiler which JSON value you want to use. If you want to be explicit or express some edge cases, the functions `json::array` and `json::object` will help:
+
+```cpp
+// a way to express the empty array []
+json empty_array_explicit = json::array();
+
+// ways to express the empty object {}
+json empty_object_implicit = json({});
+json empty_object_explicit = json::object();
+
+// a way to express an _array_ of key/value pairs [["currency", "USD"], ["value", 42.99]]
+json array_not_object = { json::array({"currency", "USD"}), json::array({"value", 42.99}) };
+```
+
+
+### Serialization / Deserialization
+
+You can create an object (deserialization) by appending `_json` to a string literal:
+
+```cpp
+// create object from string literal
+json j = "{ \"happy\": true, \"pi\": 3.141 }"_json;
+
+// or even nicer with a raw string literal
+auto j2 = R"(
+  {
+    "happy": true,
+    "pi": 3.141
+  }
+)"_json;
+
+// or explicitly
+auto j3 = json::parse("{ \"happy\": true, \"pi\": 3.141 }");
+```
+
+You can also get a string representation (serialize):
+
+```cpp
+// explicit conversion to string
+std::string s = j.dump();    // {\"happy\":true,\"pi\":3.141}
+
+// serialization with pretty printing
+// pass in the amount of spaces to indent
+std::cout << j.dump(4) << std::endl;
+// {
+//     "happy": true,
+//     "pi": 3.141
+// }
+```
+
+You can also use streams to serialize and deserialize:
+
+```cpp
+// deserialize from standard input
+json j;
+std::cin >> j;
+
+// serialize to standard output
+std::cout << j;
+
+// the setw manipulator was overloaded to set the indentation for pretty printing
+std::cout << std::setw(4) << j << std::endl;
+```
+
+These operators work for any subclasses of `std::istream` or `std::ostream`.
+
+Please note that setting the exception bit for `failbit` is inappropriate for this use case. It will result in program termination due to the `noexcept` specifier in use.
+
+
+### STL-like access
+
+We designed the JSON class to behave just like an STL container. In fact, it satisfies the [**ReversibleContainer**](http://en.cppreference.com/w/cpp/concept/ReversibleContainer) requirement.
+
+```cpp
+// create an array using push_back
+json j;
+j.push_back("foo");
+j.push_back(1);
+j.push_back(true);
+
+// iterate the array
+for (json::iterator it = j.begin(); it != j.end(); ++it) {
+  std::cout << *it << '\n';
+}
+
+// range-based for
+for (auto& element : j) {
+  std::cout << element << '\n';
+}
+
+// getter/setter
+const std::string tmp = j[0];
+j[1] = 42;
+bool foo = j.at(2);
+
+// other stuff
+j.size();     // 3 entries
+j.empty();    // false
+j.type();     // json::value_t::array
+j.clear();    // the array is empty again
+
+// convenience type checkers
+j.is_null();
+j.is_boolean();
+j.is_number();
+j.is_object();
+j.is_array();
+j.is_string();
+
+// comparison
+j == "[\"foo\", 1, true]"_json;  // true
+
+// create an object
+json o;
+o["foo"] = 23;
+o["bar"] = false;
+o["baz"] = 3.141;
+
+// special iterator member functions for objects
+for (json::iterator it = o.begin(); it != o.end(); ++it) {
+  std::cout << it.key() << " : " << it.value() << "\n";
+}
+
+// find an entry
+if (o.find("foo") != o.end()) {
+  // there is an entry with key "foo"
+}
+
+// or simpler using count()
+int foo_present = o.count("foo"); // 1
+int fob_present = o.count("fob"); // 0
+
+// delete an entry
+o.erase("foo");
+```
+
+
+### Conversion from STL containers
+
+Any sequence container (`std::array`, `std::vector`, `std::deque`, `std::forward_list`, `std::list`) whose values can be used to construct JSON types (e.g., integers, floating point numbers, Booleans, string types, or again STL containers described in this section) can be used to create a JSON array. The same holds for similar associative containers (`std::set`, `std::multiset`, `std::unordered_set`, `std::unordered_multiset`), but in these cases the order of the elements of the array depends how the elements are ordered in the respective STL container.
+
+```cpp
+std::vector<int> c_vector {1, 2, 3, 4};
+json j_vec(c_vector);
+// [1, 2, 3, 4]
+
+std::deque<double> c_deque {1.2, 2.3, 3.4, 5.6};
+json j_deque(c_deque);
+// [1.2, 2.3, 3.4, 5.6]
+
+std::list<bool> c_list {true, true, false, true};
+json j_list(c_list);
+// [true, true, false, true]
+
+std::forward_list<int64_t> c_flist {12345678909876, 23456789098765, 34567890987654, 45678909876543};
+json j_flist(c_flist);
+// [12345678909876, 23456789098765, 34567890987654, 45678909876543]
+
+std::array<unsigned long, 4> c_array {{1, 2, 3, 4}};
+json j_array(c_array);
+// [1, 2, 3, 4]
+
+std::set<std::string> c_set {"one", "two", "three", "four", "one"};
+json j_set(c_set); // only one entry for "one" is used
+// ["four", "one", "three", "two"]
+
+std::unordered_set<std::string> c_uset {"one", "two", "three", "four", "one"};
+json j_uset(c_uset); // only one entry for "one" is used
+// maybe ["two", "three", "four", "one"]
+
+std::multiset<std::string> c_mset {"one", "two", "one", "four"};
+json j_mset(c_mset); // only one entry for "one" is used
+// maybe ["one", "two", "four"]
+
+std::unordered_multiset<std::string> c_umset {"one", "two", "one", "four"};
+json j_umset(c_umset); // both entries for "one" are used
+// maybe ["one", "two", "one", "four"]
+```
+
+Likewise, any associative key-value containers (`std::map`, `std::multimap`, `std::unordered_map`, `std::unordered_multimap`) whose keys are can construct an `std::string` and whose values can be used to construct JSON types (see examples above) can be used to to create a JSON object. Note that in case of multimaps only one key is used in the JSON object and the value depends on the internal order of the STL container.
+
+```cpp
+std::map<std::string, int> c_map { {"one", 1}, {"two", 2}, {"three", 3} };
+json j_map(c_map);
+// {"one": 1, "three": 3, "two": 2 }
+
+std::unordered_map<const char*, double> c_umap { {"one", 1.2}, {"two", 2.3}, {"three", 3.4} };
+json j_umap(c_umap);
+// {"one": 1.2, "two": 2.3, "three": 3.4}
+
+std::multimap<std::string, bool> c_mmap { {"one", true}, {"two", true}, {"three", false}, {"three", true} };
+json j_mmap(c_mmap); // only one entry for key "three" is used
+// maybe {"one": true, "two": true, "three": true}
+
+std::unordered_multimap<std::string, bool> c_ummap { {"one", true}, {"two", true}, {"three", false}, {"three", true} };
+json j_ummap(c_ummap); // only one entry for key "three" is used
+// maybe {"one": true, "two": true, "three": true}
+```
+
+### JSON Pointer and JSON Patch
+
+The library supports **JSON Pointer** ([RFC 6901](https://tools.ietf.org/html/rfc6901)) as alternative means to address structured values. On top of this, **JSON Patch** ([RFC 6902](https://tools.ietf.org/html/rfc6902)) allows to describe differences between two JSON values - effectively allowing patch and diff operations known from Unix.
+
+```cpp
+// a JSON value
+json j_original = R"({
+  "baz": ["one", "two", "three"],
+  "foo": "bar"
+})"_json;
+
+// access members with a JSON pointer (RFC 6901)
+j_original["/baz/2"_json_pointer];
+// "two"
+
+// a JSON patch (RFC 6902)
+json j_patch = R"([
+  { "op": "replace", "path": "/baz", "value": "boo" },
+  { "op": "add", "path": "/hello", "value": ["world"] },
+  { "op": "remove", "path": "/foo"}
+])"_json;
+
+// apply the patch
+json j_result = j_original.patch(j_patch);
+// {
+//    "baz": "boo",
+//    "hello": ["world"]
+// }
+
+// calculate a JSON patch from two JSON values
+json::diff(j_result, j_original);
+// [
+//   { "op":" replace", "path": "/baz", "value": ["one", "two", "three"] },
+//   { "op":"remove","path":"/hello" },
+//   { "op":"add","path":"/foo","value":"bar" }
+// ]
+```
+
+
+### Implicit conversions
+
+The type of the JSON object is determined automatically by the expression to store. Likewise, the stored value is implicitly converted.
+
+```cpp
+// strings
+std::string s1 = "Hello, world!";
+json js = s1;
+std::string s2 = js;
+
+// Booleans
+bool b1 = true;
+json jb = b1;
+bool b2 = jb;
+
+// numbers
+int i = 42;
+json jn = i;
+double f = jn;
+
+// etc.
+```
+
+You can also explicitly ask for the value:
+
+```cpp
+std::string vs = js.get<std::string>();
+bool vb = jb.get<bool>();
+int vi = jn.get<int>();
+
+// etc.
+```
+
+
+## Supported compilers
+
+Though it's 2016 already, the support for C++11 is still a bit sparse. Currently, the following compilers are known to work:
+
+- GCC 4.9 - 6.0 (and possibly later)
+- Clang 3.4 - 3.9 (and possibly later)
+- Microsoft Visual C++ 2015 / 14.0 (and possibly later)
+
+I would be happy to learn about other compilers/versions.
+
+Please note:
+
+- GCC 4.8 does not work because of two bugs ([55817](https://gcc.gnu.org/bugzilla/show_bug.cgi?id=55817) and [57824](https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57824)) in the C++11 support. Note there is a [pull request](https://github.com/nlohmann/json/pull/212) to fix some of the issues.
+- Android defaults to using very old compilers and C++ libraries. To fix this, add the following to your `Application.mk`. This will switch to the LLVM C++ library, the Clang compiler, and enable C++11 and other features disabled by default.
+ 
+    ```
+    APP_STL := c++_shared
+    NDK_TOOLCHAIN_VERSION := clang3.6
+    APP_CPPFLAGS += -frtti -fexceptions
+    ```
+ 
+    The code compiles successfully with [Android NDK](https://developer.android.com/ndk/index.html?hl=ml), Revision 9 - 11 (and possibly later) and [CrystaX's Android NDK](https://www.crystax.net/en/android/ndk) version 10.
+
+- For GCC running on MinGW or Android SDK, the error `'to_string' is not a member of 'std'` (or similarly, for `strtod`) may occur. Note this is not an issue with the code,  but rather with the compiler itself. On Android, see above to build with a newer environment.  For MinGW, please refer to [this site](http://tehsausage.com/mingw-to-string) and [this discussion](https://github.com/nlohmann/json/issues/136) for information on how to fix this bug. For Android NDK using `APP_STL := gnustl_static`, please refer to [this discussion](https://github.com/nlohmann/json/issues/219).
+
+The following compilers are currently used in continuous integration at [Travis](https://travis-ci.org/nlohmann/json) and [AppVeyor](https://ci.appveyor.com/project/nlohmann/json):
+
+| Compiler        | Operating System             | Version String |
+|-----------------|------------------------------|----------------|
+| GCC 4.9.3       | Ubuntu 14.04.4 LTS           | g++-4.9 (Ubuntu 4.9.3-8ubuntu2~14.04) 4.9.3 |
+| GCC 5.3.0       | Ubuntu 14.04.4 LTS           | g++-5 (Ubuntu 5.3.0-3ubuntu1~14.04) 5.3.0 20151204 |
+| GCC 6.1.1       | Ubuntu 14.04.4 LTS           | g++-6 (Ubuntu 6.1.1-3ubuntu11~14.04.1) 6.1.1 20160511 |
+| Clang 3.8.0     | Ubuntu 14.04.4 LTS           | clang version 3.8.0 (tags/RELEASE_380/final) |
+| Clang Xcode 6.1 | Darwin Kernel Version 13.4.0 (OSX 10.9.5) | Apple LLVM version 6.0 (clang-600.0.54) (based on LLVM 3.5svn) |
+| Clang Xcode 6.2 | Darwin Kernel Version 13.4.0 (OSX 10.9.5) | Apple LLVM version 6.0 (clang-600.0.57) (based on LLVM 3.5svn) |
+| Clang Xcode 6.3 | Darwin Kernel Version 14.3.0 (OSX 10.10.3) | Apple LLVM version 6.1.0 (clang-602.0.49) (based on LLVM 3.6.0svn) |
+| Clang Xcode 6.4 | Darwin Kernel Version 14.3.0 (OSX 10.10.3) | Apple LLVM version 6.1.0 (clang-602.0.53) (based on LLVM 3.6.0svn) |
+| Clang Xcode 7.1 | Darwin Kernel Version 14.5.0 (OSX 10.10.5) | Apple LLVM version 7.0.0 (clang-700.1.76) |
+| Clang Xcode 7.2 | Darwin Kernel Version 15.0.0 (OSX 10.10.5) | Apple LLVM version 7.0.2 (clang-700.1.81) |
+| Clang Xcode 7.3 | Darwin Kernel Version 15.0.0 (OSX 10.10.5) | Apple LLVM version 7.3.0 (clang-703.0.29) |
+| Clang Xcode 8.0 | Darwin Kernel Version 15.5.0 (OSX 10.11.5) | Apple LLVM version 8.0.0 (clang-800.0.24.1) |
+| Visual Studio 14 2015 | Windows Server 2012 R2 (x64) | Microsoft (R) Build Engine version 14.0.25123.0 | 
+
+
+## License
+
+<img align="right" src="http://opensource.org/trademarks/opensource/OSI-Approved-License-100x137.png">
+
+The class is licensed under the [MIT License](http://opensource.org/licenses/MIT):
+
+Copyright &copy; 2013-2016 [Niels Lohmann](http://nlohmann.me)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
+## Thanks
+
+I deeply appreciate the help of the following people.
+
+- [Teemperor](https://github.com/Teemperor) implemented CMake support and lcov integration, realized escape and Unicode handling in the string parser, and fixed the JSON serialization.
+- [elliotgoodrich](https://github.com/elliotgoodrich) fixed an issue with double deletion in the iterator classes.
+- [kirkshoop](https://github.com/kirkshoop) made the iterators of the class composable to other libraries.
+- [wancw](https://github.com/wanwc) fixed a bug that hindered the class to compile with Clang.
+- Tomas Åblad found a bug in the iterator implementation.
+- [Joshua C. Randall](https://github.com/jrandall) fixed a bug in the floating-point serialization.
+- [Aaron Burghardt](https://github.com/aburgh) implemented code to parse streams incrementally. Furthermore, he greatly improved the parser class by allowing the definition of a filter function to discard undesired elements while parsing.
+- [Daniel Kopeček](https://github.com/dkopecek) fixed a bug in the compilation with GCC 5.0.
+- [Florian Weber](https://github.com/Florianjw) fixed a bug in and improved the performance of the comparison operators.
+- [Eric Cornelius](https://github.com/EricMCornelius) pointed out a bug in the handling with NaN and infinity values. He also improved the performance of the string escaping.
+- [易思龙](https://github.com/likebeta) implemented a conversion from anonymous enums.
+- [kepkin](https://github.com/kepkin) patiently pushed forward the support for Microsoft Visual studio.
+- [gregmarr](https://github.com/gregmarr) simplified the implementation of reverse iterators and helped with numerous hints and improvements.
+- [Caio Luppi](https://github.com/caiovlp) fixed a bug in the Unicode handling.
+- [dariomt](https://github.com/dariomt) fixed some typos in the examples.
+- [Daniel Frey](https://github.com/d-frey) cleaned up some pointers and implemented exception-safe memory allocation.
+- [Colin Hirsch](https://github.com/ColinH) took care of a small namespace issue.
+- [Huu Nguyen](https://github.com/whoshuu) correct a variable name in the documentation.
+- [Silverweed](https://github.com/silverweed) overloaded `parse()` to accept an rvalue reference.
+- [dariomt](https://github.com/dariomt) fixed a subtlety in MSVC type support and implemented the `get_ref()` function to get a reference to stored values.
+- [ZahlGraf](https://github.com/ZahlGraf) added a workaround that allows compilation using Android NDK.
+- [whackashoe](https://github.com/whackashoe) replaced a function that was marked as unsafe by Visual Studio.
+- [406345](https://github.com/406345) fixed two small warnings.
+- [Glen Fernandes](https://github.com/glenfe) noted a potential portability problem in the `has_mapped_type` function.
+- [Corbin Hughes](https://github.com/nibroc) fixed some typos in the contribution guidelines.
+- [twelsby](https://github.com/twelsby) fixed the array subscript operator, an issue that failed the MSVC build, and floating-point parsing/dumping. He further added support for unsigned integer numbers and implemented better roundtrip support for parsed numbers.
+- [Volker Diels-Grabsch](https://github.com/vog) fixed a link in the README file.
+- [msm-](https://github.com/msm-) added support for american fuzzy lop. 
+- [Annihil](https://github.com/Annihil) fixed an example in the README file.
+- [Themercee](https://github.com/Themercee) noted a wrong URL in the README file.
+- [Lv Zheng](https://github.com/lv-zheng) fixed a namespace issue with `int64_t` and `uint64_t`.
+- [abc100m](https://github.com/abc100m) analyzed the issues with GCC 4.8 and proposed a [partial solution](https://github.com/nlohmann/json/pull/212).
+- [zewt](https://github.com/zewt) added useful notes to the README file about Android.
+- [Róbert Márki](https://github.com/robertmrk) added a fix to use move iterators and improved the integration via CMake.
+- [Chris Kitching](https://github.com/ChrisKitching) cleaned up the CMake files.
+- [Tom Needham](https://github.com/06needhamt) fixed a subtle bug with MSVC 2015 which was also proposed by [Michael K.](https://github.com/Epidal).
+
+Thanks a lot for helping out!
+
+
+## Notes
+
+- The code contains numerous debug **assertions** which can be switched off by defining the preprocessor macro `NDEBUG`, see the [documentation of `assert`](http://en.cppreference.com/w/cpp/error/assert).
+- As the exact type of a number is not defined in the [JSON specification](http://rfc7159.net/rfc7159), this library tries to choose the best fitting C++ number type automatically. As a result, the type `double` may be used to store numbers which may yield [**floating-point exceptions**](https://github.com/nlohmann/json/issues/181) in certain rare situations if floating-point exceptions have been unmasked in the calling code. These exceptions are not caused by the library and need to be fixed in the calling code, such as by re-masking the exceptions prior to calling library functions.
+
+
+## Execute unit tests
+
+To compile and run the tests, you need to execute
+
+```sh
+$ make
+$ ./json_unit "*"
+
+===============================================================================
+All tests passed (5568721 assertions in 32 test cases)
+```
+
+For more information, have a look at the file [.travis.yml](https://github.com/nlohmann/json/blob/master/.travis.yml).
diff --git a/ext/json/json.hpp b/ext/json/json.hpp
new file mode 100644
index 0000000..9d6687d
--- /dev/null
+++ b/ext/json/json.hpp
@@ -0,0 +1,10183 @@
+/*
+    __ _____ _____ _____
+ __|  |   __|     |   | |  JSON for Modern C++
+|  |  |__   |  |  | | | |  version 2.0.0
+|_____|_____|_____|_|___|  https://github.com/nlohmann/json
+
+Licensed under the MIT License <http://opensource.org/licenses/MIT>.
+Copyright (c) 2013-2016 Niels Lohmann <http://nlohmann.me>.
+
+Permission is hereby  granted, free of charge, to any  person obtaining a copy
+of this software and associated  documentation files (the "Software"), to deal
+in the Software  without restriction, including without  limitation the rights
+to  use, copy,  modify, merge,  publish, distribute,  sublicense, and/or  sell
+copies  of  the Software,  and  to  permit persons  to  whom  the Software  is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE  IS PROVIDED "AS  IS", WITHOUT WARRANTY  OF ANY KIND,  EXPRESS OR
+IMPLIED,  INCLUDING BUT  NOT  LIMITED TO  THE  WARRANTIES OF  MERCHANTABILITY,
+FITNESS FOR  A PARTICULAR PURPOSE AND  NONINFRINGEMENT. IN NO EVENT  SHALL THE
+AUTHORS  OR COPYRIGHT  HOLDERS  BE  LIABLE FOR  ANY  CLAIM,  DAMAGES OR  OTHER
+LIABILITY, WHETHER IN AN ACTION OF  CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE  OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+*/
+
+#ifndef NLOHMANN_JSON_HPP
+#define NLOHMANN_JSON_HPP
+
+#include <algorithm>
+#include <array>
+#include <cassert>
+#include <cerrno>
+#include <ciso646>
+#include <cmath>
+#include <cstddef>
+#include <cstdio>
+#include <cstdlib>
+#include <functional>
+#include <initializer_list>
+#include <iomanip>
+#include <iostream>
+#include <iterator>
+#include <limits>
+#include <map>
+#include <memory>
+#include <sstream>
+#include <stdexcept>
+#include <string>
+#include <type_traits>
+#include <utility>
+#include <vector>
+
+// disable float-equal warnings on GCC/clang
+#if defined(__clang__) || defined(__GNUC__) || defined(__GNUG__)
+    #pragma GCC diagnostic push
+    #pragma GCC diagnostic ignored "-Wfloat-equal"
+#endif
+
+/*!
+@brief namespace for Niels Lohmann
+@see https://github.com/nlohmann
+@since version 1.0.0
+*/
+namespace nlohmann
+{
+
+
+/*!
+@brief unnamed namespace with internal helper functions
+@since version 1.0.0
+*/
+namespace
+{
+/*!
+@brief Helper to determine whether there's a key_type for T.
+@sa http://stackoverflow.com/a/7728728/266378
+*/
+template<typename T>
+struct has_mapped_type
+{
+  private:
+    template<typename C> static char test(typename C::mapped_type*);
+    template<typename C> static char (&test(...))[2];
+  public:
+    static constexpr bool value = sizeof(test<T>(0)) == 1;
+};
+
+/*!
+@brief helper class to create locales with decimal point
+@sa https://github.com/nlohmann/json/issues/51#issuecomment-86869315
+*/
+class DecimalSeparator : public std::numpunct<char>
+{
+  protected:
+    char do_decimal_point() const
+    {
+        return '.';
+    }
+};
+
+}
+
+/*!
+@brief a class to store JSON values
+
+@tparam ObjectType type for JSON objects (`std::map` by default; will be used
+in @ref object_t)
+@tparam ArrayType type for JSON arrays (`std::vector` by default; will be used
+in @ref array_t)
+@tparam StringType type for JSON strings and object keys (`std::string` by
+default; will be used in @ref string_t)
+@tparam BooleanType type for JSON booleans (`bool` by default; will be used
+in @ref boolean_t)
+@tparam NumberIntegerType type for JSON integer numbers (`int64_t` by
+default; will be used in @ref number_integer_t)
+@tparam NumberUnsignedType type for JSON unsigned integer numbers (@c
+`uint64_t` by default; will be used in @ref number_unsigned_t)
+@tparam NumberFloatType type for JSON floating-point numbers (`double` by
+default; will be used in @ref number_float_t)
+@tparam AllocatorType type of the allocator to use (`std::allocator` by
+default)
+
+@requirement The class satisfies the following concept requirements:
+- Basic
+ - [DefaultConstructible](http://en.cppreference.com/w/cpp/concept/DefaultConstructible):
+   JSON values can be default constructed. The result will be a JSON null value.
+ - [MoveConstructible](http://en.cppreference.com/w/cpp/concept/MoveConstructible):
+   A JSON value can be constructed from an rvalue argument.
+ - [CopyConstructible](http://en.cppreference.com/w/cpp/concept/CopyConstructible):
+   A JSON value can be copy-constructed from an lvalue expression.
+ - [MoveAssignable](http://en.cppreference.com/w/cpp/concept/MoveAssignable):
+   A JSON value van be assigned from an rvalue argument.
+ - [CopyAssignable](http://en.cppreference.com/w/cpp/concept/CopyAssignable):
+   A JSON value can be copy-assigned from an lvalue expression.
+ - [Destructible](http://en.cppreference.com/w/cpp/concept/Destructible):
+   JSON values can be destructed.
+- Layout
+ - [StandardLayoutType](http://en.cppreference.com/w/cpp/concept/StandardLayoutType):
+   JSON values have
+   [standard layout](http://en.cppreference.com/w/cpp/language/data_members#Standard_layout):
+   All non-static data members are private and standard layout types, the class
+   has no virtual functions or (virtual) base classes.
+- Library-wide
+ - [EqualityComparable](http://en.cppreference.com/w/cpp/concept/EqualityComparable):
+   JSON values can be compared with `==`, see @ref
+   operator==(const_reference,const_reference).
+ - [LessThanComparable](http://en.cppreference.com/w/cpp/concept/LessThanComparable):
+   JSON values can be compared with `<`, see @ref
+   operator<(const_reference,const_reference).
+ - [Swappable](http://en.cppreference.com/w/cpp/concept/Swappable):
+   Any JSON lvalue or rvalue of can be swapped with any lvalue or rvalue of
+   other compatible types, using unqualified function call @ref swap().
+ - [NullablePointer](http://en.cppreference.com/w/cpp/concept/NullablePointer):
+   JSON values can be compared against `std::nullptr_t` objects which are used
+   to model the `null` value.
+- Container
+ - [Container](http://en.cppreference.com/w/cpp/concept/Container):
+   JSON values can be used like STL containers and provide iterator access.
+ - [ReversibleContainer](http://en.cppreference.com/w/cpp/concept/ReversibleContainer);
+   JSON values can be used like STL containers and provide reverse iterator
+   access.
+
+@internal
+@note ObjectType trick from http://stackoverflow.com/a/9860911
+@endinternal
+
+@see [RFC 7159: The JavaScript Object Notation (JSON) Data Interchange
+Format](http://rfc7159.net/rfc7159)
+
+@since version 1.0.0
+
+@nosubgrouping
+*/
+template <
+    template<typename U, typename V, typename... Args> class ObjectType = std::map,
+    template<typename U, typename... Args> class ArrayType = std::vector,
+    class StringType = std::string,
+    class BooleanType = bool,
+    class NumberIntegerType = std::int64_t,
+    class NumberUnsignedType = std::uint64_t,
+    class NumberFloatType = double,
+    template<typename U> class AllocatorType = std::allocator
+    >
+class basic_json
+{
+  private:
+    /// workaround type for MSVC
+    using basic_json_t = basic_json<ObjectType,
+          ArrayType,
+          StringType,
+          BooleanType,
+          NumberIntegerType,
+          NumberUnsignedType,
+          NumberFloatType,
+          AllocatorType>;
+
+  public:
+    // forward declarations
+    template<typename Base> class json_reverse_iterator;
+    class json_pointer;
+
+    /////////////////////
+    // container types //
+    /////////////////////
+
+    /// @name container types
+    /// @{
+
+    /// the type of elements in a basic_json container
+    using value_type = basic_json;
+
+    /// the type of an element reference
+    using reference = value_type&;
+    /// the type of an element const reference
+    using const_reference = const value_type&;
+
+    /// a type to represent differences between iterators
+    using difference_type = std::ptrdiff_t;
+    /// a type to represent container sizes
+    using size_type = std::size_t;
+
+    /// the allocator type
+    using allocator_type = AllocatorType<basic_json>;
+
+    /// the type of an element pointer
+    using pointer = typename std::allocator_traits<allocator_type>::pointer;
+    /// the type of an element const pointer
+    using const_pointer = typename std::allocator_traits<allocator_type>::const_pointer;
+
+    /// an iterator for a basic_json container
+    class iterator;
+    /// a const iterator for a basic_json container
+    class const_iterator;
+    /// a reverse iterator for a basic_json container
+    using reverse_iterator = json_reverse_iterator<typename basic_json::iterator>;
+    /// a const reverse iterator for a basic_json container
+    using const_reverse_iterator = json_reverse_iterator<typename basic_json::const_iterator>;
+
+    /// @}
+
+
+    /*!
+    @brief returns the allocator associated with the container
+    */
+    static allocator_type get_allocator()
+    {
+        return allocator_type();
+    }
+
+
+    ///////////////////////////
+    // JSON value data types //
+    ///////////////////////////
+
+    /// @name JSON value data types
+    /// @{
+
+    /*!
+    @brief a type for an object
+
+    [RFC 7159](http://rfc7159.net/rfc7159) describes JSON objects as follows:
+    > An object is an unordered collection of zero or more name/value pairs,
+    > where a name is a string and a value is a string, number, boolean, null,
+    > object, or array.
+
+    To store objects in C++, a type is defined by the template parameters
+    described below.
+
+    @tparam ObjectType  the container to store objects (e.g., `std::map` or
+    `std::unordered_map`)
+    @tparam StringType the type of the keys or names (e.g., `std::string`).
+    The comparison function `std::less<StringType>` is used to order elements
+    inside the container.
+    @tparam AllocatorType the allocator to use for objects (e.g.,
+    `std::allocator`)
+
+    #### Default type
+
+    With the default values for @a ObjectType (`std::map`), @a StringType
+    (`std::string`), and @a AllocatorType (`std::allocator`), the default
+    value for @a object_t is:
+
+    @code {.cpp}
+    std::map<
+      std::string, // key_type
+      basic_json, // value_type
+      std::less<std::string>, // key_compare
+      std::allocator<std::pair<const std::string, basic_json>> // allocator_type
+    >
+    @endcode
+
+    #### Behavior
+
+    The choice of @a object_t influences the behavior of the JSON class. With
+    the default type, objects have the following behavior:
+
+    - When all names are unique, objects will be interoperable in the sense
+      that all software implementations receiving that object will agree on
+      the name-value mappings.
+    - When the names within an object are not unique, later stored name/value
+      pairs overwrite previously stored name/value pairs, leaving the used
+      names unique. For instance, `{"key": 1}` and `{"key": 2, "key": 1}` will
+      be treated as equal and both stored as `{"key": 1}`.
+    - Internally, name/value pairs are stored in lexicographical order of the
+      names. Objects will also be serialized (see @ref dump) in this order.
+      For instance, `{"b": 1, "a": 2}` and `{"a": 2, "b": 1}` will be stored
+      and serialized as `{"a": 2, "b": 1}`.
+    - When comparing objects, the order of the name/value pairs is irrelevant.
+      This makes objects interoperable in the sense that they will not be
+      affected by these differences. For instance, `{"b": 1, "a": 2}` and
+      `{"a": 2, "b": 1}` will be treated as equal.
+
+    #### Limits
+
+    [RFC 7159](http://rfc7159.net/rfc7159) specifies:
+    > An implementation may set limits on the maximum depth of nesting.
+
+    In this class, the object's limit of nesting is not constraint explicitly.
+    However, a maximum depth of nesting may be introduced by the compiler or
+    runtime environment. A theoretical limit can be queried by calling the
+    @ref max_size function of a JSON object.
+
+    #### Storage
+
+    Objects are stored as pointers in a @ref basic_json type. That is, for any
+    access to object values, a pointer of type `object_t*` must be
+    dereferenced.
+
+    @sa @ref array_t -- type for an array value
+
+    @since version 1.0.0
+
+    @note The order name/value pairs are added to the object is *not*
+    preserved by the library. Therefore, iterating an object may return
+    name/value pairs in a different order than they were originally stored. In
+    fact, keys will be traversed in alphabetical order as `std::map` with
+    `std::less` is used by default. Please note this behavior conforms to [RFC
+    7159](http://rfc7159.net/rfc7159), because any order implements the
+    specified "unordered" nature of JSON objects.
+    */
+    using object_t = ObjectType<StringType,
+          basic_json,
+          std::less<StringType>,
+          AllocatorType<std::pair<const StringType,
+          basic_json>>>;
+
+    /*!
+    @brief a type for an array
+
+    [RFC 7159](http://rfc7159.net/rfc7159) describes JSON arrays as follows:
+    > An array is an ordered sequence of zero or more values.
+
+    To store objects in C++, a type is defined by the template parameters
+    explained below.
+
+    @tparam ArrayType  container type to store arrays (e.g., `std::vector` or
+    `std::list`)
+    @tparam AllocatorType  allocator to use for arrays (e.g., `std::allocator`)
+
+    #### Default type
+
+    With the default values for @a ArrayType (`std::vector`) and @a
+    AllocatorType (`std::allocator`), the default value for @a array_t is:
+
+    @code {.cpp}
+    std::vector<
+      basic_json, // value_type
+      std::allocator<basic_json> // allocator_type
+    >
+    @endcode
+
+    #### Limits
+
+    [RFC 7159](http://rfc7159.net/rfc7159) specifies:
+    > An implementation may set limits on the maximum depth of nesting.
+
+    In this class, the array's limit of nesting is not constraint explicitly.
+    However, a maximum depth of nesting may be introduced by the compiler or
+    runtime environment. A theoretical limit can be queried by calling the
+    @ref max_size function of a JSON array.
+
+    #### Storage
+
+    Arrays are stored as pointers in a @ref basic_json type. That is, for any
+    access to array values, a pointer of type `array_t*` must be dereferenced.
+
+    @sa @ref object_t -- type for an object value
+
+    @since version 1.0.0
+    */
+    using array_t = ArrayType<basic_json, AllocatorType<basic_json>>;
+
+    /*!
+    @brief a type for a string
+
+    [RFC 7159](http://rfc7159.net/rfc7159) describes JSON strings as follows:
+    > A string is a sequence of zero or more Unicode characters.
+
+    To store objects in C++, a type is defined by the template parameter
+    described below. Unicode values are split by the JSON class into
+    byte-sized characters during deserialization.
+
+    @tparam StringType  the container to store strings (e.g., `std::string`).
+    Note this container is used for keys/names in objects, see @ref object_t.
+
+    #### Default type
+
+    With the default values for @a StringType (`std::string`), the default
+    value for @a string_t is:
+
+    @code {.cpp}
+    std::string
+    @endcode
+
+    #### String comparison
+
+    [RFC 7159](http://rfc7159.net/rfc7159) states:
+    > Software implementations are typically required to test names of object
+    > members for equality. Implementations that transform the textual
+    > representation into sequences of Unicode code units and then perform the
+    > comparison numerically, code unit by code unit, are interoperable in the
+    > sense that implementations will agree in all cases on equality or
+    > inequality of two strings. For example, implementations that compare
+    > strings with escaped characters unconverted may incorrectly find that
+    > `"a\\b"` and `"a\u005Cb"` are not equal.
+
+    This implementation is interoperable as it does compare strings code unit
+    by code unit.
+
+    #### Storage
+
+    String values are stored as pointers in a @ref basic_json type. That is,
+    for any access to string values, a pointer of type `string_t*` must be
+    dereferenced.
+
+    @since version 1.0.0
+    */
+    using string_t = StringType;
+
+    /*!
+    @brief a type for a boolean
+
+    [RFC 7159](http://rfc7159.net/rfc7159) implicitly describes a boolean as a
+    type which differentiates the two literals `true` and `false`.
+
+    To store objects in C++, a type is defined by the template parameter @a
+    BooleanType which chooses the type to use.
+
+    #### Default type
+
+    With the default values for @a BooleanType (`bool`), the default value for
+    @a boolean_t is:
+
+    @code {.cpp}
+    bool
+    @endcode
+
+    #### Storage
+
+    Boolean values are stored directly inside a @ref basic_json type.
+
+    @since version 1.0.0
+    */
+    using boolean_t = BooleanType;
+
+    /*!
+    @brief a type for a number (integer)
+
+    [RFC 7159](http://rfc7159.net/rfc7159) describes numbers as follows:
+    > The representation of numbers is similar to that used in most
+    > programming languages. A number is represented in base 10 using decimal
+    > digits. It contains an integer component that may be prefixed with an
+    > optional minus sign, which may be followed by a fraction part and/or an
+    > exponent part. Leading zeros are not allowed. (...) Numeric values that
+    > cannot be represented in the grammar below (such as Infinity and NaN)
+    > are not permitted.
+
+    This description includes both integer and floating-point numbers.
+    However, C++ allows more precise storage if it is known whether the number
+    is a signed integer, an unsigned integer or a floating-point number.
+    Therefore, three different types, @ref number_integer_t, @ref
+    number_unsigned_t and @ref number_float_t are used.
+
+    To store integer numbers in C++, a type is defined by the template
+    parameter @a NumberIntegerType which chooses the type to use.
+
+    #### Default type
+
+    With the default values for @a NumberIntegerType (`int64_t`), the default
+    value for @a number_integer_t is:
+
+    @code {.cpp}
+    int64_t
+    @endcode
+
+    #### Default behavior
+
+    - The restrictions about leading zeros is not enforced in C++. Instead,
+      leading zeros in integer literals lead to an interpretation as octal
+      number. Internally, the value will be stored as decimal number. For
+      instance, the C++ integer literal `010` will be serialized to `8`.
+      During deserialization, leading zeros yield an error.
+    - Not-a-number (NaN) values will be serialized to `null`.
+
+    #### Limits
+
+    [RFC 7159](http://rfc7159.net/rfc7159) specifies:
+    > An implementation may set limits on the range and precision of numbers.
+
+    When the default type is used, the maximal integer number that can be
+    stored is `9223372036854775807` (INT64_MAX) and the minimal integer number
+    that can be stored is `-9223372036854775808` (INT64_MIN). Integer numbers
+    that are out of range will yield over/underflow when used in a
+    constructor. During deserialization, too large or small integer numbers
+    will be automatically be stored as @ref number_unsigned_t or @ref
+    number_float_t.
+
+    [RFC 7159](http://rfc7159.net/rfc7159) further states:
+    > Note that when such software is used, numbers that are integers and are
+    > in the range \f$[-2^{53}+1, 2^{53}-1]\f$ are interoperable in the sense
+    > that implementations will agree exactly on their numeric values.
+
+    As this range is a subrange of the exactly supported range [INT64_MIN,
+    INT64_MAX], this class's integer type is interoperable.
+
+    #### Storage
+
+    Integer number values are stored directly inside a @ref basic_json type.
+
+    @sa @ref number_float_t -- type for number values (floating-point)
+
+    @sa @ref number_unsigned_t -- type for number values (unsigned integer)
+
+    @since version 1.0.0
+    */
+    using number_integer_t = NumberIntegerType;
+
+    /*!
+    @brief a type for a number (unsigned)
+
+    [RFC 7159](http://rfc7159.net/rfc7159) describes numbers as follows:
+    > The representation of numbers is similar to that used in most
+    > programming languages. A number is represented in base 10 using decimal
+    > digits. It contains an integer component that may be prefixed with an
+    > optional minus sign, which may be followed by a fraction part and/or an
+    > exponent part. Leading zeros are not allowed. (...) Numeric values that
+    > cannot be represented in the grammar below (such as Infinity and NaN)
+    > are not permitted.
+
+    This description includes both integer and floating-point numbers.
+    However, C++ allows more precise storage if it is known whether the number
+    is a signed integer, an unsigned integer or a floating-point number.
+    Therefore, three different types, @ref number_integer_t, @ref
+    number_unsigned_t and @ref number_float_t are used.
+
+    To store unsigned integer numbers in C++, a type is defined by the
+    template parameter @a NumberUnsignedType which chooses the type to use.
+
+    #### Default type
+
+    With the default values for @a NumberUnsignedType (`uint64_t`), the
+    default value for @a number_unsigned_t is:
+
+    @code {.cpp}
+    uint64_t
+    @endcode
+
+    #### Default behavior
+
+    - The restrictions about leading zeros is not enforced in C++. Instead,
+      leading zeros in integer literals lead to an interpretation as octal
+      number. Internally, the value will be stored as decimal number. For
+      instance, the C++ integer literal `010` will be serialized to `8`.
+      During deserialization, leading zeros yield an error.
+    - Not-a-number (NaN) values will be serialized to `null`.
+
+    #### Limits
+
+    [RFC 7159](http://rfc7159.net/rfc7159) specifies:
+    > An implementation may set limits on the range and precision of numbers.
+
+    When the default type is used, the maximal integer number that can be
+    stored is `18446744073709551615` (UINT64_MAX) and the minimal integer
+    number that can be stored is `0`. Integer numbers that are out of range
+    will yield over/underflow when used in a constructor. During
+    deserialization, too large or small integer numbers will be automatically
+    be stored as @ref number_integer_t or @ref number_float_t.
+
+    [RFC 7159](http://rfc7159.net/rfc7159) further states:
+    > Note that when such software is used, numbers that are integers and are
+    > in the range \f$[-2^{53}+1, 2^{53}-1]\f$ are interoperable in the sense
+    > that implementations will agree exactly on their numeric values.
+
+    As this range is a subrange (when considered in conjunction with the
+    number_integer_t type) of the exactly supported range [0, UINT64_MAX], this
+    class's integer type is interoperable.
+
+    #### Storage
+
+    Integer number values are stored directly inside a @ref basic_json type.
+
+    @sa @ref number_float_t -- type for number values (floating-point)
+
+    @sa @ref number_integer_t -- type for number values (integer)
+
+    @since version 2.0.0
+    */
+    using number_unsigned_t = NumberUnsignedType;
+
+    /*!
+    @brief a type for a number (floating-point)
+
+    [RFC 7159](http://rfc7159.net/rfc7159) describes numbers as follows:
+    > The representation of numbers is similar to that used in most
+    > programming languages. A number is represented in base 10 using decimal
+    > digits. It contains an integer component that may be prefixed with an
+    > optional minus sign, which may be followed by a fraction part and/or an
+    > exponent part. Leading zeros are not allowed. (...) Numeric values that
+    > cannot be represented in the grammar below (such as Infinity and NaN)
+    > are not permitted.
+
+    This description includes both integer and floating-point numbers.
+    However, C++ allows more precise storage if it is known whether the number
+    is a signed integer, an unsigned integer or a floating-point number.
+    Therefore, three different types, @ref number_integer_t, @ref
+    number_unsigned_t and @ref number_float_t are used.
+
+    To store floating-point numbers in C++, a type is defined by the template
+    parameter @a NumberFloatType which chooses the type to use.
+
+    #### Default type
+
+    With the default values for @a NumberFloatType (`double`), the default
+    value for @a number_float_t is:
+
+    @code {.cpp}
+    double
+    @endcode
+
+    #### Default behavior
+
+    - The restrictions about leading zeros is not enforced in C++. Instead,
+      leading zeros in floating-point literals will be ignored. Internally,
+      the value will be stored as decimal number. For instance, the C++
+      floating-point literal `01.2` will be serialized to `1.2`. During
+      deserialization, leading zeros yield an error.
+    - Not-a-number (NaN) values will be serialized to `null`.
+
+    #### Limits
+
+    [RFC 7159](http://rfc7159.net/rfc7159) states:
+    > This specification allows implementations to set limits on the range and
+    > precision of numbers accepted. Since software that implements IEEE
+    > 754-2008 binary64 (double precision) numbers is generally available and
+    > widely used, good interoperability can be achieved by implementations
+    > that expect no more precision or range than these provide, in the sense
+    > that implementations will approximate JSON numbers within the expected
+    > precision.
+
+    This implementation does exactly follow this approach, as it uses double
+    precision floating-point numbers. Note values smaller than
+    `-1.79769313486232e+308` and values greater than `1.79769313486232e+308`
+    will be stored as NaN internally and be serialized to `null`.
+
+    #### Storage
+
+    Floating-point number values are stored directly inside a @ref basic_json
+    type.
+
+    @sa @ref number_integer_t -- type for number values (integer)
+
+    @sa @ref number_unsigned_t -- type for number values (unsigned integer)
+
+    @since version 1.0.0
+    */
+    using number_float_t = NumberFloatType;
+
+    /// @}
+
+
+    ///////////////////////////
+    // JSON type enumeration //
+    ///////////////////////////
+
+    /*!
+    @brief the JSON type enumeration
+
+    This enumeration collects the different JSON types. It is internally used
+    to distinguish the stored values, and the functions @ref is_null(), @ref
+    is_object(), @ref is_array(), @ref is_string(), @ref is_boolean(), @ref
+    is_number(), and @ref is_discarded() rely on it.
+
+    @since version 1.0.0
+    */
+    enum class value_t : uint8_t
+    {
+        null,            ///< null value
+        object,          ///< object (unordered set of name/value pairs)
+        array,           ///< array (ordered collection of values)
+        string,          ///< string value
+        boolean,         ///< boolean value
+        number_integer,  ///< number value (integer)
+        number_unsigned, ///< number value (unsigned integer)
+        number_float,    ///< number value (floating-point)
+        discarded        ///< discarded by the the parser callback function
+    };
+
+
+  private:
+
+    /*!
+    @brief a type to hold JSON type information
+
+    This bitfield type holds information about JSON types. It is internally
+    used to hold the basic JSON type enumeration, as well as additional
+    information in the case of values that have been parsed from a string
+    including whether of not it was created directly or parsed, and in the
+    case of floating point numbers the number of significant figures in the
+    original representaiton and if it was in exponential form, if a '+' was
+    included in the exponent and the capitilization of the exponent marker.
+    The sole purpose of this information is to permit accurate round trips.
+
+    @since version 2.0.0
+    */
+    union type_data_t
+    {
+        struct
+        {
+            /// the type of the value (@ref value_t)
+            uint16_t type : 4;
+            /// whether the number was parsed from a string
+            uint16_t parsed : 1;
+            /// whether parsed number contained an exponent ('e'/'E')
+            uint16_t has_exp : 1;
+            /// whether parsed number contained a plus in the exponent
+            uint16_t exp_plus : 1;
+            /// whether parsed number's exponent was capitalized ('E')
+            uint16_t exp_cap : 1;
+            /// the number of figures for a parsed number
+            uint16_t precision : 8;
+        } bits;
+        uint16_t data;
+
+        /// return the type as value_t
+        operator value_t() const
+        {
+            return static_cast<value_t>(bits.type);
+        }
+
+        /// test type for equality (ignore other fields)
+        bool operator==(const value_t& rhs) const
+        {
+            return static_cast<value_t>(bits.type) == rhs;
+        }
+
+        /// assignment
+        type_data_t& operator=(value_t rhs)
+        {
+            bits.type = static_cast<uint16_t>(rhs) & 15; // avoid overflow
+            return *this;
+        }
+
+        /// construct from value_t
+        type_data_t(value_t t) noexcept
+        {
+            *reinterpret_cast<uint16_t*>(this) = 0;
+            bits.type = static_cast<uint16_t>(t) & 15; // avoid overflow
+        }
+
+        /// default constructor
+        type_data_t() noexcept
+        {
+            data = 0;
+            bits.type = reinterpret_cast<uint16_t>(value_t::null);
+        }
+    };
+
+    /// helper for exception-safe object creation
+    template<typename T, typename... Args>
+    static T* create(Args&& ... args)
+    {
+        AllocatorType<T> alloc;
+        auto deleter = [&](T * object)
+        {
+            alloc.deallocate(object, 1);
+        };
+        std::unique_ptr<T, decltype(deleter)> object(alloc.allocate(1), deleter);
+        alloc.construct(object.get(), std::forward<Args>(args)...);
+        return object.release();
+    }
+
+    ////////////////////////
+    // JSON value storage //
+    ////////////////////////
+
+    /*!
+    @brief a JSON value
+
+    The actual storage for a JSON value of the @ref basic_json class.
+
+    @since version 1.0.0
+    */
+    union json_value
+    {
+        /// object (stored with pointer to save storage)
+        object_t* object;
+        /// array (stored with pointer to save storage)
+        array_t* array;
+        /// string (stored with pointer to save storage)
+        string_t* string;
+        /// boolean
+        boolean_t boolean;
+        /// number (integer)
+        number_integer_t number_integer;
+        /// number (unsigned integer)
+        number_unsigned_t number_unsigned;
+        /// number (floating-point)
+        number_float_t number_float;
+
+        /// default constructor (for null values)
+        json_value() = default;
+        /// constructor for booleans
+        json_value(boolean_t v) noexcept : boolean(v) {}
+        /// constructor for numbers (integer)
+        json_value(number_integer_t v) noexcept : number_integer(v) {}
+        /// constructor for numbers (unsigned)
+        json_value(number_unsigned_t v) noexcept : number_unsigned(v) {}
+        /// constructor for numbers (floating-point)
+        json_value(number_float_t v) noexcept : number_float(v) {}
+        /// constructor for empty values of a given type
+        json_value(value_t t)
+        {
+            switch (t)
+            {
+                case value_t::object:
+                {
+                    object = create<object_t>();
+                    break;
+                }
+
+                case value_t::array:
+                {
+                    array = create<array_t>();
+                    break;
+                }
+
+                case value_t::string:
+                {
+                    string = create<string_t>("");
+                    break;
+                }
+
+                case value_t::boolean:
+                {
+                    boolean = boolean_t(false);
+                    break;
+                }
+
+                case value_t::number_integer:
+                {
+                    number_integer = number_integer_t(0);
+                    break;
+                }
+
+                case value_t::number_unsigned:
+                {
+                    number_unsigned = number_unsigned_t(0);
+                    break;
+                }
+
+                case value_t::number_float:
+                {
+                    number_float = number_float_t(0.0);
+                    break;
+                }
+
+                default:
+                {
+                    break;
+                }
+            }
+        }
+
+        /// constructor for strings
+        json_value(const string_t& value)
+        {
+            string = create<string_t>(value);
+        }
+
+        /// constructor for objects
+        json_value(const object_t& value)
+        {
+            object = create<object_t>(value);
+        }
+
+        /// constructor for arrays
+        json_value(const array_t& value)
+        {
+            array = create<array_t>(value);
+        }
+    };
+
+
+  public:
+    //////////////////////////
+    // JSON parser callback //
+    //////////////////////////
+
+    /*!
+    @brief JSON callback events
+
+    This enumeration lists the parser events that can trigger calling a
+    callback function of type @ref parser_callback_t during parsing.
+
+    @since version 1.0.0
+    */
+    enum class parse_event_t : uint8_t
+    {
+        /// the parser read `{` and started to process a JSON object
+        object_start,
+        /// the parser read `}` and finished processing a JSON object
+        object_end,
+        /// the parser read `[` and started to process a JSON array
+        array_start,
+        /// the parser read `]` and finished processing a JSON array
+        array_end,
+        /// the parser read a key of a value in an object
+        key,
+        /// the parser finished reading a JSON value
+        value
+    };
+
+    /*!
+    @brief per-element parser callback type
+
+    With a parser callback function, the result of parsing a JSON text can be
+    influenced. When passed to @ref parse(std::istream&, parser_callback_t) or
+    @ref parse(const string_t&, parser_callback_t), it is called on certain
+    events (passed as @ref parse_event_t via parameter @a event) with a set
+    recursion depth @a depth and context JSON value @a parsed. The return
+    value of the callback function is a boolean indicating whether the element
+    that emitted the callback shall be kept or not.
+
+    We distinguish six scenarios (determined by the event type) in which the
+    callback function can be called. The following table describes the values
+    of the parameters @a depth, @a event, and @a parsed.
+
+    parameter @a event | description | parameter @a depth | parameter @a parsed
+    ------------------ | ----------- | ------------------ | -------------------
+    parse_event_t::object_start | the parser read `{` and started to process a JSON object | depth of the parent of the JSON object | a JSON value with type discarded
+    parse_event_t::key | the parser read a key of a value in an object | depth of the currently parsed JSON object | a JSON string containing the key
+    parse_event_t::object_end | the parser read `}` and finished processing a JSON object | depth of the parent of the JSON object | the parsed JSON object
+    parse_event_t::array_start | the parser read `[` and started to process a JSON array | depth of the parent of the JSON array | a JSON value with type discarded
+    parse_event_t::array_end | the parser read `]` and finished processing a JSON array | depth of the parent of the JSON array | the parsed JSON array
+    parse_event_t::value | the parser finished reading a JSON value | depth of the value | the parsed JSON value
+
+    Discarding a value (i.e., returning `false`) has different effects
+    depending on the context in which function was called:
+
+    - Discarded values in structured types are skipped. That is, the parser
+      will behave as if the discarded value was never read.
+    - In case a value outside a structured type is skipped, it is replaced
+      with `null`. This case happens if the top-level element is skipped.
+
+    @param[in] depth  the depth of the recursion during parsing
+
+    @param[in] event  an event of type parse_event_t indicating the context in
+    the callback function has been called
+
+    @param[in,out] parsed  the current intermediate parse result; note that
+    writing to this value has no effect for parse_event_t::key events
+
+    @return Whether the JSON value which called the function during parsing
+    should be kept (`true`) or not (`false`). In the latter case, it is either
+    skipped completely or replaced by an empty discarded object.
+
+    @sa @ref parse(std::istream&, parser_callback_t) or
+    @ref parse(const string_t&, parser_callback_t) for examples
+
+    @since version 1.0.0
+    */
+    using parser_callback_t = std::function<bool(int depth, parse_event_t event, basic_json& parsed)>;
+
+
+    //////////////////
+    // constructors //
+    //////////////////
+
+    /// @name constructors and destructors
+    /// @{
+
+    /*!
+    @brief create an empty value with a given type
+
+    Create an empty JSON value with a given type. The value will be default
+    initialized with an empty value which depends on the type:
+
+    Value type  | initial value
+    ----------- | -------------
+    null        | `null`
+    boolean     | `false`
+    string      | `""`
+    number      | `0`
+    object      | `{}`
+    array       | `[]`
+
+    @param[in] value_type  the type of the value to create
+
+    @complexity Constant.
+
+    @throw std::bad_alloc if allocation for object, array, or string value
+    fails
+
+    @liveexample{The following code shows the constructor for different @ref
+    value_t values,basic_json__value_t}
+
+    @sa @ref basic_json(std::nullptr_t) -- create a `null` value
+    @sa @ref basic_json(boolean_t value) -- create a boolean value
+    @sa @ref basic_json(const string_t&) -- create a string value
+    @sa @ref basic_json(const object_t&) -- create a object value
+    @sa @ref basic_json(const array_t&) -- create a array value
+    @sa @ref basic_json(const number_float_t) -- create a number
+    (floating-point) value
+    @sa @ref basic_json(const number_integer_t) -- create a number (integer)
+    value
+    @sa @ref basic_json(const number_unsigned_t) -- create a number (unsigned)
+    value
+
+    @since version 1.0.0
+    */
+    basic_json(const value_t value_type)
+        : m_type(value_type), m_value(value_type)
+    {}
+
+    /*!
+    @brief create a null object (implicitly)
+
+    Create a `null` JSON value. This is the implicit version of the `null`
+    value constructor as it takes no parameters.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this constructor never throws
+    exceptions.
+
+    @requirement This function helps `basic_json` satisfying the
+    [Container](http://en.cppreference.com/w/cpp/concept/Container)
+    requirements:
+    - The complexity is constant.
+    - As postcondition, it holds: `basic_json().empty() == true`.
+
+    @liveexample{The following code shows the constructor for a `null` JSON
+    value.,basic_json}
+
+    @sa @ref basic_json(std::nullptr_t) -- create a `null` value
+
+    @since version 1.0.0
+    */
+    basic_json() = default;
+
+    /*!
+    @brief create a null object (explicitly)
+
+    Create a `null` JSON value. This is the explicitly version of the `null`
+    value constructor as it takes a null pointer as parameter. It allows to
+    create `null` values by explicitly assigning a `nullptr` to a JSON value.
+    The passed null pointer itself is not read -- it is only used to choose
+    the right constructor.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this constructor never throws
+    exceptions.
+
+    @liveexample{The following code shows the constructor with null pointer
+    parameter.,basic_json__nullptr_t}
+
+    @sa @ref basic_json() -- default constructor (implicitly creating a `null`
+    value)
+
+    @since version 1.0.0
+    */
+    basic_json(std::nullptr_t) noexcept
+        : basic_json(value_t::null)
+    {}
+
+    /*!
+    @brief create an object (explicit)
+
+    Create an object JSON value with a given content.
+
+    @param[in] val  a value for the object
+
+    @complexity Linear in the size of the passed @a val.
+
+    @throw std::bad_alloc if allocation for object value fails
+
+    @liveexample{The following code shows the constructor with an @ref
+    object_t parameter.,basic_json__object_t}
+
+    @sa @ref basic_json(const CompatibleObjectType&) -- create an object value
+    from a compatible STL container
+
+    @since version 1.0.0
+    */
+    basic_json(const object_t& val)
+        : m_type(value_t::object), m_value(val)
+    {}
+
+    /*!
+    @brief create an object (implicit)
+
+    Create an object JSON value with a given content. This constructor allows
+    any type @a CompatibleObjectType that can be used to construct values of
+    type @ref object_t.
+
+    @tparam CompatibleObjectType An object type whose `key_type` and
+    `value_type` is compatible to @ref object_t. Examples include `std::map`,
+    `std::unordered_map`, `std::multimap`, and `std::unordered_multimap` with
+    a `key_type` of `std::string`, and a `value_type` from which a @ref
+    basic_json value can be constructed.
+
+    @param[in] val  a value for the object
+
+    @complexity Linear in the size of the passed @a val.
+
+    @throw std::bad_alloc if allocation for object value fails
+
+    @liveexample{The following code shows the constructor with several
+    compatible object type parameters.,basic_json__CompatibleObjectType}
+
+    @sa @ref basic_json(const object_t&) -- create an object value
+
+    @since version 1.0.0
+    */
+    template <class CompatibleObjectType, typename
+              std::enable_if<
+                  std::is_constructible<typename object_t::key_type, typename CompatibleObjectType::key_type>::value and
+                  std::is_constructible<basic_json, typename CompatibleObjectType::mapped_type>::value, int>::type
+              = 0>
+    basic_json(const CompatibleObjectType& val)
+        : m_type(value_t::object)
+    {
+        using std::begin;
+        using std::end;
+        m_value.object = create<object_t>(begin(val), end(val));
+    }
+
+    /*!
+    @brief create an array (explicit)
+
+    Create an array JSON value with a given content.
+
+    @param[in] val  a value for the array
+
+    @complexity Linear in the size of the passed @a val.
+
+    @throw std::bad_alloc if allocation for array value fails
+
+    @liveexample{The following code shows the constructor with an @ref array_t
+    parameter.,basic_json__array_t}
+
+    @sa @ref basic_json(const CompatibleArrayType&) -- create an array value
+    from a compatible STL containers
+
+    @since version 1.0.0
+    */
+    basic_json(const array_t& val)
+        : m_type(value_t::array), m_value(val)
+    {}
+
+    /*!
+    @brief create an array (implicit)
+
+    Create an array JSON value with a given content. This constructor allows
+    any type @a CompatibleArrayType that can be used to construct values of
+    type @ref array_t.
+
+    @tparam CompatibleArrayType An object type whose `value_type` is
+    compatible to @ref array_t. Examples include `std::vector`, `std::deque`,
+    `std::list`, `std::forward_list`, `std::array`, `std::set`,
+    `std::unordered_set`, `std::multiset`, and `unordered_multiset` with a
+    `value_type` from which a @ref basic_json value can be constructed.
+
+    @param[in] val  a value for the array
+
+    @complexity Linear in the size of the passed @a val.
+
+    @throw std::bad_alloc if allocation for array value fails
+
+    @liveexample{The following code shows the constructor with several
+    compatible array type parameters.,basic_json__CompatibleArrayType}
+
+    @sa @ref basic_json(const array_t&) -- create an array value
+
+    @since version 1.0.0
+    */
+    template <class CompatibleArrayType, typename
+              std::enable_if<
+                  not std::is_same<CompatibleArrayType, typename basic_json_t::iterator>::value and
+                  not std::is_same<CompatibleArrayType, typename basic_json_t::const_iterator>::value and
+                  not std::is_same<CompatibleArrayType, typename basic_json_t::reverse_iterator>::value and
+                  not std::is_same<CompatibleArrayType, typename basic_json_t::const_reverse_iterator>::value and
+                  not std::is_same<CompatibleArrayType, typename array_t::iterator>::value and
+                  not std::is_same<CompatibleArrayType, typename array_t::const_iterator>::value and
+                  std::is_constructible<basic_json, typename CompatibleArrayType::value_type>::value, int>::type
+              = 0>
+    basic_json(const CompatibleArrayType& val)
+        : m_type(value_t::array)
+    {
+        using std::begin;
+        using std::end;
+        m_value.array = create<array_t>(begin(val), end(val));
+    }
+
+    /*!
+    @brief create a string (explicit)
+
+    Create an string JSON value with a given content.
+
+    @param[in] val  a value for the string
+
+    @complexity Linear in the size of the passed @a val.
+
+    @throw std::bad_alloc if allocation for string value fails
+
+    @liveexample{The following code shows the constructor with an @ref
+    string_t parameter.,basic_json__string_t}
+
+    @sa @ref basic_json(const typename string_t::value_type*) -- create a
+    string value from a character pointer
+    @sa @ref basic_json(const CompatibleStringType&) -- create a string value
+    from a compatible string container
+
+    @since version 1.0.0
+    */
+    basic_json(const string_t& val)
+        : m_type(value_t::string), m_value(val)
+    {}
+
+    /*!
+    @brief create a string (explicit)
+
+    Create a string JSON value with a given content.
+
+    @param[in] val  a literal value for the string
+
+    @complexity Linear in the size of the passed @a val.
+
+    @throw std::bad_alloc if allocation for string value fails
+
+    @liveexample{The following code shows the constructor with string literal
+    parameter.,basic_json__string_t_value_type}
+
+    @sa @ref basic_json(const string_t&) -- create a string value
+    @sa @ref basic_json(const CompatibleStringType&) -- create a string value
+    from a compatible string container
+
+    @since version 1.0.0
+    */
+    basic_json(const typename string_t::value_type* val)
+        : basic_json(string_t(val))
+    {}
+
+    /*!
+    @brief create a string (implicit)
+
+    Create a string JSON value with a given content.
+
+    @param[in] val  a value for the string
+
+    @tparam CompatibleStringType an string type which is compatible to @ref
+    string_t, for instance `std::string`.
+
+    @complexity Linear in the size of the passed @a val.
+
+    @throw std::bad_alloc if allocation for string value fails
+
+    @liveexample{The following code shows the construction of a string value
+    from a compatible type.,basic_json__CompatibleStringType}
+
+    @sa @ref basic_json(const string_t&) -- create a string value
+    @sa @ref basic_json(const typename string_t::value_type*) -- create a
+    string value from a character pointer
+
+    @since version 1.0.0
+    */
+    template <class CompatibleStringType, typename
+              std::enable_if<
+                  std::is_constructible<string_t, CompatibleStringType>::value, int>::type
+              = 0>
+    basic_json(const CompatibleStringType& val)
+        : basic_json(string_t(val))
+    {}
+
+    /*!
+    @brief create a boolean (explicit)
+
+    Creates a JSON boolean type from a given value.
+
+    @param[in] val  a boolean value to store
+
+    @complexity Constant.
+
+    @liveexample{The example below demonstrates boolean
+    values.,basic_json__boolean_t}
+
+    @since version 1.0.0
+    */
+    basic_json(boolean_t val) noexcept
+        : m_type(value_t::boolean), m_value(val)
+    {}
+
+    /*!
+    @brief create an integer number (explicit)
+
+    Create an integer number JSON value with a given content.
+
+    @tparam T A helper type to remove this function via SFINAE in case @ref
+    number_integer_t is the same as `int`. In this case, this constructor
+    would have the same signature as @ref basic_json(const int value). Note
+    the helper type @a T is not visible in this constructor's interface.
+
+    @param[in] val  an integer to create a JSON number from
+
+    @complexity Constant.
+
+    @liveexample{The example below shows the construction of an integer
+    number value.,basic_json__number_integer_t}
+
+    @sa @ref basic_json(const int) -- create a number value (integer)
+    @sa @ref basic_json(const CompatibleNumberIntegerType) -- create a number
+    value (integer) from a compatible number type
+
+    @since version 1.0.0
+    */
+    template<typename T,
+             typename std::enable_if<
+                 not (std::is_same<T, int>::value)
+                 and std::is_same<T, number_integer_t>::value
+                 , int>::type
+             = 0>
+    basic_json(const number_integer_t val) noexcept
+        : m_type(value_t::number_integer), m_value(val)
+    {}
+
+    /*!
+    @brief create an integer number from an enum type (explicit)
+
+    Create an integer number JSON value with a given content.
+
+    @param[in] val  an integer to create a JSON number from
+
+    @note This constructor allows to pass enums directly to a constructor. As
+    C++ has no way of specifying the type of an anonymous enum explicitly, we
+    can only rely on the fact that such values implicitly convert to int. As
+    int may already be the same type of number_integer_t, we may need to
+    switch off the constructor @ref basic_json(const number_integer_t).
+
+    @complexity Constant.
+
+    @liveexample{The example below shows the construction of an integer
+    number value from an anonymous enum.,basic_json__const_int}
+
+    @sa @ref basic_json(const number_integer_t) -- create a number value
+    (integer)
+    @sa @ref basic_json(const CompatibleNumberIntegerType) -- create a number
+    value (integer) from a compatible number type
+
+    @since version 1.0.0
+    */
+    basic_json(const int val) noexcept
+        : m_type(value_t::number_integer),
+          m_value(static_cast<number_integer_t>(val))
+    {}
+
+    /*!
+    @brief create an integer number (implicit)
+
+    Create an integer number JSON value with a given content. This constructor
+    allows any type @a CompatibleNumberIntegerType that can be used to
+    construct values of type @ref number_integer_t.
+
+    @tparam CompatibleNumberIntegerType An integer type which is compatible to
+    @ref number_integer_t. Examples include the types `int`, `int32_t`,
+    `long`, and `short`.
+
+    @param[in] val  an integer to create a JSON number from
+
+    @complexity Constant.
+
+    @liveexample{The example below shows the construction of several integer
+    number values from compatible
+    types.,basic_json__CompatibleIntegerNumberType}
+
+    @sa @ref basic_json(const number_integer_t) -- create a number value
+    (integer)
+    @sa @ref basic_json(const int) -- create a number value (integer)
+
+    @since version 1.0.0
+    */
+    template<typename CompatibleNumberIntegerType, typename
+             std::enable_if<
+                 std::is_constructible<number_integer_t, CompatibleNumberIntegerType>::value and
+                 std::numeric_limits<CompatibleNumberIntegerType>::is_integer and
+                 std::numeric_limits<CompatibleNumberIntegerType>::is_signed,
+                 CompatibleNumberIntegerType>::type
+             = 0>
+    basic_json(const CompatibleNumberIntegerType val) noexcept
+        : m_type(value_t::number_integer),
+          m_value(static_cast<number_integer_t>(val))
+    {}
+
+    /*!
+    @brief create an unsigned integer number (explicit)
+
+    Create an unsigned integer number JSON value with a given content.
+
+    @tparam T  helper type to compare number_unsigned_t and unsigned int
+    (not visible in) the interface.
+
+    @param[in] val  an integer to create a JSON number from
+
+    @complexity Constant.
+
+    @sa @ref basic_json(const CompatibleNumberUnsignedType) -- create a number
+    value (unsigned integer) from a compatible number type
+
+    @since version 2.0.0
+    */
+    template<typename T,
+             typename std::enable_if<
+                 not (std::is_same<T, int>::value)
+                 and std::is_same<T, number_unsigned_t>::value
+                 , int>::type
+             = 0>
+    basic_json(const number_unsigned_t val) noexcept
+        : m_type(value_t::number_unsigned), m_value(val)
+    {}
+
+    /*!
+    @brief create an unsigned number (implicit)
+
+    Create an unsigned number JSON value with a given content. This
+    constructor allows any type @a CompatibleNumberUnsignedType that can be
+    used to construct values of type @ref number_unsigned_t.
+
+    @tparam CompatibleNumberUnsignedType An integer type which is compatible
+    to @ref number_unsigned_t. Examples may include the types `unsigned int`,
+    `uint32_t`, or `unsigned short`.
+
+    @param[in] val  an unsigned integer to create a JSON number from
+
+    @complexity Constant.
+
+    @sa @ref basic_json(const number_unsigned_t) -- create a number value
+    (unsigned)
+
+    @since version 2.0.0
+    */
+    template <typename CompatibleNumberUnsignedType, typename
+              std::enable_if <
+                  std::is_constructible<number_unsigned_t, CompatibleNumberUnsignedType>::value and
+                  std::numeric_limits<CompatibleNumberUnsignedType>::is_integer and
+                  not std::numeric_limits<CompatibleNumberUnsignedType>::is_signed,
+                  CompatibleNumberUnsignedType>::type
+              = 0>
+    basic_json(const CompatibleNumberUnsignedType val) noexcept
+        : m_type(value_t::number_unsigned),
+          m_value(static_cast<number_unsigned_t>(val))
+    {}
+
+    /*!
+    @brief create a floating-point number (explicit)
+
+    Create a floating-point number JSON value with a given content.
+
+    @param[in] val  a floating-point value to create a JSON number from
+
+    @note [RFC 7159](http://www.rfc-editor.org/rfc/rfc7159.txt), section 6
+    disallows NaN values:
+    > Numeric values that cannot be represented in the grammar below (such as
+    > Infinity and NaN) are not permitted.
+    In case the parameter @a val is not a number, a JSON null value is
+    created instead.
+
+    @complexity Constant.
+
+    @liveexample{The following example creates several floating-point
+    values.,basic_json__number_float_t}
+
+    @sa @ref basic_json(const CompatibleNumberFloatType) -- create a number
+    value (floating-point) from a compatible number type
+
+    @since version 1.0.0
+    */
+    basic_json(const number_float_t val) noexcept
+        : m_type(value_t::number_float), m_value(val)
+    {
+        // replace infinity and NAN by null
+        if (not std::isfinite(val))
+        {
+            m_type = value_t::null;
+            m_value = json_value();
+        }
+    }
+
+    /*!
+    @brief create an floating-point number (implicit)
+
+    Create an floating-point number JSON value with a given content. This
+    constructor allows any type @a CompatibleNumberFloatType that can be used
+    to construct values of type @ref number_float_t.
+
+    @tparam CompatibleNumberFloatType A floating-point type which is
+    compatible to @ref number_float_t. Examples may include the types `float`
+    or `double`.
+
+    @param[in] val  a floating-point to create a JSON number from
+
+    @note [RFC 7159](http://www.rfc-editor.org/rfc/rfc7159.txt), section 6
+    disallows NaN values:
+    > Numeric values that cannot be represented in the grammar below (such as
+    > Infinity and NaN) are not permitted.
+    In case the parameter @a val is not a number, a JSON null value is
+    created instead.
+
+    @complexity Constant.
+
+    @liveexample{The example below shows the construction of several
+    floating-point number values from compatible
+    types.,basic_json__CompatibleNumberFloatType}
+
+    @sa @ref basic_json(const number_float_t) -- create a number value
+    (floating-point)
+
+    @since version 1.0.0
+    */
+    template<typename CompatibleNumberFloatType, typename = typename
+             std::enable_if<
+                 std::is_constructible<number_float_t, CompatibleNumberFloatType>::value and
+                 std::is_floating_point<CompatibleNumberFloatType>::value>::type
+             >
+    basic_json(const CompatibleNumberFloatType val) noexcept
+        : basic_json(number_float_t(val))
+    {}
+
+    /*!
+    @brief create a container (array or object) from an initializer list
+
+    Creates a JSON value of type array or object from the passed initializer
+    list @a init. In case @a type_deduction is `true` (default), the type of
+    the JSON value to be created is deducted from the initializer list @a init
+    according to the following rules:
+
+    1. If the list is empty, an empty JSON object value `{}` is created.
+    2. If the list consists of pairs whose first element is a string, a JSON
+    object value is created where the first elements of the pairs are treated
+    as keys and the second elements are as values.
+    3. In all other cases, an array is created.
+
+    The rules aim to create the best fit between a C++ initializer list and
+    JSON values. The rationale is as follows:
+
+    1. The empty initializer list is written as `{}` which is exactly an empty
+    JSON object.
+    2. C++ has now way of describing mapped types other than to list a list of
+    pairs. As JSON requires that keys must be of type string, rule 2 is the
+    weakest constraint one can pose on initializer lists to interpret them as
+    an object.
+    3. In all other cases, the initializer list could not be interpreted as
+    JSON object type, so interpreting it as JSON array type is safe.
+
+    With the rules described above, the following JSON values cannot be
+    expressed by an initializer list:
+
+    - the empty array (`[]`): use @ref array(std::initializer_list<basic_json>)
+      with an empty initializer list in this case
+    - arrays whose elements satisfy rule 2: use @ref
+      array(std::initializer_list<basic_json>) with the same initializer list
+      in this case
+
+    @note When used without parentheses around an empty initializer list, @ref
+    basic_json() is called instead of this function, yielding the JSON null
+    value.
+
+    @param[in] init  initializer list with JSON values
+
+    @param[in] type_deduction internal parameter; when set to `true`, the type
+    of the JSON value is deducted from the initializer list @a init; when set
+    to `false`, the type provided via @a manual_type is forced. This mode is
+    used by the functions @ref array(std::initializer_list<basic_json>) and
+    @ref object(std::initializer_list<basic_json>).
+
+    @param[in] manual_type internal parameter; when @a type_deduction is set
+    to `false`, the created JSON value will use the provided type (only @ref
+    value_t::array and @ref value_t::object are valid); when @a type_deduction
+    is set to `true`, this parameter has no effect
+
+    @throw std::domain_error if @a type_deduction is `false`, @a manual_type
+    is `value_t::object`, but @a init contains an element which is not a pair
+    whose first element is a string; example: `"cannot create object from
+    initializer list"`
+
+    @complexity Linear in the size of the initializer list @a init.
+
+    @liveexample{The example below shows how JSON values are created from
+    initializer lists.,basic_json__list_init_t}
+
+    @sa @ref array(std::initializer_list<basic_json>) -- create a JSON array
+    value from an initializer list
+    @sa @ref object(std::initializer_list<basic_json>) -- create a JSON object
+    value from an initializer list
+
+    @since version 1.0.0
+    */
+    basic_json(std::initializer_list<basic_json> init,
+               bool type_deduction = true,
+               value_t manual_type = value_t::array)
+    {
+        // the initializer list could describe an object
+        bool is_an_object = true;
+
+        // check if each element is an array with two elements whose first
+        // element is a string
+        for (const auto& element : init)
+        {
+            if (not element.is_array() or element.size() != 2
+                    or not element[0].is_string())
+            {
+                // we found an element that makes it impossible to use the
+                // initializer list as object
+                is_an_object = false;
+                break;
+            }
+        }
+
+        // adjust type if type deduction is not wanted
+        if (not type_deduction)
+        {
+            // if array is wanted, do not create an object though possible
+            if (manual_type == value_t::array)
+            {
+                is_an_object = false;
+            }
+
+            // if object is wanted but impossible, throw an exception
+            if (manual_type == value_t::object and not is_an_object)
+            {
+                throw std::domain_error("cannot create object from initializer list");
+            }
+        }
+
+        if (is_an_object)
+        {
+            // the initializer list is a list of pairs -> create object
+            m_type = value_t::object;
+            m_value = value_t::object;
+
+            assert(m_value.object != nullptr);
+
+            for (auto& element : init)
+            {
+                m_value.object->emplace(*(element[0].m_value.string), element[1]);
+            }
+        }
+        else
+        {
+            // the initializer list describes an array -> create array
+            m_type = value_t::array;
+            m_value.array = create<array_t>(init);
+        }
+    }
+
+    /*!
+    @brief explicitly create an array from an initializer list
+
+    Creates a JSON array value from a given initializer list. That is, given a
+    list of values `a, b, c`, creates the JSON value `[a, b, c]`. If the
+    initializer list is empty, the empty array `[]` is created.
+
+    @note This function is only needed to express two edge cases that cannot
+    be realized with the initializer list constructor (@ref
+    basic_json(std::initializer_list<basic_json>, bool, value_t)). These cases
+    are:
+    1. creating an array whose elements are all pairs whose first element is a
+    string -- in this case, the initializer list constructor would create an
+    object, taking the first elements as keys
+    2. creating an empty array -- passing the empty initializer list to the
+    initializer list constructor yields an empty object
+
+    @param[in] init  initializer list with JSON values to create an array from
+    (optional)
+
+    @return JSON array value
+
+    @complexity Linear in the size of @a init.
+
+    @liveexample{The following code shows an example for the `array`
+    function.,array}
+
+    @sa @ref basic_json(std::initializer_list<basic_json>, bool, value_t) --
+    create a JSON value from an initializer list
+    @sa @ref object(std::initializer_list<basic_json>) -- create a JSON object
+    value from an initializer list
+
+    @since version 1.0.0
+    */
+    static basic_json array(std::initializer_list<basic_json> init =
+                                std::initializer_list<basic_json>())
+    {
+        return basic_json(init, false, value_t::array);
+    }
+
+    /*!
+    @brief explicitly create an object from an initializer list
+
+    Creates a JSON object value from a given initializer list. The initializer
+    lists elements must be pairs, and their first elements must be strings. If
+    the initializer list is empty, the empty object `{}` is created.
+
+    @note This function is only added for symmetry reasons. In contrast to the
+    related function @ref array(std::initializer_list<basic_json>), there are
+    no cases which can only be expressed by this function. That is, any
+    initializer list @a init can also be passed to the initializer list
+    constructor @ref basic_json(std::initializer_list<basic_json>, bool,
+    value_t).
+
+    @param[in] init  initializer list to create an object from (optional)
+
+    @return JSON object value
+
+    @throw std::domain_error if @a init is not a pair whose first elements are
+    strings; thrown by
+    @ref basic_json(std::initializer_list<basic_json>, bool, value_t)
+
+    @complexity Linear in the size of @a init.
+
+    @liveexample{The following code shows an example for the `object`
+    function.,object}
+
+    @sa @ref basic_json(std::initializer_list<basic_json>, bool, value_t) --
+    create a JSON value from an initializer list
+    @sa @ref array(std::initializer_list<basic_json>) -- create a JSON array
+    value from an initializer list
+
+    @since version 1.0.0
+    */
+    static basic_json object(std::initializer_list<basic_json> init =
+                                 std::initializer_list<basic_json>())
+    {
+        return basic_json(init, false, value_t::object);
+    }
+
+    /*!
+    @brief construct an array with count copies of given value
+
+    Constructs a JSON array value by creating @a cnt copies of a passed value.
+    In case @a cnt is `0`, an empty array is created. As postcondition,
+    `std::distance(begin(),end()) == cnt` holds.
+
+    @param[in] cnt  the number of JSON copies of @a val to create
+    @param[in] val  the JSON value to copy
+
+    @complexity Linear in @a cnt.
+
+    @liveexample{The following code shows examples for the @ref
+    basic_json(size_type\, const basic_json&)
+    constructor.,basic_json__size_type_basic_json}
+
+    @since version 1.0.0
+    */
+    basic_json(size_type cnt, const basic_json& val)
+        : m_type(value_t::array)
+    {
+        m_value.array = create<array_t>(cnt, val);
+    }
+
+    /*!
+    @brief construct a JSON container given an iterator range
+
+    Constructs the JSON value with the contents of the range `[first, last)`.
+    The semantics depends on the different types a JSON value can have:
+    - In case of primitive types (number, boolean, or string), @a first must
+      be `begin()` and @a last must be `end()`. In this case, the value is
+      copied. Otherwise, std::out_of_range is thrown.
+    - In case of structured types (array, object), the constructor behaves as
+      similar versions for `std::vector`.
+    - In case of a null type, std::domain_error is thrown.
+
+    @tparam InputIT an input iterator type (@ref iterator or @ref
+    const_iterator)
+
+    @param[in] first begin of the range to copy from (included)
+    @param[in] last end of the range to copy from (excluded)
+
+    @throw std::domain_error if iterators are not compatible; that is, do not
+    belong to the same JSON value; example: `"iterators are not compatible"`
+    @throw std::out_of_range if iterators are for a primitive type (number,
+    boolean, or string) where an out of range error can be detected easily;
+    example: `"iterators out of range"`
+    @throw std::bad_alloc if allocation for object, array, or string fails
+    @throw std::domain_error if called with a null value; example: `"cannot
+    use construct with iterators from null"`
+
+    @complexity Linear in distance between @a first and @a last.
+
+    @liveexample{The example below shows several ways to create JSON values by
+    specifying a subrange with iterators.,basic_json__InputIt_InputIt}
+
+    @since version 1.0.0
+    */
+    template <class InputIT, typename
+              std::enable_if<
+                  std::is_same<InputIT, typename basic_json_t::iterator>::value or
+                  std::is_same<InputIT, typename basic_json_t::const_iterator>::value
+                  , int>::type
+              = 0>
+    basic_json(InputIT first, InputIT last) : m_type(first.m_object->m_type)
+    {
+        // make sure iterator fits the current value
+        if (first.m_object != last.m_object)
+        {
+            throw std::domain_error("iterators are not compatible");
+        }
+
+        // check if iterator range is complete for primitive values
+        switch (m_type)
+        {
+            case value_t::boolean:
+            case value_t::number_float:
+            case value_t::number_integer:
+            case value_t::number_unsigned:
+            case value_t::string:
+            {
+                if (not first.m_it.primitive_iterator.is_begin() or not last.m_it.primitive_iterator.is_end())
+                {
+                    throw std::out_of_range("iterators out of range");
+                }
+                break;
+            }
+
+            default:
+            {
+                break;
+            }
+        }
+
+        switch (m_type)
+        {
+            case value_t::number_integer:
+            {
+                assert(first.m_object != nullptr);
+                m_value.number_integer = first.m_object->m_value.number_integer;
+                break;
+            }
+
+            case value_t::number_unsigned:
+            {
+                assert(first.m_object != nullptr);
+                m_value.number_unsigned = first.m_object->m_value.number_unsigned;
+                break;
+            }
+
+            case value_t::number_float:
+            {
+                assert(first.m_object != nullptr);
+                m_value.number_float = first.m_object->m_value.number_float;
+                break;
+            }
+
+            case value_t::boolean:
+            {
+                assert(first.m_object != nullptr);
+                m_value.boolean = first.m_object->m_value.boolean;
+                break;
+            }
+
+            case value_t::string:
+            {
+                assert(first.m_object != nullptr);
+                m_value = *first.m_object->m_value.string;
+                break;
+            }
+
+            case value_t::object:
+            {
+                m_value.object = create<object_t>(first.m_it.object_iterator, last.m_it.object_iterator);
+                break;
+            }
+
+            case value_t::array:
+            {
+                m_value.array = create<array_t>(first.m_it.array_iterator, last.m_it.array_iterator);
+                break;
+            }
+
+            default:
+            {
+                assert(first.m_object != nullptr);
+                throw std::domain_error("cannot use construct with iterators from " + first.m_object->type_name());
+            }
+        }
+    }
+
+    /*!
+    @brief construct a JSON value given an input stream
+
+    @param[in,out] i  stream to read a serialized JSON value from
+    @param[in] cb a parser callback function of type @ref parser_callback_t
+    which is used to control the deserialization by filtering unwanted values
+    (optional)
+
+    @complexity Linear in the length of the input. The parser is a predictive
+    LL(1) parser. The complexity can be higher if the parser callback function
+    @a cb has a super-linear complexity.
+
+    @note A UTF-8 byte order mark is silently ignored.
+
+    @liveexample{The example below demonstrates constructing a JSON value from
+    a `std::stringstream` with and without callback
+    function.,basic_json__istream}
+
+    @since version 2.0.0
+    */
+    explicit basic_json(std::istream& i, parser_callback_t cb = nullptr)
+    {
+        *this = parser(i, cb).parse();
+    }
+
+    ///////////////////////////////////////
+    // other constructors and destructor //
+    ///////////////////////////////////////
+
+    /*!
+    @brief copy constructor
+
+    Creates a copy of a given JSON value.
+
+    @param[in] other  the JSON value to copy
+
+    @complexity Linear in the size of @a other.
+
+    @requirement This function helps `basic_json` satisfying the
+    [Container](http://en.cppreference.com/w/cpp/concept/Container)
+    requirements:
+    - The complexity is linear.
+    - As postcondition, it holds: `other == basic_json(other)`.
+
+    @throw std::bad_alloc if allocation for object, array, or string fails.
+
+    @liveexample{The following code shows an example for the copy
+    constructor.,basic_json__basic_json}
+
+    @since version 1.0.0
+    */
+    basic_json(const basic_json& other)
+        : m_type(other.m_type)
+    {
+        switch (m_type)
+        {
+            case value_t::object:
+            {
+                assert(other.m_value.object != nullptr);
+                m_value = *other.m_value.object;
+                break;
+            }
+
+            case value_t::array:
+            {
+                assert(other.m_value.array != nullptr);
+                m_value = *other.m_value.array;
+                break;
+            }
+
+            case value_t::string:
+            {
+                assert(other.m_value.string != nullptr);
+                m_value = *other.m_value.string;
+                break;
+            }
+
+            case value_t::boolean:
+            {
+                m_value = other.m_value.boolean;
+                break;
+            }
+
+            case value_t::number_integer:
+            {
+                m_value = other.m_value.number_integer;
+                break;
+            }
+
+            case value_t::number_unsigned:
+            {
+                m_value = other.m_value.number_unsigned;
+                break;
+            }
+
+            case value_t::number_float:
+            {
+                m_value = other.m_value.number_float;
+                break;
+            }
+
+            default:
+            {
+                break;
+            }
+        }
+    }
+
+    /*!
+    @brief move constructor
+
+    Move constructor. Constructs a JSON value with the contents of the given
+    value @a other using move semantics. It "steals" the resources from @a
+    other and leaves it as JSON null value.
+
+    @param[in,out] other  value to move to this object
+
+    @post @a other is a JSON null value
+
+    @complexity Constant.
+
+    @liveexample{The code below shows the move constructor explicitly called
+    via std::move.,basic_json__moveconstructor}
+
+    @since version 1.0.0
+    */
+    basic_json(basic_json&& other) noexcept
+        : m_type(std::move(other.m_type)),
+          m_value(std::move(other.m_value))
+    {
+        // invalidate payload
+        other.m_type = value_t::null;
+        other.m_value = {};
+    }
+
+    /*!
+    @brief copy assignment
+
+    Copy assignment operator. Copies a JSON value via the "copy and swap"
+    strategy: It is expressed in terms of the copy constructor, destructor,
+    and the swap() member function.
+
+    @param[in] other  value to copy from
+
+    @complexity Linear.
+
+    @requirement This function helps `basic_json` satisfying the
+    [Container](http://en.cppreference.com/w/cpp/concept/Container)
+    requirements:
+    - The complexity is linear.
+
+    @liveexample{The code below shows and example for the copy assignment. It
+    creates a copy of value `a` which is then swapped with `b`. Finally\, the
+    copy of `a` (which is the null value after the swap) is
+    destroyed.,basic_json__copyassignment}
+
+    @since version 1.0.0
+    */
+    reference& operator=(basic_json other) noexcept (
+        std::is_nothrow_move_constructible<value_t>::value and
+        std::is_nothrow_move_assignable<value_t>::value and
+        std::is_nothrow_move_constructible<json_value>::value and
+        std::is_nothrow_move_assignable<json_value>::value
+    )
+    {
+        using std::swap;
+        swap(m_type, other.m_type);
+        swap(m_value, other.m_value);
+        return *this;
+    }
+
+    /*!
+    @brief destructor
+
+    Destroys the JSON value and frees all allocated memory.
+
+    @complexity Linear.
+
+    @requirement This function helps `basic_json` satisfying the
+    [Container](http://en.cppreference.com/w/cpp/concept/Container)
+    requirements:
+    - The complexity is linear.
+    - All stored elements are destroyed and all memory is freed.
+
+    @since version 1.0.0
+    */
+    ~basic_json()
+    {
+        switch (m_type)
+        {
+            case value_t::object:
+            {
+                AllocatorType<object_t> alloc;
+                alloc.destroy(m_value.object);
+                alloc.deallocate(m_value.object, 1);
+                break;
+            }
+
+            case value_t::array:
+            {
+                AllocatorType<array_t> alloc;
+                alloc.destroy(m_value.array);
+                alloc.deallocate(m_value.array, 1);
+                break;
+            }
+
+            case value_t::string:
+            {
+                AllocatorType<string_t> alloc;
+                alloc.destroy(m_value.string);
+                alloc.deallocate(m_value.string, 1);
+                break;
+            }
+
+            default:
+            {
+                // all other types need no specific destructor
+                break;
+            }
+        }
+    }
+
+    /// @}
+
+  public:
+    ///////////////////////
+    // object inspection //
+    ///////////////////////
+
+    /// @name object inspection
+    /// @{
+
+    /*!
+    @brief serialization
+
+    Serialization function for JSON values. The function tries to mimic
+    Python's @p json.dumps() function, and currently supports its @p indent
+    parameter.
+
+    @param[in] indent if indent is nonnegative, then array elements and object
+    members will be pretty-printed with that indent level. An indent level of
+    0 will only insert newlines. -1 (the default) selects the most compact
+    representation
+
+    @return string containing the serialization of the JSON value
+
+    @complexity Linear.
+
+    @liveexample{The following example shows the effect of different @a indent
+    parameters to the result of the serialization.,dump}
+
+    @see https://docs.python.org/2/library/json.html#json.dump
+
+    @since version 1.0.0
+    */
+    string_t dump(const int indent = -1) const
+    {
+        std::stringstream ss;
+
+        if (indent >= 0)
+        {
+            dump(ss, true, static_cast<unsigned int>(indent));
+        }
+        else
+        {
+            dump(ss, false, 0);
+        }
+
+        return ss.str();
+    }
+
+    /*!
+    @brief return the type of the JSON value (explicit)
+
+    Return the type of the JSON value as a value from the @ref value_t
+    enumeration.
+
+    @return the type of the JSON value
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `type()` for all JSON
+    types.,type}
+
+    @since version 1.0.0
+    */
+    constexpr value_t type() const noexcept
+    {
+        return m_type;
+    }
+
+    /*!
+    @brief return whether type is primitive
+
+    This function returns true iff the JSON type is primitive (string, number,
+    boolean, or null).
+
+    @return `true` if type is primitive (string, number, boolean, or null),
+    `false` otherwise.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `is_primitive()` for all JSON
+    types.,is_primitive}
+
+    @sa @ref is_structured() -- returns whether JSON value is structured
+    @sa @ref is_null() -- returns whether JSON value is `null`
+    @sa @ref is_string() -- returns whether JSON value is a string
+    @sa @ref is_boolean() -- returns whether JSON value is a boolean
+    @sa @ref is_number() -- returns whether JSON value is a number
+
+    @since version 1.0.0
+    */
+    constexpr bool is_primitive() const noexcept
+    {
+        return is_null() or is_string() or is_boolean() or is_number();
+    }
+
+    /*!
+    @brief return whether type is structured
+
+    This function returns true iff the JSON type is structured (array or
+    object).
+
+    @return `true` if type is structured (array or object), `false` otherwise.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `is_structured()` for all JSON
+    types.,is_structured}
+
+    @sa @ref is_primitive() -- returns whether value is primitive
+    @sa @ref is_array() -- returns whether value is an array
+    @sa @ref is_object() -- returns whether value is an object
+
+    @since version 1.0.0
+    */
+    constexpr bool is_structured() const noexcept
+    {
+        return is_array() or is_object();
+    }
+
+    /*!
+    @brief return whether value is null
+
+    This function returns true iff the JSON value is null.
+
+    @return `true` if type is null, `false` otherwise.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `is_null()` for all JSON
+    types.,is_null}
+
+    @since version 1.0.0
+    */
+    constexpr bool is_null() const noexcept
+    {
+        return m_type == value_t::null;
+    }
+
+    /*!
+    @brief return whether value is a boolean
+
+    This function returns true iff the JSON value is a boolean.
+
+    @return `true` if type is boolean, `false` otherwise.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `is_boolean()` for all JSON
+    types.,is_boolean}
+
+    @since version 1.0.0
+    */
+    constexpr bool is_boolean() const noexcept
+    {
+        return m_type == value_t::boolean;
+    }
+
+    /*!
+    @brief return whether value is a number
+
+    This function returns true iff the JSON value is a number. This includes
+    both integer and floating-point values.
+
+    @return `true` if type is number (regardless whether integer, unsigned
+    integer or floating-type), `false` otherwise.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `is_number()` for all JSON
+    types.,is_number}
+
+    @sa @ref is_number_integer() -- check if value is an integer or unsigned
+    integer number
+    @sa @ref is_number_unsigned() -- check if value is an unsigned integer
+    number
+    @sa @ref is_number_float() -- check if value is a floating-point number
+
+    @since version 1.0.0
+    */
+    constexpr bool is_number() const noexcept
+    {
+        return is_number_integer() or is_number_float();
+    }
+
+    /*!
+    @brief return whether value is an integer number
+
+    This function returns true iff the JSON value is an integer or unsigned
+    integer number. This excludes floating-point values.
+
+    @return `true` if type is an integer or unsigned integer number, `false`
+    otherwise.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `is_number_integer()` for all
+    JSON types.,is_number_integer}
+
+    @sa @ref is_number() -- check if value is a number
+    @sa @ref is_number_unsigned() -- check if value is an unsigned integer
+    number
+    @sa @ref is_number_float() -- check if value is a floating-point number
+
+    @since version 1.0.0
+    */
+    constexpr bool is_number_integer() const noexcept
+    {
+        return m_type == value_t::number_integer or m_type == value_t::number_unsigned;
+    }
+
+    /*!
+    @brief return whether value is an unsigned integer number
+
+    This function returns true iff the JSON value is an unsigned integer
+    number. This excludes floating-point and (signed) integer values.
+
+    @return `true` if type is an unsigned integer number, `false` otherwise.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `is_number_unsigned()` for all
+    JSON types.,is_number_unsigned}
+
+    @sa @ref is_number() -- check if value is a number
+    @sa @ref is_number_integer() -- check if value is an integer or unsigned
+    integer number
+    @sa @ref is_number_float() -- check if value is a floating-point number
+
+    @since version 2.0.0
+    */
+    constexpr bool is_number_unsigned() const noexcept
+    {
+        return m_type == value_t::number_unsigned;
+    }
+
+    /*!
+    @brief return whether value is a floating-point number
+
+    This function returns true iff the JSON value is a floating-point number.
+    This excludes integer and unsigned integer values.
+
+    @return `true` if type is a floating-point number, `false` otherwise.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `is_number_float()` for all
+    JSON types.,is_number_float}
+
+    @sa @ref is_number() -- check if value is number
+    @sa @ref is_number_integer() -- check if value is an integer number
+    @sa @ref is_number_unsigned() -- check if value is an unsigned integer
+    number
+
+    @since version 1.0.0
+    */
+    constexpr bool is_number_float() const noexcept
+    {
+        return m_type == value_t::number_float;
+    }
+
+    /*!
+    @brief return whether value is an object
+
+    This function returns true iff the JSON value is an object.
+
+    @return `true` if type is object, `false` otherwise.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `is_object()` for all JSON
+    types.,is_object}
+
+    @since version 1.0.0
+    */
+    constexpr bool is_object() const noexcept
+    {
+        return m_type == value_t::object;
+    }
+
+    /*!
+    @brief return whether value is an array
+
+    This function returns true iff the JSON value is an array.
+
+    @return `true` if type is array, `false` otherwise.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `is_array()` for all JSON
+    types.,is_array}
+
+    @since version 1.0.0
+    */
+    constexpr bool is_array() const noexcept
+    {
+        return m_type == value_t::array;
+    }
+
+    /*!
+    @brief return whether value is a string
+
+    This function returns true iff the JSON value is a string.
+
+    @return `true` if type is string, `false` otherwise.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `is_string()` for all JSON
+    types.,is_string}
+
+    @since version 1.0.0
+    */
+    constexpr bool is_string() const noexcept
+    {
+        return m_type == value_t::string;
+    }
+
+    /*!
+    @brief return whether value is discarded
+
+    This function returns true iff the JSON value was discarded during parsing
+    with a callback function (see @ref parser_callback_t).
+
+    @note This function will always be `false` for JSON values after parsing.
+    That is, discarded values can only occur during parsing, but will be
+    removed when inside a structured value or replaced by null in other cases.
+
+    @return `true` if type is discarded, `false` otherwise.
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies `is_discarded()` for all JSON
+    types.,is_discarded}
+
+    @since version 1.0.0
+    */
+    constexpr bool is_discarded() const noexcept
+    {
+        return m_type == value_t::discarded;
+    }
+
+    /*!
+    @brief return the type of the JSON value (implicit)
+
+    Implicitly return the type of the JSON value as a value from the @ref
+    value_t enumeration.
+
+    @return the type of the JSON value
+
+    @complexity Constant.
+
+    @exceptionsafety No-throw guarantee: this member function never throws
+    exceptions.
+
+    @liveexample{The following code exemplifies the @ref value_t operator for
+    all JSON types.,operator__value_t}
+
+    @since version 1.0.0
+    */
+    constexpr operator value_t() const noexcept
+    {
+        return m_type;
+    }
+
+    /// @}
+
+  private:
+    //////////////////
+    // value access //
+    //////////////////
+
+    /// get an object (explicit)
+    template <class T, typename
+              std::enable_if<
+                  std::is_convertible<typename object_t::key_type, typename T::key_type>::value and
+                  std::is_convertible<basic_json_t, typename T::mapped_type>::value
+                  , int>::type = 0>
+    T get_impl(T*) const
+    {
+        if (is_object())
+        {
+            assert(m_value.object != nullptr);
+            return T(m_value.object->begin(), m_value.object->end());
+        }
+        else
+        {
+            throw std::domain_error("type must be object, but is " + type_name());
+        }
+    }
+
+    /// get an object (explicit)
+    object_t get_impl(object_t*) const
+    {
+        if (is_object())
+        {
+            assert(m_value.object != nullptr);
+            return *(m_value.object);
+        }
+        else
+        {
+            throw std::domain_error("type must be object, but is " + type_name());
+        }
+    }
+
+    /// get an array (explicit)
+    template <class T, typename
+              std::enable_if<
+                  std::is_convertible<basic_json_t, typename T::value_type>::value and
+                  not std::is_same<basic_json_t, typename T::value_type>::value and
+                  not std::is_arithmetic<T>::value and
+                  not std::is_convertible<std::string, T>::value and
+                  not has_mapped_type<T>::value
+                  , int>::type = 0>
+    T get_impl(T*) const
+    {
+        if (is_array())
+        {
+            T to_vector;
+            assert(m_value.array != nullptr);
+            std::transform(m_value.array->begin(), m_value.array->end(),
+                           std::inserter(to_vector, to_vector.end()), [](basic_json i)
+            {
+                return i.get<typename T::value_type>();
+            });
+            return to_vector;
+        }
+        else
+        {
+            throw std::domain_error("type must be array, but is " + type_name());
+        }
+    }
+
+    /// get an array (explicit)
+    template <class T, typename
+              std::enable_if<
+                  std::is_convertible<basic_json_t, T>::value and
+                  not std::is_same<basic_json_t, T>::value
+                  , int>::type = 0>
+    std::vector<T> get_impl(std::vector<T>*) const
+    {
+        if (is_array())
+        {
+            std::vector<T> to_vector;
+            assert(m_value.array != nullptr);
+            to_vector.reserve(m_value.array->size());
+            std::transform(m_value.array->begin(), m_value.array->end(),
+                           std::inserter(to_vector, to_vector.end()), [](basic_json i)
+            {
+                return i.get<T>();
+            });
+            return to_vector;
+        }
+        else
+        {
+            throw std::domain_error("type must be array, but is " + type_name());
+        }
+    }
+
+    /// get an array (explicit)
+    template <class T, typename
+              std::enable_if<
+                  std::is_same<basic_json, typename T::value_type>::value and
+                  not has_mapped_type<T>::value
+                  , int>::type = 0>
+    T get_impl(T*) const
+    {
+        if (is_array())
+        {
+            assert(m_value.array != nullptr);
+            return T(m_value.array->begin(), m_value.array->end());
+        }
+        else
+        {
+            throw std::domain_error("type must be array, but is " + type_name());
+        }
+    }
+
+    /// get an array (explicit)
+    array_t get_impl(array_t*) const
+    {
+        if (is_array())
+        {
+            assert(m_value.array != nullptr);
+            return *(m_value.array);
+        }
+        else
+        {
+            throw std::domain_error("type must be array, but is " + type_name());
+        }
+    }
+
+    /// get a string (explicit)
+    template <typename T, typename
+              std::enable_if<
+                  std::is_convertible<string_t, T>::value
+                  , int>::type = 0>
+    T get_impl(T*) const
+    {
+        if (is_string())
+        {
+            assert(m_value.string != nullptr);
+            return *m_value.string;
+        }
+        else
+        {
+            throw std::domain_error("type must be string, but is " + type_name());
+        }
+    }
+
+    /// get a number (explicit)
+    template<typename T, typename
+             std::enable_if<
+                 std::is_arithmetic<T>::value
+                 , int>::type = 0>
+    T get_impl(T*) const
+    {
+        switch (m_type)
+        {
+            case value_t::number_integer:
+            {
+                return static_cast<T>(m_value.number_integer);
+            }
+
+            case value_t::number_unsigned:
+            {
+                return static_cast<T>(m_value.number_unsigned);
+            }
+
+            case value_t::number_float:
+            {
+                return static_cast<T>(m_value.number_float);
+            }
+
+            default:
+            {
+                throw std::domain_error("type must be number, but is " + type_name());
+            }
+        }
+    }
+
+    /// get a boolean (explicit)
+    constexpr boolean_t get_impl(boolean_t*) const
+    {
+        return is_boolean()
+               ? m_value.boolean
+               : throw std::domain_error("type must be boolean, but is " + type_name());
+    }
+
+    /// get a pointer to the value (object)
+    object_t* get_impl_ptr(object_t*) noexcept
+    {
+        return is_object() ? m_value.object : nullptr;
+    }
+
+    /// get a pointer to the value (object)
+    constexpr const object_t* get_impl_ptr(const object_t*) const noexcept
+    {
+        return is_object() ? m_value.object : nullptr;
+    }
+
+    /// get a pointer to the value (array)
+    array_t* get_impl_ptr(array_t*) noexcept
+    {
+        return is_array() ? m_value.array : nullptr;
+    }
+
+    /// get a pointer to the value (array)
+    constexpr const array_t* get_impl_ptr(const array_t*) const noexcept
+    {
+        return is_array() ? m_value.array : nullptr;
+    }
+
+    /// get a pointer to the value (string)
+    string_t* get_impl_ptr(string_t*) noexcept
+    {
+        return is_string() ? m_value.string : nullptr;
+    }
+
+    /// get a pointer to the value (string)
+    constexpr const string_t* get_impl_ptr(const string_t*) const noexcept
+    {
+        return is_string() ? m_value.string : nullptr;
+    }
+
+    /// get a pointer to the value (boolean)
+    boolean_t* get_impl_ptr(boolean_t*) noexcept
+    {
+        return is_boolean() ? &m_value.boolean : nullptr;
+    }
+
+    /// get a pointer to the value (boolean)
+    constexpr const boolean_t* get_impl_ptr(const boolean_t*) const noexcept
+    {
+        return is_boolean() ? &m_value.boolean : nullptr;
+    }
+
+    /// get a pointer to the value (integer number)
+    number_integer_t* get_impl_ptr(number_integer_t*) noexcept
+    {
+        return is_number_integer() ? &m_value.number_integer : nullptr;
+    }
+
+    /// get a pointer to the value (integer number)
+    constexpr const number_integer_t* get_impl_ptr(const number_integer_t*) const noexcept
+    {
+        return is_number_integer() ? &m_value.number_integer : nullptr;
+    }
+
+    /// get a pointer to the value (unsigned number)
+    number_unsigned_t* get_impl_ptr(number_unsigned_t*) noexcept
+    {
+        return is_number_unsigned() ? &m_value.number_unsigned : nullptr;
+    }
+
+    /// get a pointer to the value (unsigned number)
+    constexpr const number_unsigned_t* get_impl_ptr(const number_unsigned_t*) const noexcept
+    {
+        return is_number_unsigned() ? &m_value.number_unsigned : nullptr;
+    }
+
+    /// get a pointer to the value (floating-point number)
+    number_float_t* get_impl_ptr(number_float_t*) noexcept
+    {
+        return is_number_float() ? &m_value.number_float : nullptr;
+    }
+
+    /// get a pointer to the value (floating-point number)
+    constexpr const number_float_t* get_impl_ptr(const number_float_t*) const noexcept
+    {
+        return is_number_float() ? &m_value.number_float : nullptr;
+    }
+
+    /*!
+    @brief helper function to implement get_ref()
+
+    This funcion helps to implement get_ref() without code duplication for
+    const and non-const overloads
+
+    @tparam ThisType will be deduced as `basic_json` or `const basic_json`
+
+    @throw std::domain_error if ReferenceType does not match underlying value
+    type of the current JSON
+    */
+    template<typename ReferenceType, typename ThisType>
+    static ReferenceType get_ref_impl(ThisType& obj)
+    {
+        // delegate the call to get_ptr<>()
+        using PointerType = typename std::add_pointer<ReferenceType>::type;
+        auto ptr = obj.template get_ptr<PointerType>();
+
+        if (ptr != nullptr)
+        {
+            return *ptr;
+        }
+        else
+        {
+            throw std::domain_error("incompatible ReferenceType for get_ref, actual type is " +
+                                    obj.type_name());
+        }
+    }
+
+  public:
+
+    /// @name value access
+    /// @{
+
+    /*!
+    @brief get a value (explicit)
+
+    Explicit type conversion between the JSON value and a compatible value.
+
+    @tparam ValueType non-pointer type compatible to the JSON value, for
+    instance `int` for JSON integer numbers, `bool` for JSON booleans, or
+    `std::vector` types for JSON arrays
+
+    @return copy of the JSON value, converted to type @a ValueType
+
+    @throw std::domain_error in case passed type @a ValueType is incompatible
+    to JSON; example: `"type must be object, but is null"`
+
+    @complexity Linear in the size of the JSON value.
+
+    @liveexample{The example below shows several conversions from JSON values
+    to other types. There a few things to note: (1) Floating-point numbers can
+    be converted to integers\, (2) A JSON array can be converted to a standard
+    `std::vector<short>`\, (3) A JSON object can be converted to C++
+    associative containers such as `std::unordered_map<std::string\,
+    json>`.,get__ValueType_const}
+
+    @internal
+    The idea of using a casted null pointer to choose the correct
+    implementation is from <http://stackoverflow.com/a/8315197/266378>.
+    @endinternal
+
+    @sa @ref operator ValueType() const for implicit conversion
+    @sa @ref get() for pointer-member access
+
+    @since version 1.0.0
+    */
+    template<typename ValueType, typename
+             std::enable_if<
+                 not std::is_pointer<ValueType>::value
+                 , int>::type = 0>
+    ValueType get() const
+    {
+        return get_impl(static_cast<ValueType*>(nullptr));
+    }
+
+    /*!
+    @brief get a pointer value (explicit)
+
+    Explicit pointer access to the internally stored JSON value. No copies are
+    made.
+
+    @warning The pointer becomes invalid if the underlying JSON object changes.
+
+    @tparam PointerType pointer type; must be a pointer to @ref array_t, @ref
+    object_t, @ref string_t, @ref boolean_t, @ref number_integer_t,
+    @ref number_unsigned_t, or @ref number_float_t.
+
+    @return pointer to the internally stored JSON value if the requested
+    pointer type @a PointerType fits to the JSON value; `nullptr` otherwise
+
+    @complexity Constant.
+
+    @liveexample{The example below shows how pointers to internal values of a
+    JSON value can be requested. Note that no type conversions are made and a
+    `nullptr` is returned if the value and the requested pointer type does not
+    match.,get__PointerType}
+
+    @sa @ref get_ptr() for explicit pointer-member access
+
+    @since version 1.0.0
+    */
+    template<typename PointerType, typename
+             std::enable_if<
+                 std::is_pointer<PointerType>::value
+                 , int>::type = 0>
+    PointerType get() noexcept
+    {
+        // delegate the call to get_ptr
+        return get_ptr<PointerType>();
+    }
+
+    /*!
+    @brief get a pointer value (explicit)
+    @copydoc get()
+    */
+    template<typename PointerType, typename
+             std::enable_if<
+                 std::is_pointer<PointerType>::value
+                 , int>::type = 0>
+    constexpr const PointerType get() const noexcept
+    {
+        // delegate the call to get_ptr
+        return get_ptr<PointerType>();
+    }
+
+    /*!
+    @brief get a pointer value (implicit)
+
+    Implicit pointer access to the internally stored JSON value. No copies are
+    made.
+
+    @warning Writing data to the pointee of the result yields an undefined
+    state.
+
+    @tparam PointerType pointer type; must be a pointer to @ref array_t, @ref
+    object_t, @ref string_t, @ref boolean_t, @ref number_integer_t,
+    @ref number_unsigned_t, or @ref number_float_t.
+
+    @return pointer to the internally stored JSON value if the requested
+    pointer type @a PointerType fits to the JSON value; `nullptr` otherwise
+
+    @complexity Constant.
+
+    @liveexample{The example below shows how pointers to internal values of a
+    JSON value can be requested. Note that no type conversions are made and a
+    `nullptr` is returned if the value and the requested pointer type does not
+    match.,get_ptr}
+
+    @since version 1.0.0
+    */
+    template<typename PointerType, typename
+             std::enable_if<
+                 std::is_pointer<PointerType>::value
+                 , int>::type = 0>
+    PointerType get_ptr() noexcept
+    {
+        // delegate the call to get_impl_ptr<>()
+        return get_impl_ptr(static_cast<PointerType>(nullptr));
+    }
+
+    /*!
+    @brief get a pointer value (implicit)
+    @copydoc get_ptr()
+    */
+    template<typename PointerType, typename
+             std::enable_if<
+                 std::is_pointer<PointerType>::value
+                 and std::is_const<typename std::remove_pointer<PointerType>::type>::value
+                 , int>::type = 0>
+    constexpr const PointerType get_ptr() const noexcept
+    {
+        // delegate the call to get_impl_ptr<>() const
+        return get_impl_ptr(static_cast<const PointerType>(nullptr));
+    }
+
+    /*!
+    @brief get a reference value (implicit)
+
+    Implict reference access to the internally stored JSON value. No copies
+    are made.
+
+    @warning Writing data to the referee of the result yields an undefined
+    state.
+
+    @tparam ReferenceType reference type; must be a reference to @ref array_t,
+    @ref object_t, @ref string_t, @ref boolean_t, @ref number_integer_t, or
+    @ref number_float_t.
+
+    @return reference to the internally stored JSON value if the requested
+    reference type @a ReferenceType fits to the JSON value; throws
+    std::domain_error otherwise
+
+    @throw std::domain_error in case passed type @a ReferenceType is
+    incompatible with the stored JSON value
+
+    @complexity Constant.
+
+    @liveexample{The example shows several calls to `get_ref()`.,get_ref}
+
+    @since version 1.1.0
+    */
+    template<typename ReferenceType, typename
+             std::enable_if<
+                 std::is_reference<ReferenceType>::value
+                 , int>::type = 0>
+    ReferenceType get_ref()
+    {
+        // delegate call to get_ref_impl
+        return get_ref_impl<ReferenceType>(*this);
+    }
+
+    /*!
+    @brief get a reference value (implicit)
+    @copydoc get_ref()
+    */
+    template<typename ReferenceType, typename
+             std::enable_if<
+                 std::is_reference<ReferenceType>::value
+                 and std::is_const<typename std::remove_reference<ReferenceType>::type>::value
+                 , int>::type = 0>
+    ReferenceType get_ref() const
+    {
+        // delegate call to get_ref_impl
+        return get_ref_impl<ReferenceType>(*this);
+    }
+
+    /*!
+    @brief get a value (implicit)
+
+    Implicit type conversion between the JSON value and a compatible value.
+    The call is realized by calling @ref get() const.
+
+    @tparam ValueType non-pointer type compatible to the JSON value, for
+    instance `int` for JSON integer numbers, `bool` for JSON booleans, or
+    `std::vector` types for JSON arrays. The character type of @ref string_t
+    as well as an initializer list of this type is excluded to avoid
+    ambiguities as these types implicitly convert to `std::string`.
+
+    @return copy of the JSON value, converted to type @a ValueType
+
+    @throw std::domain_error in case passed type @a ValueType is incompatible
+    to JSON, thrown by @ref get() const
+
+    @complexity Linear in the size of the JSON value.
+
+    @liveexample{The example below shows several conversions from JSON values
+    to other types. There a few things to note: (1) Floating-point numbers can
+    be converted to integers\, (2) A JSON array can be converted to a standard
+    `std::vector<short>`\, (3) A JSON object can be converted to C++
+    associative containers such as `std::unordered_map<std::string\,
+    json>`.,operator__ValueType}
+
+    @since version 1.0.0
+    */
+    template < typename ValueType, typename
+               std::enable_if <
+                   not std::is_pointer<ValueType>::value
+                   and not std::is_same<ValueType, typename string_t::value_type>::value
+#ifndef _MSC_VER  // Fix for issue #167 operator<< abiguity under VS2015
+                   and not std::is_same<ValueType, std::initializer_list<typename string_t::value_type>>::value
+#endif
+                   , int >::type = 0 >
+    operator ValueType() const
+    {
+        // delegate the call to get<>() const
+        return get<ValueType>();
+    }
+
+    /// @}
+
+
+    ////////////////////
+    // element access //
+    ////////////////////
+
+    /// @name element access
+    /// @{
+
+    /*!
+    @brief access specified array element with bounds checking
+
+    Returns a reference to the element at specified location @a idx, with
+    bounds checking.
+
+    @param[in] idx  index of the element to access
+
+    @return reference to the element at index @a idx
+
+    @throw std::domain_error if the JSON value is not an array; example:
+    `"cannot use at() with string"`
+    @throw std::out_of_range if the index @a idx is out of range of the array;
+    that is, `idx >= size()`; example: `"array index 7 is out of range"`
+
+    @complexity Constant.
+
+    @liveexample{The example below shows how array elements can be read and
+    written using `at()`.,at__size_type}
+
+    @since version 1.0.0
+    */
+    reference at(size_type idx)
+    {
+        // at only works for arrays
+        if (is_array())
+        {
+            try
+            {
+                assert(m_value.array != nullptr);
+                return m_value.array->at(idx);
+            }
+            catch (std::out_of_range&)
+            {
+                // create better exception explanation
+                throw std::out_of_range("array index " + std::to_string(idx) + " is out of range");
+            }
+        }
+        else
+        {
+            throw std::domain_error("cannot use at() with " + type_name());
+        }
+    }
+
+    /*!
+    @brief access specified array element with bounds checking
+
+    Returns a const reference to the element at specified location @a idx,
+    with bounds checking.
+
+    @param[in] idx  index of the element to access
+
+    @return const reference to the element at index @a idx
+
+    @throw std::domain_error if the JSON value is not an array; example:
+    `"cannot use at() with string"`
+    @throw std::out_of_range if the index @a idx is out of range of the array;
+    that is, `idx >= size()`; example: `"array index 7 is out of range"`
+
+    @complexity Constant.
+
+    @liveexample{The example below shows how array elements can be read using
+    `at()`.,at__size_type_const}
+
+    @since version 1.0.0
+    */
+    const_reference at(size_type idx) const
+    {
+        // at only works for arrays
+        if (is_array())
+        {
+            try
+            {
+                assert(m_value.array != nullptr);
+                return m_value.array->at(idx);
+            }
+            catch (std::out_of_range&)
+            {
+                // create better exception explanation
+                throw std::out_of_range("array index " + std::to_string(idx) + " is out of range");
+            }
+        }
+        else
+        {
+            throw std::domain_error("cannot use at() with " + type_name());
+        }
+    }
+
+    /*!
+    @brief access specified object element with bounds checking
+
+    Returns a reference to the element at with specified key @a key, with
+    bounds checking.
+
+    @param[in] key  key of the element to access
+
+    @return reference to the element at key @a key
+
+    @throw std::domain_error if the JSON value is not an object; example:
+    `"cannot use at() with boolean"`
+    @throw std::out_of_range if the key @a key is is not stored in the object;
+    that is, `find(key) == end()`; example: `"key "the fast" not found"`
+
+    @complexity Logarithmic in the size of the container.
+
+    @liveexample{The example below shows how object elements can be read and
+    written using `at()`.,at__object_t_key_type}
+
+    @sa @ref operator[](const typename object_t::key_type&) for unchecked
+    access by reference
+    @sa @ref value() for access by value with a default value
+
+    @since version 1.0.0
+    */
+    reference at(const typename object_t::key_type& key)
+    {
+        // at only works for objects
+        if (is_object())
+        {
+            try
+            {
+                assert(m_value.object != nullptr);
+                return m_value.object->at(key);
+            }
+            catch (std::out_of_range&)
+            {
+                // create better exception explanation
+                throw std::out_of_range("key '" + key + "' not found");
+            }
+        }
+        else
+        {
+            throw std::domain_error("cannot use at() with " + type_name());
+        }
+    }
+
+    /*!
+    @brief access specified object element with bounds checking
+
+    Returns a const reference to the element at with specified key @a key,
+    with bounds checking.
+
+    @param[in] key  key of the element to access
+
+    @return const reference to the element at key @a key
+
+    @throw std::domain_error if the JSON value is not an object; example:
+    `"cannot use at() with boolean"`
+    @throw std::out_of_range if the key @a key is is not stored in the object;
+    that is, `find(key) == end()`; example: `"key "the fast" not found"`
+
+    @complexity Logarithmic in the size of the container.
+
+    @liveexample{The example below shows how object elements can be read using
+    `at()`.,at__object_t_key_type_const}
+
+    @sa @ref operator[](const typename object_t::key_type&) for unchecked
+    access by reference
+    @sa @ref value() for access by value with a default value
+
+    @since version 1.0.0
+    */
+    const_reference at(const typename object_t::key_type& key) const
+    {
+        // at only works for objects
+        if (is_object())
+        {
+            try
+            {
+                assert(m_value.object != nullptr);
+                return m_value.object->at(key);
+            }
+            catch (std::out_of_range&)
+            {
+                // create better exception explanation
+                throw std::out_of_range("key '" + key + "' not found");
+            }
+        }
+        else
+        {
+            throw std::domain_error("cannot use at() with " + type_name());
+        }
+    }
+
+    /*!
+    @brief access specified array element
+
+    Returns a reference to the element at specified location @a idx.
+
+    @note If @a idx is beyond the range of the array (i.e., `idx >= size()`),
+    then the array is silently filled up with `null` values to make `idx` a
+    valid reference to the last stored element.
+
+    @param[in] idx  index of the element to access
+
+    @return reference to the element at index @a idx
+
+    @throw std::domain_error if JSON is not an array or null; example:
+    `"cannot use operator[] with string"`
+
+    @complexity Constant if @a idx is in the range of the array. Otherwise
+    linear in `idx - size()`.
+
+    @liveexample{The example below shows how array elements can be read and
+    written using `[]` operator. Note the addition of `null`
+    values.,operatorarray__size_type}
+
+    @since version 1.0.0
+    */
+    reference operator[](size_type idx)
+    {
+        // implicitly convert null value to an empty array
+        if (is_null())
+        {
+            m_type = value_t::array;
+            m_value.array = create<array_t>();
+        }
+
+        // operator[] only works for arrays
+        if (is_array())
+        {
+            // fill up array with null values until given idx is reached
+            assert(m_value.array != nullptr);
+            for (size_t i = m_value.array->size(); i <= idx; ++i)
+            {
+                m_value.array->push_back(basic_json());
+            }
+
+            return m_value.array->operator[](idx);
+        }
+        else
+        {
+            throw std::domain_error("cannot use operator[] with " + type_name());
+        }
+    }
+
+    /*!
+    @brief access specified array element
+
+    Returns a const reference to the element at specified location @a idx.
+
+    @param[in] idx  index of the element to access
+
+    @return const reference to the element at index @a idx
+
+    @throw std::domain_error if JSON is not an array; example: `"cannot use
+    operator[] with null"`
+
+    @complexity Constant.
+
+    @liveexample{The example below shows how array elements can be read using
+    the `[]` operator.,operatorarray__size_type_const}
+
+    @since version 1.0.0
+    */
+    const_reference operator[](size_type idx) const
+    {
+        // const operator[] only works for arrays
+        if (is_array())
+        {
+            assert(m_value.array != nullptr);
+            return m_value.array->operator[](idx);
+        }
+        else
+        {
+            throw std::domain_error("cannot use operator[] with " + type_name());
+        }
+    }
+
+    /*!
+    @brief access specified object element
+
+    Returns a reference to the element at with specified key @a key.
+
+    @note If @a key is not found in the object, then it is silently added to
+    the object and filled with a `null` value to make `key` a valid reference.
+    In case the value was `null` before, it is converted to an object.
+
+    @param[in] key  key of the element to access
+
+    @return reference to the element at key @a key
+
+    @throw std::domain_error if JSON is not an object or null; example:
+    `"cannot use operator[] with string"`
+
+    @complexity Logarithmic in the size of the container.
+
+    @liveexample{The example below shows how object elements can be read and
+    written using the `[]` operator.,operatorarray__key_type}
+
+    @sa @ref at(const typename object_t::key_type&) for access by reference
+    with range checking
+    @sa @ref value() for access by value with a default value
+
+    @since version 1.0.0
+    */
+    reference operator[](const typename object_t::key_type& key)
+    {
+        // implicitly convert null value to an empty object
+        if (is_null())
+        {
+            m_type = value_t::object;
+            m_value.object = create<object_t>();
+        }
+
+        // operator[] only works for objects
+        if (is_object())
+        {
+            assert(m_value.object != nullptr);
+            return m_value.object->operator[](key);
+        }
+        else
+        {
+            throw std::domain_error("cannot use operator[] with " + type_name());
+        }
+    }
+
+    /*!
+    @brief read-only access specified object element
+
+    Returns a const reference to the element at with specified key @a key. No
+    bounds checking is performed.
+
+    @warning If the element with key @a key does not exist, the behavior is
+    undefined.
+
+    @param[in] key  key of the element to access
+
+    @return const reference to the element at key @a key
+
+    @throw std::domain_error if JSON is not an object; example: `"cannot use
+    operator[] with null"`
+
+    @complexity Logarithmic in the size of the container.
+
+    @liveexample{The example below shows how object elements can be read using
+    the `[]` operator.,operatorarray__key_type_const}
+
+    @sa @ref at(const typename object_t::key_type&) for access by reference
+    with range checking
+    @sa @ref value() for access by value with a default value
+
+    @since version 1.0.0
+    */
+    const_reference operator[](const typename object_t::key_type& key) const
+    {
+        // const operator[] only works for objects
+        if (is_object())
+        {
+            assert(m_value.object != nullptr);
+            assert(m_value.object->find(key) != m_value.object->end());
+            return m_value.object->find(key)->second;
+        }
+        else
+        {
+            throw std::domain_error("cannot use operator[] with " + type_name());
+        }
+    }
+
+    /*!
+    @brief access specified object element
+
+    Returns a reference to the element at with specified key @a key.
+
+    @note If @a key is not found in the object, then it is silently added to
+    the object and filled with a `null` value to make `key` a valid reference.
+    In case the value was `null` before, it is converted to an object.
+
+    @param[in] key  key of the element to access
+
+    @return reference to the element at key @a key
+
+    @throw std::domain_error if JSON is not an object or null; example:
+    `"cannot use operator[] with string"`
+
+    @complexity Logarithmic in the size of the container.
+
+    @liveexample{The example below shows how object elements can be read and
+    written using the `[]` operator.,operatorarray__key_type}
+
+    @sa @ref at(const typename object_t::key_type&) for access by reference
+    with range checking
+    @sa @ref value() for access by value with a default value
+
+    @since version 1.0.0
+    */
+    template<typename T, std::size_t n>
+    reference operator[](T * (&key)[n])
+    {
+        return operator[](static_cast<const T>(key));
+    }
+
+    /*!
+    @brief read-only access specified object element
+
+    Returns a const reference to the element at with specified key @a key. No
+    bounds checking is performed.
+
+    @warning If the element with key @a key does not exist, the behavior is
+    undefined.
+
+    @note This function is required for compatibility reasons with Clang.
+
+    @param[in] key  key of the element to access
+
+    @return const reference to the element at key @a key
+
+    @throw std::domain_error if JSON is not an object; example: `"cannot use
+    operator[] with null"`
+
+    @complexity Logarithmic in the size of the container.
+
+    @liveexample{The example below shows how object elements can be read using
+    the `[]` operator.,operatorarray__key_type_const}
+
+    @sa @ref at(const typename object_t::key_type&) for access by reference
+    with range checking
+    @sa @ref value() for access by value with a default value
+
+    @since version 1.0.0
+    */
+    template<typename T, std::size_t n>
+    const_reference operator[](T * (&key)[n]) const
+    {
+        return operator[](static_cast<const T>(key));
+    }
+
+    /*!
+    @brief access specified object element
+
+    Returns a reference to the element at with specified key @a key.
+
+    @note If @a key is not found in the object, then it is silently added to
+    the object and filled with a `null` value to make `key` a valid reference.
+    In case the value was `null` before, it is converted to an object.
+
+    @param[in] key  key of the element to access
+
+    @return reference to the element at key @a key
+
+    @throw std::domain_error if JSON is not an object or null; example:
+    `"cannot use operator[] with string"`
+
+    @complexity Logarithmic in the size of the container.
+
+    @liveexample{The example below shows how object elements can be read and
+    written using the `[]` operator.,operatorarray__key_type}
+
+    @sa @ref at(const typename object_t::key_type&) for access by reference
+    with range checking
+    @sa @ref value() for access by value with a default value
+
+    @since version 1.1.0
+    */
+    template<typename T>
+    reference operator[](T* key)
+    {
+        // implicitly convert null to object
+        if (is_null())
+        {
+            m_type = value_t::object;
+            m_value = value_t::object;
+        }
+
+        // at only works for objects
+        if (is_object())
+        {
+            assert(m_value.object != nullptr);
+            return m_value.object->operator[](key);
+        }
+        else
+        {
+            throw std::domain_error("cannot use operator[] with " + type_name());
+        }
+    }
+
+    /*!
+    @brief read-only access specified object element
+
+    Returns a const reference to the element at with specified key @a key. No
+    bounds checking is performed.
+
+    @warning If the element with key @a key does not exist, the behavior is
+    undefined.
+
+    @param[in] key  key of the element to access
+
+    @return const reference to the element at key @a key
+
+    @throw std::domain_error if JSON is not an object; example: `"cannot use
+    operator[] with null"`
+
+    @complexity Logarithmic in the size of the container.
+
+    @liveexample{The example below shows how object elements can be read using
+    the `[]` operator.,operatorarray__key_type_const}
+
+    @sa @ref at(const typename object_t::key_type&) for access by reference
+    with range checking
+    @sa @ref value() for access by value with a default value
+
+    @since version 1.1.0
+    */
+    template<typename T>
+    const_reference operator[](T* key) const
+    {
+        // at only works for objects
+        if (is_object())
+        {
+            assert(m_value.object != nullptr);
+            assert(m_value.object->find(key) != m_value.object->end());
+            return m_value.object->find(key)->second;
+        }
+        else
+        {
+            throw std::domain_error("cannot use operator[] with " + type_name());
+        }
+    }
+
+    /*!
+    @brief access specified object element with default value
+
+    Returns either a copy of an object's element at the specified key @a key or
+    a given default value if no element with key @a key exists.
+
+    The function is basically equivalent to executing
+    @code {.cpp}
+    try {
+        return at(key);
+    } catch(std::out_of_range) {
+        return default_value;
+    }
+    @endcode
+
+    @note Unlike @ref at(const typename object_t::key_type&), this function
+    does not throw if the given key @a key was not found.
+
+    @note Unlike @ref operator[](const typename object_t::key_type& key), this
+    function does not implicitly add an element to the position defined by @a
+    key. This function is furthermore also applicable to const objects.
+
+    @param[in] key  key of the element to access
+    @param[in] default_value  the value to return if @a key is not found
+
+    @tparam ValueType type compatible to JSON values, for instance `int` for
+    JSON integer numbers, `bool` for JSON booleans, or `std::vector` types for
+    JSON arrays. Note the type of the expected value at @a key and the default
+    value @a default_value must be compatible.
+
+    @return copy of the element at key @a key or @a default_value if @a key
+    is not found
+
+    @throw std::domain_error if JSON is not an object; example: `"cannot use
+    value() with null"`
+
+    @complexity Logarithmic in the size of the container.
+
+    @liveexample{The example below shows how object elements can be queried
+    with a default value.,basic_json__value}
+
+    @sa @ref at(const typename object_t::key_type&) for access by reference
+    with range checking
+    @sa @ref operator[](const typename object_t::key_type&) for unchecked
+    access by reference
+
+    @since version 1.0.0
+    */
+    template <class ValueType, typename
+              std::enable_if<
+                  std::is_convertible<basic_json_t, ValueType>::value
+                  , int>::type = 0>
+    ValueType value(const typename object_t::key_type& key, ValueType default_value) const
+    {
+        // at only works for objects
+        if (is_object())
+        {
+            // if key is found, return value and given default value otherwise
+            const auto it = find(key);
+            if (it != end())
+            {
+                return *it;
+            }
+            else
+            {
+                return default_value;
+            }
+        }
+        else
+        {
+            throw std::domain_error("cannot use value() with " + type_name());
+        }
+    }
+
+    /*!
+    @brief overload for a default value of type const char*
+    @copydoc basic_json::value()
+    */
+    string_t value(const typename object_t::key_type& key, const char* default_value) const
+    {
+        return value(key, string_t(default_value));
+    }
+
+    /*!
+    @brief access the first element
+
+    Returns a reference to the first element in the container. For a JSON
+    container `c`, the expression `c.front()` is equivalent to `*c.begin()`.
+
+    @return In case of a structured type (array or object), a reference to the
+    first element is returned. In cast of number, string, or boolean values, a
+    reference to the value is returned.
+
+    @complexity Constant.
+
+    @pre The JSON value must not be `null` (would throw `std::out_of_range`)
+    or an empty array or object (undefined behavior, guarded by assertions).
+    @post The JSON value remains unchanged.
+
+    @throw std::out_of_range when called on `null` value
+
+    @liveexample{The following code shows an example for `front()`.,front}
+
+    @sa @ref back() -- access the last element
+
+    @since version 1.0.0
+    */
+    reference front()
+    {
+        return *begin();
+    }
+
+    /*!
+    @copydoc basic_json::front()
+    */
+    const_reference front() const
+    {
+        return *cbegin();
+    }
+
+    /*!
+    @brief access the last element
+
+    Returns a reference to the last element in the container. For a JSON
+    container `c`, the expression `c.back()` is equivalent to
+    @code {.cpp}
+    auto tmp = c.end();
+    --tmp;
+    return *tmp;
+    @endcode
+
+    @return In case of a structured type (array or object), a reference to the
+    last element is returned. In cast of number, string, or boolean values, a
+    reference to the value is returned.
+
+    @complexity Constant.
+
+    @pre The JSON value must not be `null` (would throw `std::out_of_range`)
+    or an empty array or object (undefined behavior, guarded by assertions).
+    @post The JSON value remains unchanged.
+
+    @throw std::out_of_range when called on `null` value.
+
+    @liveexample{The following code shows an example for `back()`.,back}
+
+    @sa @ref front() -- access the first element
+
+    @since version 1.0.0
+    */
+    reference back()
+    {
+        auto tmp = end();
+        --tmp;
+        return *tmp;
+    }
+
+    /*!
+    @copydoc basic_json::back()
+    */
+    const_reference back() const
+    {
+        auto tmp = cend();
+        --tmp;
+        return *tmp;
+    }
+
+    /*!
+    @brief remove element given an iterator
+
+    Removes the element specified by iterator @a pos. The iterator @a pos must
+    be valid and dereferenceable. Thus the `end()` iterator (which is valid,
+    but is not dereferenceable) cannot be used as a value for @a pos.
+
+    If called on a primitive type other than `null`, the resulting JSON value
+    will be `null`.
+
+    @param[in] pos iterator to the element to remove
+    @return Iterator following the last removed element. If the iterator @a
+    pos refers to the last element, the `end()` iterator is returned.
+
+    @tparam InteratorType an @ref iterator or @ref const_iterator
+
+    @post Invalidates iterators and references at or after the point of the
+    erase, including the `end()` iterator.
+
+    @throw std::domain_error if called on a `null` value; example: `"cannot
+    use erase() with null"`
+    @throw std::domain_error if called on an iterator which does not belong to
+    the current JSON value; example: `"iterator does not fit current value"`
+    @throw std::out_of_range if called on a primitive type with invalid
+    iterator (i.e., any iterator which is not `begin()`); example: `"iterator
+    out of range"`
+
+    @complexity The complexity depends on the type:
+    - objects: amortized constant
+    - arrays: linear in distance between pos and the end of the container
+    - strings: linear in the length of the string
+    - other types: constant
+
+    @liveexample{The example shows the result of `erase()` for different JSON
+    types.,erase__IteratorType}
+
+    @sa @ref erase(InteratorType, InteratorType) -- removes the elements in
+    the given range
+    @sa @ref erase(const typename object_t::key_type&) -- removes the element
+    from an object at the given key
+    @sa @ref erase(const size_type) -- removes the element from an array at
+    the given index
+
+    @since version 1.0.0
+    */
+    template <class InteratorType, typename
+              std::enable_if<
+                  std::is_same<InteratorType, typename basic_json_t::iterator>::value or
+                  std::is_same<InteratorType, typename basic_json_t::const_iterator>::value
+                  , int>::type
+              = 0>
+    InteratorType erase(InteratorType pos)
+    {
+        // make sure iterator fits the current value
+        if (this != pos.m_object)
+        {
+            throw std::domain_error("iterator does not fit current value");
+        }
+
+        InteratorType result = end();
+
+        switch (m_type)
+        {
+            case value_t::boolean:
+            case value_t::number_float:
+            case value_t::number_integer:
+            case value_t::number_unsigned:
+            case value_t::string:
+            {
+                if (not pos.m_it.primitive_iterator.is_begin())
+                {
+                    throw std::out_of_range("iterator out of range");
+                }
+
+                if (is_string())
+                {
+                    delete m_value.string;
+                    m_value.string = nullptr;
+                }
+
+                m_type = value_t::null;
+                break;
+            }
+
+            case value_t::object:
+            {
+                assert(m_value.object != nullptr);
+                result.m_it.object_iterator = m_value.object->erase(pos.m_it.object_iterator);
+                break;
+            }
+
+            case value_t::array:
+            {
+                assert(m_value.array != nullptr);
+                result.m_it.array_iterator = m_value.array->erase(pos.m_it.array_iterator);
+                break;
+            }
+
+            default:
+            {
+                throw std::domain_error("cannot use erase() with " + type_name());
+            }
+        }
+
+        return result;
+    }
+
+    /*!
+    @brief remove elements given an iterator range
+
+    Removes the element specified by the range `[first; last)`. The iterator
+    @a first does not need to be dereferenceable if `first == last`: erasing
+    an empty range is a no-op.
+
+    If called on a primitive type other than `null`, the resulting JSON value
+    will be `null`.
+
+    @param[in] first iterator to the beginning of the range to remove
+    @param[in] last iterator past the end of the range to remove
+    @return Iterator following the last removed element. If the iterator @a
+    second refers to the last element, the `end()` iterator is returned.
+
+    @tparam InteratorType an @ref iterator or @ref const_iterator
+
+    @post Invalidates iterators and references at or after the point of the
+    erase, including the `end()` iterator.
+
+    @throw std::domain_error if called on a `null` value; example: `"cannot
+    use erase() with null"`
+    @throw std::domain_error if called on iterators which does not belong to
+    the current JSON value; example: `"iterators do not fit current value"`
+    @throw std::out_of_range if called on a primitive type with invalid
+    iterators (i.e., if `first != begin()` and `last != end()`); example:
+    `"iterators out of range"`
+
+    @complexity The complexity depends on the type:
+    - objects: `log(size()) + std::distance(first, last)`
+    - arrays: linear in the distance between @a first and @a last, plus linear
+      in the distance between @a last and end of the container
+    - strings: linear in the length of the string
+    - other types: constant
+
+    @liveexample{The example shows the result of `erase()` for different JSON
+    types.,erase__IteratorType_IteratorType}
+
+    @sa @ref erase(InteratorType) -- removes the element at a given position
+    @sa @ref erase(const typename object_t::key_type&) -- removes the element
+    from an object at the given key
+    @sa @ref erase(const size_type) -- removes the element from an array at
+    the given index
+
+    @since version 1.0.0
+    */
+    template <class InteratorType, typename
+              std::enable_if<
+                  std::is_same<InteratorType, typename basic_json_t::iterator>::value or
+                  std::is_same<InteratorType, typename basic_json_t::const_iterator>::value
+                  , int>::type
+              = 0>
+    InteratorType erase(InteratorType first, InteratorType last)
+    {
+        // make sure iterator fits the current value
+        if (this != first.m_object or this != last.m_object)
+        {
+            throw std::domain_error("iterators do not fit current value");
+        }
+
+        InteratorType result = end();
+
+        switch (m_type)
+        {
+            case value_t::boolean:
+            case value_t::number_float:
+            case value_t::number_integer:
+            case value_t::number_unsigned:
+            case value_t::string:
+            {
+                if (not first.m_it.primitive_iterator.is_begin() or not last.m_it.primitive_iterator.is_end())
+                {
+                    throw std::out_of_range("iterators out of range");
+                }
+
+                if (is_string())
+                {
+                    delete m_value.string;
+                    m_value.string = nullptr;
+                }
+
+                m_type = value_t::null;
+                break;
+            }
+
+            case value_t::object:
+            {
+                assert(m_value.object != nullptr);
+                result.m_it.object_iterator = m_value.object->erase(first.m_it.object_iterator,
+                                              last.m_it.object_iterator);
+                break;
+            }
+
+            case value_t::array:
+            {
+                assert(m_value.array != nullptr);
+                result.m_it.array_iterator = m_value.array->erase(first.m_it.array_iterator,
+                                             last.m_it.array_iterator);
+                break;
+            }
+
+            default:
+            {
+                throw std::domain_error("cannot use erase() with " + type_name());
+            }
+        }
+
+        return result;
+    }
+
+    /*!
+    @brief remove element from a JSON object given a key
+
+    Removes elements from a JSON object with the key value @a key.
+
+    @param[in] key value of the elements to remove
+
+    @return Number of elements removed. If @a ObjectType is the default
+    `std::map` type, the return value will always be `0` (@a key was not
+    found) or `1` (@a key was found).
+
+    @post References and iterators to the erased elements are invalidated.
+    Other references and iterators are not affected.
+
+    @throw std::domain_error when called on a type other than JSON object;
+    example: `"cannot use erase() with null"`
+
+    @complexity `log(size()) + count(key)`
+
+    @liveexample{The example shows the effect of `erase()`.,erase__key_type}
+
+    @sa @ref erase(InteratorType) -- removes the element at a given position
+    @sa @ref erase(InteratorType, InteratorType) -- removes the elements in
+    the given range
+    @sa @ref erase(const size_type) -- removes the element from an array at
+    the given index
+
+    @since version 1.0.0
+    */
+    size_type erase(const typename object_t::key_type& key)
+    {
+        // this erase only works for objects
+        if (is_object())
+        {
+            assert(m_value.object != nullptr);
+            return m_value.object->erase(key);
+        }
+        else
+        {
+            throw std::domain_error("cannot use erase() with " + type_name());
+        }
+    }
+
+    /*!
+    @brief remove element from a JSON array given an index
+
+    Removes element from a JSON array at the index @a idx.
+
+    @param[in] idx index of the element to remove
+
+    @throw std::domain_error when called on a type other than JSON array;
+    example: `"cannot use erase() with null"`
+    @throw std::out_of_range when `idx >= size()`; example: `"array index 17
+    is out of range"`
+
+    @complexity Linear in distance between @a idx and the end of the container.
+
+    @liveexample{The example shows the effect of `erase()`.,erase__size_type}
+
+    @sa @ref erase(InteratorType) -- removes the element at a given position
+    @sa @ref erase(InteratorType, InteratorType) -- removes the elements in
+    the given range
+    @sa @ref erase(const typename object_t::key_type&) -- removes the element
+    from an object at the given key
+
+    @since version 1.0.0
+    */
+    void erase(const size_type idx)
+    {
+        // this erase only works for arrays
+        if (is_array())
+        {
+            if (idx >= size())
+            {
+                throw std::out_of_range("array index " + std::to_string(idx) + " is out of range");
+            }
+
+            assert(m_value.array != nullptr);
+            m_value.array->erase(m_value.array->begin() + static_cast<difference_type>(idx));
+        }
+        else
+        {
+            throw std::domain_error("cannot use erase() with " + type_name());
+        }
+    }
+
+    /// @}
+
+
+    ////////////
+    // lookup //
+    ////////////
+
+    /// @name lookup
+    /// @{
+
+    /*!
+    @brief find an element in a JSON object
+
+    Finds an element in a JSON object with key equivalent to @a key. If the
+    element is not found or the JSON value is not an object, end() is
+    returned.
+
+    @param[in] key key value of the element to search for
+
+    @return Iterator to an element with key equivalent to @a key. If no such
+    element is found, past-the-end (see end()) iterator is returned.
+
+    @complexity Logarithmic in the size of the JSON object.
+
+    @liveexample{The example shows how `find()` is used.,find__key_type}
+
+    @since version 1.0.0
+    */
+    iterator find(typename object_t::key_type key)
+    {
+        auto result = end();
+
+        if (is_object())
+        {
+            assert(m_value.object != nullptr);
+            result.m_it.object_iterator = m_value.object->find(key);
+        }
+
+        return result;
+    }
+
+    /*!
+    @brief find an element in a JSON object
+    @copydoc find(typename object_t::key_type)
+    */
+    const_iterator find(typename object_t::key_type key) const
+    {
+        auto result = cend();
+
+        if (is_object())
+        {
+            assert(m_value.object != nullptr);
+            result.m_it.object_iterator = m_value.object->find(key);
+        }
+
+        return result;
+    }
+
+    /*!
+    @brief returns the number of occurrences of a key in a JSON object
+
+    Returns the number of elements with key @a key. If ObjectType is the
+    default `std::map` type, the return value will always be `0` (@a key was
+    not found) or `1` (@a key was found).
+
+    @param[in] key key value of the element to count
+
+    @return Number of elements with key @a key. If the JSON value is not an
+    object, the return value will be `0`.
+
+    @complexity Logarithmic in the size of the JSON object.
+
+    @liveexample{The example shows how `count()` is used.,count}
+
+    @since version 1.0.0
+    */
+    size_type count(typename object_t::key_type key) const
+    {
+        // return 0 for all nonobject types
+        assert(not is_object() or m_value.object != nullptr);
+        return is_object() ? m_value.object->count(key) : 0;
+    }
+
+    /// @}
+
+
+    ///////////////
+    // iterators //
+    ///////////////
+
+    /// @name iterators
+    /// @{
+
+    /*!
+    @brief returns an iterator to the first element
+
+    Returns an iterator to the first element.
+
+    @image html range-begin-end.svg "Illustration from cppreference.com"
+
+    @return iterator to the first element
+
+    @complexity Constant.
+
+    @requirement This function helps `basic_json` satisfying the
+    [Container](http://en.cppreference.com/w/cpp/concept/Container)
+    requirements:
+    - The complexity is constant.
+
+    @liveexample{The following code shows an example for `begin()`.,begin}
+
+    @sa @ref cbegin() -- returns a const iterator to the beginning
+    @sa @ref end() -- returns an iterator to the end
+    @sa @ref cend() -- returns a const iterator to the end
+
+    @since version 1.0.0
+    */
+    iterator begin() noexcept
+    {
+        iterator result(this);
+        result.set_begin();
+        return result;
+    }
+
+    /*!
+    @copydoc basic_json::cbegin()
+    */
+    const_iterator begin() const noexcept
+    {
+        return cbegin();
+    }
+
+    /*!
+    @brief returns a const iterator to the first element
+
+    Returns a const iterator to the first element.
+
+    @image html range-begin-end.svg "Illustration from cppreference.com"
+
+    @return const iterator to the first element
+
+    @complexity Constant.
+
+    @requirement This function helps `basic_json` satisfying the
+    [Container](http://en.cppreference.com/w/cpp/concept/Container)
+    requirements:
+    - The complexity is constant.
+    - Has the semantics of `const_cast<const basic_json&>(*this).begin()`.
+
+    @liveexample{The following code shows an example for `cbegin()`.,cbegin}
+
+    @sa @ref begin() -- returns an iterator to the beginning
+    @sa @ref end() -- returns an iterator to the end
+    @sa @ref cend() -- returns a const iterator to the end
+
+    @since version 1.0.0
+    */
+    const_iterator cbegin() const noexcept
+    {
+        const_iterator result(this);
+        result.set_begin();
+        return result;
+    }
+
+    /*!
+    @brief returns an iterator to one past the last element
+
+    Returns an iterator to one past the last element.
+
+    @image html range-begin-end.svg "Illustration from cppreference.com"
+
+    @return iterator one past the last element
+
+    @complexity Constant.
+
+    @requirement This function helps `basic_json` satisfying the
+    [Container](http://en.cppreference.com/w/cpp/concept/Container)
+    requirements:
+    - The complexity is constant.
+
+    @liveexample{The following code shows an example for `end()`.,end}
+
+    @sa @ref cend() -- returns a const iterator to the end
+    @sa @ref begin() -- returns an iterator to the beginning
+    @sa @ref cbegin() -- returns a const iterator to the beginning
+
+    @since version 1.0.0
+    */
+    iterator end() noexcept
+    {
+        iterator result(this);
+        result.set_end();
+        return result;
+    }
+
+    /*!
+    @copydoc basic_json::cend()
+    */
+    const_iterator end() const noexcept
+    {
+        return cend();
+    }
+
+    /*!
+    @brief returns a const iterator to one past the last element
+
+    Returns a const iterator to one past the last element.
+
+    @image html range-begin-end.svg "Illustration from cppreference.com"
+
+    @return const iterator one past the last element
+
+    @complexity Constant.
+
+    @requirement This function helps `basic_json` satisfying the
+    [Container](http://en.cppreference.com/w/cpp/concept/Container)
+    requirements:
+    - The complexity is constant.
+    - Has the semantics of `const_cast<const basic_json&>(*this).end()`.
+
+    @liveexample{The following code shows an example for `cend()`.,cend}
+
+    @sa @ref end() -- returns an iterator to the end
+    @sa @ref begin() -- returns an iterator to the beginning
+    @sa @ref cbegin() -- returns a const iterator to the beginning
+
+    @since version 1.0.0
+    */
+    const_iterator cend() const noexcept
+    {
+        const_iterator result(this);
+        result.set_end();
+        return result;
+    }
+
+    /*!
+    @brief returns an iterator to the reverse-beginning
+
+    Returns an iterator to the reverse-beginning; that is, the last element.
+
+    @image html range-rbegin-rend.svg "Illustration from cppreference.com"
+
+    @complexity Constant.
+
+    @requirement This function helps `basic_json` satisfying the
+    [ReversibleContainer](http://en.cppreference.com/w/cpp/concept/ReversibleContainer)
+    requirements:
+    - The complexity is constant.
+    - Has the semantics of `reverse_iterator(end())`.
+
+    @liveexample{The following code shows an example for `rbegin()`.,rbegin}
+
+    @sa @ref crbegin() -- returns a const reverse iterator to the beginning
+    @sa @ref rend() -- returns a reverse iterator to the end
+    @sa @ref crend() -- returns a const reverse iterator to the end
+
+    @since version 1.0.0
+    */
+    reverse_iterator rbegin() noexcept
+    {
+        return reverse_iterator(end());
+    }
+
+    /*!
+    @copydoc basic_json::crbegin()
+    */
+    const_reverse_iterator rbegin() const noexcept
+    {
+        return crbegin();
+    }
+
+    /*!
+    @brief returns an iterator to the reverse-end
+
+    Returns an iterator to the reverse-end; that is, one before the first
+    element.
+
+    @image html range-rbegin-rend.svg "Illustration from cppreference.com"
+
+    @complexity Constant.
+
+    @requirement This function helps `basic_json` satisfying the
+    [ReversibleContainer](http://en.cppreference.com/w/cpp/concept/ReversibleContainer)
+    requirements:
+    - The complexity is constant.
+    - Has the semantics of `reverse_iterator(begin())`.
+
+    @liveexample{The following code shows an example for `rend()`.,rend}
+
+    @sa @ref crend() -- returns a const reverse iterator to the end
+    @sa @ref rbegin() -- returns a reverse iterator to the beginning
+    @sa @ref crbegin() -- returns a const reverse iterator to the beginning
+
+    @since version 1.0.0
+    */
+    reverse_iterator rend() noexcept
+    {
+        return reverse_iterator(begin());
+    }
+
+    /*!
+    @copydoc basic_json::crend()
+    */
+    const_reverse_iterator rend() const noexcept
+    {
+        return crend();
+    }
+
+    /*!
+    @brief returns a const reverse iterator to the last element
+
+    Returns a const iterator to the reverse-beginning; that is, the last
+    element.
+
+    @image html range-rbegin-rend.svg "Illustration from cppreference.com"
+
+    @complexity Constant.
+
+    @requirement This function helps `basic_json` satisfying the
+    [ReversibleContainer](http://en.cppreference.com/w/cpp/concept/ReversibleContainer)
+    requirements:
+    - The complexity is constant.
+    - Has the semantics of `const_cast<const basic_json&>(*this).rbegin()`.
+
+    @liveexample{The following code shows an example for `crbegin()`.,crbegin}
+
+    @sa @ref rbegin() -- returns a reverse iterator to the beginning
+    @sa @ref rend() -- returns a reverse iterator to the end
+    @sa @ref crend() -- returns a const reverse iterator to the end
+
+    @since version 1.0.0
+    */
+    const_reverse_iterator crbegin() const noexcept
+    {
+        return const_reverse_iterator(cend());
+    }
+
+    /*!
+    @brief returns a const reverse iterator to one before the first
+
+    Returns a const reverse iterator to the reverse-end; that is, one before
+    the first element.
+
+    @image html range-rbegin-rend.svg "Illustration from cppreference.com"
+
+    @complexity Constant.
+
+    @requirement This function helps `basic_json` satisfying the
+    [ReversibleContainer](http://en.cppreference.com/w/cpp/concept/ReversibleContainer)
+    requirements:
+    - The complexity is constant.
+    - Has the semantics of `const_cast<const basic_json&>(*this).rend()`.
+
+    @liveexample{The following code shows an example for `crend()`.,crend}
+
+    @sa @ref rend() -- returns a reverse iterator to the end
+    @sa @ref rbegin() -- returns a reverse iterator to the beginning
+    @sa @ref crbegin() -- returns a const reverse iterator to the beginning
+
+    @since version 1.0.0
+    */
+    const_reverse_iterator crend() const noexcept
+    {
+        return const_reverse_iterator(cbegin());
+    }
+
+  private:
+    // forward declaration
+    template<typename IteratorType> class iteration_proxy;
+
+  public:
+    /*!
+    @brief wrapper to access iterator member functions in range-based for
+
+    This function allows to access @ref iterator::key() and @ref
+    iterator::value() during range-based for loops. In these loops, a
+    reference to the JSON values is returned, so there is no access to the
+    underlying iterator.
+
+    @note The name of this function is not yet final and may change in the
+    future.
+    */
+    static iteration_proxy<iterator> iterator_wrapper(reference cont)
+    {
+        return iteration_proxy<iterator>(cont);
+    }
+
+    /*!
+    @copydoc iterator_wrapper(reference)
+    */
+    static iteration_proxy<const_iterator> iterator_wrapper(const_reference cont)
+    {
+        return iteration_proxy<const_iterator>(cont);
+    }
+
+    /// @}
+
+
+    //////////////
+    // capacity //
+    //////////////
+
+    /// @name capacity
+    /// @{
+
+    /*!
+    @brief checks whether the container is empty
+
+    Checks if a JSON value has no elements.
+
+    @return The return value depends on the different types and is
+            defined as follows:
+            Value type  | return value
+            ----------- | -------------
+            null        | `true`
+            boolean     | `false`
+            string      | `false`
+            number      | `false`
+            object      | result of function `object_t::empty()`
+            array       | result of function `array_t::empty()`
+
+    @complexity Constant, as long as @ref array_t and @ref object_t satisfy
+    the Container concept; that is, their `empty()` functions have constant
+    complexity.
+
+    @requirement This function helps `basic_json` satisfying the
+    [Container](http://en.cppreference.com/w/cpp/concept/Container)
+    requirements:
+    - The complexity is constant.
+    - Has the semantics of `begin() == end()`.
+
+    @liveexample{The following code uses `empty()` to check if a JSON
+    object contains any elements.,empty}
+
+    @sa @ref size() -- returns the number of elements
+
+    @since version 1.0.0
+    */
+    bool empty() const noexcept
+    {
+        switch (m_type)
+        {
+            case value_t::null:
+            {
+                // null values are empty
+                return true;
+            }
+
+            case value_t::array:
+            {
+                assert(m_value.array != nullptr);
+                return m_value.array->empty();
+            }
+
+            case value_t::object:
+            {
+                assert(m_value.object != nullptr);
+                return m_value.object->empty();
+            }
+
+            default:
+            {
+                // all other types are nonempty
+                return false;
+            }
+        }
+    }
+
+    /*!
+    @brief returns the number of elements
+
+    Returns the number of elements in a JSON value.
+
+    @return The return value depends on the different types and is
+            defined as follows:
+            Value type  | return value
+            ----------- | -------------
+            null        | `0`
+            boolean     | `1`
+            string      | `1`
+            number      | `1`
+            object      | result of function object_t::size()
+            array       | result of function array_t::size()
+
+    @complexity Constant, as long as @ref array_t and @ref object_t satisfy
+    the Container concept; that is, their size() functions have constant
+    complexity.
+
+    @requirement This function helps `basic_json` satisfying the
+    [Container](http://en.cppreference.com/w/cpp/concept/Container)
+    requirements:
+    - The complexity is constant.
+    - Has the semantics of `std::distance(begin(), end())`.
+
+    @liveexample{The following code calls `size()` on the different value
+    types.,size}
+
+    @sa @ref empty() -- checks whether the container is empty
+    @sa @ref max_size() -- returns the maximal number of elements
+
+    @since version 1.0.0
+    */
+    size_type size() const noexcept
+    {
+        switch (m_type)
+        {
+            case value_t::null:
+            {
+                // null values are empty
+                return 0;
+            }
+
+            case value_t::array:
+            {
+                assert(m_value.array != nullptr);
+                return m_value.array->size();
+            }
+
+            case value_t::object:
+            {
+                assert(m_value.object != nullptr);
+                return m_value.object->size();
+            }
+
+            default:
+            {
+                // all other types have size 1
+                return 1;
+            }
+        }
+    }
+
+    /*!
+    @brief returns the maximum possible number of elements
+
+    Returns the maximum number of elements a JSON value is able to hold due to
+    system or library implementation limitations, i.e. `std::distance(begin(),
+    end())` for the JSON value.
+
+    @return The return value depends on the different types and is
+            defined as follows:
+            Value type  | return value
+            ----------- | -------------
+            null        | `0` (same as `size()`)
+            boolean     | `1` (same as `size()`)
+            string      | `1` (same as `size()`)
+            number      | `1` (same as `size()`)
+            object      | result of function `object_t::max_size()`
+            array       | result of function `array_t::max_size()`
+
+    @complexity Constant, as long as @ref array_t and @ref object_t satisfy
+    the Container concept; that is, their `max_size()` functions have constant
+    complexity.
+
+    @requirement This function helps `basic_json` satisfying the
+    [Container](http://en.cppreference.com/w/cpp/concept/Container)
+    requirements:
+    - The complexity is constant.
+    - Has the semantics of returning `b.size()` where `b` is the largest
+      possible JSON value.
+
+    @liveexample{The following code calls `max_size()` on the different value
+    types. Note the output is implementation specific.,max_size}
+
+    @sa @ref size() -- returns the number of elements
+
+    @since version 1.0.0
+    */
+    size_type max_size() const noexcept
+    {
+        switch (m_type)
+        {
+            case value_t::array:
+            {
+                assert(m_value.array != nullptr);
+                return m_value.array->max_size();
+            }
+
+            case value_t::object:
+            {
+                assert(m_value.object != nullptr);
+                return m_value.object->max_size();
+            }
+
+            default:
+            {
+                // all other types have max_size() == size()
+                return size();
+            }
+        }
+    }
+
+    /// @}
+
+
+    ///////////////
+    // modifiers //
+    ///////////////
+
+    /// @name modifiers
+    /// @{
+
+    /*!
+    @brief clears the contents
+
+    Clears the content of a JSON value and resets it to the default value as
+    if @ref basic_json(value_t) would have been called:
+
+    Value type  | initial value
+    ----------- | -------------
+    null        | `null`
+    boolean     | `false`
+    string      | `""`
+    number      | `0`
+    object      | `{}`
+    array       | `[]`
+
+    @note Floating-point numbers are set to `0.0` which will be serialized to
+    `0`. The vale type remains @ref number_float_t.
+
+    @complexity Linear in the size of the JSON value.
+
+    @liveexample{The example below shows the effect of `clear()` to different
+    JSON types.,clear}
+
+    @since version 1.0.0
+    */
+    void clear() noexcept
+    {
+        switch (m_type)
+        {
+            case value_t::number_integer:
+            {
+                m_value.number_integer = 0;
+                break;
+            }
+
+            case value_t::number_unsigned:
+            {
+                m_value.number_unsigned = 0;
+                break;
+            }
+
+            case value_t::number_float:
+            {
+                m_value.number_float = 0.0;
+                break;
+            }
+
+            case value_t::boolean:
+            {
+                m_value.boolean = false;
+                break;
+            }
+
+            case value_t::string:
+            {
+                assert(m_value.string != nullptr);
+                m_value.string->clear();
+                break;
+            }
+
+            case value_t::array:
+            {
+                assert(m_value.array != nullptr);
+                m_value.array->clear();
+                break;
+            }
+
+            case value_t::object:
+            {
+                assert(m_value.object != nullptr);
+                m_value.object->clear();
+                break;
+            }
+
+            default:
+            {
+                break;
+            }
+        }
+    }
+
+    /*!
+    @brief add an object to an array
+
+    Appends the given element @a val to the end of the JSON value. If the
+    function is called on a JSON null value, an empty array is created before
+    appending @a val.
+
+    @param[in] val the value to add to the JSON array
+
+    @throw std::domain_error when called on a type other than JSON array or
+    null; example: `"cannot use push_back() with number"`
+
+    @complexity Amortized constant.
+
+    @liveexample{The example shows how `push_back()` and `+=` can be used to
+    add elements to a JSON array. Note how the `null` value was silently
+    converted to a JSON array.,push_back}
+
+    @since version 1.0.0
+    */
+    void push_back(basic_json&& val)
+    {
+        // push_back only works for null objects or arrays
+        if (not(is_null() or is_array()))
+        {
+            throw std::domain_error("cannot use push_back() with " + type_name());
+        }
+
+        // transform null object into an array
+        if (is_null())
+        {
+            m_type = value_t::array;
+            m_value = value_t::array;
+        }
+
+        // add element to array (move semantics)
+        assert(m_value.array != nullptr);
+        m_value.array->push_back(std::move(val));
+        // invalidate object
+        val.m_type = value_t::null;
+    }
+
+    /*!
+    @brief add an object to an array
+    @copydoc push_back(basic_json&&)
+    */
+    reference operator+=(basic_json&& val)
+    {
+        push_back(std::move(val));
+        return *this;
+    }
+
+    /*!
+    @brief add an object to an array
+    @copydoc push_back(basic_json&&)
+    */
+    void push_back(const basic_json& val)
+    {
+        // push_back only works for null objects or arrays
+        if (not(is_null() or is_array()))
+        {
+            throw std::domain_error("cannot use push_back() with " + type_name());
+        }
+
+        // transform null object into an array
+        if (is_null())
+        {
+            m_type = value_t::array;
+            m_value = value_t::array;
+        }
+
+        // add element to array
+        assert(m_value.array != nullptr);
+        m_value.array->push_back(val);
+    }
+
+    /*!
+    @brief add an object to an array
+    @copydoc push_back(basic_json&&)
+    */
+    reference operator+=(const basic_json& val)
+    {
+        push_back(val);
+        return *this;
+    }
+
+    /*!
+    @brief add an object to an object
+
+    Inserts the given element @a val to the JSON object. If the function is
+    called on a JSON null value, an empty object is created before inserting
+    @a val.
+
+    @param[in] val the value to add to the JSON object
+
+    @throw std::domain_error when called on a type other than JSON object or
+    null; example: `"cannot use push_back() with number"`
+
+    @complexity Logarithmic in the size of the container, O(log(`size()`)).
+
+    @liveexample{The example shows how `push_back()` and `+=` can be used to
+    add elements to a JSON object. Note how the `null` value was silently
+    converted to a JSON object.,push_back__object_t__value}
+
+    @since version 1.0.0
+    */
+    void push_back(const typename object_t::value_type& val)
+    {
+        // push_back only works for null objects or objects
+        if (not(is_null() or is_object()))
+        {
+            throw std::domain_error("cannot use push_back() with " + type_name());
+        }
+
+        // transform null object into an object
+        if (is_null())
+        {
+            m_type = value_t::object;
+            m_value = value_t::object;
+        }
+
+        // add element to array
+        assert(m_value.object != nullptr);
+        m_value.object->insert(val);
+    }
+
+    /*!
+    @brief add an object to an object
+    @copydoc push_back(const typename object_t::value_type&)
+    */
+    reference operator+=(const typename object_t::value_type& val)
+    {
+        push_back(val);
+        return *this;
+    }
+
+    /*!
+    @brief add an object to an object
+
+    This function allows to use `push_back` with an initializer list. In case
+
+    1. the current value is an object,
+    2. the initializer list @a init contains only two elements, and
+    3. the first element of @a init is a string,
+
+    @a init is converted into an object element and added using
+    @ref push_back(const typename object_t::value_type&). Otherwise, @a init
+    is converted to a JSON value and added using @ref push_back(basic_json&&).
+
+    @param init  an initializer list
+
+    @complexity Linear in the size of the initializer list @a init.
+
+    @note This function is required to resolve an ambiguous overload error,
+          because pairs like `{"key", "value"}` can be both interpreted as
+          `object_t::value_type` or `std::initializer_list<basic_json>`, see
+          https://github.com/nlohmann/json/issues/235 for more information.
+
+    @liveexample{The example shows how initializer lists are treated as
+    objects when possible.,push_back__initializer_list}
+    */
+    void push_back(std::initializer_list<basic_json> init)
+    {
+        if (is_object() and init.size() == 2 and init.begin()->is_string())
+        {
+            const string_t key = *init.begin();
+            push_back(typename object_t::value_type(key, *(init.begin() + 1)));
+        }
+        else
+        {
+            push_back(basic_json(init));
+        }
+    }
+
+    /*!
+    @brief add an object to an object
+    @copydoc push_back(std::initializer_list<basic_json>)
+    */
+    reference operator+=(std::initializer_list<basic_json> init)
+    {
+        push_back(init);
+        return *this;
+    }
+
+    /*!
+    @brief inserts element
+
+    Inserts element @a val before iterator @a pos.
+
+    @param[in] pos iterator before which the content will be inserted; may be
+    the end() iterator
+    @param[in] val element to insert
+    @return iterator pointing to the inserted @a val.
+
+    @throw std::domain_error if called on JSON values other than arrays;
+    example: `"cannot use insert() with string"`
+    @throw std::domain_error if @a pos is not an iterator of *this; example:
+    `"iterator does not fit current value"`
+
+    @complexity Constant plus linear in the distance between pos and end of the
+    container.
+
+    @liveexample{The example shows how `insert()` is used.,insert}
+
+    @since version 1.0.0
+    */
+    iterator insert(const_iterator pos, const basic_json& val)
+    {
+        // insert only works for arrays
+        if (is_array())
+        {
+            // check if iterator pos fits to this JSON value
+            if (pos.m_object != this)
+            {
+                throw std::domain_error("iterator does not fit current value");
+            }
+
+            // insert to array and return iterator
+            iterator result(this);
+            assert(m_value.array != nullptr);
+            result.m_it.array_iterator = m_value.array->insert(pos.m_it.array_iterator, val);
+            return result;
+        }
+        else
+        {
+            throw std::domain_error("cannot use insert() with " + type_name());
+        }
+    }
+
+    /*!
+    @brief inserts element
+    @copydoc insert(const_iterator, const basic_json&)
+    */
+    iterator insert(const_iterator pos, basic_json&& val)
+    {
+        return insert(pos, val);
+    }
+
+    /*!
+    @brief inserts elements
+
+    Inserts @a cnt copies of @a val before iterator @a pos.
+
+    @param[in] pos iterator before which the content will be inserted; may be
+    the end() iterator
+    @param[in] cnt number of copies of @a val to insert
+    @param[in] val element to insert
+    @return iterator pointing to the first element inserted, or @a pos if
+    `cnt==0`
+
+    @throw std::domain_error if called on JSON values other than arrays;
+    example: `"cannot use insert() with string"`
+    @throw std::domain_error if @a pos is not an iterator of *this; example:
+    `"iterator does not fit current value"`
+
+    @complexity Linear in @a cnt plus linear in the distance between @a pos
+    and end of the container.
+
+    @liveexample{The example shows how `insert()` is used.,insert__count}
+
+    @since version 1.0.0
+    */
+    iterator insert(const_iterator pos, size_type cnt, const basic_json& val)
+    {
+        // insert only works for arrays
+        if (is_array())
+        {
+            // check if iterator pos fits to this JSON value
+            if (pos.m_object != this)
+            {
+                throw std::domain_error("iterator does not fit current value");
+            }
+
+            // insert to array and return iterator
+            iterator result(this);
+            assert(m_value.array != nullptr);
+            result.m_it.array_iterator = m_value.array->insert(pos.m_it.array_iterator, cnt, val);
+            return result;
+        }
+        else
+        {
+            throw std::domain_error("cannot use insert() with " + type_name());
+        }
+    }
+
+    /*!
+    @brief inserts elements
+
+    Inserts elements from range `[first, last)` before iterator @a pos.
+
+    @param[in] pos iterator before which the content will be inserted; may be
+    the end() iterator
+    @param[in] first begin of the range of elements to insert
+    @param[in] last end of the range of elements to insert
+
+    @throw std::domain_error if called on JSON values other than arrays;
+    example: `"cannot use insert() with string"`
+    @throw std::domain_error if @a pos is not an iterator of *this; example:
+    `"iterator does not fit current value"`
+    @throw std::domain_error if @a first and @a last do not belong to the same
+    JSON value; example: `"iterators do not fit"`
+    @throw std::domain_error if @a first or @a last are iterators into
+    container for which insert is called; example: `"passed iterators may not
+    belong to container"`
+
+    @return iterator pointing to the first element inserted, or @a pos if
+    `first==last`
+
+    @complexity Linear in `std::distance(first, last)` plus linear in the
+    distance between @a pos and end of the container.
+
+    @liveexample{The example shows how `insert()` is used.,insert__range}
+
+    @since version 1.0.0
+    */
+    iterator insert(const_iterator pos, const_iterator first, const_iterator last)
+    {
+        // insert only works for arrays
+        if (not is_array())
+        {
+            throw std::domain_error("cannot use insert() with " + type_name());
+        }
+
+        // check if iterator pos fits to this JSON value
+        if (pos.m_object != this)
+        {
+            throw std::domain_error("iterator does not fit current value");
+        }
+
+        // check if range iterators belong to the same JSON object
+        if (first.m_object != last.m_object)
+        {
+            throw std::domain_error("iterators do not fit");
+        }
+
+        if (first.m_object == this or last.m_object == this)
+        {
+            throw std::domain_error("passed iterators may not belong to container");
+        }
+
+        // insert to array and return iterator
+        iterator result(this);
+        assert(m_value.array != nullptr);
+        result.m_it.array_iterator = m_value.array->insert(
+                                         pos.m_it.array_iterator,
+                                         first.m_it.array_iterator,
+                                         last.m_it.array_iterator);
+        return result;
+    }
+
+    /*!
+    @brief inserts elements
+
+    Inserts elements from initializer list @a ilist before iterator @a pos.
+
+    @param[in] pos iterator before which the content will be inserted; may be
+    the end() iterator
+    @param[in] ilist initializer list to insert the values from
+
+    @throw std::domain_error if called on JSON values other than arrays;
+    example: `"cannot use insert() with string"`
+    @throw std::domain_error if @a pos is not an iterator of *this; example:
+    `"iterator does not fit current value"`
+
+    @return iterator pointing to the first element inserted, or @a pos if
+    `ilist` is empty
+
+    @complexity Linear in `ilist.size()` plus linear in the distance between
+    @a pos and end of the container.
+
+    @liveexample{The example shows how `insert()` is used.,insert__ilist}
+
+    @since version 1.0.0
+    */
+    iterator insert(const_iterator pos, std::initializer_list<basic_json> ilist)
+    {
+        // insert only works for arrays
+        if (not is_array())
+        {
+            throw std::domain_error("cannot use insert() with " + type_name());
+        }
+
+        // check if iterator pos fits to this JSON value
+        if (pos.m_object != this)
+        {
+            throw std::domain_error("iterator does not fit current value");
+        }
+
+        // insert to array and return iterator
+        iterator result(this);
+        assert(m_value.array != nullptr);
+        result.m_it.array_iterator = m_value.array->insert(pos.m_it.array_iterator, ilist);
+        return result;
+    }
+
+    /*!
+    @brief exchanges the values
+
+    Exchanges the contents of the JSON value with those of @a other. Does not
+    invoke any move, copy, or swap operations on individual elements. All
+    iterators and references remain valid. The past-the-end iterator is
+    invalidated.
+
+    @param[in,out] other JSON value to exchange the contents with
+
+    @complexity Constant.
+
+    @liveexample{The example below shows how JSON values can be swapped with
+    `swap()`.,swap__reference}
+
+    @since version 1.0.0
+    */
+    void swap(reference other) noexcept (
+        std::is_nothrow_move_constructible<value_t>::value and
+        std::is_nothrow_move_assignable<value_t>::value and
+        std::is_nothrow_move_constructible<json_value>::value and
+        std::is_nothrow_move_assignable<json_value>::value
+    )
+    {
+        std::swap(m_type, other.m_type);
+        std::swap(m_value, other.m_value);
+    }
+
+    /*!
+    @brief exchanges the values
+
+    Exchanges the contents of a JSON array with those of @a other. Does not
+    invoke any move, copy, or swap operations on individual elements. All
+    iterators and references remain valid. The past-the-end iterator is
+    invalidated.
+
+    @param[in,out] other array to exchange the contents with
+
+    @throw std::domain_error when JSON value is not an array; example: `"cannot
+    use swap() with string"`
+
+    @complexity Constant.
+
+    @liveexample{The example below shows how arrays can be swapped with
+    `swap()`.,swap__array_t}
+
+    @since version 1.0.0
+    */
+    void swap(array_t& other)
+    {
+        // swap only works for arrays
+        if (is_array())
+        {
+            assert(m_value.array != nullptr);
+            std::swap(*(m_value.array), other);
+        }
+        else
+        {
+            throw std::domain_error("cannot use swap() with " + type_name());
+        }
+    }
+
+    /*!
+    @brief exchanges the values
+
+    Exchanges the contents of a JSON object with those of @a other. Does not
+    invoke any move, copy, or swap operations on individual elements. All
+    iterators and references remain valid. The past-the-end iterator is
+    invalidated.
+
+    @param[in,out] other object to exchange the contents with
+
+    @throw std::domain_error when JSON value is not an object; example:
+    `"cannot use swap() with string"`
+
+    @complexity Constant.
+
+    @liveexample{The example below shows how objects can be swapped with
+    `swap()`.,swap__object_t}
+
+    @since version 1.0.0
+    */
+    void swap(object_t& other)
+    {
+        // swap only works for objects
+        if (is_object())
+        {
+            assert(m_value.object != nullptr);
+            std::swap(*(m_value.object), other);
+        }
+        else
+        {
+            throw std::domain_error("cannot use swap() with " + type_name());
+        }
+    }
+
+    /*!
+    @brief exchanges the values
+
+    Exchanges the contents of a JSON string with those of @a other. Does not
+    invoke any move, copy, or swap operations on individual elements. All
+    iterators and references remain valid. The past-the-end iterator is
+    invalidated.
+
+    @param[in,out] other string to exchange the contents with
+
+    @throw std::domain_error when JSON value is not a string; example: `"cannot
+    use swap() with boolean"`
+
+    @complexity Constant.
+
+    @liveexample{The example below shows how strings can be swapped with
+    `swap()`.,swap__string_t}
+
+    @since version 1.0.0
+    */
+    void swap(string_t& other)
+    {
+        // swap only works for strings
+        if (is_string())
+        {
+            assert(m_value.string != nullptr);
+            std::swap(*(m_value.string), other);
+        }
+        else
+        {
+            throw std::domain_error("cannot use swap() with " + type_name());
+        }
+    }
+
+    /// @}
+
+
+    //////////////////////////////////////////
+    // lexicographical comparison operators //
+    //////////////////////////////////////////
+
+    /// @name lexicographical comparison operators
+    /// @{
+
+  private:
+    /*!
+    @brief comparison operator for JSON types
+
+    Returns an ordering that is similar to Python:
+    - order: null < boolean < number < object < array < string
+    - furthermore, each type is not smaller than itself
+
+    @since version 1.0.0
+    */
+    friend bool operator<(const value_t lhs, const value_t rhs) noexcept
+    {
+        static constexpr std::array<uint8_t, 8> order = {{
+                0, // null
+                3, // object
+                4, // array
+                5, // string
+                1, // boolean
+                2, // integer
+                2, // unsigned
+                2, // float
+            }
+        };
+
+        // discarded values are not comparable
+        if (lhs == value_t::discarded or rhs == value_t::discarded)
+        {
+            return false;
+        }
+
+        return order[static_cast<std::size_t>(lhs)] < order[static_cast<std::size_t>(rhs)];
+    }
+
+  public:
+    /*!
+    @brief comparison: equal
+
+    Compares two JSON values for equality according to the following rules:
+    - Two JSON values are equal if (1) they are from the same type and (2)
+      their stored values are the same.
+    - Integer and floating-point numbers are automatically converted before
+      comparison. Floating-point numbers are compared indirectly: two
+      floating-point numbers `f1` and `f2` are considered equal if neither
+      `f1 > f2` nor `f2 > f1` holds.
+    - Two JSON null values are equal.
+
+    @param[in] lhs  first JSON value to consider
+    @param[in] rhs  second JSON value to consider
+    @return whether the values @a lhs and @a rhs are equal
+
+    @complexity Linear.
+
+    @liveexample{The example demonstrates comparing several JSON
+    types.,operator__equal}
+
+    @since version 1.0.0
+    */
+    friend bool operator==(const_reference lhs, const_reference rhs) noexcept
+    {
+        const auto lhs_type = lhs.type();
+        const auto rhs_type = rhs.type();
+
+        if (lhs_type == rhs_type)
+        {
+            switch (lhs_type)
+            {
+                case value_t::array:
+                {
+                    assert(lhs.m_value.array != nullptr);
+                    assert(rhs.m_value.array != nullptr);
+                    return *lhs.m_value.array == *rhs.m_value.array;
+                }
+                case value_t::object:
+                {
+                    assert(lhs.m_value.object != nullptr);
+                    assert(rhs.m_value.object != nullptr);
+                    return *lhs.m_value.object == *rhs.m_value.object;
+                }
+                case value_t::null:
+                {
+                    return true;
+                }
+                case value_t::string:
+                {
+                    assert(lhs.m_value.string != nullptr);
+                    assert(rhs.m_value.string != nullptr);
+                    return *lhs.m_value.string == *rhs.m_value.string;
+                }
+                case value_t::boolean:
+                {
+                    return lhs.m_value.boolean == rhs.m_value.boolean;
+                }
+                case value_t::number_integer:
+                {
+                    return lhs.m_value.number_integer == rhs.m_value.number_integer;
+                }
+                case value_t::number_unsigned:
+                {
+                    return lhs.m_value.number_unsigned == rhs.m_value.number_unsigned;
+                }
+                case value_t::number_float:
+                {
+                    return lhs.m_value.number_float == rhs.m_value.number_float;
+                }
+                default:
+                {
+                    return false;
+                }
+            }
+        }
+        else if (lhs_type == value_t::number_integer and rhs_type == value_t::number_float)
+        {
+            return static_cast<number_float_t>(lhs.m_value.number_integer) == rhs.m_value.number_float;
+        }
+        else if (lhs_type == value_t::number_float and rhs_type == value_t::number_integer)
+        {
+            return lhs.m_value.number_float == static_cast<number_float_t>(rhs.m_value.number_integer);
+        }
+        else if (lhs_type == value_t::number_unsigned and rhs_type == value_t::number_float)
+        {
+            return static_cast<number_float_t>(lhs.m_value.number_unsigned) == rhs.m_value.number_float;
+        }
+        else if (lhs_type == value_t::number_float and rhs_type == value_t::number_unsigned)
+        {
+            return lhs.m_value.number_float == static_cast<number_float_t>(rhs.m_value.number_unsigned);
+        }
+        else if (lhs_type == value_t::number_unsigned and rhs_type == value_t::number_integer)
+        {
+            return static_cast<number_integer_t>(lhs.m_value.number_unsigned) == rhs.m_value.number_integer;
+        }
+        else if (lhs_type == value_t::number_integer and rhs_type == value_t::number_unsigned)
+        {
+            return lhs.m_value.number_integer == static_cast<number_integer_t>(rhs.m_value.number_unsigned);
+        }
+
+        return false;
+    }
+
+    /*!
+    @brief comparison: equal
+
+    The functions compares the given JSON value against a null pointer. As the
+    null pointer can be used to initialize a JSON value to null, a comparison
+    of JSON value @a v with a null pointer should be equivalent to call
+    `v.is_null()`.
+
+    @param[in] v  JSON value to consider
+    @return whether @a v is null
+
+    @complexity Constant.
+
+    @liveexample{The example compares several JSON types to the null pointer.
+    ,operator__equal__nullptr_t}
+
+    @since version 1.0.0
+    */
+    friend bool operator==(const_reference v, std::nullptr_t) noexcept
+    {
+        return v.is_null();
+    }
+
+    /*!
+    @brief comparison: equal
+    @copydoc operator==(const_reference, std::nullptr_t)
+    */
+    friend bool operator==(std::nullptr_t, const_reference v) noexcept
+    {
+        return v.is_null();
+    }
+
+    /*!
+    @brief comparison: not equal
+
+    Compares two JSON values for inequality by calculating `not (lhs == rhs)`.
+
+    @param[in] lhs  first JSON value to consider
+    @param[in] rhs  second JSON value to consider
+    @return whether the values @a lhs and @a rhs are not equal
+
+    @complexity Linear.
+
+    @liveexample{The example demonstrates comparing several JSON
+    types.,operator__notequal}
+
+    @since version 1.0.0
+    */
+    friend bool operator!=(const_reference lhs, const_reference rhs) noexcept
+    {
+        return not (lhs == rhs);
+    }
+
+    /*!
+    @brief comparison: not equal
+
+    The functions compares the given JSON value against a null pointer. As the
+    null pointer can be used to initialize a JSON value to null, a comparison
+    of JSON value @a v with a null pointer should be equivalent to call
+    `not v.is_null()`.
+
+    @param[in] v  JSON value to consider
+    @return whether @a v is not null
+
+    @complexity Constant.
+
+    @liveexample{The example compares several JSON types to the null pointer.
+    ,operator__notequal__nullptr_t}
+
+    @since version 1.0.0
+    */
+    friend bool operator!=(const_reference v, std::nullptr_t) noexcept
+    {
+        return not v.is_null();
+    }
+
+    /*!
+    @brief comparison: not equal
+    @copydoc operator!=(const_reference, std::nullptr_t)
+    */
+    friend bool operator!=(std::nullptr_t, const_reference v) noexcept
+    {
+        return not v.is_null();
+    }
+
+    /*!
+    @brief comparison: less than
+
+    Compares whether one JSON value @a lhs is less than another JSON value @a
+    rhs according to the following rules:
+    - If @a lhs and @a rhs have the same type, the values are compared using
+      the default `<` operator.
+    - Integer and floating-point numbers are automatically converted before
+      comparison
+    - In case @a lhs and @a rhs have different types, the values are ignored
+      and the order of the types is considered, see
+      @ref operator<(const value_t, const value_t).
+
+    @param[in] lhs  first JSON value to consider
+    @param[in] rhs  second JSON value to consider
+    @return whether @a lhs is less than @a rhs
+
+    @complexity Linear.
+
+    @liveexample{The example demonstrates comparing several JSON
+    types.,operator__less}
+
+    @since version 1.0.0
+    */
+    friend bool operator<(const_reference lhs, const_reference rhs) noexcept
+    {
+        const auto lhs_type = lhs.type();
+        const auto rhs_type = rhs.type();
+
+        if (lhs_type == rhs_type)
+        {
+            switch (lhs_type)
+            {
+                case value_t::array:
+                {
+                    assert(lhs.m_value.array != nullptr);
+                    assert(rhs.m_value.array != nullptr);
+                    return *lhs.m_value.array < *rhs.m_value.array;
+                }
+                case value_t::object:
+                {
+                    assert(lhs.m_value.object != nullptr);
+                    assert(rhs.m_value.object != nullptr);
+                    return *lhs.m_value.object < *rhs.m_value.object;
+                }
+                case value_t::null:
+                {
+                    return false;
+                }
+                case value_t::string:
+                {
+                    assert(lhs.m_value.string != nullptr);
+                    assert(rhs.m_value.string != nullptr);
+                    return *lhs.m_value.string < *rhs.m_value.string;
+                }
+                case value_t::boolean:
+                {
+                    return lhs.m_value.boolean < rhs.m_value.boolean;
+                }
+                case value_t::number_integer:
+                {
+                    return lhs.m_value.number_integer < rhs.m_value.number_integer;
+                }
+                case value_t::number_unsigned:
+                {
+                    return lhs.m_value.number_unsigned < rhs.m_value.number_unsigned;
+                }
+                case value_t::number_float:
+                {
+                    return lhs.m_value.number_float < rhs.m_value.number_float;
+                }
+                default:
+                {
+                    return false;
+                }
+            }
+        }
+        else if (lhs_type == value_t::number_integer and rhs_type == value_t::number_float)
+        {
+            return static_cast<number_float_t>(lhs.m_value.number_integer) < rhs.m_value.number_float;
+        }
+        else if (lhs_type == value_t::number_float and rhs_type == value_t::number_integer)
+        {
+            return lhs.m_value.number_float < static_cast<number_float_t>(rhs.m_value.number_integer);
+        }
+        else if (lhs_type == value_t::number_unsigned and rhs_type == value_t::number_float)
+        {
+            return static_cast<number_float_t>(lhs.m_value.number_unsigned) < rhs.m_value.number_float;
+        }
+        else if (lhs_type == value_t::number_float and rhs_type == value_t::number_unsigned)
+        {
+            return lhs.m_value.number_float < static_cast<number_float_t>(rhs.m_value.number_unsigned);
+        }
+        else if (lhs_type == value_t::number_integer and rhs_type == value_t::number_unsigned)
+        {
+            return lhs.m_value.number_integer < static_cast<number_integer_t>(rhs.m_value.number_unsigned);
+        }
+        else if (lhs_type == value_t::number_unsigned and rhs_type == value_t::number_integer)
+        {
+            return static_cast<number_integer_t>(lhs.m_value.number_unsigned) < rhs.m_value.number_integer;
+        }
+
+        // We only reach this line if we cannot compare values. In that case,
+        // we compare types. Note we have to call the operator explicitly,
+        // because MSVC has problems otherwise.
+        return operator<(lhs_type, rhs_type);
+    }
+
+    /*!
+    @brief comparison: less than or equal
+
+    Compares whether one JSON value @a lhs is less than or equal to another
+    JSON value by calculating `not (rhs < lhs)`.
+
+    @param[in] lhs  first JSON value to consider
+    @param[in] rhs  second JSON value to consider
+    @return whether @a lhs is less than or equal to @a rhs
+
+    @complexity Linear.
+
+    @liveexample{The example demonstrates comparing several JSON
+    types.,operator__greater}
+
+    @since version 1.0.0
+    */
+    friend bool operator<=(const_reference lhs, const_reference rhs) noexcept
+    {
+        return not (rhs < lhs);
+    }
+
+    /*!
+    @brief comparison: greater than
+
+    Compares whether one JSON value @a lhs is greater than another
+    JSON value by calculating `not (lhs <= rhs)`.
+
+    @param[in] lhs  first JSON value to consider
+    @param[in] rhs  second JSON value to consider
+    @return whether @a lhs is greater than to @a rhs
+
+    @complexity Linear.
+
+    @liveexample{The example demonstrates comparing several JSON
+    types.,operator__lessequal}
+
+    @since version 1.0.0
+    */
+    friend bool operator>(const_reference lhs, const_reference rhs) noexcept
+    {
+        return not (lhs <= rhs);
+    }
+
+    /*!
+    @brief comparison: greater than or equal
+
+    Compares whether one JSON value @a lhs is greater than or equal to another
+    JSON value by calculating `not (lhs < rhs)`.
+
+    @param[in] lhs  first JSON value to consider
+    @param[in] rhs  second JSON value to consider
+    @return whether @a lhs is greater than or equal to @a rhs
+
+    @complexity Linear.
+
+    @liveexample{The example demonstrates comparing several JSON
+    types.,operator__greaterequal}
+
+    @since version 1.0.0
+    */
+    friend bool operator>=(const_reference lhs, const_reference rhs) noexcept
+    {
+        return not (lhs < rhs);
+    }
+
+    /// @}
+
+
+    ///////////////////
+    // serialization //
+    ///////////////////
+
+    /// @name serialization
+    /// @{
+
+    /*!
+    @brief serialize to stream
+
+    Serialize the given JSON value @a j to the output stream @a o. The JSON
+    value will be serialized using the @ref dump member function. The
+    indentation of the output can be controlled with the member variable
+    `width` of the output stream @a o. For instance, using the manipulator
+    `std::setw(4)` on @a o sets the indentation level to `4` and the
+    serialization result is the same as calling `dump(4)`.
+
+    @param[in,out] o  stream to serialize to
+    @param[in] j  JSON value to serialize
+
+    @return the stream @a o
+
+    @complexity Linear.
+
+    @liveexample{The example below shows the serialization with different
+    parameters to `width` to adjust the indentation level.,operator_serialize}
+
+    @since version 1.0.0
+    */
+    friend std::ostream& operator<<(std::ostream& o, const basic_json& j)
+    {
+        // read width member and use it as indentation parameter if nonzero
+        const bool pretty_print = (o.width() > 0);
+        const auto indentation = (pretty_print ? o.width() : 0);
+
+        // reset width to 0 for subsequent calls to this stream
+        o.width(0);
+
+        // do the actual serialization
+        j.dump(o, pretty_print, static_cast<unsigned int>(indentation));
+        return o;
+    }
+
+    /*!
+    @brief serialize to stream
+    @copydoc operator<<(std::ostream&, const basic_json&)
+    */
+    friend std::ostream& operator>>(const basic_json& j, std::ostream& o)
+    {
+        return o << j;
+    }
+
+    /// @}
+
+
+    /////////////////////
+    // deserialization //
+    /////////////////////
+
+    /// @name deserialization
+    /// @{
+
+    /*!
+    @brief deserialize from string
+
+    @param[in] s  string to read a serialized JSON value from
+    @param[in] cb a parser callback function of type @ref parser_callback_t
+    which is used to control the deserialization by filtering unwanted values
+    (optional)
+
+    @return result of the deserialization
+
+    @complexity Linear in the length of the input. The parser is a predictive
+    LL(1) parser. The complexity can be higher if the parser callback function
+    @a cb has a super-linear complexity.
+
+    @note A UTF-8 byte order mark is silently ignored.
+
+    @liveexample{The example below demonstrates the `parse()` function with
+    and without callback function.,parse__string__parser_callback_t}
+
+    @sa @ref parse(std::istream&, parser_callback_t) for a version that reads
+    from an input stream
+
+    @since version 1.0.0
+    */
+    static basic_json parse(const string_t& s, parser_callback_t cb = nullptr)
+    {
+        return parser(s, cb).parse();
+    }
+
+    /*!
+    @brief deserialize from stream
+
+    @param[in,out] i  stream to read a serialized JSON value from
+    @param[in] cb a parser callback function of type @ref parser_callback_t
+    which is used to control the deserialization by filtering unwanted values
+    (optional)
+
+    @return result of the deserialization
+
+    @complexity Linear in the length of the input. The parser is a predictive
+    LL(1) parser. The complexity can be higher if the parser callback function
+    @a cb has a super-linear complexity.
+
+    @note A UTF-8 byte order mark is silently ignored.
+
+    @liveexample{The example below demonstrates the `parse()` function with
+    and without callback function.,parse__istream__parser_callback_t}
+
+    @sa @ref parse(const string_t&, parser_callback_t) for a version that
+    reads from a string
+
+    @since version 1.0.0
+    */
+    static basic_json parse(std::istream& i, parser_callback_t cb = nullptr)
+    {
+        return parser(i, cb).parse();
+    }
+
+    /*!
+    @copydoc parse(std::istream&, parser_callback_t)
+    */
+    static basic_json parse(std::istream&& i, parser_callback_t cb = nullptr)
+    {
+        return parser(i, cb).parse();
+    }
+
+    /*!
+    @brief deserialize from stream
+
+    Deserializes an input stream to a JSON value.
+
+    @param[in,out] i  input stream to read a serialized JSON value from
+    @param[in,out] j  JSON value to write the deserialized input to
+
+    @throw std::invalid_argument in case of parse errors
+
+    @complexity Linear in the length of the input. The parser is a predictive
+    LL(1) parser.
+
+    @note A UTF-8 byte order mark is silently ignored.
+
+    @liveexample{The example below shows how a JSON value is constructed by
+    reading a serialization from a stream.,operator_deserialize}
+
+    @sa parse(std::istream&, parser_callback_t) for a variant with a parser
+    callback function to filter values while parsing
+
+    @since version 1.0.0
+    */
+    friend std::istream& operator<<(basic_json& j, std::istream& i)
+    {
+        j = parser(i).parse();
+        return i;
+    }
+
+    /*!
+    @brief deserialize from stream
+    @copydoc operator<<(basic_json&, std::istream&)
+    */
+    friend std::istream& operator>>(std::istream& i, basic_json& j)
+    {
+        j = parser(i).parse();
+        return i;
+    }
+
+    /// @}
+
+
+  private:
+    ///////////////////////////
+    // convenience functions //
+    ///////////////////////////
+
+    /// return the type as string
+    string_t type_name() const noexcept
+    {
+        switch (m_type)
+        {
+            case value_t::null:
+                return "null";
+            case value_t::object:
+                return "object";
+            case value_t::array:
+                return "array";
+            case value_t::string:
+                return "string";
+            case value_t::boolean:
+                return "boolean";
+            case value_t::discarded:
+                return "discarded";
+            default:
+                return "number";
+        }
+    }
+
+    /*!
+    @brief calculates the extra space to escape a JSON string
+
+    @param[in] s  the string to escape
+    @return the number of characters required to escape string @a s
+
+    @complexity Linear in the length of string @a s.
+    */
+    static std::size_t extra_space(const string_t& s) noexcept
+    {
+        std::size_t result = 0;
+
+        for (const auto& c : s)
+        {
+            switch (c)
+            {
+                case '"':
+                case '\\':
+                case '\b':
+                case '\f':
+                case '\n':
+                case '\r':
+                case '\t':
+                {
+                    // from c (1 byte) to \x (2 bytes)
+                    result += 1;
+                    break;
+                }
+
+                default:
+                {
+                    if (c >= 0x00 and c <= 0x1f)
+                    {
+                        // from c (1 byte) to \uxxxx (6 bytes)
+                        result += 5;
+                    }
+                    break;
+                }
+            }
+        }
+
+        return result;
+    }
+
+    /*!
+    @brief escape a string
+
+    Escape a string by replacing certain special characters by a sequence of
+    an escape character (backslash) and another character and other control
+    characters by a sequence of "\u" followed by a four-digit hex
+    representation.
+
+    @param[in] s  the string to escape
+    @return  the escaped string
+
+    @complexity Linear in the length of string @a s.
+    */
+    static string_t escape_string(const string_t& s)
+    {
+        const auto space = extra_space(s);
+        if (space == 0)
+        {
+            return s;
+        }
+
+        // create a result string of necessary size
+        string_t result(s.size() + space, '\\');
+        std::size_t pos = 0;
+
+        for (const auto& c : s)
+        {
+            switch (c)
+            {
+                // quotation mark (0x22)
+                case '"':
+                {
+                    result[pos + 1] = '"';
+                    pos += 2;
+                    break;
+                }
+
+                // reverse solidus (0x5c)
+                case '\\':
+                {
+                    // nothing to change
+                    pos += 2;
+                    break;
+                }
+
+                // backspace (0x08)
+                case '\b':
+                {
+                    result[pos + 1] = 'b';
+                    pos += 2;
+                    break;
+                }
+
+                // formfeed (0x0c)
+                case '\f':
+                {
+                    result[pos + 1] = 'f';
+                    pos += 2;
+                    break;
+                }
+
+                // newline (0x0a)
+                case '\n':
+                {
+                    result[pos + 1] = 'n';
+                    pos += 2;
+                    break;
+                }
+
+                // carriage return (0x0d)
+                case '\r':
+                {
+                    result[pos + 1] = 'r';
+                    pos += 2;
+                    break;
+                }
+
+                // horizontal tab (0x09)
+                case '\t':
+                {
+                    result[pos + 1] = 't';
+                    pos += 2;
+                    break;
+                }
+
+                default:
+                {
+                    if (c >= 0x00 and c <= 0x1f)
+                    {
+                        // convert a number 0..15 to its hex representation
+                        // (0..f)
+                        const auto hexify = [](const int v) -> char
+                        {
+                            return (v < 10)
+                            ? ('0' + static_cast<char>(v))
+                            : ('a' + static_cast<char>((v - 10) & 0x1f));
+                        };
+
+                        // print character c as \uxxxx
+                        for (const char m :
+                    { 'u', '0', '0', hexify(c >> 4), hexify(c & 0x0f)
+                        })
+                        {
+                            result[++pos] = m;
+                        }
+
+                        ++pos;
+                    }
+                    else
+                    {
+                        // all other characters are added as-is
+                        result[pos++] = c;
+                    }
+                    break;
+                }
+            }
+        }
+
+        return result;
+    }
+
+    /*!
+    @brief internal implementation of the serialization function
+
+    This function is called by the public member function dump and organizes
+    the serialization internally. The indentation level is propagated as
+    additional parameter. In case of arrays and objects, the function is
+    called recursively. Note that
+
+    - strings and object keys are escaped using `escape_string()`
+    - integer numbers are converted implicitly via `operator<<`
+    - floating-point numbers are converted to a string using `"%g"` format
+
+    @param[out] o              stream to write to
+    @param[in] pretty_print    whether the output shall be pretty-printed
+    @param[in] indent_step     the indent level
+    @param[in] current_indent  the current indent level (only used internally)
+    */
+    void dump(std::ostream& o,
+              const bool pretty_print,
+              const unsigned int indent_step,
+              const unsigned int current_indent = 0) const
+    {
+        // variable to hold indentation for recursive calls
+        unsigned int new_indent = current_indent;
+
+        switch (m_type)
+        {
+            case value_t::object:
+            {
+                assert(m_value.object != nullptr);
+
+                if (m_value.object->empty())
+                {
+                    o << "{}";
+                    return;
+                }
+
+                o << "{";
+
+                // increase indentation
+                if (pretty_print)
+                {
+                    new_indent += indent_step;
+                    o << "\n";
+                }
+
+                for (auto i = m_value.object->cbegin(); i != m_value.object->cend(); ++i)
+                {
+                    if (i != m_value.object->cbegin())
+                    {
+                        o << (pretty_print ? ",\n" : ",");
+                    }
+                    o << string_t(new_indent, ' ') << "\""
+                      << escape_string(i->first) << "\":"
+                      << (pretty_print ? " " : "");
+                    i->second.dump(o, pretty_print, indent_step, new_indent);
+                }
+
+                // decrease indentation
+                if (pretty_print)
+                {
+                    new_indent -= indent_step;
+                    o << "\n";
+                }
+
+                o << string_t(new_indent, ' ') + "}";
+                return;
+            }
+
+            case value_t::array:
+            {
+                assert(m_value.array != nullptr);
+
+                if (m_value.array->empty())
+                {
+                    o << "[]";
+                    return;
+                }
+
+                o << "[";
+
+                // increase indentation
+                if (pretty_print)
+                {
+                    new_indent += indent_step;
+                    o << "\n";
+                }
+
+                for (auto i = m_value.array->cbegin(); i != m_value.array->cend(); ++i)
+                {
+                    if (i != m_value.array->cbegin())
+                    {
+                        o << (pretty_print ? ",\n" : ",");
+                    }
+                    o << string_t(new_indent, ' ');
+                    i->dump(o, pretty_print, indent_step, new_indent);
+                }
+
+                // decrease indentation
+                if (pretty_print)
+                {
+                    new_indent -= indent_step;
+                    o << "\n";
+                }
+
+                o << string_t(new_indent, ' ') << "]";
+                return;
+            }
+
+            case value_t::string:
+            {
+                assert(m_value.string != nullptr);
+                o << string_t("\"") << escape_string(*m_value.string) << "\"";
+                return;
+            }
+
+            case value_t::boolean:
+            {
+                o << (m_value.boolean ? "true" : "false");
+                return;
+            }
+
+            case value_t::number_integer:
+            {
+                o << m_value.number_integer;
+                return;
+            }
+
+            case value_t::number_unsigned:
+            {
+                o << m_value.number_unsigned;
+                return;
+            }
+
+            case value_t::number_float:
+            {
+                // check if number was parsed from a string
+                if (m_type.bits.parsed)
+                {
+                    // check if parsed number had an exponent given
+                    if (m_type.bits.has_exp)
+                    {
+                        // buffer size: precision (2^8-1 = 255) + other ('-.e-xxx' = 7) + null (1)
+                        char buf[263];
+                        int len;
+
+                        // handle capitalization of the exponent
+                        if (m_type.bits.exp_cap)
+                        {
+                            len = snprintf(buf, sizeof(buf), "%.*E",
+                                           m_type.bits.precision, m_value.number_float) + 1;
+                        }
+                        else
+                        {
+                            len = snprintf(buf, sizeof(buf), "%.*e",
+                                           m_type.bits.precision, m_value.number_float) + 1;
+                        }
+
+                        // remove '+' sign from the exponent if necessary
+                        if (not m_type.bits.exp_plus)
+                        {
+                            if (len > static_cast<int>(sizeof(buf)))
+                            {
+                                len = sizeof(buf);
+                            }
+                            for (int i = 0; i < len; i++)
+                            {
+                                if (buf[i] == '+')
+                                {
+                                    for (; i + 1 < len; i++)
+                                    {
+                                        buf[i] = buf[i + 1];
+                                    }
+                                }
+                            }
+                        }
+
+                        o << buf;
+                    }
+                    else
+                    {
+                        // no exponent - output as a decimal
+                        std::stringstream ss;
+                        ss.imbue(std::locale(std::locale(), new DecimalSeparator));  // fix locale problems
+                        ss << std::setprecision(m_type.bits.precision)
+                           << std::fixed << m_value.number_float;
+                        o << ss.str();
+                    }
+                }
+                else
+                {
+                    if (m_value.number_float == 0)
+                    {
+                        // special case for zero to get "0.0"/"-0.0"
+                        o << (std::signbit(m_value.number_float) ? "-0.0" : "0.0");
+                    }
+                    else
+                    {
+                        // Otherwise 6, 15 or 16 digits of precision allows
+                        // round-trip IEEE 754 string->float->string,
+                        // string->double->string or string->long
+                        // double->string; to be safe, we read this value from
+                        // std::numeric_limits<number_float_t>::digits10
+                        std::stringstream ss;
+                        ss.imbue(std::locale(std::locale(), new DecimalSeparator));  // fix locale problems
+                        ss << std::setprecision(std::numeric_limits<double>::digits10)
+                           << m_value.number_float;
+                        o << ss.str();
+                    }
+                }
+                return;
+            }
+
+            case value_t::discarded:
+            {
+                o << "<discarded>";
+                return;
+            }
+
+            case value_t::null:
+            {
+                o << "null";
+                return;
+            }
+        }
+    }
+
+  private:
+    //////////////////////
+    // member variables //
+    //////////////////////
+
+    /// the type of the current element
+    type_data_t m_type = value_t::null;
+
+    /// the value of the current element
+    json_value m_value = {};
+
+
+  private:
+    ///////////////
+    // iterators //
+    ///////////////
+
+    /*!
+    @brief an iterator for primitive JSON types
+
+    This class models an iterator for primitive JSON types (boolean, number,
+    string). It's only purpose is to allow the iterator/const_iterator classes
+    to "iterate" over primitive values. Internally, the iterator is modeled by
+    a `difference_type` variable. Value begin_value (`0`) models the begin,
+    end_value (`1`) models past the end.
+    */
+    class primitive_iterator_t
+    {
+      public:
+        /// set iterator to a defined beginning
+        void set_begin() noexcept
+        {
+            m_it = begin_value;
+        }
+
+        /// set iterator to a defined past the end
+        void set_end() noexcept
+        {
+            m_it = end_value;
+        }
+
+        /// return whether the iterator can be dereferenced
+        constexpr bool is_begin() const noexcept
+        {
+            return (m_it == begin_value);
+        }
+
+        /// return whether the iterator is at end
+        constexpr bool is_end() const noexcept
+        {
+            return (m_it == end_value);
+        }
+
+        /// return reference to the value to change and compare
+        operator difference_type& () noexcept
+        {
+            return m_it;
+        }
+
+        /// return value to compare
+        constexpr operator difference_type () const noexcept
+        {
+            return m_it;
+        }
+
+      private:
+        static constexpr difference_type begin_value = 0;
+        static constexpr difference_type end_value = begin_value + 1;
+
+        /// iterator as signed integer type
+        difference_type m_it = std::numeric_limits<std::ptrdiff_t>::denorm_min();
+    };
+
+    /*!
+    @brief an iterator value
+
+    @note This structure could easily be a union, but MSVC currently does not
+    allow unions members with complex constructors, see
+    https://github.com/nlohmann/json/pull/105.
+    */
+    struct internal_iterator
+    {
+        /// iterator for JSON objects
+        typename object_t::iterator object_iterator;
+        /// iterator for JSON arrays
+        typename array_t::iterator array_iterator;
+        /// generic iterator for all other types
+        primitive_iterator_t primitive_iterator;
+
+        /// create an uninitialized internal_iterator
+        internal_iterator() noexcept
+            : object_iterator(), array_iterator(), primitive_iterator()
+        {}
+    };
+
+    /// proxy class for the iterator_wrapper functions
+    template<typename IteratorType>
+    class iteration_proxy
+    {
+      private:
+        /// helper class for iteration
+        class iteration_proxy_internal
+        {
+          private:
+            /// the iterator
+            IteratorType anchor;
+            /// an index for arrays (used to create key names)
+            size_t array_index = 0;
+
+          public:
+            explicit iteration_proxy_internal(IteratorType it) noexcept
+                : anchor(it)
+            {}
+
+            /// dereference operator (needed for range-based for)
+            iteration_proxy_internal& operator*()
+            {
+                return *this;
+            }
+
+            /// increment operator (needed for range-based for)
+            iteration_proxy_internal& operator++()
+            {
+                ++anchor;
+                ++array_index;
+
+                return *this;
+            }
+
+            /// inequality operator (needed for range-based for)
+            bool operator!= (const iteration_proxy_internal& o) const
+            {
+                return anchor != o.anchor;
+            }
+
+            /// return key of the iterator
+            typename basic_json::string_t key() const
+            {
+                assert(anchor.m_object != nullptr);
+
+                switch (anchor.m_object->type())
+                {
+                    // use integer array index as key
+                    case value_t::array:
+                    {
+                        return std::to_string(array_index);
+                    }
+
+                    // use key from the object
+                    case value_t::object:
+                    {
+                        return anchor.key();
+                    }
+
+                    // use an empty key for all primitive types
+                    default:
+                    {
+                        return "";
+                    }
+                }
+            }
+
+            /// return value of the iterator
+            typename IteratorType::reference value() const
+            {
+                return anchor.value();
+            }
+        };
+
+        /// the container to iterate
+        typename IteratorType::reference container;
+
+      public:
+        /// construct iteration proxy from a container
+        explicit iteration_proxy(typename IteratorType::reference cont)
+            : container(cont)
+        {}
+
+        /// return iterator begin (needed for range-based for)
+        iteration_proxy_internal begin() noexcept
+        {
+            return iteration_proxy_internal(container.begin());
+        }
+
+        /// return iterator end (needed for range-based for)
+        iteration_proxy_internal end() noexcept
+        {
+            return iteration_proxy_internal(container.end());
+        }
+    };
+
+  public:
+    /*!
+    @brief a const random access iterator for the @ref basic_json class
+
+    This class implements a const iterator for the @ref basic_json class. From
+    this class, the @ref iterator class is derived.
+
+    @requirement The class satisfies the following concept requirements:
+    - [RandomAccessIterator](http://en.cppreference.com/w/cpp/concept/RandomAccessIterator):
+      The iterator that can be moved to point (forward and backward) to any
+      element in constant time.
+
+    @since version 1.0.0
+    */
+    class const_iterator : public std::iterator<std::random_access_iterator_tag, const basic_json>
+    {
+        /// allow basic_json to access private members
+        friend class basic_json;
+
+      public:
+        /// the type of the values when the iterator is dereferenced
+        using value_type = typename basic_json::value_type;
+        /// a type to represent differences between iterators
+        using difference_type = typename basic_json::difference_type;
+        /// defines a pointer to the type iterated over (value_type)
+        using pointer = typename basic_json::const_pointer;
+        /// defines a reference to the type iterated over (value_type)
+        using reference = typename basic_json::const_reference;
+        /// the category of the iterator
+        using iterator_category = std::bidirectional_iterator_tag;
+
+        /// default constructor
+        const_iterator() = default;
+
+        /// constructor for a given JSON instance
+        explicit const_iterator(pointer object) noexcept
+            : m_object(object)
+        {
+            assert(m_object != nullptr);
+
+            switch (m_object->m_type)
+            {
+                case basic_json::value_t::object:
+                {
+                    m_it.object_iterator = typename object_t::iterator();
+                    break;
+                }
+
+                case basic_json::value_t::array:
+                {
+                    m_it.array_iterator = typename array_t::iterator();
+                    break;
+                }
+
+                default:
+                {
+                    m_it.primitive_iterator = primitive_iterator_t();
+                    break;
+                }
+            }
+        }
+
+        /// copy constructor given a nonconst iterator
+        explicit const_iterator(const iterator& other) noexcept
+            : m_object(other.m_object)
+        {
+            assert(m_object != nullptr);
+
+            switch (m_object->m_type)
+            {
+                case basic_json::value_t::object:
+                {
+                    m_it.object_iterator = other.m_it.object_iterator;
+                    break;
+                }
+
+                case basic_json::value_t::array:
+                {
+                    m_it.array_iterator = other.m_it.array_iterator;
+                    break;
+                }
+
+                default:
+                {
+                    m_it.primitive_iterator = other.m_it.primitive_iterator;
+                    break;
+                }
+            }
+        }
+
+        /// copy constructor
+        const_iterator(const const_iterator& other) noexcept
+            : m_object(other.m_object), m_it(other.m_it)
+        {}
+
+        /// copy assignment
+        const_iterator& operator=(const_iterator other) noexcept(
+            std::is_nothrow_move_constructible<pointer>::value and
+            std::is_nothrow_move_assignable<pointer>::value and
+            std::is_nothrow_move_constructible<internal_iterator>::value and
+            std::is_nothrow_move_assignable<internal_iterator>::value
+        )
+        {
+            std::swap(m_object, other.m_object);
+            std::swap(m_it, other.m_it);
+            return *this;
+        }
+
+      private:
+        /// set the iterator to the first value
+        void set_begin() noexcept
+        {
+            assert(m_object != nullptr);
+
+            switch (m_object->m_type)
+            {
+                case basic_json::value_t::object:
+                {
+                    assert(m_object->m_value.object != nullptr);
+                    m_it.object_iterator = m_object->m_value.object->begin();
+                    break;
+                }
+
+                case basic_json::value_t::array:
+                {
+                    assert(m_object->m_value.array != nullptr);
+                    m_it.array_iterator = m_object->m_value.array->begin();
+                    break;
+                }
+
+                case basic_json::value_t::null:
+                {
+                    // set to end so begin()==end() is true: null is empty
+                    m_it.primitive_iterator.set_end();
+                    break;
+                }
+
+                default:
+                {
+                    m_it.primitive_iterator.set_begin();
+                    break;
+                }
+            }
+        }
+
+        /// set the iterator past the last value
+        void set_end() noexcept
+        {
+            assert(m_object != nullptr);
+
+            switch (m_object->m_type)
+            {
+                case basic_json::value_t::object:
+                {
+                    assert(m_object->m_value.object != nullptr);
+                    m_it.object_iterator = m_object->m_value.object->end();
+                    break;
+                }
+
+                case basic_json::value_t::array:
+                {
+                    assert(m_object->m_value.array != nullptr);
+                    m_it.array_iterator = m_object->m_value.array->end();
+                    break;
+                }
+
+                default:
+                {
+                    m_it.primitive_iterator.set_end();
+                    break;
+                }
+            }
+        }
+
+      public:
+        /// return a reference to the value pointed to by the iterator
+        reference operator*() const
+        {
+            assert(m_object != nullptr);
+
+            switch (m_object->m_type)
+            {
+                case basic_json::value_t::object:
+                {
+                    assert(m_object->m_value.object);
+                    assert(m_it.object_iterator != m_object->m_value.object->end());
+                    return m_it.object_iterator->second;
+                }
+
+                case basic_json::value_t::array:
+                {
+                    assert(m_object->m_value.array);
+                    assert(m_it.array_iterator != m_object->m_value.array->end());
+                    return *m_it.array_iterator;
+                }
+
+                case basic_json::value_t::null:
+                {
+                    throw std::out_of_range("cannot get value");
+                }
+
+                default:
+                {
+                    if (m_it.primitive_iterator.is_begin())
+                    {
+                        return *m_object;
+                    }
+                    else
+                    {
+                        throw std::out_of_range("cannot get value");
+                    }
+                }
+            }
+        }
+
+        /// dereference the iterator
+        pointer operator->() const
+        {
+            assert(m_object != nullptr);
+
+            switch (m_object->m_type)
+            {
+                case basic_json::value_t::object:
+                {
+                    assert(m_object->m_value.object);
+                    assert(m_it.object_iterator != m_object->m_value.object->end());
+                    return &(m_it.object_iterator->second);
+                }
+
+                case basic_json::value_t::array:
+                {
+                    assert(m_object->m_value.array);
+                    assert(m_it.array_iterator != m_object->m_value.array->end());
+                    return &*m_it.array_iterator;
+                }
+
+                default:
+                {
+                    if (m_it.primitive_iterator.is_begin())
+                    {
+                        return m_object;
+                    }
+                    else
+                    {
+                        throw std::out_of_range("cannot get value");
+                    }
+                }
+            }
+        }
+
+        /// post-increment (it++)
+        const_iterator operator++(int)
+        {
+            auto result = *this;
+            ++(*this);
+            return result;
+        }
+
+        /// pre-increment (++it)
+        const_iterator& operator++()
+        {
+            assert(m_object != nullptr);
+
+            switch (m_object->m_type)
+            {
+                case basic_json::value_t::object:
+                {
+                    ++m_it.object_iterator;
+                    break;
+                }
+
+                case basic_json::value_t::array:
+                {
+                    ++m_it.array_iterator;
+                    break;
+                }
+
+                default:
+                {
+                    ++m_it.primitive_iterator;
+                    break;
+                }
+            }
+
+            return *this;
+        }
+
+        /// post-decrement (it--)
+        const_iterator operator--(int)
+        {
+            auto result = *this;
+            --(*this);
+            return result;
+        }
+
+        /// pre-decrement (--it)
+        const_iterator& operator--()
+        {
+            assert(m_object != nullptr);
+
+            switch (m_object->m_type)
+            {
+                case basic_json::value_t::object:
+                {
+                    --m_it.object_iterator;
+                    break;
+                }
+
+                case basic_json::value_t::array:
+                {
+                    --m_it.array_iterator;
+                    break;
+                }
+
+                default:
+                {
+                    --m_it.primitive_iterator;
+                    break;
+                }
+            }
+
+            return *this;
+        }
+
+        /// comparison: equal
+        bool operator==(const const_iterator& other) const
+        {
+            // if objects are not the same, the comparison is undefined
+            if (m_object != other.m_object)
+            {
+                throw std::domain_error("cannot compare iterators of different containers");
+            }
+
+            assert(m_object != nullptr);
+
+            switch (m_object->m_type)
+            {
+                case basic_json::value_t::object:
+                {
+                    return (m_it.object_iterator == other.m_it.object_iterator);
+                }
+
+                case basic_json::value_t::array:
+                {
+                    return (m_it.array_iterator == other.m_it.array_iterator);
+                }
+
+                default:
+                {
+                    return (m_it.primitive_iterator == other.m_it.primitive_iterator);
+                }
+            }
+        }
+
+        /// comparison: not equal
+        bool operator!=(const const_iterator& other) const
+        {
+            return not operator==(other);
+        }
+
+        /// comparison: smaller
+        bool operator<(const const_iterator& other) const
+        {
+            // if objects are not the same, the comparison is undefined
+            if (m_object != other.m_object)
+            {
+                throw std::domain_error("cannot compare iterators of different containers");
+            }
+
+            assert(m_object != nullptr);
+
+            switch (m_object->m_type)
+            {
+                case basic_json::value_t::object:
+                {
+                    throw std::domain_error("cannot compare order of object iterators");
+                }
+
+                case basic_json::value_t::array:
+                {
+                    return (m_it.array_iterator < other.m_it.array_iterator);
+                }
+
+                default:
+                {
+                    return (m_it.primitive_iterator < other.m_it.primitive_iterator);
+                }
+            }
+        }
+
+        /// comparison: less than or equal
+        bool operator<=(const const_iterator& other) const
+        {
+            return not other.operator < (*this);
+        }
+
+        /// comparison: greater than
+        bool operator>(const const_iterator& other) const
+        {
+            return not operator<=(other);
+        }
+
+        /// comparison: greater than or equal
+        bool operator>=(const const_iterator& other) const
+        {
+            return not operator<(other);
+        }
+
+        /// add to iterator
+        const_iterator& operator+=(difference_type i)
+        {
+            assert(m_object != nullptr);
+
+            switch (m_object->m_type)
+            {
+                case basic_json::value_t::object:
+                {
+                    throw std::domain_error("cannot use offsets with object iterators");
+                }
+
+                case basic_json::value_t::array:
+                {
+                    m_it.array_iterator += i;
+                    break;
+                }
+
+                default:
+                {
+                    m_it.primitive_iterator += i;
+                    break;
+                }
+            }
+
+            return *this;
+        }
+
+        /// subtract from iterator
+        const_iterator& operator-=(difference_type i)
+        {
+            return operator+=(-i);
+        }
+
+        /// add to iterator
+        const_iterator operator+(difference_type i)
+        {
+            auto result = *this;
+            result += i;
+            return result;
+        }
+
+        /// subtract from iterator
+        const_iterator operator-(difference_type i)
+        {
+            auto result = *this;
+            result -= i;
+            return result;
+        }
+
+        /// return difference
+        difference_type operator-(const const_iterator& other) const
+        {
+            assert(m_object != nullptr);
+
+            switch (m_object->m_type)
+            {
+                case basic_json::value_t::object:
+                {
+                    throw std::domain_error("cannot use offsets with object iterators");
+                }
+
+                case basic_json::value_t::array:
+                {
+                    return m_it.array_iterator - other.m_it.array_iterator;
+                }
+
+                default:
+                {
+                    return m_it.primitive_iterator - other.m_it.primitive_iterator;
+                }
+            }
+        }
+
+        /// access to successor
+        reference operator[](difference_type n) const
+        {
+            assert(m_object != nullptr);
+
+            switch (m_object->m_type)
+            {
+                case basic_json::value_t::object:
+                {
+                    throw std::domain_error("cannot use operator[] for object iterators");
+                }
+
+                case basic_json::value_t::array:
+                {
+                    return *(m_it.array_iterator + n);
+                }
+
+                case basic_json::value_t::null:
+                {
+                    throw std::out_of_range("cannot get value");
+                }
+
+                default:
+                {
+                    if (m_it.primitive_iterator == -n)
+                    {
+                        return *m_object;
+                    }
+                    else
+                    {
+                        throw std::out_of_range("cannot get value");
+                    }
+                }
+            }
+        }
+
+        /// return the key of an object iterator
+        typename object_t::key_type key() const
+        {
+            assert(m_object != nullptr);
+
+            if (m_object->is_object())
+            {
+                return m_it.object_iterator->first;
+            }
+            else
+            {
+                throw std::domain_error("cannot use key() for non-object iterators");
+            }
+        }
+
+        /// return the value of an iterator
+        reference value() const
+        {
+            return operator*();
+        }
+
+      private:
+        /// associated JSON instance
+        pointer m_object = nullptr;
+        /// the actual iterator of the associated instance
+        internal_iterator m_it = internal_iterator();
+    };
+
+    /*!
+    @brief a mutable random access iterator for the @ref basic_json class
+
+    @requirement The class satisfies the following concept requirements:
+    - [RandomAccessIterator](http://en.cppreference.com/w/cpp/concept/RandomAccessIterator):
+      The iterator that can be moved to point (forward and backward) to any
+      element in constant time.
+    - [OutputIterator](http://en.cppreference.com/w/cpp/concept/OutputIterator):
+      It is possible to write to the pointed-to element.
+
+    @since version 1.0.0
+    */
+    class iterator : public const_iterator
+    {
+      public:
+        using base_iterator = const_iterator;
+        using pointer = typename basic_json::pointer;
+        using reference = typename basic_json::reference;
+
+        /// default constructor
+        iterator() = default;
+
+        /// constructor for a given JSON instance
+        explicit iterator(pointer object) noexcept
+            : base_iterator(object)
+        {}
+
+        /// copy constructor
+        iterator(const iterator& other) noexcept
+            : base_iterator(other)
+        {}
+
+        /// copy assignment
+        iterator& operator=(iterator other) noexcept(
+            std::is_nothrow_move_constructible<pointer>::value and
+            std::is_nothrow_move_assignable<pointer>::value and
+            std::is_nothrow_move_constructible<internal_iterator>::value and
+            std::is_nothrow_move_assignable<internal_iterator>::value
+        )
+        {
+            base_iterator::operator=(other);
+            return *this;
+        }
+
+        /// return a reference to the value pointed to by the iterator
+        reference operator*() const
+        {
+            return const_cast<reference>(base_iterator::operator*());
+        }
+
+        /// dereference the iterator
+        pointer operator->() const
+        {
+            return const_cast<pointer>(base_iterator::operator->());
+        }
+
+        /// post-increment (it++)
+        iterator operator++(int)
+        {
+            iterator result = *this;
+            base_iterator::operator++();
+            return result;
+        }
+
+        /// pre-increment (++it)
+        iterator& operator++()
+        {
+            base_iterator::operator++();
+            return *this;
+        }
+
+        /// post-decrement (it--)
+        iterator operator--(int)
+        {
+            iterator result = *this;
+            base_iterator::operator--();
+            return result;
+        }
+
+        /// pre-decrement (--it)
+        iterator& operator--()
+        {
+            base_iterator::operator--();
+            return *this;
+        }
+
+        /// add to iterator
+        iterator& operator+=(difference_type i)
+        {
+            base_iterator::operator+=(i);
+            return *this;
+        }
+
+        /// subtract from iterator
+        iterator& operator-=(difference_type i)
+        {
+            base_iterator::operator-=(i);
+            return *this;
+        }
+
+        /// add to iterator
+        iterator operator+(difference_type i)
+        {
+            auto result = *this;
+            result += i;
+            return result;
+        }
+
+        /// subtract from iterator
+        iterator operator-(difference_type i)
+        {
+            auto result = *this;
+            result -= i;
+            return result;
+        }
+
+        /// return difference
+        difference_type operator-(const iterator& other) const
+        {
+            return base_iterator::operator-(other);
+        }
+
+        /// access to successor
+        reference operator[](difference_type n) const
+        {
+            return const_cast<reference>(base_iterator::operator[](n));
+        }
+
+        /// return the value of an iterator
+        reference value() const
+        {
+            return const_cast<reference>(base_iterator::value());
+        }
+    };
+
+    /*!
+    @brief a template for a reverse iterator class
+
+    @tparam Base the base iterator type to reverse. Valid types are @ref
+    iterator (to create @ref reverse_iterator) and @ref const_iterator (to
+    create @ref const_reverse_iterator).
+
+    @requirement The class satisfies the following concept requirements:
+    - [RandomAccessIterator](http://en.cppreference.com/w/cpp/concept/RandomAccessIterator):
+      The iterator that can be moved to point (forward and backward) to any
+      element in constant time.
+    - [OutputIterator](http://en.cppreference.com/w/cpp/concept/OutputIterator):
+      It is possible to write to the pointed-to element (only if @a Base is
+      @ref iterator).
+
+    @since version 1.0.0
+    */
+    template<typename Base>
+    class json_reverse_iterator : public std::reverse_iterator<Base>
+    {
+      public:
+        /// shortcut to the reverse iterator adaptor
+        using base_iterator = std::reverse_iterator<Base>;
+        /// the reference type for the pointed-to element
+        using reference = typename Base::reference;
+
+        /// create reverse iterator from iterator
+        json_reverse_iterator(const typename base_iterator::iterator_type& it) noexcept
+            : base_iterator(it)
+        {}
+
+        /// create reverse iterator from base class
+        json_reverse_iterator(const base_iterator& it) noexcept
+            : base_iterator(it)
+        {}
+
+        /// post-increment (it++)
+        json_reverse_iterator operator++(int)
+        {
+            return base_iterator::operator++(1);
+        }
+
+        /// pre-increment (++it)
+        json_reverse_iterator& operator++()
+        {
+            base_iterator::operator++();
+            return *this;
+        }
+
+        /// post-decrement (it--)
+        json_reverse_iterator operator--(int)
+        {
+            return base_iterator::operator--(1);
+        }
+
+        /// pre-decrement (--it)
+        json_reverse_iterator& operator--()
+        {
+            base_iterator::operator--();
+            return *this;
+        }
+
+        /// add to iterator
+        json_reverse_iterator& operator+=(difference_type i)
+        {
+            base_iterator::operator+=(i);
+            return *this;
+        }
+
+        /// add to iterator
+        json_reverse_iterator operator+(difference_type i) const
+        {
+            auto result = *this;
+            result += i;
+            return result;
+        }
+
+        /// subtract from iterator
+        json_reverse_iterator operator-(difference_type i) const
+        {
+            auto result = *this;
+            result -= i;
+            return result;
+        }
+
+        /// return difference
+        difference_type operator-(const json_reverse_iterator& other) const
+        {
+            return this->base() - other.base();
+        }
+
+        /// access to successor
+        reference operator[](difference_type n) const
+        {
+            return *(this->operator+(n));
+        }
+
+        /// return the key of an object iterator
+        typename object_t::key_type key() const
+        {
+            auto it = --this->base();
+            return it.key();
+        }
+
+        /// return the value of an iterator
+        reference value() const
+        {
+            auto it = --this->base();
+            return it.operator * ();
+        }
+    };
+
+
+  private:
+    //////////////////////
+    // lexer and parser //
+    //////////////////////
+
+    /*!
+    @brief lexical analysis
+
+    This class organizes the lexical analysis during JSON deserialization. The
+    core of it is a scanner generated by [re2c](http://re2c.org) that
+    processes a buffer and recognizes tokens according to RFC 7159.
+    */
+    class lexer
+    {
+      public:
+        /// token types for the parser
+        enum class token_type
+        {
+            uninitialized,   ///< indicating the scanner is uninitialized
+            literal_true,    ///< the `true` literal
+            literal_false,   ///< the `false` literal
+            literal_null,    ///< the `null` literal
+            value_string,    ///< a string -- use get_string() for actual value
+            value_number,    ///< a number -- use get_number() for actual value
+            begin_array,     ///< the character for array begin `[`
+            begin_object,    ///< the character for object begin `{`
+            end_array,       ///< the character for array end `]`
+            end_object,      ///< the character for object end `}`
+            name_separator,  ///< the name separator `:`
+            value_separator, ///< the value separator `,`
+            parse_error,     ///< indicating a parse error
+            end_of_input     ///< indicating the end of the input buffer
+        };
+
+        /// the char type to use in the lexer
+        using lexer_char_t = unsigned char;
+
+        /// constructor with a given buffer
+        explicit lexer(const string_t& s) noexcept
+            : m_stream(nullptr), m_buffer(s)
+        {
+            m_content = reinterpret_cast<const lexer_char_t*>(s.c_str());
+            assert(m_content != nullptr);
+            m_start = m_cursor = m_content;
+            m_limit = m_content + s.size();
+        }
+
+        /// constructor with a given stream
+        explicit lexer(std::istream* s) noexcept
+            : m_stream(s), m_buffer()
+        {
+            assert(m_stream != nullptr);
+            getline(*m_stream, m_buffer);
+            m_content = reinterpret_cast<const lexer_char_t*>(m_buffer.c_str());
+            assert(m_content != nullptr);
+            m_start = m_cursor = m_content;
+            m_limit = m_content + m_buffer.size();
+        }
+
+        /// default constructor
+        lexer() = default;
+
+        // switch off unwanted functions
+        lexer(const lexer&) = delete;
+        lexer operator=(const lexer&) = delete;
+
+        /*!
+        @brief create a string from a Unicode code point
+
+        @param[in] codepoint1  the code point (can be high surrogate)
+        @param[in] codepoint2  the code point (can be low surrogate or 0)
+
+        @return string representation of the code point
+
+        @throw std::out_of_range if code point is > 0x10ffff; example: `"code
+        points above 0x10FFFF are invalid"`
+        @throw std::invalid_argument if the low surrogate is invalid; example:
+        `""missing or wrong low surrogate""`
+
+        @see <http://en.wikipedia.org/wiki/UTF-8#Sample_code>
+        */
+        static string_t to_unicode(const std::size_t codepoint1,
+                                   const std::size_t codepoint2 = 0)
+        {
+            // calculate the codepoint from the given code points
+            std::size_t codepoint = codepoint1;
+
+            // check if codepoint1 is a high surrogate
+            if (codepoint1 >= 0xD800 and codepoint1 <= 0xDBFF)
+            {
+                // check if codepoint2 is a low surrogate
+                if (codepoint2 >= 0xDC00 and codepoint2 <= 0xDFFF)
+                {
+                    codepoint =
+                        // high surrogate occupies the most significant 22 bits
+                        (codepoint1 << 10)
+                        // low surrogate occupies the least significant 15 bits
+                        + codepoint2
+                        // there is still the 0xD800, 0xDC00 and 0x10000 noise
+                        // in the result so we have to subtract with:
+                        // (0xD800 << 10) + DC00 - 0x10000 = 0x35FDC00
+                        - 0x35FDC00;
+                }
+                else
+                {
+                    throw std::invalid_argument("missing or wrong low surrogate");
+                }
+            }
+
+            string_t result;
+
+            if (codepoint < 0x80)
+            {
+                // 1-byte characters: 0xxxxxxx (ASCII)
+                result.append(1, static_cast<typename string_t::value_type>(codepoint));
+            }
+            else if (codepoint <= 0x7ff)
+            {
+                // 2-byte characters: 110xxxxx 10xxxxxx
+                result.append(1, static_cast<typename string_t::value_type>(0xC0 | ((codepoint >> 6) & 0x1F)));
+                result.append(1, static_cast<typename string_t::value_type>(0x80 | (codepoint & 0x3F)));
+            }
+            else if (codepoint <= 0xffff)
+            {
+                // 3-byte characters: 1110xxxx 10xxxxxx 10xxxxxx
+                result.append(1, static_cast<typename string_t::value_type>(0xE0 | ((codepoint >> 12) & 0x0F)));
+                result.append(1, static_cast<typename string_t::value_type>(0x80 | ((codepoint >> 6) & 0x3F)));
+                result.append(1, static_cast<typename string_t::value_type>(0x80 | (codepoint & 0x3F)));
+            }
+            else if (codepoint <= 0x10ffff)
+            {
+                // 4-byte characters: 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
+                result.append(1, static_cast<typename string_t::value_type>(0xF0 | ((codepoint >> 18) & 0x07)));
+                result.append(1, static_cast<typename string_t::value_type>(0x80 | ((codepoint >> 12) & 0x3F)));
+                result.append(1, static_cast<typename string_t::value_type>(0x80 | ((codepoint >> 6) & 0x3F)));
+                result.append(1, static_cast<typename string_t::value_type>(0x80 | (codepoint & 0x3F)));
+            }
+            else
+            {
+                throw std::out_of_range("code points above 0x10FFFF are invalid");
+            }
+
+            return result;
+        }
+
+        /// return name of values of type token_type (only used for errors)
+        static std::string token_type_name(token_type t)
+        {
+            switch (t)
+            {
+                case token_type::uninitialized:
+                    return "<uninitialized>";
+                case token_type::literal_true:
+                    return "true literal";
+                case token_type::literal_false:
+                    return "false literal";
+                case token_type::literal_null:
+                    return "null literal";
+                case token_type::value_string:
+                    return "string literal";
+                case token_type::value_number:
+                    return "number literal";
+                case token_type::begin_array:
+                    return "'['";
+                case token_type::begin_object:
+                    return "'{'";
+                case token_type::end_array:
+                    return "']'";
+                case token_type::end_object:
+                    return "'}'";
+                case token_type::name_separator:
+                    return "':'";
+                case token_type::value_separator:
+                    return "','";
+                case token_type::parse_error:
+                    return "<parse error>";
+                case token_type::end_of_input:
+                    return "end of input";
+                default:
+                {
+                    // catch non-enum values
+                    return "unknown token"; // LCOV_EXCL_LINE
+                }
+            }
+        }
+
+        /*!
+        This function implements a scanner for JSON. It is specified using
+        regular expressions that try to follow RFC 7159 as close as possible.
+        These regular expressions are then translated into a minimized
+        deterministic finite automaton (DFA) by the tool
+        [re2c](http://re2c.org). As a result, the translated code for this
+        function consists of a large block of code with `goto` jumps.
+
+        @return the class of the next token read from the buffer
+        */
+        token_type scan() noexcept
+        {
+            // pointer for backtracking information
+            m_marker = nullptr;
+
+            // remember the begin of the token
+            m_start = m_cursor;
+            assert(m_start != nullptr);
+
+
+            {
+                lexer_char_t yych;
+                unsigned int yyaccept = 0;
+                static const unsigned char yybm[] =
+                {
+                    0,   0,   0,   0,   0,   0,   0,   0,
+                    0,  32,  32,   0,   0,  32,   0,   0,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    160, 128,   0, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    192, 192, 192, 192, 192, 192, 192, 192,
+                    192, 192, 128, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128,   0, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                    128, 128, 128, 128, 128, 128, 128, 128,
+                };
+                if ((m_limit - m_cursor) < 5)
+                {
+                    yyfill();    // LCOV_EXCL_LINE;
+                }
+                yych = *m_cursor;
+                if (yybm[0 + yych] & 32)
+                {
+                    goto basic_json_parser_6;
+                }
+                if (yych <= '\\')
+                {
+                    if (yych <= '-')
+                    {
+                        if (yych <= '"')
+                        {
+                            if (yych <= 0x00)
+                            {
+                                goto basic_json_parser_2;
+                            }
+                            if (yych <= '!')
+                            {
+                                goto basic_json_parser_4;
+                            }
+                            goto basic_json_parser_9;
+                        }
+                        else
+                        {
+                            if (yych <= '+')
+                            {
+                                goto basic_json_parser_4;
+                            }
+                            if (yych <= ',')
+                            {
+                                goto basic_json_parser_10;
+                            }
+                            goto basic_json_parser_12;
+                        }
+                    }
+                    else
+                    {
+                        if (yych <= '9')
+                        {
+                            if (yych <= '/')
+                            {
+                                goto basic_json_parser_4;
+                            }
+                            if (yych <= '0')
+                            {
+                                goto basic_json_parser_13;
+                            }
+                            goto basic_json_parser_15;
+                        }
+                        else
+                        {
+                            if (yych <= ':')
+                            {
+                                goto basic_json_parser_17;
+                            }
+                            if (yych == '[')
+                            {
+                                goto basic_json_parser_19;
+                            }
+                            goto basic_json_parser_4;
+                        }
+                    }
+                }
+                else
+                {
+                    if (yych <= 't')
+                    {
+                        if (yych <= 'f')
+                        {
+                            if (yych <= ']')
+                            {
+                                goto basic_json_parser_21;
+                            }
+                            if (yych <= 'e')
+                            {
+                                goto basic_json_parser_4;
+                            }
+                            goto basic_json_parser_23;
+                        }
+                        else
+                        {
+                            if (yych == 'n')
+                            {
+                                goto basic_json_parser_24;
+                            }
+                            if (yych <= 's')
+                            {
+                                goto basic_json_parser_4;
+                            }
+                            goto basic_json_parser_25;
+                        }
+                    }
+                    else
+                    {
+                        if (yych <= '|')
+                        {
+                            if (yych == '{')
+                            {
+                                goto basic_json_parser_26;
+                            }
+                            goto basic_json_parser_4;
+                        }
+                        else
+                        {
+                            if (yych <= '}')
+                            {
+                                goto basic_json_parser_28;
+                            }
+                            if (yych == 0xEF)
+                            {
+                                goto basic_json_parser_30;
+                            }
+                            goto basic_json_parser_4;
+                        }
+                    }
+                }
+basic_json_parser_2:
+                ++m_cursor;
+                {
+                    return token_type::end_of_input;
+                }
+basic_json_parser_4:
+                ++m_cursor;
+basic_json_parser_5:
+                {
+                    return token_type::parse_error;
+                }
+basic_json_parser_6:
+                ++m_cursor;
+                if (m_limit <= m_cursor)
+                {
+                    yyfill();    // LCOV_EXCL_LINE;
+                }
+                yych = *m_cursor;
+                if (yybm[0 + yych] & 32)
+                {
+                    goto basic_json_parser_6;
+                }
+                {
+                    return scan();
+                }
+basic_json_parser_9:
+                yyaccept = 0;
+                yych = *(m_marker = ++m_cursor);
+                if (yych <= 0x0F)
+                {
+                    goto basic_json_parser_5;
+                }
+                goto basic_json_parser_32;
+basic_json_parser_10:
+                ++m_cursor;
+                {
+                    return token_type::value_separator;
+                }
+basic_json_parser_12:
+                yych = *++m_cursor;
+                if (yych <= '/')
+                {
+                    goto basic_json_parser_5;
+                }
+                if (yych <= '0')
+                {
+                    goto basic_json_parser_13;
+                }
+                if (yych <= '9')
+                {
+                    goto basic_json_parser_15;
+                }
+                goto basic_json_parser_5;
+basic_json_parser_13:
+                yyaccept = 1;
+                yych = *(m_marker = ++m_cursor);
+                if (yych <= 'D')
+                {
+                    if (yych == '.')
+                    {
+                        goto basic_json_parser_37;
+                    }
+                }
+                else
+                {
+                    if (yych <= 'E')
+                    {
+                        goto basic_json_parser_38;
+                    }
+                    if (yych == 'e')
+                    {
+                        goto basic_json_parser_38;
+                    }
+                }
+basic_json_parser_14:
+                {
+                    return token_type::value_number;
+                }
+basic_json_parser_15:
+                yyaccept = 1;
+                m_marker = ++m_cursor;
+                if ((m_limit - m_cursor) < 3)
+                {
+                    yyfill();    // LCOV_EXCL_LINE;
+                }
+                yych = *m_cursor;
+                if (yybm[0 + yych] & 64)
+                {
+                    goto basic_json_parser_15;
+                }
+                if (yych <= 'D')
+                {
+                    if (yych == '.')
+                    {
+                        goto basic_json_parser_37;
+                    }
+                    goto basic_json_parser_14;
+                }
+                else
+                {
+                    if (yych <= 'E')
+                    {
+                        goto basic_json_parser_38;
+                    }
+                    if (yych == 'e')
+                    {
+                        goto basic_json_parser_38;
+                    }
+                    goto basic_json_parser_14;
+                }
+basic_json_parser_17:
+                ++m_cursor;
+                {
+                    return token_type::name_separator;
+                }
+basic_json_parser_19:
+                ++m_cursor;
+                {
+                    return token_type::begin_array;
+                }
+basic_json_parser_21:
+                ++m_cursor;
+                {
+                    return token_type::end_array;
+                }
+basic_json_parser_23:
+                yyaccept = 0;
+                yych = *(m_marker = ++m_cursor);
+                if (yych == 'a')
+                {
+                    goto basic_json_parser_39;
+                }
+                goto basic_json_parser_5;
+basic_json_parser_24:
+                yyaccept = 0;
+                yych = *(m_marker = ++m_cursor);
+                if (yych == 'u')
+                {
+                    goto basic_json_parser_40;
+                }
+                goto basic_json_parser_5;
+basic_json_parser_25:
+                yyaccept = 0;
+                yych = *(m_marker = ++m_cursor);
+                if (yych == 'r')
+                {
+                    goto basic_json_parser_41;
+                }
+                goto basic_json_parser_5;
+basic_json_parser_26:
+                ++m_cursor;
+                {
+                    return token_type::begin_object;
+                }
+basic_json_parser_28:
+                ++m_cursor;
+                {
+                    return token_type::end_object;
+                }
+basic_json_parser_30:
+                yyaccept = 0;
+                yych = *(m_marker = ++m_cursor);
+                if (yych == 0xBB)
+                {
+                    goto basic_json_parser_42;
+                }
+                goto basic_json_parser_5;
+basic_json_parser_31:
+                ++m_cursor;
+                if (m_limit <= m_cursor)
+                {
+                    yyfill();    // LCOV_EXCL_LINE;
+                }
+                yych = *m_cursor;
+basic_json_parser_32:
+                if (yybm[0 + yych] & 128)
+                {
+                    goto basic_json_parser_31;
+                }
+                if (yych <= 0x0F)
+                {
+                    goto basic_json_parser_33;
+                }
+                if (yych <= '"')
+                {
+                    goto basic_json_parser_34;
+                }
+                goto basic_json_parser_36;
+basic_json_parser_33:
+                m_cursor = m_marker;
+                if (yyaccept == 0)
+                {
+                    goto basic_json_parser_5;
+                }
+                else
+                {
+                    goto basic_json_parser_14;
+                }
+basic_json_parser_34:
+                ++m_cursor;
+                {
+                    return token_type::value_string;
+                }
+basic_json_parser_36:
+                ++m_cursor;
+                if (m_limit <= m_cursor)
+                {
+                    yyfill();    // LCOV_EXCL_LINE;
+                }
+                yych = *m_cursor;
+                if (yych <= 'e')
+                {
+                    if (yych <= '/')
+                    {
+                        if (yych == '"')
+                        {
+                            goto basic_json_parser_31;
+                        }
+                        if (yych <= '.')
+                        {
+                            goto basic_json_parser_33;
+                        }
+                        goto basic_json_parser_31;
+                    }
+                    else
+                    {
+                        if (yych <= '\\')
+                        {
+                            if (yych <= '[')
+                            {
+                                goto basic_json_parser_33;
+                            }
+                            goto basic_json_parser_31;
+                        }
+                        else
+                        {
+                            if (yych == 'b')
+                            {
+                                goto basic_json_parser_31;
+                            }
+                            goto basic_json_parser_33;
+                        }
+                    }
+                }
+                else
+                {
+                    if (yych <= 'q')
+                    {
+                        if (yych <= 'f')
+                        {
+                            goto basic_json_parser_31;
+                        }
+                        if (yych == 'n')
+                        {
+                            goto basic_json_parser_31;
+                        }
+                        goto basic_json_parser_33;
+                    }
+                    else
+                    {
+                        if (yych <= 's')
+                        {
+                            if (yych <= 'r')
+                            {
+                                goto basic_json_parser_31;
+                            }
+                            goto basic_json_parser_33;
+                        }
+                        else
+                        {
+                            if (yych <= 't')
+                            {
+                                goto basic_json_parser_31;
+                            }
+                            if (yych <= 'u')
+                            {
+                                goto basic_json_parser_43;
+                            }
+                            goto basic_json_parser_33;
+                        }
+                    }
+                }
+basic_json_parser_37:
+                yych = *++m_cursor;
+                if (yych <= '/')
+                {
+                    goto basic_json_parser_33;
+                }
+                if (yych <= '9')
+                {
+                    goto basic_json_parser_44;
+                }
+                goto basic_json_parser_33;
+basic_json_parser_38:
+                yych = *++m_cursor;
+                if (yych <= ',')
+                {
+                    if (yych == '+')
+                    {
+                        goto basic_json_parser_46;
+                    }
+                    goto basic_json_parser_33;
+                }
+                else
+                {
+                    if (yych <= '-')
+                    {
+                        goto basic_json_parser_46;
+                    }
+                    if (yych <= '/')
+                    {
+                        goto basic_json_parser_33;
+                    }
+                    if (yych <= '9')
+                    {
+                        goto basic_json_parser_47;
+                    }
+                    goto basic_json_parser_33;
+                }
+basic_json_parser_39:
+                yych = *++m_cursor;
+                if (yych == 'l')
+                {
+                    goto basic_json_parser_49;
+                }
+                goto basic_json_parser_33;
+basic_json_parser_40:
+                yych = *++m_cursor;
+                if (yych == 'l')
+                {
+                    goto basic_json_parser_50;
+                }
+                goto basic_json_parser_33;
+basic_json_parser_41:
+                yych = *++m_cursor;
+                if (yych == 'u')
+                {
+                    goto basic_json_parser_51;
+                }
+                goto basic_json_parser_33;
+basic_json_parser_42:
+                yych = *++m_cursor;
+                if (yych == 0xBF)
+                {
+                    goto basic_json_parser_52;
+                }
+                goto basic_json_parser_33;
+basic_json_parser_43:
+                ++m_cursor;
+                if (m_limit <= m_cursor)
+                {
+                    yyfill();    // LCOV_EXCL_LINE;
+                }
+                yych = *m_cursor;
+                if (yych <= '@')
+                {
+                    if (yych <= '/')
+                    {
+                        goto basic_json_parser_33;
+                    }
+                    if (yych <= '9')
+                    {
+                        goto basic_json_parser_54;
+                    }
+                    goto basic_json_parser_33;
+                }
+                else
+                {
+                    if (yych <= 'F')
+                    {
+                        goto basic_json_parser_54;
+                    }
+                    if (yych <= '`')
+                    {
+                        goto basic_json_parser_33;
+                    }
+                    if (yych <= 'f')
+                    {
+                        goto basic_json_parser_54;
+                    }
+                    goto basic_json_parser_33;
+                }
+basic_json_parser_44:
+                yyaccept = 1;
+                m_marker = ++m_cursor;
+                if ((m_limit - m_cursor) < 3)
+                {
+                    yyfill();    // LCOV_EXCL_LINE;
+                }
+                yych = *m_cursor;
+                if (yych <= 'D')
+                {
+                    if (yych <= '/')
+                    {
+                        goto basic_json_parser_14;
+                    }
+                    if (yych <= '9')
+                    {
+                        goto basic_json_parser_44;
+                    }
+                    goto basic_json_parser_14;
+                }
+                else
+                {
+                    if (yych <= 'E')
+                    {
+                        goto basic_json_parser_38;
+                    }
+                    if (yych == 'e')
+                    {
+                        goto basic_json_parser_38;
+                    }
+                    goto basic_json_parser_14;
+                }
+basic_json_parser_46:
+                yych = *++m_cursor;
+                if (yych <= '/')
+                {
+                    goto basic_json_parser_33;
+                }
+                if (yych >= ':')
+                {
+                    goto basic_json_parser_33;
+                }
+basic_json_parser_47:
+                ++m_cursor;
+                if (m_limit <= m_cursor)
+                {
+                    yyfill();    // LCOV_EXCL_LINE;
+                }
+                yych = *m_cursor;
+                if (yych <= '/')
+                {
+                    goto basic_json_parser_14;
+                }
+                if (yych <= '9')
+                {
+                    goto basic_json_parser_47;
+                }
+                goto basic_json_parser_14;
+basic_json_parser_49:
+                yych = *++m_cursor;
+                if (yych == 's')
+                {
+                    goto basic_json_parser_55;
+                }
+                goto basic_json_parser_33;
+basic_json_parser_50:
+                yych = *++m_cursor;
+                if (yych == 'l')
+                {
+                    goto basic_json_parser_56;
+                }
+                goto basic_json_parser_33;
+basic_json_parser_51:
+                yych = *++m_cursor;
+                if (yych == 'e')
+                {
+                    goto basic_json_parser_58;
+                }
+                goto basic_json_parser_33;
+basic_json_parser_52:
+                ++m_cursor;
+                {
+                    return scan();
+                }
+basic_json_parser_54:
+                ++m_cursor;
+                if (m_limit <= m_cursor)
+                {
+                    yyfill();    // LCOV_EXCL_LINE;
+                }
+                yych = *m_cursor;
+                if (yych <= '@')
+                {
+                    if (yych <= '/')
+                    {
+                        goto basic_json_parser_33;
+                    }
+                    if (yych <= '9')
+                    {
+                        goto basic_json_parser_60;
+                    }
+                    goto basic_json_parser_33;
+                }
+                else
+                {
+                    if (yych <= 'F')
+                    {
+                        goto basic_json_parser_60;
+                    }
+                    if (yych <= '`')
+                    {
+                        goto basic_json_parser_33;
+                    }
+                    if (yych <= 'f')
+                    {
+                        goto basic_json_parser_60;
+                    }
+                    goto basic_json_parser_33;
+                }
+basic_json_parser_55:
+                yych = *++m_cursor;
+                if (yych == 'e')
+                {
+                    goto basic_json_parser_61;
+                }
+                goto basic_json_parser_33;
+basic_json_parser_56:
+                ++m_cursor;
+                {
+                    return token_type::literal_null;
+                }
+basic_json_parser_58:
+                ++m_cursor;
+                {
+                    return token_type::literal_true;
+                }
+basic_json_parser_60:
+                ++m_cursor;
+                if (m_limit <= m_cursor)
+                {
+                    yyfill();    // LCOV_EXCL_LINE;
+                }
+                yych = *m_cursor;
+                if (yych <= '@')
+                {
+                    if (yych <= '/')
+                    {
+                        goto basic_json_parser_33;
+                    }
+                    if (yych <= '9')
+                    {
+                        goto basic_json_parser_63;
+                    }
+                    goto basic_json_parser_33;
+                }
+                else
+                {
+                    if (yych <= 'F')
+                    {
+                        goto basic_json_parser_63;
+                    }
+                    if (yych <= '`')
+                    {
+                        goto basic_json_parser_33;
+                    }
+                    if (yych <= 'f')
+                    {
+                        goto basic_json_parser_63;
+                    }
+                    goto basic_json_parser_33;
+                }
+basic_json_parser_61:
+                ++m_cursor;
+                {
+                    return token_type::literal_false;
+                }
+basic_json_parser_63:
+                ++m_cursor;
+                if (m_limit <= m_cursor)
+                {
+                    yyfill();    // LCOV_EXCL_LINE;
+                }
+                yych = *m_cursor;
+                if (yych <= '@')
+                {
+                    if (yych <= '/')
+                    {
+                        goto basic_json_parser_33;
+                    }
+                    if (yych <= '9')
+                    {
+                        goto basic_json_parser_31;
+                    }
+                    goto basic_json_parser_33;
+                }
+                else
+                {
+                    if (yych <= 'F')
+                    {
+                        goto basic_json_parser_31;
+                    }
+                    if (yych <= '`')
+                    {
+                        goto basic_json_parser_33;
+                    }
+                    if (yych <= 'f')
+                    {
+                        goto basic_json_parser_31;
+                    }
+                    goto basic_json_parser_33;
+                }
+            }
+
+        }
+
+        /// append data from the stream to the internal buffer
+        void yyfill() noexcept
+        {
+            if (m_stream == nullptr or not * m_stream)
+            {
+                return;
+            }
+
+            const auto offset_start = m_start - m_content;
+            const auto offset_marker = m_marker - m_start;
+            const auto offset_cursor = m_cursor - m_start;
+
+            m_buffer.erase(0, static_cast<size_t>(offset_start));
+            std::string line;
+            assert(m_stream != nullptr);
+            std::getline(*m_stream, line);
+            m_buffer += "\n" + line; // add line with newline symbol
+
+            m_content = reinterpret_cast<const lexer_char_t*>(m_buffer.c_str());
+            assert(m_content != nullptr);
+            m_start  = m_content;
+            m_marker = m_start + offset_marker;
+            m_cursor = m_start + offset_cursor;
+            m_limit  = m_start + m_buffer.size() - 1;
+        }
+
+        /// return string representation of last read token
+        string_t get_token() const
+        {
+            assert(m_start != nullptr);
+            return string_t(reinterpret_cast<typename string_t::const_pointer>(m_start),
+                            static_cast<size_t>(m_cursor - m_start));
+        }
+
+        /*!
+        @brief return string value for string tokens
+
+        The function iterates the characters between the opening and closing
+        quotes of the string value. The complete string is the range
+        [m_start,m_cursor). Consequently, we iterate from m_start+1 to
+        m_cursor-1.
+
+        We differentiate two cases:
+
+        1. Escaped characters. In this case, a new character is constructed
+           according to the nature of the escape. Some escapes create new
+           characters (e.g., `"\\n"` is replaced by `"\n"`), some are copied
+           as is (e.g., `"\\\\"`). Furthermore, Unicode escapes of the shape
+           `"\\uxxxx"` need special care. In this case, to_unicode takes care
+           of the construction of the values.
+        2. Unescaped characters are copied as is.
+
+        @return string value of current token without opening and closing
+        quotes
+        @throw std::out_of_range if to_unicode fails
+        */
+        string_t get_string() const
+        {
+            string_t result;
+            result.reserve(static_cast<size_t>(m_cursor - m_start - 2));
+
+            // iterate the result between the quotes
+            for (const lexer_char_t* i = m_start + 1; i < m_cursor - 1; ++i)
+            {
+                // process escaped characters
+                if (*i == '\\')
+                {
+                    // read next character
+                    ++i;
+
+                    switch (*i)
+                    {
+                        // the default escapes
+                        case 't':
+                        {
+                            result += "\t";
+                            break;
+                        }
+                        case 'b':
+                        {
+                            result += "\b";
+                            break;
+                        }
+                        case 'f':
+                        {
+                            result += "\f";
+                            break;
+                        }
+                        case 'n':
+                        {
+                            result += "\n";
+                            break;
+                        }
+                        case 'r':
+                        {
+                            result += "\r";
+                            break;
+                        }
+                        case '\\':
+                        {
+                            result += "\\";
+                            break;
+                        }
+                        case '/':
+                        {
+                            result += "/";
+                            break;
+                        }
+                        case '"':
+                        {
+                            result += "\"";
+                            break;
+                        }
+
+                        // unicode
+                        case 'u':
+                        {
+                            // get code xxxx from uxxxx
+                            auto codepoint = std::strtoul(std::string(reinterpret_cast<typename string_t::const_pointer>(i + 1),
+                                                          4).c_str(), nullptr, 16);
+
+                            // check if codepoint is a high surrogate
+                            if (codepoint >= 0xD800 and codepoint <= 0xDBFF)
+                            {
+                                // make sure there is a subsequent unicode
+                                if ((i + 6 >= m_limit) or * (i + 5) != '\\' or * (i + 6) != 'u')
+                                {
+                                    throw std::invalid_argument("missing low surrogate");
+                                }
+
+                                // get code yyyy from uxxxx\uyyyy
+                                auto codepoint2 = std::strtoul(std::string(reinterpret_cast<typename string_t::const_pointer>
+                                                               (i + 7), 4).c_str(), nullptr, 16);
+                                result += to_unicode(codepoint, codepoint2);
+                                // skip the next 10 characters (xxxx\uyyyy)
+                                i += 10;
+                            }
+                            else
+                            {
+                                // add unicode character(s)
+                                result += to_unicode(codepoint);
+                                // skip the next four characters (xxxx)
+                                i += 4;
+                            }
+                            break;
+                        }
+                    }
+                }
+                else
+                {
+                    // all other characters are just copied to the end of the
+                    // string
+                    result.append(1, static_cast<typename string_t::value_type>(*i));
+                }
+            }
+
+            return result;
+        }
+
+        /*!
+        @brief parse floating point number
+
+        This function (and its overloads) serves to select the most approprate
+        standard floating point number parsing function based on the type
+        supplied via the first parameter.  Set this to @a
+        static_cast<number_float_t*>(nullptr).
+
+        @param[in] type  the @ref number_float_t in use
+
+        @param[in,out] endptr recieves a pointer to the first character after
+        the number
+
+        @return the floating point number
+
+        @bug This function uses `std::strtof`, `std::strtod`, or `std::strtold`
+        which use the current C locale to determine which character is used as
+        decimal point character. This may yield to parse errors if the locale
+        does not used `.`.
+        */
+        long double str_to_float_t(long double* /* type */, char** endptr) const
+        {
+            return std::strtold(reinterpret_cast<typename string_t::const_pointer>(m_start), endptr);
+        }
+
+        /*!
+        @brief parse floating point number
+
+        This function (and its overloads) serves to select the most approprate
+        standard floating point number parsing function based on the type
+        supplied via the first parameter.  Set this to @a
+        static_cast<number_float_t*>(nullptr).
+
+        @param[in] type  the @ref number_float_t in use
+
+        @param[in,out] endptr  recieves a pointer to the first character after
+        the number
+
+        @return the floating point number
+        */
+        double str_to_float_t(double* /* type */, char** endptr) const
+        {
+            return std::strtod(reinterpret_cast<typename string_t::const_pointer>(m_start), endptr);
+        }
+
+        /*!
+        @brief parse floating point number
+
+        This function (and its overloads) serves to select the most approprate
+        standard floating point number parsing function based on the type
+        supplied via the first parameter.  Set this to @a
+        static_cast<number_float_t*>(nullptr).
+
+        @param[in] type  the @ref number_float_t in use
+
+        @param[in,out] endptr  recieves a pointer to the first character after
+        the number
+
+        @return the floating point number
+        */
+        float str_to_float_t(float* /* type */, char** endptr) const
+        {
+            return std::strtof(reinterpret_cast<typename string_t::const_pointer>(m_start), endptr);
+        }
+
+        /*!
+        @brief return number value for number tokens
+
+        This function translates the last token into the most appropriate
+        number type (either integer, unsigned integer or floating point),
+        which is passed back to the caller via the result parameter.
+
+        This function parses the integer component up to the radix point or
+        exponent while collecting information about the 'floating point
+        representation', which it stores in the result parameter. If there is
+        no radix point or exponent, and the number can fit into a @ref
+        number_integer_t or @ref number_unsigned_t then it sets the result
+        parameter accordingly.
+
+        The 'floating point representation' includes the number of significant
+        figures after the radix point, whether the number is in exponential or
+        decimal form, the capitalization of the exponent marker, and if the
+        optional '+' is present in the exponent. This information is necessary
+        to perform accurate round trips of floating point numbers.
+
+        If the number is a floating point number the number is then parsed
+        using @a std:strtod (or @a std:strtof or @a std::strtold).
+
+        @param[out] result  @ref basic_json object to receive the number, or
+          NAN if the conversion read past the current token. The latter case
+          needs to be treated by the caller function.
+        */
+        void get_number(basic_json& result) const
+        {
+            assert(m_start != nullptr);
+
+            const lexer::lexer_char_t* curptr = m_start;
+
+            // remember this number was parsed (for later serialization)
+            result.m_type.bits.parsed = true;
+
+            // 'found_radix_point' will be set to 0xFF upon finding a radix
+            // point and later used to mask in/out the precision depending
+            // whether a radix is found i.e. 'precision &= found_radix_point'
+            uint8_t found_radix_point = 0;
+            uint8_t precision = 0;
+
+            // accumulate the integer conversion result (unsigned for now)
+            number_unsigned_t value = 0;
+
+            // maximum absolute value of the relevant integer type
+            number_unsigned_t max;
+
+            // temporarily store the type to avoid unecessary bitfield access
+            value_t type;
+
+            // look for sign
+            if (*curptr == '-')
+            {
+                type = value_t::number_integer;
+                max = static_cast<uint64_t>((std::numeric_limits<number_integer_t>::max)()) + 1;
+                curptr++;
+            }
+            else
+            {
+                type = value_t::number_unsigned;
+                max = static_cast<uint64_t>((std::numeric_limits<number_unsigned_t>::max)());
+            }
+
+            // count the significant figures
+            for (; curptr < m_cursor; curptr++)
+            {
+                // quickly skip tests if a digit
+                if (*curptr < '0' || *curptr > '9')
+                {
+                    if (*curptr == '.')
+                    {
+                        // don't count '.' but change to float
+                        type = value_t::number_float;
+
+                        // reset precision count
+                        precision = 0;
+                        found_radix_point = 0xFF;
+                        continue;
+                    }
+                    // assume exponent (if not then will fail parse): change to
+                    // float, stop counting and record exponent details
+                    type = value_t::number_float;
+                    result.m_type.bits.has_exp = true;
+
+                    // exponent capitalization
+                    result.m_type.bits.exp_cap = (*curptr == 'E');
+
+                    // exponent '+' sign
+                    result.m_type.bits.exp_plus = (*(++curptr) == '+');
+                    break;
+                }
+
+                // skip if definitely not an integer
+                if (type != value_t::number_float)
+                {
+                    // multiply last value by ten and add the new digit
+                    auto temp = value * 10 + *curptr - 0x30;
+
+                    // test for overflow
+                    if (temp < value || temp > max)
+                    {
+                        // overflow
+                        type = value_t::number_float;
+                    }
+                    else
+                    {
+                        // no overflow - save it
+                        value = temp;
+                    }
+                }
+                ++precision;
+            }
+
+            // If no radix point was found then precision would now be set to
+            // the number of digits, which is wrong - clear it.
+            result.m_type.bits.precision = precision & found_radix_point;
+
+            // save the value (if not a float)
+            if (type == value_t::number_unsigned)
+            {
+                result.m_value.number_unsigned = value;
+            }
+            else if (type == value_t::number_integer)
+            {
+                result.m_value.number_integer = -static_cast<number_integer_t>(value);
+            }
+            else
+            {
+                // parse with strtod
+                result.m_value.number_float = str_to_float_t(static_cast<number_float_t*>(nullptr), NULL);
+            }
+
+            // save the type
+            result.m_type = type;
+        }
+
+      private:
+        /// optional input stream
+        std::istream* m_stream = nullptr;
+        /// the buffer
+        string_t m_buffer;
+        /// the buffer pointer
+        const lexer_char_t* m_content = nullptr;
+        /// pointer to the beginning of the current symbol
+        const lexer_char_t* m_start = nullptr;
+        /// pointer for backtracking information
+        const lexer_char_t* m_marker = nullptr;
+        /// pointer to the current symbol
+        const lexer_char_t* m_cursor = nullptr;
+        /// pointer to the end of the buffer
+        const lexer_char_t* m_limit = nullptr;
+    };
+
+    /*!
+    @brief syntax analysis
+
+    This class implements a recursive decent parser.
+    */
+    class parser
+    {
+      public:
+        /// constructor for strings
+        parser(const string_t& s, parser_callback_t cb = nullptr) noexcept
+            : callback(cb), m_lexer(s)
+        {
+            // read first token
+            get_token();
+        }
+
+        /// a parser reading from an input stream
+        parser(std::istream& _is, parser_callback_t cb = nullptr) noexcept
+            : callback(cb), m_lexer(&_is)
+        {
+            // read first token
+            get_token();
+        }
+
+        /// public parser interface
+        basic_json parse()
+        {
+            basic_json result = parse_internal(true);
+
+            expect(lexer::token_type::end_of_input);
+
+            // return parser result and replace it with null in case the
+            // top-level value was discarded by the callback function
+            return result.is_discarded() ? basic_json() : result;
+        }
+
+      private:
+        /// the actual parser
+        basic_json parse_internal(bool keep)
+        {
+            auto result = basic_json(value_t::discarded);
+
+            switch (last_token)
+            {
+                case lexer::token_type::begin_object:
+                {
+                    if (keep and (not callback or (keep = callback(depth++, parse_event_t::object_start, result))))
+                    {
+                        // explicitly set result to object to cope with {}
+                        result.m_type = value_t::object;
+                        result.m_value = json_value(value_t::object);
+                    }
+
+                    // read next token
+                    get_token();
+
+                    // closing } -> we are done
+                    if (last_token == lexer::token_type::end_object)
+                    {
+                        get_token();
+                        if (keep and callback and not callback(--depth, parse_event_t::object_end, result))
+                        {
+                            result = basic_json(value_t::discarded);
+                        }
+                        return result;
+                    }
+
+                    // no comma is expected here
+                    unexpect(lexer::token_type::value_separator);
+
+                    // otherwise: parse key-value pairs
+                    do
+                    {
+                        // ugly, but could be fixed with loop reorganization
+                        if (last_token == lexer::token_type::value_separator)
+                        {
+                            get_token();
+                        }
+
+                        // store key
+                        expect(lexer::token_type::value_string);
+                        const auto key = m_lexer.get_string();
+
+                        bool keep_tag = false;
+                        if (keep)
+                        {
+                            if (callback)
+                            {
+                                basic_json k(key);
+                                keep_tag = callback(depth, parse_event_t::key, k);
+                            }
+                            else
+                            {
+                                keep_tag = true;
+                            }
+                        }
+
+                        // parse separator (:)
+                        get_token();
+                        expect(lexer::token_type::name_separator);
+
+                        // parse and add value
+                        get_token();
+                        auto value = parse_internal(keep);
+                        if (keep and keep_tag and not value.is_discarded())
+                        {
+                            result[key] = std::move(value);
+                        }
+                    }
+                    while (last_token == lexer::token_type::value_separator);
+
+                    // closing }
+                    expect(lexer::token_type::end_object);
+                    get_token();
+                    if (keep and callback and not callback(--depth, parse_event_t::object_end, result))
+                    {
+                        result = basic_json(value_t::discarded);
+                    }
+
+                    return result;
+                }
+
+                case lexer::token_type::begin_array:
+                {
+                    if (keep and (not callback or (keep = callback(depth++, parse_event_t::array_start, result))))
+                    {
+                        // explicitly set result to object to cope with []
+                        result.m_type = value_t::array;
+                        result.m_value = json_value(value_t::array);
+                    }
+
+                    // read next token
+                    get_token();
+
+                    // closing ] -> we are done
+                    if (last_token == lexer::token_type::end_array)
+                    {
+                        get_token();
+                        if (callback and not callback(--depth, parse_event_t::array_end, result))
+                        {
+                            result = basic_json(value_t::discarded);
+                        }
+                        return result;
+                    }
+
+                    // no comma is expected here
+                    unexpect(lexer::token_type::value_separator);
+
+                    // otherwise: parse values
+                    do
+                    {
+                        // ugly, but could be fixed with loop reorganization
+                        if (last_token == lexer::token_type::value_separator)
+                        {
+                            get_token();
+                        }
+
+                        // parse value
+                        auto value = parse_internal(keep);
+                        if (keep and not value.is_discarded())
+                        {
+                            result.push_back(std::move(value));
+                        }
+                    }
+                    while (last_token == lexer::token_type::value_separator);
+
+                    // closing ]
+                    expect(lexer::token_type::end_array);
+                    get_token();
+                    if (keep and callback and not callback(--depth, parse_event_t::array_end, result))
+                    {
+                        result = basic_json(value_t::discarded);
+                    }
+
+                    return result;
+                }
+
+                case lexer::token_type::literal_null:
+                {
+                    get_token();
+                    result.m_type = value_t::null;
+                    break;
+                }
+
+                case lexer::token_type::value_string:
+                {
+                    const auto s = m_lexer.get_string();
+                    get_token();
+                    result = basic_json(s);
+                    break;
+                }
+
+                case lexer::token_type::literal_true:
+                {
+                    get_token();
+                    result.m_type = value_t::boolean;
+                    result.m_value = true;
+                    break;
+                }
+
+                case lexer::token_type::literal_false:
+                {
+                    get_token();
+                    result.m_type = value_t::boolean;
+                    result.m_value = false;
+                    break;
+                }
+
+                case lexer::token_type::value_number:
+                {
+                    m_lexer.get_number(result);
+                    get_token();
+                    break;
+                }
+
+                default:
+                {
+                    // the last token was unexpected
+                    unexpect(last_token);
+                }
+            }
+
+            if (keep and callback and not callback(depth, parse_event_t::value, result))
+            {
+                result = basic_json(value_t::discarded);
+            }
+            return result;
+        }
+
+        /// get next token from lexer
+        typename lexer::token_type get_token() noexcept
+        {
+            last_token = m_lexer.scan();
+            return last_token;
+        }
+
+        void expect(typename lexer::token_type t) const
+        {
+            if (t != last_token)
+            {
+                std::string error_msg = "parse error - unexpected ";
+                error_msg += (last_token == lexer::token_type::parse_error ? ("'" +  m_lexer.get_token() + "'") :
+                              lexer::token_type_name(last_token));
+                error_msg += "; expected " + lexer::token_type_name(t);
+                throw std::invalid_argument(error_msg);
+            }
+        }
+
+        void unexpect(typename lexer::token_type t) const
+        {
+            if (t == last_token)
+            {
+                std::string error_msg = "parse error - unexpected ";
+                error_msg += (last_token == lexer::token_type::parse_error ? ("'" +  m_lexer.get_token() + "'") :
+                              lexer::token_type_name(last_token));
+                throw std::invalid_argument(error_msg);
+            }
+        }
+
+      private:
+        /// current level of recursion
+        int depth = 0;
+        /// callback function
+        parser_callback_t callback;
+        /// the type of the last read token
+        typename lexer::token_type last_token = lexer::token_type::uninitialized;
+        /// the lexer
+        lexer m_lexer;
+    };
+
+  public:
+    /*!
+    @brief JSON Pointer
+
+    A JSON pointer defines a string syntax for identifying a specific value
+    within a JSON document. It can be used with functions `at` and
+    `operator[]`. Furthermore, JSON pointers are the base for JSON patches.
+
+    @sa [RFC 6901](https://tools.ietf.org/html/rfc6901)
+
+    @since version 2.0.0
+    */
+    class json_pointer
+    {
+        /// allow basic_json to access private members
+        friend class basic_json;
+
+      public:
+        /*!
+        @brief create JSON pointer
+
+        Create a JSON pointer according to the syntax described in
+        [Section 3 of RFC6901](https://tools.ietf.org/html/rfc6901#section-3).
+
+        @param[in] s  string representing the JSON pointer; if omitted, the
+                      empty string is assumed which references the whole JSON
+                      value
+
+        @throw std::domain_error if reference token is nonempty and does not
+        begin with a slash (`/`); example: `"JSON pointer must be empty or
+        begin with /"`
+        @throw std::domain_error if a tilde (`~`) is not followed by `0`
+        (representing `~`) or `1` (representing `/`); example: `"escape error:
+        ~ must be followed with 0 or 1"`
+
+        @liveexample{The example shows the construction several valid JSON
+        pointers as well as the exceptional behavior.,json_pointer}
+
+        @since version 2.0.0
+        */
+        explicit json_pointer(const std::string& s = "")
+            : reference_tokens(split(s))
+        {}
+
+        /*!
+        @brief return a string representation of the JSON pointer
+
+        @invariant For each JSON pointer `ptr`, it holds:
+        @code {.cpp}
+        ptr == json_pointer(ptr.to_string());
+        @endcode
+
+        @return a string representation of the JSON pointer
+
+        @liveexample{The example shows the result of `to_string`.,
+        json_pointer__to_string}
+
+        @since version 2.0.0
+        */
+        std::string to_string() const noexcept
+        {
+            std::string result;
+
+            for (const auto& reference_token : reference_tokens)
+            {
+                result += "/" + escape(reference_token);
+            }
+
+            return result;
+        }
+
+        /// @copydoc to_string()
+        operator std::string() const
+        {
+            return to_string();
+        }
+
+      private:
+        /// remove and return last reference pointer
+        std::string pop_back()
+        {
+            if (is_root())
+            {
+                throw std::domain_error("JSON pointer has no parent");
+            }
+
+            auto last = reference_tokens.back();
+            reference_tokens.pop_back();
+            return last;
+        }
+
+        /// return whether pointer points to the root document
+        bool is_root() const
+        {
+            return reference_tokens.empty();
+        }
+
+        json_pointer top() const
+        {
+            if (is_root())
+            {
+                throw std::domain_error("JSON pointer has no parent");
+            }
+
+            json_pointer result = *this;
+            result.reference_tokens = {reference_tokens[0]};
+            return result;
+        }
+
+        /*!
+        @brief create and return a reference to the pointed to value
+        */
+        reference get_and_create(reference j) const
+        {
+            pointer result = &j;
+
+            // in case no reference tokens exist, return a reference to the
+            // JSON value j which will be overwritten by a primitive value
+            for (const auto& reference_token : reference_tokens)
+            {
+                switch (result->m_type)
+                {
+                    case value_t::null:
+                    {
+                        if (reference_token == "0")
+                        {
+                            // start a new array if reference token is 0
+                            result = &result->operator[](0);
+                        }
+                        else
+                        {
+                            // start a new object otherwise
+                            result = &result->operator[](reference_token);
+                        }
+                        break;
+                    }
+
+                    case value_t::object:
+                    {
+                        // create an entry in the object
+                        result = &result->operator[](reference_token);
+                        break;
+                    }
+
+                    case value_t::array:
+                    {
+                        // create an entry in the array
+                        result = &result->operator[](static_cast<size_type>(std::stoi(reference_token)));
+                        break;
+                    }
+
+                    /*
+                    The following code is only reached if there exists a
+                    reference token _and_ the current value is primitive. In
+                    this case, we have an error situation, because primitive
+                    values may only occur as single value; that is, with an
+                    empty list of reference tokens.
+                    */
+                    default:
+                    {
+                        throw std::domain_error("invalid value to unflatten");
+                    }
+                }
+            }
+
+            return *result;
+        }
+
+        /*!
+        @brief return a reference to the pointed to value
+
+        @param[in] ptr  a JSON value
+
+        @return reference to the JSON value pointed to by the JSON pointer
+
+        @complexity Linear in the length of the JSON pointer.
+
+        @throw std::out_of_range      if the JSON pointer can not be resolved
+        @throw std::domain_error      if an array index begins with '0'
+        @throw std::invalid_argument  if an array index was not a number
+        */
+        reference get_unchecked(pointer ptr) const
+        {
+            for (const auto& reference_token : reference_tokens)
+            {
+                switch (ptr->m_type)
+                {
+                    case value_t::object:
+                    {
+                        // use unchecked object access
+                        ptr = &ptr->operator[](reference_token);
+                        break;
+                    }
+
+                    case value_t::array:
+                    {
+                        // error condition (cf. RFC 6901, Sect. 4)
+                        if (reference_token.size() > 1 and reference_token[0] == '0')
+                        {
+                            throw std::domain_error("array index must not begin with '0'");
+                        }
+
+                        if (reference_token == "-")
+                        {
+                            // explicityly treat "-" as index beyond the end
+                            ptr = &ptr->operator[](ptr->m_value.array->size());
+                        }
+                        else
+                        {
+                            // convert array index to number; unchecked access
+                            ptr = &ptr->operator[](static_cast<size_type>(std::stoi(reference_token)));
+                        }
+                        break;
+                    }
+
+                    default:
+                    {
+                        throw std::out_of_range("unresolved reference token '" + reference_token + "'");
+                    }
+                }
+            }
+
+            return *ptr;
+        }
+
+        reference get_checked(pointer ptr) const
+        {
+            for (const auto& reference_token : reference_tokens)
+            {
+                switch (ptr->m_type)
+                {
+                    case value_t::object:
+                    {
+                        // note: at performs range check
+                        ptr = &ptr->at(reference_token);
+                        break;
+                    }
+
+                    case value_t::array:
+                    {
+                        if (reference_token == "-")
+                        {
+                            // "-" always fails the range check
+                            throw std::out_of_range("array index '-' (" +
+                                                    std::to_string(ptr->m_value.array->size()) +
+                                                    ") is out of range");
+                        }
+
+                        // error condition (cf. RFC 6901, Sect. 4)
+                        if (reference_token.size() > 1 and reference_token[0] == '0')
+                        {
+                            throw std::domain_error("array index must not begin with '0'");
+                        }
+
+                        // note: at performs range check
+                        ptr = &ptr->at(static_cast<size_type>(std::stoi(reference_token)));
+                        break;
+                    }
+
+                    default:
+                    {
+                        throw std::out_of_range("unresolved reference token '" + reference_token + "'");
+                    }
+                }
+            }
+
+            return *ptr;
+        }
+
+        /*!
+        @brief return a const reference to the pointed to value
+
+        @param[in] ptr  a JSON value
+
+        @return const reference to the JSON value pointed to by the JSON
+                pointer
+        */
+        const_reference get_unchecked(const_pointer ptr) const
+        {
+            for (const auto& reference_token : reference_tokens)
+            {
+                switch (ptr->m_type)
+                {
+                    case value_t::object:
+                    {
+                        // use unchecked object access
+                        ptr = &ptr->operator[](reference_token);
+                        break;
+                    }
+
+                    case value_t::array:
+                    {
+                        if (reference_token == "-")
+                        {
+                            // "-" cannot be used for const access
+                            throw std::out_of_range("array index '-' (" +
+                                                    std::to_string(ptr->m_value.array->size()) +
+                                                    ") is out of range");
+                        }
+
+                        // error condition (cf. RFC 6901, Sect. 4)
+                        if (reference_token.size() > 1 and reference_token[0] == '0')
+                        {
+                            throw std::domain_error("array index must not begin with '0'");
+                        }
+
+                        // use unchecked array access
+                        ptr = &ptr->operator[](static_cast<size_type>(std::stoi(reference_token)));
+                        break;
+                    }
+
+                    default:
+                    {
+                        throw std::out_of_range("unresolved reference token '" + reference_token + "'");
+                    }
+                }
+            }
+
+            return *ptr;
+        }
+
+        const_reference get_checked(const_pointer ptr) const
+        {
+            for (const auto& reference_token : reference_tokens)
+            {
+                switch (ptr->m_type)
+                {
+                    case value_t::object:
+                    {
+                        // note: at performs range check
+                        ptr = &ptr->at(reference_token);
+                        break;
+                    }
+
+                    case value_t::array:
+                    {
+                        if (reference_token == "-")
+                        {
+                            // "-" always fails the range check
+                            throw std::out_of_range("array index '-' (" +
+                                                    std::to_string(ptr->m_value.array->size()) +
+                                                    ") is out of range");
+                        }
+
+                        // error condition (cf. RFC 6901, Sect. 4)
+                        if (reference_token.size() > 1 and reference_token[0] == '0')
+                        {
+                            throw std::domain_error("array index must not begin with '0'");
+                        }
+
+                        // note: at performs range check
+                        ptr = &ptr->at(static_cast<size_type>(std::stoi(reference_token)));
+                        break;
+                    }
+
+                    default:
+                    {
+                        throw std::out_of_range("unresolved reference token '" + reference_token + "'");
+                    }
+                }
+            }
+
+            return *ptr;
+        }
+
+        /// split the string input to reference tokens
+        static std::vector<std::string> split(std::string reference_string)
+        {
+            std::vector<std::string> result;
+
+            // special case: empty reference string -> no reference tokens
+            if (reference_string.empty())
+            {
+                return result;
+            }
+
+            // check if nonempty reference string begins with slash
+            if (reference_string[0] != '/')
+            {
+                throw std::domain_error("JSON pointer must be empty or begin with '/'");
+            }
+
+            // extract the reference tokens:
+            // - slash: position of the last read slash (or end of string)
+            // - start: position after the previous slash
+            for (
+                // search for the first slash after the first character
+                size_t slash = reference_string.find_first_of("/", 1),
+                // set the beginning of the first reference token
+                start = 1;
+                // we can stop if start == string::npos+1 = 0
+                start != 0;
+                // set the beginning of the next reference token
+                // (will eventually be 0 if slash == std::string::npos)
+                start = slash + 1,
+                // find next slash
+                slash = reference_string.find_first_of("/", start))
+            {
+                // use the text between the beginning of the reference token
+                // (start) and the last slash (slash).
+                auto reference_token = reference_string.substr(start, slash - start);
+
+                // check reference tokens are properly escaped
+                for (size_t pos = reference_token.find_first_of("~");
+                        pos != std::string::npos;
+                        pos = reference_token.find_first_of("~", pos + 1))
+                {
+                    assert(reference_token[pos] == '~');
+
+                    // ~ must be followed by 0 or 1
+                    if (pos == reference_token.size() - 1 or
+                            (reference_token[pos + 1] != '0' and
+                             reference_token[pos + 1] != '1'))
+                    {
+                        throw std::domain_error("escape error: '~' must be followed with '0' or '1'");
+                    }
+                }
+
+                // finally, store the reference token
+                unescape(reference_token);
+                result.push_back(reference_token);
+            }
+
+            return result;
+        }
+
+      private:
+        /*!
+        @brief replace all occurrences of a substring by another string
+
+        @param[in,out] s  the string to manipulate
+        @param[in]     f  the substring to replace with @a t
+        @param[out]    t  the string to replace @a f
+
+        @return The string @a s where all occurrences of @a f are replaced
+                with @a t.
+
+        @pre The search string @a f must not be empty.
+
+        @since version 2.0.0
+        */
+        static void replace_substring(std::string& s,
+                                      const std::string& f,
+                                      const std::string& t)
+        {
+            assert(not f.empty());
+
+            for (
+                size_t pos = s.find(f);         // find first occurrence of f
+                pos != std::string::npos;       // make sure f was found
+                s.replace(pos, f.size(), t),    // replace with t
+                pos = s.find(f, pos + t.size()) // find next occurrence of f
+            );
+        }
+
+        /// escape tilde and slash
+        static std::string escape(std::string s)
+        {
+            // escape "~"" to "~0" and "/" to "~1"
+            replace_substring(s, "~", "~0");
+            replace_substring(s, "/", "~1");
+            return s;
+        }
+
+        /// unescape tilde and slash
+        static void unescape(std::string& s)
+        {
+            // first transform any occurrence of the sequence '~1' to '/'
+            replace_substring(s, "~1", "/");
+            // then transform any occurrence of the sequence '~0' to '~'
+            replace_substring(s, "~0", "~");
+        }
+
+        /*!
+        @param[in] reference_string  the reference string to the current value
+        @param[in] value             the value to consider
+        @param[in,out] result        the result object to insert values to
+
+        @note Empty objects or arrays are flattened to `null`.
+        */
+        static void flatten(const std::string& reference_string,
+                            const basic_json& value,
+                            basic_json& result)
+        {
+            switch (value.m_type)
+            {
+                case value_t::array:
+                {
+                    if (value.m_value.array->empty())
+                    {
+                        // flatten empty array as null
+                        result[reference_string] = nullptr;
+                    }
+                    else
+                    {
+                        // iterate array and use index as reference string
+                        for (size_t i = 0; i < value.m_value.array->size(); ++i)
+                        {
+                            flatten(reference_string + "/" + std::to_string(i),
+                                    value.m_value.array->operator[](i), result);
+                        }
+                    }
+                    break;
+                }
+
+                case value_t::object:
+                {
+                    if (value.m_value.object->empty())
+                    {
+                        // flatten empty object as null
+                        result[reference_string] = nullptr;
+                    }
+                    else
+                    {
+                        // iterate object and use keys as reference string
+                        for (const auto& element : *value.m_value.object)
+                        {
+                            flatten(reference_string + "/" + escape(element.first),
+                                    element.second, result);
+                        }
+                    }
+                    break;
+                }
+
+                default:
+                {
+                    // add primitive value with its reference string
+                    result[reference_string] = value;
+                    break;
+                }
+            }
+        }
+
+        /*!
+        @param[in] value  flattened JSON
+
+        @return unflattened JSON
+        */
+        static basic_json unflatten(const basic_json& value)
+        {
+            if (not value.is_object())
+            {
+                throw std::domain_error("only objects can be unflattened");
+            }
+
+            basic_json result;
+
+            // iterate the JSON object values
+            for (const auto& element : *value.m_value.object)
+            {
+                if (not element.second.is_primitive())
+                {
+                    throw std::domain_error("values in object must be primitive");
+                }
+
+                // assign value to reference pointed to by JSON pointer; Note
+                // that if the JSON pointer is "" (i.e., points to the whole
+                // value), function get_and_create returns a reference to
+                // result itself. An assignment will then create a primitive
+                // value.
+                json_pointer(element.first).get_and_create(result) = element.second;
+            }
+
+            return result;
+        }
+
+      private:
+        /// the reference tokens
+        std::vector<std::string> reference_tokens {};
+    };
+
+    //////////////////////////
+    // JSON Pointer support //
+    //////////////////////////
+
+    /// @name JSON Pointer functions
+    /// @{
+
+    /*!
+    @brief access specified element via JSON Pointer
+
+    Uses a JSON pointer to retrieve a reference to the respective JSON value.
+    No bound checking is performed. Similar to @ref operator[](const typename
+    object_t::key_type&), `null` values are created in arrays and objects if
+    necessary.
+
+    In particular:
+    - If the JSON pointer points to an object key that does not exist, it
+      is created an filled with a `null` value before a reference to it
+      is returned.
+    - If the JSON pointer points to an array index that does not exist, it
+      is created an filled with a `null` value before a reference to it
+      is returned. All indices between the current maximum and the given
+      index are also filled with `null`.
+    - The special value `-` is treated as a synonym for the index past the
+      end.
+
+    @param[in] ptr  a JSON pointer
+
+    @return reference to the element pointed to by @a ptr
+
+    @complexity Constant.
+
+    @throw std::out_of_range      if the JSON pointer can not be resolved
+    @throw std::domain_error      if an array index begins with '0'
+    @throw std::invalid_argument  if an array index was not a number
+
+    @liveexample{The behavior is shown in the example.,operatorjson_pointer}
+
+    @since version 2.0.0
+    */
+    reference operator[](const json_pointer& ptr)
+    {
+        return ptr.get_unchecked(this);
+    }
+
+    /*!
+    @brief access specified element via JSON Pointer
+
+    Uses a JSON pointer to retrieve a reference to the respective JSON value.
+    No bound checking is performed. The function does not change the JSON
+    value; no `null` values are created. In particular, the the special value
+    `-` yields an exception.
+
+    @param[in] ptr  JSON pointer to the desired element
+
+    @return const reference to the element pointed to by @a ptr
+
+    @complexity Constant.
+
+    @throw std::out_of_range      if the JSON pointer can not be resolved
+    @throw std::domain_error      if an array index begins with '0'
+    @throw std::invalid_argument  if an array index was not a number
+
+    @liveexample{The behavior is shown in the example.,operatorjson_pointer_const}
+
+    @since version 2.0.0
+    */
+    const_reference operator[](const json_pointer& ptr) const
+    {
+        return ptr.get_unchecked(this);
+    }
+
+    /*!
+    @brief access specified element via JSON Pointer
+
+    Returns a reference to the element at with specified JSON pointer @a ptr,
+    with bounds checking.
+
+    @param[in] ptr  JSON pointer to the desired element
+
+    @return reference to the element pointed to by @a ptr
+
+    @complexity Constant.
+
+    @throw std::out_of_range      if the JSON pointer can not be resolved
+    @throw std::domain_error      if an array index begins with '0'
+    @throw std::invalid_argument  if an array index was not a number
+
+    @liveexample{The behavior is shown in the example.,at_json_pointer}
+
+    @since version 2.0.0
+    */
+    reference at(const json_pointer& ptr)
+    {
+        return ptr.get_checked(this);
+    }
+
+    /*!
+    @brief access specified element via JSON Pointer
+
+    Returns a const reference to the element at with specified JSON pointer @a
+    ptr, with bounds checking.
+
+    @param[in] ptr  JSON pointer to the desired element
+
+    @return reference to the element pointed to by @a ptr
+
+    @complexity Constant.
+
+    @throw std::out_of_range      if the JSON pointer can not be resolved
+    @throw std::domain_error      if an array index begins with '0'
+    @throw std::invalid_argument  if an array index was not a number
+
+    @liveexample{The behavior is shown in the example.,at_json_pointer_const}
+
+    @since version 2.0.0
+    */
+    const_reference at(const json_pointer& ptr) const
+    {
+        return ptr.get_checked(this);
+    }
+
+    /*!
+    @brief return flattened JSON value
+
+    The function creates a JSON object whose keys are JSON pointers (see [RFC
+    6901](https://tools.ietf.org/html/rfc6901)) and whose values are all
+    primitive. The original JSON value can be restored using the @ref
+    unflatten() function.
+
+    @return an object that maps JSON pointers to primitve values
+
+    @note Empty objects and arrays are flattened to `null` and will not be
+          reconstructed correctly by the @ref unflatten() function.
+
+    @complexity Linear in the size the JSON value.
+
+    @liveexample{The following code shows how a JSON object is flattened to an
+    object whose keys consist of JSON pointers.,flatten}
+
+    @sa @ref unflatten() for the reverse function
+
+    @since version 2.0.0
+    */
+    basic_json flatten() const
+    {
+        basic_json result(value_t::object);
+        json_pointer::flatten("", *this, result);
+        return result;
+    }
+
+    /*!
+    @brief unflatten a previously flattened JSON value
+
+    The function restores the arbitrary nesting of a JSON value that has been
+    flattened before using the @ref flatten() function. The JSON value must
+    meet certain constraints:
+    1. The value must be an object.
+    2. The keys must be JSON pointers (see
+       [RFC 6901](https://tools.ietf.org/html/rfc6901))
+    3. The mapped values must be primitive JSON types.
+
+    @return the original JSON from a flattened version
+
+    @note Empty objects and arrays are flattened by @ref flatten() to `null`
+          values and can not unflattened to their original type. Apart from
+          this example, for a JSON value `j`, the following is always true:
+          `j == j.flatten().unflatten()`.
+
+    @complexity Linear in the size the JSON value.
+
+    @liveexample{The following code shows how a flattened JSON object is
+    unflattened into the original nested JSON object.,unflatten}
+
+    @sa @ref flatten() for the reverse function
+
+    @since version 2.0.0
+    */
+    basic_json unflatten() const
+    {
+        return json_pointer::unflatten(*this);
+    }
+
+    /// @}
+
+    //////////////////////////
+    // JSON Patch functions //
+    //////////////////////////
+
+    /// @name JSON Patch functions
+    /// @{
+
+    /*!
+    @brief applies a JSON patch
+
+    [JSON Patch](http://jsonpatch.com) defines a JSON document structure for
+    expressing a sequence of operations to apply to a JSON) document. With
+    this funcion, a JSON Patch is applied to the current JSON value by
+    executing all operations from the patch.
+
+    @param[in] json_patch  JSON patch document
+    @return patched document
+
+    @note The application of a patch is atomic: Either all operations succeed
+          and the patched document is returned or an exception is thrown. In
+          any case, the original value is not changed: the patch is applied
+          to a copy of the value.
+
+    @throw std::out_of_range if a JSON pointer inside the patch could not
+    be resolved successfully in the current JSON value; example: `"key baz
+    not found"`
+    @throw invalid_argument if the JSON patch is malformed (e.g., mandatory
+    attributes are missing); example: `"operation add must have member path"`
+
+    @complexity Linear in the size of the JSON value and the length of the
+    JSON patch. As usually only a fraction of the JSON value is affected by
+    the patch, the complexity can usually be neglected.
+
+    @liveexample{The following code shows how a JSON patch is applied to a
+    value.,patch}
+
+    @sa @ref diff -- create a JSON patch by comparing two JSON values
+
+    @sa [RFC 6902 (JSON Patch)](https://tools.ietf.org/html/rfc6902)
+    @sa [RFC 6901 (JSON Pointer)](https://tools.ietf.org/html/rfc6901)
+
+    @since version 2.0.0
+    */
+    basic_json patch(const basic_json& json_patch) const
+    {
+        // make a working copy to apply the patch to
+        basic_json result = *this;
+
+        // the valid JSON Patch operations
+        enum class patch_operations {add, remove, replace, move, copy, test, invalid};
+
+        const auto get_op = [](const std::string op)
+        {
+            if (op == "add")
+            {
+                return patch_operations::add;
+            }
+            if (op == "remove")
+            {
+                return patch_operations::remove;
+            }
+            if (op == "replace")
+            {
+                return patch_operations::replace;
+            }
+            if (op == "move")
+            {
+                return patch_operations::move;
+            }
+            if (op == "copy")
+            {
+                return patch_operations::copy;
+            }
+            if (op == "test")
+            {
+                return patch_operations::test;
+            }
+
+            return patch_operations::invalid;
+        };
+
+        // wrapper for "add" operation; add value at ptr
+        const auto operation_add = [&result](json_pointer & ptr, basic_json val)
+        {
+            // adding to the root of the target document means replacing it
+            if (ptr.is_root())
+            {
+                result = val;
+            }
+            else
+            {
+                // make sure the top element of the pointer exists
+                json_pointer top_pointer = ptr.top();
+                if (top_pointer != ptr)
+                {
+                    basic_json& x = result.at(top_pointer);
+                }
+
+                // get reference to parent of JSON pointer ptr
+                const auto last_path = ptr.pop_back();
+                basic_json& parent = result[ptr];
+
+                switch (parent.m_type)
+                {
+                    case value_t::null:
+                    case value_t::object:
+                    {
+                        // use operator[] to add value
+                        parent[last_path] = val;
+                        break;
+                    }
+
+                    case value_t::array:
+                    {
+                        if (last_path == "-")
+                        {
+                            // special case: append to back
+                            parent.push_back(val);
+                        }
+                        else
+                        {
+                            const auto idx = std::stoi(last_path);
+                            if (static_cast<size_type>(idx) > parent.size())
+                            {
+                                // avoid undefined behavior
+                                throw std::out_of_range("array index " + std::to_string(idx) + " is out of range");
+                            }
+                            else
+                            {
+                                // default case: insert add offset
+                                parent.insert(parent.begin() + static_cast<difference_type>(idx), val);
+                            }
+                        }
+                        break;
+                    }
+
+                    default:
+                    {
+                        // if there exists a parent it cannot be primitive
+                        assert(false);  // LCOV_EXCL_LINE
+                    }
+                }
+            }
+        };
+
+        // wrapper for "remove" operation; remove value at ptr
+        const auto operation_remove = [&result](json_pointer & ptr)
+        {
+            // get reference to parent of JSON pointer ptr
+            const auto last_path = ptr.pop_back();
+            basic_json& parent = result.at(ptr);
+
+            // remove child
+            if (parent.is_object())
+            {
+                // perform range check
+                auto it = parent.find(last_path);
+                if (it != parent.end())
+                {
+                    parent.erase(it);
+                }
+                else
+                {
+                    throw std::out_of_range("key '" + last_path + "' not found");
+                }
+            }
+            else if (parent.is_array())
+            {
+                // note erase performs range check
+                parent.erase(static_cast<size_type>(std::stoi(last_path)));
+            }
+        };
+
+        // type check
+        if (not json_patch.is_array())
+        {
+            // a JSON patch must be an array of objects
+            throw std::invalid_argument("JSON patch must be an array of objects");
+        }
+
+        // iterate and apply th eoperations
+        for (const auto& val : json_patch)
+        {
+            // wrapper to get a value for an operation
+            const auto get_value = [&val](const std::string & op,
+                                          const std::string & member,
+                                          bool string_type) -> basic_json&
+            {
+                // find value
+                auto it = val.m_value.object->find(member);
+
+                // context-sensitive error message
+                const auto error_msg = (op == "op") ? "operation" : "operation '" + op + "'";
+
+                // check if desired value is present
+                if (it == val.m_value.object->end())
+                {
+                    throw std::invalid_argument(error_msg + " must have member '" + member + "'");
+                }
+
+                // check if result is of type string
+                if (string_type and not it->second.is_string())
+                {
+                    throw std::invalid_argument(error_msg + " must have string member '" + member + "'");
+                }
+
+                // no error: return value
+                return it->second;
+            };
+
+            // type check
+            if (not val.is_object())
+            {
+                throw std::invalid_argument("JSON patch must be an array of objects");
+            }
+
+            // collect mandatory members
+            const std::string op = get_value("op", "op", true);
+            const std::string path = get_value(op, "path", true);
+            json_pointer ptr(path);
+
+            switch (get_op(op))
+            {
+                case patch_operations::add:
+                {
+                    operation_add(ptr, get_value("add", "value", false));
+                    break;
+                }
+
+                case patch_operations::remove:
+                {
+                    operation_remove(ptr);
+                    break;
+                }
+
+                case patch_operations::replace:
+                {
+                    // the "path" location must exist - use at()
+                    result.at(ptr) = get_value("replace", "value", false);
+                    break;
+                }
+
+                case patch_operations::move:
+                {
+                    const std::string from_path = get_value("move", "from", true);
+                    json_pointer from_ptr(from_path);
+
+                    // the "from" location must exist - use at()
+                    basic_json v = result.at(from_ptr);
+
+                    // The move operation is functionally identical to a
+                    // "remove" operation on the "from" location, followed
+                    // immediately by an "add" operation at the target
+                    // location with the value that was just removed.
+                    operation_remove(from_ptr);
+                    operation_add(ptr, v);
+                    break;
+                }
+
+                case patch_operations::copy:
+                {
+                    const std::string from_path = get_value("copy", "from", true);;
+                    const json_pointer from_ptr(from_path);
+
+                    // the "from" location must exist - use at()
+                    result[ptr] = result.at(from_ptr);
+                    break;
+                }
+
+                case patch_operations::test:
+                {
+                    bool success = false;
+                    try
+                    {
+                        // check if "value" matches the one at "path"
+                        // the "path" location must exist - use at()
+                        success = (result.at(ptr) == get_value("test", "value", false));
+                    }
+                    catch (std::out_of_range&)
+                    {
+                        // ignore out of range errors: success remains false
+                    }
+
+                    // throw an exception if test fails
+                    if (not success)
+                    {
+                        throw std::domain_error("unsuccessful: " + val.dump());
+                    }
+
+                    break;
+                }
+
+                case patch_operations::invalid:
+                {
+                    // op must be "add", "remove", "replace", "move", "copy", or
+                    // "test"
+                    throw std::invalid_argument("operation value '" + op + "' is invalid");
+                }
+            }
+        }
+
+        return result;
+    }
+
+    /*!
+    @brief creates a diff as a JSON patch
+
+    Creates a [JSON Patch](http://jsonpatch.com) so that value @a source can
+    be changed into the value @a target by calling @ref patch function.
+
+    @invariant For two JSON values @a source and @a target, the following code
+    yields always `true`:
+    @code {.cpp}
+    source.patch(diff(source, target)) == target;
+    @endcode
+
+    @note Currently, only `remove`, `add`, and `replace` operations are
+          generated.
+
+    @param[in] source  JSON value to copare from
+    @param[in] target  JSON value to copare against
+    @param[in] path    helper value to create JSON pointers
+
+    @return a JSON patch to convert the @a source to @a target
+
+    @complexity Linear in the lengths of @a source and @a target.
+
+    @liveexample{The following code shows how a JSON patch is created as a
+    diff for two JSON values.,diff}
+
+    @sa @ref patch -- apply a JSON patch
+
+    @sa [RFC 6902 (JSON Patch)](https://tools.ietf.org/html/rfc6902)
+
+    @since version 2.0.0
+    */
+    static basic_json diff(const basic_json& source,
+                           const basic_json& target,
+                           std::string path = "")
+    {
+        // the patch
+        basic_json result(value_t::array);
+
+        // if the values are the same, return empty patch
+        if (source == target)
+        {
+            return result;
+        }
+
+        if (source.type() != target.type())
+        {
+            // different types: replace value
+            result.push_back(
+            {
+                {"op", "replace"},
+                {"path", path},
+                {"value", target}
+            });
+        }
+        else
+        {
+            switch (source.type())
+            {
+                case value_t::array:
+                {
+                    // first pass: traverse common elements
+                    size_t i = 0;
+                    while (i < source.size() and i < target.size())
+                    {
+                        // recursive call to compare array values at index i
+                        auto temp_diff = diff(source[i], target[i], path + "/" + std::to_string(i));
+                        result.insert(result.end(), temp_diff.begin(), temp_diff.end());
+                        ++i;
+                    }
+
+                    // i now reached the end of at least one array
+                    // in a second pass, traverse the remaining elements
+
+                    // remove my remaining elements
+                    while (i < source.size())
+                    {
+                        result.push_back(object(
+                        {
+                            {"op", "remove"},
+                            {"path", path + "/" + std::to_string(i)}
+                        }));
+                        ++i;
+                    }
+
+                    // add other remaining elements
+                    while (i < target.size())
+                    {
+                        result.push_back(
+                        {
+                            {"op", "add"},
+                            {"path", path + "/" + std::to_string(i)},
+                            {"value", target[i]}
+                        });
+                        ++i;
+                    }
+
+                    break;
+                }
+
+                case value_t::object:
+                {
+                    // first pass: traverse this object's elements
+                    for (auto it = source.begin(); it != source.end(); ++it)
+                    {
+                        // escape the key name to be used in a JSON patch
+                        const auto key = json_pointer::escape(it.key());
+
+                        if (target.find(it.key()) != target.end())
+                        {
+                            // recursive call to compare object values at key it
+                            auto temp_diff = diff(it.value(), target[it.key()], path + "/" + key);
+                            result.insert(result.end(), temp_diff.begin(), temp_diff.end());
+                        }
+                        else
+                        {
+                            // found a key that is not in o -> remove it
+                            result.push_back(object(
+                            {
+                                {"op", "remove"},
+                                {"path", path + "/" + key}
+                            }));
+                        }
+                    }
+
+                    // second pass: traverse other object's elements
+                    for (auto it = target.begin(); it != target.end(); ++it)
+                    {
+                        if (source.find(it.key()) == source.end())
+                        {
+                            // found a key that is not in this -> add it
+                            const auto key = json_pointer::escape(it.key());
+                            result.push_back(
+                            {
+                                {"op", "add"},
+                                {"path", path + "/" + key},
+                                {"value", it.value()}
+                            });
+                        }
+                    }
+
+                    break;
+                }
+
+                default:
+                {
+                    // both primitive type: replace value
+                    result.push_back(
+                    {
+                        {"op", "replace"},
+                        {"path", path},
+                        {"value", target}
+                    });
+                    break;
+                }
+            }
+        }
+
+        return result;
+    }
+
+    /// @}
+};
+
+
+/////////////
+// presets //
+/////////////
+
+/*!
+@brief default JSON class
+
+This type is the default specialization of the @ref basic_json class which
+uses the standard template types.
+
+@since version 1.0.0
+*/
+using json = basic_json<>;
+}
+
+
+///////////////////////
+// nonmember support //
+///////////////////////
+
+// specialization of std::swap, and std::hash
+namespace std
+{
+/*!
+@brief exchanges the values of two JSON objects
+
+@since version 1.0.0
+*/
+template <>
+inline void swap(nlohmann::json& j1,
+                 nlohmann::json& j2) noexcept(
+                     is_nothrow_move_constructible<nlohmann::json>::value and
+                     is_nothrow_move_assignable<nlohmann::json>::value
+                 )
+{
+    j1.swap(j2);
+}
+
+/// hash value for JSON objects
+template <>
+struct hash<nlohmann::json>
+{
+    /*!
+    @brief return a hash value for a JSON object
+
+    @since version 1.0.0
+    */
+    std::size_t operator()(const nlohmann::json& j) const
+    {
+        // a naive hashing via the string representation
+        const auto& h = hash<nlohmann::json::string_t>();
+        return h(j.dump());
+    }
+};
+}
+
+/*!
+@brief user-defined string literal for JSON values
+
+This operator implements a user-defined string literal for JSON objects. It
+can be used by adding \p "_json" to a string literal and returns a JSON object
+if no parse error occurred.
+
+@param[in] s  a string representation of a JSON object
+@return a JSON object
+
+@since version 1.0.0
+*/
+inline nlohmann::json operator "" _json(const char* s, std::size_t)
+{
+    return nlohmann::json::parse(reinterpret_cast<const nlohmann::json::string_t::value_type*>(s));
+}
+
+/*!
+@brief user-defined string literal for JSON pointer
+
+@since version 2.0.0
+*/
+inline nlohmann::json::json_pointer operator "" _json_pointer(const char* s, std::size_t)
+{
+    return nlohmann::json::json_pointer(s);
+}
+
+// restore GCC/clang diagnostic settings
+#if defined(__clang__) || defined(__GNUC__) || defined(__GNUG__)
+    #pragma GCC diagnostic pop
+#endif
+
+#endif
diff --git a/ext/libnatpmp/Changelog.txt b/ext/libnatpmp/Changelog.txt
new file mode 100644
index 0000000..be75a0b
--- /dev/null
+++ b/ext/libnatpmp/Changelog.txt
@@ -0,0 +1,98 @@
+$Id: Changelog.txt,v 1.33 2013/11/26 08:47:36 nanard Exp $
+
+2013/11/26:
+  enforce strict aliasing rules.
+
+2013/09/10:
+  small patch for MSVC >= 16
+  rename win32 implementation of gettimeofday() to natpmp_gettimeofday()
+
+2012/08/21:
+  Little change in Makefile
+  removed warnings in testgetgateway.c
+  Fixed bugs in command line argumentparsing in natpmpc.c
+
+2011/08/07:
+  Patch to build on debian/kFreeBSD.
+
+2011/07/15:
+  Put 3 clauses BSD licence at the top of source files.
+
+2011/06/18:
+  --no-undefined => -Wl,--no-undefined
+  adding a natpmpc.1 man page
+
+2011/05/19:
+  Small fix in libnatpmpmodule.c thanks to Manuel Mausz
+
+2011/01/03:
+  Added an argument to initnatpmp() in order to force the gateway to be used
+
+2011/01/01:
+  fix in make install
+
+2010/05/21:
+  make install now working under MacOSX (and BSD)
+
+2010/04/12:
+  cplusplus stuff in natpmp.h
+
+2010/02/02:
+  Fixed compilation under Mac OS X
+
+2009/12/19:
+  improve and fix building under Windows.
+  Project files for MS Visual Studio 2008
+  More simple (and working) code for Win32.
+  More checks in the /proc/net/route parsing. Add some comments.
+
+2009/08/04:
+  improving getgateway.c for windows
+
+2009/07/13:
+  Adding Haiku code in getgateway.c
+
+2009/06/04:
+  Adding Python module thanks to David Wu
+
+2009/03/10:
+  Trying to have windows get gateway working if not using DHCP
+
+2009/02/27:
+  dont include declspec.h if not under WIN32.
+
+2009/01/23:
+  Prefixed the libraries name with lib
+
+2008/10/06:
+  Fixed a memory leak in getdefaultgateway() (USE_SYSCTL_NET_ROUTE)
+
+2008/07/03:
+  Adding WIN32 code from Robbie Hanson
+
+2008/06/30:
+  added a Solaris implementation for getgateway().
+  added a LICENCE file to the distribution
+
+2008/05/29:
+  Anonymous unions are forbidden in ANSI C. That was causing problems with
+  non-GCC compilers.
+
+2008/04/28:
+  introduced strnatpmperr()
+  improved natpmpc.c sample
+  make install now install the binary
+
+2007/12/13:
+  Fixed getgateway.c for working under OS X ;)
+  Fixed values for NATPMP_PROTOCOL_TCP and NATPMP_PROTOCOL_UDP
+
+2007/12/11:
+  Fixed getgateway.c for compilation under Mac OS X
+
+2007/12/01:
+  added some comments in .h
+
+2007/11/30:
+  implemented almost everything
+
diff --git a/ext/libnatpmp/JavaTest.java b/ext/libnatpmp/JavaTest.java
new file mode 100644
index 0000000..0379c18
--- /dev/null
+++ b/ext/libnatpmp/JavaTest.java
@@ -0,0 +1,42 @@
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.nio.ByteBuffer;
+
+import fr.free.miniupnp.libnatpmp.NatPmp;
+import fr.free.miniupnp.libnatpmp.NatPmpResponse;
+
+class JavaTest {
+    public static void main(String[] args) {
+	NatPmp natpmp = new NatPmp();
+
+        natpmp.sendPublicAddressRequest();
+        NatPmpResponse response = new NatPmpResponse();
+
+        int result = -1;
+        do{
+            result = natpmp.readNatPmpResponseOrRetry(response);
+	    try {
+		Thread.sleep(4000);
+	    } catch (InterruptedException e) {
+		//fallthrough
+	    }
+        } while (result != 0);
+
+	byte[] bytes = intToByteArray(response.addr);
+
+	try {
+	    InetAddress inetAddress = InetAddress.getByAddress(bytes);
+	    System.out.println("Public address is " + inetAddress);
+	} catch (UnknownHostException e) {
+	    throw new RuntimeException(e);
+	}
+    }
+
+    public static final byte[] intToByteArray(int value) {
+        return new byte[] {
+            (byte)value,
+            (byte)(value >>> 8),
+            (byte)(value >>> 16),
+            (byte)(value >>> 24)};
+    }
+}
diff --git a/ext/libnatpmp/LICENSE b/ext/libnatpmp/LICENSE
new file mode 100644
index 0000000..7fff2c2
--- /dev/null
+++ b/ext/libnatpmp/LICENSE
@@ -0,0 +1,26 @@
+Copyright (c) 2007-2011, Thomas BERNARD
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * The name of the author may not be used to endorse or promote products
+	  derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
diff --git a/ext/libnatpmp/Makefile b/ext/libnatpmp/Makefile
new file mode 100644
index 0000000..b67b3e8
--- /dev/null
+++ b/ext/libnatpmp/Makefile
@@ -0,0 +1,177 @@
+# $Id: Makefile,v 1.23 2013/11/26 16:38:15 nanard Exp $
+# This Makefile is designed for use with GNU make
+# libnatpmp
+# (c) 2007-2013 Thomas Bernard
+# http://miniupnp.free.fr/libnatpmp.html
+
+OS = $(shell uname -s)
+CC = gcc
+INSTALL = install -p
+ARCH = $(shell uname -m | sed -e s/i.86/i686/)
+VERSION = $(shell cat VERSION)
+
+ifeq ($(OS), Darwin)
+JARSUFFIX=mac
+endif
+ifeq ($(OS), Linux)
+JARSUFFIX=linux
+endif
+ifneq (,$(findstring WIN,$(OS)))
+JARSUFFIX=win32
+endif
+
+# APIVERSION is used in soname
+APIVERSION = 1
+#LDFLAGS = -Wl,--no-undefined
+CFLAGS ?= -Os
+#CFLAGS = -g -O0
+CFLAGS += -fPIC
+CFLAGS += -Wall
+#CFLAGS += -Wextra
+CFLAGS += -DENABLE_STRNATPMPERR
+#CFLAGS += -Wstrict-aliasing
+
+LIBOBJS = natpmp.o getgateway.o
+
+OBJS = $(LIBOBJS) testgetgateway.o natpmpc.o natpmp-jni.o
+
+STATICLIB = libnatpmp.a
+ifeq ($(OS), Darwin)
+  SHAREDLIB = libnatpmp.dylib
+  JNISHAREDLIB = libjninatpmp.dylib
+  SONAME = $(basename $(SHAREDLIB)).$(APIVERSION).dylib
+  CFLAGS := -DMACOSX -D_DARWIN_C_SOURCE $(CFLAGS)
+  SONAMEFLAGS=-Wl,-install_name,$(JNISHAREDLIB) -dynamiclib -framework JavaVM
+else
+ifneq (,$(findstring WIN,$(OS)))
+  SHAREDLIB = natpmp.dll
+  JNISHAREDLIB = jninatpmp.dll
+  CC = i686-w64-mingw32-gcc
+  EXTRA_LD = -lws2_32 -lIphlpapi -Wl,--no-undefined -Wl,--enable-runtime-pseudo-reloc --Wl,kill-at
+else
+  SHAREDLIB = libnatpmp.so
+  JNISHAREDLIB = libjninatpmp.so
+  SONAME = $(SHAREDLIB).$(APIVERSION)
+  SONAMEFLAGS=-Wl,-soname,$(JNISHAREDLIB)
+endif
+endif
+
+HEADERS = natpmp.h
+
+EXECUTABLES = testgetgateway natpmpc-shared natpmpc-static
+
+INSTALLPREFIX ?= $(PREFIX)/usr
+INSTALLDIRINC = $(INSTALLPREFIX)/include
+INSTALLDIRLIB = $(INSTALLPREFIX)/lib
+INSTALLDIRBIN = $(INSTALLPREFIX)/bin
+
+JAVA ?= java
+JAVAC ?= javac
+JAVAH ?= javah
+JAVAPACKAGE = fr/free/miniupnp/libnatpmp
+JAVACLASSES = $(JAVAPACKAGE)/NatPmp.class $(JAVAPACKAGE)/NatPmpResponse.class $(JAVAPACKAGE)/LibraryExtractor.class $(JAVAPACKAGE)/URLUtils.class
+JNIHEADERS = fr_free_miniupnp_libnatpmp_NatPmp.h
+
+.PHONY:	all clean depend install cleaninstall installpythonmodule
+
+all: $(STATICLIB) $(SHAREDLIB) $(EXECUTABLES)
+
+pythonmodule: $(STATICLIB) libnatpmpmodule.c setup.py
+	python setup.py build
+	touch $@
+
+installpythonmodule: pythonmodule
+	python setup.py install
+
+clean:
+	$(RM) $(OBJS) $(EXECUTABLES) $(STATICLIB) $(SHAREDLIB) $(JAVACLASSES) $(JNISHAREDLIB)
+	$(RM) pythonmodule
+	$(RM) -r build/ dist/ libraries/
+
+depend:
+	makedepend -f$(MAKEFILE_LIST) -Y $(OBJS:.o=.c) 2>/dev/null
+
+install:	$(HEADERS) $(STATICLIB) $(SHAREDLIB) natpmpc-shared
+	$(INSTALL) -d $(INSTALLDIRINC)
+	$(INSTALL) -m 644 $(HEADERS) $(INSTALLDIRINC)
+	$(INSTALL) -d $(INSTALLDIRLIB)
+	$(INSTALL) -m 644 $(STATICLIB) $(INSTALLDIRLIB)
+	$(INSTALL) -m 644 $(SHAREDLIB) $(INSTALLDIRLIB)/$(SONAME)
+	$(INSTALL) -d $(INSTALLDIRBIN)
+	$(INSTALL) -m 755 natpmpc-shared $(INSTALLDIRBIN)/natpmpc
+	ln -s -f $(SONAME) $(INSTALLDIRLIB)/$(SHAREDLIB)
+
+$(JNIHEADERS): fr/free/miniupnp/libnatpmp/NatPmp.class
+	$(JAVAH) -jni fr.free.miniupnp.libnatpmp.NatPmp
+
+%.class: %.java
+	$(JAVAC) -cp . $<
+
+$(JNISHAREDLIB): $(SHAREDLIB) $(JNIHEADERS) $(JAVACLASSES)
+ifeq (,$(JAVA_HOME))
+	@echo "Check your JAVA_HOME environement variable" && false
+endif
+ifneq (,$(findstring WIN,$(OS)))
+	$(CC) -m32 -D_JNI_Implementation_ -Wl,--kill-at \
+	-I"$(JAVA_HOME)/include" -I"$(JAVA_HOME)/include/win32" \
+	natpmp-jni.c -shared \
+	-o $(JNISHAREDLIB) -L. -lnatpmp -lws2_32 -lIphlpapi
+else
+	$(CC) $(CFLAGS) -c -I"$(JAVA_HOME)/include" -I"$(JAVA_HOME)/include/win32" natpmp-jni.c
+	$(CC) $(CFLAGS) -o $(JNISHAREDLIB) -shared $(SONAMEFLAGS) natpmp-jni.o -lc -L. -lnatpmp
+endif
+
+jar: $(JNISHAREDLIB)
+	find fr -name '*.class' -print > classes.list
+	$(eval JNISHAREDLIBPATH := $(shell java fr.free.miniupnp.libnatpmp.LibraryExtractor))
+	mkdir -p libraries/$(JNISHAREDLIBPATH)
+	mv $(JNISHAREDLIB) libraries/$(JNISHAREDLIBPATH)/$(JNISHAREDLIB)
+	jar cf natpmp_$(JARSUFFIX).jar @classes.list libraries/$(JNISHAREDLIBPATH)/$(JNISHAREDLIB)
+	$(RM) classes.list
+
+jnitest: $(JNISHAREDLIB) JavaTest.class
+	$(RM) libjninatpmp.so
+	$(JAVA) -Djna.nosys=true -cp . JavaTest
+
+mvn_install:
+	mvn install:install-file -Dfile=java/natpmp_$(JARSUFFIX).jar \
+	 -DgroupId=com.github \
+	 -DartifactId=natpmp \
+	 -Dversion=$(VERSION) \
+	 -Dpackaging=jar \
+	 -Dclassifier=$(JARSUFFIX) \
+	 -DgeneratePom=true \
+	 -DcreateChecksum=true
+
+cleaninstall:
+	$(RM) $(addprefix $(INSTALLDIRINC), $(HEADERS))
+	$(RM) $(INSTALLDIRLIB)/$(SONAME)
+	$(RM) $(INSTALLDIRLIB)/$(SHAREDLIB)
+	$(RM) $(INSTALLDIRLIB)/$(STATICLIB)
+
+testgetgateway:	testgetgateway.o getgateway.o
+	$(CC) $(LDFLAGS) -o $@ $^ $(EXTRA_LD)
+
+natpmpc-static:	natpmpc.o $(STATICLIB)
+	$(CC) $(LDFLAGS) -o $@ $^ $(EXTRA_LD)
+
+natpmpc-shared:	natpmpc.o $(SHAREDLIB)
+	$(CC) $(LDFLAGS) -o $@ $^ $(EXTRA_LD)
+
+$(STATICLIB):	$(LIBOBJS)
+	$(AR) crs $@ $?
+
+$(SHAREDLIB):	$(LIBOBJS)
+ifeq ($(OS), Darwin)
+	$(CC) -dynamiclib -Wl,-install_name,$(SONAME) -o $@ $^
+else
+	$(CC) -shared -Wl,-soname,$(SONAME) -o $@ $^ $(EXTRA_LD)
+endif
+
+
+# DO NOT DELETE
+
+natpmp.o: natpmp.h getgateway.h declspec.h
+getgateway.o: getgateway.h declspec.h
+testgetgateway.o: getgateway.h declspec.h
+natpmpc.o: natpmp.h
diff --git a/ext/libnatpmp/README b/ext/libnatpmp/README
new file mode 100644
index 0000000..269392d
--- /dev/null
+++ b/ext/libnatpmp/README
@@ -0,0 +1,7 @@
+libnatpmp (c) 2007-2009 Thomas Bernard
+contact : miniupnp@free.fr
+
+see http://miniupnp.free.fr/libnatpmp.html
+or http://miniupnp.tuxfamily.org/libnatpmp.html
+for some documentation and code samples.
+
diff --git a/ext/libnatpmp/build.bat b/ext/libnatpmp/build.bat
new file mode 100644
index 0000000..2d2f27c
--- /dev/null
+++ b/ext/libnatpmp/build.bat
@@ -0,0 +1,30 @@
+@echo Compiling with MinGW
+@SET LIBS=-lws2_32 -liphlpapi
+
+@echo Compile getgateway
+gcc -c -Wall -Os -DWIN32 -DSTATICLIB -DENABLE_STRNATPMPERR getgateway.c
+gcc -c -Wall -Os -DWIN32 -DSTATICLIB -DENABLE_STRNATPMPERR testgetgateway.c
+gcc -o testgetgateway getgateway.o testgetgateway.o %LIBS%
+del testgetgateway.o
+
+@echo Compile natpmp-static:
+gcc -c -Wall -Os -DWIN32 -DSTATICLIB -DENABLE_STRNATPMPERR getgateway.c
+gcc -c -Wall -Os -DWIN32 -DSTATICLIB -DENABLE_STRNATPMPERR natpmp.c
+gcc -c -Wall -Os -DWIN32 wingettimeofday.c
+ar cr natpmp.a getgateway.o natpmp.o wingettimeofday.o
+del getgateway.o natpmp.o
+gcc -c -Wall -Os -DWIN32 -DSTATICLIB -DENABLE_STRNATPMPERR natpmpc.c
+gcc -o natpmpc-static natpmpc.o natpmp.a %LIBS%
+upx --best natpmpc-static.exe
+del natpmpc.o
+
+@echo Create natpmp.dll:
+gcc -c -Wall -Os -DWIN32 -DENABLE_STRNATPMPERR -DNATPMP_EXPORTS getgateway.c
+gcc -c -Wall -Os -DWIN32 -DENABLE_STRNATPMPERR -DNATPMP_EXPORTS natpmp.c
+dllwrap -k --driver-name gcc --def natpmp.def --output-def natpmp.dll.def --implib natpmp.lib -o natpmp.dll getgateway.o natpmp.o wingettimeofday.o %LIBS%
+
+@echo Compile natpmp-shared:
+gcc -c -Wall -Os -DWIN32 -DENABLE_STRNATPMPERR -DNATPMP_EXPORTS natpmpc.c
+gcc -o natpmpc-shared natpmpc.o natpmp.lib -lws2_32
+upx --best natpmpc-shared.exe
+del *.o
diff --git a/ext/libnatpmp/declspec.h b/ext/libnatpmp/declspec.h
new file mode 100644
index 0000000..a76be02
--- /dev/null
+++ b/ext/libnatpmp/declspec.h
@@ -0,0 +1,21 @@
+#ifndef DECLSPEC_H_INCLUDED
+#define DECLSPEC_H_INCLUDED
+
+#if defined(WIN32) && !defined(STATICLIB)
+	/* for windows dll */
+	#ifdef NATPMP_EXPORTS
+		#define LIBSPEC __declspec(dllexport)
+	#else
+		#define LIBSPEC __declspec(dllimport)
+	#endif
+#else
+	#if defined(__GNUC__) && __GNUC__ >= 4
+		/* fix dynlib for OS X 10.9.2 and Apple LLVM version 5.0 */
+		#define LIBSPEC __attribute__ ((visibility ("default")))
+	#else
+		#define LIBSPEC
+	#endif
+#endif
+
+#endif
+
diff --git a/ext/libnatpmp/fr/free/miniupnp/libnatpmp/LibraryExtractor.java b/ext/libnatpmp/fr/free/miniupnp/libnatpmp/LibraryExtractor.java
new file mode 100644
index 0000000..5491d94
--- /dev/null
+++ b/ext/libnatpmp/fr/free/miniupnp/libnatpmp/LibraryExtractor.java
@@ -0,0 +1,238 @@
+package fr.free.miniupnp.libnatpmp;
+
+/** I (Leah X Schmidt) copied this code from jnaerator, because
+JNAerator's extractor requires you to buy into the whole JNA
+concept.
+
+JNAErator is
+Copyright (c) 2009 Olivier Chafik, All Rights Reserved
+
+JNAerator is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+JNAerator is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with JNAerator.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.URL;
+import java.net.URLConnection;
+import java.net.URLDecoder;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.Method;
+import java.lang.reflect.Proxy;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+public class LibraryExtractor {
+
+    private static boolean libPathSet = false;
+
+    public static String getLibraryPath(String libraryName, boolean extractAllLibraries, Class<?> cl) {
+        try {
+            String customPath = System.getProperty("library." + libraryName);
+            if (customPath == null)
+                customPath = System.getenv(libraryName.toUpperCase() + "_LIBRARY");
+            if (customPath != null) {
+                File f = new File(customPath);
+                if (!f.exists())
+                    System.err.println("Library file '" + customPath + "' does not exist !");
+                else
+                    return f.getAbsolutePath();
+            }
+            //ClassLoader cl = LibraryExtractor.class.getClassLoader();
+            String prefix = "(?i)" + (isWindows() ? "" : "lib") + libraryName + "[^A-Za-z_].*";
+            String libsuffix = "(?i).*\\.(so|dll|dylib|jnilib)";
+            //String othersuffix = "(?i).*\\.(pdb)";
+
+            URL sourceURL = null;
+            List<URL> otherURLs = new ArrayList<URL>();
+
+
+            String arch = getCurrentOSAndArchString();
+            //System.out.println("libURL = " + libURL);
+            List<URL> list = URLUtils.listFiles(URLUtils.getResource(cl, "libraries/" + arch)),
+                noArchList = URLUtils.listFiles(URLUtils.getResource(cl, "libraries/noarch"));
+
+            Set<String> names = new HashSet<String>();
+            for (URL url : list) {
+                String name = getFileName(url);
+                names.add(name);
+            }
+            for (URL url : noArchList) {
+                String name = getFileName(url);
+                if (names.add(name))
+                    list.add(url);
+            }
+
+            for (File f : new File(".").listFiles())
+                if (f.isFile())
+                    list.add(f.toURI().toURL());
+
+            for (URL url : list) {
+                String name = getFileName(url);
+                boolean pref = name.matches(prefix), suff = name.matches(libsuffix);
+                if (pref && suff)
+                    sourceURL = url;
+                else //if (suff || fileName.matches(othersuffix))
+                    otherURLs.add(url);
+            }
+            List<File> files = new ArrayList<File>();
+            if (extractAllLibraries) {
+                for (URL url : otherURLs)
+                    files.add(extract(url));
+            }
+
+            if (System.getProperty("javawebstart.version") != null) {
+                if (isWindows()) {
+                    //File f = new File("c:\\Windows\\" + (Platform.is64Bit() ? "SysWOW64\\" : "System32\\") + libraryName + ".dll");
+                    File f = new File("c:\\Windows\\" + "System32\\" + libraryName + ".dll");
+                    if (f.exists())
+                        return f.toString();
+                } else if (isMac()) {
+                    File f = new File("/System/Library/Frameworks/" + libraryName + ".framework/" + libraryName);
+                    if (f.exists())
+                        return f.toString();
+                }
+            }
+
+            if (sourceURL == null)
+                return libraryName;
+            else {
+                File file = extract(sourceURL);
+                files.add(file);
+
+                int lastSize;
+                do {
+                    lastSize = files.size();
+                    for (Iterator<File> it = files.iterator(); it.hasNext();) {
+                        File f = it.next();
+                        if (!f.getName().matches(libsuffix))
+                            continue;
+
+                        try {
+                            System.load(f.toString());
+                            it.remove();
+                        } catch (Throwable ex) {
+                            System.err.println("Loading " + f.getName() + " failed (" + ex + ")");
+                        }
+                    }
+                } while (files.size() < lastSize);
+
+                return file.getCanonicalPath();
+            }
+        } catch (Throwable ex) {
+            System.err.println("ERROR: Failed to extract library " + libraryName);
+            ex.printStackTrace();
+            return libraryName;
+        }
+    }
+
+    public static final boolean isWindows() {
+        String osName = System.getProperty("os.name");
+        return osName.startsWith("Windows");
+    }
+
+    public static final boolean isMac() {
+        String osName = System.getProperty("os.name");
+        return osName.startsWith("Mac") || osName.startsWith("Darwin");
+    }
+
+    //this code is from JNA, but JNA has a fallback to some native
+    //stuff in case this doesn't work.  Since sun.arch.data.model is
+    //defined for Sun and IBM, this should work nearly everywhere.
+    public static final boolean is64Bit() {
+        String model = System.getProperty("sun.arch.data.model",
+                                          System.getProperty("com.ibm.vm.bitmode"));
+        if (model != null) {
+            return "64".equals(model);
+        }
+        String arch = System.getProperty("os.arch").toLowerCase();
+        if ("x86_64".equals(arch)
+            || "ia64".equals(arch)
+            || "ppc64".equals(arch)
+            || "sparcv9".equals(arch)
+            || "amd64".equals(arch)) {
+            return true;
+        }
+
+        return false;
+    }
+
+    public static String getCurrentOSAndArchString() {
+        String os = System.getProperty("os.name"), arch = System.getProperty("os.arch");
+        if (os.equals("Mac OS X")) {
+            os = "darwin";
+            arch = "fat";
+        } else if (os.startsWith("Windows")) {
+            return "win" + (is64Bit() ? "64" : "32");
+        } else if (os.matches("SunOS|Solaris"))
+            os = "solaris";
+        return os + "-" + arch;
+    }
+
+    private static File extract(URL url) throws IOException {
+        File localFile;
+        if ("file".equals(url.getProtocol()))
+            localFile = new File(URLDecoder.decode(url.getFile(), "UTF-8"));
+        else {
+            File f = new File(System.getProperty("user.home"));
+            f = new File(f, ".jnaerator");
+            f = new File(f, "extractedLibraries");
+            if (!f.exists())
+                f.mkdirs();
+
+            if (!libPathSet) {
+                String path = System.getProperty("java.library.path");
+                if (path == null) {
+                    System.setProperty("java.library.path", f.toString());
+                } else {
+                    System.setProperty("java.library.path", path + ":" + f);
+                }
+                
+                libPathSet = true;
+            }
+            localFile = new File(f, new File(url.getFile()).getName());
+			URLConnection c = url.openConnection();
+			if (localFile.exists() && localFile.lastModified() > c.getLastModified()) {
+                            c.getInputStream().close();
+			} else {
+                            System.out.println("Extracting " + url);
+                            InputStream in = c.getInputStream();
+                            OutputStream out = new FileOutputStream(localFile);
+                            int len;
+                            byte[] b = new byte[1024];
+                            while ((len = in.read(b)) > 0)
+                                out.write(b, 0, len);
+                            out.close();
+                            in.close();
+			}
+        }
+        return localFile;
+    }
+
+    private static String getFileName(URL url) {
+        return new File(url.getFile()).getName();
+    }
+
+    public static void main(String[] args) {
+        System.out.println(getCurrentOSAndArchString());
+    }
+}
\ No newline at end of file
diff --git a/ext/libnatpmp/fr/free/miniupnp/libnatpmp/NatPmp.java b/ext/libnatpmp/fr/free/miniupnp/libnatpmp/NatPmp.java
new file mode 100644
index 0000000..2f1ddd3
--- /dev/null
+++ b/ext/libnatpmp/fr/free/miniupnp/libnatpmp/NatPmp.java
@@ -0,0 +1,50 @@
+package fr.free.miniupnp.libnatpmp;
+
+import java.nio.ByteBuffer;
+
+
+public class NatPmp {
+       private static final String JNA_LIBRARY_NAME = LibraryExtractor.getLibraryPath("jninatpmp", true, NatPmp.class);
+
+    static {
+        String s = JNA_LIBRARY_NAME;
+        startup();
+    }
+
+    public ByteBuffer natpmp;
+
+    public NatPmp() {
+        init(0, 0);
+    }
+
+    public NatPmp(int forcedgw) {
+        init(1, forcedgw);
+    }
+
+    /** Cleans up the native resources used by this object.
+     Attempting to use the object after this has been called
+     will lead to crashes.*/
+    public void dispose() {
+        free();
+    }
+
+
+    protected void finalize() {
+        if (natpmp != null)
+            free();
+    }
+
+    private native void init(int forcegw, int forcedgw);
+    private native void free();
+
+    private static native void startup();
+
+    public native int sendPublicAddressRequest();
+    public native int sendNewPortMappingRequest(int protocol, int privateport, int publicport, int lifetime);
+
+    //returns a number of milliseconds, in accordance with Java convention
+    public native long getNatPmpRequestTimeout();
+
+    public native int readNatPmpResponseOrRetry(NatPmpResponse response);
+
+}
diff --git a/ext/libnatpmp/fr/free/miniupnp/libnatpmp/NatPmpResponse.java b/ext/libnatpmp/fr/free/miniupnp/libnatpmp/NatPmpResponse.java
new file mode 100644
index 0000000..35c87ea
--- /dev/null
+++ b/ext/libnatpmp/fr/free/miniupnp/libnatpmp/NatPmpResponse.java
@@ -0,0 +1,28 @@
+package fr.free.miniupnp.libnatpmp;
+
+public class NatPmpResponse {
+
+    public static final int TYPE_PUBLICADDRESS=0;
+    public static final int TYPE_UDPPORTMAPPING=1;
+    public static final int TYPE_TCPPORTMAPPING=2;
+
+    /** see TYPE_* constants */
+    public short type;
+    /** NAT-PMP response code */
+    public short resultcode;
+    /** milliseconds since start of epoch */
+    public long epoch;
+    
+    /** only defined if type == 0*/
+    public int addr;
+
+    /** only defined if type != 0 */
+    public int privateport;
+
+    /** only defined if type != 0 */
+    public int mappedpublicport;
+
+    /** only defined if type != 0 */
+    public long lifetime; //milliseconds
+
+}
\ No newline at end of file
diff --git a/ext/libnatpmp/fr/free/miniupnp/libnatpmp/URLUtils.java b/ext/libnatpmp/fr/free/miniupnp/libnatpmp/URLUtils.java
new file mode 100644
index 0000000..5b419ab
--- /dev/null
+++ b/ext/libnatpmp/fr/free/miniupnp/libnatpmp/URLUtils.java
@@ -0,0 +1,81 @@
+package fr.free.miniupnp.libnatpmp;
+
+/** I (Leah X Schmidt) copied this code from jnaerator, because
+JNAerator's extractor requires you to buy into the whole JNA
+concept.
+
+JNAErator is
+Copyright (c) 2009 Olivier Chafik, All Rights Reserved
+
+JNAerator is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+JNAerator is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with JNAerator.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.jar.JarEntry;
+import java.util.jar.JarInputStream;
+
+public class URLUtils {
+
+    public static URL getResource(Class<?> cl, String path) throws IOException {
+        String clp = cl.getName().replace('.', '/') + ".class";
+        URL clu = cl.getClassLoader().getResource(clp);
+        String s = clu.toString();
+        if (s.endsWith(clp))
+            return new URL(s.substring(0, s.length() - clp.length()) + path);
+        
+        if (s.startsWith("jar:")) {
+            String[] ss = s.split("!");
+            return new URL(ss[1] + "!/" + path);
+        }
+        return null;
+    }
+    
+    public static List<URL> listFiles(URL directory) throws IOException {
+        List<URL> ret = new ArrayList<URL>();
+        String s = directory.toString();
+        if (s.startsWith("jar:")) {
+            String[] ss = s.substring("jar:".length()).split("!");
+            String path = ss[1];
+            URL target = new URL(ss[0]);
+            InputStream tin = target.openStream();
+            try {
+                JarInputStream jin = new JarInputStream(tin);
+                JarEntry je;
+                while ((je = jin.getNextJarEntry()) != null) {
+                    String p = "/" + je.getName();
+                    if (p.startsWith(path) && p.indexOf('/', path.length() + 1) < 0)
+                      
+                      ret.add(new URL("jar:" + target + "!" + p));
+                }
+            } finally {
+                tin.close();
+            }
+        } else if (s.startsWith("file:")) {
+            File f = new File(directory.getFile());
+            File[] ffs = f.listFiles();
+            if (ffs != null)
+                for (File ff : ffs)
+                    ret.add(ff.toURI().toURL());
+        } else 
+            throw new IOException("Cannot list contents of " + directory);
+        
+        return ret;
+    }
+}
\ No newline at end of file
diff --git a/ext/libnatpmp/getgateway.c b/ext/libnatpmp/getgateway.c
new file mode 100644
index 0000000..f743a08
--- /dev/null
+++ b/ext/libnatpmp/getgateway.c
@@ -0,0 +1,573 @@
+/* $Id: getgateway.c,v 1.25 2014/04/22 10:28:57 nanard Exp $ */
+/* libnatpmp
+
+Copyright (c) 2007-2014, Thomas BERNARD
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * The name of the author may not be used to endorse or promote products
+	  derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+*/
+#include <stdio.h>
+#include <ctype.h>
+#ifndef WIN32
+#include <netinet/in.h>
+#endif
+#if !defined(_MSC_VER)
+#include <sys/param.h>
+#endif
+/* There is no portable method to get the default route gateway.
+ * So below are four (or five ?) differents functions implementing this.
+ * Parsing /proc/net/route is for linux.
+ * sysctl is the way to access such informations on BSD systems.
+ * Many systems should provide route information through raw PF_ROUTE
+ * sockets.
+ * In MS Windows, default gateway is found by looking into the registry
+ * or by using GetBestRoute(). */
+#ifdef __linux__
+#define USE_PROC_NET_ROUTE
+#undef USE_SOCKET_ROUTE
+#undef USE_SYSCTL_NET_ROUTE
+#endif
+
+#if defined(BSD) || defined(__FreeBSD_kernel__)
+#undef USE_PROC_NET_ROUTE
+#define USE_SOCKET_ROUTE
+#undef USE_SYSCTL_NET_ROUTE
+#include <sys/sysctl.h>
+#endif
+
+#ifdef __APPLE__
+#undef USE_PROC_NET_ROUTE
+#undef USE_SOCKET_ROUTE
+#define USE_SYSCTL_NET_ROUTE
+#endif
+
+#if (defined(sun) && defined(__SVR4))
+#undef USE_PROC_NET_ROUTE
+#define USE_SOCKET_ROUTE
+#undef USE_SYSCTL_NET_ROUTE
+#endif
+
+#ifdef WIN32
+#undef USE_PROC_NET_ROUTE
+#undef USE_SOCKET_ROUTE
+#undef USE_SYSCTL_NET_ROUTE
+//#define USE_WIN32_CODE
+#define USE_WIN32_CODE_2
+#endif
+
+#ifdef __CYGWIN__
+#undef USE_PROC_NET_ROUTE
+#undef USE_SOCKET_ROUTE
+#undef USE_SYSCTL_NET_ROUTE
+#define USE_WIN32_CODE
+#include <stdarg.h>
+#include <w32api/windef.h>
+#include <w32api/winbase.h>
+#include <w32api/winreg.h>
+#endif
+
+#ifdef __HAIKU__
+#include <stdlib.h>
+#include <unistd.h>
+#include <net/if.h>
+#include <sys/sockio.h>
+#define USE_HAIKU_CODE
+#endif
+
+#ifdef USE_SYSCTL_NET_ROUTE
+#include <stdlib.h>
+#include <sys/socket.h>
+#include <net/route.h>
+#endif
+#ifdef USE_SOCKET_ROUTE
+#include <unistd.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <net/if.h>
+#include <net/route.h>
+#endif
+
+#ifdef USE_WIN32_CODE
+#include <unknwn.h>
+#include <winreg.h>
+#define MAX_KEY_LENGTH 255
+#define MAX_VALUE_LENGTH 16383
+#endif
+
+#ifdef USE_WIN32_CODE_2
+#include <windows.h>
+#include <iphlpapi.h>
+#endif
+
+#include "getgateway.h"
+
+#ifndef WIN32
+#define SUCCESS (0)
+#define FAILED  (-1)
+#endif
+
+#ifdef USE_PROC_NET_ROUTE
+/*
+ parse /proc/net/route which is as follow :
+
+Iface   Destination     Gateway         Flags   RefCnt  Use     Metric  Mask            MTU     Window  IRTT
+wlan0   0001A8C0        00000000        0001    0       0       0       00FFFFFF        0       0       0
+eth0    0000FEA9        00000000        0001    0       0       0       0000FFFF        0       0       0
+wlan0   00000000        0101A8C0        0003    0       0       0       00000000        0       0       0
+eth0    00000000        00000000        0001    0       0       1000    00000000        0       0       0
+
+ One header line, and then one line by route by route table entry.
+*/
+int getdefaultgateway(in_addr_t * addr)
+{
+	unsigned long d, g;
+	char buf[256];
+	int line = 0;
+	FILE * f;
+	char * p;
+	f = fopen("/proc/net/route", "r");
+	if(!f)
+		return FAILED;
+	while(fgets(buf, sizeof(buf), f)) {
+		if(line > 0) {	/* skip the first line */
+			p = buf;
+			/* skip the interface name */
+			while(*p && !isspace(*p))
+				p++;
+			while(*p && isspace(*p))
+				p++;
+			if(sscanf(p, "%lx%lx", &d, &g)==2) {
+				if(d == 0 && g != 0) { /* default */
+					*addr = g;
+					fclose(f);
+					return SUCCESS;
+				}
+			}
+		}
+		line++;
+	}
+	/* default route not found ! */
+	if(f)
+		fclose(f);
+	return FAILED;
+}
+#endif /* #ifdef USE_PROC_NET_ROUTE */
+
+
+#ifdef USE_SYSCTL_NET_ROUTE
+
+#define ROUNDUP(a) \
+	((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
+
+int getdefaultgateway(in_addr_t * addr)
+{
+#if 0
+	/* net.route.0.inet.dump.0.0 ? */
+	int mib[] = {CTL_NET, PF_ROUTE, 0, AF_INET,
+	             NET_RT_DUMP, 0, 0/*tableid*/};
+#endif
+	/* net.route.0.inet.flags.gateway */
+	int mib[] = {CTL_NET, PF_ROUTE, 0, AF_INET,
+	             NET_RT_FLAGS, RTF_GATEWAY};
+	size_t l;
+	char * buf, * p;
+	struct rt_msghdr * rt;
+	struct sockaddr * sa;
+	struct sockaddr * sa_tab[RTAX_MAX];
+	int i;
+	int r = FAILED;
+	if(sysctl(mib, sizeof(mib)/sizeof(int), 0, &l, 0, 0) < 0) {
+		return FAILED;
+	}
+	if(l>0) {
+		buf = malloc(l);
+		if(sysctl(mib, sizeof(mib)/sizeof(int), buf, &l, 0, 0) < 0) {
+			free(buf);
+			return FAILED;
+		}
+		for(p=buf; p<buf+l; p+=rt->rtm_msglen) {
+			rt = (struct rt_msghdr *)p;
+			sa = (struct sockaddr *)(rt + 1);
+			for(i=0; i<RTAX_MAX; i++) {
+				if(rt->rtm_addrs & (1 << i)) {
+					sa_tab[i] = sa;
+					sa = (struct sockaddr *)((char *)sa + ROUNDUP(sa->sa_len));
+				} else {
+					sa_tab[i] = NULL;
+				}
+			}
+			if( ((rt->rtm_addrs & (RTA_DST|RTA_GATEWAY)) == (RTA_DST|RTA_GATEWAY))
+              && sa_tab[RTAX_DST]->sa_family == AF_INET
+              && sa_tab[RTAX_GATEWAY]->sa_family == AF_INET) {
+				if(((struct sockaddr_in *)sa_tab[RTAX_DST])->sin_addr.s_addr == 0) {
+					*addr = ((struct sockaddr_in *)(sa_tab[RTAX_GATEWAY]))->sin_addr.s_addr;
+					r = SUCCESS;
+				}
+			}
+		}
+		free(buf);
+	}
+	return r;
+}
+#endif /* #ifdef USE_SYSCTL_NET_ROUTE */
+
+
+#ifdef USE_SOCKET_ROUTE
+/* Thanks to Darren Kenny for this code */
+#define NEXTADDR(w, u) \
+        if (rtm_addrs & (w)) {\
+            l = sizeof(struct sockaddr); memmove(cp, &(u), l); cp += l;\
+        }
+
+#define rtm m_rtmsg.m_rtm
+
+struct {
+  struct rt_msghdr m_rtm;
+  char       m_space[512];
+} m_rtmsg;
+
+int getdefaultgateway(in_addr_t *addr)
+{
+  int s, seq, l, rtm_addrs, i;
+  pid_t pid;
+  struct sockaddr so_dst, so_mask;
+  char *cp = m_rtmsg.m_space;
+  struct sockaddr *gate = NULL, *sa;
+  struct rt_msghdr *msg_hdr;
+
+  pid = getpid();
+  seq = 0;
+  rtm_addrs = RTA_DST | RTA_NETMASK;
+
+  memset(&so_dst, 0, sizeof(so_dst));
+  memset(&so_mask, 0, sizeof(so_mask));
+  memset(&rtm, 0, sizeof(struct rt_msghdr));
+
+  rtm.rtm_type = RTM_GET;
+  rtm.rtm_flags = RTF_UP | RTF_GATEWAY;
+  rtm.rtm_version = RTM_VERSION;
+  rtm.rtm_seq = ++seq;
+  rtm.rtm_addrs = rtm_addrs;
+
+  so_dst.sa_family = AF_INET;
+  so_mask.sa_family = AF_INET;
+
+  NEXTADDR(RTA_DST, so_dst);
+  NEXTADDR(RTA_NETMASK, so_mask);
+
+  rtm.rtm_msglen = l = cp - (char *)&m_rtmsg;
+
+  s = socket(PF_ROUTE, SOCK_RAW, 0);
+
+  if (write(s, (char *)&m_rtmsg, l) < 0) {
+      close(s);
+      return FAILED;
+  }
+
+  do {
+    l = read(s, (char *)&m_rtmsg, sizeof(m_rtmsg));
+  } while (l > 0 && (rtm.rtm_seq != seq || rtm.rtm_pid != pid));
+
+  close(s);
+
+  msg_hdr = &rtm;
+
+  cp = ((char *)(msg_hdr + 1));
+  if (msg_hdr->rtm_addrs) {
+    for (i = 1; i; i <<= 1)
+      if (i & msg_hdr->rtm_addrs) {
+        sa = (struct sockaddr *)cp;
+        if (i == RTA_GATEWAY )
+          gate = sa;
+
+        cp += sizeof(struct sockaddr);
+      }
+  } else {
+      return FAILED;
+  }
+
+
+  if (gate != NULL ) {
+      *addr = ((struct sockaddr_in *)gate)->sin_addr.s_addr;
+      return SUCCESS;
+  } else {
+      return FAILED;
+  }
+}
+#endif /* #ifdef USE_SOCKET_ROUTE */
+
+#ifdef USE_WIN32_CODE
+LIBSPEC int getdefaultgateway(in_addr_t * addr)
+{
+	HKEY networkCardsKey;
+	HKEY networkCardKey;
+	HKEY interfacesKey;
+	HKEY interfaceKey;
+	DWORD i = 0;
+	DWORD numSubKeys = 0;
+	TCHAR keyName[MAX_KEY_LENGTH];
+	DWORD keyNameLength = MAX_KEY_LENGTH;
+	TCHAR keyValue[MAX_VALUE_LENGTH];
+	DWORD keyValueLength = MAX_VALUE_LENGTH;
+	DWORD keyValueType = REG_SZ;
+	TCHAR gatewayValue[MAX_VALUE_LENGTH];
+	DWORD gatewayValueLength = MAX_VALUE_LENGTH;
+	DWORD gatewayValueType = REG_MULTI_SZ;
+	int done = 0;
+
+	//const char * networkCardsPath = "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards";
+	//const char * interfacesPath = "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces";
+#ifdef UNICODE
+	LPCTSTR networkCardsPath = L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards";
+	LPCTSTR interfacesPath = L"SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces";
+#define STR_SERVICENAME	 L"ServiceName"
+#define STR_DHCPDEFAULTGATEWAY L"DhcpDefaultGateway"
+#define STR_DEFAULTGATEWAY	L"DefaultGateway"
+#else
+	LPCTSTR networkCardsPath = "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards";
+	LPCTSTR interfacesPath = "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces";
+#define STR_SERVICENAME	 "ServiceName"
+#define STR_DHCPDEFAULTGATEWAY "DhcpDefaultGateway"
+#define STR_DEFAULTGATEWAY	"DefaultGateway"
+#endif
+	// The windows registry lists its primary network devices in the following location:
+	// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards
+	//
+	// Each network device has its own subfolder, named with an index, with various properties:
+	// -NetworkCards
+	//   -5
+	//     -Description = Broadcom 802.11n Network Adapter
+	//     -ServiceName = {E35A72F8-5065-4097-8DFE-C7790774EE4D}
+	//   -8
+	//     -Description = Marvell Yukon 88E8058 PCI-E Gigabit Ethernet Controller
+	//     -ServiceName = {86226414-5545-4335-A9D1-5BD7120119AD}
+	//
+	// The above service name is the name of a subfolder within:
+	// HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
+	//
+	// There may be more subfolders in this interfaces path than listed in the network cards path above:
+	// -Interfaces
+	//   -{3a539854-6a70-11db-887c-806e6f6e6963}
+	//     -DhcpIPAddress = 0.0.0.0
+	//     -[more]
+	//   -{E35A72F8-5065-4097-8DFE-C7790774EE4D}
+	//     -DhcpIPAddress = 10.0.1.4
+	//     -DhcpDefaultGateway = 10.0.1.1
+	//     -[more]
+	//   -{86226414-5545-4335-A9D1-5BD7120119AD}
+	//     -DhcpIpAddress = 10.0.1.5
+	//     -DhcpDefaultGateay = 10.0.1.1
+	//     -[more]
+	//
+	// In order to extract this information, we enumerate each network card, and extract the ServiceName value.
+	// This is then used to open the interface subfolder, and attempt to extract a DhcpDefaultGateway value.
+	// Once one is found, we're done.
+	//
+	// It may be possible to simply enumerate the interface folders until we find one with a DhcpDefaultGateway value.
+	// However, the technique used is the technique most cited on the web, and we assume it to be more correct.
+
+	if(ERROR_SUCCESS != RegOpenKeyEx(HKEY_LOCAL_MACHINE, // Open registry key or predifined key
+	                                 networkCardsPath,   // Name of registry subkey to open
+	                                 0,                  // Reserved - must be zero
+	                                 KEY_READ,           // Mask - desired access rights
+	                                 &networkCardsKey))  // Pointer to output key
+	{
+		// Unable to open network cards keys
+		return -1;
+	}
+
+	if(ERROR_SUCCESS != RegOpenKeyEx(HKEY_LOCAL_MACHINE, // Open registry key or predefined key
+	                                 interfacesPath,     // Name of registry subkey to open
+	                                 0,                  // Reserved - must be zero
+	                                 KEY_READ,           // Mask - desired access rights
+	                                 &interfacesKey))    // Pointer to output key
+	{
+		// Unable to open interfaces key
+		RegCloseKey(networkCardsKey);
+		return -1;
+	}
+
+	// Figure out how many subfolders are within the NetworkCards folder
+	RegQueryInfoKey(networkCardsKey, NULL, NULL, NULL, &numSubKeys, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+
+	//printf( "Number of subkeys: %u\n", (unsigned int)numSubKeys);
+
+	// Enumrate through each subfolder within the NetworkCards folder
+	for(i = 0; i < numSubKeys && !done; i++)
+	{
+		keyNameLength = MAX_KEY_LENGTH;
+		if(ERROR_SUCCESS == RegEnumKeyEx(networkCardsKey, // Open registry key
+		                                 i,               // Index of subkey to retrieve
+		                                 keyName,         // Buffer that receives the name of the subkey
+		                                 &keyNameLength,  // Variable that receives the size of the above buffer
+		                                 NULL,            // Reserved - must be NULL
+		                                 NULL,            // Buffer that receives the class string
+		                                 NULL,            // Variable that receives the size of the above buffer
+		                                 NULL))           // Variable that receives the last write time of subkey
+		{
+			if(RegOpenKeyEx(networkCardsKey,  keyName, 0, KEY_READ, &networkCardKey) == ERROR_SUCCESS)
+			{
+				keyValueLength = MAX_VALUE_LENGTH;
+				if(ERROR_SUCCESS == RegQueryValueEx(networkCardKey,   // Open registry key
+				                                    STR_SERVICENAME,    // Name of key to query
+				                                    NULL,             // Reserved - must be NULL
+				                                    &keyValueType,    // Receives value type
+				                                    (LPBYTE)keyValue, // Receives value
+				                                    &keyValueLength)) // Receives value length in bytes
+				{
+//					printf("keyValue: %s\n", keyValue);
+					if(RegOpenKeyEx(interfacesKey, keyValue, 0, KEY_READ, &interfaceKey) == ERROR_SUCCESS)
+					{
+						gatewayValueLength = MAX_VALUE_LENGTH;
+						if(ERROR_SUCCESS == RegQueryValueEx(interfaceKey,         // Open registry key
+						                                    STR_DHCPDEFAULTGATEWAY, // Name of key to query
+						                                    NULL,                 // Reserved - must be NULL
+						                                    &gatewayValueType,    // Receives value type
+						                                    (LPBYTE)gatewayValue, // Receives value
+						                                    &gatewayValueLength)) // Receives value length in bytes
+						{
+							// Check to make sure it's a string
+							if((gatewayValueType == REG_MULTI_SZ || gatewayValueType == REG_SZ) && (gatewayValueLength > 1))
+							{
+								//printf("gatewayValue: %s\n", gatewayValue);
+								done = 1;
+							}
+						}
+						else if(ERROR_SUCCESS == RegQueryValueEx(interfaceKey,         // Open registry key
+						                                    STR_DEFAULTGATEWAY, // Name of key to query
+						                                    NULL,                 // Reserved - must be NULL
+						                                    &gatewayValueType,    // Receives value type
+						                                    (LPBYTE)gatewayValue,// Receives value
+						                                    &gatewayValueLength)) // Receives value length in bytes
+						{
+							// Check to make sure it's a string
+							if((gatewayValueType == REG_MULTI_SZ || gatewayValueType == REG_SZ) && (gatewayValueLength > 1))
+							{
+								//printf("gatewayValue: %s\n", gatewayValue);
+								done = 1;
+							}
+						}
+						RegCloseKey(interfaceKey);
+					}
+				}
+				RegCloseKey(networkCardKey);
+			}
+		}
+	}
+
+	RegCloseKey(interfacesKey);
+	RegCloseKey(networkCardsKey);
+
+	if(done)
+	{
+#if UNICODE
+		char tmp[32];
+		for(i = 0; i < 32; i++) {
+			tmp[i] = (char)gatewayValue[i];
+			if(!tmp[i])
+				break;
+		}
+		tmp[31] = '\0';
+		*addr = inet_addr(tmp);
+#else
+		*addr = inet_addr(gatewayValue);
+#endif
+		return 0;
+	}
+
+	return -1;
+}
+#endif /* #ifdef USE_WIN32_CODE */
+
+#ifdef USE_WIN32_CODE_2
+int getdefaultgateway(in_addr_t *addr)
+{
+	MIB_IPFORWARDROW ip_forward;
+	memset(&ip_forward, 0, sizeof(ip_forward));
+	if(GetBestRoute(inet_addr("0.0.0.0"), 0, &ip_forward) != NO_ERROR)
+		return -1;
+	*addr = ip_forward.dwForwardNextHop;
+	return 0;
+}
+#endif /* #ifdef USE_WIN32_CODE_2 */
+
+#ifdef USE_HAIKU_CODE
+int getdefaultgateway(in_addr_t *addr)
+{
+    int fd, ret = -1;
+    struct ifconf config;
+    void *buffer = NULL;
+    struct ifreq *interface;
+
+    if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+        return -1;
+    }
+    if (ioctl(fd, SIOCGRTSIZE, &config, sizeof(config)) != 0) {
+        goto fail;
+    }
+    if (config.ifc_value < 1) {
+        goto fail; /* No routes */
+    }
+    if ((buffer = malloc(config.ifc_value)) == NULL) {
+        goto fail;
+    }
+    config.ifc_len = config.ifc_value;
+    config.ifc_buf = buffer;
+    if (ioctl(fd, SIOCGRTTABLE, &config, sizeof(config)) != 0) {
+        goto fail;
+    }
+    for (interface = buffer;
+      (uint8_t *)interface < (uint8_t *)buffer + config.ifc_len; ) {
+        struct route_entry route = interface->ifr_route;
+        int intfSize;
+        if (route.flags & (RTF_GATEWAY | RTF_DEFAULT)) {
+            *addr = ((struct sockaddr_in *)route.gateway)->sin_addr.s_addr;
+            ret = 0;
+            break;
+        }
+        intfSize = sizeof(route) + IF_NAMESIZE;
+        if (route.destination != NULL) {
+            intfSize += route.destination->sa_len;
+        }
+        if (route.mask != NULL) {
+            intfSize += route.mask->sa_len;
+        }
+        if (route.gateway != NULL) {
+            intfSize += route.gateway->sa_len;
+        }
+        interface = (struct ifreq *)((uint8_t *)interface + intfSize);
+    }
+fail:
+    free(buffer);
+    close(fd);
+    return ret;
+}
+#endif /* #ifdef USE_HAIKU_CODE */
+
+#if !defined(USE_PROC_NET_ROUTE) && !defined(USE_SOCKET_ROUTE) && !defined(USE_SYSCTL_NET_ROUTE) && !defined(USE_WIN32_CODE) && !defined(USE_WIN32_CODE_2) && !defined(USE_HAIKU_CODE)
+int getdefaultgateway(in_addr_t * addr)
+{
+	return -1;
+}
+#endif
diff --git a/ext/libnatpmp/getgateway.h b/ext/libnatpmp/getgateway.h
new file mode 100644
index 0000000..5d3df73
--- /dev/null
+++ b/ext/libnatpmp/getgateway.h
@@ -0,0 +1,49 @@
+/* $Id: getgateway.h,v 1.8 2014/04/22 09:15:40 nanard Exp $ */
+/* libnatpmp
+Copyright (c) 2007-2014, Thomas BERNARD
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * The name of the author may not be used to endorse or promote products
+	  derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+*/
+#ifndef __GETGATEWAY_H__
+#define __GETGATEWAY_H__
+
+#ifdef WIN32
+#if !defined(_MSC_VER) || _MSC_VER >= 1600
+#include <stdint.h>
+#else
+typedef unsigned long uint32_t;
+typedef unsigned short uint16_t;
+#endif
+#define in_addr_t uint32_t
+#endif
+/* #include "declspec.h" */
+
+/* getdefaultgateway() :
+ * return value :
+ *    0 : success
+ *   -1 : failure    */
+/* LIBSPEC */int getdefaultgateway(in_addr_t * addr);
+
+#endif
diff --git a/ext/libnatpmp/libnatpmpmodule.c b/ext/libnatpmp/libnatpmpmodule.c
new file mode 100644
index 0000000..0fd9914
--- /dev/null
+++ b/ext/libnatpmp/libnatpmpmodule.c
@@ -0,0 +1,281 @@
+/* $Id: libnatpmpmodule.c,v 1.7 2012/03/05 19:38:37 nanard Exp $ */
+/* libnatpmp
+ * http://miniupnp.free.fr/libnatpmp.html
+Copyright (c) 2007-2011, Thomas BERNARD
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * The name of the author may not be used to endorse or promote products
+	  derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+*/
+#include <Python.h>
+#ifdef WIN32
+#include <winsock2.h>
+#else
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#endif
+
+#define STATICLIB
+#include "structmember.h"
+#include "natpmp.h"
+
+/* for compatibility with Python < 2.4 */
+#ifndef Py_RETURN_NONE
+#define Py_RETURN_NONE return Py_INCREF(Py_None), Py_None
+#endif
+
+#ifndef Py_RETURN_TRUE
+#define Py_RETURN_TRUE return Py_INCREF(Py_True), Py_True
+#endif
+
+#ifndef Py_RETURN_FALSE
+#define Py_RETURN_FALSE return Py_INCREF(Py_False), Py_False
+#endif
+
+typedef struct {
+  PyObject_HEAD
+
+  /* Type-specific fields go here. */
+  unsigned int discoverdelay;
+
+  natpmp_t natpmp;
+} NATPMPObject;
+
+static PyMemberDef NATPMP_members[] = {
+  {"discoverdelay", T_UINT, offsetof(NATPMPObject, discoverdelay),
+   0/*READWRITE*/, "value in ms used to wait for NATPMP responses"
+  },
+  {NULL}
+};
+
+static PyObject *
+NATPMPObject_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
+{
+  NATPMPObject *self;
+
+  self = (NATPMPObject *)type->tp_alloc(type, 0);
+  if (self) {
+    initnatpmp(&self->natpmp, 0, 0);
+  }
+
+  return (PyObject *)self;
+}
+
+static void
+NATPMPObject_dealloc(NATPMPObject *self)
+{
+  closenatpmp(&self->natpmp);
+  self->ob_type->tp_free((PyObject*)self);
+}
+
+static PyObject *
+NATPMP_externalipaddress(NATPMPObject *self)
+{
+  int r;
+  struct timeval timeout;
+  fd_set fds;
+  natpmpresp_t response;
+
+  r = sendpublicaddressrequest(&self->natpmp);
+
+  if (r < 0) {
+#ifdef ENABLE_STRNATPMPERR
+    PyErr_SetString(PyExc_Exception, strnatpmperr(r));
+#endif
+    return NULL;
+  }
+
+  do {
+    FD_ZERO(&fds);
+    FD_SET(self->natpmp.s, &fds);
+    getnatpmprequesttimeout(&self->natpmp, &timeout);
+    select(FD_SETSIZE, &fds, NULL, NULL, &timeout);
+    r = readnatpmpresponseorretry(&self->natpmp, &response);
+    if (r < 0 && r != NATPMP_TRYAGAIN) {
+#ifdef ENABLE_STRNATPMPERR
+      PyErr_SetString(PyExc_Exception, strnatpmperr(r));
+#endif
+      return NULL;
+    }
+  } while (r == NATPMP_TRYAGAIN);
+
+  return Py_BuildValue("s", inet_ntoa(response.pnu.publicaddress.addr));
+}
+
+static PyObject *
+NATPMP_domapping(natpmp_t *n, unsigned short eport, unsigned short iport,
+		 const char *protocol, unsigned int lifetime)
+{
+  int proto;
+  struct timeval timeout;
+  fd_set fds;
+  natpmpresp_t response;
+  int r;
+
+  if (!strncasecmp("tcp", protocol, 3)) {
+    proto = NATPMP_PROTOCOL_TCP;
+  } else if (!strncasecmp("udp", protocol, 3)) {
+    proto = NATPMP_PROTOCOL_UDP;
+  } else {
+    PyErr_SetString(PyExc_Exception, "Unknown protocol");
+    return NULL;
+  }
+
+  r = sendnewportmappingrequest(n, proto, iport, eport,
+				lifetime);
+
+  if (r < 0) {
+#ifdef ENABLE_STRNATPMPERR
+    PyErr_SetString(PyExc_Exception, strnatpmperr(r));
+#endif
+    return NULL;
+  }
+
+  do {
+    FD_ZERO(&fds);
+    FD_SET(n->s, &fds);
+    getnatpmprequesttimeout(n, &timeout);
+    select(FD_SETSIZE, &fds, NULL, NULL, &timeout);
+    r = readnatpmpresponseorretry(n, &response);
+    if (r < 0 && r != NATPMP_TRYAGAIN) {
+#ifdef ENABLE_STRNATPMPERR
+      PyErr_SetString(PyExc_Exception, strnatpmperr(r));
+#endif
+      return NULL;
+    }
+  } while (r == NATPMP_TRYAGAIN);
+
+  return Py_BuildValue("H", response.pnu.newportmapping.mappedpublicport);
+}
+
+
+/* AddPortMapping(externalPort, protocol, internalPort, lifetime)
+ * protocol is 'UDP' or 'TCP' */
+static PyObject *
+NATPMP_addportmapping(NATPMPObject *self, PyObject *args)
+{
+  unsigned short eport;
+  unsigned short iport;
+  unsigned int lifetime;
+  const char *protocol;
+
+  if (!PyArg_ParseTuple(args, "HsHI", &eport, &protocol, &iport, &lifetime))
+    return NULL;
+
+  return NATPMP_domapping(&self->natpmp, eport, iport, protocol, lifetime);
+}
+
+/* DeletePortMapping(externalPort, protocol, internalPort)
+ * protocol is 'UDP' or 'TCP' */
+static PyObject *
+NATPMP_deleteportmapping(NATPMPObject *self, PyObject *args)
+{
+  unsigned short eport;
+  unsigned short iport;
+  const char *protocol;
+
+  if (!PyArg_ParseTuple(args, "HsH", &eport, &protocol, &iport))
+    return NULL;
+
+  return NATPMP_domapping(&self->natpmp, eport, iport, protocol, 0);
+}
+
+/* natpmp.NATPMP object Method Table */
+static PyMethodDef NATPMP_methods[] = {
+  {"externalipaddress", (PyCFunction)NATPMP_externalipaddress, METH_NOARGS,
+   "return external IP address"
+  },
+  {"addportmapping", (PyCFunction)NATPMP_addportmapping, METH_VARARGS,
+   "add a port mapping"
+  },
+  {"deleteportmapping", (PyCFunction)NATPMP_deleteportmapping, METH_VARARGS,
+   "delete a port mapping"
+  },
+  {NULL}  /* Sentinel */
+};
+
+static PyTypeObject NATPMPType = {
+  PyObject_HEAD_INIT(NULL)
+  0,					/*ob_size*/
+  "libnatpmp.NATPMP",			/*tp_name*/
+  sizeof(NATPMPObject),			/*tp_basicsize*/
+  0,					/*tp_itemsize*/
+  (destructor)NATPMPObject_dealloc,	/*tp_dealloc*/
+  0,					/*tp_print*/
+  0,					/*tp_getattr*/
+  0,					/*tp_setattr*/
+  0,					/*tp_compare*/
+  0,					/*tp_repr*/
+  0,					/*tp_as_number*/
+  0,					/*tp_as_sequence*/
+  0,					/*tp_as_mapping*/
+  0,					/*tp_hash */
+  0,					/*tp_call*/
+  0,					/*tp_str*/
+  0,					/*tp_getattro*/
+  0,					/*tp_setattro*/
+  0,					/*tp_as_buffer*/
+  Py_TPFLAGS_DEFAULT,			/*tp_flags*/
+  "NATPMP objects",			/* tp_doc */
+  0,					/* tp_traverse */
+  0,					/* tp_clear */
+  0,					/* tp_richcompare */
+  0,					/* tp_weaklistoffset */
+  0,					/* tp_iter */
+  0,					/* tp_iternext */
+  NATPMP_methods,			/* tp_methods */
+  NATPMP_members,			/* tp_members */
+  0,					/* tp_getset */
+  0,					/* tp_base */
+  0,					/* tp_dict */
+  0,					/* tp_descr_get */
+  0,					/* tp_descr_set */
+  0,					/* tp_dictoffset */
+  0,					/* tp_init */
+  0,					/* tp_alloc */
+  NATPMPObject_new,			/* tp_new */
+};
+
+/* module methods */
+static PyMethodDef libnatpmp_methods[] = {
+    {NULL}  /* Sentinel */
+};
+
+#ifndef PyMODINIT_FUNC	/* declarations for DLL import/export */
+#define PyMODINIT_FUNC void
+#endif
+PyMODINIT_FUNC
+initlibnatpmp(void)
+{
+  PyObject* m;
+
+  if (PyType_Ready(&NATPMPType) < 0)
+    return;
+
+  m = Py_InitModule3("libnatpmp", libnatpmp_methods,
+		     "libnatpmp module.");
+
+  Py_INCREF(&NATPMPType);
+  PyModule_AddObject(m, "NATPMP", (PyObject *)&NATPMPType);
+}
+
diff --git a/ext/libnatpmp/msvc/libnatpmp.sln b/ext/libnatpmp/msvc/libnatpmp.sln
new file mode 100644
index 0000000..ac746d4
--- /dev/null
+++ b/ext/libnatpmp/msvc/libnatpmp.sln
@@ -0,0 +1,29 @@
+
+Microsoft Visual Studio Solution File, Format Version 10.00
+# Visual C++ Express 2008
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libnatpmp", "libnatpmp.vcproj", "{D59B6527-F3DE-4D26-A08D-52F1EE989301}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "natpmpc-static", "natpmpc-static.vcproj", "{A0B49FA9-98AB-4A74-8B4C-8AB7FA36089B}"
+	ProjectSection(ProjectDependencies) = postProject
+		{D59B6527-F3DE-4D26-A08D-52F1EE989301} = {D59B6527-F3DE-4D26-A08D-52F1EE989301}
+	EndProjectSection
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{D59B6527-F3DE-4D26-A08D-52F1EE989301}.Debug|Win32.ActiveCfg = Debug|Win32
+		{D59B6527-F3DE-4D26-A08D-52F1EE989301}.Debug|Win32.Build.0 = Debug|Win32
+		{D59B6527-F3DE-4D26-A08D-52F1EE989301}.Release|Win32.ActiveCfg = Release|Win32
+		{D59B6527-F3DE-4D26-A08D-52F1EE989301}.Release|Win32.Build.0 = Release|Win32
+		{A0B49FA9-98AB-4A74-8B4C-8AB7FA36089B}.Debug|Win32.ActiveCfg = Debug|Win32
+		{A0B49FA9-98AB-4A74-8B4C-8AB7FA36089B}.Debug|Win32.Build.0 = Debug|Win32
+		{A0B49FA9-98AB-4A74-8B4C-8AB7FA36089B}.Release|Win32.ActiveCfg = Release|Win32
+		{A0B49FA9-98AB-4A74-8B4C-8AB7FA36089B}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
diff --git a/ext/libnatpmp/msvc/libnatpmp.vcproj b/ext/libnatpmp/msvc/libnatpmp.vcproj
new file mode 100644
index 0000000..9bae5c1
--- /dev/null
+++ b/ext/libnatpmp/msvc/libnatpmp.vcproj
@@ -0,0 +1,195 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="9,00"
+	Name="libnatpmp"
+	ProjectGUID="{D59B6527-F3DE-4D26-A08D-52F1EE989301}"
+	RootNamespace="libnatpmp"
+	Keyword="Win32Proj"
+	TargetFrameworkVersion="196613"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="4"
+			CharacterSet="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="WIN32;_DEBUG;_LIB;STATICLIB"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				DebugInformationFormat="4"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLibrarianTool"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="4"
+			CharacterSet="1"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="2"
+				EnableIntrinsicFunctions="true"
+				PreprocessorDefinitions="WIN32;NDEBUG;_LIB;STATICLIB"
+				RuntimeLibrary="2"
+				EnableFunctionLevelLinking="true"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLibrarianTool"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Fichiers sources"
+			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
+			>
+			<File
+				RelativePath="..\getgateway.c"
+				>
+			</File>
+			<File
+				RelativePath="..\natpmp.c"
+				>
+			</File>
+			<File
+				RelativePath="..\wingettimeofday.c"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Fichiers d&apos;en-t�te"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
+			>
+			<File
+				RelativePath="..\declspec.h"
+				>
+			</File>
+			<File
+				RelativePath="..\getgateway.h"
+				>
+			</File>
+			<File
+				RelativePath="..\natpmp.h"
+				>
+			</File>
+			<File
+				RelativePath="..\wingettimeofday.h"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Fichiers de ressources"
+			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
+			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
+			>
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/ext/libnatpmp/msvc/natpmpc-static.vcproj b/ext/libnatpmp/msvc/natpmpc-static.vcproj
new file mode 100644
index 0000000..c2052d9
--- /dev/null
+++ b/ext/libnatpmp/msvc/natpmpc-static.vcproj
@@ -0,0 +1,195 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="9,00"
+	Name="natpmpc-static"
+	ProjectGUID="{A0B49FA9-98AB-4A74-8B4C-8AB7FA36089B}"
+	RootNamespace="natpmpcstatic"
+	Keyword="Win32Proj"
+	TargetFrameworkVersion="196613"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="1"
+			CharacterSet="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;STATICLIB;_CRT_SECURE_NO_WARNINGS"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				DebugInformationFormat="4"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="ws2_32.lib Iphlpapi.lib"
+				LinkIncremental="2"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
+			IntermediateDirectory="$(ConfigurationName)"
+			ConfigurationType="1"
+			CharacterSet="1"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="2"
+				EnableIntrinsicFunctions="true"
+				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;STATICLIB;_CRT_SECURE_NO_WARNINGS"
+				RuntimeLibrary="2"
+				EnableFunctionLevelLinking="true"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="ws2_32.lib iphlpapi.lib"
+				LinkIncremental="1"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Fichiers sources"
+			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
+			>
+			<File
+				RelativePath="..\natpmpc.c"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Fichiers d&apos;en-t�te"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
+			>
+		</Filter>
+		<Filter
+			Name="Fichiers de ressources"
+			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
+			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
+			>
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/ext/libnatpmp/natpmp-jni.c b/ext/libnatpmp/natpmp-jni.c
new file mode 100644
index 0000000..feec1ce
--- /dev/null
+++ b/ext/libnatpmp/natpmp-jni.c
@@ -0,0 +1,157 @@
+#ifdef __CYGWIN__
+#include <stdint.h>
+#define __int64 uint64_t
+#endif
+
+#ifdef WIN32
+#include <windows.h>
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#endif
+
+#include <stdlib.h>
+#include "natpmp.h"
+
+#include "fr_free_miniupnp_libnatpmp_NatPmp.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+JNIEXPORT void JNICALL Java_fr_free_miniupnp_libnatpmp_NatPmp_init (JNIEnv *env, jobject obj, jint forcegw, jint forcedgw) {
+  natpmp_t *p = malloc (sizeof(natpmp_t));
+  if (p == NULL) return;
+
+  initnatpmp(p, forcegw, (in_addr_t) forcedgw);
+
+  jobject wrapped =  (*env)->NewDirectByteBuffer(env, p, sizeof(natpmp_t));
+  if (wrapped == NULL) return;
+
+  jclass thisClass = (*env)->GetObjectClass(env,obj);
+  if (thisClass == NULL) return;
+
+  jfieldID fid = (*env)->GetFieldID(env, thisClass, "natpmp", "Ljava/nio/ByteBuffer;");
+  if (fid == NULL) return;
+  (*env)->SetObjectField(env, obj, fid, wrapped);
+}
+
+JNIEXPORT void JNICALL Java_fr_free_miniupnp_libnatpmp_NatPmp_free (JNIEnv *env, jobject obj) {
+
+  jclass thisClass = (*env)->GetObjectClass(env,obj);
+  if (thisClass == NULL) return;
+
+  jfieldID fid = (*env)->GetFieldID(env, thisClass, "natpmp", "Ljava/nio/ByteBuffer;");
+
+  if (fid == NULL) return;
+  jobject wrapped = (*env)->GetObjectField(env, obj, fid);
+  if (wrapped == NULL) return;
+
+  natpmp_t* natpmp = (natpmp_t*) (*env)->GetDirectBufferAddress(env, wrapped);
+
+  closenatpmp(natpmp);
+
+  if (natpmp == NULL) return;
+  free(natpmp);
+
+  (*env)->SetObjectField(env, obj, fid, NULL);
+}
+
+static natpmp_t* getNatPmp(JNIEnv* env, jobject obj) {
+  jclass thisClass = (*env)->GetObjectClass(env,obj);
+  if (thisClass == NULL) return NULL;
+
+  jfieldID fid = (*env)->GetFieldID(env, thisClass, "natpmp", "Ljava/nio/ByteBuffer;");
+
+  if (fid == NULL) return NULL;
+  jobject wrapped = (*env)->GetObjectField(env, obj, fid);
+  if (wrapped == NULL) return NULL;
+
+  natpmp_t* natpmp = (natpmp_t*) (*env)->GetDirectBufferAddress(env, wrapped);
+
+  return natpmp;
+}
+
+JNIEXPORT jint JNICALL Java_fr_free_miniupnp_libnatpmp_NatPmp_sendPublicAddressRequest(JNIEnv* env, jobject obj) {
+  natpmp_t* natpmp = getNatPmp(env, obj);
+  if (natpmp == NULL) return -1;
+
+  return sendpublicaddressrequest(natpmp);
+}
+
+
+JNIEXPORT void JNICALL Java_fr_free_miniupnp_libnatpmp_NatPmp_startup(JNIEnv* env, jclass cls) {
+  (void)env;
+  (void)cls;
+#ifdef WIN32
+  WSADATA wsaData;
+  WORD wVersionRequested = MAKEWORD(2, 2);
+  WSAStartup(wVersionRequested, &wsaData);
+#endif
+}
+
+
+JNIEXPORT jint JNICALL Java_fr_free_miniupnp_libnatpmp_NatPmp_sendNewPortMappingRequest(JNIEnv* env, jobject obj, jint protocol, jint privateport, jint publicport, jint lifetime) {
+  natpmp_t* natpmp = getNatPmp(env, obj);
+  if (natpmp == NULL) return -1;
+
+  return sendnewportmappingrequest(natpmp, protocol, privateport, publicport, lifetime);
+}
+
+JNIEXPORT jlong JNICALL Java_fr_free_miniupnp_libnatpmp_NatPmp_getNatPmpRequestTimeout(JNIEnv* env, jobject obj) {
+  natpmp_t* natpmp = getNatPmp(env, obj);
+
+  struct timeval timeout;
+
+  getnatpmprequesttimeout(natpmp, &timeout);
+
+  return ((jlong) timeout.tv_sec) * 1000 + (timeout.tv_usec / 1000);
+
+}
+
+#define SET_FIELD(prefix, name, type, longtype) {                  \
+  jfieldID fid = (*env)->GetFieldID(env, thisClass, #name, type); \
+  if (fid == NULL) return -1; \
+  (*env)->Set ## longtype ## Field(env, response, fid, resp. prefix name);     \
+}
+
+JNIEXPORT jint JNICALL Java_fr_free_miniupnp_libnatpmp_NatPmp_readNatPmpResponseOrRetry(JNIEnv* env, jobject obj, jobject response) {
+
+  natpmp_t* natpmp = getNatPmp(env, obj);
+  natpmpresp_t resp;
+  int result = readnatpmpresponseorretry(natpmp, &resp);
+
+  if (result != 0) {
+    return result;
+  }
+
+  jclass thisClass = (*env)->GetObjectClass(env, response);
+  if (thisClass == NULL) return -1;
+
+  SET_FIELD(,type, "S", Short);
+  SET_FIELD(,resultcode, "S", Short);
+
+  jfieldID fid = (*env)->GetFieldID(env, thisClass, "epoch", "J");
+  if (fid == NULL) return -1;
+  (*env)->SetLongField(env, response, fid, ((jlong)resp.epoch) * 1000);
+
+  if (resp.type == 0) {
+  jfieldID fid = (*env)->GetFieldID(env, thisClass, "addr", "I");
+  if (fid == NULL) return -1;
+  (*env)->SetIntField(env, response, fid, resp.pnu.publicaddress.addr.s_addr);
+
+
+  } else {
+    SET_FIELD(pnu.newportmapping., privateport, "I", Int);
+    SET_FIELD(pnu.newportmapping., mappedpublicport, "I", Int);
+
+    jfieldID fid = (*env)->GetFieldID(env, thisClass, "lifetime", "J");
+    if (fid == NULL) return -1;
+    (*env)->SetLongField(env, response, fid, ((jlong) resp.pnu.newportmapping.lifetime) * 1000 * 1000);
+  }
+  return result;
+}
+
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/ext/libnatpmp/natpmp.c b/ext/libnatpmp/natpmp.c
new file mode 100644
index 0000000..9843c41
--- /dev/null
+++ b/ext/libnatpmp/natpmp.c
@@ -0,0 +1,383 @@
+/* $Id: natpmp.c,v 1.20 2015/05/27 12:43:15 nanard Exp $ */
+/* libnatpmp
+Copyright (c) 2007-2015, Thomas BERNARD
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * The name of the author may not be used to endorse or promote products
+	  derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+*/
+#ifdef __linux__
+#define _BSD_SOURCE 1
+#endif
+#include <string.h>
+#include <time.h>
+#if !defined(_MSC_VER)
+#include <sys/time.h>
+#endif
+#ifdef WIN32
+#include <errno.h>
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#include <io.h>
+#ifndef EWOULDBLOCK
+#define EWOULDBLOCK WSAEWOULDBLOCK
+#endif
+#ifndef ECONNREFUSED
+#define ECONNREFUSED WSAECONNREFUSED
+#endif
+#include "wingettimeofday.h"
+#define gettimeofday natpmp_gettimeofday
+#else
+#include <errno.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#define closesocket close
+#endif
+#include "natpmp.h"
+#include "getgateway.h"
+#include <stdio.h>
+
+LIBSPEC int initnatpmp(natpmp_t * p, int forcegw, in_addr_t forcedgw)
+{
+#ifdef WIN32
+	u_long ioctlArg = 1;
+#else
+	int flags;
+#endif
+	struct sockaddr_in addr;
+	if(!p)
+		return NATPMP_ERR_INVALIDARGS;
+	memset(p, 0, sizeof(natpmp_t));
+	p->s = socket(PF_INET, SOCK_DGRAM, 0);
+	if(p->s < 0)
+		return NATPMP_ERR_SOCKETERROR;
+#ifdef WIN32
+	if(ioctlsocket(p->s, FIONBIO, &ioctlArg) == SOCKET_ERROR)
+		return NATPMP_ERR_FCNTLERROR;
+#else
+	if((flags = fcntl(p->s, F_GETFL, 0)) < 0)
+		return NATPMP_ERR_FCNTLERROR;
+	if(fcntl(p->s, F_SETFL, flags | O_NONBLOCK) < 0)
+		return NATPMP_ERR_FCNTLERROR;
+#endif
+
+	if(forcegw) {
+		p->gateway = forcedgw;
+	} else {
+		if(getdefaultgateway(&(p->gateway)) < 0)
+			return NATPMP_ERR_CANNOTGETGATEWAY;
+	}
+
+	memset(&addr, 0, sizeof(addr));
+	addr.sin_family = AF_INET;
+	addr.sin_port = htons(NATPMP_PORT);
+	addr.sin_addr.s_addr = p->gateway;
+	if(connect(p->s, (struct sockaddr *)&addr, sizeof(addr)) < 0)
+		return NATPMP_ERR_CONNECTERR;
+	return 0;
+}
+
+LIBSPEC int closenatpmp(natpmp_t * p)
+{
+	if(!p)
+		return NATPMP_ERR_INVALIDARGS;
+	if(closesocket(p->s) < 0)
+		return NATPMP_ERR_CLOSEERR;
+	return 0;
+}
+
+int sendpendingrequest(natpmp_t * p)
+{
+	int r;
+/*	struct sockaddr_in addr;*/
+	if(!p)
+		return NATPMP_ERR_INVALIDARGS;
+/*	memset(&addr, 0, sizeof(addr));
+	addr.sin_family = AF_INET;
+	addr.sin_port = htons(NATPMP_PORT);
+	addr.sin_addr.s_addr = p->gateway;
+	r = (int)sendto(p->s, p->pending_request, p->pending_request_len, 0,
+	                   (struct sockaddr *)&addr, sizeof(addr));*/
+	r = (int)send(p->s, (const char *)p->pending_request, p->pending_request_len, 0);
+	return (r<0) ? NATPMP_ERR_SENDERR : r;
+}
+
+int sendnatpmprequest(natpmp_t * p)
+{
+	int n;
+	if(!p)
+		return NATPMP_ERR_INVALIDARGS;
+	/* TODO : check if no request is already pending */
+	p->has_pending_request = 1;
+	p->try_number = 1;
+	n = sendpendingrequest(p);
+	gettimeofday(&p->retry_time, NULL);	// check errors !
+	p->retry_time.tv_usec += 250000;	/* add 250ms */
+	if(p->retry_time.tv_usec >= 1000000) {
+		p->retry_time.tv_usec -= 1000000;
+		p->retry_time.tv_sec++;
+	}
+	return n;
+}
+
+LIBSPEC int getnatpmprequesttimeout(natpmp_t * p, struct timeval * timeout)
+{
+	struct timeval now;
+	if(!p || !timeout)
+		return NATPMP_ERR_INVALIDARGS;
+	if(!p->has_pending_request)
+		return NATPMP_ERR_NOPENDINGREQ;
+	if(gettimeofday(&now, NULL) < 0)
+		return NATPMP_ERR_GETTIMEOFDAYERR;
+	timeout->tv_sec = p->retry_time.tv_sec - now.tv_sec;
+	timeout->tv_usec = p->retry_time.tv_usec - now.tv_usec;
+	if(timeout->tv_usec < 0) {
+		timeout->tv_usec += 1000000;
+		timeout->tv_sec--;
+	}
+	return 0;
+}
+
+LIBSPEC int sendpublicaddressrequest(natpmp_t * p)
+{
+	if(!p)
+		return NATPMP_ERR_INVALIDARGS;
+	//static const unsigned char request[] = { 0, 0 };
+	p->pending_request[0] = 0;
+	p->pending_request[1] = 0;
+	p->pending_request_len = 2;
+	// TODO: return 0 instead of sizeof(request) ??
+	return sendnatpmprequest(p);
+}
+
+LIBSPEC int sendnewportmappingrequest(natpmp_t * p, int protocol,
+                              uint16_t privateport, uint16_t publicport,
+							  uint32_t lifetime)
+{
+	if(!p || (protocol!=NATPMP_PROTOCOL_TCP && protocol!=NATPMP_PROTOCOL_UDP))
+		return NATPMP_ERR_INVALIDARGS;
+	p->pending_request[0] = 0;
+	p->pending_request[1] = protocol;
+	p->pending_request[2] = 0;
+	p->pending_request[3] = 0;
+	/* break strict-aliasing rules :
+	*((uint16_t *)(p->pending_request + 4)) = htons(privateport); */
+	p->pending_request[4] = (privateport >> 8) & 0xff;
+	p->pending_request[5] = privateport & 0xff;
+	/* break stric-aliasing rules :
+	*((uint16_t *)(p->pending_request + 6)) = htons(publicport); */
+	p->pending_request[6] = (publicport >> 8) & 0xff;
+	p->pending_request[7] = publicport & 0xff;
+	/* break stric-aliasing rules :
+	*((uint32_t *)(p->pending_request + 8)) = htonl(lifetime); */
+	p->pending_request[8] = (lifetime >> 24) & 0xff;
+	p->pending_request[9] = (lifetime >> 16) & 0xff;
+	p->pending_request[10] = (lifetime >> 8) & 0xff;
+	p->pending_request[11] = lifetime & 0xff;
+	p->pending_request_len = 12;
+	return sendnatpmprequest(p);
+}
+
+LIBSPEC int readnatpmpresponse(natpmp_t * p, natpmpresp_t * response)
+{
+	unsigned char buf[16];
+	struct sockaddr_in addr;
+	socklen_t addrlen = sizeof(addr);
+	int n;
+	if(!p)
+		return NATPMP_ERR_INVALIDARGS;
+	n = recvfrom(p->s, (char *)buf, sizeof(buf), 0,
+	             (struct sockaddr *)&addr, &addrlen);
+	if(n<0)
+#ifdef WIN32
+		switch(WSAGetLastError()) {
+#else
+		switch(errno) {
+#endif
+		/*case EAGAIN:*/
+		case EWOULDBLOCK:
+			n = NATPMP_TRYAGAIN;
+			break;
+		case ECONNREFUSED:
+			n = NATPMP_ERR_NOGATEWAYSUPPORT;
+			break;
+		default:
+			n = NATPMP_ERR_RECVFROM;
+		}
+	/* check that addr is correct (= gateway) */
+	else if(addr.sin_addr.s_addr != p->gateway)
+		n = NATPMP_ERR_WRONGPACKETSOURCE;
+	else {
+		response->resultcode = ntohs(*((uint16_t *)(buf + 2)));
+		response->epoch = ntohl(*((uint32_t *)(buf + 4)));
+		if(buf[0] != 0)
+			n = NATPMP_ERR_UNSUPPORTEDVERSION;
+		else if(buf[1] < 128 || buf[1] > 130)
+			n = NATPMP_ERR_UNSUPPORTEDOPCODE;
+		else if(response->resultcode != 0) {
+			switch(response->resultcode) {
+			case 1:
+				n = NATPMP_ERR_UNSUPPORTEDVERSION;
+				break;
+			case 2:
+				n = NATPMP_ERR_NOTAUTHORIZED;
+				break;
+			case 3:
+				n = NATPMP_ERR_NETWORKFAILURE;
+				break;
+			case 4:
+				n = NATPMP_ERR_OUTOFRESOURCES;
+				break;
+			case 5:
+				n = NATPMP_ERR_UNSUPPORTEDOPCODE;
+				break;
+			default:
+				n = NATPMP_ERR_UNDEFINEDERROR;
+			}
+		} else {
+			response->type = buf[1] & 0x7f;
+			if(buf[1] == 128)
+				//response->publicaddress.addr = *((uint32_t *)(buf + 8));
+				response->pnu.publicaddress.addr.s_addr = *((uint32_t *)(buf + 8));
+			else {
+				response->pnu.newportmapping.privateport = ntohs(*((uint16_t *)(buf + 8)));
+				response->pnu.newportmapping.mappedpublicport = ntohs(*((uint16_t *)(buf + 10)));
+				response->pnu.newportmapping.lifetime = ntohl(*((uint32_t *)(buf + 12)));
+			}
+			n = 0;
+		}
+	}
+	return n;
+}
+
+int readnatpmpresponseorretry(natpmp_t * p, natpmpresp_t * response)
+{
+	int n;
+	if(!p || !response)
+		return NATPMP_ERR_INVALIDARGS;
+	if(!p->has_pending_request)
+		return NATPMP_ERR_NOPENDINGREQ;
+	n = readnatpmpresponse(p, response);
+	if(n<0) {
+		if(n==NATPMP_TRYAGAIN) {
+			struct timeval now;
+			gettimeofday(&now, NULL);	// check errors !
+			if(timercmp(&now, &p->retry_time, >=)) {
+				int delay, r;
+				if(p->try_number >= 9) {
+					return NATPMP_ERR_NOGATEWAYSUPPORT;
+				}
+				/*printf("retry! %d\n", p->try_number);*/
+				delay = 250 * (1<<p->try_number);	// ms
+				/*for(i=0; i<p->try_number; i++)
+					delay += delay;*/
+				p->retry_time.tv_sec += (delay / 1000);
+				p->retry_time.tv_usec += (delay % 1000) * 1000;
+				if(p->retry_time.tv_usec >= 1000000) {
+					p->retry_time.tv_usec -= 1000000;
+					p->retry_time.tv_sec++;
+				}
+				p->try_number++;
+				r = sendpendingrequest(p);
+				if(r<0)
+					return r;
+			}
+		}
+	} else {
+		p->has_pending_request = 0;
+	}
+	return n;
+}
+
+#ifdef ENABLE_STRNATPMPERR
+LIBSPEC const char * strnatpmperr(int r)
+{
+	const char * s;
+	switch(r) {
+	case NATPMP_ERR_INVALIDARGS:
+		s = "invalid arguments";
+		break;
+	case NATPMP_ERR_SOCKETERROR:
+		s = "socket() failed";
+		break;
+	case NATPMP_ERR_CANNOTGETGATEWAY:
+		s = "cannot get default gateway ip address";
+		break;
+	case NATPMP_ERR_CLOSEERR:
+#ifdef WIN32
+		s = "closesocket() failed";
+#else
+		s = "close() failed";
+#endif
+		break;
+	case NATPMP_ERR_RECVFROM:
+		s = "recvfrom() failed";
+		break;
+	case NATPMP_ERR_NOPENDINGREQ:
+		s = "no pending request";
+		break;
+	case NATPMP_ERR_NOGATEWAYSUPPORT:
+		s = "the gateway does not support nat-pmp";
+		break;
+	case NATPMP_ERR_CONNECTERR:
+		s = "connect() failed";
+		break;
+	case NATPMP_ERR_WRONGPACKETSOURCE:
+		s = "packet not received from the default gateway";
+		break;
+	case NATPMP_ERR_SENDERR:
+		s = "send() failed";
+		break;
+	case NATPMP_ERR_FCNTLERROR:
+		s = "fcntl() failed";
+		break;
+	case NATPMP_ERR_GETTIMEOFDAYERR:
+		s = "gettimeofday() failed";
+		break;
+	case NATPMP_ERR_UNSUPPORTEDVERSION:
+		s = "unsupported nat-pmp version error from server";
+		break;
+	case NATPMP_ERR_UNSUPPORTEDOPCODE:
+		s = "unsupported nat-pmp opcode error from server";
+		break;
+	case NATPMP_ERR_UNDEFINEDERROR:
+		s = "undefined nat-pmp server error";
+		break;
+	case NATPMP_ERR_NOTAUTHORIZED:
+		s = "not authorized";
+		break;
+	case NATPMP_ERR_NETWORKFAILURE:
+		s = "network failure";
+		break;
+	case NATPMP_ERR_OUTOFRESOURCES:
+		s = "nat-pmp server out of resources";
+		break;
+	default:
+		s = "Unknown libnatpmp error";
+	}
+	return s;
+}
+#endif
+
diff --git a/ext/libnatpmp/natpmp.def b/ext/libnatpmp/natpmp.def
new file mode 100644
index 0000000..cd11003
--- /dev/null
+++ b/ext/libnatpmp/natpmp.def
@@ -0,0 +1,11 @@
+LIBRARY
+; libnatpmp library
+
+EXPORTS
+  initnatpmp
+  closenatpmp
+  sendpublicaddressrequest
+  sendnewportmappingrequest
+  getnatpmprequesttimeout
+  readnatpmpresponseorretry
+  strnatpmperr
diff --git a/ext/libnatpmp/natpmp.h b/ext/libnatpmp/natpmp.h
new file mode 100644
index 0000000..7889d20
--- /dev/null
+++ b/ext/libnatpmp/natpmp.h
@@ -0,0 +1,219 @@
+/* $Id: natpmp.h,v 1.20 2014/04/22 09:15:40 nanard Exp $ */
+/* libnatpmp
+Copyright (c) 2007-2014, Thomas BERNARD
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * The name of the author may not be used to endorse or promote products
+	  derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+*/
+#ifndef __NATPMP_H__
+#define __NATPMP_H__
+
+/* NAT-PMP Port as defined by the NAT-PMP draft */
+#define NATPMP_PORT (5351)
+
+#include <time.h>
+#if !defined(_MSC_VER)
+#include <sys/time.h>
+#endif	/* !defined(_MSC_VER) */
+
+#ifdef WIN32
+#include <winsock2.h>
+#if !defined(_MSC_VER) || _MSC_VER >= 1600
+#include <stdint.h>
+#else	/* !defined(_MSC_VER) || _MSC_VER >= 1600 */
+typedef unsigned long uint32_t;
+typedef unsigned short uint16_t;
+#endif	/* !defined(_MSC_VER) || _MSC_VER >= 1600 */
+#define in_addr_t uint32_t
+#include "declspec.h"
+#else	/* WIN32 */
+#define LIBSPEC
+#include <netinet/in.h>
+#endif	/* WIN32 */
+
+/* causes problem when installing. Maybe should it be inlined ? */
+/* #include "declspec.h" */
+
+typedef struct {
+	int s;	/* socket */
+	in_addr_t gateway;	/* default gateway (IPv4) */
+	int has_pending_request;
+	unsigned char pending_request[12];
+	int pending_request_len;
+	int try_number;
+	struct timeval retry_time;
+} natpmp_t;
+
+typedef struct {
+	uint16_t type;	/* NATPMP_RESPTYPE_* */
+	uint16_t resultcode;	/* NAT-PMP response code */
+	uint32_t epoch;	/* Seconds since start of epoch */
+	union {
+		struct {
+			//in_addr_t addr;
+			struct in_addr addr;
+		} publicaddress;
+		struct {
+			uint16_t privateport;
+			uint16_t mappedpublicport;
+			uint32_t lifetime;
+		} newportmapping;
+	} pnu;
+} natpmpresp_t;
+
+/* possible values for type field of natpmpresp_t */
+#define NATPMP_RESPTYPE_PUBLICADDRESS (0)
+#define NATPMP_RESPTYPE_UDPPORTMAPPING (1)
+#define NATPMP_RESPTYPE_TCPPORTMAPPING (2)
+
+/* Values to pass to sendnewportmappingrequest() */
+#define NATPMP_PROTOCOL_UDP (1)
+#define NATPMP_PROTOCOL_TCP (2)
+
+/* return values */
+/* NATPMP_ERR_INVALIDARGS : invalid arguments passed to the function */
+#define NATPMP_ERR_INVALIDARGS (-1)
+/* NATPMP_ERR_SOCKETERROR : socket() failed. check errno for details */
+#define NATPMP_ERR_SOCKETERROR (-2)
+/* NATPMP_ERR_CANNOTGETGATEWAY : can't get default gateway IP */
+#define NATPMP_ERR_CANNOTGETGATEWAY (-3)
+/* NATPMP_ERR_CLOSEERR : close() failed. check errno for details */
+#define NATPMP_ERR_CLOSEERR (-4)
+/* NATPMP_ERR_RECVFROM : recvfrom() failed. check errno for details */
+#define NATPMP_ERR_RECVFROM (-5)
+/* NATPMP_ERR_NOPENDINGREQ : readnatpmpresponseorretry() called while
+ * no NAT-PMP request was pending */
+#define NATPMP_ERR_NOPENDINGREQ (-6)
+/* NATPMP_ERR_NOGATEWAYSUPPORT : the gateway does not support NAT-PMP */
+#define NATPMP_ERR_NOGATEWAYSUPPORT (-7)
+/* NATPMP_ERR_CONNECTERR : connect() failed. check errno for details */
+#define NATPMP_ERR_CONNECTERR (-8)
+/* NATPMP_ERR_WRONGPACKETSOURCE : packet not received from the network gateway */
+#define NATPMP_ERR_WRONGPACKETSOURCE (-9)
+/* NATPMP_ERR_SENDERR : send() failed. check errno for details */
+#define NATPMP_ERR_SENDERR (-10)
+/* NATPMP_ERR_FCNTLERROR : fcntl() failed. check errno for details */
+#define NATPMP_ERR_FCNTLERROR (-11)
+/* NATPMP_ERR_GETTIMEOFDAYERR : gettimeofday() failed. check errno for details */
+#define NATPMP_ERR_GETTIMEOFDAYERR (-12)
+
+/* */
+#define NATPMP_ERR_UNSUPPORTEDVERSION (-14)
+#define NATPMP_ERR_UNSUPPORTEDOPCODE (-15)
+
+/* Errors from the server : */
+#define NATPMP_ERR_UNDEFINEDERROR (-49)
+#define NATPMP_ERR_NOTAUTHORIZED (-51)
+#define NATPMP_ERR_NETWORKFAILURE (-52)
+#define NATPMP_ERR_OUTOFRESOURCES (-53)
+
+/* NATPMP_TRYAGAIN : no data available for the moment. try again later */
+#define NATPMP_TRYAGAIN (-100)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* initnatpmp()
+ * initialize a natpmp_t object
+ * With forcegw=1 the gateway is not detected automaticaly.
+ * Return values :
+ * 0 = OK
+ * NATPMP_ERR_INVALIDARGS
+ * NATPMP_ERR_SOCKETERROR
+ * NATPMP_ERR_FCNTLERROR
+ * NATPMP_ERR_CANNOTGETGATEWAY
+ * NATPMP_ERR_CONNECTERR */
+LIBSPEC int initnatpmp(natpmp_t * p, int forcegw, in_addr_t forcedgw);
+
+/* closenatpmp()
+ * close resources associated with a natpmp_t object
+ * Return values :
+ * 0 = OK
+ * NATPMP_ERR_INVALIDARGS
+ * NATPMP_ERR_CLOSEERR */
+LIBSPEC int closenatpmp(natpmp_t * p);
+
+/* sendpublicaddressrequest()
+ * send a public address NAT-PMP request to the network gateway
+ * Return values :
+ * 2 = OK (size of the request)
+ * NATPMP_ERR_INVALIDARGS
+ * NATPMP_ERR_SENDERR */
+LIBSPEC int sendpublicaddressrequest(natpmp_t * p);
+
+/* sendnewportmappingrequest()
+ * send a new port mapping NAT-PMP request to the network gateway
+ * Arguments :
+ * protocol is either NATPMP_PROTOCOL_TCP or NATPMP_PROTOCOL_UDP,
+ * lifetime is in seconds.
+ * To remove a port mapping, set lifetime to zero.
+ * To remove all port mappings to the host, set lifetime and both ports
+ * to zero.
+ * Return values :
+ * 12 = OK (size of the request)
+ * NATPMP_ERR_INVALIDARGS
+ * NATPMP_ERR_SENDERR */
+LIBSPEC int sendnewportmappingrequest(natpmp_t * p, int protocol,
+                              uint16_t privateport, uint16_t publicport,
+							  uint32_t lifetime);
+
+/* getnatpmprequesttimeout()
+ * fills the timeval structure with the timeout duration of the
+ * currently pending NAT-PMP request.
+ * Return values :
+ * 0 = OK
+ * NATPMP_ERR_INVALIDARGS
+ * NATPMP_ERR_GETTIMEOFDAYERR
+ * NATPMP_ERR_NOPENDINGREQ */
+LIBSPEC int getnatpmprequesttimeout(natpmp_t * p, struct timeval * timeout);
+
+/* readnatpmpresponseorretry()
+ * fills the natpmpresp_t structure if possible
+ * Return values :
+ * 0 = OK
+ * NATPMP_TRYAGAIN
+ * NATPMP_ERR_INVALIDARGS
+ * NATPMP_ERR_NOPENDINGREQ
+ * NATPMP_ERR_NOGATEWAYSUPPORT
+ * NATPMP_ERR_RECVFROM
+ * NATPMP_ERR_WRONGPACKETSOURCE
+ * NATPMP_ERR_UNSUPPORTEDVERSION
+ * NATPMP_ERR_UNSUPPORTEDOPCODE
+ * NATPMP_ERR_NOTAUTHORIZED
+ * NATPMP_ERR_NETWORKFAILURE
+ * NATPMP_ERR_OUTOFRESOURCES
+ * NATPMP_ERR_UNSUPPORTEDOPCODE
+ * NATPMP_ERR_UNDEFINEDERROR */
+LIBSPEC int readnatpmpresponseorretry(natpmp_t * p, natpmpresp_t * response);
+
+#ifdef ENABLE_STRNATPMPERR
+LIBSPEC const char * strnatpmperr(int t);
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ext/libnatpmp/natpmpc.1 b/ext/libnatpmp/natpmpc.1
new file mode 100644
index 0000000..5f0003d
--- /dev/null
+++ b/ext/libnatpmp/natpmpc.1
@@ -0,0 +1,19 @@
+.TH natpmpc 1
+
+.SH NAME
+natpmpc \- NAT\-PMP library test client and mapping setter.
+
+.SH "SYNOPSIS"
+Display the public IP address:
+.br
+\fBnatpmpc\fP
+
+Add a port mapping:
+.br
+\fBnatpmpc\fP \-a <public port> <private port> <protocol> [lifetime]
+
+.SH DESCRIPTION
+
+In order to remove a mapping, set it with a lifetime of 0 seconds.
+To remove all mappings for your machine, use 0 as private port and        
+lifetime.
diff --git a/ext/libnatpmp/natpmpc.c b/ext/libnatpmp/natpmpc.c
new file mode 100644
index 0000000..611bd2d
--- /dev/null
+++ b/ext/libnatpmp/natpmpc.c
@@ -0,0 +1,244 @@
+/* $Id: natpmpc.c,v 1.13 2012/08/21 17:23:38 nanard Exp $ */
+/* libnatpmp
+Copyright (c) 2007-2011, Thomas BERNARD
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * The name of the author may not be used to endorse or promote products
+	  derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+*/
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#if defined(_MSC_VER)
+#if _MSC_VER >= 1400
+#define strcasecmp _stricmp
+#else
+#define strcasecmp stricmp
+#endif
+#else
+#include <unistd.h>
+#endif
+#ifdef WIN32
+#include <winsock2.h>
+#else
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#endif
+#include "natpmp.h"
+
+void usage(FILE * out, const char * argv0)
+{
+	fprintf(out, "Usage :\n");
+	fprintf(out, "  %s [options]\n", argv0);
+	fprintf(out, "\tdisplay the public IP address.\n");
+	fprintf(out, "  %s -h\n", argv0);
+	fprintf(out, "\tdisplay this help screen.\n");
+	fprintf(out, "  %s [options] -a <public port> <private port> <protocol> [lifetime]\n", argv0);
+	fprintf(out, "\tadd a port mapping.\n");
+	fprintf(out, "\nOption available :\n");
+	fprintf(out, "  -g ipv4address\n");
+	fprintf(out, "\tforce the gateway to be used as destination for NAT-PMP commands.\n");
+	fprintf(out, "\n  In order to remove a mapping, set it with a lifetime of 0 seconds.\n");
+	fprintf(out, "  To remove all mappings for your machine, use 0 as private port and lifetime.\n");
+}
+
+/* sample code for using libnatpmp */
+int main(int argc, char * * argv)
+{
+	natpmp_t natpmp;
+	natpmpresp_t response;
+	int r;
+	int sav_errno;
+	struct timeval timeout;
+	fd_set fds;
+	int i;
+	int protocol = 0;
+	uint16_t privateport = 0;
+	uint16_t publicport = 0;
+	uint32_t lifetime = 3600;
+	int command = 0;
+	int forcegw = 0;
+	in_addr_t gateway = 0;
+	struct in_addr gateway_in_use;
+
+#ifdef WIN32
+	WSADATA wsaData;
+	int nResult = WSAStartup(MAKEWORD(2,2), &wsaData);
+	if(nResult != NO_ERROR)
+	{
+		fprintf(stderr, "WSAStartup() failed.\n");
+		return -1;
+	}
+#endif
+
+	/* argument parsing */
+	for(i=1; i<argc; i++) {
+		if(argv[i][0] == '-') {
+			switch(argv[i][1]) {
+			case 'h':
+				usage(stdout, argv[0]);
+				return 0;
+			case 'g':
+				forcegw = 1;
+				if(argc < i + 1) {
+					fprintf(stderr, "Not enough arguments for option -%c\n", argv[i][1]);
+					return 1;
+				}
+				gateway = inet_addr(argv[++i]);
+				break;
+			case 'a':
+				command = 'a';
+				if(argc < i + 4) {
+					fprintf(stderr, "Not enough arguments for option -%c\n", argv[i][1]);
+					return 1;
+				}
+				i++;
+				if(1 != sscanf(argv[i], "%hu", &publicport)) {
+					fprintf(stderr, "%s is not a correct 16bits unsigned integer\n", argv[i]);
+					return 1;
+				}
+				i++;
+				if(1 != sscanf(argv[i], "%hu", &privateport)) {
+					fprintf(stderr, "%s is not a correct 16bits unsigned integer\n", argv[i]);
+					return 1;
+				}
+				i++;
+				if(0 == strcasecmp(argv[i], "tcp"))
+					protocol = NATPMP_PROTOCOL_TCP;
+				else if(0 == strcasecmp(argv[i], "udp"))
+					protocol = NATPMP_PROTOCOL_UDP;
+				else {
+					fprintf(stderr, "%s is not a valid protocol\n", argv[i]);
+					return 1;
+				}
+				if(argc > i + 1) {
+					if(1 != sscanf(argv[i+1], "%u", &lifetime)) {
+						fprintf(stderr, "%s is not a correct 32bits unsigned integer\n", argv[i]);
+					} else {
+						i++;
+					}
+				}
+				break;
+			default:
+				fprintf(stderr, "Unknown option %s\n", argv[i]);
+				usage(stderr, argv[0]);
+				return 1;
+			}
+		} else {
+			fprintf(stderr, "Unknown option %s\n", argv[i]);
+			usage(stderr, argv[0]);
+			return 1;
+		}
+	}
+
+	/* initnatpmp() */
+	r = initnatpmp(&natpmp, forcegw, gateway);
+	printf("initnatpmp() returned %d (%s)\n", r, r?"FAILED":"SUCCESS");
+	if(r<0)
+		return 1;
+
+	gateway_in_use.s_addr = natpmp.gateway;
+	printf("using gateway : %s\n", inet_ntoa(gateway_in_use));
+
+	/* sendpublicaddressrequest() */
+	r = sendpublicaddressrequest(&natpmp);
+	printf("sendpublicaddressrequest returned %d (%s)\n",
+	       r, r==2?"SUCCESS":"FAILED");
+	if(r<0)
+		return 1;
+
+	do {
+		FD_ZERO(&fds);
+		FD_SET(natpmp.s, &fds);
+		getnatpmprequesttimeout(&natpmp, &timeout);
+		r = select(FD_SETSIZE, &fds, NULL, NULL, &timeout);
+		if(r<0) {
+			fprintf(stderr, "select()");
+			return 1;
+		}
+		r = readnatpmpresponseorretry(&natpmp, &response);
+		sav_errno = errno;
+		printf("readnatpmpresponseorretry returned %d (%s)\n",
+		       r, r==0?"OK":(r==NATPMP_TRYAGAIN?"TRY AGAIN":"FAILED"));
+		if(r<0 && r!=NATPMP_TRYAGAIN) {
+#ifdef ENABLE_STRNATPMPERR
+			fprintf(stderr, "readnatpmpresponseorretry() failed : %s\n",
+			        strnatpmperr(r));
+#endif
+			fprintf(stderr, "  errno=%d '%s'\n",
+			        sav_errno, strerror(sav_errno));
+		}
+	} while(r==NATPMP_TRYAGAIN);
+	if(r<0)
+		return 1;
+
+	/* TODO : check that response.type == 0 */
+	printf("Public IP address : %s\n", inet_ntoa(response.pnu.publicaddress.addr));
+	printf("epoch = %u\n", response.epoch);
+
+	if(command == 'a') {
+		/* sendnewportmappingrequest() */
+		r = sendnewportmappingrequest(&natpmp, protocol,
+        	                      privateport, publicport,
+								  lifetime);
+		printf("sendnewportmappingrequest returned %d (%s)\n",
+		       r, r==12?"SUCCESS":"FAILED");
+		if(r < 0)
+			return 1;
+
+		do {
+			FD_ZERO(&fds);
+			FD_SET(natpmp.s, &fds);
+			getnatpmprequesttimeout(&natpmp, &timeout);
+			select(FD_SETSIZE, &fds, NULL, NULL, &timeout);
+			r = readnatpmpresponseorretry(&natpmp, &response);
+			printf("readnatpmpresponseorretry returned %d (%s)\n",
+			       r, r==0?"OK":(r==NATPMP_TRYAGAIN?"TRY AGAIN":"FAILED"));
+		} while(r==NATPMP_TRYAGAIN);
+		if(r<0) {
+#ifdef ENABLE_STRNATPMPERR
+			fprintf(stderr, "readnatpmpresponseorretry() failed : %s\n",
+			        strnatpmperr(r));
+#endif
+			return 1;
+		}
+
+		printf("Mapped public port %hu protocol %s to local port %hu "
+		       "liftime %u\n",
+	    	   response.pnu.newportmapping.mappedpublicport,
+			   response.type == NATPMP_RESPTYPE_UDPPORTMAPPING ? "UDP" :
+			    (response.type == NATPMP_RESPTYPE_TCPPORTMAPPING ? "TCP" :
+			     "UNKNOWN"),
+			   response.pnu.newportmapping.privateport,
+			   response.pnu.newportmapping.lifetime);
+		printf("epoch = %u\n", response.epoch);
+	}
+
+	r = closenatpmp(&natpmp);
+	printf("closenatpmp() returned %d (%s)\n", r, r==0?"SUCCESS":"FAILED");
+	if(r<0)
+		return 1;
+
+	return 0;
+}
+
diff --git a/ext/libnatpmp/setup.py b/ext/libnatpmp/setup.py
new file mode 100644
index 0000000..aa774ee
--- /dev/null
+++ b/ext/libnatpmp/setup.py
@@ -0,0 +1,18 @@
+#! /usr/bin/python
+# $Id: setup.py,v 1.3 2012/03/05 04:54:01 nanard Exp $
+#
+# python script to build the libnatpmp module under unix
+#
+# replace libnatpmp.a by libnatpmp.so for shared library usage
+from distutils.core import setup, Extension
+from distutils import sysconfig
+sysconfig.get_config_vars()["OPT"] = ''
+sysconfig.get_config_vars()["CFLAGS"] = ''
+setup(name="libnatpmp", version="1.0",
+      ext_modules=[
+        Extension(name="libnatpmp", sources=["libnatpmpmodule.c"],
+                  extra_objects=["libnatpmp.a"],
+                  define_macros=[('ENABLE_STRNATPMPERR', None)]
+        )]
+     )
+
diff --git a/ext/libnatpmp/setupmingw32.py b/ext/libnatpmp/setupmingw32.py
new file mode 100644
index 0000000..d02fdfc
--- /dev/null
+++ b/ext/libnatpmp/setupmingw32.py
@@ -0,0 +1,17 @@
+#! /usr/bin/python
+# $Id: setupmingw32.py,v 1.3 2012/03/05 04:54:01 nanard Exp $
+# python script to build the miniupnpc module under windows
+#
+from distutils.core import setup, Extension
+from distutils import sysconfig
+sysconfig.get_config_vars()["OPT"] = ''
+sysconfig.get_config_vars()["CFLAGS"] = ''
+setup(name="libnatpmp", version="1.0",
+      ext_modules=[
+        Extension(name="libnatpmp", sources=["libnatpmpmodule.c"],
+                  libraries=["ws2_32"],
+                  extra_objects=["libnatpmp.a"],
+                  define_macros=[('ENABLE_STRNATPMPERR', None)]
+        )]
+     )
+
diff --git a/ext/libnatpmp/testgetgateway.c b/ext/libnatpmp/testgetgateway.c
new file mode 100644
index 0000000..24cbe7d
--- /dev/null
+++ b/ext/libnatpmp/testgetgateway.c
@@ -0,0 +1,57 @@
+/* $Id: testgetgateway.c,v 1.7 2012/08/21 17:13:31 nanard Exp $ */
+/* libnatpmp
+Copyright (c) 2007-2011, Thomas BERNARD
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * The name of the author may not be used to endorse or promote products
+	  derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+*/
+#include <stdio.h>
+#ifdef WIN32
+#include <winsock2.h>
+#else
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#endif
+#include "getgateway.h"
+
+int main(int argc, char * * argv)
+{
+	(void)argc;
+	(void)argv;
+	struct in_addr gatewayaddr;
+	int r;
+#ifdef WIN32
+	uint32_t temp = 0;
+	r = getdefaultgateway(&temp);
+	gatewayaddr.S_un.S_addr = temp;
+#else
+	r = getdefaultgateway(&(gatewayaddr.s_addr));
+#endif
+	if(r>=0)
+		printf("default gateway : %s\n", inet_ntoa(gatewayaddr));
+	else
+		fprintf(stderr, "getdefaultgateway() failed\n");
+	return 0;
+}
+
diff --git a/ext/libnatpmp/wingettimeofday.c b/ext/libnatpmp/wingettimeofday.c
new file mode 100644
index 0000000..cb730e1
--- /dev/null
+++ b/ext/libnatpmp/wingettimeofday.c
@@ -0,0 +1,60 @@
+/* $Id: wingettimeofday.c,v 1.6 2013/09/10 20:13:26 nanard Exp $ */
+/* libnatpmp
+Copyright (c) 2007-2013, Thomas BERNARD
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * The name of the author may not be used to endorse or promote products
+	  derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+*/
+#ifdef WIN32
+#if defined(_MSC_VER)
+struct timeval {
+	long    tv_sec;
+	long    tv_usec;
+};
+#else
+#include <sys/time.h>
+#endif
+
+typedef struct _FILETIME {
+    unsigned long dwLowDateTime;
+    unsigned long dwHighDateTime;
+} FILETIME;
+
+void __stdcall GetSystemTimeAsFileTime(FILETIME*);
+
+int natpmp_gettimeofday(struct timeval* p, void* tz /* IGNORED */) {
+  union {
+   long long ns100; /*time since 1 Jan 1601 in 100ns units */
+   FILETIME ft;
+  } _now;
+
+	if(!p)
+		return -1;
+  GetSystemTimeAsFileTime( &(_now.ft) );
+  p->tv_usec =(long)((_now.ns100 / 10LL) % 1000000LL );
+  p->tv_sec = (long)((_now.ns100-(116444736000000000LL))/10000000LL);
+  return 0;
+}
+#endif
+
diff --git a/ext/libnatpmp/wingettimeofday.h b/ext/libnatpmp/wingettimeofday.h
new file mode 100644
index 0000000..1d18d9f
--- /dev/null
+++ b/ext/libnatpmp/wingettimeofday.h
@@ -0,0 +1,39 @@
+/* $Id: wingettimeofday.h,v 1.5 2013/09/11 07:22:25 nanard Exp $ */
+/* libnatpmp
+Copyright (c) 2007-2013, Thomas BERNARD
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * The name of the author may not be used to endorse or promote products
+	  derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+*/
+#ifndef __WINGETTIMEOFDAY_H__
+#define __WINGETTIMEOFDAY_H__
+#ifdef WIN32
+#if defined(_MSC_VER)
+#include <time.h>
+#else
+#include <sys/time.h>
+#endif
+int natpmp_gettimeofday(struct timeval* p, void* tz /* IGNORED */);
+#endif
+#endif
diff --git a/ext/lz4/lz4.c b/ext/lz4/lz4.c
new file mode 100644
index 0000000..08cf6b5
--- /dev/null
+++ b/ext/lz4/lz4.c
@@ -0,0 +1,1516 @@
+/*
+   LZ4 - Fast LZ compression algorithm
+   Copyright (C) 2011-2015, Yann Collet.
+
+   BSD 2-Clause License (http://www.opensource.org/licenses/bsd-license.php)
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions are
+   met:
+
+       * Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+       * Redistributions in binary form must reproduce the above
+   copyright notice, this list of conditions and the following disclaimer
+   in the documentation and/or other materials provided with the
+   distribution.
+
+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+   You can contact the author at :
+   - LZ4 source repository : https://github.com/Cyan4973/lz4
+   - LZ4 public forum : https://groups.google.com/forum/#!forum/lz4c
+*/
+
+
+/**************************************
+*  Tuning parameters
+**************************************/
+/*
+ * HEAPMODE :
+ * Select how default compression functions will allocate memory for their hash table,
+ * in memory stack (0:default, fastest), or in memory heap (1:requires malloc()).
+ */
+#define HEAPMODE 0
+
+/*
+ * ACCELERATION_DEFAULT :
+ * Select "acceleration" for LZ4_compress_fast() when parameter value <= 0
+ */
+#define ACCELERATION_DEFAULT 1
+
+
+/**************************************
+*  CPU Feature Detection
+**************************************/
+/*
+ * LZ4_FORCE_SW_BITCOUNT
+ * Define this parameter if your target system or compiler does not support hardware bit count
+ */
+#if defined(_MSC_VER) && defined(_WIN32_WCE)   /* Visual Studio for Windows CE does not support Hardware bit count */
+#  define LZ4_FORCE_SW_BITCOUNT
+#endif
+
+
+/**************************************
+*  Includes
+**************************************/
+#include "lz4.h"
+
+
+/**************************************
+*  Compiler Options
+**************************************/
+#ifdef _MSC_VER    /* Visual Studio */
+#  define FORCE_INLINE static __forceinline
+#  include <intrin.h>
+#  pragma warning(disable : 4127)        /* disable: C4127: conditional expression is constant */
+#  pragma warning(disable : 4293)        /* disable: C4293: too large shift (32-bits) */
+#else
+#  if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)   /* C99 */
+#    if defined(__GNUC__) || defined(__clang__)
+#      define FORCE_INLINE static inline __attribute__((always_inline))
+#    else
+#      define FORCE_INLINE static inline
+#    endif
+#  else
+#    define FORCE_INLINE static
+#  endif   /* __STDC_VERSION__ */
+#endif  /* _MSC_VER */
+
+/* LZ4_GCC_VERSION is defined into lz4.h */
+#if (LZ4_GCC_VERSION >= 302) || (__INTEL_COMPILER >= 800) || defined(__clang__)
+#  define expect(expr,value)    (__builtin_expect ((expr),(value)) )
+#else
+#  define expect(expr,value)    (expr)
+#endif
+
+#define likely(expr)     expect((expr) != 0, 1)
+#define unlikely(expr)   expect((expr) != 0, 0)
+
+
+/**************************************
+*  Memory routines
+**************************************/
+#include <stdlib.h>   /* malloc, calloc, free */
+#define ALLOCATOR(n,s) calloc(n,s)
+#define FREEMEM        free
+#include <string.h>   /* memset, memcpy */
+#define MEM_INIT       memset
+
+
+/**************************************
+*  Basic Types
+**************************************/
+#if defined (__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)   /* C99 */
+# include <stdint.h>
+  typedef  uint8_t BYTE;
+  typedef uint16_t U16;
+  typedef uint32_t U32;
+  typedef  int32_t S32;
+  typedef uint64_t U64;
+#else
+  typedef unsigned char       BYTE;
+  typedef unsigned short      U16;
+  typedef unsigned int        U32;
+  typedef   signed int        S32;
+  typedef unsigned long long  U64;
+#endif
+
+
+/**************************************
+*  Reading and writing into memory
+**************************************/
+#define STEPSIZE sizeof(size_t)
+
+static unsigned LZ4_64bits(void) { return sizeof(void*)==8; }
+
+static unsigned LZ4_isLittleEndian(void)
+{
+    const union { U32 i; BYTE c[4]; } one = { 1 };   /* don't use static : performance detrimental  */
+    return one.c[0];
+}
+
+
+static U16 LZ4_read16(const void* memPtr)
+{
+    U16 val16;
+    memcpy(&val16, memPtr, 2);
+    return val16;
+}
+
+static U16 LZ4_readLE16(const void* memPtr)
+{
+    if (LZ4_isLittleEndian())
+    {
+        return LZ4_read16(memPtr);
+    }
+    else
+    {
+        const BYTE* p = (const BYTE*)memPtr;
+        return (U16)((U16)p[0] + (p[1]<<8));
+    }
+}
+
+static void LZ4_writeLE16(void* memPtr, U16 value)
+{
+    if (LZ4_isLittleEndian())
+    {
+        memcpy(memPtr, &value, 2);
+    }
+    else
+    {
+        BYTE* p = (BYTE*)memPtr;
+        p[0] = (BYTE) value;
+        p[1] = (BYTE)(value>>8);
+    }
+}
+
+static U32 LZ4_read32(const void* memPtr)
+{
+    U32 val32;
+    memcpy(&val32, memPtr, 4);
+    return val32;
+}
+
+static U64 LZ4_read64(const void* memPtr)
+{
+    U64 val64;
+    memcpy(&val64, memPtr, 8);
+    return val64;
+}
+
+static size_t LZ4_read_ARCH(const void* p)
+{
+    if (LZ4_64bits())
+        return (size_t)LZ4_read64(p);
+    else
+        return (size_t)LZ4_read32(p);
+}
+
+
+static void LZ4_copy4(void* dstPtr, const void* srcPtr) { memcpy(dstPtr, srcPtr, 4); }
+
+static void LZ4_copy8(void* dstPtr, const void* srcPtr) { memcpy(dstPtr, srcPtr, 8); }
+
+/* customized version of memcpy, which may overwrite up to 7 bytes beyond dstEnd */
+static void LZ4_wildCopy(void* dstPtr, const void* srcPtr, void* dstEnd)
+{
+    BYTE* d = (BYTE*)dstPtr;
+    const BYTE* s = (const BYTE*)srcPtr;
+    BYTE* e = (BYTE*)dstEnd;
+    do { LZ4_copy8(d,s); d+=8; s+=8; } while (d<e);
+}
+
+
+/**************************************
+*  Common Constants
+**************************************/
+#define MINMATCH 4
+
+#define COPYLENGTH 8
+#define LASTLITERALS 5
+#define MFLIMIT (COPYLENGTH+MINMATCH)
+static const int LZ4_minLength = (MFLIMIT+1);
+
+#define KB *(1 <<10)
+#define MB *(1 <<20)
+#define GB *(1U<<30)
+
+#define MAXD_LOG 16
+#define MAX_DISTANCE ((1 << MAXD_LOG) - 1)
+
+#define ML_BITS  4
+#define ML_MASK  ((1U<<ML_BITS)-1)
+#define RUN_BITS (8-ML_BITS)
+#define RUN_MASK ((1U<<RUN_BITS)-1)
+
+
+/**************************************
+*  Common Utils
+**************************************/
+#define LZ4_STATIC_ASSERT(c)    { enum { LZ4_static_assert = 1/(int)(!!(c)) }; }   /* use only *after* variable declarations */
+
+
+/**************************************
+*  Common functions
+**************************************/
+static unsigned LZ4_NbCommonBytes (register size_t val)
+{
+    if (LZ4_isLittleEndian())
+    {
+        if (LZ4_64bits())
+        {
+#       if defined(_MSC_VER) && defined(_WIN64) && !defined(LZ4_FORCE_SW_BITCOUNT)
+            unsigned long r = 0;
+            _BitScanForward64( &r, (U64)val );
+            return (int)(r>>3);
+#       elif (defined(__clang__) || (LZ4_GCC_VERSION >= 304)) && !defined(LZ4_FORCE_SW_BITCOUNT)
+            return (__builtin_ctzll((U64)val) >> 3);
+#       else
+            static const int DeBruijnBytePos[64] = { 0, 0, 0, 0, 0, 1, 1, 2, 0, 3, 1, 3, 1, 4, 2, 7, 0, 2, 3, 6, 1, 5, 3, 5, 1, 3, 4, 4, 2, 5, 6, 7, 7, 0, 1, 2, 3, 3, 4, 6, 2, 6, 5, 5, 3, 4, 5, 6, 7, 1, 2, 4, 6, 4, 4, 5, 7, 2, 6, 5, 7, 6, 7, 7 };
+            return DeBruijnBytePos[((U64)((val & -(long long)val) * 0x0218A392CDABBD3FULL)) >> 58];
+#       endif
+        }
+        else /* 32 bits */
+        {
+#       if defined(_MSC_VER) && !defined(LZ4_FORCE_SW_BITCOUNT)
+            unsigned long r;
+            _BitScanForward( &r, (U32)val );
+            return (int)(r>>3);
+#       elif (defined(__clang__) || (LZ4_GCC_VERSION >= 304)) && !defined(LZ4_FORCE_SW_BITCOUNT)
+            return (__builtin_ctz((U32)val) >> 3);
+#       else
+            static const int DeBruijnBytePos[32] = { 0, 0, 3, 0, 3, 1, 3, 0, 3, 2, 2, 1, 3, 2, 0, 1, 3, 3, 1, 2, 2, 2, 2, 0, 3, 1, 2, 0, 1, 0, 1, 1 };
+            return DeBruijnBytePos[((U32)((val & -(S32)val) * 0x077CB531U)) >> 27];
+#       endif
+        }
+    }
+    else   /* Big Endian CPU */
+    {
+        if (LZ4_64bits())
+        {
+#       if defined(_MSC_VER) && defined(_WIN64) && !defined(LZ4_FORCE_SW_BITCOUNT)
+            unsigned long r = 0;
+            _BitScanReverse64( &r, val );
+            return (unsigned)(r>>3);
+#       elif (defined(__clang__) || (LZ4_GCC_VERSION >= 304)) && !defined(LZ4_FORCE_SW_BITCOUNT)
+            return (__builtin_clzll((U64)val) >> 3);
+#       else
+            unsigned r;
+            if (!(val>>32)) { r=4; } else { r=0; val>>=32; }
+            if (!(val>>16)) { r+=2; val>>=8; } else { val>>=24; }
+            r += (!val);
+            return r;
+#       endif
+        }
+        else /* 32 bits */
+        {
+#       if defined(_MSC_VER) && !defined(LZ4_FORCE_SW_BITCOUNT)
+            unsigned long r = 0;
+            _BitScanReverse( &r, (unsigned long)val );
+            return (unsigned)(r>>3);
+#       elif (defined(__clang__) || (LZ4_GCC_VERSION >= 304)) && !defined(LZ4_FORCE_SW_BITCOUNT)
+            return (__builtin_clz((U32)val) >> 3);
+#       else
+            unsigned r;
+            if (!(val>>16)) { r=2; val>>=8; } else { r=0; val>>=24; }
+            r += (!val);
+            return r;
+#       endif
+        }
+    }
+}
+
+static unsigned LZ4_count(const BYTE* pIn, const BYTE* pMatch, const BYTE* pInLimit)
+{
+    const BYTE* const pStart = pIn;
+
+    while (likely(pIn<pInLimit-(STEPSIZE-1)))
+    {
+        size_t diff = LZ4_read_ARCH(pMatch) ^ LZ4_read_ARCH(pIn);
+        if (!diff) { pIn+=STEPSIZE; pMatch+=STEPSIZE; continue; }
+        pIn += LZ4_NbCommonBytes(diff);
+        return (unsigned)(pIn - pStart);
+    }
+
+    if (LZ4_64bits()) if ((pIn<(pInLimit-3)) && (LZ4_read32(pMatch) == LZ4_read32(pIn))) { pIn+=4; pMatch+=4; }
+    if ((pIn<(pInLimit-1)) && (LZ4_read16(pMatch) == LZ4_read16(pIn))) { pIn+=2; pMatch+=2; }
+    if ((pIn<pInLimit) && (*pMatch == *pIn)) pIn++;
+    return (unsigned)(pIn - pStart);
+}
+
+
+#ifndef LZ4_COMMONDEFS_ONLY
+/**************************************
+*  Local Constants
+**************************************/
+#define LZ4_HASHLOG   (LZ4_MEMORY_USAGE-2)
+#define HASHTABLESIZE (1 << LZ4_MEMORY_USAGE)
+#define HASH_SIZE_U32 (1 << LZ4_HASHLOG)       /* required as macro for static allocation */
+
+static const int LZ4_64Klimit = ((64 KB) + (MFLIMIT-1));
+static const U32 LZ4_skipTrigger = 6;  /* Increase this value ==> compression run slower on incompressible data */
+
+
+/**************************************
+*  Local Structures and types
+**************************************/
+typedef struct {
+    U32 hashTable[HASH_SIZE_U32];
+    U32 currentOffset;
+    U32 initCheck;
+    const BYTE* dictionary;
+    BYTE* bufferStart;   /* obsolete, used for slideInputBuffer */
+    U32 dictSize;
+} LZ4_stream_t_internal;
+
+typedef enum { notLimited = 0, limitedOutput = 1 } limitedOutput_directive;
+typedef enum { byPtr, byU32, byU16 } tableType_t;
+
+typedef enum { noDict = 0, withPrefix64k, usingExtDict } dict_directive;
+typedef enum { noDictIssue = 0, dictSmall } dictIssue_directive;
+
+typedef enum { endOnOutputSize = 0, endOnInputSize = 1 } endCondition_directive;
+typedef enum { full = 0, partial = 1 } earlyEnd_directive;
+
+
+/**************************************
+*  Local Utils
+**************************************/
+int LZ4_versionNumber (void) { return LZ4_VERSION_NUMBER; }
+int LZ4_compressBound(int isize)  { return LZ4_COMPRESSBOUND(isize); }
+int LZ4_sizeofState() { return LZ4_STREAMSIZE; }
+
+
+
+/********************************
+*  Compression functions
+********************************/
+
+static U32 LZ4_hashSequence(U32 sequence, tableType_t const tableType)
+{
+    if (tableType == byU16)
+        return (((sequence) * 2654435761U) >> ((MINMATCH*8)-(LZ4_HASHLOG+1)));
+    else
+        return (((sequence) * 2654435761U) >> ((MINMATCH*8)-LZ4_HASHLOG));
+}
+
+static const U64 prime5bytes = 889523592379ULL;
+static U32 LZ4_hashSequence64(size_t sequence, tableType_t const tableType)
+{
+    const U32 hashLog = (tableType == byU16) ? LZ4_HASHLOG+1 : LZ4_HASHLOG;
+    const U32 hashMask = (1<<hashLog) - 1;
+    return ((sequence * prime5bytes) >> (40 - hashLog)) & hashMask;
+}
+
+static U32 LZ4_hashSequenceT(size_t sequence, tableType_t const tableType)
+{
+    if (LZ4_64bits())
+        return LZ4_hashSequence64(sequence, tableType);
+    return LZ4_hashSequence((U32)sequence, tableType);
+}
+
+static U32 LZ4_hashPosition(const void* p, tableType_t tableType) { return LZ4_hashSequenceT(LZ4_read_ARCH(p), tableType); }
+
+static void LZ4_putPositionOnHash(const BYTE* p, U32 h, void* tableBase, tableType_t const tableType, const BYTE* srcBase)
+{
+    switch (tableType)
+    {
+    case byPtr: { const BYTE** hashTable = (const BYTE**)tableBase; hashTable[h] = p; return; }
+    case byU32: { U32* hashTable = (U32*) tableBase; hashTable[h] = (U32)(p-srcBase); return; }
+    case byU16: { U16* hashTable = (U16*) tableBase; hashTable[h] = (U16)(p-srcBase); return; }
+    }
+}
+
+static void LZ4_putPosition(const BYTE* p, void* tableBase, tableType_t tableType, const BYTE* srcBase)
+{
+    U32 h = LZ4_hashPosition(p, tableType);
+    LZ4_putPositionOnHash(p, h, tableBase, tableType, srcBase);
+}
+
+static const BYTE* LZ4_getPositionOnHash(U32 h, void* tableBase, tableType_t tableType, const BYTE* srcBase)
+{
+    if (tableType == byPtr) { const BYTE** hashTable = (const BYTE**) tableBase; return hashTable[h]; }
+    if (tableType == byU32) { U32* hashTable = (U32*) tableBase; return hashTable[h] + srcBase; }
+    { U16* hashTable = (U16*) tableBase; return hashTable[h] + srcBase; }   /* default, to ensure a return */
+}
+
+static const BYTE* LZ4_getPosition(const BYTE* p, void* tableBase, tableType_t tableType, const BYTE* srcBase)
+{
+    U32 h = LZ4_hashPosition(p, tableType);
+    return LZ4_getPositionOnHash(h, tableBase, tableType, srcBase);
+}
+
+FORCE_INLINE int LZ4_compress_generic(
+                 void* const ctx,
+                 const char* const source,
+                 char* const dest,
+                 const int inputSize,
+                 const int maxOutputSize,
+                 const limitedOutput_directive outputLimited,
+                 const tableType_t tableType,
+                 const dict_directive dict,
+                 const dictIssue_directive dictIssue,
+                 const U32 acceleration)
+{
+    LZ4_stream_t_internal* const dictPtr = (LZ4_stream_t_internal*)ctx;
+
+    const BYTE* ip = (const BYTE*) source;
+    const BYTE* base;
+    const BYTE* lowLimit;
+    const BYTE* const lowRefLimit = ip - dictPtr->dictSize;
+    const BYTE* const dictionary = dictPtr->dictionary;
+    const BYTE* const dictEnd = dictionary + dictPtr->dictSize;
+    const size_t dictDelta = dictEnd - (const BYTE*)source;
+    const BYTE* anchor = (const BYTE*) source;
+    const BYTE* const iend = ip + inputSize;
+    const BYTE* const mflimit = iend - MFLIMIT;
+    const BYTE* const matchlimit = iend - LASTLITERALS;
+
+    BYTE* op = (BYTE*) dest;
+    BYTE* const olimit = op + maxOutputSize;
+
+    U32 forwardH;
+    size_t refDelta=0;
+
+    /* Init conditions */
+    if ((U32)inputSize > (U32)LZ4_MAX_INPUT_SIZE) return 0;   /* Unsupported input size, too large (or negative) */
+    switch(dict)
+    {
+    case noDict:
+    default:
+        base = (const BYTE*)source;
+        lowLimit = (const BYTE*)source;
+        break;
+    case withPrefix64k:
+        base = (const BYTE*)source - dictPtr->currentOffset;
+        lowLimit = (const BYTE*)source - dictPtr->dictSize;
+        break;
+    case usingExtDict:
+        base = (const BYTE*)source - dictPtr->currentOffset;
+        lowLimit = (const BYTE*)source;
+        break;
+    }
+    if ((tableType == byU16) && (inputSize>=LZ4_64Klimit)) return 0;   /* Size too large (not within 64K limit) */
+    if (inputSize<LZ4_minLength) goto _last_literals;                  /* Input too small, no compression (all literals) */
+
+    /* First Byte */
+    LZ4_putPosition(ip, ctx, tableType, base);
+    ip++; forwardH = LZ4_hashPosition(ip, tableType);
+
+    /* Main Loop */
+    for ( ; ; )
+    {
+        const BYTE* match;
+        BYTE* token;
+        {
+            const BYTE* forwardIp = ip;
+            unsigned step = 1;
+            unsigned searchMatchNb = acceleration << LZ4_skipTrigger;
+
+            /* Find a match */
+            do {
+                U32 h = forwardH;
+                ip = forwardIp;
+                forwardIp += step;
+                step = (searchMatchNb++ >> LZ4_skipTrigger);
+
+                if (unlikely(forwardIp > mflimit)) goto _last_literals;
+
+                match = LZ4_getPositionOnHash(h, ctx, tableType, base);
+                if (dict==usingExtDict)
+                {
+                    if (match<(const BYTE*)source)
+                    {
+                        refDelta = dictDelta;
+                        lowLimit = dictionary;
+                    }
+                    else
+                    {
+                        refDelta = 0;
+                        lowLimit = (const BYTE*)source;
+                    }
+                }
+                forwardH = LZ4_hashPosition(forwardIp, tableType);
+                LZ4_putPositionOnHash(ip, h, ctx, tableType, base);
+
+            } while ( ((dictIssue==dictSmall) ? (match < lowRefLimit) : 0)
+                || ((tableType==byU16) ? 0 : (match + MAX_DISTANCE < ip))
+                || (LZ4_read32(match+refDelta) != LZ4_read32(ip)) );
+        }
+
+        /* Catch up */
+        while ((ip>anchor) && (match+refDelta > lowLimit) && (unlikely(ip[-1]==match[refDelta-1]))) { ip--; match--; }
+
+        {
+            /* Encode Literal length */
+            unsigned litLength = (unsigned)(ip - anchor);
+            token = op++;
+            if ((outputLimited) && (unlikely(op + litLength + (2 + 1 + LASTLITERALS) + (litLength/255) > olimit)))
+                return 0;   /* Check output limit */
+            if (litLength>=RUN_MASK)
+            {
+                int len = (int)litLength-RUN_MASK;
+                *token=(RUN_MASK<<ML_BITS);
+                for(; len >= 255 ; len-=255) *op++ = 255;
+                *op++ = (BYTE)len;
+            }
+            else *token = (BYTE)(litLength<<ML_BITS);
+
+            /* Copy Literals */
+            LZ4_wildCopy(op, anchor, op+litLength);
+            op+=litLength;
+        }
+
+_next_match:
+        /* Encode Offset */
+        LZ4_writeLE16(op, (U16)(ip-match)); op+=2;
+
+        /* Encode MatchLength */
+        {
+            unsigned matchLength;
+
+            if ((dict==usingExtDict) && (lowLimit==dictionary))
+            {
+                const BYTE* limit;
+                match += refDelta;
+                limit = ip + (dictEnd-match);
+                if (limit > matchlimit) limit = matchlimit;
+                matchLength = LZ4_count(ip+MINMATCH, match+MINMATCH, limit);
+                ip += MINMATCH + matchLength;
+                if (ip==limit)
+                {
+                    unsigned more = LZ4_count(ip, (const BYTE*)source, matchlimit);
+                    matchLength += more;
+                    ip += more;
+                }
+            }
+            else
+            {
+                matchLength = LZ4_count(ip+MINMATCH, match+MINMATCH, matchlimit);
+                ip += MINMATCH + matchLength;
+            }
+
+            if ((outputLimited) && (unlikely(op + (1 + LASTLITERALS) + (matchLength>>8) > olimit)))
+                return 0;    /* Check output limit */
+            if (matchLength>=ML_MASK)
+            {
+                *token += ML_MASK;
+                matchLength -= ML_MASK;
+                for (; matchLength >= 510 ; matchLength-=510) { *op++ = 255; *op++ = 255; }
+                if (matchLength >= 255) { matchLength-=255; *op++ = 255; }
+                *op++ = (BYTE)matchLength;
+            }
+            else *token += (BYTE)(matchLength);
+        }
+
+        anchor = ip;
+
+        /* Test end of chunk */
+        if (ip > mflimit) break;
+
+        /* Fill table */
+        LZ4_putPosition(ip-2, ctx, tableType, base);
+
+        /* Test next position */
+        match = LZ4_getPosition(ip, ctx, tableType, base);
+        if (dict==usingExtDict)
+        {
+            if (match<(const BYTE*)source)
+            {
+                refDelta = dictDelta;
+                lowLimit = dictionary;
+            }
+            else
+            {
+                refDelta = 0;
+                lowLimit = (const BYTE*)source;
+            }
+        }
+        LZ4_putPosition(ip, ctx, tableType, base);
+        if ( ((dictIssue==dictSmall) ? (match>=lowRefLimit) : 1)
+            && (match+MAX_DISTANCE>=ip)
+            && (LZ4_read32(match+refDelta)==LZ4_read32(ip)) )
+        { token=op++; *token=0; goto _next_match; }
+
+        /* Prepare next loop */
+        forwardH = LZ4_hashPosition(++ip, tableType);
+    }
+
+_last_literals:
+    /* Encode Last Literals */
+    {
+        const size_t lastRun = (size_t)(iend - anchor);
+        if ((outputLimited) && ((op - (BYTE*)dest) + lastRun + 1 + ((lastRun+255-RUN_MASK)/255) > (U32)maxOutputSize))
+            return 0;   /* Check output limit */
+        if (lastRun >= RUN_MASK)
+        {
+            size_t accumulator = lastRun - RUN_MASK;
+            *op++ = RUN_MASK << ML_BITS;
+            for(; accumulator >= 255 ; accumulator-=255) *op++ = 255;
+            *op++ = (BYTE) accumulator;
+        }
+        else
+        {
+            *op++ = (BYTE)(lastRun<<ML_BITS);
+        }
+        memcpy(op, anchor, lastRun);
+        op += lastRun;
+    }
+
+    /* End */
+    return (int) (((char*)op)-dest);
+}
+
+
+int LZ4_compress_fast_extState(void* state, const char* source, char* dest, int inputSize, int maxOutputSize, int acceleration)
+{
+    LZ4_resetStream((LZ4_stream_t*)state);
+    if (acceleration < 1) acceleration = ACCELERATION_DEFAULT;
+
+    if (maxOutputSize >= LZ4_compressBound(inputSize))
+    {
+        if (inputSize < LZ4_64Klimit)
+            return LZ4_compress_generic(state, source, dest, inputSize, 0, notLimited, byU16,                        noDict, noDictIssue, acceleration);
+        else
+            return LZ4_compress_generic(state, source, dest, inputSize, 0, notLimited, LZ4_64bits() ? byU32 : byPtr, noDict, noDictIssue, acceleration);
+    }
+    else
+    {
+        if (inputSize < LZ4_64Klimit)
+            return LZ4_compress_generic(state, source, dest, inputSize, maxOutputSize, limitedOutput, byU16,                        noDict, noDictIssue, acceleration);
+        else
+            return LZ4_compress_generic(state, source, dest, inputSize, maxOutputSize, limitedOutput, LZ4_64bits() ? byU32 : byPtr, noDict, noDictIssue, acceleration);
+    }
+}
+
+
+int LZ4_compress_fast(const char* source, char* dest, int inputSize, int maxOutputSize, int acceleration)
+{
+#if (HEAPMODE)
+    void* ctxPtr = ALLOCATOR(1, sizeof(LZ4_stream_t));   /* malloc-calloc always properly aligned */
+#else
+    LZ4_stream_t ctx;
+    void* ctxPtr = &ctx;
+#endif
+
+    int result = LZ4_compress_fast_extState(ctxPtr, source, dest, inputSize, maxOutputSize, acceleration);
+
+#if (HEAPMODE)
+    FREEMEM(ctxPtr);
+#endif
+    return result;
+}
+
+
+int LZ4_compress_default(const char* source, char* dest, int inputSize, int maxOutputSize)
+{
+    return LZ4_compress_fast(source, dest, inputSize, maxOutputSize, 1);
+}
+
+
+/* hidden debug function */
+/* strangely enough, gcc generates faster code when this function is uncommented, even if unused */
+int LZ4_compress_fast_force(const char* source, char* dest, int inputSize, int maxOutputSize, int acceleration)
+{
+    LZ4_stream_t ctx;
+
+    LZ4_resetStream(&ctx);
+
+    if (inputSize < LZ4_64Klimit)
+        return LZ4_compress_generic(&ctx, source, dest, inputSize, maxOutputSize, limitedOutput, byU16,                        noDict, noDictIssue, acceleration);
+    else
+        return LZ4_compress_generic(&ctx, source, dest, inputSize, maxOutputSize, limitedOutput, LZ4_64bits() ? byU32 : byPtr, noDict, noDictIssue, acceleration);
+}
+
+
+/********************************
+*  destSize variant
+********************************/
+
+static int LZ4_compress_destSize_generic(
+                       void* const ctx,
+                 const char* const src,
+                       char* const dst,
+                       int*  const srcSizePtr,
+                 const int targetDstSize,
+                 const tableType_t tableType)
+{
+    const BYTE* ip = (const BYTE*) src;
+    const BYTE* base = (const BYTE*) src;
+    const BYTE* lowLimit = (const BYTE*) src;
+    const BYTE* anchor = ip;
+    const BYTE* const iend = ip + *srcSizePtr;
+    const BYTE* const mflimit = iend - MFLIMIT;
+    const BYTE* const matchlimit = iend - LASTLITERALS;
+
+    BYTE* op = (BYTE*) dst;
+    BYTE* const oend = op + targetDstSize;
+    BYTE* const oMaxLit = op + targetDstSize - 2 /* offset */ - 8 /* because 8+MINMATCH==MFLIMIT */ - 1 /* token */;
+    BYTE* const oMaxMatch = op + targetDstSize - (LASTLITERALS + 1 /* token */);
+    BYTE* const oMaxSeq = oMaxLit - 1 /* token */;
+
+    U32 forwardH;
+
+
+    /* Init conditions */
+    if (targetDstSize < 1) return 0;                                     /* Impossible to store anything */
+    if ((U32)*srcSizePtr > (U32)LZ4_MAX_INPUT_SIZE) return 0;            /* Unsupported input size, too large (or negative) */
+    if ((tableType == byU16) && (*srcSizePtr>=LZ4_64Klimit)) return 0;   /* Size too large (not within 64K limit) */
+    if (*srcSizePtr<LZ4_minLength) goto _last_literals;                  /* Input too small, no compression (all literals) */
+
+    /* First Byte */
+    *srcSizePtr = 0;
+    LZ4_putPosition(ip, ctx, tableType, base);
+    ip++; forwardH = LZ4_hashPosition(ip, tableType);
+
+    /* Main Loop */
+    for ( ; ; )
+    {
+        const BYTE* match;
+        BYTE* token;
+        {
+            const BYTE* forwardIp = ip;
+            unsigned step = 1;
+            unsigned searchMatchNb = 1 << LZ4_skipTrigger;
+
+            /* Find a match */
+            do {
+                U32 h = forwardH;
+                ip = forwardIp;
+                forwardIp += step;
+                step = (searchMatchNb++ >> LZ4_skipTrigger);
+
+                if (unlikely(forwardIp > mflimit))
+                    goto _last_literals;
+
+                match = LZ4_getPositionOnHash(h, ctx, tableType, base);
+                forwardH = LZ4_hashPosition(forwardIp, tableType);
+                LZ4_putPositionOnHash(ip, h, ctx, tableType, base);
+
+            } while ( ((tableType==byU16) ? 0 : (match + MAX_DISTANCE < ip))
+                || (LZ4_read32(match) != LZ4_read32(ip)) );
+        }
+
+        /* Catch up */
+        while ((ip>anchor) && (match > lowLimit) && (unlikely(ip[-1]==match[-1]))) { ip--; match--; }
+
+        {
+            /* Encode Literal length */
+            unsigned litLength = (unsigned)(ip - anchor);
+            token = op++;
+            if (op + ((litLength+240)/255) + litLength > oMaxLit)
+            {
+                /* Not enough space for a last match */
+                op--;
+                goto _last_literals;
+            }
+            if (litLength>=RUN_MASK)
+            {
+                unsigned len = litLength - RUN_MASK;
+                *token=(RUN_MASK<<ML_BITS);
+                for(; len >= 255 ; len-=255) *op++ = 255;
+                *op++ = (BYTE)len;
+            }
+            else *token = (BYTE)(litLength<<ML_BITS);
+
+            /* Copy Literals */
+            LZ4_wildCopy(op, anchor, op+litLength);
+            op += litLength;
+        }
+
+_next_match:
+        /* Encode Offset */
+        LZ4_writeLE16(op, (U16)(ip-match)); op+=2;
+
+        /* Encode MatchLength */
+        {
+            size_t matchLength;
+
+            matchLength = LZ4_count(ip+MINMATCH, match+MINMATCH, matchlimit);
+
+            if (op + ((matchLength+240)/255) > oMaxMatch)
+            {
+                /* Match description too long : reduce it */
+                matchLength = (15-1) + (oMaxMatch-op) * 255;
+            }
+            //printf("offset %5i, matchLength%5i \n", (int)(ip-match), matchLength + MINMATCH);
+            ip += MINMATCH + matchLength;
+
+            if (matchLength>=ML_MASK)
+            {
+                *token += ML_MASK;
+                matchLength -= ML_MASK;
+                while (matchLength >= 255) { matchLength-=255; *op++ = 255; }
+                *op++ = (BYTE)matchLength;
+            }
+            else *token += (BYTE)(matchLength);
+        }
+
+        anchor = ip;
+
+        /* Test end of block */
+        if (ip > mflimit) break;
+        if (op > oMaxSeq) break;
+
+        /* Fill table */
+        LZ4_putPosition(ip-2, ctx, tableType, base);
+
+        /* Test next position */
+        match = LZ4_getPosition(ip, ctx, tableType, base);
+        LZ4_putPosition(ip, ctx, tableType, base);
+        if ( (match+MAX_DISTANCE>=ip)
+            && (LZ4_read32(match)==LZ4_read32(ip)) )
+        { token=op++; *token=0; goto _next_match; }
+
+        /* Prepare next loop */
+        forwardH = LZ4_hashPosition(++ip, tableType);
+    }
+
+_last_literals:
+    /* Encode Last Literals */
+    {
+        size_t lastRunSize = (size_t)(iend - anchor);
+        if (op + 1 /* token */ + ((lastRunSize+240)/255) /* litLength */ + lastRunSize /* literals */ > oend)
+        {
+            /* adapt lastRunSize to fill 'dst' */
+            lastRunSize  = (oend-op) - 1;
+            lastRunSize -= (lastRunSize+240)/255;
+        }
+        ip = anchor + lastRunSize;
+
+        if (lastRunSize >= RUN_MASK)
+        {
+            size_t accumulator = lastRunSize - RUN_MASK;
+            *op++ = RUN_MASK << ML_BITS;
+            for(; accumulator >= 255 ; accumulator-=255) *op++ = 255;
+            *op++ = (BYTE) accumulator;
+        }
+        else
+        {
+            *op++ = (BYTE)(lastRunSize<<ML_BITS);
+        }
+        memcpy(op, anchor, lastRunSize);
+        op += lastRunSize;
+    }
+
+    /* End */
+    *srcSizePtr = (int) (((const char*)ip)-src);
+    return (int) (((char*)op)-dst);
+}
+
+
+static int LZ4_compress_destSize_extState (void* state, const char* src, char* dst, int* srcSizePtr, int targetDstSize)
+{
+    LZ4_resetStream((LZ4_stream_t*)state);
+
+    if (targetDstSize >= LZ4_compressBound(*srcSizePtr))   /* compression success is guaranteed */
+    {
+        return LZ4_compress_fast_extState(state, src, dst, *srcSizePtr, targetDstSize, 1);
+    }
+    else
+    {
+        if (*srcSizePtr < LZ4_64Klimit)
+            return LZ4_compress_destSize_generic(state, src, dst, srcSizePtr, targetDstSize, byU16);
+        else
+            return LZ4_compress_destSize_generic(state, src, dst, srcSizePtr, targetDstSize, LZ4_64bits() ? byU32 : byPtr);
+    }
+}
+
+
+int LZ4_compress_destSize(const char* src, char* dst, int* srcSizePtr, int targetDstSize)
+{
+#if (HEAPMODE)
+    void* ctx = ALLOCATOR(1, sizeof(LZ4_stream_t));   /* malloc-calloc always properly aligned */
+#else
+    LZ4_stream_t ctxBody;
+    void* ctx = &ctxBody;
+#endif
+
+    int result = LZ4_compress_destSize_extState(ctx, src, dst, srcSizePtr, targetDstSize);
+
+#if (HEAPMODE)
+    FREEMEM(ctx);
+#endif
+    return result;
+}
+
+
+
+/********************************
+*  Streaming functions
+********************************/
+
+LZ4_stream_t* LZ4_createStream(void)
+{
+    LZ4_stream_t* lz4s = (LZ4_stream_t*)ALLOCATOR(8, LZ4_STREAMSIZE_U64);
+    LZ4_STATIC_ASSERT(LZ4_STREAMSIZE >= sizeof(LZ4_stream_t_internal));    /* A compilation error here means LZ4_STREAMSIZE is not large enough */
+    LZ4_resetStream(lz4s);
+    return lz4s;
+}
+
+void LZ4_resetStream (LZ4_stream_t* LZ4_stream)
+{
+    MEM_INIT(LZ4_stream, 0, sizeof(LZ4_stream_t));
+}
+
+int LZ4_freeStream (LZ4_stream_t* LZ4_stream)
+{
+    FREEMEM(LZ4_stream);
+    return (0);
+}
+
+
+#define HASH_UNIT sizeof(size_t)
+int LZ4_loadDict (LZ4_stream_t* LZ4_dict, const char* dictionary, int dictSize)
+{
+    LZ4_stream_t_internal* dict = (LZ4_stream_t_internal*) LZ4_dict;
+    const BYTE* p = (const BYTE*)dictionary;
+    const BYTE* const dictEnd = p + dictSize;
+    const BYTE* base;
+
+    if ((dict->initCheck) || (dict->currentOffset > 1 GB))  /* Uninitialized structure, or reuse overflow */
+        LZ4_resetStream(LZ4_dict);
+
+    if (dictSize < (int)HASH_UNIT)
+    {
+        dict->dictionary = NULL;
+        dict->dictSize = 0;
+        return 0;
+    }
+
+    if ((dictEnd - p) > 64 KB) p = dictEnd - 64 KB;
+    dict->currentOffset += 64 KB;
+    base = p - dict->currentOffset;
+    dict->dictionary = p;
+    dict->dictSize = (U32)(dictEnd - p);
+    dict->currentOffset += dict->dictSize;
+
+    while (p <= dictEnd-HASH_UNIT)
+    {
+        LZ4_putPosition(p, dict->hashTable, byU32, base);
+        p+=3;
+    }
+
+    return dict->dictSize;
+}
+
+
+static void LZ4_renormDictT(LZ4_stream_t_internal* LZ4_dict, const BYTE* src)
+{
+    if ((LZ4_dict->currentOffset > 0x80000000) ||
+        ((size_t)LZ4_dict->currentOffset > (size_t)src))   /* address space overflow */
+    {
+        /* rescale hash table */
+        U32 delta = LZ4_dict->currentOffset - 64 KB;
+        const BYTE* dictEnd = LZ4_dict->dictionary + LZ4_dict->dictSize;
+        int i;
+        for (i=0; i<HASH_SIZE_U32; i++)
+        {
+            if (LZ4_dict->hashTable[i] < delta) LZ4_dict->hashTable[i]=0;
+            else LZ4_dict->hashTable[i] -= delta;
+        }
+        LZ4_dict->currentOffset = 64 KB;
+        if (LZ4_dict->dictSize > 64 KB) LZ4_dict->dictSize = 64 KB;
+        LZ4_dict->dictionary = dictEnd - LZ4_dict->dictSize;
+    }
+}
+
+
+int LZ4_compress_fast_continue (LZ4_stream_t* LZ4_stream, const char* source, char* dest, int inputSize, int maxOutputSize, int acceleration)
+{
+    LZ4_stream_t_internal* streamPtr = (LZ4_stream_t_internal*)LZ4_stream;
+    const BYTE* const dictEnd = streamPtr->dictionary + streamPtr->dictSize;
+
+    const BYTE* smallest = (const BYTE*) source;
+    if (streamPtr->initCheck) return 0;   /* Uninitialized structure detected */
+    if ((streamPtr->dictSize>0) && (smallest>dictEnd)) smallest = dictEnd;
+    LZ4_renormDictT(streamPtr, smallest);
+    if (acceleration < 1) acceleration = ACCELERATION_DEFAULT;
+
+    /* Check overlapping input/dictionary space */
+    {
+        const BYTE* sourceEnd = (const BYTE*) source + inputSize;
+        if ((sourceEnd > streamPtr->dictionary) && (sourceEnd < dictEnd))
+        {
+            streamPtr->dictSize = (U32)(dictEnd - sourceEnd);
+            if (streamPtr->dictSize > 64 KB) streamPtr->dictSize = 64 KB;
+            if (streamPtr->dictSize < 4) streamPtr->dictSize = 0;
+            streamPtr->dictionary = dictEnd - streamPtr->dictSize;
+        }
+    }
+
+    /* prefix mode : source data follows dictionary */
+    if (dictEnd == (const BYTE*)source)
+    {
+        int result;
+        if ((streamPtr->dictSize < 64 KB) && (streamPtr->dictSize < streamPtr->currentOffset))
+            result = LZ4_compress_generic(LZ4_stream, source, dest, inputSize, maxOutputSize, limitedOutput, byU32, withPrefix64k, dictSmall, acceleration);
+        else
+            result = LZ4_compress_generic(LZ4_stream, source, dest, inputSize, maxOutputSize, limitedOutput, byU32, withPrefix64k, noDictIssue, acceleration);
+        streamPtr->dictSize += (U32)inputSize;
+        streamPtr->currentOffset += (U32)inputSize;
+        return result;
+    }
+
+    /* external dictionary mode */
+    {
+        int result;
+        if ((streamPtr->dictSize < 64 KB) && (streamPtr->dictSize < streamPtr->currentOffset))
+            result = LZ4_compress_generic(LZ4_stream, source, dest, inputSize, maxOutputSize, limitedOutput, byU32, usingExtDict, dictSmall, acceleration);
+        else
+            result = LZ4_compress_generic(LZ4_stream, source, dest, inputSize, maxOutputSize, limitedOutput, byU32, usingExtDict, noDictIssue, acceleration);
+        streamPtr->dictionary = (const BYTE*)source;
+        streamPtr->dictSize = (U32)inputSize;
+        streamPtr->currentOffset += (U32)inputSize;
+        return result;
+    }
+}
+
+
+/* Hidden debug function, to force external dictionary mode */
+int LZ4_compress_forceExtDict (LZ4_stream_t* LZ4_dict, const char* source, char* dest, int inputSize)
+{
+    LZ4_stream_t_internal* streamPtr = (LZ4_stream_t_internal*)LZ4_dict;
+    int result;
+    const BYTE* const dictEnd = streamPtr->dictionary + streamPtr->dictSize;
+
+    const BYTE* smallest = dictEnd;
+    if (smallest > (const BYTE*) source) smallest = (const BYTE*) source;
+    LZ4_renormDictT((LZ4_stream_t_internal*)LZ4_dict, smallest);
+
+    result = LZ4_compress_generic(LZ4_dict, source, dest, inputSize, 0, notLimited, byU32, usingExtDict, noDictIssue, 1);
+
+    streamPtr->dictionary = (const BYTE*)source;
+    streamPtr->dictSize = (U32)inputSize;
+    streamPtr->currentOffset += (U32)inputSize;
+
+    return result;
+}
+
+
+int LZ4_saveDict (LZ4_stream_t* LZ4_dict, char* safeBuffer, int dictSize)
+{
+    LZ4_stream_t_internal* dict = (LZ4_stream_t_internal*) LZ4_dict;
+    const BYTE* previousDictEnd = dict->dictionary + dict->dictSize;
+
+    if ((U32)dictSize > 64 KB) dictSize = 64 KB;   /* useless to define a dictionary > 64 KB */
+    if ((U32)dictSize > dict->dictSize) dictSize = dict->dictSize;
+
+    memmove(safeBuffer, previousDictEnd - dictSize, dictSize);
+
+    dict->dictionary = (const BYTE*)safeBuffer;
+    dict->dictSize = (U32)dictSize;
+
+    return dictSize;
+}
+
+
+
+/*******************************
+*  Decompression functions
+*******************************/
+/*
+ * This generic decompression function cover all use cases.
+ * It shall be instantiated several times, using different sets of directives
+ * Note that it is essential this generic function is really inlined,
+ * in order to remove useless branches during compilation optimization.
+ */
+FORCE_INLINE int LZ4_decompress_generic(
+                 const char* const source,
+                 char* const dest,
+                 int inputSize,
+                 int outputSize,         /* If endOnInput==endOnInputSize, this value is the max size of Output Buffer. */
+
+                 int endOnInput,         /* endOnOutputSize, endOnInputSize */
+                 int partialDecoding,    /* full, partial */
+                 int targetOutputSize,   /* only used if partialDecoding==partial */
+                 int dict,               /* noDict, withPrefix64k, usingExtDict */
+                 const BYTE* const lowPrefix,  /* == dest if dict == noDict */
+                 const BYTE* const dictStart,  /* only if dict==usingExtDict */
+                 const size_t dictSize         /* note : = 0 if noDict */
+                 )
+{
+    /* Local Variables */
+    const BYTE* ip = (const BYTE*) source;
+    const BYTE* const iend = ip + inputSize;
+
+    BYTE* op = (BYTE*) dest;
+    BYTE* const oend = op + outputSize;
+    BYTE* cpy;
+    BYTE* oexit = op + targetOutputSize;
+    const BYTE* const lowLimit = lowPrefix - dictSize;
+
+    const BYTE* const dictEnd = (const BYTE*)dictStart + dictSize;
+    const size_t dec32table[] = {4, 1, 2, 1, 4, 4, 4, 4};
+    const size_t dec64table[] = {0, 0, 0, (size_t)-1, 0, 1, 2, 3};
+
+    const int safeDecode = (endOnInput==endOnInputSize);
+    const int checkOffset = ((safeDecode) && (dictSize < (int)(64 KB)));
+
+
+    /* Special cases */
+    if ((partialDecoding) && (oexit> oend-MFLIMIT)) oexit = oend-MFLIMIT;                         /* targetOutputSize too high => decode everything */
+    if ((endOnInput) && (unlikely(outputSize==0))) return ((inputSize==1) && (*ip==0)) ? 0 : -1;  /* Empty output buffer */
+    if ((!endOnInput) && (unlikely(outputSize==0))) return (*ip==0?1:-1);
+
+
+    /* Main Loop */
+    while (1)
+    {
+        unsigned token;
+        size_t length;
+        const BYTE* match;
+
+        /* get literal length */
+        token = *ip++;
+        if ((length=(token>>ML_BITS)) == RUN_MASK)
+        {
+            unsigned s;
+            do
+            {
+                s = *ip++;
+                length += s;
+            }
+            while (likely((endOnInput)?ip<iend-RUN_MASK:1) && (s==255));
+            if ((safeDecode) && unlikely((size_t)(op+length)<(size_t)(op))) goto _output_error;   /* overflow detection */
+            if ((safeDecode) && unlikely((size_t)(ip+length)<(size_t)(ip))) goto _output_error;   /* overflow detection */
+        }
+
+        /* copy literals */
+        cpy = op+length;
+        if (((endOnInput) && ((cpy>(partialDecoding?oexit:oend-MFLIMIT)) || (ip+length>iend-(2+1+LASTLITERALS))) )
+            || ((!endOnInput) && (cpy>oend-COPYLENGTH)))
+        {
+            if (partialDecoding)
+            {
+                if (cpy > oend) goto _output_error;                           /* Error : write attempt beyond end of output buffer */
+                if ((endOnInput) && (ip+length > iend)) goto _output_error;   /* Error : read attempt beyond end of input buffer */
+            }
+            else
+            {
+                if ((!endOnInput) && (cpy != oend)) goto _output_error;       /* Error : block decoding must stop exactly there */
+                if ((endOnInput) && ((ip+length != iend) || (cpy > oend))) goto _output_error;   /* Error : input must be consumed */
+            }
+            memcpy(op, ip, length);
+            ip += length;
+            op += length;
+            break;     /* Necessarily EOF, due to parsing restrictions */
+        }
+        LZ4_wildCopy(op, ip, cpy);
+        ip += length; op = cpy;
+
+        /* get offset */
+        match = cpy - LZ4_readLE16(ip); ip+=2;
+        if ((checkOffset) && (unlikely(match < lowLimit))) goto _output_error;   /* Error : offset outside destination buffer */
+
+        /* get matchlength */
+        length = token & ML_MASK;
+        if (length == ML_MASK)
+        {
+            unsigned s;
+            do
+            {
+                if ((endOnInput) && (ip > iend-LASTLITERALS)) goto _output_error;
+                s = *ip++;
+                length += s;
+            } while (s==255);
+            if ((safeDecode) && unlikely((size_t)(op+length)<(size_t)op)) goto _output_error;   /* overflow detection */
+        }
+        length += MINMATCH;
+
+        /* check external dictionary */
+        if ((dict==usingExtDict) && (match < lowPrefix))
+        {
+            if (unlikely(op+length > oend-LASTLITERALS)) goto _output_error;   /* doesn't respect parsing restriction */
+
+            if (length <= (size_t)(lowPrefix-match))
+            {
+                /* match can be copied as a single segment from external dictionary */
+                match = dictEnd - (lowPrefix-match);
+                memmove(op, match, length); op += length;
+            }
+            else
+            {
+                /* match encompass external dictionary and current segment */
+                size_t copySize = (size_t)(lowPrefix-match);
+                memcpy(op, dictEnd - copySize, copySize);
+                op += copySize;
+                copySize = length - copySize;
+                if (copySize > (size_t)(op-lowPrefix))   /* overlap within current segment */
+                {
+                    BYTE* const endOfMatch = op + copySize;
+                    const BYTE* copyFrom = lowPrefix;
+                    while (op < endOfMatch) *op++ = *copyFrom++;
+                }
+                else
+                {
+                    memcpy(op, lowPrefix, copySize);
+                    op += copySize;
+                }
+            }
+            continue;
+        }
+
+        /* copy repeated sequence */
+        cpy = op + length;
+        if (unlikely((op-match)<8))
+        {
+            const size_t dec64 = dec64table[op-match];
+            op[0] = match[0];
+            op[1] = match[1];
+            op[2] = match[2];
+            op[3] = match[3];
+            match += dec32table[op-match];
+            LZ4_copy4(op+4, match);
+            op += 8; match -= dec64;
+        } else { LZ4_copy8(op, match); op+=8; match+=8; }
+
+        if (unlikely(cpy>oend-12))
+        {
+            if (cpy > oend-LASTLITERALS) goto _output_error;    /* Error : last LASTLITERALS bytes must be literals */
+            if (op < oend-8)
+            {
+                LZ4_wildCopy(op, match, oend-8);
+                match += (oend-8) - op;
+                op = oend-8;
+            }
+            while (op<cpy) *op++ = *match++;
+        }
+        else
+            LZ4_wildCopy(op, match, cpy);
+        op=cpy;   /* correction */
+    }
+
+    /* end of decoding */
+    if (endOnInput)
+       return (int) (((char*)op)-dest);     /* Nb of output bytes decoded */
+    else
+       return (int) (((const char*)ip)-source);   /* Nb of input bytes read */
+
+    /* Overflow error detected */
+_output_error:
+    return (int) (-(((const char*)ip)-source))-1;
+}
+
+
+int LZ4_decompress_safe(const char* source, char* dest, int compressedSize, int maxDecompressedSize)
+{
+    return LZ4_decompress_generic(source, dest, compressedSize, maxDecompressedSize, endOnInputSize, full, 0, noDict, (BYTE*)dest, NULL, 0);
+}
+
+int LZ4_decompress_safe_partial(const char* source, char* dest, int compressedSize, int targetOutputSize, int maxDecompressedSize)
+{
+    return LZ4_decompress_generic(source, dest, compressedSize, maxDecompressedSize, endOnInputSize, partial, targetOutputSize, noDict, (BYTE*)dest, NULL, 0);
+}
+
+int LZ4_decompress_fast(const char* source, char* dest, int originalSize)
+{
+    return LZ4_decompress_generic(source, dest, 0, originalSize, endOnOutputSize, full, 0, withPrefix64k, (BYTE*)(dest - 64 KB), NULL, 64 KB);
+}
+
+
+/* streaming decompression functions */
+
+typedef struct
+{
+    const BYTE* externalDict;
+    size_t extDictSize;
+    const BYTE* prefixEnd;
+    size_t prefixSize;
+} LZ4_streamDecode_t_internal;
+
+/*
+ * If you prefer dynamic allocation methods,
+ * LZ4_createStreamDecode()
+ * provides a pointer (void*) towards an initialized LZ4_streamDecode_t structure.
+ */
+LZ4_streamDecode_t* LZ4_createStreamDecode(void)
+{
+    LZ4_streamDecode_t* lz4s = (LZ4_streamDecode_t*) ALLOCATOR(1, sizeof(LZ4_streamDecode_t));
+    return lz4s;
+}
+
+int LZ4_freeStreamDecode (LZ4_streamDecode_t* LZ4_stream)
+{
+    FREEMEM(LZ4_stream);
+    return 0;
+}
+
+/*
+ * LZ4_setStreamDecode
+ * Use this function to instruct where to find the dictionary
+ * This function is not necessary if previous data is still available where it was decoded.
+ * Loading a size of 0 is allowed (same effect as no dictionary).
+ * Return : 1 if OK, 0 if error
+ */
+int LZ4_setStreamDecode (LZ4_streamDecode_t* LZ4_streamDecode, const char* dictionary, int dictSize)
+{
+    LZ4_streamDecode_t_internal* lz4sd = (LZ4_streamDecode_t_internal*) LZ4_streamDecode;
+    lz4sd->prefixSize = (size_t) dictSize;
+    lz4sd->prefixEnd = (const BYTE*) dictionary + dictSize;
+    lz4sd->externalDict = NULL;
+    lz4sd->extDictSize  = 0;
+    return 1;
+}
+
+/*
+*_continue() :
+    These decoding functions allow decompression of multiple blocks in "streaming" mode.
+    Previously decoded blocks must still be available at the memory position where they were decoded.
+    If it's not possible, save the relevant part of decoded data into a safe buffer,
+    and indicate where it stands using LZ4_setStreamDecode()
+*/
+int LZ4_decompress_safe_continue (LZ4_streamDecode_t* LZ4_streamDecode, const char* source, char* dest, int compressedSize, int maxOutputSize)
+{
+    LZ4_streamDecode_t_internal* lz4sd = (LZ4_streamDecode_t_internal*) LZ4_streamDecode;
+    int result;
+
+    if (lz4sd->prefixEnd == (BYTE*)dest)
+    {
+        result = LZ4_decompress_generic(source, dest, compressedSize, maxOutputSize,
+                                        endOnInputSize, full, 0,
+                                        usingExtDict, lz4sd->prefixEnd - lz4sd->prefixSize, lz4sd->externalDict, lz4sd->extDictSize);
+        if (result <= 0) return result;
+        lz4sd->prefixSize += result;
+        lz4sd->prefixEnd  += result;
+    }
+    else
+    {
+        lz4sd->extDictSize = lz4sd->prefixSize;
+        lz4sd->externalDict = lz4sd->prefixEnd - lz4sd->extDictSize;
+        result = LZ4_decompress_generic(source, dest, compressedSize, maxOutputSize,
+                                        endOnInputSize, full, 0,
+                                        usingExtDict, (BYTE*)dest, lz4sd->externalDict, lz4sd->extDictSize);
+        if (result <= 0) return result;
+        lz4sd->prefixSize = result;
+        lz4sd->prefixEnd  = (BYTE*)dest + result;
+    }
+
+    return result;
+}
+
+int LZ4_decompress_fast_continue (LZ4_streamDecode_t* LZ4_streamDecode, const char* source, char* dest, int originalSize)
+{
+    LZ4_streamDecode_t_internal* lz4sd = (LZ4_streamDecode_t_internal*) LZ4_streamDecode;
+    int result;
+
+    if (lz4sd->prefixEnd == (BYTE*)dest)
+    {
+        result = LZ4_decompress_generic(source, dest, 0, originalSize,
+                                        endOnOutputSize, full, 0,
+                                        usingExtDict, lz4sd->prefixEnd - lz4sd->prefixSize, lz4sd->externalDict, lz4sd->extDictSize);
+        if (result <= 0) return result;
+        lz4sd->prefixSize += originalSize;
+        lz4sd->prefixEnd  += originalSize;
+    }
+    else
+    {
+        lz4sd->extDictSize = lz4sd->prefixSize;
+        lz4sd->externalDict = (BYTE*)dest - lz4sd->extDictSize;
+        result = LZ4_decompress_generic(source, dest, 0, originalSize,
+                                        endOnOutputSize, full, 0,
+                                        usingExtDict, (BYTE*)dest, lz4sd->externalDict, lz4sd->extDictSize);
+        if (result <= 0) return result;
+        lz4sd->prefixSize = originalSize;
+        lz4sd->prefixEnd  = (BYTE*)dest + originalSize;
+    }
+
+    return result;
+}
+
+
+/*
+Advanced decoding functions :
+*_usingDict() :
+    These decoding functions work the same as "_continue" ones,
+    the dictionary must be explicitly provided within parameters
+*/
+
+FORCE_INLINE int LZ4_decompress_usingDict_generic(const char* source, char* dest, int compressedSize, int maxOutputSize, int safe, const char* dictStart, int dictSize)
+{
+    if (dictSize==0)
+        return LZ4_decompress_generic(source, dest, compressedSize, maxOutputSize, safe, full, 0, noDict, (BYTE*)dest, NULL, 0);
+    if (dictStart+dictSize == dest)
+    {
+        if (dictSize >= (int)(64 KB - 1))
+            return LZ4_decompress_generic(source, dest, compressedSize, maxOutputSize, safe, full, 0, withPrefix64k, (BYTE*)dest-64 KB, NULL, 0);
+        return LZ4_decompress_generic(source, dest, compressedSize, maxOutputSize, safe, full, 0, noDict, (BYTE*)dest-dictSize, NULL, 0);
+    }
+    return LZ4_decompress_generic(source, dest, compressedSize, maxOutputSize, safe, full, 0, usingExtDict, (BYTE*)dest, (const BYTE*)dictStart, dictSize);
+}
+
+int LZ4_decompress_safe_usingDict(const char* source, char* dest, int compressedSize, int maxOutputSize, const char* dictStart, int dictSize)
+{
+    return LZ4_decompress_usingDict_generic(source, dest, compressedSize, maxOutputSize, 1, dictStart, dictSize);
+}
+
+int LZ4_decompress_fast_usingDict(const char* source, char* dest, int originalSize, const char* dictStart, int dictSize)
+{
+    return LZ4_decompress_usingDict_generic(source, dest, 0, originalSize, 0, dictStart, dictSize);
+}
+
+/* debug function */
+int LZ4_decompress_safe_forceExtDict(const char* source, char* dest, int compressedSize, int maxOutputSize, const char* dictStart, int dictSize)
+{
+    return LZ4_decompress_generic(source, dest, compressedSize, maxOutputSize, endOnInputSize, full, 0, usingExtDict, (BYTE*)dest, (const BYTE*)dictStart, dictSize);
+}
+
+
+/***************************************************
+*  Obsolete Functions
+***************************************************/
+/* obsolete compression functions */
+int LZ4_compress_limitedOutput(const char* source, char* dest, int inputSize, int maxOutputSize) { return LZ4_compress_default(source, dest, inputSize, maxOutputSize); }
+int LZ4_compress(const char* source, char* dest, int inputSize) { return LZ4_compress_default(source, dest, inputSize, LZ4_compressBound(inputSize)); }
+int LZ4_compress_limitedOutput_withState (void* state, const char* src, char* dst, int srcSize, int dstSize) { return LZ4_compress_fast_extState(state, src, dst, srcSize, dstSize, 1); }
+int LZ4_compress_withState (void* state, const char* src, char* dst, int srcSize) { return LZ4_compress_fast_extState(state, src, dst, srcSize, LZ4_compressBound(srcSize), 1); }
+int LZ4_compress_limitedOutput_continue (LZ4_stream_t* LZ4_stream, const char* src, char* dst, int srcSize, int maxDstSize) { return LZ4_compress_fast_continue(LZ4_stream, src, dst, srcSize, maxDstSize, 1); }
+int LZ4_compress_continue (LZ4_stream_t* LZ4_stream, const char* source, char* dest, int inputSize) { return LZ4_compress_fast_continue(LZ4_stream, source, dest, inputSize, LZ4_compressBound(inputSize), 1); }
+
+/*
+These function names are deprecated and should no longer be used.
+They are only provided here for compatibility with older user programs.
+- LZ4_uncompress is totally equivalent to LZ4_decompress_fast
+- LZ4_uncompress_unknownOutputSize is totally equivalent to LZ4_decompress_safe
+*/
+int LZ4_uncompress (const char* source, char* dest, int outputSize) { return LZ4_decompress_fast(source, dest, outputSize); }
+int LZ4_uncompress_unknownOutputSize (const char* source, char* dest, int isize, int maxOutputSize) { return LZ4_decompress_safe(source, dest, isize, maxOutputSize); }
+
+
+/* Obsolete Streaming functions */
+
+int LZ4_sizeofStreamState() { return LZ4_STREAMSIZE; }
+
+static void LZ4_init(LZ4_stream_t_internal* lz4ds, BYTE* base)
+{
+    MEM_INIT(lz4ds, 0, LZ4_STREAMSIZE);
+    lz4ds->bufferStart = base;
+}
+
+int LZ4_resetStreamState(void* state, char* inputBuffer)
+{
+    if ((((size_t)state) & 3) != 0) return 1;   /* Error : pointer is not aligned on 4-bytes boundary */
+    LZ4_init((LZ4_stream_t_internal*)state, (BYTE*)inputBuffer);
+    return 0;
+}
+
+void* LZ4_create (char* inputBuffer)
+{
+    void* lz4ds = ALLOCATOR(8, LZ4_STREAMSIZE_U64);
+    LZ4_init ((LZ4_stream_t_internal*)lz4ds, (BYTE*)inputBuffer);
+    return lz4ds;
+}
+
+char* LZ4_slideInputBuffer (void* LZ4_Data)
+{
+    LZ4_stream_t_internal* ctx = (LZ4_stream_t_internal*)LZ4_Data;
+    int dictSize = LZ4_saveDict((LZ4_stream_t*)LZ4_Data, (char*)ctx->bufferStart, 64 KB);
+    return (char*)(ctx->bufferStart + dictSize);
+}
+
+/* Obsolete streaming decompression functions */
+
+int LZ4_decompress_safe_withPrefix64k(const char* source, char* dest, int compressedSize, int maxOutputSize)
+{
+    return LZ4_decompress_generic(source, dest, compressedSize, maxOutputSize, endOnInputSize, full, 0, withPrefix64k, (BYTE*)dest - 64 KB, NULL, 64 KB);
+}
+
+int LZ4_decompress_fast_withPrefix64k(const char* source, char* dest, int originalSize)
+{
+    return LZ4_decompress_generic(source, dest, 0, originalSize, endOnOutputSize, full, 0, withPrefix64k, (BYTE*)dest - 64 KB, NULL, 64 KB);
+}
+
+#endif   /* LZ4_COMMONDEFS_ONLY */
+
diff --git a/ext/lz4/lz4.h b/ext/lz4/lz4.h
new file mode 100644
index 0000000..3e74002
--- /dev/null
+++ b/ext/lz4/lz4.h
@@ -0,0 +1,360 @@
+/*
+   LZ4 - Fast LZ compression algorithm
+   Header File
+   Copyright (C) 2011-2015, Yann Collet.
+
+   BSD 2-Clause License (http://www.opensource.org/licenses/bsd-license.php)
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions are
+   met:
+
+       * Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+       * Redistributions in binary form must reproduce the above
+   copyright notice, this list of conditions and the following disclaimer
+   in the documentation and/or other materials provided with the
+   distribution.
+
+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+   You can contact the author at :
+   - LZ4 source repository : https://github.com/Cyan4973/lz4
+   - LZ4 public forum : https://groups.google.com/forum/#!forum/lz4c
+*/
+#pragma once
+
+#if defined (__cplusplus)
+extern "C" {
+#endif
+
+/*
+ * lz4.h provides block compression functions, and gives full buffer control to programmer.
+ * If you need to generate inter-operable compressed data (respecting LZ4 frame specification),
+ * and can let the library handle its own memory, please use lz4frame.h instead.
+*/
+
+/**************************************
+*  Version
+**************************************/
+#define LZ4_VERSION_MAJOR    1    /* for breaking interface changes  */
+#define LZ4_VERSION_MINOR    7    /* for new (non-breaking) interface capabilities */
+#define LZ4_VERSION_RELEASE  1    /* for tweaks, bug-fixes, or development */
+#define LZ4_VERSION_NUMBER (LZ4_VERSION_MAJOR *100*100 + LZ4_VERSION_MINOR *100 + LZ4_VERSION_RELEASE)
+int LZ4_versionNumber (void);
+
+/**************************************
+*  Tuning parameter
+**************************************/
+/*
+ * LZ4_MEMORY_USAGE :
+ * Memory usage formula : N->2^N Bytes (examples : 10 -> 1KB; 12 -> 4KB ; 16 -> 64KB; 20 -> 1MB; etc.)
+ * Increasing memory usage improves compression ratio
+ * Reduced memory usage can improve speed, due to cache effect
+ * Default value is 14, for 16KB, which nicely fits into Intel x86 L1 cache
+ */
+#define LZ4_MEMORY_USAGE 14
+
+
+/**************************************
+*  Simple Functions
+**************************************/
+
+int LZ4_compress_default(const char* source, char* dest, int sourceSize, int maxDestSize);
+int LZ4_decompress_safe (const char* source, char* dest, int compressedSize, int maxDecompressedSize);
+
+/*
+LZ4_compress_default() :
+    Compresses 'sourceSize' bytes from buffer 'source'
+    into already allocated 'dest' buffer of size 'maxDestSize'.
+    Compression is guaranteed to succeed if 'maxDestSize' >= LZ4_compressBound(sourceSize).
+    It also runs faster, so it's a recommended setting.
+    If the function cannot compress 'source' into a more limited 'dest' budget,
+    compression stops *immediately*, and the function result is zero.
+    As a consequence, 'dest' content is not valid.
+    This function never writes outside 'dest' buffer, nor read outside 'source' buffer.
+        sourceSize  : Max supported value is LZ4_MAX_INPUT_VALUE
+        maxDestSize : full or partial size of buffer 'dest' (which must be already allocated)
+        return : the number of bytes written into buffer 'dest' (necessarily <= maxOutputSize)
+              or 0 if compression fails
+
+LZ4_decompress_safe() :
+    compressedSize : is the precise full size of the compressed block.
+    maxDecompressedSize : is the size of destination buffer, which must be already allocated.
+    return : the number of bytes decompressed into destination buffer (necessarily <= maxDecompressedSize)
+             If destination buffer is not large enough, decoding will stop and output an error code (<0).
+             If the source stream is detected malformed, the function will stop decoding and return a negative result.
+             This function is protected against buffer overflow exploits, including malicious data packets.
+             It never writes outside output buffer, nor reads outside input buffer.
+*/
+
+
+/**************************************
+*  Advanced Functions
+**************************************/
+#define LZ4_MAX_INPUT_SIZE        0x7E000000   /* 2 113 929 216 bytes */
+#define LZ4_COMPRESSBOUND(isize)  ((unsigned)(isize) > (unsigned)LZ4_MAX_INPUT_SIZE ? 0 : (isize) + ((isize)/255) + 16)
+
+/*
+LZ4_compressBound() :
+    Provides the maximum size that LZ4 compression may output in a "worst case" scenario (input data not compressible)
+    This function is primarily useful for memory allocation purposes (destination buffer size).
+    Macro LZ4_COMPRESSBOUND() is also provided for compilation-time evaluation (stack memory allocation for example).
+    Note that LZ4_compress_default() compress faster when dest buffer size is >= LZ4_compressBound(srcSize)
+        inputSize  : max supported value is LZ4_MAX_INPUT_SIZE
+        return : maximum output size in a "worst case" scenario
+              or 0, if input size is too large ( > LZ4_MAX_INPUT_SIZE)
+*/
+int LZ4_compressBound(int inputSize);
+
+/*
+LZ4_compress_fast() :
+    Same as LZ4_compress_default(), but allows to select an "acceleration" factor.
+    The larger the acceleration value, the faster the algorithm, but also the lesser the compression.
+    It's a trade-off. It can be fine tuned, with each successive value providing roughly +~3% to speed.
+    An acceleration value of "1" is the same as regular LZ4_compress_default()
+    Values <= 0 will be replaced by ACCELERATION_DEFAULT (see lz4.c), which is 1.
+*/
+int LZ4_compress_fast (const char* source, char* dest, int sourceSize, int maxDestSize, int acceleration);
+
+
+/*
+LZ4_compress_fast_extState() :
+    Same compression function, just using an externally allocated memory space to store compression state.
+    Use LZ4_sizeofState() to know how much memory must be allocated,
+    and allocate it on 8-bytes boundaries (using malloc() typically).
+    Then, provide it as 'void* state' to compression function.
+*/
+int LZ4_sizeofState(void);
+int LZ4_compress_fast_extState (void* state, const char* source, char* dest, int inputSize, int maxDestSize, int acceleration);
+
+
+/*
+LZ4_compress_destSize() :
+    Reverse the logic, by compressing as much data as possible from 'source' buffer
+    into already allocated buffer 'dest' of size 'targetDestSize'.
+    This function either compresses the entire 'source' content into 'dest' if it's large enough,
+    or fill 'dest' buffer completely with as much data as possible from 'source'.
+        *sourceSizePtr : will be modified to indicate how many bytes where read from 'source' to fill 'dest'.
+                         New value is necessarily <= old value.
+        return : Nb bytes written into 'dest' (necessarily <= targetDestSize)
+              or 0 if compression fails
+*/
+int LZ4_compress_destSize (const char* source, char* dest, int* sourceSizePtr, int targetDestSize);
+
+
+/*
+LZ4_decompress_fast() :
+    originalSize : is the original and therefore uncompressed size
+    return : the number of bytes read from the source buffer (in other words, the compressed size)
+             If the source stream is detected malformed, the function will stop decoding and return a negative result.
+             Destination buffer must be already allocated. Its size must be a minimum of 'originalSize' bytes.
+    note : This function fully respect memory boundaries for properly formed compressed data.
+           It is a bit faster than LZ4_decompress_safe().
+           However, it does not provide any protection against intentionally modified data stream (malicious input).
+           Use this function in trusted environment only (data to decode comes from a trusted source).
+*/
+int LZ4_decompress_fast (const char* source, char* dest, int originalSize);
+
+/*
+LZ4_decompress_safe_partial() :
+    This function decompress a compressed block of size 'compressedSize' at position 'source'
+    into destination buffer 'dest' of size 'maxDecompressedSize'.
+    The function tries to stop decompressing operation as soon as 'targetOutputSize' has been reached,
+    reducing decompression time.
+    return : the number of bytes decoded in the destination buffer (necessarily <= maxDecompressedSize)
+       Note : this number can be < 'targetOutputSize' should the compressed block to decode be smaller.
+             Always control how many bytes were decoded.
+             If the source stream is detected malformed, the function will stop decoding and return a negative result.
+             This function never writes outside of output buffer, and never reads outside of input buffer. It is therefore protected against malicious data packets
+*/
+int LZ4_decompress_safe_partial (const char* source, char* dest, int compressedSize, int targetOutputSize, int maxDecompressedSize);
+
+
+/***********************************************
+*  Streaming Compression Functions
+***********************************************/
+#define LZ4_STREAMSIZE_U64 ((1 << (LZ4_MEMORY_USAGE-3)) + 4)
+#define LZ4_STREAMSIZE     (LZ4_STREAMSIZE_U64 * sizeof(long long))
+/*
+ * LZ4_stream_t
+ * information structure to track an LZ4 stream.
+ * important : init this structure content before first use !
+ * note : only allocated directly the structure if you are statically linking LZ4
+ *        If you are using liblz4 as a DLL, please use below construction methods instead.
+ */
+typedef struct { long long table[LZ4_STREAMSIZE_U64]; } LZ4_stream_t;
+
+/*
+ * LZ4_resetStream
+ * Use this function to init an allocated LZ4_stream_t structure
+ */
+void LZ4_resetStream (LZ4_stream_t* streamPtr);
+
+/*
+ * LZ4_createStream will allocate and initialize an LZ4_stream_t structure
+ * LZ4_freeStream releases its memory.
+ * In the context of a DLL (liblz4), please use these methods rather than the static struct.
+ * They are more future proof, in case of a change of LZ4_stream_t size.
+ */
+LZ4_stream_t* LZ4_createStream(void);
+int           LZ4_freeStream (LZ4_stream_t* streamPtr);
+
+/*
+ * LZ4_loadDict
+ * Use this function to load a static dictionary into LZ4_stream.
+ * Any previous data will be forgotten, only 'dictionary' will remain in memory.
+ * Loading a size of 0 is allowed.
+ * Return : dictionary size, in bytes (necessarily <= 64 KB)
+ */
+int LZ4_loadDict (LZ4_stream_t* streamPtr, const char* dictionary, int dictSize);
+
+/*
+ * LZ4_compress_fast_continue
+ * Compress buffer content 'src', using data from previously compressed blocks as dictionary to improve compression ratio.
+ * Important : Previous data blocks are assumed to still be present and unmodified !
+ * 'dst' buffer must be already allocated.
+ * If maxDstSize >= LZ4_compressBound(srcSize), compression is guaranteed to succeed, and runs faster.
+ * If not, and if compressed data cannot fit into 'dst' buffer size, compression stops, and function returns a zero.
+ */
+int LZ4_compress_fast_continue (LZ4_stream_t* streamPtr, const char* src, char* dst, int srcSize, int maxDstSize, int acceleration);
+
+/*
+ * LZ4_saveDict
+ * If previously compressed data block is not guaranteed to remain available at its memory location
+ * save it into a safer place (char* safeBuffer)
+ * Note : you don't need to call LZ4_loadDict() afterwards,
+ *        dictionary is immediately usable, you can therefore call LZ4_compress_fast_continue()
+ * Return : saved dictionary size in bytes (necessarily <= dictSize), or 0 if error
+ */
+int LZ4_saveDict (LZ4_stream_t* streamPtr, char* safeBuffer, int dictSize);
+
+
+/************************************************
+*  Streaming Decompression Functions
+************************************************/
+
+#define LZ4_STREAMDECODESIZE_U64  4
+#define LZ4_STREAMDECODESIZE     (LZ4_STREAMDECODESIZE_U64 * sizeof(unsigned long long))
+typedef struct { unsigned long long table[LZ4_STREAMDECODESIZE_U64]; } LZ4_streamDecode_t;
+/*
+ * LZ4_streamDecode_t
+ * information structure to track an LZ4 stream.
+ * init this structure content using LZ4_setStreamDecode or memset() before first use !
+ *
+ * In the context of a DLL (liblz4) please prefer usage of construction methods below.
+ * They are more future proof, in case of a change of LZ4_streamDecode_t size in the future.
+ * LZ4_createStreamDecode will allocate and initialize an LZ4_streamDecode_t structure
+ * LZ4_freeStreamDecode releases its memory.
+ */
+LZ4_streamDecode_t* LZ4_createStreamDecode(void);
+int                 LZ4_freeStreamDecode (LZ4_streamDecode_t* LZ4_stream);
+
+/*
+ * LZ4_setStreamDecode
+ * Use this function to instruct where to find the dictionary.
+ * Setting a size of 0 is allowed (same effect as reset).
+ * Return : 1 if OK, 0 if error
+ */
+int LZ4_setStreamDecode (LZ4_streamDecode_t* LZ4_streamDecode, const char* dictionary, int dictSize);
+
+/*
+*_continue() :
+    These decoding functions allow decompression of multiple blocks in "streaming" mode.
+    Previously decoded blocks *must* remain available at the memory position where they were decoded (up to 64 KB)
+    In the case of a ring buffers, decoding buffer must be either :
+    - Exactly same size as encoding buffer, with same update rule (block boundaries at same positions)
+      In which case, the decoding & encoding ring buffer can have any size, including very small ones ( < 64 KB).
+    - Larger than encoding buffer, by a minimum of maxBlockSize more bytes.
+      maxBlockSize is implementation dependent. It's the maximum size you intend to compress into a single block.
+      In which case, encoding and decoding buffers do not need to be synchronized,
+      and encoding ring buffer can have any size, including small ones ( < 64 KB).
+    - _At least_ 64 KB + 8 bytes + maxBlockSize.
+      In which case, encoding and decoding buffers do not need to be synchronized,
+      and encoding ring buffer can have any size, including larger than decoding buffer.
+    Whenever these conditions are not possible, save the last 64KB of decoded data into a safe buffer,
+    and indicate where it is saved using LZ4_setStreamDecode()
+*/
+int LZ4_decompress_safe_continue (LZ4_streamDecode_t* LZ4_streamDecode, const char* source, char* dest, int compressedSize, int maxDecompressedSize);
+int LZ4_decompress_fast_continue (LZ4_streamDecode_t* LZ4_streamDecode, const char* source, char* dest, int originalSize);
+
+
+/*
+Advanced decoding functions :
+*_usingDict() :
+    These decoding functions work the same as
+    a combination of LZ4_setStreamDecode() followed by LZ4_decompress_x_continue()
+    They are stand-alone. They don't need nor update an LZ4_streamDecode_t structure.
+*/
+int LZ4_decompress_safe_usingDict (const char* source, char* dest, int compressedSize, int maxDecompressedSize, const char* dictStart, int dictSize);
+int LZ4_decompress_fast_usingDict (const char* source, char* dest, int originalSize, const char* dictStart, int dictSize);
+
+
+
+/**************************************
+*  Obsolete Functions
+**************************************/
+/* Deprecate Warnings */
+/* Should these warnings messages be a problem,
+   it is generally possible to disable them,
+   with -Wno-deprecated-declarations for gcc
+   or _CRT_SECURE_NO_WARNINGS in Visual for example.
+   You can also define LZ4_DEPRECATE_WARNING_DEFBLOCK. */
+#ifndef LZ4_DEPRECATE_WARNING_DEFBLOCK
+#  define LZ4_DEPRECATE_WARNING_DEFBLOCK
+#  define LZ4_GCC_VERSION (__GNUC__ * 100 + __GNUC_MINOR__)
+#  if (LZ4_GCC_VERSION >= 405) || defined(__clang__)
+#    define LZ4_DEPRECATED(message) __attribute__((deprecated(message)))
+#  elif (LZ4_GCC_VERSION >= 301)
+#    define LZ4_DEPRECATED(message) __attribute__((deprecated))
+#  elif defined(_MSC_VER)
+#    define LZ4_DEPRECATED(message) __declspec(deprecated(message))
+#  else
+#    pragma message("WARNING: You need to implement LZ4_DEPRECATED for this compiler")
+#    define LZ4_DEPRECATED(message)
+#  endif
+#endif /* LZ4_DEPRECATE_WARNING_DEFBLOCK */
+
+/* Obsolete compression functions */
+/* These functions are planned to start generate warnings by r131 approximately */
+int LZ4_compress               (const char* source, char* dest, int sourceSize);
+int LZ4_compress_limitedOutput (const char* source, char* dest, int sourceSize, int maxOutputSize);
+int LZ4_compress_withState               (void* state, const char* source, char* dest, int inputSize);
+int LZ4_compress_limitedOutput_withState (void* state, const char* source, char* dest, int inputSize, int maxOutputSize);
+int LZ4_compress_continue                (LZ4_stream_t* LZ4_streamPtr, const char* source, char* dest, int inputSize);
+int LZ4_compress_limitedOutput_continue  (LZ4_stream_t* LZ4_streamPtr, const char* source, char* dest, int inputSize, int maxOutputSize);
+
+/* Obsolete decompression functions */
+/* These function names are completely deprecated and must no longer be used.
+   They are only provided here for compatibility with older programs.
+    - LZ4_uncompress is the same as LZ4_decompress_fast
+    - LZ4_uncompress_unknownOutputSize is the same as LZ4_decompress_safe
+   These function prototypes are now disabled; uncomment them only if you really need them.
+   It is highly recommended to stop using these prototypes and migrate to maintained ones */
+/* int LZ4_uncompress (const char* source, char* dest, int outputSize); */
+/* int LZ4_uncompress_unknownOutputSize (const char* source, char* dest, int isize, int maxOutputSize); */
+
+/* Obsolete streaming functions; use new streaming interface whenever possible */
+LZ4_DEPRECATED("use LZ4_createStream() instead") void* LZ4_create (char* inputBuffer);
+LZ4_DEPRECATED("use LZ4_createStream() instead") int   LZ4_sizeofStreamState(void);
+LZ4_DEPRECATED("use LZ4_resetStream() instead")  int   LZ4_resetStreamState(void* state, char* inputBuffer);
+LZ4_DEPRECATED("use LZ4_saveDict() instead")     char* LZ4_slideInputBuffer (void* state);
+
+/* Obsolete streaming decoding functions */
+LZ4_DEPRECATED("use LZ4_decompress_safe_usingDict() instead") int LZ4_decompress_safe_withPrefix64k (const char* src, char* dst, int compressedSize, int maxDstSize);
+LZ4_DEPRECATED("use LZ4_decompress_fast_usingDict() instead") int LZ4_decompress_fast_withPrefix64k (const char* src, char* dst, int originalSize);
+
+
+#if defined (__cplusplus)
+}
+#endif
diff --git a/ext/miniupnpc/Changelog.txt b/ext/miniupnpc/Changelog.txt
new file mode 100644
index 0000000..078bebc
--- /dev/null
+++ b/ext/miniupnpc/Changelog.txt
@@ -0,0 +1,677 @@
+$Id: Changelog.txt,v 1.223 2016/04/19 21:06:20 nanard Exp $
+miniUPnP client Changelog.
+
+VERSION 2.0 : released 2016/04/19
+
+2016/01/24:
+  change miniwget to return HTTP status code
+  increments API_VERSION to 16
+
+2016/01/22:
+  Improve UPNPIGD_IsConnected() to check if WAN address is not private.
+  parse HTTP response status line in miniwget.c
+
+2015/10/26:
+  snprintf() overflow check. check overflow in simpleUPnPcommand2()
+
+2015/10/25:
+  fix compilation with old macs
+  fix compilation with mingw32 (for Appveyor)
+  fix python module for python <= 2.3
+
+2015/10/08:
+  Change sameport to localport
+    see https://github.com/miniupnp/miniupnp/pull/120
+  increments API_VERSION to 15
+
+2015/09/15:
+  Fix buffer overflow in igd_desc_parse.c/IGDstartelt()
+    Discovered by Aleksandar Nikolic of Cisco Talos
+
+2015/08/28:
+  move ssdpDiscoverDevices() to minissdpc.c
+
+2015/08/27:
+  avoid unix socket leak in getDevicesFromMiniSSDPD()
+
+2015/08/16:
+  Also accept "Up" as ConnectionStatus value
+
+2015/07/23:
+  split getDevicesFromMiniSSDPD
+  add ttl argument to upnpDiscover() functions
+  increments API_VERSION to 14
+
+2015/07/22:
+  Read USN from SSDP messages.
+
+2015/07/15:
+  Check malloc/calloc
+
+2015/06/16:
+  update getDevicesFromMiniSSDPD() to process longer minissdpd
+    responses
+
+2015/05/22:
+  add searchalltypes param to upnpDiscoverDevices()
+  increments API_VERSION to 13
+
+2015/04/30:
+  upnpc: output version on the terminal
+
+2015/04/27:
+  _BSD_SOURCE is deprecated in favor of _DEFAULT_SOURCE
+  fix CMakeLists.txt COMPILE_DEFINITIONS
+  fix getDevicesFromMiniSSDPD() not setting scope_id
+  improve -r command of upnpc command line tool
+
+2014/11/17:
+  search all :
+    upnpDiscoverDevices() / upnpDiscoverAll() functions
+    listdevices executable
+  increment API_VERSION to 12
+  validate igd_desc_parse
+
+2014/11/13:
+  increment API_VERSION to 11
+
+2014/11/05:
+  simplified function GetUPNPUrls()
+
+2014/09/11:
+  use remoteHost arg of DeletePortMapping
+
+2014/09/06:
+  Fix python3 build
+
+2014/07/01:
+  Fix parsing of IGD2 root descriptions
+
+2014/06/10:
+  rename LIBSPEC to MINIUPNP_LIBSPEC
+
+2014/05/15:
+  Add support for IGD2 AddAnyPortMapping and DeletePortMappingRange
+
+2014/02/05:
+  handle EINPROGRESS after connect()
+
+2014/02/03:
+  minixml now handle XML comments
+
+VERSION 1.9 : released 2014/01/31
+
+2014/01/31:
+  added argument remoteHost to UPNP_GetSpecificPortMappingEntry()
+  increment API_VERSION to 10
+
+2013/12/09:
+  --help and -h arguments in upnpc.c
+
+2013/10/07:
+  fixed potential buffer overrun in miniwget.c
+  Modified UPNP_GetValidIGD() to check for ExternalIpAddress
+
+2013/08/01:
+  define MAXHOSTNAMELEN if not already done
+
+2013/06/06:
+  update upnpreplyparse to allow larger values (128 chars instead of 64)
+
+2013/05/14:
+  Update upnpreplyparse to take into account "empty" elements
+  validate upnpreplyparse.c code with "make check"
+
+2013/05/03:
+  Fix Solaris build thanks to Maciej Małecki
+
+2013/04/27:
+  Fix testminiwget.sh for BSD
+
+2013/03/23:
+  Fixed Makefile for *BSD
+
+2013/03/11:
+  Update Makefile to use JNAerator version 0.11
+
+2013/02/11:
+  Fix testminiwget.sh for use with dash
+  Use $(DESTDIR) in Makefile
+
+VERSION 1.8 : released 2013/02/06
+
+2012/10/16:
+  fix testminiwget with no IPv6 support
+
+2012/09/27:
+  Rename all include guards to not clash with C99
+  (7.1.3 Reserved identifiers).
+
+2012/08/30:
+  Added -e option to upnpc program (set description for port mappings)
+
+2012/08/29:
+  Python 3 support (thanks to Christopher Foo)
+
+2012/08/11:
+  Fix a memory link in UPNP_GetValidIGD()
+  Try to handle scope id in link local IPv6 URL under MS Windows
+
+2012/07/20:
+  Disable HAS_IP_MREQN on DragonFly BSD
+
+2012/06/28:
+  GetUPNPUrls() now inserts scope into link-local IPv6 addresses
+
+2012/06/23:
+  More error return checks in upnpc.c
+  #define MINIUPNPC_GET_SRC_ADDR enables receivedata() to get scope_id
+  parseURL() now parses IPv6 addresses scope
+  new parameter for miniwget() : IPv6 address scope
+  increment API_VERSION to 9
+
+2012/06/20:
+  fixed CMakeLists.txt
+
+2012/05/29
+  Improvements in testminiwget.sh
+
+VERSION 1.7 : released 2012/05/24
+
+2012/05/01:
+  Cleanup settings of CFLAGS in Makefile
+  Fix signed/unsigned integer comparaisons
+
+2012/04/20:
+  Allow to specify protocol with TCP or UDP for -A option
+
+2012/04/09:
+  Only try to fetch XML description once in UPNP_GetValidIGD()
+  Added -ansi flag to compilation, and fixed C++ comments to ANSI C comments.
+
+2012/04/05:
+  minor improvements to minihttptestserver.c
+
+2012/03/15:
+  upnperrors.c returns valid error string for unrecognized error codes
+
+2012/03/08:
+  make minihttptestserver listen on loopback interface instead of 0.0.0.0
+
+2012/01/25:
+  Maven installation thanks to Alexey Kuznetsov
+
+2012/01/21:
+  Replace WIN32 macro by _WIN32
+
+2012/01/19:
+  Fixes in java wrappers thanks to Alexey Kuznetsov :
+    https://github.com/axet/miniupnp/tree/fix-javatest/miniupnpc
+  Make and install .deb packages (python) thanks to Alexey Kuznetsov :
+    https://github.com/axet/miniupnp/tree/feature-debbuild/miniupnpc
+
+2012/01/07:
+  The multicast interface can now be specified by name with IPv4.
+
+2012/01/02:
+  Install man page
+
+2011/11/25:
+  added header to Port Mappings list in upnpc.c
+
+2011/10/09:
+  Makefile : make clean now removes jnaerator generated files.
+  MINIUPNPC_VERSION in miniupnpc.h (updated by make)
+
+2011/09/12:
+  added rootdescURL to UPNPUrls structure.
+
+VERSION 1.6 : released 2011/07/25
+
+2011/07/25:
+  Update doc for version 1.6 release
+
+2011/06/18:
+  Fix for windows in miniwget.c
+
+2011/06/04:
+  display remote host in port mapping listing
+
+2011/06/03:
+  Fix in make install : there were missing headers
+
+2011/05/26:
+  Fix the socket leak in miniwget thanks to Richard Marsh.
+  Permit to add leaseduration in -a command. Display lease duration.
+
+2011/05/15:
+  Try both LinkLocal and SiteLocal multicast address for SSDP in IPv6
+
+2011/05/09:
+  add a test in testminiwget.sh.
+  more error checking in miniwget.c
+
+2011/05/06:
+  Adding some tool to test and validate miniwget.c
+  simplified and debugged miniwget.c
+
+2011/04/11:
+  moving ReceiveData() to a receivedata.c file.
+  parsing presentation url
+  adding IGD v2 WANIPv6FirewallControl commands
+
+2011/04/10:
+  update of miniupnpcmodule.c
+  comments in miniwget.c, update in testminiwget
+  Adding errors codes from IGD v2
+  new functions in upnpc.c for IGD v2
+
+2011/04/09:
+  Support for litteral ip v6 address in miniwget
+
+2011/04/08:
+  Adding support for urn:schemas-upnp-org:service:WANIPv6FirewallControl:1
+  Updating APIVERSION
+  Supporting IPV6 in upnpDiscover()
+  Adding a -6 option to upnpc command line tool
+
+2011/03/18:
+  miniwget/parseURL() : return an error when url param is null.
+  fixing GetListOfPortMappings()
+
+2011/03/14:
+  upnpDiscover() now reporting an error code.
+  improvements in comments.
+
+2011/03/11:
+  adding miniupnpcstrings.h.cmake and CMakeLists.txt files.
+
+2011/02/15:
+  Implementation of GetListOfPortMappings()
+
+2011/02/07:
+  updates to minixml to support character data starting with spaces
+  minixml now support CDATA
+  upnpreplyparse treats <NewPortListing> specificaly
+  change in simpleUPnPcommand to return the buffer (simplification)
+
+2011/02/06:
+  Added leaseDuration argument to AddPortMapping()
+  Starting to implement GetListOfPortMappings()
+
+2011/01/11:
+  updating wingenminiupnpcstrings.c
+
+2011/01/04:
+  improving updateminiupnpcstrings.sh
+
+VERSION 1.5 : released 2011/01/01
+
+2010/12/21:
+  use NO_GETADDRINFO macro to disable the use of getaddrinfo/freeaddrinfo
+
+2010/12/11:
+  Improvements on getHTTPResponse() code.
+
+2010/12/09:
+  new code for miniwget that handle Chunked transfer encoding
+  using getHTTPResponse() in SOAP call code
+  Adding MANIFEST.in for 'python setup.py bdist_rpm'
+
+2010/11/25:
+  changes to minissdpc.c to compile under Win32.
+  see http://miniupnp.tuxfamily.org/forum/viewtopic.php?t=729
+
+2010/09/17:
+  Various improvement to Makefile from Michał Górny
+
+2010/08/05:
+  Adding the script "external-ip.sh" from Reuben Hawkins
+
+2010/06/09:
+  update to python module to match modification made on 2010/04/05
+  update to Java test code to match modification made on 2010/04/05
+  all UPNP_* function now return an error if the SOAP request failed
+  at HTTP level.
+
+2010/04/17:
+  Using GetBestRoute() under win32 in order to find the
+  right interface to use.
+
+2010/04/12:
+  Retrying with HTTP/1.1 if HTTP/1.0 failed. see
+  http://miniupnp.tuxfamily.org/forum/viewtopic.php?p=1703
+
+2010/04/07:
+  avoid returning duplicates in upnpDiscover()
+
+2010/04/05:
+  Create a connecthostport.h/.c with connecthostport() function
+  and use it in miniwget and miniupnpc.
+  Use getnameinfo() instead of inet_ntop or inet_ntoa
+  Work to make miniupnpc IPV6 compatible...
+  Add java test code.
+  Big changes in order to support device having both WANIPConnection
+  and WANPPPConnection.
+
+2010/04/04:
+  Use getaddrinfo() instead of gethostbyname() in miniwget.
+
+2010/01/06:
+  #define _DARWIN_C_SOURCE for Mac OS X
+
+2009/12/19:
+  Improve MinGW32 build
+
+2009/12/11:
+  adding a MSVC9 project to build the static library and executable
+
+2009/12/10:
+  Fixing some compilation stuff for Windows/MinGW
+
+2009/12/07:
+  adaptations in Makefile and updateminiupnpcstring.sh for AmigaOS
+  some fixes for Windows when using virtual ethernet adapters (it is the
+  case with VMWare installed).
+
+2009/12/04:
+  some fixes for AmigaOS compilation
+  Changed HTTP version to HTTP/1.0 for Soap too (to prevent chunked
+  transfer encoding)
+
+2009/12/03:
+  updating printIDG and testigddescparse.c for debug.
+  modifications to compile under AmigaOS
+  adding a testminiwget program
+  Changed miniwget to advertise itself as HTTP/1.0 to prevent chunked
+  transfer encoding
+
+2009/11/26:
+  fixing updateminiupnpcstrings.sh to take into account
+  which command that does not return an error code.
+
+VERSION 1.4 : released 2009/10/30
+
+2009/10/16:
+  using Py_BEGIN_ALLOW_THREADS and Py_END_ALLOW_THREADS in python module.
+
+2009/10/10:
+  Some fixes for compilation under Solaris
+  compilation fixes : http://miniupnp.tuxfamily.org/forum/viewtopic.php?p=1464
+
+2009/09/21:
+  fixing the code to ignore EINTR during connect() calls.
+
+2009/08/07:
+  Set socket timeout for connect()
+  Some cleanup in miniwget.c
+
+2009/08/04:
+  remove multiple redirections with -d in upnpc.c
+  Print textual error code in upnpc.c
+  Ignore EINTR during the connect() and poll() calls.
+
+2009/07/29:
+  fix in updateminiupnpcstrings.sh if OS name contains "/"
+  Sending a correct value for MX: field in SSDP request
+
+2009/07/20:
+  Change the Makefile to compile under Mac OS X
+  Fixed a stackoverflow in getDevicesFromMiniSSDPD()
+
+2009/07/09:
+  Compile under Haiku
+  generate miniupnpcstrings.h.in from miniupnpcstrings.h
+
+2009/06/04:
+  patching to compile under CygWin and cross compile for minGW
+
+VERSION 1.3 :
+
+2009/04/17:
+  updating python module
+  Use strtoull() when using C99
+
+2009/02/28:
+  Fixed miniwget.c for compiling under sun
+
+2008/12/18:
+  cleanup in Makefile (thanks to Paul de Weerd)
+  minissdpc.c : win32 compatibility
+  miniupnpc.c : changed xmlns prefix from 'm' to 'u'
+  Removed NDEBUG (using DEBUG)
+
+2008/10/14:
+  Added the ExternalHost argument to DeletePortMapping()
+
+2008/10/11:
+  Added the ExternalHost argument to AddPortMapping()
+  Put a correct User-Agent: header in HTTP requests.
+
+VERSION 1.2 :
+
+2008/10/07:
+  Update docs
+
+2008/09/25:
+  Integrated sameport patch from Dario Meloni : Added a "sameport"
+  argument to upnpDiscover().
+
+2008/07/18:
+  small modif to make Clang happy :)
+
+2008/07/17:
+  #define SOAPPREFIX "s" in miniupnpc.c in order to remove SOAP-ENV...
+
+2008/07/14:
+  include declspec.h in installation (to /usr/include/miniupnpc)
+
+VERSION 1.1 :
+
+2008/07/04:
+  standard options for install/ln instead of gnu-specific stuff.
+
+2008/07/03:
+  now builds a .dll and .lib with win32. (mingw32)
+
+2008/04/28:
+  make install now install the binary of the upnpc tool
+
+2008/04/27:
+  added testupnpigd.py
+  added error strings for miniupnpc "internal" errors
+  improved python module error/exception reporting.
+
+2008/04/23:
+  Completely rewrite igd_desc_parse.c in order to be compatible with
+  Linksys WAG200G
+  Added testigddescparse
+  updated python module
+
+VERSION 1.0 :
+
+2008/02/21:
+  put some #ifdef DEBUG around DisplayNameValueList()
+
+2008/02/18:
+  Improved error reporting in upnpcommands.c
+  UPNP_GetStatusInfo() returns LastConnectionError
+
+2008/02/16:
+  better error handling in minisoap.c
+  improving display of "valid IGD found" in upnpc.c
+
+2008/02/03:
+  Fixing UPNP_GetValidIGD()
+  improved make install :)
+
+2007/12/22:
+  Adding upnperrors.c/h to provide a strupnperror() function
+  used to translate UPnP error codes to string.
+
+2007/12/19:
+  Fixing getDevicesFromMiniSSDPD()
+  improved error reporting of UPnP functions
+
+2007/12/18:
+  It is now possible to specify a different location for MiniSSDPd socket.
+  working with MiniSSDPd is now more efficient.
+  python module improved.
+
+2007/12/16:
+  improving error reporting
+
+2007/12/13:
+  Try to improve compatibility by using HTTP/1.0 instead of 1.1 and
+  XML a bit different for SOAP.
+
+2007/11/25:
+  fixed select() call for linux
+
+2007/11/15:
+  Added -fPIC to CFLAG for better shared library code.
+
+2007/11/02:
+  Fixed a potential socket leak in miniwget2()
+
+2007/10/16:
+  added a parameter to upnpDiscover() in order to allow the use of another
+  interface than the default multicast interface.
+
+2007/10/12:
+  Fixed the creation of symbolic link in Makefile
+
+2007/10/08:
+  Added man page
+
+2007/10/02:
+  fixed memory bug in GetUPNPUrls()
+
+2007/10/01:
+  fixes in the Makefile
+  Added UPNP_GetIGDFromUrl() and adapted the sample program accordingly.
+  Added SONAME in the shared library to please debian :)
+  fixed MS Windows compilation (minissdpd is not available under MS Windows).
+
+2007/09/25:
+  small change to Makefile to be able to install in a different location
+  (default is /usr)
+
+2007/09/24:
+  now compiling both shared and static library
+
+2007/09/19:
+  Cosmetic changes on upnpc.c
+
+2007/09/02:
+  adapting to new miniSSDPd (release version ?)
+
+2007/08/31:
+  Usage of miniSSDPd to skip discovery process.
+
+2007/08/27:
+  fixed python module to allow compilation with Python older than Python 2.4
+
+2007/06/12:
+  Added a python module.
+
+2007/05/19:
+  Fixed compilation under MinGW
+
+2007/05/15:
+  fixed a memory leak in AddPortMapping()
+  Added testupnpreplyparse executable to check the parsing of
+  upnp soap messages
+  minixml now ignore namespace prefixes.
+
+2007/04/26:
+  upnpc now displays external ip address with -s or -l
+
+2007/04/11:
+  changed MINIUPNPC_URL_MAXSIZE to 128 to accomodate the "BT Voyager 210"
+
+2007/03/19:
+  cleanup in miniwget.c
+
+2007/03/01:
+  Small typo fix...
+
+2007/01/30:
+  Now parsing the HTTP header from SOAP responses in order to
+  get content-length value.
+
+2007/01/29:
+  Fixed the Soap Query to speedup the HTTP request.
+  added some Win32 DLL stuff...
+
+2007/01/27:
+  Fixed some WIN32 compatibility issues
+
+2006/12/14:
+  Added UPNPIGD_IsConnected() function in miniupnp.c/.h
+  Added UPNP_GetValidIGD() in miniupnp.c/.h
+  cleaned upnpc.c main(). now using UPNP_GetValidIGD()
+
+2006/12/07:
+  Version 1.0-RC1 released
+
+2006/12/03:
+  Minor changes to compile under SunOS/Solaris
+
+2006/11/30:
+  made a minixml parser validator program
+  updated minixml to handle attributes correctly
+
+2006/11/22:
+  Added a -r option to the upnpc sample thanks to Alexander Hubmann.
+
+2006/11/19:
+  Cleanup code to make it more ANSI C compliant
+
+2006/11/10:
+  detect and display local lan address.
+
+2006/11/04:
+  Packets and Bytes Sent/Received are now unsigned int.
+
+2006/11/01:
+  Bug fix thanks to Giuseppe D'Angelo
+
+2006/10/31:
+  C++ compatibility for .h files.
+  Added a way to get ip Address on the LAN used to reach the IGD.
+
+2006/10/25:
+  Added M-SEARCH to the services in the discovery process.
+
+2006/10/22:
+  updated the Makefile to use makedepend, added a "make install"
+  update Makefile
+
+2006/10/20:
+  fixing the description url parsing thanks to patch sent by
+  Wayne Dawe.
+  Fixed/translated some comments.
+  Implemented a better discover process, first looking
+  for IGD then for root devices (as some devices only reply to
+  M-SEARCH for root devices).
+
+2006/09/02:
+  added freeUPNPDevlist() function.
+
+2006/08/04:
+  More command line arguments checking
+
+2006/08/01:
+  Added the .bat file to compile under Win32 with minGW32
+
+2006/07/31:
+  Fixed the rootdesc parser (igd_desc_parse.c)
+
+2006/07/20:
+  parseMSEARCHReply() is now returning the ST: line as well
+  starting changes to detect several UPnP devices on the network
+
+2006/07/19:
+  using GetCommonLinkProperties to get down/upload bitrate
+
diff --git a/ext/miniupnpc/LICENSE b/ext/miniupnpc/LICENSE
new file mode 100644
index 0000000..cb5a060
--- /dev/null
+++ b/ext/miniupnpc/LICENSE
@@ -0,0 +1,27 @@
+MiniUPnPc
+Copyright (c) 2005-2015, Thomas BERNARD
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * The name of the author may not be used to endorse or promote products
+	  derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
diff --git a/ext/miniupnpc/MANIFEST.in b/ext/miniupnpc/MANIFEST.in
new file mode 100644
index 0000000..54b86f9
--- /dev/null
+++ b/ext/miniupnpc/MANIFEST.in
@@ -0,0 +1,5 @@
+include README
+include miniupnpcmodule.c
+include setup.py
+include *.h
+include libminiupnpc.a
diff --git a/ext/miniupnpc/README b/ext/miniupnpc/README
new file mode 100644
index 0000000..91535db
--- /dev/null
+++ b/ext/miniupnpc/README
@@ -0,0 +1,64 @@
+Project: miniupnp
+Project web page: http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
+github: https://github.com/miniupnp/miniupnp
+freecode: http://freecode.com/projects/miniupnp
+Author: Thomas Bernard
+Copyright (c) 2005-2016 Thomas Bernard
+This software is subject to the conditions detailed in the
+LICENSE file provided within this distribution.
+
+
+* miniUPnP Client - miniUPnPc *
+
+To compile, simply run 'gmake' (could be 'make' on your system).
+Under win32, to compile with MinGW, type "mingw32make.bat".
+MS Visual C solution and project files are supplied in the msvc/ subdirectory.
+
+The compilation is known to work under linux, FreeBSD,
+OpenBSD, MacOS X, AmigaOS and cygwin.
+The official AmigaOS4.1 SDK was used for AmigaOS4 and GeekGadgets for AmigaOS3.
+upx (http://upx.sourceforge.net) is used to compress the win32 .exe files.
+
+To install the library and headers on the system use :
+> su
+> make install
+> exit
+
+alternatively, to install into a specific location, use :
+> INSTALLPREFIX=/usr/local make install
+
+upnpc.c is a sample client using the libminiupnpc.
+To use the libminiupnpc in your application, link it with
+libminiupnpc.a (or .so) and use the following functions found in miniupnpc.h,
+upnpcommands.h and miniwget.h :
+- upnpDiscover()
+- UPNP_GetValidIGD()
+- miniwget()
+- parserootdesc()
+- GetUPNPUrls()
+- UPNP_* (calling UPNP methods)
+
+Note : use #include <miniupnpc/miniupnpc.h> etc... for the includes
+and -lminiupnpc for the link
+
+Discovery process is speeded up when MiniSSDPd is running on the machine.
+
+
+* Python module *
+
+you can build a python module with 'make pythonmodule'
+and install it with 'make installpythonmodule'.
+setup.py (and setupmingw32.py) are included in the distribution.
+
+
+Feel free to contact me if you have any problem :
+e-mail : miniupnp@free.fr
+
+If you are using libminiupnpc in your application, please
+send me an email !
+
+For any question, you can use the web forum :
+http://miniupnp.tuxfamily.org/forum/
+
+Bugs should be reported on github :
+https://github.com/miniupnp/miniupnp/issues
diff --git a/ext/miniupnpc/VERSION b/ext/miniupnpc/VERSION
new file mode 100644
index 0000000..cd5ac03
--- /dev/null
+++ b/ext/miniupnpc/VERSION
@@ -0,0 +1 @@
+2.0
diff --git a/ext/miniupnpc/apiversions.txt b/ext/miniupnpc/apiversions.txt
new file mode 100644
index 0000000..9464a86
--- /dev/null
+++ b/ext/miniupnpc/apiversions.txt
@@ -0,0 +1,172 @@
+$Id: apiversions.txt,v 1.9 2016/01/24 17:24:36 nanard Exp $
+
+Differences in API between miniUPnPc versions
+
+API version 16
+  added "status_code" argument to getHTTPResponse(), miniwget() and miniwget_getaddr()
+  updated macro :
+    #define MINIUPNPC_API_VERSION 16
+
+API version 15
+  changed "sameport" argument of upnpDiscover() upnpDiscoverAll() upnpDiscoverDevice()
+    to "localport". When 0 or 1, behaviour is not changed, but it can take
+    any other value between 2 and 65535
+    Existing programs should be compatible
+  updated macro :
+    #define MINIUPNPC_API_VERSION  15
+
+API version 14
+miniupnpc.h
+  add ttl argument to upnpDiscover() upnpDiscoverAll() upnpDiscoverDevice()
+  upnpDiscoverDevices()
+  getDevicesFromMiniSSDPD() :
+    connectToMiniSSDPD() / disconnectFromMiniSSDPD()
+    requestDevicesFromMiniSSDPD() / receiveDevicesFromMiniSSDPD()
+  updated macro :
+    #define MINIUPNPC_API_VERSION  14
+
+API version 13
+miniupnpc.h:
+  add searchalltype param to upnpDiscoverDevices() function
+  updated macro :
+    #define MINIUPNPC_API_VERSION  13
+
+API version 12
+miniupnpc.h :
+  add upnpDiscoverAll() / upnpDiscoverDevice() / upnpDiscoverDevices()
+    functions
+  updated macros :
+    #define MINIUPNPC_API_VERSION  12
+
+API version 11
+
+upnpreplyparse.h / portlistingparse.h :
+  removed usage of sys/queue.h / bsdqueue.h
+
+miniupnpc.h:
+  updated macros :
+    #define MINIUPNPC_API_VERSION  11
+
+====================== miniUPnPc version 1.9 ======================
+API version 10
+
+upnpcommands.h:
+  added argument remoteHost to UPNP_GetSpecificPortMappingEntry()
+
+miniupnpc.h:
+  updated macros :
+    #define MINIUPNPC_VERSION      "1.9"
+    #define MINIUPNPC_API_VERSION  10
+
+====================== miniUPnPc version 1.8 ======================
+API version 9
+
+miniupnpc.h:
+  updated macros :
+    #define MINIUPNPC_VERSION      "1.8"
+    #define MINIUPNPC_API_VERSION  9
+  added "unsigned int scope_id;" to struct UPNPDev
+  added scope_id argument to GetUPNPUrls()
+
+
+
+====================== miniUPnPc version 1.7 ======================
+API version 8
+
+miniupnpc.h :
+  add new macros :
+    #define MINIUPNPC_VERSION      "1.7"
+    #define MINIUPNPC_API_VERSION  8
+  add rootdescURL to struct UPNPUrls
+
+
+
+====================== miniUPnPc version 1.6 ======================
+API version 8
+
+Adding support for IPv6.
+igd_desc_parse.h :
+  struct IGDdatas_service :
+    add char presentationurl[MINIUPNPC_URL_MAXSIZE];
+  struct IGDdatas :
+    add struct IGDdatas_service IPv6FC;
+miniupnpc.h :
+  new macros :
+    #define UPNPDISCOVER_SUCCESS (0)
+    #define UPNPDISCOVER_UNKNOWN_ERROR (-1)
+    #define UPNPDISCOVER_SOCKET_ERROR (-101)
+    #define UPNPDISCOVER_MEMORY_ERROR (-102)
+  simpleUPnPcommand() prototype changed (but is normaly not used by API users)
+  add arguments ipv6 and error to upnpDiscover() :
+     struct UPNPDev *
+     upnpDiscover(int delay, const char * multicastif,
+                  const char * minissdpdsock, int sameport,
+                  int ipv6,
+                  int * error);
+  add controlURL_6FC member to struct UPNPUrls :
+    struct UPNPUrls {
+       char * controlURL;
+       char * ipcondescURL;
+       char * controlURL_CIF;
+       char * controlURL_6FC;
+    };
+
+upnpcommands.h :
+  add leaseDuration argument to UPNP_AddPortMapping()
+  add desc, enabled and leaseDuration arguments to UPNP_GetSpecificPortMappingEntry()
+  add UPNP_GetListOfPortMappings() function (IGDv2)
+  add IGDv2 IPv6 related functions :
+    UPNP_GetFirewallStatus()
+    UPNP_GetOutboundPinholeTimeout()
+    UPNP_AddPinhole()
+    UPNP_UpdatePinhole()
+    UPNP_DeletePinhole()
+    UPNP_CheckPinholeWorking()
+    UPNP_GetPinholePackets()
+
+
+
+====================== miniUPnPc version 1.5 ======================
+API version 5
+
+new function :
+int UPNPIGD_IsConnected(struct UPNPUrls *, struct IGDdatas *);
+new macro in upnpcommands.h :
+#define UPNPCOMMAND_HTTP_ERROR
+
+====================== miniUPnPc version 1.4 ======================
+Same API as version 1.3
+
+====================== miniUPnPc version 1.3 ======================
+API version 4
+
+Use UNSIGNED_INTEGER type for
+UPNP_GetTotalBytesSent(), UPNP_GetTotalBytesReceived(),
+UPNP_GetTotalPacketsSent(), UPNP_GetTotalPacketsReceived()
+Add remoteHost argument to UPNP_AddPortMapping() and UPNP_DeletePortMapping()
+
+====================== miniUPnPc version 1.2 ======================
+API version 3
+
+added sameport argument to upnpDiscover()
+struct UPNPDev *
+upnpDiscover(int delay, const char * multicastif,
+             const char * minissdpdsock, int sameport);
+
+====================== miniUPnPc Version 1.1 ======================
+Same API as 1.0
+
+
+====================== miniUPnPc Version 1.0 ======================
+API version 2
+
+
+struct UPNPDev {
+      struct UPNPDev * pNext;
+      char * descURL;
+      char * st;
+      char buffer[2];
+};
+struct UPNPDev * upnpDiscover(int delay, const char * multicastif,
+                              const char * minissdpdsock);
+
diff --git a/ext/miniupnpc/codelength.h b/ext/miniupnpc/codelength.h
new file mode 100644
index 0000000..f5f8e30
--- /dev/null
+++ b/ext/miniupnpc/codelength.h
@@ -0,0 +1,54 @@
+/* $Id: codelength.h,v 1.5 2015/07/09 12:40:18 nanard Exp $ */
+/* Project : miniupnp
+ * Author : Thomas BERNARD
+ * copyright (c) 2005-2015 Thomas Bernard
+ * This software is subjet to the conditions detailed in the
+ * provided LICENCE file. */
+#ifndef CODELENGTH_H_INCLUDED
+#define CODELENGTH_H_INCLUDED
+
+/* Encode length by using 7bit per Byte :
+ * Most significant bit of each byte specifies that the
+ * following byte is part of the code */
+
+/* n : unsigned
+ * p : unsigned char *
+ */
+#define DECODELENGTH(n, p) n = 0; \
+                           do { n = (n << 7) | (*p & 0x7f); } \
+                           while((*(p++)&0x80) && (n<(1<<25)));
+
+/* n :    unsigned
+ * READ : function/macro to read one byte (unsigned char)
+ */
+#define DECODELENGTH_READ(n, READ) \
+	n = 0; \
+	do { \
+		unsigned char c; \
+		READ(c); \
+		n = (n << 7) | (c & 0x07f); \
+		if(!(c&0x80)) break; \
+	} while(n<(1<<25));
+
+/* n :       unsigned
+ * p :       unsigned char *
+ * p_limit : unsigned char *
+ */
+#define DECODELENGTH_CHECKLIMIT(n, p, p_limit) \
+	n = 0; \
+	do { \
+		if((p) >= (p_limit)) break; \
+		n = (n << 7) | (*(p) & 0x7f); \
+	} while((*((p)++)&0x80) && (n<(1<<25)));
+
+
+/* n : unsigned
+ * p : unsigned char *
+ */
+#define CODELENGTH(n, p) if(n>=268435456) *(p++) = (n >> 28) | 0x80; \
+                         if(n>=2097152) *(p++) = (n >> 21) | 0x80; \
+                         if(n>=16384) *(p++) = (n >> 14) | 0x80; \
+                         if(n>=128) *(p++) = (n >> 7) | 0x80; \
+                         *(p++) = n & 0x7f;
+
+#endif /* CODELENGTH_H_INCLUDED */
diff --git a/ext/miniupnpc/connecthostport.c b/ext/miniupnpc/connecthostport.c
new file mode 100644
index 0000000..854203e
--- /dev/null
+++ b/ext/miniupnpc/connecthostport.c
@@ -0,0 +1,266 @@
+/* $Id: connecthostport.c,v 1.15 2015/10/09 16:26:19 nanard Exp $ */
+/* Project : miniupnp
+ * Author : Thomas Bernard
+ * Copyright (c) 2010-2015 Thomas Bernard
+ * This software is subject to the conditions detailed in the
+ * LICENCE file provided in this distribution. */
+
+#define _CRT_SECURE_NO_WARNINGS
+
+/* use getaddrinfo() or gethostbyname()
+ * uncomment the following line in order to use gethostbyname() */
+#ifdef NO_GETADDRINFO
+#define USE_GETHOSTBYNAME
+#endif
+
+#include <string.h>
+#include <stdio.h>
+#ifdef _WIN32
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#include <io.h>
+#define MAXHOSTNAMELEN 64
+#define snprintf _snprintf
+#define herror
+#define socklen_t int
+#else /* #ifdef _WIN32 */
+#include <unistd.h>
+#include <sys/types.h>
+#ifdef MINIUPNPC_SET_SOCKET_TIMEOUT
+#include <sys/time.h>
+#endif /* #ifdef MINIUPNPC_SET_SOCKET_TIMEOUT */
+#include <sys/param.h>
+#include <sys/select.h>
+#include <errno.h>
+#define closesocket close
+#include <netdb.h>
+#include <netinet/in.h>
+/* defining MINIUPNPC_IGNORE_EINTR enable the ignore of interruptions
+ * during the connect() call */
+#define MINIUPNPC_IGNORE_EINTR
+#ifndef USE_GETHOSTBYNAME
+#include <sys/socket.h>
+#include <sys/select.h>
+#endif /* #ifndef USE_GETHOSTBYNAME */
+#endif /* #else _WIN32 */
+
+/* definition of PRINT_SOCKET_ERROR */
+#ifdef _WIN32
+#define PRINT_SOCKET_ERROR(x)    printf("Socket error: %s, %d\n", x, WSAGetLastError());
+#else
+#define PRINT_SOCKET_ERROR(x) perror(x)
+#endif
+
+#if defined(__amigaos__) || defined(__amigaos4__)
+#define herror(A) printf("%s\n", A)
+#endif
+
+#include "connecthostport.h"
+
+#ifndef MAXHOSTNAMELEN
+#define MAXHOSTNAMELEN 64
+#endif
+
+/* connecthostport()
+ * return a socket connected (TCP) to the host and port
+ * or -1 in case of error */
+int connecthostport(const char * host, unsigned short port,
+                    unsigned int scope_id)
+{
+	int s, n;
+#ifdef USE_GETHOSTBYNAME
+	struct sockaddr_in dest;
+	struct hostent *hp;
+#else /* #ifdef USE_GETHOSTBYNAME */
+	char tmp_host[MAXHOSTNAMELEN+1];
+	char port_str[8];
+	struct addrinfo *ai, *p;
+	struct addrinfo hints;
+#endif /* #ifdef USE_GETHOSTBYNAME */
+#ifdef MINIUPNPC_SET_SOCKET_TIMEOUT
+	struct timeval timeout;
+#endif /* #ifdef MINIUPNPC_SET_SOCKET_TIMEOUT */
+
+#ifdef USE_GETHOSTBYNAME
+	hp = gethostbyname(host);
+	if(hp == NULL)
+	{
+		herror(host);
+		return -1;
+	}
+	memcpy(&dest.sin_addr, hp->h_addr, sizeof(dest.sin_addr));
+	memset(dest.sin_zero, 0, sizeof(dest.sin_zero));
+	s = socket(PF_INET, SOCK_STREAM, 0);
+	if(s < 0)
+	{
+		PRINT_SOCKET_ERROR("socket");
+		return -1;
+	}
+#ifdef MINIUPNPC_SET_SOCKET_TIMEOUT
+	/* setting a 3 seconds timeout for the connect() call */
+	timeout.tv_sec = 3;
+	timeout.tv_usec = 0;
+	if(setsockopt(s, SOL_SOCKET, SO_RCVTIMEO, &timeout, sizeof(struct timeval)) < 0)
+	{
+		PRINT_SOCKET_ERROR("setsockopt");
+	}
+	timeout.tv_sec = 3;
+	timeout.tv_usec = 0;
+	if(setsockopt(s, SOL_SOCKET, SO_SNDTIMEO, &timeout, sizeof(struct timeval)) < 0)
+	{
+		PRINT_SOCKET_ERROR("setsockopt");
+	}
+#endif /* #ifdef MINIUPNPC_SET_SOCKET_TIMEOUT */
+	dest.sin_family = AF_INET;
+	dest.sin_port = htons(port);
+	n = connect(s, (struct sockaddr *)&dest, sizeof(struct sockaddr_in));
+#ifdef MINIUPNPC_IGNORE_EINTR
+	/* EINTR The system call was interrupted by a signal that was caught
+	 * EINPROGRESS The socket is nonblocking and the connection cannot
+	 *             be completed immediately. */
+	while(n < 0 && (errno == EINTR || errno == EINPROGRESS))
+	{
+		socklen_t len;
+		fd_set wset;
+		int err;
+		FD_ZERO(&wset);
+		FD_SET(s, &wset);
+		if((n = select(s + 1, NULL, &wset, NULL, NULL)) == -1 && errno == EINTR)
+			continue;
+		/*len = 0;*/
+		/*n = getpeername(s, NULL, &len);*/
+		len = sizeof(err);
+		if(getsockopt(s, SOL_SOCKET, SO_ERROR, &err, &len) < 0) {
+			PRINT_SOCKET_ERROR("getsockopt");
+			closesocket(s);
+			return -1;
+		}
+		if(err != 0) {
+			errno = err;
+			n = -1;
+		}
+	}
+#endif /* #ifdef MINIUPNPC_IGNORE_EINTR */
+	if(n<0)
+	{
+		PRINT_SOCKET_ERROR("connect");
+		closesocket(s);
+		return -1;
+	}
+#else /* #ifdef USE_GETHOSTBYNAME */
+	/* use getaddrinfo() instead of gethostbyname() */
+	memset(&hints, 0, sizeof(hints));
+	/* hints.ai_flags = AI_ADDRCONFIG; */
+#ifdef AI_NUMERICSERV
+	hints.ai_flags = AI_NUMERICSERV;
+#endif
+	hints.ai_socktype = SOCK_STREAM;
+	hints.ai_family = AF_UNSPEC; /* AF_INET, AF_INET6 or AF_UNSPEC */
+	/* hints.ai_protocol = IPPROTO_TCP; */
+	snprintf(port_str, sizeof(port_str), "%hu", port);
+	if(host[0] == '[')
+	{
+		/* literal ip v6 address */
+		int i, j;
+		for(i = 0, j = 1; host[j] && (host[j] != ']') && i < MAXHOSTNAMELEN; i++, j++)
+		{
+			tmp_host[i] = host[j];
+			if(0 == memcmp(host+j, "%25", 3))	/* %25 is just url encoding for '%' */
+				j+=2;							/* skip "25" */
+		}
+		tmp_host[i] = '\0';
+	}
+	else
+	{
+		strncpy(tmp_host, host, MAXHOSTNAMELEN);
+	}
+	tmp_host[MAXHOSTNAMELEN] = '\0';
+	n = getaddrinfo(tmp_host, port_str, &hints, &ai);
+	if(n != 0)
+	{
+#ifdef _WIN32
+		fprintf(stderr, "getaddrinfo() error : %d\n", n);
+#else
+		fprintf(stderr, "getaddrinfo() error : %s\n", gai_strerror(n));
+#endif
+		return -1;
+	}
+	s = -1;
+	for(p = ai; p; p = p->ai_next)
+	{
+		s = socket(p->ai_family, p->ai_socktype, p->ai_protocol);
+		if(s < 0)
+			continue;
+		if(p->ai_addr->sa_family == AF_INET6 && scope_id > 0) {
+			struct sockaddr_in6 * addr6 = (struct sockaddr_in6 *)p->ai_addr;
+			addr6->sin6_scope_id = scope_id;
+		}
+#ifdef MINIUPNPC_SET_SOCKET_TIMEOUT
+		/* setting a 3 seconds timeout for the connect() call */
+		timeout.tv_sec = 3;
+		timeout.tv_usec = 0;
+		if(setsockopt(s, SOL_SOCKET, SO_RCVTIMEO, &timeout, sizeof(struct timeval)) < 0)
+		{
+			PRINT_SOCKET_ERROR("setsockopt");
+		}
+		timeout.tv_sec = 3;
+		timeout.tv_usec = 0;
+		if(setsockopt(s, SOL_SOCKET, SO_SNDTIMEO, &timeout, sizeof(struct timeval)) < 0)
+		{
+			PRINT_SOCKET_ERROR("setsockopt");
+		}
+#endif /* #ifdef MINIUPNPC_SET_SOCKET_TIMEOUT */
+		n = connect(s, p->ai_addr, p->ai_addrlen);
+#ifdef MINIUPNPC_IGNORE_EINTR
+		/* EINTR The system call was interrupted by a signal that was caught
+		 * EINPROGRESS The socket is nonblocking and the connection cannot
+		 *             be completed immediately. */
+		while(n < 0 && (errno == EINTR || errno == EINPROGRESS))
+		{
+			socklen_t len;
+			fd_set wset;
+			int err;
+			FD_ZERO(&wset);
+			FD_SET(s, &wset);
+			if((n = select(s + 1, NULL, &wset, NULL, NULL)) == -1 && errno == EINTR)
+				continue;
+			/*len = 0;*/
+			/*n = getpeername(s, NULL, &len);*/
+			len = sizeof(err);
+			if(getsockopt(s, SOL_SOCKET, SO_ERROR, &err, &len) < 0) {
+				PRINT_SOCKET_ERROR("getsockopt");
+				closesocket(s);
+				freeaddrinfo(ai);
+				return -1;
+			}
+			if(err != 0) {
+				errno = err;
+				n = -1;
+			}
+		}
+#endif /* #ifdef MINIUPNPC_IGNORE_EINTR */
+		if(n < 0)
+		{
+			closesocket(s);
+			continue;
+		}
+		else
+		{
+			break;
+		}
+	}
+	freeaddrinfo(ai);
+	if(s < 0)
+	{
+		PRINT_SOCKET_ERROR("socket");
+		return -1;
+	}
+	if(n < 0)
+	{
+		PRINT_SOCKET_ERROR("connect");
+		return -1;
+	}
+#endif /* #ifdef USE_GETHOSTBYNAME */
+	return s;
+}
+
diff --git a/ext/miniupnpc/connecthostport.h b/ext/miniupnpc/connecthostport.h
new file mode 100644
index 0000000..56941d6
--- /dev/null
+++ b/ext/miniupnpc/connecthostport.h
@@ -0,0 +1,18 @@
+/* $Id: connecthostport.h,v 1.3 2012/09/27 15:42:10 nanard Exp $ */
+/* Project: miniupnp
+ * http://miniupnp.free.fr/
+ * Author: Thomas Bernard
+ * Copyright (c) 2010-2012 Thomas Bernard
+ * This software is subjects to the conditions detailed
+ * in the LICENCE file provided within this distribution */
+#ifndef CONNECTHOSTPORT_H_INCLUDED
+#define CONNECTHOSTPORT_H_INCLUDED
+
+/* connecthostport()
+ * return a socket connected (TCP) to the host and port
+ * or -1 in case of error */
+int connecthostport(const char * host, unsigned short port,
+                    unsigned int scope_id);
+
+#endif
+
diff --git a/ext/miniupnpc/external-ip.sh b/ext/miniupnpc/external-ip.sh
new file mode 100755
index 0000000..965d86b
--- /dev/null
+++ b/ext/miniupnpc/external-ip.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+# $Id: external-ip.sh,v 1.1 2010/08/05 12:57:41 nanard Exp $
+# (c) 2010 Reuben Hawkins
+upnpc -s | grep ExternalIPAddress | sed 's/[^0-9\.]//g'
diff --git a/ext/miniupnpc/igd_desc_parse.c b/ext/miniupnpc/igd_desc_parse.c
new file mode 100644
index 0000000..d2999ad
--- /dev/null
+++ b/ext/miniupnpc/igd_desc_parse.c
@@ -0,0 +1,123 @@
+/* $Id: igd_desc_parse.c,v 1.17 2015/09/15 13:30:04 nanard Exp $ */
+/* Project : miniupnp
+ * http://miniupnp.free.fr/
+ * Author : Thomas Bernard
+ * Copyright (c) 2005-2015 Thomas Bernard
+ * This software is subject to the conditions detailed in the
+ * LICENCE file provided in this distribution. */
+
+#include "igd_desc_parse.h"
+#include <stdio.h>
+#include <string.h>
+
+/* Start element handler :
+ * update nesting level counter and copy element name */
+void IGDstartelt(void * d, const char * name, int l)
+{
+	struct IGDdatas * datas = (struct IGDdatas *)d;
+	if(l >= MINIUPNPC_URL_MAXSIZE)
+		l = MINIUPNPC_URL_MAXSIZE-1;
+	memcpy(datas->cureltname, name, l);
+	datas->cureltname[l] = '\0';
+	datas->level++;
+	if( (l==7) && !memcmp(name, "service", l) ) {
+		datas->tmp.controlurl[0] = '\0';
+		datas->tmp.eventsuburl[0] = '\0';
+		datas->tmp.scpdurl[0] = '\0';
+		datas->tmp.servicetype[0] = '\0';
+	}
+}
+
+#define COMPARE(str, cstr) (0==memcmp(str, cstr, sizeof(cstr) - 1))
+
+/* End element handler :
+ * update nesting level counter and update parser state if
+ * service element is parsed */
+void IGDendelt(void * d, const char * name, int l)
+{
+	struct IGDdatas * datas = (struct IGDdatas *)d;
+	datas->level--;
+	/*printf("endelt %2d %.*s\n", datas->level, l, name);*/
+	if( (l==7) && !memcmp(name, "service", l) )
+	{
+		if(COMPARE(datas->tmp.servicetype,
+		           "urn:schemas-upnp-org:service:WANCommonInterfaceConfig:")) {
+			memcpy(&datas->CIF, &datas->tmp, sizeof(struct IGDdatas_service));
+		} else if(COMPARE(datas->tmp.servicetype,
+			                "urn:schemas-upnp-org:service:WANIPv6FirewallControl:")) {
+			memcpy(&datas->IPv6FC, &datas->tmp, sizeof(struct IGDdatas_service));
+		} else if(COMPARE(datas->tmp.servicetype,
+		                  "urn:schemas-upnp-org:service:WANIPConnection:")
+		         || COMPARE(datas->tmp.servicetype,
+		                    "urn:schemas-upnp-org:service:WANPPPConnection:") ) {
+			if(datas->first.servicetype[0] == '\0') {
+				memcpy(&datas->first, &datas->tmp, sizeof(struct IGDdatas_service));
+			} else {
+				memcpy(&datas->second, &datas->tmp, sizeof(struct IGDdatas_service));
+			}
+		}
+	}
+}
+
+/* Data handler :
+ * copy data depending on the current element name and state */
+void IGDdata(void * d, const char * data, int l)
+{
+	struct IGDdatas * datas = (struct IGDdatas *)d;
+	char * dstmember = 0;
+	/*printf("%2d %s : %.*s\n",
+           datas->level, datas->cureltname, l, data);	*/
+	if( !strcmp(datas->cureltname, "URLBase") )
+		dstmember = datas->urlbase;
+	else if( !strcmp(datas->cureltname, "presentationURL") )
+		dstmember = datas->presentationurl;
+	else if( !strcmp(datas->cureltname, "serviceType") )
+		dstmember = datas->tmp.servicetype;
+	else if( !strcmp(datas->cureltname, "controlURL") )
+		dstmember = datas->tmp.controlurl;
+	else if( !strcmp(datas->cureltname, "eventSubURL") )
+		dstmember = datas->tmp.eventsuburl;
+	else if( !strcmp(datas->cureltname, "SCPDURL") )
+		dstmember = datas->tmp.scpdurl;
+/*	else if( !strcmp(datas->cureltname, "deviceType") )
+		dstmember = datas->devicetype_tmp;*/
+	if(dstmember)
+	{
+		if(l>=MINIUPNPC_URL_MAXSIZE)
+			l = MINIUPNPC_URL_MAXSIZE-1;
+		memcpy(dstmember, data, l);
+		dstmember[l] = '\0';
+	}
+}
+
+#ifdef DEBUG
+void printIGD(struct IGDdatas * d)
+{
+	printf("urlbase = '%s'\n", d->urlbase);
+	printf("WAN Device (Common interface config) :\n");
+	/*printf(" deviceType = '%s'\n", d->CIF.devicetype);*/
+	printf(" serviceType = '%s'\n", d->CIF.servicetype);
+	printf(" controlURL = '%s'\n", d->CIF.controlurl);
+	printf(" eventSubURL = '%s'\n", d->CIF.eventsuburl);
+	printf(" SCPDURL = '%s'\n", d->CIF.scpdurl);
+	printf("primary WAN Connection Device (IP or PPP Connection):\n");
+	/*printf(" deviceType = '%s'\n", d->first.devicetype);*/
+	printf(" servicetype = '%s'\n", d->first.servicetype);
+	printf(" controlURL = '%s'\n", d->first.controlurl);
+	printf(" eventSubURL = '%s'\n", d->first.eventsuburl);
+	printf(" SCPDURL = '%s'\n", d->first.scpdurl);
+	printf("secondary WAN Connection Device (IP or PPP Connection):\n");
+	/*printf(" deviceType = '%s'\n", d->second.devicetype);*/
+	printf(" servicetype = '%s'\n", d->second.servicetype);
+	printf(" controlURL = '%s'\n", d->second.controlurl);
+	printf(" eventSubURL = '%s'\n", d->second.eventsuburl);
+	printf(" SCPDURL = '%s'\n", d->second.scpdurl);
+	printf("WAN IPv6 Firewall Control :\n");
+	/*printf(" deviceType = '%s'\n", d->IPv6FC.devicetype);*/
+	printf(" servicetype = '%s'\n", d->IPv6FC.servicetype);
+	printf(" controlURL = '%s'\n", d->IPv6FC.controlurl);
+	printf(" eventSubURL = '%s'\n", d->IPv6FC.eventsuburl);
+	printf(" SCPDURL = '%s'\n", d->IPv6FC.scpdurl);
+}
+#endif /* DEBUG */
+
diff --git a/ext/miniupnpc/igd_desc_parse.h b/ext/miniupnpc/igd_desc_parse.h
new file mode 100644
index 0000000..0de546b
--- /dev/null
+++ b/ext/miniupnpc/igd_desc_parse.h
@@ -0,0 +1,49 @@
+/* $Id: igd_desc_parse.h,v 1.12 2014/11/17 17:19:13 nanard Exp $ */
+/* Project : miniupnp
+ * http://miniupnp.free.fr/
+ * Author : Thomas Bernard
+ * Copyright (c) 2005-2014 Thomas Bernard
+ * This software is subject to the conditions detailed in the
+ * LICENCE file provided in this distribution.
+ * */
+#ifndef IGD_DESC_PARSE_H_INCLUDED
+#define IGD_DESC_PARSE_H_INCLUDED
+
+/* Structure to store the result of the parsing of UPnP
+ * descriptions of Internet Gateway Devices */
+#define MINIUPNPC_URL_MAXSIZE (128)
+struct IGDdatas_service {
+	char controlurl[MINIUPNPC_URL_MAXSIZE];
+	char eventsuburl[MINIUPNPC_URL_MAXSIZE];
+	char scpdurl[MINIUPNPC_URL_MAXSIZE];
+	char servicetype[MINIUPNPC_URL_MAXSIZE];
+	/*char devicetype[MINIUPNPC_URL_MAXSIZE];*/
+};
+
+struct IGDdatas {
+	char cureltname[MINIUPNPC_URL_MAXSIZE];
+	char urlbase[MINIUPNPC_URL_MAXSIZE];
+	char presentationurl[MINIUPNPC_URL_MAXSIZE];
+	int level;
+	/*int state;*/
+	/* "urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1" */
+	struct IGDdatas_service CIF;
+	/* "urn:schemas-upnp-org:service:WANIPConnection:1"
+	 * "urn:schemas-upnp-org:service:WANPPPConnection:1" */
+	struct IGDdatas_service first;
+	/* if both WANIPConnection and WANPPPConnection are present */
+	struct IGDdatas_service second;
+	/* "urn:schemas-upnp-org:service:WANIPv6FirewallControl:1" */
+	struct IGDdatas_service IPv6FC;
+	/* tmp */
+	struct IGDdatas_service tmp;
+};
+
+void IGDstartelt(void *, const char *, int);
+void IGDendelt(void *, const char *, int);
+void IGDdata(void *, const char *, int);
+#ifdef DEBUG
+void printIGD(struct IGDdatas *);
+#endif /* DEBUG */
+
+#endif /* IGD_DESC_PARSE_H_INCLUDED */
diff --git a/ext/miniupnpc/listdevices.c b/ext/miniupnpc/listdevices.c
new file mode 100644
index 0000000..a93c29f
--- /dev/null
+++ b/ext/miniupnpc/listdevices.c
@@ -0,0 +1,110 @@
+/* $Id: listdevices.c,v 1.7 2015/10/08 16:15:47 nanard Exp $ */
+/* Project : miniupnp
+ * Author : Thomas Bernard
+ * Copyright (c) 2013-2015 Thomas Bernard
+ * This software is subject to the conditions detailed in the
+ * LICENCE file provided in this distribution. */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#ifdef _WIN32
+#include <winsock2.h>
+#endif /* _WIN32 */
+#include "miniupnpc.h"
+
+int main(int argc, char * * argv)
+{
+	const char * searched_device = NULL;
+	const char * * searched_devices = NULL;
+	const char * multicastif = 0;
+	const char * minissdpdpath = 0;
+	int ipv6 = 0;
+	unsigned char ttl = 2;
+	int error = 0;
+	struct UPNPDev * devlist = 0;
+	struct UPNPDev * dev;
+	int i;
+
+#ifdef _WIN32
+	WSADATA wsaData;
+	int nResult = WSAStartup(MAKEWORD(2,2), &wsaData);
+	if(nResult != NO_ERROR)
+	{
+		fprintf(stderr, "WSAStartup() failed.\n");
+		return -1;
+	}
+#endif
+
+	for(i = 1; i < argc; i++) {
+		if(strcmp(argv[i], "-6") == 0)
+			ipv6 = 1;
+		else if(strcmp(argv[i], "-d") == 0) {
+			if(++i >= argc) {
+				fprintf(stderr, "%s option needs one argument\n", "-d");
+				return 1;
+			}
+			searched_device = argv[i];
+		} else if(strcmp(argv[i], "-t") == 0) {
+			if(++i >= argc) {
+				fprintf(stderr, "%s option needs one argument\n", "-t");
+				return 1;
+			}
+			ttl = (unsigned char)atoi(argv[i]);
+		} else if(strcmp(argv[i], "-l") == 0) {
+			if(++i >= argc) {
+				fprintf(stderr, "-l option needs at least one argument\n");
+				return 1;
+			}
+			searched_devices = (const char * *)(argv + i);
+			break;
+		} else if(strcmp(argv[i], "-m") == 0) {
+			if(++i >= argc) {
+				fprintf(stderr, "-m option needs one argument\n");
+				return 1;
+			}
+			multicastif = argv[i];
+		} else {
+			printf("usage : %s [options] [-l <device1> <device2> ...]\n", argv[0]);
+			printf("options :\n");
+			printf("   -6 : use IPv6\n");
+			printf("   -m address/ifname : network interface to use for multicast\n");
+			printf("   -d <device string> : search only for this type of device\n");
+			printf("   -l <device1> <device2> ... : search only for theses types of device\n");
+			printf("   -t ttl : set multicast TTL. Default value is 2.\n");
+			printf("   -h : this help\n");
+			return 1;
+		}
+	}
+
+	if(searched_device) {
+		printf("searching UPnP device type %s\n", searched_device);
+		devlist = upnpDiscoverDevice(searched_device,
+		                             2000, multicastif, minissdpdpath,
+		                             0/*localport*/, ipv6, ttl, &error);
+	} else if(searched_devices) {
+		printf("searching UPnP device types :\n");
+		for(i = 0; searched_devices[i]; i++)
+			printf("\t%s\n", searched_devices[i]);
+		devlist = upnpDiscoverDevices(searched_devices,
+		                              2000, multicastif, minissdpdpath,
+		                              0/*localport*/, ipv6, ttl, &error, 1);
+	} else {
+		printf("searching all UPnP devices\n");
+		devlist = upnpDiscoverAll(2000, multicastif, minissdpdpath,
+		                             0/*localport*/, ipv6, ttl, &error);
+	}
+	if(devlist) {
+		for(dev = devlist, i = 1; dev != NULL; dev = dev->pNext, i++) {
+			printf("%3d: %-48s\n", i, dev->st);
+			printf("     %s\n", dev->descURL);
+			printf("     %s\n", dev->usn);
+		}
+		freeUPNPDevlist(devlist);
+	} else {
+		printf("no device found.\n");
+	}
+
+	return 0;
+}
+
diff --git a/ext/miniupnpc/mingw32make.bat b/ext/miniupnpc/mingw32make.bat
new file mode 100644
index 0000000..c5d3cc4
--- /dev/null
+++ b/ext/miniupnpc/mingw32make.bat
@@ -0,0 +1,8 @@
+@mingw32-make -f Makefile.mingw %1
+@if errorlevel 1 goto end
+@if not exist upnpc-static.exe goto end
+@strip upnpc-static.exe
+@upx --best upnpc-static.exe
+@strip upnpc-shared.exe
+@upx --best upnpc-shared.exe
+:end
diff --git a/ext/miniupnpc/minihttptestserver.c b/ext/miniupnpc/minihttptestserver.c
new file mode 100644
index 0000000..6663bc0
--- /dev/null
+++ b/ext/miniupnpc/minihttptestserver.c
@@ -0,0 +1,659 @@
+/* $Id: minihttptestserver.c,v 1.19 2015/11/17 09:07:17 nanard Exp $ */
+/* Project : miniUPnP
+ * Author : Thomas Bernard
+ * Copyright (c) 2011-2015 Thomas Bernard
+ * This software is subject to the conditions detailed in the
+ * LICENCE file provided in this distribution.
+ * */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/wait.h>
+#include <arpa/inet.h>
+#include <netinet/in.h>
+#include <signal.h>
+#include <time.h>
+#include <errno.h>
+
+#ifndef INADDR_LOOPBACK
+#define INADDR_LOOPBACK         0x7f000001
+#endif
+
+#define CRAP_LENGTH (2048)
+
+volatile sig_atomic_t quit = 0;
+volatile sig_atomic_t child_to_wait_for = 0;
+
+/**
+ * signal handler for SIGCHLD (child status has changed)
+ */
+void handle_signal_chld(int sig)
+{
+	(void)sig;
+	/* printf("handle_signal_chld(%d)\n", sig); */
+	++child_to_wait_for;
+}
+
+/**
+ * signal handler for SIGINT (CRTL C)
+ */
+void handle_signal_int(int sig)
+{
+	(void)sig;
+	/* printf("handle_signal_int(%d)\n", sig); */
+	quit = 1;
+}
+
+/**
+ * build a text/plain content of the specified length
+ */
+void build_content(char * p, int n)
+{
+	char line_buffer[80];
+	int k;
+	int i = 0;
+
+	while(n > 0) {
+		k = snprintf(line_buffer, sizeof(line_buffer),
+		             "%04d_ABCDEFGHIJKL_This_line_is_64_bytes_long_ABCDEFGHIJKL_%04d\r\n",
+		             i, i);
+		if(k != 64) {
+			fprintf(stderr, "snprintf() returned %d in build_content()\n", k);
+		}
+		++i;
+		if(n >= 64) {
+			memcpy(p, line_buffer, 64);
+			p += 64;
+			n -= 64;
+		} else {
+			memcpy(p, line_buffer, n);
+			p += n;
+			n = 0;
+		}
+	}
+}
+
+/**
+ * build crappy content
+ */
+void build_crap(char * p, int n)
+{
+	static const char crap[] = "_CRAP_\r\n";
+	int i;
+
+	while(n > 0) {
+		i = sizeof(crap) - 1;
+		if(i > n)
+			i = n;
+		memcpy(p, crap, i);
+		p += i;
+		n -= i;
+	}
+}
+
+/**
+ * build chunked response.
+ * return a malloc'ed buffer
+ */
+char * build_chunked_response(int content_length, int * response_len)
+{
+	char * response_buffer;
+	char * content_buffer;
+	int buffer_length;
+	int i, n;
+
+	/* allocate to have some margin */
+	buffer_length = 256 + content_length + (content_length >> 4);
+	response_buffer = malloc(buffer_length);
+	if(response_buffer == NULL)
+		return NULL;
+	*response_len = snprintf(response_buffer, buffer_length,
+	                         "HTTP/1.1 200 OK\r\n"
+	                         "Content-Type: text/plain\r\n"
+	                         "Transfer-Encoding: chunked\r\n"
+	                         "\r\n");
+
+	/* build the content */
+	content_buffer = malloc(content_length);
+	if(content_buffer == NULL) {
+		free(response_buffer);
+		return NULL;
+	}
+	build_content(content_buffer, content_length);
+
+	/* chunk it */
+	i = 0;
+	while(i < content_length) {
+		n = (rand() % 199) + 1;
+		if(i + n > content_length) {
+			n = content_length - i;
+		}
+		/* TODO : check buffer size ! */
+		*response_len += snprintf(response_buffer + *response_len,
+		                          buffer_length - *response_len,
+		                          "%x\r\n", n);
+		memcpy(response_buffer + *response_len, content_buffer + i, n);
+		*response_len += n;
+		i += n;
+		response_buffer[(*response_len)++] = '\r';
+		response_buffer[(*response_len)++] = '\n';
+	}
+	/* the last chunk : "0\r\n" a empty body and then
+	 * the final "\r\n" */
+	memcpy(response_buffer + *response_len, "0\r\n\r\n", 5);
+	*response_len += 5;
+	free(content_buffer);
+
+	printf("resp_length=%d buffer_length=%d content_length=%d\n",
+	       *response_len, buffer_length, content_length);
+	return response_buffer;
+}
+
+/* favicon.ico generator */
+#ifdef OLD_HEADER
+#define FAVICON_LENGTH (6 + 16 + 12 + 8 + 32 * 4)
+#else
+#define FAVICON_LENGTH (6 + 16 + 40 + 8 + 32 * 4)
+#endif
+void build_favicon_content(char * p, int n)
+{
+	int i;
+	if(n < FAVICON_LENGTH)
+		return;
+	/* header : 6 bytes */
+	*p++ = 0;
+	*p++ = 0;
+	*p++ = 1;	/* type : ICO */
+	*p++ = 0;
+	*p++ = 1;	/* number of images in file */
+	*p++ = 0;
+	/* image directory (1 entry) : 16 bytes */
+	*p++ = 16;	/* width */
+	*p++ = 16;	/* height */
+	*p++ = 2;	/* number of colors in the palette. 0 = no palette */
+	*p++ = 0;	/* reserved */
+	*p++ = 1;	/* color planes */
+	*p++ = 0;	/* " */
+	*p++ = 1;	/* bpp */
+	*p++ = 0;	/* " */
+#ifdef OLD_HEADER
+	*p++ = 12 + 8 + 32 * 4;	/* bmp size */
+#else
+	*p++ = 40 + 8 + 32 * 4;	/* bmp size */
+#endif
+	*p++ = 0;	/* " */
+	*p++ = 0;	/* " */
+	*p++ = 0;	/* " */
+	*p++ = 6 + 16;	/* bmp offset */
+	*p++ = 0;	/* " */
+	*p++ = 0;	/* " */
+	*p++ = 0;	/* " */
+	/* BMP */
+#ifdef OLD_HEADER
+	/* BITMAPCOREHEADER */
+	*p++ = 12;	/* size of this header */
+	*p++ = 0;	/* " */
+	*p++ = 0;	/* " */
+	*p++ = 0;	/* " */
+	*p++ = 16;	/* width */
+	*p++ = 0;	/* " */
+	*p++ = 16 * 2;	/* height x 2 ! */
+	*p++ = 0;	/* " */
+	*p++ = 1;	/* color planes */
+	*p++ = 0;	/* " */
+	*p++ = 1;	/* bpp */
+	*p++ = 0;	/* " */
+#else
+	/* BITMAPINFOHEADER */
+	*p++ = 40;	/* size of this header */
+	*p++ = 0;	/* " */
+	*p++ = 0;	/* " */
+	*p++ = 0;	/* " */
+	*p++ = 16;	/* width */
+	*p++ = 0;	/* " */
+	*p++ = 0;	/* " */
+	*p++ = 0;	/* " */
+	*p++ = 16 * 2;	/* height x 2 ! */
+	*p++ = 0;	/* " */
+	*p++ = 0;	/* " */
+	*p++ = 0;	/* " */
+	*p++ = 1;	/* color planes */
+	*p++ = 0;	/* " */
+	*p++ = 1;	/* bpp */
+	*p++ = 0;	/* " */
+	/* compression method, image size, ppm x, ppm y */
+	/* colors in the palette ? */
+	/* important colors */
+	for(i = 4 * 6; i > 0; --i)
+		*p++ = 0;
+#endif
+	/* palette */
+	*p++ = 0;	/* b */
+	*p++ = 0;	/* g */
+	*p++ = 0;	/* r */
+	*p++ = 0;	/* reserved */
+	*p++ = 255;	/* b */
+	*p++ = 255;	/* g */
+	*p++ = 255;	/* r */
+	*p++ = 0;	/* reserved */
+	/* pixel data */
+	for(i = 16; i > 0; --i) {
+		if(i & 1) {
+			*p++ = 0125;
+			*p++ = 0125;
+		} else {
+			*p++ = 0252;
+			*p++ = 0252;
+		}
+		*p++ = 0;
+		*p++ = 0;
+	}
+	/* Opacity MASK */
+	for(i = 16 * 4; i > 0; --i) {
+		*p++ = 0;
+	}
+}
+
+enum modes {
+	MODE_INVALID, MODE_CHUNKED, MODE_ADDCRAP, MODE_NORMAL, MODE_FAVICON
+};
+
+const struct {
+	const enum modes mode;
+	const char * text;
+} modes_array[] = {
+	{MODE_CHUNKED, "chunked"},
+	{MODE_ADDCRAP, "addcrap"},
+	{MODE_NORMAL, "normal"},
+	{MODE_FAVICON, "favicon.ico"},
+	{MODE_INVALID, NULL}
+};
+
+/**
+ * write the response with random behaviour !
+ */
+void send_response(int c, const char * buffer, int len)
+{
+	int n;
+	while(len > 0) {
+		n = (rand() % 99) + 1;
+		if(n > len)
+			n = len;
+		n = write(c, buffer, n);
+		if(n < 0) {
+			if(errno != EINTR) {
+				perror("write");
+				return;
+			}
+			/* if errno == EINTR, try again */
+		} else {
+			len -= n;
+			buffer += n;
+		}
+		usleep(10000); /* 10ms */
+	}
+}
+
+/**
+ * handle the HTTP connection
+ */
+void handle_http_connection(int c)
+{
+	char request_buffer[2048];
+	int request_len = 0;
+	int headers_found = 0;
+	int n, i;
+	char request_method[16];
+	char request_uri[256];
+	char http_version[16];
+	char * p;
+	char * response_buffer;
+	int response_len;
+	enum modes mode;
+	int content_length = 16*1024;
+
+	/* read the request */
+	while(request_len < (int)sizeof(request_buffer) && !headers_found) {
+		n = read(c,
+		         request_buffer + request_len,
+		         sizeof(request_buffer) - request_len);
+		if(n < 0) {
+			if(errno == EINTR)
+				continue;
+			perror("read");
+			return;
+		} else if(n==0) {
+			/* remote host closed the connection */
+			break;
+		} else {
+			request_len += n;
+			for(i = 0; i < request_len - 3; i++) {
+				if(0 == memcmp(request_buffer + i, "\r\n\r\n", 4)) {
+					/* found the end of headers */
+					headers_found = 1;
+					break;
+				}
+			}
+		}
+	}
+	if(!headers_found) {
+		/* error */
+		printf("no HTTP header found in the request\n");
+		return;
+	}
+	printf("headers :\n%.*s", request_len, request_buffer);
+	/* the request have been received, now parse the request line */
+	p = request_buffer;
+	for(i = 0; i < (int)sizeof(request_method) - 1; i++) {
+		if(*p == ' ' || *p == '\r')
+			break;
+		request_method[i] = *p;
+		++p;
+	}
+	request_method[i] = '\0';
+	while(*p == ' ')
+		p++;
+	for(i = 0; i < (int)sizeof(request_uri) - 1; i++) {
+		if(*p == ' ' || *p == '\r')
+			break;
+		request_uri[i] = *p;
+		++p;
+	}
+	request_uri[i] = '\0';
+	while(*p == ' ')
+		p++;
+	for(i = 0; i < (int)sizeof(http_version) - 1; i++) {
+		if(*p == ' ' || *p == '\r')
+			break;
+		http_version[i] = *p;
+		++p;
+	}
+	http_version[i] = '\0';
+	printf("Method = %s, URI = %s, %s\n",
+	       request_method, request_uri, http_version);
+	/* check if the request method is allowed */
+	if(0 != strcmp(request_method, "GET")) {
+		const char response405[] = "HTTP/1.1 405 Method Not Allowed\r\n"
+		                           "Allow: GET\r\n\r\n";
+		const char * pc;
+		/* 405 Method Not Allowed */
+		/* The response MUST include an Allow header containing a list
+		 * of valid methods for the requested resource. */
+		n = sizeof(response405) - 1;
+		pc = response405;
+		while(n > 0) {
+			i = write(c, pc, n);
+			if(i<0) {
+				if(errno != EINTR) {
+					perror("write");
+					return;
+				}
+			} else {
+				n -= i;
+				pc += i;
+			}
+		}
+		return;
+	}
+
+	mode = MODE_INVALID;
+	/* use the request URI to know what to do */
+	for(i = 0; modes_array[i].mode != MODE_INVALID; i++) {
+		if(strstr(request_uri, modes_array[i].text)) {
+			mode = modes_array[i].mode; /* found */
+			break;
+		}
+	}
+
+	switch(mode) {
+	case MODE_CHUNKED:
+		response_buffer = build_chunked_response(content_length, &response_len);
+		break;
+	case MODE_ADDCRAP:
+		response_len = content_length+256;
+		response_buffer = malloc(response_len);
+		if(!response_buffer)
+			break;
+		n = snprintf(response_buffer, response_len,
+		             "HTTP/1.1 200 OK\r\n"
+		             "Server: minihttptestserver\r\n"
+		             "Content-Type: text/plain\r\n"
+		             "Content-Length: %d\r\n"
+		             "\r\n", content_length);
+		response_len = content_length+n+CRAP_LENGTH;
+		p = realloc(response_buffer, response_len);
+		if(p == NULL) {
+			/* error 500 */
+			free(response_buffer);
+			response_buffer = NULL;
+			break;
+		}
+		response_buffer = p;
+		build_content(response_buffer + n, content_length);
+		build_crap(response_buffer + n + content_length, CRAP_LENGTH);
+		break;
+	case MODE_FAVICON:
+		content_length = FAVICON_LENGTH;
+		response_len = content_length + 256;
+		response_buffer = malloc(response_len);
+		if(!response_buffer)
+			break;
+		n = snprintf(response_buffer, response_len,
+		             "HTTP/1.1 200 OK\r\n"
+		             "Server: minihttptestserver\r\n"
+		             "Content-Type: image/vnd.microsoft.icon\r\n"
+		             "Content-Length: %d\r\n"
+		             "\r\n", content_length);
+		/* image/x-icon */
+		build_favicon_content(response_buffer + n, content_length);
+		response_len = content_length + n;
+		break;
+	default:
+		response_len = content_length+256;
+		response_buffer = malloc(response_len);
+		if(!response_buffer)
+			break;
+		n = snprintf(response_buffer, response_len,
+		             "HTTP/1.1 200 OK\r\n"
+		             "Server: minihttptestserver\r\n"
+		             "Content-Type: text/plain\r\n"
+		             "\r\n");
+		response_len = content_length+n;
+		p = realloc(response_buffer, response_len);
+		if(p == NULL) {
+			/* Error 500 */
+			free(response_buffer);
+			response_buffer = NULL;
+			break;
+		}
+		response_buffer = p;
+		build_content(response_buffer + n, response_len - n);
+	}
+
+	if(response_buffer) {
+		send_response(c, response_buffer, response_len);
+		free(response_buffer);
+	} else {
+		/* Error 500 */
+	}
+}
+
+/**
+ */
+int main(int argc, char * * argv) {
+	int ipv6 = 0;
+	int s, c, i;
+	unsigned short port = 0;
+	struct sockaddr_storage server_addr;
+	socklen_t server_addrlen;
+	struct sockaddr_storage client_addr;
+	socklen_t client_addrlen;
+	pid_t pid;
+	int child = 0;
+	int status;
+	const char * expected_file_name = NULL;
+	struct sigaction sa;
+
+	for(i = 1; i < argc; i++) {
+		if(argv[i][0] == '-') {
+			switch(argv[i][1]) {
+			case '6':
+				ipv6 = 1;
+				break;
+			case 'e':
+				/* write expected file ! */
+				expected_file_name = argv[++i];
+				break;
+			case 'p':
+				/* port */
+				if(++i < argc) {
+					port = (unsigned short)atoi(argv[i]);
+				}
+				break;
+			default:
+				fprintf(stderr, "unknown command line switch '%s'\n", argv[i]);
+			}
+		} else {
+			fprintf(stderr, "unkown command line argument '%s'\n", argv[i]);
+		}
+	}
+
+	srand(time(NULL));
+
+	memset(&sa, 0, sizeof(struct sigaction));
+
+	/*signal(SIGCHLD, handle_signal_chld);*/
+	sa.sa_handler = handle_signal_chld;
+	if(sigaction(SIGCHLD, &sa, NULL) < 0) {
+		perror("sigaction");
+		return 1;
+	}
+	/*signal(SIGINT, handle_signal_int);*/
+	sa.sa_handler = handle_signal_int;
+	if(sigaction(SIGINT, &sa, NULL) < 0) {
+		perror("sigaction");
+		return 1;
+	}
+
+	s = socket(ipv6 ? AF_INET6 : AF_INET, SOCK_STREAM, 0);
+	if(s < 0) {
+		perror("socket");
+		return 1;
+	}
+	memset(&server_addr, 0, sizeof(struct sockaddr_storage));
+	memset(&client_addr, 0, sizeof(struct sockaddr_storage));
+	if(ipv6) {
+		struct sockaddr_in6 * addr = (struct sockaddr_in6 *)&server_addr;
+		addr->sin6_family = AF_INET6;
+		addr->sin6_port = htons(port);
+		addr->sin6_addr = in6addr_loopback;
+	} else {
+		struct sockaddr_in * addr = (struct sockaddr_in *)&server_addr;
+		addr->sin_family = AF_INET;
+		addr->sin_port = htons(port);
+		addr->sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+	}
+	if(bind(s, (struct sockaddr *)&server_addr,
+	        ipv6 ? sizeof(struct sockaddr_in6) : sizeof(struct sockaddr_in)) < 0) {
+		perror("bind");
+		return 1;
+	}
+	if(listen(s, 5) < 0) {
+		perror("listen");
+	}
+	if(port == 0) {
+		server_addrlen = sizeof(struct sockaddr_storage);
+		if(getsockname(s, (struct sockaddr *)&server_addr, &server_addrlen) < 0) {
+			perror("getsockname");
+			return 1;
+		}
+		if(ipv6) {
+			struct sockaddr_in6 * addr = (struct sockaddr_in6 *)&server_addr;
+			port = ntohs(addr->sin6_port);
+		} else {
+			struct sockaddr_in * addr = (struct sockaddr_in *)&server_addr;
+			port = ntohs(addr->sin_port);
+		}
+		printf("Listening on port %hu\n", port);
+		fflush(stdout);
+	}
+
+	/* write expected file */
+	if(expected_file_name) {
+		FILE * f;
+		f = fopen(expected_file_name, "wb");
+		if(f) {
+			char * buffer;
+			buffer = malloc(16*1024);
+			if(buffer == NULL) {
+				fprintf(stderr, "memory allocation error\n");
+			} else {
+				build_content(buffer, 16*1024);
+				i = fwrite(buffer, 1, 16*1024, f);
+				if(i != 16*1024) {
+					fprintf(stderr, "error writing to file %s : %dbytes written (out of %d)\n", expected_file_name, i, 16*1024);
+				}
+				free(buffer);
+			}
+			fclose(f);
+		} else {
+			fprintf(stderr, "error opening file %s for writing\n", expected_file_name);
+		}
+	}
+
+	/* fork() loop */
+	while(!child && !quit) {
+		while(child_to_wait_for > 0) {
+			pid = wait(&status);
+			if(pid < 0) {
+				perror("wait");
+			} else {
+				printf("child(%d) terminated with status %d\n", pid, status);
+			}
+			--child_to_wait_for;
+		}
+		client_addrlen = sizeof(struct sockaddr_storage);
+		c = accept(s, (struct sockaddr *)&client_addr,
+		           &client_addrlen);
+		if(c < 0) {
+			if(errno == EAGAIN || errno == EWOULDBLOCK || errno == EINTR)
+				continue;
+			perror("accept");
+			return 1;
+		}
+		printf("accept...\n");
+		pid = fork();
+		if(pid < 0) {
+			perror("fork");
+			return 1;
+		} else if(pid == 0) {
+			/* child */
+			child = 1;
+			close(s);
+			s = -1;
+			handle_http_connection(c);
+		}
+		close(c);
+	}
+	if(s >= 0) {
+		close(s);
+		s = -1;
+	}
+	if(!child) {
+		while(child_to_wait_for > 0) {
+			pid = wait(&status);
+			if(pid < 0) {
+				perror("wait");
+			} else {
+				printf("child(%d) terminated with status %d\n", pid, status);
+			}
+			--child_to_wait_for;
+		}
+		printf("Bye...\n");
+	}
+	return 0;
+}
+
diff --git a/ext/miniupnpc/minisoap.c b/ext/miniupnpc/minisoap.c
new file mode 100644
index 0000000..e2efd8f
--- /dev/null
+++ b/ext/miniupnpc/minisoap.c
@@ -0,0 +1,126 @@
+#define _CRT_SECURE_NO_WARNINGS
+/* $Id: minisoap.c,v 1.24 2015/10/26 17:05:07 nanard Exp $ */
+/* Project : miniupnp
+ * Author : Thomas Bernard
+ * Copyright (c) 2005-2015 Thomas Bernard
+ * This software is subject to the conditions detailed in the
+ * LICENCE file provided in this distribution.
+ *
+ * Minimal SOAP implementation for UPnP protocol.
+ */
+#include <stdio.h>
+#include <string.h>
+#ifdef _WIN32
+#include <io.h>
+#include <winsock2.h>
+#define snprintf _snprintf
+#else
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#endif
+#include "minisoap.h"
+#ifdef _WIN32
+#define OS_STRING "Win32"
+#define MINIUPNPC_VERSION_STRING "2.0"
+#define UPNP_VERSION_STRING "UPnP/1.1"
+#endif
+
+/* only for malloc */
+#include <stdlib.h>
+
+#ifdef _WIN32
+#define PRINT_SOCKET_ERROR(x)    printf("Socket error: %s, %d\n", x, WSAGetLastError());
+#else
+#define PRINT_SOCKET_ERROR(x) perror(x)
+#endif
+
+/* httpWrite sends the headers and the body to the socket
+ * and returns the number of bytes sent */
+static int
+httpWrite(int fd, const char * body, int bodysize,
+          const char * headers, int headerssize)
+{
+	int n = 0;
+	/*n = write(fd, headers, headerssize);*/
+	/*if(bodysize>0)
+		n += write(fd, body, bodysize);*/
+	/* Note : my old linksys router only took into account
+	 * soap request that are sent into only one packet */
+	char * p;
+	/* TODO: AVOID MALLOC, we could use writev() for that */
+	p = malloc(headerssize+bodysize);
+	if(!p)
+	  return -1;
+	memcpy(p, headers, headerssize);
+	memcpy(p+headerssize, body, bodysize);
+	/*n = write(fd, p, headerssize+bodysize);*/
+	n = send(fd, p, headerssize+bodysize, 0);
+	if(n<0) {
+	  PRINT_SOCKET_ERROR("send");
+	}
+	/* disable send on the socket */
+	/* draytek routers dont seems to like that... */
+#if 0
+#ifdef _WIN32
+	if(shutdown(fd, SD_SEND)<0) {
+#else
+	if(shutdown(fd, SHUT_WR)<0)	{ /*SD_SEND*/
+#endif
+		PRINT_SOCKET_ERROR("shutdown");
+	}
+#endif
+	free(p);
+	return n;
+}
+
+/* self explanatory  */
+int soapPostSubmit(int fd,
+                   const char * url,
+				   const char * host,
+				   unsigned short port,
+				   const char * action,
+				   const char * body,
+				   const char * httpversion)
+{
+	int bodysize;
+	char headerbuf[512];
+	int headerssize;
+	char portstr[8];
+	bodysize = (int)strlen(body);
+	/* We are not using keep-alive HTTP connections.
+	 * HTTP/1.1 needs the header Connection: close to do that.
+	 * This is the default with HTTP/1.0
+	 * Using HTTP/1.1 means we need to support chunked transfer-encoding :
+	 * When using HTTP/1.1, the router "BiPAC 7404VNOX" always use chunked
+	 * transfer encoding. */
+    /* Connection: Close is normally there only in HTTP/1.1 but who knows */
+	portstr[0] = '\0';
+	if(port != 80)
+		snprintf(portstr, sizeof(portstr), ":%hu", port);
+	headerssize = snprintf(headerbuf, sizeof(headerbuf),
+                       "POST %s HTTP/%s\r\n"
+	                   "Host: %s%s\r\n"
+					   "User-Agent: " OS_STRING ", " UPNP_VERSION_STRING ", MiniUPnPc/" MINIUPNPC_VERSION_STRING "\r\n"
+	                   "Content-Length: %d\r\n"
+					   "Content-Type: text/xml\r\n"
+					   "SOAPAction: \"%s\"\r\n"
+					   "Connection: Close\r\n"
+					   "Cache-Control: no-cache\r\n"	/* ??? */
+					   "Pragma: no-cache\r\n"
+					   "\r\n",
+					   url, httpversion, host, portstr, bodysize, action);
+	if ((unsigned int)headerssize >= sizeof(headerbuf))
+		return -1;
+#ifdef DEBUG
+	/*printf("SOAP request : headersize=%d bodysize=%d\n",
+	       headerssize, bodysize);
+	*/
+	printf("SOAP request : POST %s HTTP/%s - Host: %s%s\n",
+	        url, httpversion, host, portstr);
+	printf("SOAPAction: \"%s\" - Content-Length: %d\n", action, bodysize);
+	printf("Headers :\n%s", headerbuf);
+	printf("Body :\n%s\n", body);
+#endif
+	return httpWrite(fd, body, bodysize, headerbuf, headerssize);
+}
diff --git a/ext/miniupnpc/minisoap.h b/ext/miniupnpc/minisoap.h
new file mode 100644
index 0000000..14c859d
--- /dev/null
+++ b/ext/miniupnpc/minisoap.h
@@ -0,0 +1,15 @@
+/* $Id: minisoap.h,v 1.5 2012/09/27 15:42:10 nanard Exp $ */
+/* Project : miniupnp
+ * Author : Thomas Bernard
+ * Copyright (c) 2005 Thomas Bernard
+ * This software is subject to the conditions detailed in the
+ * LICENCE file provided in this distribution. */
+#ifndef MINISOAP_H_INCLUDED
+#define MINISOAP_H_INCLUDED
+
+/*int httpWrite(int, const char *, int, const char *);*/
+int soapPostSubmit(int, const char *, const char *, unsigned short,
+		   const char *, const char *, const char *);
+
+#endif
+
diff --git a/ext/miniupnpc/minissdpc.c b/ext/miniupnpc/minissdpc.c
new file mode 100644
index 0000000..0f7271e
--- /dev/null
+++ b/ext/miniupnpc/minissdpc.c
@@ -0,0 +1,870 @@
+#define _CRT_SECURE_NO_WARNINGS
+
+/* $Id: minissdpc.c,v 1.31 2016/01/19 09:56:46 nanard Exp $ */
+/* vim: tabstop=4 shiftwidth=4 noexpandtab
+ * Project : miniupnp
+ * Web : http://miniupnp.free.fr/
+ * Author : Thomas BERNARD
+ * copyright (c) 2005-2015 Thomas Bernard
+ * This software is subjet to the conditions detailed in the
+ * provided LICENCE file. */
+/*#include <syslog.h>*/
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#if defined(_WIN32) || defined(__amigaos__) || defined(__amigaos4__)
+#ifdef _WIN32
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#include <io.h>
+#include <iphlpapi.h>
+#include <winsock.h>
+#define snprintf _snprintf
+#if !defined(_MSC_VER)
+#include <stdint.h>
+#else /* !defined(_MSC_VER) */
+typedef unsigned short uint16_t;
+#endif /* !defined(_MSC_VER) */
+#ifndef strncasecmp
+#if defined(_MSC_VER) && (_MSC_VER >= 1400)
+#define strncasecmp _memicmp
+#else /* defined(_MSC_VER) && (_MSC_VER >= 1400) */
+#define strncasecmp memicmp
+#endif /* defined(_MSC_VER) && (_MSC_VER >= 1400) */
+#endif /* #ifndef strncasecmp */
+#endif /* _WIN32 */
+#if defined(__amigaos__) || defined(__amigaos4__)
+#include <sys/socket.h>
+#endif /* defined(__amigaos__) || defined(__amigaos4__) */
+#if defined(__amigaos__)
+#define uint16_t unsigned short
+#endif /* defined(__amigaos__) */
+/* Hack */
+#define UNIX_PATH_LEN   108
+struct sockaddr_un {
+  uint16_t sun_family;
+  char     sun_path[UNIX_PATH_LEN];
+};
+#else /* defined(_WIN32) || defined(__amigaos__) || defined(__amigaos4__) */
+#include <strings.h>
+#include <unistd.h>
+#include <sys/socket.h>
+#include <sys/param.h>
+#include <sys/time.h>
+#include <sys/un.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <net/if.h>
+#define closesocket close
+#endif
+
+#ifdef _WIN32
+#define PRINT_SOCKET_ERROR(x)    printf("Socket error: %s, %d\n", x, WSAGetLastError());
+#else
+#define PRINT_SOCKET_ERROR(x) perror(x)
+#endif
+
+#if !defined(__DragonFly__) && !defined(__OpenBSD__) && !defined(__NetBSD__) && !defined(__APPLE__) && !defined(_WIN32) && !defined(__CYGWIN__) && !defined(__sun) && !defined(__GNU__) && !defined(__FreeBSD_kernel__)
+#define HAS_IP_MREQN
+#endif
+
+#if !defined(HAS_IP_MREQN) && !defined(_WIN32)
+#include <sys/ioctl.h>
+#endif
+
+#if defined(HAS_IP_MREQN) && defined(NEED_STRUCT_IP_MREQN)
+/* Several versions of glibc don't define this structure,
+ * define it here and compile with CFLAGS NEED_STRUCT_IP_MREQN */
+struct ip_mreqn
+{
+	struct in_addr	imr_multiaddr;		/* IP multicast address of group */
+	struct in_addr	imr_address;		/* local IP address of interface */
+	int		imr_ifindex;		/* Interface index */
+};
+#endif
+
+#if defined(__amigaos__) || defined(__amigaos4__)
+/* Amiga OS specific stuff */
+#define TIMEVAL struct timeval
+#endif
+
+#include "minissdpc.h"
+#include "miniupnpc.h"
+#include "receivedata.h"
+
+#if !(defined(_WIN32) || defined(__amigaos__) || defined(__amigaos4__))
+
+#include "codelength.h"
+
+struct UPNPDev *
+getDevicesFromMiniSSDPD(const char * devtype, const char * socketpath, int * error)
+{
+	struct UPNPDev * devlist = NULL;
+	int s;
+	int res;
+
+	s = connectToMiniSSDPD(socketpath);
+	if (s < 0) {
+		if (error)
+			*error = s;
+		return NULL;
+	}
+	res = requestDevicesFromMiniSSDPD(s, devtype);
+	if (res < 0) {
+		if (error)
+			*error = res;
+	} else {
+		devlist = receiveDevicesFromMiniSSDPD(s, error);
+	}
+	disconnectFromMiniSSDPD(s);
+	return devlist;
+}
+
+/* macros used to read from unix socket */
+#define READ_BYTE_BUFFER(c) \
+	if((int)bufferindex >= n) { \
+		n = read(s, buffer, sizeof(buffer)); \
+		if(n<=0) break; \
+		bufferindex = 0; \
+	} \
+	c = buffer[bufferindex++];
+
+#ifndef MIN
+#define MIN(a, b) (((a) < (b)) ? (a) : (b))
+#endif /* MIN */
+
+#define READ_COPY_BUFFER(dst, len) \
+	for(l = len, p = (unsigned char *)dst; l > 0; ) { \
+		unsigned int lcopy; \
+		if((int)bufferindex >= n) { \
+			n = read(s, buffer, sizeof(buffer)); \
+			if(n<=0) break; \
+			bufferindex = 0; \
+		} \
+		lcopy = MIN(l, (n - bufferindex)); \
+		memcpy(p, buffer + bufferindex, lcopy); \
+		l -= lcopy; \
+		p += lcopy; \
+		bufferindex += lcopy; \
+	}
+
+#define READ_DISCARD_BUFFER(len) \
+	for(l = len; l > 0; ) { \
+		unsigned int lcopy; \
+		if(bufferindex >= n) { \
+			n = read(s, buffer, sizeof(buffer)); \
+			if(n<=0) break; \
+			bufferindex = 0; \
+		} \
+		lcopy = MIN(l, (n - bufferindex)); \
+		l -= lcopy; \
+		bufferindex += lcopy; \
+	}
+
+int
+connectToMiniSSDPD(const char * socketpath)
+{
+	int s;
+	struct sockaddr_un addr;
+#ifdef MINIUPNPC_SET_SOCKET_TIMEOUT
+	struct timeval timeout;
+#endif /* #ifdef MINIUPNPC_SET_SOCKET_TIMEOUT */
+
+	s = socket(AF_UNIX, SOCK_STREAM, 0);
+	if(s < 0)
+	{
+		/*syslog(LOG_ERR, "socket(unix): %m");*/
+		perror("socket(unix)");
+		return MINISSDPC_SOCKET_ERROR;
+	}
+#ifdef MINIUPNPC_SET_SOCKET_TIMEOUT
+	/* setting a 3 seconds timeout */
+	timeout.tv_sec = 3;
+	timeout.tv_usec = 0;
+	if(setsockopt(s, SOL_SOCKET, SO_RCVTIMEO, &timeout, sizeof(struct timeval)) < 0)
+	{
+		perror("setsockopt");
+	}
+	timeout.tv_sec = 3;
+	timeout.tv_usec = 0;
+	if(setsockopt(s, SOL_SOCKET, SO_SNDTIMEO, &timeout, sizeof(struct timeval)) < 0)
+	{
+		perror("setsockopt");
+	}
+#endif /* #ifdef MINIUPNPC_SET_SOCKET_TIMEOUT */
+	if(!socketpath)
+		socketpath = "/var/run/minissdpd.sock";
+	addr.sun_family = AF_UNIX;
+	strncpy(addr.sun_path, socketpath, sizeof(addr.sun_path));
+	/* TODO : check if we need to handle the EINTR */
+	if(connect(s, (struct sockaddr *)&addr, sizeof(struct sockaddr_un)) < 0)
+	{
+		/*syslog(LOG_WARNING, "connect(\"%s\"): %m", socketpath);*/
+		close(s);
+		return MINISSDPC_SOCKET_ERROR;
+	}
+	return s;
+}
+
+int
+disconnectFromMiniSSDPD(int s)
+{
+	if (close(s) < 0)
+		return MINISSDPC_SOCKET_ERROR;
+	return MINISSDPC_SUCCESS;
+}
+
+int
+requestDevicesFromMiniSSDPD(int s, const char * devtype)
+{
+	unsigned char buffer[256];
+	unsigned char * p;
+	unsigned int stsize, l;
+
+	stsize = strlen(devtype);
+	if(stsize == 8 && 0 == memcmp(devtype, "ssdp:all", 8))
+	{
+		buffer[0] = 3;	/* request type 3 : everything */
+	}
+	else
+	{
+		buffer[0] = 1; /* request type 1 : request devices/services by type */
+	}
+	p = buffer + 1;
+	l = stsize;	CODELENGTH(l, p);
+	if(p + stsize > buffer + sizeof(buffer))
+	{
+		/* devtype is too long ! */
+#ifdef DEBUG
+		fprintf(stderr, "devtype is too long ! stsize=%u sizeof(buffer)=%u\n",
+		        stsize, (unsigned)sizeof(buffer));
+#endif /* DEBUG */
+		return MINISSDPC_INVALID_INPUT;
+	}
+	memcpy(p, devtype, stsize);
+	p += stsize;
+	if(write(s, buffer, p - buffer) < 0)
+	{
+		/*syslog(LOG_ERR, "write(): %m");*/
+		perror("minissdpc.c: write()");
+		return MINISSDPC_SOCKET_ERROR;
+	}
+	return MINISSDPC_SUCCESS;
+}
+
+struct UPNPDev *
+receiveDevicesFromMiniSSDPD(int s, int * error)
+{
+	struct UPNPDev * tmp;
+	struct UPNPDev * devlist = NULL;
+	unsigned char buffer[256];
+	ssize_t n;
+	unsigned char * p;
+	unsigned char * url;
+	unsigned char * st;
+	unsigned int bufferindex;
+	unsigned int i, ndev;
+	unsigned int urlsize, stsize, usnsize, l;
+
+	n = read(s, buffer, sizeof(buffer));
+	if(n<=0)
+	{
+		perror("minissdpc.c: read()");
+		if (error)
+			*error = MINISSDPC_SOCKET_ERROR;
+		return NULL;
+	}
+	ndev = buffer[0];
+	bufferindex = 1;
+	for(i = 0; i < ndev; i++)
+	{
+		DECODELENGTH_READ(urlsize, READ_BYTE_BUFFER);
+		if(n<=0) {
+			if (error)
+				*error = MINISSDPC_INVALID_SERVER_REPLY;
+			return devlist;
+		}
+#ifdef DEBUG
+		printf("  urlsize=%u", urlsize);
+#endif /* DEBUG */
+		url = malloc(urlsize);
+		if(url == NULL) {
+			if (error)
+				*error = MINISSDPC_MEMORY_ERROR;
+			return devlist;
+		}
+		READ_COPY_BUFFER(url, urlsize);
+		if(n<=0) {
+			if (error)
+				*error = MINISSDPC_INVALID_SERVER_REPLY;
+			goto free_url_and_return;
+		}
+		DECODELENGTH_READ(stsize, READ_BYTE_BUFFER);
+		if(n<=0) {
+			if (error)
+				*error = MINISSDPC_INVALID_SERVER_REPLY;
+			goto free_url_and_return;
+		}
+#ifdef DEBUG
+		printf("   stsize=%u", stsize);
+#endif /* DEBUG */
+		st = malloc(stsize);
+		if (st == NULL) {
+			if (error)
+				*error = MINISSDPC_MEMORY_ERROR;
+			goto free_url_and_return;
+		}
+		READ_COPY_BUFFER(st, stsize);
+		if(n<=0) {
+			if (error)
+				*error = MINISSDPC_INVALID_SERVER_REPLY;
+			goto free_url_and_st_and_return;
+		}
+		DECODELENGTH_READ(usnsize, READ_BYTE_BUFFER);
+		if(n<=0) {
+			if (error)
+				*error = MINISSDPC_INVALID_SERVER_REPLY;
+			goto free_url_and_st_and_return;
+		}
+#ifdef DEBUG
+		printf("   usnsize=%u\n", usnsize);
+#endif /* DEBUG */
+		tmp = (struct UPNPDev *)malloc(sizeof(struct UPNPDev)+urlsize+stsize+usnsize);
+		if(tmp == NULL) {
+			if (error)
+				*error = MINISSDPC_MEMORY_ERROR;
+			goto free_url_and_st_and_return;
+		}
+		tmp->pNext = devlist;
+		tmp->descURL = tmp->buffer;
+		tmp->st = tmp->buffer + 1 + urlsize;
+		memcpy(tmp->buffer, url, urlsize);
+		tmp->buffer[urlsize] = '\0';
+		memcpy(tmp->st, st, stsize);
+		tmp->buffer[urlsize+1+stsize] = '\0';
+		free(url);
+		free(st);
+		url = NULL;
+		st = NULL;
+		tmp->usn = tmp->buffer + 1 + urlsize + 1 + stsize;
+		READ_COPY_BUFFER(tmp->usn, usnsize);
+		if(n<=0) {
+			if (error)
+				*error = MINISSDPC_INVALID_SERVER_REPLY;
+			goto free_tmp_and_return;
+		}
+		tmp->buffer[urlsize+1+stsize+1+usnsize] = '\0';
+		tmp->scope_id = 0;	/* default value. scope_id is not available with MiniSSDPd */
+		devlist = tmp;
+	}
+	if (error)
+		*error = MINISSDPC_SUCCESS;
+	return devlist;
+
+free_url_and_st_and_return:
+	free(st);
+free_url_and_return:
+	free(url);
+	return devlist;
+
+free_tmp_and_return:
+	free(tmp);
+	return devlist;
+}
+
+#endif /* !(defined(_WIN32) || defined(__amigaos__) || defined(__amigaos4__)) */
+
+/* parseMSEARCHReply()
+ * the last 4 arguments are filled during the parsing :
+ *    - location/locationsize : "location:" field of the SSDP reply packet
+ *    - st/stsize : "st:" field of the SSDP reply packet.
+ * The strings are NOT null terminated */
+static void
+parseMSEARCHReply(const char * reply, int size,
+                  const char * * location, int * locationsize,
+			      const char * * st, int * stsize,
+			      const char * * usn, int * usnsize)
+{
+	int a, b, i;
+	i = 0;
+	a = i;	/* start of the line */
+	b = 0;	/* end of the "header" (position of the colon) */
+	while(i<size)
+	{
+		switch(reply[i])
+		{
+		case ':':
+				if(b==0)
+				{
+					b = i; /* end of the "header" */
+					/*for(j=a; j<b; j++)
+					{
+						putchar(reply[j]);
+					}
+					*/
+				}
+				break;
+		case '\x0a':
+		case '\x0d':
+				if(b!=0)
+				{
+					/*for(j=b+1; j<i; j++)
+					{
+						putchar(reply[j]);
+					}
+					putchar('\n');*/
+					/* skip the colon and white spaces */
+					do { b++; } while(reply[b]==' ');
+					if(0==strncasecmp(reply+a, "location", 8))
+					{
+						*location = reply+b;
+						*locationsize = i-b;
+					}
+					else if(0==strncasecmp(reply+a, "st", 2))
+					{
+						*st = reply+b;
+						*stsize = i-b;
+					}
+					else if(0==strncasecmp(reply+a, "usn", 3))
+					{
+						*usn = reply+b;
+						*usnsize = i-b;
+					}
+					b = 0;
+				}
+				a = i+1;
+				break;
+		default:
+				break;
+		}
+		i++;
+	}
+}
+
+/* port upnp discover : SSDP protocol */
+#define SSDP_PORT 1900
+#define XSTR(s) STR(s)
+#define STR(s) #s
+#define UPNP_MCAST_ADDR "239.255.255.250"
+/* for IPv6 */
+#define UPNP_MCAST_LL_ADDR "FF02::C" /* link-local */
+#define UPNP_MCAST_SL_ADDR "FF05::C" /* site-local */
+
+/* direct discovery if minissdpd responses are not sufficient */
+/* ssdpDiscoverDevices() :
+ * return a chained list of all devices found or NULL if
+ * no devices was found.
+ * It is up to the caller to free the chained list
+ * delay is in millisecond (poll).
+ * UDA v1.1 says :
+ *   The TTL for the IP packet SHOULD default to 2 and
+ *   SHOULD be configurable. */
+struct UPNPDev *
+ssdpDiscoverDevices(const char * const deviceTypes[],
+                    int delay, const char * multicastif,
+                    int localport,
+                    int ipv6, unsigned char ttl,
+                    int * error,
+                    int searchalltypes)
+{
+	struct UPNPDev * tmp;
+	struct UPNPDev * devlist = 0;
+	unsigned int scope_id = 0;
+	int opt = 1;
+	static const char MSearchMsgFmt[] =
+	"M-SEARCH * HTTP/1.1\r\n"
+	"HOST: %s:" XSTR(SSDP_PORT) "\r\n"
+	"ST: %s\r\n"
+	"MAN: \"ssdp:discover\"\r\n"
+	"MX: %u\r\n"
+	"\r\n";
+	int deviceIndex;
+	char bufr[1536];	/* reception and emission buffer */
+	int sudp;
+	int n;
+	struct sockaddr_storage sockudp_r;
+	unsigned int mx;
+#ifdef NO_GETADDRINFO
+	struct sockaddr_storage sockudp_w;
+#else
+	int rv;
+	struct addrinfo hints, *servinfo, *p;
+#endif
+#ifdef _WIN32
+	MIB_IPFORWARDROW ip_forward;
+	unsigned long _ttl = (unsigned long)ttl;
+#endif
+	int linklocal = 1;
+
+	if(error)
+		*error = MINISSDPC_UNKNOWN_ERROR;
+
+	if(localport==UPNP_LOCAL_PORT_SAME)
+		localport = SSDP_PORT;
+
+#ifdef _WIN32
+	sudp = socket(ipv6 ? PF_INET6 : PF_INET, SOCK_DGRAM, IPPROTO_UDP);
+#else
+	sudp = socket(ipv6 ? PF_INET6 : PF_INET, SOCK_DGRAM, 0);
+#endif
+	if(sudp < 0)
+	{
+		if(error)
+			*error = MINISSDPC_SOCKET_ERROR;
+		PRINT_SOCKET_ERROR("socket");
+		return NULL;
+	}
+	/* reception */
+	memset(&sockudp_r, 0, sizeof(struct sockaddr_storage));
+	if(ipv6) {
+		struct sockaddr_in6 * p = (struct sockaddr_in6 *)&sockudp_r;
+		p->sin6_family = AF_INET6;
+		if(localport > 0 && localport < 65536)
+			p->sin6_port = htons((unsigned short)localport);
+		p->sin6_addr = in6addr_any; /* in6addr_any is not available with MinGW32 3.4.2 */
+	} else {
+		struct sockaddr_in * p = (struct sockaddr_in *)&sockudp_r;
+		p->sin_family = AF_INET;
+		if(localport > 0 && localport < 65536)
+			p->sin_port = htons((unsigned short)localport);
+		p->sin_addr.s_addr = INADDR_ANY;
+	}
+#ifdef _WIN32
+/* This code could help us to use the right Network interface for
+ * SSDP multicast traffic */
+/* Get IP associated with the index given in the ip_forward struct
+ * in order to give this ip to setsockopt(sudp, IPPROTO_IP, IP_MULTICAST_IF) */
+	if(!ipv6
+	   && (GetBestRoute(inet_addr("223.255.255.255"), 0, &ip_forward) == NO_ERROR)) {
+		DWORD dwRetVal = 0;
+		PMIB_IPADDRTABLE pIPAddrTable;
+		DWORD dwSize = 0;
+#ifdef DEBUG
+		IN_ADDR IPAddr;
+#endif
+		int i;
+#ifdef DEBUG
+		printf("ifIndex=%lu nextHop=%lx \n", ip_forward.dwForwardIfIndex, ip_forward.dwForwardNextHop);
+#endif
+		pIPAddrTable = (MIB_IPADDRTABLE *) malloc(sizeof (MIB_IPADDRTABLE));
+		if(pIPAddrTable) {
+			if (GetIpAddrTable(pIPAddrTable, &dwSize, 0) == ERROR_INSUFFICIENT_BUFFER) {
+				free(pIPAddrTable);
+				pIPAddrTable = (MIB_IPADDRTABLE *) malloc(dwSize);
+			}
+		}
+		if(pIPAddrTable) {
+			dwRetVal = GetIpAddrTable( pIPAddrTable, &dwSize, 0 );
+			if (dwRetVal == NO_ERROR) {
+#ifdef DEBUG
+				printf("\tNum Entries: %ld\n", pIPAddrTable->dwNumEntries);
+#endif
+				for (i=0; i < (int) pIPAddrTable->dwNumEntries; i++) {
+#ifdef DEBUG
+					printf("\n\tInterface Index[%d]:\t%ld\n", i, pIPAddrTable->table[i].dwIndex);
+					IPAddr.S_un.S_addr = (u_long) pIPAddrTable->table[i].dwAddr;
+					printf("\tIP Address[%d]:     \t%s\n", i, inet_ntoa(IPAddr) );
+					IPAddr.S_un.S_addr = (u_long) pIPAddrTable->table[i].dwMask;
+					printf("\tSubnet Mask[%d]:    \t%s\n", i, inet_ntoa(IPAddr) );
+					IPAddr.S_un.S_addr = (u_long) pIPAddrTable->table[i].dwBCastAddr;
+					printf("\tBroadCast[%d]:      \t%s (%ld)\n", i, inet_ntoa(IPAddr), pIPAddrTable->table[i].dwBCastAddr);
+					printf("\tReassembly size[%d]:\t%ld\n", i, pIPAddrTable->table[i].dwReasmSize);
+					printf("\tType and State[%d]:", i);
+					printf("\n");
+#endif
+					if (pIPAddrTable->table[i].dwIndex == ip_forward.dwForwardIfIndex) {
+						/* Set the address of this interface to be used */
+						struct in_addr mc_if;
+						memset(&mc_if, 0, sizeof(mc_if));
+						mc_if.s_addr = pIPAddrTable->table[i].dwAddr;
+						if(setsockopt(sudp, IPPROTO_IP, IP_MULTICAST_IF, (const char *)&mc_if, sizeof(mc_if)) < 0) {
+							PRINT_SOCKET_ERROR("setsockopt");
+						}
+						((struct sockaddr_in *)&sockudp_r)->sin_addr.s_addr = pIPAddrTable->table[i].dwAddr;
+#ifndef DEBUG
+						break;
+#endif
+					}
+				}
+			}
+			free(pIPAddrTable);
+			pIPAddrTable = NULL;
+		}
+	}
+#endif	/* _WIN32 */
+
+#ifdef _WIN32
+	if (setsockopt(sudp, SOL_SOCKET, SO_REUSEADDR, (const char *)&opt, sizeof (opt)) < 0)
+#else
+	if (setsockopt(sudp, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof (opt)) < 0)
+#endif
+	{
+		if(error)
+			*error = MINISSDPC_SOCKET_ERROR;
+		PRINT_SOCKET_ERROR("setsockopt(SO_REUSEADDR,...)");
+		return NULL;
+	}
+
+#ifdef _WIN32
+	if(setsockopt(sudp, IPPROTO_IP, IP_MULTICAST_TTL, (const char *)&_ttl, sizeof(_ttl)) < 0)
+#else  /* _WIN32 */
+	if(setsockopt(sudp, IPPROTO_IP, IP_MULTICAST_TTL, &ttl, sizeof(ttl)) < 0)
+#endif /* _WIN32 */
+	{
+		/* not a fatal error */
+		PRINT_SOCKET_ERROR("setsockopt(IP_MULTICAST_TTL,...)");
+	}
+
+	if(multicastif)
+	{
+		if(ipv6) {
+#if !defined(_WIN32)
+			/* according to MSDN, if_nametoindex() is supported since
+			 * MS Windows Vista and MS Windows Server 2008.
+			 * http://msdn.microsoft.com/en-us/library/bb408409%28v=vs.85%29.aspx */
+			unsigned int ifindex = if_nametoindex(multicastif); /* eth0, etc. */
+			if(setsockopt(sudp, IPPROTO_IPV6, IPV6_MULTICAST_IF, &ifindex, sizeof(ifindex)) < 0)
+			{
+				PRINT_SOCKET_ERROR("setsockopt");
+			}
+#else
+#ifdef DEBUG
+			printf("Setting of multicast interface not supported in IPv6 under Windows.\n");
+#endif
+#endif
+		} else {
+			struct in_addr mc_if;
+			mc_if.s_addr = inet_addr(multicastif); /* ex: 192.168.x.x */
+			if(mc_if.s_addr != INADDR_NONE)
+			{
+				((struct sockaddr_in *)&sockudp_r)->sin_addr.s_addr = mc_if.s_addr;
+				if(setsockopt(sudp, IPPROTO_IP, IP_MULTICAST_IF, (const char *)&mc_if, sizeof(mc_if)) < 0)
+				{
+					PRINT_SOCKET_ERROR("setsockopt");
+				}
+			} else {
+#ifdef HAS_IP_MREQN
+				/* was not an ip address, try with an interface name */
+				struct ip_mreqn reqn;	/* only defined with -D_BSD_SOURCE or -D_GNU_SOURCE */
+				memset(&reqn, 0, sizeof(struct ip_mreqn));
+				reqn.imr_ifindex = if_nametoindex(multicastif);
+				if(setsockopt(sudp, IPPROTO_IP, IP_MULTICAST_IF, (const char *)&reqn, sizeof(reqn)) < 0)
+				{
+					PRINT_SOCKET_ERROR("setsockopt");
+				}
+#elif !defined(_WIN32)
+				struct ifreq ifr;
+				int ifrlen = sizeof(ifr);
+				strncpy(ifr.ifr_name, multicastif, IFNAMSIZ);
+				ifr.ifr_name[IFNAMSIZ-1] = '\0';
+				if(ioctl(sudp, SIOCGIFADDR, &ifr, &ifrlen) < 0)
+				{
+					PRINT_SOCKET_ERROR("ioctl(...SIOCGIFADDR...)");
+				}
+				mc_if.s_addr = ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr;
+				if(setsockopt(sudp, IPPROTO_IP, IP_MULTICAST_IF, (const char *)&mc_if, sizeof(mc_if)) < 0)
+				{
+					PRINT_SOCKET_ERROR("setsockopt");
+				}
+#else /* _WIN32 */
+#ifdef DEBUG
+				printf("Setting of multicast interface not supported with interface name.\n");
+#endif
+#endif /* #ifdef HAS_IP_MREQN / !defined(_WIN32) */
+			}
+		}
+	}
+
+	/* Before sending the packed, we first "bind" in order to be able
+	 * to receive the response */
+	if (bind(sudp, (const struct sockaddr *)&sockudp_r,
+	         ipv6 ? sizeof(struct sockaddr_in6) : sizeof(struct sockaddr_in)) != 0)
+	{
+		if(error)
+			*error = MINISSDPC_SOCKET_ERROR;
+		PRINT_SOCKET_ERROR("bind");
+		closesocket(sudp);
+		return NULL;
+	}
+
+	if(error)
+		*error = MINISSDPC_SUCCESS;
+	/* Calculating maximum response time in seconds */
+	mx = ((unsigned int)delay) / 1000u;
+	if(mx == 0) {
+		mx = 1;
+		delay = 1000;
+	}
+	/* receiving SSDP response packet */
+	for(deviceIndex = 0; deviceTypes[deviceIndex]; deviceIndex++) {
+		/* sending the SSDP M-SEARCH packet */
+		n = snprintf(bufr, sizeof(bufr),
+		             MSearchMsgFmt,
+		             ipv6 ?
+		             (linklocal ? "[" UPNP_MCAST_LL_ADDR "]" :  "[" UPNP_MCAST_SL_ADDR "]")
+		             : UPNP_MCAST_ADDR,
+		             deviceTypes[deviceIndex], mx);
+		if ((unsigned int)n >= sizeof(bufr)) {
+			if(error)
+				*error = MINISSDPC_MEMORY_ERROR;
+			goto error;
+		}
+#ifdef DEBUG
+		/*printf("Sending %s", bufr);*/
+		printf("Sending M-SEARCH request to %s with ST: %s\n",
+		       ipv6 ?
+		       (linklocal ? "[" UPNP_MCAST_LL_ADDR "]" :  "[" UPNP_MCAST_SL_ADDR "]")
+		       : UPNP_MCAST_ADDR,
+		       deviceTypes[deviceIndex]);
+#endif
+#ifdef NO_GETADDRINFO
+		/* the following code is not using getaddrinfo */
+		/* emission */
+		memset(&sockudp_w, 0, sizeof(struct sockaddr_storage));
+		if(ipv6) {
+			struct sockaddr_in6 * p = (struct sockaddr_in6 *)&sockudp_w;
+			p->sin6_family = AF_INET6;
+			p->sin6_port = htons(SSDP_PORT);
+			inet_pton(AF_INET6,
+			          linklocal ? UPNP_MCAST_LL_ADDR : UPNP_MCAST_SL_ADDR,
+			          &(p->sin6_addr));
+		} else {
+			struct sockaddr_in * p = (struct sockaddr_in *)&sockudp_w;
+			p->sin_family = AF_INET;
+			p->sin_port = htons(SSDP_PORT);
+			p->sin_addr.s_addr = inet_addr(UPNP_MCAST_ADDR);
+		}
+		n = sendto(sudp, bufr, n, 0, &sockudp_w,
+		           ipv6 ? sizeof(struct sockaddr_in6) : sizeof(struct sockaddr_in));
+		if (n < 0) {
+			if(error)
+				*error = MINISSDPC_SOCKET_ERROR;
+			PRINT_SOCKET_ERROR("sendto");
+			break;
+		}
+#else /* #ifdef NO_GETADDRINFO */
+		memset(&hints, 0, sizeof(hints));
+		hints.ai_family = AF_UNSPEC; /* AF_INET6 or AF_INET */
+		hints.ai_socktype = SOCK_DGRAM;
+		/*hints.ai_flags = */
+		if ((rv = getaddrinfo(ipv6
+		                      ? (linklocal ? UPNP_MCAST_LL_ADDR : UPNP_MCAST_SL_ADDR)
+		                      : UPNP_MCAST_ADDR,
+		                      XSTR(SSDP_PORT), &hints, &servinfo)) != 0) {
+			if(error)
+				*error = MINISSDPC_SOCKET_ERROR;
+#ifdef _WIN32
+			fprintf(stderr, "getaddrinfo() failed: %d\n", rv);
+#else
+			fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(rv));
+#endif
+			break;
+		}
+		for(p = servinfo; p; p = p->ai_next) {
+			n = sendto(sudp, bufr, n, 0, p->ai_addr, p->ai_addrlen);
+			if (n < 0) {
+#ifdef DEBUG
+				char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
+				if (getnameinfo(p->ai_addr, p->ai_addrlen, hbuf, sizeof(hbuf), sbuf,
+				                sizeof(sbuf), NI_NUMERICHOST | NI_NUMERICSERV) == 0) {
+					fprintf(stderr, "host:%s port:%s\n", hbuf, sbuf);
+				}
+#endif
+				PRINT_SOCKET_ERROR("sendto");
+				continue;
+			}
+		}
+		freeaddrinfo(servinfo);
+		if(n < 0) {
+			if(error)
+				*error = MINISSDPC_SOCKET_ERROR;
+			break;
+		}
+#endif /* #ifdef NO_GETADDRINFO */
+		/* Waiting for SSDP REPLY packet to M-SEARCH
+		 * if searchalltypes is set, enter the loop only
+		 * when the last deviceType is reached */
+		if(!searchalltypes || !deviceTypes[deviceIndex + 1]) do {
+			n = receivedata(sudp, bufr, sizeof(bufr), delay, &scope_id);
+			if (n < 0) {
+				/* error */
+				if(error)
+					*error = MINISSDPC_SOCKET_ERROR;
+				goto error;
+			} else if (n == 0) {
+				/* no data or Time Out */
+#ifdef DEBUG
+				printf("NODATA or TIMEOUT\n");
+#endif /* DEBUG */
+				if (devlist && !searchalltypes) {
+					/* found some devices, stop now*/
+					if(error)
+						*error = MINISSDPC_SUCCESS;
+					goto error;
+				}
+			} else {
+				const char * descURL=NULL;
+				int urlsize=0;
+				const char * st=NULL;
+				int stsize=0;
+				const char * usn=NULL;
+				int usnsize=0;
+				parseMSEARCHReply(bufr, n, &descURL, &urlsize, &st, &stsize, &usn, &usnsize);
+				if(st&&descURL) {
+#ifdef DEBUG
+					printf("M-SEARCH Reply:\n  ST: %.*s\n  USN: %.*s\n  Location: %.*s\n",
+					       stsize, st, usnsize, (usn?usn:""), urlsize, descURL);
+#endif /* DEBUG */
+					for(tmp=devlist; tmp; tmp = tmp->pNext) {
+						if(memcmp(tmp->descURL, descURL, urlsize) == 0 &&
+						   tmp->descURL[urlsize] == '\0' &&
+						   memcmp(tmp->st, st, stsize) == 0 &&
+						   tmp->st[stsize] == '\0' &&
+						   (usnsize == 0 || memcmp(tmp->usn, usn, usnsize) == 0) &&
+						   tmp->usn[usnsize] == '\0')
+							break;
+					}
+					/* at the exit of the loop above, tmp is null if
+					 * no duplicate device was found */
+					if(tmp)
+						continue;
+					tmp = (struct UPNPDev *)malloc(sizeof(struct UPNPDev)+urlsize+stsize+usnsize);
+					if(!tmp) {
+						/* memory allocation error */
+						if(error)
+							*error = MINISSDPC_MEMORY_ERROR;
+						goto error;
+					}
+					tmp->pNext = devlist;
+					tmp->descURL = tmp->buffer;
+					tmp->st = tmp->buffer + 1 + urlsize;
+					tmp->usn = tmp->st + 1 + stsize;
+					memcpy(tmp->buffer, descURL, urlsize);
+					tmp->buffer[urlsize] = '\0';
+					memcpy(tmp->st, st, stsize);
+					tmp->buffer[urlsize+1+stsize] = '\0';
+					if(usn != NULL)
+						memcpy(tmp->usn, usn, usnsize);
+					tmp->buffer[urlsize+1+stsize+1+usnsize] = '\0';
+					tmp->scope_id = scope_id;
+					devlist = tmp;
+				}
+			}
+		} while(n > 0);
+		if(ipv6) {
+			/* switch linklocal flag */
+			if(linklocal) {
+				linklocal = 0;
+				--deviceIndex;
+			} else {
+				linklocal = 1;
+			}
+		}
+	}
+error:
+	closesocket(sudp);
+	return devlist;
+}
+
diff --git a/ext/miniupnpc/minissdpc.h b/ext/miniupnpc/minissdpc.h
new file mode 100644
index 0000000..a5c622b
--- /dev/null
+++ b/ext/miniupnpc/minissdpc.h
@@ -0,0 +1,58 @@
+/* $Id: minissdpc.h,v 1.7 2015/10/08 16:15:47 nanard Exp $ */
+/* Project: miniupnp
+ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
+ * Author: Thomas Bernard
+ * Copyright (c) 2005-2015 Thomas Bernard
+ * This software is subjects to the conditions detailed
+ * in the LICENCE file provided within this distribution */
+#ifndef MINISSDPC_H_INCLUDED
+#define MINISSDPC_H_INCLUDED
+
+#include "miniupnpc_declspec.h"
+#include "upnpdev.h"
+
+/* error codes : */
+#define MINISSDPC_SUCCESS (0)
+#define MINISSDPC_UNKNOWN_ERROR (-1)
+#define MINISSDPC_SOCKET_ERROR (-101)
+#define MINISSDPC_MEMORY_ERROR (-102)
+#define MINISSDPC_INVALID_INPUT (-103)
+#define MINISSDPC_INVALID_SERVER_REPLY (-104)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if !(defined(_WIN32) || defined(__amigaos__) || defined(__amigaos4__))
+
+MINIUPNP_LIBSPEC struct UPNPDev *
+getDevicesFromMiniSSDPD(const char * devtype, const char * socketpath, int * error);
+
+MINIUPNP_LIBSPEC int
+connectToMiniSSDPD(const char * socketpath);
+
+MINIUPNP_LIBSPEC int
+disconnectFromMiniSSDPD(int fd);
+
+MINIUPNP_LIBSPEC int
+requestDevicesFromMiniSSDPD(int fd, const char * devtype);
+
+MINIUPNP_LIBSPEC struct UPNPDev *
+receiveDevicesFromMiniSSDPD(int fd, int * error);
+
+#endif /* !(defined(_WIN32) || defined(__amigaos__) || defined(__amigaos4__)) */
+
+MINIUPNP_LIBSPEC struct UPNPDev *
+ssdpDiscoverDevices(const char * const deviceTypes[],
+                    int delay, const char * multicastif,
+                    int localport,
+                    int ipv6, unsigned char ttl,
+                    int * error,
+                    int searchalltypes);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/ext/miniupnpc/miniupnpc.c b/ext/miniupnpc/miniupnpc.c
new file mode 100644
index 0000000..68d562f
--- /dev/null
+++ b/ext/miniupnpc/miniupnpc.c
@@ -0,0 +1,724 @@
+#define _CRT_SECURE_NO_WARNINGS
+
+/* $Id: miniupnpc.c,v 1.149 2016/02/09 09:50:46 nanard Exp $ */
+/* vim: tabstop=4 shiftwidth=4 noexpandtab
+ * Project : miniupnp
+ * Web : http://miniupnp.free.fr/
+ * Author : Thomas BERNARD
+ * copyright (c) 2005-2016 Thomas Bernard
+ * This software is subjet to the conditions detailed in the
+ * provided LICENSE file. */
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#ifdef _WIN32
+/* Win32 Specific includes and defines */
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#include <io.h>
+#include <iphlpapi.h>
+#define snprintf _snprintf
+#define strdup _strdup
+#ifndef strncasecmp
+#if defined(_MSC_VER) && (_MSC_VER >= 1400)
+#define strncasecmp _memicmp
+#else /* defined(_MSC_VER) && (_MSC_VER >= 1400) */
+#define strncasecmp memicmp
+#endif /* defined(_MSC_VER) && (_MSC_VER >= 1400) */
+#endif /* #ifndef strncasecmp */
+#define MAXHOSTNAMELEN 64
+#else /* #ifdef _WIN32 */
+/* Standard POSIX includes */
+#include <unistd.h>
+#if defined(__amigaos__) && !defined(__amigaos4__)
+/* Amiga OS 3 specific stuff */
+#define socklen_t int
+#else
+#include <sys/select.h>
+#endif
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <net/if.h>
+#if !defined(__amigaos__) && !defined(__amigaos4__)
+#include <poll.h>
+#endif
+#include <strings.h>
+#include <errno.h>
+#define closesocket close
+#endif /* #else _WIN32 */
+#ifdef __GNU__
+#define MAXHOSTNAMELEN 64
+#endif
+
+
+#include "miniupnpc.h"
+#include "minissdpc.h"
+#include "miniwget.h"
+#include "minisoap.h"
+#include "minixml.h"
+#include "upnpcommands.h"
+#include "connecthostport.h"
+
+/* compare the begining of a string with a constant string */
+#define COMPARE(str, cstr) (0==memcmp(str, cstr, sizeof(cstr) - 1))
+
+#ifndef MAXHOSTNAMELEN
+#define MAXHOSTNAMELEN 64
+#endif
+
+#define SOAPPREFIX "s"
+#define SERVICEPREFIX "u"
+#define SERVICEPREFIX2 'u'
+
+/* check if an ip address is a private (LAN) address
+ * see https://tools.ietf.org/html/rfc1918 */
+static int is_rfc1918addr(const char * addr)
+{
+	/* 192.168.0.0     -   192.168.255.255 (192.168/16 prefix) */
+	if(COMPARE(addr, "192.168."))
+		return 1;
+	/* 10.0.0.0        -   10.255.255.255  (10/8 prefix) */
+	if(COMPARE(addr, "10."))
+		return 1;
+	/* 172.16.0.0      -   172.31.255.255  (172.16/12 prefix) */
+	if(COMPARE(addr, "172.")) {
+		int i = atoi(addr + 4);
+		if((16 <= i) && (i <= 31))
+			return 1;
+	}
+	return 0;
+}
+
+/* root description parsing */
+MINIUPNP_LIBSPEC void parserootdesc(const char * buffer, int bufsize, struct IGDdatas * data)
+{
+	struct xmlparser parser;
+	/* xmlparser object */
+	parser.xmlstart = buffer;
+	parser.xmlsize = bufsize;
+	parser.data = data;
+	parser.starteltfunc = IGDstartelt;
+	parser.endeltfunc = IGDendelt;
+	parser.datafunc = IGDdata;
+	parser.attfunc = 0;
+	parsexml(&parser);
+#ifdef DEBUG
+	printIGD(data);
+#endif
+}
+
+/* simpleUPnPcommand2 :
+ * not so simple !
+ * return values :
+ *   pointer - OK
+ *   NULL - error */
+char * simpleUPnPcommand2(int s, const char * url, const char * service,
+		       const char * action, struct UPNParg * args,
+		       int * bufsize, const char * httpversion)
+{
+	char hostname[MAXHOSTNAMELEN+1];
+	unsigned short port = 0;
+	char * path;
+	char soapact[128];
+	char soapbody[2048];
+	int soapbodylen;
+	char * buf;
+	int n;
+	int status_code;
+
+	*bufsize = 0;
+	snprintf(soapact, sizeof(soapact), "%s#%s", service, action);
+	if(args==NULL)
+	{
+		soapbodylen = snprintf(soapbody, sizeof(soapbody),
+						  "<?xml version=\"1.0\"?>\r\n"
+						  "<" SOAPPREFIX ":Envelope "
+						  "xmlns:" SOAPPREFIX "=\"http://schemas.xmlsoap.org/soap/envelope/\" "
+						  SOAPPREFIX ":encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">"
+						  "<" SOAPPREFIX ":Body>"
+						  "<" SERVICEPREFIX ":%s xmlns:" SERVICEPREFIX "=\"%s\">"
+						  "</" SERVICEPREFIX ":%s>"
+						  "</" SOAPPREFIX ":Body></" SOAPPREFIX ":Envelope>"
+						  "\r\n", action, service, action);
+		if ((unsigned int)soapbodylen >= sizeof(soapbody))
+			return NULL;
+	}
+	else
+	{
+		char * p;
+		const char * pe, * pv;
+		const char * const pend = soapbody + sizeof(soapbody);
+		soapbodylen = snprintf(soapbody, sizeof(soapbody),
+						"<?xml version=\"1.0\"?>\r\n"
+						"<" SOAPPREFIX ":Envelope "
+						"xmlns:" SOAPPREFIX "=\"http://schemas.xmlsoap.org/soap/envelope/\" "
+						SOAPPREFIX ":encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">"
+						"<" SOAPPREFIX ":Body>"
+						"<" SERVICEPREFIX ":%s xmlns:" SERVICEPREFIX "=\"%s\">",
+						action, service);
+		if ((unsigned int)soapbodylen >= sizeof(soapbody))
+			return NULL;
+		p = soapbody + soapbodylen;
+		while(args->elt)
+		{
+			if(p >= pend) /* check for space to write next byte */
+				return NULL;
+			*(p++) = '<';
+
+			pe = args->elt;
+			while(p < pend && *pe)
+				*(p++) = *(pe++);
+
+			if(p >= pend) /* check for space to write next byte */
+				return NULL;
+			*(p++) = '>';
+
+			if((pv = args->val))
+			{
+				while(p < pend && *pv)
+					*(p++) = *(pv++);
+			}
+
+			if((p+2) > pend) /* check for space to write next 2 bytes */
+				return NULL;
+			*(p++) = '<';
+			*(p++) = '/';
+
+			pe = args->elt;
+			while(p < pend && *pe)
+				*(p++) = *(pe++);
+
+			if(p >= pend) /* check for space to write next byte */
+				return NULL;
+			*(p++) = '>';
+
+			args++;
+		}
+		if((p+4) > pend) /* check for space to write next 4 bytes */
+			return NULL;
+		*(p++) = '<';
+		*(p++) = '/';
+		*(p++) = SERVICEPREFIX2;
+		*(p++) = ':';
+
+		pe = action;
+		while(p < pend && *pe)
+			*(p++) = *(pe++);
+
+		strncpy(p, "></" SOAPPREFIX ":Body></" SOAPPREFIX ":Envelope>\r\n",
+		        pend - p);
+		if(soapbody[sizeof(soapbody)-1]) /* strncpy pads buffer with 0s, so if it doesn't end in 0, could not fit full string */
+			return NULL;
+	}
+	if(!parseURL(url, hostname, &port, &path, NULL)) return NULL;
+	if(s < 0) {
+		s = connecthostport(hostname, port, 0);
+		if(s < 0) {
+			/* failed to connect */
+			return NULL;
+		}
+	}
+
+	n = soapPostSubmit(s, path, hostname, port, soapact, soapbody, httpversion);
+	if(n<=0) {
+#ifdef DEBUG
+		printf("Error sending SOAP request\n");
+#endif
+		closesocket(s);
+		return NULL;
+	}
+
+	buf = getHTTPResponse(s, bufsize, &status_code);
+#ifdef DEBUG
+	if(*bufsize > 0 && buf)
+	{
+		printf("HTTP %d SOAP Response :\n%.*s\n", status_code, *bufsize, buf);
+	}
+	else
+	{
+		printf("HTTP %d, empty SOAP response. size=%d\n", status_code, *bufsize);
+	}
+#endif
+	closesocket(s);
+	return buf;
+}
+
+/* simpleUPnPcommand :
+ * not so simple !
+ * return values :
+ *   pointer - OK
+ *   NULL    - error */
+char * simpleUPnPcommand(int s, const char * url, const char * service,
+		       const char * action, struct UPNParg * args,
+		       int * bufsize)
+{
+	char * buf;
+
+#if 1
+	buf = simpleUPnPcommand2(s, url, service, action, args, bufsize, "1.1");
+#else
+	buf = simpleUPnPcommand2(s, url, service, action, args, bufsize, "1.0");
+	if (!buf || *bufsize == 0)
+	{
+#if DEBUG
+	    printf("Error or no result from SOAP request; retrying with HTTP/1.1\n");
+#endif
+		buf = simpleUPnPcommand2(s, url, service, action, args, bufsize, "1.1");
+	}
+#endif
+	return buf;
+}
+
+/* upnpDiscoverDevices() :
+ * return a chained list of all devices found or NULL if
+ * no devices was found.
+ * It is up to the caller to free the chained list
+ * delay is in millisecond (poll).
+ * UDA v1.1 says :
+ *   The TTL for the IP packet SHOULD default to 2 and
+ *   SHOULD be configurable. */
+MINIUPNP_LIBSPEC struct UPNPDev *
+upnpDiscoverDevices(const char * const deviceTypes[],
+                    int delay, const char * multicastif,
+                    const char * minissdpdsock, int localport,
+                    int ipv6, unsigned char ttl,
+                    int * error,
+                    int searchalltypes)
+{
+	struct UPNPDev * tmp;
+	struct UPNPDev * devlist = 0;
+#if !defined(_WIN32) && !defined(__amigaos__) && !defined(__amigaos4__)
+	int deviceIndex;
+#endif /* !defined(_WIN32) && !defined(__amigaos__) && !defined(__amigaos4__) */
+
+	if(error)
+		*error = UPNPDISCOVER_UNKNOWN_ERROR;
+#if !defined(_WIN32) && !defined(__amigaos__) && !defined(__amigaos4__)
+	/* first try to get infos from minissdpd ! */
+	if(!minissdpdsock)
+		minissdpdsock = "/var/run/minissdpd.sock";
+	for(deviceIndex = 0; deviceTypes[deviceIndex]; deviceIndex++) {
+		struct UPNPDev * minissdpd_devlist;
+		int only_rootdevice = 1;
+		minissdpd_devlist = getDevicesFromMiniSSDPD(deviceTypes[deviceIndex],
+		                                            minissdpdsock, 0);
+		if(minissdpd_devlist) {
+#ifdef DEBUG
+			printf("returned by MiniSSDPD: %s\t%s\n",
+			       minissdpd_devlist->st, minissdpd_devlist->descURL);
+#endif /* DEBUG */
+			if(!strstr(minissdpd_devlist->st, "rootdevice"))
+				only_rootdevice = 0;
+			for(tmp = minissdpd_devlist; tmp->pNext != NULL; tmp = tmp->pNext) {
+#ifdef DEBUG
+				printf("returned by MiniSSDPD: %s\t%s\n",
+				       tmp->pNext->st, tmp->pNext->descURL);
+#endif /* DEBUG */
+				if(!strstr(tmp->st, "rootdevice"))
+					only_rootdevice = 0;
+			}
+			tmp->pNext = devlist;
+			devlist = minissdpd_devlist;
+			if(!searchalltypes && !only_rootdevice)
+				break;
+		}
+	}
+	for(tmp = devlist; tmp != NULL; tmp = tmp->pNext) {
+		/* We return what we have found if it was not only a rootdevice */
+		if(!strstr(tmp->st, "rootdevice")) {
+			if(error)
+				*error = UPNPDISCOVER_SUCCESS;
+			return devlist;
+		}
+	}
+#endif	/* !defined(_WIN32) && !defined(__amigaos__) && !defined(__amigaos4__) */
+
+	/* direct discovery if minissdpd responses are not sufficient */
+	{
+		struct UPNPDev * discovered_devlist;
+		discovered_devlist = ssdpDiscoverDevices(deviceTypes, delay, multicastif, localport,
+		                                         ipv6, ttl, error, searchalltypes);
+		if(devlist == NULL)
+			devlist = discovered_devlist;
+		else {
+			for(tmp = devlist; tmp->pNext != NULL; tmp = tmp->pNext);
+			tmp->pNext = discovered_devlist;
+		}
+	}
+	return devlist;
+}
+
+/* upnpDiscover() Discover IGD device */
+MINIUPNP_LIBSPEC struct UPNPDev *
+upnpDiscover(int delay, const char * multicastif,
+             const char * minissdpdsock, int localport,
+             int ipv6, unsigned char ttl,
+             int * error)
+{
+	static const char * const deviceList[] = {
+#if 0
+		"urn:schemas-upnp-org:device:InternetGatewayDevice:2",
+		"urn:schemas-upnp-org:service:WANIPConnection:2",
+#endif
+		"urn:schemas-upnp-org:device:InternetGatewayDevice:1",
+		"urn:schemas-upnp-org:service:WANIPConnection:1",
+		"urn:schemas-upnp-org:service:WANPPPConnection:1",
+		"upnp:rootdevice",
+		/*"ssdp:all",*/
+		0
+	};
+	return upnpDiscoverDevices(deviceList,
+	                           delay, multicastif, minissdpdsock, localport,
+	                           ipv6, ttl, error, 0);
+}
+
+/* upnpDiscoverAll() Discover all UPnP devices */
+MINIUPNP_LIBSPEC struct UPNPDev *
+upnpDiscoverAll(int delay, const char * multicastif,
+                const char * minissdpdsock, int localport,
+                int ipv6, unsigned char ttl,
+                int * error)
+{
+	static const char * const deviceList[] = {
+		/*"upnp:rootdevice",*/
+		"ssdp:all",
+		0
+	};
+	return upnpDiscoverDevices(deviceList,
+	                           delay, multicastif, minissdpdsock, localport,
+	                           ipv6, ttl, error, 0);
+}
+
+/* upnpDiscoverDevice() Discover a specific device */
+MINIUPNP_LIBSPEC struct UPNPDev *
+upnpDiscoverDevice(const char * device, int delay, const char * multicastif,
+                const char * minissdpdsock, int localport,
+                int ipv6, unsigned char ttl,
+                int * error)
+{
+	const char * const deviceList[] = {
+		device,
+		0
+	};
+	return upnpDiscoverDevices(deviceList,
+	                           delay, multicastif, minissdpdsock, localport,
+	                           ipv6, ttl, error, 0);
+}
+
+static char *
+build_absolute_url(const char * baseurl, const char * descURL,
+                   const char * url, unsigned int scope_id)
+{
+	int l, n;
+	char * s;
+	const char * base;
+	char * p;
+#if defined(IF_NAMESIZE) && !defined(_WIN32)
+	char ifname[IF_NAMESIZE];
+#else /* defined(IF_NAMESIZE) && !defined(_WIN32) */
+	char scope_str[8];
+#endif	/* defined(IF_NAMESIZE) && !defined(_WIN32) */
+
+	if(  (url[0] == 'h')
+	   &&(url[1] == 't')
+	   &&(url[2] == 't')
+	   &&(url[3] == 'p')
+	   &&(url[4] == ':')
+	   &&(url[5] == '/')
+	   &&(url[6] == '/'))
+		return strdup(url);
+	base = (baseurl[0] == '\0') ? descURL : baseurl;
+	n = strlen(base);
+	if(n > 7) {
+		p = strchr(base + 7, '/');
+		if(p)
+			n = p - base;
+	}
+	l = n + strlen(url) + 1;
+	if(url[0] != '/')
+		l++;
+	if(scope_id != 0) {
+#if defined(IF_NAMESIZE) && !defined(_WIN32)
+		if(if_indextoname(scope_id, ifname)) {
+			l += 3 + strlen(ifname);	/* 3 == strlen(%25) */
+		}
+#else /* defined(IF_NAMESIZE) && !defined(_WIN32) */
+		/* under windows, scope is numerical */
+		l += 3 + snprintf(scope_str, sizeof(scope_str), "%u", scope_id);
+#endif /* defined(IF_NAMESIZE) && !defined(_WIN32) */
+	}
+	s = malloc(l);
+	if(s == NULL) return NULL;
+	memcpy(s, base, n);
+	if(scope_id != 0) {
+		s[n] = '\0';
+		if(0 == memcmp(s, "http://[fe80:", 13)) {
+			/* this is a linklocal IPv6 address */
+			p = strchr(s, ']');
+			if(p) {
+				/* insert %25<scope> into URL */
+#if defined(IF_NAMESIZE) && !defined(_WIN32)
+				memmove(p + 3 + strlen(ifname), p, strlen(p) + 1);
+				memcpy(p, "%25", 3);
+				memcpy(p + 3, ifname, strlen(ifname));
+				n += 3 + strlen(ifname);
+#else /* defined(IF_NAMESIZE) && !defined(_WIN32) */
+				memmove(p + 3 + strlen(scope_str), p, strlen(p) + 1);
+				memcpy(p, "%25", 3);
+				memcpy(p + 3, scope_str, strlen(scope_str));
+				n += 3 + strlen(scope_str);
+#endif /* defined(IF_NAMESIZE) && !defined(_WIN32) */
+			}
+		}
+	}
+	if(url[0] != '/')
+		s[n++] = '/';
+	memcpy(s + n, url, l - n);
+	return s;
+}
+
+/* Prepare the Urls for usage...
+ */
+MINIUPNP_LIBSPEC void
+GetUPNPUrls(struct UPNPUrls * urls, struct IGDdatas * data,
+            const char * descURL, unsigned int scope_id)
+{
+	/* strdup descURL */
+	urls->rootdescURL = strdup(descURL);
+
+	/* get description of WANIPConnection */
+	urls->ipcondescURL = build_absolute_url(data->urlbase, descURL,
+	                                        data->first.scpdurl, scope_id);
+	urls->controlURL = build_absolute_url(data->urlbase, descURL,
+	                                      data->first.controlurl, scope_id);
+	urls->controlURL_CIF = build_absolute_url(data->urlbase, descURL,
+	                                          data->CIF.controlurl, scope_id);
+	urls->controlURL_6FC = build_absolute_url(data->urlbase, descURL,
+	                                          data->IPv6FC.controlurl, scope_id);
+
+#ifdef DEBUG
+	printf("urls->ipcondescURL='%s'\n", urls->ipcondescURL);
+	printf("urls->controlURL='%s'\n", urls->controlURL);
+	printf("urls->controlURL_CIF='%s'\n", urls->controlURL_CIF);
+	printf("urls->controlURL_6FC='%s'\n", urls->controlURL_6FC);
+#endif
+}
+
+MINIUPNP_LIBSPEC void
+FreeUPNPUrls(struct UPNPUrls * urls)
+{
+	if(!urls)
+		return;
+	free(urls->controlURL);
+	urls->controlURL = 0;
+	free(urls->ipcondescURL);
+	urls->ipcondescURL = 0;
+	free(urls->controlURL_CIF);
+	urls->controlURL_CIF = 0;
+	free(urls->controlURL_6FC);
+	urls->controlURL_6FC = 0;
+	free(urls->rootdescURL);
+	urls->rootdescURL = 0;
+}
+
+int
+UPNPIGD_IsConnected(struct UPNPUrls * urls, struct IGDdatas * data)
+{
+	char status[64];
+	unsigned int uptime;
+	status[0] = '\0';
+	UPNP_GetStatusInfo(urls->controlURL, data->first.servicetype,
+	                   status, &uptime, NULL);
+	if(0 == strcmp("Connected", status))
+		return 1;
+	else if(0 == strcmp("Up", status))	/* Also accept "Up" */
+		return 1;
+	else
+		return 0;
+}
+
+
+/* UPNP_GetValidIGD() :
+ * return values :
+ *    -1 = Internal error
+ *     0 = NO IGD found
+ *     1 = A valid connected IGD has been found
+ *     2 = A valid IGD has been found but it reported as
+ *         not connected
+ *     3 = an UPnP device has been found but was not recognized as an IGD
+ *
+ * In any positive non zero return case, the urls and data structures
+ * passed as parameters are set. Dont forget to call FreeUPNPUrls(urls) to
+ * free allocated memory.
+ */
+MINIUPNP_LIBSPEC int
+UPNP_GetValidIGD(struct UPNPDev * devlist,
+                 struct UPNPUrls * urls,
+				 struct IGDdatas * data,
+				 char * lanaddr, int lanaddrlen)
+{
+	struct xml_desc {
+		char * xml;
+		int size;
+		int is_igd;
+	} * desc = NULL;
+	struct UPNPDev * dev;
+	int ndev = 0;
+	int i;
+	int state = -1; /* state 1 : IGD connected. State 2 : IGD. State 3 : anything */
+	int n_igd = 0;
+	char extIpAddr[16];
+	char myLanAddr[40];
+	int status_code = -1;
+
+	if(!devlist)
+	{
+#ifdef DEBUG
+		printf("Empty devlist\n");
+#endif
+		return 0;
+	}
+	/* counting total number of devices in the list */
+	for(dev = devlist; dev; dev = dev->pNext)
+		ndev++;
+	if(ndev > 0)
+	{
+		desc = calloc(ndev, sizeof(struct xml_desc));
+		if(!desc)
+			return -1; /* memory allocation error */
+	}
+	/* Step 1 : downloading descriptions and testing type */
+	for(dev = devlist, i = 0; dev; dev = dev->pNext, i++)
+	{
+		/* we should choose an internet gateway device.
+		 * with st == urn:schemas-upnp-org:device:InternetGatewayDevice:1 */
+		desc[i].xml = miniwget_getaddr(dev->descURL, &(desc[i].size),
+		                               myLanAddr, sizeof(myLanAddr),
+		                               dev->scope_id, &status_code);
+#ifdef DEBUG
+		if(!desc[i].xml)
+		{
+			printf("error getting XML description %s\n", dev->descURL);
+		}
+#endif
+		if(desc[i].xml)
+		{
+			memset(data, 0, sizeof(struct IGDdatas));
+			memset(urls, 0, sizeof(struct UPNPUrls));
+			parserootdesc(desc[i].xml, desc[i].size, data);
+			if(COMPARE(data->CIF.servicetype,
+			           "urn:schemas-upnp-org:service:WANCommonInterfaceConfig:"))
+			{
+				desc[i].is_igd = 1;
+				n_igd++;
+				if(lanaddr)
+					strncpy(lanaddr, myLanAddr, lanaddrlen);
+			}
+		}
+	}
+	/* iterate the list to find a device depending on state */
+	for(state = 1; state <= 3; state++)
+	{
+		for(dev = devlist, i = 0; dev; dev = dev->pNext, i++)
+		{
+			if(desc[i].xml)
+			{
+				memset(data, 0, sizeof(struct IGDdatas));
+				memset(urls, 0, sizeof(struct UPNPUrls));
+				parserootdesc(desc[i].xml, desc[i].size, data);
+				if(desc[i].is_igd || state >= 3 )
+				{
+				  int is_connected;
+
+				  GetUPNPUrls(urls, data, dev->descURL, dev->scope_id);
+
+				  /* in state 2 and 3 we dont test if device is connected ! */
+				  if(state >= 2)
+				    goto free_and_return;
+				  is_connected = UPNPIGD_IsConnected(urls, data);
+#ifdef DEBUG
+				  printf("UPNPIGD_IsConnected(%s) = %d\n",
+				     urls->controlURL, is_connected);
+#endif
+				  /* checks that status is connected AND there is a external IP address assigned */
+				  if(is_connected &&
+				     (UPNP_GetExternalIPAddress(urls->controlURL,  data->first.servicetype, extIpAddr) == 0)) {
+					if(!is_rfc1918addr(extIpAddr) && (extIpAddr[0] != '\0')
+					   && (0 != strcmp(extIpAddr, "0.0.0.0")))
+					  goto free_and_return;
+				  }
+				  FreeUPNPUrls(urls);
+				  if(data->second.servicetype[0] != '\0') {
+#ifdef DEBUG
+				    printf("We tried %s, now we try %s !\n",
+				           data->first.servicetype, data->second.servicetype);
+#endif
+				    /* swaping WANPPPConnection and WANIPConnection ! */
+				    memcpy(&data->tmp, &data->first, sizeof(struct IGDdatas_service));
+				    memcpy(&data->first, &data->second, sizeof(struct IGDdatas_service));
+				    memcpy(&data->second, &data->tmp, sizeof(struct IGDdatas_service));
+				    GetUPNPUrls(urls, data, dev->descURL, dev->scope_id);
+				    is_connected = UPNPIGD_IsConnected(urls, data);
+#ifdef DEBUG
+				    printf("UPNPIGD_IsConnected(%s) = %d\n",
+				       urls->controlURL, is_connected);
+#endif
+				    if(is_connected &&
+				       (UPNP_GetExternalIPAddress(urls->controlURL,  data->first.servicetype, extIpAddr) == 0)) {
+					  if(!is_rfc1918addr(extIpAddr) && (extIpAddr[0] != '\0')
+					     && (0 != strcmp(extIpAddr, "0.0.0.0")))
+					    goto free_and_return;
+				    }
+				    FreeUPNPUrls(urls);
+				  }
+				}
+				memset(data, 0, sizeof(struct IGDdatas));
+			}
+		}
+	}
+	state = 0;
+free_and_return:
+	if(desc) {
+		for(i = 0; i < ndev; i++) {
+			if(desc[i].xml) {
+				free(desc[i].xml);
+			}
+		}
+		free(desc);
+	}
+	return state;
+}
+
+/* UPNP_GetIGDFromUrl()
+ * Used when skipping the discovery process.
+ * return value :
+ *   0 - Not ok
+ *   1 - OK */
+int
+UPNP_GetIGDFromUrl(const char * rootdescurl,
+                   struct UPNPUrls * urls,
+                   struct IGDdatas * data,
+                   char * lanaddr, int lanaddrlen)
+{
+	char * descXML;
+	int descXMLsize = 0;
+
+	descXML = miniwget_getaddr(rootdescurl, &descXMLsize,
+	                           lanaddr, lanaddrlen, 0, NULL);
+	if(descXML) {
+		memset(data, 0, sizeof(struct IGDdatas));
+		memset(urls, 0, sizeof(struct UPNPUrls));
+		parserootdesc(descXML, descXMLsize, data);
+		free(descXML);
+		descXML = NULL;
+		GetUPNPUrls(urls, data, rootdescurl, 0);
+		return 1;
+	} else {
+		return 0;
+	}
+}
+
diff --git a/ext/miniupnpc/miniupnpc.def b/ext/miniupnpc/miniupnpc.def
new file mode 100644
index 0000000..60e0bbe
--- /dev/null
+++ b/ext/miniupnpc/miniupnpc.def
@@ -0,0 +1,45 @@
+LIBRARY
+; miniupnpc library
+   miniupnpc
+
+EXPORTS
+; miniupnpc
+   upnpDiscover
+   freeUPNPDevlist
+   parserootdesc
+   UPNP_GetValidIGD
+   UPNP_GetIGDFromUrl
+   GetUPNPUrls
+   FreeUPNPUrls
+; miniwget
+   miniwget
+   miniwget_getaddr
+; upnpcommands
+   UPNP_GetTotalBytesSent
+   UPNP_GetTotalBytesReceived
+   UPNP_GetTotalPacketsSent
+   UPNP_GetTotalPacketsReceived
+   UPNP_GetStatusInfo
+   UPNP_GetConnectionTypeInfo
+   UPNP_GetExternalIPAddress
+   UPNP_GetLinkLayerMaxBitRates
+   UPNP_AddPortMapping
+   UPNP_AddAnyPortMapping
+   UPNP_DeletePortMapping
+   UPNP_DeletePortMappingRange
+   UPNP_GetPortMappingNumberOfEntries
+   UPNP_GetSpecificPortMappingEntry
+   UPNP_GetGenericPortMappingEntry
+   UPNP_GetListOfPortMappings
+   UPNP_AddPinhole
+   UPNP_CheckPinholeWorking
+   UPNP_UpdatePinhole
+   UPNP_GetPinholePackets
+   UPNP_DeletePinhole
+   UPNP_GetFirewallStatus
+   UPNP_GetOutboundPinholeTimeout
+; upnperrors
+   strupnperror
+; portlistingparse
+   ParsePortListing
+   FreePortListing
diff --git a/ext/miniupnpc/miniupnpc.h b/ext/miniupnpc/miniupnpc.h
new file mode 100644
index 0000000..0b5b473
--- /dev/null
+++ b/ext/miniupnpc/miniupnpc.h
@@ -0,0 +1,152 @@
+/* $Id: miniupnpc.h,v 1.50 2016/04/19 21:06:21 nanard Exp $ */
+/* Project: miniupnp
+ * http://miniupnp.free.fr/
+ * Author: Thomas Bernard
+ * Copyright (c) 2005-2016 Thomas Bernard
+ * This software is subjects to the conditions detailed
+ * in the LICENCE file provided within this distribution */
+#ifndef MINIUPNPC_H_INCLUDED
+#define MINIUPNPC_H_INCLUDED
+
+#include "miniupnpc_declspec.h"
+#include "igd_desc_parse.h"
+#include "upnpdev.h"
+
+/* error codes : */
+#define UPNPDISCOVER_SUCCESS (0)
+#define UPNPDISCOVER_UNKNOWN_ERROR (-1)
+#define UPNPDISCOVER_SOCKET_ERROR (-101)
+#define UPNPDISCOVER_MEMORY_ERROR (-102)
+
+/* versions : */
+#define MINIUPNPC_VERSION	"2.0"
+#define MINIUPNPC_API_VERSION	16
+
+/* Source port:
+   Using "1" as an alias for 1900 for backwards compatability
+   (presuming one would have used that for the "sameport" parameter) */
+#define UPNP_LOCAL_PORT_ANY     0
+#define UPNP_LOCAL_PORT_SAME    1
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Structures definitions : */
+struct UPNParg { const char * elt; const char * val; };
+
+char *
+simpleUPnPcommand(int, const char *, const char *,
+                  const char *, struct UPNParg *,
+                  int *);
+
+/* upnpDiscover()
+ * discover UPnP devices on the network.
+ * The discovered devices are returned as a chained list.
+ * It is up to the caller to free the list with freeUPNPDevlist().
+ * delay (in millisecond) is the maximum time for waiting any device
+ * response.
+ * If available, device list will be obtained from MiniSSDPd.
+ * Default path for minissdpd socket will be used if minissdpdsock argument
+ * is NULL.
+ * If multicastif is not NULL, it will be used instead of the default
+ * multicast interface for sending SSDP discover packets.
+ * If localport is set to UPNP_LOCAL_PORT_SAME(1) SSDP packets will be sent
+ * from the source port 1900 (same as destination port), if set to
+ * UPNP_LOCAL_PORT_ANY(0) system assign a source port, any other value will
+ * be attempted as the source port.
+ * "searchalltypes" parameter is useful when searching several types,
+ * if 0, the discovery will stop with the first type returning results.
+ * TTL should default to 2. */
+MINIUPNP_LIBSPEC struct UPNPDev *
+upnpDiscover(int delay, const char * multicastif,
+             const char * minissdpdsock, int localport,
+             int ipv6, unsigned char ttl,
+             int * error);
+
+MINIUPNP_LIBSPEC struct UPNPDev *
+upnpDiscoverAll(int delay, const char * multicastif,
+                const char * minissdpdsock, int localport,
+                int ipv6, unsigned char ttl,
+                int * error);
+
+MINIUPNP_LIBSPEC struct UPNPDev *
+upnpDiscoverDevice(const char * device, int delay, const char * multicastif,
+                const char * minissdpdsock, int localport,
+                int ipv6, unsigned char ttl,
+                int * error);
+
+MINIUPNP_LIBSPEC struct UPNPDev *
+upnpDiscoverDevices(const char * const deviceTypes[],
+                    int delay, const char * multicastif,
+                    const char * minissdpdsock, int localport,
+                    int ipv6, unsigned char ttl,
+                    int * error,
+                    int searchalltypes);
+
+/* parserootdesc() :
+ * parse root XML description of a UPnP device and fill the IGDdatas
+ * structure. */
+MINIUPNP_LIBSPEC void parserootdesc(const char *, int, struct IGDdatas *);
+
+/* structure used to get fast access to urls
+ * controlURL: controlURL of the WANIPConnection
+ * ipcondescURL: url of the description of the WANIPConnection
+ * controlURL_CIF: controlURL of the WANCommonInterfaceConfig
+ * controlURL_6FC: controlURL of the WANIPv6FirewallControl
+ */
+struct UPNPUrls {
+	char * controlURL;
+	char * ipcondescURL;
+	char * controlURL_CIF;
+	char * controlURL_6FC;
+	char * rootdescURL;
+};
+
+/* UPNP_GetValidIGD() :
+ * return values :
+ *     0 = NO IGD found
+ *     1 = A valid connected IGD has been found
+ *     2 = A valid IGD has been found but it reported as
+ *         not connected
+ *     3 = an UPnP device has been found but was not recognized as an IGD
+ *
+ * In any non zero return case, the urls and data structures
+ * passed as parameters are set. Donc forget to call FreeUPNPUrls(urls) to
+ * free allocated memory.
+ */
+MINIUPNP_LIBSPEC int
+UPNP_GetValidIGD(struct UPNPDev * devlist,
+                 struct UPNPUrls * urls,
+				 struct IGDdatas * data,
+				 char * lanaddr, int lanaddrlen);
+
+/* UPNP_GetIGDFromUrl()
+ * Used when skipping the discovery process.
+ * When succeding, urls, data, and lanaddr arguments are set.
+ * return value :
+ *   0 - Not ok
+ *   1 - OK */
+MINIUPNP_LIBSPEC int
+UPNP_GetIGDFromUrl(const char * rootdescurl,
+                   struct UPNPUrls * urls,
+                   struct IGDdatas * data,
+                   char * lanaddr, int lanaddrlen);
+
+MINIUPNP_LIBSPEC void
+GetUPNPUrls(struct UPNPUrls *, struct IGDdatas *,
+            const char *, unsigned int);
+
+MINIUPNP_LIBSPEC void
+FreeUPNPUrls(struct UPNPUrls *);
+
+/* return 0 or 1 */
+MINIUPNP_LIBSPEC int UPNPIGD_IsConnected(struct UPNPUrls *, struct IGDdatas *);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/ext/miniupnpc/miniupnpc_declspec.h b/ext/miniupnpc/miniupnpc_declspec.h
new file mode 100644
index 0000000..40adb92
--- /dev/null
+++ b/ext/miniupnpc/miniupnpc_declspec.h
@@ -0,0 +1,21 @@
+#ifndef MINIUPNPC_DECLSPEC_H_INCLUDED
+#define MINIUPNPC_DECLSPEC_H_INCLUDED
+
+#if defined(_WIN32) && !defined(MINIUPNP_STATICLIB)
+	/* for windows dll */
+	#ifdef MINIUPNP_EXPORTS
+		#define MINIUPNP_LIBSPEC __declspec(dllexport)
+	#else
+		#define MINIUPNP_LIBSPEC __declspec(dllimport)
+	#endif
+#else
+	#if defined(__GNUC__) && __GNUC__ >= 4
+		/* fix dynlib for OS X 10.9.2 and Apple LLVM version 5.0 */
+		#define MINIUPNP_LIBSPEC __attribute__ ((visibility ("default")))
+	#else
+		#define MINIUPNP_LIBSPEC
+	#endif
+#endif
+
+#endif /* MINIUPNPC_DECLSPEC_H_INCLUDED */
+
diff --git a/ext/miniupnpc/miniupnpcmodule.c b/ext/miniupnpc/miniupnpcmodule.c
new file mode 100644
index 0000000..a5bdce4
--- /dev/null
+++ b/ext/miniupnpc/miniupnpcmodule.c
@@ -0,0 +1,695 @@
+/* $Id: miniupnpcmodule.c,v 1.29 2015/10/26 17:01:30 nanard Exp $*/
+/* Project : miniupnp
+ * Author : Thomas BERNARD
+ * website : http://miniupnp.tuxfamily.org/
+ * copyright (c) 2007-2014 Thomas Bernard
+ * This software is subjet to the conditions detailed in the
+ * provided LICENCE file. */
+#include <Python.h>
+#define MINIUPNP_STATICLIB
+#include "structmember.h"
+#include "miniupnpc.h"
+#include "upnpcommands.h"
+#include "upnperrors.h"
+
+/* for compatibility with Python < 2.4 */
+#ifndef Py_RETURN_NONE
+#define Py_RETURN_NONE return Py_INCREF(Py_None), Py_None
+#endif
+
+#ifndef Py_RETURN_TRUE
+#define Py_RETURN_TRUE return Py_INCREF(Py_True), Py_True
+#endif
+
+#ifndef Py_RETURN_FALSE
+#define Py_RETURN_FALSE return Py_INCREF(Py_False), Py_False
+#endif
+
+/* for compatibility with Python < 3.0 */
+#ifndef PyVarObject_HEAD_INIT
+#define PyVarObject_HEAD_INIT(type, size) \
+    PyObject_HEAD_INIT(type) size,
+#endif
+
+#ifndef Py_TYPE
+#define Py_TYPE(ob) (((PyObject*)(ob))->ob_type)
+#endif
+
+typedef struct {
+    PyObject_HEAD
+    /* Type-specific fields go here. */
+	struct UPNPDev * devlist;
+	struct UPNPUrls urls;
+	struct IGDdatas data;
+	unsigned int discoverdelay;	/* value passed to upnpDiscover() */
+	unsigned int localport;		/* value passed to upnpDiscover() */
+	char lanaddr[40];	/* our ip address on the LAN */
+	char * multicastif;
+	char * minissdpdsocket;
+} UPnPObject;
+
+static PyMemberDef UPnP_members[] = {
+	{"lanaddr", T_STRING_INPLACE, offsetof(UPnPObject, lanaddr),
+	 READONLY, "ip address on the LAN"
+	},
+	{"discoverdelay", T_UINT, offsetof(UPnPObject, discoverdelay),
+	 0/*READWRITE*/, "value in ms used to wait for SSDP responses"
+	},
+	{"localport", T_UINT, offsetof(UPnPObject, localport),
+	 0/*READWRITE*/,
+	    "If localport is set to UPNP_LOCAL_PORT_SAME(1) "
+	    "SSDP packets will be sent from the source port "
+	    "1900 (same as destination port), if set to "
+	    "UPNP_LOCAL_PORT_ANY(0) system assign a source "
+	    "port, any other value will be attempted as the "
+	    "source port"
+	},
+	/* T_STRING is allways readonly :( */
+	{"multicastif", T_STRING, offsetof(UPnPObject, multicastif),
+	 0, "IP of the network interface to be used for multicast operations"
+	},
+	{"minissdpdsocket", T_STRING, offsetof(UPnPObject, minissdpdsocket),
+	 0, "path of the MiniSSDPd unix socket"
+	},
+	{NULL}
+};
+
+
+static int UPnP_init(UPnPObject *self, PyObject *args, PyObject *kwds)
+{
+	char* multicastif = NULL;
+	char* minissdpdsocket = NULL;
+	static char *kwlist[] = {
+		"multicastif", "minissdpdsocket", "discoverdelay",
+		"localport", NULL
+	};
+
+	if(!PyArg_ParseTupleAndKeywords(args, kwds, "|zzII", kwlist,
+					&multicastif,
+					&minissdpdsocket,
+					&self->discoverdelay,
+					&self->localport))
+		return -1;
+
+	if(self->localport>1 &&
+	   (self->localport>65534||self->localport<1024)) {
+	    PyErr_SetString(PyExc_Exception, "Invalid localport value");
+	    return -1;
+	}
+	if(multicastif)
+		self->multicastif = strdup(multicastif);
+	if(minissdpdsocket)
+		self->minissdpdsocket = strdup(minissdpdsocket);
+
+	return 0;
+}
+
+static void
+UPnPObject_dealloc(UPnPObject *self)
+{
+	freeUPNPDevlist(self->devlist);
+	FreeUPNPUrls(&self->urls);
+	free(self->multicastif);
+	free(self->minissdpdsocket);
+	Py_TYPE(self)->tp_free((PyObject*)self);
+}
+
+static PyObject *
+UPnP_discover(UPnPObject *self)
+{
+	struct UPNPDev * dev;
+	int i;
+	PyObject *res = NULL;
+	if(self->devlist)
+	{
+		freeUPNPDevlist(self->devlist);
+		self->devlist = 0;
+	}
+	Py_BEGIN_ALLOW_THREADS
+	self->devlist = upnpDiscover((int)self->discoverdelay/*timeout in ms*/,
+	                             self->multicastif,
+	                             self->minissdpdsocket,
+	                             (int)self->localport,
+	                             0/*ip v6*/,
+	                             2/* TTL */,
+	                             0/*error */);
+	Py_END_ALLOW_THREADS
+	/* Py_RETURN_NONE ??? */
+	for(dev = self->devlist, i = 0; dev; dev = dev->pNext)
+		i++;
+	res = Py_BuildValue("i", i);
+	return res;
+}
+
+static PyObject *
+UPnP_selectigd(UPnPObject *self)
+{
+	int r;
+Py_BEGIN_ALLOW_THREADS
+	r = UPNP_GetValidIGD(self->devlist, &self->urls, &self->data,
+	                     self->lanaddr, sizeof(self->lanaddr));
+Py_END_ALLOW_THREADS
+	if(r)
+	{
+		return Py_BuildValue("s", self->urls.controlURL);
+	}
+	else
+	{
+		/* TODO: have our own exception type ! */
+		PyErr_SetString(PyExc_Exception, "No UPnP device discovered");
+		return NULL;
+	}
+}
+
+static PyObject *
+UPnP_totalbytesent(UPnPObject *self)
+{
+	UNSIGNED_INTEGER i;
+Py_BEGIN_ALLOW_THREADS
+	i = UPNP_GetTotalBytesSent(self->urls.controlURL_CIF,
+	                           self->data.CIF.servicetype);
+Py_END_ALLOW_THREADS
+#if (PY_MAJOR_VERSION >= 3) || (PY_MAJOR_VERSION == 2 && PY_MINOR_VERSION > 3)
+	return Py_BuildValue("I", i);
+#else
+	return Py_BuildValue("i", (int)i);
+#endif
+}
+
+static PyObject *
+UPnP_totalbytereceived(UPnPObject *self)
+{
+	UNSIGNED_INTEGER i;
+Py_BEGIN_ALLOW_THREADS
+	i = UPNP_GetTotalBytesReceived(self->urls.controlURL_CIF,
+		                           self->data.CIF.servicetype);
+Py_END_ALLOW_THREADS
+#if (PY_MAJOR_VERSION >= 3) || (PY_MAJOR_VERSION == 2 && PY_MINOR_VERSION > 3)
+	return Py_BuildValue("I", i);
+#else
+	return Py_BuildValue("i", (int)i);
+#endif
+}
+
+static PyObject *
+UPnP_totalpacketsent(UPnPObject *self)
+{
+	UNSIGNED_INTEGER i;
+Py_BEGIN_ALLOW_THREADS
+	i = UPNP_GetTotalPacketsSent(self->urls.controlURL_CIF,
+		                         self->data.CIF.servicetype);
+Py_END_ALLOW_THREADS
+#if (PY_MAJOR_VERSION >= 3) || (PY_MAJOR_VERSION == 2 && PY_MINOR_VERSION > 3)
+	return Py_BuildValue("I", i);
+#else
+	return Py_BuildValue("i", (int)i);
+#endif
+}
+
+static PyObject *
+UPnP_totalpacketreceived(UPnPObject *self)
+{
+	UNSIGNED_INTEGER i;
+Py_BEGIN_ALLOW_THREADS
+	i = UPNP_GetTotalPacketsReceived(self->urls.controlURL_CIF,
+		                          self->data.CIF.servicetype);
+Py_END_ALLOW_THREADS
+#if (PY_MAJOR_VERSION >= 3) || (PY_MAJOR_VERSION == 2 && PY_MINOR_VERSION > 3)
+	return Py_BuildValue("I", i);
+#else
+	return Py_BuildValue("i", (int)i);
+#endif
+}
+
+static PyObject *
+UPnP_statusinfo(UPnPObject *self)
+{
+	char status[64];
+	char lastconnerror[64];
+	unsigned int uptime = 0;
+	int r;
+	status[0] = '\0';
+	lastconnerror[0] = '\0';
+Py_BEGIN_ALLOW_THREADS
+	r = UPNP_GetStatusInfo(self->urls.controlURL, self->data.first.servicetype,
+	                   status, &uptime, lastconnerror);
+Py_END_ALLOW_THREADS
+	if(r==UPNPCOMMAND_SUCCESS) {
+#if (PY_MAJOR_VERSION >= 3) || (PY_MAJOR_VERSION == 2 && PY_MINOR_VERSION > 3)
+		return Py_BuildValue("(s,I,s)", status, uptime, lastconnerror);
+#else
+		return Py_BuildValue("(s,i,s)", status, (int)uptime, lastconnerror);
+#endif
+	} else {
+		/* TODO: have our own exception type ! */
+		PyErr_SetString(PyExc_Exception, strupnperror(r));
+		return NULL;
+	}
+}
+
+static PyObject *
+UPnP_connectiontype(UPnPObject *self)
+{
+	char connectionType[64];
+	int r;
+	connectionType[0] = '\0';
+Py_BEGIN_ALLOW_THREADS
+	r = UPNP_GetConnectionTypeInfo(self->urls.controlURL,
+	                               self->data.first.servicetype,
+	                               connectionType);
+Py_END_ALLOW_THREADS
+	if(r==UPNPCOMMAND_SUCCESS) {
+		return Py_BuildValue("s", connectionType);
+	} else {
+		/* TODO: have our own exception type ! */
+		PyErr_SetString(PyExc_Exception, strupnperror(r));
+		return NULL;
+	}
+}
+
+static PyObject *
+UPnP_externalipaddress(UPnPObject *self)
+{
+	char externalIPAddress[40];
+	int r;
+	externalIPAddress[0] = '\0';
+Py_BEGIN_ALLOW_THREADS
+	r = UPNP_GetExternalIPAddress(self->urls.controlURL,
+	                              self->data.first.servicetype,
+	                              externalIPAddress);
+Py_END_ALLOW_THREADS
+	if(r==UPNPCOMMAND_SUCCESS) {
+		return Py_BuildValue("s", externalIPAddress);
+	} else {
+		/* TODO: have our own exception type ! */
+		PyErr_SetString(PyExc_Exception, strupnperror(r));
+		return NULL;
+	}
+}
+
+/* AddPortMapping(externalPort, protocol, internalHost, internalPort, desc,
+ *                remoteHost)
+ * protocol is 'UDP' or 'TCP' */
+static PyObject *
+UPnP_addportmapping(UPnPObject *self, PyObject *args)
+{
+	char extPort[6];
+	unsigned short ePort;
+	char inPort[6];
+	unsigned short iPort;
+	const char * proto;
+	const char * host;
+	const char * desc;
+	const char * remoteHost;
+	const char * leaseDuration = "0";
+	int r;
+	if (!PyArg_ParseTuple(args, "HssHss", &ePort, &proto,
+	                                     &host, &iPort, &desc, &remoteHost))
+        return NULL;
+Py_BEGIN_ALLOW_THREADS
+	sprintf(extPort, "%hu", ePort);
+	sprintf(inPort, "%hu", iPort);
+	r = UPNP_AddPortMapping(self->urls.controlURL, self->data.first.servicetype,
+	                        extPort, inPort, host, desc, proto,
+	                        remoteHost, leaseDuration);
+Py_END_ALLOW_THREADS
+	if(r==UPNPCOMMAND_SUCCESS)
+	{
+		Py_RETURN_TRUE;
+	}
+	else
+	{
+		// TODO: RAISE an Exception. See upnpcommands.h for errors codes.
+		// upnperrors.c
+		//Py_RETURN_FALSE;
+		/* TODO: have our own exception type ! */
+		PyErr_SetString(PyExc_Exception, strupnperror(r));
+		return NULL;
+	}
+}
+
+/* AddAnyPortMapping(externalPort, protocol, internalHost, internalPort, desc,
+ *                   remoteHost)
+ * protocol is 'UDP' or 'TCP' */
+static PyObject *
+UPnP_addanyportmapping(UPnPObject *self, PyObject *args)
+{
+	char extPort[6];
+	unsigned short ePort;
+	char inPort[6];
+	unsigned short iPort;
+	char reservedPort[6];
+	const char * proto;
+	const char * host;
+	const char * desc;
+	const char * remoteHost;
+	const char * leaseDuration = "0";
+	int r;
+	if (!PyArg_ParseTuple(args, "HssHss", &ePort, &proto, &host, &iPort, &desc, &remoteHost))
+        return NULL;
+Py_BEGIN_ALLOW_THREADS
+	sprintf(extPort, "%hu", ePort);
+	sprintf(inPort, "%hu", iPort);
+	r = UPNP_AddAnyPortMapping(self->urls.controlURL, self->data.first.servicetype,
+	                           extPort, inPort, host, desc, proto,
+	                           remoteHost, leaseDuration, reservedPort);
+Py_END_ALLOW_THREADS
+	if(r==UPNPCOMMAND_SUCCESS) {
+		return Py_BuildValue("i", atoi(reservedPort));
+	} else {
+		/* TODO: have our own exception type ! */
+		PyErr_SetString(PyExc_Exception, strupnperror(r));
+		return NULL;
+	}
+}
+
+
+/* DeletePortMapping(extPort, proto, removeHost='')
+ * proto = 'UDP', 'TCP' */
+static PyObject *
+UPnP_deleteportmapping(UPnPObject *self, PyObject *args)
+{
+	char extPort[6];
+	unsigned short ePort;
+	const char * proto;
+	const char * remoteHost = "";
+	int r;
+	if(!PyArg_ParseTuple(args, "Hs|z", &ePort, &proto, &remoteHost))
+		return NULL;
+Py_BEGIN_ALLOW_THREADS
+	sprintf(extPort, "%hu", ePort);
+	r = UPNP_DeletePortMapping(self->urls.controlURL, self->data.first.servicetype,
+	                           extPort, proto, remoteHost);
+Py_END_ALLOW_THREADS
+	if(r==UPNPCOMMAND_SUCCESS) {
+		Py_RETURN_TRUE;
+	} else {
+		/* TODO: have our own exception type ! */
+		PyErr_SetString(PyExc_Exception, strupnperror(r));
+		return NULL;
+	}
+}
+
+/* DeletePortMappingRange(extPort, proto, removeHost='')
+ * proto = 'UDP', 'TCP' */
+static PyObject *
+UPnP_deleteportmappingrange(UPnPObject *self, PyObject *args)
+{
+	char extPortStart[6];
+	unsigned short ePortStart;
+	char extPortEnd[6];
+	unsigned short ePortEnd;
+	const char * proto;
+	unsigned char manage;
+	char manageStr[1];
+	int r;
+	if(!PyArg_ParseTuple(args, "HHsb", &ePortStart, &ePortEnd, &proto, &manage))
+		return NULL;
+Py_BEGIN_ALLOW_THREADS
+	sprintf(extPortStart, "%hu", ePortStart);
+	sprintf(extPortEnd, "%hu", ePortEnd);
+	sprintf(manageStr, "%hhu", manage);
+	r = UPNP_DeletePortMappingRange(self->urls.controlURL, self->data.first.servicetype,
+					extPortStart, extPortEnd, proto, manageStr);
+Py_END_ALLOW_THREADS
+	if(r==UPNPCOMMAND_SUCCESS) {
+		Py_RETURN_TRUE;
+	} else {
+		/* TODO: have our own exception type ! */
+		PyErr_SetString(PyExc_Exception, strupnperror(r));
+		return NULL;
+	}
+}
+
+static PyObject *
+UPnP_getportmappingnumberofentries(UPnPObject *self)
+{
+	unsigned int n = 0;
+	int r;
+Py_BEGIN_ALLOW_THREADS
+	r = UPNP_GetPortMappingNumberOfEntries(self->urls.controlURL,
+	                                   self->data.first.servicetype,
+									   &n);
+Py_END_ALLOW_THREADS
+	if(r==UPNPCOMMAND_SUCCESS) {
+#if (PY_MAJOR_VERSION >= 3) || (PY_MAJOR_VERSION == 2 && PY_MINOR_VERSION > 3)
+		return Py_BuildValue("I", n);
+#else
+		return Py_BuildValue("i", (int)n);
+#endif
+	} else {
+		/* TODO: have our own exception type ! */
+		PyErr_SetString(PyExc_Exception, strupnperror(r));
+		return NULL;
+	}
+}
+
+/* GetSpecificPortMapping(ePort, proto, remoteHost='')
+ * proto = 'UDP' or 'TCP' */
+static PyObject *
+UPnP_getspecificportmapping(UPnPObject *self, PyObject *args)
+{
+	char extPort[6];
+	unsigned short ePort;
+	const char * proto;
+	const char * remoteHost = "";
+	char intClient[40];
+	char intPort[6];
+	unsigned short iPort;
+	char desc[80];
+	char enabled[4];
+	char leaseDuration[16];
+	if(!PyArg_ParseTuple(args, "Hs|z", &ePort, &proto, &remoteHost))
+		return NULL;
+	extPort[0] = '\0'; intClient[0] = '\0'; intPort[0] = '\0';
+	desc[0] = '\0'; enabled[0] = '\0'; leaseDuration[0] = '\0';
+Py_BEGIN_ALLOW_THREADS
+	sprintf(extPort, "%hu", ePort);
+	UPNP_GetSpecificPortMappingEntry(self->urls.controlURL,
+	                                 self->data.first.servicetype,
+									 extPort, proto, remoteHost,
+									 intClient, intPort,
+	                                 desc, enabled, leaseDuration);
+Py_END_ALLOW_THREADS
+	if(intClient[0])
+	{
+		iPort = (unsigned short)atoi(intPort);
+		return Py_BuildValue("(s,H,s,O,i)",
+		                     intClient, iPort, desc,
+		                     PyBool_FromLong(atoi(enabled)),
+		                     atoi(leaseDuration));
+	}
+	else
+	{
+		Py_RETURN_NONE;
+	}
+}
+
+/* GetGenericPortMapping(index) */
+static PyObject *
+UPnP_getgenericportmapping(UPnPObject *self, PyObject *args)
+{
+	int i, r;
+	char index[8];
+	char intClient[40];
+	char intPort[6];
+	unsigned short iPort;
+	char extPort[6];
+	unsigned short ePort;
+	char protocol[4];
+	char desc[80];
+	char enabled[6];
+	char rHost[64];
+	char duration[16];	/* lease duration */
+	unsigned int dur;
+	if(!PyArg_ParseTuple(args, "i", &i))
+		return NULL;
+Py_BEGIN_ALLOW_THREADS
+	snprintf(index, sizeof(index), "%d", i);
+	rHost[0] = '\0'; enabled[0] = '\0';
+	duration[0] = '\0'; desc[0] = '\0';
+	extPort[0] = '\0'; intPort[0] = '\0'; intClient[0] = '\0';
+	r = UPNP_GetGenericPortMappingEntry(self->urls.controlURL,
+	                                    self->data.first.servicetype,
+										index,
+										extPort, intClient, intPort,
+										protocol, desc, enabled, rHost,
+										duration);
+Py_END_ALLOW_THREADS
+	if(r==UPNPCOMMAND_SUCCESS)
+	{
+		ePort = (unsigned short)atoi(extPort);
+		iPort = (unsigned short)atoi(intPort);
+		dur = (unsigned int)strtoul(duration, 0, 0);
+#if (PY_MAJOR_VERSION >= 3) || (PY_MAJOR_VERSION == 2 && PY_MINOR_VERSION > 3)
+		return Py_BuildValue("(H,s,(s,H),s,s,s,I)",
+		                     ePort, protocol, intClient, iPort,
+		                     desc, enabled, rHost, dur);
+#else
+		return Py_BuildValue("(i,s,(s,i),s,s,s,i)",
+		                     (int)ePort, protocol, intClient, (int)iPort,
+		                     desc, enabled, rHost, (int)dur);
+#endif
+	}
+	else
+	{
+		Py_RETURN_NONE;
+	}
+}
+
+/* miniupnpc.UPnP object Method Table */
+static PyMethodDef UPnP_methods[] = {
+    {"discover", (PyCFunction)UPnP_discover, METH_NOARGS,
+     "discover UPnP IGD devices on the network"
+    },
+	{"selectigd", (PyCFunction)UPnP_selectigd, METH_NOARGS,
+	 "select a valid UPnP IGD among discovered devices"
+	},
+	{"totalbytesent", (PyCFunction)UPnP_totalbytesent, METH_NOARGS,
+	 "return the total number of bytes sent by UPnP IGD"
+	},
+	{"totalbytereceived", (PyCFunction)UPnP_totalbytereceived, METH_NOARGS,
+	 "return the total number of bytes received by UPnP IGD"
+	},
+	{"totalpacketsent", (PyCFunction)UPnP_totalpacketsent, METH_NOARGS,
+	 "return the total number of packets sent by UPnP IGD"
+	},
+	{"totalpacketreceived", (PyCFunction)UPnP_totalpacketreceived, METH_NOARGS,
+	 "return the total number of packets received by UPnP IGD"
+	},
+	{"statusinfo", (PyCFunction)UPnP_statusinfo, METH_NOARGS,
+	 "return status and uptime"
+	},
+	{"connectiontype", (PyCFunction)UPnP_connectiontype, METH_NOARGS,
+	 "return IGD WAN connection type"
+	},
+	{"externalipaddress", (PyCFunction)UPnP_externalipaddress, METH_NOARGS,
+	 "return external IP address"
+	},
+	{"addportmapping", (PyCFunction)UPnP_addportmapping, METH_VARARGS,
+	 "add a port mapping"
+	},
+	{"addanyportmapping", (PyCFunction)UPnP_addanyportmapping, METH_VARARGS,
+	 "add a port mapping, IGD to select alternative if necessary"
+	},
+	{"deleteportmapping", (PyCFunction)UPnP_deleteportmapping, METH_VARARGS,
+	 "delete a port mapping"
+	},
+	{"deleteportmappingrange", (PyCFunction)UPnP_deleteportmappingrange, METH_VARARGS,
+	 "delete a range of port mappings"
+	},
+	{"getportmappingnumberofentries", (PyCFunction)UPnP_getportmappingnumberofentries, METH_NOARGS,
+	 "-- non standard --"
+	},
+	{"getspecificportmapping", (PyCFunction)UPnP_getspecificportmapping, METH_VARARGS,
+	 "get details about a specific port mapping entry"
+	},
+	{"getgenericportmapping", (PyCFunction)UPnP_getgenericportmapping, METH_VARARGS,
+	 "get all details about the port mapping at index"
+	},
+    {NULL}  /* Sentinel */
+};
+
+static PyTypeObject UPnPType = {
+    PyVarObject_HEAD_INIT(NULL,
+    0)                         /*ob_size*/
+    "miniupnpc.UPnP",          /*tp_name*/
+    sizeof(UPnPObject),        /*tp_basicsize*/
+    0,                         /*tp_itemsize*/
+    (destructor)UPnPObject_dealloc,/*tp_dealloc*/
+    0,                         /*tp_print*/
+    0,                         /*tp_getattr*/
+    0,                         /*tp_setattr*/
+    0,                         /*tp_compare*/
+    0,                         /*tp_repr*/
+    0,                         /*tp_as_number*/
+    0,                         /*tp_as_sequence*/
+    0,                         /*tp_as_mapping*/
+    0,                         /*tp_hash */
+    0,                         /*tp_call*/
+    0,                         /*tp_str*/
+    0,                         /*tp_getattro*/
+    0,                         /*tp_setattro*/
+    0,                         /*tp_as_buffer*/
+    Py_TPFLAGS_DEFAULT,        /*tp_flags*/
+    "UPnP objects",            /* tp_doc */
+    0,		                   /* tp_traverse */
+    0,		                   /* tp_clear */
+    0,		                   /* tp_richcompare */
+    0,		                   /* tp_weaklistoffset */
+    0,		                   /* tp_iter */
+    0,		                   /* tp_iternext */
+    UPnP_methods,              /* tp_methods */
+    UPnP_members,              /* tp_members */
+    0,                         /* tp_getset */
+    0,                         /* tp_base */
+    0,                         /* tp_dict */
+    0,                         /* tp_descr_get */
+    0,                         /* tp_descr_set */
+    0,                         /* tp_dictoffset */
+    (initproc)UPnP_init,       /* tp_init */
+    0,                         /* tp_alloc */
+#ifndef _WIN32
+    PyType_GenericNew,/*UPnP_new,*/      /* tp_new */
+#else
+    0,
+#endif
+};
+
+/* module methods */
+static PyMethodDef miniupnpc_methods[] = {
+    {NULL}  /* Sentinel */
+};
+
+#if PY_MAJOR_VERSION >= 3
+static struct PyModuleDef moduledef = {
+    PyModuleDef_HEAD_INIT,
+    "miniupnpc",     /* m_name */
+    "miniupnpc module.",  /* m_doc */
+    -1,                  /* m_size */
+    miniupnpc_methods,    /* m_methods */
+    NULL,                /* m_reload */
+    NULL,                /* m_traverse */
+    NULL,                /* m_clear */
+    NULL,                /* m_free */
+};
+#endif
+
+#ifndef PyMODINIT_FUNC	/* declarations for DLL import/export */
+#define PyMODINIT_FUNC void
+#endif
+
+PyMODINIT_FUNC
+#if PY_MAJOR_VERSION >= 3
+PyInit_miniupnpc(void)
+#else
+initminiupnpc(void)
+#endif
+{
+    PyObject* m;
+
+#ifdef _WIN32
+    UPnPType.tp_new = PyType_GenericNew;
+#endif
+    if (PyType_Ready(&UPnPType) < 0)
+#if PY_MAJOR_VERSION >= 3
+        return 0;
+#else
+        return;
+#endif
+
+#if PY_MAJOR_VERSION >= 3
+    m = PyModule_Create(&moduledef);
+#else
+    m = Py_InitModule3("miniupnpc", miniupnpc_methods,
+                       "miniupnpc module.");
+#endif
+
+    Py_INCREF(&UPnPType);
+    PyModule_AddObject(m, "UPnP", (PyObject *)&UPnPType);
+
+#if PY_MAJOR_VERSION >= 3
+    return m;
+#endif
+}
+
diff --git a/ext/miniupnpc/miniupnpcstrings.h.in b/ext/miniupnpc/miniupnpcstrings.h.in
new file mode 100644
index 0000000..68bf429
--- /dev/null
+++ b/ext/miniupnpc/miniupnpcstrings.h.in
@@ -0,0 +1,23 @@
+/* $Id: miniupnpcstrings.h.in,v 1.6 2014/11/04 22:31:55 nanard Exp $ */
+/* Project: miniupnp
+ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
+ * Author: Thomas Bernard
+ * Copyright (c) 2005-2014 Thomas Bernard
+ * This software is subjects to the conditions detailed
+ * in the LICENCE file provided within this distribution */
+#ifndef MINIUPNPCSTRINGS_H_INCLUDED
+#define MINIUPNPCSTRINGS_H_INCLUDED
+
+#define OS_STRING "OS/version"
+#define MINIUPNPC_VERSION_STRING "version"
+
+#if 0
+/* according to "UPnP Device Architecture 1.0" */
+#define UPNP_VERSION_STRING "UPnP/1.0"
+#else
+/* according to "UPnP Device Architecture 1.1" */
+#define UPNP_VERSION_STRING "UPnP/1.1"
+#endif
+
+#endif
+
diff --git a/ext/miniupnpc/miniupnpctypes.h b/ext/miniupnpc/miniupnpctypes.h
new file mode 100644
index 0000000..591c32f
--- /dev/null
+++ b/ext/miniupnpc/miniupnpctypes.h
@@ -0,0 +1,19 @@
+/* $Id: miniupnpctypes.h,v 1.2 2012/09/27 15:42:10 nanard Exp $ */
+/* Miniupnp project : http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org
+ * Author : Thomas Bernard
+ * Copyright (c) 2011 Thomas Bernard
+ * This software is subject to the conditions detailed in the
+ * LICENCE file provided within this distribution */
+#ifndef MINIUPNPCTYPES_H_INCLUDED
+#define MINIUPNPCTYPES_H_INCLUDED
+
+#if (defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L)
+#define UNSIGNED_INTEGER unsigned long long
+#define STRTOUI	strtoull
+#else
+#define UNSIGNED_INTEGER unsigned int
+#define STRTOUI	strtoul
+#endif
+
+#endif
+
diff --git a/ext/miniupnpc/miniwget.c b/ext/miniupnpc/miniwget.c
new file mode 100644
index 0000000..1af106d
--- /dev/null
+++ b/ext/miniupnpc/miniwget.c
@@ -0,0 +1,663 @@
+#define _CRT_SECURE_NO_WARNINGS
+
+/* $Id: miniwget.c,v 1.75 2016/01/24 17:24:36 nanard Exp $ */
+/* Project : miniupnp
+ * Website : http://miniupnp.free.fr/
+ * Author : Thomas Bernard
+ * Copyright (c) 2005-2016 Thomas Bernard
+ * This software is subject to the conditions detailed in the
+ * LICENCE file provided in this distribution. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#ifdef _WIN32
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#include <io.h>
+#define MAXHOSTNAMELEN 64
+#define snprintf _snprintf
+#define socklen_t int
+#ifndef strncasecmp
+#if defined(_MSC_VER) && (_MSC_VER >= 1400)
+#define strncasecmp _memicmp
+#else /* defined(_MSC_VER) && (_MSC_VER >= 1400) */
+#define strncasecmp memicmp
+#endif /* defined(_MSC_VER) && (_MSC_VER >= 1400) */
+#endif /* #ifndef strncasecmp */
+#else /* #ifdef _WIN32 */
+#include <unistd.h>
+#include <sys/param.h>
+#if defined(__amigaos__) && !defined(__amigaos4__)
+#define socklen_t int
+#else /* #if defined(__amigaos__) && !defined(__amigaos4__) */
+#include <sys/select.h>
+#endif /* #else defined(__amigaos__) && !defined(__amigaos4__) */
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <net/if.h>
+#include <netdb.h>
+#define closesocket close
+#include <strings.h>
+#endif /* #else _WIN32 */
+#ifdef __GNU__
+#define MAXHOSTNAMELEN 64
+#endif /* __GNU__ */
+
+#ifndef MIN
+#define MIN(x,y) (((x)<(y))?(x):(y))
+#endif /* MIN */
+
+#ifdef _WIN32
+#define OS_STRING "Win32"
+#define MINIUPNPC_VERSION_STRING "2.0"
+#define UPNP_VERSION_STRING "UPnP/1.1"
+#endif
+
+#include "miniwget.h"
+#include "connecthostport.h"
+#include "receivedata.h"
+
+#ifndef MAXHOSTNAMELEN
+#define MAXHOSTNAMELEN 64
+#endif
+
+/*
+ * Read a HTTP response from a socket.
+ * Process Content-Length and Transfer-encoding headers.
+ * return a pointer to the content buffer, which length is saved
+ * to the length parameter.
+ */
+void *
+getHTTPResponse(int s, int * size, int * status_code)
+{
+	char buf[2048];
+	int n;
+	int endofheaders = 0;
+	int chunked = 0;
+	int content_length = -1;
+	unsigned int chunksize = 0;
+	unsigned int bytestocopy = 0;
+	/* buffers : */
+	char * header_buf;
+	unsigned int header_buf_len = 2048;
+	unsigned int header_buf_used = 0;
+	char * content_buf;
+	unsigned int content_buf_len = 2048;
+	unsigned int content_buf_used = 0;
+	char chunksize_buf[32];
+	unsigned int chunksize_buf_index;
+	char * reason_phrase = NULL;
+	int reason_phrase_len = 0;
+
+	if(status_code) *status_code = -1;
+	header_buf = malloc(header_buf_len);
+	if(header_buf == NULL)
+	{
+#ifdef DEBUG
+		fprintf(stderr, "%s: Memory allocation error\n", "getHTTPResponse");
+#endif /* DEBUG */
+		*size = -1;
+		return NULL;
+	}
+	content_buf = malloc(content_buf_len);
+	if(content_buf == NULL)
+	{
+		free(header_buf);
+#ifdef DEBUG
+		fprintf(stderr, "%s: Memory allocation error\n", "getHTTPResponse");
+#endif /* DEBUG */
+		*size = -1;
+		return NULL;
+	}
+	chunksize_buf[0] = '\0';
+	chunksize_buf_index = 0;
+
+	while((n = receivedata(s, buf, 2048, 5000, NULL)) > 0)
+	{
+		if(endofheaders == 0)
+		{
+			int i;
+			int linestart=0;
+			int colon=0;
+			int valuestart=0;
+			if(header_buf_used + n > header_buf_len) {
+				char * tmp = realloc(header_buf, header_buf_used + n);
+				if(tmp == NULL) {
+					/* memory allocation error */
+					free(header_buf);
+					free(content_buf);
+					*size = -1;
+					return NULL;
+				}
+				header_buf = tmp;
+				header_buf_len = header_buf_used + n;
+			}
+			memcpy(header_buf + header_buf_used, buf, n);
+			header_buf_used += n;
+			/* search for CR LF CR LF (end of headers)
+			 * recognize also LF LF */
+			i = 0;
+			while(i < ((int)header_buf_used-1) && (endofheaders == 0)) {
+				if(header_buf[i] == '\r') {
+					i++;
+					if(header_buf[i] == '\n') {
+						i++;
+						if(i < (int)header_buf_used && header_buf[i] == '\r') {
+							i++;
+							if(i < (int)header_buf_used && header_buf[i] == '\n') {
+								endofheaders = i+1;
+							}
+						}
+					}
+				} else if(header_buf[i] == '\n') {
+					i++;
+					if(header_buf[i] == '\n') {
+						endofheaders = i+1;
+					}
+				}
+				i++;
+			}
+			if(endofheaders == 0)
+				continue;
+			/* parse header lines */
+			for(i = 0; i < endofheaders - 1; i++) {
+				if(linestart > 0 && colon <= linestart && header_buf[i]==':')
+				{
+					colon = i;
+					while(i < (endofheaders-1)
+					      && (header_buf[i+1] == ' ' || header_buf[i+1] == '\t'))
+						i++;
+					valuestart = i + 1;
+				}
+				/* detecting end of line */
+				else if(header_buf[i]=='\r' || header_buf[i]=='\n')
+				{
+					if(linestart == 0 && status_code)
+					{
+						/* Status line
+						 * HTTP-Version SP Status-Code SP Reason-Phrase CRLF */
+						int sp;
+						for(sp = 0; sp < i; sp++)
+							if(header_buf[sp] == ' ')
+							{
+								if(*status_code < 0)
+									*status_code = atoi(header_buf + sp + 1);
+								else
+								{
+									reason_phrase = header_buf + sp + 1;
+									reason_phrase_len = i - sp - 1;
+									break;
+								}
+							}
+#ifdef DEBUG
+						printf("HTTP status code = %d, Reason phrase = %.*s\n",
+						       *status_code, reason_phrase_len, reason_phrase);
+#endif
+					}
+					else if(colon > linestart && valuestart > colon)
+					{
+#ifdef DEBUG
+						printf("header='%.*s', value='%.*s'\n",
+						       colon-linestart, header_buf+linestart,
+						       i-valuestart, header_buf+valuestart);
+#endif
+						if(0==strncasecmp(header_buf+linestart, "content-length", colon-linestart))
+						{
+							content_length = atoi(header_buf+valuestart);
+#ifdef DEBUG
+							printf("Content-Length: %d\n", content_length);
+#endif
+						}
+						else if(0==strncasecmp(header_buf+linestart, "transfer-encoding", colon-linestart)
+						   && 0==strncasecmp(header_buf+valuestart, "chunked", 7))
+						{
+#ifdef DEBUG
+							printf("chunked transfer-encoding!\n");
+#endif
+							chunked = 1;
+						}
+					}
+					while((i < (int)header_buf_used) && (header_buf[i]=='\r' || header_buf[i] == '\n'))
+						i++;
+					linestart = i;
+					colon = linestart;
+					valuestart = 0;
+				}
+			}
+			/* copy the remaining of the received data back to buf */
+			n = header_buf_used - endofheaders;
+			memcpy(buf, header_buf + endofheaders, n);
+			/* if(headers) */
+		}
+		if(endofheaders)
+		{
+			/* content */
+			if(chunked)
+			{
+				int i = 0;
+				while(i < n)
+				{
+					if(chunksize == 0)
+					{
+						/* reading chunk size */
+						if(chunksize_buf_index == 0) {
+							/* skipping any leading CR LF */
+							if(i<n && buf[i] == '\r') i++;
+							if(i<n && buf[i] == '\n') i++;
+						}
+						while(i<n && isxdigit(buf[i])
+						     && chunksize_buf_index < (sizeof(chunksize_buf)-1))
+						{
+							chunksize_buf[chunksize_buf_index++] = buf[i];
+							chunksize_buf[chunksize_buf_index] = '\0';
+							i++;
+						}
+						while(i<n && buf[i] != '\r' && buf[i] != '\n')
+							i++; /* discarding chunk-extension */
+						if(i<n && buf[i] == '\r') i++;
+						if(i<n && buf[i] == '\n') {
+							unsigned int j;
+							for(j = 0; j < chunksize_buf_index; j++) {
+							if(chunksize_buf[j] >= '0'
+							   && chunksize_buf[j] <= '9')
+								chunksize = (chunksize << 4) + (chunksize_buf[j] - '0');
+							else
+								chunksize = (chunksize << 4) + ((chunksize_buf[j] | 32) - 'a' + 10);
+							}
+							chunksize_buf[0] = '\0';
+							chunksize_buf_index = 0;
+							i++;
+						} else {
+							/* not finished to get chunksize */
+							continue;
+						}
+#ifdef DEBUG
+						printf("chunksize = %u (%x)\n", chunksize, chunksize);
+#endif
+						if(chunksize == 0)
+						{
+#ifdef DEBUG
+							printf("end of HTTP content - %d %d\n", i, n);
+							/*printf("'%.*s'\n", n-i, buf+i);*/
+#endif
+							goto end_of_stream;
+						}
+					}
+					bytestocopy = ((int)chunksize < (n - i))?chunksize:(unsigned int)(n - i);
+					if((content_buf_used + bytestocopy) > content_buf_len)
+					{
+						char * tmp;
+						if(content_length >= (int)(content_buf_used + bytestocopy)) {
+							content_buf_len = content_length;
+						} else {
+							content_buf_len = content_buf_used + bytestocopy;
+						}
+						tmp = realloc(content_buf, content_buf_len);
+						if(tmp == NULL) {
+							/* memory allocation error */
+							free(content_buf);
+							free(header_buf);
+							*size = -1;
+							return NULL;
+						}
+						content_buf = tmp;
+					}
+					memcpy(content_buf + content_buf_used, buf + i, bytestocopy);
+					content_buf_used += bytestocopy;
+					i += bytestocopy;
+					chunksize -= bytestocopy;
+				}
+			}
+			else
+			{
+				/* not chunked */
+				if(content_length > 0
+				   && (int)(content_buf_used + n) > content_length) {
+					/* skipping additional bytes */
+					n = content_length - content_buf_used;
+				}
+				if(content_buf_used + n > content_buf_len)
+				{
+					char * tmp;
+					if(content_length >= (int)(content_buf_used + n)) {
+						content_buf_len = content_length;
+					} else {
+						content_buf_len = content_buf_used + n;
+					}
+					tmp = realloc(content_buf, content_buf_len);
+					if(tmp == NULL) {
+						/* memory allocation error */
+						free(content_buf);
+						free(header_buf);
+						*size = -1;
+						return NULL;
+					}
+					content_buf = tmp;
+				}
+				memcpy(content_buf + content_buf_used, buf, n);
+				content_buf_used += n;
+			}
+		}
+		/* use the Content-Length header value if available */
+		if(content_length > 0 && (int)content_buf_used >= content_length)
+		{
+#ifdef DEBUG
+			printf("End of HTTP content\n");
+#endif
+			break;
+		}
+	}
+end_of_stream:
+	free(header_buf); header_buf = NULL;
+	*size = content_buf_used;
+	if(content_buf_used == 0)
+	{
+		free(content_buf);
+		content_buf = NULL;
+	}
+	return content_buf;
+}
+
+/* miniwget3() :
+ * do all the work.
+ * Return NULL if something failed. */
+static void *
+miniwget3(const char * host,
+          unsigned short port, const char * path,
+          int * size, char * addr_str, int addr_str_len,
+          const char * httpversion, unsigned int scope_id,
+          int * status_code)
+{
+	char buf[2048];
+    int s;
+	int n;
+	int len;
+	int sent;
+	void * content;
+
+	*size = 0;
+	s = connecthostport(host, port, scope_id);
+	if(s < 0)
+		return NULL;
+
+	/* get address for caller ! */
+	if(addr_str)
+	{
+		struct sockaddr_storage saddr;
+		socklen_t saddrlen;
+
+		saddrlen = sizeof(saddr);
+		if(getsockname(s, (struct sockaddr *)&saddr, &saddrlen) < 0)
+		{
+			perror("getsockname");
+		}
+		else
+		{
+#if defined(__amigaos__) && !defined(__amigaos4__)
+	/* using INT WINAPI WSAAddressToStringA(LPSOCKADDR, DWORD, LPWSAPROTOCOL_INFOA, LPSTR, LPDWORD);
+     * But his function make a string with the port :  nn.nn.nn.nn:port */
+/*		if(WSAAddressToStringA((SOCKADDR *)&saddr, sizeof(saddr),
+                            NULL, addr_str, (DWORD *)&addr_str_len))
+		{
+		    printf("WSAAddressToStringA() failed : %d\n", WSAGetLastError());
+		}*/
+			/* the following code is only compatible with ip v4 addresses */
+			strncpy(addr_str, inet_ntoa(((struct sockaddr_in *)&saddr)->sin_addr), addr_str_len);
+#else
+#if 0
+			if(saddr.sa_family == AF_INET6) {
+				inet_ntop(AF_INET6,
+				          &(((struct sockaddr_in6 *)&saddr)->sin6_addr),
+				          addr_str, addr_str_len);
+			} else {
+				inet_ntop(AF_INET,
+				          &(((struct sockaddr_in *)&saddr)->sin_addr),
+				          addr_str, addr_str_len);
+			}
+#endif
+			/* getnameinfo return ip v6 address with the scope identifier
+			 * such as : 2a01:e35:8b2b:7330::%4281128194 */
+			n = getnameinfo((const struct sockaddr *)&saddr, saddrlen,
+			                addr_str, addr_str_len,
+			                NULL, 0,
+			                NI_NUMERICHOST | NI_NUMERICSERV);
+			if(n != 0) {
+#ifdef _WIN32
+				fprintf(stderr, "getnameinfo() failed : %d\n", n);
+#else
+				fprintf(stderr, "getnameinfo() failed : %s\n", gai_strerror(n));
+#endif
+			}
+#endif
+		}
+#ifdef DEBUG
+		printf("address miniwget : %s\n", addr_str);
+#endif
+	}
+
+	len = snprintf(buf, sizeof(buf),
+                 "GET %s HTTP/%s\r\n"
+			     "Host: %s:%d\r\n"
+				 "Connection: Close\r\n"
+				 "User-Agent: " OS_STRING ", " UPNP_VERSION_STRING ", MiniUPnPc/" MINIUPNPC_VERSION_STRING "\r\n"
+
+				 "\r\n",
+			   path, httpversion, host, port);
+	if ((unsigned int)len >= sizeof(buf))
+	{
+		closesocket(s);
+		return NULL;
+	}
+	sent = 0;
+	/* sending the HTTP request */
+	while(sent < len)
+	{
+		n = send(s, buf+sent, len-sent, 0);
+		if(n < 0)
+		{
+			perror("send");
+			closesocket(s);
+			return NULL;
+		}
+		else
+		{
+			sent += n;
+		}
+	}
+	content = getHTTPResponse(s, size, status_code);
+	closesocket(s);
+	return content;
+}
+
+/* miniwget2() :
+ * Call miniwget3(); retry with HTTP/1.1 if 1.0 fails. */
+static void *
+miniwget2(const char * host,
+          unsigned short port, const char * path,
+          int * size, char * addr_str, int addr_str_len,
+          unsigned int scope_id, int * status_code)
+{
+	char * respbuffer;
+
+#if 1
+	respbuffer = miniwget3(host, port, path, size,
+	                       addr_str, addr_str_len, "1.1",
+	                       scope_id, status_code);
+#else
+	respbuffer = miniwget3(host, port, path, size,
+	                       addr_str, addr_str_len, "1.0",
+	                       scope_id, status_code);
+	if (*size == 0)
+	{
+#ifdef DEBUG
+		printf("Retrying with HTTP/1.1\n");
+#endif
+		free(respbuffer);
+		respbuffer = miniwget3(host, port, path, size,
+		                       addr_str, addr_str_len, "1.1",
+		                       scope_id, status_code);
+	}
+#endif
+	return respbuffer;
+}
+
+
+
+
+/* parseURL()
+ * arguments :
+ *   url :		source string not modified
+ *   hostname :	hostname destination string (size of MAXHOSTNAMELEN+1)
+ *   port :		port (destination)
+ *   path :		pointer to the path part of the URL
+ *
+ * Return values :
+ *    0 - Failure
+ *    1 - Success         */
+int
+parseURL(const char * url,
+         char * hostname, unsigned short * port,
+         char * * path, unsigned int * scope_id)
+{
+	char * p1, *p2, *p3;
+	if(!url)
+		return 0;
+	p1 = strstr(url, "://");
+	if(!p1)
+		return 0;
+	p1 += 3;
+	if(  (url[0]!='h') || (url[1]!='t')
+	   ||(url[2]!='t') || (url[3]!='p'))
+		return 0;
+	memset(hostname, 0, MAXHOSTNAMELEN + 1);
+	if(*p1 == '[')
+	{
+		/* IP v6 : http://[2a00:1450:8002::6a]/path/abc */
+		char * scope;
+		scope = strchr(p1, '%');
+		p2 = strchr(p1, ']');
+		if(p2 && scope && scope < p2 && scope_id) {
+			/* parse scope */
+#ifdef IF_NAMESIZE
+			char tmp[IF_NAMESIZE];
+			int l;
+			scope++;
+			/* "%25" is just '%' in URL encoding */
+			if(scope[0] == '2' && scope[1] == '5')
+				scope += 2;	/* skip "25" */
+			l = p2 - scope;
+			if(l >= IF_NAMESIZE)
+				l = IF_NAMESIZE - 1;
+			memcpy(tmp, scope, l);
+			tmp[l] = '\0';
+			*scope_id = if_nametoindex(tmp);
+			if(*scope_id == 0) {
+				*scope_id = (unsigned int)strtoul(tmp, NULL, 10);
+			}
+#else
+			/* under windows, scope is numerical */
+			char tmp[8];
+			int l;
+			scope++;
+			/* "%25" is just '%' in URL encoding */
+			if(scope[0] == '2' && scope[1] == '5')
+				scope += 2;	/* skip "25" */
+			l = p2 - scope;
+			if(l >= sizeof(tmp))
+				l = sizeof(tmp) - 1;
+			memcpy(tmp, scope, l);
+			tmp[l] = '\0';
+			*scope_id = (unsigned int)strtoul(tmp, NULL, 10);
+#endif
+		}
+		p3 = strchr(p1, '/');
+		if(p2 && p3)
+		{
+			p2++;
+			strncpy(hostname, p1, MIN(MAXHOSTNAMELEN, (int)(p2-p1)));
+			if(*p2 == ':')
+			{
+				*port = 0;
+				p2++;
+				while( (*p2 >= '0') && (*p2 <= '9'))
+				{
+					*port *= 10;
+					*port += (unsigned short)(*p2 - '0');
+					p2++;
+				}
+			}
+			else
+			{
+				*port = 80;
+			}
+			*path = p3;
+			return 1;
+		}
+	}
+	p2 = strchr(p1, ':');
+	p3 = strchr(p1, '/');
+	if(!p3)
+		return 0;
+	if(!p2 || (p2>p3))
+	{
+		strncpy(hostname, p1, MIN(MAXHOSTNAMELEN, (int)(p3-p1)));
+		*port = 80;
+	}
+	else
+	{
+		strncpy(hostname, p1, MIN(MAXHOSTNAMELEN, (int)(p2-p1)));
+		*port = 0;
+		p2++;
+		while( (*p2 >= '0') && (*p2 <= '9'))
+		{
+			*port *= 10;
+			*port += (unsigned short)(*p2 - '0');
+			p2++;
+		}
+	}
+	*path = p3;
+	return 1;
+}
+
+void *
+miniwget(const char * url, int * size,
+         unsigned int scope_id, int * status_code)
+{
+	unsigned short port;
+	char * path;
+	/* protocol://host:port/chemin */
+	char hostname[MAXHOSTNAMELEN+1];
+	*size = 0;
+	if(!parseURL(url, hostname, &port, &path, &scope_id))
+		return NULL;
+#ifdef DEBUG
+	printf("parsed url : hostname='%s' port=%hu path='%s' scope_id=%u\n",
+	       hostname, port, path, scope_id);
+#endif
+	return miniwget2(hostname, port, path, size, 0, 0, scope_id, status_code);
+}
+
+void *
+miniwget_getaddr(const char * url, int * size,
+                 char * addr, int addrlen, unsigned int scope_id,
+                 int * status_code)
+{
+	unsigned short port;
+	char * path;
+	/* protocol://host:port/path */
+	char hostname[MAXHOSTNAMELEN+1];
+	*size = 0;
+	if(addr)
+		addr[0] = '\0';
+	if(!parseURL(url, hostname, &port, &path, &scope_id))
+		return NULL;
+#ifdef DEBUG
+	printf("parsed url : hostname='%s' port=%hu path='%s' scope_id=%u\n",
+	       hostname, port, path, scope_id);
+#endif
+	return miniwget2(hostname, port, path, size, addr, addrlen, scope_id, status_code);
+}
+
diff --git a/ext/miniupnpc/miniwget.h b/ext/miniupnpc/miniwget.h
new file mode 100644
index 0000000..0701494
--- /dev/null
+++ b/ext/miniupnpc/miniwget.h
@@ -0,0 +1,30 @@
+/* $Id: miniwget.h,v 1.12 2016/01/24 17:24:36 nanard Exp $ */
+/* Project : miniupnp
+ * Author : Thomas Bernard
+ * Copyright (c) 2005-2016 Thomas Bernard
+ * This software is subject to the conditions detailed in the
+ * LICENCE file provided in this distribution.
+ * */
+#ifndef MINIWGET_H_INCLUDED
+#define MINIWGET_H_INCLUDED
+
+#include "miniupnpc_declspec.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+MINIUPNP_LIBSPEC void * getHTTPResponse(int s, int * size, int * status_code);
+
+MINIUPNP_LIBSPEC void * miniwget(const char *, int *, unsigned int, int *);
+
+MINIUPNP_LIBSPEC void * miniwget_getaddr(const char *, int *, char *, int, unsigned int, int *);
+
+int parseURL(const char *, char *, unsigned short *, char * *, unsigned int *);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/ext/miniupnpc/minixml.c b/ext/miniupnpc/minixml.c
new file mode 100644
index 0000000..5c79b3c
--- /dev/null
+++ b/ext/miniupnpc/minixml.c
@@ -0,0 +1,230 @@
+#define _CRT_SECURE_NO_WARNINGS
+/* $Id: minixml.c,v 1.11 2014/02/03 15:54:12 nanard Exp $ */
+/* minixml.c : the minimum size a xml parser can be ! */
+/* Project : miniupnp
+ * webpage: http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
+ * Author : Thomas Bernard
+
+Copyright (c) 2005-2014, Thomas BERNARD
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * The name of the author may not be used to endorse or promote products
+	  derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+*/
+#include <string.h>
+#include "minixml.h"
+
+/* parseatt : used to parse the argument list
+ * return 0 (false) in case of success and -1 (true) if the end
+ * of the xmlbuffer is reached. */
+static int parseatt(struct xmlparser * p)
+{
+	const char * attname;
+	int attnamelen;
+	const char * attvalue;
+	int attvaluelen;
+	while(p->xml < p->xmlend)
+	{
+		if(*p->xml=='/' || *p->xml=='>')
+			return 0;
+		if( !IS_WHITE_SPACE(*p->xml) )
+		{
+			char sep;
+			attname = p->xml;
+			attnamelen = 0;
+			while(*p->xml!='=' && !IS_WHITE_SPACE(*p->xml) )
+			{
+				attnamelen++; p->xml++;
+				if(p->xml >= p->xmlend)
+					return -1;
+			}
+			while(*(p->xml++) != '=')
+			{
+				if(p->xml >= p->xmlend)
+					return -1;
+			}
+			while(IS_WHITE_SPACE(*p->xml))
+			{
+				p->xml++;
+				if(p->xml >= p->xmlend)
+					return -1;
+			}
+			sep = *p->xml;
+			if(sep=='\'' || sep=='\"')
+			{
+				p->xml++;
+				if(p->xml >= p->xmlend)
+					return -1;
+				attvalue = p->xml;
+				attvaluelen = 0;
+				while(*p->xml != sep)
+				{
+					attvaluelen++; p->xml++;
+					if(p->xml >= p->xmlend)
+						return -1;
+				}
+			}
+			else
+			{
+				attvalue = p->xml;
+				attvaluelen = 0;
+				while(   !IS_WHITE_SPACE(*p->xml)
+					  && *p->xml != '>' && *p->xml != '/')
+				{
+					attvaluelen++; p->xml++;
+					if(p->xml >= p->xmlend)
+						return -1;
+				}
+			}
+			/*printf("%.*s='%.*s'\n",
+			       attnamelen, attname, attvaluelen, attvalue);*/
+			if(p->attfunc)
+				p->attfunc(p->data, attname, attnamelen, attvalue, attvaluelen);
+		}
+		p->xml++;
+	}
+	return -1;
+}
+
+/* parseelt parse the xml stream and
+ * call the callback functions when needed... */
+static void parseelt(struct xmlparser * p)
+{
+	int i;
+	const char * elementname;
+	while(p->xml < (p->xmlend - 1))
+	{
+		if((p->xml + 4) <= p->xmlend && (0 == memcmp(p->xml, "<!--", 4)))
+		{
+			p->xml += 3;
+			/* ignore comments */
+			do
+			{
+				p->xml++;
+				if ((p->xml + 3) >= p->xmlend)
+					return;
+			}
+			while(memcmp(p->xml, "-->", 3) != 0);
+			p->xml += 3;
+		}
+		else if((p->xml)[0]=='<' && (p->xml)[1]!='?')
+		{
+			i = 0; elementname = ++p->xml;
+			while( !IS_WHITE_SPACE(*p->xml)
+				  && (*p->xml!='>') && (*p->xml!='/')
+				 )
+			{
+				i++; p->xml++;
+				if (p->xml >= p->xmlend)
+					return;
+				/* to ignore namespace : */
+				if(*p->xml==':')
+				{
+					i = 0;
+					elementname = ++p->xml;
+				}
+			}
+			if(i>0)
+			{
+				if(p->starteltfunc)
+					p->starteltfunc(p->data, elementname, i);
+				if(parseatt(p))
+					return;
+				if(*p->xml!='/')
+				{
+					const char * data;
+					i = 0; data = ++p->xml;
+					if (p->xml >= p->xmlend)
+						return;
+					while( IS_WHITE_SPACE(*p->xml) )
+					{
+						i++; p->xml++;
+						if (p->xml >= p->xmlend)
+							return;
+					}
+					if(memcmp(p->xml, "<![CDATA[", 9) == 0)
+					{
+						/* CDATA handling */
+						p->xml += 9;
+						data = p->xml;
+						i = 0;
+						while(memcmp(p->xml, "]]>", 3) != 0)
+						{
+							i++; p->xml++;
+							if ((p->xml + 3) >= p->xmlend)
+								return;
+						}
+						if(i>0 && p->datafunc)
+							p->datafunc(p->data, data, i);
+						while(*p->xml!='<')
+						{
+							p->xml++;
+							if (p->xml >= p->xmlend)
+								return;
+						}
+					}
+					else
+					{
+						while(*p->xml!='<')
+						{
+							i++; p->xml++;
+							if ((p->xml + 1) >= p->xmlend)
+								return;
+						}
+						if(i>0 && p->datafunc && *(p->xml + 1) == '/')
+							p->datafunc(p->data, data, i);
+					}
+				}
+			}
+			else if(*p->xml == '/')
+			{
+				i = 0; elementname = ++p->xml;
+				if (p->xml >= p->xmlend)
+					return;
+				while((*p->xml != '>'))
+				{
+					i++; p->xml++;
+					if (p->xml >= p->xmlend)
+						return;
+				}
+				if(p->endeltfunc)
+					p->endeltfunc(p->data, elementname, i);
+				p->xml++;
+			}
+		}
+		else
+		{
+			p->xml++;
+		}
+	}
+}
+
+/* the parser must be initialized before calling this function */
+void parsexml(struct xmlparser * parser)
+{
+	parser->xml = parser->xmlstart;
+	parser->xmlend = parser->xmlstart + parser->xmlsize;
+	parseelt(parser);
+}
+
+
diff --git a/ext/miniupnpc/minixml.h b/ext/miniupnpc/minixml.h
new file mode 100644
index 0000000..9f43aa4
--- /dev/null
+++ b/ext/miniupnpc/minixml.h
@@ -0,0 +1,37 @@
+/* $Id: minixml.h,v 1.7 2012/09/27 15:42:10 nanard Exp $ */
+/* minimal xml parser
+ *
+ * Project : miniupnp
+ * Website : http://miniupnp.free.fr/
+ * Author : Thomas Bernard
+ * Copyright (c) 2005 Thomas Bernard
+ * This software is subject to the conditions detailed in the
+ * LICENCE file provided in this distribution.
+ * */
+#ifndef MINIXML_H_INCLUDED
+#define MINIXML_H_INCLUDED
+#define IS_WHITE_SPACE(c) ((c==' ') || (c=='\t') || (c=='\r') || (c=='\n'))
+
+/* if a callback function pointer is set to NULL,
+ * the function is not called */
+struct xmlparser {
+	const char *xmlstart;
+	const char *xmlend;
+	const char *xml;	/* pointer to current character */
+	int xmlsize;
+	void * data;
+	void (*starteltfunc) (void *, const char *, int);
+	void (*endeltfunc) (void *, const char *, int);
+	void (*datafunc) (void *, const char *, int);
+	void (*attfunc) (void *, const char *, int, const char *, int);
+};
+
+/* parsexml()
+ * the xmlparser structure must be initialized before the call
+ * the following structure members have to be initialized :
+ * xmlstart, xmlsize, data, *func
+ * xml is for internal usage, xmlend is computed automatically */
+void parsexml(struct xmlparser *);
+
+#endif
+
diff --git a/ext/miniupnpc/minixmlvalid.c b/ext/miniupnpc/minixmlvalid.c
new file mode 100644
index 0000000..a86beba
--- /dev/null
+++ b/ext/miniupnpc/minixmlvalid.c
@@ -0,0 +1,164 @@
+#define _CRT_SECURE_NO_WARNINGS
+/* $Id: minixmlvalid.c,v 1.7 2015/07/15 12:41:15 nanard Exp $ */
+/* MiniUPnP Project
+ * http://miniupnp.tuxfamily.org/ or http://miniupnp.free.fr/
+ * minixmlvalid.c :
+ * validation program for the minixml parser
+ *
+ * (c) 2006-2011 Thomas Bernard */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include "minixml.h"
+
+/* xml event structure */
+struct event {
+	enum { ELTSTART, ELTEND, ATT, CHARDATA } type;
+	const char * data;
+	int len;
+};
+
+struct eventlist {
+	int n;
+	struct event * events;
+};
+
+/* compare 2 xml event lists
+ * return 0 if the two lists are equals */
+int evtlistcmp(struct eventlist * a, struct eventlist * b)
+{
+	int i;
+	struct event * ae, * be;
+	if(a->n != b->n)
+	{
+		printf("event number not matching : %d != %d\n", a->n, b->n);
+		/*return 1;*/
+	}
+	for(i=0; i<a->n; i++)
+	{
+		ae = a->events + i;
+		be = b->events + i;
+		if(  (ae->type != be->type)
+		   ||(ae->len != be->len)
+		   ||memcmp(ae->data, be->data, ae->len))
+		{
+			printf("Found a difference : %d '%.*s' != %d '%.*s'\n",
+			       ae->type, ae->len, ae->data,
+			       be->type, be->len, be->data);
+			return 1;
+		}
+	}
+	return 0;
+}
+
+/* Test data */
+static const char xmldata[] =
+"<xmlroot>\n"
+" <elt1 att1=\"attvalue1\" att2=\"attvalue2\">"
+"character data"
+"</elt1> \n \t"
+"<elt1b/>"
+"<elt1>\n<![CDATA[ <html>stuff !\n ]]> \n</elt1>\n"
+"<elt2a> \t<elt2b>chardata1</elt2b><elt2b> chardata2 </elt2b></elt2a>"
+"</xmlroot>";
+
+static const struct event evtref[] =
+{
+	{ELTSTART, "xmlroot", 7},
+	{ELTSTART, "elt1", 4},
+	/* attributes */
+	{CHARDATA, "character data", 14},
+	{ELTEND, "elt1", 4},
+	{ELTSTART, "elt1b", 5},
+	{ELTSTART, "elt1", 4},
+	{CHARDATA, " <html>stuff !\n ", 16},
+	{ELTEND, "elt1", 4},
+	{ELTSTART, "elt2a", 5},
+	{ELTSTART, "elt2b", 5},
+	{CHARDATA, "chardata1", 9},
+	{ELTEND, "elt2b", 5},
+	{ELTSTART, "elt2b", 5},
+	{CHARDATA, " chardata2 ", 11},
+	{ELTEND, "elt2b", 5},
+	{ELTEND, "elt2a", 5},
+	{ELTEND, "xmlroot", 7}
+};
+
+void startelt(void * data, const char * p, int l)
+{
+	struct eventlist * evtlist = data;
+	struct event * evt;
+	evt = evtlist->events + evtlist->n;
+	/*printf("startelt : %.*s\n", l, p);*/
+	evt->type = ELTSTART;
+	evt->data = p;
+	evt->len = l;
+	evtlist->n++;
+}
+
+void endelt(void * data, const char * p, int l)
+{
+	struct eventlist * evtlist = data;
+	struct event * evt;
+	evt = evtlist->events + evtlist->n;
+	/*printf("endelt : %.*s\n", l, p);*/
+	evt->type = ELTEND;
+	evt->data = p;
+	evt->len = l;
+	evtlist->n++;
+}
+
+void chardata(void * data, const char * p, int l)
+{
+	struct eventlist * evtlist = data;
+	struct event * evt;
+	evt = evtlist->events + evtlist->n;
+	/*printf("chardata : '%.*s'\n", l, p);*/
+	evt->type = CHARDATA;
+	evt->data = p;
+	evt->len = l;
+	evtlist->n++;
+}
+
+int testxmlparser(const char * xml, int size)
+{
+	int r;
+	struct eventlist evtlist;
+	struct eventlist evtlistref;
+	struct xmlparser parser;
+	evtlist.n = 0;
+	evtlist.events = malloc(sizeof(struct event)*100);
+	if(evtlist.events == NULL)
+	{
+		fprintf(stderr, "Memory allocation error.\n");
+		return -1;
+	}
+	memset(&parser, 0, sizeof(parser));
+	parser.xmlstart = xml;
+	parser.xmlsize = size;
+	parser.data = &evtlist;
+	parser.starteltfunc = startelt;
+	parser.endeltfunc = endelt;
+	parser.datafunc = chardata;
+	parsexml(&parser);
+	printf("%d events\n", evtlist.n);
+	/* compare */
+	evtlistref.n = sizeof(evtref)/sizeof(struct event);
+	evtlistref.events = (struct event *)evtref;
+	r = evtlistcmp(&evtlistref, &evtlist);
+	free(evtlist.events);
+	return r;
+}
+
+int main(int argc, char * * argv)
+{
+	int r;
+	(void)argc; (void)argv;
+
+	r = testxmlparser(xmldata, sizeof(xmldata)-1);
+	if(r)
+		printf("minixml validation test failed\n");
+	return r;
+}
+
diff --git a/ext/miniupnpc/portlistingparse.c b/ext/miniupnpc/portlistingparse.c
new file mode 100644
index 0000000..0e09278
--- /dev/null
+++ b/ext/miniupnpc/portlistingparse.c
@@ -0,0 +1,172 @@
+/* $Id: portlistingparse.c,v 1.9 2015/07/15 12:41:13 nanard Exp $ */
+/* MiniUPnP project
+ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
+ * (c) 2011-2015 Thomas Bernard
+ * This software is subject to the conditions detailed
+ * in the LICENCE file provided within the distribution */
+#include <string.h>
+#include <stdlib.h>
+#ifdef DEBUG
+#include <stdio.h>
+#endif /* DEBUG */
+#include "portlistingparse.h"
+#include "minixml.h"
+
+/* list of the elements */
+static const struct {
+	const portMappingElt code;
+	const char * const str;
+} elements[] = {
+	{ PortMappingEntry, "PortMappingEntry"},
+	{ NewRemoteHost, "NewRemoteHost"},
+	{ NewExternalPort, "NewExternalPort"},
+	{ NewProtocol, "NewProtocol"},
+	{ NewInternalPort, "NewInternalPort"},
+	{ NewInternalClient, "NewInternalClient"},
+	{ NewEnabled, "NewEnabled"},
+	{ NewDescription, "NewDescription"},
+	{ NewLeaseTime, "NewLeaseTime"},
+	{ PortMappingEltNone, NULL}
+};
+
+/* Helper function */
+static UNSIGNED_INTEGER
+atoui(const char * p, int l)
+{
+	UNSIGNED_INTEGER r = 0;
+	while(l > 0 && *p)
+	{
+		if(*p >= '0' && *p <= '9')
+			r = r*10 + (*p - '0');
+		else
+			break;
+		p++;
+		l--;
+	}
+	return r;
+}
+
+/* Start element handler */
+static void
+startelt(void * d, const char * name, int l)
+{
+	int i;
+	struct PortMappingParserData * pdata = (struct PortMappingParserData *)d;
+	pdata->curelt = PortMappingEltNone;
+	for(i = 0; elements[i].str; i++)
+	{
+		if(memcmp(name, elements[i].str, l) == 0)
+		{
+			pdata->curelt = elements[i].code;
+			break;
+		}
+	}
+	if(pdata->curelt == PortMappingEntry)
+	{
+		struct PortMapping * pm;
+		pm = calloc(1, sizeof(struct PortMapping));
+		if(pm == NULL)
+		{
+			/* malloc error */
+#ifdef DEBUG
+			fprintf(stderr, "%s: error allocating memory",
+			        "startelt");
+#endif /* DEBUG */
+			return;
+		}
+		pm->l_next = pdata->l_head;	/* insert in list */
+		pdata->l_head = pm;
+	}
+}
+
+/* End element handler */
+static void
+endelt(void * d, const char * name, int l)
+{
+	struct PortMappingParserData * pdata = (struct PortMappingParserData *)d;
+	(void)name;
+	(void)l;
+	pdata->curelt = PortMappingEltNone;
+}
+
+/* Data handler */
+static void
+data(void * d, const char * data, int l)
+{
+	struct PortMapping * pm;
+	struct PortMappingParserData * pdata = (struct PortMappingParserData *)d;
+	pm = pdata->l_head;
+	if(!pm)
+		return;
+	if(l > 63)
+		l = 63;
+	switch(pdata->curelt)
+	{
+	case NewRemoteHost:
+		memcpy(pm->remoteHost, data, l);
+		pm->remoteHost[l] = '\0';
+		break;
+	case NewExternalPort:
+		pm->externalPort = (unsigned short)atoui(data, l);
+		break;
+	case NewProtocol:
+		if(l > 3)
+			l = 3;
+		memcpy(pm->protocol, data, l);
+		pm->protocol[l] = '\0';
+		break;
+	case NewInternalPort:
+		pm->internalPort = (unsigned short)atoui(data, l);
+		break;
+	case NewInternalClient:
+		memcpy(pm->internalClient, data, l);
+		pm->internalClient[l] = '\0';
+		break;
+	case NewEnabled:
+		pm->enabled = (unsigned char)atoui(data, l);
+		break;
+	case NewDescription:
+		memcpy(pm->description, data, l);
+		pm->description[l] = '\0';
+		break;
+	case NewLeaseTime:
+		pm->leaseTime = atoui(data, l);
+		break;
+	default:
+		break;
+	}
+}
+
+
+/* Parse the PortMappingList XML document for IGD version 2
+ */
+void
+ParsePortListing(const char * buffer, int bufsize,
+                 struct PortMappingParserData * pdata)
+{
+	struct xmlparser parser;
+
+	memset(pdata, 0, sizeof(struct PortMappingParserData));
+	/* init xmlparser */
+	parser.xmlstart = buffer;
+	parser.xmlsize = bufsize;
+	parser.data = pdata;
+	parser.starteltfunc = startelt;
+	parser.endeltfunc = endelt;
+	parser.datafunc = data;
+	parser.attfunc = 0;
+	parsexml(&parser);
+}
+
+void
+FreePortListing(struct PortMappingParserData * pdata)
+{
+	struct PortMapping * pm;
+	while((pm = pdata->l_head) != NULL)
+	{
+		/* remove from list */
+		pdata->l_head = pm->l_next;
+		free(pm);
+	}
+}
+
diff --git a/ext/miniupnpc/portlistingparse.h b/ext/miniupnpc/portlistingparse.h
new file mode 100644
index 0000000..661ad1f
--- /dev/null
+++ b/ext/miniupnpc/portlistingparse.h
@@ -0,0 +1,65 @@
+/* $Id: portlistingparse.h,v 1.11 2015/07/21 13:16:55 nanard Exp $ */
+/* MiniUPnP project
+ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
+ * (c) 2011-2015 Thomas Bernard
+ * This software is subject to the conditions detailed
+ * in the LICENCE file provided within the distribution */
+#ifndef PORTLISTINGPARSE_H_INCLUDED
+#define PORTLISTINGPARSE_H_INCLUDED
+
+#include "miniupnpc_declspec.h"
+/* for the definition of UNSIGNED_INTEGER */
+#include "miniupnpctypes.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* sample of PortMappingEntry :
+  <p:PortMappingEntry>
+    <p:NewRemoteHost>202.233.2.1</p:NewRemoteHost>
+    <p:NewExternalPort>2345</p:NewExternalPort>
+    <p:NewProtocol>TCP</p:NewProtocol>
+    <p:NewInternalPort>2345</p:NewInternalPort>
+    <p:NewInternalClient>192.168.1.137</p:NewInternalClient>
+    <p:NewEnabled>1</p:NewEnabled>
+    <p:NewDescription>dooom</p:NewDescription>
+    <p:NewLeaseTime>345</p:NewLeaseTime>
+  </p:PortMappingEntry>
+ */
+typedef enum { PortMappingEltNone,
+       PortMappingEntry, NewRemoteHost,
+       NewExternalPort, NewProtocol,
+       NewInternalPort, NewInternalClient,
+       NewEnabled, NewDescription,
+       NewLeaseTime } portMappingElt;
+
+struct PortMapping {
+	struct PortMapping * l_next;	/* list next element */
+	UNSIGNED_INTEGER leaseTime;
+	unsigned short externalPort;
+	unsigned short internalPort;
+	char remoteHost[64];
+	char internalClient[64];
+	char description[64];
+	char protocol[4];
+	unsigned char enabled;
+};
+
+struct PortMappingParserData {
+	struct PortMapping * l_head;	/* list head */
+	portMappingElt curelt;
+};
+
+MINIUPNP_LIBSPEC void
+ParsePortListing(const char * buffer, int bufsize,
+                 struct PortMappingParserData * pdata);
+
+MINIUPNP_LIBSPEC void
+FreePortListing(struct PortMappingParserData * pdata);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ext/miniupnpc/pymoduletest.py b/ext/miniupnpc/pymoduletest.py
new file mode 100644
index 0000000..9fddd9c
--- /dev/null
+++ b/ext/miniupnpc/pymoduletest.py
@@ -0,0 +1,88 @@
+#! /usr/bin/python
+# vim: tabstop=2 shiftwidth=2 expandtab
+# MiniUPnP project
+# Author : Thomas Bernard
+# This Sample code is public domain.
+# website : http://miniupnp.tuxfamily.org/
+
+# import the python miniupnpc module
+import miniupnpc
+import sys
+
+try:
+  import argparse
+  parser = argparse.ArgumentParser()
+  parser.add_argument('-m', '--multicastif')
+  parser.add_argument('-p', '--minissdpdsocket')
+  parser.add_argument('-d', '--discoverdelay', type=int, default=200)
+  parser.add_argument('-z', '--localport', type=int, default=0)
+  # create the object
+  u = miniupnpc.UPnP(**vars(parser.parse_args()))
+except:
+  print 'argparse not available'
+  i = 1
+  multicastif = None
+  minissdpdsocket = None
+  discoverdelay = 200
+  localport = 0
+  while i < len(sys.argv):
+    print sys.argv[i]
+    if sys.argv[i] == '-m' or sys.argv[i] == '--multicastif':
+      multicastif = sys.argv[i+1]
+    elif sys.argv[i] == '-p' or sys.argv[i] == '--minissdpdsocket':
+      minissdpdsocket = sys.argv[i+1]
+    elif sys.argv[i] == '-d' or sys.argv[i] == '--discoverdelay':
+      discoverdelay = int(sys.argv[i+1])
+    elif sys.argv[i] == '-z' or sys.argv[i] == '--localport':
+      localport = int(sys.argv[i+1])
+    else:
+      raise Exception('invalid argument %s' % sys.argv[i])
+    i += 2
+  # create the object
+  u = miniupnpc.UPnP(multicastif, minissdpdsocket, discoverdelay, localport)
+
+print 'inital(default) values :'
+print ' discoverdelay', u.discoverdelay
+print ' lanaddr', u.lanaddr
+print ' multicastif', u.multicastif
+print ' minissdpdsocket', u.minissdpdsocket
+#u.minissdpdsocket = '../minissdpd/minissdpd.sock'
+# discovery process, it usualy takes several seconds (2 seconds or more)
+print 'Discovering... delay=%ums' % u.discoverdelay
+print u.discover(), 'device(s) detected'
+# select an igd
+try:
+  u.selectigd()
+except Exception, e:
+  print 'Exception :', e
+  sys.exit(1)
+# display information about the IGD and the internet connection
+print 'local ip address :', u.lanaddr
+print 'external ip address :', u.externalipaddress()
+print u.statusinfo(), u.connectiontype()
+print 'total bytes : sent', u.totalbytesent(), 'received', u.totalbytereceived()
+print 'total packets : sent', u.totalpacketsent(), 'received', u.totalpacketreceived()
+
+#print u.addportmapping(64000, 'TCP',
+#                       '192.168.1.166', 63000, 'port mapping test', '')
+#print u.deleteportmapping(64000, 'TCP')
+
+port = 0
+proto = 'UDP'
+# list the redirections :
+i = 0
+while True:
+	p = u.getgenericportmapping(i)
+	if p==None:
+		break
+	print i, p
+	(port, proto, (ihost,iport), desc, c, d, e) = p
+	#print port, desc
+	i = i + 1
+
+print u.getspecificportmapping(port, proto)
+try:
+  print u.getportmappingnumberofentries()
+except Exception, e:
+  print 'GetPortMappingNumberOfEntries() is not supported :', e
+
diff --git a/ext/miniupnpc/receivedata.c b/ext/miniupnpc/receivedata.c
new file mode 100644
index 0000000..ef85a3d
--- /dev/null
+++ b/ext/miniupnpc/receivedata.c
@@ -0,0 +1,105 @@
+/* $Id: receivedata.c,v 1.7 2015/11/09 21:51:41 nanard Exp $ */
+/* Project : miniupnp
+ * Website : http://miniupnp.free.fr/
+ * Author : Thomas Bernard
+ * Copyright (c) 2011-2014 Thomas Bernard
+ * This software is subject to the conditions detailed in the
+ * LICENCE file provided in this distribution. */
+
+#include <stdio.h>
+#include <string.h>
+#ifdef _WIN32
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else /* _WIN32 */
+#include <unistd.h>
+#if defined(__amigaos__) && !defined(__amigaos4__)
+#define socklen_t int
+#else /* #if defined(__amigaos__) && !defined(__amigaos4__) */
+#include <sys/select.h>
+#endif /* #else defined(__amigaos__) && !defined(__amigaos4__) */
+#include <sys/socket.h>
+#include <netinet/in.h>
+#if !defined(__amigaos__) && !defined(__amigaos4__)
+#include <poll.h>
+#endif	/* !defined(__amigaos__) && !defined(__amigaos4__) */
+#include <errno.h>
+#define MINIUPNPC_IGNORE_EINTR
+#endif /* _WIN32 */
+
+#ifdef _WIN32
+#define PRINT_SOCKET_ERROR(x)    printf("Socket error: %s, %d\n", x, WSAGetLastError());
+#else
+#define PRINT_SOCKET_ERROR(x) perror(x)
+#endif
+
+#include "receivedata.h"
+
+int
+receivedata(int socket,
+            char * data, int length,
+            int timeout, unsigned int * scope_id)
+{
+#ifdef MINIUPNPC_GET_SRC_ADDR
+	struct sockaddr_storage src_addr;
+	socklen_t src_addr_len = sizeof(src_addr);
+#endif	/* MINIUPNPC_GET_SRC_ADDR */
+    int n;
+#if !defined(_WIN32) && !defined(__amigaos__) && !defined(__amigaos4__)
+	/* using poll */
+    struct pollfd fds[1]; /* for the poll */
+#ifdef MINIUPNPC_IGNORE_EINTR
+    do {
+#endif	/* MINIUPNPC_IGNORE_EINTR */
+        fds[0].fd = socket;
+        fds[0].events = POLLIN;
+        n = poll(fds, 1, timeout);
+#ifdef MINIUPNPC_IGNORE_EINTR
+    } while(n < 0 && errno == EINTR);
+#endif	/* MINIUPNPC_IGNORE_EINTR */
+    if(n < 0) {
+        PRINT_SOCKET_ERROR("poll");
+        return -1;
+    } else if(n == 0) {
+		/* timeout */
+        return 0;
+    }
+#else	/* !defined(_WIN32) && !defined(__amigaos__) && !defined(__amigaos4__) */
+	/* using select under _WIN32 and amigaos */
+    fd_set socketSet;
+    TIMEVAL timeval;
+    FD_ZERO(&socketSet);
+    FD_SET(socket, &socketSet);
+    timeval.tv_sec = timeout / 1000;
+    timeval.tv_usec = (timeout % 1000) * 1000;
+    n = select(FD_SETSIZE, &socketSet, NULL, NULL, &timeval);
+    if(n < 0) {
+        PRINT_SOCKET_ERROR("select");
+        return -1;
+    } else if(n == 0) {
+        return 0;
+    }
+#endif	/* !defined(_WIN32) && !defined(__amigaos__) && !defined(__amigaos4__) */
+#ifdef MINIUPNPC_GET_SRC_ADDR
+	memset(&src_addr, 0, sizeof(src_addr));
+	n = recvfrom(socket, data, length, 0,
+	             (struct sockaddr *)&src_addr, &src_addr_len);
+#else	/* MINIUPNPC_GET_SRC_ADDR */
+	n = recv(socket, data, length, 0);
+#endif	/* MINIUPNPC_GET_SRC_ADDR */
+	if(n<0) {
+		PRINT_SOCKET_ERROR("recv");
+	}
+#ifdef MINIUPNPC_GET_SRC_ADDR
+	if (src_addr.ss_family == AF_INET6) {
+		const struct sockaddr_in6 * src_addr6 = (struct sockaddr_in6 *)&src_addr;
+#ifdef DEBUG
+		printf("scope_id=%u\n", src_addr6->sin6_scope_id);
+#endif	/* DEBUG */
+		if(scope_id)
+			*scope_id = src_addr6->sin6_scope_id;
+	}
+#endif	/* MINIUPNPC_GET_SRC_ADDR */
+	return n;
+}
+
diff --git a/ext/miniupnpc/receivedata.h b/ext/miniupnpc/receivedata.h
new file mode 100644
index 0000000..0520a11
--- /dev/null
+++ b/ext/miniupnpc/receivedata.h
@@ -0,0 +1,19 @@
+/* $Id: receivedata.h,v 1.4 2012/09/27 15:42:10 nanard Exp $ */
+/* Project: miniupnp
+ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
+ * Author: Thomas Bernard
+ * Copyright (c) 2011-2012 Thomas Bernard
+ * This software is subjects to the conditions detailed
+ * in the LICENCE file provided within this distribution */
+#ifndef RECEIVEDATA_H_INCLUDED
+#define RECEIVEDATA_H_INCLUDED
+
+/* Reads data from the specified socket.
+ * Returns the number of bytes read if successful, zero if no bytes were
+ * read or if we timed out. Returns negative if there was an error. */
+int receivedata(int socket,
+                char * data, int length,
+                int timeout, unsigned int * scope_id);
+
+#endif
+
diff --git a/ext/miniupnpc/setup.py b/ext/miniupnpc/setup.py
new file mode 100644
index 0000000..97e42bf
--- /dev/null
+++ b/ext/miniupnpc/setup.py
@@ -0,0 +1,28 @@
+#! /usr/bin/python
+# vim: tabstop=8 shiftwidth=8 expandtab
+# $Id: setup.py,v 1.12 2015/10/26 17:03:17 nanard Exp $
+# the MiniUPnP Project (c) 2007-2014 Thomas Bernard
+# http://miniupnp.tuxfamily.org/ or http://miniupnp.free.fr/
+#
+# python script to build the miniupnpc module under unix
+#
+# replace libminiupnpc.a by libminiupnpc.so for shared library usage
+try:
+      from setuptools import setup, Extension
+except ImportError:
+      from distutils.core import setup, Extension
+from distutils import sysconfig
+sysconfig.get_config_vars()["OPT"] = ''
+sysconfig.get_config_vars()["CFLAGS"] = ''
+setup(name="miniupnpc",
+      version=open('VERSION').read().strip(),
+      author='Thomas BERNARD',
+      author_email='miniupnp@free.fr',
+      license=open('LICENSE').read(),
+      url='http://miniupnp.free.fr/',
+      description='miniUPnP client',
+      ext_modules=[
+         Extension(name="miniupnpc", sources=["miniupnpcmodule.c"],
+                   extra_objects=["libminiupnpc.a"])
+      ])
+
diff --git a/ext/miniupnpc/setupmingw32.py b/ext/miniupnpc/setupmingw32.py
new file mode 100644
index 0000000..43dfb46
--- /dev/null
+++ b/ext/miniupnpc/setupmingw32.py
@@ -0,0 +1,28 @@
+#! /usr/bin/python
+# vim: tabstop=8 shiftwidth=8 expandtab
+# $Id: setupmingw32.py,v 1.10 2015/10/26 17:03:17 nanard Exp $
+# the MiniUPnP Project (c) 2007-2014 Thomas Bernard
+# http://miniupnp.tuxfamily.org/ or http://miniupnp.free.fr/
+#
+# python script to build the miniupnpc module under windows (using mingw32)
+#
+try:
+        from setuptools import setup, Extension
+except ImportError:
+        from distutils.core import setup, Extension
+from distutils import sysconfig
+sysconfig.get_config_vars()["OPT"] = ''
+sysconfig.get_config_vars()["CFLAGS"] = ''
+setup(name="miniupnpc",
+      version=open('VERSION').read().strip(),
+      author='Thomas BERNARD',
+      author_email='miniupnp@free.fr',
+      license=open('LICENSE').read(),
+      url='http://miniupnp.free.fr/',
+      description='miniUPnP client',
+      ext_modules=[
+         Extension(name="miniupnpc", sources=["miniupnpcmodule.c"],
+                   libraries=["ws2_32", "iphlpapi"],
+                   extra_objects=["libminiupnpc.a"])
+      ])
+
diff --git a/ext/miniupnpc/testdesc/linksys_WAG200G_desc.values b/ext/miniupnpc/testdesc/linksys_WAG200G_desc.values
new file mode 100644
index 0000000..cf42221
--- /dev/null
+++ b/ext/miniupnpc/testdesc/linksys_WAG200G_desc.values
@@ -0,0 +1,14 @@
+# values for linksys_WAG200G_desc.xml
+
+CIF:
+ servicetype = urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1
+ controlurl = /upnp/control/WANCommonIFC1
+ eventsuburl = /upnp/event/WANCommonIFC1
+ scpdurl = /cmnicfg.xml
+
+first:
+ servicetype = urn:schemas-upnp-org:service:WANPPPConnection:1
+ controlurl = /upnp/control/WANPPPConn1
+ eventsuburl = /upnp/event/WANPPPConn1
+ scpdurl = /pppcfg.xml
+
diff --git a/ext/miniupnpc/testdesc/linksys_WAG200G_desc.xml b/ext/miniupnpc/testdesc/linksys_WAG200G_desc.xml
new file mode 100644
index 0000000..d428d73
--- /dev/null
+++ b/ext/miniupnpc/testdesc/linksys_WAG200G_desc.xml
@@ -0,0 +1,110 @@
+<?xml version="1.0"?>
+<root xmlns="urn:schemas-upnp-org:device-1-0">
+<specVersion>
+<major>1</major>
+<minor>0</minor>
+</specVersion>
+<URLBase>http://192.168.1.1:49152</URLBase>
+<device>
+<deviceType>urn:schemas-upnp-org:device:InternetGatewayDevice:1</deviceType>
+<friendlyName>LINKSYS WAG200G Gateway</friendlyName>
+<manufacturer>LINKSYS</manufacturer>
+<manufacturerURL>http://www.linksys.com</manufacturerURL>
+<modelDescription>LINKSYS WAG200G Gateway</modelDescription>
+<modelName>Wireless-G ADSL Home Gateway</modelName>
+<modelNumber>WAG200G</modelNumber>
+<modelURL>http://www.linksys.com</modelURL>
+<serialNumber>123456789</serialNumber>
+<UDN>uuid:8ca2eb37-1dd2-11b2-86f1-001a709b5aa8</UDN>
+<UPC>WAG200G</UPC>
+<serviceList>
+<service>
+<serviceType>urn:schemas-upnp-org:service:Layer3Forwarding:1</serviceType>
+<serviceId>urn:upnp-org:serviceId:L3Forwarding1</serviceId>
+<controlURL>/upnp/control/L3Forwarding1</controlURL>
+<eventSubURL>/upnp/event/L3Forwarding1</eventSubURL>
+<SCPDURL>/l3frwd.xml</SCPDURL>
+</service>
+</serviceList>
+<deviceList>
+<device>
+<deviceType>urn:schemas-upnp-org:device:WANDevice:1</deviceType>
+<friendlyName>WANDevice</friendlyName>
+<manufacturer>LINKSYS</manufacturer>
+<manufacturerURL>http://www.linksys.com/</manufacturerURL>
+<modelDescription>Residential Gateway</modelDescription>
+<modelName>Internet Connection Sharing</modelName>
+<modelNumber>1</modelNumber>
+<modelURL>http://www.linksys.com/</modelURL>
+<serialNumber>0000001</serialNumber>
+<UDN>uuid:8ca2eb36-1dd2-11b2-86f1-001a709b5aa8</UDN>
+<UPC>WAG200G</UPC>
+<serviceList>
+<service>
+<serviceType>urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1</serviceType>
+<serviceId>urn:upnp-org:serviceId:WANCommonIFC1</serviceId>
+<controlURL>/upnp/control/WANCommonIFC1</controlURL>
+<eventSubURL>/upnp/event/WANCommonIFC1</eventSubURL>
+<SCPDURL>/cmnicfg.xml</SCPDURL>
+</service>
+</serviceList>
+<deviceList>
+<device>
+<deviceType>urn:schemas-upnp-org:device:WANConnectionDevice:1</deviceType>
+<friendlyName>WANConnectionDevice</friendlyName>
+<manufacturer>LINKSYS</manufacturer>
+<manufacturerURL>http://www.linksys.com/</manufacturerURL>
+<modelDescription>Residential Gateway</modelDescription>
+<modelName>Internet Connection Sharing</modelName>
+<modelNumber>1</modelNumber>
+<modelURL>http://www.linksys.com/</modelURL>
+<serialNumber>0000001</serialNumber>
+<UDN>uuid:8ca2eb37-1dd2-11b2-86f0-001a709b5aa8</UDN>
+<UPC>WAG200G</UPC>
+<serviceList>
+<service>
+<serviceType>urn:schemas-upnp-org:service:WANEthernetLinkConfig:1</serviceType>
+<serviceId>urn:upnp-org:serviceId:WANEthLinkC1</serviceId>
+<controlURL>/upnp/control/WANEthLinkC1</controlURL>
+<eventSubURL>/upnp/event/WANEthLinkC1</eventSubURL>
+<SCPDURL>/wanelcfg.xml</SCPDURL>
+</service>
+<service>
+<serviceType>urn:schemas-upnp-org:service:WANPPPConnection:1</serviceType>
+<serviceId>urn:upnp-org:serviceId:WANPPPConn1</serviceId>
+<controlURL>/upnp/control/WANPPPConn1</controlURL>
+<eventSubURL>/upnp/event/WANPPPConn1</eventSubURL>
+<SCPDURL>/pppcfg.xml</SCPDURL>
+</service>
+</serviceList>
+</device>
+</deviceList>
+</device>
+<device>
+<deviceType>urn:schemas-upnp-org:device:LANDevice:1</deviceType>
+<friendlyName>LANDevice</friendlyName>
+<manufacturer>LINKSYS</manufacturer>
+<manufacturerURL>http://www.linksys.com/</manufacturerURL>
+<modelDescription>Residential Gateway</modelDescription>
+<modelName>Residential Gateway</modelName>
+<modelNumber>1</modelNumber>
+<modelURL>http://www.linksys.com/</modelURL>
+<serialNumber>0000001</serialNumber>
+<UDN>uuid:8ca2eb36-1dd2-11b2-86f0-001a709b5aa
+8</UDN>
+<UPC>WAG200G</UPC>
+<serviceList>
+<service>
+<serviceType>urn:schemas-upnp-org:service:LANHostConfigManagement:1</serviceType>
+<serviceId>urn:upnp-org:serviceId:LANHostCfg1</serviceId>
+<controlURL>/upnp/control/LANHostCfg1</controlURL>
+<eventSubURL>/upnp/event/LANHostCfg1</eventSubURL>
+<SCPDURL>/lanhostc.xml</SCPDURL>
+</service>
+</serviceList>
+</device>
+</deviceList>
+<presentationURL>http://192.168.1.1/index.htm</presentationURL>
+</device>
+</root>
+
diff --git a/ext/miniupnpc/testdesc/new_LiveBox_desc.values b/ext/miniupnpc/testdesc/new_LiveBox_desc.values
new file mode 100644
index 0000000..c55552e
--- /dev/null
+++ b/ext/miniupnpc/testdesc/new_LiveBox_desc.values
@@ -0,0 +1,20 @@
+# values for new_LiveBox_desc.xml
+
+CIF:
+ servicetype = urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1
+ controlurl = /87895a19/upnp/control/WANCommonIFC1
+ eventsuburl = /87895a19/upnp/control/WANCommonIFC1
+ scpdurl = /87895a19/gateicfgSCPD.xml
+
+first:
+ servicetype = urn:schemas-upnp-org:service:WANPPPConnection:2
+ controlurl = /87895a19/upnp/control/WANIPConn1
+ eventsuburl = /87895a19/upnp/control/WANIPConn1
+ scpdurl = /87895a19/gateconnSCPD_PPP.xml
+
+IPv6FC:
+ servicetype = urn:schemas-upnp-org:service:WANIPv6FirewallControl:1
+ controlurl = /87895a19/upnp/control/WANIPv6FwCtrl1
+ eventsuburl = /87895a19/upnp/control/WANIPv6FwCtrl1
+ scpdurl = /87895a19/wanipv6fwctrlSCPD.xml
+
diff --git a/ext/miniupnpc/testdesc/new_LiveBox_desc.xml b/ext/miniupnpc/testdesc/new_LiveBox_desc.xml
new file mode 100644
index 0000000..620eb55
--- /dev/null
+++ b/ext/miniupnpc/testdesc/new_LiveBox_desc.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0"?>
+<root xmlns="urn:schemas-upnp-org:device-1-0">
+  <specVersion>
+    <major>1</major>
+    <minor>0</minor>
+  </specVersion>
+  <device>
+    <pnpx:X_hardwareId xmlns:pnpx="http://schemas.microsoft.com/windows/pnpx/2005/11">VEN_0129&amp;DEV_0000&amp;SUBSYS_03&amp;REV_250417</pnpx:X_hardwareId>
+    <pnpx:X_compatibleId xmlns:pnpx="http://schemas.microsoft.com/windows/pnpx/2005/11">GenericUmPass</pnpx:X_compatibleId>
+    <pnpx:X_deviceCategory xmlns:pnpx="http://schemas.microsoft.com/windows/pnpx/2005/11">NetworkInfrastructure.Gateway</pnpx:X_deviceCategory>
+    <df:X_deviceCategory xmlns:df="http://schemas.microsoft.com/windows/2008/09/devicefoundation">Network.Gateway</df:X_deviceCategory>
+    <deviceType>urn:schemas-upnp-org:device:InternetGatewayDevice:2</deviceType>
+    <friendlyName>Orange Livebox</friendlyName>
+    <manufacturer>Sagemcom</manufacturer>
+    <manufacturerURL>http://www.sagemcom.com/</manufacturerURL>
+    <modelName>Residential Livebox,(DSL,WAN Ethernet)</modelName>
+    <UDN>uuid:87895a19-50f9-3736-a87f-115c230155f8</UDN>
+    <modelDescription>Sagemcom,fr,SG30_sip-fr-4.28.35.1</modelDescription>
+    <modelNumber>3</modelNumber>
+    <serialNumber>LK14129DP441489</serialNumber>
+    <presentationURL>http://192.168.1.1</presentationURL>
+    <UPC></UPC>
+    <iconList>
+      <icon>
+        <mimetype>image/png</mimetype>
+        <width>16</width>
+        <height>16</height>
+        <depth>8</depth>
+        <url>/87895a19/ligd.png</url>
+      </icon>
+    </iconList>
+    <deviceList>
+      <device>
+        <deviceType>urn:schemas-upnp-org:device:WANDevice:2</deviceType>
+        <friendlyName>WANDevice</friendlyName>
+        <manufacturer>Sagemcom</manufacturer>
+        <manufacturerURL>http://www.sagemcom.com/</manufacturerURL>
+        <modelDescription>WAN Device on Sagemcom,fr,SG30_sip-fr-4.28.35.1</modelDescription>
+        <modelName>Residential Livebox,(DSL,WAN Ethernet)</modelName>
+        <modelNumber>3</modelNumber>
+        <modelURL>http://www.sagemcom.com/</modelURL>
+        <serialNumber>LK14129DP441489</serialNumber>
+        <presentationURL>http://192.168.1.1</presentationURL>
+        <UDN>uuid:e2397374-53d8-3fc6-8306-593ba1a34625</UDN>
+        <UPC></UPC>
+        <serviceList>
+          <service>
+            <serviceType>urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1</serviceType>
+            <serviceId>urn:upnp-org:serviceId:WANCommonIFC1</serviceId>
+            <controlURL>/87895a19/upnp/control/WANCommonIFC1</controlURL>
+            <eventSubURL>/87895a19/upnp/control/WANCommonIFC1</eventSubURL>
+            <SCPDURL>/87895a19/gateicfgSCPD.xml</SCPDURL>
+          </service>
+        </serviceList>
+        <deviceList>
+          <device>
+            <deviceType>urn:schemas-upnp-org:device:WANConnectionDevice:2</deviceType>
+            <friendlyName>WANConnectionDevice</friendlyName>
+            <manufacturer>Sagemcom</manufacturer>
+            <manufacturerURL>http://www.sagemcom.com/</manufacturerURL>
+            <modelDescription>WanConnectionDevice on Sagemcom,fr,SG30_sip-fr-4.28.35.1</modelDescription>
+            <modelName>Residential Livebox,(DSL,WAN Ethernet)</modelName>
+            <modelNumber>3</modelNumber>
+            <modelURL>http://www.sagemcom.com/</modelURL>
+            <serialNumber>LK14129DP441489</serialNumber>
+            <presentationURL>http://192.168.1.1</presentationURL>
+            <UDN>uuid:44598a08-288e-32c9-8a4d-d3c008ede331</UDN>
+            <UPC></UPC>
+            <serviceList>
+              <service>
+                <serviceType>urn:schemas-upnp-org:service:WANPPPConnection:2</serviceType>
+                <serviceId>urn:upnp-org:serviceId:WANIPConn1</serviceId>
+                <controlURL>/87895a19/upnp/control/WANIPConn1</controlURL>
+                <eventSubURL>/87895a19/upnp/control/WANIPConn1</eventSubURL>
+                <SCPDURL>/87895a19/gateconnSCPD_PPP.xml</SCPDURL>
+              </service>
+             <service>
+                <serviceType>urn:schemas-upnp-org:service:WANIPv6FirewallControl:1</serviceType>
+                <serviceId>urn:upnp-org:serviceId:WANIPv6FwCtrl1</serviceId>
+                <controlURL>/87895a19/upnp/control/WANIPv6FwCtrl1</controlURL>
+                <eventSubURL>/87895a19/upnp/control/WANIPv6FwCtrl1</eventSubURL>
+                <SCPDURL>/87895a19/wanipv6fwctrlSCPD.xml</SCPDURL>
+              </service>
+            </serviceList>
+          </device>
+        </deviceList>
+      </device>
+    </deviceList>
+  </device>
+</root>
\ No newline at end of file
diff --git a/ext/miniupnpc/testigddescparse.c b/ext/miniupnpc/testigddescparse.c
new file mode 100644
index 0000000..c1907fd
--- /dev/null
+++ b/ext/miniupnpc/testigddescparse.c
@@ -0,0 +1,187 @@
+/* $Id: testigddescparse.c,v 1.10 2015/08/06 09:55:24 nanard Exp $ */
+/* Project : miniupnp
+ * http://miniupnp.free.fr/
+ * Author : Thomas Bernard
+ * Copyright (c) 2008-2015 Thomas Bernard
+ * This software is subject to the conditions detailed in the
+ * LICENCE file provided in this distribution.
+ * */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "igd_desc_parse.h"
+#include "minixml.h"
+#include "miniupnpc.h"
+
+/* count number of differences */
+int compare_service(struct IGDdatas_service * s, FILE * f)
+{
+	int n = 0;
+	char line[1024];
+
+	while(fgets(line, sizeof(line), f)) {
+		char * value;
+		char * equal;
+		char * name;
+		char * parsedvalue;
+		int l;
+		l = strlen(line);
+		while((l > 0) && ((line[l-1] == '\r') || (line[l-1] == '\n') || (line[l-1] == ' ')))
+			line[--l] = '\0';
+		if(l == 0)
+			break;	/* end on blank line */
+		if(line[0] == '#')
+			continue;	/* skip comments */
+		equal = strchr(line, '=');
+		if(equal == NULL) {
+			fprintf(stderr, "Warning, line does not contain '=' : %s\n", line);
+			continue;
+		}
+		*equal = '\0';
+		name = line;
+		while(*name == ' ' || *name == '\t')
+			name++;
+		l = strlen(name);
+		while((l > 0) && (name[l-1] == ' ' || name[l-1] == '\t'))
+			name[--l] = '\0';
+		value = equal + 1;
+		while(*value == ' ' || *value == '\t')
+			value++;
+		if(strcmp(name, "controlurl") == 0)
+			parsedvalue = s->controlurl;
+		else if(strcmp(name, "eventsuburl") == 0)
+			parsedvalue = s->eventsuburl;
+		else if(strcmp(name, "scpdurl") == 0)
+			parsedvalue = s->scpdurl;
+		else if(strcmp(name, "servicetype") == 0)
+			parsedvalue = s->servicetype;
+		else {
+			fprintf(stderr, "unknown field '%s'\n", name);
+			continue;
+		}
+		if(0 != strcmp(parsedvalue, value)) {
+			fprintf(stderr, "difference : '%s' != '%s'\n", parsedvalue, value);
+			n++;
+		}
+	}
+	return n;
+}
+
+int compare_igd(struct IGDdatas * p, FILE * f)
+{
+	int n = 0;
+	char line[1024];
+	struct IGDdatas_service * s;
+
+	while(fgets(line, sizeof(line), f)) {
+		char * colon;
+		int l = (int)strlen(line);
+		while((l > 0) && (line[l-1] == '\r' || (line[l-1] == '\n')))
+			line[--l] = '\0';
+		if(l == 0 || line[0] == '#')
+			continue;	/* skip blank lines and comments */
+		colon = strchr(line, ':');
+		if(colon == NULL) {
+			fprintf(stderr, "Warning, no ':' : %s\n", line);
+			continue;
+		}
+		s = NULL;
+		*colon = '\0';
+		if(strcmp(line, "CIF") == 0)
+			s = &p->CIF;
+		else if(strcmp(line, "first") == 0)
+			s = &p->first;
+		else if(strcmp(line, "second") == 0)
+			s = &p->second;
+		else if(strcmp(line, "IPv6FC") == 0)
+			s = &p->IPv6FC;
+		else {
+			s = NULL;
+			fprintf(stderr, "*** unknown service '%s' ***\n", line);
+			n++;
+			continue;
+		}
+		n += compare_service(s, f);
+	}
+	if(n > 0)
+		fprintf(stderr, "*** %d difference%s ***\n", n, (n > 1) ? "s" : "");
+	return n;
+}
+
+int test_igd_desc_parse(char * buffer, int len, FILE * f)
+{
+	int n;
+	struct IGDdatas igd;
+	struct xmlparser parser;
+	struct UPNPUrls urls;
+
+	memset(&igd, 0, sizeof(struct IGDdatas));
+	memset(&parser, 0, sizeof(struct xmlparser));
+	parser.xmlstart = buffer;
+	parser.xmlsize = len;
+	parser.data = &igd;
+	parser.starteltfunc = IGDstartelt;
+	parser.endeltfunc = IGDendelt;
+	parser.datafunc = IGDdata;
+	parsexml(&parser);
+#ifdef DEBUG
+	printIGD(&igd);
+#endif /* DEBUG */
+	GetUPNPUrls(&urls, &igd, "http://fake/desc/url/file.xml", 0);
+	printf("ipcondescURL='%s'\n", urls.ipcondescURL);
+	printf("controlURL='%s'\n", urls.controlURL);
+	printf("controlURL_CIF='%s'\n", urls.controlURL_CIF);
+	n = f ? compare_igd(&igd, f) : 0;
+	FreeUPNPUrls(&urls);
+	return n;
+}
+
+int main(int argc, char * * argv)
+{
+	FILE * f;
+	char * buffer;
+	int len;
+	int r;
+	if(argc<2) {
+		fprintf(stderr, "Usage: %s file.xml [file.values]\n", argv[0]);
+		return 1;
+	}
+	f = fopen(argv[1], "r");
+	if(!f) {
+		fprintf(stderr, "Cannot open %s for reading.\n", argv[1]);
+		return 1;
+	}
+	fseek(f, 0, SEEK_END);
+	len = ftell(f);
+	fseek(f, 0, SEEK_SET);
+	buffer = malloc(len);
+	if(!buffer) {
+		fprintf(stderr, "Memory allocation error.\n");
+		fclose(f);
+		return 1;
+	}
+	r = (int)fread(buffer, 1, len, f);
+	if(r != len) {
+		fprintf(stderr, "Failed to read file %s. %d out of %d bytes.\n",
+		        argv[1], r, len);
+		fclose(f);
+		free(buffer);
+		return 1;
+	}
+	fclose(f);
+	f = NULL;
+	if(argc > 2) {
+		f = fopen(argv[2], "r");
+		if(!f) {
+			fprintf(stderr, "Cannot open %s for reading.\n", argv[2]);
+			free(buffer);
+			return 1;
+		}
+	}
+	r = test_igd_desc_parse(buffer, len, f);
+	free(buffer);
+	if(f)
+		fclose(f);
+	return r;
+}
+
diff --git a/ext/miniupnpc/testminiwget.c b/ext/miniupnpc/testminiwget.c
new file mode 100644
index 0000000..5eb49ec
--- /dev/null
+++ b/ext/miniupnpc/testminiwget.c
@@ -0,0 +1,55 @@
+/* $Id: testminiwget.c,v 1.5 2016/01/24 17:24:36 nanard Exp $ */
+/* Project : miniupnp
+ * Author : Thomas Bernard
+ * Copyright (c) 2005-2016 Thomas Bernard
+ * This software is subject to the conditions detailed in the
+ * LICENCE file provided in this distribution.
+ * */
+#include <stdio.h>
+#include <stdlib.h>
+#include "miniwget.h"
+
+/**
+ * This program uses the miniwget / miniwget_getaddr function
+ * from miniwget.c in order to retreive a web ressource using
+ * a GET HTTP method, and store it in a file.
+ */
+int main(int argc, char * * argv)
+{
+	void * data;
+	int size, writtensize;
+	FILE *f;
+	char addr[64];
+	int status_code = -1;
+
+	if(argc < 3) {
+		fprintf(stderr, "Usage:\t%s url file\n", argv[0]);
+		fprintf(stderr, "Example:\t%s http://www.google.com/ out.html\n", argv[0]);
+		return 1;
+	}
+	data = miniwget_getaddr(argv[1], &size, addr, sizeof(addr), 0, &status_code);
+	if(!data || (status_code != 200)) {
+		if(data) free(data);
+		fprintf(stderr, "Error %d fetching %s\n", status_code, argv[1]);
+		return 1;
+	}
+	printf("local address : %s\n", addr);
+	printf("got %d bytes\n", size);
+	f = fopen(argv[2], "wb");
+	if(!f) {
+		fprintf(stderr, "Cannot open file %s for writing\n", argv[2]);
+		free(data);
+		return 1;
+	}
+	writtensize = fwrite(data, 1, size, f);
+	if(writtensize != size) {
+		fprintf(stderr, "Could only write %d bytes out of %d to %s\n",
+		        writtensize, size, argv[2]);
+	} else {
+		printf("%d bytes written to %s\n", writtensize, argv[2]);
+	}
+	fclose(f);
+	free(data);
+	return 0;
+}
+
diff --git a/ext/miniupnpc/testminiwget.sh b/ext/miniupnpc/testminiwget.sh
new file mode 100755
index 0000000..690b405
--- /dev/null
+++ b/ext/miniupnpc/testminiwget.sh
@@ -0,0 +1,96 @@
+#!/bin/sh
+# $Id: testminiwget.sh,v 1.13 2015/09/03 17:57:44 nanard Exp $
+# project miniupnp : http://miniupnp.free.fr/
+# (c) 2011-2015 Thomas Bernard
+#
+# test program for miniwget.c
+# is usually invoked by "make check"
+#
+# This test program :
+#  1 - launches a local HTTP server (minihttptestserver)
+#  2 - uses testminiwget to retreive data from this server
+#  3 - compares served and received data
+#  4 - kills the local HTTP server and exits
+#
+# The script was tested and works with ksh, bash
+# it should now also run with dash
+
+TMPD=`mktemp -d -t miniwgetXXXXXXXXXX`
+HTTPSERVEROUT="${TMPD}/httpserverout"
+EXPECTEDFILE="${TMPD}/expectedfile"
+DOWNLOADEDFILE="${TMPD}/downloadedfile"
+PORT=
+RET=0
+
+case "$HAVE_IPV6" in
+    n|no|0)
+        ADDR=localhost
+        SERVERARGS=""
+        ;;
+    *)
+        ADDR="[::1]"
+        SERVERARGS="-6"
+        ;;
+
+esac
+
+#make minihttptestserver
+#make testminiwget
+
+# launching the test HTTP server
+./minihttptestserver $SERVERARGS -e $EXPECTEDFILE > $HTTPSERVEROUT &
+SERVERPID=$!
+while [ -z "$PORT" ]; do
+	sleep 1
+	PORT=`cat $HTTPSERVEROUT | sed 's/Listening on port \([0-9]*\)/\1/' `
+done
+echo "Test HTTP server is listening on $PORT"
+
+URL1="http://$ADDR:$PORT/index.html"
+URL2="http://$ADDR:$PORT/chunked"
+URL3="http://$ADDR:$PORT/addcrap"
+
+echo "standard test ..."
+./testminiwget $URL1 "${DOWNLOADEDFILE}.1"
+if cmp $EXPECTEDFILE "${DOWNLOADEDFILE}.1" ; then
+	echo "ok"
+else
+	echo "standard test FAILED"
+	RET=1
+fi
+
+echo "chunked transfert encoding test ..."
+./testminiwget $URL2 "${DOWNLOADEDFILE}.2"
+if cmp $EXPECTEDFILE "${DOWNLOADEDFILE}.2" ; then
+	echo "ok"
+else
+	echo "chunked transfert encoding test FAILED"
+	RET=1
+fi
+
+echo "response too long test ..."
+./testminiwget $URL3 "${DOWNLOADEDFILE}.3"
+if cmp $EXPECTEDFILE "${DOWNLOADEDFILE}.3" ; then
+	echo "ok"
+else
+	echo "response too long test FAILED"
+	RET=1
+fi
+
+# kill the test HTTP server
+kill $SERVERPID
+wait $SERVERPID
+
+# remove temporary files (for success cases)
+if [ $RET -eq 0 ]; then
+	rm -f "${DOWNLOADEDFILE}.1"
+	rm -f "${DOWNLOADEDFILE}.2"
+	rm -f "${DOWNLOADEDFILE}.3"
+	rm -f $EXPECTEDFILE $HTTPSERVEROUT
+	rmdir ${TMPD}
+else
+	echo "at least one of the test FAILED"
+	echo "directory ${TMPD} is left intact"
+fi
+exit $RET
+
diff --git a/ext/miniupnpc/testminixml.c b/ext/miniupnpc/testminixml.c
new file mode 100644
index 0000000..57c4a85
--- /dev/null
+++ b/ext/miniupnpc/testminixml.c
@@ -0,0 +1,89 @@
+/* $Id: testminixml.c,v 1.10 2014/11/17 17:19:13 nanard Exp $
+ * MiniUPnP project
+ * Website : http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
+ * Author : Thomas Bernard.
+ * Copyright (c) 2005-2014 Thomas Bernard
+ *
+ * testminixml.c
+ * test program for the "minixml" functions.
+ */
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include "minixml.h"
+#include "igd_desc_parse.h"
+
+/* ---------------------------------------------------------------------- */
+void printeltname1(void * d, const char * name, int l)
+{
+	int i;
+	(void)d;
+	printf("element ");
+	for(i=0;i<l;i++)
+		putchar(name[i]);
+}
+void printeltname2(void * d, const char * name, int l)
+{
+	int i;
+	(void)d;
+	putchar('/');
+	for(i=0;i<l;i++)
+		putchar(name[i]);
+	putchar('\n');
+}
+void printdata(void *d, const char * data, int l)
+{
+	int i;
+	(void)d;
+	printf("data : ");
+	for(i=0;i<l;i++)
+		putchar(data[i]);
+	putchar('\n');
+}
+
+void burptest(const char * buffer, int bufsize)
+{
+	struct IGDdatas data;
+	struct xmlparser parser;
+	/*objet IGDdatas */
+	memset(&data, 0, sizeof(struct IGDdatas));
+	/* objet xmlparser */
+	parser.xmlstart = buffer;
+	parser.xmlsize = bufsize;
+	parser.data = &data;
+	/*parser.starteltfunc = printeltname1;
+	parser.endeltfunc = printeltname2;
+	parser.datafunc = printdata; */
+	parser.starteltfunc = IGDstartelt;
+	parser.endeltfunc = IGDendelt;
+	parser.datafunc = IGDdata;
+	parsexml(&parser);
+#ifdef DEBUG
+	printIGD(&data);
+#endif /* DEBUG */
+}
+
+/* ----- main ---- */
+#define XML_MAX_SIZE (8192)
+int main(int argc, char * * argv)
+{
+	FILE * f;
+	char buffer[XML_MAX_SIZE];
+	int bufsize;
+	if(argc<2)
+	{
+		printf("usage:\t%s file.xml\n", argv[0]);
+		return 1;
+	}
+	f = fopen(argv[1], "r");
+	if(!f)
+	{
+		printf("cannot open file %s\n", argv[1]);
+		return 1;
+	}
+	bufsize = (int)fread(buffer, 1, XML_MAX_SIZE, f);
+	fclose(f);
+	burptest(buffer, bufsize);
+	return 0;
+}
+
diff --git a/ext/miniupnpc/testportlistingparse.c b/ext/miniupnpc/testportlistingparse.c
new file mode 100644
index 0000000..bd9247d
--- /dev/null
+++ b/ext/miniupnpc/testportlistingparse.c
@@ -0,0 +1,151 @@
+/* $Id: testportlistingparse.c,v 1.2 2014/11/01 10:37:32 nanard Exp $ */
+/* Project : miniupnp
+ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
+ * Author : Thomas Bernard
+ * Copyright (c) 2014 Thomas Bernard
+ * This software is subject to the conditions detailed in the
+ * LICENCE file provided in this distribution.
+ * */
+
+#include <string.h>
+#include <stdio.h>
+#include "portlistingparse.h"
+
+struct port_mapping {
+	unsigned int leasetime;
+	unsigned short externalport;
+	unsigned short internalport;
+	const char * remotehost;
+	const char * client;
+	const char * proto;
+	const char * desc;
+	unsigned char enabled;
+};
+
+/* return the number of differences */
+int test(const char * portListingXml, int portListingXmlLen,
+         const struct port_mapping * ref, int count)
+{
+	int i;
+	int r = 0;
+	struct PortMappingParserData data;
+	struct PortMapping * pm;
+
+	memset(&data, 0, sizeof(data));
+	ParsePortListing(portListingXml, portListingXmlLen, &data);
+	for(i = 0, pm = data.l_head;
+	    (pm != NULL) && (i < count);
+	    i++, pm = pm->l_next) {
+		printf("%2d %s %5hu->%s:%-5hu '%s' '%s' %u\n",
+		       i, pm->protocol, pm->externalPort, pm->internalClient,
+		       pm->internalPort,
+		       pm->description, pm->remoteHost,
+		       (unsigned)pm->leaseTime);
+		if(0 != strcmp(pm->protocol, ref[i].proto)) {
+			printf("protocol : '%s' != '%s'\n", pm->protocol, ref[i].proto);
+			r++;
+		}
+		if(pm->externalPort != ref[i].externalport) {
+			printf("externalPort : %hu != %hu\n",
+			       pm->externalPort, ref[i].externalport);
+			r++;
+		}
+		if(0 != strcmp(pm->internalClient, ref[i].client)) {
+			printf("client : '%s' != '%s'\n",
+			       pm->internalClient, ref[i].client);
+			r++;
+		}
+		if(pm->internalPort != ref[i].internalport) {
+			printf("internalPort : %hu != %hu\n",
+			       pm->internalPort, ref[i].internalport);
+			r++;
+		}
+		if(0 != strcmp(pm->description, ref[i].desc)) {
+			printf("description : '%s' != '%s'\n",
+			       pm->description, ref[i].desc);
+			r++;
+		}
+		if(0 != strcmp(pm->remoteHost, ref[i].remotehost)) {
+			printf("remoteHost : '%s' != '%s'\n",
+			       pm->remoteHost, ref[i].remotehost);
+			r++;
+		}
+		if((unsigned)pm->leaseTime != ref[i].leasetime) {
+			printf("leaseTime : %u != %u\n",
+			       (unsigned)pm->leaseTime, ref[i].leasetime);
+			r++;
+		}
+		if(pm->enabled != ref[i].enabled) {
+			printf("enabled : %d != %d\n",
+			       (int)pm->enabled, (int)ref[i].enabled);
+			r++;
+		}
+	}
+	if((i != count) || (pm != NULL)) {
+		printf("count mismatch : i=%d count=%d pm=%p\n", i, count, pm);
+		r++;
+	}
+	FreePortListing(&data);
+	return r;
+}
+
+const char test_document[] =
+"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
+"<p:PortMappingList xmlns:p=\"urn:schemas-upnp-org:gw:WANIPConnection\"\n"
+"xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" \n"
+"xsi:schemaLocation=\"urn:schemas-upnp-org:gw:WANIPConnection "
+"http://www.upnp.org/schemas/gw/WANIPConnection-v2.xsd\">\n"
+" <p:PortMappingEntry>\n"
+"  <p:NewRemoteHost></p:NewRemoteHost>\n"
+"  <p:NewExternalPort>5002</p:NewExternalPort>\n"
+"  <p:NewProtocol>UDP</p:NewProtocol>\n"
+"  <p:NewInternalPort>4001</p:NewInternalPort>\n"
+"  <p:NewInternalClient>192.168.1.123</p:NewInternalClient>\n"
+"  <p:NewEnabled>1</p:NewEnabled>\n"
+"  <p:NewDescription>xxx</p:NewDescription>\n"
+"  <p:NewLeaseTime>0</p:NewLeaseTime>\n"
+" </p:PortMappingEntry>\n"
+" <p:PortMappingEntry>\n"
+"  <p:NewRemoteHost>202.233.2.1</p:NewRemoteHost>\n"
+"  <p:NewExternalPort>2345</p:NewExternalPort>\n"
+"  <p:NewProtocol>TCP</p:NewProtocol>\n"
+"  <p:NewInternalPort>2349</p:NewInternalPort>\n"
+"  <p:NewInternalClient>192.168.1.137</p:NewInternalClient>\n"
+"  <p:NewEnabled>1</p:NewEnabled>\n"
+"  <p:NewDescription>dooom</p:NewDescription>\n"
+"  <p:NewLeaseTime>346</p:NewLeaseTime>\n"
+" </p:PortMappingEntry>\n"
+" <p:PortMappingEntry>\n"
+"  <p:NewRemoteHost>134.231.2.11</p:NewRemoteHost>\n"
+"  <p:NewExternalPort>12345</p:NewExternalPort>\n"
+"  <p:NewProtocol>TCP</p:NewProtocol>\n"
+"  <p:NewInternalPort>12345</p:NewInternalPort>\n"
+"  <p:NewInternalClient>192.168.1.137</p:NewInternalClient>\n"
+"  <p:NewEnabled>1</p:NewEnabled>\n"
+"  <p:NewDescription>dooom A</p:NewDescription>\n"
+"  <p:NewLeaseTime>347</p:NewLeaseTime>\n"
+" </p:PortMappingEntry>\n"
+"</p:PortMappingList>";
+
+#define PORT_MAPPINGS_COUNT 3
+const struct port_mapping port_mappings[PORT_MAPPINGS_COUNT] = {
+{347, 12345, 12345, "134.231.2.11", "192.168.1.137", "TCP", "dooom A", 1},
+{346, 2345, 2349, "202.233.2.1", "192.168.1.137", "TCP", "dooom", 1},
+{0, 5002, 4001, "", "192.168.1.123", "UDP", "xxx", 1}
+};
+
+/* --- main --- */
+int main(void)
+{
+	int r;
+	r = test(test_document, sizeof(test_document) - 1,
+	         port_mappings, PORT_MAPPINGS_COUNT);
+	if(r == 0) {
+		printf("test of portlistingparse OK\n");
+		return 0;
+	} else {
+		printf("test FAILED (%d differences counted)\n", r);
+		return 1;
+	}
+}
+
diff --git a/ext/miniupnpc/testreplyparse/DeletePortMapping.namevalue b/ext/miniupnpc/testreplyparse/DeletePortMapping.namevalue
new file mode 100644
index 0000000..48ca0cc
--- /dev/null
+++ b/ext/miniupnpc/testreplyparse/DeletePortMapping.namevalue
@@ -0,0 +1,3 @@
+NewRemoteHost=
+NewExternalPort=123
+NewProtocol=TCP
diff --git a/ext/miniupnpc/testreplyparse/DeletePortMapping.xml b/ext/miniupnpc/testreplyparse/DeletePortMapping.xml
new file mode 100644
index 0000000..a955c53
--- /dev/null
+++ b/ext/miniupnpc/testreplyparse/DeletePortMapping.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0"?>
+<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:DeletePortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>123</NewExternalPort>
+<NewProtocol>TCP</NewProtocol></u:DeletePortMapping></s:Body>
+ 
+</s:Envelope>
+
diff --git a/ext/miniupnpc/testreplyparse/GetExternalIPAddress.namevalue b/ext/miniupnpc/testreplyparse/GetExternalIPAddress.namevalue
new file mode 100644
index 0000000..5aa75f8
--- /dev/null
+++ b/ext/miniupnpc/testreplyparse/GetExternalIPAddress.namevalue
@@ -0,0 +1,2 @@
+NewExternalIPAddress=1.2.3.4
+
diff --git a/ext/miniupnpc/testreplyparse/GetExternalIPAddress.xml b/ext/miniupnpc/testreplyparse/GetExternalIPAddress.xml
new file mode 100644
index 0000000..db7ec1f
--- /dev/null
+++ b/ext/miniupnpc/testreplyparse/GetExternalIPAddress.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0"?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:GetExternalIPAddressResponse xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewExternalIPAddress>1.2.3.4</NewExternalIPAddress></u:GetExternalIPAddressResponse></s:Body></s:Envelope>
+
diff --git a/ext/miniupnpc/testreplyparse/GetSpecificPortMappingEntryReq.namevalue b/ext/miniupnpc/testreplyparse/GetSpecificPortMappingEntryReq.namevalue
new file mode 100644
index 0000000..26b169c
--- /dev/null
+++ b/ext/miniupnpc/testreplyparse/GetSpecificPortMappingEntryReq.namevalue
@@ -0,0 +1,3 @@
+NewProtocol=UDP
+NewExternalPort=12345
+NewRemoteHost=
diff --git a/ext/miniupnpc/testreplyparse/GetSpecificPortMappingEntryReq.xml b/ext/miniupnpc/testreplyparse/GetSpecificPortMappingEntryReq.xml
new file mode 100644
index 0000000..bbb540e
--- /dev/null
+++ b/ext/miniupnpc/testreplyparse/GetSpecificPortMappingEntryReq.xml
@@ -0,0 +1,3 @@
+<?xml version="1.0"?>
+<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:GetSpecificPortMappingEntry xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>12345</NewExternalPort><NewProtocol>UDP</NewProtocol></u:GetSpecificPortMappingEntry></s:Body></s:Envelope>
+
diff --git a/ext/miniupnpc/testreplyparse/GetSpecificPortMappingEntryResp.namevalue b/ext/miniupnpc/testreplyparse/GetSpecificPortMappingEntryResp.namevalue
new file mode 100644
index 0000000..2189789
--- /dev/null
+++ b/ext/miniupnpc/testreplyparse/GetSpecificPortMappingEntryResp.namevalue
@@ -0,0 +1,5 @@
+NewInternalPort=12345
+NewInternalClient=192.168.10.110
+NewEnabled=1
+NewPortMappingDescription=libminiupnpc
+NewLeaseDuration=0
diff --git a/ext/miniupnpc/testreplyparse/GetSpecificPortMappingEntryResp.xml b/ext/miniupnpc/testreplyparse/GetSpecificPortMappingEntryResp.xml
new file mode 100644
index 0000000..77e8d9c
--- /dev/null
+++ b/ext/miniupnpc/testreplyparse/GetSpecificPortMappingEntryResp.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0"?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:GetSpecificPortMappingEntryResponse xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewInternalPort>12345</NewInternalPort><NewInternalClient>192.168.10.110</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>libminiupnpc</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:GetSpecificPortMappingEntryResponse></s:Body></s:Envelope>
+
diff --git a/ext/miniupnpc/testreplyparse/SetDefaultConnectionService.namevalue b/ext/miniupnpc/testreplyparse/SetDefaultConnectionService.namevalue
new file mode 100644
index 0000000..f78c7e2
--- /dev/null
+++ b/ext/miniupnpc/testreplyparse/SetDefaultConnectionService.namevalue
@@ -0,0 +1 @@
+NewDefaultConnectionService=uuid:c6c05a33-f704-48df-9910-e099b3471d81:WANConnectionDevice:1,INVALID_SERVICE_ID
diff --git a/ext/miniupnpc/testreplyparse/SetDefaultConnectionService.xml b/ext/miniupnpc/testreplyparse/SetDefaultConnectionService.xml
new file mode 100644
index 0000000..ac04c07
--- /dev/null
+++ b/ext/miniupnpc/testreplyparse/SetDefaultConnectionService.xml
@@ -0,0 +1 @@
+<?xml version="1.0" encoding="utf-8"?><s:Envelope s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><u:SetDefaultConnectionService xmlns:u="urn:schemas-upnp-org:service:Layer3Forwarding:1"><NewDefaultConnectionService>uuid:c6c05a33-f704-48df-9910-e099b3471d81:WANConnectionDevice:1,INVALID_SERVICE_ID</NewDefaultConnectionService></u:SetDefaultConnectionService></s:Body></s:Envelope>
diff --git a/ext/miniupnpc/testreplyparse/readme.txt b/ext/miniupnpc/testreplyparse/readme.txt
new file mode 100644
index 0000000..3eb1f01
--- /dev/null
+++ b/ext/miniupnpc/testreplyparse/readme.txt
@@ -0,0 +1,7 @@
+This directory contains files used for validation of upnpreplyparse.c code.
+
+Each .xml file to parse should give the results which are in the .namevalue
+file.
+
+A .namevalue file contain name=value lines.
+
diff --git a/ext/miniupnpc/testupnpigd.py b/ext/miniupnpc/testupnpigd.py
new file mode 100755
index 0000000..6d167a4
--- /dev/null
+++ b/ext/miniupnpc/testupnpigd.py
@@ -0,0 +1,84 @@
+#! /usr/bin/python
+# $Id: testupnpigd.py,v 1.4 2008/10/11 10:27:20 nanard Exp $
+# MiniUPnP project
+# Author : Thomas Bernard
+# This Sample code is public domain.
+# website : http://miniupnp.tuxfamily.org/
+
+# import the python miniupnpc module
+import miniupnpc
+import socket
+import BaseHTTPServer
+
+# function definition
+def list_redirections():
+	i = 0
+	while True:
+		p = u.getgenericportmapping(i)
+		if p==None:
+			break
+		print i, p
+		i = i + 1
+
+#define the handler class for HTTP connections
+class handler_class(BaseHTTPServer.BaseHTTPRequestHandler):
+	def do_GET(self):
+		self.send_response(200)
+		self.end_headers()
+		self.wfile.write("OK MON GARS")
+
+# create the object
+u = miniupnpc.UPnP()
+#print 'inital(default) values :'
+#print ' discoverdelay', u.discoverdelay
+#print ' lanaddr', u.lanaddr
+#print ' multicastif', u.multicastif
+#print ' minissdpdsocket', u.minissdpdsocket
+u.discoverdelay = 200;
+
+try:
+	print 'Discovering... delay=%ums' % u.discoverdelay
+	ndevices = u.discover()
+	print ndevices, 'device(s) detected'
+
+	# select an igd
+	u.selectigd()
+	# display information about the IGD and the internet connection
+	print 'local ip address :', u.lanaddr
+	externalipaddress = u.externalipaddress()
+	print 'external ip address :', externalipaddress
+	print u.statusinfo(), u.connectiontype()
+
+	#instanciate a HTTPd object. The port is assigned by the system.
+	httpd = BaseHTTPServer.HTTPServer((u.lanaddr, 0), handler_class)
+	eport = httpd.server_port
+
+	# find a free port for the redirection
+	r = u.getspecificportmapping(eport, 'TCP')
+	while r != None and eport < 65536:
+		eport = eport + 1
+		r = u.getspecificportmapping(eport, 'TCP')
+
+	print 'trying to redirect %s port %u TCP => %s port %u TCP' % (externalipaddress, eport, u.lanaddr, httpd.server_port)
+
+	b = u.addportmapping(eport, 'TCP', u.lanaddr, httpd.server_port,
+	                    'UPnP IGD Tester port %u' % eport, '')
+	if b:
+		print 'Success. Now waiting for some HTTP request on http://%s:%u' % (externalipaddress ,eport)
+		try:
+			httpd.handle_request()
+			httpd.server_close()
+		except KeyboardInterrupt, details:
+			print "CTRL-C exception!", details
+		b = u.deleteportmapping(eport, 'TCP')
+		if b:
+			print 'Successfully deleted port mapping'
+		else:
+			print 'Failed to remove port mapping'
+	else:
+		print 'Failed'
+
+	httpd.server_close()
+
+except Exception, e:
+	print 'Exception :', e
diff --git a/ext/miniupnpc/testupnpreplyparse.c b/ext/miniupnpc/testupnpreplyparse.c
new file mode 100644
index 0000000..7ba7131
--- /dev/null
+++ b/ext/miniupnpc/testupnpreplyparse.c
@@ -0,0 +1,96 @@
+/* $Id: testupnpreplyparse.c,v 1.4 2014/01/27 11:45:19 nanard Exp $ */
+/* MiniUPnP project
+ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
+ * (c) 2006-2014 Thomas Bernard
+ * This software is subject to the conditions detailed
+ * in the LICENCE file provided within the distribution */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "upnpreplyparse.h"
+
+int
+test_parsing(const char * buf, int len, FILE * f)
+{
+	char line[1024];
+	struct NameValueParserData pdata;
+	int ok = 1;
+	ParseNameValue(buf, len, &pdata);
+	/* check result */
+	if(f != NULL)
+	{
+		while(fgets(line, sizeof(line), f))
+		{
+			char * value;
+			char * equal;
+			char * parsedvalue;
+			int l;
+			l = strlen(line);
+			while((l > 0) && ((line[l-1] == '\r') || (line[l-1] == '\n')))
+				line[--l] = '\0';
+			/* skip empty lines */
+			if(l == 0)
+				continue;
+			equal = strchr(line, '=');
+			if(equal == NULL)
+			{
+				fprintf(stderr, "Warning, line does not contain '=' : %s\n", line);
+				continue;
+			}
+			*equal = '\0';
+			value = equal + 1;
+			parsedvalue = GetValueFromNameValueList(&pdata, line);
+			if((parsedvalue == NULL) || (strcmp(parsedvalue, value) != 0))
+			{
+				fprintf(stderr, "Element <%s> : expecting value '%s', got '%s'\n",
+				        line, value, parsedvalue ? parsedvalue : "<null string>");
+				ok = 0;
+			}
+		}
+	}
+	ClearNameValueList(&pdata);
+	return ok;
+}
+
+int main(int argc, char * * argv)
+{
+	FILE * f;
+	char buffer[4096];
+	int l;
+	int ok;
+
+	if(argc<2)
+	{
+		fprintf(stderr, "Usage: %s file.xml [file.namevalues]\n", argv[0]);
+		return 1;
+	}
+	f = fopen(argv[1], "r");
+	if(!f)
+	{
+		fprintf(stderr, "Error : can not open file %s\n", argv[1]);
+		return 2;
+	}
+	l = fread(buffer, 1, sizeof(buffer)-1, f);
+	fclose(f);
+	f = NULL;
+	buffer[l] = '\0';
+	if(argc > 2)
+	{
+		f = fopen(argv[2], "r");
+		if(!f)
+		{
+			fprintf(stderr, "Error : can not open file %s\n", argv[2]);
+			return 2;
+		}
+	}
+#ifdef DEBUG
+	DisplayNameValueList(buffer, l);
+#endif
+	ok = test_parsing(buffer, l, f);
+	if(f)
+	{
+		fclose(f);
+	}
+	return ok ? 0 : 3;
+}
+
diff --git a/ext/miniupnpc/testupnpreplyparse.sh b/ext/miniupnpc/testupnpreplyparse.sh
new file mode 100755
index 0000000..992930b
--- /dev/null
+++ b/ext/miniupnpc/testupnpreplyparse.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+for f in testreplyparse/*.xml ; do
+	bf="`dirname $f`/`basename $f .xml`"
+	if ./testupnpreplyparse $f $bf.namevalue ; then
+		echo "$f : passed"
+	else
+		echo "$f : FAILED"
+		exit 1
+	fi
+done
+
+exit 0
+
diff --git a/ext/miniupnpc/updateminiupnpcstrings.sh b/ext/miniupnpc/updateminiupnpcstrings.sh
new file mode 100755
index 0000000..dde4354
--- /dev/null
+++ b/ext/miniupnpc/updateminiupnpcstrings.sh
@@ -0,0 +1,53 @@
+#! /bin/sh
+# $Id: updateminiupnpcstrings.sh,v 1.7 2011/01/04 11:41:53 nanard Exp $
+# project miniupnp : http://miniupnp.free.fr/
+# (c) 2009 Thomas Bernard
+
+FILE=miniupnpcstrings.h
+TMPFILE=miniupnpcstrings.h.tmp
+TEMPLATE_FILE=${FILE}.in
+
+# detecting the OS name and version
+OS_NAME=`uname -s`
+OS_VERSION=`uname -r`
+if [ -f /etc/debian_version ]; then
+	OS_NAME=Debian
+	OS_VERSION=`cat /etc/debian_version`
+fi
+# use lsb_release (Linux Standard Base) when available
+LSB_RELEASE=`which lsb_release`
+if [ 0 -eq $? -a -x "${LSB_RELEASE}" ]; then
+	OS_NAME=`${LSB_RELEASE} -i -s`
+	OS_VERSION=`${LSB_RELEASE} -r -s`
+	case $OS_NAME in
+		Debian)
+			#OS_VERSION=`${LSB_RELEASE} -c -s`
+			;;
+		Ubuntu)
+			#OS_VERSION=`${LSB_RELEASE} -c -s`
+			;;
+	esac
+fi
+
+# on AmigaOS 3, uname -r returns "unknown", so we use uname -v
+if [ "$OS_NAME" = "AmigaOS" ]; then
+	if [ "$OS_VERSION" = "unknown" ]; then
+		OS_VERSION=`uname -v`
+	fi
+fi
+
+echo "Detected OS [$OS_NAME] version [$OS_VERSION]"
+MINIUPNPC_VERSION=`cat VERSION`
+echo "MiniUPnPc version [${MINIUPNPC_VERSION}]"
+
+EXPR="s|OS_STRING \".*\"|OS_STRING \"${OS_NAME}/${OS_VERSION}\"|"
+#echo $EXPR
+test -f ${FILE}.in
+echo "setting OS_STRING macro value to ${OS_NAME}/${OS_VERSION} in $FILE."
+sed -e "$EXPR" < $TEMPLATE_FILE > $TMPFILE
+
+EXPR="s|MINIUPNPC_VERSION_STRING \".*\"|MINIUPNPC_VERSION_STRING \"${MINIUPNPC_VERSION}\"|"
+echo "setting MINIUPNPC_VERSION_STRING macro value to ${MINIUPNPC_VERSION} in $FILE."
+sed -e "$EXPR" < $TMPFILE > $FILE
+rm $TMPFILE
+
diff --git a/ext/miniupnpc/upnpc.c b/ext/miniupnpc/upnpc.c
new file mode 100644
index 0000000..94f131c
--- /dev/null
+++ b/ext/miniupnpc/upnpc.c
@@ -0,0 +1,835 @@
+/* $Id: upnpc.c,v 1.114 2016/01/22 15:04:23 nanard Exp $ */
+/* Project : miniupnp
+ * Author : Thomas Bernard
+ * Copyright (c) 2005-2016 Thomas Bernard
+ * This software is subject to the conditions detailed in the
+ * LICENCE file provided in this distribution. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#ifdef _WIN32
+#include <winsock2.h>
+#define snprintf _snprintf
+#else
+/* for IPPROTO_TCP / IPPROTO_UDP */
+#include <netinet/in.h>
+#endif
+#include <ctype.h>
+#include "miniwget.h"
+#include "miniupnpc.h"
+#include "upnpcommands.h"
+#include "upnperrors.h"
+#include "miniupnpcstrings.h"
+
+/* protofix() checks if protocol is "UDP" or "TCP"
+ * returns NULL if not */
+const char * protofix(const char * proto)
+{
+	static const char proto_tcp[4] = { 'T', 'C', 'P', 0};
+	static const char proto_udp[4] = { 'U', 'D', 'P', 0};
+	int i, b;
+	for(i=0, b=1; i<4; i++)
+		b = b && (   (proto[i] == proto_tcp[i])
+		          || (proto[i] == (proto_tcp[i] | 32)) );
+	if(b)
+		return proto_tcp;
+	for(i=0, b=1; i<4; i++)
+		b = b && (   (proto[i] == proto_udp[i])
+		          || (proto[i] == (proto_udp[i] | 32)) );
+	if(b)
+		return proto_udp;
+	return 0;
+}
+
+/* is_int() checks if parameter is an integer or not
+ * 1 for integer
+ * 0 for not an integer */
+int is_int(char const* s)
+{
+	if(s == NULL)
+		return 0;
+	while(*s) {
+		/* #define isdigit(c) ((c) >= '0' && (c) <= '9') */
+		if(!isdigit(*s))
+			return 0;
+		s++;
+	}
+	return 1;
+}
+
+static void DisplayInfos(struct UPNPUrls * urls,
+                         struct IGDdatas * data)
+{
+	char externalIPAddress[40];
+	char connectionType[64];
+	char status[64];
+	char lastconnerr[64];
+	unsigned int uptime = 0;
+	unsigned int brUp, brDown;
+	time_t timenow, timestarted;
+	int r;
+	if(UPNP_GetConnectionTypeInfo(urls->controlURL,
+	                              data->first.servicetype,
+	                              connectionType) != UPNPCOMMAND_SUCCESS)
+		printf("GetConnectionTypeInfo failed.\n");
+	else
+		printf("Connection Type : %s\n", connectionType);
+	if(UPNP_GetStatusInfo(urls->controlURL, data->first.servicetype,
+	                      status, &uptime, lastconnerr) != UPNPCOMMAND_SUCCESS)
+		printf("GetStatusInfo failed.\n");
+	else
+		printf("Status : %s, uptime=%us, LastConnectionError : %s\n",
+		       status, uptime, lastconnerr);
+	if(uptime > 0) {
+		timenow = time(NULL);
+		timestarted = timenow - uptime;
+		printf("  Time started : %s", ctime(&timestarted));
+	}
+	if(UPNP_GetLinkLayerMaxBitRates(urls->controlURL_CIF, data->CIF.servicetype,
+	                                &brDown, &brUp) != UPNPCOMMAND_SUCCESS) {
+		printf("GetLinkLayerMaxBitRates failed.\n");
+	} else {
+		printf("MaxBitRateDown : %u bps", brDown);
+		if(brDown >= 1000000) {
+			printf(" (%u.%u Mbps)", brDown / 1000000, (brDown / 100000) % 10);
+		} else if(brDown >= 1000) {
+			printf(" (%u Kbps)", brDown / 1000);
+		}
+		printf("   MaxBitRateUp %u bps", brUp);
+		if(brUp >= 1000000) {
+			printf(" (%u.%u Mbps)", brUp / 1000000, (brUp / 100000) % 10);
+		} else if(brUp >= 1000) {
+			printf(" (%u Kbps)", brUp / 1000);
+		}
+		printf("\n");
+	}
+	r = UPNP_GetExternalIPAddress(urls->controlURL,
+	                          data->first.servicetype,
+							  externalIPAddress);
+	if(r != UPNPCOMMAND_SUCCESS) {
+		printf("GetExternalIPAddress failed. (errorcode=%d)\n", r);
+	} else {
+		printf("ExternalIPAddress = %s\n", externalIPAddress);
+	}
+}
+
+static void GetConnectionStatus(struct UPNPUrls * urls,
+                               struct IGDdatas * data)
+{
+	unsigned int bytessent, bytesreceived, packetsreceived, packetssent;
+	DisplayInfos(urls, data);
+	bytessent = UPNP_GetTotalBytesSent(urls->controlURL_CIF, data->CIF.servicetype);
+	bytesreceived = UPNP_GetTotalBytesReceived(urls->controlURL_CIF, data->CIF.servicetype);
+	packetssent = UPNP_GetTotalPacketsSent(urls->controlURL_CIF, data->CIF.servicetype);
+	packetsreceived = UPNP_GetTotalPacketsReceived(urls->controlURL_CIF, data->CIF.servicetype);
+	printf("Bytes:   Sent: %8u\tRecv: %8u\n", bytessent, bytesreceived);
+	printf("Packets: Sent: %8u\tRecv: %8u\n", packetssent, packetsreceived);
+}
+
+static void ListRedirections(struct UPNPUrls * urls,
+                             struct IGDdatas * data)
+{
+	int r;
+	int i = 0;
+	char index[6];
+	char intClient[40];
+	char intPort[6];
+	char extPort[6];
+	char protocol[4];
+	char desc[80];
+	char enabled[6];
+	char rHost[64];
+	char duration[16];
+	/*unsigned int num=0;
+	UPNP_GetPortMappingNumberOfEntries(urls->controlURL, data->servicetype, &num);
+	printf("PortMappingNumberOfEntries : %u\n", num);*/
+	printf(" i protocol exPort->inAddr:inPort description remoteHost leaseTime\n");
+	do {
+		snprintf(index, 6, "%d", i);
+		rHost[0] = '\0'; enabled[0] = '\0';
+		duration[0] = '\0'; desc[0] = '\0';
+		extPort[0] = '\0'; intPort[0] = '\0'; intClient[0] = '\0';
+		r = UPNP_GetGenericPortMappingEntry(urls->controlURL,
+		                               data->first.servicetype,
+		                               index,
+		                               extPort, intClient, intPort,
+									   protocol, desc, enabled,
+									   rHost, duration);
+		if(r==0)
+		/*
+			printf("%02d - %s %s->%s:%s\tenabled=%s leaseDuration=%s\n"
+			       "     desc='%s' rHost='%s'\n",
+			       i, protocol, extPort, intClient, intPort,
+				   enabled, duration,
+				   desc, rHost);
+				   */
+			printf("%2d %s %5s->%s:%-5s '%s' '%s' %s\n",
+			       i, protocol, extPort, intClient, intPort,
+			       desc, rHost, duration);
+		else
+			printf("GetGenericPortMappingEntry() returned %d (%s)\n",
+			       r, strupnperror(r));
+		i++;
+	} while(r==0);
+}
+
+static void NewListRedirections(struct UPNPUrls * urls,
+                                struct IGDdatas * data)
+{
+	int r;
+	int i = 0;
+	struct PortMappingParserData pdata;
+	struct PortMapping * pm;
+
+	memset(&pdata, 0, sizeof(struct PortMappingParserData));
+	r = UPNP_GetListOfPortMappings(urls->controlURL,
+                                   data->first.servicetype,
+	                               "0",
+	                               "65535",
+	                               "TCP",
+	                               "1000",
+	                               &pdata);
+	if(r == UPNPCOMMAND_SUCCESS)
+	{
+		printf(" i protocol exPort->inAddr:inPort description remoteHost leaseTime\n");
+		for(pm = pdata.l_head; pm != NULL; pm = pm->l_next)
+		{
+			printf("%2d %s %5hu->%s:%-5hu '%s' '%s' %u\n",
+			       i, pm->protocol, pm->externalPort, pm->internalClient,
+			       pm->internalPort,
+			       pm->description, pm->remoteHost,
+			       (unsigned)pm->leaseTime);
+			i++;
+		}
+		FreePortListing(&pdata);
+	}
+	else
+	{
+		printf("GetListOfPortMappings() returned %d (%s)\n",
+		       r, strupnperror(r));
+	}
+	r = UPNP_GetListOfPortMappings(urls->controlURL,
+                                   data->first.servicetype,
+	                               "0",
+	                               "65535",
+	                               "UDP",
+	                               "1000",
+	                               &pdata);
+	if(r == UPNPCOMMAND_SUCCESS)
+	{
+		for(pm = pdata.l_head; pm != NULL; pm = pm->l_next)
+		{
+			printf("%2d %s %5hu->%s:%-5hu '%s' '%s' %u\n",
+			       i, pm->protocol, pm->externalPort, pm->internalClient,
+			       pm->internalPort,
+			       pm->description, pm->remoteHost,
+			       (unsigned)pm->leaseTime);
+			i++;
+		}
+		FreePortListing(&pdata);
+	}
+	else
+	{
+		printf("GetListOfPortMappings() returned %d (%s)\n",
+		       r, strupnperror(r));
+	}
+}
+
+/* Test function
+ * 1 - get connection type
+ * 2 - get extenal ip address
+ * 3 - Add port mapping
+ * 4 - get this port mapping from the IGD */
+static void SetRedirectAndTest(struct UPNPUrls * urls,
+			       struct IGDdatas * data,
+			       const char * iaddr,
+			       const char * iport,
+			       const char * eport,
+			       const char * proto,
+			       const char * leaseDuration,
+			       const char * description,
+			       int addAny)
+{
+	char externalIPAddress[40];
+	char intClient[40];
+	char intPort[6];
+	char reservedPort[6];
+	char duration[16];
+	int r;
+
+	if(!iaddr || !iport || !eport || !proto)
+	{
+		fprintf(stderr, "Wrong arguments\n");
+		return;
+	}
+	proto = protofix(proto);
+	if(!proto)
+	{
+		fprintf(stderr, "invalid protocol\n");
+		return;
+	}
+
+	r = UPNP_GetExternalIPAddress(urls->controlURL,
+				      data->first.servicetype,
+				      externalIPAddress);
+	if(r!=UPNPCOMMAND_SUCCESS)
+		printf("GetExternalIPAddress failed.\n");
+	else
+		printf("ExternalIPAddress = %s\n", externalIPAddress);
+
+	if (addAny) {
+		r = UPNP_AddAnyPortMapping(urls->controlURL, data->first.servicetype,
+					   eport, iport, iaddr, description,
+					   proto, 0, leaseDuration, reservedPort);
+		if(r==UPNPCOMMAND_SUCCESS)
+			eport = reservedPort;
+		else
+			printf("AddAnyPortMapping(%s, %s, %s) failed with code %d (%s)\n",
+			       eport, iport, iaddr, r, strupnperror(r));
+	} else {
+		r = UPNP_AddPortMapping(urls->controlURL, data->first.servicetype,
+					eport, iport, iaddr, description,
+					proto, 0, leaseDuration);
+		if(r!=UPNPCOMMAND_SUCCESS)
+			printf("AddPortMapping(%s, %s, %s) failed with code %d (%s)\n",
+			       eport, iport, iaddr, r, strupnperror(r));
+	}
+
+	r = UPNP_GetSpecificPortMappingEntry(urls->controlURL,
+					     data->first.servicetype,
+					     eport, proto, NULL/*remoteHost*/,
+					     intClient, intPort, NULL/*desc*/,
+					     NULL/*enabled*/, duration);
+	if(r!=UPNPCOMMAND_SUCCESS)
+		printf("GetSpecificPortMappingEntry() failed with code %d (%s)\n",
+		       r, strupnperror(r));
+	else {
+		printf("InternalIP:Port = %s:%s\n", intClient, intPort);
+		printf("external %s:%s %s is redirected to internal %s:%s (duration=%s)\n",
+		       externalIPAddress, eport, proto, intClient, intPort, duration);
+	}
+}
+
+static void
+RemoveRedirect(struct UPNPUrls * urls,
+               struct IGDdatas * data,
+               const char * eport,
+               const char * proto,
+               const char * remoteHost)
+{
+	int r;
+	if(!proto || !eport)
+	{
+		fprintf(stderr, "invalid arguments\n");
+		return;
+	}
+	proto = protofix(proto);
+	if(!proto)
+	{
+		fprintf(stderr, "protocol invalid\n");
+		return;
+	}
+	r = UPNP_DeletePortMapping(urls->controlURL, data->first.servicetype, eport, proto, remoteHost);
+	printf("UPNP_DeletePortMapping() returned : %d\n", r);
+}
+
+static void
+RemoveRedirectRange(struct UPNPUrls * urls,
+		    struct IGDdatas * data,
+		    const char * ePortStart, char const * ePortEnd,
+		    const char * proto, const char * manage)
+{
+	int r;
+
+	if (!manage)
+		manage = "0";
+
+	if(!proto || !ePortStart || !ePortEnd)
+	{
+		fprintf(stderr, "invalid arguments\n");
+		return;
+	}
+	proto = protofix(proto);
+	if(!proto)
+	{
+		fprintf(stderr, "protocol invalid\n");
+		return;
+	}
+	r = UPNP_DeletePortMappingRange(urls->controlURL, data->first.servicetype, ePortStart, ePortEnd, proto, manage);
+	printf("UPNP_DeletePortMappingRange() returned : %d\n", r);
+}
+
+/* IGD:2, functions for service WANIPv6FirewallControl:1 */
+static void GetFirewallStatus(struct UPNPUrls * urls, struct IGDdatas * data)
+{
+	unsigned int bytessent, bytesreceived, packetsreceived, packetssent;
+	int firewallEnabled = 0, inboundPinholeAllowed = 0;
+
+	UPNP_GetFirewallStatus(urls->controlURL_6FC, data->IPv6FC.servicetype, &firewallEnabled, &inboundPinholeAllowed);
+	printf("FirewallEnabled: %d & Inbound Pinhole Allowed: %d\n", firewallEnabled, inboundPinholeAllowed);
+	printf("GetFirewallStatus:\n   Firewall Enabled: %s\n   Inbound Pinhole Allowed: %s\n", (firewallEnabled)? "Yes":"No", (inboundPinholeAllowed)? "Yes":"No");
+
+	bytessent = UPNP_GetTotalBytesSent(urls->controlURL_CIF, data->CIF.servicetype);
+	bytesreceived = UPNP_GetTotalBytesReceived(urls->controlURL_CIF, data->CIF.servicetype);
+	packetssent = UPNP_GetTotalPacketsSent(urls->controlURL_CIF, data->CIF.servicetype);
+	packetsreceived = UPNP_GetTotalPacketsReceived(urls->controlURL_CIF, data->CIF.servicetype);
+	printf("Bytes:   Sent: %8u\tRecv: %8u\n", bytessent, bytesreceived);
+	printf("Packets: Sent: %8u\tRecv: %8u\n", packetssent, packetsreceived);
+}
+
+/* Test function
+ * 1 - Add pinhole
+ * 2 - Check if pinhole is working from the IGD side */
+static void SetPinholeAndTest(struct UPNPUrls * urls, struct IGDdatas * data,
+					const char * remoteaddr, const char * eport,
+					const char * intaddr, const char * iport,
+					const char * proto, const char * lease_time)
+{
+	char uniqueID[8];
+	/*int isWorking = 0;*/
+	int r;
+	char proto_tmp[8];
+
+	if(!intaddr || !remoteaddr || !iport || !eport || !proto || !lease_time)
+	{
+		fprintf(stderr, "Wrong arguments\n");
+		return;
+	}
+	if(atoi(proto) == 0)
+	{
+		const char * protocol;
+		protocol = protofix(proto);
+		if(protocol && (strcmp("TCP", protocol) == 0))
+		{
+			snprintf(proto_tmp, sizeof(proto_tmp), "%d", IPPROTO_TCP);
+			proto = proto_tmp;
+		}
+		else if(protocol && (strcmp("UDP", protocol) == 0))
+		{
+			snprintf(proto_tmp, sizeof(proto_tmp), "%d", IPPROTO_UDP);
+			proto = proto_tmp;
+		}
+		else
+		{
+			fprintf(stderr, "invalid protocol\n");
+			return;
+		}
+	}
+	r = UPNP_AddPinhole(urls->controlURL_6FC, data->IPv6FC.servicetype, remoteaddr, eport, intaddr, iport, proto, lease_time, uniqueID);
+	if(r!=UPNPCOMMAND_SUCCESS)
+		printf("AddPinhole([%s]:%s -> [%s]:%s) failed with code %d (%s)\n",
+		       remoteaddr, eport, intaddr, iport, r, strupnperror(r));
+	else
+	{
+		printf("AddPinhole: ([%s]:%s -> [%s]:%s) / Pinhole ID = %s\n",
+		       remoteaddr, eport, intaddr, iport, uniqueID);
+		/*r = UPNP_CheckPinholeWorking(urls->controlURL_6FC, data->servicetype_6FC, uniqueID, &isWorking);
+		if(r!=UPNPCOMMAND_SUCCESS)
+			printf("CheckPinholeWorking() failed with code %d (%s)\n", r, strupnperror(r));
+		printf("CheckPinholeWorking: Pinhole ID = %s / IsWorking = %s\n", uniqueID, (isWorking)? "Yes":"No");*/
+	}
+}
+
+/* Test function
+ * 1 - Check if pinhole is working from the IGD side
+ * 2 - Update pinhole */
+static void GetPinholeAndUpdate(struct UPNPUrls * urls, struct IGDdatas * data,
+					const char * uniqueID, const char * lease_time)
+{
+	int isWorking = 0;
+	int r;
+
+	if(!uniqueID || !lease_time)
+	{
+		fprintf(stderr, "Wrong arguments\n");
+		return;
+	}
+	r = UPNP_CheckPinholeWorking(urls->controlURL_6FC, data->IPv6FC.servicetype, uniqueID, &isWorking);
+	printf("CheckPinholeWorking: Pinhole ID = %s / IsWorking = %s\n", uniqueID, (isWorking)? "Yes":"No");
+	if(r!=UPNPCOMMAND_SUCCESS)
+		printf("CheckPinholeWorking() failed with code %d (%s)\n", r, strupnperror(r));
+	if(isWorking || r==709)
+	{
+		r = UPNP_UpdatePinhole(urls->controlURL_6FC, data->IPv6FC.servicetype, uniqueID, lease_time);
+		printf("UpdatePinhole: Pinhole ID = %s with Lease Time: %s\n", uniqueID, lease_time);
+		if(r!=UPNPCOMMAND_SUCCESS)
+			printf("UpdatePinhole: ID (%s) failed with code %d (%s)\n", uniqueID, r, strupnperror(r));
+	}
+}
+
+/* Test function
+ * Get pinhole timeout
+ */
+static void GetPinholeOutboundTimeout(struct UPNPUrls * urls, struct IGDdatas * data,
+					const char * remoteaddr, const char * eport,
+					const char * intaddr, const char * iport,
+					const char * proto)
+{
+	int timeout = 0;
+	int r;
+
+	if(!intaddr || !remoteaddr || !iport || !eport || !proto)
+	{
+		fprintf(stderr, "Wrong arguments\n");
+		return;
+	}
+
+	r = UPNP_GetOutboundPinholeTimeout(urls->controlURL_6FC, data->IPv6FC.servicetype, remoteaddr, eport, intaddr, iport, proto, &timeout);
+	if(r!=UPNPCOMMAND_SUCCESS)
+		printf("GetOutboundPinholeTimeout([%s]:%s -> [%s]:%s) failed with code %d (%s)\n",
+		       intaddr, iport, remoteaddr, eport, r, strupnperror(r));
+	else
+		printf("GetOutboundPinholeTimeout: ([%s]:%s -> [%s]:%s) / Timeout = %d\n", intaddr, iport, remoteaddr, eport, timeout);
+}
+
+static void
+GetPinholePackets(struct UPNPUrls * urls,
+               struct IGDdatas * data, const char * uniqueID)
+{
+	int r, pinholePackets = 0;
+	if(!uniqueID)
+	{
+		fprintf(stderr, "invalid arguments\n");
+		return;
+	}
+	r = UPNP_GetPinholePackets(urls->controlURL_6FC, data->IPv6FC.servicetype, uniqueID, &pinholePackets);
+	if(r!=UPNPCOMMAND_SUCCESS)
+		printf("GetPinholePackets() failed with code %d (%s)\n", r, strupnperror(r));
+	else
+		printf("GetPinholePackets: Pinhole ID = %s / PinholePackets = %d\n", uniqueID, pinholePackets);
+}
+
+static void
+CheckPinhole(struct UPNPUrls * urls,
+               struct IGDdatas * data, const char * uniqueID)
+{
+	int r, isWorking = 0;
+	if(!uniqueID)
+	{
+		fprintf(stderr, "invalid arguments\n");
+		return;
+	}
+	r = UPNP_CheckPinholeWorking(urls->controlURL_6FC, data->IPv6FC.servicetype, uniqueID, &isWorking);
+	if(r!=UPNPCOMMAND_SUCCESS)
+		printf("CheckPinholeWorking() failed with code %d (%s)\n", r, strupnperror(r));
+	else
+		printf("CheckPinholeWorking: Pinhole ID = %s / IsWorking = %s\n", uniqueID, (isWorking)? "Yes":"No");
+}
+
+static void
+RemovePinhole(struct UPNPUrls * urls,
+               struct IGDdatas * data, const char * uniqueID)
+{
+	int r;
+	if(!uniqueID)
+	{
+		fprintf(stderr, "invalid arguments\n");
+		return;
+	}
+	r = UPNP_DeletePinhole(urls->controlURL_6FC, data->IPv6FC.servicetype, uniqueID);
+	printf("UPNP_DeletePinhole() returned : %d\n", r);
+}
+
+
+/* sample upnp client program */
+int main(int argc, char ** argv)
+{
+	char command = 0;
+	char ** commandargv = 0;
+	int commandargc = 0;
+	struct UPNPDev * devlist = 0;
+	char lanaddr[64] = "unset";	/* my ip address on the LAN */
+	int i;
+	const char * rootdescurl = 0;
+	const char * multicastif = 0;
+	const char * minissdpdpath = 0;
+	int localport = UPNP_LOCAL_PORT_ANY;
+	int retcode = 0;
+	int error = 0;
+	int ipv6 = 0;
+	unsigned char ttl = 2;	/* defaulting to 2 */
+	const char * description = 0;
+
+#ifdef _WIN32
+	WSADATA wsaData;
+	int nResult = WSAStartup(MAKEWORD(2,2), &wsaData);
+	if(nResult != NO_ERROR)
+	{
+		fprintf(stderr, "WSAStartup() failed.\n");
+		return -1;
+	}
+#endif
+    printf("upnpc : miniupnpc library test client, version %s.\n", MINIUPNPC_VERSION_STRING);
+	printf(" (c) 2005-2016 Thomas Bernard.\n");
+    printf("Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/\n"
+	       "for more information.\n");
+	/* command line processing */
+	for(i=1; i<argc; i++)
+	{
+		if(0 == strcmp(argv[i], "--help") || 0 == strcmp(argv[i], "-h"))
+		{
+			command = 0;
+			break;
+		}
+		if(argv[i][0] == '-')
+		{
+			if(argv[i][1] == 'u')
+				rootdescurl = argv[++i];
+			else if(argv[i][1] == 'm')
+				multicastif = argv[++i];
+			else if(argv[i][1] == 'z')
+			{
+				char junk;
+				if(sscanf(argv[++i], "%d%c", &localport, &junk)!=1 ||
+					localport<0 || localport>65535 ||
+				   (localport >1 && localport < 1024))
+				{
+					fprintf(stderr, "Invalid localport '%s'\n", argv[i]);
+					localport = UPNP_LOCAL_PORT_ANY;
+					break;
+				}
+			}
+			else if(argv[i][1] == 'p')
+				minissdpdpath = argv[++i];
+			else if(argv[i][1] == '6')
+				ipv6 = 1;
+			else if(argv[i][1] == 'e')
+				description = argv[++i];
+			else if(argv[i][1] == 't')
+				ttl = (unsigned char)atoi(argv[++i]);
+			else
+			{
+				command = argv[i][1];
+				i++;
+				commandargv = argv + i;
+				commandargc = argc - i;
+				break;
+			}
+		}
+		else
+		{
+			fprintf(stderr, "option '%s' invalid\n", argv[i]);
+		}
+	}
+
+	if(!command
+	   || (command == 'a' && commandargc<4)
+	   || (command == 'd' && argc<2)
+	   || (command == 'r' && argc<2)
+	   || (command == 'A' && commandargc<6)
+	   || (command == 'U' && commandargc<2)
+	   || (command == 'D' && commandargc<1))
+	{
+		fprintf(stderr, "Usage :\t%s [options] -a ip port external_port protocol [duration]\n\t\tAdd port redirection\n", argv[0]);
+		fprintf(stderr, "       \t%s [options] -d external_port protocol <remote host>\n\t\tDelete port redirection\n", argv[0]);
+		fprintf(stderr, "       \t%s [options] -s\n\t\tGet Connection status\n", argv[0]);
+		fprintf(stderr, "       \t%s [options] -l\n\t\tList redirections\n", argv[0]);
+		fprintf(stderr, "       \t%s [options] -L\n\t\tList redirections (using GetListOfPortMappings (for IGD:2 only)\n", argv[0]);
+		fprintf(stderr, "       \t%s [options] -n ip port external_port protocol [duration]\n\t\tAdd (any) port redirection allowing IGD to use alternative external_port (for IGD:2 only)\n", argv[0]);
+		fprintf(stderr, "       \t%s [options] -N external_port_start external_port_end protocol [manage]\n\t\tDelete range of port redirections (for IGD:2 only)\n", argv[0]);
+		fprintf(stderr, "       \t%s [options] -r port1 [external_port1] protocol1 [port2 [external_port2] protocol2] [...]\n\t\tAdd all redirections to the current host\n", argv[0]);
+		fprintf(stderr, "       \t%s [options] -A remote_ip remote_port internal_ip internal_port protocol lease_time\n\t\tAdd Pinhole (for IGD:2 only)\n", argv[0]);
+		fprintf(stderr, "       \t%s [options] -U uniqueID new_lease_time\n\t\tUpdate Pinhole (for IGD:2 only)\n", argv[0]);
+		fprintf(stderr, "       \t%s [options] -C uniqueID\n\t\tCheck if Pinhole is Working (for IGD:2 only)\n", argv[0]);
+		fprintf(stderr, "       \t%s [options] -K uniqueID\n\t\tGet Number of packets going through the rule (for IGD:2 only)\n", argv[0]);
+		fprintf(stderr, "       \t%s [options] -D uniqueID\n\t\tDelete Pinhole (for IGD:2 only)\n", argv[0]);
+		fprintf(stderr, "       \t%s [options] -S\n\t\tGet Firewall status (for IGD:2 only)\n", argv[0]);
+		fprintf(stderr, "       \t%s [options] -G remote_ip remote_port internal_ip internal_port protocol\n\t\tGet Outbound Pinhole Timeout (for IGD:2 only)\n", argv[0]);
+		fprintf(stderr, "       \t%s [options] -P\n\t\tGet Presentation url\n", argv[0]);
+		fprintf(stderr, "\nprotocol is UDP or TCP\n");
+		fprintf(stderr, "Options:\n");
+		fprintf(stderr, "  -e description : set description for port mapping.\n");
+		fprintf(stderr, "  -6 : use ip v6 instead of ip v4.\n");
+		fprintf(stderr, "  -u url : bypass discovery process by providing the XML root description url.\n");
+		fprintf(stderr, "  -m address/interface : provide ip address (ip v4) or interface name (ip v4 or v6) to use for sending SSDP multicast packets.\n");
+		fprintf(stderr, "  -z localport : SSDP packets local (source) port (1024-65535).\n");
+		fprintf(stderr, "  -p path : use this path for MiniSSDPd socket.\n");
+		fprintf(stderr, "  -t ttl : set multicast TTL. Default value is 2.\n");
+		return 1;
+	}
+
+	if( rootdescurl
+	  || (devlist = upnpDiscover(2000, multicastif, minissdpdpath,
+	                             localport, ipv6, ttl, &error)))
+	{
+		struct UPNPDev * device;
+		struct UPNPUrls urls;
+		struct IGDdatas data;
+		if(devlist)
+		{
+			printf("List of UPNP devices found on the network :\n");
+			for(device = devlist; device; device = device->pNext)
+			{
+				printf(" desc: %s\n st: %s\n\n",
+					   device->descURL, device->st);
+			}
+		}
+		else if(!rootdescurl)
+		{
+			printf("upnpDiscover() error code=%d\n", error);
+		}
+		i = 1;
+		if( (rootdescurl && UPNP_GetIGDFromUrl(rootdescurl, &urls, &data, lanaddr, sizeof(lanaddr)))
+		  || (i = UPNP_GetValidIGD(devlist, &urls, &data, lanaddr, sizeof(lanaddr))))
+		{
+			switch(i) {
+			case 1:
+				printf("Found valid IGD : %s\n", urls.controlURL);
+				break;
+			case 2:
+				printf("Found a (not connected?) IGD : %s\n", urls.controlURL);
+				printf("Trying to continue anyway\n");
+				break;
+			case 3:
+				printf("UPnP device found. Is it an IGD ? : %s\n", urls.controlURL);
+				printf("Trying to continue anyway\n");
+				break;
+			default:
+				printf("Found device (igd ?) : %s\n", urls.controlURL);
+				printf("Trying to continue anyway\n");
+			}
+			printf("Local LAN ip address : %s\n", lanaddr);
+			#if 0
+			printf("getting \"%s\"\n", urls.ipcondescURL);
+			descXML = miniwget(urls.ipcondescURL, &descXMLsize);
+			if(descXML)
+			{
+				/*fwrite(descXML, 1, descXMLsize, stdout);*/
+				free(descXML); descXML = NULL;
+			}
+			#endif
+
+			switch(command)
+			{
+			case 'l':
+				DisplayInfos(&urls, &data);
+				ListRedirections(&urls, &data);
+				break;
+			case 'L':
+				NewListRedirections(&urls, &data);
+				break;
+			case 'a':
+				SetRedirectAndTest(&urls, &data,
+						   commandargv[0], commandargv[1],
+						   commandargv[2], commandargv[3],
+						   (commandargc > 4)?commandargv[4]:"0",
+						   description, 0);
+				break;
+			case 'd':
+				RemoveRedirect(&urls, &data, commandargv[0], commandargv[1],
+				               commandargc > 2 ? commandargv[2] : NULL);
+				break;
+			case 'n':	/* aNy */
+				SetRedirectAndTest(&urls, &data,
+						   commandargv[0], commandargv[1],
+						   commandargv[2], commandargv[3],
+						   (commandargc > 4)?commandargv[4]:"0",
+						   description, 1);
+				break;
+			case 'N':
+				if (commandargc < 3)
+					fprintf(stderr, "too few arguments\n");
+
+				RemoveRedirectRange(&urls, &data, commandargv[0], commandargv[1], commandargv[2],
+						    commandargc > 3 ? commandargv[3] : NULL);
+				break;
+			case 's':
+				GetConnectionStatus(&urls, &data);
+				break;
+			case 'r':
+				i = 0;
+				while(i<commandargc)
+				{
+					if(!is_int(commandargv[i])) {
+						/* 1st parameter not an integer : error */
+						fprintf(stderr, "command -r : %s is not an port number\n", commandargv[i]);
+						retcode = 1;
+						break;
+					} else if(is_int(commandargv[i+1])){
+						/* 2nd parameter is an integer : <port> <external_port> <protocol> */
+						SetRedirectAndTest(&urls, &data,
+								   lanaddr, commandargv[i],
+								   commandargv[i+1], commandargv[i+2], "0",
+								   description, 0);
+						i+=3;	/* 3 parameters parsed */
+					} else {
+						/* 2nd parameter not an integer : <port> <protocol> */
+						SetRedirectAndTest(&urls, &data,
+								   lanaddr, commandargv[i],
+								   commandargv[i], commandargv[i+1], "0",
+								   description, 0);
+						i+=2;	/* 2 parameters parsed */
+					}
+				}
+				break;
+			case 'A':
+				SetPinholeAndTest(&urls, &data,
+				                  commandargv[0], commandargv[1],
+				                  commandargv[2], commandargv[3],
+				                  commandargv[4], commandargv[5]);
+				break;
+			case 'U':
+				GetPinholeAndUpdate(&urls, &data,
+				                   commandargv[0], commandargv[1]);
+				break;
+			case 'C':
+				for(i=0; i<commandargc; i++)
+				{
+					CheckPinhole(&urls, &data, commandargv[i]);
+				}
+				break;
+			case 'K':
+				for(i=0; i<commandargc; i++)
+				{
+					GetPinholePackets(&urls, &data, commandargv[i]);
+				}
+				break;
+			case 'D':
+				for(i=0; i<commandargc; i++)
+				{
+					RemovePinhole(&urls, &data, commandargv[i]);
+				}
+				break;
+			case 'S':
+				GetFirewallStatus(&urls, &data);
+				break;
+			case 'G':
+				GetPinholeOutboundTimeout(&urls, &data,
+							commandargv[0], commandargv[1],
+							commandargv[2], commandargv[3],
+							commandargv[4]);
+				break;
+			case 'P':
+				printf("Presentation URL found:\n");
+				printf("            %s\n", data.presentationurl);
+				break;
+			default:
+				fprintf(stderr, "Unknown switch -%c\n", command);
+				retcode = 1;
+			}
+
+			FreeUPNPUrls(&urls);
+		}
+		else
+		{
+			fprintf(stderr, "No valid UPNP Internet Gateway Device found.\n");
+			retcode = 1;
+		}
+		freeUPNPDevlist(devlist); devlist = 0;
+	}
+	else
+	{
+		fprintf(stderr, "No IGD UPnP Device found on the network !\n");
+		retcode = 1;
+	}
+#ifdef _WIN32
+	nResult = WSACleanup();
+	if(nResult != NO_ERROR) {
+		fprintf(stderr, "WSACleanup() failed.\n");
+	}
+#endif /* _WIN32 */
+	return retcode;
+}
+
diff --git a/ext/miniupnpc/upnpcommands.c b/ext/miniupnpc/upnpcommands.c
new file mode 100644
index 0000000..2b65651
--- /dev/null
+++ b/ext/miniupnpc/upnpcommands.c
@@ -0,0 +1,1239 @@
+#define _CRT_SECURE_NO_WARNINGS
+
+/* $Id: upnpcommands.c,v 1.47 2016/03/07 12:26:48 nanard Exp $ */
+/* Project : miniupnp
+ * Author : Thomas Bernard
+ * Copyright (c) 2005-2015 Thomas Bernard
+ * This software is subject to the conditions detailed in the
+ * LICENCE file provided in this distribution.
+ * */
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include "upnpcommands.h"
+#include "miniupnpc.h"
+#include "portlistingparse.h"
+
+static UNSIGNED_INTEGER
+my_atoui(const char * s)
+{
+	return s ? ((UNSIGNED_INTEGER)STRTOUI(s, NULL, 0)) : 0;
+}
+
+/*
+ * */
+MINIUPNP_LIBSPEC UNSIGNED_INTEGER
+UPNP_GetTotalBytesSent(const char * controlURL,
+					const char * servicetype)
+{
+	struct NameValueParserData pdata;
+	char * buffer;
+	int bufsize;
+	unsigned int r = 0;
+	char * p;
+	if(!(buffer = simpleUPnPcommand(-1, controlURL, servicetype,
+	                                "GetTotalBytesSent", 0, &bufsize))) {
+		return UPNPCOMMAND_HTTP_ERROR;
+	}
+	ParseNameValue(buffer, bufsize, &pdata);
+	/*DisplayNameValueList(buffer, bufsize);*/
+	free(buffer); buffer = NULL;
+	p = GetValueFromNameValueList(&pdata, "NewTotalBytesSent");
+	r = my_atoui(p);
+	ClearNameValueList(&pdata);
+	return r;
+}
+
+/*
+ * */
+MINIUPNP_LIBSPEC UNSIGNED_INTEGER
+UPNP_GetTotalBytesReceived(const char * controlURL,
+						const char * servicetype)
+{
+	struct NameValueParserData pdata;
+	char * buffer;
+	int bufsize;
+	unsigned int r = 0;
+	char * p;
+	if(!(buffer = simpleUPnPcommand(-1, controlURL, servicetype,
+	                                "GetTotalBytesReceived", 0, &bufsize))) {
+		return UPNPCOMMAND_HTTP_ERROR;
+	}
+	ParseNameValue(buffer, bufsize, &pdata);
+	/*DisplayNameValueList(buffer, bufsize);*/
+	free(buffer); buffer = NULL;
+	p = GetValueFromNameValueList(&pdata, "NewTotalBytesReceived");
+	r = my_atoui(p);
+	ClearNameValueList(&pdata);
+	return r;
+}
+
+/*
+ * */
+MINIUPNP_LIBSPEC UNSIGNED_INTEGER
+UPNP_GetTotalPacketsSent(const char * controlURL,
+						const char * servicetype)
+{
+	struct NameValueParserData pdata;
+	char * buffer;
+	int bufsize;
+	unsigned int r = 0;
+	char * p;
+	if(!(buffer = simpleUPnPcommand(-1, controlURL, servicetype,
+	                                "GetTotalPacketsSent", 0, &bufsize))) {
+		return UPNPCOMMAND_HTTP_ERROR;
+	}
+	ParseNameValue(buffer, bufsize, &pdata);
+	/*DisplayNameValueList(buffer, bufsize);*/
+	free(buffer); buffer = NULL;
+	p = GetValueFromNameValueList(&pdata, "NewTotalPacketsSent");
+	r = my_atoui(p);
+	ClearNameValueList(&pdata);
+	return r;
+}
+
+/*
+ * */
+MINIUPNP_LIBSPEC UNSIGNED_INTEGER
+UPNP_GetTotalPacketsReceived(const char * controlURL,
+						const char * servicetype)
+{
+	struct NameValueParserData pdata;
+	char * buffer;
+	int bufsize;
+	unsigned int r = 0;
+	char * p;
+	if(!(buffer = simpleUPnPcommand(-1, controlURL, servicetype,
+	                                "GetTotalPacketsReceived", 0, &bufsize))) {
+		return UPNPCOMMAND_HTTP_ERROR;
+	}
+	ParseNameValue(buffer, bufsize, &pdata);
+	/*DisplayNameValueList(buffer, bufsize);*/
+	free(buffer); buffer = NULL;
+	p = GetValueFromNameValueList(&pdata, "NewTotalPacketsReceived");
+	r = my_atoui(p);
+	ClearNameValueList(&pdata);
+	return r;
+}
+
+/* UPNP_GetStatusInfo() call the corresponding UPNP method
+ * returns the current status and uptime */
+MINIUPNP_LIBSPEC int
+UPNP_GetStatusInfo(const char * controlURL,
+				const char * servicetype,
+				char * status,
+				unsigned int * uptime,
+				char * lastconnerror)
+{
+	struct NameValueParserData pdata;
+	char * buffer;
+	int bufsize;
+	char * p;
+	char * up;
+	char * err;
+	int ret = UPNPCOMMAND_UNKNOWN_ERROR;
+
+	if(!status && !uptime)
+		return UPNPCOMMAND_INVALID_ARGS;
+
+	if(!(buffer = simpleUPnPcommand(-1, controlURL, servicetype,
+	                                "GetStatusInfo", 0, &bufsize))) {
+		return UPNPCOMMAND_HTTP_ERROR;
+	}
+	ParseNameValue(buffer, bufsize, &pdata);
+	/*DisplayNameValueList(buffer, bufsize);*/
+	free(buffer); buffer = NULL;
+	up = GetValueFromNameValueList(&pdata, "NewUptime");
+	p = GetValueFromNameValueList(&pdata, "NewConnectionStatus");
+	err = GetValueFromNameValueList(&pdata, "NewLastConnectionError");
+	if(p && up)
+	  ret = UPNPCOMMAND_SUCCESS;
+
+	if(status) {
+		if(p){
+			strncpy(status, p, 64 );
+			status[63] = '\0';
+		}else
+			status[0]= '\0';
+	}
+
+	if(uptime) {
+		if(up)
+			sscanf(up,"%u",uptime);
+		else
+			*uptime = 0;
+	}
+
+	if(lastconnerror) {
+		if(err) {
+			strncpy(lastconnerror, err, 64 );
+			lastconnerror[63] = '\0';
+		} else
+			lastconnerror[0] = '\0';
+	}
+
+	p = GetValueFromNameValueList(&pdata, "errorCode");
+	if(p) {
+		ret = UPNPCOMMAND_UNKNOWN_ERROR;
+		sscanf(p, "%d", &ret);
+	}
+	ClearNameValueList(&pdata);
+	return ret;
+}
+
+/* UPNP_GetConnectionTypeInfo() call the corresponding UPNP method
+ * returns the connection type */
+MINIUPNP_LIBSPEC int
+UPNP_GetConnectionTypeInfo(const char * controlURL,
+                           const char * servicetype,
+                           char * connectionType)
+{
+	struct NameValueParserData pdata;
+	char * buffer;
+	int bufsize;
+	char * p;
+	int ret = UPNPCOMMAND_UNKNOWN_ERROR;
+
+	if(!connectionType)
+		return UPNPCOMMAND_INVALID_ARGS;
+
+	if(!(buffer = simpleUPnPcommand(-1, controlURL, servicetype,
+	                                "GetConnectionTypeInfo", 0, &bufsize))) {
+		return UPNPCOMMAND_HTTP_ERROR;
+	}
+	ParseNameValue(buffer, bufsize, &pdata);
+	free(buffer); buffer = NULL;
+	p = GetValueFromNameValueList(&pdata, "NewConnectionType");
+	/*p = GetValueFromNameValueList(&pdata, "NewPossibleConnectionTypes");*/
+	/* PossibleConnectionTypes will have several values.... */
+	if(p) {
+		strncpy(connectionType, p, 64 );
+		connectionType[63] = '\0';
+		ret = UPNPCOMMAND_SUCCESS;
+	} else
+		connectionType[0] = '\0';
+	p = GetValueFromNameValueList(&pdata, "errorCode");
+	if(p) {
+		ret = UPNPCOMMAND_UNKNOWN_ERROR;
+		sscanf(p, "%d", &ret);
+	}
+	ClearNameValueList(&pdata);
+	return ret;
+}
+
+/* UPNP_GetLinkLayerMaxBitRate() call the corresponding UPNP method.
+ * Returns 2 values: Downloadlink bandwidth and Uplink bandwidth.
+ * One of the values can be null
+ * Note : GetLinkLayerMaxBitRates belongs to WANPPPConnection:1 only
+ * We can use the GetCommonLinkProperties from WANCommonInterfaceConfig:1 */
+MINIUPNP_LIBSPEC int
+UPNP_GetLinkLayerMaxBitRates(const char * controlURL,
+                             const char * servicetype,
+                             unsigned int * bitrateDown,
+                             unsigned int * bitrateUp)
+{
+	struct NameValueParserData pdata;
+	char * buffer;
+	int bufsize;
+	int ret = UPNPCOMMAND_UNKNOWN_ERROR;
+	char * down;
+	char * up;
+	char * p;
+
+	if(!bitrateDown && !bitrateUp)
+		return UPNPCOMMAND_INVALID_ARGS;
+
+	/* shouldn't we use GetCommonLinkProperties ? */
+	if(!(buffer = simpleUPnPcommand(-1, controlURL, servicetype,
+	                                "GetCommonLinkProperties", 0, &bufsize))) {
+	                              /*"GetLinkLayerMaxBitRates", 0, &bufsize);*/
+		return UPNPCOMMAND_HTTP_ERROR;
+	}
+	/*DisplayNameValueList(buffer, bufsize);*/
+	ParseNameValue(buffer, bufsize, &pdata);
+	free(buffer); buffer = NULL;
+	/*down = GetValueFromNameValueList(&pdata, "NewDownstreamMaxBitRate");*/
+	/*up = GetValueFromNameValueList(&pdata, "NewUpstreamMaxBitRate");*/
+	down = GetValueFromNameValueList(&pdata, "NewLayer1DownstreamMaxBitRate");
+	up = GetValueFromNameValueList(&pdata, "NewLayer1UpstreamMaxBitRate");
+	/*GetValueFromNameValueList(&pdata, "NewWANAccessType");*/
+	/*GetValueFromNameValueList(&pdata, "NewPhysicalLinkStatus");*/
+	if(down && up)
+		ret = UPNPCOMMAND_SUCCESS;
+
+	if(bitrateDown) {
+		if(down)
+			sscanf(down,"%u",bitrateDown);
+		else
+			*bitrateDown = 0;
+	}
+
+	if(bitrateUp) {
+		if(up)
+			sscanf(up,"%u",bitrateUp);
+		else
+			*bitrateUp = 0;
+	}
+	p = GetValueFromNameValueList(&pdata, "errorCode");
+	if(p) {
+		ret = UPNPCOMMAND_UNKNOWN_ERROR;
+		sscanf(p, "%d", &ret);
+	}
+	ClearNameValueList(&pdata);
+	return ret;
+}
+
+
+/* UPNP_GetExternalIPAddress() call the corresponding UPNP method.
+ * if the third arg is not null the value is copied to it.
+ * at least 16 bytes must be available
+ *
+ * Return values :
+ * 0 : SUCCESS
+ * NON ZERO : ERROR Either an UPnP error code or an unknown error.
+ *
+ * 402 Invalid Args - See UPnP Device Architecture section on Control.
+ * 501 Action Failed - See UPnP Device Architecture section on Control.
+ */
+MINIUPNP_LIBSPEC int
+UPNP_GetExternalIPAddress(const char * controlURL,
+                          const char * servicetype,
+                          char * extIpAdd)
+{
+	struct NameValueParserData pdata;
+	char * buffer;
+	int bufsize;
+	char * p;
+	int ret = UPNPCOMMAND_UNKNOWN_ERROR;
+
+	if(!extIpAdd || !controlURL || !servicetype)
+		return UPNPCOMMAND_INVALID_ARGS;
+
+	if(!(buffer = simpleUPnPcommand(-1, controlURL, servicetype,
+	                                "GetExternalIPAddress", 0, &bufsize))) {
+		return UPNPCOMMAND_HTTP_ERROR;
+	}
+	/*DisplayNameValueList(buffer, bufsize);*/
+	ParseNameValue(buffer, bufsize, &pdata);
+	free(buffer); buffer = NULL;
+	/*printf("external ip = %s\n", GetValueFromNameValueList(&pdata, "NewExternalIPAddress") );*/
+	p = GetValueFromNameValueList(&pdata, "NewExternalIPAddress");
+	if(p) {
+		strncpy(extIpAdd, p, 16 );
+		extIpAdd[15] = '\0';
+		ret = UPNPCOMMAND_SUCCESS;
+	} else
+		extIpAdd[0] = '\0';
+
+	p = GetValueFromNameValueList(&pdata, "errorCode");
+	if(p) {
+		ret = UPNPCOMMAND_UNKNOWN_ERROR;
+		sscanf(p, "%d", &ret);
+	}
+
+	ClearNameValueList(&pdata);
+	return ret;
+}
+
+MINIUPNP_LIBSPEC int
+UPNP_AddPortMapping(const char * controlURL, const char * servicetype,
+		    const char * extPort,
+		    const char * inPort,
+		    const char * inClient,
+		    const char * desc,
+		    const char * proto,
+		    const char * remoteHost,
+		    const char * leaseDuration)
+{
+	struct UPNParg * AddPortMappingArgs;
+	char * buffer;
+	int bufsize;
+	struct NameValueParserData pdata;
+	const char * resVal;
+	int ret;
+
+	if(!inPort || !inClient || !proto || !extPort)
+		return UPNPCOMMAND_INVALID_ARGS;
+
+	AddPortMappingArgs = calloc(9, sizeof(struct UPNParg));
+	if(AddPortMappingArgs == NULL)
+		return UPNPCOMMAND_MEM_ALLOC_ERROR;
+	AddPortMappingArgs[0].elt = "NewRemoteHost";
+	AddPortMappingArgs[0].val = remoteHost;
+	AddPortMappingArgs[1].elt = "NewExternalPort";
+	AddPortMappingArgs[1].val = extPort;
+	AddPortMappingArgs[2].elt = "NewProtocol";
+	AddPortMappingArgs[2].val = proto;
+	AddPortMappingArgs[3].elt = "NewInternalPort";
+	AddPortMappingArgs[3].val = inPort;
+	AddPortMappingArgs[4].elt = "NewInternalClient";
+	AddPortMappingArgs[4].val = inClient;
+	AddPortMappingArgs[5].elt = "NewEnabled";
+	AddPortMappingArgs[5].val = "1";
+	AddPortMappingArgs[6].elt = "NewPortMappingDescription";
+	AddPortMappingArgs[6].val = desc?desc:"libminiupnpc";
+	AddPortMappingArgs[7].elt = "NewLeaseDuration";
+	AddPortMappingArgs[7].val = leaseDuration?leaseDuration:"0";
+	if(!(buffer = simpleUPnPcommand(-1, controlURL, servicetype,
+	                                "AddPortMapping", AddPortMappingArgs,
+	                                &bufsize))) {
+		free(AddPortMappingArgs);
+		return UPNPCOMMAND_HTTP_ERROR;
+	}
+	/*DisplayNameValueList(buffer, bufsize);*/
+	/*buffer[bufsize] = '\0';*/
+	/*puts(buffer);*/
+	ParseNameValue(buffer, bufsize, &pdata);
+	free(buffer); buffer = NULL;
+	resVal = GetValueFromNameValueList(&pdata, "errorCode");
+	if(resVal) {
+		/*printf("AddPortMapping errorCode = '%s'\n", resVal); */
+		ret = UPNPCOMMAND_UNKNOWN_ERROR;
+		sscanf(resVal, "%d", &ret);
+	} else {
+		ret = UPNPCOMMAND_SUCCESS;
+	}
+	ClearNameValueList(&pdata);
+	free(AddPortMappingArgs);
+	return ret;
+}
+
+MINIUPNP_LIBSPEC int
+UPNP_AddAnyPortMapping(const char * controlURL, const char * servicetype,
+		       const char * extPort,
+		       const char * inPort,
+		       const char * inClient,
+		       const char * desc,
+		       const char * proto,
+		       const char * remoteHost,
+		       const char * leaseDuration,
+		       char * reservedPort)
+{
+	struct UPNParg * AddPortMappingArgs;
+	char * buffer;
+	int bufsize;
+	struct NameValueParserData pdata;
+	const char * resVal;
+	int ret;
+
+	if(!inPort || !inClient || !proto || !extPort)
+		return UPNPCOMMAND_INVALID_ARGS;
+
+	AddPortMappingArgs = calloc(9, sizeof(struct UPNParg));
+	if(AddPortMappingArgs == NULL)
+		return UPNPCOMMAND_MEM_ALLOC_ERROR;
+	AddPortMappingArgs[0].elt = "NewRemoteHost";
+	AddPortMappingArgs[0].val = remoteHost;
+	AddPortMappingArgs[1].elt = "NewExternalPort";
+	AddPortMappingArgs[1].val = extPort;
+	AddPortMappingArgs[2].elt = "NewProtocol";
+	AddPortMappingArgs[2].val = proto;
+	AddPortMappingArgs[3].elt = "NewInternalPort";
+	AddPortMappingArgs[3].val = inPort;
+	AddPortMappingArgs[4].elt = "NewInternalClient";
+	AddPortMappingArgs[4].val = inClient;
+	AddPortMappingArgs[5].elt = "NewEnabled";
+	AddPortMappingArgs[5].val = "1";
+	AddPortMappingArgs[6].elt = "NewPortMappingDescription";
+	AddPortMappingArgs[6].val = desc?desc:"libminiupnpc";
+	AddPortMappingArgs[7].elt = "NewLeaseDuration";
+	AddPortMappingArgs[7].val = leaseDuration?leaseDuration:"0";
+	if(!(buffer = simpleUPnPcommand(-1, controlURL, servicetype,
+	                                "AddAnyPortMapping", AddPortMappingArgs,
+	                                &bufsize))) {
+		free(AddPortMappingArgs);
+		return UPNPCOMMAND_HTTP_ERROR;
+	}
+	ParseNameValue(buffer, bufsize, &pdata);
+	free(buffer); buffer = NULL;
+	resVal = GetValueFromNameValueList(&pdata, "errorCode");
+	if(resVal) {
+		ret = UPNPCOMMAND_UNKNOWN_ERROR;
+		sscanf(resVal, "%d", &ret);
+	} else {
+		char *p;
+
+		p = GetValueFromNameValueList(&pdata, "NewReservedPort");
+		if(p) {
+			strncpy(reservedPort, p, 6);
+			reservedPort[5] = '\0';
+			ret = UPNPCOMMAND_SUCCESS;
+		} else {
+			ret = UPNPCOMMAND_INVALID_RESPONSE;
+		}
+	}
+	ClearNameValueList(&pdata);
+	free(AddPortMappingArgs);
+	return ret;
+}
+
+MINIUPNP_LIBSPEC int
+UPNP_DeletePortMapping(const char * controlURL, const char * servicetype,
+                       const char * extPort, const char * proto,
+                       const char * remoteHost)
+{
+	/*struct NameValueParserData pdata;*/
+	struct UPNParg * DeletePortMappingArgs;
+	char * buffer;
+	int bufsize;
+	struct NameValueParserData pdata;
+	const char * resVal;
+	int ret;
+
+	if(!extPort || !proto)
+		return UPNPCOMMAND_INVALID_ARGS;
+
+	DeletePortMappingArgs = calloc(4, sizeof(struct UPNParg));
+	if(DeletePortMappingArgs == NULL)
+		return UPNPCOMMAND_MEM_ALLOC_ERROR;
+	DeletePortMappingArgs[0].elt = "NewRemoteHost";
+	DeletePortMappingArgs[0].val = remoteHost;
+	DeletePortMappingArgs[1].elt = "NewExternalPort";
+	DeletePortMappingArgs[1].val = extPort;
+	DeletePortMappingArgs[2].elt = "NewProtocol";
+	DeletePortMappingArgs[2].val = proto;
+	if(!(buffer = simpleUPnPcommand(-1, controlURL, servicetype,
+	                               "DeletePortMapping",
+	                               DeletePortMappingArgs, &bufsize))) {
+		free(DeletePortMappingArgs);
+		return UPNPCOMMAND_HTTP_ERROR;
+	}
+	/*DisplayNameValueList(buffer, bufsize);*/
+	ParseNameValue(buffer, bufsize, &pdata);
+	free(buffer); buffer = NULL;
+	resVal = GetValueFromNameValueList(&pdata, "errorCode");
+	if(resVal) {
+		ret = UPNPCOMMAND_UNKNOWN_ERROR;
+		sscanf(resVal, "%d", &ret);
+	} else {
+		ret = UPNPCOMMAND_SUCCESS;
+	}
+	ClearNameValueList(&pdata);
+	free(DeletePortMappingArgs);
+	return ret;
+}
+
+MINIUPNP_LIBSPEC int
+UPNP_DeletePortMappingRange(const char * controlURL, const char * servicetype,
+        		    const char * extPortStart, const char * extPortEnd,
+        		    const char * proto,
+			    const char * manage)
+{
+	struct UPNParg * DeletePortMappingArgs;
+	char * buffer;
+	int bufsize;
+	struct NameValueParserData pdata;
+	const char * resVal;
+	int ret;
+
+	if(!extPortStart || !extPortEnd || !proto || !manage)
+		return UPNPCOMMAND_INVALID_ARGS;
+
+	DeletePortMappingArgs = calloc(5, sizeof(struct UPNParg));
+	if(DeletePortMappingArgs == NULL)
+		return UPNPCOMMAND_MEM_ALLOC_ERROR;
+	DeletePortMappingArgs[0].elt = "NewStartPort";
+	DeletePortMappingArgs[0].val = extPortStart;
+	DeletePortMappingArgs[1].elt = "NewEndPort";
+	DeletePortMappingArgs[1].val = extPortEnd;
+	DeletePortMappingArgs[2].elt = "NewProtocol";
+	DeletePortMappingArgs[2].val = proto;
+	DeletePortMappingArgs[3].elt = "NewManage";
+	DeletePortMappingArgs[3].val = manage;
+
+	if(!(buffer = simpleUPnPcommand(-1, controlURL, servicetype,
+	                                "DeletePortMappingRange",
+	                                DeletePortMappingArgs, &bufsize))) {
+		free(DeletePortMappingArgs);
+		return UPNPCOMMAND_HTTP_ERROR;
+	}
+	ParseNameValue(buffer, bufsize, &pdata);
+	free(buffer); buffer = NULL;
+	resVal = GetValueFromNameValueList(&pdata, "errorCode");
+	if(resVal) {
+		ret = UPNPCOMMAND_UNKNOWN_ERROR;
+		sscanf(resVal, "%d", &ret);
+	} else {
+		ret = UPNPCOMMAND_SUCCESS;
+	}
+	ClearNameValueList(&pdata);
+	free(DeletePortMappingArgs);
+	return ret;
+}
+
+MINIUPNP_LIBSPEC int
+UPNP_GetGenericPortMappingEntry(const char * controlURL,
+                                const char * servicetype,
+							 const char * index,
+							 char * extPort,
+							 char * intClient,
+							 char * intPort,
+							 char * protocol,
+							 char * desc,
+							 char * enabled,
+							 char * rHost,
+							 char * duration)
+{
+	struct NameValueParserData pdata;
+	struct UPNParg * GetPortMappingArgs;
+	char * buffer;
+	int bufsize;
+	char * p;
+	int r = UPNPCOMMAND_UNKNOWN_ERROR;
+	if(!index)
+		return UPNPCOMMAND_INVALID_ARGS;
+	intClient[0] = '\0';
+	intPort[0] = '\0';
+	GetPortMappingArgs = calloc(2, sizeof(struct UPNParg));
+	if(GetPortMappingArgs == NULL)
+		return UPNPCOMMAND_MEM_ALLOC_ERROR;
+	GetPortMappingArgs[0].elt = "NewPortMappingIndex";
+	GetPortMappingArgs[0].val = index;
+	if(!(buffer = simpleUPnPcommand(-1, controlURL, servicetype,
+	                               "GetGenericPortMappingEntry",
+	                               GetPortMappingArgs, &bufsize))) {
+		free(GetPortMappingArgs);
+		return UPNPCOMMAND_HTTP_ERROR;
+	}
+	ParseNameValue(buffer, bufsize, &pdata);
+	free(buffer); buffer = NULL;
+
+	p = GetValueFromNameValueList(&pdata, "NewRemoteHost");
+	if(p && rHost)
+	{
+		strncpy(rHost, p, 64);
+		rHost[63] = '\0';
+	}
+	p = GetValueFromNameValueList(&pdata, "NewExternalPort");
+	if(p && extPort)
+	{
+		strncpy(extPort, p, 6);
+		extPort[5] = '\0';
+		r = UPNPCOMMAND_SUCCESS;
+	}
+	p = GetValueFromNameValueList(&pdata, "NewProtocol");
+	if(p && protocol)
+	{
+		strncpy(protocol, p, 4);
+		protocol[3] = '\0';
+	}
+	p = GetValueFromNameValueList(&pdata, "NewInternalClient");
+	if(p)
+	{
+		strncpy(intClient, p, 16);
+		intClient[15] = '\0';
+		r = 0;
+	}
+	p = GetValueFromNameValueList(&pdata, "NewInternalPort");
+	if(p)
+	{
+		strncpy(intPort, p, 6);
+		intPort[5] = '\0';
+	}
+	p = GetValueFromNameValueList(&pdata, "NewEnabled");
+	if(p && enabled)
+	{
+		strncpy(enabled, p, 4);
+		enabled[3] = '\0';
+	}
+	p = GetValueFromNameValueList(&pdata, "NewPortMappingDescription");
+	if(p && desc)
+	{
+		strncpy(desc, p, 80);
+		desc[79] = '\0';
+	}
+	p = GetValueFromNameValueList(&pdata, "NewLeaseDuration");
+	if(p && duration)
+	{
+		strncpy(duration, p, 16);
+		duration[15] = '\0';
+	}
+	p = GetValueFromNameValueList(&pdata, "errorCode");
+	if(p) {
+		r = UPNPCOMMAND_UNKNOWN_ERROR;
+		sscanf(p, "%d", &r);
+	}
+	ClearNameValueList(&pdata);
+	free(GetPortMappingArgs);
+	return r;
+}
+
+MINIUPNP_LIBSPEC int
+UPNP_GetPortMappingNumberOfEntries(const char * controlURL,
+                                   const char * servicetype,
+                                   unsigned int * numEntries)
+{
+ 	struct NameValueParserData pdata;
+ 	char * buffer;
+ 	int bufsize;
+ 	char* p;
+	int ret = UPNPCOMMAND_UNKNOWN_ERROR;
+ 	if(!(buffer = simpleUPnPcommand(-1, controlURL, servicetype,
+	                                "GetPortMappingNumberOfEntries", 0,
+	                                &bufsize))) {
+		return UPNPCOMMAND_HTTP_ERROR;
+	}
+#ifdef DEBUG
+	DisplayNameValueList(buffer, bufsize);
+#endif
+ 	ParseNameValue(buffer, bufsize, &pdata);
+	free(buffer); buffer = NULL;
+
+ 	p = GetValueFromNameValueList(&pdata, "NewPortMappingNumberOfEntries");
+ 	if(numEntries && p) {
+		*numEntries = 0;
+ 		sscanf(p, "%u", numEntries);
+		ret = UPNPCOMMAND_SUCCESS;
+ 	}
+
+	p = GetValueFromNameValueList(&pdata, "errorCode");
+	if(p) {
+		ret = UPNPCOMMAND_UNKNOWN_ERROR;
+		sscanf(p, "%d", &ret);
+	}
+
+ 	ClearNameValueList(&pdata);
+	return ret;
+}
+
+/* UPNP_GetSpecificPortMappingEntry retrieves an existing port mapping
+ * the result is returned in the intClient and intPort strings
+ * please provide 16 and 6 bytes of data */
+MINIUPNP_LIBSPEC int
+UPNP_GetSpecificPortMappingEntry(const char * controlURL,
+                                 const char * servicetype,
+                                 const char * extPort,
+                                 const char * proto,
+                                 const char * remoteHost,
+                                 char * intClient,
+                                 char * intPort,
+                                 char * desc,
+                                 char * enabled,
+                                 char * leaseDuration)
+{
+	struct NameValueParserData pdata;
+	struct UPNParg * GetPortMappingArgs;
+	char * buffer;
+	int bufsize;
+	char * p;
+	int ret = UPNPCOMMAND_UNKNOWN_ERROR;
+
+	if(!intPort || !intClient || !extPort || !proto)
+		return UPNPCOMMAND_INVALID_ARGS;
+
+	GetPortMappingArgs = calloc(4, sizeof(struct UPNParg));
+	if(GetPortMappingArgs == NULL)
+		return UPNPCOMMAND_MEM_ALLOC_ERROR;
+	GetPortMappingArgs[0].elt = "NewRemoteHost";
+	GetPortMappingArgs[0].val = remoteHost;
+	GetPortMappingArgs[1].elt = "NewExternalPort";
+	GetPortMappingArgs[1].val = extPort;
+	GetPortMappingArgs[2].elt = "NewProtocol";
+	GetPortMappingArgs[2].val = proto;
+	if(!(buffer = simpleUPnPcommand(-1, controlURL, servicetype,
+	                                "GetSpecificPortMappingEntry",
+	                                GetPortMappingArgs, &bufsize))) {
+		free(GetPortMappingArgs);
+		return UPNPCOMMAND_HTTP_ERROR;
+	}
+	/*DisplayNameValueList(buffer, bufsize);*/
+	ParseNameValue(buffer, bufsize, &pdata);
+	free(buffer); buffer = NULL;
+
+	p = GetValueFromNameValueList(&pdata, "NewInternalClient");
+	if(p) {
+		strncpy(intClient, p, 16);
+		intClient[15] = '\0';
+		ret = UPNPCOMMAND_SUCCESS;
+	} else
+		intClient[0] = '\0';
+
+	p = GetValueFromNameValueList(&pdata, "NewInternalPort");
+	if(p) {
+		strncpy(intPort, p, 6);
+		intPort[5] = '\0';
+	} else
+		intPort[0] = '\0';
+
+	p = GetValueFromNameValueList(&pdata, "NewEnabled");
+	if(p && enabled) {
+		strncpy(enabled, p, 4);
+		enabled[3] = '\0';
+	}
+
+	p = GetValueFromNameValueList(&pdata, "NewPortMappingDescription");
+	if(p && desc) {
+		strncpy(desc, p, 80);
+		desc[79] = '\0';
+	}
+
+	p = GetValueFromNameValueList(&pdata, "NewLeaseDuration");
+	if(p && leaseDuration)
+	{
+		strncpy(leaseDuration, p, 16);
+		leaseDuration[15] = '\0';
+	}
+
+	p = GetValueFromNameValueList(&pdata, "errorCode");
+	if(p) {
+		ret = UPNPCOMMAND_UNKNOWN_ERROR;
+		sscanf(p, "%d", &ret);
+	}
+
+	ClearNameValueList(&pdata);
+	free(GetPortMappingArgs);
+	return ret;
+}
+
+/* UPNP_GetListOfPortMappings()
+ *
+ * Possible UPNP Error codes :
+ * 606 Action not Authorized
+ * 730 PortMappingNotFound - no port mapping is found in the specified range.
+ * 733 InconsistantParameters - NewStartPort and NewEndPort values are not
+ *                              consistent.
+ */
+MINIUPNP_LIBSPEC int
+UPNP_GetListOfPortMappings(const char * controlURL,
+                           const char * servicetype,
+                           const char * startPort,
+                           const char * endPort,
+                           const char * protocol,
+                           const char * numberOfPorts,
+                           struct PortMappingParserData * data)
+{
+	struct NameValueParserData pdata;
+	struct UPNParg * GetListOfPortMappingsArgs;
+	const char * p;
+	char * buffer;
+	int bufsize;
+	int ret = UPNPCOMMAND_UNKNOWN_ERROR;
+
+	if(!startPort || !endPort || !protocol)
+		return UPNPCOMMAND_INVALID_ARGS;
+
+	GetListOfPortMappingsArgs = calloc(6, sizeof(struct UPNParg));
+	if(GetListOfPortMappingsArgs == NULL)
+		return UPNPCOMMAND_MEM_ALLOC_ERROR;
+	GetListOfPortMappingsArgs[0].elt = "NewStartPort";
+	GetListOfPortMappingsArgs[0].val = startPort;
+	GetListOfPortMappingsArgs[1].elt = "NewEndPort";
+	GetListOfPortMappingsArgs[1].val = endPort;
+	GetListOfPortMappingsArgs[2].elt = "NewProtocol";
+	GetListOfPortMappingsArgs[2].val = protocol;
+	GetListOfPortMappingsArgs[3].elt = "NewManage";
+	GetListOfPortMappingsArgs[3].val = "1";
+	GetListOfPortMappingsArgs[4].elt = "NewNumberOfPorts";
+	GetListOfPortMappingsArgs[4].val = numberOfPorts?numberOfPorts:"1000";
+
+	if(!(buffer = simpleUPnPcommand(-1, controlURL, servicetype,
+	                                "GetListOfPortMappings",
+	                                GetListOfPortMappingsArgs, &bufsize))) {
+		free(GetListOfPortMappingsArgs);
+		return UPNPCOMMAND_HTTP_ERROR;
+	}
+	free(GetListOfPortMappingsArgs);
+
+	/*DisplayNameValueList(buffer, bufsize);*/
+	ParseNameValue(buffer, bufsize, &pdata);
+	free(buffer); buffer = NULL;
+
+	/*p = GetValueFromNameValueList(&pdata, "NewPortListing");*/
+	/*if(p) {
+		printf("NewPortListing : %s\n", p);
+	}*/
+	/*printf("NewPortListing(%d chars) : %s\n",
+	       pdata.portListingLength, pdata.portListing);*/
+	if(pdata.portListing)
+	{
+		/*struct PortMapping * pm;
+		int i = 0;*/
+		ParsePortListing(pdata.portListing, pdata.portListingLength,
+		                 data);
+		ret = UPNPCOMMAND_SUCCESS;
+		/*
+		for(pm = data->head.lh_first; pm != NULL; pm = pm->entries.le_next)
+		{
+			printf("%2d %s %5hu->%s:%-5hu '%s' '%s'\n",
+			       i, pm->protocol, pm->externalPort, pm->internalClient,
+			       pm->internalPort,
+			       pm->description, pm->remoteHost);
+			i++;
+		}
+		*/
+		/*FreePortListing(&data);*/
+	}
+
+	p = GetValueFromNameValueList(&pdata, "errorCode");
+	if(p) {
+		ret = UPNPCOMMAND_UNKNOWN_ERROR;
+		sscanf(p, "%d", &ret);
+	}
+	ClearNameValueList(&pdata);
+
+	/*printf("%.*s", bufsize, buffer);*/
+
+	return ret;
+}
+
+/* IGD:2, functions for service WANIPv6FirewallControl:1 */
+MINIUPNP_LIBSPEC int
+UPNP_GetFirewallStatus(const char * controlURL,
+				const char * servicetype,
+				int * firewallEnabled,
+				int * inboundPinholeAllowed)
+{
+	struct NameValueParserData pdata;
+	char * buffer;
+	int bufsize;
+	char * fe, *ipa, *p;
+	int ret = UPNPCOMMAND_UNKNOWN_ERROR;
+
+	if(!firewallEnabled || !inboundPinholeAllowed)
+		return UPNPCOMMAND_INVALID_ARGS;
+
+	buffer = simpleUPnPcommand(-1, controlURL, servicetype,
+	                           "GetFirewallStatus", 0, &bufsize);
+	if(!buffer) {
+		return UPNPCOMMAND_HTTP_ERROR;
+	}
+	ParseNameValue(buffer, bufsize, &pdata);
+	free(buffer); buffer = NULL;
+	fe = GetValueFromNameValueList(&pdata, "FirewallEnabled");
+	ipa = GetValueFromNameValueList(&pdata, "InboundPinholeAllowed");
+	if(ipa && fe)
+		ret = UPNPCOMMAND_SUCCESS;
+	if(fe)
+		*firewallEnabled = my_atoui(fe);
+	/*else
+		*firewallEnabled = 0;*/
+	if(ipa)
+		*inboundPinholeAllowed = my_atoui(ipa);
+	/*else
+		*inboundPinholeAllowed = 0;*/
+	p = GetValueFromNameValueList(&pdata, "errorCode");
+	if(p)
+	{
+		ret = UPNPCOMMAND_UNKNOWN_ERROR;
+		sscanf(p, "%d", &ret);
+	}
+	ClearNameValueList(&pdata);
+	return ret;
+}
+
+MINIUPNP_LIBSPEC int
+UPNP_GetOutboundPinholeTimeout(const char * controlURL, const char * servicetype,
+                    const char * remoteHost,
+                    const char * remotePort,
+                    const char * intClient,
+                    const char * intPort,
+                    const char * proto,
+                    int * opTimeout)
+{
+	struct UPNParg * GetOutboundPinholeTimeoutArgs;
+	char * buffer;
+	int bufsize;
+	struct NameValueParserData pdata;
+	const char * resVal;
+	char * p;
+	int ret;
+
+	if(!intPort || !intClient || !proto || !remotePort || !remoteHost)
+		return UPNPCOMMAND_INVALID_ARGS;
+
+	GetOutboundPinholeTimeoutArgs = calloc(6, sizeof(struct UPNParg));
+	if(GetOutboundPinholeTimeoutArgs == NULL)
+		return UPNPCOMMAND_MEM_ALLOC_ERROR;
+	GetOutboundPinholeTimeoutArgs[0].elt = "RemoteHost";
+	GetOutboundPinholeTimeoutArgs[0].val = remoteHost;
+	GetOutboundPinholeTimeoutArgs[1].elt = "RemotePort";
+	GetOutboundPinholeTimeoutArgs[1].val = remotePort;
+	GetOutboundPinholeTimeoutArgs[2].elt = "Protocol";
+	GetOutboundPinholeTimeoutArgs[2].val = proto;
+	GetOutboundPinholeTimeoutArgs[3].elt = "InternalPort";
+	GetOutboundPinholeTimeoutArgs[3].val = intPort;
+	GetOutboundPinholeTimeoutArgs[4].elt = "InternalClient";
+	GetOutboundPinholeTimeoutArgs[4].val = intClient;
+	buffer = simpleUPnPcommand(-1, controlURL, servicetype,
+	                           "GetOutboundPinholeTimeout", GetOutboundPinholeTimeoutArgs, &bufsize);
+	if(!buffer)
+		return UPNPCOMMAND_HTTP_ERROR;
+	ParseNameValue(buffer, bufsize, &pdata);
+	free(buffer); buffer = NULL;
+	resVal = GetValueFromNameValueList(&pdata, "errorCode");
+	if(resVal)
+	{
+		ret = UPNPCOMMAND_UNKNOWN_ERROR;
+		sscanf(resVal, "%d", &ret);
+	}
+	else
+	{
+		ret = UPNPCOMMAND_SUCCESS;
+		p = GetValueFromNameValueList(&pdata, "OutboundPinholeTimeout");
+		if(p)
+			*opTimeout = my_atoui(p);
+	}
+	ClearNameValueList(&pdata);
+	free(GetOutboundPinholeTimeoutArgs);
+	return ret;
+}
+
+MINIUPNP_LIBSPEC int
+UPNP_AddPinhole(const char * controlURL, const char * servicetype,
+                    const char * remoteHost,
+                    const char * remotePort,
+                    const char * intClient,
+                    const char * intPort,
+                    const char * proto,
+                    const char * leaseTime,
+                    char * uniqueID)
+{
+	struct UPNParg * AddPinholeArgs;
+	char * buffer;
+	int bufsize;
+	struct NameValueParserData pdata;
+	const char * resVal;
+	char * p;
+	int ret;
+
+	if(!intPort || !intClient || !proto || !remoteHost || !remotePort || !leaseTime)
+		return UPNPCOMMAND_INVALID_ARGS;
+
+	AddPinholeArgs = calloc(7, sizeof(struct UPNParg));
+	if(AddPinholeArgs == NULL)
+		return UPNPCOMMAND_MEM_ALLOC_ERROR;
+	/* RemoteHost can be wilcarded */
+	if(strncmp(remoteHost, "empty", 5)==0)
+	{
+		AddPinholeArgs[0].elt = "RemoteHost";
+		AddPinholeArgs[0].val = "";
+	}
+	else
+	{
+		AddPinholeArgs[0].elt = "RemoteHost";
+		AddPinholeArgs[0].val = remoteHost;
+	}
+	AddPinholeArgs[1].elt = "RemotePort";
+	AddPinholeArgs[1].val = remotePort;
+	AddPinholeArgs[2].elt = "Protocol";
+	AddPinholeArgs[2].val = proto;
+	AddPinholeArgs[3].elt = "InternalPort";
+	AddPinholeArgs[3].val = intPort;
+	if(strncmp(intClient, "empty", 5)==0)
+	{
+		AddPinholeArgs[4].elt = "InternalClient";
+		AddPinholeArgs[4].val = "";
+	}
+	else
+	{
+		AddPinholeArgs[4].elt = "InternalClient";
+		AddPinholeArgs[4].val = intClient;
+	}
+	AddPinholeArgs[5].elt = "LeaseTime";
+	AddPinholeArgs[5].val = leaseTime;
+	buffer = simpleUPnPcommand(-1, controlURL, servicetype,
+	                           "AddPinhole", AddPinholeArgs, &bufsize);
+	if(!buffer)
+		return UPNPCOMMAND_HTTP_ERROR;
+	ParseNameValue(buffer, bufsize, &pdata);
+	free(buffer); buffer = NULL;
+	p = GetValueFromNameValueList(&pdata, "UniqueID");
+	if(p)
+	{
+		strncpy(uniqueID, p, 8);
+		uniqueID[7] = '\0';
+	}
+	resVal = GetValueFromNameValueList(&pdata, "errorCode");
+	if(resVal)
+	{
+		/*printf("AddPortMapping errorCode = '%s'\n", resVal);*/
+		ret = UPNPCOMMAND_UNKNOWN_ERROR;
+		sscanf(resVal, "%d", &ret);
+	}
+	else
+	{
+		ret = UPNPCOMMAND_SUCCESS;
+	}
+	ClearNameValueList(&pdata);
+	free(AddPinholeArgs);
+	return ret;
+}
+
+MINIUPNP_LIBSPEC int
+UPNP_UpdatePinhole(const char * controlURL, const char * servicetype,
+                    const char * uniqueID,
+                    const char * leaseTime)
+{
+	struct UPNParg * UpdatePinholeArgs;
+	char * buffer;
+	int bufsize;
+	struct NameValueParserData pdata;
+	const char * resVal;
+	int ret;
+
+	if(!uniqueID || !leaseTime)
+		return UPNPCOMMAND_INVALID_ARGS;
+
+	UpdatePinholeArgs = calloc(3, sizeof(struct UPNParg));
+	if(UpdatePinholeArgs == NULL)
+		return UPNPCOMMAND_MEM_ALLOC_ERROR;
+	UpdatePinholeArgs[0].elt = "UniqueID";
+	UpdatePinholeArgs[0].val = uniqueID;
+	UpdatePinholeArgs[1].elt = "NewLeaseTime";
+	UpdatePinholeArgs[1].val = leaseTime;
+	buffer = simpleUPnPcommand(-1, controlURL, servicetype,
+	                           "UpdatePinhole", UpdatePinholeArgs, &bufsize);
+	if(!buffer)
+		return UPNPCOMMAND_HTTP_ERROR;
+	ParseNameValue(buffer, bufsize, &pdata);
+	free(buffer); buffer = NULL;
+	resVal = GetValueFromNameValueList(&pdata, "errorCode");
+	if(resVal)
+	{
+		/*printf("AddPortMapping errorCode = '%s'\n", resVal); */
+		ret = UPNPCOMMAND_UNKNOWN_ERROR;
+		sscanf(resVal, "%d", &ret);
+	}
+	else
+	{
+		ret = UPNPCOMMAND_SUCCESS;
+	}
+	ClearNameValueList(&pdata);
+	free(UpdatePinholeArgs);
+	return ret;
+}
+
+MINIUPNP_LIBSPEC int
+UPNP_DeletePinhole(const char * controlURL, const char * servicetype, const char * uniqueID)
+{
+	/*struct NameValueParserData pdata;*/
+	struct UPNParg * DeletePinholeArgs;
+	char * buffer;
+	int bufsize;
+	struct NameValueParserData pdata;
+	const char * resVal;
+	int ret;
+
+	if(!uniqueID)
+		return UPNPCOMMAND_INVALID_ARGS;
+
+	DeletePinholeArgs = calloc(2, sizeof(struct UPNParg));
+	if(DeletePinholeArgs == NULL)
+		return UPNPCOMMAND_MEM_ALLOC_ERROR;
+	DeletePinholeArgs[0].elt = "UniqueID";
+	DeletePinholeArgs[0].val = uniqueID;
+	buffer = simpleUPnPcommand(-1, controlURL, servicetype,
+	                           "DeletePinhole", DeletePinholeArgs, &bufsize);
+	if(!buffer)
+		return UPNPCOMMAND_HTTP_ERROR;
+	/*DisplayNameValueList(buffer, bufsize);*/
+	ParseNameValue(buffer, bufsize, &pdata);
+	free(buffer); buffer = NULL;
+	resVal = GetValueFromNameValueList(&pdata, "errorCode");
+	if(resVal)
+	{
+		ret = UPNPCOMMAND_UNKNOWN_ERROR;
+		sscanf(resVal, "%d", &ret);
+	}
+	else
+	{
+		ret = UPNPCOMMAND_SUCCESS;
+	}
+	ClearNameValueList(&pdata);
+	free(DeletePinholeArgs);
+	return ret;
+}
+
+MINIUPNP_LIBSPEC int
+UPNP_CheckPinholeWorking(const char * controlURL, const char * servicetype,
+                                 const char * uniqueID, int * isWorking)
+{
+	struct NameValueParserData pdata;
+	struct UPNParg * CheckPinholeWorkingArgs;
+	char * buffer;
+	int bufsize;
+	char * p;
+	int ret = UPNPCOMMAND_UNKNOWN_ERROR;
+
+	if(!uniqueID)
+		return UPNPCOMMAND_INVALID_ARGS;
+
+	CheckPinholeWorkingArgs = calloc(4, sizeof(struct UPNParg));
+	if(CheckPinholeWorkingArgs == NULL)
+		return UPNPCOMMAND_MEM_ALLOC_ERROR;
+	CheckPinholeWorkingArgs[0].elt = "UniqueID";
+	CheckPinholeWorkingArgs[0].val = uniqueID;
+	buffer = simpleUPnPcommand(-1, controlURL, servicetype,
+	                           "CheckPinholeWorking", CheckPinholeWorkingArgs, &bufsize);
+	if(!buffer)
+		return UPNPCOMMAND_HTTP_ERROR;
+	ParseNameValue(buffer, bufsize, &pdata);
+	free(buffer); buffer = NULL;
+
+	p = GetValueFromNameValueList(&pdata, "IsWorking");
+	if(p)
+	{
+		*isWorking=my_atoui(p);
+		ret = UPNPCOMMAND_SUCCESS;
+	}
+	else
+		*isWorking = 0;
+
+	p = GetValueFromNameValueList(&pdata, "errorCode");
+	if(p)
+	{
+		ret = UPNPCOMMAND_UNKNOWN_ERROR;
+		sscanf(p, "%d", &ret);
+	}
+
+	ClearNameValueList(&pdata);
+	free(CheckPinholeWorkingArgs);
+	return ret;
+}
+
+MINIUPNP_LIBSPEC int
+UPNP_GetPinholePackets(const char * controlURL, const char * servicetype,
+                                 const char * uniqueID, int * packets)
+{
+	struct NameValueParserData pdata;
+	struct UPNParg * GetPinholePacketsArgs;
+	char * buffer;
+	int bufsize;
+	char * p;
+	int ret = UPNPCOMMAND_UNKNOWN_ERROR;
+
+	if(!uniqueID)
+		return UPNPCOMMAND_INVALID_ARGS;
+
+	GetPinholePacketsArgs = calloc(4, sizeof(struct UPNParg));
+	if(GetPinholePacketsArgs == NULL)
+		return UPNPCOMMAND_MEM_ALLOC_ERROR;
+	GetPinholePacketsArgs[0].elt = "UniqueID";
+	GetPinholePacketsArgs[0].val = uniqueID;
+	buffer = simpleUPnPcommand(-1, controlURL, servicetype,
+	                           "GetPinholePackets", GetPinholePacketsArgs, &bufsize);
+	if(!buffer)
+		return UPNPCOMMAND_HTTP_ERROR;
+	ParseNameValue(buffer, bufsize, &pdata);
+	free(buffer); buffer = NULL;
+
+	p = GetValueFromNameValueList(&pdata, "PinholePackets");
+	if(p)
+	{
+		*packets=my_atoui(p);
+		ret = UPNPCOMMAND_SUCCESS;
+	}
+
+	p = GetValueFromNameValueList(&pdata, "errorCode");
+	if(p)
+	{
+		ret = UPNPCOMMAND_UNKNOWN_ERROR;
+		sscanf(p, "%d", &ret);
+	}
+
+	ClearNameValueList(&pdata);
+	free(GetPinholePacketsArgs);
+	return ret;
+}
+
+
diff --git a/ext/miniupnpc/upnpcommands.h b/ext/miniupnpc/upnpcommands.h
new file mode 100644
index 0000000..22eda5e
--- /dev/null
+++ b/ext/miniupnpc/upnpcommands.h
@@ -0,0 +1,348 @@
+/* $Id: upnpcommands.h,v 1.31 2015/07/21 13:16:55 nanard Exp $ */
+/* Miniupnp project : http://miniupnp.free.fr/
+ * Author : Thomas Bernard
+ * Copyright (c) 2005-2015 Thomas Bernard
+ * This software is subject to the conditions detailed in the
+ * LICENCE file provided within this distribution */
+#ifndef UPNPCOMMANDS_H_INCLUDED
+#define UPNPCOMMANDS_H_INCLUDED
+
+#include "upnpreplyparse.h"
+#include "portlistingparse.h"
+#include "miniupnpc_declspec.h"
+#include "miniupnpctypes.h"
+
+/* MiniUPnPc return codes : */
+#define UPNPCOMMAND_SUCCESS (0)
+#define UPNPCOMMAND_UNKNOWN_ERROR (-1)
+#define UPNPCOMMAND_INVALID_ARGS (-2)
+#define UPNPCOMMAND_HTTP_ERROR (-3)
+#define UPNPCOMMAND_INVALID_RESPONSE (-4)
+#define UPNPCOMMAND_MEM_ALLOC_ERROR (-5)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+MINIUPNP_LIBSPEC UNSIGNED_INTEGER
+UPNP_GetTotalBytesSent(const char * controlURL,
+					const char * servicetype);
+
+MINIUPNP_LIBSPEC UNSIGNED_INTEGER
+UPNP_GetTotalBytesReceived(const char * controlURL,
+						const char * servicetype);
+
+MINIUPNP_LIBSPEC UNSIGNED_INTEGER
+UPNP_GetTotalPacketsSent(const char * controlURL,
+					const char * servicetype);
+
+MINIUPNP_LIBSPEC UNSIGNED_INTEGER
+UPNP_GetTotalPacketsReceived(const char * controlURL,
+					const char * servicetype);
+
+/* UPNP_GetStatusInfo()
+ * status and lastconnerror are 64 byte buffers
+ * Return values :
+ * UPNPCOMMAND_SUCCESS, UPNPCOMMAND_INVALID_ARGS, UPNPCOMMAND_UNKNOWN_ERROR
+ * or a UPnP Error code */
+MINIUPNP_LIBSPEC int
+UPNP_GetStatusInfo(const char * controlURL,
+			       const char * servicetype,
+				   char * status,
+				   unsigned int * uptime,
+                   char * lastconnerror);
+
+/* UPNP_GetConnectionTypeInfo()
+ * argument connectionType is a 64 character buffer
+ * Return Values :
+ * UPNPCOMMAND_SUCCESS, UPNPCOMMAND_INVALID_ARGS, UPNPCOMMAND_UNKNOWN_ERROR
+ * or a UPnP Error code */
+MINIUPNP_LIBSPEC int
+UPNP_GetConnectionTypeInfo(const char * controlURL,
+                           const char * servicetype,
+						   char * connectionType);
+
+/* UPNP_GetExternalIPAddress() call the corresponding UPNP method.
+ * if the third arg is not null the value is copied to it.
+ * at least 16 bytes must be available
+ *
+ * Return values :
+ * 0 : SUCCESS
+ * NON ZERO : ERROR Either an UPnP error code or an unknown error.
+ *
+ * possible UPnP Errors :
+ * 402 Invalid Args - See UPnP Device Architecture section on Control.
+ * 501 Action Failed - See UPnP Device Architecture section on Control. */
+MINIUPNP_LIBSPEC int
+UPNP_GetExternalIPAddress(const char * controlURL,
+                          const char * servicetype,
+                          char * extIpAdd);
+
+/* UPNP_GetLinkLayerMaxBitRates()
+ * call WANCommonInterfaceConfig:1#GetCommonLinkProperties
+ *
+ * return values :
+ * UPNPCOMMAND_SUCCESS, UPNPCOMMAND_INVALID_ARGS, UPNPCOMMAND_UNKNOWN_ERROR
+ * or a UPnP Error Code. */
+MINIUPNP_LIBSPEC int
+UPNP_GetLinkLayerMaxBitRates(const char* controlURL,
+							const char* servicetype,
+							unsigned int * bitrateDown,
+							unsigned int * bitrateUp);
+
+/* UPNP_AddPortMapping()
+ * if desc is NULL, it will be defaulted to "libminiupnpc"
+ * remoteHost is usually NULL because IGD don't support it.
+ *
+ * Return values :
+ * 0 : SUCCESS
+ * NON ZERO : ERROR. Either an UPnP error code or an unknown error.
+ *
+ * List of possible UPnP errors for AddPortMapping :
+ * errorCode errorDescription (short) - Description (long)
+ * 402 Invalid Args - See UPnP Device Architecture section on Control.
+ * 501 Action Failed - See UPnP Device Architecture section on Control.
+ * 606 Action not authorized - The action requested REQUIRES authorization and
+ *                             the sender was not authorized.
+ * 715 WildCardNotPermittedInSrcIP - The source IP address cannot be
+ *                                   wild-carded
+ * 716 WildCardNotPermittedInExtPort - The external port cannot be wild-carded
+ * 718 ConflictInMappingEntry - The port mapping entry specified conflicts
+ *                     with a mapping assigned previously to another client
+ * 724 SamePortValuesRequired - Internal and External port values
+ *                              must be the same
+ * 725 OnlyPermanentLeasesSupported - The NAT implementation only supports
+ *                  permanent lease times on port mappings
+ * 726 RemoteHostOnlySupportsWildcard - RemoteHost must be a wildcard
+ *                             and cannot be a specific IP address or DNS name
+ * 727 ExternalPortOnlySupportsWildcard - ExternalPort must be a wildcard and
+ *                                        cannot be a specific port value
+ * 728 NoPortMapsAvailable - There are not enough free ports available to
+ *                           complete port mapping.
+ * 729 ConflictWithOtherMechanisms - Attempted port mapping is not allowed
+ *                                   due to conflict with other mechanisms.
+ * 732 WildCardNotPermittedInIntPort - The internal port cannot be wild-carded
+ */
+MINIUPNP_LIBSPEC int
+UPNP_AddPortMapping(const char * controlURL, const char * servicetype,
+		    const char * extPort,
+		    const char * inPort,
+		    const char * inClient,
+		    const char * desc,
+		    const char * proto,
+		    const char * remoteHost,
+		    const char * leaseDuration);
+
+/* UPNP_AddAnyPortMapping()
+ * if desc is NULL, it will be defaulted to "libminiupnpc"
+ * remoteHost is usually NULL because IGD don't support it.
+ *
+ * Return values :
+ * 0 : SUCCESS
+ * NON ZERO : ERROR. Either an UPnP error code or an unknown error.
+ *
+ * List of possible UPnP errors for AddPortMapping :
+ * errorCode errorDescription (short) - Description (long)
+ * 402 Invalid Args - See UPnP Device Architecture section on Control.
+ * 501 Action Failed - See UPnP Device Architecture section on Control.
+ * 606 Action not authorized - The action requested REQUIRES authorization and
+ *                             the sender was not authorized.
+ * 715 WildCardNotPermittedInSrcIP - The source IP address cannot be
+ *                                   wild-carded
+ * 716 WildCardNotPermittedInExtPort - The external port cannot be wild-carded
+ * 728 NoPortMapsAvailable - There are not enough free ports available to
+ *                           complete port mapping.
+ * 729 ConflictWithOtherMechanisms - Attempted port mapping is not allowed
+ *                                   due to conflict with other mechanisms.
+ * 732 WildCardNotPermittedInIntPort - The internal port cannot be wild-carded
+ */
+MINIUPNP_LIBSPEC int
+UPNP_AddAnyPortMapping(const char * controlURL, const char * servicetype,
+		       const char * extPort,
+		       const char * inPort,
+		       const char * inClient,
+		       const char * desc,
+		       const char * proto,
+		       const char * remoteHost,
+		       const char * leaseDuration,
+		       char * reservedPort);
+
+/* UPNP_DeletePortMapping()
+ * Use same argument values as what was used for AddPortMapping().
+ * remoteHost is usually NULL because IGD don't support it.
+ * Return Values :
+ * 0 : SUCCESS
+ * NON ZERO : error. Either an UPnP error code or an undefined error.
+ *
+ * List of possible UPnP errors for DeletePortMapping :
+ * 402 Invalid Args - See UPnP Device Architecture section on Control.
+ * 606 Action not authorized - The action requested REQUIRES authorization
+ *                             and the sender was not authorized.
+ * 714 NoSuchEntryInArray - The specified value does not exist in the array */
+MINIUPNP_LIBSPEC int
+UPNP_DeletePortMapping(const char * controlURL, const char * servicetype,
+		       const char * extPort, const char * proto,
+		       const char * remoteHost);
+
+/* UPNP_DeletePortRangeMapping()
+ * Use same argument values as what was used for AddPortMapping().
+ * remoteHost is usually NULL because IGD don't support it.
+ * Return Values :
+ * 0 : SUCCESS
+ * NON ZERO : error. Either an UPnP error code or an undefined error.
+ *
+ * List of possible UPnP errors for DeletePortMapping :
+ * 606 Action not authorized - The action requested REQUIRES authorization
+ *                             and the sender was not authorized.
+ * 730 PortMappingNotFound - This error message is returned if no port
+ *			     mapping is found in the specified range.
+ * 733 InconsistentParameters - NewStartPort and NewEndPort values are not consistent. */
+MINIUPNP_LIBSPEC int
+UPNP_DeletePortMappingRange(const char * controlURL, const char * servicetype,
+        		    const char * extPortStart, const char * extPortEnd,
+        		    const char * proto,
+        		    const char * manage);
+
+/* UPNP_GetPortMappingNumberOfEntries()
+ * not supported by all routers */
+MINIUPNP_LIBSPEC int
+UPNP_GetPortMappingNumberOfEntries(const char* controlURL,
+                                   const char* servicetype,
+                                   unsigned int * num);
+
+/* UPNP_GetSpecificPortMappingEntry()
+ *    retrieves an existing port mapping
+ * params :
+ *  in   extPort
+ *  in   proto
+ *  in   remoteHost
+ *  out  intClient (16 bytes)
+ *  out  intPort (6 bytes)
+ *  out  desc (80 bytes)
+ *  out  enabled (4 bytes)
+ *  out  leaseDuration (16 bytes)
+ *
+ * return value :
+ * UPNPCOMMAND_SUCCESS, UPNPCOMMAND_INVALID_ARGS, UPNPCOMMAND_UNKNOWN_ERROR
+ * or a UPnP Error Code.
+ *
+ * List of possible UPnP errors for _GetSpecificPortMappingEntry :
+ * 402 Invalid Args - See UPnP Device Architecture section on Control.
+ * 501 Action Failed - See UPnP Device Architecture section on Control.
+ * 606 Action not authorized - The action requested REQUIRES authorization
+ *                             and the sender was not authorized.
+ * 714 NoSuchEntryInArray - The specified value does not exist in the array.
+ */
+MINIUPNP_LIBSPEC int
+UPNP_GetSpecificPortMappingEntry(const char * controlURL,
+                                 const char * servicetype,
+                                 const char * extPort,
+                                 const char * proto,
+                                 const char * remoteHost,
+                                 char * intClient,
+                                 char * intPort,
+                                 char * desc,
+                                 char * enabled,
+                                 char * leaseDuration);
+
+/* UPNP_GetGenericPortMappingEntry()
+ * params :
+ *  in   index
+ *  out  extPort (6 bytes)
+ *  out  intClient (16 bytes)
+ *  out  intPort (6 bytes)
+ *  out  protocol (4 bytes)
+ *  out  desc (80 bytes)
+ *  out  enabled (4 bytes)
+ *  out  rHost (64 bytes)
+ *  out  duration (16 bytes)
+ *
+ * return value :
+ * UPNPCOMMAND_SUCCESS, UPNPCOMMAND_INVALID_ARGS, UPNPCOMMAND_UNKNOWN_ERROR
+ * or a UPnP Error Code.
+ *
+ * Possible UPNP Error codes :
+ * 402 Invalid Args - See UPnP Device Architecture section on Control.
+ * 606 Action not authorized - The action requested REQUIRES authorization
+ *                             and the sender was not authorized.
+ * 713 SpecifiedArrayIndexInvalid - The specified array index is out of bounds
+ */
+MINIUPNP_LIBSPEC int
+UPNP_GetGenericPortMappingEntry(const char * controlURL,
+                                const char * servicetype,
+								const char * index,
+								char * extPort,
+								char * intClient,
+								char * intPort,
+								char * protocol,
+								char * desc,
+								char * enabled,
+								char * rHost,
+								char * duration);
+
+/* UPNP_GetListOfPortMappings()      Available in IGD v2
+ *
+ *
+ * Possible UPNP Error codes :
+ * 606 Action not Authorized
+ * 730 PortMappingNotFound - no port mapping is found in the specified range.
+ * 733 InconsistantParameters - NewStartPort and NewEndPort values are not
+ *                              consistent.
+ */
+MINIUPNP_LIBSPEC int
+UPNP_GetListOfPortMappings(const char * controlURL,
+                           const char * servicetype,
+                           const char * startPort,
+                           const char * endPort,
+                           const char * protocol,
+                           const char * numberOfPorts,
+                           struct PortMappingParserData * data);
+
+/* IGD:2, functions for service WANIPv6FirewallControl:1 */
+MINIUPNP_LIBSPEC int
+UPNP_GetFirewallStatus(const char * controlURL,
+				const char * servicetype,
+				int * firewallEnabled,
+				int * inboundPinholeAllowed);
+
+MINIUPNP_LIBSPEC int
+UPNP_GetOutboundPinholeTimeout(const char * controlURL, const char * servicetype,
+                    const char * remoteHost,
+                    const char * remotePort,
+                    const char * intClient,
+                    const char * intPort,
+                    const char * proto,
+                    int * opTimeout);
+
+MINIUPNP_LIBSPEC int
+UPNP_AddPinhole(const char * controlURL, const char * servicetype,
+                    const char * remoteHost,
+                    const char * remotePort,
+                    const char * intClient,
+                    const char * intPort,
+                    const char * proto,
+                    const char * leaseTime,
+                    char * uniqueID);
+
+MINIUPNP_LIBSPEC int
+UPNP_UpdatePinhole(const char * controlURL, const char * servicetype,
+                    const char * uniqueID,
+                    const char * leaseTime);
+
+MINIUPNP_LIBSPEC int
+UPNP_DeletePinhole(const char * controlURL, const char * servicetype, const char * uniqueID);
+
+MINIUPNP_LIBSPEC int
+UPNP_CheckPinholeWorking(const char * controlURL, const char * servicetype,
+                                 const char * uniqueID, int * isWorking);
+
+MINIUPNP_LIBSPEC int
+UPNP_GetPinholePackets(const char * controlURL, const char * servicetype,
+                                 const char * uniqueID, int * packets);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/ext/miniupnpc/upnpdev.c b/ext/miniupnpc/upnpdev.c
new file mode 100644
index 0000000..d89a993
--- /dev/null
+++ b/ext/miniupnpc/upnpdev.c
@@ -0,0 +1,23 @@
+/* $Id: upnpdev.c,v 1.1 2015/08/28 12:14:19 nanard Exp $ */
+/* Project : miniupnp
+ * Web : http://miniupnp.free.fr/
+ * Author : Thomas BERNARD
+ * copyright (c) 2005-2015 Thomas Bernard
+ * This software is subjet to the conditions detailed in the
+ * provided LICENSE file. */
+#include <stdlib.h>
+#include "upnpdev.h"
+
+/* freeUPNPDevlist() should be used to
+ * free the chained list returned by upnpDiscover() */
+void freeUPNPDevlist(struct UPNPDev * devlist)
+{
+	struct UPNPDev * next;
+	while(devlist)
+	{
+		next = devlist->pNext;
+		free(devlist);
+		devlist = next;
+	}
+}
+
diff --git a/ext/miniupnpc/upnpdev.h b/ext/miniupnpc/upnpdev.h
new file mode 100644
index 0000000..f49fbe1
--- /dev/null
+++ b/ext/miniupnpc/upnpdev.h
@@ -0,0 +1,36 @@
+/* $Id: upnpdev.h,v 1.1 2015/08/28 12:14:19 nanard Exp $ */
+/* Project : miniupnp
+ * Web : http://miniupnp.free.fr/
+ * Author : Thomas BERNARD
+ * copyright (c) 2005-2015 Thomas Bernard
+ * This software is subjet to the conditions detailed in the
+ * provided LICENSE file. */
+#ifndef UPNPDEV_H_INCLUDED
+#define UPNPDEV_H_INCLUDED
+
+#include "miniupnpc_declspec.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct UPNPDev {
+	struct UPNPDev * pNext;
+	char * descURL;
+	char * st;
+	unsigned int scope_id;
+	char * usn;
+	char buffer[3];
+};
+
+/* freeUPNPDevlist()
+ * free list returned by upnpDiscover() */
+MINIUPNP_LIBSPEC void freeUPNPDevlist(struct UPNPDev * devlist);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif /* UPNPDEV_H_INCLUDED */
diff --git a/ext/miniupnpc/upnperrors.c b/ext/miniupnpc/upnperrors.c
new file mode 100644
index 0000000..7ab8ee9
--- /dev/null
+++ b/ext/miniupnpc/upnperrors.c
@@ -0,0 +1,107 @@
+/* $Id: upnperrors.c,v 1.8 2014/06/10 09:41:48 nanard Exp $ */
+/* Project : miniupnp
+ * Author : Thomas BERNARD
+ * copyright (c) 2007 Thomas Bernard
+ * All Right reserved.
+ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
+ * This software is subjet to the conditions detailed in the
+ * provided LICENCE file. */
+#include <string.h>
+#include "upnperrors.h"
+#include "upnpcommands.h"
+#include "miniupnpc.h"
+
+const char * strupnperror(int err)
+{
+	const char * s = NULL;
+	switch(err) {
+	case UPNPCOMMAND_SUCCESS:
+		s = "Success";
+		break;
+	case UPNPCOMMAND_UNKNOWN_ERROR:
+		s = "Miniupnpc Unknown Error";
+		break;
+	case UPNPCOMMAND_INVALID_ARGS:
+		s = "Miniupnpc Invalid Arguments";
+		break;
+	case UPNPCOMMAND_INVALID_RESPONSE:
+		s = "Miniupnpc Invalid response";
+		break;
+	case UPNPDISCOVER_SOCKET_ERROR:
+		s = "Miniupnpc Socket error";
+		break;
+	case UPNPDISCOVER_MEMORY_ERROR:
+		s = "Miniupnpc Memory allocation error";
+		break;
+	case 401:
+		s = "Invalid Action";
+		break;
+	case 402:
+		s = "Invalid Args";
+		break;
+	case 501:
+		s = "Action Failed";
+		break;
+	case 606:
+		s = "Action not authorized";
+		break;
+	case 701:
+		s = "PinholeSpaceExhausted";
+		break;
+	case 702:
+		s = "FirewallDisabled";
+		break;
+	case 703:
+		s = "InboundPinholeNotAllowed";
+		break;
+	case 704:
+		s = "NoSuchEntry";
+		break;
+	case 705:
+		s = "ProtocolNotSupported";
+		break;
+	case 706:
+		s = "InternalPortWildcardingNotAllowed";
+		break;
+	case 707:
+		s = "ProtocolWildcardingNotAllowed";
+		break;
+	case 708:
+		s = "WildcardNotPermittedInSrcIP";
+		break;
+	case 709:
+		s = "NoPacketSent";
+		break;
+	case 713:
+		s = "SpecifiedArrayIndexInvalid";
+		break;
+	case 714:
+		s = "NoSuchEntryInArray";
+		break;
+	case 715:
+		s = "WildCardNotPermittedInSrcIP";
+		break;
+	case 716:
+		s = "WildCardNotPermittedInExtPort";
+		break;
+	case 718:
+		s = "ConflictInMappingEntry";
+		break;
+	case 724:
+		s = "SamePortValuesRequired";
+		break;
+	case 725:
+		s = "OnlyPermanentLeasesSupported";
+		break;
+	case 726:
+		s = "RemoteHostOnlySupportsWildcard";
+		break;
+	case 727:
+		s = "ExternalPortOnlySupportsWildcard";
+		break;
+	default:
+		s = "UnknownError";
+		break;
+	}
+	return s;
+}
diff --git a/ext/miniupnpc/upnperrors.h b/ext/miniupnpc/upnperrors.h
new file mode 100644
index 0000000..3115aee
--- /dev/null
+++ b/ext/miniupnpc/upnperrors.h
@@ -0,0 +1,26 @@
+/* $Id: upnperrors.h,v 1.6 2015/07/21 13:16:55 nanard Exp $ */
+/* (c) 2007-2015 Thomas Bernard
+ * All rights reserved.
+ * MiniUPnP Project.
+ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
+ * This software is subjet to the conditions detailed in the
+ * provided LICENCE file. */
+#ifndef UPNPERRORS_H_INCLUDED
+#define UPNPERRORS_H_INCLUDED
+
+#include "miniupnpc_declspec.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* strupnperror()
+ * Return a string description of the UPnP error code
+ * or NULL for undefinded errors */
+MINIUPNP_LIBSPEC const char * strupnperror(int err);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ext/miniupnpc/upnpreplyparse.c b/ext/miniupnpc/upnpreplyparse.c
new file mode 100644
index 0000000..88d77a6
--- /dev/null
+++ b/ext/miniupnpc/upnpreplyparse.c
@@ -0,0 +1,198 @@
+#define _CRT_SECURE_NO_WARNINGS
+/* $Id: upnpreplyparse.c,v 1.19 2015/07/15 10:29:11 nanard Exp $ */
+/* MiniUPnP project
+ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
+ * (c) 2006-2015 Thomas Bernard
+ * This software is subject to the conditions detailed
+ * in the LICENCE file provided within the distribution */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+
+#include "upnpreplyparse.h"
+#include "minixml.h"
+
+static void
+NameValueParserStartElt(void * d, const char * name, int l)
+{
+	struct NameValueParserData * data = (struct NameValueParserData *)d;
+	data->topelt = 1;
+    if(l>63)
+        l = 63;
+    memcpy(data->curelt, name, l);
+    data->curelt[l] = '\0';
+	data->cdata = NULL;
+	data->cdatalen = 0;
+}
+
+static void
+NameValueParserEndElt(void * d, const char * name, int l)
+{
+    struct NameValueParserData * data = (struct NameValueParserData *)d;
+    struct NameValue * nv;
+	(void)name;
+	(void)l;
+	if(!data->topelt)
+		return;
+	if(strcmp(data->curelt, "NewPortListing") != 0)
+	{
+		int l;
+		/* standard case. Limited to n chars strings */
+		l = data->cdatalen;
+	    nv = malloc(sizeof(struct NameValue));
+		if(nv == NULL)
+		{
+			/* malloc error */
+#ifdef DEBUG
+			fprintf(stderr, "%s: error allocating memory",
+			        "NameValueParserEndElt");
+#endif /* DEBUG */
+			return;
+		}
+	    if(l>=(int)sizeof(nv->value))
+	        l = sizeof(nv->value) - 1;
+	    strncpy(nv->name, data->curelt, 64);
+		nv->name[63] = '\0';
+		if(data->cdata != NULL)
+		{
+			memcpy(nv->value, data->cdata, l);
+			nv->value[l] = '\0';
+		}
+		else
+		{
+			nv->value[0] = '\0';
+		}
+		nv->l_next = data->l_head;	/* insert in list */
+		data->l_head = nv;
+	}
+	data->cdata = NULL;
+	data->cdatalen = 0;
+	data->topelt = 0;
+}
+
+static void
+NameValueParserGetData(void * d, const char * datas, int l)
+{
+    struct NameValueParserData * data = (struct NameValueParserData *)d;
+	if(strcmp(data->curelt, "NewPortListing") == 0)
+	{
+		/* specific case for NewPortListing which is a XML Document */
+		data->portListing = malloc(l + 1);
+		if(!data->portListing)
+		{
+			/* malloc error */
+#ifdef DEBUG
+			fprintf(stderr, "%s: error allocating memory",
+			        "NameValueParserGetData");
+#endif /* DEBUG */
+			return;
+		}
+		memcpy(data->portListing, datas, l);
+		data->portListing[l] = '\0';
+		data->portListingLength = l;
+	}
+	else
+	{
+		/* standard case. */
+		data->cdata = datas;
+		data->cdatalen = l;
+	}
+}
+
+void
+ParseNameValue(const char * buffer, int bufsize,
+               struct NameValueParserData * data)
+{
+	struct xmlparser parser;
+	data->l_head = NULL;
+	data->portListing = NULL;
+	data->portListingLength = 0;
+	/* init xmlparser object */
+	parser.xmlstart = buffer;
+	parser.xmlsize = bufsize;
+	parser.data = data;
+	parser.starteltfunc = NameValueParserStartElt;
+	parser.endeltfunc = NameValueParserEndElt;
+	parser.datafunc = NameValueParserGetData;
+	parser.attfunc = 0;
+	parsexml(&parser);
+}
+
+void
+ClearNameValueList(struct NameValueParserData * pdata)
+{
+    struct NameValue * nv;
+	if(pdata->portListing)
+	{
+		free(pdata->portListing);
+		pdata->portListing = NULL;
+		pdata->portListingLength = 0;
+	}
+    while((nv = pdata->l_head) != NULL)
+    {
+		pdata->l_head = nv->l_next;
+        free(nv);
+    }
+}
+
+char *
+GetValueFromNameValueList(struct NameValueParserData * pdata,
+                          const char * Name)
+{
+    struct NameValue * nv;
+    char * p = NULL;
+    for(nv = pdata->l_head;
+        (nv != NULL) && (p == NULL);
+        nv = nv->l_next)
+    {
+        if(strcmp(nv->name, Name) == 0)
+            p = nv->value;
+    }
+    return p;
+}
+
+#if 0
+/* useless now that minixml ignores namespaces by itself */
+char *
+GetValueFromNameValueListIgnoreNS(struct NameValueParserData * pdata,
+                                  const char * Name)
+{
+	struct NameValue * nv;
+	char * p = NULL;
+	char * pname;
+	for(nv = pdata->head.lh_first;
+	    (nv != NULL) && (p == NULL);
+		nv = nv->entries.le_next)
+	{
+		pname = strrchr(nv->name, ':');
+		if(pname)
+			pname++;
+		else
+			pname = nv->name;
+		if(strcmp(pname, Name)==0)
+			p = nv->value;
+	}
+	return p;
+}
+#endif
+
+/* debug all-in-one function
+ * do parsing then display to stdout */
+#ifdef DEBUG
+void
+DisplayNameValueList(char * buffer, int bufsize)
+{
+    struct NameValueParserData pdata;
+    struct NameValue * nv;
+    ParseNameValue(buffer, bufsize, &pdata);
+    for(nv = pdata.l_head;
+        nv != NULL;
+        nv = nv->l_next)
+    {
+        printf("%s = %s\n", nv->name, nv->value);
+    }
+    ClearNameValueList(&pdata);
+}
+#endif /* DEBUG */
+
diff --git a/ext/miniupnpc/upnpreplyparse.h b/ext/miniupnpc/upnpreplyparse.h
new file mode 100644
index 0000000..6badd15
--- /dev/null
+++ b/ext/miniupnpc/upnpreplyparse.h
@@ -0,0 +1,63 @@
+/* $Id: upnpreplyparse.h,v 1.19 2014/10/27 16:33:19 nanard Exp $ */
+/* MiniUPnP project
+ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
+ * (c) 2006-2013 Thomas Bernard
+ * This software is subject to the conditions detailed
+ * in the LICENCE file provided within the distribution */
+
+#ifndef UPNPREPLYPARSE_H_INCLUDED
+#define UPNPREPLYPARSE_H_INCLUDED
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct NameValue {
+	struct NameValue * l_next;
+	char name[64];
+	char value[128];
+};
+
+struct NameValueParserData {
+	struct NameValue * l_head;
+	char curelt[64];
+	char * portListing;
+	int portListingLength;
+	int topelt;
+	const char * cdata;
+	int cdatalen;
+};
+
+/* ParseNameValue() */
+void
+ParseNameValue(const char * buffer, int bufsize,
+               struct NameValueParserData * data);
+
+/* ClearNameValueList() */
+void
+ClearNameValueList(struct NameValueParserData * pdata);
+
+/* GetValueFromNameValueList() */
+char *
+GetValueFromNameValueList(struct NameValueParserData * pdata,
+                          const char * Name);
+
+#if 0
+/* GetValueFromNameValueListIgnoreNS() */
+char *
+GetValueFromNameValueListIgnoreNS(struct NameValueParserData * pdata,
+                                  const char * Name);
+#endif
+
+/* DisplayNameValueList() */
+#ifdef DEBUG
+void
+DisplayNameValueList(char * buffer, int bufsize);
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/ext/miniupnpc/wingenminiupnpcstrings.c b/ext/miniupnpc/wingenminiupnpcstrings.c
new file mode 100644
index 0000000..50df06a
--- /dev/null
+++ b/ext/miniupnpc/wingenminiupnpcstrings.c
@@ -0,0 +1,83 @@
+/* $Id: wingenminiupnpcstrings.c,v 1.4 2015/02/08 08:46:06 nanard Exp $ */
+/* Project: miniupnp
+ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
+ * Author: Thomas Bernard
+ * Copyright (c) 2005-2015 Thomas Bernard
+ * This software is subjects to the conditions detailed
+ * in the LICENSE file provided within this distribution */
+#include <stdio.h>
+#include <windows.h>
+
+/* This program display the Windows version and is used to
+ * generate the miniupnpcstrings.h
+ * wingenminiupnpcstrings miniupnpcstrings.h.in miniupnpcstrings.h
+ */
+int main(int argc, char * * argv) {
+	char buffer[256];
+	OSVERSIONINFO osvi;
+	FILE * fin;
+	FILE * fout;
+	int n;
+	char miniupnpcVersion[32];
+	/* dwMajorVersion :
+       The major version number of the operating system. For more information, see Remarks.
+     dwMinorVersion :
+       The minor version number of the operating system. For more information, see Remarks.
+     dwBuildNumber :
+       The build number of the operating system.
+     dwPlatformId
+       The operating system platform. This member can be the following value.
+     szCSDVersion
+       A null-terminated string, such as "Service Pack 3", that indicates the
+       latest Service Pack installed on the system. If no Service Pack has
+       been installed, the string is empty.
+   */
+  ZeroMemory(&osvi, sizeof(OSVERSIONINFO));
+  osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
+
+  GetVersionEx(&osvi);
+
+	printf("Windows %lu.%lu Build %lu %s\n",
+	       osvi.dwMajorVersion, osvi.dwMinorVersion,
+	       osvi.dwBuildNumber, (const char *)&(osvi.szCSDVersion));
+
+	fin = fopen("VERSION", "r");
+	fgets(miniupnpcVersion, sizeof(miniupnpcVersion), fin);
+	fclose(fin);
+	for(n = 0; n < sizeof(miniupnpcVersion); n++) {
+		if(miniupnpcVersion[n] < ' ')
+			miniupnpcVersion[n] = '\0';
+	}
+	printf("MiniUPnPc version %s\n", miniupnpcVersion);
+
+	if(argc >= 3) {
+		fin = fopen(argv[1], "r");
+		if(!fin) {
+			fprintf(stderr, "Cannot open %s for reading.\n", argv[1]);
+			return 1;
+		}
+		fout = fopen(argv[2], "w");
+		if(!fout) {
+			fprintf(stderr, "Cannot open %s for writing.\n", argv[2]);
+			fclose(fin);
+			return 1;
+		}
+		n = 0;
+		while(fgets(buffer, sizeof(buffer), fin)) {
+			if(0 == memcmp(buffer, "#define OS_STRING \"OS/version\"", 30)) {
+				sprintf(buffer, "#define OS_STRING \"MSWindows/%ld.%ld.%ld\"\n",
+				        osvi.dwMajorVersion, osvi.dwMinorVersion, osvi.dwBuildNumber);
+			} else if(0 == memcmp(buffer, "#define MINIUPNPC_VERSION_STRING \"version\"", 42)) {
+				sprintf(buffer, "#define MINIUPNPC_VERSION_STRING \"%s\"\n",
+				        miniupnpcVersion);
+			}
+			/*fputs(buffer, stdout);*/
+			fputs(buffer, fout);
+			n++;
+		}
+		fclose(fin);
+		fclose(fout);
+		printf("%d lines written to %s.\n", n, argv[2]);
+	}
+  return 0;
+}
diff --git a/ext/tap-mac/README.txt b/ext/tap-mac/README.txt
new file mode 100644
index 0000000..177b936
--- /dev/null
+++ b/ext/tap-mac/README.txt
@@ -0,0 +1,19 @@
+This is a hack of tuntaposx. It's here for two reasons:
+
+1) There seem to be issues with large MTUs in the original tuntap code,
+   so we set up our zt0 tap with the correct ZeroTier MTU as the default.
+
+2) Lots of other mac products (VPNs, etc.) ship their own tap device
+   drivers that like to conflict with one another. This gives us no
+   choice but to play along. But we call our tap device zt0, which means
+   it won't conflict with everyone else's tap0.
+
+3) It's nice to call the device zt0, same as Linux, for consistency across
+   *nix platforms. Mac does not seem to support interface renaming.
+
+This will be placed in the ZeroTier home as a kext and is auto-loaded by the
+ZeroTier One binary if /dev/zt0 is not found. It can also be auto-updated.
+
+See this page for the original:
+
+http://tuntaposx.sourceforge.net
diff --git a/ext/tap-mac/tuntap/Makefile b/ext/tap-mac/tuntap/Makefile
new file mode 100644
index 0000000..53ab1a9
--- /dev/null
+++ b/ext/tap-mac/tuntap/Makefile
@@ -0,0 +1,95 @@
+# Lets have a version, at last!
+TUNTAP_VERSION = 20150118
+
+# BASE install directory
+BASE=
+
+all: tap.kext
+
+keysetup:
+	-security delete-keychain net.sf.tuntaposx.tmp
+	security create-keychain -p $$(head -c 32 /dev/urandom | hexdump -e '"%02x"') \
+		net.sf.tuntaposx.tmp
+	security set-keychain-settings -lut 60 net.sf.tuntaposx.tmp
+	security import identity.p12 -k net.sf.tuntaposx.tmp -f pkcs12 \
+		-P $$(read -sp 'identity passphrase: ' pw && echo "$$pw") -A
+	security find-identity -v net.sf.tuntaposx.tmp | \
+		awk -F \" '$$2 ~ /^Developer ID Application:/ { print $$2 }' > .signing_identity
+	security find-identity -v net.sf.tuntaposx.tmp | \
+		awk -F \" '$$2 ~ /^Developer ID Installer:/ { print $$2 }' > .installer_identity
+
+pkgbuild/%.pkg: %.kext
+	mkdir -p pkgbuild/$*_root/Library/Extensions
+	cp -pR $*.kext pkgbuild/$*_root/Library/Extensions
+	mkdir -p pkgbuild/$*_root/Library/LaunchDaemons
+	cp pkg/launchd/net.sf.tuntaposx.$*.plist pkgbuild/$*_root/Library/LaunchDaemons
+	pkgbuild --root pkgbuild/$*_root \
+		--component-plist pkg/components/$*.plist \
+		--scripts pkg/scripts/$* pkgbuild/$*.pkg
+
+tuntap_$(TUNTAP_VERSION).pkg: pkgbuild/tap.pkg pkgbuild/tun.pkg
+	productbuild --distribution pkg/distribution.xml --package-path pkgbuild \
+		--resources pkg/res.dummy \
+		tuntap_$(TUNTAP_VERSION).pkg ; \
+	pkgutil --expand tuntap_$(TUNTAP_VERSION).pkg pkgbuild/tuntap_pkg.d
+	cp -pR pkg/res/ pkgbuild/tuntap_pkg.d/Resources
+	pkgutil --flatten pkgbuild/tuntap_pkg.d tuntap_$(TUNTAP_VERSION).pkg
+	if test -s ".installer_identity"; then \
+		productsign --sign "$$(cat .installer_identity)" --keychain net.sf.tuntaposx.tmp \
+			tuntap_$(TUNTAP_VERSION).pkg tuntap_$(TUNTAP_VERSION).pkg.signed ; \
+		mv tuntap_$(TUNTAP_VERSION).pkg.signed tuntap_$(TUNTAP_VERSION).pkg ; \
+	fi
+
+pkg: tuntap_$(TUNTAP_VERSION).pkg
+	tar czf tuntap_$(TUNTAP_VERSION).tar.gz \
+		README.installer README tuntap_$(TUNTAP_VERSION).pkg 
+
+# Install targets
+# They are provided for the gentoo ebuild, but should work just fine for other people as well.
+install_%_kext: %.kext
+	mkdir -p $(BASE)/Library/Extensions
+	cp -pR $*.kext $(BASE)/Library/Extensions/
+	chown -R root:wheel $(BASE)/Library/Extensions/$*.kext
+	mkdir -p $(BASE)/Library/LaunchDaemons
+	cp pkg/launchd/net.sf.tuntaposx.$*.plist $(BASE)/Library/LaunchDaemons
+	chown -R root:wheel $(BASE)/Library/LaunchDaemons/net.sf.tuntaposx.$*.plist
+
+install: install_tap_kext install_tun_kext
+
+tarball: clean
+	touch tuntap_$(TUNTAP_VERSION)_src.tar.gz
+	tar czf tuntap_$(TUNTAP_VERSION)_src.tar.gz \
+		-C .. \
+		--exclude "tuntap/identity.p12" \
+		--exclude "tuntap/tuntap_$(TUNTAP_VERSION)_src.tar.gz" \
+		--exclude "tuntap/tuntap_$(TUNTAP_VERSION).tar.gz" \
+		--exclude "tuntap/tuntap_$(TUNTAP_VERSION).pkg" \
+		--exclude "*/.*" \
+		tuntap
+
+clean:
+	cd src/tap && make -f Makefile clean
+	cd src/tun && make -f Makefile clean
+	-rm -rf pkgbuild
+	-rm -rf tuntap_$(TUNTAP_VERSION).pkg
+	-rm -f tuntap_$(TUNTAP_VERSION).tar.gz
+	-rm -f tuntap_$(TUNTAP_VERSION)_src.tar.gz
+
+%.kext:
+	cd src/$* && make TUNTAP_VERSION=$(TUNTAP_VERSION) -f Makefile all
+	if test -s ".signing_identity"; then \
+		codesign -fv --keychain net.sf.tuntaposx.tmp -s "$$(cat .signing_identity)" \
+			$*.kext ; \
+	fi
+
+test:
+	# configd messes with interface flags, issuing SIOCSIFFLAGS ioctls upon receiving kernel
+	# events indicating protocols have been attached and detached. Unfortunately, configd does
+	# this asynchronously, making the SIOCSIFFLAGS changes totally unpredictable when we bring
+	# our interfaces up and down in rapid succession during our tests. I haven't found a good
+	# way to suppress or handle this mess other than disabling configd temporarily.
+	killall -STOP configd
+	-PYTHONPATH=test python test/tuntap/tuntap_tests.py --tests='$(TESTS)'
+	killall -CONT configd
+
+.PHONY: test
diff --git a/ext/tap-mac/tuntap/src/lock.cc b/ext/tap-mac/tuntap/src/lock.cc
new file mode 100644
index 0000000..9c78783
--- /dev/null
+++ b/ext/tap-mac/tuntap/src/lock.cc
@@ -0,0 +1,206 @@
+/*
+ * ip tunnel/ethertap device for MacOSX.
+ *
+ * Locking implementation.
+ */
+/*
+ * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de>
+ *
+ * Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met:
+ *
+ *   1. Redistributions of source code must retain the above copyright notice, this list of
+ *      conditions and the following disclaimer.
+ *   2. Redistributions in binary form must reproduce the above copyright notice, this list of
+ *      conditions and the following disclaimer in the documentation and/or other materials provided
+ *      with the distribution.
+ *   3. The name of the author may not be used to endorse or promote products derived from this
+ *      software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "lock.h"
+
+extern "C" {
+
+#include <kern/clock.h>
+
+#include <sys/syslog.h>
+#include <sys/proc.h>
+
+}
+
+#if 0
+#define dprintf(...)			log(LOG_INFO, __VA_ARGS__)
+#else
+#define dprintf(...)
+#endif
+
+/* class tt_lock */
+lck_grp_t *tt_lock::tt_lck_grp = NULL;
+
+bool
+tt_lock::initialize()
+{
+	/* init if necessary */
+	if (tt_lck_grp == NULL) {
+		dprintf("initing lock group\n");
+		tt_lck_grp = lck_grp_alloc_init("tuntap locks", LCK_GRP_ATTR_NULL);
+
+		if (tt_lck_grp == NULL) {
+			/* if something fails, the lock won't work */
+			log(LOG_ERR, "tuntap: could not allocate locking group\n");
+			return false;
+		}
+	}
+
+	return true;
+}
+
+void
+tt_lock::shutdown()
+{
+	/* free the locking group */
+	if (tt_lck_grp != NULL) {
+		dprintf("freeing lock group\n");
+		lck_grp_free(tt_lck_grp);
+		tt_lck_grp = NULL;
+	}
+}
+
+/* tt_mutex */
+tt_mutex::tt_mutex()
+{
+	/* fail if locking group not initialized */
+	if (tt_lck_grp == NULL)
+		return;
+
+	/* allocate the lock */
+	lck = lck_rw_alloc_init(tt_lck_grp, NULL);
+
+	if (lck == NULL)
+		log(LOG_ERR, "tuntap: could not allocate mutex\n");
+}
+
+tt_mutex::~tt_mutex()
+{
+	/* if the lock doesn't exist, this will be a no-op */
+	if (lck == NULL)
+		return;
+
+	/* free the lock */
+	lck_rw_free(lck, tt_lck_grp);
+}
+
+void
+tt_mutex::lock()
+{
+	if (lck != NULL)
+		lck_rw_lock_exclusive(lck);
+}
+
+void
+tt_mutex::unlock()
+{
+	if (lck != NULL)
+		lck_rw_unlock_exclusive(lck);
+}
+
+void
+tt_mutex::sleep(void *cond)
+{
+	if (lck != NULL)
+		lck_rw_sleep(lck, LCK_SLEEP_DEFAULT, cond, THREAD_INTERRUPTIBLE);
+}
+
+void
+tt_mutex::sleep(void *cond, uint64_t nanoseconds)
+{
+	if (lck != NULL) {
+		uint64_t abstime;
+		nanoseconds_to_absolutetime(nanoseconds, &abstime);
+		lck_rw_sleep_deadline(lck, LCK_SLEEP_DEFAULT, cond, THREAD_INTERRUPTIBLE, abstime);
+	}
+}
+
+void
+tt_mutex::wakeup(void *cond)
+{
+	if (lck != NULL)
+		::wakeup(cond);
+}
+
+/* tt_gate */
+tt_gate::tt_gate()
+	: ticket_number(0),
+	population(0)
+{
+}
+
+void
+tt_gate::enter()
+{
+	/* just try to grab the lock, increase the ticket number and the population */
+	auto_lock l(&slock);
+	ticket_number++;
+	population++;
+}
+
+void
+tt_gate::exit()
+{
+	auto_lock l(&slock);
+	ticket_number--;
+	population--;
+}
+
+bool
+tt_gate::is_anyone_in()
+{
+	return population != 0;
+}
+
+unsigned int
+tt_gate::get_ticket_number()
+{
+	return ticket_number;
+}
+
+void
+tt_gate::lock()
+{
+	slock.lock();
+}
+
+void
+tt_gate::unlock()
+{
+	slock.unlock();
+}
+
+void
+tt_gate::sleep(void* cond)
+{
+	slock.sleep(cond);
+}
+
+void
+tt_gate::sleep(void* cond, uint64_t nanoseconds)
+{
+	slock.sleep(cond, nanoseconds);
+}
+
+void
+tt_gate::wakeup(void* cond)
+{
+	slock.wakeup(cond);
+}
+
diff --git a/ext/tap-mac/tuntap/src/lock.h b/ext/tap-mac/tuntap/src/lock.h
new file mode 100644
index 0000000..51d3299
--- /dev/null
+++ b/ext/tap-mac/tuntap/src/lock.h
@@ -0,0 +1,160 @@
+/*
+ * ip tunnel/ethertap device for MacOSX.
+ *
+ * Locking is not as straightforward for Tiger. So declare our own locking class.
+ */
+/*
+ * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de>
+ *
+ * Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met:
+ *
+ *   1. Redistributions of source code must retain the above copyright notice, this list of
+ *      conditions and the following disclaimer.
+ *   2. Redistributions in binary form must reproduce the above copyright notice, this list of
+ *      conditions and the following disclaimer in the documentation and/or other materials provided
+ *      with the distribution.
+ *   3. The name of the author may not be used to endorse or promote products derived from this
+ *      software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __LOCK_H__
+#define __LOCK_H__
+
+extern "C" {
+
+#include <kern/locks.h>
+#include <sys/param.h>
+
+}
+
+/* our own locking class. declares the common interface of the locking primitives. */
+class tt_lock {
+	
+	protected:
+		/* locking group */
+		static lck_grp_t *tt_lck_grp;
+
+	public:
+		/* be virtual */
+		virtual ~tt_lock() { };
+
+		/* static intialization (inits the locking group) */
+		static bool initialize();
+		static void shutdown();
+
+		/* locking */
+		virtual void lock() = 0;
+		virtual void unlock() = 0;
+
+		/* monitor primitives */
+		virtual void sleep(void* cond) = 0;
+		virtual void sleep(void* cond, uint64_t) = 0;
+		virtual void wakeup(void* cond) = 0;
+};
+
+/* simple mutex */
+class tt_mutex : public tt_lock {
+
+	private:
+		/* underlying darwin lock */
+		lck_rw_t *lck;
+
+	public:
+		tt_mutex();
+		virtual ~tt_mutex();
+
+		void lock();
+		void unlock();
+
+		/* monitor primitives */
+		void sleep(void* cond);
+		void sleep(void* cond, uint64_t);
+		void wakeup(void* cond);
+};
+
+/* A very special locking class that we use to track threads that enter and leave the character
+ * device service functions. They call enter() before entering the actual service routinge and
+ * exit() when done. enter() only permits them to pass when the gate isn't locked. Furthermore, the
+ * gate assigns ticket numbers to everyone that passes the gate, so you can check whether more
+ * threads came through. See tuntap_mgr::shutdown() for how we use that stuff.
+ */
+class tt_gate : public tt_lock {
+
+	private:
+		/* synchronization lock */
+		tt_mutex slock;
+		/* ticket number */
+		unsigned int ticket_number;
+		/* count of threads that are in */
+		unsigned int population;
+
+	public:
+		/* construct a new gate */
+		tt_gate();
+
+		/* enter - pass the gate */
+		void enter();
+		/* exit - pass the gate */
+		void exit();
+
+		/* check whether anyone is in */
+		bool is_anyone_in();
+		/* gets the next ticket number */
+		unsigned int get_ticket_number();
+
+		/* lock the gate */
+		void lock();
+		/* unlock the gate */
+		void unlock();
+
+		/* monitor primitives */
+		void sleep(void* cond);
+		void sleep(void* cond, uint64_t);
+		void wakeup(void* cond);
+};
+
+/* auto_lock and auto_rwlock serve as automatic lock managers: Create an object, passing the
+ * tt_[rw]lock you want to lock to have it grab the lock. When the object goes out of scope, the
+ * destructor of the class will release the lock.
+ */
+class auto_lock {
+
+	protected:
+		/* the lock we hold */
+		tt_lock *l;
+
+	public:
+		auto_lock(tt_lock *m)
+			: l(m)
+		{
+			lock();
+		}
+
+		~auto_lock()
+		{
+			unlock();
+		}
+
+		void lock()
+		{
+			l->lock();
+		}
+
+		void unlock()
+		{
+			l->unlock();
+		}
+};
+
+#endif /* __LOCK_H__ */
+
diff --git a/ext/tap-mac/tuntap/src/mem.cc b/ext/tap-mac/tuntap/src/mem.cc
new file mode 100644
index 0000000..cd3264f
--- /dev/null
+++ b/ext/tap-mac/tuntap/src/mem.cc
@@ -0,0 +1,76 @@
+/*
+ * ip tunnel/ethertap device for MacOSX. Common functionality of tap_interface and tun_interface.
+ *
+ * Memory management implementation.
+ */
+/*
+ * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de>
+ *
+ * Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met:
+ *
+ *   1. Redistributions of source code must retain the above copyright notice, this list of
+ *      conditions and the following disclaimer.
+ *   2. Redistributions in binary form must reproduce the above copyright notice, this list of
+ *      conditions and the following disclaimer in the documentation and/or other materials provided
+ *      with the distribution.
+ *   3. The name of the author may not be used to endorse or promote products derived from this
+ *      software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "mem.h"
+
+extern "C" {
+
+#include <libkern/OSMalloc.h>
+
+}
+
+#if 0
+#define dprintf(...)			log(LOG_INFO, __VA_ARGS__)
+#else
+#define dprintf(...)
+#endif
+
+static int inited = 0;
+static OSMallocTag tag;
+
+void
+mem_initialize(const char* name) {
+	
+	if (!inited) {
+		tag = OSMalloc_Tagalloc(name, OSMT_DEFAULT);
+		inited = 1;
+	}
+}
+
+void
+mem_shutdown() {
+	
+	if (inited) {
+		OSMalloc_Tagfree(tag);
+		inited = 0;
+	}
+}
+
+void *
+mem_alloc(uint32_t size) {
+
+	return OSMalloc(size, tag);
+}
+
+void
+mem_free(void *addr, uint32_t size) {
+
+	OSFree(addr, size, tag);
+}
+
diff --git a/ext/tap-mac/tuntap/src/mem.h b/ext/tap-mac/tuntap/src/mem.h
new file mode 100644
index 0000000..4d06fd8
--- /dev/null
+++ b/ext/tap-mac/tuntap/src/mem.h
@@ -0,0 +1,48 @@
+/*
+ * ip tunnel/ethertap device for MacOSX. Common functionality of tap_interface and tun_interface.
+ *
+ * Memory management.
+ */
+/*
+ * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de>
+ *
+ * Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met:
+ *
+ *   1. Redistributions of source code must retain the above copyright notice, this list of
+ *      conditions and the following disclaimer.
+ *   2. Redistributions in binary form must reproduce the above copyright notice, this list of
+ *      conditions and the following disclaimer in the documentation and/or other materials provided
+ *      with the distribution.
+ *   3. The name of the author may not be used to endorse or promote products derived from this
+ *      software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __MEM_H__
+#define __MEM_H__
+
+extern "C" {
+
+#include <stdint.h>
+
+}
+
+/* Memory manager initalization and shutdown */
+void mem_initialize(const char *name);
+void mem_shutdown();
+
+/* Memory allocation functions */
+void *mem_alloc(uint32_t size);
+void mem_free(void *addr, uint32_t size);
+
+#endif /* __MEM_H__ */
+
diff --git a/ext/tap-mac/tuntap/src/tap/Info.plist b/ext/tap-mac/tuntap/src/tap/Info.plist
new file mode 100644
index 0000000..bb9b03f
--- /dev/null
+++ b/ext/tap-mac/tuntap/src/tap/Info.plist
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleDevelopmentRegion</key>
+	<string>@@CFBUNDLEDEVELOPMENTREGION@@</string>
+	<key>CFBundleExecutable</key>
+	<string>@@CFBUNDLEEXECUTABLE@@</string>
+	<key>CFBundleIdentifier</key>
+	<string>@@CFBUNDLEIDENTIFIER@@</string>
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+	<key>CFBundleName</key>
+	<string>@@CFBUNDLEEXECUTABLE@@</string>
+	<key>CFBundlePackageType</key>
+	<string>@@CFBUNDLEPACKAGETYPE@@</string>
+	<key>CFBundleShortVersionString</key>
+	<string>@@CFBUNDLEVERSION@@</string>
+	<key>CFBundleSignature</key>
+	<string>@@CFBUNDLESIGNATURE@@</string>
+	<key>CFBundleVersion</key>
+	<string>1.0</string>
+	<key>OSBundleLibraries</key>
+	<dict>
+		<key>com.apple.kpi.mach</key>
+		<string>8.0</string>
+		<key>com.apple.kpi.bsd</key>
+		<string>8.0</string>
+		<key>com.apple.kpi.libkern</key>
+		<string>8.0</string>
+		<key>com.apple.kpi.unsupported</key>
+		<string>8.0</string>
+	</dict>
+</dict>
+</plist>
+
diff --git a/ext/tap-mac/tuntap/src/tap/Makefile b/ext/tap-mac/tuntap/src/tap/Makefile
new file mode 100644
index 0000000..306a86d
--- /dev/null
+++ b/ext/tap-mac/tuntap/src/tap/Makefile
@@ -0,0 +1,60 @@
+#
+# ethertap driver for MacOSX
+#
+# Makefile
+#
+# (c) 2004, 2005, 2006, 2007, 2008 Mattias Nissler
+#
+
+OBJS = ../tuntap.o ../tuntap_mgr.o ../lock.o ../mem.o kmod.o tap.o
+KMOD_BIN = tap
+BUNDLE_DIR = ../..
+BUNDLE_NAME = tap.kext
+
+TAP_KEXT_VERSION = $(TUNTAP_VERSION)
+
+BUNDLE_REGION = English
+BUNDLE_IDENTIFIER = com.zerotier.tap
+BUNDLE_SIGNATURE = ????
+BUNDLE_PACKAGETYPE = KEXT
+BUNDLE_VERSION = $(TAP_KEXT_VERSION)
+
+INCLUDE = -I.. -I/System/Library/Frameworks/Kernel.framework/Headers
+CFLAGS = -Wall -Werror -mkernel -force_cpusubtype_ALL \
+	-nostdinc -fno-builtin -fno-stack-protector -msoft-float -fno-common \
+	-arch x86_64 \
+	-DKERNEL -DAPPLE -DKERNEL_PRIVATE -DTUNTAP_VERSION=\"$(TUNTAP_VERSION)\" \
+	-DTAP_KEXT_VERSION=\"$(TAP_KEXT_VERSION)\"
+CCFLAGS = $(CFLAGS)
+LDFLAGS = -Wall -Werror -arch x86_64 -Xlinker -kext -nostdlib -lkmodc++ -lkmod -lcc_kext
+
+CCP = clang -x c++
+CC = clang -x c
+LD = clang
+
+all: $(KMOD_BIN) bundle
+
+.c.o:
+	$(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@
+.cc.o:
+	$(CCP) $(CCFLAGS) $(INCLUDE) -c $< -o $@
+
+$(KMOD_BIN):	$(OBJS)
+	$(LD) $(LDFLAGS) -o $(KMOD_BIN) $(OBJS)
+
+bundle:	$(KMOD_BIN)
+	rm -rf $(BUNDLE_DIR)/$(BUNDLE_NAME)
+	mkdir -p $(BUNDLE_DIR)/$(BUNDLE_NAME)/Contents/MacOS
+	cp $(KMOD_BIN) $(BUNDLE_DIR)/$(BUNDLE_NAME)/Contents/MacOS
+	sed -e "s/@@CFBUNDLEEXECUTABLE@@/$(KMOD_BIN)/" \
+	 -e "s/@@CFBUNDLEDEVELOPMENTREGION@@/$(BUNDLE_REGION)/" \
+	 -e "s/@@CFBUNDLEIDENTIFIER@@/$(BUNDLE_IDENTIFIER)/" \
+	 -e "s/@@CFBUNDLESIGNATURE@@/$(BUNDLE_SIGNATURE)/" \
+	 -e "s/@@CFBUNDLEPACKAGETYPE@@/$(BUNDLE_PACKAGETYPE)/" \
+	 -e "s/@@CFBUNDLEVERSION@@/$(BUNDLE_VERSION)/" \
+	Info.plist > $(BUNDLE_DIR)/$(BUNDLE_NAME)/Contents/Info.plist
+
+clean:
+	-rm -f $(OBJS) $(KMOD_BIN)
+	-rm -rf $(BUNDLE_DIR)/$(BUNDLE_NAME)
+
diff --git a/ext/tap-mac/tuntap/src/tap/kmod.cc b/ext/tap-mac/tuntap/src/tap/kmod.cc
new file mode 100644
index 0000000..f9c4a40
--- /dev/null
+++ b/ext/tap-mac/tuntap/src/tap/kmod.cc
@@ -0,0 +1,93 @@
+/*
+ * ethertap device for MacOSX.
+ *
+ * Kext definition (it is a mach kmod really...)
+ */
+/*
+ * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de>
+ *
+ * Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met:
+ *
+ *   1. Redistributions of source code must retain the above copyright notice, this list of
+ *      conditions and the following disclaimer.
+ *   2. Redistributions in binary form must reproduce the above copyright notice, this list of
+ *      conditions and the following disclaimer in the documentation and/or other materials provided
+ *      with the distribution.
+ *   3. The name of the author may not be used to endorse or promote products derived from this
+ *      software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "tap.h"
+#include "mem.h"
+
+extern "C" {
+
+#include <sys/param.h>
+
+#include <mach/kmod.h>
+
+static tap_manager *mgr;
+
+/*
+ * start function. called when the kext gets loaded.
+ */
+static kern_return_t tap_module_start(struct kmod_info *ki, void *data)
+{
+	mem_initialize(TAP_FAMILY_NAME);
+
+	/* initialize locking */
+	if (!tt_lock::initialize())
+		return KMOD_RETURN_FAILURE;
+
+	/* create a tap manager that will handle the rest */
+	mgr = new tap_manager();
+
+	if (mgr != NULL) {
+		if (mgr->initialize(TAP_IF_COUNT, (char *) TAP_FAMILY_NAME))
+			return KMOD_RETURN_SUCCESS;
+
+		delete mgr;
+		mgr = NULL;
+		/* clean up locking */
+		tt_lock::shutdown();
+	}
+
+	return KMOD_RETURN_FAILURE;
+}
+
+/*
+ * stop function. called when the kext should be unloaded. unloading can be prevented by
+ * returning failure
+ */
+static kern_return_t tap_module_stop(struct kmod_info *ki, void *data)
+{
+	if (mgr != NULL) {
+		if (!mgr->shutdown())
+			return KMOD_RETURN_FAILURE;
+
+		delete mgr;
+		mgr = NULL;
+	}
+
+	/* clean up locking */
+	tt_lock::shutdown();
+
+	mem_shutdown();
+
+	return KMOD_RETURN_SUCCESS;
+} 
+
+KMOD_DECL(tap, TAP_KEXT_VERSION)
+
+}
+
diff --git a/ext/tap-mac/tuntap/src/tap/tap.cc b/ext/tap-mac/tuntap/src/tap/tap.cc
new file mode 100644
index 0000000..b348a85
--- /dev/null
+++ b/ext/tap-mac/tuntap/src/tap/tap.cc
@@ -0,0 +1,533 @@
+/*
+ * ethertap device for macosx.
+ *
+ * tap_interface class definition
+ */
+/*
+ * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de>
+ *
+ * Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met:
+ *
+ *   1. Redistributions of source code must retain the above copyright notice, this list of
+ *      conditions and the following disclaimer.
+ *   2. Redistributions in binary form must reproduce the above copyright notice, this list of
+ *      conditions and the following disclaimer in the documentation and/or other materials provided
+ *      with the distribution.
+ *   3. The name of the author may not be used to endorse or promote products derived from this
+ *      software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "tap.h"
+
+extern "C" {
+
+#include <sys/systm.h>
+#include <sys/syslog.h>
+#include <sys/param.h>
+#include <sys/sockio.h>
+#include <sys/random.h>
+#include <sys/kern_event.h>
+
+#include <mach/thread_policy.h>
+
+#include <net/if_types.h>
+#include <net/if_arp.h>
+#include <net/if_dl.h>
+#include <net/if_media.h>
+#include <net/dlil.h>
+#include <net/ethernet.h>
+
+}
+
+#if 0
+#define dprintf(...)			log(LOG_INFO, __VA_ARGS__)
+#else
+#define dprintf(...)
+#endif
+
+// These declarations are missing in the Kernel.framework headers, put present in userspace :-/
+#pragma pack(4)
+struct ifmediareq {
+	char	ifm_name[IFNAMSIZ];	/* if name, e.g. "en0" */
+	int	ifm_current;		/* current media options */
+	int	ifm_mask;		/* don't care mask */
+	int	ifm_status;		/* media status */
+	int	ifm_active;		/* active options */
+	int	ifm_count;		/* # entries in ifm_ulist array */
+	int	*ifm_ulist;		/* media words */
+};
+
+struct ifmediareq64 {
+	char	ifm_name[IFNAMSIZ];	/* if name, e.g. "en0" */
+	int	ifm_current;		/* current media options */
+	int	ifm_mask;		/* don't care mask */
+	int	ifm_status;		/* media status */
+	int	ifm_active;		/* active options */
+	int	ifm_count;		/* # entries in ifm_ulist array */
+	user64_addr_t ifmu_ulist __attribute__((aligned(8)));
+};
+
+struct ifmediareq32 {
+	char	ifm_name[IFNAMSIZ];	/* if name, e.g. "en0" */
+	int	ifm_current;		/* current media options */
+	int	ifm_mask;		/* don't care mask */
+	int	ifm_status;		/* media status */
+	int	ifm_active;		/* active options */
+	int	ifm_count;		/* # entries in ifm_ulist array */
+	user32_addr_t ifmu_ulist;	/* 32-bit pointer */
+};
+#pragma pack()
+
+#define	SIOCGIFMEDIA32	_IOWR('i', 56, struct ifmediareq32) /* get net media */
+#define	SIOCGIFMEDIA64	_IOWR('i', 56, struct ifmediareq64) /* get net media (64-bit) */
+
+/* thread_policy_set is exported in Mach.kext, but commented in mach/thread_policy.h in the
+ * Kernel.Framework headers (why?). Add a local declaration to work around that.
+ */
+extern "C" {
+kern_return_t thread_policy_set(
+	thread_t thread,
+	thread_policy_flavor_t flavor,
+	thread_policy_t policy_info,
+	mach_msg_type_number_t count);
+}
+
+static unsigned char ETHER_BROADCAST_ADDR[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
+
+/* members */
+tap_interface::tap_interface() {
+	bzero(attached_protos, sizeof(attached_protos));
+	input_thread = THREAD_NULL;
+}
+
+bool
+tap_interface::initialize(unsigned short major, unsigned short unit)
+{
+	this->unit = unit;
+	this->family_name = TAP_FAMILY_NAME;
+	this->family = IFNET_FAMILY_ETHERNET;
+	this->type = IFT_ETHER;
+	bzero(unique_id, UIDLEN);
+	snprintf(unique_id, UIDLEN, "%s%d", family_name, unit);
+
+	dprintf("tap: starting interface %s%d\n", TAP_FAMILY_NAME, unit);
+
+	/* register character device */
+	if (!tuntap_interface::register_chardev(major))
+		return false;
+
+	return true;
+}
+
+void
+tap_interface::shutdown()
+{
+	dprintf("tap: shutting down tap interface %s%d\n", TAP_FAMILY_NAME, unit);
+
+	unregister_chardev();
+}
+
+int
+tap_interface::initialize_interface()
+{
+	struct sockaddr_dl lladdr;
+	lladdr.sdl_len = sizeof(lladdr);
+	lladdr.sdl_family = AF_LINK;
+	lladdr.sdl_alen = ETHER_ADDR_LEN;
+	lladdr.sdl_nlen = lladdr.sdl_slen = 0;
+
+	/* generate a random MAC address */
+	read_random(LLADDR(&lladdr), ETHER_ADDR_LEN);
+
+	/* clear multicast bit and set local assignment bit (see IEEE 802) */
+	(LLADDR(&lladdr))[0] &= 0xfe;
+	(LLADDR(&lladdr))[0] |= 0x02;
+
+	dprintf("tap: random tap address: %02x:%02x:%02x:%02x:%02x:%02x\n",
+			(LLADDR(&lladdr))[0] & 0xff,
+			(LLADDR(&lladdr))[1] & 0xff,
+			(LLADDR(&lladdr))[2] & 0xff,
+			(LLADDR(&lladdr))[3] & 0xff,
+			(LLADDR(&lladdr))[4] & 0xff,
+			(LLADDR(&lladdr))[5] & 0xff);
+
+	/* register interface */
+	if (!tuntap_interface::register_interface(&lladdr, ETHER_BROADCAST_ADDR, ETHER_ADDR_LEN))
+		return EIO;
+
+	/* Set link level address. Yes, we need to do that again. Darwin sucks. */
+	errno_t err = ifnet_set_lladdr(ifp, LLADDR(&lladdr), ETHER_ADDR_LEN);
+	if (err)
+		dprintf("tap: failed to set lladdr on %s%d: %d\n", family_name, unit, err);
+
+	/* set mtu */
+	ifnet_set_mtu(ifp, TAP_MTU);
+	/* set header length */
+	ifnet_set_hdrlen(ifp, sizeof(struct ether_header));
+	/* add the broadcast flag */
+	ifnet_set_flags(ifp, IFF_BROADCAST, IFF_BROADCAST);
+
+	/* we must call bpfattach(). Otherwise we deadlock BPF while unloading. Seems to be a bug in
+	 * the kernel, see bpfdetach() in net/bpf.c, it will return without releasing the lock if
+	 * the interface wasn't attached. I wonder what they were smoking while writing it ;-)
+	 */
+	bpfattach(ifp, DLT_EN10MB, ifnet_hdrlen(ifp));
+
+	/* Inject an empty packet to trigger the input thread calling demux(), which will unblock
+	 * thread_sync_lock. This is part of a hack to avoid a kernel crash on re-attaching
+	 * interfaces, see comment in shutdown_interface for more information.
+	 */
+	mbuf_t empty_mbuf;
+	mbuf_gethdr(MBUF_WAITOK, MBUF_TYPE_DATA, &empty_mbuf);
+	if (empty_mbuf != NULL) {
+		mbuf_pkthdr_setrcvif(empty_mbuf, ifp);
+		mbuf_pkthdr_setlen(empty_mbuf, 0);
+		mbuf_pkthdr_setheader(empty_mbuf, mbuf_data(empty_mbuf));
+		mbuf_set_csum_performed(empty_mbuf, 0, 0);
+		if (ifnet_input(ifp, empty_mbuf, NULL) == 0) {
+			auto_lock l(&thread_sync_lock);
+			for (int i = 0; i < 100 && input_thread == THREAD_NULL; ++i) {
+				dprintf("input thread not found, waiting...\n");
+				thread_sync_lock.sleep(&input_thread, 10000000);
+			}
+		} else {
+			mbuf_freem(empty_mbuf);
+		}
+	}
+	if (input_thread == THREAD_NULL)
+		dprintf("Failed to determine input thread!\n");
+
+	return 0;
+}
+
+void
+tap_interface::shutdown_interface()
+{
+	dprintf("tap: shutting down network interface of device %s%d\n", TAP_FAMILY_NAME, unit);
+
+	/* detach all protocols */
+	for (unsigned int i = 0; i < MAX_ATTACHED_PROTOS; i++) {
+		if (attached_protos[i].used) {
+			errno_t err = ifnet_detach_protocol(ifp, attached_protos[i].proto);
+			if (err)
+				log(LOG_WARNING, "tap: could not detach protocol %d from %s%d\n",
+						attached_protos[i].proto, TAP_FAMILY_NAME, unit);
+		}
+	}
+
+	cleanup_interface();
+	unregister_interface();
+
+	/* There's a race condition in the kernel that may cause crashes when quickly re-attaching
+	 * interfaces. The crash happens when the interface gets re-attached before the input thread
+	 * for the interface managed to terminate, in which case an assert on the input_waiting flag
+	 * to be clear triggers in ifnet_attach. The bug is really that there's no synchronization
+	 * for terminating the input thread. To work around this, the following code does add the
+	 * missing synchronization to wait for the input thread to terminate. Of course, threading
+	 * primitives available to kexts are few, and I'm not aware of a way to wait for a thread to
+	 * terminate. Hence, the code calls thread_policy_set (passing bogus parameters) in a loop,
+	 * until it returns KERN_TERMINATED. Since this is all rather fragile, there's an upper
+	 * limit on the loop iteratations we're willing to make, so this terminates eventually even
+	 * if things change on the kernel side eventually.
+	 */
+	if (input_thread != THREAD_NULL) {
+		dprintf("Waiting for input thread...\n");
+		kern_return_t result = 0;
+		for (int i = 0; i < 100; ++i) {
+			result = thread_policy_set(input_thread, -1, NULL, 0);
+			dprintf("thread_policy_set result: %d\n", result);
+			if (result == KERN_TERMINATED) {
+				dprintf("Input thread terminated.\n");
+				thread_deallocate(input_thread);
+				input_thread = THREAD_NULL;
+				break;
+			}
+
+			auto_lock l(&thread_sync_lock);
+			thread_sync_lock.sleep(&input_thread, 10000000);
+		}
+	}
+}
+
+errno_t
+tap_interface::if_ioctl(u_int32_t cmd, void *arg)
+{
+	dprintf("tap: if_ioctl cmd: %d (%x)\n", cmd & 0xff, cmd);
+
+	switch (cmd) {
+		case SIOCSIFLLADDR:
+			{
+				/* set ethernet address */
+				struct sockaddr *ea = &(((struct ifreq *) arg)->ifr_addr);
+
+				dprintf("tap: SIOCSIFLLADDR family %d len %d\n",
+						ea->sa_family, ea->sa_len);
+
+				/* check if it is really an ethernet address */
+				if (ea->sa_family != AF_LINK || ea->sa_len != ETHER_ADDR_LEN)
+					return EINVAL;
+
+				/* ok, copy */
+				errno_t err = ifnet_set_lladdr(ifp, ea->sa_data, ETHER_ADDR_LEN);
+				if (err) {
+					dprintf("tap: failed to set lladdr on %s%d: %d\n",
+							family_name, unit, err);
+					return err;
+				}
+
+				/* Generate a LINK_ON event. This necessary for configd to re-read
+				 * the interface data and refresh the MAC address. Not doing so
+				 * would result in the DHCP client using a stale MAC address...
+				 */
+				generate_link_event(KEV_DL_LINK_ON);
+
+				return 0;
+			}
+
+		case SIOCGIFMEDIA32:
+		case SIOCGIFMEDIA64:
+			{
+				struct ifmediareq *ifmr = (struct ifmediareq*) arg;
+				user_addr_t list = USER_ADDR_NULL;
+
+				ifmr->ifm_current = IFM_ETHER;
+				ifmr->ifm_mask = 0;
+				ifmr->ifm_status = IFM_AVALID | IFM_ACTIVE;
+				ifmr->ifm_active = IFM_ETHER;
+				ifmr->ifm_count = 1;
+
+				if (cmd == SIOCGIFMEDIA64)
+					list = ((struct ifmediareq64*) ifmr)->ifmu_ulist;
+				else
+					list = CAST_USER_ADDR_T(
+						((struct ifmediareq32*) ifmr)->ifmu_ulist);
+				
+				if (list != USER_ADDR_NULL)
+					return copyout(&ifmr->ifm_current, list, sizeof(int));
+				
+				return 0;
+			}
+
+		default:
+			/* let our superclass handle it */
+			return tuntap_interface::if_ioctl(cmd, arg);
+	}
+			
+	return EOPNOTSUPP;
+}
+
+errno_t
+tap_interface::if_demux(mbuf_t m, char *header, protocol_family_t *proto)
+{
+	struct ether_header *eh = (struct ether_header *) header;
+	unsigned char lladdr[ETHER_ADDR_LEN];
+
+	dprintf("tap: if_demux\n");
+
+	/* Make note of what input thread this interface is running on. This is part of a hack to
+	 * avoid a crash on re-attaching interfaces, see comment in shutdown_interface for details.
+	 */
+	if (input_thread == THREAD_NULL) {
+		auto_lock l(&thread_sync_lock);
+		input_thread = current_thread();
+		thread_reference(input_thread);
+		thread_sync_lock.wakeup(&input_thread);
+	}
+
+	/* size check */
+	if (mbuf_len(m) < sizeof(struct ether_header))
+		return ENOENT;
+
+	/* catch broadcast and multicast (stolen from bsd/net/ether_if_module.c) */
+	if (eh->ether_dhost[0] & 1) {
+		if (memcmp(ETHER_BROADCAST_ADDR, eh->ether_dhost, ETHER_ADDR_LEN) == 0) {
+			/* broadcast */
+			dprintf("tap: broadcast packet.\n");
+			mbuf_setflags_mask(m, MBUF_BCAST, MBUF_BCAST);
+		} else {
+			/* multicast */
+			dprintf("tap: multicast packet.\n");
+			mbuf_setflags_mask(m, MBUF_MCAST, MBUF_MCAST);
+		}
+	} else {
+		/* check wether the packet has our address */
+		ifnet_lladdr_copy_bytes(ifp, lladdr, ETHER_ADDR_LEN);
+		if (memcmp(lladdr, eh->ether_dhost, ETHER_ADDR_LEN) != 0)
+			mbuf_setflags_mask(m, MBUF_PROMISC, MBUF_PROMISC);
+	}
+
+	/* find the protocol */
+	for (unsigned int i = 0; i < MAX_ATTACHED_PROTOS; i++) {
+		if (attached_protos[i].used && attached_protos[i].type == eh->ether_type) {
+			*proto = attached_protos[i].proto;
+			return 0;
+		}
+	}
+
+	dprintf("tap: if_demux() failed to find proto.\n");
+
+	/* no matching proto found */
+	return ENOENT;
+}
+
+errno_t
+tap_interface::if_framer(mbuf_t *m, const struct sockaddr *dest, const char *dest_linkaddr,
+		const char *frame_type)
+{
+	struct ether_header *eh;
+	mbuf_t nm = *m;
+	errno_t err;
+
+	dprintf("tap: if_framer\n");
+
+	/* prepend the ethernet header */
+	err = mbuf_prepend(&nm, sizeof (struct ether_header), MBUF_WAITOK);
+	if (err) {
+		dprintf("tap: could not prepend data to mbuf: %d\n", err);
+		return err;
+	}
+	*m = nm;
+
+	/* fill the header */
+	eh = (struct ether_header *) mbuf_data(*m);
+	memcpy(eh->ether_dhost, dest_linkaddr, ETHER_ADDR_LEN);
+	ifnet_lladdr_copy_bytes(ifp, eh->ether_shost, ETHER_ADDR_LEN);
+	eh->ether_type = *((u_int16_t *) frame_type);
+
+	return 0;
+}
+
+errno_t
+tap_interface::if_add_proto(protocol_family_t proto, const struct ifnet_demux_desc *desc,
+		u_int32_t ndesc)
+{
+	errno_t err;
+
+	dprintf("tap: if_add_proto proto %d\n", proto);
+
+	for (unsigned int i = 0; i < ndesc; i++) {
+		/* try to add the protocol */
+		err = add_one_proto(proto, desc[i]);
+		if (err != 0) {
+			/* if that fails, remove everything stored so far */
+			if_del_proto(proto);
+			return err;
+		}
+	}
+
+	return 0;
+}
+
+errno_t
+tap_interface::if_del_proto(protocol_family_t proto)
+{
+	dprintf("tap: if_del_proto proto %d\n", proto);
+
+	/* delete all matching entries in attached_protos */
+	for (unsigned int i = 0; i < MAX_ATTACHED_PROTOS; i++) {
+		if (attached_protos[i].proto == proto)
+			attached_protos[i].used = false;
+	}
+
+	return 0;
+}
+
+errno_t
+tap_interface::if_check_multi(const struct sockaddr *maddr)
+{
+	dprintf("tap: if_check_multi family %d\n", maddr->sa_family);
+
+	/* see whether it is a ethernet address with the multicast bit set */
+	if (maddr->sa_family == AF_LINK) {
+		struct sockaddr_dl *dlmaddr = (struct sockaddr_dl *) maddr;
+		if (LLADDR(dlmaddr)[0] & 0x01)
+			return 0;
+		else
+			return EADDRNOTAVAIL;
+	}
+
+	return EOPNOTSUPP;
+}
+
+errno_t
+tap_interface::add_one_proto(protocol_family_t proto, const struct ifnet_demux_desc &dd)
+{
+	int free = -1;
+	u_int16_t dt;
+
+	/* we only support DLIL_DESC_ETYPE2 */
+	if (dd.type != DLIL_DESC_ETYPE2 || dd.datalen != 2) {
+		log(LOG_WARNING, "tap: tap only supports DLIL_DESC_ETYPE2 protocols.\n");
+		return EINVAL;
+	}
+
+	dt = *((u_int16_t *) (dd.data));
+
+	/* see if the protocol is already registered */
+	for (unsigned int i = 0; i < MAX_ATTACHED_PROTOS; i++) {
+		if (attached_protos[i].used) {
+			if (dt == attached_protos[i].type) {
+				/* already registered */
+				if (attached_protos[i].proto == proto) {
+					/* matches the old entry */
+					return 0;
+				} else
+					return EEXIST;
+			}
+		} else if (free == -1)
+			free = i;
+	}
+
+	/* did we find a free entry? */
+	if (free == -1)
+		/* is ENOBUFS correct? */
+		return ENOBUFS;
+
+	/* ok, save information */
+	attached_protos[free].used = true;
+	attached_protos[free].type = dt;
+	attached_protos[free].proto = proto;
+
+	return 0;
+}
+
+/* This code is shamelessly stolen from if_bond.c */
+void
+tap_interface::generate_link_event(u_int32_t code)
+{
+	struct {
+		struct kern_event_msg header;
+		u_int32_t unit;
+		char if_name[IFNAMSIZ];
+	} event;
+
+	bzero(&event, sizeof(event));
+	event.header.total_size = sizeof(event);
+	event.header.vendor_code = KEV_VENDOR_APPLE;
+	event.header.kev_class = KEV_NETWORK_CLASS;
+	event.header.kev_subclass = KEV_DL_SUBCLASS;
+	event.header.event_code = code;
+	event.header.event_data[0] = family;
+	event.unit = (u_int32_t) unit;
+	strncpy(event.if_name, ifnet_name(ifp), IFNAMSIZ);
+
+	ifnet_event(ifp, &event.header);
+}
+
+/* tap_manager members */
+tuntap_interface *
+tap_manager::create_interface()
+{
+	return new tap_interface();
+}
+
diff --git a/ext/tap-mac/tuntap/src/tap/tap.h b/ext/tap-mac/tuntap/src/tap/tap.h
new file mode 100644
index 0000000..a5164d4
--- /dev/null
+++ b/ext/tap-mac/tuntap/src/tap/tap.h
@@ -0,0 +1,111 @@
+/*
+ * ethertap device for MacOSX.
+ */
+/*
+ * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de>
+ *
+ * Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met:
+ *
+ *   1. Redistributions of source code must retain the above copyright notice, this list of
+ *      conditions and the following disclaimer.
+ *   2. Redistributions in binary form must reproduce the above copyright notice, this list of
+ *      conditions and the following disclaimer in the documentation and/or other materials provided
+ *      with the distribution.
+ *   3. The name of the author may not be used to endorse or promote products derived from this
+ *      software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __TAP_H__
+#define __TAP_H__
+
+#include "tuntap.h"
+
+extern "C" {
+
+#include <kern/thread.h>
+
+}
+
+#define TAP_FAMILY_NAME			((char *) "zt")
+#define TAP_IF_COUNT			32	/* max number of tap interfaces */
+#define TAP_MTU				2800
+#define TAP_LLADDR			tap_lladdr
+
+/* the mac address of our interfaces. note that the last byte will be replaced by the unit number */
+extern u_char tap_lladdr[];
+
+/* tap manager */
+class tap_manager : public tuntap_manager {
+
+	protected:
+		/* just define the interface creation method */
+		virtual tuntap_interface *create_interface();
+
+};
+
+/* the tap network interface */
+class tap_interface : public tuntap_interface {
+        public:
+	   	tap_interface();
+
+	protected:
+		/* maximum number of protocols that can be attached */
+		static const unsigned int MAX_ATTACHED_PROTOS = 8;
+
+		/* information about attached protocols for demuxing is stored here */
+		struct {
+			/* whether this entry is used */
+			bool used;
+			/* type in the ethernet header */
+			u_int16_t type;
+			/* protocol passed to add_proto */
+			protocol_family_t proto;
+		} attached_protos[MAX_ATTACHED_PROTOS];
+
+		/* The input thread for the network interface. */
+		thread_t input_thread;
+
+		/* initializes the interface */
+		virtual bool initialize(unsigned short major, unsigned short unit);
+
+		/* shuts the interface down */
+		virtual void shutdown();
+
+		/* called when the character device is opened in order to intialize the network
+		 * interface.
+		 */
+		virtual int initialize_interface();
+		/* called when the character device is closed to shutdown the network interface */
+		virtual void shutdown_interface();
+
+		/* override interface routines */
+		virtual errno_t if_ioctl(u_int32_t cmd, void *arg);
+		virtual errno_t if_demux(mbuf_t m, char *header, protocol_family_t *proto);
+		virtual errno_t if_framer(mbuf_t *m, const struct sockaddr *dest,
+				const char *dest_linkaddr, const char *frame_type);
+		virtual errno_t if_add_proto(protocol_family_t proto,
+				const struct ifnet_demux_desc *ddesc, u_int32_t ndesc);
+		virtual errno_t if_del_proto(protocol_family_t proto);
+		virtual errno_t if_check_multi(const struct sockaddr *maddr);
+
+		/* if_add_proto helper */
+		errno_t add_one_proto(protocol_family_t proto, const struct ifnet_demux_desc &dd);
+
+		/* generates a kernel event */
+		void generate_link_event(u_int32_t code);
+
+		friend class tap_manager;
+};
+
+#endif /* __TAP_H__ */
+
diff --git a/ext/tap-mac/tuntap/src/tuntap.cc b/ext/tap-mac/tuntap/src/tuntap.cc
new file mode 100644
index 0000000..d0f8901
--- /dev/null
+++ b/ext/tap-mac/tuntap/src/tuntap.cc
@@ -0,0 +1,963 @@
+/*
+ * ip tunnel/ethertap device for MacOSX. Common functionality of tap_interface and tun_interface.
+ *
+ * tuntap_interface class definition
+ */
+/*
+ * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de>
+ *
+ * Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met:
+ *
+ *   1. Redistributions of source code must retain the above copyright notice, this list of
+ *      conditions and the following disclaimer.
+ *   2. Redistributions in binary form must reproduce the above copyright notice, this list of
+ *      conditions and the following disclaimer in the documentation and/or other materials provided
+ *      with the distribution.
+ *   3. The name of the author may not be used to endorse or promote products derived from this
+ *      software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "tuntap.h"
+
+#if 0
+#define dprintf(...)			log(LOG_INFO, __VA_ARGS__)
+#else
+#define dprintf(...)
+#endif
+
+extern "C" {
+
+#include <sys/conf.h>
+#include <sys/syslog.h>
+#include <sys/param.h>
+#include <sys/filio.h>
+#include <sys/sockio.h>
+#include <sys/fcntl.h>
+#include <sys/kpi_socket.h>
+
+#include <vm/vm_kern.h>
+
+#include <net/if_types.h>
+#include <net/if_var.h>
+#include <net/if_dl.h>
+#include <net/if_arp.h>
+
+#include <miscfs/devfs/devfs.h>
+
+}
+
+extern "C" {
+
+/* interface service functions that delegate to the appropriate tuntap_interface instance */
+errno_t
+tuntap_if_output(ifnet_t ifp, mbuf_t m)
+{
+	if (ifp != NULL) {
+		tuntap_interface *ttif = (tuntap_interface *) ifnet_softc(ifp);
+		if (ttif != NULL)
+			return ttif->if_output(m);
+	}
+
+	if (m != NULL)
+		mbuf_freem_list(m);
+
+	return ENODEV;
+}
+
+errno_t
+tuntap_if_ioctl(ifnet_t ifp, long unsigned int cmd, void *arg)
+{
+	if (ifp != NULL) {
+		tuntap_interface *ttif = (tuntap_interface *) ifnet_softc(ifp);
+		if (ttif != NULL)
+			return ttif->if_ioctl(cmd, arg);
+	}
+
+	return ENODEV;
+}
+
+errno_t
+tuntap_if_set_bpf_tap(ifnet_t ifp, bpf_tap_mode mode, int (*cb)(ifnet_t, mbuf_t))
+{
+	if (ifp != NULL) {
+		tuntap_interface *ttif = (tuntap_interface *) ifnet_softc(ifp);
+		if (ttif != NULL)
+			return ttif->if_set_bpf_tap(mode, cb);
+	}
+
+	return ENODEV;
+}
+
+errno_t
+tuntap_if_demux(ifnet_t ifp, mbuf_t m, char *header, protocol_family_t *proto)
+{
+	if (ifp != NULL) {
+		tuntap_interface *ttif = (tuntap_interface *) ifnet_softc(ifp);
+		if (ttif != NULL)
+			return ttif->if_demux(m, header, proto);
+	}
+
+	return ENODEV;
+}
+
+errno_t
+tuntap_if_framer(ifnet_t ifp, mbuf_t *m, const struct sockaddr *dest, const char *dest_linkaddr,
+		const char *frame_type)
+{
+	if (ifp != NULL) {
+		tuntap_interface *ttif = (tuntap_interface *) ifnet_softc(ifp);
+		if (ttif != NULL)
+			return ttif->if_framer(m, dest, dest_linkaddr, frame_type);
+	}
+
+	return ENODEV;
+}
+
+errno_t
+tuntap_if_add_proto(ifnet_t ifp, protocol_family_t proto, const struct ifnet_demux_desc *ddesc,
+		u_int32_t ndesc)
+{
+	if (ifp != NULL) {
+		tuntap_interface *ttif = (tuntap_interface *) ifnet_softc(ifp);
+		if (ttif != NULL)
+			return ttif->if_add_proto(proto, ddesc, ndesc);
+	}
+
+	return ENODEV;
+}
+
+errno_t
+tuntap_if_del_proto(ifnet_t ifp, protocol_family_t proto)
+{
+	if (ifp != NULL) {
+		tuntap_interface *ttif = (tuntap_interface *) ifnet_softc(ifp);
+		if (ttif != NULL)
+			return ttif->if_del_proto(proto);
+	}
+
+	return ENODEV;
+}
+
+errno_t
+tuntap_if_check_multi(ifnet_t ifp, const struct sockaddr* maddr)
+{
+	if (ifp != NULL)
+	{
+		tuntap_interface *ttif = (tuntap_interface *) ifnet_softc(ifp);
+		if (ttif != NULL)
+			return ttif->if_check_multi(maddr);
+	}
+
+	return ENODEV;
+}
+
+void
+tuntap_if_detached(ifnet_t ifp)
+{
+	if (ifp != NULL) {
+		tuntap_interface *ttif = (tuntap_interface *) ifnet_softc(ifp);
+		if (ttif != NULL)
+			ttif->if_detached();
+	}
+}
+
+errno_t
+tuntap_if_noop_output(ifnet_t, mbuf_t)
+{
+	return ENODEV;
+}
+
+errno_t
+tuntap_if_noop_demux(ifnet_t, mbuf_t, char*, protocol_family_t*)
+{
+	return ENODEV;
+}
+
+errno_t
+tuntap_if_noop_add_proto(ifnet_t, protocol_family_t, const struct ifnet_demux_desc*, u_int32_t)
+{
+	return ENODEV;
+}
+
+errno_t
+tuntap_if_noop_del_proto(ifnet_t, protocol_family_t)
+{
+	return ENODEV;
+}
+
+} /* extern "C" */
+
+/* tuntap_mbuf_queue */
+tuntap_mbuf_queue::tuntap_mbuf_queue()
+{
+	head = tail = NULL;
+	size = 0;
+}
+
+tuntap_mbuf_queue::~tuntap_mbuf_queue()
+{
+	clear();
+}
+
+bool
+tuntap_mbuf_queue::enqueue(mbuf_t mb)
+{
+	if (size == QUEUE_SIZE)
+		return false;
+
+	mbuf_setnextpkt(mb, NULL);
+
+	if (head == NULL)
+		head = tail = mb;
+	else {
+		mbuf_setnextpkt(tail, mb);
+		tail = mb;
+	}
+	size++;
+
+	return true;
+}
+
+mbuf_t
+tuntap_mbuf_queue::dequeue()
+{
+	mbuf_t ret;
+
+	/* check wether there is a packet in the queue */
+	if (head == NULL)
+		return NULL;
+
+	/* fetch it */
+	ret = head;
+	head = mbuf_nextpkt(head);
+	mbuf_setnextpkt(ret, NULL);
+	size--;
+
+	return ret;
+}
+
+void
+tuntap_mbuf_queue::clear()
+{
+	/* free mbufs that are in the queue */
+	if (head != NULL)
+		mbuf_freem_list(head);
+
+	head = NULL;
+	tail = NULL;
+	size = 0;
+}
+
+/* tuntap_interface members */
+tuntap_interface::tuntap_interface()
+{
+	/* initialize the members */
+	ifp = NULL;
+	open = false;
+	block_io = true;
+	dev_handle = NULL;
+	pid = 0;
+	selthreadclear(&rsel);
+	bpf_mode = BPF_MODE_DISABLED;
+	bpf_callback = NULL;
+	bzero(unique_id, UIDLEN);
+	in_ioctl = false;
+}
+
+tuntap_interface::~tuntap_interface()
+{
+}
+
+bool
+tuntap_interface::register_chardev(unsigned short major)
+{
+	/* register character device */
+	dev_handle = devfs_make_node(makedev(major, unit), DEVFS_CHAR, 0, 0, 0660, "%s%d",
+			family_name, (int) unit);
+
+	if (dev_handle == NULL) {
+		log(LOG_ERR, "tuntap: could not make /dev/%s%d\n", family_name, (int) unit);
+		return false;
+	}
+
+	return true;
+}
+
+void
+tuntap_interface::unregister_chardev()
+{
+	dprintf("unregistering character device\n");
+
+	/* unregister character device */
+	if (dev_handle != NULL)
+		devfs_remove(dev_handle);
+	dev_handle = NULL;
+}
+
+bool
+tuntap_interface::register_interface(const struct sockaddr_dl* lladdr, void *bcaddr,
+		u_int32_t bcaddrlen)
+{
+	struct ifnet_init_params ip;
+	errno_t err;
+
+	dprintf("register_interface\n");
+
+	/* initialize an initialization info struct */
+	ip.uniqueid_len = UIDLEN;
+	ip.uniqueid = unique_id;
+	ip.name = family_name;
+	ip.unit = unit;
+	ip.family = family;
+	ip.type = type;
+	ip.output = tuntap_if_output;
+	ip.demux = tuntap_if_demux;
+	ip.add_proto = tuntap_if_add_proto;
+	ip.del_proto = tuntap_if_del_proto;
+	ip.check_multi = tuntap_if_check_multi;
+	ip.framer = tuntap_if_framer;
+	ip.softc = this;
+	ip.ioctl = tuntap_if_ioctl;
+	ip.set_bpf_tap = tuntap_if_set_bpf_tap;
+	ip.detach = tuntap_if_detached;
+	ip.event = NULL;
+	ip.broadcast_addr = bcaddr;
+	ip.broadcast_len = bcaddrlen;
+
+	dprintf("tuntap: tuntap_if_check_multi is at 0x%08x\n", (void*) tuntap_if_check_multi);
+
+	/* allocate the interface */
+	err = ifnet_allocate(&ip, &ifp);
+	if (err) {
+		log(LOG_ERR, "tuntap: could not allocate interface for %s%d: %d\n", family_name,
+				(int) unit, err);
+		ifp = NULL;
+		return false;
+	}
+
+	/* activate the interface */
+	err = ifnet_attach(ifp, lladdr);
+	if (err) {
+		log(LOG_ERR, "tuntap: could not attach interface %s%d: %d\n", family_name,
+				(int) unit, err);
+		ifnet_release(ifp);
+		ifp = NULL;
+		return false;
+	}
+
+	dprintf("setting interface flags\n");
+
+	/* set interface flags */
+	ifnet_set_flags(ifp, IFF_RUNNING | IFF_MULTICAST | IFF_SIMPLEX, (u_int16_t) ~0UL);
+
+	dprintf("flags: %x\n", ifnet_flags(ifp));
+	
+	return true;
+}
+
+void
+tuntap_interface::unregister_interface()
+{
+	errno_t err;
+
+	dprintf("unregistering network interface\n");
+
+	if (ifp != NULL) {
+		interface_detached = false;
+
+		/* detach interface */
+		err = ifnet_detach(ifp);
+		if (err)
+			log(LOG_ERR, "tuntap: error detaching interface %s%d: %d\n",
+					family_name, unit, err);
+
+		dprintf("interface detaching\n");
+
+		/* Wait until the interface has completely been detached. */
+		thread_sync_lock.lock();
+		while (!interface_detached)
+			thread_sync_lock.sleep(&interface_detached);
+		thread_sync_lock.unlock();
+
+		dprintf("interface detached\n");
+
+		/* release the interface */
+		ifnet_release(ifp);
+
+		ifp = NULL;
+	}
+
+	dprintf("network interface unregistered\n");
+}
+
+void
+tuntap_interface::cleanup_interface()
+{
+	errno_t err;
+	ifaddr_t *addrs;
+	ifaddr_t *a;
+	struct ifreq ifr;
+
+	/* mark the interface down */
+	ifnet_set_flags(ifp, 0, IFF_UP | IFF_RUNNING);
+
+	/* Unregister all interface addresses. This works around a deficiency in the Darwin kernel.
+	 * If we don't remove all IP addresses that are attached to the interface it can happen that
+	 * the IP code fails to clean them up itself. When the interface is recycled, the IP code
+	 * might then think some addresses are still attached to the interface...
+	 */
+
+	err = ifnet_get_address_list(ifp, &addrs);
+	if (!err) {
+
+		/* Execute a SIOCDIFADDR ioctl for each address. For technical reasons, we can only
+		 * do that with a socket of the appropriate family. So try to create a dummy socket.
+		 * I know this is a little expensive, but better than crashing...
+		 *
+		 * This really sucks.
+		 */
+		for (a = addrs; *a != NULL; a++) {
+			/* initialize the request parameters */
+			snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d",
+				ifnet_name(ifp), ifnet_unit(ifp));
+			ifaddr_address(*a, &(ifr.ifr_addr), sizeof(ifr.ifr_addr));
+			if (ifr.ifr_addr.sa_family != AF_INET)
+				continue;
+
+			dprintf("trying to delete address of family %d\n", ifr.ifr_addr.sa_family);
+
+			do_sock_ioctl(ifr.ifr_addr.sa_family, SIOCDIFADDR, &ifr);
+		}
+
+		/* release the address list */
+		ifnet_free_address_list(addrs);
+	}
+}
+
+bool
+tuntap_interface::idle()
+{
+	return !(open);
+}
+
+void
+tuntap_interface::notify_bpf(mbuf_t mb, bool out)
+{
+	auto_lock l(&bpf_lock);
+
+	if ((out && bpf_mode == BPF_MODE_OUTPUT)
+			|| (!out && bpf_mode == BPF_MODE_INPUT)
+			|| (bpf_mode == BPF_MODE_INPUT_OUTPUT))
+		(*bpf_callback)(ifp, mb);
+}
+
+void
+tuntap_interface::do_sock_ioctl(sa_family_t af, unsigned long cmd, void* arg) {
+	if (in_ioctl) {
+		log(LOG_ERR, "tuntap: ioctl recursion detected, aborting.\n");
+		return;
+	}
+
+	socket_t sock;
+	errno_t err = sock_socket(af, SOCK_RAW, 0, NULL, NULL, &sock);
+	if (err) {
+		log(LOG_ERR, "tuntap: failed to create socket: %d\n", err);
+		return;
+	}
+
+	in_ioctl = true;
+
+	/* issue the ioctl */
+	err = sock_ioctl(sock, cmd, arg);
+	if (err)
+		log(LOG_ERR, "tuntap: socket ioctl %d failed: %d\n", cmd, err);
+
+	in_ioctl = false;
+
+	/* get rid of the socket */
+	sock_close(sock);
+}
+
+/* character device service methods */
+int
+tuntap_interface::cdev_open(int flags, int devtype, proc_t p)
+{
+	dprintf("tuntap: cdev_open()\n");
+
+	/* grab the lock so that there can only be one thread inside */
+	auto_lock l(&lock);
+
+	/* check wether it is already open */
+	if (open)
+		return EBUSY;
+
+	/* bring the network interface up */
+	int error = initialize_interface();
+	if (error)
+		return error;
+
+	open = true;
+	pid = proc_pid(p);
+
+	return 0;
+}
+
+int
+tuntap_interface::cdev_close(int flags, int devtype, proc_t p)
+{
+	dprintf("tuntap: cdev_close()\n");
+
+	auto_lock l(&lock);
+
+	if (open) {
+		open = false;
+
+		/* shut down the network interface */
+		shutdown_interface();
+
+		/* clear the queue */
+		send_queue.clear();
+
+		/* wakeup the cdev thread and notify selects */
+		wakeup(this);
+		selwakeup(&rsel);
+
+		return 0;
+	}
+
+	return EBADF;
+}
+
+int
+tuntap_interface::cdev_read(uio_t uio, int ioflag)
+{
+	auto_lock l(&lock);
+
+	unsigned int nb = 0;
+	int error;
+
+	dprintf("tuntap: cdev read\n");
+
+	if (!open || ifp == NULL || !(ifnet_flags(ifp) & IFF_UP))
+		return EIO;
+
+	/* fetch a new mbuf from the queue if necessary */
+	mbuf_t cur_mbuf = NULL;
+	while (cur_mbuf == NULL) {
+		dprintf("tuntap: fetching new mbuf\n");
+
+		cur_mbuf = send_queue.dequeue();
+		if (cur_mbuf == NULL) {
+			/* nothing in queue, block or return */
+			if (!block_io) {
+				dprintf("tuntap: aborting (nbio)\n");
+				return EWOULDBLOCK;
+			} else {
+				/* block */
+				dprintf("tuntap: waiting\n");
+				/* release the lock while waiting */
+				l.unlock();
+				error = msleep(this, NULL, PZERO | PCATCH, "tuntap", NULL);
+
+				l.lock();
+
+				if (error)
+					return error;
+
+				/* see whether the device was closed in the meantime */
+				if (!open || ifp == NULL || !(ifnet_flags(ifp) & IFF_UP))
+					return EIO;
+
+			}
+		}
+	}
+
+	/* notify bpf */
+	notify_bpf(cur_mbuf, true);
+
+	/* output what we have */
+	do {
+		dprintf("tuntap: got new mbuf: %p uio_resid: %d\n", cur_mbuf, uio_resid(uio));
+
+		/* now we have an mbuf */
+		int chunk_len = min(mbuf_len(cur_mbuf), uio_resid(uio));
+		error = uiomove((char *) mbuf_data(cur_mbuf), chunk_len, uio);
+		if (error) {
+			mbuf_freem(cur_mbuf);
+			return error;
+		}
+		nb += chunk_len;
+
+		dprintf("tuntap: moved %d bytes to userspace uio_resid: %d\n", chunk_len,
+				uio_resid(uio));
+
+		/* update cur_mbuf */
+		cur_mbuf = mbuf_free(cur_mbuf);
+
+	} while (uio_resid(uio) > 0 && cur_mbuf != NULL);
+
+	/* update statistics */
+	ifnet_stat_increment_out(ifp, 1, nb, 0);
+
+	/* still data left? forget about that ;-) */
+	if (cur_mbuf != NULL)
+		mbuf_freem(cur_mbuf);
+
+	dprintf("tuntap: read done\n");
+
+	return 0;
+}
+
+int
+tuntap_interface::cdev_write(uio_t uio, int ioflag)
+{
+	auto_lock l(&lock);
+
+	if (!open || ifp == NULL || !(ifnet_flags(ifp) & IFF_UP))
+		return EIO;
+
+	dprintf("tuntap: cdev write. uio_resid: %d\n", uio_resid(uio));
+
+	/* pack the data into an mbuf chain */
+	mbuf_t first, mb;
+
+	/* first we need an mbuf having a header */
+	mbuf_gethdr(MBUF_WAITOK, MBUF_TYPE_DATA, &first);
+	if (first == NULL) {
+		log(LOG_ERR, "tuntap: could not get mbuf.\n");
+		return ENOMEM;
+	}
+	mbuf_setlen(first, 0);
+
+	unsigned int mlen = mbuf_maxlen(first);
+	unsigned int chunk_len;
+	unsigned int copied = 0;
+	unsigned int max_data_len = ifnet_mtu(ifp) + ifnet_hdrlen(ifp);
+	int error;
+
+	/* stuff the data into the mbuf(s) */
+	mb = first;
+	while (uio_resid(uio) > 0) {
+		/* copy a chunk. enforce mtu (don't know if this is correct behaviour) */
+		chunk_len = min(max_data_len - copied, min(uio_resid(uio), mlen));
+		error = uiomove((caddr_t) mbuf_data(mb), chunk_len, uio);
+		if (error) {
+			log(LOG_ERR, "tuntap: could not copy data from userspace: %d\n", error);
+			mbuf_freem(first);
+			return error;
+		}
+
+		dprintf("tuntap: copied %d bytes, uio_resid %d\n", chunk_len,
+				uio_resid(uio));
+
+		mlen -= chunk_len;
+		mbuf_setlen(mb, mbuf_len(mb) + chunk_len);
+		copied += chunk_len;
+
+		/* if done, break the loop */
+		if (uio_resid(uio) <= 0 || copied >= max_data_len)
+			break;
+
+		/* allocate a new mbuf if the current is filled */
+		if (mlen == 0) {
+			mbuf_t next;
+			mbuf_get(MBUF_WAITOK, MBUF_TYPE_DATA, &next);
+			if (next == NULL) {
+				log(LOG_ERR, "tuntap: could not get mbuf.\n");
+				mbuf_freem(first);
+				return ENOMEM;
+			}
+			mbuf_setnext(mb, next);
+			mb = next;
+			mbuf_setlen(mb, 0);
+			mlen = mbuf_maxlen(mb);
+		}
+	}
+
+	/* fill in header info */
+	mbuf_pkthdr_setrcvif(first, ifp);
+	mbuf_pkthdr_setlen(first, copied);
+	mbuf_pkthdr_setheader(first, mbuf_data(first));
+	mbuf_set_csum_performed(first, 0, 0);
+
+	/* update statistics */
+	ifnet_stat_increment_in(ifp, 1, copied, 0);
+
+	dprintf("tuntap: mbuf chain constructed. first: %p mb: %p len: %d data: %p\n",
+			first, mb, mbuf_len(first), mbuf_data(first));
+
+	/* notify bpf */
+	notify_bpf(first, false);
+
+	/* need to adjust the data pointer to point directly behind the linklevel header. The header
+	 * itself is later accessed via m_pkthdr.header. Well, if something is ugly, here is it.
+	 */
+	mbuf_adj(first, ifnet_hdrlen(ifp));
+
+	/* pass the packet over to the network stack */
+	error = ifnet_input(ifp, first, NULL);
+
+	if (error) {
+		log(LOG_ERR, "tuntap: could not input packet into network stack.\n");
+		mbuf_freem(first);
+		return error;
+	}
+
+	return 0;
+}
+
+int
+tuntap_interface::cdev_ioctl(u_long cmd, caddr_t data, int fflag, proc_t p)
+{
+	auto_lock l(&lock);
+
+	dprintf("tuntap: cdev ioctl: %d\n", (int) (cmd & 0xff));
+
+	switch (cmd) {
+		case FIONBIO:
+			/* set i/o mode */
+			block_io = *((int *) data) ? false : true;
+			return 0;
+		case FIOASYNC:
+			/* don't allow switching it on */
+			if (*((int *) data))
+				return ENOTTY;
+			return 0;
+	}
+
+	return ENOTTY;
+}
+
+int
+tuntap_interface::cdev_select(int which, void *wql, proc_t p)
+{
+	auto_lock l(&lock);
+
+	int ret = 0;
+
+	dprintf("tuntap: select. which: %d\n", which);
+
+	switch (which) {
+		case FREAD:
+			/* check wether data is available */
+			{
+				if (!send_queue.empty())
+					ret = 1;
+				else {
+					dprintf("tuntap: select: waiting\n");
+					selrecord(p, &rsel, wql);
+				}
+			}
+			break;
+		case FWRITE:
+			/* we are always writeable */
+			ret = 1;
+	}
+
+	return ret;
+}
+
+/* interface service methods */
+errno_t
+tuntap_interface::if_output(mbuf_t m)
+{
+	mbuf_t pkt;
+
+	dprintf("tuntap: if output\n");
+
+	/* just to be sure */
+	if (m == NULL)
+		return 0;
+
+	if (!open || ifp == NULL || !(ifnet_flags(ifp) & IFF_UP)) {
+		mbuf_freem_list(m);
+		return EHOSTDOWN;
+	}
+
+	/* check whether packet has a header */
+	if ((mbuf_flags(m) & MBUF_PKTHDR) == 0) {
+		log(LOG_ERR, "tuntap: packet to be output has no mbuf header.\n");
+		mbuf_freem_list(m);
+		return EINVAL;
+	}
+
+	/* put the packet(s) into the output queue */
+	while (m != NULL) {
+		/* keep pointer, iterate */
+		pkt = m;
+		m = mbuf_nextpkt(m);
+		mbuf_setnextpkt(pkt, NULL);
+
+		auto_lock l(&lock);
+
+		if (!send_queue.enqueue(pkt)) {
+			mbuf_freem(pkt);
+			mbuf_freem_list(m);
+			return ENOBUFS;
+		}
+	}
+
+	/* protect the wakeup calls with the lock, not sure they are safe. */
+	{
+		auto_lock l(&lock);
+
+		/* wakeup the cdev thread and notify selects */
+		wakeup(this);
+		selwakeup(&rsel);
+	}
+
+	return 0;
+}
+
+errno_t
+tuntap_interface::if_ioctl(u_int32_t cmd, void *arg)
+{
+	dprintf("tuntap: if ioctl: %d\n", (int) (cmd & 0xff));
+
+	switch (cmd) {
+		case SIOCSIFADDR:
+			{
+				dprintf("tuntap: if_ioctl: SIOCSIFADDR\n");
+
+				/* Unfortunately, ifconfig sets the address family field of an INET
+				 * netmask to zero, which makes early mDNSresponder versions ignore
+				 * the interface. Fix that here. This one is of the category "ugly
+				 * workaround". Dumb Darwin...
+				 *
+				 * Meanwhile, Apple has fixed mDNSResponder, and recent versions of
+				 * Leopard don't need this hack anymore. However, Tiger still has a
+				 * broken version so we leave the hack in for now.
+				 *
+				 * TODO: Revisit when dropping Tiger support.
+				 *
+				 * Btw. If you configure other network interfaces using ifconfig,
+				 * you run into the same problem. I still don't know how to make the
+				 * tap devices show up in the network configuration panel...
+				 */
+				ifaddr_t ifa = (ifaddr_t) arg;
+				if (ifa == NULL)
+					return 0;
+
+				sa_family_t af = ifaddr_address_family(ifa);
+				if (af != AF_INET)
+					return 0;
+
+				struct ifaliasreq ifra;
+				int sa_size = sizeof(struct sockaddr);
+				if (ifaddr_address(ifa, &ifra.ifra_addr, sa_size)
+					|| ifaddr_dstaddress(ifa, &ifra.ifra_broadaddr, sa_size)
+					|| ifaddr_netmask(ifa, &ifra.ifra_mask, sa_size)) {
+					log(LOG_WARNING,
+						"tuntap: failed to parse interface address.\n");
+					return 0;
+				}
+
+				// Check that the address family fields match. If not, issue another
+				// SIOCAIFADDR to fix the entry.
+				if (ifra.ifra_addr.sa_family != af
+					|| ifra.ifra_broadaddr.sa_family != af
+					|| ifra.ifra_mask.sa_family != af) {
+					log(LOG_INFO, "tuntap: Fixing address family for %s%d\n",
+						family_name, unit);
+
+					snprintf(ifra.ifra_name, sizeof(ifra.ifra_name), "%s%d",
+						family_name, unit);
+					ifra.ifra_addr.sa_family = af;
+					ifra.ifra_broadaddr.sa_family = af;
+					ifra.ifra_mask.sa_family = af;
+
+					do_sock_ioctl(af, SIOCAIFADDR, &ifra);
+				}
+
+				return 0;
+			}
+
+		case SIOCSIFFLAGS:
+			return 0;
+
+		case SIOCGIFSTATUS:
+			{
+				struct ifstat *stat = (struct ifstat *) arg;
+				int len;
+				char *p;
+
+				if (stat == NULL)
+					return EINVAL;
+
+				/* print status */
+				len = strlen(stat->ascii);
+				p = stat->ascii + len;
+				if (open) {
+					snprintf(p, IFSTATMAX - len, "\topen (pid %u)\n", pid);
+				} else {
+					snprintf(p, IFSTATMAX - len, "\tclosed\n");
+				}
+
+				return 0;
+			}
+
+		case SIOCSIFMTU:
+			{
+				struct ifreq *ifr = (struct ifreq *) arg;
+
+				if (ifr == NULL)
+					return EINVAL;
+
+				ifnet_set_mtu(ifp, ifr->ifr_mtu);
+
+				return 0;
+			}
+
+		case SIOCDIFADDR:
+			return 0;
+
+	}
+
+	return EOPNOTSUPP;
+}
+
+errno_t
+tuntap_interface::if_set_bpf_tap(bpf_tap_mode mode, int (*cb)(ifnet_t, mbuf_t))
+{
+	dprintf("tuntap: mode %d\n", mode);
+
+	auto_lock l(&bpf_lock);
+
+	bpf_callback = cb;
+	bpf_mode = mode;
+
+	return 0;
+}
+
+errno_t
+tuntap_interface::if_check_multi(const struct sockaddr *maddr)
+{
+	dprintf("tuntap: if_check_multi\n");
+
+	return EOPNOTSUPP;
+}
+
+void
+tuntap_interface::if_detached()
+{
+	dprintf("tuntap: if_detached\n");
+
+	/* wake unregister_interface() */
+	thread_sync_lock.lock();
+	interface_detached = true;
+	thread_sync_lock.wakeup(&interface_detached);
+	thread_sync_lock.unlock();
+
+	dprintf("if_detached done\n");
+}
+
diff --git a/ext/tap-mac/tuntap/src/tuntap.h b/ext/tap-mac/tuntap/src/tuntap.h
new file mode 100644
index 0000000..d5f398d
--- /dev/null
+++ b/ext/tap-mac/tuntap/src/tuntap.h
@@ -0,0 +1,301 @@
+/*
+ * ip tunnel/ethertap device for MacOSX.
+ *
+ * The class tuntaptap_interface contains the common functionality of tuntap_interface and
+ * tap_interface.
+ */
+/*
+ * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de>
+ *
+ * Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met:
+ *
+ *   1. Redistributions of source code must retain the above copyright notice, this list of
+ *      conditions and the following disclaimer.
+ *   2. Redistributions in binary form must reproduce the above copyright notice, this list of
+ *      conditions and the following disclaimer in the documentation and/or other materials provided
+ *      with the distribution.
+ *   3. The name of the author may not be used to endorse or promote products derived from this
+ *      software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __TUNTAP_H__
+#define __TUNTAP_H__
+
+#include "util.h"
+#include "lock.h"
+
+extern "C" {
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/select.h>
+#include <sys/systm.h>
+#include <sys/kpi_mbuf.h>
+
+#include <kern/locks.h>
+
+#include <net/if.h>
+#include <net/bpf.h>
+#include <net/kpi_interface.h>
+
+}
+
+extern "C" {
+
+errno_t tuntap_if_output(ifnet_t ifp, mbuf_t m);
+errno_t tuntap_if_ioctl(ifnet_t ifp, long unsigned int cmd, void *arg);
+errno_t tuntap_if_set_bpf_tap(ifnet_t ifp, bpf_tap_mode mode, int (*cb)(ifnet_t, mbuf_t));
+errno_t tuntap_if_demux(ifnet_t ifp, mbuf_t m, char *header, protocol_family_t *proto);
+errno_t tuntap_if_framer(ifnet_t ifp, mbuf_t *m, const struct sockaddr *dest,
+		const char *dest_linkaddr, const char *frame_type);
+errno_t tuntap_if_add_proto(ifnet_t ifp, protocol_family_t proto,
+		const struct ifnet_demux_desc *ddesc, u_int32_t ndesc);
+errno_t tuntap_if_del_proto(ifnet_t ifp, protocol_family_t proto);
+errno_t tuntap_if_check_multi(ifnet_t ifp, const struct sockaddr *maddr);
+void tuntap_if_detached(ifnet_t ifp);
+
+}
+
+/* forward declaration */
+class tuntap_interface;
+
+/* both interface families have their manager object that will create, initialize, shutdown and
+ * delete interfaces. This is (mostly) generic so it can be used both for tun and tap. The only
+ * exception is the interface creation, therefore this class is abstract. tun and tap have their own
+ * versions that simply fill in create_interface().
+ */
+class tuntap_manager {
+
+	protected:
+		/* manager cdev gate */
+		tt_gate cdev_gate;
+		/* interface count */
+		unsigned int count;
+		/* an array holding all the interface instances */
+		tuntap_interface **tuntaps;
+		/* the major device number */
+		int dev_major;
+		/* family name */
+		char *family;
+
+		/* wether static members are initialized */
+		static bool statics_initialized;
+
+		/* major-to-manager-map */
+		static const int MAX_CDEV = 256;
+		static tuntap_manager *mgr_map[MAX_CDEV];
+
+		/* initializes static members */
+		void initialize_statics();
+
+	public:
+		/* sets major device number, allocates the interface table. */
+		bool initialize(unsigned int count, char *family);
+
+		/* tries to shutdown the family. returns true if successful. the manager object may
+		 * not be deleted if this wasn't called successfully.
+		 */
+		bool shutdown();
+
+		/* the destructor deletes allocated memory and unregisters the character device
+		 * switch */
+		virtual ~tuntap_manager();
+
+		/* here are the cdev routines for the class. They will figure out the manager object
+		 * and call the service methods declared below.
+		 */
+		static int cdev_open(dev_t dev, int flags, int devtype, proc_t p);
+		static int cdev_close(dev_t dev, int flags, int devtype, proc_t p);
+		static int cdev_read(dev_t dev, uio_t uio, int ioflag);
+		static int cdev_write(dev_t dev, uio_t uio, int ioflag);
+		static int cdev_ioctl(dev_t dev, u_long cmd, caddr_t data, int fflag,
+				proc_t p);
+		static int cdev_select(dev_t dev, int which, void *wql, proc_t p);
+
+	protected:
+		/* Here are the actual service routines that will do the required things (creating
+		 * interfaces and such) and forward to the interface's implementation.
+		 */
+		int do_cdev_open(dev_t dev, int flags, int devtype, proc_t p);
+		int do_cdev_close(dev_t dev, int flags, int devtype, proc_t p);
+		int do_cdev_read(dev_t dev, uio_t uio, int ioflag);
+		int do_cdev_write(dev_t dev, uio_t uio, int ioflag);
+		int do_cdev_ioctl(dev_t dev, u_long cmd, caddr_t data, int fflag, proc_t p);
+		int do_cdev_select(dev_t dev, int which, void *wql, proc_t p);
+
+		/* abstract method that will create an interface. Implemented by tun and tap */
+		virtual tuntap_interface *create_interface() = 0;
+		
+		/* makes sure there is one idle interface available (if nothing fails */
+		void ensure_idle_device();
+
+};
+
+/* a class implementing a mbuf packet queue. On Darwin 7 we had struct ifqueue, but that is now
+ * internal to the kernel for Darwin 8. So lets have our own.
+ */
+class tuntap_mbuf_queue {
+
+	private:
+		/* output end of the queue. dequeueing takes mbufs from here */
+		mbuf_t head;
+		/* input end. new mbufs are appended here. */
+		mbuf_t tail;
+
+		/* size */
+		unsigned int size;
+
+		/* maximum queue size */
+		static const unsigned int QUEUE_SIZE = 128;
+
+	public:
+		/* initialize new empty queue */
+		tuntap_mbuf_queue();
+		~tuntap_mbuf_queue();
+
+		/* is the queue full? */
+		bool full() { return size == QUEUE_SIZE; }
+		/* is it emtpy? */
+		bool empty() { return size == 0; }
+
+		/* enqueue an mbuf. returns true if there was space left, so the mbuf could be
+		 * queued, false otherwise */
+		bool enqueue(mbuf_t mb);
+
+		/* tries to dequeue the next mbuf. If the queue is empty, NULL is returned */
+		mbuf_t dequeue();
+
+		/* makes the queue empty, discarding any queue packets */
+		void clear();
+};
+
+class tuntap_interface {
+
+	protected:
+		/* interface number */
+		unsigned int unit;
+		/* family name */
+		char *family_name;
+		/* family identifier */
+		ifnet_family_t family;
+		/* interface type */
+		u_int32_t type;
+		/* id string */
+		static const unsigned int UIDLEN = 20;
+		char unique_id[UIDLEN];
+
+		/* synchronization */
+		tt_mutex lock;
+		tt_mutex bpf_lock;
+		tt_mutex thread_sync_lock;
+
+		/* the interface structure registered */
+		ifnet_t ifp;
+		/* whether the device has been opened */
+		bool open;
+		/* whether we are doing blocking i/o */
+		bool block_io;
+		/* whether the interface has properly been detached */
+		bool interface_detached;
+		/* handle to the devfs node for the character device */
+		void *dev_handle;
+		/* the pid of the process that opened the cdev, if any */
+		pid_t pid;
+		/* read select info */
+		struct selinfo rsel;
+		/* bpf mode, wether filtering is on or off */
+		bpf_tap_mode bpf_mode;
+		/* bpf callback. called when packet arrives/leaves */
+		int (*bpf_callback)(ifnet_t, mbuf_t);
+		/* pending packets queue (for output), must be accessed with the lock held */
+		tuntap_mbuf_queue send_queue;
+		/* whether an ioctl that we issued is currently being processed */
+		bool in_ioctl;
+
+		/* protected constructor. initializes most of the members */
+		tuntap_interface();
+		virtual ~tuntap_interface();
+
+		/* initialize the device */
+		virtual bool initialize(unsigned short major, unsigned short unit) = 0;
+
+		/* character device management */
+		virtual bool register_chardev(unsigned short major);
+		virtual void unregister_chardev();
+
+		/* network interface management */
+		virtual bool register_interface(const struct sockaddr_dl *lladdr,
+				void *bcaddr, u_int32_t bcaddrlen);
+		virtual void unregister_interface();
+		virtual void cleanup_interface();
+
+		/* called when the character device is opened in order to intialize the network
+		 * interface.
+		 */
+		virtual int initialize_interface() = 0;
+		/* called when the character device is closed to shutdown the network interface */
+		virtual void shutdown_interface() = 0;
+
+		/* check wether the interface is idle (so it can be brought down) */
+		virtual bool idle();
+
+		/* shut it down */
+		virtual void shutdown() = 0;
+
+		/* notifies BPF of a packet coming through */
+		virtual void notify_bpf(mbuf_t mb, bool out);
+
+		/* executes a socket ioctl through a temporary socket */
+		virtual void do_sock_ioctl(sa_family_t af, unsigned long cmd, void* arg);
+
+		/* character device service methods. Called by the manager */
+		virtual int cdev_open(int flags, int devtype, proc_t p);
+		virtual int cdev_close(int flags, int devtype, proc_t p);
+		virtual int cdev_read(uio_t uio, int ioflag);
+		virtual int cdev_write(uio_t uio, int ioflag);
+		virtual int cdev_ioctl(u_long cmd, caddr_t data, int fflag, proc_t p);
+		virtual int cdev_select(int which, void *wql, proc_t p);
+
+		/* interface functions. friends and implementation methods */
+		friend errno_t tuntap_if_output(ifnet_t ifp, mbuf_t m);
+		friend errno_t tuntap_if_ioctl(ifnet_t ifp, long unsigned int cmd, void *arg);
+		friend errno_t tuntap_if_set_bpf_tap(ifnet_t ifp, bpf_tap_mode mode,
+				int (*cb)(ifnet_t, mbuf_t));
+		friend errno_t tuntap_if_demux(ifnet_t ifp, mbuf_t m, char *header,
+				protocol_family_t *proto);
+		friend errno_t tuntap_if_framer(ifnet_t ifp, mbuf_t *m, const struct sockaddr *dest,
+				const char *dest_linkaddr, const char *frame_type);
+		friend errno_t tuntap_if_add_proto(ifnet_t ifp, protocol_family_t proto,
+				const struct ifnet_demux_desc *ddesc, u_int32_t ndesc);
+		friend errno_t tuntap_if_del_proto(ifnet_t ifp, protocol_family_t proto);
+		friend errno_t tuntap_if_check_multi(ifnet_t ifp, const struct sockaddr *maddr);
+		friend void tuntap_if_detached(ifnet_t ifp);
+
+		virtual errno_t if_output(mbuf_t m);
+		virtual errno_t if_ioctl(u_int32_t cmd, void *arg);
+		virtual errno_t if_set_bpf_tap(bpf_tap_mode mode, int (*cb)(ifnet_t, mbuf_t));
+		virtual errno_t if_demux(mbuf_t m, char *header, protocol_family_t *proto) = 0;
+		virtual errno_t if_framer(mbuf_t *m, const struct sockaddr *dest,
+				const char *dest_linkaddr, const char *frame_type) = 0;
+		virtual errno_t if_add_proto(protocol_family_t proto,
+				const struct ifnet_demux_desc *ddesc, u_int32_t ndesc) = 0;
+		virtual errno_t if_del_proto(protocol_family_t proto) = 0;
+		virtual errno_t if_check_multi(const struct sockaddr *maddr);
+		virtual void if_detached();
+
+		/* tuntap_manager feeds us with cdev input, so it is our friend */
+		friend class tuntap_manager;
+};
+
+#endif /* __TUNTAP_H__ */
+
diff --git a/ext/tap-mac/tuntap/src/tuntap_mgr.cc b/ext/tap-mac/tuntap/src/tuntap_mgr.cc
new file mode 100644
index 0000000..f41394e
--- /dev/null
+++ b/ext/tap-mac/tuntap/src/tuntap_mgr.cc
@@ -0,0 +1,372 @@
+/*
+ * ip tunnel/ethertap device for MacOSX.
+ *
+ * tuntap_manager definition.
+ */
+/*
+ * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de>
+ *
+ * Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met:
+ *
+ *   1. Redistributions of source code must retain the above copyright notice, this list of
+ *      conditions and the following disclaimer.
+ *   2. Redistributions in binary form must reproduce the above copyright notice, this list of
+ *      conditions and the following disclaimer in the documentation and/or other materials provided
+ *      with the distribution.
+ *   3. The name of the author may not be used to endorse or promote products derived from this
+ *      software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "tuntap.h"
+#include "mem.h"
+
+extern "C" {
+
+#include <sys/conf.h>
+#include <sys/param.h>
+#include <sys/syslog.h>
+#include <sys/systm.h>
+
+#include <vm/vm_kern.h>
+
+#include <miscfs/devfs/devfs.h>
+
+}
+
+#if 0
+#define dprintf(...)			log(LOG_INFO, __VA_ARGS__)
+#else
+#define dprintf(...)
+#endif
+
+/* cdevsw for tuntap_manager */
+static struct cdevsw mgr_cdevsw =
+{
+	tuntap_manager::cdev_open,
+	tuntap_manager::cdev_close,
+	tuntap_manager::cdev_read,
+	tuntap_manager::cdev_write,
+	tuntap_manager::cdev_ioctl,
+	eno_stop,
+	eno_reset,
+	NULL,
+	tuntap_manager::cdev_select,
+	eno_mmap,
+	eno_strat,
+	eno_getc,
+	eno_putc,
+	0
+};
+
+/* tuntap_manager members */
+tuntap_manager *tuntap_manager::mgr_map[MAX_CDEV];
+
+bool tuntap_manager::statics_initialized = false;
+
+/* static initializer */
+void
+tuntap_manager::initialize_statics()
+{
+	dprintf("initializing mgr_map\n");
+
+	/* initialize the major-to-manager map */
+	for (int i = 0; i < MAX_CDEV; i++)
+		mgr_map[i] = NULL;
+
+	statics_initialized = true;
+}
+
+bool
+tuntap_manager::initialize(unsigned int count, char *family)
+{
+	this->count = count;
+	this->family = family;
+	this->tuntaps = NULL;
+
+	if (!statics_initialized)
+		initialize_statics();
+
+	/* make sure noone can access the character devices until we are done */
+	auto_lock l(&cdev_gate);
+
+	/* register the switch for the tap character devices */
+	dev_major = cdevsw_add(-1, &mgr_cdevsw);
+	if (dev_major == -1) {
+		log(LOG_ERR, "%s: could not register character device switch.\n", family);
+		return false;
+	}
+
+	/* allocate memory for the interface instance table */
+	tuntaps = (tuntap_interface **) mem_alloc(count * sizeof(tuntap_interface *));
+	if (tuntaps == NULL)
+	{
+		log(LOG_ERR, "%s: no memory!\n", family);
+		return false;
+	}
+
+	bzero(tuntaps, count * sizeof(tuntap_interface *));
+
+	/* Create the interfaces. This will only add the character devices. The network devices will
+	 * be created upon open()ing the corresponding character devices.
+	 */
+	for (int i = 0; i < (int) count; i++)
+	{
+		tuntaps[i] = create_interface();
+
+		if (tuntaps[i] != NULL)
+		{
+			if (tuntaps[i]->initialize(dev_major, i))
+			{
+				continue;
+			}
+
+			/* error here. current interface needs to be shut down */
+			i++;
+		}
+
+		/* something went wrong. clean up. */
+		while (--i >= 0)
+		{
+			tuntaps[i]->shutdown();
+			delete  tuntaps[i];
+		}
+
+		return false;
+	}
+
+	/* register the new family in the mgr switch */
+	mgr_map[dev_major] = this;
+
+	log(LOG_INFO, "%s kernel extension version %s <mattias.nissler@gmx.de>\n",
+			family, TUNTAP_VERSION);
+
+	return true;
+}
+
+bool
+tuntap_manager::shutdown()
+{
+	bool ok = true;
+
+	/* we halt the whole thing while we check whether we can shutdown */
+	auto_lock l(&cdev_gate);
+
+	/* anyone in? */
+	if (cdev_gate.is_anyone_in()) {
+		dprintf("tuntap_mgr: won't shutdown, threads still behind the gate.");
+		ok = false;
+	} else {
+		/* query the interfaces to see if shutting down is ok */
+		if (tuntaps != NULL) {
+			for (unsigned int i = 0; i < count; i++) {
+				if (tuntaps[i] != NULL)
+					ok &= tuntaps[i]->idle();
+			}
+
+			/* if yes, do it now */
+			if (ok) {
+				for (unsigned int i = 0; i < count; i++) {
+					if (tuntaps[i] != NULL) {
+						tuntaps[i]->shutdown();
+						delete tuntaps[i];
+						tuntaps[i] = NULL;
+					}
+				}
+			}
+		}
+	}
+
+	/* unregister the character device switch */
+	if (ok) {
+		if (dev_major != -1 && cdevsw_remove(dev_major, &mgr_cdevsw) == -1) {
+			log(LOG_WARNING,
+				"%s: character device switch got lost. strange.\n", family);
+		}
+		mgr_map[dev_major] = NULL;
+		dev_major = -1;
+
+		/* at this point there is still a chance that some thread hangs at the cdev_gate in
+		 * one of the cdev service functions. I can't imagine any way that would aviod this.
+		 * So lets unblock the gate such that they fail.
+		 */
+		unsigned int old_number;
+		do {
+			old_number = cdev_gate.get_ticket_number();
+
+			dprintf("tuntap_manager: waiting for other threads to give up.\n");
+
+			/* wait one second */
+			cdev_gate.sleep(&cdev_gate, 1000000);
+
+		} while (cdev_gate.get_ticket_number() != old_number);
+
+		/* I hope it is safe to unload now. */
+
+	} else {
+		log(LOG_WARNING, "%s: won't unload, at least one interface is busy.\n", family);
+	}
+
+	dprintf("tuntap manager: shutdown %s\n", ok ? "ok" : "failed");
+
+	return ok;
+}
+
+tuntap_manager::~tuntap_manager()
+{
+	dprintf("freeing interface table\n");
+
+	/* free memory */
+	if (tuntaps != NULL)
+		mem_free(tuntaps, count * sizeof(tuntap_interface *));
+}
+
+/* service method dispatchers */
+int
+tuntap_manager::cdev_open(dev_t dev, int flags, int devtype, proc_t p)
+{
+	return (mgr_map[major(dev)] == NULL ? ENOENT
+			: mgr_map[major(dev)]->do_cdev_open(dev, flags, devtype, p));
+}
+
+int
+tuntap_manager::cdev_close(dev_t dev, int flags, int devtype, proc_t p)
+{
+	return (mgr_map[major(dev)] == NULL ? EBADF
+			: mgr_map[major(dev)]->do_cdev_close(dev, flags, devtype, p));
+}
+
+int
+tuntap_manager::cdev_read(dev_t dev, uio_t uio, int ioflag)
+{
+	return (mgr_map[major(dev)] == NULL ? EBADF
+			: mgr_map[major(dev)]->do_cdev_read(dev, uio, ioflag));
+}
+
+int
+tuntap_manager::cdev_write(dev_t dev, uio_t uio, int ioflag)
+{
+	return (mgr_map[major(dev)] == NULL ? EBADF
+			: mgr_map[major(dev)]->do_cdev_write(dev, uio, ioflag));
+}
+
+int
+tuntap_manager::cdev_ioctl(dev_t dev, u_long cmd, caddr_t data, int fflag, proc_t p)
+{
+	return (mgr_map[major(dev)] == NULL ? EBADF
+			: mgr_map[major(dev)]->do_cdev_ioctl(dev, cmd, data, fflag, p));
+}
+
+int
+tuntap_manager::cdev_select(dev_t dev, int which, void *wql, proc_t p)
+{
+	return (mgr_map[major(dev)] == NULL ? EBADF
+			: mgr_map[major(dev)]->do_cdev_select(dev, which, wql, p));
+}
+
+/* character device service methods */
+int
+tuntap_manager::do_cdev_open(dev_t dev, int flags, int devtype, proc_t p)
+{
+	int dmin = minor(dev);
+	int error = ENOENT;
+
+	cdev_gate.enter();
+
+	if (dmin < (int) count && dmin >= 0 && tuntaps[dmin] != NULL)
+		error = tuntaps[dmin]->cdev_open(flags, devtype, p);
+
+	cdev_gate.exit();
+
+	return error;
+}
+
+int
+tuntap_manager::do_cdev_close(dev_t dev, int flags, int devtype, proc_t p)
+{
+	int dmin = minor(dev);
+	int error = EBADF;
+
+	cdev_gate.enter();
+
+	if (dmin < (int) count && dmin >= 0 && tuntaps[dmin] != NULL)
+		error = tuntaps[dmin]->cdev_close(flags, devtype, p);
+
+	cdev_gate.exit();
+
+	return error;
+}
+
+int
+tuntap_manager::do_cdev_read(dev_t dev, uio_t uio, int ioflag)
+{
+	int dmin = minor(dev);
+	int error = EBADF;
+
+	cdev_gate.enter();
+
+	if (dmin < (int) count && dmin >= 0 && tuntaps[dmin] != NULL)
+		error = tuntaps[dmin]->cdev_read(uio, ioflag);
+
+	cdev_gate.exit();
+	
+	return error;
+}
+
+int
+tuntap_manager::do_cdev_write(dev_t dev, uio_t uio, int ioflag)
+{
+	int dmin = minor(dev);
+	int error = EBADF;
+
+	cdev_gate.enter();
+
+	if (dmin < (int) count && dmin >= 0 && tuntaps[dmin] != NULL)
+		error = tuntaps[dmin]->cdev_write(uio, ioflag);
+
+	cdev_gate.exit();
+	
+	return error;
+}
+
+int
+tuntap_manager::do_cdev_ioctl(dev_t dev, u_long cmd, caddr_t data, int fflag, proc_t p)
+{
+	int dmin = minor(dev);
+	int error = EBADF;
+
+	cdev_gate.enter();
+
+	if (dmin < (int) count && dmin >= 0 && tuntaps[dmin] != NULL)
+		error = tuntaps[dmin]->cdev_ioctl(cmd, data, fflag, p);
+
+	cdev_gate.exit();
+	
+	return error;
+}
+
+int
+tuntap_manager::do_cdev_select(dev_t dev, int which, void *wql, proc_t p)
+{
+	int dmin = minor(dev);
+	int error = EBADF;
+
+	cdev_gate.enter();
+
+	if (dmin < (int) count && dmin >= 0 && tuntaps[dmin] != NULL)
+		error = tuntaps[dmin]->cdev_select(which, wql, p);
+
+	cdev_gate.exit();
+	
+	return error;
+}
+
diff --git a/ext/tap-mac/tuntap/src/util.h b/ext/tap-mac/tuntap/src/util.h
new file mode 100644
index 0000000..0f6955e
--- /dev/null
+++ b/ext/tap-mac/tuntap/src/util.h
@@ -0,0 +1,46 @@
+/*
+ * ip tunnel/ethertap device for MacOSX.
+ *
+ * Some utilities and misc stuff.
+ */
+/*
+ * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de>
+ *
+ * Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met:
+ *
+ *   1. Redistributions of source code must retain the above copyright notice, this list of
+ *      conditions and the following disclaimer.
+ *   2. Redistributions in binary form must reproduce the above copyright notice, this list of
+ *      conditions and the following disclaimer in the documentation and/or other materials provided
+ *      with the distribution.
+ *   3. The name of the author may not be used to endorse or promote products derived from this
+ *      software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __UTIL_H__
+#define __UTIL_H__
+
+extern "C" {
+
+/* In Darwin 8 (OS X Tiger) there is a problem with struct selinfo. It was made `private' to the
+ * kernel, so its definition is not available from the headers in Kernel.framework. However, we need
+ * to declare something :-(
+ */
+struct selinfo {
+	char data[128];	/* should be enough... */
+};
+
+} /* extern "C" */
+
+#endif /* __UTIL_H__ */
+
diff --git a/include/README.md b/include/README.md
new file mode 100644
index 0000000..a3254ba
--- /dev/null
+++ b/include/README.md
@@ -0,0 +1,4 @@
+ZeroTier Node API
+======
+
+This is the externally facing plain C API, which wraps the Node class in the node/ folder. It provides a platform-agnostic interface to the core ZeroTier network virtualization engine.
diff --git a/include/ZeroTierOne.h b/include/ZeroTierOne.h
new file mode 100644
index 0000000..2d7b007
--- /dev/null
+++ b/include/ZeroTierOne.h
@@ -0,0 +1,1907 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * This defines the external C API for ZeroTier's core network virtualization
+ * engine.
+ */
+
+#ifndef ZT_ZEROTIERONE_H
+#define ZT_ZEROTIERONE_H
+
+#include <stdint.h>
+
+// For the struct sockaddr_storage structure
+#if defined(_WIN32) || defined(_WIN64)
+#include <WinSock2.h>
+#include <WS2tcpip.h>
+#include <Windows.h>
+#else /* not Windows */
+#include <arpa/inet.h>
+#include <netinet/in.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#endif /* Windows or not */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/****************************************************************************/
+/* Core constants                                                           */
+/****************************************************************************/
+
+/**
+ * Default UDP port for devices running a ZeroTier endpoint
+ */
+#define ZT_DEFAULT_PORT 9993
+
+/**
+ * Maximum MTU for ZeroTier virtual networks
+ *
+ * This is pretty much an unchangeable global constant. To make it change
+ * across nodes would require logic to send ICMP packet too big messages,
+ * which would complicate things. 1500 has been good enough on most LANs
+ * for ages, so a larger MTU should be fine for the forseeable future. This
+ * typically results in two UDP packets per single large frame. Experimental
+ * results seem to show that this is good. Larger MTUs resulting in more
+ * fragments seemed too brittle on slow/crummy links for no benefit.
+ *
+ * If this does change, also change it in tap.h in the tuntaposx code under
+ * mac-tap.
+ *
+ * Overhead for a normal frame split into two packets:
+ *
+ * 1414 = 1444 (typical UDP MTU) - 28 (packet header) - 2 (ethertype)
+ * 1428 = 1444 (typical UDP MTU) - 16 (fragment header)
+ * SUM: 2842
+ *
+ * We use 2800, which leaves some room for other payload in other types of
+ * messages such as multicast propagation or future support for bridging.
+ */
+#define ZT_MAX_MTU 2800
+
+/**
+ * Maximum length of network short name
+ */
+#define ZT_MAX_NETWORK_SHORT_NAME_LENGTH 127
+
+/**
+ * Maximum number of pushed routes on a network
+ */
+#define ZT_MAX_NETWORK_ROUTES 32
+
+/**
+ * Maximum number of statically assigned IP addresses per network endpoint using ZT address management (not DHCP)
+ */
+#define ZT_MAX_ZT_ASSIGNED_ADDRESSES 16
+
+/**
+ * Maximum number of "specialists" on a network -- bridges, relays, etc.
+ */
+#define ZT_MAX_NETWORK_SPECIALISTS 256
+
+/**
+ * Maximum number of static physical to ZeroTier address mappings (typically relays, etc.)
+ */
+#define ZT_MAX_NETWORK_PINNED 16
+
+/**
+ * Maximum number of rule table entries per network (can be increased)
+ */
+#define ZT_MAX_NETWORK_RULES 256
+
+/**
+ * Maximum number of multicast group subscriptions per network
+ */
+#define ZT_MAX_NETWORK_MULTICAST_SUBSCRIPTIONS 4096
+
+/**
+ * Maximum number of direct network paths to a given peer
+ */
+#define ZT_MAX_PEER_NETWORK_PATHS 4
+
+/**
+ * Maximum number of trusted physical network paths
+ */
+#define ZT_MAX_TRUSTED_PATHS 16
+
+/**
+ * Maximum number of hops in a ZeroTier circuit test
+ *
+ * This is more or less the max that can be fit in a given packet (with
+ * fragmentation) and only one address per hop.
+ */
+#define ZT_CIRCUIT_TEST_MAX_HOPS 256
+
+/**
+ * Maximum number of addresses per hop in a circuit test
+ */
+#define ZT_CIRCUIT_TEST_MAX_HOP_BREADTH 8
+
+/**
+ * Maximum number of cluster members (and max member ID plus one)
+ */
+#define ZT_CLUSTER_MAX_MEMBERS 128
+
+/**
+ * Maximum number of physical ZeroTier addresses a cluster member can report
+ */
+#define ZT_CLUSTER_MAX_ZT_PHYSICAL_ADDRESSES 16
+
+/**
+ * Maximum allowed cluster message length in bytes
+ */
+#define ZT_CLUSTER_MAX_MESSAGE_LENGTH (1500 - 48)
+
+/**
+ * A null/empty sockaddr (all zero) to signify an unspecified socket address
+ */
+extern const struct sockaddr_storage ZT_SOCKADDR_NULL;
+
+/****************************************************************************/
+/* Structures and other types                                               */
+/****************************************************************************/
+
+/**
+ * Function return code: OK (0) or error results
+ *
+ * Use ZT_ResultCode_isFatal() to check for a fatal error. If a fatal error
+ * occurs, the node should be considered to not be working correctly. These
+ * indicate serious problems like an inaccessible data store or a compile
+ * problem.
+ */
+enum ZT_ResultCode
+{
+	/**
+	 * Operation completed normally
+	 */
+	ZT_RESULT_OK = 0,
+
+	// Fatal errors (>0, <1000)
+
+	/**
+	 * Ran out of memory
+	 */
+	ZT_RESULT_FATAL_ERROR_OUT_OF_MEMORY = 1,
+
+	/**
+	 * Data store is not writable or has failed
+	 */
+	ZT_RESULT_FATAL_ERROR_DATA_STORE_FAILED = 2,
+
+	/**
+	 * Internal error (e.g. unexpected exception indicating bug or build problem)
+	 */
+	ZT_RESULT_FATAL_ERROR_INTERNAL = 3,
+
+	// Non-fatal errors (>1000)
+
+	/**
+	 * Network ID not valid
+	 */
+	ZT_RESULT_ERROR_NETWORK_NOT_FOUND = 1000,
+
+	/**
+	 * The requested operation is not supported on this version or build
+	 */
+	ZT_RESULT_ERROR_UNSUPPORTED_OPERATION = 1001,
+
+	/**
+	 * The requestion operation was given a bad parameter or was called in an invalid state
+	 */
+	ZT_RESULT_ERROR_BAD_PARAMETER = 1002
+};
+
+/**
+ * @param x Result code
+ * @return True if result code indicates a fatal error
+ */
+#define ZT_ResultCode_isFatal(x) ((((int)(x)) > 0)&&(((int)(x)) < 1000))
+
+/**
+ * Status codes sent to status update callback when things happen
+ */
+enum ZT_Event
+{
+	/**
+	 * Node has been initialized
+	 *
+	 * This is the first event generated, and is always sent. It may occur
+	 * before Node's constructor returns.
+	 *
+	 * Meta-data: none
+	 */
+	ZT_EVENT_UP = 0,
+
+	/**
+	 * Node is offline -- network does not seem to be reachable by any available strategy
+	 *
+	 * Meta-data: none
+	 */
+	ZT_EVENT_OFFLINE = 1,
+
+	/**
+	 * Node is online -- at least one upstream node appears reachable
+	 *
+	 * Meta-data: none
+	 */
+	ZT_EVENT_ONLINE = 2,
+
+	/**
+	 * Node is shutting down
+	 *
+	 * This is generated within Node's destructor when it is being shut down.
+	 * It's done for convenience, since cleaning up other state in the event
+	 * handler may appear more idiomatic.
+	 *
+	 * Meta-data: none
+	 */
+	ZT_EVENT_DOWN = 3,
+
+	/**
+	 * Your identity has collided with another node's ZeroTier address
+	 *
+	 * This happens if two different public keys both hash (via the algorithm
+	 * in Identity::generate()) to the same 40-bit ZeroTier address.
+	 *
+	 * This is something you should "never" see, where "never" is defined as
+	 * once per 2^39 new node initializations / identity creations. If you do
+	 * see it, you're going to see it very soon after a node is first
+	 * initialized.
+	 *
+	 * This is reported as an event rather than a return code since it's
+	 * detected asynchronously via error messages from authoritative nodes.
+	 *
+	 * If this occurs, you must shut down and delete the node, delete the
+	 * identity.secret record/file from the data store, and restart to generate
+	 * a new identity. If you don't do this, you will not be able to communicate
+	 * with other nodes.
+	 *
+	 * We'd automate this process, but we don't think silently deleting
+	 * private keys or changing our address without telling the calling code
+	 * is good form. It violates the principle of least surprise.
+	 *
+	 * You can technically get away with not handling this, but we recommend
+	 * doing so in a mature reliable application. Besides, handling this
+	 * condition is a good way to make sure it never arises. It's like how
+	 * umbrellas prevent rain and smoke detectors prevent fires. They do, right?
+	 *
+	 * Meta-data: none
+	 */
+	ZT_EVENT_FATAL_ERROR_IDENTITY_COLLISION = 4,
+
+	/**
+	 * Trace (debugging) message
+	 *
+	 * These events are only generated if this is a TRACE-enabled build.
+	 *
+	 * Meta-data: C string, TRACE message
+	 */
+	ZT_EVENT_TRACE = 5
+};
+
+/**
+ * Current node status
+ */
+typedef struct
+{
+	/**
+	 * 40-bit ZeroTier address of this node
+	 */
+	uint64_t address;
+
+	/**
+	 * Current world ID
+	 */
+	uint64_t worldId;
+
+	/**
+	 * Current world revision/timestamp
+	 */
+	uint64_t worldTimestamp;
+
+	/**
+	 * Public identity in string-serialized form (safe to send to others)
+	 *
+	 * This pointer will remain valid as long as the node exists.
+	 */
+	const char *publicIdentity;
+
+	/**
+	 * Full identity including secret key in string-serialized form
+	 *
+	 * This pointer will remain valid as long as the node exists.
+	 */
+	const char *secretIdentity;
+
+	/**
+	 * True if some kind of connectivity appears available
+	 */
+	int online;
+} ZT_NodeStatus;
+
+/**
+ * Virtual network status codes
+ */
+enum ZT_VirtualNetworkStatus
+{
+	/**
+	 * Waiting for network configuration (also means revision == 0)
+	 */
+	ZT_NETWORK_STATUS_REQUESTING_CONFIGURATION = 0,
+
+	/**
+	 * Configuration received and we are authorized
+	 */
+	ZT_NETWORK_STATUS_OK = 1,
+
+	/**
+	 * Netconf master told us 'nope'
+	 */
+	ZT_NETWORK_STATUS_ACCESS_DENIED = 2,
+
+	/**
+	 * Netconf master exists, but this virtual network does not
+	 */
+	ZT_NETWORK_STATUS_NOT_FOUND = 3,
+
+	/**
+	 * Initialization of network failed or other internal error
+	 */
+	ZT_NETWORK_STATUS_PORT_ERROR = 4,
+
+	/**
+	 * ZeroTier core version too old
+	 */
+	ZT_NETWORK_STATUS_CLIENT_TOO_OLD = 5
+};
+
+/**
+ * Virtual network type codes
+ */
+enum ZT_VirtualNetworkType
+{
+	/**
+	 * Private networks are authorized via certificates of membership
+	 */
+	ZT_NETWORK_TYPE_PRIVATE = 0,
+
+	/**
+	 * Public networks have no access control -- they'll always be AUTHORIZED
+	 */
+	ZT_NETWORK_TYPE_PUBLIC = 1
+};
+
+/**
+ * The type of a virtual network rules table entry
+ *
+ * These must range from 0 to 127 (0x7f).
+ *
+ * Each rule is composed of one or more MATCHes followed by an ACTION.
+ */
+enum ZT_VirtualNetworkRuleType
+{
+	/**
+	 * Drop frame
+	 */
+	ZT_NETWORK_RULE_ACTION_DROP = 0,
+
+	/**
+	 * Accept and pass frame
+	 */
+	ZT_NETWORK_RULE_ACTION_ACCEPT = 1,
+
+	/**
+	 * Forward a copy of this frame to an observer
+	 */
+	ZT_NETWORK_RULE_ACTION_TEE = 2,
+
+	/**
+	 * Explicitly redirect this frame to another device (ignored if this is the target device)
+	 */
+	ZT_NETWORK_RULE_ACTION_REDIRECT = 3,
+
+	// <32 == actions
+
+	/**
+	 * Source ZeroTier address -- analogous to an Ethernet port ID on a switch
+	 */
+	ZT_NETWORK_RULE_MATCH_SOURCE_ZEROTIER_ADDRESS = 32,
+
+	/**
+	 * Destination ZeroTier address -- analogous to an Ethernet port ID on a switch
+	 */
+	ZT_NETWORK_RULE_MATCH_DEST_ZEROTIER_ADDRESS = 33,
+
+	/**
+	 * Ethernet VLAN ID
+	 */
+	ZT_NETWORK_RULE_MATCH_VLAN_ID = 34,
+
+	/** 
+	 * Ethernet VLAN PCP
+	 */
+	ZT_NETWORK_RULE_MATCH_VLAN_PCP = 35,
+
+	/**
+	 * Ethernet VLAN DEI
+	 */
+	ZT_NETWORK_RULE_MATCH_VLAN_DEI = 36,
+
+	/**
+	 * Ethernet frame type
+	 */
+	ZT_NETWORK_RULE_MATCH_ETHERTYPE = 37,
+
+	/**
+	 * Source Ethernet MAC address
+	 */
+	ZT_NETWORK_RULE_MATCH_MAC_SOURCE = 38,
+
+	/**
+	 * Destination Ethernet MAC address
+	 */
+	ZT_NETWORK_RULE_MATCH_MAC_DEST = 39,
+
+	/**
+	 * Source IPv4 address
+	 */
+	ZT_NETWORK_RULE_MATCH_IPV4_SOURCE = 40,
+
+	/**
+	 * Destination IPv4 address
+	 */
+	ZT_NETWORK_RULE_MATCH_IPV4_DEST = 41,
+
+	/**
+	 * Source IPv6 address
+	 */
+	ZT_NETWORK_RULE_MATCH_IPV6_SOURCE = 42,
+
+	/**
+	 * Destination IPv6 address
+	 */
+	ZT_NETWORK_RULE_MATCH_IPV6_DEST = 43,
+
+	/**
+	 * IP TOS (type of service)
+	 */
+	ZT_NETWORK_RULE_MATCH_IP_TOS = 44,
+
+	/**
+	 * IP protocol
+	 */
+	ZT_NETWORK_RULE_MATCH_IP_PROTOCOL = 45,
+
+	/**
+	 * IP source port range (start-end, inclusive)
+	 */
+	ZT_NETWORK_RULE_MATCH_IP_SOURCE_PORT_RANGE = 46,
+
+	/**
+	 * IP destination port range (start-end, inclusive)
+	 */
+	ZT_NETWORK_RULE_MATCH_IP_DEST_PORT_RANGE = 47,
+
+	/**
+	 * Packet characteristics (set of flags)
+	 */
+	ZT_NETWORK_RULE_MATCH_CHARACTERISTICS = 48,
+
+	/**
+	 * Frame size range (start-end, inclusive)
+	 */
+	ZT_NETWORK_RULE_MATCH_FRAME_SIZE_RANGE = 49,
+
+	/**
+	 * Match a range of relative TCP sequence numbers (e.g. approx first N bytes of stream)
+	 */
+	ZT_NETWORK_RULE_MATCH_TCP_RELATIVE_SEQUENCE_NUMBER_RANGE = 50,
+
+	/**
+	 * Match a certificate of network membership field from the ZT origin's COM: greater than or equal to
+	 */
+	ZT_NETWORK_RULE_MATCH_COM_FIELD_GE = 51,
+
+	/**
+	 * Match a certificate of network membership field from the ZT origin's COM: less than or equal to
+	 */
+	ZT_NETWORK_RULE_MATCH_COM_FIELD_LE = 52
+};
+
+/**
+ * Network flow rule
+ *
+ * NOTE: Currently (1.1.x) only etherType is supported! Other things will
+ * have no effect until the rules engine is fully implemented.
+ *
+ * Rules are stored in a table in which one or more match entries is followed
+ * by an action. If more than one match precedes an action, the rule is
+ * the AND of all matches. An action with no match is always taken since it
+ * matches anything. If nothing matches, the default action is DROP.
+ *
+ * This is designed to be a more memory-efficient way of storing rules than
+ * a wide table, yet still fast and simple to access in code.
+ */
+typedef struct
+{
+	/** 
+	 * Least significant 7 bits: ZT_VirtualNetworkRuleType, most significant 1 bit is NOT bit
+	 *
+	 * If the NOT bit is set, then matches will be interpreted as "does not
+	 * match." The NOT bit has no effect on actions.
+	 *
+	 * Use "& 0x7f" to get the enum and "& 0x80" to get the NOT flag.
+	 *
+	 * The union 'v' is a variant type, and this selects which field in 'v' is
+	 * actually used and valid.
+	 */
+	uint8_t t;
+
+	/**
+	 * Union containing the value of this rule -- which field is used depends on 't'
+	 */
+	union {
+		/**
+		 * IPv6 address in big-endian / network byte order and netmask bits
+		 */
+		struct {
+			uint8_t ip[16];
+			uint8_t mask;
+		} ipv6;
+
+		/**
+		 * IPv4 address in big-endian / network byte order
+		 */
+		struct {
+			uint32_t ip;
+			uint8_t mask;
+		} ipv4;
+
+		/**
+		 * Packet characteristic flags being matched
+		 */
+		uint64_t characteristics;
+
+		/**
+		 * IP port range -- start-end inclusive -- host byte order
+		 */
+		uint16_t port[2];
+
+		/**
+		 * TCP relative sequence number range -- start-end inclusive -- host byte order
+		 */
+		uint32_t tcpseq[2];
+
+		/**
+		 * 40-bit ZeroTier address (in least significant bits, host byte order)
+		 */
+		uint64_t zt;
+
+		/**
+		 * 48-bit Ethernet MAC address in big-endian order
+		 */
+		uint8_t mac[6];
+
+		/**
+		 * VLAN ID in host byte order
+		 */
+		uint16_t vlanId;
+
+		/**
+		 * VLAN PCP (least significant 3 bits)
+		 */
+		uint8_t vlanPcp;
+
+		/**
+		 * VLAN DEI (single bit / boolean)
+		 */
+		uint8_t vlanDei;
+
+		/**
+		 * Ethernet type in host byte order
+		 */
+		uint16_t etherType;
+
+		/**
+		 * IP protocol
+		 */
+		uint8_t ipProtocol;
+
+		/**
+		 * IP type of service
+		 */
+		uint8_t ipTos;
+
+		/**
+		 * Ethernet packet size in host byte order (start-end, inclusive)
+		 */
+		uint16_t frameSize[2];
+
+		/**
+		 * COM ID and value for ZT_NETWORK_RULE_MATCH_COM_FIELD_GE and ZT_NETWORK_RULE_MATCH_COM_FIELD_LE
+		 */
+		uint64_t comIV[2];
+	} v;
+} ZT_VirtualNetworkRule;
+
+/**
+ * A route to be pushed on a virtual network
+ */
+typedef struct
+{
+	/**
+	 * Target network / netmask bits (in port field) or NULL or 0.0.0.0/0 for default
+	 */
+	struct sockaddr_storage target;
+
+	/**
+	 * Gateway IP address (port ignored) or NULL (family == 0) for LAN-local (no gateway)
+	 */
+	struct sockaddr_storage via;
+
+	/**
+	 * Route flags
+	 */
+	uint16_t flags;
+
+	/**
+	 * Route metric (not currently used)
+	 */
+	uint16_t metric;
+} ZT_VirtualNetworkRoute;
+
+/**
+ * An Ethernet multicast group
+ */
+typedef struct
+{
+	/**
+	 * MAC address (least significant 48 bits)
+	 */
+	uint64_t mac;
+
+	/**
+	 * Additional distinguishing information (usually zero)
+	 */
+	unsigned long adi;
+} ZT_MulticastGroup;
+
+/**
+ * Virtual network configuration update type
+ */
+enum ZT_VirtualNetworkConfigOperation
+{
+	/**
+	 * Network is coming up (either for the first time or after service restart)
+	 */
+	ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_UP = 1,
+
+	/**
+	 * Network configuration has been updated
+	 */
+	ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_CONFIG_UPDATE = 2,
+
+	/**
+	 * Network is going down (not permanently)
+	 */
+	ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_DOWN = 3,
+
+	/**
+	 * Network is going down permanently (leave/delete)
+	 */
+	ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_DESTROY = 4
+};
+
+/**
+ * What trust hierarchy role does this peer have?
+ */
+enum ZT_PeerRole {
+	ZT_PEER_ROLE_LEAF = 0,     // ordinary node
+	ZT_PEER_ROLE_RELAY = 1,    // relay node
+	ZT_PEER_ROLE_ROOT = 2      // root server
+};
+
+/**
+ * Vendor ID
+ */
+enum ZT_Vendor {
+	ZT_VENDOR_UNSPECIFIED = 0,
+	ZT_VENDOR_ZEROTIER = 1
+};
+
+/**
+ * Platform type
+ */
+enum ZT_Platform {
+	ZT_PLATFORM_UNSPECIFIED = 0,
+	ZT_PLATFORM_LINUX = 1,
+	ZT_PLATFORM_WINDOWS = 2,
+	ZT_PLATFORM_MACOS = 3,
+	ZT_PLATFORM_ANDROID = 4,
+	ZT_PLATFORM_IOS = 5,
+	ZT_PLATFORM_SOLARIS_SMARTOS = 6,
+	ZT_PLATFORM_FREEBSD = 7,
+	ZT_PLATFORM_NETBSD = 8,
+	ZT_PLATFORM_OPENBSD = 9,
+	ZT_PLATFORM_RISCOS = 10,
+	ZT_PLATFORM_VXWORKS = 11,
+	ZT_PLATFORM_FREERTOS = 12,
+	ZT_PLATFORM_SYSBIOS = 13,
+	ZT_PLATFORM_HURD = 14
+};
+
+/**
+ * Architecture type
+ */
+enum ZT_Architecture {
+	ZT_ARCHITECTURE_UNSPECIFIED = 0,
+	ZT_ARCHITECTURE_X86 = 1,
+	ZT_ARCHITECTURE_X64 = 2,
+	ZT_ARCHITECTURE_ARM32 = 3,
+	ZT_ARCHITECTURE_ARM64 = 4,
+	ZT_ARCHITECTURE_MIPS32 = 5,
+	ZT_ARCHITECTURE_MIPS64 = 6,
+	ZT_ARCHITECTURE_POWER32 = 7,
+	ZT_ARCHITECTURE_POWER64 = 8,
+	ZT_ARCHITECTURE_OPENRISC32 = 9,
+	ZT_ARCHITECTURE_OPENRISC64 = 10,
+	ZT_ARCHITECTURE_SPARC32 = 11,
+	ZT_ARCHITECTURE_SPARC64 = 12,
+	ZT_ARCHITECTURE_DOTNET_CLR = 13,
+	ZT_ARCHITECTURE_JAVA_JVM = 14
+};
+
+/**
+ * Virtual network configuration
+ */
+typedef struct
+{
+	/**
+	 * 64-bit ZeroTier network ID
+	 */
+	uint64_t nwid;
+
+	/**
+	 * Ethernet MAC (48 bits) that should be assigned to port
+	 */
+	uint64_t mac;
+
+	/**
+	 * Network name (from network configuration master)
+	 */
+	char name[ZT_MAX_NETWORK_SHORT_NAME_LENGTH + 1];
+
+	/**
+	 * Network configuration request status
+	 */
+	enum ZT_VirtualNetworkStatus status;
+
+	/**
+	 * Network type
+	 */
+	enum ZT_VirtualNetworkType type;
+
+	/**
+	 * Maximum interface MTU
+	 */
+	unsigned int mtu;
+
+	/**
+	 * If nonzero, the network this port belongs to indicates DHCP availability
+	 *
+	 * This is a suggestion. The underlying implementation is free to ignore it
+	 * for security or other reasons. This is simply a netconf parameter that
+	 * means 'DHCP is available on this network.'
+	 */
+	int dhcp;
+
+	/**
+	 * If nonzero, this port is allowed to bridge to other networks
+	 *
+	 * This is informational. If this is false (0), bridged packets will simply
+	 * be dropped and bridging won't work.
+	 */
+	int bridge;
+
+	/**
+	 * If nonzero, this network supports and allows broadcast (ff:ff:ff:ff:ff:ff) traffic
+	 */
+	int broadcastEnabled;
+
+	/**
+	 * If the network is in PORT_ERROR state, this is the (negative) error code most recently reported
+	 */
+	int portError;
+
+	/**
+	 * Revision number as reported by controller or 0 if still waiting for config
+	 */
+	unsigned long netconfRevision;
+
+	/**
+	 * Number of assigned addresses
+	 */
+	unsigned int assignedAddressCount;
+
+	/**
+	 * ZeroTier-assigned addresses (in sockaddr_storage structures)
+	 *
+	 * For IP, the port number of the sockaddr_XX structure contains the number
+	 * of bits in the address netmask. Only the IP address and port are used.
+	 * Other fields like interface number can be ignored.
+	 *
+	 * This is only used for ZeroTier-managed address assignments sent by the
+	 * virtual network's configuration master.
+	 */
+	struct sockaddr_storage assignedAddresses[ZT_MAX_ZT_ASSIGNED_ADDRESSES];
+
+	/**
+	 * Number of ZT-pushed routes
+	 */
+	unsigned int routeCount;
+
+	/**
+	 * Routes (excluding those implied by assigned addresses and their masks)
+	 */
+	ZT_VirtualNetworkRoute routes[ZT_MAX_NETWORK_ROUTES];
+} ZT_VirtualNetworkConfig;
+
+/**
+ * A list of networks
+ */
+typedef struct
+{
+	ZT_VirtualNetworkConfig *networks;
+	unsigned long networkCount;
+} ZT_VirtualNetworkList;
+
+/**
+ * Physical network path to a peer
+ */
+typedef struct
+{
+	/**
+	 * Address of endpoint
+	 */
+	struct sockaddr_storage address;
+
+	/**
+	 * Time of last send in milliseconds or 0 for never
+	 */
+	uint64_t lastSend;
+
+	/**
+	 * Time of last receive in milliseconds or 0 for never
+	 */
+	uint64_t lastReceive;
+
+	/**
+	 * Is this a trusted path? If so this will be its nonzero ID.
+	 */
+	uint64_t trustedPathId;
+
+	/**
+	 * Is path active?
+	 */
+	int active;
+
+	/**
+	 * Is path preferred?
+	 */
+	int preferred;
+} ZT_PeerPhysicalPath;
+
+/**
+ * Peer status result buffer
+ */
+typedef struct
+{
+	/**
+	 * ZeroTier address (40 bits)
+	 */
+	uint64_t address;
+
+	/**
+	 * Time we last received a unicast frame from this peer
+	 */
+	uint64_t lastUnicastFrame;
+
+	/**
+	 * Time we last received a multicast rame from this peer
+	 */
+	uint64_t lastMulticastFrame;
+
+	/**
+	 * Remote major version or -1 if not known
+	 */
+	int versionMajor;
+
+	/**
+	 * Remote minor version or -1 if not known
+	 */
+	int versionMinor;
+
+	/**
+	 * Remote revision or -1 if not known
+	 */
+	int versionRev;
+
+	/**
+	 * Last measured latency in milliseconds or zero if unknown
+	 */
+	unsigned int latency;
+
+	/**
+	 * What trust hierarchy role does this device have?
+	 */
+	enum ZT_PeerRole role;
+
+	/**
+	 * Number of paths (size of paths[])
+	 */
+	unsigned int pathCount;
+
+	/**
+	 * Known network paths to peer
+	 */
+	ZT_PeerPhysicalPath paths[ZT_MAX_PEER_NETWORK_PATHS];
+} ZT_Peer;
+
+/**
+ * List of peers
+ */
+typedef struct
+{
+	ZT_Peer *peers;
+	unsigned long peerCount;
+} ZT_PeerList;
+
+/**
+ * ZeroTier circuit test configuration and path
+ */
+typedef struct {
+	/**
+	 * Test ID -- an arbitrary 64-bit identifier
+	 */
+	uint64_t testId;
+
+	/**
+	 * Timestamp -- sent with test and echoed back by each reporter
+	 */
+	uint64_t timestamp;
+
+	/**
+	 * Originator credential: network ID
+	 *
+	 * If this is nonzero, a network ID will be set for this test and
+	 * the originator must be its primary network controller. This is
+	 * currently the only authorization method available, so it must
+	 * be set to run a test.
+	 */
+	uint64_t credentialNetworkId;
+
+	/**
+	 * Hops in circuit test (a.k.a. FIFO for graph traversal)
+	 */
+	struct {
+		/**
+		 * Hop flags (currently unused, must be zero)
+		 */
+		unsigned int flags;
+
+		/**
+		 * Number of addresses in this hop (max: ZT_CIRCUIT_TEST_MAX_HOP_BREADTH)
+		 */
+		unsigned int breadth;
+
+		/**
+		 * 40-bit ZeroTier addresses (most significant 24 bits ignored)
+		 */
+		uint64_t addresses[ZT_CIRCUIT_TEST_MAX_HOP_BREADTH];
+	} hops[ZT_CIRCUIT_TEST_MAX_HOPS];
+
+	/**
+	 * Number of hops (max: ZT_CIRCUIT_TEST_MAX_HOPS)
+	 */
+	unsigned int hopCount;
+
+	/**
+	 * If non-zero, circuit test will report back at every hop
+	 */
+	int reportAtEveryHop;
+
+	/**
+	 * An arbitrary user-settable pointer
+	 */
+	void *ptr;
+
+	/**
+	 * Pointer for internal use -- initialize to zero and do not modify
+	 */
+	void *_internalPtr;
+} ZT_CircuitTest;
+
+/**
+ * Circuit test result report
+ */
+typedef struct {
+	/**
+	 * Sender of report (current hop)
+	 */
+	uint64_t current;
+
+	/**
+	 * Previous hop
+	 */
+	uint64_t upstream;
+
+	/**
+	 * 64-bit test ID
+	 */
+	uint64_t testId;
+
+	/**
+	 * Timestamp from original test (echoed back at each hop)
+	 */
+	uint64_t timestamp;
+
+	/**
+	 * Timestamp on remote device
+	 */
+	uint64_t remoteTimestamp;
+
+	/**
+	 * 64-bit packet ID of packet received by the reporting device
+	 */
+	uint64_t sourcePacketId;
+
+	/**
+	 * Flags (currently unused, will be zero)
+	 */
+	uint64_t flags;
+
+	/**
+	 * ZeroTier protocol-level hop count of packet received by reporting device (>0 indicates relayed)
+	 */
+	unsigned int sourcePacketHopCount;
+
+	/**
+	 * Error code (currently unused, will be zero)
+	 */
+	unsigned int errorCode;
+
+	/**
+	 * Remote device vendor ID
+	 */
+	enum ZT_Vendor vendor;
+
+	/**
+	 * Remote device protocol compliance version
+	 */
+	unsigned int protocolVersion;
+
+	/**
+	 * Software major version
+	 */
+	unsigned int majorVersion;
+
+	/**
+	 * Software minor version
+	 */
+	unsigned int minorVersion;
+
+	/**
+	 * Software revision
+	 */
+	unsigned int revision;
+
+	/**
+	 * Platform / OS
+	 */
+	enum ZT_Platform platform;
+
+	/**
+	 * System architecture
+	 */
+	enum ZT_Architecture architecture;
+
+	/**
+	 * Local device address on which packet was received by reporting device
+	 *
+	 * This may have ss_family equal to zero (null address) if unspecified.
+	 */
+	struct sockaddr_storage receivedOnLocalAddress;
+
+	/**
+	 * Remote address from which reporter received the test packet
+	 *
+	 * This may have ss_family set to zero (null address) if unspecified.
+	 */
+	struct sockaddr_storage receivedFromRemoteAddress;
+
+	/**
+	 * Next hops to which packets are being or will be sent by the reporter
+	 *
+	 * In addition to reporting back, the reporter may send the test on if
+	 * there are more recipients in the FIFO. If it does this, it can report
+	 * back the address(es) that make up the next hop and the physical address
+	 * for each if it has one. The physical address being null/unspecified
+	 * typically indicates that no direct path exists and the next packet
+	 * will be relayed.
+	 */
+	struct {
+		/**
+		 * 40-bit ZeroTier address
+		 */
+		uint64_t address;
+
+		/**
+		 * Physical address or null address (ss_family == 0) if unspecified or unknown
+		 */
+		struct sockaddr_storage physicalAddress;
+	} nextHops[ZT_CIRCUIT_TEST_MAX_HOP_BREADTH];
+
+	/**
+	 * Number of next hops reported in nextHops[]
+	 */
+	unsigned int nextHopCount;
+} ZT_CircuitTestReport;
+
+/**
+ * A cluster member's status
+ */
+typedef struct {
+	/**
+	 * This cluster member's ID (from 0 to 1-ZT_CLUSTER_MAX_MEMBERS)
+	 */
+	unsigned int id;
+
+	/**
+	 * Number of milliseconds since last 'alive' heartbeat message received via cluster backplane address
+	 */
+	unsigned int msSinceLastHeartbeat;
+
+	/**
+	 * Non-zero if cluster member is alive
+	 */
+	int alive;
+
+	/**
+	 * X, Y, and Z coordinates of this member (if specified, otherwise zero)
+	 *
+	 * What these mean depends on the location scheme being used for
+	 * location-aware clustering. At present this is GeoIP and these
+	 * will be the X, Y, and Z coordinates of the location on a spherical
+	 * approximation of Earth where Earth's core is the origin (in km).
+	 * They don't have to be perfect and need only be comparable with others
+	 * to find shortest path via the standard vector distance formula.
+	 */
+	int x,y,z;
+
+	/**
+	 * Cluster member's last reported load
+	 */
+	uint64_t load;
+
+	/**
+	 * Number of peers
+	 */
+	uint64_t peers;
+
+	/**
+	 * Physical ZeroTier endpoints for this member (where peers are sent when directed here)
+	 */
+	struct sockaddr_storage zeroTierPhysicalEndpoints[ZT_CLUSTER_MAX_ZT_PHYSICAL_ADDRESSES];
+
+	/**
+	 * Number of physical ZeroTier endpoints this member is announcing
+	 */
+	unsigned int numZeroTierPhysicalEndpoints;
+} ZT_ClusterMemberStatus;
+
+/**
+ * ZeroTier cluster status
+ */
+typedef struct {
+	/**
+	 * My cluster member ID (a record for 'self' is included in member[])
+	 */
+	unsigned int myId;
+
+	/**
+	 * Number of cluster members
+	 */
+	unsigned int clusterSize;
+
+	/**
+	 * Cluster member statuses
+	 */
+	ZT_ClusterMemberStatus members[ZT_CLUSTER_MAX_MEMBERS];
+} ZT_ClusterStatus;
+
+/**
+ * An instance of a ZeroTier One node (opaque)
+ */
+typedef void ZT_Node;
+
+/****************************************************************************/
+/* Callbacks used by Node API                                               */
+/****************************************************************************/
+
+/**
+ * Callback called to update virtual network port configuration
+ *
+ * This can be called at any time to update the configuration of a virtual
+ * network port. The parameter after the network ID specifies whether this
+ * port is being brought up, updated, brought down, or permanently deleted.
+ *
+ * This in turn should be used by the underlying implementation to create
+ * and configure tap devices at the OS (or virtual network stack) layer.
+ *
+ * The supplied config pointer is not guaranteed to remain valid, so make
+ * a copy if you want one.
+ *
+ * This should not call multicastSubscribe() or other network-modifying
+ * methods, as this could cause a deadlock in multithreaded or interrupt
+ * driven environments.
+ *
+ * This must return 0 on success. It can return any OS-dependent error code
+ * on failure, and this results in the network being placed into the
+ * PORT_ERROR state.
+ */
+typedef int (*ZT_VirtualNetworkConfigFunction)(
+	ZT_Node *,                             /* Node */
+	void *,                                /* User ptr */
+	uint64_t,                              /* Network ID */
+	void **,                               /* Modifiable network user PTR */
+	enum ZT_VirtualNetworkConfigOperation, /* Config operation */
+	const ZT_VirtualNetworkConfig *);      /* Network configuration */
+
+/**
+ * Function to send a frame out to a virtual network port
+ *
+ * Parameters: (1) node, (2) user ptr, (3) network ID, (4) source MAC,
+ * (5) destination MAC, (6) ethertype, (7) VLAN ID, (8) frame data,
+ * (9) frame length.
+ */
+typedef void (*ZT_VirtualNetworkFrameFunction)(
+	ZT_Node *,                             /* Node */
+	void *,                                /* User ptr */
+	uint64_t,                              /* Network ID */
+	void **,                               /* Modifiable network user PTR */
+	uint64_t,                              /* Source MAC */
+	uint64_t,                              /* Destination MAC */
+	unsigned int,                          /* Ethernet type */
+	unsigned int,                          /* VLAN ID (0 for none) */
+	const void *,                          /* Frame data */
+	unsigned int);                         /* Frame length */
+
+/**
+ * Callback for events
+ *
+ * Events are generated when the node's status changes in a significant way
+ * and on certain non-fatal errors and events of interest. The final void
+ * parameter points to event meta-data. The type of event meta-data (and
+ * whether it is present at all) is event type dependent. See the comments
+ * in the definition of ZT_Event.
+ */
+typedef void (*ZT_EventCallback)(
+	ZT_Node *,
+	void *,
+	enum ZT_Event,
+	const void *);
+
+/**
+ * Function to get an object from the data store
+ *
+ * Parameters: (1) object name, (2) buffer to fill, (3) size of buffer, (4)
+ * index in object to start reading, (5) result parameter that must be set
+ * to the actual size of the object if it exists.
+ *
+ * Object names can contain forward slash (/) path separators. They will
+ * never contain .. or backslash (\), so this is safe to map as a Unix-style
+ * path if the underlying storage permits. For security reasons we recommend
+ * returning errors if .. or \ are used.
+ *
+ * The function must return the actual number of bytes read. If the object
+ * doesn't exist, it should return -1. -2 should be returned on other errors
+ * such as errors accessing underlying storage.
+ *
+ * If the read doesn't fit in the buffer, the max number of bytes should be
+ * read. The caller may call the function multiple times to read the whole
+ * object.
+ */
+typedef long (*ZT_DataStoreGetFunction)(
+	ZT_Node *,
+	void *,
+	const char *,
+	void *,
+	unsigned long,
+	unsigned long,
+	unsigned long *);
+
+/**
+ * Function to store an object in the data store
+ *
+ * Parameters: (1) node, (2) user ptr, (3) object name, (4) object data,
+ * (5) object size, (6) secure? (bool).
+ *
+ * If secure is true, the file should be set readable and writable only
+ * to the user running ZeroTier One. What this means is platform-specific.
+ *
+ * Name semantics are the same as the get function. This must return zero on
+ * success. You can return any OS-specific error code on failure, as these
+ * may be visible in logs or error messages and might aid in debugging.
+ *
+ * If the data pointer is null, this must be interpreted as a delete
+ * operation.
+ */
+typedef int (*ZT_DataStorePutFunction)(
+	ZT_Node *,
+	void *,
+	const char *,
+	const void *,
+	unsigned long,
+	int);
+
+/**
+ * Function to send a ZeroTier packet out over the wire
+ *
+ * Parameters:
+ *  (1) Node
+ *  (2) User pointer
+ *  (3) Local interface address
+ *  (4) Remote address
+ *  (5) Packet data
+ *  (6) Packet length
+ *  (7) Desired IP TTL or 0 to use default
+ *
+ * If there is only one local interface it is safe to ignore the local
+ * interface address. Otherwise if running with multiple interfaces, the
+ * correct local interface should be chosen by address unless NULL. If
+ * the ss_family field is zero (NULL address), a random or preferred
+ * default interface should be used.
+ *
+ * If TTL is nonzero, packets should have their IP TTL value set to this
+ * value if possible. If this is not possible it is acceptable to ignore
+ * this value and send anyway with normal or default TTL.
+ *
+ * The function must return zero on success and may return any error code
+ * on failure. Note that success does not (of course) guarantee packet
+ * delivery. It only means that the packet appears to have been sent.
+ */
+typedef int (*ZT_WirePacketSendFunction)(
+	ZT_Node *,                        /* Node */
+	void *,                           /* User ptr */
+	const struct sockaddr_storage *,  /* Local address */
+	const struct sockaddr_storage *,  /* Remote address */
+	const void *,                     /* Packet data */
+	unsigned int,                     /* Packet length */
+	unsigned int);                    /* TTL or 0 to use default */
+
+/**
+ * Function to check whether a path should be used for ZeroTier traffic
+ *
+ * Paramters:
+ *  (1) Node
+ *  (2) User pointer
+ *  (3) Local interface address
+ *  (4) Remote address
+ *
+ * This function must return nonzero (true) if the path should be used.
+ *
+ * If no path check function is specified, ZeroTier will still exclude paths
+ * that overlap with ZeroTier-assigned and managed IP address blocks. But the
+ * use of a path check function is recommended to ensure that recursion does
+ * not occur in cases where addresses are assigned by the OS or managed by
+ * an out of band mechanism like DHCP. The path check function should examine
+ * all configured ZeroTier interfaces and check to ensure that the supplied
+ * addresses will not result in ZeroTier traffic being sent over a ZeroTier
+ * interface (recursion).
+ *
+ * Obviously this is not required in configurations where this can't happen,
+ * such as network containers or embedded.
+ */
+typedef int (*ZT_PathCheckFunction)(
+	ZT_Node *,                        /* Node */
+	void *,                           /* User ptr */
+	const struct sockaddr_storage *,  /* Local address */
+	const struct sockaddr_storage *); /* Remote address */
+
+/****************************************************************************/
+/* C Node API                                                               */
+/****************************************************************************/
+
+/**
+ * Create a new ZeroTier One node
+ *
+ * Note that this can take a few seconds the first time it's called, as it
+ * will generate an identity.
+ *
+ * @param node Result: pointer is set to new node instance on success
+ * @param uptr User pointer to pass to functions/callbacks
+ * @param now Current clock in milliseconds
+ * @param dataStoreGetFunction Function called to get objects from persistent storage
+ * @param dataStorePutFunction Function called to put objects in persistent storage
+ * @param virtualNetworkConfigFunction Function to be called when virtual LANs are created, deleted, or their config parameters change
+ * @param pathCheckFunction A function to check whether a path should be used for ZeroTier traffic, or NULL to allow any path
+ * @param eventCallback Function to receive status updates and non-fatal error notices
+ * @return OK (0) or error code if a fatal error condition has occurred
+ */
+enum ZT_ResultCode ZT_Node_new(
+	ZT_Node **node,
+	void *uptr,
+	uint64_t now,
+	ZT_DataStoreGetFunction dataStoreGetFunction,
+	ZT_DataStorePutFunction dataStorePutFunction,
+	ZT_WirePacketSendFunction wirePacketSendFunction,
+	ZT_VirtualNetworkFrameFunction virtualNetworkFrameFunction,
+	ZT_VirtualNetworkConfigFunction virtualNetworkConfigFunction,
+	ZT_PathCheckFunction pathCheckFunction,
+	ZT_EventCallback eventCallback);
+
+/**
+ * Delete a node and free all resources it consumes
+ *
+ * If you are using multiple threads, all other threads must be shut down
+ * first. This can crash if processXXX() methods are in progress.
+ *
+ * @param node Node to delete
+ */
+void ZT_Node_delete(ZT_Node *node);
+
+/**
+ * Process a packet received from the physical wire
+ *
+ * @param node Node instance
+ * @param now Current clock in milliseconds
+ * @param localAddress Local address, or point to ZT_SOCKADDR_NULL if unspecified
+ * @param remoteAddress Origin of packet
+ * @param packetData Packet data
+ * @param packetLength Packet length
+ * @param nextBackgroundTaskDeadline Value/result: set to deadline for next call to processBackgroundTasks()
+ * @return OK (0) or error code if a fatal error condition has occurred
+ */
+enum ZT_ResultCode ZT_Node_processWirePacket(
+	ZT_Node *node,
+	uint64_t now,
+	const struct sockaddr_storage *localAddress,
+	const struct sockaddr_storage *remoteAddress,
+	const void *packetData,
+	unsigned int packetLength,
+	volatile uint64_t *nextBackgroundTaskDeadline);
+
+/**
+ * Process a frame from a virtual network port (tap)
+ *
+ * @param node Node instance
+ * @param now Current clock in milliseconds
+ * @param nwid ZeroTier 64-bit virtual network ID
+ * @param sourceMac Source MAC address (least significant 48 bits)
+ * @param destMac Destination MAC address (least significant 48 bits)
+ * @param etherType 16-bit Ethernet frame type
+ * @param vlanId 10-bit VLAN ID or 0 if none
+ * @param frameData Frame payload data
+ * @param frameLength Frame payload length
+ * @param nextBackgroundTaskDeadline Value/result: set to deadline for next call to processBackgroundTasks()
+ * @return OK (0) or error code if a fatal error condition has occurred
+ */
+enum ZT_ResultCode ZT_Node_processVirtualNetworkFrame(
+	ZT_Node *node,
+	uint64_t now,
+	uint64_t nwid,
+	uint64_t sourceMac,
+	uint64_t destMac,
+	unsigned int etherType,
+	unsigned int vlanId,
+	const void *frameData,
+	unsigned int frameLength,
+	volatile uint64_t *nextBackgroundTaskDeadline);
+
+/**
+ * Perform periodic background operations
+ *
+ * @param node Node instance
+ * @param now Current clock in milliseconds
+ * @param nextBackgroundTaskDeadline Value/result: set to deadline for next call to processBackgroundTasks()
+ * @return OK (0) or error code if a fatal error condition has occurred
+ */
+enum ZT_ResultCode ZT_Node_processBackgroundTasks(ZT_Node *node,uint64_t now,volatile uint64_t *nextBackgroundTaskDeadline);
+
+/**
+ * Join a network
+ *
+ * This may generate calls to the port config callback before it returns,
+ * or these may be deffered if a netconf is not available yet.
+ *
+ * If we are already a member of the network, nothing is done and OK is
+ * returned.
+ *
+ * @param node Node instance
+ * @param nwid 64-bit ZeroTier network ID
+ * @param uptr An arbitrary pointer to associate with this network (default: NULL)
+ * @return OK (0) or error code if a fatal error condition has occurred
+ */
+enum ZT_ResultCode ZT_Node_join(ZT_Node *node,uint64_t nwid,void *uptr);
+
+/**
+ * Leave a network
+ *
+ * If a port has been configured for this network this will generate a call
+ * to the port config callback with a NULL second parameter to indicate that
+ * the port is now deleted.
+ *
+ * The uptr parameter is optional and is NULL by default. If it is not NULL,
+ * the pointer it points to is set to this network's uptr on success.
+ *
+ * @param node Node instance
+ * @param nwid 64-bit network ID
+ * @param uptr Target pointer is set to uptr (if not NULL)
+ * @return OK (0) or error code if a fatal error condition has occurred
+ */
+enum ZT_ResultCode ZT_Node_leave(ZT_Node *node,uint64_t nwid,void **uptr);
+
+/**
+ * Subscribe to an Ethernet multicast group
+ *
+ * ADI stands for additional distinguishing information. This defaults to zero
+ * and is rarely used. Right now its only use is to enable IPv4 ARP to scale,
+ * and this must be done.
+ *
+ * For IPv4 ARP, the implementation must subscribe to 0xffffffffffff (the
+ * broadcast address) but with an ADI equal to each IPv4 address in host
+ * byte order. This converts ARP from a non-scalable broadcast protocol to
+ * a scalable multicast protocol with perfect address specificity.
+ *
+ * If this is not done, ARP will not work reliably.
+ *
+ * Multiple calls to subscribe to the same multicast address will have no
+ * effect. It is perfectly safe to do this.
+ *
+ * This does not generate an update call to networkConfigCallback().
+ *
+ * @param node Node instance
+ * @param nwid 64-bit network ID
+ * @param multicastGroup Ethernet multicast or broadcast MAC (least significant 48 bits)
+ * @param multicastAdi Multicast ADI (least significant 32 bits only, use 0 if not needed)
+ * @return OK (0) or error code if a fatal error condition has occurred
+ */
+enum ZT_ResultCode ZT_Node_multicastSubscribe(ZT_Node *node,uint64_t nwid,uint64_t multicastGroup,unsigned long multicastAdi);
+
+/**
+ * Unsubscribe from an Ethernet multicast group (or all groups)
+ *
+ * If multicastGroup is zero (0), this will unsubscribe from all groups. If
+ * you are not subscribed to a group this has no effect.
+ *
+ * This does not generate an update call to networkConfigCallback().
+ *
+ * @param node Node instance
+ * @param nwid 64-bit network ID
+ * @param multicastGroup Ethernet multicast or broadcast MAC (least significant 48 bits)
+ * @param multicastAdi Multicast ADI (least significant 32 bits only, use 0 if not needed)
+ * @return OK (0) or error code if a fatal error condition has occurred
+ */
+enum ZT_ResultCode ZT_Node_multicastUnsubscribe(ZT_Node *node,uint64_t nwid,uint64_t multicastGroup,unsigned long multicastAdi);
+
+/**
+ * Get this node's 40-bit ZeroTier address
+ *
+ * @param node Node instance
+ * @return ZeroTier address (least significant 40 bits of 64-bit int)
+ */
+uint64_t ZT_Node_address(ZT_Node *node);
+
+/**
+ * Get the status of this node
+ *
+ * @param node Node instance
+ * @param status Buffer to fill with current node status
+ */
+void ZT_Node_status(ZT_Node *node,ZT_NodeStatus *status);
+
+/**
+ * Get a list of known peer nodes
+ *
+ * The pointer returned here must be freed with freeQueryResult()
+ * when you are done with it.
+ *
+ * @param node Node instance
+ * @return List of known peers or NULL on failure
+ */
+ZT_PeerList *ZT_Node_peers(ZT_Node *node);
+
+/**
+ * Get the status of a virtual network
+ *
+ * The pointer returned here must be freed with freeQueryResult()
+ * when you are done with it.
+ *
+ * @param node Node instance
+ * @param nwid 64-bit network ID
+ * @return Network configuration or NULL if we are not a member of this network
+ */
+ZT_VirtualNetworkConfig *ZT_Node_networkConfig(ZT_Node *node,uint64_t nwid);
+
+/**
+ * Enumerate and get status of all networks
+ *
+ * @param node Node instance
+ * @return List of networks or NULL on failure
+ */
+ZT_VirtualNetworkList *ZT_Node_networks(ZT_Node *node);
+
+/**
+ * Free a query result buffer
+ *
+ * Use this to free the return values of listNetworks(), listPeers(), etc.
+ *
+ * @param node Node instance
+ * @param qr Query result buffer
+ */
+void ZT_Node_freeQueryResult(ZT_Node *node,void *qr);
+
+/**
+ * Add a local interface address
+ *
+ * This is used to make ZeroTier aware of those local interface addresses
+ * that you wish to use for ZeroTier communication. This is optional, and if
+ * it is not used ZeroTier will rely upon upstream peers (and roots) to
+ * perform empirical address discovery and NAT traversal. But the use of this
+ * method is recommended as it improves peer discovery when both peers are
+ * on the same LAN.
+ *
+ * It is the responsibility of the caller to take care that these are never
+ * ZeroTier interface addresses, whether these are assigned by ZeroTier or
+ * are otherwise assigned to an interface managed by this ZeroTier instance.
+ * This can cause recursion or other undesirable behavior.
+ *
+ * This returns a boolean indicating whether or not the address was
+ * accepted. ZeroTier will only communicate over certain address types
+ * and (for IP) address classes.
+ *
+ * @param addr Local interface address
+ * @return Boolean: non-zero if address was accepted and added
+ */
+int ZT_Node_addLocalInterfaceAddress(ZT_Node *node,const struct sockaddr_storage *addr);
+
+/**
+ * Clear local interface addresses
+ */
+void ZT_Node_clearLocalInterfaceAddresses(ZT_Node *node);
+
+/**
+ * Set a network configuration master instance for this node
+ *
+ * Normal nodes should not need to use this. This is for nodes with
+ * special compiled-in support for acting as network configuration
+ * masters / controllers.
+ *
+ * The supplied instance must be a C++ object that inherits from the
+ * NetworkConfigMaster base class in node/. No type checking is performed,
+ * so a pointer to anything else will result in a crash.
+ *
+ * @param node ZertTier One node
+ * @param networkConfigMasterInstance Instance of NetworkConfigMaster C++ class or NULL to disable
+ * @return OK (0) or error code if a fatal error condition has occurred
+ */
+void ZT_Node_setNetconfMaster(ZT_Node *node,void *networkConfigMasterInstance);
+
+/**
+ * Initiate a VL1 circuit test
+ *
+ * This sends an initial VERB_CIRCUIT_TEST and reports results back to the
+ * supplied callback until circuitTestEnd() is called. The supplied
+ * ZT_CircuitTest structure should be initially zeroed and then filled
+ * in with settings and hops.
+ *
+ * It is the caller's responsibility to call circuitTestEnd() and then
+ * to dispose of the test structure. Otherwise this node will listen
+ * for results forever.
+ *
+ * @param node Node instance
+ * @param test Test configuration
+ * @param reportCallback Function to call each time a report is received
+ * @return OK or error if, for example, test is too big for a packet or support isn't compiled in
+ */
+enum ZT_ResultCode ZT_Node_circuitTestBegin(ZT_Node *node,ZT_CircuitTest *test,void (*reportCallback)(ZT_Node *, ZT_CircuitTest *,const ZT_CircuitTestReport *));
+
+/**
+ * Stop listening for results to a given circuit test
+ *
+ * This does not free the 'test' structure. The caller may do that
+ * after calling this method to unregister it.
+ *
+ * Any reports that are received for a given test ID after it is
+ * terminated are ignored.
+ *
+ * @param node Node instance
+ * @param test Test configuration to unregister
+ */
+void ZT_Node_circuitTestEnd(ZT_Node *node,ZT_CircuitTest *test);
+
+/**
+ * Initialize cluster operation
+ *
+ * This initializes the internal structures and state for cluster operation.
+ * It takes two function pointers. The first is to a function that can be
+ * used to send data to cluster peers (mechanism is not defined by Node),
+ * and the second is to a function that can be used to get the location of
+ * a physical address in X,Y,Z coordinate space (e.g. as cartesian coordinates
+ * projected from the center of the Earth).
+ *
+ * Send function takes an arbitrary pointer followed by the cluster member ID
+ * to send data to, a pointer to the data, and the length of the data. The
+ * maximum message length is ZT_CLUSTER_MAX_MESSAGE_LENGTH (65535). Messages
+ * must be delivered whole and may be dropped or transposed, though high
+ * failure rates are undesirable and can cause problems. Validity checking or
+ * CRC is also not required since the Node validates the authenticity of
+ * cluster messages using cryptogrphic methods and will silently drop invalid
+ * messages.
+ *
+ * Address to location function is optional and if NULL geo-handoff is not
+ * enabled (in this case x, y, and z in clusterInit are also unused). It
+ * takes an arbitrary pointer followed by a physical address and three result
+ * parameters for x, y, and z. It returns zero on failure or nonzero if these
+ * three coordinates have been set. Coordinate space is arbitrary and can be
+ * e.g. coordinates on Earth relative to Earth's center. These can be obtained
+ * from latitutde and longitude with versions of the Haversine formula.
+ *
+ * See: http://stackoverflow.com/questions/1185408/converting-from-longitude-latitude-to-cartesian-coordinates
+ *
+ * Neither the send nor the address to location function should block. If the
+ * address to location function does not have a location for an address, it
+ * should return zero and then look up the address for future use since it
+ * will be called again in (typically) 1-3 minutes.
+ *
+ * Note that both functions can be called from any thread from which the
+ * various Node functions are called, and so must be thread safe if multiple
+ * threads are being used.
+ *
+ * @param node Node instance
+ * @param myId My cluster member ID (less than or equal to ZT_CLUSTER_MAX_MEMBERS)
+ * @param zeroTierPhysicalEndpoints Preferred physical address(es) for ZeroTier clients to contact this cluster member (for peer redirect)
+ * @param numZeroTierPhysicalEndpoints Number of physical endpoints in zeroTierPhysicalEndpoints[] (max allowed: 255)
+ * @param x My cluster member's X location
+ * @param y My cluster member's Y location
+ * @param z My cluster member's Z location
+ * @param sendFunction Function to be called to send data to other cluster members
+ * @param sendFunctionArg First argument to sendFunction()
+ * @param addressToLocationFunction Function to be called to get the location of a physical address or NULL to disable geo-handoff
+ * @param addressToLocationFunctionArg First argument to addressToLocationFunction()
+ * @return OK or UNSUPPORTED_OPERATION if this Node was not built with cluster support
+ */
+enum ZT_ResultCode ZT_Node_clusterInit(
+	ZT_Node *node,
+	unsigned int myId,
+	const struct sockaddr_storage *zeroTierPhysicalEndpoints,
+	unsigned int numZeroTierPhysicalEndpoints,
+	int x,
+	int y,
+	int z,
+	void (*sendFunction)(void *,unsigned int,const void *,unsigned int),
+	void *sendFunctionArg,
+	int (*addressToLocationFunction)(void *,const struct sockaddr_storage *,int *,int *,int *),
+	void *addressToLocationFunctionArg);
+
+/**
+ * Add a member to this cluster
+ *
+ * Calling this without having called clusterInit() will do nothing.
+ *
+ * @param node Node instance
+ * @param memberId Member ID (must be less than or equal to ZT_CLUSTER_MAX_MEMBERS)
+ * @return OK or error if clustering is disabled, ID invalid, etc.
+ */
+enum ZT_ResultCode ZT_Node_clusterAddMember(ZT_Node *node,unsigned int memberId);
+
+/**
+ * Remove a member from this cluster
+ *
+ * Calling this without having called clusterInit() will do nothing.
+ *
+ * @param node Node instance
+ * @param memberId Member ID to remove (nothing happens if not present)
+ */
+void ZT_Node_clusterRemoveMember(ZT_Node *node,unsigned int memberId);
+
+/**
+ * Handle an incoming cluster state message
+ *
+ * The message itself contains cluster member IDs, and invalid or badly
+ * addressed messages will be silently discarded.
+ *
+ * Calling this without having called clusterInit() will do nothing.
+ *
+ * @param node Node instance
+ * @param msg Cluster message
+ * @param len Length of cluster message
+ */
+void ZT_Node_clusterHandleIncomingMessage(ZT_Node *node,const void *msg,unsigned int len);
+
+/**
+ * Get the current status of the cluster from this node's point of view
+ *
+ * Calling this without clusterInit() or without cluster support will just
+ * zero out the structure and show a cluster size of zero.
+ *
+ * @param node Node instance
+ * @param cs Cluster status structure to fill with data
+ */
+void ZT_Node_clusterStatus(ZT_Node *node,ZT_ClusterStatus *cs);
+
+/**
+ * Set trusted paths
+ *
+ * A trusted path is a physical network (network/bits) over which both
+ * encryption and authentication can be skipped to improve performance.
+ * Each trusted path must have a non-zero unique ID that is the same across
+ * all participating nodes.
+ *
+ * We don't recommend using trusted paths at all unless you really *need*
+ * near-bare-metal performance. Even on a LAN authentication and encryption
+ * are never a bad thing, and anything that introduces an "escape hatch"
+ * for encryption should be treated with the utmost care.
+ *
+ * Calling with NULL pointers for networks and ids and a count of zero clears
+ * all trusted paths.
+ *
+ * @param node Node instance
+ * @param networks Array of [count] networks
+ * @param ids Array of [count] corresponding non-zero path IDs (zero path IDs are ignored)
+ * @param count Number of trusted paths-- values greater than ZT_MAX_TRUSTED_PATHS are clipped
+ */
+void ZT_Node_setTrustedPaths(ZT_Node *node,const struct sockaddr_storage *networks,const uint64_t *ids,unsigned int count);
+
+/**
+ * Do things in the background until Node dies
+ *
+ * This function can be called from one or more background threads to process
+ * certain tasks in the background to improve foreground performance. It will
+ * not return until the Node is shut down. If threading is not enabled in
+ * this build it will return immediately and will do nothing.
+ *
+ * This is completely optional. If this is never called, all processing is
+ * done in the foreground in the various processXXXX() methods.
+ *
+ * This does NOT replace or eliminate the need to call the normal
+ * processBackgroundTasks() function in your main loop. This mechanism is
+ * used to offload the processing of expensive mssages onto background
+ * handler threads to prevent foreground performance degradation under
+ * high load.
+ *
+ * @param node Node instance
+ */
+void ZT_Node_backgroundThreadMain(ZT_Node *node);
+
+/**
+ * Get ZeroTier One version
+ *
+ * @param major Result: major version
+ * @param minor Result: minor version
+ * @param revision Result: revision
+ */
+void ZT_version(int *major,int *minor,int *revision);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/java/CMakeLists.txt b/java/CMakeLists.txt
new file mode 100644
index 0000000..008b747
--- /dev/null
+++ b/java/CMakeLists.txt
@@ -0,0 +1,91 @@
+cmake_minimum_required(VERSION 3.2)
+
+project(ZeroTierOneJNI)
+
+find_package(Java COMPONENTS Development)
+message("JAVA_HOME: $ENV{JAVA_HOME}")
+
+if(WIN32)
+set(Java_INCLUDE_DIRS $ENV{JAVA_HOME}/include)
+endif()
+
+if(APPLE)
+set(Java_INCLUDE_DIRS "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.10.sdk/System/Library/Frameworks/JavaVM.framework/Headers")
+endif()
+
+message("Java Include Dirs: ${Java_INCLUDE_DIRS}")
+
+if(WIN32)
+    add_definitions(-DNOMINMAX)
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /EHsc /W3 /MP")
+endif()
+
+if(APPLE)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -arch i386 -arch x86_64 -Wall -O3 -flto -fPIE -fvectorize -fstack-protector -mmacosx-version-min=10.7 -Wno-unused-private-field")
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${CMAKE_C_FLAGS} -fno-rtti")
+endif()
+
+set(src_files
+    ../ext/lz4/lz4.c
+    ../ext/json-parser/json.c
+    ../ext/http-parser/http_parser.c
+    ../node/C25519.cpp
+    ../node/CertificateOfMembership.cpp
+    ../node/Defaults.cpp
+    ../node/Dictionary.cpp
+    ../node/Identity.cpp
+    ../node/IncomingPacket.cpp
+    ../node/InetAddress.cpp
+    ../node/Multicaster.cpp
+    ../node/Network.cpp
+    ../node/NetworkConfig.cpp
+    ../node/Node.cpp
+    ../node/OutboundMulticast.cpp
+    ../node/Packet.cpp
+    ../node/Peer.cpp
+    ../node/Poly1305.cpp
+    ../node/Salsa20.cpp
+    ../node/SelfAwareness.cpp
+    ../node/SHA512.cpp
+    ../node/Switch.cpp
+    ../node/Topology.cpp
+    ../node/Utils.cpp
+    ../osdep/Http.cpp
+    ../osdep/OSUtils.cpp
+    jni/com_zerotierone_sdk_Node.cpp
+    jni/ZT_jniutils.cpp
+    jni/ZT_jnicache.cpp
+    )
+
+set(include_dirs
+    ${CMAKE_CURRENT_SOURCE_DIR}/../include/
+    ${CMAKE_CURRENT_SOURCE_DIR}/../node/
+    ${Java_INCLUDE_DIRS})
+
+if(WIN32)
+    set(include_dirs
+        ${include_dirs}
+        ${Java_INCLUDE_DIRS}/win32)
+endif()
+
+include_directories(
+    ${include_dirs}
+    )
+
+add_library(${PROJECT_NAME} SHARED ${src_files})
+
+if(APPLE)
+    set_target_properties(${PROJECT_NAME} PROPERTIES SUFFIX ".jnilib")
+endif()
+
+set(link_libs )
+
+if(WIN32)
+    set(link_libs
+        wsock32
+        ws2_32
+
+        )
+endif()
+
+target_link_libraries(${PROJECT_NAME} ${link_libs})
\ No newline at end of file
diff --git a/java/README.md b/java/README.md
new file mode 100644
index 0000000..2650ec3
--- /dev/null
+++ b/java/README.md
@@ -0,0 +1,17 @@
+ZeroTier One SDK - Android JNI Wrapper
+=====
+
+
+Building
+-----
+
+Reqires:
+
+* JDK
+* ANT
+* Android NDK
+
+Required Environment Variables:
+
+* NDK\_BUILD\_LOC - Path do the ndk-build script in the Android NDK
+* ANDROID\_PLATFORM - path to the directory android.jar lives (on Windows: C:\Users\<username>\AppData\Local\Android\sdk\platforms\android-21)
diff --git a/java/build.xml b/java/build.xml
new file mode 100644
index 0000000..4604ad6
--- /dev/null
+++ b/java/build.xml
@@ -0,0 +1,118 @@
+<project default="build_jar" name="ZeroTierOneSDK" basedir=".">
+    <property environment="env"/>
+
+    <condition property="isWindows">
+      <os family="windows"/>
+    </condition>
+
+    <condition property="isMac">
+      <os family="mac"/>
+    </condition>
+
+    <target name="clean_ant">
+        <delete dir="bin" failonerror="false"/>
+        <delete dir="classes" failonerror="false"/>
+        <delete dir="build_win32" failonerror="false"/>
+        <delete dir="build_win64" failonerror="false"/>
+        <delete dir="mac32_64" failonerror="false"/>
+        <delete dir="libs" failonerror="false"/>
+        <delete dir="obj" failonerror="false"/>
+    </target>
+
+    <target name="build_java">
+      <echo message="os.name          = ${os.name}"/>
+        <echo message="os.arch          = ${os.arch}"/>
+        <echo message="ant.java.version = ${ant.java.version}"/>
+        <echo message="java.version     = ${java.version}"/>
+        <echo message="ndk.loc          = ${env.NDK_BUILD_LOC}"/>
+        <echo message="sdk.loc          = ${env.ANDROID_PLATFORM}"/>
+        <echo message="user.dir         = ${user.dir}"/>
+        <echo message="zt1.dir          = ${env.ZT}"/>
+        <mkdir dir="bin"/>
+        <mkdir dir="classes"/>
+        <javac srcdir="src"
+               destdir="classes"
+               source="1.7"
+               target="1.7"
+               classpath="${env.ANDROID_PLATFORM}/android.jar"
+               includeantruntime="false"/>
+    </target>
+
+    <target name="build_android">
+        <exec dir="jni" executable="${env.NDK_BUILD_LOC}" failonerror="true">
+            <arg value="ZT1=${env.ZT}"/>
+            <arg value="V=1"/>
+            <!-- <arg value="NDK_DEBUG=1"/> -->
+        </exec>
+        <copy file="libs/arm64-v8a/libZeroTierOneJNI.so"
+              tofile="classes/lib/arm64-v8a/libZeroTierOneJNI.so"
+              overwrite="true"/>
+        <copy file="libs/armeabi/libZeroTierOneJNI.so" 
+              tofile="classes/lib/armeabi/libZeroTierOneJNI.so"
+              overwrite="true"/>
+        <copy file="libs/armeabi-v7a/libZeroTierOneJNI.so"
+              tofile="classes/lib/armeabi-v7a/libZeroTierOneJNI.so"
+              overwrite="true"/>
+        <copy file="libs/mips/libZeroTierOneJNI.so"
+              tofile="classes/lib/mips/libZeroTierOneJNI.so"
+              overwrite="true"/>
+        <copy file="libs/mips64/libZeroTierOneJNI.so"
+              tofile="classes/lib/mips64/libZeroTierOne.so"
+              overwrite="true"/>
+        <copy file="libs/x86/libZeroTierOneJNI.so"
+              tofile="classes/lib/x86/libZeroTierOneJNI.so"
+              overwrite="true"/>
+        <copy file="libs/x86_64/libZeroTierOneJNI.so"
+              tofile="classes/lib/x86_64/libZeroTierOneJNI.so"
+              overwrite="true"/>
+    </target>
+
+
+    <target name="windows" if="isWindows">
+      <mkdir dir="build_win32"/>
+      <exec dir="build_win32/" executable="cmake" failonerror="true">
+        <arg line=".. -G&quot;Visual Studio 11 2012&quot; -DCMAKE_BUILD_TYPE=Release"/>
+      </exec>
+      <exec dir="build_win32/" executable="cmake" failonerror="true">
+        <arg line="--build . --config Release"/>
+      </exec>
+      <copy file="build_win32/Release/ZeroTierOneJNI.dll"
+            tofile="classes/lib/ZeroTierOneJNI_win32.dll"
+            overwrite="true"/>
+
+      <mkdir dir="build_win64"/>
+      <exec dir="build_win64/" executable="cmake" failonerror="true">
+        <arg line=".. -G&quot;Visual Studio 11 2012 Win64&quot; -DCMAKE_BUILD_TYPE=Release"/>
+      </exec>
+      <exec dir="build_win64/" executable="cmake" failonerror="true">
+        <arg line="--build . --config Release"/>
+      </exec>
+      <copy file="build_win64/Release/ZeroTierOneJNI.dll"
+            tofile="classes/lib/ZeroTierOneJNI_win64.dll"
+            overwrite="true"/>
+    </target>
+
+    <target name="mac" if="isMac">
+      <mkdir dir="mac32_64"/>
+      <exec dir="mac32_64/" executable="cmake" failonerror="true">
+        <arg line=".. -DCMAKE_BUILD_TYPE=Release"/>
+      </exec>
+      <exec dir="mac32_64/" executable="cmake" failonerror="true">
+        <arg line="--build . --config Release"/>
+      </exec>
+      <copy file="mac32_64/libZeroTierOneJNI.jnilib"
+            tofile="classes/lib/libZeroTierOneJNI.jnilib"
+            overwrite="true"/>
+    </target>
+
+    <target name="build_jar" depends="build_java,build_android,windows,mac">
+        <jar destfile="bin/ZeroTierOneSDK.jar" basedir="classes"/>
+    </target>
+
+    <target name="docs">
+      <echo message="Generating Javadocs"/>
+      <mkdir dir="doc/"/>
+      <javadoc sourcepath="src/"
+               destdir="doc/"/>
+    </target>
+</project>
\ No newline at end of file
diff --git a/java/jni/Android.mk b/java/jni/Android.mk
new file mode 100644
index 0000000..c563879
--- /dev/null
+++ b/java/jni/Android.mk
@@ -0,0 +1,46 @@
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := ZeroTierOneJNI
+LOCAL_C_INCLUDES := $(ZT1)/include
+LOCAL_C_INCLUDES += $(ZT1)/node
+LOCAL_LDLIBS := -llog
+# LOCAL_CFLAGS := -g
+
+# ZeroTierOne SDK source files
+LOCAL_SRC_FILES := \
+	$(ZT1)/ext/lz4/lz4.c \
+	$(ZT1)/ext/json-parser/json.c \
+	$(ZT1)/ext/http-parser/http_parser.c \
+	$(ZT1)/node/C25519.cpp \
+	$(ZT1)/node/CertificateOfMembership.cpp \
+	$(ZT1)/node/DeferredPackets.cpp \
+	$(ZT1)/node/Identity.cpp \
+	$(ZT1)/node/IncomingPacket.cpp \
+	$(ZT1)/node/InetAddress.cpp \
+	$(ZT1)/node/Multicaster.cpp \
+	$(ZT1)/node/Network.cpp \
+	$(ZT1)/node/NetworkConfig.cpp \
+	$(ZT1)/node/Node.cpp \
+	$(ZT1)/node/OutboundMulticast.cpp \
+	$(ZT1)/node/Packet.cpp \
+	$(ZT1)/node/Path.cpp \
+	$(ZT1)/node/Peer.cpp \
+	$(ZT1)/node/Poly1305.cpp \
+	$(ZT1)/node/Salsa20.cpp \
+	$(ZT1)/node/SelfAwareness.cpp \
+	$(ZT1)/node/SHA512.cpp \
+	$(ZT1)/node/Switch.cpp \
+	$(ZT1)/node/Topology.cpp \
+	$(ZT1)/node/Utils.cpp \
+	$(ZT1)/osdep/Http.cpp \
+	$(ZT1)/osdep/OSUtils.cpp
+
+# JNI Files
+LOCAL_SRC_FILES += \
+	com_zerotierone_sdk_Node.cpp \
+	ZT_jniutils.cpp \
+	ZT_jnilookup.cpp
+
+include $(BUILD_SHARED_LIBRARY)
\ No newline at end of file
diff --git a/java/jni/Application.mk b/java/jni/Application.mk
new file mode 100644
index 0000000..6950c0e
--- /dev/null
+++ b/java/jni/Application.mk
@@ -0,0 +1,5 @@
+# NDK_TOOLCHAIN_VERSION := clang3.5
+APP_STL := gnustl_static
+APP_CPPFLAGS := -O3 -fPIC -fPIE -Wall -fstack-protector -fexceptions -fno-strict-aliasing -Wno-deprecated-register -DZT_NO_TYPE_PUNNING=1
+APP_PLATFORM := android-14
+APP_ABI := all
diff --git a/java/jni/ZT_jnilookup.cpp b/java/jni/ZT_jnilookup.cpp
new file mode 100644
index 0000000..be52a36
--- /dev/null
+++ b/java/jni/ZT_jnilookup.cpp
@@ -0,0 +1,158 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+#include "ZT_jnilookup.h"
+#include "ZT_jniutils.h"
+
+JniLookup::JniLookup()
+    : m_jvm(NULL)
+{
+    LOGV("JNI Cache Created");
+}
+
+JniLookup::JniLookup(JavaVM *jvm)
+    : m_jvm(jvm)
+{
+    LOGV("JNI Cache Created");
+}
+
+JniLookup::~JniLookup()
+{
+    LOGV("JNI Cache Destroyed");
+}
+
+
+void JniLookup::setJavaVM(JavaVM *jvm)
+{ 
+    LOGV("Assigned JVM to object");
+    m_jvm = jvm; 
+}
+
+
+jclass JniLookup::findClass(const std::string &name)
+{
+    if(!m_jvm)
+        return NULL;
+
+    // get the class from the JVM
+    JNIEnv *env = NULL;
+    if(m_jvm->GetEnv((void**)&env, JNI_VERSION_1_6) != JNI_OK)
+    {
+        LOGE("Error retreiving JNI Environment");
+        return NULL;
+    }
+
+    jclass cls = env->FindClass(name.c_str());
+    if(env->ExceptionCheck())
+    {
+        LOGE("Error finding class: %s", name.c_str());
+        return NULL;
+    }
+
+    return cls;
+}
+
+
+jmethodID JniLookup::findMethod(jclass cls, const std::string &methodName, const std::string &methodSig)
+{
+    if(!m_jvm)
+        return NULL;
+
+    JNIEnv *env = NULL;
+    if(m_jvm->GetEnv((void**)&env, JNI_VERSION_1_6) != JNI_OK)
+    {
+        return NULL;
+    }
+
+    jmethodID mid = env->GetMethodID(cls, methodName.c_str(), methodSig.c_str());
+    if(env->ExceptionCheck())
+    {
+        return NULL;
+    }
+
+    return mid;
+}
+
+jmethodID JniLookup::findStaticMethod(jclass cls, const std::string &methodName, const std::string &methodSig)
+{
+    if(!m_jvm)
+        return NULL;
+
+    JNIEnv *env = NULL;
+    if(m_jvm->GetEnv((void**)&env, JNI_VERSION_1_6) != JNI_OK)
+    {
+        return NULL;
+    }
+
+    jmethodID mid = env->GetStaticMethodID(cls, methodName.c_str(), methodSig.c_str());
+    if(env->ExceptionCheck())
+    {
+        return NULL;
+    }
+
+    return mid;
+}
+
+jfieldID JniLookup::findField(jclass cls, const std::string &fieldName, const std::string &typeStr)
+{
+    if(!m_jvm)
+        return NULL;
+
+    JNIEnv *env = NULL;
+    if(m_jvm->GetEnv((void**)&env, JNI_VERSION_1_6) != JNI_OK)
+    {
+        return NULL;
+    }
+
+    jfieldID fid = env->GetFieldID(cls, fieldName.c_str(), typeStr.c_str());
+    if(env->ExceptionCheck())
+    {
+        return NULL;
+    }
+
+    return fid;
+}
+
+jfieldID JniLookup::findStaticField(jclass cls, const std::string &fieldName, const std::string &typeStr)
+{
+    if(!m_jvm)
+        return NULL;
+
+    JNIEnv *env = NULL;
+    if(m_jvm->GetEnv((void**)&env, JNI_VERSION_1_6) != JNI_OK)
+    {
+        return NULL;
+    }
+
+    jfieldID fid = env->GetStaticFieldID(cls, fieldName.c_str(), typeStr.c_str());
+    if(env->ExceptionCheck())
+    {
+        return NULL;
+    }
+
+    return fid;
+}
\ No newline at end of file
diff --git a/java/jni/ZT_jnilookup.h b/java/jni/ZT_jnilookup.h
new file mode 100644
index 0000000..f5bd97d
--- /dev/null
+++ b/java/jni/ZT_jnilookup.h
@@ -0,0 +1,54 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+#ifndef ZT_JNILOOKUP_H_
+#define ZT_JNILOOKUP_H_
+
+#include <jni.h>
+#include <map>
+#include <string>
+
+
+
+class JniLookup {
+public:
+    JniLookup();
+    JniLookup(JavaVM *jvm);
+    ~JniLookup();
+
+    void setJavaVM(JavaVM *jvm);
+
+    jclass findClass(const std::string &name);
+    jmethodID findMethod(jclass cls, const std::string &methodName, const std::string &methodSig);
+    jmethodID findStaticMethod(jclass cls, const std::string &methodName, const std::string &methodSig);
+    jfieldID findField(jclass cls, const std::string &fieldName, const std::string &typeStr);
+    jfieldID findStaticField(jclass cls, const std::string &fieldName, const std::string &typeStr);
+private:
+    JavaVM *m_jvm;
+};
+
+#endif
\ No newline at end of file
diff --git a/java/jni/ZT_jniutils.cpp b/java/jni/ZT_jniutils.cpp
new file mode 100644
index 0000000..512bf83
--- /dev/null
+++ b/java/jni/ZT_jniutils.cpp
@@ -0,0 +1,836 @@
+#include "ZT_jniutils.h"
+#include "ZT_jnilookup.h"
+#include <string>
+#include <assert.h>
+
+extern JniLookup lookup;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+jobject createResultObject(JNIEnv *env, ZT_ResultCode code)
+{
+    jclass resultClass = NULL;
+    
+    jobject resultObject = NULL;
+
+    resultClass = lookup.findClass("com/zerotier/sdk/ResultCode");
+    if(resultClass == NULL)
+    {
+        LOGE("Couldnt find ResultCode class");
+        return NULL; // exception thrown
+    }
+
+    std::string fieldName;
+    switch(code)
+    {
+    case ZT_RESULT_OK:
+        LOGV("ZT_RESULT_OK");
+        fieldName = "RESULT_OK";
+        break;
+    case ZT_RESULT_FATAL_ERROR_OUT_OF_MEMORY:
+        LOGV("ZT_RESULT_FATAL_ERROR_OUT_OF_MEMORY");
+        fieldName = "RESULT_FATAL_ERROR_OUT_OF_MEMORY";
+        break;
+    case ZT_RESULT_FATAL_ERROR_DATA_STORE_FAILED:
+        LOGV("RESULT_FATAL_ERROR_DATA_STORE_FAILED");
+        fieldName = "RESULT_FATAL_ERROR_DATA_STORE_FAILED";
+        break;
+    case ZT_RESULT_ERROR_NETWORK_NOT_FOUND:
+        LOGV("RESULT_FATAL_ERROR_DATA_STORE_FAILED");
+        fieldName = "RESULT_ERROR_NETWORK_NOT_FOUND";
+        break;
+    case ZT_RESULT_FATAL_ERROR_INTERNAL:
+    default:
+        LOGV("RESULT_FATAL_ERROR_DATA_STORE_FAILED");
+        fieldName = "RESULT_FATAL_ERROR_INTERNAL";
+        break;
+    }
+
+    jfieldID enumField = lookup.findStaticField(resultClass, fieldName.c_str(), "Lcom/zerotier/sdk/ResultCode;");
+    if(env->ExceptionCheck() || enumField == NULL) 
+    {
+        LOGE("Error on FindStaticField");
+        return NULL;
+    }
+
+    resultObject = env->GetStaticObjectField(resultClass, enumField);
+    if(env->ExceptionCheck() || resultObject == NULL) 
+    {
+        LOGE("Error on GetStaticObjectField");
+    }
+    return resultObject;
+}
+
+
+jobject createVirtualNetworkStatus(JNIEnv *env, ZT_VirtualNetworkStatus status)
+{
+    jobject statusObject = NULL;
+
+    jclass statusClass = lookup.findClass("com/zerotier/sdk/VirtualNetworkStatus");
+    if(statusClass == NULL)
+    {
+        return NULL; // exception thrown
+    }
+
+    std::string fieldName;
+    switch(status)
+    {
+    case ZT_NETWORK_STATUS_REQUESTING_CONFIGURATION:
+        fieldName = "NETWORK_STATUS_REQUESTING_CONFIGURATION";
+        break;
+    case ZT_NETWORK_STATUS_OK:
+        fieldName = "NETWORK_STATUS_OK";
+        break;
+    case ZT_NETWORK_STATUS_ACCESS_DENIED:
+        fieldName = "NETWORK_STATUS_ACCESS_DENIED";
+        break;
+    case ZT_NETWORK_STATUS_NOT_FOUND:
+        fieldName = "NETWORK_STATUS_NOT_FOUND";
+        break;
+    case ZT_NETWORK_STATUS_PORT_ERROR:
+        fieldName = "NETWORK_STATUS_PORT_ERROR";
+        break;
+    case ZT_NETWORK_STATUS_CLIENT_TOO_OLD:
+        fieldName = "NETWORK_STATUS_CLIENT_TOO_OLD";
+        break;
+    }
+
+    jfieldID enumField = lookup.findStaticField(statusClass, fieldName.c_str(), "Lcom/zerotier/sdk/VirtualNetworkStatus;");
+
+    statusObject = env->GetStaticObjectField(statusClass, enumField);
+
+    return statusObject;
+}
+
+jobject createEvent(JNIEnv *env, ZT_Event event)
+{
+    jclass eventClass = NULL;
+    jobject eventObject = NULL;
+
+    eventClass = lookup.findClass("com/zerotier/sdk/Event");
+    if(eventClass == NULL)
+    {
+        return NULL;
+    }
+
+    std::string fieldName;
+    switch(event)
+    {
+    case ZT_EVENT_UP:
+        fieldName = "EVENT_UP";
+        break;
+    case ZT_EVENT_OFFLINE:
+        fieldName = "EVENT_OFFLINE";
+        break;
+    case ZT_EVENT_ONLINE:
+        fieldName = "EVENT_ONLINE";
+        break;
+    case ZT_EVENT_DOWN:
+        fieldName = "EVENT_DOWN";
+        break;
+    case ZT_EVENT_FATAL_ERROR_IDENTITY_COLLISION:
+        fieldName = "EVENT_FATAL_ERROR_IDENTITY_COLLISION";
+        break;
+    case ZT_EVENT_TRACE:
+        fieldName = "EVENT_TRACE";
+        break;
+    }
+
+    jfieldID enumField = lookup.findStaticField(eventClass, fieldName.c_str(), "Lcom/zerotier/sdk/Event;");
+
+    eventObject = env->GetStaticObjectField(eventClass, enumField);
+
+    return eventObject;
+}
+
+jobject createPeerRole(JNIEnv *env, ZT_PeerRole role)
+{
+    jclass peerRoleClass = NULL;
+    jobject peerRoleObject = NULL;
+
+    peerRoleClass = lookup.findClass("com/zerotier/sdk/PeerRole");
+    if(peerRoleClass == NULL)
+    {
+        return NULL;
+    }
+
+    std::string fieldName;
+    switch(role)
+    {
+    case ZT_PEER_ROLE_LEAF:
+        fieldName = "PEER_ROLE_LEAF";
+        break;
+    case ZT_PEER_ROLE_RELAY:
+        fieldName = "PEER_ROLE_RELAY";
+        break;
+    case ZT_PEER_ROLE_ROOT:
+        fieldName = "PEER_ROLE_ROOTS";
+        break;
+    }
+
+    jfieldID enumField = lookup.findStaticField(peerRoleClass, fieldName.c_str(), "Lcom/zerotier/sdk/PeerRole;");
+
+    peerRoleObject = env->GetStaticObjectField(peerRoleClass, enumField);
+
+    return peerRoleObject;
+}
+
+jobject createVirtualNetworkType(JNIEnv *env, ZT_VirtualNetworkType type)
+{
+    jclass vntypeClass = NULL;
+    jobject vntypeObject = NULL;
+
+    vntypeClass = lookup.findClass("com/zerotier/sdk/VirtualNetworkType");
+    if(env->ExceptionCheck() || vntypeClass == NULL)
+    {
+        return NULL;
+    }
+
+    std::string fieldName;
+    switch(type)
+    {
+    case ZT_NETWORK_TYPE_PRIVATE:
+        fieldName = "NETWORK_TYPE_PRIVATE";
+        break;
+    case ZT_NETWORK_TYPE_PUBLIC:
+        fieldName = "NETWORK_TYPE_PUBLIC";
+        break;
+    }
+
+    jfieldID enumField = lookup.findStaticField(vntypeClass, fieldName.c_str(), "Lcom/zerotier/sdk/VirtualNetworkType;");
+    vntypeObject = env->GetStaticObjectField(vntypeClass, enumField);
+    return vntypeObject;
+}
+
+jobject createVirtualNetworkConfigOperation(JNIEnv *env, ZT_VirtualNetworkConfigOperation op)
+{
+    jclass vnetConfigOpClass = NULL;
+    jobject vnetConfigOpObject = NULL;
+
+    vnetConfigOpClass = lookup.findClass("com/zerotier/sdk/VirtualNetworkConfigOperation");
+    if(env->ExceptionCheck() || vnetConfigOpClass == NULL)
+    {
+        return NULL;
+    }
+
+    std::string fieldName;
+    switch(op)
+    {
+    case ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_UP:
+        fieldName = "VIRTUAL_NETWORK_CONFIG_OPERATION_UP";
+        break;
+    case ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_CONFIG_UPDATE:
+        fieldName = "VIRTUAL_NETWORK_CONFIG_OPERATION_CONFIG_UPDATE";
+        break;
+    case ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_DOWN:
+        fieldName = "VIRTUAL_NETWORK_CONFIG_OPERATION_DOWN";
+        break;
+    case ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_DESTROY:
+        fieldName = "VIRTUAL_NETWORK_CONFIG_OPERATION_DESTROY";
+        break;
+    }
+
+    jfieldID enumField = lookup.findStaticField(vnetConfigOpClass, fieldName.c_str(), "Lcom/zerotier/sdk/VirtualNetworkConfigOperation;");
+    vnetConfigOpObject = env->GetStaticObjectField(vnetConfigOpClass, enumField);
+    return vnetConfigOpObject;
+}
+
+jobject newInetAddress(JNIEnv *env, const sockaddr_storage &addr)
+{
+    LOGV("newInetAddress");
+    jclass inetAddressClass = NULL;
+    jmethodID inetAddress_getByAddress = NULL;
+
+    inetAddressClass = lookup.findClass("java/net/InetAddress");
+    if(env->ExceptionCheck() || inetAddressClass == NULL)
+    {
+        LOGE("Error finding InetAddress class");
+        return NULL;
+    }
+
+    inetAddress_getByAddress = lookup.findStaticMethod(
+        inetAddressClass, "getByAddress", "([B)Ljava/net/InetAddress;");
+    if(env->ExceptionCheck() || inetAddress_getByAddress == NULL)
+    {
+        LOGE("Erorr finding getByAddress() static method");
+        return NULL;
+    }
+
+    jobject inetAddressObj = NULL;
+    switch(addr.ss_family)
+    {
+        case AF_INET6:
+        {
+            sockaddr_in6 *ipv6 = (sockaddr_in6*)&addr;
+            jbyteArray buff = env->NewByteArray(16);
+            if(buff == NULL)
+            {
+                LOGE("Error creating IPV6 byte array");
+                return NULL;
+            }
+
+            env->SetByteArrayRegion(buff, 0, 16, (jbyte*)ipv6->sin6_addr.s6_addr);
+            inetAddressObj = env->CallStaticObjectMethod(
+                inetAddressClass, inetAddress_getByAddress, buff);
+        }
+        break;
+        case AF_INET:
+        {
+            sockaddr_in *ipv4 = (sockaddr_in*)&addr;
+            jbyteArray buff = env->NewByteArray(4);
+            if(buff == NULL)
+            {
+                LOGE("Error creating IPV4 byte array");
+                return NULL;
+            }
+
+            env->SetByteArrayRegion(buff, 0, 4, (jbyte*)&ipv4->sin_addr);
+            inetAddressObj = env->CallStaticObjectMethod(
+                inetAddressClass, inetAddress_getByAddress, buff);
+        }
+        break;
+    }
+    if(env->ExceptionCheck() || inetAddressObj == NULL) {
+        LOGE("Error creating InetAddress object");
+        return NULL;
+    }
+
+    return inetAddressObj;
+}
+
+jobject newInetSocketAddress(JNIEnv *env, const sockaddr_storage &addr)
+{
+    LOGV("newInetSocketAddress Called");
+    jclass inetSocketAddressClass = NULL;
+    jmethodID inetSocketAddress_constructor = NULL;
+
+    inetSocketAddressClass = lookup.findClass("java/net/InetSocketAddress");
+    if(env->ExceptionCheck() || inetSocketAddressClass == NULL)
+    {
+        LOGE("Error finding InetSocketAddress Class");
+        return NULL;
+    }
+
+    jobject inetAddressObject = newInetAddress(env, addr);
+
+    if(env->ExceptionCheck() || inetAddressObject == NULL)
+    {
+        LOGE("Error creating new inet address");
+        return NULL;
+    }
+
+    inetSocketAddress_constructor = lookup.findMethod(
+        inetSocketAddressClass, "<init>", "(Ljava/net/InetAddress;I)V");
+    if(env->ExceptionCheck() || inetSocketAddress_constructor == NULL)
+    {
+        LOGE("Error finding InetSocketAddress constructor");
+        return NULL;
+    }
+
+    int port = 0;
+    switch(addr.ss_family)
+    {
+        case AF_INET6:
+        {
+            LOGV("IPV6 Address");
+            sockaddr_in6 *ipv6 = (sockaddr_in6*)&addr;
+            port = ntohs(ipv6->sin6_port);
+            LOGV("Port %d", port);
+        }
+        break;
+        case AF_INET:
+        {
+            LOGV("IPV4 Address");
+            sockaddr_in *ipv4 = (sockaddr_in*)&addr;
+            port = ntohs(ipv4->sin_port);
+            LOGV("Port: %d", port);
+        }
+        break;
+        default:
+        {
+            LOGE("ERROR:  addr.ss_family is not set or unknown");
+            break;
+        }
+    };
+
+
+    jobject inetSocketAddressObject = env->NewObject(inetSocketAddressClass, inetSocketAddress_constructor, inetAddressObject, port);
+    if(env->ExceptionCheck() || inetSocketAddressObject == NULL) {
+        LOGE("Error creating InetSocketAddress object");
+    }
+    return inetSocketAddressObject;
+}
+
+jobject newPeerPhysicalPath(JNIEnv *env, const ZT_PeerPhysicalPath &ppp)
+{
+    LOGV("newPeerPhysicalPath Called");
+    jclass pppClass = NULL;
+
+    jfieldID addressField = NULL;
+    jfieldID lastSendField = NULL;
+    jfieldID lastReceiveField = NULL;
+    jfieldID activeField = NULL;
+    jfieldID preferredField = NULL;
+
+    jmethodID ppp_constructor = NULL;
+
+    pppClass = lookup.findClass("com/zerotier/sdk/PeerPhysicalPath");
+    if(env->ExceptionCheck() || pppClass == NULL)
+    {
+        LOGE("Error finding PeerPhysicalPath class");
+        return NULL;
+    }
+
+    addressField = lookup.findField(pppClass, "address", "Ljava/net/InetSocketAddress;");
+    if(env->ExceptionCheck() || addressField == NULL)
+    {
+        LOGE("Error finding address field");
+        return NULL;
+    }
+
+    lastSendField = lookup.findField(pppClass, "lastSend", "J");
+    if(env->ExceptionCheck() || lastSendField == NULL)
+    {
+        LOGE("Error finding lastSend field");
+        return NULL;
+    }
+
+    lastReceiveField = lookup.findField(pppClass, "lastReceive", "J");
+    if(env->ExceptionCheck() || lastReceiveField == NULL)
+    {
+        LOGE("Error finding lastReceive field");
+        return NULL;
+    }
+
+    activeField = lookup.findField(pppClass, "active", "Z");
+    if(env->ExceptionCheck() || activeField == NULL)
+    {
+        LOGE("Error finding active field");
+        return NULL;
+    }
+
+    preferredField = lookup.findField(pppClass, "preferred", "Z");
+    if(env->ExceptionCheck() || preferredField == NULL)
+    {
+        LOGE("Error finding preferred field");
+        return NULL;
+    }
+
+    ppp_constructor = lookup.findMethod(pppClass, "<init>", "()V");
+    if(env->ExceptionCheck() || ppp_constructor == NULL)
+    {
+        LOGE("Error finding PeerPhysicalPath constructor");
+        return NULL;
+    }
+
+    jobject pppObject = env->NewObject(pppClass, ppp_constructor);
+    if(env->ExceptionCheck() || pppObject == NULL)
+    {
+        LOGE("Error creating PPP object");
+        return NULL; // out of memory
+    }
+
+    jobject addressObject = newInetSocketAddress(env, ppp.address);
+    if(env->ExceptionCheck() || addressObject == NULL) {
+        LOGE("Error creating InetSocketAddress object");
+        return NULL;
+    }
+
+    env->SetObjectField(pppObject, addressField, addressObject);
+    env->SetLongField(pppObject, lastSendField, ppp.lastSend);
+    env->SetLongField(pppObject, lastReceiveField, ppp.lastReceive);
+    env->SetBooleanField(pppObject, activeField, ppp.active);
+    env->SetBooleanField(pppObject, preferredField, ppp.preferred);
+
+    if(env->ExceptionCheck()) {
+        LOGE("Exception assigning fields to PeerPhysicalPath object");
+    }
+
+    return pppObject;
+}
+
+jobject newPeer(JNIEnv *env, const ZT_Peer &peer) 
+{
+    LOGV("newPeer called");
+
+    jclass peerClass = NULL;
+
+    jfieldID addressField = NULL;
+    jfieldID lastUnicastFrameField = NULL;
+    jfieldID lastMulticastFrameField = NULL;
+    jfieldID versionMajorField = NULL;
+    jfieldID versionMinorField = NULL;
+    jfieldID versionRevField = NULL;
+    jfieldID latencyField = NULL;
+    jfieldID roleField = NULL;
+    jfieldID pathsField = NULL;
+
+    jmethodID peer_constructor = NULL;
+
+    peerClass = lookup.findClass("com/zerotier/sdk/Peer");
+    if(env->ExceptionCheck() || peerClass == NULL)
+    {
+        LOGE("Error finding Peer class");
+        return NULL;
+    }
+
+    addressField = lookup.findField(peerClass, "address", "J");
+    if(env->ExceptionCheck() || addressField == NULL)
+    {
+        LOGE("Error finding address field of Peer object");
+        return NULL;
+    }
+
+    lastUnicastFrameField = lookup.findField(peerClass, "lastUnicastFrame", "J");
+    if(env->ExceptionCheck() || lastUnicastFrameField == NULL)
+    {
+        LOGE("Error finding lastUnicastFrame field of Peer object");
+        return NULL;
+    }
+
+    lastMulticastFrameField = lookup.findField(peerClass, "lastMulticastFrame", "J");
+    if(env->ExceptionCheck() || lastMulticastFrameField == NULL)
+    {
+        LOGE("Error finding lastMulticastFrame field of Peer object");
+        return NULL;
+    }
+
+    versionMajorField = lookup.findField(peerClass, "versionMajor", "I");
+    if(env->ExceptionCheck() || versionMajorField == NULL)
+    {
+        LOGE("Error finding versionMajor field of Peer object");
+        return NULL;
+    }
+
+    versionMinorField = lookup.findField(peerClass, "versionMinor", "I");
+    if(env->ExceptionCheck() || versionMinorField == NULL)
+    {
+        LOGE("Error finding versionMinor field of Peer object");
+        return NULL;
+    }
+
+    versionRevField = lookup.findField(peerClass, "versionRev", "I");
+    if(env->ExceptionCheck() || versionRevField == NULL)
+    {
+        LOGE("Error finding versionRev field of Peer object");
+        return NULL;
+    }
+
+    latencyField = lookup.findField(peerClass, "latency", "I");
+    if(env->ExceptionCheck() || latencyField == NULL)
+    {
+        LOGE("Error finding latency field of Peer object");
+        return NULL;
+    }
+
+    roleField = lookup.findField(peerClass, "role", "Lcom/zerotier/sdk/PeerRole;");
+    if(env->ExceptionCheck() || roleField == NULL)
+    {
+        LOGE("Error finding role field of Peer object");
+        return NULL;
+    }
+
+    pathsField = lookup.findField(peerClass, "paths", "[Lcom/zerotier/sdk/PeerPhysicalPath;");
+    if(env->ExceptionCheck() || pathsField == NULL)
+    {
+        LOGE("Error finding paths field of Peer object");
+        return NULL;
+    }
+
+    peer_constructor = lookup.findMethod(peerClass, "<init>", "()V");
+    if(env->ExceptionCheck() || peer_constructor == NULL)
+    {
+        LOGE("Error finding Peer constructor");
+        return NULL;
+    }
+
+    jobject peerObject = env->NewObject(peerClass, peer_constructor);
+    if(env->ExceptionCheck() || peerObject == NULL)
+    {
+        LOGE("Error creating Peer object");
+        return NULL; // out of memory
+    }
+
+    env->SetLongField(peerObject, addressField, (jlong)peer.address);
+    env->SetLongField(peerObject, lastUnicastFrameField, (jlong)peer.lastUnicastFrame);
+    env->SetLongField(peerObject, lastMulticastFrameField, (jlong)peer.lastMulticastFrame);
+    env->SetIntField(peerObject, versionMajorField, peer.versionMajor);
+    env->SetIntField(peerObject, versionMinorField, peer.versionMinor);
+    env->SetIntField(peerObject, versionRevField, peer.versionRev);
+    env->SetIntField(peerObject, latencyField, peer.latency);
+    env->SetObjectField(peerObject, roleField, createPeerRole(env, peer.role));
+
+    jclass peerPhysicalPathClass = lookup.findClass("com/zerotier/sdk/PeerPhysicalPath");
+    if(env->ExceptionCheck() || peerPhysicalPathClass == NULL)
+    {
+        LOGE("Error finding PeerPhysicalPath class");
+        return NULL;
+    }
+
+    jobjectArray arrayObject = env->NewObjectArray(
+        peer.pathCount, peerPhysicalPathClass, NULL);
+    if(env->ExceptionCheck() || arrayObject == NULL) 
+    {
+        LOGE("Error creating PeerPhysicalPath[] array");
+        return NULL;
+    }
+
+    for(unsigned int i = 0; i < peer.pathCount; ++i)
+    {
+        jobject path = newPeerPhysicalPath(env, peer.paths[i]);
+
+        env->SetObjectArrayElement(arrayObject, i, path);
+        if(env->ExceptionCheck()) {
+            LOGE("exception assigning PeerPhysicalPath to array");
+            break;
+        }
+    }
+
+    env->SetObjectField(peerObject, pathsField, arrayObject);
+
+    return peerObject;
+}
+
+jobject newNetworkConfig(JNIEnv *env, const ZT_VirtualNetworkConfig &vnetConfig)
+{
+    jclass vnetConfigClass = NULL;
+    jmethodID vnetConfig_constructor = NULL;
+    jfieldID nwidField = NULL;
+    jfieldID macField = NULL;
+    jfieldID nameField = NULL;
+    jfieldID statusField = NULL;
+    jfieldID typeField = NULL;
+    jfieldID mtuField = NULL;
+    jfieldID dhcpField = NULL;
+    jfieldID bridgeField = NULL;
+    jfieldID broadcastEnabledField = NULL;
+    jfieldID portErrorField = NULL;
+    jfieldID netconfRevisionField = NULL;
+    jfieldID assignedAddressesField = NULL;
+
+    vnetConfigClass = lookup.findClass("com/zerotier/sdk/VirtualNetworkConfig");
+    if(vnetConfigClass == NULL)
+    {
+        LOGE("Couldn't find com.zerotier.sdk.VirtualNetworkConfig");
+        return NULL;
+    }
+
+    vnetConfig_constructor = lookup.findMethod(
+        vnetConfigClass, "<init>", "()V");
+    if(env->ExceptionCheck() || vnetConfig_constructor == NULL)
+    {
+        LOGE("Couldn't find VirtualNetworkConfig Constructor");
+        return NULL;
+    }
+
+    jobject vnetConfigObj = env->NewObject(vnetConfigClass, vnetConfig_constructor);
+    if(env->ExceptionCheck() || vnetConfigObj == NULL)
+    {
+        LOGE("Error creating new VirtualNetworkConfig object");
+        return NULL;
+    }
+
+    nwidField = lookup.findField(vnetConfigClass, "nwid", "J");
+    if(env->ExceptionCheck() || nwidField == NULL)
+    {
+        LOGE("Error getting nwid field");
+        return NULL;
+    }
+
+    macField = lookup.findField(vnetConfigClass, "mac", "J");
+    if(env->ExceptionCheck() || macField == NULL)
+    {
+        LOGE("Error getting mac field");
+        return NULL;
+    }
+
+    nameField = lookup.findField(vnetConfigClass, "name", "Ljava/lang/String;");
+    if(env->ExceptionCheck() || nameField == NULL)
+    {
+        LOGE("Error getting name field");
+        return NULL;
+    }
+
+    statusField = lookup.findField(vnetConfigClass, "status", "Lcom/zerotier/sdk/VirtualNetworkStatus;");
+    if(env->ExceptionCheck() || statusField == NULL)
+    {
+        LOGE("Error getting status field");
+        return NULL;
+    }
+
+    typeField = lookup.findField(vnetConfigClass, "type", "Lcom/zerotier/sdk/VirtualNetworkType;");
+    if(env->ExceptionCheck() || typeField == NULL)
+    {
+        LOGE("Error getting type field");
+        return NULL;
+    }
+
+    mtuField = lookup.findField(vnetConfigClass, "mtu", "I");
+    if(env->ExceptionCheck() || mtuField == NULL)
+    {
+        LOGE("Error getting mtu field");
+        return NULL;
+    }
+
+    dhcpField = lookup.findField(vnetConfigClass, "dhcp", "Z");
+    if(env->ExceptionCheck() || dhcpField == NULL)
+    {
+        LOGE("Error getting dhcp field");
+        return NULL;
+    }
+
+    bridgeField = lookup.findField(vnetConfigClass, "bridge", "Z");
+    if(env->ExceptionCheck() || bridgeField == NULL)
+    {
+        LOGE("Error getting bridge field");
+        return NULL;
+    }
+
+    broadcastEnabledField = lookup.findField(vnetConfigClass, "broadcastEnabled", "Z");
+    if(env->ExceptionCheck() || broadcastEnabledField == NULL)
+    {
+        LOGE("Error getting broadcastEnabled field");
+        return NULL;
+    }
+
+    portErrorField = lookup.findField(vnetConfigClass, "portError", "I");
+    if(env->ExceptionCheck() || portErrorField == NULL)
+    {
+        LOGE("Error getting portError field");
+        return NULL;
+    }
+
+    netconfRevisionField = lookup.findField(vnetConfigClass, "netconfRevision", "J");
+    if(env->ExceptionCheck() || netconfRevisionField == NULL)
+    {
+        LOGE("Error getting netconfRevision field");
+        return NULL;
+    }
+
+    assignedAddressesField = lookup.findField(vnetConfigClass, "assignedAddresses", "[Ljava/net/InetSocketAddress;");
+    if(env->ExceptionCheck() || assignedAddressesField == NULL)
+    {
+        LOGE("Error getting assignedAddresses field");
+        return NULL;
+    }
+
+    env->SetLongField(vnetConfigObj, nwidField, vnetConfig.nwid);
+    env->SetLongField(vnetConfigObj, macField, vnetConfig.mac);
+    jstring nameStr = env->NewStringUTF(vnetConfig.name);
+    if(env->ExceptionCheck() || nameStr == NULL)
+    {
+        return NULL; // out of memory
+    }
+    env->SetObjectField(vnetConfigObj, nameField, nameStr);
+
+    jobject statusObject = createVirtualNetworkStatus(env, vnetConfig.status);
+    if(env->ExceptionCheck() || statusObject == NULL)
+    {
+        return NULL;
+    }
+    env->SetObjectField(vnetConfigObj, statusField, statusObject);
+
+    jobject typeObject = createVirtualNetworkType(env, vnetConfig.type);
+    if(env->ExceptionCheck() || typeObject == NULL)
+    {
+        return NULL;
+    }
+    env->SetObjectField(vnetConfigObj, typeField, typeObject);
+
+    env->SetIntField(vnetConfigObj, mtuField, (int)vnetConfig.mtu);
+    env->SetBooleanField(vnetConfigObj, dhcpField, vnetConfig.dhcp);
+    env->SetBooleanField(vnetConfigObj, bridgeField, vnetConfig.bridge);
+    env->SetBooleanField(vnetConfigObj, broadcastEnabledField, vnetConfig.broadcastEnabled);
+    env->SetIntField(vnetConfigObj, portErrorField, vnetConfig.portError);
+
+    jclass inetSocketAddressClass = lookup.findClass("java/net/InetSocketAddress");
+    if(env->ExceptionCheck() || inetSocketAddressClass == NULL)
+    {
+        LOGE("Error finding InetSocketAddress class");
+        return NULL;
+    }
+
+    jobjectArray assignedAddrArrayObj = env->NewObjectArray(
+        vnetConfig.assignedAddressCount, inetSocketAddressClass, NULL);
+    if(env->ExceptionCheck() || assignedAddrArrayObj == NULL)
+    {
+        LOGE("Error creating InetSocketAddress[] array");
+        return NULL;
+    }
+
+    for(unsigned int i = 0; i < vnetConfig.assignedAddressCount; ++i)
+    {
+        jobject inetAddrObj = newInetSocketAddress(env, vnetConfig.assignedAddresses[i]);
+        env->SetObjectArrayElement(assignedAddrArrayObj, i, inetAddrObj);
+        if(env->ExceptionCheck())
+        {
+            LOGE("Error assigning InetSocketAddress to array");
+            return NULL;
+        }
+    }
+
+    env->SetObjectField(vnetConfigObj, assignedAddressesField, assignedAddrArrayObj);
+
+    return vnetConfigObj;
+}
+
+jobject newVersion(JNIEnv *env, int major, int minor, int rev)
+{
+   // create a com.zerotier.sdk.Version object
+    jclass versionClass = NULL;
+    jmethodID versionConstructor = NULL;
+
+    versionClass = lookup.findClass("com/zerotier/sdk/Version");
+    if(env->ExceptionCheck() || versionClass == NULL)
+    {
+        return NULL;
+    }
+
+    versionConstructor = lookup.findMethod(
+        versionClass, "<init>", "()V");
+    if(env->ExceptionCheck() || versionConstructor == NULL)
+    {
+        return NULL;
+    }
+
+    jobject versionObj = env->NewObject(versionClass, versionConstructor);
+    if(env->ExceptionCheck() || versionObj == NULL)
+    {
+        return NULL;
+    }
+
+    // copy data to Version object
+    jfieldID majorField = NULL;
+    jfieldID minorField = NULL;
+    jfieldID revisionField = NULL;
+
+    majorField = lookup.findField(versionClass, "major", "I");
+    if(env->ExceptionCheck() || majorField == NULL)
+    {
+        return NULL;
+    }
+
+    minorField = lookup.findField(versionClass, "minor", "I");
+    if(env->ExceptionCheck() || minorField == NULL)
+    {
+        return NULL;
+    }
+
+    revisionField = lookup.findField(versionClass, "revision", "I");
+    if(env->ExceptionCheck() || revisionField == NULL)
+    {
+        return NULL;
+    }
+
+    env->SetIntField(versionObj, majorField, (jint)major);
+    env->SetIntField(versionObj, minorField, (jint)minor);
+    env->SetIntField(versionObj, revisionField, (jint)rev);
+
+    return versionObj;
+}
+
+#ifdef __cplusplus
+}
+#endif
\ No newline at end of file
diff --git a/java/jni/ZT_jniutils.h b/java/jni/ZT_jniutils.h
new file mode 100644
index 0000000..34dfc47
--- /dev/null
+++ b/java/jni/ZT_jniutils.h
@@ -0,0 +1,49 @@
+#ifndef ZT_jniutils_h_
+#define ZT_jniutils_h_
+#include <stdio.h>
+#include <jni.h>
+#include <ZeroTierOne.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define LOG_TAG "ZeroTierOneJNI"
+
+#if __ANDROID__
+#include <android/log.h>
+#define LOGV(...) ((void)__android_log_print(ANDROID_LOG_VERBOSE, LOG_TAG, __VA_ARGS__))
+#define LOGI(...) ((void)__android_log_print(ANDROID_LOG_INFO, LOG_TAG, __VA_ARGS__))
+#define LOGD(...) ((void)__android_log_print(ANDROID_LOG_DEBUG, LOG_TAG, __VA_ARGS__))
+#define LOGE(...) ((void)__android_log_print(ANDROID_LOG_ERROR, LOG_TAG, __VA_ARGS__))
+#else
+#define LOGV(...) fprintf(stdout, __VA_ARGS__)
+#define LOGI(...) fprintf(stdout, __VA_ARGS__)
+#define LOGD(...) fprintf(stdout, __VA_ARGS__)
+#define LOGE(...) fprintf(stdout, __VA_ARGS__)
+#endif
+
+jobject createResultObject(JNIEnv *env, ZT_ResultCode code);
+jobject createVirtualNetworkStatus(JNIEnv *env, ZT_VirtualNetworkStatus status);
+jobject createVirtualNetworkType(JNIEnv *env, ZT_VirtualNetworkType type);
+jobject createEvent(JNIEnv *env, ZT_Event event);
+jobject createPeerRole(JNIEnv *env, ZT_PeerRole role);
+jobject createVirtualNetworkConfigOperation(JNIEnv *env, ZT_VirtualNetworkConfigOperation op);
+
+jobject newInetSocketAddress(JNIEnv *env, const sockaddr_storage &addr);
+jobject newInetAddress(JNIEnv *env, const sockaddr_storage &addr);
+
+jobject newMulticastGroup(JNIEnv *env, const ZT_MulticastGroup &mc);
+
+jobject newPeer(JNIEnv *env, const ZT_Peer &peer);
+jobject newPeerPhysicalPath(JNIEnv *env, const ZT_PeerPhysicalPath &ppp);
+
+jobject newNetworkConfig(JNIEnv *env, const ZT_VirtualNetworkConfig &config);
+
+jobject newVersion(JNIEnv *env, int major, int minor, int rev);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
\ No newline at end of file
diff --git a/java/jni/com_zerotierone_sdk_Node.cpp b/java/jni/com_zerotierone_sdk_Node.cpp
new file mode 100644
index 0000000..4d9a210
--- /dev/null
+++ b/java/jni/com_zerotierone_sdk_Node.cpp
@@ -0,0 +1,1369 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+#include "com_zerotierone_sdk_Node.h"
+#include "ZT_jniutils.h"
+#include "ZT_jnilookup.h"
+
+#include <ZeroTierOne.h>
+#include "Mutex.hpp"
+
+#include <map>
+#include <string>
+#include <assert.h>
+#include <string.h>
+
+// global static JNI Lookup Object
+JniLookup lookup;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+namespace {
+    struct JniRef
+    {
+        JniRef()
+            : jvm(NULL)
+            , node(NULL)
+            , dataStoreGetListener(NULL)
+            , dataStorePutListener(NULL)
+            , packetSender(NULL)
+            , eventListener(NULL)
+            , frameListener(NULL)
+            , configListener(NULL)
+        {}
+
+        ~JniRef()
+        {
+            JNIEnv *env = NULL;
+            jvm->GetEnv((void**)&env, JNI_VERSION_1_6);
+
+            env->DeleteGlobalRef(dataStoreGetListener);
+            env->DeleteGlobalRef(dataStorePutListener);
+            env->DeleteGlobalRef(packetSender);
+            env->DeleteGlobalRef(eventListener);
+            env->DeleteGlobalRef(frameListener);
+            env->DeleteGlobalRef(configListener);
+        }
+
+        uint64_t id;
+
+        JavaVM *jvm;
+
+        ZT_Node *node;
+
+        jobject dataStoreGetListener;
+        jobject dataStorePutListener;
+        jobject packetSender;
+        jobject eventListener;
+        jobject frameListener;
+        jobject configListener;
+    };
+
+
+    int VirtualNetworkConfigFunctionCallback(
+        ZT_Node *node,
+        void *userData,
+        uint64_t nwid,
+        void **,
+        enum ZT_VirtualNetworkConfigOperation operation,
+        const ZT_VirtualNetworkConfig *config)
+    {
+        LOGV("VritualNetworkConfigFunctionCallback");
+        JniRef *ref = (JniRef*)userData;
+        JNIEnv *env = NULL;
+        ref->jvm->GetEnv((void**)&env, JNI_VERSION_1_6);
+
+        jclass configListenerClass = env->GetObjectClass(ref->configListener);
+        if(configListenerClass == NULL)
+        {
+            LOGE("Couldn't find class for VirtualNetworkConfigListener instance");
+            return -1;
+        }
+
+        jmethodID configListenerCallbackMethod = lookup.findMethod(configListenerClass,
+            "onNetworkConfigurationUpdated",
+            "(JLcom/zerotier/sdk/VirtualNetworkConfigOperation;Lcom/zerotier/sdk/VirtualNetworkConfig;)I");
+        if(configListenerCallbackMethod == NULL)
+        {
+            LOGE("Couldn't find onVirtualNetworkFrame() method");
+            return -2;
+        }
+
+        jobject operationObject = createVirtualNetworkConfigOperation(env, operation);
+        if(operationObject == NULL)
+        {
+            LOGE("Error creating VirtualNetworkConfigOperation object");
+            return -3;
+        }
+
+        jobject networkConfigObject = newNetworkConfig(env, *config);
+        if(networkConfigObject == NULL)
+        {
+            LOGE("Error creating VirtualNetworkConfig object");
+            return -4;
+        }
+
+        return env->CallIntMethod(
+            ref->configListener, 
+            configListenerCallbackMethod, 
+            (jlong)nwid, operationObject, networkConfigObject);
+    }
+
+    void VirtualNetworkFrameFunctionCallback(ZT_Node *node,
+        void *userData,
+        uint64_t nwid,
+        void**,
+        uint64_t sourceMac,
+        uint64_t destMac,
+        unsigned int etherType,
+        unsigned int vlanid,
+        const void *frameData,
+        unsigned int frameLength)
+    {
+        LOGV("VirtualNetworkFrameFunctionCallback");
+        unsigned char* local = (unsigned char*)frameData;
+        LOGV("Type Bytes: 0x%02x%02x", local[12], local[13]);
+        JniRef *ref = (JniRef*)userData;
+        assert(ref->node == node);
+        JNIEnv *env = NULL;
+        ref->jvm->GetEnv((void**)&env, JNI_VERSION_1_6);
+
+
+        jclass frameListenerClass = env->GetObjectClass(ref->frameListener);
+        if(env->ExceptionCheck() || frameListenerClass == NULL)
+        {
+            LOGE("Couldn't find class for VirtualNetworkFrameListener instance");
+            return;
+        }
+
+        jmethodID frameListenerCallbackMethod = lookup.findMethod(
+            frameListenerClass,
+            "onVirtualNetworkFrame", "(JJJJJ[B)V");
+        if(env->ExceptionCheck() || frameListenerCallbackMethod == NULL)
+        {
+            LOGE("Couldn't find onVirtualNetworkFrame() method");
+            return;
+        }
+
+        jbyteArray dataArray = env->NewByteArray(frameLength);
+        if(env->ExceptionCheck() || dataArray == NULL)
+        {
+            LOGE("Couldn't create frame data array");
+            return;
+        }
+
+        void *data = env->GetPrimitiveArrayCritical(dataArray, NULL);
+        memcpy(data, frameData, frameLength);
+        env->ReleasePrimitiveArrayCritical(dataArray, data, 0);
+
+        if(env->ExceptionCheck())
+        {
+            LOGE("Error setting frame data to array");
+            return;
+        }
+
+        env->CallVoidMethod(ref->frameListener, frameListenerCallbackMethod, (jlong)nwid, (jlong)sourceMac, (jlong)destMac, (jlong)etherType, (jlong)vlanid, dataArray);
+    }
+
+
+    void EventCallback(ZT_Node *node,
+        void *userData,
+        enum ZT_Event event, 
+        const void *data)
+    {
+        LOGV("EventCallback");
+        JniRef *ref = (JniRef*)userData;
+        if(ref->node != node && event != ZT_EVENT_UP)
+        {
+            LOGE("Nodes not equal. ref->node %p, node %p. Event: %d", ref->node, node, event);
+            return;
+        }
+        JNIEnv *env = NULL;
+        ref->jvm->GetEnv((void**)&env, JNI_VERSION_1_6);
+
+
+        jclass eventListenerClass = env->GetObjectClass(ref->eventListener);
+        if(eventListenerClass == NULL)
+        {
+            LOGE("Couldn't class for EventListener instance");
+            return;
+        }
+
+        jmethodID onEventMethod = lookup.findMethod(eventListenerClass,
+            "onEvent", "(Lcom/zerotier/sdk/Event;)V");
+        if(onEventMethod == NULL)
+        {
+            LOGE("Couldn't find onEvent method");
+            return;
+        }
+
+        jmethodID onTraceMethod = lookup.findMethod(eventListenerClass,
+            "onTrace", "(Ljava/lang/String;)V");
+        if(onTraceMethod == NULL)
+        {
+            LOGE("Couldn't find onTrace method");
+            return;
+        }
+
+        jobject eventObject = createEvent(env, event);
+        if(eventObject == NULL)
+        {
+            return;
+        }
+
+        switch(event)
+        {
+        case ZT_EVENT_UP:
+        {
+            LOGD("Event Up");
+            env->CallVoidMethod(ref->eventListener, onEventMethod, eventObject);
+            break;
+        }
+        case ZT_EVENT_OFFLINE:
+        {
+            LOGD("Event Offline");
+            env->CallVoidMethod(ref->eventListener, onEventMethod, eventObject);
+            break;
+        }
+        case ZT_EVENT_ONLINE:
+        {
+            LOGD("Event Online");
+            env->CallVoidMethod(ref->eventListener, onEventMethod, eventObject);
+            break;
+        }
+        case ZT_EVENT_DOWN:
+        {
+            LOGD("Event Down");
+            env->CallVoidMethod(ref->eventListener, onEventMethod, eventObject);
+            break;
+        }
+        case ZT_EVENT_FATAL_ERROR_IDENTITY_COLLISION:
+        {
+            LOGV("Identity Collision");
+            // call onEvent()
+            env->CallVoidMethod(ref->eventListener, onEventMethod, eventObject);
+        }
+        break;
+        case ZT_EVENT_TRACE:
+        {
+            LOGV("Trace Event");
+            // call onTrace()
+            if(data != NULL)
+            {
+                const char* message = (const char*)data;
+                jstring messageStr = env->NewStringUTF(message);
+                env->CallVoidMethod(ref->eventListener, onTraceMethod, messageStr);
+            }
+        }
+        break;
+        }
+    }
+
+    long DataStoreGetFunction(ZT_Node *node,
+        void *userData,
+        const char *objectName,
+        void *buffer,
+        unsigned long bufferSize,
+        unsigned long bufferIndex,
+        unsigned long *out_objectSize)
+    {
+        JniRef *ref = (JniRef*)userData;
+        JNIEnv *env = NULL;
+        ref->jvm->GetEnv((void**)&env, JNI_VERSION_1_6);
+
+        jclass dataStoreGetClass = env->GetObjectClass(ref->dataStoreGetListener);
+        if(dataStoreGetClass == NULL)
+        {
+            LOGE("Couldn't find class for DataStoreGetListener instance");
+            return -2;
+        }
+
+        jmethodID dataStoreGetCallbackMethod = lookup.findMethod(
+            dataStoreGetClass,
+            "onDataStoreGet",
+            "(Ljava/lang/String;[BJ[J)J");
+        if(dataStoreGetCallbackMethod == NULL)
+        {
+            LOGE("Couldn't find onDataStoreGet method");
+            return -2;
+        }
+
+        jstring nameStr = env->NewStringUTF(objectName);
+        if(nameStr == NULL)
+        {
+            LOGE("Error creating name string object");
+            return -2; // out of memory
+        }
+
+        jbyteArray bufferObj = env->NewByteArray(bufferSize);
+        if(bufferObj == NULL)
+        {
+            LOGE("Error creating byte[] buffer of size: %lu", bufferSize);
+            return -2;
+        }
+
+        jlongArray objectSizeObj = env->NewLongArray(1);
+        if(objectSizeObj == NULL)
+        {
+            LOGE("Error creating long[1] array for actual object size");
+            return -2; // couldn't create long[1] array
+        }
+
+        LOGV("Calling onDataStoreGet(%s, %p, %lu, %p)",
+            objectName, buffer, bufferIndex, objectSizeObj);
+
+        long retval = (long)env->CallLongMethod(
+            ref->dataStoreGetListener, dataStoreGetCallbackMethod, 
+            nameStr, bufferObj, (jlong)bufferIndex, objectSizeObj);
+
+        if(retval > 0)
+        {
+            void *data = env->GetPrimitiveArrayCritical(bufferObj, NULL);
+            memcpy(buffer, data, retval);
+            env->ReleasePrimitiveArrayCritical(bufferObj, data, 0);
+
+            jlong *objSize = (jlong*)env->GetPrimitiveArrayCritical(objectSizeObj, NULL);
+            *out_objectSize = (unsigned long)objSize[0];
+            env->ReleasePrimitiveArrayCritical(objectSizeObj, objSize, 0);
+        }
+
+        LOGV("Out Object Size: %lu", *out_objectSize);
+
+        return retval;
+    }
+
+    int DataStorePutFunction(ZT_Node *node,
+        void *userData,
+        const char *objectName,
+        const void *buffer,
+        unsigned long bufferSize,
+        int secure)
+    {
+        JniRef *ref = (JniRef*)userData;
+        JNIEnv *env = NULL;
+        ref->jvm->GetEnv((void**)&env, JNI_VERSION_1_6);
+
+
+        jclass dataStorePutClass = env->GetObjectClass(ref->dataStorePutListener);
+        if(dataStorePutClass == NULL)
+        {
+            LOGE("Couldn't find class for DataStorePutListener instance");
+            return -1;
+        }
+
+        jmethodID dataStorePutCallbackMethod = lookup.findMethod(
+            dataStorePutClass,
+            "onDataStorePut",
+            "(Ljava/lang/String;[BZ)I");
+        if(dataStorePutCallbackMethod == NULL)
+        {
+            LOGE("Couldn't find onDataStorePut method");
+            return -2;
+        }
+
+        jmethodID deleteMethod = lookup.findMethod(dataStorePutClass,
+            "onDelete", "(Ljava/lang/String;)I");
+        if(deleteMethod == NULL)
+        {
+            LOGE("Couldn't find onDelete method");
+            return -3;
+        }
+
+        jstring nameStr = env->NewStringUTF(objectName);
+
+        if(buffer == NULL)
+        {
+            LOGD("JNI: Delete file: %s", objectName);
+            // delete operation
+            return env->CallIntMethod(
+                ref->dataStorePutListener, deleteMethod, nameStr);
+        }
+        else
+        {
+            LOGD("JNI: Write file: %s", objectName);
+            // set operation
+            jbyteArray bufferObj = env->NewByteArray(bufferSize);
+            if(env->ExceptionCheck() || bufferObj == NULL)
+            {
+                LOGE("Error creating byte array buffer!");
+                return -4;
+            }
+
+            env->SetByteArrayRegion(bufferObj, 0, bufferSize, (jbyte*)buffer);
+            bool bsecure = secure != 0;
+
+            return env->CallIntMethod(ref->dataStorePutListener,
+                dataStorePutCallbackMethod,
+                nameStr, bufferObj, bsecure);
+        }
+    }
+
+    int WirePacketSendFunction(ZT_Node *node,
+        void *userData,
+        const struct sockaddr_storage *localAddress,
+        const struct sockaddr_storage *remoteAddress,
+        const void *buffer,
+        unsigned int bufferSize,
+        unsigned int ttl)
+    {
+        LOGV("WirePacketSendFunction(%p, %p, %p, %d)", localAddress, remoteAddress, buffer, bufferSize);
+        JniRef *ref = (JniRef*)userData;
+        assert(ref->node == node);
+
+        JNIEnv *env = NULL;
+        ref->jvm->GetEnv((void**)&env, JNI_VERSION_1_6);
+
+
+        jclass packetSenderClass = env->GetObjectClass(ref->packetSender);
+        if(packetSenderClass == NULL)
+        {
+            LOGE("Couldn't find class for PacketSender instance");
+            return -1;
+        }
+
+        jmethodID packetSenderCallbackMethod = lookup.findMethod(packetSenderClass,
+            "onSendPacketRequested", "(Ljava/net/InetSocketAddress;Ljava/net/InetSocketAddress;[BI)I");
+        if(packetSenderCallbackMethod == NULL)
+        {
+            LOGE("Couldn't find onSendPacketRequested method");
+            return -2;
+        }
+        
+        jobject localAddressObj = NULL;
+        if(memcmp(localAddress, &ZT_SOCKADDR_NULL, sizeof(sockaddr_storage)) != 0)
+        {
+            localAddressObj = newInetSocketAddress(env, *localAddress);
+        }
+
+        jobject remoteAddressObj = newInetSocketAddress(env, *remoteAddress);
+        jbyteArray bufferObj = env->NewByteArray(bufferSize);
+        env->SetByteArrayRegion(bufferObj, 0, bufferSize, (jbyte*)buffer);
+        int retval = env->CallIntMethod(ref->packetSender, packetSenderCallbackMethod, localAddressObj, remoteAddressObj, bufferObj);
+
+        LOGV("JNI Packet Sender returned: %d", retval);
+        return retval;
+    }
+
+    typedef std::map<uint64_t, JniRef*> NodeMap;
+    static NodeMap nodeMap;
+    ZeroTier::Mutex nodeMapMutex;
+
+    ZT_Node* findNode(uint64_t nodeId)
+    {
+        ZeroTier::Mutex::Lock lock(nodeMapMutex);
+        NodeMap::iterator found = nodeMap.find(nodeId);
+        if(found != nodeMap.end())
+        {
+            JniRef *ref = found->second;
+            return ref->node;
+        }
+        return NULL;
+    }
+}
+
+JNIEXPORT jint JNICALL JNI_OnLoad(JavaVM *vm, void *reserved) 
+{
+    lookup.setJavaVM(vm);
+    return JNI_VERSION_1_6;
+}
+
+JNIEXPORT void JNICALL JNI_OnUnload(JavaVM *vm, void *reserved)
+{
+
+}
+
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    node_init
+ * Signature: (J)Lcom/zerotier/sdk/ResultCode;
+ */
+JNIEXPORT jobject JNICALL Java_com_zerotier_sdk_Node_node_1init(
+    JNIEnv *env, jobject obj, jlong now)
+{
+    LOGV("Creating ZT_Node struct");
+    jobject resultObject = createResultObject(env, ZT_RESULT_OK);
+
+    ZT_Node *node;
+    JniRef *ref = new JniRef;
+    ref->id = (uint64_t)now;
+    env->GetJavaVM(&ref->jvm);
+
+    jclass cls = env->GetObjectClass(obj);
+    jfieldID fid = lookup.findField(
+        cls, "getListener", "Lcom/zerotier/sdk/DataStoreGetListener;");
+
+    if(fid == NULL)
+    {
+        return NULL; // exception already thrown
+    }
+
+    jobject tmp = env->GetObjectField(obj, fid);
+    if(tmp == NULL)
+    {
+        return NULL;
+    }
+    ref->dataStoreGetListener = env->NewGlobalRef(tmp);
+
+    fid = lookup.findField(
+        cls, "putListener", "Lcom/zerotier/sdk/DataStorePutListener;");
+
+    if(fid == NULL)
+    {
+        return NULL; // exception already thrown
+    }
+
+    tmp = env->GetObjectField(obj, fid);
+    if(tmp == NULL)
+    {
+        return NULL;
+    }
+    ref->dataStorePutListener = env->NewGlobalRef(tmp);
+
+    fid = lookup.findField(
+        cls, "sender", "Lcom/zerotier/sdk/PacketSender;");
+    if(fid == NULL)
+    {
+        return NULL; // exception already thrown
+    }
+
+    tmp = env->GetObjectField(obj, fid);
+    if(tmp == NULL)
+    {
+        return NULL;
+    }
+    ref->packetSender = env->NewGlobalRef(tmp);
+
+    fid = lookup.findField(
+        cls, "frameListener", "Lcom/zerotier/sdk/VirtualNetworkFrameListener;");
+    if(fid == NULL)
+    {
+        return NULL; // exception already thrown
+    }
+
+    tmp = env->GetObjectField(obj, fid);
+    if(tmp == NULL)
+    {
+        return NULL;
+    }
+    ref->frameListener = env->NewGlobalRef(tmp);
+
+    fid = lookup.findField(
+        cls, "configListener", "Lcom/zerotier/sdk/VirtualNetworkConfigListener;");
+    if(fid == NULL)
+    {
+        return NULL; // exception already thrown
+    }
+
+    tmp = env->GetObjectField(obj, fid);
+    if(tmp == NULL)
+    {
+        return NULL;
+    }
+    ref->configListener = env->NewGlobalRef(tmp);
+
+    fid = lookup.findField(
+        cls, "eventListener", "Lcom/zerotier/sdk/EventListener;");
+    if(fid == NULL)
+    {
+        return NULL;
+    }
+
+    tmp = env->GetObjectField(obj, fid);
+    if(tmp == NULL)
+    {
+        return NULL;
+    }
+    ref->eventListener = env->NewGlobalRef(tmp);
+
+    ZT_ResultCode rc = ZT_Node_new(
+        &node,
+        ref,
+        (uint64_t)now,
+        &DataStoreGetFunction,
+        &DataStorePutFunction,
+        &WirePacketSendFunction,
+        &VirtualNetworkFrameFunctionCallback,
+        &VirtualNetworkConfigFunctionCallback,
+        NULL,
+        &EventCallback);
+
+    if(rc != ZT_RESULT_OK)
+    {
+        LOGE("Error creating Node: %d", rc);
+        resultObject = createResultObject(env, rc);
+        if(node)
+        {
+            ZT_Node_delete(node);
+            node = NULL;
+        }
+        delete ref;
+        ref = NULL;
+        return resultObject;
+    }
+
+    ZeroTier::Mutex::Lock lock(nodeMapMutex);
+    ref->node = node;
+    nodeMap.insert(std::make_pair(ref->id, ref));
+    
+
+    return resultObject;
+}
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    node_delete
+ * Signature: (J)V
+ */
+JNIEXPORT void JNICALL Java_com_zerotier_sdk_Node_node_1delete(
+    JNIEnv *env, jobject obj, jlong id)
+{
+    LOGV("Destroying ZT_Node struct");
+    uint64_t nodeId = (uint64_t)id;
+
+    NodeMap::iterator found;
+    {
+        ZeroTier::Mutex::Lock lock(nodeMapMutex);  
+        found = nodeMap.find(nodeId);
+    }
+
+    if(found != nodeMap.end())
+    {
+        JniRef *ref = found->second;
+        nodeMap.erase(found);
+
+        ZT_Node_delete(ref->node);
+
+        delete ref;
+        ref = NULL;
+    }
+    else
+    {
+        LOGE("Attempted to delete a node that doesn't exist!");
+    }
+}
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    processVirtualNetworkFrame
+ * Signature: (JJJJJII[B[J)Lcom/zerotier/sdk/ResultCode;
+ */
+JNIEXPORT jobject JNICALL Java_com_zerotier_sdk_Node_processVirtualNetworkFrame(
+    JNIEnv *env, jobject obj, 
+    jlong id, 
+    jlong in_now, 
+    jlong in_nwid,
+    jlong in_sourceMac,
+    jlong in_destMac,
+    jint in_etherType,
+    jint in_vlanId,
+    jbyteArray in_frameData,
+    jlongArray out_nextBackgroundTaskDeadline)
+{
+    uint64_t nodeId = (uint64_t) id;
+    
+    ZT_Node *node = findNode(nodeId);
+    if(node == NULL)
+    {
+        // cannot find valid node.  We should  never get here.
+        return createResultObject(env, ZT_RESULT_FATAL_ERROR_INTERNAL);
+    }
+
+    unsigned int nbtd_len = env->GetArrayLength(out_nextBackgroundTaskDeadline);
+    if(nbtd_len < 1)
+    {
+        // array for next background task length has 0 elements!
+        return createResultObject(env, ZT_RESULT_FATAL_ERROR_INTERNAL);
+    }
+
+    uint64_t now = (uint64_t)in_now;
+    uint64_t nwid = (uint64_t)in_nwid;
+    uint64_t sourceMac = (uint64_t)in_sourceMac;
+    uint64_t destMac = (uint64_t)in_destMac;
+    unsigned int etherType = (unsigned int)in_etherType;
+    unsigned int vlanId = (unsigned int)in_vlanId;
+
+    unsigned int frameLength = env->GetArrayLength(in_frameData);
+    void *frameData = env->GetPrimitiveArrayCritical(in_frameData, NULL);
+    void *localData = malloc(frameLength);
+    memcpy(localData, frameData, frameLength);
+    env->ReleasePrimitiveArrayCritical(in_frameData, frameData, 0);
+
+    uint64_t nextBackgroundTaskDeadline = 0;
+
+    ZT_ResultCode rc = ZT_Node_processVirtualNetworkFrame(
+        node,
+        now,
+        nwid,
+        sourceMac,
+        destMac,
+        etherType,
+        vlanId,
+        (const void*)localData,
+        frameLength,
+        &nextBackgroundTaskDeadline);
+
+    jlong *outDeadline = (jlong*)env->GetPrimitiveArrayCritical(out_nextBackgroundTaskDeadline, NULL);
+    outDeadline[0] = (jlong)nextBackgroundTaskDeadline;
+    env->ReleasePrimitiveArrayCritical(out_nextBackgroundTaskDeadline, outDeadline, 0);
+
+    return createResultObject(env, rc);
+}
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    processWirePacket
+ * Signature: (JJLjava/net/InetSocketAddress;I[B[J)Lcom/zerotier/sdk/ResultCode;
+ */
+JNIEXPORT jobject JNICALL Java_com_zerotier_sdk_Node_processWirePacket(
+    JNIEnv *env, jobject obj, 
+    jlong id,
+    jlong in_now, 
+    jobject in_localAddress,
+    jobject in_remoteAddress,
+    jbyteArray in_packetData,
+    jlongArray out_nextBackgroundTaskDeadline)
+{
+    uint64_t nodeId = (uint64_t) id;
+    ZT_Node *node = findNode(nodeId);
+    if(node == NULL)
+    {
+        // cannot find valid node.  We should  never get here.
+        LOGE("Couldn't find a valid node!");
+        return createResultObject(env, ZT_RESULT_FATAL_ERROR_INTERNAL);
+    }
+
+    unsigned int nbtd_len = env->GetArrayLength(out_nextBackgroundTaskDeadline);
+    if(nbtd_len < 1)
+    {
+        LOGE("nbtd_len < 1");
+        return createResultObject(env, ZT_RESULT_FATAL_ERROR_INTERNAL);
+    }
+
+    uint64_t now = (uint64_t)in_now;
+
+    // get the java.net.InetSocketAddress class and getAddress() method
+    jclass inetAddressClass = lookup.findClass("java/net/InetAddress");
+    if(inetAddressClass == NULL)
+    {
+        LOGE("Can't find InetAddress class");
+        // can't find java.net.InetAddress
+        return createResultObject(env, ZT_RESULT_FATAL_ERROR_INTERNAL);
+    }
+
+    jmethodID getAddressMethod = lookup.findMethod(
+        inetAddressClass, "getAddress", "()[B");
+    if(getAddressMethod == NULL)
+    {
+        // cant find InetAddress.getAddres()
+        return createResultObject(env, ZT_RESULT_FATAL_ERROR_INTERNAL);
+    }
+
+    jclass InetSocketAddressClass = lookup.findClass("java/net/InetSocketAddress");
+    if(InetSocketAddressClass == NULL)
+    {
+        return createResultObject(env, ZT_RESULT_FATAL_ERROR_INTERNAL);
+    }
+
+    jmethodID inetSockGetAddressMethod = lookup.findMethod(
+        InetSocketAddressClass, "getAddress", "()Ljava/net/InetAddress;");
+
+    jobject localAddrObj = NULL;
+    if(in_localAddress != NULL)
+    {
+        localAddrObj = env->CallObjectMethod(in_localAddress, inetSockGetAddressMethod);
+    }
+
+    jobject remoteAddrObject = env->CallObjectMethod(in_remoteAddress, inetSockGetAddressMethod);
+
+    if(remoteAddrObject == NULL)
+    {
+        return createResultObject(env, ZT_RESULT_FATAL_ERROR_INTERNAL);
+    }
+
+    jmethodID inetSock_getPort = lookup.findMethod(
+        InetSocketAddressClass, "getPort", "()I");
+
+    if(env->ExceptionCheck() || inetSock_getPort == NULL) 
+    {
+        LOGE("Couldn't find getPort method on InetSocketAddress");
+        return createResultObject(env, ZT_RESULT_FATAL_ERROR_INTERNAL);
+    }
+
+    // call InetSocketAddress.getPort()
+    int remotePort = env->CallIntMethod(in_remoteAddress, inetSock_getPort);
+    if(env->ExceptionCheck())
+    {
+        LOGE("Exception calling InetSocketAddress.getPort()");
+        return createResultObject(env, ZT_RESULT_FATAL_ERROR_INTERNAL);
+    }
+
+    // Call InetAddress.getAddress()
+    jbyteArray remoteAddressArray = (jbyteArray)env->CallObjectMethod(remoteAddrObject, getAddressMethod);
+    if(remoteAddressArray == NULL)
+    {
+        LOGE("Unable to call getAddress()");
+        // unable to call getAddress()
+        return createResultObject(env, ZT_RESULT_FATAL_ERROR_INTERNAL);
+    }
+
+    unsigned int addrSize = env->GetArrayLength(remoteAddressArray);
+    
+
+    sockaddr_storage localAddress = {};
+    
+    if(localAddrObj == NULL)
+    {
+        localAddress = ZT_SOCKADDR_NULL;
+    }
+    else
+    {
+        int localPort = env->CallIntMethod(in_localAddress, inetSock_getPort);
+        jbyteArray localAddressArray = (jbyteArray)env->CallObjectMethod(localAddrObj, getAddressMethod);
+        if(localAddressArray != NULL)
+        {
+
+            unsigned int localAddrSize = env->GetArrayLength(localAddressArray);
+            jbyte *addr = (jbyte*)env->GetPrimitiveArrayCritical(localAddressArray, NULL);
+
+            if(localAddrSize == 16)
+            {
+                sockaddr_in6 ipv6 = {};
+                ipv6.sin6_family = AF_INET6;
+                ipv6.sin6_port = htons(localPort);
+                memcpy(ipv6.sin6_addr.s6_addr, addr, 16);
+                memcpy(&localAddress, &ipv6, sizeof(sockaddr_in6));
+            }
+            else if(localAddrSize)
+            {
+                // IPV4 address
+                sockaddr_in ipv4 = {};
+                ipv4.sin_family = AF_INET;
+                ipv4.sin_port = htons(localPort);
+                memcpy(&ipv4.sin_addr, addr, 4);
+                memcpy(&localAddress, &ipv4, sizeof(sockaddr_in));
+            }
+            else
+            {
+                localAddress = ZT_SOCKADDR_NULL;
+            }
+            env->ReleasePrimitiveArrayCritical(localAddressArray, addr, 0);
+        }
+    }
+
+    // get the address bytes
+    jbyte *addr = (jbyte*)env->GetPrimitiveArrayCritical(remoteAddressArray, NULL);
+    sockaddr_storage remoteAddress = {};
+
+    if(addrSize == 16)
+    {
+        // IPV6 address
+        sockaddr_in6 ipv6 = {};
+        ipv6.sin6_family = AF_INET6;
+        ipv6.sin6_port = htons(remotePort);
+        memcpy(ipv6.sin6_addr.s6_addr, addr, 16);
+        memcpy(&remoteAddress, &ipv6, sizeof(sockaddr_in6));
+    }
+    else if(addrSize == 4)
+    {
+        // IPV4 address
+        sockaddr_in ipv4 = {};
+        ipv4.sin_family = AF_INET;
+        ipv4.sin_port = htons(remotePort);
+        memcpy(&ipv4.sin_addr, addr, 4);
+        memcpy(&remoteAddress, &ipv4, sizeof(sockaddr_in));
+    }
+    else
+    {
+        LOGE("Unknown IP version");
+        // unknown address type
+        env->ReleasePrimitiveArrayCritical(remoteAddressArray, addr, 0);
+        return createResultObject(env, ZT_RESULT_FATAL_ERROR_INTERNAL);
+    }
+    env->ReleasePrimitiveArrayCritical(remoteAddressArray, addr, 0);
+
+    unsigned int packetLength = env->GetArrayLength(in_packetData);
+    if(packetLength == 0)
+    {
+        LOGE("Empty packet?!?");
+        return createResultObject(env, ZT_RESULT_FATAL_ERROR_INTERNAL);
+    }
+    void *packetData = env->GetPrimitiveArrayCritical(in_packetData, NULL);
+    void *localData = malloc(packetLength);
+    memcpy(localData, packetData, packetLength);
+    env->ReleasePrimitiveArrayCritical(in_packetData, packetData, 0);
+
+    uint64_t nextBackgroundTaskDeadline = 0;
+
+    ZT_ResultCode rc = ZT_Node_processWirePacket(
+        node,
+        now,
+        &localAddress,
+        &remoteAddress,
+        localData,
+        packetLength,
+        &nextBackgroundTaskDeadline);
+    if(rc != ZT_RESULT_OK) 
+    {
+        LOGE("ZT_Node_processWirePacket returned: %d", rc);
+    }
+
+    free(localData);
+
+    jlong *outDeadline = (jlong*)env->GetPrimitiveArrayCritical(out_nextBackgroundTaskDeadline, NULL);
+    outDeadline[0] = (jlong)nextBackgroundTaskDeadline;
+    env->ReleasePrimitiveArrayCritical(out_nextBackgroundTaskDeadline, outDeadline, 0);
+
+    return createResultObject(env, rc);
+}
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    processBackgroundTasks
+ * Signature: (JJ[J)Lcom/zerotier/sdk/ResultCode;
+ */
+JNIEXPORT jobject JNICALL Java_com_zerotier_sdk_Node_processBackgroundTasks(
+    JNIEnv *env, jobject obj, 
+    jlong id,
+    jlong in_now,
+    jlongArray out_nextBackgroundTaskDeadline)
+{
+    uint64_t nodeId = (uint64_t) id;
+    ZT_Node *node = findNode(nodeId);
+    if(node == NULL)
+    {
+        // cannot find valid node.  We should  never get here.
+        return createResultObject(env, ZT_RESULT_FATAL_ERROR_INTERNAL);
+    }
+
+    unsigned int nbtd_len = env->GetArrayLength(out_nextBackgroundTaskDeadline);
+    if(nbtd_len < 1)
+    {
+        return createResultObject(env, ZT_RESULT_FATAL_ERROR_INTERNAL);
+    }
+
+    uint64_t now = (uint64_t)in_now;
+    uint64_t nextBackgroundTaskDeadline = 0;
+
+    ZT_ResultCode rc = ZT_Node_processBackgroundTasks(node, now, &nextBackgroundTaskDeadline);
+
+    jlong *outDeadline = (jlong*)env->GetPrimitiveArrayCritical(out_nextBackgroundTaskDeadline, NULL);
+    outDeadline[0] = (jlong)nextBackgroundTaskDeadline;
+    env->ReleasePrimitiveArrayCritical(out_nextBackgroundTaskDeadline, outDeadline, 0);
+
+    return createResultObject(env, rc);
+}
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    join
+ * Signature: (JJ)Lcom/zerotier/sdk/ResultCode;
+ */
+JNIEXPORT jobject JNICALL Java_com_zerotier_sdk_Node_join(
+    JNIEnv *env, jobject obj, jlong id, jlong in_nwid)
+{
+    uint64_t nodeId = (uint64_t) id;
+    ZT_Node *node = findNode(nodeId);
+    if(node == NULL)
+    {
+        // cannot find valid node.  We should  never get here.
+        return createResultObject(env, ZT_RESULT_FATAL_ERROR_INTERNAL);
+    }
+
+    uint64_t nwid = (uint64_t)in_nwid;
+
+    ZT_ResultCode rc = ZT_Node_join(node, nwid, NULL);
+
+    return createResultObject(env, rc);
+}
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    leave
+ * Signature: (JJ)Lcom/zerotier/sdk/ResultCode;
+ */
+JNIEXPORT jobject JNICALL Java_com_zerotier_sdk_Node_leave(
+    JNIEnv *env, jobject obj, jlong id, jlong in_nwid)
+{
+    uint64_t nodeId = (uint64_t) id;
+    ZT_Node *node = findNode(nodeId);
+    if(node == NULL)
+    {
+        // cannot find valid node.  We should  never get here.
+        return createResultObject(env, ZT_RESULT_FATAL_ERROR_INTERNAL);
+    }
+
+    uint64_t nwid = (uint64_t)in_nwid;
+
+    ZT_ResultCode rc = ZT_Node_leave(node, nwid, NULL);
+    
+    return createResultObject(env, rc);
+}
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    multicastSubscribe
+ * Signature: (JJJJ)Lcom/zerotier/sdk/ResultCode;
+ */
+JNIEXPORT jobject JNICALL Java_com_zerotier_sdk_Node_multicastSubscribe(
+    JNIEnv *env, jobject obj, 
+    jlong id, 
+    jlong in_nwid,
+    jlong in_multicastGroup,
+    jlong in_multicastAdi)
+{
+    uint64_t nodeId = (uint64_t) id;
+    ZT_Node *node = findNode(nodeId);
+    if(node == NULL)
+    {
+        // cannot find valid node.  We should  never get here.
+        return createResultObject(env, ZT_RESULT_FATAL_ERROR_INTERNAL);
+    }
+
+    uint64_t nwid = (uint64_t)in_nwid;
+    uint64_t multicastGroup = (uint64_t)in_multicastGroup;
+    unsigned long multicastAdi = (unsigned long)in_multicastAdi;
+
+    ZT_ResultCode rc = ZT_Node_multicastSubscribe(
+        node, nwid, multicastGroup, multicastAdi);
+
+    return createResultObject(env, rc);
+}
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    multicastUnsubscribe
+ * Signature: (JJJJ)Lcom/zerotier/sdk/ResultCode;
+ */
+JNIEXPORT jobject JNICALL Java_com_zerotier_sdk_Node_multicastUnsubscribe(
+    JNIEnv *env, jobject obj, 
+    jlong id, 
+    jlong in_nwid,
+    jlong in_multicastGroup,
+    jlong in_multicastAdi)
+{
+    uint64_t nodeId = (uint64_t) id;
+    ZT_Node *node = findNode(nodeId);
+    if(node == NULL)
+    {
+        // cannot find valid node.  We should  never get here.
+        return createResultObject(env, ZT_RESULT_FATAL_ERROR_INTERNAL);
+    }
+
+    uint64_t nwid = (uint64_t)in_nwid;
+    uint64_t multicastGroup = (uint64_t)in_multicastGroup;
+    unsigned long multicastAdi = (unsigned long)in_multicastAdi;
+
+    ZT_ResultCode rc = ZT_Node_multicastUnsubscribe(
+        node, nwid, multicastGroup, multicastAdi);
+
+    return createResultObject(env, rc);
+}
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    address
+ * Signature: (J)J
+ */
+JNIEXPORT jlong JNICALL Java_com_zerotier_sdk_Node_address(
+    JNIEnv *env , jobject obj, jlong id)
+{
+    uint64_t nodeId = (uint64_t) id;
+    ZT_Node *node = findNode(nodeId);
+    if(node == NULL)
+    {
+        // cannot find valid node.  We should  never get here.
+        return 0;
+    }
+
+    uint64_t address = ZT_Node_address(node);
+    return (jlong)address;
+}
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    status
+ * Signature: (J)Lcom/zerotier/sdk/NodeStatus;
+ */
+JNIEXPORT jobject JNICALL Java_com_zerotier_sdk_Node_status
+   (JNIEnv *env, jobject obj, jlong id)
+{
+    uint64_t nodeId = (uint64_t) id;
+    ZT_Node *node = findNode(nodeId);
+    if(node == NULL)
+    {
+        // cannot find valid node.  We should  never get here.
+        return 0;
+    }
+
+    jclass nodeStatusClass = NULL;
+    jmethodID nodeStatusConstructor = NULL;
+
+    // create a com.zerotier.sdk.NodeStatus object
+    nodeStatusClass = lookup.findClass("com/zerotier/sdk/NodeStatus");
+    if(nodeStatusClass == NULL)
+    {
+        return NULL;
+    }
+    
+    nodeStatusConstructor = lookup.findMethod(
+        nodeStatusClass, "<init>", "()V");
+    if(nodeStatusConstructor == NULL)
+    {
+        return NULL;
+    }
+
+    jobject nodeStatusObj = env->NewObject(nodeStatusClass, nodeStatusConstructor);
+    if(nodeStatusObj == NULL)
+    {
+        return NULL;
+    }
+
+    ZT_NodeStatus nodeStatus;
+    ZT_Node_status(node, &nodeStatus);
+
+    jfieldID addressField = NULL;
+    jfieldID publicIdentityField = NULL;
+    jfieldID secretIdentityField = NULL;
+    jfieldID onlineField = NULL;
+
+    addressField = lookup.findField(nodeStatusClass, "address", "J");
+    if(addressField == NULL)
+    {
+        return NULL;
+    }
+
+    publicIdentityField = lookup.findField(nodeStatusClass, "publicIdentity", "Ljava/lang/String;");
+    if(publicIdentityField == NULL)
+    {
+        return NULL;
+    }
+
+    secretIdentityField = lookup.findField(nodeStatusClass, "secretIdentity", "Ljava/lang/String;");
+    if(secretIdentityField == NULL)
+    {
+        return NULL;
+    }
+
+    onlineField = lookup.findField(nodeStatusClass, "online", "Z");
+    if(onlineField == NULL)
+    {
+        return NULL;
+    }
+
+    env->SetLongField(nodeStatusObj, addressField, nodeStatus.address);
+
+    jstring pubIdentStr = env->NewStringUTF(nodeStatus.publicIdentity);
+    if(pubIdentStr == NULL)
+    {
+        return NULL; // out of memory
+    }
+    env->SetObjectField(nodeStatusObj, publicIdentityField, pubIdentStr);
+
+    jstring secIdentStr = env->NewStringUTF(nodeStatus.secretIdentity);
+    if(secIdentStr == NULL)
+    {
+        return NULL; // out of memory
+    }
+    env->SetObjectField(nodeStatusObj, secretIdentityField, secIdentStr);
+
+    env->SetBooleanField(nodeStatusObj, onlineField, nodeStatus.online);
+
+    return nodeStatusObj;
+}
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    networkConfig
+ * Signature: (J)Lcom/zerotier/sdk/VirtualNetworkConfig;
+ */
+JNIEXPORT jobject JNICALL Java_com_zerotier_sdk_Node_networkConfig(
+    JNIEnv *env, jobject obj, jlong id, jlong nwid)
+{
+    uint64_t nodeId = (uint64_t) id;
+    ZT_Node *node = findNode(nodeId);
+    if(node == NULL)
+    {
+        // cannot find valid node.  We should  never get here.
+        return 0;
+    }
+
+    ZT_VirtualNetworkConfig *vnetConfig = ZT_Node_networkConfig(node, nwid);
+    
+    jobject vnetConfigObject = newNetworkConfig(env, *vnetConfig);
+
+    ZT_Node_freeQueryResult(node, vnetConfig);
+
+    return vnetConfigObject;
+}
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    version
+ * Signature: (J)Lcom/zerotier/sdk/Version;
+ */
+JNIEXPORT jobject JNICALL Java_com_zerotier_sdk_Node_version(
+    JNIEnv *env, jobject obj)
+{
+    int major = 0;
+    int minor = 0;
+    int revision = 0;
+
+    ZT_version(&major, &minor, &revision);
+
+    return newVersion(env, major, minor, revision);
+}
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    peers
+ * Signature: (J)[Lcom/zerotier/sdk/Peer;
+ */
+JNIEXPORT jobjectArray JNICALL Java_com_zerotier_sdk_Node_peers(
+    JNIEnv *env, jobject obj, jlong id)
+{
+    uint64_t nodeId = (uint64_t) id;
+    ZT_Node *node = findNode(nodeId);
+    if(node == NULL)
+    {
+        // cannot find valid node.  We should  never get here.
+        return 0;
+    }
+
+    ZT_PeerList *peerList = ZT_Node_peers(node);
+    
+    if(peerList == NULL)
+    {
+        LOGE("ZT_Node_peers returned NULL");
+        return NULL;
+    }
+
+    int peerCount = peerList->peerCount * 100;
+    LOGV("Ensure Local Capacity: %d", peerCount);
+    if(env->EnsureLocalCapacity(peerCount))
+    {
+        LOGE("EnsureLocalCapacity failed!!");
+        ZT_Node_freeQueryResult(node, peerList);
+        return NULL;
+    }
+
+    jclass peerClass = lookup.findClass("com/zerotier/sdk/Peer");
+    if(env->ExceptionCheck() || peerClass == NULL)
+    {
+        LOGE("Error finding Peer class");
+        ZT_Node_freeQueryResult(node, peerList);
+        return NULL;
+    }
+
+    jobjectArray peerArrayObj = env->NewObjectArray(
+        peerList->peerCount, peerClass, NULL);
+
+    if(env->ExceptionCheck() || peerArrayObj == NULL)
+    {
+        LOGE("Error creating Peer[] array");
+        ZT_Node_freeQueryResult(node, peerList);
+        return NULL;
+    }
+
+
+    for(unsigned int i = 0; i < peerList->peerCount; ++i)
+    {
+        jobject peerObj = newPeer(env, peerList->peers[i]);
+        env->SetObjectArrayElement(peerArrayObj, i, peerObj);
+        if(env->ExceptionCheck()) 
+        {
+            LOGE("Error assigning Peer object to array");
+            break;
+        }
+    }
+
+    ZT_Node_freeQueryResult(node, peerList);
+    peerList = NULL;
+
+    return peerArrayObj;
+}
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    networks
+ * Signature: (J)[Lcom/zerotier/sdk/VirtualNetworkConfig;
+ */
+JNIEXPORT jobjectArray JNICALL Java_com_zerotier_sdk_Node_networks(
+    JNIEnv *env, jobject obj, jlong id)
+{
+    uint64_t nodeId = (uint64_t) id;
+    ZT_Node *node = findNode(nodeId);
+    if(node == NULL)
+    {
+        // cannot find valid node.  We should  never get here.
+        return 0;
+    }
+
+    ZT_VirtualNetworkList *networkList = ZT_Node_networks(node);
+    if(networkList == NULL)
+    {
+        return NULL;
+    }
+
+    jclass vnetConfigClass = lookup.findClass("com/zerotier/sdk/VirtualNetworkConfig");
+    if(env->ExceptionCheck() || vnetConfigClass == NULL)
+    {
+        LOGE("Error finding VirtualNetworkConfig class");
+        ZT_Node_freeQueryResult(node, networkList);
+        return NULL;
+    }
+
+    jobjectArray networkListObject = env->NewObjectArray(
+        networkList->networkCount, vnetConfigClass, NULL);
+    if(env->ExceptionCheck() || networkListObject == NULL)
+    {
+        LOGE("Error creating VirtualNetworkConfig[] array");
+        ZT_Node_freeQueryResult(node, networkList);
+        return NULL;
+    }
+
+    for(unsigned int i = 0; i < networkList->networkCount; ++i)
+    {
+        jobject networkObject = newNetworkConfig(env, networkList->networks[i]);
+        env->SetObjectArrayElement(networkListObject, i, networkObject);
+        if(env->ExceptionCheck())
+        {
+            LOGE("Error assigning VirtualNetworkConfig object to array");
+            break;
+        }
+    }
+
+    ZT_Node_freeQueryResult(node, networkList);
+
+    return networkListObject;
+}
+
+#ifdef __cplusplus
+} // extern "C"
+#endif
\ No newline at end of file
diff --git a/java/jni/com_zerotierone_sdk_Node.h b/java/jni/com_zerotierone_sdk_Node.h
new file mode 100644
index 0000000..7c1011a
--- /dev/null
+++ b/java/jni/com_zerotierone_sdk_Node.h
@@ -0,0 +1,133 @@
+/* DO NOT EDIT THIS FILE - it is machine generated */
+#include <jni.h>
+/* Header for class com_zerotier_sdk_Node */
+
+#ifndef _Included_com_zerotierone_sdk_Node
+#define _Included_com_zerotierone_sdk_Node
+#ifdef __cplusplus
+extern "C" {
+#endif
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    node_init
+ * Signature: (J)Lcom/zerotier/sdk/ResultCode;
+ */
+JNIEXPORT jobject JNICALL Java_com_zerotier_sdk_Node_node_1init
+  (JNIEnv *, jobject, jlong);
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    node_delete
+ * Signature: (J)V
+ */
+JNIEXPORT void JNICALL Java_com_zerotier_sdk_Node_node_1delete
+  (JNIEnv *, jobject, jlong);
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    processVirtualNetworkFrame
+ * Signature: (JJJJJII[B[J)Lcom/zerotier/sdk/ResultCode;
+ */
+JNIEXPORT jobject JNICALL Java_com_zerotier_sdk_Node_processVirtualNetworkFrame
+  (JNIEnv *, jobject, jlong, jlong, jlong, jlong, jlong, jint, jint, jbyteArray, jlongArray);
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    processWirePacket
+ * Signature: (JJLjava/net/InetSockAddress;Ljava/net/InetSockAddress;[B[J)Lcom/zerotier/sdk/ResultCode;
+ */
+JNIEXPORT jobject JNICALL Java_com_zerotier_sdk_Node_processWirePacket
+  (JNIEnv *, jobject, jlong, jlong, jobject, jobject, jbyteArray, jlongArray);
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    processBackgroundTasks
+ * Signature: (JJ[J)Lcom/zerotier/sdk/ResultCode;
+ */
+JNIEXPORT jobject JNICALL Java_com_zerotier_sdk_Node_processBackgroundTasks
+  (JNIEnv *, jobject, jlong, jlong, jlongArray);
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    join
+ * Signature: (JJ)Lcom/zerotier/sdk/ResultCode;
+ */
+JNIEXPORT jobject JNICALL Java_com_zerotier_sdk_Node_join
+  (JNIEnv *, jobject, jlong, jlong);
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    leave
+ * Signature: (JJ)Lcom/zerotier/sdk/ResultCode;
+ */
+JNIEXPORT jobject JNICALL Java_com_zerotier_sdk_Node_leave
+  (JNIEnv *, jobject, jlong, jlong);
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    multicastSubscribe
+ * Signature: (JJJJ)Lcom/zerotier/sdk/ResultCode;
+ */
+JNIEXPORT jobject JNICALL Java_com_zerotier_sdk_Node_multicastSubscribe
+  (JNIEnv *, jobject, jlong, jlong, jlong, jlong);
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    multicastUnsubscribe
+ * Signature: (JJJJ)Lcom/zerotier/sdk/ResultCode;
+ */
+JNIEXPORT jobject JNICALL Java_com_zerotier_sdk_Node_multicastUnsubscribe
+  (JNIEnv *, jobject, jlong, jlong, jlong, jlong);
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    address
+ * Signature: (J)J
+ */
+JNIEXPORT jlong JNICALL Java_com_zerotier_sdk_Node_address
+  (JNIEnv *, jobject, jlong);
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    status
+ * Signature: (J)Lcom/zerotier/sdk/NodeStatus;
+ */
+JNIEXPORT jobject JNICALL Java_com_zerotier_sdk_Node_status
+  (JNIEnv *, jobject, jlong);
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    networkConfig
+ * Signature: (JJ)Lcom/zerotier/sdk/VirtualNetworkConfig;
+ */
+JNIEXPORT jobject JNICALL Java_com_zerotier_sdk_Node_networkConfig
+  (JNIEnv *, jobject, jlong, jlong);
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    version
+ * Signature: ()Lcom/zerotier/sdk/Version;
+ */
+JNIEXPORT jobject JNICALL Java_com_zerotier_sdk_Node_version
+  (JNIEnv *, jobject);
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    peers
+ * Signature: (J)[Lcom/zerotier/sdk/Peer;
+ */
+JNIEXPORT jobjectArray JNICALL Java_com_zerotier_sdk_Node_peers
+  (JNIEnv *, jobject, jlong);
+
+/*
+ * Class:     com_zerotier_sdk_Node
+ * Method:    networks
+ * Signature: (J)[Lcom/zerotier/sdk/VirtualNetworkConfig;
+ */
+JNIEXPORT jobjectArray JNICALL Java_com_zerotier_sdk_Node_networks
+  (JNIEnv *, jobject, jlong);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/java/src/com/zerotier/sdk/DataStoreGetListener.java b/java/src/com/zerotier/sdk/DataStoreGetListener.java
new file mode 100644
index 0000000..b525be6
--- /dev/null
+++ b/java/src/com/zerotier/sdk/DataStoreGetListener.java
@@ -0,0 +1,58 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+package com.zerotier.sdk;
+
+public interface DataStoreGetListener {
+
+    /**
+     * Function to get an object from the data store
+     *
+     * <p>Object names can contain forward slash (/) path separators. They will
+     * never contain .. or backslash (\), so this is safe to map as a Unix-style
+     * path if the underlying storage permits. For security reasons we recommend
+     * returning errors if .. or \ are used.</p>
+     *
+     * <p>The function must return the actual number of bytes read. If the object
+     * doesn't exist, it should return -1. -2 should be returned on other errors
+     * such as errors accessing underlying storage.</p>
+     *
+     * <p>If the read doesn't fit in the buffer, the max number of bytes should be
+     * read. The caller may call the function multiple times to read the whole
+     * object.</p>
+     *
+     * @param name Name of the object in the data store
+     * @param out_buffer buffer to put the object in
+     * @param bufferIndex index in the object to start reading
+     * @param out_objectSize long[1] to be set to the actual size of the object if it exists.
+     * @return the actual number of bytes read.
+     */
+    public long onDataStoreGet(
+            String name,
+            byte[] out_buffer,
+            long bufferIndex,
+            long[] out_objectSize);
+}
diff --git a/java/src/com/zerotier/sdk/DataStorePutListener.java b/java/src/com/zerotier/sdk/DataStorePutListener.java
new file mode 100644
index 0000000..77e5502
--- /dev/null
+++ b/java/src/com/zerotier/sdk/DataStorePutListener.java
@@ -0,0 +1,59 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+package com.zerotier.sdk;
+
+public interface DataStorePutListener {
+
+    /**
+     * Function to store an object in the data store
+     *
+     * <p>If secure is true, the file should be set readable and writable only
+     * to the user running ZeroTier One. What this means is platform-specific.</p>
+     *
+     * <p>Name semantics are the same as {@link DataStoreGetListener}. This must return 
+     * zero on success. You can return any OS-specific error code on failure, as these
+     * may be visible in logs or error messages and might aid in debugging.</p>
+     *
+     * @param name Object name
+     * @param buffer data to store
+     * @param secure set to user read/write only.
+     * @return 0 on success.
+     */
+    public int onDataStorePut(
+        String name,
+        byte[] buffer,
+        boolean secure);
+
+    /**
+     * Function to delete an object from the data store
+     * 
+     * @param name Object name
+     * @return 0 on success.
+     */
+    public int onDelete(
+        String name);
+}
diff --git a/java/src/com/zerotier/sdk/Event.java b/java/src/com/zerotier/sdk/Event.java
new file mode 100644
index 0000000..22d350e
--- /dev/null
+++ b/java/src/com/zerotier/sdk/Event.java
@@ -0,0 +1,98 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+package com.zerotier.sdk;
+
+public enum Event {
+    /**
+     * Node has been initialized
+     *
+     * This is the first event generated, and is always sent. It may occur
+     * before Node's constructor returns.
+     */
+	EVENT_UP,
+
+    /**
+     * Node is offline -- network does not seem to be reachable by any available strategy
+     */
+	EVENT_OFFLINE,
+
+    /**
+     * Node is online -- at least one upstream node appears reachable
+     *
+     * Meta-data: none
+     */
+    EVENT_ONLINE,
+
+    /**
+     * Node is shutting down
+     * 
+     * <p>This is generated within Node's destructor when it is being shut down.
+     * It's done for convenience, since cleaning up other state in the event
+     * handler may appear more idiomatic.</p>
+     */
+	EVENT_DOWN,
+
+    /**
+     * Your identity has collided with another node's ZeroTier address
+     * 
+     * <p>This happens if two different public keys both hash (via the algorithm
+     * in Identity::generate()) to the same 40-bit ZeroTier address.</p>
+     * 
+     * <p>This is something you should "never" see, where "never" is defined as
+     * once per 2^39 new node initializations / identity creations. If you do
+     * see it, you're going to see it very soon after a node is first
+     * initialized.</p>
+     * 
+     * <p>This is reported as an event rather than a return code since it's
+     * detected asynchronously via error messages from authoritative nodes.</p>
+     * 
+     * <p>If this occurs, you must shut down and delete the node, delete the
+     * identity.secret record/file from the data store, and restart to generate
+     * a new identity. If you don't do this, you will not be able to communicate
+     * with other nodes.</p>
+     * 
+     * <p>We'd automate this process, but we don't think silently deleting
+     * private keys or changing our address without telling the calling code
+     * is good form. It violates the principle of least surprise.</p>
+     * 
+     * <p>You can technically get away with not handling this, but we recommend
+     * doing so in a mature reliable application. Besides, handling this
+     * condition is a good way to make sure it never arises. It's like how
+     * umbrellas prevent rain and smoke detectors prevent fires. They do, right?</p>
+     */
+	EVENT_FATAL_ERROR_IDENTITY_COLLISION,
+
+    /**
+     * Trace (debugging) message
+     *
+     * <p>These events are only generated if this is a TRACE-enabled build.</p>
+     *
+     * <p>Meta-data: {@link String}, TRACE message</p>
+     */
+	EVENT_TRACE
+}
\ No newline at end of file
diff --git a/java/src/com/zerotier/sdk/EventListener.java b/java/src/com/zerotier/sdk/EventListener.java
new file mode 100644
index 0000000..91050aa
--- /dev/null
+++ b/java/src/com/zerotier/sdk/EventListener.java
@@ -0,0 +1,52 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+package com.zerotier.sdk;
+
+import java.net.InetSocketAddress;
+import java.lang.String;
+
+/**
+ * Interface to handle callbacks for ZeroTier One events.
+ */
+public interface EventListener {
+    /**
+     * Callback for events with no other associated metadata
+     * 
+     * @param event {@link Event} enum
+     */
+    public void onEvent(Event event);
+    
+    /**
+     * Trace messages
+     * 
+     * <p>These events are only generated if the underlying ZeroTierOne SDK is a TRACE-enabled build.</p>
+     *
+     * @param message the trace message
+     */
+    public void onTrace(String message);
+}
diff --git a/java/src/com/zerotier/sdk/NativeUtils.java b/java/src/com/zerotier/sdk/NativeUtils.java
new file mode 100644
index 0000000..07e1ef5
--- /dev/null
+++ b/java/src/com/zerotier/sdk/NativeUtils.java
@@ -0,0 +1,93 @@
+package com.zerotier.sdk;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+ 
+/**
+ * Simple library class for working with JNI (Java Native Interface)
+ * 
+ * @see http://adamheinrich.com/2012/how-to-load-native-jni-library-from-jar
+ *
+ * @author Adam Heirnich <adam@adamh.cz>, http://www.adamh.cz
+ */
+public class NativeUtils {
+ 
+    /**
+     * Private constructor - this class will never be instanced
+     */
+    private NativeUtils() {
+    }
+ 
+    /**
+     * Loads library from current JAR archive
+     * 
+     * The file from JAR is copied into system temporary directory and then loaded. The temporary file is deleted after exiting.
+     * Method uses String as filename because the pathname is "abstract", not system-dependent.
+     * 
+     * @param filename The filename inside JAR as absolute path (beginning with '/'), e.g. /package/File.ext
+     * @throws IOException If temporary file creation or read/write operation fails
+     * @throws IllegalArgumentException If source file (param path) does not exist
+     * @throws IllegalArgumentException If the path is not absolute or if the filename is shorter than three characters (restriction of {@see File#createTempFile(java.lang.String, java.lang.String)}).
+     */
+    public static void loadLibraryFromJar(String path) throws IOException {
+ 
+        if (!path.startsWith("/")) {
+            throw new IllegalArgumentException("The path has to be absolute (start with '/').");
+        }
+ 
+        // Obtain filename from path
+        String[] parts = path.split("/");
+        String filename = (parts.length > 1) ? parts[parts.length - 1] : null;
+ 
+        // Split filename to prexif and suffix (extension)
+        String prefix = "";
+        String suffix = null;
+        if (filename != null) {
+            parts = filename.split("\\.", 2);
+            prefix = parts[0];
+            suffix = (parts.length > 1) ? "."+parts[parts.length - 1] : null; // Thanks, davs! :-)
+        }
+ 
+        // Check if the filename is okay
+        if (filename == null || prefix.length() < 3) {
+            throw new IllegalArgumentException("The filename has to be at least 3 characters long.");
+        }
+ 
+        // Prepare temporary file
+        File temp = File.createTempFile(prefix, suffix);
+        temp.deleteOnExit();
+ 
+        if (!temp.exists()) {
+            throw new FileNotFoundException("File " + temp.getAbsolutePath() + " does not exist.");
+        }
+ 
+        // Prepare buffer for data copying
+        byte[] buffer = new byte[1024];
+        int readBytes;
+ 
+        // Open and check input stream
+        InputStream is = NativeUtils.class.getResourceAsStream(path);
+        if (is == null) {
+            throw new FileNotFoundException("File " + path + " was not found inside JAR.");
+        }
+ 
+        // Open output stream and copy data between source file in JAR and the temporary file
+        OutputStream os = new FileOutputStream(temp);
+        try {
+            while ((readBytes = is.read(buffer)) != -1) {
+                os.write(buffer, 0, readBytes);
+            }
+        } finally {
+            // If read/write fails, close streams safely before throwing an exception
+            os.close();
+            is.close();
+        }
+ 
+        // Finally, load the library
+        System.load(temp.getAbsolutePath());
+    }
+}
\ No newline at end of file
diff --git a/java/src/com/zerotier/sdk/Node.java b/java/src/com/zerotier/sdk/Node.java
new file mode 100644
index 0000000..4bc6e18
--- /dev/null
+++ b/java/src/com/zerotier/sdk/Node.java
@@ -0,0 +1,434 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+package com.zerotier.sdk;
+
+import java.net.InetSocketAddress;
+import java.util.ArrayList;
+import java.io.IOException;
+
+/**
+ * A ZeroTier One node
+ */
+public class Node {
+	static {
+        try {
+    		System.loadLibrary("ZeroTierOneJNI");
+        } catch (UnsatisfiedLinkError e) {
+            try { 
+                if(System.getProperty("os.name").startsWith("Windows")) {
+                    System.out.println("Arch: " + System.getProperty("sun.arch.data.model"));
+                    if(System.getProperty("sun.arch.data.model").equals("64")) {
+                        NativeUtils.loadLibraryFromJar("/lib/ZeroTierOneJNI_win64.dll");
+                    } else {
+                        NativeUtils.loadLibraryFromJar("/lib/ZeroTierOneJNI_win32.dll");
+                    }
+                } else if(System.getProperty("os.name").startsWith("Mac")) {
+                    NativeUtils.loadLibraryFromJar("/lib/libZeroTierOneJNI.jnilib");
+                } else {
+                    // TODO: Linux
+                }
+            } catch (IOException ioe) {
+                ioe.printStackTrace();
+            }
+        }
+	}
+
+    private static final String TAG = "NODE";
+
+    /**
+     * Node ID for JNI purposes.
+     * Currently set to the now value passed in at the constructor
+     * 
+     * -1 if the node has already been closed
+     */
+    private long nodeId;
+
+    private final DataStoreGetListener getListener;
+    private final DataStorePutListener putListener;
+    private final PacketSender sender;
+    private final EventListener eventListener;
+    private final VirtualNetworkFrameListener frameListener;
+    private final VirtualNetworkConfigListener configListener;
+    
+    /**
+     * Create a new ZeroTier One node
+     *
+     * <p>Note that this can take a few seconds the first time it's called, as it
+     * will generate an identity.</p>
+     *
+     * @param now Current clock in milliseconds
+     * @param getListener User written instance of the {@link DataStoreGetListener} interface called to get objects from persistent storage.  This instance must be unique per Node object.
+     * @param putListener User written intstance of the {@link DataStorePutListener} interface called to put objects in persistent storage.  This instance must be unique per Node object.
+     * @param sender
+     * @param eventListener User written instance of the {@link EventListener} interface to receive status updates and non-fatal error notices.  This instance must be unique per Node object.
+     * @param frameListener 
+     * @param configListener User written instance of the {@link VirtualNetworkConfigListener} interface to be called when virtual LANs are created, deleted, or their config parameters change.  This instance must be unique per Node object.
+     */
+	public Node(long now,
+                DataStoreGetListener getListener,
+                DataStorePutListener putListener,
+                PacketSender sender,
+                EventListener eventListener,
+                VirtualNetworkFrameListener frameListener,
+                VirtualNetworkConfigListener configListener) throws NodeException
+	{
+        this.nodeId = now;
+
+        this.getListener = getListener;
+        this.putListener = putListener;
+        this.sender = sender;
+        this.eventListener = eventListener;
+        this.frameListener = frameListener;
+        this.configListener = configListener;
+
+        ResultCode rc = node_init(now);
+        if(rc != ResultCode.RESULT_OK)
+        {
+            // TODO: Throw Exception
+            throw new NodeException(rc.toString());
+        }
+	}
+
+    /**
+      * Close this Node.
+      * 
+      * <p>The Node object can no longer be used once this method is called.</p>
+      */
+    public void close() {
+        if(nodeId != -1) {
+            node_delete(nodeId);
+            nodeId = -1;
+        }
+    }
+
+    @Override
+    protected void finalize() {
+        close();
+    }
+
+    /**
+     * Process a frame from a virtual network port
+     *
+     * @param now Current clock in milliseconds
+     * @param nwid ZeroTier 64-bit virtual network ID
+     * @param sourceMac Source MAC address (least significant 48 bits)
+     * @param destMac Destination MAC address (least significant 48 bits)
+     * @param etherType 16-bit Ethernet frame type
+     * @param vlanId 10-bit VLAN ID or 0 if none
+     * @param frameData Frame payload data
+     * @param nextBackgroundTaskDeadline Value/result: set to deadline for next call to processBackgroundTasks()
+     * @return OK (0) or error code if a fatal error condition has occurred
+     */
+    public ResultCode processVirtualNetworkFrame(
+        long now,
+        long nwid,
+        long sourceMac,
+        long destMac,
+        int etherType,
+        int vlanId,
+        byte[] frameData,
+        long[] nextBackgroundTaskDeadline) {
+        return processVirtualNetworkFrame(
+            nodeId, now, nwid, sourceMac, destMac, etherType, vlanId, 
+            frameData, nextBackgroundTaskDeadline);
+    }
+
+    /**
+     * Process a packet received from the physical wire
+     *
+     * @param now Current clock in milliseconds
+     * @param remoteAddress Origin of packet
+     * @param packetData Packet data
+     * @param nextBackgroundTaskDeadline Value/result: set to deadline for next call to processBackgroundTasks()
+     * @return OK (0) or error code if a fatal error condition has occurred
+     */
+    public ResultCode processWirePacket(
+        long now,
+        InetSocketAddress localAddress,
+        InetSocketAddress remoteAddress,
+        byte[] packetData,
+        long[] nextBackgroundTaskDeadline) {
+        return processWirePacket(
+            nodeId, now, localAddress, remoteAddress, packetData, 
+            nextBackgroundTaskDeadline);
+    }
+
+    /**
+     * Perform periodic background operations
+     *
+     * @param now Current clock in milliseconds
+     * @param nextBackgroundTaskDeadline Value/result: set to deadline for next call to processBackgroundTasks()
+     * @return OK (0) or error code if a fatal error condition has occurred
+     */
+    public ResultCode processBackgroundTasks(long now, long[] nextBackgroundTaskDeadline) {
+        return processBackgroundTasks(nodeId, now, nextBackgroundTaskDeadline);
+    }
+
+    /**
+     * Join a network
+     *
+     * <p>This may generate calls to the port config callback before it returns,
+     * or these may be deffered if a netconf is not available yet.</p>
+     *
+     * <p>If we are already a member of the network, nothing is done and OK is
+     * returned.</p>
+     *
+     * @param nwid 64-bit ZeroTier network ID
+     * @return OK (0) or error code if a fatal error condition has occurred
+     */
+    public ResultCode join(long nwid) {
+        return join(nodeId, nwid);
+    }
+
+    /**
+     * Leave a network
+     *
+     * <p>If a port has been configured for this network this will generate a call
+     * to the port config callback with a NULL second parameter to indicate that
+     * the port is now deleted.</p>
+     *
+     * @param nwid 64-bit network ID
+     * @return OK (0) or error code if a fatal error condition has occurred
+     */
+    public ResultCode leave(long nwid) {
+        return leave(nodeId, nwid);
+    }
+
+    /**
+     * Subscribe to an Ethernet multicast group
+     *
+     * <p>For IPv4 ARP, the implementation must subscribe to 0xffffffffffff (the
+     * broadcast address) but with an ADI equal to each IPv4 address in host
+     * byte order. This converts ARP from a non-scalable broadcast protocol to
+     * a scalable multicast protocol with perfect address specificity.</p>
+     *
+     * <p>If this is not done, ARP will not work reliably.</p>
+     *
+     * <p>Multiple calls to subscribe to the same multicast address will have no
+     * effect. It is perfectly safe to do this.</p>
+     *
+     * <p>This does not generate an update call to the {@link VirtualNetworkConfigListener#onNetworkConfigurationUpdated} method.</p>
+     *
+     * @param nwid 64-bit network ID
+     * @param multicastGroup Ethernet multicast or broadcast MAC (least significant 48 bits)
+     * @return OK (0) or error code if a fatal error condition has occurred
+     */
+    public ResultCode multicastSubscribe(
+		long nwid,
+		long multicastGroup) {
+		return multicastSubscribe(nodeId, nwid, multicastGroup, 0);
+	}
+
+    /**
+     * Subscribe to an Ethernet multicast group
+     *
+     * <p>ADI stands for additional distinguishing information. This defaults to zero
+     * and is rarely used. Right now its only use is to enable IPv4 ARP to scale,
+     * and this must be done.</p>
+     *
+     * <p>For IPv4 ARP, the implementation must subscribe to 0xffffffffffff (the
+     * broadcast address) but with an ADI equal to each IPv4 address in host
+     * byte order. This converts ARP from a non-scalable broadcast protocol to
+     * a scalable multicast protocol with perfect address specificity.</p>
+     *
+     * <p>If this is not done, ARP will not work reliably.</p>
+     *
+     * <p>Multiple calls to subscribe to the same multicast address will have no
+     * effect. It is perfectly safe to do this.</p>
+     *
+     * <p>This does not generate an update call to the {@link VirtualNetworkConfigListener#onNetworkConfigurationUpdated} method.</p>
+     *
+     * @param nwid 64-bit network ID
+     * @param multicastGroup Ethernet multicast or broadcast MAC (least significant 48 bits)
+     * @param multicastAdi Multicast ADI (least significant 32 bits only, default: 0)
+     * @return OK (0) or error code if a fatal error condition has occurred
+     */
+    public ResultCode multicastSubscribe(
+        long nwid,
+        long multicastGroup,
+        long multicastAdi) {
+        return multicastSubscribe(nodeId, nwid, multicastGroup, multicastAdi);
+    }
+
+
+    /**
+     * Unsubscribe from an Ethernet multicast group (or all groups)
+     *
+     * <p>If multicastGroup is zero (0), this will unsubscribe from all groups. If
+     * you are not subscribed to a group this has no effect.</p>
+     *
+     * <p>This does not generate an update call to the {@link VirtualNetworkConfigListener#onNetworkConfigurationUpdated} method.</p>
+     *
+     * @param nwid 64-bit network ID
+     * @param multicastGroup Ethernet multicast or broadcast MAC (least significant 48 bits)
+     * @return OK (0) or error code if a fatal error condition has occurred
+     */
+	public ResultCode multicastUnsubscribe(
+		long nwid,
+		long multicastGroup) {
+		return multicastUnsubscribe(nodeId, nwid, multicastGroup, 0);
+	}
+
+    /**
+     * Unsubscribe from an Ethernet multicast group (or all groups)
+     *
+     * <p>If multicastGroup is zero (0), this will unsubscribe from all groups. If
+     * you are not subscribed to a group this has no effect.</p>
+     *
+     * <p>This does not generate an update call to the {@link VirtualNetworkConfigListener#onNetworkConfigurationUpdated} method.</p>
+     *
+     * <p>ADI stands for additional distinguishing information. This defaults to zero
+     * and is rarely used. Right now its only use is to enable IPv4 ARP to scale,
+     * and this must be done.</p>
+     *
+     * @param nwid 64-bit network ID
+     * @param multicastGroup Ethernet multicast or broadcast MAC (least significant 48 bits)
+     * @param multicastAdi Multicast ADI (least significant 32 bits only, default: 0)
+     * @return OK (0) or error code if a fatal error condition has occurred
+     */
+    public ResultCode multicastUnsubscribe(
+        long nwid,
+        long multicastGroup,
+        long multicastAdi) {
+        return multicastUnsubscribe(nodeId, nwid, multicastGroup, multicastAdi);
+    }
+
+    /**
+     * Get this node's 40-bit ZeroTier address
+     *
+     * @return ZeroTier address (least significant 40 bits of 64-bit int)
+     */
+    public long address() {
+        return address(nodeId);
+    }
+
+    /**
+     * Get the status of this node
+     *
+     * @return @{link NodeStatus} struct with the current node status.
+     */
+    public NodeStatus status() {
+        return status(nodeId);
+    }
+
+    /**
+     * Get a list of known peer nodes
+     *
+     * @return List of known peers or NULL on failure
+     */
+    public Peer[] peers() {
+        return peers(nodeId);
+    }
+
+    /**
+     * Get the status of a virtual network
+     *
+     * @param nwid 64-bit network ID
+     * @return {@link VirtualNetworkConfig} or NULL if we are not a member of this network
+     */
+    public VirtualNetworkConfig networkConfig(long nwid) {
+        return networkConfig(nodeId, nwid);
+    }
+
+    /**
+     * Enumerate and get status of all networks
+     *
+     * @return List of networks or NULL on failure
+     */
+    public VirtualNetworkConfig[] networks() {
+        return networks(nodeId);
+    }
+
+    /**
+     * Get ZeroTier One version
+     *
+     * @return {@link Version} object with ZeroTierOne version information.
+     */
+    public Version getVersion() {
+        return version();
+    }
+
+    //
+    // function declarations for JNI
+    //
+    private native ResultCode node_init(long now);
+
+    private native void node_delete(long nodeId);
+
+    private native ResultCode processVirtualNetworkFrame(
+        long nodeId,
+        long now,
+        long nwid,
+        long sourceMac,
+        long destMac,
+        int etherType,
+        int vlanId,
+        byte[] frameData,
+        long[] nextBackgroundTaskDeadline);
+
+    private native ResultCode processWirePacket(
+        long nodeId,
+        long now,
+        InetSocketAddress localAddress,
+        InetSocketAddress remoteAddress,
+        byte[] packetData,
+        long[] nextBackgroundTaskDeadline);
+
+    private native ResultCode processBackgroundTasks(
+        long nodeId,
+        long now,
+        long[] nextBackgroundTaskDeadline);
+
+    private native ResultCode join(long nodeId, long nwid);
+
+    private native ResultCode leave(long nodeId, long nwid);
+
+    private native ResultCode multicastSubscribe(
+        long nodeId,
+        long nwid,
+        long multicastGroup,
+        long multicastAdi);
+
+    private native ResultCode multicastUnsubscribe(
+        long nodeId,
+        long nwid,
+        long multicastGroup,
+        long multicastAdi);
+
+    private native long address(long nodeId);
+
+    private native NodeStatus status(long nodeId);
+
+    private native VirtualNetworkConfig networkConfig(long nodeId, long nwid);
+
+    private native Version version();
+
+    private native Peer[] peers(long nodeId);
+
+    private native VirtualNetworkConfig[] networks(long nodeId);
+}
\ No newline at end of file
diff --git a/java/src/com/zerotier/sdk/NodeException.java b/java/src/com/zerotier/sdk/NodeException.java
new file mode 100644
index 0000000..1fdef72
--- /dev/null
+++ b/java/src/com/zerotier/sdk/NodeException.java
@@ -0,0 +1,36 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+package com.zerotier.sdk;
+
+import java.lang.RuntimeException;
+
+public class NodeException extends RuntimeException {
+    public NodeException(String message) {
+        super(message);
+    }
+}
\ No newline at end of file
diff --git a/java/src/com/zerotier/sdk/NodeStatus.java b/java/src/com/zerotier/sdk/NodeStatus.java
new file mode 100644
index 0000000..94376d8
--- /dev/null
+++ b/java/src/com/zerotier/sdk/NodeStatus.java
@@ -0,0 +1,69 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+package com.zerotier.sdk;
+
+public final class NodeStatus {
+	private long address;
+	private String publicIdentity;
+	private String secretIdentity;
+	private boolean online;
+
+	private NodeStatus() {}
+
+	/**
+	 * 40-bit ZeroTier address of this node
+	 */
+	public final long getAddres() {
+		return address;
+	}
+
+	/**
+	 * Public identity in string-serialized form (safe to send to others)
+	 *
+	 * <p>This identity will remain valid as long as the node exists.</p>
+	 */
+	public final String getPublicIdentity() {
+		return publicIdentity;
+	}
+
+	/**
+	 * Full identity including secret key in string-serialized form
+	 *
+	 * <p>This identity will remain valid as long as the node exists.</p>
+	 */
+	public final String getSecretIdentity() {
+		return secretIdentity;
+	}
+
+	/**
+	 * True if some kind of connectivity appears available
+	 */
+	public final boolean isOnline() {
+		return online;
+	}
+}
\ No newline at end of file
diff --git a/java/src/com/zerotier/sdk/PacketSender.java b/java/src/com/zerotier/sdk/PacketSender.java
new file mode 100644
index 0000000..22893ec
--- /dev/null
+++ b/java/src/com/zerotier/sdk/PacketSender.java
@@ -0,0 +1,50 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+package com.zerotier.sdk;
+
+import java.net.InetSocketAddress;
+
+
+public interface PacketSender {
+    /**
+     * Function to send a ZeroTier packet out over the wire
+     *
+     * <p>The function must return zero on success and may return any error code
+     * on failure. Note that success does not (of course) guarantee packet
+     * delivery. It only means that the packet appears to have been sent.</p>
+     *
+     * @param localAddr {@link InetSocketAddress} to send from.  Set to null if not specified.
+     * @param remoteAddr {@link InetSocketAddress} to send to
+     * @param packetData data to send
+     * @return 0 on success, any error code on failure.
+     */
+    public int onSendPacketRequested(
+            InetSocketAddress localAddr,
+            InetSocketAddress remoteAddr,
+            byte[] packetData,
+            int ttl);
+}
diff --git a/java/src/com/zerotier/sdk/Peer.java b/java/src/com/zerotier/sdk/Peer.java
new file mode 100644
index 0000000..fb2d106
--- /dev/null
+++ b/java/src/com/zerotier/sdk/Peer.java
@@ -0,0 +1,110 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+package com.zerotier.sdk;
+
+import java.util.ArrayList;
+
+/**
+ * Peer status result
+ */
+public final class Peer {
+    private long address;
+    private long lastUnicastFrame;
+    private long lastMulticastFrame;
+    private int versionMajor;
+    private int versionMinor;
+    private int versionRev;
+    private int latency;
+    private PeerRole role;
+    private PeerPhysicalPath[] paths;
+
+    private Peer() {}
+
+    /**
+     * ZeroTier address (40 bits)
+     */
+    public final long address() {
+        return address;
+    }
+
+    /**
+     * Time we last received a unicast frame from this peer
+     */
+    public final long lastUnicastFrame() {
+        return lastUnicastFrame;
+    }
+
+    /**
+     * Time we last received a multicast rame from this peer
+     */
+    public final long lastMulticastFrame() {
+        return lastMulticastFrame;
+    }
+
+    /**
+     * Remote major version or -1 if not known
+     */
+    public final int versionMajor() {
+        return versionMajor;
+    }
+
+    /**
+     * Remote minor version or -1 if not known
+     */
+    public final int versionMinor() {
+        return versionMinor;
+    }
+
+    /**
+     * Remote revision or -1 if not known
+     */
+    public final int versionRev() {
+        return versionRev;
+    }
+
+    /**
+     * Last measured latency in milliseconds or zero if unknown
+     */
+    public final int latency() {
+        return latency;
+    }
+
+    /**
+     * What trust hierarchy role does this device have?
+     */
+    public final PeerRole role() {
+        return role;
+    }
+
+    /**
+     * Known network paths to peer
+     */
+    public final PeerPhysicalPath[] paths() {
+        return paths;
+    }
+}
\ No newline at end of file
diff --git a/java/src/com/zerotier/sdk/PeerPhysicalPath.java b/java/src/com/zerotier/sdk/PeerPhysicalPath.java
new file mode 100644
index 0000000..d64ea56
--- /dev/null
+++ b/java/src/com/zerotier/sdk/PeerPhysicalPath.java
@@ -0,0 +1,86 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+package com.zerotier.sdk;
+
+import java.net.InetSocketAddress;
+
+/**
+ * Physical network path to a peer
+ */
+public final class PeerPhysicalPath {
+    private InetSocketAddress address;
+    private long lastSend;
+    private long lastReceive;
+    private boolean fixed;
+    private boolean active;
+    private boolean preferred;
+
+    private PeerPhysicalPath() {}
+
+    /**
+     * Address of endpoint
+     */
+    public final InetSocketAddress address() {
+        return address;
+    }
+
+    /**
+     * Time of last send in milliseconds or 0 for never
+     */
+    public final long lastSend() {
+        return lastSend;
+    }
+
+    /**
+     * Time of last receive in milliseconds or 0 for never
+     */
+    public final long lastReceive() {
+        return lastReceive;
+    }
+
+    /**
+     * Is path fixed? (i.e. not learned, static)
+     */
+    public final boolean isFixed() {
+        return fixed;
+    }
+
+    /**
+     * Is path active?
+     */
+    public final boolean isActive() {
+        return active;
+    }
+
+    /**
+     * Is path preferred?
+     */
+    public final boolean isPreferred() {
+        return preferred;
+    }
+}
\ No newline at end of file
diff --git a/java/src/com/zerotier/sdk/PeerRole.java b/java/src/com/zerotier/sdk/PeerRole.java
new file mode 100644
index 0000000..d7d55f0
--- /dev/null
+++ b/java/src/com/zerotier/sdk/PeerRole.java
@@ -0,0 +1,45 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+package com.zerotier.sdk;
+
+public enum PeerRole {
+    /**
+     * An ordinary node
+     */
+    PEER_ROLE_LEAF,
+
+    /**
+     * relay node
+     */
+    PEER_ROLE_RELAY,
+
+    /**
+     * root server
+     */
+    PEER_ROLE_ROOT
+}
\ No newline at end of file
diff --git a/java/src/com/zerotier/sdk/ResultCode.java b/java/src/com/zerotier/sdk/ResultCode.java
new file mode 100644
index 0000000..5da82b3
--- /dev/null
+++ b/java/src/com/zerotier/sdk/ResultCode.java
@@ -0,0 +1,74 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+package com.zerotier.sdk;
+
+/**
+ * Function return code: OK (0) or error results
+ *
+ * <p>Use {@link ResultCode#isFatal) to check for a fatal error. If a fatal error
+ * occurs, the node should be considered to not be working correctly. These
+ * indicate serious problems like an inaccessible data store or a compile
+ * problem.</p>
+ */
+public enum ResultCode {
+    /**
+     * Operation completed normally
+     */
+	RESULT_OK(0),
+
+    // Fatal errors (> 0, < 1000)
+    /**
+     * Ran out of memory
+     */
+	RESULT_FATAL_ERROR_OUT_OF_MEMORY(1),
+
+    /**
+     * Data store is not writable or has failed
+     */
+	RESULT_FATAL_ERROR_DATA_STORE_FAILED(2),
+
+    /**
+     * Internal error (e.g. unexpected exception indicating bug or build problem)
+     */
+	RESULT_FATAL_ERROR_INTERNAL(3),
+
+    // non-fatal errors
+
+    /**
+     * Network ID not valid
+     */
+	RESULT_ERROR_NETWORK_NOT_FOUND(1000);
+	
+	private final int id;
+    ResultCode(int id) { this.id = id; }
+    public int getValue() { return id; }
+
+    public boolean isFatal(int id) {
+    	return (id > 0 && id < 1000);
+    }
+}
\ No newline at end of file
diff --git a/java/src/com/zerotier/sdk/Version.java b/java/src/com/zerotier/sdk/Version.java
new file mode 100644
index 0000000..c93c259
--- /dev/null
+++ b/java/src/com/zerotier/sdk/Version.java
@@ -0,0 +1,36 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+package com.zerotier.sdk;
+
+public final class Version {
+    private Version() {}
+    
+	public int major = 0;
+	public int minor = 0;
+	public int revision = 0;
+}
\ No newline at end of file
diff --git a/java/src/com/zerotier/sdk/VirtualNetworkConfig.java b/java/src/com/zerotier/sdk/VirtualNetworkConfig.java
new file mode 100644
index 0000000..fbcbd3a
--- /dev/null
+++ b/java/src/com/zerotier/sdk/VirtualNetworkConfig.java
@@ -0,0 +1,191 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+package com.zerotier.sdk;
+
+import java.lang.Comparable;
+import java.lang.Override;
+import java.lang.String;
+import java.util.ArrayList;
+import java.net.InetSocketAddress;
+
+public final class VirtualNetworkConfig implements Comparable<VirtualNetworkConfig> {
+    public static final int MAX_MULTICAST_SUBSCRIPTIONS = 4096;
+    public static final int ZT_MAX_ZT_ASSIGNED_ADDRESSES = 16;
+
+    private long nwid;
+    private long mac;
+    private String name;
+    private VirtualNetworkStatus status;
+    private VirtualNetworkType type;
+    private int mtu;
+    private boolean dhcp;
+    private boolean bridge;
+    private boolean broadcastEnabled;
+    private int portError;
+    private boolean enabled;
+    private long netconfRevision;
+    private InetSocketAddress[] assignedAddresses;
+
+    private VirtualNetworkConfig() {
+
+    }
+
+    public boolean equals(VirtualNetworkConfig cfg) {
+        boolean aaEqual = true;
+        if(assignedAddresses.length == cfg.assignedAddresses.length) {
+            for(int i = 0; i < assignedAddresses.length; ++i) {
+                if(!assignedAddresses[i].equals(cfg.assignedAddresses[i])) {
+                    return false;
+                }
+            }
+        } else {
+            aaEqual = false;
+        }
+
+        return nwid == cfg.nwid &&
+               mac == cfg.mac &&
+               name.equals(cfg.name) &&
+               status.equals(cfg.status) &&
+               type.equals(cfg.type) &&
+               mtu == cfg.mtu &&
+               dhcp == cfg.dhcp &&
+               bridge == cfg.bridge &&
+               broadcastEnabled == cfg.broadcastEnabled &&
+               portError == cfg.portError &&
+               enabled == cfg.enabled &&
+               aaEqual;
+    }
+
+    public int compareTo(VirtualNetworkConfig cfg) {
+        if(cfg.nwid == this.nwid) {
+            return 0;
+        } else {
+            return this.nwid > cfg.nwid ? 1 : -1;
+        }
+    }
+
+    /**
+     * 64-bit ZeroTier network ID
+     */
+    public final long networkId() {
+        return nwid;
+    }
+
+    /**
+     * Ethernet MAC (40 bits) that should be assigned to port
+     */
+    public final long macAddress() {
+        return mac;
+    }
+
+    /**
+     * Network name (from network configuration master)
+     */
+    public final String name() {
+        return name;
+    }
+
+    /**
+     * Network configuration request status
+     */
+    public final VirtualNetworkStatus networkStatus() {
+        return status;
+    }
+
+    /**
+     * Network type
+     */
+    public final VirtualNetworkType networkType() {
+        return type;
+    }
+
+    /**
+     * Maximum interface MTU
+     */
+    public final int mtu() {
+        return mtu;
+    }
+
+    /**
+     * If the network this port belongs to indicates DHCP availability
+     *
+     * <p>This is a suggestion. The underlying implementation is free to ignore it
+     * for security or other reasons. This is simply a netconf parameter that
+     * means 'DHCP is available on this network.'</p>
+     */
+    public final boolean isDhcpAvailable() {
+        return dhcp;
+    }
+
+    /**
+     * If this port is allowed to bridge to other networks
+     *
+     * <p>This is informational. If this is false, bridged packets will simply
+     * be dropped and bridging won't work.</p>
+     */
+    public final boolean isBridgeEnabled() {
+        return bridge;
+    }
+
+    /**
+     * If true, this network supports and allows broadcast (ff:ff:ff:ff:ff:ff) traffic
+     */
+    public final boolean broadcastEnabled() {
+        return broadcastEnabled;
+    }
+
+    /**
+     * If the network is in PORT_ERROR state, this is the error most recently returned by the port config callback
+     */
+    public final int portError() {
+        return portError;
+    }
+
+    /**
+     * Network config revision as reported by netconf master
+     *
+     * <p>If this is zero, it means we're still waiting for our netconf.</p>
+     */
+    public final long netconfRevision() {
+        return netconfRevision;
+    }
+
+    /**
+     * ZeroTier-assigned addresses (in {@link java.net.InetSocketAddress} objects)
+     *
+     * For IP, the port number of the sockaddr_XX structure contains the number
+     * of bits in the address netmask. Only the IP address and port are used.
+     * Other fields like interface number can be ignored.
+     *
+     * This is only used for ZeroTier-managed address assignments sent by the
+     * virtual network's configuration master.
+     */
+    public final InetSocketAddress[] assignedAddresses() {
+        return assignedAddresses;
+    }
+}
diff --git a/java/src/com/zerotier/sdk/VirtualNetworkConfigListener.java b/java/src/com/zerotier/sdk/VirtualNetworkConfigListener.java
new file mode 100644
index 0000000..15ae301
--- /dev/null
+++ b/java/src/com/zerotier/sdk/VirtualNetworkConfigListener.java
@@ -0,0 +1,60 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+
+package com.zerotier.sdk;
+
+
+public interface VirtualNetworkConfigListener {
+    /**
+     * Callback called to update virtual network port configuration
+     *
+     * <p>This can be called at any time to update the configuration of a virtual
+     * network port. The parameter after the network ID specifies whether this
+     * port is being brought up, updated, brought down, or permanently deleted.
+     *
+     * This in turn should be used by the underlying implementation to create
+     * and configure tap devices at the OS (or virtual network stack) layer.</P>
+     *
+     * This should not call {@link Node#multicastSubscribe} or other network-modifying
+     * methods, as this could cause a deadlock in multithreaded or interrupt
+     * driven environments.
+     *
+     * This must return 0 on success. It can return any OS-dependent error code
+     * on failure, and this results in the network being placed into the
+     * PORT_ERROR state.
+     *
+     * @param nwid network id
+     * @param op {@link VirtualNetworkConfigOperation} enum describing the configuration operation
+     * @param config {@link VirtualNetworkConfig} object with the new configuration
+     * @return 0 on success
+     */
+    public int onNetworkConfigurationUpdated(
+            long nwid,
+            VirtualNetworkConfigOperation op,
+            VirtualNetworkConfig config);
+}
\ No newline at end of file
diff --git a/java/src/com/zerotier/sdk/VirtualNetworkConfigOperation.java b/java/src/com/zerotier/sdk/VirtualNetworkConfigOperation.java
new file mode 100644
index 0000000..b70eb47
--- /dev/null
+++ b/java/src/com/zerotier/sdk/VirtualNetworkConfigOperation.java
@@ -0,0 +1,49 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+package com.zerotier.sdk;
+
+public enum VirtualNetworkConfigOperation {
+    /**
+     * Network is coming up (either for the first time or after service restart)
+     */
+    VIRTUAL_NETWORK_CONFIG_OPERATION_UP,
+
+    /**
+     * Network configuration has been updated
+     */
+    VIRTUAL_NETWORK_CONFIG_OPERATION_CONFIG_UPDATE,
+
+    /**
+     * Network is going down (not permanently)
+     */
+    VIRTUAL_NETWORK_CONFIG_OPERATION_DOWN,
+
+    /**
+     * Network is going down permanently (leave/delete)
+     */
+    VIRTUAL_NETWORK_CONFIG_OPERATION_DESTROY
+}
diff --git a/java/src/com/zerotier/sdk/VirtualNetworkFrameListener.java b/java/src/com/zerotier/sdk/VirtualNetworkFrameListener.java
new file mode 100644
index 0000000..9ad3228
--- /dev/null
+++ b/java/src/com/zerotier/sdk/VirtualNetworkFrameListener.java
@@ -0,0 +1,48 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+
+package com.zerotier.sdk;
+
+public interface VirtualNetworkFrameListener {
+    /**
+     * Function to send a frame out to a virtual network port
+     * 
+     * @param nwid ZeroTier One network ID
+     * @param srcMac source MAC address
+     * @param destMac destination MAC address
+     * @param ethertype
+     * @param vlanId
+     * @param frameData data to send
+     */
+    public void onVirtualNetworkFrame(
+                long nwid,
+                long srcMac,
+                long destMac,
+                long etherType,
+                long vlanId,
+                byte[] frameData);
+}
diff --git a/java/src/com/zerotier/sdk/VirtualNetworkStatus.java b/java/src/com/zerotier/sdk/VirtualNetworkStatus.java
new file mode 100644
index 0000000..2d00561
--- /dev/null
+++ b/java/src/com/zerotier/sdk/VirtualNetworkStatus.java
@@ -0,0 +1,59 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+package com.zerotier.sdk;
+
+public enum VirtualNetworkStatus {
+    /**
+     * Waiting for network configuration (also means revision == 0)
+     */
+    NETWORK_STATUS_REQUESTING_CONFIGURATION,
+
+    /**
+     * Configuration received and we are authorized
+     */
+    NETWORK_STATUS_OK,
+
+    /**
+     * Netconf master told us 'nope'
+     */
+    NETWORK_STATUS_ACCESS_DENIED,
+
+    /**
+     * Netconf master exists, but this virtual network does not
+     */
+    NETWORK_STATUS_NOT_FOUND,
+
+    /**
+     * Initialization of network failed or other internal error
+     */
+    NETWORK_STATUS_PORT_ERROR,
+
+    /**
+     * ZeroTier One version too old
+     */
+    NETWORK_STATUS_CLIENT_TOO_OLD
+}
diff --git a/java/src/com/zerotier/sdk/VirtualNetworkType.java b/java/src/com/zerotier/sdk/VirtualNetworkType.java
new file mode 100644
index 0000000..ab1f4e0
--- /dev/null
+++ b/java/src/com/zerotier/sdk/VirtualNetworkType.java
@@ -0,0 +1,39 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2015  ZeroTier, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * --
+ *
+ * ZeroTier may be used and distributed under the terms of the GPLv3, which
+ * are available at: http://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * If you would like to embed ZeroTier into a commercial application or
+ * redistribute it in a modified binary form, please contact ZeroTier Networks
+ * LLC. Start here: http://www.zerotier.com/
+ */
+package com.zerotier.sdk;
+
+public enum VirtualNetworkType {
+    /**
+     * Private networks are authorized via certificates of membership
+     */
+    NETWORK_TYPE_PRIVATE,
+
+    /**
+     * Public networks have no access control -- they'll always be AUTHORIZED
+     */
+    NETWORK_TYPE_PUBLIC
+}
diff --git a/linux-build-farm/README.md b/linux-build-farm/README.md
new file mode 100644
index 0000000..8055eb0
--- /dev/null
+++ b/linux-build-farm/README.md
@@ -0,0 +1,8 @@
+Dockerized Linux Build Farm
+======
+
+This subfolder contains Dockerfiles and a script to build Linux packages for a variety of Linux distributions. It's also an excellent way to test your CPU fans and stress test your disk.
+
+Running `build.sh` with no arguments builds everything. You can run `build.sh` with the name of a distro (e.g. centos-7) to only build that. Both 32 and 64 bit packages are built except where no 32-bit version of the distribution exists.
+
+The `make-apt-repos.sh` and `make-rpm-repos.sh` scripts build repositories. They may require some editing for outside-of-ZeroTier use, and be careful with the apt one if you have an existing *aptly* configuration.
diff --git a/linux-build-farm/amazon-2016.03/x64/Dockerfile b/linux-build-farm/amazon-2016.03/x64/Dockerfile
new file mode 100644
index 0000000..bd1a246
--- /dev/null
+++ b/linux-build-farm/amazon-2016.03/x64/Dockerfile
@@ -0,0 +1,13 @@
+#FROM ambakshi/amazon-linux:2016.03
+#MAINTAINER Adam Ierymenko <adam.ierymenko@zerotier.com>
+
+#RUN yum update -y
+#RUN yum install -y epel-release
+#RUN yum install -y make development-tools rpmdevtools clang gcc-c++ ruby ruby-devel
+
+#RUN gem install ronn
+
+FROM zerotier/zt1-build-amazon-2016.03-x64-base
+MAINTAINER Adam Ierymenko <adam.ierymenko@zerotier.com>
+
+ADD zt1-src.tar.gz /
diff --git a/linux-build-farm/build.sh b/linux-build-farm/build.sh
new file mode 100755
index 0000000..0eb7c5d
--- /dev/null
+++ b/linux-build-farm/build.sh
@@ -0,0 +1,69 @@
+#!/bin/bash
+
+export PATH=/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin
+
+subdirs=$*
+if [ ! -n "$subdirs" ]; then
+	subdirs=`find . -type d -name '*-*' -printf '%f '`
+fi
+
+if [ ! -d ./ubuntu-trusty ]; then
+	echo 'Must run from linux-build-farm subfolder.'
+	exit 1
+fi
+
+rm -f zt1-src.tar.gz
+cd ..
+git archive --format=tar.gz --prefix=ZeroTierOne/ -o linux-build-farm/zt1-src.tar.gz HEAD
+cd linux-build-farm
+
+# Note that --privileged is used so we can bind mount VM shares when building in a VM.
+# It has no other impact or purpose, but probably doesn't matter here in any case.
+
+for distro in $subdirs; do
+	echo
+	echo "--- BUILDING FOR $distro ---"
+	echo
+
+	cd $distro
+
+	if [ -d x64 ]; then
+		cd x64
+		mv ../../zt1-src.tar.gz .
+		docker build -t zt1-build-${distro}-x64 .
+		mv zt1-src.tar.gz ../..
+		cd ..
+	fi
+
+	if [ -d x86 ]; then
+		cd x86
+		mv ../../zt1-src.tar.gz .
+		docker build -t zt1-build-${distro}-x86 .
+		mv zt1-src.tar.gz ../..
+		cd ..
+	fi
+
+	rm -f *.deb *.rpm
+
+#	exit 0
+
+	if [ ! -n "`echo $distro | grep -F debian`" -a ! -n "`echo $distro | grep -F ubuntu`" ]; then
+		if [ -d x64 ]; then
+			docker run --rm -v `pwd`:/artifacts --privileged -it zt1-build-${distro}-x64 /bin/bash -c 'cd /ZeroTierOne ; make redhat ; cd .. ; cp `find /root/rpmbuild -type f -name *.rpm` /artifacts ; ls -l /artifacts'
+		fi
+		if [ -d x86 ]; then
+			docker run --rm -v `pwd`:/artifacts --privileged -it zt1-build-${distro}-x86 /bin/bash -c 'cd /ZeroTierOne ; make redhat ; cd .. ; cp `find /root/rpmbuild -type f -name *.rpm` /artifacts ; ls -l /artifacts'
+		fi
+	else
+		if [ -d x64 ]; then
+			docker run --rm -v `pwd`:/artifacts --privileged -it zt1-build-${distro}-x64 /bin/bash -c 'cd /ZeroTierOne ; make debian ; cd .. ; cp *.deb /artifacts ; ls -l /artifacts'
+		fi
+		if [ -d x86 ]; then
+			docker run --rm -v `pwd`:/artifacts --privileged -it zt1-build-${distro}-x86 /bin/bash -c 'cd /ZeroTierOne ; make debian ; cd .. ; cp *.deb /artifacts ; ls -l /artifacts'
+		fi
+	fi
+
+	cd ..
+done
+
+rm -f zt1-src.tar.gz
diff --git a/linux-build-farm/centos-6/x64/Dockerfile b/linux-build-farm/centos-6/x64/Dockerfile
new file mode 100644
index 0000000..2796e42
--- /dev/null
+++ b/linux-build-farm/centos-6/x64/Dockerfile
@@ -0,0 +1,13 @@
+FROM centos:6
+MAINTAINER Adam Ierymenko <adam.ierymenko@zerotier.com>
+
+RUN yum update -y
+RUN yum install -y epel-release
+RUN yum install -y make development-tools rpmdevtools clang gcc-c++ tar
+
+RUN yum install -y nodejs npm
+
+# Stop use of http-parser-devel which is installed by nodejs/npm
+RUN rm -f /usr/include/http_parser.h
+
+ADD zt1-src.tar.gz /
diff --git a/linux-build-farm/centos-6/x86/Dockerfile b/linux-build-farm/centos-6/x86/Dockerfile
new file mode 100644
index 0000000..8192d13
--- /dev/null
+++ b/linux-build-farm/centos-6/x86/Dockerfile
@@ -0,0 +1,13 @@
+FROM toopher/centos-i386:centos6
+MAINTAINER Adam Ierymenko <adam.ierymenko@zerotier.com>
+
+RUN yum update -y
+RUN yum install -y epel-release
+RUN yum install -y make development-tools rpmdevtools clang gcc-c++ tar
+
+RUN yum install -y nodejs npm
+
+# Stop use of http-parser-devel which is installed by nodejs/npm
+RUN rm -f /usr/include/http_parser.h
+
+ADD zt1-src.tar.gz /
diff --git a/linux-build-farm/centos-7/x64/Dockerfile b/linux-build-farm/centos-7/x64/Dockerfile
new file mode 100644
index 0000000..10b5840
--- /dev/null
+++ b/linux-build-farm/centos-7/x64/Dockerfile
@@ -0,0 +1,10 @@
+FROM centos:7
+MAINTAINER Adam Ierymenko <adam.ierymenko@zerotier.com>
+
+RUN yum update -y
+RUN yum install -y epel-release
+RUN yum install -y make development-tools rpmdevtools clang gcc-c++ ruby ruby-devel
+
+RUN gem install ronn
+
+ADD zt1-src.tar.gz /
diff --git a/linux-build-farm/centos-7/x86/Dockerfile b/linux-build-farm/centos-7/x86/Dockerfile
new file mode 100644
index 0000000..a637a8d
--- /dev/null
+++ b/linux-build-farm/centos-7/x86/Dockerfile
@@ -0,0 +1,22 @@
+#FROM zerotier/centos7-32bit
+#MAINTAINER Adam Ierymenko <adam.ierymenko@zerotier.com>
+
+#RUN echo 'i686-redhat-linux' >/etc/rpm/platform
+
+#RUN yum update -y
+#RUN yum install -y make development-tools rpmdevtools http-parser-devel lz4-devel libnatpmp-devel
+
+#RUN yum install -y gcc-c++
+#RUN rpm --install --force https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
+#RUN rpm --install --force ftp://rpmfind.net/linux/centos/6.8/os/i386/Packages/libffi-3.0.5-3.2.el6.i686.rpm
+#RUN yum install -y clang
+
+FROM zerotier/zt1-build-centos-7-x86-base
+MAINTAINER Adam Ierymenko <adam.ierymenko@zerotier.com>
+
+RUN yum install -y ruby ruby-devel
+RUN gem install ronn
+
+#RUN rpm --erase http-parser-devel lz4-devel libnatpmp-devel
+
+ADD zt1-src.tar.gz /
diff --git a/linux-build-farm/debian-jessie/x64/Dockerfile b/linux-build-farm/debian-jessie/x64/Dockerfile
new file mode 100644
index 0000000..316c1d8
--- /dev/null
+++ b/linux-build-farm/debian-jessie/x64/Dockerfile
@@ -0,0 +1,12 @@
+FROM debian:jessie
+MAINTAINER Adam Ierymenko <adam.ierymenko@zerotier.com>
+
+RUN apt-get update
+RUN apt-get install -y build-essential debhelper libhttp-parser-dev liblz4-dev libnatpmp-dev dh-systemd ruby-ronn g++ make devscripts clang-3.5
+
+RUN ln -sf /usr/bin/clang++-3.5 /usr/bin/clang++
+RUN ln -sf /usr/bin/clang-3.5 /usr/bin/clang
+
+RUN dpkg --purge libhttp-parser-dev
+
+ADD zt1-src.tar.gz /
diff --git a/linux-build-farm/debian-jessie/x86/Dockerfile b/linux-build-farm/debian-jessie/x86/Dockerfile
new file mode 100644
index 0000000..3ad8332
--- /dev/null
+++ b/linux-build-farm/debian-jessie/x86/Dockerfile
@@ -0,0 +1,12 @@
+FROM 32bit/debian:jessie
+MAINTAINER Adam Ierymenko <adam.ierymenko@zerotier.com>
+
+RUN apt-get update
+RUN apt-get install -y build-essential debhelper libhttp-parser-dev liblz4-dev libnatpmp-dev dh-systemd ruby-ronn g++ make devscripts clang-3.5
+
+RUN ln -sf /usr/bin/clang++-3.5 /usr/bin/clang++
+RUN ln -sf /usr/bin/clang-3.5 /usr/bin/clang
+
+RUN dpkg --purge libhttp-parser-dev
+
+ADD zt1-src.tar.gz /
diff --git a/linux-build-farm/debian-stretch/x64/Dockerfile b/linux-build-farm/debian-stretch/x64/Dockerfile
new file mode 100644
index 0000000..c973c2b
--- /dev/null
+++ b/linux-build-farm/debian-stretch/x64/Dockerfile
@@ -0,0 +1,12 @@
+FROM debian:stretch
+MAINTAINER Adam Ierymenko <adam.ierymenko@zerotier.com>
+
+RUN apt-get update
+RUN apt-get install -y build-essential debhelper libhttp-parser-dev liblz4-dev libnatpmp-dev dh-systemd ruby-ronn g++ make devscripts clang
+
+#RUN ln -sf /usr/bin/clang++-3.5 /usr/bin/clang++
+#RUN ln -sf /usr/bin/clang-3.5 /usr/bin/clang
+
+RUN dpkg --purge libhttp-parser-dev
+
+ADD zt1-src.tar.gz /
diff --git a/linux-build-farm/debian-stretch/x86/Dockerfile b/linux-build-farm/debian-stretch/x86/Dockerfile
new file mode 100644
index 0000000..bfc7a86
--- /dev/null
+++ b/linux-build-farm/debian-stretch/x86/Dockerfile
@@ -0,0 +1,12 @@
+FROM mcandre/docker-debian-32bit:stretch
+MAINTAINER Adam Ierymenko <adam.ierymenko@zerotier.com>
+
+RUN apt-get update
+RUN apt-get install -y build-essential debhelper libhttp-parser-dev liblz4-dev libnatpmp-dev dh-systemd ruby-ronn g++ make devscripts clang
+
+#RUN ln -sf /usr/bin/clang++-3.5 /usr/bin/clang++
+#RUN ln -sf /usr/bin/clang-3.5 /usr/bin/clang
+
+RUN dpkg --purge libhttp-parser-dev
+
+ADD zt1-src.tar.gz /
diff --git a/linux-build-farm/debian-wheezy/x64/Dockerfile b/linux-build-farm/debian-wheezy/x64/Dockerfile
new file mode 100644
index 0000000..77e1c32
--- /dev/null
+++ b/linux-build-farm/debian-wheezy/x64/Dockerfile
@@ -0,0 +1,12 @@
+FROM debian:wheezy
+MAINTAINER Adam Ierymenko <adam.ierymenko@zerotier.com>
+
+RUN apt-get update
+RUN apt-get install -y build-essential debhelper ruby-ronn g++ make devscripts
+
+RUN dpkg --purge libhttp-parser-dev
+
+ADD zt1-src.tar.gz /
+
+RUN mv -f /ZeroTierOne/debian/control.wheezy /ZeroTierOne/debian/control
+RUN mv -f /ZeroTierOne/debian/rules.wheezy /ZeroTierOne/debian/rules
diff --git a/linux-build-farm/debian-wheezy/x86/Dockerfile b/linux-build-farm/debian-wheezy/x86/Dockerfile
new file mode 100644
index 0000000..1f0117d
--- /dev/null
+++ b/linux-build-farm/debian-wheezy/x86/Dockerfile
@@ -0,0 +1,15 @@
+#FROM tubia/debian:wheezy
+#MAINTAINER Adam Ierymenko <adam.ierymenko@zerotier.com>
+
+#RUN apt-get update
+#RUN apt-get install -y build-essential debhelper ruby-ronn g++ make devscripts
+
+FROM zerotier/zt1-build-debian-wheezy-x86-base
+MAINTAINER Adam Ierymenko <adam.ierymenko@zerotier.com>
+
+RUN dpkg --purge libhttp-parser-dev
+
+ADD zt1-src.tar.gz /
+
+RUN mv -f /ZeroTierOne/debian/control.wheezy /ZeroTierOne/debian/control
+RUN mv -f /ZeroTierOne/debian/rules.wheezy /ZeroTierOne/debian/rules
diff --git a/linux-build-farm/fedora-22/x64/Dockerfile b/linux-build-farm/fedora-22/x64/Dockerfile
new file mode 100644
index 0000000..6da0a92
--- /dev/null
+++ b/linux-build-farm/fedora-22/x64/Dockerfile
@@ -0,0 +1,10 @@
+FROM fedora:22
+MAINTAINER Adam Ierymenko <adam.ierymenko@zerotier.com>
+
+RUN yum update -y
+RUN yum install -y make rpmdevtools gcc-c++ rubygem-ronn json-parser-devel lz4-devel http-parser-devel libnatpmp-devel
+
+RUN rpm --erase http-parser-devel
+RUN yum install -y rubygem-ronn ruby
+
+ADD zt1-src.tar.gz /
diff --git a/linux-build-farm/fedora-22/x86/Dockerfile b/linux-build-farm/fedora-22/x86/Dockerfile
new file mode 100644
index 0000000..3c24b84
--- /dev/null
+++ b/linux-build-farm/fedora-22/x86/Dockerfile
@@ -0,0 +1,19 @@
+#FROM nickcis/fedora-32:22
+#MAINTAINER Adam Ierymenko <adam.ierymenko@zerotier.com>
+
+#RUN mkdir -p /etc/dnf/vars
+#RUN echo 'i386' >/etc/dnf/vars/basearch
+#RUN echo 'i386' >/etc/dnf/vars/arch
+
+#RUN yum update -y
+#RUN yum install -y make rpmdevtools gcc-c++ rubygem-ronn json-parser-devel lz4-devel http-parser-devel libnatpmp-devel
+
+FROM zerotier/zt1-build-fedora-22-x86-base
+MAINTAINER Adam Ierymenko <adam.ierymenko@zerotier.com>
+
+RUN echo 'i686-redhat-linux' >/etc/rpm/platform
+
+RUN rpm --erase http-parser-devel
+RUN yum install -y rubygem-ronn ruby
+
+ADD zt1-src.tar.gz /
diff --git a/linux-build-farm/make-apt-repos.sh b/linux-build-farm/make-apt-repos.sh
new file mode 100755
index 0000000..7a81cc5
--- /dev/null
+++ b/linux-build-farm/make-apt-repos.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# This builds a series of Debian repositories for each distribution.
+
+export PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin
+
+for distro in debian-* ubuntu-*; do
+	if [ -n "`find ${distro} -name '*.deb' -type f`" ]; then
+		arches=`ls ${distro}/*.deb | cut -d _ -f 3 | cut -d . -f 1 | xargs | sed 's/ /,/g'`
+		distro_name=`echo $distro | cut -d '-' -f 2`
+		echo '---' $distro / $distro_name / $arches
+		aptly repo create -architectures=${arches} -comment="ZeroTier, Inc. Debian Packages" -component="main" -distribution=${distro_name} zt-release-${distro_name}
+		aptly repo add zt-release-${distro_name} ${distro}/*.deb
+		aptly publish repo zt-release-${distro_name} $distro_name
+	fi
+done
diff --git a/linux-build-farm/make-rpm-repos.sh b/linux-build-farm/make-rpm-repos.sh
new file mode 100755
index 0000000..0ed1cfe
--- /dev/null
+++ b/linux-build-farm/make-rpm-repos.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+
+export PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin
+
+GPG_KEY=contact@zerotier.com
+
+rm -rf /tmp/zt-rpm-repo
+mkdir /tmp/zt-rpm-repo
+
+for distro in centos-* fedora-* amazon-*; do
+	dname=`echo $distro | cut -d '-' -f 1`
+	if [ "$dname" = "centos" ]; then
+		dname=el
+	fi
+	if [ "$dname" = "fedora" ]; then
+		dname=fc
+	fi
+	if [ "$dname" = "amazon" ]; then
+		dname=amzn1
+	fi
+	dvers=`echo $distro | cut -d '-' -f 2`
+
+	mkdir -p /tmp/zt-rpm-repo/$dname/$dvers
+
+	cp -v $distro/*.rpm /tmp/zt-rpm-repo/$dname/$dvers
+done
+
+rpmsign --resign --key-id=$GPG_KEY --digest-algo=sha256 `find /tmp/zt-rpm-repo -type f -name '*.rpm'`
+
+for db in `find /tmp/zt-rpm-repo -mindepth 2 -maxdepth 2 -type d`; do
+	createrepo --database $db
+done
+
+# Stupid RHEL stuff
+cd /tmp/zt-rpm-repo/el
+ln -sf 6 6Client
+ln -sf 6 6Workstation
+ln -sf 6 6Server
+ln -sf 6 6.0
+ln -sf 6 6.1
+ln -sf 6 6.2
+ln -sf 6 6.3
+ln -sf 6 6.4
+ln -sf 6 6.5
+ln -sf 6 6.6
+ln -sf 6 6.7
+ln -sf 6 6.8
+ln -sf 6 6.9
+ln -sf 7 7Client
+ln -sf 7 7Workstation
+ln -sf 7 7Server
+ln -sf 7 7.0
+ln -sf 7 7.1
+ln -sf 7 7.2
+ln -sf 7 7.3
+ln -sf 7 7.4
+ln -sf 7 7.5
+ln -sf 7 7.6
+ln -sf 7 7.7
+ln -sf 7 7.8
+ln -sf 7 7.9
+
+echo
+echo Repo created in /tmp/zt-rpm-repo
diff --git a/linux-build-farm/ubuntu-trusty/x64/Dockerfile b/linux-build-farm/ubuntu-trusty/x64/Dockerfile
new file mode 100644
index 0000000..f84cc6e
--- /dev/null
+++ b/linux-build-farm/ubuntu-trusty/x64/Dockerfile
@@ -0,0 +1,12 @@
+FROM ubuntu:14.04
+MAINTAINER Adam Ierymenko <adam.ierymenko@zerotier.com>
+
+RUN apt-get update
+RUN apt-get install -y build-essential debhelper libhttp-parser-dev liblz4-dev libnatpmp-dev dh-systemd ruby-ronn g++ make devscripts clang-3.6
+
+RUN ln -sf /usr/bin/clang++-3.6 /usr/bin/clang++
+RUN ln -sf /usr/bin/clang-3.6 /usr/bin/clang
+
+RUN dpkg --purge libhttp-parser-dev
+
+ADD zt1-src.tar.gz /
diff --git a/linux-build-farm/ubuntu-trusty/x86/Dockerfile b/linux-build-farm/ubuntu-trusty/x86/Dockerfile
new file mode 100644
index 0000000..6be3ae8
--- /dev/null
+++ b/linux-build-farm/ubuntu-trusty/x86/Dockerfile
@@ -0,0 +1,12 @@
+FROM 32bit/ubuntu:14.04
+MAINTAINER Adam Ierymenko <adam.ierymenko@zerotier.com>
+
+RUN apt-get update
+RUN apt-get install -y build-essential debhelper libhttp-parser-dev liblz4-dev libnatpmp-dev dh-systemd ruby-ronn g++ make devscripts clang-3.6
+
+RUN ln -sf /usr/bin/clang++-3.6 /usr/bin/clang++
+RUN ln -sf /usr/bin/clang-3.6 /usr/bin/clang
+
+RUN dpkg --purge libhttp-parser-dev
+
+ADD zt1-src.tar.gz /
diff --git a/linux-build-farm/ubuntu-wily/x64/Dockerfile b/linux-build-farm/ubuntu-wily/x64/Dockerfile
new file mode 100644
index 0000000..99b8d34
--- /dev/null
+++ b/linux-build-farm/ubuntu-wily/x64/Dockerfile
@@ -0,0 +1,12 @@
+FROM ubuntu:wily
+MAINTAINER Adam Ierymenko <adam.ierymenko@zerotier.com>
+
+RUN apt-get update
+RUN apt-get install -y build-essential debhelper libhttp-parser-dev liblz4-dev libnatpmp-dev dh-systemd ruby-ronn g++ make devscripts clang-3.7
+
+RUN ln -sf /usr/bin/clang++-3.7 /usr/bin/clang++
+RUN ln -sf /usr/bin/clang-3.7 /usr/bin/clang
+
+RUN dpkg --purge libhttp-parser-dev
+
+ADD zt1-src.tar.gz /
diff --git a/linux-build-farm/ubuntu-wily/x86/Dockerfile b/linux-build-farm/ubuntu-wily/x86/Dockerfile
new file mode 100644
index 0000000..86ad14f
--- /dev/null
+++ b/linux-build-farm/ubuntu-wily/x86/Dockerfile
@@ -0,0 +1,12 @@
+FROM daald/ubuntu32:wily
+MAINTAINER Adam Ierymenko <adam.ierymenko@zerotier.com>
+
+RUN apt-get update
+RUN apt-get install -y build-essential debhelper libhttp-parser-dev liblz4-dev libnatpmp-dev dh-systemd ruby-ronn g++ make devscripts clang-3.7
+
+RUN ln -sf /usr/bin/clang++-3.7 /usr/bin/clang++
+RUN ln -sf /usr/bin/clang-3.7 /usr/bin/clang
+
+RUN dpkg --purge libhttp-parser-dev
+
+ADD zt1-src.tar.gz /
diff --git a/linux-build-farm/ubuntu-xenial/x64/Dockerfile b/linux-build-farm/ubuntu-xenial/x64/Dockerfile
new file mode 100644
index 0000000..fa665a0
--- /dev/null
+++ b/linux-build-farm/ubuntu-xenial/x64/Dockerfile
@@ -0,0 +1,14 @@
+FROM ubuntu:xenial
+MAINTAINER Adam Ierymenko <adam.ierymenko@zerotier.com>
+
+RUN apt-get update
+RUN apt-get install -y build-essential debhelper libhttp-parser-dev liblz4-dev libnatpmp-dev dh-systemd ruby-ronn g++ make devscripts clang-3.8
+
+#RUN ln -sf /usr/bin/clang++-3.8 /usr/bin/clang++
+#RUN ln -sf /usr/bin/clang-3.8 /usr/bin/clang
+
+RUN rm -f /usr/bin/clang++ /usr/bin/clang
+
+RUN dpkg --purge libhttp-parser-dev
+
+ADD zt1-src.tar.gz /
diff --git a/linux-build-farm/ubuntu-xenial/x86/Dockerfile b/linux-build-farm/ubuntu-xenial/x86/Dockerfile
new file mode 100644
index 0000000..d01eec9
--- /dev/null
+++ b/linux-build-farm/ubuntu-xenial/x86/Dockerfile
@@ -0,0 +1,14 @@
+FROM f69m/ubuntu32:xenial
+MAINTAINER Adam Ierymenko <adam.ierymenko@zerotier.com>
+
+RUN apt-get update
+RUN apt-get install -y build-essential debhelper libhttp-parser-dev liblz4-dev libnatpmp-dev dh-systemd ruby-ronn g++ make devscripts clang-3.8
+
+#RUN ln -sf /usr/bin/clang++-3.8 /usr/bin/clang++
+#RUN ln -sf /usr/bin/clang-3.8 /usr/bin/clang
+
+RUN rm -f /usr/bin/clang++ /usr/bin/clang
+
+RUN dpkg --purge libhttp-parser-dev
+
+ADD zt1-src.tar.gz /
diff --git a/make-freebsd.mk b/make-freebsd.mk
new file mode 100644
index 0000000..e7bd9fd
--- /dev/null
+++ b/make-freebsd.mk
@@ -0,0 +1,65 @@
+CC=cc
+CXX=c++
+
+INCLUDES=
+DEFS=
+LIBS=
+
+include objects.mk
+OBJS+=osdep/BSDEthernetTap.o ext/lz4/lz4.o ext/json-parser/json.o ext/http-parser/http_parser.o
+
+# "make official" is a shortcut for this
+ifeq ($(ZT_OFFICIAL_RELEASE),1)
+	DEFS+=-DZT_OFFICIAL_RELEASE
+endif
+
+# Build with ZT_ENABLE_CLUSTER=1 to build with cluster support
+ifeq ($(ZT_ENABLE_CLUSTER),1)
+	DEFS+=-DZT_ENABLE_CLUSTER
+endif
+
+# "make debug" is a shortcut for this
+ifeq ($(ZT_DEBUG),1)
+	DEFS+=-DZT_TRACE
+	CFLAGS+=-Wall -g -pthread $(INCLUDES) $(DEFS)
+	LDFLAGS+=
+	STRIP=echo
+	# The following line enables optimization for the crypto code, since
+	# C25519 in particular is almost UNUSABLE in heavy testing without it.
+ext/lz4/lz4.o node/Salsa20.o node/SHA512.o node/C25519.o node/Poly1305.o: CFLAGS = -Wall -O2 -g -pthread $(INCLUDES) $(DEFS)
+else
+	CFLAGS?=-O3 -fstack-protector
+	CFLAGS+=-Wall -fPIE -fvisibility=hidden -fstack-protector -pthread $(INCLUDES) -DNDEBUG $(DEFS)
+	LDFLAGS+=-pie -Wl,-z,relro,-z,now
+	STRIP=strip --strip-all
+endif
+
+CXXFLAGS+=$(CFLAGS) -fno-rtti
+
+all:	one
+
+one:	$(OBJS) service/OneService.o one.o
+	$(CXX) $(CXXFLAGS) $(LDFLAGS) -o zerotier-one $(OBJS) service/OneService.o one.o $(LIBS)
+	$(STRIP) zerotier-one
+	ln -sf zerotier-one zerotier-idtool
+	ln -sf zerotier-one zerotier-cli
+
+selftest:	$(OBJS) selftest.o
+	$(CXX) $(CXXFLAGS) $(LDFLAGS) -o zerotier-selftest selftest.o $(OBJS) $(LIBS)
+	$(STRIP) zerotier-selftest
+
+# No installer on FreeBSD yet
+#installer: one FORCE
+#	./buildinstaller.sh
+
+clean:
+	rm -rf *.o node/*.o controller/*.o osdep/*.o service/*.o ext/http-parser/*.o ext/lz4/*.o ext/json-parser/*.o build-* zerotier-one zerotier-idtool zerotier-selftest zerotier-cli ZeroTierOneInstaller-*
+
+debug:	FORCE
+	make -j 4 ZT_DEBUG=1
+
+#official: FORCE
+#	make -j 4 ZT_OFFICIAL_RELEASE=1
+#	./buildinstaller.sh
+
+FORCE:
diff --git a/make-linux.mk b/make-linux.mk
new file mode 100644
index 0000000..acc22a6
--- /dev/null
+++ b/make-linux.mk
@@ -0,0 +1,210 @@
+#
+# Makefile for ZeroTier One on Linux
+#
+# This is confirmed to work on distributions newer than CentOS 6 (the
+# one used for reference builds) and on 32 and 64 bit x86 and ARM
+# machines. It should also work on other 'normal' machines and recent
+# distributions. Editing might be required for tiny devices or weird
+# distros.
+#
+# Targets
+#   one: zerotier-one and symlinks (cli and idtool)
+#   manpages: builds manpages, requires 'ronn' or nodeJS (will use either)
+#   all: builds 'one' and 'manpages'
+#   selftest: zerotier-selftest
+#   debug: builds 'one' and 'selftest' with tracing and debug flags
+#   clean: removes all built files, objects, other trash
+#   distclean: removes a few other things that might be present
+#   debian: build DEB packages; deb dev tools must be present
+#   redhat: build RPM packages; rpm dev tools must be present
+#
+
+# Automagically pick clang or gcc, with preference for clang
+# This is only done if we have not overridden these with an environment or CLI variable
+ifeq ($(origin CC),default)
+	CC=$(shell if [ -e /usr/bin/clang ]; then echo clang; else echo gcc; fi)
+endif
+ifeq ($(origin CXX),default)
+	CXX=$(shell if [ -e /usr/bin/clang++ ]; then echo clang++; else echo g++; fi)
+endif
+
+#UNAME_M=$(shell $(CC) -dumpmachine | cut -d '-' -f 1)
+
+INCLUDES?=
+DEFS?=-D_FORTIFY_SOURCE=2
+LDLIBS?=
+DESTDIR?=
+
+include objects.mk
+
+# On Linux we auto-detect the presence of some libraries and if present we
+# link against the system version. This works with our package build images.
+ifeq ($(wildcard /usr/include/lz4.h),)
+	OBJS+=ext/lz4/lz4.o
+else
+	LDLIBS+=-llz4
+	DEFS+=-DZT_USE_SYSTEM_LZ4
+endif
+ifeq ($(wildcard /usr/include/http_parser.h),)
+	OBJS+=ext/http-parser/http_parser.o
+else
+	LDLIBS+=-lhttp_parser
+	DEFS+=-DZT_USE_SYSTEM_HTTP_PARSER
+endif
+ifeq ($(wildcard /usr/include/json-parser/json.h),)
+	OBJS+=ext/json-parser/json.o
+else
+	LDLIBS+=-ljsonparser
+	DEFS+=-DZT_USE_SYSTEM_JSON_PARSER
+endif
+
+ifeq ($(ZT_USE_MINIUPNPC),1)
+	OBJS+=osdep/PortMapper.o
+
+	DEFS+=-DZT_USE_MINIUPNPC
+
+	# Auto-detect libminiupnpc at least v2.0
+	MINIUPNPC_IS_NEW_ENOUGH=$(shell grep -sqr '.*define.*MINIUPNPC_VERSION.*"2.."' /usr/include/miniupnpc/miniupnpc.h && echo 1)
+	ifeq ($(MINIUPNPC_IS_NEW_ENOUGH),1)
+		DEFS+=-DZT_USE_SYSTEM_MINIUPNPC
+		LDLIBS+=-lminiupnpc
+	else
+		DEFS+=-DMINIUPNP_STATICLIB -DMINIUPNPC_SET_SOCKET_TIMEOUT -DMINIUPNPC_GET_SRC_ADDR -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -DOS_STRING=\"Linux\" -DMINIUPNPC_VERSION_STRING=\"2.0\" -DUPNP_VERSION_STRING=\"UPnP/1.1\" -DENABLE_STRNATPMPERR
+		OBJS+=ext/miniupnpc/connecthostport.o ext/miniupnpc/igd_desc_parse.o ext/miniupnpc/minisoap.o ext/miniupnpc/minissdpc.o ext/miniupnpc/miniupnpc.o ext/miniupnpc/miniwget.o ext/miniupnpc/minixml.o ext/miniupnpc/portlistingparse.o ext/miniupnpc/receivedata.o ext/miniupnpc/upnpcommands.o ext/miniupnpc/upnpdev.o ext/miniupnpc/upnperrors.o ext/miniupnpc/upnpreplyparse.o
+	endif
+
+	# Auto-detect libnatpmp
+	ifeq ($(wildcard /usr/include/natpmp.h),)
+		OBJS+=ext/libnatpmp/natpmp.o ext/libnatpmp/getgateway.o
+	else
+		LDLIBS+=-lnatpmp
+		DEFS+=-DZT_USE_SYSTEM_NATPMP
+	endif
+endif
+
+ifeq ($(ZT_ENABLE_NETWORK_CONTROLLER),1)
+	DEFS+=-DZT_ENABLE_NETWORK_CONTROLLER
+	LDLIBS+=-L/usr/local/lib -lsqlite3
+	OBJS+=controller/SqliteNetworkController.o
+endif
+
+ifeq ($(ZT_ENABLE_CLUSTER),1)
+	DEFS+=-DZT_ENABLE_CLUSTER
+endif
+
+ifeq ($(ZT_TRACE),1)
+	DEFS+=-DZT_TRACE
+endif
+
+ifeq ($(ZT_DEBUG),1)
+	DEFS+=-DZT_TRACE
+	override CFLAGS+=-Wall -g -O -pthread $(INCLUDES) $(DEFS)
+	override CXXFLAGS+=-Wall -g -O -pthread $(INCLUDES) $(DEFS)
+	LDFLAGS=
+	STRIP?=echo
+	# The following line enables optimization for the crypto code, since
+	# C25519 in particular is almost UNUSABLE in -O0 even on a 3ghz box!
+ext/lz4/lz4.o node/Salsa20.o node/SHA512.o node/C25519.o node/Poly1305.o: CFLAGS = -Wall -O2 -g -pthread $(INCLUDES) $(DEFS)
+else
+	CFLAGS?=-O3 -fstack-protector-strong
+	override CFLAGS+=-Wall -fPIE -pthread $(INCLUDES) -DNDEBUG $(DEFS)
+	CXXFLAGS?=-O3 -fstack-protector-strong
+	override CXXFLAGS+=-Wall -Wno-unused-result -Wreorder -fPIE -fno-rtti -pthread $(INCLUDES) -DNDEBUG $(DEFS)
+	LDFLAGS=-pie -Wl,-z,relro,-z,now
+	STRIP?=strip
+	STRIP+=--strip-all
+endif
+
+# Uncomment for gprof profile build
+#CFLAGS=-Wall -g -pg -pthread $(INCLUDES) $(DEFS)
+#CXXFLAGS=-Wall -g -pg -pthread $(INCLUDES) $(DEFS)
+#LDFLAGS=
+#STRIP=echo
+
+all:	one manpages
+
+one:	$(OBJS) service/OneService.o one.o osdep/LinuxEthernetTap.o
+	$(CXX) $(CXXFLAGS) $(LDFLAGS) -o zerotier-one $(OBJS) service/OneService.o one.o osdep/LinuxEthernetTap.o $(LDLIBS)
+	$(STRIP) zerotier-one
+	ln -sf zerotier-one zerotier-idtool
+	ln -sf zerotier-one zerotier-cli
+
+selftest:	$(OBJS) selftest.o
+	$(CXX) $(CXXFLAGS) $(LDFLAGS) -o zerotier-selftest selftest.o $(OBJS) $(LDLIBS)
+	$(STRIP) zerotier-selftest
+
+manpages:	FORCE
+	cd doc ; ./build.sh
+
+doc:	manpages
+
+clean: FORCE
+	rm -rf *.so *.o node/*.o controller/*.o osdep/*.o service/*.o ext/http-parser/*.o ext/lz4/*.o ext/json-parser/*.o ext/miniupnpc/*.o ext/libnatpmp/*.o $(OBJS) zerotier-one zerotier-idtool zerotier-cli zerotier-selftest build-* ZeroTierOneInstaller-* *.deb *.rpm .depend doc/*.1 doc/*.2 doc/*.8 debian/files debian/zerotier-one*.debhelper debian/zerotier-one.substvars debian/*.log debian/zerotier-one
+
+distclean:	clean
+	rm -rf doc/node_modules
+	find linux-build-farm -type f -name '*.deb' -print0 | xargs -0 rm -fv
+	find linux-build-farm -type f -name '*.rpm' -print0 | xargs -0 rm -fv
+	find linux-build-farm -type f -name 'zt1-src.tar.gz' | xargs rm -fv
+
+realclean:	distclean
+
+debug:	FORCE
+	make ZT_DEBUG=1 one
+	make ZT_DEBUG=1 selftest
+
+# Note: keep the symlinks in /var/lib/zerotier-one to the binaries since these
+# provide backward compatibility with old releases where the binaries actually
+# lived here. Folks got scripts.
+
+install:	FORCE
+	mkdir -p $(DESTDIR)/usr/sbin
+	rm -f $(DESTDIR)/usr/sbin/zerotier-one
+	cp -f zerotier-one $(DESTDIR)/usr/sbin/zerotier-one
+	rm -f $(DESTDIR)/usr/sbin/zerotier-cli
+	rm -f $(DESTDIR)/usr/sbin/zerotier-idtool
+	ln -s zerotier-one $(DESTDIR)/usr/sbin/zerotier-cli
+	ln -s zerotier-one $(DESTDIR)/usr/sbin/zerotier-idtool
+	mkdir -p $(DESTDIR)/var/lib/zerotier-one
+	rm -f $(DESTDIR)/var/lib/zerotier-one/zerotier-one
+	rm -f $(DESTDIR)/var/lib/zerotier-one/zerotier-cli
+	rm -f $(DESTDIR)/var/lib/zerotier-one/zerotier-idtool
+	ln -s ../../../usr/sbin/zerotier-one $(DESTDIR)/var/lib/zerotier-one/zerotier-one
+	ln -s ../../../usr/sbin/zerotier-one $(DESTDIR)/var/lib/zerotier-one/zerotier-cli
+	ln -s ../../../usr/sbin/zerotier-one $(DESTDIR)/var/lib/zerotier-one/zerotier-idtool
+	mkdir -p $(DESTDIR)/usr/share/man/man8
+	rm -f $(DESTDIR)/usr/share/man/man8/zerotier-one.8.gz
+	cat doc/zerotier-one.8 | gzip -9 >$(DESTDIR)/usr/share/man/man8/zerotier-one.8.gz
+	mkdir -p $(DESTDIR)/usr/share/man/man1
+	rm -f $(DESTDIR)/usr/share/man/man1/zerotier-idtool.1.gz
+	rm -f $(DESTDIR)/usr/share/man/man1/zerotier-cli.1.gz
+	cat doc/zerotier-cli.1 | gzip -9 >$(DESTDIR)/usr/share/man/man1/zerotier-cli.1.gz
+	cat doc/zerotier-idtool.1 | gzip -9 >$(DESTDIR)/usr/share/man/man1/zerotier-idtool.1.gz
+
+# Uninstall preserves identity.public and identity.secret since the user might
+# want to save these. These are your ZeroTier address.
+
+uninstall:	FORCE
+	rm -f $(DESTDIR)/var/lib/zerotier-one/zerotier-one
+	rm -f $(DESTDIR)/var/lib/zerotier-one/zerotier-cli
+	rm -f $(DESTDIR)/var/lib/zerotier-one/zerotier-idtool
+	rm -f $(DESTDIR)/usr/sbin/zerotier-cli
+	rm -f $(DESTDIR)/usr/sbin/zerotier-idtool
+	rm -f $(DESTDIR)/usr/sbin/zerotier-one
+	rm -rf $(DESTDIR)/var/lib/zerotier-one/iddb.d
+	rm -rf $(DESTDIR)/var/lib/zerotier-one/updates.d
+	rm -rf $(DESTDIR)/var/lib/zerotier-one/networks.d
+	rm -f $(DESTDIR)/var/lib/zerotier-one/zerotier-one.port
+	rm -f $(DESTDIR)/usr/share/man/man8/zerotier-one.8.gz
+	rm -f $(DESTDIR)/usr/share/man/man1/zerotier-idtool.1.gz
+	rm -f $(DESTDIR)/usr/share/man/man1/zerotier-cli.1.gz
+
+# These are just for convenience for building Linux packages
+
+debian:	distclean
+	debuild -I -i -us -uc
+
+redhat:	distclean
+	rpmbuild -ba zerotier-one.spec
+
+FORCE:
diff --git a/make-mac.mk b/make-mac.mk
new file mode 100644
index 0000000..e821c4c
--- /dev/null
+++ b/make-mac.mk
@@ -0,0 +1,114 @@
+ifeq ($(origin CC),default)
+	CC=$(shell if [ -e /usr/bin/clang ]; then echo clang; else echo gcc; fi)
+endif
+ifeq ($(origin CXX),default)
+	CXX=$(shell if [ -e /usr/bin/clang++ ]; then echo clang++; else echo g++; fi)
+endif
+
+INCLUDES=
+DEFS=
+LIBS=
+ARCH_FLAGS=-arch x86_64
+
+include objects.mk
+OBJS+=osdep/OSXEthernetTap.o ext/lz4/lz4.o ext/json-parser/json.o ext/http-parser/http_parser.o
+
+# Disable codesign since open source users will not have ZeroTier's certs
+CODESIGN=echo
+PRODUCTSIGN=echo
+CODESIGN_APP_CERT=
+CODESIGN_INSTALLER_CERT=
+
+# Build with libminiupnpc by default for Mac -- desktops/laptops almost always want this
+ZT_USE_MINIUPNPC?=1
+
+# For internal use only -- signs everything with ZeroTier's developer cert
+ifeq ($(ZT_OFFICIAL_RELEASE),1)
+	DEFS+=-DZT_OFFICIAL_RELEASE -DZT_AUTO_UPDATE
+	ZT_USE_MINIUPNPC=1
+	CODESIGN=codesign
+	PRODUCTSIGN=productsign
+	CODESIGN_APP_CERT="Developer ID Application: ZeroTier Networks LLC (8ZD9JUCZ4V)"
+	CODESIGN_INSTALLER_CERT="Developer ID Installer: ZeroTier Networks LLC (8ZD9JUCZ4V)"
+endif
+
+ifeq ($(ZT_ENABLE_CLUSTER),1)
+	DEFS+=-DZT_ENABLE_CLUSTER
+endif
+
+ifeq ($(ZT_AUTO_UPDATE),1)
+	DEFS+=-DZT_AUTO_UPDATE
+endif
+
+ifeq ($(ZT_USE_MINIUPNPC),1)
+	DEFS+=-DMACOSX -DZT_USE_MINIUPNPC -DMINIUPNP_STATICLIB -D_DARWIN_C_SOURCE -DMINIUPNPC_SET_SOCKET_TIMEOUT -DMINIUPNPC_GET_SRC_ADDR -D_BSD_SOURCE -D_DEFAULT_SOURCE -DOS_STRING=\"Darwin/15.0.0\" -DMINIUPNPC_VERSION_STRING=\"2.0\" -DUPNP_VERSION_STRING=\"UPnP/1.1\" -DENABLE_STRNATPMPERR
+	OBJS+=ext/libnatpmp/natpmp.o ext/libnatpmp/getgateway.o ext/miniupnpc/connecthostport.o ext/miniupnpc/igd_desc_parse.o ext/miniupnpc/minisoap.o ext/miniupnpc/minissdpc.o ext/miniupnpc/miniupnpc.o ext/miniupnpc/miniwget.o ext/miniupnpc/minixml.o ext/miniupnpc/portlistingparse.o ext/miniupnpc/receivedata.o ext/miniupnpc/upnpcommands.o ext/miniupnpc/upnpdev.o ext/miniupnpc/upnperrors.o ext/miniupnpc/upnpreplyparse.o osdep/PortMapper.o
+endif
+
+ifeq ($(ZT_ENABLE_NETWORK_CONTROLLER),1)
+	DEFS+=-DZT_ENABLE_NETWORK_CONTROLLER
+	LIBS+=-L/usr/local/lib -lsqlite3
+	OBJS+=controller/SqliteNetworkController.o
+endif
+
+# Debug mode -- dump trace output, build binary with -g
+ifeq ($(ZT_DEBUG),1)
+	DEFS+=-DZT_TRACE
+	CFLAGS+=-Wall -g -pthread $(INCLUDES) $(DEFS)
+	STRIP=echo
+	# The following line enables optimization for the crypto code, since
+	# C25519 in particular is almost UNUSABLE in heavy testing without it.
+ext/lz4/lz4.o node/Salsa20.o node/SHA512.o node/C25519.o node/Poly1305.o: CFLAGS = -Wall -O2 -g -pthread $(INCLUDES) $(DEFS)
+else
+	CFLAGS?=-Ofast -fstack-protector-strong
+	CFLAGS+=$(ARCH_FLAGS) -Wall -flto -fPIE -pthread -mmacosx-version-min=10.7 -DNDEBUG -Wno-unused-private-field $(INCLUDES) $(DEFS)
+	STRIP=strip
+endif
+
+CXXFLAGS=$(CFLAGS) -fno-rtti
+
+all: one
+
+one:	$(OBJS) service/OneService.o one.o
+	$(CXX) $(CXXFLAGS) -o zerotier-one $(OBJS) service/OneService.o one.o $(LIBS)
+	$(STRIP) zerotier-one
+	ln -sf zerotier-one zerotier-idtool
+	ln -sf zerotier-one zerotier-cli
+	$(CODESIGN) -f -s $(CODESIGN_APP_CERT) zerotier-one
+	$(CODESIGN) -vvv zerotier-one
+
+cli:	FORCE
+	$(CXX) -Os -mmacosx-version-min=10.7 -std=c++11 -stdlib=libc++ -o zerotier cli/zerotier.cpp osdep/OSUtils.cpp node/InetAddress.cpp node/Utils.cpp node/Salsa20.cpp node/Identity.cpp node/SHA512.cpp node/C25519.cpp -lcurl
+	$(STRIP) zerotier
+
+selftest: $(OBJS) selftest.o
+	$(CXX) $(CXXFLAGS) -o zerotier-selftest selftest.o $(OBJS) $(LIBS)
+	$(STRIP) zerotier-selftest
+
+# Requires Packages: http://s.sudre.free.fr/Software/Packages/about.html
+mac-dist-pkg: FORCE
+	packagesbuild "ext/installfiles/mac/ZeroTier One.pkgproj"
+	rm -f "ZeroTier One Signed.pkg"
+	$(PRODUCTSIGN) --sign $(CODESIGN_INSTALLER_CERT) "ZeroTier One.pkg" "ZeroTier One Signed.pkg"
+	if [ -f "ZeroTier One Signed.pkg" ]; then mv -f "ZeroTier One Signed.pkg" "ZeroTier One.pkg"; fi
+
+# For ZeroTier, Inc. to build official signed packages
+official: FORCE
+	make clean
+	make ZT_OFFICIAL_RELEASE=1 -j 4 one
+	make ZT_OFFICIAL_RELEASE=1 mac-dist-pkg
+
+clean:
+	rm -rf *.dSYM build-* *.pkg *.dmg *.o node/*.o controller/*.o service/*.o osdep/*.o ext/http-parser/*.o ext/lz4/*.o ext/json-parser/*.o $(OBJS) zerotier-one zerotier-idtool zerotier-selftest zerotier-cli zerotier ZeroTierOneInstaller-* mkworld doc/node_modules
+
+distclean:	clean
+	rm -rf doc/node_modules
+
+# For those building from source -- installs signed binary tap driver in system ZT home
+install-mac-tap: FORCE
+	mkdir -p /Library/Application\ Support/ZeroTier/One
+	rm -rf /Library/Application\ Support/ZeroTier/One/tap.kext
+	cp -R ext/bin/tap-mac/tap.kext /Library/Application\ Support/ZeroTier/One
+	chown -R root:wheel /Library/Application\ Support/ZeroTier/One/tap.kext
+
+FORCE:
diff --git a/node/Address.hpp b/node/Address.hpp
new file mode 100644
index 0000000..9bf5605
--- /dev/null
+++ b/node/Address.hpp
@@ -0,0 +1,239 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_ADDRESS_HPP
+#define ZT_ADDRESS_HPP
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+
+#include <string>
+
+#include "Constants.hpp"
+#include "Utils.hpp"
+#include "Buffer.hpp"
+
+namespace ZeroTier {
+
+/**
+ * A ZeroTier address
+ */
+class Address
+{
+public:
+	Address()
+		throw() :
+		_a(0)
+	{
+	}
+
+	Address(const Address &a)
+		throw() :
+		_a(a._a)
+	{
+	}
+
+	Address(uint64_t a)
+		throw() :
+		_a(a & 0xffffffffffULL)
+	{
+	}
+
+	Address(const char *s)
+		throw()
+	{
+		unsigned char foo[ZT_ADDRESS_LENGTH];
+		setTo(foo,Utils::unhex(s,foo,ZT_ADDRESS_LENGTH));
+	}
+
+	Address(const std::string &s)
+		throw()
+	{
+		unsigned char foo[ZT_ADDRESS_LENGTH];
+		setTo(foo,Utils::unhex(s.c_str(),foo,ZT_ADDRESS_LENGTH));
+	}
+
+	/**
+	 * @param bits Raw address -- 5 bytes, big-endian byte order
+	 * @param len Length of array
+	 */
+	Address(const void *bits,unsigned int len)
+		throw()
+	{
+		setTo(bits,len);
+	}
+
+	inline Address &operator=(const Address &a)
+		throw()
+	{
+		_a = a._a;
+		return *this;
+	}
+
+	inline Address &operator=(const uint64_t a)
+		throw()
+	{
+		_a = (a & 0xffffffffffULL);
+		return *this;
+	}
+
+	/**
+	 * @param bits Raw address -- 5 bytes, big-endian byte order
+	 * @param len Length of array
+	 */
+	inline void setTo(const void *bits,unsigned int len)
+		throw()
+	{
+		if (len < ZT_ADDRESS_LENGTH) {
+			_a = 0;
+			return;
+		}
+		const unsigned char *b = (const unsigned char *)bits;
+		uint64_t a = ((uint64_t)*b++) << 32;
+		a |= ((uint64_t)*b++) << 24;
+		a |= ((uint64_t)*b++) << 16;
+		a |= ((uint64_t)*b++) << 8;
+		a |= ((uint64_t)*b);
+		_a = a;
+	}
+
+	/**
+	 * @param bits Buffer to hold 5-byte address in big-endian byte order
+	 * @param len Length of array
+	 */
+	inline void copyTo(void *bits,unsigned int len) const
+		throw()
+	{
+		if (len < ZT_ADDRESS_LENGTH)
+			return;
+		unsigned char *b = (unsigned char *)bits;
+		*(b++) = (unsigned char)((_a >> 32) & 0xff);
+		*(b++) = (unsigned char)((_a >> 24) & 0xff);
+		*(b++) = (unsigned char)((_a >> 16) & 0xff);
+		*(b++) = (unsigned char)((_a >> 8) & 0xff);
+		*b = (unsigned char)(_a & 0xff);
+	}
+
+	/**
+	 * Append to a buffer in big-endian byte order
+	 *
+	 * @param b Buffer to append to
+	 */
+	template<unsigned int C>
+	inline void appendTo(Buffer<C> &b) const
+		throw(std::out_of_range)
+	{
+		unsigned char *p = (unsigned char *)b.appendField(ZT_ADDRESS_LENGTH);
+		*(p++) = (unsigned char)((_a >> 32) & 0xff);
+		*(p++) = (unsigned char)((_a >> 24) & 0xff);
+		*(p++) = (unsigned char)((_a >> 16) & 0xff);
+		*(p++) = (unsigned char)((_a >> 8) & 0xff);
+		*p = (unsigned char)(_a & 0xff);
+	}
+
+	/**
+	 * @return Integer containing address (0 to 2^40)
+	 */
+	inline uint64_t toInt() const
+		throw()
+	{
+		return _a;
+	}
+
+	/**
+	 * @return Hash code for use with Hashtable
+	 */
+	inline unsigned long hashCode() const
+		throw()
+	{
+		return (unsigned long)_a;
+	}
+
+	/**
+	 * @return Hexadecimal string
+	 */
+	inline std::string toString() const
+	{
+		char buf[16];
+		Utils::snprintf(buf,sizeof(buf),"%.10llx",(unsigned long long)_a);
+		return std::string(buf);
+	};
+
+	/**
+	 * @param buf Buffer to fill
+	 * @param len Length of buffer
+	 */
+	inline void toString(char *buf,unsigned int len) const
+	{
+		Utils::snprintf(buf,len,"%.10llx",(unsigned long long)_a);
+	}
+
+	/**
+	 * @return True if this address is not zero
+	 */
+	inline operator bool() const throw() { return (_a != 0); }
+
+	/**
+	 * Set to null/zero
+	 */
+	inline void zero() throw() { _a = 0; }
+
+	/**
+	 * Check if this address is reserved
+	 *
+	 * The all-zero null address and any address beginning with 0xff are
+	 * reserved. (0xff is reserved for future use to designate possibly
+	 * longer addresses, addresses based on IPv6 innards, etc.)
+	 *
+	 * @return True if address is reserved and may not be used
+	 */
+	inline bool isReserved() const
+		throw()
+	{
+		return ((!_a)||((_a >> 32) == ZT_ADDRESS_RESERVED_PREFIX));
+	}
+
+	/**
+	 * @param i Value from 0 to 4 (inclusive)
+	 * @return Byte at said position (address interpreted in big-endian order)
+	 */
+	inline unsigned char operator[](unsigned int i) const throw() { return (unsigned char)((_a >> (32 - (i * 8))) & 0xff); }
+
+	inline bool operator==(const uint64_t &a) const throw() { return (_a == (a & 0xffffffffffULL)); }
+	inline bool operator!=(const uint64_t &a) const throw() { return (_a != (a & 0xffffffffffULL)); }
+	inline bool operator>(const uint64_t &a) const throw() { return (_a > (a & 0xffffffffffULL)); }
+	inline bool operator<(const uint64_t &a) const throw() { return (_a < (a & 0xffffffffffULL)); }
+	inline bool operator>=(const uint64_t &a) const throw() { return (_a >= (a & 0xffffffffffULL)); }
+	inline bool operator<=(const uint64_t &a) const throw() { return (_a <= (a & 0xffffffffffULL)); }
+
+	inline bool operator==(const Address &a) const throw() { return (_a == a._a); }
+	inline bool operator!=(const Address &a) const throw() { return (_a != a._a); }
+	inline bool operator>(const Address &a) const throw() { return (_a > a._a); }
+	inline bool operator<(const Address &a) const throw() { return (_a < a._a); }
+	inline bool operator>=(const Address &a) const throw() { return (_a >= a._a); }
+	inline bool operator<=(const Address &a) const throw() { return (_a <= a._a); }
+
+private:
+	uint64_t _a;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/Array.hpp b/node/Array.hpp
new file mode 100644
index 0000000..19b29eb
--- /dev/null
+++ b/node/Array.hpp
@@ -0,0 +1,107 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_ARRAY_HPP
+#define ZT_ARRAY_HPP
+
+#include <string>
+#include <algorithm>
+
+namespace ZeroTier {
+
+/**
+ * Static array -- a simple thing that's belonged in STL since the time of the dinosaurs
+ */
+template<typename T,std::size_t S>
+class Array
+{
+public:
+	Array() throw() {}
+
+	Array(const Array &a)
+	{
+		for(std::size_t i=0;i<S;++i)
+			data[i] = a.data[i];
+	}
+
+	Array(const T *ptr)
+	{
+		for(std::size_t i=0;i<S;++i)
+			data[i] = ptr[i];
+	}
+
+	inline Array &operator=(const Array &a)
+	{
+		for(std::size_t i=0;i<S;++i)
+			data[i] = a.data[i];
+		return *this;
+	}
+
+	typedef T value_type;
+	typedef T* pointer;
+	typedef const T* const_pointer;
+	typedef T& reference;
+	typedef const T& const_reference;
+	typedef T* iterator;
+	typedef const T* const_iterator;
+	typedef std::size_t size_type;
+	typedef std::ptrdiff_t difference_type;
+	typedef std::reverse_iterator<iterator> reverse_iterator;
+	typedef std::reverse_iterator<const_iterator> const_reverse_iterator;
+
+	inline iterator begin() throw() { return data; }
+	inline iterator end() throw() { return &(data[S]); }
+	inline const_iterator begin() const throw() { return data; }
+	inline const_iterator end() const throw() { return &(data[S]); }
+
+	inline reverse_iterator rbegin() throw() { return reverse_iterator(begin()); }
+	inline reverse_iterator rend() throw() { return reverse_iterator(end()); }
+	inline const_reverse_iterator rbegin() const throw() { return const_reverse_iterator(begin()); }
+	inline const_reverse_iterator rend() const throw() { return const_reverse_iterator(end()); }
+
+	inline std::size_t size() const throw() { return S; }
+	inline std::size_t max_size() const throw() { return S; }
+
+	inline reference operator[](const std::size_t n) throw() { return data[n]; }
+	inline const_reference operator[](const std::size_t n) const throw() { return data[n]; }
+
+	inline reference front() throw() { return data[0]; }
+	inline const_reference front() const throw() { return data[0]; }
+	inline reference back() throw() { return data[S-1]; }
+	inline const_reference back() const throw() { return data[S-1]; }
+
+	inline bool operator==(const Array &k) const throw()
+	{
+		for(unsigned long i=0;i<S;++i) {
+			if (data[i] != k.data[i])
+				return false;
+		}
+		return true;
+	}
+	inline bool operator<(const Array &k) const throw() { return std::lexicographical_compare(begin(),end(),k.begin(),k.end()); }
+	inline bool operator!=(const Array &k) const throw() { return !(*this == k); }
+	inline bool operator>(const Array &k) const throw() { return (k < *this); }
+	inline bool operator<=(const Array &k) const throw() { return !(k < *this); }
+	inline bool operator>=(const Array &k) const throw() { return !(*this < k); }
+
+	T data[S];
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/AtomicCounter.hpp b/node/AtomicCounter.hpp
new file mode 100644
index 0000000..b499377
--- /dev/null
+++ b/node/AtomicCounter.hpp
@@ -0,0 +1,113 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_ATOMICCOUNTER_HPP
+#define ZT_ATOMICCOUNTER_HPP
+
+#include "Constants.hpp"
+#include "Mutex.hpp"
+#include "NonCopyable.hpp"
+
+#ifdef __WINDOWS__
+// <atomic> will replace this whole class eventually once it's ubiquitous
+#include <atomic>
+#endif
+
+namespace ZeroTier {
+
+/**
+ * Simple atomic counter supporting increment and decrement
+ */
+class AtomicCounter : NonCopyable
+{
+public:
+	/**
+	 * Initialize counter at zero
+	 */
+	AtomicCounter()
+		throw()
+	{
+		_v = 0;
+	}
+
+	inline operator int() const
+		throw()
+	{
+#ifdef __GNUC__
+		return __sync_or_and_fetch(const_cast <volatile int *>(&_v),0);
+#else
+#ifdef __WINDOWS__
+		return (int)_v;
+#else
+		_l.lock();
+		int v = _v;
+		_l.unlock();
+		return v;
+#endif
+#endif
+	}
+
+	inline int operator++()
+		throw()
+	{
+#ifdef __GNUC__
+		return __sync_add_and_fetch(&_v,1);
+#else
+#ifdef __WINDOWS__
+		return ++_v;
+#else
+		_l.lock();
+		int v = ++_v;
+		_l.unlock();
+		return v;
+#endif
+#endif
+	}
+
+	inline int operator--()
+		throw()
+	{
+#ifdef __GNUC__
+		return __sync_sub_and_fetch(&_v,1);
+#else
+#ifdef __WINDOWS__
+		return --_v;
+#else
+		_l.lock();
+		int v = --_v;
+		_l.unlock();
+		return v;
+#endif
+#endif
+	}
+
+private:
+#ifdef __WINDOWS__
+	std::atomic_int _v;
+#else
+	int _v;
+#ifndef __GNUC__
+#warning Neither __WINDOWS__ nor __GNUC__ so AtomicCounter using Mutex
+	Mutex _l;
+#endif
+#endif
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/BinarySemaphore.hpp b/node/BinarySemaphore.hpp
new file mode 100644
index 0000000..315d2b0
--- /dev/null
+++ b/node/BinarySemaphore.hpp
@@ -0,0 +1,97 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_BINARYSEMAPHORE_HPP
+#define ZT_BINARYSEMAPHORE_HPP
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "Constants.hpp"
+#include "NonCopyable.hpp"
+
+#ifdef __WINDOWS__
+
+#include <Windows.h>
+
+namespace ZeroTier {
+
+class BinarySemaphore : NonCopyable
+{
+public:
+	BinarySemaphore() throw() { _sem = CreateSemaphore(NULL,0,1,NULL); }
+	~BinarySemaphore() { CloseHandle(_sem); }
+	inline void wait() { WaitForSingleObject(_sem,INFINITE); }
+	inline void post() { ReleaseSemaphore(_sem,1,NULL); }
+private:
+	HANDLE _sem;
+};
+
+} // namespace ZeroTier
+
+#else // !__WINDOWS__
+
+#include <pthread.h>
+
+namespace ZeroTier {
+
+class BinarySemaphore : NonCopyable
+{
+public:
+	BinarySemaphore()
+	{
+		pthread_mutex_init(&_mh,(const pthread_mutexattr_t *)0);
+		pthread_cond_init(&_cond,(const pthread_condattr_t *)0);
+		_f = false;
+	}
+
+	~BinarySemaphore()
+	{
+		pthread_cond_destroy(&_cond);
+		pthread_mutex_destroy(&_mh);
+	}
+
+	inline void wait()
+	{
+		pthread_mutex_lock(const_cast <pthread_mutex_t *>(&_mh));
+		while (!_f)
+			pthread_cond_wait(const_cast <pthread_cond_t *>(&_cond),const_cast <pthread_mutex_t *>(&_mh));
+		_f = false;
+		pthread_mutex_unlock(const_cast <pthread_mutex_t *>(&_mh));
+	}
+
+	inline void post()
+	{
+		pthread_mutex_lock(const_cast <pthread_mutex_t *>(&_mh));
+		_f = true;
+		pthread_mutex_unlock(const_cast <pthread_mutex_t *>(&_mh));
+		pthread_cond_signal(const_cast <pthread_cond_t *>(&_cond));
+	}
+
+private:
+	pthread_cond_t _cond;
+	pthread_mutex_t _mh;
+	volatile bool _f;
+};
+
+} // namespace ZeroTier
+
+#endif // !__WINDOWS__
+
+#endif
diff --git a/node/Buffer.hpp b/node/Buffer.hpp
new file mode 100644
index 0000000..0b17159
--- /dev/null
+++ b/node/Buffer.hpp
@@ -0,0 +1,514 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_BUFFER_HPP
+#define ZT_BUFFER_HPP
+
+#include <string.h>
+#include <stdint.h>
+
+#include <stdexcept>
+#include <string>
+#include <algorithm>
+#include <utility>
+
+#include "Constants.hpp"
+#include "Utils.hpp"
+
+#if defined(__GNUC__) && (!defined(ZT_NO_TYPE_PUNNING))
+#define ZT_VAR_MAY_ALIAS __attribute__((__may_alias__))
+#else
+#define ZT_VAR_MAY_ALIAS
+#endif
+
+namespace ZeroTier {
+
+/**
+ * A variable length but statically allocated buffer
+ *
+ * Bounds-checking is done everywhere, since this is used in security
+ * critical code. This supports construction and assignment from buffers
+ * of differing capacities, provided the data actually in them fits.
+ * It throws std::out_of_range on any boundary violation.
+ *
+ * The at(), append(), etc. methods encode integers larger than 8-bit in
+ * big-endian (network) byte order.
+ *
+ * @tparam C Total capacity
+ */
+template<unsigned int C>
+class Buffer
+{
+	// I love me!
+	template <unsigned int C2> friend class Buffer;
+
+public:
+	// STL container idioms
+	typedef unsigned char value_type;
+	typedef unsigned char * pointer;
+	typedef const unsigned char * const_pointer;
+	typedef unsigned char & reference;
+	typedef const unsigned char & const_reference;
+	typedef unsigned char * iterator;
+	typedef const unsigned char * const_iterator;
+	typedef unsigned int size_type;
+	typedef int difference_type;
+	typedef std::reverse_iterator<iterator> reverse_iterator;
+	typedef std::reverse_iterator<const_iterator> const_reverse_iterator;
+	inline iterator begin() { return _b; }
+	inline iterator end() { return (_b + _l); }
+	inline const_iterator begin() const { return _b; }
+	inline const_iterator end() const { return (_b + _l); }
+	inline reverse_iterator rbegin() { return reverse_iterator(begin()); }
+	inline reverse_iterator rend() { return reverse_iterator(end()); }
+	inline const_reverse_iterator rbegin() const { return const_reverse_iterator(begin()); }
+	inline const_reverse_iterator rend() const { return const_reverse_iterator(end()); }
+
+	Buffer()
+		throw() :
+		_l(0)
+	{
+	}
+
+	Buffer(unsigned int l)
+		throw(std::out_of_range)
+	{
+		if (l > C)
+			throw std::out_of_range("Buffer: construct with size larger than capacity");
+		_l = l;
+	}
+
+	template<unsigned int C2>
+	Buffer(const Buffer<C2> &b)
+		throw(std::out_of_range)
+	{
+		*this = b;
+	}
+
+	Buffer(const void *b,unsigned int l)
+		throw(std::out_of_range)
+	{
+		copyFrom(b,l);
+	}
+
+	Buffer(const std::string &s)
+		throw(std::out_of_range)
+	{
+		copyFrom(s.data(),s.length());
+	}
+
+	template<unsigned int C2>
+	inline Buffer &operator=(const Buffer<C2> &b)
+		throw(std::out_of_range)
+	{
+		if (b._l > C)
+			throw std::out_of_range("Buffer: assignment from buffer larger than capacity");
+		memcpy(_b,b._b,_l = b._l);
+		return *this;
+	}
+
+	inline Buffer &operator=(const std::string &s)
+		throw(std::out_of_range)
+	{
+		copyFrom(s.data(),s.length());
+		return *this;
+	}
+
+	inline void copyFrom(const void *b,unsigned int l)
+		throw(std::out_of_range)
+	{
+		if (l > C)
+			throw std::out_of_range("Buffer: set from C array larger than capacity");
+		_l = l;
+		memcpy(_b,b,l);
+	}
+
+	unsigned char operator[](const unsigned int i) const
+		throw(std::out_of_range)
+	{
+		if (i >= _l)
+			throw std::out_of_range("Buffer: [] beyond end of data");
+		return (unsigned char)_b[i];
+	}
+
+	unsigned char &operator[](const unsigned int i)
+		throw(std::out_of_range)
+	{
+		if (i >= _l)
+			throw std::out_of_range("Buffer: [] beyond end of data");
+		return ((unsigned char *)_b)[i];
+	}
+
+	/**
+	 * Get a raw pointer to a field with bounds checking
+	 *
+	 * This isn't perfectly safe in that the caller could still overflow
+	 * the pointer, but its use provides both a sanity check and
+	 * documentation / reminder to the calling code to treat the returned
+	 * pointer as being of size [l].
+	 *
+	 * @param i Index of field in buffer
+	 * @param l Length of field in bytes
+	 * @return Pointer to field data
+	 * @throws std::out_of_range Field extends beyond data size
+	 */
+	unsigned char *field(unsigned int i,unsigned int l)
+		throw(std::out_of_range)
+	{
+		if ((i + l) > _l)
+			throw std::out_of_range("Buffer: field() beyond end of data");
+		return (unsigned char *)(_b + i);
+	}
+	const unsigned char *field(unsigned int i,unsigned int l) const
+		throw(std::out_of_range)
+	{
+		if ((i + l) > _l)
+			throw std::out_of_range("Buffer: field() beyond end of data");
+		return (const unsigned char *)(_b + i);
+	}
+
+	/**
+	 * Place a primitive integer value at a given position
+	 *
+	 * @param i Index to place value
+	 * @param v Value
+	 * @tparam T Integer type (e.g. uint16_t, int64_t)
+	 */
+	template<typename T>
+	inline void setAt(unsigned int i,const T v)
+		throw(std::out_of_range)
+	{
+		if ((i + sizeof(T)) > _l)
+			throw std::out_of_range("Buffer: setAt() beyond end of data");
+#ifdef ZT_NO_TYPE_PUNNING
+		uint8_t *p = reinterpret_cast<uint8_t *>(_b + i);
+		for(unsigned int x=1;x<=sizeof(T);++x)
+			*(p++) = (uint8_t)(v >> (8 * (sizeof(T) - x)));
+#else
+		T *const ZT_VAR_MAY_ALIAS p = reinterpret_cast<T *>(_b + i);
+		*p = Utils::hton(v);
+#endif
+	}
+
+	/**
+	 * Get a primitive integer value at a given position
+	 *
+	 * @param i Index to get integer
+	 * @tparam T Integer type (e.g. uint16_t, int64_t)
+	 * @return Integer value
+	 */
+	template<typename T>
+	inline T at(unsigned int i) const
+		throw(std::out_of_range)
+	{
+		if ((i + sizeof(T)) > _l)
+			throw std::out_of_range("Buffer: at() beyond end of data");
+#ifdef ZT_NO_TYPE_PUNNING
+		T v = 0;
+		const uint8_t *p = reinterpret_cast<const uint8_t *>(_b + i);
+		for(unsigned int x=0;x<sizeof(T);++x) {
+			v <<= 8;
+			v |= (T)*(p++);
+		}
+		return v;
+#else
+		const T *const ZT_VAR_MAY_ALIAS p = reinterpret_cast<const T *>(_b + i);
+		return Utils::ntoh(*p);
+#endif
+	}
+
+	/**
+	 * Append an integer type to this buffer
+	 *
+	 * @param v Value to append
+	 * @tparam T Integer type (e.g. uint16_t, int64_t)
+	 * @throws std::out_of_range Attempt to append beyond capacity
+	 */
+	template<typename T>
+	inline void append(const T v)
+		throw(std::out_of_range)
+	{
+		if ((_l + sizeof(T)) > C)
+			throw std::out_of_range("Buffer: append beyond capacity");
+#ifdef ZT_NO_TYPE_PUNNING
+		uint8_t *p = reinterpret_cast<uint8_t *>(_b + _l);
+		for(unsigned int x=1;x<=sizeof(T);++x)
+			*(p++) = (uint8_t)(v >> (8 * (sizeof(T) - x)));
+#else
+		T *const ZT_VAR_MAY_ALIAS p = reinterpret_cast<T *>(_b + _l);
+		*p = Utils::hton(v);
+#endif
+		_l += sizeof(T);
+	}
+
+	/**
+	 * Append a run of bytes
+	 *
+	 * @param c Character value to append
+	 * @param n Number of times to append
+	 * @throws std::out_of_range Attempt to append beyond capacity
+	 */
+	inline void append(unsigned char c,unsigned int n)
+		throw(std::out_of_range)
+	{
+		if ((_l + n) > C)
+			throw std::out_of_range("Buffer: append beyond capacity");
+		for(unsigned int i=0;i<n;++i)
+			_b[_l++] = (char)c;
+	}
+
+	/**
+	 * Append a C-array of bytes
+	 *
+	 * @param b Data
+	 * @param l Length
+	 * @throws std::out_of_range Attempt to append beyond capacity
+	 */
+	inline void append(const void *b,unsigned int l)
+		throw(std::out_of_range)
+	{
+		if ((_l + l) > C)
+			throw std::out_of_range("Buffer: append beyond capacity");
+		memcpy(_b + _l,b,l);
+		_l += l;
+	}
+
+	/**
+	 * Append a string
+	 *
+	 * @param s String to append
+	 * @throws std::out_of_range Attempt to append beyond capacity
+	 */
+	inline void append(const std::string &s)
+		throw(std::out_of_range)
+	{
+		append(s.data(),(unsigned int)s.length());
+	}
+
+	/**
+	 * Append a C string including null termination byte
+	 *
+	 * @param s C string
+	 * @throws std::out_of_range Attempt to append beyond capacity
+	 */
+	inline void appendCString(const char *s)
+		throw(std::out_of_range)
+	{
+		for(;;) {
+			if (_l >= C)
+				throw std::out_of_range("Buffer: append beyond capacity");
+			if (!(_b[_l++] = *(s++)))
+				break;
+		}
+	}
+
+	/**
+	 * Append a buffer
+	 *
+	 * @param b Buffer to append
+	 * @tparam C2 Capacity of second buffer (typically inferred)
+	 * @throws std::out_of_range Attempt to append beyond capacity
+	 */
+	template<unsigned int C2>
+	inline void append(const Buffer<C2> &b)
+		throw(std::out_of_range)
+	{
+		append(b._b,b._l);
+	}
+
+	/**
+	 * Increment size and return pointer to field of specified size
+	 *
+	 * Nothing is actually written to the memory. This is a shortcut
+	 * for addSize() followed by field() to reference the previous
+	 * position and the new size.
+	 *
+	 * @param l Length of field to append
+	 * @return Pointer to beginning of appended field of length 'l'
+	 */
+	inline char *appendField(unsigned int l)
+		throw(std::out_of_range)
+	{
+		if ((_l + l) > C)
+			throw std::out_of_range("Buffer: append beyond capacity");
+		char *r = _b + _l;
+		_l += l;
+		return r;
+	}
+
+	/**
+	 * Increment size by a given number of bytes
+	 *
+	 * The contents of new space are undefined.
+	 *
+	 * @param i Bytes to increment
+	 * @throws std::out_of_range Capacity exceeded
+	 */
+	inline void addSize(unsigned int i)
+		throw(std::out_of_range)
+	{
+		if ((i + _l) > C)
+			throw std::out_of_range("Buffer: setSize to larger than capacity");
+		_l += i;
+	}
+
+	/**
+	 * Set size of data in buffer
+	 *
+	 * The contents of new space are undefined.
+	 *
+	 * @param i New size
+	 * @throws std::out_of_range Size larger than capacity
+	 */
+	inline void setSize(const unsigned int i)
+		throw(std::out_of_range)
+	{
+		if (i > C)
+			throw std::out_of_range("Buffer: setSize to larger than capacity");
+		_l = i;
+	}
+
+	/**
+	 * Move everything after 'at' to the buffer's front and truncate
+	 *
+	 * @param at Truncate before this position
+	 * @throw std::out_of_range Position is beyond size of buffer
+	 */
+	inline void behead(const unsigned int at)
+		throw(std::out_of_range)
+	{
+		if (!at)
+			return;
+		if (at > _l)
+			throw std::out_of_range("Buffer: behead() beyond capacity");
+		::memmove(_b,_b + at,_l -= at);
+	}
+
+	/**
+	 * Erase something from the middle of the buffer
+	 *
+	 * @param start Starting position
+	 * @param length Length of block to erase
+	 * @throw std::out_of_range Position plus length is beyond size of buffer
+	 */
+	inline void erase(const unsigned int at,const unsigned int length)
+		throw(std::out_of_range)
+	{
+		const unsigned int endr = at + length;
+		if (endr > _l)
+			throw std::out_of_range("Buffer: erase() range beyond end of buffer");
+		::memmove(_b + at,_b + endr,_l - endr);
+		_l -= length;
+	}
+
+	/**
+	 * Set buffer data length to zero
+	 */
+	inline void clear()
+		throw()
+	{
+		_l = 0;
+	}
+
+	/**
+	 * Zero buffer up to size()
+	 */
+	inline void zero()
+		throw()
+	{
+		memset(_b,0,_l);
+	}
+
+	/**
+	 * Zero unused capacity area
+	 */
+	inline void zeroUnused()
+		throw()
+	{
+		memset(_b + _l,0,C - _l);
+	}
+
+	/**
+	 * Unconditionally and securely zero buffer's underlying memory
+	 */
+	inline void burn()
+		throw()
+	{
+		Utils::burn(_b,sizeof(_b));
+	}
+
+	/**
+	 * @return Constant pointer to data in buffer
+	 */
+	inline const void *data() const throw() { return _b; }
+
+	/**
+	 * @return Size of data in buffer
+	 */
+	inline unsigned int size() const throw() { return _l; }
+
+	/**
+	 * @return Capacity of buffer
+	 */
+	inline unsigned int capacity() const throw() { return C; }
+
+	template<unsigned int C2>
+	inline bool operator==(const Buffer<C2> &b) const
+		throw()
+	{
+		return ((_l == b._l)&&(!memcmp(_b,b._b,_l)));
+	}
+	template<unsigned int C2>
+	inline bool operator!=(const Buffer<C2> &b) const
+		throw()
+	{
+		return ((_l != b._l)||(memcmp(_b,b._b,_l)));
+	}
+	template<unsigned int C2>
+	inline bool operator<(const Buffer<C2> &b) const
+		throw()
+	{
+		return (memcmp(_b,b._b,std::min(_l,b._l)) < 0);
+	}
+	template<unsigned int C2>
+	inline bool operator>(const Buffer<C2> &b) const
+		throw()
+	{
+		return (b < *this);
+	}
+	template<unsigned int C2>
+	inline bool operator<=(const Buffer<C2> &b) const
+		throw()
+	{
+		return !(b < *this);
+	}
+	template<unsigned int C2>
+	inline bool operator>=(const Buffer<C2> &b) const
+		throw()
+	{
+		return !(*this < b);
+	}
+
+private:
+	unsigned int _l;
+	char ZT_VAR_MAY_ALIAS _b[C];
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/C25519.cpp b/node/C25519.cpp
new file mode 100644
index 0000000..e9ffecc
--- /dev/null
+++ b/node/C25519.cpp
@@ -0,0 +1,2398 @@
+// Code taken from NaCl by D. J. Bernstein and others
+
+/*
+Matthew Dempsky
+Public domain.
+Derived from public domain code by D. J. Bernstein.
+*/
+
+// Modified very slightly for ZeroTier One by Adam Ierymenko
+// (no functional changes)
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "Constants.hpp"
+#include "C25519.hpp"
+#include "SHA512.hpp"
+#include "Buffer.hpp"
+
+#ifdef __WINDOWS__
+#pragma warning(disable: 4146)
+#endif
+
+namespace ZeroTier {
+
+//////////////////////////////////////////////////////////////////////////////
+//////////////////////////////////////////////////////////////////////////////
+
+#define crypto_int32 int32_t
+#define crypto_uint32 uint32_t
+#define crypto_int64 int64_t
+#define crypto_uint64 uint64_t
+#define crypto_hash_sha512_BYTES 64
+
+static inline void add(unsigned int out[32],const unsigned int a[32],const unsigned int b[32])
+{
+  unsigned int j;
+  unsigned int u;
+  u = 0;
+  for (j = 0;j < 31;++j) { u += a[j] + b[j]; out[j] = u & 255; u >>= 8; }
+  u += a[31] + b[31]; out[31] = u;
+}
+
+static inline void sub(unsigned int out[32],const unsigned int a[32],const unsigned int b[32])
+{
+  unsigned int j;
+  unsigned int u;
+  u = 218;
+  for (j = 0;j < 31;++j) {
+    u += a[j] + 65280 - b[j];
+    out[j] = u & 255;
+    u >>= 8;
+  }
+  u += a[31] - b[31];
+  out[31] = u;
+}
+
+static inline void squeeze(unsigned int a[32])
+{
+  unsigned int j;
+  unsigned int u;
+  u = 0;
+  for (j = 0;j < 31;++j) { u += a[j]; a[j] = u & 255; u >>= 8; }
+  u += a[31]; a[31] = u & 127;
+  u = 19 * (u >> 7);
+  for (j = 0;j < 31;++j) { u += a[j]; a[j] = u & 255; u >>= 8; }
+  u += a[31]; a[31] = u;
+}
+
+static const unsigned int minusp[32] = {
+ 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128
+} ;
+
+static inline void freeze(unsigned int a[32])
+{
+  unsigned int aorig[32];
+  unsigned int j;
+  unsigned int negative;
+
+  for (j = 0;j < 32;++j) aorig[j] = a[j];
+  add(a,a,minusp);
+  negative = -((a[31] >> 7) & 1);
+  for (j = 0;j < 32;++j) a[j] ^= negative & (aorig[j] ^ a[j]);
+}
+
+static inline void mult(unsigned int out[32],const unsigned int a[32],const unsigned int b[32])
+{
+  unsigned int i;
+  unsigned int j;
+  unsigned int u;
+
+  for (i = 0;i < 32;++i) {
+    u = 0;
+    for (j = 0;j <= i;++j) u += a[j] * b[i - j];
+    for (j = i + 1;j < 32;++j) u += 38 * a[j] * b[i + 32 - j];
+    out[i] = u;
+  }
+  squeeze(out);
+}
+
+static inline void mult121665(unsigned int out[32],const unsigned int a[32])
+{
+  unsigned int j;
+  unsigned int u;
+
+  u = 0;
+  for (j = 0;j < 31;++j) { u += 121665 * a[j]; out[j] = u & 255; u >>= 8; }
+  u += 121665 * a[31]; out[31] = u & 127;
+  u = 19 * (u >> 7);
+  for (j = 0;j < 31;++j) { u += out[j]; out[j] = u & 255; u >>= 8; }
+  u += out[j]; out[j] = u;
+}
+
+static inline void square(unsigned int out[32],const unsigned int a[32])
+{
+  unsigned int i;
+  unsigned int j;
+  unsigned int u;
+
+  for (i = 0;i < 32;++i) {
+    u = 0;
+    for (j = 0;j < i - j;++j) u += a[j] * a[i - j];
+    for (j = i + 1;j < i + 32 - j;++j) u += 38 * a[j] * a[i + 32 - j];
+    u *= 2;
+    if ((i & 1) == 0) {
+      u += a[i / 2] * a[i / 2];
+      u += 38 * a[i / 2 + 16] * a[i / 2 + 16];
+    }
+    out[i] = u;
+  }
+  squeeze(out);
+}
+
+static inline void select(unsigned int p[64],unsigned int q[64],const unsigned int r[64],const unsigned int s[64],unsigned int b)
+{
+  unsigned int j;
+  unsigned int t;
+  unsigned int bminus1;
+
+  bminus1 = b - 1;
+  for (j = 0;j < 64;++j) {
+    t = bminus1 & (r[j] ^ s[j]);
+    p[j] = s[j] ^ t;
+    q[j] = r[j] ^ t;
+  }
+}
+
+static void mainloop(unsigned int work[64],const unsigned char e[32])
+{
+  unsigned int xzm1[64];
+  unsigned int xzm[64];
+  unsigned int xzmb[64];
+  unsigned int xzm1b[64];
+  unsigned int xznb[64];
+  unsigned int xzn1b[64];
+  unsigned int a0[64];
+  unsigned int a1[64];
+  unsigned int b0[64];
+  unsigned int b1[64];
+  unsigned int c1[64];
+  unsigned int r[32];
+  unsigned int s[32];
+  unsigned int t[32];
+  unsigned int u[32];
+  //unsigned int i;
+  unsigned int j;
+  unsigned int b;
+  int pos;
+
+  for (j = 0;j < 32;++j) xzm1[j] = work[j];
+  xzm1[32] = 1;
+  for (j = 33;j < 64;++j) xzm1[j] = 0;
+
+  xzm[0] = 1;
+  for (j = 1;j < 64;++j) xzm[j] = 0;
+
+  for (pos = 254;pos >= 0;--pos) {
+    b = e[pos / 8] >> (pos & 7);
+    b &= 1;
+    select(xzmb,xzm1b,xzm,xzm1,b);
+    add(a0,xzmb,xzmb + 32);
+    sub(a0 + 32,xzmb,xzmb + 32);
+    add(a1,xzm1b,xzm1b + 32);
+    sub(a1 + 32,xzm1b,xzm1b + 32);
+    square(b0,a0);
+    square(b0 + 32,a0 + 32);
+    mult(b1,a1,a0 + 32);
+    mult(b1 + 32,a1 + 32,a0);
+    add(c1,b1,b1 + 32);
+    sub(c1 + 32,b1,b1 + 32);
+    square(r,c1 + 32);
+    sub(s,b0,b0 + 32);
+    mult121665(t,s);
+    add(u,t,b0);
+    mult(xznb,b0,b0 + 32);
+    mult(xznb + 32,s,u);
+    square(xzn1b,c1);
+    mult(xzn1b + 32,r,work);
+    select(xzm,xzm1,xznb,xzn1b,b);
+  }
+
+  for (j = 0;j < 64;++j) work[j] = xzm[j];
+}
+
+static void recip(unsigned int out[32],const unsigned int z[32])
+{
+  unsigned int z2[32];
+  unsigned int z9[32];
+  unsigned int z11[32];
+  unsigned int z2_5_0[32];
+  unsigned int z2_10_0[32];
+  unsigned int z2_20_0[32];
+  unsigned int z2_50_0[32];
+  unsigned int z2_100_0[32];
+  unsigned int t0[32];
+  unsigned int t1[32];
+  int i;
+
+  /* 2 */ square(z2,z);
+  /* 4 */ square(t1,z2);
+  /* 8 */ square(t0,t1);
+  /* 9 */ mult(z9,t0,z);
+  /* 11 */ mult(z11,z9,z2);
+  /* 22 */ square(t0,z11);
+  /* 2^5 - 2^0 = 31 */ mult(z2_5_0,t0,z9);
+
+  /* 2^6 - 2^1 */ square(t0,z2_5_0);
+  /* 2^7 - 2^2 */ square(t1,t0);
+  /* 2^8 - 2^3 */ square(t0,t1);
+  /* 2^9 - 2^4 */ square(t1,t0);
+  /* 2^10 - 2^5 */ square(t0,t1);
+  /* 2^10 - 2^0 */ mult(z2_10_0,t0,z2_5_0);
+
+  /* 2^11 - 2^1 */ square(t0,z2_10_0);
+  /* 2^12 - 2^2 */ square(t1,t0);
+  /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { square(t0,t1); square(t1,t0); }
+  /* 2^20 - 2^0 */ mult(z2_20_0,t1,z2_10_0);
+
+  /* 2^21 - 2^1 */ square(t0,z2_20_0);
+  /* 2^22 - 2^2 */ square(t1,t0);
+  /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { square(t0,t1); square(t1,t0); }
+  /* 2^40 - 2^0 */ mult(t0,t1,z2_20_0);
+
+  /* 2^41 - 2^1 */ square(t1,t0);
+  /* 2^42 - 2^2 */ square(t0,t1);
+  /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { square(t1,t0); square(t0,t1); }
+  /* 2^50 - 2^0 */ mult(z2_50_0,t0,z2_10_0);
+
+  /* 2^51 - 2^1 */ square(t0,z2_50_0);
+  /* 2^52 - 2^2 */ square(t1,t0);
+  /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { square(t0,t1); square(t1,t0); }
+  /* 2^100 - 2^0 */ mult(z2_100_0,t1,z2_50_0);
+
+  /* 2^101 - 2^1 */ square(t1,z2_100_0);
+  /* 2^102 - 2^2 */ square(t0,t1);
+  /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { square(t1,t0); square(t0,t1); }
+  /* 2^200 - 2^0 */ mult(t1,t0,z2_100_0);
+
+  /* 2^201 - 2^1 */ square(t0,t1);
+  /* 2^202 - 2^2 */ square(t1,t0);
+  /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { square(t0,t1); square(t1,t0); }
+  /* 2^250 - 2^0 */ mult(t0,t1,z2_50_0);
+
+  /* 2^251 - 2^1 */ square(t1,t0);
+  /* 2^252 - 2^2 */ square(t0,t1);
+  /* 2^253 - 2^3 */ square(t1,t0);
+  /* 2^254 - 2^4 */ square(t0,t1);
+  /* 2^255 - 2^5 */ square(t1,t0);
+  /* 2^255 - 21 */ mult(out,t1,z11);
+}
+
+static inline int crypto_scalarmult(unsigned char *q,
+  const unsigned char *n,
+  const unsigned char *p)
+{
+  unsigned int work[96];
+  unsigned char e[32];
+  unsigned int i;
+  for (i = 0;i < 32;++i) e[i] = n[i];
+  e[0] &= 248;
+  e[31] &= 127;
+  e[31] |= 64;
+  for (i = 0;i < 32;++i) work[i] = p[i];
+  mainloop(work,e);
+  recip(work + 32,work + 32);
+  mult(work + 64,work,work + 32);
+  freeze(work + 64);
+  for (i = 0;i < 32;++i) q[i] = work[64 + i];
+  return 0;
+}
+
+static const unsigned char base[32] = {9};
+
+static inline int crypto_scalarmult_base(unsigned char *q,
+  const unsigned char *n)
+{
+  return crypto_scalarmult(q,n,base);
+}
+
+//////////////////////////////////////////////////////////////////////////////
+//////////////////////////////////////////////////////////////////////////////
+
+// This is the Ed25519 stuff from SUPERCOP:
+// http://bench.cr.yp.to/supercop.html
+
+// Also public domain, newer version than the Ed25519 found in NaCl
+
+typedef struct 
+{
+  crypto_uint32 v[32]; 
+}
+fe25519;
+
+static void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y);
+
+static inline crypto_uint32 equal(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */
+{
+  crypto_uint32 x = a ^ b; /* 0: yes; 1..65535: no */
+  x -= 1; /* 4294967295: yes; 0..65534: no */
+  x >>= 31; /* 1: yes; 0: no */
+  return x;
+}
+
+static inline crypto_uint32 ge(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */
+{
+  unsigned int x = a;
+  x -= (unsigned int) b; /* 0..65535: yes; 4294901761..4294967295: no */
+  x >>= 31; /* 0: yes; 1: no */
+  x ^= 1; /* 1: yes; 0: no */
+  return x;
+}
+
+static inline crypto_uint32 times19(crypto_uint32 a)
+{
+  return (a << 4) + (a << 1) + a;
+}
+
+static inline crypto_uint32 times38(crypto_uint32 a)
+{
+  return (a << 5) + (a << 2) + (a << 1);
+}
+
+static inline void reduce_add_sub(fe25519 *r)
+{
+  crypto_uint32 t;
+  int i,rep;
+
+  for(rep=0;rep<4;rep++)
+  {
+    t = r->v[31] >> 7;
+    r->v[31] &= 127;
+    t = times19(t);
+    r->v[0] += t;
+    for(i=0;i<31;i++)
+    {
+      t = r->v[i] >> 8;
+      r->v[i+1] += t;
+      r->v[i] &= 255;
+    }
+  }
+}
+
+static inline void reduce_mul(fe25519 *r)
+{
+  crypto_uint32 t;
+  int i,rep;
+
+  for(rep=0;rep<2;rep++)
+  {
+    t = r->v[31] >> 7;
+    r->v[31] &= 127;
+    t = times19(t);
+    r->v[0] += t;
+    for(i=0;i<31;i++)
+    {
+      t = r->v[i] >> 8;
+      r->v[i+1] += t;
+      r->v[i] &= 255;
+    }
+  }
+}
+
+/* reduction modulo 2^255-19 */
+static inline void fe25519_freeze(fe25519 *r) 
+{
+  int i;
+  crypto_uint32 m = equal(r->v[31],127);
+  for(i=30;i>0;i--)
+    m &= equal(r->v[i],255);
+  m &= ge(r->v[0],237);
+
+  m = -m;
+
+  r->v[31] -= m&127;
+  for(i=30;i>0;i--)
+    r->v[i] -= m&255;
+  r->v[0] -= m&237;
+}
+
+static inline void fe25519_unpack(fe25519 *r, const unsigned char x[32])
+{
+  int i;
+  for(i=0;i<32;i++) r->v[i] = x[i];
+  r->v[31] &= 127;
+}
+
+/* Assumes input x being reduced below 2^255 */
+static inline void fe25519_pack(unsigned char r[32], const fe25519 *x)
+{
+  int i;
+  fe25519 y = *x;
+  fe25519_freeze(&y);
+  for(i=0;i<32;i++) 
+    r[i] = y.v[i];
+}
+
+#if 0
+static int fe25519_iszero(const fe25519 *x)
+{
+  int i;
+  int r;
+  fe25519 t = *x;
+  fe25519_freeze(&t);
+  r = equal(t.v[0],0);
+  for(i=1;i<32;i++) 
+    r &= equal(t.v[i],0);
+  return r;
+}
+#endif
+
+static inline int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y)
+{
+  int i;
+  fe25519 t1 = *x;
+  fe25519 t2 = *y;
+  fe25519_freeze(&t1);
+  fe25519_freeze(&t2);
+  for(i=0;i<32;i++)
+    if(t1.v[i] != t2.v[i]) return 0;
+  return 1;
+}
+
+static inline void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b)
+{
+  int i;
+  crypto_uint32 mask = b;
+  mask = -mask;
+  for(i=0;i<32;i++) r->v[i] ^= mask & (x->v[i] ^ r->v[i]);
+}
+
+static inline unsigned char fe25519_getparity(const fe25519 *x)
+{
+  fe25519 t = *x;
+  fe25519_freeze(&t);
+  return t.v[0] & 1;
+}
+
+static inline void fe25519_setone(fe25519 *r)
+{
+  int i;
+  r->v[0] = 1;
+  for(i=1;i<32;i++) r->v[i]=0;
+}
+
+static inline void fe25519_setzero(fe25519 *r)
+{
+  int i;
+  for(i=0;i<32;i++) r->v[i]=0;
+}
+
+static inline void fe25519_neg(fe25519 *r, const fe25519 *x)
+{
+  fe25519 t;
+  int i;
+  for(i=0;i<32;i++) t.v[i]=x->v[i];
+  fe25519_setzero(r);
+  fe25519_sub(r, r, &t);
+}
+
+static inline void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y)
+{
+  int i;
+  for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i];
+  reduce_add_sub(r);
+}
+
+static inline void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y)
+{
+  int i;
+  crypto_uint32 t[32];
+  t[0] = x->v[0] + 0x1da;
+  t[31] = x->v[31] + 0xfe;
+  for(i=1;i<31;i++) t[i] = x->v[i] + 0x1fe;
+  for(i=0;i<32;i++) r->v[i] = t[i] - y->v[i];
+  reduce_add_sub(r);
+}
+
+static inline void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y)
+{
+  int i,j;
+  crypto_uint32 t[63];
+  for(i=0;i<63;i++)t[i] = 0;
+
+  for(i=0;i<32;i++)
+    for(j=0;j<32;j++)
+      t[i+j] += x->v[i] * y->v[j];
+
+  for(i=32;i<63;i++)
+    r->v[i-32] = t[i-32] + times38(t[i]); 
+  r->v[31] = t[31]; /* result now in r[0]...r[31] */
+
+  reduce_mul(r);
+}
+
+static inline void fe25519_square(fe25519 *r, const fe25519 *x)
+{
+  fe25519_mul(r, x, x);
+}
+
+static void fe25519_invert(fe25519 *r, const fe25519 *x)
+{
+  fe25519 z2;
+  fe25519 z9;
+  fe25519 z11;
+  fe25519 z2_5_0;
+  fe25519 z2_10_0;
+  fe25519 z2_20_0;
+  fe25519 z2_50_0;
+  fe25519 z2_100_0;
+  fe25519 t0;
+  fe25519 t1;
+  int i;
+  
+  /* 2 */ fe25519_square(&z2,x);
+  /* 4 */ fe25519_square(&t1,&z2);
+  /* 8 */ fe25519_square(&t0,&t1);
+  /* 9 */ fe25519_mul(&z9,&t0,x);
+  /* 11 */ fe25519_mul(&z11,&z9,&z2);
+  /* 22 */ fe25519_square(&t0,&z11);
+  /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t0,&z9);
+
+  /* 2^6 - 2^1 */ fe25519_square(&t0,&z2_5_0);
+  /* 2^7 - 2^2 */ fe25519_square(&t1,&t0);
+  /* 2^8 - 2^3 */ fe25519_square(&t0,&t1);
+  /* 2^9 - 2^4 */ fe25519_square(&t1,&t0);
+  /* 2^10 - 2^5 */ fe25519_square(&t0,&t1);
+  /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t0,&z2_5_0);
+
+  /* 2^11 - 2^1 */ fe25519_square(&t0,&z2_10_0);
+  /* 2^12 - 2^2 */ fe25519_square(&t1,&t0);
+  /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); }
+  /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t1,&z2_10_0);
+
+  /* 2^21 - 2^1 */ fe25519_square(&t0,&z2_20_0);
+  /* 2^22 - 2^2 */ fe25519_square(&t1,&t0);
+  /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); }
+  /* 2^40 - 2^0 */ fe25519_mul(&t0,&t1,&z2_20_0);
+
+  /* 2^41 - 2^1 */ fe25519_square(&t1,&t0);
+  /* 2^42 - 2^2 */ fe25519_square(&t0,&t1);
+  /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); }
+  /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t0,&z2_10_0);
+
+  /* 2^51 - 2^1 */ fe25519_square(&t0,&z2_50_0);
+  /* 2^52 - 2^2 */ fe25519_square(&t1,&t0);
+  /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); }
+  /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t1,&z2_50_0);
+
+  /* 2^101 - 2^1 */ fe25519_square(&t1,&z2_100_0);
+  /* 2^102 - 2^2 */ fe25519_square(&t0,&t1);
+  /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); }
+  /* 2^200 - 2^0 */ fe25519_mul(&t1,&t0,&z2_100_0);
+
+  /* 2^201 - 2^1 */ fe25519_square(&t0,&t1);
+  /* 2^202 - 2^2 */ fe25519_square(&t1,&t0);
+  /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); }
+  /* 2^250 - 2^0 */ fe25519_mul(&t0,&t1,&z2_50_0);
+
+  /* 2^251 - 2^1 */ fe25519_square(&t1,&t0);
+  /* 2^252 - 2^2 */ fe25519_square(&t0,&t1);
+  /* 2^253 - 2^3 */ fe25519_square(&t1,&t0);
+  /* 2^254 - 2^4 */ fe25519_square(&t0,&t1);
+  /* 2^255 - 2^5 */ fe25519_square(&t1,&t0);
+  /* 2^255 - 21 */ fe25519_mul(r,&t1,&z11);
+}
+
+static void fe25519_pow2523(fe25519 *r, const fe25519 *x)
+{
+  fe25519 z2;
+  fe25519 z9;
+  fe25519 z11;
+  fe25519 z2_5_0;
+  fe25519 z2_10_0;
+  fe25519 z2_20_0;
+  fe25519 z2_50_0;
+  fe25519 z2_100_0;
+  fe25519 t;
+  int i;
+    
+  /* 2 */ fe25519_square(&z2,x);
+  /* 4 */ fe25519_square(&t,&z2);
+  /* 8 */ fe25519_square(&t,&t);
+  /* 9 */ fe25519_mul(&z9,&t,x);
+  /* 11 */ fe25519_mul(&z11,&z9,&z2);
+  /* 22 */ fe25519_square(&t,&z11);
+  /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t,&z9);
+
+  /* 2^6 - 2^1 */ fe25519_square(&t,&z2_5_0);
+  /* 2^10 - 2^5 */ for (i = 1;i < 5;i++) { fe25519_square(&t,&t); }
+  /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t,&z2_5_0);
+
+  /* 2^11 - 2^1 */ fe25519_square(&t,&z2_10_0);
+  /* 2^20 - 2^10 */ for (i = 1;i < 10;i++) { fe25519_square(&t,&t); }
+  /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t,&z2_10_0);
+
+  /* 2^21 - 2^1 */ fe25519_square(&t,&z2_20_0);
+  /* 2^40 - 2^20 */ for (i = 1;i < 20;i++) { fe25519_square(&t,&t); }
+  /* 2^40 - 2^0 */ fe25519_mul(&t,&t,&z2_20_0);
+
+  /* 2^41 - 2^1 */ fe25519_square(&t,&t);
+  /* 2^50 - 2^10 */ for (i = 1;i < 10;i++) { fe25519_square(&t,&t); }
+  /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t,&z2_10_0);
+
+  /* 2^51 - 2^1 */ fe25519_square(&t,&z2_50_0);
+  /* 2^100 - 2^50 */ for (i = 1;i < 50;i++) { fe25519_square(&t,&t); }
+  /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t,&z2_50_0);
+
+  /* 2^101 - 2^1 */ fe25519_square(&t,&z2_100_0);
+  /* 2^200 - 2^100 */ for (i = 1;i < 100;i++) { fe25519_square(&t,&t); }
+  /* 2^200 - 2^0 */ fe25519_mul(&t,&t,&z2_100_0);
+
+  /* 2^201 - 2^1 */ fe25519_square(&t,&t);
+  /* 2^250 - 2^50 */ for (i = 1;i < 50;i++) { fe25519_square(&t,&t); }
+  /* 2^250 - 2^0 */ fe25519_mul(&t,&t,&z2_50_0);
+
+  /* 2^251 - 2^1 */ fe25519_square(&t,&t);
+  /* 2^252 - 2^2 */ fe25519_square(&t,&t);
+  /* 2^252 - 3 */ fe25519_mul(r,&t,x);
+}
+
+typedef struct 
+{
+  crypto_uint32 v[32]; 
+}
+sc25519;
+
+typedef struct 
+{
+  crypto_uint32 v[16]; 
+}
+shortsc25519;
+
+static const crypto_uint32 m[32] = {0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2, 0xDE, 0xF9, 0xDE, 0x14, 
+                                    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10};
+
+static const crypto_uint32 mu[33] = {0x1B, 0x13, 0x2C, 0x0A, 0xA3, 0xE5, 0x9C, 0xED, 0xA7, 0x29, 0x63, 0x08, 0x5D, 0x21, 0x06, 0x21, 
+                                     0xEB, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F};
+
+static inline crypto_uint32 lt(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */
+{
+  unsigned int x = a;
+  x -= (unsigned int) b; /* 0..65535: no; 4294901761..4294967295: yes */
+  x >>= 31; /* 0: no; 1: yes */
+  return x;
+}
+
+/* Reduce coefficients of r before calling reduce_add_sub */
+static inline void reduce_add_sub(sc25519 *r)
+{
+  crypto_uint32 pb = 0;
+  crypto_uint32 b;
+  crypto_uint32 mask;
+  int i;
+  unsigned char t[32];
+
+  for(i=0;i<32;i++) 
+  {
+    pb += m[i];
+    b = lt(r->v[i],pb);
+    t[i] = r->v[i]-pb+(b<<8);
+    pb = b;
+  }
+  mask = b - 1;
+  for(i=0;i<32;i++) 
+    r->v[i] ^= mask & (r->v[i] ^ t[i]);
+}
+
+/* Reduce coefficients of x before calling barrett_reduce */
+static inline void barrett_reduce(sc25519 *r, const crypto_uint32 x[64])
+{
+  /* See HAC, Alg. 14.42 */
+  int i,j;
+  crypto_uint32 q2[66];
+  crypto_uint32 *q3 = q2 + 33;
+  crypto_uint32 r1[33];
+  crypto_uint32 r2[33];
+  crypto_uint32 carry;
+  crypto_uint32 pb = 0;
+  crypto_uint32 b;
+
+  for (i = 0;i < 66;++i) q2[i] = 0;
+  for (i = 0;i < 33;++i) r2[i] = 0;
+
+  for(i=0;i<33;i++)
+    for(j=0;j<33;j++)
+      if(i+j >= 31) q2[i+j] += mu[i]*x[j+31];
+  carry = q2[31] >> 8;
+  q2[32] += carry;
+  carry = q2[32] >> 8;
+  q2[33] += carry;
+
+  for(i=0;i<33;i++)r1[i] = x[i];
+  for(i=0;i<32;i++)
+    for(j=0;j<33;j++)
+      if(i+j < 33) r2[i+j] += m[i]*q3[j];
+
+  for(i=0;i<32;i++)
+  {
+    carry = r2[i] >> 8;
+    r2[i+1] += carry;
+    r2[i] &= 0xff;
+  }
+
+  for(i=0;i<32;i++) 
+  {
+    pb += r2[i];
+    b = lt(r1[i],pb);
+    r->v[i] = r1[i]-pb+(b<<8);
+    pb = b;
+  }
+
+  /* XXX: Can it really happen that r<0?, See HAC, Alg 14.42, Step 3 
+   * If so: Handle  it here!
+   */
+
+  reduce_add_sub(r);
+  reduce_add_sub(r);
+}
+
+static inline void sc25519_from32bytes(sc25519 *r, const unsigned char x[32])
+{
+  int i;
+  crypto_uint32 t[64];
+  for(i=0;i<32;i++) t[i] = x[i];
+  for(i=32;i<64;++i) t[i] = 0;
+  barrett_reduce(r, t);
+}
+
+#if 0
+static void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16])
+{
+  int i;
+  for(i=0;i<16;i++) r->v[i] = x[i];
+}
+#endif
+
+static inline void sc25519_from64bytes(sc25519 *r, const unsigned char x[64])
+{
+  int i;
+  crypto_uint32 t[64];
+  for(i=0;i<64;i++) t[i] = x[i];
+  barrett_reduce(r, t);
+}
+
+#if 0
+static void sc25519_from_shortsc(sc25519 *r, const shortsc25519 *x)
+{
+  int i;
+  for(i=0;i<16;i++)
+    r->v[i] = x->v[i];
+  for(i=0;i<16;i++)
+    r->v[16+i] = 0;
+}
+#endif
+
+static inline void sc25519_to32bytes(unsigned char r[32], const sc25519 *x)
+{
+  int i;
+  for(i=0;i<32;i++) r[i] = x->v[i];
+}
+
+#if 0
+static int sc25519_iszero_vartime(const sc25519 *x)
+{
+  int i;
+  for(i=0;i<32;i++)
+    if(x->v[i] != 0) return 0;
+  return 1;
+}
+#endif
+
+#if 0
+static int sc25519_isshort_vartime(const sc25519 *x)
+{
+  int i;
+  for(i=31;i>15;i--)
+    if(x->v[i] != 0) return 0;
+  return 1;
+}
+#endif
+
+#if 0
+static int sc25519_lt_vartime(const sc25519 *x, const sc25519 *y)
+{
+  int i;
+  for(i=31;i>=0;i--)
+  {
+    if(x->v[i] < y->v[i]) return 1;
+    if(x->v[i] > y->v[i]) return 0;
+  }
+  return 0;
+}
+#endif
+
+static inline void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y)
+{
+  int i, carry;
+  for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i];
+  for(i=0;i<31;i++)
+  {
+    carry = r->v[i] >> 8;
+    r->v[i+1] += carry;
+    r->v[i] &= 0xff;
+  }
+  reduce_add_sub(r);
+}
+
+#if 0
+static void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y)
+{
+  crypto_uint32 b = 0;
+  crypto_uint32 t;
+  int i;
+  for(i=0;i<32;i++)
+  {
+    t = x->v[i] - y->v[i] - b;
+    r->v[i] = t & 255;
+    b = (t >> 8) & 1;
+  }
+}
+#endif
+
+static inline void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y)
+{
+  int i,j,carry;
+  crypto_uint32 t[64];
+  for(i=0;i<64;i++)t[i] = 0;
+
+  for(i=0;i<32;i++)
+    for(j=0;j<32;j++)
+      t[i+j] += x->v[i] * y->v[j];
+
+  /* Reduce coefficients */
+  for(i=0;i<63;i++)
+  {
+    carry = t[i] >> 8;
+    t[i+1] += carry;
+    t[i] &= 0xff;
+  }
+
+  barrett_reduce(r, t);
+}
+
+#if 0
+static void sc25519_mul_shortsc(sc25519 *r, const sc25519 *x, const shortsc25519 *y)
+{
+  sc25519 t;
+  sc25519_from_shortsc(&t, y);
+  sc25519_mul(r, x, &t);
+}
+#endif
+
+static inline void sc25519_window3(signed char r[85], const sc25519 *s)
+{
+  char carry;
+  int i;
+  for(i=0;i<10;i++)
+  {
+    r[8*i+0]  =  s->v[3*i+0]       & 7;
+    r[8*i+1]  = (s->v[3*i+0] >> 3) & 7;
+    r[8*i+2]  = (s->v[3*i+0] >> 6) & 7;
+    r[8*i+2] ^= (s->v[3*i+1] << 2) & 7;
+    r[8*i+3]  = (s->v[3*i+1] >> 1) & 7;
+    r[8*i+4]  = (s->v[3*i+1] >> 4) & 7;
+    r[8*i+5]  = (s->v[3*i+1] >> 7) & 7;
+    r[8*i+5] ^= (s->v[3*i+2] << 1) & 7;
+    r[8*i+6]  = (s->v[3*i+2] >> 2) & 7;
+    r[8*i+7]  = (s->v[3*i+2] >> 5) & 7;
+  }
+  r[8*i+0]  =  s->v[3*i+0]       & 7;
+  r[8*i+1]  = (s->v[3*i+0] >> 3) & 7;
+  r[8*i+2]  = (s->v[3*i+0] >> 6) & 7;
+  r[8*i+2] ^= (s->v[3*i+1] << 2) & 7;
+  r[8*i+3]  = (s->v[3*i+1] >> 1) & 7;
+  r[8*i+4]  = (s->v[3*i+1] >> 4) & 7;
+
+  /* Making it signed */
+  carry = 0;
+  for(i=0;i<84;i++)
+  {
+    r[i] += carry;
+    r[i+1] += r[i] >> 3;
+    r[i] &= 7;
+    carry = r[i] >> 2;
+    r[i] -= carry<<3;
+  }
+  r[84] += carry;
+}
+
+#if 0
+static void sc25519_window5(signed char r[51], const sc25519 *s)
+{
+  char carry;
+  int i;
+  for(i=0;i<6;i++)
+  {
+    r[8*i+0]  =  s->v[5*i+0]       & 31;
+    r[8*i+1]  = (s->v[5*i+0] >> 5) & 31;
+    r[8*i+1] ^= (s->v[5*i+1] << 3) & 31;
+    r[8*i+2]  = (s->v[5*i+1] >> 2) & 31;
+    r[8*i+3]  = (s->v[5*i+1] >> 7) & 31;
+    r[8*i+3] ^= (s->v[5*i+2] << 1) & 31;
+    r[8*i+4]  = (s->v[5*i+2] >> 4) & 31;
+    r[8*i+4] ^= (s->v[5*i+3] << 4) & 31;
+    r[8*i+5]  = (s->v[5*i+3] >> 1) & 31;
+    r[8*i+6]  = (s->v[5*i+3] >> 6) & 31;
+    r[8*i+6] ^= (s->v[5*i+4] << 2) & 31;
+    r[8*i+7]  = (s->v[5*i+4] >> 3) & 31;
+  }
+  r[8*i+0]  =  s->v[5*i+0]       & 31;
+  r[8*i+1]  = (s->v[5*i+0] >> 5) & 31;
+  r[8*i+1] ^= (s->v[5*i+1] << 3) & 31;
+  r[8*i+2]  = (s->v[5*i+1] >> 2) & 31;
+
+  /* Making it signed */
+  carry = 0;
+  for(i=0;i<50;i++)
+  {
+    r[i] += carry;
+    r[i+1] += r[i] >> 5;
+    r[i] &= 31;
+    carry = r[i] >> 4;
+    r[i] -= carry<<5;
+  }
+  r[50] += carry;
+}
+#endif
+
+static inline void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2)
+{
+  int i;
+  for(i=0;i<31;i++)
+  {
+    r[4*i]   = ( s1->v[i]       & 3) ^ (( s2->v[i]       & 3) << 2);
+    r[4*i+1] = ((s1->v[i] >> 2) & 3) ^ (((s2->v[i] >> 2) & 3) << 2);
+    r[4*i+2] = ((s1->v[i] >> 4) & 3) ^ (((s2->v[i] >> 4) & 3) << 2);
+    r[4*i+3] = ((s1->v[i] >> 6) & 3) ^ (((s2->v[i] >> 6) & 3) << 2);
+  }
+  r[124] = ( s1->v[31]       & 3) ^ (( s2->v[31]       & 3) << 2);
+  r[125] = ((s1->v[31] >> 2) & 3) ^ (((s2->v[31] >> 2) & 3) << 2);
+  r[126] = ((s1->v[31] >> 4) & 3) ^ (((s2->v[31] >> 4) & 3) << 2);
+}
+
+typedef struct
+{
+  fe25519 x;
+  fe25519 y;
+  fe25519 z;
+  fe25519 t;
+} ge25519;
+
+/* d */
+static const fe25519 ge25519_ecd = {{0xA3, 0x78, 0x59, 0x13, 0xCA, 0x4D, 0xEB, 0x75, 0xAB, 0xD8, 0x41, 0x41, 0x4D, 0x0A, 0x70, 0x00, 
+                      0x98, 0xE8, 0x79, 0x77, 0x79, 0x40, 0xC7, 0x8C, 0x73, 0xFE, 0x6F, 0x2B, 0xEE, 0x6C, 0x03, 0x52}};
+/* 2*d */
+static const fe25519 ge25519_ec2d = {{0x59, 0xF1, 0xB2, 0x26, 0x94, 0x9B, 0xD6, 0xEB, 0x56, 0xB1, 0x83, 0x82, 0x9A, 0x14, 0xE0, 0x00, 
+                       0x30, 0xD1, 0xF3, 0xEE, 0xF2, 0x80, 0x8E, 0x19, 0xE7, 0xFC, 0xDF, 0x56, 0xDC, 0xD9, 0x06, 0x24}};
+/* sqrt(-1) */
+static const fe25519 ge25519_sqrtm1 = {{0xB0, 0xA0, 0x0E, 0x4A, 0x27, 0x1B, 0xEE, 0xC4, 0x78, 0xE4, 0x2F, 0xAD, 0x06, 0x18, 0x43, 0x2F, 
+                         0xA7, 0xD7, 0xFB, 0x3D, 0x99, 0x00, 0x4D, 0x2B, 0x0B, 0xDF, 0xC1, 0x4F, 0x80, 0x24, 0x83, 0x2B}};
+
+#define ge25519_p3 ge25519
+
+typedef struct
+{
+  fe25519 x;
+  fe25519 z;
+  fe25519 y;
+  fe25519 t;
+} ge25519_p1p1;
+
+typedef struct
+{
+  fe25519 x;
+  fe25519 y;
+  fe25519 z;
+} ge25519_p2;
+
+typedef struct
+{
+  fe25519 x;
+  fe25519 y;
+} ge25519_aff;
+
+
+/* Packed coordinates of the base point */
+static const ge25519 ge25519_base = {{{0x1A, 0xD5, 0x25, 0x8F, 0x60, 0x2D, 0x56, 0xC9, 0xB2, 0xA7, 0x25, 0x95, 0x60, 0xC7, 0x2C, 0x69, 
+                                0x5C, 0xDC, 0xD6, 0xFD, 0x31, 0xE2, 0xA4, 0xC0, 0xFE, 0x53, 0x6E, 0xCD, 0xD3, 0x36, 0x69, 0x21}},
+                              {{0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 
+                                0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66}},
+                              {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
+                                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+                              {{0xA3, 0xDD, 0xB7, 0xA5, 0xB3, 0x8A, 0xDE, 0x6D, 0xF5, 0x52, 0x51, 0x77, 0x80, 0x9F, 0xF0, 0x20, 
+                                0x7D, 0xE3, 0xAB, 0x64, 0x8E, 0x4E, 0xEA, 0x66, 0x65, 0x76, 0x8B, 0xD7, 0x0F, 0x5F, 0x87, 0x67}}};
+
+/* Multiples of the base point in affine representation */
+static const ge25519_aff ge25519_base_multiples_affine[425] = {
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, 0xb2, 0xa7, 0x25, 0x95, 0x60, 0xc7, 0x2c, 0x69, 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0, 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21}} ,
+ {{0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66}}},
+{{{0x0e, 0xce, 0x43, 0x28, 0x4e, 0xa1, 0xc5, 0x83, 0x5f, 0xa4, 0xd7, 0x15, 0x45, 0x8e, 0x0d, 0x08, 0xac, 0xe7, 0x33, 0x18, 0x7d, 0x3b, 0x04, 0x3d, 0x6c, 0x04, 0x5a, 0x9f, 0x4c, 0x38, 0xab, 0x36}} ,
+ {{0xc9, 0xa3, 0xf8, 0x6a, 0xae, 0x46, 0x5f, 0x0e, 0x56, 0x51, 0x38, 0x64, 0x51, 0x0f, 0x39, 0x97, 0x56, 0x1f, 0xa2, 0xc9, 0xe8, 0x5e, 0xa2, 0x1d, 0xc2, 0x29, 0x23, 0x09, 0xf3, 0xcd, 0x60, 0x22}}},
+{{{0x5c, 0xe2, 0xf8, 0xd3, 0x5f, 0x48, 0x62, 0xac, 0x86, 0x48, 0x62, 0x81, 0x19, 0x98, 0x43, 0x63, 0x3a, 0xc8, 0xda, 0x3e, 0x74, 0xae, 0xf4, 0x1f, 0x49, 0x8f, 0x92, 0x22, 0x4a, 0x9c, 0xae, 0x67}} ,
+ {{0xd4, 0xb4, 0xf5, 0x78, 0x48, 0x68, 0xc3, 0x02, 0x04, 0x03, 0x24, 0x67, 0x17, 0xec, 0x16, 0x9f, 0xf7, 0x9e, 0x26, 0x60, 0x8e, 0xa1, 0x26, 0xa1, 0xab, 0x69, 0xee, 0x77, 0xd1, 0xb1, 0x67, 0x12}}},
+{{{0x70, 0xf8, 0xc9, 0xc4, 0x57, 0xa6, 0x3a, 0x49, 0x47, 0x15, 0xce, 0x93, 0xc1, 0x9e, 0x73, 0x1a, 0xf9, 0x20, 0x35, 0x7a, 0xb8, 0xd4, 0x25, 0x83, 0x46, 0xf1, 0xcf, 0x56, 0xdb, 0xa8, 0x3d, 0x20}} ,
+ {{0x2f, 0x11, 0x32, 0xca, 0x61, 0xab, 0x38, 0xdf, 0xf0, 0x0f, 0x2f, 0xea, 0x32, 0x28, 0xf2, 0x4c, 0x6c, 0x71, 0xd5, 0x80, 0x85, 0xb8, 0x0e, 0x47, 0xe1, 0x95, 0x15, 0xcb, 0x27, 0xe8, 0xd0, 0x47}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xc8, 0x84, 0xa5, 0x08, 0xbc, 0xfd, 0x87, 0x3b, 0x99, 0x8b, 0x69, 0x80, 0x7b, 0xc6, 0x3a, 0xeb, 0x93, 0xcf, 0x4e, 0xf8, 0x5c, 0x2d, 0x86, 0x42, 0xb6, 0x71, 0xd7, 0x97, 0x5f, 0xe1, 0x42, 0x67}} ,
+ {{0xb4, 0xb9, 0x37, 0xfc, 0xa9, 0x5b, 0x2f, 0x1e, 0x93, 0xe4, 0x1e, 0x62, 0xfc, 0x3c, 0x78, 0x81, 0x8f, 0xf3, 0x8a, 0x66, 0x09, 0x6f, 0xad, 0x6e, 0x79, 0x73, 0xe5, 0xc9, 0x00, 0x06, 0xd3, 0x21}}},
+{{{0xf8, 0xf9, 0x28, 0x6c, 0x6d, 0x59, 0xb2, 0x59, 0x74, 0x23, 0xbf, 0xe7, 0x33, 0x8d, 0x57, 0x09, 0x91, 0x9c, 0x24, 0x08, 0x15, 0x2b, 0xe2, 0xb8, 0xee, 0x3a, 0xe5, 0x27, 0x06, 0x86, 0xa4, 0x23}} ,
+ {{0xeb, 0x27, 0x67, 0xc1, 0x37, 0xab, 0x7a, 0xd8, 0x27, 0x9c, 0x07, 0x8e, 0xff, 0x11, 0x6a, 0xb0, 0x78, 0x6e, 0xad, 0x3a, 0x2e, 0x0f, 0x98, 0x9f, 0x72, 0xc3, 0x7f, 0x82, 0xf2, 0x96, 0x96, 0x70}}},
+{{{0x81, 0x6b, 0x88, 0xe8, 0x1e, 0xc7, 0x77, 0x96, 0x0e, 0xa1, 0xa9, 0x52, 0xe0, 0xd8, 0x0e, 0x61, 0x9e, 0x79, 0x2d, 0x95, 0x9c, 0x8d, 0x96, 0xe0, 0x06, 0x40, 0x5d, 0x87, 0x28, 0x5f, 0x98, 0x70}} ,
+ {{0xf1, 0x79, 0x7b, 0xed, 0x4f, 0x44, 0xb2, 0xe7, 0x08, 0x0d, 0xc2, 0x08, 0x12, 0xd2, 0x9f, 0xdf, 0xcd, 0x93, 0x20, 0x8a, 0xcf, 0x33, 0xca, 0x6d, 0x89, 0xb9, 0x77, 0xc8, 0x93, 0x1b, 0x4e, 0x60}}},
+{{{0x26, 0x4f, 0x7e, 0x97, 0xf6, 0x40, 0xdd, 0x4f, 0xfc, 0x52, 0x78, 0xf9, 0x90, 0x31, 0x03, 0xe6, 0x7d, 0x56, 0x39, 0x0b, 0x1d, 0x56, 0x82, 0x85, 0xf9, 0x1a, 0x42, 0x17, 0x69, 0x6c, 0xcf, 0x39}} ,
+ {{0x69, 0xd2, 0x06, 0x3a, 0x4f, 0x39, 0x2d, 0xf9, 0x38, 0x40, 0x8c, 0x4c, 0xe7, 0x05, 0x12, 0xb4, 0x78, 0x8b, 0xf8, 0xc0, 0xec, 0x93, 0xde, 0x7a, 0x6b, 0xce, 0x2c, 0xe1, 0x0e, 0xa9, 0x34, 0x44}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x0b, 0xa4, 0x3c, 0xb0, 0x0f, 0x7a, 0x51, 0xf1, 0x78, 0xd6, 0xd9, 0x6a, 0xfd, 0x46, 0xe8, 0xb8, 0xa8, 0x79, 0x1d, 0x87, 0xf9, 0x90, 0xf2, 0x9c, 0x13, 0x29, 0xf8, 0x0b, 0x20, 0x64, 0xfa, 0x05}} ,
+ {{0x26, 0x09, 0xda, 0x17, 0xaf, 0x95, 0xd6, 0xfb, 0x6a, 0x19, 0x0d, 0x6e, 0x5e, 0x12, 0xf1, 0x99, 0x4c, 0xaa, 0xa8, 0x6f, 0x79, 0x86, 0xf4, 0x72, 0x28, 0x00, 0x26, 0xf9, 0xea, 0x9e, 0x19, 0x3d}}},
+{{{0x87, 0xdd, 0xcf, 0xf0, 0x5b, 0x49, 0xa2, 0x5d, 0x40, 0x7a, 0x23, 0x26, 0xa4, 0x7a, 0x83, 0x8a, 0xb7, 0x8b, 0xd2, 0x1a, 0xbf, 0xea, 0x02, 0x24, 0x08, 0x5f, 0x7b, 0xa9, 0xb1, 0xbe, 0x9d, 0x37}} ,
+ {{0xfc, 0x86, 0x4b, 0x08, 0xee, 0xe7, 0xa0, 0xfd, 0x21, 0x45, 0x09, 0x34, 0xc1, 0x61, 0x32, 0x23, 0xfc, 0x9b, 0x55, 0x48, 0x53, 0x99, 0xf7, 0x63, 0xd0, 0x99, 0xce, 0x01, 0xe0, 0x9f, 0xeb, 0x28}}},
+{{{0x47, 0xfc, 0xab, 0x5a, 0x17, 0xf0, 0x85, 0x56, 0x3a, 0x30, 0x86, 0x20, 0x28, 0x4b, 0x8e, 0x44, 0x74, 0x3a, 0x6e, 0x02, 0xf1, 0x32, 0x8f, 0x9f, 0x3f, 0x08, 0x35, 0xe9, 0xca, 0x16, 0x5f, 0x6e}} ,
+ {{0x1c, 0x59, 0x1c, 0x65, 0x5d, 0x34, 0xa4, 0x09, 0xcd, 0x13, 0x9c, 0x70, 0x7d, 0xb1, 0x2a, 0xc5, 0x88, 0xaf, 0x0b, 0x60, 0xc7, 0x9f, 0x34, 0x8d, 0xd6, 0xb7, 0x7f, 0xea, 0x78, 0x65, 0x8d, 0x77}}},
+{{{0x56, 0xa5, 0xc2, 0x0c, 0xdd, 0xbc, 0xb8, 0x20, 0x6d, 0x57, 0x61, 0xb5, 0xfb, 0x78, 0xb5, 0xd4, 0x49, 0x54, 0x90, 0x26, 0xc1, 0xcb, 0xe9, 0xe6, 0xbf, 0xec, 0x1d, 0x4e, 0xed, 0x07, 0x7e, 0x5e}} ,
+ {{0xc7, 0xf6, 0x6c, 0x56, 0x31, 0x20, 0x14, 0x0e, 0xa8, 0xd9, 0x27, 0xc1, 0x9a, 0x3d, 0x1b, 0x7d, 0x0e, 0x26, 0xd3, 0x81, 0xaa, 0xeb, 0xf5, 0x6b, 0x79, 0x02, 0xf1, 0x51, 0x5c, 0x75, 0x55, 0x0f}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x0a, 0x34, 0xcd, 0x82, 0x3c, 0x33, 0x09, 0x54, 0xd2, 0x61, 0x39, 0x30, 0x9b, 0xfd, 0xef, 0x21, 0x26, 0xd4, 0x70, 0xfa, 0xee, 0xf9, 0x31, 0x33, 0x73, 0x84, 0xd0, 0xb3, 0x81, 0xbf, 0xec, 0x2e}} ,
+ {{0xe8, 0x93, 0x8b, 0x00, 0x64, 0xf7, 0x9c, 0xb8, 0x74, 0xe0, 0xe6, 0x49, 0x48, 0x4d, 0x4d, 0x48, 0xb6, 0x19, 0xa1, 0x40, 0xb7, 0xd9, 0x32, 0x41, 0x7c, 0x82, 0x37, 0xa1, 0x2d, 0xdc, 0xd2, 0x54}}},
+{{{0x68, 0x2b, 0x4a, 0x5b, 0xd5, 0xc7, 0x51, 0x91, 0x1d, 0xe1, 0x2a, 0x4b, 0xc4, 0x47, 0xf1, 0xbc, 0x7a, 0xb3, 0xcb, 0xc8, 0xb6, 0x7c, 0xac, 0x90, 0x05, 0xfd, 0xf3, 0xf9, 0x52, 0x3a, 0x11, 0x6b}} ,
+ {{0x3d, 0xc1, 0x27, 0xf3, 0x59, 0x43, 0x95, 0x90, 0xc5, 0x96, 0x79, 0xf5, 0xf4, 0x95, 0x65, 0x29, 0x06, 0x9c, 0x51, 0x05, 0x18, 0xda, 0xb8, 0x2e, 0x79, 0x7e, 0x69, 0x59, 0x71, 0x01, 0xeb, 0x1a}}},
+{{{0x15, 0x06, 0x49, 0xb6, 0x8a, 0x3c, 0xea, 0x2f, 0x34, 0x20, 0x14, 0xc3, 0xaa, 0xd6, 0xaf, 0x2c, 0x3e, 0xbd, 0x65, 0x20, 0xe2, 0x4d, 0x4b, 0x3b, 0xeb, 0x9f, 0x4a, 0xc3, 0xad, 0xa4, 0x3b, 0x60}} ,
+ {{0xbc, 0x58, 0xe6, 0xc0, 0x95, 0x2a, 0x2a, 0x81, 0x9a, 0x7a, 0xf3, 0xd2, 0x06, 0xbe, 0x48, 0xbc, 0x0c, 0xc5, 0x46, 0xe0, 0x6a, 0xd4, 0xac, 0x0f, 0xd9, 0xcc, 0x82, 0x34, 0x2c, 0xaf, 0xdb, 0x1f}}},
+{{{0xf7, 0x17, 0x13, 0xbd, 0xfb, 0xbc, 0xd2, 0xec, 0x45, 0xb3, 0x15, 0x31, 0xe9, 0xaf, 0x82, 0x84, 0x3d, 0x28, 0xc6, 0xfc, 0x11, 0xf5, 0x41, 0xb5, 0x8b, 0xd3, 0x12, 0x76, 0x52, 0xe7, 0x1a, 0x3c}} ,
+ {{0x4e, 0x36, 0x11, 0x07, 0xa2, 0x15, 0x20, 0x51, 0xc4, 0x2a, 0xc3, 0x62, 0x8b, 0x5e, 0x7f, 0xa6, 0x0f, 0xf9, 0x45, 0x85, 0x6c, 0x11, 0x86, 0xb7, 0x7e, 0xe5, 0xd7, 0xf9, 0xc3, 0x91, 0x1c, 0x05}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xea, 0xd6, 0xde, 0x29, 0x3a, 0x00, 0xb9, 0x02, 0x59, 0xcb, 0x26, 0xc4, 0xba, 0x99, 0xb1, 0x97, 0x2f, 0x8e, 0x00, 0x92, 0x26, 0x4f, 0x52, 0xeb, 0x47, 0x1b, 0x89, 0x8b, 0x24, 0xc0, 0x13, 0x7d}} ,
+ {{0xd5, 0x20, 0x5b, 0x80, 0xa6, 0x80, 0x20, 0x95, 0xc3, 0xe9, 0x9f, 0x8e, 0x87, 0x9e, 0x1e, 0x9e, 0x7a, 0xc7, 0xcc, 0x75, 0x6c, 0xa5, 0xf1, 0x91, 0x1a, 0xa8, 0x01, 0x2c, 0xab, 0x76, 0xa9, 0x59}}},
+{{{0xde, 0xc9, 0xb1, 0x31, 0x10, 0x16, 0xaa, 0x35, 0x14, 0x6a, 0xd4, 0xb5, 0x34, 0x82, 0x71, 0xd2, 0x4a, 0x5d, 0x9a, 0x1f, 0x53, 0x26, 0x3c, 0xe5, 0x8e, 0x8d, 0x33, 0x7f, 0xff, 0xa9, 0xd5, 0x17}} ,
+ {{0x89, 0xaf, 0xf6, 0xa4, 0x64, 0xd5, 0x10, 0xe0, 0x1d, 0xad, 0xef, 0x44, 0xbd, 0xda, 0x83, 0xac, 0x7a, 0xa8, 0xf0, 0x1c, 0x07, 0xf9, 0xc3, 0x43, 0x6c, 0x3f, 0xb7, 0xd3, 0x87, 0x22, 0x02, 0x73}}},
+{{{0x64, 0x1d, 0x49, 0x13, 0x2f, 0x71, 0xec, 0x69, 0x87, 0xd0, 0x42, 0xee, 0x13, 0xec, 0xe3, 0xed, 0x56, 0x7b, 0xbf, 0xbd, 0x8c, 0x2f, 0x7d, 0x7b, 0x9d, 0x28, 0xec, 0x8e, 0x76, 0x2f, 0x6f, 0x08}} ,
+ {{0x22, 0xf5, 0x5f, 0x4d, 0x15, 0xef, 0xfc, 0x4e, 0x57, 0x03, 0x36, 0x89, 0xf0, 0xeb, 0x5b, 0x91, 0xd6, 0xe2, 0xca, 0x01, 0xa5, 0xee, 0x52, 0xec, 0xa0, 0x3c, 0x8f, 0x33, 0x90, 0x5a, 0x94, 0x72}}},
+{{{0x8a, 0x4b, 0xe7, 0x38, 0xbc, 0xda, 0xc2, 0xb0, 0x85, 0xe1, 0x4a, 0xfe, 0x2d, 0x44, 0x84, 0xcb, 0x20, 0x6b, 0x2d, 0xbf, 0x11, 0x9c, 0xd7, 0xbe, 0xd3, 0x3e, 0x5f, 0xbf, 0x68, 0xbc, 0xa8, 0x07}} ,
+ {{0x01, 0x89, 0x28, 0x22, 0x6a, 0x78, 0xaa, 0x29, 0x03, 0xc8, 0x74, 0x95, 0x03, 0x3e, 0xdc, 0xbd, 0x07, 0x13, 0xa8, 0xa2, 0x20, 0x2d, 0xb3, 0x18, 0x70, 0x42, 0xfd, 0x7a, 0xc4, 0xd7, 0x49, 0x72}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x02, 0xff, 0x32, 0x2b, 0x5c, 0x93, 0x54, 0x32, 0xe8, 0x57, 0x54, 0x1a, 0x8b, 0x33, 0x60, 0x65, 0xd3, 0x67, 0xa4, 0xc1, 0x26, 0xc4, 0xa4, 0x34, 0x1f, 0x9b, 0xa7, 0xa9, 0xf4, 0xd9, 0x4f, 0x5b}} ,
+ {{0x46, 0x8d, 0xb0, 0x33, 0x54, 0x26, 0x5b, 0x68, 0xdf, 0xbb, 0xc5, 0xec, 0xc2, 0xf9, 0x3c, 0x5a, 0x37, 0xc1, 0x8e, 0x27, 0x47, 0xaa, 0x49, 0x5a, 0xf8, 0xfb, 0x68, 0x04, 0x23, 0xd1, 0xeb, 0x40}}},
+{{{0x65, 0xa5, 0x11, 0x84, 0x8a, 0x67, 0x9d, 0x9e, 0xd1, 0x44, 0x68, 0x7a, 0x34, 0xe1, 0x9f, 0xa3, 0x54, 0xcd, 0x07, 0xca, 0x79, 0x1f, 0x54, 0x2f, 0x13, 0x70, 0x4e, 0xee, 0xa2, 0xfa, 0xe7, 0x5d}} ,
+ {{0x36, 0xec, 0x54, 0xf8, 0xce, 0xe4, 0x85, 0xdf, 0xf6, 0x6f, 0x1d, 0x90, 0x08, 0xbc, 0xe8, 0xc0, 0x92, 0x2d, 0x43, 0x6b, 0x92, 0xa9, 0x8e, 0xab, 0x0a, 0x2e, 0x1c, 0x1e, 0x64, 0x23, 0x9f, 0x2c}}},
+{{{0xa7, 0xd6, 0x2e, 0xd5, 0xcc, 0xd4, 0xcb, 0x5a, 0x3b, 0xa7, 0xf9, 0x46, 0x03, 0x1d, 0xad, 0x2b, 0x34, 0x31, 0x90, 0x00, 0x46, 0x08, 0x82, 0x14, 0xc4, 0xe0, 0x9c, 0xf0, 0xe3, 0x55, 0x43, 0x31}} ,
+ {{0x60, 0xd6, 0xdd, 0x78, 0xe6, 0xd4, 0x22, 0x42, 0x1f, 0x00, 0xf9, 0xb1, 0x6a, 0x63, 0xe2, 0x92, 0x59, 0xd1, 0x1a, 0xb7, 0x00, 0x54, 0x29, 0xc9, 0xc1, 0xf6, 0x6f, 0x7a, 0xc5, 0x3c, 0x5f, 0x65}}},
+{{{0x27, 0x4f, 0xd0, 0x72, 0xb1, 0x11, 0x14, 0x27, 0x15, 0x94, 0x48, 0x81, 0x7e, 0x74, 0xd8, 0x32, 0xd5, 0xd1, 0x11, 0x28, 0x60, 0x63, 0x36, 0x32, 0x37, 0xb5, 0x13, 0x1c, 0xa0, 0x37, 0xe3, 0x74}} ,
+ {{0xf1, 0x25, 0x4e, 0x11, 0x96, 0x67, 0xe6, 0x1c, 0xc2, 0xb2, 0x53, 0xe2, 0xda, 0x85, 0xee, 0xb2, 0x9f, 0x59, 0xf3, 0xba, 0xbd, 0xfa, 0xcf, 0x6e, 0xf9, 0xda, 0xa4, 0xb3, 0x02, 0x8f, 0x64, 0x08}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x34, 0x94, 0xf2, 0x64, 0x54, 0x47, 0x37, 0x07, 0x40, 0x8a, 0x20, 0xba, 0x4a, 0x55, 0xd7, 0x3f, 0x47, 0xba, 0x25, 0x23, 0x14, 0xb0, 0x2c, 0xe8, 0x55, 0xa8, 0xa6, 0xef, 0x51, 0xbd, 0x6f, 0x6a}} ,
+ {{0x71, 0xd6, 0x16, 0x76, 0xb2, 0x06, 0xea, 0x79, 0xf5, 0xc4, 0xc3, 0x52, 0x7e, 0x61, 0xd1, 0xe1, 0xad, 0x70, 0x78, 0x1d, 0x16, 0x11, 0xf8, 0x7c, 0x2b, 0xfc, 0x55, 0x9f, 0x52, 0xf8, 0xf5, 0x16}}},
+{{{0x34, 0x96, 0x9a, 0xf6, 0xc5, 0xe0, 0x14, 0x03, 0x24, 0x0e, 0x4c, 0xad, 0x9e, 0x9a, 0x70, 0x23, 0x96, 0xb2, 0xf1, 0x2e, 0x9d, 0xc3, 0x32, 0x9b, 0x54, 0xa5, 0x73, 0xde, 0x88, 0xb1, 0x3e, 0x24}} ,
+ {{0xf6, 0xe2, 0x4c, 0x1f, 0x5b, 0xb2, 0xaf, 0x82, 0xa5, 0xcf, 0x81, 0x10, 0x04, 0xef, 0xdb, 0xa2, 0xcc, 0x24, 0xb2, 0x7e, 0x0b, 0x7a, 0xeb, 0x01, 0xd8, 0x52, 0xf4, 0x51, 0x89, 0x29, 0x79, 0x37}}},
+{{{0x74, 0xde, 0x12, 0xf3, 0x68, 0xb7, 0x66, 0xc3, 0xee, 0x68, 0xdc, 0x81, 0xb5, 0x55, 0x99, 0xab, 0xd9, 0x28, 0x63, 0x6d, 0x8b, 0x40, 0x69, 0x75, 0x6c, 0xcd, 0x5c, 0x2a, 0x7e, 0x32, 0x7b, 0x29}} ,
+ {{0x02, 0xcc, 0x22, 0x74, 0x4d, 0x19, 0x07, 0xc0, 0xda, 0xb5, 0x76, 0x51, 0x2a, 0xaa, 0xa6, 0x0a, 0x5f, 0x26, 0xd4, 0xbc, 0xaf, 0x48, 0x88, 0x7f, 0x02, 0xbc, 0xf2, 0xe1, 0xcf, 0xe9, 0xdd, 0x15}}},
+{{{0xed, 0xb5, 0x9a, 0x8c, 0x9a, 0xdd, 0x27, 0xf4, 0x7f, 0x47, 0xd9, 0x52, 0xa7, 0xcd, 0x65, 0xa5, 0x31, 0x22, 0xed, 0xa6, 0x63, 0x5b, 0x80, 0x4a, 0xad, 0x4d, 0xed, 0xbf, 0xee, 0x49, 0xb3, 0x06}} ,
+ {{0xf8, 0x64, 0x8b, 0x60, 0x90, 0xe9, 0xde, 0x44, 0x77, 0xb9, 0x07, 0x36, 0x32, 0xc2, 0x50, 0xf5, 0x65, 0xdf, 0x48, 0x4c, 0x37, 0xaa, 0x68, 0xab, 0x9a, 0x1f, 0x3e, 0xff, 0x89, 0x92, 0xa0, 0x07}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x7d, 0x4f, 0x9c, 0x19, 0xc0, 0x4a, 0x31, 0xec, 0xf9, 0xaa, 0xeb, 0xb2, 0x16, 0x9c, 0xa3, 0x66, 0x5f, 0xd1, 0xd4, 0xed, 0xb8, 0x92, 0x1c, 0xab, 0xda, 0xea, 0xd9, 0x57, 0xdf, 0x4c, 0x2a, 0x48}} ,
+ {{0x4b, 0xb0, 0x4e, 0x6e, 0x11, 0x3b, 0x51, 0xbd, 0x6a, 0xfd, 0xe4, 0x25, 0xa5, 0x5f, 0x11, 0x3f, 0x98, 0x92, 0x51, 0x14, 0xc6, 0x5f, 0x3c, 0x0b, 0xa8, 0xf7, 0xc2, 0x81, 0x43, 0xde, 0x91, 0x73}}},
+{{{0x3c, 0x8f, 0x9f, 0x33, 0x2a, 0x1f, 0x43, 0x33, 0x8f, 0x68, 0xff, 0x1f, 0x3d, 0x73, 0x6b, 0xbf, 0x68, 0xcc, 0x7d, 0x13, 0x6c, 0x24, 0x4b, 0xcc, 0x4d, 0x24, 0x0d, 0xfe, 0xde, 0x86, 0xad, 0x3b}} ,
+ {{0x79, 0x51, 0x81, 0x01, 0xdc, 0x73, 0x53, 0xe0, 0x6e, 0x9b, 0xea, 0x68, 0x3f, 0x5c, 0x14, 0x84, 0x53, 0x8d, 0x4b, 0xc0, 0x9f, 0x9f, 0x89, 0x2b, 0x8c, 0xba, 0x86, 0xfa, 0xf2, 0xcd, 0xe3, 0x2d}}},
+{{{0x06, 0xf9, 0x29, 0x5a, 0xdb, 0x3d, 0x84, 0x52, 0xab, 0xcc, 0x6b, 0x60, 0x9d, 0xb7, 0x4a, 0x0e, 0x36, 0x63, 0x91, 0xad, 0xa0, 0x95, 0xb0, 0x97, 0x89, 0x4e, 0xcf, 0x7d, 0x3c, 0xe5, 0x7c, 0x28}} ,
+ {{0x2e, 0x69, 0x98, 0xfd, 0xc6, 0xbd, 0xcc, 0xca, 0xdf, 0x9a, 0x44, 0x7e, 0x9d, 0xca, 0x89, 0x6d, 0xbf, 0x27, 0xc2, 0xf8, 0xcd, 0x46, 0x00, 0x2b, 0xb5, 0x58, 0x4e, 0xb7, 0x89, 0x09, 0xe9, 0x2d}}},
+{{{0x54, 0xbe, 0x75, 0xcb, 0x05, 0xb0, 0x54, 0xb7, 0xe7, 0x26, 0x86, 0x4a, 0xfc, 0x19, 0xcf, 0x27, 0x46, 0xd4, 0x22, 0x96, 0x5a, 0x11, 0xe8, 0xd5, 0x1b, 0xed, 0x71, 0xc5, 0x5d, 0xc8, 0xaf, 0x45}} ,
+ {{0x40, 0x7b, 0x77, 0x57, 0x49, 0x9e, 0x80, 0x39, 0x23, 0xee, 0x81, 0x0b, 0x22, 0xcf, 0xdb, 0x7a, 0x2f, 0x14, 0xb8, 0x57, 0x8f, 0xa1, 0x39, 0x1e, 0x77, 0xfc, 0x0b, 0xa6, 0xbf, 0x8a, 0x0c, 0x6c}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x77, 0x3a, 0xd4, 0xd8, 0x27, 0xcf, 0xe8, 0xa1, 0x72, 0x9d, 0xca, 0xdd, 0x0d, 0x96, 0xda, 0x79, 0xed, 0x56, 0x42, 0x15, 0x60, 0xc7, 0x1c, 0x6b, 0x26, 0x30, 0xf6, 0x6a, 0x95, 0x67, 0xf3, 0x0a}} ,
+ {{0xc5, 0x08, 0xa4, 0x2b, 0x2f, 0xbd, 0x31, 0x81, 0x2a, 0xa6, 0xb6, 0xe4, 0x00, 0x91, 0xda, 0x3d, 0xb2, 0xb0, 0x96, 0xce, 0x8a, 0xd2, 0x8d, 0x70, 0xb3, 0xd3, 0x34, 0x01, 0x90, 0x8d, 0x10, 0x21}}},
+{{{0x33, 0x0d, 0xe7, 0xba, 0x4f, 0x07, 0xdf, 0x8d, 0xea, 0x7d, 0xa0, 0xc5, 0xd6, 0xb1, 0xb0, 0xe5, 0x57, 0x1b, 0x5b, 0xf5, 0x45, 0x13, 0x14, 0x64, 0x5a, 0xeb, 0x5c, 0xfc, 0x54, 0x01, 0x76, 0x2b}} ,
+ {{0x02, 0x0c, 0xc2, 0xaf, 0x96, 0x36, 0xfe, 0x4a, 0xe2, 0x54, 0x20, 0x6a, 0xeb, 0xb2, 0x9f, 0x62, 0xd7, 0xce, 0xa2, 0x3f, 0x20, 0x11, 0x34, 0x37, 0xe0, 0x42, 0xed, 0x6f, 0xf9, 0x1a, 0xc8, 0x7d}}},
+{{{0xd8, 0xb9, 0x11, 0xe8, 0x36, 0x3f, 0x42, 0xc1, 0xca, 0xdc, 0xd3, 0xf1, 0xc8, 0x23, 0x3d, 0x4f, 0x51, 0x7b, 0x9d, 0x8d, 0xd8, 0xe4, 0xa0, 0xaa, 0xf3, 0x04, 0xd6, 0x11, 0x93, 0xc8, 0x35, 0x45}} ,
+ {{0x61, 0x36, 0xd6, 0x08, 0x90, 0xbf, 0xa7, 0x7a, 0x97, 0x6c, 0x0f, 0x84, 0xd5, 0x33, 0x2d, 0x37, 0xc9, 0x6a, 0x80, 0x90, 0x3d, 0x0a, 0xa2, 0xaa, 0xe1, 0xb8, 0x84, 0xba, 0x61, 0x36, 0xdd, 0x69}}},
+{{{0x6b, 0xdb, 0x5b, 0x9c, 0xc6, 0x92, 0xbc, 0x23, 0xaf, 0xc5, 0xb8, 0x75, 0xf8, 0x42, 0xfa, 0xd6, 0xb6, 0x84, 0x94, 0x63, 0x98, 0x93, 0x48, 0x78, 0x38, 0xcd, 0xbb, 0x18, 0x34, 0xc3, 0xdb, 0x67}} ,
+ {{0x96, 0xf3, 0x3a, 0x09, 0x56, 0xb0, 0x6f, 0x7c, 0x51, 0x1e, 0x1b, 0x39, 0x48, 0xea, 0xc9, 0x0c, 0x25, 0xa2, 0x7a, 0xca, 0xe7, 0x92, 0xfc, 0x59, 0x30, 0xa3, 0x89, 0x85, 0xdf, 0x6f, 0x43, 0x38}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x79, 0x84, 0x44, 0x19, 0xbd, 0xe9, 0x54, 0xc4, 0xc0, 0x6e, 0x2a, 0xa8, 0xa8, 0x9b, 0x43, 0xd5, 0x71, 0x22, 0x5f, 0xdc, 0x01, 0xfa, 0xdf, 0xb3, 0xb8, 0x47, 0x4b, 0x0a, 0xa5, 0x44, 0xea, 0x29}} ,
+ {{0x05, 0x90, 0x50, 0xaf, 0x63, 0x5f, 0x9d, 0x9e, 0xe1, 0x9d, 0x38, 0x97, 0x1f, 0x6c, 0xac, 0x30, 0x46, 0xb2, 0x6a, 0x19, 0xd1, 0x4b, 0xdb, 0xbb, 0x8c, 0xda, 0x2e, 0xab, 0xc8, 0x5a, 0x77, 0x6c}}},
+{{{0x2b, 0xbe, 0xaf, 0xa1, 0x6d, 0x2f, 0x0b, 0xb1, 0x8f, 0xe3, 0xe0, 0x38, 0xcd, 0x0b, 0x41, 0x1b, 0x4a, 0x15, 0x07, 0xf3, 0x6f, 0xdc, 0xb8, 0xe9, 0xde, 0xb2, 0xa3, 0x40, 0x01, 0xa6, 0x45, 0x1e}} ,
+ {{0x76, 0x0a, 0xda, 0x8d, 0x2c, 0x07, 0x3f, 0x89, 0x7d, 0x04, 0xad, 0x43, 0x50, 0x6e, 0xd2, 0x47, 0xcb, 0x8a, 0xe6, 0x85, 0x1a, 0x24, 0xf3, 0xd2, 0x60, 0xfd, 0xdf, 0x73, 0xa4, 0x0d, 0x73, 0x0e}}},
+{{{0xfd, 0x67, 0x6b, 0x71, 0x9b, 0x81, 0x53, 0x39, 0x39, 0xf4, 0xb8, 0xd5, 0xc3, 0x30, 0x9b, 0x3b, 0x7c, 0xa3, 0xf0, 0xd0, 0x84, 0x21, 0xd6, 0xbf, 0xb7, 0x4c, 0x87, 0x13, 0x45, 0x2d, 0xa7, 0x55}} ,
+ {{0x5d, 0x04, 0xb3, 0x40, 0x28, 0x95, 0x2d, 0x30, 0x83, 0xec, 0x5e, 0xe4, 0xff, 0x75, 0xfe, 0x79, 0x26, 0x9d, 0x1d, 0x36, 0xcd, 0x0a, 0x15, 0xd2, 0x24, 0x14, 0x77, 0x71, 0xd7, 0x8a, 0x1b, 0x04}}},
+{{{0x5d, 0x93, 0xc9, 0xbe, 0xaa, 0x90, 0xcd, 0x9b, 0xfb, 0x73, 0x7e, 0xb0, 0x64, 0x98, 0x57, 0x44, 0x42, 0x41, 0xb1, 0xaf, 0xea, 0xc1, 0xc3, 0x22, 0xff, 0x60, 0x46, 0xcb, 0x61, 0x81, 0x70, 0x61}} ,
+ {{0x0d, 0x82, 0xb9, 0xfe, 0x21, 0xcd, 0xc4, 0xf5, 0x98, 0x0c, 0x4e, 0x72, 0xee, 0x87, 0x49, 0xf8, 0xa1, 0x95, 0xdf, 0x8f, 0x2d, 0xbd, 0x21, 0x06, 0x7c, 0x15, 0xe8, 0x12, 0x6d, 0x93, 0xd6, 0x38}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x91, 0xf7, 0x51, 0xd9, 0xef, 0x7d, 0x42, 0x01, 0x13, 0xe9, 0xb8, 0x7f, 0xa6, 0x49, 0x17, 0x64, 0x21, 0x80, 0x83, 0x2c, 0x63, 0x4c, 0x60, 0x09, 0x59, 0x91, 0x92, 0x77, 0x39, 0x51, 0xf4, 0x48}} ,
+ {{0x60, 0xd5, 0x22, 0x83, 0x08, 0x2f, 0xff, 0x99, 0x3e, 0x69, 0x6d, 0x88, 0xda, 0xe7, 0x5b, 0x52, 0x26, 0x31, 0x2a, 0xe5, 0x89, 0xde, 0x68, 0x90, 0xb6, 0x22, 0x5a, 0xbd, 0xd3, 0x85, 0x53, 0x31}}},
+{{{0xd8, 0xce, 0xdc, 0xf9, 0x3c, 0x4b, 0xa2, 0x1d, 0x2c, 0x2f, 0x36, 0xbe, 0x7a, 0xfc, 0xcd, 0xbc, 0xdc, 0xf9, 0x30, 0xbd, 0xff, 0x05, 0xc7, 0xe4, 0x8e, 0x17, 0x62, 0xf8, 0x4d, 0xa0, 0x56, 0x79}} ,
+ {{0x82, 0xe7, 0xf6, 0xba, 0x53, 0x84, 0x0a, 0xa3, 0x34, 0xff, 0x3c, 0xa3, 0x6a, 0xa1, 0x37, 0xea, 0xdd, 0xb6, 0x95, 0xb3, 0x78, 0x19, 0x76, 0x1e, 0x55, 0x2f, 0x77, 0x2e, 0x7f, 0xc1, 0xea, 0x5e}}},
+{{{0x83, 0xe1, 0x6e, 0xa9, 0x07, 0x33, 0x3e, 0x83, 0xff, 0xcb, 0x1c, 0x9f, 0xb1, 0xa3, 0xb4, 0xc9, 0xe1, 0x07, 0x97, 0xff, 0xf8, 0x23, 0x8f, 0xce, 0x40, 0xfd, 0x2e, 0x5e, 0xdb, 0x16, 0x43, 0x2d}} ,
+ {{0xba, 0x38, 0x02, 0xf7, 0x81, 0x43, 0x83, 0xa3, 0x20, 0x4f, 0x01, 0x3b, 0x8a, 0x04, 0x38, 0x31, 0xc6, 0x0f, 0xc8, 0xdf, 0xd7, 0xfa, 0x2f, 0x88, 0x3f, 0xfc, 0x0c, 0x76, 0xc4, 0xa6, 0x45, 0x72}}},
+{{{0xbb, 0x0c, 0xbc, 0x6a, 0xa4, 0x97, 0x17, 0x93, 0x2d, 0x6f, 0xde, 0x72, 0x10, 0x1c, 0x08, 0x2c, 0x0f, 0x80, 0x32, 0x68, 0x27, 0xd4, 0xab, 0xdd, 0xc5, 0x58, 0x61, 0x13, 0x6d, 0x11, 0x1e, 0x4d}} ,
+ {{0x1a, 0xb9, 0xc9, 0x10, 0xfb, 0x1e, 0x4e, 0xf4, 0x84, 0x4b, 0x8a, 0x5e, 0x7b, 0x4b, 0xe8, 0x43, 0x8c, 0x8f, 0x00, 0xb5, 0x54, 0x13, 0xc5, 0x5c, 0xb6, 0x35, 0x4e, 0x9d, 0xe4, 0x5b, 0x41, 0x6d}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x15, 0x7d, 0x12, 0x48, 0x82, 0x14, 0x42, 0xcd, 0x32, 0xd4, 0x4b, 0xc1, 0x72, 0x61, 0x2a, 0x8c, 0xec, 0xe2, 0xf8, 0x24, 0x45, 0x94, 0xe3, 0xbe, 0xdd, 0x67, 0xa8, 0x77, 0x5a, 0xae, 0x5b, 0x4b}} ,
+ {{0xcb, 0x77, 0x9a, 0x20, 0xde, 0xb8, 0x23, 0xd9, 0xa0, 0x0f, 0x8c, 0x7b, 0xa5, 0xcb, 0xae, 0xb6, 0xec, 0x42, 0x67, 0x0e, 0x58, 0xa4, 0x75, 0x98, 0x21, 0x71, 0x84, 0xb3, 0xe0, 0x76, 0x94, 0x73}}},
+{{{0xdf, 0xfc, 0x69, 0x28, 0x23, 0x3f, 0x5b, 0xf8, 0x3b, 0x24, 0x37, 0xf3, 0x1d, 0xd5, 0x22, 0x6b, 0xd0, 0x98, 0xa8, 0x6c, 0xcf, 0xff, 0x06, 0xe1, 0x13, 0xdf, 0xb9, 0xc1, 0x0c, 0xa9, 0xbf, 0x33}} ,
+ {{0xd9, 0x81, 0xda, 0xb2, 0x4f, 0x82, 0x9d, 0x43, 0x81, 0x09, 0xf1, 0xd2, 0x01, 0xef, 0xac, 0xf4, 0x2d, 0x7d, 0x01, 0x09, 0xf1, 0xff, 0xa5, 0x9f, 0xe5, 0xca, 0x27, 0x63, 0xdb, 0x20, 0xb1, 0x53}}},
+{{{0x67, 0x02, 0xe8, 0xad, 0xa9, 0x34, 0xd4, 0xf0, 0x15, 0x81, 0xaa, 0xc7, 0x4d, 0x87, 0x94, 0xea, 0x75, 0xe7, 0x4c, 0x94, 0x04, 0x0e, 0x69, 0x87, 0xe7, 0x51, 0x91, 0x10, 0x03, 0xc7, 0xbe, 0x56}} ,
+ {{0x32, 0xfb, 0x86, 0xec, 0x33, 0x6b, 0x2e, 0x51, 0x2b, 0xc8, 0xfa, 0x6c, 0x70, 0x47, 0x7e, 0xce, 0x05, 0x0c, 0x71, 0xf3, 0xb4, 0x56, 0xa6, 0xdc, 0xcc, 0x78, 0x07, 0x75, 0xd0, 0xdd, 0xb2, 0x6a}}},
+{{{0xc6, 0xef, 0xb9, 0xc0, 0x2b, 0x22, 0x08, 0x1e, 0x71, 0x70, 0xb3, 0x35, 0x9c, 0x7a, 0x01, 0x92, 0x44, 0x9a, 0xf6, 0xb0, 0x58, 0x95, 0xc1, 0x9b, 0x02, 0xed, 0x2d, 0x7c, 0x34, 0x29, 0x49, 0x44}} ,
+ {{0x45, 0x62, 0x1d, 0x2e, 0xff, 0x2a, 0x1c, 0x21, 0xa4, 0x25, 0x7b, 0x0d, 0x8c, 0x15, 0x39, 0xfc, 0x8f, 0x7c, 0xa5, 0x7d, 0x1e, 0x25, 0xa3, 0x45, 0xd6, 0xab, 0xbd, 0xcb, 0xc5, 0x5e, 0x78, 0x77}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xd0, 0xd3, 0x42, 0xed, 0x1d, 0x00, 0x3c, 0x15, 0x2c, 0x9c, 0x77, 0x81, 0xd2, 0x73, 0xd1, 0x06, 0xd5, 0xc4, 0x7f, 0x94, 0xbb, 0x92, 0x2d, 0x2c, 0x4b, 0x45, 0x4b, 0xe9, 0x2a, 0x89, 0x6b, 0x2b}} ,
+ {{0xd2, 0x0c, 0x88, 0xc5, 0x48, 0x4d, 0xea, 0x0d, 0x4a, 0xc9, 0x52, 0x6a, 0x61, 0x79, 0xe9, 0x76, 0xf3, 0x85, 0x52, 0x5c, 0x1b, 0x2c, 0xe1, 0xd6, 0xc4, 0x0f, 0x18, 0x0e, 0x4e, 0xf6, 0x1c, 0x7f}}},
+{{{0xb4, 0x04, 0x2e, 0x42, 0xcb, 0x1f, 0x2b, 0x11, 0x51, 0x7b, 0x08, 0xac, 0xaa, 0x3e, 0x9e, 0x52, 0x60, 0xb7, 0xc2, 0x61, 0x57, 0x8c, 0x84, 0xd5, 0x18, 0xa6, 0x19, 0xfc, 0xb7, 0x75, 0x91, 0x1b}} ,
+ {{0xe8, 0x68, 0xca, 0x44, 0xc8, 0x38, 0x38, 0xcc, 0x53, 0x0a, 0x32, 0x35, 0xcc, 0x52, 0xcb, 0x0e, 0xf7, 0xc5, 0xe7, 0xec, 0x3d, 0x85, 0xcc, 0x58, 0xe2, 0x17, 0x47, 0xff, 0x9f, 0xa5, 0x30, 0x17}}},
+{{{0xe3, 0xae, 0xc8, 0xc1, 0x71, 0x75, 0x31, 0x00, 0x37, 0x41, 0x5c, 0x0e, 0x39, 0xda, 0x73, 0xa0, 0xc7, 0x97, 0x36, 0x6c, 0x5b, 0xf2, 0xee, 0x64, 0x0a, 0x3d, 0x89, 0x1e, 0x1d, 0x49, 0x8c, 0x37}} ,
+ {{0x4c, 0xe6, 0xb0, 0xc1, 0xa5, 0x2a, 0x82, 0x09, 0x08, 0xad, 0x79, 0x9c, 0x56, 0xf6, 0xf9, 0xc1, 0xd7, 0x7c, 0x39, 0x7f, 0x93, 0xca, 0x11, 0x55, 0xbf, 0x07, 0x1b, 0x82, 0x29, 0x69, 0x95, 0x5c}}},
+{{{0x87, 0xee, 0xa6, 0x56, 0x9e, 0xc2, 0x9a, 0x56, 0x24, 0x42, 0x85, 0x4d, 0x98, 0x31, 0x1e, 0x60, 0x4d, 0x87, 0x85, 0x04, 0xae, 0x46, 0x12, 0xf9, 0x8e, 0x7f, 0xe4, 0x7f, 0xf6, 0x1c, 0x37, 0x01}} ,
+ {{0x73, 0x4c, 0xb6, 0xc5, 0xc4, 0xe9, 0x6c, 0x85, 0x48, 0x4a, 0x5a, 0xac, 0xd9, 0x1f, 0x43, 0xf8, 0x62, 0x5b, 0xee, 0x98, 0x2a, 0x33, 0x8e, 0x79, 0xce, 0x61, 0x06, 0x35, 0xd8, 0xd7, 0xca, 0x71}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x72, 0xd3, 0xae, 0xa6, 0xca, 0x8f, 0xcd, 0xcc, 0x78, 0x8e, 0x19, 0x4d, 0xa7, 0xd2, 0x27, 0xe9, 0xa4, 0x3c, 0x16, 0x5b, 0x84, 0x80, 0xf9, 0xd0, 0xcc, 0x6a, 0x1e, 0xca, 0x1e, 0x67, 0xbd, 0x63}} ,
+ {{0x7b, 0x6e, 0x2a, 0xd2, 0x87, 0x48, 0xff, 0xa1, 0xca, 0xe9, 0x15, 0x85, 0xdc, 0xdb, 0x2c, 0x39, 0x12, 0x91, 0xa9, 0x20, 0xaa, 0x4f, 0x29, 0xf4, 0x15, 0x7a, 0xd2, 0xf5, 0x32, 0xcc, 0x60, 0x04}}},
+{{{0xe5, 0x10, 0x47, 0x3b, 0xfa, 0x90, 0xfc, 0x30, 0xb5, 0xea, 0x6f, 0x56, 0x8f, 0xfb, 0x0e, 0xa7, 0x3b, 0xc8, 0xb2, 0xff, 0x02, 0x7a, 0x33, 0x94, 0x93, 0x2a, 0x03, 0xe0, 0x96, 0x3a, 0x6c, 0x0f}} ,
+ {{0x5a, 0x63, 0x67, 0xe1, 0x9b, 0x47, 0x78, 0x9f, 0x38, 0x79, 0xac, 0x97, 0x66, 0x1d, 0x5e, 0x51, 0xee, 0x24, 0x42, 0xe8, 0x58, 0x4b, 0x8a, 0x03, 0x75, 0x86, 0x37, 0x86, 0xe2, 0x97, 0x4e, 0x3d}}},
+{{{0x3f, 0x75, 0x8e, 0xb4, 0xff, 0xd8, 0xdd, 0xd6, 0x37, 0x57, 0x9d, 0x6d, 0x3b, 0xbd, 0xd5, 0x60, 0x88, 0x65, 0x9a, 0xb9, 0x4a, 0x68, 0x84, 0xa2, 0x67, 0xdd, 0x17, 0x25, 0x97, 0x04, 0x8b, 0x5e}} ,
+ {{0xbb, 0x40, 0x5e, 0xbc, 0x16, 0x92, 0x05, 0xc4, 0xc0, 0x4e, 0x72, 0x90, 0x0e, 0xab, 0xcf, 0x8a, 0xed, 0xef, 0xb9, 0x2d, 0x3b, 0xf8, 0x43, 0x5b, 0xba, 0x2d, 0xeb, 0x2f, 0x52, 0xd2, 0xd1, 0x5a}}},
+{{{0x40, 0xb4, 0xab, 0xe6, 0xad, 0x9f, 0x46, 0x69, 0x4a, 0xb3, 0x8e, 0xaa, 0xea, 0x9c, 0x8a, 0x20, 0x16, 0x5d, 0x8c, 0x13, 0xbd, 0xf6, 0x1d, 0xc5, 0x24, 0xbd, 0x90, 0x2a, 0x1c, 0xc7, 0x13, 0x3b}} ,
+ {{0x54, 0xdc, 0x16, 0x0d, 0x18, 0xbe, 0x35, 0x64, 0x61, 0x52, 0x02, 0x80, 0xaf, 0x05, 0xf7, 0xa6, 0x42, 0xd3, 0x8f, 0x2e, 0x79, 0x26, 0xa8, 0xbb, 0xb2, 0x17, 0x48, 0xb2, 0x7a, 0x0a, 0x89, 0x14}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x20, 0xa8, 0x88, 0xe3, 0x91, 0xc0, 0x6e, 0xbb, 0x8a, 0x27, 0x82, 0x51, 0x83, 0xb2, 0x28, 0xa9, 0x83, 0xeb, 0xa6, 0xa9, 0x4d, 0x17, 0x59, 0x22, 0x54, 0x00, 0x50, 0x45, 0xcb, 0x48, 0x4b, 0x18}} ,
+ {{0x33, 0x7c, 0xe7, 0x26, 0xba, 0x4d, 0x32, 0xfe, 0x53, 0xf4, 0xfa, 0x83, 0xe3, 0xa5, 0x79, 0x66, 0x73, 0xef, 0x80, 0x23, 0x68, 0xc2, 0x60, 0xdd, 0xa9, 0x33, 0xdc, 0x03, 0x7a, 0xe0, 0xe0, 0x3e}}},
+{{{0x34, 0x5c, 0x13, 0xfb, 0xc0, 0xe3, 0x78, 0x2b, 0x54, 0x58, 0x22, 0x9b, 0x76, 0x81, 0x7f, 0x93, 0x9c, 0x25, 0x3c, 0xd2, 0xe9, 0x96, 0x21, 0x26, 0x08, 0xf5, 0xed, 0x95, 0x11, 0xae, 0x04, 0x5a}} ,
+ {{0xb9, 0xe8, 0xc5, 0x12, 0x97, 0x1f, 0x83, 0xfe, 0x3e, 0x94, 0x99, 0xd4, 0x2d, 0xf9, 0x52, 0x59, 0x5c, 0x82, 0xa6, 0xf0, 0x75, 0x7e, 0xe8, 0xec, 0xcc, 0xac, 0x18, 0x21, 0x09, 0x67, 0x66, 0x67}}},
+{{{0xb3, 0x40, 0x29, 0xd1, 0xcb, 0x1b, 0x08, 0x9e, 0x9c, 0xb7, 0x53, 0xb9, 0x3b, 0x71, 0x08, 0x95, 0x12, 0x1a, 0x58, 0xaf, 0x7e, 0x82, 0x52, 0x43, 0x4f, 0x11, 0x39, 0xf4, 0x93, 0x1a, 0x26, 0x05}} ,
+ {{0x6e, 0x44, 0xa3, 0xf9, 0x64, 0xaf, 0xe7, 0x6d, 0x7d, 0xdf, 0x1e, 0xac, 0x04, 0xea, 0x3b, 0x5f, 0x9b, 0xe8, 0x24, 0x9d, 0x0e, 0xe5, 0x2e, 0x3e, 0xdf, 0xa9, 0xf7, 0xd4, 0x50, 0x71, 0xf0, 0x78}}},
+{{{0x3e, 0xa8, 0x38, 0xc2, 0x57, 0x56, 0x42, 0x9a, 0xb1, 0xe2, 0xf8, 0x45, 0xaa, 0x11, 0x48, 0x5f, 0x17, 0xc4, 0x54, 0x27, 0xdc, 0x5d, 0xaa, 0xdd, 0x41, 0xbc, 0xdf, 0x81, 0xb9, 0x53, 0xee, 0x52}} ,
+ {{0xc3, 0xf1, 0xa7, 0x6d, 0xb3, 0x5f, 0x92, 0x6f, 0xcc, 0x91, 0xb8, 0x95, 0x05, 0xdf, 0x3c, 0x64, 0x57, 0x39, 0x61, 0x51, 0xad, 0x8c, 0x38, 0x7b, 0xc8, 0xde, 0x00, 0x34, 0xbe, 0xa1, 0xb0, 0x7e}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x25, 0x24, 0x1d, 0x8a, 0x67, 0x20, 0xee, 0x42, 0xeb, 0x38, 0xed, 0x0b, 0x8b, 0xcd, 0x46, 0x9d, 0x5e, 0x6b, 0x1e, 0x24, 0x9d, 0x12, 0x05, 0x1a, 0xcc, 0x05, 0x4e, 0x92, 0x38, 0xe1, 0x1f, 0x50}} ,
+ {{0x4e, 0xee, 0x1c, 0x91, 0xe6, 0x11, 0xbd, 0x8e, 0x55, 0x1a, 0x18, 0x75, 0x66, 0xaf, 0x4d, 0x7b, 0x0f, 0xae, 0x6d, 0x85, 0xca, 0x82, 0x58, 0x21, 0x9c, 0x18, 0xe0, 0xed, 0xec, 0x22, 0x80, 0x2f}}},
+{{{0x68, 0x3b, 0x0a, 0x39, 0x1d, 0x6a, 0x15, 0x57, 0xfc, 0xf0, 0x63, 0x54, 0xdb, 0x39, 0xdb, 0xe8, 0x5c, 0x64, 0xff, 0xa0, 0x09, 0x4f, 0x3b, 0xb7, 0x32, 0x60, 0x99, 0x94, 0xfd, 0x94, 0x82, 0x2d}} ,
+ {{0x24, 0xf6, 0x5a, 0x44, 0xf1, 0x55, 0x2c, 0xdb, 0xea, 0x7c, 0x84, 0x7c, 0x01, 0xac, 0xe3, 0xfd, 0xc9, 0x27, 0xc1, 0x5a, 0xb9, 0xde, 0x4f, 0x5a, 0x90, 0xdd, 0xc6, 0x67, 0xaa, 0x6f, 0x8a, 0x3a}}},
+{{{0x78, 0x52, 0x87, 0xc9, 0x97, 0x63, 0xb1, 0xdd, 0x54, 0x5f, 0xc1, 0xf8, 0xf1, 0x06, 0xa6, 0xa8, 0xa3, 0x88, 0x82, 0xd4, 0xcb, 0xa6, 0x19, 0xdd, 0xd1, 0x11, 0x87, 0x08, 0x17, 0x4c, 0x37, 0x2a}} ,
+ {{0xa1, 0x0c, 0xf3, 0x08, 0x43, 0xd9, 0x24, 0x1e, 0x83, 0xa7, 0xdf, 0x91, 0xca, 0xbd, 0x69, 0x47, 0x8d, 0x1b, 0xe2, 0xb9, 0x4e, 0xb5, 0xe1, 0x76, 0xb3, 0x1c, 0x93, 0x03, 0xce, 0x5f, 0xb3, 0x5a}}},
+{{{0x1d, 0xda, 0xe4, 0x61, 0x03, 0x50, 0xa9, 0x8b, 0x68, 0x18, 0xef, 0xb2, 0x1c, 0x84, 0x3b, 0xa2, 0x44, 0x95, 0xa3, 0x04, 0x3b, 0xd6, 0x99, 0x00, 0xaf, 0x76, 0x42, 0x67, 0x02, 0x7d, 0x85, 0x56}} ,
+ {{0xce, 0x72, 0x0e, 0x29, 0x84, 0xb2, 0x7d, 0xd2, 0x45, 0xbe, 0x57, 0x06, 0xed, 0x7f, 0xcf, 0xed, 0xcd, 0xef, 0x19, 0xd6, 0xbc, 0x15, 0x79, 0x64, 0xd2, 0x18, 0xe3, 0x20, 0x67, 0x3a, 0x54, 0x0b}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x52, 0xfd, 0x04, 0xc5, 0xfb, 0x99, 0xe7, 0xe8, 0xfb, 0x8c, 0xe1, 0x42, 0x03, 0xef, 0x9d, 0xd9, 0x9e, 0x4d, 0xf7, 0x80, 0xcf, 0x2e, 0xcc, 0x9b, 0x45, 0xc9, 0x7b, 0x7a, 0xbc, 0x37, 0xa8, 0x52}} ,
+ {{0x96, 0x11, 0x41, 0x8a, 0x47, 0x91, 0xfe, 0xb6, 0xda, 0x7a, 0x54, 0x63, 0xd1, 0x14, 0x35, 0x05, 0x86, 0x8c, 0xa9, 0x36, 0x3f, 0xf2, 0x85, 0x54, 0x4e, 0x92, 0xd8, 0x85, 0x01, 0x46, 0xd6, 0x50}}},
+{{{0x53, 0xcd, 0xf3, 0x86, 0x40, 0xe6, 0x39, 0x42, 0x95, 0xd6, 0xcb, 0x45, 0x1a, 0x20, 0xc8, 0x45, 0x4b, 0x32, 0x69, 0x04, 0xb1, 0xaf, 0x20, 0x46, 0xc7, 0x6b, 0x23, 0x5b, 0x69, 0xee, 0x30, 0x3f}} ,
+ {{0x70, 0x83, 0x47, 0xc0, 0xdb, 0x55, 0x08, 0xa8, 0x7b, 0x18, 0x6d, 0xf5, 0x04, 0x5a, 0x20, 0x0c, 0x4a, 0x8c, 0x60, 0xae, 0xae, 0x0f, 0x64, 0x55, 0x55, 0x2e, 0xd5, 0x1d, 0x53, 0x31, 0x42, 0x41}}},
+{{{0xca, 0xfc, 0x88, 0x6b, 0x96, 0x78, 0x0a, 0x8b, 0x83, 0xdc, 0xbc, 0xaf, 0x40, 0xb6, 0x8d, 0x7f, 0xef, 0xb4, 0xd1, 0x3f, 0xcc, 0xa2, 0x74, 0xc9, 0xc2, 0x92, 0x55, 0x00, 0xab, 0xdb, 0xbf, 0x4f}} ,
+ {{0x93, 0x1c, 0x06, 0x2d, 0x66, 0x65, 0x02, 0xa4, 0x97, 0x18, 0xfd, 0x00, 0xe7, 0xab, 0x03, 0xec, 0xce, 0xc1, 0xbf, 0x37, 0xf8, 0x13, 0x53, 0xa5, 0xe5, 0x0c, 0x3a, 0xa8, 0x55, 0xb9, 0xff, 0x68}}},
+{{{0xe4, 0xe6, 0x6d, 0x30, 0x7d, 0x30, 0x35, 0xc2, 0x78, 0x87, 0xf9, 0xfc, 0x6b, 0x5a, 0xc3, 0xb7, 0x65, 0xd8, 0x2e, 0xc7, 0xa5, 0x0c, 0xc6, 0xdc, 0x12, 0xaa, 0xd6, 0x4f, 0xc5, 0x38, 0xbc, 0x0e}} ,
+ {{0xe2, 0x3c, 0x76, 0x86, 0x38, 0xf2, 0x7b, 0x2c, 0x16, 0x78, 0x8d, 0xf5, 0xa4, 0x15, 0xda, 0xdb, 0x26, 0x85, 0xa0, 0x56, 0xdd, 0x1d, 0xe3, 0xb3, 0xfd, 0x40, 0xef, 0xf2, 0xd9, 0xa1, 0xb3, 0x04}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xdb, 0x49, 0x0e, 0xe6, 0x58, 0x10, 0x7a, 0x52, 0xda, 0xb5, 0x7d, 0x37, 0x6a, 0x3e, 0xa1, 0x78, 0xce, 0xc7, 0x1c, 0x24, 0x23, 0xdb, 0x7d, 0xfb, 0x8c, 0x8d, 0xdc, 0x30, 0x67, 0x69, 0x75, 0x3b}} ,
+ {{0xa9, 0xea, 0x6d, 0x16, 0x16, 0x60, 0xf4, 0x60, 0x87, 0x19, 0x44, 0x8c, 0x4a, 0x8b, 0x3e, 0xfb, 0x16, 0x00, 0x00, 0x54, 0xa6, 0x9e, 0x9f, 0xef, 0xcf, 0xd9, 0xd2, 0x4c, 0x74, 0x31, 0xd0, 0x34}}},
+{{{0xa4, 0xeb, 0x04, 0xa4, 0x8c, 0x8f, 0x71, 0x27, 0x95, 0x85, 0x5d, 0x55, 0x4b, 0xb1, 0x26, 0x26, 0xc8, 0xae, 0x6a, 0x7d, 0xa2, 0x21, 0xca, 0xce, 0x38, 0xab, 0x0f, 0xd0, 0xd5, 0x2b, 0x6b, 0x00}} ,
+ {{0xe5, 0x67, 0x0c, 0xf1, 0x3a, 0x9a, 0xea, 0x09, 0x39, 0xef, 0xd1, 0x30, 0xbc, 0x33, 0xba, 0xb1, 0x6a, 0xc5, 0x27, 0x08, 0x7f, 0x54, 0x80, 0x3d, 0xab, 0xf6, 0x15, 0x7a, 0xc2, 0x40, 0x73, 0x72}}},
+{{{0x84, 0x56, 0x82, 0xb6, 0x12, 0x70, 0x7f, 0xf7, 0xf0, 0xbd, 0x5b, 0xa9, 0xd5, 0xc5, 0x5f, 0x59, 0xbf, 0x7f, 0xb3, 0x55, 0x22, 0x02, 0xc9, 0x44, 0x55, 0x87, 0x8f, 0x96, 0x98, 0x64, 0x6d, 0x15}} ,
+ {{0xb0, 0x8b, 0xaa, 0x1e, 0xec, 0xc7, 0xa5, 0x8f, 0x1f, 0x92, 0x04, 0xc6, 0x05, 0xf6, 0xdf, 0xa1, 0xcc, 0x1f, 0x81, 0xf5, 0x0e, 0x9c, 0x57, 0xdc, 0xe3, 0xbb, 0x06, 0x87, 0x1e, 0xfe, 0x23, 0x6c}}},
+{{{0xd8, 0x2b, 0x5b, 0x16, 0xea, 0x20, 0xf1, 0xd3, 0x68, 0x8f, 0xae, 0x5b, 0xd0, 0xa9, 0x1a, 0x19, 0xa8, 0x36, 0xfb, 0x2b, 0x57, 0x88, 0x7d, 0x90, 0xd5, 0xa6, 0xf3, 0xdc, 0x38, 0x89, 0x4e, 0x1f}} ,
+ {{0xcc, 0x19, 0xda, 0x9b, 0x3b, 0x43, 0x48, 0x21, 0x2e, 0x23, 0x4d, 0x3d, 0xae, 0xf8, 0x8c, 0xfc, 0xdd, 0xa6, 0x74, 0x37, 0x65, 0xca, 0xee, 0x1a, 0x19, 0x8e, 0x9f, 0x64, 0x6f, 0x0c, 0x8b, 0x5a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x25, 0xb9, 0xc2, 0xf0, 0x72, 0xb8, 0x15, 0x16, 0xcc, 0x8d, 0x3c, 0x6f, 0x25, 0xed, 0xf4, 0x46, 0x2e, 0x0c, 0x60, 0x0f, 0xe2, 0x84, 0x34, 0x55, 0x89, 0x59, 0x34, 0x1b, 0xf5, 0x8d, 0xfe, 0x08}} ,
+ {{0xf8, 0xab, 0x93, 0xbc, 0x44, 0xba, 0x1b, 0x75, 0x4b, 0x49, 0x6f, 0xd0, 0x54, 0x2e, 0x63, 0xba, 0xb5, 0xea, 0xed, 0x32, 0x14, 0xc9, 0x94, 0xd8, 0xc5, 0xce, 0xf4, 0x10, 0x68, 0xe0, 0x38, 0x27}}},
+{{{0x74, 0x1c, 0x14, 0x9b, 0xd4, 0x64, 0x61, 0x71, 0x5a, 0xb6, 0x21, 0x33, 0x4f, 0xf7, 0x8e, 0xba, 0xa5, 0x48, 0x9a, 0xc7, 0xfa, 0x9a, 0xf0, 0xb4, 0x62, 0xad, 0xf2, 0x5e, 0xcc, 0x03, 0x24, 0x1a}} ,
+ {{0xf5, 0x76, 0xfd, 0xe4, 0xaf, 0xb9, 0x03, 0x59, 0xce, 0x63, 0xd2, 0x3b, 0x1f, 0xcd, 0x21, 0x0c, 0xad, 0x44, 0xa5, 0x97, 0xac, 0x80, 0x11, 0x02, 0x9b, 0x0c, 0xe5, 0x8b, 0xcd, 0xfb, 0x79, 0x77}}},
+{{{0x15, 0xbe, 0x9a, 0x0d, 0xba, 0x38, 0x72, 0x20, 0x8a, 0xf5, 0xbe, 0x59, 0x93, 0x79, 0xb7, 0xf6, 0x6a, 0x0c, 0x38, 0x27, 0x1a, 0x60, 0xf4, 0x86, 0x3b, 0xab, 0x5a, 0x00, 0xa0, 0xce, 0x21, 0x7d}} ,
+ {{0x6c, 0xba, 0x14, 0xc5, 0xea, 0x12, 0x9e, 0x2e, 0x82, 0x63, 0xce, 0x9b, 0x4a, 0xe7, 0x1d, 0xec, 0xf1, 0x2e, 0x51, 0x1c, 0xf4, 0xd0, 0x69, 0x15, 0x42, 0x9d, 0xa3, 0x3f, 0x0e, 0xbf, 0xe9, 0x5c}}},
+{{{0xe4, 0x0d, 0xf4, 0xbd, 0xee, 0x31, 0x10, 0xed, 0xcb, 0x12, 0x86, 0xad, 0xd4, 0x2f, 0x90, 0x37, 0x32, 0xc3, 0x0b, 0x73, 0xec, 0x97, 0x85, 0xa4, 0x01, 0x1c, 0x76, 0x35, 0xfe, 0x75, 0xdd, 0x71}} ,
+ {{0x11, 0xa4, 0x88, 0x9f, 0x3e, 0x53, 0x69, 0x3b, 0x1b, 0xe0, 0xf7, 0xba, 0x9b, 0xad, 0x4e, 0x81, 0x5f, 0xb5, 0x5c, 0xae, 0xbe, 0x67, 0x86, 0x37, 0x34, 0x8e, 0x07, 0x32, 0x45, 0x4a, 0x67, 0x39}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x90, 0x70, 0x58, 0x20, 0x03, 0x1e, 0x67, 0xb2, 0xc8, 0x9b, 0x58, 0xc5, 0xb1, 0xeb, 0x2d, 0x4a, 0xde, 0x82, 0x8c, 0xf2, 0xd2, 0x14, 0xb8, 0x70, 0x61, 0x4e, 0x73, 0xd6, 0x0b, 0x6b, 0x0d, 0x30}} ,
+ {{0x81, 0xfc, 0x55, 0x5c, 0xbf, 0xa7, 0xc4, 0xbd, 0xe2, 0xf0, 0x4b, 0x8f, 0xe9, 0x7d, 0x99, 0xfa, 0xd3, 0xab, 0xbc, 0xc7, 0x83, 0x2b, 0x04, 0x7f, 0x0c, 0x19, 0x43, 0x03, 0x3d, 0x07, 0xca, 0x40}}},
+{{{0xf9, 0xc8, 0xbe, 0x8c, 0x16, 0x81, 0x39, 0x96, 0xf6, 0x17, 0x58, 0xc8, 0x30, 0x58, 0xfb, 0xc2, 0x03, 0x45, 0xd2, 0x52, 0x76, 0xe0, 0x6a, 0x26, 0x28, 0x5c, 0x88, 0x59, 0x6a, 0x5a, 0x54, 0x42}} ,
+ {{0x07, 0xb5, 0x2e, 0x2c, 0x67, 0x15, 0x9b, 0xfb, 0x83, 0x69, 0x1e, 0x0f, 0xda, 0xd6, 0x29, 0xb1, 0x60, 0xe0, 0xb2, 0xba, 0x69, 0xa2, 0x9e, 0xbd, 0xbd, 0xe0, 0x1c, 0xbd, 0xcd, 0x06, 0x64, 0x70}}},
+{{{0x41, 0xfa, 0x8c, 0xe1, 0x89, 0x8f, 0x27, 0xc8, 0x25, 0x8f, 0x6f, 0x5f, 0x55, 0xf8, 0xde, 0x95, 0x6d, 0x2f, 0x75, 0x16, 0x2b, 0x4e, 0x44, 0xfd, 0x86, 0x6e, 0xe9, 0x70, 0x39, 0x76, 0x97, 0x7e}} ,
+ {{0x17, 0x62, 0x6b, 0x14, 0xa1, 0x7c, 0xd0, 0x79, 0x6e, 0xd8, 0x8a, 0xa5, 0x6d, 0x8c, 0x93, 0xd2, 0x3f, 0xec, 0x44, 0x8d, 0x6e, 0x91, 0x01, 0x8c, 0x8f, 0xee, 0x01, 0x8f, 0xc0, 0xb4, 0x85, 0x0e}}},
+{{{0x02, 0x3a, 0x70, 0x41, 0xe4, 0x11, 0x57, 0x23, 0xac, 0xe6, 0xfc, 0x54, 0x7e, 0xcd, 0xd7, 0x22, 0xcb, 0x76, 0x9f, 0x20, 0xce, 0xa0, 0x73, 0x76, 0x51, 0x3b, 0xa4, 0xf8, 0xe3, 0x62, 0x12, 0x6c}} ,
+ {{0x7f, 0x00, 0x9c, 0x26, 0x0d, 0x6f, 0x48, 0x7f, 0x3a, 0x01, 0xed, 0xc5, 0x96, 0xb0, 0x1f, 0x4f, 0xa8, 0x02, 0x62, 0x27, 0x8a, 0x50, 0x8d, 0x9a, 0x8b, 0x52, 0x0f, 0x1e, 0xcf, 0x41, 0x38, 0x19}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xf5, 0x6c, 0xd4, 0x2f, 0x0f, 0x69, 0x0f, 0x87, 0x3f, 0x61, 0x65, 0x1e, 0x35, 0x34, 0x85, 0xba, 0x02, 0x30, 0xac, 0x25, 0x3d, 0xe2, 0x62, 0xf1, 0xcc, 0xe9, 0x1b, 0xc2, 0xef, 0x6a, 0x42, 0x57}} ,
+ {{0x34, 0x1f, 0x2e, 0xac, 0xd1, 0xc7, 0x04, 0x52, 0x32, 0x66, 0xb2, 0x33, 0x73, 0x21, 0x34, 0x54, 0xf7, 0x71, 0xed, 0x06, 0xb0, 0xff, 0xa6, 0x59, 0x6f, 0x8a, 0x4e, 0xfb, 0x02, 0xb0, 0x45, 0x6b}}},
+{{{0xf5, 0x48, 0x0b, 0x03, 0xc5, 0x22, 0x7d, 0x80, 0x08, 0x53, 0xfe, 0x32, 0xb1, 0xa1, 0x8a, 0x74, 0x6f, 0xbd, 0x3f, 0x85, 0xf4, 0xcf, 0xf5, 0x60, 0xaf, 0x41, 0x7e, 0x3e, 0x46, 0xa3, 0x5a, 0x20}} ,
+ {{0xaa, 0x35, 0x87, 0x44, 0x63, 0x66, 0x97, 0xf8, 0x6e, 0x55, 0x0c, 0x04, 0x3e, 0x35, 0x50, 0xbf, 0x93, 0x69, 0xd2, 0x8b, 0x05, 0x55, 0x99, 0xbe, 0xe2, 0x53, 0x61, 0xec, 0xe8, 0x08, 0x0b, 0x32}}},
+{{{0xb3, 0x10, 0x45, 0x02, 0x69, 0x59, 0x2e, 0x97, 0xd9, 0x64, 0xf8, 0xdb, 0x25, 0x80, 0xdc, 0xc4, 0xd5, 0x62, 0x3c, 0xed, 0x65, 0x91, 0xad, 0xd1, 0x57, 0x81, 0x94, 0xaa, 0xa1, 0x29, 0xfc, 0x68}} ,
+ {{0xdd, 0xb5, 0x7d, 0xab, 0x5a, 0x21, 0x41, 0x53, 0xbb, 0x17, 0x79, 0x0d, 0xd1, 0xa8, 0x0c, 0x0c, 0x20, 0x88, 0x09, 0xe9, 0x84, 0xe8, 0x25, 0x11, 0x67, 0x7a, 0x8b, 0x1a, 0xe4, 0x5d, 0xe1, 0x5d}}},
+{{{0x37, 0xea, 0xfe, 0x65, 0x3b, 0x25, 0xe8, 0xe1, 0xc2, 0xc5, 0x02, 0xa4, 0xbe, 0x98, 0x0a, 0x2b, 0x61, 0xc1, 0x9b, 0xe2, 0xd5, 0x92, 0xe6, 0x9e, 0x7d, 0x1f, 0xca, 0x43, 0x88, 0x8b, 0x2c, 0x59}} ,
+ {{0xe0, 0xb5, 0x00, 0x1d, 0x2a, 0x6f, 0xaf, 0x79, 0x86, 0x2f, 0xa6, 0x5a, 0x93, 0xd1, 0xfe, 0xae, 0x3a, 0xee, 0xdb, 0x7c, 0x61, 0xbe, 0x7c, 0x01, 0xf9, 0xfe, 0x52, 0xdc, 0xd8, 0x52, 0xa3, 0x42}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x22, 0xaf, 0x13, 0x37, 0xbd, 0x37, 0x71, 0xac, 0x04, 0x46, 0x63, 0xac, 0xa4, 0x77, 0xed, 0x25, 0x38, 0xe0, 0x15, 0xa8, 0x64, 0x00, 0x0d, 0xce, 0x51, 0x01, 0xa9, 0xbc, 0x0f, 0x03, 0x1c, 0x04}} ,
+ {{0x89, 0xf9, 0x80, 0x07, 0xcf, 0x3f, 0xb3, 0xe9, 0xe7, 0x45, 0x44, 0x3d, 0x2a, 0x7c, 0xe9, 0xe4, 0x16, 0x5c, 0x5e, 0x65, 0x1c, 0xc7, 0x7d, 0xc6, 0x7a, 0xfb, 0x43, 0xee, 0x25, 0x76, 0x46, 0x72}}},
+{{{0x02, 0xa2, 0xed, 0xf4, 0x8f, 0x6b, 0x0b, 0x3e, 0xeb, 0x35, 0x1a, 0xd5, 0x7e, 0xdb, 0x78, 0x00, 0x96, 0x8a, 0xa0, 0xb4, 0xcf, 0x60, 0x4b, 0xd4, 0xd5, 0xf9, 0x2d, 0xbf, 0x88, 0xbd, 0x22, 0x62}} ,
+ {{0x13, 0x53, 0xe4, 0x82, 0x57, 0xfa, 0x1e, 0x8f, 0x06, 0x2b, 0x90, 0xba, 0x08, 0xb6, 0x10, 0x54, 0x4f, 0x7c, 0x1b, 0x26, 0xed, 0xda, 0x6b, 0xdd, 0x25, 0xd0, 0x4e, 0xea, 0x42, 0xbb, 0x25, 0x03}}},
+{{{0x51, 0x16, 0x50, 0x7c, 0xd5, 0x5d, 0xf6, 0x99, 0xe8, 0x77, 0x72, 0x4e, 0xfa, 0x62, 0xcb, 0x76, 0x75, 0x0c, 0xe2, 0x71, 0x98, 0x92, 0xd5, 0xfa, 0x45, 0xdf, 0x5c, 0x6f, 0x1e, 0x9e, 0x28, 0x69}} ,
+ {{0x0d, 0xac, 0x66, 0x6d, 0xc3, 0x8b, 0xba, 0x16, 0xb5, 0xe2, 0xa0, 0x0d, 0x0c, 0xbd, 0xa4, 0x8e, 0x18, 0x6c, 0xf2, 0xdc, 0xf9, 0xdc, 0x4a, 0x86, 0x25, 0x95, 0x14, 0xcb, 0xd8, 0x1a, 0x04, 0x0f}}},
+{{{0x97, 0xa5, 0xdb, 0x8b, 0x2d, 0xaa, 0x42, 0x11, 0x09, 0xf2, 0x93, 0xbb, 0xd9, 0x06, 0x84, 0x4e, 0x11, 0xa8, 0xa0, 0x25, 0x2b, 0xa6, 0x5f, 0xae, 0xc4, 0xb4, 0x4c, 0xc8, 0xab, 0xc7, 0x3b, 0x02}} ,
+ {{0xee, 0xc9, 0x29, 0x0f, 0xdf, 0x11, 0x85, 0xed, 0xce, 0x0d, 0x62, 0x2c, 0x8f, 0x4b, 0xf9, 0x04, 0xe9, 0x06, 0x72, 0x1d, 0x37, 0x20, 0x50, 0xc9, 0x14, 0xeb, 0xec, 0x39, 0xa7, 0x97, 0x2b, 0x4d}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x69, 0xd1, 0x39, 0xbd, 0xfb, 0x33, 0xbe, 0xc4, 0xf0, 0x5c, 0xef, 0xf0, 0x56, 0x68, 0xfc, 0x97, 0x47, 0xc8, 0x72, 0xb6, 0x53, 0xa4, 0x0a, 0x98, 0xa5, 0xb4, 0x37, 0x71, 0xcf, 0x66, 0x50, 0x6d}} ,
+ {{0x17, 0xa4, 0x19, 0x52, 0x11, 0x47, 0xb3, 0x5c, 0x5b, 0xa9, 0x2e, 0x22, 0xb4, 0x00, 0x52, 0xf9, 0x57, 0x18, 0xb8, 0xbe, 0x5a, 0xe3, 0xab, 0x83, 0xc8, 0x87, 0x0a, 0x2a, 0xd8, 0x8c, 0xbb, 0x54}}},
+{{{0xa9, 0x62, 0x93, 0x85, 0xbe, 0xe8, 0x73, 0x4a, 0x0e, 0xb0, 0xb5, 0x2d, 0x94, 0x50, 0xaa, 0xd3, 0xb2, 0xea, 0x9d, 0x62, 0x76, 0x3b, 0x07, 0x34, 0x4e, 0x2d, 0x70, 0xc8, 0x9a, 0x15, 0x66, 0x6b}} ,
+ {{0xc5, 0x96, 0xca, 0xc8, 0x22, 0x1a, 0xee, 0x5f, 0xe7, 0x31, 0x60, 0x22, 0x83, 0x08, 0x63, 0xce, 0xb9, 0x32, 0x44, 0x58, 0x5d, 0x3a, 0x9b, 0xe4, 0x04, 0xd5, 0xef, 0x38, 0xef, 0x4b, 0xdd, 0x19}}},
+{{{0x4d, 0xc2, 0x17, 0x75, 0xa1, 0x68, 0xcd, 0xc3, 0xc6, 0x03, 0x44, 0xe3, 0x78, 0x09, 0x91, 0x47, 0x3f, 0x0f, 0xe4, 0x92, 0x58, 0xfa, 0x7d, 0x1f, 0x20, 0x94, 0x58, 0x5e, 0xbc, 0x19, 0x02, 0x6f}} ,
+ {{0x20, 0xd6, 0xd8, 0x91, 0x54, 0xa7, 0xf3, 0x20, 0x4b, 0x34, 0x06, 0xfa, 0x30, 0xc8, 0x6f, 0x14, 0x10, 0x65, 0x74, 0x13, 0x4e, 0xf0, 0x69, 0x26, 0xce, 0xcf, 0x90, 0xf4, 0xd0, 0xc5, 0xc8, 0x64}}},
+{{{0x26, 0xa2, 0x50, 0x02, 0x24, 0x72, 0xf1, 0xf0, 0x4e, 0x2d, 0x93, 0xd5, 0x08, 0xe7, 0xae, 0x38, 0xf7, 0x18, 0xa5, 0x32, 0x34, 0xc2, 0xf0, 0xa6, 0xec, 0xb9, 0x61, 0x7b, 0x64, 0x99, 0xac, 0x71}} ,
+ {{0x25, 0xcf, 0x74, 0x55, 0x1b, 0xaa, 0xa9, 0x38, 0x41, 0x40, 0xd5, 0x95, 0x95, 0xab, 0x1c, 0x5e, 0xbc, 0x41, 0x7e, 0x14, 0x30, 0xbe, 0x13, 0x89, 0xf4, 0xe5, 0xeb, 0x28, 0xc0, 0xc2, 0x96, 0x3a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x2b, 0x77, 0x45, 0xec, 0x67, 0x76, 0x32, 0x4c, 0xb9, 0xdf, 0x25, 0x32, 0x6b, 0xcb, 0xe7, 0x14, 0x61, 0x43, 0xee, 0xba, 0x9b, 0x71, 0xef, 0xd2, 0x48, 0x65, 0xbb, 0x1b, 0x8a, 0x13, 0x1b, 0x22}} ,
+ {{0x84, 0xad, 0x0c, 0x18, 0x38, 0x5a, 0xba, 0xd0, 0x98, 0x59, 0xbf, 0x37, 0xb0, 0x4f, 0x97, 0x60, 0x20, 0xb3, 0x9b, 0x97, 0xf6, 0x08, 0x6c, 0xa4, 0xff, 0xfb, 0xb7, 0xfa, 0x95, 0xb2, 0x51, 0x79}}},
+{{{0x28, 0x5c, 0x3f, 0xdb, 0x6b, 0x18, 0x3b, 0x5c, 0xd1, 0x04, 0x28, 0xde, 0x85, 0x52, 0x31, 0xb5, 0xbb, 0xf6, 0xa9, 0xed, 0xbe, 0x28, 0x4f, 0xb3, 0x7e, 0x05, 0x6a, 0xdb, 0x95, 0x0d, 0x1b, 0x1c}} ,
+ {{0xd5, 0xc5, 0xc3, 0x9a, 0x0a, 0xd0, 0x31, 0x3e, 0x07, 0x36, 0x8e, 0xc0, 0x8a, 0x62, 0xb1, 0xca, 0xd6, 0x0e, 0x1e, 0x9d, 0xef, 0xab, 0x98, 0x4d, 0xbb, 0x6c, 0x05, 0xe0, 0xe4, 0x5d, 0xbd, 0x57}}},
+{{{0xcc, 0x21, 0x27, 0xce, 0xfd, 0xa9, 0x94, 0x8e, 0xe1, 0xab, 0x49, 0xe0, 0x46, 0x26, 0xa1, 0xa8, 0x8c, 0xa1, 0x99, 0x1d, 0xb4, 0x27, 0x6d, 0x2d, 0xc8, 0x39, 0x30, 0x5e, 0x37, 0x52, 0xc4, 0x6e}} ,
+ {{0xa9, 0x85, 0xf4, 0xe7, 0xb0, 0x15, 0x33, 0x84, 0x1b, 0x14, 0x1a, 0x02, 0xd9, 0x3b, 0xad, 0x0f, 0x43, 0x6c, 0xea, 0x3e, 0x0f, 0x7e, 0xda, 0xdd, 0x6b, 0x4c, 0x7f, 0x6e, 0xd4, 0x6b, 0xbf, 0x0f}}},
+{{{0x47, 0x9f, 0x7c, 0x56, 0x7c, 0x43, 0x91, 0x1c, 0xbb, 0x4e, 0x72, 0x3e, 0x64, 0xab, 0xa0, 0xa0, 0xdf, 0xb4, 0xd8, 0x87, 0x3a, 0xbd, 0xa8, 0x48, 0xc9, 0xb8, 0xef, 0x2e, 0xad, 0x6f, 0x84, 0x4f}} ,
+ {{0x2d, 0x2d, 0xf0, 0x1b, 0x7e, 0x2a, 0x6c, 0xf8, 0xa9, 0x6a, 0xe1, 0xf0, 0x99, 0xa1, 0x67, 0x9a, 0xd4, 0x13, 0xca, 0xca, 0xba, 0x27, 0x92, 0xaa, 0xa1, 0x5d, 0x50, 0xde, 0xcc, 0x40, 0x26, 0x0a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x9f, 0x3e, 0xf2, 0xb2, 0x90, 0xce, 0xdb, 0x64, 0x3e, 0x03, 0xdd, 0x37, 0x36, 0x54, 0x70, 0x76, 0x24, 0xb5, 0x69, 0x03, 0xfc, 0xa0, 0x2b, 0x74, 0xb2, 0x05, 0x0e, 0xcc, 0xd8, 0x1f, 0x6a, 0x1f}} ,
+ {{0x19, 0x5e, 0x60, 0x69, 0x58, 0x86, 0xa0, 0x31, 0xbd, 0x32, 0xe9, 0x2c, 0x5c, 0xd2, 0x85, 0xba, 0x40, 0x64, 0xa8, 0x74, 0xf8, 0x0e, 0x1c, 0xb3, 0xa9, 0x69, 0xe8, 0x1e, 0x40, 0x64, 0x99, 0x77}}},
+{{{0x6c, 0x32, 0x4f, 0xfd, 0xbb, 0x5c, 0xbb, 0x8d, 0x64, 0x66, 0x4a, 0x71, 0x1f, 0x79, 0xa3, 0xad, 0x8d, 0xf9, 0xd4, 0xec, 0xcf, 0x67, 0x70, 0xfa, 0x05, 0x4a, 0x0f, 0x6e, 0xaf, 0x87, 0x0a, 0x6f}} ,
+ {{0xc6, 0x36, 0x6e, 0x6c, 0x8c, 0x24, 0x09, 0x60, 0xbe, 0x26, 0xd2, 0x4c, 0x5e, 0x17, 0xca, 0x5f, 0x1d, 0xcc, 0x87, 0xe8, 0x42, 0x6a, 0xcb, 0xcb, 0x7d, 0x92, 0x05, 0x35, 0x81, 0x13, 0x60, 0x6b}}},
+{{{0xf4, 0x15, 0xcd, 0x0f, 0x0a, 0xaf, 0x4e, 0x6b, 0x51, 0xfd, 0x14, 0xc4, 0x2e, 0x13, 0x86, 0x74, 0x44, 0xcb, 0x66, 0x6b, 0xb6, 0x9d, 0x74, 0x56, 0x32, 0xac, 0x8d, 0x8e, 0x8c, 0x8c, 0x8c, 0x39}} ,
+ {{0xca, 0x59, 0x74, 0x1a, 0x11, 0xef, 0x6d, 0xf7, 0x39, 0x5c, 0x3b, 0x1f, 0xfa, 0xe3, 0x40, 0x41, 0x23, 0x9e, 0xf6, 0xd1, 0x21, 0xa2, 0xbf, 0xad, 0x65, 0x42, 0x6b, 0x59, 0x8a, 0xe8, 0xc5, 0x7f}}},
+{{{0x64, 0x05, 0x7a, 0x84, 0x4a, 0x13, 0xc3, 0xf6, 0xb0, 0x6e, 0x9a, 0x6b, 0x53, 0x6b, 0x32, 0xda, 0xd9, 0x74, 0x75, 0xc4, 0xba, 0x64, 0x3d, 0x3b, 0x08, 0xdd, 0x10, 0x46, 0xef, 0xc7, 0x90, 0x1f}} ,
+ {{0x7b, 0x2f, 0x3a, 0xce, 0xc8, 0xa1, 0x79, 0x3c, 0x30, 0x12, 0x44, 0x28, 0xf6, 0xbc, 0xff, 0xfd, 0xf4, 0xc0, 0x97, 0xb0, 0xcc, 0xc3, 0x13, 0x7a, 0xb9, 0x9a, 0x16, 0xe4, 0xcb, 0x4c, 0x34, 0x63}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x07, 0x4e, 0xd3, 0x2d, 0x09, 0x33, 0x0e, 0xd2, 0x0d, 0xbe, 0x3e, 0xe7, 0xe4, 0xaa, 0xb7, 0x00, 0x8b, 0xe8, 0xad, 0xaa, 0x7a, 0x8d, 0x34, 0x28, 0xa9, 0x81, 0x94, 0xc5, 0xe7, 0x42, 0xac, 0x47}} ,
+ {{0x24, 0x89, 0x7a, 0x8f, 0xb5, 0x9b, 0xf0, 0xc2, 0x03, 0x64, 0xd0, 0x1e, 0xf5, 0xa4, 0xb2, 0xf3, 0x74, 0xe9, 0x1a, 0x16, 0xfd, 0xcb, 0x15, 0xea, 0xeb, 0x10, 0x6c, 0x35, 0xd1, 0xc1, 0xa6, 0x28}}},
+{{{0xcc, 0xd5, 0x39, 0xfc, 0xa5, 0xa4, 0xad, 0x32, 0x15, 0xce, 0x19, 0xe8, 0x34, 0x2b, 0x1c, 0x60, 0x91, 0xfc, 0x05, 0xa9, 0xb3, 0xdc, 0x80, 0x29, 0xc4, 0x20, 0x79, 0x06, 0x39, 0xc0, 0xe2, 0x22}} ,
+ {{0xbb, 0xa8, 0xe1, 0x89, 0x70, 0x57, 0x18, 0x54, 0x3c, 0xf6, 0x0d, 0x82, 0x12, 0x05, 0x87, 0x96, 0x06, 0x39, 0xe3, 0xf8, 0xb3, 0x95, 0xe5, 0xd7, 0x26, 0xbf, 0x09, 0x5a, 0x94, 0xf9, 0x1c, 0x63}}},
+{{{0x2b, 0x8c, 0x2d, 0x9a, 0x8b, 0x84, 0xf2, 0x56, 0xfb, 0xad, 0x2e, 0x7f, 0xb7, 0xfc, 0x30, 0xe1, 0x35, 0x89, 0xba, 0x4d, 0xa8, 0x6d, 0xce, 0x8c, 0x8b, 0x30, 0xe0, 0xda, 0x29, 0x18, 0x11, 0x17}} ,
+ {{0x19, 0xa6, 0x5a, 0x65, 0x93, 0xc3, 0xb5, 0x31, 0x22, 0x4f, 0xf3, 0xf6, 0x0f, 0xeb, 0x28, 0xc3, 0x7c, 0xeb, 0xce, 0x86, 0xec, 0x67, 0x76, 0x6e, 0x35, 0x45, 0x7b, 0xd8, 0x6b, 0x92, 0x01, 0x65}}},
+{{{0x3d, 0xd5, 0x9a, 0x64, 0x73, 0x36, 0xb1, 0xd6, 0x86, 0x98, 0x42, 0x3f, 0x8a, 0xf1, 0xc7, 0xf5, 0x42, 0xa8, 0x9c, 0x52, 0xa8, 0xdc, 0xf9, 0x24, 0x3f, 0x4a, 0xa1, 0xa4, 0x5b, 0xe8, 0x62, 0x1a}} ,
+ {{0xc5, 0xbd, 0xc8, 0x14, 0xd5, 0x0d, 0xeb, 0xe1, 0xa5, 0xe6, 0x83, 0x11, 0x09, 0x00, 0x1d, 0x55, 0x83, 0x51, 0x7e, 0x75, 0x00, 0x81, 0xb9, 0xcb, 0xd8, 0xc5, 0xe5, 0xa1, 0xd9, 0x17, 0x6d, 0x1f}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xea, 0xf9, 0xe4, 0xe9, 0xe1, 0x52, 0x3f, 0x51, 0x19, 0x0d, 0xdd, 0xd9, 0x9d, 0x93, 0x31, 0x87, 0x23, 0x09, 0xd5, 0x83, 0xeb, 0x92, 0x09, 0x76, 0x6e, 0xe3, 0xf8, 0xc0, 0xa2, 0x66, 0xb5, 0x36}} ,
+ {{0x3a, 0xbb, 0x39, 0xed, 0x32, 0x02, 0xe7, 0x43, 0x7a, 0x38, 0x14, 0x84, 0xe3, 0x44, 0xd2, 0x5e, 0x94, 0xdd, 0x78, 0x89, 0x55, 0x4c, 0x73, 0x9e, 0xe1, 0xe4, 0x3e, 0x43, 0xd0, 0x4a, 0xde, 0x1b}}},
+{{{0xb2, 0xe7, 0x8f, 0xe3, 0xa3, 0xc5, 0xcb, 0x72, 0xee, 0x79, 0x41, 0xf8, 0xdf, 0xee, 0x65, 0xc5, 0x45, 0x77, 0x27, 0x3c, 0xbd, 0x58, 0xd3, 0x75, 0xe2, 0x04, 0x4b, 0xbb, 0x65, 0xf3, 0xc8, 0x0f}} ,
+ {{0x24, 0x7b, 0x93, 0x34, 0xb5, 0xe2, 0x74, 0x48, 0xcd, 0xa0, 0x0b, 0x92, 0x97, 0x66, 0x39, 0xf4, 0xb0, 0xe2, 0x5d, 0x39, 0x6a, 0x5b, 0x45, 0x17, 0x78, 0x1e, 0xdb, 0x91, 0x81, 0x1c, 0xf9, 0x16}}},
+{{{0x16, 0xdf, 0xd1, 0x5a, 0xd5, 0xe9, 0x4e, 0x58, 0x95, 0x93, 0x5f, 0x51, 0x09, 0xc3, 0x2a, 0xc9, 0xd4, 0x55, 0x48, 0x79, 0xa4, 0xa3, 0xb2, 0xc3, 0x62, 0xaa, 0x8c, 0xe8, 0xad, 0x47, 0x39, 0x1b}} ,
+ {{0x46, 0xda, 0x9e, 0x51, 0x3a, 0xe6, 0xd1, 0xa6, 0xbb, 0x4d, 0x7b, 0x08, 0xbe, 0x8c, 0xd5, 0xf3, 0x3f, 0xfd, 0xf7, 0x44, 0x80, 0x2d, 0x53, 0x4b, 0xd0, 0x87, 0x68, 0xc1, 0xb5, 0xd8, 0xf7, 0x07}}},
+{{{0xf4, 0x10, 0x46, 0xbe, 0xb7, 0xd2, 0xd1, 0xce, 0x5e, 0x76, 0xa2, 0xd7, 0x03, 0xdc, 0xe4, 0x81, 0x5a, 0xf6, 0x3c, 0xde, 0xae, 0x7a, 0x9d, 0x21, 0x34, 0xa5, 0xf6, 0xa9, 0x73, 0xe2, 0x8d, 0x60}} ,
+ {{0xfa, 0x44, 0x71, 0xf6, 0x41, 0xd8, 0xc6, 0x58, 0x13, 0x37, 0xeb, 0x84, 0x0f, 0x96, 0xc7, 0xdc, 0xc8, 0xa9, 0x7a, 0x83, 0xb2, 0x2f, 0x31, 0xb1, 0x1a, 0xd8, 0x98, 0x3f, 0x11, 0xd0, 0x31, 0x3b}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x81, 0xd5, 0x34, 0x16, 0x01, 0xa3, 0x93, 0xea, 0x52, 0x94, 0xec, 0x93, 0xb7, 0x81, 0x11, 0x2d, 0x58, 0xf9, 0xb5, 0x0a, 0xaa, 0x4f, 0xf6, 0x2e, 0x3f, 0x36, 0xbf, 0x33, 0x5a, 0xe7, 0xd1, 0x08}} ,
+ {{0x1a, 0xcf, 0x42, 0xae, 0xcc, 0xb5, 0x77, 0x39, 0xc4, 0x5b, 0x5b, 0xd0, 0x26, 0x59, 0x27, 0xd0, 0x55, 0x71, 0x12, 0x9d, 0x88, 0x3d, 0x9c, 0xea, 0x41, 0x6a, 0xf0, 0x50, 0x93, 0x93, 0xdd, 0x47}}},
+{{{0x6f, 0xc9, 0x51, 0x6d, 0x1c, 0xaa, 0xf5, 0xa5, 0x90, 0x3f, 0x14, 0xe2, 0x6e, 0x8e, 0x64, 0xfd, 0xac, 0xe0, 0x4e, 0x22, 0xe5, 0xc1, 0xbc, 0x29, 0x0a, 0x6a, 0x9e, 0xa1, 0x60, 0xcb, 0x2f, 0x0b}} ,
+ {{0xdc, 0x39, 0x32, 0xf3, 0xa1, 0x44, 0xe9, 0xc5, 0xc3, 0x78, 0xfb, 0x95, 0x47, 0x34, 0x35, 0x34, 0xe8, 0x25, 0xde, 0x93, 0xc6, 0xb4, 0x76, 0x6d, 0x86, 0x13, 0xc6, 0xe9, 0x68, 0xb5, 0x01, 0x63}}},
+{{{0x1f, 0x9a, 0x52, 0x64, 0x97, 0xd9, 0x1c, 0x08, 0x51, 0x6f, 0x26, 0x9d, 0xaa, 0x93, 0x33, 0x43, 0xfa, 0x77, 0xe9, 0x62, 0x9b, 0x5d, 0x18, 0x75, 0xeb, 0x78, 0xf7, 0x87, 0x8f, 0x41, 0xb4, 0x4d}} ,
+ {{0x13, 0xa8, 0x82, 0x3e, 0xe9, 0x13, 0xad, 0xeb, 0x01, 0xca, 0xcf, 0xda, 0xcd, 0xf7, 0x6c, 0xc7, 0x7a, 0xdc, 0x1e, 0x6e, 0xc8, 0x4e, 0x55, 0x62, 0x80, 0xea, 0x78, 0x0c, 0x86, 0xb9, 0x40, 0x51}}},
+{{{0x27, 0xae, 0xd3, 0x0d, 0x4c, 0x8f, 0x34, 0xea, 0x7d, 0x3c, 0xe5, 0x8a, 0xcf, 0x5b, 0x92, 0xd8, 0x30, 0x16, 0xb4, 0xa3, 0x75, 0xff, 0xeb, 0x27, 0xc8, 0x5c, 0x6c, 0xc2, 0xee, 0x6c, 0x21, 0x0b}} ,
+ {{0xc3, 0xba, 0x12, 0x53, 0x2a, 0xaa, 0x77, 0xad, 0x19, 0x78, 0x55, 0x8a, 0x2e, 0x60, 0x87, 0xc2, 0x6e, 0x91, 0x38, 0x91, 0x3f, 0x7a, 0xc5, 0x24, 0x8f, 0x51, 0xc5, 0xde, 0xb0, 0x53, 0x30, 0x56}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x02, 0xfe, 0x54, 0x12, 0x18, 0xca, 0x7d, 0xa5, 0x68, 0x43, 0xa3, 0x6d, 0x14, 0x2a, 0x6a, 0xa5, 0x8e, 0x32, 0xe7, 0x63, 0x4f, 0xe3, 0xc6, 0x44, 0x3e, 0xab, 0x63, 0xca, 0x17, 0x86, 0x74, 0x3f}} ,
+ {{0x1e, 0x64, 0xc1, 0x7d, 0x52, 0xdc, 0x13, 0x5a, 0xa1, 0x9c, 0x4e, 0xee, 0x99, 0x28, 0xbb, 0x4c, 0xee, 0xac, 0xa9, 0x1b, 0x89, 0xa2, 0x38, 0x39, 0x7b, 0xc4, 0x0f, 0x42, 0xe6, 0x89, 0xed, 0x0f}}},
+{{{0xf3, 0x3c, 0x8c, 0x80, 0x83, 0x10, 0x8a, 0x37, 0x50, 0x9c, 0xb4, 0xdf, 0x3f, 0x8c, 0xf7, 0x23, 0x07, 0xd6, 0xff, 0xa0, 0x82, 0x6c, 0x75, 0x3b, 0xe4, 0xb5, 0xbb, 0xe4, 0xe6, 0x50, 0xf0, 0x08}} ,
+ {{0x62, 0xee, 0x75, 0x48, 0x92, 0x33, 0xf2, 0xf4, 0xad, 0x15, 0x7a, 0xa1, 0x01, 0x46, 0xa9, 0x32, 0x06, 0x88, 0xb6, 0x36, 0x47, 0x35, 0xb9, 0xb4, 0x42, 0x85, 0x76, 0xf0, 0x48, 0x00, 0x90, 0x38}}},
+{{{0x51, 0x15, 0x9d, 0xc3, 0x95, 0xd1, 0x39, 0xbb, 0x64, 0x9d, 0x15, 0x81, 0xc1, 0x68, 0xd0, 0xb6, 0xa4, 0x2c, 0x7d, 0x5e, 0x02, 0x39, 0x00, 0xe0, 0x3b, 0xa4, 0xcc, 0xca, 0x1d, 0x81, 0x24, 0x10}} ,
+ {{0xe7, 0x29, 0xf9, 0x37, 0xd9, 0x46, 0x5a, 0xcd, 0x70, 0xfe, 0x4d, 0x5b, 0xbf, 0xa5, 0xcf, 0x91, 0xf4, 0xef, 0xee, 0x8a, 0x29, 0xd0, 0xe7, 0xc4, 0x25, 0x92, 0x8a, 0xff, 0x36, 0xfc, 0xe4, 0x49}}},
+{{{0xbd, 0x00, 0xb9, 0x04, 0x7d, 0x35, 0xfc, 0xeb, 0xd0, 0x0b, 0x05, 0x32, 0x52, 0x7a, 0x89, 0x24, 0x75, 0x50, 0xe1, 0x63, 0x02, 0x82, 0x8e, 0xe7, 0x85, 0x0c, 0xf2, 0x56, 0x44, 0x37, 0x83, 0x25}} ,
+ {{0x8f, 0xa1, 0xce, 0xcb, 0x60, 0xda, 0x12, 0x02, 0x1e, 0x29, 0x39, 0x2a, 0x03, 0xb7, 0xeb, 0x77, 0x40, 0xea, 0xc9, 0x2b, 0x2c, 0xd5, 0x7d, 0x7e, 0x2c, 0xc7, 0x5a, 0xfd, 0xff, 0xc4, 0xd1, 0x62}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x1d, 0x88, 0x98, 0x5b, 0x4e, 0xfc, 0x41, 0x24, 0x05, 0xe6, 0x50, 0x2b, 0xae, 0x96, 0x51, 0xd9, 0x6b, 0x72, 0xb2, 0x33, 0x42, 0x98, 0x68, 0xbb, 0x10, 0x5a, 0x7a, 0x8c, 0x9d, 0x07, 0xb4, 0x05}} ,
+ {{0x2f, 0x61, 0x9f, 0xd7, 0xa8, 0x3f, 0x83, 0x8c, 0x10, 0x69, 0x90, 0xe6, 0xcf, 0xd2, 0x63, 0xa3, 0xe4, 0x54, 0x7e, 0xe5, 0x69, 0x13, 0x1c, 0x90, 0x57, 0xaa, 0xe9, 0x53, 0x22, 0x43, 0x29, 0x23}}},
+{{{0xe5, 0x1c, 0xf8, 0x0a, 0xfd, 0x2d, 0x7e, 0xf5, 0xf5, 0x70, 0x7d, 0x41, 0x6b, 0x11, 0xfe, 0xbe, 0x99, 0xd1, 0x55, 0x29, 0x31, 0xbf, 0xc0, 0x97, 0x6c, 0xd5, 0x35, 0xcc, 0x5e, 0x8b, 0xd9, 0x69}} ,
+ {{0x8e, 0x4e, 0x9f, 0x25, 0xf8, 0x81, 0x54, 0x2d, 0x0e, 0xd5, 0x54, 0x81, 0x9b, 0xa6, 0x92, 0xce, 0x4b, 0xe9, 0x8f, 0x24, 0x3b, 0xca, 0xe0, 0x44, 0xab, 0x36, 0xfe, 0xfb, 0x87, 0xd4, 0x26, 0x3e}}},
+{{{0x0f, 0x93, 0x9c, 0x11, 0xe7, 0xdb, 0xf1, 0xf0, 0x85, 0x43, 0x28, 0x15, 0x37, 0xdd, 0xde, 0x27, 0xdf, 0xad, 0x3e, 0x49, 0x4f, 0xe0, 0x5b, 0xf6, 0x80, 0x59, 0x15, 0x3c, 0x85, 0xb7, 0x3e, 0x12}} ,
+ {{0xf5, 0xff, 0xcc, 0xf0, 0xb4, 0x12, 0x03, 0x5f, 0xc9, 0x84, 0xcb, 0x1d, 0x17, 0xe0, 0xbc, 0xcc, 0x03, 0x62, 0xa9, 0x8b, 0x94, 0xa6, 0xaa, 0x18, 0xcb, 0x27, 0x8d, 0x49, 0xa6, 0x17, 0x15, 0x07}}},
+{{{0xd9, 0xb6, 0xd4, 0x9d, 0xd4, 0x6a, 0xaf, 0x70, 0x07, 0x2c, 0x10, 0x9e, 0xbd, 0x11, 0xad, 0xe4, 0x26, 0x33, 0x70, 0x92, 0x78, 0x1c, 0x74, 0x9f, 0x75, 0x60, 0x56, 0xf4, 0x39, 0xa8, 0xa8, 0x62}} ,
+ {{0x3b, 0xbf, 0x55, 0x35, 0x61, 0x8b, 0x44, 0x97, 0xe8, 0x3a, 0x55, 0xc1, 0xc8, 0x3b, 0xfd, 0x95, 0x29, 0x11, 0x60, 0x96, 0x1e, 0xcb, 0x11, 0x9d, 0xc2, 0x03, 0x8a, 0x1b, 0xc6, 0xd6, 0x45, 0x3d}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x7e, 0x0e, 0x50, 0xb2, 0xcc, 0x0d, 0x6b, 0xa6, 0x71, 0x5b, 0x42, 0xed, 0xbd, 0xaf, 0xac, 0xf0, 0xfc, 0x12, 0xa2, 0x3f, 0x4e, 0xda, 0xe8, 0x11, 0xf3, 0x23, 0xe1, 0x04, 0x62, 0x03, 0x1c, 0x4e}} ,
+ {{0xc8, 0xb1, 0x1b, 0x6f, 0x73, 0x61, 0x3d, 0x27, 0x0d, 0x7d, 0x7a, 0x25, 0x5f, 0x73, 0x0e, 0x2f, 0x93, 0xf6, 0x24, 0xd8, 0x4f, 0x90, 0xac, 0xa2, 0x62, 0x0a, 0xf0, 0x61, 0xd9, 0x08, 0x59, 0x6a}}},
+{{{0x6f, 0x2d, 0x55, 0xf8, 0x2f, 0x8e, 0xf0, 0x18, 0x3b, 0xea, 0xdd, 0x26, 0x72, 0xd1, 0xf5, 0xfe, 0xe5, 0xb8, 0xe6, 0xd3, 0x10, 0x48, 0x46, 0x49, 0x3a, 0x9f, 0x5e, 0x45, 0x6b, 0x90, 0xe8, 0x7f}} ,
+ {{0xd3, 0x76, 0x69, 0x33, 0x7b, 0xb9, 0x40, 0x70, 0xee, 0xa6, 0x29, 0x6b, 0xdd, 0xd0, 0x5d, 0x8d, 0xc1, 0x3e, 0x4a, 0xea, 0x37, 0xb1, 0x03, 0x02, 0x03, 0x35, 0xf1, 0x28, 0x9d, 0xff, 0x00, 0x13}}},
+{{{0x7a, 0xdb, 0x12, 0xd2, 0x8a, 0x82, 0x03, 0x1b, 0x1e, 0xaf, 0xf9, 0x4b, 0x9c, 0xbe, 0xae, 0x7c, 0xe4, 0x94, 0x2a, 0x23, 0xb3, 0x62, 0x86, 0xe7, 0xfd, 0x23, 0xaa, 0x99, 0xbd, 0x2b, 0x11, 0x6c}} ,
+ {{0x8d, 0xa6, 0xd5, 0xac, 0x9d, 0xcc, 0x68, 0x75, 0x7f, 0xc3, 0x4d, 0x4b, 0xdd, 0x6c, 0xbb, 0x11, 0x5a, 0x60, 0xe5, 0xbd, 0x7d, 0x27, 0x8b, 0xda, 0xb4, 0x95, 0xf6, 0x03, 0x27, 0xa4, 0x92, 0x3f}}},
+{{{0x22, 0xd6, 0xb5, 0x17, 0x84, 0xbf, 0x12, 0xcc, 0x23, 0x14, 0x4a, 0xdf, 0x14, 0x31, 0xbc, 0xa1, 0xac, 0x6e, 0xab, 0xfa, 0x57, 0x11, 0x53, 0xb3, 0x27, 0xe6, 0xf9, 0x47, 0x33, 0x44, 0x34, 0x1e}} ,
+ {{0x79, 0xfc, 0xa6, 0xb4, 0x0b, 0x35, 0x20, 0xc9, 0x4d, 0x22, 0x84, 0xc4, 0xa9, 0x20, 0xec, 0x89, 0x94, 0xba, 0x66, 0x56, 0x48, 0xb9, 0x87, 0x7f, 0xca, 0x1e, 0x06, 0xed, 0xa5, 0x55, 0x59, 0x29}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x56, 0xe1, 0xf5, 0xf1, 0xd5, 0xab, 0xa8, 0x2b, 0xae, 0x89, 0xf3, 0xcf, 0x56, 0x9f, 0xf2, 0x4b, 0x31, 0xbc, 0x18, 0xa9, 0x06, 0x5b, 0xbe, 0xb4, 0x61, 0xf8, 0xb2, 0x06, 0x9c, 0x81, 0xab, 0x4c}} ,
+ {{0x1f, 0x68, 0x76, 0x01, 0x16, 0x38, 0x2b, 0x0f, 0x77, 0x97, 0x92, 0x67, 0x4e, 0x86, 0x6a, 0x8b, 0xe5, 0xe8, 0x0c, 0xf7, 0x36, 0x39, 0xb5, 0x33, 0xe6, 0xcf, 0x5e, 0xbd, 0x18, 0xfb, 0x10, 0x1f}}},
+{{{0x83, 0xf0, 0x0d, 0x63, 0xef, 0x53, 0x6b, 0xb5, 0x6b, 0xf9, 0x83, 0xcf, 0xde, 0x04, 0x22, 0x9b, 0x2c, 0x0a, 0xe0, 0xa5, 0xd8, 0xc7, 0x9c, 0xa5, 0xa3, 0xf6, 0x6f, 0xcf, 0x90, 0x6b, 0x68, 0x7c}} ,
+ {{0x33, 0x15, 0xd7, 0x7f, 0x1a, 0xd5, 0x21, 0x58, 0xc4, 0x18, 0xa5, 0xf0, 0xcc, 0x73, 0xa8, 0xfd, 0xfa, 0x18, 0xd1, 0x03, 0x91, 0x8d, 0x52, 0xd2, 0xa3, 0xa4, 0xd3, 0xb1, 0xea, 0x1d, 0x0f, 0x00}}},
+{{{0xcc, 0x48, 0x83, 0x90, 0xe5, 0xfd, 0x3f, 0x84, 0xaa, 0xf9, 0x8b, 0x82, 0x59, 0x24, 0x34, 0x68, 0x4f, 0x1c, 0x23, 0xd9, 0xcc, 0x71, 0xe1, 0x7f, 0x8c, 0xaf, 0xf1, 0xee, 0x00, 0xb6, 0xa0, 0x77}} ,
+ {{0xf5, 0x1a, 0x61, 0xf7, 0x37, 0x9d, 0x00, 0xf4, 0xf2, 0x69, 0x6f, 0x4b, 0x01, 0x85, 0x19, 0x45, 0x4d, 0x7f, 0x02, 0x7c, 0x6a, 0x05, 0x47, 0x6c, 0x1f, 0x81, 0x20, 0xd4, 0xe8, 0x50, 0x27, 0x72}}},
+{{{0x2c, 0x3a, 0xe5, 0xad, 0xf4, 0xdd, 0x2d, 0xf7, 0x5c, 0x44, 0xb5, 0x5b, 0x21, 0xa3, 0x89, 0x5f, 0x96, 0x45, 0xca, 0x4d, 0xa4, 0x21, 0x99, 0x70, 0xda, 0xc4, 0xc4, 0xa0, 0xe5, 0xf4, 0xec, 0x0a}} ,
+ {{0x07, 0x68, 0x21, 0x65, 0xe9, 0x08, 0xa0, 0x0b, 0x6a, 0x4a, 0xba, 0xb5, 0x80, 0xaf, 0xd0, 0x1b, 0xc5, 0xf5, 0x4b, 0x73, 0x50, 0x60, 0x2d, 0x71, 0x69, 0x61, 0x0e, 0xc0, 0x20, 0x40, 0x30, 0x19}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xd0, 0x75, 0x57, 0x3b, 0xeb, 0x5c, 0x14, 0x56, 0x50, 0xc9, 0x4f, 0xb8, 0xb8, 0x1e, 0xa3, 0xf4, 0xab, 0xf5, 0xa9, 0x20, 0x15, 0x94, 0x82, 0xda, 0x96, 0x1c, 0x9b, 0x59, 0x8c, 0xff, 0xf4, 0x51}} ,
+ {{0xc1, 0x3a, 0x86, 0xd7, 0xb0, 0x06, 0x84, 0x7f, 0x1b, 0xbd, 0xd4, 0x07, 0x78, 0x80, 0x2e, 0xb1, 0xb4, 0xee, 0x52, 0x38, 0xee, 0x9a, 0xf9, 0xf6, 0xf3, 0x41, 0x6e, 0xd4, 0x88, 0x95, 0xac, 0x35}}},
+{{{0x41, 0x97, 0xbf, 0x71, 0x6a, 0x9b, 0x72, 0xec, 0xf3, 0xf8, 0x6b, 0xe6, 0x0e, 0x6c, 0x69, 0xa5, 0x2f, 0x68, 0x52, 0xd8, 0x61, 0x81, 0xc0, 0x63, 0x3f, 0xa6, 0x3c, 0x13, 0x90, 0xe6, 0x8d, 0x56}} ,
+ {{0xe8, 0x39, 0x30, 0x77, 0x23, 0xb1, 0xfd, 0x1b, 0x3d, 0x3e, 0x74, 0x4d, 0x7f, 0xae, 0x5b, 0x3a, 0xb4, 0x65, 0x0e, 0x3a, 0x43, 0xdc, 0xdc, 0x41, 0x47, 0xe6, 0xe8, 0x92, 0x09, 0x22, 0x48, 0x4c}}},
+{{{0x85, 0x57, 0x9f, 0xb5, 0xc8, 0x06, 0xb2, 0x9f, 0x47, 0x3f, 0xf0, 0xfa, 0xe6, 0xa9, 0xb1, 0x9b, 0x6f, 0x96, 0x7d, 0xf9, 0xa4, 0x65, 0x09, 0x75, 0x32, 0xa6, 0x6c, 0x7f, 0x47, 0x4b, 0x2f, 0x4f}} ,
+ {{0x34, 0xe9, 0x59, 0x93, 0x9d, 0x26, 0x80, 0x54, 0xf2, 0xcc, 0x3c, 0xc2, 0x25, 0x85, 0xe3, 0x6a, 0xc1, 0x62, 0x04, 0xa7, 0x08, 0x32, 0x6d, 0xa1, 0x39, 0x84, 0x8a, 0x3b, 0x87, 0x5f, 0x11, 0x13}}},
+{{{0xda, 0x03, 0x34, 0x66, 0xc4, 0x0c, 0x73, 0x6e, 0xbc, 0x24, 0xb5, 0xf9, 0x70, 0x81, 0x52, 0xe9, 0xf4, 0x7c, 0x23, 0xdd, 0x9f, 0xb8, 0x46, 0xef, 0x1d, 0x22, 0x55, 0x7d, 0x71, 0xc4, 0x42, 0x33}} ,
+ {{0xc5, 0x37, 0x69, 0x5b, 0xa8, 0xc6, 0x9d, 0xa4, 0xfc, 0x61, 0x6e, 0x68, 0x46, 0xea, 0xd7, 0x1c, 0x67, 0xd2, 0x7d, 0xfa, 0xf1, 0xcc, 0x54, 0x8d, 0x36, 0x35, 0xc9, 0x00, 0xdf, 0x6c, 0x67, 0x50}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x9a, 0x4d, 0x42, 0x29, 0x5d, 0xa4, 0x6b, 0x6f, 0xa8, 0x8a, 0x4d, 0x91, 0x7b, 0xd2, 0xdf, 0x36, 0xef, 0x01, 0x22, 0xc5, 0xcc, 0x8d, 0xeb, 0x58, 0x3d, 0xb3, 0x50, 0xfc, 0x8b, 0x97, 0x96, 0x33}} ,
+ {{0x93, 0x33, 0x07, 0xc8, 0x4a, 0xca, 0xd0, 0xb1, 0xab, 0xbd, 0xdd, 0xa7, 0x7c, 0xac, 0x3e, 0x45, 0xcb, 0xcc, 0x07, 0x91, 0xbf, 0x35, 0x9d, 0xcb, 0x7d, 0x12, 0x3c, 0x11, 0x59, 0x13, 0xcf, 0x5c}}},
+{{{0x45, 0xb8, 0x41, 0xd7, 0xab, 0x07, 0x15, 0x00, 0x8e, 0xce, 0xdf, 0xb2, 0x43, 0x5c, 0x01, 0xdc, 0xf4, 0x01, 0x51, 0x95, 0x10, 0x5a, 0xf6, 0x24, 0x24, 0xa0, 0x19, 0x3a, 0x09, 0x2a, 0xaa, 0x3f}} ,
+ {{0xdc, 0x8e, 0xeb, 0xc6, 0xbf, 0xdd, 0x11, 0x7b, 0xe7, 0x47, 0xe6, 0xce, 0xe7, 0xb6, 0xc5, 0xe8, 0x8a, 0xdc, 0x4b, 0x57, 0x15, 0x3b, 0x66, 0xca, 0x89, 0xa3, 0xfd, 0xac, 0x0d, 0xe1, 0x1d, 0x7a}}},
+{{{0x89, 0xef, 0xbf, 0x03, 0x75, 0xd0, 0x29, 0x50, 0xcb, 0x7d, 0xd6, 0xbe, 0xad, 0x5f, 0x7b, 0x00, 0x32, 0xaa, 0x98, 0xed, 0x3f, 0x8f, 0x92, 0xcb, 0x81, 0x56, 0x01, 0x63, 0x64, 0xa3, 0x38, 0x39}} ,
+ {{0x8b, 0xa4, 0xd6, 0x50, 0xb4, 0xaa, 0x5d, 0x64, 0x64, 0x76, 0x2e, 0xa1, 0xa6, 0xb3, 0xb8, 0x7c, 0x7a, 0x56, 0xf5, 0x5c, 0x4e, 0x84, 0x5c, 0xfb, 0xdd, 0xca, 0x48, 0x8b, 0x48, 0xb9, 0xba, 0x34}}},
+{{{0xc5, 0xe3, 0xe8, 0xae, 0x17, 0x27, 0xe3, 0x64, 0x60, 0x71, 0x47, 0x29, 0x02, 0x0f, 0x92, 0x5d, 0x10, 0x93, 0xc8, 0x0e, 0xa1, 0xed, 0xba, 0xa9, 0x96, 0x1c, 0xc5, 0x76, 0x30, 0xcd, 0xf9, 0x30}} ,
+ {{0x95, 0xb0, 0xbd, 0x8c, 0xbc, 0xa7, 0x4f, 0x7e, 0xfd, 0x4e, 0x3a, 0xbf, 0x5f, 0x04, 0x79, 0x80, 0x2b, 0x5a, 0x9f, 0x4f, 0x68, 0x21, 0x19, 0x71, 0xc6, 0x20, 0x01, 0x42, 0xaa, 0xdf, 0xae, 0x2c}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x90, 0x6e, 0x7e, 0x4b, 0x71, 0x93, 0xc0, 0x72, 0xed, 0xeb, 0x71, 0x24, 0x97, 0x26, 0x9c, 0xfe, 0xcb, 0x3e, 0x59, 0x19, 0xa8, 0x0f, 0x75, 0x7d, 0xbe, 0x18, 0xe6, 0x96, 0x1e, 0x95, 0x70, 0x60}} ,
+ {{0x89, 0x66, 0x3e, 0x1d, 0x4c, 0x5f, 0xfe, 0xc0, 0x04, 0x43, 0xd6, 0x44, 0x19, 0xb5, 0xad, 0xc7, 0x22, 0xdc, 0x71, 0x28, 0x64, 0xde, 0x41, 0x38, 0x27, 0x8f, 0x2c, 0x6b, 0x08, 0xb8, 0xb8, 0x7b}}},
+{{{0x3d, 0x70, 0x27, 0x9d, 0xd9, 0xaf, 0xb1, 0x27, 0xaf, 0xe3, 0x5d, 0x1e, 0x3a, 0x30, 0x54, 0x61, 0x60, 0xe8, 0xc3, 0x26, 0x3a, 0xbc, 0x7e, 0xf5, 0x81, 0xdd, 0x64, 0x01, 0x04, 0xeb, 0xc0, 0x1e}} ,
+ {{0xda, 0x2c, 0xa4, 0xd1, 0xa1, 0xc3, 0x5c, 0x6e, 0x32, 0x07, 0x1f, 0xb8, 0x0e, 0x19, 0x9e, 0x99, 0x29, 0x33, 0x9a, 0xae, 0x7a, 0xed, 0x68, 0x42, 0x69, 0x7c, 0x07, 0xb3, 0x38, 0x2c, 0xf6, 0x3d}}},
+{{{0x64, 0xaa, 0xb5, 0x88, 0x79, 0x65, 0x38, 0x8c, 0x94, 0xd6, 0x62, 0x37, 0x7d, 0x64, 0xcd, 0x3a, 0xeb, 0xff, 0xe8, 0x81, 0x09, 0xc7, 0x6a, 0x50, 0x09, 0x0d, 0x28, 0x03, 0x0d, 0x9a, 0x93, 0x0a}} ,
+ {{0x42, 0xa3, 0xf1, 0xc5, 0xb4, 0x0f, 0xd8, 0xc8, 0x8d, 0x15, 0x31, 0xbd, 0xf8, 0x07, 0x8b, 0xcd, 0x08, 0x8a, 0xfb, 0x18, 0x07, 0xfe, 0x8e, 0x52, 0x86, 0xef, 0xbe, 0xec, 0x49, 0x52, 0x99, 0x08}}},
+{{{0x0f, 0xa9, 0xd5, 0x01, 0xaa, 0x48, 0x4f, 0x28, 0x66, 0x32, 0x1a, 0xba, 0x7c, 0xea, 0x11, 0x80, 0x17, 0x18, 0x9b, 0x56, 0x88, 0x25, 0x06, 0x69, 0x12, 0x2c, 0xea, 0x56, 0x69, 0x41, 0x24, 0x19}} ,
+ {{0xde, 0x21, 0xf0, 0xda, 0x8a, 0xfb, 0xb1, 0xb8, 0xcd, 0xc8, 0x6a, 0x82, 0x19, 0x73, 0xdb, 0xc7, 0xcf, 0x88, 0xeb, 0x96, 0xee, 0x6f, 0xfb, 0x06, 0xd2, 0xcd, 0x7d, 0x7b, 0x12, 0x28, 0x8e, 0x0c}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x93, 0x44, 0x97, 0xce, 0x28, 0xff, 0x3a, 0x40, 0xc4, 0xf5, 0xf6, 0x9b, 0xf4, 0x6b, 0x07, 0x84, 0xfb, 0x98, 0xd8, 0xec, 0x8c, 0x03, 0x57, 0xec, 0x49, 0xed, 0x63, 0xb6, 0xaa, 0xff, 0x98, 0x28}} ,
+ {{0x3d, 0x16, 0x35, 0xf3, 0x46, 0xbc, 0xb3, 0xf4, 0xc6, 0xb6, 0x4f, 0xfa, 0xf4, 0xa0, 0x13, 0xe6, 0x57, 0x45, 0x93, 0xb9, 0xbc, 0xd6, 0x59, 0xe7, 0x77, 0x94, 0x6c, 0xab, 0x96, 0x3b, 0x4f, 0x09}}},
+{{{0x5a, 0xf7, 0x6b, 0x01, 0x12, 0x4f, 0x51, 0xc1, 0x70, 0x84, 0x94, 0x47, 0xb2, 0x01, 0x6c, 0x71, 0xd7, 0xcc, 0x17, 0x66, 0x0f, 0x59, 0x5d, 0x5d, 0x10, 0x01, 0x57, 0x11, 0xf5, 0xdd, 0xe2, 0x34}} ,
+ {{0x26, 0xd9, 0x1f, 0x5c, 0x58, 0xac, 0x8b, 0x03, 0xd2, 0xc3, 0x85, 0x0f, 0x3a, 0xc3, 0x7f, 0x6d, 0x8e, 0x86, 0xcd, 0x52, 0x74, 0x8f, 0x55, 0x77, 0x17, 0xb7, 0x8e, 0xb7, 0x88, 0xea, 0xda, 0x1b}}},
+{{{0xb6, 0xea, 0x0e, 0x40, 0x93, 0x20, 0x79, 0x35, 0x6a, 0x61, 0x84, 0x5a, 0x07, 0x6d, 0xf9, 0x77, 0x6f, 0xed, 0x69, 0x1c, 0x0d, 0x25, 0x76, 0xcc, 0xf0, 0xdb, 0xbb, 0xc5, 0xad, 0xe2, 0x26, 0x57}} ,
+ {{0xcf, 0xe8, 0x0e, 0x6b, 0x96, 0x7d, 0xed, 0x27, 0xd1, 0x3c, 0xa9, 0xd9, 0x50, 0xa9, 0x98, 0x84, 0x5e, 0x86, 0xef, 0xd6, 0xf0, 0xf8, 0x0e, 0x89, 0x05, 0x2f, 0xd9, 0x5f, 0x15, 0x5f, 0x73, 0x79}}},
+{{{0xc8, 0x5c, 0x16, 0xfe, 0xed, 0x9f, 0x26, 0x56, 0xf6, 0x4b, 0x9f, 0xa7, 0x0a, 0x85, 0xfe, 0xa5, 0x8c, 0x87, 0xdd, 0x98, 0xce, 0x4e, 0xc3, 0x58, 0x55, 0xb2, 0x7b, 0x3d, 0xd8, 0x6b, 0xb5, 0x4c}} ,
+ {{0x65, 0x38, 0xa0, 0x15, 0xfa, 0xa7, 0xb4, 0x8f, 0xeb, 0xc4, 0x86, 0x9b, 0x30, 0xa5, 0x5e, 0x4d, 0xea, 0x8a, 0x9a, 0x9f, 0x1a, 0xd8, 0x5b, 0x53, 0x14, 0x19, 0x25, 0x63, 0xb4, 0x6f, 0x1f, 0x5d}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xac, 0x8f, 0xbc, 0x1e, 0x7d, 0x8b, 0x5a, 0x0b, 0x8d, 0xaf, 0x76, 0x2e, 0x71, 0xe3, 0x3b, 0x6f, 0x53, 0x2f, 0x3e, 0x90, 0x95, 0xd4, 0x35, 0x14, 0x4f, 0x8c, 0x3c, 0xce, 0x57, 0x1c, 0x76, 0x49}} ,
+ {{0xa8, 0x50, 0xe1, 0x61, 0x6b, 0x57, 0x35, 0xeb, 0x44, 0x0b, 0x0c, 0x6e, 0xf9, 0x25, 0x80, 0x74, 0xf2, 0x8f, 0x6f, 0x7a, 0x3e, 0x7f, 0x2d, 0xf3, 0x4e, 0x09, 0x65, 0x10, 0x5e, 0x03, 0x25, 0x32}}},
+{{{0xa9, 0x60, 0xdc, 0x0f, 0x64, 0xe5, 0x1d, 0xe2, 0x8d, 0x4f, 0x79, 0x2f, 0x0e, 0x24, 0x02, 0x00, 0x05, 0x77, 0x43, 0x25, 0x3d, 0x6a, 0xc7, 0xb7, 0xbf, 0x04, 0x08, 0x65, 0xf4, 0x39, 0x4b, 0x65}} ,
+ {{0x96, 0x19, 0x12, 0x6b, 0x6a, 0xb7, 0xe3, 0xdc, 0x45, 0x9b, 0xdb, 0xb4, 0xa8, 0xae, 0xdc, 0xa8, 0x14, 0x44, 0x65, 0x62, 0xce, 0x34, 0x9a, 0x84, 0x18, 0x12, 0x01, 0xf1, 0xe2, 0x7b, 0xce, 0x50}}},
+{{{0x41, 0x21, 0x30, 0x53, 0x1b, 0x47, 0x01, 0xb7, 0x18, 0xd8, 0x82, 0x57, 0xbd, 0xa3, 0x60, 0xf0, 0x32, 0xf6, 0x5b, 0xf0, 0x30, 0x88, 0x91, 0x59, 0xfd, 0x90, 0xa2, 0xb9, 0x55, 0x93, 0x21, 0x34}} ,
+ {{0x97, 0x67, 0x9e, 0xeb, 0x6a, 0xf9, 0x6e, 0xd6, 0x73, 0xe8, 0x6b, 0x29, 0xec, 0x63, 0x82, 0x00, 0xa8, 0x99, 0x1c, 0x1d, 0x30, 0xc8, 0x90, 0x52, 0x90, 0xb6, 0x6a, 0x80, 0x4e, 0xff, 0x4b, 0x51}}},
+{{{0x0f, 0x7d, 0x63, 0x8c, 0x6e, 0x5c, 0xde, 0x30, 0xdf, 0x65, 0xfa, 0x2e, 0xb0, 0xa3, 0x25, 0x05, 0x54, 0xbd, 0x25, 0xba, 0x06, 0xae, 0xdf, 0x8b, 0xd9, 0x1b, 0xea, 0x38, 0xb3, 0x05, 0x16, 0x09}} ,
+ {{0xc7, 0x8c, 0xbf, 0x64, 0x28, 0xad, 0xf8, 0xa5, 0x5a, 0x6f, 0xc9, 0xba, 0xd5, 0x7f, 0xd5, 0xd6, 0xbd, 0x66, 0x2f, 0x3d, 0xaa, 0x54, 0xf6, 0xba, 0x32, 0x22, 0x9a, 0x1e, 0x52, 0x05, 0xf4, 0x1d}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xaa, 0x1f, 0xbb, 0xeb, 0xfe, 0xe4, 0x87, 0xfc, 0xb1, 0x2c, 0xb7, 0x88, 0xf4, 0xc6, 0xb9, 0xf5, 0x24, 0x46, 0xf2, 0xa5, 0x9f, 0x8f, 0x8a, 0x93, 0x70, 0x69, 0xd4, 0x56, 0xec, 0xfd, 0x06, 0x46}} ,
+ {{0x4e, 0x66, 0xcf, 0x4e, 0x34, 0xce, 0x0c, 0xd9, 0xa6, 0x50, 0xd6, 0x5e, 0x95, 0xaf, 0xe9, 0x58, 0xfa, 0xee, 0x9b, 0xb8, 0xa5, 0x0f, 0x35, 0xe0, 0x43, 0x82, 0x6d, 0x65, 0xe6, 0xd9, 0x00, 0x0f}}},
+{{{0x7b, 0x75, 0x3a, 0xfc, 0x64, 0xd3, 0x29, 0x7e, 0xdd, 0x49, 0x9a, 0x59, 0x53, 0xbf, 0xb4, 0xa7, 0x52, 0xb3, 0x05, 0xab, 0xc3, 0xaf, 0x16, 0x1a, 0x85, 0x42, 0x32, 0xa2, 0x86, 0xfa, 0x39, 0x43}} ,
+ {{0x0e, 0x4b, 0xa3, 0x63, 0x8a, 0xfe, 0xa5, 0x58, 0xf1, 0x13, 0xbd, 0x9d, 0xaa, 0x7f, 0x76, 0x40, 0x70, 0x81, 0x10, 0x75, 0x99, 0xbb, 0xbe, 0x0b, 0x16, 0xe9, 0xba, 0x62, 0x34, 0xcc, 0x07, 0x6d}}},
+{{{0xc3, 0xf1, 0xc6, 0x93, 0x65, 0xee, 0x0b, 0xbc, 0xea, 0x14, 0xf0, 0xc1, 0xf8, 0x84, 0x89, 0xc2, 0xc9, 0xd7, 0xea, 0x34, 0xca, 0xa7, 0xc4, 0x99, 0xd5, 0x50, 0x69, 0xcb, 0xd6, 0x21, 0x63, 0x7c}} ,
+ {{0x99, 0xeb, 0x7c, 0x31, 0x73, 0x64, 0x67, 0x7f, 0x0c, 0x66, 0xaa, 0x8c, 0x69, 0x91, 0xe2, 0x26, 0xd3, 0x23, 0xe2, 0x76, 0x5d, 0x32, 0x52, 0xdf, 0x5d, 0xc5, 0x8f, 0xb7, 0x7c, 0x84, 0xb3, 0x70}}},
+{{{0xeb, 0x01, 0xc7, 0x36, 0x97, 0x4e, 0xb6, 0xab, 0x5f, 0x0d, 0x2c, 0xba, 0x67, 0x64, 0x55, 0xde, 0xbc, 0xff, 0xa6, 0xec, 0x04, 0xd3, 0x8d, 0x39, 0x56, 0x5e, 0xee, 0xf8, 0xe4, 0x2e, 0x33, 0x62}} ,
+ {{0x65, 0xef, 0xb8, 0x9f, 0xc8, 0x4b, 0xa7, 0xfd, 0x21, 0x49, 0x9b, 0x92, 0x35, 0x82, 0xd6, 0x0a, 0x9b, 0xf2, 0x79, 0xf1, 0x47, 0x2f, 0x6a, 0x7e, 0x9f, 0xcf, 0x18, 0x02, 0x3c, 0xfb, 0x1b, 0x3e}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x2f, 0x8b, 0xc8, 0x40, 0x51, 0xd1, 0xac, 0x1a, 0x0b, 0xe4, 0xa9, 0xa2, 0x42, 0x21, 0x19, 0x2f, 0x7b, 0x97, 0xbf, 0xf7, 0x57, 0x6d, 0x3f, 0x3d, 0x4f, 0x0f, 0xe2, 0xb2, 0x81, 0x00, 0x9e, 0x7b}} ,
+ {{0x8c, 0x85, 0x2b, 0xc4, 0xfc, 0xf1, 0xab, 0xe8, 0x79, 0x22, 0xc4, 0x84, 0x17, 0x3a, 0xfa, 0x86, 0xa6, 0x7d, 0xf9, 0xf3, 0x6f, 0x03, 0x57, 0x20, 0x4d, 0x79, 0xf9, 0x6e, 0x71, 0x54, 0x38, 0x09}}},
+{{{0x40, 0x29, 0x74, 0xa8, 0x2f, 0x5e, 0xf9, 0x79, 0xa4, 0xf3, 0x3e, 0xb9, 0xfd, 0x33, 0x31, 0xac, 0x9a, 0x69, 0x88, 0x1e, 0x77, 0x21, 0x2d, 0xf3, 0x91, 0x52, 0x26, 0x15, 0xb2, 0xa6, 0xcf, 0x7e}} ,
+ {{0xc6, 0x20, 0x47, 0x6c, 0xa4, 0x7d, 0xcb, 0x63, 0xea, 0x5b, 0x03, 0xdf, 0x3e, 0x88, 0x81, 0x6d, 0xce, 0x07, 0x42, 0x18, 0x60, 0x7e, 0x7b, 0x55, 0xfe, 0x6a, 0xf3, 0xda, 0x5c, 0x8b, 0x95, 0x10}}},
+{{{0x62, 0xe4, 0x0d, 0x03, 0xb4, 0xd7, 0xcd, 0xfa, 0xbd, 0x46, 0xdf, 0x93, 0x71, 0x10, 0x2c, 0xa8, 0x3b, 0xb6, 0x09, 0x05, 0x70, 0x84, 0x43, 0x29, 0xa8, 0x59, 0xf5, 0x8e, 0x10, 0xe4, 0xd7, 0x20}} ,
+ {{0x57, 0x82, 0x1c, 0xab, 0xbf, 0x62, 0x70, 0xe8, 0xc4, 0xcf, 0xf0, 0x28, 0x6e, 0x16, 0x3c, 0x08, 0x78, 0x89, 0x85, 0x46, 0x0f, 0xf6, 0x7f, 0xcf, 0xcb, 0x7e, 0xb8, 0x25, 0xe9, 0x5a, 0xfa, 0x03}}},
+{{{0xfb, 0x95, 0x92, 0x63, 0x50, 0xfc, 0x62, 0xf0, 0xa4, 0x5e, 0x8c, 0x18, 0xc2, 0x17, 0x24, 0xb7, 0x78, 0xc2, 0xa9, 0xe7, 0x6a, 0x32, 0xd6, 0x29, 0x85, 0xaf, 0xcb, 0x8d, 0x91, 0x13, 0xda, 0x6b}} ,
+ {{0x36, 0x0a, 0xc2, 0xb6, 0x4b, 0xa5, 0x5d, 0x07, 0x17, 0x41, 0x31, 0x5f, 0x62, 0x46, 0xf8, 0x92, 0xf9, 0x66, 0x48, 0x73, 0xa6, 0x97, 0x0d, 0x7d, 0x88, 0xee, 0x62, 0xb1, 0x03, 0xa8, 0x3f, 0x2c}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x4a, 0xb1, 0x70, 0x8a, 0xa9, 0xe8, 0x63, 0x79, 0x00, 0xe2, 0x25, 0x16, 0xca, 0x4b, 0x0f, 0xa4, 0x66, 0xad, 0x19, 0x9f, 0x88, 0x67, 0x0c, 0x8b, 0xc2, 0x4a, 0x5b, 0x2b, 0x6d, 0x95, 0xaf, 0x19}} ,
+ {{0x8b, 0x9d, 0xb6, 0xcc, 0x60, 0xb4, 0x72, 0x4f, 0x17, 0x69, 0x5a, 0x4a, 0x68, 0x34, 0xab, 0xa1, 0x45, 0x32, 0x3c, 0x83, 0x87, 0x72, 0x30, 0x54, 0x77, 0x68, 0xae, 0xfb, 0xb5, 0x8b, 0x22, 0x5e}}},
+{{{0xf1, 0xb9, 0x87, 0x35, 0xc5, 0xbb, 0xb9, 0xcf, 0xf5, 0xd6, 0xcd, 0xd5, 0x0c, 0x7c, 0x0e, 0xe6, 0x90, 0x34, 0xfb, 0x51, 0x42, 0x1e, 0x6d, 0xac, 0x9a, 0x46, 0xc4, 0x97, 0x29, 0x32, 0xbf, 0x45}} ,
+ {{0x66, 0x9e, 0xc6, 0x24, 0xc0, 0xed, 0xa5, 0x5d, 0x88, 0xd4, 0xf0, 0x73, 0x97, 0x7b, 0xea, 0x7f, 0x42, 0xff, 0x21, 0xa0, 0x9b, 0x2f, 0x9a, 0xfd, 0x53, 0x57, 0x07, 0x84, 0x48, 0x88, 0x9d, 0x52}}},
+{{{0xc6, 0x96, 0x48, 0x34, 0x2a, 0x06, 0xaf, 0x94, 0x3d, 0xf4, 0x1a, 0xcf, 0xf2, 0xc0, 0x21, 0xc2, 0x42, 0x5e, 0xc8, 0x2f, 0x35, 0xa2, 0x3e, 0x29, 0xfa, 0x0c, 0x84, 0xe5, 0x89, 0x72, 0x7c, 0x06}} ,
+ {{0x32, 0x65, 0x03, 0xe5, 0x89, 0xa6, 0x6e, 0xb3, 0x5b, 0x8e, 0xca, 0xeb, 0xfe, 0x22, 0x56, 0x8b, 0x5d, 0x14, 0x4b, 0x4d, 0xf9, 0xbe, 0xb5, 0xf5, 0xe6, 0x5c, 0x7b, 0x8b, 0xf4, 0x13, 0x11, 0x34}}},
+{{{0x07, 0xc6, 0x22, 0x15, 0xe2, 0x9c, 0x60, 0xa2, 0x19, 0xd9, 0x27, 0xae, 0x37, 0x4e, 0xa6, 0xc9, 0x80, 0xa6, 0x91, 0x8f, 0x12, 0x49, 0xe5, 0x00, 0x18, 0x47, 0xd1, 0xd7, 0x28, 0x22, 0x63, 0x39}} ,
+ {{0xe8, 0xe2, 0x00, 0x7e, 0xf2, 0x9e, 0x1e, 0x99, 0x39, 0x95, 0x04, 0xbd, 0x1e, 0x67, 0x7b, 0xb2, 0x26, 0xac, 0xe6, 0xaa, 0xe2, 0x46, 0xd5, 0xe4, 0xe8, 0x86, 0xbd, 0xab, 0x7c, 0x55, 0x59, 0x6f}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x24, 0x64, 0x6e, 0x9b, 0x35, 0x71, 0x78, 0xce, 0x33, 0x03, 0x21, 0x33, 0x36, 0xf1, 0x73, 0x9b, 0xb9, 0x15, 0x8b, 0x2c, 0x69, 0xcf, 0x4d, 0xed, 0x4f, 0x4d, 0x57, 0x14, 0x13, 0x82, 0xa4, 0x4d}} ,
+ {{0x65, 0x6e, 0x0a, 0xa4, 0x59, 0x07, 0x17, 0xf2, 0x6b, 0x4a, 0x1f, 0x6e, 0xf6, 0xb5, 0xbc, 0x62, 0xe4, 0xb6, 0xda, 0xa2, 0x93, 0xbc, 0x29, 0x05, 0xd2, 0xd2, 0x73, 0x46, 0x03, 0x16, 0x40, 0x31}}},
+{{{0x4c, 0x73, 0x6d, 0x15, 0xbd, 0xa1, 0x4d, 0x5c, 0x13, 0x0b, 0x24, 0x06, 0x98, 0x78, 0x1c, 0x5b, 0xeb, 0x1f, 0x18, 0x54, 0x43, 0xd9, 0x55, 0x66, 0xda, 0x29, 0x21, 0xe8, 0xb8, 0x3c, 0x42, 0x22}} ,
+ {{0xb4, 0xcd, 0x08, 0x6f, 0x15, 0x23, 0x1a, 0x0b, 0x22, 0xed, 0xd1, 0xf1, 0xa7, 0xc7, 0x73, 0x45, 0xf3, 0x9e, 0xce, 0x76, 0xb7, 0xf6, 0x39, 0xb6, 0x8e, 0x79, 0xbe, 0xe9, 0x9b, 0xcf, 0x7d, 0x62}}},
+{{{0x92, 0x5b, 0xfc, 0x72, 0xfd, 0xba, 0xf1, 0xfd, 0xa6, 0x7c, 0x95, 0xe3, 0x61, 0x3f, 0xe9, 0x03, 0xd4, 0x2b, 0xd4, 0x20, 0xd9, 0xdb, 0x4d, 0x32, 0x3e, 0xf5, 0x11, 0x64, 0xe3, 0xb4, 0xbe, 0x32}} ,
+ {{0x86, 0x17, 0x90, 0xe7, 0xc9, 0x1f, 0x10, 0xa5, 0x6a, 0x2d, 0x39, 0xd0, 0x3b, 0xc4, 0xa6, 0xe9, 0x59, 0x13, 0xda, 0x1a, 0xe6, 0xa0, 0xb9, 0x3c, 0x50, 0xb8, 0x40, 0x7c, 0x15, 0x36, 0x5a, 0x42}}},
+{{{0xb4, 0x0b, 0x32, 0xab, 0xdc, 0x04, 0x51, 0x55, 0x21, 0x1e, 0x0b, 0x75, 0x99, 0x89, 0x73, 0x35, 0x3a, 0x91, 0x2b, 0xfe, 0xe7, 0x49, 0xea, 0x76, 0xc1, 0xf9, 0x46, 0xb9, 0x53, 0x02, 0x23, 0x04}} ,
+ {{0xfc, 0x5a, 0x1e, 0x1d, 0x74, 0x58, 0x95, 0xa6, 0x8f, 0x7b, 0x97, 0x3e, 0x17, 0x3b, 0x79, 0x2d, 0xa6, 0x57, 0xef, 0x45, 0x02, 0x0b, 0x4d, 0x6e, 0x9e, 0x93, 0x8d, 0x2f, 0xd9, 0x9d, 0xdb, 0x04}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xc0, 0xd7, 0x56, 0x97, 0x58, 0x91, 0xde, 0x09, 0x4f, 0x9f, 0xbe, 0x63, 0xb0, 0x83, 0x86, 0x43, 0x5d, 0xbc, 0xe0, 0xf3, 0xc0, 0x75, 0xbf, 0x8b, 0x8e, 0xaa, 0xf7, 0x8b, 0x64, 0x6e, 0xb0, 0x63}} ,
+ {{0x16, 0xae, 0x8b, 0xe0, 0x9b, 0x24, 0x68, 0x5c, 0x44, 0xc2, 0xd0, 0x08, 0xb7, 0x7b, 0x62, 0xfd, 0x7f, 0xd8, 0xd4, 0xb7, 0x50, 0xfd, 0x2c, 0x1b, 0xbf, 0x41, 0x95, 0xd9, 0x8e, 0xd8, 0x17, 0x1b}}},
+{{{0x86, 0x55, 0x37, 0x8e, 0xc3, 0x38, 0x48, 0x14, 0xb5, 0x97, 0xd2, 0xa7, 0x54, 0x45, 0xf1, 0x35, 0x44, 0x38, 0x9e, 0xf1, 0x1b, 0xb6, 0x34, 0x00, 0x3c, 0x96, 0xee, 0x29, 0x00, 0xea, 0x2c, 0x0b}} ,
+ {{0xea, 0xda, 0x99, 0x9e, 0x19, 0x83, 0x66, 0x6d, 0xe9, 0x76, 0x87, 0x50, 0xd1, 0xfd, 0x3c, 0x60, 0x87, 0xc6, 0x41, 0xd9, 0x8e, 0xdb, 0x5e, 0xde, 0xaa, 0x9a, 0xd3, 0x28, 0xda, 0x95, 0xea, 0x47}}},
+{{{0xd0, 0x80, 0xba, 0x19, 0xae, 0x1d, 0xa9, 0x79, 0xf6, 0x3f, 0xac, 0x5d, 0x6f, 0x96, 0x1f, 0x2a, 0xce, 0x29, 0xb2, 0xff, 0x37, 0xf1, 0x94, 0x8f, 0x0c, 0xb5, 0x28, 0xba, 0x9a, 0x21, 0xf6, 0x66}} ,
+ {{0x02, 0xfb, 0x54, 0xb8, 0x05, 0xf3, 0x81, 0x52, 0x69, 0x34, 0x46, 0x9d, 0x86, 0x76, 0x8f, 0xd7, 0xf8, 0x6a, 0x66, 0xff, 0xe6, 0xa7, 0x90, 0xf7, 0x5e, 0xcd, 0x6a, 0x9b, 0x55, 0xfc, 0x9d, 0x48}}},
+{{{0xbd, 0xaa, 0x13, 0xe6, 0xcd, 0x45, 0x4a, 0xa4, 0x59, 0x0a, 0x64, 0xb1, 0x98, 0xd6, 0x34, 0x13, 0x04, 0xe6, 0x97, 0x94, 0x06, 0xcb, 0xd4, 0x4e, 0xbb, 0x96, 0xcd, 0xd1, 0x57, 0xd1, 0xe3, 0x06}} ,
+ {{0x7a, 0x6c, 0x45, 0x27, 0xc4, 0x93, 0x7f, 0x7d, 0x7c, 0x62, 0x50, 0x38, 0x3a, 0x6b, 0xb5, 0x88, 0xc6, 0xd9, 0xf1, 0x78, 0x19, 0xb9, 0x39, 0x93, 0x3d, 0xc9, 0xe0, 0x9c, 0x3c, 0xce, 0xf5, 0x72}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x24, 0xea, 0x23, 0x7d, 0x56, 0x2c, 0xe2, 0x59, 0x0e, 0x85, 0x60, 0x04, 0x88, 0x5a, 0x74, 0x1e, 0x4b, 0xef, 0x13, 0xda, 0x4c, 0xff, 0x83, 0x45, 0x85, 0x3f, 0x08, 0x95, 0x2c, 0x20, 0x13, 0x1f}} ,
+ {{0x48, 0x5f, 0x27, 0x90, 0x5c, 0x02, 0x42, 0xad, 0x78, 0x47, 0x5c, 0xb5, 0x7e, 0x08, 0x85, 0x00, 0xfa, 0x7f, 0xfd, 0xfd, 0xe7, 0x09, 0x11, 0xf2, 0x7e, 0x1b, 0x38, 0x6c, 0x35, 0x6d, 0x33, 0x66}}},
+{{{0x93, 0x03, 0x36, 0x81, 0xac, 0xe4, 0x20, 0x09, 0x35, 0x4c, 0x45, 0xb2, 0x1e, 0x4c, 0x14, 0x21, 0xe6, 0xe9, 0x8a, 0x7b, 0x8d, 0xfe, 0x1e, 0xc6, 0x3e, 0xc1, 0x35, 0xfa, 0xe7, 0x70, 0x4e, 0x1d}} ,
+ {{0x61, 0x2e, 0xc2, 0xdd, 0x95, 0x57, 0xd1, 0xab, 0x80, 0xe8, 0x63, 0x17, 0xb5, 0x48, 0xe4, 0x8a, 0x11, 0x9e, 0x72, 0xbe, 0x85, 0x8d, 0x51, 0x0a, 0xf2, 0x9f, 0xe0, 0x1c, 0xa9, 0x07, 0x28, 0x7b}}},
+{{{0xbb, 0x71, 0x14, 0x5e, 0x26, 0x8c, 0x3d, 0xc8, 0xe9, 0x7c, 0xd3, 0xd6, 0xd1, 0x2f, 0x07, 0x6d, 0xe6, 0xdf, 0xfb, 0x79, 0xd6, 0x99, 0x59, 0x96, 0x48, 0x40, 0x0f, 0x3a, 0x7b, 0xb2, 0xa0, 0x72}} ,
+ {{0x4e, 0x3b, 0x69, 0xc8, 0x43, 0x75, 0x51, 0x6c, 0x79, 0x56, 0xe4, 0xcb, 0xf7, 0xa6, 0x51, 0xc2, 0x2c, 0x42, 0x0b, 0xd4, 0x82, 0x20, 0x1c, 0x01, 0x08, 0x66, 0xd7, 0xbf, 0x04, 0x56, 0xfc, 0x02}}},
+{{{0x24, 0xe8, 0xb7, 0x60, 0xae, 0x47, 0x80, 0xfc, 0xe5, 0x23, 0xe7, 0xc2, 0xc9, 0x85, 0xe6, 0x98, 0xa0, 0x29, 0x4e, 0xe1, 0x84, 0x39, 0x2d, 0x95, 0x2c, 0xf3, 0x45, 0x3c, 0xff, 0xaf, 0x27, 0x4c}} ,
+ {{0x6b, 0xa6, 0xf5, 0x4b, 0x11, 0xbd, 0xba, 0x5b, 0x9e, 0xc4, 0xa4, 0x51, 0x1e, 0xbe, 0xd0, 0x90, 0x3a, 0x9c, 0xc2, 0x26, 0xb6, 0x1e, 0xf1, 0x95, 0x7d, 0xc8, 0x6d, 0x52, 0xe6, 0x99, 0x2c, 0x5f}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x85, 0xe0, 0x24, 0x32, 0xb4, 0xd1, 0xef, 0xfc, 0x69, 0xa2, 0xbf, 0x8f, 0x72, 0x2c, 0x95, 0xf6, 0xe4, 0x6e, 0x7d, 0x90, 0xf7, 0x57, 0x81, 0xa0, 0xf7, 0xda, 0xef, 0x33, 0x07, 0xe3, 0x6b, 0x78}} ,
+ {{0x36, 0x27, 0x3e, 0xc6, 0x12, 0x07, 0xab, 0x4e, 0xbe, 0x69, 0x9d, 0xb3, 0xbe, 0x08, 0x7c, 0x2a, 0x47, 0x08, 0xfd, 0xd4, 0xcd, 0x0e, 0x27, 0x34, 0x5b, 0x98, 0x34, 0x2f, 0x77, 0x5f, 0x3a, 0x65}}},
+{{{0x13, 0xaa, 0x2e, 0x4c, 0xf0, 0x22, 0xb8, 0x6c, 0xb3, 0x19, 0x4d, 0xeb, 0x6b, 0xd0, 0xa4, 0xc6, 0x9c, 0xdd, 0xc8, 0x5b, 0x81, 0x57, 0x89, 0xdf, 0x33, 0xa9, 0x68, 0x49, 0x80, 0xe4, 0xfe, 0x21}} ,
+ {{0x00, 0x17, 0x90, 0x30, 0xe9, 0xd3, 0x60, 0x30, 0x31, 0xc2, 0x72, 0x89, 0x7a, 0x36, 0xa5, 0xbd, 0x39, 0x83, 0x85, 0x50, 0xa1, 0x5d, 0x6c, 0x41, 0x1d, 0xb5, 0x2c, 0x07, 0x40, 0x77, 0x0b, 0x50}}},
+{{{0x64, 0x34, 0xec, 0xc0, 0x9e, 0x44, 0x41, 0xaf, 0xa0, 0x36, 0x05, 0x6d, 0xea, 0x30, 0x25, 0x46, 0x35, 0x24, 0x9d, 0x86, 0xbd, 0x95, 0xf1, 0x6a, 0x46, 0xd7, 0x94, 0x54, 0xf9, 0x3b, 0xbd, 0x5d}} ,
+ {{0x77, 0x5b, 0xe2, 0x37, 0xc7, 0xe1, 0x7c, 0x13, 0x8c, 0x9f, 0x7b, 0x7b, 0x2a, 0xce, 0x42, 0xa3, 0xb9, 0x2a, 0x99, 0xa8, 0xc0, 0xd8, 0x3c, 0x86, 0xb0, 0xfb, 0xe9, 0x76, 0x77, 0xf7, 0xf5, 0x56}}},
+{{{0xdf, 0xb3, 0x46, 0x11, 0x6e, 0x13, 0xb7, 0x28, 0x4e, 0x56, 0xdd, 0xf1, 0xac, 0xad, 0x58, 0xc3, 0xf8, 0x88, 0x94, 0x5e, 0x06, 0x98, 0xa1, 0xe4, 0x6a, 0xfb, 0x0a, 0x49, 0x5d, 0x8a, 0xfe, 0x77}} ,
+ {{0x46, 0x02, 0xf5, 0xa5, 0xaf, 0xc5, 0x75, 0x6d, 0xba, 0x45, 0x35, 0x0a, 0xfe, 0xc9, 0xac, 0x22, 0x91, 0x8d, 0x21, 0x95, 0x33, 0x03, 0xc0, 0x8a, 0x16, 0xf3, 0x39, 0xe0, 0x01, 0x0f, 0x53, 0x3c}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x34, 0x75, 0x37, 0x1f, 0x34, 0x4e, 0xa9, 0x1d, 0x68, 0x67, 0xf8, 0x49, 0x98, 0x96, 0xfc, 0x4c, 0x65, 0x97, 0xf7, 0x02, 0x4a, 0x52, 0x6c, 0x01, 0xbd, 0x48, 0xbb, 0x1b, 0xed, 0xa4, 0xe2, 0x53}} ,
+ {{0x59, 0xd5, 0x9b, 0x5a, 0xa2, 0x90, 0xd3, 0xb8, 0x37, 0x4c, 0x55, 0x82, 0x28, 0x08, 0x0f, 0x7f, 0xaa, 0x81, 0x65, 0xe0, 0x0c, 0x52, 0xc9, 0xa3, 0x32, 0x27, 0x64, 0xda, 0xfd, 0x34, 0x23, 0x5a}}},
+{{{0xb5, 0xb0, 0x0c, 0x4d, 0xb3, 0x7b, 0x23, 0xc8, 0x1f, 0x8a, 0x39, 0x66, 0xe6, 0xba, 0x4c, 0x10, 0x37, 0xca, 0x9c, 0x7c, 0x05, 0x9e, 0xff, 0xc0, 0xf8, 0x8e, 0xb1, 0x8f, 0x6f, 0x67, 0x18, 0x26}} ,
+ {{0x4b, 0x41, 0x13, 0x54, 0x23, 0x1a, 0xa4, 0x4e, 0xa9, 0x8b, 0x1e, 0x4b, 0xfc, 0x15, 0x24, 0xbb, 0x7e, 0xcb, 0xb6, 0x1e, 0x1b, 0xf5, 0xf2, 0xc8, 0x56, 0xec, 0x32, 0xa2, 0x60, 0x5b, 0xa0, 0x2a}}},
+{{{0xa4, 0x29, 0x47, 0x86, 0x2e, 0x92, 0x4f, 0x11, 0x4f, 0xf3, 0xb2, 0x5c, 0xd5, 0x3e, 0xa6, 0xb9, 0xc8, 0xe2, 0x33, 0x11, 0x1f, 0x01, 0x8f, 0xb0, 0x9b, 0xc7, 0xa5, 0xff, 0x83, 0x0f, 0x1e, 0x28}} ,
+ {{0x1d, 0x29, 0x7a, 0xa1, 0xec, 0x8e, 0xb5, 0xad, 0xea, 0x02, 0x68, 0x60, 0x74, 0x29, 0x1c, 0xa5, 0xcf, 0xc8, 0x3b, 0x7d, 0x8b, 0x2b, 0x7c, 0xad, 0xa4, 0x40, 0x17, 0x51, 0x59, 0x7c, 0x2e, 0x5d}}},
+{{{0x0a, 0x6c, 0x4f, 0xbc, 0x3e, 0x32, 0xe7, 0x4a, 0x1a, 0x13, 0xc1, 0x49, 0x38, 0xbf, 0xf7, 0xc2, 0xd3, 0x8f, 0x6b, 0xad, 0x52, 0xf7, 0xcf, 0xbc, 0x27, 0xcb, 0x40, 0x67, 0x76, 0xcd, 0x6d, 0x56}} ,
+ {{0xe5, 0xb0, 0x27, 0xad, 0xbe, 0x9b, 0xf2, 0xb5, 0x63, 0xde, 0x3a, 0x23, 0x95, 0xb7, 0x0a, 0x7e, 0xf3, 0x9e, 0x45, 0x6f, 0x19, 0x39, 0x75, 0x8f, 0x39, 0x3d, 0x0f, 0xc0, 0x9f, 0xf1, 0xe9, 0x51}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x88, 0xaa, 0x14, 0x24, 0x86, 0x94, 0x11, 0x12, 0x3e, 0x1a, 0xb5, 0xcc, 0xbb, 0xe0, 0x9c, 0xd5, 0x9c, 0x6d, 0xba, 0x58, 0x72, 0x8d, 0xfb, 0x22, 0x7b, 0x9f, 0x7c, 0x94, 0x30, 0xb3, 0x51, 0x21}} ,
+ {{0xf6, 0x74, 0x3d, 0xf2, 0xaf, 0xd0, 0x1e, 0x03, 0x7c, 0x23, 0x6b, 0xc9, 0xfc, 0x25, 0x70, 0x90, 0xdc, 0x9a, 0xa4, 0xfb, 0x49, 0xfc, 0x3d, 0x0a, 0x35, 0x38, 0x6f, 0xe4, 0x7e, 0x50, 0x01, 0x2a}}},
+{{{0xd6, 0xe3, 0x96, 0x61, 0x3a, 0xfd, 0xef, 0x9b, 0x1f, 0x90, 0xa4, 0x24, 0x14, 0x5b, 0xc8, 0xde, 0x50, 0xb1, 0x1d, 0xaf, 0xe8, 0x55, 0x8a, 0x87, 0x0d, 0xfe, 0xaa, 0x3b, 0x82, 0x2c, 0x8d, 0x7b}} ,
+ {{0x85, 0x0c, 0xaf, 0xf8, 0x83, 0x44, 0x49, 0xd9, 0x45, 0xcf, 0xf7, 0x48, 0xd9, 0x53, 0xb4, 0xf1, 0x65, 0xa0, 0xe1, 0xc3, 0xb3, 0x15, 0xed, 0x89, 0x9b, 0x4f, 0x62, 0xb3, 0x57, 0xa5, 0x45, 0x1c}}},
+{{{0x8f, 0x12, 0xea, 0xaf, 0xd1, 0x1f, 0x79, 0x10, 0x0b, 0xf6, 0xa3, 0x7b, 0xea, 0xac, 0x8b, 0x57, 0x32, 0x62, 0xe7, 0x06, 0x12, 0x51, 0xa0, 0x3b, 0x43, 0x5e, 0xa4, 0x20, 0x78, 0x31, 0xce, 0x0d}} ,
+ {{0x84, 0x7c, 0xc2, 0xa6, 0x91, 0x23, 0xce, 0xbd, 0xdc, 0xf9, 0xce, 0xd5, 0x75, 0x30, 0x22, 0xe6, 0xf9, 0x43, 0x62, 0x0d, 0xf7, 0x75, 0x9d, 0x7f, 0x8c, 0xff, 0x7d, 0xe4, 0x72, 0xac, 0x9f, 0x1c}}},
+{{{0x88, 0xc1, 0x99, 0xd0, 0x3c, 0x1c, 0x5d, 0xb4, 0xef, 0x13, 0x0f, 0x90, 0xb9, 0x36, 0x2f, 0x95, 0x95, 0xc6, 0xdc, 0xde, 0x0a, 0x51, 0xe2, 0x8d, 0xf3, 0xbc, 0x51, 0xec, 0xdf, 0xb1, 0xa2, 0x5f}} ,
+ {{0x2e, 0x68, 0xa1, 0x23, 0x7d, 0x9b, 0x40, 0x69, 0x85, 0x7b, 0x42, 0xbf, 0x90, 0x4b, 0xd6, 0x40, 0x2f, 0xd7, 0x52, 0x52, 0xb2, 0x21, 0xde, 0x64, 0xbd, 0x88, 0xc3, 0x6d, 0xa5, 0xfa, 0x81, 0x3f}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xfb, 0xfd, 0x47, 0x7b, 0x8a, 0x66, 0x9e, 0x79, 0x2e, 0x64, 0x82, 0xef, 0xf7, 0x21, 0xec, 0xf6, 0xd8, 0x86, 0x09, 0x31, 0x7c, 0xdd, 0x03, 0x6a, 0x58, 0xa0, 0x77, 0xb7, 0x9b, 0x8c, 0x87, 0x1f}} ,
+ {{0x55, 0x47, 0xe4, 0xa8, 0x3d, 0x55, 0x21, 0x34, 0xab, 0x1d, 0xae, 0xe0, 0xf4, 0xea, 0xdb, 0xc5, 0xb9, 0x58, 0xbf, 0xc4, 0x2a, 0x89, 0x31, 0x1a, 0xf4, 0x2d, 0xe1, 0xca, 0x37, 0x99, 0x47, 0x59}}},
+{{{0xc7, 0xca, 0x63, 0xc1, 0x49, 0xa9, 0x35, 0x45, 0x55, 0x7e, 0xda, 0x64, 0x32, 0x07, 0x50, 0xf7, 0x32, 0xac, 0xde, 0x75, 0x58, 0x9b, 0x11, 0xb2, 0x3a, 0x1f, 0xf5, 0xf7, 0x79, 0x04, 0xe6, 0x08}} ,
+ {{0x46, 0xfa, 0x22, 0x4b, 0xfa, 0xe1, 0xfe, 0x96, 0xfc, 0x67, 0xba, 0x67, 0x97, 0xc4, 0xe7, 0x1b, 0x86, 0x90, 0x5f, 0xee, 0xf4, 0x5b, 0x11, 0xb2, 0xcd, 0xad, 0xee, 0xc2, 0x48, 0x6c, 0x2b, 0x1b}}},
+{{{0xe3, 0x39, 0x62, 0xb4, 0x4f, 0x31, 0x04, 0xc9, 0xda, 0xd5, 0x73, 0x51, 0x57, 0xc5, 0xb8, 0xf3, 0xa3, 0x43, 0x70, 0xe4, 0x61, 0x81, 0x84, 0xe2, 0xbb, 0xbf, 0x4f, 0x9e, 0xa4, 0x5e, 0x74, 0x06}} ,
+ {{0x29, 0xac, 0xff, 0x27, 0xe0, 0x59, 0xbe, 0x39, 0x9c, 0x0d, 0x83, 0xd7, 0x10, 0x0b, 0x15, 0xb7, 0xe1, 0xc2, 0x2c, 0x30, 0x73, 0x80, 0x3a, 0x7d, 0x5d, 0xab, 0x58, 0x6b, 0xc1, 0xf0, 0xf4, 0x22}}},
+{{{0xfe, 0x7f, 0xfb, 0x35, 0x7d, 0xc6, 0x01, 0x23, 0x28, 0xc4, 0x02, 0xac, 0x1f, 0x42, 0xb4, 0x9d, 0xfc, 0x00, 0x94, 0xa5, 0xee, 0xca, 0xda, 0x97, 0x09, 0x41, 0x77, 0x87, 0x5d, 0x7b, 0x87, 0x78}} ,
+ {{0xf5, 0xfb, 0x90, 0x2d, 0x81, 0x19, 0x9e, 0x2f, 0x6d, 0x85, 0x88, 0x8c, 0x40, 0x5c, 0x77, 0x41, 0x4d, 0x01, 0x19, 0x76, 0x60, 0xe8, 0x4c, 0x48, 0xe4, 0x33, 0x83, 0x32, 0x6c, 0xb4, 0x41, 0x03}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xff, 0x10, 0xc2, 0x09, 0x4f, 0x6e, 0xf4, 0xd2, 0xdf, 0x7e, 0xca, 0x7b, 0x1c, 0x1d, 0xba, 0xa3, 0xb6, 0xda, 0x67, 0x33, 0xd4, 0x87, 0x36, 0x4b, 0x11, 0x20, 0x05, 0xa6, 0x29, 0xc1, 0x87, 0x17}} ,
+ {{0xf6, 0x96, 0xca, 0x2f, 0xda, 0x38, 0xa7, 0x1b, 0xfc, 0xca, 0x7d, 0xfe, 0x08, 0x89, 0xe2, 0x47, 0x2b, 0x6a, 0x5d, 0x4b, 0xfa, 0xa1, 0xb4, 0xde, 0xb6, 0xc2, 0x31, 0x51, 0xf5, 0xe0, 0xa4, 0x0b}}},
+{{{0x5c, 0xe5, 0xc6, 0x04, 0x8e, 0x2b, 0x57, 0xbe, 0x38, 0x85, 0x23, 0xcb, 0xb7, 0xbe, 0x4f, 0xa9, 0xd3, 0x6e, 0x12, 0xaa, 0xd5, 0xb2, 0x2e, 0x93, 0x29, 0x9a, 0x4a, 0x88, 0x18, 0x43, 0xf5, 0x01}} ,
+ {{0x50, 0xfc, 0xdb, 0xa2, 0x59, 0x21, 0x8d, 0xbd, 0x7e, 0x33, 0xae, 0x2f, 0x87, 0x1a, 0xd0, 0x97, 0xc7, 0x0d, 0x4d, 0x63, 0x01, 0xef, 0x05, 0x84, 0xec, 0x40, 0xdd, 0xa8, 0x0a, 0x4f, 0x70, 0x0b}}},
+{{{0x41, 0x69, 0x01, 0x67, 0x5c, 0xd3, 0x8a, 0xc5, 0xcf, 0x3f, 0xd1, 0x57, 0xd1, 0x67, 0x3e, 0x01, 0x39, 0xb5, 0xcb, 0x81, 0x56, 0x96, 0x26, 0xb6, 0xc2, 0xe7, 0x5c, 0xfb, 0x63, 0x97, 0x58, 0x06}} ,
+ {{0x0c, 0x0e, 0xf3, 0xba, 0xf0, 0xe5, 0xba, 0xb2, 0x57, 0x77, 0xc6, 0x20, 0x9b, 0x89, 0x24, 0xbe, 0xf2, 0x9c, 0x8a, 0xba, 0x69, 0xc1, 0xf1, 0xb0, 0x4f, 0x2a, 0x05, 0x9a, 0xee, 0x10, 0x7e, 0x36}}},
+{{{0x3f, 0x26, 0xe9, 0x40, 0xe9, 0x03, 0xad, 0x06, 0x69, 0x91, 0xe0, 0xd1, 0x89, 0x60, 0x84, 0x79, 0xde, 0x27, 0x6d, 0xe6, 0x76, 0xbd, 0xea, 0xe6, 0xae, 0x48, 0xc3, 0x67, 0xc0, 0x57, 0xcd, 0x2f}} ,
+ {{0x7f, 0xc1, 0xdc, 0xb9, 0xc7, 0xbc, 0x86, 0x3d, 0x55, 0x4b, 0x28, 0x7a, 0xfb, 0x4d, 0xc7, 0xf8, 0xbc, 0x67, 0x2a, 0x60, 0x4d, 0x8f, 0x07, 0x0b, 0x1a, 0x17, 0xbf, 0xfa, 0xac, 0xa7, 0x3d, 0x1a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x91, 0x3f, 0xed, 0x5e, 0x18, 0x78, 0x3f, 0x23, 0x2c, 0x0d, 0x8c, 0x44, 0x00, 0xe8, 0xfb, 0xe9, 0x8e, 0xd6, 0xd1, 0x36, 0x58, 0x57, 0x9e, 0xae, 0x4b, 0x5c, 0x0b, 0x07, 0xbc, 0x6b, 0x55, 0x2b}} ,
+ {{0x6f, 0x4d, 0x17, 0xd7, 0xe1, 0x84, 0xd9, 0x78, 0xb1, 0x90, 0xfd, 0x2e, 0xb3, 0xb5, 0x19, 0x3f, 0x1b, 0xfa, 0xc0, 0x68, 0xb3, 0xdd, 0x00, 0x2e, 0x89, 0xbd, 0x7e, 0x80, 0x32, 0x13, 0xa0, 0x7b}}},
+{{{0x1a, 0x6f, 0x40, 0xaf, 0x44, 0x44, 0xb0, 0x43, 0x8f, 0x0d, 0xd0, 0x1e, 0xc4, 0x0b, 0x19, 0x5d, 0x8e, 0xfe, 0xc1, 0xf3, 0xc5, 0x5c, 0x91, 0xf8, 0x04, 0x4e, 0xbe, 0x90, 0xb4, 0x47, 0x5c, 0x3f}} ,
+ {{0xb0, 0x3b, 0x2c, 0xf3, 0xfe, 0x32, 0x71, 0x07, 0x3f, 0xaa, 0xba, 0x45, 0x60, 0xa8, 0x8d, 0xea, 0x54, 0xcb, 0x39, 0x10, 0xb4, 0xf2, 0x8b, 0xd2, 0x14, 0x82, 0x42, 0x07, 0x8e, 0xe9, 0x7c, 0x53}}},
+{{{0xb0, 0xae, 0xc1, 0x8d, 0xc9, 0x8f, 0xb9, 0x7a, 0x77, 0xef, 0xba, 0x79, 0xa0, 0x3c, 0xa8, 0xf5, 0x6a, 0xe2, 0x3f, 0x5d, 0x00, 0xe3, 0x4b, 0x45, 0x24, 0x7b, 0x43, 0x78, 0x55, 0x1d, 0x2b, 0x1e}} ,
+ {{0x01, 0xb8, 0xd6, 0x16, 0x67, 0xa0, 0x15, 0xb9, 0xe1, 0x58, 0xa4, 0xa7, 0x31, 0x37, 0x77, 0x2f, 0x8b, 0x12, 0x9f, 0xf4, 0x3f, 0xc7, 0x36, 0x66, 0xd2, 0xa8, 0x56, 0xf7, 0x7f, 0x74, 0xc6, 0x41}}},
+{{{0x5d, 0xf8, 0xb4, 0xa8, 0x30, 0xdd, 0xcc, 0x38, 0xa5, 0xd3, 0xca, 0xd8, 0xd1, 0xf8, 0xb2, 0x31, 0x91, 0xd4, 0x72, 0x05, 0x57, 0x4a, 0x3b, 0x82, 0x4a, 0xc6, 0x68, 0x20, 0xe2, 0x18, 0x41, 0x61}} ,
+ {{0x19, 0xd4, 0x8d, 0x47, 0x29, 0x12, 0x65, 0xb0, 0x11, 0x78, 0x47, 0xb5, 0xcb, 0xa3, 0xa5, 0xfa, 0x05, 0x85, 0x54, 0xa9, 0x33, 0x97, 0x8d, 0x2b, 0xc2, 0xfe, 0x99, 0x35, 0x28, 0xe5, 0xeb, 0x63}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xb1, 0x3f, 0x3f, 0xef, 0xd8, 0xf4, 0xfc, 0xb3, 0xa0, 0x60, 0x50, 0x06, 0x2b, 0x29, 0x52, 0x70, 0x15, 0x0b, 0x24, 0x24, 0xf8, 0x5f, 0x79, 0x18, 0xcc, 0xff, 0x89, 0x99, 0x84, 0xa1, 0xae, 0x13}} ,
+ {{0x44, 0x1f, 0xb8, 0xc2, 0x01, 0xc1, 0x30, 0x19, 0x55, 0x05, 0x60, 0x10, 0xa4, 0x6c, 0x2d, 0x67, 0x70, 0xe5, 0x25, 0x1b, 0xf2, 0xbf, 0xdd, 0xfb, 0x70, 0x2b, 0xa1, 0x8c, 0x9c, 0x94, 0x84, 0x08}}},
+{{{0xe7, 0xc4, 0x43, 0x4d, 0xc9, 0x2b, 0x69, 0x5d, 0x1d, 0x3c, 0xaf, 0xbb, 0x43, 0x38, 0x4e, 0x98, 0x3d, 0xed, 0x0d, 0x21, 0x03, 0xfd, 0xf0, 0x99, 0x47, 0x04, 0xb0, 0x98, 0x69, 0x55, 0x72, 0x0f}} ,
+ {{0x5e, 0xdf, 0x15, 0x53, 0x3b, 0x86, 0x80, 0xb0, 0xf1, 0x70, 0x68, 0x8f, 0x66, 0x7c, 0x0e, 0x49, 0x1a, 0xd8, 0x6b, 0xfe, 0x4e, 0xef, 0xca, 0x47, 0xd4, 0x03, 0xc1, 0x37, 0x50, 0x9c, 0xc1, 0x16}}},
+{{{0xcd, 0x24, 0xc6, 0x3e, 0x0c, 0x82, 0x9b, 0x91, 0x2b, 0x61, 0x4a, 0xb2, 0x0f, 0x88, 0x55, 0x5f, 0x5a, 0x57, 0xff, 0xe5, 0x74, 0x0b, 0x13, 0x43, 0x00, 0xd8, 0x6b, 0xcf, 0xd2, 0x15, 0x03, 0x2c}} ,
+ {{0xdc, 0xff, 0x15, 0x61, 0x2f, 0x4a, 0x2f, 0x62, 0xf2, 0x04, 0x2f, 0xb5, 0x0c, 0xb7, 0x1e, 0x3f, 0x74, 0x1a, 0x0f, 0xd7, 0xea, 0xcd, 0xd9, 0x7d, 0xf6, 0x12, 0x0e, 0x2f, 0xdb, 0x5a, 0x3b, 0x16}}},
+{{{0x1b, 0x37, 0x47, 0xe3, 0xf5, 0x9e, 0xea, 0x2c, 0x2a, 0xe7, 0x82, 0x36, 0xf4, 0x1f, 0x81, 0x47, 0x92, 0x4b, 0x69, 0x0e, 0x11, 0x8c, 0x5d, 0x53, 0x5b, 0x81, 0x27, 0x08, 0xbc, 0xa0, 0xae, 0x25}} ,
+ {{0x69, 0x32, 0xa1, 0x05, 0x11, 0x42, 0x00, 0xd2, 0x59, 0xac, 0x4d, 0x62, 0x8b, 0x13, 0xe2, 0x50, 0x5d, 0xa0, 0x9d, 0x9b, 0xfd, 0xbb, 0x12, 0x41, 0x75, 0x41, 0x9e, 0xcc, 0xdc, 0xc7, 0xdc, 0x5d}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xd9, 0xe3, 0x38, 0x06, 0x46, 0x70, 0x82, 0x5e, 0x28, 0x49, 0x79, 0xff, 0x25, 0xd2, 0x4e, 0x29, 0x8d, 0x06, 0xb0, 0x23, 0xae, 0x9b, 0x66, 0xe4, 0x7d, 0xc0, 0x70, 0x91, 0xa3, 0xfc, 0xec, 0x4e}} ,
+ {{0x62, 0x12, 0x37, 0x6a, 0x30, 0xf6, 0x1e, 0xfb, 0x14, 0x5c, 0x0d, 0x0e, 0xb7, 0x81, 0x6a, 0xe7, 0x08, 0x05, 0xac, 0xaa, 0x38, 0x46, 0xe2, 0x73, 0xea, 0x4b, 0x07, 0x81, 0x43, 0x7c, 0x9e, 0x5e}}},
+{{{0xfc, 0xf9, 0x21, 0x4f, 0x2e, 0x76, 0x9b, 0x1f, 0x28, 0x60, 0x77, 0x43, 0x32, 0x9d, 0xbe, 0x17, 0x30, 0x2a, 0xc6, 0x18, 0x92, 0x66, 0x62, 0x30, 0x98, 0x40, 0x11, 0xa6, 0x7f, 0x18, 0x84, 0x28}} ,
+ {{0x3f, 0xab, 0xd3, 0xf4, 0x8a, 0x76, 0xa1, 0x3c, 0xca, 0x2d, 0x49, 0xc3, 0xea, 0x08, 0x0b, 0x85, 0x17, 0x2a, 0xc3, 0x6c, 0x08, 0xfd, 0x57, 0x9f, 0x3d, 0x5f, 0xdf, 0x67, 0x68, 0x42, 0x00, 0x32}}},
+{{{0x51, 0x60, 0x1b, 0x06, 0x4f, 0x8a, 0x21, 0xba, 0x38, 0xa8, 0xba, 0xd6, 0x40, 0xf6, 0xe9, 0x9b, 0x76, 0x4d, 0x56, 0x21, 0x5b, 0x0a, 0x9b, 0x2e, 0x4f, 0x3d, 0x81, 0x32, 0x08, 0x9f, 0x97, 0x5b}} ,
+ {{0xe5, 0x44, 0xec, 0x06, 0x9d, 0x90, 0x79, 0x9f, 0xd3, 0xe0, 0x79, 0xaf, 0x8f, 0x10, 0xfd, 0xdd, 0x04, 0xae, 0x27, 0x97, 0x46, 0x33, 0x79, 0xea, 0xb8, 0x4e, 0xca, 0x5a, 0x59, 0x57, 0xe1, 0x0e}}},
+{{{0x1a, 0xda, 0xf3, 0xa5, 0x41, 0x43, 0x28, 0xfc, 0x7e, 0xe7, 0x71, 0xea, 0xc6, 0x3b, 0x59, 0xcc, 0x2e, 0xd3, 0x40, 0xec, 0xb3, 0x13, 0x6f, 0x44, 0xcd, 0x13, 0xb2, 0x37, 0xf2, 0x6e, 0xd9, 0x1c}} ,
+ {{0xe3, 0xdb, 0x60, 0xcd, 0x5c, 0x4a, 0x18, 0x0f, 0xef, 0x73, 0x36, 0x71, 0x8c, 0xf6, 0x11, 0xb4, 0xd8, 0xce, 0x17, 0x5e, 0x4f, 0x26, 0x77, 0x97, 0x5f, 0xcb, 0xef, 0x91, 0xeb, 0x6a, 0x62, 0x7a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x18, 0x4a, 0xa2, 0x97, 0x08, 0x81, 0x2d, 0x83, 0xc4, 0xcc, 0xf0, 0x83, 0x7e, 0xec, 0x0d, 0x95, 0x4c, 0x5b, 0xfb, 0xfa, 0x98, 0x80, 0x4a, 0x66, 0x56, 0x0c, 0x51, 0xb3, 0xf2, 0x04, 0x5d, 0x27}} ,
+ {{0x3b, 0xb9, 0xb8, 0x06, 0x5a, 0x2e, 0xfe, 0xc3, 0x82, 0x37, 0x9c, 0xa3, 0x11, 0x1f, 0x9c, 0xa6, 0xda, 0x63, 0x48, 0x9b, 0xad, 0xde, 0x2d, 0xa6, 0xbc, 0x6e, 0x32, 0xda, 0x27, 0x65, 0xdd, 0x57}}},
+{{{0x84, 0x4f, 0x37, 0x31, 0x7d, 0x2e, 0xbc, 0xad, 0x87, 0x07, 0x2a, 0x6b, 0x37, 0xfc, 0x5f, 0xeb, 0x4e, 0x75, 0x35, 0xa6, 0xde, 0xab, 0x0a, 0x19, 0x3a, 0xb7, 0xb1, 0xef, 0x92, 0x6a, 0x3b, 0x3c}} ,
+ {{0x3b, 0xb2, 0x94, 0x6d, 0x39, 0x60, 0xac, 0xee, 0xe7, 0x81, 0x1a, 0x3b, 0x76, 0x87, 0x5c, 0x05, 0x94, 0x2a, 0x45, 0xb9, 0x80, 0xe9, 0x22, 0xb1, 0x07, 0xcb, 0x40, 0x9e, 0x70, 0x49, 0x6d, 0x12}}},
+{{{0xfd, 0x18, 0x78, 0x84, 0xa8, 0x4c, 0x7d, 0x6e, 0x59, 0xa6, 0xe5, 0x74, 0xf1, 0x19, 0xa6, 0x84, 0x2e, 0x51, 0xc1, 0x29, 0x13, 0xf2, 0x14, 0x6b, 0x5d, 0x53, 0x51, 0xf7, 0xef, 0xbf, 0x01, 0x22}} ,
+ {{0xa4, 0x4b, 0x62, 0x4c, 0xe6, 0xfd, 0x72, 0x07, 0xf2, 0x81, 0xfc, 0xf2, 0xbd, 0x12, 0x7c, 0x68, 0x76, 0x2a, 0xba, 0xf5, 0x65, 0xb1, 0x1f, 0x17, 0x0a, 0x38, 0xb0, 0xbf, 0xc0, 0xf8, 0xf4, 0x2a}}},
+{{{0x55, 0x60, 0x55, 0x5b, 0xe4, 0x1d, 0x71, 0x4c, 0x9d, 0x5b, 0x9f, 0x70, 0xa6, 0x85, 0x9a, 0x2c, 0xa0, 0xe2, 0x32, 0x48, 0xce, 0x9e, 0x2a, 0xa5, 0x07, 0x3b, 0xc7, 0x6c, 0x86, 0x77, 0xde, 0x3c}} ,
+ {{0xf7, 0x18, 0x7a, 0x96, 0x7e, 0x43, 0x57, 0xa9, 0x55, 0xfc, 0x4e, 0xb6, 0x72, 0x00, 0xf2, 0xe4, 0xd7, 0x52, 0xd3, 0xd3, 0xb6, 0x85, 0xf6, 0x71, 0xc7, 0x44, 0x3f, 0x7f, 0xd7, 0xb3, 0xf2, 0x79}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x46, 0xca, 0xa7, 0x55, 0x7b, 0x79, 0xf3, 0xca, 0x5a, 0x65, 0xf6, 0xed, 0x50, 0x14, 0x7b, 0xe4, 0xc4, 0x2a, 0x65, 0x9e, 0xe2, 0xf9, 0xca, 0xa7, 0x22, 0x26, 0x53, 0xcb, 0x21, 0x5b, 0xa7, 0x31}} ,
+ {{0x90, 0xd7, 0xc5, 0x26, 0x08, 0xbd, 0xb0, 0x53, 0x63, 0x58, 0xc3, 0x31, 0x5e, 0x75, 0x46, 0x15, 0x91, 0xa6, 0xf8, 0x2f, 0x1a, 0x08, 0x65, 0x88, 0x2f, 0x98, 0x04, 0xf1, 0x7c, 0x6e, 0x00, 0x77}}},
+{{{0x81, 0x21, 0x61, 0x09, 0xf6, 0x4e, 0xf1, 0x92, 0xee, 0x63, 0x61, 0x73, 0x87, 0xc7, 0x54, 0x0e, 0x42, 0x4b, 0xc9, 0x47, 0xd1, 0xb8, 0x7e, 0x91, 0x75, 0x37, 0x99, 0x28, 0xb8, 0xdd, 0x7f, 0x50}} ,
+ {{0x89, 0x8f, 0xc0, 0xbe, 0x5d, 0xd6, 0x9f, 0xa0, 0xf0, 0x9d, 0x81, 0xce, 0x3a, 0x7b, 0x98, 0x58, 0xbb, 0xd7, 0x78, 0xc8, 0x3f, 0x13, 0xf1, 0x74, 0x19, 0xdf, 0xf8, 0x98, 0x89, 0x5d, 0xfa, 0x5f}}},
+{{{0x9e, 0x35, 0x85, 0x94, 0x47, 0x1f, 0x90, 0x15, 0x26, 0xd0, 0x84, 0xed, 0x8a, 0x80, 0xf7, 0x63, 0x42, 0x86, 0x27, 0xd7, 0xf4, 0x75, 0x58, 0xdc, 0x9c, 0xc0, 0x22, 0x7e, 0x20, 0x35, 0xfd, 0x1f}} ,
+ {{0x68, 0x0e, 0x6f, 0x97, 0xba, 0x70, 0xbb, 0xa3, 0x0e, 0xe5, 0x0b, 0x12, 0xf4, 0xa2, 0xdc, 0x47, 0xf8, 0xe6, 0xd0, 0x23, 0x6c, 0x33, 0xa8, 0x99, 0x46, 0x6e, 0x0f, 0x44, 0xba, 0x76, 0x48, 0x0f}}},
+{{{0xa3, 0x2a, 0x61, 0x37, 0xe2, 0x59, 0x12, 0x0e, 0x27, 0xba, 0x64, 0x43, 0xae, 0xc0, 0x42, 0x69, 0x79, 0xa4, 0x1e, 0x29, 0x8b, 0x15, 0xeb, 0xf8, 0xaf, 0xd4, 0xa2, 0x68, 0x33, 0xb5, 0x7a, 0x24}} ,
+ {{0x2c, 0x19, 0x33, 0xdd, 0x1b, 0xab, 0xec, 0x01, 0xb0, 0x23, 0xf8, 0x42, 0x2b, 0x06, 0x88, 0xea, 0x3d, 0x2d, 0x00, 0x2a, 0x78, 0x45, 0x4d, 0x38, 0xed, 0x2e, 0x2e, 0x44, 0x49, 0xed, 0xcb, 0x33}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xa0, 0x68, 0xe8, 0x41, 0x8f, 0x91, 0xf8, 0x11, 0x13, 0x90, 0x2e, 0xa7, 0xab, 0x30, 0xef, 0xad, 0xa0, 0x61, 0x00, 0x88, 0xef, 0xdb, 0xce, 0x5b, 0x5c, 0xbb, 0x62, 0xc8, 0x56, 0xf9, 0x00, 0x73}} ,
+ {{0x3f, 0x60, 0xc1, 0x82, 0x2d, 0xa3, 0x28, 0x58, 0x24, 0x9e, 0x9f, 0xe3, 0x70, 0xcc, 0x09, 0x4e, 0x1a, 0x3f, 0x11, 0x11, 0x15, 0x07, 0x3c, 0xa4, 0x41, 0xe0, 0x65, 0xa3, 0x0a, 0x41, 0x6d, 0x11}}},
+{{{0x31, 0x40, 0x01, 0x52, 0x56, 0x94, 0x5b, 0x28, 0x8a, 0xaa, 0x52, 0xee, 0xd8, 0x0a, 0x05, 0x8d, 0xcd, 0xb5, 0xaa, 0x2e, 0x38, 0xaa, 0xb7, 0x87, 0xf7, 0x2b, 0xfb, 0x04, 0xcb, 0x84, 0x3d, 0x54}} ,
+ {{0x20, 0xef, 0x59, 0xde, 0xa4, 0x2b, 0x93, 0x6e, 0x2e, 0xec, 0x42, 0x9a, 0xd4, 0x2d, 0xf4, 0x46, 0x58, 0x27, 0x2b, 0x18, 0x8f, 0x83, 0x3d, 0x69, 0x9e, 0xd4, 0x3e, 0xb6, 0xc5, 0xfd, 0x58, 0x03}}},
+{{{0x33, 0x89, 0xc9, 0x63, 0x62, 0x1c, 0x17, 0xb4, 0x60, 0xc4, 0x26, 0x68, 0x09, 0xc3, 0x2e, 0x37, 0x0f, 0x7b, 0xb4, 0x9c, 0xb6, 0xf9, 0xfb, 0xd4, 0x51, 0x78, 0xc8, 0x63, 0xea, 0x77, 0x47, 0x07}} ,
+ {{0x32, 0xb4, 0x18, 0x47, 0x79, 0xcb, 0xd4, 0x5a, 0x07, 0x14, 0x0f, 0xa0, 0xd5, 0xac, 0xd0, 0x41, 0x40, 0xab, 0x61, 0x23, 0xe5, 0x2a, 0x2a, 0x6f, 0xf7, 0xa8, 0xd4, 0x76, 0xef, 0xe7, 0x45, 0x6c}}},
+{{{0xa1, 0x5e, 0x60, 0x4f, 0xfb, 0xe1, 0x70, 0x6a, 0x1f, 0x55, 0x4f, 0x09, 0xb4, 0x95, 0x33, 0x36, 0xc6, 0x81, 0x01, 0x18, 0x06, 0x25, 0x27, 0xa4, 0xb4, 0x24, 0xa4, 0x86, 0x03, 0x4c, 0xac, 0x02}} ,
+ {{0x77, 0x38, 0xde, 0xd7, 0x60, 0x48, 0x07, 0xf0, 0x74, 0xa8, 0xff, 0x54, 0xe5, 0x30, 0x43, 0xff, 0x77, 0xfb, 0x21, 0x07, 0xff, 0xb2, 0x07, 0x6b, 0xe4, 0xe5, 0x30, 0xfc, 0x19, 0x6c, 0xa3, 0x01}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x13, 0xc5, 0x2c, 0xac, 0xd3, 0x83, 0x82, 0x7c, 0x29, 0xf7, 0x05, 0xa5, 0x00, 0xb6, 0x1f, 0x86, 0x55, 0xf4, 0xd6, 0x2f, 0x0c, 0x99, 0xd0, 0x65, 0x9b, 0x6b, 0x46, 0x0d, 0x43, 0xf8, 0x16, 0x28}} ,
+ {{0x1e, 0x7f, 0xb4, 0x74, 0x7e, 0xb1, 0x89, 0x4f, 0x18, 0x5a, 0xab, 0x64, 0x06, 0xdf, 0x45, 0x87, 0xe0, 0x6a, 0xc6, 0xf0, 0x0e, 0xc9, 0x24, 0x35, 0x38, 0xea, 0x30, 0x54, 0xb4, 0xc4, 0x52, 0x54}}},
+{{{0xe9, 0x9f, 0xdc, 0x3f, 0xc1, 0x89, 0x44, 0x74, 0x27, 0xe4, 0xc1, 0x90, 0xff, 0x4a, 0xa7, 0x3c, 0xee, 0xcd, 0xf4, 0x1d, 0x25, 0x94, 0x7f, 0x63, 0x16, 0x48, 0xbc, 0x64, 0xfe, 0x95, 0xc4, 0x0c}} ,
+ {{0x8b, 0x19, 0x75, 0x6e, 0x03, 0x06, 0x5e, 0x6a, 0x6f, 0x1a, 0x8c, 0xe3, 0xd3, 0x28, 0xf2, 0xe0, 0xb9, 0x7a, 0x43, 0x69, 0xe6, 0xd3, 0xc0, 0xfe, 0x7e, 0x97, 0xab, 0x6c, 0x7b, 0x8e, 0x13, 0x42}}},
+{{{0xd4, 0xca, 0x70, 0x3d, 0xab, 0xfb, 0x5f, 0x5e, 0x00, 0x0c, 0xcc, 0x77, 0x22, 0xf8, 0x78, 0x55, 0xae, 0x62, 0x35, 0xfb, 0x9a, 0xc6, 0x03, 0xe4, 0x0c, 0xee, 0xab, 0xc7, 0xc0, 0x89, 0x87, 0x54}} ,
+ {{0x32, 0xad, 0xae, 0x85, 0x58, 0x43, 0xb8, 0xb1, 0xe6, 0x3e, 0x00, 0x9c, 0x78, 0x88, 0x56, 0xdb, 0x9c, 0xfc, 0x79, 0xf6, 0xf9, 0x41, 0x5f, 0xb7, 0xbc, 0x11, 0xf9, 0x20, 0x36, 0x1c, 0x53, 0x2b}}},
+{{{0x5a, 0x20, 0x5b, 0xa1, 0xa5, 0x44, 0x91, 0x24, 0x02, 0x63, 0x12, 0x64, 0xb8, 0x55, 0xf6, 0xde, 0x2c, 0xdb, 0x47, 0xb8, 0xc6, 0x0a, 0xc3, 0x00, 0x78, 0x93, 0xd8, 0xf5, 0xf5, 0x18, 0x28, 0x0a}} ,
+ {{0xd6, 0x1b, 0x9a, 0x6c, 0xe5, 0x46, 0xea, 0x70, 0x96, 0x8d, 0x4e, 0x2a, 0x52, 0x21, 0x26, 0x4b, 0xb1, 0xbb, 0x0f, 0x7c, 0xa9, 0x9b, 0x04, 0xbb, 0x51, 0x08, 0xf1, 0x9a, 0xa4, 0x76, 0x7c, 0x18}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xfa, 0x94, 0xf7, 0x40, 0xd0, 0xd7, 0xeb, 0xa9, 0x82, 0x36, 0xd5, 0x15, 0xb9, 0x33, 0x7a, 0xbf, 0x8a, 0xf2, 0x63, 0xaa, 0x37, 0xf5, 0x59, 0xac, 0xbd, 0xbb, 0x32, 0x36, 0xbe, 0x73, 0x99, 0x38}} ,
+ {{0x2c, 0xb3, 0xda, 0x7a, 0xd8, 0x3d, 0x99, 0xca, 0xd2, 0xf4, 0xda, 0x99, 0x8e, 0x4f, 0x98, 0xb7, 0xf4, 0xae, 0x3e, 0x9f, 0x8e, 0x35, 0x60, 0xa4, 0x33, 0x75, 0xa4, 0x04, 0x93, 0xb1, 0x6b, 0x4d}}},
+{{{0x97, 0x9d, 0xa8, 0xcd, 0x97, 0x7b, 0x9d, 0xb9, 0xe7, 0xa5, 0xef, 0xfd, 0xa8, 0x42, 0x6b, 0xc3, 0x62, 0x64, 0x7d, 0xa5, 0x1b, 0xc9, 0x9e, 0xd2, 0x45, 0xb9, 0xee, 0x03, 0xb0, 0xbf, 0xc0, 0x68}} ,
+ {{0xed, 0xb7, 0x84, 0x2c, 0xf6, 0xd3, 0xa1, 0x6b, 0x24, 0x6d, 0x87, 0x56, 0x97, 0x59, 0x79, 0x62, 0x9f, 0xac, 0xed, 0xf3, 0xc9, 0x89, 0x21, 0x2e, 0x04, 0xb3, 0xcc, 0x2f, 0xbe, 0xd6, 0x0a, 0x4b}}},
+{{{0x39, 0x61, 0x05, 0xed, 0x25, 0x89, 0x8b, 0x5d, 0x1b, 0xcb, 0x0c, 0x55, 0xf4, 0x6a, 0x00, 0x8a, 0x46, 0xe8, 0x1e, 0xc6, 0x83, 0xc8, 0x5a, 0x76, 0xdb, 0xcc, 0x19, 0x7a, 0xcc, 0x67, 0x46, 0x0b}} ,
+ {{0x53, 0xcf, 0xc2, 0xa1, 0xad, 0x6a, 0xf3, 0xcd, 0x8f, 0xc9, 0xde, 0x1c, 0xf8, 0x6c, 0x8f, 0xf8, 0x76, 0x42, 0xe7, 0xfe, 0xb2, 0x72, 0x21, 0x0a, 0x66, 0x74, 0x8f, 0xb7, 0xeb, 0xe4, 0x6f, 0x01}}},
+{{{0x22, 0x8c, 0x6b, 0xbe, 0xfc, 0x4d, 0x70, 0x62, 0x6e, 0x52, 0x77, 0x99, 0x88, 0x7e, 0x7b, 0x57, 0x7a, 0x0d, 0xfe, 0xdc, 0x72, 0x92, 0xf1, 0x68, 0x1d, 0x97, 0xd7, 0x7c, 0x8d, 0x53, 0x10, 0x37}} ,
+ {{0x53, 0x88, 0x77, 0x02, 0xca, 0x27, 0xa8, 0xe5, 0x45, 0xe2, 0xa8, 0x48, 0x2a, 0xab, 0x18, 0xca, 0xea, 0x2d, 0x2a, 0x54, 0x17, 0x37, 0x32, 0x09, 0xdc, 0xe0, 0x4a, 0xb7, 0x7d, 0x82, 0x10, 0x7d}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x8a, 0x64, 0x1e, 0x14, 0x0a, 0x57, 0xd4, 0xda, 0x5c, 0x96, 0x9b, 0x01, 0x4c, 0x67, 0xbf, 0x8b, 0x30, 0xfe, 0x08, 0xdb, 0x0d, 0xd5, 0xa8, 0xd7, 0x09, 0x11, 0x85, 0xa2, 0xd3, 0x45, 0xfb, 0x7e}} ,
+ {{0xda, 0x8c, 0xc2, 0xd0, 0xac, 0x18, 0xe8, 0x52, 0x36, 0xd4, 0x21, 0xa3, 0xdd, 0x57, 0x22, 0x79, 0xb7, 0xf8, 0x71, 0x9d, 0xc6, 0x91, 0x70, 0x86, 0x56, 0xbf, 0xa1, 0x11, 0x8b, 0x19, 0xe1, 0x0f}}},
+{{{0x18, 0x32, 0x98, 0x2c, 0x8f, 0x91, 0xae, 0x12, 0xf0, 0x8c, 0xea, 0xf3, 0x3c, 0xb9, 0x5d, 0xe4, 0x69, 0xed, 0xb2, 0x47, 0x18, 0xbd, 0xce, 0x16, 0x52, 0x5c, 0x23, 0xe2, 0xa5, 0x25, 0x52, 0x5d}} ,
+ {{0xb9, 0xb1, 0xe7, 0x5d, 0x4e, 0xbc, 0xee, 0xbb, 0x40, 0x81, 0x77, 0x82, 0x19, 0xab, 0xb5, 0xc6, 0xee, 0xab, 0x5b, 0x6b, 0x63, 0x92, 0x8a, 0x34, 0x8d, 0xcd, 0xee, 0x4f, 0x49, 0xe5, 0xc9, 0x7e}}},
+{{{0x21, 0xac, 0x8b, 0x22, 0xcd, 0xc3, 0x9a, 0xe9, 0x5e, 0x78, 0xbd, 0xde, 0xba, 0xad, 0xab, 0xbf, 0x75, 0x41, 0x09, 0xc5, 0x58, 0xa4, 0x7d, 0x92, 0xb0, 0x7f, 0xf2, 0xa1, 0xd1, 0xc0, 0xb3, 0x6d}} ,
+ {{0x62, 0x4f, 0xd0, 0x75, 0x77, 0xba, 0x76, 0x77, 0xd7, 0xb8, 0xd8, 0x92, 0x6f, 0x98, 0x34, 0x3d, 0xd6, 0x4e, 0x1c, 0x0f, 0xf0, 0x8f, 0x2e, 0xf1, 0xb3, 0xbd, 0xb1, 0xb9, 0xec, 0x99, 0xb4, 0x07}}},
+{{{0x60, 0x57, 0x2e, 0x9a, 0x72, 0x1d, 0x6b, 0x6e, 0x58, 0x33, 0x24, 0x8c, 0x48, 0x39, 0x46, 0x8e, 0x89, 0x6a, 0x88, 0x51, 0x23, 0x62, 0xb5, 0x32, 0x09, 0x36, 0xe3, 0x57, 0xf5, 0x98, 0xde, 0x6f}} ,
+ {{0x8b, 0x2c, 0x00, 0x48, 0x4a, 0xf9, 0x5b, 0x87, 0x69, 0x52, 0xe5, 0x5b, 0xd1, 0xb1, 0xe5, 0x25, 0x25, 0xe0, 0x9c, 0xc2, 0x13, 0x44, 0xe8, 0xb9, 0x0a, 0x70, 0xad, 0xbd, 0x0f, 0x51, 0x94, 0x69}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xa2, 0xdc, 0xab, 0xa9, 0x25, 0x2d, 0xac, 0x5f, 0x03, 0x33, 0x08, 0xe7, 0x7e, 0xfe, 0x95, 0x36, 0x3c, 0x5b, 0x3a, 0xd3, 0x05, 0x82, 0x1c, 0x95, 0x2d, 0xd8, 0x77, 0x7e, 0x02, 0xd9, 0x5b, 0x70}} ,
+ {{0xc2, 0xfe, 0x1b, 0x0c, 0x67, 0xcd, 0xd6, 0xe0, 0x51, 0x8e, 0x2c, 0xe0, 0x79, 0x88, 0xf0, 0xcf, 0x41, 0x4a, 0xad, 0x23, 0xd4, 0x46, 0xca, 0x94, 0xa1, 0xc3, 0xeb, 0x28, 0x06, 0xfa, 0x17, 0x14}}},
+{{{0x7b, 0xaa, 0x70, 0x0a, 0x4b, 0xfb, 0xf5, 0xbf, 0x80, 0xc5, 0xcf, 0x08, 0x7a, 0xdd, 0xa1, 0xf4, 0x9d, 0x54, 0x50, 0x53, 0x23, 0x77, 0x23, 0xf5, 0x34, 0xa5, 0x22, 0xd1, 0x0d, 0x96, 0x2e, 0x47}} ,
+ {{0xcc, 0xb7, 0x32, 0x89, 0x57, 0xd0, 0x98, 0x75, 0xe4, 0x37, 0x99, 0xa9, 0xe8, 0xba, 0xed, 0xba, 0xeb, 0xc7, 0x4f, 0x15, 0x76, 0x07, 0x0c, 0x4c, 0xef, 0x9f, 0x52, 0xfc, 0x04, 0x5d, 0x58, 0x10}}},
+{{{0xce, 0x82, 0xf0, 0x8f, 0x79, 0x02, 0xa8, 0xd1, 0xda, 0x14, 0x09, 0x48, 0xee, 0x8a, 0x40, 0x98, 0x76, 0x60, 0x54, 0x5a, 0xde, 0x03, 0x24, 0xf5, 0xe6, 0x2f, 0xe1, 0x03, 0xbf, 0x68, 0x82, 0x7f}} ,
+ {{0x64, 0xe9, 0x28, 0xc7, 0xa4, 0xcf, 0x2a, 0xf9, 0x90, 0x64, 0x72, 0x2c, 0x8b, 0xeb, 0xec, 0xa0, 0xf2, 0x7d, 0x35, 0xb5, 0x90, 0x4d, 0x7f, 0x5b, 0x4a, 0x49, 0xe4, 0xb8, 0x3b, 0xc8, 0xa1, 0x2f}}},
+{{{0x8b, 0xc5, 0xcc, 0x3d, 0x69, 0xa6, 0xa1, 0x18, 0x44, 0xbc, 0x4d, 0x77, 0x37, 0xc7, 0x86, 0xec, 0x0c, 0xc9, 0xd6, 0x44, 0xa9, 0x23, 0x27, 0xb9, 0x03, 0x34, 0xa7, 0x0a, 0xd5, 0xc7, 0x34, 0x37}} ,
+ {{0xf9, 0x7e, 0x3e, 0x66, 0xee, 0xf9, 0x99, 0x28, 0xff, 0xad, 0x11, 0xd8, 0xe2, 0x66, 0xc5, 0xcd, 0x0f, 0x0d, 0x0b, 0x6a, 0xfc, 0x7c, 0x24, 0xa8, 0x4f, 0xa8, 0x5e, 0x80, 0x45, 0x8b, 0x6c, 0x41}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xef, 0x1e, 0xec, 0xf7, 0x8d, 0x77, 0xf2, 0xea, 0xdb, 0x60, 0x03, 0x21, 0xc0, 0xff, 0x5e, 0x67, 0xc3, 0x71, 0x0b, 0x21, 0xb4, 0x41, 0xa0, 0x68, 0x38, 0xc6, 0x01, 0xa3, 0xd3, 0x51, 0x3c, 0x3c}} ,
+ {{0x92, 0xf8, 0xd6, 0x4b, 0xef, 0x42, 0x13, 0xb2, 0x4a, 0xc4, 0x2e, 0x72, 0x3f, 0xc9, 0x11, 0xbd, 0x74, 0x02, 0x0e, 0xf5, 0x13, 0x9d, 0x83, 0x1a, 0x1b, 0xd5, 0x54, 0xde, 0xc4, 0x1e, 0x16, 0x6c}}},
+{{{0x27, 0x52, 0xe4, 0x63, 0xaa, 0x94, 0xe6, 0xc3, 0x28, 0x9c, 0xc6, 0x56, 0xac, 0xfa, 0xb6, 0xbd, 0xe2, 0xcc, 0x76, 0xc6, 0x27, 0x27, 0xa2, 0x8e, 0x78, 0x2b, 0x84, 0x72, 0x10, 0xbd, 0x4e, 0x2a}} ,
+ {{0xea, 0xa7, 0x23, 0xef, 0x04, 0x61, 0x80, 0x50, 0xc9, 0x6e, 0xa5, 0x96, 0xd1, 0xd1, 0xc8, 0xc3, 0x18, 0xd7, 0x2d, 0xfd, 0x26, 0xbd, 0xcb, 0x7b, 0x92, 0x51, 0x0e, 0x4a, 0x65, 0x57, 0xb8, 0x49}}},
+{{{0xab, 0x55, 0x36, 0xc3, 0xec, 0x63, 0x55, 0x11, 0x55, 0xf6, 0xa5, 0xc7, 0x01, 0x5f, 0xfe, 0x79, 0xd8, 0x0a, 0xf7, 0x03, 0xd8, 0x98, 0x99, 0xf5, 0xd0, 0x00, 0x54, 0x6b, 0x66, 0x28, 0xf5, 0x25}} ,
+ {{0x7a, 0x8d, 0xa1, 0x5d, 0x70, 0x5d, 0x51, 0x27, 0xee, 0x30, 0x65, 0x56, 0x95, 0x46, 0xde, 0xbd, 0x03, 0x75, 0xb4, 0x57, 0x59, 0x89, 0xeb, 0x02, 0x9e, 0xcc, 0x89, 0x19, 0xa7, 0xcb, 0x17, 0x67}}},
+{{{0x6a, 0xeb, 0xfc, 0x9a, 0x9a, 0x10, 0xce, 0xdb, 0x3a, 0x1c, 0x3c, 0x6a, 0x9d, 0xea, 0x46, 0xbc, 0x45, 0x49, 0xac, 0xe3, 0x41, 0x12, 0x7c, 0xf0, 0xf7, 0x4f, 0xf9, 0xf7, 0xff, 0x2c, 0x89, 0x04}} ,
+ {{0x30, 0x31, 0x54, 0x1a, 0x46, 0xca, 0xe6, 0xc6, 0xcb, 0xe2, 0xc3, 0xc1, 0x8b, 0x75, 0x81, 0xbe, 0xee, 0xf8, 0xa3, 0x11, 0x1c, 0x25, 0xa3, 0xa7, 0x35, 0x51, 0x55, 0xe2, 0x25, 0xaa, 0xe2, 0x3a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xb4, 0x48, 0x10, 0x9f, 0x8a, 0x09, 0x76, 0xfa, 0xf0, 0x7a, 0xb0, 0x70, 0xf7, 0x83, 0x80, 0x52, 0x84, 0x2b, 0x26, 0xa2, 0xc4, 0x5d, 0x4f, 0xba, 0xb1, 0xc8, 0x40, 0x0d, 0x78, 0x97, 0xc4, 0x60}} ,
+ {{0xd4, 0xb1, 0x6c, 0x08, 0xc7, 0x40, 0x38, 0x73, 0x5f, 0x0b, 0xf3, 0x76, 0x5d, 0xb2, 0xa5, 0x2f, 0x57, 0x57, 0x07, 0xed, 0x08, 0xa2, 0x6c, 0x4f, 0x08, 0x02, 0xb5, 0x0e, 0xee, 0x44, 0xfa, 0x22}}},
+{{{0x0f, 0x00, 0x3f, 0xa6, 0x04, 0x19, 0x56, 0x65, 0x31, 0x7f, 0x8b, 0xeb, 0x0d, 0xe1, 0x47, 0x89, 0x97, 0x16, 0x53, 0xfa, 0x81, 0xa7, 0xaa, 0xb2, 0xbf, 0x67, 0xeb, 0x72, 0x60, 0x81, 0x0d, 0x48}} ,
+ {{0x7e, 0x13, 0x33, 0xcd, 0xa8, 0x84, 0x56, 0x1e, 0x67, 0xaf, 0x6b, 0x43, 0xac, 0x17, 0xaf, 0x16, 0xc0, 0x52, 0x99, 0x49, 0x5b, 0x87, 0x73, 0x7e, 0xb5, 0x43, 0xda, 0x6b, 0x1d, 0x0f, 0x2d, 0x55}}},
+{{{0xe9, 0x58, 0x1f, 0xff, 0x84, 0x3f, 0x93, 0x1c, 0xcb, 0xe1, 0x30, 0x69, 0xa5, 0x75, 0x19, 0x7e, 0x14, 0x5f, 0xf8, 0xfc, 0x09, 0xdd, 0xa8, 0x78, 0x9d, 0xca, 0x59, 0x8b, 0xd1, 0x30, 0x01, 0x13}} ,
+ {{0xff, 0x76, 0x03, 0xc5, 0x4b, 0x89, 0x99, 0x70, 0x00, 0x59, 0x70, 0x9c, 0xd5, 0xd9, 0x11, 0x89, 0x5a, 0x46, 0xfe, 0xef, 0xdc, 0xd9, 0x55, 0x2b, 0x45, 0xa7, 0xb0, 0x2d, 0xfb, 0x24, 0xc2, 0x29}}},
+{{{0x38, 0x06, 0xf8, 0x0b, 0xac, 0x82, 0xc4, 0x97, 0x2b, 0x90, 0xe0, 0xf7, 0xa8, 0xab, 0x6c, 0x08, 0x80, 0x66, 0x90, 0x46, 0xf7, 0x26, 0x2d, 0xf8, 0xf1, 0xc4, 0x6b, 0x4a, 0x82, 0x98, 0x8e, 0x37}} ,
+ {{0x8e, 0xb4, 0xee, 0xb8, 0xd4, 0x3f, 0xb2, 0x1b, 0xe0, 0x0a, 0x3d, 0x75, 0x34, 0x28, 0xa2, 0x8e, 0xc4, 0x92, 0x7b, 0xfe, 0x60, 0x6e, 0x6d, 0xb8, 0x31, 0x1d, 0x62, 0x0d, 0x78, 0x14, 0x42, 0x11}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x5e, 0xa8, 0xd8, 0x04, 0x9b, 0x73, 0xc9, 0xc9, 0xdc, 0x0d, 0x73, 0xbf, 0x0a, 0x0a, 0x73, 0xff, 0x18, 0x1f, 0x9c, 0x51, 0xaa, 0xc6, 0xf1, 0x83, 0x25, 0xfd, 0xab, 0xa3, 0x11, 0xd3, 0x01, 0x24}} ,
+ {{0x4d, 0xe3, 0x7e, 0x38, 0x62, 0x5e, 0x64, 0xbb, 0x2b, 0x53, 0xb5, 0x03, 0x68, 0xc4, 0xf2, 0x2b, 0x5a, 0x03, 0x32, 0x99, 0x4a, 0x41, 0x9a, 0xe1, 0x1a, 0xae, 0x8c, 0x48, 0xf3, 0x24, 0x32, 0x65}}},
+{{{0xe8, 0xdd, 0xad, 0x3a, 0x8c, 0xea, 0xf4, 0xb3, 0xb2, 0xe5, 0x73, 0xf2, 0xed, 0x8b, 0xbf, 0xed, 0xb1, 0x0c, 0x0c, 0xfb, 0x2b, 0xf1, 0x01, 0x48, 0xe8, 0x26, 0x03, 0x8e, 0x27, 0x4d, 0x96, 0x72}} ,
+ {{0xc8, 0x09, 0x3b, 0x60, 0xc9, 0x26, 0x4d, 0x7c, 0xf2, 0x9c, 0xd4, 0xa1, 0x3b, 0x26, 0xc2, 0x04, 0x33, 0x44, 0x76, 0x3c, 0x02, 0xbb, 0x11, 0x42, 0x0c, 0x22, 0xb7, 0xc6, 0xe1, 0xac, 0xb4, 0x0e}}},
+{{{0x6f, 0x85, 0xe7, 0xef, 0xde, 0x67, 0x30, 0xfc, 0xbf, 0x5a, 0xe0, 0x7b, 0x7a, 0x2a, 0x54, 0x6b, 0x5d, 0x62, 0x85, 0xa1, 0xf8, 0x16, 0x88, 0xec, 0x61, 0xb9, 0x96, 0xb5, 0xef, 0x2d, 0x43, 0x4d}} ,
+ {{0x7c, 0x31, 0x33, 0xcc, 0xe4, 0xcf, 0x6c, 0xff, 0x80, 0x47, 0x77, 0xd1, 0xd8, 0xe9, 0x69, 0x97, 0x98, 0x7f, 0x20, 0x57, 0x1d, 0x1d, 0x4f, 0x08, 0x27, 0xc8, 0x35, 0x57, 0x40, 0xc6, 0x21, 0x0c}}},
+{{{0xd2, 0x8e, 0x9b, 0xfa, 0x42, 0x8e, 0xdf, 0x8f, 0xc7, 0x86, 0xf9, 0xa4, 0xca, 0x70, 0x00, 0x9d, 0x21, 0xbf, 0xec, 0x57, 0x62, 0x30, 0x58, 0x8c, 0x0d, 0x35, 0xdb, 0x5d, 0x8b, 0x6a, 0xa0, 0x5a}} ,
+ {{0xc1, 0x58, 0x7c, 0x0d, 0x20, 0xdd, 0x11, 0x26, 0x5f, 0x89, 0x3b, 0x97, 0x58, 0xf8, 0x8b, 0xe3, 0xdf, 0x32, 0xe2, 0xfc, 0xd8, 0x67, 0xf2, 0xa5, 0x37, 0x1e, 0x6d, 0xec, 0x7c, 0x27, 0x20, 0x79}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xd0, 0xe9, 0xc0, 0xfa, 0x95, 0x45, 0x23, 0x96, 0xf1, 0x2c, 0x79, 0x25, 0x14, 0xce, 0x40, 0x14, 0x44, 0x2c, 0x36, 0x50, 0xd9, 0x63, 0x56, 0xb7, 0x56, 0x3b, 0x9e, 0xa7, 0xef, 0x89, 0xbb, 0x0e}} ,
+ {{0xce, 0x7f, 0xdc, 0x0a, 0xcc, 0x82, 0x1c, 0x0a, 0x78, 0x71, 0xe8, 0x74, 0x8d, 0x01, 0x30, 0x0f, 0xa7, 0x11, 0x4c, 0xdf, 0x38, 0xd7, 0xa7, 0x0d, 0xf8, 0x48, 0x52, 0x00, 0x80, 0x7b, 0x5f, 0x0e}}},
+{{{0x25, 0x83, 0xe6, 0x94, 0x7b, 0x81, 0xb2, 0x91, 0xae, 0x0e, 0x05, 0xc9, 0xa3, 0x68, 0x2d, 0xd9, 0x88, 0x25, 0x19, 0x2a, 0x61, 0x61, 0x21, 0x97, 0x15, 0xa1, 0x35, 0xa5, 0x46, 0xc8, 0xa2, 0x0e}} ,
+ {{0x1b, 0x03, 0x0d, 0x8b, 0x5a, 0x1b, 0x97, 0x4b, 0xf2, 0x16, 0x31, 0x3d, 0x1f, 0x33, 0xa0, 0x50, 0x3a, 0x18, 0xbe, 0x13, 0xa1, 0x76, 0xc1, 0xba, 0x1b, 0xf1, 0x05, 0x7b, 0x33, 0xa8, 0x82, 0x3b}}},
+{{{0xba, 0x36, 0x7b, 0x6d, 0xa9, 0xea, 0x14, 0x12, 0xc5, 0xfa, 0x91, 0x00, 0xba, 0x9b, 0x99, 0xcc, 0x56, 0x02, 0xe9, 0xa0, 0x26, 0x40, 0x66, 0x8c, 0xc4, 0xf8, 0x85, 0x33, 0x68, 0xe7, 0x03, 0x20}} ,
+ {{0x50, 0x5b, 0xff, 0xa9, 0xb2, 0xf1, 0xf1, 0x78, 0xcf, 0x14, 0xa4, 0xa9, 0xfc, 0x09, 0x46, 0x94, 0x54, 0x65, 0x0d, 0x9c, 0x5f, 0x72, 0x21, 0xe2, 0x97, 0xa5, 0x2d, 0x81, 0xce, 0x4a, 0x5f, 0x79}}},
+{{{0x3d, 0x5f, 0x5c, 0xd2, 0xbc, 0x7d, 0x77, 0x0e, 0x2a, 0x6d, 0x22, 0x45, 0x84, 0x06, 0xc4, 0xdd, 0xc6, 0xa6, 0xc6, 0xd7, 0x49, 0xad, 0x6d, 0x87, 0x91, 0x0e, 0x3a, 0x67, 0x1d, 0x2c, 0x1d, 0x56}} ,
+ {{0xfe, 0x7a, 0x74, 0xcf, 0xd4, 0xd2, 0xe5, 0x19, 0xde, 0xd0, 0xdb, 0x70, 0x23, 0x69, 0xe6, 0x6d, 0xec, 0xec, 0xcc, 0x09, 0x33, 0x6a, 0x77, 0xdc, 0x6b, 0x22, 0x76, 0x5d, 0x92, 0x09, 0xac, 0x2d}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x23, 0x15, 0x17, 0xeb, 0xd3, 0xdb, 0x12, 0x5e, 0x01, 0xf0, 0x91, 0xab, 0x2c, 0x41, 0xce, 0xac, 0xed, 0x1b, 0x4b, 0x2d, 0xbc, 0xdb, 0x17, 0x66, 0x89, 0x46, 0xad, 0x4b, 0x1e, 0x6f, 0x0b, 0x14}} ,
+ {{0x11, 0xce, 0xbf, 0xb6, 0x77, 0x2d, 0x48, 0x22, 0x18, 0x4f, 0xa3, 0x5d, 0x4a, 0xb0, 0x70, 0x12, 0x3e, 0x54, 0xd7, 0xd8, 0x0e, 0x2b, 0x27, 0xdc, 0x53, 0xff, 0xca, 0x8c, 0x59, 0xb3, 0x4e, 0x44}}},
+{{{0x07, 0x76, 0x61, 0x0f, 0x66, 0xb2, 0x21, 0x39, 0x7e, 0xc0, 0xec, 0x45, 0x28, 0x82, 0xa1, 0x29, 0x32, 0x44, 0x35, 0x13, 0x5e, 0x61, 0x5e, 0x54, 0xcb, 0x7c, 0xef, 0xf6, 0x41, 0xcf, 0x9f, 0x0a}} ,
+ {{0xdd, 0xf9, 0xda, 0x84, 0xc3, 0xe6, 0x8a, 0x9f, 0x24, 0xd2, 0x96, 0x5d, 0x39, 0x6f, 0x58, 0x8c, 0xc1, 0x56, 0x93, 0xab, 0xb5, 0x79, 0x3b, 0xd2, 0xa8, 0x73, 0x16, 0xed, 0xfa, 0xb4, 0x2f, 0x73}}},
+{{{0x8b, 0xb1, 0x95, 0xe5, 0x92, 0x50, 0x35, 0x11, 0x76, 0xac, 0xf4, 0x4d, 0x24, 0xc3, 0x32, 0xe6, 0xeb, 0xfe, 0x2c, 0x87, 0xc4, 0xf1, 0x56, 0xc4, 0x75, 0x24, 0x7a, 0x56, 0x85, 0x5a, 0x3a, 0x13}} ,
+ {{0x0d, 0x16, 0xac, 0x3c, 0x4a, 0x58, 0x86, 0x3a, 0x46, 0x7f, 0x6c, 0xa3, 0x52, 0x6e, 0x37, 0xe4, 0x96, 0x9c, 0xe9, 0x5c, 0x66, 0x41, 0x67, 0xe4, 0xfb, 0x79, 0x0c, 0x05, 0xf6, 0x64, 0xd5, 0x7c}}},
+{{{0x28, 0xc1, 0xe1, 0x54, 0x73, 0xf2, 0xbf, 0x76, 0x74, 0x19, 0x19, 0x1b, 0xe4, 0xb9, 0xa8, 0x46, 0x65, 0x73, 0xf3, 0x77, 0x9b, 0x29, 0x74, 0x5b, 0xc6, 0x89, 0x6c, 0x2c, 0x7c, 0xf8, 0xb3, 0x0f}} ,
+ {{0xf7, 0xd5, 0xe9, 0x74, 0x5d, 0xb8, 0x25, 0x16, 0xb5, 0x30, 0xbc, 0x84, 0xc5, 0xf0, 0xad, 0xca, 0x12, 0x28, 0xbc, 0x9d, 0xd4, 0xfa, 0x82, 0xe6, 0xe3, 0xbf, 0xa2, 0x15, 0x2c, 0xd4, 0x34, 0x10}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x61, 0xb1, 0x46, 0xba, 0x0e, 0x31, 0xa5, 0x67, 0x6c, 0x7f, 0xd6, 0xd9, 0x27, 0x85, 0x0f, 0x79, 0x14, 0xc8, 0x6c, 0x2f, 0x5f, 0x5b, 0x9c, 0x35, 0x3d, 0x38, 0x86, 0x77, 0x65, 0x55, 0x6a, 0x7b}} ,
+ {{0xd3, 0xb0, 0x3a, 0x66, 0x60, 0x1b, 0x43, 0xf1, 0x26, 0x58, 0x99, 0x09, 0x8f, 0x2d, 0xa3, 0x14, 0x71, 0x85, 0xdb, 0xed, 0xf6, 0x26, 0xd5, 0x61, 0x9a, 0x73, 0xac, 0x0e, 0xea, 0xac, 0xb7, 0x0c}}},
+{{{0x5e, 0xf4, 0xe5, 0x17, 0x0e, 0x10, 0x9f, 0xe7, 0x43, 0x5f, 0x67, 0x5c, 0xac, 0x4b, 0xe5, 0x14, 0x41, 0xd2, 0xbf, 0x48, 0xf5, 0x14, 0xb0, 0x71, 0xc6, 0x61, 0xc1, 0xb2, 0x70, 0x58, 0xd2, 0x5a}} ,
+ {{0x2d, 0xba, 0x16, 0x07, 0x92, 0x94, 0xdc, 0xbd, 0x50, 0x2b, 0xc9, 0x7f, 0x42, 0x00, 0xba, 0x61, 0xed, 0xf8, 0x43, 0xed, 0xf5, 0xf9, 0x40, 0x60, 0xb2, 0xb0, 0x82, 0xcb, 0xed, 0x75, 0xc7, 0x65}}},
+{{{0x80, 0xba, 0x0d, 0x09, 0x40, 0xa7, 0x39, 0xa6, 0x67, 0x34, 0x7e, 0x66, 0xbe, 0x56, 0xfb, 0x53, 0x78, 0xc4, 0x46, 0xe8, 0xed, 0x68, 0x6c, 0x7f, 0xce, 0xe8, 0x9f, 0xce, 0xa2, 0x64, 0x58, 0x53}} ,
+ {{0xe8, 0xc1, 0xa9, 0xc2, 0x7b, 0x59, 0x21, 0x33, 0xe2, 0x43, 0x73, 0x2b, 0xac, 0x2d, 0xc1, 0x89, 0x3b, 0x15, 0xe2, 0xd5, 0xc0, 0x97, 0x8a, 0xfd, 0x6f, 0x36, 0x33, 0xb7, 0xb9, 0xc3, 0x88, 0x09}}},
+{{{0xd0, 0xb6, 0x56, 0x30, 0x5c, 0xae, 0xb3, 0x75, 0x44, 0xa4, 0x83, 0x51, 0x6e, 0x01, 0x65, 0xef, 0x45, 0x76, 0xe6, 0xf5, 0xa2, 0x0d, 0xd4, 0x16, 0x3b, 0x58, 0x2f, 0xf2, 0x2f, 0x36, 0x18, 0x3f}} ,
+ {{0xfd, 0x2f, 0xe0, 0x9b, 0x1e, 0x8c, 0xc5, 0x18, 0xa9, 0xca, 0xd4, 0x2b, 0x35, 0xb6, 0x95, 0x0a, 0x9f, 0x7e, 0xfb, 0xc4, 0xef, 0x88, 0x7b, 0x23, 0x43, 0xec, 0x2f, 0x0d, 0x0f, 0x7a, 0xfc, 0x5c}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x8d, 0xd2, 0xda, 0xc7, 0x44, 0xd6, 0x7a, 0xdb, 0x26, 0x7d, 0x1d, 0xb8, 0xe1, 0xde, 0x9d, 0x7a, 0x7d, 0x17, 0x7e, 0x1c, 0x37, 0x04, 0x8d, 0x2d, 0x7c, 0x5e, 0x18, 0x38, 0x1e, 0xaf, 0xc7, 0x1b}} ,
+ {{0x33, 0x48, 0x31, 0x00, 0x59, 0xf6, 0xf2, 0xca, 0x0f, 0x27, 0x1b, 0x63, 0x12, 0x7e, 0x02, 0x1d, 0x49, 0xc0, 0x5d, 0x79, 0x87, 0xef, 0x5e, 0x7a, 0x2f, 0x1f, 0x66, 0x55, 0xd8, 0x09, 0xd9, 0x61}}},
+{{{0x54, 0x83, 0x02, 0x18, 0x82, 0x93, 0x99, 0x07, 0xd0, 0xa7, 0xda, 0xd8, 0x75, 0x89, 0xfa, 0xf2, 0xd9, 0xa3, 0xb8, 0x6b, 0x5a, 0x35, 0x28, 0xd2, 0x6b, 0x59, 0xc2, 0xf8, 0x45, 0xe2, 0xbc, 0x06}} ,
+ {{0x65, 0xc0, 0xa3, 0x88, 0x51, 0x95, 0xfc, 0x96, 0x94, 0x78, 0xe8, 0x0d, 0x8b, 0x41, 0xc9, 0xc2, 0x58, 0x48, 0x75, 0x10, 0x2f, 0xcd, 0x2a, 0xc9, 0xa0, 0x6d, 0x0f, 0xdd, 0x9c, 0x98, 0x26, 0x3d}}},
+{{{0x2f, 0x66, 0x29, 0x1b, 0x04, 0x89, 0xbd, 0x7e, 0xee, 0x6e, 0xdd, 0xb7, 0x0e, 0xef, 0xb0, 0x0c, 0xb4, 0xfc, 0x7f, 0xc2, 0xc9, 0x3a, 0x3c, 0x64, 0xef, 0x45, 0x44, 0xaf, 0x8a, 0x90, 0x65, 0x76}} ,
+ {{0xa1, 0x4c, 0x70, 0x4b, 0x0e, 0xa0, 0x83, 0x70, 0x13, 0xa4, 0xaf, 0xb8, 0x38, 0x19, 0x22, 0x65, 0x09, 0xb4, 0x02, 0x4f, 0x06, 0xf8, 0x17, 0xce, 0x46, 0x45, 0xda, 0x50, 0x7c, 0x8a, 0xd1, 0x4e}}},
+{{{0xf7, 0xd4, 0x16, 0x6c, 0x4e, 0x95, 0x9d, 0x5d, 0x0f, 0x91, 0x2b, 0x52, 0xfe, 0x5c, 0x34, 0xe5, 0x30, 0xe6, 0xa4, 0x3b, 0xf3, 0xf3, 0x34, 0x08, 0xa9, 0x4a, 0xa0, 0xb5, 0x6e, 0xb3, 0x09, 0x0a}} ,
+ {{0x26, 0xd9, 0x5e, 0xa3, 0x0f, 0xeb, 0xa2, 0xf3, 0x20, 0x3b, 0x37, 0xd4, 0xe4, 0x9e, 0xce, 0x06, 0x3d, 0x53, 0xed, 0xae, 0x2b, 0xeb, 0xb6, 0x24, 0x0a, 0x11, 0xa3, 0x0f, 0xd6, 0x7f, 0xa4, 0x3a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xdb, 0x9f, 0x2c, 0xfc, 0xd6, 0xb2, 0x1e, 0x2e, 0x52, 0x7a, 0x06, 0x87, 0x2d, 0x86, 0x72, 0x2b, 0x6d, 0x90, 0x77, 0x46, 0x43, 0xb5, 0x7a, 0xf8, 0x60, 0x7d, 0x91, 0x60, 0x5b, 0x9d, 0x9e, 0x07}} ,
+ {{0x97, 0x87, 0xc7, 0x04, 0x1c, 0x38, 0x01, 0x39, 0x58, 0xc7, 0x85, 0xa3, 0xfc, 0x64, 0x00, 0x64, 0x25, 0xa2, 0xbf, 0x50, 0x94, 0xca, 0x26, 0x31, 0x45, 0x0a, 0x24, 0xd2, 0x51, 0x29, 0x51, 0x16}}},
+{{{0x4d, 0x4a, 0xd7, 0x98, 0x71, 0x57, 0xac, 0x7d, 0x8b, 0x37, 0xbd, 0x63, 0xff, 0x87, 0xb1, 0x49, 0x95, 0x20, 0x7c, 0xcf, 0x7c, 0x59, 0xc4, 0x91, 0x9c, 0xef, 0xd0, 0xdb, 0x60, 0x09, 0x9d, 0x46}} ,
+ {{0xcb, 0x78, 0x94, 0x90, 0xe4, 0x45, 0xb3, 0xf6, 0xd9, 0xf6, 0x57, 0x74, 0xd5, 0xf8, 0x83, 0x4f, 0x39, 0xc9, 0xbd, 0x88, 0xc2, 0x57, 0x21, 0x1f, 0x24, 0x32, 0x68, 0xf8, 0xc7, 0x21, 0x5f, 0x0b}}},
+{{{0x2a, 0x36, 0x68, 0xfc, 0x5f, 0xb6, 0x4f, 0xa5, 0xe3, 0x9d, 0x24, 0x2f, 0xc0, 0x93, 0x61, 0xcf, 0xf8, 0x0a, 0xed, 0xe1, 0xdb, 0x27, 0xec, 0x0e, 0x14, 0x32, 0x5f, 0x8e, 0xa1, 0x62, 0x41, 0x16}} ,
+ {{0x95, 0x21, 0x01, 0xce, 0x95, 0x5b, 0x0e, 0x57, 0xc7, 0xb9, 0x62, 0xb5, 0x28, 0xca, 0x11, 0xec, 0xb4, 0x46, 0x06, 0x73, 0x26, 0xff, 0xfb, 0x66, 0x7d, 0xee, 0x5f, 0xb2, 0x56, 0xfd, 0x2a, 0x08}}},
+{{{0x92, 0x67, 0x77, 0x56, 0xa1, 0xff, 0xc4, 0xc5, 0x95, 0xf0, 0xe3, 0x3a, 0x0a, 0xca, 0x94, 0x4d, 0x9e, 0x7e, 0x3d, 0xb9, 0x6e, 0xb6, 0xb0, 0xce, 0xa4, 0x30, 0x89, 0x99, 0xe9, 0xad, 0x11, 0x59}} ,
+ {{0xf6, 0x48, 0x95, 0xa1, 0x6f, 0x5f, 0xb7, 0xa5, 0xbb, 0x30, 0x00, 0x1c, 0xd2, 0x8a, 0xd6, 0x25, 0x26, 0x1b, 0xb2, 0x0d, 0x37, 0x6a, 0x05, 0xf4, 0x9d, 0x3e, 0x17, 0x2a, 0x43, 0xd2, 0x3a, 0x06}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x32, 0x99, 0x93, 0xd1, 0x9a, 0x72, 0xf3, 0xa9, 0x16, 0xbd, 0xb4, 0x4c, 0xdd, 0xf9, 0xd4, 0xb2, 0x64, 0x9a, 0xd3, 0x05, 0xe4, 0xa3, 0x73, 0x1c, 0xcb, 0x7e, 0x57, 0x67, 0xff, 0x04, 0xb3, 0x10}} ,
+ {{0xb9, 0x4b, 0xa4, 0xad, 0xd0, 0x6d, 0x61, 0x23, 0xb4, 0xaf, 0x34, 0xa9, 0xaa, 0x65, 0xec, 0xd9, 0x69, 0xe3, 0x85, 0xcd, 0xcc, 0xe7, 0xb0, 0x9b, 0x41, 0xc1, 0x1c, 0xf9, 0xa0, 0xfa, 0xb7, 0x13}}},
+{{{0x04, 0xfd, 0x88, 0x3c, 0x0c, 0xd0, 0x09, 0x52, 0x51, 0x4f, 0x06, 0x19, 0xcc, 0xc3, 0xbb, 0xde, 0x80, 0xc5, 0x33, 0xbc, 0xf9, 0xf3, 0x17, 0x36, 0xdd, 0xc6, 0xde, 0xe8, 0x9b, 0x5d, 0x79, 0x1b}} ,
+ {{0x65, 0x0a, 0xbe, 0x51, 0x57, 0xad, 0x50, 0x79, 0x08, 0x71, 0x9b, 0x07, 0x95, 0x8f, 0xfb, 0xae, 0x4b, 0x38, 0xba, 0xcf, 0x53, 0x2a, 0x86, 0x1e, 0xc0, 0x50, 0x5c, 0x67, 0x1b, 0xf6, 0x87, 0x6c}}},
+{{{0x4f, 0x00, 0xb2, 0x66, 0x55, 0xed, 0x4a, 0xed, 0x8d, 0xe1, 0x66, 0x18, 0xb2, 0x14, 0x74, 0x8d, 0xfd, 0x1a, 0x36, 0x0f, 0x26, 0x5c, 0x8b, 0x89, 0xf3, 0xab, 0xf2, 0xf3, 0x24, 0x67, 0xfd, 0x70}} ,
+ {{0xfd, 0x4e, 0x2a, 0xc1, 0x3a, 0xca, 0x8f, 0x00, 0xd8, 0xec, 0x74, 0x67, 0xef, 0x61, 0xe0, 0x28, 0xd0, 0x96, 0xf4, 0x48, 0xde, 0x81, 0xe3, 0xef, 0xdc, 0xaa, 0x7d, 0xf3, 0xb6, 0x55, 0xa6, 0x65}}},
+{{{0xeb, 0xcb, 0xc5, 0x70, 0x91, 0x31, 0x10, 0x93, 0x0d, 0xc8, 0xd0, 0xef, 0x62, 0xe8, 0x6f, 0x82, 0xe3, 0x69, 0x3d, 0x91, 0x7f, 0x31, 0xe1, 0x26, 0x35, 0x3c, 0x4a, 0x2f, 0xab, 0xc4, 0x9a, 0x5e}} ,
+ {{0xab, 0x1b, 0xb5, 0xe5, 0x2b, 0xc3, 0x0e, 0x29, 0xb0, 0xd0, 0x73, 0xe6, 0x4f, 0x64, 0xf2, 0xbc, 0xe4, 0xe4, 0xe1, 0x9a, 0x52, 0x33, 0x2f, 0xbd, 0xcc, 0x03, 0xee, 0x8a, 0xfa, 0x00, 0x5f, 0x50}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xf6, 0xdb, 0x0d, 0x22, 0x3d, 0xb5, 0x14, 0x75, 0x31, 0xf0, 0x81, 0xe2, 0xb9, 0x37, 0xa2, 0xa9, 0x84, 0x11, 0x9a, 0x07, 0xb5, 0x53, 0x89, 0x78, 0xa9, 0x30, 0x27, 0xa1, 0xf1, 0x4e, 0x5c, 0x2e}} ,
+ {{0x8b, 0x00, 0x54, 0xfb, 0x4d, 0xdc, 0xcb, 0x17, 0x35, 0x40, 0xff, 0xb7, 0x8c, 0xfe, 0x4a, 0xe4, 0x4e, 0x99, 0x4e, 0xa8, 0x74, 0x54, 0x5d, 0x5c, 0x96, 0xa3, 0x12, 0x55, 0x36, 0x31, 0x17, 0x5c}}},
+{{{0xce, 0x24, 0xef, 0x7b, 0x86, 0xf2, 0x0f, 0x77, 0xe8, 0x5c, 0x7d, 0x87, 0x38, 0x2d, 0xef, 0xaf, 0xf2, 0x8c, 0x72, 0x2e, 0xeb, 0xb6, 0x55, 0x4b, 0x6e, 0xf1, 0x4e, 0x8a, 0x0e, 0x9a, 0x6c, 0x4c}} ,
+ {{0x25, 0xea, 0x86, 0xc2, 0xd1, 0x4f, 0xb7, 0x3e, 0xa8, 0x5c, 0x8d, 0x66, 0x81, 0x25, 0xed, 0xc5, 0x4c, 0x05, 0xb9, 0xd8, 0xd6, 0x70, 0xbe, 0x73, 0x82, 0xe8, 0xa1, 0xe5, 0x1e, 0x71, 0xd5, 0x26}}},
+{{{0x4e, 0x6d, 0xc3, 0xa7, 0x4f, 0x22, 0x45, 0x26, 0xa2, 0x7e, 0x16, 0xf7, 0xf7, 0x63, 0xdc, 0x86, 0x01, 0x2a, 0x71, 0x38, 0x5c, 0x33, 0xc3, 0xce, 0x30, 0xff, 0xf9, 0x2c, 0x91, 0x71, 0x8a, 0x72}} ,
+ {{0x8c, 0x44, 0x09, 0x28, 0xd5, 0x23, 0xc9, 0x8f, 0xf3, 0x84, 0x45, 0xc6, 0x9a, 0x5e, 0xff, 0xd2, 0xc7, 0x57, 0x93, 0xa3, 0xc1, 0x69, 0xdd, 0x62, 0x0f, 0xda, 0x5c, 0x30, 0x59, 0x5d, 0xe9, 0x4c}}},
+{{{0x92, 0x7e, 0x50, 0x27, 0x72, 0xd7, 0x0c, 0xd6, 0x69, 0x96, 0x81, 0x35, 0x84, 0x94, 0x35, 0x8b, 0x6c, 0xaa, 0x62, 0x86, 0x6e, 0x1c, 0x15, 0xf3, 0x6c, 0xb3, 0xff, 0x65, 0x1b, 0xa2, 0x9b, 0x59}} ,
+ {{0xe2, 0xa9, 0x65, 0x88, 0xc4, 0x50, 0xfa, 0xbb, 0x3b, 0x6e, 0x5f, 0x44, 0x01, 0xca, 0x97, 0xd4, 0xdd, 0xf6, 0xcd, 0x3f, 0x3f, 0xe5, 0x97, 0x67, 0x2b, 0x8c, 0x66, 0x0f, 0x35, 0x9b, 0xf5, 0x07}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xf1, 0x59, 0x27, 0xd8, 0xdb, 0x5a, 0x11, 0x5e, 0x82, 0xf3, 0x38, 0xff, 0x1c, 0xed, 0xfe, 0x3f, 0x64, 0x54, 0x3f, 0x7f, 0xd1, 0x81, 0xed, 0xef, 0x65, 0xc5, 0xcb, 0xfd, 0xe1, 0x80, 0xcd, 0x11}} ,
+ {{0xe0, 0xdb, 0x22, 0x28, 0xe6, 0xff, 0x61, 0x9d, 0x41, 0x14, 0x2d, 0x3b, 0x26, 0x22, 0xdf, 0xf1, 0x34, 0x81, 0xe9, 0x45, 0xee, 0x0f, 0x98, 0x8b, 0xa6, 0x3f, 0xef, 0xf7, 0x43, 0x19, 0xf1, 0x43}}},
+{{{0xee, 0xf3, 0x00, 0xa1, 0x50, 0xde, 0xc0, 0xb6, 0x01, 0xe3, 0x8c, 0x3c, 0x4d, 0x31, 0xd2, 0xb0, 0x58, 0xcd, 0xed, 0x10, 0x4a, 0x7a, 0xef, 0x80, 0xa9, 0x19, 0x32, 0xf3, 0xd8, 0x33, 0x8c, 0x06}} ,
+ {{0xcb, 0x7d, 0x4f, 0xff, 0x30, 0xd8, 0x12, 0x3b, 0x39, 0x1c, 0x06, 0xf9, 0x4c, 0x34, 0x35, 0x71, 0xb5, 0x16, 0x94, 0x67, 0xdf, 0xee, 0x11, 0xde, 0xa4, 0x1d, 0x88, 0x93, 0x35, 0xa9, 0x32, 0x10}}},
+{{{0xe9, 0xc3, 0xbc, 0x7b, 0x5c, 0xfc, 0xb2, 0xf9, 0xc9, 0x2f, 0xe5, 0xba, 0x3a, 0x0b, 0xab, 0x64, 0x38, 0x6f, 0x5b, 0x4b, 0x93, 0xda, 0x64, 0xec, 0x4d, 0x3d, 0xa0, 0xf5, 0xbb, 0xba, 0x47, 0x48}} ,
+ {{0x60, 0xbc, 0x45, 0x1f, 0x23, 0xa2, 0x3b, 0x70, 0x76, 0xe6, 0x97, 0x99, 0x4f, 0x77, 0x54, 0x67, 0x30, 0x9a, 0xe7, 0x66, 0xd6, 0xcd, 0x2e, 0x51, 0x24, 0x2c, 0x42, 0x4a, 0x11, 0xfe, 0x6f, 0x7e}}},
+{{{0x87, 0xc0, 0xb1, 0xf0, 0xa3, 0x6f, 0x0c, 0x93, 0xa9, 0x0a, 0x72, 0xef, 0x5c, 0xbe, 0x65, 0x35, 0xa7, 0x6a, 0x4e, 0x2c, 0xbf, 0x21, 0x23, 0xe8, 0x2f, 0x97, 0xc7, 0x3e, 0xc8, 0x17, 0xac, 0x1e}} ,
+ {{0x7b, 0xef, 0x21, 0xe5, 0x40, 0xcc, 0x1e, 0xdc, 0xd6, 0xbd, 0x97, 0x7a, 0x7c, 0x75, 0x86, 0x7a, 0x25, 0x5a, 0x6e, 0x7c, 0xe5, 0x51, 0x3c, 0x1b, 0x5b, 0x82, 0x9a, 0x07, 0x60, 0xa1, 0x19, 0x04}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x96, 0x88, 0xa6, 0xab, 0x8f, 0xe3, 0x3a, 0x49, 0xf8, 0xfe, 0x34, 0xe7, 0x6a, 0xb2, 0xfe, 0x40, 0x26, 0x74, 0x57, 0x4c, 0xf6, 0xd4, 0x99, 0xce, 0x5d, 0x7b, 0x2f, 0x67, 0xd6, 0x5a, 0xe4, 0x4e}} ,
+ {{0x5c, 0x82, 0xb3, 0xbd, 0x55, 0x25, 0xf6, 0x6a, 0x93, 0xa4, 0x02, 0xc6, 0x7d, 0x5c, 0xb1, 0x2b, 0x5b, 0xff, 0xfb, 0x56, 0xf8, 0x01, 0x41, 0x90, 0xc6, 0xb6, 0xac, 0x4f, 0xfe, 0xa7, 0x41, 0x70}}},
+{{{0xdb, 0xfa, 0x9b, 0x2c, 0xd4, 0x23, 0x67, 0x2c, 0x8a, 0x63, 0x6c, 0x07, 0x26, 0x48, 0x4f, 0xc2, 0x03, 0xd2, 0x53, 0x20, 0x28, 0xed, 0x65, 0x71, 0x47, 0xa9, 0x16, 0x16, 0x12, 0xbc, 0x28, 0x33}} ,
+ {{0x39, 0xc0, 0xfa, 0xfa, 0xcd, 0x33, 0x43, 0xc7, 0x97, 0x76, 0x9b, 0x93, 0x91, 0x72, 0xeb, 0xc5, 0x18, 0x67, 0x4c, 0x11, 0xf0, 0xf4, 0xe5, 0x73, 0xb2, 0x5c, 0x1b, 0xc2, 0x26, 0x3f, 0xbf, 0x2b}}},
+{{{0x86, 0xe6, 0x8c, 0x1d, 0xdf, 0xca, 0xfc, 0xd5, 0xf8, 0x3a, 0xc3, 0x44, 0x72, 0xe6, 0x78, 0x9d, 0x2b, 0x97, 0xf8, 0x28, 0x45, 0xb4, 0x20, 0xc9, 0x2a, 0x8c, 0x67, 0xaa, 0x11, 0xc5, 0x5b, 0x2f}} ,
+ {{0x17, 0x0f, 0x86, 0x52, 0xd7, 0x9d, 0xc3, 0x44, 0x51, 0x76, 0x32, 0x65, 0xb4, 0x37, 0x81, 0x99, 0x46, 0x37, 0x62, 0xed, 0xcf, 0x64, 0x9d, 0x72, 0x40, 0x7a, 0x4c, 0x0b, 0x76, 0x2a, 0xfb, 0x56}}},
+{{{0x33, 0xa7, 0x90, 0x7c, 0xc3, 0x6f, 0x17, 0xa5, 0xa0, 0x67, 0x72, 0x17, 0xea, 0x7e, 0x63, 0x14, 0x83, 0xde, 0xc1, 0x71, 0x2d, 0x41, 0x32, 0x7a, 0xf3, 0xd1, 0x2b, 0xd8, 0x2a, 0xa6, 0x46, 0x36}} ,
+ {{0xac, 0xcc, 0x6b, 0x7c, 0xf9, 0xb8, 0x8b, 0x08, 0x5c, 0xd0, 0x7d, 0x8f, 0x73, 0xea, 0x20, 0xda, 0x86, 0xca, 0x00, 0xc7, 0xad, 0x73, 0x4d, 0xe9, 0xe8, 0xa9, 0xda, 0x1f, 0x03, 0x06, 0xdd, 0x24}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x9c, 0xb2, 0x61, 0x0a, 0x98, 0x2a, 0xa5, 0xd7, 0xee, 0xa9, 0xac, 0x65, 0xcb, 0x0a, 0x1e, 0xe2, 0xbe, 0xdc, 0x85, 0x59, 0x0f, 0x9c, 0xa6, 0x57, 0x34, 0xa5, 0x87, 0xeb, 0x7b, 0x1e, 0x0c, 0x3c}} ,
+ {{0x2f, 0xbd, 0x84, 0x63, 0x0d, 0xb5, 0xa0, 0xf0, 0x4b, 0x9e, 0x93, 0xc6, 0x34, 0x9a, 0x34, 0xff, 0x73, 0x19, 0x2f, 0x6e, 0x54, 0x45, 0x2c, 0x92, 0x31, 0x76, 0x34, 0xf1, 0xb2, 0x26, 0xe8, 0x74}}},
+{{{0x0a, 0x67, 0x90, 0x6d, 0x0c, 0x4c, 0xcc, 0xc0, 0xe6, 0xbd, 0xa7, 0x5e, 0x55, 0x8c, 0xcd, 0x58, 0x9b, 0x11, 0xa2, 0xbb, 0x4b, 0xb1, 0x43, 0x04, 0x3c, 0x55, 0xed, 0x23, 0xfe, 0xcd, 0xb1, 0x53}} ,
+ {{0x05, 0xfb, 0x75, 0xf5, 0x01, 0xaf, 0x38, 0x72, 0x58, 0xfc, 0x04, 0x29, 0x34, 0x7a, 0x67, 0xa2, 0x08, 0x50, 0x6e, 0xd0, 0x2b, 0x73, 0xd5, 0xb8, 0xe4, 0x30, 0x96, 0xad, 0x45, 0xdf, 0xa6, 0x5c}}},
+{{{0x0d, 0x88, 0x1a, 0x90, 0x7e, 0xdc, 0xd8, 0xfe, 0xc1, 0x2f, 0x5d, 0x67, 0xee, 0x67, 0x2f, 0xed, 0x6f, 0x55, 0x43, 0x5f, 0x87, 0x14, 0x35, 0x42, 0xd3, 0x75, 0xae, 0xd5, 0xd3, 0x85, 0x1a, 0x76}} ,
+ {{0x87, 0xc8, 0xa0, 0x6e, 0xe1, 0xb0, 0xad, 0x6a, 0x4a, 0x34, 0x71, 0xed, 0x7c, 0xd6, 0x44, 0x03, 0x65, 0x4a, 0x5c, 0x5c, 0x04, 0xf5, 0x24, 0x3f, 0xb0, 0x16, 0x5e, 0x8c, 0xb2, 0xd2, 0xc5, 0x20}}},
+{{{0x98, 0x83, 0xc2, 0x37, 0xa0, 0x41, 0xa8, 0x48, 0x5c, 0x5f, 0xbf, 0xc8, 0xfa, 0x24, 0xe0, 0x59, 0x2c, 0xbd, 0xf6, 0x81, 0x7e, 0x88, 0xe6, 0xca, 0x04, 0xd8, 0x5d, 0x60, 0xbb, 0x74, 0xa7, 0x0b}} ,
+ {{0x21, 0x13, 0x91, 0xbf, 0x77, 0x7a, 0x33, 0xbc, 0xe9, 0x07, 0x39, 0x0a, 0xdd, 0x7d, 0x06, 0x10, 0x9a, 0xee, 0x47, 0x73, 0x1b, 0x15, 0x5a, 0xfb, 0xcd, 0x4d, 0xd0, 0xd2, 0x3a, 0x01, 0xba, 0x54}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x48, 0xd5, 0x39, 0x4a, 0x0b, 0x20, 0x6a, 0x43, 0xa0, 0x07, 0x82, 0x5e, 0x49, 0x7c, 0xc9, 0x47, 0xf1, 0x7c, 0x37, 0xb9, 0x23, 0xef, 0x6b, 0x46, 0x45, 0x8c, 0x45, 0x76, 0xdf, 0x14, 0x6b, 0x6e}} ,
+ {{0x42, 0xc9, 0xca, 0x29, 0x4c, 0x76, 0x37, 0xda, 0x8a, 0x2d, 0x7c, 0x3a, 0x58, 0xf2, 0x03, 0xb4, 0xb5, 0xb9, 0x1a, 0x13, 0x2d, 0xde, 0x5f, 0x6b, 0x9d, 0xba, 0x52, 0xc9, 0x5d, 0xb3, 0xf3, 0x30}}},
+{{{0x4c, 0x6f, 0xfe, 0x6b, 0x0c, 0x62, 0xd7, 0x48, 0x71, 0xef, 0xb1, 0x85, 0x79, 0xc0, 0xed, 0x24, 0xb1, 0x08, 0x93, 0x76, 0x8e, 0xf7, 0x38, 0x8e, 0xeb, 0xfe, 0x80, 0x40, 0xaf, 0x90, 0x64, 0x49}} ,
+ {{0x4a, 0x88, 0xda, 0xc1, 0x98, 0x44, 0x3c, 0x53, 0x4e, 0xdb, 0x4b, 0xb9, 0x12, 0x5f, 0xcd, 0x08, 0x04, 0xef, 0x75, 0xe7, 0xb1, 0x3a, 0xe5, 0x07, 0xfa, 0xca, 0x65, 0x7b, 0x72, 0x10, 0x64, 0x7f}}},
+{{{0x3d, 0x81, 0xf0, 0xeb, 0x16, 0xfd, 0x58, 0x33, 0x8d, 0x7c, 0x1a, 0xfb, 0x20, 0x2c, 0x8a, 0xee, 0x90, 0xbb, 0x33, 0x6d, 0x45, 0xe9, 0x8e, 0x99, 0x85, 0xe1, 0x08, 0x1f, 0xc5, 0xf1, 0xb5, 0x46}} ,
+ {{0xe4, 0xe7, 0x43, 0x4b, 0xa0, 0x3f, 0x2b, 0x06, 0xba, 0x17, 0xae, 0x3d, 0xe6, 0xce, 0xbd, 0xb8, 0xed, 0x74, 0x11, 0x35, 0xec, 0x96, 0xfe, 0x31, 0xe3, 0x0e, 0x7a, 0x4e, 0xc9, 0x1d, 0xcb, 0x20}}},
+{{{0xe0, 0x67, 0xe9, 0x7b, 0xdb, 0x96, 0x5c, 0xb0, 0x32, 0xd0, 0x59, 0x31, 0x90, 0xdc, 0x92, 0x97, 0xac, 0x09, 0x38, 0x31, 0x0f, 0x7e, 0xd6, 0x5d, 0xd0, 0x06, 0xb6, 0x1f, 0xea, 0xf0, 0x5b, 0x07}} ,
+ {{0x81, 0x9f, 0xc7, 0xde, 0x6b, 0x41, 0x22, 0x35, 0x14, 0x67, 0x77, 0x3e, 0x90, 0x81, 0xb0, 0xd9, 0x85, 0x4c, 0xca, 0x9b, 0x3f, 0x04, 0x59, 0xd6, 0xaa, 0x17, 0xc3, 0x88, 0x34, 0x37, 0xba, 0x43}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x4c, 0xb6, 0x69, 0xc8, 0x81, 0x95, 0x94, 0x33, 0x92, 0x34, 0xe9, 0x3c, 0x84, 0x0d, 0x3d, 0x5a, 0x37, 0x9c, 0x22, 0xa0, 0xaa, 0x65, 0xce, 0xb4, 0xc2, 0x2d, 0x66, 0x67, 0x02, 0xff, 0x74, 0x10}} ,
+ {{0x22, 0xb0, 0xd5, 0xe6, 0xc7, 0xef, 0xb1, 0xa7, 0x13, 0xda, 0x60, 0xb4, 0x80, 0xc1, 0x42, 0x7d, 0x10, 0x70, 0x97, 0x04, 0x4d, 0xda, 0x23, 0x89, 0xc2, 0x0e, 0x68, 0xcb, 0xde, 0xe0, 0x9b, 0x29}}},
+{{{0x33, 0xfe, 0x42, 0x2a, 0x36, 0x2b, 0x2e, 0x36, 0x64, 0x5c, 0x8b, 0xcc, 0x81, 0x6a, 0x15, 0x08, 0xa1, 0x27, 0xe8, 0x57, 0xe5, 0x78, 0x8e, 0xf2, 0x58, 0x19, 0x12, 0x42, 0xae, 0xc4, 0x63, 0x3e}} ,
+ {{0x78, 0x96, 0x9c, 0xa7, 0xca, 0x80, 0xae, 0x02, 0x85, 0xb1, 0x7c, 0x04, 0x5c, 0xc1, 0x5b, 0x26, 0xc1, 0xba, 0xed, 0xa5, 0x59, 0x70, 0x85, 0x8c, 0x8c, 0xe8, 0x87, 0xac, 0x6a, 0x28, 0x99, 0x35}}},
+{{{0x9f, 0x04, 0x08, 0x28, 0xbe, 0x87, 0xda, 0x80, 0x28, 0x38, 0xde, 0x9f, 0xcd, 0xe4, 0xe3, 0x62, 0xfb, 0x2e, 0x46, 0x8d, 0x01, 0xb3, 0x06, 0x51, 0xd4, 0x19, 0x3b, 0x11, 0xfa, 0xe2, 0xad, 0x1e}} ,
+ {{0xa0, 0x20, 0x99, 0x69, 0x0a, 0xae, 0xa3, 0x70, 0x4e, 0x64, 0x80, 0xb7, 0x85, 0x9c, 0x87, 0x54, 0x43, 0x43, 0x55, 0x80, 0x6d, 0x8d, 0x7c, 0xa9, 0x64, 0xca, 0x6c, 0x2e, 0x21, 0xd8, 0xc8, 0x6c}}},
+{{{0x91, 0x4a, 0x07, 0xad, 0x08, 0x75, 0xc1, 0x4f, 0xa4, 0xb2, 0xc3, 0x6f, 0x46, 0x3e, 0xb1, 0xce, 0x52, 0xab, 0x67, 0x09, 0x54, 0x48, 0x6b, 0x6c, 0xd7, 0x1d, 0x71, 0x76, 0xcb, 0xff, 0xdd, 0x31}} ,
+ {{0x36, 0x88, 0xfa, 0xfd, 0xf0, 0x36, 0x6f, 0x07, 0x74, 0x88, 0x50, 0xd0, 0x95, 0x38, 0x4a, 0x48, 0x2e, 0x07, 0x64, 0x97, 0x11, 0x76, 0x01, 0x1a, 0x27, 0x4d, 0x8e, 0x25, 0x9a, 0x9b, 0x1c, 0x22}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xbe, 0x57, 0xbd, 0x0e, 0x0f, 0xac, 0x5e, 0x76, 0xa3, 0x71, 0xad, 0x2b, 0x10, 0x45, 0x02, 0xec, 0x59, 0xd5, 0x5d, 0xa9, 0x44, 0xcc, 0x25, 0x4c, 0xb3, 0x3c, 0x5b, 0x69, 0x07, 0x55, 0x26, 0x6b}} ,
+ {{0x30, 0x6b, 0xd4, 0xa7, 0x51, 0x29, 0xe3, 0xf9, 0x7a, 0x75, 0x2a, 0x82, 0x2f, 0xd6, 0x1d, 0x99, 0x2b, 0x80, 0xd5, 0x67, 0x1e, 0x15, 0x9d, 0xca, 0xfd, 0xeb, 0xac, 0x97, 0x35, 0x09, 0x7f, 0x3f}}},
+{{{0x35, 0x0d, 0x34, 0x0a, 0xb8, 0x67, 0x56, 0x29, 0x20, 0xf3, 0x19, 0x5f, 0xe2, 0x83, 0x42, 0x73, 0x53, 0xa8, 0xc5, 0x02, 0x19, 0x33, 0xb4, 0x64, 0xbd, 0xc3, 0x87, 0x8c, 0xd7, 0x76, 0xed, 0x25}} ,
+ {{0x47, 0x39, 0x37, 0x76, 0x0d, 0x1d, 0x0c, 0xf5, 0x5a, 0x6d, 0x43, 0x88, 0x99, 0x15, 0xb4, 0x52, 0x0f, 0x2a, 0xb3, 0xb0, 0x3f, 0xa6, 0xb3, 0x26, 0xb3, 0xc7, 0x45, 0xf5, 0x92, 0x5f, 0x9b, 0x17}}},
+{{{0x9d, 0x23, 0xbd, 0x15, 0xfe, 0x52, 0x52, 0x15, 0x26, 0x79, 0x86, 0xba, 0x06, 0x56, 0x66, 0xbb, 0x8c, 0x2e, 0x10, 0x11, 0xd5, 0x4a, 0x18, 0x52, 0xda, 0x84, 0x44, 0xf0, 0x3e, 0xe9, 0x8c, 0x35}} ,
+ {{0xad, 0xa0, 0x41, 0xec, 0xc8, 0x4d, 0xb9, 0xd2, 0x6e, 0x96, 0x4e, 0x5b, 0xc5, 0xc2, 0xa0, 0x1b, 0xcf, 0x0c, 0xbf, 0x17, 0x66, 0x57, 0xc1, 0x17, 0x90, 0x45, 0x71, 0xc2, 0xe1, 0x24, 0xeb, 0x27}}},
+{{{0x2c, 0xb9, 0x42, 0xa4, 0xaf, 0x3b, 0x42, 0x0e, 0xc2, 0x0f, 0xf2, 0xea, 0x83, 0xaf, 0x9a, 0x13, 0x17, 0xb0, 0xbd, 0x89, 0x17, 0xe3, 0x72, 0xcb, 0x0e, 0x76, 0x7e, 0x41, 0x63, 0x04, 0x88, 0x71}} ,
+ {{0x75, 0x78, 0x38, 0x86, 0x57, 0xdd, 0x9f, 0xee, 0x54, 0x70, 0x65, 0xbf, 0xf1, 0x2c, 0xe0, 0x39, 0x0d, 0xe3, 0x89, 0xfd, 0x8e, 0x93, 0x4f, 0x43, 0xdc, 0xd5, 0x5b, 0xde, 0xf9, 0x98, 0xe5, 0x7b}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xe7, 0x3b, 0x65, 0x11, 0xdf, 0xb2, 0xf2, 0x63, 0x94, 0x12, 0x6f, 0x5c, 0x9e, 0x77, 0xc1, 0xb6, 0xd8, 0xab, 0x58, 0x7a, 0x1d, 0x95, 0x73, 0xdd, 0xe7, 0xe3, 0x6f, 0xf2, 0x03, 0x1d, 0xdb, 0x76}} ,
+ {{0xae, 0x06, 0x4e, 0x2c, 0x52, 0x1b, 0xbc, 0x5a, 0x5a, 0xa5, 0xbe, 0x27, 0xbd, 0xeb, 0xe1, 0x14, 0x17, 0x68, 0x26, 0x07, 0x03, 0xd1, 0x18, 0x0b, 0xdf, 0xf1, 0x06, 0x5c, 0xa6, 0x1b, 0xb9, 0x24}}},
+{{{0xc5, 0x66, 0x80, 0x13, 0x0e, 0x48, 0x8c, 0x87, 0x31, 0x84, 0xb4, 0x60, 0xed, 0xc5, 0xec, 0xb6, 0xc5, 0x05, 0x33, 0x5f, 0x2f, 0x7d, 0x40, 0xb6, 0x32, 0x1d, 0x38, 0x74, 0x1b, 0xf1, 0x09, 0x3d}} ,
+ {{0xd4, 0x69, 0x82, 0xbc, 0x8d, 0xf8, 0x34, 0x36, 0x75, 0x55, 0x18, 0x55, 0x58, 0x3c, 0x79, 0xaf, 0x26, 0x80, 0xab, 0x9b, 0x95, 0x00, 0xf1, 0xcb, 0xda, 0xc1, 0x9f, 0xf6, 0x2f, 0xa2, 0xf4, 0x45}}},
+{{{0x17, 0xbe, 0xeb, 0x85, 0xed, 0x9e, 0xcd, 0x56, 0xf5, 0x17, 0x45, 0x42, 0xb4, 0x1f, 0x44, 0x4c, 0x05, 0x74, 0x15, 0x47, 0x00, 0xc6, 0x6a, 0x3d, 0x24, 0x09, 0x0d, 0x58, 0xb1, 0x42, 0xd7, 0x04}} ,
+ {{0x8d, 0xbd, 0xa3, 0xc4, 0x06, 0x9b, 0x1f, 0x90, 0x58, 0x60, 0x74, 0xb2, 0x00, 0x3b, 0x3c, 0xd2, 0xda, 0x82, 0xbb, 0x10, 0x90, 0x69, 0x92, 0xa9, 0xb4, 0x30, 0x81, 0xe3, 0x7c, 0xa8, 0x89, 0x45}}},
+{{{0x3f, 0xdc, 0x05, 0xcb, 0x41, 0x3c, 0xc8, 0x23, 0x04, 0x2c, 0x38, 0x99, 0xe3, 0x68, 0x55, 0xf9, 0xd3, 0x32, 0xc7, 0xbf, 0xfa, 0xd4, 0x1b, 0x5d, 0xde, 0xdc, 0x10, 0x42, 0xc0, 0x42, 0xd9, 0x75}} ,
+ {{0x2d, 0xab, 0x35, 0x4e, 0x87, 0xc4, 0x65, 0x97, 0x67, 0x24, 0xa4, 0x47, 0xad, 0x3f, 0x8e, 0xf3, 0xcb, 0x31, 0x17, 0x77, 0xc5, 0xe2, 0xd7, 0x8f, 0x3c, 0xc1, 0xcd, 0x56, 0x48, 0xc1, 0x6c, 0x69}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x14, 0xae, 0x5f, 0x88, 0x7b, 0xa5, 0x90, 0xdf, 0x10, 0xb2, 0x8b, 0x5e, 0x24, 0x17, 0xc3, 0xa3, 0xd4, 0x0f, 0x92, 0x61, 0x1a, 0x19, 0x5a, 0xad, 0x76, 0xbd, 0xd8, 0x1c, 0xdd, 0xe0, 0x12, 0x6d}} ,
+ {{0x8e, 0xbd, 0x70, 0x8f, 0x02, 0xa3, 0x24, 0x4d, 0x5a, 0x67, 0xc4, 0xda, 0xf7, 0x20, 0x0f, 0x81, 0x5b, 0x7a, 0x05, 0x24, 0x67, 0x83, 0x0b, 0x2a, 0x80, 0xe7, 0xfd, 0x74, 0x4b, 0x9e, 0x5c, 0x0d}}},
+{{{0x94, 0xd5, 0x5f, 0x1f, 0xa2, 0xfb, 0xeb, 0xe1, 0x07, 0x34, 0xf8, 0x20, 0xad, 0x81, 0x30, 0x06, 0x2d, 0xa1, 0x81, 0x95, 0x36, 0xcf, 0x11, 0x0b, 0xaf, 0xc1, 0x2b, 0x9a, 0x6c, 0x55, 0xc1, 0x16}} ,
+ {{0x36, 0x4f, 0xf1, 0x5e, 0x74, 0x35, 0x13, 0x28, 0xd7, 0x11, 0xcf, 0xb8, 0xde, 0x93, 0xb3, 0x05, 0xb8, 0xb5, 0x73, 0xe9, 0xeb, 0xad, 0x19, 0x1e, 0x89, 0x0f, 0x8b, 0x15, 0xd5, 0x8c, 0xe3, 0x23}}},
+{{{0x33, 0x79, 0xe7, 0x18, 0xe6, 0x0f, 0x57, 0x93, 0x15, 0xa0, 0xa7, 0xaa, 0xc4, 0xbf, 0x4f, 0x30, 0x74, 0x95, 0x5e, 0x69, 0x4a, 0x5b, 0x45, 0xe4, 0x00, 0xeb, 0x23, 0x74, 0x4c, 0xdf, 0x6b, 0x45}} ,
+ {{0x97, 0x29, 0x6c, 0xc4, 0x42, 0x0b, 0xdd, 0xc0, 0x29, 0x5c, 0x9b, 0x34, 0x97, 0xd0, 0xc7, 0x79, 0x80, 0x63, 0x74, 0xe4, 0x8e, 0x37, 0xb0, 0x2b, 0x7c, 0xe8, 0x68, 0x6c, 0xc3, 0x82, 0x97, 0x57}}},
+{{{0x22, 0xbe, 0x83, 0xb6, 0x4b, 0x80, 0x6b, 0x43, 0x24, 0x5e, 0xef, 0x99, 0x9b, 0xa8, 0xfc, 0x25, 0x8d, 0x3b, 0x03, 0x94, 0x2b, 0x3e, 0xe7, 0x95, 0x76, 0x9b, 0xcc, 0x15, 0xdb, 0x32, 0xe6, 0x66}} ,
+ {{0x84, 0xf0, 0x4a, 0x13, 0xa6, 0xd6, 0xfa, 0x93, 0x46, 0x07, 0xf6, 0x7e, 0x5c, 0x6d, 0x5e, 0xf6, 0xa6, 0xe7, 0x48, 0xf0, 0x06, 0xea, 0xff, 0x90, 0xc1, 0xcc, 0x4c, 0x19, 0x9c, 0x3c, 0x4e, 0x53}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x2a, 0x50, 0xe3, 0x07, 0x15, 0x59, 0xf2, 0x8b, 0x81, 0xf2, 0xf3, 0xd3, 0x6c, 0x99, 0x8c, 0x70, 0x67, 0xec, 0xcc, 0xee, 0x9e, 0x59, 0x45, 0x59, 0x7d, 0x47, 0x75, 0x69, 0xf5, 0x24, 0x93, 0x5d}} ,
+ {{0x6a, 0x4f, 0x1b, 0xbe, 0x6b, 0x30, 0xcf, 0x75, 0x46, 0xe3, 0x7b, 0x9d, 0xfc, 0xcd, 0xd8, 0x5c, 0x1f, 0xb4, 0xc8, 0xe2, 0x24, 0xec, 0x1a, 0x28, 0x05, 0x32, 0x57, 0xfd, 0x3c, 0x5a, 0x98, 0x10}}},
+{{{0xa3, 0xdb, 0xf7, 0x30, 0xd8, 0xc2, 0x9a, 0xe1, 0xd3, 0xce, 0x22, 0xe5, 0x80, 0x1e, 0xd9, 0xe4, 0x1f, 0xab, 0xc0, 0x71, 0x1a, 0x86, 0x0e, 0x27, 0x99, 0x5b, 0xfa, 0x76, 0x99, 0xb0, 0x08, 0x3c}} ,
+ {{0x2a, 0x93, 0xd2, 0x85, 0x1b, 0x6a, 0x5d, 0xa6, 0xee, 0xd1, 0xd1, 0x33, 0xbd, 0x6a, 0x36, 0x73, 0x37, 0x3a, 0x44, 0xb4, 0xec, 0xa9, 0x7a, 0xde, 0x83, 0x40, 0xd7, 0xdf, 0x28, 0xba, 0xa2, 0x30}}},
+{{{0xd3, 0xb5, 0x6d, 0x05, 0x3f, 0x9f, 0xf3, 0x15, 0x8d, 0x7c, 0xca, 0xc9, 0xfc, 0x8a, 0x7c, 0x94, 0xb0, 0x63, 0x36, 0x9b, 0x78, 0xd1, 0x91, 0x1f, 0x93, 0xd8, 0x57, 0x43, 0xde, 0x76, 0xa3, 0x43}} ,
+ {{0x9b, 0x35, 0xe2, 0xa9, 0x3d, 0x32, 0x1e, 0xbb, 0x16, 0x28, 0x70, 0xe9, 0x45, 0x2f, 0x8f, 0x70, 0x7f, 0x08, 0x7e, 0x53, 0xc4, 0x7a, 0xbf, 0xf7, 0xe1, 0xa4, 0x6a, 0xd8, 0xac, 0x64, 0x1b, 0x11}}},
+{{{0xb2, 0xeb, 0x47, 0x46, 0x18, 0x3e, 0x1f, 0x99, 0x0c, 0xcc, 0xf1, 0x2c, 0xe0, 0xe7, 0x8f, 0xe0, 0x01, 0x7e, 0x65, 0xb8, 0x0c, 0xd0, 0xfb, 0xc8, 0xb9, 0x90, 0x98, 0x33, 0x61, 0x3b, 0xd8, 0x27}} ,
+ {{0xa0, 0xbe, 0x72, 0x3a, 0x50, 0x4b, 0x74, 0xab, 0x01, 0xc8, 0x93, 0xc5, 0xe4, 0xc7, 0x08, 0x6c, 0xb4, 0xca, 0xee, 0xeb, 0x8e, 0xd7, 0x4e, 0x26, 0xc6, 0x1d, 0xe2, 0x71, 0xaf, 0x89, 0xa0, 0x2a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x98, 0x0b, 0xe4, 0xde, 0xdb, 0xa8, 0xfa, 0x82, 0x74, 0x06, 0x52, 0x6d, 0x08, 0x52, 0x8a, 0xff, 0x62, 0xc5, 0x6a, 0x44, 0x0f, 0x51, 0x8c, 0x1f, 0x6e, 0xb6, 0xc6, 0x2c, 0x81, 0xd3, 0x76, 0x46}} ,
+ {{0xf4, 0x29, 0x74, 0x2e, 0x80, 0xa7, 0x1a, 0x8f, 0xf6, 0xbd, 0xd6, 0x8e, 0xbf, 0xc1, 0x95, 0x2a, 0xeb, 0xa0, 0x7f, 0x45, 0xa0, 0x50, 0x14, 0x05, 0xb1, 0x57, 0x4c, 0x74, 0xb7, 0xe2, 0x89, 0x7d}}},
+{{{0x07, 0xee, 0xa7, 0xad, 0xb7, 0x09, 0x0b, 0x49, 0x4e, 0xbf, 0xca, 0xe5, 0x21, 0xe6, 0xe6, 0xaf, 0xd5, 0x67, 0xf3, 0xce, 0x7e, 0x7c, 0x93, 0x7b, 0x5a, 0x10, 0x12, 0x0e, 0x6c, 0x06, 0x11, 0x75}} ,
+ {{0xd5, 0xfc, 0x86, 0xa3, 0x3b, 0xa3, 0x3e, 0x0a, 0xfb, 0x0b, 0xf7, 0x36, 0xb1, 0x5b, 0xda, 0x70, 0xb7, 0x00, 0xa7, 0xda, 0x88, 0x8f, 0x84, 0xa8, 0xbc, 0x1c, 0x39, 0xb8, 0x65, 0xf3, 0x4d, 0x60}}},
+{{{0x96, 0x9d, 0x31, 0xf4, 0xa2, 0xbe, 0x81, 0xb9, 0xa5, 0x59, 0x9e, 0xba, 0x07, 0xbe, 0x74, 0x58, 0xd8, 0xeb, 0xc5, 0x9f, 0x3d, 0xd1, 0xf4, 0xae, 0xce, 0x53, 0xdf, 0x4f, 0xc7, 0x2a, 0x89, 0x4d}} ,
+ {{0x29, 0xd8, 0xf2, 0xaa, 0xe9, 0x0e, 0xf7, 0x2e, 0x5f, 0x9d, 0x8a, 0x5b, 0x09, 0xed, 0xc9, 0x24, 0x22, 0xf4, 0x0f, 0x25, 0x8f, 0x1c, 0x84, 0x6e, 0x34, 0x14, 0x6c, 0xea, 0xb3, 0x86, 0x5d, 0x04}}},
+{{{0x07, 0x98, 0x61, 0xe8, 0x6a, 0xd2, 0x81, 0x49, 0x25, 0xd5, 0x5b, 0x18, 0xc7, 0x35, 0x52, 0x51, 0xa4, 0x46, 0xad, 0x18, 0x0d, 0xc9, 0x5f, 0x18, 0x91, 0x3b, 0xb4, 0xc0, 0x60, 0x59, 0x8d, 0x66}} ,
+ {{0x03, 0x1b, 0x79, 0x53, 0x6e, 0x24, 0xae, 0x57, 0xd9, 0x58, 0x09, 0x85, 0x48, 0xa2, 0xd3, 0xb5, 0xe2, 0x4d, 0x11, 0x82, 0xe6, 0x86, 0x3c, 0xe9, 0xb1, 0x00, 0x19, 0xc2, 0x57, 0xf7, 0x66, 0x7a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x0f, 0xe3, 0x89, 0x03, 0xd7, 0x22, 0x95, 0x9f, 0xca, 0xb4, 0x8d, 0x9e, 0x6d, 0x97, 0xff, 0x8d, 0x21, 0x59, 0x07, 0xef, 0x03, 0x2d, 0x5e, 0xf8, 0x44, 0x46, 0xe7, 0x85, 0x80, 0xc5, 0x89, 0x50}} ,
+ {{0x8b, 0xd8, 0x53, 0x86, 0x24, 0x86, 0x29, 0x52, 0x01, 0xfa, 0x20, 0xc3, 0x4e, 0x95, 0xcb, 0xad, 0x7b, 0x34, 0x94, 0x30, 0xb7, 0x7a, 0xfa, 0x96, 0x41, 0x60, 0x2b, 0xcb, 0x59, 0xb9, 0xca, 0x50}}},
+{{{0xc2, 0x5b, 0x9b, 0x78, 0x23, 0x1b, 0x3a, 0x88, 0x94, 0x5f, 0x0a, 0x9b, 0x98, 0x2b, 0x6e, 0x53, 0x11, 0xf6, 0xff, 0xc6, 0x7d, 0x42, 0xcc, 0x02, 0x80, 0x40, 0x0d, 0x1e, 0xfb, 0xaf, 0x61, 0x07}} ,
+ {{0xb0, 0xe6, 0x2f, 0x81, 0x70, 0xa1, 0x2e, 0x39, 0x04, 0x7c, 0xc4, 0x2c, 0x87, 0x45, 0x4a, 0x5b, 0x69, 0x97, 0xac, 0x6d, 0x2c, 0x10, 0x42, 0x7c, 0x3b, 0x15, 0x70, 0x60, 0x0e, 0x11, 0x6d, 0x3a}}},
+{{{0x9b, 0x18, 0x80, 0x5e, 0xdb, 0x05, 0xbd, 0xc6, 0xb7, 0x3c, 0xc2, 0x40, 0x4d, 0x5d, 0xce, 0x97, 0x8a, 0x34, 0x15, 0xab, 0x28, 0x5d, 0x10, 0xf0, 0x37, 0x0c, 0xcc, 0x16, 0xfa, 0x1f, 0x33, 0x0d}} ,
+ {{0x19, 0xf9, 0x35, 0xaa, 0x59, 0x1a, 0x0c, 0x5c, 0x06, 0xfc, 0x6a, 0x0b, 0x97, 0x53, 0x36, 0xfc, 0x2a, 0xa5, 0x5a, 0x9b, 0x30, 0xef, 0x23, 0xaf, 0x39, 0x5d, 0x9a, 0x6b, 0x75, 0x57, 0x48, 0x0b}}},
+{{{0x26, 0xdc, 0x76, 0x3b, 0xfc, 0xf9, 0x9c, 0x3f, 0x89, 0x0b, 0x62, 0x53, 0xaf, 0x83, 0x01, 0x2e, 0xbc, 0x6a, 0xc6, 0x03, 0x0d, 0x75, 0x2a, 0x0d, 0xe6, 0x94, 0x54, 0xcf, 0xb3, 0xe5, 0x96, 0x25}} ,
+ {{0xfe, 0x82, 0xb1, 0x74, 0x31, 0x8a, 0xa7, 0x6f, 0x56, 0xbd, 0x8d, 0xf4, 0xe0, 0x94, 0x51, 0x59, 0xde, 0x2c, 0x5a, 0xf4, 0x84, 0x6b, 0x4a, 0x88, 0x93, 0xc0, 0x0c, 0x9a, 0xac, 0xa7, 0xa0, 0x68}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x25, 0x0d, 0xd6, 0xc7, 0x23, 0x47, 0x10, 0xad, 0xc7, 0x08, 0x5c, 0x87, 0x87, 0x93, 0x98, 0x18, 0xb8, 0xd3, 0x9c, 0xac, 0x5a, 0x3d, 0xc5, 0x75, 0xf8, 0x49, 0x32, 0x14, 0xcc, 0x51, 0x96, 0x24}} ,
+ {{0x65, 0x9c, 0x5d, 0xf0, 0x37, 0x04, 0xf0, 0x34, 0x69, 0x2a, 0xf0, 0xa5, 0x64, 0xca, 0xde, 0x2b, 0x5b, 0x15, 0x10, 0xd2, 0xab, 0x06, 0xdd, 0xc4, 0xb0, 0xb6, 0x5b, 0xc1, 0x17, 0xdf, 0x8f, 0x02}}},
+{{{0xbd, 0x59, 0x3d, 0xbf, 0x5c, 0x31, 0x44, 0x2c, 0x32, 0x94, 0x04, 0x60, 0x84, 0x0f, 0xad, 0x00, 0xb6, 0x8f, 0xc9, 0x1d, 0xcc, 0x5c, 0xa2, 0x49, 0x0e, 0x50, 0x91, 0x08, 0x9a, 0x43, 0x55, 0x05}} ,
+ {{0x5d, 0x93, 0x55, 0xdf, 0x9b, 0x12, 0x19, 0xec, 0x93, 0x85, 0x42, 0x9e, 0x66, 0x0f, 0x9d, 0xaf, 0x99, 0xaf, 0x26, 0x89, 0xbc, 0x61, 0xfd, 0xff, 0xce, 0x4b, 0xf4, 0x33, 0x95, 0xc9, 0x35, 0x58}}},
+{{{0x12, 0x55, 0xf9, 0xda, 0xcb, 0x44, 0xa7, 0xdc, 0x57, 0xe2, 0xf9, 0x9a, 0xe6, 0x07, 0x23, 0x60, 0x54, 0xa7, 0x39, 0xa5, 0x9b, 0x84, 0x56, 0x6e, 0xaa, 0x8b, 0x8f, 0xb0, 0x2c, 0x87, 0xaf, 0x67}} ,
+ {{0x00, 0xa9, 0x4c, 0xb2, 0x12, 0xf8, 0x32, 0xa8, 0x7a, 0x00, 0x4b, 0x49, 0x32, 0xba, 0x1f, 0x5d, 0x44, 0x8e, 0x44, 0x7a, 0xdc, 0x11, 0xfb, 0x39, 0x08, 0x57, 0x87, 0xa5, 0x12, 0x42, 0x93, 0x0e}}},
+{{{0x17, 0xb4, 0xae, 0x72, 0x59, 0xd0, 0xaa, 0xa8, 0x16, 0x8b, 0x63, 0x11, 0xb3, 0x43, 0x04, 0xda, 0x0c, 0xa8, 0xb7, 0x68, 0xdd, 0x4e, 0x54, 0xe7, 0xaf, 0x5d, 0x5d, 0x05, 0x76, 0x36, 0xec, 0x0d}} ,
+ {{0x6d, 0x7c, 0x82, 0x32, 0x38, 0x55, 0x57, 0x74, 0x5b, 0x7d, 0xc3, 0xc4, 0xfb, 0x06, 0x29, 0xf0, 0x13, 0x55, 0x54, 0xc6, 0xa7, 0xdc, 0x4c, 0x9f, 0x98, 0x49, 0x20, 0xa8, 0xc3, 0x8d, 0xfa, 0x48}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x87, 0x47, 0x9d, 0xe9, 0x25, 0xd5, 0xe3, 0x47, 0x78, 0xdf, 0x85, 0xa7, 0x85, 0x5e, 0x7a, 0x4c, 0x5f, 0x79, 0x1a, 0xf3, 0xa2, 0xb2, 0x28, 0xa0, 0x9c, 0xdd, 0x30, 0x40, 0xd4, 0x38, 0xbd, 0x28}} ,
+ {{0xfc, 0xbb, 0xd5, 0x78, 0x6d, 0x1d, 0xd4, 0x99, 0xb4, 0xaa, 0x44, 0x44, 0x7a, 0x1b, 0xd8, 0xfe, 0xb4, 0x99, 0xb9, 0xcc, 0xe7, 0xc4, 0xd3, 0x3a, 0x73, 0x83, 0x41, 0x5c, 0x40, 0xd7, 0x2d, 0x55}}},
+{{{0x26, 0xe1, 0x7b, 0x5f, 0xe5, 0xdc, 0x3f, 0x7d, 0xa1, 0xa7, 0x26, 0x44, 0x22, 0x23, 0xc0, 0x8f, 0x7d, 0xf1, 0xb5, 0x11, 0x47, 0x7b, 0x19, 0xd4, 0x75, 0x6f, 0x1e, 0xa5, 0x27, 0xfe, 0xc8, 0x0e}} ,
+ {{0xd3, 0x11, 0x3d, 0xab, 0xef, 0x2c, 0xed, 0xb1, 0x3d, 0x7c, 0x32, 0x81, 0x6b, 0xfe, 0xf8, 0x1c, 0x3c, 0x7b, 0xc0, 0x61, 0xdf, 0xb8, 0x75, 0x76, 0x7f, 0xaa, 0xd8, 0x93, 0xaf, 0x3d, 0xe8, 0x3d}}},
+{{{0xfd, 0x5b, 0x4e, 0x8d, 0xb6, 0x7e, 0x82, 0x9b, 0xef, 0xce, 0x04, 0x69, 0x51, 0x52, 0xff, 0xef, 0xa0, 0x52, 0xb5, 0x79, 0x17, 0x5e, 0x2f, 0xde, 0xd6, 0x3c, 0x2d, 0xa0, 0x43, 0xb4, 0x0b, 0x19}} ,
+ {{0xc0, 0x61, 0x48, 0x48, 0x17, 0xf4, 0x9e, 0x18, 0x51, 0x2d, 0xea, 0x2f, 0xf2, 0xf2, 0xe0, 0xa3, 0x14, 0xb7, 0x8b, 0x3a, 0x30, 0xf5, 0x81, 0xc1, 0x5d, 0x71, 0x39, 0x62, 0x55, 0x1f, 0x60, 0x5a}}},
+{{{0xe5, 0x89, 0x8a, 0x76, 0x6c, 0xdb, 0x4d, 0x0a, 0x5b, 0x72, 0x9d, 0x59, 0x6e, 0x63, 0x63, 0x18, 0x7c, 0xe3, 0xfa, 0xe2, 0xdb, 0xa1, 0x8d, 0xf4, 0xa5, 0xd7, 0x16, 0xb2, 0xd0, 0xb3, 0x3f, 0x39}} ,
+ {{0xce, 0x60, 0x09, 0x6c, 0xf5, 0x76, 0x17, 0x24, 0x80, 0x3a, 0x96, 0xc7, 0x94, 0x2e, 0xf7, 0x6b, 0xef, 0xb5, 0x05, 0x96, 0xef, 0xd3, 0x7b, 0x51, 0xda, 0x05, 0x44, 0x67, 0xbc, 0x07, 0x21, 0x4e}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xe9, 0x73, 0x6f, 0x21, 0xb9, 0xde, 0x22, 0x7d, 0xeb, 0x97, 0x31, 0x10, 0xa3, 0xea, 0xe1, 0xc6, 0x37, 0xeb, 0x8f, 0x43, 0x58, 0xde, 0x41, 0x64, 0x0e, 0x3e, 0x07, 0x99, 0x3d, 0xf1, 0xdf, 0x1e}} ,
+ {{0xf8, 0xad, 0x43, 0xc2, 0x17, 0x06, 0xe2, 0xe4, 0xa9, 0x86, 0xcd, 0x18, 0xd7, 0x78, 0xc8, 0x74, 0x66, 0xd2, 0x09, 0x18, 0xa5, 0xf1, 0xca, 0xa6, 0x62, 0x92, 0xc1, 0xcb, 0x00, 0xeb, 0x42, 0x2e}}},
+{{{0x7b, 0x34, 0x24, 0x4c, 0xcf, 0x38, 0xe5, 0x6c, 0x0a, 0x01, 0x2c, 0x22, 0x0b, 0x24, 0x38, 0xad, 0x24, 0x7e, 0x19, 0xf0, 0x6c, 0xf9, 0x31, 0xf4, 0x35, 0x11, 0xf6, 0x46, 0x33, 0x3a, 0x23, 0x59}} ,
+ {{0x20, 0x0b, 0xa1, 0x08, 0x19, 0xad, 0x39, 0x54, 0xea, 0x3e, 0x23, 0x09, 0xb6, 0xe2, 0xd2, 0xbc, 0x4d, 0xfc, 0x9c, 0xf0, 0x13, 0x16, 0x22, 0x3f, 0xb9, 0xd2, 0x11, 0x86, 0x90, 0x55, 0xce, 0x3c}}},
+{{{0xc4, 0x0b, 0x4b, 0x62, 0x99, 0x37, 0x84, 0x3f, 0x74, 0xa2, 0xf9, 0xce, 0xe2, 0x0b, 0x0f, 0x2a, 0x3d, 0xa3, 0xe3, 0xdb, 0x5a, 0x9d, 0x93, 0xcc, 0xa5, 0xef, 0x82, 0x91, 0x1d, 0xe6, 0x6c, 0x68}} ,
+ {{0xa3, 0x64, 0x17, 0x9b, 0x8b, 0xc8, 0x3a, 0x61, 0xe6, 0x9d, 0xc6, 0xed, 0x7b, 0x03, 0x52, 0x26, 0x9d, 0x3a, 0xb3, 0x13, 0xcc, 0x8a, 0xfd, 0x2c, 0x1a, 0x1d, 0xed, 0x13, 0xd0, 0x55, 0x57, 0x0e}}},
+{{{0x1a, 0xea, 0xbf, 0xfd, 0x4a, 0x3c, 0x8e, 0xec, 0x29, 0x7e, 0x77, 0x77, 0x12, 0x99, 0xd7, 0x84, 0xf9, 0x55, 0x7f, 0xf1, 0x8b, 0xb4, 0xd2, 0x95, 0xa3, 0x8d, 0xf0, 0x8a, 0xa7, 0xeb, 0x82, 0x4b}} ,
+ {{0x2c, 0x28, 0xf4, 0x3a, 0xf6, 0xde, 0x0a, 0xe0, 0x41, 0x44, 0x23, 0xf8, 0x3f, 0x03, 0x64, 0x9f, 0xc3, 0x55, 0x4c, 0xc6, 0xc1, 0x94, 0x1c, 0x24, 0x5d, 0x5f, 0x92, 0x45, 0x96, 0x57, 0x37, 0x14}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xc1, 0xcd, 0x90, 0x66, 0xb9, 0x76, 0xa0, 0x5b, 0xa5, 0x85, 0x75, 0x23, 0xf9, 0x89, 0xa5, 0x82, 0xb2, 0x6f, 0xb1, 0xeb, 0xc4, 0x69, 0x6f, 0x18, 0x5a, 0xed, 0x94, 0x3d, 0x9d, 0xd9, 0x2c, 0x1a}} ,
+ {{0x35, 0xb0, 0xe6, 0x73, 0x06, 0xb7, 0x37, 0xe0, 0xf8, 0xb0, 0x22, 0xe8, 0xd2, 0xed, 0x0b, 0xef, 0xe6, 0xc6, 0x5a, 0x99, 0x9e, 0x1a, 0x9f, 0x04, 0x97, 0xe4, 0x4d, 0x0b, 0xbe, 0xba, 0x44, 0x40}}},
+{{{0xc1, 0x56, 0x96, 0x91, 0x5f, 0x1f, 0xbb, 0x54, 0x6f, 0x88, 0x89, 0x0a, 0xb2, 0xd6, 0x41, 0x42, 0x6a, 0x82, 0xee, 0x14, 0xaa, 0x76, 0x30, 0x65, 0x0f, 0x67, 0x39, 0xa6, 0x51, 0x7c, 0x49, 0x24}} ,
+ {{0x35, 0xa3, 0x78, 0xd1, 0x11, 0x0f, 0x75, 0xd3, 0x70, 0x46, 0xdb, 0x20, 0x51, 0xcb, 0x92, 0x80, 0x54, 0x10, 0x74, 0x36, 0x86, 0xa9, 0xd7, 0xa3, 0x08, 0x78, 0xf1, 0x01, 0x29, 0xf8, 0x80, 0x3b}}},
+{{{0xdb, 0xa7, 0x9d, 0x9d, 0xbf, 0xa0, 0xcc, 0xed, 0x53, 0xa2, 0xa2, 0x19, 0x39, 0x48, 0x83, 0x19, 0x37, 0x58, 0xd1, 0x04, 0x28, 0x40, 0xf7, 0x8a, 0xc2, 0x08, 0xb7, 0xa5, 0x42, 0xcf, 0x53, 0x4c}} ,
+ {{0xa7, 0xbb, 0xf6, 0x8e, 0xad, 0xdd, 0xf7, 0x90, 0xdd, 0x5f, 0x93, 0x89, 0xae, 0x04, 0x37, 0xe6, 0x9a, 0xb7, 0xe8, 0xc0, 0xdf, 0x16, 0x2a, 0xbf, 0xc4, 0x3a, 0x3c, 0x41, 0xd5, 0x89, 0x72, 0x5a}}},
+{{{0x1f, 0x96, 0xff, 0x34, 0x2c, 0x13, 0x21, 0xcb, 0x0a, 0x89, 0x85, 0xbe, 0xb3, 0x70, 0x9e, 0x1e, 0xde, 0x97, 0xaf, 0x96, 0x30, 0xf7, 0x48, 0x89, 0x40, 0x8d, 0x07, 0xf1, 0x25, 0xf0, 0x30, 0x58}} ,
+ {{0x1e, 0xd4, 0x93, 0x57, 0xe2, 0x17, 0xe7, 0x9d, 0xab, 0x3c, 0x55, 0x03, 0x82, 0x2f, 0x2b, 0xdb, 0x56, 0x1e, 0x30, 0x2e, 0x24, 0x47, 0x6e, 0xe6, 0xff, 0x33, 0x24, 0x2c, 0x75, 0x51, 0xd4, 0x67}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x2b, 0x06, 0xd9, 0xa1, 0x5d, 0xe1, 0xf4, 0xd1, 0x1e, 0x3c, 0x9a, 0xc6, 0x29, 0x2b, 0x13, 0x13, 0x78, 0xc0, 0xd8, 0x16, 0x17, 0x2d, 0x9e, 0xa9, 0xc9, 0x79, 0x57, 0xab, 0x24, 0x91, 0x92, 0x19}} ,
+ {{0x69, 0xfb, 0xa1, 0x9c, 0xa6, 0x75, 0x49, 0x7d, 0x60, 0x73, 0x40, 0x42, 0xc4, 0x13, 0x0a, 0x95, 0x79, 0x1e, 0x04, 0x83, 0x94, 0x99, 0x9b, 0x1e, 0x0c, 0xe8, 0x1f, 0x54, 0xef, 0xcb, 0xc0, 0x52}}},
+{{{0x14, 0x89, 0x73, 0xa1, 0x37, 0x87, 0x6a, 0x7a, 0xcf, 0x1d, 0xd9, 0x2e, 0x1a, 0x67, 0xed, 0x74, 0xc0, 0xf0, 0x9c, 0x33, 0xdd, 0xdf, 0x08, 0xbf, 0x7b, 0xd1, 0x66, 0xda, 0xe6, 0xc9, 0x49, 0x08}} ,
+ {{0xe9, 0xdd, 0x5e, 0x55, 0xb0, 0x0a, 0xde, 0x21, 0x4c, 0x5a, 0x2e, 0xd4, 0x80, 0x3a, 0x57, 0x92, 0x7a, 0xf1, 0xc4, 0x2c, 0x40, 0xaf, 0x2f, 0xc9, 0x92, 0x03, 0xe5, 0x5a, 0xbc, 0xdc, 0xf4, 0x09}}},
+{{{0xf3, 0xe1, 0x2b, 0x7c, 0x05, 0x86, 0x80, 0x93, 0x4a, 0xad, 0xb4, 0x8f, 0x7e, 0x99, 0x0c, 0xfd, 0xcd, 0xef, 0xd1, 0xff, 0x2c, 0x69, 0x34, 0x13, 0x41, 0x64, 0xcf, 0x3b, 0xd0, 0x90, 0x09, 0x1e}} ,
+ {{0x9d, 0x45, 0xd6, 0x80, 0xe6, 0x45, 0xaa, 0xf4, 0x15, 0xaa, 0x5c, 0x34, 0x87, 0x99, 0xa2, 0x8c, 0x26, 0x84, 0x62, 0x7d, 0xb6, 0x29, 0xc0, 0x52, 0xea, 0xf5, 0x81, 0x18, 0x0f, 0x35, 0xa9, 0x0e}}},
+{{{0xe7, 0x20, 0x72, 0x7c, 0x6d, 0x94, 0x5f, 0x52, 0x44, 0x54, 0xe3, 0xf1, 0xb2, 0xb0, 0x36, 0x46, 0x0f, 0xae, 0x92, 0xe8, 0x70, 0x9d, 0x6e, 0x79, 0xb1, 0xad, 0x37, 0xa9, 0x5f, 0xc0, 0xde, 0x03}} ,
+ {{0x15, 0x55, 0x37, 0xc6, 0x1c, 0x27, 0x1c, 0x6d, 0x14, 0x4f, 0xca, 0xa4, 0xc4, 0x88, 0x25, 0x46, 0x39, 0xfc, 0x5a, 0xe5, 0xfe, 0x29, 0x11, 0x69, 0xf5, 0x72, 0x84, 0x4d, 0x78, 0x9f, 0x94, 0x15}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xec, 0xd3, 0xff, 0x57, 0x0b, 0xb0, 0xb2, 0xdc, 0xf8, 0x4f, 0xe2, 0x12, 0xd5, 0x36, 0xbe, 0x6b, 0x09, 0x43, 0x6d, 0xa3, 0x4d, 0x90, 0x2d, 0xb8, 0x74, 0xe8, 0x71, 0x45, 0x19, 0x8b, 0x0c, 0x6a}} ,
+ {{0xb8, 0x42, 0x1c, 0x03, 0xad, 0x2c, 0x03, 0x8e, 0xac, 0xd7, 0x98, 0x29, 0x13, 0xc6, 0x02, 0x29, 0xb5, 0xd4, 0xe7, 0xcf, 0xcc, 0x8b, 0x83, 0xec, 0x35, 0xc7, 0x9c, 0x74, 0xb7, 0xad, 0x85, 0x5f}}},
+{{{0x78, 0x84, 0xe1, 0x56, 0x45, 0x69, 0x68, 0x5a, 0x4f, 0xb8, 0xb1, 0x29, 0xff, 0x33, 0x03, 0x31, 0xb7, 0xcb, 0x96, 0x25, 0xe6, 0xe6, 0x41, 0x98, 0x1a, 0xbb, 0x03, 0x56, 0xf2, 0xb2, 0x91, 0x34}} ,
+ {{0x2c, 0x6c, 0xf7, 0x66, 0xa4, 0x62, 0x6b, 0x39, 0xb3, 0xba, 0x65, 0xd3, 0x1c, 0xf8, 0x11, 0xaa, 0xbe, 0xdc, 0x80, 0x59, 0x87, 0xf5, 0x7b, 0xe5, 0xe3, 0xb3, 0x3e, 0x39, 0xda, 0xbe, 0x88, 0x09}}},
+{{{0x8b, 0xf1, 0xa0, 0xf5, 0xdc, 0x29, 0xb4, 0xe2, 0x07, 0xc6, 0x7a, 0x00, 0xd0, 0x89, 0x17, 0x51, 0xd4, 0xbb, 0xd4, 0x22, 0xea, 0x7e, 0x7d, 0x7c, 0x24, 0xea, 0xf2, 0xe8, 0x22, 0x12, 0x95, 0x06}} ,
+ {{0xda, 0x7c, 0xa4, 0x0c, 0xf4, 0xba, 0x6e, 0xe1, 0x89, 0xb5, 0x59, 0xca, 0xf1, 0xc0, 0x29, 0x36, 0x09, 0x44, 0xe2, 0x7f, 0xd1, 0x63, 0x15, 0x99, 0xea, 0x25, 0xcf, 0x0c, 0x9d, 0xc0, 0x44, 0x6f}}},
+{{{0x1d, 0x86, 0x4e, 0xcf, 0xf7, 0x37, 0x10, 0x25, 0x8f, 0x12, 0xfb, 0x19, 0xfb, 0xe0, 0xed, 0x10, 0xc8, 0xe2, 0xf5, 0x75, 0xb1, 0x33, 0xc0, 0x96, 0x0d, 0xfb, 0x15, 0x6c, 0x0d, 0x07, 0x5f, 0x05}} ,
+ {{0x69, 0x3e, 0x47, 0x97, 0x2c, 0xaf, 0x52, 0x7c, 0x78, 0x83, 0xad, 0x1b, 0x39, 0x82, 0x2f, 0x02, 0x6f, 0x47, 0xdb, 0x2a, 0xb0, 0xe1, 0x91, 0x99, 0x55, 0xb8, 0x99, 0x3a, 0xa0, 0x44, 0x11, 0x51}}}
+};
+
+static inline void p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p)
+{
+  fe25519_mul(&r->x, &p->x, &p->t);
+  fe25519_mul(&r->y, &p->y, &p->z);
+  fe25519_mul(&r->z, &p->z, &p->t);
+}
+
+static inline void p1p1_to_p2_2(ge25519_p3 *r, const ge25519_p1p1 *p)
+{
+  fe25519_mul(&r->x, &p->x, &p->t);
+  fe25519_mul(&r->y, &p->y, &p->z);
+  fe25519_mul(&r->z, &p->z, &p->t);
+}
+
+static inline void p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p)
+{
+  p1p1_to_p2_2(r, p);
+  fe25519_mul(&r->t, &p->x, &p->y);
+}
+
+static void ge25519_mixadd2(ge25519_p3 *r, const ge25519_aff *q)
+{
+  fe25519 a,b,t1,t2,c,d,e,f,g,h,qt;
+  fe25519_mul(&qt, &q->x, &q->y);
+  fe25519_sub(&a, &r->y, &r->x); /* A = (Y1-X1)*(Y2-X2) */
+  fe25519_add(&b, &r->y, &r->x); /* B = (Y1+X1)*(Y2+X2) */
+  fe25519_sub(&t1, &q->y, &q->x);
+  fe25519_add(&t2, &q->y, &q->x);
+  fe25519_mul(&a, &a, &t1);
+  fe25519_mul(&b, &b, &t2);
+  fe25519_sub(&e, &b, &a); /* E = B-A */
+  fe25519_add(&h, &b, &a); /* H = B+A */
+  fe25519_mul(&c, &r->t, &qt); /* C = T1*k*T2 */
+  fe25519_mul(&c, &c, &ge25519_ec2d);
+  fe25519_add(&d, &r->z, &r->z); /* D = Z1*2 */
+  fe25519_sub(&f, &d, &c); /* F = D-C */
+  fe25519_add(&g, &d, &c); /* G = D+C */
+  fe25519_mul(&r->x, &e, &f);
+  fe25519_mul(&r->y, &h, &g);
+  fe25519_mul(&r->z, &g, &f);
+  fe25519_mul(&r->t, &e, &h);
+}
+
+static void add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q)
+{
+  fe25519 a, b, c, d, t;
+  
+  fe25519_sub(&a, &p->y, &p->x); /* A = (Y1-X1)*(Y2-X2) */
+  fe25519_sub(&t, &q->y, &q->x);
+  fe25519_mul(&a, &a, &t);
+  fe25519_add(&b, &p->x, &p->y); /* B = (Y1+X1)*(Y2+X2) */
+  fe25519_add(&t, &q->x, &q->y);
+  fe25519_mul(&b, &b, &t);
+  fe25519_mul(&c, &p->t, &q->t); /* C = T1*k*T2 */
+  fe25519_mul(&c, &c, &ge25519_ec2d);
+  fe25519_mul(&d, &p->z, &q->z); /* D = Z1*2*Z2 */
+  fe25519_add(&d, &d, &d);
+  fe25519_sub(&r->x, &b, &a); /* E = B-A */
+  fe25519_sub(&r->t, &d, &c); /* F = D-C */
+  fe25519_add(&r->z, &d, &c); /* G = D+C */
+  fe25519_add(&r->y, &b, &a); /* H = B+A */
+}
+
+/* See http://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#doubling-dbl-2008-hwcd */
+static void dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p)
+{
+  fe25519 a,b,c,d;
+  fe25519_square(&a, &p->x);
+  fe25519_square(&b, &p->y);
+  fe25519_square(&c, &p->z);
+  fe25519_add(&c, &c, &c);
+  fe25519_neg(&d, &a);
+
+  fe25519_add(&r->x, &p->x, &p->y);
+  fe25519_square(&r->x, &r->x);
+  fe25519_sub(&r->x, &r->x, &a);
+  fe25519_sub(&r->x, &r->x, &b);
+  fe25519_add(&r->z, &d, &b);
+  fe25519_sub(&r->t, &r->z, &c);
+  fe25519_sub(&r->y, &d, &b);
+}
+
+/* Constant-time version of: if(b) r = p */
+static inline void cmov_aff(ge25519_aff *r, const ge25519_aff *p, unsigned char b)
+{
+  fe25519_cmov(&r->x, &p->x, b);
+  fe25519_cmov(&r->y, &p->y, b);
+}
+
+static inline unsigned char equal(signed char b,signed char c)
+{
+  unsigned char ub = b;
+  unsigned char uc = c;
+  unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */
+  crypto_uint32 y = x; /* 0: yes; 1..255: no */
+  y -= 1; /* 4294967295: yes; 0..254: no */
+  y >>= 31; /* 1: yes; 0: no */
+  return (unsigned char)y;
+}
+
+static inline unsigned char negative(signed char b)
+{
+  unsigned long long x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */
+  x >>= 63; /* 1: yes; 0: no */
+  return (unsigned char)x;
+}
+
+static inline void choose_t(ge25519_aff *t, unsigned long long pos, signed char b)
+{
+  /* constant time */
+  fe25519 v;
+  *t = ge25519_base_multiples_affine[5*pos+0];
+  cmov_aff(t, &ge25519_base_multiples_affine[5*pos+1],equal(b,1) | equal(b,-1));
+  cmov_aff(t, &ge25519_base_multiples_affine[5*pos+2],equal(b,2) | equal(b,-2));
+  cmov_aff(t, &ge25519_base_multiples_affine[5*pos+3],equal(b,3) | equal(b,-3));
+  cmov_aff(t, &ge25519_base_multiples_affine[5*pos+4],equal(b,-4));
+  fe25519_neg(&v, &t->x);
+  fe25519_cmov(&t->x, &v, negative(b));
+}
+
+static inline void setneutral(ge25519 *r)
+{
+  fe25519_setzero(&r->x);
+  fe25519_setone(&r->y);
+  fe25519_setone(&r->z);
+  fe25519_setzero(&r->t);
+}
+
+/* return 0 on success, -1 otherwise */
+static int ge25519_unpackneg_vartime(ge25519_p3 *r, const unsigned char p[32])
+{
+  unsigned char par;
+  fe25519 t, chk, num, den, den2, den4, den6;
+  fe25519_setone(&r->z);
+  par = p[31] >> 7;
+  fe25519_unpack(&r->y, p); 
+  fe25519_square(&num, &r->y); /* x = y^2 */
+  fe25519_mul(&den, &num, &ge25519_ecd); /* den = dy^2 */
+  fe25519_sub(&num, &num, &r->z); /* x = y^2-1 */
+  fe25519_add(&den, &r->z, &den); /* den = dy^2+1 */
+
+  /* Computation of sqrt(num/den) */
+  /* 1.: computation of num^((p-5)/8)*den^((7p-35)/8) = (num*den^7)^((p-5)/8) */
+  fe25519_square(&den2, &den);
+  fe25519_square(&den4, &den2);
+  fe25519_mul(&den6, &den4, &den2);
+  fe25519_mul(&t, &den6, &num);
+  fe25519_mul(&t, &t, &den);
+
+  fe25519_pow2523(&t, &t);
+  /* 2. computation of r->x = t * num * den^3 */
+  fe25519_mul(&t, &t, &num);
+  fe25519_mul(&t, &t, &den);
+  fe25519_mul(&t, &t, &den);
+  fe25519_mul(&r->x, &t, &den);
+
+  /* 3. Check whether sqrt computation gave correct result, multiply by sqrt(-1) if not: */
+  fe25519_square(&chk, &r->x);
+  fe25519_mul(&chk, &chk, &den);
+  if (!fe25519_iseq_vartime(&chk, &num))
+    fe25519_mul(&r->x, &r->x, &ge25519_sqrtm1);
+
+  /* 4. Now we have one of the two square roots, except if input was not a square */
+  fe25519_square(&chk, &r->x);
+  fe25519_mul(&chk, &chk, &den);
+  if (!fe25519_iseq_vartime(&chk, &num))
+    return -1;
+
+  /* 5. Choose the desired square root according to parity: */
+  if(fe25519_getparity(&r->x) != (1-par))
+    fe25519_neg(&r->x, &r->x);
+
+  fe25519_mul(&r->t, &r->x, &r->y);
+  return 0;
+}
+
+static inline void ge25519_pack(unsigned char r[32], const ge25519_p3 *p)
+{
+  fe25519 tx, ty, zi;
+  fe25519_invert(&zi, &p->z); 
+  fe25519_mul(&tx, &p->x, &zi);
+  fe25519_mul(&ty, &p->y, &zi);
+  fe25519_pack(r, &ty);
+  r[31] ^= fe25519_getparity(&tx) << 7;
+}
+
+#if 0
+static int ge25519_isneutral_vartime(const ge25519_p3 *p)
+{
+  int ret = 1;
+  if(!fe25519_iszero(&p->x)) ret = 0;
+  if(!fe25519_iseq_vartime(&p->y, &p->z)) ret = 0;
+  return ret;
+}
+#endif
+
+/* computes [s1]p1 + [s2]p2 */
+static void ge25519_double_scalarmult_vartime(ge25519_p3 *r, const ge25519_p3 *p1, const sc25519 *s1, const ge25519_p3 *p2, const sc25519 *s2)
+{
+  ge25519_p1p1 tp1p1;
+  ge25519_p3 pre[16];
+  char *pre5 = (char *)(&(pre[5])); // eliminate type punning warning
+  unsigned char b[127];
+  int i;
+
+  /* precomputation                                                        s2 s1 */
+  setneutral(pre);                                                      /* 00 00 */
+  pre[1] = *p1;                                                         /* 00 01 */
+  dbl_p1p1(&tp1p1,(ge25519_p2 *)p1);      p1p1_to_p3( &pre[2], &tp1p1); /* 00 10 */
+  add_p1p1(&tp1p1,&pre[1], &pre[2]);      p1p1_to_p3( &pre[3], &tp1p1); /* 00 11 */
+  pre[4] = *p2;                                                         /* 01 00 */
+  add_p1p1(&tp1p1,&pre[1], &pre[4]);      p1p1_to_p3( &pre[5], &tp1p1); /* 01 01 */
+  add_p1p1(&tp1p1,&pre[2], &pre[4]);      p1p1_to_p3( &pre[6], &tp1p1); /* 01 10 */
+  add_p1p1(&tp1p1,&pre[3], &pre[4]);      p1p1_to_p3( &pre[7], &tp1p1); /* 01 11 */
+  dbl_p1p1(&tp1p1,(ge25519_p2 *)p2);      p1p1_to_p3( &pre[8], &tp1p1); /* 10 00 */
+  add_p1p1(&tp1p1,&pre[1], &pre[8]);      p1p1_to_p3( &pre[9], &tp1p1); /* 10 01 */
+  dbl_p1p1(&tp1p1,(ge25519_p2 *)pre5);    p1p1_to_p3(&pre[10], &tp1p1); /* 10 10 */
+  add_p1p1(&tp1p1,&pre[3], &pre[8]);      p1p1_to_p3(&pre[11], &tp1p1); /* 10 11 */
+  add_p1p1(&tp1p1,&pre[4], &pre[8]);      p1p1_to_p3(&pre[12], &tp1p1); /* 11 00 */
+  add_p1p1(&tp1p1,&pre[1],&pre[12]);      p1p1_to_p3(&pre[13], &tp1p1); /* 11 01 */
+  add_p1p1(&tp1p1,&pre[2],&pre[12]);      p1p1_to_p3(&pre[14], &tp1p1); /* 11 10 */
+  add_p1p1(&tp1p1,&pre[3],&pre[12]);      p1p1_to_p3(&pre[15], &tp1p1); /* 11 11 */
+
+  sc25519_2interleave2(b,s1,s2);
+
+  /* scalar multiplication */
+  *r = pre[b[126]];
+  for(i=125;i>=0;i--)
+  {
+    dbl_p1p1(&tp1p1, (ge25519_p2 *)r);
+    p1p1_to_p2((ge25519_p2 *) r, &tp1p1);
+    dbl_p1p1(&tp1p1, (ge25519_p2 *)r);
+    if(b[i]!=0)
+    {
+      p1p1_to_p3(r, &tp1p1);
+      add_p1p1(&tp1p1, r, &pre[b[i]]);
+    }
+    if(i != 0) p1p1_to_p2((ge25519_p2 *)r, &tp1p1);
+    else p1p1_to_p3(r, &tp1p1);
+  }
+}
+
+static inline void ge25519_scalarmult_base(ge25519_p3 *r, const sc25519 *s)
+{
+  signed char b[85];
+  int i;
+  ge25519_aff t;
+  sc25519_window3(b,s);
+
+  choose_t((ge25519_aff *)r, 0, b[0]);
+  fe25519_setone(&r->z);
+  fe25519_mul(&r->t, &r->x, &r->y);
+  for(i=1;i<85;i++)
+  {
+    choose_t(&t, (unsigned long long) i, b[i]);
+    ge25519_mixadd2(r, &t);
+  }
+}
+
+static inline void get_hram(unsigned char *hram, const unsigned char *sm, const unsigned char *pk, unsigned char *playground, unsigned long long smlen)
+{
+  unsigned long long i;
+
+  for (i =  0;i < 32;++i)    playground[i] = sm[i];
+  for (i = 32;i < 64;++i)    playground[i] = pk[i-32];
+  for (i = 64;i < smlen;++i) playground[i] = sm[i];
+
+  //crypto_hash_sha512(hram,playground,smlen);
+  SHA512::hash(hram,playground,(unsigned int)smlen);
+}
+
+// This is the original sign and verify code -- the versions in sign() and
+// verify() below the fold are slightly modified in terms of how they behave
+// in relation to the message, but the algorithms are the same.
+
+#if 0
+int crypto_sign_keypair(
+    unsigned char *pk,
+    unsigned char *sk
+    )
+{
+  sc25519 scsk;
+  ge25519 gepk;
+  unsigned char extsk[64];
+  int i;
+
+  randombytes(sk, 32);
+  crypto_hash_sha512(extsk, sk, 32);
+  extsk[0] &= 248;
+  extsk[31] &= 127;
+  extsk[31] |= 64;
+
+  sc25519_from32bytes(&scsk,extsk);
+  
+  ge25519_scalarmult_base(&gepk, &scsk);
+  ge25519_pack(pk, &gepk);
+  for(i=0;i<32;i++)
+    sk[32 + i] = pk[i];
+  return 0;
+}
+
+static int crypto_sign(
+    unsigned char *sm,unsigned long long *smlen,
+    const unsigned char *m,unsigned long long mlen,
+    const unsigned char *sk
+    )
+{
+  sc25519 sck, scs, scsk;
+  ge25519 ger;
+  unsigned char r[32];
+  unsigned char s[32];
+  unsigned char extsk[64];
+  unsigned long long i;
+  unsigned char hmg[crypto_hash_sha512_BYTES];
+  unsigned char hram[crypto_hash_sha512_BYTES];
+
+  crypto_hash_sha512(extsk, sk, 32);
+  extsk[0] &= 248;
+  extsk[31] &= 127;
+  extsk[31] |= 64;
+
+  *smlen = mlen+64;
+  for(i=0;i<mlen;i++)
+    sm[64 + i] = m[i];
+  for(i=0;i<32;i++)
+    sm[32 + i] = extsk[32+i];
+
+  crypto_hash_sha512(hmg, sm+32, mlen+32); /* Generate k as h(extsk[32],...,extsk[63],m) */
+
+  /* Computation of R */
+  sc25519_from64bytes(&sck, hmg);
+  ge25519_scalarmult_base(&ger, &sck);
+  ge25519_pack(r, &ger);
+  
+  /* Computation of s */
+  for(i=0;i<32;i++)
+    sm[i] = r[i];
+
+  get_hram(hram, sm, sk+32, sm, mlen+64);
+
+  sc25519_from64bytes(&scs, hram);
+  sc25519_from32bytes(&scsk, extsk);
+  sc25519_mul(&scs, &scs, &scsk);
+  
+  sc25519_add(&scs, &scs, &sck);
+
+  sc25519_to32bytes(s,&scs); /* cat s */
+  for(i=0;i<32;i++)
+    sm[32 + i] = s[i]; 
+
+  return 0;
+}
+
+static int crypto_sign_open(
+    unsigned char *m,unsigned long long *mlen,
+    const unsigned char *sm,unsigned long long smlen,
+    const unsigned char *pk
+    )
+{
+  int i, ret;
+  unsigned char t2[32];
+  ge25519 get1, get2;
+  sc25519 schram, scs;
+  unsigned char hram[crypto_hash_sha512_BYTES];
+
+  *mlen = (unsigned long long) -1;
+  if (smlen < 64) return -1;
+
+  if (ge25519_unpackneg_vartime(&get1, pk)) return -1;
+
+  get_hram(hram,sm,pk,m,smlen);
+
+  sc25519_from64bytes(&schram, hram);
+
+  sc25519_from32bytes(&scs, sm+32);
+
+  ge25519_double_scalarmult_vartime(&get2, &get1, &schram, &ge25519_base, &scs);
+  ge25519_pack(t2, &get2);
+
+  ret = crypto_verify_32(sm, t2);
+
+  if (!ret)
+  {
+    for(i=0;i<smlen-64;i++)
+      m[i] = sm[i + 64];
+    *mlen = smlen-64;
+  }
+  else
+  {
+    for(i=0;i<smlen-64;i++)
+      m[i] = 0;
+  }
+  return ret;
+}
+#endif // 0
+
+//////////////////////////////////////////////////////////////////////////////
+//////////////////////////////////////////////////////////////////////////////
+
+void C25519::agree(const C25519::Private &mine,const C25519::Public &their,void *keybuf,unsigned int keylen)
+  throw()
+{
+	unsigned char rawkey[32];
+	unsigned char digest[64];
+
+	crypto_scalarmult(rawkey,mine.data,their.data);
+	SHA512::hash(digest,rawkey,32);
+	for(unsigned int i=0,k=0;i<keylen;) {
+		if (k == 64) {
+			k = 0;
+			SHA512::hash(digest,digest,64);
+		}
+		((unsigned char *)keybuf)[i++] = digest[k++];
+	}
+}
+
+void C25519::sign(const C25519::Private &myPrivate,const C25519::Public &myPublic,const void *msg,unsigned int len,void *signature)
+  throw()
+{
+  sc25519 sck, scs, scsk;
+  ge25519 ger;
+  unsigned char r[32];
+  unsigned char s[32];
+  unsigned char extsk[64];
+  unsigned char hmg[crypto_hash_sha512_BYTES];
+  unsigned char hram[crypto_hash_sha512_BYTES];
+  unsigned char *sig = (unsigned char *)signature;
+  unsigned char digest[64]; // we sign the first 32 bytes of SHA-512(msg)
+
+  SHA512::hash(digest,msg,len);
+
+  SHA512::hash(extsk,myPrivate.data + 32,32);
+  extsk[0] &= 248;
+  extsk[31] &= 127;
+  extsk[31] |= 64;
+
+  for(unsigned int i=0;i<32;i++)
+    sig[32 + i] = extsk[32 + i];
+  for(unsigned int i=0;i<32;i++)
+    sig[64 + i] = digest[i];
+
+  SHA512::hash(hmg,sig + 32,64);
+  //crypto_hash_sha512(hmg, sm+32, mlen+32); /* Generate k as h(extsk[32],...,extsk[63],m) */
+
+  /* Computation of R */
+  sc25519_from64bytes(&sck, hmg);
+  ge25519_scalarmult_base(&ger, &sck);
+  ge25519_pack(r, &ger);
+  
+  /* Computation of s */
+  for(unsigned int i=0;i<32;i++)
+    sig[i] = r[i];
+
+  get_hram(hram,sig,myPublic.data + 32,sig,96);
+
+  sc25519_from64bytes(&scs, hram);
+  sc25519_from32bytes(&scsk, extsk);
+  sc25519_mul(&scs, &scs, &scsk);
+  
+  sc25519_add(&scs, &scs, &sck);
+
+  sc25519_to32bytes(s,&scs); /* cat s */
+  for(unsigned int i=0;i<32;i++)
+    sig[32 + i] = s[i]; 
+}
+
+bool C25519::verify(const C25519::Public &their,const void *msg,unsigned int len,const void *signature)
+  throw()
+{
+  unsigned char t2[32];
+  ge25519 get1, get2;
+  sc25519 schram, scs;
+  unsigned char hram[crypto_hash_sha512_BYTES];
+  unsigned char m[96];
+  unsigned char digest[64]; // we sign the first 32 bytes of SHA-512(msg)
+  const unsigned char *sig = (const unsigned char *)signature;
+
+  // First check the message's integrity
+  SHA512::hash(digest,msg,len);
+  if (!Utils::secureEq(sig + 64,digest,32))
+    return false;
+
+  if (ge25519_unpackneg_vartime(&get1,their.data + 32))
+    return false;
+
+  get_hram(hram,sig,their.data + 32,m,96);
+
+  sc25519_from64bytes(&schram, hram);
+
+  sc25519_from32bytes(&scs, sig+32);
+
+  ge25519_double_scalarmult_vartime(&get2, &get1, &schram, &ge25519_base, &scs);
+  ge25519_pack(t2, &get2);
+
+  return Utils::secureEq(sig,t2,32);
+}
+
+void C25519::_calcPubDH(C25519::Pair &kp)
+  throw()
+{
+  // First 32 bytes of pub and priv are the keys for ECDH key
+  // agreement. This generates the public portion from the private.
+  crypto_scalarmult_base(kp.pub.data,kp.priv.data);
+}
+
+void C25519::_calcPubED(C25519::Pair &kp)
+  throw()
+{
+  unsigned char extsk[64];
+  sc25519 scsk;
+  ge25519 gepk;
+
+  // Second 32 bytes of pub and priv are the keys for ed25519
+  // signing and verification.
+  SHA512::hash(extsk,kp.priv.data + 32,32);
+  extsk[0] &= 248;
+  extsk[31] &= 127;
+  extsk[31] |= 64;
+  sc25519_from32bytes(&scsk,extsk);
+  ge25519_scalarmult_base(&gepk,&scsk);
+  ge25519_pack(kp.pub.data + 32,&gepk);
+  // In NaCl, the public key is crammed into the next 32 bytes
+  // of the private key for signing since both keys are required
+  // to sign. In this version we just get it from kp.pub, so we
+  // leave that out of private.
+}
+
+} // namespace ZeroTier
diff --git a/node/C25519.hpp b/node/C25519.hpp
new file mode 100644
index 0000000..b19d969
--- /dev/null
+++ b/node/C25519.hpp
@@ -0,0 +1,213 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_C25519_HPP
+#define ZT_C25519_HPP
+
+#include "Array.hpp"
+#include "Utils.hpp"
+
+namespace ZeroTier {
+
+#define ZT_C25519_PUBLIC_KEY_LEN 64
+#define ZT_C25519_PRIVATE_KEY_LEN 64
+#define ZT_C25519_SIGNATURE_LEN 96
+
+/**
+ * A combined Curve25519 ECDH and Ed25519 signature engine
+ */
+class C25519
+{
+public:
+	/**
+	 * Public key (both crypto and signing)
+	 */
+	typedef Array<unsigned char,ZT_C25519_PUBLIC_KEY_LEN> Public; // crypto key, signing key (both 32 bytes)
+
+	/**
+	 * Private key (both crypto and signing)
+	 */
+	typedef Array<unsigned char,ZT_C25519_PRIVATE_KEY_LEN> Private; // crypto key, signing key (both 32 bytes)
+
+	/**
+	 * Message signature
+	 */
+	typedef Array<unsigned char,ZT_C25519_SIGNATURE_LEN> Signature;
+
+	/**
+	 * Public/private key pair
+	 */
+	typedef struct {
+		Public pub;
+		Private priv;
+	} Pair;
+
+	/**
+	 * Generate a C25519 elliptic curve key pair
+	 */
+	static inline Pair generate()
+		throw()
+	{
+		Pair kp;
+		Utils::getSecureRandom(kp.priv.data,(unsigned int)kp.priv.size());
+		_calcPubDH(kp);
+		_calcPubED(kp);
+		return kp;
+	}
+
+	/**
+	 * Generate a key pair satisfying a condition
+	 *
+	 * This begins with a random keypair from a random secret key and then
+	 * iteratively increments the random secret until cond(kp) returns true.
+	 * This is used to compute key pairs in which the public key, its hash
+	 * or some other aspect of it satisfies some condition, such as for a
+	 * hashcash criteria.
+	 *
+	 * @param cond Condition function or function object
+	 * @return Key pair where cond(kp) returns true
+	 * @tparam F Type of 'cond'
+	 */
+	template<typename F>
+	static inline Pair generateSatisfying(F cond)
+		throw()
+	{
+		Pair kp;
+		void *const priv = (void *)kp.priv.data;
+		Utils::getSecureRandom(priv,(unsigned int)kp.priv.size());
+		_calcPubED(kp); // do Ed25519 key -- bytes 32-63 of pub and priv
+		do {
+			++(((uint64_t *)priv)[1]);
+			--(((uint64_t *)priv)[2]);
+			_calcPubDH(kp); // keep regenerating bytes 0-31 until satisfied
+		} while (!cond(kp));
+		return kp;
+	}
+
+	/**
+	 * Perform C25519 ECC key agreement
+	 *
+	 * Actual key bytes are generated from one or more SHA-512 digests of
+	 * the raw result of key agreement.
+	 *
+	 * @param mine My private key
+	 * @param their Their public key
+	 * @param keybuf Buffer to fill
+	 * @param keylen Number of key bytes to generate
+	 */
+	static void agree(const Private &mine,const Public &their,void *keybuf,unsigned int keylen)
+		throw();
+	static inline void agree(const Pair &mine,const Public &their,void *keybuf,unsigned int keylen)
+		throw()
+	{
+		agree(mine.priv,their,keybuf,keylen);
+	}
+
+	/**
+	 * Sign a message with a sender's key pair
+	 *
+	 * This takes the SHA-521 of msg[] and then signs the first 32 bytes of this
+	 * digest, returning it and the 64-byte ed25519 signature in signature[].
+	 * This results in a signature that verifies both the signer's authenticity
+	 * and the integrity of the message.
+	 *
+	 * This is based on the original ed25519 code from NaCl and the SUPERCOP
+	 * cipher benchmark suite, but with the modification that it always
+	 * produces a signature of fixed 96-byte length based on the hash of an
+	 * arbitrary-length message.
+	 *
+	 * @param myPrivate My private key
+	 * @param myPublic My public key
+	 * @param msg Message to sign
+	 * @param len Length of message in bytes
+	 * @param signature Buffer to fill with signature -- MUST be 96 bytes in length
+	 */
+	static void sign(const Private &myPrivate,const Public &myPublic,const void *msg,unsigned int len,void *signature)
+		throw();
+	static inline void sign(const Pair &mine,const void *msg,unsigned int len,void *signature)
+		throw()
+	{
+		sign(mine.priv,mine.pub,msg,len,signature);
+	}
+
+	/**
+	 * Sign a message with a sender's key pair
+	 *
+	 * @param myPrivate My private key
+	 * @param myPublic My public key
+	 * @param msg Message to sign
+	 * @param len Length of message in bytes
+	 * @return Signature
+	 */
+	static inline Signature sign(const Private &myPrivate,const Public &myPublic,const void *msg,unsigned int len)
+		throw()
+	{
+		Signature sig;
+		sign(myPrivate,myPublic,msg,len,sig.data);
+		return sig;
+	}
+	static inline Signature sign(const Pair &mine,const void *msg,unsigned int len)
+		throw()
+	{
+		Signature sig;
+		sign(mine.priv,mine.pub,msg,len,sig.data);
+		return sig;
+	}
+
+	/**
+	 * Verify a message's signature
+	 *
+	 * @param their Public key to verify against
+	 * @param msg Message to verify signature integrity against
+	 * @param len Length of message in bytes
+	 * @param signature 96-byte signature
+	 * @return True if signature is valid and the message is authentic and unmodified
+	 */
+	static bool verify(const Public &their,const void *msg,unsigned int len,const void *signature)
+		throw();
+
+	/**
+	 * Verify a message's signature
+	 *
+	 * @param their Public key to verify against
+	 * @param msg Message to verify signature integrity against
+	 * @param len Length of message in bytes
+	 * @param signature 96-byte signature
+	 * @return True if signature is valid and the message is authentic and unmodified
+	 */
+	static inline bool verify(const Public &their,const void *msg,unsigned int len,const Signature &signature)
+		throw()
+	{
+		return verify(their,msg,len,signature.data);
+	}
+
+private:
+	// derive first 32 bytes of kp.pub from first 32 bytes of kp.priv
+	// this is the ECDH key
+	static void _calcPubDH(Pair &kp)
+		throw();
+
+	// derive 2nd 32 bytes of kp.pub from 2nd 32 bytes of kp.priv
+	// this is the Ed25519 sign/verify key
+	static void _calcPubED(Pair &kp)
+		throw();
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/CertificateOfMembership.cpp b/node/CertificateOfMembership.cpp
new file mode 100644
index 0000000..55537fd
--- /dev/null
+++ b/node/CertificateOfMembership.cpp
@@ -0,0 +1,230 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "CertificateOfMembership.hpp"
+
+namespace ZeroTier {
+
+void CertificateOfMembership::setQualifier(uint64_t id,uint64_t value,uint64_t maxDelta)
+{
+	_signedBy.zero();
+
+	for(unsigned int i=0;i<_qualifierCount;++i) {
+		if (_qualifiers[i].id == id) {
+			_qualifiers[i].value = value;
+			_qualifiers[i].maxDelta = maxDelta;
+			return;
+		}
+	}
+
+	if (_qualifierCount < ZT_NETWORK_COM_MAX_QUALIFIERS) {
+		_qualifiers[_qualifierCount].id = id;
+		_qualifiers[_qualifierCount].value = value;
+		_qualifiers[_qualifierCount].maxDelta = maxDelta;
+		++_qualifierCount;
+		std::sort(&(_qualifiers[0]),&(_qualifiers[_qualifierCount]));
+	}
+}
+
+#ifdef ZT_SUPPORT_OLD_STYLE_NETCONF
+
+std::string CertificateOfMembership::toString() const
+{
+	std::string s;
+
+	s.append("1:"); // COM_UINT64_ED25519
+
+	uint64_t *const buf = new uint64_t[_qualifierCount * 3];
+	try {
+		unsigned int ptr = 0;
+		for(unsigned int i=0;i<_qualifierCount;++i) {
+			buf[ptr++] = Utils::hton(_qualifiers[i].id);
+			buf[ptr++] = Utils::hton(_qualifiers[i].value);
+			buf[ptr++] = Utils::hton(_qualifiers[i].maxDelta);
+		}
+		s.append(Utils::hex(buf,ptr * sizeof(uint64_t)));
+		delete [] buf;
+	} catch ( ... ) {
+		delete [] buf;
+		throw;
+	}
+
+	s.push_back(':');
+
+	s.append(_signedBy.toString());
+
+	if (_signedBy) {
+		s.push_back(':');
+		s.append(Utils::hex(_signature.data,(unsigned int)_signature.size()));
+	}
+
+	return s;
+}
+
+void CertificateOfMembership::fromString(const char *s)
+{
+	_qualifierCount = 0;
+	_signedBy.zero();
+	memset(_signature.data,0,_signature.size());
+
+	if (!*s)
+		return;
+
+	unsigned int colonAt = 0;
+	while ((s[colonAt])&&(s[colonAt] != ':')) ++colonAt;
+
+	if (!((colonAt == 1)&&(s[0] == '1'))) // COM_UINT64_ED25519?
+		return;
+
+	s += colonAt + 1;
+	colonAt = 0;
+	while ((s[colonAt])&&(s[colonAt] != ':')) ++colonAt;
+
+	if (colonAt) {
+		const unsigned int buflen = colonAt / 2;
+		char *const buf = new char[buflen];
+		unsigned int bufactual = Utils::unhex(s,colonAt,buf,buflen);
+		char *bufptr = buf;
+		try {
+			while (bufactual >= 24) {
+				if (_qualifierCount < ZT_NETWORK_COM_MAX_QUALIFIERS) {
+					_qualifiers[_qualifierCount].id = Utils::ntoh(*((uint64_t *)bufptr)); bufptr += 8;
+					_qualifiers[_qualifierCount].value = Utils::ntoh(*((uint64_t *)bufptr)); bufptr += 8;
+					_qualifiers[_qualifierCount].maxDelta = Utils::ntoh(*((uint64_t *)bufptr)); bufptr += 8;
+					++_qualifierCount;
+				} else {
+					bufptr += 24;
+				}
+				bufactual -= 24;
+			}
+		} catch ( ... ) {}
+		delete [] buf;
+	}
+
+	if (s[colonAt]) {
+		s += colonAt + 1;
+		colonAt = 0;
+		while ((s[colonAt])&&(s[colonAt] != ':')) ++colonAt;
+
+		if (colonAt) {
+			char addrbuf[ZT_ADDRESS_LENGTH];
+			if (Utils::unhex(s,colonAt,addrbuf,sizeof(addrbuf)) == ZT_ADDRESS_LENGTH)
+				_signedBy.setTo(addrbuf,ZT_ADDRESS_LENGTH);
+
+			if ((_signedBy)&&(s[colonAt])) {
+				s += colonAt + 1;
+				colonAt = 0;
+				while ((s[colonAt])&&(s[colonAt] != ':')) ++colonAt;
+				if (colonAt) {
+					if (Utils::unhex(s,colonAt,_signature.data,(unsigned int)_signature.size()) != _signature.size())
+						_signedBy.zero();
+				} else {
+					_signedBy.zero();
+				}
+			} else {
+				_signedBy.zero();
+			}
+		}
+	}
+
+	std::sort(&(_qualifiers[0]),&(_qualifiers[_qualifierCount]));
+}
+
+#endif // ZT_SUPPORT_OLD_STYLE_NETCONF
+
+bool CertificateOfMembership::agreesWith(const CertificateOfMembership &other) const
+{
+	unsigned int myidx = 0;
+	unsigned int otheridx = 0;
+
+	while (myidx < _qualifierCount) {
+		// Fail if we're at the end of other, since this means the field is
+		// missing.
+		if (otheridx >= other._qualifierCount)
+			return false;
+
+		// Seek to corresponding tuple in other, ignoring tuples that
+		// we may not have. If we run off the end of other, the tuple is
+		// missing. This works because tuples are sorted by ID.
+		while (other._qualifiers[otheridx].id != _qualifiers[myidx].id) {
+			++otheridx;
+			if (otheridx >= other._qualifierCount)
+				return false;
+		}
+
+		// Compare to determine if the absolute value of the difference
+		// between these two parameters is within our maxDelta.
+		const uint64_t a = _qualifiers[myidx].value;
+		const uint64_t b = other._qualifiers[myidx].value;
+		if (((a >= b) ? (a - b) : (b - a)) > _qualifiers[myidx].maxDelta)
+			return false;
+
+		++myidx;
+	}
+
+	return true;
+}
+
+bool CertificateOfMembership::sign(const Identity &with)
+{
+	uint64_t *const buf = new uint64_t[_qualifierCount * 3];
+	unsigned int ptr = 0;
+	for(unsigned int i=0;i<_qualifierCount;++i) {
+		buf[ptr++] = Utils::hton(_qualifiers[i].id);
+		buf[ptr++] = Utils::hton(_qualifiers[i].value);
+		buf[ptr++] = Utils::hton(_qualifiers[i].maxDelta);
+	}
+
+	try {
+		_signature = with.sign(buf,ptr * sizeof(uint64_t));
+		_signedBy = with.address();
+		delete [] buf;
+		return true;
+	} catch ( ... ) {
+		_signedBy.zero();
+		delete [] buf;
+		return false;
+	}
+}
+
+bool CertificateOfMembership::verify(const Identity &id) const
+{
+	if (!_signedBy)
+		return false;
+	if (id.address() != _signedBy)
+		return false;
+
+	uint64_t *const buf = new uint64_t[_qualifierCount * 3];
+	unsigned int ptr = 0;
+	for(unsigned int i=0;i<_qualifierCount;++i) {
+		buf[ptr++] = Utils::hton(_qualifiers[i].id);
+		buf[ptr++] = Utils::hton(_qualifiers[i].value);
+		buf[ptr++] = Utils::hton(_qualifiers[i].maxDelta);
+	}
+
+	bool valid = false;
+	try {
+		valid = id.verify(buf,ptr * sizeof(uint64_t),_signature);
+		delete [] buf;
+	} catch ( ... ) {
+		delete [] buf;
+	}
+	return valid;
+}
+
+} // namespace ZeroTier
diff --git a/node/CertificateOfMembership.hpp b/node/CertificateOfMembership.hpp
new file mode 100644
index 0000000..0342bc3
--- /dev/null
+++ b/node/CertificateOfMembership.hpp
@@ -0,0 +1,431 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_CERTIFICATEOFMEMBERSHIP_HPP
+#define ZT_CERTIFICATEOFMEMBERSHIP_HPP
+
+#include <stdint.h>
+#include <string.h>
+
+#include <string>
+#include <stdexcept>
+#include <algorithm>
+
+#include "Constants.hpp"
+#include "Buffer.hpp"
+#include "Address.hpp"
+#include "C25519.hpp"
+#include "Identity.hpp"
+#include "Utils.hpp"
+
+/**
+ * Default window of time for certificate agreement
+ *
+ * Right now we use time for 'revision' so this is the maximum time divergence
+ * between two certs for them to agree. It comes out to five minutes, which
+ * gives a lot of margin for error if the controller hiccups or its clock
+ * drifts but causes de-authorized peers to fall off fast enough.
+ */
+#define ZT_NETWORK_COM_DEFAULT_REVISION_MAX_DELTA (ZT_NETWORK_AUTOCONF_DELAY * 5)
+
+/**
+ * Maximum number of qualifiers in a COM
+ */
+#define ZT_NETWORK_COM_MAX_QUALIFIERS 16
+
+namespace ZeroTier {
+
+/**
+ * Certificate of network membership
+ *
+ * The COM contains a sorted set of three-element tuples called qualifiers.
+ * These contain an id, a value, and a maximum delta.
+ *
+ * The ID is arbitrary and should be assigned using a scheme that makes
+ * every ID globally unique. IDs beneath 65536 are reserved for global
+ * assignment by ZeroTier Networks.
+ *
+ * The value's meaning is ID-specific and isn't important here. What's
+ * important is the value and the third member of the tuple: the maximum
+ * delta. The maximum delta is the maximum difference permitted between
+ * values for a given ID between certificates for the two certificates to
+ * themselves agree.
+ *
+ * Network membership is checked by checking whether a peer's certificate
+ * agrees with your own. The timestamp provides the fundamental criterion--
+ * each member of a private network must constantly obtain new certificates
+ * often enough to stay within the max delta for this qualifier. But other
+ * criteria could be added in the future for very special behaviors, things
+ * like latitude and longitude for instance.
+ *
+ * This is a memcpy()'able structure and is safe (in a crash sense) to modify
+ * without locks.
+ */
+class CertificateOfMembership
+{
+public:
+	/**
+	 * Certificate type codes, used in serialization
+	 *
+	 * Only one so far, and only one hopefully there shall be for quite some
+	 * time.
+	 */
+	enum Type
+	{
+		COM_UINT64_ED25519 = 1 // tuples of unsigned 64's signed with Ed25519
+	};
+
+	/**
+	 * Reserved qualifier IDs
+	 *
+	 * IDs below 65536 should be considered reserved for future global
+	 * assignment here.
+	 *
+	 * Addition of new required fields requires that code in hasRequiredFields
+	 * be updated as well.
+	 */
+	enum ReservedId
+	{
+		/**
+		 * Revision number of certificate
+		 *
+		 * Certificates may differ in revision number by a designated max
+		 * delta. Differences wider than this cause certificates not to agree.
+		 */
+		COM_RESERVED_ID_REVISION = 0,
+
+		/**
+		 * Network ID for which certificate was issued
+		 *
+		 * maxDelta here is zero, since this must match.
+		 */
+		COM_RESERVED_ID_NETWORK_ID = 1,
+
+		/**
+		 * ZeroTier address to whom certificate was issued
+		 *
+		 * maxDelta will be 0xffffffffffffffff here since it's permitted to differ
+		 * from peers obviously.
+		 */
+		COM_RESERVED_ID_ISSUED_TO = 2
+	};
+
+	/**
+	 * Create an empty certificate
+	 */
+	CertificateOfMembership() :
+		_qualifierCount(0)
+	{
+		memset(_signature.data,0,_signature.size());
+	}
+
+	CertificateOfMembership(const CertificateOfMembership &c)
+	{
+		memcpy(this,&c,sizeof(CertificateOfMembership));
+	}
+
+	/**
+	 * Create from required fields common to all networks
+	 *
+	 * @param revision Revision number of certificate
+	 * @param timestampMaxDelta Maximum variation between timestamps on this net
+	 * @param nwid Network ID
+	 * @param issuedTo Certificate recipient
+	 */
+	CertificateOfMembership(uint64_t revision,uint64_t revisionMaxDelta,uint64_t nwid,const Address &issuedTo)
+	{
+		_qualifiers[0].id = COM_RESERVED_ID_REVISION;
+		_qualifiers[0].value = revision;
+		_qualifiers[0].maxDelta = revisionMaxDelta;
+		_qualifiers[1].id = COM_RESERVED_ID_NETWORK_ID;
+		_qualifiers[1].value = nwid;
+		_qualifiers[1].maxDelta = 0;
+		_qualifiers[2].id = COM_RESERVED_ID_ISSUED_TO;
+		_qualifiers[2].value = issuedTo.toInt();
+		_qualifiers[2].maxDelta = 0xffffffffffffffffULL;
+		_qualifierCount = 3;
+		memset(_signature.data,0,_signature.size());
+	}
+
+	inline CertificateOfMembership &operator=(const CertificateOfMembership &c)
+	{
+		memcpy(this,&c,sizeof(CertificateOfMembership));
+		return *this;
+	}
+
+#ifdef ZT_SUPPORT_OLD_STYLE_NETCONF
+	/**
+	 * Create from string-serialized data
+	 *
+	 * @param s String-serialized COM
+	 */
+	CertificateOfMembership(const char *s) { fromString(s); }
+
+	/**
+	 * Create from string-serialized data
+	 *
+	 * @param s String-serialized COM
+	 */
+	CertificateOfMembership(const std::string &s) { fromString(s.c_str()); }
+#endif // ZT_SUPPORT_OLD_STYLE_NETCONF
+
+	/**
+	 * Create from binary-serialized COM in buffer
+	 *
+	 * @param b Buffer to deserialize from
+	 * @param startAt Position to start in buffer
+	 */
+	template<unsigned int C>
+	CertificateOfMembership(const Buffer<C> &b,unsigned int startAt = 0)
+	{
+		deserialize(b,startAt);
+	}
+
+	/**
+	 * @return True if there's something here
+	 */
+	inline operator bool() const throw() { return (_qualifierCount != 0); }
+
+	/**
+	 * Check for presence of all required fields common to all networks
+	 *
+	 * @return True if all required fields are present
+	 */
+	inline bool hasRequiredFields() const
+	{
+		if (_qualifierCount < 3)
+			return false;
+		if (_qualifiers[0].id != COM_RESERVED_ID_REVISION)
+			return false;
+		if (_qualifiers[1].id != COM_RESERVED_ID_NETWORK_ID)
+			return false;
+		if (_qualifiers[2].id != COM_RESERVED_ID_ISSUED_TO)
+			return false;
+		return true;
+	}
+
+	/**
+	 * @return Maximum delta for mandatory revision field or 0 if field missing
+	 */
+	inline uint64_t revisionMaxDelta() const
+	{
+		for(unsigned int i=0;i<_qualifierCount;++i) {
+			if (_qualifiers[i].id == COM_RESERVED_ID_REVISION)
+				return _qualifiers[i].maxDelta;
+		}
+		return 0ULL;
+	}
+
+	/**
+	 * @return Revision number for this cert
+	 */
+	inline uint64_t revision() const
+	{
+		for(unsigned int i=0;i<_qualifierCount;++i) {
+			if (_qualifiers[i].id == COM_RESERVED_ID_REVISION)
+				return _qualifiers[i].value;
+		}
+		return 0ULL;
+	}
+
+	/**
+	 * @return Address to which this cert was issued
+	 */
+	inline Address issuedTo() const
+	{
+		for(unsigned int i=0;i<_qualifierCount;++i) {
+			if (_qualifiers[i].id == COM_RESERVED_ID_ISSUED_TO)
+				return Address(_qualifiers[i].value);
+		}
+		return Address();
+	}
+
+	/**
+	 * @return Network ID for which this cert was issued
+	 */
+	inline uint64_t networkId() const
+	{
+		for(unsigned int i=0;i<_qualifierCount;++i) {
+			if (_qualifiers[i].id == COM_RESERVED_ID_NETWORK_ID)
+				return _qualifiers[i].value;
+		}
+		return 0ULL;
+	}
+
+	/**
+	 * Add or update a qualifier in this certificate
+	 *
+	 * Any signature is invalidated and signedBy is set to null.
+	 *
+	 * @param id Qualifier ID
+	 * @param value Qualifier value
+	 * @param maxDelta Qualifier maximum allowed difference (absolute value of difference)
+	 */
+	void setQualifier(uint64_t id,uint64_t value,uint64_t maxDelta);
+	inline void setQualifier(ReservedId id,uint64_t value,uint64_t maxDelta) { setQualifier((uint64_t)id,value,maxDelta); }
+
+#ifdef ZT_SUPPORT_OLD_STYLE_NETCONF
+	/**
+	 * @return String-serialized representation of this certificate
+	 */
+	std::string toString() const;
+
+	/**
+	 * Set this certificate equal to the hex-serialized string
+	 *
+	 * Invalid strings will result in invalid or undefined certificate
+	 * contents. These will subsequently fail validation and comparison.
+	 * Empty strings will result in an empty certificate.
+	 *
+	 * @param s String to deserialize
+	 */
+	void fromString(const char *s);
+#endif // ZT_SUPPORT_OLD_STYLE_NETCONF
+
+	/**
+	 * Compare two certificates for parameter agreement
+	 *
+	 * This compares this certificate with the other and returns true if all
+	 * paramters in this cert are present in the other and if they agree to
+	 * within this cert's max delta value for each given parameter.
+	 *
+	 * Tuples present in other but not in this cert are ignored, but any
+	 * tuples present in this cert but not in other result in 'false'.
+	 *
+	 * @param other Cert to compare with
+	 * @return True if certs agree and 'other' may be communicated with
+	 */
+	bool agreesWith(const CertificateOfMembership &other) const;
+
+	/**
+	 * Sign this certificate
+	 *
+	 * @param with Identity to sign with, must include private key
+	 * @return True if signature was successful
+	 */
+	bool sign(const Identity &with);
+
+	/**
+	 * Verify certificate against an identity
+	 *
+	 * @param id Identity to verify against
+	 * @return True if certificate is signed by this identity and verification was successful
+	 */
+	bool verify(const Identity &id) const;
+
+	/**
+	 * @return True if signed
+	 */
+	inline bool isSigned() const throw() { return (_signedBy); }
+
+	/**
+	 * @return Address that signed this certificate or null address if none
+	 */
+	inline const Address &signedBy() const throw() { return _signedBy; }
+
+	template<unsigned int C>
+	inline void serialize(Buffer<C> &b) const
+	{
+		b.append((unsigned char)COM_UINT64_ED25519);
+		b.append((uint16_t)_qualifierCount);
+		for(unsigned int i=0;i<_qualifierCount;++i) {
+			b.append(_qualifiers[i].id);
+			b.append(_qualifiers[i].value);
+			b.append(_qualifiers[i].maxDelta);
+		}
+		_signedBy.appendTo(b);
+		if (_signedBy)
+			b.append(_signature.data,(unsigned int)_signature.size());
+	}
+
+	template<unsigned int C>
+	inline unsigned int deserialize(const Buffer<C> &b,unsigned int startAt = 0)
+	{
+		unsigned int p = startAt;
+
+		_qualifierCount = 0;
+		_signedBy.zero();
+
+		if (b[p++] != COM_UINT64_ED25519)
+			throw std::invalid_argument("invalid type");
+
+		unsigned int numq = b.template at<uint16_t>(p); p += sizeof(uint16_t);
+		uint64_t lastId = 0;
+		for(unsigned int i=0;i<numq;++i) {
+			const uint64_t qid = b.template at<uint64_t>(p);
+			if (qid < lastId)
+				throw std::invalid_argument("qualifiers not sorted");
+			else lastId = qid;
+			if (_qualifierCount < ZT_NETWORK_COM_MAX_QUALIFIERS) {
+				_qualifiers[_qualifierCount].id = qid;
+				_qualifiers[_qualifierCount].value = b.template at<uint64_t>(p + 8);
+				_qualifiers[_qualifierCount].maxDelta = b.template at<uint64_t>(p + 16);
+				p += 24;
+				++_qualifierCount;
+			} else {
+				throw std::invalid_argument("too many qualifiers");
+			}
+		}
+
+		_signedBy.setTo(b.field(p,ZT_ADDRESS_LENGTH),ZT_ADDRESS_LENGTH);
+		p += ZT_ADDRESS_LENGTH;
+
+		if (_signedBy) {
+			memcpy(_signature.data,b.field(p,(unsigned int)_signature.size()),_signature.size());
+			p += (unsigned int)_signature.size();
+		}
+
+		return (p - startAt);
+	}
+
+	inline bool operator==(const CertificateOfMembership &c) const
+		throw()
+	{
+		if (_signedBy != c._signedBy)
+			return false;
+		if (_qualifierCount != c._qualifierCount)
+			return false;
+		for(unsigned int i=0;i<_qualifierCount;++i) {
+			const _Qualifier &a = _qualifiers[i];
+			const _Qualifier &b = c._qualifiers[i];
+			if ((a.id != b.id)||(a.value != b.value)||(a.maxDelta != b.maxDelta))
+				return false;
+		}
+		return (_signature == c._signature);
+	}
+	inline bool operator!=(const CertificateOfMembership &c) const throw() { return (!(*this == c)); }
+
+private:
+	struct _Qualifier
+	{
+		_Qualifier() : id(0),value(0),maxDelta(0) {}
+		uint64_t id;
+		uint64_t value;
+		uint64_t maxDelta;
+		inline bool operator<(const _Qualifier &q) const throw() { return (id < q.id); } // sort order
+	};
+
+	Address _signedBy;
+	_Qualifier _qualifiers[ZT_NETWORK_COM_MAX_QUALIFIERS];
+	unsigned int _qualifierCount;
+	C25519::Signature _signature;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/Cluster.cpp b/node/Cluster.cpp
new file mode 100644
index 0000000..f590ad1
--- /dev/null
+++ b/node/Cluster.cpp
@@ -0,0 +1,913 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef ZT_ENABLE_CLUSTER
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <math.h>
+
+#include <map>
+#include <algorithm>
+#include <set>
+#include <utility>
+#include <list>
+#include <stdexcept>
+
+#include "../version.h"
+
+#include "Cluster.hpp"
+#include "RuntimeEnvironment.hpp"
+#include "MulticastGroup.hpp"
+#include "CertificateOfMembership.hpp"
+#include "Salsa20.hpp"
+#include "Poly1305.hpp"
+#include "Identity.hpp"
+#include "Topology.hpp"
+#include "Packet.hpp"
+#include "Switch.hpp"
+#include "Node.hpp"
+#include "Array.hpp"
+
+namespace ZeroTier {
+
+static inline double _dist3d(int x1,int y1,int z1,int x2,int y2,int z2)
+	throw()
+{
+	double dx = ((double)x2 - (double)x1);
+	double dy = ((double)y2 - (double)y1);
+	double dz = ((double)z2 - (double)z1);
+	return sqrt((dx * dx) + (dy * dy) + (dz * dz));
+}
+
+// An entry in _ClusterSendQueue
+struct _ClusterSendQueueEntry
+{
+	uint64_t timestamp;
+	Address fromPeerAddress;
+	Address toPeerAddress;
+	// if we ever support larger transport MTUs this must be increased
+	unsigned char data[ZT_CLUSTER_SEND_QUEUE_DATA_MAX];
+	unsigned int len;
+	bool unite;
+};
+
+// A multi-index map with entry memory pooling -- this allows our queue to
+// be O(log(N)) and is complex enough that it makes the code a lot cleaner
+// to break it out from Cluster.
+class _ClusterSendQueue
+{
+public:
+	_ClusterSendQueue() :
+		_poolCount(0) {}
+	~_ClusterSendQueue() {} // memory is automatically freed when _chunks is destroyed
+
+	inline void enqueue(uint64_t now,const Address &from,const Address &to,const void *data,unsigned int len,bool unite)
+	{
+		if (len > ZT_CLUSTER_SEND_QUEUE_DATA_MAX)
+			return;
+
+		Mutex::Lock _l(_lock);
+
+		// Delete oldest queue entry for this sender if this enqueue() would take them over the per-sender limit
+		{
+			std::set< std::pair<Address,_ClusterSendQueueEntry *> >::iterator qi(_bySrc.lower_bound(std::pair<Address,_ClusterSendQueueEntry *>(from,(_ClusterSendQueueEntry *)0)));
+			std::set< std::pair<Address,_ClusterSendQueueEntry *> >::iterator oldest(qi);
+			unsigned long countForSender = 0;
+			while ((qi != _bySrc.end())&&(qi->first == from)) {
+				if (qi->second->timestamp < oldest->second->timestamp)
+					oldest = qi;
+				++countForSender;
+				++qi;
+			}
+			if (countForSender >= ZT_CLUSTER_MAX_QUEUE_PER_SENDER) {
+				_byDest.erase(std::pair<Address,_ClusterSendQueueEntry *>(oldest->second->toPeerAddress,oldest->second));
+				_pool[_poolCount++] = oldest->second;
+				_bySrc.erase(oldest);
+			}
+		}
+
+		_ClusterSendQueueEntry *e;
+		if (_poolCount > 0) {
+			e = _pool[--_poolCount];
+		} else {
+			if (_chunks.size() >= ZT_CLUSTER_MAX_QUEUE_CHUNKS)
+				return; // queue is totally full!
+			_chunks.push_back(Array<_ClusterSendQueueEntry,ZT_CLUSTER_QUEUE_CHUNK_SIZE>());
+			e = &(_chunks.back().data[0]);
+			for(unsigned int i=1;i<ZT_CLUSTER_QUEUE_CHUNK_SIZE;++i)
+				_pool[_poolCount++] = &(_chunks.back().data[i]);
+		}
+
+		e->timestamp = now;
+		e->fromPeerAddress = from;
+		e->toPeerAddress = to;
+		memcpy(e->data,data,len);
+		e->len = len;
+		e->unite = unite;
+
+		_bySrc.insert(std::pair<Address,_ClusterSendQueueEntry *>(from,e));
+		_byDest.insert(std::pair<Address,_ClusterSendQueueEntry *>(to,e));
+	}
+
+	inline void expire(uint64_t now)
+	{
+		Mutex::Lock _l(_lock);
+		for(std::set< std::pair<Address,_ClusterSendQueueEntry *> >::iterator qi(_bySrc.begin());qi!=_bySrc.end();) {
+			if ((now - qi->second->timestamp) > ZT_CLUSTER_QUEUE_EXPIRATION) {
+				_byDest.erase(std::pair<Address,_ClusterSendQueueEntry *>(qi->second->toPeerAddress,qi->second));
+				_pool[_poolCount++] = qi->second;
+				_bySrc.erase(qi++);
+			} else ++qi;
+		}
+	}
+
+	/**
+	 * Get and dequeue entries for a given destination address
+	 *
+	 * After use these entries must be returned with returnToPool()!
+	 *
+	 * @param dest Destination address
+	 * @param results Array to fill with results
+	 * @param maxResults Size of results[] in pointers
+	 * @return Number of actual results returned
+	 */
+	inline unsigned int getByDest(const Address &dest,_ClusterSendQueueEntry **results,unsigned int maxResults)
+	{
+		unsigned int count = 0;
+		Mutex::Lock _l(_lock);
+		std::set< std::pair<Address,_ClusterSendQueueEntry *> >::iterator qi(_byDest.lower_bound(std::pair<Address,_ClusterSendQueueEntry *>(dest,(_ClusterSendQueueEntry *)0)));
+		while ((qi != _byDest.end())&&(qi->first == dest)) {
+			_bySrc.erase(std::pair<Address,_ClusterSendQueueEntry *>(qi->second->fromPeerAddress,qi->second));
+			results[count++] = qi->second;
+			if (count == maxResults)
+				break;
+			_byDest.erase(qi++);
+		}
+		return count;
+	}
+
+	/**
+	 * Return entries to pool after use
+	 *
+	 * @param entries Array of entries
+	 * @param count Number of entries
+	 */
+	inline void returnToPool(_ClusterSendQueueEntry **entries,unsigned int count)
+	{
+		Mutex::Lock _l(_lock);
+		for(unsigned int i=0;i<count;++i)
+			_pool[_poolCount++] = entries[i];
+	}
+
+private:
+	std::list< Array<_ClusterSendQueueEntry,ZT_CLUSTER_QUEUE_CHUNK_SIZE> > _chunks;
+	_ClusterSendQueueEntry *_pool[ZT_CLUSTER_QUEUE_CHUNK_SIZE * ZT_CLUSTER_MAX_QUEUE_CHUNKS];
+	unsigned long _poolCount;
+	std::set< std::pair<Address,_ClusterSendQueueEntry *> > _bySrc;
+	std::set< std::pair<Address,_ClusterSendQueueEntry *> > _byDest;
+	Mutex _lock;
+};
+
+Cluster::Cluster(
+	const RuntimeEnvironment *renv,
+	uint16_t id,
+	const std::vector<InetAddress> &zeroTierPhysicalEndpoints,
+	int32_t x,
+	int32_t y,
+	int32_t z,
+	void (*sendFunction)(void *,unsigned int,const void *,unsigned int),
+	void *sendFunctionArg,
+	int (*addressToLocationFunction)(void *,const struct sockaddr_storage *,int *,int *,int *),
+	void *addressToLocationFunctionArg) :
+	RR(renv),
+	_sendQueue(new _ClusterSendQueue()),
+	_sendFunction(sendFunction),
+	_sendFunctionArg(sendFunctionArg),
+	_addressToLocationFunction(addressToLocationFunction),
+	_addressToLocationFunctionArg(addressToLocationFunctionArg),
+	_x(x),
+	_y(y),
+	_z(z),
+	_id(id),
+	_zeroTierPhysicalEndpoints(zeroTierPhysicalEndpoints),
+	_members(new _Member[ZT_CLUSTER_MAX_MEMBERS]),
+	_lastFlushed(0),
+	_lastCleanedRemotePeers(0),
+	_lastCleanedQueue(0)
+{
+	uint16_t stmp[ZT_SHA512_DIGEST_LEN / sizeof(uint16_t)];
+
+	// Generate master secret by hashing the secret from our Identity key pair
+	RR->identity.sha512PrivateKey(_masterSecret);
+
+	// Generate our inbound message key, which is the master secret XORed with our ID and hashed twice
+	memcpy(stmp,_masterSecret,sizeof(stmp));
+	stmp[0] ^= Utils::hton(id);
+	SHA512::hash(stmp,stmp,sizeof(stmp));
+	SHA512::hash(stmp,stmp,sizeof(stmp));
+	memcpy(_key,stmp,sizeof(_key));
+	Utils::burn(stmp,sizeof(stmp));
+}
+
+Cluster::~Cluster()
+{
+	Utils::burn(_masterSecret,sizeof(_masterSecret));
+	Utils::burn(_key,sizeof(_key));
+	delete [] _members;
+	delete _sendQueue;
+}
+
+void Cluster::handleIncomingStateMessage(const void *msg,unsigned int len)
+{
+	Buffer<ZT_CLUSTER_MAX_MESSAGE_LENGTH> dmsg;
+	{
+		// FORMAT: <[16] iv><[8] MAC><... data>
+		if ((len < 24)||(len > ZT_CLUSTER_MAX_MESSAGE_LENGTH))
+			return;
+
+		// 16-byte IV: first 8 bytes XORed with key, last 8 bytes used as Salsa20 64-bit IV
+		char keytmp[32];
+		memcpy(keytmp,_key,32);
+		for(int i=0;i<8;++i)
+			keytmp[i] ^= reinterpret_cast<const char *>(msg)[i];
+		Salsa20 s20(keytmp,256,reinterpret_cast<const char *>(msg) + 8);
+		Utils::burn(keytmp,sizeof(keytmp));
+
+		// One-time-use Poly1305 key from first 32 bytes of Salsa20 keystream (as per DJB/NaCl "standard")
+		char polykey[ZT_POLY1305_KEY_LEN];
+		memset(polykey,0,sizeof(polykey));
+		s20.encrypt12(polykey,polykey,sizeof(polykey));
+
+		// Compute 16-byte MAC
+		char mac[ZT_POLY1305_MAC_LEN];
+		Poly1305::compute(mac,reinterpret_cast<const char *>(msg) + 24,len - 24,polykey);
+
+		// Check first 8 bytes of MAC against 64-bit MAC in stream
+		if (!Utils::secureEq(mac,reinterpret_cast<const char *>(msg) + 16,8))
+			return;
+
+		// Decrypt!
+		dmsg.setSize(len - 24);
+		s20.decrypt12(reinterpret_cast<const char *>(msg) + 24,const_cast<void *>(dmsg.data()),dmsg.size());
+	}
+
+	if (dmsg.size() < 4)
+		return;
+	const uint16_t fromMemberId = dmsg.at<uint16_t>(0);
+	unsigned int ptr = 2;
+	if (fromMemberId == _id) // sanity check: we don't talk to ourselves
+		return;
+	const uint16_t toMemberId = dmsg.at<uint16_t>(ptr);
+	ptr += 2;
+	if (toMemberId != _id) // sanity check: message not for us?
+		return;
+
+	{	// make sure sender is actually considered a member
+		Mutex::Lock _l3(_memberIds_m);
+		if (std::find(_memberIds.begin(),_memberIds.end(),fromMemberId) == _memberIds.end())
+			return;
+	}
+
+	try {
+		while (ptr < dmsg.size()) {
+			const unsigned int mlen = dmsg.at<uint16_t>(ptr); ptr += 2;
+			const unsigned int nextPtr = ptr + mlen;
+			if (nextPtr > dmsg.size())
+				break;
+
+			int mtype = -1;
+			try {
+				switch((StateMessageType)(mtype = (int)dmsg[ptr++])) {
+					default:
+						break;
+
+					case CLUSTER_MESSAGE_ALIVE: {
+						_Member &m = _members[fromMemberId];
+						Mutex::Lock mlck(m.lock);
+						ptr += 7; // skip version stuff, not used yet
+						m.x = dmsg.at<int32_t>(ptr); ptr += 4;
+						m.y = dmsg.at<int32_t>(ptr); ptr += 4;
+						m.z = dmsg.at<int32_t>(ptr); ptr += 4;
+						ptr += 8; // skip local clock, not used
+						m.load = dmsg.at<uint64_t>(ptr); ptr += 8;
+						m.peers = dmsg.at<uint64_t>(ptr); ptr += 8;
+						ptr += 8; // skip flags, unused
+#ifdef ZT_TRACE
+						std::string addrs;
+#endif
+						unsigned int physicalAddressCount = dmsg[ptr++];
+						m.zeroTierPhysicalEndpoints.clear();
+						for(unsigned int i=0;i<physicalAddressCount;++i) {
+							m.zeroTierPhysicalEndpoints.push_back(InetAddress());
+							ptr += m.zeroTierPhysicalEndpoints.back().deserialize(dmsg,ptr);
+							if (!(m.zeroTierPhysicalEndpoints.back())) {
+								m.zeroTierPhysicalEndpoints.pop_back();
+							}
+#ifdef ZT_TRACE
+							else {
+								if (addrs.length() > 0)
+									addrs.push_back(',');
+								addrs.append(m.zeroTierPhysicalEndpoints.back().toString());
+							}
+#endif
+						}
+#ifdef ZT_TRACE
+						if ((RR->node->now() - m.lastReceivedAliveAnnouncement) >= ZT_CLUSTER_TIMEOUT) {
+							TRACE("[%u] I'm alive! peers close to %d,%d,%d can be redirected to: %s",(unsigned int)fromMemberId,m.x,m.y,m.z,addrs.c_str());
+						}
+#endif
+						m.lastReceivedAliveAnnouncement = RR->node->now();
+					}	break;
+
+					case CLUSTER_MESSAGE_HAVE_PEER: {
+						Identity id;
+						ptr += id.deserialize(dmsg,ptr);
+						if (id) {
+							RR->topology->saveIdentity(id);
+
+							{
+								Mutex::Lock _l(_remotePeers_m);
+								_remotePeers[std::pair<Address,unsigned int>(id.address(),(unsigned int)fromMemberId)] = RR->node->now();
+							}
+
+							_ClusterSendQueueEntry *q[16384]; // 16384 is "tons"
+							unsigned int qc = _sendQueue->getByDest(id.address(),q,16384);
+							for(unsigned int i=0;i<qc;++i)
+								this->sendViaCluster(q[i]->fromPeerAddress,q[i]->toPeerAddress,q[i]->data,q[i]->len,q[i]->unite);
+							_sendQueue->returnToPool(q,qc);
+
+							TRACE("[%u] has %s (retried %u queued sends)",(unsigned int)fromMemberId,id.address().toString().c_str(),qc);
+						}
+					}	break;
+
+					case CLUSTER_MESSAGE_WANT_PEER: {
+						const Address zeroTierAddress(dmsg.field(ptr,ZT_ADDRESS_LENGTH),ZT_ADDRESS_LENGTH); ptr += ZT_ADDRESS_LENGTH;
+						SharedPtr<Peer> peer(RR->topology->getPeerNoCache(zeroTierAddress));
+						if ( (peer) && (peer->hasClusterOptimalPath(RR->node->now())) ) {
+							Buffer<1024> buf;
+							peer->identity().serialize(buf);
+							Mutex::Lock _l2(_members[fromMemberId].lock);
+							_send(fromMemberId,CLUSTER_MESSAGE_HAVE_PEER,buf.data(),buf.size());
+						}
+					}	break;
+
+					case CLUSTER_MESSAGE_REMOTE_PACKET: {
+						const unsigned int plen = dmsg.at<uint16_t>(ptr); ptr += 2;
+						if (plen) {
+							Packet remotep(dmsg.field(ptr,plen),plen); ptr += plen;
+							//TRACE("remote %s from %s via %u (%u bytes)",Packet::verbString(remotep.verb()),remotep.source().toString().c_str(),fromMemberId,plen);
+							switch(remotep.verb()) {
+								case Packet::VERB_WHOIS:            _doREMOTE_WHOIS(fromMemberId,remotep); break;
+								case Packet::VERB_MULTICAST_GATHER: _doREMOTE_MULTICAST_GATHER(fromMemberId,remotep); break;
+								default: break; // ignore things we don't care about across cluster
+							}
+						}
+					}	break;
+
+					case CLUSTER_MESSAGE_PROXY_UNITE: {
+						const Address localPeerAddress(dmsg.field(ptr,ZT_ADDRESS_LENGTH),ZT_ADDRESS_LENGTH); ptr += ZT_ADDRESS_LENGTH;
+						const Address remotePeerAddress(dmsg.field(ptr,ZT_ADDRESS_LENGTH),ZT_ADDRESS_LENGTH); ptr += ZT_ADDRESS_LENGTH;
+						const unsigned int numRemotePeerPaths = dmsg[ptr++];
+						InetAddress remotePeerPaths[256]; // size is 8-bit, so 256 is max
+						for(unsigned int i=0;i<numRemotePeerPaths;++i)
+							ptr += remotePeerPaths[i].deserialize(dmsg,ptr);
+
+						TRACE("[%u] requested that we unite local %s with remote %s",(unsigned int)fromMemberId,localPeerAddress.toString().c_str(),remotePeerAddress.toString().c_str());
+
+						const uint64_t now = RR->node->now();
+						SharedPtr<Peer> localPeer(RR->topology->getPeerNoCache(localPeerAddress));
+						if ((localPeer)&&(numRemotePeerPaths > 0)) {
+							InetAddress bestLocalV4,bestLocalV6;
+							localPeer->getBestActiveAddresses(now,bestLocalV4,bestLocalV6);
+
+							InetAddress bestRemoteV4,bestRemoteV6;
+							for(unsigned int i=0;i<numRemotePeerPaths;++i) {
+								if ((bestRemoteV4)&&(bestRemoteV6))
+									break;
+								switch(remotePeerPaths[i].ss_family) {
+									case AF_INET:
+										if (!bestRemoteV4)
+											bestRemoteV4 = remotePeerPaths[i];
+										break;
+									case AF_INET6:
+										if (!bestRemoteV6)
+											bestRemoteV6 = remotePeerPaths[i];
+										break;
+								}
+							}
+
+							Packet rendezvousForLocal(localPeerAddress,RR->identity.address(),Packet::VERB_RENDEZVOUS);
+							rendezvousForLocal.append((uint8_t)0);
+							remotePeerAddress.appendTo(rendezvousForLocal);
+
+							Buffer<2048> rendezvousForRemote;
+							remotePeerAddress.appendTo(rendezvousForRemote);
+							rendezvousForRemote.append((uint8_t)Packet::VERB_RENDEZVOUS);
+							rendezvousForRemote.addSize(2); // space for actual packet payload length
+							rendezvousForRemote.append((uint8_t)0); // flags == 0
+							localPeerAddress.appendTo(rendezvousForRemote);
+
+							bool haveMatch = false;
+							if ((bestLocalV6)&&(bestRemoteV6)) {
+								haveMatch = true;
+
+								rendezvousForLocal.append((uint16_t)bestRemoteV6.port());
+								rendezvousForLocal.append((uint8_t)16);
+								rendezvousForLocal.append(bestRemoteV6.rawIpData(),16);
+
+								rendezvousForRemote.append((uint16_t)bestLocalV6.port());
+								rendezvousForRemote.append((uint8_t)16);
+								rendezvousForRemote.append(bestLocalV6.rawIpData(),16);
+								rendezvousForRemote.setAt<uint16_t>(ZT_ADDRESS_LENGTH + 1,(uint16_t)(9 + 16));
+							} else if ((bestLocalV4)&&(bestRemoteV4)) {
+								haveMatch = true;
+
+								rendezvousForLocal.append((uint16_t)bestRemoteV4.port());
+								rendezvousForLocal.append((uint8_t)4);
+								rendezvousForLocal.append(bestRemoteV4.rawIpData(),4);
+
+								rendezvousForRemote.append((uint16_t)bestLocalV4.port());
+								rendezvousForRemote.append((uint8_t)4);
+								rendezvousForRemote.append(bestLocalV4.rawIpData(),4);
+								rendezvousForRemote.setAt<uint16_t>(ZT_ADDRESS_LENGTH + 1,(uint16_t)(9 + 4));
+							}
+
+							if (haveMatch) {
+								{
+									Mutex::Lock _l2(_members[fromMemberId].lock);
+									_send(fromMemberId,CLUSTER_MESSAGE_PROXY_SEND,rendezvousForRemote.data(),rendezvousForRemote.size());
+								}
+								RR->sw->send(rendezvousForLocal,true,0);
+							}
+						}
+					}	break;
+
+					case CLUSTER_MESSAGE_PROXY_SEND: {
+						const Address rcpt(dmsg.field(ptr,ZT_ADDRESS_LENGTH),ZT_ADDRESS_LENGTH); ptr += ZT_ADDRESS_LENGTH;
+						const Packet::Verb verb = (Packet::Verb)dmsg[ptr++];
+						const unsigned int len = dmsg.at<uint16_t>(ptr); ptr += 2;
+						Packet outp(rcpt,RR->identity.address(),verb);
+						outp.append(dmsg.field(ptr,len),len); ptr += len;
+						RR->sw->send(outp,true,0);
+						//TRACE("[%u] proxy send %s to %s length %u",(unsigned int)fromMemberId,Packet::verbString(verb),rcpt.toString().c_str(),len);
+					}	break;
+				}
+			} catch ( ... ) {
+				TRACE("invalid message of size %u type %d (inner decode), discarding",mlen,mtype);
+				// drop invalids
+			}
+
+			ptr = nextPtr;
+		}
+	} catch ( ... ) {
+		TRACE("invalid message (outer loop), discarding");
+		// drop invalids
+	}
+}
+
+void Cluster::broadcastHavePeer(const Identity &id)
+{
+	Buffer<1024> buf;
+	id.serialize(buf);
+	Mutex::Lock _l(_memberIds_m);
+	for(std::vector<uint16_t>::const_iterator mid(_memberIds.begin());mid!=_memberIds.end();++mid) {
+		Mutex::Lock _l2(_members[*mid].lock);
+		_send(*mid,CLUSTER_MESSAGE_HAVE_PEER,buf.data(),buf.size());
+	}
+}
+
+void Cluster::sendViaCluster(const Address &fromPeerAddress,const Address &toPeerAddress,const void *data,unsigned int len,bool unite)
+{
+	if (len > ZT_PROTO_MAX_PACKET_LENGTH) // sanity check
+		return;
+
+	const uint64_t now = RR->node->now();
+
+	uint64_t mostRecentTs = 0;
+	unsigned int mostRecentMemberId = 0xffffffff;
+	{
+		Mutex::Lock _l2(_remotePeers_m);
+		std::map< std::pair<Address,unsigned int>,uint64_t >::const_iterator rpe(_remotePeers.lower_bound(std::pair<Address,unsigned int>(toPeerAddress,0)));
+		for(;;) {
+			if ((rpe == _remotePeers.end())||(rpe->first.first != toPeerAddress))
+				break;
+			else if (rpe->second > mostRecentTs) {
+				mostRecentTs = rpe->second;
+				mostRecentMemberId = rpe->first.second;
+			}
+			++rpe;
+		}
+	}
+
+	const uint64_t age = now - mostRecentTs;
+	if (age >= (ZT_PEER_ACTIVITY_TIMEOUT / 3)) {
+		const bool enqueueAndWait = ((age >= ZT_PEER_ACTIVITY_TIMEOUT)||(mostRecentMemberId > 0xffff));
+
+		// Poll everyone with WANT_PEER if the age of our most recent entry is
+		// approaching expiration (or has expired, or does not exist).
+		char tmp[ZT_ADDRESS_LENGTH];
+		toPeerAddress.copyTo(tmp,ZT_ADDRESS_LENGTH);
+		{
+			Mutex::Lock _l(_memberIds_m);
+			for(std::vector<uint16_t>::const_iterator mid(_memberIds.begin());mid!=_memberIds.end();++mid) {
+				Mutex::Lock _l2(_members[*mid].lock);
+				_send(*mid,CLUSTER_MESSAGE_WANT_PEER,tmp,ZT_ADDRESS_LENGTH);
+			}
+		}
+
+		// If there isn't a good place to send via, then enqueue this for retrying
+		// later and return after having broadcasted a WANT_PEER.
+		if (enqueueAndWait) {
+			TRACE("sendViaCluster %s -> %s enqueueing to wait for HAVE_PEER",fromPeerAddress.toString().c_str(),toPeerAddress.toString().c_str());
+			_sendQueue->enqueue(now,fromPeerAddress,toPeerAddress,data,len,unite);
+			return;
+		}
+	}
+
+	Buffer<1024> buf;
+	if (unite) {
+		InetAddress v4,v6;
+		if (fromPeerAddress) {
+			SharedPtr<Peer> fromPeer(RR->topology->getPeerNoCache(fromPeerAddress));
+			if (fromPeer)
+				fromPeer->getBestActiveAddresses(now,v4,v6);
+		}
+		uint8_t addrCount = 0;
+		if (v4)
+			++addrCount;
+		if (v6)
+			++addrCount;
+		if (addrCount) {
+			toPeerAddress.appendTo(buf);
+			fromPeerAddress.appendTo(buf);
+			buf.append(addrCount);
+			if (v4)
+				v4.serialize(buf);
+			if (v6)
+				v6.serialize(buf);
+		}
+	}
+
+	{
+		Mutex::Lock _l2(_members[mostRecentMemberId].lock);
+		if (buf.size() > 0)
+			_send(mostRecentMemberId,CLUSTER_MESSAGE_PROXY_UNITE,buf.data(),buf.size());
+
+		for(std::vector<InetAddress>::const_iterator i1(_zeroTierPhysicalEndpoints.begin());i1!=_zeroTierPhysicalEndpoints.end();++i1) {
+			for(std::vector<InetAddress>::const_iterator i2(_members[mostRecentMemberId].zeroTierPhysicalEndpoints.begin());i2!=_members[mostRecentMemberId].zeroTierPhysicalEndpoints.end();++i2) {
+				if (i1->ss_family == i2->ss_family) {
+					TRACE("sendViaCluster relaying %u bytes from %s to %s by way of %u (%s->%s)",len,fromPeerAddress.toString().c_str(),toPeerAddress.toString().c_str(),(unsigned int)mostRecentMemberId,i1->toString().c_str(),i2->toString().c_str());
+					RR->node->putPacket(*i1,*i2,data,len);
+					return;
+				}
+			}
+		}
+
+		TRACE("sendViaCluster relaying %u bytes from %s to %s by way of %u failed: no common endpoints with the same address family!",len,fromPeerAddress.toString().c_str(),toPeerAddress.toString().c_str(),(unsigned int)mostRecentMemberId);
+		return;
+	}
+}
+
+void Cluster::sendDistributedQuery(const Packet &pkt)
+{
+	Buffer<4096> buf;
+	buf.append((uint16_t)pkt.size());
+	buf.append(pkt.data(),pkt.size());
+	Mutex::Lock _l(_memberIds_m);
+	for(std::vector<uint16_t>::const_iterator mid(_memberIds.begin());mid!=_memberIds.end();++mid) {
+		Mutex::Lock _l2(_members[*mid].lock);
+		_send(*mid,CLUSTER_MESSAGE_REMOTE_PACKET,buf.data(),buf.size());
+	}
+}
+
+void Cluster::doPeriodicTasks()
+{
+	const uint64_t now = RR->node->now();
+
+	if ((now - _lastFlushed) >= ZT_CLUSTER_FLUSH_PERIOD) {
+		_lastFlushed = now;
+
+		Mutex::Lock _l(_memberIds_m);
+		for(std::vector<uint16_t>::const_iterator mid(_memberIds.begin());mid!=_memberIds.end();++mid) {
+			Mutex::Lock _l2(_members[*mid].lock);
+
+			if ((now - _members[*mid].lastAnnouncedAliveTo) >= ((ZT_CLUSTER_TIMEOUT / 2) - 1000)) {
+				_members[*mid].lastAnnouncedAliveTo = now;
+
+				Buffer<2048> alive;
+				alive.append((uint16_t)ZEROTIER_ONE_VERSION_MAJOR);
+				alive.append((uint16_t)ZEROTIER_ONE_VERSION_MINOR);
+				alive.append((uint16_t)ZEROTIER_ONE_VERSION_REVISION);
+				alive.append((uint8_t)ZT_PROTO_VERSION);
+				if (_addressToLocationFunction) {
+					alive.append((int32_t)_x);
+					alive.append((int32_t)_y);
+					alive.append((int32_t)_z);
+				} else {
+					alive.append((int32_t)0);
+					alive.append((int32_t)0);
+					alive.append((int32_t)0);
+				}
+				alive.append((uint64_t)now);
+				alive.append((uint64_t)0); // TODO: compute and send load average
+				alive.append((uint64_t)RR->topology->countActive(now));
+				alive.append((uint64_t)0); // unused/reserved flags
+				alive.append((uint8_t)_zeroTierPhysicalEndpoints.size());
+				for(std::vector<InetAddress>::const_iterator pe(_zeroTierPhysicalEndpoints.begin());pe!=_zeroTierPhysicalEndpoints.end();++pe)
+					pe->serialize(alive);
+				_send(*mid,CLUSTER_MESSAGE_ALIVE,alive.data(),alive.size());
+			}
+
+			_flush(*mid);
+		}
+	}
+
+	if ((now - _lastCleanedRemotePeers) >= (ZT_PEER_ACTIVITY_TIMEOUT * 2)) {
+		_lastCleanedRemotePeers = now;
+
+		Mutex::Lock _l(_remotePeers_m);
+		for(std::map< std::pair<Address,unsigned int>,uint64_t >::iterator rp(_remotePeers.begin());rp!=_remotePeers.end();) {
+			if ((now - rp->second) >= ZT_PEER_ACTIVITY_TIMEOUT)
+				_remotePeers.erase(rp++);
+			else ++rp;
+		}
+	}
+
+	if ((now - _lastCleanedQueue) >= ZT_CLUSTER_QUEUE_EXPIRATION) {
+		_lastCleanedQueue = now;
+		_sendQueue->expire(now);
+	}
+}
+
+void Cluster::addMember(uint16_t memberId)
+{
+	if ((memberId >= ZT_CLUSTER_MAX_MEMBERS)||(memberId == _id))
+		return;
+
+	Mutex::Lock _l2(_members[memberId].lock);
+
+	{
+		Mutex::Lock _l(_memberIds_m);
+		if (std::find(_memberIds.begin(),_memberIds.end(),memberId) != _memberIds.end())
+			return;
+		_memberIds.push_back(memberId);
+		std::sort(_memberIds.begin(),_memberIds.end());
+	}
+
+	_members[memberId].clear();
+
+	// Generate this member's message key from the master and its ID
+	uint16_t stmp[ZT_SHA512_DIGEST_LEN / sizeof(uint16_t)];
+	memcpy(stmp,_masterSecret,sizeof(stmp));
+	stmp[0] ^= Utils::hton(memberId);
+	SHA512::hash(stmp,stmp,sizeof(stmp));
+	SHA512::hash(stmp,stmp,sizeof(stmp));
+	memcpy(_members[memberId].key,stmp,sizeof(_members[memberId].key));
+	Utils::burn(stmp,sizeof(stmp));
+
+	// Prepare q
+	_members[memberId].q.clear();
+	char iv[16];
+	Utils::getSecureRandom(iv,16);
+	_members[memberId].q.append(iv,16);
+	_members[memberId].q.addSize(8); // room for MAC
+	_members[memberId].q.append((uint16_t)_id);
+	_members[memberId].q.append((uint16_t)memberId);
+}
+
+void Cluster::removeMember(uint16_t memberId)
+{
+	Mutex::Lock _l(_memberIds_m);
+	std::vector<uint16_t> newMemberIds;
+	for(std::vector<uint16_t>::const_iterator mid(_memberIds.begin());mid!=_memberIds.end();++mid) {
+		if (*mid != memberId)
+			newMemberIds.push_back(*mid);
+	}
+	_memberIds = newMemberIds;
+}
+
+bool Cluster::findBetterEndpoint(InetAddress &redirectTo,const Address &peerAddress,const InetAddress &peerPhysicalAddress,bool offload)
+{
+	if (_addressToLocationFunction) {
+		// Pick based on location if it can be determined
+		int px = 0,py = 0,pz = 0;
+		if (_addressToLocationFunction(_addressToLocationFunctionArg,reinterpret_cast<const struct sockaddr_storage *>(&peerPhysicalAddress),&px,&py,&pz) == 0) {
+			TRACE("no geolocation data for %s",peerPhysicalAddress.toIpString().c_str());
+			return false;
+		}
+
+		// Find member closest to this peer
+		const uint64_t now = RR->node->now();
+		std::vector<InetAddress> best;
+		const double currentDistance = _dist3d(_x,_y,_z,px,py,pz);
+		double bestDistance = (offload ? 2147483648.0 : currentDistance);
+		unsigned int bestMember = _id;
+		{
+			Mutex::Lock _l(_memberIds_m);
+			for(std::vector<uint16_t>::const_iterator mid(_memberIds.begin());mid!=_memberIds.end();++mid) {
+				_Member &m = _members[*mid];
+				Mutex::Lock _ml(m.lock);
+
+				// Consider member if it's alive and has sent us a location and one or more physical endpoints to send peers to
+				if ( ((now - m.lastReceivedAliveAnnouncement) < ZT_CLUSTER_TIMEOUT) && ((m.x != 0)||(m.y != 0)||(m.z != 0)) && (m.zeroTierPhysicalEndpoints.size() > 0) ) {
+					const double mdist = _dist3d(m.x,m.y,m.z,px,py,pz);
+					if (mdist < bestDistance) {
+						bestDistance = mdist;
+						bestMember = *mid;
+						best = m.zeroTierPhysicalEndpoints;
+					}
+				}
+			}
+		}
+
+		// Redirect to a closer member if it has a ZeroTier endpoint address in the same ss_family
+		for(std::vector<InetAddress>::const_iterator a(best.begin());a!=best.end();++a) {
+			if (a->ss_family == peerPhysicalAddress.ss_family) {
+				TRACE("%s at [%d,%d,%d] is %f from us but %f from %u, can redirect to %s",peerAddress.toString().c_str(),px,py,pz,currentDistance,bestDistance,bestMember,a->toString().c_str());
+				redirectTo = *a;
+				return true;
+			}
+		}
+		TRACE("%s at [%d,%d,%d] is %f from us, no better endpoints found",peerAddress.toString().c_str(),px,py,pz,currentDistance);
+		return false;
+	} else {
+		// TODO: pick based on load if no location info?
+		return false;
+	}
+}
+
+void Cluster::status(ZT_ClusterStatus &status) const
+{
+	const uint64_t now = RR->node->now();
+	memset(&status,0,sizeof(ZT_ClusterStatus));
+
+	status.myId = _id;
+
+	{
+		ZT_ClusterMemberStatus *const s = &(status.members[status.clusterSize++]);
+		s->id = _id;
+		s->alive = 1;
+		s->x = _x;
+		s->y = _y;
+		s->z = _z;
+		s->load = 0; // TODO
+		s->peers = RR->topology->countActive(now);
+		for(std::vector<InetAddress>::const_iterator ep(_zeroTierPhysicalEndpoints.begin());ep!=_zeroTierPhysicalEndpoints.end();++ep) {
+			if (s->numZeroTierPhysicalEndpoints >= ZT_CLUSTER_MAX_ZT_PHYSICAL_ADDRESSES) // sanity check
+				break;
+			memcpy(&(s->zeroTierPhysicalEndpoints[s->numZeroTierPhysicalEndpoints++]),&(*ep),sizeof(struct sockaddr_storage));
+		}
+	}
+
+	{
+		Mutex::Lock _l1(_memberIds_m);
+		for(std::vector<uint16_t>::const_iterator mid(_memberIds.begin());mid!=_memberIds.end();++mid) {
+			if (status.clusterSize >= ZT_CLUSTER_MAX_MEMBERS) // sanity check
+				break;
+
+			_Member &m = _members[*mid];
+			Mutex::Lock ml(m.lock);
+
+			ZT_ClusterMemberStatus *const s = &(status.members[status.clusterSize++]);
+			s->id = *mid;
+			s->msSinceLastHeartbeat = (unsigned int)std::min((uint64_t)(~((unsigned int)0)),(now - m.lastReceivedAliveAnnouncement));
+			s->alive = (s->msSinceLastHeartbeat < ZT_CLUSTER_TIMEOUT) ? 1 : 0;
+			s->x = m.x;
+			s->y = m.y;
+			s->z = m.z;
+			s->load = m.load;
+			s->peers = m.peers;
+			for(std::vector<InetAddress>::const_iterator ep(m.zeroTierPhysicalEndpoints.begin());ep!=m.zeroTierPhysicalEndpoints.end();++ep) {
+				if (s->numZeroTierPhysicalEndpoints >= ZT_CLUSTER_MAX_ZT_PHYSICAL_ADDRESSES) // sanity check
+					break;
+				memcpy(&(s->zeroTierPhysicalEndpoints[s->numZeroTierPhysicalEndpoints++]),&(*ep),sizeof(struct sockaddr_storage));
+			}
+		}
+	}
+}
+
+void Cluster::_send(uint16_t memberId,StateMessageType type,const void *msg,unsigned int len)
+{
+	if ((len + 3) > (ZT_CLUSTER_MAX_MESSAGE_LENGTH - (24 + 2 + 2))) // sanity check
+		return;
+	_Member &m = _members[memberId];
+	// assumes m.lock is locked!
+	if ((m.q.size() + len + 3) > ZT_CLUSTER_MAX_MESSAGE_LENGTH)
+		_flush(memberId);
+	m.q.append((uint16_t)(len + 1));
+	m.q.append((uint8_t)type);
+	m.q.append(msg,len);
+}
+
+void Cluster::_flush(uint16_t memberId)
+{
+	_Member &m = _members[memberId];
+	// assumes m.lock is locked!
+	if (m.q.size() > (24 + 2 + 2)) { // 16-byte IV + 8-byte MAC + 2 byte from-member-ID + 2 byte to-member-ID
+		// Create key from member's key and IV
+		char keytmp[32];
+		memcpy(keytmp,m.key,32);
+		for(int i=0;i<8;++i)
+			keytmp[i] ^= m.q[i];
+		Salsa20 s20(keytmp,256,m.q.field(8,8));
+		Utils::burn(keytmp,sizeof(keytmp));
+
+		// One-time-use Poly1305 key from first 32 bytes of Salsa20 keystream (as per DJB/NaCl "standard")
+		char polykey[ZT_POLY1305_KEY_LEN];
+		memset(polykey,0,sizeof(polykey));
+		s20.encrypt12(polykey,polykey,sizeof(polykey));
+
+		// Encrypt m.q in place
+		s20.encrypt12(reinterpret_cast<const char *>(m.q.data()) + 24,const_cast<char *>(reinterpret_cast<const char *>(m.q.data())) + 24,m.q.size() - 24);
+
+		// Add MAC for authentication (encrypt-then-MAC)
+		char mac[ZT_POLY1305_MAC_LEN];
+		Poly1305::compute(mac,reinterpret_cast<const char *>(m.q.data()) + 24,m.q.size() - 24,polykey);
+		memcpy(m.q.field(16,8),mac,8);
+
+		// Send!
+		_sendFunction(_sendFunctionArg,memberId,m.q.data(),m.q.size());
+
+		// Prepare for more
+		m.q.clear();
+		char iv[16];
+		Utils::getSecureRandom(iv,16);
+		m.q.append(iv,16);
+		m.q.addSize(8); // room for MAC
+		m.q.append((uint16_t)_id); // from member ID
+		m.q.append((uint16_t)memberId); // to member ID
+	}
+}
+
+void Cluster::_doREMOTE_WHOIS(uint64_t fromMemberId,const Packet &remotep)
+{
+	if (remotep.payloadLength() >= ZT_ADDRESS_LENGTH) {
+		Identity queried(RR->topology->getIdentity(Address(remotep.payload(),ZT_ADDRESS_LENGTH)));
+		if (queried) {
+			Buffer<1024> routp;
+			remotep.source().appendTo(routp);
+			routp.append((uint8_t)Packet::VERB_OK);
+			routp.addSize(2); // space for length
+			routp.append((uint8_t)Packet::VERB_WHOIS);
+			routp.append(remotep.packetId());
+			queried.serialize(routp);
+			routp.setAt<uint16_t>(ZT_ADDRESS_LENGTH + 1,(uint16_t)(routp.size() - ZT_ADDRESS_LENGTH - 3));
+
+			TRACE("responding to remote WHOIS from %s @ %u with identity of %s",remotep.source().toString().c_str(),(unsigned int)fromMemberId,queried.address().toString().c_str());
+			Mutex::Lock _l2(_members[fromMemberId].lock);
+			_send(fromMemberId,CLUSTER_MESSAGE_PROXY_SEND,routp.data(),routp.size());
+		}
+	}
+}
+
+void Cluster::_doREMOTE_MULTICAST_GATHER(uint64_t fromMemberId,const Packet &remotep)
+{
+	const uint64_t nwid = remotep.at<uint64_t>(ZT_PROTO_VERB_MULTICAST_GATHER_IDX_NETWORK_ID);
+	const MulticastGroup mg(MAC(remotep.field(ZT_PROTO_VERB_MULTICAST_GATHER_IDX_MAC,6),6),remotep.at<uint32_t>(ZT_PROTO_VERB_MULTICAST_GATHER_IDX_ADI));
+	unsigned int gatherLimit = remotep.at<uint32_t>(ZT_PROTO_VERB_MULTICAST_GATHER_IDX_GATHER_LIMIT);
+	const Address remotePeerAddress(remotep.source());
+
+	if (gatherLimit) {
+		Buffer<ZT_PROTO_MAX_PACKET_LENGTH> routp;
+		remotePeerAddress.appendTo(routp);
+		routp.append((uint8_t)Packet::VERB_OK);
+		routp.addSize(2); // space for length
+		routp.append((uint8_t)Packet::VERB_MULTICAST_GATHER);
+		routp.append(remotep.packetId());
+		routp.append(nwid);
+		mg.mac().appendTo(routp);
+		routp.append((uint32_t)mg.adi());
+
+		if (gatherLimit > ((ZT_CLUSTER_MAX_MESSAGE_LENGTH - 80) / 5))
+			gatherLimit = ((ZT_CLUSTER_MAX_MESSAGE_LENGTH - 80) / 5);
+		if (RR->mc->gather(remotePeerAddress,nwid,mg,routp,gatherLimit)) {
+			routp.setAt<uint16_t>(ZT_ADDRESS_LENGTH + 1,(uint16_t)(routp.size() - ZT_ADDRESS_LENGTH - 3));
+
+			TRACE("responding to remote MULTICAST_GATHER from %s @ %u with %u bytes",remotePeerAddress.toString().c_str(),(unsigned int)fromMemberId,routp.size());
+			Mutex::Lock _l2(_members[fromMemberId].lock);
+			_send(fromMemberId,CLUSTER_MESSAGE_PROXY_SEND,routp.data(),routp.size());
+		}
+	}
+}
+
+} // namespace ZeroTier
+
+#endif // ZT_ENABLE_CLUSTER
diff --git a/node/Cluster.hpp b/node/Cluster.hpp
new file mode 100644
index 0000000..dafbf42
--- /dev/null
+++ b/node/Cluster.hpp
@@ -0,0 +1,406 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_CLUSTER_HPP
+#define ZT_CLUSTER_HPP
+
+#ifdef ZT_ENABLE_CLUSTER
+
+#include <map>
+
+#include "Constants.hpp"
+#include "../include/ZeroTierOne.h"
+#include "Address.hpp"
+#include "InetAddress.hpp"
+#include "SHA512.hpp"
+#include "Utils.hpp"
+#include "Buffer.hpp"
+#include "Mutex.hpp"
+#include "SharedPtr.hpp"
+#include "Hashtable.hpp"
+#include "Packet.hpp"
+#include "SharedPtr.hpp"
+
+/**
+ * Timeout for cluster members being considered "alive"
+ *
+ * A cluster member is considered dead and will no longer have peers
+ * redirected to it if we have not heard a heartbeat in this long.
+ */
+#define ZT_CLUSTER_TIMEOUT 5000
+
+/**
+ * Desired period between doPeriodicTasks() in milliseconds
+ */
+#define ZT_CLUSTER_PERIODIC_TASK_PERIOD 20
+
+/**
+ * How often to flush outgoing message queues (maximum interval)
+ */
+#define ZT_CLUSTER_FLUSH_PERIOD ZT_CLUSTER_PERIODIC_TASK_PERIOD
+
+/**
+ * Maximum number of queued outgoing packets per sender address
+ */
+#define ZT_CLUSTER_MAX_QUEUE_PER_SENDER 16
+
+/**
+ * Expiration time for send queue entries
+ */
+#define ZT_CLUSTER_QUEUE_EXPIRATION 3000
+
+/**
+ * Chunk size for allocating queue entries
+ *
+ * Queue entries are allocated in chunks of this many and are added to a pool.
+ * ZT_CLUSTER_MAX_QUEUE_GLOBAL must be evenly divisible by this.
+ */
+#define ZT_CLUSTER_QUEUE_CHUNK_SIZE 32
+
+/**
+ * Maximum number of chunks to ever allocate
+ *
+ * This is a global sanity limit to prevent resource exhaustion attacks. It
+ * works out to about 600mb of RAM. You'll never see this on a normal edge
+ * node. We're unlikely to see this on a root server unless someone is DOSing
+ * us. In that case cluster relaying will be affected but other functions
+ * should continue to operate normally.
+ */
+#define ZT_CLUSTER_MAX_QUEUE_CHUNKS 8194
+
+/**
+ * Max data per queue entry
+ */
+#define ZT_CLUSTER_SEND_QUEUE_DATA_MAX 1500
+
+namespace ZeroTier {
+
+class RuntimeEnvironment;
+class MulticastGroup;
+class Peer;
+class Identity;
+
+// Internal class implemented inside Cluster.cpp
+class _ClusterSendQueue;
+
+/**
+ * Multi-homing cluster state replication and packet relaying
+ *
+ * Multi-homing means more than one node sharing the same ZeroTier identity.
+ * There is nothing in the protocol to prevent this, but to make it work well
+ * requires the devices sharing an identity to cooperate and share some
+ * information.
+ *
+ * There are three use cases we want to fulfill:
+ *
+ * (1) Multi-homing of root servers with handoff for efficient routing,
+ *     HA, and load balancing across many commodity nodes.
+ * (2) Multi-homing of network controllers for the same reason.
+ * (3) Multi-homing of nodes on virtual networks, such as domain servers
+ *     and other important endpoints.
+ *
+ * These use cases are in order of escalating difficulty. The initial
+ * version of Cluster is aimed at satisfying the first, though you are
+ * free to try #2 and #3.
+ */
+class Cluster
+{
+public:
+	/**
+	 * State message types
+	 */
+	enum StateMessageType
+	{
+		CLUSTER_MESSAGE_NOP = 0,
+
+		/**
+		 * This cluster member is alive:
+		 *   <[2] version minor>
+		 *   <[2] version major>
+		 *   <[2] version revision>
+		 *   <[1] protocol version>
+		 *   <[4] X location (signed 32-bit)>
+		 *   <[4] Y location (signed 32-bit)>
+		 *   <[4] Z location (signed 32-bit)>
+		 *   <[8] local clock at this member>
+		 *   <[8] load average>
+		 *   <[8] number of peers>
+		 *   <[8] flags (currently unused, must be zero)>
+		 *   <[1] number of preferred ZeroTier endpoints>
+		 *   <[...] InetAddress(es) of preferred ZeroTier endpoint(s)>
+		 *
+		 * Cluster members constantly broadcast an alive heartbeat and will only
+		 * receive peer redirects if they've done so within the timeout.
+		 */
+		CLUSTER_MESSAGE_ALIVE = 1,
+
+		/**
+		 * Cluster member has this peer:
+		 *   <[...] serialized identity of peer>
+		 *
+		 * This is typically sent in response to WANT_PEER but can also be pushed
+		 * to prepopulate if this makes sense.
+		 */
+		CLUSTER_MESSAGE_HAVE_PEER = 2,
+
+		/**
+		 * Cluster member wants this peer:
+		 *   <[5] ZeroTier address of peer>
+		 *
+		 * Members that have a direct link to this peer will respond with
+		 * HAVE_PEER.
+		 */
+		CLUSTER_MESSAGE_WANT_PEER = 3,
+
+		/**
+		 * A remote packet that we should also possibly respond to:
+		 *   <[2] 16-bit length of remote packet>
+		 *   <[...] remote packet payload>
+		 *
+		 * Cluster members may relay requests by relaying the request packet.
+		 * These may include requests such as WHOIS and MULTICAST_GATHER. The
+		 * packet must be already decrypted, decompressed, and authenticated.
+		 *
+		 * This can only be used for small request packets as per the cluster
+		 * message size limit, but since these are the only ones in question
+		 * this is fine.
+		 *
+		 * If a response is generated it is sent via PROXY_SEND.
+		 */
+		CLUSTER_MESSAGE_REMOTE_PACKET = 4,
+
+		/**
+		 * Request that VERB_RENDEZVOUS be sent to a peer that we have:
+		 *   <[5] ZeroTier address of peer on recipient's side>
+		 *   <[5] ZeroTier address of peer on sender's side>
+		 *   <[1] 8-bit number of sender's peer's active path addresses>
+		 *   <[...] series of serialized InetAddresses of sender's peer's paths>
+		 *
+		 * This requests that we perform NAT-t introduction between a peer that
+		 * we have and one on the sender's side. The sender furnishes contact
+		 * info for its peer, and we send VERB_RENDEZVOUS to both sides: to ours
+		 * directly and with PROXY_SEND to theirs.
+		 */
+		CLUSTER_MESSAGE_PROXY_UNITE = 5,
+
+		/**
+		 * Request that a cluster member send a packet to a locally-known peer:
+		 *   <[5] ZeroTier address of recipient>
+		 *   <[1] packet verb>
+		 *   <[2] length of packet payload>
+		 *   <[...] packet payload>
+		 *
+		 * This differs from RELAY in that it requests the receiving cluster
+		 * member to actually compose a ZeroTier Packet from itself to the
+		 * provided recipient. RELAY simply says "please forward this blob."
+		 * RELAY is used to implement peer-to-peer relaying with RENDEZVOUS,
+		 * while PROXY_SEND is used to implement proxy sending (which right
+		 * now is only used to send RENDEZVOUS).
+		 */
+		CLUSTER_MESSAGE_PROXY_SEND = 6,
+
+		/**
+		 * Replicate a network config for a network we belong to:
+		 *   <[8] 64-bit network ID>
+		 *   <[2] 16-bit length of network config>
+		 *   <[...] serialized network config>
+		 *
+		 * This is used by clusters to avoid every member having to query
+		 * for the same netconf for networks all members belong to.
+		 *
+		 * TODO: not implemented yet!
+		 */
+		CLUSTER_MESSAGE_NETWORK_CONFIG = 7
+	};
+
+	/**
+	 * Construct a new cluster
+	 */
+	Cluster(
+		const RuntimeEnvironment *renv,
+		uint16_t id,
+		const std::vector<InetAddress> &zeroTierPhysicalEndpoints,
+		int32_t x,
+		int32_t y,
+		int32_t z,
+		void (*sendFunction)(void *,unsigned int,const void *,unsigned int),
+		void *sendFunctionArg,
+		int (*addressToLocationFunction)(void *,const struct sockaddr_storage *,int *,int *,int *),
+		void *addressToLocationFunctionArg);
+
+	~Cluster();
+
+	/**
+	 * @return This cluster member's ID
+	 */
+	inline uint16_t id() const throw() { return _id; }
+
+	/**
+	 * Handle an incoming intra-cluster message
+	 *
+	 * @param data Message data
+	 * @param len Message length (max: ZT_CLUSTER_MAX_MESSAGE_LENGTH)
+	 */
+	void handleIncomingStateMessage(const void *msg,unsigned int len);
+
+	/**
+	 * Broadcast that we have a given peer
+	 *
+	 * This should be done when new peers are first contacted.
+	 *
+	 * @param id Identity of peer
+	 */
+	void broadcastHavePeer(const Identity &id);
+
+	/**
+	 * Send this packet via another node in this cluster if another node has this peer
+	 *
+	 * This is used in the outgoing packet and relaying logic in Switch to
+	 * relay packets to other cluster members. It isn't PROXY_SEND-- that is
+	 * used internally in Cluster to send responses to peer queries.
+	 *
+	 * @param fromPeerAddress Source peer address (if known, should be NULL for fragments)
+	 * @param toPeerAddress Destination peer address
+	 * @param data Packet or packet fragment data
+	 * @param len Length of packet or fragment
+	 * @param unite If true, also request proxy unite across cluster
+	 */
+	void sendViaCluster(const Address &fromPeerAddress,const Address &toPeerAddress,const void *data,unsigned int len,bool unite);
+
+	/**
+	 * Send a distributed query to other cluster members
+	 *
+	 * Some queries such as WHOIS or MULTICAST_GATHER need a response from other
+	 * cluster members. Replies (if any) will be sent back to the peer via
+	 * PROXY_SEND across the cluster.
+	 *
+	 * @param pkt Packet to distribute
+	 */
+	void sendDistributedQuery(const Packet &pkt);
+
+	/**
+	 * Call every ~ZT_CLUSTER_PERIODIC_TASK_PERIOD milliseconds.
+	 */
+	void doPeriodicTasks();
+
+	/**
+	 * Add a member ID to this cluster
+	 *
+	 * @param memberId Member ID
+	 */
+	void addMember(uint16_t memberId);
+
+	/**
+	 * Remove a member ID from this cluster
+	 *
+	 * @param memberId Member ID to remove
+	 */
+	void removeMember(uint16_t memberId);
+
+	/**
+	 * Find a better cluster endpoint for this peer (if any)
+	 *
+	 * @param redirectTo InetAddress to be set to a better endpoint (if there is one)
+	 * @param peerAddress Address of peer to (possibly) redirect
+	 * @param peerPhysicalAddress Physical address of peer's current best path (where packet was most recently received or getBestPath()->address())
+	 * @param offload Always redirect if possible -- can be used to offload peers during shutdown
+	 * @return True if redirectTo was set to a new address, false if redirectTo was not modified
+	 */
+	bool findBetterEndpoint(InetAddress &redirectTo,const Address &peerAddress,const InetAddress &peerPhysicalAddress,bool offload);
+
+	/**
+	 * Fill out ZT_ClusterStatus structure (from core API)
+	 *
+	 * @param status Reference to structure to hold result (anything there is replaced)
+	 */
+	void status(ZT_ClusterStatus &status) const;
+
+private:
+	void _send(uint16_t memberId,StateMessageType type,const void *msg,unsigned int len);
+	void _flush(uint16_t memberId);
+
+	void _doREMOTE_WHOIS(uint64_t fromMemberId,const Packet &remotep);
+	void _doREMOTE_MULTICAST_GATHER(uint64_t fromMemberId,const Packet &remotep);
+
+	// These are initialized in the constructor and remain immutable ------------
+	uint16_t _masterSecret[ZT_SHA512_DIGEST_LEN / sizeof(uint16_t)];
+	unsigned char _key[ZT_PEER_SECRET_KEY_LENGTH];
+	const RuntimeEnvironment *RR;
+	_ClusterSendQueue *const _sendQueue;
+	void (*_sendFunction)(void *,unsigned int,const void *,unsigned int);
+	void *_sendFunctionArg;
+	int (*_addressToLocationFunction)(void *,const struct sockaddr_storage *,int *,int *,int *);
+	void *_addressToLocationFunctionArg;
+	const int32_t _x;
+	const int32_t _y;
+	const int32_t _z;
+	const uint16_t _id;
+	const std::vector<InetAddress> _zeroTierPhysicalEndpoints;
+	// end immutable fields -----------------------------------------------------
+
+	struct _Member
+	{
+		unsigned char key[ZT_PEER_SECRET_KEY_LENGTH];
+
+		uint64_t lastReceivedAliveAnnouncement;
+		uint64_t lastAnnouncedAliveTo;
+
+		uint64_t load;
+		uint64_t peers;
+		int32_t x,y,z;
+
+		std::vector<InetAddress> zeroTierPhysicalEndpoints;
+
+		Buffer<ZT_CLUSTER_MAX_MESSAGE_LENGTH> q;
+
+		Mutex lock;
+
+		inline void clear()
+		{
+			lastReceivedAliveAnnouncement = 0;
+			lastAnnouncedAliveTo = 0;
+			load = 0;
+			peers = 0;
+			x = 0;
+			y = 0;
+			z = 0;
+			zeroTierPhysicalEndpoints.clear();
+			q.clear();
+		}
+
+		_Member() { this->clear(); }
+		~_Member() { Utils::burn(key,sizeof(key)); }
+	};
+	_Member *const _members;
+
+	std::vector<uint16_t> _memberIds;
+	Mutex _memberIds_m;
+
+	std::map< std::pair<Address,unsigned int>,uint64_t > _remotePeers; // we need ordered behavior and lower_bound here
+	Mutex _remotePeers_m;
+
+	uint64_t _lastFlushed;
+	uint64_t _lastCleanedRemotePeers;
+	uint64_t _lastCleanedQueue;
+};
+
+} // namespace ZeroTier
+
+#endif // ZT_ENABLE_CLUSTER
+
+#endif
diff --git a/node/Constants.hpp b/node/Constants.hpp
new file mode 100644
index 0000000..dc36b3a
--- /dev/null
+++ b/node/Constants.hpp
@@ -0,0 +1,396 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_CONSTANTS_HPP
+#define ZT_CONSTANTS_HPP
+
+#include "../include/ZeroTierOne.h"
+
+//
+// This include file also auto-detects and canonicalizes some environment
+// information defines:
+//
+// __LINUX__
+// __APPLE__
+// __BSD__ (OSX also defines this)
+// __UNIX_LIKE__ (Linux, BSD, etc.)
+// __WINDOWS__
+//
+// Also makes sure __BYTE_ORDER is defined reasonably.
+//
+
+// Hack: make sure __GCC__ is defined on old GCC compilers
+#ifndef __GCC__
+#if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1) || defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2) || defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4)
+#define __GCC__
+#endif
+#endif
+
+#if defined(__linux__) || defined(linux) || defined(__LINUX__) || defined(__linux)
+#ifndef __LINUX__
+#define __LINUX__
+#endif
+#ifndef __UNIX_LIKE__
+#define __UNIX_LIKE__
+#endif
+#include <endian.h>
+#endif
+
+#ifdef __APPLE__
+#include <TargetConditionals.h>
+#ifndef __UNIX_LIKE__
+#define __UNIX_LIKE__
+#endif
+#ifndef __BSD__
+#define __BSD__
+#endif
+#include <machine/endian.h>
+#endif
+
+// Defined this macro to disable "type punning" on a number of targets that
+// have issues with unaligned memory access.
+#if defined(__arm__) || defined(__ARMEL__) || (defined(__APPLE__) && ( (defined(TARGET_OS_IPHONE) && (TARGET_OS_IPHONE != 0)) || (defined(TARGET_OS_WATCH) && (TARGET_OS_WATCH != 0)) || (defined(TARGET_IPHONE_SIMULATOR) && (TARGET_IPHONE_SIMULATOR != 0)) ) )
+#ifndef ZT_NO_TYPE_PUNNING
+#define ZT_NO_TYPE_PUNNING
+#endif
+#endif
+
+#if defined(__FreeBSD__) || defined(__OpenBSD__)
+#ifndef __UNIX_LIKE__
+#define __UNIX_LIKE__
+#endif
+#ifndef __BSD__
+#define __BSD__
+#endif
+#include <machine/endian.h>
+#ifndef __BYTE_ORDER
+#define __BYTE_ORDER _BYTE_ORDER
+#define __LITTLE_ENDIAN _LITTLE_ENDIAN
+#define __BIG_ENDIAN _BIG_ENDIAN
+#endif
+#endif
+
+#if defined(_WIN32) || defined(_WIN64)
+#ifndef __WINDOWS__
+#define __WINDOWS__
+#endif
+#ifndef NOMINMAX
+#define NOMINMAX
+#endif
+#pragma warning(disable : 4290)
+#pragma warning(disable : 4996)
+#pragma warning(disable : 4101)
+#undef __UNIX_LIKE__
+#undef __BSD__
+#define ZT_PATH_SEPARATOR '\\'
+#define ZT_PATH_SEPARATOR_S "\\"
+#define ZT_EOL_S "\r\n"
+#include <WinSock2.h>
+#include <Windows.h>
+#endif
+
+// Assume little endian if not defined
+#if (defined(__APPLE__) || defined(__WINDOWS__)) && (!defined(__BYTE_ORDER))
+#undef __BYTE_ORDER
+#undef __LITTLE_ENDIAN
+#undef __BIG_ENDIAN
+#define __BIG_ENDIAN 4321
+#define __LITTLE_ENDIAN 1234
+#define __BYTE_ORDER 1234
+#endif
+
+#ifdef __UNIX_LIKE__
+#define ZT_PATH_SEPARATOR '/'
+#define ZT_PATH_SEPARATOR_S "/"
+#define ZT_EOL_S "\n"
+#endif
+
+#ifndef __BYTE_ORDER
+#include <endian.h>
+#endif
+
+/**
+ * Length of a ZeroTier address in bytes
+ */
+#define ZT_ADDRESS_LENGTH 5
+
+/**
+ * Length of a hexadecimal ZeroTier address
+ */
+#define ZT_ADDRESS_LENGTH_HEX 10
+
+/**
+ * Addresses beginning with this byte are reserved for the joy of in-band signaling
+ */
+#define ZT_ADDRESS_RESERVED_PREFIX 0xff
+
+/**
+ * Default payload MTU for UDP packets
+ *
+ * In the future we might support UDP path MTU discovery, but for now we
+ * set a maximum that is equal to 1500 minus 8 (for PPPoE overhead, common
+ * in some markets) minus 48 (IPv6 UDP overhead).
+ */
+#define ZT_UDP_DEFAULT_PAYLOAD_MTU 1444
+
+/**
+ * Default MTU used for Ethernet tap device
+ */
+#define ZT_IF_MTU ZT_MAX_MTU
+
+/**
+ * Maximum number of packet fragments we'll support
+ *
+ * The actual spec allows 16, but this is the most we'll support right
+ * now. Packets with more than this many fragments are dropped.
+ */
+#define ZT_MAX_PACKET_FRAGMENTS 4
+
+/**
+ * Size of RX queue
+ *
+ * This is about 2mb, and can be decreased for small devices. A queue smaller
+ * than about 4 is probably going to cause a lot of lost packets.
+ */
+#define ZT_RX_QUEUE_SIZE 64
+
+/**
+ * RX queue entries older than this do not "exist"
+ */
+#define ZT_RX_QUEUE_EXPIRE 4000
+
+/**
+ * Length of secret key in bytes -- 256-bit -- do not change
+ */
+#define ZT_PEER_SECRET_KEY_LENGTH 32
+
+/**
+ * How often Topology::clean() and Network::clean() and similar are called, in ms
+ */
+#define ZT_HOUSEKEEPING_PERIOD 120000
+
+/**
+ * Overriding granularity for timer tasks to prevent CPU-intensive thrashing on every packet
+ */
+#define ZT_CORE_TIMER_TASK_GRANULARITY 500
+
+/**
+ * How long to remember peer records in RAM if they haven't been used
+ */
+#define ZT_PEER_IN_MEMORY_EXPIRATION 600000
+
+/**
+ * Delay between WHOIS retries in ms
+ */
+#define ZT_WHOIS_RETRY_DELAY 1000
+
+/**
+ * Maximum identity WHOIS retries (each attempt tries consulting a different peer)
+ */
+#define ZT_MAX_WHOIS_RETRIES 3
+
+/**
+ * Transmit queue entry timeout
+ */
+#define ZT_TRANSMIT_QUEUE_TIMEOUT (ZT_WHOIS_RETRY_DELAY * (ZT_MAX_WHOIS_RETRIES + 1))
+
+/**
+ * Receive queue entry timeout
+ */
+#define ZT_RECEIVE_QUEUE_TIMEOUT (ZT_WHOIS_RETRY_DELAY * (ZT_MAX_WHOIS_RETRIES + 1))
+
+/**
+ * Maximum number of ZT hops allowed (this is not IP hops/TTL)
+ *
+ * The protocol allows up to 7, but we limit it to something smaller.
+ */
+#define ZT_RELAY_MAX_HOPS 3
+
+/**
+ * Expire time for multicast 'likes' and indirect multicast memberships in ms
+ */
+#define ZT_MULTICAST_LIKE_EXPIRE 600000
+
+/**
+ * Delay between explicit MULTICAST_GATHER requests for a given multicast channel
+ */
+#define ZT_MULTICAST_EXPLICIT_GATHER_DELAY (ZT_MULTICAST_LIKE_EXPIRE / 10)
+
+/**
+ * Timeout for outgoing multicasts
+ *
+ * This is how long we wait for explicit or implicit gather results.
+ */
+#define ZT_MULTICAST_TRANSMIT_TIMEOUT 5000
+
+/**
+ * Default maximum number of peers to address with a single multicast (if unspecified in network config)
+ */
+#define ZT_MULTICAST_DEFAULT_LIMIT 32
+
+/**
+ * How frequently to send a zero-byte UDP keepalive packet
+ *
+ * There are NATs with timeouts as short as 20 seconds, so this turns out
+ * to be needed.
+ */
+#define ZT_NAT_KEEPALIVE_DELAY 19000
+
+/**
+ * Delay between scans of the topology active peer DB for peers that need ping
+ *
+ * This is also how often pings will be retried to upstream peers (relays, roots)
+ * constantly until something is heard.
+ */
+#define ZT_PING_CHECK_INVERVAL 9500
+
+/**
+ * Delay between ordinary case pings of direct links
+ */
+#define ZT_PEER_DIRECT_PING_DELAY 60000
+
+/**
+ * Timeout for overall peer activity (measured from last receive)
+ */
+#define ZT_PEER_ACTIVITY_TIMEOUT 500000
+
+/**
+ * Timeout for path activity
+ */
+#define ZT_PATH_ACTIVITY_TIMEOUT ZT_PEER_ACTIVITY_TIMEOUT
+
+/**
+ * No answer timeout to trigger dead path detection
+ */
+#define ZT_PEER_DEAD_PATH_DETECTION_NO_ANSWER_TIMEOUT 2000
+
+/**
+ * Probation threshold after which a path becomes dead
+ */
+#define ZT_PEER_DEAD_PATH_DETECTION_MAX_PROBATION 3
+
+/**
+ * Delay between requests for updated network autoconf information
+ *
+ * Don't lengthen this as it affects things like QoS / uptime monitoring
+ * via ZeroTier Central. This is the heartbeat, basically.
+ */
+#define ZT_NETWORK_AUTOCONF_DELAY 60000
+
+/**
+ * Minimum interval between attempts by relays to unite peers
+ *
+ * When a relay gets a packet destined for another peer, it sends both peers
+ * a RENDEZVOUS message no more than this often. This instructs the peers
+ * to attempt NAT-t and gives each the other's corresponding IP:port pair.
+ */
+#define ZT_MIN_UNITE_INTERVAL 30000
+
+/**
+ * Delay between initial direct NAT-t packet and more aggressive techniques
+ *
+ * This may also be a delay before sending the first packet if we determine
+ * that we should wait for the remote to initiate rendezvous first.
+ */
+#define ZT_NAT_T_TACTICAL_ESCALATION_DELAY 1000
+
+/**
+ * How long (max) to remember network certificates of membership?
+ *
+ * This only applies to networks we don't belong to.
+ */
+#define ZT_PEER_NETWORK_COM_EXPIRATION 3600000
+
+/**
+ * Sanity limit on maximum bridge routes
+ *
+ * If the number of bridge routes exceeds this, we cull routes from the
+ * bridges with the most MACs behind them until it doesn't. This is a
+ * sanity limit to prevent memory-filling DOS attacks, nothing more. No
+ * physical LAN has anywhere even close to this many nodes. Note that this
+ * does not limit the size of ZT virtual LANs, only bridge routing.
+ */
+#define ZT_MAX_BRIDGE_ROUTES 67108864
+
+/**
+ * If there is no known route, spam to up to this many active bridges
+ */
+#define ZT_MAX_BRIDGE_SPAM 16
+
+/**
+ * Interval between direct path pushes in milliseconds
+ */
+#define ZT_DIRECT_PATH_PUSH_INTERVAL 120000
+
+/**
+ * Time horizon for push direct paths cutoff
+ */
+#define ZT_PUSH_DIRECT_PATHS_CUTOFF_TIME 60000
+
+/**
+ * Maximum number of direct path pushes within cutoff time
+ *
+ * This limits response to PUSH_DIRECT_PATHS to CUTOFF_LIMIT responses
+ * per CUTOFF_TIME milliseconds per peer to prevent this from being
+ * useful for DOS amplification attacks.
+ */
+#define ZT_PUSH_DIRECT_PATHS_CUTOFF_LIMIT 5
+
+/**
+ * Maximum number of paths per IP scope (e.g. global, link-local) and family (e.g. v4/v6)
+ */
+#define ZT_PUSH_DIRECT_PATHS_MAX_PER_SCOPE_AND_FAMILY 4
+
+/**
+ * Enable support for old Dictionary based network configs
+ */
+#define ZT_SUPPORT_OLD_STYLE_NETCONF 1
+
+/**
+ * A test pseudo-network-ID that can be joined
+ *
+ * Joining this network ID will result in a network with no IP addressing
+ * and default parameters. No network configuration master will be consulted
+ * and instead a static config will be used. This is used in built-in testnet
+ * scenarios and can also be used for external testing.
+ *
+ * This is an impossible real network ID since 0xff is a reserved address
+ * prefix.
+ */
+#define ZT_TEST_NETWORK_ID 0xffffffffffffffffULL
+
+/**
+ * Desired buffer size for UDP sockets (used in service and osdep but defined here)
+ */
+#if (defined(__amd64) || defined(__amd64__) || defined(__x86_64) || defined(__x86_64__) || defined(__AMD64) || defined(__AMD64__))
+#define ZT_UDP_DESIRED_BUF_SIZE 1048576
+#else
+#define ZT_UDP_DESIRED_BUF_SIZE 131072
+#endif
+
+/* Ethernet frame types that might be relevant to us */
+#define ZT_ETHERTYPE_IPV4 0x0800
+#define ZT_ETHERTYPE_ARP 0x0806
+#define ZT_ETHERTYPE_RARP 0x8035
+#define ZT_ETHERTYPE_ATALK 0x809b
+#define ZT_ETHERTYPE_AARP 0x80f3
+#define ZT_ETHERTYPE_IPX_A 0x8137
+#define ZT_ETHERTYPE_IPX_B 0x8138
+#define ZT_ETHERTYPE_IPV6 0x86dd
+
+#endif
diff --git a/node/DeferredPackets.cpp b/node/DeferredPackets.cpp
new file mode 100644
index 0000000..192b407
--- /dev/null
+++ b/node/DeferredPackets.cpp
@@ -0,0 +1,100 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "Constants.hpp"
+#include "DeferredPackets.hpp"
+#include "IncomingPacket.hpp"
+#include "RuntimeEnvironment.hpp"
+#include "Node.hpp"
+
+namespace ZeroTier {
+
+DeferredPackets::DeferredPackets(const RuntimeEnvironment *renv) :
+	RR(renv),
+	_waiting(0),
+	_die(false)
+{
+}
+
+DeferredPackets::~DeferredPackets()
+{
+	_q_m.lock();
+	_die = true;
+	_q_m.unlock();
+
+	for(;;) {
+		_q_s.post();
+
+		_q_m.lock();
+		if (_waiting <= 0) {
+			_q_m.unlock();
+			break;
+		} else {
+			_q_m.unlock();
+		}
+	}
+}
+
+bool DeferredPackets::enqueue(IncomingPacket *pkt)
+{
+	{
+		Mutex::Lock _l(_q_m);
+		if (_q.size() >= ZT_DEFFEREDPACKETS_MAX)
+			return false;
+		_q.push_back(*pkt);
+	}
+	_q_s.post();
+	return true;
+}
+
+int DeferredPackets::process()
+{
+	std::list<IncomingPacket> pkt;
+
+	_q_m.lock();
+
+	if (_die) {
+		_q_m.unlock();
+		return -1;
+	}
+
+	while (_q.empty()) {
+		++_waiting;
+		_q_m.unlock();
+		_q_s.wait();
+		_q_m.lock();
+		--_waiting;
+		if (_die) {
+			_q_m.unlock();
+			return -1;
+		}
+	}
+
+	// Move item from _q list to a dummy list here to avoid copying packet
+	pkt.splice(pkt.end(),_q,_q.begin());
+
+	_q_m.unlock();
+
+	try {
+		pkt.front().tryDecode(RR,true);
+	} catch ( ... ) {} // drop invalids
+
+	return 1;
+}
+
+} // namespace ZeroTier
diff --git a/node/DeferredPackets.hpp b/node/DeferredPackets.hpp
new file mode 100644
index 0000000..a985539
--- /dev/null
+++ b/node/DeferredPackets.hpp
@@ -0,0 +1,85 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_DEFERREDPACKETS_HPP
+#define ZT_DEFERREDPACKETS_HPP
+
+#include <list>
+
+#include "Constants.hpp"
+#include "SharedPtr.hpp"
+#include "Mutex.hpp"
+#include "DeferredPackets.hpp"
+#include "BinarySemaphore.hpp"
+
+/**
+ * Maximum number of deferred packets
+ */
+#define ZT_DEFFEREDPACKETS_MAX 256
+
+namespace ZeroTier {
+
+class IncomingPacket;
+class RuntimeEnvironment;
+
+/**
+ * Deferred packets
+ *
+ * IncomingPacket can defer its decoding this way by enqueueing itself here.
+ * When this is done, deferredDecode() is called later. This is done for
+ * operations that may be expensive to allow them to potentially be handled
+ * in the background or rate limited to maintain quality of service for more
+ * routine operations.
+ */
+class DeferredPackets
+{
+public:
+	DeferredPackets(const RuntimeEnvironment *renv);
+	~DeferredPackets();
+
+	/**
+	 * Enqueue a packet
+	 *
+	 * @param pkt Packet to process later (possibly in the background)
+	 * @return False if queue is full
+	 */
+	bool enqueue(IncomingPacket *pkt);
+
+	/**
+	 * Wait for and then process a deferred packet
+	 *
+	 * If we are shutting down (in destructor), this returns -1 and should
+	 * not be called again. Otherwise it returns the number of packets
+	 * processed.
+	 *
+	 * @return Number processed or -1 if shutting down
+	 */
+	int process();
+
+private:
+	std::list<IncomingPacket> _q;
+	const RuntimeEnvironment *const RR;
+ 	volatile int _waiting;
+	volatile bool _die;
+	Mutex _q_m;
+	BinarySemaphore _q_s;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/Dictionary.hpp b/node/Dictionary.hpp
new file mode 100644
index 0000000..59fc4bb
--- /dev/null
+++ b/node/Dictionary.hpp
@@ -0,0 +1,462 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_DICTIONARY_HPP
+#define ZT_DICTIONARY_HPP
+
+#include "Constants.hpp"
+#include "Utils.hpp"
+#include "Buffer.hpp"
+#include "Address.hpp"
+
+#include <stdint.h>
+
+namespace ZeroTier {
+
+/**
+ * A small (in code and data) packed key=value store
+ *
+ * This stores data in the form of a compact blob that is sort of human
+ * readable (depending on whether you put binary data in it) and is backward
+ * compatible with older versions. Binary data is escaped such that the
+ * serialized form of a Dictionary is always a valid null-terminated C string.
+ *
+ * Keys are restricted: no binary data, no CR/LF, and no equals (=). If a key
+ * contains these characters it may not be retrievable. This is not checked.
+ *
+ * Lookup is via linear search and will be slow with a lot of keys. It's
+ * designed for small things.
+ *
+ * There is code to test and fuzz this in selftest.cpp. Fuzzing a blob of
+ * pointer tricks like this is important after any modifications.
+ *
+ * This is used for network configurations and for saving some things on disk
+ * in the ZeroTier One service code.
+ *
+ * @tparam C Dictionary max capacity in bytes
+ */
+template<unsigned int C>
+class Dictionary
+{
+public:
+	Dictionary()
+	{
+		_d[0] = (char)0;
+	}
+
+	Dictionary(const char *s)
+	{
+		Utils::scopy(_d,sizeof(_d),s);
+	}
+
+	Dictionary(const char *s,unsigned int len)
+	{
+		if (len > (C-1))
+			len = C-1;
+		memcpy(_d,s,len);
+		_d[len] = (char)0;
+	}
+
+	Dictionary(const Dictionary &d)
+	{
+		Utils::scopy(_d,sizeof(_d),d._d);
+	}
+
+	inline Dictionary &operator=(const Dictionary &d)
+	{
+		Utils::scopy(_d,sizeof(_d),d._d);
+		return *this;
+	}
+
+	/**
+	 * Load a dictionary from a C-string
+	 *
+	 * @param s Dictionary in string form
+	 * @return False if 's' was longer than our capacity
+	 */
+	inline bool load(const char *s)
+	{
+		return Utils::scopy(_d,sizeof(_d),s);
+	}
+
+	/**
+	 * Delete all entries
+	 */
+	inline void clear()
+	{
+		_d[0] = (char)0;
+	}
+
+	/**
+	 * @return Size of dictionary in bytes not including terminating NULL
+	 */
+	inline unsigned int sizeBytes() const
+	{
+		for(unsigned int i=0;i<C;++i) {
+			if (!_d[i])
+				return i;
+		}
+		return C-1;
+	}
+
+	/**
+	 * Get an entry
+	 *
+	 * Note that to get binary values, dest[] should be at least one more than
+	 * the maximum size of the value being retrieved. That's because even if
+	 * the data is binary a terminating 0 is still appended to dest[] after it.
+	 *
+	 * If the key is not found, dest[0] is set to 0 to make dest[] an empty
+	 * C string in that case. The dest[] array will *never* be unterminated
+	 * after this call.
+	 *
+	 * Security note: if 'key' is ever directly based on anything that is not
+	 * a hard-code or internally-generated name, it must be checked to ensure
+	 * that the buffer is NULL-terminated since key[] does not take a secondary
+	 * size parameter. In NetworkConfig all keys are hard-coded strings so this
+	 * isn't a problem in the core.
+	 *
+	 * @param key Key to look up
+	 * @param dest Destination buffer
+	 * @param destlen Size of destination buffer
+	 * @return -1 if not found, or actual number of bytes stored in dest[] minus trailing 0
+	 */
+	inline int get(const char *key,char *dest,unsigned int destlen) const
+	{
+		const char *p = _d;
+		const char *const eof = p + C;
+		const char *k;
+		bool esc;
+		int j;
+
+		if (!destlen) // sanity check
+			return -1;
+
+		while (*p) {
+			k = key;
+			while ((*k)&&(*p)) {
+				if (*p != *k)
+					break;
+				++k;
+				if (++p == eof) {
+					dest[0] = (char)0;
+					return -1;
+				}
+			}
+
+			if ((!*k)&&(*p == '=')) {
+				j = 0;
+				esc = false;
+				++p;
+				while ((*p != 0)&&(*p != '\r')&&(*p != '\n')) {
+					if (esc) {
+						esc = false;
+						switch(*p) {
+							case 'r': dest[j++] = '\r'; break;
+							case 'n': dest[j++] = '\n'; break;
+							case '0': dest[j++] = (char)0; break;
+							case 'e': dest[j++] = '='; break;
+							default: dest[j++] = *p; break;
+						}
+						if (j == (int)destlen) {
+							dest[j-1] = (char)0;
+							return j-1;
+						}
+					} else if (*p == '\\') {
+						esc = true;
+					} else {
+						dest[j++] = *p;
+						if (j == (int)destlen) {
+							dest[j-1] = (char)0;
+							return j-1;
+						}
+					}
+					if (++p == eof) {
+						dest[0] = (char)0;
+						return -1;
+					}
+				}
+				dest[j] = (char)0;
+				return j;
+			} else {
+				while ((*p)&&(*p != '\r')&&(*p != '\n')) {
+					if (++p == eof) {
+						dest[0] = (char)0;
+						return -1;
+					}
+				}
+				if (*p) {
+					if (++p == eof) {
+						dest[0] = (char)0;
+						return -1;
+					}
+				}
+				else break;
+			}
+		}
+
+		dest[0] = (char)0;
+		return -1;
+	}
+
+	/**
+	 * Get the contents of a key into a buffer
+	 *
+	 * @param key Key to get
+	 * @param dest Destination buffer
+	 * @return True if key was found (if false, dest will be empty)
+	 * @tparam BC Buffer capacity (usually inferred)
+	 */
+	template<unsigned int BC>
+	inline bool get(const char *key,Buffer<BC> &dest) const
+	{
+		const int r = this->get(key,const_cast<char *>(reinterpret_cast<const char *>(dest.data())),BC);
+		if (r >= 0) {
+			dest.setSize((unsigned int)r);
+			return true;
+		} else {
+			dest.clear();
+			return false;
+		}
+	}
+
+	/**
+	 * Get a boolean value
+	 *
+	 * @param key Key to look up
+	 * @param dfl Default value if not found in dictionary
+	 * @return Boolean value of key or 'dfl' if not found
+	 */
+	bool getB(const char *key,bool dfl = false) const
+	{
+		char tmp[4];
+		if (this->get(key,tmp,sizeof(tmp)) >= 0)
+			return ((*tmp == '1')||(*tmp == 't')||(*tmp == 'T'));
+		return dfl;
+	}
+
+	/**
+	 * Get an unsigned int64 stored as hex in the dictionary
+	 *
+	 * @param key Key to look up
+	 * @param dfl Default value or 0 if unspecified
+	 * @return Decoded hex UInt value or 'dfl' if not found
+	 */
+	inline uint64_t getUI(const char *key,uint64_t dfl = 0) const
+	{
+		char tmp[128];
+		if (this->get(key,tmp,sizeof(tmp)) >= 1)
+			return Utils::hexStrToU64(tmp);
+		return dfl;
+	}
+
+	/**
+	 * Add a new key=value pair
+	 *
+	 * If the key is already present this will append another, but the first
+	 * will always be returned by get(). This is not checked. If you want to
+	 * ensure a key is not present use erase() first.
+	 *
+	 * Use the vlen parameter to add binary values. Nulls will be escaped.
+	 *
+	 * @param key Key -- nulls, CR/LF, and equals (=) are illegal characters
+	 * @param value Value to set
+	 * @param vlen Length of value in bytes or -1 to treat value[] as a C-string and look for terminating 0
+	 * @return True if there was enough room to add this key=value pair
+	 */
+	inline bool add(const char *key,const char *value,int vlen = -1)
+	{
+		for(unsigned int i=0;i<C;++i) {
+			if (!_d[i]) {
+				unsigned int j = i;
+
+				if (j > 0) {
+					_d[j++] = '\n';
+					if (j == C) {
+						_d[i] = (char)0;
+						return false;
+					}
+				}
+
+				const char *p = key;
+				while (*p) {
+					_d[j++] = *(p++);
+					if (j == C) {
+						_d[i] = (char)0;
+						return false;
+					}
+				}
+
+				_d[j++] = '=';
+				if (j == C) {
+					_d[i] = (char)0;
+					return false;
+				}
+
+				p = value;
+				int k = 0;
+				while ( ((vlen < 0)&&(*p)) || (k < vlen) ) {
+					switch(*p) {
+						case 0:
+						case '\r':
+						case '\n':
+						case '\\':
+						case '=':
+							_d[j++] = '\\';
+							if (j == C) {
+								_d[i] = (char)0;
+								return false;
+							}
+							switch(*p) {
+								case 0: _d[j++] = '0'; break;
+								case '\r': _d[j++] = 'r'; break;
+								case '\n': _d[j++] = 'n'; break;
+								case '\\': _d[j++] = '\\'; break;
+								case '=': _d[j++] = 'e'; break;
+							}
+							if (j == C) {
+								_d[i] = (char)0;
+								return false;
+							}
+							break;
+						default:
+							_d[j++] = *p;
+							if (j == C) {
+								_d[i] = (char)0;
+								return false;
+							}
+							break;
+					}
+					++p;
+					++k;
+				}
+
+				_d[j] = (char)0;
+
+				return true;
+			}
+		}
+		return false;
+	}
+
+	/**
+	 * Add a boolean as a '1' or a '0'
+	 */
+	inline bool add(const char *key,bool value)
+	{
+		return this->add(key,(value) ? "1" : "0",1);
+	}
+
+	/** 
+	 * Add a 64-bit integer (unsigned) as a hex value
+	 */
+	inline bool add(const char *key,uint64_t value)
+	{
+		char tmp[32];
+		Utils::snprintf(tmp,sizeof(tmp),"%llx",(unsigned long long)value);
+		return this->add(key,tmp,-1);
+	}
+
+	/** 
+	 * Add a 64-bit integer (unsigned) as a hex value
+	 */
+	inline bool add(const char *key,const Address &a)
+	{
+		char tmp[32];
+		Utils::snprintf(tmp,sizeof(tmp),"%.10llx",(unsigned long long)a.toInt());
+		return this->add(key,tmp,-1);
+	}
+
+	/**
+	 * Add a binary buffer's contents as a value
+	 *
+	 * @tparam BC Buffer capacity (usually inferred)
+	 */
+	template<unsigned int BC>
+	inline bool add(const char *key,const Buffer<BC> &value)
+	{
+		return this->add(key,(const char *)value.data(),(int)value.size());
+	}
+
+	/**
+	 * @param key Key to check
+	 * @return True if key is present
+	 */
+	inline bool contains(const char *key) const
+	{
+		char tmp[2];
+		return (this->get(key,tmp,2) >= 0);
+	}
+
+	/**
+	 * Erase a key from this dictionary
+	 *
+	 * Use this before add() to ensure that a key is replaced if it might
+	 * already be present.
+	 *
+	 * @param key Key to erase
+	 * @return True if key was found and erased
+	 */
+	inline bool erase(const char *key)
+	{
+		char d2[C];
+		char *saveptr = (char *)0;
+		unsigned int d2ptr = 0;
+		bool found = false;
+		for(char *f=Utils::stok(_d,"\r\n",&saveptr);(f);f=Utils::stok((char *)0,"\r\n",&saveptr)) {
+			if (*f) {
+				const char *p = f;
+				const char *k = key;
+				while ((*k)&&(*p)) {
+					if (*k != *p)
+						break;
+					++k;
+					++p;
+				}
+				if (*k) {
+					p = f;
+					while (*p)
+						d2[d2ptr++] = *(p++);
+					d2[d2ptr++] = '\n';
+				} else {
+					found = true;
+				}
+			}
+		}
+		d2[d2ptr++] = (char)0;
+		memcpy(_d,d2,d2ptr);
+		return found;
+	}
+
+	/**
+	 * @return Dictionary data as a 0-terminated C-string
+	 */
+	inline const char *data() const { return _d; }
+
+	/**
+	 * @return Value of C template parameter
+	 */
+	inline unsigned int capacity() const { return C; }
+
+private:
+	char _d[C];
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/Hashtable.hpp b/node/Hashtable.hpp
new file mode 100644
index 0000000..f06b223
--- /dev/null
+++ b/node/Hashtable.hpp
@@ -0,0 +1,415 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_HASHTABLE_HPP
+#define ZT_HASHTABLE_HPP
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <stdexcept>
+#include <vector>
+#include <utility>
+#include <algorithm>
+
+namespace ZeroTier {
+
+/**
+ * A minimal hash table implementation for the ZeroTier core
+ *
+ * This is not a drop-in replacement for STL containers, and has several
+ * limitations. Keys can be uint64_t or an object, and if the latter they
+ * must implement a method called hashCode() that returns an unsigned long
+ * value that is evenly distributed.
+ */
+template<typename K,typename V>
+class Hashtable
+{
+private:
+	struct _Bucket
+	{
+		_Bucket(const K &k,const V &v) : k(k),v(v) {}
+		_Bucket(const K &k) : k(k),v() {}
+		_Bucket(const _Bucket &b) : k(b.k),v(b.v) {}
+		inline _Bucket &operator=(const _Bucket &b) { k = b.k; v = b.v; return *this; }
+		K k;
+		V v;
+		_Bucket *next; // must be set manually for each _Bucket
+	};
+
+public:
+	/**
+	 * A simple forward iterator (different from STL)
+	 *
+	 * It's safe to erase the last key, but not others. Don't use set() since that
+	 * may rehash and invalidate the iterator. Note the erasing the key will destroy
+	 * the targets of the pointers returned by next().
+	 */
+	class Iterator
+	{
+	public:
+		/**
+		 * @param ht Hash table to iterate over
+		 */
+		Iterator(Hashtable &ht) :
+			_idx(0),
+			_ht(&ht),
+			_b(ht._t[0])
+		{
+		}
+
+		/**
+		 * @param kptr Pointer to set to point to next key
+		 * @param vptr Pointer to set to point to next value
+		 * @return True if kptr and vptr are set, false if no more entries
+		 */
+		inline bool next(K *&kptr,V *&vptr)
+		{
+			for(;;) {
+				if (_b) {
+					kptr = &(_b->k);
+					vptr = &(_b->v);
+					_b = _b->next;
+					return true;
+				}
+				++_idx;
+				if (_idx >= _ht->_bc)
+					return false;
+				_b = _ht->_t[_idx];
+			}
+		}
+
+	private:
+		unsigned long _idx;
+		Hashtable *_ht;
+		_Bucket *_b;
+	};
+	friend class Hashtable::Iterator;
+
+	/**
+	 * @param bc Initial capacity in buckets (default: 128, must be nonzero)
+	 */
+	Hashtable(unsigned long bc = 128) :
+		_t(reinterpret_cast<_Bucket **>(::malloc(sizeof(_Bucket *) * bc))),
+		_bc(bc),
+		_s(0)
+	{
+		if (!_t)
+			throw std::bad_alloc();
+		for(unsigned long i=0;i<bc;++i)
+			_t[i] = (_Bucket *)0;
+	}
+
+	Hashtable(const Hashtable<K,V> &ht) :
+		_t(reinterpret_cast<_Bucket **>(::malloc(sizeof(_Bucket *) * ht._bc))),
+		_bc(ht._bc),
+		_s(ht._s)
+	{
+		if (!_t)
+			throw std::bad_alloc();
+		for(unsigned long i=0;i<_bc;++i)
+			_t[i] = (_Bucket *)0;
+		for(unsigned long i=0;i<_bc;++i) {
+			const _Bucket *b = ht._t[i];
+			while (b) {
+				_Bucket *nb = new _Bucket(*b);
+				nb->next = _t[i];
+				_t[i] = nb;
+				b = b->next;
+			}
+		}
+	}
+
+	~Hashtable()
+	{
+		this->clear();
+		::free(_t);
+	}
+
+	inline Hashtable &operator=(const Hashtable<K,V> &ht)
+	{
+		this->clear();
+		if (ht._s) {
+			for(unsigned long i=0;i<ht._bc;++i) {
+				const _Bucket *b = ht._t[i];
+				while (b) {
+					this->set(b->k,b->v);
+					b = b->next;
+				}
+			}
+		}
+		return *this;
+	}
+
+	/**
+	 * Erase all entries
+	 */
+	inline void clear()
+	{
+		if (_s) {
+			for(unsigned long i=0;i<_bc;++i) {
+				_Bucket *b = _t[i];
+				while (b) {
+					_Bucket *const nb = b->next;
+					delete b;
+					b = nb;
+				}
+				_t[i] = (_Bucket *)0;
+			}
+			_s = 0;
+		}
+	}
+
+	/**
+	 * @return Vector of all keys
+	 */
+	inline typename std::vector<K> keys() const
+	{
+		typename std::vector<K> k;
+		if (_s) {
+			k.reserve(_s);
+			for(unsigned long i=0;i<_bc;++i) {
+				_Bucket *b = _t[i];
+				while (b) {
+					k.push_back(b->k);
+					b = b->next;
+				}
+			}
+		}
+		return k;
+	}
+
+	/**
+	 * Append all keys (in unspecified order) to the supplied vector or list
+	 *
+	 * @param v Vector, list, or other compliant container
+	 * @tparam Type of V (generally inferred)
+	 */
+	template<typename C>
+	inline void appendKeys(C &v) const
+	{
+		if (_s) {
+			for(unsigned long i=0;i<_bc;++i) {
+				_Bucket *b = _t[i];
+				while (b) {
+					v.push_back(b->k);
+					b = b->next;
+				}
+			}
+		}
+	}
+
+	/**
+	 * @return Vector of all entries (pairs of K,V)
+	 */
+	inline typename std::vector< std::pair<K,V> > entries() const
+	{
+		typename std::vector< std::pair<K,V> > k;
+		if (_s) {
+			k.reserve(_s);
+			for(unsigned long i=0;i<_bc;++i) {
+				_Bucket *b = _t[i];
+				while (b) {
+					k.push_back(std::pair<K,V>(b->k,b->v));
+					b = b->next;
+				}
+			}
+		}
+		return k;
+	}
+
+	/**
+	 * @param k Key
+	 * @return Pointer to value or NULL if not found
+	 */
+	inline V *get(const K &k)
+	{
+		_Bucket *b = _t[_hc(k) % _bc];
+		while (b) {
+			if (b->k == k)
+				return &(b->v);
+			b = b->next;
+		}
+		return (V *)0;
+	}
+	inline const V *get(const K &k) const { return const_cast<Hashtable *>(this)->get(k); }
+
+	/**
+	 * @param k Key to check
+	 * @return True if key is present
+	 */
+	inline bool contains(const K &k) const
+	{
+		_Bucket *b = _t[_hc(k) % _bc];
+		while (b) {
+			if (b->k == k)
+				return true;
+			b = b->next;
+		}
+		return false;
+	}
+
+	/**
+	 * @param k Key
+	 * @return True if value was present
+	 */
+	inline bool erase(const K &k)
+	{
+		const unsigned long bidx = _hc(k) % _bc;
+		_Bucket *lastb = (_Bucket *)0;
+		_Bucket *b = _t[bidx];
+		while (b) {
+			if (b->k == k) {
+				if (lastb)
+					lastb->next = b->next;
+				else _t[bidx] = b->next;
+				delete b;
+				--_s;
+				return true;
+			}
+			lastb = b;
+			b = b->next;
+		}
+		return false;
+	}
+
+	/**
+	 * @param k Key
+	 * @param v Value
+	 * @return Reference to value in table
+	 */
+	inline V &set(const K &k,const V &v)
+	{
+		const unsigned long h = _hc(k);
+		unsigned long bidx = h % _bc;
+
+		_Bucket *b = _t[bidx];
+		while (b) {
+			if (b->k == k) {
+				b->v = v;
+				return b->v;
+			}
+			b = b->next;
+		}
+
+		if (_s >= _bc) {
+			_grow();
+			bidx = h % _bc;
+		}
+
+		b = new _Bucket(k,v);
+		b->next = _t[bidx];
+		_t[bidx] = b;
+		++_s;
+		return b->v;
+	}
+
+	/**
+	 * @param k Key
+	 * @return Value, possibly newly created
+	 */
+	inline V &operator[](const K &k)
+	{
+		const unsigned long h = _hc(k);
+		unsigned long bidx = h % _bc;
+
+		_Bucket *b = _t[bidx];
+		while (b) {
+			if (b->k == k)
+				return b->v;
+			b = b->next;
+		}
+
+		if (_s >= _bc) {
+			_grow();
+			bidx = h % _bc;
+		}
+
+		b = new _Bucket(k);
+		b->next = _t[bidx];
+		_t[bidx] = b;
+		++_s;
+		return b->v;
+	}
+
+	/**
+	 * @return Number of entries
+	 */
+	inline unsigned long size() const throw() { return _s; }
+
+	/**
+	 * @return True if table is empty
+	 */
+	inline bool empty() const throw() { return (_s == 0); }
+
+private:
+	template<typename O>
+	static inline unsigned long _hc(const O &obj)
+	{
+		return obj.hashCode();
+	}
+	static inline unsigned long _hc(const uint64_t i)
+	{
+		/* NOTE: this assumes that 'i' is evenly distributed, which is the case for
+		 * packet IDs and network IDs -- the two use cases in ZT for uint64_t keys.
+		 * These values are also greater than 0xffffffff so they'll map onto a full
+		 * bucket count just fine no matter what happens. Normally you'd want to
+		 * hash an integer key index in a hash table. */
+		return (unsigned long)i;
+	}
+	static inline unsigned long _hc(const uint32_t i)
+	{
+		return ((unsigned long)i * (unsigned long)0x9e3779b1);
+	}
+	static inline unsigned long _hc(const uint16_t i)
+	{
+		return ((unsigned long)i * (unsigned long)0x9e3779b1);
+	}
+
+	inline void _grow()
+	{
+		const unsigned long nc = _bc * 2;
+		_Bucket **nt = reinterpret_cast<_Bucket **>(::malloc(sizeof(_Bucket *) * nc));
+		if (nt) {
+			for(unsigned long i=0;i<nc;++i)
+				nt[i] = (_Bucket *)0;
+			for(unsigned long i=0;i<_bc;++i) {
+				_Bucket *b = _t[i];
+				while (b) {
+					_Bucket *const nb = b->next;
+					const unsigned long nidx = _hc(b->k) % nc;
+					b->next = nt[nidx];
+					nt[nidx] = b;
+					b = nb;
+				}
+			}
+			::free(_t);
+			_t = nt;
+			_bc = nc;
+		}
+	}
+
+	_Bucket **_t;
+	unsigned long _bc;
+	unsigned long _s;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/Identity.cpp b/node/Identity.cpp
new file mode 100644
index 0000000..6f89a1e
--- /dev/null
+++ b/node/Identity.cpp
@@ -0,0 +1,190 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include "Constants.hpp"
+#include "Identity.hpp"
+#include "SHA512.hpp"
+#include "Salsa20.hpp"
+#include "Utils.hpp"
+
+// These can't be changed without a new identity type. They define the
+// parameters of the hashcash hashing/searching algorithm.
+
+#define ZT_IDENTITY_GEN_HASHCASH_FIRST_BYTE_LESS_THAN 17
+#define ZT_IDENTITY_GEN_MEMORY 2097152
+
+namespace ZeroTier {
+
+// A memory-hard composition of SHA-512 and Salsa20 for hashcash hashing
+static inline void _computeMemoryHardHash(const void *publicKey,unsigned int publicKeyBytes,void *digest,void *genmem)
+{
+	// Digest publicKey[] to obtain initial digest
+	SHA512::hash(digest,publicKey,publicKeyBytes);
+
+	// Initialize genmem[] using Salsa20 in a CBC-like configuration since
+	// ordinary Salsa20 is randomly seekable. This is good for a cipher
+	// but is not what we want for sequential memory-harndess.
+	memset(genmem,0,ZT_IDENTITY_GEN_MEMORY);
+	Salsa20 s20(digest,256,(char *)digest + 32);
+	s20.encrypt20((char *)genmem,(char *)genmem,64);
+	for(unsigned long i=64;i<ZT_IDENTITY_GEN_MEMORY;i+=64) {
+		unsigned long k = i - 64;
+		*((uint64_t *)((char *)genmem + i)) = *((uint64_t *)((char *)genmem + k));
+		*((uint64_t *)((char *)genmem + i + 8)) = *((uint64_t *)((char *)genmem + k + 8));
+		*((uint64_t *)((char *)genmem + i + 16)) = *((uint64_t *)((char *)genmem + k + 16));
+		*((uint64_t *)((char *)genmem + i + 24)) = *((uint64_t *)((char *)genmem + k + 24));
+		*((uint64_t *)((char *)genmem + i + 32)) = *((uint64_t *)((char *)genmem + k + 32));
+		*((uint64_t *)((char *)genmem + i + 40)) = *((uint64_t *)((char *)genmem + k + 40));
+		*((uint64_t *)((char *)genmem + i + 48)) = *((uint64_t *)((char *)genmem + k + 48));
+		*((uint64_t *)((char *)genmem + i + 56)) = *((uint64_t *)((char *)genmem + k + 56));
+		s20.encrypt20((char *)genmem + i,(char *)genmem + i,64);
+	}
+
+	// Render final digest using genmem as a lookup table
+	for(unsigned long i=0;i<(ZT_IDENTITY_GEN_MEMORY / sizeof(uint64_t));) {
+		unsigned long idx1 = (unsigned long)(Utils::ntoh(((uint64_t *)genmem)[i++]) % (64 / sizeof(uint64_t)));
+		unsigned long idx2 = (unsigned long)(Utils::ntoh(((uint64_t *)genmem)[i++]) % (ZT_IDENTITY_GEN_MEMORY / sizeof(uint64_t)));
+		uint64_t tmp = ((uint64_t *)genmem)[idx2];
+		((uint64_t *)genmem)[idx2] = ((uint64_t *)digest)[idx1];
+		((uint64_t *)digest)[idx1] = tmp;
+		s20.encrypt20(digest,digest,64);
+	}
+}
+
+// Hashcash generation halting condition -- halt when first byte is less than
+// threshold value.
+struct _Identity_generate_cond
+{
+	_Identity_generate_cond() throw() {}
+	_Identity_generate_cond(unsigned char *sb,char *gm) throw() : digest(sb),genmem(gm) {}
+	inline bool operator()(const C25519::Pair &kp) const
+		throw()
+	{
+		_computeMemoryHardHash(kp.pub.data,(unsigned int)kp.pub.size(),digest,genmem);
+		return (digest[0] < ZT_IDENTITY_GEN_HASHCASH_FIRST_BYTE_LESS_THAN);
+	}
+	unsigned char *digest;
+	char *genmem;
+};
+
+void Identity::generate()
+{
+	unsigned char digest[64];
+	char *genmem = new char[ZT_IDENTITY_GEN_MEMORY];
+
+	C25519::Pair kp;
+	do {
+		kp = C25519::generateSatisfying(_Identity_generate_cond(digest,genmem));
+		_address.setTo(digest + 59,ZT_ADDRESS_LENGTH); // last 5 bytes are address
+	} while (_address.isReserved());
+
+	_publicKey = kp.pub;
+	if (!_privateKey)
+		_privateKey = new C25519::Private();
+	*_privateKey = kp.priv;
+
+	delete [] genmem;
+}
+
+bool Identity::locallyValidate() const
+{
+	if (_address.isReserved())
+		return false;
+
+	unsigned char digest[64];
+	char *genmem = new char[ZT_IDENTITY_GEN_MEMORY];
+	_computeMemoryHardHash(_publicKey.data,(unsigned int)_publicKey.size(),digest,genmem);
+	delete [] genmem;
+
+	unsigned char addrb[5];
+	_address.copyTo(addrb,5);
+
+	return (
+		(digest[0] < ZT_IDENTITY_GEN_HASHCASH_FIRST_BYTE_LESS_THAN)&&
+		(digest[59] == addrb[0])&&
+		(digest[60] == addrb[1])&&
+		(digest[61] == addrb[2])&&
+		(digest[62] == addrb[3])&&
+		(digest[63] == addrb[4]));
+}
+
+std::string Identity::toString(bool includePrivate) const
+{
+	std::string r;
+
+	r.append(_address.toString());
+	r.append(":0:"); // 0 == IDENTITY_TYPE_C25519
+	r.append(Utils::hex(_publicKey.data,(unsigned int)_publicKey.size()));
+	if ((_privateKey)&&(includePrivate)) {
+		r.push_back(':');
+		r.append(Utils::hex(_privateKey->data,(unsigned int)_privateKey->size()));
+	}
+
+	return r;
+}
+
+bool Identity::fromString(const char *str)
+{
+	if (!str)
+		return false;
+
+	char *saveptr = (char *)0;
+	char tmp[1024];
+	if (!Utils::scopy(tmp,sizeof(tmp),str))
+		return false;
+
+	delete _privateKey;
+	_privateKey = (C25519::Private *)0;
+
+	int fno = 0;
+	for(char *f=Utils::stok(tmp,":",&saveptr);(f);f=Utils::stok((char *)0,":",&saveptr)) {
+		switch(fno++) {
+			case 0:
+				_address = Address(f);
+				if (_address.isReserved())
+					return false;
+				break;
+			case 1:
+				if ((f[0] != '0')||(f[1]))
+					return false;
+				break;
+			case 2:
+				if (Utils::unhex(f,_publicKey.data,(unsigned int)_publicKey.size()) != _publicKey.size())
+					return false;
+				break;
+			case 3:
+				_privateKey = new C25519::Private();
+				if (Utils::unhex(f,_privateKey->data,(unsigned int)_privateKey->size()) != _privateKey->size())
+					return false;
+				break;
+			default:
+				return false;
+		}
+	}
+	if (fno < 3)
+		return false;
+
+	return true;
+}
+
+} // namespace ZeroTier
diff --git a/node/Identity.hpp b/node/Identity.hpp
new file mode 100644
index 0000000..e19c498
--- /dev/null
+++ b/node/Identity.hpp
@@ -0,0 +1,318 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_IDENTITY_HPP
+#define ZT_IDENTITY_HPP
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string>
+
+#include "Constants.hpp"
+#include "Array.hpp"
+#include "Utils.hpp"
+#include "Address.hpp"
+#include "C25519.hpp"
+#include "Buffer.hpp"
+#include "SHA512.hpp"
+
+namespace ZeroTier {
+
+/**
+ * A ZeroTier identity
+ *
+ * An identity consists of a public key, a 40-bit ZeroTier address computed
+ * from that key in a collision-resistant fashion, and a self-signature.
+ *
+ * The address derivation algorithm makes it computationally very expensive to
+ * search for a different public key that duplicates an existing address. (See
+ * code for deriveAddress() for this algorithm.)
+ */
+class Identity
+{
+public:
+	/**
+	 * Identity types
+	 */
+	enum Type
+	{
+		IDENTITY_TYPE_C25519 = 0
+	};
+
+	Identity() :
+		_privateKey((C25519::Private *)0)
+	{
+	}
+
+	Identity(const Identity &id) :
+		_address(id._address),
+		_publicKey(id._publicKey),
+		_privateKey((id._privateKey) ? new C25519::Private(*(id._privateKey)) : (C25519::Private *)0)
+	{
+	}
+
+	Identity(const char *str)
+		throw(std::invalid_argument) :
+		_privateKey((C25519::Private *)0)
+	{
+		if (!fromString(str))
+			throw std::invalid_argument(std::string("invalid string-serialized identity: ") + str);
+	}
+
+	Identity(const std::string &str)
+		throw(std::invalid_argument) :
+		_privateKey((C25519::Private *)0)
+	{
+		if (!fromString(str))
+			throw std::invalid_argument(std::string("invalid string-serialized identity: ") + str);
+	}
+
+	template<unsigned int C>
+	Identity(const Buffer<C> &b,unsigned int startAt = 0) :
+		_privateKey((C25519::Private *)0)
+	{
+		deserialize(b,startAt);
+	}
+
+	~Identity()
+	{
+		delete _privateKey;
+	}
+
+	inline Identity &operator=(const Identity &id)
+	{
+		_address = id._address;
+		_publicKey = id._publicKey;
+		if (id._privateKey) {
+			if (!_privateKey)
+				_privateKey = new C25519::Private();
+			*_privateKey = *(id._privateKey);
+		} else {
+			delete _privateKey;
+			_privateKey = (C25519::Private *)0;
+		}
+		return *this;
+	}
+
+	/**
+	 * Generate a new identity (address, key pair)
+	 *
+	 * This is a time consuming operation.
+	 */
+	void generate();
+
+	/**
+	 * Check the validity of this identity's pairing of key to address
+	 *
+	 * @return True if validation check passes
+	 */
+	bool locallyValidate() const;
+
+	/**
+	 * @return True if this identity contains a private key
+	 */
+	inline bool hasPrivate() const throw() { return (_privateKey != (C25519::Private *)0); }
+
+	/**
+	 * Compute the SHA512 hash of our private key (if we have one)
+	 *
+	 * @param sha Buffer to receive SHA512 (MUST be ZT_SHA512_DIGEST_LEN (64) bytes in length)
+	 * @return True on success, false if no private key
+	 */
+	inline bool sha512PrivateKey(void *sha) const
+	{
+		if (_privateKey) {
+			SHA512::hash(sha,_privateKey->data,ZT_C25519_PRIVATE_KEY_LEN);
+			return true;
+		}
+		return false;
+	}
+
+	/**
+	 * Sign a message with this identity (private key required)
+	 *
+	 * @param data Data to sign
+	 * @param len Length of data
+	 */
+	inline C25519::Signature sign(const void *data,unsigned int len) const
+		throw(std::runtime_error)
+	{
+		if (_privateKey)
+			return C25519::sign(*_privateKey,_publicKey,data,len);
+		throw std::runtime_error("sign() requires a private key");
+	}
+
+	/**
+	 * Verify a message signature against this identity
+	 *
+	 * @param data Data to check
+	 * @param len Length of data
+	 * @param signature Signature bytes
+	 * @param siglen Length of signature in bytes
+	 * @return True if signature validates and data integrity checks
+	 */
+	inline bool verify(const void *data,unsigned int len,const void *signature,unsigned int siglen) const
+	{
+		if (siglen != ZT_C25519_SIGNATURE_LEN)
+			return false;
+		return C25519::verify(_publicKey,data,len,signature);
+	}
+
+	/**
+	 * Verify a message signature against this identity
+	 *
+	 * @param data Data to check
+	 * @param len Length of data
+	 * @param signature Signature
+	 * @return True if signature validates and data integrity checks
+	 */
+	inline bool verify(const void *data,unsigned int len,const C25519::Signature &signature) const
+	{
+		return C25519::verify(_publicKey,data,len,signature);
+	}
+
+	/**
+	 * Shortcut method to perform key agreement with another identity
+	 *
+	 * This identity must have a private key. (Check hasPrivate())
+	 *
+	 * @param id Identity to agree with
+	 * @param key Result parameter to fill with key bytes
+	 * @param klen Length of key in bytes
+	 * @return Was agreement successful?
+	 */
+	inline bool agree(const Identity &id,void *key,unsigned int klen) const
+	{
+		if (_privateKey) {
+			C25519::agree(*_privateKey,id._publicKey,key,klen);
+			return true;
+		}
+		return false;
+	}
+
+	/**
+	 * @return Identity type
+	 */
+	inline Type type() const throw() { return IDENTITY_TYPE_C25519; }
+
+	/**
+	 * @return This identity's address
+	 */
+	inline const Address &address() const throw() { return _address; }
+
+	/**
+	 * Serialize this identity (binary)
+	 *
+	 * @param b Destination buffer to append to
+	 * @param includePrivate If true, include private key component (if present) (default: false)
+	 * @throws std::out_of_range Buffer too small
+	 */
+	template<unsigned int C>
+	inline void serialize(Buffer<C> &b,bool includePrivate = false) const
+	{
+		_address.appendTo(b);
+		b.append((unsigned char)IDENTITY_TYPE_C25519);
+		b.append(_publicKey.data,(unsigned int)_publicKey.size());
+		if ((_privateKey)&&(includePrivate)) {
+			b.append((unsigned char)_privateKey->size());
+			b.append(_privateKey->data,(unsigned int)_privateKey->size());
+		} else b.append((unsigned char)0);
+	}
+
+	/**
+	 * Deserialize a binary serialized identity
+	 *
+	 * If an exception is thrown, the Identity object is left in an undefined
+	 * state and should not be used.
+	 *
+	 * @param b Buffer containing serialized data
+	 * @param startAt Index within buffer of serialized data (default: 0)
+	 * @return Length of serialized data read from buffer
+	 * @throws std::out_of_range Serialized data invalid
+	 * @throws std::invalid_argument Serialized data invalid
+	 */
+	template<unsigned int C>
+	inline unsigned int deserialize(const Buffer<C> &b,unsigned int startAt = 0)
+	{
+		delete _privateKey;
+		_privateKey = (C25519::Private *)0;
+
+		unsigned int p = startAt;
+
+		_address.setTo(b.field(p,ZT_ADDRESS_LENGTH),ZT_ADDRESS_LENGTH);
+		p += ZT_ADDRESS_LENGTH;
+
+		if (b[p++] != IDENTITY_TYPE_C25519)
+			throw std::invalid_argument("unsupported identity type");
+
+		memcpy(_publicKey.data,b.field(p,(unsigned int)_publicKey.size()),(unsigned int)_publicKey.size());
+		p += (unsigned int)_publicKey.size();
+
+		unsigned int privateKeyLength = (unsigned int)b[p++];
+		if (privateKeyLength) {
+			if (privateKeyLength != ZT_C25519_PRIVATE_KEY_LEN)
+				throw std::invalid_argument("invalid private key");
+			_privateKey = new C25519::Private();
+			memcpy(_privateKey->data,b.field(p,ZT_C25519_PRIVATE_KEY_LEN),ZT_C25519_PRIVATE_KEY_LEN);
+			p += ZT_C25519_PRIVATE_KEY_LEN;
+		}
+
+		return (p - startAt);
+	}
+
+	/**
+	 * Serialize to a more human-friendly string
+	 *
+	 * @param includePrivate If true, include private key (if it exists)
+	 * @return ASCII string representation of identity
+	 */
+	std::string toString(bool includePrivate) const;
+
+	/**
+	 * Deserialize a human-friendly string
+	 *
+	 * Note: validation is for the format only. The locallyValidate() method
+	 * must be used to check signature and address/key correspondence.
+	 *
+	 * @param str String to deserialize
+	 * @return True if deserialization appears successful
+	 */
+	bool fromString(const char *str);
+	inline bool fromString(const std::string &str) { return fromString(str.c_str()); }
+
+	/**
+	 * @return True if this identity contains something
+	 */
+	inline operator bool() const throw() { return (_address); }
+
+	inline bool operator==(const Identity &id) const throw() { return ((_address == id._address)&&(_publicKey == id._publicKey)); }
+	inline bool operator<(const Identity &id) const throw() { return ((_address < id._address)||((_address == id._address)&&(_publicKey < id._publicKey))); }
+	inline bool operator!=(const Identity &id) const throw() { return !(*this == id); }
+	inline bool operator>(const Identity &id) const throw() { return (id < *this); }
+	inline bool operator<=(const Identity &id) const throw() { return !(id < *this); }
+	inline bool operator>=(const Identity &id) const throw() { return !(*this < id); }
+
+private:
+	Address _address;
+	C25519::Public _publicKey;
+	C25519::Private *_privateKey;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/IncomingPacket.cpp b/node/IncomingPacket.cpp
new file mode 100644
index 0000000..37af842
--- /dev/null
+++ b/node/IncomingPacket.cpp
@@ -0,0 +1,1363 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../version.h"
+#include "../include/ZeroTierOne.h"
+
+#include "Constants.hpp"
+#include "RuntimeEnvironment.hpp"
+#include "IncomingPacket.hpp"
+#include "Topology.hpp"
+#include "Switch.hpp"
+#include "Peer.hpp"
+#include "NetworkController.hpp"
+#include "SelfAwareness.hpp"
+#include "Salsa20.hpp"
+#include "SHA512.hpp"
+#include "World.hpp"
+#include "Cluster.hpp"
+#include "Node.hpp"
+#include "DeferredPackets.hpp"
+
+namespace ZeroTier {
+
+bool IncomingPacket::tryDecode(const RuntimeEnvironment *RR,bool deferred)
+{
+	const Address sourceAddress(source());
+
+	try {
+		// Check for trusted paths or unencrypted HELLOs (HELLO is the only packet sent in the clear)
+		const unsigned int c = cipher();
+		bool trusted = false;
+		if (c == ZT_PROTO_CIPHER_SUITE__NO_CRYPTO_TRUSTED_PATH) {
+			// If this is marked as a packet via a trusted path, check source address and path ID.
+			// Obviously if no trusted paths are configured this always returns false and such
+			// packets are dropped on the floor.
+			if (RR->topology->shouldInboundPathBeTrusted(_remoteAddress,trustedPathId())) {
+				trusted = true;
+				TRACE("TRUSTED PATH packet approved from %s(%s), trusted path ID %llx",sourceAddress.toString().c_str(),_remoteAddress.toString().c_str(),trustedPathId());
+			} else {
+				TRACE("dropped packet from %s(%s), cipher set to trusted path mode but path %llx@%s is not trusted!",sourceAddress.toString().c_str(),_remoteAddress.toString().c_str(),trustedPathId(),_remoteAddress.toString().c_str());
+				return true;
+			}
+		} else if ((c == ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_NONE)&&(verb() == Packet::VERB_HELLO)) {
+			// Unencrypted HELLOs require some potentially expensive verification, so
+			// do this in the background if background processing is enabled.
+			if ((RR->dpEnabled > 0)&&(!deferred)) {
+				RR->dp->enqueue(this);
+				return true; // 'handled' via deferring to background thread(s)
+			} else {
+				// A null pointer for peer to _doHELLO() tells it to run its own
+				// special internal authentication logic. This is done for unencrypted
+				// HELLOs to learn new identities, etc.
+				SharedPtr<Peer> tmp;
+				return _doHELLO(RR,tmp);
+			}
+		}
+
+		SharedPtr<Peer> peer(RR->topology->getPeer(sourceAddress));
+		if (peer) {
+			if (!trusted) {
+				if (!dearmor(peer->key())) {
+					TRACE("dropped packet from %s(%s), MAC authentication failed (size: %u)",sourceAddress.toString().c_str(),_remoteAddress.toString().c_str(),size());
+					return true;
+				}
+			}
+
+			if (!uncompress()) {
+				TRACE("dropped packet from %s(%s), compressed data invalid",sourceAddress.toString().c_str(),_remoteAddress.toString().c_str());
+				return true;
+			}
+
+			const Packet::Verb v = verb();
+			//TRACE("<< %s from %s(%s)",Packet::verbString(v),sourceAddress.toString().c_str(),_remoteAddress.toString().c_str());
+			switch(v) {
+				//case Packet::VERB_NOP:
+				default: // ignore unknown verbs, but if they pass auth check they are "received"
+					peer->received(_localAddress,_remoteAddress,hops(),packetId(),v,0,Packet::VERB_NOP);
+					return true;
+
+				case Packet::VERB_HELLO:                          return _doHELLO(RR,peer);
+				case Packet::VERB_ERROR:                          return _doERROR(RR,peer);
+				case Packet::VERB_OK:                             return _doOK(RR,peer);
+				case Packet::VERB_WHOIS:                          return _doWHOIS(RR,peer);
+				case Packet::VERB_RENDEZVOUS:                     return _doRENDEZVOUS(RR,peer);
+				case Packet::VERB_FRAME:                          return _doFRAME(RR,peer);
+				case Packet::VERB_EXT_FRAME:                      return _doEXT_FRAME(RR,peer);
+				case Packet::VERB_ECHO:                           return _doECHO(RR,peer);
+				case Packet::VERB_MULTICAST_LIKE:                 return _doMULTICAST_LIKE(RR,peer);
+				case Packet::VERB_NETWORK_MEMBERSHIP_CERTIFICATE: return _doNETWORK_MEMBERSHIP_CERTIFICATE(RR,peer);
+				case Packet::VERB_NETWORK_CONFIG_REQUEST:         return _doNETWORK_CONFIG_REQUEST(RR,peer);
+				case Packet::VERB_NETWORK_CONFIG_REFRESH:         return _doNETWORK_CONFIG_REFRESH(RR,peer);
+				case Packet::VERB_MULTICAST_GATHER:               return _doMULTICAST_GATHER(RR,peer);
+				case Packet::VERB_MULTICAST_FRAME:                return _doMULTICAST_FRAME(RR,peer);
+				case Packet::VERB_PUSH_DIRECT_PATHS:              return _doPUSH_DIRECT_PATHS(RR,peer);
+				case Packet::VERB_CIRCUIT_TEST:                   return _doCIRCUIT_TEST(RR,peer);
+				case Packet::VERB_CIRCUIT_TEST_REPORT:            return _doCIRCUIT_TEST_REPORT(RR,peer);
+				case Packet::VERB_REQUEST_PROOF_OF_WORK:          return _doREQUEST_PROOF_OF_WORK(RR,peer);
+			}
+		} else {
+			RR->sw->requestWhois(sourceAddress);
+			return false;
+		}
+	} catch ( ... ) {
+		// Exceptions are more informatively caught in _do...() handlers but
+		// this outer try/catch will catch anything else odd.
+		TRACE("dropped ??? from %s(%s): unexpected exception in tryDecode()",sourceAddress.toString().c_str(),_remoteAddress.toString().c_str());
+		return true;
+	}
+}
+
+bool IncomingPacket::_doERROR(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer)
+{
+	try {
+		const Packet::Verb inReVerb = (Packet::Verb)(*this)[ZT_PROTO_VERB_ERROR_IDX_IN_RE_VERB];
+		const uint64_t inRePacketId = at<uint64_t>(ZT_PROTO_VERB_ERROR_IDX_IN_RE_PACKET_ID);
+		const Packet::ErrorCode errorCode = (Packet::ErrorCode)(*this)[ZT_PROTO_VERB_ERROR_IDX_ERROR_CODE];
+
+		//TRACE("ERROR %s from %s(%s) in-re %s",Packet::errorString(errorCode),peer->address().toString().c_str(),_remoteAddress.toString().c_str(),Packet::verbString(inReVerb));
+
+		switch(errorCode) {
+
+			case Packet::ERROR_OBJ_NOT_FOUND:
+				if (inReVerb == Packet::VERB_NETWORK_CONFIG_REQUEST) {
+					SharedPtr<Network> network(RR->node->network(at<uint64_t>(ZT_PROTO_VERB_ERROR_IDX_PAYLOAD)));
+					if ((network)&&(network->controller() == peer->address()))
+						network->setNotFound();
+				}
+				break;
+
+			case Packet::ERROR_UNSUPPORTED_OPERATION:
+				if (inReVerb == Packet::VERB_NETWORK_CONFIG_REQUEST) {
+					SharedPtr<Network> network(RR->node->network(at<uint64_t>(ZT_PROTO_VERB_ERROR_IDX_PAYLOAD)));
+					if ((network)&&(network->controller() == peer->address()))
+						network->setNotFound();
+				}
+				break;
+
+			case Packet::ERROR_IDENTITY_COLLISION:
+				if (RR->topology->isRoot(peer->identity()))
+					RR->node->postEvent(ZT_EVENT_FATAL_ERROR_IDENTITY_COLLISION);
+				break;
+
+			case Packet::ERROR_NEED_MEMBERSHIP_CERTIFICATE: {
+				/* Note: certificates are public so it's safe to push them to anyone
+				 * who asks. We won't communicate unless we also get a certificate
+				 * from the remote that agrees. */
+				SharedPtr<Network> network(RR->node->network(at<uint64_t>(ZT_PROTO_VERB_ERROR_IDX_PAYLOAD)));
+				if ((network)&&(network->hasConfig())&&(network->config().com)) {
+					Packet outp(peer->address(),RR->identity.address(),Packet::VERB_NETWORK_MEMBERSHIP_CERTIFICATE);
+					network->config().com.serialize(outp);
+					outp.armor(peer->key(),true);
+					RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
+				}
+			}	break;
+
+			case Packet::ERROR_NETWORK_ACCESS_DENIED_: {
+				SharedPtr<Network> network(RR->node->network(at<uint64_t>(ZT_PROTO_VERB_ERROR_IDX_PAYLOAD)));
+				if ((network)&&(network->controller() == peer->address()))
+					network->setAccessDenied();
+			}	break;
+
+			case Packet::ERROR_UNWANTED_MULTICAST: {
+				uint64_t nwid = at<uint64_t>(ZT_PROTO_VERB_ERROR_IDX_PAYLOAD);
+				MulticastGroup mg(MAC(field(ZT_PROTO_VERB_ERROR_IDX_PAYLOAD + 8,6),6),at<uint32_t>(ZT_PROTO_VERB_ERROR_IDX_PAYLOAD + 14));
+				TRACE("%.16llx: peer %s unsubscrubed from multicast group %s",nwid,peer->address().toString().c_str(),mg.toString().c_str());
+				RR->mc->remove(nwid,mg,peer->address());
+			}	break;
+
+			default: break;
+		}
+
+		peer->received(_localAddress,_remoteAddress,hops(),packetId(),Packet::VERB_ERROR,inRePacketId,inReVerb);
+	} catch ( ... ) {
+		TRACE("dropped ERROR from %s(%s): unexpected exception",peer->address().toString().c_str(),_remoteAddress.toString().c_str());
+	}
+	return true;
+}
+
+bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,SharedPtr<Peer> &peer)
+{
+	/* Note: this is the only packet ever sent in the clear, and it's also
+	 * the only packet that we authenticate via a different path. Authentication
+	 * occurs here and is based on the validity of the identity and the
+	 * integrity of the packet's MAC, but it must be done after we check
+	 * the identity since HELLO is a mechanism for learning new identities
+	 * in the first place. */
+
+	try {
+		const uint64_t pid = packetId();
+		const Address fromAddress(source());
+		const unsigned int protoVersion = (*this)[ZT_PROTO_VERB_HELLO_IDX_PROTOCOL_VERSION];
+		const unsigned int vMajor = (*this)[ZT_PROTO_VERB_HELLO_IDX_MAJOR_VERSION];
+		const unsigned int vMinor = (*this)[ZT_PROTO_VERB_HELLO_IDX_MINOR_VERSION];
+		const unsigned int vRevision = at<uint16_t>(ZT_PROTO_VERB_HELLO_IDX_REVISION);
+		const uint64_t timestamp = at<uint64_t>(ZT_PROTO_VERB_HELLO_IDX_TIMESTAMP);
+
+		Identity id;
+		InetAddress externalSurfaceAddress;
+		uint64_t worldId = ZT_WORLD_ID_NULL;
+		uint64_t worldTimestamp = 0;
+		{
+			unsigned int ptr = ZT_PROTO_VERB_HELLO_IDX_IDENTITY + id.deserialize(*this,ZT_PROTO_VERB_HELLO_IDX_IDENTITY);
+			if (ptr < size()) // ZeroTier One < 1.0.3 did not include physical destination address info
+				ptr += externalSurfaceAddress.deserialize(*this,ptr);
+			if ((ptr + 16) <= size()) { // older versions also did not include World IDs or timestamps
+				worldId = at<uint64_t>(ptr); ptr += 8;
+				worldTimestamp = at<uint64_t>(ptr);
+			}
+		}
+
+		if (protoVersion < ZT_PROTO_VERSION_MIN) {
+			TRACE("dropped HELLO from %s(%s): protocol version too old",id.address().toString().c_str(),_remoteAddress.toString().c_str());
+			return true;
+		}
+		if (fromAddress != id.address()) {
+			TRACE("dropped HELLO from %s(%s): identity not for sending address",fromAddress.toString().c_str(),_remoteAddress.toString().c_str());
+			return true;
+		}
+
+		if (!peer) { // peer == NULL is the normal case here
+			peer = RR->topology->getPeer(id.address());
+			if (peer) {
+				// We already have an identity with this address -- check for collisions
+
+				if (peer->identity() != id) {
+					// Identity is different from the one we already have -- address collision
+
+					unsigned char key[ZT_PEER_SECRET_KEY_LENGTH];
+					if (RR->identity.agree(id,key,ZT_PEER_SECRET_KEY_LENGTH)) {
+						if (dearmor(key)) { // ensure packet is authentic, otherwise drop
+							TRACE("rejected HELLO from %s(%s): address already claimed",id.address().toString().c_str(),_remoteAddress.toString().c_str());
+							Packet outp(id.address(),RR->identity.address(),Packet::VERB_ERROR);
+							outp.append((unsigned char)Packet::VERB_HELLO);
+							outp.append((uint64_t)pid);
+							outp.append((unsigned char)Packet::ERROR_IDENTITY_COLLISION);
+							outp.armor(key,true);
+							RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
+						} else {
+							TRACE("rejected HELLO from %s(%s): packet failed authentication",id.address().toString().c_str(),_remoteAddress.toString().c_str());
+						}
+					} else {
+						TRACE("rejected HELLO from %s(%s): key agreement failed",id.address().toString().c_str(),_remoteAddress.toString().c_str());
+					}
+
+					return true;
+				} else {
+					// Identity is the same as the one we already have -- check packet integrity
+
+					if (!dearmor(peer->key())) {
+						TRACE("rejected HELLO from %s(%s): packet failed authentication",id.address().toString().c_str(),_remoteAddress.toString().c_str());
+						return true;
+					}
+
+					// Continue at // VALID
+				}
+			} else {
+				// We don't already have an identity with this address -- validate and learn it
+
+				// Check identity proof of work
+				if (!id.locallyValidate()) {
+					TRACE("dropped HELLO from %s(%s): identity invalid",id.address().toString().c_str(),_remoteAddress.toString().c_str());
+					return true;
+				}
+
+				// Check packet integrity and authentication
+				SharedPtr<Peer> newPeer(new Peer(RR,RR->identity,id));
+				if (!dearmor(newPeer->key())) {
+					TRACE("rejected HELLO from %s(%s): packet failed authentication",id.address().toString().c_str(),_remoteAddress.toString().c_str());
+					return true;
+				}
+				peer = RR->topology->addPeer(newPeer);
+
+				// Continue at // VALID
+			}
+
+			// VALID -- if we made it here, packet passed identity and authenticity checks!
+		}
+
+		if (externalSurfaceAddress)
+			RR->sa->iam(id.address(),_localAddress,_remoteAddress,externalSurfaceAddress,RR->topology->isRoot(id),RR->node->now());
+
+		Packet outp(id.address(),RR->identity.address(),Packet::VERB_OK);
+		outp.append((unsigned char)Packet::VERB_HELLO);
+		outp.append((uint64_t)pid);
+		outp.append((uint64_t)timestamp);
+		outp.append((unsigned char)ZT_PROTO_VERSION);
+		outp.append((unsigned char)ZEROTIER_ONE_VERSION_MAJOR);
+		outp.append((unsigned char)ZEROTIER_ONE_VERSION_MINOR);
+		outp.append((uint16_t)ZEROTIER_ONE_VERSION_REVISION);
+		if (protoVersion >= 5) {
+			_remoteAddress.serialize(outp);
+		} else {
+			/* LEGACY COMPATIBILITY HACK:
+			 *
+			 * For a while now (since 1.0.3), ZeroTier has recognized changes in
+			 * its network environment empirically by examining its external network
+			 * address as reported by trusted peers. In versions prior to 1.1.0
+			 * (protocol version < 5), they did this by saving a snapshot of this
+			 * information (in SelfAwareness.hpp) keyed by reporting device ID and
+			 * address type.
+			 *
+			 * This causes problems when clustering is combined with symmetric NAT.
+			 * Symmetric NAT remaps ports, so different endpoints in a cluster will
+			 * report back different exterior addresses. Since the old code keys
+			 * this by device ID and not sending physical address and compares the
+			 * entire address including port, it constantly thinks its external
+			 * surface is changing and resets connections when talking to a cluster.
+			 *
+			 * In new code we key by sending physical address and device and we also
+			 * take the more conservative position of only interpreting changes in
+			 * IP address (neglecting port) as a change in network topology that
+			 * necessitates a reset. But we can make older clients work here by
+			 * nulling out the port field. Since this info is only used for empirical
+			 * detection of link changes, it doesn't break anything else.
+			 */
+			InetAddress tmpa(_remoteAddress);
+			tmpa.setPort(0);
+			tmpa.serialize(outp);
+		}
+
+		if ((worldId != ZT_WORLD_ID_NULL)&&(RR->topology->worldTimestamp() > worldTimestamp)&&(worldId == RR->topology->worldId())) {
+			World w(RR->topology->world());
+			const unsigned int sizeAt = outp.size();
+			outp.addSize(2); // make room for 16-bit size field
+			w.serialize(outp,false);
+			outp.setAt<uint16_t>(sizeAt,(uint16_t)(outp.size() - (sizeAt + 2)));
+		} else {
+			outp.append((uint16_t)0); // no world update needed
+		}
+
+		outp.armor(peer->key(),true);
+		RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
+
+		peer->setRemoteVersion(protoVersion,vMajor,vMinor,vRevision); // important for this to go first so received() knows the version
+		peer->received(_localAddress,_remoteAddress,hops(),pid,Packet::VERB_HELLO,0,Packet::VERB_NOP);
+	} catch ( ... ) {
+		TRACE("dropped HELLO from %s(%s): unexpected exception",source().toString().c_str(),_remoteAddress.toString().c_str());
+	}
+	return true;
+}
+
+bool IncomingPacket::_doOK(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer)
+{
+	try {
+		const Packet::Verb inReVerb = (Packet::Verb)(*this)[ZT_PROTO_VERB_OK_IDX_IN_RE_VERB];
+		const uint64_t inRePacketId = at<uint64_t>(ZT_PROTO_VERB_OK_IDX_IN_RE_PACKET_ID);
+
+		//TRACE("%s(%s): OK(%s)",source().toString().c_str(),_remoteAddress.toString().c_str(),Packet::verbString(inReVerb));
+
+		switch(inReVerb) {
+
+			case Packet::VERB_HELLO: {
+				const unsigned int latency = std::min((unsigned int)(RR->node->now() - at<uint64_t>(ZT_PROTO_VERB_HELLO__OK__IDX_TIMESTAMP)),(unsigned int)0xffff);
+				const unsigned int vProto = (*this)[ZT_PROTO_VERB_HELLO__OK__IDX_PROTOCOL_VERSION];
+				const unsigned int vMajor = (*this)[ZT_PROTO_VERB_HELLO__OK__IDX_MAJOR_VERSION];
+				const unsigned int vMinor = (*this)[ZT_PROTO_VERB_HELLO__OK__IDX_MINOR_VERSION];
+				const unsigned int vRevision = at<uint16_t>(ZT_PROTO_VERB_HELLO__OK__IDX_REVISION);
+
+				if (vProto < ZT_PROTO_VERSION_MIN) {
+					TRACE("%s(%s): OK(HELLO) dropped, protocol version too old",source().toString().c_str(),_remoteAddress.toString().c_str());
+					return true;
+				}
+
+				const bool trusted = RR->topology->isRoot(peer->identity());
+
+				InetAddress externalSurfaceAddress;
+				unsigned int ptr = ZT_PROTO_VERB_HELLO__OK__IDX_REVISION + 2;
+				if (ptr < size()) // ZeroTier One < 1.0.3 did not include this field
+					ptr += externalSurfaceAddress.deserialize(*this,ptr);
+				if ((trusted)&&((ptr + 2) <= size())) { // older versions also did not include this field, and right now we only use if from a root
+					World worldUpdate;
+					const unsigned int worldLen = at<uint16_t>(ptr); ptr += 2;
+					if (worldLen > 0) {
+						World w;
+						w.deserialize(*this,ptr);
+						RR->topology->worldUpdateIfValid(w);
+					}
+				}
+
+				TRACE("%s(%s): OK(HELLO), version %u.%u.%u, latency %u, reported external address %s",source().toString().c_str(),_remoteAddress.toString().c_str(),vMajor,vMinor,vRevision,latency,((externalSurfaceAddress) ? externalSurfaceAddress.toString().c_str() : "(none)"));
+
+				peer->addDirectLatencyMeasurment(latency);
+				peer->setRemoteVersion(vProto,vMajor,vMinor,vRevision);
+
+				if (externalSurfaceAddress)
+					RR->sa->iam(peer->address(),_localAddress,_remoteAddress,externalSurfaceAddress,trusted,RR->node->now());
+			}	break;
+
+			case Packet::VERB_WHOIS: {
+				if (RR->topology->isRoot(peer->identity())) {
+					const Identity id(*this,ZT_PROTO_VERB_WHOIS__OK__IDX_IDENTITY);
+					// Right now we can skip this since OK(WHOIS) is only accepted from
+					// roots. In the future it should be done if we query less trusted
+					// sources.
+					//if (id.locallyValidate())
+						RR->sw->doAnythingWaitingForPeer(RR->topology->addPeer(SharedPtr<Peer>(new Peer(RR,RR->identity,id))));
+				}
+			} break;
+
+			case Packet::VERB_NETWORK_CONFIG_REQUEST: {
+				const SharedPtr<Network> nw(RR->node->network(at<uint64_t>(ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST__OK__IDX_NETWORK_ID)));
+				if ((nw)&&(nw->controller() == peer->address())) {
+					const unsigned int nclen = at<uint16_t>(ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST__OK__IDX_DICT_LEN);
+					if (nclen) {
+						Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> dconf((const char *)field(ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST__OK__IDX_DICT,nclen),nclen);
+						NetworkConfig nconf;
+						if (nconf.fromDictionary(dconf)) {
+							nw->setConfiguration(nconf,true);
+							TRACE("got network configuration for network %.16llx from %s",(unsigned long long)nw->id(),source().toString().c_str());
+						}
+					}
+				}
+			}	break;
+
+			//case Packet::VERB_ECHO: {
+			//}	break;
+
+			case Packet::VERB_MULTICAST_GATHER: {
+				const uint64_t nwid = at<uint64_t>(ZT_PROTO_VERB_MULTICAST_GATHER__OK__IDX_NETWORK_ID);
+				const MulticastGroup mg(MAC(field(ZT_PROTO_VERB_MULTICAST_GATHER__OK__IDX_MAC,6),6),at<uint32_t>(ZT_PROTO_VERB_MULTICAST_GATHER__OK__IDX_ADI));
+				TRACE("%s(%s): OK(MULTICAST_GATHER) %.16llx/%s length %u",source().toString().c_str(),_remoteAddress.toString().c_str(),nwid,mg.toString().c_str(),size());
+				const unsigned int count = at<uint16_t>(ZT_PROTO_VERB_MULTICAST_GATHER__OK__IDX_GATHER_RESULTS + 4);
+				RR->mc->addMultiple(RR->node->now(),nwid,mg,field(ZT_PROTO_VERB_MULTICAST_GATHER__OK__IDX_GATHER_RESULTS + 6,count * 5),count,at<uint32_t>(ZT_PROTO_VERB_MULTICAST_GATHER__OK__IDX_GATHER_RESULTS));
+			}	break;
+
+			case Packet::VERB_MULTICAST_FRAME: {
+				const unsigned int flags = (*this)[ZT_PROTO_VERB_MULTICAST_FRAME__OK__IDX_FLAGS];
+				const uint64_t nwid = at<uint64_t>(ZT_PROTO_VERB_MULTICAST_FRAME__OK__IDX_NETWORK_ID);
+				const MulticastGroup mg(MAC(field(ZT_PROTO_VERB_MULTICAST_FRAME__OK__IDX_MAC,6),6),at<uint32_t>(ZT_PROTO_VERB_MULTICAST_FRAME__OK__IDX_ADI));
+
+				//TRACE("%s(%s): OK(MULTICAST_FRAME) %.16llx/%s flags %.2x",peer->address().toString().c_str(),_remoteAddress.toString().c_str(),nwid,mg.toString().c_str(),flags);
+
+				unsigned int offset = 0;
+
+				if ((flags & 0x01) != 0) {
+					// OK(MULTICAST_FRAME) includes certificate of membership update
+					CertificateOfMembership com;
+					offset += com.deserialize(*this,ZT_PROTO_VERB_MULTICAST_FRAME__OK__IDX_COM_AND_GATHER_RESULTS);
+					peer->validateAndSetNetworkMembershipCertificate(nwid,com);
+				}
+
+				if ((flags & 0x02) != 0) {
+					// OK(MULTICAST_FRAME) includes implicit gather results
+					offset += ZT_PROTO_VERB_MULTICAST_FRAME__OK__IDX_COM_AND_GATHER_RESULTS;
+					unsigned int totalKnown = at<uint32_t>(offset); offset += 4;
+					unsigned int count = at<uint16_t>(offset); offset += 2;
+					RR->mc->addMultiple(RR->node->now(),nwid,mg,field(offset,count * 5),count,totalKnown);
+				}
+			}	break;
+
+			default: break;
+		}
+
+		peer->received(_localAddress,_remoteAddress,hops(),packetId(),Packet::VERB_OK,inRePacketId,inReVerb);
+	} catch ( ... ) {
+		TRACE("dropped OK from %s(%s): unexpected exception",source().toString().c_str(),_remoteAddress.toString().c_str());
+	}
+	return true;
+}
+
+bool IncomingPacket::_doWHOIS(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer)
+{
+	try {
+		if (payloadLength() == ZT_ADDRESS_LENGTH) {
+			Identity queried(RR->topology->getIdentity(Address(payload(),ZT_ADDRESS_LENGTH)));
+			if (queried) {
+				Packet outp(peer->address(),RR->identity.address(),Packet::VERB_OK);
+				outp.append((unsigned char)Packet::VERB_WHOIS);
+				outp.append(packetId());
+				queried.serialize(outp,false);
+				outp.armor(peer->key(),true);
+				RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
+			} else {
+#ifdef ZT_ENABLE_CLUSTER
+				if (RR->cluster)
+					RR->cluster->sendDistributedQuery(*this);
+#endif
+			}
+		} else {
+			TRACE("dropped WHOIS from %s(%s): missing or invalid address",source().toString().c_str(),_remoteAddress.toString().c_str());
+		}
+		peer->received(_localAddress,_remoteAddress,hops(),packetId(),Packet::VERB_WHOIS,0,Packet::VERB_NOP);
+	} catch ( ... ) {
+		TRACE("dropped WHOIS from %s(%s): unexpected exception",source().toString().c_str(),_remoteAddress.toString().c_str());
+	}
+	return true;
+}
+
+bool IncomingPacket::_doRENDEZVOUS(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer)
+{
+	try {
+		if (RR->topology->isUpstream(peer->identity())) {
+			const Address with(field(ZT_PROTO_VERB_RENDEZVOUS_IDX_ZTADDRESS,ZT_ADDRESS_LENGTH),ZT_ADDRESS_LENGTH);
+			const SharedPtr<Peer> withPeer(RR->topology->getPeer(with));
+			if (withPeer) {
+				const unsigned int port = at<uint16_t>(ZT_PROTO_VERB_RENDEZVOUS_IDX_PORT);
+				const unsigned int addrlen = (*this)[ZT_PROTO_VERB_RENDEZVOUS_IDX_ADDRLEN];
+				if ((port > 0)&&((addrlen == 4)||(addrlen == 16))) {
+					peer->received(_localAddress,_remoteAddress,hops(),packetId(),Packet::VERB_RENDEZVOUS,0,Packet::VERB_NOP);
+
+					InetAddress atAddr(field(ZT_PROTO_VERB_RENDEZVOUS_IDX_ADDRESS,addrlen),addrlen,port);
+					TRACE("RENDEZVOUS from %s says %s might be at %s, starting NAT-t",peer->address().toString().c_str(),with.toString().c_str(),atAddr.toString().c_str());
+					if (RR->node->shouldUsePathForZeroTierTraffic(_localAddress,atAddr))
+						RR->sw->rendezvous(withPeer,_localAddress,atAddr);
+				} else {
+					TRACE("dropped corrupt RENDEZVOUS from %s(%s) (bad address or port)",peer->address().toString().c_str(),_remoteAddress.toString().c_str());
+				}
+			} else {
+				RR->sw->requestWhois(with);
+				TRACE("ignored RENDEZVOUS from %s(%s) to meet unknown peer %s",peer->address().toString().c_str(),_remoteAddress.toString().c_str(),with.toString().c_str());
+			}
+		} else {
+			TRACE("ignored RENDEZVOUS from %s(%s): not a root server or a network relay",peer->address().toString().c_str(),_remoteAddress.toString().c_str());
+		}
+	} catch ( ... ) {
+		TRACE("dropped RENDEZVOUS from %s(%s): unexpected exception",peer->address().toString().c_str(),_remoteAddress.toString().c_str());
+	}
+	return true;
+}
+
+bool IncomingPacket::_doFRAME(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer)
+{
+	try {
+		const SharedPtr<Network> network(RR->node->network(at<uint64_t>(ZT_PROTO_VERB_FRAME_IDX_NETWORK_ID)));
+		if (network) {
+			if (size() > ZT_PROTO_VERB_FRAME_IDX_PAYLOAD) {
+				if (!network->isAllowed(peer)) {
+					TRACE("dropped FRAME from %s(%s): not a member of private network %.16llx",peer->address().toString().c_str(),_remoteAddress.toString().c_str(),(unsigned long long)network->id());
+					_sendErrorNeedCertificate(RR,peer,network->id());
+					return true;
+				}
+
+				const unsigned int etherType = at<uint16_t>(ZT_PROTO_VERB_FRAME_IDX_ETHERTYPE);
+				if (!network->config().permitsEtherType(etherType)) {
+					TRACE("dropped FRAME from %s(%s): ethertype %.4x not allowed on %.16llx",peer->address().toString().c_str(),_remoteAddress.toString().c_str(),(unsigned int)etherType,(unsigned long long)network->id());
+					return true;
+				}
+
+				const unsigned int payloadLen = size() - ZT_PROTO_VERB_FRAME_IDX_PAYLOAD;
+				RR->node->putFrame(network->id(),network->userPtr(),MAC(peer->address(),network->id()),network->mac(),etherType,0,field(ZT_PROTO_VERB_FRAME_IDX_PAYLOAD,payloadLen),payloadLen);
+			}
+
+			peer->received(_localAddress,_remoteAddress,hops(),packetId(),Packet::VERB_FRAME,0,Packet::VERB_NOP);
+		} else {
+			TRACE("dropped FRAME from %s(%s): we are not connected to network %.16llx",source().toString().c_str(),_remoteAddress.toString().c_str(),at<uint64_t>(ZT_PROTO_VERB_FRAME_IDX_NETWORK_ID));
+		}
+	} catch ( ... ) {
+		TRACE("dropped FRAME from %s(%s): unexpected exception",source().toString().c_str(),_remoteAddress.toString().c_str());
+	}
+	return true;
+}
+
+bool IncomingPacket::_doEXT_FRAME(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer)
+{
+	try {
+		SharedPtr<Network> network(RR->node->network(at<uint64_t>(ZT_PROTO_VERB_EXT_FRAME_IDX_NETWORK_ID)));
+		if (network) {
+			if (size() > ZT_PROTO_VERB_EXT_FRAME_IDX_PAYLOAD) {
+				const unsigned int flags = (*this)[ZT_PROTO_VERB_EXT_FRAME_IDX_FLAGS];
+
+				unsigned int comLen = 0;
+				if ((flags & 0x01) != 0) {
+					CertificateOfMembership com;
+					comLen = com.deserialize(*this,ZT_PROTO_VERB_EXT_FRAME_IDX_COM);
+					peer->validateAndSetNetworkMembershipCertificate(network->id(),com);
+				}
+
+				if (!network->isAllowed(peer)) {
+					TRACE("dropped EXT_FRAME from %s(%s): not a member of private network %.16llx",peer->address().toString().c_str(),_remoteAddress.toString().c_str(),network->id());
+					_sendErrorNeedCertificate(RR,peer,network->id());
+					return true;
+				}
+
+				// Everything after flags must be adjusted based on the length
+				// of the certificate, if there was one...
+
+				const unsigned int etherType = at<uint16_t>(comLen + ZT_PROTO_VERB_EXT_FRAME_IDX_ETHERTYPE);
+				if (!network->config().permitsEtherType(etherType)) {
+					TRACE("dropped EXT_FRAME from %s(%s): ethertype %.4x not allowed on network %.16llx",peer->address().toString().c_str(),_remoteAddress.toString().c_str(),(unsigned int)etherType,(unsigned long long)network->id());
+					return true;
+				}
+
+				const MAC to(field(comLen + ZT_PROTO_VERB_EXT_FRAME_IDX_TO,ZT_PROTO_VERB_EXT_FRAME_LEN_TO),ZT_PROTO_VERB_EXT_FRAME_LEN_TO);
+				const MAC from(field(comLen + ZT_PROTO_VERB_EXT_FRAME_IDX_FROM,ZT_PROTO_VERB_EXT_FRAME_LEN_FROM),ZT_PROTO_VERB_EXT_FRAME_LEN_FROM);
+
+				if (to.isMulticast()) {
+					TRACE("dropped EXT_FRAME from %s@%s(%s) to %s: destination is multicast, must use MULTICAST_FRAME",from.toString().c_str(),peer->address().toString().c_str(),_remoteAddress.toString().c_str(),to.toString().c_str());
+					return true;
+				}
+
+				if ((!from)||(from.isMulticast())||(from == network->mac())) {
+					TRACE("dropped EXT_FRAME from %s@%s(%s) to %s: invalid source MAC",from.toString().c_str(),peer->address().toString().c_str(),_remoteAddress.toString().c_str(),to.toString().c_str());
+					return true;
+				}
+
+				if (from != MAC(peer->address(),network->id())) {
+					if (network->config().permitsBridging(peer->address())) {
+						network->learnBridgeRoute(from,peer->address());
+					} else {
+						TRACE("dropped EXT_FRAME from %s@%s(%s) to %s: sender not allowed to bridge into %.16llx",from.toString().c_str(),peer->address().toString().c_str(),_remoteAddress.toString().c_str(),to.toString().c_str(),network->id());
+						return true;
+					}
+				} else if (to != network->mac()) {
+					if (!network->config().permitsBridging(RR->identity.address())) {
+						TRACE("dropped EXT_FRAME from %s@%s(%s) to %s: I cannot bridge to %.16llx or bridging disabled on network",from.toString().c_str(),peer->address().toString().c_str(),_remoteAddress.toString().c_str(),to.toString().c_str(),network->id());
+						return true;
+					}
+				}
+
+				const unsigned int payloadLen = size() - (comLen + ZT_PROTO_VERB_EXT_FRAME_IDX_PAYLOAD);
+				RR->node->putFrame(network->id(),network->userPtr(),from,to,etherType,0,field(comLen + ZT_PROTO_VERB_EXT_FRAME_IDX_PAYLOAD,payloadLen),payloadLen);
+			}
+
+			peer->received(_localAddress,_remoteAddress,hops(),packetId(),Packet::VERB_EXT_FRAME,0,Packet::VERB_NOP);
+		} else {
+			TRACE("dropped EXT_FRAME from %s(%s): we are not connected to network %.16llx",source().toString().c_str(),_remoteAddress.toString().c_str(),at<uint64_t>(ZT_PROTO_VERB_FRAME_IDX_NETWORK_ID));
+		}
+	} catch ( ... ) {
+		TRACE("dropped EXT_FRAME from %s(%s): unexpected exception",source().toString().c_str(),_remoteAddress.toString().c_str());
+	}
+	return true;
+}
+
+bool IncomingPacket::_doECHO(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer)
+{
+	try {
+		const uint64_t pid = packetId();
+		Packet outp(peer->address(),RR->identity.address(),Packet::VERB_OK);
+		outp.append((unsigned char)Packet::VERB_ECHO);
+		outp.append((uint64_t)pid);
+		if (size() > ZT_PACKET_IDX_PAYLOAD)
+			outp.append(reinterpret_cast<const unsigned char *>(data()) + ZT_PACKET_IDX_PAYLOAD,size() - ZT_PACKET_IDX_PAYLOAD);
+		outp.armor(peer->key(),true);
+		RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
+		peer->received(_localAddress,_remoteAddress,hops(),pid,Packet::VERB_ECHO,0,Packet::VERB_NOP);
+	} catch ( ... ) {
+		TRACE("dropped ECHO from %s(%s): unexpected exception",source().toString().c_str(),_remoteAddress.toString().c_str());
+	}
+	return true;
+}
+
+bool IncomingPacket::_doMULTICAST_LIKE(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer)
+{
+	try {
+		const uint64_t now = RR->node->now();
+
+		// Iterate through 18-byte network,MAC,ADI tuples
+		for(unsigned int ptr=ZT_PACKET_IDX_PAYLOAD;ptr<size();ptr+=18) {
+			const uint64_t nwid = at<uint64_t>(ptr);
+			const MulticastGroup group(MAC(field(ptr + 8,6),6),at<uint32_t>(ptr + 14));
+			RR->mc->add(now,nwid,group,peer->address());
+		}
+
+		peer->received(_localAddress,_remoteAddress,hops(),packetId(),Packet::VERB_MULTICAST_LIKE,0,Packet::VERB_NOP);
+	} catch ( ... ) {
+		TRACE("dropped MULTICAST_LIKE from %s(%s): unexpected exception",source().toString().c_str(),_remoteAddress.toString().c_str());
+	}
+	return true;
+}
+
+bool IncomingPacket::_doNETWORK_MEMBERSHIP_CERTIFICATE(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer)
+{
+	try {
+		CertificateOfMembership com;
+
+		unsigned int ptr = ZT_PACKET_IDX_PAYLOAD;
+		while (ptr < size()) {
+			ptr += com.deserialize(*this,ptr);
+			peer->validateAndSetNetworkMembershipCertificate(com.networkId(),com);
+		}
+
+		peer->received(_localAddress,_remoteAddress,hops(),packetId(),Packet::VERB_NETWORK_MEMBERSHIP_CERTIFICATE,0,Packet::VERB_NOP);
+	} catch ( ... ) {
+		TRACE("dropped NETWORK_MEMBERSHIP_CERTIFICATE from %s(%s): unexpected exception",source().toString().c_str(),_remoteAddress.toString().c_str());
+	}
+	return true;
+}
+
+bool IncomingPacket::_doNETWORK_CONFIG_REQUEST(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer)
+{
+	try {
+		const uint64_t nwid = at<uint64_t>(ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST_IDX_NETWORK_ID);
+
+		const unsigned int metaDataLength = at<uint16_t>(ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST_IDX_DICT_LEN);
+		const char *metaDataBytes = (const char *)field(ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST_IDX_DICT,metaDataLength);
+		const Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> metaData(metaDataBytes,metaDataLength);
+
+		//const uint64_t haveRevision = ((ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST_IDX_DICT + metaDataLength + 8) <= size()) ? at<uint64_t>(ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST_IDX_DICT + metaDataLength) : 0ULL;
+
+		const unsigned int h = hops();
+		const uint64_t pid = packetId();
+		peer->received(_localAddress,_remoteAddress,h,pid,Packet::VERB_NETWORK_CONFIG_REQUEST,0,Packet::VERB_NOP);
+
+		if (RR->localNetworkController) {
+			NetworkConfig netconf;
+			switch(RR->localNetworkController->doNetworkConfigRequest((h > 0) ? InetAddress() : _remoteAddress,RR->identity,peer->identity(),nwid,metaData,netconf)) {
+
+				case NetworkController::NETCONF_QUERY_OK: {
+					Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> dconf;
+					if (netconf.toDictionary(dconf,metaData.getUI(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_VERSION,0) < 6)) {
+						Packet outp(peer->address(),RR->identity.address(),Packet::VERB_OK);
+						outp.append((unsigned char)Packet::VERB_NETWORK_CONFIG_REQUEST);
+						outp.append(pid);
+						outp.append(nwid);
+						const unsigned int dlen = dconf.sizeBytes();
+						outp.append((uint16_t)dlen);
+						outp.append((const void *)dconf.data(),dlen);
+						outp.compress();
+						RR->sw->send(outp,true,0);
+					}
+				}	break;
+
+				case NetworkController::NETCONF_QUERY_OBJECT_NOT_FOUND: {
+					Packet outp(peer->address(),RR->identity.address(),Packet::VERB_ERROR);
+					outp.append((unsigned char)Packet::VERB_NETWORK_CONFIG_REQUEST);
+					outp.append(pid);
+					outp.append((unsigned char)Packet::ERROR_OBJ_NOT_FOUND);
+					outp.append(nwid);
+					outp.armor(peer->key(),true);
+					RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
+				}	break;
+
+				case NetworkController::NETCONF_QUERY_ACCESS_DENIED: {
+					Packet outp(peer->address(),RR->identity.address(),Packet::VERB_ERROR);
+					outp.append((unsigned char)Packet::VERB_NETWORK_CONFIG_REQUEST);
+					outp.append(pid);
+					outp.append((unsigned char)Packet::ERROR_NETWORK_ACCESS_DENIED_);
+					outp.append(nwid);
+					outp.armor(peer->key(),true);
+					RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
+				} break;
+
+				case NetworkController::NETCONF_QUERY_INTERNAL_SERVER_ERROR:
+					// TRACE("NETWORK_CONFIG_REQUEST failed: internal error: %s",netconf.get("error","(unknown)").c_str());
+					break;
+
+				case NetworkController::NETCONF_QUERY_IGNORE:
+					break;
+
+				default:
+					TRACE("NETWORK_CONFIG_REQUEST failed: invalid return value from NetworkController::doNetworkConfigRequest()");
+					break;
+
+			}
+		} else {
+			Packet outp(peer->address(),RR->identity.address(),Packet::VERB_ERROR);
+			outp.append((unsigned char)Packet::VERB_NETWORK_CONFIG_REQUEST);
+			outp.append(pid);
+			outp.append((unsigned char)Packet::ERROR_UNSUPPORTED_OPERATION);
+			outp.append(nwid);
+			outp.armor(peer->key(),true);
+			RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
+		}
+	} catch ( ... ) {
+		TRACE("dropped NETWORK_CONFIG_REQUEST from %s(%s): unexpected exception",source().toString().c_str(),_remoteAddress.toString().c_str());
+	}
+	return true;
+}
+
+bool IncomingPacket::_doNETWORK_CONFIG_REFRESH(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer)
+{
+	try {
+		unsigned int ptr = ZT_PACKET_IDX_PAYLOAD;
+		while ((ptr + 8) <= size()) {
+			uint64_t nwid = at<uint64_t>(ptr);
+			SharedPtr<Network> nw(RR->node->network(nwid));
+			if ((nw)&&(peer->address() == nw->controller()))
+				nw->requestConfiguration();
+			ptr += 8;
+		}
+		peer->received(_localAddress,_remoteAddress,hops(),packetId(),Packet::VERB_NETWORK_CONFIG_REFRESH,0,Packet::VERB_NOP);
+	} catch ( ... ) {
+		TRACE("dropped NETWORK_CONFIG_REFRESH from %s(%s): unexpected exception",source().toString().c_str(),_remoteAddress.toString().c_str());
+	}
+	return true;
+}
+
+bool IncomingPacket::_doMULTICAST_GATHER(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer)
+{
+	try {
+		const uint64_t nwid = at<uint64_t>(ZT_PROTO_VERB_MULTICAST_GATHER_IDX_NETWORK_ID);
+		const MulticastGroup mg(MAC(field(ZT_PROTO_VERB_MULTICAST_GATHER_IDX_MAC,6),6),at<uint32_t>(ZT_PROTO_VERB_MULTICAST_GATHER_IDX_ADI));
+		const unsigned int gatherLimit = at<uint32_t>(ZT_PROTO_VERB_MULTICAST_GATHER_IDX_GATHER_LIMIT);
+
+		//TRACE("<<MC %s(%s) GATHER up to %u in %.16llx/%s",source().toString().c_str(),_remoteAddress.toString().c_str(),gatherLimit,nwid,mg.toString().c_str());
+
+		if (gatherLimit) {
+			Packet outp(peer->address(),RR->identity.address(),Packet::VERB_OK);
+			outp.append((unsigned char)Packet::VERB_MULTICAST_GATHER);
+			outp.append(packetId());
+			outp.append(nwid);
+			mg.mac().appendTo(outp);
+			outp.append((uint32_t)mg.adi());
+			const unsigned int gatheredLocally = RR->mc->gather(peer->address(),nwid,mg,outp,gatherLimit);
+			if (gatheredLocally) {
+				outp.armor(peer->key(),true);
+				RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
+			}
+
+#ifdef ZT_ENABLE_CLUSTER
+			if ((RR->cluster)&&(gatheredLocally < gatherLimit))
+				RR->cluster->sendDistributedQuery(*this);
+#endif
+		}
+
+		peer->received(_localAddress,_remoteAddress,hops(),packetId(),Packet::VERB_MULTICAST_GATHER,0,Packet::VERB_NOP);
+	} catch ( ... ) {
+		TRACE("dropped MULTICAST_GATHER from %s(%s): unexpected exception",source().toString().c_str(),_remoteAddress.toString().c_str());
+	}
+	return true;
+}
+
+bool IncomingPacket::_doMULTICAST_FRAME(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer)
+{
+	try {
+		const uint64_t nwid = at<uint64_t>(ZT_PROTO_VERB_MULTICAST_FRAME_IDX_NETWORK_ID);
+		const unsigned int flags = (*this)[ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FLAGS];
+
+		const SharedPtr<Network> network(RR->node->network(nwid));
+		if (network) {
+			// Offset -- size of optional fields added to position of later fields
+			unsigned int offset = 0;
+
+			if ((flags & 0x01) != 0) {
+				CertificateOfMembership com;
+				offset += com.deserialize(*this,ZT_PROTO_VERB_MULTICAST_FRAME_IDX_COM);
+				peer->validateAndSetNetworkMembershipCertificate(nwid,com);
+			}
+
+			// Check membership after we've read any included COM, since
+			// that cert might be what we needed.
+			if (!network->isAllowed(peer)) {
+				TRACE("dropped MULTICAST_FRAME from %s(%s): not a member of private network %.16llx",peer->address().toString().c_str(),_remoteAddress.toString().c_str(),(unsigned long long)network->id());
+				_sendErrorNeedCertificate(RR,peer,network->id());
+				return true;
+			}
+
+			unsigned int gatherLimit = 0;
+			if ((flags & 0x02) != 0) {
+				gatherLimit = at<uint32_t>(offset + ZT_PROTO_VERB_MULTICAST_FRAME_IDX_GATHER_LIMIT);
+				offset += 4;
+			}
+
+			MAC from;
+			if ((flags & 0x04) != 0) {
+				from.setTo(field(offset + ZT_PROTO_VERB_MULTICAST_FRAME_IDX_SOURCE_MAC,6),6);
+				offset += 6;
+			} else {
+				from.fromAddress(peer->address(),nwid);
+			}
+
+			const MulticastGroup to(MAC(field(offset + ZT_PROTO_VERB_MULTICAST_FRAME_IDX_DEST_MAC,6),6),at<uint32_t>(offset + ZT_PROTO_VERB_MULTICAST_FRAME_IDX_DEST_ADI));
+			const unsigned int etherType = at<uint16_t>(offset + ZT_PROTO_VERB_MULTICAST_FRAME_IDX_ETHERTYPE);
+			const unsigned int payloadLen = size() - (offset + ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FRAME);
+
+			//TRACE("<<MC FRAME %.16llx/%s from %s@%s flags %.2x length %u",nwid,to.toString().c_str(),from.toString().c_str(),peer->address().toString().c_str(),flags,payloadLen);
+
+			if ((payloadLen > 0)&&(payloadLen <= ZT_IF_MTU)) {
+				if (!to.mac().isMulticast()) {
+					TRACE("dropped MULTICAST_FRAME from %s@%s(%s) to %s: destination is unicast, must use FRAME or EXT_FRAME",from.toString().c_str(),peer->address().toString().c_str(),_remoteAddress.toString().c_str(),to.toString().c_str());
+					return true;
+				}
+				if ((!from)||(from.isMulticast())||(from == network->mac())) {
+					TRACE("dropped MULTICAST_FRAME from %s@%s(%s) to %s: invalid source MAC",from.toString().c_str(),peer->address().toString().c_str(),_remoteAddress.toString().c_str(),to.toString().c_str());
+					return true;
+				}
+
+				if (from != MAC(peer->address(),network->id())) {
+					if (network->config().permitsBridging(peer->address())) {
+						network->learnBridgeRoute(from,peer->address());
+					} else {
+						TRACE("dropped MULTICAST_FRAME from %s@%s(%s) to %s: sender not allowed to bridge into %.16llx",from.toString().c_str(),peer->address().toString().c_str(),_remoteAddress.toString().c_str(),to.toString().c_str(),network->id());
+						return true;
+					}
+				}
+
+				RR->node->putFrame(network->id(),network->userPtr(),from,to.mac(),etherType,0,field(offset + ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FRAME,payloadLen),payloadLen);
+			}
+
+			if (gatherLimit) {
+				Packet outp(source(),RR->identity.address(),Packet::VERB_OK);
+				outp.append((unsigned char)Packet::VERB_MULTICAST_FRAME);
+				outp.append(packetId());
+				outp.append(nwid);
+				to.mac().appendTo(outp);
+				outp.append((uint32_t)to.adi());
+				outp.append((unsigned char)0x02); // flag 0x02 = contains gather results
+				if (RR->mc->gather(peer->address(),nwid,to,outp,gatherLimit)) {
+					outp.armor(peer->key(),true);
+					RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
+				}
+			}
+		} // else ignore -- not a member of this network
+
+		peer->received(_localAddress,_remoteAddress,hops(),packetId(),Packet::VERB_MULTICAST_FRAME,0,Packet::VERB_NOP);
+	} catch ( ... ) {
+		TRACE("dropped MULTICAST_FRAME from %s(%s): unexpected exception",source().toString().c_str(),_remoteAddress.toString().c_str());
+	}
+	return true;
+}
+
+bool IncomingPacket::_doPUSH_DIRECT_PATHS(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer)
+{
+	try {
+		const uint64_t now = RR->node->now();
+
+		// First, subject this to a rate limit
+		if (!peer->shouldRespondToDirectPathPush(now)) {
+			TRACE("dropped PUSH_DIRECT_PATHS from %s(%s): circuit breaker tripped",source().toString().c_str(),_remoteAddress.toString().c_str());
+			return true;
+		}
+
+		// Second, limit addresses by scope and type
+		uint8_t countPerScope[ZT_INETADDRESS_MAX_SCOPE+1][2]; // [][0] is v4, [][1] is v6
+		memset(countPerScope,0,sizeof(countPerScope));
+
+		unsigned int count = at<uint16_t>(ZT_PACKET_IDX_PAYLOAD);
+		unsigned int ptr = ZT_PACKET_IDX_PAYLOAD + 2;
+
+		while (count--) { // if ptr overflows Buffer will throw
+			// TODO: some flags are not yet implemented
+
+			unsigned int flags = (*this)[ptr++];
+			unsigned int extLen = at<uint16_t>(ptr); ptr += 2;
+			ptr += extLen; // unused right now
+			unsigned int addrType = (*this)[ptr++];
+			unsigned int addrLen = (*this)[ptr++];
+
+			switch(addrType) {
+				case 4: {
+					InetAddress a(field(ptr,4),4,at<uint16_t>(ptr + 4));
+
+					bool redundant = false;
+					if ((flags & ZT_PUSH_DIRECT_PATHS_FLAG_CLUSTER_REDIRECT) != 0) {
+						peer->setClusterOptimalPathForAddressFamily(a);
+					} else {
+						redundant = peer->hasActivePathTo(now,a);
+					}
+
+					if ( ((flags & ZT_PUSH_DIRECT_PATHS_FLAG_FORGET_PATH) == 0) && (!redundant) && (RR->node->shouldUsePathForZeroTierTraffic(_localAddress,a)) ) {
+						if (++countPerScope[(int)a.ipScope()][0] <= ZT_PUSH_DIRECT_PATHS_MAX_PER_SCOPE_AND_FAMILY) {
+							TRACE("attempting to contact %s at pushed direct path %s",peer->address().toString().c_str(),a.toString().c_str());
+							peer->sendHELLO(InetAddress(),a,now);
+						} else {
+							TRACE("ignoring contact for %s at %s -- too many per scope",peer->address().toString().c_str(),a.toString().c_str());
+						}
+					}
+				}	break;
+				case 6: {
+					InetAddress a(field(ptr,16),16,at<uint16_t>(ptr + 16));
+
+					bool redundant = false;
+					if ((flags & ZT_PUSH_DIRECT_PATHS_FLAG_CLUSTER_REDIRECT) != 0) {
+						peer->setClusterOptimalPathForAddressFamily(a);
+					} else {
+						redundant = peer->hasActivePathTo(now,a);
+					}
+
+					if ( ((flags & ZT_PUSH_DIRECT_PATHS_FLAG_FORGET_PATH) == 0) && (!redundant) && (RR->node->shouldUsePathForZeroTierTraffic(_localAddress,a)) ) {
+						if (++countPerScope[(int)a.ipScope()][1] <= ZT_PUSH_DIRECT_PATHS_MAX_PER_SCOPE_AND_FAMILY) {
+							TRACE("attempting to contact %s at pushed direct path %s",peer->address().toString().c_str(),a.toString().c_str());
+							peer->sendHELLO(InetAddress(),a,now);
+						} else {
+							TRACE("ignoring contact for %s at %s -- too many per scope",peer->address().toString().c_str(),a.toString().c_str());
+						}
+					}
+				}	break;
+			}
+			ptr += addrLen;
+		}
+
+		peer->received(_localAddress,_remoteAddress,hops(),packetId(),Packet::VERB_PUSH_DIRECT_PATHS,0,Packet::VERB_NOP);
+	} catch ( ... ) {
+		TRACE("dropped PUSH_DIRECT_PATHS from %s(%s): unexpected exception",source().toString().c_str(),_remoteAddress.toString().c_str());
+	}
+	return true;
+}
+
+bool IncomingPacket::_doCIRCUIT_TEST(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer)
+{
+	try {
+		const Address originatorAddress(field(ZT_PACKET_IDX_PAYLOAD,ZT_ADDRESS_LENGTH),ZT_ADDRESS_LENGTH);
+		SharedPtr<Peer> originator(RR->topology->getPeer(originatorAddress));
+		if (!originator) {
+			RR->sw->requestWhois(originatorAddress);
+			return false;
+		}
+
+		const unsigned int flags = at<uint16_t>(ZT_PACKET_IDX_PAYLOAD + 5);
+		const uint64_t timestamp = at<uint64_t>(ZT_PACKET_IDX_PAYLOAD + 7);
+		const uint64_t testId = at<uint64_t>(ZT_PACKET_IDX_PAYLOAD + 15);
+
+		// Tracks total length of variable length fields, initialized to originator credential length below
+		unsigned int vlf;
+
+		// Originator credentials
+		const unsigned int originatorCredentialLength = vlf = at<uint16_t>(ZT_PACKET_IDX_PAYLOAD + 23);
+		uint64_t originatorCredentialNetworkId = 0;
+		if (originatorCredentialLength >= 1) {
+			switch((*this)[ZT_PACKET_IDX_PAYLOAD + 25]) {
+				case 0x01: { // 64-bit network ID, originator must be controller
+					if (originatorCredentialLength >= 9)
+						originatorCredentialNetworkId = at<uint64_t>(ZT_PACKET_IDX_PAYLOAD + 26);
+				}	break;
+				default: break;
+			}
+		}
+
+		// Add length of "additional fields," which are currently unused
+		vlf += at<uint16_t>(ZT_PACKET_IDX_PAYLOAD + 25 + vlf);
+
+		// Verify signature -- only tests signed by their originators are allowed
+		const unsigned int signatureLength = at<uint16_t>(ZT_PACKET_IDX_PAYLOAD + 27 + vlf);
+		if (!originator->identity().verify(field(ZT_PACKET_IDX_PAYLOAD,27 + vlf),27 + vlf,field(ZT_PACKET_IDX_PAYLOAD + 29 + vlf,signatureLength),signatureLength)) {
+			TRACE("dropped CIRCUIT_TEST from %s(%s): signature by originator %s invalid",source().toString().c_str(),_remoteAddress.toString().c_str(),originatorAddress.toString().c_str());
+			return true;
+		}
+		vlf += signatureLength;
+
+		// Save this length so we can copy the immutable parts of this test
+		// into the one we send along to next hops.
+		const unsigned int lengthOfSignedPortionAndSignature = 29 + vlf;
+
+		// Get previous hop's credential, if any
+		const unsigned int previousHopCredentialLength = at<uint16_t>(ZT_PACKET_IDX_PAYLOAD + 29 + vlf);
+		CertificateOfMembership previousHopCom;
+		if (previousHopCredentialLength >= 1) {
+			switch((*this)[ZT_PACKET_IDX_PAYLOAD + 31 + vlf]) {
+				case 0x01: { // network certificate of membership for previous hop
+					const unsigned int phcl = previousHopCom.deserialize(*this,ZT_PACKET_IDX_PAYLOAD + 32 + vlf);
+					if (phcl != (previousHopCredentialLength - 1)) {
+						TRACE("dropped CIRCUIT_TEST from %s(%s): previous hop COM invalid (%u != %u)",source().toString().c_str(),_remoteAddress.toString().c_str(),phcl,(previousHopCredentialLength - 1));
+						return true;
+					}
+				}	break;
+				default: break;
+			}
+		}
+		vlf += previousHopCredentialLength;
+
+		// Check credentials (signature already verified)
+		NetworkConfig originatorCredentialNetworkConfig;
+		if (originatorCredentialNetworkId) {
+			if (Network::controllerFor(originatorCredentialNetworkId) == originatorAddress) {
+				SharedPtr<Network> nw(RR->node->network(originatorCredentialNetworkId));
+				if ((nw)&&(nw->hasConfig())) {
+					originatorCredentialNetworkConfig = nw->config();
+					if ( ( (originatorCredentialNetworkConfig.isPublic()) || (peer->address() == originatorAddress) || ((originatorCredentialNetworkConfig.com)&&(previousHopCom)&&(originatorCredentialNetworkConfig.com.agreesWith(previousHopCom))) ) ) {
+						TRACE("CIRCUIT_TEST %.16llx received from hop %s(%s) and originator %s with valid network ID credential %.16llx (verified from originator and next hop)",testId,source().toString().c_str(),_remoteAddress.toString().c_str(),originatorAddress.toString().c_str(),originatorCredentialNetworkId);
+					} else {
+						TRACE("dropped CIRCUIT_TEST from %s(%s): originator %s specified network ID %.16llx as credential, and previous hop %s did not supply a valid COM",source().toString().c_str(),_remoteAddress.toString().c_str(),originatorAddress.toString().c_str(),originatorCredentialNetworkId,peer->address().toString().c_str());
+						return true;
+					}
+				} else {
+					TRACE("dropped CIRCUIT_TEST from %s(%s): originator %s specified network ID %.16llx as credential, and we are not a member",source().toString().c_str(),_remoteAddress.toString().c_str(),originatorAddress.toString().c_str(),originatorCredentialNetworkId);
+					return true;
+				}
+			} else {
+				TRACE("dropped CIRCUIT_TEST from %s(%s): originator %s specified network ID as credential, is not controller for %.16llx",source().toString().c_str(),_remoteAddress.toString().c_str(),originatorAddress.toString().c_str(),originatorCredentialNetworkId);
+				return true;
+			}
+		} else {
+			TRACE("dropped CIRCUIT_TEST from %s(%s): originator %s did not specify a credential or credential type",source().toString().c_str(),_remoteAddress.toString().c_str(),originatorAddress.toString().c_str());
+			return true;
+		}
+
+		const uint64_t now = RR->node->now();
+
+		unsigned int breadth = 0;
+		Address nextHop[256]; // breadth is a uin8_t, so this is the max
+		InetAddress nextHopBestPathAddress[256];
+		unsigned int remainingHopsPtr = ZT_PACKET_IDX_PAYLOAD + 33 + vlf;
+		if ((ZT_PACKET_IDX_PAYLOAD + 31 + vlf) < size()) {
+			// unsigned int nextHopFlags = (*this)[ZT_PACKET_IDX_PAYLOAD + 31 + vlf]
+			breadth = (*this)[ZT_PACKET_IDX_PAYLOAD + 32 + vlf];
+			for(unsigned int h=0;h<breadth;++h) {
+				nextHop[h].setTo(field(remainingHopsPtr,ZT_ADDRESS_LENGTH),ZT_ADDRESS_LENGTH);
+				remainingHopsPtr += ZT_ADDRESS_LENGTH;
+				SharedPtr<Peer> nhp(RR->topology->getPeer(nextHop[h]));
+				if (nhp) {
+					Path *const rp = nhp->getBestPath(now);
+					if (rp)
+						nextHopBestPathAddress[h] = rp->address();
+				}
+			}
+		}
+
+		// Report back to originator, depending on flags and whether we are last hop
+		if ( ((flags & 0x01) != 0) || ((breadth == 0)&&((flags & 0x02) != 0)) ) {
+			Packet outp(originatorAddress,RR->identity.address(),Packet::VERB_CIRCUIT_TEST_REPORT);
+			outp.append((uint64_t)timestamp);
+			outp.append((uint64_t)testId);
+			outp.append((uint64_t)0); // field reserved for future use
+			outp.append((uint8_t)ZT_VENDOR_ZEROTIER);
+			outp.append((uint8_t)ZT_PROTO_VERSION);
+			outp.append((uint8_t)ZEROTIER_ONE_VERSION_MAJOR);
+			outp.append((uint8_t)ZEROTIER_ONE_VERSION_MINOR);
+			outp.append((uint16_t)ZEROTIER_ONE_VERSION_REVISION);
+			outp.append((uint16_t)ZT_PLATFORM_UNSPECIFIED);
+			outp.append((uint16_t)ZT_ARCHITECTURE_UNSPECIFIED);
+			outp.append((uint16_t)0); // error code, currently unused
+			outp.append((uint64_t)0); // flags, currently unused
+			outp.append((uint64_t)packetId());
+			peer->address().appendTo(outp);
+			outp.append((uint8_t)hops());
+			_localAddress.serialize(outp);
+			_remoteAddress.serialize(outp);
+			outp.append((uint16_t)0); // no additional fields
+			outp.append((uint8_t)breadth);
+			for(unsigned int h=0;h<breadth;++h) {
+				nextHop[h].appendTo(outp);
+				nextHopBestPathAddress[h].serialize(outp); // appends 0 if null InetAddress
+			}
+			RR->sw->send(outp,true,0);
+		}
+
+		// If there are next hops, forward the test along through the graph
+		if (breadth > 0) {
+			Packet outp(Address(),RR->identity.address(),Packet::VERB_CIRCUIT_TEST);
+			outp.append(field(ZT_PACKET_IDX_PAYLOAD,lengthOfSignedPortionAndSignature),lengthOfSignedPortionAndSignature);
+			const unsigned int previousHopCredentialPos = outp.size();
+			outp.append((uint16_t)0); // no previous hop credentials: default
+			if ((originatorCredentialNetworkConfig)&&(!originatorCredentialNetworkConfig.isPublic())&&(originatorCredentialNetworkConfig.com)) {
+				outp.append((uint8_t)0x01); // COM
+				originatorCredentialNetworkConfig.com.serialize(outp);
+				outp.setAt<uint16_t>(previousHopCredentialPos,(uint16_t)(outp.size() - (previousHopCredentialPos + 2)));
+			}
+			if (remainingHopsPtr < size())
+				outp.append(field(remainingHopsPtr,size() - remainingHopsPtr),size() - remainingHopsPtr);
+
+			for(unsigned int h=0;h<breadth;++h) {
+				if (RR->identity.address() != nextHop[h]) { // next hops that loop back to the current hop are not valid
+					outp.newInitializationVector();
+					outp.setDestination(nextHop[h]);
+					RR->sw->send(outp,true,originatorCredentialNetworkId);
+				}
+			}
+		}
+
+		peer->received(_localAddress,_remoteAddress,hops(),packetId(),Packet::VERB_CIRCUIT_TEST,0,Packet::VERB_NOP);
+	} catch ( ... ) {
+		TRACE("dropped CIRCUIT_TEST from %s(%s): unexpected exception",source().toString().c_str(),_remoteAddress.toString().c_str());
+	}
+	return true;
+}
+
+bool IncomingPacket::_doCIRCUIT_TEST_REPORT(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer)
+{
+	try {
+		ZT_CircuitTestReport report;
+		memset(&report,0,sizeof(report));
+
+		report.current = peer->address().toInt();
+		report.upstream = Address(field(ZT_PACKET_IDX_PAYLOAD + 52,ZT_ADDRESS_LENGTH),ZT_ADDRESS_LENGTH).toInt();
+		report.testId = at<uint64_t>(ZT_PACKET_IDX_PAYLOAD + 8);
+		report.timestamp = at<uint64_t>(ZT_PACKET_IDX_PAYLOAD);
+		report.remoteTimestamp = at<uint64_t>(ZT_PACKET_IDX_PAYLOAD + 16);
+		report.sourcePacketId = at<uint64_t>(ZT_PACKET_IDX_PAYLOAD + 44);
+		report.flags = at<uint64_t>(ZT_PACKET_IDX_PAYLOAD + 36);
+		report.sourcePacketHopCount = (*this)[ZT_PACKET_IDX_PAYLOAD + 57]; // end of fixed length headers: 58
+		report.errorCode = at<uint16_t>(ZT_PACKET_IDX_PAYLOAD + 34);
+		report.vendor = (enum ZT_Vendor)((*this)[ZT_PACKET_IDX_PAYLOAD + 24]);
+		report.protocolVersion = (*this)[ZT_PACKET_IDX_PAYLOAD + 25];
+		report.majorVersion = (*this)[ZT_PACKET_IDX_PAYLOAD + 26];
+		report.minorVersion = (*this)[ZT_PACKET_IDX_PAYLOAD + 27];
+		report.revision = at<uint16_t>(ZT_PACKET_IDX_PAYLOAD + 28);
+		report.platform = (enum ZT_Platform)at<uint16_t>(ZT_PACKET_IDX_PAYLOAD + 30);
+		report.architecture = (enum ZT_Architecture)at<uint16_t>(ZT_PACKET_IDX_PAYLOAD + 32);
+
+		const unsigned int receivedOnLocalAddressLen = reinterpret_cast<InetAddress *>(&(report.receivedOnLocalAddress))->deserialize(*this,ZT_PACKET_IDX_PAYLOAD + 58);
+		const unsigned int receivedFromRemoteAddressLen = reinterpret_cast<InetAddress *>(&(report.receivedFromRemoteAddress))->deserialize(*this,ZT_PACKET_IDX_PAYLOAD + 58 + receivedOnLocalAddressLen);
+
+		unsigned int nhptr = ZT_PACKET_IDX_PAYLOAD + 58 + receivedOnLocalAddressLen + receivedFromRemoteAddressLen;
+		nhptr += at<uint16_t>(nhptr) + 2; // add "additional field" length, which right now will be zero
+
+		report.nextHopCount = (*this)[nhptr++];
+		if (report.nextHopCount > ZT_CIRCUIT_TEST_MAX_HOP_BREADTH) // sanity check, shouldn't be possible
+			report.nextHopCount = ZT_CIRCUIT_TEST_MAX_HOP_BREADTH;
+		for(unsigned int h=0;h<report.nextHopCount;++h) {
+			report.nextHops[h].address = Address(field(nhptr,ZT_ADDRESS_LENGTH),ZT_ADDRESS_LENGTH).toInt(); nhptr += ZT_ADDRESS_LENGTH;
+			nhptr += reinterpret_cast<InetAddress *>(&(report.nextHops[h].physicalAddress))->deserialize(*this,nhptr);
+		}
+
+		RR->node->postCircuitTestReport(&report);
+	} catch ( ... ) {
+		TRACE("dropped CIRCUIT_TEST_REPORT from %s(%s): unexpected exception",source().toString().c_str(),_remoteAddress.toString().c_str());
+	}
+	return true;
+}
+
+bool IncomingPacket::_doREQUEST_PROOF_OF_WORK(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer)
+{
+	try {
+		// If this were allowed from anyone, it would itself be a DOS vector. Right
+		// now we only allow it from roots and controllers of networks you have joined.
+		bool allowed = RR->topology->isRoot(peer->identity());
+		if (!allowed) {
+			std::vector< SharedPtr<Network> > allNetworks(RR->node->allNetworks());
+			for(std::vector< SharedPtr<Network> >::const_iterator n(allNetworks.begin());n!=allNetworks.end();++n) {
+				if (peer->address() == (*n)->controller()) {
+					allowed = true;
+					break;
+				}
+			}
+		}
+
+		if (allowed) {
+			const uint64_t pid = packetId();
+			const unsigned int difficulty = (*this)[ZT_PACKET_IDX_PAYLOAD + 1];
+			const unsigned int challengeLength = at<uint16_t>(ZT_PACKET_IDX_PAYLOAD + 2);
+			if (challengeLength > ZT_PROTO_MAX_PACKET_LENGTH)
+				return true; // sanity check, drop invalid size
+			const unsigned char *challenge = field(ZT_PACKET_IDX_PAYLOAD + 4,challengeLength);
+
+			switch((*this)[ZT_PACKET_IDX_PAYLOAD]) {
+
+				// Salsa20/12+SHA512 hashcash
+				case 0x01: {
+					if (difficulty <= 14) {
+						unsigned char result[16];
+						computeSalsa2012Sha512ProofOfWork(difficulty,challenge,challengeLength,result);
+						TRACE("PROOF_OF_WORK computed for %s: difficulty==%u, challengeLength==%u, result: %.16llx%.16llx",peer->address().toString().c_str(),difficulty,challengeLength,Utils::ntoh(*(reinterpret_cast<const uint64_t *>(result))),Utils::ntoh(*(reinterpret_cast<const uint64_t *>(result + 8))));
+						Packet outp(peer->address(),RR->identity.address(),Packet::VERB_OK);
+						outp.append((unsigned char)Packet::VERB_REQUEST_PROOF_OF_WORK);
+						outp.append(pid);
+						outp.append((uint16_t)sizeof(result));
+						outp.append(result,sizeof(result));
+						outp.armor(peer->key(),true);
+						RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
+					} else {
+						Packet outp(peer->address(),RR->identity.address(),Packet::VERB_ERROR);
+						outp.append((unsigned char)Packet::VERB_REQUEST_PROOF_OF_WORK);
+						outp.append(pid);
+						outp.append((unsigned char)Packet::ERROR_INVALID_REQUEST);
+						outp.armor(peer->key(),true);
+						RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
+					}
+				}	break;
+
+				default:
+					TRACE("dropped REQUEST_PROOF_OF_WORK from %s(%s): unrecognized proof of work type",peer->address().toString().c_str(),_remoteAddress.toString().c_str());
+					break;
+			}
+
+			peer->received(_localAddress,_remoteAddress,hops(),pid,Packet::VERB_REQUEST_PROOF_OF_WORK,0,Packet::VERB_NOP);
+		} else {
+			TRACE("dropped REQUEST_PROOF_OF_WORK from %s(%s): not trusted enough",peer->address().toString().c_str(),_remoteAddress.toString().c_str());
+		}
+	} catch ( ... ) {
+		TRACE("dropped REQUEST_PROOF_OF_WORK from %s(%s): unexpected exception",peer->address().toString().c_str(),_remoteAddress.toString().c_str());
+	}
+	return true;
+}
+
+void IncomingPacket::computeSalsa2012Sha512ProofOfWork(unsigned int difficulty,const void *challenge,unsigned int challengeLength,unsigned char result[16])
+{
+	unsigned char salsabuf[131072]; // 131072 == protocol constant, size of memory buffer for this proof of work function
+	char candidatebuf[ZT_PROTO_MAX_PACKET_LENGTH + 256];
+	unsigned char shabuf[ZT_SHA512_DIGEST_LEN];
+	const uint64_t s20iv = 0; // zero IV for Salsa20
+	char *const candidate = (char *)(( ((uintptr_t)&(candidatebuf[0])) | 0xf ) + 1); // align to 16-byte boundary to ensure that uint64_t type punning of initial nonce is okay
+	Salsa20 s20;
+	unsigned int d;
+	unsigned char *p;
+
+	Utils::getSecureRandom(candidate,16);
+	memcpy(candidate + 16,challenge,challengeLength);
+
+	if (difficulty > 512)
+		difficulty = 512; // sanity check
+
+try_salsa2012sha512_again:
+	++*(reinterpret_cast<volatile uint64_t *>(candidate));
+
+	SHA512::hash(shabuf,candidate,16 + challengeLength);
+	s20.init(shabuf,256,&s20iv);
+	memset(salsabuf,0,sizeof(salsabuf));
+	s20.encrypt12(salsabuf,salsabuf,sizeof(salsabuf));
+	SHA512::hash(shabuf,salsabuf,sizeof(salsabuf));
+
+	d = difficulty;
+	p = shabuf;
+	while (d >= 8) {
+		if (*(p++))
+			goto try_salsa2012sha512_again;
+		d -= 8;
+	}
+	if (d > 0) {
+		if ( ((((unsigned int)*p) << d) & 0xff00) != 0 )
+			goto try_salsa2012sha512_again;
+	}
+
+	memcpy(result,candidate,16);
+}
+
+bool IncomingPacket::testSalsa2012Sha512ProofOfWorkResult(unsigned int difficulty,const void *challenge,unsigned int challengeLength,const unsigned char proposedResult[16])
+{
+	unsigned char salsabuf[131072]; // 131072 == protocol constant, size of memory buffer for this proof of work function
+	char candidate[ZT_PROTO_MAX_PACKET_LENGTH + 256];
+	unsigned char shabuf[ZT_SHA512_DIGEST_LEN];
+	const uint64_t s20iv = 0; // zero IV for Salsa20
+	Salsa20 s20;
+	unsigned int d;
+	unsigned char *p;
+
+	if (difficulty > 512)
+		difficulty = 512; // sanity check
+
+	memcpy(candidate,proposedResult,16);
+	memcpy(candidate + 16,challenge,challengeLength);
+
+	SHA512::hash(shabuf,candidate,16 + challengeLength);
+	s20.init(shabuf,256,&s20iv);
+	memset(salsabuf,0,sizeof(salsabuf));
+	s20.encrypt12(salsabuf,salsabuf,sizeof(salsabuf));
+	SHA512::hash(shabuf,salsabuf,sizeof(salsabuf));
+
+	d = difficulty;
+	p = shabuf;
+	while (d >= 8) {
+		if (*(p++))
+			return false;
+		d -= 8;
+	}
+	if (d > 0) {
+		if ( ((((unsigned int)*p) << d) & 0xff00) != 0 )
+			return false;
+	}
+
+	return true;
+}
+
+void IncomingPacket::_sendErrorNeedCertificate(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer,uint64_t nwid)
+{
+	Packet outp(source(),RR->identity.address(),Packet::VERB_ERROR);
+	outp.append((unsigned char)verb());
+	outp.append(packetId());
+	outp.append((unsigned char)Packet::ERROR_NEED_MEMBERSHIP_CERTIFICATE);
+	outp.append(nwid);
+	outp.armor(peer->key(),true);
+	RR->node->putPacket(_localAddress,_remoteAddress,outp.data(),outp.size());
+}
+
+} // namespace ZeroTier
diff --git a/node/IncomingPacket.hpp b/node/IncomingPacket.hpp
new file mode 100644
index 0000000..cd0b7dc
--- /dev/null
+++ b/node/IncomingPacket.hpp
@@ -0,0 +1,195 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_INCOMINGPACKET_HPP
+#define ZT_INCOMINGPACKET_HPP
+
+#include <stdexcept>
+
+#include "Packet.hpp"
+#include "InetAddress.hpp"
+#include "Utils.hpp"
+#include "MulticastGroup.hpp"
+#include "Peer.hpp"
+
+/*
+ * The big picture:
+ *
+ * tryDecode gets called for a given fully-assembled packet until it returns
+ * true or the packet's time to live has been exceeded, in which case it is
+ * discarded as failed decode. Any exception thrown by tryDecode also causes
+ * the packet to be discarded.
+ *
+ * Thus a return of false from tryDecode() indicates that it should be called
+ * again. Logic is very simple as to when, and it's in doAnythingWaitingForPeer
+ * in Switch. This might be expanded to be more fine grained in the future.
+ *
+ * A return value of true indicates that the packet is done. tryDecode must
+ * never be called again after that.
+ */
+
+namespace ZeroTier {
+
+class RuntimeEnvironment;
+class Network;
+
+/**
+ * Subclass of packet that handles the decoding of it
+ */
+class IncomingPacket : public Packet
+{
+public:
+	IncomingPacket() :
+		Packet(),
+		_receiveTime(0),
+		_localAddress(),
+		_remoteAddress()
+	{
+	}
+
+	IncomingPacket(const IncomingPacket &p)
+	{
+		// All fields including InetAddress are memcpy'able
+		memcpy(this,&p,sizeof(IncomingPacket));
+	}
+
+	/**
+	 * Create a new packet-in-decode
+	 *
+	 * @param data Packet data
+	 * @param len Packet length
+	 * @param localAddress Local interface address
+	 * @param remoteAddress Address from which packet came
+	 * @param now Current time
+	 * @throws std::out_of_range Range error processing packet
+	 */
+	IncomingPacket(const void *data,unsigned int len,const InetAddress &localAddress,const InetAddress &remoteAddress,uint64_t now) :
+		Packet(data,len),
+		_receiveTime(now),
+		_localAddress(localAddress),
+		_remoteAddress(remoteAddress)
+	{
+	}
+
+	inline IncomingPacket &operator=(const IncomingPacket &p)
+	{
+		// All fields including InetAddress are memcpy'able
+		memcpy(this,&p,sizeof(IncomingPacket));
+		return *this;
+	}
+
+	/**
+	 * Init packet-in-decode in place
+	 *
+	 * @param data Packet data
+	 * @param len Packet length
+	 * @param localAddress Local interface address
+	 * @param remoteAddress Address from which packet came
+	 * @param now Current time
+	 * @throws std::out_of_range Range error processing packet
+	 */
+	inline void init(const void *data,unsigned int len,const InetAddress &localAddress,const InetAddress &remoteAddress,uint64_t now)
+	{
+		copyFrom(data,len);
+		_receiveTime = now;
+		_localAddress = localAddress;
+		_remoteAddress = remoteAddress;
+	}
+
+	/**
+	 * Attempt to decode this packet
+	 *
+	 * Note that this returns 'true' if processing is complete. This says nothing
+	 * about whether the packet was valid. A rejection is 'complete.'
+	 *
+	 * Once true is returned, this must not be called again. The packet's state
+	 * may no longer be valid. The only exception is deferred decoding. In this
+	 * case true is returned to indicate to the normal decode path that it is
+	 * finished with the packet. The packet will have added itself to the
+	 * deferred queue and will expect tryDecode() to be called one more time
+	 * with deferred set to true.
+	 *
+	 * Deferred decoding is performed by DeferredPackets.cpp and should not be
+	 * done elsewhere. Under deferred decoding packets only get one shot and
+	 * so the return value of tryDecode() is ignored.
+	 *
+	 * @param RR Runtime environment
+	 * @param deferred If true, this is a deferred decode and the return is ignored
+	 * @return True if decoding and processing is complete, false if caller should try again
+	 */
+	bool tryDecode(const RuntimeEnvironment *RR,bool deferred);
+
+	/**
+	 * @return Time of packet receipt / start of decode
+	 */
+	inline uint64_t receiveTime() const throw() { return _receiveTime; }
+
+	/**
+	 * Compute the Salsa20/12+SHA512 proof of work function
+	 *
+	 * @param difficulty Difficulty in bits (max: 64)
+	 * @param challenge Challenge string
+	 * @param challengeLength Length of challenge in bytes (max allowed: ZT_PROTO_MAX_PACKET_LENGTH)
+	 * @param result Buffer to fill with 16-byte result
+	 */
+	static void computeSalsa2012Sha512ProofOfWork(unsigned int difficulty,const void *challenge,unsigned int challengeLength,unsigned char result[16]);
+
+	/**
+	 * Verify the result of Salsa20/12+SHA512 proof of work
+	 *
+	 * @param difficulty Difficulty in bits (max: 64)
+	 * @param challenge Challenge bytes
+	 * @param challengeLength Length of challenge in bytes (max allowed: ZT_PROTO_MAX_PACKET_LENGTH)
+	 * @param proposedResult Result supplied by client
+	 * @return True if result is valid
+	 */
+	static bool testSalsa2012Sha512ProofOfWorkResult(unsigned int difficulty,const void *challenge,unsigned int challengeLength,const unsigned char proposedResult[16]);
+
+private:
+	// These are called internally to handle packet contents once it has
+	// been authenticated, decrypted, decompressed, and classified.
+	bool _doERROR(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer);
+	bool _doHELLO(const RuntimeEnvironment *RR,SharedPtr<Peer> &peer); // can be called with NULL peer, while all others cannot
+	bool _doOK(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer);
+	bool _doWHOIS(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer);
+	bool _doRENDEZVOUS(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer);
+	bool _doFRAME(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer);
+	bool _doEXT_FRAME(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer);
+	bool _doECHO(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer);
+	bool _doMULTICAST_LIKE(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer);
+	bool _doNETWORK_MEMBERSHIP_CERTIFICATE(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer);
+	bool _doNETWORK_CONFIG_REQUEST(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer);
+	bool _doNETWORK_CONFIG_REFRESH(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer);
+	bool _doMULTICAST_GATHER(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer);
+	bool _doMULTICAST_FRAME(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer);
+	bool _doPUSH_DIRECT_PATHS(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer);
+	bool _doCIRCUIT_TEST(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer);
+	bool _doCIRCUIT_TEST_REPORT(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer);
+	bool _doREQUEST_PROOF_OF_WORK(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer);
+
+	// Send an ERROR_NEED_MEMBERSHIP_CERTIFICATE to a peer indicating that an updated cert is needed to communicate
+	void _sendErrorNeedCertificate(const RuntimeEnvironment *RR,const SharedPtr<Peer> &peer,uint64_t nwid);
+
+	uint64_t _receiveTime;
+	InetAddress _localAddress;
+	InetAddress _remoteAddress;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/InetAddress.cpp b/node/InetAddress.cpp
new file mode 100644
index 0000000..3f6b9be
--- /dev/null
+++ b/node/InetAddress.cpp
@@ -0,0 +1,467 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <string>
+
+#include "Constants.hpp"
+#include "InetAddress.hpp"
+#include "Utils.hpp"
+
+namespace ZeroTier {
+
+const InetAddress InetAddress::LO4((const void *)("\x7f\x00\x00\x01"),4,0);
+const InetAddress InetAddress::LO6((const void *)("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01"),16,0);
+
+InetAddress::IpScope InetAddress::ipScope() const
+	throw()
+{
+	switch(ss_family) {
+
+		case AF_INET: {
+			const uint32_t ip = Utils::ntoh((uint32_t)reinterpret_cast<const struct sockaddr_in *>(this)->sin_addr.s_addr);
+			switch(ip >> 24) {
+				case 0x00: return IP_SCOPE_NONE;                                      // 0.0.0.0/8 (reserved, never used)
+				case 0x06: return IP_SCOPE_PSEUDOPRIVATE;                             // 6.0.0.0/8 (US Army)
+				case 0x0a: return IP_SCOPE_PRIVATE;                                   // 10.0.0.0/8
+				case 0x0b: return IP_SCOPE_PSEUDOPRIVATE;                             // 11.0.0.0/8 (US DoD)
+				case 0x15: return IP_SCOPE_PSEUDOPRIVATE;                             // 21.0.0.0/8 (US DDN-RVN)
+				case 0x16: return IP_SCOPE_PSEUDOPRIVATE;                             // 22.0.0.0/8 (US DISA)
+				case 0x19: return IP_SCOPE_PSEUDOPRIVATE;                             // 25.0.0.0/8 (UK Ministry of Defense)
+				case 0x1a: return IP_SCOPE_PSEUDOPRIVATE;                             // 26.0.0.0/8 (US DISA)
+				case 0x1c: return IP_SCOPE_PSEUDOPRIVATE;                             // 28.0.0.0/8 (US DSI-North)
+				case 0x1d: return IP_SCOPE_PSEUDOPRIVATE;                             // 29.0.0.0/8 (US DISA)
+				case 0x1e: return IP_SCOPE_PSEUDOPRIVATE;                             // 30.0.0.0/8 (US DISA)
+				case 0x2c: return IP_SCOPE_PSEUDOPRIVATE;                             // 44.0.0.0/8 (Amateur Radio)
+				case 0x33: return IP_SCOPE_PSEUDOPRIVATE;                             // 51.0.0.0/8 (UK Department of Social Security)
+				case 0x37: return IP_SCOPE_PSEUDOPRIVATE;                             // 55.0.0.0/8 (US DoD)
+				case 0x38: return IP_SCOPE_PSEUDOPRIVATE;                             // 56.0.0.0/8 (US Postal Service)
+				case 0x64:
+					if ((ip & 0xffc00000) == 0x64400000) return IP_SCOPE_SHARED;        // 100.64.0.0/10
+					break;
+				case 0x7f: return IP_SCOPE_LOOPBACK;                                  // 127.0.0.0/8
+				case 0xa9:
+					if ((ip & 0xffff0000) == 0xa9fe0000) return IP_SCOPE_LINK_LOCAL;    // 169.254.0.0/16
+					break;
+				case 0xac:
+					if ((ip & 0xfff00000) == 0xac100000) return IP_SCOPE_PRIVATE;       // 172.16.0.0/12
+					break;
+				case 0xc0:
+					if ((ip & 0xffff0000) == 0xc0a80000) return IP_SCOPE_PRIVATE;				// 192.168.0.0/16
+					break;
+				case 0xff: return IP_SCOPE_NONE;                                      // 255.0.0.0/8 (broadcast, or unused/unusable)
+			}
+			switch(ip >> 28) {
+				case 0xe: return IP_SCOPE_MULTICAST;                              // 224.0.0.0/4
+				case 0xf: return IP_SCOPE_PSEUDOPRIVATE;                          // 240.0.0.0/4 ("reserved," usually unusable)
+			}
+			return IP_SCOPE_GLOBAL;
+		}	break;
+
+		case AF_INET6: {
+			const unsigned char *ip = reinterpret_cast<const unsigned char *>(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr);
+			if ((ip[0] & 0xf0) == 0xf0) {
+				if (ip[0] == 0xff) return IP_SCOPE_MULTICAST;                              // ff00::/8
+				if ((ip[0] == 0xfe)&&((ip[1] & 0xc0) == 0x80)) {
+					unsigned int k = 2;
+					while ((!ip[k])&&(k < 15)) ++k;
+					if ((k == 15)&&(ip[15] == 0x01))
+						return IP_SCOPE_LOOPBACK;                                              // fe80::1/128
+					else return IP_SCOPE_LINK_LOCAL;                                         // fe80::/10
+				}
+				if ((ip[0] & 0xfe) == 0xfc) return IP_SCOPE_PRIVATE;                       // fc00::/7
+			}
+			unsigned int k = 0;
+			while ((!ip[k])&&(k < 15)) ++k;
+			if (k == 15) { // all 0's except last byte
+				if (ip[15] == 0x01) return IP_SCOPE_LOOPBACK;                              // ::1/128
+				if (ip[15] == 0x00) return IP_SCOPE_NONE;                                  // ::/128
+			}
+			return IP_SCOPE_GLOBAL;
+		}	break;
+
+	}
+
+	return IP_SCOPE_NONE;
+}
+
+void InetAddress::set(const std::string &ip,unsigned int port)
+	throw()
+{
+	memset(this,0,sizeof(InetAddress));
+	if (ip.find(':') != std::string::npos) {
+		struct sockaddr_in6 *sin6 = reinterpret_cast<struct sockaddr_in6 *>(this);
+		ss_family = AF_INET6;
+		sin6->sin6_port = Utils::hton((uint16_t)port);
+		if (inet_pton(AF_INET6,ip.c_str(),(void *)&(sin6->sin6_addr.s6_addr)) <= 0)
+			memset(this,0,sizeof(InetAddress));
+	} else {
+		struct sockaddr_in *sin = reinterpret_cast<struct sockaddr_in *>(this);
+		ss_family = AF_INET;
+		sin->sin_port = Utils::hton((uint16_t)port);
+		if (inet_pton(AF_INET,ip.c_str(),(void *)&(sin->sin_addr.s_addr)) <= 0)
+			memset(this,0,sizeof(InetAddress));
+	}
+}
+
+void InetAddress::set(const void *ipBytes,unsigned int ipLen,unsigned int port)
+	throw()
+{
+	memset(this,0,sizeof(InetAddress));
+	if (ipLen == 4) {
+		uint32_t ipb[1];
+		memcpy(ipb,ipBytes,4);
+		ss_family = AF_INET;
+		reinterpret_cast<struct sockaddr_in *>(this)->sin_addr.s_addr = ipb[0];
+		reinterpret_cast<struct sockaddr_in *>(this)->sin_port = Utils::hton((uint16_t)port);
+	} else if (ipLen == 16) {
+		ss_family = AF_INET6;
+		memcpy(reinterpret_cast<struct sockaddr_in6 *>(this)->sin6_addr.s6_addr,ipBytes,16);
+		reinterpret_cast<struct sockaddr_in6 *>(this)->sin6_port = Utils::hton((uint16_t)port);
+	}
+}
+
+std::string InetAddress::toString() const
+{
+	char buf[128];
+	switch(ss_family) {
+		case AF_INET:
+			Utils::snprintf(buf,sizeof(buf),"%d.%d.%d.%d/%d",
+					(int)(reinterpret_cast<const unsigned char *>(&(reinterpret_cast<const struct sockaddr_in *>(this)->sin_addr.s_addr)))[0],
+					(int)(reinterpret_cast<const unsigned char *>(&(reinterpret_cast<const struct sockaddr_in *>(this)->sin_addr.s_addr)))[1],
+					(int)(reinterpret_cast<const unsigned char *>(&(reinterpret_cast<const struct sockaddr_in *>(this)->sin_addr.s_addr)))[2],
+					(int)(reinterpret_cast<const unsigned char *>(&(reinterpret_cast<const struct sockaddr_in *>(this)->sin_addr.s_addr)))[3],
+					(int)Utils::ntoh((uint16_t)(reinterpret_cast<const struct sockaddr_in *>(this)->sin_port))
+				);
+			return std::string(buf);
+		case AF_INET6:
+			Utils::snprintf(buf,sizeof(buf),"%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x/%d",
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[0]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[1]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[2]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[3]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[4]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[5]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[6]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[7]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[8]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[9]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[10]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[11]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[12]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[13]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[14]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[15]),
+					(int)Utils::ntoh((uint16_t)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_port))
+				);
+			return std::string(buf);
+	}
+	return std::string();
+}
+
+std::string InetAddress::toIpString() const
+{
+	char buf[128];
+	switch(ss_family) {
+		case AF_INET:
+			Utils::snprintf(buf,sizeof(buf),"%d.%d.%d.%d",
+					(int)(reinterpret_cast<const unsigned char *>(&(reinterpret_cast<const struct sockaddr_in *>(this)->sin_addr.s_addr)))[0],
+					(int)(reinterpret_cast<const unsigned char *>(&(reinterpret_cast<const struct sockaddr_in *>(this)->sin_addr.s_addr)))[1],
+					(int)(reinterpret_cast<const unsigned char *>(&(reinterpret_cast<const struct sockaddr_in *>(this)->sin_addr.s_addr)))[2],
+					(int)(reinterpret_cast<const unsigned char *>(&(reinterpret_cast<const struct sockaddr_in *>(this)->sin_addr.s_addr)))[3]
+				);
+			return std::string(buf);
+		case AF_INET6:
+			Utils::snprintf(buf,sizeof(buf),"%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x",
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[0]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[1]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[2]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[3]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[4]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[5]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[6]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[7]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[8]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[9]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[10]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[11]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[12]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[13]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[14]),
+					(int)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr[15])
+				);
+			return std::string(buf);
+	}
+	return std::string();
+}
+
+void InetAddress::fromString(const std::string &ipSlashPort)
+{
+	const std::size_t slashAt = ipSlashPort.find('/');
+	if (slashAt == std::string::npos) {
+		set(ipSlashPort,0);
+	} else {
+		long p = strtol(ipSlashPort.substr(slashAt+1).c_str(),(char **)0,10);
+		if ((p > 0)&&(p <= 0xffff))
+			set(ipSlashPort.substr(0,slashAt),(unsigned int)p);
+		else set(ipSlashPort.substr(0,slashAt),0);
+	}
+}
+
+InetAddress InetAddress::netmask() const
+{
+	InetAddress r(*this);
+	switch(r.ss_family) {
+		case AF_INET:
+			reinterpret_cast<struct sockaddr_in *>(&r)->sin_addr.s_addr = Utils::hton((uint32_t)(0xffffffff << (32 - netmaskBits())));
+			break;
+		case AF_INET6: {
+			uint64_t nm[2];
+			const unsigned int bits = netmaskBits();
+			nm[0] = Utils::hton((uint64_t)((bits >= 64) ? 0xffffffffffffffffULL : (0xffffffffffffffffULL << (64 - bits))));
+			nm[1] = Utils::hton((uint64_t)((bits <= 64) ? 0ULL : (0xffffffffffffffffULL << (128 - bits))));
+			memcpy(reinterpret_cast<struct sockaddr_in6 *>(&r)->sin6_addr.s6_addr,nm,16);
+		}	break;
+	}
+	return r;
+}
+
+InetAddress InetAddress::broadcast() const
+{
+	if (ss_family == AF_INET) {
+		InetAddress r(*this);
+		reinterpret_cast<struct sockaddr_in *>(&r)->sin_addr.s_addr |= Utils::hton((uint32_t)(0xffffffff >> netmaskBits()));
+		return r;
+	}
+	return InetAddress();
+}
+
+InetAddress InetAddress::network() const
+{
+	InetAddress r(*this);
+	switch(r.ss_family) {
+		case AF_INET:
+			reinterpret_cast<struct sockaddr_in *>(&r)->sin_addr.s_addr &= Utils::hton((uint32_t)(0xffffffff << (32 - netmaskBits())));
+			break;
+		case AF_INET6: {
+			uint64_t nm[2];
+			const unsigned int bits = netmaskBits();
+			memcpy(nm,reinterpret_cast<struct sockaddr_in6 *>(&r)->sin6_addr.s6_addr,16);
+			nm[0] &= Utils::hton((uint64_t)((bits >= 64) ? 0xffffffffffffffffULL : (0xffffffffffffffffULL << (64 - bits))));
+			nm[1] &= Utils::hton((uint64_t)((bits <= 64) ? 0ULL : (0xffffffffffffffffULL << (128 - bits))));
+			memcpy(reinterpret_cast<struct sockaddr_in6 *>(&r)->sin6_addr.s6_addr,nm,16);
+		}	break;
+	}
+	return r;
+}
+
+bool InetAddress::containsAddress(const InetAddress &addr) const
+{
+	if (addr.ss_family == ss_family) {
+		switch(ss_family) {
+			case AF_INET: {
+				const unsigned int bits = netmaskBits();
+				if (bits == 0)
+					return true;
+				return ( (Utils::ntoh((uint32_t)reinterpret_cast<const struct sockaddr_in *>(&addr)->sin_addr.s_addr) >> (32 - bits)) == (Utils::ntoh((uint32_t)reinterpret_cast<const struct sockaddr_in *>(this)->sin_addr.s_addr) >> (32 - bits)) );
+			}
+			case AF_INET6: {
+				const InetAddress mask(netmask());
+				const uint8_t *m = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(&mask)->sin6_addr.s6_addr);
+				const uint8_t *a = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(&addr)->sin6_addr.s6_addr);
+				const uint8_t *b = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr);
+				for(unsigned int i=0;i<16;++i) {
+					if ((a[i] & m[i]) != b[i])
+						return false;
+				}
+				return true;
+			}
+		}
+	}
+	return false;
+}
+
+bool InetAddress::isNetwork() const
+	throw()
+{
+	switch(ss_family) {
+		case AF_INET: {
+			unsigned int bits = netmaskBits();
+			if (bits <= 0)
+				return false;
+			if (bits >= 32)
+				return false;
+			uint32_t ip = Utils::ntoh((uint32_t)reinterpret_cast<const struct sockaddr_in *>(this)->sin_addr.s_addr);
+			return ((ip & (0xffffffff >> bits)) == 0);
+		}
+		case AF_INET6: {
+			unsigned int bits = netmaskBits();
+			if (bits <= 0)
+				return false;
+			if (bits >= 128)
+				return false;
+			const unsigned char *ip = reinterpret_cast<const unsigned char *>(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr);
+			unsigned int p = bits / 8;
+			if ((ip[p++] & (0xff >> (bits % 8))) != 0)
+				return false;
+			while (p < 16) {
+				if (ip[p++])
+					return false;
+			}
+			return true;
+		}
+	}
+	return false;
+}
+
+bool InetAddress::operator==(const InetAddress &a) const
+	throw()
+{
+	if (ss_family == a.ss_family) {
+		switch(ss_family) {
+			case AF_INET:
+				return (
+					(reinterpret_cast<const struct sockaddr_in *>(this)->sin_port == reinterpret_cast<const struct sockaddr_in *>(&a)->sin_port)&&
+					(reinterpret_cast<const struct sockaddr_in *>(this)->sin_addr.s_addr == reinterpret_cast<const struct sockaddr_in *>(&a)->sin_addr.s_addr));
+				break;
+			case AF_INET6:
+				return (
+					(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_port == reinterpret_cast<const struct sockaddr_in6 *>(&a)->sin6_port)&&
+					(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_flowinfo == reinterpret_cast<const struct sockaddr_in6 *>(&a)->sin6_flowinfo)&&
+					(memcmp(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr,reinterpret_cast<const struct sockaddr_in6 *>(&a)->sin6_addr.s6_addr,16) == 0)&&
+					(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_scope_id == reinterpret_cast<const struct sockaddr_in6 *>(&a)->sin6_scope_id));
+				break;
+			default:
+				return (memcmp(this,&a,sizeof(InetAddress)) == 0);
+		}
+	}
+	return false;
+}
+
+bool InetAddress::operator<(const InetAddress &a) const
+	throw()
+{
+	if (ss_family < a.ss_family)
+		return true;
+	else if (ss_family == a.ss_family) {
+		switch(ss_family) {
+			case AF_INET:
+				if (reinterpret_cast<const struct sockaddr_in *>(this)->sin_port < reinterpret_cast<const struct sockaddr_in *>(&a)->sin_port)
+					return true;
+				else if (reinterpret_cast<const struct sockaddr_in *>(this)->sin_port == reinterpret_cast<const struct sockaddr_in *>(&a)->sin_port) {
+					if (reinterpret_cast<const struct sockaddr_in *>(this)->sin_addr.s_addr < reinterpret_cast<const struct sockaddr_in *>(&a)->sin_addr.s_addr)
+						return true;
+				}
+				break;
+			case AF_INET6:
+				if (reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_port < reinterpret_cast<const struct sockaddr_in6 *>(&a)->sin6_port)
+					return true;
+				else if (reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_port == reinterpret_cast<const struct sockaddr_in6 *>(&a)->sin6_port) {
+					if (reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_flowinfo < reinterpret_cast<const struct sockaddr_in6 *>(&a)->sin6_flowinfo)
+						return true;
+					else if (reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_flowinfo == reinterpret_cast<const struct sockaddr_in6 *>(&a)->sin6_flowinfo) {
+						if (memcmp(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr,reinterpret_cast<const struct sockaddr_in6 *>(&a)->sin6_addr.s6_addr,16) < 0)
+							return true;
+						else if (memcmp(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr,reinterpret_cast<const struct sockaddr_in6 *>(&a)->sin6_addr.s6_addr,16) == 0) {
+							if (reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_scope_id < reinterpret_cast<const struct sockaddr_in6 *>(&a)->sin6_scope_id)
+								return true;
+						}
+					}
+				}
+				break;
+			default:
+				return (memcmp(this,&a,sizeof(InetAddress)) < 0);
+		}
+	}
+	return false;
+}
+
+InetAddress InetAddress::makeIpv6LinkLocal(const MAC &mac)
+{
+	struct sockaddr_in6 sin6;
+	sin6.sin6_family = AF_INET6;
+	sin6.sin6_addr.s6_addr[0] = 0xfe;
+	sin6.sin6_addr.s6_addr[1] = 0x80;
+	sin6.sin6_addr.s6_addr[2] = 0x00;
+	sin6.sin6_addr.s6_addr[3] = 0x00;
+	sin6.sin6_addr.s6_addr[4] = 0x00;
+	sin6.sin6_addr.s6_addr[5] = 0x00;
+	sin6.sin6_addr.s6_addr[6] = 0x00;
+	sin6.sin6_addr.s6_addr[7] = 0x00;
+	sin6.sin6_addr.s6_addr[8] = mac[0] & 0xfd;
+	sin6.sin6_addr.s6_addr[9] = mac[1];
+	sin6.sin6_addr.s6_addr[10] = mac[2];
+	sin6.sin6_addr.s6_addr[11] = 0xff;
+	sin6.sin6_addr.s6_addr[12] = 0xfe;
+	sin6.sin6_addr.s6_addr[13] = mac[3];
+	sin6.sin6_addr.s6_addr[14] = mac[4];
+	sin6.sin6_addr.s6_addr[15] = mac[5];
+	sin6.sin6_port = Utils::hton((uint16_t)64);
+	return InetAddress(sin6);
+}
+
+InetAddress InetAddress::makeIpv6rfc4193(uint64_t nwid,uint64_t zeroTierAddress)
+{
+	InetAddress r;
+	struct sockaddr_in6 *const sin6 = reinterpret_cast<struct sockaddr_in6 *>(&r);
+	sin6->sin6_family = AF_INET6;
+	sin6->sin6_addr.s6_addr[0] = 0xfd;
+	sin6->sin6_addr.s6_addr[1] = (uint8_t)(nwid >> 56);
+	sin6->sin6_addr.s6_addr[2] = (uint8_t)(nwid >> 48);
+	sin6->sin6_addr.s6_addr[3] = (uint8_t)(nwid >> 40);
+	sin6->sin6_addr.s6_addr[4] = (uint8_t)(nwid >> 32);
+	sin6->sin6_addr.s6_addr[5] = (uint8_t)(nwid >> 24);
+	sin6->sin6_addr.s6_addr[6] = (uint8_t)(nwid >> 16);
+	sin6->sin6_addr.s6_addr[7] = (uint8_t)(nwid >> 8);
+	sin6->sin6_addr.s6_addr[8] = (uint8_t)nwid;
+	sin6->sin6_addr.s6_addr[9] = 0x99;
+	sin6->sin6_addr.s6_addr[10] = 0x93;
+	sin6->sin6_addr.s6_addr[11] = (uint8_t)(zeroTierAddress >> 32);
+	sin6->sin6_addr.s6_addr[12] = (uint8_t)(zeroTierAddress >> 24);
+	sin6->sin6_addr.s6_addr[13] = (uint8_t)(zeroTierAddress >> 16);
+	sin6->sin6_addr.s6_addr[14] = (uint8_t)(zeroTierAddress >> 8);
+	sin6->sin6_addr.s6_addr[15] = (uint8_t)zeroTierAddress;
+	sin6->sin6_port = Utils::hton((uint16_t)88); // /88 includes 0xfd + network ID, discriminating by device ID below that
+	return r;
+}
+
+InetAddress InetAddress::makeIpv66plane(uint64_t nwid,uint64_t zeroTierAddress)
+{
+	nwid ^= (nwid >> 32);
+	InetAddress r;
+	struct sockaddr_in6 *const sin6 = reinterpret_cast<struct sockaddr_in6 *>(&r);
+	sin6->sin6_family = AF_INET6;
+	sin6->sin6_addr.s6_addr[0] = 0xfc;
+	sin6->sin6_addr.s6_addr[1] = (uint8_t)(nwid >> 24);
+	sin6->sin6_addr.s6_addr[2] = (uint8_t)(nwid >> 16);
+	sin6->sin6_addr.s6_addr[3] = (uint8_t)(nwid >> 8);
+	sin6->sin6_addr.s6_addr[4] = (uint8_t)nwid;
+	sin6->sin6_addr.s6_addr[5] = (uint8_t)(zeroTierAddress >> 32);
+	sin6->sin6_addr.s6_addr[6] = (uint8_t)(zeroTierAddress >> 24);
+	sin6->sin6_addr.s6_addr[7] = (uint8_t)(zeroTierAddress >> 16);
+	sin6->sin6_addr.s6_addr[8] = (uint8_t)(zeroTierAddress >> 8);
+	sin6->sin6_addr.s6_addr[9] = (uint8_t)zeroTierAddress;
+	sin6->sin6_addr.s6_addr[15] = 0x01;
+	sin6->sin6_port = Utils::hton((uint16_t)40);
+	return r;
+}
+
+} // namespace ZeroTier
diff --git a/node/InetAddress.hpp b/node/InetAddress.hpp
new file mode 100644
index 0000000..e03deb7
--- /dev/null
+++ b/node/InetAddress.hpp
@@ -0,0 +1,527 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_INETADDRESS_HPP
+#define ZT_INETADDRESS_HPP
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <string>
+
+#include "Constants.hpp"
+#include "../include/ZeroTierOne.h"
+#include "Utils.hpp"
+#include "MAC.hpp"
+#include "Buffer.hpp"
+
+namespace ZeroTier {
+
+/**
+ * Maximum integer value of enum IpScope
+ */
+#define ZT_INETADDRESS_MAX_SCOPE 7
+
+/**
+ * Extends sockaddr_storage with friendly C++ methods
+ *
+ * This is basically a "mixin" for sockaddr_storage. It adds methods and
+ * operators, but does not modify the structure. This can be cast to/from
+ * sockaddr_storage and used interchangeably. DO NOT change this by e.g.
+ * adding non-static fields, since much code depends on this identity.
+ */
+struct InetAddress : public sockaddr_storage
+{
+	/**
+	 * Loopback IPv4 address (no port)
+	 */
+	static const InetAddress LO4;
+
+	/**
+	 * Loopback IPV6 address (no port)
+	 */
+	static const InetAddress LO6;
+
+	/**
+	 * IP address scope
+	 *
+	 * Note that these values are in ascending order of path preference and
+	 * MUST remain that way or Path must be changed to reflect. Also be sure
+	 * to change ZT_INETADDRESS_MAX_SCOPE if the max changes.
+	 */
+	enum IpScope
+	{
+		IP_SCOPE_NONE = 0,          // NULL or not an IP address
+		IP_SCOPE_MULTICAST = 1,     // 224.0.0.0 and other V4/V6 multicast IPs
+		IP_SCOPE_LOOPBACK = 2,      // 127.0.0.1, ::1, etc.
+		IP_SCOPE_PSEUDOPRIVATE = 3, // 28.x.x.x, etc. -- unofficially unrouted IPv4 blocks often "bogarted"
+		IP_SCOPE_GLOBAL = 4,        // globally routable IP address (all others)
+		IP_SCOPE_LINK_LOCAL = 5,    // 169.254.x.x, IPv6 LL
+		IP_SCOPE_SHARED = 6,        // 100.64.0.0/10, shared space for e.g. carrier-grade NAT
+		IP_SCOPE_PRIVATE = 7        // 10.x.x.x, 192.168.x.x, etc.
+	};
+
+	InetAddress() throw() { memset(this,0,sizeof(InetAddress)); }
+	InetAddress(const InetAddress &a) throw() { memcpy(this,&a,sizeof(InetAddress)); }
+	InetAddress(const InetAddress *a) throw() { memcpy(this,a,sizeof(InetAddress)); }
+	InetAddress(const struct sockaddr_storage &ss) throw() { *this = ss; }
+	InetAddress(const struct sockaddr_storage *ss) throw() { *this = ss; }
+	InetAddress(const struct sockaddr &sa) throw() { *this = sa; }
+	InetAddress(const struct sockaddr *sa) throw() { *this = sa; }
+	InetAddress(const struct sockaddr_in &sa) throw() { *this = sa; }
+	InetAddress(const struct sockaddr_in *sa) throw() { *this = sa; }
+	InetAddress(const struct sockaddr_in6 &sa) throw() { *this = sa; }
+	InetAddress(const struct sockaddr_in6 *sa) throw() { *this = sa; }
+	InetAddress(const void *ipBytes,unsigned int ipLen,unsigned int port) throw() { this->set(ipBytes,ipLen,port); }
+	InetAddress(const uint32_t ipv4,unsigned int port) throw() { this->set(&ipv4,4,port); }
+	InetAddress(const std::string &ip,unsigned int port) throw() { this->set(ip,port); }
+	InetAddress(const std::string &ipSlashPort) throw() { this->fromString(ipSlashPort); }
+	InetAddress(const char *ipSlashPort) throw() { this->fromString(std::string(ipSlashPort)); }
+
+	inline InetAddress &operator=(const InetAddress &a)
+		throw()
+	{
+		if (&a != this)
+			memcpy(this,&a,sizeof(InetAddress));
+		return *this;
+	}
+
+	inline InetAddress &operator=(const InetAddress *a)
+		throw()
+	{
+		if (a != this)
+			memcpy(this,a,sizeof(InetAddress));
+		return *this;
+	}
+
+	inline InetAddress &operator=(const struct sockaddr_storage &ss)
+		throw()
+	{
+		if (reinterpret_cast<const InetAddress *>(&ss) != this)
+			memcpy(this,&ss,sizeof(InetAddress));
+		return *this;
+	}
+
+	inline InetAddress &operator=(const struct sockaddr_storage *ss)
+		throw()
+	{
+		if (reinterpret_cast<const InetAddress *>(ss) != this)
+			memcpy(this,ss,sizeof(InetAddress));
+		return *this;
+	}
+
+	inline InetAddress &operator=(const struct sockaddr_in &sa)
+		throw()
+	{
+		if (reinterpret_cast<const InetAddress *>(&sa) != this) {
+			memset(this,0,sizeof(InetAddress));
+			memcpy(this,&sa,sizeof(struct sockaddr_in));
+		}
+		return *this;
+	}
+
+	inline InetAddress &operator=(const struct sockaddr_in *sa)
+		throw()
+	{
+		if (reinterpret_cast<const InetAddress *>(sa) != this) {
+			memset(this,0,sizeof(InetAddress));
+			memcpy(this,sa,sizeof(struct sockaddr_in));
+		}
+		return *this;
+	}
+
+	inline InetAddress &operator=(const struct sockaddr_in6 &sa)
+		throw()
+	{
+		if (reinterpret_cast<const InetAddress *>(&sa) != this) {
+			memset(this,0,sizeof(InetAddress));
+			memcpy(this,&sa,sizeof(struct sockaddr_in6));
+		}
+		return *this;
+	}
+
+	inline InetAddress &operator=(const struct sockaddr_in6 *sa)
+		throw()
+	{
+		if (reinterpret_cast<const InetAddress *>(sa) != this) {
+			memset(this,0,sizeof(InetAddress));
+			memcpy(this,sa,sizeof(struct sockaddr_in6));
+		}
+		return *this;
+	}
+
+	inline InetAddress &operator=(const struct sockaddr &sa)
+		throw()
+	{
+		if (reinterpret_cast<const InetAddress *>(&sa) != this) {
+			memset(this,0,sizeof(InetAddress));
+			switch(sa.sa_family) {
+				case AF_INET:
+					memcpy(this,&sa,sizeof(struct sockaddr_in));
+					break;
+				case AF_INET6:
+					memcpy(this,&sa,sizeof(struct sockaddr_in6));
+					break;
+			}
+		}
+		return *this;
+	}
+
+	inline InetAddress &operator=(const struct sockaddr *sa)
+		throw()
+	{
+		if (reinterpret_cast<const InetAddress *>(sa) != this) {
+			memset(this,0,sizeof(InetAddress));
+			switch(sa->sa_family) {
+				case AF_INET:
+					memcpy(this,sa,sizeof(struct sockaddr_in));
+					break;
+				case AF_INET6:
+					memcpy(this,sa,sizeof(struct sockaddr_in6));
+					break;
+			}
+		}
+		return *this;
+	}
+
+	/**
+	 * @return IP scope classification (e.g. loopback, link-local, private, global)
+	 */
+	IpScope ipScope() const
+		throw();
+
+	/**
+	 * Set from a string-format IP and a port
+	 *
+	 * @param ip IP address in V4 or V6 ASCII notation
+	 * @param port Port or 0 for none
+	 */
+	void set(const std::string &ip,unsigned int port)
+		throw();
+
+	/**
+	 * Set from a raw IP and port number
+	 *
+	 * @param ipBytes Bytes of IP address in network byte order
+	 * @param ipLen Length of IP address: 4 or 16
+	 * @param port Port number or 0 for none
+	 */
+	void set(const void *ipBytes,unsigned int ipLen,unsigned int port)
+		throw();
+
+	/**
+	 * Set the port component
+	 *
+	 * @param port Port, 0 to 65535
+	 */
+	inline void setPort(unsigned int port)
+	{
+		switch(ss_family) {
+			case AF_INET:
+				reinterpret_cast<struct sockaddr_in *>(this)->sin_port = Utils::hton((uint16_t)port);
+				break;
+			case AF_INET6:
+				reinterpret_cast<struct sockaddr_in6 *>(this)->sin6_port = Utils::hton((uint16_t)port);
+				break;
+		}
+	}
+
+	/**
+	 * @return True if this network/netmask route describes a default route (e.g. 0.0.0.0/0)
+	 */
+	inline bool isDefaultRoute() const
+	{
+		switch(ss_family) {
+			case AF_INET:
+				return ( (reinterpret_cast<const struct sockaddr_in *>(this)->sin_addr.s_addr == 0) && (reinterpret_cast<const struct sockaddr_in *>(this)->sin_port == 0) );
+			case AF_INET6:
+				const uint8_t *ipb = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr);
+				for(int i=0;i<16;++i) {
+					if (ipb[i])
+						return false;
+				}
+				return (reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_port == 0);
+		}
+		return false;
+	}
+
+	/**
+	 * @return ASCII IP/port format representation
+	 */
+	std::string toString() const;
+
+	/**
+	 * @return IP portion only, in ASCII string format
+	 */
+	std::string toIpString() const;
+
+	/**
+	 * @param ipSlashPort ASCII IP/port format notation
+	 */
+	void fromString(const std::string &ipSlashPort);
+
+	/**
+	 * @return Port or 0 if no port component defined
+	 */
+	inline unsigned int port() const
+		throw()
+	{
+		switch(ss_family) {
+			case AF_INET: return Utils::ntoh((uint16_t)(reinterpret_cast<const struct sockaddr_in *>(this)->sin_port));
+			case AF_INET6: return Utils::ntoh((uint16_t)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_port));
+			default: return 0;
+		}
+	}
+
+	/**
+	 * Alias for port()
+	 *
+	 * This just aliases port() to make code more readable when netmask bits
+	 * are stuffed there, as they are in Network, EthernetTap, and a few other
+	 * spots.
+	 *
+	 * @return Netmask bits
+	 */
+	inline unsigned int netmaskBits() const throw() { return port(); }
+
+	/**
+	 * Alias for port()
+	 *
+	 * This just aliases port() because for gateways we use this field to
+	 * store the gateway metric.
+	 *
+	 * @return Gateway metric
+	 */
+	inline unsigned int metric() const throw() { return port(); }
+
+	/**
+	 * Construct a full netmask as an InetAddress
+	 *
+	 * @return Netmask such as 255.255.255.0 if this address is /24 (port field will be unchanged)
+	 */
+	InetAddress netmask() const;
+
+	/**
+	 * Constructs a broadcast address from a network/netmask address
+	 *
+	 * This is only valid for IPv4 and will return a NULL InetAddress for other
+	 * address families.
+	 *
+	 * @return Broadcast address (only IP portion is meaningful)
+	 */
+	InetAddress broadcast() const;
+
+	/**
+	 * Return the network -- a.k.a. the IP ANDed with the netmask
+	 *
+	 * @return Network e.g. 10.0.1.0/24 from 10.0.1.200/24
+	 */
+	InetAddress network() const;
+
+	/**
+	 * Test whether this IP/netmask contains this address
+	 *
+	 * @param addr Address to check
+	 * @return True if this IP/netmask (route) contains this address
+	 */
+	bool containsAddress(const InetAddress &addr) const;
+
+	/**
+	 * @return True if this is an IPv4 address
+	 */
+	inline bool isV4() const throw() { return (ss_family == AF_INET); }
+
+	/**
+	 * @return True if this is an IPv6 address
+	 */
+	inline bool isV6() const throw() { return (ss_family == AF_INET6); }
+
+	/**
+	 * @return pointer to raw address bytes or NULL if not available
+	 */
+	inline const void *rawIpData() const
+		throw()
+	{
+		switch(ss_family) {
+			case AF_INET: return (const void *)&(reinterpret_cast<const struct sockaddr_in *>(this)->sin_addr.s_addr);
+			case AF_INET6: return (const void *)(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr);
+			default: return 0;
+		}
+	}
+
+	/**
+	 * Performs an IP-only comparison or, if that is impossible, a memcmp()
+	 *
+	 * @param a InetAddress to compare again
+	 * @return True if only IP portions are equal (false for non-IP or null addresses)
+	 */
+	inline bool ipsEqual(const InetAddress &a) const
+	{
+		if (ss_family == a.ss_family) {
+			if (ss_family == AF_INET)
+				return (reinterpret_cast<const struct sockaddr_in *>(this)->sin_addr.s_addr == reinterpret_cast<const struct sockaddr_in *>(&a)->sin_addr.s_addr);
+			if (ss_family == AF_INET6)
+				return (memcmp(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr,reinterpret_cast<const struct sockaddr_in6 *>(&a)->sin6_addr.s6_addr,16) == 0);
+			return (memcmp(this,&a,sizeof(InetAddress)) == 0);
+		}
+		return false;
+	}
+
+	/**
+	 * Set to null/zero
+	 */
+	inline void zero() throw() { memset(this,0,sizeof(InetAddress)); }
+
+	/**
+	 * Check whether this is a network/route rather than an IP assignment
+	 *
+	 * A network is an IP/netmask where everything after the netmask is
+	 * zero e.g. 10.0.0.0/8.
+	 *
+	 * @return True if everything after netmask bits is zero
+	 */
+	bool isNetwork() const
+		throw();
+
+	/**
+	 * @return True if address family is non-zero
+	 */
+	inline operator bool() const throw() { return (ss_family != 0); }
+
+	template<unsigned int C>
+	inline void serialize(Buffer<C> &b) const
+	{
+		// This is used in the protocol and must be the same as describe in places
+		// like VERB_HELLO in Packet.hpp.
+		switch(ss_family) {
+			case AF_INET:
+				b.append((uint8_t)0x04);
+				b.append(&(reinterpret_cast<const struct sockaddr_in *>(this)->sin_addr.s_addr),4);
+				b.append((uint16_t)port()); // just in case sin_port != uint16_t
+				return;
+			case AF_INET6:
+				b.append((uint8_t)0x06);
+				b.append(reinterpret_cast<const struct sockaddr_in6 *>(this)->sin6_addr.s6_addr,16);
+				b.append((uint16_t)port()); // just in case sin_port != uint16_t
+				return;
+			default:
+				b.append((uint8_t)0);
+				return;
+		}
+	}
+
+	template<unsigned int C>
+	inline unsigned int deserialize(const Buffer<C> &b,unsigned int startAt = 0)
+	{
+		memset(this,0,sizeof(InetAddress));
+		unsigned int p = startAt;
+		switch(b[p++]) {
+			case 0:
+				return 1;
+			case 0x01:
+				// TODO: Ethernet address (but accept for forward compatibility)
+				return 7;
+			case 0x02:
+				// TODO: Bluetooth address (but accept for forward compatibility)
+				return 7;
+			case 0x03:
+				// TODO: Other address types (but accept for forward compatibility)
+				// These could be extended/optional things like AF_UNIX, LTE Direct, shared memory, etc.
+				return (unsigned int)(b.template at<uint16_t>(p) + 3); // other addresses begin with 16-bit non-inclusive length
+			case 0x04:
+				ss_family = AF_INET;
+				memcpy(&(reinterpret_cast<struct sockaddr_in *>(this)->sin_addr.s_addr),b.field(p,4),4); p += 4;
+				reinterpret_cast<struct sockaddr_in *>(this)->sin_port = Utils::hton(b.template at<uint16_t>(p)); p += 2;
+				break;
+			case 0x06:
+				ss_family = AF_INET6;
+				memcpy(reinterpret_cast<struct sockaddr_in6 *>(this)->sin6_addr.s6_addr,b.field(p,16),16); p += 16;
+				reinterpret_cast<struct sockaddr_in *>(this)->sin_port = Utils::hton(b.template at<uint16_t>(p)); p += 2;
+				break;
+			default:
+				throw std::invalid_argument("invalid serialized InetAddress");
+		}
+		return (p - startAt);
+	}
+
+	bool operator==(const InetAddress &a) const throw();
+	bool operator<(const InetAddress &a) const throw();
+	inline bool operator!=(const InetAddress &a) const throw() { return !(*this == a); }
+	inline bool operator>(const InetAddress &a) const throw() { return (a < *this); }
+	inline bool operator<=(const InetAddress &a) const throw() { return !(a < *this); }
+	inline bool operator>=(const InetAddress &a) const throw() { return !(*this < a); }
+
+	/**
+	 * @param mac MAC address seed
+	 * @return IPv6 link-local address
+	 */
+	static InetAddress makeIpv6LinkLocal(const MAC &mac);
+
+	/**
+	 * Compute private IPv6 unicast address from network ID and ZeroTier address
+	 *
+	 * This generates a private unicast IPv6 address that is mostly compliant
+	 * with the letter of RFC4193 and certainly compliant in spirit.
+	 *
+	 * RFC4193 specifies a format of:
+	 *
+	 * | 7 bits |1|  40 bits   |  16 bits  |          64 bits           |
+	 * | Prefix |L| Global ID  | Subnet ID |        Interface ID        |
+	 *
+	 * The 'L' bit is set to 1, yielding an address beginning with 0xfd. Then
+	 * the network ID is filled into the global ID, subnet ID, and first byte
+	 * of the "interface ID" field. Since the first 40 bits of the network ID
+	 * is the unique ZeroTier address of its controller, this makes a very
+	 * good random global ID. Since network IDs have 24 more bits, we let it
+	 * overflow into the interface ID.
+	 *
+	 * After that we pad with two bytes: 0x99, 0x93, namely the default ZeroTier
+	 * port in hex.
+	 *
+	 * Finally we fill the remaining 40 bits of the interface ID field with
+	 * the 40-bit unique ZeroTier device ID of the network member.
+	 *
+	 * This yields a valid RFC4193 address with a random global ID, a
+	 * meaningful subnet ID, and a unique interface ID, all mappable back onto
+	 * ZeroTier space.
+	 *
+	 * This in turn could allow us, on networks numbered this way, to emulate
+	 * IPv6 NDP and eliminate all multicast. This could be beneficial for
+	 * small devices and huge networks, e.g. IoT applications.
+	 *
+	 * The returned address is given an odd prefix length of /88, since within
+	 * a given network only the last 40 bits (device ID) are variable. This
+	 * is a bit unusual but as far as we know should not cause any problems with
+	 * any non-braindead IPv6 stack.
+	 *
+	 * @param nwid 64-bit network ID
+	 * @param zeroTierAddress 40-bit device address (in least significant 40 bits, highest 24 bits ignored)
+	 * @return IPv6 private unicast address with /88 netmask
+	 */
+	static InetAddress makeIpv6rfc4193(uint64_t nwid,uint64_t zeroTierAddress);
+
+	/**
+	 * Compute a private IPv6 "6plane" unicast address from network ID and ZeroTier address
+	 */
+	static InetAddress makeIpv66plane(uint64_t nwid,uint64_t zeroTierAddress);
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/MAC.hpp b/node/MAC.hpp
new file mode 100644
index 0000000..95623f1
--- /dev/null
+++ b/node/MAC.hpp
@@ -0,0 +1,264 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_MAC_HPP
+#define ZT_MAC_HPP
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+
+#include "Constants.hpp"
+#include "Utils.hpp"
+#include "Address.hpp"
+#include "Buffer.hpp"
+
+namespace ZeroTier {
+
+/**
+ * 48-byte Ethernet MAC address
+ */
+class MAC
+{
+public:
+	MAC() throw() : _m(0ULL) {}
+	MAC(const MAC &m) throw() : _m(m._m) {}
+
+	MAC(const unsigned char a,const unsigned char b,const unsigned char c,const unsigned char d,const unsigned char e,const unsigned char f) throw() :
+		_m( ((((uint64_t)a) & 0xffULL) << 40) |
+		    ((((uint64_t)b) & 0xffULL) << 32) |
+		    ((((uint64_t)c) & 0xffULL) << 24) |
+		    ((((uint64_t)d) & 0xffULL) << 16) |
+		    ((((uint64_t)e) & 0xffULL) << 8) |
+		    (((uint64_t)f) & 0xffULL) ) {}
+
+	MAC(const char *s) throw() { fromString(s); }
+	MAC(const std::string &s) throw() { fromString(s.c_str()); }
+
+	MAC(const void *bits,unsigned int len) throw() { setTo(bits,len); }
+
+	MAC(const Address &ztaddr,uint64_t nwid) throw() { fromAddress(ztaddr,nwid); }
+
+	MAC(const uint64_t m) throw() : _m(m & 0xffffffffffffULL) {}
+
+	/**
+	 * @return MAC in 64-bit integer
+	 */
+	inline uint64_t toInt() const throw() { return _m; }
+
+	/**
+	 * Set MAC to zero
+	 */
+	inline void zero() { _m = 0ULL; }
+
+	/**
+	 * @return True if MAC is non-zero
+	 */
+	inline operator bool() const throw() { return (_m != 0ULL); }
+
+	/**
+	 * @param bits Raw MAC in big-endian byte order
+	 * @param len Length, must be >= 6 or result is zero
+	 */
+	inline void setTo(const void *bits,unsigned int len)
+		throw()
+	{
+		if (len < 6) {
+			_m = 0ULL;
+			return;
+		}
+		const unsigned char *b = (const unsigned char *)bits;
+		_m =  ((((uint64_t)*b) & 0xff) << 40); ++b;
+		_m |= ((((uint64_t)*b) & 0xff) << 32); ++b;
+		_m |= ((((uint64_t)*b) & 0xff) << 24); ++b;
+		_m |= ((((uint64_t)*b) & 0xff) << 16); ++b;
+		_m |= ((((uint64_t)*b) & 0xff) << 8); ++b;
+		_m |= (((uint64_t)*b) & 0xff);
+	}
+
+	/**
+	 * @param buf Destination buffer for MAC in big-endian byte order
+	 * @param len Length of buffer, must be >= 6 or nothing is copied
+	 */
+	inline void copyTo(void *buf,unsigned int len) const
+		throw()
+	{
+		if (len < 6)
+			return;
+		unsigned char *b = (unsigned char *)buf;
+		*(b++) = (unsigned char)((_m >> 40) & 0xff);
+		*(b++) = (unsigned char)((_m >> 32) & 0xff);
+		*(b++) = (unsigned char)((_m >> 24) & 0xff);
+		*(b++) = (unsigned char)((_m >> 16) & 0xff);
+		*(b++) = (unsigned char)((_m >> 8) & 0xff);
+		*b = (unsigned char)(_m & 0xff);
+	}
+
+	/**
+	 * Append to a buffer in big-endian byte order
+	 *
+	 * @param b Buffer to append to
+	 */
+	template<unsigned int C>
+	inline void appendTo(Buffer<C> &b) const
+		throw(std::out_of_range)
+	{
+		unsigned char *p = (unsigned char *)b.appendField(6);
+		*(p++) = (unsigned char)((_m >> 40) & 0xff);
+		*(p++) = (unsigned char)((_m >> 32) & 0xff);
+		*(p++) = (unsigned char)((_m >> 24) & 0xff);
+		*(p++) = (unsigned char)((_m >> 16) & 0xff);
+		*(p++) = (unsigned char)((_m >> 8) & 0xff);
+		*p = (unsigned char)(_m & 0xff);
+	}
+
+	/**
+	 * @return True if this is broadcast (all 0xff)
+	 */
+	inline bool isBroadcast() const throw() { return (_m == 0xffffffffffffULL); }
+
+	/**
+	 * @return True if this is a multicast MAC
+	 */
+	inline bool isMulticast() const throw() { return ((_m & 0x010000000000ULL) != 0ULL); }
+
+	/**
+	 * @param True if this is a locally-administered MAC
+	 */
+	inline bool isLocallyAdministered() const throw() { return ((_m & 0x020000000000ULL) != 0ULL); }
+
+	/**
+	 * @param s Hex MAC, with or without : delimiters
+	 */
+	inline void fromString(const char *s)
+	{
+		char tmp[8];
+		for(int i=0;i<6;++i)
+			tmp[i] = (char)0;
+		Utils::unhex(s,tmp,6);
+		setTo(tmp,6);
+	}
+
+	/**
+	 * @return MAC address in standard :-delimited hex format
+	 */
+	inline std::string toString() const
+	{
+		char tmp[24];
+		toString(tmp,sizeof(tmp));
+		return std::string(tmp);
+	}
+
+	/**
+	 * @param buf Buffer to contain human-readable MAC
+	 * @param len Length of buffer
+	 */
+	inline void toString(char *buf,unsigned int len) const
+	{
+		Utils::snprintf(buf,len,"%.2x:%.2x:%.2x:%.2x:%.2x:%.2x",(int)(*this)[0],(int)(*this)[1],(int)(*this)[2],(int)(*this)[3],(int)(*this)[4],(int)(*this)[5]);
+	}
+
+	/**
+	 * Set this MAC to a MAC derived from an address and a network ID
+	 *
+	 * @param ztaddr ZeroTier address
+	 * @param nwid 64-bit network ID
+	 */
+	inline void fromAddress(const Address &ztaddr,uint64_t nwid)
+		throw()
+	{
+		uint64_t m = ((uint64_t)firstOctetForNetwork(nwid)) << 40;
+		m |= ztaddr.toInt(); // a is 40 bits
+		m ^= ((nwid >> 8) & 0xff) << 32;
+		m ^= ((nwid >> 16) & 0xff) << 24;
+		m ^= ((nwid >> 24) & 0xff) << 16;
+		m ^= ((nwid >> 32) & 0xff) << 8;
+		m ^= (nwid >> 40) & 0xff;
+		_m = m;
+	}
+
+	/**
+	 * Get the ZeroTier address for this MAC on this network (assuming no bridging of course, basic unicast)
+	 *
+	 * This just XORs the next-lest-significant 5 bytes of the network ID again to unmask.
+	 *
+	 * @param nwid Network ID
+	 */
+	inline Address toAddress(uint64_t nwid) const
+		throw()
+	{
+		uint64_t a = _m & 0xffffffffffULL; // least significant 40 bits of MAC are formed from address
+		a ^= ((nwid >> 8) & 0xff) << 32; // ... XORed with bits 8-48 of the nwid in little-endian byte order, so unmask it
+		a ^= ((nwid >> 16) & 0xff) << 24;
+		a ^= ((nwid >> 24) & 0xff) << 16;
+		a ^= ((nwid >> 32) & 0xff) << 8;
+		a ^= (nwid >> 40) & 0xff;
+		return Address(a);
+	}
+
+	/**
+	 * @param nwid Network ID
+	 * @return First octet of MAC for this network
+	 */
+	static inline unsigned char firstOctetForNetwork(uint64_t nwid)
+		throw()
+	{
+		unsigned char a = ((unsigned char)(nwid & 0xfe) | 0x02); // locally administered, not multicast, from LSB of network ID
+		return ((a == 0x52) ? 0x32 : a); // blacklist 0x52 since it's used by KVM, libvirt, and other popular virtualization engines... seems de-facto standard on Linux
+	}
+
+	/**
+	 * @param i Value from 0 to 5 (inclusive)
+	 * @return Byte at said position (address interpreted in big-endian order)
+	 */
+	inline unsigned char operator[](unsigned int i) const throw() { return (unsigned char)((_m >> (40 - (i * 8))) & 0xff); }
+
+	/**
+	 * @return 6, which is the number of bytes in a MAC, for container compliance
+	 */
+	inline unsigned int size() const throw() { return 6; }
+
+	inline unsigned long hashCode() const throw() { return (unsigned long)_m; }
+
+	inline MAC &operator=(const MAC &m)
+		throw()
+	{
+		_m = m._m;
+		return *this;
+	}
+	inline MAC &operator=(const uint64_t m)
+		throw()
+	{
+		_m = m;
+		return *this;
+	}
+
+	inline bool operator==(const MAC &m) const throw() { return (_m == m._m); }
+	inline bool operator!=(const MAC &m) const throw() { return (_m != m._m); }
+	inline bool operator<(const MAC &m) const throw() { return (_m < m._m); }
+	inline bool operator<=(const MAC &m) const throw() { return (_m <= m._m); }
+	inline bool operator>(const MAC &m) const throw() { return (_m > m._m); }
+	inline bool operator>=(const MAC &m) const throw() { return (_m >= m._m); }
+
+private:
+	uint64_t _m;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/MulticastGroup.hpp b/node/MulticastGroup.hpp
new file mode 100644
index 0000000..dbf3899
--- /dev/null
+++ b/node/MulticastGroup.hpp
@@ -0,0 +1,158 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_MULTICASTGROUP_HPP
+#define ZT_MULTICASTGROUP_HPP
+
+#include <stdint.h>
+
+#include <string>
+
+#include "MAC.hpp"
+#include "InetAddress.hpp"
+
+namespace ZeroTier {
+
+/**
+ * A multicast group composed of a multicast MAC and a 32-bit ADI field
+ *
+ * ADI stands for additional distinguishing information. ADI is primarily for
+ * adding additional information to broadcast (ff:ff:ff:ff:ff:ff) memberships,
+ * since straight-up broadcast won't scale. Right now it's zero except for
+ * IPv4 ARP, where it holds the IPv4 address itself to make ARP into a
+ * selective multicast query that can scale.
+ *
+ * In the future we might add some kind of plugin architecture that can add
+ * ADI for things like mDNS (multicast DNS) to improve the selectivity of
+ * those protocols.
+ *
+ * MulticastGroup behaves as an immutable value object.
+ */
+class MulticastGroup
+{
+public:
+	MulticastGroup()
+		throw() :
+		_mac(),
+		_adi(0)
+	{
+	}
+
+	MulticastGroup(const MAC &m,uint32_t a)
+		throw() :
+		_mac(m),
+		_adi(a)
+	{
+	}
+
+	MulticastGroup(const char *s)
+	{
+		fromString(s);
+	}
+
+	MulticastGroup(const std::string &s)
+	{
+		fromString(s.c_str());
+	}
+
+	/**
+	 * Derive the multicast group used for address resolution (ARP/NDP) for an IP
+	 *
+	 * @param ip IP address (port field is ignored)
+	 * @return Multicat group for ARP/NDP
+	 */
+	static inline MulticastGroup deriveMulticastGroupForAddressResolution(const InetAddress &ip)
+		throw()
+	{
+		if (ip.isV4()) {
+			// IPv4 wants broadcast MACs, so we shove the V4 address itself into
+			// the Multicast Group ADI field. Making V4 ARP work is basically why
+			// ADI was added, as well as handling other things that want mindless
+			// Ethernet broadcast to all.
+			return MulticastGroup(MAC(0xffffffffffffULL),Utils::ntoh(*((const uint32_t *)ip.rawIpData())));
+		} else if (ip.isV6()) {
+			// IPv6 is better designed in this respect. We can compute the IPv6
+			// multicast address directly from the IP address, and it gives us
+			// 24 bits of uniqueness. Collisions aren't likely to be common enough
+			// to care about.
+			const unsigned char *a = (const unsigned char *)ip.rawIpData();
+			return MulticastGroup(MAC(0x33,0x33,0xff,a[13],a[14],a[15]),0);
+		}
+		return MulticastGroup();
+	}
+
+	/**
+	 * @return Human readable string representing this group (MAC/ADI in hex)
+	 */
+	inline std::string toString() const
+	{
+		char buf[64];
+		Utils::snprintf(buf,sizeof(buf),"%.2x%.2x%.2x%.2x%.2x%.2x/%.8lx",(unsigned int)_mac[0],(unsigned int)_mac[1],(unsigned int)_mac[2],(unsigned int)_mac[3],(unsigned int)_mac[4],(unsigned int)_mac[5],(unsigned long)_adi);
+		return std::string(buf);
+	}
+
+	/**
+	 * Parse a human-readable multicast group
+	 *
+	 * @param s Multicast group in hex MAC/ADI format
+	 */
+	inline void fromString(const char *s)
+	{
+		char hex[17];
+		unsigned int hexlen = 0;
+		while ((*s)&&(*s != '/')&&(hexlen < (sizeof(hex) - 1)))
+			hex[hexlen++] = *s;
+		hex[hexlen] = (char)0;
+		_mac.fromString(hex);
+		_adi = (*s == '/') ? (uint32_t)Utils::hexStrToULong(s + 1) : (uint32_t)0;
+	}
+
+	/**
+	 * @return Multicast address
+	 */
+	inline const MAC &mac() const throw() { return _mac; }
+
+	/**
+	 * @return Additional distinguishing information
+	 */
+	inline uint32_t adi() const throw() { return _adi; }
+
+	inline unsigned long hashCode() const throw() { return (_mac.hashCode() ^ (unsigned long)_adi); }
+
+	inline bool operator==(const MulticastGroup &g) const throw() { return ((_mac == g._mac)&&(_adi == g._adi)); }
+	inline bool operator!=(const MulticastGroup &g) const throw() { return ((_mac != g._mac)||(_adi != g._adi)); }
+	inline bool operator<(const MulticastGroup &g) const throw()
+	{
+		if (_mac < g._mac)
+			return true;
+		else if (_mac == g._mac)
+			return (_adi < g._adi);
+		return false;
+	}
+	inline bool operator>(const MulticastGroup &g) const throw() { return (g < *this); }
+	inline bool operator<=(const MulticastGroup &g) const throw() { return !(g < *this); }
+	inline bool operator>=(const MulticastGroup &g) const throw() { return !(*this < g); }
+
+private:
+	MAC _mac;
+	uint32_t _adi;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/Multicaster.cpp b/node/Multicaster.cpp
new file mode 100644
index 0000000..e1d4567
--- /dev/null
+++ b/node/Multicaster.cpp
@@ -0,0 +1,371 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <algorithm>
+
+#include "Constants.hpp"
+#include "RuntimeEnvironment.hpp"
+#include "SharedPtr.hpp"
+#include "Multicaster.hpp"
+#include "Topology.hpp"
+#include "Switch.hpp"
+#include "Packet.hpp"
+#include "Peer.hpp"
+#include "C25519.hpp"
+#include "CertificateOfMembership.hpp"
+#include "Node.hpp"
+
+namespace ZeroTier {
+
+Multicaster::Multicaster(const RuntimeEnvironment *renv) :
+	RR(renv),
+	_groups(1024),
+	_groups_m()
+{
+}
+
+Multicaster::~Multicaster()
+{
+}
+
+void Multicaster::addMultiple(uint64_t now,uint64_t nwid,const MulticastGroup &mg,const void *addresses,unsigned int count,unsigned int totalKnown)
+{
+	const unsigned char *p = (const unsigned char *)addresses;
+	const unsigned char *e = p + (5 * count);
+	Mutex::Lock _l(_groups_m);
+	MulticastGroupStatus &gs = _groups[Multicaster::Key(nwid,mg)];
+	while (p != e) {
+		_add(now,nwid,mg,gs,Address(p,5));
+		p += 5;
+	}
+}
+
+void Multicaster::remove(uint64_t nwid,const MulticastGroup &mg,const Address &member)
+{
+	Mutex::Lock _l(_groups_m);
+	MulticastGroupStatus *s = _groups.get(Multicaster::Key(nwid,mg));
+	if (s) {
+		for(std::vector<MulticastGroupMember>::iterator m(s->members.begin());m!=s->members.end();++m) {
+			if (m->address == member) {
+				s->members.erase(m);
+				break;
+			}
+		}
+	}
+}
+
+unsigned int Multicaster::gather(const Address &queryingPeer,uint64_t nwid,const MulticastGroup &mg,Buffer<ZT_PROTO_MAX_PACKET_LENGTH> &appendTo,unsigned int limit) const
+{
+	unsigned char *p;
+	unsigned int added = 0,i,k,rptr,totalKnown = 0;
+	uint64_t a,picked[(ZT_PROTO_MAX_PACKET_LENGTH / 5) + 2];
+
+	if (!limit)
+		return 0;
+	else if (limit > 0xffff)
+		limit = 0xffff;
+
+	const unsigned int totalAt = appendTo.size();
+	appendTo.addSize(4); // sizeof(uint32_t)
+	const unsigned int addedAt = appendTo.size();
+	appendTo.addSize(2); // sizeof(uint16_t)
+
+	{ // Return myself if I am a member of this group
+		SharedPtr<Network> network(RR->node->network(nwid));
+		if ((network)&&(network->subscribedToMulticastGroup(mg,true))) {
+			RR->identity.address().appendTo(appendTo);
+			++totalKnown;
+			++added;
+		}
+	}
+
+	Mutex::Lock _l(_groups_m);
+
+	const MulticastGroupStatus *s = _groups.get(Multicaster::Key(nwid,mg));
+	if ((s)&&(!s->members.empty())) {
+		totalKnown += (unsigned int)s->members.size();
+
+		// Members are returned in random order so that repeated gather queries
+		// will return different subsets of a large multicast group.
+		k = 0;
+		while ((added < limit)&&(k < s->members.size())&&((appendTo.size() + ZT_ADDRESS_LENGTH) <= ZT_UDP_DEFAULT_PAYLOAD_MTU)) {
+			rptr = (unsigned int)RR->node->prng();
+
+restart_member_scan:
+			a = s->members[rptr % (unsigned int)s->members.size()].address.toInt();
+			for(i=0;i<k;++i) {
+				if (picked[i] == a) {
+					++rptr;
+					goto restart_member_scan;
+				}
+			}
+			picked[k++] = a;
+
+			if (queryingPeer.toInt() != a) { // do not return the peer that is making the request as a result
+				p = (unsigned char *)appendTo.appendField(ZT_ADDRESS_LENGTH);
+				*(p++) = (unsigned char)((a >> 32) & 0xff);
+				*(p++) = (unsigned char)((a >> 24) & 0xff);
+				*(p++) = (unsigned char)((a >> 16) & 0xff);
+				*(p++) = (unsigned char)((a >> 8) & 0xff);
+				*p = (unsigned char)(a & 0xff);
+				++added;
+			}
+		}
+	}
+
+	appendTo.setAt(totalAt,(uint32_t)totalKnown);
+	appendTo.setAt(addedAt,(uint16_t)added);
+
+	//TRACE("..MC Multicaster::gather() attached %u of %u peers for %.16llx/%s (2)",n,(unsigned int)(gs->second.members.size() - skipped),nwid,mg.toString().c_str());
+
+	return added;
+}
+
+std::vector<Address> Multicaster::getMembers(uint64_t nwid,const MulticastGroup &mg,unsigned int limit) const
+{
+	std::vector<Address> ls;
+	Mutex::Lock _l(_groups_m);
+	const MulticastGroupStatus *s = _groups.get(Multicaster::Key(nwid,mg));
+	if (!s)
+		return ls;
+	for(std::vector<MulticastGroupMember>::const_reverse_iterator m(s->members.rbegin());m!=s->members.rend();++m) {
+		ls.push_back(m->address);
+		if (ls.size() >= limit)
+			break;
+	}
+	return ls;
+}
+
+void Multicaster::send(
+	const CertificateOfMembership *com,
+	unsigned int limit,
+	uint64_t now,
+	uint64_t nwid,
+	const std::vector<Address> &alwaysSendTo,
+	const MulticastGroup &mg,
+	const MAC &src,
+	unsigned int etherType,
+	const void *data,
+	unsigned int len)
+{
+	unsigned long idxbuf[8194];
+	unsigned long *indexes = idxbuf;
+
+	try {
+		Mutex::Lock _l(_groups_m);
+		MulticastGroupStatus &gs = _groups[Multicaster::Key(nwid,mg)];
+
+		if (!gs.members.empty()) {
+			// Allocate a memory buffer if group is monstrous
+			if (gs.members.size() > (sizeof(idxbuf) / sizeof(unsigned long)))
+				indexes = new unsigned long[gs.members.size()];
+
+			// Generate a random permutation of member indexes
+			for(unsigned long i=0;i<gs.members.size();++i)
+				indexes[i] = i;
+			for(unsigned long i=(unsigned long)gs.members.size()-1;i>0;--i) {
+				unsigned long j = (unsigned long)RR->node->prng() % (i + 1);
+				unsigned long tmp = indexes[j];
+				indexes[j] = indexes[i];
+				indexes[i] = tmp;
+			}
+		}
+
+		if (gs.members.size() >= limit) {
+			// Skip queue if we already have enough members to complete the send operation
+			OutboundMulticast out;
+
+			out.init(
+				RR,
+				now,
+				nwid,
+				com,
+				limit,
+				1, // we'll still gather a little from peers to keep multicast list fresh
+				src,
+				mg,
+				etherType,
+				data,
+				len);
+
+			unsigned int count = 0;
+
+			for(std::vector<Address>::const_iterator ast(alwaysSendTo.begin());ast!=alwaysSendTo.end();++ast) {
+				if (*ast != RR->identity.address()) {
+					out.sendOnly(RR,*ast); // optimization: don't use dedup log if it's a one-pass send
+					if (++count >= limit)
+						break;
+				}
+			}
+
+			unsigned long idx = 0;
+			while ((count < limit)&&(idx < gs.members.size())) {
+				Address ma(gs.members[indexes[idx++]].address);
+				if (std::find(alwaysSendTo.begin(),alwaysSendTo.end(),ma) == alwaysSendTo.end()) {
+					out.sendOnly(RR,ma); // optimization: don't use dedup log if it's a one-pass send
+					++count;
+				}
+			}
+		} else {
+			unsigned int gatherLimit = (limit - (unsigned int)gs.members.size()) + 1;
+
+			if ((gs.members.empty())||((now - gs.lastExplicitGather) >= ZT_MULTICAST_EXPLICIT_GATHER_DELAY)) {
+				gs.lastExplicitGather = now;
+				SharedPtr<Peer> explicitGatherPeers[2];
+				explicitGatherPeers[0] = RR->topology->getBestRoot();
+				const Address nwidc(Network::controllerFor(nwid));
+				if (nwidc != RR->identity.address())
+					explicitGatherPeers[1] = RR->topology->getPeer(nwidc);
+				for(unsigned int k=0;k<2;++k) {
+					const SharedPtr<Peer> &p = explicitGatherPeers[k];
+					if (!p)
+						continue;
+					//TRACE(">>MC upstream GATHER up to %u for group %.16llx/%s",gatherLimit,nwid,mg.toString().c_str());
+
+					const CertificateOfMembership *com = (CertificateOfMembership *)0;
+					{
+						SharedPtr<Network> nw(RR->node->network(nwid));
+						if ((nw)&&(nw->hasConfig())&&(nw->config().com)&&(nw->config().isPrivate())&&(p->needsOurNetworkMembershipCertificate(nwid,now,true)))
+							com = &(nw->config().com);
+					}
+
+					Packet outp(p->address(),RR->identity.address(),Packet::VERB_MULTICAST_GATHER);
+					outp.append(nwid);
+					outp.append((uint8_t)(com ? 0x01 : 0x00));
+					mg.mac().appendTo(outp);
+					outp.append((uint32_t)mg.adi());
+					outp.append((uint32_t)gatherLimit);
+					if (com)
+						com->serialize(outp);
+					RR->sw->send(outp,true,0);
+				}
+				gatherLimit = 0;
+			}
+
+			gs.txQueue.push_back(OutboundMulticast());
+			OutboundMulticast &out = gs.txQueue.back();
+
+			out.init(
+				RR,
+				now,
+				nwid,
+				com,
+				limit,
+				gatherLimit,
+				src,
+				mg,
+				etherType,
+				data,
+				len);
+
+			unsigned int count = 0;
+
+			for(std::vector<Address>::const_iterator ast(alwaysSendTo.begin());ast!=alwaysSendTo.end();++ast) {
+				if (*ast != RR->identity.address()) {
+					out.sendAndLog(RR,*ast);
+					if (++count >= limit)
+						break;
+				}
+			}
+
+			unsigned long idx = 0;
+			while ((count < limit)&&(idx < gs.members.size())) {
+				Address ma(gs.members[indexes[idx++]].address);
+				if (std::find(alwaysSendTo.begin(),alwaysSendTo.end(),ma) == alwaysSendTo.end()) {
+					out.sendAndLog(RR,ma);
+					++count;
+				}
+			}
+		}
+	} catch ( ... ) {} // this is a sanity check to catch any failures and make sure indexes[] still gets deleted
+
+	// Free allocated memory buffer if any
+	if (indexes != idxbuf)
+		delete [] indexes;
+}
+
+void Multicaster::clean(uint64_t now)
+{
+	Mutex::Lock _l(_groups_m);
+
+	Multicaster::Key *k = (Multicaster::Key *)0;
+	MulticastGroupStatus *s = (MulticastGroupStatus *)0;
+	Hashtable<Multicaster::Key,MulticastGroupStatus>::Iterator mm(_groups);
+	while (mm.next(k,s)) {
+		for(std::list<OutboundMulticast>::iterator tx(s->txQueue.begin());tx!=s->txQueue.end();) {
+			if ((tx->expired(now))||(tx->atLimit()))
+				s->txQueue.erase(tx++);
+			else ++tx;
+		}
+
+		unsigned long count = 0;
+		{
+			std::vector<MulticastGroupMember>::iterator reader(s->members.begin());
+			std::vector<MulticastGroupMember>::iterator writer(reader);
+			while (reader != s->members.end()) {
+				if ((now - reader->timestamp) < ZT_MULTICAST_LIKE_EXPIRE) {
+					*writer = *reader;
+					++writer;
+					++count;
+				}
+				++reader;
+			}
+		}
+
+		if (count) {
+			s->members.resize(count);
+		} else if (s->txQueue.empty()) {
+			_groups.erase(*k);
+		} else {
+			s->members.clear();
+		}
+	}
+}
+
+void Multicaster::_add(uint64_t now,uint64_t nwid,const MulticastGroup &mg,MulticastGroupStatus &gs,const Address &member)
+{
+	// assumes _groups_m is locked
+
+	// Do not add self -- even if someone else returns it
+	if (member == RR->identity.address())
+		return;
+
+	for(std::vector<MulticastGroupMember>::iterator m(gs.members.begin());m!=gs.members.end();++m) {
+		if (m->address == member) {
+			m->timestamp = now;
+			return;
+		}
+	}
+
+	gs.members.push_back(MulticastGroupMember(member,now));
+
+	//TRACE("..MC %s joined multicast group %.16llx/%s via %s",member.toString().c_str(),nwid,mg.toString().c_str(),((learnedFrom) ? learnedFrom.toString().c_str() : "(direct)"));
+
+	for(std::list<OutboundMulticast>::iterator tx(gs.txQueue.begin());tx!=gs.txQueue.end();) {
+		if (tx->atLimit())
+			gs.txQueue.erase(tx++);
+		else {
+			tx->sendIfNew(RR,member);
+			if (tx->atLimit())
+				gs.txQueue.erase(tx++);
+			else ++tx;
+		}
+	}
+}
+
+} // namespace ZeroTier
diff --git a/node/Multicaster.hpp b/node/Multicaster.hpp
new file mode 100644
index 0000000..c43c8d9
--- /dev/null
+++ b/node/Multicaster.hpp
@@ -0,0 +1,194 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_MULTICASTER_HPP
+#define ZT_MULTICASTER_HPP
+
+#include <stdint.h>
+#include <string.h>
+
+#include <map>
+#include <vector>
+#include <list>
+
+#include "Constants.hpp"
+#include "Hashtable.hpp"
+#include "Address.hpp"
+#include "MAC.hpp"
+#include "MulticastGroup.hpp"
+#include "OutboundMulticast.hpp"
+#include "Utils.hpp"
+#include "Mutex.hpp"
+#include "NonCopyable.hpp"
+
+namespace ZeroTier {
+
+class RuntimeEnvironment;
+class CertificateOfMembership;
+class Packet;
+
+/**
+ * Database of known multicast peers within a network
+ */
+class Multicaster : NonCopyable
+{
+private:
+	struct Key
+	{
+		Key() : nwid(0),mg() {}
+		Key(uint64_t n,const MulticastGroup &g) : nwid(n),mg(g) {}
+
+		uint64_t nwid;
+		MulticastGroup mg;
+
+		inline bool operator==(const Key &k) const throw() { return ((nwid == k.nwid)&&(mg == k.mg)); }
+		inline unsigned long hashCode() const throw() { return (mg.hashCode() ^ (unsigned long)(nwid ^ (nwid >> 32))); }
+	};
+
+	struct MulticastGroupMember
+	{
+		MulticastGroupMember() {}
+		MulticastGroupMember(const Address &a,uint64_t ts) : address(a),timestamp(ts) {}
+
+		Address address;
+		uint64_t timestamp; // time of last notification
+	};
+
+	struct MulticastGroupStatus
+	{
+		MulticastGroupStatus() : lastExplicitGather(0) {}
+
+		uint64_t lastExplicitGather;
+		std::list<OutboundMulticast> txQueue; // pending outbound multicasts
+		std::vector<MulticastGroupMember> members; // members of this group
+	};
+
+public:
+	Multicaster(const RuntimeEnvironment *renv);
+	~Multicaster();
+
+	/**
+	 * Add or update a member in a multicast group
+	 *
+	 * @param now Current time
+	 * @param nwid Network ID
+	 * @param mg Multicast group
+	 * @param member New member address
+	 */
+	inline void add(uint64_t now,uint64_t nwid,const MulticastGroup &mg,const Address &member)
+	{
+		Mutex::Lock _l(_groups_m);
+		_add(now,nwid,mg,_groups[Multicaster::Key(nwid,mg)],member);
+	}
+
+	/**
+	 * Add multiple addresses from a binary array of 5-byte address fields
+	 *
+	 * It's up to the caller to check bounds on the array before calling this.
+	 *
+	 * @param now Current time
+	 * @param nwid Network ID
+	 * @param mg Multicast group
+	 * @param addresses Raw binary addresses in big-endian format, as a series of 5-byte fields
+	 * @param count Number of addresses
+	 * @param totalKnown Total number of known addresses as reported by peer
+	 */
+	void addMultiple(uint64_t now,uint64_t nwid,const MulticastGroup &mg,const void *addresses,unsigned int count,unsigned int totalKnown);
+
+	/**
+	 * Remove a multicast group member (if present)
+	 *
+	 * @param nwid Network ID
+	 * @param mg Multicast group
+	 * @param member Member to unsubscribe
+	 */
+	void remove(uint64_t nwid,const MulticastGroup &mg,const Address &member);
+
+	/**
+	 * Append gather results to a packet by choosing registered multicast recipients at random
+	 *
+	 * This appends the following fields to the packet:
+	 *   <[4] 32-bit total number of known members in this multicast group>
+	 *   <[2] 16-bit number of members enumerated in this packet>
+	 *   <[...] series of 5-byte ZeroTier addresses of enumerated members>
+	 *
+	 * If zero is returned, the first two fields will still have been appended.
+	 *
+	 * @param queryingPeer Peer asking for gather (to skip in results)
+	 * @param nwid Network ID
+	 * @param mg Multicast group
+	 * @param appendTo Packet to append to
+	 * @param limit Maximum number of 5-byte addresses to append
+	 * @return Number of addresses appended
+	 * @throws std::out_of_range Buffer overflow writing to packet
+	 */
+	unsigned int gather(const Address &queryingPeer,uint64_t nwid,const MulticastGroup &mg,Buffer<ZT_PROTO_MAX_PACKET_LENGTH> &appendTo,unsigned int limit) const;
+
+	/**
+	 * Get subscribers to a multicast group
+	 *
+	 * @param nwid Network ID
+	 * @param mg Multicast group
+	 */
+	std::vector<Address> getMembers(uint64_t nwid,const MulticastGroup &mg,unsigned int limit) const;
+
+	/**
+	 * Send a multicast
+	 *
+	 * @param com Certificate of membership to include or NULL for none
+	 * @param limit Multicast limit
+	 * @param now Current time
+	 * @param nwid Network ID
+	 * @param alwaysSendTo Send to these peers first and even if not included in subscriber list
+	 * @param mg Multicast group
+	 * @param src Source Ethernet MAC address or NULL to skip in packet and compute from ZT address (non-bridged mode)
+	 * @param etherType Ethernet frame type
+	 * @param data Packet data
+	 * @param len Length of packet data
+	 */
+	void send(
+		const CertificateOfMembership *com,
+		unsigned int limit,
+		uint64_t now,
+		uint64_t nwid,
+		const std::vector<Address> &alwaysSendTo,
+		const MulticastGroup &mg,
+		const MAC &src,
+		unsigned int etherType,
+		const void *data,
+		unsigned int len);
+
+	/**
+	 * Clean up and resort database
+	 *
+	 * @param RR Runtime environment
+	 * @param now Current time
+	 */
+	void clean(uint64_t now);
+
+private:
+	void _add(uint64_t now,uint64_t nwid,const MulticastGroup &mg,MulticastGroupStatus &gs,const Address &member);
+
+	const RuntimeEnvironment *RR;
+	Hashtable<Multicaster::Key,MulticastGroupStatus> _groups;
+	Mutex _groups_m;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/Mutex.hpp b/node/Mutex.hpp
new file mode 100644
index 0000000..d451ede
--- /dev/null
+++ b/node/Mutex.hpp
@@ -0,0 +1,186 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_MUTEX_HPP
+#define ZT_MUTEX_HPP
+
+#include "Constants.hpp"
+#include "NonCopyable.hpp"
+
+#ifdef __UNIX_LIKE__
+
+#include <stdlib.h>
+#include <pthread.h>
+
+namespace ZeroTier {
+
+class Mutex : NonCopyable
+{
+public:
+	Mutex()
+		throw()
+	{
+		pthread_mutex_init(&_mh,(const pthread_mutexattr_t *)0);
+	}
+
+	~Mutex()
+	{
+		pthread_mutex_destroy(&_mh);
+	}
+
+	inline void lock()
+		throw()
+	{
+		pthread_mutex_lock(&_mh);
+	}
+
+	inline void unlock()
+		throw()
+	{
+		pthread_mutex_unlock(&_mh);
+	}
+
+	inline void lock() const
+		throw()
+	{
+		(const_cast <Mutex *> (this))->lock();
+	}
+
+	inline void unlock() const
+		throw()
+	{
+		(const_cast <Mutex *> (this))->unlock();
+	}
+
+	/**
+	 * Uses C++ contexts and constructor/destructor to lock/unlock automatically
+	 */
+	class Lock : NonCopyable
+	{
+	public:
+		Lock(Mutex &m)
+			throw() :
+			_m(&m)
+		{
+			m.lock();
+		}
+
+		Lock(const Mutex &m)
+			throw() :
+			_m(const_cast<Mutex *>(&m))
+		{
+			_m->lock();
+		}
+
+		~Lock()
+		{
+			_m->unlock();
+		}
+
+	private:
+		Mutex *const _m;
+	};
+
+private:
+	pthread_mutex_t _mh;
+};
+
+} // namespace ZeroTier
+
+#endif // Apple / Linux
+
+#ifdef __WINDOWS__
+
+#include <stdlib.h>
+#include <Windows.h>
+
+namespace ZeroTier {
+
+class Mutex : NonCopyable
+{
+public:
+	Mutex()
+		throw()
+	{
+		InitializeCriticalSection(&_cs);
+	}
+
+	~Mutex()
+	{
+		DeleteCriticalSection(&_cs);
+	}
+
+	inline void lock()
+		throw()
+	{
+		EnterCriticalSection(&_cs);
+	}
+
+	inline void unlock()
+		throw()
+	{
+		LeaveCriticalSection(&_cs);
+	}
+
+	inline void lock() const
+		throw()
+	{
+		(const_cast <Mutex *> (this))->lock();
+	}
+
+	inline void unlock() const
+		throw()
+	{
+		(const_cast <Mutex *> (this))->unlock();
+	}
+
+	class Lock : NonCopyable
+	{
+	public:
+		Lock(Mutex &m)
+			throw() :
+			_m(&m)
+		{
+			m.lock();
+		}
+
+		Lock(const Mutex &m)
+			throw() :
+			_m(const_cast<Mutex *>(&m))
+		{
+			_m->lock();
+		}
+
+		~Lock()
+		{
+			_m->unlock();
+		}
+
+	private:
+		Mutex *const _m;
+	};
+
+private:
+	CRITICAL_SECTION _cs;
+};
+
+} // namespace ZeroTier
+
+#endif // _WIN32
+
+#endif
diff --git a/node/Network.cpp b/node/Network.cpp
new file mode 100644
index 0000000..2511664
--- /dev/null
+++ b/node/Network.cpp
@@ -0,0 +1,483 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <math.h>
+
+#include "Constants.hpp"
+#include "Network.hpp"
+#include "RuntimeEnvironment.hpp"
+#include "Switch.hpp"
+#include "Packet.hpp"
+#include "Buffer.hpp"
+#include "NetworkController.hpp"
+#include "Node.hpp"
+
+#include "../version.h"
+
+namespace ZeroTier {
+
+const ZeroTier::MulticastGroup Network::BROADCAST(ZeroTier::MAC(0xffffffffffffULL),0);
+
+Network::Network(const RuntimeEnvironment *renv,uint64_t nwid,void *uptr) :
+	RR(renv),
+	_uPtr(uptr),
+	_id(nwid),
+	_mac(renv->identity.address(),nwid),
+	_portInitialized(false),
+	_lastConfigUpdate(0),
+	_destroyed(false),
+	_netconfFailure(NETCONF_FAILURE_NONE),
+	_portError(0)
+{
+	char confn[128],mcdbn[128];
+	Utils::snprintf(confn,sizeof(confn),"networks.d/%.16llx.conf",_id);
+	Utils::snprintf(mcdbn,sizeof(mcdbn),"networks.d/%.16llx.mcerts",_id);
+
+	// These files are no longer used, so clean them.
+	RR->node->dataStoreDelete(mcdbn);
+
+	if (_id == ZT_TEST_NETWORK_ID) {
+		applyConfiguration(NetworkConfig::createTestNetworkConfig(RR->identity.address()));
+
+		// Save a one-byte CR to persist membership in the test network
+		RR->node->dataStorePut(confn,"\n",1,false);
+	} else {
+		bool gotConf = false;
+		try {
+			std::string conf(RR->node->dataStoreGet(confn));
+			if (conf.length()) {
+				Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> dconf(conf.c_str());
+				NetworkConfig nconf;
+				if (nconf.fromDictionary(dconf)) {
+					this->setConfiguration(nconf,false);
+					_lastConfigUpdate = 0; // we still want to re-request a new config from the network
+					gotConf = true;
+				}
+			}
+		} catch ( ... ) {} // ignore invalids, we'll re-request
+
+		if (!gotConf) {
+			// Save a one-byte CR to persist membership while we request a real netconf
+			RR->node->dataStorePut(confn,"\n",1,false);
+		}
+	}
+
+	if (!_portInitialized) {
+		ZT_VirtualNetworkConfig ctmp;
+		_externalConfig(&ctmp);
+		_portError = RR->node->configureVirtualNetworkPort(_id,&_uPtr,ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_UP,&ctmp);
+		_portInitialized = true;
+	}
+}
+
+Network::~Network()
+{
+	ZT_VirtualNetworkConfig ctmp;
+	_externalConfig(&ctmp);
+
+	char n[128];
+	if (_destroyed) {
+		RR->node->configureVirtualNetworkPort(_id,&_uPtr,ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_DESTROY,&ctmp);
+		Utils::snprintf(n,sizeof(n),"networks.d/%.16llx.conf",_id);
+		RR->node->dataStoreDelete(n);
+	} else {
+		RR->node->configureVirtualNetworkPort(_id,&_uPtr,ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_DOWN,&ctmp);
+	}
+}
+
+bool Network::subscribedToMulticastGroup(const MulticastGroup &mg,bool includeBridgedGroups) const
+{
+	Mutex::Lock _l(_lock);
+	if (std::binary_search(_myMulticastGroups.begin(),_myMulticastGroups.end(),mg))
+		return true;
+	else if (includeBridgedGroups)
+		return _multicastGroupsBehindMe.contains(mg);
+	else return false;
+}
+
+void Network::multicastSubscribe(const MulticastGroup &mg)
+{
+	{
+		Mutex::Lock _l(_lock);
+		if (std::binary_search(_myMulticastGroups.begin(),_myMulticastGroups.end(),mg))
+			return;
+		_myMulticastGroups.push_back(mg);
+		std::sort(_myMulticastGroups.begin(),_myMulticastGroups.end());
+	}
+	_announceMulticastGroups();
+}
+
+void Network::multicastUnsubscribe(const MulticastGroup &mg)
+{
+	Mutex::Lock _l(_lock);
+	std::vector<MulticastGroup> nmg;
+	for(std::vector<MulticastGroup>::const_iterator i(_myMulticastGroups.begin());i!=_myMulticastGroups.end();++i) {
+		if (*i != mg)
+			nmg.push_back(*i);
+	}
+	if (nmg.size() != _myMulticastGroups.size())
+		_myMulticastGroups.swap(nmg);
+}
+
+bool Network::tryAnnounceMulticastGroupsTo(const SharedPtr<Peer> &peer)
+{
+	Mutex::Lock _l(_lock);
+	if (
+	    (_isAllowed(peer)) ||
+	    (peer->address() == this->controller()) ||
+	    (RR->topology->isRoot(peer->identity()))
+	   ) {
+		_announceMulticastGroupsTo(peer,_allMulticastGroups());
+		return true;
+	}
+	return false;
+}
+
+bool Network::applyConfiguration(const NetworkConfig &conf)
+{
+	if (_destroyed) // sanity check
+		return false;
+	try {
+		if ((conf.networkId == _id)&&(conf.issuedTo == RR->identity.address())) {
+			ZT_VirtualNetworkConfig ctmp;
+			bool portInitialized;
+			{
+				Mutex::Lock _l(_lock);
+				_config = conf;
+				_lastConfigUpdate = RR->node->now();
+				_netconfFailure = NETCONF_FAILURE_NONE;
+				_externalConfig(&ctmp);
+				portInitialized = _portInitialized;
+				_portInitialized = true;
+			}
+			_portError = RR->node->configureVirtualNetworkPort(_id,&_uPtr,(portInitialized) ? ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_CONFIG_UPDATE : ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_UP,&ctmp);
+			return true;
+		} else {
+			TRACE("ignored invalid configuration for network %.16llx (configuration contains mismatched network ID or issued-to address)",(unsigned long long)_id);
+		}
+	} catch (std::exception &exc) {
+		TRACE("ignored invalid configuration for network %.16llx (%s)",(unsigned long long)_id,exc.what());
+	} catch ( ... ) {
+		TRACE("ignored invalid configuration for network %.16llx (unknown exception)",(unsigned long long)_id);
+	}
+	return false;
+}
+
+int Network::setConfiguration(const NetworkConfig &nconf,bool saveToDisk)
+{
+	try {
+		{
+			Mutex::Lock _l(_lock);
+			if (_config == nconf)
+				return 1; // OK config, but duplicate of what we already have
+		}
+		if (applyConfiguration(nconf)) {
+			if (saveToDisk) {
+				char n[64];
+				Utils::snprintf(n,sizeof(n),"networks.d/%.16llx.conf",_id);
+				Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> d;
+				if (nconf.toDictionary(d,false))
+					RR->node->dataStorePut(n,(const void *)d.data(),d.sizeBytes(),true);
+			}
+			return 2; // OK and configuration has changed
+		}
+	} catch ( ... ) {
+		TRACE("ignored invalid configuration for network %.16llx",(unsigned long long)_id);
+	}
+	return 0;
+}
+
+void Network::requestConfiguration()
+{
+	if (_id == ZT_TEST_NETWORK_ID) // pseudo-network-ID, uses locally generated static config
+		return;
+
+	Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> rmd;
+	rmd.add(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_VERSION,(uint64_t)ZT_NETWORKCONFIG_VERSION);
+	rmd.add(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_PROTOCOL_VERSION,(uint64_t)ZT_PROTO_VERSION);
+	rmd.add(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_MAJOR_VERSION,(uint64_t)ZEROTIER_ONE_VERSION_MAJOR);
+	rmd.add(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_MINOR_VERSION,(uint64_t)ZEROTIER_ONE_VERSION_MINOR);
+	rmd.add(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_REVISION,(uint64_t)ZEROTIER_ONE_VERSION_REVISION);
+
+	if (controller() == RR->identity.address()) {
+		if (RR->localNetworkController) {
+			NetworkConfig nconf;
+			switch(RR->localNetworkController->doNetworkConfigRequest(InetAddress(),RR->identity,RR->identity,_id,rmd,nconf)) {
+				case NetworkController::NETCONF_QUERY_OK:
+					this->setConfiguration(nconf,true);
+					return;
+				case NetworkController::NETCONF_QUERY_OBJECT_NOT_FOUND:
+					this->setNotFound();
+					return;
+				case NetworkController::NETCONF_QUERY_ACCESS_DENIED:
+					this->setAccessDenied();
+					return;
+				default:
+					return;
+			}
+		} else {
+			this->setNotFound();
+			return;
+		}
+	}
+
+	TRACE("requesting netconf for network %.16llx from controller %s",(unsigned long long)_id,controller().toString().c_str());
+
+	Packet outp(controller(),RR->identity.address(),Packet::VERB_NETWORK_CONFIG_REQUEST);
+	outp.append((uint64_t)_id);
+	const unsigned int rmdSize = rmd.sizeBytes();
+	outp.append((uint16_t)rmdSize);
+	outp.append((const void *)rmd.data(),rmdSize);
+	outp.append((_config) ? (uint64_t)_config.revision : (uint64_t)0);
+	outp.compress();
+	RR->sw->send(outp,true,0);
+}
+
+void Network::clean()
+{
+	const uint64_t now = RR->node->now();
+	Mutex::Lock _l(_lock);
+
+	if (_destroyed)
+		return;
+
+	{
+		Hashtable< MulticastGroup,uint64_t >::Iterator i(_multicastGroupsBehindMe);
+		MulticastGroup *mg = (MulticastGroup *)0;
+		uint64_t *ts = (uint64_t *)0;
+		while (i.next(mg,ts)) {
+			if ((now - *ts) > (ZT_MULTICAST_LIKE_EXPIRE * 2))
+				_multicastGroupsBehindMe.erase(*mg);
+		}
+	}
+}
+
+void Network::learnBridgeRoute(const MAC &mac,const Address &addr)
+{
+	Mutex::Lock _l(_lock);
+	_remoteBridgeRoutes[mac] = addr;
+
+	// Anti-DOS circuit breaker to prevent nodes from spamming us with absurd numbers of bridge routes
+	while (_remoteBridgeRoutes.size() > ZT_MAX_BRIDGE_ROUTES) {
+		Hashtable< Address,unsigned long > counts;
+		Address maxAddr;
+		unsigned long maxCount = 0;
+
+		MAC *m = (MAC *)0;
+		Address *a = (Address *)0;
+
+		// Find the address responsible for the most entries
+		{
+			Hashtable<MAC,Address>::Iterator i(_remoteBridgeRoutes);
+			while (i.next(m,a)) {
+				const unsigned long c = ++counts[*a];
+				if (c > maxCount) {
+					maxCount = c;
+					maxAddr = *a;
+				}
+			}
+		}
+
+		// Kill this address from our table, since it's most likely spamming us
+		{
+			Hashtable<MAC,Address>::Iterator i(_remoteBridgeRoutes);
+			while (i.next(m,a)) {
+				if (*a == maxAddr)
+					_remoteBridgeRoutes.erase(*m);
+			}
+		}
+	}
+}
+
+void Network::learnBridgedMulticastGroup(const MulticastGroup &mg,uint64_t now)
+{
+	Mutex::Lock _l(_lock);
+	const unsigned long tmp = (unsigned long)_multicastGroupsBehindMe.size();
+	_multicastGroupsBehindMe.set(mg,now);
+	if (tmp != _multicastGroupsBehindMe.size())
+		_announceMulticastGroups();
+}
+
+void Network::destroy()
+{
+	Mutex::Lock _l(_lock);
+	_destroyed = true;
+}
+
+ZT_VirtualNetworkStatus Network::_status() const
+{
+	// assumes _lock is locked
+	if (_portError)
+		return ZT_NETWORK_STATUS_PORT_ERROR;
+	switch(_netconfFailure) {
+		case NETCONF_FAILURE_ACCESS_DENIED:
+			return ZT_NETWORK_STATUS_ACCESS_DENIED;
+		case NETCONF_FAILURE_NOT_FOUND:
+			return ZT_NETWORK_STATUS_NOT_FOUND;
+		case NETCONF_FAILURE_NONE:
+			return ((_config) ? ZT_NETWORK_STATUS_OK : ZT_NETWORK_STATUS_REQUESTING_CONFIGURATION);
+		default:
+			return ZT_NETWORK_STATUS_PORT_ERROR;
+	}
+}
+
+void Network::_externalConfig(ZT_VirtualNetworkConfig *ec) const
+{
+	// assumes _lock is locked
+	ec->nwid = _id;
+	ec->mac = _mac.toInt();
+	if (_config)
+		Utils::scopy(ec->name,sizeof(ec->name),_config.name);
+	else ec->name[0] = (char)0;
+	ec->status = _status();
+	ec->type = (_config) ? (_config.isPrivate() ? ZT_NETWORK_TYPE_PRIVATE : ZT_NETWORK_TYPE_PUBLIC) : ZT_NETWORK_TYPE_PRIVATE;
+	ec->mtu = ZT_IF_MTU;
+	ec->dhcp = 0;
+	std::vector<Address> ab(_config.activeBridges());
+	ec->bridge = ((_config.allowPassiveBridging())||(std::find(ab.begin(),ab.end(),RR->identity.address()) != ab.end())) ? 1 : 0;
+	ec->broadcastEnabled = (_config) ? (_config.enableBroadcast() ? 1 : 0) : 0;
+	ec->portError = _portError;
+	ec->netconfRevision = (_config) ? (unsigned long)_config.revision : 0;
+
+	ec->assignedAddressCount = 0;
+	for(unsigned int i=0;i<ZT_MAX_ZT_ASSIGNED_ADDRESSES;++i) {
+		if (i < _config.staticIpCount) {
+			memcpy(&(ec->assignedAddresses[i]),&(_config.staticIps[i]),sizeof(struct sockaddr_storage));
+			++ec->assignedAddressCount;
+		} else {
+			memset(&(ec->assignedAddresses[i]),0,sizeof(struct sockaddr_storage));
+		}
+	}
+
+	ec->routeCount = 0;
+	for(unsigned int i=0;i<ZT_MAX_NETWORK_ROUTES;++i) {
+		if (i < _config.routeCount) {
+			memcpy(&(ec->routes[i]),&(_config.routes[i]),sizeof(ZT_VirtualNetworkRoute));
+			++ec->routeCount;
+		} else {
+			memset(&(ec->routes[i]),0,sizeof(ZT_VirtualNetworkRoute));
+		}
+	}
+}
+
+bool Network::_isAllowed(const SharedPtr<Peer> &peer) const
+{
+	// Assumes _lock is locked
+	try {
+		if (!_config)
+			return false;
+		if (_config.isPublic())
+			return true;
+		return ((_config.com)&&(peer->networkMembershipCertificatesAgree(_id,_config.com)));
+	} catch (std::exception &exc) {
+		TRACE("isAllowed() check failed for peer %s: unexpected exception: %s",peer->address().toString().c_str(),exc.what());
+	} catch ( ... ) {
+		TRACE("isAllowed() check failed for peer %s: unexpected exception: unknown exception",peer->address().toString().c_str());
+	}
+	return false; // default position on any failure
+}
+
+class _MulticastAnnounceAll
+{
+public:
+	_MulticastAnnounceAll(const RuntimeEnvironment *renv,Network *nw) :
+		_now(renv->node->now()),
+		_controller(nw->controller()),
+		_network(nw),
+		_anchors(nw->config().anchors()),
+		_rootAddresses(renv->topology->rootAddresses())
+	{}
+	inline void operator()(Topology &t,const SharedPtr<Peer> &p)
+	{
+		if ( (_network->_isAllowed(p)) || // FIXME: this causes multicast LIKEs for public networks to get spammed
+		     (p->address() == _controller) ||
+		     (std::find(_rootAddresses.begin(),_rootAddresses.end(),p->address()) != _rootAddresses.end()) ||
+				 (std::find(_anchors.begin(),_anchors.end(),p->address()) != _anchors.end()) ) {
+			peers.push_back(p);
+		}
+	}
+	std::vector< SharedPtr<Peer> > peers;
+private:
+	const uint64_t _now;
+	const Address _controller;
+	Network *const _network;
+	const std::vector<Address> _anchors;
+	const std::vector<Address> _rootAddresses;
+};
+void Network::_announceMulticastGroups()
+{
+	// Assumes _lock is locked
+	std::vector<MulticastGroup> allMulticastGroups(_allMulticastGroups());
+	_MulticastAnnounceAll gpfunc(RR,this);
+	RR->topology->eachPeer<_MulticastAnnounceAll &>(gpfunc);
+	for(std::vector< SharedPtr<Peer> >::const_iterator i(gpfunc.peers.begin());i!=gpfunc.peers.end();++i)
+		_announceMulticastGroupsTo(*i,allMulticastGroups);
+}
+
+void Network::_announceMulticastGroupsTo(const SharedPtr<Peer> &peer,const std::vector<MulticastGroup> &allMulticastGroups) const
+{
+	// Assumes _lock is locked
+
+	// We push COMs ahead of MULTICAST_LIKE since they're used for access control -- a COM is a public
+	// credential so "over-sharing" isn't really an issue (and we only do so with roots).
+	if ((_config)&&(_config.com)&&(!_config.isPublic())&&(peer->needsOurNetworkMembershipCertificate(_id,RR->node->now(),true))) {
+		Packet outp(peer->address(),RR->identity.address(),Packet::VERB_NETWORK_MEMBERSHIP_CERTIFICATE);
+		_config.com.serialize(outp);
+		RR->sw->send(outp,true,0);
+	}
+
+	{
+		Packet outp(peer->address(),RR->identity.address(),Packet::VERB_MULTICAST_LIKE);
+
+		for(std::vector<MulticastGroup>::const_iterator mg(allMulticastGroups.begin());mg!=allMulticastGroups.end();++mg) {
+			if ((outp.size() + 18) >= ZT_UDP_DEFAULT_PAYLOAD_MTU) {
+				RR->sw->send(outp,true,0);
+				outp.reset(peer->address(),RR->identity.address(),Packet::VERB_MULTICAST_LIKE);
+			}
+
+			// network ID, MAC, ADI
+			outp.append((uint64_t)_id);
+			mg->mac().appendTo(outp);
+			outp.append((uint32_t)mg->adi());
+		}
+
+		if (outp.size() > ZT_PROTO_MIN_PACKET_LENGTH)
+			RR->sw->send(outp,true,0);
+	}
+}
+
+std::vector<MulticastGroup> Network::_allMulticastGroups() const
+{
+	// Assumes _lock is locked
+
+	std::vector<MulticastGroup> mgs;
+	mgs.reserve(_myMulticastGroups.size() + _multicastGroupsBehindMe.size() + 1);
+	mgs.insert(mgs.end(),_myMulticastGroups.begin(),_myMulticastGroups.end());
+	_multicastGroupsBehindMe.appendKeys(mgs);
+	if ((_config)&&(_config.enableBroadcast()))
+		mgs.push_back(Network::BROADCAST);
+	std::sort(mgs.begin(),mgs.end());
+	mgs.erase(std::unique(mgs.begin(),mgs.end()),mgs.end());
+
+	return mgs;
+}
+
+} // namespace ZeroTier
diff --git a/node/Network.hpp b/node/Network.hpp
new file mode 100644
index 0000000..17eed4b
--- /dev/null
+++ b/node/Network.hpp
@@ -0,0 +1,341 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_NETWORK_HPP
+#define ZT_NETWORK_HPP
+
+#include <stdint.h>
+
+#include "../include/ZeroTierOne.h"
+
+#include <string>
+#include <map>
+#include <vector>
+#include <algorithm>
+#include <stdexcept>
+
+#include "Constants.hpp"
+#include "NonCopyable.hpp"
+#include "Hashtable.hpp"
+#include "Address.hpp"
+#include "Mutex.hpp"
+#include "SharedPtr.hpp"
+#include "AtomicCounter.hpp"
+#include "MulticastGroup.hpp"
+#include "MAC.hpp"
+#include "Dictionary.hpp"
+#include "Multicaster.hpp"
+#include "NetworkConfig.hpp"
+#include "CertificateOfMembership.hpp"
+
+namespace ZeroTier {
+
+class RuntimeEnvironment;
+class Peer;
+class _MulticastAnnounceAll;
+
+/**
+ * A virtual LAN
+ */
+class Network : NonCopyable
+{
+	friend class SharedPtr<Network>;
+	friend class _MulticastAnnounceAll; // internal function object
+
+public:
+	/**
+	 * Broadcast multicast group: ff:ff:ff:ff:ff:ff / 0
+	 */
+	static const MulticastGroup BROADCAST;
+
+	/**
+	 * Construct a new network
+	 *
+	 * Note that init() should be called immediately after the network is
+	 * constructed to actually configure the port.
+	 *
+	 * @param renv Runtime environment
+	 * @param nwid Network ID
+	 * @param uptr Arbitrary pointer used by externally-facing API (for user use)
+	 */
+	Network(const RuntimeEnvironment *renv,uint64_t nwid,void *uptr);
+
+	~Network();
+
+	/**
+	 * @return Network ID
+	 */
+	inline uint64_t id() const throw() { return _id; }
+
+	/**
+	 * @return Address of network's controller (most significant 40 bits of ID)
+	 */
+	inline Address controller() const throw() { return Address(_id >> 24); }
+
+	/**
+	 * @param nwid Network ID
+	 * @return Address of network's controller
+	 */
+	static inline Address controllerFor(uint64_t nwid) throw() { return Address(nwid >> 24); }
+
+	/**
+	 * @return Multicast group memberships for this network's port (local, not learned via bridging)
+	 */
+	inline std::vector<MulticastGroup> multicastGroups() const
+	{
+		Mutex::Lock _l(_lock);
+		return _myMulticastGroups;
+	}
+
+	/**
+	 * @return All multicast groups including learned groups that are behind any bridges we're attached to
+	 */
+	inline std::vector<MulticastGroup> allMulticastGroups() const
+	{
+		Mutex::Lock _l(_lock);
+		return _allMulticastGroups();
+	}
+
+	/**
+	 * @param mg Multicast group
+	 * @param includeBridgedGroups If true, also include any groups we've learned via bridging
+	 * @return True if this network endpoint / peer is a member
+	 */
+	bool subscribedToMulticastGroup(const MulticastGroup &mg,bool includeBridgedGroups) const;
+
+	/**
+	 * Subscribe to a multicast group
+	 *
+	 * @param mg New multicast group
+	 */
+	void multicastSubscribe(const MulticastGroup &mg);
+
+	/**
+	 * Unsubscribe from a multicast group
+	 *
+	 * @param mg Multicast group
+	 */
+	void multicastUnsubscribe(const MulticastGroup &mg);
+
+	/**
+	 * Announce multicast groups to a peer if that peer is authorized on this network
+	 *
+	 * @param peer Peer to try to announce multicast groups to
+	 * @return True if peer was authorized and groups were announced
+	 */
+	bool tryAnnounceMulticastGroupsTo(const SharedPtr<Peer> &peer);
+
+	/**
+	 * Apply a NetworkConfig to this network
+	 *
+	 * @param conf Configuration in NetworkConfig form
+	 * @return True if configuration was accepted
+	 */
+	bool applyConfiguration(const NetworkConfig &conf);
+
+	/**
+	 * Set or update this network's configuration
+	 *
+	 * @param nconf Network configuration
+	 * @param saveToDisk IF true (default), write config to disk
+	 * @return 0 -- rejected, 1 -- accepted but not new, 2 -- accepted new config
+	 */
+	int setConfiguration(const NetworkConfig &nconf,bool saveToDisk);
+
+	/**
+	 * Set netconf failure to 'access denied' -- called in IncomingPacket when controller reports this
+	 */
+	inline void setAccessDenied()
+	{
+		Mutex::Lock _l(_lock);
+		_netconfFailure = NETCONF_FAILURE_ACCESS_DENIED;
+	}
+
+	/**
+	 * Set netconf failure to 'not found' -- called by PacketDecider when controller reports this
+	 */
+	inline void setNotFound()
+	{
+		Mutex::Lock _l(_lock);
+		_netconfFailure = NETCONF_FAILURE_NOT_FOUND;
+	}
+
+	/**
+	 * Causes this network to request an updated configuration from its master node now
+	 */
+	void requestConfiguration();
+
+	/**
+	 * @param peer Peer to check
+	 * @return True if peer is allowed to communicate on this network
+	 */
+	inline bool isAllowed(const SharedPtr<Peer> &peer) const
+	{
+		Mutex::Lock _l(_lock);
+		return _isAllowed(peer);
+	}
+
+	/**
+	 * Perform cleanup and possibly save state
+	 */
+	void clean();
+
+	/**
+	 * @return Time of last updated configuration or 0 if none
+	 */
+	inline uint64_t lastConfigUpdate() const throw() { return _lastConfigUpdate; }
+
+	/**
+	 * @return Status of this network
+	 */
+	inline ZT_VirtualNetworkStatus status() const
+	{
+		Mutex::Lock _l(_lock);
+		return _status();
+	}
+
+	/**
+	 * @param ec Buffer to fill with externally-visible network configuration
+	 */
+	inline void externalConfig(ZT_VirtualNetworkConfig *ec) const
+	{
+		Mutex::Lock _l(_lock);
+		_externalConfig(ec);
+	}
+
+	/**
+	 * Get current network config
+	 *
+	 * This returns a const reference to the network config in place, which is safe
+	 * to concurrently access but *may* change during access. Normally this isn't a
+	 * problem, but if it is use configCopy().
+	 *
+	 * @return Network configuration (may be a null config if we don't have one yet)
+	 */
+	inline const NetworkConfig &config() const { return _config; }
+
+	/**
+	 * @return A thread-safe copy of our NetworkConfig instead of a const reference
+	 */
+	inline NetworkConfig configCopy() const
+	{
+		Mutex::Lock _l(_lock);
+		return _config;
+	}
+
+	/**
+	 * @return True if this network has a valid config
+	 */
+	inline bool hasConfig() const { return (_config); }
+
+	/**
+	 * @return Ethernet MAC address for this network's local interface
+	 */
+	inline const MAC &mac() const throw() { return _mac; }
+
+	/**
+	 * Find the node on this network that has this MAC behind it (if any)
+	 *
+	 * @param mac MAC address
+	 * @return ZeroTier address of bridge to this MAC
+	 */
+	inline Address findBridgeTo(const MAC &mac) const
+	{
+		Mutex::Lock _l(_lock);
+		const Address *const br = _remoteBridgeRoutes.get(mac);
+		if (br)
+			return *br;
+		return Address();
+	}
+
+	/**
+	 * Set a bridge route
+	 *
+	 * @param mac MAC address of destination
+	 * @param addr Bridge this MAC is reachable behind
+	 */
+	void learnBridgeRoute(const MAC &mac,const Address &addr);
+
+	/**
+	 * Learn a multicast group that is bridged to our tap device
+	 *
+	 * @param mg Multicast group
+	 * @param now Current time
+	 */
+	void learnBridgedMulticastGroup(const MulticastGroup &mg,uint64_t now);
+
+	/**
+	 * Destroy this network
+	 *
+	 * This causes the network to disable itself, destroy its tap device, and on
+	 * delete to delete all trace of itself on disk and remove any persistent tap
+	 * device instances. Call this when a network is being removed from the system.
+	 */
+	void destroy();
+
+	/**
+	 * @return Pointer to user PTR (modifiable user ptr used in API)
+	 */
+	inline void **userPtr() throw() { return &_uPtr; }
+
+	inline bool operator==(const Network &n) const throw() { return (_id == n._id); }
+	inline bool operator!=(const Network &n) const throw() { return (_id != n._id); }
+	inline bool operator<(const Network &n) const throw() { return (_id < n._id); }
+	inline bool operator>(const Network &n) const throw() { return (_id > n._id); }
+	inline bool operator<=(const Network &n) const throw() { return (_id <= n._id); }
+	inline bool operator>=(const Network &n) const throw() { return (_id >= n._id); }
+
+private:
+	ZT_VirtualNetworkStatus _status() const;
+	void _externalConfig(ZT_VirtualNetworkConfig *ec) const; // assumes _lock is locked
+	bool _isAllowed(const SharedPtr<Peer> &peer) const;
+	void _announceMulticastGroups();
+	void _announceMulticastGroupsTo(const SharedPtr<Peer> &peer,const std::vector<MulticastGroup> &allMulticastGroups) const;
+	std::vector<MulticastGroup> _allMulticastGroups() const;
+
+	const RuntimeEnvironment *RR;
+	void *_uPtr;
+	uint64_t _id;
+	MAC _mac; // local MAC address
+	volatile bool _portInitialized;
+
+	std::vector< MulticastGroup > _myMulticastGroups; // multicast groups that we belong to (according to tap)
+	Hashtable< MulticastGroup,uint64_t > _multicastGroupsBehindMe; // multicast groups that seem to be behind us and when we last saw them (if we are a bridge)
+	Hashtable< MAC,Address > _remoteBridgeRoutes; // remote addresses where given MACs are reachable (for tracking devices behind remote bridges)
+
+	NetworkConfig _config;
+	volatile uint64_t _lastConfigUpdate;
+
+	volatile bool _destroyed;
+
+	enum {
+		NETCONF_FAILURE_NONE,
+		NETCONF_FAILURE_ACCESS_DENIED,
+		NETCONF_FAILURE_NOT_FOUND,
+		NETCONF_FAILURE_INIT_FAILED
+	} _netconfFailure;
+	volatile int _portError; // return value from port config callback
+
+	Mutex _lock;
+
+	AtomicCounter __refCount;
+};
+
+} // naemspace ZeroTier
+
+#endif
diff --git a/node/NetworkConfig.cpp b/node/NetworkConfig.cpp
new file mode 100644
index 0000000..9d5c5f1
--- /dev/null
+++ b/node/NetworkConfig.cpp
@@ -0,0 +1,501 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdint.h>
+
+#include "NetworkConfig.hpp"
+#include "Utils.hpp"
+
+namespace ZeroTier {
+
+bool NetworkConfig::toDictionary(Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> &d,bool includeLegacy) const
+{
+	Buffer<ZT_NETWORKCONFIG_DICT_CAPACITY> tmp;
+
+	d.clear();
+
+	// Try to put the more human-readable fields first
+
+	if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_VERSION,(uint64_t)ZT_NETWORKCONFIG_VERSION)) return false;
+	if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_NETWORK_ID,this->networkId)) return false;
+	if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_TIMESTAMP,this->timestamp)) return false;
+	if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_REVISION,this->revision)) return false;
+	if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_ISSUED_TO,this->issuedTo)) return false;
+	if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_FLAGS,this->flags)) return false;
+	if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_MULTICAST_LIMIT,(uint64_t)this->multicastLimit)) return false;
+	if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_TYPE,(uint64_t)this->type)) return false;
+	if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_NAME,this->name)) return false;
+
+#ifdef ZT_SUPPORT_OLD_STYLE_NETCONF
+	if (includeLegacy) {
+		if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_ALLOW_PASSIVE_BRIDGING_OLD,this->allowPassiveBridging())) return false;
+		if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_ENABLE_BROADCAST_OLD,this->enableBroadcast())) return false;
+		if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_PRIVATE_OLD,this->isPrivate())) return false;
+
+		std::string v4s;
+		for(unsigned int i=0;i<staticIpCount;++i) {
+			if (this->staticIps[i].ss_family == AF_INET) {
+				if (v4s.length() > 0)
+					v4s.push_back(',');
+				v4s.append(this->staticIps[i].toString());
+			}
+		}
+		if (v4s.length() > 0) {
+			if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_IPV4_STATIC_OLD,v4s.c_str())) return false;
+		}
+		std::string v6s;
+		for(unsigned int i=0;i<staticIpCount;++i) {
+			if (this->staticIps[i].ss_family == AF_INET6) {
+				if (v6s.length() > 0)
+					v6s.push_back(',');
+				v6s.append(this->staticIps[i].toString());
+			}
+		}
+		if (v6s.length() > 0) {
+			if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_IPV6_STATIC_OLD,v6s.c_str())) return false;
+		}
+
+		std::string ets;
+		unsigned int et = 0;
+		ZT_VirtualNetworkRuleType lastrt = ZT_NETWORK_RULE_ACTION_ACCEPT;
+		for(unsigned int i=0;i<ruleCount;++i) {
+			ZT_VirtualNetworkRuleType rt = (ZT_VirtualNetworkRuleType)(rules[i].t & 0x7f);
+			if (rt == ZT_NETWORK_RULE_MATCH_ETHERTYPE) {
+				et = rules[i].v.etherType;
+			} else if (rt == ZT_NETWORK_RULE_ACTION_ACCEPT) {
+				if (((int)lastrt < 32)||(lastrt == ZT_NETWORK_RULE_MATCH_ETHERTYPE)) {
+					if (ets.length() > 0)
+						ets.push_back(',');
+					char tmp[16];
+					Utils::snprintf(tmp,sizeof(tmp),"%x",et);
+					ets.append(tmp);
+				}
+				et = 0;
+			}
+			lastrt = rt;
+		}
+		if (ets.length() > 0) {
+			if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_ALLOWED_ETHERNET_TYPES_OLD,ets.c_str())) return false;
+		}
+
+		if (this->com) {
+			if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_CERTIFICATE_OF_MEMBERSHIP_OLD,this->com.toString().c_str())) return false;
+		}
+
+		std::string ab;
+		for(unsigned int i=0;i<this->specialistCount;++i) {
+			if ((this->specialists[i] & ZT_NETWORKCONFIG_SPECIALIST_TYPE_ACTIVE_BRIDGE) != 0) {
+				if (ab.length() > 0)
+					ab.push_back(',');
+				ab.append(Address(this->specialists[i]).toString().c_str());
+			}
+		}
+		if (ab.length() > 0) {
+			if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_ACTIVE_BRIDGES_OLD,ab.c_str())) return false;
+		}
+
+		std::vector<Relay> rvec(this->relays());
+		std::string rl;
+		for(std::vector<Relay>::const_iterator i(rvec.begin());i!=rvec.end();++i) {
+			if (rl.length() > 0)
+				rl.push_back(',');
+			rl.append(i->address.toString());
+			if (i->phy4) {
+				rl.push_back(';');
+				rl.append(i->phy4.toString());
+			} else if (i->phy6) {
+				rl.push_back(';');
+				rl.append(i->phy6.toString());
+			}
+		}
+		if (rl.length() > 0) {
+			if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_RELAYS_OLD,rl.c_str())) return false;
+		}
+	}
+#endif // ZT_SUPPORT_OLD_STYLE_NETCONF
+
+	// Then add binary blobs
+
+	if (this->com) {
+		tmp.clear();
+		this->com.serialize(tmp);
+		if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_COM,tmp)) return false;
+	}
+
+	tmp.clear();
+	for(unsigned int i=0;i<this->specialistCount;++i) {
+		tmp.append((uint64_t)this->specialists[i]);
+	}
+	if (tmp.size()) {
+		if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_SPECIALISTS,tmp)) return false;
+	}
+
+	tmp.clear();
+	for(unsigned int i=0;i<this->routeCount;++i) {
+		reinterpret_cast<const InetAddress *>(&(this->routes[i].target))->serialize(tmp);
+		reinterpret_cast<const InetAddress *>(&(this->routes[i].via))->serialize(tmp);
+		tmp.append((uint16_t)this->routes[i].flags);
+		tmp.append((uint16_t)this->routes[i].metric);
+	}
+	if (tmp.size()) {
+		if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_ROUTES,tmp)) return false;
+	}
+
+	tmp.clear();
+	for(unsigned int i=0;i<this->staticIpCount;++i) {
+		this->staticIps[i].serialize(tmp);
+	}
+	if (tmp.size()) {
+		if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_STATIC_IPS,tmp)) return false;
+	}
+
+	tmp.clear();
+	for(unsigned int i=0;i<this->pinnedCount;++i) {
+		this->pinned[i].zt.appendTo(tmp);
+		this->pinned[i].phy.serialize(tmp);
+	}
+	if (tmp.size()) {
+		if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_PINNED,tmp)) return false;
+	}
+
+	tmp.clear();
+	for(unsigned int i=0;i<this->ruleCount;++i) {
+		tmp.append((uint8_t)rules[i].t);
+		switch((ZT_VirtualNetworkRuleType)(rules[i].t & 0x7f)) {
+			//case ZT_NETWORK_RULE_ACTION_DROP:
+			//case ZT_NETWORK_RULE_ACTION_ACCEPT:
+			default:
+				tmp.append((uint8_t)0);
+				break;
+			case ZT_NETWORK_RULE_ACTION_TEE:
+			case ZT_NETWORK_RULE_ACTION_REDIRECT:
+			case ZT_NETWORK_RULE_MATCH_SOURCE_ZEROTIER_ADDRESS:
+			case ZT_NETWORK_RULE_MATCH_DEST_ZEROTIER_ADDRESS:
+				tmp.append((uint8_t)5);
+				Address(rules[i].v.zt).appendTo(tmp);
+				break;
+			case ZT_NETWORK_RULE_MATCH_VLAN_ID:
+				tmp.append((uint8_t)2);
+				tmp.append((uint16_t)rules[i].v.vlanId);
+				break;
+			case ZT_NETWORK_RULE_MATCH_VLAN_PCP:
+				tmp.append((uint8_t)1);
+				tmp.append((uint8_t)rules[i].v.vlanPcp);
+				break;
+			case ZT_NETWORK_RULE_MATCH_VLAN_DEI:
+				tmp.append((uint8_t)1);
+				tmp.append((uint8_t)rules[i].v.vlanDei);
+				break;
+			case ZT_NETWORK_RULE_MATCH_ETHERTYPE:
+				tmp.append((uint8_t)2);
+				tmp.append((uint16_t)rules[i].v.etherType);
+				break;
+			case ZT_NETWORK_RULE_MATCH_MAC_SOURCE:
+			case ZT_NETWORK_RULE_MATCH_MAC_DEST:
+				tmp.append((uint8_t)6);
+				tmp.append(rules[i].v.mac,6);
+				break;
+			case ZT_NETWORK_RULE_MATCH_IPV4_SOURCE:
+			case ZT_NETWORK_RULE_MATCH_IPV4_DEST:
+				tmp.append((uint8_t)5);
+				tmp.append(&(rules[i].v.ipv4.ip),4);
+				tmp.append((uint8_t)rules[i].v.ipv4.mask);
+				break;
+			case ZT_NETWORK_RULE_MATCH_IPV6_SOURCE:
+			case ZT_NETWORK_RULE_MATCH_IPV6_DEST:
+				tmp.append((uint8_t)17);
+				tmp.append(rules[i].v.ipv6.ip,16);
+				tmp.append((uint8_t)rules[i].v.ipv6.mask);
+				break;
+			case ZT_NETWORK_RULE_MATCH_IP_TOS:
+				tmp.append((uint8_t)1);
+				tmp.append((uint8_t)rules[i].v.ipTos);
+				break;
+			case ZT_NETWORK_RULE_MATCH_IP_PROTOCOL:
+				tmp.append((uint8_t)1);
+				tmp.append((uint8_t)rules[i].v.ipProtocol);
+				break;
+			case ZT_NETWORK_RULE_MATCH_IP_SOURCE_PORT_RANGE:
+			case ZT_NETWORK_RULE_MATCH_IP_DEST_PORT_RANGE:
+				tmp.append((uint8_t)4);
+				tmp.append((uint16_t)rules[i].v.port[0]);
+				tmp.append((uint16_t)rules[i].v.port[1]);
+				break;
+			case ZT_NETWORK_RULE_MATCH_CHARACTERISTICS:
+				tmp.append((uint8_t)8);
+				tmp.append((uint64_t)rules[i].v.characteristics);
+				break;
+			case ZT_NETWORK_RULE_MATCH_FRAME_SIZE_RANGE:
+				tmp.append((uint8_t)4);
+				tmp.append((uint16_t)rules[i].v.frameSize[0]);
+				tmp.append((uint16_t)rules[i].v.frameSize[1]);
+				break;
+			case ZT_NETWORK_RULE_MATCH_TCP_RELATIVE_SEQUENCE_NUMBER_RANGE:
+				tmp.append((uint8_t)8);
+				tmp.append((uint32_t)rules[i].v.tcpseq[0]);
+				tmp.append((uint32_t)rules[i].v.tcpseq[1]);
+				break;
+			case ZT_NETWORK_RULE_MATCH_COM_FIELD_GE:
+			case ZT_NETWORK_RULE_MATCH_COM_FIELD_LE:
+				tmp.append((uint8_t)16);
+				tmp.append((uint64_t)rules[i].v.comIV[0]);
+				tmp.append((uint64_t)rules[i].v.comIV[1]);
+				break;
+		}
+	}
+	if (tmp.size()) {
+		if (!d.add(ZT_NETWORKCONFIG_DICT_KEY_RULES,tmp)) return false;
+	}
+
+	return true;
+}
+
+bool NetworkConfig::fromDictionary(const Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> &d)
+{
+	try {
+		Buffer<ZT_NETWORKCONFIG_DICT_CAPACITY> tmp;
+		char tmp2[ZT_NETWORKCONFIG_DICT_CAPACITY];
+
+		memset(this,0,sizeof(NetworkConfig));
+
+		// Fields that are always present, new or old
+		this->networkId = d.getUI(ZT_NETWORKCONFIG_DICT_KEY_NETWORK_ID,0);
+		if (!this->networkId)
+			return false;
+		this->timestamp = d.getUI(ZT_NETWORKCONFIG_DICT_KEY_TIMESTAMP,0);
+		this->revision = d.getUI(ZT_NETWORKCONFIG_DICT_KEY_REVISION,0);
+		this->issuedTo = d.getUI(ZT_NETWORKCONFIG_DICT_KEY_ISSUED_TO,0);
+		if (!this->issuedTo)
+			return false;
+		this->multicastLimit = (unsigned int)d.getUI(ZT_NETWORKCONFIG_DICT_KEY_MULTICAST_LIMIT,0);
+		d.get(ZT_NETWORKCONFIG_DICT_KEY_NAME,this->name,sizeof(this->name));
+
+		if (d.getUI(ZT_NETWORKCONFIG_DICT_KEY_VERSION,0) < 6) {
+	#ifdef ZT_SUPPORT_OLD_STYLE_NETCONF
+			// Decode legacy fields if version is old
+			if (d.getB(ZT_NETWORKCONFIG_DICT_KEY_ALLOW_PASSIVE_BRIDGING_OLD))
+				this->flags |= ZT_NETWORKCONFIG_FLAG_ALLOW_PASSIVE_BRIDGING;
+			if (d.getB(ZT_NETWORKCONFIG_DICT_KEY_ENABLE_BROADCAST_OLD))
+				this->flags |= ZT_NETWORKCONFIG_FLAG_ENABLE_BROADCAST;
+			this->flags |= ZT_NETWORKCONFIG_FLAG_ENABLE_IPV6_NDP_EMULATION; // always enable for old-style netconf
+			this->type = (d.getB(ZT_NETWORKCONFIG_DICT_KEY_PRIVATE_OLD,true)) ? ZT_NETWORK_TYPE_PRIVATE : ZT_NETWORK_TYPE_PUBLIC;
+
+			if (d.get(ZT_NETWORKCONFIG_DICT_KEY_IPV4_STATIC_OLD,tmp2,sizeof(tmp2)) > 0) {
+				char *saveptr = (char *)0;
+				for(char *f=Utils::stok(tmp2,",",&saveptr);(f);f=Utils::stok((char *)0,",",&saveptr)) {
+					if (this->staticIpCount >= ZT_MAX_ZT_ASSIGNED_ADDRESSES) break;
+					InetAddress ip(f);
+					if (!ip.isNetwork())
+						this->staticIps[this->staticIpCount++] = ip;
+				}
+			}
+			if (d.get(ZT_NETWORKCONFIG_DICT_KEY_IPV6_STATIC_OLD,tmp2,sizeof(tmp2)) > 0) {
+				char *saveptr = (char *)0;
+				for(char *f=Utils::stok(tmp2,",",&saveptr);(f);f=Utils::stok((char *)0,",",&saveptr)) {
+					if (this->staticIpCount >= ZT_MAX_ZT_ASSIGNED_ADDRESSES) break;
+					InetAddress ip(f);
+					if (!ip.isNetwork())
+						this->staticIps[this->staticIpCount++] = ip;
+				}
+			}
+
+			if (d.get(ZT_NETWORKCONFIG_DICT_KEY_CERTIFICATE_OF_MEMBERSHIP_OLD,tmp2,sizeof(tmp2)) > 0) {
+				this->com.fromString(tmp2);
+			}
+
+			if (d.get(ZT_NETWORKCONFIG_DICT_KEY_ALLOWED_ETHERNET_TYPES_OLD,tmp2,sizeof(tmp2)) > 0) {
+				char *saveptr = (char *)0;
+				for(char *f=Utils::stok(tmp2,",",&saveptr);(f);f=Utils::stok((char *)0,",",&saveptr)) {
+					unsigned int et = Utils::hexStrToUInt(f) & 0xffff;
+					if ((this->ruleCount + 2) > ZT_MAX_NETWORK_RULES) break;
+					if (et > 0) {
+						this->rules[this->ruleCount].t = (uint8_t)ZT_NETWORK_RULE_MATCH_ETHERTYPE;
+						this->rules[this->ruleCount].v.etherType = (uint16_t)et;
+						++this->ruleCount;
+					}
+					this->rules[this->ruleCount++].t = (uint8_t)ZT_NETWORK_RULE_ACTION_ACCEPT;
+				}
+			} else {
+				this->rules[0].t = ZT_NETWORK_RULE_ACTION_ACCEPT;
+				this->ruleCount = 1;
+			}
+
+			if (d.get(ZT_NETWORKCONFIG_DICT_KEY_ACTIVE_BRIDGES_OLD,tmp2,sizeof(tmp2)) > 0) {
+				char *saveptr = (char *)0;
+				for(char *f=Utils::stok(tmp2,",",&saveptr);(f);f=Utils::stok((char *)0,",",&saveptr)) {
+					this->addSpecialist(Address(f),ZT_NETWORKCONFIG_SPECIALIST_TYPE_ACTIVE_BRIDGE);
+				}
+			}
+
+			if (d.get(ZT_NETWORKCONFIG_DICT_KEY_RELAYS_OLD,tmp2,sizeof(tmp2)) > 0) {
+				char *saveptr = (char *)0;
+				for(char *f=Utils::stok(tmp2,",",&saveptr);(f);f=Utils::stok((char *)0,",",&saveptr)) {
+					char tmp3[256];
+					Utils::scopy(tmp3,sizeof(tmp3),f);
+
+					InetAddress phy;
+					char *semi = tmp3;
+					while (*semi) {
+						if (*semi == ';') {
+							*semi = (char)0;
+							++semi;
+							phy = InetAddress(semi);
+						} else ++semi;
+					}
+					Address zt(tmp3);
+
+					this->addSpecialist(zt,ZT_NETWORKCONFIG_SPECIALIST_TYPE_NETWORK_PREFERRED_RELAY);
+					if ((phy)&&(this->pinnedCount < ZT_MAX_NETWORK_PINNED)) {
+						this->pinned[this->pinnedCount].zt = zt;
+						this->pinned[this->pinnedCount].phy = phy;
+						++this->pinnedCount;
+					}
+				}
+			}
+	#else
+			return false;
+	#endif // ZT_SUPPORT_OLD_STYLE_NETCONF
+		} else {
+			// Otherwise we can use the new fields
+			this->flags = d.getUI(ZT_NETWORKCONFIG_DICT_KEY_FLAGS,0);
+			this->type = (ZT_VirtualNetworkType)d.getUI(ZT_NETWORKCONFIG_DICT_KEY_TYPE,(uint64_t)ZT_NETWORK_TYPE_PRIVATE);
+
+			if (d.get(ZT_NETWORKCONFIG_DICT_KEY_COM,tmp)) {
+				this->com.deserialize(tmp,0);
+			}
+
+			if (d.get(ZT_NETWORKCONFIG_DICT_KEY_SPECIALISTS,tmp)) {
+				unsigned int p = 0;
+				while (((p + 8) <= tmp.size())&&(specialistCount < ZT_MAX_NETWORK_SPECIALISTS)) {
+					this->specialists[this->specialistCount++] = tmp.at<uint64_t>(p);
+					p += 8;
+				}
+			}
+
+			if (d.get(ZT_NETWORKCONFIG_DICT_KEY_ROUTES,tmp)) {
+				unsigned int p = 0;
+				while ((p < tmp.size())&&(routeCount < ZT_MAX_NETWORK_ROUTES)) {
+					p += reinterpret_cast<InetAddress *>(&(this->routes[this->routeCount].target))->deserialize(tmp,p);
+					p += reinterpret_cast<InetAddress *>(&(this->routes[this->routeCount].via))->deserialize(tmp,p);
+					this->routes[this->routeCount].flags = tmp.at<uint16_t>(p); p += 2;
+					this->routes[this->routeCount].metric = tmp.at<uint16_t>(p); p += 2;
+					++this->routeCount;
+				}
+			}
+
+			if (d.get(ZT_NETWORKCONFIG_DICT_KEY_STATIC_IPS,tmp)) {
+				unsigned int p = 0;
+				while ((p < tmp.size())&&(staticIpCount < ZT_MAX_ZT_ASSIGNED_ADDRESSES)) {
+					p += this->staticIps[this->staticIpCount++].deserialize(tmp,p);
+				}
+			}
+
+			if (d.get(ZT_NETWORKCONFIG_DICT_KEY_PINNED,tmp)) {
+				unsigned int p = 0;
+				while ((p < tmp.size())&&(pinnedCount < ZT_MAX_NETWORK_PINNED)) {
+					this->pinned[this->pinnedCount].zt.setTo(tmp.field(p,ZT_ADDRESS_LENGTH),ZT_ADDRESS_LENGTH); p += ZT_ADDRESS_LENGTH;
+					p += this->pinned[this->pinnedCount].phy.deserialize(tmp,p);
+					++this->pinnedCount;
+				}
+			}
+
+			if (d.get(ZT_NETWORKCONFIG_DICT_KEY_RULES,tmp)) {
+				unsigned int p = 0;
+				while ((p < tmp.size())&&(ruleCount < ZT_MAX_NETWORK_RULES)) {
+					rules[ruleCount].t = (uint8_t)tmp[p++];
+					unsigned int fieldLen = (unsigned int)tmp[p++];
+					switch((ZT_VirtualNetworkRuleType)(rules[ruleCount].t & 0x7f)) {
+						default:
+							break;
+						case ZT_NETWORK_RULE_ACTION_TEE:
+						case ZT_NETWORK_RULE_ACTION_REDIRECT:
+						case ZT_NETWORK_RULE_MATCH_SOURCE_ZEROTIER_ADDRESS:
+						case ZT_NETWORK_RULE_MATCH_DEST_ZEROTIER_ADDRESS:
+							rules[ruleCount].v.zt = Address(tmp.field(p,ZT_ADDRESS_LENGTH),ZT_ADDRESS_LENGTH).toInt();
+							break;
+						case ZT_NETWORK_RULE_MATCH_VLAN_ID:
+							rules[ruleCount].v.vlanId = tmp.at<uint16_t>(p);
+							break;
+						case ZT_NETWORK_RULE_MATCH_VLAN_PCP:
+							rules[ruleCount].v.vlanPcp = (uint8_t)tmp[p];
+							break;
+						case ZT_NETWORK_RULE_MATCH_VLAN_DEI:
+							rules[ruleCount].v.vlanDei = (uint8_t)tmp[p];
+							break;
+						case ZT_NETWORK_RULE_MATCH_ETHERTYPE:
+							rules[ruleCount].v.etherType = tmp.at<uint16_t>(p);
+							break;
+						case ZT_NETWORK_RULE_MATCH_MAC_SOURCE:
+						case ZT_NETWORK_RULE_MATCH_MAC_DEST:
+							memcpy(rules[ruleCount].v.mac,tmp.field(p,6),6);
+							break;
+						case ZT_NETWORK_RULE_MATCH_IPV4_SOURCE:
+						case ZT_NETWORK_RULE_MATCH_IPV4_DEST:
+							memcpy(&(rules[ruleCount].v.ipv4.ip),tmp.field(p,4),4);
+							rules[ruleCount].v.ipv4.mask = (uint8_t)tmp[p + 4];
+							break;
+						case ZT_NETWORK_RULE_MATCH_IPV6_SOURCE:
+						case ZT_NETWORK_RULE_MATCH_IPV6_DEST:
+							memcpy(rules[ruleCount].v.ipv6.ip,tmp.field(p,16),16);
+							rules[ruleCount].v.ipv6.mask = (uint8_t)tmp[p + 16];
+							break;
+						case ZT_NETWORK_RULE_MATCH_IP_TOS:
+							rules[ruleCount].v.ipTos = (uint8_t)tmp[p];
+							break;
+						case ZT_NETWORK_RULE_MATCH_IP_PROTOCOL:
+							rules[ruleCount].v.ipProtocol = (uint8_t)tmp[p];
+							break;
+						case ZT_NETWORK_RULE_MATCH_IP_SOURCE_PORT_RANGE:
+						case ZT_NETWORK_RULE_MATCH_IP_DEST_PORT_RANGE:
+							rules[ruleCount].v.port[0] = tmp.at<uint16_t>(p);
+							rules[ruleCount].v.port[1] = tmp.at<uint16_t>(p + 2);
+							break;
+						case ZT_NETWORK_RULE_MATCH_CHARACTERISTICS:
+							rules[ruleCount].v.characteristics = tmp.at<uint64_t>(p);
+							break;
+						case ZT_NETWORK_RULE_MATCH_FRAME_SIZE_RANGE:
+							rules[ruleCount].v.frameSize[0] = tmp.at<uint16_t>(p);
+							rules[ruleCount].v.frameSize[0] = tmp.at<uint16_t>(p + 2);
+							break;
+						case ZT_NETWORK_RULE_MATCH_TCP_RELATIVE_SEQUENCE_NUMBER_RANGE:
+							rules[ruleCount].v.tcpseq[0] = tmp.at<uint32_t>(p);
+							rules[ruleCount].v.tcpseq[1] = tmp.at<uint32_t>(p + 4);
+							break;
+						case ZT_NETWORK_RULE_MATCH_COM_FIELD_GE:
+						case ZT_NETWORK_RULE_MATCH_COM_FIELD_LE:
+							rules[ruleCount].v.comIV[0] = tmp.at<uint64_t>(p);
+							rules[ruleCount].v.comIV[1] = tmp.at<uint64_t>(p + 8);
+							break;
+					}
+					p += fieldLen;
+					++ruleCount;
+				}
+			}
+		}
+
+		//printf("~~~\n%s\n~~~\n",d.data());
+		//dump();
+		//printf("~~~\n");
+
+		return true;
+	} catch ( ... ) {
+		return false;
+	}
+}
+
+} // namespace ZeroTier
diff --git a/node/NetworkConfig.hpp b/node/NetworkConfig.hpp
new file mode 100644
index 0000000..5271c5a
--- /dev/null
+++ b/node/NetworkConfig.hpp
@@ -0,0 +1,563 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_NETWORKCONFIG_HPP
+#define ZT_NETWORKCONFIG_HPP
+
+#include <stdint.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <vector>
+#include <stdexcept>
+#include <algorithm>
+
+#include "../include/ZeroTierOne.h"
+
+#include "Constants.hpp"
+#include "Buffer.hpp"
+#include "InetAddress.hpp"
+#include "MulticastGroup.hpp"
+#include "Address.hpp"
+#include "CertificateOfMembership.hpp"
+#include "Dictionary.hpp"
+
+/**
+ * Flag: allow passive bridging (experimental)
+ */
+#define ZT_NETWORKCONFIG_FLAG_ALLOW_PASSIVE_BRIDGING 0x0000000000000001ULL
+
+/**
+ * Flag: enable broadcast
+ */
+#define ZT_NETWORKCONFIG_FLAG_ENABLE_BROADCAST 0x0000000000000002ULL
+
+/**
+ * Flag: enable IPv6 NDP emulation for certain V6 address patterns
+ */
+#define ZT_NETWORKCONFIG_FLAG_ENABLE_IPV6_NDP_EMULATION 0x0000000000000004ULL
+
+/**
+ * Device is a network preferred relay
+ */
+#define ZT_NETWORKCONFIG_SPECIALIST_TYPE_NETWORK_PREFERRED_RELAY 0x0000010000000000ULL
+
+/**
+ * Device is an active bridge
+ */
+#define ZT_NETWORKCONFIG_SPECIALIST_TYPE_ACTIVE_BRIDGE 0x0000020000000000ULL
+
+/**
+ * An anchor is a device that is willing to be one and has been online/stable for a long time on this network
+ */
+#define ZT_NETWORKCONFIG_SPECIALIST_TYPE_ANCHOR 0x0000040000000000ULL
+
+namespace ZeroTier {
+
+// Maximum size of a network config dictionary (can be increased)
+#define ZT_NETWORKCONFIG_DICT_CAPACITY 8194
+
+// Network config version
+#define ZT_NETWORKCONFIG_VERSION 6
+
+// Fields for meta-data sent with network config requests
+#define ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_VERSION "v"
+#define ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_PROTOCOL_VERSION "pv"
+#define ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_MAJOR_VERSION "majv"
+#define ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_MINOR_VERSION "minv"
+#define ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_REVISION "revv"
+
+// These dictionary keys are short so they don't take up much room.
+
+// network config version
+#define ZT_NETWORKCONFIG_DICT_KEY_VERSION "v"
+// network ID
+#define ZT_NETWORKCONFIG_DICT_KEY_NETWORK_ID "nwid"
+// integer(hex)
+#define ZT_NETWORKCONFIG_DICT_KEY_TIMESTAMP "ts"
+// integer(hex)
+#define ZT_NETWORKCONFIG_DICT_KEY_REVISION "r"
+// address of member
+#define ZT_NETWORKCONFIG_DICT_KEY_ISSUED_TO "id"
+// flags(hex)
+#define ZT_NETWORKCONFIG_DICT_KEY_FLAGS "f"
+// integer(hex)
+#define ZT_NETWORKCONFIG_DICT_KEY_MULTICAST_LIMIT "ml"
+// network type (hex)
+#define ZT_NETWORKCONFIG_DICT_KEY_TYPE "t"
+// text
+#define ZT_NETWORKCONFIG_DICT_KEY_NAME "n"
+// binary serialized certificate of membership
+#define ZT_NETWORKCONFIG_DICT_KEY_COM "C"
+// specialists (binary array of uint64_t)
+#define ZT_NETWORKCONFIG_DICT_KEY_SPECIALISTS "S"
+// routes (binary blob)
+#define ZT_NETWORKCONFIG_DICT_KEY_ROUTES "RT"
+// static IPs (binary blob)
+#define ZT_NETWORKCONFIG_DICT_KEY_STATIC_IPS "I"
+// pinned address physical route mappings (binary blob)
+#define ZT_NETWORKCONFIG_DICT_KEY_PINNED "P"
+// rules (binary blob)
+#define ZT_NETWORKCONFIG_DICT_KEY_RULES "R"
+
+// Legacy fields -- these are obsoleted but are included when older clients query
+
+// boolean (now a flag)
+#define ZT_NETWORKCONFIG_DICT_KEY_ALLOW_PASSIVE_BRIDGING_OLD "pb"
+// boolean (now a flag)
+#define ZT_NETWORKCONFIG_DICT_KEY_ENABLE_BROADCAST_OLD "eb"
+// IP/bits[,IP/bits,...]
+// Note that IPs that end in all zeroes are routes with no assignment in them.
+#define ZT_NETWORKCONFIG_DICT_KEY_IPV4_STATIC_OLD "v4s"
+// IP/bits[,IP/bits,...]
+// Note that IPs that end in all zeroes are routes with no assignment in them.
+#define ZT_NETWORKCONFIG_DICT_KEY_IPV6_STATIC_OLD "v6s"
+// 0/1
+#define ZT_NETWORKCONFIG_DICT_KEY_PRIVATE_OLD "p"
+// integer(hex)[,integer(hex),...]
+#define ZT_NETWORKCONFIG_DICT_KEY_ALLOWED_ETHERNET_TYPES_OLD "et"
+// string-serialized CertificateOfMembership
+#define ZT_NETWORKCONFIG_DICT_KEY_CERTIFICATE_OF_MEMBERSHIP_OLD "com"
+// node[,node,...]
+#define ZT_NETWORKCONFIG_DICT_KEY_ACTIVE_BRIDGES_OLD "ab"
+// node;IP/port[,node;IP/port]
+#define ZT_NETWORKCONFIG_DICT_KEY_RELAYS_OLD "rl"
+
+/**
+ * Network configuration received from network controller nodes
+ *
+ * This is a memcpy()'able structure and is safe (in a crash sense) to modify
+ * without locks.
+ */
+class NetworkConfig
+{
+public:
+	/**
+	 * Network preferred relay with optional physical endpoint addresses
+	 *
+	 * This is used by the convenience relays() method.
+	 */
+	struct Relay
+	{
+		Address address;
+		InetAddress phy4,phy6;
+	};
+
+	/**
+	 * Create an instance of a NetworkConfig for the test network ID
+	 *
+	 * The test network ID is defined as ZT_TEST_NETWORK_ID. This is a
+	 * "fake" network with no real controller and default options.
+	 *
+	 * @param self This node's ZT address
+	 * @return Configuration for test network ID
+	 */
+	static inline NetworkConfig createTestNetworkConfig(const Address &self)
+	{
+		NetworkConfig nc;
+
+		nc.networkId = ZT_TEST_NETWORK_ID;
+		nc.timestamp = 1;
+		nc.revision = 1;
+		nc.issuedTo = self;
+		nc.multicastLimit = ZT_MULTICAST_DEFAULT_LIMIT;
+		nc.flags = ZT_NETWORKCONFIG_FLAG_ENABLE_BROADCAST;
+		nc.type = ZT_NETWORK_TYPE_PUBLIC;
+
+		nc.rules[0].t = ZT_NETWORK_RULE_ACTION_ACCEPT;
+		nc.ruleCount = 1;
+
+		Utils::snprintf(nc.name,sizeof(nc.name),"ZT_TEST_NETWORK");
+
+		// Make up a V4 IP from 'self' in the 10.0.0.0/8 range -- no
+		// guarantee of uniqueness but collisions are unlikely.
+		uint32_t ip = (uint32_t)((self.toInt() & 0x00ffffff) | 0x0a000000); // 10.x.x.x
+		if ((ip & 0x000000ff) == 0x000000ff) ip ^= 0x00000001; // but not ending in .255
+		if ((ip & 0x000000ff) == 0x00000000) ip ^= 0x00000001; // or .0
+		nc.staticIps[0] = InetAddress(Utils::hton(ip),8);
+
+		// Assign an RFC4193-compliant IPv6 address -- will never collide
+		nc.staticIps[1] = InetAddress::makeIpv6rfc4193(ZT_TEST_NETWORK_ID,self.toInt());
+
+		nc.staticIpCount = 2;
+
+		return nc;
+	}
+
+	NetworkConfig()
+	{
+		memset(this,0,sizeof(NetworkConfig));
+	}
+
+	NetworkConfig(const NetworkConfig &nc)
+	{
+		memcpy(this,&nc,sizeof(NetworkConfig));
+	}
+
+	inline NetworkConfig &operator=(const NetworkConfig &nc)
+	{
+		memcpy(this,&nc,sizeof(NetworkConfig));
+		return *this;
+	}
+
+	/**
+	 * @param etherType Ethernet frame type to check
+	 * @return True if allowed on this network
+	 */
+	inline bool permitsEtherType(unsigned int etherType) const
+	{
+		unsigned int et = 0;
+		for(unsigned int i=0;i<ruleCount;++i) {
+			ZT_VirtualNetworkRuleType rt = (ZT_VirtualNetworkRuleType)(rules[i].t & 0x7f);
+			if (rt == ZT_NETWORK_RULE_MATCH_ETHERTYPE) {
+				et = rules[i].v.etherType;
+			} else if (rt == ZT_NETWORK_RULE_ACTION_ACCEPT) {
+				if ((!et)||(et == etherType))
+					return true;
+				et = 0;
+			}
+		}
+		return false;
+	}
+
+	/**
+	 * Write this network config to a dictionary for transport
+	 *
+	 * @param d Dictionary
+	 * @param includeLegacy If true, include legacy fields for old node versions
+	 * @return True if dictionary was successfully created, false if e.g. overflow
+	 */
+	bool toDictionary(Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> &d,bool includeLegacy) const;
+
+	/**
+	 * Read this network config from a dictionary
+	 *
+	 * @param d Dictionary
+	 * @return True if dictionary was valid and network config successfully initialized
+	 */
+	bool fromDictionary(const Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> &d);
+
+	/**
+	 * @return True if passive bridging is allowed (experimental)
+	 */
+	inline bool allowPassiveBridging() const throw() { return ((this->flags & ZT_NETWORKCONFIG_FLAG_ALLOW_PASSIVE_BRIDGING) != 0); }
+
+	/**
+	 * @return True if broadcast (ff:ff:ff:ff:ff:ff) address should work on this network
+	 */
+	inline bool enableBroadcast() const throw() { return ((this->flags & ZT_NETWORKCONFIG_FLAG_ENABLE_BROADCAST) != 0); }
+
+	/**
+	 * @return True if IPv6 NDP emulation should be allowed for certain "magic" IPv6 address patterns
+	 */
+	inline bool ndpEmulation() const throw() { return ((this->flags & ZT_NETWORKCONFIG_FLAG_ENABLE_IPV6_NDP_EMULATION) != 0); }
+
+	/**
+	 * @return Network type is public (no access control)
+	 */
+	inline bool isPublic() const throw() { return (this->type == ZT_NETWORK_TYPE_PUBLIC); }
+
+	/**
+	 * @return Network type is private (certificate access control)
+	 */
+	inline bool isPrivate() const throw() { return (this->type == ZT_NETWORK_TYPE_PRIVATE); }
+
+	/**
+	 * @return ZeroTier addresses of devices on this network designated as active bridges
+	 */
+	inline std::vector<Address> activeBridges() const
+	{
+		std::vector<Address> r;
+		for(unsigned int i=0;i<specialistCount;++i) {
+			if ((specialists[i] & ZT_NETWORKCONFIG_SPECIALIST_TYPE_ACTIVE_BRIDGE) != 0)
+				r.push_back(Address(specialists[i]));
+		}
+		return r;
+	}
+
+	/**
+	 * @return ZeroTier addresses of "anchor" devices on this network
+	 */
+	inline std::vector<Address> anchors() const
+	{
+		std::vector<Address> r;
+		for(unsigned int i=0;i<specialistCount;++i) {
+			if ((specialists[i] & ZT_NETWORKCONFIG_SPECIALIST_TYPE_ANCHOR) != 0)
+				r.push_back(Address(specialists[i]));
+		}
+		return r;
+	}
+
+	/**
+	 * Get pinned physical address for a given ZeroTier address, if any
+	 *
+	 * @param zt ZeroTier address
+	 * @param af Address family (e.g. AF_INET) or 0 for the first we find of any type
+	 * @return Physical address, if any
+	 */
+	inline InetAddress findPinnedAddress(const Address &zt,unsigned int af) const
+	{
+		for(unsigned int i=0;i<pinnedCount;++i) {
+			if (pinned[i].zt == zt) {
+				if ((af == 0)||((unsigned int)pinned[i].phy.ss_family == af))
+					return pinned[i].phy;
+			}
+		}
+		return InetAddress();
+	}
+
+	/**
+	 * This gets network preferred relays with their static physical address if one is defined
+	 *
+	 * @return Network-preferred relays for this network (if none, only roots will be used)
+	 */
+	inline std::vector<Relay> relays() const
+	{
+		std::vector<Relay> r;
+		for(unsigned int i=0;i<specialistCount;++i) {
+			if ((specialists[i] & ZT_NETWORKCONFIG_SPECIALIST_TYPE_NETWORK_PREFERRED_RELAY) != 0) {
+				r.push_back(Relay());
+				r.back().address = specialists[i];
+				r.back().phy4 = findPinnedAddress(r.back().address,AF_INET);
+				r.back().phy6 = findPinnedAddress(r.back().address,AF_INET6);
+			}
+		}
+		return r;
+	}
+
+	/**
+	 * @param fromPeer Peer attempting to bridge other Ethernet peers onto network
+	 * @return True if this network allows bridging
+	 */
+	inline bool permitsBridging(const Address &fromPeer) const
+	{
+		if ((flags & ZT_NETWORKCONFIG_FLAG_ALLOW_PASSIVE_BRIDGING) != 0)
+			return true;
+		for(unsigned int i=0;i<specialistCount;++i) {
+			if ((fromPeer == specialists[i])&&((specialists[i] & ZT_NETWORKCONFIG_SPECIALIST_TYPE_ACTIVE_BRIDGE) != 0))
+				return true;
+		}
+		return false;
+	}
+
+	/**
+	 * Iterate through relays efficiently
+	 *
+	 * @param ptr Value-result parameter -- start by initializing with zero, then call until return is null
+	 * @return Address of relay or NULL if no more
+	 */
+	Address nextRelay(unsigned int &ptr) const
+	{
+		while (ptr < specialistCount) {
+			if ((specialists[ptr] & ZT_NETWORKCONFIG_SPECIALIST_TYPE_NETWORK_PREFERRED_RELAY) != 0) {
+				return Address(specialists[ptr++]);
+			} else {
+				++ptr;
+			}
+		}
+		return Address();
+	}
+
+	/**
+	 * @param zt ZeroTier address
+	 * @return True if this address is a relay
+	 */
+	bool isRelay(const Address &zt) const
+	{
+		for(unsigned int i=0;i<specialistCount;++i) {
+			if ((zt == specialists[i])&&((specialists[i] & ZT_NETWORKCONFIG_SPECIALIST_TYPE_NETWORK_PREFERRED_RELAY) != 0))
+				return true;
+		}
+		return false;
+	}
+
+	/**
+	 * @return True if this network config is non-NULL
+	 */
+	inline operator bool() const throw() { return (networkId != 0); }
+
+	inline bool operator==(const NetworkConfig &nc) const { return (memcmp(this,&nc,sizeof(NetworkConfig)) == 0); }
+	inline bool operator!=(const NetworkConfig &nc) const { return (!(*this == nc)); }
+
+	/*
+	inline void dump() const
+	{
+		printf("networkId==%.16llx\n",networkId);
+		printf("timestamp==%llu\n",timestamp);
+		printf("revision==%llu\n",revision);
+		printf("issuedTo==%.10llx\n",issuedTo.toInt());
+		printf("multicastLimit==%u\n",multicastLimit);
+		printf("flags=%.8lx\n",(unsigned long)flags);
+		printf("specialistCount==%u\n",specialistCount);
+		for(unsigned int i=0;i<specialistCount;++i)
+			printf("  specialists[%u]==%.16llx\n",i,specialists[i]);
+		printf("routeCount==%u\n",routeCount);
+		for(unsigned int i=0;i<routeCount;++i) {
+			printf("  routes[i].target==%s\n",reinterpret_cast<const InetAddress *>(&(routes[i].target))->toString().c_str());
+			printf("  routes[i].via==%s\n",reinterpret_cast<const InetAddress *>(&(routes[i].via))->toIpString().c_str());
+			printf("  routes[i].flags==%.4x\n",(unsigned int)routes[i].flags);
+			printf("  routes[i].metric==%u\n",(unsigned int)routes[i].metric);
+		}
+		printf("staticIpCount==%u\n",staticIpCount);
+		for(unsigned int i=0;i<staticIpCount;++i)
+			printf("  staticIps[i]==%s\n",staticIps[i].toString().c_str());
+		printf("pinnedCount==%u\n",pinnedCount);
+		for(unsigned int i=0;i<pinnedCount;++i) {
+			printf("  pinned[i].zt==%s\n",pinned[i].zt.toString().c_str());
+			printf("  pinned[i].phy==%s\n",pinned[i].phy.toString().c_str());
+		}
+		printf("ruleCount==%u\n",ruleCount);
+		printf("name==%s\n",name);
+		printf("com==%s\n",com.toString().c_str());
+	}
+	*/
+
+	/**
+	 * Add a specialist or mask flags if already present
+	 *
+	 * This masks the existing flags if the specialist is already here or adds
+	 * it otherwise.
+	 *
+	 * @param a Address of specialist
+	 * @param f Flags (OR of specialist role/type flags)
+	 * @return True if successfully masked or added
+	 */
+	inline bool addSpecialist(const Address &a,const uint64_t f)
+	{
+		const uint64_t aint = a.toInt();
+		for(unsigned int i=0;i<specialistCount;++i) {
+			if ((specialists[i] & 0xffffffffffULL) == aint) {
+				specialists[i] |= f;
+				return true;
+			}
+		}
+		if (specialistCount < ZT_MAX_NETWORK_SPECIALISTS) {
+			specialists[specialistCount++] = f | aint;
+			return true;
+		}
+		return false;
+	}
+
+	/**
+	 * Network ID that this configuration applies to
+	 */
+	uint64_t networkId;
+
+	/**
+	 * Controller-side time of config generation/issue
+	 */
+	uint64_t timestamp;
+
+	/**
+	 * Controller-side revision counter for this configuration
+	 */
+	uint64_t revision;
+
+	/**
+	 * Address of device to which this config is issued
+	 */
+	Address issuedTo;
+
+	/**
+	 * Flags (64-bit)
+	 */
+	uint64_t flags;
+
+	/**
+	 * Maximum number of recipients per multicast (not including active bridges)
+	 */
+	unsigned int multicastLimit;
+
+	/**
+	 * Number of specialists
+	 */
+	unsigned int specialistCount;
+
+	/**
+	 * Number of routes
+	 */
+	unsigned int routeCount;
+
+	/**
+	 * Number of ZT-managed static IP assignments
+	 */
+	unsigned int staticIpCount;
+
+	/**
+	 * Number of pinned devices (devices with physical address hints)
+	 */
+	unsigned int pinnedCount;
+
+	/**
+	 * Number of rule table entries
+	 */
+	unsigned int ruleCount;
+
+	/**
+	 * Specialist devices
+	 *
+	 * For each entry the least significant 40 bits are the device's ZeroTier
+	 * address and the most significant 24 bits are flags indicating its role.
+	 */
+	uint64_t specialists[ZT_MAX_NETWORK_SPECIALISTS];
+
+	/**
+	 * Statically defined "pushed" routes (including default gateways)
+	 */
+	ZT_VirtualNetworkRoute routes[ZT_MAX_NETWORK_ROUTES];
+
+	/**
+	 * Static IP assignments
+	 */
+	InetAddress staticIps[ZT_MAX_ZT_ASSIGNED_ADDRESSES];
+
+	/**
+	 * Pinned devices with physical address hints
+	 *
+	 * These can be used to specify a physical address where a given device
+	 * can be reached. It's usually used with network relays (specialists).
+	 */
+	struct {
+		Address zt;
+		InetAddress phy;
+	} pinned[ZT_MAX_NETWORK_PINNED];
+
+	/**
+	 * Rules table
+	 */
+	ZT_VirtualNetworkRule rules[ZT_MAX_NETWORK_RULES];
+
+	/**
+	 * Network type (currently just public or private)
+	 */
+	ZT_VirtualNetworkType type;
+
+	/**
+	 * Network short name or empty string if not defined
+	 */
+	char name[ZT_MAX_NETWORK_SHORT_NAME_LENGTH + 1];
+
+	/**
+	 * Certficiate of membership (for private networks)
+	 */
+	CertificateOfMembership com;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/NetworkController.hpp b/node/NetworkController.hpp
new file mode 100644
index 0000000..fa90fb7
--- /dev/null
+++ b/node/NetworkController.hpp
@@ -0,0 +1,84 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_NETWORKCONFIGMASTER_HPP
+#define ZT_NETWORKCONFIGMASTER_HPP
+
+#include <stdint.h>
+
+#include "Constants.hpp"
+#include "Dictionary.hpp"
+#include "NetworkConfig.hpp"
+
+namespace ZeroTier {
+
+class RuntimeEnvironment;
+class Identity;
+class Address;
+struct InetAddress;
+
+/**
+ * Interface for network controller implementations
+ */
+class NetworkController
+{
+public:
+	/**
+	 * Return value of doNetworkConfigRequest
+	 */
+	enum ResultCode
+	{
+		NETCONF_QUERY_OK = 0,
+		NETCONF_QUERY_OBJECT_NOT_FOUND = 1,
+		NETCONF_QUERY_ACCESS_DENIED = 2,
+		NETCONF_QUERY_INTERNAL_SERVER_ERROR = 3,
+		NETCONF_QUERY_IGNORE = 4
+	};
+
+	NetworkController() {}
+	virtual ~NetworkController() {}
+
+	/**
+	 * Handle a network config request, sending replies if necessary
+	 *
+	 * This call is permitted to block, and may be called concurrently from more
+	 * than one thread. Implementations must use locks if needed.
+	 *
+	 * On internal server errors, the 'error' field in result can be filled in
+	 * to indicate the error.
+	 *
+	 * @param fromAddr Originating wire address or null address if packet is not direct (or from self)
+	 * @param signingId Identity that should be used to sign results -- must include private key
+	 * @param identity Originating peer ZeroTier identity
+	 * @param nwid 64-bit network ID
+	 * @param metaData Meta-data bundled with request (if any)
+	 * @param nc NetworkConfig to fill with results
+	 * @return Returns NETCONF_QUERY_OK if result 'nc' is valid, or an error code on error
+	 */
+	virtual NetworkController::ResultCode doNetworkConfigRequest(
+		const InetAddress &fromAddr,
+		const Identity &signingId,
+		const Identity &identity,
+		uint64_t nwid,
+		const Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> &metaData,
+		NetworkConfig &nc) = 0;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/Node.cpp b/node/Node.cpp
new file mode 100644
index 0000000..1308502
--- /dev/null
+++ b/node/Node.cpp
@@ -0,0 +1,1044 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <stdint.h>
+
+#include "../version.h"
+
+#include "Constants.hpp"
+#include "Node.hpp"
+#include "RuntimeEnvironment.hpp"
+#include "NetworkController.hpp"
+#include "Switch.hpp"
+#include "Multicaster.hpp"
+#include "Topology.hpp"
+#include "Buffer.hpp"
+#include "Packet.hpp"
+#include "Address.hpp"
+#include "Identity.hpp"
+#include "SelfAwareness.hpp"
+#include "Cluster.hpp"
+#include "DeferredPackets.hpp"
+
+const struct sockaddr_storage ZT_SOCKADDR_NULL = {0};
+
+namespace ZeroTier {
+
+/****************************************************************************/
+/* Public Node interface (C++, exposed via CAPI bindings)                   */
+/****************************************************************************/
+
+Node::Node(
+	uint64_t now,
+	void *uptr,
+	ZT_DataStoreGetFunction dataStoreGetFunction,
+	ZT_DataStorePutFunction dataStorePutFunction,
+	ZT_WirePacketSendFunction wirePacketSendFunction,
+	ZT_VirtualNetworkFrameFunction virtualNetworkFrameFunction,
+	ZT_VirtualNetworkConfigFunction virtualNetworkConfigFunction,
+	ZT_PathCheckFunction pathCheckFunction,
+	ZT_EventCallback eventCallback) :
+	_RR(this),
+	RR(&_RR),
+	_uPtr(uptr),
+	_dataStoreGetFunction(dataStoreGetFunction),
+	_dataStorePutFunction(dataStorePutFunction),
+	_wirePacketSendFunction(wirePacketSendFunction),
+	_virtualNetworkFrameFunction(virtualNetworkFrameFunction),
+	_virtualNetworkConfigFunction(virtualNetworkConfigFunction),
+	_pathCheckFunction(pathCheckFunction),
+	_eventCallback(eventCallback),
+	_networks(),
+	_networks_m(),
+	_prngStreamPtr(0),
+	_now(now),
+	_lastPingCheck(0),
+	_lastHousekeepingRun(0)
+{
+	_online = false;
+
+	// Use Salsa20 alone as a high-quality non-crypto PRNG
+	{
+		char foo[32];
+		Utils::getSecureRandom(foo,32);
+		_prng.init(foo,256,foo);
+		memset(_prngStream,0,sizeof(_prngStream));
+		_prng.encrypt12(_prngStream,_prngStream,sizeof(_prngStream));
+	}
+
+	{
+		std::string idtmp(dataStoreGet("identity.secret"));
+		if ((!idtmp.length())||(!RR->identity.fromString(idtmp))||(!RR->identity.hasPrivate())) {
+			TRACE("identity.secret not found, generating...");
+			RR->identity.generate();
+			idtmp = RR->identity.toString(true);
+			if (!dataStorePut("identity.secret",idtmp,true))
+				throw std::runtime_error("unable to write identity.secret");
+		}
+		RR->publicIdentityStr = RR->identity.toString(false);
+		RR->secretIdentityStr = RR->identity.toString(true);
+		idtmp = dataStoreGet("identity.public");
+		if (idtmp != RR->publicIdentityStr) {
+			if (!dataStorePut("identity.public",RR->publicIdentityStr,false))
+				throw std::runtime_error("unable to write identity.public");
+		}
+	}
+
+	try {
+		RR->sw = new Switch(RR);
+		RR->mc = new Multicaster(RR);
+		RR->topology = new Topology(RR);
+		RR->sa = new SelfAwareness(RR);
+		RR->dp = new DeferredPackets(RR);
+	} catch ( ... ) {
+		delete RR->dp;
+		delete RR->sa;
+		delete RR->topology;
+		delete RR->mc;
+		delete RR->sw;
+		throw;
+	}
+
+	postEvent(ZT_EVENT_UP);
+}
+
+Node::~Node()
+{
+	Mutex::Lock _l(_networks_m);
+
+	_networks.clear(); // ensure that networks are destroyed before shutdow
+
+	RR->dpEnabled = 0;
+	delete RR->dp;
+	delete RR->sa;
+	delete RR->topology;
+	delete RR->mc;
+	delete RR->sw;
+#ifdef ZT_ENABLE_CLUSTER
+	delete RR->cluster;
+#endif
+}
+
+ZT_ResultCode Node::processWirePacket(
+	uint64_t now,
+	const struct sockaddr_storage *localAddress,
+	const struct sockaddr_storage *remoteAddress,
+	const void *packetData,
+	unsigned int packetLength,
+	volatile uint64_t *nextBackgroundTaskDeadline)
+{
+	_now = now;
+	RR->sw->onRemotePacket(*(reinterpret_cast<const InetAddress *>(localAddress)),*(reinterpret_cast<const InetAddress *>(remoteAddress)),packetData,packetLength);
+	return ZT_RESULT_OK;
+}
+
+ZT_ResultCode Node::processVirtualNetworkFrame(
+	uint64_t now,
+	uint64_t nwid,
+	uint64_t sourceMac,
+	uint64_t destMac,
+	unsigned int etherType,
+	unsigned int vlanId,
+	const void *frameData,
+	unsigned int frameLength,
+	volatile uint64_t *nextBackgroundTaskDeadline)
+{
+	_now = now;
+	SharedPtr<Network> nw(this->network(nwid));
+	if (nw) {
+		RR->sw->onLocalEthernet(nw,MAC(sourceMac),MAC(destMac),etherType,vlanId,frameData,frameLength);
+		return ZT_RESULT_OK;
+	} else return ZT_RESULT_ERROR_NETWORK_NOT_FOUND;
+}
+
+class _PingPeersThatNeedPing
+{
+public:
+	_PingPeersThatNeedPing(const RuntimeEnvironment *renv,uint64_t now,const std::vector<NetworkConfig::Relay> &relays) :
+		lastReceiveFromUpstream(0),
+		RR(renv),
+		_now(now),
+		_relays(relays),
+		_world(RR->topology->world())
+	{
+	}
+
+	uint64_t lastReceiveFromUpstream; // tracks last time we got a packet from an 'upstream' peer like a root or a relay
+
+	inline void operator()(Topology &t,const SharedPtr<Peer> &p)
+	{
+		bool upstream = false;
+		InetAddress stableEndpoint4,stableEndpoint6;
+
+		// If this is a world root, pick (if possible) both an IPv4 and an IPv6 stable endpoint to use if link isn't currently alive.
+		for(std::vector<World::Root>::const_iterator r(_world.roots().begin());r!=_world.roots().end();++r) {
+			if (r->identity == p->identity()) {
+				upstream = true;
+				for(unsigned long k=0,ptr=(unsigned long)RR->node->prng();k<(unsigned long)r->stableEndpoints.size();++k) {
+					const InetAddress &addr = r->stableEndpoints[ptr++ % r->stableEndpoints.size()];
+					if (!stableEndpoint4) {
+						if (addr.ss_family == AF_INET)
+							stableEndpoint4 = addr;
+					}
+					if (!stableEndpoint6) {
+						if (addr.ss_family == AF_INET6)
+							stableEndpoint6 = addr;
+					}
+				}
+				break;
+			}
+		}
+
+		if (!upstream) {
+			// If I am a root server, only ping other root servers -- roots don't ping "down"
+			// since that would just be a waste of bandwidth and could potentially cause route
+			// flapping in Cluster mode.
+			if (RR->topology->amRoot())
+				return;
+
+			// Check for network preferred relays, also considered 'upstream' and thus always
+			// pinged to keep links up. If they have stable addresses we will try them there.
+			for(std::vector<NetworkConfig::Relay>::const_iterator r(_relays.begin());r!=_relays.end();++r) {
+				if (r->address == p->address()) {
+					stableEndpoint4 = r->phy4;
+					stableEndpoint6 = r->phy6;
+					upstream = true;
+					break;
+				}
+			}
+		}
+
+		if (upstream) {
+			// "Upstream" devices are roots and relays and get special treatment -- they stay alive
+			// forever and we try to keep (if available) both IPv4 and IPv6 channels open to them.
+			bool needToContactIndirect = true;
+			if (p->doPingAndKeepalive(_now,AF_INET)) {
+				needToContactIndirect = false;
+			} else {
+				if (stableEndpoint4) {
+					needToContactIndirect = false;
+					p->sendHELLO(InetAddress(),stableEndpoint4,_now);
+				}
+			}
+			if (p->doPingAndKeepalive(_now,AF_INET6)) {
+				needToContactIndirect = false;
+			} else {
+				if (stableEndpoint6) {
+					needToContactIndirect = false;
+					p->sendHELLO(InetAddress(),stableEndpoint6,_now);
+				}
+			}
+
+			if (needToContactIndirect) {
+				// If this is an upstream and we have no stable endpoint for either IPv4 or IPv6,
+				// send a NOP indirectly if possible to see if we can get to this peer in any
+				// way whatsoever. This will e.g. find network preferred relays that lack
+				// stable endpoints by using root servers.
+				Packet outp(p->address(),RR->identity.address(),Packet::VERB_NOP);
+				RR->sw->send(outp,true,0);
+			}
+
+			lastReceiveFromUpstream = std::max(p->lastReceive(),lastReceiveFromUpstream);
+		} else if (p->activelyTransferringFrames(_now)) {
+			// Normal nodes get their preferred link kept alive if the node has generated frame traffic recently
+			p->doPingAndKeepalive(_now,0);
+		}
+	}
+
+private:
+	const RuntimeEnvironment *RR;
+	uint64_t _now;
+	const std::vector<NetworkConfig::Relay> &_relays;
+	World _world;
+};
+
+ZT_ResultCode Node::processBackgroundTasks(uint64_t now,volatile uint64_t *nextBackgroundTaskDeadline)
+{
+	_now = now;
+	Mutex::Lock bl(_backgroundTasksLock);
+
+	unsigned long timeUntilNextPingCheck = ZT_PING_CHECK_INVERVAL;
+	const uint64_t timeSinceLastPingCheck = now - _lastPingCheck;
+	if (timeSinceLastPingCheck >= ZT_PING_CHECK_INVERVAL) {
+		try {
+			_lastPingCheck = now;
+
+			// Get relays and networks that need config without leaving the mutex locked
+			std::vector< NetworkConfig::Relay > networkRelays;
+			std::vector< SharedPtr<Network> > needConfig;
+			{
+				Mutex::Lock _l(_networks_m);
+				for(std::vector< std::pair< uint64_t,SharedPtr<Network> > >::const_iterator n(_networks.begin());n!=_networks.end();++n) {
+					if (((now - n->second->lastConfigUpdate()) >= ZT_NETWORK_AUTOCONF_DELAY)||(!n->second->hasConfig())) {
+						needConfig.push_back(n->second);
+					}
+					if (n->second->hasConfig()) {
+						std::vector<NetworkConfig::Relay> r(n->second->config().relays());
+						networkRelays.insert(networkRelays.end(),r.begin(),r.end());
+					}
+				}
+			}
+
+			// Request updated configuration for networks that need it
+			for(std::vector< SharedPtr<Network> >::const_iterator n(needConfig.begin());n!=needConfig.end();++n)
+				(*n)->requestConfiguration();
+
+			// Do pings and keepalives
+			_PingPeersThatNeedPing pfunc(RR,now,networkRelays);
+			RR->topology->eachPeer<_PingPeersThatNeedPing &>(pfunc);
+
+			// Update online status, post status change as event
+			const bool oldOnline = _online;
+			_online = (((now - pfunc.lastReceiveFromUpstream) < ZT_PEER_ACTIVITY_TIMEOUT)||(RR->topology->amRoot()));
+			if (oldOnline != _online)
+				postEvent(_online ? ZT_EVENT_ONLINE : ZT_EVENT_OFFLINE);
+		} catch ( ... ) {
+			return ZT_RESULT_FATAL_ERROR_INTERNAL;
+		}
+	} else {
+		timeUntilNextPingCheck -= (unsigned long)timeSinceLastPingCheck;
+	}
+
+	if ((now - _lastHousekeepingRun) >= ZT_HOUSEKEEPING_PERIOD) {
+		try {
+			_lastHousekeepingRun = now;
+			RR->topology->clean(now);
+			RR->sa->clean(now);
+			RR->mc->clean(now);
+		} catch ( ... ) {
+			return ZT_RESULT_FATAL_ERROR_INTERNAL;
+		}
+	}
+
+	try {
+#ifdef ZT_ENABLE_CLUSTER
+		// If clustering is enabled we have to call cluster->doPeriodicTasks() very often, so we override normal timer deadline behavior
+		if (RR->cluster) {
+			RR->sw->doTimerTasks(now);
+			RR->cluster->doPeriodicTasks();
+			*nextBackgroundTaskDeadline = now + ZT_CLUSTER_PERIODIC_TASK_PERIOD; // this is really short so just tick at this rate
+		} else {
+#endif
+			*nextBackgroundTaskDeadline = now + (uint64_t)std::max(std::min(timeUntilNextPingCheck,RR->sw->doTimerTasks(now)),(unsigned long)ZT_CORE_TIMER_TASK_GRANULARITY);
+#ifdef ZT_ENABLE_CLUSTER
+		}
+#endif
+	} catch ( ... ) {
+		return ZT_RESULT_FATAL_ERROR_INTERNAL;
+	}
+
+	return ZT_RESULT_OK;
+}
+
+ZT_ResultCode Node::join(uint64_t nwid,void *uptr)
+{
+	Mutex::Lock _l(_networks_m);
+	SharedPtr<Network> nw = _network(nwid);
+	if(!nw)
+		_networks.push_back(std::pair< uint64_t,SharedPtr<Network> >(nwid,SharedPtr<Network>(new Network(RR,nwid,uptr))));
+	std::sort(_networks.begin(),_networks.end()); // will sort by nwid since it's the first in a pair<>
+	return ZT_RESULT_OK;
+}
+
+ZT_ResultCode Node::leave(uint64_t nwid,void **uptr)
+{
+	std::vector< std::pair< uint64_t,SharedPtr<Network> > > newn;
+	Mutex::Lock _l(_networks_m);
+	for(std::vector< std::pair< uint64_t,SharedPtr<Network> > >::const_iterator n(_networks.begin());n!=_networks.end();++n) {
+		if (n->first != nwid)
+			newn.push_back(*n);
+		else {
+			if (uptr)
+				*uptr = n->second->userPtr();
+			n->second->destroy();
+		}
+	}
+	_networks.swap(newn);
+	return ZT_RESULT_OK;
+}
+
+ZT_ResultCode Node::multicastSubscribe(uint64_t nwid,uint64_t multicastGroup,unsigned long multicastAdi)
+{
+	SharedPtr<Network> nw(this->network(nwid));
+	if (nw) {
+		nw->multicastSubscribe(MulticastGroup(MAC(multicastGroup),(uint32_t)(multicastAdi & 0xffffffff)));
+		return ZT_RESULT_OK;
+	} else return ZT_RESULT_ERROR_NETWORK_NOT_FOUND;
+}
+
+ZT_ResultCode Node::multicastUnsubscribe(uint64_t nwid,uint64_t multicastGroup,unsigned long multicastAdi)
+{
+	SharedPtr<Network> nw(this->network(nwid));
+	if (nw) {
+		nw->multicastUnsubscribe(MulticastGroup(MAC(multicastGroup),(uint32_t)(multicastAdi & 0xffffffff)));
+		return ZT_RESULT_OK;
+	} else return ZT_RESULT_ERROR_NETWORK_NOT_FOUND;
+}
+
+uint64_t Node::address() const
+{
+	return RR->identity.address().toInt();
+}
+
+void Node::status(ZT_NodeStatus *status) const
+{
+	status->address = RR->identity.address().toInt();
+	status->worldId = RR->topology->worldId();
+	status->worldTimestamp = RR->topology->worldTimestamp();
+	status->publicIdentity = RR->publicIdentityStr.c_str();
+	status->secretIdentity = RR->secretIdentityStr.c_str();
+	status->online = _online ? 1 : 0;
+}
+
+ZT_PeerList *Node::peers() const
+{
+	std::vector< std::pair< Address,SharedPtr<Peer> > > peers(RR->topology->allPeers());
+	std::sort(peers.begin(),peers.end());
+
+	char *buf = (char *)::malloc(sizeof(ZT_PeerList) + (sizeof(ZT_Peer) * peers.size()));
+	if (!buf)
+		return (ZT_PeerList *)0;
+	ZT_PeerList *pl = (ZT_PeerList *)buf;
+	pl->peers = (ZT_Peer *)(buf + sizeof(ZT_PeerList));
+
+	pl->peerCount = 0;
+	for(std::vector< std::pair< Address,SharedPtr<Peer> > >::iterator pi(peers.begin());pi!=peers.end();++pi) {
+		ZT_Peer *p = &(pl->peers[pl->peerCount++]);
+		p->address = pi->second->address().toInt();
+		p->lastUnicastFrame = pi->second->lastUnicastFrame();
+		p->lastMulticastFrame = pi->second->lastMulticastFrame();
+		if (pi->second->remoteVersionKnown()) {
+			p->versionMajor = pi->second->remoteVersionMajor();
+			p->versionMinor = pi->second->remoteVersionMinor();
+			p->versionRev = pi->second->remoteVersionRevision();
+		} else {
+			p->versionMajor = -1;
+			p->versionMinor = -1;
+			p->versionRev = -1;
+		}
+		p->latency = pi->second->latency();
+		p->role = RR->topology->isRoot(pi->second->identity()) ? ZT_PEER_ROLE_ROOT : ZT_PEER_ROLE_LEAF;
+
+		std::vector<Path> paths(pi->second->paths());
+		Path *bestPath = pi->second->getBestPath(_now);
+		p->pathCount = 0;
+		for(std::vector<Path>::iterator path(paths.begin());path!=paths.end();++path) {
+			memcpy(&(p->paths[p->pathCount].address),&(path->address()),sizeof(struct sockaddr_storage));
+			p->paths[p->pathCount].lastSend = path->lastSend();
+			p->paths[p->pathCount].lastReceive = path->lastReceived();
+			p->paths[p->pathCount].active = path->active(_now) ? 1 : 0;
+			p->paths[p->pathCount].preferred = ((bestPath)&&(*path == *bestPath)) ? 1 : 0;
+			p->paths[p->pathCount].trustedPathId = RR->topology->getOutboundPathTrust(path->address());
+			++p->pathCount;
+		}
+	}
+
+	return pl;
+}
+
+ZT_VirtualNetworkConfig *Node::networkConfig(uint64_t nwid) const
+{
+	Mutex::Lock _l(_networks_m);
+	SharedPtr<Network> nw = _network(nwid);
+	if(nw) {
+		ZT_VirtualNetworkConfig *nc = (ZT_VirtualNetworkConfig *)::malloc(sizeof(ZT_VirtualNetworkConfig));
+		nw->externalConfig(nc);
+		return nc;
+	}
+	return (ZT_VirtualNetworkConfig *)0;
+}
+
+ZT_VirtualNetworkList *Node::networks() const
+{
+	Mutex::Lock _l(_networks_m);
+
+	char *buf = (char *)::malloc(sizeof(ZT_VirtualNetworkList) + (sizeof(ZT_VirtualNetworkConfig) * _networks.size()));
+	if (!buf)
+		return (ZT_VirtualNetworkList *)0;
+	ZT_VirtualNetworkList *nl = (ZT_VirtualNetworkList *)buf;
+	nl->networks = (ZT_VirtualNetworkConfig *)(buf + sizeof(ZT_VirtualNetworkList));
+
+	nl->networkCount = 0;
+	for(std::vector< std::pair< uint64_t,SharedPtr<Network> > >::const_iterator n(_networks.begin());n!=_networks.end();++n)
+		n->second->externalConfig(&(nl->networks[nl->networkCount++]));
+
+	return nl;
+}
+
+void Node::freeQueryResult(void *qr)
+{
+	if (qr)
+		::free(qr);
+}
+
+int Node::addLocalInterfaceAddress(const struct sockaddr_storage *addr)
+{
+	if (Path::isAddressValidForPath(*(reinterpret_cast<const InetAddress *>(addr)))) {
+		Mutex::Lock _l(_directPaths_m);
+		if (std::find(_directPaths.begin(),_directPaths.end(),*(reinterpret_cast<const InetAddress *>(addr))) == _directPaths.end()) {
+			_directPaths.push_back(*(reinterpret_cast<const InetAddress *>(addr)));
+			return 1;
+		}
+	}
+	return 0;
+}
+
+void Node::clearLocalInterfaceAddresses()
+{
+	Mutex::Lock _l(_directPaths_m);
+	_directPaths.clear();
+}
+
+void Node::setNetconfMaster(void *networkControllerInstance)
+{
+	RR->localNetworkController = reinterpret_cast<NetworkController *>(networkControllerInstance);
+}
+
+ZT_ResultCode Node::circuitTestBegin(ZT_CircuitTest *test,void (*reportCallback)(ZT_Node *,ZT_CircuitTest *,const ZT_CircuitTestReport *))
+{
+	if (test->hopCount > 0) {
+		try {
+			Packet outp(Address(),RR->identity.address(),Packet::VERB_CIRCUIT_TEST);
+			RR->identity.address().appendTo(outp);
+			outp.append((uint16_t)((test->reportAtEveryHop != 0) ? 0x03 : 0x02));
+			outp.append((uint64_t)test->timestamp);
+			outp.append((uint64_t)test->testId);
+			outp.append((uint16_t)0); // originator credential length, updated later
+			if (test->credentialNetworkId) {
+				outp.append((uint8_t)0x01);
+				outp.append((uint64_t)test->credentialNetworkId);
+				outp.setAt<uint16_t>(ZT_PACKET_IDX_PAYLOAD + 23,(uint16_t)9);
+			}
+			outp.append((uint16_t)0);
+			C25519::Signature sig(RR->identity.sign(reinterpret_cast<const char *>(outp.data()) + ZT_PACKET_IDX_PAYLOAD,outp.size() - ZT_PACKET_IDX_PAYLOAD));
+			outp.append((uint16_t)sig.size());
+			outp.append(sig.data,(unsigned int)sig.size());
+			outp.append((uint16_t)0); // originator doesn't need an extra credential, since it's the originator
+			for(unsigned int h=1;h<test->hopCount;++h) {
+				outp.append((uint8_t)0);
+				outp.append((uint8_t)(test->hops[h].breadth & 0xff));
+				for(unsigned int a=0;a<test->hops[h].breadth;++a)
+					Address(test->hops[h].addresses[a]).appendTo(outp);
+			}
+
+			for(unsigned int a=0;a<test->hops[0].breadth;++a) {
+				outp.newInitializationVector();
+				outp.setDestination(Address(test->hops[0].addresses[a]));
+				RR->sw->send(outp,true,0);
+			}
+		} catch ( ... ) {
+			return ZT_RESULT_FATAL_ERROR_INTERNAL; // probably indicates FIFO too big for packet
+		}
+	}
+
+	{
+		test->_internalPtr = reinterpret_cast<void *>(reportCallback);
+		Mutex::Lock _l(_circuitTests_m);
+		if (std::find(_circuitTests.begin(),_circuitTests.end(),test) == _circuitTests.end())
+			_circuitTests.push_back(test);
+	}
+
+	return ZT_RESULT_OK;
+}
+
+void Node::circuitTestEnd(ZT_CircuitTest *test)
+{
+	Mutex::Lock _l(_circuitTests_m);
+	for(;;) {
+		std::vector< ZT_CircuitTest * >::iterator ct(std::find(_circuitTests.begin(),_circuitTests.end(),test));
+		if (ct == _circuitTests.end())
+			break;
+		else _circuitTests.erase(ct);
+	}
+}
+
+ZT_ResultCode Node::clusterInit(
+	unsigned int myId,
+	const struct sockaddr_storage *zeroTierPhysicalEndpoints,
+	unsigned int numZeroTierPhysicalEndpoints,
+	int x,
+	int y,
+	int z,
+	void (*sendFunction)(void *,unsigned int,const void *,unsigned int),
+	void *sendFunctionArg,
+	int (*addressToLocationFunction)(void *,const struct sockaddr_storage *,int *,int *,int *),
+	void *addressToLocationFunctionArg)
+{
+#ifdef ZT_ENABLE_CLUSTER
+	if (RR->cluster)
+		return ZT_RESULT_ERROR_BAD_PARAMETER;
+
+	std::vector<InetAddress> eps;
+	for(unsigned int i=0;i<numZeroTierPhysicalEndpoints;++i)
+		eps.push_back(InetAddress(zeroTierPhysicalEndpoints[i]));
+	std::sort(eps.begin(),eps.end());
+	RR->cluster = new Cluster(RR,myId,eps,x,y,z,sendFunction,sendFunctionArg,addressToLocationFunction,addressToLocationFunctionArg);
+
+	return ZT_RESULT_OK;
+#else
+	return ZT_RESULT_ERROR_UNSUPPORTED_OPERATION;
+#endif
+}
+
+ZT_ResultCode Node::clusterAddMember(unsigned int memberId)
+{
+#ifdef ZT_ENABLE_CLUSTER
+	if (!RR->cluster)
+		return ZT_RESULT_ERROR_BAD_PARAMETER;
+	RR->cluster->addMember((uint16_t)memberId);
+	return ZT_RESULT_OK;
+#else
+	return ZT_RESULT_ERROR_UNSUPPORTED_OPERATION;
+#endif
+}
+
+void Node::clusterRemoveMember(unsigned int memberId)
+{
+#ifdef ZT_ENABLE_CLUSTER
+	if (RR->cluster)
+		RR->cluster->removeMember((uint16_t)memberId);
+#endif
+}
+
+void Node::clusterHandleIncomingMessage(const void *msg,unsigned int len)
+{
+#ifdef ZT_ENABLE_CLUSTER
+	if (RR->cluster)
+		RR->cluster->handleIncomingStateMessage(msg,len);
+#endif
+}
+
+void Node::clusterStatus(ZT_ClusterStatus *cs)
+{
+	if (!cs)
+		return;
+#ifdef ZT_ENABLE_CLUSTER
+	if (RR->cluster)
+		RR->cluster->status(*cs);
+	else
+#endif
+	memset(cs,0,sizeof(ZT_ClusterStatus));
+}
+
+void Node::backgroundThreadMain()
+{
+	++RR->dpEnabled;
+	for(;;) {
+		try {
+			if (RR->dp->process() < 0)
+				break;
+		} catch ( ... ) {} // sanity check -- should not throw
+	}
+	--RR->dpEnabled;
+}
+
+/****************************************************************************/
+/* Node methods used only within node/                                      */
+/****************************************************************************/
+
+std::string Node::dataStoreGet(const char *name)
+{
+	char buf[1024];
+	std::string r;
+	unsigned long olen = 0;
+	do {
+		long n = _dataStoreGetFunction(reinterpret_cast<ZT_Node *>(this),_uPtr,name,buf,sizeof(buf),(unsigned long)r.length(),&olen);
+		if (n <= 0)
+			return std::string();
+		r.append(buf,n);
+	} while (r.length() < olen);
+	return r;
+}
+
+bool Node::shouldUsePathForZeroTierTraffic(const InetAddress &localAddress,const InetAddress &remoteAddress)
+{
+	if (!Path::isAddressValidForPath(remoteAddress))
+		return false;
+
+	{
+		Mutex::Lock _l(_networks_m);
+		for(std::vector< std::pair< uint64_t, SharedPtr<Network> > >::const_iterator i=_networks.begin();i!=_networks.end();++i) {
+			if (i->second->hasConfig()) {
+				for(unsigned int k=0;k<i->second->config().staticIpCount;++k) {
+					if (i->second->config().staticIps[k].containsAddress(remoteAddress))
+						return false;
+				}
+			}
+		}
+	}
+
+	if (_pathCheckFunction)
+		return (_pathCheckFunction(reinterpret_cast<ZT_Node *>(this),_uPtr,reinterpret_cast<const struct sockaddr_storage *>(&localAddress),reinterpret_cast<const struct sockaddr_storage *>(&remoteAddress)) != 0);
+	else return true;
+}
+
+#ifdef ZT_TRACE
+void Node::postTrace(const char *module,unsigned int line,const char *fmt,...)
+{
+	static Mutex traceLock;
+
+	va_list ap;
+	char tmp1[1024],tmp2[1024],tmp3[256];
+
+	Mutex::Lock _l(traceLock);
+
+	time_t now = (time_t)(_now / 1000ULL);
+#ifdef __WINDOWS__
+	ctime_s(tmp3,sizeof(tmp3),&now);
+	char *nowstr = tmp3;
+#else
+	char *nowstr = ctime_r(&now,tmp3);
+#endif
+	unsigned long nowstrlen = (unsigned long)strlen(nowstr);
+	if (nowstr[nowstrlen-1] == '\n')
+		nowstr[--nowstrlen] = (char)0;
+	if (nowstr[nowstrlen-1] == '\r')
+		nowstr[--nowstrlen] = (char)0;
+
+	va_start(ap,fmt);
+	vsnprintf(tmp2,sizeof(tmp2),fmt,ap);
+	va_end(ap);
+	tmp2[sizeof(tmp2)-1] = (char)0;
+
+	Utils::snprintf(tmp1,sizeof(tmp1),"[%s] %s:%u %s",nowstr,module,line,tmp2);
+	postEvent(ZT_EVENT_TRACE,tmp1);
+}
+#endif // ZT_TRACE
+
+uint64_t Node::prng()
+{
+	unsigned int p = (++_prngStreamPtr % (sizeof(_prngStream) / sizeof(uint64_t)));
+	if (!p)
+		_prng.encrypt12(_prngStream,_prngStream,sizeof(_prngStream));
+	return _prngStream[p];
+}
+
+void Node::postCircuitTestReport(const ZT_CircuitTestReport *report)
+{
+	std::vector< ZT_CircuitTest * > toNotify;
+	{
+		Mutex::Lock _l(_circuitTests_m);
+		for(std::vector< ZT_CircuitTest * >::iterator i(_circuitTests.begin());i!=_circuitTests.end();++i) {
+			if ((*i)->testId == report->testId)
+				toNotify.push_back(*i);
+		}
+	}
+	for(std::vector< ZT_CircuitTest * >::iterator i(toNotify.begin());i!=toNotify.end();++i)
+		(reinterpret_cast<void (*)(ZT_Node *,ZT_CircuitTest *,const ZT_CircuitTestReport *)>((*i)->_internalPtr))(reinterpret_cast<ZT_Node *>(this),*i,report);
+}
+
+void Node::setTrustedPaths(const struct sockaddr_storage *networks,const uint64_t *ids,unsigned int count)
+{
+	RR->topology->setTrustedPaths(reinterpret_cast<const InetAddress *>(networks),ids,count);
+}
+
+} // namespace ZeroTier
+
+/****************************************************************************/
+/* CAPI bindings                                                            */
+/****************************************************************************/
+
+extern "C" {
+
+enum ZT_ResultCode ZT_Node_new(
+	ZT_Node **node,
+	void *uptr,
+	uint64_t now,
+	ZT_DataStoreGetFunction dataStoreGetFunction,
+	ZT_DataStorePutFunction dataStorePutFunction,
+	ZT_WirePacketSendFunction wirePacketSendFunction,
+	ZT_VirtualNetworkFrameFunction virtualNetworkFrameFunction,
+	ZT_VirtualNetworkConfigFunction virtualNetworkConfigFunction,
+	ZT_PathCheckFunction pathCheckFunction,
+	ZT_EventCallback eventCallback)
+{
+	*node = (ZT_Node *)0;
+	try {
+		*node = reinterpret_cast<ZT_Node *>(new ZeroTier::Node(now,uptr,dataStoreGetFunction,dataStorePutFunction,wirePacketSendFunction,virtualNetworkFrameFunction,virtualNetworkConfigFunction,pathCheckFunction,eventCallback));
+		return ZT_RESULT_OK;
+	} catch (std::bad_alloc &exc) {
+		return ZT_RESULT_FATAL_ERROR_OUT_OF_MEMORY;
+	} catch (std::runtime_error &exc) {
+		return ZT_RESULT_FATAL_ERROR_DATA_STORE_FAILED;
+	} catch ( ... ) {
+		return ZT_RESULT_FATAL_ERROR_INTERNAL;
+	}
+}
+
+void ZT_Node_delete(ZT_Node *node)
+{
+	try {
+		delete (reinterpret_cast<ZeroTier::Node *>(node));
+	} catch ( ... ) {}
+}
+
+enum ZT_ResultCode ZT_Node_processWirePacket(
+	ZT_Node *node,
+	uint64_t now,
+	const struct sockaddr_storage *localAddress,
+	const struct sockaddr_storage *remoteAddress,
+	const void *packetData,
+	unsigned int packetLength,
+	volatile uint64_t *nextBackgroundTaskDeadline)
+{
+	try {
+		return reinterpret_cast<ZeroTier::Node *>(node)->processWirePacket(now,localAddress,remoteAddress,packetData,packetLength,nextBackgroundTaskDeadline);
+	} catch (std::bad_alloc &exc) {
+		return ZT_RESULT_FATAL_ERROR_OUT_OF_MEMORY;
+	} catch ( ... ) {
+		return ZT_RESULT_OK; // "OK" since invalid packets are simply dropped, but the system is still up
+	}
+}
+
+enum ZT_ResultCode ZT_Node_processVirtualNetworkFrame(
+	ZT_Node *node,
+	uint64_t now,
+	uint64_t nwid,
+	uint64_t sourceMac,
+	uint64_t destMac,
+	unsigned int etherType,
+	unsigned int vlanId,
+	const void *frameData,
+	unsigned int frameLength,
+	volatile uint64_t *nextBackgroundTaskDeadline)
+{
+	try {
+		return reinterpret_cast<ZeroTier::Node *>(node)->processVirtualNetworkFrame(now,nwid,sourceMac,destMac,etherType,vlanId,frameData,frameLength,nextBackgroundTaskDeadline);
+	} catch (std::bad_alloc &exc) {
+		return ZT_RESULT_FATAL_ERROR_OUT_OF_MEMORY;
+	} catch ( ... ) {
+		return ZT_RESULT_FATAL_ERROR_INTERNAL;
+	}
+}
+
+enum ZT_ResultCode ZT_Node_processBackgroundTasks(ZT_Node *node,uint64_t now,volatile uint64_t *nextBackgroundTaskDeadline)
+{
+	try {
+		return reinterpret_cast<ZeroTier::Node *>(node)->processBackgroundTasks(now,nextBackgroundTaskDeadline);
+	} catch (std::bad_alloc &exc) {
+		return ZT_RESULT_FATAL_ERROR_OUT_OF_MEMORY;
+	} catch ( ... ) {
+		return ZT_RESULT_FATAL_ERROR_INTERNAL;
+	}
+}
+
+enum ZT_ResultCode ZT_Node_join(ZT_Node *node,uint64_t nwid,void *uptr)
+{
+	try {
+		return reinterpret_cast<ZeroTier::Node *>(node)->join(nwid,uptr);
+	} catch (std::bad_alloc &exc) {
+		return ZT_RESULT_FATAL_ERROR_OUT_OF_MEMORY;
+	} catch ( ... ) {
+		return ZT_RESULT_FATAL_ERROR_INTERNAL;
+	}
+}
+
+enum ZT_ResultCode ZT_Node_leave(ZT_Node *node,uint64_t nwid,void **uptr)
+{
+	try {
+		return reinterpret_cast<ZeroTier::Node *>(node)->leave(nwid,uptr);
+	} catch (std::bad_alloc &exc) {
+		return ZT_RESULT_FATAL_ERROR_OUT_OF_MEMORY;
+	} catch ( ... ) {
+		return ZT_RESULT_FATAL_ERROR_INTERNAL;
+	}
+}
+
+enum ZT_ResultCode ZT_Node_multicastSubscribe(ZT_Node *node,uint64_t nwid,uint64_t multicastGroup,unsigned long multicastAdi)
+{
+	try {
+		return reinterpret_cast<ZeroTier::Node *>(node)->multicastSubscribe(nwid,multicastGroup,multicastAdi);
+	} catch (std::bad_alloc &exc) {
+		return ZT_RESULT_FATAL_ERROR_OUT_OF_MEMORY;
+	} catch ( ... ) {
+		return ZT_RESULT_FATAL_ERROR_INTERNAL;
+	}
+}
+
+enum ZT_ResultCode ZT_Node_multicastUnsubscribe(ZT_Node *node,uint64_t nwid,uint64_t multicastGroup,unsigned long multicastAdi)
+{
+	try {
+		return reinterpret_cast<ZeroTier::Node *>(node)->multicastUnsubscribe(nwid,multicastGroup,multicastAdi);
+	} catch (std::bad_alloc &exc) {
+		return ZT_RESULT_FATAL_ERROR_OUT_OF_MEMORY;
+	} catch ( ... ) {
+		return ZT_RESULT_FATAL_ERROR_INTERNAL;
+	}
+}
+
+uint64_t ZT_Node_address(ZT_Node *node)
+{
+	return reinterpret_cast<ZeroTier::Node *>(node)->address();
+}
+
+void ZT_Node_status(ZT_Node *node,ZT_NodeStatus *status)
+{
+	try {
+		reinterpret_cast<ZeroTier::Node *>(node)->status(status);
+	} catch ( ... ) {}
+}
+
+ZT_PeerList *ZT_Node_peers(ZT_Node *node)
+{
+	try {
+		return reinterpret_cast<ZeroTier::Node *>(node)->peers();
+	} catch ( ... ) {
+		return (ZT_PeerList *)0;
+	}
+}
+
+ZT_VirtualNetworkConfig *ZT_Node_networkConfig(ZT_Node *node,uint64_t nwid)
+{
+	try {
+		return reinterpret_cast<ZeroTier::Node *>(node)->networkConfig(nwid);
+	} catch ( ... ) {
+		return (ZT_VirtualNetworkConfig *)0;
+	}
+}
+
+ZT_VirtualNetworkList *ZT_Node_networks(ZT_Node *node)
+{
+	try {
+		return reinterpret_cast<ZeroTier::Node *>(node)->networks();
+	} catch ( ... ) {
+		return (ZT_VirtualNetworkList *)0;
+	}
+}
+
+void ZT_Node_freeQueryResult(ZT_Node *node,void *qr)
+{
+	try {
+		reinterpret_cast<ZeroTier::Node *>(node)->freeQueryResult(qr);
+	} catch ( ... ) {}
+}
+
+int ZT_Node_addLocalInterfaceAddress(ZT_Node *node,const struct sockaddr_storage *addr)
+{
+	try {
+		return reinterpret_cast<ZeroTier::Node *>(node)->addLocalInterfaceAddress(addr);
+	} catch ( ... ) {
+		return 0;
+	}
+}
+
+void ZT_Node_clearLocalInterfaceAddresses(ZT_Node *node)
+{
+	try {
+		reinterpret_cast<ZeroTier::Node *>(node)->clearLocalInterfaceAddresses();
+	} catch ( ... ) {}
+}
+
+void ZT_Node_setNetconfMaster(ZT_Node *node,void *networkControllerInstance)
+{
+	try {
+		reinterpret_cast<ZeroTier::Node *>(node)->setNetconfMaster(networkControllerInstance);
+	} catch ( ... ) {}
+}
+
+enum ZT_ResultCode ZT_Node_circuitTestBegin(ZT_Node *node,ZT_CircuitTest *test,void (*reportCallback)(ZT_Node *,ZT_CircuitTest *,const ZT_CircuitTestReport *))
+{
+	try {
+		return reinterpret_cast<ZeroTier::Node *>(node)->circuitTestBegin(test,reportCallback);
+	} catch ( ... ) {
+		return ZT_RESULT_FATAL_ERROR_INTERNAL;
+	}
+}
+
+void ZT_Node_circuitTestEnd(ZT_Node *node,ZT_CircuitTest *test)
+{
+	try {
+		reinterpret_cast<ZeroTier::Node *>(node)->circuitTestEnd(test);
+	} catch ( ... ) {}
+}
+
+enum ZT_ResultCode ZT_Node_clusterInit(
+	ZT_Node *node,
+	unsigned int myId,
+	const struct sockaddr_storage *zeroTierPhysicalEndpoints,
+	unsigned int numZeroTierPhysicalEndpoints,
+	int x,
+	int y,
+	int z,
+	void (*sendFunction)(void *,unsigned int,const void *,unsigned int),
+	void *sendFunctionArg,
+	int (*addressToLocationFunction)(void *,const struct sockaddr_storage *,int *,int *,int *),
+	void *addressToLocationFunctionArg)
+{
+	try {
+		return reinterpret_cast<ZeroTier::Node *>(node)->clusterInit(myId,zeroTierPhysicalEndpoints,numZeroTierPhysicalEndpoints,x,y,z,sendFunction,sendFunctionArg,addressToLocationFunction,addressToLocationFunctionArg);
+	} catch ( ... ) {
+		return ZT_RESULT_FATAL_ERROR_INTERNAL;
+	}
+}
+
+enum ZT_ResultCode ZT_Node_clusterAddMember(ZT_Node *node,unsigned int memberId)
+{
+	try {
+		return reinterpret_cast<ZeroTier::Node *>(node)->clusterAddMember(memberId);
+	} catch ( ... ) {
+		return ZT_RESULT_FATAL_ERROR_INTERNAL;
+	}
+}
+
+void ZT_Node_clusterRemoveMember(ZT_Node *node,unsigned int memberId)
+{
+	try {
+		reinterpret_cast<ZeroTier::Node *>(node)->clusterRemoveMember(memberId);
+	} catch ( ... ) {}
+}
+
+void ZT_Node_clusterHandleIncomingMessage(ZT_Node *node,const void *msg,unsigned int len)
+{
+	try {
+		reinterpret_cast<ZeroTier::Node *>(node)->clusterHandleIncomingMessage(msg,len);
+	} catch ( ... ) {}
+}
+
+void ZT_Node_clusterStatus(ZT_Node *node,ZT_ClusterStatus *cs)
+{
+	try {
+		reinterpret_cast<ZeroTier::Node *>(node)->clusterStatus(cs);
+	} catch ( ... ) {}
+}
+
+void ZT_Node_setTrustedPaths(ZT_Node *node,const struct sockaddr_storage *networks,const uint64_t *ids,unsigned int count)
+{
+	try {
+		reinterpret_cast<ZeroTier::Node *>(node)->setTrustedPaths(networks,ids,count);
+	} catch ( ... ) {}
+}
+
+void ZT_Node_backgroundThreadMain(ZT_Node *node)
+{
+	try {
+		reinterpret_cast<ZeroTier::Node *>(node)->backgroundThreadMain();
+	} catch ( ... ) {}
+}
+
+void ZT_version(int *major,int *minor,int *revision)
+{
+	if (major) *major = ZEROTIER_ONE_VERSION_MAJOR;
+	if (minor) *minor = ZEROTIER_ONE_VERSION_MINOR;
+	if (revision) *revision = ZEROTIER_ONE_VERSION_REVISION;
+}
+
+} // extern "C"
diff --git a/node/Node.hpp b/node/Node.hpp
new file mode 100644
index 0000000..0a39d1e
--- /dev/null
+++ b/node/Node.hpp
@@ -0,0 +1,308 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_NODE_HPP
+#define ZT_NODE_HPP
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <map>
+
+#include "Constants.hpp"
+
+#include "../include/ZeroTierOne.h"
+
+#include "RuntimeEnvironment.hpp"
+#include "InetAddress.hpp"
+#include "Mutex.hpp"
+#include "MAC.hpp"
+#include "Network.hpp"
+#include "Path.hpp"
+#include "Salsa20.hpp"
+
+#undef TRACE
+#ifdef ZT_TRACE
+#define TRACE(f,...) RR->node->postTrace(__FILE__,__LINE__,f,##__VA_ARGS__)
+#else
+#define TRACE(f,...) {}
+#endif
+
+namespace ZeroTier {
+
+/**
+ * Implementation of Node object as defined in CAPI
+ *
+ * The pointer returned by ZT_Node_new() is an instance of this class.
+ */
+class Node
+{
+public:
+	Node(
+		uint64_t now,
+		void *uptr,
+		ZT_DataStoreGetFunction dataStoreGetFunction,
+		ZT_DataStorePutFunction dataStorePutFunction,
+		ZT_WirePacketSendFunction wirePacketSendFunction,
+		ZT_VirtualNetworkFrameFunction virtualNetworkFrameFunction,
+		ZT_VirtualNetworkConfigFunction virtualNetworkConfigFunction,
+		ZT_PathCheckFunction pathCheckFunction,
+		ZT_EventCallback eventCallback);
+
+	~Node();
+
+	// Public API Functions ----------------------------------------------------
+
+	ZT_ResultCode processWirePacket(
+		uint64_t now,
+		const struct sockaddr_storage *localAddress,
+		const struct sockaddr_storage *remoteAddress,
+		const void *packetData,
+		unsigned int packetLength,
+		volatile uint64_t *nextBackgroundTaskDeadline);
+	ZT_ResultCode processVirtualNetworkFrame(
+		uint64_t now,
+		uint64_t nwid,
+		uint64_t sourceMac,
+		uint64_t destMac,
+		unsigned int etherType,
+		unsigned int vlanId,
+		const void *frameData,
+		unsigned int frameLength,
+		volatile uint64_t *nextBackgroundTaskDeadline);
+	ZT_ResultCode processBackgroundTasks(uint64_t now,volatile uint64_t *nextBackgroundTaskDeadline);
+	ZT_ResultCode join(uint64_t nwid,void *uptr);
+	ZT_ResultCode leave(uint64_t nwid,void **uptr);
+	ZT_ResultCode multicastSubscribe(uint64_t nwid,uint64_t multicastGroup,unsigned long multicastAdi);
+	ZT_ResultCode multicastUnsubscribe(uint64_t nwid,uint64_t multicastGroup,unsigned long multicastAdi);
+	uint64_t address() const;
+	void status(ZT_NodeStatus *status) const;
+	ZT_PeerList *peers() const;
+	ZT_VirtualNetworkConfig *networkConfig(uint64_t nwid) const;
+	ZT_VirtualNetworkList *networks() const;
+	void freeQueryResult(void *qr);
+	int addLocalInterfaceAddress(const struct sockaddr_storage *addr);
+	void clearLocalInterfaceAddresses();
+	void setNetconfMaster(void *networkControllerInstance);
+	ZT_ResultCode circuitTestBegin(ZT_CircuitTest *test,void (*reportCallback)(ZT_Node *,ZT_CircuitTest *,const ZT_CircuitTestReport *));
+	void circuitTestEnd(ZT_CircuitTest *test);
+	ZT_ResultCode clusterInit(
+		unsigned int myId,
+		const struct sockaddr_storage *zeroTierPhysicalEndpoints,
+		unsigned int numZeroTierPhysicalEndpoints,
+		int x,
+		int y,
+		int z,
+		void (*sendFunction)(void *,unsigned int,const void *,unsigned int),
+		void *sendFunctionArg,
+		int (*addressToLocationFunction)(void *,const struct sockaddr_storage *,int *,int *,int *),
+		void *addressToLocationFunctionArg);
+	ZT_ResultCode clusterAddMember(unsigned int memberId);
+	void clusterRemoveMember(unsigned int memberId);
+	void clusterHandleIncomingMessage(const void *msg,unsigned int len);
+	void clusterStatus(ZT_ClusterStatus *cs);
+	void backgroundThreadMain();
+
+	// Internal functions ------------------------------------------------------
+
+	/**
+	 * Convenience threadMain() for easy background thread launch
+	 *
+	 * This allows background threads to be launched with Thread::start
+	 * that will run against this node.
+	 */
+	inline void threadMain() throw() { this->backgroundThreadMain(); }
+
+	/**
+	 * @return Time as of last call to run()
+	 */
+	inline uint64_t now() const throw() { return _now; }
+
+	/**
+	 * Enqueue a ZeroTier message to be sent
+	 *
+	 * @param localAddress Local address
+	 * @param addr Destination address
+	 * @param data Packet data
+	 * @param len Packet length
+	 * @param ttl Desired TTL (default: 0 for unchanged/default TTL)
+	 * @return True if packet appears to have been sent
+	 */
+	inline bool putPacket(const InetAddress &localAddress,const InetAddress &addr,const void *data,unsigned int len,unsigned int ttl = 0)
+	{
+		return (_wirePacketSendFunction(
+			reinterpret_cast<ZT_Node *>(this),
+			_uPtr,
+			reinterpret_cast<const struct sockaddr_storage *>(&localAddress),
+			reinterpret_cast<const struct sockaddr_storage *>(&addr),
+			data,
+			len,
+			ttl) == 0);
+	}
+
+	/**
+	 * Enqueue a frame to be injected into a tap device (port)
+	 *
+	 * @param nwid Network ID
+	 * @param nuptr Network user ptr
+	 * @param source Source MAC
+	 * @param dest Destination MAC
+	 * @param etherType 16-bit ethernet type
+	 * @param vlanId VLAN ID or 0 if none
+	 * @param data Frame data
+	 * @param len Frame length
+	 */
+	inline void putFrame(uint64_t nwid,void **nuptr,const MAC &source,const MAC &dest,unsigned int etherType,unsigned int vlanId,const void *data,unsigned int len)
+	{
+		_virtualNetworkFrameFunction(
+			reinterpret_cast<ZT_Node *>(this),
+			_uPtr,
+			nwid,
+			nuptr,
+			source.toInt(),
+			dest.toInt(),
+			etherType,
+			vlanId,
+			data,
+			len);
+	}
+
+	/**
+	 * @param localAddress Local address
+	 * @param remoteAddress Remote address
+	 * @return True if path should be used
+	 */
+	bool shouldUsePathForZeroTierTraffic(const InetAddress &localAddress,const InetAddress &remoteAddress);
+
+	inline SharedPtr<Network> network(uint64_t nwid) const
+	{
+		Mutex::Lock _l(_networks_m);
+		return _network(nwid);
+	}
+
+	inline bool belongsToNetwork(uint64_t nwid) const
+	{
+		Mutex::Lock _l(_networks_m);
+		for(std::vector< std::pair< uint64_t, SharedPtr<Network> > >::const_iterator i=_networks.begin();i!=_networks.end();++i) {
+			if (i->first == nwid)
+				return true;
+		}
+		return false;
+	}
+
+	inline std::vector< SharedPtr<Network> > allNetworks() const
+	{
+		std::vector< SharedPtr<Network> > nw;
+		Mutex::Lock _l(_networks_m);
+		nw.reserve(_networks.size());
+		for(std::vector< std::pair< uint64_t, SharedPtr<Network> > >::const_iterator i=_networks.begin();i!=_networks.end();++i)
+			nw.push_back(i->second);
+		return nw;
+	}
+
+	/**
+	 * @return Potential direct paths to me a.k.a. local interface addresses
+	 */
+	inline std::vector<InetAddress> directPaths() const
+	{
+		Mutex::Lock _l(_directPaths_m);
+		return _directPaths;
+	}
+
+	inline bool dataStorePut(const char *name,const void *data,unsigned int len,bool secure) { return (_dataStorePutFunction(reinterpret_cast<ZT_Node *>(this),_uPtr,name,data,len,(int)secure) == 0); }
+	inline bool dataStorePut(const char *name,const std::string &data,bool secure) { return dataStorePut(name,(const void *)data.data(),(unsigned int)data.length(),secure); }
+	inline void dataStoreDelete(const char *name) { _dataStorePutFunction(reinterpret_cast<ZT_Node *>(this),_uPtr,name,(const void *)0,0,0); }
+	std::string dataStoreGet(const char *name);
+
+	/**
+	 * Post an event to the external user
+	 *
+	 * @param ev Event type
+	 * @param md Meta-data (default: NULL/none)
+	 */
+	inline void postEvent(ZT_Event ev,const void *md = (const void *)0) { _eventCallback(reinterpret_cast<ZT_Node *>(this),_uPtr,ev,md); }
+
+	/**
+	 * Update virtual network port configuration
+	 *
+	 * @param nwid Network ID
+	 * @param nuptr Network user ptr
+	 * @param op Configuration operation
+	 * @param nc Network configuration
+	 */
+	inline int configureVirtualNetworkPort(uint64_t nwid,void **nuptr,ZT_VirtualNetworkConfigOperation op,const ZT_VirtualNetworkConfig *nc) { return _virtualNetworkConfigFunction(reinterpret_cast<ZT_Node *>(this),_uPtr,nwid,nuptr,op,nc); }
+
+	inline bool online() const throw() { return _online; }
+
+#ifdef ZT_TRACE
+	void postTrace(const char *module,unsigned int line,const char *fmt,...);
+#endif
+
+	uint64_t prng();
+	void postCircuitTestReport(const ZT_CircuitTestReport *report);
+	void setTrustedPaths(const struct sockaddr_storage *networks,const uint64_t *ids,unsigned int count);
+
+private:
+	inline SharedPtr<Network> _network(uint64_t nwid) const
+	{
+		// assumes _networks_m is locked
+		for(std::vector< std::pair< uint64_t, SharedPtr<Network> > >::const_iterator i=_networks.begin();i!=_networks.end();++i) {
+			if (i->first == nwid)
+				return i->second;
+		}
+		return SharedPtr<Network>();
+	}
+
+	RuntimeEnvironment _RR;
+	RuntimeEnvironment *RR;
+
+	void *_uPtr; // _uptr (lower case) is reserved in Visual Studio :P
+
+	ZT_DataStoreGetFunction _dataStoreGetFunction;
+	ZT_DataStorePutFunction _dataStorePutFunction;
+	ZT_WirePacketSendFunction _wirePacketSendFunction;
+	ZT_VirtualNetworkFrameFunction _virtualNetworkFrameFunction;
+	ZT_VirtualNetworkConfigFunction _virtualNetworkConfigFunction;
+	ZT_PathCheckFunction _pathCheckFunction;
+	ZT_EventCallback _eventCallback;
+
+	std::vector< std::pair< uint64_t, SharedPtr<Network> > > _networks;
+	Mutex _networks_m;
+
+	std::vector< ZT_CircuitTest * > _circuitTests;
+	Mutex _circuitTests_m;
+
+	std::vector<InetAddress> _directPaths;
+	Mutex _directPaths_m;
+
+	Mutex _backgroundTasksLock;
+
+	unsigned int _prngStreamPtr;
+	Salsa20 _prng;
+	uint64_t _prngStream[16]; // repeatedly encrypted with _prng to yield a high-quality non-crypto PRNG stream
+
+	uint64_t _now;
+	uint64_t _lastPingCheck;
+	uint64_t _lastHousekeepingRun;
+	bool _online;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/NonCopyable.hpp b/node/NonCopyable.hpp
new file mode 100644
index 0000000..6d4daa8
--- /dev/null
+++ b/node/NonCopyable.hpp
@@ -0,0 +1,38 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_NONCOPYABLE_HPP__
+#define ZT_NONCOPYABLE_HPP__
+
+namespace ZeroTier {
+
+/**
+ * A simple concept that belongs in the C++ language spec
+ */
+class NonCopyable
+{
+protected:
+	NonCopyable() throw() {}
+private:
+	NonCopyable(const NonCopyable&);
+	const NonCopyable& operator=(const NonCopyable&);
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/OutboundMulticast.cpp b/node/OutboundMulticast.cpp
new file mode 100644
index 0000000..eea1132
--- /dev/null
+++ b/node/OutboundMulticast.cpp
@@ -0,0 +1,113 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "Constants.hpp"
+#include "RuntimeEnvironment.hpp"
+#include "OutboundMulticast.hpp"
+#include "Switch.hpp"
+#include "Network.hpp"
+#include "CertificateOfMembership.hpp"
+#include "Node.hpp"
+
+namespace ZeroTier {
+
+void OutboundMulticast::init(
+	const RuntimeEnvironment *RR,
+	uint64_t timestamp,
+	uint64_t nwid,
+	const CertificateOfMembership *com,
+	unsigned int limit,
+	unsigned int gatherLimit,
+	const MAC &src,
+	const MulticastGroup &dest,
+	unsigned int etherType,
+	const void *payload,
+	unsigned int len)
+{
+	_timestamp = timestamp;
+	_nwid = nwid;
+	_limit = limit;
+
+	uint8_t flags = 0;
+	if (gatherLimit) flags |= 0x02;
+	if (src) flags |= 0x04;
+
+	/*
+	TRACE(">>MC %.16llx INIT %.16llx/%s limit %u gatherLimit %u from %s to %s length %u com==%d",
+		(unsigned long long)this,
+		nwid,
+		dest.toString().c_str(),
+		limit,
+		gatherLimit,
+		(src) ? src.toString().c_str() : MAC(RR->identity.address(),nwid).toString().c_str(),
+		dest.toString().c_str(),
+		len,
+		(com) ? 1 : 0);
+	*/
+
+	_packetNoCom.setSource(RR->identity.address());
+	_packetNoCom.setVerb(Packet::VERB_MULTICAST_FRAME);
+	_packetNoCom.append((uint64_t)nwid);
+	_packetNoCom.append(flags);
+	if (gatherLimit) _packetNoCom.append((uint32_t)gatherLimit);
+	if (src) src.appendTo(_packetNoCom);
+	dest.mac().appendTo(_packetNoCom);
+	_packetNoCom.append((uint32_t)dest.adi());
+	_packetNoCom.append((uint16_t)etherType);
+	_packetNoCom.append(payload,len);
+	_packetNoCom.compress();
+
+	if (com) {
+		_haveCom = true;
+		flags |= 0x01;
+
+		_packetWithCom.setSource(RR->identity.address());
+		_packetWithCom.setVerb(Packet::VERB_MULTICAST_FRAME);
+		_packetWithCom.append((uint64_t)nwid);
+		_packetWithCom.append(flags);
+		com->serialize(_packetWithCom);
+		if (gatherLimit) _packetWithCom.append((uint32_t)gatherLimit);
+		if (src) src.appendTo(_packetWithCom);
+		dest.mac().appendTo(_packetWithCom);
+		_packetWithCom.append((uint32_t)dest.adi());
+		_packetWithCom.append((uint16_t)etherType);
+		_packetWithCom.append(payload,len);
+		_packetWithCom.compress();
+	} else _haveCom = false;
+}
+
+void OutboundMulticast::sendOnly(const RuntimeEnvironment *RR,const Address &toAddr)
+{
+	if (_haveCom) {
+		SharedPtr<Peer> peer(RR->topology->getPeer(toAddr));
+		if ( (!peer) || (peer->needsOurNetworkMembershipCertificate(_nwid,RR->node->now(),true)) ) {
+			//TRACE(">>MC %.16llx -> %s (with COM)",(unsigned long long)this,toAddr.toString().c_str());
+			_packetWithCom.newInitializationVector();
+			_packetWithCom.setDestination(toAddr);
+			RR->sw->send(_packetWithCom,true,_nwid);
+			return;
+		}
+	}
+
+	//TRACE(">>MC %.16llx -> %s (without COM)",(unsigned long long)this,toAddr.toString().c_str());
+	_packetNoCom.newInitializationVector();
+	_packetNoCom.setDestination(toAddr);
+	RR->sw->send(_packetNoCom,true,_nwid);
+}
+
+} // namespace ZeroTier
diff --git a/node/OutboundMulticast.hpp b/node/OutboundMulticast.hpp
new file mode 100644
index 0000000..3818172
--- /dev/null
+++ b/node/OutboundMulticast.hpp
@@ -0,0 +1,145 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_OUTBOUNDMULTICAST_HPP
+#define ZT_OUTBOUNDMULTICAST_HPP
+
+#include <stdint.h>
+
+#include <vector>
+#include <algorithm>
+
+#include "Constants.hpp"
+#include "MAC.hpp"
+#include "MulticastGroup.hpp"
+#include "Address.hpp"
+#include "Packet.hpp"
+
+namespace ZeroTier {
+
+class CertificateOfMembership;
+class RuntimeEnvironment;
+
+/**
+ * An outbound multicast packet
+ *
+ * This object isn't guarded by a mutex; caller must synchronize access.
+ */
+class OutboundMulticast
+{
+public:
+	/**
+	 * Create an uninitialized outbound multicast
+	 *
+	 * It must be initialized with init().
+	 */
+	OutboundMulticast() {}
+
+	/**
+	 * Initialize outbound multicast
+	 *
+	 * @param RR Runtime environment
+	 * @param timestamp Creation time
+	 * @param nwid Network ID
+	 * @param com Certificate of membership or NULL if none available
+	 * @param limit Multicast limit for desired number of packets to send
+	 * @param gatherLimit Number to lazily/implicitly gather with this frame or 0 for none
+	 * @param src Source MAC address of frame or NULL to imply compute from sender ZT address
+	 * @param dest Destination multicast group (MAC + ADI)
+	 * @param etherType 16-bit Ethernet type ID
+	 * @param payload Data
+	 * @param len Length of data
+	 * @throws std::out_of_range Data too large to fit in a MULTICAST_FRAME
+	 */
+	void init(
+		const RuntimeEnvironment *RR,
+		uint64_t timestamp,
+		uint64_t nwid,
+		const CertificateOfMembership *com,
+		unsigned int limit,
+		unsigned int gatherLimit,
+		const MAC &src,
+		const MulticastGroup &dest,
+		unsigned int etherType,
+		const void *payload,
+		unsigned int len);
+
+	/**
+	 * @return Multicast creation time
+	 */
+	inline uint64_t timestamp() const throw() { return _timestamp; }
+
+	/**
+	 * @param now Current time
+	 * @return True if this multicast is expired (has exceeded transmit timeout)
+	 */
+	inline bool expired(uint64_t now) const throw() { return ((now - _timestamp) >= ZT_MULTICAST_TRANSMIT_TIMEOUT); }
+
+	/**
+	 * @return True if this outbound multicast has been sent to enough peers
+	 */
+	inline bool atLimit() const throw() { return (_alreadySentTo.size() >= _limit); }
+
+	/**
+	 * Just send without checking log
+	 *
+	 * @param RR Runtime environment
+	 * @param toAddr Destination address
+	 */
+	void sendOnly(const RuntimeEnvironment *RR,const Address &toAddr);
+
+	/**
+	 * Just send and log but do not check sent log
+	 *
+	 * @param RR Runtime environment
+	 * @param toAddr Destination address
+	 */
+	inline void sendAndLog(const RuntimeEnvironment *RR,const Address &toAddr)
+	{
+		_alreadySentTo.push_back(toAddr);
+		sendOnly(RR,toAddr);
+	}
+
+	/**
+	 * Try to send this to a given peer if it hasn't been sent to them already
+	 *
+	 * @param RR Runtime environment
+	 * @param toAddr Destination address
+	 * @return True if address is new and packet was sent to switch, false if duplicate
+	 */
+	inline bool sendIfNew(const RuntimeEnvironment *RR,const Address &toAddr)
+	{
+		if (std::find(_alreadySentTo.begin(),_alreadySentTo.end(),toAddr) == _alreadySentTo.end()) {
+			sendAndLog(RR,toAddr);
+			return true;
+		} else return false;
+	}
+
+private:
+	uint64_t _timestamp;
+	uint64_t _nwid;
+	unsigned int _limit;
+	Packet _packetNoCom;
+	Packet _packetWithCom;
+	std::vector<Address> _alreadySentTo;
+	bool _haveCom;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/Packet.cpp b/node/Packet.cpp
new file mode 100644
index 0000000..3330a92
--- /dev/null
+++ b/node/Packet.cpp
@@ -0,0 +1,157 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "Packet.hpp"
+
+namespace ZeroTier {
+
+const unsigned char Packet::ZERO_KEY[32] = { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 };
+
+//#ifdef ZT_TRACE
+
+const char *Packet::verbString(Verb v)
+	throw()
+{
+	switch(v) {
+		case VERB_NOP: return "NOP";
+		case VERB_HELLO: return "HELLO";
+		case VERB_ERROR: return "ERROR";
+		case VERB_OK: return "OK";
+		case VERB_WHOIS: return "WHOIS";
+		case VERB_RENDEZVOUS: return "RENDEZVOUS";
+		case VERB_FRAME: return "FRAME";
+		case VERB_EXT_FRAME: return "EXT_FRAME";
+		case VERB_ECHO: return "ECHO";
+		case VERB_MULTICAST_LIKE: return "MULTICAST_LIKE";
+		case VERB_NETWORK_MEMBERSHIP_CERTIFICATE: return "NETWORK_MEMBERSHIP_CERTIFICATE";
+		case VERB_NETWORK_CONFIG_REQUEST: return "NETWORK_CONFIG_REQUEST";
+		case VERB_NETWORK_CONFIG_REFRESH: return "NETWORK_CONFIG_REFRESH";
+		case VERB_MULTICAST_GATHER: return "MULTICAST_GATHER";
+		case VERB_MULTICAST_FRAME: return "MULTICAST_FRAME";
+		case VERB_PUSH_DIRECT_PATHS: return "PUSH_DIRECT_PATHS";
+		case VERB_CIRCUIT_TEST: return "CIRCUIT_TEST";
+		case VERB_CIRCUIT_TEST_REPORT: return "CIRCUIT_TEST_REPORT";
+		case VERB_REQUEST_PROOF_OF_WORK: return "REQUEST_PROOF_OF_WORK";
+	}
+	return "(unknown)";
+}
+
+const char *Packet::errorString(ErrorCode e)
+	throw()
+{
+	switch(e) {
+		case ERROR_NONE: return "NONE";
+		case ERROR_INVALID_REQUEST: return "INVALID_REQUEST";
+		case ERROR_BAD_PROTOCOL_VERSION: return "BAD_PROTOCOL_VERSION";
+		case ERROR_OBJ_NOT_FOUND: return "OBJECT_NOT_FOUND";
+		case ERROR_IDENTITY_COLLISION: return "IDENTITY_COLLISION";
+		case ERROR_UNSUPPORTED_OPERATION: return "UNSUPPORTED_OPERATION";
+		case ERROR_NEED_MEMBERSHIP_CERTIFICATE: return "NEED_MEMBERSHIP_CERTIFICATE";
+		case ERROR_NETWORK_ACCESS_DENIED_: return "NETWORK_ACCESS_DENIED";
+		case ERROR_UNWANTED_MULTICAST: return "UNWANTED_MULTICAST";
+	}
+	return "(unknown)";
+}
+
+//#endif // ZT_TRACE
+
+void Packet::armor(const void *key,bool encryptPayload)
+{
+	unsigned char mangledKey[32];
+	unsigned char macKey[32];
+	unsigned char mac[16];
+	const unsigned int payloadLen = size() - ZT_PACKET_IDX_VERB;
+	unsigned char *const payload = field(ZT_PACKET_IDX_VERB,payloadLen);
+
+	// Set flag now, since it affects key mangle function
+	setCipher(encryptPayload ? ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_SALSA2012 : ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_NONE);
+
+	_salsa20MangleKey((const unsigned char *)key,mangledKey);
+	Salsa20 s20(mangledKey,256,field(ZT_PACKET_IDX_IV,8)/*,ZT_PROTO_SALSA20_ROUNDS*/);
+
+	// MAC key is always the first 32 bytes of the Salsa20 key stream
+	// This is the same construction DJB's NaCl library uses
+	s20.encrypt12(ZERO_KEY,macKey,sizeof(macKey));
+
+	if (encryptPayload)
+		s20.encrypt12(payload,payload,payloadLen);
+
+	Poly1305::compute(mac,payload,payloadLen,macKey);
+	memcpy(field(ZT_PACKET_IDX_MAC,8),mac,8);
+}
+
+bool Packet::dearmor(const void *key)
+{
+	unsigned char mangledKey[32];
+	unsigned char macKey[32];
+	unsigned char mac[16];
+	const unsigned int payloadLen = size() - ZT_PACKET_IDX_VERB;
+	unsigned char *const payload = field(ZT_PACKET_IDX_VERB,payloadLen);
+	unsigned int cs = cipher();
+
+	if ((cs == ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_NONE)||(cs == ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_SALSA2012)) {
+		_salsa20MangleKey((const unsigned char *)key,mangledKey);
+		Salsa20 s20(mangledKey,256,field(ZT_PACKET_IDX_IV,8)/*,ZT_PROTO_SALSA20_ROUNDS*/);
+
+		s20.encrypt12(ZERO_KEY,macKey,sizeof(macKey));
+		Poly1305::compute(mac,payload,payloadLen,macKey);
+		if (!Utils::secureEq(mac,field(ZT_PACKET_IDX_MAC,8),8))
+			return false;
+
+		if (cs == ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_SALSA2012)
+			s20.decrypt12(payload,payload,payloadLen);
+
+		return true;
+	} else return false; // unrecognized cipher suite
+}
+
+bool Packet::compress()
+{
+	unsigned char buf[ZT_PROTO_MAX_PACKET_LENGTH * 2];
+	if ((!compressed())&&(size() > (ZT_PACKET_IDX_PAYLOAD + 32))) {
+		int pl = (int)(size() - ZT_PACKET_IDX_PAYLOAD);
+		int cl = LZ4_compress((const char *)field(ZT_PACKET_IDX_PAYLOAD,(unsigned int)pl),(char *)buf,pl);
+		if ((cl > 0)&&(cl < pl)) {
+			(*this)[ZT_PACKET_IDX_VERB] |= (char)ZT_PROTO_VERB_FLAG_COMPRESSED;
+			setSize((unsigned int)cl + ZT_PACKET_IDX_PAYLOAD);
+			memcpy(field(ZT_PACKET_IDX_PAYLOAD,(unsigned int)cl),buf,cl);
+			return true;
+		}
+	}
+	(*this)[ZT_PACKET_IDX_VERB] &= (char)(~ZT_PROTO_VERB_FLAG_COMPRESSED);
+	return false;
+}
+
+bool Packet::uncompress()
+{
+	unsigned char buf[ZT_PROTO_MAX_PACKET_LENGTH];
+	if ((compressed())&&(size() >= ZT_PROTO_MIN_PACKET_LENGTH)) {
+		if (size() > ZT_PACKET_IDX_PAYLOAD) {
+			unsigned int compLen = size() - ZT_PACKET_IDX_PAYLOAD;
+			int ucl = LZ4_decompress_safe((const char *)field(ZT_PACKET_IDX_PAYLOAD,compLen),(char *)buf,compLen,sizeof(buf));
+			if ((ucl > 0)&&(ucl <= (int)(capacity() - ZT_PACKET_IDX_PAYLOAD))) {
+				setSize((unsigned int)ucl + ZT_PACKET_IDX_PAYLOAD);
+				memcpy(field(ZT_PACKET_IDX_PAYLOAD,(unsigned int)ucl),buf,ucl);
+			} else return false;
+		}
+		(*this)[ZT_PACKET_IDX_VERB] &= (char)(~ZT_PROTO_VERB_FLAG_COMPRESSED);
+	}
+	return true;
+}
+
+} // namespace ZeroTier
diff --git a/node/Packet.hpp b/node/Packet.hpp
new file mode 100644
index 0000000..3d95b0b
--- /dev/null
+++ b/node/Packet.hpp
@@ -0,0 +1,1383 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_N_PACKET_HPP
+#define ZT_N_PACKET_HPP
+
+#include <stdint.h>
+#include <string.h>
+#include <stdio.h>
+
+#include <string>
+#include <iostream>
+
+#include "Constants.hpp"
+
+#include "Address.hpp"
+#include "Poly1305.hpp"
+#include "Salsa20.hpp"
+#include "Utils.hpp"
+#include "Buffer.hpp"
+
+#ifdef ZT_USE_SYSTEM_LZ4
+#include <lz4.h>
+#else
+#include "../ext/lz4/lz4.h"
+#endif
+
+/**
+ * Protocol version -- incremented only for major changes
+ *
+ * 1 - 0.2.0 ... 0.2.5
+ * 2 - 0.3.0 ... 0.4.5
+ *   + Added signature and originating peer to multicast frame
+ *   + Double size of multicast frame bloom filter
+ * 3 - 0.5.0 ... 0.6.0
+ *   + Yet another multicast redesign
+ *   + New crypto completely changes key agreement cipher
+ * 4 - 0.6.0 ... 1.0.6
+ *   + New identity format based on hashcash design
+ * 5 - 1.1.0 ... 1.1.5
+ *   + Supports circuit test, proof of work, and echo
+ *   + Supports in-band world (root server definition) updates
+ *   + Clustering! (Though this will work with protocol v4 clients.)
+ *   + Otherwise backward compatible with protocol v4
+ * 6 - 1.1.5 ... 1.1.10
+ *   + Deprecate old dictionary-based network config format
+ *   + Introduce new binary serialized network config and meta-data
+ * 7 - 1.1.10 -- CURRENT
+ *   + Introduce trusted paths for local SDN use
+ */
+#define ZT_PROTO_VERSION 7
+
+/**
+ * Minimum supported protocol version
+ */
+#define ZT_PROTO_VERSION_MIN 4
+
+/**
+ * Maximum hop count allowed by packet structure (3 bits, 0-7)
+ *
+ * This is a protocol constant. It's the maximum allowed by the length
+ * of the hop counter -- three bits. See node/Constants.hpp for the
+ * pragmatic forwarding limit, which is typically lower.
+ */
+#define ZT_PROTO_MAX_HOPS 7
+
+/**
+ * Cipher suite: Curve25519/Poly1305/Salsa20/12/NOCRYPT
+ *
+ * This specifies Poly1305 MAC using a 32-bit key derived from the first
+ * 32 bytes of a Salsa20/12 keystream as in the Salsa20/12 cipher suite,
+ * but the payload is not encrypted. This is currently only used to send
+ * HELLO since that's the public key specification packet and must be
+ * sent in the clear. Key agreement is performed using Curve25519 elliptic
+ * curve Diffie-Hellman.
+ */
+#define ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_NONE 0
+
+/**
+ * Cipher suite: Curve25519/Poly1305/Salsa20/12
+ *
+ * This specifies Poly1305 using the first 32 bytes of a Salsa20/12 key
+ * stream as its one-time-use key followed by payload encryption with
+ * the remaining Salsa20/12 key stream. Key agreement is performed using
+ * Curve25519 elliptic curve Diffie-Hellman.
+ */
+#define ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_SALSA2012 1
+
+/**
+ * Cipher suite: NONE
+ *
+ * This differs from POLY1305/NONE in that *no* crypto is done, not even
+ * authentication. This is for trusted local LAN interconnects for internal
+ * SDN use within a data center.
+ *
+ * For this mode the MAC field becomes a trusted path ID and must match the
+ * configured ID of a trusted path or the packet is discarded.
+ */
+#define ZT_PROTO_CIPHER_SUITE__NO_CRYPTO_TRUSTED_PATH 2
+
+/**
+ * DEPRECATED payload encrypted flag, may be re-used in the future.
+ *
+ * This has been replaced by the three-bit cipher suite selection field.
+ */
+#define ZT_PROTO_FLAG_ENCRYPTED 0x80
+
+/**
+ * Header flag indicating that a packet is fragmented
+ *
+ * If this flag is set, the receiver knows to expect more than one fragment.
+ * See Packet::Fragment for details.
+ */
+#define ZT_PROTO_FLAG_FRAGMENTED 0x40
+
+/**
+ * Verb flag indicating payload is compressed with LZ4
+ */
+#define ZT_PROTO_VERB_FLAG_COMPRESSED 0x80
+
+/**
+ * Rounds used for Salsa20 encryption in ZT
+ *
+ * Discussion:
+ *
+ * DJB (Salsa20's designer) designed Salsa20 with a significant margin of 20
+ * rounds, but has said repeatedly that 12 is likely sufficient. So far (as of
+ * July 2015) there are no published attacks against 12 rounds, let alone 20.
+ *
+ * In cryptography, a "break" means something different from what it means in
+ * common discussion. If a cipher is 256 bits strong and someone finds a way
+ * to reduce key search to 254 bits, this constitues a "break" in the academic
+ * literature. 254 bits is still far beyond what can be leveraged to accomplish
+ * a "break" as most people would understand it -- the actual decryption and
+ * reading of traffic.
+ *
+ * Nevertheless, "attacks only get better" as cryptographers like to say. As
+ * a result, they recommend not using anything that's shown any weakness even
+ * if that weakness is so far only meaningful to academics. It may be a sign
+ * of a deeper problem.
+ *
+ * So why choose a lower round count?
+ *
+ * Turns out the speed difference is nontrivial. On a Macbook Pro (Core i3) 20
+ * rounds of SSE-optimized Salsa20 achieves ~508mb/sec/core, while 12 rounds
+ * hits ~832mb/sec/core. ZeroTier is designed for multiple objectives:
+ * security, simplicity, and performance. In this case a deference was made
+ * for performance.
+ *
+ * Meta discussion:
+ *
+ * The cipher is not the thing you should be paranoid about.
+ *
+ * I'll qualify that. If the cipher is known to be weak, like RC4, or has a
+ * key size that is too small, like DES, then yes you should worry about
+ * the cipher.
+ *
+ * But if the cipher is strong and your adversary is anyone other than the
+ * intelligence apparatus of a major superpower, you are fine in that
+ * department.
+ *
+ * Go ahead. Search for the last ten vulnerabilities discovered in SSL. Not
+ * a single one involved the breaking of a cipher. Now broaden your search.
+ * Look for issues with SSH, IPSec, etc. The only cipher-related issues you
+ * will find might involve the use of RC4 or MD5, algorithms with known
+ * issues or small key/digest sizes. But even weak ciphers are difficult to
+ * exploit in the real world -- you usually need a lot of data and a lot of
+ * compute time. No, virtually EVERY security vulnerability you will find
+ * involves a problem with the IMPLEMENTATION not with the cipher.
+ *
+ * A flaw in ZeroTier's protocol or code is incredibly, unbelievably
+ * more likely than a flaw in Salsa20 or any other cipher or cryptographic
+ * primitive it uses. We're talking odds of dying in a car wreck vs. odds of
+ * being personally impacted on the head by a meteorite. Nobody without a
+ * billion dollar budget is going to break into your network by actually
+ * cracking Salsa20/12 (or even /8) in the field.
+ *
+ * So stop worrying about the cipher unless you are, say, the Kremlin and your
+ * adversary is the NSA and the GCHQ. In that case... well that's above my
+ * pay grade. I'll just say defense in depth.
+ */
+#define ZT_PROTO_SALSA20_ROUNDS 12
+
+/**
+ * PUSH_DIRECT_PATHS flag: forget path
+ */
+#define ZT_PUSH_DIRECT_PATHS_FLAG_FORGET_PATH 0x01
+
+/**
+ * PUSH_DIRECT_PATHS flag: cluster redirect
+ */
+#define ZT_PUSH_DIRECT_PATHS_FLAG_CLUSTER_REDIRECT 0x02
+
+// Field indexes in packet header
+#define ZT_PACKET_IDX_IV 0
+#define ZT_PACKET_IDX_DEST 8
+#define ZT_PACKET_IDX_SOURCE 13
+#define ZT_PACKET_IDX_FLAGS 18
+#define ZT_PACKET_IDX_MAC 19
+#define ZT_PACKET_IDX_VERB 27
+#define ZT_PACKET_IDX_PAYLOAD 28
+
+/**
+ * Packet buffer size (can be changed)
+ *
+ * The current value is big enough for ZT_MAX_PACKET_FRAGMENTS, the pragmatic
+ * packet fragment limit, times the default UDP MTU. Most packets won't be
+ * this big.
+ */
+#define ZT_PROTO_MAX_PACKET_LENGTH (ZT_MAX_PACKET_FRAGMENTS * ZT_UDP_DEFAULT_PAYLOAD_MTU)
+
+/**
+ * Minimum viable packet length (a.k.a. header length)
+ */
+#define ZT_PROTO_MIN_PACKET_LENGTH ZT_PACKET_IDX_PAYLOAD
+
+// Indexes of fields in fragment header
+#define ZT_PACKET_FRAGMENT_IDX_PACKET_ID 0
+#define ZT_PACKET_FRAGMENT_IDX_DEST 8
+#define ZT_PACKET_FRAGMENT_IDX_FRAGMENT_INDICATOR 13
+#define ZT_PACKET_FRAGMENT_IDX_FRAGMENT_NO 14
+#define ZT_PACKET_FRAGMENT_IDX_HOPS 15
+#define ZT_PACKET_FRAGMENT_IDX_PAYLOAD 16
+
+/**
+ * Magic number found at ZT_PACKET_FRAGMENT_IDX_FRAGMENT_INDICATOR
+ */
+#define ZT_PACKET_FRAGMENT_INDICATOR ZT_ADDRESS_RESERVED_PREFIX
+
+/**
+ * Minimum viable fragment length
+ */
+#define ZT_PROTO_MIN_FRAGMENT_LENGTH ZT_PACKET_FRAGMENT_IDX_PAYLOAD
+
+// Field incides for parsing verbs -------------------------------------------
+
+// Some verbs have variable-length fields. Those aren't fully defined here
+// yet-- instead they are parsed using relative indexes in IncomingPacket.
+// See their respective handler functions.
+
+#define ZT_PROTO_VERB_HELLO_IDX_PROTOCOL_VERSION (ZT_PACKET_IDX_PAYLOAD)
+#define ZT_PROTO_VERB_HELLO_IDX_MAJOR_VERSION (ZT_PROTO_VERB_HELLO_IDX_PROTOCOL_VERSION + 1)
+#define ZT_PROTO_VERB_HELLO_IDX_MINOR_VERSION (ZT_PROTO_VERB_HELLO_IDX_MAJOR_VERSION + 1)
+#define ZT_PROTO_VERB_HELLO_IDX_REVISION (ZT_PROTO_VERB_HELLO_IDX_MINOR_VERSION + 1)
+#define ZT_PROTO_VERB_HELLO_IDX_TIMESTAMP (ZT_PROTO_VERB_HELLO_IDX_REVISION + 2)
+#define ZT_PROTO_VERB_HELLO_IDX_IDENTITY (ZT_PROTO_VERB_HELLO_IDX_TIMESTAMP + 8)
+
+#define ZT_PROTO_VERB_ERROR_IDX_IN_RE_VERB (ZT_PACKET_IDX_PAYLOAD)
+#define ZT_PROTO_VERB_ERROR_IDX_IN_RE_PACKET_ID (ZT_PROTO_VERB_ERROR_IDX_IN_RE_VERB + 1)
+#define ZT_PROTO_VERB_ERROR_IDX_ERROR_CODE (ZT_PROTO_VERB_ERROR_IDX_IN_RE_PACKET_ID + 8)
+#define ZT_PROTO_VERB_ERROR_IDX_PAYLOAD (ZT_PROTO_VERB_ERROR_IDX_ERROR_CODE + 1)
+
+#define ZT_PROTO_VERB_OK_IDX_IN_RE_VERB (ZT_PACKET_IDX_PAYLOAD)
+#define ZT_PROTO_VERB_OK_IDX_IN_RE_PACKET_ID (ZT_PROTO_VERB_OK_IDX_IN_RE_VERB + 1)
+#define ZT_PROTO_VERB_OK_IDX_PAYLOAD (ZT_PROTO_VERB_OK_IDX_IN_RE_PACKET_ID + 8)
+
+#define ZT_PROTO_VERB_WHOIS_IDX_ZTADDRESS (ZT_PACKET_IDX_PAYLOAD)
+
+#define ZT_PROTO_VERB_RENDEZVOUS_IDX_FLAGS (ZT_PACKET_IDX_PAYLOAD)
+#define ZT_PROTO_VERB_RENDEZVOUS_IDX_ZTADDRESS (ZT_PROTO_VERB_RENDEZVOUS_IDX_FLAGS + 1)
+#define ZT_PROTO_VERB_RENDEZVOUS_IDX_PORT (ZT_PROTO_VERB_RENDEZVOUS_IDX_ZTADDRESS + 5)
+#define ZT_PROTO_VERB_RENDEZVOUS_IDX_ADDRLEN (ZT_PROTO_VERB_RENDEZVOUS_IDX_PORT + 2)
+#define ZT_PROTO_VERB_RENDEZVOUS_IDX_ADDRESS (ZT_PROTO_VERB_RENDEZVOUS_IDX_ADDRLEN + 1)
+
+#define ZT_PROTO_VERB_FRAME_IDX_NETWORK_ID (ZT_PACKET_IDX_PAYLOAD)
+#define ZT_PROTO_VERB_FRAME_IDX_ETHERTYPE (ZT_PROTO_VERB_FRAME_IDX_NETWORK_ID + 8)
+#define ZT_PROTO_VERB_FRAME_IDX_PAYLOAD (ZT_PROTO_VERB_FRAME_IDX_ETHERTYPE + 2)
+
+#define ZT_PROTO_VERB_EXT_FRAME_IDX_NETWORK_ID (ZT_PACKET_IDX_PAYLOAD)
+#define ZT_PROTO_VERB_EXT_FRAME_LEN_NETWORK_ID 8
+#define ZT_PROTO_VERB_EXT_FRAME_IDX_FLAGS (ZT_PROTO_VERB_EXT_FRAME_IDX_NETWORK_ID + ZT_PROTO_VERB_EXT_FRAME_LEN_NETWORK_ID)
+#define ZT_PROTO_VERB_EXT_FRAME_LEN_FLAGS 1
+#define ZT_PROTO_VERB_EXT_FRAME_IDX_COM (ZT_PROTO_VERB_EXT_FRAME_IDX_FLAGS + ZT_PROTO_VERB_EXT_FRAME_LEN_FLAGS)
+#define ZT_PROTO_VERB_EXT_FRAME_IDX_TO (ZT_PROTO_VERB_EXT_FRAME_IDX_FLAGS + ZT_PROTO_VERB_EXT_FRAME_LEN_FLAGS)
+#define ZT_PROTO_VERB_EXT_FRAME_LEN_TO 6
+#define ZT_PROTO_VERB_EXT_FRAME_IDX_FROM (ZT_PROTO_VERB_EXT_FRAME_IDX_TO + ZT_PROTO_VERB_EXT_FRAME_LEN_TO)
+#define ZT_PROTO_VERB_EXT_FRAME_LEN_FROM 6
+#define ZT_PROTO_VERB_EXT_FRAME_IDX_ETHERTYPE (ZT_PROTO_VERB_EXT_FRAME_IDX_FROM + ZT_PROTO_VERB_EXT_FRAME_LEN_FROM)
+#define ZT_PROTO_VERB_EXT_FRAME_LEN_ETHERTYPE 2
+#define ZT_PROTO_VERB_EXT_FRAME_IDX_PAYLOAD (ZT_PROTO_VERB_EXT_FRAME_IDX_ETHERTYPE + ZT_PROTO_VERB_EXT_FRAME_LEN_ETHERTYPE)
+
+#define ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST_IDX_NETWORK_ID (ZT_PACKET_IDX_PAYLOAD)
+#define ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST_IDX_DICT_LEN (ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST_IDX_NETWORK_ID + 8)
+#define ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST_IDX_DICT (ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST_IDX_DICT_LEN + 2)
+
+#define ZT_PROTO_VERB_MULTICAST_GATHER_IDX_NETWORK_ID (ZT_PACKET_IDX_PAYLOAD)
+#define ZT_PROTO_VERB_MULTICAST_GATHER_IDX_FLAGS (ZT_PROTO_VERB_MULTICAST_GATHER_IDX_NETWORK_ID + 8)
+#define ZT_PROTO_VERB_MULTICAST_GATHER_IDX_MAC (ZT_PROTO_VERB_MULTICAST_GATHER_IDX_FLAGS + 1)
+#define ZT_PROTO_VERB_MULTICAST_GATHER_IDX_ADI (ZT_PROTO_VERB_MULTICAST_GATHER_IDX_MAC + 6)
+#define ZT_PROTO_VERB_MULTICAST_GATHER_IDX_GATHER_LIMIT (ZT_PROTO_VERB_MULTICAST_GATHER_IDX_ADI + 4)
+
+// Note: COM, GATHER_LIMIT, and SOURCE_MAC are optional, and so are specified without size
+#define ZT_PROTO_VERB_MULTICAST_FRAME_IDX_NETWORK_ID (ZT_PACKET_IDX_PAYLOAD)
+#define ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FLAGS (ZT_PROTO_VERB_MULTICAST_FRAME_IDX_NETWORK_ID + 8)
+#define ZT_PROTO_VERB_MULTICAST_FRAME_IDX_COM (ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FLAGS + 1)
+#define ZT_PROTO_VERB_MULTICAST_FRAME_IDX_GATHER_LIMIT (ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FLAGS + 1)
+#define ZT_PROTO_VERB_MULTICAST_FRAME_IDX_SOURCE_MAC (ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FLAGS + 1)
+#define ZT_PROTO_VERB_MULTICAST_FRAME_IDX_DEST_MAC (ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FLAGS + 1)
+#define ZT_PROTO_VERB_MULTICAST_FRAME_IDX_DEST_ADI (ZT_PROTO_VERB_MULTICAST_FRAME_IDX_DEST_MAC + 6)
+#define ZT_PROTO_VERB_MULTICAST_FRAME_IDX_ETHERTYPE (ZT_PROTO_VERB_MULTICAST_FRAME_IDX_DEST_ADI + 4)
+#define ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FRAME (ZT_PROTO_VERB_MULTICAST_FRAME_IDX_ETHERTYPE + 2)
+
+#define ZT_PROTO_VERB_HELLO__OK__IDX_TIMESTAMP (ZT_PROTO_VERB_OK_IDX_PAYLOAD)
+#define ZT_PROTO_VERB_HELLO__OK__IDX_PROTOCOL_VERSION (ZT_PROTO_VERB_HELLO__OK__IDX_TIMESTAMP + 8)
+#define ZT_PROTO_VERB_HELLO__OK__IDX_MAJOR_VERSION (ZT_PROTO_VERB_HELLO__OK__IDX_PROTOCOL_VERSION + 1)
+#define ZT_PROTO_VERB_HELLO__OK__IDX_MINOR_VERSION (ZT_PROTO_VERB_HELLO__OK__IDX_MAJOR_VERSION + 1)
+#define ZT_PROTO_VERB_HELLO__OK__IDX_REVISION (ZT_PROTO_VERB_HELLO__OK__IDX_MINOR_VERSION + 1)
+
+#define ZT_PROTO_VERB_WHOIS__OK__IDX_IDENTITY (ZT_PROTO_VERB_OK_IDX_PAYLOAD)
+
+#define ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST__OK__IDX_NETWORK_ID (ZT_PROTO_VERB_OK_IDX_PAYLOAD)
+#define ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST__OK__IDX_DICT_LEN (ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST__OK__IDX_NETWORK_ID + 8)
+#define ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST__OK__IDX_DICT (ZT_PROTO_VERB_NETWORK_CONFIG_REQUEST__OK__IDX_DICT_LEN + 2)
+
+#define ZT_PROTO_VERB_MULTICAST_GATHER__OK__IDX_NETWORK_ID (ZT_PROTO_VERB_OK_IDX_PAYLOAD)
+#define ZT_PROTO_VERB_MULTICAST_GATHER__OK__IDX_MAC (ZT_PROTO_VERB_MULTICAST_GATHER__OK__IDX_NETWORK_ID + 8)
+#define ZT_PROTO_VERB_MULTICAST_GATHER__OK__IDX_ADI (ZT_PROTO_VERB_MULTICAST_GATHER__OK__IDX_MAC + 6)
+#define ZT_PROTO_VERB_MULTICAST_GATHER__OK__IDX_GATHER_RESULTS (ZT_PROTO_VERB_MULTICAST_GATHER__OK__IDX_ADI + 4)
+
+#define ZT_PROTO_VERB_MULTICAST_FRAME__OK__IDX_NETWORK_ID (ZT_PROTO_VERB_OK_IDX_PAYLOAD)
+#define ZT_PROTO_VERB_MULTICAST_FRAME__OK__IDX_MAC (ZT_PROTO_VERB_MULTICAST_FRAME__OK__IDX_NETWORK_ID + 8)
+#define ZT_PROTO_VERB_MULTICAST_FRAME__OK__IDX_ADI (ZT_PROTO_VERB_MULTICAST_FRAME__OK__IDX_MAC + 6)
+#define ZT_PROTO_VERB_MULTICAST_FRAME__OK__IDX_FLAGS (ZT_PROTO_VERB_MULTICAST_FRAME__OK__IDX_ADI + 4)
+#define ZT_PROTO_VERB_MULTICAST_FRAME__OK__IDX_COM_AND_GATHER_RESULTS (ZT_PROTO_VERB_MULTICAST_FRAME__OK__IDX_FLAGS + 1)
+
+// ---------------------------------------------------------------------------
+
+namespace ZeroTier {
+
+/**
+ * ZeroTier packet
+ *
+ * Packet format:
+ *   <[8] 64-bit random packet ID and crypto initialization vector>
+ *   <[5] destination ZT address>
+ *   <[5] source ZT address>
+ *   <[1] flags/cipher/hops>
+ *   <[8] 64-bit MAC (or trusted path ID in trusted path mode)>
+ *   [... -- begin encryption envelope -- ...]
+ *   <[1] encrypted flags (MS 3 bits) and verb (LS 5 bits)>
+ *   [... verb-specific payload ...]
+ *
+ * Packets smaller than 28 bytes are invalid and silently discarded.
+ *
+ * The flags/cipher/hops bit field is: FFCCCHHH where C is a 3-bit cipher
+ * selection allowing up to 7 cipher suites, F is outside-envelope flags,
+ * and H is hop count.
+ *
+ * The three-bit hop count is the only part of a packet that is mutable in
+ * transit without invalidating the MAC. All other bits in the packet are
+ * immutable. This is because intermediate nodes can increment the hop
+ * count up to 7 (protocol max).
+ *
+ * For unencrypted packets, MAC is computed on plaintext. Only HELLO is ever
+ * sent in the clear, as it's the "here is my public key" message.
+ */
+class Packet : public Buffer<ZT_PROTO_MAX_PACKET_LENGTH>
+{
+public:
+	/**
+	 * A packet fragment
+	 *
+	 * Fragments are sent if a packet is larger than UDP MTU. The first fragment
+	 * is sent with its normal header with the fragmented flag set. Remaining
+	 * fragments are sent this way.
+	 *
+	 * The fragmented bit indicates that there is at least one fragment. Fragments
+	 * themselves contain the total, so the receiver must "learn" this from the
+	 * first fragment it receives.
+	 *
+	 * Fragments are sent with the following format:
+	 *   <[8] packet ID of packet whose fragment this belongs to>
+	 *   <[5] destination ZT address>
+	 *   <[1] 0xff, a reserved address, signals that this isn't a normal packet>
+	 *   <[1] total fragments (most significant 4 bits), fragment no (LS 4 bits)>
+	 *   <[1] ZT hop count (top 5 bits unused and must be zero)>
+	 *   <[...] fragment data>
+	 *
+	 * The protocol supports a maximum of 16 fragments. If a fragment is received
+	 * before its main packet header, it should be cached for a brief period of
+	 * time to see if its parent arrives. Loss of any fragment constitutes packet
+	 * loss; there is no retransmission mechanism. The receiver must wait for full
+	 * receipt to authenticate and decrypt; there is no per-fragment MAC. (But if
+	 * fragments are corrupt, the MAC will fail for the whole assembled packet.)
+	 */
+	class Fragment : public Buffer<ZT_PROTO_MAX_PACKET_LENGTH>
+	{
+	public:
+		Fragment() :
+			Buffer<ZT_PROTO_MAX_PACKET_LENGTH>()
+		{
+		}
+
+		template<unsigned int C2>
+		Fragment(const Buffer<C2> &b)
+	 		throw(std::out_of_range) :
+	 		Buffer<ZT_PROTO_MAX_PACKET_LENGTH>(b)
+		{
+		}
+
+		Fragment(const void *data,unsigned int len) :
+			Buffer<ZT_PROTO_MAX_PACKET_LENGTH>(data,len)
+		{
+		}
+
+		/**
+		 * Initialize from a packet
+		 *
+		 * @param p Original assembled packet
+		 * @param fragStart Start of fragment (raw index in packet data)
+		 * @param fragLen Length of fragment in bytes
+		 * @param fragNo Which fragment (>= 1, since 0 is Packet with end chopped off)
+		 * @param fragTotal Total number of fragments (including 0)
+		 * @throws std::out_of_range Packet size would exceed buffer
+		 */
+		Fragment(const Packet &p,unsigned int fragStart,unsigned int fragLen,unsigned int fragNo,unsigned int fragTotal)
+			throw(std::out_of_range)
+		{
+			init(p,fragStart,fragLen,fragNo,fragTotal);
+		}
+
+		/**
+		 * Initialize from a packet
+		 *
+		 * @param p Original assembled packet
+		 * @param fragStart Start of fragment (raw index in packet data)
+		 * @param fragLen Length of fragment in bytes
+		 * @param fragNo Which fragment (>= 1, since 0 is Packet with end chopped off)
+		 * @param fragTotal Total number of fragments (including 0)
+		 * @throws std::out_of_range Packet size would exceed buffer
+		 */
+		inline void init(const Packet &p,unsigned int fragStart,unsigned int fragLen,unsigned int fragNo,unsigned int fragTotal)
+			throw(std::out_of_range)
+		{
+			if ((fragStart + fragLen) > p.size())
+				throw std::out_of_range("Packet::Fragment: tried to construct fragment of packet past its length");
+			setSize(fragLen + ZT_PROTO_MIN_FRAGMENT_LENGTH);
+
+			// NOTE: this copies both the IV/packet ID and the destination address.
+			memcpy(field(ZT_PACKET_FRAGMENT_IDX_PACKET_ID,13),p.field(ZT_PACKET_IDX_IV,13),13);
+
+			(*this)[ZT_PACKET_FRAGMENT_IDX_FRAGMENT_INDICATOR] = ZT_PACKET_FRAGMENT_INDICATOR;
+			(*this)[ZT_PACKET_FRAGMENT_IDX_FRAGMENT_NO] = (char)(((fragTotal & 0xf) << 4) | (fragNo & 0xf));
+			(*this)[ZT_PACKET_FRAGMENT_IDX_HOPS] = 0;
+
+			memcpy(field(ZT_PACKET_FRAGMENT_IDX_PAYLOAD,fragLen),p.field(fragStart,fragLen),fragLen);
+		}
+
+		/**
+		 * Get this fragment's destination
+		 *
+		 * @return Destination ZT address
+		 */
+		inline Address destination() const { return Address(field(ZT_PACKET_FRAGMENT_IDX_DEST,ZT_ADDRESS_LENGTH),ZT_ADDRESS_LENGTH); }
+
+		/**
+		 * @return True if fragment is of a valid length
+		 */
+		inline bool lengthValid() const { return (size() >= ZT_PACKET_FRAGMENT_IDX_PAYLOAD); }
+
+		/**
+		 * @return ID of packet this is a fragment of
+		 */
+		inline uint64_t packetId() const { return at<uint64_t>(ZT_PACKET_FRAGMENT_IDX_PACKET_ID); }
+
+		/**
+		 * @return Total number of fragments in packet
+		 */
+		inline unsigned int totalFragments() const { return (((unsigned int)((*this)[ZT_PACKET_FRAGMENT_IDX_FRAGMENT_NO]) >> 4) & 0xf); }
+
+		/**
+		 * @return Fragment number of this fragment
+		 */
+		inline unsigned int fragmentNumber() const { return ((unsigned int)((*this)[ZT_PACKET_FRAGMENT_IDX_FRAGMENT_NO]) & 0xf); }
+
+		/**
+		 * @return Fragment ZT hop count
+		 */
+		inline unsigned int hops() const { return (unsigned int)((*this)[ZT_PACKET_FRAGMENT_IDX_HOPS]); }
+
+		/**
+		 * Increment this packet's hop count
+		 */
+		inline void incrementHops()
+		{
+			(*this)[ZT_PACKET_FRAGMENT_IDX_HOPS] = (((*this)[ZT_PACKET_FRAGMENT_IDX_HOPS]) + 1) & ZT_PROTO_MAX_HOPS;
+		}
+
+		/**
+		 * @return Length of payload in bytes
+		 */
+		inline unsigned int payloadLength() const { return ((size() > ZT_PACKET_FRAGMENT_IDX_PAYLOAD) ? (size() - ZT_PACKET_FRAGMENT_IDX_PAYLOAD) : 0); }
+
+		/**
+		 * @return Raw packet payload
+		 */
+		inline const unsigned char *payload() const
+		{
+			return field(ZT_PACKET_FRAGMENT_IDX_PAYLOAD,size() - ZT_PACKET_FRAGMENT_IDX_PAYLOAD);
+		}
+	};
+
+	/**
+	 * ZeroTier protocol verbs
+	 */
+	enum Verb /* Max value: 32 (5 bits) */
+	{
+		/**
+		 * No operation (ignored, no reply)
+		 */
+		VERB_NOP = 0,
+
+		/**
+		 * Announcement of a node's existence:
+		 *   <[1] protocol version>
+		 *   <[1] software major version>
+		 *   <[1] software minor version>
+		 *   <[2] software revision>
+		 *   <[8] timestamp (ms since epoch)>
+		 *   <[...] binary serialized identity (see Identity)>
+		 *   <[1] destination address type>
+		 *   [<[...] destination address>]
+		 *   <[8] 64-bit world ID of current world>
+		 *   <[8] 64-bit timestamp of current world>
+		 *
+		 * This is the only message that ever must be sent in the clear, since it
+		 * is used to push an identity to a new peer.
+		 *
+		 * The destination address is the wire address to which this packet is
+		 * being sent, and in OK is *also* the destination address of the OK
+		 * packet. This can be used by the receiver to detect NAT, learn its real
+		 * external address if behind NAT, and detect changes to its external
+		 * address that require re-establishing connectivity.
+		 *
+		 * Destination address types and formats (not all of these are used now):
+		 *   0x00 - None -- no destination address data present
+		 *   0x01 - Ethernet address -- format: <[6] Ethernet MAC>
+		 *   0x04 - 6-byte IPv4 UDP address/port -- format: <[4] IP>, <[2] port>
+		 *   0x06 - 18-byte IPv6 UDP address/port -- format: <[16] IP>, <[2] port>
+		 *
+		 * OK payload:
+		 *   <[8] timestamp (echoed from original HELLO)>
+		 *   <[1] protocol version (of responder)>
+		 *   <[1] software major version (of responder)>
+		 *   <[1] software minor version (of responder)>
+		 *   <[2] software revision (of responder)>
+		 *   <[1] destination address type (for this OK, not copied from HELLO)>
+		 *   [<[...] destination address>]
+		 *   <[2] 16-bit length of world update or 0 if none>
+		 *   [[...] world update]
+		 *
+		 * ERROR has no payload.
+		 */
+		VERB_HELLO = 1,
+
+		/**
+		 * Error response:
+		 *   <[1] in-re verb>
+		 *   <[8] in-re packet ID>
+		 *   <[1] error code>
+		 *   <[...] error-dependent payload>
+		 */
+		VERB_ERROR = 2,
+
+		/**
+		 * Success response:
+		 *   <[1] in-re verb>
+		 *   <[8] in-re packet ID>
+		 *   <[...] request-specific payload>
+		 */
+		VERB_OK = 3,
+
+		/**
+		 * Query an identity by address:
+		 *   <[5] address to look up>
+		 *
+		 * OK response payload:
+		 *   <[...] binary serialized identity>
+		 *
+		 * If querying a cluster, duplicate OK responses may occasionally occur.
+		 * These should be discarded.
+		 *
+		 * If the address is not found, no response is generated. WHOIS requests
+		 * will time out much like ARP requests and similar do in L2.
+		 */
+		VERB_WHOIS = 4,
+
+		/**
+		 * Meet another node at a given protocol address:
+		 *   <[1] flags (unused, currently 0)>
+		 *   <[5] ZeroTier address of peer that might be found at this address>
+		 *   <[2] 16-bit protocol address port>
+		 *   <[1] protocol address length (4 for IPv4, 16 for IPv6)>
+		 *   <[...] protocol address (network byte order)>
+		 *
+		 * This is sent by a relaying node to initiate NAT traversal between two
+		 * peers that are communicating by way of indirect relay. The relay will
+		 * send this to both peers at the same time on a periodic basis, telling
+		 * each where it might find the other on the network.
+		 *
+		 * Upon receipt a peer sends HELLO to establish a direct link.
+		 *
+		 * Nodes should implement rate control, limiting the rate at which they
+		 * respond to these packets to prevent their use in DDOS attacks. Nodes
+		 * may also ignore these messages if a peer is not known or is not being
+		 * actively communicated with.
+		 *
+		 * Unfortunately the physical address format in this message pre-dates
+		 * InetAddress's serialization format. :( ZeroTier is four years old and
+		 * yes we've accumulated a tiny bit of cruft here and there.
+		 *
+		 * No OK or ERROR is generated.
+		 */
+		VERB_RENDEZVOUS = 5,
+
+		/**
+		 * ZT-to-ZT unicast ethernet frame (shortened EXT_FRAME):
+		 *   <[8] 64-bit network ID>
+		 *   <[2] 16-bit ethertype>
+		 *   <[...] ethernet payload>
+		 *
+		 * MAC addresses are derived from the packet's source and destination
+		 * ZeroTier addresses. This is a shortened EXT_FRAME that elides full
+		 * Ethernet framing and other optional flags and features when they
+		 * are not necessary.
+		 *
+		 * ERROR may be generated if a membership certificate is needed for a
+		 * closed network. Payload will be network ID.
+		 */
+		VERB_FRAME = 6,
+
+		/**
+		 * Full Ethernet frame with MAC addressing and optional fields:
+		 *   <[8] 64-bit network ID>
+		 *   <[1] flags>
+		 *  [<[...] certificate of network membership>]
+		 *   <[6] destination MAC or all zero for destination node>
+		 *   <[6] source MAC or all zero for node of origin>
+		 *   <[2] 16-bit ethertype>
+		 *   <[...] ethernet payload>
+		 *
+		 * Flags:
+		 *   0x01 - Certificate of network membership is attached
+		 *
+		 * An extended frame carries full MAC addressing, making them a
+		 * superset of VERB_FRAME. They're used for bridging or when we
+		 * want to attach a certificate since FRAME does not support that.
+		 *
+		 * Multicast frames may not be sent as EXT_FRAME.
+		 *
+		 * ERROR may be generated if a membership certificate is needed for a
+		 * closed network. Payload will be network ID.
+		 */
+		VERB_EXT_FRAME = 7,
+
+		/**
+		 * ECHO request (a.k.a. ping):
+		 *   <[...] arbitrary payload>
+		 *
+		 * This generates OK with a copy of the transmitted payload. No ERROR
+		 * is generated. Response to ECHO requests is optional and ECHO may be
+		 * ignored if a node detects a possible flood.
+		 */
+		VERB_ECHO = 8,
+
+		/**
+		 * Announce interest in multicast group(s):
+		 *   <[8] 64-bit network ID>
+		 *   <[6] multicast Ethernet address>
+		 *   <[4] multicast additional distinguishing information (ADI)>
+		 *   [... additional tuples of network/address/adi ...]
+		 *
+		 * LIKEs may be sent to any peer, though a good implementation should
+		 * restrict them to peers on the same network they're for and to network
+		 * controllers and root servers. In the current network, root servers
+		 * will provide the service of final multicast cache.
+		 *
+		 * It is recommended that NETWORK_MEMBERSHIP_CERTIFICATE pushes be sent
+		 * along with MULTICAST_LIKE when pushing LIKEs to peers that do not
+		 * share a network membership (such as root servers), since this can be
+		 * used to authenticate GATHER requests and limit responses to peers
+		 * authorized to talk on a network. (Should be an optional field here,
+		 * but saving one or two packets every five minutes is not worth an
+		 * ugly hack or protocol rev.)
+		 *
+		 * OK/ERROR are not generated.
+		 */
+		VERB_MULTICAST_LIKE = 9,
+
+		/**
+		 * Network member certificate replication/push:
+		 *   <[...] serialized certificate of membership>
+		 *   [ ... additional certificates may follow ...]
+		 *
+		 * This is sent in response to ERROR_NEED_MEMBERSHIP_CERTIFICATE and may
+		 * be pushed at any other time to keep exchanged certificates up to date.
+		 *
+		 * OK/ERROR are not generated.
+		 */
+		VERB_NETWORK_MEMBERSHIP_CERTIFICATE = 10,
+
+		/**
+		 * Network configuration request:
+		 *   <[8] 64-bit network ID>
+		 *   <[2] 16-bit length of request meta-data dictionary>
+		 *   <[...] string-serialized request meta-data>
+		 *  [<[8] 64-bit revision of netconf we currently have>]
+		 *
+		 * This message requests network configuration from a node capable of
+		 * providing it. If the optional revision is included, a response is
+		 * only generated if there is a newer network configuration available.
+		 *
+		 * OK response payload:
+		 *   <[8] 64-bit network ID>
+		 *   <[2] 16-bit length of network configuration dictionary>
+		 *   <[...] network configuration dictionary>
+		 *
+		 * OK returns a Dictionary (string serialized) containing the network's
+		 * configuration and IP address assignment information for the querying
+		 * node. It also contains a membership certificate that the querying
+		 * node can push to other peers to demonstrate its right to speak on
+		 * a given network.
+		 *
+		 * When a new network configuration is received, another config request
+		 * should be sent with the new netconf's revision. This confirms receipt
+		 * and also causes any subsequent changes to rapidly propagate as this
+		 * cycle will repeat until there are no changes. This is optional but
+		 * recommended behavior.
+		 *
+		 * ERROR response payload:
+		 *   <[8] 64-bit network ID>
+		 *
+		 * UNSUPPORTED_OPERATION is returned if this service is not supported,
+		 * and OBJ_NOT_FOUND if the queried network ID was not found.
+		 */
+		VERB_NETWORK_CONFIG_REQUEST = 11,
+
+		/**
+		 * Network configuration refresh request:
+		 *   <[...] array of 64-bit network IDs>
+		 *
+		 * This can be sent by the network controller to inform a node that it
+		 * should now make a NETWORK_CONFIG_REQUEST.
+		 *
+		 * It does not generate an OK or ERROR message, and is treated only as
+		 * a hint to refresh now.
+		 */
+		VERB_NETWORK_CONFIG_REFRESH = 12,
+
+		/**
+		 * Request endpoints for multicast distribution:
+		 *   <[8] 64-bit network ID>
+		 *   <[1] flags>
+		 *   <[6] MAC address of multicast group being queried>
+		 *   <[4] 32-bit ADI for multicast group being queried>
+		 *   <[4] 32-bit requested max number of multicast peers>
+		 *  [<[...] network certificate of membership>]
+		 *
+		 * Flags:
+		 *   0x01 - Network certificate of membership is attached
+		 *
+		 * This message asks a peer for additional known endpoints that have
+		 * LIKEd a given multicast group. It's sent when the sender wishes
+		 * to send multicast but does not have the desired number of recipient
+		 * peers.
+		 *
+		 * More than one OK response can occur if the response is broken up across
+		 * multiple packets or if querying a clustered node.
+		 *
+		 * OK response payload:
+		 *   <[8] 64-bit network ID>
+		 *   <[6] MAC address of multicast group being queried>
+		 *   <[4] 32-bit ADI for multicast group being queried>
+		 *   [begin gather results -- these same fields can be in OK(MULTICAST_FRAME)]
+		 *   <[4] 32-bit total number of known members in this multicast group>
+		 *   <[2] 16-bit number of members enumerated in this packet>
+		 *   <[...] series of 5-byte ZeroTier addresses of enumerated members>
+		 *
+		 * ERROR is not generated; queries that return no response are dropped.
+		 */
+		VERB_MULTICAST_GATHER = 13,
+
+		/**
+		 * Multicast frame:
+		 *   <[8] 64-bit network ID>
+		 *   <[1] flags>
+		 *  [<[...] network certificate of membership>]
+		 *  [<[4] 32-bit implicit gather limit>]
+		 *  [<[6] source MAC>]
+		 *   <[6] destination MAC (multicast address)>
+		 *   <[4] 32-bit multicast ADI (multicast address extension)>
+		 *   <[2] 16-bit ethertype>
+		 *   <[...] ethernet payload>
+		 *
+		 * Flags:
+		 *   0x01 - Network certificate of membership is attached
+		 *   0x02 - Implicit gather limit field is present
+		 *   0x04 - Source MAC is specified -- otherwise it's computed from sender
+		 *
+		 * OK and ERROR responses are optional. OK may be generated if there are
+		 * implicit gather results or if the recipient wants to send its own
+		 * updated certificate of network membership to the sender. ERROR may be
+		 * generated if a certificate is needed or if multicasts to this group
+		 * are no longer wanted (multicast unsubscribe).
+		 *
+		 * OK response payload:
+		 *   <[8] 64-bit network ID>
+		 *   <[6] MAC address of multicast group>
+		 *   <[4] 32-bit ADI for multicast group>
+		 *   <[1] flags>
+		 *  [<[...] network certficate of membership>]
+		 *  [<[...] implicit gather results if flag 0x01 is set>]
+		 *
+		 * OK flags (same bits as request flags):
+		 *   0x01 - OK includes certificate of network membership
+		 *   0x02 - OK includes implicit gather results
+		 *
+		 * ERROR response payload:
+		 *   <[8] 64-bit network ID>
+		 *   <[6] multicast group MAC>
+		 *   <[4] 32-bit multicast group ADI>
+		 */
+		VERB_MULTICAST_FRAME = 14,
+
+		/**
+		 * Push of potential endpoints for direct communication:
+		 *   <[2] 16-bit number of paths>
+		 *   <[...] paths>
+		 *
+		 * Path record format:
+		 *   <[1] 8-bit path flags>
+		 *   <[2] length of extended path characteristics or 0 for none>
+		 *   <[...] extended path characteristics>
+		 *   <[1] address type>
+		 *   <[1] address length in bytes>
+		 *   <[...] address>
+		 *
+		 * Path record flags:
+		 *   0x01 - Forget this path if currently known (not implemented yet)
+		 *   0x02 - Cluster redirect -- use this in preference to others
+		 *
+		 * The receiver may, upon receiving a push, attempt to establish a
+		 * direct link to one or more of the indicated addresses. It is the
+		 * responsibility of the sender to limit which peers it pushes direct
+		 * paths to to those with whom it has a trust relationship. The receiver
+		 * must obey any restrictions provided such as exclusivity or blacklists.
+		 * OK responses to this message are optional.
+		 *
+		 * Note that a direct path push does not imply that learned paths can't
+		 * be used unless they are blacklisted explicitly or unless flag 0x01
+		 * is set.
+		 *
+		 * Only a subset of this functionality is currently implemented: basic
+		 * path pushing and learning. Blacklisting and trust are not fully
+		 * implemented yet (encryption is still always used).
+		 *
+		 * OK and ERROR are not generated.
+		 */
+		VERB_PUSH_DIRECT_PATHS = 16,
+
+		/**
+		 * Source-routed circuit test message:
+		 *   <[5] address of originator of circuit test>
+		 *   <[2] 16-bit flags>
+		 *   <[8] 64-bit timestamp>
+		 *   <[8] 64-bit test ID (arbitrary, set by tester)>
+		 *   <[2] 16-bit originator credential length (includes type)>
+		 *   [[1] originator credential type (for authorizing test)]
+		 *   [[...] originator credential]
+		 *   <[2] 16-bit length of additional fields>
+		 *   [[...] additional fields]
+		 *   [ ... end of signed portion of request ... ]
+		 *   <[2] 16-bit length of signature of request>
+		 *   <[...] signature of request by originator>
+		 *   <[2] 16-bit previous hop credential length (including type)>
+		 *   [[1] previous hop credential type]
+		 *   [[...] previous hop credential]
+		 *   <[...] next hop(s) in path>
+		 *
+		 * Flags:
+		 *   0x01 - Report back to originator at middle hops
+		 *   0x02 - Report back to originator at last hop
+		 *
+		 * Originator credential types:
+		 *   0x01 - 64-bit network ID for which originator is controller
+		 *
+		 * Previous hop credential types:
+		 *   0x01 - Certificate of network membership
+		 *
+		 * Path record format:
+		 *   <[1] 8-bit flags (unused, must be zero)>
+		 *   <[1] 8-bit breadth (number of next hops)>
+		 *   <[...] one or more ZeroTier addresses of next hops>
+		 *
+		 * The circuit test allows a device to send a message that will traverse
+		 * the network along a specified path, with each hop optionally reporting
+		 * back to the tester via VERB_CIRCUIT_TEST_REPORT.
+		 *
+		 * Each circuit test packet includes a digital signature by the originator
+		 * of the request, as well as a credential by which that originator claims
+		 * authorization to perform the test. Currently this signature is ed25519,
+		 * but in the future flags might be used to indicate an alternative
+		 * algorithm. For example, the originator might be a network controller.
+		 * In this case the test might be authorized if the recipient is a member
+		 * of a network controlled by it, and if the previous hop(s) are also
+		 * members. Each hop may include its certificate of network membership.
+		 *
+		 * Circuit test paths consist of a series of records. When a node receives
+		 * an authorized circuit test, it:
+		 *
+		 * (1) Reports back to circuit tester as flags indicate
+		 * (2) Reads and removes the next hop from the packet's path
+		 * (3) Sends the packet along to next hop(s), if any.
+		 *
+		 * It is perfectly legal for a path to contain the same hop more than
+		 * once. In fact, this can be a very useful test to determine if a hop
+		 * can be reached bidirectionally and if so what that connectivity looks
+		 * like.
+		 *
+		 * The breadth field in source-routed path records allows a hop to forward
+		 * to more than one recipient, allowing the tester to specify different
+		 * forms of graph traversal in a test.
+		 *
+		 * There is no hard limit to the number of hops in a test, but it is
+		 * practically limited by the maximum size of a (possibly fragmented)
+		 * ZeroTier packet.
+		 *
+		 * Support for circuit tests is optional. If they are not supported, the
+		 * node should respond with an UNSUPPORTED_OPERATION error. If a circuit
+		 * test request is not authorized, it may be ignored or reported as
+		 * an INVALID_REQUEST. No OK messages are generated, but TEST_REPORT
+		 * messages may be sent (see below).
+		 *
+		 * ERROR packet format:
+		 *   <[8] 64-bit timestamp (echoed from original>
+		 *   <[8] 64-bit test ID (echoed from original)>
+		 */
+		VERB_CIRCUIT_TEST = 17,
+
+		/**
+		 * Circuit test hop report:
+		 *   <[8] 64-bit timestamp (from original test)>
+		 *   <[8] 64-bit test ID (from original test)>
+		 *   <[8] 64-bit reserved field (set to 0, currently unused)>
+		 *   <[1] 8-bit vendor ID (set to 0, currently unused)>
+		 *   <[1] 8-bit reporter protocol version>
+		 *   <[1] 8-bit reporter major version>
+		 *   <[1] 8-bit reporter minor version>
+		 *   <[2] 16-bit reporter revision>
+		 *   <[2] 16-bit reporter OS/platform>
+		 *   <[2] 16-bit reporter architecture>
+		 *   <[2] 16-bit error code (set to 0, currently unused)>
+		 *   <[8] 64-bit report flags (set to 0, currently unused)>
+		 *   <[8] 64-bit source packet ID>
+		 *   <[5] upstream ZeroTier address from which test was received>
+		 *   <[1] 8-bit source packet hop count (ZeroTier hop count)>
+		 *   <[...] local wire address on which packet was received>
+		 *   <[...] remote wire address from which packet was received>
+		 *   <[2] 16-bit length of additional fields>
+		 *   <[...] additional fields>
+		 *   <[1] 8-bit number of next hops (breadth)>
+		 *   <[...] next hop information>
+		 *
+		 * Next hop information record format:
+		 *   <[5] ZeroTier address of next hop>
+		 *   <[...] current best direct path address, if any, 0 if none>
+		 *
+		 * Circuit test reports can be sent by hops in a circuit test to report
+		 * back results. They should include information about the sender as well
+		 * as about the paths to which next hops are being sent.
+		 *
+		 * If a test report is received and no circuit test was sent, it should be
+		 * ignored. This message generates no OK or ERROR response.
+		 */
+		VERB_CIRCUIT_TEST_REPORT = 18,
+
+		/**
+		 * Request proof of work:
+		 *   <[1] 8-bit proof of work type>
+		 *   <[1] 8-bit proof of work difficulty>
+		 *   <[2] 16-bit length of proof of work challenge>
+		 *   <[...] proof of work challenge>
+		 *
+		 * This requests that a peer perform a proof of work calucation. It can be
+		 * sent by highly trusted peers (e.g. root servers, network controllers)
+		 * under suspected denial of service conditions in an attempt to filter
+		 * out "non-serious" peers and remain responsive to those proving their
+		 * intent to actually communicate.
+		 *
+		 * If the peer obliges to perform the work, it does so and responds with
+		 * an OK containing the result. Otherwise it may ignore the message or
+		 * response with an ERROR_INVALID_REQUEST or ERROR_UNSUPPORTED_OPERATION.
+		 *
+		 * Proof of work type IDs:
+		 *   0x01 - Salsa20/12+SHA512 hashcash function
+		 *
+		 * Salsa20/12+SHA512 is based on the following composite hash function:
+		 *
+		 * (1) Compute SHA512(candidate)
+		 * (2) Use the first 256 bits of the result of #1 as a key to encrypt
+		 *     131072 zero bytes with Salsa20/12 (with a zero IV).
+		 * (3) Compute SHA512(the result of step #2)
+		 * (4) Accept this candiate if the first [difficulty] bits of the result
+		 *     from step #3 are zero. Otherwise generate a new candidate and try
+		 *     again.
+		 *
+		 * This is performed repeatedly on candidates generated by appending the
+		 * supplied challenge to an arbitrary nonce until a valid candidate
+		 * is found. This chosen prepended nonce is then returned as the result
+		 * in OK.
+		 *
+		 * OK payload:
+		 *   <[2] 16-bit length of result>
+		 *   <[...] computed proof of work>
+		 *
+		 * ERROR has no payload.
+		 */
+		VERB_REQUEST_PROOF_OF_WORK = 19
+	};
+
+	/**
+	 * Error codes for VERB_ERROR
+	 */
+	enum ErrorCode
+	{
+		/* No error, not actually used in transit */
+		ERROR_NONE = 0,
+
+		/* Invalid request */
+		ERROR_INVALID_REQUEST = 1,
+
+		/* Bad/unsupported protocol version */
+		ERROR_BAD_PROTOCOL_VERSION = 2,
+
+		/* Unknown object queried */
+		ERROR_OBJ_NOT_FOUND = 3,
+
+		/* HELLO pushed an identity whose address is already claimed */
+		ERROR_IDENTITY_COLLISION = 4,
+
+		/* Verb or use case not supported/enabled by this node */
+		ERROR_UNSUPPORTED_OPERATION = 5,
+
+		/* Message to private network rejected -- no unexpired certificate on file */
+		ERROR_NEED_MEMBERSHIP_CERTIFICATE = 6,
+
+		/* Tried to join network, but you're not a member */
+		ERROR_NETWORK_ACCESS_DENIED_ = 7, /* extra _ to avoid Windows name conflict */
+
+		/* Multicasts to this group are not wanted */
+		ERROR_UNWANTED_MULTICAST = 8
+	};
+
+//#ifdef ZT_TRACE
+	static const char *verbString(Verb v)
+		throw();
+	static const char *errorString(ErrorCode e)
+		throw();
+//#endif
+
+	template<unsigned int C2>
+	Packet(const Buffer<C2> &b) :
+ 		Buffer<ZT_PROTO_MAX_PACKET_LENGTH>(b)
+	{
+	}
+
+	Packet(const void *data,unsigned int len) :
+		Buffer<ZT_PROTO_MAX_PACKET_LENGTH>(data,len)
+	{
+	}
+
+	/**
+	 * Construct a new empty packet with a unique random packet ID
+	 *
+	 * Flags and hops will be zero. Other fields and data region are undefined.
+	 * Use the header access methods (setDestination() and friends) to fill out
+	 * the header. Payload should be appended; initial size is header size.
+	 */
+	Packet() :
+		Buffer<ZT_PROTO_MAX_PACKET_LENGTH>(ZT_PROTO_MIN_PACKET_LENGTH)
+	{
+		Utils::getSecureRandom(field(ZT_PACKET_IDX_IV,8),8);
+		(*this)[ZT_PACKET_IDX_FLAGS] = 0; // zero flags, cipher ID, and hops
+	}
+
+	/**
+	 * Make a copy of a packet with a new initialization vector and destination address
+	 *
+	 * This can be used to take one draft prototype packet and quickly make copies to
+	 * encrypt for different destinations.
+	 *
+	 * @param prototype Prototype packet
+	 * @param dest Destination ZeroTier address for new packet
+	 */
+	Packet(const Packet &prototype,const Address &dest) :
+		Buffer<ZT_PROTO_MAX_PACKET_LENGTH>(prototype)
+	{
+		Utils::getSecureRandom(field(ZT_PACKET_IDX_IV,8),8);
+		setDestination(dest);
+	}
+
+	/**
+	 * Construct a new empty packet with a unique random packet ID
+	 *
+	 * @param dest Destination ZT address
+	 * @param source Source ZT address
+	 * @param v Verb
+	 */
+	Packet(const Address &dest,const Address &source,const Verb v) :
+		Buffer<ZT_PROTO_MAX_PACKET_LENGTH>(ZT_PROTO_MIN_PACKET_LENGTH)
+	{
+		Utils::getSecureRandom(field(ZT_PACKET_IDX_IV,8),8);
+		setDestination(dest);
+		setSource(source);
+		(*this)[ZT_PACKET_IDX_FLAGS] = 0; // zero flags and hops
+		setVerb(v);
+	}
+
+	/**
+	 * Reset this packet structure for reuse in place
+	 *
+	 * @param dest Destination ZT address
+	 * @param source Source ZT address
+	 * @param v Verb
+	 */
+	inline void reset(const Address &dest,const Address &source,const Verb v)
+	{
+		setSize(ZT_PROTO_MIN_PACKET_LENGTH);
+		Utils::getSecureRandom(field(ZT_PACKET_IDX_IV,8),8);
+		setDestination(dest);
+		setSource(source);
+		(*this)[ZT_PACKET_IDX_FLAGS] = 0; // zero flags, cipher ID, and hops
+		setVerb(v);
+	}
+
+	/**
+	 * Generate a new IV / packet ID in place
+	 *
+	 * This can be used to re-use a packet buffer multiple times to send
+	 * technically different but otherwise identical copies of the same
+	 * packet.
+	 */
+	inline void newInitializationVector() { Utils::getSecureRandom(field(ZT_PACKET_IDX_IV,8),8); }
+
+	/**
+	 * Set this packet's destination
+	 *
+	 * @param dest ZeroTier address of destination
+	 */
+	inline void setDestination(const Address &dest) { dest.copyTo(field(ZT_PACKET_IDX_DEST,ZT_ADDRESS_LENGTH),ZT_ADDRESS_LENGTH); }
+
+	/**
+	 * Set this packet's source
+	 *
+	 * @param source ZeroTier address of source
+	 */
+	inline void setSource(const Address &source) { source.copyTo(field(ZT_PACKET_IDX_SOURCE,ZT_ADDRESS_LENGTH),ZT_ADDRESS_LENGTH); }
+
+	/**
+	 * Get this packet's destination
+	 *
+	 * @return Destination ZT address
+	 */
+	inline Address destination() const { return Address(field(ZT_PACKET_IDX_DEST,ZT_ADDRESS_LENGTH),ZT_ADDRESS_LENGTH); }
+
+	/**
+	 * Get this packet's source
+	 *
+	 * @return Source ZT address
+	 */
+	inline Address source() const { return Address(field(ZT_PACKET_IDX_SOURCE,ZT_ADDRESS_LENGTH),ZT_ADDRESS_LENGTH); }
+
+	/**
+	 * @return True if packet is of valid length
+	 */
+	inline bool lengthValid() const { return (size() >= ZT_PROTO_MIN_PACKET_LENGTH); }
+
+	/**
+	 * @return True if packet is fragmented (expect fragments)
+	 */
+	inline bool fragmented() const { return (((unsigned char)(*this)[ZT_PACKET_IDX_FLAGS] & ZT_PROTO_FLAG_FRAGMENTED) != 0); }
+
+	/**
+	 * Set this packet's fragmented flag
+	 *
+	 * @param f Fragmented flag value
+	 */
+	inline void setFragmented(bool f)
+	{
+		if (f)
+			(*this)[ZT_PACKET_IDX_FLAGS] |= (char)ZT_PROTO_FLAG_FRAGMENTED;
+		else (*this)[ZT_PACKET_IDX_FLAGS] &= (char)(~ZT_PROTO_FLAG_FRAGMENTED);
+	}
+
+	/**
+	 * @return True if compressed (result only valid if unencrypted)
+	 */
+	inline bool compressed() const { return (((unsigned char)(*this)[ZT_PACKET_IDX_VERB] & ZT_PROTO_VERB_FLAG_COMPRESSED) != 0); }
+
+	/**
+	 * @return ZeroTier forwarding hops (0 to 7)
+	 */
+	inline unsigned int hops() const { return ((unsigned int)(*this)[ZT_PACKET_IDX_FLAGS] & 0x07); }
+
+	/**
+	 * Increment this packet's hop count
+	 */
+	inline void incrementHops()
+	{
+		unsigned char &b = (*this)[ZT_PACKET_IDX_FLAGS];
+		b = (b & 0xf8) | ((b + 1) & 0x07);
+	}
+
+	/**
+	 * @return Cipher suite selector: 0 - 7 (see #defines)
+	 */
+	inline unsigned int cipher() const
+	{
+		return (((unsigned int)(*this)[ZT_PACKET_IDX_FLAGS] & 0x38) >> 3);
+	}
+
+	/**
+	 * Set this packet's cipher suite
+	 */
+	inline void setCipher(unsigned int c)
+	{
+		unsigned char &b = (*this)[ZT_PACKET_IDX_FLAGS];
+		b = (b & 0xc7) | (unsigned char)((c << 3) & 0x38); // bits: FFCCCHHH
+		// Set DEPRECATED "encrypted" flag -- used by pre-1.0.3 peers
+		if (c == ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_SALSA2012)
+			b |= ZT_PROTO_FLAG_ENCRYPTED;
+		else b &= (~ZT_PROTO_FLAG_ENCRYPTED);
+	}
+
+	/**
+	 * Get the trusted path ID for this packet (only meaningful if cipher is trusted path)
+	 *
+	 * @return Trusted path ID (from MAC field)
+	 */
+	inline uint64_t trustedPathId() const { return at<uint64_t>(ZT_PACKET_IDX_MAC); }
+
+	/**
+	 * Set this packet's trusted path ID and set the cipher spec to trusted path
+	 *
+	 * @param tpid Trusted path ID
+	 */
+	inline void setTrusted(const uint64_t tpid)
+	{
+		setCipher(ZT_PROTO_CIPHER_SUITE__NO_CRYPTO_TRUSTED_PATH);
+		setAt(ZT_PACKET_IDX_MAC,tpid);
+	}
+
+	/**
+	 * Get this packet's unique ID (the IV field interpreted as uint64_t)
+	 *
+	 * @return Packet ID
+	 */
+	inline uint64_t packetId() const { return at<uint64_t>(ZT_PACKET_IDX_IV); }
+
+	/**
+	 * Set packet verb
+	 *
+	 * This also has the side-effect of clearing any verb flags, such as
+	 * compressed, and so must only be done during packet composition.
+	 *
+	 * @param v New packet verb
+	 */
+	inline void setVerb(Verb v) { (*this)[ZT_PACKET_IDX_VERB] = (char)v; }
+
+	/**
+	 * @return Packet verb (not including flag bits)
+	 */
+	inline Verb verb() const { return (Verb)((*this)[ZT_PACKET_IDX_VERB] & 0x1f); }
+
+	/**
+	 * @return Length of packet payload
+	 */
+	inline unsigned int payloadLength() const { return ((size() < ZT_PROTO_MIN_PACKET_LENGTH) ? 0 : (size() - ZT_PROTO_MIN_PACKET_LENGTH)); }
+
+	/**
+	 * @return Raw packet payload
+	 */
+	inline const unsigned char *payload() const { return field(ZT_PACKET_IDX_PAYLOAD,size() - ZT_PACKET_IDX_PAYLOAD); }
+
+	/**
+	 * Armor packet for transport
+	 *
+	 * @param key 32-byte key
+	 * @param encryptPayload If true, encrypt packet payload, else just MAC
+	 */
+	void armor(const void *key,bool encryptPayload);
+
+	/**
+	 * Verify and (if encrypted) decrypt packet
+	 *
+	 * This does not handle trusted path mode packets and will return false
+	 * for these. These are handled in IncomingPacket if the sending physical
+	 * address and MAC field match a trusted path.
+	 *
+	 * @param key 32-byte key
+	 * @return False if packet is invalid or failed MAC authenticity check
+	 */
+	bool dearmor(const void *key);
+
+	/**
+	 * Attempt to compress payload if not already (must be unencrypted)
+	 *
+	 * This requires that the payload at least contain the verb byte already
+	 * set. The compressed flag in the verb is set if compression successfully
+	 * results in a size reduction. If no size reduction occurs, compression
+	 * is not done and the flag is left cleared.
+	 *
+	 * @return True if compression occurred
+	 */
+	bool compress();
+
+	/**
+	 * Attempt to decompress payload if it is compressed (must be unencrypted)
+	 *
+	 * If payload is compressed, it is decompressed and the compressed verb
+	 * flag is cleared. Otherwise nothing is done and true is returned.
+	 *
+	 * @return True if data is now decompressed and valid, false on error
+	 */
+	bool uncompress();
+
+private:
+	static const unsigned char ZERO_KEY[32];
+
+	/**
+	 * Deterministically mangle a 256-bit crypto key based on packet
+	 *
+	 * This uses extra data from the packet to mangle the secret, giving us an
+	 * effective IV that is somewhat more than 64 bits. This is "free" for
+	 * Salsa20 since it has negligible key setup time so using a different
+	 * key each time is fine.
+	 *
+	 * @param in Input key (32 bytes)
+	 * @param out Output buffer (32 bytes)
+	 */
+	inline void _salsa20MangleKey(const unsigned char *in,unsigned char *out) const
+	{
+		const unsigned char *d = (const unsigned char *)data();
+
+		// IV and source/destination addresses. Using the addresses divides the
+		// key space into two halves-- A->B and B->A (since order will change).
+		for(unsigned int i=0;i<18;++i) // 8 + (ZT_ADDRESS_LENGTH * 2) == 18
+			out[i] = in[i] ^ d[i];
+
+		// Flags, but with hop count masked off. Hop count is altered by forwarding
+		// nodes. It's one of the only parts of a packet modifiable by people
+		// without the key.
+		out[18] = in[18] ^ (d[ZT_PACKET_IDX_FLAGS] & 0xf8);
+
+		// Raw packet size in bytes -- thus each packet size defines a new
+		// key space.
+		out[19] = in[19] ^ (unsigned char)(size() & 0xff);
+		out[20] = in[20] ^ (unsigned char)((size() >> 8) & 0xff); // little endian
+
+		// Rest of raw key is used unchanged
+		for(unsigned int i=21;i<32;++i)
+			out[i] = in[i];
+	}
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/Path.cpp b/node/Path.cpp
new file mode 100644
index 0000000..5692af6
--- /dev/null
+++ b/node/Path.cpp
@@ -0,0 +1,34 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "Path.hpp"
+#include "RuntimeEnvironment.hpp"
+#include "Node.hpp"
+
+namespace ZeroTier {
+
+bool Path::send(const RuntimeEnvironment *RR,const void *data,unsigned int len,uint64_t now)
+{
+	if (RR->node->putPacket(_localAddress,address(),data,len)) {
+		sent(now);
+		return true;
+	}
+	return false;
+}
+
+} // namespace ZeroTier
diff --git a/node/Path.hpp b/node/Path.hpp
new file mode 100644
index 0000000..ecf4be2
--- /dev/null
+++ b/node/Path.hpp
@@ -0,0 +1,365 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_PATH_HPP
+#define ZT_PATH_HPP
+
+#include <stdint.h>
+#include <string.h>
+
+#include <stdexcept>
+#include <algorithm>
+
+#include "Constants.hpp"
+#include "InetAddress.hpp"
+
+// Note: if you change these flags check the logic below. Some of it depends
+// on these bits being what they are.
+
+/**
+ * Flag indicating that this path is suboptimal
+ *
+ * Clusters set this flag on remote paths if GeoIP or other routing decisions
+ * indicate that a peer should be handed off to another cluster member.
+ */
+#define ZT_PATH_FLAG_CLUSTER_SUBOPTIMAL 0x0001
+
+/**
+ * Flag indicating that this path is optimal
+ *
+ * Peers set this flag on paths that are pushed by a cluster and indicated as
+ * optimal. A second flag is needed since we want to prioritize cluster optimal
+ * paths and de-prioritize sub-optimal paths and for new paths we don't know
+ * which one they are. So we want a trinary state: optimal, suboptimal, unknown.
+ */
+#define ZT_PATH_FLAG_CLUSTER_OPTIMAL 0x0002
+
+/**
+ * Maximum return value of preferenceRank()
+ */
+#define ZT_PATH_MAX_PREFERENCE_RANK ((ZT_INETADDRESS_MAX_SCOPE << 1) | 1)
+
+namespace ZeroTier {
+
+class RuntimeEnvironment;
+
+/**
+ * Base class for paths
+ *
+ * The base Path class is an immutable value.
+ */
+class Path
+{
+public:
+	Path() :
+		_lastSend(0),
+		_lastPing(0),
+		_lastKeepalive(0),
+		_lastReceived(0),
+		_addr(),
+		_localAddress(),
+		_flags(0),
+		_ipScope(InetAddress::IP_SCOPE_NONE)
+	{
+	}
+
+	Path(const InetAddress &localAddress,const InetAddress &addr) :
+		_lastSend(0),
+		_lastPing(0),
+		_lastKeepalive(0),
+		_lastReceived(0),
+		_addr(addr),
+		_localAddress(localAddress),
+		_flags(0),
+		_ipScope(addr.ipScope())
+	{
+	}
+
+	inline Path &operator=(const Path &p)
+	{
+		if (this != &p)
+			memcpy(this,&p,sizeof(Path));
+		return *this;
+	}
+
+	/**
+	 * Called when a packet is sent to this remote path
+	 *
+	 * This is called automatically by Path::send().
+	 *
+	 * @param t Time of send
+	 */
+	inline void sent(uint64_t t) { _lastSend = t; }
+
+	/**
+	 * Called when we've sent a ping or echo
+	 *
+	 * @param t Time of send
+	 */
+	inline void pinged(uint64_t t) { _lastPing = t; }
+
+	/**
+	 * Called when we send a NAT keepalive
+	 *
+	 * @param t Time of send
+	 */
+	inline void sentKeepalive(uint64_t t) { _lastKeepalive = t; }
+
+	/**
+	 * Called when a packet is received from this remote path
+	 *
+	 * @param t Time of receive
+	 */
+	inline void received(uint64_t t)
+	{
+		_lastReceived = t;
+		_probation = 0;
+	}
+
+	/**
+	 * @param now Current time
+	 * @return True if this path appears active
+	 */
+	inline bool active(uint64_t now) const
+	{
+		return ( ((now - _lastReceived) < ZT_PATH_ACTIVITY_TIMEOUT) && (_probation < ZT_PEER_DEAD_PATH_DETECTION_MAX_PROBATION) );
+	}
+
+	/**
+	 * Send a packet via this path
+	 *
+	 * @param RR Runtime environment
+	 * @param data Packet data
+	 * @param len Packet length
+	 * @param now Current time
+	 * @return True if transport reported success
+	 */
+	bool send(const RuntimeEnvironment *RR,const void *data,unsigned int len,uint64_t now);
+
+	/**
+	 * @return Address of local side of this path or NULL if unspecified
+	 */
+	inline const InetAddress &localAddress() const throw() { return _localAddress; }
+
+	/**
+	 * @return Time of last send to this path
+	 */
+	inline uint64_t lastSend() const throw() { return _lastSend; }
+
+	/**
+	 * @return Time we last pinged or dead path checked this link
+	 */
+	inline uint64_t lastPing() const throw() { return _lastPing; }
+
+	/**
+	 * @return Time of last keepalive
+	 */
+	inline uint64_t lastKeepalive() const throw() { return _lastKeepalive; }
+
+	/**
+	 * @return Time of last receive from this path
+	 */
+	inline uint64_t lastReceived() const throw() { return _lastReceived; }
+
+	/**
+	 * @return Physical address
+	 */
+	inline const InetAddress &address() const throw() { return _addr; }
+
+	/**
+	 * @return IP scope -- faster shortcut for address().ipScope()
+	 */
+	inline InetAddress::IpScope ipScope() const throw() { return _ipScope; }
+
+	/**
+	 * @param f Valuve of ZT_PATH_FLAG_CLUSTER_SUBOPTIMAL and inverse of ZT_PATH_FLAG_CLUSTER_OPTIMAL (both are changed)
+	 */
+	inline void setClusterSuboptimal(bool f)
+	{
+		if (f) {
+			_flags = (_flags | ZT_PATH_FLAG_CLUSTER_SUBOPTIMAL) & ~ZT_PATH_FLAG_CLUSTER_OPTIMAL;
+		} else {
+			_flags = (_flags | ZT_PATH_FLAG_CLUSTER_OPTIMAL) & ~ZT_PATH_FLAG_CLUSTER_SUBOPTIMAL;
+		}
+	}
+
+	/**
+	 * @return True if ZT_PATH_FLAG_CLUSTER_SUBOPTIMAL is set
+	 */
+	inline bool isClusterSuboptimal() const { return ((_flags & ZT_PATH_FLAG_CLUSTER_SUBOPTIMAL) != 0); }
+
+	/**
+	 * @return True if ZT_PATH_FLAG_CLUSTER_OPTIMAL is set
+	 */
+	inline bool isClusterOptimal() const { return ((_flags & ZT_PATH_FLAG_CLUSTER_OPTIMAL) != 0); }
+
+	/**
+	 * @return Preference rank, higher == better (will be less than 255)
+	 */
+	inline unsigned int preferenceRank() const throw()
+	{
+		/* First, since the scope enum values in InetAddress.hpp are in order of
+		 * use preference rank, we take that. Then we multiple by two, yielding
+		 * a sequence like 0, 2, 4, 6, etc. Then if it's IPv6 we add one. This
+		 * makes IPv6 addresses of a given scope outrank IPv4 addresses of the
+		 * same scope -- e.g. 1 outranks 0. This makes us prefer IPv6, but not
+		 * if the address scope/class is of a fundamentally lower rank. */
+		return ( ((unsigned int)_ipScope << 1) | (unsigned int)(_addr.ss_family == AF_INET6) );
+	}
+
+	/**
+	 * @return This path's overall quality score (higher is better)
+	 */
+	inline uint64_t score() const throw()
+	{
+		// This is a little bit convoluted because we try to be branch-free, using multiplication instead of branches for boolean flags
+
+		// Start with the last time this path was active, and add a fudge factor to prevent integer underflow if _lastReceived is 0
+		uint64_t score = _lastReceived + (ZT_PEER_DIRECT_PING_DELAY * (ZT_PEER_DEAD_PATH_DETECTION_MAX_PROBATION + 1));
+
+		// Increase score based on path preference rank, which is based on IP scope and address family
+		score += preferenceRank() * (ZT_PEER_DIRECT_PING_DELAY / ZT_PATH_MAX_PREFERENCE_RANK);
+
+		// Increase score if this is known to be an optimal path to a cluster
+		score += (uint64_t)(_flags & ZT_PATH_FLAG_CLUSTER_OPTIMAL) * (ZT_PEER_DIRECT_PING_DELAY / 2); // /2 because CLUSTER_OPTIMAL is flag 0x0002
+
+		// Decrease score if this is known to be a sub-optimal path to a cluster
+		score -= (uint64_t)(_flags & ZT_PATH_FLAG_CLUSTER_SUBOPTIMAL) * ZT_PEER_DIRECT_PING_DELAY;
+
+		// Penalize for missed ECHO tests in dead path detection
+		score -= (uint64_t)((ZT_PEER_DIRECT_PING_DELAY / 2) * _probation);
+
+		return score;
+	}
+
+	/**
+	 * @return True if path is considered reliable (no NAT keepalives etc. are needed)
+	 */
+	inline bool reliable() const throw()
+	{
+		if ((_addr.ss_family == AF_INET)||(_addr.ss_family == AF_INET6))
+			return ((_ipScope != InetAddress::IP_SCOPE_GLOBAL)&&(_ipScope != InetAddress::IP_SCOPE_PSEUDOPRIVATE));
+		return true;
+	}
+
+	/**
+	 * @return True if address is non-NULL
+	 */
+	inline operator bool() const throw() { return (_addr); }
+
+	/**
+	 * Check whether this address is valid for a ZeroTier path
+	 *
+	 * This checks the address type and scope against address types and scopes
+	 * that we currently support for ZeroTier communication.
+	 *
+	 * @param a Address to check
+	 * @return True if address is good for ZeroTier path use
+	 */
+	static inline bool isAddressValidForPath(const InetAddress &a)
+		throw()
+	{
+		if ((a.ss_family == AF_INET)||(a.ss_family == AF_INET6)) {
+			switch(a.ipScope()) {
+				/* Note: we don't do link-local at the moment. Unfortunately these
+				 * cause several issues. The first is that they usually require a
+				 * device qualifier, which we don't handle yet and can't portably
+				 * push in PUSH_DIRECT_PATHS. The second is that some OSes assign
+				 * these very ephemerally or otherwise strangely. So we'll use
+				 * private, pseudo-private, shared (e.g. carrier grade NAT), or
+				 * global IP addresses. */
+				case InetAddress::IP_SCOPE_PRIVATE:
+				case InetAddress::IP_SCOPE_PSEUDOPRIVATE:
+				case InetAddress::IP_SCOPE_SHARED:
+				case InetAddress::IP_SCOPE_GLOBAL:
+					if (a.ss_family == AF_INET6) {
+						// TEMPORARY HACK: for now, we are going to blacklist he.net IPv6
+						// tunnels due to very spotty performance and low MTU issues over
+						// these IPv6 tunnel links.
+						const uint8_t *ipd = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(&a)->sin6_addr.s6_addr);
+						if ((ipd[0] == 0x20)&&(ipd[1] == 0x01)&&(ipd[2] == 0x04)&&(ipd[3] == 0x70))
+							return false;
+					}
+					return true;
+				default:
+					return false;
+			}
+		}
+		return false;
+	}
+
+	/**
+	 * @return Current path probation count (for dead path detect)
+	 */
+	inline unsigned int probation() const { return _probation; }
+
+	/**
+	 * Increase this path's probation violation count (for dead path detect)
+	 */
+	inline void increaseProbation() { ++_probation; }
+
+	template<unsigned int C>
+	inline void serialize(Buffer<C> &b) const
+	{
+		b.append((uint8_t)2); // version
+		b.append((uint64_t)_lastSend);
+		b.append((uint64_t)_lastPing);
+		b.append((uint64_t)_lastKeepalive);
+		b.append((uint64_t)_lastReceived);
+		_addr.serialize(b);
+		_localAddress.serialize(b);
+		b.append((uint16_t)_flags);
+		b.append((uint16_t)_probation);
+	}
+
+	template<unsigned int C>
+	inline unsigned int deserialize(const Buffer<C> &b,unsigned int startAt = 0)
+	{
+		unsigned int p = startAt;
+		if (b[p++] != 2)
+			throw std::invalid_argument("invalid serialized Path");
+		_lastSend = b.template at<uint64_t>(p); p += 8;
+		_lastPing = b.template at<uint64_t>(p); p += 8;
+		_lastKeepalive = b.template at<uint64_t>(p); p += 8;
+		_lastReceived = b.template at<uint64_t>(p); p += 8;
+		p += _addr.deserialize(b,p);
+		p += _localAddress.deserialize(b,p);
+		_flags = b.template at<uint16_t>(p); p += 2;
+		_probation = b.template at<uint16_t>(p); p += 2;
+		_ipScope = _addr.ipScope();
+		return (p - startAt);
+	}
+
+	inline bool operator==(const Path &p) const { return ((p._addr == _addr)&&(p._localAddress == _localAddress)); }
+	inline bool operator!=(const Path &p) const { return ((p._addr != _addr)||(p._localAddress != _localAddress)); }
+
+private:
+	uint64_t _lastSend;
+	uint64_t _lastPing;
+	uint64_t _lastKeepalive;
+	uint64_t _lastReceived;
+	InetAddress _addr;
+	InetAddress _localAddress;
+	unsigned int _flags;
+	unsigned int _probation;
+	InetAddress::IpScope _ipScope; // memoize this since it's a computed value checked often
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/Peer.cpp b/node/Peer.cpp
new file mode 100644
index 0000000..cc58100
--- /dev/null
+++ b/node/Peer.cpp
@@ -0,0 +1,558 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "../version.h"
+
+#include "Constants.hpp"
+#include "Peer.hpp"
+#include "Node.hpp"
+#include "Switch.hpp"
+#include "Network.hpp"
+#include "SelfAwareness.hpp"
+#include "Cluster.hpp"
+#include "Packet.hpp"
+
+#include <algorithm>
+
+#define ZT_PEER_PATH_SORT_INTERVAL 5000
+
+namespace ZeroTier {
+
+// Used to send varying values for NAT keepalive
+static uint32_t _natKeepaliveBuf = 0;
+
+Peer::Peer(const RuntimeEnvironment *renv,const Identity &myIdentity,const Identity &peerIdentity) :
+	RR(renv),
+	_lastUsed(0),
+	_lastReceive(0),
+	_lastUnicastFrame(0),
+	_lastMulticastFrame(0),
+	_lastAnnouncedTo(0),
+	_lastDirectPathPushSent(0),
+	_lastDirectPathPushReceive(0),
+	_lastPathSort(0),
+	_vProto(0),
+	_vMajor(0),
+	_vMinor(0),
+	_vRevision(0),
+	_id(peerIdentity),
+	_numPaths(0),
+	_latency(0),
+	_directPathPushCutoffCount(0),
+	_networkComs(4),
+	_lastPushedComs(4)
+{
+	if (!myIdentity.agree(peerIdentity,_key,ZT_PEER_SECRET_KEY_LENGTH))
+		throw std::runtime_error("new peer identity key agreement failed");
+}
+
+void Peer::received(
+	const InetAddress &localAddr,
+	const InetAddress &remoteAddr,
+	unsigned int hops,
+	uint64_t packetId,
+	Packet::Verb verb,
+	uint64_t inRePacketId,
+	Packet::Verb inReVerb)
+{
+#ifdef ZT_ENABLE_CLUSTER
+	bool suboptimalPath = false;
+	if ((RR->cluster)&&(hops == 0)) {
+		// Note: findBetterEndpoint() is first since we still want to check
+		// for a better endpoint even if we don't actually send a redirect.
+		InetAddress redirectTo;
+		if ( (verb != Packet::VERB_OK) && (verb != Packet::VERB_ERROR) && (verb != Packet::VERB_RENDEZVOUS) && (verb != Packet::VERB_PUSH_DIRECT_PATHS) && (RR->cluster->findBetterEndpoint(redirectTo,_id.address(),remoteAddr,false)) ) {
+			if (_vProto >= 5) {
+				// For newer peers we can send a more idiomatic verb: PUSH_DIRECT_PATHS.
+				Packet outp(_id.address(),RR->identity.address(),Packet::VERB_PUSH_DIRECT_PATHS);
+				outp.append((uint16_t)1); // count == 1
+				outp.append((uint8_t)ZT_PUSH_DIRECT_PATHS_FLAG_CLUSTER_REDIRECT); // flags: cluster redirect
+				outp.append((uint16_t)0); // no extensions
+				if (redirectTo.ss_family == AF_INET) {
+					outp.append((uint8_t)4);
+					outp.append((uint8_t)6);
+					outp.append(redirectTo.rawIpData(),4);
+				} else {
+					outp.append((uint8_t)6);
+					outp.append((uint8_t)18);
+					outp.append(redirectTo.rawIpData(),16);
+				}
+				outp.append((uint16_t)redirectTo.port());
+				outp.armor(_key,true);
+				RR->node->putPacket(localAddr,remoteAddr,outp.data(),outp.size());
+			} else {
+				// For older peers we use RENDEZVOUS to coax them into contacting us elsewhere.
+				Packet outp(_id.address(),RR->identity.address(),Packet::VERB_RENDEZVOUS);
+				outp.append((uint8_t)0); // no flags
+				RR->identity.address().appendTo(outp);
+				outp.append((uint16_t)redirectTo.port());
+				if (redirectTo.ss_family == AF_INET) {
+					outp.append((uint8_t)4);
+					outp.append(redirectTo.rawIpData(),4);
+				} else {
+					outp.append((uint8_t)16);
+					outp.append(redirectTo.rawIpData(),16);
+				}
+				outp.armor(_key,true);
+				RR->node->putPacket(localAddr,remoteAddr,outp.data(),outp.size());
+			}
+			suboptimalPath = true;
+		}
+	}
+#endif
+
+	const uint64_t now = RR->node->now();
+	_lastReceive = now;
+	if ((verb == Packet::VERB_FRAME)||(verb == Packet::VERB_EXT_FRAME))
+		_lastUnicastFrame = now;
+	else if (verb == Packet::VERB_MULTICAST_FRAME)
+		_lastMulticastFrame = now;
+
+	if (hops == 0) {
+		bool pathIsConfirmed = false;
+		unsigned int np = _numPaths;
+		for(unsigned int p=0;p<np;++p) {
+			if ((_paths[p].address() == remoteAddr)&&(_paths[p].localAddress() == localAddr)) {
+				_paths[p].received(now);
+#ifdef ZT_ENABLE_CLUSTER
+				_paths[p].setClusterSuboptimal(suboptimalPath);
+#endif
+				pathIsConfirmed = true;
+				break;
+			}
+		}
+
+		if ((!pathIsConfirmed)&&(RR->node->shouldUsePathForZeroTierTraffic(localAddr,remoteAddr))) {
+			if (verb == Packet::VERB_OK) {
+
+				Path *slot = (Path *)0;
+				if (np < ZT_MAX_PEER_NETWORK_PATHS) {
+					slot = &(_paths[np++]);
+				} else {
+					uint64_t slotWorstScore = 0xffffffffffffffffULL;
+					for(unsigned int p=0;p<ZT_MAX_PEER_NETWORK_PATHS;++p) {
+						if (!_paths[p].active(now)) {
+							slot = &(_paths[p]);
+							break;
+						} else {
+							const uint64_t score = _paths[p].score();
+							if (score <= slotWorstScore) {
+								slotWorstScore = score;
+								slot = &(_paths[p]);
+							}
+						}
+					}
+				}
+				if (slot) {
+					*slot = Path(localAddr,remoteAddr);
+					slot->received(now);
+#ifdef ZT_ENABLE_CLUSTER
+					slot->setClusterSuboptimal(suboptimalPath);
+#endif
+					_numPaths = np;
+				}
+
+#ifdef ZT_ENABLE_CLUSTER
+				if (RR->cluster)
+					RR->cluster->broadcastHavePeer(_id);
+#endif
+
+			} else {
+
+				TRACE("got %s via unknown path %s(%s), confirming...",Packet::verbString(verb),_id.address().toString().c_str(),remoteAddr.toString().c_str());
+
+				if ( (_vProto >= 5) && ( !((_vMajor == 1)&&(_vMinor == 1)&&(_vRevision == 0)) ) ) {
+					Packet outp(_id.address(),RR->identity.address(),Packet::VERB_ECHO);
+					outp.armor(_key,true);
+					RR->node->putPacket(localAddr,remoteAddr,outp.data(),outp.size());
+				} else {
+					sendHELLO(localAddr,remoteAddr,now);
+				}
+
+			}
+		}
+	}
+
+	if ((now - _lastAnnouncedTo) >= ((ZT_MULTICAST_LIKE_EXPIRE / 2) - 1000)) {
+		_lastAnnouncedTo = now;
+		const std::vector< SharedPtr<Network> > networks(RR->node->allNetworks());
+		for(std::vector< SharedPtr<Network> >::const_iterator n(networks.begin());n!=networks.end();++n)
+			(*n)->tryAnnounceMulticastGroupsTo(SharedPtr<Peer>(this));
+	}
+}
+
+void Peer::sendHELLO(const InetAddress &localAddr,const InetAddress &atAddress,uint64_t now,unsigned int ttl)
+{
+	Packet outp(_id.address(),RR->identity.address(),Packet::VERB_HELLO);
+	outp.append((unsigned char)ZT_PROTO_VERSION);
+	outp.append((unsigned char)ZEROTIER_ONE_VERSION_MAJOR);
+	outp.append((unsigned char)ZEROTIER_ONE_VERSION_MINOR);
+	outp.append((uint16_t)ZEROTIER_ONE_VERSION_REVISION);
+	outp.append(now);
+	RR->identity.serialize(outp,false);
+	atAddress.serialize(outp);
+	outp.append((uint64_t)RR->topology->worldId());
+	outp.append((uint64_t)RR->topology->worldTimestamp());
+
+	outp.armor(_key,false); // HELLO is sent in the clear
+	RR->node->putPacket(localAddr,atAddress,outp.data(),outp.size(),ttl);
+}
+
+bool Peer::doPingAndKeepalive(uint64_t now,int inetAddressFamily)
+{
+	Path *p = (Path *)0;
+
+	if (inetAddressFamily != 0) {
+		p = _getBestPath(now,inetAddressFamily);
+	} else {
+		p = _getBestPath(now);
+	}
+
+	if (p) {
+		if ((now - p->lastReceived()) >= ZT_PEER_DIRECT_PING_DELAY) {
+			//TRACE("PING %s(%s) after %llums/%llums send/receive inactivity",_id.address().toString().c_str(),p->address().toString().c_str(),now - p->lastSend(),now - p->lastReceived());
+			sendHELLO(p->localAddress(),p->address(),now);
+			p->sent(now);
+			p->pinged(now);
+		} else if ( ((now - std::max(p->lastSend(),p->lastKeepalive())) >= ZT_NAT_KEEPALIVE_DELAY) && (!p->reliable()) ) {
+			//TRACE("NAT keepalive %s(%s) after %llums/%llums send/receive inactivity",_id.address().toString().c_str(),p->address().toString().c_str(),now - p->lastSend(),now - p->lastReceived());
+			_natKeepaliveBuf += (uint32_t)((now * 0x9e3779b1) >> 1); // tumble this around to send constantly varying (meaningless) payloads
+			RR->node->putPacket(p->localAddress(),p->address(),&_natKeepaliveBuf,sizeof(_natKeepaliveBuf));
+			p->sentKeepalive(now);
+		} else {
+			//TRACE("no PING or NAT keepalive: addr==%s reliable==%d %llums/%llums send/receive inactivity",p->address().toString().c_str(),(int)p->reliable(),now - p->lastSend(),now - p->lastReceived());
+		}
+		return true;
+	}
+
+	return false;
+}
+
+bool Peer::pushDirectPaths(const InetAddress &localAddr,const InetAddress &toAddress,uint64_t now,bool force,bool includePrivatePaths)
+{
+#ifdef ZT_ENABLE_CLUSTER
+	// Cluster mode disables normal PUSH_DIRECT_PATHS in favor of cluster-based peer redirection
+	if (RR->cluster)
+		return false;
+#endif
+
+	if (!force) {
+		if ((now - _lastDirectPathPushSent) < ZT_DIRECT_PATH_PUSH_INTERVAL)
+			return false;
+		else _lastDirectPathPushSent = now;
+	}
+
+	std::vector<InetAddress> pathsToPush;
+
+	std::vector<InetAddress> dps(RR->node->directPaths());
+	for(std::vector<InetAddress>::const_iterator i(dps.begin());i!=dps.end();++i) {
+		if ((includePrivatePaths)||(i->ipScope() == InetAddress::IP_SCOPE_GLOBAL))
+			pathsToPush.push_back(*i);
+	}
+
+	std::vector<InetAddress> sym(RR->sa->getSymmetricNatPredictions());
+	for(unsigned long i=0,added=0;i<sym.size();++i) {
+		InetAddress tmp(sym[(unsigned long)RR->node->prng() % sym.size()]);
+		if (std::find(pathsToPush.begin(),pathsToPush.end(),tmp) == pathsToPush.end()) {
+			pathsToPush.push_back(tmp);
+			if (++added >= ZT_PUSH_DIRECT_PATHS_MAX_PER_SCOPE_AND_FAMILY)
+				break;
+		}
+	}
+	if (pathsToPush.empty())
+		return false;
+
+#ifdef ZT_TRACE
+	{
+		std::string ps;
+		for(std::vector<InetAddress>::const_iterator p(pathsToPush.begin());p!=pathsToPush.end();++p) {
+			if (ps.length() > 0)
+				ps.push_back(',');
+			ps.append(p->toString());
+		}
+		TRACE("pushing %u direct paths to %s: %s",(unsigned int)pathsToPush.size(),_id.address().toString().c_str(),ps.c_str());
+	}
+#endif
+
+	std::vector<InetAddress>::const_iterator p(pathsToPush.begin());
+	while (p != pathsToPush.end()) {
+		Packet outp(_id.address(),RR->identity.address(),Packet::VERB_PUSH_DIRECT_PATHS);
+		outp.addSize(2); // leave room for count
+
+		unsigned int count = 0;
+		while ((p != pathsToPush.end())&&((outp.size() + 24) < 1200)) {
+			uint8_t addressType = 4;
+			switch(p->ss_family) {
+				case AF_INET:
+					break;
+				case AF_INET6:
+					addressType = 6;
+					break;
+				default: // we currently only push IP addresses
+					++p;
+					continue;
+			}
+
+			outp.append((uint8_t)0); // no flags
+			outp.append((uint16_t)0); // no extensions
+			outp.append(addressType);
+			outp.append((uint8_t)((addressType == 4) ? 6 : 18));
+			outp.append(p->rawIpData(),((addressType == 4) ? 4 : 16));
+			outp.append((uint16_t)p->port());
+
+			++count;
+			++p;
+		}
+
+		if (count) {
+			outp.setAt(ZT_PACKET_IDX_PAYLOAD,(uint16_t)count);
+			outp.armor(_key,true);
+			RR->node->putPacket(localAddr,toAddress,outp.data(),outp.size(),0);
+		}
+	}
+
+	return true;
+}
+
+bool Peer::resetWithinScope(InetAddress::IpScope scope,uint64_t now)
+{
+	unsigned int np = _numPaths;
+	unsigned int x = 0;
+	unsigned int y = 0;
+	while (x < np) {
+		if (_paths[x].address().ipScope() == scope) {
+			// Resetting a path means sending a HELLO and then forgetting it. If we
+			// get OK(HELLO) then it will be re-learned.
+			sendHELLO(_paths[x].localAddress(),_paths[x].address(),now);
+		} else {
+			_paths[y++] = _paths[x];
+		}
+		++x;
+	}
+	_numPaths = y;
+	return (y < np);
+}
+
+void Peer::getBestActiveAddresses(uint64_t now,InetAddress &v4,InetAddress &v6) const
+{
+	uint64_t bestV4 = 0,bestV6 = 0;
+	for(unsigned int p=0,np=_numPaths;p<np;++p) {
+		if (_paths[p].active(now)) {
+			uint64_t lr = _paths[p].lastReceived();
+			if (lr) {
+				if (_paths[p].address().isV4()) {
+					if (lr >= bestV4) {
+						bestV4 = lr;
+						v4 = _paths[p].address();
+					}
+				} else if (_paths[p].address().isV6()) {
+					if (lr >= bestV6) {
+						bestV6 = lr;
+						v6 = _paths[p].address();
+					}
+				}
+			}
+		}
+	}
+}
+
+bool Peer::networkMembershipCertificatesAgree(uint64_t nwid,const CertificateOfMembership &com) const
+{
+	Mutex::Lock _l(_networkComs_m);
+	const _NetworkCom *ourCom = _networkComs.get(nwid);
+	if (ourCom)
+		return ourCom->com.agreesWith(com);
+	return false;
+}
+
+bool Peer::validateAndSetNetworkMembershipCertificate(uint64_t nwid,const CertificateOfMembership &com)
+{
+	// Sanity checks
+	if ((!com)||(com.issuedTo() != _id.address()))
+		return false;
+
+	// Return true if we already have this *exact* COM
+	{
+		Mutex::Lock _l(_networkComs_m);
+		_NetworkCom *ourCom = _networkComs.get(nwid);
+		if ((ourCom)&&(ourCom->com == com))
+			return true;
+	}
+
+	// Check signature, log and return if cert is invalid
+	if (com.signedBy() != Network::controllerFor(nwid)) {
+		TRACE("rejected network membership certificate for %.16llx signed by %s: signer not a controller of this network",(unsigned long long)nwid,com.signedBy().toString().c_str());
+		return false; // invalid signer
+	}
+
+	if (com.signedBy() == RR->identity.address()) {
+
+		// We are the controller: RR->identity.address() == controller() == cert.signedBy()
+		// So, verify that we signed th cert ourself
+		if (!com.verify(RR->identity)) {
+			TRACE("rejected network membership certificate for %.16llx self signed by %s: signature check failed",(unsigned long long)nwid,com.signedBy().toString().c_str());
+			return false; // invalid signature
+		}
+
+	} else {
+
+		SharedPtr<Peer> signer(RR->topology->getPeer(com.signedBy()));
+
+		if (!signer) {
+			// This would be rather odd, since this is our controller... could happen
+			// if we get packets before we've gotten config.
+			RR->sw->requestWhois(com.signedBy());
+			return false; // signer unknown
+		}
+
+		if (!com.verify(signer->identity())) {
+			TRACE("rejected network membership certificate for %.16llx signed by %s: signature check failed",(unsigned long long)nwid,com.signedBy().toString().c_str());
+			return false; // invalid signature
+		}
+	}
+
+	// If we made it past all those checks, add or update cert in our cert info store
+	{
+		Mutex::Lock _l(_networkComs_m);
+		_networkComs.set(nwid,_NetworkCom(RR->node->now(),com));
+	}
+
+	return true;
+}
+
+bool Peer::needsOurNetworkMembershipCertificate(uint64_t nwid,uint64_t now,bool updateLastPushedTime)
+{
+	Mutex::Lock _l(_networkComs_m);
+	uint64_t &lastPushed = _lastPushedComs[nwid];
+	const uint64_t tmp = lastPushed;
+	if (updateLastPushedTime)
+		lastPushed = now;
+	return ((now - tmp) >= (ZT_NETWORK_AUTOCONF_DELAY / 3));
+}
+
+void Peer::clean(uint64_t now)
+{
+	{
+		unsigned int np = _numPaths;
+		unsigned int x = 0;
+		unsigned int y = 0;
+		while (x < np) {
+			if (_paths[x].active(now))
+				_paths[y++] = _paths[x];
+			++x;
+		}
+		_numPaths = y;
+	}
+
+	{
+		Mutex::Lock _l(_networkComs_m);
+		{
+			uint64_t *k = (uint64_t *)0;
+			_NetworkCom *v = (_NetworkCom *)0;
+			Hashtable< uint64_t,_NetworkCom >::Iterator i(_networkComs);
+			while (i.next(k,v)) {
+				if ( (!RR->node->belongsToNetwork(*k)) && ((now - v->ts) >= ZT_PEER_NETWORK_COM_EXPIRATION) )
+					_networkComs.erase(*k);
+			}
+		}
+		{
+			uint64_t *k = (uint64_t *)0;
+			uint64_t *v = (uint64_t *)0;
+			Hashtable< uint64_t,uint64_t >::Iterator i(_lastPushedComs);
+			while (i.next(k,v)) {
+				if ((now - *v) > (ZT_NETWORK_AUTOCONF_DELAY * 2))
+					_lastPushedComs.erase(*k);
+			}
+		}
+	}
+}
+
+void Peer::_doDeadPathDetection(Path &p,const uint64_t now)
+{
+	/* Dead path detection: if we have sent something to this peer and have not
+	 * yet received a reply, double check this path. The majority of outbound
+	 * packets including Ethernet frames do generate some kind of reply either
+	 * immediately or at some point in the near future. This will occasionally
+	 * (every NO_ANSWER_TIMEOUT ms) check paths unnecessarily if traffic that
+	 * does not generate a response is being sent such as multicast announcements
+	 * or frames belonging to unidirectional UDP protocols, but the cost is very
+	 * tiny and the benefit in reliability is very large. This takes care of many
+	 * failure modes including crap NATs that forget links and spurious changes
+	 * to physical network topology that cannot be otherwise detected.
+	 *
+	 * Each time we do this we increment a probation counter in the path. This
+	 * counter is reset on any packet receive over this path. If it reaches the
+	 * MAX_PROBATION threshold the path is considred dead. */
+
+	if (
+	     (p.lastSend() > p.lastReceived()) &&
+			 ((p.lastSend() - p.lastReceived()) >= ZT_PEER_DEAD_PATH_DETECTION_NO_ANSWER_TIMEOUT) &&
+			 ((now - p.lastPing()) >= ZT_PEER_DEAD_PATH_DETECTION_NO_ANSWER_TIMEOUT) &&
+			 (!p.isClusterSuboptimal()) &&
+			 (!RR->topology->amRoot())
+		 ) {
+		TRACE("%s(%s) does not seem to be answering in a timely manner, checking if dead (probation == %u)",_id.address().toString().c_str(),p.address().toString().c_str(),p.probation());
+
+		if ( (_vProto >= 5) && ( !((_vMajor == 1)&&(_vMinor == 1)&&(_vRevision == 0)) ) ) {
+			Packet outp(_id.address(),RR->identity.address(),Packet::VERB_ECHO);
+			outp.armor(_key,true);
+			p.send(RR,outp.data(),outp.size(),now);
+			p.pinged(now);
+		} else {
+			sendHELLO(p.localAddress(),p.address(),now);
+			p.sent(now);
+			p.pinged(now);
+		}
+
+		p.increaseProbation();
+	}
+}
+
+Path *Peer::_getBestPath(const uint64_t now)
+{
+	Path *bestPath = (Path *)0;
+	uint64_t bestPathScore = 0;
+	for(unsigned int i=0;i<_numPaths;++i) {
+		const uint64_t score = _paths[i].score();
+		if ((score >= bestPathScore)&&(_paths[i].active(now))) {
+			bestPathScore = score;
+			bestPath = &(_paths[i]);
+		}
+	}
+	if (bestPath)
+		_doDeadPathDetection(*bestPath,now);
+	return bestPath;
+}
+
+Path *Peer::_getBestPath(const uint64_t now,int inetAddressFamily)
+{
+	Path *bestPath = (Path *)0;
+	uint64_t bestPathScore = 0;
+	for(unsigned int i=0;i<_numPaths;++i) {
+		const uint64_t score = _paths[i].score();
+		if (((int)_paths[i].address().ss_family == inetAddressFamily)&&(score >= bestPathScore)&&(_paths[i].active(now))) {
+			bestPathScore = score;
+			bestPath = &(_paths[i]);
+		}
+	}
+	if (bestPath)
+		_doDeadPathDetection(*bestPath,now);
+	return bestPath;
+}
+
+} // namespace ZeroTier
diff --git a/node/Peer.hpp b/node/Peer.hpp
new file mode 100644
index 0000000..445535c
--- /dev/null
+++ b/node/Peer.hpp
@@ -0,0 +1,614 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_PEER_HPP
+#define ZT_PEER_HPP
+
+#include <stdint.h>
+
+#include "Constants.hpp"
+
+#include <algorithm>
+#include <utility>
+#include <vector>
+#include <stdexcept>
+
+#include "../include/ZeroTierOne.h"
+
+#include "RuntimeEnvironment.hpp"
+#include "CertificateOfMembership.hpp"
+#include "Path.hpp"
+#include "Address.hpp"
+#include "Utils.hpp"
+#include "Identity.hpp"
+#include "InetAddress.hpp"
+#include "Packet.hpp"
+#include "SharedPtr.hpp"
+#include "AtomicCounter.hpp"
+#include "Hashtable.hpp"
+#include "Mutex.hpp"
+#include "NonCopyable.hpp"
+
+// Very rough computed estimate: (8 + 256 + 80 + (16 * 64) + (128 * 256) + (128 * 16))
+// 1048576 provides tons of headroom -- overflow would just cause peer not to be persisted
+#define ZT_PEER_SUGGESTED_SERIALIZATION_BUFFER_SIZE 1048576
+
+namespace ZeroTier {
+
+/**
+ * Peer on P2P Network (virtual layer 1)
+ */
+class Peer : NonCopyable
+{
+	friend class SharedPtr<Peer>;
+
+private:
+	Peer() {} // disabled to prevent bugs -- should not be constructed uninitialized
+
+public:
+	~Peer() { Utils::burn(_key,sizeof(_key)); }
+
+	/**
+	 * Construct a new peer
+	 *
+	 * @param renv Runtime environment
+	 * @param myIdentity Identity of THIS node (for key agreement)
+	 * @param peerIdentity Identity of peer
+	 * @throws std::runtime_error Key agreement with peer's identity failed
+	 */
+	Peer(const RuntimeEnvironment *renv,const Identity &myIdentity,const Identity &peerIdentity);
+
+	/**
+	 * @return Time peer record was last used in any way
+	 */
+	inline uint64_t lastUsed() const throw() { return _lastUsed; }
+
+	/**
+	 * Log a use of this peer record (done by Topology when peers are looked up)
+	 *
+	 * @param now New time of last use
+	 */
+	inline void use(uint64_t now) throw() { _lastUsed = now; }
+
+	/**
+	 * @return This peer's ZT address (short for identity().address())
+	 */
+	inline const Address &address() const throw() { return _id.address(); }
+
+	/**
+	 * @return This peer's identity
+	 */
+	inline const Identity &identity() const throw() { return _id; }
+
+	/**
+	 * Log receipt of an authenticated packet
+	 *
+	 * This is called by the decode pipe when a packet is proven to be authentic
+	 * and appears to be valid.
+	 *
+	 * @param RR Runtime environment
+	 * @param localAddr Local address
+	 * @param remoteAddr Internet address of sender
+	 * @param hops ZeroTier (not IP) hops
+	 * @param packetId Packet ID
+	 * @param verb Packet verb
+	 * @param inRePacketId Packet ID in reply to (default: none)
+	 * @param inReVerb Verb in reply to (for OK/ERROR, default: VERB_NOP)
+	 */
+	void received(
+		const InetAddress &localAddr,
+		const InetAddress &remoteAddr,
+		unsigned int hops,
+		uint64_t packetId,
+		Packet::Verb verb,
+		uint64_t inRePacketId = 0,
+		Packet::Verb inReVerb = Packet::VERB_NOP);
+
+	/**
+	 * Get the current best direct path to this peer
+	 *
+	 * @param now Current time
+	 * @return Best path or NULL if there are no active direct paths
+	 */
+	inline Path *getBestPath(uint64_t now) { return _getBestPath(now); }
+
+	/**
+	 * @param now Current time
+	 * @param addr Remote address
+	 * @return True if we have an active path to this destination
+	 */
+	inline bool hasActivePathTo(uint64_t now,const InetAddress &addr) const
+	{
+		for(unsigned int p=0;p<_numPaths;++p) {
+			if ((_paths[p].active(now))&&(_paths[p].address() == addr))
+				return true;
+		}
+		return false;
+	}
+
+	/**
+	 * Set all paths in the same ss_family that are not this one to cluster suboptimal
+	 *
+	 * Addresses in other families are not affected.
+	 *
+	 * @param addr Address to make exclusive
+	 */
+	inline void setClusterOptimalPathForAddressFamily(const InetAddress &addr)
+	{
+		for(unsigned int p=0;p<_numPaths;++p) {
+			if (_paths[p].address().ss_family == addr.ss_family) {
+				_paths[p].setClusterSuboptimal(_paths[p].address() != addr);
+			}
+		}
+	}
+
+	/**
+	 * Send via best path
+	 *
+	 * @param data Packet data
+	 * @param len Packet length
+	 * @param now Current time
+	 * @return Path used on success or NULL on failure
+	 */
+	inline Path *send(const void *data,unsigned int len,uint64_t now)
+	{
+		Path *const bestPath = getBestPath(now);
+		if (bestPath) {
+			if (bestPath->send(RR,data,len,now))
+				return bestPath;
+		}
+		return (Path *)0;
+	}
+
+	/**
+	 * Send a HELLO to this peer at a specified physical address
+	 *
+	 * This does not update any statistics. It's used to send initial HELLOs
+	 * for NAT traversal and path verification.
+	 *
+	 * @param localAddr Local address
+	 * @param atAddress Destination address
+	 * @param now Current time
+	 * @param ttl Desired IP TTL (default: 0 to leave alone)
+	 */
+	void sendHELLO(const InetAddress &localAddr,const InetAddress &atAddress,uint64_t now,unsigned int ttl = 0);
+
+	/**
+	 * Send pings or keepalives depending on configured timeouts
+	 *
+	 * @param now Current time
+	 * @param inetAddressFamily Keep this address family alive, or 0 to simply pick current best ignoring family
+	 * @return True if at least one direct path seems alive
+	 */
+	bool doPingAndKeepalive(uint64_t now,int inetAddressFamily);
+
+	/**
+	 * Push direct paths back to self if we haven't done so in the configured timeout
+	 *
+	 * @param localAddr Local address
+	 * @param toAddress Remote address to send push to (usually from path)
+	 * @param now Current time
+	 * @param force If true, push regardless of rate limit
+	 * @param includePrivatePaths If true, include local interface address paths (should only be done to peers with a trust relationship)
+	 * @return True if something was actually sent
+	 */
+	bool pushDirectPaths(const InetAddress &localAddr,const InetAddress &toAddress,uint64_t now,bool force,bool includePrivatePaths);
+
+	/**
+	 * @return All known direct paths to this peer (active or inactive)
+	 */
+	inline std::vector<Path> paths() const
+	{
+		std::vector<Path> pp;
+		for(unsigned int p=0,np=_numPaths;p<np;++p)
+			pp.push_back(_paths[p]);
+		return pp;
+	}
+
+	/**
+	 * @return Time of last receive of anything, whether direct or relayed
+	 */
+	inline uint64_t lastReceive() const throw() { return _lastReceive; }
+
+	/**
+	 * @return Time of most recent unicast frame received
+	 */
+	inline uint64_t lastUnicastFrame() const throw() { return _lastUnicastFrame; }
+
+	/**
+	 * @return Time of most recent multicast frame received
+	 */
+	inline uint64_t lastMulticastFrame() const throw() { return _lastMulticastFrame; }
+
+	/**
+	 * @return Time of most recent frame of any kind (unicast or multicast)
+	 */
+	inline uint64_t lastFrame() const throw() { return std::max(_lastUnicastFrame,_lastMulticastFrame); }
+
+	/**
+	 * @return True if this peer has sent us real network traffic recently
+	 */
+	inline uint64_t activelyTransferringFrames(uint64_t now) const throw() { return ((now - lastFrame()) < ZT_PEER_ACTIVITY_TIMEOUT); }
+
+	/**
+	 * @return Latency in milliseconds or 0 if unknown
+	 */
+	inline unsigned int latency() const { return _latency; }
+
+	/**
+	 * This computes a quality score for relays and root servers
+	 *
+	 * If we haven't heard anything from these in ZT_PEER_ACTIVITY_TIMEOUT, they
+	 * receive the worst possible quality (max unsigned int). Otherwise the
+	 * quality is a product of latency and the number of potential missed
+	 * pings. This causes roots and relays to switch over a bit faster if they
+	 * fail.
+	 *
+	 * @return Relay quality score computed from latency and other factors, lower is better
+	 */
+	inline unsigned int relayQuality(const uint64_t now) const
+	{
+		const uint64_t tsr = now - _lastReceive;
+		if (tsr >= ZT_PEER_ACTIVITY_TIMEOUT)
+			return (~(unsigned int)0);
+		unsigned int l = _latency;
+		if (!l)
+			l = 0xffff;
+		return (l * (((unsigned int)tsr / (ZT_PEER_DIRECT_PING_DELAY + 1000)) + 1));
+	}
+
+	/**
+	 * Update latency with a new direct measurment
+	 *
+	 * @param l Direct latency measurment in ms
+	 */
+	inline void addDirectLatencyMeasurment(unsigned int l)
+	{
+		unsigned int ol = _latency;
+		if ((ol > 0)&&(ol < 10000))
+			_latency = (ol + std::min(l,(unsigned int)65535)) / 2;
+		else _latency = std::min(l,(unsigned int)65535);
+	}
+
+	/**
+	 * @param now Current time
+	 * @return True if this peer has at least one active direct path
+	 */
+	inline bool hasActiveDirectPath(uint64_t now) const
+	{
+		for(unsigned int p=0;p<_numPaths;++p) {
+			if (_paths[p].active(now))
+				return true;
+		}
+		return false;
+	}
+
+#ifdef ZT_ENABLE_CLUSTER
+	/**
+	 * @param now Current time
+	 * @return True if this peer has at least one active direct path that is not cluster-suboptimal
+	 */
+	inline bool hasClusterOptimalPath(uint64_t now) const
+	{
+		for(unsigned int p=0,np=_numPaths;p<np;++p) {
+			if ((_paths[p].active(now))&&(!_paths[p].isClusterSuboptimal()))
+				return true;
+		}
+		return false;
+	}
+#endif
+
+	/**
+	 * Reset paths within a given scope
+	 *
+	 * @param scope IP scope of paths to reset
+	 * @param now Current time
+	 * @return True if at least one path was forgotten
+	 */
+	bool resetWithinScope(InetAddress::IpScope scope,uint64_t now);
+
+	/**
+	 * @return 256-bit secret symmetric encryption key
+	 */
+	inline const unsigned char *key() const throw() { return _key; }
+
+	/**
+	 * Set the currently known remote version of this peer's client
+	 *
+	 * @param vproto Protocol version
+	 * @param vmaj Major version
+	 * @param vmin Minor version
+	 * @param vrev Revision
+	 */
+	inline void setRemoteVersion(unsigned int vproto,unsigned int vmaj,unsigned int vmin,unsigned int vrev)
+	{
+		_vProto = (uint16_t)vproto;
+		_vMajor = (uint16_t)vmaj;
+		_vMinor = (uint16_t)vmin;
+		_vRevision = (uint16_t)vrev;
+	}
+
+	inline unsigned int remoteVersionProtocol() const throw() { return _vProto; }
+	inline unsigned int remoteVersionMajor() const throw() { return _vMajor; }
+	inline unsigned int remoteVersionMinor() const throw() { return _vMinor; }
+	inline unsigned int remoteVersionRevision() const throw() { return _vRevision; }
+
+	inline bool remoteVersionKnown() const throw() { return ((_vMajor > 0)||(_vMinor > 0)||(_vRevision > 0)); }
+
+	/**
+	 * Get most recently active path addresses for IPv4 and/or IPv6
+	 *
+	 * Note that v4 and v6 are not modified if they are not found, so
+	 * initialize these to a NULL address to be able to check.
+	 *
+	 * @param now Current time
+	 * @param v4 Result parameter to receive active IPv4 address, if any
+	 * @param v6 Result parameter to receive active IPv6 address, if any
+	 */
+	void getBestActiveAddresses(uint64_t now,InetAddress &v4,InetAddress &v6) const;
+
+	/**
+	 * Check network COM agreement with this peer
+	 *
+	 * @param nwid Network ID
+	 * @param com Another certificate of membership
+	 * @return True if supplied COM agrees with ours, false if not or if we don't have one
+	 */
+	bool networkMembershipCertificatesAgree(uint64_t nwid,const CertificateOfMembership &com) const;
+
+	/**
+	 * Check the validity of the COM and add/update if valid and new
+	 *
+	 * @param nwid Network ID
+	 * @param com Externally supplied COM
+	 */
+	bool validateAndSetNetworkMembershipCertificate(uint64_t nwid,const CertificateOfMembership &com);
+
+	/**
+	 * @param nwid Network ID
+	 * @param now Current time
+	 * @param updateLastPushedTime If true, go ahead and update the last pushed time regardless of return value
+	 * @return Whether or not this peer needs another COM push from us
+	 */
+	bool needsOurNetworkMembershipCertificate(uint64_t nwid,uint64_t now,bool updateLastPushedTime);
+
+	/**
+	 * Perform periodic cleaning operations
+	 *
+	 * @param now Current time
+	 */
+	void clean(uint64_t now);
+
+	/**
+	 * Update direct path push stats and return true if we should respond
+	 *
+	 * This is a circuit breaker to make VERB_PUSH_DIRECT_PATHS not particularly
+	 * useful as a DDOS amplification attack vector. Otherwise a malicious peer
+	 * could send loads of these and cause others to bombard arbitrary IPs with
+	 * traffic.
+	 *
+	 * @param now Current time
+	 * @return True if we should respond
+	 */
+	inline bool shouldRespondToDirectPathPush(const uint64_t now)
+	{
+		if ((now - _lastDirectPathPushReceive) <= ZT_PUSH_DIRECT_PATHS_CUTOFF_TIME)
+			++_directPathPushCutoffCount;
+		else _directPathPushCutoffCount = 0;
+		_lastDirectPathPushReceive = now;
+		return (_directPathPushCutoffCount < ZT_PUSH_DIRECT_PATHS_CUTOFF_LIMIT);
+	}
+
+	/**
+	 * Find a common set of addresses by which two peers can link, if any
+	 *
+	 * @param a Peer A
+	 * @param b Peer B
+	 * @param now Current time
+	 * @return Pair: B's address (to send to A), A's address (to send to B)
+	 */
+	static inline std::pair<InetAddress,InetAddress> findCommonGround(const Peer &a,const Peer &b,uint64_t now)
+	{
+		std::pair<InetAddress,InetAddress> v4,v6;
+		b.getBestActiveAddresses(now,v4.first,v6.first);
+		a.getBestActiveAddresses(now,v4.second,v6.second);
+		if ((v6.first)&&(v6.second)) // prefer IPv6 if both have it since NAT-t is (almost) unnecessary
+			return v6;
+		else if ((v4.first)&&(v4.second))
+			return v4;
+		else return std::pair<InetAddress,InetAddress>();
+	}
+
+	template<unsigned int C>
+	inline void serialize(Buffer<C> &b) const
+	{
+		Mutex::Lock _l(_networkComs_m);
+
+		const unsigned int recSizePos = b.size();
+		b.addSize(4); // space for uint32_t field length
+
+		b.append((uint16_t)1); // version of serialized Peer data
+
+		_id.serialize(b,false);
+
+		b.append((uint64_t)_lastUsed);
+		b.append((uint64_t)_lastReceive);
+		b.append((uint64_t)_lastUnicastFrame);
+		b.append((uint64_t)_lastMulticastFrame);
+		b.append((uint64_t)_lastAnnouncedTo);
+		b.append((uint64_t)_lastDirectPathPushSent);
+		b.append((uint64_t)_lastDirectPathPushReceive);
+		b.append((uint64_t)_lastPathSort);
+		b.append((uint16_t)_vProto);
+		b.append((uint16_t)_vMajor);
+		b.append((uint16_t)_vMinor);
+		b.append((uint16_t)_vRevision);
+		b.append((uint32_t)_latency);
+		b.append((uint16_t)_directPathPushCutoffCount);
+
+		b.append((uint16_t)_numPaths);
+		for(unsigned int i=0;i<_numPaths;++i)
+			_paths[i].serialize(b);
+
+		b.append((uint32_t)_networkComs.size());
+		{
+			uint64_t *k = (uint64_t *)0;
+			_NetworkCom *v = (_NetworkCom *)0;
+			Hashtable<uint64_t,_NetworkCom>::Iterator i(const_cast<Peer *>(this)->_networkComs);
+			while (i.next(k,v)) {
+				b.append((uint64_t)*k);
+				b.append((uint64_t)v->ts);
+				v->com.serialize(b);
+			}
+		}
+
+		b.append((uint32_t)_lastPushedComs.size());
+		{
+			uint64_t *k = (uint64_t *)0;
+			uint64_t *v = (uint64_t *)0;
+			Hashtable<uint64_t,uint64_t>::Iterator i(const_cast<Peer *>(this)->_lastPushedComs);
+			while (i.next(k,v)) {
+				b.append((uint64_t)*k);
+				b.append((uint64_t)*v);
+			}
+		}
+
+		b.template setAt<uint32_t>(recSizePos,(uint32_t)(b.size() - (recSizePos + 4))); // set size
+	}
+
+	/**
+	 * Create a new Peer from a serialized instance
+	 *
+	 * @param renv Runtime environment
+	 * @param myIdentity This node's identity
+	 * @param b Buffer containing serialized Peer data
+	 * @param p Pointer to current position in buffer, will be updated in place as buffer is read (value/result)
+	 * @return New instance of Peer or NULL if serialized data was corrupt or otherwise invalid (may also throw an exception via Buffer)
+	 */
+	template<unsigned int C>
+	static inline SharedPtr<Peer> deserializeNew(const RuntimeEnvironment *renv,const Identity &myIdentity,const Buffer<C> &b,unsigned int &p)
+	{
+		const unsigned int recSize = b.template at<uint32_t>(p); p += 4;
+		if ((p + recSize) > b.size())
+			return SharedPtr<Peer>(); // size invalid
+		if (b.template at<uint16_t>(p) != 1)
+			return SharedPtr<Peer>(); // version mismatch
+		p += 2;
+
+		Identity npid;
+		p += npid.deserialize(b,p);
+		if (!npid)
+			return SharedPtr<Peer>();
+
+		SharedPtr<Peer> np(new Peer(renv,myIdentity,npid));
+
+		np->_lastUsed = b.template at<uint64_t>(p); p += 8;
+		np->_lastReceive = b.template at<uint64_t>(p); p += 8;
+		np->_lastUnicastFrame = b.template at<uint64_t>(p); p += 8;
+		np->_lastMulticastFrame = b.template at<uint64_t>(p); p += 8;
+		np->_lastAnnouncedTo = b.template at<uint64_t>(p); p += 8;
+		np->_lastDirectPathPushSent = b.template at<uint64_t>(p); p += 8;
+		np->_lastDirectPathPushReceive = b.template at<uint64_t>(p); p += 8;
+		np->_lastPathSort = b.template at<uint64_t>(p); p += 8;
+		np->_vProto = b.template at<uint16_t>(p); p += 2;
+		np->_vMajor = b.template at<uint16_t>(p); p += 2;
+		np->_vMinor = b.template at<uint16_t>(p); p += 2;
+		np->_vRevision = b.template at<uint16_t>(p); p += 2;
+		np->_latency = b.template at<uint32_t>(p); p += 4;
+		np->_directPathPushCutoffCount = b.template at<uint16_t>(p); p += 2;
+
+		const unsigned int numPaths = b.template at<uint16_t>(p); p += 2;
+		for(unsigned int i=0;i<numPaths;++i) {
+			if (i < ZT_MAX_PEER_NETWORK_PATHS) {
+				p += np->_paths[np->_numPaths++].deserialize(b,p);
+			} else {
+				// Skip any paths beyond max, but still read stream
+				Path foo;
+				p += foo.deserialize(b,p);
+			}
+		}
+
+		const unsigned int numNetworkComs = b.template at<uint32_t>(p); p += 4;
+		for(unsigned int i=0;i<numNetworkComs;++i) {
+			_NetworkCom &c = np->_networkComs[b.template at<uint64_t>(p)]; p += 8;
+			c.ts = b.template at<uint64_t>(p); p += 8;
+			p += c.com.deserialize(b,p);
+		}
+
+		const unsigned int numLastPushed = b.template at<uint32_t>(p); p += 4;
+		for(unsigned int i=0;i<numLastPushed;++i) {
+			const uint64_t nwid = b.template at<uint64_t>(p); p += 8;
+			const uint64_t ts = b.template at<uint64_t>(p); p += 8;
+			np->_lastPushedComs.set(nwid,ts);
+		}
+
+		return np;
+	}
+
+private:
+	void _doDeadPathDetection(Path &p,const uint64_t now);
+	Path *_getBestPath(const uint64_t now);
+	Path *_getBestPath(const uint64_t now,int inetAddressFamily);
+
+	unsigned char _key[ZT_PEER_SECRET_KEY_LENGTH]; // computed with key agreement, not serialized
+
+	const RuntimeEnvironment *RR;
+	uint64_t _lastUsed;
+	uint64_t _lastReceive; // direct or indirect
+	uint64_t _lastUnicastFrame;
+	uint64_t _lastMulticastFrame;
+	uint64_t _lastAnnouncedTo;
+	uint64_t _lastDirectPathPushSent;
+	uint64_t _lastDirectPathPushReceive;
+	uint64_t _lastPathSort;
+	uint16_t _vProto;
+	uint16_t _vMajor;
+	uint16_t _vMinor;
+	uint16_t _vRevision;
+	Identity _id;
+	Path _paths[ZT_MAX_PEER_NETWORK_PATHS];
+	unsigned int _numPaths;
+	unsigned int _latency;
+	unsigned int _directPathPushCutoffCount;
+
+	struct _NetworkCom
+	{
+		_NetworkCom() {}
+		_NetworkCom(uint64_t t,const CertificateOfMembership &c) : ts(t),com(c) {}
+		uint64_t ts;
+		CertificateOfMembership com;
+	};
+	Hashtable<uint64_t,_NetworkCom> _networkComs;
+	Hashtable<uint64_t,uint64_t> _lastPushedComs;
+	Mutex _networkComs_m;
+
+	AtomicCounter __refCount;
+};
+
+} // namespace ZeroTier
+
+// Add a swap() for shared ptr's to peers to speed up peer sorts
+namespace std {
+	template<>
+	inline void swap(ZeroTier::SharedPtr<ZeroTier::Peer> &a,ZeroTier::SharedPtr<ZeroTier::Peer> &b)
+	{
+		a.swap(b);
+	}
+}
+
+#endif
diff --git a/node/Poly1305.cpp b/node/Poly1305.cpp
new file mode 100644
index 0000000..b78071f
--- /dev/null
+++ b/node/Poly1305.cpp
@@ -0,0 +1,628 @@
+/*
+20080912
+D. J. Bernstein
+Public domain.
+*/
+
+#include "Constants.hpp"
+#include "Poly1305.hpp"
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef __WINDOWS__
+#pragma warning(disable: 4146)
+#endif
+
+namespace ZeroTier {
+
+#if 0
+
+// "Naive" implementation, which is slower... might still want this on some older
+// or weird platforms if the later versions have issues.
+
+static inline void add(unsigned int h[17],const unsigned int c[17])
+{
+  unsigned int j;
+  unsigned int u;
+  u = 0;
+  for (j = 0;j < 17;++j) { u += h[j] + c[j]; h[j] = u & 255; u >>= 8; }
+}
+
+static inline void squeeze(unsigned int h[17])
+{
+  unsigned int j;
+  unsigned int u;
+  u = 0;
+  for (j = 0;j < 16;++j) { u += h[j]; h[j] = u & 255; u >>= 8; }
+  u += h[16]; h[16] = u & 3;
+  u = 5 * (u >> 2);
+  for (j = 0;j < 16;++j) { u += h[j]; h[j] = u & 255; u >>= 8; }
+  u += h[16]; h[16] = u;
+}
+
+static const unsigned int minusp[17] = {
+  5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 252
+} ;
+
+static inline void freeze(unsigned int h[17])
+{
+  unsigned int horig[17];
+  unsigned int j;
+  unsigned int negative;
+  for (j = 0;j < 17;++j) horig[j] = h[j];
+  add(h,minusp);
+  negative = -(h[16] >> 7);
+  for (j = 0;j < 17;++j) h[j] ^= negative & (horig[j] ^ h[j]);
+}
+
+static inline void mulmod(unsigned int h[17],const unsigned int r[17])
+{
+  unsigned int hr[17];
+  unsigned int i;
+  unsigned int j;
+  unsigned int u;
+
+  for (i = 0;i < 17;++i) {
+    u = 0;
+    for (j = 0;j <= i;++j) u += h[j] * r[i - j];
+    for (j = i + 1;j < 17;++j) u += 320 * h[j] * r[i + 17 - j];
+    hr[i] = u;
+  }
+  for (i = 0;i < 17;++i) h[i] = hr[i];
+  squeeze(h);
+}
+
+static inline int crypto_onetimeauth(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
+{
+  unsigned int j;
+  unsigned int r[17];
+  unsigned int h[17];
+  unsigned int c[17];
+
+  r[0] = k[0];
+  r[1] = k[1];
+  r[2] = k[2];
+  r[3] = k[3] & 15;
+  r[4] = k[4] & 252;
+  r[5] = k[5];
+  r[6] = k[6];
+  r[7] = k[7] & 15;
+  r[8] = k[8] & 252;
+  r[9] = k[9];
+  r[10] = k[10];
+  r[11] = k[11] & 15;
+  r[12] = k[12] & 252;
+  r[13] = k[13];
+  r[14] = k[14];
+  r[15] = k[15] & 15;
+  r[16] = 0;
+
+  for (j = 0;j < 17;++j) h[j] = 0;
+
+  while (inlen > 0) {
+    for (j = 0;j < 17;++j) c[j] = 0;
+    for (j = 0;(j < 16) && (j < inlen);++j) c[j] = in[j];
+    c[j] = 1;
+    in += j; inlen -= j;
+    add(h,c);
+    mulmod(h,r);
+  }
+
+  freeze(h);
+
+  for (j = 0;j < 16;++j) c[j] = k[j + 16];
+  c[16] = 0;
+  add(h,c);
+  for (j = 0;j < 16;++j) out[j] = h[j];
+  return 0;
+}
+
+void Poly1305::compute(void *auth,const void *data,unsigned int len,const void *key)
+	throw()
+{
+	crypto_onetimeauth((unsigned char *)auth,(const unsigned char *)data,len,(const unsigned char *)key);
+}
+
+#endif
+
+namespace {
+
+typedef struct poly1305_context {
+  size_t aligner;
+  unsigned char opaque[136];
+} poly1305_context;
+
+#if (defined(_MSC_VER) || defined(__GNUC__)) && (defined(__amd64) || defined(__amd64__) || defined(__x86_64) || defined(__x86_64__) || defined(__AMD64) || defined(__AMD64__))
+
+//////////////////////////////////////////////////////////////////////////////
+// 128-bit implementation for MSC and GCC from Poly1305-donna
+
+#if defined(_MSC_VER)
+  #include <intrin.h>
+
+  typedef struct uint128_t {
+    unsigned long long lo;
+    unsigned long long hi;
+  } uint128_t;
+
+  #define MUL(out, x, y) out.lo = _umul128((x), (y), &out.hi)
+  #define ADD(out, in) { unsigned long long t = out.lo; out.lo += in.lo; out.hi += (out.lo < t) + in.hi; }
+  #define ADDLO(out, in) { unsigned long long t = out.lo; out.lo += in; out.hi += (out.lo < t); }
+  #define SHR(in, shift) (__shiftright128(in.lo, in.hi, (shift)))
+  #define LO(in) (in.lo)
+
+//  #define POLY1305_NOINLINE __declspec(noinline)
+#elif defined(__GNUC__)
+  #if defined(__SIZEOF_INT128__)
+    typedef unsigned __int128 uint128_t;
+  #else
+    typedef unsigned uint128_t __attribute__((mode(TI)));
+  #endif
+
+  #define MUL(out, x, y) out = ((uint128_t)x * y)
+  #define ADD(out, in) out += in
+  #define ADDLO(out, in) out += in
+  #define SHR(in, shift) (unsigned long long)(in >> (shift))
+  #define LO(in) (unsigned long long)(in)
+
+//  #define POLY1305_NOINLINE __attribute__((noinline))
+#endif
+
+#define poly1305_block_size 16
+
+/* 17 + sizeof(size_t) + 8*sizeof(unsigned long long) */
+typedef struct poly1305_state_internal_t {
+  unsigned long long r[3];
+  unsigned long long h[3];
+  unsigned long long pad[2];
+  size_t leftover;
+  unsigned char buffer[poly1305_block_size];
+  unsigned char final;
+} poly1305_state_internal_t;
+
+/* interpret eight 8 bit unsigned integers as a 64 bit unsigned integer in little endian */
+static inline unsigned long long
+U8TO64(const unsigned char *p) {
+  return
+    (((unsigned long long)(p[0] & 0xff)      ) |
+     ((unsigned long long)(p[1] & 0xff) <<  8) |
+     ((unsigned long long)(p[2] & 0xff) << 16) |
+     ((unsigned long long)(p[3] & 0xff) << 24) |
+     ((unsigned long long)(p[4] & 0xff) << 32) |
+     ((unsigned long long)(p[5] & 0xff) << 40) |
+     ((unsigned long long)(p[6] & 0xff) << 48) |
+     ((unsigned long long)(p[7] & 0xff) << 56));
+}
+
+/* store a 64 bit unsigned integer as eight 8 bit unsigned integers in little endian */
+static inline void
+U64TO8(unsigned char *p, unsigned long long v) {
+  p[0] = (v      ) & 0xff;
+  p[1] = (v >>  8) & 0xff;
+  p[2] = (v >> 16) & 0xff;
+  p[3] = (v >> 24) & 0xff;
+  p[4] = (v >> 32) & 0xff;
+  p[5] = (v >> 40) & 0xff;
+  p[6] = (v >> 48) & 0xff;
+  p[7] = (v >> 56) & 0xff;
+}
+
+static inline void
+poly1305_init(poly1305_context *ctx, const unsigned char key[32]) {
+  poly1305_state_internal_t *st = (poly1305_state_internal_t *)ctx;
+  unsigned long long t0,t1;
+
+  /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
+  t0 = U8TO64(&key[0]);
+  t1 = U8TO64(&key[8]);
+
+  st->r[0] = ( t0                    ) & 0xffc0fffffff;
+  st->r[1] = ((t0 >> 44) | (t1 << 20)) & 0xfffffc0ffff;
+  st->r[2] = ((t1 >> 24)             ) & 0x00ffffffc0f;
+
+  /* h = 0 */
+  st->h[0] = 0;
+  st->h[1] = 0;
+  st->h[2] = 0;
+
+  /* save pad for later */
+  st->pad[0] = U8TO64(&key[16]);
+  st->pad[1] = U8TO64(&key[24]);
+
+  st->leftover = 0;
+  st->final = 0;
+}
+
+static inline void
+poly1305_blocks(poly1305_state_internal_t *st, const unsigned char *m, size_t bytes) {
+  const unsigned long long hibit = (st->final) ? 0 : ((unsigned long long)1 << 40); /* 1 << 128 */
+  unsigned long long r0,r1,r2;
+  unsigned long long s1,s2;
+  unsigned long long h0,h1,h2;
+  unsigned long long c;
+  uint128_t d0,d1,d2,d;
+
+  r0 = st->r[0];
+  r1 = st->r[1];
+  r2 = st->r[2];
+
+  h0 = st->h[0];
+  h1 = st->h[1];
+  h2 = st->h[2];
+
+  s1 = r1 * (5 << 2);
+  s2 = r2 * (5 << 2);
+
+  while (bytes >= poly1305_block_size) {
+    unsigned long long t0,t1;
+
+    /* h += m[i] */
+    t0 = U8TO64(&m[0]);
+    t1 = U8TO64(&m[8]);
+
+    h0 += (( t0                    ) & 0xfffffffffff);
+    h1 += (((t0 >> 44) | (t1 << 20)) & 0xfffffffffff);
+    h2 += (((t1 >> 24)             ) & 0x3ffffffffff) | hibit;
+
+    /* h *= r */
+    MUL(d0, h0, r0); MUL(d, h1, s2); ADD(d0, d); MUL(d, h2, s1); ADD(d0, d);
+    MUL(d1, h0, r1); MUL(d, h1, r0); ADD(d1, d); MUL(d, h2, s2); ADD(d1, d);
+    MUL(d2, h0, r2); MUL(d, h1, r1); ADD(d2, d); MUL(d, h2, r0); ADD(d2, d);
+
+    /* (partial) h %= p */
+                  c = SHR(d0, 44); h0 = LO(d0) & 0xfffffffffff;
+    ADDLO(d1, c); c = SHR(d1, 44); h1 = LO(d1) & 0xfffffffffff;
+    ADDLO(d2, c); c = SHR(d2, 42); h2 = LO(d2) & 0x3ffffffffff;
+    h0  += c * 5; c = (h0 >> 44);  h0 =    h0  & 0xfffffffffff;
+    h1  += c;
+
+    m += poly1305_block_size;
+    bytes -= poly1305_block_size;
+  }
+
+  st->h[0] = h0;
+  st->h[1] = h1;
+  st->h[2] = h2;
+}
+
+static inline void
+poly1305_finish(poly1305_context *ctx, unsigned char mac[16]) {
+  poly1305_state_internal_t *st = (poly1305_state_internal_t *)ctx;
+  unsigned long long h0,h1,h2,c;
+  unsigned long long g0,g1,g2;
+  unsigned long long t0,t1;
+
+  /* process the remaining block */
+  if (st->leftover) {
+    size_t i = st->leftover;
+    st->buffer[i] = 1;
+    for (i = i + 1; i < poly1305_block_size; i++)
+      st->buffer[i] = 0;
+    st->final = 1;
+    poly1305_blocks(st, st->buffer, poly1305_block_size);
+  }
+
+  /* fully carry h */
+  h0 = st->h[0];
+  h1 = st->h[1];
+  h2 = st->h[2];
+
+               c = (h1 >> 44); h1 &= 0xfffffffffff;
+  h2 += c;     c = (h2 >> 42); h2 &= 0x3ffffffffff;
+  h0 += c * 5; c = (h0 >> 44); h0 &= 0xfffffffffff;
+  h1 += c;     c = (h1 >> 44); h1 &= 0xfffffffffff;
+  h2 += c;     c = (h2 >> 42); h2 &= 0x3ffffffffff;
+  h0 += c * 5; c = (h0 >> 44); h0 &= 0xfffffffffff;
+  h1 += c;
+
+  /* compute h + -p */
+  g0 = h0 + 5; c = (g0 >> 44); g0 &= 0xfffffffffff;
+  g1 = h1 + c; c = (g1 >> 44); g1 &= 0xfffffffffff;
+  g2 = h2 + c - ((unsigned long long)1 << 42);
+
+  /* select h if h < p, or h + -p if h >= p */
+  c = (g2 >> ((sizeof(unsigned long long) * 8) - 1)) - 1;
+  g0 &= c;
+  g1 &= c;
+  g2 &= c;
+  c = ~c;
+  h0 = (h0 & c) | g0;
+  h1 = (h1 & c) | g1;
+  h2 = (h2 & c) | g2;
+
+  /* h = (h + pad) */
+  t0 = st->pad[0];
+  t1 = st->pad[1];
+
+  h0 += (( t0                    ) & 0xfffffffffff)    ; c = (h0 >> 44); h0 &= 0xfffffffffff;
+  h1 += (((t0 >> 44) | (t1 << 20)) & 0xfffffffffff) + c; c = (h1 >> 44); h1 &= 0xfffffffffff;
+  h2 += (((t1 >> 24)             ) & 0x3ffffffffff) + c;                 h2 &= 0x3ffffffffff;
+
+  /* mac = h % (2^128) */
+  h0 = ((h0      ) | (h1 << 44));
+  h1 = ((h1 >> 20) | (h2 << 24));
+
+  U64TO8(&mac[0], h0);
+  U64TO8(&mac[8], h1);
+
+  /* zero out the state */
+  st->h[0] = 0;
+  st->h[1] = 0;
+  st->h[2] = 0;
+  st->r[0] = 0;
+  st->r[1] = 0;
+  st->r[2] = 0;
+  st->pad[0] = 0;
+  st->pad[1] = 0;
+}
+
+//////////////////////////////////////////////////////////////////////////////
+
+#else
+
+//////////////////////////////////////////////////////////////////////////////
+// More portable 64-bit implementation
+
+#define poly1305_block_size 16
+
+/* 17 + sizeof(size_t) + 14*sizeof(unsigned long) */
+typedef struct poly1305_state_internal_t {
+  unsigned long r[5];
+  unsigned long h[5];
+  unsigned long pad[4];
+  size_t leftover;
+  unsigned char buffer[poly1305_block_size];
+  unsigned char final;
+} poly1305_state_internal_t;
+
+/* interpret four 8 bit unsigned integers as a 32 bit unsigned integer in little endian */
+static unsigned long
+U8TO32(const unsigned char *p) {
+  return
+    (((unsigned long)(p[0] & 0xff)      ) |
+       ((unsigned long)(p[1] & 0xff) <<  8) |
+         ((unsigned long)(p[2] & 0xff) << 16) |
+         ((unsigned long)(p[3] & 0xff) << 24));
+}
+
+/* store a 32 bit unsigned integer as four 8 bit unsigned integers in little endian */
+static void
+U32TO8(unsigned char *p, unsigned long v) {
+  p[0] = (v      ) & 0xff;
+  p[1] = (v >>  8) & 0xff;
+  p[2] = (v >> 16) & 0xff;
+  p[3] = (v >> 24) & 0xff;
+}
+
+static inline void
+poly1305_init(poly1305_context *ctx, const unsigned char key[32]) {
+  poly1305_state_internal_t *st = (poly1305_state_internal_t *)ctx;
+
+  /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
+  st->r[0] = (U8TO32(&key[ 0])     ) & 0x3ffffff;
+  st->r[1] = (U8TO32(&key[ 3]) >> 2) & 0x3ffff03;
+  st->r[2] = (U8TO32(&key[ 6]) >> 4) & 0x3ffc0ff;
+  st->r[3] = (U8TO32(&key[ 9]) >> 6) & 0x3f03fff;
+  st->r[4] = (U8TO32(&key[12]) >> 8) & 0x00fffff;
+
+  /* h = 0 */
+  st->h[0] = 0;
+  st->h[1] = 0;
+  st->h[2] = 0;
+  st->h[3] = 0;
+  st->h[4] = 0;
+
+  /* save pad for later */
+  st->pad[0] = U8TO32(&key[16]);
+  st->pad[1] = U8TO32(&key[20]);
+  st->pad[2] = U8TO32(&key[24]);
+  st->pad[3] = U8TO32(&key[28]);
+
+  st->leftover = 0;
+  st->final = 0;
+}
+
+static inline void
+poly1305_blocks(poly1305_state_internal_t *st, const unsigned char *m, size_t bytes) {
+  const unsigned long hibit = (st->final) ? 0 : (1 << 24); /* 1 << 128 */
+  unsigned long r0,r1,r2,r3,r4;
+  unsigned long s1,s2,s3,s4;
+  unsigned long h0,h1,h2,h3,h4;
+  unsigned long long d0,d1,d2,d3,d4;
+  unsigned long c;
+
+  r0 = st->r[0];
+  r1 = st->r[1];
+  r2 = st->r[2];
+  r3 = st->r[3];
+  r4 = st->r[4];
+
+  s1 = r1 * 5;
+  s2 = r2 * 5;
+  s3 = r3 * 5;
+  s4 = r4 * 5;
+
+  h0 = st->h[0];
+  h1 = st->h[1];
+  h2 = st->h[2];
+  h3 = st->h[3];
+  h4 = st->h[4];
+
+  while (bytes >= poly1305_block_size) {
+    /* h += m[i] */
+    h0 += (U8TO32(m+ 0)     ) & 0x3ffffff;
+    h1 += (U8TO32(m+ 3) >> 2) & 0x3ffffff;
+    h2 += (U8TO32(m+ 6) >> 4) & 0x3ffffff;
+    h3 += (U8TO32(m+ 9) >> 6) & 0x3ffffff;
+    h4 += (U8TO32(m+12) >> 8) | hibit;
+
+    /* h *= r */
+    d0 = ((unsigned long long)h0 * r0) + ((unsigned long long)h1 * s4) + ((unsigned long long)h2 * s3) + ((unsigned long long)h3 * s2) + ((unsigned long long)h4 * s1);
+    d1 = ((unsigned long long)h0 * r1) + ((unsigned long long)h1 * r0) + ((unsigned long long)h2 * s4) + ((unsigned long long)h3 * s3) + ((unsigned long long)h4 * s2);
+    d2 = ((unsigned long long)h0 * r2) + ((unsigned long long)h1 * r1) + ((unsigned long long)h2 * r0) + ((unsigned long long)h3 * s4) + ((unsigned long long)h4 * s3);
+    d3 = ((unsigned long long)h0 * r3) + ((unsigned long long)h1 * r2) + ((unsigned long long)h2 * r1) + ((unsigned long long)h3 * r0) + ((unsigned long long)h4 * s4);
+    d4 = ((unsigned long long)h0 * r4) + ((unsigned long long)h1 * r3) + ((unsigned long long)h2 * r2) + ((unsigned long long)h3 * r1) + ((unsigned long long)h4 * r0);
+
+    /* (partial) h %= p */
+                  c = (unsigned long)(d0 >> 26); h0 = (unsigned long)d0 & 0x3ffffff;
+    d1 += c;      c = (unsigned long)(d1 >> 26); h1 = (unsigned long)d1 & 0x3ffffff;
+    d2 += c;      c = (unsigned long)(d2 >> 26); h2 = (unsigned long)d2 & 0x3ffffff;
+    d3 += c;      c = (unsigned long)(d3 >> 26); h3 = (unsigned long)d3 & 0x3ffffff;
+    d4 += c;      c = (unsigned long)(d4 >> 26); h4 = (unsigned long)d4 & 0x3ffffff;
+    h0 += c * 5;  c =                (h0 >> 26); h0 =                h0 & 0x3ffffff;
+    h1 += c;
+
+    m += poly1305_block_size;
+    bytes -= poly1305_block_size;
+  }
+
+  st->h[0] = h0;
+  st->h[1] = h1;
+  st->h[2] = h2;
+  st->h[3] = h3;
+  st->h[4] = h4;
+}
+
+static inline void
+poly1305_finish(poly1305_context *ctx, unsigned char mac[16]) {
+  poly1305_state_internal_t *st = (poly1305_state_internal_t *)ctx;
+  unsigned long h0,h1,h2,h3,h4,c;
+  unsigned long g0,g1,g2,g3,g4;
+  unsigned long long f;
+  unsigned long mask;
+
+  /* process the remaining block */
+  if (st->leftover) {
+    size_t i = st->leftover;
+    st->buffer[i++] = 1;
+    for (; i < poly1305_block_size; i++)
+      st->buffer[i] = 0;
+    st->final = 1;
+    poly1305_blocks(st, st->buffer, poly1305_block_size);
+  }
+
+  /* fully carry h */
+  h0 = st->h[0];
+  h1 = st->h[1];
+  h2 = st->h[2];
+  h3 = st->h[3];
+  h4 = st->h[4];
+
+               c = h1 >> 26; h1 = h1 & 0x3ffffff;
+  h2 +=     c; c = h2 >> 26; h2 = h2 & 0x3ffffff;
+  h3 +=     c; c = h3 >> 26; h3 = h3 & 0x3ffffff;
+  h4 +=     c; c = h4 >> 26; h4 = h4 & 0x3ffffff;
+  h0 += c * 5; c = h0 >> 26; h0 = h0 & 0x3ffffff;
+  h1 +=     c;
+
+  /* compute h + -p */
+  g0 = h0 + 5; c = g0 >> 26; g0 &= 0x3ffffff;
+  g1 = h1 + c; c = g1 >> 26; g1 &= 0x3ffffff;
+  g2 = h2 + c; c = g2 >> 26; g2 &= 0x3ffffff;
+  g3 = h3 + c; c = g3 >> 26; g3 &= 0x3ffffff;
+  g4 = h4 + c - (1 << 26);
+
+  /* select h if h < p, or h + -p if h >= p */
+  mask = (g4 >> ((sizeof(unsigned long) * 8) - 1)) - 1;
+  g0 &= mask;
+  g1 &= mask;
+  g2 &= mask;
+  g3 &= mask;
+  g4 &= mask;
+  mask = ~mask;
+  h0 = (h0 & mask) | g0;
+  h1 = (h1 & mask) | g1;
+  h2 = (h2 & mask) | g2;
+  h3 = (h3 & mask) | g3;
+  h4 = (h4 & mask) | g4;
+
+  /* h = h % (2^128) */
+  h0 = ((h0      ) | (h1 << 26)) & 0xffffffff;
+  h1 = ((h1 >>  6) | (h2 << 20)) & 0xffffffff;
+  h2 = ((h2 >> 12) | (h3 << 14)) & 0xffffffff;
+  h3 = ((h3 >> 18) | (h4 <<  8)) & 0xffffffff;
+
+  /* mac = (h + pad) % (2^128) */
+  f = (unsigned long long)h0 + st->pad[0]            ; h0 = (unsigned long)f;
+  f = (unsigned long long)h1 + st->pad[1] + (f >> 32); h1 = (unsigned long)f;
+  f = (unsigned long long)h2 + st->pad[2] + (f >> 32); h2 = (unsigned long)f;
+  f = (unsigned long long)h3 + st->pad[3] + (f >> 32); h3 = (unsigned long)f;
+
+  U32TO8(mac +  0, h0);
+  U32TO8(mac +  4, h1);
+  U32TO8(mac +  8, h2);
+  U32TO8(mac + 12, h3);
+
+  /* zero out the state */
+  st->h[0] = 0;
+  st->h[1] = 0;
+  st->h[2] = 0;
+  st->h[3] = 0;
+  st->h[4] = 0;
+  st->r[0] = 0;
+  st->r[1] = 0;
+  st->r[2] = 0;
+  st->r[3] = 0;
+  st->r[4] = 0;
+  st->pad[0] = 0;
+  st->pad[1] = 0;
+  st->pad[2] = 0;
+  st->pad[3] = 0;
+}
+
+//////////////////////////////////////////////////////////////////////////////
+
+#endif // MSC/GCC or not
+
+static inline void
+poly1305_update(poly1305_context *ctx, const unsigned char *m, size_t bytes) {
+  poly1305_state_internal_t *st = (poly1305_state_internal_t *)ctx;
+  size_t i;
+
+  /* handle leftover */
+  if (st->leftover) {
+    size_t want = (poly1305_block_size - st->leftover);
+    if (want > bytes)
+      want = bytes;
+    for (i = 0; i < want; i++)
+      st->buffer[st->leftover + i] = m[i];
+    bytes -= want;
+    m += want;
+    st->leftover += want;
+    if (st->leftover < poly1305_block_size)
+      return;
+    poly1305_blocks(st, st->buffer, poly1305_block_size);
+    st->leftover = 0;
+  }
+
+  /* process full blocks */
+  if (bytes >= poly1305_block_size) {
+    size_t want = (bytes & ~(poly1305_block_size - 1));
+    poly1305_blocks(st, m, want);
+    m += want;
+    bytes -= want;
+  }
+
+  /* store leftover */
+  if (bytes) {
+    for (i = 0; i < bytes; i++)
+      st->buffer[st->leftover + i] = m[i];
+    st->leftover += bytes;
+  }
+}
+
+} // anonymous namespace
+
+void Poly1305::compute(void *auth,const void *data,unsigned int len,const void *key)
+  throw()
+{
+  poly1305_context ctx;
+  poly1305_init(&ctx,reinterpret_cast<const unsigned char *>(key));
+  poly1305_update(&ctx,reinterpret_cast<const unsigned char *>(data),(size_t)len);
+  poly1305_finish(&ctx,reinterpret_cast<unsigned char *>(auth));
+}
+
+} // namespace ZeroTier
diff --git a/node/Poly1305.hpp b/node/Poly1305.hpp
new file mode 100644
index 0000000..62d5754
--- /dev/null
+++ b/node/Poly1305.hpp
@@ -0,0 +1,55 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_POLY1305_HPP
+#define ZT_POLY1305_HPP
+
+namespace ZeroTier {
+
+#define ZT_POLY1305_KEY_LEN 32
+#define ZT_POLY1305_MAC_LEN 16
+
+/**
+ * Poly1305 one-time authentication code
+ *
+ * This takes a one-time-use 32-byte key and generates a 16-byte message
+ * authentication code. The key must never be re-used for a different
+ * message.
+ *
+ * In Packet this is done by using the first 32 bytes of the stream cipher
+ * keystream as a one-time-use key. These 32 bytes are then discarded and
+ * the packet is encrypted with the next N bytes.
+ */
+class Poly1305
+{
+public:
+	/**
+	 * Compute a one-time authentication code
+	 *
+	 * @param auth Buffer to receive code -- MUST be 16 bytes in length
+	 * @param data Data to authenticate
+	 * @param len Length of data to authenticate in bytes
+	 * @param key 32-byte one-time use key to authenticate data (must not be reused)
+	 */
+	static void compute(void *auth,const void *data,unsigned int len,const void *key)
+		throw();
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/README.md b/node/README.md
new file mode 100644
index 0000000..01378c7
--- /dev/null
+++ b/node/README.md
@@ -0,0 +1,14 @@
+ZeroTier Virtual Switch Core
+======
+
+This directory contains the *real* ZeroTier: a completely OS-independent global virtual Ethernet switch engine. This is where the magic happens.
+
+Give it wire packets and it gives you Ethernet packets, and vice versa. The core contains absolutely no actual I/O, port configuration, or other OS-specific code (except Utils::getSecureRandom()). It provides a simple C API via [/include/ZeroTierOne.h](../include/ZeroTierOne.h). It's designed to be small and maximally portable for future use on small embedded and special purpose systems.
+
+Code in here follows these guidelines:
+
+ - Keep it minimal, especially in terms of code footprint and memory use.
+ - There should be no OS-dependent code here unless absolutely necessary (e.g. getSecureRandom).
+ - If it's not part of the core virtual Ethernet switch it does not belong here.
+ - No C++11 or C++14 since older and embedded compilers don't support it yet and this should be maximally portable.
+ - Minimize the use of complex C++ features since at some point we might end up "minus-minus'ing" this code if doing so proves necessary to port to tiny embedded systems.
diff --git a/node/RuntimeEnvironment.hpp b/node/RuntimeEnvironment.hpp
new file mode 100644
index 0000000..1f52773
--- /dev/null
+++ b/node/RuntimeEnvironment.hpp
@@ -0,0 +1,98 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_RUNTIMEENVIRONMENT_HPP
+#define ZT_RUNTIMEENVIRONMENT_HPP
+
+#include <string>
+
+#include "Constants.hpp"
+#include "Identity.hpp"
+#include "Mutex.hpp"
+
+namespace ZeroTier {
+
+class NodeConfig;
+class Switch;
+class Topology;
+class Node;
+class Multicaster;
+class NetworkController;
+class SelfAwareness;
+class Cluster;
+class DeferredPackets;
+
+/**
+ * Holds global state for an instance of ZeroTier::Node
+ */
+class RuntimeEnvironment
+{
+public:
+	RuntimeEnvironment(Node *n) :
+		node(n)
+		,identity()
+		,localNetworkController((NetworkController *)0)
+		,sw((Switch *)0)
+		,mc((Multicaster *)0)
+		,topology((Topology *)0)
+		,sa((SelfAwareness *)0)
+		,dp((DeferredPackets *)0)
+#ifdef ZT_ENABLE_CLUSTER
+		,cluster((Cluster *)0)
+#endif
+		,dpEnabled(0)
+	{
+	}
+
+	// Node instance that owns this RuntimeEnvironment
+	Node *const node;
+
+	// This node's identity
+	Identity identity;
+	std::string publicIdentityStr;
+	std::string secretIdentityStr;
+
+	// This is set externally to an instance of this base class
+	NetworkController *localNetworkController;
+
+	/*
+	 * Order matters a bit here. These are constructed in this order
+	 * and then deleted in the opposite order on Node exit. The order ensures
+	 * that things that are needed are there before they're needed.
+	 *
+	 * These are constant and never null after startup unless indicated.
+	 */
+
+	Switch *sw;
+	Multicaster *mc;
+	Topology *topology;
+	SelfAwareness *sa;
+	DeferredPackets *dp;
+
+#ifdef ZT_ENABLE_CLUSTER
+	Cluster *cluster;
+#endif
+
+	// This is set to >0 if background threads are waiting on deferred
+	// packets, otherwise 'dp' should not be used.
+	volatile int dpEnabled;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/SHA512.cpp b/node/SHA512.cpp
new file mode 100644
index 0000000..76737d3
--- /dev/null
+++ b/node/SHA512.cpp
@@ -0,0 +1,352 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "SHA512.hpp"
+#include "Utils.hpp"
+
+namespace ZeroTier {
+
+//////////////////////////////////////////////////////////////////////////////
+//////////////////////////////////////////////////////////////////////////////
+
+// Code taken from NaCl by D. J. Bernstein and others
+// Public domain
+
+/*
+20080913
+D. J. Bernstein
+Public domain.
+*/
+
+#define uint64 uint64_t
+
+#ifdef ZT_NO_TYPE_PUNNING
+
+static uint64 load_bigendian(const unsigned char *x)
+{
+  return
+      (uint64) (x[7]) \
+  | (((uint64) (x[6])) << 8) \
+  | (((uint64) (x[5])) << 16) \
+  | (((uint64) (x[4])) << 24) \
+  | (((uint64) (x[3])) << 32) \
+  | (((uint64) (x[2])) << 40) \
+  | (((uint64) (x[1])) << 48) \
+  | (((uint64) (x[0])) << 56)
+  ;
+}
+
+static void store_bigendian(unsigned char *x,uint64 u)
+{
+  x[7] = u; u >>= 8;
+  x[6] = u; u >>= 8;
+  x[5] = u; u >>= 8;
+  x[4] = u; u >>= 8;
+  x[3] = u; u >>= 8;
+  x[2] = u; u >>= 8;
+  x[1] = u; u >>= 8;
+  x[0] = u;
+}
+
+#else // !ZT_NO_TYPE_PUNNING
+
+#define load_bigendian(x) Utils::ntoh(*((const uint64_t *)(x)))
+#define store_bigendian(x,u) (*((uint64_t *)(x)) = Utils::hton((u)))
+
+#endif // ZT_NO_TYPE_PUNNING
+
+#define SHR(x,c) ((x) >> (c))
+#define ROTR(x,c) (((x) >> (c)) | ((x) << (64 - (c))))
+
+#define Ch(x,y,z) ((x & y) ^ (~x & z))
+#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))
+#define Sigma0(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
+#define Sigma1(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
+#define sigma0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x,7))
+#define sigma1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x,6))
+
+#define M(w0,w14,w9,w1) w0 = sigma1(w14) + w9 + sigma0(w1) + w0;
+
+#define EXPAND \
+  M(w0 ,w14,w9 ,w1 ) \
+  M(w1 ,w15,w10,w2 ) \
+  M(w2 ,w0 ,w11,w3 ) \
+  M(w3 ,w1 ,w12,w4 ) \
+  M(w4 ,w2 ,w13,w5 ) \
+  M(w5 ,w3 ,w14,w6 ) \
+  M(w6 ,w4 ,w15,w7 ) \
+  M(w7 ,w5 ,w0 ,w8 ) \
+  M(w8 ,w6 ,w1 ,w9 ) \
+  M(w9 ,w7 ,w2 ,w10) \
+  M(w10,w8 ,w3 ,w11) \
+  M(w11,w9 ,w4 ,w12) \
+  M(w12,w10,w5 ,w13) \
+  M(w13,w11,w6 ,w14) \
+  M(w14,w12,w7 ,w15) \
+  M(w15,w13,w8 ,w0 )
+
+#define F(w,k) \
+  T1 = h + Sigma1(e) + Ch(e,f,g) + k + w; \
+  T2 = Sigma0(a) + Maj(a,b,c); \
+  h = g; \
+  g = f; \
+  f = e; \
+  e = d + T1; \
+  d = c; \
+  c = b; \
+  b = a; \
+  a = T1 + T2;
+
+static inline int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen)
+{
+  uint64 state[8];
+  uint64 a;
+  uint64 b;
+  uint64 c;
+  uint64 d;
+  uint64 e;
+  uint64 f;
+  uint64 g;
+  uint64 h;
+  uint64 T1;
+  uint64 T2;
+
+  a = load_bigendian(statebytes +  0); state[0] = a;
+  b = load_bigendian(statebytes +  8); state[1] = b;
+  c = load_bigendian(statebytes + 16); state[2] = c;
+  d = load_bigendian(statebytes + 24); state[3] = d;
+  e = load_bigendian(statebytes + 32); state[4] = e;
+  f = load_bigendian(statebytes + 40); state[5] = f;
+  g = load_bigendian(statebytes + 48); state[6] = g;
+  h = load_bigendian(statebytes + 56); state[7] = h;
+
+  while (inlen >= 128) {
+    uint64 w0  = load_bigendian(in +   0);
+    uint64 w1  = load_bigendian(in +   8);
+    uint64 w2  = load_bigendian(in +  16);
+    uint64 w3  = load_bigendian(in +  24);
+    uint64 w4  = load_bigendian(in +  32);
+    uint64 w5  = load_bigendian(in +  40);
+    uint64 w6  = load_bigendian(in +  48);
+    uint64 w7  = load_bigendian(in +  56);
+    uint64 w8  = load_bigendian(in +  64);
+    uint64 w9  = load_bigendian(in +  72);
+    uint64 w10 = load_bigendian(in +  80);
+    uint64 w11 = load_bigendian(in +  88);
+    uint64 w12 = load_bigendian(in +  96);
+    uint64 w13 = load_bigendian(in + 104);
+    uint64 w14 = load_bigendian(in + 112);
+    uint64 w15 = load_bigendian(in + 120);
+
+    F(w0 ,0x428a2f98d728ae22ULL)
+    F(w1 ,0x7137449123ef65cdULL)
+    F(w2 ,0xb5c0fbcfec4d3b2fULL)
+    F(w3 ,0xe9b5dba58189dbbcULL)
+    F(w4 ,0x3956c25bf348b538ULL)
+    F(w5 ,0x59f111f1b605d019ULL)
+    F(w6 ,0x923f82a4af194f9bULL)
+    F(w7 ,0xab1c5ed5da6d8118ULL)
+    F(w8 ,0xd807aa98a3030242ULL)
+    F(w9 ,0x12835b0145706fbeULL)
+    F(w10,0x243185be4ee4b28cULL)
+    F(w11,0x550c7dc3d5ffb4e2ULL)
+    F(w12,0x72be5d74f27b896fULL)
+    F(w13,0x80deb1fe3b1696b1ULL)
+    F(w14,0x9bdc06a725c71235ULL)
+    F(w15,0xc19bf174cf692694ULL)
+
+    EXPAND
+
+    F(w0 ,0xe49b69c19ef14ad2ULL)
+    F(w1 ,0xefbe4786384f25e3ULL)
+    F(w2 ,0x0fc19dc68b8cd5b5ULL)
+    F(w3 ,0x240ca1cc77ac9c65ULL)
+    F(w4 ,0x2de92c6f592b0275ULL)
+    F(w5 ,0x4a7484aa6ea6e483ULL)
+    F(w6 ,0x5cb0a9dcbd41fbd4ULL)
+    F(w7 ,0x76f988da831153b5ULL)
+    F(w8 ,0x983e5152ee66dfabULL)
+    F(w9 ,0xa831c66d2db43210ULL)
+    F(w10,0xb00327c898fb213fULL)
+    F(w11,0xbf597fc7beef0ee4ULL)
+    F(w12,0xc6e00bf33da88fc2ULL)
+    F(w13,0xd5a79147930aa725ULL)
+    F(w14,0x06ca6351e003826fULL)
+    F(w15,0x142929670a0e6e70ULL)
+
+    EXPAND
+
+    F(w0 ,0x27b70a8546d22ffcULL)
+    F(w1 ,0x2e1b21385c26c926ULL)
+    F(w2 ,0x4d2c6dfc5ac42aedULL)
+    F(w3 ,0x53380d139d95b3dfULL)
+    F(w4 ,0x650a73548baf63deULL)
+    F(w5 ,0x766a0abb3c77b2a8ULL)
+    F(w6 ,0x81c2c92e47edaee6ULL)
+    F(w7 ,0x92722c851482353bULL)
+    F(w8 ,0xa2bfe8a14cf10364ULL)
+    F(w9 ,0xa81a664bbc423001ULL)
+    F(w10,0xc24b8b70d0f89791ULL)
+    F(w11,0xc76c51a30654be30ULL)
+    F(w12,0xd192e819d6ef5218ULL)
+    F(w13,0xd69906245565a910ULL)
+    F(w14,0xf40e35855771202aULL)
+    F(w15,0x106aa07032bbd1b8ULL)
+
+    EXPAND
+
+    F(w0 ,0x19a4c116b8d2d0c8ULL)
+    F(w1 ,0x1e376c085141ab53ULL)
+    F(w2 ,0x2748774cdf8eeb99ULL)
+    F(w3 ,0x34b0bcb5e19b48a8ULL)
+    F(w4 ,0x391c0cb3c5c95a63ULL)
+    F(w5 ,0x4ed8aa4ae3418acbULL)
+    F(w6 ,0x5b9cca4f7763e373ULL)
+    F(w7 ,0x682e6ff3d6b2b8a3ULL)
+    F(w8 ,0x748f82ee5defb2fcULL)
+    F(w9 ,0x78a5636f43172f60ULL)
+    F(w10,0x84c87814a1f0ab72ULL)
+    F(w11,0x8cc702081a6439ecULL)
+    F(w12,0x90befffa23631e28ULL)
+    F(w13,0xa4506cebde82bde9ULL)
+    F(w14,0xbef9a3f7b2c67915ULL)
+    F(w15,0xc67178f2e372532bULL)
+
+    EXPAND
+
+    F(w0 ,0xca273eceea26619cULL)
+    F(w1 ,0xd186b8c721c0c207ULL)
+    F(w2 ,0xeada7dd6cde0eb1eULL)
+    F(w3 ,0xf57d4f7fee6ed178ULL)
+    F(w4 ,0x06f067aa72176fbaULL)
+    F(w5 ,0x0a637dc5a2c898a6ULL)
+    F(w6 ,0x113f9804bef90daeULL)
+    F(w7 ,0x1b710b35131c471bULL)
+    F(w8 ,0x28db77f523047d84ULL)
+    F(w9 ,0x32caab7b40c72493ULL)
+    F(w10,0x3c9ebe0a15c9bebcULL)
+    F(w11,0x431d67c49c100d4cULL)
+    F(w12,0x4cc5d4becb3e42b6ULL)
+    F(w13,0x597f299cfc657e2aULL)
+    F(w14,0x5fcb6fab3ad6faecULL)
+    F(w15,0x6c44198c4a475817ULL)
+
+    a += state[0];
+    b += state[1];
+    c += state[2];
+    d += state[3];
+    e += state[4];
+    f += state[5];
+    g += state[6];
+    h += state[7];
+
+    state[0] = a;
+    state[1] = b;
+    state[2] = c;
+    state[3] = d;
+    state[4] = e;
+    state[5] = f;
+    state[6] = g;
+    state[7] = h;
+
+    in += 128;
+    inlen -= 128;
+  }
+
+  store_bigendian(statebytes +  0,state[0]);
+  store_bigendian(statebytes +  8,state[1]);
+  store_bigendian(statebytes + 16,state[2]);
+  store_bigendian(statebytes + 24,state[3]);
+  store_bigendian(statebytes + 32,state[4]);
+  store_bigendian(statebytes + 40,state[5]);
+  store_bigendian(statebytes + 48,state[6]);
+  store_bigendian(statebytes + 56,state[7]);
+
+  return 0;
+}
+
+#define blocks crypto_hashblocks
+
+static const unsigned char iv[64] = {
+  0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08,
+  0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b,
+  0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b,
+  0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1,
+  0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1,
+  0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f,
+  0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b,
+  0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79
+};
+
+//////////////////////////////////////////////////////////////////////////////
+//////////////////////////////////////////////////////////////////////////////
+
+void SHA512::hash(void *digest,const void *data,unsigned int len)
+{
+  unsigned char h[64];
+  unsigned char padded[256];
+  int i;
+  uint64_t bytes = len;
+
+  const unsigned char *in = (const unsigned char *)data;
+  unsigned int inlen = len;
+
+  for (i = 0;i < 64;++i) h[i] = iv[i];
+
+  blocks(h,in,inlen);
+  in += inlen;
+  inlen &= 127;
+  in -= inlen;
+
+  for (i = 0;i < (int)inlen;++i) padded[i] = in[i];
+  padded[inlen] = 0x80;
+
+  if (inlen < 112) {
+    for (i = inlen + 1;i < 119;++i) padded[i] = 0;
+    padded[119] = (unsigned char)((bytes >> 61) & 0xff);
+    padded[120] = (unsigned char)((bytes >> 53) & 0xff);
+    padded[121] = (unsigned char)((bytes >> 45) & 0xff);
+    padded[122] = (unsigned char)((bytes >> 37) & 0xff);
+    padded[123] = (unsigned char)((bytes >> 29) & 0xff);
+    padded[124] = (unsigned char)((bytes >> 21) & 0xff);
+    padded[125] = (unsigned char)((bytes >> 13) & 0xff);
+    padded[126] = (unsigned char)((bytes >> 5) & 0xff);
+    padded[127] = (unsigned char)((bytes << 3) & 0xff);
+    blocks(h,padded,128);
+  } else {
+    for (i = inlen + 1;i < 247;++i) padded[i] = 0;
+    padded[247] = (unsigned char)((bytes >> 61) & 0xff);
+    padded[248] = (unsigned char)((bytes >> 53) & 0xff);
+    padded[249] = (unsigned char)((bytes >> 45) & 0xff);
+    padded[250] = (unsigned char)((bytes >> 37) & 0xff);
+    padded[251] = (unsigned char)((bytes >> 29) & 0xff);
+    padded[252] = (unsigned char)((bytes >> 21) & 0xff);
+    padded[253] = (unsigned char)((bytes >> 13) & 0xff);
+    padded[254] = (unsigned char)((bytes >> 5) & 0xff);
+    padded[255] = (unsigned char)((bytes << 3) & 0xff);
+    blocks(h,padded,256);
+  }
+
+  for (i = 0;i < 64;++i) ((unsigned char *)digest)[i] = h[i];
+}
+
+} // namespace ZeroTier
diff --git a/node/SHA512.hpp b/node/SHA512.hpp
new file mode 100644
index 0000000..639a7df
--- /dev/null
+++ b/node/SHA512.hpp
@@ -0,0 +1,37 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_SHA512_HPP
+#define ZT_SHA512_HPP
+
+#define ZT_SHA512_DIGEST_LEN 64
+
+namespace ZeroTier {
+
+/**
+ * SHA-512 digest algorithm
+ */
+class SHA512
+{
+public:
+	static void hash(void *digest,const void *data,unsigned int len);
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/Salsa20.cpp b/node/Salsa20.cpp
new file mode 100644
index 0000000..3aa19ac
--- /dev/null
+++ b/node/Salsa20.cpp
@@ -0,0 +1,1358 @@
+/*
+ * Based on public domain code available at: http://cr.yp.to/snuffle.html
+ *
+ * Modifications and C-native SSE macro based SSE implementation by
+ * Adam Ierymenko <adam.ierymenko@zerotier.com>.
+ *
+ * Since the original was public domain, this is too.
+ */
+
+#include "Constants.hpp"
+#include "Salsa20.hpp"
+
+#define ROTATE(v,c) (((v) << (c)) | ((v) >> (32 - (c))))
+#define XOR(v,w) ((v) ^ (w))
+#define PLUS(v,w) ((uint32_t)((v) + (w)))
+
+// Set up laod/store macros with appropriate endianness (we don't use these in SSE mode)
+#ifndef ZT_SALSA20_SSE
+
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+
+#ifdef ZT_NO_TYPE_PUNNING
+// Slower version that does not use type punning
+#define U8TO32_LITTLE(p) ( ((uint32_t)(p)[0]) | ((uint32_t)(p)[1] << 8) | ((uint32_t)(p)[2] << 16) | ((uint32_t)(p)[3] << 24) )
+static inline void U32TO8_LITTLE(uint8_t *const c,const uint32_t v) { c[0] = (uint8_t)v; c[1] = (uint8_t)(v >> 8); c[2] = (uint8_t)(v >> 16); c[3] = (uint8_t)(v >> 24); }
+#else
+// Fast version that just does 32-bit load/store
+#define U8TO32_LITTLE(p) (*((const uint32_t *)((const void *)(p))))
+#define U32TO8_LITTLE(c,v) *((uint32_t *)((void *)(c))) = (v)
+#endif // ZT_NO_TYPE_PUNNING
+
+#else // __BYTE_ORDER == __BIG_ENDIAN (we don't support anything else... does MIDDLE_ENDIAN even still exist?)
+
+#ifdef __GNUC__
+
+// Use GNUC builtin bswap macros on big-endian machines if available
+#define U8TO32_LITTLE(p) __builtin_bswap32(*((const uint32_t *)((const void *)(p))))
+#define U32TO8_LITTLE(c,v) *((uint32_t *)((void *)(c))) = __builtin_bswap32((v))
+
+#else // no __GNUC__
+
+// Otherwise do it the slow, manual way on BE machines
+#define U8TO32_LITTLE(p) ( ((uint32_t)(p)[0]) | ((uint32_t)(p)[1] << 8) | ((uint32_t)(p)[2] << 16) | ((uint32_t)(p)[3] << 24) )
+static inline void U32TO8_LITTLE(uint8_t *const c,const uint32_t v) { c[0] = (uint8_t)v; c[1] = (uint8_t)(v >> 8); c[2] = (uint8_t)(v >> 16); c[3] = (uint8_t)(v >> 24); }
+
+#endif // __GNUC__ or not
+
+#endif // __BYTE_ORDER little or big?
+
+#endif // !ZT_SALSA20_SSE
+
+// Statically compute and define SSE constants
+#ifdef ZT_SALSA20_SSE
+class _s20sseconsts
+{
+public:
+	_s20sseconsts()
+	{
+		maskLo32 = _mm_shuffle_epi32(_mm_cvtsi32_si128(-1), _MM_SHUFFLE(1, 0, 1, 0));
+		maskHi32 = _mm_slli_epi64(maskLo32, 32);
+	}
+	__m128i maskLo32,maskHi32;
+};
+static const _s20sseconsts _S20SSECONSTANTS;
+#endif
+
+namespace ZeroTier {
+
+void Salsa20::init(const void *key,unsigned int kbits,const void *iv)
+	throw()
+{
+#ifdef ZT_SALSA20_SSE
+	const uint32_t *k = (const uint32_t *)key;
+
+	_state.i[0] = 0x61707865;
+	_state.i[3] = 0x6b206574;
+	_state.i[13] = k[0];
+	_state.i[10] = k[1];
+	_state.i[7] = k[2];
+	_state.i[4] = k[3];
+	if (kbits == 256) {
+		k += 4;
+		_state.i[1] = 0x3320646e;
+		_state.i[2] = 0x79622d32;
+	} else {
+		_state.i[1] = 0x3120646e;
+		_state.i[2] = 0x79622d36;
+	}
+	_state.i[15] = k[0];
+	_state.i[12] = k[1];
+	_state.i[9] = k[2];
+	_state.i[6] = k[3];
+	_state.i[14] = ((const uint32_t *)iv)[0];
+	_state.i[11] = ((const uint32_t *)iv)[1];
+	_state.i[5] = 0;
+	_state.i[8] = 0;
+#else
+	const char *constants;
+	const uint8_t *k = (const uint8_t *)key;
+
+	_state.i[1] = U8TO32_LITTLE(k + 0);
+	_state.i[2] = U8TO32_LITTLE(k + 4);
+	_state.i[3] = U8TO32_LITTLE(k + 8);
+	_state.i[4] = U8TO32_LITTLE(k + 12);
+	if (kbits == 256) { /* recommended */
+		k += 16;
+		constants = "expand 32-byte k";
+	} else { /* kbits == 128 */
+		constants = "expand 16-byte k";
+	}
+	_state.i[5] = U8TO32_LITTLE(constants + 4);
+	_state.i[6] = U8TO32_LITTLE(((const uint8_t *)iv) + 0);
+	_state.i[7] = U8TO32_LITTLE(((const uint8_t *)iv) + 4);
+	_state.i[8] = 0;
+	_state.i[9] = 0;
+	_state.i[10] = U8TO32_LITTLE(constants + 8);
+	_state.i[11] = U8TO32_LITTLE(k + 0);
+	_state.i[12] = U8TO32_LITTLE(k + 4);
+	_state.i[13] = U8TO32_LITTLE(k + 8);
+	_state.i[14] = U8TO32_LITTLE(k + 12);
+	_state.i[15] = U8TO32_LITTLE(constants + 12);
+	_state.i[0] = U8TO32_LITTLE(constants + 0);
+#endif
+}
+
+void Salsa20::encrypt12(const void *in,void *out,unsigned int bytes)
+	throw()
+{
+	uint8_t tmp[64];
+	const uint8_t *m = (const uint8_t *)in;
+	uint8_t *c = (uint8_t *)out;
+	uint8_t *ctarget = c;
+	unsigned int i;
+
+#ifndef ZT_SALSA20_SSE
+	uint32_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
+	uint32_t j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
+#endif
+
+	if (!bytes)
+		return;
+
+#ifndef ZT_SALSA20_SSE
+	j0 = _state.i[0];
+	j1 = _state.i[1];
+	j2 = _state.i[2];
+	j3 = _state.i[3];
+	j4 = _state.i[4];
+	j5 = _state.i[5];
+	j6 = _state.i[6];
+	j7 = _state.i[7];
+	j8 = _state.i[8];
+	j9 = _state.i[9];
+	j10 = _state.i[10];
+	j11 = _state.i[11];
+	j12 = _state.i[12];
+	j13 = _state.i[13];
+	j14 = _state.i[14];
+	j15 = _state.i[15];
+#endif
+
+	for (;;) {
+		if (bytes < 64) {
+			for (i = 0;i < bytes;++i)
+				tmp[i] = m[i];
+			m = tmp;
+			ctarget = c;
+			c = tmp;
+		}
+
+#ifdef ZT_SALSA20_SSE
+		__m128i X0 = _mm_loadu_si128((const __m128i *)&(_state.v[0]));
+		__m128i X1 = _mm_loadu_si128((const __m128i *)&(_state.v[1]));
+		__m128i X2 = _mm_loadu_si128((const __m128i *)&(_state.v[2]));
+		__m128i X3 = _mm_loadu_si128((const __m128i *)&(_state.v[3]));
+		__m128i T;
+		__m128i X0s = X0;
+		__m128i X1s = X1;
+		__m128i X2s = X2;
+		__m128i X3s = X3;
+
+		// 2X round -------------------------------------------------------------
+		T = _mm_add_epi32(X0, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X1, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X3, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x93);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x39);
+		T = _mm_add_epi32(X0, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X3, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X1, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x39);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x93);
+
+		// 2X round -------------------------------------------------------------
+		T = _mm_add_epi32(X0, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X1, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X3, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x93);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x39);
+		T = _mm_add_epi32(X0, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X3, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X1, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x39);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x93);
+
+		// 2X round -------------------------------------------------------------
+		T = _mm_add_epi32(X0, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X1, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X3, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x93);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x39);
+		T = _mm_add_epi32(X0, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X3, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X1, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x39);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x93);
+
+		// 2X round -------------------------------------------------------------
+		T = _mm_add_epi32(X0, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X1, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X3, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x93);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x39);
+		T = _mm_add_epi32(X0, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X3, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X1, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x39);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x93);
+
+		// 2X round -------------------------------------------------------------
+		T = _mm_add_epi32(X0, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X1, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X3, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x93);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x39);
+		T = _mm_add_epi32(X0, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X3, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X1, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x39);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x93);
+
+		// 2X round -------------------------------------------------------------
+		T = _mm_add_epi32(X0, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X1, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X3, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x93);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x39);
+		T = _mm_add_epi32(X0, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X3, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X1, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x39);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x93);
+
+		X0 = _mm_add_epi32(X0s,X0);
+		X1 = _mm_add_epi32(X1s,X1);
+		X2 = _mm_add_epi32(X2s,X2);
+		X3 = _mm_add_epi32(X3s,X3);
+
+		__m128i k02 = _mm_shuffle_epi32(_mm_or_si128(_mm_slli_epi64(X0, 32), _mm_srli_epi64(X3, 32)), _MM_SHUFFLE(0, 1, 2, 3));
+		__m128i k13 = _mm_shuffle_epi32(_mm_or_si128(_mm_slli_epi64(X1, 32), _mm_srli_epi64(X0, 32)), _MM_SHUFFLE(0, 1, 2, 3));
+		__m128i k20 = _mm_or_si128(_mm_and_si128(X2, _S20SSECONSTANTS.maskLo32), _mm_and_si128(X1, _S20SSECONSTANTS.maskHi32));
+		__m128i k31 = _mm_or_si128(_mm_and_si128(X3, _S20SSECONSTANTS.maskLo32), _mm_and_si128(X2, _S20SSECONSTANTS.maskHi32));
+		_mm_storeu_ps(reinterpret_cast<float *>(c),_mm_castsi128_ps(_mm_xor_si128(_mm_unpackhi_epi64(k02,k20),_mm_castps_si128(_mm_loadu_ps(reinterpret_cast<const float *>(m))))));
+		_mm_storeu_ps(reinterpret_cast<float *>(c) + 4,_mm_castsi128_ps(_mm_xor_si128(_mm_unpackhi_epi64(k13,k31),_mm_castps_si128(_mm_loadu_ps(reinterpret_cast<const float *>(m) + 4)))));
+		_mm_storeu_ps(reinterpret_cast<float *>(c) + 8,_mm_castsi128_ps(_mm_xor_si128(_mm_unpacklo_epi64(k20,k02),_mm_castps_si128(_mm_loadu_ps(reinterpret_cast<const float *>(m) + 8)))));
+		_mm_storeu_ps(reinterpret_cast<float *>(c) + 12,_mm_castsi128_ps(_mm_xor_si128(_mm_unpacklo_epi64(k31,k13),_mm_castps_si128(_mm_loadu_ps(reinterpret_cast<const float *>(m) + 12)))));
+
+		if (!(++_state.i[8])) {
+			++_state.i[5]; // state reordered for SSE
+			/* stopping at 2^70 bytes per nonce is user's responsibility */
+		}
+#else
+		x0 = j0;
+		x1 = j1;
+		x2 = j2;
+		x3 = j3;
+		x4 = j4;
+		x5 = j5;
+		x6 = j6;
+		x7 = j7;
+		x8 = j8;
+		x9 = j9;
+		x10 = j10;
+		x11 = j11;
+		x12 = j12;
+		x13 = j13;
+		x14 = j14;
+		x15 = j15;
+
+		// 2X round -------------------------------------------------------------
+		 x4 = XOR( x4,ROTATE(PLUS( x0,x12), 7));
+		 x8 = XOR( x8,ROTATE(PLUS( x4, x0), 9));
+		x12 = XOR(x12,ROTATE(PLUS( x8, x4),13));
+		 x0 = XOR( x0,ROTATE(PLUS(x12, x8),18));
+		 x9 = XOR( x9,ROTATE(PLUS( x5, x1), 7));
+		x13 = XOR(x13,ROTATE(PLUS( x9, x5), 9));
+		 x1 = XOR( x1,ROTATE(PLUS(x13, x9),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x1,x13),18));
+		x14 = XOR(x14,ROTATE(PLUS(x10, x6), 7));
+		 x2 = XOR( x2,ROTATE(PLUS(x14,x10), 9));
+		 x6 = XOR( x6,ROTATE(PLUS( x2,x14),13));
+		x10 = XOR(x10,ROTATE(PLUS( x6, x2),18));
+		 x3 = XOR( x3,ROTATE(PLUS(x15,x11), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x3,x15), 9));
+		x11 = XOR(x11,ROTATE(PLUS( x7, x3),13));
+		x15 = XOR(x15,ROTATE(PLUS(x11, x7),18));
+		 x1 = XOR( x1,ROTATE(PLUS( x0, x3), 7));
+		 x2 = XOR( x2,ROTATE(PLUS( x1, x0), 9));
+		 x3 = XOR( x3,ROTATE(PLUS( x2, x1),13));
+		 x0 = XOR( x0,ROTATE(PLUS( x3, x2),18));
+		 x6 = XOR( x6,ROTATE(PLUS( x5, x4), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x6, x5), 9));
+		 x4 = XOR( x4,ROTATE(PLUS( x7, x6),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x4, x7),18));
+		x11 = XOR(x11,ROTATE(PLUS(x10, x9), 7));
+		 x8 = XOR( x8,ROTATE(PLUS(x11,x10), 9));
+		 x9 = XOR( x9,ROTATE(PLUS( x8,x11),13));
+		x10 = XOR(x10,ROTATE(PLUS( x9, x8),18));
+		x12 = XOR(x12,ROTATE(PLUS(x15,x14), 7));
+		x13 = XOR(x13,ROTATE(PLUS(x12,x15), 9));
+		x14 = XOR(x14,ROTATE(PLUS(x13,x12),13));
+		x15 = XOR(x15,ROTATE(PLUS(x14,x13),18));
+
+		// 2X round -------------------------------------------------------------
+		 x4 = XOR( x4,ROTATE(PLUS( x0,x12), 7));
+		 x8 = XOR( x8,ROTATE(PLUS( x4, x0), 9));
+		x12 = XOR(x12,ROTATE(PLUS( x8, x4),13));
+		 x0 = XOR( x0,ROTATE(PLUS(x12, x8),18));
+		 x9 = XOR( x9,ROTATE(PLUS( x5, x1), 7));
+		x13 = XOR(x13,ROTATE(PLUS( x9, x5), 9));
+		 x1 = XOR( x1,ROTATE(PLUS(x13, x9),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x1,x13),18));
+		x14 = XOR(x14,ROTATE(PLUS(x10, x6), 7));
+		 x2 = XOR( x2,ROTATE(PLUS(x14,x10), 9));
+		 x6 = XOR( x6,ROTATE(PLUS( x2,x14),13));
+		x10 = XOR(x10,ROTATE(PLUS( x6, x2),18));
+		 x3 = XOR( x3,ROTATE(PLUS(x15,x11), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x3,x15), 9));
+		x11 = XOR(x11,ROTATE(PLUS( x7, x3),13));
+		x15 = XOR(x15,ROTATE(PLUS(x11, x7),18));
+		 x1 = XOR( x1,ROTATE(PLUS( x0, x3), 7));
+		 x2 = XOR( x2,ROTATE(PLUS( x1, x0), 9));
+		 x3 = XOR( x3,ROTATE(PLUS( x2, x1),13));
+		 x0 = XOR( x0,ROTATE(PLUS( x3, x2),18));
+		 x6 = XOR( x6,ROTATE(PLUS( x5, x4), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x6, x5), 9));
+		 x4 = XOR( x4,ROTATE(PLUS( x7, x6),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x4, x7),18));
+		x11 = XOR(x11,ROTATE(PLUS(x10, x9), 7));
+		 x8 = XOR( x8,ROTATE(PLUS(x11,x10), 9));
+		 x9 = XOR( x9,ROTATE(PLUS( x8,x11),13));
+		x10 = XOR(x10,ROTATE(PLUS( x9, x8),18));
+		x12 = XOR(x12,ROTATE(PLUS(x15,x14), 7));
+		x13 = XOR(x13,ROTATE(PLUS(x12,x15), 9));
+		x14 = XOR(x14,ROTATE(PLUS(x13,x12),13));
+		x15 = XOR(x15,ROTATE(PLUS(x14,x13),18));
+
+		// 2X round -------------------------------------------------------------
+		 x4 = XOR( x4,ROTATE(PLUS( x0,x12), 7));
+		 x8 = XOR( x8,ROTATE(PLUS( x4, x0), 9));
+		x12 = XOR(x12,ROTATE(PLUS( x8, x4),13));
+		 x0 = XOR( x0,ROTATE(PLUS(x12, x8),18));
+		 x9 = XOR( x9,ROTATE(PLUS( x5, x1), 7));
+		x13 = XOR(x13,ROTATE(PLUS( x9, x5), 9));
+		 x1 = XOR( x1,ROTATE(PLUS(x13, x9),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x1,x13),18));
+		x14 = XOR(x14,ROTATE(PLUS(x10, x6), 7));
+		 x2 = XOR( x2,ROTATE(PLUS(x14,x10), 9));
+		 x6 = XOR( x6,ROTATE(PLUS( x2,x14),13));
+		x10 = XOR(x10,ROTATE(PLUS( x6, x2),18));
+		 x3 = XOR( x3,ROTATE(PLUS(x15,x11), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x3,x15), 9));
+		x11 = XOR(x11,ROTATE(PLUS( x7, x3),13));
+		x15 = XOR(x15,ROTATE(PLUS(x11, x7),18));
+		 x1 = XOR( x1,ROTATE(PLUS( x0, x3), 7));
+		 x2 = XOR( x2,ROTATE(PLUS( x1, x0), 9));
+		 x3 = XOR( x3,ROTATE(PLUS( x2, x1),13));
+		 x0 = XOR( x0,ROTATE(PLUS( x3, x2),18));
+		 x6 = XOR( x6,ROTATE(PLUS( x5, x4), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x6, x5), 9));
+		 x4 = XOR( x4,ROTATE(PLUS( x7, x6),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x4, x7),18));
+		x11 = XOR(x11,ROTATE(PLUS(x10, x9), 7));
+		 x8 = XOR( x8,ROTATE(PLUS(x11,x10), 9));
+		 x9 = XOR( x9,ROTATE(PLUS( x8,x11),13));
+		x10 = XOR(x10,ROTATE(PLUS( x9, x8),18));
+		x12 = XOR(x12,ROTATE(PLUS(x15,x14), 7));
+		x13 = XOR(x13,ROTATE(PLUS(x12,x15), 9));
+		x14 = XOR(x14,ROTATE(PLUS(x13,x12),13));
+		x15 = XOR(x15,ROTATE(PLUS(x14,x13),18));
+
+		// 2X round -------------------------------------------------------------
+		 x4 = XOR( x4,ROTATE(PLUS( x0,x12), 7));
+		 x8 = XOR( x8,ROTATE(PLUS( x4, x0), 9));
+		x12 = XOR(x12,ROTATE(PLUS( x8, x4),13));
+		 x0 = XOR( x0,ROTATE(PLUS(x12, x8),18));
+		 x9 = XOR( x9,ROTATE(PLUS( x5, x1), 7));
+		x13 = XOR(x13,ROTATE(PLUS( x9, x5), 9));
+		 x1 = XOR( x1,ROTATE(PLUS(x13, x9),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x1,x13),18));
+		x14 = XOR(x14,ROTATE(PLUS(x10, x6), 7));
+		 x2 = XOR( x2,ROTATE(PLUS(x14,x10), 9));
+		 x6 = XOR( x6,ROTATE(PLUS( x2,x14),13));
+		x10 = XOR(x10,ROTATE(PLUS( x6, x2),18));
+		 x3 = XOR( x3,ROTATE(PLUS(x15,x11), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x3,x15), 9));
+		x11 = XOR(x11,ROTATE(PLUS( x7, x3),13));
+		x15 = XOR(x15,ROTATE(PLUS(x11, x7),18));
+		 x1 = XOR( x1,ROTATE(PLUS( x0, x3), 7));
+		 x2 = XOR( x2,ROTATE(PLUS( x1, x0), 9));
+		 x3 = XOR( x3,ROTATE(PLUS( x2, x1),13));
+		 x0 = XOR( x0,ROTATE(PLUS( x3, x2),18));
+		 x6 = XOR( x6,ROTATE(PLUS( x5, x4), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x6, x5), 9));
+		 x4 = XOR( x4,ROTATE(PLUS( x7, x6),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x4, x7),18));
+		x11 = XOR(x11,ROTATE(PLUS(x10, x9), 7));
+		 x8 = XOR( x8,ROTATE(PLUS(x11,x10), 9));
+		 x9 = XOR( x9,ROTATE(PLUS( x8,x11),13));
+		x10 = XOR(x10,ROTATE(PLUS( x9, x8),18));
+		x12 = XOR(x12,ROTATE(PLUS(x15,x14), 7));
+		x13 = XOR(x13,ROTATE(PLUS(x12,x15), 9));
+		x14 = XOR(x14,ROTATE(PLUS(x13,x12),13));
+		x15 = XOR(x15,ROTATE(PLUS(x14,x13),18));
+
+		// 2X round -------------------------------------------------------------
+		 x4 = XOR( x4,ROTATE(PLUS( x0,x12), 7));
+		 x8 = XOR( x8,ROTATE(PLUS( x4, x0), 9));
+		x12 = XOR(x12,ROTATE(PLUS( x8, x4),13));
+		 x0 = XOR( x0,ROTATE(PLUS(x12, x8),18));
+		 x9 = XOR( x9,ROTATE(PLUS( x5, x1), 7));
+		x13 = XOR(x13,ROTATE(PLUS( x9, x5), 9));
+		 x1 = XOR( x1,ROTATE(PLUS(x13, x9),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x1,x13),18));
+		x14 = XOR(x14,ROTATE(PLUS(x10, x6), 7));
+		 x2 = XOR( x2,ROTATE(PLUS(x14,x10), 9));
+		 x6 = XOR( x6,ROTATE(PLUS( x2,x14),13));
+		x10 = XOR(x10,ROTATE(PLUS( x6, x2),18));
+		 x3 = XOR( x3,ROTATE(PLUS(x15,x11), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x3,x15), 9));
+		x11 = XOR(x11,ROTATE(PLUS( x7, x3),13));
+		x15 = XOR(x15,ROTATE(PLUS(x11, x7),18));
+		 x1 = XOR( x1,ROTATE(PLUS( x0, x3), 7));
+		 x2 = XOR( x2,ROTATE(PLUS( x1, x0), 9));
+		 x3 = XOR( x3,ROTATE(PLUS( x2, x1),13));
+		 x0 = XOR( x0,ROTATE(PLUS( x3, x2),18));
+		 x6 = XOR( x6,ROTATE(PLUS( x5, x4), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x6, x5), 9));
+		 x4 = XOR( x4,ROTATE(PLUS( x7, x6),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x4, x7),18));
+		x11 = XOR(x11,ROTATE(PLUS(x10, x9), 7));
+		 x8 = XOR( x8,ROTATE(PLUS(x11,x10), 9));
+		 x9 = XOR( x9,ROTATE(PLUS( x8,x11),13));
+		x10 = XOR(x10,ROTATE(PLUS( x9, x8),18));
+		x12 = XOR(x12,ROTATE(PLUS(x15,x14), 7));
+		x13 = XOR(x13,ROTATE(PLUS(x12,x15), 9));
+		x14 = XOR(x14,ROTATE(PLUS(x13,x12),13));
+		x15 = XOR(x15,ROTATE(PLUS(x14,x13),18));
+
+		// 2X round -------------------------------------------------------------
+		 x4 = XOR( x4,ROTATE(PLUS( x0,x12), 7));
+		 x8 = XOR( x8,ROTATE(PLUS( x4, x0), 9));
+		x12 = XOR(x12,ROTATE(PLUS( x8, x4),13));
+		 x0 = XOR( x0,ROTATE(PLUS(x12, x8),18));
+		 x9 = XOR( x9,ROTATE(PLUS( x5, x1), 7));
+		x13 = XOR(x13,ROTATE(PLUS( x9, x5), 9));
+		 x1 = XOR( x1,ROTATE(PLUS(x13, x9),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x1,x13),18));
+		x14 = XOR(x14,ROTATE(PLUS(x10, x6), 7));
+		 x2 = XOR( x2,ROTATE(PLUS(x14,x10), 9));
+		 x6 = XOR( x6,ROTATE(PLUS( x2,x14),13));
+		x10 = XOR(x10,ROTATE(PLUS( x6, x2),18));
+		 x3 = XOR( x3,ROTATE(PLUS(x15,x11), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x3,x15), 9));
+		x11 = XOR(x11,ROTATE(PLUS( x7, x3),13));
+		x15 = XOR(x15,ROTATE(PLUS(x11, x7),18));
+		 x1 = XOR( x1,ROTATE(PLUS( x0, x3), 7));
+		 x2 = XOR( x2,ROTATE(PLUS( x1, x0), 9));
+		 x3 = XOR( x3,ROTATE(PLUS( x2, x1),13));
+		 x0 = XOR( x0,ROTATE(PLUS( x3, x2),18));
+		 x6 = XOR( x6,ROTATE(PLUS( x5, x4), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x6, x5), 9));
+		 x4 = XOR( x4,ROTATE(PLUS( x7, x6),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x4, x7),18));
+		x11 = XOR(x11,ROTATE(PLUS(x10, x9), 7));
+		 x8 = XOR( x8,ROTATE(PLUS(x11,x10), 9));
+		 x9 = XOR( x9,ROTATE(PLUS( x8,x11),13));
+		x10 = XOR(x10,ROTATE(PLUS( x9, x8),18));
+		x12 = XOR(x12,ROTATE(PLUS(x15,x14), 7));
+		x13 = XOR(x13,ROTATE(PLUS(x12,x15), 9));
+		x14 = XOR(x14,ROTATE(PLUS(x13,x12),13));
+		x15 = XOR(x15,ROTATE(PLUS(x14,x13),18));
+
+		x0 = PLUS(x0,j0);
+		x1 = PLUS(x1,j1);
+		x2 = PLUS(x2,j2);
+		x3 = PLUS(x3,j3);
+		x4 = PLUS(x4,j4);
+		x5 = PLUS(x5,j5);
+		x6 = PLUS(x6,j6);
+		x7 = PLUS(x7,j7);
+		x8 = PLUS(x8,j8);
+		x9 = PLUS(x9,j9);
+		x10 = PLUS(x10,j10);
+		x11 = PLUS(x11,j11);
+		x12 = PLUS(x12,j12);
+		x13 = PLUS(x13,j13);
+		x14 = PLUS(x14,j14);
+		x15 = PLUS(x15,j15);
+
+		U32TO8_LITTLE(c + 0,XOR(x0,U8TO32_LITTLE(m + 0)));
+		U32TO8_LITTLE(c + 4,XOR(x1,U8TO32_LITTLE(m + 4)));
+		U32TO8_LITTLE(c + 8,XOR(x2,U8TO32_LITTLE(m + 8)));
+		U32TO8_LITTLE(c + 12,XOR(x3,U8TO32_LITTLE(m + 12)));
+		U32TO8_LITTLE(c + 16,XOR(x4,U8TO32_LITTLE(m + 16)));
+		U32TO8_LITTLE(c + 20,XOR(x5,U8TO32_LITTLE(m + 20)));
+		U32TO8_LITTLE(c + 24,XOR(x6,U8TO32_LITTLE(m + 24)));
+		U32TO8_LITTLE(c + 28,XOR(x7,U8TO32_LITTLE(m + 28)));
+		U32TO8_LITTLE(c + 32,XOR(x8,U8TO32_LITTLE(m + 32)));
+		U32TO8_LITTLE(c + 36,XOR(x9,U8TO32_LITTLE(m + 36)));
+		U32TO8_LITTLE(c + 40,XOR(x10,U8TO32_LITTLE(m + 40)));
+		U32TO8_LITTLE(c + 44,XOR(x11,U8TO32_LITTLE(m + 44)));
+		U32TO8_LITTLE(c + 48,XOR(x12,U8TO32_LITTLE(m + 48)));
+		U32TO8_LITTLE(c + 52,XOR(x13,U8TO32_LITTLE(m + 52)));
+		U32TO8_LITTLE(c + 56,XOR(x14,U8TO32_LITTLE(m + 56)));
+		U32TO8_LITTLE(c + 60,XOR(x15,U8TO32_LITTLE(m + 60)));
+
+		if (!(++j8)) {
+			++j9;
+			/* stopping at 2^70 bytes per nonce is user's responsibility */
+		}
+#endif
+
+		if (bytes <= 64) {
+			if (bytes < 64) {
+				for (i = 0;i < bytes;++i)
+					ctarget[i] = c[i];
+			}
+
+#ifndef ZT_SALSA20_SSE
+			_state.i[8] = j8;
+			_state.i[9] = j9;
+#endif
+
+			return;
+		}
+
+		bytes -= 64;
+		c += 64;
+		m += 64;
+	}
+}
+
+void Salsa20::encrypt20(const void *in,void *out,unsigned int bytes)
+	throw()
+{
+	uint8_t tmp[64];
+	const uint8_t *m = (const uint8_t *)in;
+	uint8_t *c = (uint8_t *)out;
+	uint8_t *ctarget = c;
+	unsigned int i;
+
+#ifndef ZT_SALSA20_SSE
+	uint32_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
+	uint32_t j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
+#endif
+
+	if (!bytes)
+		return;
+
+#ifndef ZT_SALSA20_SSE
+	j0 = _state.i[0];
+	j1 = _state.i[1];
+	j2 = _state.i[2];
+	j3 = _state.i[3];
+	j4 = _state.i[4];
+	j5 = _state.i[5];
+	j6 = _state.i[6];
+	j7 = _state.i[7];
+	j8 = _state.i[8];
+	j9 = _state.i[9];
+	j10 = _state.i[10];
+	j11 = _state.i[11];
+	j12 = _state.i[12];
+	j13 = _state.i[13];
+	j14 = _state.i[14];
+	j15 = _state.i[15];
+#endif
+
+	for (;;) {
+		if (bytes < 64) {
+			for (i = 0;i < bytes;++i)
+				tmp[i] = m[i];
+			m = tmp;
+			ctarget = c;
+			c = tmp;
+		}
+
+#ifdef ZT_SALSA20_SSE
+		__m128i X0 = _mm_loadu_si128((const __m128i *)&(_state.v[0]));
+		__m128i X1 = _mm_loadu_si128((const __m128i *)&(_state.v[1]));
+		__m128i X2 = _mm_loadu_si128((const __m128i *)&(_state.v[2]));
+		__m128i X3 = _mm_loadu_si128((const __m128i *)&(_state.v[3]));
+		__m128i T;
+		__m128i X0s = X0;
+		__m128i X1s = X1;
+		__m128i X2s = X2;
+		__m128i X3s = X3;
+
+		// 2X round -------------------------------------------------------------
+		T = _mm_add_epi32(X0, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X1, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X3, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x93);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x39);
+		T = _mm_add_epi32(X0, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X3, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X1, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x39);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x93);
+
+		// 2X round -------------------------------------------------------------
+		T = _mm_add_epi32(X0, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X1, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X3, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x93);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x39);
+		T = _mm_add_epi32(X0, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X3, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X1, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x39);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x93);
+
+		// 2X round -------------------------------------------------------------
+		T = _mm_add_epi32(X0, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X1, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X3, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x93);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x39);
+		T = _mm_add_epi32(X0, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X3, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X1, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x39);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x93);
+
+		// 2X round -------------------------------------------------------------
+		T = _mm_add_epi32(X0, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X1, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X3, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x93);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x39);
+		T = _mm_add_epi32(X0, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X3, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X1, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x39);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x93);
+
+		// 2X round -------------------------------------------------------------
+		T = _mm_add_epi32(X0, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X1, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X3, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x93);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x39);
+		T = _mm_add_epi32(X0, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X3, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X1, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x39);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x93);
+
+		// 2X round -------------------------------------------------------------
+		T = _mm_add_epi32(X0, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X1, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X3, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x93);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x39);
+		T = _mm_add_epi32(X0, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X3, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X1, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x39);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x93);
+
+		// 2X round -------------------------------------------------------------
+		T = _mm_add_epi32(X0, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X1, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X3, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x93);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x39);
+		T = _mm_add_epi32(X0, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X3, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X1, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x39);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x93);
+
+		// 2X round -------------------------------------------------------------
+		T = _mm_add_epi32(X0, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X1, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X3, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x93);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x39);
+		T = _mm_add_epi32(X0, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X3, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X1, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x39);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x93);
+
+		// 2X round -------------------------------------------------------------
+		T = _mm_add_epi32(X0, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X1, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X3, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x93);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x39);
+		T = _mm_add_epi32(X0, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X3, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X1, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x39);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x93);
+
+		// 2X round -------------------------------------------------------------
+		T = _mm_add_epi32(X0, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X1, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X3, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x93);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x39);
+		T = _mm_add_epi32(X0, X1);
+		X3 = _mm_xor_si128(_mm_xor_si128(X3, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
+		T = _mm_add_epi32(X3, X0);
+		X2 = _mm_xor_si128(_mm_xor_si128(X2, _mm_slli_epi32(T, 9)), _mm_srli_epi32(T, 23));
+		T = _mm_add_epi32(X2, X3);
+		X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 13)), _mm_srli_epi32(T, 19));
+		T = _mm_add_epi32(X1, X2);
+		X0 = _mm_xor_si128(_mm_xor_si128(X0, _mm_slli_epi32(T, 18)), _mm_srli_epi32(T, 14));
+		X1 = _mm_shuffle_epi32(X1, 0x39);
+		X2 = _mm_shuffle_epi32(X2, 0x4E);
+		X3 = _mm_shuffle_epi32(X3, 0x93);
+
+		X0 = _mm_add_epi32(X0s,X0);
+		X1 = _mm_add_epi32(X1s,X1);
+		X2 = _mm_add_epi32(X2s,X2);
+		X3 = _mm_add_epi32(X3s,X3);
+
+		__m128i k02 = _mm_shuffle_epi32(_mm_or_si128(_mm_slli_epi64(X0, 32), _mm_srli_epi64(X3, 32)), _MM_SHUFFLE(0, 1, 2, 3));
+		__m128i k13 = _mm_shuffle_epi32(_mm_or_si128(_mm_slli_epi64(X1, 32), _mm_srli_epi64(X0, 32)), _MM_SHUFFLE(0, 1, 2, 3));
+		__m128i k20 = _mm_or_si128(_mm_and_si128(X2, _S20SSECONSTANTS.maskLo32), _mm_and_si128(X1, _S20SSECONSTANTS.maskHi32));
+		__m128i k31 = _mm_or_si128(_mm_and_si128(X3, _S20SSECONSTANTS.maskLo32), _mm_and_si128(X2, _S20SSECONSTANTS.maskHi32));
+		_mm_storeu_ps(reinterpret_cast<float *>(c),_mm_castsi128_ps(_mm_xor_si128(_mm_unpackhi_epi64(k02,k20),_mm_castps_si128(_mm_loadu_ps(reinterpret_cast<const float *>(m))))));
+		_mm_storeu_ps(reinterpret_cast<float *>(c) + 4,_mm_castsi128_ps(_mm_xor_si128(_mm_unpackhi_epi64(k13,k31),_mm_castps_si128(_mm_loadu_ps(reinterpret_cast<const float *>(m) + 4)))));
+		_mm_storeu_ps(reinterpret_cast<float *>(c) + 8,_mm_castsi128_ps(_mm_xor_si128(_mm_unpacklo_epi64(k20,k02),_mm_castps_si128(_mm_loadu_ps(reinterpret_cast<const float *>(m) + 8)))));
+		_mm_storeu_ps(reinterpret_cast<float *>(c) + 12,_mm_castsi128_ps(_mm_xor_si128(_mm_unpacklo_epi64(k31,k13),_mm_castps_si128(_mm_loadu_ps(reinterpret_cast<const float *>(m) + 12)))));
+
+		if (!(++_state.i[8])) {
+			++_state.i[5]; // state reordered for SSE
+			/* stopping at 2^70 bytes per nonce is user's responsibility */
+		}
+#else
+		x0 = j0;
+		x1 = j1;
+		x2 = j2;
+		x3 = j3;
+		x4 = j4;
+		x5 = j5;
+		x6 = j6;
+		x7 = j7;
+		x8 = j8;
+		x9 = j9;
+		x10 = j10;
+		x11 = j11;
+		x12 = j12;
+		x13 = j13;
+		x14 = j14;
+		x15 = j15;
+
+		// 2X round -------------------------------------------------------------
+		 x4 = XOR( x4,ROTATE(PLUS( x0,x12), 7));
+		 x8 = XOR( x8,ROTATE(PLUS( x4, x0), 9));
+		x12 = XOR(x12,ROTATE(PLUS( x8, x4),13));
+		 x0 = XOR( x0,ROTATE(PLUS(x12, x8),18));
+		 x9 = XOR( x9,ROTATE(PLUS( x5, x1), 7));
+		x13 = XOR(x13,ROTATE(PLUS( x9, x5), 9));
+		 x1 = XOR( x1,ROTATE(PLUS(x13, x9),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x1,x13),18));
+		x14 = XOR(x14,ROTATE(PLUS(x10, x6), 7));
+		 x2 = XOR( x2,ROTATE(PLUS(x14,x10), 9));
+		 x6 = XOR( x6,ROTATE(PLUS( x2,x14),13));
+		x10 = XOR(x10,ROTATE(PLUS( x6, x2),18));
+		 x3 = XOR( x3,ROTATE(PLUS(x15,x11), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x3,x15), 9));
+		x11 = XOR(x11,ROTATE(PLUS( x7, x3),13));
+		x15 = XOR(x15,ROTATE(PLUS(x11, x7),18));
+		 x1 = XOR( x1,ROTATE(PLUS( x0, x3), 7));
+		 x2 = XOR( x2,ROTATE(PLUS( x1, x0), 9));
+		 x3 = XOR( x3,ROTATE(PLUS( x2, x1),13));
+		 x0 = XOR( x0,ROTATE(PLUS( x3, x2),18));
+		 x6 = XOR( x6,ROTATE(PLUS( x5, x4), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x6, x5), 9));
+		 x4 = XOR( x4,ROTATE(PLUS( x7, x6),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x4, x7),18));
+		x11 = XOR(x11,ROTATE(PLUS(x10, x9), 7));
+		 x8 = XOR( x8,ROTATE(PLUS(x11,x10), 9));
+		 x9 = XOR( x9,ROTATE(PLUS( x8,x11),13));
+		x10 = XOR(x10,ROTATE(PLUS( x9, x8),18));
+		x12 = XOR(x12,ROTATE(PLUS(x15,x14), 7));
+		x13 = XOR(x13,ROTATE(PLUS(x12,x15), 9));
+		x14 = XOR(x14,ROTATE(PLUS(x13,x12),13));
+		x15 = XOR(x15,ROTATE(PLUS(x14,x13),18));
+
+		// 2X round -------------------------------------------------------------
+		 x4 = XOR( x4,ROTATE(PLUS( x0,x12), 7));
+		 x8 = XOR( x8,ROTATE(PLUS( x4, x0), 9));
+		x12 = XOR(x12,ROTATE(PLUS( x8, x4),13));
+		 x0 = XOR( x0,ROTATE(PLUS(x12, x8),18));
+		 x9 = XOR( x9,ROTATE(PLUS( x5, x1), 7));
+		x13 = XOR(x13,ROTATE(PLUS( x9, x5), 9));
+		 x1 = XOR( x1,ROTATE(PLUS(x13, x9),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x1,x13),18));
+		x14 = XOR(x14,ROTATE(PLUS(x10, x6), 7));
+		 x2 = XOR( x2,ROTATE(PLUS(x14,x10), 9));
+		 x6 = XOR( x6,ROTATE(PLUS( x2,x14),13));
+		x10 = XOR(x10,ROTATE(PLUS( x6, x2),18));
+		 x3 = XOR( x3,ROTATE(PLUS(x15,x11), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x3,x15), 9));
+		x11 = XOR(x11,ROTATE(PLUS( x7, x3),13));
+		x15 = XOR(x15,ROTATE(PLUS(x11, x7),18));
+		 x1 = XOR( x1,ROTATE(PLUS( x0, x3), 7));
+		 x2 = XOR( x2,ROTATE(PLUS( x1, x0), 9));
+		 x3 = XOR( x3,ROTATE(PLUS( x2, x1),13));
+		 x0 = XOR( x0,ROTATE(PLUS( x3, x2),18));
+		 x6 = XOR( x6,ROTATE(PLUS( x5, x4), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x6, x5), 9));
+		 x4 = XOR( x4,ROTATE(PLUS( x7, x6),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x4, x7),18));
+		x11 = XOR(x11,ROTATE(PLUS(x10, x9), 7));
+		 x8 = XOR( x8,ROTATE(PLUS(x11,x10), 9));
+		 x9 = XOR( x9,ROTATE(PLUS( x8,x11),13));
+		x10 = XOR(x10,ROTATE(PLUS( x9, x8),18));
+		x12 = XOR(x12,ROTATE(PLUS(x15,x14), 7));
+		x13 = XOR(x13,ROTATE(PLUS(x12,x15), 9));
+		x14 = XOR(x14,ROTATE(PLUS(x13,x12),13));
+		x15 = XOR(x15,ROTATE(PLUS(x14,x13),18));
+
+		// 2X round -------------------------------------------------------------
+		 x4 = XOR( x4,ROTATE(PLUS( x0,x12), 7));
+		 x8 = XOR( x8,ROTATE(PLUS( x4, x0), 9));
+		x12 = XOR(x12,ROTATE(PLUS( x8, x4),13));
+		 x0 = XOR( x0,ROTATE(PLUS(x12, x8),18));
+		 x9 = XOR( x9,ROTATE(PLUS( x5, x1), 7));
+		x13 = XOR(x13,ROTATE(PLUS( x9, x5), 9));
+		 x1 = XOR( x1,ROTATE(PLUS(x13, x9),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x1,x13),18));
+		x14 = XOR(x14,ROTATE(PLUS(x10, x6), 7));
+		 x2 = XOR( x2,ROTATE(PLUS(x14,x10), 9));
+		 x6 = XOR( x6,ROTATE(PLUS( x2,x14),13));
+		x10 = XOR(x10,ROTATE(PLUS( x6, x2),18));
+		 x3 = XOR( x3,ROTATE(PLUS(x15,x11), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x3,x15), 9));
+		x11 = XOR(x11,ROTATE(PLUS( x7, x3),13));
+		x15 = XOR(x15,ROTATE(PLUS(x11, x7),18));
+		 x1 = XOR( x1,ROTATE(PLUS( x0, x3), 7));
+		 x2 = XOR( x2,ROTATE(PLUS( x1, x0), 9));
+		 x3 = XOR( x3,ROTATE(PLUS( x2, x1),13));
+		 x0 = XOR( x0,ROTATE(PLUS( x3, x2),18));
+		 x6 = XOR( x6,ROTATE(PLUS( x5, x4), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x6, x5), 9));
+		 x4 = XOR( x4,ROTATE(PLUS( x7, x6),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x4, x7),18));
+		x11 = XOR(x11,ROTATE(PLUS(x10, x9), 7));
+		 x8 = XOR( x8,ROTATE(PLUS(x11,x10), 9));
+		 x9 = XOR( x9,ROTATE(PLUS( x8,x11),13));
+		x10 = XOR(x10,ROTATE(PLUS( x9, x8),18));
+		x12 = XOR(x12,ROTATE(PLUS(x15,x14), 7));
+		x13 = XOR(x13,ROTATE(PLUS(x12,x15), 9));
+		x14 = XOR(x14,ROTATE(PLUS(x13,x12),13));
+		x15 = XOR(x15,ROTATE(PLUS(x14,x13),18));
+
+		// 2X round -------------------------------------------------------------
+		 x4 = XOR( x4,ROTATE(PLUS( x0,x12), 7));
+		 x8 = XOR( x8,ROTATE(PLUS( x4, x0), 9));
+		x12 = XOR(x12,ROTATE(PLUS( x8, x4),13));
+		 x0 = XOR( x0,ROTATE(PLUS(x12, x8),18));
+		 x9 = XOR( x9,ROTATE(PLUS( x5, x1), 7));
+		x13 = XOR(x13,ROTATE(PLUS( x9, x5), 9));
+		 x1 = XOR( x1,ROTATE(PLUS(x13, x9),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x1,x13),18));
+		x14 = XOR(x14,ROTATE(PLUS(x10, x6), 7));
+		 x2 = XOR( x2,ROTATE(PLUS(x14,x10), 9));
+		 x6 = XOR( x6,ROTATE(PLUS( x2,x14),13));
+		x10 = XOR(x10,ROTATE(PLUS( x6, x2),18));
+		 x3 = XOR( x3,ROTATE(PLUS(x15,x11), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x3,x15), 9));
+		x11 = XOR(x11,ROTATE(PLUS( x7, x3),13));
+		x15 = XOR(x15,ROTATE(PLUS(x11, x7),18));
+		 x1 = XOR( x1,ROTATE(PLUS( x0, x3), 7));
+		 x2 = XOR( x2,ROTATE(PLUS( x1, x0), 9));
+		 x3 = XOR( x3,ROTATE(PLUS( x2, x1),13));
+		 x0 = XOR( x0,ROTATE(PLUS( x3, x2),18));
+		 x6 = XOR( x6,ROTATE(PLUS( x5, x4), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x6, x5), 9));
+		 x4 = XOR( x4,ROTATE(PLUS( x7, x6),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x4, x7),18));
+		x11 = XOR(x11,ROTATE(PLUS(x10, x9), 7));
+		 x8 = XOR( x8,ROTATE(PLUS(x11,x10), 9));
+		 x9 = XOR( x9,ROTATE(PLUS( x8,x11),13));
+		x10 = XOR(x10,ROTATE(PLUS( x9, x8),18));
+		x12 = XOR(x12,ROTATE(PLUS(x15,x14), 7));
+		x13 = XOR(x13,ROTATE(PLUS(x12,x15), 9));
+		x14 = XOR(x14,ROTATE(PLUS(x13,x12),13));
+		x15 = XOR(x15,ROTATE(PLUS(x14,x13),18));
+
+		// 2X round -------------------------------------------------------------
+		 x4 = XOR( x4,ROTATE(PLUS( x0,x12), 7));
+		 x8 = XOR( x8,ROTATE(PLUS( x4, x0), 9));
+		x12 = XOR(x12,ROTATE(PLUS( x8, x4),13));
+		 x0 = XOR( x0,ROTATE(PLUS(x12, x8),18));
+		 x9 = XOR( x9,ROTATE(PLUS( x5, x1), 7));
+		x13 = XOR(x13,ROTATE(PLUS( x9, x5), 9));
+		 x1 = XOR( x1,ROTATE(PLUS(x13, x9),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x1,x13),18));
+		x14 = XOR(x14,ROTATE(PLUS(x10, x6), 7));
+		 x2 = XOR( x2,ROTATE(PLUS(x14,x10), 9));
+		 x6 = XOR( x6,ROTATE(PLUS( x2,x14),13));
+		x10 = XOR(x10,ROTATE(PLUS( x6, x2),18));
+		 x3 = XOR( x3,ROTATE(PLUS(x15,x11), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x3,x15), 9));
+		x11 = XOR(x11,ROTATE(PLUS( x7, x3),13));
+		x15 = XOR(x15,ROTATE(PLUS(x11, x7),18));
+		 x1 = XOR( x1,ROTATE(PLUS( x0, x3), 7));
+		 x2 = XOR( x2,ROTATE(PLUS( x1, x0), 9));
+		 x3 = XOR( x3,ROTATE(PLUS( x2, x1),13));
+		 x0 = XOR( x0,ROTATE(PLUS( x3, x2),18));
+		 x6 = XOR( x6,ROTATE(PLUS( x5, x4), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x6, x5), 9));
+		 x4 = XOR( x4,ROTATE(PLUS( x7, x6),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x4, x7),18));
+		x11 = XOR(x11,ROTATE(PLUS(x10, x9), 7));
+		 x8 = XOR( x8,ROTATE(PLUS(x11,x10), 9));
+		 x9 = XOR( x9,ROTATE(PLUS( x8,x11),13));
+		x10 = XOR(x10,ROTATE(PLUS( x9, x8),18));
+		x12 = XOR(x12,ROTATE(PLUS(x15,x14), 7));
+		x13 = XOR(x13,ROTATE(PLUS(x12,x15), 9));
+		x14 = XOR(x14,ROTATE(PLUS(x13,x12),13));
+		x15 = XOR(x15,ROTATE(PLUS(x14,x13),18));
+
+		// 2X round -------------------------------------------------------------
+		 x4 = XOR( x4,ROTATE(PLUS( x0,x12), 7));
+		 x8 = XOR( x8,ROTATE(PLUS( x4, x0), 9));
+		x12 = XOR(x12,ROTATE(PLUS( x8, x4),13));
+		 x0 = XOR( x0,ROTATE(PLUS(x12, x8),18));
+		 x9 = XOR( x9,ROTATE(PLUS( x5, x1), 7));
+		x13 = XOR(x13,ROTATE(PLUS( x9, x5), 9));
+		 x1 = XOR( x1,ROTATE(PLUS(x13, x9),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x1,x13),18));
+		x14 = XOR(x14,ROTATE(PLUS(x10, x6), 7));
+		 x2 = XOR( x2,ROTATE(PLUS(x14,x10), 9));
+		 x6 = XOR( x6,ROTATE(PLUS( x2,x14),13));
+		x10 = XOR(x10,ROTATE(PLUS( x6, x2),18));
+		 x3 = XOR( x3,ROTATE(PLUS(x15,x11), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x3,x15), 9));
+		x11 = XOR(x11,ROTATE(PLUS( x7, x3),13));
+		x15 = XOR(x15,ROTATE(PLUS(x11, x7),18));
+		 x1 = XOR( x1,ROTATE(PLUS( x0, x3), 7));
+		 x2 = XOR( x2,ROTATE(PLUS( x1, x0), 9));
+		 x3 = XOR( x3,ROTATE(PLUS( x2, x1),13));
+		 x0 = XOR( x0,ROTATE(PLUS( x3, x2),18));
+		 x6 = XOR( x6,ROTATE(PLUS( x5, x4), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x6, x5), 9));
+		 x4 = XOR( x4,ROTATE(PLUS( x7, x6),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x4, x7),18));
+		x11 = XOR(x11,ROTATE(PLUS(x10, x9), 7));
+		 x8 = XOR( x8,ROTATE(PLUS(x11,x10), 9));
+		 x9 = XOR( x9,ROTATE(PLUS( x8,x11),13));
+		x10 = XOR(x10,ROTATE(PLUS( x9, x8),18));
+		x12 = XOR(x12,ROTATE(PLUS(x15,x14), 7));
+		x13 = XOR(x13,ROTATE(PLUS(x12,x15), 9));
+		x14 = XOR(x14,ROTATE(PLUS(x13,x12),13));
+		x15 = XOR(x15,ROTATE(PLUS(x14,x13),18));
+
+		// 2X round -------------------------------------------------------------
+		 x4 = XOR( x4,ROTATE(PLUS( x0,x12), 7));
+		 x8 = XOR( x8,ROTATE(PLUS( x4, x0), 9));
+		x12 = XOR(x12,ROTATE(PLUS( x8, x4),13));
+		 x0 = XOR( x0,ROTATE(PLUS(x12, x8),18));
+		 x9 = XOR( x9,ROTATE(PLUS( x5, x1), 7));
+		x13 = XOR(x13,ROTATE(PLUS( x9, x5), 9));
+		 x1 = XOR( x1,ROTATE(PLUS(x13, x9),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x1,x13),18));
+		x14 = XOR(x14,ROTATE(PLUS(x10, x6), 7));
+		 x2 = XOR( x2,ROTATE(PLUS(x14,x10), 9));
+		 x6 = XOR( x6,ROTATE(PLUS( x2,x14),13));
+		x10 = XOR(x10,ROTATE(PLUS( x6, x2),18));
+		 x3 = XOR( x3,ROTATE(PLUS(x15,x11), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x3,x15), 9));
+		x11 = XOR(x11,ROTATE(PLUS( x7, x3),13));
+		x15 = XOR(x15,ROTATE(PLUS(x11, x7),18));
+		 x1 = XOR( x1,ROTATE(PLUS( x0, x3), 7));
+		 x2 = XOR( x2,ROTATE(PLUS( x1, x0), 9));
+		 x3 = XOR( x3,ROTATE(PLUS( x2, x1),13));
+		 x0 = XOR( x0,ROTATE(PLUS( x3, x2),18));
+		 x6 = XOR( x6,ROTATE(PLUS( x5, x4), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x6, x5), 9));
+		 x4 = XOR( x4,ROTATE(PLUS( x7, x6),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x4, x7),18));
+		x11 = XOR(x11,ROTATE(PLUS(x10, x9), 7));
+		 x8 = XOR( x8,ROTATE(PLUS(x11,x10), 9));
+		 x9 = XOR( x9,ROTATE(PLUS( x8,x11),13));
+		x10 = XOR(x10,ROTATE(PLUS( x9, x8),18));
+		x12 = XOR(x12,ROTATE(PLUS(x15,x14), 7));
+		x13 = XOR(x13,ROTATE(PLUS(x12,x15), 9));
+		x14 = XOR(x14,ROTATE(PLUS(x13,x12),13));
+		x15 = XOR(x15,ROTATE(PLUS(x14,x13),18));
+
+		// 2X round -------------------------------------------------------------
+		 x4 = XOR( x4,ROTATE(PLUS( x0,x12), 7));
+		 x8 = XOR( x8,ROTATE(PLUS( x4, x0), 9));
+		x12 = XOR(x12,ROTATE(PLUS( x8, x4),13));
+		 x0 = XOR( x0,ROTATE(PLUS(x12, x8),18));
+		 x9 = XOR( x9,ROTATE(PLUS( x5, x1), 7));
+		x13 = XOR(x13,ROTATE(PLUS( x9, x5), 9));
+		 x1 = XOR( x1,ROTATE(PLUS(x13, x9),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x1,x13),18));
+		x14 = XOR(x14,ROTATE(PLUS(x10, x6), 7));
+		 x2 = XOR( x2,ROTATE(PLUS(x14,x10), 9));
+		 x6 = XOR( x6,ROTATE(PLUS( x2,x14),13));
+		x10 = XOR(x10,ROTATE(PLUS( x6, x2),18));
+		 x3 = XOR( x3,ROTATE(PLUS(x15,x11), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x3,x15), 9));
+		x11 = XOR(x11,ROTATE(PLUS( x7, x3),13));
+		x15 = XOR(x15,ROTATE(PLUS(x11, x7),18));
+		 x1 = XOR( x1,ROTATE(PLUS( x0, x3), 7));
+		 x2 = XOR( x2,ROTATE(PLUS( x1, x0), 9));
+		 x3 = XOR( x3,ROTATE(PLUS( x2, x1),13));
+		 x0 = XOR( x0,ROTATE(PLUS( x3, x2),18));
+		 x6 = XOR( x6,ROTATE(PLUS( x5, x4), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x6, x5), 9));
+		 x4 = XOR( x4,ROTATE(PLUS( x7, x6),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x4, x7),18));
+		x11 = XOR(x11,ROTATE(PLUS(x10, x9), 7));
+		 x8 = XOR( x8,ROTATE(PLUS(x11,x10), 9));
+		 x9 = XOR( x9,ROTATE(PLUS( x8,x11),13));
+		x10 = XOR(x10,ROTATE(PLUS( x9, x8),18));
+		x12 = XOR(x12,ROTATE(PLUS(x15,x14), 7));
+		x13 = XOR(x13,ROTATE(PLUS(x12,x15), 9));
+		x14 = XOR(x14,ROTATE(PLUS(x13,x12),13));
+		x15 = XOR(x15,ROTATE(PLUS(x14,x13),18));
+
+		// 2X round -------------------------------------------------------------
+		 x4 = XOR( x4,ROTATE(PLUS( x0,x12), 7));
+		 x8 = XOR( x8,ROTATE(PLUS( x4, x0), 9));
+		x12 = XOR(x12,ROTATE(PLUS( x8, x4),13));
+		 x0 = XOR( x0,ROTATE(PLUS(x12, x8),18));
+		 x9 = XOR( x9,ROTATE(PLUS( x5, x1), 7));
+		x13 = XOR(x13,ROTATE(PLUS( x9, x5), 9));
+		 x1 = XOR( x1,ROTATE(PLUS(x13, x9),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x1,x13),18));
+		x14 = XOR(x14,ROTATE(PLUS(x10, x6), 7));
+		 x2 = XOR( x2,ROTATE(PLUS(x14,x10), 9));
+		 x6 = XOR( x6,ROTATE(PLUS( x2,x14),13));
+		x10 = XOR(x10,ROTATE(PLUS( x6, x2),18));
+		 x3 = XOR( x3,ROTATE(PLUS(x15,x11), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x3,x15), 9));
+		x11 = XOR(x11,ROTATE(PLUS( x7, x3),13));
+		x15 = XOR(x15,ROTATE(PLUS(x11, x7),18));
+		 x1 = XOR( x1,ROTATE(PLUS( x0, x3), 7));
+		 x2 = XOR( x2,ROTATE(PLUS( x1, x0), 9));
+		 x3 = XOR( x3,ROTATE(PLUS( x2, x1),13));
+		 x0 = XOR( x0,ROTATE(PLUS( x3, x2),18));
+		 x6 = XOR( x6,ROTATE(PLUS( x5, x4), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x6, x5), 9));
+		 x4 = XOR( x4,ROTATE(PLUS( x7, x6),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x4, x7),18));
+		x11 = XOR(x11,ROTATE(PLUS(x10, x9), 7));
+		 x8 = XOR( x8,ROTATE(PLUS(x11,x10), 9));
+		 x9 = XOR( x9,ROTATE(PLUS( x8,x11),13));
+		x10 = XOR(x10,ROTATE(PLUS( x9, x8),18));
+		x12 = XOR(x12,ROTATE(PLUS(x15,x14), 7));
+		x13 = XOR(x13,ROTATE(PLUS(x12,x15), 9));
+		x14 = XOR(x14,ROTATE(PLUS(x13,x12),13));
+		x15 = XOR(x15,ROTATE(PLUS(x14,x13),18));
+
+		// 2X round -------------------------------------------------------------
+		 x4 = XOR( x4,ROTATE(PLUS( x0,x12), 7));
+		 x8 = XOR( x8,ROTATE(PLUS( x4, x0), 9));
+		x12 = XOR(x12,ROTATE(PLUS( x8, x4),13));
+		 x0 = XOR( x0,ROTATE(PLUS(x12, x8),18));
+		 x9 = XOR( x9,ROTATE(PLUS( x5, x1), 7));
+		x13 = XOR(x13,ROTATE(PLUS( x9, x5), 9));
+		 x1 = XOR( x1,ROTATE(PLUS(x13, x9),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x1,x13),18));
+		x14 = XOR(x14,ROTATE(PLUS(x10, x6), 7));
+		 x2 = XOR( x2,ROTATE(PLUS(x14,x10), 9));
+		 x6 = XOR( x6,ROTATE(PLUS( x2,x14),13));
+		x10 = XOR(x10,ROTATE(PLUS( x6, x2),18));
+		 x3 = XOR( x3,ROTATE(PLUS(x15,x11), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x3,x15), 9));
+		x11 = XOR(x11,ROTATE(PLUS( x7, x3),13));
+		x15 = XOR(x15,ROTATE(PLUS(x11, x7),18));
+		 x1 = XOR( x1,ROTATE(PLUS( x0, x3), 7));
+		 x2 = XOR( x2,ROTATE(PLUS( x1, x0), 9));
+		 x3 = XOR( x3,ROTATE(PLUS( x2, x1),13));
+		 x0 = XOR( x0,ROTATE(PLUS( x3, x2),18));
+		 x6 = XOR( x6,ROTATE(PLUS( x5, x4), 7));
+		 x7 = XOR( x7,ROTATE(PLUS( x6, x5), 9));
+		 x4 = XOR( x4,ROTATE(PLUS( x7, x6),13));
+		 x5 = XOR( x5,ROTATE(PLUS( x4, x7),18));
+		x11 = XOR(x11,ROTATE(PLUS(x10, x9), 7));
+		 x8 = XOR( x8,ROTATE(PLUS(x11,x10), 9));
+		 x9 = XOR( x9,ROTATE(PLUS( x8,x11),13));
+		x10 = XOR(x10,ROTATE(PLUS( x9, x8),18));
+		x12 = XOR(x12,ROTATE(PLUS(x15,x14), 7));
+		x13 = XOR(x13,ROTATE(PLUS(x12,x15), 9));
+		x14 = XOR(x14,ROTATE(PLUS(x13,x12),13));
+		x15 = XOR(x15,ROTATE(PLUS(x14,x13),18));
+
+		x0 = PLUS(x0,j0);
+		x1 = PLUS(x1,j1);
+		x2 = PLUS(x2,j2);
+		x3 = PLUS(x3,j3);
+		x4 = PLUS(x4,j4);
+		x5 = PLUS(x5,j5);
+		x6 = PLUS(x6,j6);
+		x7 = PLUS(x7,j7);
+		x8 = PLUS(x8,j8);
+		x9 = PLUS(x9,j9);
+		x10 = PLUS(x10,j10);
+		x11 = PLUS(x11,j11);
+		x12 = PLUS(x12,j12);
+		x13 = PLUS(x13,j13);
+		x14 = PLUS(x14,j14);
+		x15 = PLUS(x15,j15);
+
+		U32TO8_LITTLE(c + 0,XOR(x0,U8TO32_LITTLE(m + 0)));
+		U32TO8_LITTLE(c + 4,XOR(x1,U8TO32_LITTLE(m + 4)));
+		U32TO8_LITTLE(c + 8,XOR(x2,U8TO32_LITTLE(m + 8)));
+		U32TO8_LITTLE(c + 12,XOR(x3,U8TO32_LITTLE(m + 12)));
+		U32TO8_LITTLE(c + 16,XOR(x4,U8TO32_LITTLE(m + 16)));
+		U32TO8_LITTLE(c + 20,XOR(x5,U8TO32_LITTLE(m + 20)));
+		U32TO8_LITTLE(c + 24,XOR(x6,U8TO32_LITTLE(m + 24)));
+		U32TO8_LITTLE(c + 28,XOR(x7,U8TO32_LITTLE(m + 28)));
+		U32TO8_LITTLE(c + 32,XOR(x8,U8TO32_LITTLE(m + 32)));
+		U32TO8_LITTLE(c + 36,XOR(x9,U8TO32_LITTLE(m + 36)));
+		U32TO8_LITTLE(c + 40,XOR(x10,U8TO32_LITTLE(m + 40)));
+		U32TO8_LITTLE(c + 44,XOR(x11,U8TO32_LITTLE(m + 44)));
+		U32TO8_LITTLE(c + 48,XOR(x12,U8TO32_LITTLE(m + 48)));
+		U32TO8_LITTLE(c + 52,XOR(x13,U8TO32_LITTLE(m + 52)));
+		U32TO8_LITTLE(c + 56,XOR(x14,U8TO32_LITTLE(m + 56)));
+		U32TO8_LITTLE(c + 60,XOR(x15,U8TO32_LITTLE(m + 60)));
+
+		if (!(++j8)) {
+			++j9;
+			/* stopping at 2^70 bytes per nonce is user's responsibility */
+		}
+#endif
+
+		if (bytes <= 64) {
+			if (bytes < 64) {
+				for (i = 0;i < bytes;++i)
+					ctarget[i] = c[i];
+			}
+
+#ifndef ZT_SALSA20_SSE
+			_state.i[8] = j8;
+			_state.i[9] = j9;
+#endif
+
+			return;
+		}
+
+		bytes -= 64;
+		c += 64;
+		m += 64;
+	}
+}
+
+} // namespace ZeroTier
diff --git a/node/Salsa20.hpp b/node/Salsa20.hpp
new file mode 100644
index 0000000..7e4c1e5
--- /dev/null
+++ b/node/Salsa20.hpp
@@ -0,0 +1,115 @@
+/*
+ * Based on public domain code available at: http://cr.yp.to/snuffle.html
+ *
+ * This therefore is public domain.
+ */
+
+#ifndef ZT_SALSA20_HPP
+#define ZT_SALSA20_HPP
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "Constants.hpp"
+#include "Utils.hpp"
+
+#if (!defined(ZT_SALSA20_SSE)) && (defined(__SSE2__) || defined(__WINDOWS__))
+#define ZT_SALSA20_SSE 1
+#endif
+
+#ifdef ZT_SALSA20_SSE
+#include <emmintrin.h>
+#endif // ZT_SALSA20_SSE
+
+namespace ZeroTier {
+
+/**
+ * Salsa20 stream cipher
+ */
+class Salsa20
+{
+public:
+	Salsa20() throw() {}
+
+	~Salsa20() { Utils::burn(&_state,sizeof(_state)); }
+
+	/**
+	 * @param key Key bits
+	 * @param kbits Number of key bits: 128 or 256 (recommended)
+	 * @param iv 64-bit initialization vector
+	 */
+	Salsa20(const void *key,unsigned int kbits,const void *iv)
+		throw()
+	{
+		init(key,kbits,iv);
+	}
+
+	/**
+	 * Initialize cipher
+	 *
+	 * @param key Key bits
+	 * @param kbits Number of key bits: 128 or 256 (recommended)
+	 * @param iv 64-bit initialization vector
+	 */
+	void init(const void *key,unsigned int kbits,const void *iv)
+		throw();
+
+	/**
+	 * Encrypt data using Salsa20/12
+	 *
+	 * @param in Input data
+	 * @param out Output buffer
+	 * @param bytes Length of data
+	 */
+	void encrypt12(const void *in,void *out,unsigned int bytes)
+		throw();
+
+	/**
+	 * Encrypt data using Salsa20/20
+	 *
+	 * @param in Input data
+	 * @param out Output buffer
+	 * @param bytes Length of data
+	 */
+	void encrypt20(const void *in,void *out,unsigned int bytes)
+		throw();
+
+	/**
+	 * Decrypt data
+	 *
+	 * @param in Input data
+	 * @param out Output buffer
+	 * @param bytes Length of data
+	 */
+	inline void decrypt12(const void *in,void *out,unsigned int bytes)
+		throw()
+	{
+		encrypt12(in,out,bytes);
+	}
+
+	/**
+	 * Decrypt data
+	 *
+	 * @param in Input data
+	 * @param out Output buffer
+	 * @param bytes Length of data
+	 */
+	inline void decrypt20(const void *in,void *out,unsigned int bytes)
+		throw()
+	{
+		encrypt20(in,out,bytes);
+	}
+
+private:
+	union {
+#ifdef ZT_SALSA20_SSE
+		__m128i v[4];
+#endif // ZT_SALSA20_SSE
+		uint32_t i[16];
+	} _state;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/SelfAwareness.cpp b/node/SelfAwareness.cpp
new file mode 100644
index 0000000..8bed0c5
--- /dev/null
+++ b/node/SelfAwareness.cpp
@@ -0,0 +1,187 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <set>
+#include <vector>
+
+#include "Constants.hpp"
+#include "SelfAwareness.hpp"
+#include "RuntimeEnvironment.hpp"
+#include "Node.hpp"
+#include "Topology.hpp"
+#include "Packet.hpp"
+#include "Peer.hpp"
+#include "Switch.hpp"
+
+// Entry timeout -- make it fairly long since this is just to prevent stale buildup
+#define ZT_SELFAWARENESS_ENTRY_TIMEOUT 3600000
+
+namespace ZeroTier {
+
+class _ResetWithinScope
+{
+public:
+	_ResetWithinScope(uint64_t now,InetAddress::IpScope scope) :
+		_now(now),
+		_scope(scope) {}
+
+	inline void operator()(Topology &t,const SharedPtr<Peer> &p)
+	{
+		if (p->resetWithinScope(_scope,_now))
+			peersReset.push_back(p);
+	}
+
+	std::vector< SharedPtr<Peer> > peersReset;
+
+private:
+	uint64_t _now;
+	InetAddress::IpScope _scope;
+};
+
+SelfAwareness::SelfAwareness(const RuntimeEnvironment *renv) :
+	RR(renv),
+	_phy(32)
+{
+}
+
+SelfAwareness::~SelfAwareness()
+{
+}
+
+void SelfAwareness::iam(const Address &reporter,const InetAddress &receivedOnLocalAddress,const InetAddress &reporterPhysicalAddress,const InetAddress &myPhysicalAddress,bool trusted,uint64_t now)
+{
+	const InetAddress::IpScope scope = myPhysicalAddress.ipScope();
+
+	if ((scope != reporterPhysicalAddress.ipScope())||(scope == InetAddress::IP_SCOPE_NONE)||(scope == InetAddress::IP_SCOPE_LOOPBACK)||(scope == InetAddress::IP_SCOPE_MULTICAST))
+		return;
+
+	Mutex::Lock _l(_phy_m);
+	PhySurfaceEntry &entry = _phy[PhySurfaceKey(reporter,receivedOnLocalAddress,reporterPhysicalAddress,scope)];
+
+	if ( (trusted) && ((now - entry.ts) < ZT_SELFAWARENESS_ENTRY_TIMEOUT) && (!entry.mySurface.ipsEqual(myPhysicalAddress)) ) {
+		// Changes to external surface reported by trusted peers causes path reset in this scope
+		entry.mySurface = myPhysicalAddress;
+		entry.ts = now;
+		TRACE("physical address %s for scope %u as seen from %s(%s) differs from %s, resetting paths in scope",myPhysicalAddress.toString().c_str(),(unsigned int)scope,reporter.toString().c_str(),reporterPhysicalAddress.toString().c_str(),entry.mySurface.toString().c_str());
+
+		// Erase all entries in this scope that were not reported from this remote address to prevent 'thrashing'
+		// due to multiple reports of endpoint change.
+		// Don't use 'entry' after this since hash table gets modified.
+		{
+			Hashtable< PhySurfaceKey,PhySurfaceEntry >::Iterator i(_phy);
+			PhySurfaceKey *k = (PhySurfaceKey *)0;
+			PhySurfaceEntry *e = (PhySurfaceEntry *)0;
+			while (i.next(k,e)) {
+				if ((k->reporterPhysicalAddress != reporterPhysicalAddress)&&(k->scope == scope))
+					_phy.erase(*k);
+			}
+		}
+
+		// Reset all paths within this scope
+		_ResetWithinScope rset(now,(InetAddress::IpScope)scope);
+		RR->topology->eachPeer<_ResetWithinScope &>(rset);
+
+		// Send a NOP to all peers for whom we forgot a path. This will cause direct
+		// links to be re-established if possible, possibly using a root server or some
+		// other relay.
+		for(std::vector< SharedPtr<Peer> >::const_iterator p(rset.peersReset.begin());p!=rset.peersReset.end();++p) {
+			if ((*p)->activelyTransferringFrames(now)) {
+				Packet outp((*p)->address(),RR->identity.address(),Packet::VERB_NOP);
+				RR->sw->send(outp,true,0);
+			}
+		}
+	} else {
+		// Otherwise just update DB to use to determine external surface info
+		entry.mySurface = myPhysicalAddress;
+		entry.ts = now;
+	}
+}
+
+void SelfAwareness::clean(uint64_t now)
+{
+	Mutex::Lock _l(_phy_m);
+	Hashtable< PhySurfaceKey,PhySurfaceEntry >::Iterator i(_phy);
+	PhySurfaceKey *k = (PhySurfaceKey *)0;
+	PhySurfaceEntry *e = (PhySurfaceEntry *)0;
+	while (i.next(k,e)) {
+		if ((now - e->ts) >= ZT_SELFAWARENESS_ENTRY_TIMEOUT)
+			_phy.erase(*k);
+	}
+}
+
+std::vector<InetAddress> SelfAwareness::getSymmetricNatPredictions()
+{
+	/* This is based on ideas and strategies found here:
+	 * https://tools.ietf.org/html/draft-takeda-symmetric-nat-traversal-00
+	 *
+	 * In short: a great many symmetric NATs allocate ports sequentially.
+	 * This is common on enterprise and carrier grade NATs as well as consumer
+	 * devices. This code generates a list of "you might try this" addresses by
+	 * extrapolating likely port assignments from currently known external
+	 * global IPv4 surfaces. These can then be included in a PUSH_DIRECT_PATHS
+	 * message to another peer, causing it to possibly try these addresses and
+	 * bust our local symmetric NAT. It works often enough to be worth the
+	 * extra bit of code and does no harm in cases where it fails. */
+
+	// Gather unique surfaces indexed by local received-on address and flag
+	// us as behind a symmetric NAT if there is more than one.
+	std::map< InetAddress,std::set<InetAddress> > surfaces;
+	bool symmetric = false;
+	{
+		Mutex::Lock _l(_phy_m);
+		Hashtable< PhySurfaceKey,PhySurfaceEntry >::Iterator i(_phy);
+		PhySurfaceKey *k = (PhySurfaceKey *)0;
+		PhySurfaceEntry *e = (PhySurfaceEntry *)0;
+		while (i.next(k,e)) {
+			if ((e->mySurface.ss_family == AF_INET)&&(e->mySurface.ipScope() == InetAddress::IP_SCOPE_GLOBAL)) {
+				std::set<InetAddress> &s = surfaces[k->receivedOnLocalAddress];
+				s.insert(e->mySurface);
+				symmetric = symmetric||(s.size() > 1);
+			}
+		}
+	}
+
+	// If we appear to be symmetrically NATed, generate and return extrapolations
+	// of those surfaces. Since PUSH_DIRECT_PATHS is sent multiple times, we
+	// probabilistically generate extrapolations of anywhere from +1 to +5 to
+	// increase the odds that it will work "eventually".
+	if (symmetric) {
+		std::vector<InetAddress> r;
+		for(std::map< InetAddress,std::set<InetAddress> >::iterator si(surfaces.begin());si!=surfaces.end();++si) {
+			for(std::set<InetAddress>::iterator i(si->second.begin());i!=si->second.end();++i) {
+				InetAddress ipp(*i);
+				unsigned int p = ipp.port() + 1 + ((unsigned int)RR->node->prng() & 3);
+				if (p >= 65535)
+					p -= 64510; // NATs seldom use ports <=1024 so wrap to 1025
+				ipp.setPort(p);
+				if ((si->second.count(ipp) == 0)&&(std::find(r.begin(),r.end(),ipp) == r.end())) {
+					r.push_back(ipp);
+				}
+			}
+		}
+		return r;
+	}
+
+	return std::vector<InetAddress>();
+}
+
+} // namespace ZeroTier
diff --git a/node/SelfAwareness.hpp b/node/SelfAwareness.hpp
new file mode 100644
index 0000000..06c264a
--- /dev/null
+++ b/node/SelfAwareness.hpp
@@ -0,0 +1,98 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_SELFAWARENESS_HPP
+#define ZT_SELFAWARENESS_HPP
+
+#include "Constants.hpp"
+#include "InetAddress.hpp"
+#include "Hashtable.hpp"
+#include "Address.hpp"
+#include "Mutex.hpp"
+
+namespace ZeroTier {
+
+class RuntimeEnvironment;
+
+/**
+ * Tracks changes to this peer's real world addresses
+ */
+class SelfAwareness
+{
+public:
+	SelfAwareness(const RuntimeEnvironment *renv);
+	~SelfAwareness();
+
+	/**
+	 * Called when a trusted remote peer informs us of our external network address
+	 *
+	 * @param reporter ZeroTier address of reporting peer
+	 * @param receivedOnLocalAddress Local address on which report was received
+	 * @param reporterPhysicalAddress Physical address that reporting peer seems to have
+	 * @param myPhysicalAddress Physical address that peer says we have
+	 * @param trusted True if this peer is trusted as an authority to inform us of external address changes
+	 * @param now Current time
+	 */
+	void iam(const Address &reporter,const InetAddress &receivedOnLocalAddress,const InetAddress &reporterPhysicalAddress,const InetAddress &myPhysicalAddress,bool trusted,uint64_t now);
+
+	/**
+	 * Clean up database periodically
+	 *
+	 * @param now Current time
+	 */
+	void clean(uint64_t now);
+
+	/**
+	 * If we appear to be behind a symmetric NAT, get predictions for possible external endpoints
+	 *
+	 * @return Symmetric NAT predictions or empty vector if none
+	 */
+	std::vector<InetAddress> getSymmetricNatPredictions();
+
+private:
+	struct PhySurfaceKey
+	{
+		Address reporter;
+		InetAddress receivedOnLocalAddress;
+		InetAddress reporterPhysicalAddress;
+		InetAddress::IpScope scope;
+
+		PhySurfaceKey() : reporter(),scope(InetAddress::IP_SCOPE_NONE) {}
+		PhySurfaceKey(const Address &r,const InetAddress &rol,const InetAddress &ra,InetAddress::IpScope s) : reporter(r),receivedOnLocalAddress(rol),reporterPhysicalAddress(ra),scope(s) {}
+
+		inline unsigned long hashCode() const throw() { return ((unsigned long)reporter.toInt() + (unsigned long)scope); }
+		inline bool operator==(const PhySurfaceKey &k) const throw() { return ((reporter == k.reporter)&&(receivedOnLocalAddress == k.receivedOnLocalAddress)&&(reporterPhysicalAddress == k.reporterPhysicalAddress)&&(scope == k.scope)); }
+	};
+	struct PhySurfaceEntry
+	{
+		InetAddress mySurface;
+		uint64_t ts;
+
+		PhySurfaceEntry() : mySurface(),ts(0) {}
+		PhySurfaceEntry(const InetAddress &a,const uint64_t t) : mySurface(a),ts(t) {}
+	};
+
+	const RuntimeEnvironment *RR;
+
+	Hashtable< PhySurfaceKey,PhySurfaceEntry > _phy;
+	Mutex _phy_m;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/SharedPtr.hpp b/node/SharedPtr.hpp
new file mode 100644
index 0000000..3ff5ed1
--- /dev/null
+++ b/node/SharedPtr.hpp
@@ -0,0 +1,154 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_SHAREDPTR_HPP
+#define ZT_SHAREDPTR_HPP
+
+#include "Mutex.hpp"
+#include "AtomicCounter.hpp"
+
+namespace ZeroTier {
+
+/**
+ * Simple reference counted pointer
+ *
+ * This is an introspective shared pointer. Classes that need to be reference
+ * counted must list this as a 'friend' and must have a private instance of
+ * AtomicCounter called __refCount. They should also have private destructors,
+ * since only this class should delete them.
+ *
+ * Because this is introspective, it is safe to apply to a naked pointer
+ * multiple times provided there is always at least one holding SharedPtr.
+ *
+ * Once C++11 is ubiquitous, this and a few other things like Thread might get
+ * torn out for their standard equivalents.
+ */
+template<typename T>
+class SharedPtr
+{
+public:
+	SharedPtr()
+		throw() :
+		_ptr((T *)0)
+	{
+	}
+
+	SharedPtr(T *obj)
+		throw() :
+		_ptr(obj)
+	{
+		++obj->__refCount;
+	}
+
+	SharedPtr(const SharedPtr &sp)
+		throw() :
+		_ptr(sp._getAndInc())
+	{
+	}
+
+	~SharedPtr()
+	{
+		if (_ptr) {
+			if (--_ptr->__refCount <= 0)
+				delete _ptr;
+		}
+	}
+
+	inline SharedPtr &operator=(const SharedPtr &sp)
+	{
+		if (_ptr != sp._ptr) {
+			T *p = sp._getAndInc();
+			if (_ptr) {
+				if (--_ptr->__refCount <= 0)
+					delete _ptr;
+			}
+			_ptr = p;
+		}
+		return *this;
+	}
+
+	/**
+	 * Set to a naked pointer and increment its reference count
+	 *
+	 * This assumes this SharedPtr is NULL and that ptr is not a 'zombie.' No
+	 * checks are performed.
+	 *
+	 * @param ptr Naked pointer to assign
+	 */
+	inline void setToUnsafe(T *ptr)
+	{
+		++ptr->__refCount;
+		_ptr = ptr;
+	}
+
+	/**
+	 * Swap with another pointer 'for free' without ref count overhead
+	 *
+	 * @param with Pointer to swap with
+	 */
+	inline void swap(SharedPtr &with)
+		throw()
+	{
+		T *tmp = _ptr;
+		_ptr = with._ptr;
+		with._ptr = tmp;
+	}
+
+	inline operator bool() const throw() { return (_ptr != (T *)0); }
+	inline T &operator*() const throw() { return *_ptr; }
+	inline T *operator->() const throw() { return _ptr; }
+
+	/**
+	 * @return Raw pointer to held object
+	 */
+	inline T *ptr() const throw() { return _ptr; }
+
+	/**
+	 * Set this pointer to null
+	 */
+	inline void zero()
+	{
+		if (_ptr) {
+			if (--_ptr->__refCount <= 0)
+				delete _ptr;
+		}
+		_ptr = (T *)0;
+	}
+
+	inline bool operator==(const SharedPtr &sp) const throw() { return (_ptr == sp._ptr); }
+	inline bool operator!=(const SharedPtr &sp) const throw() { return (_ptr != sp._ptr); }
+	inline bool operator>(const SharedPtr &sp) const throw() { return (_ptr > sp._ptr); }
+	inline bool operator<(const SharedPtr &sp) const throw() { return (_ptr < sp._ptr); }
+	inline bool operator>=(const SharedPtr &sp) const throw() { return (_ptr >= sp._ptr); }
+	inline bool operator<=(const SharedPtr &sp) const throw() { return (_ptr <= sp._ptr); }
+
+private:
+	inline T *_getAndInc() const
+		throw()
+	{
+		if (_ptr)
+			++_ptr->__refCount;
+		return _ptr;
+	}
+
+	T *_ptr;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/Switch.cpp b/node/Switch.cpp
new file mode 100644
index 0000000..bf3afe3
--- /dev/null
+++ b/node/Switch.cpp
@@ -0,0 +1,886 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <algorithm>
+#include <utility>
+#include <stdexcept>
+
+#include "../version.h"
+#include "../include/ZeroTierOne.h"
+
+#include "Constants.hpp"
+#include "RuntimeEnvironment.hpp"
+#include "Switch.hpp"
+#include "Node.hpp"
+#include "InetAddress.hpp"
+#include "Topology.hpp"
+#include "Peer.hpp"
+#include "SelfAwareness.hpp"
+#include "Packet.hpp"
+#include "Cluster.hpp"
+
+namespace ZeroTier {
+
+#ifdef ZT_TRACE
+static const char *etherTypeName(const unsigned int etherType)
+{
+	switch(etherType) {
+		case ZT_ETHERTYPE_IPV4:  return "IPV4";
+		case ZT_ETHERTYPE_ARP:   return "ARP";
+		case ZT_ETHERTYPE_RARP:  return "RARP";
+		case ZT_ETHERTYPE_ATALK: return "ATALK";
+		case ZT_ETHERTYPE_AARP:  return "AARP";
+		case ZT_ETHERTYPE_IPX_A: return "IPX_A";
+		case ZT_ETHERTYPE_IPX_B: return "IPX_B";
+		case ZT_ETHERTYPE_IPV6:  return "IPV6";
+	}
+	return "UNKNOWN";
+}
+#endif // ZT_TRACE
+
+Switch::Switch(const RuntimeEnvironment *renv) :
+	RR(renv),
+	_lastBeaconResponse(0),
+	_outstandingWhoisRequests(32),
+	_lastUniteAttempt(8) // only really used on root servers and upstreams, and it'll grow there just fine
+{
+}
+
+Switch::~Switch()
+{
+}
+
+void Switch::onRemotePacket(const InetAddress &localAddr,const InetAddress &fromAddr,const void *data,unsigned int len)
+{
+	try {
+		const uint64_t now = RR->node->now();
+
+		if (len == 13) {
+			/* LEGACY: before VERB_PUSH_DIRECT_PATHS, peers used broadcast
+			 * announcements on the LAN to solve the 'same network problem.' We
+			 * no longer send these, but we'll listen for them for a while to
+			 * locate peers with versions <1.0.4. */
+
+			Address beaconAddr(reinterpret_cast<const char *>(data) + 8,5);
+			if (beaconAddr == RR->identity.address())
+				return;
+			if (!RR->node->shouldUsePathForZeroTierTraffic(localAddr,fromAddr))
+				return;
+			SharedPtr<Peer> peer(RR->topology->getPeer(beaconAddr));
+			if (peer) { // we'll only respond to beacons from known peers
+				if ((now - _lastBeaconResponse) >= 2500) { // limit rate of responses
+					_lastBeaconResponse = now;
+					Packet outp(peer->address(),RR->identity.address(),Packet::VERB_NOP);
+					outp.armor(peer->key(),true);
+					RR->node->putPacket(localAddr,fromAddr,outp.data(),outp.size());
+				}
+			}
+
+		} else if (len > ZT_PROTO_MIN_FRAGMENT_LENGTH) { // min length check is important!
+			if (reinterpret_cast<const uint8_t *>(data)[ZT_PACKET_FRAGMENT_IDX_FRAGMENT_INDICATOR] == ZT_PACKET_FRAGMENT_INDICATOR) {
+				// Handle fragment ----------------------------------------------------
+
+				Packet::Fragment fragment(data,len);
+				const Address destination(fragment.destination());
+
+				if (destination != RR->identity.address()) {
+					// Fragment is not for us, so try to relay it
+					if (fragment.hops() < ZT_RELAY_MAX_HOPS) {
+						fragment.incrementHops();
+
+						// Note: we don't bother initiating NAT-t for fragments, since heads will set that off.
+						// It wouldn't hurt anything, just redundant and unnecessary.
+						SharedPtr<Peer> relayTo = RR->topology->getPeer(destination);
+						if ((!relayTo)||(!relayTo->send(fragment.data(),fragment.size(),now))) {
+#ifdef ZT_ENABLE_CLUSTER
+							if (RR->cluster) {
+								RR->cluster->sendViaCluster(Address(),destination,fragment.data(),fragment.size(),false);
+								return;
+							}
+#endif
+
+							// Don't know peer or no direct path -- so relay via root server
+							relayTo = RR->topology->getBestRoot();
+							if (relayTo)
+								relayTo->send(fragment.data(),fragment.size(),now);
+						}
+					} else {
+						TRACE("dropped relay [fragment](%s) -> %s, max hops exceeded",fromAddr.toString().c_str(),destination.toString().c_str());
+					}
+				} else {
+					// Fragment looks like ours
+					const uint64_t fragmentPacketId = fragment.packetId();
+					const unsigned int fragmentNumber = fragment.fragmentNumber();
+					const unsigned int totalFragments = fragment.totalFragments();
+
+					if ((totalFragments <= ZT_MAX_PACKET_FRAGMENTS)&&(fragmentNumber < ZT_MAX_PACKET_FRAGMENTS)&&(fragmentNumber > 0)&&(totalFragments > 1)) {
+						// Fragment appears basically sane. Its fragment number must be
+						// 1 or more, since a Packet with fragmented bit set is fragment 0.
+						// Total fragments must be more than 1, otherwise why are we
+						// seeing a Packet::Fragment?
+
+						Mutex::Lock _l(_rxQueue_m);
+						RXQueueEntry *const rq = _findRXQueueEntry(now,fragmentPacketId);
+
+						if ((!rq->timestamp)||(rq->packetId != fragmentPacketId)) {
+							// No packet found, so we received a fragment without its head.
+							//TRACE("fragment (%u/%u) of %.16llx from %s",fragmentNumber + 1,totalFragments,fragmentPacketId,fromAddr.toString().c_str());
+
+							rq->timestamp = now;
+							rq->packetId = fragmentPacketId;
+							rq->frags[fragmentNumber - 1] = fragment;
+							rq->totalFragments = totalFragments; // total fragment count is known
+							rq->haveFragments = 1 << fragmentNumber; // we have only this fragment
+							rq->complete = false;
+						} else if (!(rq->haveFragments & (1 << fragmentNumber))) {
+							// We have other fragments and maybe the head, so add this one and check
+							//TRACE("fragment (%u/%u) of %.16llx from %s",fragmentNumber + 1,totalFragments,fragmentPacketId,fromAddr.toString().c_str());
+
+							rq->frags[fragmentNumber - 1] = fragment;
+							rq->totalFragments = totalFragments;
+
+							if (Utils::countBits(rq->haveFragments |= (1 << fragmentNumber)) == totalFragments) {
+								// We have all fragments -- assemble and process full Packet
+								//TRACE("packet %.16llx is complete, assembling and processing...",fragmentPacketId);
+
+								for(unsigned int f=1;f<totalFragments;++f)
+									rq->frag0.append(rq->frags[f - 1].payload(),rq->frags[f - 1].payloadLength());
+
+								if (rq->frag0.tryDecode(RR,false)) {
+									rq->timestamp = 0; // packet decoded, free entry
+								} else {
+									rq->complete = true; // set complete flag but leave entry since it probably needs WHOIS or something
+								}
+							}
+						} // else this is a duplicate fragment, ignore
+					}
+				}
+
+				// --------------------------------------------------------------------
+			} else if (len >= ZT_PROTO_MIN_PACKET_LENGTH) { // min length check is important!
+				// Handle packet head -------------------------------------------------
+
+				// See packet format in Packet.hpp to understand this
+				const uint64_t packetId = (
+					(((uint64_t)reinterpret_cast<const uint8_t *>(data)[0]) << 56) |
+					(((uint64_t)reinterpret_cast<const uint8_t *>(data)[1]) << 48) |
+					(((uint64_t)reinterpret_cast<const uint8_t *>(data)[2]) << 40) |
+					(((uint64_t)reinterpret_cast<const uint8_t *>(data)[3]) << 32) |
+					(((uint64_t)reinterpret_cast<const uint8_t *>(data)[4]) << 24) |
+					(((uint64_t)reinterpret_cast<const uint8_t *>(data)[5]) << 16) |
+					(((uint64_t)reinterpret_cast<const uint8_t *>(data)[6]) << 8) |
+					((uint64_t)reinterpret_cast<const uint8_t *>(data)[7])
+				);
+				const Address destination(reinterpret_cast<const uint8_t *>(data) + 8,ZT_ADDRESS_LENGTH);
+				const Address source(reinterpret_cast<const uint8_t *>(data) + 13,ZT_ADDRESS_LENGTH);
+
+				// Catch this and toss it -- it would never work, but it could happen if we somehow
+				// mistakenly guessed an address we're bound to as a destination for another peer.
+				if (source == RR->identity.address())
+					return;
+
+				//TRACE("<< %.16llx %s -> %s (size: %u)",(unsigned long long)packet->packetId(),source.toString().c_str(),destination.toString().c_str(),packet->size());
+
+				if (destination != RR->identity.address()) {
+					Packet packet(data,len);
+
+					// Packet is not for us, so try to relay it
+					if (packet.hops() < ZT_RELAY_MAX_HOPS) {
+						packet.incrementHops();
+
+						SharedPtr<Peer> relayTo = RR->topology->getPeer(destination);
+						if ((relayTo)&&((relayTo->send(packet.data(),packet.size(),now)))) {
+							Mutex::Lock _l(_lastUniteAttempt_m);
+							uint64_t &luts = _lastUniteAttempt[_LastUniteKey(source,destination)];
+							if ((now - luts) >= ZT_MIN_UNITE_INTERVAL) {
+								luts = now;
+								unite(source,destination);
+							}
+						} else {
+#ifdef ZT_ENABLE_CLUSTER
+							if (RR->cluster) {
+								bool shouldUnite;
+								{
+									Mutex::Lock _l(_lastUniteAttempt_m);
+									uint64_t &luts = _lastUniteAttempt[_LastUniteKey(source,destination)];
+									shouldUnite = ((now - luts) >= ZT_MIN_UNITE_INTERVAL);
+									if (shouldUnite)
+										luts = now;
+								}
+								RR->cluster->sendViaCluster(source,destination,packet.data(),packet.size(),shouldUnite);
+								return;
+							}
+#endif
+							relayTo = RR->topology->getBestRoot(&source,1,true);
+							if (relayTo)
+								relayTo->send(packet.data(),packet.size(),now);
+						}
+					} else {
+						TRACE("dropped relay %s(%s) -> %s, max hops exceeded",packet.source().toString().c_str(),fromAddr.toString().c_str(),destination.toString().c_str());
+					}
+				} else if ((reinterpret_cast<const uint8_t *>(data)[ZT_PACKET_IDX_FLAGS] & ZT_PROTO_FLAG_FRAGMENTED) != 0) {
+					// Packet is the head of a fragmented packet series
+
+					Mutex::Lock _l(_rxQueue_m);
+					RXQueueEntry *const rq = _findRXQueueEntry(now,packetId);
+
+					if ((!rq->timestamp)||(rq->packetId != packetId)) {
+						// If we have no other fragments yet, create an entry and save the head
+						//TRACE("fragment (0/?) of %.16llx from %s",pid,fromAddr.toString().c_str());
+
+						rq->timestamp = now;
+						rq->packetId = packetId;
+						rq->frag0.init(data,len,localAddr,fromAddr,now);
+						rq->totalFragments = 0;
+						rq->haveFragments = 1;
+						rq->complete = false;
+					} else if (!(rq->haveFragments & 1)) {
+						// If we have other fragments but no head, see if we are complete with the head
+
+						if ((rq->totalFragments > 1)&&(Utils::countBits(rq->haveFragments |= 1) == rq->totalFragments)) {
+							// We have all fragments -- assemble and process full Packet
+							//TRACE("packet %.16llx is complete, assembling and processing...",pid);
+
+							rq->frag0.init(data,len,localAddr,fromAddr,now);
+							for(unsigned int f=1;f<rq->totalFragments;++f)
+								rq->frag0.append(rq->frags[f - 1].payload(),rq->frags[f - 1].payloadLength());
+
+							if (rq->frag0.tryDecode(RR,false)) {
+								rq->timestamp = 0; // packet decoded, free entry
+							} else {
+								rq->complete = true; // set complete flag but leave entry since it probably needs WHOIS or something
+							}
+						} else {
+							// Still waiting on more fragments, but keep the head
+							rq->frag0.init(data,len,localAddr,fromAddr,now);
+						}
+					} // else this is a duplicate head, ignore
+				} else {
+					// Packet is unfragmented, so just process it
+					IncomingPacket packet(data,len,localAddr,fromAddr,now);
+					if (!packet.tryDecode(RR,false)) {
+						Mutex::Lock _l(_rxQueue_m);
+						RXQueueEntry *rq = &(_rxQueue[ZT_RX_QUEUE_SIZE - 1]);
+						unsigned long i = ZT_RX_QUEUE_SIZE - 1;
+						while ((i)&&(rq->timestamp)) {
+							RXQueueEntry *tmp = &(_rxQueue[--i]);
+							if (tmp->timestamp < rq->timestamp)
+								rq = tmp;
+						}
+						rq->timestamp = now;
+						rq->packetId = packetId;
+						rq->frag0 = packet;
+						rq->totalFragments = 1;
+						rq->haveFragments = 1;
+						rq->complete = true;
+					}
+				}
+
+				// --------------------------------------------------------------------
+			}
+		}
+	} catch (std::exception &ex) {
+		TRACE("dropped packet from %s: unexpected exception: %s",fromAddr.toString().c_str(),ex.what());
+	} catch ( ... ) {
+		TRACE("dropped packet from %s: unexpected exception: (unknown)",fromAddr.toString().c_str());
+	}
+}
+
+void Switch::onLocalEthernet(const SharedPtr<Network> &network,const MAC &from,const MAC &to,unsigned int etherType,unsigned int vlanId,const void *data,unsigned int len)
+{
+	if (!network->hasConfig())
+		return;
+
+	// Sanity check -- bridge loop? OS problem?
+	if (to == network->mac())
+		return;
+
+	// Check to make sure this protocol is allowed on this network
+	if (!network->config().permitsEtherType(etherType)) {
+		TRACE("%.16llx: ignored tap: %s -> %s: ethertype %s not allowed on network %.16llx",network->id(),from.toString().c_str(),to.toString().c_str(),etherTypeName(etherType),(unsigned long long)network->id());
+		return;
+	}
+
+	// Check if this packet is from someone other than the tap -- i.e. bridged in
+	bool fromBridged = false;
+	if (from != network->mac()) {
+		if (!network->config().permitsBridging(RR->identity.address())) {
+			TRACE("%.16llx: %s -> %s %s not forwarded, bridging disabled or this peer not a bridge",network->id(),from.toString().c_str(),to.toString().c_str(),etherTypeName(etherType));
+			return;
+		}
+		fromBridged = true;
+	}
+
+	if (to.isMulticast()) {
+		// Destination is a multicast address (including broadcast)
+		MulticastGroup mg(to,0);
+
+		if (to.isBroadcast()) {
+			if ( (etherType == ZT_ETHERTYPE_ARP) && (len >= 28) && ((((const uint8_t *)data)[2] == 0x08)&&(((const uint8_t *)data)[3] == 0x00)&&(((const uint8_t *)data)[4] == 6)&&(((const uint8_t *)data)[5] == 4)&&(((const uint8_t *)data)[7] == 0x01)) ) {
+				/* IPv4 ARP is one of the few special cases that we impose upon what is
+				 * otherwise a straightforward Ethernet switch emulation. Vanilla ARP
+				 * is dumb old broadcast and simply doesn't scale. ZeroTier multicast
+				 * groups have an additional field called ADI (additional distinguishing
+			   * information) which was added specifically for ARP though it could
+				 * be used for other things too. We then take ARP broadcasts and turn
+				 * them into multicasts by stuffing the IP address being queried into
+				 * the 32-bit ADI field. In practice this uses our multicast pub/sub
+				 * system to implement a kind of extended/distributed ARP table. */
+				mg = MulticastGroup::deriveMulticastGroupForAddressResolution(InetAddress(((const unsigned char *)data) + 24,4,0));
+			} else if (!network->config().enableBroadcast()) {
+				// Don't transmit broadcasts if this network doesn't want them
+				TRACE("%.16llx: dropped broadcast since ff:ff:ff:ff:ff:ff is not enabled",network->id());
+				return;
+			}
+		} else if ((etherType == ZT_ETHERTYPE_IPV6)&&(len >= (40 + 8 + 16))) {
+			// IPv6 NDP emulation for certain very special patterns of private IPv6 addresses -- if enabled
+			if ((network->config().ndpEmulation())&&(reinterpret_cast<const uint8_t *>(data)[6] == 0x3a)&&(reinterpret_cast<const uint8_t *>(data)[40] == 0x87)) { // ICMPv6 neighbor solicitation
+				Address v6EmbeddedAddress;
+				const uint8_t *const pkt6 = reinterpret_cast<const uint8_t *>(data) + 40 + 8;
+				const uint8_t *my6 = (const uint8_t *)0;
+
+				// ZT-RFC4193 address: fdNN:NNNN:NNNN:NNNN:NN99:93DD:DDDD:DDDD / 88 (one /128 per actual host)
+
+				// ZT-6PLANE address:  fcXX:XXXX:XXDD:DDDD:DDDD:####:####:#### / 40 (one /80 per actual host)
+				// (XX - lower 32 bits of network ID XORed with higher 32 bits)
+
+				// For these to work, we must have a ZT-managed address assigned in one of the
+				// above formats, and the query must match its prefix.
+				for(unsigned int sipk=0;sipk<network->config().staticIpCount;++sipk) {
+					const InetAddress *const sip = &(network->config().staticIps[sipk]);
+					if (sip->ss_family == AF_INET6) {
+						my6 = reinterpret_cast<const uint8_t *>(reinterpret_cast<const struct sockaddr_in6 *>(&(*sip))->sin6_addr.s6_addr);
+						const unsigned int sipNetmaskBits = Utils::ntoh((uint16_t)reinterpret_cast<const struct sockaddr_in6 *>(&(*sip))->sin6_port);
+						if ((sipNetmaskBits == 88)&&(my6[0] == 0xfd)&&(my6[9] == 0x99)&&(my6[10] == 0x93)) { // ZT-RFC4193 /88 ???
+							unsigned int ptr = 0;
+							while (ptr != 11) {
+								if (pkt6[ptr] != my6[ptr])
+									break;
+								++ptr;
+							}
+							if (ptr == 11) { // prefix match!
+								v6EmbeddedAddress.setTo(pkt6 + ptr,5);
+								break;
+							}
+						} else if (sipNetmaskBits == 40) { // ZT-6PLANE /40 ???
+							const uint32_t nwid32 = (uint32_t)((network->id() ^ (network->id() >> 32)) & 0xffffffff);
+							if ( (my6[0] == 0xfc) && (my6[1] == (uint8_t)((nwid32 >> 24) & 0xff)) && (my6[2] == (uint8_t)((nwid32 >> 16) & 0xff)) && (my6[3] == (uint8_t)((nwid32 >> 8) & 0xff)) && (my6[4] == (uint8_t)(nwid32 & 0xff))) {
+								unsigned int ptr = 0;
+								while (ptr != 5) {
+									if (pkt6[ptr] != my6[ptr])
+										break;
+									++ptr;
+								}
+								if (ptr == 5) { // prefix match!
+									v6EmbeddedAddress.setTo(pkt6 + ptr,5);
+									break;
+								}
+							}
+						}
+					}
+				}
+
+				if ((v6EmbeddedAddress)&&(v6EmbeddedAddress != RR->identity.address())) {
+					const MAC peerMac(v6EmbeddedAddress,network->id());
+					TRACE("IPv6 NDP emulation: %.16llx: forging response for %s/%s",network->id(),v6EmbeddedAddress.toString().c_str(),peerMac.toString().c_str());
+
+					uint8_t adv[72];
+					adv[0] = 0x60; adv[1] = 0x00; adv[2] = 0x00; adv[3] = 0x00;
+					adv[4] = 0x00; adv[5] = 0x20;
+					adv[6] = 0x3a; adv[7] = 0xff;
+					for(int i=0;i<16;++i) adv[8 + i] = pkt6[i];
+					for(int i=0;i<16;++i) adv[24 + i] = my6[i];
+					adv[40] = 0x88; adv[41] = 0x00;
+					adv[42] = 0x00; adv[43] = 0x00; // future home of checksum
+					adv[44] = 0x60; adv[45] = 0x00; adv[46] = 0x00; adv[47] = 0x00;
+					for(int i=0;i<16;++i) adv[48 + i] = pkt6[i];
+					adv[64] = 0x02; adv[65] = 0x01;
+					adv[66] = peerMac[0]; adv[67] = peerMac[1]; adv[68] = peerMac[2]; adv[69] = peerMac[3]; adv[70] = peerMac[4]; adv[71] = peerMac[5];
+
+					uint16_t pseudo_[36];
+					uint8_t *const pseudo = reinterpret_cast<uint8_t *>(pseudo_);
+					for(int i=0;i<32;++i) pseudo[i] = adv[8 + i];
+					pseudo[32] = 0x00; pseudo[33] = 0x00; pseudo[34] = 0x00; pseudo[35] = 0x20;
+					pseudo[36] = 0x00; pseudo[37] = 0x00; pseudo[38] = 0x00; pseudo[39] = 0x3a;
+					for(int i=0;i<32;++i) pseudo[40 + i] = adv[40 + i];
+					uint32_t checksum = 0;
+					for(int i=0;i<36;++i) checksum += Utils::hton(pseudo_[i]);
+					while ((checksum >> 16)) checksum = (checksum & 0xffff) + (checksum >> 16);
+					checksum = ~checksum;
+					adv[42] = (checksum >> 8) & 0xff;
+					adv[43] = checksum & 0xff;
+
+					RR->node->putFrame(network->id(),network->userPtr(),peerMac,from,ZT_ETHERTYPE_IPV6,0,adv,72);
+					return; // NDP emulation done. We have forged a "fake" reply, so no need to send actual NDP query.
+				} // else no NDP emulation
+			} // else no NDP emulation
+		}
+
+		/* Learn multicast groups for bridged-in hosts.
+		 * Note that some OSes, most notably Linux, do this for you by learning
+		 * multicast addresses on bridge interfaces and subscribing each slave.
+		 * But in that case this does no harm, as the sets are just merged. */
+		if (fromBridged)
+			network->learnBridgedMulticastGroup(mg,RR->node->now());
+
+		//TRACE("%.16llx: MULTICAST %s -> %s %s %u",network->id(),from.toString().c_str(),mg.toString().c_str(),etherTypeName(etherType),len);
+
+		RR->mc->send(
+			((!network->config().isPublic())&&(network->config().com)) ? &(network->config().com) : (const CertificateOfMembership *)0,
+			network->config().multicastLimit,
+			RR->node->now(),
+			network->id(),
+			network->config().activeBridges(),
+			mg,
+			(fromBridged) ? from : MAC(),
+			etherType,
+			data,
+			len);
+
+		return;
+	}
+
+	if (to[0] == MAC::firstOctetForNetwork(network->id())) {
+		// Destination is another ZeroTier peer on the same network
+
+		Address toZT(to.toAddress(network->id())); // since in-network MACs are derived from addresses and network IDs, we can reverse this
+		SharedPtr<Peer> toPeer(RR->topology->getPeer(toZT));
+		const bool includeCom = ( (network->config().isPrivate()) && (network->config().com) && ((!toPeer)||(toPeer->needsOurNetworkMembershipCertificate(network->id(),RR->node->now(),true))) );
+		if ((fromBridged)||(includeCom)) {
+			Packet outp(toZT,RR->identity.address(),Packet::VERB_EXT_FRAME);
+			outp.append(network->id());
+			if (includeCom) {
+				outp.append((unsigned char)0x01); // 0x01 -- COM included
+				network->config().com.serialize(outp);
+			} else {
+				outp.append((unsigned char)0x00);
+			}
+			to.appendTo(outp);
+			from.appendTo(outp);
+			outp.append((uint16_t)etherType);
+			outp.append(data,len);
+			outp.compress();
+			send(outp,true,network->id());
+		} else {
+			Packet outp(toZT,RR->identity.address(),Packet::VERB_FRAME);
+			outp.append(network->id());
+			outp.append((uint16_t)etherType);
+			outp.append(data,len);
+			outp.compress();
+			send(outp,true,network->id());
+		}
+
+		//TRACE("%.16llx: UNICAST: %s -> %s etherType==%s(%.4x) vlanId==%u len==%u fromBridged==%d includeCom==%d",network->id(),from.toString().c_str(),to.toString().c_str(),etherTypeName(etherType),etherType,vlanId,len,(int)fromBridged,(int)includeCom);
+
+		return;
+	}
+
+	{
+		// Destination is bridged behind a remote peer
+
+		Address bridges[ZT_MAX_BRIDGE_SPAM];
+		unsigned int numBridges = 0;
+
+		/* Create an array of up to ZT_MAX_BRIDGE_SPAM recipients for this bridged frame. */
+		bridges[0] = network->findBridgeTo(to);
+		std::vector<Address> activeBridges(network->config().activeBridges());
+		if ((bridges[0])&&(bridges[0] != RR->identity.address())&&(network->config().permitsBridging(bridges[0]))) {
+			/* We have a known bridge route for this MAC, send it there. */
+			++numBridges;
+		} else if (!activeBridges.empty()) {
+			/* If there is no known route, spam to up to ZT_MAX_BRIDGE_SPAM active
+			 * bridges. If someone responds, we'll learn the route. */
+			std::vector<Address>::const_iterator ab(activeBridges.begin());
+			if (activeBridges.size() <= ZT_MAX_BRIDGE_SPAM) {
+				// If there are <= ZT_MAX_BRIDGE_SPAM active bridges, spam them all
+				while (ab != activeBridges.end()) {
+					bridges[numBridges++] = *ab;
+					++ab;
+				}
+			} else {
+				// Otherwise pick a random set of them
+				while (numBridges < ZT_MAX_BRIDGE_SPAM) {
+					if (ab == activeBridges.end())
+						ab = activeBridges.begin();
+					if (((unsigned long)RR->node->prng() % (unsigned long)activeBridges.size()) == 0) {
+						bridges[numBridges++] = *ab;
+						++ab;
+					} else ++ab;
+				}
+			}
+		}
+
+		for(unsigned int b=0;b<numBridges;++b) {
+			SharedPtr<Peer> bridgePeer(RR->topology->getPeer(bridges[b]));
+			Packet outp(bridges[b],RR->identity.address(),Packet::VERB_EXT_FRAME);
+			outp.append(network->id());
+			if ( (network->config().isPrivate()) && (network->config().com) && ((!bridgePeer)||(bridgePeer->needsOurNetworkMembershipCertificate(network->id(),RR->node->now(),true))) ) {
+				outp.append((unsigned char)0x01); // 0x01 -- COM included
+				network->config().com.serialize(outp);
+			} else {
+				outp.append((unsigned char)0);
+			}
+			to.appendTo(outp);
+			from.appendTo(outp);
+			outp.append((uint16_t)etherType);
+			outp.append(data,len);
+			outp.compress();
+			send(outp,true,network->id());
+		}
+	}
+}
+
+void Switch::send(const Packet &packet,bool encrypt,uint64_t nwid)
+{
+	if (packet.destination() == RR->identity.address()) {
+		TRACE("BUG: caught attempt to send() to self, ignored");
+		return;
+	}
+
+	//TRACE(">> %s to %s (%u bytes, encrypt==%d, nwid==%.16llx)",Packet::verbString(packet.verb()),packet.destination().toString().c_str(),packet.size(),(int)encrypt,nwid);
+
+	if (!_trySend(packet,encrypt,nwid)) {
+		Mutex::Lock _l(_txQueue_m);
+		_txQueue.push_back(TXQueueEntry(packet.destination(),RR->node->now(),packet,encrypt,nwid));
+	}
+}
+
+bool Switch::unite(const Address &p1,const Address &p2)
+{
+	if ((p1 == RR->identity.address())||(p2 == RR->identity.address()))
+		return false;
+	SharedPtr<Peer> p1p = RR->topology->getPeer(p1);
+	if (!p1p)
+		return false;
+	SharedPtr<Peer> p2p = RR->topology->getPeer(p2);
+	if (!p2p)
+		return false;
+
+	const uint64_t now = RR->node->now();
+
+	std::pair<InetAddress,InetAddress> cg(Peer::findCommonGround(*p1p,*p2p,now));
+	if ((!(cg.first))||(cg.first.ipScope() != cg.second.ipScope()))
+		return false;
+
+	TRACE("unite: %s(%s) <> %s(%s)",p1.toString().c_str(),cg.second.toString().c_str(),p2.toString().c_str(),cg.first.toString().c_str());
+
+	/* Tell P1 where to find P2 and vice versa, sending the packets to P1 and
+	 * P2 in randomized order in terms of which gets sent first. This is done
+	 * since in a few cases NAT-t can be sensitive to slight timing differences
+	 * in terms of when the two peers initiate. Normally this is accounted for
+	 * by the nearly-simultaneous RENDEZVOUS kickoff from the relay, but
+	 * given that relay are hosted on cloud providers this can in some
+	 * cases have a few ms of latency between packet departures. By randomizing
+	 * the order we make each attempted NAT-t favor one or the other going
+	 * first, meaning if it doesn't succeed the first time it might the second
+	 * and so forth. */
+	unsigned int alt = (unsigned int)RR->node->prng() & 1;
+	unsigned int completed = alt + 2;
+	while (alt != completed) {
+		if ((alt & 1) == 0) {
+			// Tell p1 where to find p2.
+			Packet outp(p1,RR->identity.address(),Packet::VERB_RENDEZVOUS);
+			outp.append((unsigned char)0);
+			p2.appendTo(outp);
+			outp.append((uint16_t)cg.first.port());
+			if (cg.first.isV6()) {
+				outp.append((unsigned char)16);
+				outp.append(cg.first.rawIpData(),16);
+			} else {
+				outp.append((unsigned char)4);
+				outp.append(cg.first.rawIpData(),4);
+			}
+			outp.armor(p1p->key(),true);
+			p1p->send(outp.data(),outp.size(),now);
+		} else {
+			// Tell p2 where to find p1.
+			Packet outp(p2,RR->identity.address(),Packet::VERB_RENDEZVOUS);
+			outp.append((unsigned char)0);
+			p1.appendTo(outp);
+			outp.append((uint16_t)cg.second.port());
+			if (cg.second.isV6()) {
+				outp.append((unsigned char)16);
+				outp.append(cg.second.rawIpData(),16);
+			} else {
+				outp.append((unsigned char)4);
+				outp.append(cg.second.rawIpData(),4);
+			}
+			outp.armor(p2p->key(),true);
+			p2p->send(outp.data(),outp.size(),now);
+		}
+		++alt; // counts up and also flips LSB
+	}
+
+	return true;
+}
+
+void Switch::rendezvous(const SharedPtr<Peer> &peer,const InetAddress &localAddr,const InetAddress &atAddr)
+{
+	TRACE("sending NAT-t message to %s(%s)",peer->address().toString().c_str(),atAddr.toString().c_str());
+	const uint64_t now = RR->node->now();
+	peer->sendHELLO(localAddr,atAddr,now,2); // first attempt: send low-TTL packet to 'open' local NAT
+	{
+		Mutex::Lock _l(_contactQueue_m);
+		_contactQueue.push_back(ContactQueueEntry(peer,now + ZT_NAT_T_TACTICAL_ESCALATION_DELAY,localAddr,atAddr));
+	}
+}
+
+void Switch::requestWhois(const Address &addr)
+{
+	bool inserted = false;
+	{
+		Mutex::Lock _l(_outstandingWhoisRequests_m);
+		WhoisRequest &r = _outstandingWhoisRequests[addr];
+		if (r.lastSent) {
+			r.retries = 0; // reset retry count if entry already existed, but keep waiting and retry again after normal timeout
+		} else {
+			r.lastSent = RR->node->now();
+			inserted = true;
+		}
+	}
+	if (inserted)
+		_sendWhoisRequest(addr,(const Address *)0,0);
+}
+
+void Switch::doAnythingWaitingForPeer(const SharedPtr<Peer> &peer)
+{
+	{	// cancel pending WHOIS since we now know this peer
+		Mutex::Lock _l(_outstandingWhoisRequests_m);
+		_outstandingWhoisRequests.erase(peer->address());
+	}
+
+	{	// finish processing any packets waiting on peer's public key / identity
+		Mutex::Lock _l(_rxQueue_m);
+		unsigned long i = ZT_RX_QUEUE_SIZE;
+		while (i) {
+			RXQueueEntry *rq = &(_rxQueue[--i]);
+			if ((rq->timestamp)&&(rq->complete)) {
+				if (rq->frag0.tryDecode(RR,false))
+					rq->timestamp = 0;
+			}
+		}
+	}
+
+	{	// finish sending any packets waiting on peer's public key / identity
+		Mutex::Lock _l(_txQueue_m);
+		for(std::list< TXQueueEntry >::iterator txi(_txQueue.begin());txi!=_txQueue.end();) {
+			if (txi->dest == peer->address()) {
+				if (_trySend(txi->packet,txi->encrypt,txi->nwid))
+					_txQueue.erase(txi++);
+				else ++txi;
+			} else ++txi;
+		}
+	}
+}
+
+unsigned long Switch::doTimerTasks(uint64_t now)
+{
+	unsigned long nextDelay = 0xffffffff; // ceiling delay, caller will cap to minimum
+
+	{	// Iterate through NAT traversal strategies for entries in contact queue
+		Mutex::Lock _l(_contactQueue_m);
+		for(std::list<ContactQueueEntry>::iterator qi(_contactQueue.begin());qi!=_contactQueue.end();) {
+			if (now >= qi->fireAtTime) {
+				if (!qi->peer->pushDirectPaths(qi->localAddr,qi->inaddr,now,true,false))
+					qi->peer->sendHELLO(qi->localAddr,qi->inaddr,now);
+				_contactQueue.erase(qi++);
+				continue;
+				/* Old symmetric NAT buster code, obsoleted by port prediction alg in SelfAwareness but left around for now in case we revert
+				if (qi->strategyIteration == 0) {
+					// First strategy: send packet directly to destination
+					qi->peer->sendHELLO(qi->localAddr,qi->inaddr,now);
+				} else if (qi->strategyIteration <= 3) {
+					// Strategies 1-3: try escalating ports for symmetric NATs that remap sequentially
+					InetAddress tmpaddr(qi->inaddr);
+					int p = (int)qi->inaddr.port() + qi->strategyIteration;
+					if (p > 65535)
+						p -= 64511;
+					tmpaddr.setPort((unsigned int)p);
+					qi->peer->sendHELLO(qi->localAddr,tmpaddr,now);
+				} else {
+					// All strategies tried, expire entry
+					_contactQueue.erase(qi++);
+					continue;
+				}
+				++qi->strategyIteration;
+				qi->fireAtTime = now + ZT_NAT_T_TACTICAL_ESCALATION_DELAY;
+				nextDelay = std::min(nextDelay,(unsigned long)ZT_NAT_T_TACTICAL_ESCALATION_DELAY);
+				*/
+			} else {
+				nextDelay = std::min(nextDelay,(unsigned long)(qi->fireAtTime - now));
+			}
+			++qi; // if qi was erased, loop will have continued before here
+		}
+	}
+
+	{	// Retry outstanding WHOIS requests
+		Mutex::Lock _l(_outstandingWhoisRequests_m);
+		Hashtable< Address,WhoisRequest >::Iterator i(_outstandingWhoisRequests);
+		Address *a = (Address *)0;
+		WhoisRequest *r = (WhoisRequest *)0;
+		while (i.next(a,r)) {
+			const unsigned long since = (unsigned long)(now - r->lastSent);
+			if (since >= ZT_WHOIS_RETRY_DELAY) {
+				if (r->retries >= ZT_MAX_WHOIS_RETRIES) {
+					TRACE("WHOIS %s timed out",a->toString().c_str());
+					_outstandingWhoisRequests.erase(*a);
+				} else {
+					r->lastSent = now;
+					r->peersConsulted[r->retries] = _sendWhoisRequest(*a,r->peersConsulted,r->retries);
+					++r->retries;
+					TRACE("WHOIS %s (retry %u)",a->toString().c_str(),r->retries);
+					nextDelay = std::min(nextDelay,(unsigned long)ZT_WHOIS_RETRY_DELAY);
+				}
+			} else {
+				nextDelay = std::min(nextDelay,ZT_WHOIS_RETRY_DELAY - since);
+			}
+		}
+	}
+
+	{	// Time out TX queue packets that never got WHOIS lookups or other info.
+		Mutex::Lock _l(_txQueue_m);
+		for(std::list< TXQueueEntry >::iterator txi(_txQueue.begin());txi!=_txQueue.end();) {
+			if (_trySend(txi->packet,txi->encrypt,txi->nwid))
+				_txQueue.erase(txi++);
+			else if ((now - txi->creationTime) > ZT_TRANSMIT_QUEUE_TIMEOUT) {
+				TRACE("TX %s -> %s timed out",txi->packet.source().toString().c_str(),txi->packet.destination().toString().c_str());
+				_txQueue.erase(txi++);
+			} else ++txi;
+		}
+	}
+
+	{	// Remove really old last unite attempt entries to keep table size controlled
+		Mutex::Lock _l(_lastUniteAttempt_m);
+		Hashtable< _LastUniteKey,uint64_t >::Iterator i(_lastUniteAttempt);
+		_LastUniteKey *k = (_LastUniteKey *)0;
+		uint64_t *v = (uint64_t *)0;
+		while (i.next(k,v)) {
+			if ((now - *v) >= (ZT_MIN_UNITE_INTERVAL * 8))
+				_lastUniteAttempt.erase(*k);
+		}
+	}
+
+	return nextDelay;
+}
+
+Address Switch::_sendWhoisRequest(const Address &addr,const Address *peersAlreadyConsulted,unsigned int numPeersAlreadyConsulted)
+{
+	SharedPtr<Peer> root(RR->topology->getBestRoot(peersAlreadyConsulted,numPeersAlreadyConsulted,false));
+	if (root) {
+		Packet outp(root->address(),RR->identity.address(),Packet::VERB_WHOIS);
+		addr.appendTo(outp);
+		outp.armor(root->key(),true);
+		if (root->send(outp.data(),outp.size(),RR->node->now()))
+			return root->address();
+	}
+	return Address();
+}
+
+bool Switch::_trySend(const Packet &packet,bool encrypt,uint64_t nwid)
+{
+	SharedPtr<Peer> peer(RR->topology->getPeer(packet.destination()));
+
+	if (peer) {
+		const uint64_t now = RR->node->now();
+
+		SharedPtr<Network> network;
+		if (nwid) {
+			network = RR->node->network(nwid);
+			if ((!network)||(!network->hasConfig()))
+				return false; // we probably just left this network, let its packets die
+		}
+
+		Path *viaPath = peer->getBestPath(now);
+		SharedPtr<Peer> relay;
+
+		if (!viaPath) {
+			if (network) {
+				unsigned int bestq = ~((unsigned int)0); // max unsigned int since quality is lower==better
+				unsigned int ptr = 0;
+				for(;;) {
+					const Address raddr(network->config().nextRelay(ptr));
+					if (raddr) {
+						SharedPtr<Peer> rp(RR->topology->getPeer(raddr));
+						if (rp) {
+							const unsigned int q = rp->relayQuality(now);
+							if (q < bestq) {
+								bestq = q;
+								rp.swap(relay);
+							}
+						}
+					} else break;
+				}
+			}
+
+			if (!relay)
+				relay = RR->topology->getBestRoot();
+
+			if ( (!relay) || (!(viaPath = relay->getBestPath(now))) )
+				return false;
+		}
+		// viaPath will not be null if we make it here
+
+		// Push possible direct paths to us if we are relaying
+		if (relay) {
+			peer->pushDirectPaths(viaPath->localAddress(),viaPath->address(),now,false,( (network)&&(network->isAllowed(peer)) ));
+			viaPath->sent(now);
+		}
+
+		Packet tmp(packet);
+
+		unsigned int chunkSize = std::min(tmp.size(),(unsigned int)ZT_UDP_DEFAULT_PAYLOAD_MTU);
+		tmp.setFragmented(chunkSize < tmp.size());
+
+		const uint64_t trustedPathId = RR->topology->getOutboundPathTrust(viaPath->address());
+		if (trustedPathId) {
+			tmp.setTrusted(trustedPathId);
+		} else {
+			tmp.armor(peer->key(),encrypt);
+		}
+
+		if (viaPath->send(RR,tmp.data(),chunkSize,now)) {
+			if (chunkSize < tmp.size()) {
+				// Too big for one packet, fragment the rest
+				unsigned int fragStart = chunkSize;
+				unsigned int remaining = tmp.size() - chunkSize;
+				unsigned int fragsRemaining = (remaining / (ZT_UDP_DEFAULT_PAYLOAD_MTU - ZT_PROTO_MIN_FRAGMENT_LENGTH));
+				if ((fragsRemaining * (ZT_UDP_DEFAULT_PAYLOAD_MTU - ZT_PROTO_MIN_FRAGMENT_LENGTH)) < remaining)
+					++fragsRemaining;
+				unsigned int totalFragments = fragsRemaining + 1;
+
+				for(unsigned int fno=1;fno<totalFragments;++fno) {
+					chunkSize = std::min(remaining,(unsigned int)(ZT_UDP_DEFAULT_PAYLOAD_MTU - ZT_PROTO_MIN_FRAGMENT_LENGTH));
+					Packet::Fragment frag(tmp,fragStart,chunkSize,fno,totalFragments);
+					viaPath->send(RR,frag.data(),frag.size(),now);
+					fragStart += chunkSize;
+					remaining -= chunkSize;
+				}
+			}
+
+			return true;
+		}
+	} else {
+		requestWhois(packet.destination());
+	}
+	return false;
+}
+
+} // namespace ZeroTier
diff --git a/node/Switch.hpp b/node/Switch.hpp
new file mode 100644
index 0000000..ce4f00a
--- /dev/null
+++ b/node/Switch.hpp
@@ -0,0 +1,268 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_N_SWITCH_HPP
+#define ZT_N_SWITCH_HPP
+
+#include <map>
+#include <set>
+#include <vector>
+#include <list>
+
+#include "Constants.hpp"
+#include "Mutex.hpp"
+#include "MAC.hpp"
+#include "NonCopyable.hpp"
+#include "Packet.hpp"
+#include "Utils.hpp"
+#include "InetAddress.hpp"
+#include "Topology.hpp"
+#include "Array.hpp"
+#include "Network.hpp"
+#include "SharedPtr.hpp"
+#include "IncomingPacket.hpp"
+#include "Hashtable.hpp"
+
+namespace ZeroTier {
+
+class RuntimeEnvironment;
+class Peer;
+
+/**
+ * Core of the distributed Ethernet switch and protocol implementation
+ *
+ * This class is perhaps a bit misnamed, but it's basically where everything
+ * meets. Transport-layer ZT packets come in here, as do virtual network
+ * packets from tap devices, and this sends them where they need to go and
+ * wraps/unwraps accordingly. It also handles queues and timeouts and such.
+ */
+class Switch : NonCopyable
+{
+public:
+	Switch(const RuntimeEnvironment *renv);
+	~Switch();
+
+	/**
+	 * Called when a packet is received from the real network
+	 *
+	 * @param localAddr Local interface address
+	 * @param fromAddr Internet IP address of origin
+	 * @param data Packet data
+	 * @param len Packet length
+	 */
+	void onRemotePacket(const InetAddress &localAddr,const InetAddress &fromAddr,const void *data,unsigned int len);
+
+	/**
+	 * Called when a packet comes from a local Ethernet tap
+	 *
+	 * @param network Which network's TAP did this packet come from?
+	 * @param from Originating MAC address
+	 * @param to Destination MAC address
+	 * @param etherType Ethernet packet type
+	 * @param vlanId VLAN ID or 0 if none
+	 * @param data Ethernet payload
+	 * @param len Frame length
+	 */
+	void onLocalEthernet(const SharedPtr<Network> &network,const MAC &from,const MAC &to,unsigned int etherType,unsigned int vlanId,const void *data,unsigned int len);
+
+	/**
+	 * Send a packet to a ZeroTier address (destination in packet)
+	 *
+	 * The packet must be fully composed with source and destination but not
+	 * yet encrypted. If the destination peer is known the packet
+	 * is sent immediately. Otherwise it is queued and a WHOIS is dispatched.
+	 *
+	 * The packet may be compressed. Compression isn't done here.
+	 *
+	 * Needless to say, the packet's source must be this node. Otherwise it
+	 * won't be encrypted right. (This is not used for relaying.)
+	 *
+	 * The network ID should only be specified for frames and other actual
+	 * network traffic. Other traffic such as controller requests and regular
+	 * protocol messages should specify zero.
+	 *
+	 * @param packet Packet to send
+	 * @param encrypt Encrypt packet payload? (always true except for HELLO)
+	 * @param nwid Related network ID or 0 if message is not in-network traffic
+	 */
+	void send(const Packet &packet,bool encrypt,uint64_t nwid);
+
+	/**
+	 * Send RENDEZVOUS to two peers to permit them to directly connect
+	 *
+	 * This only works if both peers are known, with known working direct
+	 * links to this peer. The best link for each peer is sent to the other.
+	 *
+	 * @param p1 One of two peers (order doesn't matter)
+	 * @param p2 Second of pair
+	 */
+	bool unite(const Address &p1,const Address &p2);
+
+	/**
+	 * Attempt NAT traversal to peer at a given physical address
+	 *
+	 * @param peer Peer to contact
+	 * @param localAddr Local interface address
+	 * @param atAddr Address of peer
+	 */
+	void rendezvous(const SharedPtr<Peer> &peer,const InetAddress &localAddr,const InetAddress &atAddr);
+
+	/**
+	 * Request WHOIS on a given address
+	 *
+	 * @param addr Address to look up
+	 */
+	void requestWhois(const Address &addr);
+
+	/**
+	 * Run any processes that are waiting for this peer's identity
+	 *
+	 * Called when we learn of a peer's identity from HELLO, OK(WHOIS), etc.
+	 *
+	 * @param peer New peer
+	 */
+	void doAnythingWaitingForPeer(const SharedPtr<Peer> &peer);
+
+	/**
+	 * Perform retries and other periodic timer tasks
+	 *
+	 * This can return a very long delay if there are no pending timer
+	 * tasks. The caller should cap this comparatively vs. other values.
+	 *
+	 * @param now Current time
+	 * @return Number of milliseconds until doTimerTasks() should be run again
+	 */
+	unsigned long doTimerTasks(uint64_t now);
+
+private:
+	Address _sendWhoisRequest(const Address &addr,const Address *peersAlreadyConsulted,unsigned int numPeersAlreadyConsulted);
+	bool _trySend(const Packet &packet,bool encrypt,uint64_t nwid);
+
+	const RuntimeEnvironment *const RR;
+	uint64_t _lastBeaconResponse;
+
+	// Outstanding WHOIS requests and how many retries they've undergone
+	struct WhoisRequest
+	{
+		WhoisRequest() : lastSent(0),retries(0) {}
+		uint64_t lastSent;
+		Address peersConsulted[ZT_MAX_WHOIS_RETRIES]; // by retry
+		unsigned int retries; // 0..ZT_MAX_WHOIS_RETRIES
+	};
+	Hashtable< Address,WhoisRequest > _outstandingWhoisRequests;
+	Mutex _outstandingWhoisRequests_m;
+
+	// Packets waiting for WHOIS replies or other decode info or missing fragments
+	struct RXQueueEntry
+	{
+		RXQueueEntry() : timestamp(0) {}
+		uint64_t timestamp; // 0 if entry is not in use
+		uint64_t packetId;
+		IncomingPacket frag0; // head of packet
+		Packet::Fragment frags[ZT_MAX_PACKET_FRAGMENTS - 1]; // later fragments (if any)
+		unsigned int totalFragments; // 0 if only frag0 received, waiting for frags
+		uint32_t haveFragments; // bit mask, LSB to MSB
+		bool complete; // if true, packet is complete
+	};
+	RXQueueEntry _rxQueue[ZT_RX_QUEUE_SIZE];
+	Mutex _rxQueue_m;
+
+	/* Returns the matching or oldest entry. Caller must check timestamp and
+	 * packet ID to determine which. */
+	inline RXQueueEntry *_findRXQueueEntry(uint64_t now,uint64_t packetId)
+	{
+		RXQueueEntry *rq;
+		RXQueueEntry *oldest = &(_rxQueue[ZT_RX_QUEUE_SIZE - 1]);
+		unsigned long i = ZT_RX_QUEUE_SIZE;
+		while (i) {
+			rq = &(_rxQueue[--i]);
+			if ((rq->packetId == packetId)&&(rq->timestamp))
+				return rq;
+			if ((now - rq->timestamp) >= ZT_RX_QUEUE_EXPIRE)
+				rq->timestamp = 0;
+			if (rq->timestamp < oldest->timestamp)
+				oldest = rq;
+		}
+		return oldest;
+	}
+
+	// ZeroTier-layer TX queue entry
+	struct TXQueueEntry
+	{
+		TXQueueEntry() {}
+		TXQueueEntry(Address d,uint64_t ct,const Packet &p,bool enc,uint64_t nw) :
+			dest(d),
+			creationTime(ct),
+			nwid(nw),
+			packet(p),
+			encrypt(enc) {}
+
+		Address dest;
+		uint64_t creationTime;
+		uint64_t nwid;
+		Packet packet; // unencrypted/unMAC'd packet -- this is done at send time
+		bool encrypt;
+	};
+	std::list< TXQueueEntry > _txQueue;
+	Mutex _txQueue_m;
+
+	// Tracks sending of VERB_RENDEZVOUS to relaying peers
+	struct _LastUniteKey
+	{
+		_LastUniteKey() : x(0),y(0) {}
+		_LastUniteKey(const Address &a1,const Address &a2)
+		{
+			if (a1 > a2) {
+				x = a2.toInt();
+				y = a1.toInt();
+			} else {
+				x = a1.toInt();
+				y = a2.toInt();
+			}
+		}
+		inline unsigned long hashCode() const throw() { return ((unsigned long)x ^ (unsigned long)y); }
+		inline bool operator==(const _LastUniteKey &k) const throw() { return ((x == k.x)&&(y == k.y)); }
+		uint64_t x,y;
+	};
+	Hashtable< _LastUniteKey,uint64_t > _lastUniteAttempt; // key is always sorted in ascending order, for set-like behavior
+	Mutex _lastUniteAttempt_m;
+
+	// Active attempts to contact remote peers, including state of multi-phase NAT traversal
+	struct ContactQueueEntry
+	{
+		ContactQueueEntry() {}
+		ContactQueueEntry(const SharedPtr<Peer> &p,uint64_t ft,const InetAddress &laddr,const InetAddress &a) :
+			peer(p),
+			fireAtTime(ft),
+			inaddr(a),
+			localAddr(laddr),
+			strategyIteration(0) {}
+
+		SharedPtr<Peer> peer;
+		uint64_t fireAtTime;
+		InetAddress inaddr;
+		InetAddress localAddr;
+		unsigned int strategyIteration;
+	};
+	std::list<ContactQueueEntry> _contactQueue;
+	Mutex _contactQueue_m;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/Topology.cpp b/node/Topology.cpp
new file mode 100644
index 0000000..6e96f2e
--- /dev/null
+++ b/node/Topology.cpp
@@ -0,0 +1,364 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "Constants.hpp"
+#include "Topology.hpp"
+#include "RuntimeEnvironment.hpp"
+#include "Node.hpp"
+#include "Network.hpp"
+#include "NetworkConfig.hpp"
+#include "Buffer.hpp"
+
+namespace ZeroTier {
+
+// 2015-11-16 -- The Fabulous Four (should have named them after Beatles!)
+//#define ZT_DEFAULT_WORLD_LENGTH 494
+//static const unsigned char ZT_DEFAULT_WORLD[ZT_DEFAULT_WORLD_LENGTH] = {0x01,0x00,0x00,0x00,0x00,0x08,0xea,0xc9,0x0a,0x00,0x00,0x01,0x51,0x11,0x70,0xb2,0xfb,0xb8,0xb3,0x88,0xa4,0x69,0x22,0x14,0x91,0xaa,0x9a,0xcd,0x66,0xcc,0x76,0x4c,0xde,0xfd,0x56,0x03,0x9f,0x10,0x67,0xae,0x15,0xe6,0x9c,0x6f,0xb4,0x2d,0x7b,0x55,0x33,0x0e,0x3f,0xda,0xac,0x52,0x9c,0x07,0x92,0xfd,0x73,0x40,0xa6,0xaa,0x21,0xab,0xa8,0xa4,0x89,0xfd,0xae,0xa4,0x4a,0x39,0xbf,0x2d,0x00,0x65,0x9a,0xc9,0xc8,0x18,0xeb,0x80,0x31,0xa4,0x65,0x95,0x45,0x06,0x1c,0xfb,0xc2,0x4e,0x5d,0xe7,0x0a,0x40,0x7a,0x97,0xce,0x36,0xa2,0x3d,0x05,0xca,0x87,0xc7,0x59,0x27,0x5c,0x8b,0x0d,0x4c,0xb4,0xbb,0x26,0x2f,0x77,0x17,0x5e,0xb7,0x4d,0xb8,0xd3,0xb4,0xe9,0x23,0x5d,0xcc,0xa2,0x71,0xa8,0xdf,0xf1,0x23,0xa3,0xb2,0x66,0x74,0xea,0xe5,0xdc,0x8d,0xef,0xd3,0x0a,0xa9,0xac,0xcb,0xda,0x93,0xbd,0x6c,0xcd,0x43,0x1d,0xa7,0x98,0x6a,0xde,0x70,0xc0,0xc6,0x1c,0xaf,0xf0,0xfd,0x7f,0x8a,0xb9,0x76,0x13,0xe1,0xde,0x4f,0xf3,0xd6,0x13,0x04,0x7e,0x19,0x87,0x6a,0xba,0x00,0x2a,0x6e,0x2b,0x23,0x18,0x93,0x0f,0x60,0xeb,0x09,0x7f,0x70,0xd0,0xf4,0xb0,0x28,0xb2,0xcd,0x6d,0x3d,0x0c,0x63,0xc0,0x14,0xb9,0x03,0x9f,0xf3,0x53,0x90,0xe4,0x11,0x81,0xf2,0x16,0xfb,0x2e,0x6f,0xa8,0xd9,0x5c,0x1e,0xe9,0x66,0x71,0x56,0x41,0x19,0x05,0xc3,0xdc,0xcf,0xea,0x78,0xd8,0xc6,0xdf,0xaf,0xba,0x68,0x81,0x70,0xb3,0xfa,0x00,0x01,0x04,0xc6,0xc7,0x61,0xdc,0x27,0x09,0x88,0x41,0x40,0x8a,0x2e,0x00,0xbb,0x1d,0x31,0xf2,0xc3,0x23,0xe2,0x64,0xe9,0xe6,0x41,0x72,0xc1,0xa7,0x4f,0x77,0x89,0x95,0x55,0xed,0x10,0x75,0x1c,0xd5,0x6e,0x86,0x40,0x5c,0xde,0x11,0x8d,0x02,0xdf,0xfe,0x55,0x5d,0x46,0x2c,0xcf,0x6a,0x85,0xb5,0x63,0x1c,0x12,0x35,0x0c,0x8d,0x5d,0xc4,0x09,0xba,0x10,0xb9,0x02,0x5d,0x0f,0x44,0x5c,0xf4,0x49,0xd9,0x2b,0x1c,0x00,0x01,0x04,0x6b,0xbf,0x2e,0xd2,0x27,0x09,0x8a,0xcf,0x05,0x9f,0xe3,0x00,0x48,0x2f,0x6e,0xe5,0xdf,0xe9,0x02,0x31,0x9b,0x41,0x9d,0xe5,0xbd,0xc7,0x65,0x20,0x9c,0x0e,0xcd,0xa3,0x8c,0x4d,0x6e,0x4f,0xcf,0x0d,0x33,0x65,0x83,0x98,0xb4,0x52,0x7d,0xcd,0x22,0xf9,0x31,0x12,0xfb,0x9b,0xef,0xd0,0x2f,0xd7,0x8b,0xf7,0x26,0x1b,0x33,0x3f,0xc1,0x05,0xd1,0x92,0xa6,0x23,0xca,0x9e,0x50,0xfc,0x60,0xb3,0x74,0xa5,0x00,0x01,0x04,0xa2,0xf3,0x4d,0x6f,0x27,0x09,0x9d,0x21,0x90,0x39,0xf3,0x00,0x01,0xf0,0x92,0x2a,0x98,0xe3,0xb3,0x4e,0xbc,0xbf,0xf3,0x33,0x26,0x9d,0xc2,0x65,0xd7,0xa0,0x20,0xaa,0xb6,0x9d,0x72,0xbe,0x4d,0x4a,0xcc,0x9c,0x8c,0x92,0x94,0x78,0x57,0x71,0x25,0x6c,0xd1,0xd9,0x42,0xa9,0x0d,0x1b,0xd1,0xd2,0xdc,0xa3,0xea,0x84,0xef,0x7d,0x85,0xaf,0xe6,0x61,0x1f,0xb4,0x3f,0xf0,0xb7,0x41,0x26,0xd9,0x0a,0x6e,0x00,0x01,0x04,0x80,0xc7,0xc5,0xd9,0x27,0x09};
+
+// 2015-11-20 -- Alice and Bob are live, and we're now IPv6 dual-stack!
+//#define ZT_DEFAULT_WORLD_LENGTH 792
+//static const unsigned char ZT_DEFAULT_WORLD[ZT_DEFAULT_WORLD_LENGTH] = {0x01,0x00,0x00,0x00,0x00,0x08,0xea,0xc9,0x0a,0x00,0x00,0x01,0x51,0x26,0x6f,0x7c,0x8a,0xb8,0xb3,0x88,0xa4,0x69,0x22,0x14,0x91,0xaa,0x9a,0xcd,0x66,0xcc,0x76,0x4c,0xde,0xfd,0x56,0x03,0x9f,0x10,0x67,0xae,0x15,0xe6,0x9c,0x6f,0xb4,0x2d,0x7b,0x55,0x33,0x0e,0x3f,0xda,0xac,0x52,0x9c,0x07,0x92,0xfd,0x73,0x40,0xa6,0xaa,0x21,0xab,0xa8,0xa4,0x89,0xfd,0xae,0xa4,0x4a,0x39,0xbf,0x2d,0x00,0x65,0x9a,0xc9,0xc8,0x18,0xeb,0xe8,0x0a,0xf5,0xbc,0xf8,0x3d,0x97,0xcd,0xc3,0xf8,0xe2,0x41,0x16,0x42,0x0f,0xc7,0x76,0x8e,0x07,0xf3,0x7e,0x9e,0x7d,0x1b,0xb3,0x23,0x21,0x79,0xce,0xb9,0xd0,0xcb,0xb5,0x94,0x7b,0x89,0x21,0x57,0x72,0xf6,0x70,0xa1,0xdd,0x67,0x38,0xcf,0x45,0x45,0xc2,0x8d,0x46,0xec,0x00,0x2c,0xe0,0x2a,0x63,0x3f,0x63,0x8d,0x33,0x08,0x51,0x07,0x77,0x81,0x5b,0x32,0x49,0xae,0x87,0x89,0xcf,0x31,0xaa,0x41,0xf1,0x52,0x97,0xdc,0xa2,0x55,0xe1,0x4a,0x6e,0x3c,0x04,0xf0,0x4f,0x8a,0x0e,0xe9,0xca,0xec,0x24,0x30,0x04,0x9d,0x21,0x90,0x39,0xf3,0x00,0x01,0xf0,0x92,0x2a,0x98,0xe3,0xb3,0x4e,0xbc,0xbf,0xf3,0x33,0x26,0x9d,0xc2,0x65,0xd7,0xa0,0x20,0xaa,0xb6,0x9d,0x72,0xbe,0x4d,0x4a,0xcc,0x9c,0x8c,0x92,0x94,0x78,0x57,0x71,0x25,0x6c,0xd1,0xd9,0x42,0xa9,0x0d,0x1b,0xd1,0xd2,0xdc,0xa3,0xea,0x84,0xef,0x7d,0x85,0xaf,0xe6,0x61,0x1f,0xb4,0x3f,0xf0,0xb7,0x41,0x26,0xd9,0x0a,0x6e,0x00,0x0c,0x04,0xbc,0xa6,0x5e,0xb1,0x27,0x09,0x06,0x2a,0x03,0xb0,0xc0,0x00,0x02,0x00,0xd0,0x00,0x00,0x00,0x00,0x00,0x7d,0x00,0x01,0x27,0x09,0x04,0x9a,0x42,0xc5,0x21,0x27,0x09,0x06,0x2c,0x0f,0xf8,0x50,0x01,0x54,0x01,0x97,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x33,0x27,0x09,0x04,0x9f,0xcb,0x61,0xab,0x27,0x09,0x06,0x26,0x04,0xa8,0x80,0x08,0x00,0x00,0xa1,0x00,0x00,0x00,0x00,0x00,0x54,0x60,0x01,0x27,0x09,0x04,0xa9,0x39,0x8f,0x68,0x27,0x09,0x06,0x26,0x07,0xf0,0xd0,0x1d,0x01,0x00,0x57,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x27,0x09,0x04,0x6b,0xaa,0xc5,0x0e,0x27,0x09,0x06,0x26,0x04,0xa8,0x80,0x00,0x01,0x00,0x20,0x00,0x00,0x00,0x00,0x02,0x00,0xe0,0x01,0x27,0x09,0x04,0x80,0xc7,0xc5,0xd9,0x27,0x09,0x06,0x24,0x00,0x61,0x80,0x00,0x00,0x00,0xd0,0x00,0x00,0x00,0x00,0x00,0xb7,0x40,0x01,0x27,0x09,0x88,0x41,0x40,0x8a,0x2e,0x00,0xbb,0x1d,0x31,0xf2,0xc3,0x23,0xe2,0x64,0xe9,0xe6,0x41,0x72,0xc1,0xa7,0x4f,0x77,0x89,0x95,0x55,0xed,0x10,0x75,0x1c,0xd5,0x6e,0x86,0x40,0x5c,0xde,0x11,0x8d,0x02,0xdf,0xfe,0x55,0x5d,0x46,0x2c,0xcf,0x6a,0x85,0xb5,0x63,0x1c,0x12,0x35,0x0c,0x8d,0x5d,0xc4,0x09,0xba,0x10,0xb9,0x02,0x5d,0x0f,0x44,0x5c,0xf4,0x49,0xd9,0x2b,0x1c,0x00,0x0c,0x04,0x2d,0x20,0xc6,0x82,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x64,0x00,0x81,0xc3,0x54,0x00,0x00,0xff,0xfe,0x18,0x1d,0x61,0x27,0x09,0x04,0x2e,0x65,0xa0,0xf9,0x27,0x09,0x06,0x2a,0x03,0xb0,0xc0,0x00,0x03,0x00,0xd0,0x00,0x00,0x00,0x00,0x00,0x6a,0x30,0x01,0x27,0x09,0x04,0x6b,0xbf,0x2e,0xd2,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x68,0x00,0x83,0xa4,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x64,0x27,0x09,0x04,0x2d,0x20,0xf6,0xb3,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x58,0x00,0x8b,0xf8,0x54,0x00,0x00,0xff,0xfe,0x15,0xb3,0x9a,0x27,0x09,0x04,0x2d,0x20,0xf8,0x57,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x70,0x00,0x9b,0xc9,0x54,0x00,0x00,0xff,0xfe,0x15,0xc4,0xf5,0x27,0x09,0x04,0x9f,0xcb,0x02,0x9a,0x27,0x09,0x06,0x26,0x04,0xa8,0x80,0x0c,0xad,0x00,0xd0,0x00,0x00,0x00,0x00,0x00,0x26,0x70,0x01,0x27,0x09,0x7e,0x19,0x87,0x6a,0xba,0x00,0x2a,0x6e,0x2b,0x23,0x18,0x93,0x0f,0x60,0xeb,0x09,0x7f,0x70,0xd0,0xf4,0xb0,0x28,0xb2,0xcd,0x6d,0x3d,0x0c,0x63,0xc0,0x14,0xb9,0x03,0x9f,0xf3,0x53,0x90,0xe4,0x11,0x81,0xf2,0x16,0xfb,0x2e,0x6f,0xa8,0xd9,0x5c,0x1e,0xe9,0x66,0x71,0x56,0x41,0x19,0x05,0xc3,0xdc,0xcf,0xea,0x78,0xd8,0xc6,0xdf,0xaf,0xba,0x68,0x81,0x70,0xb3,0xfa,0x00,0x01,0x04,0xc6,0xc7,0x61,0xdc,0x27,0x09,0x8a,0xcf,0x05,0x9f,0xe3,0x00,0x48,0x2f,0x6e,0xe5,0xdf,0xe9,0x02,0x31,0x9b,0x41,0x9d,0xe5,0xbd,0xc7,0x65,0x20,0x9c,0x0e,0xcd,0xa3,0x8c,0x4d,0x6e,0x4f,0xcf,0x0d,0x33,0x65,0x83,0x98,0xb4,0x52,0x7d,0xcd,0x22,0xf9,0x31,0x12,0xfb,0x9b,0xef,0xd0,0x2f,0xd7,0x8b,0xf7,0x26,0x1b,0x33,0x3f,0xc1,0x05,0xd1,0x92,0xa6,0x23,0xca,0x9e,0x50,0xfc,0x60,0xb3,0x74,0xa5,0x00,0x01,0x04,0xa2,0xf3,0x4d,0x6f,0x27,0x09};
+
+// 2015-12-17 -- Old New York root is dead, old SF still alive
+//#define ZT_DEFAULT_WORLD_LENGTH 732
+//static const unsigned char ZT_DEFAULT_WORLD[ZT_DEFAULT_WORLD_LENGTH] = {0x01,0x00,0x00,0x00,0x00,0x08,0xea,0xc9,0x0a,0x00,0x00,0x01,0x51,0xb1,0x7e,0x39,0x9d,0xb8,0xb3,0x88,0xa4,0x69,0x22,0x14,0x91,0xaa,0x9a,0xcd,0x66,0xcc,0x76,0x4c,0xde,0xfd,0x56,0x03,0x9f,0x10,0x67,0xae,0x15,0xe6,0x9c,0x6f,0xb4,0x2d,0x7b,0x55,0x33,0x0e,0x3f,0xda,0xac,0x52,0x9c,0x07,0x92,0xfd,0x73,0x40,0xa6,0xaa,0x21,0xab,0xa8,0xa4,0x89,0xfd,0xae,0xa4,0x4a,0x39,0xbf,0x2d,0x00,0x65,0x9a,0xc9,0xc8,0x18,0xeb,0x8a,0xca,0xf2,0x3d,0x71,0x2e,0xc2,0x39,0x45,0x66,0xb3,0xe9,0x39,0x79,0xb1,0x55,0xc4,0xa9,0xfc,0xbc,0xfc,0x55,0xaf,0x8a,0x2f,0x38,0xc8,0xcd,0xe9,0x02,0x5b,0x86,0xa9,0x72,0xf7,0x16,0x00,0x35,0xb7,0x84,0xc9,0xfc,0xe4,0xfa,0x96,0x8b,0xf4,0x1e,0xba,0x60,0x9f,0x85,0x14,0xc2,0x07,0x4b,0xfd,0xd1,0x6c,0x19,0x69,0xd3,0xf9,0x09,0x9c,0x9d,0xe3,0xb9,0x8f,0x11,0x78,0x71,0xa7,0x4a,0x05,0xd8,0xcc,0x60,0xa2,0x06,0x66,0x9f,0x47,0xc2,0x71,0xb8,0x54,0x80,0x9c,0x45,0x16,0x10,0xa9,0xd0,0xbd,0xf7,0x03,0x9d,0x21,0x90,0x39,0xf3,0x00,0x01,0xf0,0x92,0x2a,0x98,0xe3,0xb3,0x4e,0xbc,0xbf,0xf3,0x33,0x26,0x9d,0xc2,0x65,0xd7,0xa0,0x20,0xaa,0xb6,0x9d,0x72,0xbe,0x4d,0x4a,0xcc,0x9c,0x8c,0x92,0x94,0x78,0x57,0x71,0x25,0x6c,0xd1,0xd9,0x42,0xa9,0x0d,0x1b,0xd1,0xd2,0xdc,0xa3,0xea,0x84,0xef,0x7d,0x85,0xaf,0xe6,0x61,0x1f,0xb4,0x3f,0xf0,0xb7,0x41,0x26,0xd9,0x0a,0x6e,0x00,0x0c,0x04,0xbc,0xa6,0x5e,0xb1,0x27,0x09,0x06,0x2a,0x03,0xb0,0xc0,0x00,0x02,0x00,0xd0,0x00,0x00,0x00,0x00,0x00,0x7d,0x00,0x01,0x27,0x09,0x04,0x9a,0x42,0xc5,0x21,0x27,0x09,0x06,0x2c,0x0f,0xf8,0x50,0x01,0x54,0x01,0x97,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x33,0x27,0x09,0x04,0x9f,0xcb,0x61,0xab,0x27,0x09,0x06,0x26,0x04,0xa8,0x80,0x08,0x00,0x00,0xa1,0x00,0x00,0x00,0x00,0x00,0x54,0x60,0x01,0x27,0x09,0x04,0xa9,0x39,0x8f,0x68,0x27,0x09,0x06,0x26,0x07,0xf0,0xd0,0x1d,0x01,0x00,0x57,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x27,0x09,0x04,0x6b,0xaa,0xc5,0x0e,0x27,0x09,0x06,0x26,0x04,0xa8,0x80,0x00,0x01,0x00,0x20,0x00,0x00,0x00,0x00,0x02,0x00,0xe0,0x01,0x27,0x09,0x04,0x80,0xc7,0xc5,0xd9,0x27,0x09,0x06,0x24,0x00,0x61,0x80,0x00,0x00,0x00,0xd0,0x00,0x00,0x00,0x00,0x00,0xb7,0x40,0x01,0x27,0x09,0x88,0x41,0x40,0x8a,0x2e,0x00,0xbb,0x1d,0x31,0xf2,0xc3,0x23,0xe2,0x64,0xe9,0xe6,0x41,0x72,0xc1,0xa7,0x4f,0x77,0x89,0x95,0x55,0xed,0x10,0x75,0x1c,0xd5,0x6e,0x86,0x40,0x5c,0xde,0x11,0x8d,0x02,0xdf,0xfe,0x55,0x5d,0x46,0x2c,0xcf,0x6a,0x85,0xb5,0x63,0x1c,0x12,0x35,0x0c,0x8d,0x5d,0xc4,0x09,0xba,0x10,0xb9,0x02,0x5d,0x0f,0x44,0x5c,0xf4,0x49,0xd9,0x2b,0x1c,0x00,0x0c,0x04,0x2d,0x20,0xc6,0x82,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x64,0x00,0x81,0xc3,0x54,0x00,0x00,0xff,0xfe,0x18,0x1d,0x61,0x27,0x09,0x04,0x2e,0x65,0xa0,0xf9,0x27,0x09,0x06,0x2a,0x03,0xb0,0xc0,0x00,0x03,0x00,0xd0,0x00,0x00,0x00,0x00,0x00,0x6a,0x30,0x01,0x27,0x09,0x04,0x6b,0xbf,0x2e,0xd2,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x68,0x00,0x83,0xa4,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x64,0x27,0x09,0x04,0x2d,0x20,0xf6,0xb3,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x58,0x00,0x8b,0xf8,0x54,0x00,0x00,0xff,0xfe,0x15,0xb3,0x9a,0x27,0x09,0x04,0x2d,0x20,0xf8,0x57,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x70,0x00,0x9b,0xc9,0x54,0x00,0x00,0xff,0xfe,0x15,0xc4,0xf5,0x27,0x09,0x04,0x9f,0xcb,0x02,0x9a,0x27,0x09,0x06,0x26,0x04,0xa8,0x80,0x0c,0xad,0x00,0xd0,0x00,0x00,0x00,0x00,0x00,0x26,0x70,0x01,0x27,0x09,0x7e,0x19,0x87,0x6a,0xba,0x00,0x2a,0x6e,0x2b,0x23,0x18,0x93,0x0f,0x60,0xeb,0x09,0x7f,0x70,0xd0,0xf4,0xb0,0x28,0xb2,0xcd,0x6d,0x3d,0x0c,0x63,0xc0,0x14,0xb9,0x03,0x9f,0xf3,0x53,0x90,0xe4,0x11,0x81,0xf2,0x16,0xfb,0x2e,0x6f,0xa8,0xd9,0x5c,0x1e,0xe9,0x66,0x71,0x56,0x41,0x19,0x05,0xc3,0xdc,0xcf,0xea,0x78,0xd8,0xc6,0xdf,0xaf,0xba,0x68,0x81,0x70,0xb3,0xfa,0x00,0x02,0x04,0xc6,0xc7,0x61,0xdc,0x27,0x09,0x06,0x26,0x04,0xa8,0x80,0x00,0x01,0x00,0x20,0x00,0x00,0x00,0x00,0x00,0xc5,0xf0,0x01,0x27,0x09};
+
+// 2016-01-13 -- Old San Francisco 1.0.1 root is dead, now we're just on Alice and Bob!
+#define ZT_DEFAULT_WORLD_LENGTH 634
+static const unsigned char ZT_DEFAULT_WORLD[ZT_DEFAULT_WORLD_LENGTH] = {0x01,0x00,0x00,0x00,0x00,0x08,0xea,0xc9,0x0a,0x00,0x00,0x01,0x52,0x3c,0x32,0x50,0x1a,0xb8,0xb3,0x88,0xa4,0x69,0x22,0x14,0x91,0xaa,0x9a,0xcd,0x66,0xcc,0x76,0x4c,0xde,0xfd,0x56,0x03,0x9f,0x10,0x67,0xae,0x15,0xe6,0x9c,0x6f,0xb4,0x2d,0x7b,0x55,0x33,0x0e,0x3f,0xda,0xac,0x52,0x9c,0x07,0x92,0xfd,0x73,0x40,0xa6,0xaa,0x21,0xab,0xa8,0xa4,0x89,0xfd,0xae,0xa4,0x4a,0x39,0xbf,0x2d,0x00,0x65,0x9a,0xc9,0xc8,0x18,0xeb,0x4a,0xf7,0x86,0xa8,0x40,0xd6,0x52,0xea,0xae,0x9e,0x7a,0xbf,0x4c,0x97,0x66,0xab,0x2d,0x6f,0xaf,0xc9,0x2b,0x3a,0xff,0xed,0xd6,0x30,0x3e,0xc4,0x6a,0x65,0xf2,0xbd,0x83,0x52,0xf5,0x40,0xe9,0xcc,0x0d,0x6e,0x89,0x3f,0x9a,0xa0,0xb8,0xdf,0x42,0xd2,0x2f,0x84,0xe6,0x03,0x26,0x0f,0xa8,0xe3,0xcc,0x05,0x05,0x03,0xef,0x12,0x80,0x0d,0xce,0x3e,0xb6,0x58,0x3b,0x1f,0xa8,0xad,0xc7,0x25,0xf9,0x43,0x71,0xa7,0x5c,0x9a,0xc7,0xe1,0xa3,0xb8,0x88,0xd0,0x71,0x6c,0x94,0x99,0x73,0x41,0x0b,0x1b,0x48,0x84,0x02,0x9d,0x21,0x90,0x39,0xf3,0x00,0x01,0xf0,0x92,0x2a,0x98,0xe3,0xb3,0x4e,0xbc,0xbf,0xf3,0x33,0x26,0x9d,0xc2,0x65,0xd7,0xa0,0x20,0xaa,0xb6,0x9d,0x72,0xbe,0x4d,0x4a,0xcc,0x9c,0x8c,0x92,0x94,0x78,0x57,0x71,0x25,0x6c,0xd1,0xd9,0x42,0xa9,0x0d,0x1b,0xd1,0xd2,0xdc,0xa3,0xea,0x84,0xef,0x7d,0x85,0xaf,0xe6,0x61,0x1f,0xb4,0x3f,0xf0,0xb7,0x41,0x26,0xd9,0x0a,0x6e,0x00,0x0c,0x04,0xbc,0xa6,0x5e,0xb1,0x27,0x09,0x06,0x2a,0x03,0xb0,0xc0,0x00,0x02,0x00,0xd0,0x00,0x00,0x00,0x00,0x00,0x7d,0x00,0x01,0x27,0x09,0x04,0x9a,0x42,0xc5,0x21,0x27,0x09,0x06,0x2c,0x0f,0xf8,0x50,0x01,0x54,0x01,0x97,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x33,0x27,0x09,0x04,0x9f,0xcb,0x61,0xab,0x27,0x09,0x06,0x26,0x04,0xa8,0x80,0x08,0x00,0x00,0xa1,0x00,0x00,0x00,0x00,0x00,0x54,0x60,0x01,0x27,0x09,0x04,0xa9,0x39,0x8f,0x68,0x27,0x09,0x06,0x26,0x07,0xf0,0xd0,0x1d,0x01,0x00,0x57,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x27,0x09,0x04,0x6b,0xaa,0xc5,0x0e,0x27,0x09,0x06,0x26,0x04,0xa8,0x80,0x00,0x01,0x00,0x20,0x00,0x00,0x00,0x00,0x02,0x00,0xe0,0x01,0x27,0x09,0x04,0x80,0xc7,0xc5,0xd9,0x27,0x09,0x06,0x24,0x00,0x61,0x80,0x00,0x00,0x00,0xd0,0x00,0x00,0x00,0x00,0x00,0xb7,0x40,0x01,0x27,0x09,0x88,0x41,0x40,0x8a,0x2e,0x00,0xbb,0x1d,0x31,0xf2,0xc3,0x23,0xe2,0x64,0xe9,0xe6,0x41,0x72,0xc1,0xa7,0x4f,0x77,0x89,0x95,0x55,0xed,0x10,0x75,0x1c,0xd5,0x6e,0x86,0x40,0x5c,0xde,0x11,0x8d,0x02,0xdf,0xfe,0x55,0x5d,0x46,0x2c,0xcf,0x6a,0x85,0xb5,0x63,0x1c,0x12,0x35,0x0c,0x8d,0x5d,0xc4,0x09,0xba,0x10,0xb9,0x02,0x5d,0x0f,0x44,0x5c,0xf4,0x49,0xd9,0x2b,0x1c,0x00,0x0c,0x04,0x2d,0x20,0xc6,0x82,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x64,0x00,0x81,0xc3,0x54,0x00,0x00,0xff,0xfe,0x18,0x1d,0x61,0x27,0x09,0x04,0x2e,0x65,0xa0,0xf9,0x27,0x09,0x06,0x2a,0x03,0xb0,0xc0,0x00,0x03,0x00,0xd0,0x00,0x00,0x00,0x00,0x00,0x6a,0x30,0x01,0x27,0x09,0x04,0x6b,0xbf,0x2e,0xd2,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x68,0x00,0x83,0xa4,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x64,0x27,0x09,0x04,0x2d,0x20,0xf6,0xb3,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x58,0x00,0x8b,0xf8,0x54,0x00,0x00,0xff,0xfe,0x15,0xb3,0x9a,0x27,0x09,0x04,0x2d,0x20,0xf8,0x57,0x27,0x09,0x06,0x20,0x01,0x19,0xf0,0x70,0x00,0x9b,0xc9,0x54,0x00,0x00,0xff,0xfe,0x15,0xc4,0xf5,0x27,0x09,0x04,0x9f,0xcb,0x02,0x9a,0x27,0x09,0x06,0x26,0x04,0xa8,0x80,0x0c,0xad,0x00,0xd0,0x00,0x00,0x00,0x00,0x00,0x26,0x70,0x01,0x27,0x09};
+
+Topology::Topology(const RuntimeEnvironment *renv) :
+	RR(renv),
+	_trustedPathCount(0),
+	_amRoot(false)
+{
+	std::string alls(RR->node->dataStoreGet("peers.save"));
+	const uint8_t *all = reinterpret_cast<const uint8_t *>(alls.data());
+	RR->node->dataStoreDelete("peers.save");
+
+	Buffer<ZT_PEER_SUGGESTED_SERIALIZATION_BUFFER_SIZE> *deserializeBuf = new Buffer<ZT_PEER_SUGGESTED_SERIALIZATION_BUFFER_SIZE>();
+	unsigned int ptr = 0;
+	while ((ptr + 4) < alls.size()) {
+		try {
+			const unsigned int reclen = ( // each Peer serialized record is prefixed by a record length
+					((((unsigned int)all[ptr]) & 0xff) << 24) |
+					((((unsigned int)all[ptr + 1]) & 0xff) << 16) |
+					((((unsigned int)all[ptr + 2]) & 0xff) << 8) |
+					(((unsigned int)all[ptr + 3]) & 0xff)
+				);
+			unsigned int pos = 0;
+			deserializeBuf->copyFrom(all + ptr,reclen + 4);
+			SharedPtr<Peer> p(Peer::deserializeNew(RR,RR->identity,*deserializeBuf,pos));
+			ptr += pos;
+			if (!p)
+				break; // stop if invalid records
+			if (p->address() != RR->identity.address())
+				_peers.set(p->address(),p);
+		} catch ( ... ) {
+			break; // stop if invalid records
+		}
+	}
+	delete deserializeBuf;
+
+	clean(RR->node->now());
+
+	std::string dsWorld(RR->node->dataStoreGet("world"));
+	World cachedWorld;
+	if (dsWorld.length() > 0) {
+		try {
+			Buffer<ZT_WORLD_MAX_SERIALIZED_LENGTH> dswtmp(dsWorld.data(),(unsigned int)dsWorld.length());
+			cachedWorld.deserialize(dswtmp,0);
+		} catch ( ... ) {
+			cachedWorld = World(); // clear if cached world is invalid
+		}
+	}
+	World defaultWorld;
+	{
+		Buffer<ZT_DEFAULT_WORLD_LENGTH> wtmp(ZT_DEFAULT_WORLD,ZT_DEFAULT_WORLD_LENGTH);
+		defaultWorld.deserialize(wtmp,0); // throws on error, which would indicate a bad static variable up top
+	}
+	if (cachedWorld.shouldBeReplacedBy(defaultWorld,false)) {
+		_setWorld(defaultWorld);
+		if (dsWorld.length() > 0)
+			RR->node->dataStoreDelete("world");
+	} else _setWorld(cachedWorld);
+}
+
+Topology::~Topology()
+{
+	Buffer<ZT_PEER_SUGGESTED_SERIALIZATION_BUFFER_SIZE> *pbuf = 0;
+	try {
+		pbuf = new Buffer<ZT_PEER_SUGGESTED_SERIALIZATION_BUFFER_SIZE>();
+		std::string all;
+
+		Address *a = (Address *)0;
+		SharedPtr<Peer> *p = (SharedPtr<Peer> *)0;
+		Hashtable< Address,SharedPtr<Peer> >::Iterator i(_peers);
+		while (i.next(a,p)) {
+			if (std::find(_rootAddresses.begin(),_rootAddresses.end(),*a) == _rootAddresses.end()) {
+				pbuf->clear();
+				try {
+					(*p)->serialize(*pbuf);
+					try {
+						all.append((const char *)pbuf->data(),pbuf->size());
+					} catch ( ... ) {
+						return; // out of memory? just skip
+					}
+				} catch ( ... ) {} // peer too big? shouldn't happen, but it so skip
+			}
+		}
+
+		RR->node->dataStorePut("peers.save",all,true);
+
+		delete pbuf;
+	} catch ( ... ) {
+		delete pbuf;
+	}
+}
+
+SharedPtr<Peer> Topology::addPeer(const SharedPtr<Peer> &peer)
+{
+#ifdef ZT_TRACE
+	if ((!peer)||(peer->address() == RR->identity.address())) {
+		if (!peer)
+			fprintf(stderr,"FATAL BUG: addPeer() caught attempt to add NULL peer" ZT_EOL_S);
+		else fprintf(stderr,"FATAL BUG: addPeer() caught attempt to add peer for self" ZT_EOL_S);
+		abort();
+	}
+#endif
+
+	SharedPtr<Peer> np;
+	{
+		Mutex::Lock _l(_lock);
+		SharedPtr<Peer> &hp = _peers[peer->address()];
+		if (!hp)
+			hp = peer;
+		np = hp;
+	}
+
+	np->use(RR->node->now());
+	saveIdentity(np->identity());
+
+	return np;
+}
+
+SharedPtr<Peer> Topology::getPeer(const Address &zta)
+{
+	if (zta == RR->identity.address()) {
+		TRACE("BUG: ignored attempt to getPeer() for self, returned NULL");
+		return SharedPtr<Peer>();
+	}
+
+	{
+		Mutex::Lock _l(_lock);
+		const SharedPtr<Peer> *const ap = _peers.get(zta);
+		if (ap) {
+			(*ap)->use(RR->node->now());
+			return *ap;
+		}
+	}
+
+	try {
+		Identity id(_getIdentity(zta));
+		if (id) {
+			SharedPtr<Peer> np(new Peer(RR,RR->identity,id));
+			{
+				Mutex::Lock _l(_lock);
+				SharedPtr<Peer> &ap = _peers[zta];
+				if (!ap)
+					ap.swap(np);
+				ap->use(RR->node->now());
+				return ap;
+			}
+		}
+	} catch ( ... ) {
+		fprintf(stderr,"EXCEPTION in getPeer() part 2\n");
+		abort();
+	} // invalid identity on disk?
+
+	return SharedPtr<Peer>();
+}
+
+Identity Topology::getIdentity(const Address &zta)
+{
+	{
+		Mutex::Lock _l(_lock);
+		const SharedPtr<Peer> *const ap = _peers.get(zta);
+		if (ap)
+			return (*ap)->identity();
+	}
+	return _getIdentity(zta);
+}
+
+void Topology::saveIdentity(const Identity &id)
+{
+	if (id) {
+		char p[128];
+		Utils::snprintf(p,sizeof(p),"iddb.d/%.10llx",(unsigned long long)id.address().toInt());
+		RR->node->dataStorePut(p,id.toString(false),false);
+	}
+}
+
+SharedPtr<Peer> Topology::getBestRoot(const Address *avoid,unsigned int avoidCount,bool strictAvoid)
+{
+	const uint64_t now = RR->node->now();
+	Mutex::Lock _l(_lock);
+
+	if (_amRoot) {
+		/* If I am a root server, the "best" root server is the one whose address
+		 * is numerically greater than mine (with wrap at top of list). This
+		 * causes packets searching for a route to pretty much literally
+		 * circumnavigate the globe rather than bouncing between just two. */
+
+		for(unsigned long p=0;p<_rootAddresses.size();++p) {
+			if (_rootAddresses[p] == RR->identity.address()) {
+				for(unsigned long q=1;q<_rootAddresses.size();++q) {
+					const SharedPtr<Peer> *const nextsn = _peers.get(_rootAddresses[(p + q) % _rootAddresses.size()]);
+					if ((nextsn)&&((*nextsn)->hasActiveDirectPath(now))) {
+						(*nextsn)->use(now);
+						return *nextsn;
+					}
+				}
+				break;
+			}
+		}
+
+	} else {
+		/* If I am not a root server, the best root server is the active one with
+		 * the lowest quality score. (lower == better) */
+
+		unsigned int bestQualityOverall = ~((unsigned int)0);
+		unsigned int bestQualityNotAvoid = ~((unsigned int)0);
+		const SharedPtr<Peer> *bestOverall = (const SharedPtr<Peer> *)0;
+		const SharedPtr<Peer> *bestNotAvoid = (const SharedPtr<Peer> *)0;
+
+		for(std::vector< SharedPtr<Peer> >::const_iterator r(_rootPeers.begin());r!=_rootPeers.end();++r) {
+			bool avoiding = false;
+			for(unsigned int i=0;i<avoidCount;++i) {
+				if (avoid[i] == (*r)->address()) {
+					avoiding = true;
+					break;
+				}
+			}
+			const unsigned int q = (*r)->relayQuality(now);
+			if (q <= bestQualityOverall) {
+				bestQualityOverall = q;
+				bestOverall = &(*r);
+			}
+			if ((!avoiding)&&(q <= bestQualityNotAvoid)) {
+				bestQualityNotAvoid = q;
+				bestNotAvoid = &(*r);
+			}
+		}
+
+		if (bestNotAvoid) {
+			(*bestNotAvoid)->use(now);
+			return *bestNotAvoid;
+		} else if ((!strictAvoid)&&(bestOverall)) {
+			(*bestOverall)->use(now);
+			return *bestOverall;
+		}
+
+	}
+
+	return SharedPtr<Peer>();
+}
+
+bool Topology::isUpstream(const Identity &id) const
+{
+	if (isRoot(id))
+		return true;
+	std::vector< SharedPtr<Network> > nws(RR->node->allNetworks());
+	for(std::vector< SharedPtr<Network> >::const_iterator nw(nws.begin());nw!=nws.end();++nw) {
+		if ((*nw)->config().isRelay(id.address())) {
+			return true;
+		}
+	}
+	return false;
+}
+
+bool Topology::worldUpdateIfValid(const World &newWorld)
+{
+	Mutex::Lock _l(_lock);
+	if (_world.shouldBeReplacedBy(newWorld,true)) {
+		_setWorld(newWorld);
+		try {
+			Buffer<ZT_WORLD_MAX_SERIALIZED_LENGTH> dswtmp;
+			newWorld.serialize(dswtmp,false);
+			RR->node->dataStorePut("world",dswtmp.data(),dswtmp.size(),false);
+		} catch ( ... ) {
+			RR->node->dataStoreDelete("world");
+		}
+		return true;
+	}
+	return false;
+}
+
+void Topology::clean(uint64_t now)
+{
+	Mutex::Lock _l(_lock);
+	Hashtable< Address,SharedPtr<Peer> >::Iterator i(_peers);
+	Address *a = (Address *)0;
+	SharedPtr<Peer> *p = (SharedPtr<Peer> *)0;
+	while (i.next(a,p)) {
+		if (((now - (*p)->lastUsed()) >= ZT_PEER_IN_MEMORY_EXPIRATION)&&(std::find(_rootAddresses.begin(),_rootAddresses.end(),*a) == _rootAddresses.end())) {
+			_peers.erase(*a);
+		} else {
+			(*p)->clean(now);
+		}
+	}
+}
+
+Identity Topology::_getIdentity(const Address &zta)
+{
+	char p[128];
+	Utils::snprintf(p,sizeof(p),"iddb.d/%.10llx",(unsigned long long)zta.toInt());
+	std::string ids(RR->node->dataStoreGet(p));
+	if (ids.length() > 0) {
+		try {
+			return Identity(ids);
+		} catch ( ... ) {} // ignore invalid IDs
+	}
+	return Identity();
+}
+
+void Topology::_setWorld(const World &newWorld)
+{
+	// assumed _lock is locked (or in constructor)
+	_world = newWorld;
+	_amRoot = false;
+	_rootAddresses.clear();
+	_rootPeers.clear();
+	for(std::vector<World::Root>::const_iterator r(_world.roots().begin());r!=_world.roots().end();++r) {
+		_rootAddresses.push_back(r->identity.address());
+		if (r->identity.address() == RR->identity.address()) {
+			_amRoot = true;
+		} else {
+			SharedPtr<Peer> *rp = _peers.get(r->identity.address());
+			if (rp) {
+				_rootPeers.push_back(*rp);
+			} else {
+				SharedPtr<Peer> newrp(new Peer(RR,RR->identity,r->identity));
+				_peers.set(r->identity.address(),newrp);
+				_rootPeers.push_back(newrp);
+			}
+		}
+	}
+}
+
+} // namespace ZeroTier
diff --git a/node/Topology.hpp b/node/Topology.hpp
new file mode 100644
index 0000000..03c491e
--- /dev/null
+++ b/node/Topology.hpp
@@ -0,0 +1,325 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_TOPOLOGY_HPP
+#define ZT_TOPOLOGY_HPP
+
+#include <stdio.h>
+#include <string.h>
+
+#include <vector>
+#include <stdexcept>
+#include <algorithm>
+#include <utility>
+
+#include "Constants.hpp"
+#include "../include/ZeroTierOne.h"
+
+#include "Address.hpp"
+#include "Identity.hpp"
+#include "Peer.hpp"
+#include "Mutex.hpp"
+#include "InetAddress.hpp"
+#include "Hashtable.hpp"
+#include "World.hpp"
+
+namespace ZeroTier {
+
+class RuntimeEnvironment;
+
+/**
+ * Database of network topology
+ */
+class Topology
+{
+public:
+	Topology(const RuntimeEnvironment *renv);
+	~Topology();
+
+	/**
+	 * Add a peer to database
+	 *
+	 * This will not replace existing peers. In that case the existing peer
+	 * record is returned.
+	 *
+	 * @param peer Peer to add
+	 * @return New or existing peer (should replace 'peer')
+	 */
+	SharedPtr<Peer> addPeer(const SharedPtr<Peer> &peer);
+
+	/**
+	 * Get a peer from its address
+	 *
+	 * @param zta ZeroTier address of peer
+	 * @return Peer or NULL if not found
+	 */
+	SharedPtr<Peer> getPeer(const Address &zta);
+
+	/**
+	 * Get a peer only if it is presently in memory (no disk cache)
+	 *
+	 * This also does not update the lastUsed() time for peers, which means
+	 * that it won't prevent them from falling out of RAM. This is currently
+	 * used in the Cluster code to update peer info without forcing all peers
+	 * across the entire cluster to remain in memory cache.
+	 *
+	 * @param zta ZeroTier address
+	 */
+	inline SharedPtr<Peer> getPeerNoCache(const Address &zta)
+	{
+		Mutex::Lock _l(_lock);
+		const SharedPtr<Peer> *const ap = _peers.get(zta);
+		if (ap)
+			return *ap;
+		return SharedPtr<Peer>();
+	}
+
+	/**
+	 * Get the identity of a peer
+	 *
+	 * @param zta ZeroTier address of peer
+	 * @return Identity or NULL Identity if not found
+	 */
+	Identity getIdentity(const Address &zta);
+
+	/**
+	 * Cache an identity
+	 *
+	 * This is done automatically on addPeer(), and so is only useful for
+	 * cluster identity replication.
+	 *
+	 * @param id Identity to cache
+	 */
+	void saveIdentity(const Identity &id);
+
+	/**
+	 * Get the current favorite root server
+	 *
+	 * @return Root server with lowest latency or NULL if none
+	 */
+	inline SharedPtr<Peer> getBestRoot() { return getBestRoot((const Address *)0,0,false); }
+
+	/**
+	 * Get the best root server, avoiding root servers listed in an array
+	 *
+	 * This will get the best root server (lowest latency, etc.) but will
+	 * try to avoid the listed root servers, only using them if no others
+	 * are available.
+	 *
+	 * @param avoid Nodes to avoid
+	 * @param avoidCount Number of nodes to avoid
+	 * @param strictAvoid If false, consider avoided root servers anyway if no non-avoid root servers are available
+	 * @return Root server or NULL if none available
+	 */
+	SharedPtr<Peer> getBestRoot(const Address *avoid,unsigned int avoidCount,bool strictAvoid);
+
+	/**
+	 * @param id Identity to check
+	 * @return True if this is a designated root server in this world
+	 */
+	inline bool isRoot(const Identity &id) const
+	{
+		Mutex::Lock _l(_lock);
+		return (std::find(_rootAddresses.begin(),_rootAddresses.end(),id.address()) != _rootAddresses.end());
+	}
+
+	/**
+	 * @param id Identity to check
+	 * @return True if this is a root server or a network preferred relay from one of our networks
+	 */
+	bool isUpstream(const Identity &id) const;
+
+	/**
+	 * @return Vector of root server addresses
+	 */
+	inline std::vector<Address> rootAddresses() const
+	{
+		Mutex::Lock _l(_lock);
+		return _rootAddresses;
+	}
+
+	/**
+	 * @return Current World (copy)
+	 */
+	inline World world() const
+	{
+		Mutex::Lock _l(_lock);
+		return _world;
+	}
+
+	/**
+	 * @return Current world ID
+	 */
+	inline uint64_t worldId() const
+	{
+		return _world.id(); // safe to read without lock, and used from within eachPeer() so don't lock
+	}
+
+	/**
+	 * @return Current world timestamp
+	 */
+	inline uint64_t worldTimestamp() const
+	{
+		return _world.timestamp(); // safe to read without lock, and used from within eachPeer() so don't lock
+	}
+
+	/**
+	 * Validate new world and update if newer and signature is okay
+	 *
+	 * @param newWorld Potential new world definition revision
+	 * @return True if an update actually occurred
+	 */
+	bool worldUpdateIfValid(const World &newWorld);
+
+	/**
+	 * Clean and flush database
+	 */
+	void clean(uint64_t now);
+
+	/**
+	 * @param now Current time
+	 * @return Number of peers with active direct paths
+	 */
+	inline unsigned long countActive(uint64_t now) const
+	{
+		unsigned long cnt = 0;
+		Mutex::Lock _l(_lock);
+		Hashtable< Address,SharedPtr<Peer> >::Iterator i(const_cast<Topology *>(this)->_peers);
+		Address *a = (Address *)0;
+		SharedPtr<Peer> *p = (SharedPtr<Peer> *)0;
+		while (i.next(a,p)) {
+			cnt += (unsigned long)((*p)->hasActiveDirectPath(now));
+		}
+		return cnt;
+	}
+
+	/**
+	 * Apply a function or function object to all peers
+	 *
+	 * Note: explicitly template this by reference if you want the object
+	 * passed by reference instead of copied.
+	 *
+	 * Warning: be careful not to use features in these that call any other
+	 * methods of Topology that may lock _lock, otherwise a recursive lock
+	 * and deadlock or lock corruption may occur.
+	 *
+	 * @param f Function to apply
+	 * @tparam F Function or function object type
+	 */
+	template<typename F>
+	inline void eachPeer(F f)
+	{
+		Mutex::Lock _l(_lock);
+		Hashtable< Address,SharedPtr<Peer> >::Iterator i(_peers);
+		Address *a = (Address *)0;
+		SharedPtr<Peer> *p = (SharedPtr<Peer> *)0;
+		while (i.next(a,p)) {
+#ifdef ZT_TRACE
+			if (!(*p)) {
+				fprintf(stderr,"FATAL BUG: eachPeer() caught NULL peer for %s -- peer pointers in Topology should NEVER be NULL" ZT_EOL_S,a->toString().c_str());
+				abort();
+			}
+#endif
+			f(*this,*((const SharedPtr<Peer> *)p));
+		}
+	}
+
+	/**
+	 * @return All currently active peers by address (unsorted)
+	 */
+	inline std::vector< std::pair< Address,SharedPtr<Peer> > > allPeers() const
+	{
+		Mutex::Lock _l(_lock);
+		return _peers.entries();
+	}
+
+	/**
+	 * @return True if I am a root server in the current World
+	 */
+	inline bool amRoot() const throw() { return _amRoot; }
+
+	/**
+	 * Get the outbound trusted path ID for a physical address, or 0 if none
+	 *
+	 * @param physicalAddress Physical address to which we are sending the packet
+	 * @return Trusted path ID or 0 if none (0 is not a valid trusted path ID)
+	 */
+	inline uint64_t getOutboundPathTrust(const InetAddress &physicalAddress)
+	{
+		for(unsigned int i=0;i<_trustedPathCount;++i) {
+			if (_trustedPathNetworks[i].containsAddress(physicalAddress))
+				return _trustedPathIds[i];
+		}
+		return 0;
+	}
+
+	/**
+	 * Check whether in incoming trusted path marked packet is valid
+	 *
+	 * @param physicalAddress Originating physical address
+	 * @param trustedPathId Trusted path ID from packet (from MAC field)
+	 */
+	inline bool shouldInboundPathBeTrusted(const InetAddress &physicalAddress,const uint64_t trustedPathId)
+	{
+		for(unsigned int i=0;i<_trustedPathCount;++i) {
+			if ((_trustedPathIds[i] == trustedPathId)&&(_trustedPathNetworks[i].containsAddress(physicalAddress)))
+				return true;
+		}
+		return false;
+	}
+
+	/**
+	 * Set trusted paths in this topology
+	 *
+	 * @param networks Array of networks (prefix/netmask bits)
+	 * @param ids Array of trusted path IDs
+	 * @param count Number of trusted paths (if larger than ZT_MAX_TRUSTED_PATHS overflow is ignored)
+	 */
+	inline void setTrustedPaths(const InetAddress *networks,const uint64_t *ids,unsigned int count)
+	{
+		if (count > ZT_MAX_TRUSTED_PATHS)
+			count = ZT_MAX_TRUSTED_PATHS;
+		Mutex::Lock _l(_lock);
+		for(unsigned int i=0;i<count;++i) {
+			_trustedPathIds[i] = ids[i];
+			_trustedPathNetworks[i] = networks[i];
+		}
+		_trustedPathCount = count;
+	}
+
+private:
+	Identity _getIdentity(const Address &zta);
+	void _setWorld(const World &newWorld);
+
+	const RuntimeEnvironment *const RR;
+
+	uint64_t _trustedPathIds[ZT_MAX_TRUSTED_PATHS];
+	InetAddress _trustedPathNetworks[ZT_MAX_TRUSTED_PATHS];
+	unsigned int _trustedPathCount;
+	World _world;
+	Hashtable< Address,SharedPtr<Peer> > _peers;
+	std::vector< Address > _rootAddresses;
+	std::vector< SharedPtr<Peer> > _rootPeers;
+	bool _amRoot;
+
+	Mutex _lock;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/Utils.cpp b/node/Utils.cpp
new file mode 100644
index 0000000..2d9515e
--- /dev/null
+++ b/node/Utils.cpp
@@ -0,0 +1,301 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <time.h>
+#include <sys/stat.h>
+
+#include "Constants.hpp"
+
+#ifdef __UNIX_LIKE__
+#include <unistd.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/uio.h>
+#include <dirent.h>
+#endif
+
+#ifdef __WINDOWS__
+#include <wincrypt.h>
+#endif
+
+#include "Utils.hpp"
+#include "Mutex.hpp"
+#include "Salsa20.hpp"
+
+namespace ZeroTier {
+
+const char Utils::HEXCHARS[16] = { '0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f' };
+
+static void _Utils_doBurn(char *ptr,unsigned int len)
+{
+	for(unsigned int i=0;i<len;++i)
+		ptr[i] = (char)0;
+}
+void (*volatile _Utils_doBurn_ptr)(char *,unsigned int) = _Utils_doBurn;
+void Utils::burn(void *ptr,unsigned int len)
+	throw()
+{
+	// Ridiculous hack: call _doBurn() via a volatile function pointer to
+	// hold down compiler optimizers and beat them mercilessly until they
+	// cry and mumble something about never eliding secure memory zeroing
+	// again.
+	(_Utils_doBurn_ptr)((char *)ptr,len);
+}
+
+std::string Utils::hex(const void *data,unsigned int len)
+{
+	std::string r;
+	r.reserve(len * 2);
+	for(unsigned int i=0;i<len;++i) {
+		r.push_back(HEXCHARS[(((const unsigned char *)data)[i] & 0xf0) >> 4]);
+		r.push_back(HEXCHARS[((const unsigned char *)data)[i] & 0x0f]);
+	}
+	return r;
+}
+
+std::string Utils::unhex(const char *hex,unsigned int maxlen)
+{
+	int n = 1;
+	unsigned char c,b = 0;
+	const char *eof = hex + maxlen;
+	std::string r;
+
+	if (!maxlen)
+		return r;
+
+	while ((c = (unsigned char)*(hex++))) {
+		if ((c >= 48)&&(c <= 57)) { // 0..9
+			if ((n ^= 1))
+				r.push_back((char)(b | (c - 48)));
+			else b = (c - 48) << 4;
+		} else if ((c >= 65)&&(c <= 70)) { // A..F
+			if ((n ^= 1))
+				r.push_back((char)(b | (c - (65 - 10))));
+			else b = (c - (65 - 10)) << 4;
+		} else if ((c >= 97)&&(c <= 102)) { // a..f
+			if ((n ^= 1))
+				r.push_back((char)(b | (c - (97 - 10))));
+			else b = (c - (97 - 10)) << 4;
+		}
+		if (hex == eof)
+			break;
+	}
+
+	return r;
+}
+
+unsigned int Utils::unhex(const char *hex,unsigned int maxlen,void *buf,unsigned int len)
+{
+	int n = 1;
+	unsigned char c,b = 0;
+	unsigned int l = 0;
+	const char *eof = hex + maxlen;
+
+	if (!maxlen)
+		return 0;
+
+	while ((c = (unsigned char)*(hex++))) {
+		if ((c >= 48)&&(c <= 57)) { // 0..9
+			if ((n ^= 1)) {
+				if (l >= len) break;
+				((unsigned char *)buf)[l++] = (b | (c - 48));
+			} else b = (c - 48) << 4;
+		} else if ((c >= 65)&&(c <= 70)) { // A..F
+			if ((n ^= 1)) {
+				if (l >= len) break;
+				((unsigned char *)buf)[l++] = (b | (c - (65 - 10)));
+			} else b = (c - (65 - 10)) << 4;
+		} else if ((c >= 97)&&(c <= 102)) { // a..f
+			if ((n ^= 1)) {
+				if (l >= len) break;
+				((unsigned char *)buf)[l++] = (b | (c - (97 - 10)));
+			} else b = (c - (97 - 10)) << 4;
+		}
+		if (hex == eof)
+			break;
+	}
+
+	return l;
+}
+
+void Utils::getSecureRandom(void *buf,unsigned int bytes)
+{
+	static Mutex globalLock;
+	static Salsa20 s20;
+	static bool s20Initialized = false;
+
+	Mutex::Lock _l(globalLock);
+
+	/* Just for posterity we Salsa20 encrypt the result of whatever system
+	 * CSPRNG we use. There have been several bugs at the OS or OS distribution
+	 * level in the past that resulted in systematically weak or predictable
+	 * keys due to random seeding problems. This mitigates that by grabbing
+	 * a bit of extra entropy and further randomizing the result, and comes
+	 * at almost no cost and with no real downside if the random source is
+	 * good. */
+	if (!s20Initialized) {
+		s20Initialized = true;
+		uint64_t s20Key[4];
+		s20Key[0] = (uint64_t)time(0); // system clock
+		s20Key[1] = (uint64_t)buf; // address of buf
+		s20Key[2] = (uint64_t)s20Key; // address of s20Key[]
+		s20Key[3] = (uint64_t)&s20; // address of s20
+		s20.init(s20Key,256,s20Key);
+	}
+
+#ifdef __WINDOWS__
+
+	static HCRYPTPROV cryptProvider = NULL;
+
+	if (cryptProvider == NULL) {
+		if (!CryptAcquireContextA(&cryptProvider,NULL,NULL,PROV_RSA_FULL,CRYPT_VERIFYCONTEXT|CRYPT_SILENT)) {
+			fprintf(stderr,"FATAL ERROR: Utils::getSecureRandom() unable to obtain WinCrypt context!\r\n");
+			exit(1);
+			return;
+		}
+	}
+	if (!CryptGenRandom(cryptProvider,(DWORD)bytes,(BYTE *)buf)) {
+		fprintf(stderr,"FATAL ERROR: Utils::getSecureRandom() CryptGenRandom failed!\r\n");
+		exit(1);
+	}
+
+#else // not __WINDOWS__
+
+	static char randomBuf[131072];
+	static unsigned int randomPtr = sizeof(randomBuf);
+	static int devURandomFd = -1;
+
+	if (devURandomFd <= 0) {
+		devURandomFd = ::open("/dev/urandom",O_RDONLY);
+		if (devURandomFd <= 0) {
+			fprintf(stderr,"FATAL ERROR: Utils::getSecureRandom() unable to open /dev/urandom\n");
+			exit(1);
+			return;
+		}
+	}
+
+	for(unsigned int i=0;i<bytes;++i) {
+		if (randomPtr >= sizeof(randomBuf)) {
+			for(;;) {
+				if ((int)::read(devURandomFd,randomBuf,sizeof(randomBuf)) != (int)sizeof(randomBuf)) {
+					::close(devURandomFd);
+					devURandomFd = ::open("/dev/urandom",O_RDONLY);
+					if (devURandomFd <= 0) {
+						fprintf(stderr,"FATAL ERROR: Utils::getSecureRandom() unable to open /dev/urandom\n");
+						exit(1);
+						return;
+					}
+				} else break;
+			}
+			randomPtr = 0;
+		}
+		((char *)buf)[i] = randomBuf[randomPtr++];
+	}
+
+#endif // __WINDOWS__ or not
+
+	s20.encrypt12(buf,buf,bytes);
+}
+
+std::vector<std::string> Utils::split(const char *s,const char *const sep,const char *esc,const char *quot)
+{
+	std::vector<std::string> fields;
+	std::string buf;
+
+	if (!esc)
+		esc = "";
+	if (!quot)
+		quot = "";
+
+	bool escapeState = false;
+	char quoteState = 0;
+	while (*s) {
+		if (escapeState) {
+			escapeState = false;
+			buf.push_back(*s);
+		} else if (quoteState) {
+			if (*s == quoteState) {
+				quoteState = 0;
+				fields.push_back(buf);
+				buf.clear();
+			} else buf.push_back(*s);
+		} else {
+			const char *quotTmp;
+			if (strchr(esc,*s))
+				escapeState = true;
+			else if ((buf.size() <= 0)&&((quotTmp = strchr(quot,*s))))
+				quoteState = *quotTmp;
+			else if (strchr(sep,*s)) {
+				if (buf.size() > 0) {
+					fields.push_back(buf);
+					buf.clear();
+				} // else skip runs of seperators
+			} else buf.push_back(*s);
+		}
+		++s;
+	}
+
+	if (buf.size())
+		fields.push_back(buf);
+
+	return fields;
+}
+
+bool Utils::scopy(char *dest,unsigned int len,const char *src)
+{
+	if (!len)
+		return false; // sanity check
+	if (!src) {
+		*dest = (char)0;
+		return true;
+	}
+	char *end = dest + len;
+	while ((*dest++ = *src++)) {
+		if (dest == end) {
+			*(--dest) = (char)0;
+			return false;
+		}
+	}
+	return true;
+}
+
+unsigned int Utils::snprintf(char *buf,unsigned int len,const char *fmt,...)
+	throw(std::length_error)
+{
+	va_list ap;
+
+	va_start(ap,fmt);
+	int n = (int)vsnprintf(buf,len,fmt,ap);
+	va_end(ap);
+
+	if ((n >= (int)len)||(n < 0)) {
+		if (len)
+			buf[len - 1] = (char)0;
+		throw std::length_error("buf[] overflow in Utils::snprintf");
+	}
+
+	return (unsigned int)n;
+}
+
+} // namespace ZeroTier
diff --git a/node/Utils.hpp b/node/Utils.hpp
new file mode 100644
index 0000000..cfe5650
--- /dev/null
+++ b/node/Utils.hpp
@@ -0,0 +1,379 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_UTILS_HPP
+#define ZT_UTILS_HPP
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+#include <time.h>
+
+#include <string>
+#include <stdexcept>
+#include <vector>
+#include <map>
+
+#include "Constants.hpp"
+
+namespace ZeroTier {
+
+/**
+ * Miscellaneous utility functions and global constants
+ */
+class Utils
+{
+public:
+	/**
+	 * Perform a time-invariant binary comparison
+	 *
+	 * @param a First binary string
+	 * @param b Second binary string
+	 * @param len Length of strings
+	 * @return True if strings are equal
+	 */
+	static inline bool secureEq(const void *a,const void *b,unsigned int len)
+	{
+		uint8_t diff = 0;
+		for(unsigned int i=0;i<len;++i)
+			diff |= ( (reinterpret_cast<const uint8_t *>(a))[i] ^ (reinterpret_cast<const uint8_t *>(b))[i] );
+		return (diff == 0);
+	}
+
+	/**
+	 * Securely zero memory, avoiding compiler optimizations and such
+	 */
+	static void burn(void *ptr,unsigned int len)
+		throw();
+
+	/**
+	 * Convert binary data to hexadecimal
+	 *
+	 * @param data Data to convert to hex
+	 * @param len Length of data
+	 * @return Hexadecimal string
+	 */
+	static std::string hex(const void *data,unsigned int len);
+	static inline std::string hex(const std::string &data) { return hex(data.data(),(unsigned int)data.length()); }
+
+	/**
+	 * Convert hexadecimal to binary data
+	 *
+	 * This ignores all non-hex characters, just stepping over them and
+	 * continuing. Upper and lower case are supported for letters a-f.
+	 *
+	 * @param hex Hexadecimal ASCII code (non-hex chars are ignored, stops at zero or maxlen)
+	 * @param maxlen Maximum length of hex string buffer
+	 * @return Binary data
+	 */
+	static std::string unhex(const char *hex,unsigned int maxlen);
+	static inline std::string unhex(const std::string &hex) { return unhex(hex.c_str(),(unsigned int)hex.length()); }
+
+	/**
+	 * Convert hexadecimal to binary data
+	 *
+	 * This ignores all non-hex characters, just stepping over them and
+	 * continuing. Upper and lower case are supported for letters a-f.
+	 *
+	 * @param hex Hexadecimal ASCII
+	 * @param maxlen Maximum length of hex string buffer
+	 * @param buf Buffer to fill
+	 * @param len Length of buffer
+	 * @return Number of characters actually written
+	 */
+	static unsigned int unhex(const char *hex,unsigned int maxlen,void *buf,unsigned int len);
+	static inline unsigned int unhex(const std::string &hex,void *buf,unsigned int len) { return unhex(hex.c_str(),(unsigned int)hex.length(),buf,len); }
+
+	/**
+	 * Generate secure random bytes
+	 *
+	 * This will try to use whatever OS sources of entropy are available. It's
+	 * guarded by an internal mutex so it's thread-safe.
+	 *
+	 * @param buf Buffer to fill
+	 * @param bytes Number of random bytes to generate
+	 */
+	static void getSecureRandom(void *buf,unsigned int bytes);
+
+	/**
+	 * Split a string by delimiter, with optional escape and quote characters
+	 *
+	 * @param s String to split
+	 * @param sep One or more separators
+	 * @param esc Zero or more escape characters
+	 * @param quot Zero or more quote characters
+	 * @return Vector of tokens
+	 */
+	static std::vector<std::string> split(const char *s,const char *const sep,const char *esc,const char *quot);
+
+	/**
+	 * Tokenize a string (alias for strtok_r or strtok_s depending on platform)
+	 *
+	 * @param str String to split
+	 * @param delim Delimiters
+	 * @param saveptr Pointer to a char * for temporary reentrant storage
+	 */
+	static inline char *stok(char *str,const char *delim,char **saveptr)
+		throw()
+	{
+#ifdef __WINDOWS__
+		return strtok_s(str,delim,saveptr);
+#else
+		return strtok_r(str,delim,saveptr);
+#endif
+	}
+
+	// String to number converters -- defined here to permit portability
+	// ifdefs for platforms that lack some of the strtoXX functions.
+	static inline unsigned int strToUInt(const char *s)
+		throw()
+	{
+		return (unsigned int)strtoul(s,(char **)0,10);
+	}
+	static inline int strToInt(const char *s)
+		throw()
+	{
+		return (int)strtol(s,(char **)0,10);
+	}
+	static inline unsigned long strToULong(const char *s)
+		throw()
+	{
+		return strtoul(s,(char **)0,10);
+	}
+	static inline long strToLong(const char *s)
+		throw()
+	{
+		return strtol(s,(char **)0,10);
+	}
+	static inline unsigned long long strToU64(const char *s)
+		throw()
+	{
+#ifdef __WINDOWS__
+		return (unsigned long long)_strtoui64(s,(char **)0,10);
+#else
+		return strtoull(s,(char **)0,10);
+#endif
+	}
+	static inline long long strTo64(const char *s)
+		throw()
+	{
+#ifdef __WINDOWS__
+		return (long long)_strtoi64(s,(char **)0,10);
+#else
+		return strtoll(s,(char **)0,10);
+#endif
+	}
+	static inline unsigned int hexStrToUInt(const char *s)
+		throw()
+	{
+		return (unsigned int)strtoul(s,(char **)0,16);
+	}
+	static inline int hexStrToInt(const char *s)
+		throw()
+	{
+		return (int)strtol(s,(char **)0,16);
+	}
+	static inline unsigned long hexStrToULong(const char *s)
+		throw()
+	{
+		return strtoul(s,(char **)0,16);
+	}
+	static inline long hexStrToLong(const char *s)
+		throw()
+	{
+		return strtol(s,(char **)0,16);
+	}
+	static inline unsigned long long hexStrToU64(const char *s)
+		throw()
+	{
+#ifdef __WINDOWS__
+		return (unsigned long long)_strtoui64(s,(char **)0,16);
+#else
+		return strtoull(s,(char **)0,16);
+#endif
+	}
+	static inline long long hexStrTo64(const char *s)
+		throw()
+	{
+#ifdef __WINDOWS__
+		return (long long)_strtoi64(s,(char **)0,16);
+#else
+		return strtoll(s,(char **)0,16);
+#endif
+	}
+	static inline double strToDouble(const char *s)
+		throw()
+	{
+		return strtod(s,(char **)0);
+	}
+
+	/**
+	 * Perform a safe C string copy, ALWAYS null-terminating the result
+	 *
+	 * This will never ever EVER result in dest[] not being null-terminated
+	 * regardless of any input parameter (other than len==0 which is invalid).
+	 *
+	 * @param dest Destination buffer (must not be NULL)
+	 * @param len Length of dest[] (if zero, false is returned and nothing happens)
+	 * @param src Source string (if NULL, dest will receive a zero-length string and true is returned)
+	 * @return True on success, false on overflow (buffer will still be 0-terminated)
+	 */
+	static bool scopy(char *dest,unsigned int len,const char *src);
+
+	/**
+	 * Variant of snprintf that is portable and throws an exception
+	 *
+	 * This just wraps the local implementation whatever it's called, while
+	 * performing a few other checks and adding exceptions for overflow.
+	 *
+	 * @param buf Buffer to write to
+	 * @param len Length of buffer in bytes
+	 * @param fmt Format string
+	 * @param ... Format arguments
+	 * @throws std::length_error buf[] too short (buf[] will still be left null-terminated)
+	 */
+	static unsigned int snprintf(char *buf,unsigned int len,const char *fmt,...)
+		throw(std::length_error);
+
+	/**
+	 * Count the number of bits set in an integer
+	 *
+	 * @param v 32-bit integer
+	 * @return Number of bits set in this integer (0-32)
+	 */
+	static inline uint32_t countBits(uint32_t v)
+	{
+		v = v - ((v >> 1) & (uint32_t)0x55555555);
+		v = (v & (uint32_t)0x33333333) + ((v >> 2) & (uint32_t)0x33333333);
+		return ((((v + (v >> 4)) & (uint32_t)0xF0F0F0F) * (uint32_t)0x1010101) >> 24);
+	}
+
+	/**
+	 * Check if a memory buffer is all-zero
+	 *
+	 * @param p Memory to scan
+	 * @param len Length of memory
+	 * @return True if memory is all zero
+	 */
+	static inline bool isZero(const void *p,unsigned int len)
+	{
+		for(unsigned int i=0;i<len;++i) {
+			if (((const unsigned char *)p)[i])
+				return false;
+		}
+		return true;
+	}
+
+	// Byte swappers for big/little endian conversion
+	static inline uint8_t hton(uint8_t n) throw() { return n; }
+	static inline int8_t hton(int8_t n) throw() { return n; }
+	static inline uint16_t hton(uint16_t n) throw() { return htons(n); }
+	static inline int16_t hton(int16_t n) throw() { return (int16_t)htons((uint16_t)n); }
+	static inline uint32_t hton(uint32_t n) throw() { return htonl(n); }
+	static inline int32_t hton(int32_t n) throw() { return (int32_t)htonl((uint32_t)n); }
+	static inline uint64_t hton(uint64_t n)
+		throw()
+	{
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+#if defined(__GNUC__) && (!defined(__OpenBSD__))
+		return __builtin_bswap64(n);
+#else
+		return (
+			((n & 0x00000000000000FFULL) << 56) |
+			((n & 0x000000000000FF00ULL) << 40) |
+			((n & 0x0000000000FF0000ULL) << 24) |
+			((n & 0x00000000FF000000ULL) <<  8) |
+			((n & 0x000000FF00000000ULL) >>  8) |
+			((n & 0x0000FF0000000000ULL) >> 24) |
+			((n & 0x00FF000000000000ULL) >> 40) |
+			((n & 0xFF00000000000000ULL) >> 56)
+		);
+#endif
+#else
+		return n;
+#endif
+	}
+	static inline int64_t hton(int64_t n) throw() { return (int64_t)hton((uint64_t)n); }
+
+	static inline uint8_t ntoh(uint8_t n) throw() { return n; }
+	static inline int8_t ntoh(int8_t n) throw() { return n; }
+	static inline uint16_t ntoh(uint16_t n) throw() { return ntohs(n); }
+	static inline int16_t ntoh(int16_t n) throw() { return (int16_t)ntohs((uint16_t)n); }
+	static inline uint32_t ntoh(uint32_t n) throw() { return ntohl(n); }
+	static inline int32_t ntoh(int32_t n) throw() { return (int32_t)ntohl((uint32_t)n); }
+	static inline uint64_t ntoh(uint64_t n)
+		throw()
+	{
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+#if defined(__GNUC__) && !defined(__OpenBSD__)
+		return __builtin_bswap64(n);
+#else
+		return (
+			((n & 0x00000000000000FFULL) << 56) |
+			((n & 0x000000000000FF00ULL) << 40) |
+			((n & 0x0000000000FF0000ULL) << 24) |
+			((n & 0x00000000FF000000ULL) <<  8) |
+			((n & 0x000000FF00000000ULL) >>  8) |
+			((n & 0x0000FF0000000000ULL) >> 24) |
+			((n & 0x00FF000000000000ULL) >> 40) |
+			((n & 0xFF00000000000000ULL) >> 56)
+		);
+#endif
+#else
+		return n;
+#endif
+	}
+	static inline int64_t ntoh(int64_t n) throw() { return (int64_t)ntoh((uint64_t)n); }
+
+	/**
+	 * Compare Peer version tuples
+	 *
+	 * @return -1, 0, or 1 based on whether first tuple is less than, equal to, or greater than second
+	 */
+	static inline int compareVersion(unsigned int maj1,unsigned int min1,unsigned int rev1,unsigned int maj2,unsigned int min2,unsigned int rev2)
+		throw()
+	{
+		if (maj1 > maj2)
+			return 1;
+		else if (maj1 < maj2)
+			return -1;
+		else {
+			if (min1 > min2)
+				return 1;
+			else if (min1 < min2)
+				return -1;
+			else {
+				if (rev1 > rev2)
+					return 1;
+				else if (rev1 < rev2)
+					return -1;
+				else return 0;
+			}
+		}
+	}
+
+	/**
+	 * Hexadecimal characters 0-f
+	 */
+	static const char HEXCHARS[16];
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/node/World.hpp b/node/World.hpp
new file mode 100644
index 0000000..fdada2a
--- /dev/null
+++ b/node/World.hpp
@@ -0,0 +1,232 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_WORLD_HPP
+#define ZT_WORLD_HPP
+
+#include <vector>
+#include <string>
+
+#include "Constants.hpp"
+#include "InetAddress.hpp"
+#include "Identity.hpp"
+#include "Buffer.hpp"
+#include "C25519.hpp"
+
+/**
+ * Maximum number of roots (sanity limit, okay to increase)
+ *
+ * A given root can (through multi-homing) be distributed across any number of
+ * physical endpoints, but having more than one is good to permit total failure
+ * of one root or its withdrawal due to compromise without taking the whole net
+ * down.
+ */
+#define ZT_WORLD_MAX_ROOTS 4
+
+/**
+ * Maximum number of stable endpoints per root (sanity limit, okay to increase)
+ */
+#define ZT_WORLD_MAX_STABLE_ENDPOINTS_PER_ROOT 32
+
+/**
+ * The (more than) maximum length of a serialized World
+ */
+#define ZT_WORLD_MAX_SERIALIZED_LENGTH (((1024 + (32 * ZT_WORLD_MAX_STABLE_ENDPOINTS_PER_ROOT)) * ZT_WORLD_MAX_ROOTS) + ZT_C25519_PUBLIC_KEY_LEN + ZT_C25519_SIGNATURE_LEN + 128)
+
+/**
+ * World ID indicating null / empty World object
+ */
+#define ZT_WORLD_ID_NULL 0
+
+/**
+ * World ID for a test network with ephemeral or temporary roots
+ */
+#define ZT_WORLD_ID_TESTNET 1
+
+/**
+ * World ID for Earth
+ *
+ * This is the ID for the ZeroTier World used on planet Earth. It is unrelated
+ * to the public network 8056c2e21c000001 of the same name. It was chosen
+ * from Earth's approximate distance from the sun in kilometers.
+ */
+#define ZT_WORLD_ID_EARTH 149604618
+
+/**
+ * World ID for Mars -- for future use by SpaceX or others
+ */
+#define ZT_WORLD_ID_MARS 227883110
+
+namespace ZeroTier {
+
+/**
+ * A world definition (formerly known as a root topology)
+ *
+ * Think of a World as a single data center. Within this data center a set
+ * of distributed fault tolerant root servers provide stable anchor points
+ * for a peer to peer network that provides VLAN service. Updates to a world
+ * definition can be published by signing them with the previous revision's
+ * signing key, and should be very infrequent.
+ *
+ * The maximum data center size is approximately 2.5 cubic light seconds,
+ * since many protocols have issues with >5s RTT latencies.
+ *
+ * ZeroTier operates a World for Earth capable of encompassing the planet, its
+ * orbits, the Moon (about 1.3 light seconds), and nearby Lagrange points. A
+ * world ID for Mars and nearby space is defined but not yet used, and a test
+ * world ID is provided for testing purposes.
+ *
+ * If you absolutely must run your own "unofficial" ZeroTier network, please
+ * define your world IDs above 0xffffffff (4294967295). Code to make a World
+ * is in mkworld.cpp in the parent directory and must be edited to change
+ * settings.
+ */
+class World
+{
+public:
+	struct Root
+	{
+		Identity identity;
+		std::vector<InetAddress> stableEndpoints;
+
+		inline bool operator==(const Root &r) const throw() { return ((identity == r.identity)&&(stableEndpoints == r.stableEndpoints)); }
+		inline bool operator!=(const Root &r) const throw() { return (!(*this == r)); }
+		inline bool operator<(const Root &r) const throw() { return (identity < r.identity); } // for sorting
+	};
+
+	/**
+	 * Construct an empty / null World
+	 */
+	World() :
+		_id(ZT_WORLD_ID_NULL),
+		_ts(0) {}
+
+	/**
+	 * @return Root servers for this world and their stable endpoints
+	 */
+	inline const std::vector<World::Root> &roots() const throw() { return _roots; }
+
+	/**
+	 * @return World unique identifier
+	 */
+	inline uint64_t id() const throw() { return _id; }
+
+	/**
+	 * @return World definition timestamp
+	 */
+	inline uint64_t timestamp() const throw() { return _ts; }
+
+	/**
+	 * Check whether a world update should replace this one
+	 *
+	 * A new world update is valid if it is for the same world ID, is newer,
+	 * and is signed by the current world's signing key. If this world object
+	 * is null, it can always be updated.
+	 *
+	 * @param update Candidate update
+	 * @param fullSignatureCheck Perform full cryptographic signature check (true == yes, false == skip)
+	 * @return True if update is newer than current and is properly signed
+	 */
+	inline bool shouldBeReplacedBy(const World &update,bool fullSignatureCheck)
+	{
+		if (_id == ZT_WORLD_ID_NULL)
+			return true;
+		if ((_id == update._id)&&(_ts < update._ts)) {
+			if (fullSignatureCheck) {
+				Buffer<ZT_WORLD_MAX_SERIALIZED_LENGTH> tmp;
+				update.serialize(tmp,true);
+				return C25519::verify(_updateSigningKey,tmp.data(),tmp.size(),update._signature);
+			} else return true;
+		}
+		return false;
+	}
+
+	/**
+	 * @return True if this World is non-empty
+	 */
+	inline operator bool() const throw() { return (_id != ZT_WORLD_ID_NULL); }
+
+	template<unsigned int C>
+	inline void serialize(Buffer<C> &b,bool forSign = false) const
+	{
+		if (forSign)
+			b.append((uint64_t)0x7f7f7f7f7f7f7f7fULL);
+		b.append((uint8_t)0x01); // version -- only one valid value for now
+		b.append((uint64_t)_id);
+		b.append((uint64_t)_ts);
+		b.append(_updateSigningKey.data,ZT_C25519_PUBLIC_KEY_LEN);
+		if (!forSign)
+			b.append(_signature.data,ZT_C25519_SIGNATURE_LEN);
+		b.append((uint8_t)_roots.size());
+		for(std::vector<Root>::const_iterator r(_roots.begin());r!=_roots.end();++r) {
+			r->identity.serialize(b);
+			b.append((uint8_t)r->stableEndpoints.size());
+			for(std::vector<InetAddress>::const_iterator ep(r->stableEndpoints.begin());ep!=r->stableEndpoints.end();++ep)
+				ep->serialize(b);
+		}
+		if (forSign)
+			b.append((uint64_t)0xf7f7f7f7f7f7f7f7ULL);
+	}
+
+	template<unsigned int C>
+	inline unsigned int deserialize(const Buffer<C> &b,unsigned int startAt = 0)
+	{
+		unsigned int p = startAt;
+
+		_roots.clear();
+
+		if (b[p++] != 0x01)
+			throw std::invalid_argument("invalid World serialized version");
+
+		_id = b.template at<uint64_t>(p); p += 8;
+		_ts = b.template at<uint64_t>(p); p += 8;
+		memcpy(_updateSigningKey.data,b.field(p,ZT_C25519_PUBLIC_KEY_LEN),ZT_C25519_PUBLIC_KEY_LEN); p += ZT_C25519_PUBLIC_KEY_LEN;
+		memcpy(_signature.data,b.field(p,ZT_C25519_SIGNATURE_LEN),ZT_C25519_SIGNATURE_LEN); p += ZT_C25519_SIGNATURE_LEN;
+		unsigned int numRoots = b[p++];
+		if (numRoots > ZT_WORLD_MAX_ROOTS)
+			throw std::invalid_argument("too many roots in World");
+		for(unsigned int k=0;k<numRoots;++k) {
+			_roots.push_back(Root());
+			Root &r = _roots.back();
+			p += r.identity.deserialize(b,p);
+			unsigned int numStableEndpoints = b[p++];
+			if (numStableEndpoints > ZT_WORLD_MAX_STABLE_ENDPOINTS_PER_ROOT)
+				throw std::invalid_argument("too many stable endpoints in World/Root");
+			for(unsigned int kk=0;kk<numStableEndpoints;++kk) {
+				r.stableEndpoints.push_back(InetAddress());
+				p += r.stableEndpoints.back().deserialize(b,p);
+			}
+		}
+
+		return (p - startAt);
+	}
+
+	inline bool operator==(const World &w) const throw() { return ((_id == w._id)&&(_ts == w._ts)&&(_updateSigningKey == w._updateSigningKey)&&(_signature == w._signature)&&(_roots == w._roots)); }
+	inline bool operator!=(const World &w) const throw() { return (!(*this == w)); }
+
+protected:
+	uint64_t _id;
+	uint64_t _ts;
+	C25519::Public _updateSigningKey;
+	C25519::Signature _signature;
+	std::vector<Root> _roots;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/objects.mk b/objects.mk
new file mode 100644
index 0000000..4a7a36a
--- /dev/null
+++ b/objects.mk
@@ -0,0 +1,29 @@
+OBJS=\
+	node/C25519.o \
+	node/CertificateOfMembership.o \
+	node/Cluster.o \
+	node/DeferredPackets.o \
+	node/Identity.o \
+	node/IncomingPacket.o \
+	node/InetAddress.o \
+	node/Multicaster.o \
+	node/Network.o \
+	node/NetworkConfig.o \
+	node/Node.o \
+	node/OutboundMulticast.o \
+	node/Packet.o \
+	node/Path.o \
+	node/Peer.o \
+	node/Poly1305.o \
+	node/Salsa20.o \
+	node/SelfAwareness.o \
+	node/SHA512.o \
+	node/Switch.o \
+	node/Topology.o \
+	node/Utils.o \
+	osdep/BackgroundResolver.o \
+	osdep/ManagedRoute.o \
+	osdep/Http.o \
+	osdep/OSUtils.o \
+	service/ClusterGeoIpService.o \
+	service/ControlPlane.o
diff --git a/one.cpp b/one.cpp
new file mode 100644
index 0000000..9f7a0a2
--- /dev/null
+++ b/one.cpp
@@ -0,0 +1,1270 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <time.h>
+#include <errno.h>
+
+#include "node/Constants.hpp"
+
+#ifdef __WINDOWS__
+#include <WinSock2.h>
+#include <Windows.h>
+#include <tchar.h>
+#include <wchar.h>
+#include <lmcons.h>
+#include <newdev.h>
+#include <atlbase.h>
+#include "osdep/WindowsEthernetTap.hpp"
+#include "windows/ZeroTierOne/ServiceInstaller.h"
+#include "windows/ZeroTierOne/ServiceBase.h"
+#include "windows/ZeroTierOne/ZeroTierOneService.h"
+#else
+#include <unistd.h>
+#include <pwd.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <signal.h>
+#endif
+
+#include <string>
+#include <stdexcept>
+
+#include "version.h"
+#include "include/ZeroTierOne.h"
+
+#ifdef ZT_USE_SYSTEM_JSON_PARSER
+#include <json-parser/json.h>
+#else
+#include "ext/json-parser/json.h"
+#endif
+
+#include "node/Identity.hpp"
+#include "node/CertificateOfMembership.hpp"
+#include "node/Utils.hpp"
+#include "node/NetworkController.hpp"
+
+#include "osdep/OSUtils.hpp"
+#include "osdep/Http.hpp"
+
+#include "service/OneService.hpp"
+
+#define ZT_PID_PATH "zerotier-one.pid"
+
+using namespace ZeroTier;
+
+static OneService *volatile zt1Service = (OneService *)0;
+
+#define PROGRAM_NAME "ZeroTier One"
+#define COPYRIGHT_NOTICE "Copyright © 2011–2016 ZeroTier, Inc."
+#define LICENSE_GRANT \
+	"This is free software: you may copy, modify, and/or distribute this" ZT_EOL_S \
+	"work under the terms of the GNU General Public License, version 3 or" ZT_EOL_S \
+	"later as published by the Free Software Foundation." ZT_EOL_S \
+	"No warranty expressed or implied." ZT_EOL_S
+
+/****************************************************************************/
+/* zerotier-cli personality                                                 */
+/****************************************************************************/
+
+// This is getting deprecated soon in favor of the stuff in cli/
+
+static void cliPrintHelp(const char *pn,FILE *out)
+{
+	fprintf(out,
+		"%s version %d.%d.%d" ZT_EOL_S,
+		PROGRAM_NAME,
+		ZEROTIER_ONE_VERSION_MAJOR, ZEROTIER_ONE_VERSION_MINOR, ZEROTIER_ONE_VERSION_REVISION);
+	fprintf(out,
+		COPYRIGHT_NOTICE ZT_EOL_S
+		LICENSE_GRANT ZT_EOL_S);
+	fprintf(out,"Usage: %s [-switches] <command/path> [<args>]" ZT_EOL_S"" ZT_EOL_S,pn);
+	fprintf(out,"Available switches:" ZT_EOL_S);
+	fprintf(out,"  -h                      - Display this help" ZT_EOL_S);
+	fprintf(out,"  -v                      - Show version" ZT_EOL_S);
+	fprintf(out,"  -j                      - Display full raw JSON output" ZT_EOL_S);
+	fprintf(out,"  -D<path>                - ZeroTier home path for parameter auto-detect" ZT_EOL_S);
+	fprintf(out,"  -p<port>                - HTTP port (default: auto)" ZT_EOL_S);
+	fprintf(out,"  -T<token>               - Authentication token (default: auto)" ZT_EOL_S);
+	fprintf(out,ZT_EOL_S"Available commands:" ZT_EOL_S);
+	fprintf(out,"  info                    - Display status info" ZT_EOL_S);
+	fprintf(out,"  listpeers               - List all peers" ZT_EOL_S);
+	fprintf(out,"  listnetworks            - List all networks" ZT_EOL_S);
+	fprintf(out,"  join <network>          - Join a network" ZT_EOL_S);
+	fprintf(out,"  leave <network>         - Leave a network" ZT_EOL_S);
+	fprintf(out,"  set <network> <setting> - Set a network setting" ZT_EOL_S);
+}
+
+static std::string cliFixJsonCRs(const std::string &s)
+{
+	std::string r;
+	for(std::string::const_iterator c(s.begin());c!=s.end();++c) {
+		if (*c == '\n')
+			r.append(ZT_EOL_S);
+		else r.push_back(*c);
+	}
+	return r;
+}
+
+#ifdef __WINDOWS__
+static int cli(int argc, _TCHAR* argv[])
+#else
+static int cli(int argc,char **argv)
+#endif
+{
+	unsigned int port = 0;
+	std::string homeDir,command,arg1,arg2,authToken;
+	std::string ip("127.0.0.1");
+	bool json = false;
+	for(int i=1;i<argc;++i) {
+		if (argv[i][0] == '-') {
+			switch(argv[i][1]) {
+
+				case 'q': // ignore -q used to invoke this personality
+					if (argv[i][2]) {
+						cliPrintHelp(argv[0],stdout);
+						return 1;
+					}
+					break;
+
+				case 'j':
+					if (argv[i][2]) {
+						cliPrintHelp(argv[0],stdout);
+						return 1;
+					}
+					json = true;
+					break;
+
+				case 'p':
+					port = Utils::strToUInt(argv[i] + 2);
+					if ((port > 0xffff)||(port == 0)) {
+						cliPrintHelp(argv[0],stdout);
+						return 1;
+					}
+					break;
+
+				case 'D':
+					if (argv[i][2]) {
+						homeDir = argv[i] + 2;
+					} else {
+						cliPrintHelp(argv[0],stdout);
+						return 1;
+					}
+					break;
+
+				case 'H':
+					if (argv[i][2]) {
+						ip = argv[i] + 2;
+					} else {
+						cliPrintHelp(argv[0],stdout);
+						return 1;
+					}
+					break;
+
+				case 'T':
+					if (argv[i][2]) {
+						authToken = argv[i] + 2;
+					} else {
+						cliPrintHelp(argv[0],stdout);
+						return 1;
+					}
+					break;
+
+				case 'v':
+					if (argv[i][2]) {
+						cliPrintHelp(argv[0],stdout);
+						return 1;
+					}
+					printf("%d.%d.%d" ZT_EOL_S,ZEROTIER_ONE_VERSION_MAJOR,ZEROTIER_ONE_VERSION_MINOR,ZEROTIER_ONE_VERSION_REVISION);
+					return 0;
+
+				case 'h':
+				case '?':
+				default:
+					cliPrintHelp(argv[0],stdout);
+					return 0;
+			}
+		} else {
+			if (arg1.length())
+				arg2 = argv[i];
+			else if (command.length())
+				arg1 = argv[i];
+			else command = argv[i];
+		}
+	}
+	if (!homeDir.length())
+		homeDir = OneService::platformDefaultHomePath();
+
+	if ((!port)||(!authToken.length())) {
+		if (!homeDir.length()) {
+			fprintf(stderr,"%s: missing port or authentication token and no home directory specified to auto-detect" ZT_EOL_S,argv[0]);
+			return 2;
+		}
+
+		if (!port) {
+			std::string portStr;
+			OSUtils::readFile((homeDir + ZT_PATH_SEPARATOR_S + "zerotier-one.port").c_str(),portStr);
+			port = Utils::strToUInt(portStr.c_str());
+			if ((port == 0)||(port > 0xffff)) {
+				fprintf(stderr,"%s: missing port and zerotier-one.port not found in %s" ZT_EOL_S,argv[0],homeDir.c_str());
+				return 2;
+			}
+		}
+
+		if (!authToken.length()) {
+			OSUtils::readFile((homeDir + ZT_PATH_SEPARATOR_S + "authtoken.secret").c_str(),authToken);
+#ifdef __UNIX_LIKE__
+			if (!authToken.length()) {
+				const char *hd = getenv("HOME");
+				if (hd) {
+					char p[4096];
+#ifdef __APPLE__
+					Utils::snprintf(p,sizeof(p),"%s/Library/Application Support/ZeroTier/One/authtoken.secret",hd);
+#else
+					Utils::snprintf(p,sizeof(p),"%s/.zeroTierOneAuthToken",hd);
+#endif
+					OSUtils::readFile(p,authToken);
+				}
+			}
+#endif
+			if (!authToken.length()) {
+				fprintf(stderr,"%s: missing authentication token and authtoken.secret not found (or readable) in %s" ZT_EOL_S,argv[0],homeDir.c_str());
+				return 2;
+			}
+		}
+	}
+
+	InetAddress addr;
+	{
+		char addrtmp[256];
+		Utils::snprintf(addrtmp,sizeof(addrtmp),"%s/%u",ip.c_str(),port);
+		addr = InetAddress(addrtmp);
+	}
+
+	std::map<std::string,std::string> requestHeaders;
+	std::map<std::string,std::string> responseHeaders;
+	std::string responseBody;
+
+	requestHeaders["X-ZT1-Auth"] = authToken;
+
+	if ((command.length() > 0)&&(command[0] == '/')) {
+		unsigned int scode = Http::GET(
+			1024 * 1024 * 16,
+			60000,
+			(const struct sockaddr *)&addr,
+			command.c_str(),
+			requestHeaders,
+			responseHeaders,
+			responseBody);
+		if (scode == 200) {
+			printf("%s",cliFixJsonCRs(responseBody).c_str());
+			return 0;
+		} else {
+			printf("%u %s %s" ZT_EOL_S,scode,command.c_str(),responseBody.c_str());
+			return 1;
+		}
+	} else if ((command == "info")||(command == "status")) {
+		unsigned int scode = Http::GET(
+			1024 * 1024 * 16,
+			60000,
+			(const struct sockaddr *)&addr,
+			"/status",
+			requestHeaders,
+			responseHeaders,
+			responseBody);
+		if (scode == 200) {
+			if (json) {
+				printf("%s",cliFixJsonCRs(responseBody).c_str());
+				return 0;
+			} else {
+				json_value *j = json_parse(responseBody.c_str(),responseBody.length());
+				bool good = false;
+				if (j) {
+					if (j->type == json_object) {
+						const char *address = (const char *)0;
+						bool online = false;
+						const char *version = (const char *)0;
+						for(unsigned int k=0;k<j->u.object.length;++k) {
+							if ((!strcmp(j->u.object.values[k].name,"address"))&&(j->u.object.values[k].value->type == json_string))
+								address = j->u.object.values[k].value->u.string.ptr;
+							else if ((!strcmp(j->u.object.values[k].name,"version"))&&(j->u.object.values[k].value->type == json_string))
+								version = j->u.object.values[k].value->u.string.ptr;
+							else if ((!strcmp(j->u.object.values[k].name,"online"))&&(j->u.object.values[k].value->type == json_boolean))
+								online = (j->u.object.values[k].value->u.boolean != 0);
+						}
+						if ((address)&&(version)) {
+							printf("200 info %s %s %s" ZT_EOL_S,address,(online ? "ONLINE" : "OFFLINE"),version);
+							good = true;
+						}
+					}
+					json_value_free(j);
+				}
+				if (good) {
+					return 0;
+				} else {
+					printf("%u %s invalid JSON response" ZT_EOL_S,scode,command.c_str());
+					return 1;
+				}
+			}
+		} else {
+			printf("%u %s %s" ZT_EOL_S,scode,command.c_str(),responseBody.c_str());
+			return 1;
+		}
+	} else if (command == "listpeers") {
+		unsigned int scode = Http::GET(
+			1024 * 1024 * 16,
+			60000,
+			(const struct sockaddr *)&addr,
+			"/peer",
+			requestHeaders,
+			responseHeaders,
+			responseBody);
+		if (scode == 200) {
+			if (json) {
+				printf("%s",cliFixJsonCRs(responseBody).c_str());
+				return 0;
+			} else {
+				printf("200 listpeers <ztaddr> <paths> <latency> <version> <role>" ZT_EOL_S);
+				json_value *j = json_parse(responseBody.c_str(),responseBody.length());
+				if (j) {
+					if (j->type == json_array) {
+						for(unsigned int p=0;p<j->u.array.length;++p) {
+							json_value *jp = j->u.array.values[p];
+							if (jp->type == json_object) {
+								const char *address = (const char *)0;
+								std::string paths;
+								int64_t latency = 0;
+								int64_t versionMajor = -1,versionMinor = -1,versionRev = -1;
+								const char *role = (const char *)0;
+								for(unsigned int k=0;k<jp->u.object.length;++k) {
+									if ((!strcmp(jp->u.object.values[k].name,"address"))&&(jp->u.object.values[k].value->type == json_string))
+										address = jp->u.object.values[k].value->u.string.ptr;
+									else if ((!strcmp(jp->u.object.values[k].name,"versionMajor"))&&(jp->u.object.values[k].value->type == json_integer))
+										versionMajor = jp->u.object.values[k].value->u.integer;
+									else if ((!strcmp(jp->u.object.values[k].name,"versionMinor"))&&(jp->u.object.values[k].value->type == json_integer))
+										versionMinor = jp->u.object.values[k].value->u.integer;
+									else if ((!strcmp(jp->u.object.values[k].name,"versionRev"))&&(jp->u.object.values[k].value->type == json_integer))
+										versionRev = jp->u.object.values[k].value->u.integer;
+									else if ((!strcmp(jp->u.object.values[k].name,"role"))&&(jp->u.object.values[k].value->type == json_string))
+										role = jp->u.object.values[k].value->u.string.ptr;
+									else if ((!strcmp(jp->u.object.values[k].name,"latency"))&&(jp->u.object.values[k].value->type == json_integer))
+										latency = jp->u.object.values[k].value->u.integer;
+									else if ((!strcmp(jp->u.object.values[k].name,"paths"))&&(jp->u.object.values[k].value->type == json_array)) {
+										for(unsigned int pp=0;pp<jp->u.object.values[k].value->u.array.length;++pp) {
+											json_value *jpath = jp->u.object.values[k].value->u.array.values[pp];
+											if (jpath->type == json_object) {
+												const char *paddr = (const char *)0;
+												int64_t lastSend = 0;
+												int64_t lastReceive = 0;
+												bool preferred = false;
+												bool active = false;
+												for(unsigned int kk=0;kk<jpath->u.object.length;++kk) {
+													if ((!strcmp(jpath->u.object.values[kk].name,"address"))&&(jpath->u.object.values[kk].value->type == json_string))
+														paddr = jpath->u.object.values[kk].value->u.string.ptr;
+													else if ((!strcmp(jpath->u.object.values[kk].name,"lastSend"))&&(jpath->u.object.values[kk].value->type == json_integer))
+														lastSend = jpath->u.object.values[kk].value->u.integer;
+													else if ((!strcmp(jpath->u.object.values[kk].name,"lastReceive"))&&(jpath->u.object.values[kk].value->type == json_integer))
+														lastReceive = jpath->u.object.values[kk].value->u.integer;
+													else if ((!strcmp(jpath->u.object.values[kk].name,"preferred"))&&(jpath->u.object.values[kk].value->type == json_boolean))
+														preferred = (jpath->u.object.values[kk].value->u.boolean != 0);
+													else if ((!strcmp(jpath->u.object.values[kk].name,"active"))&&(jpath->u.object.values[kk].value->type == json_boolean))
+														active = (jpath->u.object.values[kk].value->u.boolean != 0);
+												}
+												if ((paddr)&&(active)) {
+													int64_t now = (int64_t)OSUtils::now();
+													if (lastSend > 0)
+														lastSend = now - lastSend;
+													if (lastReceive > 0)
+														lastReceive = now - lastReceive;
+													char pathtmp[256];
+													Utils::snprintf(pathtmp,sizeof(pathtmp),"%s;%lld;%lld;%s",
+														paddr,
+														lastSend,
+														lastReceive,
+														(preferred ? "preferred" : "active"));
+													if (paths.length())
+														paths.push_back(',');
+													paths.append(pathtmp);
+												}
+											}
+										}
+									}
+								}
+								if ((address)&&(role)) {
+									char verstr[64];
+									if ((versionMajor >= 0)&&(versionMinor >= 0)&&(versionRev >= 0))
+										Utils::snprintf(verstr,sizeof(verstr),"%lld.%lld.%lld",versionMajor,versionMinor,versionRev);
+									else {
+										verstr[0] = '-';
+										verstr[1] = (char)0;
+									}
+									printf("200 listpeers %s %s %lld %s %s" ZT_EOL_S,address,(paths.length()) ? paths.c_str() : "-",(long long)latency,verstr,role);
+								}
+							}
+						}
+					}
+					json_value_free(j);
+				}
+				return 0;
+			}
+		} else {
+			printf("%u %s %s" ZT_EOL_S,scode,command.c_str(),responseBody.c_str());
+			return 1;
+		}
+	} else if (command == "listnetworks") {
+		unsigned int scode = Http::GET(
+			1024 * 1024 * 16,
+			60000,
+			(const struct sockaddr *)&addr,
+			"/network",
+			requestHeaders,
+			responseHeaders,
+			responseBody);
+		if (scode == 200) {
+			if (json) {
+				printf("%s",cliFixJsonCRs(responseBody).c_str());
+				return 0;
+			} else {
+				printf("200 listnetworks <nwid> <name> <mac> <status> <type> <dev> <ZT assigned ips>" ZT_EOL_S);
+				json_value *j = json_parse(responseBody.c_str(),responseBody.length());
+				if (j) {
+					if (j->type == json_array) {
+						for(unsigned int p=0;p<j->u.array.length;++p) {
+							json_value *jn = j->u.array.values[p];
+							if (jn->type == json_object) {
+								const char *nwid = (const char *)0;
+								const char *name = "";
+								const char *mac = (const char *)0;
+								const char *status = (const char *)0;
+								const char *type = (const char *)0;
+								const char *portDeviceName = "";
+								std::string ips;
+								for(unsigned int k=0;k<jn->u.object.length;++k) {
+									if ((!strcmp(jn->u.object.values[k].name,"nwid"))&&(jn->u.object.values[k].value->type == json_string))
+										nwid = jn->u.object.values[k].value->u.string.ptr;
+									else if ((!strcmp(jn->u.object.values[k].name,"name"))&&(jn->u.object.values[k].value->type == json_string))
+										name = jn->u.object.values[k].value->u.string.ptr;
+									else if ((!strcmp(jn->u.object.values[k].name,"mac"))&&(jn->u.object.values[k].value->type == json_string))
+										mac = jn->u.object.values[k].value->u.string.ptr;
+									else if ((!strcmp(jn->u.object.values[k].name,"status"))&&(jn->u.object.values[k].value->type == json_string))
+										status = jn->u.object.values[k].value->u.string.ptr;
+									else if ((!strcmp(jn->u.object.values[k].name,"type"))&&(jn->u.object.values[k].value->type == json_string))
+										type = jn->u.object.values[k].value->u.string.ptr;
+									else if ((!strcmp(jn->u.object.values[k].name,"portDeviceName"))&&(jn->u.object.values[k].value->type == json_string))
+										portDeviceName = jn->u.object.values[k].value->u.string.ptr;
+									else if ((!strcmp(jn->u.object.values[k].name,"assignedAddresses"))&&(jn->u.object.values[k].value->type == json_array)) {
+										for(unsigned int a=0;a<jn->u.object.values[k].value->u.array.length;++a) {
+											json_value *aa = jn->u.object.values[k].value->u.array.values[a];
+											if (aa->type == json_string) {
+												if (ips.length())
+													ips.push_back(',');
+												ips.append(aa->u.string.ptr);
+											}
+										}
+									}
+								}
+								if ((nwid)&&(mac)&&(status)&&(type)) {
+									printf("200 listnetworks %s %s %s %s %s %s %s" ZT_EOL_S,
+										nwid,
+										(((name)&&(name[0])) ? name : "-"),
+										mac,
+										status,
+										type,
+										(((portDeviceName)&&(portDeviceName[0])) ? portDeviceName : "-"),
+										((ips.length() > 0) ? ips.c_str() : "-"));
+								}
+							}
+						}
+					}
+					json_value_free(j);
+				}
+			}
+		} else {
+			printf("%u %s %s" ZT_EOL_S,scode,command.c_str(),responseBody.c_str());
+			return 1;
+		}
+	} else if (command == "join") {
+		if (arg1.length() != 16) {
+			cliPrintHelp(argv[0],stderr);
+			return 2;
+		}
+		requestHeaders["Content-Type"] = "application/json";
+		requestHeaders["Content-Length"] = "2";
+		unsigned int scode = Http::POST(
+			1024 * 1024 * 16,
+			60000,
+			(const struct sockaddr *)&addr,
+			(std::string("/network/") + arg1).c_str(),
+			requestHeaders,
+			"{}",
+			2,
+			responseHeaders,
+			responseBody);
+		if (scode == 200) {
+			if (json) {
+				printf("%s",cliFixJsonCRs(responseBody).c_str());
+			} else {
+				printf("200 join OK" ZT_EOL_S);
+			}
+			return 0;
+		} else {
+			printf("%u %s %s" ZT_EOL_S,scode,command.c_str(),responseBody.c_str());
+			return 1;
+		}
+	} else if (command == "leave") {
+		if (arg1.length() != 16) {
+			cliPrintHelp(argv[0],stderr);
+			return 2;
+		}
+		unsigned int scode = Http::DEL(
+			1024 * 1024 * 16,
+			60000,
+			(const struct sockaddr *)&addr,
+			(std::string("/network/") + arg1).c_str(),
+			requestHeaders,
+			responseHeaders,
+			responseBody);
+		if (scode == 200) {
+			if (json) {
+				printf("%s",cliFixJsonCRs(responseBody).c_str());
+			} else {
+				printf("200 leave OK" ZT_EOL_S);
+			}
+			return 0;
+		} else {
+			printf("%u %s %s" ZT_EOL_S,scode,command.c_str(),responseBody.c_str());
+			return 1;
+		}
+	} else if (command == "set") {
+		if (arg1.length() != 16) {
+			cliPrintHelp(argv[0],stderr);
+			return 2;
+		}
+		std::size_t eqidx = arg2.find('=');
+		if (eqidx != std::string::npos) {
+			if ((arg2.substr(0,eqidx) == "allowManaged")||(arg2.substr(0,eqidx) == "allowGlobal")||(arg2.substr(0,eqidx) == "allowDefault")) {
+				char jsons[1024];
+				Utils::snprintf(jsons,sizeof(jsons),"{\"%s\":%s}",
+					arg2.substr(0,eqidx).c_str(),
+					(((arg2.substr(eqidx,2) == "=t")||(arg2.substr(eqidx,2) == "=1")) ? "true" : "false"));
+				char cl[128];
+				Utils::snprintf(cl,sizeof(cl),"%u",(unsigned int)strlen(jsons));
+				requestHeaders["Content-Type"] = "application/json";
+				requestHeaders["Content-Length"] = cl;
+				unsigned int scode = Http::POST(
+					1024 * 1024 * 16,
+					60000,
+					(const struct sockaddr *)&addr,
+					(std::string("/network/") + arg1).c_str(),
+					requestHeaders,
+					jsons,
+					strlen(jsons),
+					responseHeaders,
+					responseBody);
+				if (scode == 200) {
+					printf("%s",cliFixJsonCRs(responseBody).c_str());
+					return 0;
+				} else {
+					printf("%u %s %s" ZT_EOL_S,scode,command.c_str(),responseBody.c_str());
+					return 1;
+				}
+			}
+		} else {
+			cliPrintHelp(argv[0],stderr);
+			return 2;
+		}
+	} else {
+		cliPrintHelp(argv[0],stderr);
+		return 0;
+	}
+
+	return 0;
+}
+
+/****************************************************************************/
+/* zerotier-idtool personality                                              */
+/****************************************************************************/
+
+static void idtoolPrintHelp(FILE *out,const char *pn)
+{
+	fprintf(out,
+		"%s version %d.%d.%d" ZT_EOL_S,
+		PROGRAM_NAME,
+		ZEROTIER_ONE_VERSION_MAJOR, ZEROTIER_ONE_VERSION_MINOR, ZEROTIER_ONE_VERSION_REVISION);
+	fprintf(out,
+		COPYRIGHT_NOTICE ZT_EOL_S
+		LICENSE_GRANT ZT_EOL_S);
+	fprintf(out,"Usage: %s <command> [<args>]" ZT_EOL_S"" ZT_EOL_S"Commands:" ZT_EOL_S,pn);
+	fprintf(out,"  generate [<identity.secret>] [<identity.public>] [<vanity>]" ZT_EOL_S);
+	fprintf(out,"  validate <identity.secret/public>" ZT_EOL_S);
+	fprintf(out,"  getpublic <identity.secret>" ZT_EOL_S);
+	fprintf(out,"  sign <identity.secret> <file>" ZT_EOL_S);
+	fprintf(out,"  verify <identity.secret/public> <file> <signature>" ZT_EOL_S);
+	fprintf(out,"  mkcom <identity.secret> [<id,value,maxDelta> ...] (hexadecimal integers)" ZT_EOL_S);
+}
+
+static Identity getIdFromArg(char *arg)
+{
+	Identity id;
+	if ((strlen(arg) > 32)&&(arg[10] == ':')) { // identity is a literal on the command line
+		if (id.fromString(arg))
+			return id;
+	} else { // identity is to be read from a file
+		std::string idser;
+		if (OSUtils::readFile(arg,idser)) {
+			if (id.fromString(idser))
+				return id;
+		}
+	}
+	return Identity();
+}
+
+#ifdef __WINDOWS__
+static int idtool(int argc, _TCHAR* argv[])
+#else
+static int idtool(int argc,char **argv)
+#endif
+{
+	if (argc < 2) {
+		idtoolPrintHelp(stdout,argv[0]);
+		return 1;
+	}
+
+	if (!strcmp(argv[1],"generate")) {
+		uint64_t vanity = 0;
+		int vanityBits = 0;
+		if (argc >= 5) {
+			vanity = Utils::hexStrToU64(argv[4]) & 0xffffffffffULL;
+			vanityBits = 4 * strlen(argv[4]);
+			if (vanityBits > 40)
+				vanityBits = 40;
+		}
+
+		Identity id;
+		for(;;) {
+			id.generate();
+			if ((id.address().toInt() >> (40 - vanityBits)) == vanity) {
+				if (vanityBits > 0) {
+					fprintf(stderr,"vanity address: found %.10llx !\n",(unsigned long long)id.address().toInt());
+				}
+				break;
+			} else {
+				fprintf(stderr,"vanity address: tried %.10llx looking for first %d bits of %.10llx\n",(unsigned long long)id.address().toInt(),vanityBits,(unsigned long long)(vanity << (40 - vanityBits)));
+			}
+		}
+
+		std::string idser = id.toString(true);
+		if (argc >= 3) {
+			if (!OSUtils::writeFile(argv[2],idser)) {
+				fprintf(stderr,"Error writing to %s" ZT_EOL_S,argv[2]);
+				return 1;
+			} else printf("%s written" ZT_EOL_S,argv[2]);
+			if (argc >= 4) {
+				idser = id.toString(false);
+				if (!OSUtils::writeFile(argv[3],idser)) {
+					fprintf(stderr,"Error writing to %s" ZT_EOL_S,argv[3]);
+					return 1;
+				} else printf("%s written" ZT_EOL_S,argv[3]);
+			}
+		} else printf("%s",idser.c_str());
+	} else if (!strcmp(argv[1],"validate")) {
+		if (argc < 3) {
+			idtoolPrintHelp(stdout,argv[0]);
+			return 1;
+		}
+
+		Identity id = getIdFromArg(argv[2]);
+		if (!id) {
+			fprintf(stderr,"Identity argument invalid or file unreadable: %s" ZT_EOL_S,argv[2]);
+			return 1;
+		}
+
+		if (!id.locallyValidate()) {
+			fprintf(stderr,"%s FAILED validation." ZT_EOL_S,argv[2]);
+			return 1;
+		} else printf("%s is a valid identity" ZT_EOL_S,argv[2]);
+	} else if (!strcmp(argv[1],"getpublic")) {
+		if (argc < 3) {
+			idtoolPrintHelp(stdout,argv[0]);
+			return 1;
+		}
+
+		Identity id = getIdFromArg(argv[2]);
+		if (!id) {
+			fprintf(stderr,"Identity argument invalid or file unreadable: %s" ZT_EOL_S,argv[2]);
+			return 1;
+		}
+
+		printf("%s",id.toString(false).c_str());
+	} else if (!strcmp(argv[1],"sign")) {
+		if (argc < 4) {
+			idtoolPrintHelp(stdout,argv[0]);
+			return 1;
+		}
+
+		Identity id = getIdFromArg(argv[2]);
+		if (!id) {
+			fprintf(stderr,"Identity argument invalid or file unreadable: %s" ZT_EOL_S,argv[2]);
+			return 1;
+		}
+
+		if (!id.hasPrivate()) {
+			fprintf(stderr,"%s does not contain a private key (must use private to sign)" ZT_EOL_S,argv[2]);
+			return 1;
+		}
+
+		std::string inf;
+		if (!OSUtils::readFile(argv[3],inf)) {
+			fprintf(stderr,"%s is not readable" ZT_EOL_S,argv[3]);
+			return 1;
+		}
+		C25519::Signature signature = id.sign(inf.data(),(unsigned int)inf.length());
+		printf("%s",Utils::hex(signature.data,(unsigned int)signature.size()).c_str());
+	} else if (!strcmp(argv[1],"verify")) {
+		if (argc < 4) {
+			idtoolPrintHelp(stdout,argv[0]);
+			return 1;
+		}
+
+		Identity id = getIdFromArg(argv[2]);
+		if (!id) {
+			fprintf(stderr,"Identity argument invalid or file unreadable: %s" ZT_EOL_S,argv[2]);
+			return 1;
+		}
+
+		std::string inf;
+		if (!OSUtils::readFile(argv[3],inf)) {
+			fprintf(stderr,"%s is not readable" ZT_EOL_S,argv[3]);
+			return 1;
+		}
+
+		std::string signature(Utils::unhex(argv[4]));
+		if ((signature.length() > ZT_ADDRESS_LENGTH)&&(id.verify(inf.data(),(unsigned int)inf.length(),signature.data(),(unsigned int)signature.length()))) {
+			printf("%s signature valid" ZT_EOL_S,argv[3]);
+		} else {
+			fprintf(stderr,"%s signature check FAILED" ZT_EOL_S,argv[3]);
+			return 1;
+		}
+	} else if (!strcmp(argv[1],"mkcom")) {
+		if (argc < 3) {
+			idtoolPrintHelp(stdout,argv[0]);
+			return 1;
+		}
+
+		Identity id = getIdFromArg(argv[2]);
+		if ((!id)||(!id.hasPrivate())) {
+			fprintf(stderr,"Identity argument invalid, does not include private key, or file unreadable: %s" ZT_EOL_S,argv[2]);
+			return 1;
+		}
+
+		CertificateOfMembership com;
+		for(int a=3;a<argc;++a) {
+			std::vector<std::string> params(Utils::split(argv[a],",","",""));
+			if (params.size() == 3) {
+				uint64_t qId = Utils::hexStrToU64(params[0].c_str());
+				uint64_t qValue = Utils::hexStrToU64(params[1].c_str());
+				uint64_t qMaxDelta = Utils::hexStrToU64(params[2].c_str());
+				com.setQualifier(qId,qValue,qMaxDelta);
+			}
+		}
+		if (!com.sign(id)) {
+			fprintf(stderr,"Signature of certificate of membership failed." ZT_EOL_S);
+			return 1;
+		}
+
+		printf("%s",com.toString().c_str());
+	} else {
+		idtoolPrintHelp(stdout,argv[0]);
+		return 1;
+	}
+
+	return 0;
+}
+
+/****************************************************************************/
+/* Unix helper functions and signal handlers                                */
+/****************************************************************************/
+
+#ifdef __UNIX_LIKE__
+static void _sighandlerHup(int sig)
+{
+}
+static void _sighandlerQuit(int sig)
+{
+	OneService *s = zt1Service;
+	if (s)
+		s->terminate();
+	else exit(0);
+}
+#endif
+
+/****************************************************************************/
+/* Windows helper functions and signal handlers                             */
+/****************************************************************************/
+
+#ifdef __WINDOWS__
+// Console signal handler routine to allow CTRL+C to work, mostly for testing
+static BOOL WINAPI _winConsoleCtrlHandler(DWORD dwCtrlType)
+{
+	switch(dwCtrlType) {
+		case CTRL_C_EVENT:
+		case CTRL_BREAK_EVENT:
+		case CTRL_CLOSE_EVENT:
+		case CTRL_SHUTDOWN_EVENT:
+			OneService *s = zt1Service;
+			if (s)
+				s->terminate();
+			return TRUE;
+	}
+	return FALSE;
+}
+
+static void _winPokeAHole()
+{
+	char myPath[MAX_PATH];
+	DWORD ps = GetModuleFileNameA(NULL,myPath,sizeof(myPath));
+	if ((ps > 0)&&(ps < (DWORD)sizeof(myPath))) {
+		STARTUPINFOA startupInfo;
+		PROCESS_INFORMATION processInfo;
+
+		startupInfo.cb = sizeof(startupInfo);
+		memset(&startupInfo,0,sizeof(STARTUPINFOA));
+		memset(&processInfo,0,sizeof(PROCESS_INFORMATION));
+		if (CreateProcessA(NULL,(LPSTR)(std::string("C:\\Windows\\System32\\netsh.exe advfirewall firewall delete rule name=\"ZeroTier One\" program=\"") + myPath + "\"").c_str(),NULL,NULL,FALSE,CREATE_NO_WINDOW,NULL,NULL,&startupInfo,&processInfo)) {
+			WaitForSingleObject(processInfo.hProcess,INFINITE);
+			CloseHandle(processInfo.hProcess);
+			CloseHandle(processInfo.hThread);
+		}
+
+		startupInfo.cb = sizeof(startupInfo);
+		memset(&startupInfo,0,sizeof(STARTUPINFOA));
+		memset(&processInfo,0,sizeof(PROCESS_INFORMATION));
+		if (CreateProcessA(NULL,(LPSTR)(std::string("C:\\Windows\\System32\\netsh.exe advfirewall firewall add rule name=\"ZeroTier One\" dir=in action=allow program=\"") + myPath + "\" enable=yes").c_str(),NULL,NULL,FALSE,CREATE_NO_WINDOW,NULL,NULL,&startupInfo,&processInfo)) {
+			WaitForSingleObject(processInfo.hProcess,INFINITE);
+			CloseHandle(processInfo.hProcess);
+			CloseHandle(processInfo.hThread);
+		}
+
+		startupInfo.cb = sizeof(startupInfo);
+		memset(&startupInfo,0,sizeof(STARTUPINFOA));
+		memset(&processInfo,0,sizeof(PROCESS_INFORMATION));
+		if (CreateProcessA(NULL,(LPSTR)(std::string("C:\\Windows\\System32\\netsh.exe advfirewall firewall add rule name=\"ZeroTier One\" dir=out action=allow program=\"") + myPath + "\" enable=yes").c_str(),NULL,NULL,FALSE,CREATE_NO_WINDOW,NULL,NULL,&startupInfo,&processInfo)) {
+			WaitForSingleObject(processInfo.hProcess,INFINITE);
+			CloseHandle(processInfo.hProcess);
+			CloseHandle(processInfo.hThread);
+		}
+	}
+}
+
+// Returns true if this is running as the local administrator
+static BOOL IsCurrentUserLocalAdministrator(void)
+{
+	BOOL   fReturn         = FALSE;
+	DWORD  dwStatus;
+	DWORD  dwAccessMask;
+	DWORD  dwAccessDesired;
+	DWORD  dwACLSize;
+	DWORD  dwStructureSize = sizeof(PRIVILEGE_SET);
+	PACL   pACL            = NULL;
+	PSID   psidAdmin       = NULL;
+
+	HANDLE hToken              = NULL;
+	HANDLE hImpersonationToken = NULL;
+
+	PRIVILEGE_SET   ps;
+	GENERIC_MAPPING GenericMapping;
+
+	PSECURITY_DESCRIPTOR     psdAdmin           = NULL;
+	SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
+
+	const DWORD ACCESS_READ  = 1;
+	const DWORD ACCESS_WRITE = 2;
+
+	__try
+	{
+		if (!OpenThreadToken(GetCurrentThread(), TOKEN_DUPLICATE|TOKEN_QUERY,TRUE,&hToken))
+		{
+			if (GetLastError() != ERROR_NO_TOKEN)
+				__leave;
+			if (!OpenProcessToken(GetCurrentProcess(),TOKEN_DUPLICATE|TOKEN_QUERY, &hToken))
+				__leave;
+		}
+		if (!DuplicateToken (hToken, SecurityImpersonation,&hImpersonationToken))
+			__leave;
+		if (!AllocateAndInitializeSid(&SystemSidAuthority, 2,
+			SECURITY_BUILTIN_DOMAIN_RID,
+			DOMAIN_ALIAS_RID_ADMINS,
+			0, 0, 0, 0, 0, 0, &psidAdmin))
+			__leave;
+		psdAdmin = LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
+		if (psdAdmin == NULL)
+			__leave;
+		if (!InitializeSecurityDescriptor(psdAdmin,SECURITY_DESCRIPTOR_REVISION))
+			__leave;
+		dwACLSize = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(psidAdmin) - sizeof(DWORD);
+		pACL = (PACL)LocalAlloc(LPTR, dwACLSize);
+		if (pACL == NULL)
+			__leave;
+		if (!InitializeAcl(pACL, dwACLSize, ACL_REVISION2))
+			__leave;
+		dwAccessMask= ACCESS_READ | ACCESS_WRITE;
+		if (!AddAccessAllowedAce(pACL, ACL_REVISION2, dwAccessMask, psidAdmin))
+			__leave;
+		if (!SetSecurityDescriptorDacl(psdAdmin, TRUE, pACL, FALSE))
+			__leave;
+
+		SetSecurityDescriptorGroup(psdAdmin, psidAdmin, FALSE);
+		SetSecurityDescriptorOwner(psdAdmin, psidAdmin, FALSE);
+
+		if (!IsValidSecurityDescriptor(psdAdmin))
+			__leave;
+		dwAccessDesired = ACCESS_READ;
+
+		GenericMapping.GenericRead    = ACCESS_READ;
+		GenericMapping.GenericWrite   = ACCESS_WRITE;
+		GenericMapping.GenericExecute = 0;
+		GenericMapping.GenericAll     = ACCESS_READ | ACCESS_WRITE;
+
+		if (!AccessCheck(psdAdmin, hImpersonationToken, dwAccessDesired,
+			&GenericMapping, &ps, &dwStructureSize, &dwStatus,
+			&fReturn))
+		{
+			fReturn = FALSE;
+			__leave;
+		}
+	}
+	__finally
+	{
+		// Clean up.
+		if (pACL) LocalFree(pACL);
+		if (psdAdmin) LocalFree(psdAdmin);
+		if (psidAdmin) FreeSid(psidAdmin);
+		if (hImpersonationToken) CloseHandle (hImpersonationToken);
+		if (hToken) CloseHandle (hToken);
+	}
+
+	return fReturn;
+}
+#endif // __WINDOWS__
+
+/****************************************************************************/
+/* main() and friends                                                       */
+/****************************************************************************/
+
+static void printHelp(const char *cn,FILE *out)
+{
+	fprintf(out,
+		"%s version %d.%d.%d" ZT_EOL_S,
+		PROGRAM_NAME,
+		ZEROTIER_ONE_VERSION_MAJOR, ZEROTIER_ONE_VERSION_MINOR, ZEROTIER_ONE_VERSION_REVISION);
+	fprintf(out,
+		COPYRIGHT_NOTICE ZT_EOL_S
+		LICENSE_GRANT ZT_EOL_S);
+	std::string updateUrl(OneService::autoUpdateUrl());
+	if (updateUrl.length())
+		fprintf(out,"Automatic updates enabled:" ZT_EOL_S"  %s" ZT_EOL_S"  (all updates are securely authenticated by 256-bit ECDSA signature)" ZT_EOL_S"" ZT_EOL_S,updateUrl.c_str());
+	fprintf(out,"Usage: %s [-switches] [home directory]" ZT_EOL_S"" ZT_EOL_S,cn);
+	fprintf(out,"Available switches:" ZT_EOL_S);
+	fprintf(out,"  -h                - Display this help" ZT_EOL_S);
+	fprintf(out,"  -v                - Show version" ZT_EOL_S);
+	fprintf(out,"  -U                - Run as unprivileged user (skip privilege check)" ZT_EOL_S);
+	fprintf(out,"  -p<port>          - Port for UDP and TCP/HTTP (default: 9993, 0 for random)" ZT_EOL_S);
+
+#ifdef __UNIX_LIKE__
+	fprintf(out,"  -d                - Fork and run as daemon (Unix-ish OSes)" ZT_EOL_S);
+#endif // __UNIX_LIKE__
+
+#ifdef __WINDOWS__
+	fprintf(out,"  -C                - Run from command line instead of as service (Windows)" ZT_EOL_S);
+	fprintf(out,"  -I                - Install Windows service (Windows)" ZT_EOL_S);
+	fprintf(out,"  -R                - Uninstall Windows service (Windows)" ZT_EOL_S);
+	fprintf(out,"  -D                - Remove all instances of Windows tap device (Windows)" ZT_EOL_S);
+#endif // __WINDOWS__
+
+	fprintf(out,"  -i                - Generate and manage identities (zerotier-idtool)" ZT_EOL_S);
+	fprintf(out,"  -q                - Query API (zerotier-cli)" ZT_EOL_S);
+}
+
+#ifdef __WINDOWS__
+int _tmain(int argc, _TCHAR* argv[])
+#else
+int main(int argc,char **argv)
+#endif
+{
+#ifdef __UNIX_LIKE__
+	signal(SIGHUP,&_sighandlerHup);
+	signal(SIGPIPE,SIG_IGN);
+	signal(SIGUSR1,SIG_IGN);
+	signal(SIGUSR2,SIG_IGN);
+	signal(SIGALRM,SIG_IGN);
+	signal(SIGINT,&_sighandlerQuit);
+	signal(SIGTERM,&_sighandlerQuit);
+	signal(SIGQUIT,&_sighandlerQuit);
+
+	/* Ensure that there are no inherited file descriptors open from a previous
+	 * incarnation. This is a hack to ensure that GitHub issue #61 or variants
+	 * of it do not return, and should not do anything otherwise bad. */
+	{
+		int mfd = STDIN_FILENO;
+		if (STDOUT_FILENO > mfd) mfd = STDOUT_FILENO;
+		if (STDERR_FILENO > mfd) mfd = STDERR_FILENO;
+		for(int f=mfd+1;f<1024;++f)
+			::close(f);
+	}
+
+	bool runAsDaemon = false;
+#endif // __UNIX_LIKE__
+
+#ifdef __WINDOWS__
+	{
+		WSADATA wsaData;
+		WSAStartup(MAKEWORD(2,2),&wsaData);
+	}
+
+#ifdef ZT_WIN_RUN_IN_CONSOLE
+	bool winRunFromCommandLine = true;
+#else
+	bool winRunFromCommandLine = false;
+#endif
+#endif // __WINDOWS__
+
+	if ((strstr(argv[0],"zerotier-idtool"))||(strstr(argv[0],"ZEROTIER-IDTOOL")))
+		return idtool(argc,argv);
+	if ((strstr(argv[0],"zerotier-cli"))||(strstr(argv[0],"ZEROTIER-CLI")))
+		return cli(argc,argv);
+
+	std::string homeDir;
+	unsigned int port = ZT_DEFAULT_PORT;
+	bool skipRootCheck = false;
+
+	for(int i=1;i<argc;++i) {
+		if (argv[i][0] == '-') {
+			switch(argv[i][1]) {
+
+				case 'p': // port -- for both UDP and TCP, packets and control plane
+					port = Utils::strToUInt(argv[i] + 2);
+					if (port > 0xffff) {
+						printHelp(argv[0],stdout);
+						return 1;
+					}
+					break;
+
+#ifdef __UNIX_LIKE__
+				case 'd': // Run in background as daemon
+					runAsDaemon = true;
+					break;
+#endif // __UNIX_LIKE__
+
+				case 'U':
+					skipRootCheck = true;
+					break;
+
+				case 'v': // Display version
+					printf("%d.%d.%d" ZT_EOL_S,ZEROTIER_ONE_VERSION_MAJOR,ZEROTIER_ONE_VERSION_MINOR,ZEROTIER_ONE_VERSION_REVISION);
+					return 0;
+
+				case 'i': // Invoke idtool personality
+					if (argv[i][2]) {
+						printHelp(argv[0],stdout);
+						return 0;
+					} else return idtool(argc,argv);
+
+				case 'q': // Invoke cli personality
+					if (argv[i][2]) {
+						printHelp(argv[0],stdout);
+						return 0;
+					} else return cli(argc,argv);
+
+#ifdef __WINDOWS__
+				case 'C': // Run from command line instead of as Windows service
+					winRunFromCommandLine = true;
+					break;
+
+				case 'I': { // Install this binary as a Windows service
+						if (IsCurrentUserLocalAdministrator() != TRUE) {
+							fprintf(stderr,"%s: must be run as a local administrator." ZT_EOL_S,argv[0]);
+							return 1;
+						}
+						std::string ret(InstallService(ZT_SERVICE_NAME,ZT_SERVICE_DISPLAY_NAME,ZT_SERVICE_START_TYPE,ZT_SERVICE_DEPENDENCIES,ZT_SERVICE_ACCOUNT,ZT_SERVICE_PASSWORD));
+						if (ret.length()) {
+							fprintf(stderr,"%s: unable to install service: %s" ZT_EOL_S,argv[0],ret.c_str());
+							return 3;
+						}
+						return 0;
+					} break;
+
+				case 'R': { // Uninstall this binary as Windows service
+						if (IsCurrentUserLocalAdministrator() != TRUE) {
+							fprintf(stderr,"%s: must be run as a local administrator." ZT_EOL_S,argv[0]);
+							return 1;
+						}
+						std::string ret(UninstallService(ZT_SERVICE_NAME));
+						if (ret.length()) {
+							fprintf(stderr,"%s: unable to uninstall service: %s" ZT_EOL_S,argv[0],ret.c_str());
+							return 3;
+						}
+						return 0;
+					} break;
+
+				case 'D': {
+						std::string err = WindowsEthernetTap::destroyAllPersistentTapDevices();
+						if (err.length() > 0) {
+							fprintf(stderr,"%s: unable to uninstall one or more persistent tap devices: %s" ZT_EOL_S,argv[0],err.c_str());
+							return 3;
+						}
+						return 0;
+					} break;
+#endif // __WINDOWS__
+
+				case 'h':
+				case '?':
+				default:
+					printHelp(argv[0],stdout);
+					return 0;
+			}
+		} else {
+			if (homeDir.length()) {
+				printHelp(argv[0],stdout);
+				return 0;
+			} else {
+				homeDir = argv[i];
+			}
+		}
+	}
+
+	if (!homeDir.length())
+		homeDir = OneService::platformDefaultHomePath();
+	if (!homeDir.length()) {
+		fprintf(stderr,"%s: no home path specified and no platform default available" ZT_EOL_S,argv[0]);
+		return 1;
+	} else {
+		std::vector<std::string> hpsp(Utils::split(homeDir.c_str(),ZT_PATH_SEPARATOR_S,"",""));
+		std::string ptmp;
+		if (homeDir[0] == ZT_PATH_SEPARATOR)
+			ptmp.push_back(ZT_PATH_SEPARATOR);
+		for(std::vector<std::string>::iterator pi(hpsp.begin());pi!=hpsp.end();++pi) {
+			if (ptmp.length() > 0)
+				ptmp.push_back(ZT_PATH_SEPARATOR);
+			ptmp.append(*pi);
+			if ((*pi != ".")&&(*pi != "..")) {
+				if (!OSUtils::mkdir(ptmp))
+					throw std::runtime_error("home path does not exist, and could not create");
+			}
+		}
+	}
+
+#ifdef __UNIX_LIKE__
+#ifndef ZT_ONE_NO_ROOT_CHECK
+	if ((!skipRootCheck)&&(getuid() != 0)) {
+		fprintf(stderr,"%s: must be run as root (uid 0)" ZT_EOL_S,argv[0]);
+		return 1;
+	}
+#endif // !ZT_ONE_NO_ROOT_CHECK
+	if (runAsDaemon) {
+		long p = (long)fork();
+		if (p < 0) {
+			fprintf(stderr,"%s: could not fork" ZT_EOL_S,argv[0]);
+			return 1;
+		} else if (p > 0)
+			return 0; // forked
+		// else p == 0, so we are daemonized
+	}
+#endif // __UNIX_LIKE__
+
+#ifdef __WINDOWS__
+	// Uninstall legacy tap devices. New devices will automatically be installed and configured
+	// when tap instances are created.
+	WindowsEthernetTap::destroyAllLegacyPersistentTapDevices();
+
+	if (winRunFromCommandLine) {
+		// Running in "interactive" mode (mostly for debugging)
+		if (IsCurrentUserLocalAdministrator() != TRUE) {
+			if (!skipRootCheck) {
+				fprintf(stderr,"%s: must be run as a local administrator." ZT_EOL_S,argv[0]);
+				return 1;
+			}
+		} else {
+			_winPokeAHole();
+		}
+		SetConsoleCtrlHandler(&_winConsoleCtrlHandler,TRUE);
+		// continues on to ordinary command line execution code below...
+	} else {
+		// Running from service manager
+		_winPokeAHole();
+		ZeroTierOneService zt1Service;
+		if (CServiceBase::Run(zt1Service) == TRUE) {
+			return 0;
+		} else {
+			fprintf(stderr,"%s: unable to start service (try -h for help)" ZT_EOL_S,argv[0]);
+			return 1;
+		}
+	}
+#endif // __WINDOWS__
+
+#ifdef __UNIX_LIKE__
+	std::string pidPath(homeDir + ZT_PATH_SEPARATOR_S + ZT_PID_PATH);
+	{
+		// Write .pid file to home folder
+		FILE *pf = fopen(pidPath.c_str(),"w");
+		if (pf) {
+			fprintf(pf,"%ld",(long)getpid());
+			fclose(pf);
+		}
+	}
+#endif // __UNIX_LIKE__
+
+	unsigned int returnValue = 0;
+
+	for(;;) {
+		zt1Service = OneService::newInstance(homeDir.c_str(),port);
+		switch(zt1Service->run()) {
+			case OneService::ONE_STILL_RUNNING: // shouldn't happen, run() won't return until done
+			case OneService::ONE_NORMAL_TERMINATION:
+				break;
+			case OneService::ONE_UNRECOVERABLE_ERROR:
+				fprintf(stderr,"%s: fatal error: %s" ZT_EOL_S,argv[0],zt1Service->fatalErrorMessage().c_str());
+				returnValue = 1;
+				break;
+			case OneService::ONE_IDENTITY_COLLISION: {
+				delete zt1Service;
+				zt1Service = (OneService *)0;
+				std::string oldid;
+				OSUtils::readFile((homeDir + ZT_PATH_SEPARATOR_S + "identity.secret").c_str(),oldid);
+				if (oldid.length()) {
+					OSUtils::writeFile((homeDir + ZT_PATH_SEPARATOR_S + "identity.secret.saved_after_collision").c_str(),oldid);
+					OSUtils::rm((homeDir + ZT_PATH_SEPARATOR_S + "identity.secret").c_str());
+					OSUtils::rm((homeDir + ZT_PATH_SEPARATOR_S + "identity.public").c_str());
+				}
+			}	continue; // restart!
+		}
+		break; // terminate loop -- normally we don't keep restarting
+	}
+
+	delete zt1Service;
+	zt1Service = (OneService *)0;
+
+#ifdef __UNIX_LIKE__
+	OSUtils::rm(pidPath.c_str());
+#endif
+
+	return returnValue;
+}
diff --git a/osdep/Arp.cpp b/osdep/Arp.cpp
new file mode 100644
index 0000000..fcc122f
--- /dev/null
+++ b/osdep/Arp.cpp
@@ -0,0 +1,126 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "Arp.hpp"
+#include "OSUtils.hpp"
+
+namespace ZeroTier {
+
+static const uint8_t ARP_REQUEST_HEADER[8] = { 0x00,0x01,0x08,0x00,0x06,0x04,0x00,0x01 };
+static const uint8_t ARP_RESPONSE_HEADER[8] = { 0x00,0x01,0x08,0x00,0x06,0x04,0x00,0x02 };
+
+Arp::Arp() :
+	_cache(256),
+	_lastCleaned(OSUtils::now())
+{
+}
+
+void Arp::addLocal(uint32_t ip,const MAC &mac)
+{
+	_ArpEntry &e = _cache[ip];
+	e.lastQuerySent = 0; // local IP
+	e.lastResponseReceived = 0; // local IP
+	e.mac = mac;
+	e.local = true;
+}
+
+void Arp::remove(uint32_t ip)
+{
+	_cache.erase(ip);
+}
+
+uint32_t Arp::processIncomingArp(const void *arp,unsigned int len,void *response,unsigned int &responseLen,MAC &responseDest)
+{
+	const uint64_t now = OSUtils::now();
+	uint32_t ip = 0;
+
+	responseLen = 0;
+	responseDest.zero();
+
+	if (len >= 28) {
+		if (!memcmp(arp,ARP_REQUEST_HEADER,8)) {
+			// Respond to ARP requests for locally-known IPs
+			_ArpEntry *targetEntry = _cache.get(reinterpret_cast<const uint32_t *>(arp)[6]);
+			if ((targetEntry)&&(targetEntry->local)) {
+				memcpy(response,ARP_RESPONSE_HEADER,8);
+				targetEntry->mac.copyTo(reinterpret_cast<uint8_t *>(response) + 8,6);
+				memcpy(reinterpret_cast<uint8_t *>(response) + 14,reinterpret_cast<const uint8_t *>(arp) + 24,4);
+				memcpy(reinterpret_cast<uint8_t *>(response) + 18,reinterpret_cast<const uint8_t *>(arp) + 8,10);
+				responseLen = 28;
+				responseDest.setTo(reinterpret_cast<const uint8_t *>(arp) + 8,6);
+			}
+		} else if (!memcmp(arp,ARP_RESPONSE_HEADER,8)) {
+			// Learn cache entries for remote IPs from relevant ARP replies
+			uint32_t responseIp = 0;
+			memcpy(&responseIp,reinterpret_cast<const uint8_t *>(arp) + 14,4);
+			_ArpEntry *queryEntry = _cache.get(responseIp);
+			if ((queryEntry)&&(!queryEntry->local)&&((now - queryEntry->lastQuerySent) <= ZT_ARP_QUERY_MAX_TTL)) {
+				queryEntry->lastResponseReceived = now;
+				queryEntry->mac.setTo(reinterpret_cast<const uint8_t *>(arp) + 8,6);
+				ip = responseIp;
+			}
+		}
+	}
+
+	if ((now - _lastCleaned) >= ZT_ARP_EXPIRE) {
+		_lastCleaned = now;
+		Hashtable< uint32_t,_ArpEntry >::Iterator i(_cache);
+		uint32_t *k = (uint32_t *)0;
+		_ArpEntry *v = (_ArpEntry *)0;
+		while (i.next(k,v)) {
+			if ((!v->local)&&((now - v->lastResponseReceived) >= ZT_ARP_EXPIRE))
+				_cache.erase(*k);
+		}
+	}
+
+	return ip;
+}
+
+MAC Arp::query(const MAC &localMac,uint32_t localIp,uint32_t targetIp,void *query,unsigned int &queryLen,MAC &queryDest)
+{
+	const uint64_t now = OSUtils::now();
+
+	_ArpEntry &e = _cache[targetIp];
+
+	if ( ((e.mac)&&((now - e.lastResponseReceived) >= (ZT_ARP_EXPIRE / 3))) ||
+	     ((!e.mac)&&((now - e.lastQuerySent) >= ZT_ARP_QUERY_INTERVAL)) ) {
+		e.lastQuerySent = now;
+
+		uint8_t *q = reinterpret_cast<uint8_t *>(query);
+		memcpy(q,ARP_REQUEST_HEADER,8); q += 8; // ARP request header information, always the same
+		localMac.copyTo(q,6); q += 6; // sending host MAC address
+        memcpy(q,&localIp,4); q += 4; // sending host IP (IP already in big-endian byte order)
+		memset(q,0,6); q += 6; // sending zeros for target MAC address as thats what we want to find
+		memcpy(q,&targetIp,4); // target IP address for resolution (IP already in big-endian byte order)
+		queryLen = 28;
+		if (e.mac)
+			queryDest = e.mac; // confirmation query, send directly to address holder
+		else queryDest = (uint64_t)0xffffffffffffULL; // broadcast query
+	} else {
+		queryLen = 0;
+		queryDest.zero();
+	}
+
+	return e.mac;
+}
+
+} // namespace ZeroTier
diff --git a/osdep/Arp.hpp b/osdep/Arp.hpp
new file mode 100644
index 0000000..5f0d199
--- /dev/null
+++ b/osdep/Arp.hpp
@@ -0,0 +1,148 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_ARP_HPP
+#define ZT_ARP_HPP
+
+#include <stdint.h>
+
+#include <utility>
+
+#include "../node/Constants.hpp"
+#include "../node/Hashtable.hpp"
+#include "../node/MAC.hpp"
+
+/**
+ * Maximum possible ARP length
+ *
+ * ARPs are 28 bytes in length, but specify a 128 byte buffer since
+ * some weird extensions we may support in the future can pad them
+ * out to as long as 72 bytes.
+ */
+#define ZT_ARP_BUF_LENGTH 128
+
+/**
+ * Minimum permitted interval between sending ARP queries for a given IP
+ */
+#define ZT_ARP_QUERY_INTERVAL 2000
+
+/**
+ * Maximum time between query and response, otherwise responses are discarded to prevent poisoning
+ */
+#define ZT_ARP_QUERY_MAX_TTL 5000
+
+/**
+ * ARP expiration time
+ */
+#define ZT_ARP_EXPIRE 600000
+
+namespace ZeroTier {
+
+/**
+ * ARP cache and resolver
+ *
+ * To implement ARP:
+ *
+ * (1) Call processIncomingArp() on all ARP packets received and then always
+ * check responseLen after calling. If it is non-zero, send the contents
+ * of response to responseDest.
+ *
+ * (2) Call query() to look up IP addresses, and then check queryLen. If it
+ * is non-zero, send the contents of query to queryDest (usually broadcast).
+ *
+ * Note that either of these functions can technically generate a response or
+ * a query at any time, so their result parameters for sending ARPs should
+ * always be checked.
+ *
+ * This class is not thread-safe and must be guarded if used in multi-threaded
+ * code.
+ */
+class Arp
+{
+public:
+	Arp();
+
+	/**
+	 * Set a local IP entry that we should respond to ARPs for
+	 *
+	 * @param mac Our local MAC address
+	 * @param ip IP in big-endian byte order (sin_addr.s_addr)
+	 */
+	void addLocal(uint32_t ip,const MAC &mac);
+
+	/**
+	 * Delete a local IP entry or a cached ARP entry
+	 *
+	 * @param ip IP in big-endian byte order (sin_addr.s_addr)
+	 */
+	void remove(uint32_t ip);
+
+	/**
+	 * Process ARP packets
+	 *
+	 * For ARP queries, a response is generated and responseLen is set to its
+	 * frame payload length in bytes.
+	 *
+	 * For ARP responses, the cache is populated and the IP address entry that
+	 * was learned is returned.
+	 *
+	 * @param arp ARP frame data
+	 * @param len Length of ARP frame (usually 28)
+	 * @param response Response buffer -- MUST be a minimum of ZT_ARP_BUF_LENGTH in size
+	 * @param responseLen Response length, or set to 0 if no response
+	 * @param responseDest Destination of response, or set to null if no response
+	 * @return IP address learned or 0 if no new IPs in cache
+	 */
+	uint32_t processIncomingArp(const void *arp,unsigned int len,void *response,unsigned int &responseLen,MAC &responseDest);
+
+	/**
+	 * Get the MAC corresponding to an IP, generating a query if needed
+	 *
+	 * This returns a MAC for a remote IP. The local MAC is returned for local
+	 * IPs as well. It may also generate a query if the IP is not known or the
+	 * entry needs to be refreshed. In this case queryLen will be set to a
+	 * non-zero value, so this should always be checked on return even if the
+	 * MAC returned is non-null.
+	 *
+	 * @param localMac Local MAC address of host interface
+     * @param localIp Local IP address of host interface
+	 * @param targetIp IP to look up
+	 * @param query Buffer for generated query -- MUST be a minimum of ZT_ARP_BUF_LENGTH in size
+	 * @param queryLen Length of generated query, or set to 0 if no query generated
+	 * @param queryDest Destination of query, or set to null if no query generated
+	 * @return MAC or 0 if no cached entry for this IP
+	 */
+	MAC query(const MAC &localMac,uint32_t localIp,uint32_t targetIp,void *query,unsigned int &queryLen,MAC &queryDest);
+
+private:
+	struct _ArpEntry
+	{
+		_ArpEntry() : lastQuerySent(0),lastResponseReceived(0),mac(),local(false) {}
+		uint64_t lastQuerySent; // Time last query was sent or 0 for local IP
+		uint64_t lastResponseReceived; // Time of last ARP response or 0 for local IP
+		MAC mac; // MAC address of device responsible for IP or null if not known yet
+		bool local; // True if this is a local ARP entry
+	};
+
+	Hashtable< uint32_t,_ArpEntry > _cache;
+	uint64_t _lastCleaned;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/osdep/BSDEthernetTap.cpp b/osdep/BSDEthernetTap.cpp
new file mode 100644
index 0000000..e8d36c9
--- /dev/null
+++ b/osdep/BSDEthernetTap.cpp
@@ -0,0 +1,460 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include <unistd.h>
+#include <signal.h>
+
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/ioctl.h>
+#include <sys/wait.h>
+#include <sys/select.h>
+#include <sys/cdefs.h>
+#include <sys/uio.h>
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <net/if.h>
+#include <ifaddrs.h>
+#include <net/if_arp.h>
+#include <net/if_dl.h>
+#include <net/if_media.h>
+#include <net/route.h>
+
+#include <string>
+#include <map>
+#include <set>
+#include <algorithm>
+#include <utility>
+
+#include "../node/Constants.hpp"
+#include "../node/Utils.hpp"
+#include "../node/Mutex.hpp"
+#include "OSUtils.hpp"
+#include "BSDEthernetTap.hpp"
+
+#define ZT_BASE32_CHARS "0123456789abcdefghijklmnopqrstuv"
+
+// ff:ff:ff:ff:ff:ff with no ADI
+static const ZeroTier::MulticastGroup _blindWildcardMulticastGroup(ZeroTier::MAC(0xff),0);
+
+namespace ZeroTier {
+
+BSDEthernetTap::BSDEthernetTap(
+	const char *homePath,
+	const MAC &mac,
+	unsigned int mtu,
+	unsigned int metric,
+	uint64_t nwid,
+	const char *friendlyName,
+	void (*handler)(void *,uint64_t,const MAC &,const MAC &,unsigned int,unsigned int,const void *,unsigned int),
+	void *arg) :
+	_handler(handler),
+	_arg(arg),
+	_nwid(nwid),
+	_mtu(mtu),
+	_metric(metric),
+	_fd(0),
+	_enabled(true)
+{
+	static Mutex globalTapCreateLock;
+	char devpath[64],ethaddr[64],mtustr[32],metstr[32],tmpdevname[32];
+	struct stat stattmp;
+
+	// On FreeBSD at least we can rename, so use nwid to generate a deterministic unique zt#### name using base32
+	// As a result we don't use desiredDevice
+	_dev = "zt";
+	_dev.push_back(ZT_BASE32_CHARS[(unsigned long)((nwid >> 60) & 0x1f)]);
+	_dev.push_back(ZT_BASE32_CHARS[(unsigned long)((nwid >> 55) & 0x1f)]);
+	_dev.push_back(ZT_BASE32_CHARS[(unsigned long)((nwid >> 50) & 0x1f)]);
+	_dev.push_back(ZT_BASE32_CHARS[(unsigned long)((nwid >> 45) & 0x1f)]);
+	_dev.push_back(ZT_BASE32_CHARS[(unsigned long)((nwid >> 40) & 0x1f)]);
+	_dev.push_back(ZT_BASE32_CHARS[(unsigned long)((nwid >> 35) & 0x1f)]);
+	_dev.push_back(ZT_BASE32_CHARS[(unsigned long)((nwid >> 30) & 0x1f)]);
+	_dev.push_back(ZT_BASE32_CHARS[(unsigned long)((nwid >> 25) & 0x1f)]);
+	_dev.push_back(ZT_BASE32_CHARS[(unsigned long)((nwid >> 20) & 0x1f)]);
+	_dev.push_back(ZT_BASE32_CHARS[(unsigned long)((nwid >> 15) & 0x1f)]);
+	_dev.push_back(ZT_BASE32_CHARS[(unsigned long)((nwid >> 10) & 0x1f)]);
+	_dev.push_back(ZT_BASE32_CHARS[(unsigned long)((nwid >> 5) & 0x1f)]);
+	_dev.push_back(ZT_BASE32_CHARS[(unsigned long)(nwid & 0x1f)]);
+
+	Mutex::Lock _gl(globalTapCreateLock);
+
+	if (mtu > 2800)
+		throw std::runtime_error("max tap MTU is 2800");
+
+	// On BSD we create taps and they can have high numbers, so use ones starting
+	// at 9993 to not conflict with other stuff. Then we rename it to zt<base32 of nwid>
+	std::vector<std::string> devFiles(OSUtils::listDirectory("/dev"));
+	for(int i=9993;i<(9993+128);++i) {
+		Utils::snprintf(tmpdevname,sizeof(tmpdevname),"tap%d",i);
+		Utils::snprintf(devpath,sizeof(devpath),"/dev/%s",tmpdevname);
+		if (std::find(devFiles.begin(),devFiles.end(),std::string(tmpdevname)) == devFiles.end()) {
+			long cpid = (long)vfork();
+			if (cpid == 0) {
+				::execl("/sbin/ifconfig","/sbin/ifconfig",tmpdevname,"create",(const char *)0);
+				::_exit(-1);
+			} else if (cpid > 0) {
+				int exitcode = -1;
+				::waitpid(cpid,&exitcode,0);
+			} else throw std::runtime_error("fork() failed");
+
+			if (!stat(devpath,&stattmp)) {
+				cpid = (long)vfork();
+				if (cpid == 0) {
+					::execl("/sbin/ifconfig","/sbin/ifconfig",tmpdevname,"name",_dev.c_str(),(const char *)0);
+					::_exit(-1);
+				} else if (cpid > 0) {
+					int exitcode = -1;
+					::waitpid(cpid,&exitcode,0);
+					if (exitcode)
+						throw std::runtime_error("ifconfig rename operation failed");
+				} else throw std::runtime_error("fork() failed");
+
+				_fd = ::open(devpath,O_RDWR);
+				if (_fd > 0)
+					break;
+				else throw std::runtime_error("unable to open created tap device");
+			} else {
+				throw std::runtime_error("cannot find /dev node for newly created tap device");
+			}
+		}
+	}
+
+	if (_fd <= 0)
+		throw std::runtime_error("unable to open TAP device or no more devices available");
+
+	if (fcntl(_fd,F_SETFL,fcntl(_fd,F_GETFL) & ~O_NONBLOCK) == -1) {
+		::close(_fd);
+		throw std::runtime_error("unable to set flags on file descriptor for TAP device");
+	}
+
+	// Configure MAC address and MTU, bring interface up
+	Utils::snprintf(ethaddr,sizeof(ethaddr),"%.2x:%.2x:%.2x:%.2x:%.2x:%.2x",(int)mac[0],(int)mac[1],(int)mac[2],(int)mac[3],(int)mac[4],(int)mac[5]);
+	Utils::snprintf(mtustr,sizeof(mtustr),"%u",_mtu);
+	Utils::snprintf(metstr,sizeof(metstr),"%u",_metric);
+	long cpid = (long)vfork();
+	if (cpid == 0) {
+		::execl("/sbin/ifconfig","/sbin/ifconfig",_dev.c_str(),"lladdr",ethaddr,"mtu",mtustr,"metric",metstr,"up",(const char *)0);
+		::_exit(-1);
+	} else if (cpid > 0) {
+		int exitcode = -1;
+		::waitpid(cpid,&exitcode,0);
+		if (exitcode) {
+			::close(_fd);
+			throw std::runtime_error("ifconfig failure setting link-layer address and activating tap interface");
+		}
+	}
+
+	// Set close-on-exec so that devices cannot persist if we fork/exec for update
+	fcntl(_fd,F_SETFD,fcntl(_fd,F_GETFD) | FD_CLOEXEC);
+
+	::pipe(_shutdownSignalPipe);
+
+	_thread = Thread::start(this);
+}
+
+BSDEthernetTap::~BSDEthernetTap()
+{
+	::write(_shutdownSignalPipe[1],"\0",1); // causes thread to exit
+	Thread::join(_thread);
+	::close(_fd);
+	::close(_shutdownSignalPipe[0]);
+	::close(_shutdownSignalPipe[1]);
+
+	long cpid = (long)vfork();
+	if (cpid == 0) {
+		::execl("/sbin/ifconfig","/sbin/ifconfig",_dev.c_str(),"destroy",(const char *)0);
+		::_exit(-1);
+	} else if (cpid > 0) {
+		int exitcode = -1;
+		::waitpid(cpid,&exitcode,0);
+	}
+}
+
+void BSDEthernetTap::setEnabled(bool en)
+{
+	_enabled = en;
+}
+
+bool BSDEthernetTap::enabled() const
+{
+	return _enabled;
+}
+
+static bool ___removeIp(const std::string &_dev,const InetAddress &ip)
+{
+	long cpid = (long)vfork();
+	if (cpid == 0) {
+		execl("/sbin/ifconfig","/sbin/ifconfig",_dev.c_str(),"inet",ip.toIpString().c_str(),"-alias",(const char *)0);
+		_exit(-1);
+	} else if (cpid > 0) {
+		int exitcode = -1;
+		waitpid(cpid,&exitcode,0);
+		return (exitcode == 0);
+	}
+	return false; // never reached, make compiler shut up about return value
+}
+
+bool BSDEthernetTap::addIp(const InetAddress &ip)
+{
+	if (!ip)
+		return false;
+
+	std::vector<InetAddress> allIps(ips());
+	if (std::find(allIps.begin(),allIps.end(),ip) != allIps.end())
+		return true; // IP/netmask already assigned
+
+	// Remove and reconfigure if address is the same but netmask is different
+	for(std::vector<InetAddress>::iterator i(allIps.begin());i!=allIps.end();++i) {
+		if ((i->ipsEqual(ip))&&(i->netmaskBits() != ip.netmaskBits())) {
+			if (___removeIp(_dev,*i))
+				break;
+		}
+	}
+
+	long cpid = (long)vfork();
+	if (cpid == 0) {
+		::execl("/sbin/ifconfig","/sbin/ifconfig",_dev.c_str(),ip.isV4() ? "inet" : "inet6",ip.toString().c_str(),"alias",(const char *)0);
+		::_exit(-1);
+	} else if (cpid > 0) {
+		int exitcode = -1;
+		::waitpid(cpid,&exitcode,0);
+		return (exitcode == 0);
+	}
+	return false;
+}
+
+bool BSDEthernetTap::removeIp(const InetAddress &ip)
+{
+	if (!ip)
+		return false;
+	std::vector<InetAddress> allIps(ips());
+	if (std::find(allIps.begin(),allIps.end(),ip) != allIps.end()) {
+		if (___removeIp(_dev,ip))
+			return true;
+	}
+	return false;
+}
+
+std::vector<InetAddress> BSDEthernetTap::ips() const
+{
+	struct ifaddrs *ifa = (struct ifaddrs *)0;
+	if (getifaddrs(&ifa))
+		return std::vector<InetAddress>();
+
+	std::vector<InetAddress> r;
+
+	struct ifaddrs *p = ifa;
+	while (p) {
+		if ((!strcmp(p->ifa_name,_dev.c_str()))&&(p->ifa_addr)&&(p->ifa_netmask)&&(p->ifa_addr->sa_family == p->ifa_netmask->sa_family)) {
+			switch(p->ifa_addr->sa_family) {
+				case AF_INET: {
+					struct sockaddr_in *sin = (struct sockaddr_in *)p->ifa_addr;
+					struct sockaddr_in *nm = (struct sockaddr_in *)p->ifa_netmask;
+					r.push_back(InetAddress(&(sin->sin_addr.s_addr),4,Utils::countBits((uint32_t)nm->sin_addr.s_addr)));
+				}	break;
+				case AF_INET6: {
+					struct sockaddr_in6 *sin = (struct sockaddr_in6 *)p->ifa_addr;
+					struct sockaddr_in6 *nm = (struct sockaddr_in6 *)p->ifa_netmask;
+					uint32_t b[4];
+					memcpy(b,nm->sin6_addr.s6_addr,sizeof(b));
+					r.push_back(InetAddress(sin->sin6_addr.s6_addr,16,Utils::countBits(b[0]) + Utils::countBits(b[1]) + Utils::countBits(b[2]) + Utils::countBits(b[3])));
+				}	break;
+			}
+		}
+		p = p->ifa_next;
+	}
+
+	if (ifa)
+		freeifaddrs(ifa);
+
+	std::sort(r.begin(),r.end());
+	std::unique(r.begin(),r.end());
+
+	return r;
+}
+
+void BSDEthernetTap::put(const MAC &from,const MAC &to,unsigned int etherType,const void *data,unsigned int len)
+{
+	char putBuf[4096];
+	if ((_fd > 0)&&(len <= _mtu)&&(_enabled)) {
+		to.copyTo(putBuf,6);
+		from.copyTo(putBuf + 6,6);
+		*((uint16_t *)(putBuf + 12)) = htons((uint16_t)etherType);
+		memcpy(putBuf + 14,data,len);
+		len += 14;
+		::write(_fd,putBuf,len);
+	}
+}
+
+std::string BSDEthernetTap::deviceName() const
+{
+	return _dev;
+}
+
+void BSDEthernetTap::setFriendlyName(const char *friendlyName)
+{
+}
+
+void BSDEthernetTap::scanMulticastGroups(std::vector<MulticastGroup> &added,std::vector<MulticastGroup> &removed)
+{
+	std::vector<MulticastGroup> newGroups;
+
+	struct ifmaddrs *ifmap = (struct ifmaddrs *)0;
+	if (!getifmaddrs(&ifmap)) {
+		struct ifmaddrs *p = ifmap;
+		while (p) {
+			if (p->ifma_addr->sa_family == AF_LINK) {
+				struct sockaddr_dl *in = (struct sockaddr_dl *)p->ifma_name;
+				struct sockaddr_dl *la = (struct sockaddr_dl *)p->ifma_addr;
+				if ((la->sdl_alen == 6)&&(in->sdl_nlen <= _dev.length())&&(!memcmp(_dev.data(),in->sdl_data,in->sdl_nlen)))
+					newGroups.push_back(MulticastGroup(MAC(la->sdl_data + la->sdl_nlen,6),0));
+			}
+			p = p->ifma_next;
+		}
+		freeifmaddrs(ifmap);
+	}
+
+	std::vector<InetAddress> allIps(ips());
+	for(std::vector<InetAddress>::iterator ip(allIps.begin());ip!=allIps.end();++ip)
+		newGroups.push_back(MulticastGroup::deriveMulticastGroupForAddressResolution(*ip));
+
+	std::sort(newGroups.begin(),newGroups.end());
+	std::unique(newGroups.begin(),newGroups.end());
+
+	for(std::vector<MulticastGroup>::iterator m(newGroups.begin());m!=newGroups.end();++m) {
+		if (!std::binary_search(_multicastGroups.begin(),_multicastGroups.end(),*m))
+			added.push_back(*m);
+	}
+	for(std::vector<MulticastGroup>::iterator m(_multicastGroups.begin());m!=_multicastGroups.end();++m) {
+		if (!std::binary_search(newGroups.begin(),newGroups.end(),*m))
+			removed.push_back(*m);
+	}
+
+	_multicastGroups.swap(newGroups);
+}
+
+/*
+bool BSDEthernetTap::updateMulticastGroups(std::set<MulticastGroup> &groups)
+{
+	std::set<MulticastGroup> newGroups;
+	struct ifmaddrs *ifmap = (struct ifmaddrs *)0;
+	if (!getifmaddrs(&ifmap)) {
+		struct ifmaddrs *p = ifmap;
+		while (p) {
+			if (p->ifma_addr->sa_family == AF_LINK) {
+				struct sockaddr_dl *in = (struct sockaddr_dl *)p->ifma_name;
+				struct sockaddr_dl *la = (struct sockaddr_dl *)p->ifma_addr;
+				if ((la->sdl_alen == 6)&&(in->sdl_nlen <= _dev.length())&&(!memcmp(_dev.data(),in->sdl_data,in->sdl_nlen)))
+					newGroups.insert(MulticastGroup(MAC(la->sdl_data + la->sdl_nlen,6),0));
+			}
+			p = p->ifma_next;
+		}
+		freeifmaddrs(ifmap);
+	}
+
+	{
+		std::set<InetAddress> allIps(ips());
+		for(std::set<InetAddress>::const_iterator i(allIps.begin());i!=allIps.end();++i)
+			newGroups.insert(MulticastGroup::deriveMulticastGroupForAddressResolution(*i));
+	}
+
+	bool changed = false;
+
+	for(std::set<MulticastGroup>::iterator mg(newGroups.begin());mg!=newGroups.end();++mg) {
+		if (!groups.count(*mg)) {
+			groups.insert(*mg);
+			changed = true;
+		}
+	}
+	for(std::set<MulticastGroup>::iterator mg(groups.begin());mg!=groups.end();) {
+		if ((!newGroups.count(*mg))&&(*mg != _blindWildcardMulticastGroup)) {
+			groups.erase(mg++);
+			changed = true;
+		} else ++mg;
+	}
+
+	return changed;
+}
+*/
+
+void BSDEthernetTap::threadMain()
+	throw()
+{
+	fd_set readfds,nullfds;
+	MAC to,from;
+	int n,nfds,r;
+	char getBuf[8194];
+
+	// Wait for a moment after startup -- wait for Network to finish
+	// constructing itself.
+	Thread::sleep(500);
+
+	FD_ZERO(&readfds);
+	FD_ZERO(&nullfds);
+	nfds = (int)std::max(_shutdownSignalPipe[0],_fd) + 1;
+
+	r = 0;
+	for(;;) {
+		FD_SET(_shutdownSignalPipe[0],&readfds);
+		FD_SET(_fd,&readfds);
+		select(nfds,&readfds,&nullfds,&nullfds,(struct timeval *)0);
+
+		if (FD_ISSET(_shutdownSignalPipe[0],&readfds)) // writes to shutdown pipe terminate thread
+			break;
+
+		if (FD_ISSET(_fd,&readfds)) {
+			n = (int)::read(_fd,getBuf + r,sizeof(getBuf) - r);
+			if (n < 0) {
+				if ((errno != EINTR)&&(errno != ETIMEDOUT))
+					break;
+			} else {
+				// Some tap drivers like to send the ethernet frame and the
+				// payload in two chunks, so handle that by accumulating
+				// data until we have at least a frame.
+				r += n;
+				if (r > 14) {
+					if (r > ((int)_mtu + 14)) // sanity check for weird TAP behavior on some platforms
+						r = _mtu + 14;
+
+					if (_enabled) {
+						to.setTo(getBuf,6);
+						from.setTo(getBuf + 6,6);
+						unsigned int etherType = ntohs(((const uint16_t *)getBuf)[6]);
+						// TODO: VLAN support
+						_handler(_arg,_nwid,from,to,etherType,0,(const void *)(getBuf + 14),r - 14);
+					}
+
+					r = 0;
+				}
+			}
+		}
+	}
+}
+
+} // namespace ZeroTier
diff --git a/osdep/BSDEthernetTap.hpp b/osdep/BSDEthernetTap.hpp
new file mode 100644
index 0000000..1bb48d3
--- /dev/null
+++ b/osdep/BSDEthernetTap.hpp
@@ -0,0 +1,80 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_BSDETHERNETTAP_HPP
+#define ZT_BSDETHERNETTAP_HPP
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <string>
+#include <vector>
+#include <stdexcept>
+
+#include "../node/Constants.hpp"
+#include "../node/MulticastGroup.hpp"
+#include "../node/MAC.hpp"
+#include "Thread.hpp"
+
+namespace ZeroTier {
+
+class BSDEthernetTap
+{
+public:
+	BSDEthernetTap(
+		const char *homePath,
+		const MAC &mac,
+		unsigned int mtu,
+		unsigned int metric,
+		uint64_t nwid,
+		const char *friendlyName,
+		void (*handler)(void *,uint64_t,const MAC &,const MAC &,unsigned int,unsigned int,const void *,unsigned int),
+		void *arg);
+
+	~BSDEthernetTap();
+
+	void setEnabled(bool en);
+	bool enabled() const;
+	bool addIp(const InetAddress &ip);
+	bool removeIp(const InetAddress &ip);
+	std::vector<InetAddress> ips() const;
+	void put(const MAC &from,const MAC &to,unsigned int etherType,const void *data,unsigned int len);
+	std::string deviceName() const;
+	void setFriendlyName(const char *friendlyName);
+	void scanMulticastGroups(std::vector<MulticastGroup> &added,std::vector<MulticastGroup> &removed);
+
+	void threadMain()
+		throw();
+
+private:
+	void (*_handler)(void *,uint64_t,const MAC &,const MAC &,unsigned int,unsigned int,const void *,unsigned int);
+	void *_arg;
+	uint64_t _nwid;
+	Thread _thread;
+	std::string _dev;
+	std::vector<MulticastGroup> _multicastGroups;
+	unsigned int _mtu;
+	unsigned int _metric;
+	int _fd;
+	int _shutdownSignalPipe[2];
+	volatile bool _enabled;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/osdep/BackgroundResolver.cpp b/osdep/BackgroundResolver.cpp
new file mode 100644
index 0000000..ffcfdba
--- /dev/null
+++ b/osdep/BackgroundResolver.cpp
@@ -0,0 +1,121 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "OSUtils.hpp"
+#include "Thread.hpp"
+#include "BackgroundResolver.hpp"
+
+namespace ZeroTier {
+
+/*
+ * We can't actually abort a job. This is a legacy characteristic of the
+ * ancient synchronous resolver APIs. So to abort jobs, we just abandon
+ * them by setting their parent to null.
+ */
+class BackgroundResolverJob
+{
+public:
+	std::string name;
+	BackgroundResolver *volatile parent;
+	Mutex lock;
+
+	void threadMain()
+		throw()
+	{
+		std::vector<InetAddress> ips;
+		try {
+			ips = OSUtils::resolve(name.c_str());
+		} catch ( ... ) {}
+		{
+			Mutex::Lock _l(lock);
+			BackgroundResolver *p = parent;
+			if (p)
+				p->_postResult(ips);
+		}
+		delete this;
+	}
+};
+
+BackgroundResolver::BackgroundResolver(const char *name) :
+	_name(name),
+	_job((BackgroundResolverJob *)0),
+	_callback(0),
+	_arg((void *)0),
+	_ips(),
+	_lock()
+{
+}
+
+BackgroundResolver::~BackgroundResolver()
+{
+	abort();
+}
+
+std::vector<InetAddress> BackgroundResolver::get() const
+{
+	Mutex::Lock _l(_lock);
+	return _ips;
+}
+
+void BackgroundResolver::resolveNow(void (*callback)(BackgroundResolver *,void *),void *arg)
+{
+	Mutex::Lock _l(_lock);
+
+	if (_job) {
+		Mutex::Lock _l2(_job->lock);
+		_job->parent = (BackgroundResolver *)0;
+		_job = (BackgroundResolverJob *)0;
+	}
+
+	BackgroundResolverJob *j = new BackgroundResolverJob();
+	j->name = _name;
+	j->parent = this;
+
+	_job = j;
+	_callback = callback;
+	_arg = arg;
+
+	_jobThread = Thread::start(j);
+}
+
+void BackgroundResolver::abort()
+{
+	Mutex::Lock _l(_lock);
+	if (_job) {
+		Mutex::Lock _l2(_job->lock);
+		_job->parent = (BackgroundResolver *)0;
+		_job = (BackgroundResolverJob *)0;
+	}
+}
+
+void BackgroundResolver::_postResult(const std::vector<InetAddress> &ips)
+{
+	void (*cb)(BackgroundResolver *,void *);
+	void *a;
+	{
+		Mutex::Lock _l(_lock);
+		_job = (BackgroundResolverJob *)0;
+		cb = _callback;
+		a = _arg;
+		_ips = ips;
+	}
+	if (cb)
+		cb(this,a);
+}
+
+} // namespace ZeroTier
diff --git a/osdep/BackgroundResolver.hpp b/osdep/BackgroundResolver.hpp
new file mode 100644
index 0000000..ba89548
--- /dev/null
+++ b/osdep/BackgroundResolver.hpp
@@ -0,0 +1,118 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_BACKGROUNDRESOLVER_HPP
+#define ZT_BACKGROUNDRESOLVER_HPP
+
+#include <vector>
+#include <string>
+
+#include "../node/Constants.hpp"
+#include "../node/Mutex.hpp"
+#include "../node/InetAddress.hpp"
+#include "../node/NonCopyable.hpp"
+#include "Thread.hpp"
+
+namespace ZeroTier {
+
+class BackgroundResolverJob;
+
+/**
+ * A simple background resolver
+ */
+class BackgroundResolver : NonCopyable
+{
+	friend class BackgroundResolverJob;
+
+public:
+	/**
+	 * Construct a new resolver
+	 *
+	 * resolveNow() must be called to actually initiate background resolution.
+	 *
+	 * @param name Name to resolve
+	 */
+	BackgroundResolver(const char *name);
+
+	~BackgroundResolver();
+
+	/**
+	 * @return Most recent resolver results or empty vector if none
+	 */
+	std::vector<InetAddress> get() const;
+
+	/**
+	 * Launch a background resolve job now
+	 *
+	 * If a resolve job is currently in progress, it is aborted and another
+	 * job is started.
+	 *
+	 * Note that jobs can't actually be aborted due to the limitations of the
+	 * ancient synchronous OS resolver APIs. As a result, in progress jobs
+	 * that are aborted are simply abandoned. Don't call this too frequently
+	 * or background threads might pile up.
+	 *
+	 * @param callback Callback function to receive notification or NULL if none
+	 * @praam arg Second argument to callback function
+	 */
+	void resolveNow(void (*callback)(BackgroundResolver *,void *) = 0,void *arg = 0);
+
+	/**
+	 * Abort (abandon) any current resolve jobs
+	 */
+	void abort();
+
+	/**
+	 * @return True if a background job is in progress
+	 */
+	inline bool running() const
+	{
+		Mutex::Lock _l(_lock);
+		return (_job != (BackgroundResolverJob *)0);
+	}
+
+	/**
+	 * Wait for pending job to complete (if any)
+	 */
+	inline void wait() const
+	{
+		Thread t;
+		{
+			Mutex::Lock _l(_lock);
+			if (!_job)
+				return;
+			t = _jobThread;
+		}
+		Thread::join(t);
+	}
+
+private:
+	void _postResult(const std::vector<InetAddress> &ips);
+
+	std::string _name;
+	BackgroundResolverJob *_job;
+	Thread _jobThread;
+	void (*_callback)(BackgroundResolver *,void *);
+	void *_arg;
+	std::vector<InetAddress> _ips;
+	Mutex _lock;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/osdep/Binder.hpp b/osdep/Binder.hpp
new file mode 100644
index 0000000..72456d3
--- /dev/null
+++ b/osdep/Binder.hpp
@@ -0,0 +1,327 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_BINDER_HPP
+#define ZT_BINDER_HPP
+
+#include "../node/Constants.hpp"
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef __WINDOWS__
+#include <WinSock2.h>
+#include <Windows.h>
+#include <ShlObj.h>
+#include <netioapi.h>
+#include <iphlpapi.h>
+#else
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/wait.h>
+#include <unistd.h>
+#include <ifaddrs.h>
+#ifdef __LINUX__
+#include <sys/ioctl.h>
+#include <net/if.h>
+#endif
+#endif
+
+#include <string>
+#include <vector>
+#include <algorithm>
+#include <utility>
+#include <map>
+
+#include "../node/NonCopyable.hpp"
+#include "../node/InetAddress.hpp"
+#include "../node/Mutex.hpp"
+
+#include "Phy.hpp"
+
+/**
+ * Period between binder rescans/refreshes
+ *
+ * OneService also does this on detected restarts.
+ */
+#define ZT_BINDER_REFRESH_PERIOD 30000
+
+namespace ZeroTier {
+
+/**
+ * Enumerates local devices and binds to all potential ZeroTier path endpoints
+ *
+ * This replaces binding to wildcard (0.0.0.0 and ::0) with explicit binding
+ * as part of the path to default gateway support. Under the hood it uses
+ * different queries on different OSes to enumerate devices, and also exposes
+ * device enumeration and endpoint IP data for use elsewhere.
+ *
+ * On OSes that do not support local port enumeration or where this is not
+ * meaningful, this degrades to binding to wildcard.
+ */
+class Binder : NonCopyable
+{
+private:
+	struct _Binding
+	{
+		_Binding() :
+			udpSock((PhySocket *)0),
+			tcpListenSock((PhySocket *)0),
+			address() {}
+
+		PhySocket *udpSock;
+		PhySocket *tcpListenSock;
+		InetAddress address;
+	};
+
+public:
+	Binder() {}
+
+	/**
+	 * Close all bound ports
+	 *
+	 * This should be called on shutdown. It closes listen sockets and UDP ports
+	 * but not TCP connections from any TCP listen sockets.
+	 *
+	 * @param phy Physical interface
+	 */
+	template<typename PHY_HANDLER_TYPE>
+	void closeAll(Phy<PHY_HANDLER_TYPE> &phy)
+	{
+		Mutex::Lock _l(_lock);
+		for(typename std::vector<_Binding>::const_iterator i(_bindings.begin());i!=_bindings.end();++i) {
+			phy.close(i->udpSock,false);
+			phy.close(i->tcpListenSock,false);
+		}
+	}
+
+	/**
+	 * Scan local devices and addresses and rebind TCP and UDP
+	 *
+	 * This should be called after wake from sleep, on detected network device
+	 * changes, on startup, or periodically (e.g. every 30-60s).
+	 *
+	 * @param phy Physical interface
+	 * @param port Port to bind to on all interfaces (TCP and UDP)
+	 * @param ignoreInterfacesByName Ignore these interfaces by name
+	 * @param ignoreInterfacesByNamePrefix Ignore these interfaces by name-prefix (starts-with, e.g. zt ignores zt*)
+	 * @param ignoreInterfacesByAddress Ignore these interfaces by address
+	 * @tparam PHY_HANDLER_TYPE Type for Phy<> template
+	 * @tparam INTERFACE_CHECKER Type for class containing shouldBindInterface() method
+	 */
+	template<typename PHY_HANDLER_TYPE,typename INTERFACE_CHECKER>
+	void refresh(Phy<PHY_HANDLER_TYPE> &phy,unsigned int port,INTERFACE_CHECKER &ifChecker)
+	{
+		std::map<InetAddress,std::string> localIfAddrs;
+		PhySocket *udps;
+		//PhySocket *tcps;
+		Mutex::Lock _l(_lock);
+
+#ifdef __WINDOWS__
+
+		char aabuf[32768];
+		ULONG aalen = sizeof(aabuf);
+		if (GetAdaptersAddresses(AF_UNSPEC,GAA_FLAG_SKIP_ANYCAST|GAA_FLAG_SKIP_MULTICAST|GAA_FLAG_SKIP_DNS_SERVER,(void *)0,reinterpret_cast<PIP_ADAPTER_ADDRESSES>(aabuf),&aalen) == NO_ERROR) {
+			PIP_ADAPTER_ADDRESSES a = reinterpret_cast<PIP_ADAPTER_ADDRESSES>(aabuf);
+			while (a) {
+				PIP_ADAPTER_UNICAST_ADDRESS ua = a->FirstUnicastAddress;
+				while (ua) {
+					InetAddress ip(ua->Address.lpSockaddr);
+					if (ifChecker.shouldBindInterface("",ip)) {
+						switch(ip.ipScope()) {
+							default: break;
+							case InetAddress::IP_SCOPE_PSEUDOPRIVATE:
+							case InetAddress::IP_SCOPE_GLOBAL:
+							case InetAddress::IP_SCOPE_SHARED:
+							case InetAddress::IP_SCOPE_PRIVATE:
+								ip.setPort(port);
+								localIfAddrs.insert(std::pair<InetAddress,std::string>(ip,std::string()));
+								break;
+						}
+					}
+					ua = ua->Next;
+				}
+				a = a->Next;
+			}
+		}
+
+#else // not __WINDOWS__
+
+		struct ifaddrs *ifatbl = (struct ifaddrs *)0;
+		struct ifaddrs *ifa;
+		if ((getifaddrs(&ifatbl) == 0)&&(ifatbl)) {
+			ifa = ifatbl;
+			while (ifa) {
+				if ((ifa->ifa_name)&&(ifa->ifa_addr)) {
+					InetAddress ip = *(ifa->ifa_addr);
+					if (ifChecker.shouldBindInterface(ifa->ifa_name,ip)) {
+						switch(ip.ipScope()) {
+							default: break;
+							case InetAddress::IP_SCOPE_PSEUDOPRIVATE:
+							case InetAddress::IP_SCOPE_GLOBAL:
+							case InetAddress::IP_SCOPE_SHARED:
+							case InetAddress::IP_SCOPE_PRIVATE:
+								ip.setPort(port);
+								localIfAddrs.insert(std::pair<InetAddress,std::string>(ip,std::string(ifa->ifa_name)));
+								break;
+						}
+					}
+				}
+				ifa = ifa->ifa_next;
+			}
+			freeifaddrs(ifatbl);
+		}
+
+#endif
+
+		// Default to binding to wildcard if we can't enumerate addresses
+		if (localIfAddrs.empty()) {
+			localIfAddrs.insert(std::pair<InetAddress,std::string>(InetAddress((uint32_t)0,port),std::string()));
+			localIfAddrs.insert(std::pair<InetAddress,std::string>(InetAddress((const void *)"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0",16,port),std::string()));
+		}
+
+		// Close any old bindings to anything that doesn't exist anymore
+		for(typename std::vector<_Binding>::const_iterator bi(_bindings.begin());bi!=_bindings.end();++bi) {
+			if (localIfAddrs.find(bi->address) == localIfAddrs.end()) {
+				phy.close(bi->udpSock,false);
+				phy.close(bi->tcpListenSock,false);
+			}
+		}
+
+		std::vector<_Binding> newBindings;
+		for(std::map<InetAddress,std::string>::const_iterator ii(localIfAddrs.begin());ii!=localIfAddrs.end();++ii) {
+			typename std::vector<_Binding>::const_iterator bi(_bindings.begin());
+			while (bi != _bindings.end()) {
+				if (bi->address == ii->first) {
+					newBindings.push_back(*bi);
+					break;
+				}
+				++bi;
+			}
+
+			if (bi == _bindings.end()) {
+				udps = phy.udpBind(reinterpret_cast<const struct sockaddr *>(&(ii->first)),(void *)0,ZT_UDP_DESIRED_BUF_SIZE);
+				if (udps) {
+					//tcps = phy.tcpListen(reinterpret_cast<const struct sockaddr *>(&ii),(void *)0);
+					//if (tcps) {
+#ifdef __LINUX__
+						// Bind Linux sockets to their device so routes tha we manage do not override physical routes (wish all platforms had this!)
+						if (ii->second.length() > 0) {
+							int fd = (int)Phy<PHY_HANDLER_TYPE>::getDescriptor(udps);
+							char tmp[256];
+							Utils::scopy(tmp,sizeof(tmp),ii->second.c_str());
+							if (fd >= 0) {
+								if (setsockopt(fd,SOL_SOCKET,SO_BINDTODEVICE,tmp,strlen(tmp)) != 0) {
+									fprintf(stderr,"WARNING: unable to set SO_BINDTODEVICE to bind %s to %s\n",ii->first.toIpString().c_str(),ii->second.c_str());
+								}
+							}
+						}
+#endif // __LINUX__
+						newBindings.push_back(_Binding());
+						newBindings.back().udpSock = udps;
+						//newBindings.back().tcpListenSock = tcps;
+						newBindings.back().address = ii->first;
+					//} else {
+					//	phy.close(udps,false);
+					//}
+				}
+			}
+		}
+
+		// Swapping pointers and then letting the old one fall out of scope is faster than copying again
+		_bindings.swap(newBindings);
+	}
+
+	/**
+	 * Send a UDP packet from the specified local interface, or all
+	 *
+	 * Unfortunately even by examining the routing table there is no ultimately
+	 * robust way to tell where we might reach another host that works in all
+	 * environments. As a result, we send packets with null (wildcard) local
+	 * addresses from *every* bound interface.
+	 *
+	 * These are typically initial HELLOs, path probes, etc., since normal
+	 * conversations will have a local endpoint address. So the cost is low and
+	 * if the peer is not reachable via that route then the packet will go
+	 * nowhere and nothing will happen.
+	 *
+	 * It will of course only send via interface bindings of the same socket
+	 * family. No point in sending V4 via V6 or vice versa.
+	 *
+	 * In any case on most hosts there's only one or two interfaces that we
+	 * will use, so none of this is particularly costly.
+	 *
+	 * @param local Local interface address or null address for 'all'
+	 * @param remote Remote address
+	 * @param data Data to send
+	 * @param len Length of data
+	 * @param v4ttl If non-zero, send this packet with the specified IP TTL (IPv4 only)
+	 */
+	template<typename PHY_HANDLER_TYPE>
+	inline bool udpSend(Phy<PHY_HANDLER_TYPE> &phy,const InetAddress &local,const InetAddress &remote,const void *data,unsigned int len,unsigned int v4ttl = 0) const
+	{
+		Mutex::Lock _l(_lock);
+		if (local) {
+			for(typename std::vector<_Binding>::const_iterator i(_bindings.begin());i!=_bindings.end();++i) {
+				if (i->address == local) {
+					if ((v4ttl)&&(local.ss_family == AF_INET))
+						phy.setIp4UdpTtl(i->udpSock,v4ttl);
+					const bool result = phy.udpSend(i->udpSock,reinterpret_cast<const struct sockaddr *>(&remote),data,len);
+					if ((v4ttl)&&(local.ss_family == AF_INET))
+						phy.setIp4UdpTtl(i->udpSock,255);
+					return result;
+				}
+			}
+			return false;
+		} else {
+			bool result = false;
+			for(typename std::vector<_Binding>::const_iterator i(_bindings.begin());i!=_bindings.end();++i) {
+				if (i->address.ss_family == remote.ss_family) {
+					if ((v4ttl)&&(remote.ss_family == AF_INET))
+						phy.setIp4UdpTtl(i->udpSock,v4ttl);
+					result |= phy.udpSend(i->udpSock,reinterpret_cast<const struct sockaddr *>(&remote),data,len);
+					if ((v4ttl)&&(remote.ss_family == AF_INET))
+						phy.setIp4UdpTtl(i->udpSock,255);
+				}
+			}
+			return result;
+		}
+	}
+
+	/**
+	 * @return All currently bound local interface addresses
+	 */
+	inline std::vector<InetAddress> allBoundLocalInterfaceAddresses()
+	{
+		Mutex::Lock _l(_lock);
+		std::vector<InetAddress> aa;
+		for(std::vector<_Binding>::const_iterator i(_bindings.begin());i!=_bindings.end();++i)
+			aa.push_back(i->address);
+		return aa;
+	}
+
+private:
+	std::vector<_Binding> _bindings;
+	Mutex _lock;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/osdep/Http.cpp b/osdep/Http.cpp
new file mode 100644
index 0000000..064ccd0
--- /dev/null
+++ b/osdep/Http.cpp
@@ -0,0 +1,291 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+
+#include "Http.hpp"
+#include "Phy.hpp"
+#include "OSUtils.hpp"
+#include "../node/Constants.hpp"
+#include "../node/Utils.hpp"
+
+#ifdef ZT_USE_SYSTEM_HTTP_PARSER
+#include <http_parser.h>
+#else
+#include "../ext/http-parser/http_parser.h"
+#endif
+
+namespace ZeroTier {
+
+namespace {
+
+static int ShttpOnMessageBegin(http_parser *parser);
+static int ShttpOnUrl(http_parser *parser,const char *ptr,size_t length);
+#if (HTTP_PARSER_VERSION_MAJOR >= 2) && (HTTP_PARSER_VERSION_MINOR >= 2)
+static int ShttpOnStatus(http_parser *parser,const char *ptr,size_t length);
+#else
+static int ShttpOnStatus(http_parser *parser);
+#endif
+static int ShttpOnHeaderField(http_parser *parser,const char *ptr,size_t length);
+static int ShttpOnValue(http_parser *parser,const char *ptr,size_t length);
+static int ShttpOnHeadersComplete(http_parser *parser);
+static int ShttpOnBody(http_parser *parser,const char *ptr,size_t length);
+static int ShttpOnMessageComplete(http_parser *parser);
+
+#if (HTTP_PARSER_VERSION_MAJOR >= 2) && (HTTP_PARSER_VERSION_MINOR >= 1)
+static const struct http_parser_settings HTTP_PARSER_SETTINGS = {
+	ShttpOnMessageBegin,
+	ShttpOnUrl,
+	ShttpOnStatus,
+	ShttpOnHeaderField,
+	ShttpOnValue,
+	ShttpOnHeadersComplete,
+	ShttpOnBody,
+	ShttpOnMessageComplete
+};
+#else
+static const struct http_parser_settings HTTP_PARSER_SETTINGS = {
+	ShttpOnMessageBegin,
+	ShttpOnUrl,
+	ShttpOnHeaderField,
+	ShttpOnValue,
+	ShttpOnHeadersComplete,
+	ShttpOnBody,
+	ShttpOnMessageComplete
+};
+#endif
+
+struct HttpPhyHandler
+{
+	// not used
+	inline void phyOnDatagram(PhySocket *sock,void **uptr,const struct sockaddr *localAddr,const struct sockaddr *from,void *data,unsigned long len) {}
+	inline void phyOnTcpAccept(PhySocket *sockL,PhySocket *sockN,void **uptrL,void **uptrN,const struct sockaddr *from) {}
+
+	inline void phyOnTcpConnect(PhySocket *sock,void **uptr,bool success)
+	{
+		if (success) {
+			phy->setNotifyWritable(sock,true);
+		} else {
+			*responseBody = "connection failed";
+			error = true;
+			done = true;
+		}
+	}
+
+	inline void phyOnTcpClose(PhySocket *sock,void **uptr)
+	{
+		done = true;
+	}
+
+	inline void phyOnTcpData(PhySocket *sock,void **uptr,void *data,unsigned long len)
+	{
+		lastActivity = OSUtils::now();
+		http_parser_execute(&parser,&HTTP_PARSER_SETTINGS,(const char *)data,len);
+		if ((parser.upgrade)||(parser.http_errno != HPE_OK))
+			phy->close(sock);
+	}
+
+	inline void phyOnTcpWritable(PhySocket *sock,void **uptr)
+	{
+		if (writePtr < writeSize) {
+			long n = phy->streamSend(sock,writeBuf + writePtr,writeSize - writePtr,true);
+			if (n > 0)
+				writePtr += n;
+		}
+		if (writePtr >= writeSize)
+			phy->setNotifyWritable(sock,false);
+	}
+
+	inline void phyOnFileDescriptorActivity(PhySocket *sock,void **uptr,bool readable,bool writable) {}
+#ifdef __UNIX_LIKE__
+	inline void phyOnUnixAccept(PhySocket *sockL,PhySocket *sockN,void **uptrL,void **uptrN) {}
+	inline void phyOnUnixClose(PhySocket *sock,void **uptr) {}
+	inline void phyOnUnixData(PhySocket *sock,void **uptr,void *data,unsigned long len) {}
+	inline void phyOnUnixWritable(PhySocket *sock,void **uptr) {}
+#endif // __UNIX_LIKE__
+
+	http_parser parser;
+	std::string currentHeaderField;
+	std::string currentHeaderValue;
+	unsigned long messageSize;
+	unsigned long writePtr;
+	uint64_t lastActivity;
+	unsigned long writeSize;
+	char writeBuf[32768];
+
+	unsigned long maxResponseSize;
+	std::map<std::string,std::string> *responseHeaders;
+	std::string *responseBody;
+	bool error;
+	bool done;
+
+	Phy<HttpPhyHandler *> *phy;
+	PhySocket *sock;
+};
+
+static int ShttpOnMessageBegin(http_parser *parser)
+{
+	return 0;
+}
+static int ShttpOnUrl(http_parser *parser,const char *ptr,size_t length)
+{
+	return 0;
+}
+#if (HTTP_PARSER_VERSION_MAJOR >= 2) && (HTTP_PARSER_VERSION_MINOR >= 2)
+static int ShttpOnStatus(http_parser *parser,const char *ptr,size_t length)
+#else
+static int ShttpOnStatus(http_parser *parser)
+#endif
+{
+	/*
+	HttpPhyHandler *hh = reinterpret_cast<HttpPhyHandler *>(parser->data);
+	hh->messageSize += (unsigned long)length;
+	if (hh->messageSize > hh->maxResponseSize)
+		return -1;
+	*/
+	return 0;
+}
+static int ShttpOnHeaderField(http_parser *parser,const char *ptr,size_t length)
+{
+	HttpPhyHandler *hh = reinterpret_cast<HttpPhyHandler *>(parser->data);
+	hh->messageSize += (unsigned long)length;
+	if (hh->messageSize > hh->maxResponseSize)
+		return -1;
+	if ((hh->currentHeaderField.length())&&(hh->currentHeaderValue.length())) {
+		(*hh->responseHeaders)[hh->currentHeaderField] = hh->currentHeaderValue;
+		hh->currentHeaderField = "";
+		hh->currentHeaderValue = "";
+	}
+	for(size_t i=0;i<length;++i)
+		hh->currentHeaderField.push_back(OSUtils::toLower(ptr[i]));
+	return 0;
+}
+static int ShttpOnValue(http_parser *parser,const char *ptr,size_t length)
+{
+	HttpPhyHandler *hh = reinterpret_cast<HttpPhyHandler *>(parser->data);
+	hh->messageSize += (unsigned long)length;
+	if (hh->messageSize > hh->maxResponseSize)
+		return -1;
+	hh->currentHeaderValue.append(ptr,length);
+	return 0;
+}
+static int ShttpOnHeadersComplete(http_parser *parser)
+{
+	HttpPhyHandler *hh = reinterpret_cast<HttpPhyHandler *>(parser->data);
+	if ((hh->currentHeaderField.length())&&(hh->currentHeaderValue.length()))
+		(*hh->responseHeaders)[hh->currentHeaderField] = hh->currentHeaderValue;
+	return 0;
+}
+static int ShttpOnBody(http_parser *parser,const char *ptr,size_t length)
+{
+	HttpPhyHandler *hh = reinterpret_cast<HttpPhyHandler *>(parser->data);
+	hh->messageSize += (unsigned long)length;
+	if (hh->messageSize > hh->maxResponseSize)
+		return -1;
+	hh->responseBody->append(ptr,length);
+	return 0;
+}
+static int ShttpOnMessageComplete(http_parser *parser)
+{
+	HttpPhyHandler *hh = reinterpret_cast<HttpPhyHandler *>(parser->data);
+	hh->phy->close(hh->sock);
+	return 0;
+}
+
+} // anonymous namespace
+
+unsigned int Http::_do(
+	const char *method,
+	unsigned long maxResponseSize,
+	unsigned long timeout,
+	const struct sockaddr *remoteAddress,
+	const char *path,
+	const std::map<std::string,std::string> &requestHeaders,
+	const void *requestBody,
+	unsigned long requestBodyLength,
+	std::map<std::string,std::string> &responseHeaders,
+	std::string &responseBody)
+{
+	try {
+		responseHeaders.clear();
+		responseBody = "";
+
+		HttpPhyHandler handler;
+
+		http_parser_init(&(handler.parser),HTTP_RESPONSE);
+		handler.parser.data = (void *)&handler;
+		handler.messageSize = 0;
+		handler.writePtr = 0;
+		handler.lastActivity = OSUtils::now();
+
+		try {
+			handler.writeSize = Utils::snprintf(handler.writeBuf,sizeof(handler.writeBuf),"%s %s HTTP/1.1\r\n",method,path);
+			for(std::map<std::string,std::string>::const_iterator h(requestHeaders.begin());h!=requestHeaders.end();++h)
+				handler.writeSize += Utils::snprintf(handler.writeBuf + handler.writeSize,sizeof(handler.writeBuf) - handler.writeSize,"%s: %s\r\n",h->first.c_str(),h->second.c_str());
+			handler.writeSize += Utils::snprintf(handler.writeBuf + handler.writeSize,sizeof(handler.writeBuf) - handler.writeSize,"\r\n");
+			if ((requestBody)&&(requestBodyLength)) {
+				if ((handler.writeSize + requestBodyLength) > sizeof(handler.writeBuf)) {
+					responseBody = "request too large";
+					return 0;
+				}
+				memcpy(handler.writeBuf + handler.writeSize,requestBody,requestBodyLength);
+				handler.writeSize += requestBodyLength;
+			}
+		} catch ( ... ) {
+			responseBody = "request too large";
+			return 0;
+		}
+
+		handler.maxResponseSize = maxResponseSize;
+		handler.responseHeaders = &responseHeaders;
+		handler.responseBody = &responseBody;
+		handler.error = false;
+		handler.done = false;
+
+		Phy<HttpPhyHandler *> phy(&handler,true,true);
+
+		bool instantConnect = false;
+		handler.phy = &phy;
+		handler.sock = phy.tcpConnect((const struct sockaddr *)remoteAddress,instantConnect,(void *)0,true);
+		if (!handler.sock) {
+			responseBody = "connection failed (2)";
+			return 0;
+		}
+
+		while (!handler.done) {
+			phy.poll(timeout / 2);
+			if ((timeout)&&((unsigned long)(OSUtils::now() - handler.lastActivity) > timeout)) {
+				phy.close(handler.sock);
+				responseBody = "timed out";
+				return 0;
+			}
+		}
+
+		return ((handler.error) ? 0 : ((handler.parser.http_errno != HPE_OK) ? 0 : handler.parser.status_code));
+	} catch (std::exception &exc) {
+		responseBody = exc.what();
+		return 0;
+	} catch ( ... ) {
+		responseBody = "unknown exception";
+		return 0;
+	}
+}
+
+} // namespace ZeroTier
diff --git a/osdep/Http.hpp b/osdep/Http.hpp
new file mode 100644
index 0000000..1ecf4ee
--- /dev/null
+++ b/osdep/Http.hpp
@@ -0,0 +1,154 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_HTTP_HPP
+#define ZT_HTTP_HPP
+
+#include <string>
+#include <map>
+#include <stdexcept>
+
+#if defined(_WIN32) || defined(_WIN64)
+#include <WinSock2.h>
+#include <WS2tcpip.h>
+#include <Windows.h>
+#else
+#include <unistd.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <netinet/in.h>
+#endif
+
+namespace ZeroTier {
+
+/**
+ * Simple synchronous HTTP client used for updater and cli
+ */
+class Http
+{
+public:
+	/**
+	 * Make HTTP GET request
+	 *
+	 * The caller must set all headers, including Host.
+	 *
+	 * @return HTTP status code or 0 on error (responseBody will contain error message)
+	 */
+	static inline unsigned int GET(
+		unsigned long maxResponseSize,
+		unsigned long timeout,
+		const struct sockaddr *remoteAddress,
+		const char *path,
+		const std::map<std::string,std::string> &requestHeaders,
+		std::map<std::string,std::string> &responseHeaders,
+		std::string &responseBody)
+	{
+		return _do(
+			"GET",
+			maxResponseSize,
+			timeout,
+			remoteAddress,
+			path,
+			requestHeaders,
+			(const void *)0,
+			0,
+			responseHeaders,
+			responseBody);
+	}
+
+	/**
+	 * Make HTTP DELETE request
+	 *
+	 * The caller must set all headers, including Host.
+	 *
+	 * @return HTTP status code or 0 on error (responseBody will contain error message)
+	 */
+	static inline unsigned int DEL(
+		unsigned long maxResponseSize,
+		unsigned long timeout,
+		const struct sockaddr *remoteAddress,
+		const char *path,
+		const std::map<std::string,std::string> &requestHeaders,
+		std::map<std::string,std::string> &responseHeaders,
+		std::string &responseBody)
+	{
+		return _do(
+			"DELETE",
+			maxResponseSize,
+			timeout,
+			remoteAddress,
+			path,
+			requestHeaders,
+			(const void *)0,
+			0,
+			responseHeaders,
+			responseBody);
+	}
+
+	/**
+	 * Make HTTP POST request
+	 *
+	 * It is the responsibility of the caller to set all headers. With POST, the
+	 * Content-Length and Content-Type headers must be set or the POST will not
+	 * work.
+	 *
+	 * @return HTTP status code or 0 on error (responseBody will contain error message)
+	 */
+	static inline unsigned int POST(
+		unsigned long maxResponseSize,
+		unsigned long timeout,
+		const struct sockaddr *remoteAddress,
+		const char *path,
+		const std::map<std::string,std::string> &requestHeaders,
+		const void *postData,
+		unsigned long postDataLength,
+		std::map<std::string,std::string> &responseHeaders,
+		std::string &responseBody)
+	{
+		return _do(
+			"POST",
+			maxResponseSize,
+			timeout,
+			remoteAddress,
+			path,
+			requestHeaders,
+			postData,
+			postDataLength,
+			responseHeaders,
+			responseBody);
+	}
+
+private:
+	static unsigned int _do(
+		const char *method,
+		unsigned long maxResponseSize,
+		unsigned long timeout,
+		const struct sockaddr *remoteAddress,
+		const char *path,
+		const std::map<std::string,std::string> &requestHeaders,
+		const void *requestBody,
+		unsigned long requestBodyLength,
+		std::map<std::string,std::string> &responseHeaders,
+		std::string &responseBody);
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/osdep/LinuxEthernetTap.cpp b/osdep/LinuxEthernetTap.cpp
new file mode 100644
index 0000000..e336bb6
--- /dev/null
+++ b/osdep/LinuxEthernetTap.cpp
@@ -0,0 +1,425 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <signal.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/ioctl.h>
+#include <sys/wait.h>
+#include <sys/select.h>
+#include <netinet/in.h>
+#include <net/if_arp.h>
+#include <arpa/inet.h>
+#include <linux/if.h>
+#include <linux/if_tun.h>
+#include <linux/if_addr.h>
+#include <linux/if_ether.h>
+#include <ifaddrs.h>
+
+#include <algorithm>
+#include <utility>
+
+#include "../node/Constants.hpp"
+#include "../node/Utils.hpp"
+#include "../node/Mutex.hpp"
+#include "../node/Dictionary.hpp"
+#include "OSUtils.hpp"
+#include "LinuxEthernetTap.hpp"
+
+// ff:ff:ff:ff:ff:ff with no ADI
+static const ZeroTier::MulticastGroup _blindWildcardMulticastGroup(ZeroTier::MAC(0xff),0);
+
+namespace ZeroTier {
+
+static Mutex __tapCreateLock;
+
+LinuxEthernetTap::LinuxEthernetTap(
+	const char *homePath,
+	const MAC &mac,
+	unsigned int mtu,
+	unsigned int metric,
+	uint64_t nwid,
+	const char *friendlyName,
+	void (*handler)(void *,uint64_t,const MAC &,const MAC &,unsigned int,unsigned int,const void *,unsigned int),
+	void *arg) :
+	_handler(handler),
+	_arg(arg),
+	_nwid(nwid),
+	_homePath(homePath),
+	_mtu(mtu),
+	_fd(0),
+	_enabled(true)
+{
+	char procpath[128],nwids[32];
+	struct stat sbuf;
+
+	Utils::snprintf(nwids,sizeof(nwids),"%.16llx",nwid);
+
+	Mutex::Lock _l(__tapCreateLock); // create only one tap at a time, globally
+
+	if (mtu > 2800)
+		throw std::runtime_error("max tap MTU is 2800");
+
+	_fd = ::open("/dev/net/tun",O_RDWR);
+	if (_fd <= 0) {
+		_fd = ::open("/dev/tun",O_RDWR);
+		if (_fd <= 0)
+			throw std::runtime_error(std::string("could not open TUN/TAP device: ") + strerror(errno));
+	}
+
+	struct ifreq ifr;
+	memset(&ifr,0,sizeof(ifr));
+
+	// Try to recall our last device name, or pick an unused one if that fails.
+	bool recalledDevice = false;
+	std::string devmapbuf;
+	Dictionary<8194> devmap;
+	if (OSUtils::readFile((_homePath + ZT_PATH_SEPARATOR_S + "devicemap").c_str(),devmapbuf)) {
+		devmap.load(devmapbuf.c_str());
+		char desiredDevice[128];
+		if (devmap.get(nwids,desiredDevice,sizeof(desiredDevice)) > 0) {
+			Utils::scopy(ifr.ifr_name,sizeof(ifr.ifr_name),desiredDevice);
+			Utils::snprintf(procpath,sizeof(procpath),"/proc/sys/net/ipv4/conf/%s",ifr.ifr_name);
+			recalledDevice = (stat(procpath,&sbuf) != 0);
+		}
+	}
+
+	if (!recalledDevice) {
+		int devno = 0;
+		do {
+			Utils::snprintf(ifr.ifr_name,sizeof(ifr.ifr_name),"zt%d",devno++);
+			Utils::snprintf(procpath,sizeof(procpath),"/proc/sys/net/ipv4/conf/%s",ifr.ifr_name);
+		} while (stat(procpath,&sbuf) == 0); // try zt#++ until we find one that does not exist
+	}
+
+	ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
+	if (ioctl(_fd,TUNSETIFF,(void *)&ifr) < 0) {
+		::close(_fd);
+		throw std::runtime_error("unable to configure TUN/TAP device for TAP operation");
+	}
+
+	_dev = ifr.ifr_name;
+
+	::ioctl(_fd,TUNSETPERSIST,0); // valgrind may generate a false alarm here
+
+	// Open an arbitrary socket to talk to netlink
+	int sock = socket(AF_INET,SOCK_DGRAM,0);
+	if (sock <= 0) {
+		::close(_fd);
+		throw std::runtime_error("unable to open netlink socket");
+	}
+
+	// Set MAC address
+	ifr.ifr_ifru.ifru_hwaddr.sa_family = ARPHRD_ETHER;
+	mac.copyTo(ifr.ifr_ifru.ifru_hwaddr.sa_data,6);
+	if (ioctl(sock,SIOCSIFHWADDR,(void *)&ifr) < 0) {
+		::close(_fd);
+		::close(sock);
+		throw std::runtime_error("unable to configure TAP hardware (MAC) address");
+		return;
+	}
+
+	// Set MTU
+	ifr.ifr_ifru.ifru_mtu = (int)mtu;
+	if (ioctl(sock,SIOCSIFMTU,(void *)&ifr) < 0) {
+		::close(_fd);
+		::close(sock);
+		throw std::runtime_error("unable to configure TAP MTU");
+	}
+
+	if (fcntl(_fd,F_SETFL,fcntl(_fd,F_GETFL) & ~O_NONBLOCK) == -1) {
+		::close(_fd);
+		throw std::runtime_error("unable to set flags on file descriptor for TAP device");
+	}
+
+	/* Bring interface up */
+	if (ioctl(sock,SIOCGIFFLAGS,(void *)&ifr) < 0) {
+		::close(_fd);
+		::close(sock);
+		throw std::runtime_error("unable to get TAP interface flags");
+	}
+	ifr.ifr_flags |= IFF_UP;
+	if (ioctl(sock,SIOCSIFFLAGS,(void *)&ifr) < 0) {
+		::close(_fd);
+		::close(sock);
+		throw std::runtime_error("unable to set TAP interface flags");
+	}
+
+	::close(sock);
+
+	// Set close-on-exec so that devices cannot persist if we fork/exec for update
+	::fcntl(_fd,F_SETFD,fcntl(_fd,F_GETFD) | FD_CLOEXEC);
+
+	(void)::pipe(_shutdownSignalPipe);
+
+	devmap.erase(nwids);
+	devmap.add(nwids,_dev.c_str());
+	OSUtils::writeFile((_homePath + ZT_PATH_SEPARATOR_S + "devicemap").c_str(),(const void *)devmap.data(),devmap.sizeBytes());
+
+	_thread = Thread::start(this);
+}
+
+LinuxEthernetTap::~LinuxEthernetTap()
+{
+	(void)::write(_shutdownSignalPipe[1],"\0",1); // causes thread to exit
+	Thread::join(_thread);
+	::close(_fd);
+	::close(_shutdownSignalPipe[0]);
+	::close(_shutdownSignalPipe[1]);
+}
+
+void LinuxEthernetTap::setEnabled(bool en)
+{
+	_enabled = en;
+}
+
+bool LinuxEthernetTap::enabled() const
+{
+	return _enabled;
+}
+
+static bool ___removeIp(const std::string &_dev,const InetAddress &ip)
+{
+	long cpid = (long)vfork();
+	if (cpid == 0) {
+		OSUtils::redirectUnixOutputs("/dev/null",(const char *)0);
+		setenv("PATH", "/sbin:/bin:/usr/sbin:/usr/bin", 1);
+		::execlp("ip","ip","addr","del",ip.toString().c_str(),"dev",_dev.c_str(),(const char *)0);
+		::_exit(-1);
+	} else {
+		int exitcode = -1;
+		::waitpid(cpid,&exitcode,0);
+		return (exitcode == 0);
+	}
+}
+
+bool LinuxEthernetTap::addIp(const InetAddress &ip)
+{
+	if (!ip)
+		return false;
+
+	std::vector<InetAddress> allIps(ips());
+	if (std::binary_search(allIps.begin(),allIps.end(),ip))
+		return true;
+
+	// Remove and reconfigure if address is the same but netmask is different
+	for(std::vector<InetAddress>::iterator i(allIps.begin());i!=allIps.end();++i) {
+		if (i->ipsEqual(ip))
+			___removeIp(_dev,*i);
+	}
+
+	long cpid = (long)vfork();
+	if (cpid == 0) {
+		OSUtils::redirectUnixOutputs("/dev/null",(const char *)0);
+		setenv("PATH", "/sbin:/bin:/usr/sbin:/usr/bin", 1);
+		if (ip.isV4()) {
+			::execlp("ip","ip","addr","add",ip.toString().c_str(),"broadcast",ip.broadcast().toIpString().c_str(),"dev",_dev.c_str(),(const char *)0);
+		} else {
+			::execlp("ip","ip","addr","add",ip.toString().c_str(),"dev",_dev.c_str(),(const char *)0);
+		}
+		::_exit(-1);
+	} else if (cpid > 0) {
+		int exitcode = -1;
+		::waitpid(cpid,&exitcode,0);
+		return (exitcode == 0);
+	}
+
+	return false;
+}
+
+bool LinuxEthernetTap::removeIp(const InetAddress &ip)
+{
+	if (!ip)
+		return true;
+	std::vector<InetAddress> allIps(ips());
+	if (std::find(allIps.begin(),allIps.end(),ip) != allIps.end()) {
+		if (___removeIp(_dev,ip))
+			return true;
+	}
+	return false;
+}
+
+std::vector<InetAddress> LinuxEthernetTap::ips() const
+{
+	struct ifaddrs *ifa = (struct ifaddrs *)0;
+	if (getifaddrs(&ifa))
+		return std::vector<InetAddress>();
+
+	std::vector<InetAddress> r;
+
+	struct ifaddrs *p = ifa;
+	while (p) {
+		if ((!strcmp(p->ifa_name,_dev.c_str()))&&(p->ifa_addr)&&(p->ifa_netmask)&&(p->ifa_addr->sa_family == p->ifa_netmask->sa_family)) {
+			switch(p->ifa_addr->sa_family) {
+				case AF_INET: {
+					struct sockaddr_in *sin = (struct sockaddr_in *)p->ifa_addr;
+					struct sockaddr_in *nm = (struct sockaddr_in *)p->ifa_netmask;
+					r.push_back(InetAddress(&(sin->sin_addr.s_addr),4,Utils::countBits((uint32_t)nm->sin_addr.s_addr)));
+				}	break;
+				case AF_INET6: {
+					struct sockaddr_in6 *sin = (struct sockaddr_in6 *)p->ifa_addr;
+					struct sockaddr_in6 *nm = (struct sockaddr_in6 *)p->ifa_netmask;
+					uint32_t b[4];
+					memcpy(b,nm->sin6_addr.s6_addr,sizeof(b));
+					r.push_back(InetAddress(sin->sin6_addr.s6_addr,16,Utils::countBits(b[0]) + Utils::countBits(b[1]) + Utils::countBits(b[2]) + Utils::countBits(b[3])));
+				}	break;
+			}
+		}
+		p = p->ifa_next;
+	}
+
+	if (ifa)
+		freeifaddrs(ifa);
+
+	std::sort(r.begin(),r.end());
+	r.erase(std::unique(r.begin(),r.end()),r.end());
+
+	return r;
+}
+
+void LinuxEthernetTap::put(const MAC &from,const MAC &to,unsigned int etherType,const void *data,unsigned int len)
+{
+	char putBuf[8194];
+	if ((_fd > 0)&&(len <= _mtu)&&(_enabled)) {
+		to.copyTo(putBuf,6);
+		from.copyTo(putBuf + 6,6);
+		*((uint16_t *)(putBuf + 12)) = htons((uint16_t)etherType);
+		memcpy(putBuf + 14,data,len);
+		len += 14;
+		(void)::write(_fd,putBuf,len);
+	}
+}
+
+std::string LinuxEthernetTap::deviceName() const
+{
+	return _dev;
+}
+
+void LinuxEthernetTap::setFriendlyName(const char *friendlyName)
+{
+}
+
+void LinuxEthernetTap::scanMulticastGroups(std::vector<MulticastGroup> &added,std::vector<MulticastGroup> &removed)
+{
+	char *ptr,*ptr2;
+	unsigned char mac[6];
+	std::vector<MulticastGroup> newGroups;
+
+	int fd = ::open("/proc/net/dev_mcast",O_RDONLY);
+	if (fd > 0) {
+		char buf[131072];
+		int n = (int)::read(fd,buf,sizeof(buf));
+		if ((n > 0)&&(n < (int)sizeof(buf))) {
+			buf[n] = (char)0;
+			for(char *l=strtok_r(buf,"\r\n",&ptr);(l);l=strtok_r((char *)0,"\r\n",&ptr)) {
+				int fno = 0;
+				char *devname = (char *)0;
+				char *mcastmac = (char *)0;
+				for(char *f=strtok_r(l," \t",&ptr2);(f);f=strtok_r((char *)0," \t",&ptr2)) {
+					if (fno == 1)
+						devname = f;
+					else if (fno == 4)
+						mcastmac = f;
+					++fno;
+				}
+				if ((devname)&&(!strcmp(devname,_dev.c_str()))&&(mcastmac)&&(Utils::unhex(mcastmac,mac,6) == 6))
+					newGroups.push_back(MulticastGroup(MAC(mac,6),0));
+			}
+		}
+		::close(fd);
+	}
+
+	std::vector<InetAddress> allIps(ips());
+	for(std::vector<InetAddress>::iterator ip(allIps.begin());ip!=allIps.end();++ip)
+		newGroups.push_back(MulticastGroup::deriveMulticastGroupForAddressResolution(*ip));
+
+	std::sort(newGroups.begin(),newGroups.end());
+	newGroups.erase(std::unique(newGroups.begin(),newGroups.end()),newGroups.end());
+
+	for(std::vector<MulticastGroup>::iterator m(newGroups.begin());m!=newGroups.end();++m) {
+		if (!std::binary_search(_multicastGroups.begin(),_multicastGroups.end(),*m))
+			added.push_back(*m);
+	}
+	for(std::vector<MulticastGroup>::iterator m(_multicastGroups.begin());m!=_multicastGroups.end();++m) {
+		if (!std::binary_search(newGroups.begin(),newGroups.end(),*m))
+			removed.push_back(*m);
+	}
+
+	_multicastGroups.swap(newGroups);
+}
+
+void LinuxEthernetTap::threadMain()
+	throw()
+{
+	fd_set readfds,nullfds;
+	MAC to,from;
+	int n,nfds,r;
+	char getBuf[8194];
+
+	Thread::sleep(500);
+
+	FD_ZERO(&readfds);
+	FD_ZERO(&nullfds);
+	nfds = (int)std::max(_shutdownSignalPipe[0],_fd) + 1;
+
+	r = 0;
+	for(;;) {
+		FD_SET(_shutdownSignalPipe[0],&readfds);
+		FD_SET(_fd,&readfds);
+		select(nfds,&readfds,&nullfds,&nullfds,(struct timeval *)0);
+
+		if (FD_ISSET(_shutdownSignalPipe[0],&readfds)) // writes to shutdown pipe terminate thread
+			break;
+
+		if (FD_ISSET(_fd,&readfds)) {
+			n = (int)::read(_fd,getBuf + r,sizeof(getBuf) - r);
+			if (n < 0) {
+				if ((errno != EINTR)&&(errno != ETIMEDOUT))
+					break;
+			} else {
+				// Some tap drivers like to send the ethernet frame and the
+				// payload in two chunks, so handle that by accumulating
+				// data until we have at least a frame.
+				r += n;
+				if (r > 14) {
+					if (r > ((int)_mtu + 14)) // sanity check for weird TAP behavior on some platforms
+						r = _mtu + 14;
+
+					if (_enabled) {
+						to.setTo(getBuf,6);
+						from.setTo(getBuf + 6,6);
+						unsigned int etherType = ntohs(((const uint16_t *)getBuf)[6]);
+						// TODO: VLAN support
+						_handler(_arg,_nwid,from,to,etherType,0,(const void *)(getBuf + 14),r - 14);
+					}
+
+					r = 0;
+				}
+			}
+		}
+	}
+}
+
+} // namespace ZeroTier
diff --git a/osdep/LinuxEthernetTap.hpp b/osdep/LinuxEthernetTap.hpp
new file mode 100644
index 0000000..cbb58ef
--- /dev/null
+++ b/osdep/LinuxEthernetTap.hpp
@@ -0,0 +1,81 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_LINUXETHERNETTAP_HPP
+#define ZT_LINUXETHERNETTAP_HPP
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <string>
+#include <vector>
+#include <stdexcept>
+
+#include "../node/MulticastGroup.hpp"
+#include "Thread.hpp"
+
+namespace ZeroTier {
+
+/**
+ * Linux Ethernet tap using kernel tun/tap driver
+ */
+class LinuxEthernetTap
+{
+public:
+	LinuxEthernetTap(
+		const char *homePath,
+		const MAC &mac,
+		unsigned int mtu,
+		unsigned int metric,
+		uint64_t nwid,
+		const char *friendlyName,
+		void (*handler)(void *,uint64_t,const MAC &,const MAC &,unsigned int,unsigned int,const void *,unsigned int),
+		void *arg);
+
+	~LinuxEthernetTap();
+
+	void setEnabled(bool en);
+	bool enabled() const;
+	bool addIp(const InetAddress &ip);
+	bool removeIp(const InetAddress &ip);
+	std::vector<InetAddress> ips() const;
+	void put(const MAC &from,const MAC &to,unsigned int etherType,const void *data,unsigned int len);
+	std::string deviceName() const;
+	void setFriendlyName(const char *friendlyName);
+	void scanMulticastGroups(std::vector<MulticastGroup> &added,std::vector<MulticastGroup> &removed);
+
+	void threadMain()
+		throw();
+
+private:
+	void (*_handler)(void *,uint64_t,const MAC &,const MAC &,unsigned int,unsigned int,const void *,unsigned int);
+	void *_arg;
+	uint64_t _nwid;
+	Thread _thread;
+	std::string _homePath;
+	std::string _dev;
+	std::vector<MulticastGroup> _multicastGroups;
+	unsigned int _mtu;
+	int _fd;
+	int _shutdownSignalPipe[2];
+	volatile bool _enabled;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/osdep/ManagedRoute.cpp b/osdep/ManagedRoute.cpp
new file mode 100644
index 0000000..0bb74c1
--- /dev/null
+++ b/osdep/ManagedRoute.cpp
@@ -0,0 +1,594 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "../node/Constants.hpp"
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef __WINDOWS__
+#include <WinSock2.h>
+#include <Windows.h>
+#include <netioapi.h>
+#include <IPHlpApi.h>
+#endif
+
+#ifdef __UNIX_LIKE__
+#include <unistd.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <net/route.h>
+#include <net/if.h>
+#ifdef __BSD__
+#include <net/if_dl.h>
+#include <sys/sysctl.h>
+#endif
+#include <ifaddrs.h>
+#endif
+
+#include <vector>
+#include <algorithm>
+#include <utility>
+
+#include "ManagedRoute.hpp"
+
+#define ZT_BSD_ROUTE_CMD "/sbin/route"
+#define ZT_LINUX_IP_COMMAND "/sbin/ip"
+#define ZT_LINUX_IP_COMMAND_2 "/usr/sbin/ip"
+
+// NOTE: BSD is mostly tested on Apple/Mac but is likely to work on other BSD too
+
+namespace ZeroTier {
+
+namespace {
+
+// Fork a target into two more specific targets e.g. 0.0.0.0/0 -> 0.0.0.0/1, 128.0.0.0/1
+// If the target is already maximally-specific, 'right' will be unchanged and 'left' will be 't'
+static void _forkTarget(const InetAddress &t,InetAddress &left,InetAddress &right)
+{
+	const unsigned int bits = t.netmaskBits() + 1;
+	left = t;
+	if ((t.ss_family == AF_INET)&&(bits <= 32)) {
+		left.setPort(bits);
+		right = t;
+		reinterpret_cast<struct sockaddr_in *>(&right)->sin_addr.s_addr ^= Utils::hton((uint32_t)(1 << (32 - bits)));
+		right.setPort(bits);
+	} else if ((t.ss_family == AF_INET6)&&(bits <= 128)) {
+		left.setPort(bits);
+		right = t;
+		uint8_t *b = reinterpret_cast<uint8_t *>(reinterpret_cast<struct sockaddr_in6 *>(&right)->sin6_addr.s6_addr);
+		b[bits / 8] ^= 1 << (8 - (bits % 8));
+		right.setPort(bits);
+	}
+}
+
+#ifdef __BSD__ // ------------------------------------------------------------
+#define ZT_ROUTING_SUPPORT_FOUND 1
+
+struct _RTE
+{
+	InetAddress target;
+	InetAddress via;
+	char device[128];
+	int metric;
+	bool ifscope;
+};
+
+static std::vector<_RTE> _getRTEs(const InetAddress &target,bool contains)
+{
+	std::vector<_RTE> rtes;
+	int mib[6];
+	size_t needed;
+
+	mib[0] = CTL_NET;
+	mib[1] = PF_ROUTE;
+	mib[2] = 0;
+	mib[3] = 0;
+	mib[4] = NET_RT_DUMP;
+	mib[5] = 0;
+	if (!sysctl(mib,6,NULL,&needed,NULL,0)) {
+		if (needed <= 0)
+			return rtes;
+
+		char *buf = (char *)::malloc(needed);
+		if (buf) {
+			if (!sysctl(mib,6,buf,&needed,NULL,0)) {
+		    struct rt_msghdr *rtm;
+				for(char *next=buf,*end=buf+needed;next<end;) {
+					rtm = (struct rt_msghdr *)next;
+					char *saptr = (char *)(rtm + 1);
+					char *saend = next + rtm->rtm_msglen;
+
+					InetAddress sa_t,sa_v;
+					int deviceIndex = -9999;
+
+					if (((rtm->rtm_flags & RTF_LLINFO) == 0)&&((rtm->rtm_flags & RTF_HOST) == 0)&&((rtm->rtm_flags & RTF_UP) != 0)&&((rtm->rtm_flags & RTF_MULTICAST) == 0)) {
+						int which = 0;
+						while (saptr < saend) {
+							struct sockaddr *sa = (struct sockaddr *)saptr;
+							unsigned int salen = sa->sa_len;
+							if (!salen)
+								break;
+
+							// Skip missing fields in rtm_addrs bit field
+							while ((rtm->rtm_addrs & 1) == 0) {
+								rtm->rtm_addrs >>= 1;
+								++which;
+								if (which > 6)
+									break;
+							}
+							if (which > 6)
+								break;
+
+							rtm->rtm_addrs >>= 1;
+							switch(which++) {
+								case 0:
+									//printf("RTA_DST\n");
+									if (sa->sa_family == AF_INET6) {
+										struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
+										if ((sin6->sin6_addr.s6_addr[0] == 0xfe)&&((sin6->sin6_addr.s6_addr[1] & 0xc0) == 0x80)) {
+											// BSD uses this fucking strange in-band signaling method to encode device scope IDs for IPv6 addresses... probably a holdover from very early versions of the spec.
+											unsigned int interfaceIndex = ((((unsigned int)sin6->sin6_addr.s6_addr[2]) << 8) & 0xff) | (((unsigned int)sin6->sin6_addr.s6_addr[3]) & 0xff);
+											sin6->sin6_addr.s6_addr[2] = 0;
+											sin6->sin6_addr.s6_addr[3] = 0;
+											if (!sin6->sin6_scope_id)
+												sin6->sin6_scope_id = interfaceIndex;
+										}
+									}
+									sa_t = *sa;
+									break;
+								case 1:
+									//printf("RTA_GATEWAY\n");
+									switch(sa->sa_family) {
+										case AF_LINK:
+											deviceIndex = (int)((const struct sockaddr_dl *)sa)->sdl_index;
+											break;
+										case AF_INET:
+										case AF_INET6:
+											sa_v = *sa;
+											break;
+									}
+									break;
+								case 2: {
+									//printf("RTA_NETMASK\n");
+									if (sa_t.ss_family == AF_INET6) {
+										salen = sizeof(struct sockaddr_in6);
+										unsigned int bits = 0;
+										for(int i=0;i<16;++i) {
+											unsigned char c = (unsigned char)((const struct sockaddr_in6 *)sa)->sin6_addr.s6_addr[i];
+											if (c == 0xff)
+												bits += 8;
+											else break;
+										}
+										sa_t.setPort(bits);
+									} else if (sa_t.ss_family == AF_INET) {
+										salen = sizeof(struct sockaddr_in);
+										sa_t.setPort((unsigned int)Utils::countBits((uint32_t)((const struct sockaddr_in *)sa)->sin_addr.s_addr));
+									}
+								}	break;
+								/*
+								case 3:
+									//printf("RTA_GENMASK\n");
+									break;
+								case 4:
+									//printf("RTA_IFP\n");
+									break;
+								case 5:
+									//printf("RTA_IFA\n");
+									break;
+								case 6:
+									//printf("RTA_AUTHOR\n");
+									break;
+								*/
+							}
+
+							saptr += salen;
+						}
+
+						if (((contains)&&(sa_t.containsAddress(target)))||(sa_t == target)) {
+							rtes.push_back(_RTE());
+							rtes.back().target = sa_t;
+							rtes.back().via = sa_v;
+							if (deviceIndex >= 0) {
+								if_indextoname(deviceIndex,rtes.back().device);
+							} else {
+								rtes.back().device[0] = (char)0;
+							}
+							rtes.back().metric = ((int)rtm->rtm_rmx.rmx_hopcount < 0) ? 0 : (int)rtm->rtm_rmx.rmx_hopcount;
+						}
+					}
+
+					next = saend;
+				}
+			}
+
+			::free(buf);
+		}
+	}
+
+	return rtes;
+}
+
+static void _routeCmd(const char *op,const InetAddress &target,const InetAddress &via,const char *ifscope,const char *localInterface)
+{
+	long p = (long)fork();
+	if (p > 0) {
+		int exitcode = -1;
+		::waitpid(p,&exitcode,0);
+	} else if (p == 0) {
+		::close(STDOUT_FILENO);
+		::close(STDERR_FILENO);
+		if (via) {
+			if ((ifscope)&&(ifscope[0])) {
+				::execl(ZT_BSD_ROUTE_CMD,ZT_BSD_ROUTE_CMD,op,"-ifscope",ifscope,((target.ss_family == AF_INET6) ? "-inet6" : "-inet"),target.toString().c_str(),via.toIpString().c_str(),(const char *)0);
+			} else {
+				::execl(ZT_BSD_ROUTE_CMD,ZT_BSD_ROUTE_CMD,op,((target.ss_family == AF_INET6) ? "-inet6" : "-inet"),target.toString().c_str(),via.toIpString().c_str(),(const char *)0);
+			}
+		} else if ((localInterface)&&(localInterface[0])) {
+			if ((ifscope)&&(ifscope[0])) {
+				::execl(ZT_BSD_ROUTE_CMD,ZT_BSD_ROUTE_CMD,op,"-ifscope",ifscope,((target.ss_family == AF_INET6) ? "-inet6" : "-inet"),target.toString().c_str(),"-interface",localInterface,(const char *)0);
+			} else {
+				::execl(ZT_BSD_ROUTE_CMD,ZT_BSD_ROUTE_CMD,op,((target.ss_family == AF_INET6) ? "-inet6" : "-inet"),target.toString().c_str(),"-interface",localInterface,(const char *)0);
+			}
+		}
+		::_exit(-1);
+	}
+}
+
+#endif // __BSD__ ------------------------------------------------------------
+
+#ifdef __LINUX__ // ----------------------------------------------------------
+#define ZT_ROUTING_SUPPORT_FOUND 1
+
+static void _routeCmd(const char *op,const InetAddress &target,const InetAddress &via,const char *localInterface)
+{
+	long p = (long)fork();
+	if (p > 0) {
+		int exitcode = -1;
+		::waitpid(p,&exitcode,0);
+	} else if (p == 0) {
+		::close(STDOUT_FILENO);
+		::close(STDERR_FILENO);
+		if (via) {
+			::execl(ZT_LINUX_IP_COMMAND,ZT_LINUX_IP_COMMAND,(target.ss_family == AF_INET6) ? "-6" : "-4","route",op,target.toString().c_str(),"via",via.toIpString().c_str(),(const char *)0);
+			::execl(ZT_LINUX_IP_COMMAND_2,ZT_LINUX_IP_COMMAND_2,(target.ss_family == AF_INET6) ? "-6" : "-4","route",op,target.toString().c_str(),"via",via.toIpString().c_str(),(const char *)0);
+		} else if ((localInterface)&&(localInterface[0])) {
+			::execl(ZT_LINUX_IP_COMMAND,ZT_LINUX_IP_COMMAND,(target.ss_family == AF_INET6) ? "-6" : "-4","route",op,target.toString().c_str(),"dev",localInterface,(const char *)0);
+			::execl(ZT_LINUX_IP_COMMAND_2,ZT_LINUX_IP_COMMAND_2,(target.ss_family == AF_INET6) ? "-6" : "-4","route",op,target.toString().c_str(),"dev",localInterface,(const char *)0);
+		}
+		::_exit(-1);
+	}
+}
+
+#endif // __LINUX__ ----------------------------------------------------------
+
+#ifdef __WINDOWS__ // --------------------------------------------------------
+#define ZT_ROUTING_SUPPORT_FOUND 1
+
+static bool _winRoute(bool del,const NET_LUID &interfaceLuid,const NET_IFINDEX &interfaceIndex,const InetAddress &target,const InetAddress &via)
+{
+	MIB_IPFORWARD_ROW2 rtrow;
+	InitializeIpForwardEntry(&rtrow);
+	rtrow.InterfaceLuid.Value = interfaceLuid.Value;
+	rtrow.InterfaceIndex = interfaceIndex;
+	if (target.ss_family == AF_INET) {
+		rtrow.DestinationPrefix.Prefix.si_family = AF_INET;
+		rtrow.DestinationPrefix.Prefix.Ipv4.sin_family = AF_INET;
+		rtrow.DestinationPrefix.Prefix.Ipv4.sin_addr.S_un.S_addr = reinterpret_cast<const struct sockaddr_in *>(&target)->sin_addr.S_un.S_addr;
+		if (via.ss_family == AF_INET) {
+			rtrow.NextHop.si_family = AF_INET;
+			rtrow.NextHop.Ipv4.sin_family = AF_INET;
+			rtrow.NextHop.Ipv4.sin_addr.S_un.S_addr = reinterpret_cast<const struct sockaddr_in *>(&via)->sin_addr.S_un.S_addr;
+		}
+	} else if (target.ss_family == AF_INET6) {
+		rtrow.DestinationPrefix.Prefix.si_family = AF_INET6;
+		rtrow.DestinationPrefix.Prefix.Ipv6.sin6_family = AF_INET6;
+		memcpy(rtrow.DestinationPrefix.Prefix.Ipv6.sin6_addr.u.Byte,reinterpret_cast<const struct sockaddr_in6 *>(&target)->sin6_addr.u.Byte,16);
+		if (via.ss_family == AF_INET6) {
+			rtrow.NextHop.si_family = AF_INET6;
+			rtrow.NextHop.Ipv6.sin6_family = AF_INET6;
+			memcpy(rtrow.NextHop.Ipv6.sin6_addr.u.Byte,reinterpret_cast<const struct sockaddr_in6 *>(&via)->sin6_addr.u.Byte,16);
+		}
+	} else {
+		return false;
+	}
+	rtrow.DestinationPrefix.PrefixLength = target.netmaskBits();
+	rtrow.SitePrefixLength = rtrow.DestinationPrefix.PrefixLength;
+	rtrow.ValidLifetime = 0xffffffff;
+	rtrow.PreferredLifetime = 0xffffffff;
+	rtrow.Metric = -1;
+	rtrow.Protocol = MIB_IPPROTO_NETMGMT;
+	rtrow.Loopback = FALSE;
+	rtrow.AutoconfigureAddress = FALSE;
+	rtrow.Publish = FALSE;
+	rtrow.Immortal = FALSE;
+	rtrow.Age = 0;
+	rtrow.Origin = NlroManual;
+	if (del) {
+		return (DeleteIpForwardEntry2(&rtrow) == NO_ERROR);
+	} else {
+		NTSTATUS r = CreateIpForwardEntry2(&rtrow);
+		if (r == NO_ERROR) {
+			return true;
+		} else if (r == ERROR_OBJECT_ALREADY_EXISTS) {
+			return (SetIpForwardEntry2(&rtrow) == NO_ERROR);
+		} else {
+			return false;
+		}
+	}
+}
+
+#endif // __WINDOWS__ --------------------------------------------------------
+
+#ifndef ZT_ROUTING_SUPPORT_FOUND
+#error "ManagedRoute.cpp has no support for managing routes on this platform! You'll need to check and see if one of the existing ones will work and make sure proper defines are set, or write one. Please do a Github pull request if you do this for a new OS."
+#endif
+
+} // anonymous namespace
+
+/* Linux NOTE: for default route override, some Linux distributions will
+ * require a change to the rp_filter parameter. A value of '1' will prevent
+ * default route override from working properly.
+ *
+ * sudo sysctl -w net.ipv4.conf.all.rp_filter=2
+ *
+ * Add to /etc/sysctl.conf or /etc/sysctl.d/... to make permanent.
+ *
+ * This is true of CentOS/RHEL 6+ and possibly others. This is because
+ * Linux default route override implies asymmetric routes, which then
+ * trigger Linux's "martian packet" filter. */
+
+bool ManagedRoute::sync()
+{
+#ifdef __WINDOWS__
+	NET_LUID interfaceLuid;
+	interfaceLuid.Value = (ULONG64)Utils::hexStrToU64(_device); // on Windows we use the hex LUID as the "interface name" for ManagedRoute
+	NET_IFINDEX interfaceIndex = -1;
+	if (ConvertInterfaceLuidToIndex(&interfaceLuid,&interfaceIndex) != NO_ERROR)
+		return false;
+#endif
+
+	if ((_target.isDefaultRoute())||((_target.ss_family == AF_INET)&&(_target.netmaskBits() < 32))) {
+		/* In ZeroTier we create two more specific routes for every one route. We
+		 * do this for default routes and IPv4 routes other than /32s. If there
+		 * is a pre-existing system route that this route will override, we create
+		 * two more specific interface-bound shadow routes for it.
+		 *
+		 * This means that ZeroTier can *itself* continue communicating over
+		 * whatever physical routes might be present while simultaneously
+		 * overriding them for general system traffic. This is mostly for
+		 * "full tunnel" VPN modes of operation, but might be useful for
+		 * virtualizing physical networks in a hybrid design as well. */
+
+		// Generate two more specific routes than target with one extra bit
+		InetAddress leftt,rightt;
+		_forkTarget(_target,leftt,rightt);
+
+#ifdef __BSD__ // ------------------------------------------------------------
+
+		// Find lowest metric system route that this route should override (if any)
+		InetAddress newSystemVia;
+		char newSystemDevice[128];
+		newSystemDevice[0] = (char)0;
+		int systemMetric = 9999999;
+		std::vector<_RTE> rtes(_getRTEs(_target,false));
+		for(std::vector<_RTE>::iterator r(rtes.begin());r!=rtes.end();++r) {
+			if (r->via) {
+				if ((!newSystemVia)||(r->metric < systemMetric)) {
+					newSystemVia = r->via;
+					Utils::scopy(newSystemDevice,sizeof(newSystemDevice),r->device);
+					systemMetric = r->metric;
+				}
+			}
+		}
+		if ((newSystemVia)&&(!newSystemDevice[0])) {
+			rtes = _getRTEs(newSystemVia,true);
+			for(std::vector<_RTE>::iterator r(rtes.begin());r!=rtes.end();++r) {
+				if (r->device[0]) {
+					Utils::scopy(newSystemDevice,sizeof(newSystemDevice),r->device);
+					break;
+				}
+			}
+		}
+
+		// Shadow system route if it exists, also delete any obsolete shadows
+		// and replace them with the new state. sync() is called periodically to
+		// allow us to do that if underlying connectivity changes.
+		if ( ((_systemVia != newSystemVia)||(strcmp(_systemDevice,newSystemDevice))) && (strcmp(_device,newSystemDevice)) ) {
+			if ((_systemVia)&&(_systemDevice[0])) {
+				_routeCmd("delete",leftt,_systemVia,_systemDevice,(const char *)0);
+				_routeCmd("delete",rightt,_systemVia,_systemDevice,(const char *)0);
+			}
+
+			_systemVia = newSystemVia;
+			Utils::scopy(_systemDevice,sizeof(_systemDevice),newSystemDevice);
+
+			if ((_systemVia)&&(_systemDevice[0])) {
+				_routeCmd("add",leftt,_systemVia,_systemDevice,(const char *)0);
+				_routeCmd("change",leftt,_systemVia,_systemDevice,(const char *)0);
+				_routeCmd("add",rightt,_systemVia,_systemDevice,(const char *)0);
+				_routeCmd("change",rightt,_systemVia,_systemDevice,(const char *)0);
+			}
+		}
+
+		// Apply overriding non-device-scoped routes
+		if (!_applied) {
+			if (_via) {
+				_routeCmd("add",leftt,_via,(const char *)0,(const char *)0);
+				_routeCmd("change",leftt,_via,(const char *)0,(const char *)0);
+				_routeCmd("add",rightt,_via,(const char *)0,(const char *)0);
+				_routeCmd("change",rightt,_via,(const char *)0,(const char *)0);
+			} else if (_device[0]) {
+				_routeCmd("add",leftt,_via,(const char *)0,_device);
+				_routeCmd("change",leftt,_via,(const char *)0,_device);
+				_routeCmd("add",rightt,_via,(const char *)0,_device);
+				_routeCmd("change",rightt,_via,(const char *)0,_device);
+			}
+
+			_applied = true;
+		}
+
+#endif // __BSD__ ------------------------------------------------------------
+
+#ifdef __LINUX__ // ----------------------------------------------------------
+
+		if (!_applied) {
+			_routeCmd("replace",leftt,_via,(_via) ? _device : (const char *)0);
+			_routeCmd("replace",rightt,_via,(_via) ? _device : (const char *)0);
+			_applied = true;
+		}
+
+#endif // __LINUX__ ----------------------------------------------------------
+
+#ifdef __WINDOWS__ // --------------------------------------------------------
+
+		if (!_applied) {
+			_winRoute(false,interfaceLuid,interfaceIndex,leftt,_via);
+			_winRoute(false,interfaceLuid,interfaceIndex,rightt,_via);
+			_applied = true;
+		}
+
+#endif // __WINDOWS__ --------------------------------------------------------
+
+	} else {
+
+#ifdef __BSD__ // ------------------------------------------------------------
+
+		if (!_applied) {
+			if (_via) {
+				_routeCmd("add",_target,_via,(const char *)0,(const char *)0);
+				_routeCmd("change",_target,_via,(const char *)0,(const char *)0);
+			} else if (_device[0]) {
+				_routeCmd("add",_target,_via,(const char *)0,_device);
+				_routeCmd("change",_target,_via,(const char *)0,_device);
+			}
+			_applied = true;
+		}
+
+#endif // __BSD__ ------------------------------------------------------------
+
+#ifdef __LINUX__ // ----------------------------------------------------------
+
+		if (!_applied) {
+			_routeCmd("replace",_target,_via,(_via) ? _device : (const char *)0);
+			_applied = true;
+		}
+
+#endif // __LINUX__ ----------------------------------------------------------
+
+#ifdef __WINDOWS__ // --------------------------------------------------------
+
+		if (!_applied) {
+			_winRoute(false,interfaceLuid,interfaceIndex,_target,_via);
+			_applied = true;
+		}
+
+#endif // __WINDOWS__ --------------------------------------------------------
+
+	}
+
+	return true;
+}
+
+void ManagedRoute::remove()
+{
+#ifdef __WINDOWS__
+	NET_LUID interfaceLuid;
+	interfaceLuid.Value = (ULONG64)Utils::hexStrToU64(_device); // on Windows we use the hex LUID as the "interface name" for ManagedRoute
+	NET_IFINDEX interfaceIndex = -1;
+	if (ConvertInterfaceLuidToIndex(&interfaceLuid,&interfaceIndex) != NO_ERROR)
+		return;
+#endif
+
+	if (_applied) {
+		if ((_target.isDefaultRoute())||((_target.ss_family == AF_INET)&&(_target.netmaskBits() < 32))) {
+			InetAddress leftt,rightt;
+			_forkTarget(_target,leftt,rightt);
+
+#ifdef __BSD__ // ------------------------------------------------------------
+
+			if ((_systemVia)&&(_systemDevice[0])) {
+				_routeCmd("delete",leftt,_systemVia,_systemDevice,(const char *)0);
+				_routeCmd("delete",rightt,_systemVia,_systemDevice,(const char *)0);
+			}
+			if (_via) {
+				_routeCmd("delete",leftt,_via,(const char *)0,(const char *)0);
+				_routeCmd("delete",rightt,_via,(const char *)0,(const char *)0);
+			} else if (_device[0]) {
+				_routeCmd("delete",leftt,_via,(const char *)0,_device);
+				_routeCmd("delete",rightt,_via,(const char *)0,_device);
+			}
+
+#endif // __BSD__ ------------------------------------------------------------
+
+#ifdef __LINUX__ // ----------------------------------------------------------
+
+			_routeCmd("del",leftt,_via,(_via) ? _device : (const char *)0);
+			_routeCmd("del",rightt,_via,(_via) ? _device : (const char *)0);
+
+#endif // __LINUX__ ----------------------------------------------------------
+
+#ifdef __WINDOWS__ // --------------------------------------------------------
+
+			_winRoute(true,interfaceLuid,interfaceIndex,leftt,_via);
+			_winRoute(true,interfaceLuid,interfaceIndex,rightt,_via);
+
+#endif // __WINDOWS__ --------------------------------------------------------
+
+		} else {
+
+#ifdef __BSD__ // ------------------------------------------------------------
+
+		if (_via) {
+			_routeCmd("delete",_target,_via,(const char *)0,(const char *)0);
+		} else if (_device[0]) {
+			_routeCmd("delete",_target,_via,(const char *)0,_device);
+		}
+
+#endif // __BSD__ ------------------------------------------------------------
+
+#ifdef __LINUX__ // ----------------------------------------------------------
+
+			_routeCmd("del",_target,_via,(_via) ? _device : (const char *)0);
+
+#endif // __LINUX__ ----------------------------------------------------------
+
+#ifdef __WINDOWS__ // --------------------------------------------------------
+
+			_winRoute(true,interfaceLuid,interfaceIndex,_target,_via);
+
+#endif // __WINDOWS__ --------------------------------------------------------
+
+		}
+	}
+
+	_target.zero();
+	_via.zero();
+	_systemVia.zero();
+	_device[0] = (char)0;
+	_systemDevice[0] = (char)0;
+	_applied = false;
+}
+
+} // namespace ZeroTier
diff --git a/osdep/ManagedRoute.hpp b/osdep/ManagedRoute.hpp
new file mode 100644
index 0000000..63310f2
--- /dev/null
+++ b/osdep/ManagedRoute.hpp
@@ -0,0 +1,107 @@
+#ifndef ZT_MANAGEDROUTE_HPP
+#define ZT_MANAGEDROUTE_HPP
+
+#include <stdlib.h>
+#include <string.h>
+
+#include "../node/InetAddress.hpp"
+#include "../node/Utils.hpp"
+
+#include <stdexcept>
+#include <vector>
+
+namespace ZeroTier {
+
+/**
+ * A ZT-managed route that used C++ RAII semantics to automatically clean itself up on deallocate
+ */
+class ManagedRoute
+{
+public:
+	ManagedRoute()
+	{
+		_device[0] = (char)0;
+		_systemDevice[0] = (char)0;
+		_applied = false;
+	}
+
+	~ManagedRoute()
+	{
+		this->remove();
+	}
+
+	ManagedRoute(const ManagedRoute &r)
+	{
+		_applied = false;
+		*this = r;
+	}
+
+	inline ManagedRoute &operator=(const ManagedRoute &r)
+	{
+		if ((!_applied)&&(!r._applied)) {
+			memcpy(this,&r,sizeof(ManagedRoute)); // InetAddress is memcpy'able
+		} else {
+			fprintf(stderr,"Applied ManagedRoute isn't copyable!\n");
+			abort();
+		}
+		return *this;
+	}
+
+	/**
+	 * Initialize object and set route
+	 *
+	 * Note: on Windows, use the interface NET_LUID in hexadecimal as the
+	 * "device name."
+	 *
+	 * @param target Route target (e.g. 0.0.0.0/0 for default)
+	 * @param via Route next L3 hop or NULL InetAddress if local in which case it will be routed via device
+	 * @param device Name or hex LUID of ZeroTier device (e.g. zt#)
+	 * @return True if route was successfully set
+	 */
+	inline bool set(const InetAddress &target,const InetAddress &via,const char *device)
+	{
+		if ((!via)&&(!device[0]))
+			return false;
+		this->remove();
+		_target = target;
+		_via = via;
+		Utils::scopy(_device,sizeof(_device),device);
+		return this->sync();
+	}
+
+	/**
+	 * Set or update currently set route
+	 *
+	 * This must be called periodically for routes that shadow others so that
+	 * shadow routes can be updated. In some cases it has no effect
+	 *
+	 * @return True if route add/update was successful
+	 */
+	bool sync();
+
+	/**
+	 * Remove and clear this ManagedRoute
+	 *
+	 * This does nothing if this ManagedRoute is not set or has already been
+	 * removed. If this is not explicitly called it is called automatically on
+	 * destruct.
+	 */
+	void remove();
+
+	inline const InetAddress &target() const { return _target; }
+	inline const InetAddress &via() const { return _via; }
+	inline const char *device() const { return _device; }
+
+private:
+
+	InetAddress _target;
+	InetAddress _via;
+	InetAddress _systemVia; // for route overrides
+	char _device[128];
+	char _systemDevice[128]; // for route overrides
+	bool _applied;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/osdep/OSUtils.cpp b/osdep/OSUtils.cpp
new file mode 100644
index 0000000..3a04308
--- /dev/null
+++ b/osdep/OSUtils.cpp
@@ -0,0 +1,273 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <sys/stat.h>
+
+#include "../node/Constants.hpp"
+
+#ifdef __UNIX_LIKE__
+#include <unistd.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/uio.h>
+#include <dirent.h>
+#include <netdb.h>
+#endif
+
+#ifdef __WINDOWS__
+#include <windows.h>
+#include <wincrypt.h>
+#include <ShlObj.h>
+#include <netioapi.h>
+#include <iphlpapi.h>
+#endif
+
+#include "OSUtils.hpp"
+
+namespace ZeroTier {
+
+#ifdef __UNIX_LIKE__
+bool OSUtils::redirectUnixOutputs(const char *stdoutPath,const char *stderrPath)
+	throw()
+{
+	int fdout = ::open(stdoutPath,O_WRONLY|O_CREAT,0600);
+	if (fdout > 0) {
+		int fderr;
+		if (stderrPath) {
+			fderr = ::open(stderrPath,O_WRONLY|O_CREAT,0600);
+			if (fderr <= 0) {
+				::close(fdout);
+				return false;
+			}
+		} else fderr = fdout;
+		::close(STDOUT_FILENO);
+		::close(STDERR_FILENO);
+		::dup2(fdout,STDOUT_FILENO);
+		::dup2(fderr,STDERR_FILENO);
+		return true;
+	}
+	return false;
+}
+#endif // __UNIX_LIKE__
+
+std::vector<std::string> OSUtils::listDirectory(const char *path)
+{
+	std::vector<std::string> r;
+
+#ifdef __WINDOWS__
+	HANDLE hFind;
+	WIN32_FIND_DATAA ffd;
+	if ((hFind = FindFirstFileA((std::string(path) + "\\*").c_str(),&ffd)) != INVALID_HANDLE_VALUE) {
+		do {
+			if ((strcmp(ffd.cFileName,"."))&&(strcmp(ffd.cFileName,".."))&&((ffd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) == 0))
+				r.push_back(std::string(ffd.cFileName));
+		} while (FindNextFileA(hFind,&ffd));
+		FindClose(hFind);
+	}
+#else
+	struct dirent de;
+	struct dirent *dptr;
+	DIR *d = opendir(path);
+	if (!d)
+		return r;
+	dptr = (struct dirent *)0;
+	for(;;) {
+		if (readdir_r(d,&de,&dptr))
+			break;
+		if (dptr) {
+			if ((strcmp(dptr->d_name,"."))&&(strcmp(dptr->d_name,".."))&&(dptr->d_type != DT_DIR))
+				r.push_back(std::string(dptr->d_name));
+		} else break;
+	}
+	closedir(d);
+#endif
+
+	return r;
+}
+
+void OSUtils::lockDownFile(const char *path,bool isDir)
+{
+#ifdef __UNIX_LIKE__
+	chmod(path,isDir ? 0700 : 0600);
+#else
+#ifdef __WINDOWS__
+	{
+		STARTUPINFOA startupInfo;
+		PROCESS_INFORMATION processInfo;
+
+		startupInfo.cb = sizeof(startupInfo);
+		memset(&startupInfo,0,sizeof(STARTUPINFOA));
+		memset(&processInfo,0,sizeof(PROCESS_INFORMATION));
+		if (CreateProcessA(NULL,(LPSTR)(std::string("C:\\Windows\\System32\\icacls.exe \"") + path + "\" /inheritance:d /Q").c_str(),NULL,NULL,FALSE,CREATE_NO_WINDOW,NULL,NULL,&startupInfo,&processInfo)) {
+			WaitForSingleObject(processInfo.hProcess,INFINITE);
+			CloseHandle(processInfo.hProcess);
+			CloseHandle(processInfo.hThread);
+		}
+
+		startupInfo.cb = sizeof(startupInfo);
+		memset(&startupInfo,0,sizeof(STARTUPINFOA));
+		memset(&processInfo,0,sizeof(PROCESS_INFORMATION));
+		if (CreateProcessA(NULL,(LPSTR)(std::string("C:\\Windows\\System32\\icacls.exe \"") + path + "\" /remove *S-1-5-32-545 /Q").c_str(),NULL,NULL,FALSE,CREATE_NO_WINDOW,NULL,NULL,&startupInfo,&processInfo)) {
+			WaitForSingleObject(processInfo.hProcess,INFINITE);
+			CloseHandle(processInfo.hProcess);
+			CloseHandle(processInfo.hThread);
+		}
+	}
+#endif
+#endif
+}
+
+uint64_t OSUtils::getLastModified(const char *path)
+{
+	struct stat s;
+	if (stat(path,&s))
+		return 0;
+	return (((uint64_t)s.st_mtime) * 1000ULL);
+}
+
+bool OSUtils::fileExists(const char *path,bool followLinks)
+{
+	struct stat s;
+#ifdef __UNIX_LIKE__
+	if (!followLinks)
+		return (lstat(path,&s) == 0);
+#endif
+	return (stat(path,&s) == 0);
+}
+
+int64_t OSUtils::getFileSize(const char *path)
+{
+	struct stat s;
+	if (stat(path,&s))
+		return -1;
+#ifdef __WINDOWS__
+	return s.st_size;
+#else
+	if (S_ISREG(s.st_mode))
+		return s.st_size;
+#endif
+	return -1;
+}
+
+std::vector<InetAddress> OSUtils::resolve(const char *name)
+{
+	std::vector<InetAddress> r;
+	std::vector<InetAddress>::iterator i;
+	InetAddress tmp;
+	struct addrinfo *ai = (struct addrinfo *)0,*p;
+	if (!getaddrinfo(name,(const char *)0,(const struct addrinfo *)0,&ai)) {
+		try {
+			p = ai;
+			while (p) {
+				if ((p->ai_addr)&&((p->ai_addr->sa_family == AF_INET)||(p->ai_addr->sa_family == AF_INET6))) {
+					tmp = *(p->ai_addr);
+					for(i=r.begin();i!=r.end();++i) {
+						if (i->ipsEqual(tmp))
+							goto skip_add_inetaddr;
+					}
+					r.push_back(tmp);
+				}
+skip_add_inetaddr:
+				p = p->ai_next;
+			}
+		} catch ( ... ) {}
+		freeaddrinfo(ai);
+	}
+	std::sort(r.begin(),r.end());
+	return r;
+}
+
+bool OSUtils::readFile(const char *path,std::string &buf)
+{
+	char tmp[1024];
+	FILE *f = fopen(path,"rb");
+	if (f) {
+		for(;;) {
+			long n = (long)fread(tmp,1,sizeof(tmp),f);
+			if (n > 0)
+				buf.append(tmp,n);
+			else break;
+		}
+		fclose(f);
+		return true;
+	}
+	return false;
+}
+
+bool OSUtils::writeFile(const char *path,const void *buf,unsigned int len)
+{
+	FILE *f = fopen(path,"wb");
+	if (f) {
+		if ((long)fwrite(buf,1,len,f) != (long)len) {
+			fclose(f);
+			return false;
+		} else {
+			fclose(f);
+			return true;
+		}
+	}
+	return false;
+}
+
+std::string OSUtils::platformDefaultHomePath()
+{
+#ifdef __UNIX_LIKE__
+
+#ifdef __APPLE__
+	// /Library/... on Apple
+	return std::string("/Library/Application Support/ZeroTier/One");
+#else
+
+#ifdef __BSD__
+	// BSD likes /var/db instead of /var/lib
+	return std::string("/var/db/zerotier-one");
+#else
+	// Use /var/lib for Linux and other *nix
+	return std::string("/var/lib/zerotier-one");
+#endif
+
+#endif
+
+#else // not __UNIX_LIKE__
+
+#ifdef __WINDOWS__
+	// Look up app data folder on Windows, e.g. C:\ProgramData\...
+	char buf[16384];
+	if (SUCCEEDED(SHGetFolderPathA(NULL,CSIDL_COMMON_APPDATA,NULL,0,buf)))
+		return (std::string(buf) + "\\ZeroTier\\One");
+	else return std::string("C:\\ZeroTier\\One");
+#else
+
+	return (std::string(ZT_PATH_SEPARATOR_S) + "ZeroTier" + ZT_PATH_SEPARATOR_S + "One"); // UNKNOWN PLATFORM
+
+#endif
+
+#endif // __UNIX_LIKE__ or not...
+}
+
+// Used to convert HTTP header names to ASCII lower case
+const unsigned char OSUtils::TOLOWER_TABLE[256] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, ' ', '!', '"', '#', '$', '%', '&', 0x27, '(', ')', '*', '+', ',', '-', '.', '/', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', ':', ';', '<', '=', '>', '?', '@', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '{', '|', '}', '~', '_', '`', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '{', '|', '}', '~', 0x7f, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff };
+
+} // namespace ZeroTier
diff --git a/osdep/OSUtils.hpp b/osdep/OSUtils.hpp
new file mode 100644
index 0000000..25bed9f
--- /dev/null
+++ b/osdep/OSUtils.hpp
@@ -0,0 +1,249 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_OSUTILS_HPP
+#define ZT_OSUTILS_HPP
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+#include <time.h>
+
+#include <string>
+#include <stdexcept>
+#include <vector>
+#include <map>
+
+#include "../node/Constants.hpp"
+#include "../node/InetAddress.hpp"
+
+#ifdef __WINDOWS__
+#include <WinSock2.h>
+#include <Windows.h>
+#include <Shlwapi.h>
+#else
+#include <unistd.h>
+#include <errno.h>
+#include <sys/time.h>
+#include <sys/stat.h>
+#include <arpa/inet.h>
+#endif
+
+namespace ZeroTier {
+
+/**
+ * Miscellaneous utility functions and global constants
+ */
+class OSUtils
+{
+public:
+#ifdef __UNIX_LIKE__
+	/**
+	 * Close STDOUT_FILENO and STDERR_FILENO and replace them with output to given path
+	 *
+	 * This can be called after fork() and prior to exec() to suppress output
+	 * from a subprocess, such as auto-update.
+	 *
+	 * @param stdoutPath Path to file to use for stdout
+	 * @param stderrPath Path to file to use for stderr, or NULL for same as stdout (default)
+	 * @return True on success
+	 */
+	static bool redirectUnixOutputs(const char *stdoutPath,const char *stderrPath = (const char *)0)
+		throw();
+#endif // __UNIX_LIKE__
+
+	/**
+	 * Delete a file
+	 *
+	 * @param path Path to delete
+	 * @return True if delete was successful
+	 */
+	static inline bool rm(const char *path)
+		throw()
+	{
+#ifdef __WINDOWS__
+		return (DeleteFileA(path) != FALSE);
+#else
+		return (unlink(path) == 0);
+#endif
+	}
+	static inline bool rm(const std::string &path) throw() { return rm(path.c_str()); }
+
+	static inline bool mkdir(const char *path)
+	{
+#ifdef __WINDOWS__
+		if (::PathIsDirectoryA(path))
+			return true;
+		return (::CreateDirectoryA(path,NULL) == TRUE);
+#else
+		if (::mkdir(path,0755) != 0)
+			return (errno == EEXIST);
+		return true;
+#endif
+	}
+	static inline bool mkdir(const std::string &path) throw() { return OSUtils::mkdir(path.c_str()); }
+
+	/**
+	 * List a directory's contents
+	 *
+	 * This returns only files, not sub-directories.
+	 *
+	 * @param path Path to list
+	 * @return Names of files in directory
+	 */
+	static std::vector<std::string> listDirectory(const char *path);
+
+	/**
+	 * Set modes on a file to something secure
+	 *
+	 * This locks a file so that only the owner can access it. What it actually
+	 * does varies by platform.
+	 *
+	 * @param path Path to lock
+	 * @param isDir True if this is a directory
+	 */
+	static void lockDownFile(const char *path,bool isDir);
+
+	/**
+	 * Get file last modification time
+	 *
+	 * Resolution is often only second, not millisecond, but the return is
+	 * always in ms for comparison against now().
+	 *
+	 * @param path Path to file to get time
+	 * @return Last modification time in ms since epoch or 0 if not found
+	 */
+	static uint64_t getLastModified(const char *path);
+
+	/**
+	 * @param path Path to check
+	 * @param followLinks Follow links (on platforms with that concept)
+	 * @return True if file or directory exists at path location
+	 */
+	static bool fileExists(const char *path,bool followLinks = true);
+
+	/**
+	 * @param path Path to file
+	 * @return File size or -1 if nonexistent or other failure
+	 */
+	static int64_t getFileSize(const char *path);
+
+	/**
+	 * Get IP (v4 and/or v6) addresses for a given host
+	 *
+	 * This is a blocking resolver.
+	 *
+	 * @param name Host name
+	 * @return IP addresses in InetAddress sort order or empty vector if not found
+	 */
+	static std::vector<InetAddress> resolve(const char *name);
+
+	/**
+	 * @return Current time in milliseconds since epoch
+	 */
+	static inline uint64_t now()
+		throw()
+	{
+#ifdef __WINDOWS__
+		FILETIME ft;
+		SYSTEMTIME st;
+		ULARGE_INTEGER tmp;
+		GetSystemTime(&st);
+		SystemTimeToFileTime(&st,&ft);
+		tmp.LowPart = ft.dwLowDateTime;
+		tmp.HighPart = ft.dwHighDateTime;
+		return ( ((tmp.QuadPart - 116444736000000000ULL) / 10000L) + st.wMilliseconds );
+#else
+		struct timeval tv;
+		gettimeofday(&tv,(struct timezone *)0);
+		return ( (1000ULL * (uint64_t)tv.tv_sec) + (uint64_t)(tv.tv_usec / 1000) );
+#endif
+	};
+
+	/**
+	 * @return Current time in seconds since epoch, to the highest available resolution
+	 */
+	static inline double nowf()
+		throw()
+	{
+#ifdef __WINDOWS__
+		FILETIME ft;
+		SYSTEMTIME st;
+		ULARGE_INTEGER tmp;
+		GetSystemTime(&st);
+		SystemTimeToFileTime(&st,&ft);
+		tmp.LowPart = ft.dwLowDateTime;
+		tmp.HighPart = ft.dwHighDateTime;
+		return (((double)(tmp.QuadPart - 116444736000000000ULL)) / 10000000.0);
+#else
+		struct timeval tv;
+		gettimeofday(&tv,(struct timezone *)0);
+		return ( ((double)tv.tv_sec) + (((double)tv.tv_usec) / 1000000.0) );
+#endif
+	}
+
+	/**
+	 * Read the full contents of a file into a string buffer
+	 *
+	 * The buffer isn't cleared, so if it already contains data the file's data will
+	 * be appended.
+	 *
+	 * @param path Path of file to read
+	 * @param buf Buffer to fill
+	 * @return True if open and read successful
+	 */
+	static bool readFile(const char *path,std::string &buf);
+
+	/**
+	 * Write a block of data to disk, replacing any current file contents
+	 *
+	 * @param path Path to write
+	 * @param buf Buffer containing data
+	 * @param len Length of buffer
+	 * @return True if entire file was successfully written
+	 */
+	static bool writeFile(const char *path,const void *buf,unsigned int len);
+
+	/**
+	 * Write a block of data to disk, replacing any current file contents
+	 *
+	 * @param path Path to write
+	 * @param s Data to write
+	 * @return True if entire file was successfully written
+	 */
+	static inline bool writeFile(const char *path,const std::string &s) { return writeFile(path,s.data(),(unsigned int)s.length()); }
+
+	/**
+	 * @param c ASCII character to convert
+	 * @return Lower case ASCII character or unchanged if not a letter
+	 */
+	static inline char toLower(char c) throw() { return (char)OSUtils::TOLOWER_TABLE[(unsigned long)c]; }
+
+	/**
+	 * @return Platform default ZeroTier One home path
+	 */
+	static std::string platformDefaultHomePath();
+
+private:
+	static const unsigned char TOLOWER_TABLE[256];
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/osdep/OSXEthernetTap.cpp b/osdep/OSXEthernetTap.cpp
new file mode 100644
index 0000000..b358092
--- /dev/null
+++ b/osdep/OSXEthernetTap.cpp
@@ -0,0 +1,659 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include <unistd.h>
+#include <signal.h>
+
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/ioctl.h>
+#include <sys/wait.h>
+#include <sys/select.h>
+#include <sys/cdefs.h>
+#include <sys/uio.h>
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <net/route.h>
+#include <net/if.h>
+#include <net/if_arp.h>
+#include <net/if_dl.h>
+#include <net/if_media.h>
+#include <sys/sysctl.h>
+#include <netinet6/in6_var.h>
+#include <netinet/in_var.h>
+#include <netinet/icmp6.h>
+
+// OSX compile fix... in6_var defines this in a struct which namespaces it for C++ ... why?!?
+struct prf_ra {
+	u_char onlink : 1;
+	u_char autonomous : 1;
+	u_char reserved : 6;
+} prf_ra;
+
+#include <netinet6/nd6.h>
+#include <ifaddrs.h>
+
+// These are KERNEL_PRIVATE... why?
+#ifndef SIOCAUTOCONF_START
+#define SIOCAUTOCONF_START _IOWR('i', 132, struct in6_ifreq)    /* accept rtadvd on this interface */
+#endif
+#ifndef SIOCAUTOCONF_STOP
+#define SIOCAUTOCONF_STOP _IOWR('i', 133, struct in6_ifreq)    /* stop accepting rtadv for this interface */
+#endif
+
+// --------------------------------------------------------------------------
+// --------------------------------------------------------------------------
+// This source is from:
+// http://www.opensource.apple.com/source/Libinfo/Libinfo-406.17/gen.subproj/getifmaddrs.c?txt
+// It's here because OSX 10.6 does not have this convenience function.
+
+#define	SALIGN	(sizeof(uint32_t) - 1)
+#define	SA_RLEN(sa)	((sa)->sa_len ? (((sa)->sa_len + SALIGN) & ~SALIGN) : \
+(SALIGN + 1))
+#define	MAX_SYSCTL_TRY	5
+#define	RTA_MASKS	(RTA_GATEWAY | RTA_IFP | RTA_IFA)
+
+/* FreeBSD uses NET_RT_IFMALIST and RTM_NEWMADDR from <sys/socket.h> */
+/* We can use NET_RT_IFLIST2 and RTM_NEWMADDR2 on Darwin */
+//#define DARWIN_COMPAT
+
+//#ifdef DARWIN_COMPAT
+#define GIM_SYSCTL_MIB NET_RT_IFLIST2
+#define GIM_RTM_ADDR RTM_NEWMADDR2
+//#else
+//#define GIM_SYSCTL_MIB NET_RT_IFMALIST
+//#define GIM_RTM_ADDR RTM_NEWMADDR
+//#endif
+
+// Not in 10.6 includes so use our own
+struct _intl_ifmaddrs {
+	struct _intl_ifmaddrs *ifma_next;
+	struct sockaddr *ifma_name;
+	struct sockaddr *ifma_addr;
+	struct sockaddr *ifma_lladdr;
+};
+
+static inline int _intl_getifmaddrs(struct _intl_ifmaddrs **pif)
+{
+	int icnt = 1;
+	int dcnt = 0;
+	int ntry = 0;
+	size_t len;
+	size_t needed;
+	int mib[6];
+	int i;
+	char *buf;
+	char *data;
+	char *next;
+	char *p;
+	struct ifma_msghdr2 *ifmam;
+	struct _intl_ifmaddrs *ifa, *ift;
+	struct rt_msghdr *rtm;
+	struct sockaddr *sa;
+
+	mib[0] = CTL_NET;
+	mib[1] = PF_ROUTE;
+	mib[2] = 0;             /* protocol */
+	mib[3] = 0;             /* wildcard address family */
+	mib[4] = GIM_SYSCTL_MIB;
+	mib[5] = 0;             /* no flags */
+	do {
+		if (sysctl(mib, 6, NULL, &needed, NULL, 0) < 0)
+			return (-1);
+		if ((buf = (char *)malloc(needed)) == NULL)
+			return (-1);
+		if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0) {
+			if (errno != ENOMEM || ++ntry >= MAX_SYSCTL_TRY) {
+				free(buf);
+				return (-1);
+			}
+			free(buf);
+			buf = NULL;
+		}
+	} while (buf == NULL);
+
+	for (next = buf; next < buf + needed; next += rtm->rtm_msglen) {
+		rtm = (struct rt_msghdr *)(void *)next;
+		if (rtm->rtm_version != RTM_VERSION)
+			continue;
+		switch (rtm->rtm_type) {
+			case GIM_RTM_ADDR:
+				ifmam = (struct ifma_msghdr2 *)(void *)rtm;
+				if ((ifmam->ifmam_addrs & RTA_IFA) == 0)
+					break;
+				icnt++;
+				p = (char *)(ifmam + 1);
+				for (i = 0; i < RTAX_MAX; i++) {
+					if ((RTA_MASKS & ifmam->ifmam_addrs &
+						 (1 << i)) == 0)
+						continue;
+					sa = (struct sockaddr *)(void *)p;
+					len = SA_RLEN(sa);
+					dcnt += len;
+					p += len;
+				}
+				break;
+		}
+	}
+
+	data = (char *)malloc(sizeof(struct _intl_ifmaddrs) * icnt + dcnt);
+	if (data == NULL) {
+		free(buf);
+		return (-1);
+	}
+
+	ifa = (struct _intl_ifmaddrs *)(void *)data;
+	data += sizeof(struct _intl_ifmaddrs) * icnt;
+
+	memset(ifa, 0, sizeof(struct _intl_ifmaddrs) * icnt);
+	ift = ifa;
+
+	for (next = buf; next < buf + needed; next += rtm->rtm_msglen) {
+		rtm = (struct rt_msghdr *)(void *)next;
+		if (rtm->rtm_version != RTM_VERSION)
+			continue;
+
+		switch (rtm->rtm_type) {
+			case GIM_RTM_ADDR:
+				ifmam = (struct ifma_msghdr2 *)(void *)rtm;
+				if ((ifmam->ifmam_addrs & RTA_IFA) == 0)
+					break;
+
+				p = (char *)(ifmam + 1);
+				for (i = 0; i < RTAX_MAX; i++) {
+					if ((RTA_MASKS & ifmam->ifmam_addrs &
+						 (1 << i)) == 0)
+						continue;
+					sa = (struct sockaddr *)(void *)p;
+					len = SA_RLEN(sa);
+					switch (i) {
+						case RTAX_GATEWAY:
+							ift->ifma_lladdr =
+							(struct sockaddr *)(void *)data;
+							memcpy(data, p, len);
+							data += len;
+							break;
+
+						case RTAX_IFP:
+							ift->ifma_name =
+							(struct sockaddr *)(void *)data;
+							memcpy(data, p, len);
+							data += len;
+							break;
+
+						case RTAX_IFA:
+							ift->ifma_addr =
+							(struct sockaddr *)(void *)data;
+							memcpy(data, p, len);
+							data += len;
+							break;
+
+						default:
+							data += len;
+							break;
+					}
+					p += len;
+				}
+				ift->ifma_next = ift + 1;
+				ift = ift->ifma_next;
+				break;
+		}
+	}
+
+	free(buf);
+
+	if (ift > ifa) {
+		ift--;
+		ift->ifma_next = NULL;
+		*pif = ifa;
+	} else {
+		*pif = NULL;
+		free(ifa);
+	}
+	return (0);
+}
+
+static inline void _intl_freeifmaddrs(struct _intl_ifmaddrs *ifmp)
+{
+	free(ifmp);
+}
+
+// --------------------------------------------------------------------------
+// --------------------------------------------------------------------------
+
+#include <string>
+#include <map>
+#include <set>
+#include <algorithm>
+
+#include "../node/Constants.hpp"
+#include "../node/Utils.hpp"
+#include "../node/Mutex.hpp"
+#include "../node/Dictionary.hpp"
+#include "OSUtils.hpp"
+#include "OSXEthernetTap.hpp"
+
+// ff:ff:ff:ff:ff:ff with no ADI
+static const ZeroTier::MulticastGroup _blindWildcardMulticastGroup(ZeroTier::MAC(0xff),0);
+
+static inline bool _setIpv6Stuff(const char *ifname,bool performNUD,bool acceptRouterAdverts)
+{
+	struct in6_ndireq nd;
+	struct in6_ifreq ifr;
+
+	int s = socket(AF_INET6,SOCK_DGRAM,0);
+	if (s <= 0)
+		return false;
+
+	memset(&nd,0,sizeof(nd));
+	strncpy(nd.ifname,ifname,sizeof(nd.ifname));
+
+	if (ioctl(s,SIOCGIFINFO_IN6,&nd)) {
+		close(s);
+		return false;
+	}
+
+	unsigned long oldFlags = (unsigned long)nd.ndi.flags;
+
+	if (performNUD)
+		nd.ndi.flags |= ND6_IFF_PERFORMNUD;
+	else nd.ndi.flags &= ~ND6_IFF_PERFORMNUD;
+
+	if (oldFlags != (unsigned long)nd.ndi.flags) {
+		if (ioctl(s,SIOCSIFINFO_FLAGS,&nd)) {
+			close(s);
+			return false;
+		}
+	}
+
+	memset(&ifr,0,sizeof(ifr));
+	strncpy(ifr.ifr_name,ifname,sizeof(ifr.ifr_name));
+	if (ioctl(s,acceptRouterAdverts ? SIOCAUTOCONF_START : SIOCAUTOCONF_STOP,&ifr)) {
+		close(s);
+		return false;
+	}
+
+	close(s);
+	return true;
+}
+
+namespace ZeroTier {
+
+static long globalTapsRunning = 0;
+static Mutex globalTapCreateLock;
+
+OSXEthernetTap::OSXEthernetTap(
+	const char *homePath,
+	const MAC &mac,
+	unsigned int mtu,
+	unsigned int metric,
+	uint64_t nwid,
+	const char *friendlyName,
+	void (*handler)(void *,uint64_t,const MAC &,const MAC &,unsigned int,unsigned int,const void *data,unsigned int len),
+	void *arg) :
+	_handler(handler),
+	_arg(arg),
+	_nwid(nwid),
+	_homePath(homePath),
+	_mtu(mtu),
+	_metric(metric),
+	_fd(0),
+	_enabled(true)
+{
+	char devpath[64],ethaddr[64],mtustr[32],metstr[32],nwids[32];
+	struct stat stattmp;
+
+	Utils::snprintf(nwids,sizeof(nwids),"%.16llx",nwid);
+
+	if (mtu > 2800)
+		throw std::runtime_error("max tap MTU is 2800");
+
+	Mutex::Lock _gl(globalTapCreateLock);
+
+	if (::stat("/dev/zt0",&stattmp)) {
+		long kextpid = (long)vfork();
+		if (kextpid == 0) {
+			::chdir(homePath);
+			OSUtils::redirectUnixOutputs("/dev/null",(const char *)0);
+			::execl("/sbin/kextload","/sbin/kextload","-q","-repository",homePath,"tap.kext",(const char *)0);
+			::_exit(-1);
+		} else if (kextpid > 0) {
+			int exitcode = -1;
+			::waitpid(kextpid,&exitcode,0);
+		}
+		::usleep(500); // give tap device driver time to start up and try again
+		if (::stat("/dev/zt0",&stattmp))
+			throw std::runtime_error("/dev/zt# tap devices do not exist and cannot load tap.kext");
+	}
+
+	// Try to reopen the last device we had, if we had one and it's still unused.
+	bool recalledDevice = false;
+	std::string devmapbuf;
+	Dictionary<8194> devmap;
+	if (OSUtils::readFile((_homePath + ZT_PATH_SEPARATOR_S + "devicemap").c_str(),devmapbuf)) {
+		devmap.load(devmapbuf.c_str());
+		char desiredDevice[128];
+		if (devmap.get(nwids,desiredDevice,sizeof(desiredDevice)) > 0) {
+			Utils::snprintf(devpath,sizeof(devpath),"/dev/%s",desiredDevice);
+			if (stat(devpath,&stattmp) == 0) {
+				_fd = ::open(devpath,O_RDWR);
+				if (_fd > 0) {
+					_dev = desiredDevice;
+					recalledDevice = true;
+				}
+			}
+		}
+	}
+
+	// Open the first unused tap device if we didn't recall a previous one.
+	if (!recalledDevice) {
+		for(int i=0;i<64;++i) {
+			Utils::snprintf(devpath,sizeof(devpath),"/dev/zt%d",i);
+			if (stat(devpath,&stattmp))
+				throw std::runtime_error("no more TAP devices available");
+			_fd = ::open(devpath,O_RDWR);
+			if (_fd > 0) {
+				char foo[16];
+				Utils::snprintf(foo,sizeof(foo),"zt%d",i);
+				_dev = foo;
+				break;
+			}
+		}
+	}
+
+	if (_fd <= 0)
+		throw std::runtime_error("unable to open TAP device or no more devices available");
+
+	if (fcntl(_fd,F_SETFL,fcntl(_fd,F_GETFL) & ~O_NONBLOCK) == -1) {
+		::close(_fd);
+		throw std::runtime_error("unable to set flags on file descriptor for TAP device");
+	}
+
+	// Configure MAC address and MTU, bring interface up
+	Utils::snprintf(ethaddr,sizeof(ethaddr),"%.2x:%.2x:%.2x:%.2x:%.2x:%.2x",(int)mac[0],(int)mac[1],(int)mac[2],(int)mac[3],(int)mac[4],(int)mac[5]);
+	Utils::snprintf(mtustr,sizeof(mtustr),"%u",_mtu);
+	Utils::snprintf(metstr,sizeof(metstr),"%u",_metric);
+	long cpid = (long)vfork();
+	if (cpid == 0) {
+		::execl("/sbin/ifconfig","/sbin/ifconfig",_dev.c_str(),"lladdr",ethaddr,"mtu",mtustr,"metric",metstr,"up",(const char *)0);
+		::_exit(-1);
+	} else if (cpid > 0) {
+		int exitcode = -1;
+		::waitpid(cpid,&exitcode,0);
+		if (exitcode) {
+			::close(_fd);
+			throw std::runtime_error("ifconfig failure setting link-layer address and activating tap interface");
+		}
+	}
+
+	_setIpv6Stuff(_dev.c_str(),true,false);
+
+	// Set close-on-exec so that devices cannot persist if we fork/exec for update
+	fcntl(_fd,F_SETFD,fcntl(_fd,F_GETFD) | FD_CLOEXEC);
+
+	::pipe(_shutdownSignalPipe);
+
+	++globalTapsRunning;
+
+	devmap.erase(nwids);
+	devmap.add(nwids,_dev.c_str());
+	OSUtils::writeFile((_homePath + ZT_PATH_SEPARATOR_S + "devicemap").c_str(),(const void *)devmap.data(),devmap.sizeBytes());
+
+	_thread = Thread::start(this);
+}
+
+OSXEthernetTap::~OSXEthernetTap()
+{
+	::write(_shutdownSignalPipe[1],"\0",1); // causes thread to exit
+	Thread::join(_thread);
+
+	::close(_fd);
+	::close(_shutdownSignalPipe[0]);
+	::close(_shutdownSignalPipe[1]);
+
+	{
+		Mutex::Lock _gl(globalTapCreateLock);
+		if (--globalTapsRunning <= 0) {
+			globalTapsRunning = 0; // sanity check -- should not be possible
+
+			char tmp[16384];
+			sprintf(tmp,"%s/%s",_homePath.c_str(),"tap.kext");
+			long kextpid = (long)vfork();
+			if (kextpid == 0) {
+				OSUtils::redirectUnixOutputs("/dev/null",(const char *)0);
+				::execl("/sbin/kextunload","/sbin/kextunload",tmp,(const char *)0);
+				::_exit(-1);
+			} else if (kextpid > 0) {
+				int exitcode = -1;
+				::waitpid(kextpid,&exitcode,0);
+			}
+		}
+	}
+}
+
+void OSXEthernetTap::setEnabled(bool en)
+{
+	_enabled = en;
+	// TODO: interface status change
+}
+
+bool OSXEthernetTap::enabled() const
+{
+	return _enabled;
+}
+
+bool OSXEthernetTap::addIp(const InetAddress &ip)
+{
+	if (!ip)
+		return false;
+
+	long cpid = (long)vfork();
+	if (cpid == 0) {
+		::execl("/sbin/ifconfig","/sbin/ifconfig",_dev.c_str(),(ip.ss_family == AF_INET6) ? "inet6" : "inet",ip.toString().c_str(),"alias",(const char *)0);
+		::_exit(-1);
+	} else if (cpid > 0) {
+		int exitcode = -1;
+		::waitpid(cpid,&exitcode,0);
+		return (exitcode == 0);
+	} // else return false...
+
+	return false;
+}
+
+bool OSXEthernetTap::removeIp(const InetAddress &ip)
+{
+	if (!ip)
+		return true;
+	std::vector<InetAddress> allIps(ips());
+	for(std::vector<InetAddress>::iterator i(allIps.begin());i!=allIps.end();++i) {
+		if (*i == ip) {
+			long cpid = (long)vfork();
+			if (cpid == 0) {
+				execl("/sbin/ifconfig","/sbin/ifconfig",_dev.c_str(),(ip.ss_family == AF_INET6) ? "inet6" : "inet",ip.toIpString().c_str(),"-alias",(const char *)0);
+				_exit(-1);
+			} else if (cpid > 0) {
+				int exitcode = -1;
+				waitpid(cpid,&exitcode,0);
+				return (exitcode == 0);
+			}
+		}
+	}
+	return false;
+}
+
+std::vector<InetAddress> OSXEthernetTap::ips() const
+{
+	struct ifaddrs *ifa = (struct ifaddrs *)0;
+	if (getifaddrs(&ifa))
+		return std::vector<InetAddress>();
+
+	std::vector<InetAddress> r;
+
+	struct ifaddrs *p = ifa;
+	while (p) {
+		if ((!strcmp(p->ifa_name,_dev.c_str()))&&(p->ifa_addr)&&(p->ifa_netmask)&&(p->ifa_addr->sa_family == p->ifa_netmask->sa_family)) {
+			switch(p->ifa_addr->sa_family) {
+				case AF_INET: {
+					struct sockaddr_in *sin = (struct sockaddr_in *)p->ifa_addr;
+					struct sockaddr_in *nm = (struct sockaddr_in *)p->ifa_netmask;
+					r.push_back(InetAddress(&(sin->sin_addr.s_addr),4,Utils::countBits((uint32_t)nm->sin_addr.s_addr)));
+				}	break;
+				case AF_INET6: {
+					struct sockaddr_in6 *sin = (struct sockaddr_in6 *)p->ifa_addr;
+					struct sockaddr_in6 *nm = (struct sockaddr_in6 *)p->ifa_netmask;
+					uint32_t b[4];
+					memcpy(b,nm->sin6_addr.s6_addr,sizeof(b));
+					r.push_back(InetAddress(sin->sin6_addr.s6_addr,16,Utils::countBits(b[0]) + Utils::countBits(b[1]) + Utils::countBits(b[2]) + Utils::countBits(b[3])));
+				}	break;
+			}
+		}
+		p = p->ifa_next;
+	}
+
+	if (ifa)
+		freeifaddrs(ifa);
+
+	std::sort(r.begin(),r.end());
+	r.erase(std::unique(r.begin(),r.end()),r.end());
+
+	return r;
+}
+
+void OSXEthernetTap::put(const MAC &from,const MAC &to,unsigned int etherType,const void *data,unsigned int len)
+{
+	char putBuf[4096];
+	if ((_fd > 0)&&(len <= _mtu)&&(_enabled)) {
+		to.copyTo(putBuf,6);
+		from.copyTo(putBuf + 6,6);
+		*((uint16_t *)(putBuf + 12)) = htons((uint16_t)etherType);
+		memcpy(putBuf + 14,data,len);
+		len += 14;
+		::write(_fd,putBuf,len);
+	}
+}
+
+std::string OSXEthernetTap::deviceName() const
+{
+	return _dev;
+}
+
+void OSXEthernetTap::setFriendlyName(const char *friendlyName)
+{
+}
+
+void OSXEthernetTap::scanMulticastGroups(std::vector<MulticastGroup> &added,std::vector<MulticastGroup> &removed)
+{
+	std::vector<MulticastGroup> newGroups;
+
+	struct _intl_ifmaddrs *ifmap = (struct _intl_ifmaddrs *)0;
+	if (!_intl_getifmaddrs(&ifmap)) {
+		struct _intl_ifmaddrs *p = ifmap;
+		while (p) {
+			if (p->ifma_addr->sa_family == AF_LINK) {
+				struct sockaddr_dl *in = (struct sockaddr_dl *)p->ifma_name;
+				struct sockaddr_dl *la = (struct sockaddr_dl *)p->ifma_addr;
+				if ((la->sdl_alen == 6)&&(in->sdl_nlen <= _dev.length())&&(!memcmp(_dev.data(),in->sdl_data,in->sdl_nlen)))
+					newGroups.push_back(MulticastGroup(MAC(la->sdl_data + la->sdl_nlen,6),0));
+			}
+			p = p->ifma_next;
+		}
+		_intl_freeifmaddrs(ifmap);
+	}
+
+	std::vector<InetAddress> allIps(ips());
+	for(std::vector<InetAddress>::iterator ip(allIps.begin());ip!=allIps.end();++ip)
+		newGroups.push_back(MulticastGroup::deriveMulticastGroupForAddressResolution(*ip));
+
+	std::sort(newGroups.begin(),newGroups.end());
+	std::unique(newGroups.begin(),newGroups.end());
+
+	for(std::vector<MulticastGroup>::iterator m(newGroups.begin());m!=newGroups.end();++m) {
+		if (!std::binary_search(_multicastGroups.begin(),_multicastGroups.end(),*m))
+			added.push_back(*m);
+	}
+	for(std::vector<MulticastGroup>::iterator m(_multicastGroups.begin());m!=_multicastGroups.end();++m) {
+		if (!std::binary_search(newGroups.begin(),newGroups.end(),*m))
+			removed.push_back(*m);
+	}
+
+	_multicastGroups.swap(newGroups);
+}
+
+void OSXEthernetTap::threadMain()
+	throw()
+{
+	fd_set readfds,nullfds;
+	MAC to,from;
+	int n,nfds,r;
+	char getBuf[8194];
+
+	Thread::sleep(500);
+
+	FD_ZERO(&readfds);
+	FD_ZERO(&nullfds);
+	nfds = (int)std::max(_shutdownSignalPipe[0],_fd) + 1;
+
+	r = 0;
+	for(;;) {
+		FD_SET(_shutdownSignalPipe[0],&readfds);
+		FD_SET(_fd,&readfds);
+		select(nfds,&readfds,&nullfds,&nullfds,(struct timeval *)0);
+
+		if (FD_ISSET(_shutdownSignalPipe[0],&readfds)) // writes to shutdown pipe terminate thread
+			break;
+
+		if (FD_ISSET(_fd,&readfds)) {
+			n = (int)::read(_fd,getBuf + r,sizeof(getBuf) - r);
+			if (n < 0) {
+				if ((errno != EINTR)&&(errno != ETIMEDOUT))
+					break;
+			} else {
+				// Some tap drivers like to send the ethernet frame and the
+				// payload in two chunks, so handle that by accumulating
+				// data until we have at least a frame.
+				r += n;
+				if (r > 14) {
+					if (r > ((int)_mtu + 14)) // sanity check for weird TAP behavior on some platforms
+						r = _mtu + 14;
+
+					if (_enabled) {
+						to.setTo(getBuf,6);
+						from.setTo(getBuf + 6,6);
+						unsigned int etherType = ntohs(((const uint16_t *)getBuf)[6]);
+						// TODO: VLAN support
+						_handler(_arg,_nwid,from,to,etherType,0,(const void *)(getBuf + 14),r - 14);
+					}
+
+					r = 0;
+				}
+			}
+		}
+	}
+}
+
+} // namespace ZeroTier
diff --git a/osdep/OSXEthernetTap.hpp b/osdep/OSXEthernetTap.hpp
new file mode 100644
index 0000000..de48f9a
--- /dev/null
+++ b/osdep/OSXEthernetTap.hpp
@@ -0,0 +1,86 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_OSXETHERNETTAP_HPP
+#define ZT_OSXETHERNETTAP_HPP
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <stdexcept>
+#include <string>
+#include <vector>
+
+#include "../node/Constants.hpp"
+#include "../node/MAC.hpp"
+#include "../node/InetAddress.hpp"
+#include "../node/MulticastGroup.hpp"
+
+#include "Thread.hpp"
+
+namespace ZeroTier {
+
+/**
+ * OSX Ethernet tap using ZeroTier kernel extension zt# devices
+ */
+class OSXEthernetTap
+{
+public:
+	OSXEthernetTap(
+		const char *homePath,
+		const MAC &mac,
+		unsigned int mtu,
+		unsigned int metric,
+		uint64_t nwid,
+		const char *friendlyName,
+		void (*handler)(void *,uint64_t,const MAC &,const MAC &,unsigned int,unsigned int,const void *,unsigned int),
+		void *arg);
+
+	~OSXEthernetTap();
+
+	void setEnabled(bool en);
+	bool enabled() const;
+	bool addIp(const InetAddress &ip);
+	bool removeIp(const InetAddress &ip);
+	std::vector<InetAddress> ips() const;
+	void put(const MAC &from,const MAC &to,unsigned int etherType,const void *data,unsigned int len);
+	std::string deviceName() const;
+	void setFriendlyName(const char *friendlyName);
+	void scanMulticastGroups(std::vector<MulticastGroup> &added,std::vector<MulticastGroup> &removed);
+
+	void threadMain()
+		throw();
+
+private:
+	void (*_handler)(void *,uint64_t,const MAC &,const MAC &,unsigned int,unsigned int,const void *,unsigned int);
+	void *_arg;
+	uint64_t _nwid;
+	Thread _thread;
+	std::string _homePath;
+	std::string _dev;
+	std::vector<MulticastGroup> _multicastGroups;
+	unsigned int _mtu;
+	unsigned int _metric;
+	int _fd;
+	int _shutdownSignalPipe[2];
+	volatile bool _enabled;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/osdep/Phy.hpp b/osdep/Phy.hpp
new file mode 100644
index 0000000..eab8a31
--- /dev/null
+++ b/osdep/Phy.hpp
@@ -0,0 +1,1115 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_PHY_HPP
+#define ZT_PHY_HPP
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <list>
+#include <stdexcept>
+
+#if defined(_WIN32) || defined(_WIN64)
+
+#include <WinSock2.h>
+#include <WS2tcpip.h>
+#include <Windows.h>
+
+#define ZT_PHY_SOCKFD_TYPE SOCKET
+#define ZT_PHY_SOCKFD_NULL (INVALID_SOCKET)
+#define ZT_PHY_SOCKFD_VALID(s) ((s) != INVALID_SOCKET)
+#define ZT_PHY_CLOSE_SOCKET(s) ::closesocket(s)
+#define ZT_PHY_MAX_SOCKETS (FD_SETSIZE)
+#define ZT_PHY_MAX_INTERCEPTS ZT_PHY_MAX_SOCKETS
+#define ZT_PHY_SOCKADDR_STORAGE_TYPE struct sockaddr_storage
+
+#else // not Windows
+
+#include <errno.h>
+#include <signal.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/select.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <arpa/inet.h>
+#include <netinet/in.h>
+#include <netinet/tcp.h>
+
+#if defined(__linux__) || defined(linux) || defined(__LINUX__) || defined(__linux)
+#ifndef IPV6_DONTFRAG
+#define IPV6_DONTFRAG 62
+#endif
+#endif
+
+#define ZT_PHY_SOCKFD_TYPE int
+#define ZT_PHY_SOCKFD_NULL (-1)
+#define ZT_PHY_SOCKFD_VALID(s) ((s) > -1)
+#define ZT_PHY_CLOSE_SOCKET(s) ::close(s)
+#define ZT_PHY_MAX_SOCKETS (FD_SETSIZE)
+#define ZT_PHY_MAX_INTERCEPTS ZT_PHY_MAX_SOCKETS
+#define ZT_PHY_SOCKADDR_STORAGE_TYPE struct sockaddr_storage
+
+#endif // Windows or not
+
+namespace ZeroTier {
+
+/**
+ * Opaque socket type
+ */
+typedef void PhySocket;
+
+/**
+ * Simple templated non-blocking sockets implementation
+ *
+ * Yes there is boost::asio and libuv, but I like small binaries and I hate
+ * build dependencies. Both drag in a whole bunch of pasta with them.
+ *
+ * This class is templated on a pointer to a handler class which must
+ * implement the following functions:
+ *
+ * For all platforms:
+ *
+ * phyOnDatagram(PhySocket *sock,void **uptr,const struct sockaddr *localAddr,const struct sockaddr *from,void *data,unsigned long len)
+ * phyOnTcpConnect(PhySocket *sock,void **uptr,bool success)
+ * phyOnTcpAccept(PhySocket *sockL,PhySocket *sockN,void **uptrL,void **uptrN,const struct sockaddr *from)
+ * phyOnTcpClose(PhySocket *sock,void **uptr)
+ * phyOnTcpData(PhySocket *sock,void **uptr,void *data,unsigned long len)
+ * phyOnTcpWritable(PhySocket *sock,void **uptr)
+ * phyOnFileDescriptorActivity(PhySocket *sock,void **uptr,bool readable,bool writable)
+ *
+ * On Linux/OSX/Unix only (not required/used on Windows or elsewhere):
+ *
+ * phyOnUnixAccept(PhySocket *sockL,PhySocket *sockN,void **uptrL,void **uptrN)
+ * phyOnUnixClose(PhySocket *sock,void **uptr)
+ * phyOnUnixData(PhySocket *sock,void **uptr,void *data,unsigned long len)
+ * phyOnUnixWritable(PhySocket *sock,void **uptr)
+ *
+ * These templates typically refer to function objects. Templates are used to
+ * avoid the call overhead of indirection, which is surprisingly high for high
+ * bandwidth applications pushing a lot of packets.
+ *
+ * The 'sock' pointer above is an opaque pointer to a socket. Each socket
+ * has a 'uptr' user-settable/modifiable pointer associated with it, which
+ * can be set on bind/connect calls and is passed as a void ** to permit
+ * resetting at any time. The ACCEPT handler takes two sets of sock and
+ * uptr: sockL and uptrL for the listen socket, and sockN and uptrN for
+ * the new TCP connection socket that has just been created.
+ *
+ * Handlers are always called. On outgoing TCP connection, CONNECT is always
+ * called on either success or failure followed by DATA and/or WRITABLE as
+ * indicated. On socket close, handlers are called unless close() is told
+ * explicitly not to call handlers. It is safe to close a socket within a
+ * handler, and in that case close() can be told not to call handlers to
+ * prevent recursion.
+ *
+ * This isn't thread-safe with the exception of whack(), which is safe to
+ * call from another thread to abort poll().
+ */
+template <typename HANDLER_PTR_TYPE>
+class Phy
+{
+private:
+	HANDLER_PTR_TYPE _handler;
+
+	enum PhySocketType
+	{
+		ZT_PHY_SOCKET_CLOSED = 0x00, // socket is closed, will be removed on next poll()
+		ZT_PHY_SOCKET_TCP_OUT_PENDING = 0x01,
+		ZT_PHY_SOCKET_TCP_OUT_CONNECTED = 0x02,
+		ZT_PHY_SOCKET_TCP_IN = 0x03,
+		ZT_PHY_SOCKET_TCP_LISTEN = 0x04,
+		ZT_PHY_SOCKET_UDP = 0x05,
+		ZT_PHY_SOCKET_FD = 0x06,
+		ZT_PHY_SOCKET_UNIX_IN = 0x07,
+		ZT_PHY_SOCKET_UNIX_LISTEN = 0x08
+	};
+
+	struct PhySocketImpl
+	{
+		PhySocketType type;
+		ZT_PHY_SOCKFD_TYPE sock;
+		void *uptr; // user-settable pointer
+		ZT_PHY_SOCKADDR_STORAGE_TYPE saddr; // remote for TCP_OUT and TCP_IN, local for TCP_LISTEN, RAW, and UDP
+	};
+
+	std::list<PhySocketImpl> _socks;
+	fd_set _readfds;
+	fd_set _writefds;
+#if defined(_WIN32) || defined(_WIN64)
+	fd_set _exceptfds;
+#endif
+	long _nfds;
+
+	ZT_PHY_SOCKFD_TYPE _whackReceiveSocket;
+	ZT_PHY_SOCKFD_TYPE _whackSendSocket;
+
+	bool _noDelay;
+	bool _noCheck;
+
+public:
+	/**
+	 * @param handler Pointer of type HANDLER_PTR_TYPE to handler
+	 * @param noDelay If true, disable TCP NAGLE algorithm on TCP sockets
+	 * @param noCheck If true, attempt to set UDP SO_NO_CHECK option to disable sending checksums
+	 */
+	Phy(HANDLER_PTR_TYPE handler,bool noDelay,bool noCheck) :
+		_handler(handler)
+	{
+		FD_ZERO(&_readfds);
+		FD_ZERO(&_writefds);
+
+#if defined(_WIN32) || defined(_WIN64)
+		FD_ZERO(&_exceptfds);
+
+		SOCKET pipes[2];
+		{	// hack copied from StackOverflow, behaves a bit like pipe() on *nix systems
+			struct sockaddr_in inaddr;
+			struct sockaddr addr;
+			SOCKET lst=::socket(AF_INET, SOCK_STREAM,IPPROTO_TCP);
+			if (lst == INVALID_SOCKET)
+				throw std::runtime_error("unable to create pipes for select() abort");
+			memset(&inaddr, 0, sizeof(inaddr));
+			memset(&addr, 0, sizeof(addr));
+			inaddr.sin_family = AF_INET;
+			inaddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+			inaddr.sin_port = 0;
+			int yes=1;
+			setsockopt(lst,SOL_SOCKET,SO_REUSEADDR,(char*)&yes,sizeof(yes));
+			bind(lst,(struct sockaddr *)&inaddr,sizeof(inaddr));
+			listen(lst,1);
+			int len=sizeof(inaddr);
+			getsockname(lst, &addr,&len);
+			pipes[0]=::socket(AF_INET, SOCK_STREAM,0);
+			if (pipes[0] == INVALID_SOCKET)
+				throw std::runtime_error("unable to create pipes for select() abort");
+			connect(pipes[0],&addr,len);
+			pipes[1]=accept(lst,0,0);
+			closesocket(lst);
+		}
+#else // not Windows
+		int pipes[2];
+		if (::pipe(pipes))
+			throw std::runtime_error("unable to create pipes for select() abort");
+#endif // Windows or not
+
+		_nfds = (pipes[0] > pipes[1]) ? (long)pipes[0] : (long)pipes[1];
+		_whackReceiveSocket = pipes[0];
+		_whackSendSocket = pipes[1];
+		_noDelay = noDelay;
+		_noCheck = noCheck;
+	}
+
+	~Phy()
+	{
+		for(typename std::list<PhySocketImpl>::const_iterator s(_socks.begin());s!=_socks.end();++s) {
+			if (s->type != ZT_PHY_SOCKET_CLOSED)
+				this->close((PhySocket *)&(*s),true);
+		}
+		ZT_PHY_CLOSE_SOCKET(_whackReceiveSocket);
+		ZT_PHY_CLOSE_SOCKET(_whackSendSocket);
+	}
+
+	/**
+	 * @param s Socket object
+	 * @return Underlying OS-type (usually int or long) file descriptor associated with object
+	 */
+	static inline ZT_PHY_SOCKFD_TYPE getDescriptor(PhySocket *s) throw() { return reinterpret_cast<PhySocketImpl *>(s)->sock; }
+
+	/**
+	 * @param s Socket object
+	 * @return Pointer to user object
+	 */
+	static inline void** getuptr(PhySocket *s) throw() { return &(reinterpret_cast<PhySocketImpl *>(s)->uptr); }
+
+	/**
+	 * Cause poll() to stop waiting immediately
+	 *
+	 * This can be used to reset the polling loop after changes that require
+	 * attention, or to shut down a background thread that is waiting, etc.
+	 */
+	inline void whack()
+	{
+#if defined(_WIN32) || defined(_WIN64)
+		::send(_whackSendSocket,(const char *)this,1,0);
+#else
+		(void)(::write(_whackSendSocket,(PhySocket *)this,1));
+#endif
+	}
+
+	/**
+	 * @return Number of open sockets
+	 */
+	inline unsigned long count() const throw() { return _socks.size(); }
+
+	/**
+	 * @return Maximum number of sockets allowed
+	 */
+	inline unsigned long maxCount() const throw() { return ZT_PHY_MAX_SOCKETS; }
+
+	/**
+	 * Wrap a raw file descriptor in a PhySocket structure
+	 *
+	 * This can be used to select/poll on a raw file descriptor as part of this
+	 * class's I/O loop. By default the fd is set for read notification but
+	 * this can be controlled with setNotifyReadable(). When any detected
+	 * condition is present, the phyOnFileDescriptorActivity() callback is
+	 * called with one or both of its arguments 'true'.
+	 *
+	 * The Phy<>::close() method *must* be called when you're done with this
+	 * file descriptor to remove it from the select/poll set, but unlike other
+	 * types of sockets Phy<> does not actually close the underlying fd or
+	 * otherwise manage its life cycle. There is also no close notification
+	 * callback for this fd, since Phy<> doesn't actually perform reading or
+	 * writing or detect error conditions. This is only useful for adding a
+	 * file descriptor to Phy<> to select/poll on it.
+	 *
+	 * @param fd Raw file descriptor
+	 * @param uptr User pointer to supply to callbacks
+	 * @return PhySocket wrapping fd or NULL on failure (out of memory or too many sockets)
+	 */
+	inline PhySocket *wrapSocket(ZT_PHY_SOCKFD_TYPE fd,void *uptr = (void *)0)
+	{
+		if (_socks.size() >= ZT_PHY_MAX_SOCKETS)
+			return (PhySocket *)0;
+		try {
+			_socks.push_back(PhySocketImpl());
+		} catch ( ... ) {
+			return (PhySocket *)0;
+		}
+		PhySocketImpl &sws = _socks.back();
+		if ((long)fd > _nfds)
+			_nfds = (long)fd;
+		FD_SET(fd,&_readfds);
+		sws.type = ZT_PHY_SOCKET_UNIX_IN; /* TODO: Type was changed to allow for CBs with new RPC model */
+		sws.sock = fd;
+		sws.uptr = uptr;
+		memset(&(sws.saddr),0,sizeof(struct sockaddr_storage));
+		// no sockaddr for this socket type, leave saddr null
+		return (PhySocket *)&sws;
+	}
+
+	/**
+	 * Bind a UDP socket
+	 *
+	 * @param localAddress Local endpoint address and port
+	 * @param uptr Initial value of user pointer associated with this socket (default: NULL)
+	 * @param bufferSize Desired socket receive/send buffer size -- will set as close to this as possible (default: 0, leave alone)
+	 * @return Socket or NULL on failure to bind
+	 */
+	inline PhySocket *udpBind(const struct sockaddr *localAddress,void *uptr = (void *)0,int bufferSize = 0)
+	{
+		if (_socks.size() >= ZT_PHY_MAX_SOCKETS)
+			return (PhySocket *)0;
+
+		ZT_PHY_SOCKFD_TYPE s = ::socket(localAddress->sa_family,SOCK_DGRAM,0);
+		if (!ZT_PHY_SOCKFD_VALID(s))
+			return (PhySocket *)0;
+
+		if (bufferSize > 0) {
+			int bs = bufferSize;
+			while (bs >= 65536) {
+				int tmpbs = bs;
+				if (setsockopt(s,SOL_SOCKET,SO_RCVBUF,(const char *)&tmpbs,sizeof(tmpbs)) == 0)
+					break;
+				bs -= 16384;
+			}
+			bs = bufferSize;
+			while (bs >= 65536) {
+				int tmpbs = bs;
+				if (setsockopt(s,SOL_SOCKET,SO_SNDBUF,(const char *)&tmpbs,sizeof(tmpbs)) == 0)
+					break;
+				bs -= 16384;
+			}
+		}
+
+#if defined(_WIN32) || defined(_WIN64)
+		{
+			BOOL f;
+			if (localAddress->sa_family == AF_INET6) {
+				f = TRUE; setsockopt(s,IPPROTO_IPV6,IPV6_V6ONLY,(const char *)&f,sizeof(f));
+				f = FALSE; setsockopt(s,IPPROTO_IPV6,IPV6_DONTFRAG,(const char *)&f,sizeof(f));
+			}
+			f = FALSE; setsockopt(s,SOL_SOCKET,SO_REUSEADDR,(const char *)&f,sizeof(f));
+			f = TRUE; setsockopt(s,SOL_SOCKET,SO_BROADCAST,(const char *)&f,sizeof(f));
+		}
+#else // not Windows
+		{
+			int f;
+			if (localAddress->sa_family == AF_INET6) {
+				f = 1; setsockopt(s,IPPROTO_IPV6,IPV6_V6ONLY,(void *)&f,sizeof(f));
+#ifdef IPV6_MTU_DISCOVER
+				f = 0; setsockopt(s,IPPROTO_IPV6,IPV6_MTU_DISCOVER,&f,sizeof(f));
+#endif
+#ifdef IPV6_DONTFRAG
+				f = 0; setsockopt(s,IPPROTO_IPV6,IPV6_DONTFRAG,&f,sizeof(f));
+#endif
+			}
+			f = 0; setsockopt(s,SOL_SOCKET,SO_REUSEADDR,(void *)&f,sizeof(f));
+			f = 1; setsockopt(s,SOL_SOCKET,SO_BROADCAST,(void *)&f,sizeof(f));
+#ifdef IP_DONTFRAG
+			f = 0; setsockopt(s,IPPROTO_IP,IP_DONTFRAG,&f,sizeof(f));
+#endif
+#ifdef IP_MTU_DISCOVER
+			f = 0; setsockopt(s,IPPROTO_IP,IP_MTU_DISCOVER,&f,sizeof(f));
+#endif
+#ifdef SO_NO_CHECK
+			// For now at least we only set SO_NO_CHECK on IPv4 sockets since some
+			// IPv6 stacks incorrectly discard zero checksum packets. May remove
+			// this restriction later once broken stuff dies more.
+			if ((localAddress->sa_family == AF_INET)&&(_noCheck)) {
+				f = 1; setsockopt(s,SOL_SOCKET,SO_NO_CHECK,(void *)&f,sizeof(f));
+			}
+#endif
+		}
+#endif // Windows or not
+
+		if (::bind(s,localAddress,(localAddress->sa_family == AF_INET6) ? sizeof(struct sockaddr_in6) : sizeof(struct sockaddr_in))) {
+			ZT_PHY_CLOSE_SOCKET(s);
+			return (PhySocket *)0;
+		}
+
+#if defined(_WIN32) || defined(_WIN64)
+		{ u_long iMode=1; ioctlsocket(s,FIONBIO,&iMode); }
+#else
+		fcntl(s,F_SETFL,O_NONBLOCK);
+#endif
+
+		try {
+			_socks.push_back(PhySocketImpl());
+		} catch ( ... ) {
+			ZT_PHY_CLOSE_SOCKET(s);
+			return (PhySocket *)0;
+		}
+		PhySocketImpl &sws = _socks.back();
+
+		if ((long)s > _nfds)
+			_nfds = (long)s;
+		FD_SET(s,&_readfds);
+		sws.type = ZT_PHY_SOCKET_UDP;
+		sws.sock = s;
+		sws.uptr = uptr;
+		memset(&(sws.saddr),0,sizeof(struct sockaddr_storage));
+		memcpy(&(sws.saddr),localAddress,(localAddress->sa_family == AF_INET6) ? sizeof(struct sockaddr_in6) : sizeof(struct sockaddr_in));
+
+		return (PhySocket *)&sws;
+	}
+
+	/**
+	 * Set the IP TTL for the next outgoing packet (for IPv4 UDP sockets only)
+	 *
+	 * @param ttl New TTL (0 or >255 will set it to 255)
+	 * @return True on success
+	 */
+	inline bool setIp4UdpTtl(PhySocket *sock,unsigned int ttl)
+	{
+		PhySocketImpl &sws = *(reinterpret_cast<PhySocketImpl *>(sock));
+#if defined(_WIN32) || defined(_WIN64)
+		DWORD tmp = ((ttl == 0)||(ttl > 255)) ? 255 : (DWORD)ttl;
+		return (::setsockopt(sws.sock,IPPROTO_IP,IP_TTL,(const char *)&tmp,sizeof(tmp)) == 0);
+#else
+		int tmp = ((ttl == 0)||(ttl > 255)) ? 255 : (int)ttl;
+		return (::setsockopt(sws.sock,IPPROTO_IP,IP_TTL,(void *)&tmp,sizeof(tmp)) == 0);
+#endif
+	}
+
+	/**
+	 * Send a UDP packet
+	 *
+	 * @param sock UDP socket
+	 * @param remoteAddress Destination address (must be correct type for socket)
+	 * @param data Data to send
+	 * @param len Length of packet
+	 * @return True if packet appears to have been sent successfully
+	 */
+	inline bool udpSend(PhySocket *sock,const struct sockaddr *remoteAddress,const void *data,unsigned long len)
+	{
+		PhySocketImpl &sws = *(reinterpret_cast<PhySocketImpl *>(sock));
+#if defined(_WIN32) || defined(_WIN64)
+		return ((long)::sendto(sws.sock,reinterpret_cast<const char *>(data),len,0,remoteAddress,(remoteAddress->sa_family == AF_INET6) ? sizeof(struct sockaddr_in6) : sizeof(struct sockaddr_in)) == (long)len);
+#else
+		return ((long)::sendto(sws.sock,data,len,0,remoteAddress,(remoteAddress->sa_family == AF_INET6) ? sizeof(struct sockaddr_in6) : sizeof(struct sockaddr_in)) == (long)len);
+#endif
+	}
+
+#ifdef __UNIX_LIKE__
+	/**
+	 * Listen for connections on a Unix domain socket
+	 *
+	 * @param path Path to Unix domain socket
+	 * @param uptr Arbitrary pointer to associate
+	 * @return PhySocket or NULL if cannot bind
+	 */
+	inline PhySocket *unixListen(const char *path,void *uptr = (void *)0)
+	{
+		struct sockaddr_un sun;
+
+		if (_socks.size() >= ZT_PHY_MAX_SOCKETS)
+			return (PhySocket *)0;
+
+		memset(&sun,0,sizeof(sun));
+		sun.sun_family = AF_UNIX;
+		if (strlen(path) >= sizeof(sun.sun_path))
+			return (PhySocket *)0;
+		strcpy(sun.sun_path,path);
+
+		ZT_PHY_SOCKFD_TYPE s = ::socket(PF_UNIX,SOCK_STREAM,0);
+		if (!ZT_PHY_SOCKFD_VALID(s))
+			return (PhySocket *)0;
+
+		::fcntl(s,F_SETFL,O_NONBLOCK);
+
+		::unlink(path);
+		if (::bind(s,(struct sockaddr *)&sun,sizeof(struct sockaddr_un)) != 0) {
+			ZT_PHY_CLOSE_SOCKET(s);
+			return (PhySocket *)0;
+		}
+		if (::listen(s,128) != 0) {
+			ZT_PHY_CLOSE_SOCKET(s);
+			return (PhySocket *)0;
+		}
+
+		try {
+			_socks.push_back(PhySocketImpl());
+		} catch ( ... ) {
+			ZT_PHY_CLOSE_SOCKET(s);
+			return (PhySocket *)0;
+		}
+		PhySocketImpl &sws = _socks.back();
+
+		if ((long)s > _nfds)
+			_nfds = (long)s;
+		FD_SET(s,&_readfds);
+		sws.type = ZT_PHY_SOCKET_UNIX_LISTEN;
+		sws.sock = s;
+		sws.uptr = uptr;
+		memset(&(sws.saddr),0,sizeof(struct sockaddr_storage));
+		memcpy(&(sws.saddr),&sun,sizeof(struct sockaddr_un));
+
+		return (PhySocket *)&sws;
+	}
+#endif // __UNIX_LIKE__
+
+	/**
+	 * Bind a local listen socket to listen for new TCP connections
+	 *
+	 * @param localAddress Local address and port
+	 * @param uptr Initial value of uptr for new socket (default: NULL)
+	 * @return Socket or NULL on failure to bind
+	 */
+	inline PhySocket *tcpListen(const struct sockaddr *localAddress,void *uptr = (void *)0)
+	{
+		if (_socks.size() >= ZT_PHY_MAX_SOCKETS)
+			return (PhySocket *)0;
+
+		ZT_PHY_SOCKFD_TYPE s = ::socket(localAddress->sa_family,SOCK_STREAM,0);
+		if (!ZT_PHY_SOCKFD_VALID(s))
+			return (PhySocket *)0;
+
+#if defined(_WIN32) || defined(_WIN64)
+		{
+			BOOL f;
+			f = TRUE; ::setsockopt(s,IPPROTO_IPV6,IPV6_V6ONLY,(const char *)&f,sizeof(f));
+			f = TRUE; ::setsockopt(s,SOL_SOCKET,SO_REUSEADDR,(const char *)&f,sizeof(f));
+			f = (_noDelay ? TRUE : FALSE); setsockopt(s,IPPROTO_TCP,TCP_NODELAY,(char *)&f,sizeof(f));
+			u_long iMode=1;
+			ioctlsocket(s,FIONBIO,&iMode);
+		}
+#else
+		{
+			int f;
+			f = 1; ::setsockopt(s,IPPROTO_IPV6,IPV6_V6ONLY,(void *)&f,sizeof(f));
+			f = 1; ::setsockopt(s,SOL_SOCKET,SO_REUSEADDR,(void *)&f,sizeof(f));
+			f = (_noDelay ? 1 : 0); setsockopt(s,IPPROTO_TCP,TCP_NODELAY,(char *)&f,sizeof(f));
+			fcntl(s,F_SETFL,O_NONBLOCK);
+		}
+#endif
+
+		if (::bind(s,localAddress,(localAddress->sa_family == AF_INET6) ? sizeof(struct sockaddr_in6) : sizeof(struct sockaddr_in))) {
+			ZT_PHY_CLOSE_SOCKET(s);
+			return (PhySocket *)0;
+		}
+
+		if (::listen(s,1024)) {
+			ZT_PHY_CLOSE_SOCKET(s);
+			return (PhySocket *)0;
+		}
+
+		try {
+			_socks.push_back(PhySocketImpl());
+		} catch ( ... ) {
+			ZT_PHY_CLOSE_SOCKET(s);
+			return (PhySocket *)0;
+		}
+		PhySocketImpl &sws = _socks.back();
+
+		if ((long)s > _nfds)
+			_nfds = (long)s;
+		FD_SET(s,&_readfds);
+		sws.type = ZT_PHY_SOCKET_TCP_LISTEN;
+		sws.sock = s;
+		sws.uptr = uptr;
+		memset(&(sws.saddr),0,sizeof(struct sockaddr_storage));
+		memcpy(&(sws.saddr),localAddress,(localAddress->sa_family == AF_INET6) ? sizeof(struct sockaddr_in6) : sizeof(struct sockaddr_in));
+
+		return (PhySocket *)&sws;
+	}
+
+	/**
+	 * Start a non-blocking connect; CONNECT handler is called on success or failure
+	 *
+	 * A return value of NULL indicates a synchronous failure such as a
+	 * failure to open a socket. The TCP connection handler is not called
+	 * in this case.
+	 *
+	 * It is possible on some platforms for an "instant connect" to occur,
+	 * such as when connecting to a loopback address. In this case, the
+	 * 'connected' result parameter will be set to 'true' and if the
+	 * 'callConnectHandler' flag is true (the default) the TCP connect
+	 * handler will be called before the function returns.
+	 *
+	 * These semantics can be a bit confusing, but they're less so than
+	 * the underlying semantics of asynchronous TCP connect.
+	 *
+	 * @param remoteAddress Remote address
+	 * @param connected Result parameter: set to whether an "instant connect" has occurred (true if yes)
+	 * @param uptr Initial value of uptr for new socket (default: NULL)
+	 * @param callConnectHandler If true, call TCP connect handler even if result is known before function exit (default: true)
+	 * @return New socket or NULL on failure
+	 */
+	inline PhySocket *tcpConnect(const struct sockaddr *remoteAddress,bool &connected,void *uptr = (void *)0,bool callConnectHandler = true)
+	{
+		if (_socks.size() >= ZT_PHY_MAX_SOCKETS)
+			return (PhySocket *)0;
+
+		ZT_PHY_SOCKFD_TYPE s = ::socket(remoteAddress->sa_family,SOCK_STREAM,0);
+		if (!ZT_PHY_SOCKFD_VALID(s)) {
+			connected = false;
+			return (PhySocket *)0;
+		}
+
+#if defined(_WIN32) || defined(_WIN64)
+		{
+			BOOL f;
+			if (remoteAddress->sa_family == AF_INET6) { f = TRUE; ::setsockopt(s,IPPROTO_IPV6,IPV6_V6ONLY,(const char *)&f,sizeof(f)); }
+			f = TRUE; ::setsockopt(s,SOL_SOCKET,SO_REUSEADDR,(const char *)&f,sizeof(f));
+			f = (_noDelay ? TRUE : FALSE); setsockopt(s,IPPROTO_TCP,TCP_NODELAY,(char *)&f,sizeof(f));
+			u_long iMode=1;
+			ioctlsocket(s,FIONBIO,&iMode);
+		}
+#else
+		{
+			int f;
+			if (remoteAddress->sa_family == AF_INET6) { f = 1; ::setsockopt(s,IPPROTO_IPV6,IPV6_V6ONLY,(void *)&f,sizeof(f)); }
+			f = 1; ::setsockopt(s,SOL_SOCKET,SO_REUSEADDR,(void *)&f,sizeof(f));
+			f = (_noDelay ? 1 : 0); setsockopt(s,IPPROTO_TCP,TCP_NODELAY,(char *)&f,sizeof(f));
+			fcntl(s,F_SETFL,O_NONBLOCK);
+		}
+#endif
+
+		connected = true;
+		if (::connect(s,remoteAddress,(remoteAddress->sa_family == AF_INET6) ? sizeof(struct sockaddr_in6) : sizeof(struct sockaddr_in))) {
+			connected = false;
+#if defined(_WIN32) || defined(_WIN64)
+			if (WSAGetLastError() != WSAEWOULDBLOCK) {
+#else
+			if (errno != EINPROGRESS) {
+#endif
+				ZT_PHY_CLOSE_SOCKET(s);
+				return (PhySocket *)0;
+			} // else connection is proceeding asynchronously...
+		}
+
+		try {
+			_socks.push_back(PhySocketImpl());
+		} catch ( ... ) {
+			ZT_PHY_CLOSE_SOCKET(s);
+			return (PhySocket *)0;
+		}
+		PhySocketImpl &sws = _socks.back();
+
+		if ((long)s > _nfds)
+			_nfds = (long)s;
+		if (connected) {
+			FD_SET(s,&_readfds);
+			sws.type = ZT_PHY_SOCKET_TCP_OUT_CONNECTED;
+		} else {
+			FD_SET(s,&_writefds);
+#if defined(_WIN32) || defined(_WIN64)
+			FD_SET(s,&_exceptfds);
+#endif
+			sws.type = ZT_PHY_SOCKET_TCP_OUT_PENDING;
+		}
+		sws.sock = s;
+		sws.uptr = uptr;
+		memset(&(sws.saddr),0,sizeof(struct sockaddr_storage));
+		memcpy(&(sws.saddr),remoteAddress,(remoteAddress->sa_family == AF_INET6) ? sizeof(struct sockaddr_in6) : sizeof(struct sockaddr_in));
+
+		if ((callConnectHandler)&&(connected)) {
+			try {
+				_handler->phyOnTcpConnect((PhySocket *)&sws,&(sws.uptr),true);
+			} catch ( ... ) {}
+		}
+
+		return (PhySocket *)&sws;
+	}
+
+	/**
+	 * Try to set buffer sizes as close to the given value as possible
+	 *
+	 * This will try the specified value and then lower values in 16K increments
+	 * until one works.
+	 *
+	 * @param sock Socket
+	 * @param bufferSize Desired buffer sizes
+	 */
+	inline void setBufferSizes(const PhySocket *sock,int bufferSize)
+	{
+		PhySocketImpl &sws = *(reinterpret_cast<PhySocketImpl *>(sock));
+		if (bufferSize > 0) {
+			int bs = bufferSize;
+			while (bs >= 65536) {
+				int tmpbs = bs;
+				if (::setsockopt(sws.sock,SOL_SOCKET,SO_RCVBUF,(const char *)&tmpbs,sizeof(tmpbs)) == 0)
+					break;
+				bs -= 16384;
+			}
+			bs = bufferSize;
+			while (bs >= 65536) {
+				int tmpbs = bs;
+				if (::setsockopt(sws.sock,SOL_SOCKET,SO_SNDBUF,(const char *)&tmpbs,sizeof(tmpbs)) == 0)
+					break;
+				bs -= 16384;
+			}
+		}
+	}
+
+	/**
+	 * Attempt to send data to a stream socket (non-blocking)
+	 *
+	 * If -1 is returned, the socket should no longer be used as it is now
+	 * destroyed. If callCloseHandler is true, the close handler will be
+	 * called before the function returns.
+	 *
+	 * This can be used with TCP, Unix, or socket pair sockets.
+	 *
+	 * @param sock An open stream socket (other socket types will fail)
+	 * @param data Data to send
+	 * @param len Length of data
+	 * @param callCloseHandler If true, call close handler on socket closing failure condition (default: true)
+	 * @return Number of bytes actually sent or -1 on fatal error (socket closure)
+	 */
+	inline long streamSend(PhySocket *sock,const void *data,unsigned long len,bool callCloseHandler = true)
+	{
+		PhySocketImpl &sws = *(reinterpret_cast<PhySocketImpl *>(sock));
+#if defined(_WIN32) || defined(_WIN64)
+		long n = (long)::send(sws.sock,reinterpret_cast<const char *>(data),len,0);
+		if (n == SOCKET_ERROR) {
+				switch(WSAGetLastError()) {
+					case WSAEINTR:
+					case WSAEWOULDBLOCK:
+						return 0;
+					default:
+						this->close(sock,callCloseHandler);
+						return -1;
+				}
+		}
+#else // not Windows
+		long n = (long)::send(sws.sock,data,len,0);
+		if (n < 0) {
+			switch(errno) {
+#ifdef EAGAIN
+				case EAGAIN:
+#endif
+#if defined(EWOULDBLOCK) && ( !defined(EAGAIN) || (EWOULDBLOCK != EAGAIN) )
+				case EWOULDBLOCK:
+#endif
+#ifdef EINTR
+				case EINTR:
+#endif
+					return 0;
+				default:
+					this->close(sock,callCloseHandler);
+					return -1;
+			}
+		}
+#endif // Windows or not
+		return n;
+	}
+
+#ifdef __UNIX_LIKE__
+	/**
+	 * Attempt to send data to a Unix domain socket connection (non-blocking)
+	 *
+	 * If -1 is returned, the socket should no longer be used as it is now
+	 * destroyed. If callCloseHandler is true, the close handler will be
+	 * called before the function returns.
+	 *
+	 * @param sock An open Unix socket (other socket types will fail)
+	 * @param data Data to send
+	 * @param len Length of data
+	 * @param callCloseHandler If true, call close handler on socket closing failure condition (default: true)
+	 * @return Number of bytes actually sent or -1 on fatal error (socket closure)
+	 */
+	inline long unixSend(PhySocket *sock,const void *data,unsigned long len,bool callCloseHandler = true)
+	{
+		PhySocketImpl &sws = *(reinterpret_cast<PhySocketImpl *>(sock));
+		long n = (long)::write(sws.sock,data,len);
+		if (n < 0) {
+			switch(errno) {
+#ifdef EAGAIN
+				case EAGAIN:
+#endif
+#if defined(EWOULDBLOCK) && ( !defined(EAGAIN) || (EWOULDBLOCK != EAGAIN) )
+				case EWOULDBLOCK:
+#endif
+#ifdef EINTR
+				case EINTR:
+#endif
+					return 0;
+				default:
+					this->close(sock,callCloseHandler);
+					return -1;
+			}
+		}
+		return n;
+	}
+#endif // __UNIX_LIKE__
+
+	/**
+	 * For streams, sets whether we want to be notified that the socket is writable
+	 *
+	 * This can be used with TCP, Unix, or socket pair sockets.
+	 *
+	 * Call whack() if this is being done from another thread and you want
+	 * it to take effect immediately. Otherwise it is only guaranteed to
+	 * take effect on the next poll().
+	 *
+	 * @param sock Stream connection socket
+	 * @param notifyWritable Want writable notifications?
+	 */
+	inline const void setNotifyWritable(PhySocket *sock,bool notifyWritable)
+	{
+		PhySocketImpl &sws = *(reinterpret_cast<PhySocketImpl *>(sock));
+		if (notifyWritable) {
+			FD_SET(sws.sock,&_writefds);
+		} else {
+			FD_CLR(sws.sock,&_writefds);
+		}
+	}
+
+	/**
+	 * Set whether we want to be notified that a socket is readable
+	 *
+	 * This is primarily for raw sockets added with wrapSocket(). It could be
+	 * used with others, but doing so would essentially lock them and prevent
+	 * data from being read from them until this is set to 'true' again.
+	 *
+	 * @param sock Socket to modify
+	 * @param notifyReadable True if socket should be monitored for readability
+	 */
+	inline const void setNotifyReadable(PhySocket *sock,bool notifyReadable)
+	{
+		PhySocketImpl &sws = *(reinterpret_cast<PhySocketImpl *>(sock));
+		if (notifyReadable) {
+			FD_SET(sws.sock,&_readfds);
+		} else {
+			FD_CLR(sws.sock,&_readfds);
+		}
+	}
+
+	/**
+	 * Wait for activity and handle one or more events
+	 *
+	 * Note that this is not guaranteed to wait up to 'timeout' even
+	 * if nothing happens, as whack() or other events such as signals
+	 * may cause premature termination.
+	 *
+	 * @param timeout Timeout in milliseconds or 0 for none (forever)
+	 */
+	inline void poll(unsigned long timeout)
+	{
+		char buf[131072];
+		struct sockaddr_storage ss;
+		struct timeval tv;
+		fd_set rfds,wfds,efds;
+
+		memcpy(&rfds,&_readfds,sizeof(rfds));
+		memcpy(&wfds,&_writefds,sizeof(wfds));
+#if defined(_WIN32) || defined(_WIN64)
+		memcpy(&efds,&_exceptfds,sizeof(efds));
+#else
+		FD_ZERO(&efds);
+#endif
+
+		tv.tv_sec = (long)(timeout / 1000);
+		tv.tv_usec = (long)((timeout % 1000) * 1000);
+		if (::select((int)_nfds + 1,&rfds,&wfds,&efds,(timeout > 0) ? &tv : (struct timeval *)0) <= 0)
+			return;
+
+		if (FD_ISSET(_whackReceiveSocket,&rfds)) {
+			char tmp[16];
+#if defined(_WIN32) || defined(_WIN64)
+			::recv(_whackReceiveSocket,tmp,16,0);
+#else
+			::read(_whackReceiveSocket,tmp,16);
+#endif
+		}
+
+		for(typename std::list<PhySocketImpl>::iterator s(_socks.begin());s!=_socks.end();) {
+			switch (s->type) {
+
+				case ZT_PHY_SOCKET_TCP_OUT_PENDING:
+#if defined(_WIN32) || defined(_WIN64)
+					if (FD_ISSET(s->sock,&efds)) {
+						this->close((PhySocket *)&(*s),true);
+					} else // ... if
+#endif
+					if (FD_ISSET(s->sock,&wfds)) {
+						socklen_t slen = sizeof(ss);
+						if (::getpeername(s->sock,(struct sockaddr *)&ss,&slen) != 0) {
+							this->close((PhySocket *)&(*s),true);
+						} else {
+							s->type = ZT_PHY_SOCKET_TCP_OUT_CONNECTED;
+							FD_SET(s->sock,&_readfds);
+							FD_CLR(s->sock,&_writefds);
+#if defined(_WIN32) || defined(_WIN64)
+							FD_CLR(s->sock,&_exceptfds);
+#endif
+							try {
+								_handler->phyOnTcpConnect((PhySocket *)&(*s),&(s->uptr),true);
+							} catch ( ... ) {}
+						}
+					}
+					break;
+
+				case ZT_PHY_SOCKET_TCP_OUT_CONNECTED:
+				case ZT_PHY_SOCKET_TCP_IN: {
+					ZT_PHY_SOCKFD_TYPE sock = s->sock; // if closed, s->sock becomes invalid as s is no longer dereferencable
+					if (FD_ISSET(sock,&rfds)) {
+						long n = (long)::recv(sock,buf,sizeof(buf),0);
+						if (n <= 0) {
+							this->close((PhySocket *)&(*s),true);
+						} else {
+							try {
+								_handler->phyOnTcpData((PhySocket *)&(*s),&(s->uptr),(void *)buf,(unsigned long)n);
+							} catch ( ... ) {}
+						}
+					}
+					if ((FD_ISSET(sock,&wfds))&&(FD_ISSET(sock,&_writefds))) {
+						try {
+							_handler->phyOnTcpWritable((PhySocket *)&(*s),&(s->uptr));
+						} catch ( ... ) {}
+					}
+				}	break;
+
+				case ZT_PHY_SOCKET_TCP_LISTEN:
+					if (FD_ISSET(s->sock,&rfds)) {
+						memset(&ss,0,sizeof(ss));
+						socklen_t slen = sizeof(ss);
+						ZT_PHY_SOCKFD_TYPE newSock = ::accept(s->sock,(struct sockaddr *)&ss,&slen);
+						if (ZT_PHY_SOCKFD_VALID(newSock)) {
+							if (_socks.size() >= ZT_PHY_MAX_SOCKETS) {
+								ZT_PHY_CLOSE_SOCKET(newSock);
+							} else {
+#if defined(_WIN32) || defined(_WIN64)
+								{ BOOL f = (_noDelay ? TRUE : FALSE); setsockopt(newSock,IPPROTO_TCP,TCP_NODELAY,(char *)&f,sizeof(f)); }
+								{ u_long iMode=1; ioctlsocket(newSock,FIONBIO,&iMode); }
+#else
+								{ int f = (_noDelay ? 1 : 0); setsockopt(newSock,IPPROTO_TCP,TCP_NODELAY,(char *)&f,sizeof(f)); }
+								fcntl(newSock,F_SETFL,O_NONBLOCK);
+#endif
+								_socks.push_back(PhySocketImpl());
+								PhySocketImpl &sws = _socks.back();
+								FD_SET(newSock,&_readfds);
+								if ((long)newSock > _nfds)
+									_nfds = (long)newSock;
+								sws.type = ZT_PHY_SOCKET_TCP_IN;
+								sws.sock = newSock;
+								sws.uptr = (void *)0;
+								memcpy(&(sws.saddr),&ss,sizeof(struct sockaddr_storage));
+								try {
+									_handler->phyOnTcpAccept((PhySocket *)&(*s),(PhySocket *)&(_socks.back()),&(s->uptr),&(sws.uptr),(const struct sockaddr *)&(sws.saddr));
+								} catch ( ... ) {}
+							}
+						}
+					}
+					break;
+
+				case ZT_PHY_SOCKET_UDP:
+					if (FD_ISSET(s->sock,&rfds)) {
+						for(;;) {
+							memset(&ss,0,sizeof(ss));
+							socklen_t slen = sizeof(ss);
+							long n = (long)::recvfrom(s->sock,buf,sizeof(buf),0,(struct sockaddr *)&ss,&slen);
+							if (n > 0) {
+								try {
+									_handler->phyOnDatagram((PhySocket *)&(*s),&(s->uptr),(const struct sockaddr *)&(s->saddr),(const struct sockaddr *)&ss,(void *)buf,(unsigned long)n);
+								} catch ( ... ) {}
+							} else if (n < 0)
+								break;
+						}
+					}
+					break;
+
+				case ZT_PHY_SOCKET_UNIX_IN: {
+#ifdef __UNIX_LIKE__
+					ZT_PHY_SOCKFD_TYPE sock = s->sock; // if closed, s->sock becomes invalid as s is no longer dereferencable
+					if ((FD_ISSET(sock,&wfds))&&(FD_ISSET(sock,&_writefds))) {
+						try {
+							_handler->phyOnUnixWritable((PhySocket *)&(*s),&(s->uptr),false);
+						} catch ( ... ) {}
+					}
+					if (FD_ISSET(sock,&rfds)) {
+						long n = (long)::read(sock,buf,sizeof(buf));
+						if (n <= 0) {
+							this->close((PhySocket *)&(*s),true);
+						} else {
+							try {
+								_handler->phyOnUnixData((PhySocket *)&(*s),&(s->uptr),(void *)buf,(unsigned long)n);
+							} catch ( ... ) {}
+						}
+					}
+#endif // __UNIX_LIKE__
+				}	break;
+
+				case ZT_PHY_SOCKET_UNIX_LISTEN:
+#ifdef __UNIX_LIKE__
+					if (FD_ISSET(s->sock,&rfds)) {
+						memset(&ss,0,sizeof(ss));
+						socklen_t slen = sizeof(ss);
+						ZT_PHY_SOCKFD_TYPE newSock = ::accept(s->sock,(struct sockaddr *)&ss,&slen);
+						if (ZT_PHY_SOCKFD_VALID(newSock)) {
+							if (_socks.size() >= ZT_PHY_MAX_SOCKETS) {
+								ZT_PHY_CLOSE_SOCKET(newSock);
+							} else {
+								fcntl(newSock,F_SETFL,O_NONBLOCK);
+								_socks.push_back(PhySocketImpl());
+								PhySocketImpl &sws = _socks.back();
+								FD_SET(newSock,&_readfds);
+								if ((long)newSock > _nfds)
+									_nfds = (long)newSock;
+								sws.type = ZT_PHY_SOCKET_UNIX_IN;
+								sws.sock = newSock;
+								sws.uptr = (void *)0;
+								memcpy(&(sws.saddr),&ss,sizeof(struct sockaddr_storage));
+								try {
+									//_handler->phyOnUnixAccept((PhySocket *)&(*s),(PhySocket *)&(_socks.back()),&(s->uptr),&(sws.uptr));
+								} catch ( ... ) {}
+							}
+						}
+					}
+#endif // __UNIX_LIKE__
+					break;
+
+				case ZT_PHY_SOCKET_FD: {
+					ZT_PHY_SOCKFD_TYPE sock = s->sock;
+					const bool readable = ((FD_ISSET(sock,&rfds))&&(FD_ISSET(sock,&_readfds)));
+					const bool writable = ((FD_ISSET(sock,&wfds))&&(FD_ISSET(sock,&_writefds)));
+					if ((readable)||(writable)) {
+						try {
+							//_handler->phyOnFileDescriptorActivity((PhySocket *)&(*s),&(s->uptr),readable,writable);
+						} catch ( ... ) {}
+					}
+				}	break;
+
+				default:
+					break;
+
+			}
+
+			if (s->type == ZT_PHY_SOCKET_CLOSED)
+				_socks.erase(s++);
+			else ++s;
+		}
+	}
+
+	/**
+	 * @param sock Socket to close
+	 * @param callHandlers If true, call handlers for TCP connect (success: false) or close (default: true)
+	 */
+	inline void close(PhySocket *sock,bool callHandlers = true)
+	{
+		if (!sock)
+			return;
+		PhySocketImpl &sws = *(reinterpret_cast<PhySocketImpl *>(sock));
+		if (sws.type == ZT_PHY_SOCKET_CLOSED)
+			return;
+
+		FD_CLR(sws.sock,&_readfds);
+		FD_CLR(sws.sock,&_writefds);
+#if defined(_WIN32) || defined(_WIN64)
+		FD_CLR(sws.sock,&_exceptfds);
+#endif
+
+		if (sws.type != ZT_PHY_SOCKET_FD)
+			ZT_PHY_CLOSE_SOCKET(sws.sock);
+
+#ifdef __UNIX_LIKE__
+		if (sws.type == ZT_PHY_SOCKET_UNIX_LISTEN)
+			::unlink(((struct sockaddr_un *)(&(sws.saddr)))->sun_path);
+#endif // __UNIX_LIKE__
+
+		if (callHandlers) {
+			switch(sws.type) {
+				case ZT_PHY_SOCKET_TCP_OUT_PENDING:
+					try {
+						_handler->phyOnTcpConnect(sock,&(sws.uptr),false);
+					} catch ( ... ) {}
+					break;
+				case ZT_PHY_SOCKET_TCP_OUT_CONNECTED:
+				case ZT_PHY_SOCKET_TCP_IN:
+					try {
+						_handler->phyOnTcpClose(sock,&(sws.uptr));
+					} catch ( ... ) {}
+					break;
+				case ZT_PHY_SOCKET_UNIX_IN:
+#ifdef __UNIX_LIKE__
+					try {
+						_handler->phyOnUnixClose(sock,&(sws.uptr));
+					} catch ( ... ) {}
+#endif // __UNIX_LIKE__
+					break;
+				default:
+					break;
+			}
+		}
+
+		// Causes entry to be deleted from list in poll(), ignored elsewhere
+		sws.type = ZT_PHY_SOCKET_CLOSED;
+
+		if ((long)sws.sock >= (long)_nfds) {
+			long nfds = (long)_whackSendSocket;
+			if ((long)_whackReceiveSocket > nfds)
+				nfds = (long)_whackReceiveSocket;
+			for(typename std::list<PhySocketImpl>::iterator s(_socks.begin());s!=_socks.end();++s) {
+				if ((s->type != ZT_PHY_SOCKET_CLOSED)&&((long)s->sock > nfds))
+					nfds = (long)s->sock;
+			}
+			_nfds = nfds;
+		}
+	}
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/osdep/PortMapper.cpp b/osdep/PortMapper.cpp
new file mode 100644
index 0000000..d3a1938
--- /dev/null
+++ b/osdep/PortMapper.cpp
@@ -0,0 +1,325 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef ZT_USE_MINIUPNPC
+
+// Uncomment to dump debug messages
+//#define ZT_PORTMAPPER_TRACE 1
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <string>
+
+#include "../node/Utils.hpp"
+#include "OSUtils.hpp"
+#include "PortMapper.hpp"
+
+// These must be defined to get rid of dynamic export stuff in libminiupnpc and libnatpmp
+#ifdef __WINDOWS__
+#ifndef MINIUPNP_STATICLIB
+#define MINIUPNP_STATICLIB
+#endif
+#ifndef STATICLIB
+#define STATICLIB
+#endif
+#endif
+
+#ifdef ZT_USE_SYSTEM_MINIUPNPC
+#include <miniupnpc/miniupnpc.h>
+#include <miniupnpc/upnpcommands.h>
+#else
+#include "../ext/miniupnpc/miniupnpc.h"
+#include "../ext/miniupnpc/upnpcommands.h"
+#endif
+
+#ifdef ZT_USE_SYSTEM_NATPMP
+#include <natpmp.h>
+#else
+#include "../ext/libnatpmp/natpmp.h"
+#endif
+
+namespace ZeroTier {
+
+class PortMapperImpl
+{
+public:
+	PortMapperImpl(int localUdpPortToMap,const char *un) :
+		run(true),
+		localPort(localUdpPortToMap),
+		uniqueName(un)
+	{
+	}
+
+	~PortMapperImpl() {}
+
+	void threadMain()
+		throw()
+	{
+		int mode = 0; // 0 == NAT-PMP, 1 == UPnP
+
+#ifdef ZT_PORTMAPPER_TRACE
+		fprintf(stderr,"PortMapper: started for UDP port %d"ZT_EOL_S,localPort);
+#endif
+
+		while (run) {
+
+			// ---------------------------------------------------------------------
+			// NAT-PMP mode (preferred)
+			// ---------------------------------------------------------------------
+			if (mode == 0) {
+			  natpmp_t natpmp;
+			  natpmpresp_t response;
+				int r = 0;
+
+				bool natPmpSuccess = false;
+				for(int tries=0;tries<60;++tries) {
+					int tryPort = (int)localPort + tries;
+					if (tryPort >= 65535)
+						tryPort = (tryPort - 65535) + 1025;
+
+					memset(&natpmp,0,sizeof(natpmp));
+					memset(&response,0,sizeof(response));
+
+					if (initnatpmp(&natpmp,0,0) != 0) {
+						mode = 1;
+#ifdef ZT_PORTMAPPER_TRACE
+						fprintf(stderr,"PortMapper: NAT-PMP: init failed, switching to UPnP mode"ZT_EOL_S);
+#endif
+						break;
+					}
+
+					InetAddress publicAddress;
+					sendpublicaddressrequest(&natpmp);
+					uint64_t myTimeout = OSUtils::now() + 5000;
+					do {
+						fd_set fds;
+						struct timeval timeout;
+						FD_ZERO(&fds);
+						FD_SET(natpmp.s, &fds);
+						getnatpmprequesttimeout(&natpmp, &timeout);
+						select(FD_SETSIZE, &fds, NULL, NULL, &timeout);
+						r = readnatpmpresponseorretry(&natpmp, &response);
+						if (OSUtils::now() >= myTimeout)
+							break;
+					} while (r == NATPMP_TRYAGAIN);
+					if (r == 0) {
+						publicAddress = InetAddress((uint32_t)response.pnu.publicaddress.addr.s_addr,0);
+					} else {
+#ifdef ZT_PORTMAPPER_TRACE
+						fprintf(stderr,"PortMapper: NAT-PMP: request for external address failed, aborting..."ZT_EOL_S);
+#endif
+						closenatpmp(&natpmp);
+						break;
+					}
+
+				  sendnewportmappingrequest(&natpmp,NATPMP_PROTOCOL_UDP,localPort,tryPort,(ZT_PORTMAPPER_REFRESH_DELAY * 2) / 1000);
+					myTimeout = OSUtils::now() + 10000;
+					do {
+				    fd_set fds;
+				    struct timeval timeout;
+				    FD_ZERO(&fds);
+				    FD_SET(natpmp.s, &fds);
+				    getnatpmprequesttimeout(&natpmp, &timeout);
+				    select(FD_SETSIZE, &fds, NULL, NULL, &timeout);
+				    r = readnatpmpresponseorretry(&natpmp, &response);
+						if (OSUtils::now() >= myTimeout)
+							break;
+				  } while (r == NATPMP_TRYAGAIN);
+					if (r == 0) {
+						publicAddress.setPort(response.pnu.newportmapping.mappedpublicport);
+#ifdef ZT_PORTMAPPER_TRACE
+						fprintf(stderr,"PortMapper: NAT-PMP: mapped %u to %s"ZT_EOL_S,(unsigned int)localPort,publicAddress.toString().c_str());
+#endif
+						Mutex::Lock sl(surface_l);
+						surface.clear();
+						surface.push_back(publicAddress);
+						natPmpSuccess = true;
+						closenatpmp(&natpmp);
+						break;
+					} else {
+						closenatpmp(&natpmp);
+						// continue
+					}
+				}
+
+				if (!natPmpSuccess) {
+					mode = 1;
+#ifdef ZT_PORTMAPPER_TRACE
+					fprintf(stderr,"PortMapper: NAT-PMP: request failed, switching to UPnP mode"ZT_EOL_S);
+#endif
+				}
+			}
+			// ---------------------------------------------------------------------
+
+			// ---------------------------------------------------------------------
+			// UPnP mode
+			// ---------------------------------------------------------------------
+			if (mode == 1) {
+				char lanaddr[4096];
+				char externalip[4096]; // no range checking? so make these buffers larger than any UDP packet a uPnP server could send us as a precaution :P
+				char inport[16];
+				char outport[16];
+				struct UPNPUrls urls;
+				struct IGDdatas data;
+
+				int upnpError = 0;
+				UPNPDev *devlist = upnpDiscoverAll(5000,(const char *)0,(const char *)0,0,0,2,&upnpError);
+				if (devlist) {
+
+#ifdef ZT_PORTMAPPER_TRACE
+					{
+						UPNPDev *dev = devlist;
+						while (dev) {
+							fprintf(stderr,"PortMapper: found UPnP device at URL '%s': %s"ZT_EOL_S,dev->descURL,dev->st);
+							dev = dev->pNext;
+						}
+					}
+#endif
+
+					memset(lanaddr,0,sizeof(lanaddr));
+					memset(externalip,0,sizeof(externalip));
+					memset(&urls,0,sizeof(urls));
+					memset(&data,0,sizeof(data));
+					Utils::snprintf(inport,sizeof(inport),"%d",localPort);
+
+					if ((UPNP_GetValidIGD(devlist,&urls,&data,lanaddr,sizeof(lanaddr)))&&(lanaddr[0])) {
+#ifdef ZT_PORTMAPPER_TRACE
+						fprintf(stderr,"PortMapper: UPnP: my LAN IP address: %s"ZT_EOL_S,lanaddr);
+#endif
+						if ((UPNP_GetExternalIPAddress(urls.controlURL,data.first.servicetype,externalip) == UPNPCOMMAND_SUCCESS)&&(externalip[0])) {
+#ifdef ZT_PORTMAPPER_TRACE
+							fprintf(stderr,"PortMapper: UPnP: my external IP address: %s"ZT_EOL_S,externalip);
+#endif
+
+							for(int tries=0;tries<60;++tries) {
+								int tryPort = (int)localPort + tries;
+								if (tryPort >= 65535)
+									tryPort = (tryPort - 65535) + 1025;
+								Utils::snprintf(outport,sizeof(outport),"%u",tryPort);
+
+								// First check and see if this port is already mapped to the
+								// same unique name. If so, keep this mapping and don't try
+								// to map again since this can break buggy routers. But don't
+								// fail if this command fails since not all routers support it.
+								{
+									char haveIntClient[128]; // 128 == big enough for all these as per miniupnpc "documentation"
+									char haveIntPort[128];
+									char haveDesc[128];
+									char haveEnabled[128];
+									char haveLeaseDuration[128];
+									memset(haveIntClient,0,sizeof(haveIntClient));
+									memset(haveIntPort,0,sizeof(haveIntPort));
+									memset(haveDesc,0,sizeof(haveDesc));
+									memset(haveEnabled,0,sizeof(haveEnabled));
+									memset(haveLeaseDuration,0,sizeof(haveLeaseDuration));
+									if ((UPNP_GetSpecificPortMappingEntry(urls.controlURL,data.first.servicetype,outport,"UDP",(const char *)0,haveIntClient,haveIntPort,haveDesc,haveEnabled,haveLeaseDuration) == UPNPCOMMAND_SUCCESS)&&(uniqueName == haveDesc)) {
+#ifdef ZT_PORTMAPPER_TRACE
+										fprintf(stderr,"PortMapper: UPnP: reusing previously reserved external port: %s"ZT_EOL_S,outport);
+#endif
+										Mutex::Lock sl(surface_l);
+										surface.clear();
+										InetAddress tmp(externalip);
+										tmp.setPort(tryPort);
+										surface.push_back(tmp);
+										break;
+									}
+								}
+
+								// Try to map this port
+								int mapResult = 0;
+								if ((mapResult = UPNP_AddPortMapping(urls.controlURL,data.first.servicetype,outport,inport,lanaddr,uniqueName.c_str(),"UDP",(const char *)0,"0")) == UPNPCOMMAND_SUCCESS) {
+#ifdef ZT_PORTMAPPER_TRACE
+									fprintf(stderr,"PortMapper: UPnP: reserved external port: %s"ZT_EOL_S,outport);
+#endif
+									Mutex::Lock sl(surface_l);
+									surface.clear();
+									InetAddress tmp(externalip);
+									tmp.setPort(tryPort);
+									surface.push_back(tmp);
+									break;
+								} else {
+#ifdef ZT_PORTMAPPER_TRACE
+									fprintf(stderr,"PortMapper: UPnP: UPNP_AddPortMapping(%s) failed: %d"ZT_EOL_S,outport,mapResult);
+#endif
+									Thread::sleep(1000);
+								}
+							}
+
+						} else {
+							mode = 0;
+#ifdef ZT_PORTMAPPER_TRACE
+							fprintf(stderr,"PortMapper: UPnP: UPNP_GetExternalIPAddress failed, returning to NAT-PMP mode"ZT_EOL_S);
+#endif
+						}
+					} else {
+						mode = 0;
+#ifdef ZT_PORTMAPPER_TRACE
+						fprintf(stderr,"PortMapper: UPnP: UPNP_GetValidIGD failed, returning to NAT-PMP mode"ZT_EOL_S);
+#endif
+					}
+
+					freeUPNPDevlist(devlist);
+
+				} else {
+					mode = 0;
+#ifdef ZT_PORTMAPPER_TRACE
+					fprintf(stderr,"PortMapper: upnpDiscover failed, returning to NAT-PMP mode: %d"ZT_EOL_S,upnpError);
+#endif
+				}
+			}
+			// ---------------------------------------------------------------------
+
+#ifdef ZT_PORTMAPPER_TRACE
+			fprintf(stderr,"UPNPClient: rescanning in %d ms"ZT_EOL_S,ZT_PORTMAPPER_REFRESH_DELAY);
+#endif
+			Thread::sleep(ZT_PORTMAPPER_REFRESH_DELAY);
+		}
+
+		delete this;
+	}
+
+	volatile bool run;
+	int localPort;
+	std::string uniqueName;
+
+	Mutex surface_l;
+	std::vector<InetAddress> surface;
+};
+
+PortMapper::PortMapper(int localUdpPortToMap,const char *uniqueName)
+{
+	_impl = new PortMapperImpl(localUdpPortToMap,uniqueName);
+	Thread::start(_impl);
+}
+
+PortMapper::~PortMapper()
+{
+	_impl->run = false;
+}
+
+std::vector<InetAddress> PortMapper::get() const
+{
+	Mutex::Lock _l(_impl->surface_l);
+	return _impl->surface;
+}
+
+} // namespace ZeroTier
+
+#endif // ZT_USE_MINIUPNPC
diff --git a/osdep/PortMapper.hpp b/osdep/PortMapper.hpp
new file mode 100644
index 0000000..0b8d15f
--- /dev/null
+++ b/osdep/PortMapper.hpp
@@ -0,0 +1,71 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef ZT_USE_MINIUPNPC
+
+#ifndef ZT_PORTMAPPER_HPP
+#define ZT_PORTMAPPER_HPP
+
+#include <vector>
+
+#include "../node/Constants.hpp"
+#include "../node/InetAddress.hpp"
+#include "../node/Mutex.hpp"
+#include "Thread.hpp"
+
+/**
+ * How frequently should we refresh our UPNP/NAT-PnP/whatever state?
+ */
+#define ZT_PORTMAPPER_REFRESH_DELAY 300000
+
+namespace ZeroTier {
+
+class PortMapperImpl;
+
+/**
+ * UPnP/NAT-PnP port mapping "daemon"
+ */
+class PortMapper
+{
+	friend class PortMapperImpl;
+
+public:
+	/**
+	 * Create and start port mapper service
+	 *
+	 * @param localUdpPortToMap Port we want visible to the outside world
+	 * @param name Unique name of this endpoint (based on ZeroTier address)
+	 */
+	PortMapper(int localUdpPortToMap,const char *uniqueName);
+
+	~PortMapper();
+
+	/**
+	 * @return All current external mappings for our port
+	 */
+	std::vector<InetAddress> get() const;
+
+private:
+	PortMapperImpl *_impl;
+};
+
+} // namespace ZeroTier
+
+#endif
+
+#endif // ZT_USE_MINIUPNPC
diff --git a/osdep/README.md b/osdep/README.md
new file mode 100644
index 0000000..a77297a
--- /dev/null
+++ b/osdep/README.md
@@ -0,0 +1,6 @@
+OS-Dependent and OS-Interface Things
+======
+
+This folder contains stuff that interfaces with the base operating system
+like Phy for network access and the various OS-specific Ethernet tap
+drivers.
diff --git a/osdep/Thread.hpp b/osdep/Thread.hpp
new file mode 100644
index 0000000..7fb38d8
--- /dev/null
+++ b/osdep/Thread.hpp
@@ -0,0 +1,194 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_THREAD_HPP
+#define ZT_THREAD_HPP
+
+#include <stdexcept>
+
+#include "../node/Constants.hpp"
+
+#ifdef __WINDOWS__
+
+#include <WinSock2.h>
+#include <Windows.h>
+#include <string.h>
+#include "../node/Mutex.hpp"
+
+namespace ZeroTier {
+
+template<typename C>
+static DWORD WINAPI ___zt_threadMain(LPVOID lpParam)
+{
+	try {
+		((C *)lpParam)->threadMain();
+	} catch ( ... ) {}
+	return 0;
+}
+
+class Thread
+{
+public:
+	Thread()
+		throw()
+	{
+		_th = NULL;
+		_tid = 0;
+	}
+
+	template<typename C>
+	static inline Thread start(C *instance)
+		throw(std::runtime_error)
+	{
+		Thread t;
+		t._th = CreateThread(NULL,0,&___zt_threadMain<C>,(LPVOID)instance,0,&t._tid);
+		if (t._th == NULL)
+			throw std::runtime_error("CreateThread() failed");
+		return t;
+	}
+
+	static inline void join(const Thread &t)
+	{
+		if (t._th != NULL) {
+			for(;;) {
+				DWORD ec = STILL_ACTIVE;
+				GetExitCodeThread(t._th,&ec);
+				if (ec == STILL_ACTIVE)
+					WaitForSingleObject(t._th,1000);
+				else break;
+			}
+		}
+	}
+
+	static inline void sleep(unsigned long ms)
+	{
+		Sleep((DWORD)ms);
+	}
+
+	// Not available on *nix platforms
+	static inline void cancelIO(const Thread &t)
+	{
+		if (t._th != NULL)
+			CancelSynchronousIo(t._th);
+	}
+
+	inline operator bool() const throw() { return (_th != NULL); }
+
+private:
+	HANDLE _th;
+	DWORD _tid;
+};
+
+} // namespace ZeroTier
+
+#else
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <pthread.h>
+#include <unistd.h>
+
+namespace ZeroTier {
+
+template<typename C>
+static void *___zt_threadMain(void *instance)
+{
+	try {
+		((C *)instance)->threadMain();
+	} catch ( ... ) {}
+	return (void *)0;
+}
+
+/**
+ * A thread identifier, and static methods to start and join threads
+ */
+class Thread
+{
+public:
+	Thread()
+		throw()
+	{
+		memset(&_tid,0,sizeof(_tid));
+		_started = false;
+	}
+
+	Thread(const Thread &t)
+		throw()
+	{
+		memcpy(&_tid,&(t._tid),sizeof(_tid));
+		_started = t._started;
+	}
+
+	inline Thread &operator=(const Thread &t)
+		throw()
+	{
+		memcpy(&_tid,&(t._tid),sizeof(_tid));
+		_started = t._started;
+		return *this;
+	}
+
+	/**
+	 * Start a new thread
+	 *
+	 * @param instance Instance whose threadMain() method gets called by new thread
+	 * @return Thread identifier
+	 * @throws std::runtime_error Unable to create thread
+	 * @tparam C Class containing threadMain()
+	 */
+	template<typename C>
+	static inline Thread start(C *instance)
+		throw(std::runtime_error)
+	{
+		Thread t;
+		t._started = true;
+		if (pthread_create(&t._tid,(const pthread_attr_t *)0,&___zt_threadMain<C>,instance))
+			throw std::runtime_error("pthread_create() failed, unable to create thread");
+		return t;
+	}
+
+	/**
+	 * Join to a thread, waiting for it to terminate (does nothing on null Thread values)
+	 *
+	 * @param t Thread to join
+	 */
+	static inline void join(const Thread &t)
+	{
+		if (t._started)
+			pthread_join(t._tid,(void **)0);
+	}
+
+	/**
+	 * Sleep the current thread
+	 *
+	 * @param ms Number of milliseconds to sleep
+	 */
+	static inline void sleep(unsigned long ms) { usleep(ms * 1000); }
+
+	inline operator bool() const throw() { return (_started); }
+
+private:
+	pthread_t _tid;
+	volatile bool _started;
+};
+
+} // namespace ZeroTier
+
+#endif // __WINDOWS__ / !__WINDOWS__
+
+#endif
diff --git a/osdep/WindowsEthernetTap.cpp b/osdep/WindowsEthernetTap.cpp
new file mode 100644
index 0000000..7e1a5a1
--- /dev/null
+++ b/osdep/WindowsEthernetTap.cpp
@@ -0,0 +1,1210 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+#include <WinSock2.h>
+#include <Windows.h>
+#include <tchar.h>
+#include <malloc.h>
+#include <winreg.h>
+#include <wchar.h>
+#include <ws2ipdef.h>
+#include <WS2tcpip.h>
+#include <IPHlpApi.h>
+#include <nldef.h>
+#include <netioapi.h>
+#include <atlbase.h>
+#include <netlistmgr.h>
+#include <nldef.h>
+#include <SetupAPI.h>
+#include <newdev.h>
+#include <cfgmgr32.h>
+
+#include <iostream>
+#include <set>
+
+#include "../node/Constants.hpp"
+#include "../node/Utils.hpp"
+#include "../node/Mutex.hpp"
+
+#include "WindowsEthernetTap.hpp"
+#include "OSUtils.hpp"
+
+#include "..\windows\TapDriver6\tap-windows.h"
+
+// Create a fake unused default route to force detection of network type on networks without gateways
+#define ZT_WINDOWS_CREATE_FAKE_DEFAULT_ROUTE
+
+// Function signatures of dynamically loaded functions, from newdev.h, setupapi.h, and cfgmgr32.h
+typedef BOOL (WINAPI *UpdateDriverForPlugAndPlayDevicesA_t)(_In_opt_ HWND hwndParent,_In_ LPCSTR HardwareId,_In_ LPCSTR FullInfPath,_In_ DWORD InstallFlags,_Out_opt_ PBOOL bRebootRequired);
+typedef BOOL (WINAPI *SetupDiGetINFClassA_t)(_In_ PCSTR InfName,_Out_ LPGUID ClassGuid,_Out_writes_(ClassNameSize) PSTR ClassName,_In_ DWORD ClassNameSize,_Out_opt_ PDWORD RequiredSize);
+typedef HDEVINFO (WINAPI *SetupDiCreateDeviceInfoList_t)(_In_opt_ CONST GUID *ClassGuid,_In_opt_ HWND hwndParent);
+typedef BOOL (WINAPI *SetupDiCreateDeviceInfoA_t)(_In_ HDEVINFO DeviceInfoSet,_In_ PCSTR DeviceName,_In_ CONST GUID *ClassGuid,_In_opt_ PCSTR DeviceDescription,_In_opt_ HWND hwndParent,_In_ DWORD CreationFlags,_Out_opt_ PSP_DEVINFO_DATA DeviceInfoData);
+typedef BOOL (WINAPI *SetupDiSetDeviceRegistryPropertyA_t)(_In_ HDEVINFO DeviceInfoSet,_Inout_ PSP_DEVINFO_DATA DeviceInfoData,_In_ DWORD Property,_In_reads_bytes_opt_(PropertyBufferSize) CONST BYTE *PropertyBuffer,_In_ DWORD PropertyBufferSize);
+typedef BOOL (WINAPI *SetupDiCallClassInstaller_t)(_In_ DI_FUNCTION InstallFunction,_In_ HDEVINFO DeviceInfoSet,_In_opt_ PSP_DEVINFO_DATA DeviceInfoData);
+typedef BOOL (WINAPI *SetupDiDestroyDeviceInfoList_t)(_In_ HDEVINFO DeviceInfoSet);
+typedef HDEVINFO (WINAPI *SetupDiGetClassDevsExA_t)(_In_opt_ CONST GUID *ClassGuid,_In_opt_ PCSTR Enumerator,_In_opt_ HWND hwndParent,_In_ DWORD Flags,_In_opt_ HDEVINFO DeviceInfoSet,_In_opt_ PCSTR MachineName,_Reserved_ PVOID Reserved);
+typedef BOOL (WINAPI *SetupDiOpenDeviceInfoA_t)(_In_ HDEVINFO DeviceInfoSet,_In_ PCSTR DeviceInstanceId,_In_opt_ HWND hwndParent,_In_ DWORD OpenFlags,_Out_opt_ PSP_DEVINFO_DATA DeviceInfoData);
+typedef BOOL (WINAPI *SetupDiEnumDeviceInfo_t)(_In_ HDEVINFO DeviceInfoSet,_In_ DWORD MemberIndex,_Out_ PSP_DEVINFO_DATA DeviceInfoData);
+typedef BOOL (WINAPI *SetupDiSetClassInstallParamsA_t)(_In_ HDEVINFO DeviceInfoSet,_In_opt_ PSP_DEVINFO_DATA DeviceInfoData,_In_reads_bytes_opt_(ClassInstallParamsSize) PSP_CLASSINSTALL_HEADER ClassInstallParams,_In_ DWORD ClassInstallParamsSize);
+typedef CONFIGRET (WINAPI *CM_Get_Device_ID_ExA_t)(_In_ DEVINST dnDevInst,_Out_writes_(BufferLen) PSTR Buffer,_In_ ULONG BufferLen,_In_ ULONG ulFlags,_In_opt_ HMACHINE hMachine);
+typedef BOOL (WINAPI *SetupDiGetDeviceInstanceIdA_t)(_In_ HDEVINFO DeviceInfoSet,_In_ PSP_DEVINFO_DATA DeviceInfoData,_Out_writes_opt_(DeviceInstanceIdSize) PSTR DeviceInstanceId,_In_ DWORD DeviceInstanceIdSize,_Out_opt_ PDWORD RequiredSize);
+
+namespace ZeroTier {
+
+namespace {
+
+// Static/singleton class that when initialized loads a bunch of environment information and a few dynamically loaded DLLs
+class WindowsEthernetTapEnv
+{
+public:
+	WindowsEthernetTapEnv()
+	{
+#ifdef _WIN64
+		is64Bit = TRUE;
+		tapDriverPath = "\\tap-windows\\x64\\zttap300.inf";
+#else
+		is64Bit = FALSE;
+		IsWow64Process(GetCurrentProcess(),&is64Bit);
+		if (is64Bit) {
+			fprintf(stderr,"FATAL: you must use the 64-bit ZeroTier One service on 64-bit Windows systems\r\n");
+			_exit(1);
+		}
+		tapDriverPath = "\\tap-windows\\x86\\zttap300.inf";
+#endif
+		tapDriverName = "zttap300";
+
+		setupApiMod = LoadLibraryA("setupapi.dll");
+		if (!setupApiMod) {
+			fprintf(stderr,"FATAL: unable to dynamically load setupapi.dll\r\n");
+			_exit(1);
+		}
+		if (!(this->SetupDiGetINFClassA = (SetupDiGetINFClassA_t)GetProcAddress(setupApiMod,"SetupDiGetINFClassA"))) {
+			fprintf(stderr,"FATAL: SetupDiGetINFClassA not found in setupapi.dll\r\n");
+			_exit(1);
+		}
+		if (!(this->SetupDiCreateDeviceInfoList = (SetupDiCreateDeviceInfoList_t)GetProcAddress(setupApiMod,"SetupDiCreateDeviceInfoList"))) {
+			fprintf(stderr,"FATAL: SetupDiCreateDeviceInfoList not found in setupapi.dll\r\n");
+			_exit(1);
+		}
+		if (!(this->SetupDiCreateDeviceInfoA = (SetupDiCreateDeviceInfoA_t)GetProcAddress(setupApiMod,"SetupDiCreateDeviceInfoA"))) {
+			fprintf(stderr,"FATAL: SetupDiCreateDeviceInfoA not found in setupapi.dll\r\n");
+			_exit(1);
+		}
+		if (!(this->SetupDiSetDeviceRegistryPropertyA = (SetupDiSetDeviceRegistryPropertyA_t)GetProcAddress(setupApiMod,"SetupDiSetDeviceRegistryPropertyA"))) {
+			fprintf(stderr,"FATAL: SetupDiSetDeviceRegistryPropertyA not found in setupapi.dll\r\n");
+			_exit(1);
+		}
+		if (!(this->SetupDiCallClassInstaller = (SetupDiCallClassInstaller_t)GetProcAddress(setupApiMod,"SetupDiCallClassInstaller"))) {
+			fprintf(stderr,"FATAL: SetupDiCallClassInstaller not found in setupapi.dll\r\n");
+			_exit(1);
+		}
+		if (!(this->SetupDiDestroyDeviceInfoList = (SetupDiDestroyDeviceInfoList_t)GetProcAddress(setupApiMod,"SetupDiDestroyDeviceInfoList"))) {
+			fprintf(stderr,"FATAL: SetupDiDestroyDeviceInfoList not found in setupapi.dll\r\n");
+			_exit(1);
+		}
+		if (!(this->SetupDiGetClassDevsExA = (SetupDiGetClassDevsExA_t)GetProcAddress(setupApiMod,"SetupDiGetClassDevsExA"))) {
+			fprintf(stderr,"FATAL: SetupDiGetClassDevsExA not found in setupapi.dll\r\n");
+			_exit(1);
+		}
+		if (!(this->SetupDiOpenDeviceInfoA = (SetupDiOpenDeviceInfoA_t)GetProcAddress(setupApiMod,"SetupDiOpenDeviceInfoA"))) {
+			fprintf(stderr,"FATAL: SetupDiOpenDeviceInfoA not found in setupapi.dll\r\n");
+			_exit(1);
+		}
+		if (!(this->SetupDiEnumDeviceInfo = (SetupDiEnumDeviceInfo_t)GetProcAddress(setupApiMod,"SetupDiEnumDeviceInfo"))) {
+			fprintf(stderr,"FATAL: SetupDiEnumDeviceInfo not found in setupapi.dll\r\n");
+			_exit(1);
+		}
+		if (!(this->SetupDiSetClassInstallParamsA = (SetupDiSetClassInstallParamsA_t)GetProcAddress(setupApiMod,"SetupDiSetClassInstallParamsA"))) {
+			fprintf(stderr,"FATAL: SetupDiSetClassInstallParamsA not found in setupapi.dll\r\n");
+			_exit(1);
+		}
+		if (!(this->SetupDiGetDeviceInstanceIdA = (SetupDiGetDeviceInstanceIdA_t)GetProcAddress(setupApiMod,"SetupDiGetDeviceInstanceIdA"))) {
+			fprintf(stderr,"FATAL: SetupDiGetDeviceInstanceIdA not found in setupapi.dll\r\n");
+			_exit(1);
+		}
+
+		newDevMod = LoadLibraryA("newdev.dll");
+		if (!newDevMod) {
+			fprintf(stderr,"FATAL: unable to dynamically load newdev.dll\r\n");
+			_exit(1);
+		}
+		if (!(this->UpdateDriverForPlugAndPlayDevicesA = (UpdateDriverForPlugAndPlayDevicesA_t)GetProcAddress(newDevMod,"UpdateDriverForPlugAndPlayDevicesA"))) {
+			fprintf(stderr,"FATAL: UpdateDriverForPlugAndPlayDevicesA not found in newdev.dll\r\n");
+			_exit(1);
+		}
+
+		cfgMgrMod = LoadLibraryA("cfgmgr32.dll");
+		if (!cfgMgrMod) {
+			fprintf(stderr,"FATAL: unable to dynamically load cfgmgr32.dll\r\n");
+			_exit(1);
+		}
+		if (!(this->CM_Get_Device_ID_ExA = (CM_Get_Device_ID_ExA_t)GetProcAddress(cfgMgrMod,"CM_Get_Device_ID_ExA"))) {
+			fprintf(stderr,"FATAL: CM_Get_Device_ID_ExA not found in cfgmgr32.dll\r\n");
+			_exit(1);
+		}
+	}
+
+	BOOL is64Bit; // is the system 64-bit, regardless of whether this binary is or not
+	std::string tapDriverPath;
+	std::string tapDriverName;
+
+	UpdateDriverForPlugAndPlayDevicesA_t UpdateDriverForPlugAndPlayDevicesA;
+
+	SetupDiGetINFClassA_t SetupDiGetINFClassA;
+	SetupDiCreateDeviceInfoList_t SetupDiCreateDeviceInfoList;
+	SetupDiCreateDeviceInfoA_t SetupDiCreateDeviceInfoA;
+	SetupDiSetDeviceRegistryPropertyA_t SetupDiSetDeviceRegistryPropertyA;
+	SetupDiCallClassInstaller_t SetupDiCallClassInstaller;
+	SetupDiDestroyDeviceInfoList_t SetupDiDestroyDeviceInfoList;
+	SetupDiGetClassDevsExA_t SetupDiGetClassDevsExA;
+	SetupDiOpenDeviceInfoA_t SetupDiOpenDeviceInfoA;
+	SetupDiEnumDeviceInfo_t SetupDiEnumDeviceInfo;
+	SetupDiSetClassInstallParamsA_t SetupDiSetClassInstallParamsA;
+	SetupDiGetDeviceInstanceIdA_t SetupDiGetDeviceInstanceIdA;
+
+	CM_Get_Device_ID_ExA_t CM_Get_Device_ID_ExA;
+
+private:
+	HMODULE setupApiMod;
+	HMODULE newDevMod;
+	HMODULE cfgMgrMod;
+};
+static const WindowsEthernetTapEnv WINENV;
+
+// Only create or delete devices one at a time
+static Mutex _systemTapInitLock;
+
+// Only perform installation or uninstallation options one at a time
+static Mutex _systemDeviceManagementLock;
+
+} // anonymous namespace
+
+std::string WindowsEthernetTap::addNewPersistentTapDevice(const char *pathToInf,std::string &deviceInstanceId)
+{
+	Mutex::Lock _l(_systemDeviceManagementLock);
+
+	GUID classGuid;
+	char className[1024];
+	if (!WINENV.SetupDiGetINFClassA(pathToInf,&classGuid,className,sizeof(className),(PDWORD)0)) {
+		return std::string("SetupDiGetINFClassA() failed -- unable to read zttap driver INF file");
+	}
+
+	HDEVINFO deviceInfoSet = WINENV.SetupDiCreateDeviceInfoList(&classGuid,(HWND)0);
+	if (deviceInfoSet == INVALID_HANDLE_VALUE) {
+		return std::string("SetupDiCreateDeviceInfoList() failed");
+	}
+
+	SP_DEVINFO_DATA deviceInfoData;
+	memset(&deviceInfoData,0,sizeof(deviceInfoData));
+	deviceInfoData.cbSize = sizeof(deviceInfoData);
+	if (!WINENV.SetupDiCreateDeviceInfoA(deviceInfoSet,className,&classGuid,(PCSTR)0,(HWND)0,DICD_GENERATE_ID,&deviceInfoData)) {
+		WINENV.SetupDiDestroyDeviceInfoList(deviceInfoSet);
+		return std::string("SetupDiCreateDeviceInfoA() failed");
+	}
+
+	if (!WINENV.SetupDiSetDeviceRegistryPropertyA(deviceInfoSet,&deviceInfoData,SPDRP_HARDWAREID,(const BYTE *)WINENV.tapDriverName.c_str(),(DWORD)(WINENV.tapDriverName.length() + 1))) {
+		WINENV.SetupDiDestroyDeviceInfoList(deviceInfoSet);
+		return std::string("SetupDiSetDeviceRegistryPropertyA() failed");
+	}
+
+	if (!WINENV.SetupDiCallClassInstaller(DIF_REGISTERDEVICE,deviceInfoSet,&deviceInfoData)) {
+		WINENV.SetupDiDestroyDeviceInfoList(deviceInfoSet);
+		return std::string("SetupDiCallClassInstaller(DIF_REGISTERDEVICE) failed");
+	}
+
+	// HACK: During upgrades, this can fail while the installer is still running. So make 60 attempts
+	// with a 1s delay between each attempt.
+	bool driverInstalled = false;
+	for(int retryCounter=0;retryCounter<60;++retryCounter) {
+		BOOL rebootRequired = FALSE;
+		if (WINENV.UpdateDriverForPlugAndPlayDevicesA((HWND)0,WINENV.tapDriverName.c_str(),pathToInf,INSTALLFLAG_FORCE|INSTALLFLAG_NONINTERACTIVE,&rebootRequired)) {
+			driverInstalled = true;
+			break;
+		} else Sleep(1000);
+	}
+	if (!driverInstalled) {
+		WINENV.SetupDiDestroyDeviceInfoList(deviceInfoSet);
+		return std::string("UpdateDriverForPlugAndPlayDevices() failed (made 60 attempts)");
+	}
+
+	char iidbuf[1024];
+	DWORD iidReqSize = sizeof(iidbuf);
+	if (WINENV.SetupDiGetDeviceInstanceIdA(deviceInfoSet,&deviceInfoData,iidbuf,sizeof(iidbuf),&iidReqSize)) {
+		deviceInstanceId = iidbuf;
+	} // failure here is not fatal since we only need this on Vista and 2008 -- other versions fill it into the registry automatically
+
+	WINENV.SetupDiDestroyDeviceInfoList(deviceInfoSet);
+
+	return std::string();
+}
+
+std::string WindowsEthernetTap::destroyAllLegacyPersistentTapDevices()
+{
+	char subkeyName[1024];
+	char subkeyClass[1024];
+	char data[1024];
+
+	std::set<std::string> instanceIdPathsToRemove;
+	{
+		HKEY nwAdapters;
+		if (RegOpenKeyExA(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}",0,KEY_READ|KEY_WRITE,&nwAdapters) != ERROR_SUCCESS)
+			return std::string("Could not open registry key");
+
+		for(DWORD subkeyIndex=0;;++subkeyIndex) {
+			DWORD type;
+			DWORD dataLen;
+			DWORD subkeyNameLen = sizeof(subkeyName);
+			DWORD subkeyClassLen = sizeof(subkeyClass);
+			FILETIME lastWriteTime;
+			if (RegEnumKeyExA(nwAdapters,subkeyIndex,subkeyName,&subkeyNameLen,(DWORD *)0,subkeyClass,&subkeyClassLen,&lastWriteTime) == ERROR_SUCCESS) {
+				type = 0;
+				dataLen = sizeof(data);
+				if (RegGetValueA(nwAdapters,subkeyName,"ComponentId",RRF_RT_ANY,&type,(PVOID)data,&dataLen) == ERROR_SUCCESS) {
+					data[dataLen] = '\0';
+
+					if ((!strnicmp(data,"zttap",5))&&(WINENV.tapDriverName != data)) {
+						std::string instanceIdPath;
+						type = 0;
+						dataLen = sizeof(data);
+						if (RegGetValueA(nwAdapters,subkeyName,"DeviceInstanceID",RRF_RT_ANY,&type,(PVOID)data,&dataLen) == ERROR_SUCCESS)
+							instanceIdPath.assign(data,dataLen);
+						if (instanceIdPath.length() != 0)
+							instanceIdPathsToRemove.insert(instanceIdPath);
+					}
+				}
+			} else break; // end of list or failure
+		}
+
+		RegCloseKey(nwAdapters);
+	}
+
+	std::string errlist;
+	for(std::set<std::string>::iterator iidp(instanceIdPathsToRemove.begin());iidp!=instanceIdPathsToRemove.end();++iidp) {
+		std::string err = deletePersistentTapDevice(iidp->c_str());
+		if (err.length() > 0) {
+			if (errlist.length() > 0)
+				errlist.push_back(',');
+			errlist.append(err);
+		}
+	}
+	return errlist;
+}
+
+std::string WindowsEthernetTap::destroyAllPersistentTapDevices()
+{
+	char subkeyName[1024];
+	char subkeyClass[1024];
+	char data[1024];
+
+	std::set<std::string> instanceIdPathsToRemove;
+	{
+		HKEY nwAdapters;
+		if (RegOpenKeyExA(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}",0,KEY_READ|KEY_WRITE,&nwAdapters) != ERROR_SUCCESS)
+			return std::string("Could not open registry key");
+
+		for(DWORD subkeyIndex=0;;++subkeyIndex) {
+			DWORD type;
+			DWORD dataLen;
+			DWORD subkeyNameLen = sizeof(subkeyName);
+			DWORD subkeyClassLen = sizeof(subkeyClass);
+			FILETIME lastWriteTime;
+			if (RegEnumKeyExA(nwAdapters,subkeyIndex,subkeyName,&subkeyNameLen,(DWORD *)0,subkeyClass,&subkeyClassLen,&lastWriteTime) == ERROR_SUCCESS) {
+				type = 0;
+				dataLen = sizeof(data);
+				if (RegGetValueA(nwAdapters,subkeyName,"ComponentId",RRF_RT_ANY,&type,(PVOID)data,&dataLen) == ERROR_SUCCESS) {
+					data[dataLen] = '\0';
+
+					if (!strnicmp(data,"zttap",5)) {
+						std::string instanceIdPath;
+						type = 0;
+						dataLen = sizeof(data);
+						if (RegGetValueA(nwAdapters,subkeyName,"DeviceInstanceID",RRF_RT_ANY,&type,(PVOID)data,&dataLen) == ERROR_SUCCESS)
+							instanceIdPath.assign(data,dataLen);
+						if (instanceIdPath.length() != 0)
+							instanceIdPathsToRemove.insert(instanceIdPath);
+					}
+				}
+			} else break; // end of list or failure
+		}
+
+		RegCloseKey(nwAdapters);
+	}
+
+	std::string errlist;
+	for(std::set<std::string>::iterator iidp(instanceIdPathsToRemove.begin());iidp!=instanceIdPathsToRemove.end();++iidp) {
+		std::string err = deletePersistentTapDevice(iidp->c_str());
+		if (err.length() > 0) {
+			if (errlist.length() > 0)
+				errlist.push_back(',');
+			errlist.append(err);
+		}
+	}
+	return errlist;
+}
+
+std::string WindowsEthernetTap::deletePersistentTapDevice(const char *instanceId)
+{
+	char iid[256];
+	SP_REMOVEDEVICE_PARAMS rmdParams;
+
+	memset(&rmdParams,0,sizeof(rmdParams));
+	rmdParams.ClassInstallHeader.cbSize = sizeof(SP_CLASSINSTALL_HEADER);
+	rmdParams.ClassInstallHeader.InstallFunction = DIF_REMOVE;
+	rmdParams.Scope = DI_REMOVEDEVICE_GLOBAL;
+	rmdParams.HwProfile = 0;
+
+	Mutex::Lock _l(_systemDeviceManagementLock);
+
+	HDEVINFO devInfo = WINENV.SetupDiGetClassDevsExA((const GUID *)0,(PCSTR)0,(HWND)0,DIGCF_ALLCLASSES,(HDEVINFO)0,(PCSTR)0,(PVOID)0);
+	if (devInfo == INVALID_HANDLE_VALUE)
+		return std::string("SetupDiGetClassDevsExA() failed");
+	WINENV.SetupDiOpenDeviceInfoA(devInfo,instanceId,(HWND)0,0,(PSP_DEVINFO_DATA)0);
+
+	SP_DEVINFO_DATA devInfoData;
+	memset(&devInfoData,0,sizeof(devInfoData));
+	devInfoData.cbSize = sizeof(devInfoData);
+	for(DWORD devIndex=0;WINENV.SetupDiEnumDeviceInfo(devInfo,devIndex,&devInfoData);devIndex++) {
+		if ((WINENV.CM_Get_Device_ID_ExA(devInfoData.DevInst,iid,sizeof(iid),0,(HMACHINE)0) == CR_SUCCESS)&&(!strcmp(iid,instanceId))) {
+			if (!WINENV.SetupDiSetClassInstallParamsA(devInfo,&devInfoData,&rmdParams.ClassInstallHeader,sizeof(rmdParams))) {
+				WINENV.SetupDiDestroyDeviceInfoList(devInfo);
+				return std::string("SetupDiSetClassInstallParams() failed");
+			}
+
+			if (!WINENV.SetupDiCallClassInstaller(DIF_REMOVE,devInfo,&devInfoData)) {
+				WINENV.SetupDiDestroyDeviceInfoList(devInfo);
+				return std::string("SetupDiCallClassInstaller(DIF_REMOVE) failed");
+			}
+
+			WINENV.SetupDiDestroyDeviceInfoList(devInfo);
+			return std::string();
+		}
+	}
+
+	WINENV.SetupDiDestroyDeviceInfoList(devInfo);
+	return std::string("instance ID not found");
+}
+
+bool WindowsEthernetTap::setPersistentTapDeviceState(const char *instanceId,bool enabled)
+{
+	char iid[256];
+	SP_PROPCHANGE_PARAMS params;
+
+	Mutex::Lock _l(_systemDeviceManagementLock);
+
+	HDEVINFO devInfo = WINENV.SetupDiGetClassDevsExA((const GUID *)0,(PCSTR)0,(HWND)0,DIGCF_ALLCLASSES,(HDEVINFO)0,(PCSTR)0,(PVOID)0);
+	if (devInfo == INVALID_HANDLE_VALUE)
+		return false;
+	WINENV.SetupDiOpenDeviceInfoA(devInfo,instanceId,(HWND)0,0,(PSP_DEVINFO_DATA)0);
+
+	SP_DEVINFO_DATA devInfoData;
+	memset(&devInfoData,0,sizeof(devInfoData));
+	devInfoData.cbSize = sizeof(devInfoData);
+	for(DWORD devIndex=0;WINENV.SetupDiEnumDeviceInfo(devInfo,devIndex,&devInfoData);devIndex++) {
+		if ((WINENV.CM_Get_Device_ID_ExA(devInfoData.DevInst,iid,sizeof(iid),0,(HMACHINE)0) == CR_SUCCESS)&&(!strcmp(iid,instanceId))) {
+			memset(&params,0,sizeof(params));
+			params.ClassInstallHeader.cbSize = sizeof(SP_CLASSINSTALL_HEADER);
+			params.ClassInstallHeader.InstallFunction = DIF_PROPERTYCHANGE;
+			params.StateChange = enabled ? DICS_ENABLE : DICS_DISABLE;
+			params.Scope = DICS_FLAG_GLOBAL;
+			params.HwProfile = 0;
+
+			WINENV.SetupDiSetClassInstallParamsA(devInfo,&devInfoData,&params.ClassInstallHeader,sizeof(params));
+			WINENV.SetupDiCallClassInstaller(DIF_PROPERTYCHANGE,devInfo,&devInfoData);
+
+			memset(&params,0,sizeof(params));
+			params.ClassInstallHeader.cbSize = sizeof(SP_CLASSINSTALL_HEADER);
+			params.ClassInstallHeader.InstallFunction = DIF_PROPERTYCHANGE;
+			params.StateChange = enabled ? DICS_ENABLE : DICS_DISABLE;
+			params.Scope = DICS_FLAG_CONFIGSPECIFIC;
+			params.HwProfile = 0;
+
+			WINENV.SetupDiSetClassInstallParamsA(devInfo,&devInfoData,&params.ClassInstallHeader,sizeof(params));
+			WINENV.SetupDiCallClassInstaller(DIF_PROPERTYCHANGE,devInfo,&devInfoData);
+
+			WINENV.SetupDiDestroyDeviceInfoList(devInfo);
+			return true;
+		}
+	}
+
+	WINENV.SetupDiDestroyDeviceInfoList(devInfo);
+	return false;
+}
+
+WindowsEthernetTap::WindowsEthernetTap(
+	const char *hp,
+	const MAC &mac,
+	unsigned int mtu,
+	unsigned int metric,
+	uint64_t nwid,
+	const char *friendlyName,
+	void (*handler)(void *,uint64_t,const MAC &,const MAC &,unsigned int,unsigned int,const void *,unsigned int),
+	void *arg) :
+	_handler(handler),
+	_arg(arg),
+	_mac(mac),
+	_nwid(nwid),
+	_tap(INVALID_HANDLE_VALUE),
+	_injectSemaphore(INVALID_HANDLE_VALUE),
+	_pathToHelpers(hp),
+	_run(true),
+	_initialized(false),
+	_enabled(true)
+{
+	char subkeyName[1024];
+	char subkeyClass[1024];
+	char data[1024];
+	char tag[24];
+	std::string mySubkeyName;
+
+	if (mtu > 2800)
+		throw std::runtime_error("MTU too large.");
+
+	// We "tag" registry entries with the network ID to identify persistent devices
+	Utils::snprintf(tag,sizeof(tag),"%.16llx",(unsigned long long)nwid);
+
+	Mutex::Lock _l(_systemTapInitLock);
+
+	HKEY nwAdapters;
+	if (RegOpenKeyExA(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}",0,KEY_READ|KEY_WRITE,&nwAdapters) != ERROR_SUCCESS)
+		throw std::runtime_error("unable to open registry key for network adapter enumeration");
+
+	// Look for the tap instance that corresponds with this network
+	for(DWORD subkeyIndex=0;;++subkeyIndex) {
+		DWORD type;
+		DWORD dataLen;
+		DWORD subkeyNameLen = sizeof(subkeyName);
+		DWORD subkeyClassLen = sizeof(subkeyClass);
+		FILETIME lastWriteTime;
+		if (RegEnumKeyExA(nwAdapters,subkeyIndex,subkeyName,&subkeyNameLen,(DWORD *)0,subkeyClass,&subkeyClassLen,&lastWriteTime) == ERROR_SUCCESS) {
+			type = 0;
+			dataLen = sizeof(data);
+			if (RegGetValueA(nwAdapters,subkeyName,"ComponentId",RRF_RT_ANY,&type,(PVOID)data,&dataLen) == ERROR_SUCCESS) {
+				data[dataLen] = (char)0;
+
+				if (WINENV.tapDriverName == data) {
+					std::string instanceId;
+					type = 0;
+					dataLen = sizeof(data);
+					if (RegGetValueA(nwAdapters,subkeyName,"NetCfgInstanceId",RRF_RT_ANY,&type,(PVOID)data,&dataLen) == ERROR_SUCCESS)
+						instanceId.assign(data,dataLen);
+
+					std::string instanceIdPath;
+					type = 0;
+					dataLen = sizeof(data);
+					if (RegGetValueA(nwAdapters,subkeyName,"DeviceInstanceID",RRF_RT_ANY,&type,(PVOID)data,&dataLen) == ERROR_SUCCESS)
+						instanceIdPath.assign(data,dataLen);
+
+					if ((_netCfgInstanceId.length() == 0)&&(instanceId.length() != 0)&&(instanceIdPath.length() != 0)) {
+						type = 0;
+						dataLen = sizeof(data);
+						if (RegGetValueA(nwAdapters,subkeyName,"_ZeroTierTapIdentifier",RRF_RT_ANY,&type,(PVOID)data,&dataLen) == ERROR_SUCCESS) {
+							data[dataLen] = '\0';
+							if (!strcmp(data,tag)) {
+								_netCfgInstanceId = instanceId;
+								_deviceInstanceId = instanceIdPath;
+
+								mySubkeyName = subkeyName;
+								break; // found it!
+							}
+						}
+					}
+				}
+			}
+		} else break; // no more subkeys or error occurred enumerating them
+	}
+
+	// If there is no device, try to create one
+	bool creatingNewDevice = (_netCfgInstanceId.length() == 0);
+	std::string newDeviceInstanceId;
+	if (creatingNewDevice) {
+		for(int getNewAttemptCounter=0;getNewAttemptCounter<2;++getNewAttemptCounter) {
+			for(DWORD subkeyIndex=0;;++subkeyIndex) {
+				DWORD type;
+				DWORD dataLen;
+				DWORD subkeyNameLen = sizeof(subkeyName);
+				DWORD subkeyClassLen = sizeof(subkeyClass);
+				FILETIME lastWriteTime;
+				if (RegEnumKeyExA(nwAdapters,subkeyIndex,subkeyName,&subkeyNameLen,(DWORD *)0,subkeyClass,&subkeyClassLen,&lastWriteTime) == ERROR_SUCCESS) {
+					type = 0;
+					dataLen = sizeof(data);
+					if (RegGetValueA(nwAdapters,subkeyName,"ComponentId",RRF_RT_ANY,&type,(PVOID)data,&dataLen) == ERROR_SUCCESS) {
+						data[dataLen] = '\0';
+
+						if (WINENV.tapDriverName == data) {
+							type = 0;
+							dataLen = sizeof(data);
+							if ((RegGetValueA(nwAdapters,subkeyName,"_ZeroTierTapIdentifier",RRF_RT_ANY,&type,(PVOID)data,&dataLen) != ERROR_SUCCESS)||(dataLen <= 0)) {
+								type = 0;
+								dataLen = sizeof(data);
+								if (RegGetValueA(nwAdapters,subkeyName,"NetCfgInstanceId",RRF_RT_ANY,&type,(PVOID)data,&dataLen) == ERROR_SUCCESS) {
+									RegSetKeyValueA(nwAdapters,subkeyName,"_ZeroTierTapIdentifier",REG_SZ,tag,(DWORD)(strlen(tag)+1));
+
+									_netCfgInstanceId.assign(data,dataLen);
+
+									type = 0;
+									dataLen = sizeof(data);
+									if (RegGetValueA(nwAdapters,subkeyName,"DeviceInstanceID",RRF_RT_ANY,&type,(PVOID)data,&dataLen) == ERROR_SUCCESS)
+										_deviceInstanceId.assign(data,dataLen);
+
+									mySubkeyName = subkeyName;
+
+									// Disable DHCP by default on new devices
+									HKEY tcpIpInterfaces;
+									if (RegOpenKeyExA(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\services\\Tcpip\\Parameters\\Interfaces",0,KEY_READ|KEY_WRITE,&tcpIpInterfaces) == ERROR_SUCCESS) {
+										DWORD enable = 0;
+										RegSetKeyValueA(tcpIpInterfaces,_netCfgInstanceId.c_str(),"EnableDHCP",REG_DWORD,&enable,sizeof(enable));
+										RegCloseKey(tcpIpInterfaces);
+									}
+
+									break; // found an unused zttap device
+								}
+							}
+						}
+					}
+				} else break; // no more keys or error occurred
+			}
+
+			if (_netCfgInstanceId.length() > 0) {
+				break; // found an unused zttap device
+			} else {
+				// no unused zttap devices, so create one
+				std::string errm = addNewPersistentTapDevice((std::string(_pathToHelpers) + WINENV.tapDriverPath).c_str(),newDeviceInstanceId);
+				if (errm.length() > 0)
+					throw std::runtime_error(std::string("unable to create new device instance: ")+errm);
+			}
+		}
+	}
+
+	if (_netCfgInstanceId.length() > 0) {
+		char tmps[64];
+		unsigned int tmpsl = Utils::snprintf(tmps,sizeof(tmps),"%.2X-%.2X-%.2X-%.2X-%.2X-%.2X",(unsigned int)mac[0],(unsigned int)mac[1],(unsigned int)mac[2],(unsigned int)mac[3],(unsigned int)mac[4],(unsigned int)mac[5]) + 1;
+		RegSetKeyValueA(nwAdapters,mySubkeyName.c_str(),"NetworkAddress",REG_SZ,tmps,tmpsl);
+		RegSetKeyValueA(nwAdapters,mySubkeyName.c_str(),"MAC",REG_SZ,tmps,tmpsl);
+		DWORD tmp = mtu;
+		RegSetKeyValueA(nwAdapters,mySubkeyName.c_str(),"MTU",REG_DWORD,(LPCVOID)&tmp,sizeof(tmp));
+
+		tmp = 0;
+		RegSetKeyValueA(nwAdapters,mySubkeyName.c_str(),"*NdisDeviceType",REG_DWORD,(LPCVOID)&tmp,sizeof(tmp));
+		tmp = IF_TYPE_ETHERNET_CSMACD;
+		RegSetKeyValueA(nwAdapters,mySubkeyName.c_str(),"*IfType",REG_DWORD,(LPCVOID)&tmp,sizeof(tmp));
+
+		if (creatingNewDevice) {
+			// Vista/2008 does not set this
+			if (newDeviceInstanceId.length() > 0)
+				RegSetKeyValueA(nwAdapters,mySubkeyName.c_str(),"DeviceInstanceID",REG_SZ,newDeviceInstanceId.c_str(),(DWORD)newDeviceInstanceId.length());
+
+			// Set EnableDHCP to 0 by default on new devices
+			tmp = 0;
+			RegSetKeyValueA(nwAdapters,mySubkeyName.c_str(),"EnableDHCP",REG_DWORD,(LPCVOID)&tmp,sizeof(tmp));
+		}
+		RegCloseKey(nwAdapters);
+	} else {
+		RegCloseKey(nwAdapters);
+		throw std::runtime_error("unable to find or create tap adapter");
+	}
+
+	{
+		char nobraces[128]; // strip braces from GUID before converting it, because Windows
+		const char *nbtmp1 = _netCfgInstanceId.c_str();
+		char *nbtmp2 = nobraces;
+		while (*nbtmp1) {
+			if ((*nbtmp1 != '{')&&(*nbtmp1 != '}'))
+				*nbtmp2++ = *nbtmp1;
+			++nbtmp1;
+		}
+		*nbtmp2 = (char)0;
+		if (UuidFromStringA((RPC_CSTR)nobraces,&_deviceGuid) != RPC_S_OK)
+			throw std::runtime_error("unable to convert instance ID GUID to native GUID (invalid NetCfgInstanceId in registry?)");
+	}
+
+	// Get the LUID, which is one of like four fucking ways to refer to a network device in Windows
+	if (ConvertInterfaceGuidToLuid(&_deviceGuid,&_deviceLuid) != NO_ERROR)
+		throw std::runtime_error("unable to convert device interface GUID to LUID");
+
+	_initialized = true;
+
+	if (friendlyName)
+		setFriendlyName(friendlyName);
+
+	_injectSemaphore = CreateSemaphore(NULL,0,1,NULL);
+	_thread = Thread::start(this);
+}
+
+WindowsEthernetTap::~WindowsEthernetTap()
+{
+	_run = false;
+	ReleaseSemaphore(_injectSemaphore,1,NULL);
+	Thread::join(_thread);
+	CloseHandle(_injectSemaphore);
+	setPersistentTapDeviceState(_deviceInstanceId.c_str(),false);
+}
+
+void WindowsEthernetTap::setEnabled(bool en)
+{
+	_enabled = en;
+}
+
+bool WindowsEthernetTap::enabled() const
+{
+	return _enabled;
+}
+
+bool WindowsEthernetTap::addIp(const InetAddress &ip)
+{
+	if (!ip.netmaskBits()) // sanity check... netmask of 0.0.0.0 is WUT?
+		return false;
+	Mutex::Lock _l(_assignedIps_m);
+	if (std::find(_assignedIps.begin(),_assignedIps.end(),ip) != _assignedIps.end())
+		return true;
+	_assignedIps.push_back(ip);
+	_syncIps();
+	return true;
+}
+
+bool WindowsEthernetTap::removeIp(const InetAddress &ip)
+{
+	{
+		Mutex::Lock _l(_assignedIps_m);
+		std::vector<InetAddress>::iterator aip(std::find(_assignedIps.begin(),_assignedIps.end(),ip));
+		if (aip != _assignedIps.end())
+			_assignedIps.erase(aip);
+	}
+
+	if (!_initialized)
+		return false;
+
+	try {
+		MIB_UNICASTIPADDRESS_TABLE *ipt = (MIB_UNICASTIPADDRESS_TABLE *)0;
+		if (GetUnicastIpAddressTable(AF_UNSPEC,&ipt) == NO_ERROR) {
+			if ((ipt)&&(ipt->NumEntries > 0)) {
+				for(DWORD i=0;i<(DWORD)ipt->NumEntries;++i) {
+					if (ipt->Table[i].InterfaceLuid.Value == _deviceLuid.Value) {
+						InetAddress addr;
+						switch(ipt->Table[i].Address.si_family) {
+							case AF_INET:
+								addr.set(&(ipt->Table[i].Address.Ipv4.sin_addr.S_un.S_addr),4,ipt->Table[i].OnLinkPrefixLength);
+								break;
+							case AF_INET6:
+								addr.set(ipt->Table[i].Address.Ipv6.sin6_addr.u.Byte,16,ipt->Table[i].OnLinkPrefixLength);
+								if (addr.ipScope() == InetAddress::IP_SCOPE_LINK_LOCAL)
+									continue; // can't remove link-local IPv6 addresses
+								break;
+						}
+						if (addr == ip) {
+							DeleteUnicastIpAddressEntry(&(ipt->Table[i]));
+							FreeMibTable(ipt);
+
+							std::vector<std::string> regIps(_getRegistryIPv4Value("IPAddress"));
+							std::vector<std::string> regSubnetMasks(_getRegistryIPv4Value("SubnetMask"));
+							std::string ipstr(ip.toIpString());
+							for(std::vector<std::string>::iterator rip(regIps.begin()),rm(regSubnetMasks.begin());((rip!=regIps.end())&&(rm!=regSubnetMasks.end()));++rip,++rm) {
+								if (*rip == ipstr) {
+									regIps.erase(rip);
+									regSubnetMasks.erase(rm);
+									_setRegistryIPv4Value("IPAddress",regIps);
+									_setRegistryIPv4Value("SubnetMask",regSubnetMasks);
+									break;
+								}
+							}
+
+							return true;
+						}
+					}
+				}
+			}
+			FreeMibTable((PVOID)ipt);
+		}
+	} catch ( ... ) {}
+	return false;
+}
+
+std::vector<InetAddress> WindowsEthernetTap::ips() const
+{
+	static const InetAddress linkLocalLoopback("fe80::1",64); // what is this and why does Windows assign it?
+	std::vector<InetAddress> addrs;
+
+	if (!_initialized)
+		return addrs;
+
+	try {
+		MIB_UNICASTIPADDRESS_TABLE *ipt = (MIB_UNICASTIPADDRESS_TABLE *)0;
+		if (GetUnicastIpAddressTable(AF_UNSPEC,&ipt) == NO_ERROR) {
+			if ((ipt)&&(ipt->NumEntries > 0)) {
+				for(DWORD i=0;i<(DWORD)ipt->NumEntries;++i) {
+					if (ipt->Table[i].InterfaceLuid.Value == _deviceLuid.Value) {
+						switch(ipt->Table[i].Address.si_family) {
+							case AF_INET: {
+								InetAddress ip(&(ipt->Table[i].Address.Ipv4.sin_addr.S_un.S_addr),4,ipt->Table[i].OnLinkPrefixLength);
+								if (ip != InetAddress::LO4)
+									addrs.push_back(ip);
+							}	break;
+							case AF_INET6: {
+								InetAddress ip(ipt->Table[i].Address.Ipv6.sin6_addr.u.Byte,16,ipt->Table[i].OnLinkPrefixLength);
+								if ((ip != linkLocalLoopback)&&(ip != InetAddress::LO6))
+									addrs.push_back(ip);
+							}	break;
+						}
+					}
+				}
+			}
+			FreeMibTable(ipt);
+		}
+	} catch ( ... ) {} // sanity check, shouldn't happen unless out of memory
+
+	std::sort(addrs.begin(),addrs.end());
+	addrs.erase(std::unique(addrs.begin(),addrs.end()),addrs.end());
+
+	return addrs;
+}
+
+void WindowsEthernetTap::put(const MAC &from,const MAC &to,unsigned int etherType,const void *data,unsigned int len)
+{
+	if ((!_initialized)||(!_enabled)||(_tap == INVALID_HANDLE_VALUE)||(len > (ZT_IF_MTU)))
+		return;
+
+	Mutex::Lock _l(_injectPending_m);
+	_injectPending.push( std::pair<Array<char,ZT_IF_MTU + 32>,unsigned int>(Array<char,ZT_IF_MTU + 32>(),len + 14) );
+	char *d = _injectPending.back().first.data;
+	to.copyTo(d,6);
+	from.copyTo(d + 6,6);
+	d[12] = (char)((etherType >> 8) & 0xff);
+	d[13] = (char)(etherType & 0xff);
+	memcpy(d + 14,data,len);
+
+	ReleaseSemaphore(_injectSemaphore,1,NULL);
+}
+
+std::string WindowsEthernetTap::deviceName() const
+{
+	char tmp[1024];
+	if (ConvertInterfaceLuidToNameA(&_deviceLuid,tmp,sizeof(tmp)) != NO_ERROR)
+		return std::string("[ConvertInterfaceLuidToName() failed]");
+	return std::string(tmp);
+}
+
+void WindowsEthernetTap::setFriendlyName(const char *dn)
+{
+	if (!_initialized)
+		return;
+	HKEY ifp;
+	if (RegOpenKeyExA(HKEY_LOCAL_MACHINE,(std::string("SYSTEM\\CurrentControlSet\\Control\\Network\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\") + _netCfgInstanceId).c_str(),0,KEY_READ|KEY_WRITE,&ifp) == ERROR_SUCCESS) {
+		RegSetKeyValueA(ifp,"Connection","Name",REG_SZ,(LPCVOID)dn,(DWORD)(strlen(dn)+1));
+		RegCloseKey(ifp);
+	}
+}
+
+void WindowsEthernetTap::scanMulticastGroups(std::vector<MulticastGroup> &added,std::vector<MulticastGroup> &removed)
+{
+	if (!_initialized)
+		return;
+	HANDLE t = _tap;
+	if (t == INVALID_HANDLE_VALUE)
+		return;
+
+	std::vector<MulticastGroup> newGroups;
+
+	// The ZT1 tap driver supports an IOCTL to get multicast memberships at the L2
+	// level... something Windows does not seem to expose ordinarily. This lets
+	// pretty much anything work... IPv4, IPv6, IPX, oldskool Netbios, who knows...
+	unsigned char mcastbuf[TAP_WIN_IOCTL_GET_MULTICAST_MEMBERSHIPS_OUTPUT_BUF_SIZE];
+	DWORD bytesReturned = 0;
+	if (DeviceIoControl(t,TAP_WIN_IOCTL_GET_MULTICAST_MEMBERSHIPS,(LPVOID)0,0,(LPVOID)mcastbuf,sizeof(mcastbuf),&bytesReturned,NULL)) {
+		if ((bytesReturned > 0)&&(bytesReturned <= TAP_WIN_IOCTL_GET_MULTICAST_MEMBERSHIPS_OUTPUT_BUF_SIZE)) { // sanity check
+			MAC mac;
+			DWORD i = 0;
+			while ((i + 6) <= bytesReturned) {
+				mac.setTo(mcastbuf + i,6);
+				i += 6;
+				if ((mac.isMulticast())&&(!mac.isBroadcast())) {
+					// exclude the nulls that may be returned or any other junk Windows puts in there
+					newGroups.push_back(MulticastGroup(mac,0));
+				}
+			}
+		}
+	}
+
+	std::vector<InetAddress> allIps(ips());
+	for(std::vector<InetAddress>::iterator ip(allIps.begin());ip!=allIps.end();++ip)
+		newGroups.push_back(MulticastGroup::deriveMulticastGroupForAddressResolution(*ip));
+
+	std::sort(newGroups.begin(),newGroups.end());
+	newGroups.erase(std::unique(newGroups.begin(),newGroups.end()),newGroups.end());
+
+	for(std::vector<MulticastGroup>::iterator m(newGroups.begin());m!=newGroups.end();++m) {
+		if (!std::binary_search(_multicastGroups.begin(),_multicastGroups.end(),*m))
+			added.push_back(*m);
+	}
+	for(std::vector<MulticastGroup>::iterator m(_multicastGroups.begin());m!=_multicastGroups.end();++m) {
+		if (!std::binary_search(newGroups.begin(),newGroups.end(),*m))
+			removed.push_back(*m);
+	}
+
+	_multicastGroups.swap(newGroups);
+}
+
+NET_IFINDEX WindowsEthernetTap::interfaceIndex() const
+{
+	NET_IFINDEX idx = -1;
+	if (ConvertInterfaceLuidToIndex(&_deviceLuid,&idx) == NO_ERROR)
+		return idx;
+	return -1;
+}
+
+void WindowsEthernetTap::threadMain()
+	throw()
+{
+	char tapReadBuf[ZT_IF_MTU + 32];
+	char tapPath[128];
+	HANDLE wait4[3];
+	OVERLAPPED tapOvlRead,tapOvlWrite;
+
+	Utils::snprintf(tapPath,sizeof(tapPath),"\\\\.\\Global\\%s.tap",_netCfgInstanceId.c_str());
+
+	try {
+		while (_run) {
+			// Because Windows
+			Sleep(250);
+			setPersistentTapDeviceState(_deviceInstanceId.c_str(),false);
+			Sleep(250);
+			setPersistentTapDeviceState(_deviceInstanceId.c_str(),true);
+			Sleep(250);
+			setPersistentTapDeviceState(_deviceInstanceId.c_str(),false);
+			Sleep(250);
+			setPersistentTapDeviceState(_deviceInstanceId.c_str(),true);
+			Sleep(250);
+
+			_tap = CreateFileA(tapPath,GENERIC_READ|GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_SYSTEM|FILE_FLAG_OVERLAPPED,NULL);
+			if (_tap == INVALID_HANDLE_VALUE) {
+				Sleep(250);
+				continue;
+			}
+
+			{
+				uint32_t tmpi = 1;
+				DWORD bytesReturned = 0;
+				DeviceIoControl(_tap,TAP_WIN_IOCTL_SET_MEDIA_STATUS,&tmpi,sizeof(tmpi),&tmpi,sizeof(tmpi),&bytesReturned,NULL);
+			}
+
+#ifdef ZT_WINDOWS_CREATE_FAKE_DEFAULT_ROUTE
+			{
+				/* This inserts a fake default route and a fake ARP entry, forcing
+				 * Windows to detect this as a "real" network and apply proper
+				 * firewall rules.
+				 *
+				 * This hack is completely stupid, but Windows made me do it
+				 * by being broken and insane.
+				 *
+				 * Background: Windows tries to detect its network location by
+				 * matching it to the ARP address of the default route. Networks
+				 * without default routes are "unidentified networks" and cannot
+				 * have their firewall classification changed by the user (easily).
+				 *
+				 * Yes, you read that right.
+				 *
+				 * The common workaround is to set *NdisDeviceType to 1, which
+				 * totally disables all Windows firewall functionality. This is
+				 * the answer you'll find on most forums for things like OpenVPN.
+				 *
+				 * Yes, you read that right.
+				 *
+				 * The default route workaround is also known, but for this to
+				 * work there must be a known default IP that resolves to a known
+				 * ARP address. This works for an OpenVPN tunnel, but not here
+				 * because this isn't a tunnel. It's a mesh. There is no "other
+				 * end," or any other known always on IP.
+				 *
+				 * So let's make a fake one and shove it in there along with its
+				 * fake static ARP entry. Also makes it instant-on and static.
+				 *
+				 * We'll have to see what DHCP does with this. In the future we
+				 * probably will not want to do this on DHCP-enabled networks, so
+				 * when we enable DHCP we will go in and yank this wacko hacko from
+				 * the routing table before doing so.
+				 *
+				 * Like Jesse Pinkman would say: "YEEEEAAH BITCH!" */
+				const uint32_t fakeIp = htonl(0x19fffffe); // 25.255.255.254 -- unrouted IPv4 block
+				for(int i=0;i<8;++i) {
+					MIB_IPNET_ROW2 ipnr;
+					memset(&ipnr,0,sizeof(ipnr));
+					ipnr.Address.si_family = AF_INET;
+					ipnr.Address.Ipv4.sin_addr.s_addr = fakeIp;
+					ipnr.InterfaceLuid.Value = _deviceLuid.Value;
+					ipnr.PhysicalAddress[0] = _mac[0] ^ 0x10; // just make something up that's consistent and not part of this net
+					ipnr.PhysicalAddress[1] = 0x00;
+					ipnr.PhysicalAddress[2] = (UCHAR)((_deviceGuid.Data1 >> 24) & 0xff);
+					ipnr.PhysicalAddress[3] = (UCHAR)((_deviceGuid.Data1 >> 16) & 0xff);
+					ipnr.PhysicalAddress[4] = (UCHAR)((_deviceGuid.Data1 >> 8) & 0xff);
+					ipnr.PhysicalAddress[5] = (UCHAR)(_deviceGuid.Data1 & 0xff);
+					ipnr.PhysicalAddressLength = 6;
+					ipnr.State = NlnsPermanent;
+					ipnr.IsRouter = 1;
+					ipnr.IsUnreachable = 0;
+					ipnr.ReachabilityTime.LastReachable = 0x0fffffff;
+					ipnr.ReachabilityTime.LastUnreachable = 1;
+					DWORD result = CreateIpNetEntry2(&ipnr);
+					if (result != NO_ERROR)
+						Sleep(250);
+					else break;
+				}
+				for(int i=0;i<8;++i) {
+					MIB_IPFORWARD_ROW2 nr;
+					memset(&nr,0,sizeof(nr));
+					InitializeIpForwardEntry(&nr);
+					nr.InterfaceLuid.Value = _deviceLuid.Value;
+					nr.DestinationPrefix.Prefix.si_family = AF_INET; // rest is left as 0.0.0.0/0
+					nr.NextHop.si_family = AF_INET;
+					nr.NextHop.Ipv4.sin_addr.s_addr = fakeIp;
+					nr.Metric = 9999; // do not use as real default route
+					nr.Protocol = MIB_IPPROTO_NETMGMT;
+					DWORD result = CreateIpForwardEntry2(&nr);
+					if (result != NO_ERROR)
+						Sleep(250);
+					else break;
+				}
+			}
+#endif
+
+			// Assign or re-assign any should-be-assigned IPs in case we have restarted
+			{
+				Mutex::Lock _l(_assignedIps_m);
+				_syncIps();
+			}
+
+			memset(&tapOvlRead,0,sizeof(tapOvlRead));
+			tapOvlRead.hEvent = CreateEvent(NULL,TRUE,FALSE,NULL);
+			memset(&tapOvlWrite,0,sizeof(tapOvlWrite));
+			tapOvlWrite.hEvent = CreateEvent(NULL,TRUE,FALSE,NULL);
+
+			wait4[0] = _injectSemaphore;
+			wait4[1] = tapOvlRead.hEvent;
+			wait4[2] = tapOvlWrite.hEvent; // only included if writeInProgress is true
+
+			ReadFile(_tap,tapReadBuf,sizeof(tapReadBuf),NULL,&tapOvlRead);
+			bool writeInProgress = false;
+			ULONGLONG timeOfLastBorkCheck = GetTickCount64();
+			while (_run) {
+				DWORD waitResult = WaitForMultipleObjectsEx(writeInProgress ? 3 : 2,wait4,FALSE,2500,TRUE);
+				if (!_run) break; // will also break outer while(_run)
+
+				// Check for issues with adapter and close/reopen if any are detected. This
+				// check fixes a while boatload of Windows adapter 'coma' issues after
+				// sleep/wake and when adapters are added/removed. Basically if the tap
+				// device is borked, whack it.
+				{
+					ULONGLONG tc = GetTickCount64();
+					if ((tc - timeOfLastBorkCheck) >= 2500) {
+						timeOfLastBorkCheck = tc;
+						char aabuf[16384];
+						ULONG aalen = sizeof(aabuf);
+						if (GetAdaptersAddresses(AF_UNSPEC,GAA_FLAG_SKIP_UNICAST|GAA_FLAG_SKIP_ANYCAST|GAA_FLAG_SKIP_MULTICAST|GAA_FLAG_SKIP_DNS_SERVER|GAA_FLAG_SKIP_FRIENDLY_NAME,(void *)0,reinterpret_cast<PIP_ADAPTER_ADDRESSES>(aabuf),&aalen) == NO_ERROR) {
+							bool isBorked = false;
+
+							PIP_ADAPTER_ADDRESSES aa = reinterpret_cast<PIP_ADAPTER_ADDRESSES>(aabuf);
+							while (aa) {
+								if (_deviceLuid.Value == aa->Luid.Value) {
+									isBorked = (aa->OperStatus != IfOperStatusUp);
+									break;
+								}
+								aa = aa->Next;
+							}
+
+							if (isBorked) {
+								// Close and reopen tap device if there's an issue (outer loop)
+								break;
+							}
+						}
+					}
+				}
+
+				if ((waitResult == WAIT_TIMEOUT)||(waitResult == WAIT_FAILED)) {
+					Sleep(250); // guard against spinning under some conditions
+					continue;
+				}
+
+				if (HasOverlappedIoCompleted(&tapOvlRead)) {
+					DWORD bytesRead = 0;
+					if (GetOverlappedResult(_tap,&tapOvlRead,&bytesRead,FALSE)) {
+						if ((bytesRead > 14)&&(_enabled)) {
+							MAC to(tapReadBuf,6);
+							MAC from(tapReadBuf + 6,6);
+							unsigned int etherType = ((((unsigned int)tapReadBuf[12]) & 0xff) << 8) | (((unsigned int)tapReadBuf[13]) & 0xff);
+							try {
+								// TODO: decode vlans
+								_handler(_arg,_nwid,from,to,etherType,0,tapReadBuf + 14,bytesRead - 14);
+							} catch ( ... ) {} // handlers should not throw
+						}
+					}
+					ReadFile(_tap,tapReadBuf,ZT_IF_MTU + 32,NULL,&tapOvlRead);
+				}
+
+				if (writeInProgress) {
+					if (HasOverlappedIoCompleted(&tapOvlWrite)) {
+						writeInProgress = false;
+						_injectPending_m.lock();
+						_injectPending.pop();
+					} else continue; // still writing, so skip code below and wait
+				} else _injectPending_m.lock();
+
+				if (!_injectPending.empty()) {
+					WriteFile(_tap,_injectPending.front().first.data,_injectPending.front().second,NULL,&tapOvlWrite);
+					writeInProgress = true;
+				}
+
+				_injectPending_m.unlock();
+			}
+
+			CancelIo(_tap);
+
+			CloseHandle(tapOvlRead.hEvent);
+			CloseHandle(tapOvlWrite.hEvent);
+			CloseHandle(_tap);
+			_tap = INVALID_HANDLE_VALUE;
+
+			// We will restart and re-open the tap unless _run == false
+		}
+	} catch ( ... ) {} // catch unexpected exceptions -- this should not happen but would prevent program crash or other weird issues since threads should not throw
+}
+
+NET_IFINDEX WindowsEthernetTap::_getDeviceIndex()
+{
+	MIB_IF_TABLE2 *ift = (MIB_IF_TABLE2 *)0;
+
+	if (GetIfTable2Ex(MibIfTableRaw,&ift) != NO_ERROR)
+		throw std::runtime_error("GetIfTable2Ex() failed");
+
+	if (ift->NumEntries > 0) {
+		for(ULONG i=0;i<ift->NumEntries;++i) {
+			if (ift->Table[i].InterfaceLuid.Value == _deviceLuid.Value) {
+				NET_IFINDEX idx = ift->Table[i].InterfaceIndex;
+				FreeMibTable(ift);
+				return idx;
+			}
+		}
+	}
+
+	FreeMibTable(&ift);
+
+	throw std::runtime_error("interface not found");
+}
+
+std::vector<std::string> WindowsEthernetTap::_getRegistryIPv4Value(const char *regKey)
+{
+	std::vector<std::string> value;
+	HKEY tcpIpInterfaces;
+	if (RegOpenKeyExA(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\services\\Tcpip\\Parameters\\Interfaces",0,KEY_READ|KEY_WRITE,&tcpIpInterfaces) == ERROR_SUCCESS) {
+		char buf[16384];
+		DWORD len = sizeof(buf);
+		DWORD kt = REG_MULTI_SZ;
+		if (RegGetValueA(tcpIpInterfaces,_netCfgInstanceId.c_str(),regKey,0,&kt,&buf,&len) == ERROR_SUCCESS) {
+			switch(kt) {
+				case REG_SZ:
+					if (len > 0)
+						value.push_back(std::string(buf));
+					break;
+				case REG_MULTI_SZ: {
+					for(DWORD k=0,s=0;k<len;++k) {
+						if (!buf[k]) {
+							if (s < k) {
+								value.push_back(std::string(buf + s));
+								s = k + 1;
+							} else break;
+						}
+					}
+				}	break;
+			}
+		}
+		RegCloseKey(tcpIpInterfaces);
+	}
+	return value;
+}
+
+void WindowsEthernetTap::_setRegistryIPv4Value(const char *regKey,const std::vector<std::string> &value)
+{
+	std::string regMulti;
+	for(std::vector<std::string>::const_iterator s(value.begin());s!=value.end();++s) {
+		regMulti.append(*s);
+		regMulti.push_back((char)0);
+	}
+	HKEY tcpIpInterfaces;
+	if (RegOpenKeyExA(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\services\\Tcpip\\Parameters\\Interfaces",0,KEY_READ|KEY_WRITE,&tcpIpInterfaces) == ERROR_SUCCESS) {
+		if (regMulti.length() > 0) {
+			regMulti.push_back((char)0);
+			RegSetKeyValueA(tcpIpInterfaces,_netCfgInstanceId.c_str(),regKey,REG_MULTI_SZ,regMulti.data(),(DWORD)regMulti.length());
+		} else {
+			RegDeleteKeyValueA(tcpIpInterfaces,_netCfgInstanceId.c_str(),regKey);
+		}
+		RegCloseKey(tcpIpInterfaces);
+	}
+}
+
+void WindowsEthernetTap::_syncIps()
+{
+	// assumes _assignedIps_m is locked
+
+	if (!_initialized)
+		return;
+
+	std::vector<InetAddress> haveIps(ips());
+
+	for(std::vector<InetAddress>::const_iterator aip(_assignedIps.begin());aip!=_assignedIps.end();++aip) {
+		if (std::find(haveIps.begin(),haveIps.end(),*aip) == haveIps.end()) {
+			MIB_UNICASTIPADDRESS_ROW ipr;
+
+			InitializeUnicastIpAddressEntry(&ipr);
+			if (aip->isV4()) {
+				ipr.Address.Ipv4.sin_family = AF_INET;
+				ipr.Address.Ipv4.sin_addr.S_un.S_addr = *((const uint32_t *)aip->rawIpData());
+				ipr.OnLinkPrefixLength = aip->netmaskBits();
+				if (ipr.OnLinkPrefixLength >= 32)
+					continue;
+			} else if (aip->isV6()) {
+				ipr.Address.Ipv6.sin6_family = AF_INET6;
+				memcpy(ipr.Address.Ipv6.sin6_addr.u.Byte,aip->rawIpData(),16);
+				ipr.OnLinkPrefixLength = aip->netmaskBits();
+				if (ipr.OnLinkPrefixLength >= 128)
+					continue;
+			} else continue;
+
+			ipr.PrefixOrigin = IpPrefixOriginManual;
+			ipr.SuffixOrigin = IpSuffixOriginManual;
+			ipr.ValidLifetime = 0xffffffff;
+			ipr.PreferredLifetime = 0xffffffff;
+
+			ipr.InterfaceLuid = _deviceLuid;
+			ipr.InterfaceIndex = _getDeviceIndex();
+
+			CreateUnicastIpAddressEntry(&ipr);
+		}
+
+		std::string ipStr(aip->toString());
+		std::vector<std::string> regIps(_getRegistryIPv4Value("IPAddress"));
+		if (std::find(regIps.begin(),regIps.end(),ipStr) == regIps.end()) {
+			std::vector<std::string> regSubnetMasks(_getRegistryIPv4Value("SubnetMask"));
+			regIps.push_back(ipStr);
+			regSubnetMasks.push_back(aip->netmask().toIpString());
+			_setRegistryIPv4Value("IPAddress",regIps);
+			_setRegistryIPv4Value("SubnetMask",regSubnetMasks);
+		}
+	}
+}
+
+} // namespace ZeroTier
diff --git a/osdep/WindowsEthernetTap.hpp b/osdep/WindowsEthernetTap.hpp
new file mode 100644
index 0000000..0bbb17d
--- /dev/null
+++ b/osdep/WindowsEthernetTap.hpp
@@ -0,0 +1,150 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_WINDOWSETHERNETTAP_HPP
+#define ZT_WINDOWSETHERNETTAP_HPP
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <ifdef.h>
+
+#include <string>
+#include <queue>
+#include <stdexcept>
+
+#include "../node/Constants.hpp"
+#include "../node/Mutex.hpp"
+#include "../node/Array.hpp"
+#include "../node/MulticastGroup.hpp"
+#include "../node/InetAddress.hpp"
+#include "../osdep/Thread.hpp"
+
+namespace ZeroTier {
+
+class WindowsEthernetTap
+{
+public:
+	/**
+	 * Installs a new instance of the ZT tap driver
+	 *
+	 * @param pathToInf Path to zttap driver .inf file
+	 * @param deviceInstanceId Buffer to fill with device instance ID on success (and if SetupDiGetDeviceInstanceIdA succeeds, which it should)
+	 * @return Empty string on success, otherwise an error message
+	 */
+	static std::string addNewPersistentTapDevice(const char *pathToInf,std::string &deviceInstanceId);
+
+	/**
+	 * Uninstalls all persistent tap devices that have legacy drivers
+	 *
+	 * @return Empty string on success, otherwise an error message
+	 */
+	static std::string destroyAllLegacyPersistentTapDevices();
+
+	/**
+	 * Uninstalls all persistent tap devices on the system
+	 *
+	 * @return Empty string on success, otherwise an error message
+	 */
+	static std::string destroyAllPersistentTapDevices();
+
+	/**
+	 * Uninstall a specific persistent tap device by instance ID
+	 *
+	 * @param instanceId Device instance ID
+	 * @return Empty string on success, otherwise an error message
+	 */
+	static std::string deletePersistentTapDevice(const char *instanceId);
+
+	/**
+	 * Disable a persistent tap device by instance ID
+	 *
+	 * @param instanceId Device instance ID
+	 * @param enabled Enable device?
+	 * @return True if device was found and disabled
+	 */
+	static bool setPersistentTapDeviceState(const char *instanceId,bool enabled);
+
+	WindowsEthernetTap(
+		const char *hp,
+		const MAC &mac,
+		unsigned int mtu,
+		unsigned int metric,
+		uint64_t nwid,
+		const char *friendlyName,
+		void (*handler)(void *,uint64_t,const MAC &,const MAC &,unsigned int,unsigned int,const void *,unsigned int),
+		void *arg);
+
+	~WindowsEthernetTap();
+
+	void setEnabled(bool en);
+	bool enabled() const;
+	bool addIp(const InetAddress &ip);
+	bool removeIp(const InetAddress &ip);
+	std::vector<InetAddress> ips() const;
+	void put(const MAC &from,const MAC &to,unsigned int etherType,const void *data,unsigned int len);
+	std::string deviceName() const;
+	void setFriendlyName(const char *friendlyName);
+	void scanMulticastGroups(std::vector<MulticastGroup> &added,std::vector<MulticastGroup> &removed);
+
+	inline const NET_LUID &luid() const { return _deviceLuid; }
+	inline const GUID &guid() const { return _deviceGuid; }
+	inline const std::string &instanceId() const { return _deviceInstanceId; }
+	NET_IFINDEX interfaceIndex() const;
+
+	void threadMain()
+		throw();
+
+private:
+	NET_IFINDEX _getDeviceIndex(); // throws on failure
+	std::vector<std::string> _getRegistryIPv4Value(const char *regKey);
+	void _setRegistryIPv4Value(const char *regKey,const std::vector<std::string> &value);
+	void _syncIps();
+
+	void (*_handler)(void *,uint64_t,const MAC &,const MAC &,unsigned int,unsigned int,const void *,unsigned int);
+	void *_arg;
+	MAC _mac;
+	uint64_t _nwid;
+	Thread _thread;
+
+	volatile HANDLE _tap;
+	HANDLE _injectSemaphore;
+
+	GUID _deviceGuid;
+	NET_LUID _deviceLuid;
+	std::string _netCfgInstanceId;
+	std::string _deviceInstanceId;
+
+	std::vector<InetAddress> _assignedIps; // IPs assigned with addIp
+	Mutex _assignedIps_m;
+
+	std::vector<MulticastGroup> _multicastGroups;
+
+	std::queue< std::pair< Array<char,ZT_IF_MTU + 32>,unsigned int > > _injectPending;
+	Mutex _injectPending_m;
+
+	std::string _pathToHelpers;
+
+	volatile bool _run;
+	volatile bool _initialized;
+	volatile bool _enabled;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/selftest.cpp b/selftest.cpp
new file mode 100644
index 0000000..f423285
--- /dev/null
+++ b/selftest.cpp
@@ -0,0 +1,1119 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+
+#include <stdexcept>
+#include <iostream>
+#include <string>
+#include <vector>
+
+#include "node/Constants.hpp"
+#include "node/Hashtable.hpp"
+#include "node/RuntimeEnvironment.hpp"
+#include "node/InetAddress.hpp"
+#include "node/Utils.hpp"
+#include "node/Identity.hpp"
+#include "node/Buffer.hpp"
+#include "node/Packet.hpp"
+#include "node/Salsa20.hpp"
+#include "node/MAC.hpp"
+#include "node/NetworkConfig.hpp"
+#include "node/Peer.hpp"
+#include "node/Dictionary.hpp"
+#include "node/SHA512.hpp"
+#include "node/C25519.hpp"
+#include "node/Poly1305.hpp"
+#include "node/CertificateOfMembership.hpp"
+#include "node/Node.hpp"
+#include "node/IncomingPacket.hpp"
+
+#include "osdep/OSUtils.hpp"
+#include "osdep/Phy.hpp"
+#include "osdep/Http.hpp"
+#include "osdep/BackgroundResolver.hpp"
+#include "osdep/PortMapper.hpp"
+#include "osdep/Thread.hpp"
+
+#ifdef ZT_ENABLE_NETWORK_CONTROLLER
+#include "controller/SqliteNetworkController.hpp"
+#endif // ZT_ENABLE_NETWORK_CONTROLLER
+
+#ifdef __WINDOWS__
+#include <tchar.h>
+#endif
+
+using namespace ZeroTier;
+
+//////////////////////////////////////////////////////////////////////////////
+
+#define KNOWN_GOOD_IDENTITY "8e4df28b72:0:ac3d46abe0c21f3cfe7a6c8d6a85cfcffcb82fbd55af6a4d6350657c68200843fa2e16f9418bbd9702cae365f2af5fb4c420908b803a681d4daef6114d78a2d7:bd8dd6e4ce7022d2f812797a80c6ee8ad180dc4ebf301dec8b06d1be08832bddd63a2f1cfa7b2c504474c75bdc8898ba476ef92e8e2d0509f8441985171ff16e"
+#define KNOWN_BAD_IDENTITY "9e4df28b72:0:ac3d46abe0c21f3cfe7a6c8d6a85cfcffcb82fbd55af6a4d6350657c68200843fa2e16f9418bbd9702cae365f2af5fb4c420908b803a681d4daef6114d78a2d7:bd8dd6e4ce7022d2f812797a80c6ee8ad180dc4ebf301dec8b06d1be08832bddd63a2f1cfa7b2c504474c75bdc8898ba476ef92e8e2d0509f8441985171ff16e"
+
+static const unsigned char s20TV0Key[32] = { 0x0f,0x62,0xb5,0x08,0x5b,0xae,0x01,0x54,0xa7,0xfa,0x4d,0xa0,0xf3,0x46,0x99,0xec,0x3f,0x92,0xe5,0x38,0x8b,0xde,0x31,0x84,0xd7,0x2a,0x7d,0xd0,0x23,0x76,0xc9,0x1c };
+static const unsigned char s20TV0Iv[8] = { 0x28,0x8f,0xf6,0x5d,0xc4,0x2b,0x92,0xf9 };
+static const unsigned char s20TV0Ks[64] = { 0x5e,0x5e,0x71,0xf9,0x01,0x99,0x34,0x03,0x04,0xab,0xb2,0x2a,0x37,0xb6,0x62,0x5b,0xf8,0x83,0xfb,0x89,0xce,0x3b,0x21,0xf5,0x4a,0x10,0xb8,0x10,0x66,0xef,0x87,0xda,0x30,0xb7,0x76,0x99,0xaa,0x73,0x79,0xda,0x59,0x5c,0x77,0xdd,0x59,0x54,0x2d,0xa2,0x08,0xe5,0x95,0x4f,0x89,0xe4,0x0e,0xb7,0xaa,0x80,0xa8,0x4a,0x61,0x76,0x66,0x3f };
+
+static const unsigned char s2012TV0Key[32] = { 0x0f,0x62,0xb5,0x08,0x5b,0xae,0x01,0x54,0xa7,0xfa,0x4d,0xa0,0xf3,0x46,0x99,0xec,0x3f,0x92,0xe5,0x38,0x8b,0xde,0x31,0x84,0xd7,0x2a,0x7d,0xd0,0x23,0x76,0xc9,0x1c };
+static const unsigned char s2012TV0Iv[8] = { 0x28,0x8f,0xf6,0x5d,0xc4,0x2b,0x92,0xf9 };
+static const unsigned char s2012TV0Ks[64] = { 0x99,0xDB,0x33,0xAD,0x11,0xCE,0x0C,0xCB,0x3B,0xFD,0xBF,0x8D,0x0C,0x18,0x16,0x04,0x52,0xD0,0x14,0xCD,0xE9,0x89,0xB4,0xC4,0x11,0xA5,0x59,0xFF,0x7C,0x20,0xA1,0x69,0xE6,0xDC,0x99,0x09,0xD8,0x16,0xBE,0xCE,0xDC,0x40,0x63,0xCE,0x07,0xCE,0xA8,0x28,0xF4,0x4B,0xF9,0xB6,0xC9,0xA0,0xA0,0xB2,0x00,0xE1,0xB5,0x2A,0xF4,0x18,0x59,0xC5 };
+
+static const unsigned char poly1305TV0Input[32] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
+static const unsigned char poly1305TV0Key[32] = { 0x74,0x68,0x69,0x73,0x20,0x69,0x73,0x20,0x33,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,0x6b,0x65,0x79,0x20,0x66,0x6f,0x72,0x20,0x50,0x6f,0x6c,0x79,0x31,0x33,0x30,0x35 };
+static const unsigned char poly1305TV0Tag[16] = { 0x49,0xec,0x78,0x09,0x0e,0x48,0x1e,0xc6,0xc2,0x6b,0x33,0xb9,0x1c,0xcc,0x03,0x07 };
+
+static const unsigned char poly1305TV1Input[12] = { 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x77,0x6f,0x72,0x6c,0x64,0x21 };
+static const unsigned char poly1305TV1Key[32] = { 0x74,0x68,0x69,0x73,0x20,0x69,0x73,0x20,0x33,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,0x6b,0x65,0x79,0x20,0x66,0x6f,0x72,0x20,0x50,0x6f,0x6c,0x79,0x31,0x33,0x30,0x35 };
+static const unsigned char poly1305TV1Tag[16] = { 0xa6,0xf7,0x45,0x00,0x8f,0x81,0xc9,0x16,0xa2,0x0d,0xcc,0x74,0xee,0xf2,0xb2,0xf0 };
+
+static const char *sha512TV0Input = "supercalifragilisticexpealidocious";
+static const unsigned char sha512TV0Digest[64] = { 0x18,0x2a,0x85,0x59,0x69,0xe5,0xd3,0xe6,0xcb,0xf6,0x05,0x24,0xad,0xf2,0x88,0xd1,0xbb,0xf2,0x52,0x92,0x81,0x24,0x31,0xf6,0xd2,0x52,0xf1,0xdb,0xc1,0xcb,0x44,0xdf,0x21,0x57,0x3d,0xe1,0xb0,0x6b,0x68,0x75,0x95,0x9f,0x3b,0x6f,0x87,0xb1,0x13,0x81,0xd0,0xbc,0x79,0x2c,0x43,0x3a,0x13,0x55,0x3c,0xe0,0x84,0xc2,0x92,0x55,0x31,0x1c };
+
+struct C25519TestVector
+{
+	unsigned char pub1[64];
+	unsigned char priv1[64];
+	unsigned char pub2[64];
+	unsigned char priv2[64];
+	unsigned char agreement[64];
+	unsigned char agreementSignedBy1[96];
+	unsigned char agreementSignedBy2[96];
+};
+
+#define ZT_NUM_C25519_TEST_VECTORS 32
+
+static const C25519TestVector C25519_TEST_VECTORS[ZT_NUM_C25519_TEST_VECTORS] = {
+	{{0xa1,0xfc,0x7a,0xb4,0x6d,0xdf,0x7d,0xcf,0xe7,0xec,0x75,0xe5,0xfa,0xdd,0x11,0xcb,0xcc,0x37,0xf8,0x84,0x5d,0x1c,0x92,0x4e,0x09,0x89,0x65,0xfc,0xd8,0xe9,0x5a,0x30,0xda,0xe4,0x86,0xa3,0x35,0xb4,0x19,0x0c,0xbc,0x7b,0xcb,0x3e,0xb9,0x4c,0xbd,0x16,0xe8,0x3d,0x13,0x2b,0xc9,0xc3,0x39,0xea,0xf1,0x42,0xe7,0x6f,0x69,0x78,0x9a,0xb7},{0xe5,0xf3,0x7b,0xd4,0x0e,0xc9,0xdc,0x77,0x50,0x86,0xdc,0xf4,0x2e,0xbc,0xdb,0x27,0xf0,0x73,0xd4,0x58,0x73,0xc4,0x4b,0x71,0x8b,0x3c,0xc5,0x4f,0xa8,0x7c,0xa4,0x84,0xd9,0x96,0x23,0x73,0xb4,0x03,0x16,0xbf,0x1e,0xa1,0x2d,0xd8,0xc4,0x8a,0xe7,0x82,0x10,0xda,0xc9,0xe5,0x45,0x9b,0x01,0xdc,0x73,0xa6,0xc9,0x17,0xa8,0x15,0x31,0x6d},{0x3e,0x49,0xa4,0x0e,0x3a,0xaf,0xa3,0x07,0x3d,0xf7,0x2a,0xec,0x43,0xb1,0xd4,0x09,0x1a,0xcb,0x8e,0x92,0xf9,0x65,0x95,0x04,0x6d,0x2d,0x9b,0x34,0xa3,0xbf,0x51,0x00,0xe2,0xee,0x23,0xf5,0x28,0x0a,0xa9,0xb1,0x57,0x0b,0x96,0x56,0x62,0xba,0x12,0x94,0xaf,0xc6,0x5f,0xb5,0x61,0x43,0x0f,0xde,0x0b,0xab,0xfa,0x4f,0xfe,0xc5,0xe7,0x18},{0x00,0x4d,0x41,0x8d,0xe4,0x69,0x23,0xae,0x98,0xc4,0x3e,0x77,0x0f,0x1d,0x94,0x5d,0x29,0x3e,0x94,0x5a,0x38,0x39,0x20,0x0f,0xd3,0x6f,0x76,0xa2,0x29,0x02,0x03,0xcb,0x0b,0x7f,0x4f,0x1a,0x29,0x51,0x13,0x33,0x7c,0x99,0xb3,0x81,0x82,0x39,0x44,0x05,0x97,0xfb,0x0d,0xf2,0x93,0xa2,0x40,0x94,0xf4,0xff,0x5d,0x09,0x61,0xe4,0x5f,0x76},{0xab,0xce,0xd2,0x24,0xe8,0x93,0xb0,0xe7,0x72,0x14,0xdc,0xbb,0x7d,0x0f,0xd8,0x94,0x16,0x9e,0xb5,0x7f,0xd7,0x19,0x5f,0x3e,0x2d,0x45,0xd5,0xf7,0x90,0x0b,0x3e,0x05,0x18,0x2e,0x2b,0xf4,0xfa,0xd4,0xec,0x62,0x4a,0x4f,0x48,0x50,0xaf,0x1c,0xe8,0x9f,0x1a,0xe1,0x3d,0x70,0x49,0x00,0xa7,0xe3,0x5b,0x1e,0xa1,0x9b,0x68,0x1e,0xa1,0x73},{0xed,0xb6,0xd0,0xf0,0x06,0x6e,0x33,0x9c,0x86,0xfb,0xe8,0xc3,0x6c,0x8d,0xde,0xdd,0xa6,0xa0,0x2d,0xb9,0x07,0x29,0xa3,0x13,0xbb,0xa4,0xba,0xec,0x48,0xc8,0xf4,0x56,0x82,0x79,0xe2,0xb1,0xd3,0x3d,0x83,0x9f,0x10,0xe8,0x52,0xe6,0x8b,0x1c,0x33,0x9e,0x2b,0xd2,0xdb,0x62,0x1c,0x56,0xfd,0x50,0x40,0x77,0x81,0xab,0x21,0x67,0x3e,0x09,0x4f,0xf2,0x51,0xac,0x7d,0xe7,0xd1,0x5d,0x4b,0xe2,0x08,0xc6,0x3f,0x6a,0x4d,0xc8,0x5d,0x74,0xf6,0x3b,0xec,0x8e,0xc6,0x0c,0x32,0x27,0x2f,0x9c,0x09,0x48,0x59,0x10},{0x23,0x0f,0xa3,0xe2,0x69,0xce,0xb9,0xb9,0xd1,0x1c,0x4e,0xab,0x63,0xc9,0x2e,0x1e,0x7e,0xa2,0xa2,0xa0,0x49,0x2e,0x78,0xe4,0x8a,0x02,0x3b,0xa7,0xab,0x1f,0xd4,0xce,0x05,0xe2,0x80,0x09,0x09,0x3c,0x61,0xc7,0x10,0x3a,0x9c,0xf4,0x95,0xac,0x89,0x6f,0x23,0xb3,0x09,0xe2,0x24,0x3f,0xf6,0x96,0x02,0x36,0x41,0x16,0x32,0xe1,0x66,0x05,0x4f,0xf2,0x51,0xac,0x7d,0xe7,0xd1,0x5d,0x4b,0xe2,0x08,0xc6,0x3f,0x6a,0x4d,0xc8,0x5d,0x74,0xf6,0x3b,0xec,0x8e,0xc6,0x0c,0x32,0x27,0x2f,0x9c,0x09,0x48,0x59,0x10}},
+	{{0xfd,0x81,0x14,0xf1,0x67,0x07,0x44,0xbb,0x93,0x84,0xa2,0xdc,0x36,0xdc,0xcc,0xb3,0x9e,0x82,0xd4,0x8b,0x42,0x56,0xfb,0xf2,0x6e,0x83,0x3b,0x16,0x2c,0x29,0xfb,0x39,0x29,0x48,0x85,0xe3,0xe3,0xf7,0xe7,0x80,0x49,0xd3,0x01,0x30,0x5a,0x2c,0x3f,0x4c,0xea,0x13,0xeb,0xda,0xf4,0x56,0x75,0x8d,0x50,0x1e,0x19,0x2d,0x29,0x2b,0xfb,0xdb},{0x85,0x34,0x4d,0xf7,0x39,0xbf,0x98,0x79,0x8c,0x98,0xeb,0x8d,0x61,0x27,0xec,0x87,0x56,0xcd,0xd0,0xa6,0x55,0x77,0xee,0xf0,0x20,0xd0,0x59,0x39,0x95,0xab,0x29,0x82,0x8e,0x61,0xf8,0xad,0xed,0xb6,0x27,0xc3,0xd8,0x16,0xce,0x67,0x78,0xe2,0x04,0x4b,0x0c,0x2d,0x2f,0xc3,0x24,0x72,0xbc,0x53,0xbd,0xfe,0x39,0x23,0xd4,0xaf,0x27,0x84},{0x11,0xbe,0x5f,0x5a,0x73,0xe7,0x42,0xef,0xff,0x3c,0x47,0x6a,0x0e,0x6b,0x9e,0x96,0x21,0xa3,0xdf,0x49,0xe9,0x3f,0x40,0xfc,0xab,0xb3,0x66,0xd3,0x3d,0xfa,0x02,0x29,0xf3,0x43,0x45,0x3c,0x70,0xa3,0x5d,0x39,0xf7,0xc0,0x6a,0xcd,0xfa,0x1d,0xbe,0x3b,0x91,0x41,0xe4,0xb0,0x60,0xc0,0x22,0xf7,0x2c,0x11,0x2b,0x1c,0x5f,0x24,0xef,0x53},{0xfd,0x3f,0x09,0x06,0xc9,0x39,0x8d,0x48,0xfa,0x6b,0xc9,0x80,0xbf,0xf6,0xd6,0x76,0xb3,0x62,0x70,0x88,0x4f,0xde,0xde,0xb9,0xb4,0xf0,0xce,0xf3,0x74,0x0d,0xea,0x00,0x9e,0x9c,0x29,0xe1,0xa2,0x1b,0xbd,0xb5,0x83,0xcc,0x12,0xd8,0x48,0x08,0x5b,0xe5,0xd6,0xf9,0x11,0x5c,0xe0,0xd9,0xc3,0x3c,0x26,0xbd,0x69,0x9f,0x5c,0x6f,0x0c,0x6f},{0xca,0xd4,0x76,0x32,0x8b,0xbe,0x0c,0x65,0x75,0x43,0x73,0xc2,0xf2,0xfd,0x7f,0xeb,0xe4,0x62,0xc5,0x0d,0x0f,0xf9,0x01,0xc8,0xb9,0xfa,0xca,0xb4,0x12,0x1c,0xb4,0xac,0x0e,0x5f,0x18,0xfc,0x0c,0x7f,0x2a,0x55,0xc5,0xfd,0x4d,0x83,0xb2,0x02,0x31,0x6a,0x3f,0x14,0xee,0x9d,0x11,0xa8,0x06,0xad,0xeb,0x93,0x19,0x79,0xb1,0xf2,0x78,0x05},{0x85,0xe6,0xe2,0xf2,0x96,0xe7,0xa2,0x8b,0x7e,0x36,0xbd,0x7b,0xf4,0x28,0x6a,0xd7,0xbc,0x2a,0x6a,0x59,0xfd,0xc0,0xc8,0x3d,0x50,0x0f,0x0c,0x2b,0x12,0x3a,0x75,0xc7,0x56,0xbb,0x7f,0x7d,0x4e,0xd4,0x03,0xb8,0x7b,0xde,0xde,0x99,0x65,0x9e,0xc4,0xa6,0x6e,0xfe,0x00,0x88,0xeb,0x9d,0xa4,0xa9,0x9d,0x37,0xc9,0x4a,0xcf,0x69,0xc4,0x01,0xba,0xa8,0xce,0xeb,0x72,0xcb,0x64,0x8b,0x9f,0xc1,0x1f,0x9a,0x9e,0x99,0xcc,0x39,0xec,0xd9,0xbb,0xd9,0xce,0xc2,0x74,0x6f,0xd0,0x2a,0xb9,0xc6,0xe3,0xf5,0xe7,0xf4},{0xb1,0x39,0x50,0xb1,0x1a,0x08,0x42,0x2b,0xdd,0x6d,0x20,0x9f,0x0f,0x37,0xba,0x69,0x97,0x21,0x30,0x7a,0x71,0x2f,0xce,0x98,0x09,0x04,0xa2,0x98,0x6a,0xed,0x02,0x1d,0x5d,0x30,0x8f,0x03,0x47,0x6b,0x89,0xfd,0xf7,0x1a,0xca,0x46,0x6f,0x51,0x69,0x9a,0x2b,0x18,0x77,0xe4,0xad,0x0d,0x7a,0x66,0xd2,0x2c,0x28,0xa0,0xd3,0x0a,0x99,0x0d,0xba,0xa8,0xce,0xeb,0x72,0xcb,0x64,0x8b,0x9f,0xc1,0x1f,0x9a,0x9e,0x99,0xcc,0x39,0xec,0xd9,0xbb,0xd9,0xce,0xc2,0x74,0x6f,0xd0,0x2a,0xb9,0xc6,0xe3,0xf5,0xe7,0xf4}},
+	{{0x02,0x3a,0x7e,0x0c,0x6d,0x96,0x3c,0x5d,0x44,0x56,0x5d,0xc1,0x49,0x94,0x35,0x12,0x9d,0xff,0x8a,0x5d,0x91,0x74,0xa8,0x15,0xee,0x5d,0x1e,0x72,0xbe,0x86,0x15,0x68,0xe7,0x36,0xa2,0x4a,0xb8,0xa2,0xa4,0x4c,0xd8,0x95,0xe3,0xc7,0xbb,0x32,0x21,0x90,0x64,0x52,0x32,0xeb,0x26,0xd3,0x4f,0xf0,0x8e,0x27,0x40,0xea,0xed,0xdb,0xf5,0xc4},{0x76,0x99,0x64,0x70,0xf4,0x50,0xc8,0xcc,0x4a,0x5a,0xa5,0x0f,0xeb,0x2d,0xc7,0x0e,0x73,0xd0,0x65,0x7d,0xc3,0xce,0x73,0x03,0x20,0x2f,0xad,0x65,0xfd,0x12,0xe4,0x7f,0xfd,0x45,0x3a,0x6e,0xc5,0x9a,0x06,0x67,0x0e,0xa6,0x7b,0x21,0x49,0x2d,0x01,0x1b,0x8e,0x03,0x6e,0x10,0x08,0x0c,0x68,0xd9,0x60,0x47,0xa4,0xe2,0x52,0xfd,0x3c,0xf4},{0xa3,0xe2,0x5f,0x16,0x39,0x78,0x96,0xf7,0x47,0x6f,0x93,0x5d,0x27,0x7b,0x58,0xe0,0xc5,0xdb,0x71,0x7d,0xa9,0x6f,0xf8,0x8b,0x69,0xdd,0x50,0xea,0x91,0x0d,0x66,0x77,0xaf,0x8f,0xd5,0x9f,0x8a,0x26,0x69,0x4c,0x64,0x37,0x62,0x81,0x6f,0x05,0x9a,0x08,0x0d,0xe1,0x69,0x24,0x77,0x3f,0x50,0xb2,0x49,0x4d,0x93,0xef,0x2e,0x87,0xff,0xde},{0xb3,0x32,0xe2,0x67,0x79,0x32,0x5f,0x64,0x47,0x49,0x1c,0xd3,0x8f,0x95,0x44,0xfd,0x4c,0x7e,0xbf,0x6b,0xb7,0xaf,0x2c,0xdd,0x8f,0xa5,0xd8,0x2f,0xbf,0xa0,0x8a,0x6b,0x58,0x25,0xc9,0x12,0x23,0x6f,0xe6,0x05,0xa8,0xd0,0x68,0x6e,0x0c,0xee,0x70,0xe4,0xa3,0x86,0x51,0x04,0x6d,0xca,0xd5,0xed,0xcf,0x74,0x1d,0x60,0x9e,0x86,0x2d,0x05},{0x91,0xf4,0x5f,0x4a,0xcb,0xd8,0xfd,0x5f,0xb9,0x3d,0x04,0xb8,0xec,0x35,0x85,0x4f,0x58,0x20,0xd1,0x1f,0x47,0xc4,0xf4,0xcb,0x21,0x4e,0x9a,0xf1,0x6e,0xbf,0xe3,0xd3,0x62,0xe3,0x82,0xf6,0xba,0xa8,0xdf,0x92,0xe2,0x3c,0xe5,0xf0,0x16,0x8a,0xeb,0xa4,0xbb,0xc7,0x81,0xaf,0x15,0x19,0x87,0x5f,0xb7,0xe0,0x4c,0x12,0xff,0x2c,0xa9,0xc8},{0xaf,0x85,0xe0,0x36,0x43,0xdf,0x41,0x17,0xda,0xde,0x5e,0xb6,0x33,0xd0,0xce,0x62,0x70,0x5f,0x85,0x24,0x6c,0x3e,0x1b,0xe1,0x52,0xc1,0x9b,0x1c,0xcd,0x61,0x80,0x9c,0xa0,0xe8,0x18,0xee,0x40,0x91,0x93,0x82,0xdb,0x33,0x44,0xff,0xd4,0xf6,0x6f,0x5d,0xf0,0x0e,0x92,0x92,0x81,0x55,0x46,0x06,0xac,0x58,0x81,0x3b,0x04,0xc7,0xf7,0x0d,0xd2,0x0c,0x08,0x6d,0x46,0xdb,0x43,0x28,0x31,0xd8,0xcd,0x87,0x50,0xbb,0xd3,0x07,0xf5,0x72,0x0b,0x15,0x7c,0x16,0xab,0x03,0xd9,0x4b,0x07,0x38,0x97,0xe8,0xd6,0xb5},{0x93,0xff,0x6d,0xc3,0x62,0xf7,0xcc,0x20,0x95,0xc2,0x2f,0x7d,0x1d,0x9b,0xd1,0x63,0xfc,0x61,0x47,0xb3,0x22,0x0f,0xca,0xb0,0x16,0xcf,0x29,0x53,0x46,0x97,0xb1,0x36,0x46,0xac,0x48,0x13,0x92,0xe4,0x46,0x68,0xcf,0x09,0x4e,0xfa,0x59,0x45,0x24,0x08,0xdb,0xb4,0x6f,0x20,0x55,0x12,0xd9,0x75,0x9d,0x8e,0x0b,0xf8,0x63,0xe0,0xf9,0x01,0xd2,0x0c,0x08,0x6d,0x46,0xdb,0x43,0x28,0x31,0xd8,0xcd,0x87,0x50,0xbb,0xd3,0x07,0xf5,0x72,0x0b,0x15,0x7c,0x16,0xab,0x03,0xd9,0x4b,0x07,0x38,0x97,0xe8,0xd6,0xb5}},
+	{{0x14,0x35,0xa6,0x7d,0xc1,0xb5,0x71,0xca,0x42,0x50,0x90,0xa7,0x72,0x85,0xbe,0x78,0x7a,0x5f,0x83,0x1e,0xbe,0xef,0x6a,0xbe,0x48,0xc5,0x68,0x14,0x0c,0xf7,0x44,0x5c,0x2e,0xfd,0x1b,0xcc,0xee,0x09,0x23,0x82,0x31,0xad,0xaf,0x4b,0x73,0x9c,0xf2,0x88,0x3c,0xf3,0xb5,0x43,0x8b,0x53,0xf9,0xac,0x17,0x86,0x1c,0xc2,0x53,0x43,0xec,0x03},{0x7b,0x36,0x6c,0xcc,0xb5,0xb2,0x23,0x3d,0x7c,0xe5,0xe7,0xcf,0x06,0xe2,0x32,0x0b,0xc5,0x3b,0x7f,0x86,0x40,0xfc,0xaf,0xba,0x94,0xe0,0x88,0x58,0x5b,0xac,0xe8,0xc3,0xe8,0xc3,0xdf,0xc4,0x45,0x29,0xe8,0xf0,0x1c,0x10,0x0d,0x50,0x81,0x29,0x30,0xa8,0x27,0xb5,0x3e,0xb8,0x25,0xf1,0x17,0x30,0xc6,0x05,0xe3,0x3e,0x45,0x38,0xa8,0x3c},{0xce,0xd9,0x45,0x28,0xb0,0xce,0xa5,0x47,0xa8,0x29,0x32,0x76,0x99,0x73,0x8d,0x74,0xf9,0xed,0x0a,0xd0,0xf1,0xd8,0x7e,0x44,0x63,0x9e,0x9a,0xcf,0x7c,0x35,0x8a,0x29,0xbb,0x71,0x66,0x8d,0xa7,0xfc,0x05,0x3d,0xd4,0x4b,0x65,0x20,0xf5,0xa4,0x64,0xd8,0x9d,0x16,0x80,0x9c,0xb2,0x3c,0x3e,0xd4,0x9d,0x09,0x88,0x8e,0xbb,0x58,0xf8,0x77},{0xe1,0x29,0xb3,0x16,0xe6,0xa0,0xdb,0x64,0x08,0x36,0xdc,0x33,0xad,0x8b,0x30,0x26,0x17,0x56,0xd7,0x34,0x17,0xd1,0xdd,0x23,0x38,0x58,0x25,0x01,0x42,0x5a,0x9d,0x18,0x3e,0xac,0x31,0xfa,0x43,0x28,0xc4,0x65,0xfb,0x30,0x2f,0x8c,0x16,0x52,0x32,0x1b,0x19,0xb7,0x31,0xf6,0x67,0xa7,0xd8,0xed,0x9a,0xa3,0x95,0x01,0xd7,0xb9,0xe7,0xcc},{0x81,0x2d,0x11,0xa9,0x11,0xf1,0x22,0xe2,0x67,0x70,0xc4,0xba,0x34,0xa1,0x75,0x8c,0xf6,0x0c,0x63,0xe7,0x01,0x3c,0x64,0x6c,0xe8,0xd0,0xf8,0x8e,0x88,0xdf,0x5c,0x61,0x68,0x5d,0x1f,0xeb,0x83,0x1f,0x40,0xb8,0xa8,0x56,0x57,0x26,0x81,0x2c,0xa3,0x0e,0x48,0x4c,0x45,0x4d,0x0d,0x3d,0x6e,0x99,0x52,0xbd,0x0b,0xd8,0x05,0xc5,0xf9,0x61},{0x92,0x45,0xbe,0xe6,0xb4,0x7a,0xfa,0x28,0xd4,0x5b,0x6b,0x17,0xc6,0x13,0x61,0x5d,0x5f,0xd7,0x90,0xbb,0x89,0x35,0x7a,0x02,0x50,0x57,0x56,0x5f,0x19,0xb5,0xb6,0xc5,0x77,0x1e,0x1b,0xc0,0xd7,0x7a,0x29,0xbd,0xe7,0x24,0x01,0x2d,0x37,0xc0,0x38,0x6f,0xc8,0x35,0xa1,0x1b,0xe0,0xea,0x16,0xad,0xbc,0xdc,0xd4,0x8d,0x4e,0x71,0xdb,0x05,0x9e,0xb5,0x53,0x6b,0x5c,0xf1,0x7d,0x15,0x8b,0xd7,0xc7,0x8b,0x89,0x9d,0xfd,0x28,0x7c,0xa1,0x31,0xe2,0xf0,0x2c,0x3a,0x8d,0x0e,0x23,0x85,0x4e,0xf0,0xd1,0xc0,0x83},{0x7b,0x88,0xeb,0x45,0x1c,0x7f,0xfd,0xbe,0xba,0xac,0x53,0x28,0x59,0xe8,0xad,0x28,0xf1,0x97,0x2d,0x6c,0x31,0xa6,0xae,0x47,0x10,0x69,0x68,0x55,0xa6,0x9c,0x03,0x62,0xb7,0x2f,0x31,0x46,0x2a,0x2b,0x98,0xdd,0xe9,0xf9,0xfe,0x77,0x71,0x41,0x54,0xf8,0x59,0x02,0x7a,0xe3,0x45,0x67,0xb6,0xf7,0x94,0x31,0x3e,0x62,0x62,0x2a,0xf9,0x0a,0x9e,0xb5,0x53,0x6b,0x5c,0xf1,0x7d,0x15,0x8b,0xd7,0xc7,0x8b,0x89,0x9d,0xfd,0x28,0x7c,0xa1,0x31,0xe2,0xf0,0x2c,0x3a,0x8d,0x0e,0x23,0x85,0x4e,0xf0,0xd1,0xc0,0x83}},
+	{{0x27,0x4d,0x84,0x08,0x95,0x84,0xc8,0xeb,0x1c,0x9a,0x0f,0xca,0x09,0x6f,0x48,0x8b,0x2b,0x06,0xa0,0xae,0xf2,0xe3,0x8a,0xfe,0xd7,0x52,0x4b,0xf2,0xc6,0x7c,0xc1,0x55,0x87,0x2e,0x5a,0xb4,0xc2,0x43,0x0a,0x0d,0xd0,0x00,0xa8,0xe1,0x46,0x68,0x79,0xd8,0x8c,0x01,0x36,0xb7,0x5a,0x61,0x04,0xe9,0x7e,0xbb,0xc9,0xee,0xaa,0x12,0x13,0xda},{0x78,0x66,0xd0,0xa2,0x50,0x82,0x8d,0xb0,0xa0,0x20,0xac,0xa4,0xb6,0xa0,0x31,0xf7,0x7d,0x93,0x37,0x67,0xbb,0x60,0xa2,0x1e,0x36,0xce,0x3d,0x48,0x1d,0x79,0x99,0xa5,0x19,0xd8,0x89,0x1b,0xcb,0x14,0x87,0xb7,0x62,0xfd,0xd2,0xef,0xbb,0x13,0x41,0x4d,0xf1,0x77,0x5c,0x7f,0x6c,0x3b,0x94,0x7d,0xb4,0xba,0x87,0x3e,0xc8,0xe1,0x3c,0x0a},{0xd9,0x9e,0x14,0x89,0xd6,0xf8,0x49,0xa2,0xe2,0x19,0xfe,0x94,0xaa,0xf7,0x35,0xf9,0x4a,0xf8,0xf3,0x18,0x68,0x96,0x47,0xc6,0x23,0x7c,0xb0,0x53,0xcb,0xd8,0x90,0x31,0xb7,0x50,0x0e,0x06,0xc3,0x84,0x75,0xf1,0xac,0x16,0x4d,0xc1,0xbe,0xf1,0x80,0x33,0x47,0x56,0x6f,0x33,0x94,0x5c,0x81,0x03,0x4c,0x2f,0x6d,0xac,0x73,0xba,0x91,0x3c},{0x2f,0xa9,0xb6,0xe8,0x73,0xe2,0xef,0x6d,0x6d,0xd7,0x2e,0xa0,0x51,0x61,0x24,0x81,0x8c,0xa8,0x47,0x40,0xe1,0xc7,0x75,0x79,0xc8,0xec,0xb2,0x23,0x41,0xad,0x61,0x3b,0xea,0x8a,0xdf,0x63,0xed,0xe1,0x8e,0x50,0x70,0x6e,0x86,0xed,0xb0,0xba,0x27,0x48,0x8e,0xb9,0x63,0x39,0x78,0x58,0x4f,0x1e,0xbc,0x45,0xf3,0xf2,0x3a,0x73,0x9b,0x8c},{0xad,0x42,0xc5,0x84,0xca,0xe1,0xe1,0x23,0x2a,0x73,0x15,0x3c,0x9a,0xfe,0x85,0x8d,0xa3,0x2c,0xcf,0x46,0x8d,0x7f,0x1c,0x61,0xd7,0x0e,0xb1,0xa6,0xb4,0xae,0xab,0x63,0xc4,0x0e,0xf2,0xa0,0x5d,0xa6,0xf3,0x5d,0x35,0x41,0xea,0x03,0x91,0xb1,0x3a,0x07,0xe6,0xed,0x6c,0x8c,0xcb,0x75,0x27,0xf1,0x26,0x58,0xf0,0x62,0x57,0xe4,0x33,0x00},{0x1f,0xed,0x53,0xc6,0xef,0x38,0x26,0xa4,0x18,0x88,0x8f,0x5c,0x49,0x1c,0x15,0x7d,0x77,0x90,0x06,0x39,0xe0,0x7c,0x25,0xed,0x79,0x05,0x66,0xe0,0x5e,0x94,0xe3,0x46,0x6f,0x96,0xd8,0xc1,0x11,0xa4,0x11,0x6f,0x78,0x42,0x8e,0x89,0xc7,0xc3,0xed,0xd2,0x9e,0x68,0x47,0x79,0x89,0x23,0x70,0x14,0x21,0x60,0x2d,0xfe,0x37,0x4b,0xc8,0x0a,0x16,0x73,0x7c,0xc4,0x55,0x3f,0x25,0x04,0x08,0x75,0x74,0x68,0xbc,0xe4,0x3a,0xae,0x4c,0x0e,0xd2,0x85,0xa1,0xbc,0x81,0xc0,0xc9,0xfe,0x9a,0x44,0x7b,0x83,0xdf,0xc7},{0x27,0x77,0x97,0x84,0x0f,0x2d,0x8d,0x33,0xb8,0x4e,0xdb,0x8b,0xea,0x58,0x52,0x88,0x95,0x88,0x55,0x5f,0xb8,0xc4,0xc9,0xd6,0x1f,0x1e,0xee,0x60,0xb5,0xeb,0x78,0x72,0xb5,0xe5,0x22,0x2b,0x7f,0x5e,0xc7,0x9b,0x29,0x55,0x8e,0x2a,0xfc,0x65,0x55,0x4a,0x02,0xad,0x64,0x06,0xd4,0x25,0xe1,0x96,0x6f,0xee,0x96,0xcd,0x29,0xc6,0x64,0x00,0x16,0x73,0x7c,0xc4,0x55,0x3f,0x25,0x04,0x08,0x75,0x74,0x68,0xbc,0xe4,0x3a,0xae,0x4c,0x0e,0xd2,0x85,0xa1,0xbc,0x81,0xc0,0xc9,0xfe,0x9a,0x44,0x7b,0x83,0xdf,0xc7}},
+	{{0x5e,0xc5,0x5b,0x9c,0xdb,0x14,0x05,0x18,0x6b,0xe2,0x1d,0x16,0x77,0x22,0x0e,0xd2,0xe4,0x57,0x82,0x6e,0x5b,0xc5,0x6a,0xb9,0x34,0x20,0xdb,0x72,0xe2,0xe1,0xeb,0x1b,0x34,0x00,0x04,0xbf,0x83,0xf6,0x4f,0x12,0x45,0x08,0xf0,0x95,0x2a,0xdc,0x3a,0x14,0xb3,0x29,0x0b,0x99,0xcd,0x73,0x31,0xbd,0x04,0xbb,0x49,0x1c,0xde,0xcf,0x09,0x9e},{0x15,0x80,0x3e,0x2a,0xfb,0xc0,0x8d,0x62,0x19,0x27,0x83,0x04,0xcc,0xf5,0xd1,0xbb,0x40,0x41,0xbe,0x93,0x59,0x6e,0x27,0x6d,0x95,0x24,0x0a,0x07,0x27,0x86,0x10,0x75,0xf7,0x0a,0x11,0xfc,0x53,0xd0,0x4c,0x15,0xf8,0x6e,0x22,0x3f,0xeb,0x12,0x97,0x8a,0x3d,0x69,0xd8,0x96,0xc9,0x53,0x10,0x9c,0x02,0x95,0xe4,0xd3,0x1a,0xd5,0x43,0x82},{0x40,0x09,0x2c,0x17,0x7e,0xba,0xce,0x1f,0xfc,0xc1,0x8e,0xc3,0x1c,0xa2,0x34,0x52,0x78,0x16,0x23,0x71,0x82,0x40,0xf8,0x6d,0x67,0x65,0x67,0x50,0x53,0xd9,0xc8,0x5e,0x7e,0x8a,0x98,0xa3,0xc6,0x2a,0x4d,0x27,0xf3,0xb9,0xbb,0xae,0x43,0x29,0x6e,0x02,0x1c,0xe9,0x01,0xd6,0xcd,0xd8,0x91,0x44,0x95,0x2b,0x9e,0xa5,0x4f,0xd0,0x00,0xb9},{0x3a,0xe8,0x3d,0xb3,0x32,0xdc,0xc2,0xc8,0xe3,0x36,0x2f,0xc9,0x30,0x3a,0xc0,0x76,0x56,0xd3,0x0b,0x06,0xbe,0x8f,0xe7,0xf1,0x66,0x61,0x25,0x42,0x28,0xdc,0x08,0x81,0x84,0x3a,0x57,0x96,0x27,0xa6,0xcf,0xd6,0x8f,0x35,0xa2,0xc3,0x76,0x86,0x4f,0xcf,0x5f,0xa1,0x85,0x28,0x4f,0x4a,0x3a,0xbb,0x5c,0x25,0x4b,0xcc,0x46,0xfe,0xf2,0x04},{0x62,0xc8,0xa2,0x0a,0x59,0xb8,0x97,0xd2,0x68,0x94,0x00,0x3b,0x01,0xac,0x91,0x6e,0x97,0x8e,0x08,0xe3,0xfe,0x9f,0x9e,0x9f,0x4b,0xcc,0x5d,0x1d,0xb9,0xbf,0x07,0x83,0xfe,0x51,0x2a,0xdf,0x79,0x2e,0x07,0xc9,0x98,0x9b,0xbe,0xb6,0xe4,0x0a,0x20,0x44,0x86,0xea,0xb1,0x61,0x58,0x11,0x32,0x8e,0x7b,0xb9,0x67,0x2d,0xf0,0x78,0xb2,0x93},{0x1a,0x65,0xb3,0x6f,0xa2,0x45,0x29,0x53,0xd7,0x23,0x4d,0xff,0x8e,0xe9,0xb9,0xef,0x16,0xa0,0xdd,0x48,0xdf,0x70,0xd2,0xe1,0x56,0xca,0xd1,0xd0,0x4a,0x9d,0x63,0x92,0x2b,0xfd,0x7b,0x87,0x39,0x3c,0x12,0xc7,0xe5,0x91,0x31,0x95,0x78,0xc4,0x58,0x95,0x89,0x6e,0x2c,0x90,0xb4,0x0b,0xb2,0xfe,0x52,0xc0,0x86,0xc4,0x2e,0x56,0x97,0x0c,0x20,0xf2,0xbc,0x6a,0x9b,0x89,0xfb,0xe9,0x85,0x95,0xd6,0x22,0x5e,0x4d,0x6d,0x83,0x9d,0xf4,0xbe,0x66,0x05,0x32,0xb6,0xe2,0xf1,0x96,0x42,0xa4,0xc8,0x8c,0x1b,0xec},{0x43,0x85,0xff,0xb9,0xcf,0x04,0x83,0x40,0x70,0x3a,0x9c,0x48,0xb4,0xc2,0x99,0x3b,0xa0,0x39,0xf1,0x39,0x58,0x7f,0xd2,0x49,0x94,0x3c,0xc3,0xe1,0xb6,0x56,0x38,0x55,0x6f,0xb5,0x1a,0x90,0xa2,0x04,0x2f,0x19,0xf8,0xb1,0x65,0x5a,0xad,0xcd,0x1c,0x56,0x42,0x38,0xc2,0x52,0x09,0xd6,0x41,0x98,0x5d,0x5f,0xa5,0xe7,0xc2,0x55,0xa1,0x09,0x20,0xf2,0xbc,0x6a,0x9b,0x89,0xfb,0xe9,0x85,0x95,0xd6,0x22,0x5e,0x4d,0x6d,0x83,0x9d,0xf4,0xbe,0x66,0x05,0x32,0xb6,0xe2,0xf1,0x96,0x42,0xa4,0xc8,0x8c,0x1b,0xec}},
+	{{0xf2,0x4a,0x96,0x57,0xc3,0x2f,0xe6,0x9f,0xed,0x7f,0xcc,0xe9,0xea,0xbe,0xd2,0x23,0x4e,0x47,0x13,0xd9,0x53,0x19,0x31,0x14,0x0a,0xd3,0x9b,0x95,0xa7,0x9c,0x88,0x5e,0x08,0xb2,0x16,0xda,0x45,0x61,0x1d,0x6b,0xdf,0xb1,0x14,0x0c,0x66,0xfd,0x3a,0xbe,0x25,0xdc,0xfd,0xcd,0xcc,0x5e,0x28,0x77,0x5a,0xa9,0x8b,0x84,0x77,0x26,0x9d,0xa6},{0xea,0xde,0x4d,0xab,0x09,0x02,0xbf,0x90,0xf8,0xae,0x8b,0x50,0x01,0xb2,0x9d,0x7c,0x0a,0x3b,0x60,0xda,0x34,0xa9,0xbb,0x4d,0xa5,0x53,0x18,0x65,0xec,0xaa,0xc9,0x29,0xb2,0xf7,0x74,0x14,0x63,0x5f,0x88,0xcf,0x4e,0x70,0x1b,0x11,0x64,0x73,0x15,0x6b,0x5a,0x8c,0xb8,0x4e,0x0f,0x83,0xae,0x4b,0x5c,0x52,0x1c,0x6a,0x0f,0x54,0x77,0xc8},{0xae,0xff,0x55,0xbf,0x78,0xb5,0xde,0x33,0xeb,0x87,0xea,0x13,0x7d,0x36,0x22,0x06,0x32,0xc4,0x7e,0xca,0x65,0x37,0xcc,0x83,0x0e,0xda,0x54,0xb3,0xd2,0xe6,0xe7,0x7f,0xe1,0x90,0x11,0x25,0x16,0x83,0x25,0x43,0xb4,0x38,0x06,0xbb,0x6c,0x62,0x7d,0x84,0x1f,0xf3,0x7b,0xeb,0xae,0x50,0xd8,0xfb,0xb9,0xf2,0xf9,0xc3,0x6f,0x59,0xb7,0xb0},{0x95,0x15,0x83,0x19,0x56,0x9c,0x11,0xd8,0x31,0x87,0x1d,0xe3,0x3f,0x07,0x89,0xb2,0xcb,0x81,0xf0,0xeb,0x0b,0x1e,0x74,0x08,0xa2,0x4a,0x0e,0x82,0xc6,0x45,0x8c,0x32,0xb4,0x8f,0xfd,0x76,0xeb,0x5e,0xc7,0x62,0xdc,0xcb,0xee,0xad,0xcf,0xcf,0xea,0x33,0x9d,0xb0,0x02,0x64,0x66,0x77,0x14,0x97,0x0c,0x6e,0x79,0xe8,0x58,0x32,0x0f,0xe6},{0xcb,0x2f,0xaf,0x53,0xd8,0x41,0x48,0x41,0x6f,0x36,0x78,0x80,0x83,0x5c,0x0d,0x4c,0x1b,0xf4,0x39,0xe0,0x34,0x4f,0xc2,0xb2,0x4e,0xf0,0xac,0xc2,0xf8,0x15,0x7a,0x81,0x9f,0x46,0x2b,0xe3,0xb9,0x39,0x05,0x89,0xa2,0xda,0x1a,0x63,0x51,0xb4,0x78,0x0f,0xfe,0x2f,0x9d,0xce,0x99,0x38,0xa9,0x7e,0xcb,0x80,0x57,0x9f,0xa2,0x28,0x0f,0x6a},{0x1b,0xec,0x67,0x50,0xd1,0x28,0x65,0x55,0xb8,0xde,0x3b,0x2e,0x1e,0x33,0xd8,0x1b,0xba,0x2e,0x78,0x6a,0xb8,0x0b,0x8c,0xa0,0x55,0x34,0x25,0x90,0x9a,0xe2,0xf5,0xaa,0x95,0x0c,0x6f,0x2a,0xb0,0x92,0x1d,0x48,0x5b,0x56,0x8c,0x82,0x8f,0xa7,0x15,0x75,0x26,0x61,0x85,0xc8,0x7d,0xda,0xf5,0x2a,0xf3,0x3c,0x34,0xc1,0x20,0x67,0xbb,0x04,0xec,0x7c,0xe2,0xcb,0x31,0xcf,0x23,0xda,0x5d,0x8a,0x05,0x00,0x9b,0x23,0x34,0xd0,0xed,0x56,0x10,0x0a,0x90,0x6b,0x73,0x26,0x6b,0xf0,0xd7,0xbc,0xd8,0xc7,0x89,0xc8},{0x90,0x43,0x54,0x87,0x44,0x00,0x07,0xca,0xa8,0x2b,0xec,0x55,0xa0,0xd2,0x8c,0x07,0x03,0xaa,0x61,0x1a,0x7d,0x0f,0x90,0x13,0x67,0x99,0x46,0x20,0xcd,0x70,0xcb,0xa7,0x96,0xdf,0x0c,0x13,0xc4,0x41,0x11,0xd6,0xc3,0x33,0x02,0x96,0x4f,0x1d,0xbd,0x06,0xa9,0xa1,0x31,0x0a,0xc3,0xdf,0x6d,0x52,0x6c,0xc6,0xbe,0xc5,0xb6,0x2a,0xb1,0x0f,0xec,0x7c,0xe2,0xcb,0x31,0xcf,0x23,0xda,0x5d,0x8a,0x05,0x00,0x9b,0x23,0x34,0xd0,0xed,0x56,0x10,0x0a,0x90,0x6b,0x73,0x26,0x6b,0xf0,0xd7,0xbc,0xd8,0xc7,0x89,0xc8}},
+	{{0x4f,0x3a,0xdd,0x0f,0xcf,0x7f,0x27,0xda,0x27,0xc4,0xa6,0x2b,0x6b,0xd1,0x9f,0x59,0x73,0x5f,0xd4,0xb7,0xf0,0x86,0x16,0xc9,0xdd,0xa6,0xf9,0x9b,0x17,0xb2,0xb9,0x71,0xe7,0x4c,0xa1,0x17,0x79,0xe0,0xcc,0xae,0x10,0xec,0x28,0x3a,0x09,0xf2,0x8b,0x34,0x9c,0xac,0x16,0x2a,0xa9,0x21,0xe8,0xa7,0x18,0xc0,0xc4,0x9f,0x30,0xa0,0x25,0x62},{0x23,0x4c,0xd4,0xae,0x52,0x30,0xf6,0x64,0xb9,0xe1,0x47,0xca,0xf8,0xf3,0x3a,0x6b,0x8b,0xf3,0x29,0xe2,0x9b,0x5d,0xbb,0x0a,0x60,0x52,0x03,0x40,0x53,0x5c,0x9e,0x35,0x03,0xd4,0xec,0xd7,0x67,0xf4,0x92,0xd2,0x98,0x96,0xf2,0xa7,0xf4,0x25,0x6a,0x80,0x9c,0x75,0xc6,0xf2,0x1f,0x67,0x11,0x00,0x0d,0xda,0x1e,0xb2,0x58,0xa7,0x8c,0x39},{0x55,0x1b,0x80,0xbb,0xf3,0xc5,0x1a,0x84,0x34,0xf5,0x0a,0x8a,0x8a,0xe1,0x8c,0xea,0xa6,0xfb,0xd0,0x26,0xc9,0xa2,0x30,0x37,0x3e,0xba,0x98,0xfe,0x81,0x8a,0x52,0x37,0x0b,0x74,0x4e,0x3d,0x26,0x8f,0x82,0x4b,0xc0,0x6a,0x01,0x10,0x91,0x8f,0x89,0xb5,0x62,0x3f,0x1e,0x70,0xcc,0x25,0x77,0x39,0x74,0x88,0xdd,0xbc,0xbe,0x72,0x08,0x63},{0xe2,0x9a,0x46,0xd2,0x74,0xdc,0x0f,0x8a,0xa3,0xbd,0x20,0xb7,0xc7,0xd9,0x83,0x4b,0x58,0xa6,0xe3,0xbd,0xc5,0x00,0xb6,0x18,0x04,0x25,0x81,0xbd,0x99,0xb3,0xb1,0x2a,0x7a,0x68,0x6d,0xe1,0x3e,0x23,0x8d,0x29,0x9e,0x7a,0x30,0x56,0x4c,0x22,0xb6,0xf4,0x7d,0x7d,0x4f,0xfd,0x76,0xa5,0x9d,0x05,0x41,0x7c,0x7a,0x2d,0x7b,0xbe,0xcf,0x73},{0x7b,0xae,0x11,0x86,0x8a,0x38,0xbd,0x56,0x3c,0xf3,0x3c,0x9c,0x49,0xa4,0x68,0x0f,0x2b,0xdf,0xf2,0xa1,0xbc,0xc2,0xed,0x08,0x09,0x96,0xd0,0x7e,0x9b,0xe3,0x0a,0x72,0x13,0x03,0xd4,0x35,0x0a,0x94,0x60,0x09,0x4a,0xaa,0xca,0x35,0x8e,0xed,0x12,0xdd,0x26,0x8f,0xf8,0xa9,0xa2,0x8a,0x7f,0xac,0xf3,0x09,0xc7,0x22,0xc5,0x73,0xec,0xa0},{0xe9,0xc5,0x57,0x0d,0x85,0xbf,0x10,0xe2,0xd1,0xf5,0xd7,0x22,0xe9,0x6a,0x67,0x8d,0xd3,0x9f,0x1a,0xef,0x7f,0xc0,0x2b,0xe1,0xfd,0x2c,0xc2,0x5f,0x39,0xf9,0x34,0xd0,0x87,0x94,0x41,0x8a,0x65,0xa5,0x20,0x48,0xa4,0x20,0x5f,0x7a,0xc7,0x37,0x00,0x60,0x59,0x84,0x2a,0x1d,0xff,0x02,0xc3,0xe8,0x20,0xaa,0x39,0x13,0xac,0xf3,0xd7,0x05,0xbd,0xef,0x11,0x66,0x71,0xb8,0x9f,0x1e,0xe5,0xee,0x2e,0x37,0xfb,0x34,0xed,0xc5,0xa4,0x40,0x6e,0x38,0x31,0x0a,0x1c,0xaf,0x0d,0xd3,0x98,0xac,0x12,0x40,0xea,0x9c},{0xc6,0xcd,0x7a,0xbd,0x14,0xdb,0xe4,0xed,0xbf,0x46,0x70,0x23,0xbd,0xdb,0xc3,0xce,0x60,0xd5,0x6b,0x17,0x4c,0x23,0xfa,0x78,0x05,0xcc,0x18,0xed,0x42,0x03,0xa5,0xb7,0xdf,0x28,0x0e,0xd4,0x5d,0x31,0xd8,0xb9,0xdc,0xe9,0xf6,0x26,0xc5,0xe1,0xb3,0x80,0x0d,0x62,0xaf,0x2d,0xbd,0xd6,0xe4,0xbb,0x16,0x82,0xc8,0x13,0x2a,0x6f,0xb9,0x06,0xbd,0xef,0x11,0x66,0x71,0xb8,0x9f,0x1e,0xe5,0xee,0x2e,0x37,0xfb,0x34,0xed,0xc5,0xa4,0x40,0x6e,0x38,0x31,0x0a,0x1c,0xaf,0x0d,0xd3,0x98,0xac,0x12,0x40,0xea,0x9c}},
+	{{0x6f,0x46,0xcd,0x96,0xc4,0x13,0xf4,0x11,0x62,0x49,0x8c,0x5c,0x78,0x27,0xef,0xc8,0xb9,0xe2,0x7d,0xf1,0x0d,0x37,0xf2,0xfe,0x85,0x35,0x82,0x60,0x23,0xb6,0x7b,0x17,0xd2,0x91,0xef,0x01,0x9e,0x99,0x35,0xab,0xc7,0xfb,0xa1,0xa3,0x13,0x44,0x3f,0x3c,0x16,0xcb,0xd8,0xf0,0xbf,0x9e,0x65,0x4d,0x07,0xe0,0xfd,0x8e,0x32,0x61,0x95,0xd5},{0xb7,0x81,0x16,0x2f,0xcb,0xa4,0x30,0x4e,0x6d,0xf5,0xf0,0x3f,0xfe,0xd9,0x81,0x20,0xa6,0x0e,0x2b,0xa8,0xc5,0xed,0x0d,0x9a,0x28,0x9c,0xe3,0xa9,0xb7,0xbf,0x87,0x0f,0xa5,0xf9,0x33,0xe7,0xa6,0x7f,0x9b,0xac,0xb6,0xcc,0xaf,0xfc,0xa7,0x4a,0x4d,0x36,0x39,0xa9,0xb6,0xf5,0x09,0xde,0x8d,0x37,0x11,0x07,0xd1,0x8a,0xf5,0x7b,0x66,0xe1},{0xcc,0xe0,0x07,0x62,0xbe,0x10,0x8c,0x3a,0xa2,0x96,0x5d,0x11,0xc7,0xd5,0x50,0xc3,0xbb,0x55,0x21,0xc5,0x40,0x27,0x7d,0xdb,0xad,0xd2,0x61,0x2a,0x42,0x5f,0x94,0x23,0x77,0x83,0x3a,0x99,0xe8,0xda,0x79,0x8c,0x1e,0xa8,0x44,0x04,0xec,0xf5,0xd1,0x55,0x1e,0x58,0xf1,0x6e,0x4d,0x27,0xa4,0x91,0xec,0x59,0xc8,0x17,0x36,0x58,0x2a,0x1f},{0x6d,0xf8,0x73,0xa3,0x38,0x61,0x1d,0x95,0x09,0xde,0xe5,0x26,0x1b,0x15,0x16,0xfb,0xf5,0x16,0xa8,0xf3,0x9e,0x3a,0x6b,0xb5,0x8c,0xee,0xa8,0x66,0x79,0xc3,0x9e,0xb4,0xe1,0xc2,0x85,0x0e,0x86,0x10,0x5a,0x4e,0x8b,0x4c,0x0a,0x7a,0xd8,0x8a,0x48,0xf4,0xa0,0x79,0x37,0xe3,0xa5,0x90,0x05,0x5e,0xbd,0xa1,0xf6,0x09,0x58,0x9c,0x6f,0x09},{0x66,0x47,0x6d,0x60,0x06,0x2d,0x90,0x8f,0xae,0x6c,0x01,0xe9,0xb0,0xf9,0x6b,0xa5,0x4a,0xe1,0xdb,0xd3,0x64,0x42,0x37,0x5c,0x11,0x40,0x7a,0xce,0x4e,0x83,0xc3,0x2c,0x2e,0xd2,0x67,0x76,0xfb,0x8c,0x5d,0xab,0xe8,0xb8,0xd6,0x2b,0xf8,0x86,0xff,0x96,0xf3,0xa8,0x0e,0x2b,0x1a,0x68,0xf5,0xe4,0xee,0x49,0xa6,0x8c,0x41,0x1f,0x97,0xbf},{0x81,0x92,0x4e,0xc6,0xab,0x00,0xdd,0xf9,0xf9,0xb7,0xe0,0x0a,0xa9,0x3f,0x0a,0xf9,0x32,0x73,0xf6,0x22,0xec,0x95,0xd9,0x20,0x8a,0x3f,0xeb,0x0d,0xc7,0x79,0x6f,0xb3,0x85,0xf4,0xe1,0x11,0xe1,0xcc,0xaa,0x1b,0xfd,0xf3,0x43,0xff,0x66,0x73,0x0f,0x09,0xcc,0xa4,0x6c,0xb8,0x2a,0x0f,0x53,0x58,0x63,0x32,0x06,0xd9,0x6b,0x1a,0x14,0x04,0x85,0x3f,0x2f,0x2b,0x05,0xfb,0xed,0xe9,0x08,0x0d,0x21,0x49,0xc9,0x79,0xdf,0x6f,0x77,0x89,0xd7,0x74,0x09,0x57,0x1a,0xd2,0xa7,0x43,0xbf,0x08,0x8e,0x98,0xbc,0x2f},{0xe3,0xb1,0xc4,0x81,0xe6,0xec,0x07,0x58,0xa4,0xcb,0x7e,0xd5,0xae,0x9d,0x43,0xf1,0xb7,0xe2,0x0a,0x1f,0xd5,0xe8,0x14,0xba,0x22,0xff,0xb7,0x20,0x76,0x08,0xdc,0x9a,0x44,0x4c,0x1c,0xcd,0x38,0x4d,0xb5,0xd8,0xa9,0x1b,0x9d,0xbb,0x13,0x5a,0x6c,0xe9,0x5d,0xa4,0x42,0x0e,0xde,0x9a,0x47,0x8a,0x2a,0x97,0x42,0x86,0x87,0x98,0x3f,0x04,0x85,0x3f,0x2f,0x2b,0x05,0xfb,0xed,0xe9,0x08,0x0d,0x21,0x49,0xc9,0x79,0xdf,0x6f,0x77,0x89,0xd7,0x74,0x09,0x57,0x1a,0xd2,0xa7,0x43,0xbf,0x08,0x8e,0x98,0xbc,0x2f}},
+	{{0xff,0xe3,0x69,0x7b,0x62,0x45,0x40,0x5f,0x1c,0x49,0x65,0xd6,0xae,0x24,0x16,0x84,0xfa,0x69,0x6c,0x1f,0x6c,0x65,0xee,0x52,0xe9,0x6c,0x54,0xc7,0x31,0x9b,0xc2,0x74,0x4f,0xc0,0x16,0xb8,0xf8,0x75,0x5f,0x45,0xb5,0xf3,0xa0,0xd9,0xbe,0x25,0x82,0xbd,0x3c,0x03,0xe0,0x14,0x15,0x6a,0xd5,0x64,0x08,0x65,0x13,0x33,0xc2,0xab,0xe0,0x45},{0x6f,0x5a,0x90,0x80,0x25,0x13,0xc2,0xa7,0xfe,0x1c,0xa1,0x07,0x81,0x4b,0x09,0xd3,0xbd,0xda,0x55,0xa8,0xaa,0x62,0x19,0x03,0xe9,0x9f,0x77,0xef,0xff,0xd4,0x5e,0x53,0xbc,0x9d,0x71,0xb8,0xc4,0xc2,0x85,0xb9,0xb4,0x3d,0x95,0xb8,0xfd,0x44,0xb7,0xc8,0x6f,0x93,0x15,0x04,0x16,0x7e,0x01,0xf2,0x09,0x23,0x96,0x69,0xe5,0x65,0x52,0x34},{0xaf,0xfe,0x4f,0x34,0x4e,0xfe,0x51,0xa5,0xb2,0xd8,0x31,0x74,0x7b,0xae,0xfb,0xb9,0x33,0xc1,0xdc,0x66,0xe6,0x95,0x9e,0xce,0x77,0x7d,0x55,0x3c,0xa6,0x6c,0x09,0x23,0x5a,0x1a,0x5e,0x1a,0x41,0xd3,0xad,0x5f,0x86,0xd0,0x14,0xf5,0xe0,0xda,0xf1,0xce,0x19,0x90,0x45,0x0c,0x4c,0xb1,0xd3,0xc8,0x4c,0xdb,0x7e,0x49,0xf5,0xac,0xde,0xff},{0x1b,0x9b,0x6b,0x30,0xd3,0x19,0x37,0x83,0xad,0x05,0xca,0xba,0x22,0x85,0x33,0x7f,0x55,0x60,0xe3,0x14,0x8c,0x39,0x87,0xd1,0x4c,0x21,0x27,0xa0,0xae,0x4a,0x56,0x15,0x50,0x6c,0x99,0xca,0xff,0xde,0x10,0xc6,0x9f,0x6c,0x70,0xd1,0x66,0xb4,0x87,0xd8,0xfc,0x46,0xf2,0xcf,0x0c,0xd8,0xc3,0x14,0x5d,0x27,0xbd,0xed,0x32,0x36,0x7c,0xed},{0x64,0x6b,0x74,0xc7,0x60,0x36,0xc5,0xe4,0xb6,0xde,0x02,0x1a,0x09,0xaf,0x65,0xb1,0x94,0xa3,0xf4,0x95,0xf5,0xb0,0xef,0x86,0xb5,0x13,0x26,0x0b,0xe8,0xc5,0x5c,0x77,0xf5,0xe6,0xb6,0x10,0x36,0x87,0xa3,0xd2,0x7c,0x17,0x2c,0xb9,0xb0,0x90,0x9e,0x8c,0x0a,0x7d,0x73,0xb2,0x29,0xeb,0xa7,0x85,0xd7,0x04,0x14,0xf9,0x77,0xb7,0xf4,0x89},{0x7f,0x1c,0x5a,0x57,0x14,0xf6,0x30,0x07,0xf9,0xfe,0x42,0x98,0xcb,0x3d,0xac,0x04,0x30,0x0d,0xc6,0xd0,0x4f,0x8a,0xbc,0xdd,0x3e,0xc3,0xb7,0x74,0xc8,0x3b,0x1a,0xcc,0x6a,0x54,0x9e,0xb9,0xbe,0xf0,0x7c,0x35,0x35,0x1a,0x50,0x4c,0xc2,0x38,0x41,0x46,0xc8,0xc4,0x81,0x2b,0x26,0x56,0x6f,0x8a,0x9f,0x74,0x87,0xe0,0x01,0x82,0xe2,0x09,0xf3,0x9a,0xc5,0x33,0x5a,0x7d,0xb6,0xbb,0xff,0x20,0x4d,0xc1,0x99,0x3d,0xcc,0x5a,0xc7,0xd1,0xbe,0x4c,0xcf,0xc8,0x09,0x79,0x15,0x5e,0x0c,0xc6,0x26,0x36,0xe6,0xd9},{0x4d,0x2f,0x08,0x84,0x32,0xcf,0xe0,0x3b,0xa8,0x3e,0xa5,0xf8,0x3a,0xe8,0xa9,0x04,0x5a,0x74,0x67,0xcb,0x41,0x22,0xc5,0xc4,0x9a,0xa5,0xc1,0xa7,0x94,0x8b,0xa5,0x35,0x00,0x00,0x1a,0xaf,0xfb,0xed,0x40,0xb8,0x2b,0x28,0xf1,0xb1,0x02,0xd3,0x8b,0xc0,0x32,0x4a,0xa5,0x0a,0xa4,0xc3,0xbf,0xb3,0xf5,0xb7,0x65,0x8e,0x88,0xdf,0xd0,0x0e,0xf3,0x9a,0xc5,0x33,0x5a,0x7d,0xb6,0xbb,0xff,0x20,0x4d,0xc1,0x99,0x3d,0xcc,0x5a,0xc7,0xd1,0xbe,0x4c,0xcf,0xc8,0x09,0x79,0x15,0x5e,0x0c,0xc6,0x26,0x36,0xe6,0xd9}},
+	{{0xc8,0x8e,0x1c,0xea,0x02,0x6a,0xfd,0x88,0x8b,0xa9,0x9d,0xdd,0xba,0xea,0x77,0x30,0x88,0x1a,0x93,0x49,0xda,0x05,0x18,0xbb,0x4a,0x6a,0x11,0xc4,0x48,0x72,0x77,0x1f,0x6e,0x2b,0x9a,0xe3,0x27,0xbe,0xe1,0x75,0x32,0x30,0xa6,0x12,0x26,0x44,0xbf,0xb2,0xa5,0x51,0x0b,0x48,0x3a,0xea,0xc5,0xd4,0x24,0x3f,0x4e,0xe8,0xe5,0xc3,0xfb,0xc2},{0xcb,0x56,0x3c,0x00,0x28,0x15,0x72,0x16,0x23,0x4e,0x2e,0x2c,0x8c,0xe8,0x7c,0x44,0x82,0x2a,0xe0,0x57,0xa3,0x0a,0xc4,0x42,0xb5,0x07,0xe1,0x1b,0x78,0x8b,0x3d,0x4d,0xcb,0xe4,0x56,0x72,0x0b,0x85,0x52,0xd8,0x55,0xe2,0xcd,0x38,0xd2,0x83,0xb6,0x05,0xd2,0x9f,0x63,0x9e,0x7f,0xca,0xe5,0x95,0x36,0x61,0x9b,0xca,0x09,0x27,0x53,0x82},{0x24,0x67,0x10,0xd6,0x8a,0x1a,0x8e,0xb8,0x53,0xef,0xb7,0x67,0x2a,0xfd,0xb8,0xd6,0xe3,0xf7,0x41,0x95,0x8c,0x50,0xca,0x1d,0x21,0x21,0x41,0xd1,0xef,0x2d,0x9b,0x53,0xa9,0x42,0xcd,0xda,0x6d,0x12,0x1b,0xbd,0x0a,0xe1,0x4d,0x95,0xc6,0xaa,0x40,0xfd,0x98,0xfb,0x26,0x21,0x5e,0xaf,0x8e,0x6b,0xc9,0x36,0x2c,0x66,0x31,0x24,0x45,0x87},{0x5e,0xf9,0x1d,0x10,0xb5,0x79,0x1f,0x80,0x85,0x90,0xc3,0x7f,0x2b,0x73,0xbf,0x83,0x0b,0x5d,0x46,0xae,0x79,0xef,0x09,0x71,0x29,0xfb,0x83,0xde,0x1f,0xe2,0xdb,0x1b,0xa2,0x22,0xee,0x50,0x21,0x9d,0x9c,0x35,0x14,0x48,0x13,0xa5,0xd1,0x68,0xf4,0x61,0x1f,0xd7,0xe2,0xd6,0x42,0x1c,0xdc,0x58,0xec,0x8b,0x03,0x6b,0xdf,0x64,0x06,0x30},{0xf9,0xa6,0x88,0x74,0x07,0x19,0x15,0x38,0xaf,0xac,0x07,0x10,0xe0,0xd9,0x22,0xf3,0x78,0xb0,0xbf,0x60,0xa3,0x0f,0xea,0x0f,0xa8,0x64,0xa9,0xa3,0x82,0xe1,0x4c,0x29,0x36,0x22,0x6d,0x43,0x9c,0xde,0x22,0xbf,0xc6,0x85,0xf7,0xe9,0xe0,0x79,0x80,0xfe,0x9d,0xd6,0x24,0xbd,0x29,0xa4,0x8c,0x35,0x21,0x87,0x45,0x7f,0x88,0xd9,0x9a,0x9d},{0x49,0x43,0x19,0x14,0xcc,0x4a,0x11,0x01,0x05,0xd1,0x4e,0x39,0x6d,0xb0,0x22,0x65,0x32,0x6e,0x67,0x04,0x50,0x85,0x53,0x42,0x90,0x2c,0xc0,0x63,0x2f,0xbd,0x15,0x90,0x1b,0x3f,0x03,0x90,0x16,0x7f,0x7b,0x49,0x74,0xd0,0x3d,0x81,0x80,0x1e,0x9e,0x2e,0xa9,0x13,0x6a,0x10,0x14,0xc1,0xfd,0xf9,0x25,0x3a,0x1d,0x52,0x93,0x0a,0x77,0x03,0xa2,0xdd,0xce,0x9f,0x2a,0x35,0xc9,0x93,0x7c,0xa2,0x2c,0xf6,0x38,0x73,0xb3,0xab,0x7f,0x55,0xb6,0x62,0xa2,0x8d,0x6a,0x3e,0x88,0x04,0x9b,0xa2,0x19,0x64,0x55,0x01},{0x22,0x03,0x49,0x58,0x76,0x3c,0x85,0x45,0x5e,0x73,0x78,0x8f,0x65,0xc9,0x50,0xf8,0xd7,0x16,0x92,0xa4,0xd1,0x79,0xce,0xf3,0x00,0x34,0x38,0xb8,0xcc,0x96,0x9f,0xa6,0x87,0x28,0xcb,0x19,0x28,0xad,0x83,0xb5,0x09,0x96,0x54,0xe8,0x2a,0xb9,0x9b,0xff,0x60,0x85,0x31,0x28,0x62,0x36,0xd2,0x0e,0xad,0x2a,0xe1,0x84,0x80,0xeb,0x6f,0x00,0xa2,0xdd,0xce,0x9f,0x2a,0x35,0xc9,0x93,0x7c,0xa2,0x2c,0xf6,0x38,0x73,0xb3,0xab,0x7f,0x55,0xb6,0x62,0xa2,0x8d,0x6a,0x3e,0x88,0x04,0x9b,0xa2,0x19,0x64,0x55,0x01}},
+	{{0xeb,0x18,0x95,0x94,0x5f,0x15,0x8c,0xb8,0x4d,0x6e,0x7d,0xc0,0x96,0x6c,0x52,0xa2,0x5f,0x43,0x67,0xc2,0x3a,0x10,0x5b,0xf1,0x8f,0x21,0x89,0x06,0x77,0xe9,0xab,0x2e,0xcd,0x17,0x9c,0x9a,0xd7,0x89,0x7e,0x53,0x58,0x60,0x9b,0xce,0x90,0xd9,0x13,0x2d,0x78,0xc4,0x2c,0x1c,0x4c,0xe8,0x23,0x70,0xff,0xa0,0x42,0x98,0x25,0x40,0xd6,0xd8},{0xb6,0xfb,0xdd,0x5d,0x35,0xf2,0x2b,0x89,0xda,0x8e,0x90,0xee,0x03,0x4e,0x75,0xdb,0x4c,0x45,0xc8,0x00,0xde,0x06,0x27,0xde,0x44,0xb5,0x5b,0xc7,0x56,0xc3,0xf5,0xbb,0xee,0xa6,0x21,0xd4,0xd9,0xb9,0x24,0x9c,0x4c,0xbc,0x23,0xe5,0xeb,0x05,0xb6,0xd0,0xd0,0xbf,0x49,0x95,0x01,0xb4,0x97,0xad,0xb5,0x71,0x8d,0x4b,0x32,0xd0,0xdd,0x1a},{0xfd,0x11,0xd7,0xe4,0x46,0xcd,0xd8,0x44,0x89,0x0a,0xe7,0x44,0x59,0xe9,0xcf,0x9f,0xd6,0xf1,0x74,0x56,0x04,0x78,0xfa,0x29,0x46,0x8a,0x8d,0x1b,0xbe,0x41,0x92,0x1c,0x8d,0x74,0x01,0x1b,0xc1,0xf8,0x26,0xf4,0xc2,0x68,0xc3,0x23,0x8c,0x68,0x7c,0x0a,0xad,0xdd,0x50,0x10,0xcf,0xdb,0x78,0xc5,0x79,0x28,0x37,0x63,0x92,0x1a,0x1d,0xea},{0xd2,0x2a,0xf0,0x66,0x15,0x8b,0xcb,0x83,0xcf,0x34,0xa1,0x33,0x6b,0xd5,0xa8,0x98,0x3b,0xd7,0x09,0x0d,0x70,0xa5,0x8a,0xc0,0x73,0xcf,0xde,0x59,0xd5,0x13,0x41,0xd2,0x43,0x8b,0xb4,0xc3,0x5b,0x6f,0xf1,0xed,0x47,0x76,0xe6,0x5e,0xb8,0x2a,0x7e,0x20,0x91,0xa0,0x9d,0xc1,0xa2,0x0a,0x6d,0x97,0x7d,0xeb,0xe3,0x64,0x5f,0x86,0xff,0x3e},{0x45,0xd8,0xdc,0xe4,0x3a,0x3a,0x44,0xdc,0x7f,0xa8,0x92,0x11,0x1b,0x4f,0xfa,0xcf,0x21,0xff,0xfb,0x20,0xb0,0x02,0x6d,0x0e,0x1c,0xde,0xe8,0x51,0xd8,0x2c,0x72,0x0e,0xbf,0xf6,0x9a,0xd3,0xd3,0xfe,0xfa,0x98,0x4e,0xc2,0xf0,0x16,0xda,0x39,0x93,0xc4,0xe0,0x33,0x9a,0x43,0xe8,0x7a,0xc5,0x0f,0x0b,0xa4,0x45,0xf0,0x5e,0x7a,0xa9,0x42},{0xdb,0x4e,0x17,0x76,0x8b,0x3c,0x98,0x7f,0x58,0x76,0x97,0xc9,0x3f,0x99,0x01,0x05,0x42,0x7e,0xfd,0x83,0x99,0xaa,0x19,0xb5,0x72,0x4c,0x69,0xed,0x6e,0x21,0x79,0x6e,0x3b,0x71,0xe5,0xab,0x23,0x84,0xe7,0xfe,0x58,0x2b,0x0d,0x1e,0x75,0x7c,0x29,0xb3,0x2d,0x66,0xc2,0x45,0x88,0xac,0x86,0x29,0xe4,0xaa,0x9e,0x71,0xa1,0x88,0xf9,0x06,0xda,0xa3,0xdd,0x7b,0x6c,0xd9,0xc9,0x73,0xe9,0x56,0xd1,0xee,0x5b,0xf9,0xae,0xc0,0x29,0xbe,0x20,0x6c,0xc7,0xf9,0xc5,0x2d,0x6d,0xad,0x8f,0x49,0xf8,0x17,0xdb,0x7a},{0xb8,0xb7,0xec,0xeb,0x3e,0x40,0x77,0x6c,0xab,0x10,0xfe,0x9f,0xd1,0x40,0xfe,0xd2,0x88,0x8e,0xb0,0x55,0xae,0x75,0xb1,0xcc,0x9d,0x6c,0x11,0x28,0x95,0x38,0x9f,0xb9,0x59,0xe2,0x29,0xc3,0xbc,0x09,0x16,0x1f,0x17,0x9e,0x15,0x78,0x09,0x61,0x07,0x9e,0xad,0x67,0x98,0xa9,0x24,0xff,0xf9,0x4b,0xa2,0x76,0x09,0xa0,0xd7,0x1b,0xed,0x05,0xda,0xa3,0xdd,0x7b,0x6c,0xd9,0xc9,0x73,0xe9,0x56,0xd1,0xee,0x5b,0xf9,0xae,0xc0,0x29,0xbe,0x20,0x6c,0xc7,0xf9,0xc5,0x2d,0x6d,0xad,0x8f,0x49,0xf8,0x17,0xdb,0x7a}},
+	{{0xc3,0x92,0x4d,0x01,0x9c,0xea,0x5a,0x8d,0xbd,0x5c,0x12,0x58,0x6d,0x03,0x26,0xbf,0xa4,0xdd,0xf7,0x26,0xa4,0x0d,0x22,0xe0,0xbd,0xcc,0x6f,0x30,0x9e,0xf9,0x4c,0x1f,0x03,0x52,0xab,0x38,0xe9,0x9c,0x08,0x9c,0x09,0xe5,0x87,0x5c,0x24,0x1a,0xe2,0x75,0xcb,0x18,0x8a,0x63,0x50,0xd1,0x23,0x45,0x49,0x93,0x40,0x2c,0x09,0xd4,0xac,0x39},{0xd4,0xe7,0xb7,0x05,0xfd,0xd6,0xf3,0x57,0xfb,0xc2,0x2f,0x2c,0x71,0x80,0xf5,0xc3,0xa6,0x0a,0x23,0x9d,0x1d,0xa8,0x68,0x10,0x8a,0xfa,0x68,0x9d,0x2b,0xcf,0x96,0xa9,0xe6,0x0e,0x07,0x32,0x23,0x09,0x87,0x16,0xc5,0xbb,0x76,0x22,0xfc,0xb4,0x59,0x6d,0x67,0xfd,0x29,0x51,0x95,0x4c,0xe2,0x8c,0x18,0xab,0xda,0x84,0xc3,0x62,0x80,0x14},{0xc9,0xa1,0xfe,0xc3,0x48,0x0d,0xee,0x54,0x44,0xff,0x9c,0x46,0x04,0x0e,0x74,0xda,0xa4,0x6a,0x56,0x02,0x5f,0x76,0x0e,0xb5,0xc1,0xc9,0xe9,0xb2,0x6e,0x07,0x49,0x0c,0xf7,0x4b,0xee,0xd6,0x0a,0xad,0x94,0x03,0x58,0x2d,0x60,0x95,0xf8,0x16,0x7b,0x49,0x0b,0x01,0x66,0x3e,0x17,0x01,0xe5,0x54,0x7d,0xd7,0xbb,0x10,0xd1,0xad,0xad,0x79},{0xb2,0xd8,0x10,0x29,0xeb,0xb8,0x4e,0x2b,0x39,0x85,0x5c,0xb3,0xdc,0xf5,0x87,0xca,0xca,0x9c,0x7a,0x8c,0x2b,0x08,0xe8,0x25,0xe2,0xcf,0x70,0xe2,0xe6,0xfb,0xdb,0x0c,0xc3,0x0d,0x71,0x11,0x83,0x65,0xf2,0x71,0x08,0x1b,0x32,0x6e,0x6c,0x51,0x50,0xf1,0xf6,0x4b,0x54,0x63,0x16,0x7f,0xfd,0x80,0x05,0x61,0x63,0xf1,0x80,0x6a,0x0b,0xfd},{0xa7,0x4b,0x75,0x38,0x90,0x64,0x96,0x7b,0xda,0x5e,0x08,0x9b,0x80,0xc4,0x72,0x3f,0x73,0xb2,0xdb,0xd3,0x4a,0xed,0xa4,0xdc,0x5c,0x79,0xe5,0x0f,0x7a,0xd3,0x0c,0xac,0xf9,0x99,0x5c,0x1a,0x0f,0xb3,0x1a,0x0f,0x5c,0xc3,0x9e,0x1a,0x2b,0xfa,0xc3,0xf0,0x40,0xe5,0x5f,0x36,0xd2,0x98,0x31,0xa1,0xaf,0x18,0x5f,0xae,0x92,0xf3,0x9e,0xc0},{0xf9,0xbf,0x52,0xe6,0xd3,0xe1,0x5d,0xd3,0x30,0xf3,0xa1,0x0c,0xc8,0x5a,0x97,0x55,0xab,0x67,0x67,0xd0,0x00,0x62,0x7b,0x80,0x70,0xbf,0x24,0xd0,0x09,0x8b,0x07,0x77,0xeb,0x3e,0xf0,0x5d,0xdf,0x7b,0xa9,0x7d,0xa4,0x6a,0x0d,0xf1,0xac,0x83,0x7d,0x64,0xb5,0xf4,0xc6,0xc4,0x12,0x0c,0x55,0x9f,0x67,0xbb,0xd5,0xe3,0xd3,0xdb,0x17,0x0f,0x90,0x2f,0x8f,0xc9,0xfd,0x4e,0x6c,0x8b,0xe6,0x99,0xfa,0xda,0x8f,0x1f,0xe6,0xc3,0xeb,0xd8,0x14,0x20,0xcc,0x3c,0x1c,0x23,0x77,0x28,0x9b,0x22,0x9a,0x5a,0x0c,0x43},{0xa2,0x78,0x37,0xc9,0x63,0xe1,0x31,0x36,0xc2,0x58,0xac,0xca,0xbb,0xa2,0x84,0xaa,0xb3,0x82,0xe2,0x19,0xb7,0x14,0x96,0x27,0x77,0xfa,0xa1,0x02,0xaa,0xff,0x55,0x82,0xba,0xc0,0x38,0x1a,0x69,0x35,0x48,0x87,0xc2,0xeb,0x48,0x08,0xea,0xc5,0x6b,0xfc,0x84,0x60,0x4e,0xce,0xd7,0xd2,0x86,0x8b,0x76,0xf3,0x46,0xe1,0x87,0x1f,0xff,0x09,0x90,0x2f,0x8f,0xc9,0xfd,0x4e,0x6c,0x8b,0xe6,0x99,0xfa,0xda,0x8f,0x1f,0xe6,0xc3,0xeb,0xd8,0x14,0x20,0xcc,0x3c,0x1c,0x23,0x77,0x28,0x9b,0x22,0x9a,0x5a,0x0c,0x43}},
+	{{0x0e,0xa6,0x0c,0xef,0x12,0xd6,0x7d,0x71,0xd4,0x88,0x73,0x86,0x9a,0x88,0x8f,0x5b,0xd1,0xb6,0x12,0xc4,0x93,0x8b,0x5f,0xee,0xdd,0x9c,0x2a,0x7f,0x4d,0xfd,0xba,0x00,0x09,0x45,0x77,0xd2,0xcf,0xcd,0x3a,0x6f,0x27,0x44,0xe2,0x55,0x3e,0x79,0x88,0x4d,0x5f,0x38,0x34,0xe8,0xe7,0xc6,0x3a,0xde,0xef,0x99,0x15,0xea,0x88,0x79,0xd7,0xca},{0xa0,0x9a,0x0a,0x3a,0x42,0x35,0x54,0x78,0xb9,0x82,0x52,0xb4,0xc8,0x5c,0x4a,0x03,0xa1,0xb9,0x27,0xcc,0x99,0xec,0x03,0xdf,0xdd,0x6e,0xde,0xef,0x8f,0x7f,0xdc,0x5a,0xc3,0xcb,0x0e,0xa2,0x7e,0x93,0xe6,0xdd,0xbd,0xf1,0x1b,0x03,0x29,0x63,0x72,0x11,0x72,0x3d,0x24,0x6f,0xdf,0x8e,0xed,0xa4,0xe2,0x2a,0x4c,0x00,0xe2,0xc4,0x55,0x1b},{0xb2,0xf1,0xff,0xf6,0x3a,0x26,0xe1,0x74,0x52,0xba,0xee,0x28,0xb6,0x56,0x90,0x59,0xde,0x92,0x5f,0x84,0xd1,0x87,0xe2,0x64,0xce,0xdc,0x94,0x3c,0xb4,0xf8,0x01,0x0a,0x86,0x2f,0xfe,0x79,0x03,0x72,0xfc,0x26,0x21,0xc3,0x1e,0xec,0x63,0x29,0x64,0xcb,0x5f,0xcc,0xb6,0x78,0xf7,0xc8,0xd1,0xf8,0x5c,0xc4,0x4b,0xc0,0xc3,0x75,0x3e,0x46},{0x03,0x4b,0xb9,0xd1,0x50,0xa3,0x79,0xbe,0x74,0xa3,0xb5,0xd8,0x28,0x1b,0x6d,0x72,0x68,0x0a,0x9b,0x19,0xc9,0x13,0xc4,0x04,0x94,0x0a,0xcb,0x72,0xff,0x7d,0xb6,0x9a,0x1c,0xfd,0xe4,0xa3,0x75,0x13,0x57,0x36,0xfe,0x4a,0xf6,0xbc,0xca,0xd9,0x34,0x9b,0xef,0x90,0x02,0xd9,0xbd,0xdd,0x6f,0x22,0x54,0x36,0xb2,0x3f,0x22,0x65,0xef,0xe7},{0x04,0xd4,0x43,0xe8,0x8c,0xc4,0xfb,0xe5,0x55,0xd0,0xa4,0xea,0x20,0xf8,0xe1,0x8f,0xc2,0xbc,0x1f,0x55,0xf1,0x8d,0xda,0xc0,0x85,0xa4,0xef,0x36,0x97,0x22,0x8b,0x8e,0x77,0x4c,0x1a,0xa4,0xa0,0x6f,0xe1,0xdc,0x32,0x47,0xc4,0x3a,0xd8,0x8a,0xbd,0x19,0x30,0x1c,0x96,0x7a,0xb2,0x23,0x7c,0x16,0x03,0xa7,0x4f,0xfd,0xa6,0x50,0xd9,0xf7},{0xdf,0xc2,0x59,0xd2,0xa9,0x9b,0x1e,0xca,0xf0,0x39,0x2f,0xf8,0xc2,0xf3,0x91,0x55,0x1b,0xba,0x81,0x3a,0x67,0x1a,0xd4,0xf4,0xb0,0x9f,0xb6,0x18,0x38,0x65,0x3e,0x67,0xa0,0x37,0xc2,0x9a,0xc7,0xee,0x72,0x8e,0x13,0x64,0xd1,0x0a,0xda,0xbd,0x8d,0xa4,0x28,0x55,0x3a,0x2c,0x78,0x41,0xc6,0xfc,0x1c,0x0f,0xf8,0xd7,0x5f,0xe6,0xde,0x0b,0xd5,0xc0,0xaa,0x2c,0x5c,0xac,0x46,0xeb,0xa4,0x35,0x2a,0xab,0x00,0x2e,0xc0,0x8b,0x42,0x65,0x2f,0x2f,0x13,0x84,0x60,0x15,0xa3,0x69,0xee,0xab,0x0e,0x50,0xbf,0x5f},{0xc1,0xb0,0xac,0x4c,0xfa,0x62,0x52,0x22,0xae,0x8c,0x94,0x38,0xd9,0x6e,0x10,0x94,0xe7,0xaa,0xc0,0x92,0x93,0x06,0x55,0xf9,0x2e,0xd9,0x10,0x4d,0xcb,0x82,0x19,0x1f,0x27,0x16,0x81,0xdd,0xea,0x7a,0xa8,0xce,0x5a,0xdd,0x37,0x77,0x24,0x57,0xfb,0x40,0x3d,0x1b,0x48,0x88,0xda,0xce,0xe8,0xd2,0xed,0xe0,0x6e,0x29,0xeb,0xdb,0x95,0x09,0xd5,0xc0,0xaa,0x2c,0x5c,0xac,0x46,0xeb,0xa4,0x35,0x2a,0xab,0x00,0x2e,0xc0,0x8b,0x42,0x65,0x2f,0x2f,0x13,0x84,0x60,0x15,0xa3,0x69,0xee,0xab,0x0e,0x50,0xbf,0x5f}},
+	{{0x3a,0x79,0x39,0x60,0xe9,0x93,0xad,0x78,0xf9,0x0b,0x99,0x64,0x71,0x76,0xad,0xdc,0x63,0xa3,0x38,0xbf,0x0a,0x36,0x22,0xcf,0x4f,0x84,0x3e,0x34,0xaf,0x0b,0xd4,0x5c,0xc0,0xa4,0x01,0x7c,0x07,0xc3,0xb4,0xcb,0xdb,0x39,0xdd,0x39,0xc7,0x5c,0xbd,0xcf,0x61,0x8b,0x72,0x74,0xd6,0x85,0xdc,0x5c,0x08,0x93,0x6d,0xe6,0xf1,0xeb,0xb9,0x7c},{0x71,0x12,0x20,0xbb,0x37,0xa6,0xd8,0x71,0xf7,0x58,0xaa,0xbd,0x30,0xfb,0xac,0x94,0x62,0x45,0xf0,0x1a,0xc3,0x4a,0x07,0x78,0x6d,0x17,0xf5,0x8d,0x69,0x3d,0x2e,0x15,0x96,0x48,0x1a,0xb0,0x7e,0xdd,0xf5,0x2d,0xe1,0x56,0xfc,0xe9,0x26,0x91,0x51,0xfe,0x5e,0x2a,0xdc,0x23,0x89,0x09,0x14,0xe6,0x17,0xa9,0x14,0x8c,0x8c,0xe8,0xe3,0x71},{0xe4,0xd0,0xa7,0x5a,0xce,0x93,0x1d,0x55,0xa2,0x3d,0xdd,0x7e,0x10,0x66,0x6d,0xc6,0x5c,0x87,0x9f,0x7a,0x52,0x5e,0x76,0x3f,0x09,0x9e,0xe5,0x8e,0x60,0x39,0x5e,0x3c,0x28,0x31,0xa4,0x12,0x39,0xfd,0xba,0xda,0xc8,0x59,0xdd,0x5b,0x26,0x78,0x8f,0x33,0xd2,0xc8,0x22,0x77,0x49,0xcf,0x34,0x61,0xbe,0x7a,0xa6,0x31,0xbe,0xe5,0xab,0xc2},{0x60,0xf5,0x52,0xbd,0xb1,0x9e,0x06,0xa3,0x94,0xad,0xe0,0x82,0x33,0x7c,0x41,0x17,0x5b,0x8a,0xbc,0x7c,0xce,0xd1,0x7e,0xfd,0x39,0x17,0xfd,0x90,0x5a,0x53,0x89,0x27,0x9f,0x27,0x7a,0x08,0xb2,0x66,0xda,0xb5,0xbf,0x3b,0x80,0xe2,0x1a,0x30,0x80,0x45,0x13,0xf3,0x4b,0x0c,0x4a,0xe9,0x0a,0x6e,0xf2,0x3e,0xa3,0x70,0x3d,0x89,0xd3,0xb2},{0x23,0x41,0x08,0x8d,0xa8,0x0b,0x6a,0xe0,0x65,0xb1,0x42,0x50,0x49,0xdd,0xd3,0xe8,0x89,0x13,0x7a,0x04,0xf0,0xd6,0x2f,0x6e,0x73,0xcd,0xdc,0x10,0xbb,0x02,0x6b,0xa2,0x25,0x58,0xa3,0x08,0x37,0x7c,0x8b,0x1f,0x4a,0x81,0x38,0x88,0xbd,0xf4,0x4f,0x24,0xe8,0xd6,0x9f,0x2f,0x13,0xeb,0x79,0x60,0x80,0x90,0x52,0x6b,0x8e,0xed,0xcb,0x77},{0x5b,0x88,0x63,0xaf,0xf9,0xe2,0x44,0x23,0xc8,0x02,0xe0,0x22,0x15,0x3d,0x2a,0xb7,0x40,0x76,0xe8,0x95,0xfd,0xa9,0xe3,0x85,0x94,0xa3,0xbb,0xce,0x61,0x19,0x0d,0xe2,0x95,0xdf,0x81,0x11,0x53,0x77,0xcd,0xf2,0xd8,0x4f,0xbf,0x19,0x6a,0x3d,0x4b,0xda,0xa4,0x56,0xa4,0xcd,0x9d,0x4f,0x52,0x53,0x7d,0xd8,0xac,0xe0,0xfb,0x9a,0x71,0x0c,0x59,0xf9,0x0b,0x03,0xf1,0x7b,0xaf,0x33,0xc3,0xe5,0x1e,0x8d,0x4f,0xbe,0x21,0xed,0x6b,0x15,0xdd,0xd2,0xeb,0x7c,0xe4,0x59,0x6c,0xf9,0x91,0xc1,0x3a,0x3a,0xb6,0x2b},{0x5e,0x54,0xe5,0x1b,0x3d,0x2c,0x00,0x80,0xdd,0xe4,0x10,0x50,0x98,0xb6,0x0e,0x3a,0xf7,0xde,0x67,0x2c,0x8e,0x7b,0xb4,0x73,0x0b,0xc7,0x12,0xb0,0x66,0x6b,0x3b,0x99,0xd9,0x33,0x78,0x5f,0x45,0xe5,0xec,0x15,0x02,0xfa,0x8b,0x86,0xfd,0xe0,0xb7,0x84,0x72,0xf2,0x68,0x5c,0xd6,0x2e,0x37,0xe9,0x49,0x32,0x2f,0xcd,0xcd,0x1e,0x99,0x0f,0x59,0xf9,0x0b,0x03,0xf1,0x7b,0xaf,0x33,0xc3,0xe5,0x1e,0x8d,0x4f,0xbe,0x21,0xed,0x6b,0x15,0xdd,0xd2,0xeb,0x7c,0xe4,0x59,0x6c,0xf9,0x91,0xc1,0x3a,0x3a,0xb6,0x2b}},
+	{{0xfc,0xb9,0x4e,0x4e,0x11,0xfe,0xe1,0xc5,0xc7,0x49,0x54,0xd2,0x2f,0x13,0x34,0x7c,0x91,0x7d,0x98,0x43,0xe4,0xb7,0x48,0xea,0xe8,0x26,0xcb,0x26,0x1f,0xe4,0x99,0x10,0xb9,0x34,0xc2,0xac,0xa3,0x2c,0xbd,0x9e,0x80,0xd4,0x12,0x3b,0xb3,0xf0,0x01,0xae,0x91,0x9f,0xba,0x77,0x32,0x4d,0x9d,0xac,0x1f,0x8d,0xad,0xa7,0x46,0x44,0x85,0xfb},{0x65,0x05,0x0b,0xd2,0x41,0xd3,0x58,0x2a,0x14,0xbc,0x7b,0x15,0x4a,0x6a,0x6a,0x18,0x71,0x09,0x25,0x33,0xac,0x73,0x53,0xab,0xd9,0x0d,0x8d,0xdf,0x95,0x59,0x7e,0x02,0x4c,0x03,0x11,0x5c,0xdc,0x80,0x19,0xd5,0x13,0x66,0x7f,0xf7,0xd7,0x23,0x18,0x40,0x84,0x16,0x6b,0x52,0x82,0x96,0x05,0x1b,0xfa,0xcb,0x4b,0x77,0x00,0x12,0xa0,0x28},{0x13,0xe0,0x16,0x1e,0x24,0x24,0xe9,0xde,0x9c,0x86,0xa9,0xcf,0x02,0x96,0xdf,0x8c,0x64,0xcb,0x3d,0x7d,0x8a,0x2a,0x73,0x18,0x20,0xc8,0xb0,0xac,0x10,0xa0,0x52,0x0c,0x6c,0x17,0xd9,0xbd,0x3c,0x3e,0xe5,0x0c,0x4a,0xdb,0x59,0xcc,0x59,0x15,0x08,0x1e,0xfe,0xaa,0xe3,0xd6,0xa1,0x37,0xd6,0xd5,0x6d,0x8e,0xcd,0x57,0xa9,0x81,0xb3,0x43},{0x46,0x28,0x2b,0xa0,0xe5,0xe3,0xf0,0x72,0xa7,0xbc,0x8d,0xec,0x45,0x31,0x6e,0xdb,0xb2,0x4b,0x20,0xbf,0x64,0x74,0x26,0x70,0x9b,0xd6,0xd3,0x7f,0x9f,0xc1,0x59,0x03,0x2d,0xda,0x6f,0xaa,0x7c,0x92,0xc6,0xe0,0xe8,0xaa,0x1e,0x26,0xf0,0x1e,0xcc,0xef,0x6d,0x87,0x04,0x3c,0xed,0x52,0x15,0xb3,0x9f,0x01,0x4e,0xe3,0x3c,0xb6,0xbb,0xac},{0x86,0x1a,0x25,0x8e,0x41,0x85,0xf9,0xba,0x98,0x15,0xb1,0xec,0x50,0xb4,0xd0,0xab,0x55,0x54,0xbb,0x3b,0x61,0xfc,0x54,0xf3,0x09,0xea,0xaa,0x6e,0xbf,0x03,0xc3,0x58,0x1d,0x24,0xb5,0xd5,0x45,0x5a,0x7a,0x14,0xc3,0x6a,0xa9,0xd8,0x6f,0x41,0xc3,0xb4,0x9a,0x05,0x71,0xbc,0x23,0x67,0xc2,0xa8,0xf5,0x7b,0x69,0xa5,0xe1,0x7a,0x35,0x1d},{0x3b,0xf5,0xa8,0xc0,0x2a,0x7d,0x85,0x88,0xd4,0xf4,0x26,0xd3,0xf4,0xe3,0x52,0x35,0x37,0x06,0x1e,0x71,0xc2,0x3b,0x7b,0xeb,0xf0,0x07,0x30,0x6b,0x37,0x31,0xb9,0x27,0xd8,0x0b,0x17,0xae,0xff,0xd4,0x7c,0x59,0xd7,0x2d,0xea,0xcb,0x92,0x2f,0x93,0xc7,0xd7,0xc3,0xaf,0x75,0x73,0x6a,0x3f,0x89,0xe5,0x13,0x0c,0x28,0x47,0xf4,0xa4,0x07,0xfb,0xd9,0x77,0xb4,0x1e,0xb2,0x70,0xca,0x85,0x22,0x58,0xc6,0x0b,0x19,0xc2,0xa5,0xba,0xc3,0xc9,0xb6,0x4a,0xdb,0x7d,0x4d,0x66,0xde,0xeb,0x8c,0x1a,0x23,0xb8,0x4c},{0x8c,0x57,0x0e,0x9f,0x0a,0xb2,0xf4,0x07,0xdd,0x7b,0x46,0xf8,0xa0,0xb1,0x33,0x4c,0x2b,0x1e,0x1a,0xe0,0x28,0x17,0x14,0xba,0x14,0x06,0x40,0x1f,0x30,0x0a,0x19,0xcd,0xe7,0xca,0xfb,0xdb,0xb9,0x76,0xf8,0x8a,0x81,0x3d,0x03,0x86,0x7e,0x66,0x75,0x1d,0xec,0xff,0x6b,0xa7,0xea,0x4c,0x8c,0x60,0xd2,0x1f,0x72,0x11,0x4c,0x5d,0xeb,0x01,0xfb,0xd9,0x77,0xb4,0x1e,0xb2,0x70,0xca,0x85,0x22,0x58,0xc6,0x0b,0x19,0xc2,0xa5,0xba,0xc3,0xc9,0xb6,0x4a,0xdb,0x7d,0x4d,0x66,0xde,0xeb,0x8c,0x1a,0x23,0xb8,0x4c}},
+	{{0x05,0x64,0x16,0x53,0xbb,0xb2,0x6e,0x81,0xfc,0xe6,0xec,0xc8,0x0c,0xc1,0x75,0x59,0x23,0xe2,0x4b,0xd8,0x6a,0x70,0x34,0x50,0x37,0xc6,0xc2,0xbd,0x27,0xfd,0xad,0x4c,0xee,0xe4,0xf7,0xfc,0x91,0x05,0x48,0x3c,0xd4,0x09,0x78,0x00,0xce,0x15,0x37,0xdc,0xe7,0xce,0x48,0x09,0x3e,0x7f,0x01,0x9b,0x03,0xc8,0x2f,0x9b,0xe6,0x42,0xe1,0x71},{0x64,0xbf,0x63,0x91,0xe5,0x3e,0x90,0x89,0x96,0xea,0x59,0x51,0x60,0x7b,0x5f,0xfe,0x0f,0x76,0x86,0x19,0x45,0x82,0xd9,0x5e,0x1a,0xd1,0xf6,0x04,0xc6,0xaa,0x71,0xda,0x80,0xed,0x75,0x51,0xc8,0x9a,0x27,0x09,0xc3,0x50,0xe4,0x14,0xa1,0xc3,0xf8,0x3a,0x6c,0x84,0xff,0x87,0xd5,0xf0,0xb0,0x3c,0x5a,0x57,0x14,0x90,0xc7,0x31,0xf8,0x47},{0x88,0x7d,0xcc,0x81,0x2b,0xbb,0x7e,0x96,0xbe,0x78,0xe1,0xb1,0xf2,0xed,0x6f,0xd8,0xff,0xbd,0x7f,0x8e,0xe5,0xeb,0x7f,0x7b,0xca,0xaf,0x9b,0x08,0x1a,0x77,0x69,0x1d,0xc2,0xa4,0x7c,0x4d,0xa6,0x74,0x8e,0x33,0x24,0xff,0x43,0xe1,0x8c,0x59,0xae,0x5f,0x95,0xa4,0x35,0x9e,0x61,0xb8,0xcc,0x4c,0x87,0xb9,0x76,0x53,0x20,0xa3,0xf3,0xf5},{0x13,0x2a,0xcc,0x07,0xb1,0x5f,0xc7,0xf1,0x08,0x0e,0x7d,0x7e,0x26,0x56,0xd8,0x16,0x9c,0xae,0xac,0xc4,0xf5,0x9c,0x15,0x67,0xae,0xc4,0xcc,0x3f,0xc0,0xaf,0x53,0x28,0x1f,0x65,0x14,0xe5,0x7f,0x0c,0xf5,0x7a,0xe3,0x93,0xc1,0xa3,0xd1,0x4a,0x09,0x7d,0x24,0xab,0x22,0xc4,0xc4,0xce,0x85,0x37,0x86,0xa8,0x9c,0x39,0x33,0xba,0x1b,0x83},{0x6d,0x3e,0x92,0x5a,0xa8,0xfa,0xe6,0x71,0x98,0xa8,0x82,0x38,0xcc,0xed,0xd6,0x92,0x7e,0x3e,0xcb,0xb2,0x82,0x92,0x7a,0x56,0x9e,0xd6,0x29,0x45,0x42,0x04,0x76,0x82,0xa5,0xfc,0xd9,0x0c,0x12,0x4c,0x98,0x04,0x2a,0x3a,0x98,0x01,0xb8,0x62,0xe8,0xe6,0x7c,0x51,0xe3,0x7d,0x97,0xf5,0x45,0xb4,0x13,0xdf,0x15,0x68,0xc3,0x00,0x75,0x40},{0x7e,0x89,0x3d,0x7c,0x78,0x36,0x3c,0x85,0xda,0xb6,0x9b,0x6d,0xbc,0x52,0x7d,0xc6,0xaa,0xfd,0x90,0x62,0xe4,0xc4,0x1a,0x5a,0x2e,0xa1,0x57,0xd7,0xda,0x57,0xf4,0x58,0xc5,0x23,0x61,0x21,0xe1,0x93,0xfa,0x06,0x22,0xed,0x41,0x66,0x24,0x47,0xb9,0xed,0xc8,0x84,0x25,0x28,0x39,0xec,0xfb,0x29,0xa1,0xcd,0xe1,0x9d,0x02,0x48,0x6f,0x0a,0xe2,0x9f,0x98,0xfd,0x3d,0x18,0xa1,0x24,0x9c,0xc6,0x75,0xb8,0x99,0x76,0x2a,0xa4,0x9e,0xb1,0x97,0x2d,0x1c,0x99,0x65,0x5f,0x1f,0xda,0x14,0x4f,0x10,0x49,0xf1,0x7a},{0x2c,0xec,0x27,0x63,0xd2,0x77,0x14,0x2d,0x01,0x18,0x10,0xe0,0x23,0x1b,0xa2,0x25,0x61,0xd4,0x52,0xd9,0x90,0xde,0x97,0x7e,0xb8,0xfa,0x38,0x25,0xf2,0x91,0x07,0x3e,0xc4,0xa9,0x3e,0xb5,0x67,0x02,0x28,0x94,0x5c,0x34,0xa1,0x0a,0x5c,0x54,0x53,0xd9,0xb4,0xc4,0x5a,0x8e,0x57,0x18,0xc3,0x35,0xea,0x47,0x75,0xe0,0x44,0x01,0x71,0x09,0xe2,0x9f,0x98,0xfd,0x3d,0x18,0xa1,0x24,0x9c,0xc6,0x75,0xb8,0x99,0x76,0x2a,0xa4,0x9e,0xb1,0x97,0x2d,0x1c,0x99,0x65,0x5f,0x1f,0xda,0x14,0x4f,0x10,0x49,0xf1,0x7a}},
+	{{0x41,0x10,0xd9,0x7f,0xb8,0x83,0x9e,0x42,0x43,0x7a,0xb0,0x6d,0xa6,0xcf,0xa5,0x7a,0x50,0x93,0x2d,0x13,0x94,0x37,0xa8,0x92,0x26,0x1f,0xad,0xe0,0x25,0x19,0x91,0x62,0x28,0xfb,0x18,0xbf,0x89,0xb0,0x42,0x80,0x14,0xcd,0xd2,0x72,0x84,0x1c,0xfd,0xe5,0xc3,0x71,0x3c,0x3f,0x12,0x5e,0xdd,0x53,0x39,0xf6,0x4b,0x9f,0xb3,0x5c,0xe3,0x15},{0xd0,0xc7,0x18,0x4d,0x68,0x9f,0xdd,0xec,0x81,0xf8,0xc6,0x0e,0x83,0x43,0x23,0x3d,0xfc,0xf3,0x66,0x55,0xa8,0x65,0x8b,0xd7,0x9b,0x3c,0x74,0x23,0xcd,0xae,0x60,0xe7,0x61,0xed,0x2c,0x7e,0xe7,0xa7,0x63,0x7d,0x72,0x47,0x6a,0x33,0x1c,0xaa,0x81,0xba,0x6f,0xd4,0x00,0xe7,0xa9,0x58,0xb2,0xad,0xee,0x3f,0x9c,0x70,0xff,0x2f,0x13,0x6f},{0x56,0x7b,0x19,0x66,0x42,0x9a,0x99,0x51,0x23,0x4f,0xb6,0xe7,0xcf,0x98,0xff,0x20,0x5a,0xc3,0x0e,0x36,0xc9,0xc6,0x20,0x25,0x0c,0x56,0x98,0xfb,0xbd,0xd6,0x66,0x4f,0x6f,0x94,0x85,0x8a,0x35,0xf3,0x50,0xad,0x87,0xde,0x95,0x9e,0xae,0x2a,0xd8,0xdd,0x78,0x87,0x96,0x2b,0xe0,0x12,0x95,0xd9,0x3b,0xb2,0x2a,0x06,0xe2,0xf0,0x06,0xd4},{0x42,0x24,0xdd,0x0a,0xd1,0x11,0x31,0x7e,0x56,0x45,0xb0,0x0e,0x86,0xc1,0x5d,0x8c,0x03,0x01,0xb8,0x33,0x20,0xbd,0x08,0x10,0xe5,0x70,0x92,0x2b,0x5b,0x86,0xd3,0x50,0x4c,0x1e,0xe3,0xd1,0x2a,0x4e,0x40,0x02,0x19,0x0b,0xf6,0x91,0xd9,0x9e,0xaa,0x54,0x7c,0x3d,0xba,0xc5,0x5a,0x9e,0xb2,0xbb,0x4e,0x0d,0x5b,0xdd,0x90,0xc9,0x7b,0xc2},{0x54,0x95,0xd5,0xdc,0x7e,0x7e,0xec,0xd4,0x67,0x08,0xdc,0x58,0xa9,0x80,0x8a,0x03,0x6a,0xf8,0x40,0xca,0x0d,0x5b,0x6c,0xe4,0xc9,0x71,0xa5,0xaf,0x2a,0xaa,0xe8,0x95,0x45,0xe7,0xe2,0xc3,0x47,0x84,0xc6,0xbe,0xe5,0x65,0xaf,0xcd,0x7c,0x20,0x5f,0x8b,0x19,0x61,0xe4,0xc9,0xc1,0x86,0xa5,0x6f,0x96,0xf3,0x9c,0x13,0x28,0x1b,0xcf,0x07},{0xc4,0x7f,0xf2,0x6f,0xcc,0x4a,0xf8,0xa4,0x1f,0x1d,0x6e,0x5e,0x30,0xb2,0x99,0x8f,0x5d,0x7c,0x26,0x1c,0x52,0x6f,0xd0,0x33,0xa7,0xf8,0xca,0x2a,0xc3,0x8c,0xa8,0xd1,0x50,0x4f,0xa7,0xe8,0xf2,0x10,0x4c,0xcd,0x8a,0x31,0x03,0xc8,0x93,0x2c,0xd7,0xe4,0x21,0xdb,0xa2,0x62,0x7b,0x1f,0x28,0x14,0x69,0x7e,0x87,0xac,0xf9,0xb4,0x97,0x00,0x62,0x86,0x14,0xd7,0xe4,0x65,0xdd,0x9e,0x1c,0x64,0x5f,0x3e,0xef,0xfe,0xa6,0x60,0x68,0x91,0x94,0x8a,0x1c,0x89,0xae,0xe4,0xcf,0x3a,0xdd,0xc0,0xb4,0x47,0xe8,0x8f},{0x12,0x80,0x00,0xda,0xce,0xc4,0x80,0x8f,0xa9,0xa1,0x5d,0x98,0x7d,0x2c,0xb2,0x9c,0x71,0xde,0x62,0x89,0x6a,0xe1,0x92,0xd7,0x96,0xdc,0xcd,0xc8,0x08,0x0e,0x48,0xbf,0x2a,0x53,0x72,0x90,0x31,0x71,0x49,0x02,0xda,0x4e,0x19,0x05,0x10,0xcb,0x41,0x97,0x44,0xdc,0x2d,0x1e,0x48,0xe5,0x0e,0x41,0x9d,0x7d,0x03,0xa3,0xe2,0x65,0xd4,0x01,0x62,0x86,0x14,0xd7,0xe4,0x65,0xdd,0x9e,0x1c,0x64,0x5f,0x3e,0xef,0xfe,0xa6,0x60,0x68,0x91,0x94,0x8a,0x1c,0x89,0xae,0xe4,0xcf,0x3a,0xdd,0xc0,0xb4,0x47,0xe8,0x8f}},
+	{{0x00,0x4b,0x0b,0xf5,0x1f,0x07,0x1e,0x23,0xe3,0x93,0x7b,0x31,0x41,0x2a,0x0a,0x50,0x35,0xe2,0xbb,0xfe,0x51,0x77,0x6c,0xc9,0xc5,0x13,0xb9,0x87,0x79,0x65,0x68,0x20,0xcc,0x09,0x90,0xa9,0xe4,0xef,0x9f,0x1a,0xe1,0x69,0x76,0x14,0x82,0x42,0x88,0x4b,0xdc,0xe0,0x10,0x22,0xe2,0xd6,0x36,0x7c,0x0b,0xd9,0x08,0xea,0xfa,0xe4,0xfd,0x45},{0x57,0x5c,0x1e,0x20,0xb4,0xae,0x9e,0x9d,0x04,0xfb,0x1a,0xd7,0x23,0xd8,0x8a,0x6b,0x1b,0xb2,0xef,0xa9,0x06,0x38,0xbb,0x9b,0x43,0x2e,0xf1,0x81,0x0b,0x76,0xec,0x20,0x46,0x1b,0xc4,0x71,0x19,0x3e,0x79,0xe8,0xcf,0xea,0xdc,0x4b,0x3f,0x0b,0xeb,0x05,0x13,0x1a,0x2c,0xfe,0x16,0xe9,0xf0,0xc4,0x9c,0x41,0xab,0x45,0x1b,0xba,0x05,0xec},{0x06,0x0b,0x73,0xec,0x30,0x74,0x0d,0x8d,0x13,0x4b,0xef,0xac,0x3b,0x05,0xb6,0xed,0x2b,0x05,0xd1,0xa7,0x65,0xb0,0xcb,0x69,0x00,0xeb,0x47,0xe3,0x1c,0x07,0x8b,0x15,0xbf,0x69,0xff,0x27,0xb4,0xdb,0x77,0xaf,0xe9,0x9a,0xfb,0xb2,0x28,0xa4,0xf9,0x05,0xe4,0x3c,0x66,0x56,0x00,0x1a,0x2c,0x41,0xf2,0xe1,0x11,0x09,0xfa,0xe1,0x50,0x49},{0xbc,0x4d,0x6f,0x75,0x79,0x77,0x64,0x6b,0xec,0xac,0x1a,0x26,0x73,0x9c,0xf3,0xf1,0x4d,0x79,0xbe,0x6f,0x0c,0x07,0x22,0xd1,0xa1,0x31,0x75,0xa8,0x9c,0xb6,0x00,0x63,0x0d,0x40,0x17,0xec,0x83,0xda,0x82,0x2c,0x3b,0xfd,0x90,0xe3,0xbc,0xc2,0x2c,0xf5,0x3e,0x41,0xe9,0x98,0x57,0xa2,0xb7,0xce,0x5f,0x31,0xbb,0x0b,0x05,0x61,0x0f,0x55},{0xb7,0xab,0xb2,0x84,0xf1,0x67,0x24,0x16,0x61,0xe9,0x20,0x33,0x0b,0xff,0x22,0x61,0x70,0xa0,0x5d,0xf6,0xa8,0x33,0xc9,0x30,0x73,0xe5,0x89,0x36,0x59,0xea,0xa8,0xe7,0x03,0xf6,0x14,0xc1,0x79,0xb6,0x42,0xa5,0xc8,0x6c,0xb8,0x94,0x29,0x24,0x00,0x09,0xb5,0x54,0x3f,0xe1,0x6b,0xfb,0x4d,0x2d,0xa9,0x9a,0x02,0xa1,0xa5,0x09,0xf4,0xcb},{0x92,0xfa,0x18,0x84,0x3e,0xdb,0xdf,0x7d,0x87,0xd6,0x2d,0x07,0x05,0x2c,0xba,0xe4,0x30,0x76,0xa2,0xe8,0x71,0x3b,0x1b,0x93,0x5b,0xce,0x2e,0xec,0x50,0x6e,0x4a,0x0b,0x2d,0xbe,0xa3,0x76,0x92,0xf8,0xc8,0x4a,0x71,0x66,0xec,0xfa,0x36,0xc5,0xdb,0xab,0x99,0x9c,0xbf,0x99,0x07,0xe8,0xfe,0xf4,0x2f,0x90,0x16,0x5d,0xdc,0xbe,0xfa,0x08,0x93,0xde,0x13,0xf5,0x32,0x45,0x9a,0xde,0xa2,0x5d,0xb9,0xe0,0x38,0x4c,0x6a,0xcc,0x13,0x46,0x27,0x28,0xbf,0xf8,0x7a,0x9c,0x2e,0xde,0x6f,0xfe,0xe1,0x86,0x41,0x79},{0xa7,0x32,0x52,0x76,0x4f,0x3e,0x1b,0xab,0x82,0x18,0x14,0xe7,0x42,0x32,0xb8,0xa4,0x98,0xde,0xa4,0xd7,0xae,0x42,0x84,0xda,0x71,0xf7,0x78,0x40,0x56,0x94,0x64,0x49,0x34,0x37,0xeb,0xe3,0x05,0x4c,0xb9,0xbb,0xce,0xb2,0x72,0xc0,0x75,0x1c,0xc4,0xd5,0x1e,0x3a,0xc1,0x43,0xda,0xd1,0x81,0x82,0xa9,0xd5,0x0e,0x0a,0x5e,0xc2,0xd7,0x04,0x93,0xde,0x13,0xf5,0x32,0x45,0x9a,0xde,0xa2,0x5d,0xb9,0xe0,0x38,0x4c,0x6a,0xcc,0x13,0x46,0x27,0x28,0xbf,0xf8,0x7a,0x9c,0x2e,0xde,0x6f,0xfe,0xe1,0x86,0x41,0x79}},
+	{{0xa3,0xdf,0x4a,0xfd,0xe6,0x74,0xb8,0xeb,0xed,0xe7,0x7e,0xd2,0xae,0xf8,0x40,0x80,0x3a,0x55,0x58,0x1d,0x6b,0xa4,0x32,0x6c,0x15,0xbb,0x67,0xdf,0x9e,0xb5,0x70,0x4b,0x7f,0x4d,0xfe,0x34,0x42,0x0c,0x4d,0xe3,0x97,0x87,0x6d,0x08,0xe8,0x4d,0x8a,0xa9,0xbc,0xbf,0x1b,0xb7,0x66,0x32,0xf4,0x7f,0x93,0xca,0xa4,0xd2,0x8f,0x02,0x7b,0xfa},{0xea,0xac,0xdf,0x25,0x39,0xf3,0x28,0xb6,0xbe,0xa8,0x4a,0x32,0x59,0x4b,0x4f,0xb5,0xd2,0xf7,0xf5,0x75,0x43,0x8b,0xb3,0x6a,0x98,0x8c,0x14,0xc9,0x3f,0x7e,0x5c,0x05,0xf0,0xeb,0x1d,0xc5,0xe6,0x1b,0x5d,0x7f,0x38,0x5d,0x9a,0xbe,0xc8,0x97,0x09,0x65,0x62,0x88,0x99,0xda,0x95,0x13,0x93,0xd9,0xa3,0x19,0x0a,0xa7,0x4a,0xb2,0x81,0xa4},{0x6e,0x70,0x65,0xaa,0x1b,0x16,0xcb,0xc1,0x59,0x6b,0xc9,0x4d,0xd1,0x0a,0x9d,0x8c,0x76,0x70,0x3c,0xc1,0xc1,0x66,0xa6,0x9f,0xfc,0xca,0xb0,0x3f,0x0e,0xe9,0xa9,0x36,0x09,0x4f,0x94,0xf3,0x32,0x25,0x34,0xf6,0xe4,0xf9,0x0b,0x0c,0xe6,0xe0,0x6d,0x9e,0xa5,0x52,0x82,0x9c,0xd4,0x43,0xa4,0xd1,0xd1,0x63,0x20,0xce,0xbc,0x4f,0x43,0xdc},{0x35,0xd6,0xc1,0x68,0xa6,0xd7,0xd3,0x36,0x82,0x2a,0x0f,0x29,0x3e,0xd6,0x15,0x29,0x19,0x73,0x14,0x78,0x87,0x86,0xca,0x9f,0x6e,0x17,0xea,0xaf,0x24,0x37,0xd6,0xb4,0xb0,0xee,0x84,0x90,0x2d,0x18,0xbd,0x26,0xc3,0xd4,0x39,0x4f,0x45,0xfa,0x2f,0x70,0xf2,0xe2,0x2a,0x2a,0x5c,0x65,0x15,0xcb,0xaf,0x92,0x9a,0xfc,0x06,0xe0,0x8a,0x1b},{0x5d,0xfa,0xc0,0x2b,0xc3,0x94,0x19,0xb4,0xd6,0x13,0xe3,0xcf,0x91,0xad,0x8c,0xe1,0x97,0x46,0xfe,0xea,0x74,0xe0,0x0c,0x03,0xf7,0x2e,0x51,0xa7,0xf2,0xbc,0xce,0xe8,0x6b,0xfd,0x2f,0x54,0x52,0x12,0x00,0x8d,0x95,0x91,0xc3,0xf6,0x25,0xf8,0x65,0x6a,0x9c,0x79,0x6b,0x71,0xc0,0x0c,0x29,0xfb,0xe7,0x14,0x9f,0x2f,0x1a,0x07,0x53,0x50},{0xe9,0xd4,0x46,0x0b,0x51,0x3f,0xf1,0xbe,0x0a,0x23,0xa5,0x38,0xa0,0xe3,0x70,0x14,0x63,0xf0,0x94,0xbb,0x1c,0x4f,0x23,0x05,0x1b,0x62,0x40,0x9b,0xf9,0x52,0x1b,0x41,0x51,0x57,0x2a,0x99,0x73,0xda,0xe1,0xcf,0xc5,0x4c,0x65,0x3a,0xc2,0x9d,0x73,0xda,0xc9,0x59,0xf1,0xdf,0xab,0x2b,0x27,0xe1,0x59,0x8b,0xa7,0x48,0xf9,0x36,0xcb,0x08,0xe3,0x5e,0x1d,0xdd,0xf9,0x20,0x4f,0x64,0xa9,0x26,0x74,0x97,0xf2,0x2d,0x31,0xac,0x8c,0x20,0x77,0x09,0xa9,0x8f,0xed,0x23,0x77,0x7e,0xd7,0x34,0x93,0x84,0xe7,0xaa},{0xaa,0xf7,0x64,0xdf,0x34,0x59,0x1c,0x2c,0xbc,0x47,0x08,0x6a,0x25,0xbf,0x9d,0x48,0x54,0xcf,0xa0,0x6c,0xfc,0xd4,0x10,0x39,0x9f,0x64,0x46,0xce,0xd9,0x95,0x28,0x89,0xdf,0x94,0x5e,0x74,0x0b,0x55,0x46,0x82,0xd9,0x3d,0x82,0x97,0x7d,0xd0,0x3e,0xd7,0xf6,0x6f,0xaa,0x97,0x3e,0xdf,0xa7,0xde,0xe3,0xc5,0xaf,0xd3,0xa0,0x5a,0x30,0x0d,0xe3,0x5e,0x1d,0xdd,0xf9,0x20,0x4f,0x64,0xa9,0x26,0x74,0x97,0xf2,0x2d,0x31,0xac,0x8c,0x20,0x77,0x09,0xa9,0x8f,0xed,0x23,0x77,0x7e,0xd7,0x34,0x93,0x84,0xe7,0xaa}},
+	{{0x96,0x4e,0xf2,0x1e,0x3a,0xe5,0x77,0xbf,0xa7,0x1c,0x3d,0x66,0x08,0x06,0xca,0x55,0x43,0x7a,0x08,0xf8,0xff,0x55,0xb3,0xbc,0x9a,0x83,0x9a,0x2e,0xe6,0x97,0x14,0x32,0x36,0x57,0x5c,0xa4,0x04,0x78,0xb1,0x92,0xf4,0x23,0x94,0xe6,0x2a,0xef,0xd4,0xe7,0xc4,0x02,0x9f,0xa9,0x79,0x77,0x61,0x90,0xd6,0xdb,0x6e,0x28,0x7e,0xc0,0x1d,0x70},{0xc5,0xd1,0x5c,0x34,0x15,0xa9,0x1e,0x42,0x2a,0x1b,0x0d,0xf0,0x56,0x83,0x10,0xc3,0xc9,0x21,0xfd,0x05,0xfa,0x51,0x0e,0x11,0x28,0xcc,0x84,0xac,0x35,0xb5,0xd8,0xc8,0x5c,0x80,0x11,0x1f,0x60,0x1c,0x72,0x25,0x82,0x45,0xb5,0x4f,0x66,0x6b,0x52,0xb1,0xf7,0x28,0x0f,0x80,0x76,0x44,0xdc,0x15,0x70,0x39,0xe9,0xaf,0xc7,0x0a,0xa0,0x43},{0xff,0x20,0x5e,0x3b,0x75,0xe9,0x38,0x7c,0xa3,0x5c,0x8b,0x1a,0xec,0x17,0x8d,0xf0,0xef,0xb3,0x53,0x9b,0x16,0xa9,0x44,0xf9,0x34,0x45,0x13,0x66,0x80,0x24,0xdc,0x22,0x0e,0x51,0x94,0xed,0xe6,0x83,0x36,0x32,0x63,0x23,0x1b,0xf8,0x78,0xb4,0x04,0x7f,0x5a,0x50,0x54,0x12,0x19,0x04,0x61,0xdd,0x25,0xf0,0x48,0x29,0x04,0xc1,0x44,0xe2},{0x46,0x32,0x2d,0xc7,0xbc,0x05,0x2a,0xd3,0xb5,0xce,0x7d,0x47,0x5e,0xfc,0x90,0x38,0xef,0xfa,0x6f,0x42,0xf0,0x66,0x05,0x89,0x7c,0x9a,0xc1,0xfd,0xa2,0xe8,0xa7,0x38,0x18,0x6d,0x7f,0x9e,0xfb,0xbd,0x06,0x0c,0x70,0xd7,0x29,0x10,0x88,0x04,0x9f,0x24,0x28,0x9d,0xc7,0x84,0xdf,0xb6,0xec,0xb2,0xc7,0x1b,0xd1,0xc1,0x9d,0x56,0xb0,0x83},{0xda,0xd7,0x34,0xee,0x62,0x13,0x8f,0x47,0xad,0xb4,0x9c,0x98,0xe4,0xc5,0xb3,0x29,0x31,0x11,0x64,0xad,0xf5,0x0b,0x60,0xe1,0x0e,0x18,0x28,0x30,0x3c,0xa2,0xe3,0x29,0x89,0x0a,0x7e,0x18,0xba,0x30,0x9e,0x7d,0x53,0xf1,0x82,0xd5,0x27,0xe5,0xf3,0xab,0x15,0xcd,0x62,0x7e,0xdf,0xf0,0x0e,0x42,0xfa,0x6b,0x7b,0x54,0xd2,0x74,0x19,0x8f},{0x29,0x4d,0x28,0x80,0x62,0xb5,0x77,0xbb,0x69,0x70,0xb0,0xb7,0x10,0x2e,0xed,0xfc,0x13,0x34,0x93,0x7f,0xd8,0xfc,0xb5,0x7b,0xfe,0x34,0x0a,0xa3,0x95,0x5b,0xb1,0xa7,0xc6,0xab,0x82,0x79,0x25,0x23,0x94,0x12,0xa4,0x34,0xec,0x23,0xca,0xcb,0xd0,0xa3,0xf9,0x31,0x32,0xce,0x50,0x31,0x73,0x23,0x98,0x94,0xe3,0x08,0xd9,0x1e,0xc3,0x0b,0x39,0xe3,0x3b,0xf2,0xe8,0xb7,0x26,0x28,0x9d,0xb3,0x12,0x8d,0x16,0xca,0x89,0x26,0xa9,0x1c,0xa3,0x1f,0x36,0x10,0x60,0x6a,0x29,0x85,0xe7,0x2c,0xee,0xc1,0xb6,0xae},{0x68,0xed,0x3c,0x64,0xe6,0x87,0xf0,0x14,0x64,0xfc,0x38,0x3a,0x0f,0xd9,0x7a,0x5b,0x52,0x32,0x10,0xca,0xc6,0x83,0x0b,0xae,0x17,0x0e,0xfe,0x77,0xe0,0xe7,0x83,0xa1,0x2c,0x78,0x62,0x9c,0x79,0x08,0x2b,0xd4,0x85,0x72,0x27,0x8d,0x97,0x78,0x62,0x33,0x34,0xeb,0x5c,0xde,0x5d,0xaa,0x4d,0xfa,0xd1,0x67,0xa4,0xea,0x45,0xad,0xf9,0x06,0x39,0xe3,0x3b,0xf2,0xe8,0xb7,0x26,0x28,0x9d,0xb3,0x12,0x8d,0x16,0xca,0x89,0x26,0xa9,0x1c,0xa3,0x1f,0x36,0x10,0x60,0x6a,0x29,0x85,0xe7,0x2c,0xee,0xc1,0xb6,0xae}},
+	{{0xd9,0x64,0xb2,0xe1,0x9f,0x0a,0x35,0xfc,0x9f,0xc3,0xa5,0x2a,0xa3,0x84,0xb4,0xf3,0x23,0xc4,0xf3,0x5a,0x9d,0xf8,0x7f,0x35,0xa9,0xf5,0x5b,0x68,0xfc,0x19,0x69,0x63,0x6a,0x13,0x19,0x32,0xcc,0x9d,0x0c,0x3c,0x7d,0xdd,0x85,0x16,0xa8,0xd9,0x2b,0x75,0x08,0x4b,0x9a,0xa5,0x6e,0xf3,0xe9,0xeb,0xed,0x5d,0x2e,0xfd,0x2e,0x0c,0x60,0xa2},{0x0f,0xf6,0x8c,0x3f,0x6e,0xee,0x56,0x4f,0x43,0x6f,0x54,0xbd,0x7a,0xe4,0xbe,0xa8,0x77,0x05,0x99,0xe7,0x9e,0x59,0x22,0x85,0x9b,0xc6,0xe4,0x2a,0x61,0x9c,0x19,0xb1,0x5a,0xeb,0x7a,0xf8,0x41,0x4e,0xe5,0x2a,0xd0,0xf7,0x44,0xf0,0x16,0xea,0x0c,0x04,0x19,0x6c,0xb6,0x30,0x3c,0x6e,0x2d,0x79,0x9a,0x8f,0x08,0x90,0x11,0xf1,0xc0,0x4d},{0x68,0xe7,0x1d,0x40,0xf1,0x07,0xc0,0xc6,0xb2,0x87,0x9c,0xa2,0x19,0x43,0x7a,0xdf,0x8a,0x5a,0x0f,0xe2,0x24,0x97,0xa0,0x38,0x79,0x20,0x38,0xa9,0x9c,0x77,0xc4,0x37,0xa6,0x02,0xe0,0x93,0x47,0xa4,0x55,0x21,0xc2,0x69,0xbe,0x09,0x05,0xaa,0x87,0x28,0xf1,0x95,0x2f,0xdb,0xf0,0xbf,0xd2,0x9e,0x5e,0x3a,0xfa,0xc6,0x2f,0x13,0x09,0xaf},{0xe1,0x9e,0xc8,0x4f,0xc9,0xdd,0x61,0x60,0x94,0xbc,0xd3,0xd6,0xde,0x11,0x6e,0xec,0x84,0xc4,0xdd,0xbe,0x20,0x46,0x6c,0xef,0xf6,0x9d,0x37,0x07,0x53,0x72,0x57,0xf9,0x02,0xb5,0x64,0x1f,0xe2,0x56,0xa4,0x38,0x6d,0xa4,0xed,0x23,0x9e,0xa3,0xf4,0x4d,0x77,0x52,0xdc,0x8c,0x51,0xfc,0x88,0x18,0xbc,0x83,0x2a,0xac,0xc1,0x1d,0x3d,0x59},{0x08,0x4f,0x78,0x21,0xfd,0x4b,0x85,0x86,0x4e,0x25,0xdd,0x47,0x60,0x7f,0x7e,0xc6,0xd3,0xa1,0xab,0x91,0x3f,0xeb,0xf6,0x40,0x7e,0x1b,0xbd,0x99,0x9c,0x7c,0x2f,0x4f,0xca,0x68,0xa5,0xf6,0x8c,0x1e,0xcb,0xb8,0x76,0xe2,0x87,0x5b,0x49,0x68,0x97,0x2c,0x21,0x5c,0x7c,0x93,0x79,0x9a,0x95,0xa1,0x3a,0x49,0xc9,0x6d,0x34,0x6b,0xa1,0x98},{0xb9,0x88,0x25,0x9a,0x3b,0x53,0x56,0xa1,0x48,0x0f,0xf0,0x92,0xde,0x4e,0x3e,0x3a,0xcf,0x02,0xdc,0x5c,0xc2,0xc3,0x78,0xad,0x8a,0x0c,0x3c,0xc7,0xdd,0xdd,0x71,0x6e,0x3f,0xd9,0x3a,0x57,0x2a,0x19,0xa5,0x3b,0x5c,0x46,0x7b,0xc9,0x0f,0x16,0xb3,0x58,0xa6,0x85,0xfa,0x91,0x2c,0x9a,0x9c,0x12,0xb6,0xd6,0x7d,0x9a,0xf0,0x9d,0xe9,0x02,0xad,0x12,0x87,0xda,0x85,0x58,0x6b,0xff,0x68,0x96,0x05,0x33,0xba,0x7f,0x08,0xf9,0xa9,0xa2,0xa9,0x46,0x43,0xe5,0x03,0x12,0xe4,0xbe,0x74,0xaa,0x46,0x4e,0x51,0xb3},{0x61,0x70,0x17,0x50,0x26,0xfa,0x51,0x83,0xe0,0xca,0xa9,0xb1,0xc3,0xc4,0x83,0xa9,0xb6,0x43,0x6b,0x7a,0x5b,0xe4,0x21,0x5a,0x6b,0xd4,0x34,0xf8,0xee,0x95,0x86,0x2d,0x03,0xbf,0xca,0xd0,0xfa,0x68,0x53,0xb2,0x97,0x50,0xad,0x89,0x2f,0x99,0x63,0x67,0x18,0x57,0x1f,0x57,0x41,0xbc,0xb7,0xc0,0x18,0xe7,0xb6,0xf3,0x0f,0xc4,0x49,0x0d,0xad,0x12,0x87,0xda,0x85,0x58,0x6b,0xff,0x68,0x96,0x05,0x33,0xba,0x7f,0x08,0xf9,0xa9,0xa2,0xa9,0x46,0x43,0xe5,0x03,0x12,0xe4,0xbe,0x74,0xaa,0x46,0x4e,0x51,0xb3}},
+	{{0xc5,0xdf,0x86,0x8f,0xf1,0xa7,0xad,0x57,0xfd,0xb4,0x53,0xc3,0x92,0x1b,0x9e,0x2e,0xdd,0xc5,0xa4,0x3b,0x72,0xa6,0x9b,0x4a,0x15,0xca,0x35,0xed,0x3c,0x1a,0x3b,0x38,0x36,0xd6,0xf2,0x03,0xb6,0x97,0x1f,0xcb,0x40,0x5d,0x3c,0x25,0xfc,0xe7,0xff,0xc6,0xbe,0x61,0xe1,0x98,0x31,0x13,0xa9,0xbe,0x05,0x86,0xfe,0x5c,0xf6,0xcc,0xaa,0xf5},{0xd2,0x57,0x19,0x98,0xf8,0x74,0x90,0xb7,0x69,0x6e,0xdd,0x44,0xf1,0x8b,0xb1,0x9c,0xfd,0x5b,0x6b,0xc0,0x45,0xf2,0x49,0xa5,0x4b,0xff,0x8b,0x7f,0x87,0xe3,0xf9,0x71,0xab,0xfa,0xc8,0x17,0xed,0xeb,0x19,0xc6,0x3c,0xee,0x78,0xba,0x89,0x97,0x49,0x85,0x39,0x68,0x29,0x88,0x0b,0x1c,0xd1,0x42,0x8b,0xe8,0x1a,0x3b,0xeb,0x4d,0xef,0x3b},{0xea,0xfb,0xec,0x27,0xc3,0x92,0xc3,0x68,0x0d,0x3c,0x5b,0x20,0x20,0x9c,0x96,0xa7,0x39,0xfa,0x80,0x91,0xef,0x86,0x7d,0xa8,0x87,0xf6,0xef,0x14,0x01,0x46,0xf0,0x68,0x0a,0x8b,0xae,0x83,0x91,0x7e,0xa0,0x14,0x14,0xde,0xf9,0xa8,0xfd,0x67,0x57,0x17,0x20,0x46,0x43,0x49,0x07,0xf0,0x3e,0xc8,0xbe,0x66,0xaf,0x58,0x3a,0xbd,0xd8,0x00},{0x35,0xf5,0xc8,0x2c,0x0e,0x4b,0x56,0xe0,0xef,0x08,0x34,0x38,0x57,0xe9,0xde,0xdb,0x1d,0xe1,0x28,0x05,0x01,0xed,0x62,0x3d,0xa9,0x6e,0xea,0x5b,0x95,0x09,0xe0,0x04,0x46,0xff,0xdc,0x34,0xf6,0xf7,0x63,0xb1,0x76,0xb8,0x3c,0x03,0xef,0x36,0x0f,0x82,0x1b,0x5b,0x6f,0xe2,0x86,0xd9,0x10,0x01,0xe6,0x73,0x75,0x0d,0x50,0x30,0x11,0x68},{0x27,0xb6,0x3b,0x78,0x79,0xf3,0x22,0x78,0x8f,0x0c,0x14,0x8b,0x3f,0x68,0xc2,0xab,0x9f,0x9f,0x05,0x70,0x7e,0xee,0x4b,0x1b,0x6b,0xfc,0x04,0x72,0xca,0xf1,0x9a,0xba,0xe3,0x65,0x9d,0xdb,0x01,0x33,0xc5,0xdb,0xf6,0x87,0xe4,0x73,0x5a,0x0f,0x94,0xa9,0x2e,0xfe,0x8f,0x3e,0xd1,0x0a,0x6d,0xa1,0x21,0x2a,0x92,0x8c,0x4b,0x43,0x13,0x2f},{0xa3,0xa8,0x3b,0xb4,0x4f,0x8a,0xac,0xab,0x8a,0x4c,0x39,0x7e,0xb8,0x2f,0xb1,0x01,0x2e,0xbe,0x0e,0x7d,0x28,0x8a,0x18,0x4a,0xda,0x58,0x1a,0xfb,0x95,0x97,0xf3,0x63,0x58,0xbe,0x8c,0x30,0x13,0x9b,0xba,0x9f,0x4e,0xac,0x8d,0x95,0xf2,0x07,0xbb,0x85,0xa1,0x41,0x4c,0x33,0xe3,0x58,0x8e,0x5c,0xa1,0x05,0x45,0xab,0x5c,0x0c,0xe4,0x02,0xc3,0xa0,0xa0,0x72,0xdb,0x9a,0x9d,0xbf,0x13,0x29,0x94,0x70,0x8b,0xe4,0xe8,0xdb,0x0e,0x0b,0xd0,0xa0,0x25,0xad,0x71,0xa0,0x27,0x9c,0x1d,0x77,0xb0,0x98,0xa8,0x03},{0xe1,0x84,0xa5,0xea,0xa5,0xd8,0x1b,0x29,0xce,0xd7,0xa3,0x72,0xa7,0xc9,0xa5,0xea,0xf1,0x02,0xf3,0x0c,0xb0,0x65,0x12,0xbc,0xa4,0xf2,0x5d,0x69,0x00,0xa4,0x7f,0x5a,0x52,0x09,0xb6,0x7b,0x30,0xf2,0x99,0x03,0x39,0x9d,0xee,0x6f,0xb5,0xf7,0x9e,0x7a,0x97,0x8b,0x81,0x03,0x8c,0xdd,0x35,0xfc,0x1f,0x0a,0xc6,0xa4,0x60,0x7b,0xc8,0x0a,0xc3,0xa0,0xa0,0x72,0xdb,0x9a,0x9d,0xbf,0x13,0x29,0x94,0x70,0x8b,0xe4,0xe8,0xdb,0x0e,0x0b,0xd0,0xa0,0x25,0xad,0x71,0xa0,0x27,0x9c,0x1d,0x77,0xb0,0x98,0xa8,0x03}},
+	{{0x67,0xe9,0x62,0x76,0x3a,0x90,0x9b,0x6b,0x19,0x1d,0x65,0xb2,0x2a,0x2f,0xf7,0x50,0xaa,0x54,0xa5,0xbb,0x53,0xb5,0xf9,0xee,0x0c,0x04,0x3a,0x3c,0x29,0x4b,0x66,0x3e,0x7b,0xb6,0xaa,0xd2,0x10,0x89,0xcc,0x89,0x2c,0x47,0xbe,0x23,0xd6,0x52,0x81,0x5d,0xc8,0xbc,0x49,0xd6,0x6a,0xcd,0x62,0x99,0x30,0xff,0x16,0xa5,0x50,0x44,0xd8,0x7a},{0xd6,0xcd,0xfe,0xd4,0x44,0x4a,0x9e,0x90,0x44,0x73,0x8a,0xff,0xbb,0x82,0x08,0xb6,0x7f,0xf2,0x87,0xcb,0xa5,0x0b,0x56,0xd3,0x9e,0x91,0xb8,0x52,0x6b,0x25,0xa6,0x5d,0x50,0xaf,0x9b,0xd5,0xfb,0x9f,0x7e,0x2d,0x57,0xdf,0x30,0x78,0x8d,0x1a,0xc3,0xac,0x9c,0x5a,0xbf,0xab,0x5a,0x0d,0xc9,0xb6,0x4b,0x18,0xd4,0xe7,0x55,0x40,0xde,0x7e},{0xc2,0xa9,0x7e,0x5c,0x26,0xf4,0x7d,0xce,0x9e,0x73,0xae,0x50,0xde,0xe7,0xa6,0xf9,0x8b,0x57,0xf9,0x7a,0x4c,0x38,0x82,0xf6,0x30,0x80,0x12,0xf7,0xf6,0x66,0x80,0x46,0x4d,0x41,0x53,0x63,0xd9,0x65,0x90,0xe7,0xee,0x24,0x07,0xb0,0x4f,0xeb,0x3e,0x8e,0x83,0x21,0xa3,0x40,0x03,0xc0,0x64,0x52,0xc6,0xb2,0x12,0x9d,0x8d,0x86,0xdd,0x19},{0xe2,0xd5,0x49,0x5e,0x2a,0x6e,0x4e,0xd9,0x31,0x26,0x53,0x13,0x98,0x5e,0x2f,0x23,0xea,0xa0,0x30,0xee,0xef,0x62,0x2b,0xdc,0x93,0x65,0x90,0xad,0x9a,0xf1,0x74,0x12,0xf5,0x24,0x33,0xcc,0xc3,0xda,0x42,0x54,0xa6,0x6c,0x86,0x99,0xb9,0xb5,0xf7,0x07,0x90,0xd8,0x85,0x7f,0x69,0xfb,0x19,0x2a,0x2c,0xc0,0x11,0x81,0x64,0x37,0x38,0x07},{0xc7,0xb3,0xf5,0xe4,0x4b,0x55,0xcf,0xd8,0x2b,0x72,0xde,0x62,0xfc,0x66,0xea,0x82,0xee,0x2e,0xe5,0x4f,0x66,0xba,0x19,0x63,0x01,0x0b,0x2d,0x89,0xb4,0xaa,0x76,0xb3,0x7e,0xc5,0xbe,0xdd,0x57,0x90,0x5e,0xff,0x5b,0x9a,0x71,0xe1,0x47,0xf9,0xec,0xe5,0xf0,0x19,0x89,0x17,0x65,0x3e,0x56,0x4a,0x98,0xb2,0x3c,0x3b,0xf0,0x14,0x13,0x1b},{0xc0,0x72,0x26,0x96,0x6b,0xf5,0x50,0xa1,0x65,0xcd,0xfe,0x92,0xa5,0x5a,0xb3,0x56,0x27,0x5b,0x2f,0x4a,0x8f,0x67,0xaa,0xf4,0xa1,0x6e,0x3c,0x66,0xcc,0xb7,0x71,0x70,0xff,0x70,0x1f,0x9e,0x09,0xae,0x31,0xcb,0x2a,0xd5,0x8a,0x38,0xa9,0xaf,0xbc,0x94,0xa2,0xa8,0xe9,0x77,0x1c,0xc3,0xfa,0xd1,0x45,0xd2,0xe2,0xff,0x7d,0xf2,0x44,0x00,0xa0,0xc3,0xc1,0xdd,0xa0,0x4c,0xfb,0xed,0x1a,0xbd,0x0c,0x05,0x3b,0xa9,0xc8,0x98,0xb0,0x7d,0x6a,0x77,0xcb,0x08,0x70,0x64,0x31,0x9d,0x9c,0x7b,0x40,0x9e,0xbb,0xf4},{0xbc,0x88,0x9d,0x36,0xae,0xbc,0x92,0x47,0x63,0x85,0x41,0xe3,0x1e,0x1c,0x39,0xf5,0xd3,0xc2,0x0a,0x7d,0x18,0x7a,0x8f,0xd3,0x0c,0x37,0x50,0x28,0x35,0x93,0x77,0x4b,0xcb,0xba,0x35,0x4e,0x94,0x48,0xe4,0x0c,0xa7,0x36,0x4f,0x74,0x2b,0xf9,0xb5,0xb5,0xeb,0x91,0x50,0x3c,0x67,0x9b,0x4d,0x25,0xd4,0x0e,0x0d,0xb9,0x5b,0x77,0xf3,0x0e,0xa0,0xc3,0xc1,0xdd,0xa0,0x4c,0xfb,0xed,0x1a,0xbd,0x0c,0x05,0x3b,0xa9,0xc8,0x98,0xb0,0x7d,0x6a,0x77,0xcb,0x08,0x70,0x64,0x31,0x9d,0x9c,0x7b,0x40,0x9e,0xbb,0xf4}},
+	{{0x44,0xdd,0x62,0x9e,0x0f,0xee,0x20,0x11,0x37,0xfc,0xd0,0x5c,0xe4,0xe1,0x0a,0xb8,0xc2,0xe0,0x9c,0x2c,0x3e,0x1b,0x31,0x1c,0xdb,0xa3,0x84,0x9a,0xb7,0x4e,0x40,0x74,0x21,0xfd,0xfc,0x65,0xbd,0x38,0x8a,0x55,0x6f,0x1e,0xc3,0x14,0xfc,0x66,0x04,0x7b,0xc4,0x61,0xb0,0xcb,0xfa,0xdd,0x50,0x45,0x4b,0x2e,0xf0,0x6d,0x0f,0x26,0x6d,0xbf},{0xe6,0xbc,0x35,0x73,0xb3,0x11,0x38,0xc6,0x31,0x82,0x96,0x80,0x1d,0xa9,0xd9,0x17,0x85,0x4e,0xad,0x0f,0x5c,0xb7,0xe8,0x78,0x62,0x2f,0x3c,0x10,0x0e,0xdc,0xf2,0x7e,0xf5,0x02,0x6d,0x1a,0x50,0xc2,0x50,0x7d,0x0d,0x14,0x77,0x77,0xfc,0xbe,0x23,0x02,0x81,0x0a,0xdc,0xa3,0x16,0xfd,0xab,0xb9,0x7c,0xb6,0x7e,0x8a,0xde,0x1f,0x22,0xeb},{0xab,0xf3,0xea,0x63,0xc0,0x25,0xa2,0xc7,0x6a,0xfe,0x91,0x4a,0x0a,0x91,0xdd,0x6d,0x6f,0x8c,0xf9,0xa8,0x1c,0x9f,0xb5,0xe5,0xd2,0xac,0xe6,0x51,0x9a,0xd3,0x87,0x17,0x82,0x12,0x0a,0x58,0x99,0x7f,0x81,0x2d,0x8d,0x27,0x2d,0x1b,0xb0,0x02,0x7e,0x0d,0xd6,0x18,0x89,0x5e,0x0c,0x2b,0x57,0xa6,0x56,0x35,0xff,0x71,0x4e,0xb0,0x49,0x38},{0x36,0xdf,0x1d,0x1c,0xf6,0xa7,0x4d,0x87,0x7e,0x2c,0x3f,0xb4,0xda,0xd7,0x80,0x71,0x0b,0xf3,0x2a,0x47,0x20,0xe6,0x9a,0x3d,0x17,0x9a,0x97,0xc9,0x4e,0x53,0xa6,0xe2,0x23,0xea,0x94,0x4d,0xf9,0xeb,0x2c,0x03,0x2c,0x88,0xa2,0xe6,0xc5,0x94,0xa5,0x6f,0xc3,0x98,0xa9,0x8b,0xa7,0x41,0x7d,0xd3,0x82,0x01,0x13,0xb6,0x0f,0x39,0x1e,0xd2},{0x08,0x28,0xc3,0x1c,0xec,0x21,0x3a,0xb4,0x4c,0xb1,0xfa,0xb9,0x0c,0xfe,0xc2,0x50,0xc5,0x99,0x62,0xa0,0x11,0x74,0xcf,0x05,0x1e,0x2b,0xdf,0x6d,0x22,0x8e,0x6e,0x55,0x19,0x21,0x9c,0xa1,0x98,0x56,0x45,0x90,0x40,0x3a,0x8e,0xad,0x76,0x4d,0xd3,0x95,0x27,0x67,0x4e,0x02,0x16,0xc3,0xfe,0x5a,0x79,0x4e,0x2d,0x6f,0xd0,0xe4,0x4f,0x62},{0x40,0x14,0xe1,0x88,0x3d,0xcc,0x51,0xcb,0x98,0x86,0x06,0x4d,0xe4,0x52,0x71,0xe2,0x2e,0x2b,0x80,0xfd,0x81,0x65,0xaf,0x93,0x31,0x87,0xe0,0xff,0x31,0xab,0xff,0x53,0x0e,0x2d,0xb1,0x47,0xe6,0x44,0xb7,0x29,0xab,0x0f,0x51,0x3a,0x53,0x84,0x36,0x58,0x8c,0x5f,0x7b,0x65,0x6a,0xb7,0x6f,0xdc,0xad,0xc1,0xa3,0xe4,0x21,0xfc,0x22,0x0e,0xc1,0x10,0xd1,0x7d,0x9f,0xd3,0x1e,0x33,0xb4,0xca,0xb9,0xff,0xd8,0x27,0xb8,0xca,0xde,0x49,0x6f,0xdc,0xf0,0xe8,0x70,0x36,0xdb,0x90,0x00,0x07,0x9e,0x77,0x39,0xfe},{0xc9,0x93,0x4b,0xe6,0x47,0x7e,0x1d,0x86,0x15,0x46,0xe8,0x27,0xf5,0x84,0x67,0x4e,0x42,0xe3,0x2b,0x8a,0x4e,0x90,0x7b,0x87,0xcc,0xdf,0xaa,0x04,0x06,0x05,0xe6,0x72,0xff,0x6f,0x44,0x1b,0x08,0xad,0x79,0x3e,0xb7,0xdd,0xd7,0x2c,0x73,0xf0,0xf0,0xc4,0x6e,0xb7,0x37,0xe1,0x02,0xf5,0x42,0xe7,0xef,0xa1,0xdd,0x50,0x9a,0xc5,0x8d,0x00,0xc1,0x10,0xd1,0x7d,0x9f,0xd3,0x1e,0x33,0xb4,0xca,0xb9,0xff,0xd8,0x27,0xb8,0xca,0xde,0x49,0x6f,0xdc,0xf0,0xe8,0x70,0x36,0xdb,0x90,0x00,0x07,0x9e,0x77,0x39,0xfe}},
+	{{0x3e,0x0c,0x21,0xc4,0x3d,0x64,0x61,0xc1,0x9d,0xa1,0x83,0x10,0x74,0x1d,0x56,0x12,0xaf,0x29,0x5c,0x6c,0x12,0x48,0x0a,0xc7,0xe5,0x12,0xb6,0x42,0x6b,0x54,0xf4,0x42,0x0c,0x43,0x42,0x2e,0x78,0xc2,0xe7,0x26,0x09,0x41,0x4a,0x2f,0xa1,0xb0,0x1f,0xcd,0x63,0x76,0x1e,0xa1,0x6f,0xf6,0xe2,0xc2,0x08,0x89,0x0d,0x28,0xbf,0x1b,0x56,0x5b},{0x3e,0x2e,0xf2,0xcc,0x81,0xca,0xa7,0x5d,0x01,0xd2,0x82,0xfd,0x45,0xee,0xc0,0xf5,0x49,0x3b,0xe2,0xa4,0x2a,0x4d,0x5f,0x40,0x0d,0xbc,0xb9,0x3d,0x6e,0xda,0xe2,0x86,0xe1,0x23,0x8b,0x5f,0x0d,0xa2,0x35,0x15,0x1d,0x22,0x23,0xa5,0x69,0x56,0x34,0x78,0xb3,0xb3,0x55,0xef,0x63,0x8a,0x17,0x63,0xda,0xf0,0x64,0x99,0x8a,0x8a,0xba,0xd6},{0x68,0x79,0x36,0xa7,0x6b,0xe3,0x76,0x1c,0xe3,0x38,0x0b,0xa3,0x91,0xb6,0xb0,0x82,0x37,0xfa,0x52,0x74,0xf1,0xb5,0xd5,0xd9,0x07,0x06,0x9e,0xda,0x87,0x6b,0x0f,0x24,0x4f,0xbe,0xc9,0xff,0x03,0x41,0xaf,0x77,0x68,0xed,0xe7,0x71,0xba,0x2d,0xde,0x27,0xa1,0xbf,0xa8,0xa7,0x30,0x7c,0xcb,0x79,0x72,0x89,0x1a,0xdc,0xc1,0xe4,0xb2,0x9d},{0x94,0xa3,0x11,0xf4,0x44,0x80,0xd0,0xa3,0x47,0x93,0x36,0xe2,0xbd,0x04,0xe4,0x74,0x3d,0x00,0x60,0xad,0xd0,0x2d,0x86,0x66,0xa1,0x72,0x1a,0xb9,0x1c,0x14,0xa2,0x9b,0x4b,0x04,0x7d,0x5b,0xcd,0xf8,0x01,0x33,0xde,0x34,0x10,0x29,0xc4,0x72,0x56,0xff,0x11,0xcd,0xd8,0x61,0x2c,0xb6,0xb7,0xf4,0x24,0x8b,0x44,0xb4,0xe7,0x34,0x50,0xb8},{0x72,0xf6,0xd4,0xa3,0x24,0xf9,0xef,0xf4,0x55,0x8d,0x3c,0x07,0xca,0x10,0xdd,0x54,0x87,0x13,0x32,0x78,0x5c,0x64,0x10,0x08,0x62,0x7e,0xf4,0x34,0x0f,0x1c,0xcd,0xcc,0x3b,0x42,0xfe,0x60,0x41,0x70,0x2c,0x6b,0xd4,0x6c,0xf7,0xb8,0x24,0xf6,0xd7,0x07,0xb3,0x46,0xb0,0x7d,0x14,0x24,0x9b,0x72,0x79,0xf4,0x23,0x2a,0xec,0x02,0xe7,0x69},{0xe5,0xbe,0x84,0xc3,0x92,0x47,0x15,0xd3,0xac,0x06,0x44,0x72,0x41,0xeb,0xb6,0x5a,0x17,0x06,0x90,0xd9,0x55,0x3d,0xe4,0x87,0x7d,0x5a,0x11,0x9f,0x02,0x6d,0xd3,0x4e,0x71,0xd1,0x5e,0x16,0x9f,0xb2,0xc0,0x7f,0xcb,0x78,0x8b,0x89,0x11,0xae,0x43,0xe8,0x85,0xb7,0xf9,0xc8,0x48,0x5a,0xb2,0x96,0xaf,0x8f,0xab,0x71,0x84,0x9d,0x40,0x09,0x30,0xd4,0x32,0x6e,0xa2,0x77,0x97,0x71,0x37,0xce,0x22,0x6b,0xca,0xc9,0x79,0xef,0xc0,0xb2,0xb4,0x3d,0x30,0xbf,0x77,0xe9,0xc3,0x8d,0xec,0x15,0x04,0x08,0xfa,0x15},{0x4b,0xf3,0x7f,0xb2,0x78,0x75,0x45,0xd4,0xce,0x5e,0x3d,0xaf,0x92,0x63,0x3d,0x90,0xc0,0xa7,0x23,0x62,0x7f,0x37,0x58,0x8d,0x12,0xe0,0xb8,0x6c,0x46,0x38,0xaa,0xf7,0xe1,0x03,0x9e,0x1f,0x31,0xf9,0x5a,0xa4,0x59,0x0d,0xec,0xc5,0x1f,0x17,0x88,0x25,0xcc,0xed,0x69,0x2b,0x91,0x73,0x6a,0x3f,0xcb,0xe5,0x9c,0x1e,0x26,0x3e,0xec,0x0b,0x30,0xd4,0x32,0x6e,0xa2,0x77,0x97,0x71,0x37,0xce,0x22,0x6b,0xca,0xc9,0x79,0xef,0xc0,0xb2,0xb4,0x3d,0x30,0xbf,0x77,0xe9,0xc3,0x8d,0xec,0x15,0x04,0x08,0xfa,0x15}},
+	{{0xc5,0x1d,0xcd,0x70,0xb2,0x9e,0x53,0x29,0x05,0x78,0x83,0x5d,0x56,0x30,0x89,0xee,0x02,0xd7,0xac,0x57,0x0a,0xd2,0xa0,0x9c,0x96,0x0c,0xbf,0xf2,0x30,0xbf,0x1a,0x2b,0xee,0x0e,0x9f,0x1e,0x1c,0x65,0x7d,0xb5,0x48,0xad,0x6f,0x51,0xa0,0x91,0x61,0xe4,0xe6,0x83,0x9f,0x58,0x7c,0x76,0x2b,0x52,0x94,0x87,0x3c,0x8d,0x36,0x4c,0x37,0x3c},{0x59,0x3b,0x0d,0x38,0xab,0x93,0xca,0xfb,0x67,0x44,0x30,0x96,0xec,0xbd,0x00,0x1d,0x93,0xd0,0xb3,0x3d,0x3c,0xd4,0x4e,0x3d,0xd8,0x29,0x93,0xb2,0xb3,0x77,0xfc,0x57,0x31,0x20,0xe3,0x90,0x0d,0xf4,0x91,0x2f,0x8b,0x43,0xce,0xfe,0x99,0x03,0x03,0xa2,0x90,0x8d,0xcf,0xa8,0xc0,0x21,0x00,0xca,0xcc,0xcb,0x4b,0x2f,0xa5,0x39,0xa8,0x0b},{0xca,0xf6,0xf9,0xbb,0x53,0xcb,0x97,0x76,0xb6,0x9c,0x2c,0x18,0x21,0x43,0x13,0x48,0x13,0xc9,0x0e,0xeb,0x40,0xea,0xce,0x1f,0x3a,0xe9,0xd2,0x9e,0x29,0xdb,0xe2,0x79,0xe2,0x1a,0x9f,0x84,0x9d,0xe4,0x55,0x82,0x17,0xeb,0x87,0xf6,0xc3,0xef,0xcd,0x54,0x14,0xee,0xc8,0x5b,0xd7,0x67,0x05,0xe2,0x34,0xa2,0x7e,0x81,0x83,0x21,0x7a,0x02},{0xc5,0x03,0xd9,0x75,0xdf,0x17,0x15,0xe3,0x5b,0x7b,0x4f,0x66,0x9c,0x15,0x4e,0x01,0xdf,0x3d,0x16,0xb6,0x52,0xcc,0xcf,0x28,0x40,0xdb,0x20,0xee,0x8b,0x69,0xb1,0x2b,0xc0,0x6e,0xe4,0xd2,0xf5,0xd1,0x49,0x3f,0xf3,0x0a,0x12,0xcd,0x13,0xbd,0x9d,0x3d,0x5b,0x28,0x5c,0xb0,0x0d,0x0e,0xb6,0xed,0xec,0x65,0xeb,0x25,0x28,0x2e,0x65,0x2f},{0xed,0xa7,0x05,0xc1,0xa6,0x81,0xf2,0x7a,0x69,0x68,0x17,0x8e,0xf7,0xc9,0x14,0x80,0x9f,0x81,0xfe,0x16,0xfd,0x81,0x93,0xb4,0x0b,0x05,0x5b,0x4e,0xef,0x6e,0x7a,0x67,0x9d,0x99,0x4c,0x17,0xcd,0x1c,0x16,0xfd,0x31,0x35,0xd5,0x3e,0xa3,0x00,0xbf,0xbe,0xda,0xd6,0xe2,0x37,0x9b,0x13,0x1b,0xca,0x29,0x90,0x4b,0xf2,0x09,0x57,0x2f,0xe9},{0xd7,0xba,0x23,0xd3,0xa0,0x6e,0x14,0x6a,0xf0,0x77,0xb7,0xe6,0xe3,0xc9,0x3b,0x38,0xbb,0xe7,0xbe,0x54,0x75,0xf8,0xb7,0x42,0x29,0xe2,0x83,0xde,0x20,0x22,0x41,0xcf,0x5f,0x6f,0x80,0x60,0xf3,0x44,0x04,0x21,0xd5,0x03,0x68,0x42,0xde,0x81,0xea,0xe8,0x7e,0x5b,0x80,0x0f,0x1b,0x2d,0x06,0xc7,0xce,0xe9,0x46,0xc7,0xf7,0xb3,0xa2,0x02,0x21,0xb5,0x4d,0xc2,0x36,0xea,0xe6,0x7b,0xb3,0x61,0xe6,0x18,0x40,0x5b,0xce,0x5b,0xc2,0xee,0xa5,0xde,0xe9,0xe6,0xe0,0xa8,0x58,0x58,0x03,0x34,0x26,0x27,0x65,0x2a},{0xfa,0x43,0xa6,0xc4,0x32,0xa1,0x2f,0xb6,0x37,0x05,0xf4,0xa4,0xa7,0x36,0xdd,0x1c,0x45,0x10,0x95,0x83,0x67,0x89,0x79,0x18,0x34,0xad,0xe7,0x57,0x7f,0x0d,0x48,0x9b,0x14,0xdf,0x5f,0xc8,0xd7,0x0f,0x78,0x47,0x88,0x20,0xff,0x7f,0xb1,0x21,0x27,0x14,0x58,0x32,0x12,0xfb,0x97,0xe0,0x81,0x0e,0x92,0xf4,0x5c,0x0e,0x44,0x48,0x4e,0x01,0x21,0xb5,0x4d,0xc2,0x36,0xea,0xe6,0x7b,0xb3,0x61,0xe6,0x18,0x40,0x5b,0xce,0x5b,0xc2,0xee,0xa5,0xde,0xe9,0xe6,0xe0,0xa8,0x58,0x58,0x03,0x34,0x26,0x27,0x65,0x2a}},
+	{{0x1e,0x89,0x12,0xe8,0xab,0xca,0xeb,0x96,0x78,0x43,0x89,0x79,0x26,0x61,0x86,0x2e,0x37,0xd7,0x94,0xb5,0xb9,0xf7,0xc9,0xe7,0x04,0x6c,0x96,0x1c,0x54,0x0d,0xb0,0x6c,0xd3,0x68,0x9b,0x53,0xa7,0x56,0x34,0x1b,0x65,0xff,0xf9,0xee,0xf1,0xc6,0xfd,0x7e,0xa8,0x42,0x59,0x60,0x06,0x5f,0xc2,0x89,0x8b,0xfc,0xf8,0x6c,0x9a,0x0d,0xb1,0x36},{0x52,0x3d,0x83,0x25,0x0f,0x57,0x81,0x76,0x7b,0x21,0xf7,0x96,0xd6,0x1f,0xfe,0xd7,0x7c,0xc1,0x32,0xb5,0xbc,0x05,0x46,0xdb,0x6f,0x25,0xd8,0x7a,0x68,0xe2,0x01,0x81,0xf8,0x9a,0xc5,0x29,0x78,0x1c,0x01,0xc5,0x4d,0x61,0x4e,0x75,0xdf,0x9f,0xc3,0x22,0x96,0x7c,0xf9,0xa7,0xed,0x41,0x6f,0x64,0xfd,0xd4,0x61,0x58,0x0d,0x49,0xc9,0xa4},{0x4a,0xf7,0xda,0xef,0xe0,0x3b,0x33,0x19,0x79,0x02,0x7a,0xbb,0xd3,0x53,0xf4,0x8c,0x8a,0x16,0xfb,0xbd,0x35,0xd9,0x70,0xb2,0x0a,0x06,0x05,0x14,0xd0,0x9e,0xf6,0x13,0x44,0xbb,0xb7,0x93,0x86,0x1b,0x3c,0xb0,0x54,0xa7,0x48,0xc2,0xa7,0x10,0xda,0x65,0xb2,0xdb,0x0f,0x85,0x23,0x57,0x77,0x44,0x23,0x20,0x6d,0x2e,0xde,0x20,0x01,0xed},{0x9c,0xb8,0x68,0xeb,0xbb,0x8b,0xaf,0x81,0x9c,0x2f,0x90,0x4c,0xc2,0x62,0x17,0xfc,0xf2,0xa5,0xab,0x4c,0x2e,0x69,0xcb,0x82,0x5f,0x4c,0x3c,0x82,0xcd,0x6a,0xcb,0x15,0xa2,0xfc,0x50,0x54,0x5e,0x2e,0x83,0x52,0x48,0x29,0x51,0xcc,0x50,0xaa,0x27,0xa3,0xf3,0x71,0xdb,0x2c,0x1c,0xa9,0x8a,0xa5,0x95,0xab,0x3e,0x6f,0xcd,0xba,0x22,0x7c},{0xf7,0x5d,0xb5,0x20,0x65,0xfe,0xa9,0xe7,0x1f,0x8e,0xd6,0xc0,0xf2,0x3f,0x1b,0x8c,0x7a,0x02,0x54,0xd8,0xa7,0x0e,0x6f,0x68,0x94,0x81,0xff,0x30,0x0e,0x6d,0x1a,0x96,0x1b,0x86,0x07,0xaa,0xbf,0x37,0xc5,0x5e,0x26,0xa2,0xdf,0x0b,0xd0,0x7f,0x94,0x35,0x30,0xa4,0x9e,0x47,0xaf,0xad,0x9c,0xc9,0x02,0x21,0x55,0x94,0x04,0x13,0xff,0x64},{0x9c,0x8d,0x18,0x63,0x83,0xad,0x01,0xcc,0xbb,0xe6,0x00,0xda,0x15,0xce,0xc6,0x6e,0x7a,0x37,0x6a,0x81,0x44,0xb3,0xfc,0xb7,0xcd,0x05,0xee,0x4a,0x6f,0x29,0xe4,0x79,0x63,0x52,0x7e,0x14,0xc9,0x14,0x77,0xa8,0x19,0x94,0x03,0xc6,0x51,0x57,0xf1,0xcc,0x11,0x29,0xde,0x86,0x08,0xfe,0x41,0x02,0x71,0xb7,0xbf,0xd7,0xe7,0x83,0x3e,0x0c,0x9a,0x59,0x7e,0xe8,0x61,0x36,0x56,0x9a,0xbf,0x64,0xfd,0xf3,0xb7,0xb9,0x2f,0x9e,0x56,0x1f,0x57,0x45,0x2e,0x19,0x0f,0x6f,0x70,0x01,0xc2,0x48,0x05,0x23,0x9b,0x2f},{0xb5,0x4e,0xe7,0xcc,0x7b,0x66,0x7a,0xf8,0xec,0xcd,0x1b,0x0c,0x0f,0xec,0x04,0x27,0xa0,0x61,0xfd,0x12,0x2d,0xab,0xc9,0xc5,0x8e,0xee,0x36,0xc2,0xef,0x67,0xd5,0x87,0x95,0x6c,0x12,0xb7,0x12,0x81,0x55,0xe0,0x7b,0xdb,0x8f,0x67,0xea,0x04,0x55,0x91,0x9b,0x50,0x65,0x05,0xc1,0xf1,0x0b,0x04,0x91,0x66,0x3c,0x32,0x53,0x72,0x01,0x04,0x9a,0x59,0x7e,0xe8,0x61,0x36,0x56,0x9a,0xbf,0x64,0xfd,0xf3,0xb7,0xb9,0x2f,0x9e,0x56,0x1f,0x57,0x45,0x2e,0x19,0x0f,0x6f,0x70,0x01,0xc2,0x48,0x05,0x23,0x9b,0x2f}},
+	{{0xc8,0x37,0x10,0xdc,0xdb,0xfc,0x51,0x91,0xae,0x37,0xa4,0xe0,0xcf,0xbb,0xdd,0x92,0x93,0x5f,0x6b,0xd6,0x81,0xbf,0x9b,0x24,0x5e,0x0d,0xf1,0xe4,0x04,0x89,0xd1,0x1b,0xb2,0x68,0x56,0x3a,0xdc,0x59,0xd0,0x8a,0x93,0x37,0x5d,0xa5,0x40,0x5e,0xfe,0xc9,0x41,0x0b,0x8a,0x50,0xd2,0xa0,0x94,0x86,0xf7,0x46,0x3b,0x7e,0x1d,0xea,0x2b,0xa8},{0x1b,0xe2,0xe6,0x48,0x86,0xa8,0x65,0xfd,0x2b,0xae,0xc7,0x7d,0x41,0xee,0xb2,0x80,0x33,0x1c,0x0a,0xdc,0x42,0xea,0x99,0xd0,0x1f,0x6d,0xc8,0x80,0x51,0x70,0xd4,0x19,0xae,0xfc,0x66,0x16,0xa2,0x53,0x27,0x19,0x7a,0xf2,0x9a,0x25,0x0c,0x39,0x8c,0xbf,0xe7,0xa3,0x7a,0xd6,0xa3,0x43,0x62,0xd2,0x4a,0xc2,0xf1,0x96,0x7e,0xe3,0x83,0x13},{0xf5,0xb1,0x2a,0xc5,0x4d,0xcc,0xdf,0x56,0xde,0x92,0x96,0x46,0x03,0x11,0xfc,0xa0,0xbc,0xa2,0x22,0xf7,0x25,0x74,0x2a,0x1f,0x27,0x34,0x18,0xe8,0x06,0xa4,0x77,0x26,0x1a,0x51,0x5e,0xfb,0x77,0xbc,0x55,0xb1,0xf8,0xa5,0x19,0x23,0x00,0x97,0xf7,0xbb,0xe4,0xcd,0x41,0x9e,0xd9,0x5e,0x0c,0x6b,0x1b,0x8a,0xba,0x52,0x93,0xbe,0x2c,0xf3},{0xb3,0x02,0xeb,0x44,0x3c,0x05,0xae,0x9c,0x94,0xa9,0x1f,0x72,0x41,0xbc,0x81,0x66,0x5f,0x50,0xc0,0x57,0xb4,0x44,0xf0,0xe1,0x2a,0xa9,0x88,0x69,0xa6,0x1c,0x05,0x85,0xda,0xc7,0xb2,0xe1,0x8c,0x2f,0x7c,0x49,0x37,0xa2,0xf2,0x56,0xab,0x12,0x9f,0x12,0x4b,0x1b,0x73,0x75,0x3f,0x30,0x0f,0x40,0xf1,0xf9,0x1d,0xa7,0x2c,0x98,0x8c,0x91},{0xcb,0xd3,0x39,0x60,0x56,0xe3,0xbd,0x65,0x86,0x1a,0x58,0x40,0xc0,0xa4,0xc4,0x8b,0xe5,0xf7,0x49,0x0a,0xf2,0x09,0x51,0x32,0x6e,0x06,0x5a,0x27,0x19,0x78,0x2e,0x3a,0x04,0xf9,0x34,0x80,0x49,0x39,0x93,0xcd,0x89,0x67,0x7b,0xc0,0x8d,0x9d,0x8d,0x4c,0x83,0x20,0x80,0xfc,0x00,0xf2,0x8a,0x8f,0xa4,0x4d,0x8e,0x8f,0x58,0x51,0x5b,0x71},{0x71,0x3f,0x90,0x41,0xb8,0x74,0xbc,0x7a,0x85,0xf5,0xab,0xca,0x7e,0xf2,0x70,0x41,0xbc,0x36,0xb5,0xc3,0x4e,0xf1,0x2b,0x17,0x35,0x40,0xdb,0x3c,0xdb,0xd2,0xec,0x0b,0x99,0xc1,0x43,0x17,0xad,0x38,0x45,0x2d,0x07,0x31,0xd7,0xb6,0x95,0x1c,0x89,0x25,0xe4,0x89,0x97,0xd3,0xcf,0x11,0x2f,0x63,0x31,0x51,0xa2,0x18,0xfc,0x12,0x04,0x0a,0xb0,0x33,0xce,0x0b,0x57,0xc0,0x8c,0x58,0x25,0xf8,0x9b,0x50,0x22,0x1c,0x5c,0x7b,0x02,0xc7,0xed,0xfc,0x98,0x8b,0xbd,0xd2,0x4e,0xfc,0x78,0x91,0x7f,0x4c,0x99,0x24},{0xfc,0x46,0xe4,0x85,0x0c,0x52,0x14,0xf8,0x8a,0xa4,0x97,0x17,0x10,0xb2,0x93,0xef,0xa0,0x66,0x3c,0xfd,0x61,0x42,0x24,0x30,0x70,0x4b,0xfd,0x0b,0x86,0xc8,0x97,0xd7,0x04,0xc2,0xa6,0x61,0x41,0xaf,0xcc,0x1d,0x52,0xc9,0xf3,0xca,0xe1,0x90,0x7c,0xbd,0xce,0xaf,0x30,0xc4,0xb4,0x7d,0x81,0x7e,0xbd,0xe2,0x09,0x70,0x1e,0x6b,0xb9,0x03,0xb0,0x33,0xce,0x0b,0x57,0xc0,0x8c,0x58,0x25,0xf8,0x9b,0x50,0x22,0x1c,0x5c,0x7b,0x02,0xc7,0xed,0xfc,0x98,0x8b,0xbd,0xd2,0x4e,0xfc,0x78,0x91,0x7f,0x4c,0x99,0x24}},
+	{{0x5f,0x01,0x6d,0xec,0x82,0x02,0x96,0x47,0x74,0xd9,0x73,0x2e,0x2e,0x17,0x00,0xb6,0xe0,0xa4,0x13,0x17,0xae,0x7f,0x85,0xcb,0xff,0xe7,0x96,0x99,0xdb,0x9f,0xad,0x21,0x60,0xd9,0x12,0xdc,0x41,0x01,0x33,0x66,0x4c,0x24,0x8b,0x25,0x17,0xd7,0x22,0x14,0x12,0x4d,0xad,0x82,0x9a,0x85,0x69,0x5e,0x35,0x10,0xe0,0xd7,0x1a,0x82,0x88,0x14},{0xab,0x5f,0x2c,0x7d,0xa2,0xe5,0x67,0x5f,0xe4,0x92,0x03,0x93,0xd7,0x13,0xa1,0xfa,0x4a,0xb7,0x18,0x4a,0x8e,0x8c,0x78,0x9a,0x0c,0x60,0x02,0xe8,0x2d,0x50,0x05,0x0f,0x92,0xee,0x9f,0x81,0xde,0x6b,0x20,0xe4,0x9b,0x17,0x2e,0x99,0x0f,0x01,0x31,0xa7,0xc5,0xc4,0x53,0x70,0xda,0x03,0xc6,0xf7,0x22,0x87,0x98,0x87,0x19,0x36,0xa6,0x49},{0x93,0xab,0x22,0xc4,0x39,0x6c,0x97,0x80,0xd2,0xe2,0x36,0xfa,0x31,0x74,0x67,0xcc,0x50,0x1b,0x95,0xbe,0x77,0xe0,0xd1,0x00,0x74,0x04,0xe1,0x4d,0xca,0x44,0x35,0x72,0x74,0x69,0x82,0x23,0x56,0x9b,0xcc,0x34,0x5a,0xcb,0xa2,0xa3,0x31,0x12,0x4a,0x84,0x4c,0xe9,0x37,0x3a,0x58,0xf8,0x79,0x65,0x4a,0x66,0x79,0x82,0xf4,0x5d,0x75,0xc3},{0x2d,0x5d,0xac,0x4f,0xb5,0x00,0x68,0x3b,0x5f,0x2e,0xdd,0xcb,0x14,0x4a,0x7f,0xad,0x12,0x45,0x91,0xd1,0x84,0xd8,0x14,0xff,0xcb,0x64,0x43,0x6d,0x65,0xe7,0x19,0x68,0x2b,0x5e,0x53,0x05,0x74,0x66,0xed,0xac,0x2f,0x5a,0x8f,0x70,0x96,0xab,0x29,0xf3,0x9a,0x59,0xa2,0xe2,0xef,0xd3,0xc9,0xd7,0x53,0xf8,0xf5,0xa3,0xd6,0xf4,0x34,0xf8},{0x1d,0x14,0xf3,0xfd,0xb0,0x66,0x20,0xff,0xfc,0x79,0x47,0xc7,0x4c,0xe9,0x45,0x67,0xf5,0x97,0x14,0xea,0x7c,0x63,0xc5,0x3f,0x0b,0x46,0xe0,0x88,0xd6,0x9b,0x67,0x71,0xba,0xa6,0x15,0x28,0x94,0x54,0x83,0x68,0x00,0x3a,0x33,0xa6,0x1a,0x05,0x6a,0x68,0x72,0x98,0x48,0x71,0xea,0x5b,0x47,0xf5,0x80,0x46,0xa9,0x57,0x84,0xec,0xad,0xfc},{0xa3,0x1d,0x87,0xd3,0x28,0x62,0xc6,0xf7,0xdb,0xfb,0xfa,0xfc,0xf3,0x27,0x5c,0x31,0xd3,0x32,0x26,0x0e,0x0f,0x41,0x49,0xec,0x05,0x16,0xf7,0xa5,0x63,0xb3,0xbc,0xe5,0x0d,0x1e,0x6f,0x97,0x4f,0x68,0x40,0xc0,0xd4,0x6c,0x4f,0x9e,0x25,0xd0,0xab,0x8d,0x2a,0xb9,0x3e,0x06,0x4d,0x9d,0x3d,0x2d,0x79,0x8d,0x93,0xdc,0xfc,0x6f,0x0b,0x04,0x48,0x7c,0x19,0x5c,0xa9,0xc8,0x44,0xe5,0xf6,0x4f,0x51,0xd8,0x72,0x63,0x41,0xda,0x62,0xac,0x78,0x73,0xb3,0x3e,0xc8,0xb2,0xf1,0x3f,0x89,0xf2,0x0e,0x95,0xdf,0xed},{0xfd,0x69,0xb1,0x9a,0xdb,0xae,0x95,0x87,0xe2,0xc6,0x8a,0x97,0x0c,0xee,0xc4,0x22,0x60,0x4e,0x96,0xa9,0x72,0xb9,0x6f,0x86,0x97,0xa8,0xdf,0x83,0xc5,0x18,0x18,0x6e,0xc9,0x43,0x30,0x7e,0x5b,0xcf,0x37,0x0f,0xc1,0xd7,0xe5,0xab,0xb1,0x31,0xe0,0x97,0xc7,0x53,0xb7,0xfd,0xd7,0xdf,0x00,0x43,0x0e,0x41,0x62,0x80,0x0b,0xe3,0xe0,0x06,0x48,0x7c,0x19,0x5c,0xa9,0xc8,0x44,0xe5,0xf6,0x4f,0x51,0xd8,0x72,0x63,0x41,0xda,0x62,0xac,0x78,0x73,0xb3,0x3e,0xc8,0xb2,0xf1,0x3f,0x89,0xf2,0x0e,0x95,0xdf,0xed}},
+	{{0x98,0x29,0xf7,0x57,0xfd,0xbd,0x44,0x3f,0xd9,0x90,0x98,0x19,0x97,0xf2,0x60,0x27,0xfd,0x08,0xfc,0x8a,0xc6,0xaf,0x87,0x22,0x7f,0x74,0x4a,0x80,0xaf,0x72,0x00,0x01,0x70,0x9b,0x47,0x2a,0xd2,0x8e,0x41,0x0a,0xea,0x6a,0xdf,0xb7,0x61,0x54,0x89,0x5e,0x01,0x9f,0x76,0x64,0x29,0xee,0x8d,0x85,0x20,0xff,0x30,0x58,0xc2,0xa3,0x2a,0x56},{0xea,0x69,0x8e,0x6b,0x8e,0xdd,0x55,0x22,0x45,0x61,0xd4,0x92,0x66,0x8e,0x96,0xaf,0x7e,0x40,0x28,0x72,0xc4,0x46,0xe7,0x88,0xd4,0x6c,0x74,0xb7,0x48,0x7f,0xe8,0xe1,0x5e,0xa5,0x85,0x62,0x8f,0xd6,0xfc,0x27,0x0a,0xb2,0x4b,0x38,0x94,0x59,0x52,0x0d,0x6a,0x4d,0xe5,0x61,0xce,0x0d,0x44,0x03,0xa6,0x2a,0xc2,0xd4,0xd4,0xe2,0x71,0xe3},{0x40,0xf0,0x82,0xf0,0x8d,0xaa,0xad,0xa9,0x9f,0x9b,0x85,0x02,0xcf,0x57,0x15,0x41,0x13,0x59,0xf2,0xba,0xdd,0xbf,0x93,0xe5,0x40,0x2e,0xaf,0xdd,0x43,0x52,0xc8,0x7f,0x40,0xad,0x91,0x5b,0x58,0xd1,0xa1,0xe8,0x6f,0x77,0xc3,0x41,0x35,0x5e,0xf7,0x03,0xba,0xe4,0xed,0x2c,0x28,0x59,0xd6,0x48,0xfe,0x50,0xcc,0xf9,0x80,0xd1,0x49,0xd1},{0xd7,0xa5,0xd9,0x13,0xdf,0x7d,0xf6,0xc6,0x25,0x0f,0x52,0xc2,0x57,0x61,0x20,0xf2,0xf0,0xdb,0x47,0x49,0x56,0xaf,0x89,0x11,0xa7,0x8d,0x09,0x3a,0xfe,0x45,0x43,0xef,0x9f,0x0c,0x42,0xaf,0xa8,0xcc,0x60,0x48,0xc0,0x1c,0x7c,0xbe,0x01,0xe2,0x88,0xcc,0x6c,0x3e,0x97,0x91,0xf3,0xd9,0xb2,0xb2,0x09,0x7e,0x35,0xb1,0x78,0xb4,0x03,0xf6},{0x08,0xc4,0x1a,0x3a,0xc3,0xe3,0x26,0xbd,0x8d,0xee,0x5d,0xf0,0xba,0xb6,0x65,0xff,0x77,0xc0,0x99,0xd1,0xca,0xdc,0xf5,0x4b,0x50,0x50,0x0a,0x9e,0x13,0x33,0x76,0x86,0x9b,0x39,0x79,0x78,0x73,0x5c,0x2f,0x69,0xa9,0x9e,0x0b,0xeb,0x11,0x1e,0x12,0xaa,0xc1,0x09,0x83,0x0f,0xca,0xcb,0x95,0x10,0xde,0x85,0xe3,0x75,0x62,0x4a,0xc2,0x4c},{0x68,0x78,0x6c,0xce,0x2f,0x72,0x80,0xfe,0x83,0x88,0x63,0x37,0xa7,0xa1,0x5a,0x0b,0x84,0x8a,0xda,0x28,0x84,0xf1,0x6a,0x63,0x24,0x1c,0x72,0xda,0x84,0xee,0x1d,0xe0,0x77,0xf0,0xf6,0xce,0x7e,0x79,0x0a,0x55,0x03,0x01,0x13,0x0f,0xf7,0x6b,0x45,0xe7,0xcb,0xfd,0xb0,0x37,0x93,0x4b,0x40,0x69,0xe0,0x77,0x67,0x72,0x65,0xee,0x35,0x08,0x00,0xc0,0x07,0x10,0xd8,0x6e,0x55,0x83,0x5a,0xbc,0xfa,0x67,0x80,0x8f,0xfa,0x21,0x3e,0x56,0x53,0x5b,0xbc,0x9d,0xff,0x16,0xd9,0x57,0xcf,0x2b,0x78,0x06,0x5a,0x89},{0xdf,0x32,0x1a,0x01,0x84,0xe5,0xb8,0x2c,0x70,0x6c,0xeb,0xd1,0xf0,0xb4,0x9b,0x32,0xc8,0xd0,0x81,0xc4,0xea,0xb2,0x7c,0x32,0x1a,0x02,0x61,0xf2,0xd9,0x4d,0xe5,0x85,0xad,0xfc,0xc6,0x70,0xee,0x85,0x77,0x07,0x9b,0x5d,0x5f,0x88,0xef,0xb6,0xd8,0xdf,0x2b,0xa2,0x4d,0x90,0x11,0x2d,0x38,0x3f,0xa8,0x84,0xf0,0x76,0xdd,0x31,0xd0,0x09,0x00,0xc0,0x07,0x10,0xd8,0x6e,0x55,0x83,0x5a,0xbc,0xfa,0x67,0x80,0x8f,0xfa,0x21,0x3e,0x56,0x53,0x5b,0xbc,0x9d,0xff,0x16,0xd9,0x57,0xcf,0x2b,0x78,0x06,0x5a,0x89}},
+	{{0x25,0x87,0x1e,0x6f,0xe8,0xd0,0xde,0x1d,0xd5,0xf2,0xd3,0x5b,0xff,0x9e,0x67,0x99,0x60,0xb4,0x0e,0xb7,0x98,0x1b,0x2a,0x3a,0x9c,0xec,0xc1,0xe1,0x2e,0x2b,0xc0,0x3e,0x3c,0xfb,0x64,0x91,0x72,0xc6,0x7e,0x57,0x47,0x00,0x97,0xbf,0x8e,0x0e,0xbf,0xad,0xd9,0x28,0x86,0x7c,0xfd,0x41,0x91,0xae,0x2d,0xee,0xc0,0xb2,0x32,0x7d,0x99,0x7d},{0x63,0xc1,0xf9,0x61,0x9c,0x9e,0x1a,0xd7,0xca,0xa3,0x71,0xd6,0x34,0x3d,0xa7,0x08,0x36,0x0c,0xec,0x37,0x35,0x94,0x1a,0x45,0xa9,0xfa,0xf2,0xb5,0x25,0x92,0xbf,0xd1,0x1e,0xca,0xdd,0x5a,0x23,0xad,0x9e,0x45,0xc3,0x66,0xcb,0x8f,0xda,0xa3,0xd1,0xe6,0x27,0x38,0x11,0x54,0x67,0x31,0x03,0x64,0x35,0xe0,0x68,0x0b,0x93,0xee,0x81,0x17},{0x8b,0x01,0xe9,0x99,0x54,0x54,0x73,0x15,0x0b,0xac,0x38,0x7b,0xe9,0xe3,0x17,0x4f,0x02,0x3e,0xe3,0x8e,0xda,0x41,0xa0,0x9d,0x10,0xe0,0xda,0x11,0xfe,0xec,0x2f,0x42,0xe7,0xc8,0xb3,0xde,0x2f,0x7b,0xfd,0xdf,0x7c,0x34,0x3b,0x5e,0xac,0x22,0x8c,0x99,0x3d,0xa1,0xa9,0xd9,0x81,0xb6,0x51,0xc8,0xaf,0x3e,0x75,0xed,0x45,0xcf,0xf7,0xb9},{0xaf,0xe9,0x9c,0x16,0x4a,0x8f,0x3b,0x0f,0xef,0x71,0x2f,0xaa,0x8d,0x7d,0xce,0xed,0xea,0x31,0x93,0xaf,0x2c,0x75,0xc6,0xfa,0xda,0x3e,0xa6,0xea,0x2a,0x3e,0x7b,0x72,0xb6,0xf8,0xd7,0x9a,0x88,0xcb,0x0b,0x81,0x97,0x24,0x29,0x3b,0x11,0x23,0x69,0xc2,0xff,0x98,0x39,0x25,0x99,0xae,0xe1,0x07,0x3e,0x97,0xde,0x10,0x21,0x23,0x7a,0x2d},{0xbe,0x2f,0xb9,0x4c,0x41,0x5a,0x9a,0xf6,0xfb,0xf8,0x26,0x9d,0x81,0x7f,0x39,0x91,0xaf,0x5b,0xf1,0xd7,0x93,0x0a,0xdf,0x18,0x19,0x4a,0x80,0x74,0x14,0x98,0x2b,0xf2,0x3b,0x25,0xc5,0xe8,0xfc,0x07,0x3f,0x5d,0xa1,0x39,0x27,0x4e,0x1c,0xd2,0x7a,0xfe,0x3e,0x7b,0x03,0x35,0x15,0x9e,0x35,0x2b,0xd0,0xbe,0x67,0x48,0x42,0xdd,0xa4,0xdd},{0xbd,0xcd,0xd7,0xbf,0xb1,0x0a,0xdb,0x9f,0x85,0x42,0xba,0xf4,0xc8,0xff,0xb0,0xe1,0x9a,0x18,0x6d,0x1a,0xe0,0x37,0xc1,0xa2,0xe1,0x1c,0x38,0x55,0x14,0xbf,0x64,0x67,0x84,0x47,0xb6,0x0a,0xf6,0x93,0xf1,0x10,0xab,0x09,0xf0,0x60,0x84,0xe2,0x4e,0x4b,0x5e,0xa2,0xd2,0xd1,0x19,0x22,0xd7,0xc4,0x85,0x13,0x23,0xa3,0x6a,0xb6,0x75,0x0f,0x43,0xe6,0xde,0x7b,0x67,0x2a,0x73,0x77,0x9e,0xb4,0x94,0x6c,0xc3,0x9a,0x67,0x51,0xcf,0xe9,0x47,0x46,0x0e,0x3a,0x12,0x7d,0x7c,0x66,0x73,0x6c,0xd5,0x4a,0x21,0x4d},{0x89,0x7e,0xd0,0xbf,0x2e,0x9f,0x0c,0xff,0x6e,0x56,0x25,0x9b,0x79,0x99,0x52,0x27,0xc2,0x3a,0xaa,0xf0,0x47,0x6d,0xed,0x05,0xa1,0xeb,0x9c,0x92,0x28,0x7f,0x1b,0xc8,0x1c,0x57,0x76,0xab,0x05,0xe3,0xd3,0xb7,0xa3,0xf5,0xac,0xa8,0x21,0x33,0x7c,0xb7,0xe7,0xc2,0xd0,0x25,0x6f,0xdf,0x34,0xd1,0xb0,0x34,0x41,0x46,0x30,0x9c,0x76,0x07,0x43,0xe6,0xde,0x7b,0x67,0x2a,0x73,0x77,0x9e,0xb4,0x94,0x6c,0xc3,0x9a,0x67,0x51,0xcf,0xe9,0x47,0x46,0x0e,0x3a,0x12,0x7d,0x7c,0x66,0x73,0x6c,0xd5,0x4a,0x21,0x4d}}
+};
+
+//////////////////////////////////////////////////////////////////////////////
+
+static unsigned char fuzzbuf[1048576];
+
+static int testCrypto()
+{
+	unsigned char buf1[16384];
+	unsigned char buf2[sizeof(buf1)],buf3[sizeof(buf1)];
+
+	for(int i=0;i<3;++i) {
+		Utils::getSecureRandom(buf1,64);
+		std::cout << "[crypto] getSecureRandom: " << Utils::hex(buf1,64) << std::endl;
+	}
+
+	std::cout << "[crypto] Testing Salsa20... "; std::cout.flush();
+	for(unsigned int i=0;i<4;++i) {
+		for(unsigned int k=0;k<sizeof(buf1);++k)
+			buf1[k] = (unsigned char)rand();
+		memset(buf2,0,sizeof(buf2));
+		memset(buf3,0,sizeof(buf3));
+		Salsa20 s20;
+		s20.init("12345678123456781234567812345678",256,"12345678");
+		s20.encrypt20(buf1,buf2,sizeof(buf1));
+		s20.init("12345678123456781234567812345678",256,"12345678");
+		s20.decrypt20(buf2,buf3,sizeof(buf2));
+		if (memcmp(buf1,buf3,sizeof(buf1))) {
+			std::cout << "FAIL (encrypt/decrypt test)" << std::endl;
+			return -1;
+		}
+	}
+	Salsa20 s20(s20TV0Key,256,s20TV0Iv);
+	memset(buf1,0,sizeof(buf1));
+	memset(buf2,0,sizeof(buf2));
+	s20.encrypt20(buf1,buf2,64);
+	if (memcmp(buf2,s20TV0Ks,64)) {
+		std::cout << "FAIL (test vector 0)" << std::endl;
+		return -1;
+	}
+	s20.init(s2012TV0Key,256,s2012TV0Iv);
+	memset(buf1,0,sizeof(buf1));
+	memset(buf2,0,sizeof(buf2));
+	s20.encrypt12(buf1,buf2,64);
+	if (memcmp(buf2,s2012TV0Ks,64)) {
+		std::cout << "FAIL (test vector 1)" << std::endl;
+		return -1;
+	}
+	std::cout << "PASS" << std::endl;
+
+#ifdef ZT_SALSA20_SSE
+	std::cout << "[crypto] Salsa20 SSE: ENABLED" << std::endl;
+#else
+	std::cout << "[crypto] Salsa20 SSE: DISABLED" << std::endl;
+#endif
+
+	std::cout << "[crypto] Benchmarking Salsa20/12... "; std::cout.flush();
+	{
+		unsigned char *bb = (unsigned char *)::malloc(1234567);
+		for(unsigned int i=0;i<1234567;++i)
+			bb[i] = (unsigned char)i;
+		Salsa20 s20(s20TV0Key,256,s20TV0Iv);
+		double bytes = 0.0;
+		uint64_t start = OSUtils::now();
+		for(unsigned int i=0;i<200;++i) {
+			s20.encrypt12(bb,bb,1234567);
+			bytes += 1234567.0;
+		}
+		uint64_t end = OSUtils::now();
+		SHA512::hash(buf1,bb,1234567);
+		std::cout << ((bytes / 1048576.0) / ((double)(end - start) / 1000.0)) << " MiB/second (" << Utils::hex(buf1,16) << ')' << std::endl;
+		::free((void *)bb);
+	}
+
+	std::cout << "[crypto] Benchmarking Salsa20/20... "; std::cout.flush();
+	{
+		unsigned char *bb = (unsigned char *)::malloc(1234567);
+		for(unsigned int i=0;i<1234567;++i)
+			bb[i] = (unsigned char)i;
+		Salsa20 s20(s20TV0Key,256,s20TV0Iv);
+		double bytes = 0.0;
+		uint64_t start = OSUtils::now();
+		for(unsigned int i=0;i<200;++i) {
+			s20.encrypt20(bb,bb,1234567);
+			bytes += 1234567.0;
+		}
+		uint64_t end = OSUtils::now();
+		SHA512::hash(buf1,bb,1234567);
+		std::cout << ((bytes / 1048576.0) / ((double)(end - start) / 1000.0)) << " MiB/second (" << Utils::hex(buf1,16) << ')' << std::endl;
+		::free((void *)bb);
+	}
+
+	std::cout << "[crypto] Testing SHA-512... "; std::cout.flush();
+	SHA512::hash(buf1,sha512TV0Input,(unsigned int)strlen(sha512TV0Input));
+	if (memcmp(buf1,sha512TV0Digest,64)) {
+		std::cout << "FAIL" << std::endl;
+		return -1;
+	}
+	std::cout << "PASS" << std::endl;
+
+	std::cout << "[crypto] Testing Poly1305... "; std::cout.flush();
+	Poly1305::compute(buf1,poly1305TV0Input,sizeof(poly1305TV0Input),poly1305TV0Key);
+	if (memcmp(buf1,poly1305TV0Tag,16)) {
+		std::cout << "FAIL (1)" << std::endl;
+		return -1;
+	}
+	Poly1305::compute(buf1,poly1305TV1Input,sizeof(poly1305TV1Input),poly1305TV1Key);
+	if (memcmp(buf1,poly1305TV1Tag,16)) {
+		std::cout << "FAIL (2)" << std::endl;
+		return -1;
+	}
+	std::cout << "PASS" << std::endl;
+
+	std::cout << "[crypto] Benchmarking Poly1305... "; std::cout.flush();
+	{
+		unsigned char *bb = (unsigned char *)::malloc(1234567);
+		for(unsigned int i=0;i<1234567;++i)
+			bb[i] = (unsigned char)i;
+		double bytes = 0.0;
+		uint64_t start = OSUtils::now();
+		for(unsigned int i=0;i<200;++i) {
+			Poly1305::compute(buf1,bb,1234567,poly1305TV0Key);
+			bytes += 1234567.0;
+		}
+		uint64_t end = OSUtils::now();
+		std::cout << ((bytes / 1048576.0) / ((double)(end - start) / 1000.0)) << " MiB/second" << std::endl;
+		::free((void *)bb);
+	}
+
+	/*
+	for(unsigned int d=8;d<=10;++d) {
+		for(int k=0;k<8;++k) {
+			std::cout << "[crypto] computeSalsa2012Sha512ProofOfWork(" << d << ",\"foobarbaz\",9) == "; std::cout.flush();
+			unsigned char result[16];
+			uint64_t start = OSUtils::now();
+			IncomingPacket::computeSalsa2012Sha512ProofOfWork(d,"foobarbaz",9,result);
+			uint64_t end = OSUtils::now();
+			std::cout << Utils::hex(result,16) << " -- valid: " << IncomingPacket::testSalsa2012Sha512ProofOfWorkResult(d,"foobarbaz",9,result) << ", " << (end - start) << "ms" << std::endl;
+		}
+	}
+	*/
+
+	std::cout << "[crypto] Testing C25519 and Ed25519 against test vectors... "; std::cout.flush();
+	for(int k=0;k<ZT_NUM_C25519_TEST_VECTORS;++k) {
+		C25519::Pair p1,p2;
+		memcpy(p1.pub.data,C25519_TEST_VECTORS[k].pub1,p1.pub.size());
+		memcpy(p1.priv.data,C25519_TEST_VECTORS[k].priv1,p1.priv.size());
+		memcpy(p2.pub.data,C25519_TEST_VECTORS[k].pub2,p2.pub.size());
+		memcpy(p2.priv.data,C25519_TEST_VECTORS[k].priv2,p2.priv.size());
+		C25519::agree(p1,p2.pub,buf1,64);
+		C25519::agree(p2,p1.pub,buf2,64);
+		if (memcmp(buf1,buf2,64)) {
+			std::cout << "FAIL (1)" << std::endl;
+			return -1;
+		}
+		if (memcmp(buf1,C25519_TEST_VECTORS[k].agreement,64)) {
+			std::cout << "FAIL (2)" << std::endl;
+			return -1;
+		}
+		C25519::Signature sig1 = C25519::sign(p1,buf1,64);
+		if (memcmp(sig1.data,C25519_TEST_VECTORS[k].agreementSignedBy1,64)) {
+			std::cout << "FAIL (3)" << std::endl;
+			return -1;
+		}
+		C25519::Signature sig2 = C25519::sign(p2,buf1,64);
+		if (memcmp(sig2.data,C25519_TEST_VECTORS[k].agreementSignedBy2,64)) {
+			std::cout << "FAIL (4)" << std::endl;
+			return -1;
+		}
+	}
+	std::cout << "PASS" << std::endl;
+
+	std::cout << "[crypto] Testing C25519 ECC key agreement... "; std::cout.flush();
+	for(unsigned int i=0;i<100;++i) {
+		memset(buf1,64,sizeof(buf1));
+		memset(buf2,64,sizeof(buf2));
+		memset(buf3,64,sizeof(buf3));
+		C25519::Pair p1 = C25519::generate();
+		C25519::Pair p2 = C25519::generate();
+		C25519::Pair p3 = C25519::generate();
+		C25519::agree(p1,p2.pub,buf1,64);
+		C25519::agree(p2,p1.pub,buf2,64);
+		C25519::agree(p3,p1.pub,buf3,64);
+		// p1<>p2 should equal p1<>p2
+		if (memcmp(buf1,buf2,64)) {
+			std::cout << "FAIL (1)" << std::endl;
+			return -1;
+		}
+		// p2<>p1 should not equal p3<>p1
+		if (!memcmp(buf2,buf3,64)) {
+			std::cout << "FAIL (2)" << std::endl;
+			return -1;
+		}
+	}
+	std::cout << "PASS" << std::endl;
+
+	std::cout << "[crypto] Testing Ed25519 ECC signatures... "; std::cout.flush();
+	C25519::Pair didntSign = C25519::generate();
+	for(unsigned int i=0;i<10;++i) {
+		C25519::Pair p1 = C25519::generate();
+		for(unsigned int k=0;k<sizeof(buf1);++k)
+			buf1[k] = (unsigned char)rand();
+		C25519::Signature sig = C25519::sign(p1,buf1,sizeof(buf1));
+		if (!C25519::verify(p1.pub,buf1,sizeof(buf1),sig)) {
+			std::cout << "FAIL (1)" << std::endl;
+			return -1;
+		}
+		++buf1[17];
+		if (C25519::verify(p1.pub,buf1,sizeof(buf1),sig)) {
+			std::cout << "FAIL (2)" << std::endl;
+			return -1;
+		}
+		--buf1[17];
+		if (!C25519::verify(p1.pub,buf1,sizeof(buf1),sig)) {
+			std::cout << "FAIL (3)" << std::endl;
+			return -1;
+		}
+		if (C25519::verify(didntSign.pub,buf1,sizeof(buf1),sig)) {
+			std::cout << "FAIL (2)" << std::endl;
+			return -1;
+		}
+		for(unsigned int k=0;k<64;++k) {
+			C25519::Signature sig2(sig);
+			sig2.data[rand() % sig2.size()] ^= (unsigned char)(1 << (rand() & 7));
+			if (C25519::verify(p1.pub,buf1,sizeof(buf1),sig2)) {
+				std::cout << "FAIL (5)" << std::endl;
+				return -1;
+			}
+		}
+	}
+	std::cout << "PASS" << std::endl;
+
+	return 0;
+}
+
+static int testIdentity()
+{
+	Identity id;
+	Buffer<512> buf;
+
+	std::cout << "[identity] Validate known-good identity... "; std::cout.flush();
+	if (!id.fromString(KNOWN_GOOD_IDENTITY)) {
+		std::cout << "FAIL (1)" << std::endl;
+		return -1;
+	}
+	if (!id.locallyValidate()) {
+		std::cout << "FAIL (2)" << std::endl;
+		return -1;
+	}
+	std::cout << "PASS" << std::endl;
+
+	std::cout << "[identity] Validate known-bad identity... "; std::cout.flush();
+	if (!id.fromString(KNOWN_BAD_IDENTITY)) {
+		std::cout << "FAIL (1)" << std::endl;
+		return -1;
+	}
+	if (id.locallyValidate()) {
+		std::cout << "FAIL (2)" << std::endl;
+		return -1;
+	}
+	std::cout << "PASS (i.e. it failed)" << std::endl;
+
+	for(unsigned int k=0;k<4;++k) {
+		std::cout << "[identity] Generate identity... "; std::cout.flush();
+		uint64_t genstart = OSUtils::now();
+		id.generate();
+		uint64_t genend = OSUtils::now();
+		std::cout << "(took " << (genend - genstart) << "ms): " << id.toString(true) << std::endl;
+		std::cout << "[identity] Locally validate identity: ";
+		if (id.locallyValidate()) {
+			std::cout << "PASS" << std::endl;
+		} else {
+			std::cout << "FAIL" << std::endl;
+			return -1;
+		}
+	}
+
+	{
+		Identity id2;
+		buf.clear();
+		id.serialize(buf,true);
+		id2.deserialize(buf);
+		std::cout << "[identity] Serialize and deserialize (w/private): ";
+		if ((id == id2)&&(id2.locallyValidate())) {
+			std::cout << "PASS" << std::endl;
+		} else {
+			std::cout << "FAIL" << std::endl;
+			return -1;
+		}
+	}
+
+	{
+		Identity id2;
+		buf.clear();
+		id.serialize(buf,false);
+		id2.deserialize(buf);
+		std::cout << "[identity] Serialize and deserialize (no private): ";
+		if ((id == id2)&&(id2.locallyValidate())) {
+			std::cout << "PASS" << std::endl;
+		} else {
+			std::cout << "FAIL" << std::endl;
+			return -1;
+		}
+	}
+
+	{
+		Identity id2;
+		id2.fromString(id.toString(true).c_str());
+		std::cout << "[identity] Serialize and deserialize (ASCII w/private): ";
+		if ((id == id2)&&(id2.locallyValidate())) {
+			std::cout << "PASS" << std::endl;
+		} else {
+			std::cout << "FAIL" << std::endl;
+			return -1;
+		}
+	}
+
+	{
+		Identity id2;
+		id2.fromString(id.toString(false).c_str());
+		std::cout << "[identity] Serialize and deserialize (ASCII no private): ";
+		if ((id == id2)&&(id2.locallyValidate())) {
+			std::cout << "PASS" << std::endl;
+		} else {
+			std::cout << "FAIL" << std::endl;
+			return -1;
+		}
+	}
+
+	return 0;
+}
+
+static int testCertificate()
+{
+	Identity authority;
+	std::cout << "[certificate] Generating identity to act as authority... "; std::cout.flush();
+	authority.generate();
+	std::cout << authority.address().toString() << std::endl;
+
+	Identity idA,idB;
+	std::cout << "[certificate] Generating identities A and B... "; std::cout.flush();
+	idA.generate();
+	idB.generate();
+	std::cout << idA.address().toString() << ", " << idB.address().toString() << std::endl;
+
+	std::cout << "[certificate] Generating certificates A and B...";
+	CertificateOfMembership cA(10000,100,1,idA.address());
+	CertificateOfMembership cB(10099,100,1,idB.address());
+	std::cout << std::endl;
+
+	std::cout << "[certificate] Signing certificates A and B with authority...";
+	cA.sign(authority);
+	cB.sign(authority);
+	std::cout << std::endl;
+
+	//std::cout << "[certificate] A: " << cA.toString() << std::endl;
+	//std::cout << "[certificate] B: " << cB.toString() << std::endl;
+
+	std::cout << "[certificate] A agrees with B and B with A... ";
+	if (cA.agreesWith(cB))
+		std::cout << "yes, ";
+	else {
+		std::cout << "FAIL" << std::endl;
+		return -1;
+	}
+	if (cB.agreesWith(cA))
+		std::cout << "yes." << std::endl;
+	else {
+		std::cout << "FAIL" << std::endl;
+		return -1;
+	}
+
+	std::cout << "[certificate] Testing string serialization... ";
+	CertificateOfMembership copyA(cA.toString());
+	CertificateOfMembership copyB(cB.toString());
+	if (copyA != cA) {
+		std::cout << "FAIL" << std::endl;
+		return -1;
+	}
+	if (copyB != cB) {
+		std::cout << "FAIL" << std::endl;
+		return -1;
+	}
+	std::cout << "PASS" << std::endl;
+
+	std::cout << "[certificate] Generating two certificates that should not agree...";
+	cA = CertificateOfMembership(10000,100,1,idA.address());
+	cB = CertificateOfMembership(10101,100,1,idB.address());
+	std::cout << std::endl;
+
+	std::cout << "[certificate] A agrees with B and B with A... ";
+	if (!cA.agreesWith(cB))
+		std::cout << "no, ";
+	else {
+		std::cout << "FAIL" << std::endl;
+		return -1;
+	}
+	if (!cB.agreesWith(cA))
+		std::cout << "no." << std::endl;
+	else {
+		std::cout << "FAIL" << std::endl;
+		return -1;
+	}
+
+	return 0;
+}
+
+static int testPacket()
+{
+	unsigned char salsaKey[32];
+	Packet a,b;
+
+	a.burn();
+	b.burn();
+
+	for(unsigned int i=0;i<32;++i)
+		salsaKey[i] = (unsigned char)rand();
+
+	std::cout << "[packet] Testing Packet encoder/decoder... ";
+
+	a.reset(Address(),Address(),Packet::VERB_HELLO);
+	for(int i=0;i<32;++i)
+		a.append("supercalifragilisticexpealidocious",(unsigned int)strlen("supercalifragilisticexpealidocious"));
+
+	b = a;
+	if (a != b) {
+		std::cout << "FAIL (assign)" << std::endl;
+		return -1;
+	}
+
+	a.compress();
+	unsigned int complen = a.size();
+	a.uncompress();
+
+	std::cout << "(compressed: " << complen << ", decompressed: " << a.size() << ") ";
+	if (a != b) {
+		std::cout << "FAIL (compresssion)" << std::endl;
+		return -1;
+	}
+
+	a.armor(salsaKey,true);
+	if (!a.dearmor(salsaKey)) {
+		std::cout << "FAIL (encrypt-decrypt/verify)" << std::endl;
+		return -1;
+	}
+
+	std::cout << "PASS" << std::endl;
+	return 0;
+}
+
+static int testOther()
+{
+	std::cout << "[other] Testing Hashtable... "; std::cout.flush();
+	{
+		Hashtable<uint64_t,std::string> ht;
+		std::map<uint64_t,std::string> ref; // assume std::map works correctly :)
+		for(int x=0;x<2;++x) {
+			for(int i=0;i<77777;++i) {
+				uint64_t k = rand();
+				while ((k == 0)||(ref.count(k) > 0))
+					++k;
+				std::string v("!");
+				for(int j=0;j<(int)(k % 64);++j)
+					v.push_back("0123456789"[rand() % 10]);
+				ref[k] = v;
+				ht.set(0xffffffffffffffffULL,v);
+				std::string &vref = ht[k];
+				vref = v;
+				ht.erase(0xffffffffffffffffULL);
+			}
+			if (ht.size() != ref.size()) {
+				std::cout << "FAILED! (size mismatch, original)" << std::endl;
+				return -1;
+			}
+			{
+				Hashtable<uint64_t,std::string>::Iterator i(ht);
+				uint64_t *k = (uint64_t *)0;
+				std::string *v = (std::string *)0;
+				while(i.next(k,v)) {
+					if (ref.find(*k)->second != *v) {
+						std::cout << "FAILED! (data mismatch!)" << std::endl;
+						return -1;
+					}
+				}
+			}
+			for(std::map<uint64_t,std::string>::const_iterator i(ref.begin());i!=ref.end();++i) {
+				if (ht[i->first] != i->second) {
+					std::cout << "FAILED! (data mismatch!)" << std::endl;
+					return -1;
+				}
+			}
+
+			Hashtable<uint64_t,std::string> ht2;
+			ht2 = ht;
+			Hashtable<uint64_t,std::string> ht3(ht2);
+			if (ht2.size() != ref.size()) {
+				std::cout << "FAILED! (size mismatch, assigned)" << std::endl;
+				return -1;
+			}
+			if (ht3.size() != ref.size()) {
+				std::cout << "FAILED! (size mismatch, copied)" << std::endl;
+				return -1;
+			}
+
+			for(std::map<uint64_t,std::string>::iterator i(ref.begin());i!=ref.end();++i) {
+				std::string *v = ht.get(i->first);
+				if (!v) {
+					std::cout << "FAILED! (key " << i->first << " not found, original)" << std::endl;
+					return -1;
+				}
+				if (*v != i->second) {
+					std::cout << "FAILED! (key " << i->first << "  not equal, original)" << std::endl;
+					return -1;
+				}
+				v = ht2.get(i->first);
+				if (!v) {
+					std::cout << "FAILED! (key " << i->first << "  not found, assigned)" << std::endl;
+					return -1;
+				}
+				if (*v != i->second) {
+					std::cout << "FAILED! (key " << i->first << "  not equal, assigned)" << std::endl;
+					return -1;
+				}
+				v = ht3.get(i->first);
+				if (!v) {
+					std::cout << "FAILED! (key " << i->first << "  not found, copied)" << std::endl;
+					return -1;
+				}
+				if (*v != i->second) {
+					std::cout << "FAILED! (key " << i->first << "  not equal, copied)" << std::endl;
+					return -1;
+				}
+			}
+			{
+				uint64_t *k;
+				std::string *v;
+				Hashtable<uint64_t,std::string>::Iterator i(ht);
+				unsigned long ic = 0;
+				while (i.next(k,v)) {
+					if (ref[*k] != *v) {
+						std::cout << "FAILED! (iterate)" << std::endl;
+						return -1;
+					}
+					++ic;
+				}
+				if (ic != ht.size()) {
+					std::cout << "FAILED! (iterate coverage)" << std::endl;
+					return -1;
+				}
+			}
+			for(std::map<uint64_t,std::string>::iterator i(ref.begin());i!=ref.end();) {
+				if (!ht.get(i->first)) {
+					std::cout << "FAILED! (erase, check if exists)" << std::endl;
+					return -1;
+				}
+				ht.erase(i->first);
+				if (ht.get(i->first)) {
+					std::cout << "FAILED! (erase, check if erased)" << std::endl;
+					return -1;
+				}
+				ref.erase(i++);
+				if (ht.size() != ref.size()) {
+					std::cout << "FAILED! (erase, size)" << std::endl;
+					return -1;
+				}
+			}
+			if (!ht.empty()) {
+				std::cout << "FAILED! (erase, empty)" << std::endl;
+				return -1;
+			}
+			for(int i=0;i<10000;++i) {
+				uint64_t k = rand();
+				while ((k == 0)||(ref.count(k) > 0))
+					++k;
+				std::string v;
+				for(int j=0;j<(int)(k % 64);++j)
+					v.push_back("0123456789"[rand() % 10]);
+				ht.set(k,v);
+				ref[k] = v;
+			}
+			if (ht.size() != ref.size()) {
+				std::cout << "FAILED! (second populate)" << std::endl;
+				return -1;
+			}
+			ht.clear();
+			ref.clear();
+			if (ht.size() != ref.size()) {
+				std::cout << "FAILED! (clear)" << std::endl;
+				return -1;
+			}
+			for(int i=0;i<10000;++i) {
+				uint64_t k = rand();
+				while ((k == 0)||(ref.count(k) > 0))
+					++k;
+				std::string v;
+				for(int j=0;j<(int)(k % 64);++j)
+					v.push_back("0123456789"[rand() % 10]);
+				ht.set(k,v);
+				ref[k] = v;
+			}
+			{
+				Hashtable<uint64_t,std::string>::Iterator i(ht);
+				uint64_t *k;
+				std::string *v;
+				while (i.next(k,v))
+					ht.erase(*k);
+			}
+			ref.clear();
+			if (ht.size() != ref.size()) {
+				std::cout << "FAILED! (clear by iterate, " << ht.size() << ")" << std::endl;
+				return -1;
+			}
+		}
+	}
+	std::cout << "PASS" << std::endl;
+
+	std::cout << "[other] Testing hex encode/decode... "; std::cout.flush();
+	for(unsigned int k=0;k<1000;++k) {
+		unsigned int flen = (rand() % 8194) + 1;
+		for(unsigned int i=0;i<flen;++i)
+			fuzzbuf[i] = (unsigned char)(rand() & 0xff);
+		std::string dec = Utils::unhex(Utils::hex(fuzzbuf,flen).c_str());
+		if ((dec.length() != flen)||(memcmp(dec.data(),fuzzbuf,dec.length()))) {
+			std::cout << "FAILED!" << std::endl;
+			std::cout << Utils::hex(fuzzbuf,flen) << std::endl;
+			std::cout << Utils::hex(dec.data(),(unsigned int)dec.length()) << std::endl;
+			return -1;
+		}
+	}
+	std::cout << "PASS" << std::endl;
+
+	std::cout << "[other] Testing/fuzzing Dictionary... "; std::cout.flush();
+	for(int k=0;k<1000;++k) {
+		Dictionary<8194> test;
+		char key[32][16];
+		char value[32][128];
+		for(unsigned int q=0;q<32;++q) {
+			Utils::snprintf(key[q],16,"%.8lx",(unsigned long)rand());
+			int r = rand() % 128;
+			for(int x=0;x<r;++x)
+				value[q][x] = ("0123456789\0\t\r\n= ")[rand() % 16];
+			value[q][r] = (char)0;
+			test.add(key[q],value[q],r);
+		}
+		for(unsigned int q=0;q<1024;++q) {
+			//int r = rand() % 128;
+			int r = 31;
+			char tmp[128];
+			if (test.get(key[r],tmp,sizeof(tmp)) >= 0) {
+				if (strcmp(value[r],tmp)) {
+					std::cout << "FAILED (invalid value)!" << std::endl;
+					return -1;
+				}
+			} else {
+				std::cout << "FAILED (can't find key '" << key[r] << "')!" << std::endl;
+				return -1;
+			}
+		}
+		for(unsigned int q=0;q<31;++q) {
+			char tmp[128];
+			test.erase(key[q]);
+			if (test.get(key[q],tmp,sizeof(tmp)) >= 0) {
+				std::cout << "FAILED (key should have been erased)!" << std::endl;
+				return -1;
+			}
+			if (test.get(key[q+1],tmp,sizeof(tmp)) < 0) {
+				std::cout << "FAILED (key should NOT have been erased)!" << std::endl;
+				return -1;
+			}
+		}
+	}
+	int foo = 0;
+	volatile int *volatile bar = &foo; // force compiler not to optimize out test.get() below
+	for(int k=0;k<200;++k) {
+		int r = rand() % 8194;
+		unsigned char tmp[8194];
+		for(int q=0;q<r;++q)
+			tmp[q] = (unsigned char)((rand() % 254) + 1); // don't put nulls since those will always just terminate scan
+		tmp[r] = (r % 32) ? (char)(rand() & 0xff) : (char)0; // every 32nd iteration don't terminate the string maybe...
+		Dictionary<8194> test((const char *)tmp);
+		for(unsigned int q=0;q<100;++q) {
+			char tmp[128];
+			for(unsigned int x=0;x<128;++x)
+				tmp[x] = (char)(rand() & 0xff);
+			tmp[127] = (char)0;
+			char value[8194];
+			*bar += test.get(tmp,value,sizeof(value));
+		}
+	}
+	std::cout << "PASS (junk value to prevent optimization-out of test: " << foo << ")" << std::endl;
+
+	return 0;
+}
+
+#define ZT_TEST_PHY_NUM_UDP_PACKETS 10000
+#define ZT_TEST_PHY_UDP_PACKET_SIZE 1000
+#define ZT_TEST_PHY_NUM_VALID_TCP_CONNECTS 10
+#define ZT_TEST_PHY_NUM_INVALID_TCP_CONNECTS 2
+#define ZT_TEST_PHY_TCP_MESSAGE_SIZE 1000000
+#define ZT_TEST_PHY_TIMEOUT_MS 20000
+static unsigned long phyTestUdpPacketCount = 0;
+static unsigned long phyTestTcpByteCount = 0;
+static unsigned long phyTestTcpConnectSuccessCount = 0;
+static unsigned long phyTestTcpConnectFailCount = 0;
+static unsigned long phyTestTcpAcceptCount = 0;
+struct TestPhyHandlers;
+static Phy<TestPhyHandlers *> *testPhyInstance = (Phy<TestPhyHandlers *> *)0;
+struct TestPhyHandlers
+{
+	inline void phyOnDatagram(PhySocket *sock,void **uptr,const struct sockaddr *localAddr,const struct sockaddr *from,void *data,unsigned long len)
+	{
+		++phyTestUdpPacketCount;
+	}
+
+	inline void phyOnTcpConnect(PhySocket *sock,void **uptr,bool success)
+	{
+		if (success) {
+			++phyTestTcpConnectSuccessCount;
+		} else {
+			++phyTestTcpConnectFailCount;
+		}
+	}
+
+	inline void phyOnTcpAccept(PhySocket *sockL,PhySocket *sockN,void **uptrL,void **uptrN,const struct sockaddr *from)
+	{
+		++phyTestTcpAcceptCount;
+		*uptrN = new std::string(ZT_TEST_PHY_TCP_MESSAGE_SIZE,(char)0xff);
+		testPhyInstance->setNotifyWritable(sockN,true);
+	}
+
+	inline void phyOnTcpClose(PhySocket *sock,void **uptr)
+	{
+		delete (std::string *)*uptr; // delete testMessage if any
+	}
+
+	inline void phyOnTcpData(PhySocket *sock,void **uptr,void *data,unsigned long len)
+	{
+		phyTestTcpByteCount += len;
+	}
+
+	inline void phyOnTcpWritable(PhySocket *sock,void **uptr)
+	{
+		std::string *testMessage = (std::string *)*uptr;
+		if ((testMessage)&&(testMessage->length() > 0)) {
+			long sent = testPhyInstance->streamSend(sock,(const void *)testMessage->data(),(unsigned long)testMessage->length(),true);
+			if (sent > 0)
+				testMessage->erase(0,sent);
+		}
+		if ((!testMessage)||(!testMessage->length())) {
+			testPhyInstance->close(sock,true);
+		}
+	}
+
+#ifdef __UNIX_LIKE__
+	inline void phyOnUnixAccept(PhySocket *sockL,PhySocket *sockN,void **uptrL,void **uptrN) {}
+	inline void phyOnUnixClose(PhySocket *sock,void **uptr) {}
+	inline void phyOnUnixData(PhySocket *sock,void **uptr,void *data,unsigned long len) {}
+	inline void phyOnUnixWritable(PhySocket *sock,void **uptr,bool b) {}
+#endif // __UNIX_LIKE__
+
+	inline void phyOnFileDescriptorActivity(PhySocket *sock,void **uptr,bool readable,bool writable) {}
+};
+static int testPhy()
+{
+	char udpTestPayload[ZT_TEST_PHY_UDP_PACKET_SIZE];
+	memset(udpTestPayload,0xff,sizeof(udpTestPayload));
+
+	struct sockaddr_in bindaddr;
+	memset(&bindaddr,0,sizeof(bindaddr));
+	bindaddr.sin_family = AF_INET;
+	bindaddr.sin_port = Utils::hton((uint16_t)60002);
+	bindaddr.sin_addr.s_addr = Utils::hton((uint32_t)0x7f000001);
+	struct sockaddr_in invalidAddr;
+	memset(&bindaddr,0,sizeof(bindaddr));
+	bindaddr.sin_family = AF_INET;
+	bindaddr.sin_port = Utils::hton((uint16_t)60004);
+	bindaddr.sin_addr.s_addr = Utils::hton((uint32_t)0x7f000001);
+
+	std::cout << "[phy] Creating phy endpoint..." << std::endl;
+	TestPhyHandlers testPhyHandlers;
+	testPhyInstance = new Phy<TestPhyHandlers *>(&testPhyHandlers,false,true);
+
+	std::cout << "[phy] Binding UDP listen socket to 127.0.0.1/60002... ";
+	PhySocket *udpListenSock = testPhyInstance->udpBind((const struct sockaddr *)&bindaddr);
+	if (!udpListenSock) {
+		std::cout << "FAILED." << std::endl;
+		return -1;
+	}
+	std::cout << "OK" << std::endl;
+
+	std::cout << "[phy] Binding TCP listen socket to 127.0.0.1/60002... ";
+	PhySocket *tcpListenSock = testPhyInstance->tcpListen((const struct sockaddr *)&bindaddr);
+	if (!tcpListenSock) {
+		std::cout << "FAILED." << std::endl;
+		return -1;
+	}
+	std::cout << "OK" << std::endl;
+
+	unsigned long phyTestUdpPacketsSent = 0;
+	unsigned long phyTestTcpValidConnectionsAttempted = 0;
+	unsigned long phyTestTcpInvalidConnectionsAttempted = 0;
+
+	std::cout << "[phy] Testing UDP send/receive... "; std::cout.flush();
+	uint64_t timeoutAt = OSUtils::now() + ZT_TEST_PHY_TIMEOUT_MS;
+	while ((OSUtils::now() < timeoutAt)&&(phyTestUdpPacketCount < ZT_TEST_PHY_NUM_UDP_PACKETS)) {
+		if (phyTestUdpPacketsSent < ZT_TEST_PHY_NUM_UDP_PACKETS) {
+			if (!testPhyInstance->udpSend(udpListenSock,(const struct sockaddr *)&bindaddr,udpTestPayload,sizeof(udpTestPayload))) {
+				std::cout << "FAILED." << std::endl;
+				return -1;
+			} else ++phyTestUdpPacketsSent;
+		}
+		testPhyInstance->poll(100);
+	}
+	std::cout << "got " << phyTestUdpPacketCount << " packets, OK" << std::endl;
+
+	std::cout << "[phy] Testing TCP... "; std::cout.flush();
+	timeoutAt = OSUtils::now() + ZT_TEST_PHY_TIMEOUT_MS;
+	while ((OSUtils::now() < timeoutAt)&&(phyTestTcpByteCount < (ZT_TEST_PHY_NUM_VALID_TCP_CONNECTS * ZT_TEST_PHY_TCP_MESSAGE_SIZE))) {
+		if (phyTestTcpValidConnectionsAttempted < ZT_TEST_PHY_NUM_VALID_TCP_CONNECTS) {
+			++phyTestTcpValidConnectionsAttempted;
+			bool connected = false;
+			if (!testPhyInstance->tcpConnect((const struct sockaddr *)&bindaddr,connected,(void *)0,true))
+				++phyTestTcpConnectFailCount;
+		}
+		if (phyTestTcpInvalidConnectionsAttempted < ZT_TEST_PHY_NUM_INVALID_TCP_CONNECTS) {
+			++phyTestTcpInvalidConnectionsAttempted;
+			bool connected = false;
+			if (!testPhyInstance->tcpConnect((const struct sockaddr *)&invalidAddr,connected,(void *)0,true))
+				++phyTestTcpConnectFailCount;
+		}
+		testPhyInstance->poll(100);
+	}
+	if (phyTestTcpByteCount < (ZT_TEST_PHY_NUM_VALID_TCP_CONNECTS * ZT_TEST_PHY_TCP_MESSAGE_SIZE)) {
+		std::cout << "got " << phyTestTcpConnectSuccessCount << " connect successes, " << phyTestTcpConnectFailCount << " failures, and " << phyTestTcpByteCount << " bytes, FAILED." << std::endl;
+		return -1;
+	} else {
+		std::cout << "got " << phyTestTcpConnectSuccessCount << " connect successes, " << phyTestTcpConnectFailCount << " failures, and " << phyTestTcpByteCount << " bytes, OK" << std::endl;
+	}
+
+	return 0;
+}
+
+static int testResolver()
+{
+	std::cout << "[resolver] Testing BackgroundResolver..."; std::cout.flush();
+
+	BackgroundResolver r("tcp-fallback.zerotier.com");
+	r.resolveNow();
+	r.wait();
+
+	std::vector<InetAddress> ips(r.get());
+	for(std::vector<InetAddress>::const_iterator ip(ips.begin());ip!=ips.end();++ip) {
+		std::cout << ' ' << ip->toString();
+	}
+	std::cout << std::endl;
+
+	return 0;
+}
+
+/*
+static int testHttp()
+{
+	std::map<std::string,std::string> requestHeaders,responseHeaders;
+	std::string responseBody;
+
+	InetAddress downloadZerotierDotCom;
+	std::vector<InetAddress> rr(OSUtils::resolve("download.zerotier.com"));
+	if (rr.empty()) {
+		std::cout << "[http] Resolve of download.zerotier.com failed, skipping." << std::endl;
+		return 0;
+	} else {
+		for(std::vector<InetAddress>::iterator r(rr.begin());r!=rr.end();++r) {
+			std::cout << "[http] download.zerotier.com: " << r->toString() << std::endl;
+			if (r->isV4())
+				downloadZerotierDotCom = *r;
+		}
+	}
+	downloadZerotierDotCom.setPort(80);
+
+	std::cout << "[http] GET http://download.zerotier.com/dev/1k @" << downloadZerotierDotCom.toString() << " ... "; std::cout.flush();
+	requestHeaders["Host"] = "download.zerotier.com";
+	unsigned int sc = Http::GET(1024 * 1024 * 16,60000,reinterpret_cast<const struct sockaddr *>(&downloadZerotierDotCom),"/dev/1k",requestHeaders,responseHeaders,responseBody);
+	std::cout << sc << " " << responseBody.length() << " bytes ";
+	if (sc == 0)
+		std::cout << "ERROR: " << responseBody << std::endl;
+	else std::cout << "DONE" << std::endl;
+
+	std::cout << "[http] GET http://download.zerotier.com/dev/4m @" << downloadZerotierDotCom.toString() << " ... "; std::cout.flush();
+	requestHeaders["Host"] = "download.zerotier.com";
+	sc = Http::GET(1024 * 1024 * 16,60000,reinterpret_cast<const struct sockaddr *>(&downloadZerotierDotCom),"/dev/4m",requestHeaders,responseHeaders,responseBody);
+	std::cout << sc << " " << responseBody.length() << " bytes ";
+	if (sc == 0)
+		std::cout << "ERROR: " << responseBody << std::endl;
+	else std::cout << "DONE" << std::endl;
+
+	downloadZerotierDotCom = InetAddress("1.0.0.1/1234");
+	std::cout << "[http] GET @" << downloadZerotierDotCom.toString() << " ... "; std::cout.flush();
+	sc = Http::GET(1024 * 1024 * 16,2500,reinterpret_cast<const struct sockaddr *>(&downloadZerotierDotCom),"/dev/4m",requestHeaders,responseHeaders,responseBody);
+	std::cout << sc << " (should be 0, time out)" << std::endl;
+
+	return 0;
+}
+*/
+
+#ifdef __WINDOWS__
+int _tmain(int argc, _TCHAR* argv[])
+#else
+int main(int argc,char **argv)
+#endif
+{
+	int r = 0;
+
+#ifdef __WINDOWS__
+	WSADATA wsaData;
+	WSAStartup(MAKEWORD(2,2),&wsaData);
+#endif
+
+	// Code to generate the C25519 test vectors -- did this once and then
+	// put these up top so that we can ensure that every platform produces
+	// the same result.
+	/*
+	for(int k=0;k<32;++k) {
+		C25519::Pair p1 = C25519::generate();
+		C25519::Pair p2 = C25519::generate();
+		unsigned char agg[64];
+		C25519::agree(p1,p2.pub,agg,64);
+		C25519::Signature sig1 = C25519::sign(p1,agg,64);
+		C25519::Signature sig2 = C25519::sign(p2,agg,64);
+		printf("{{");
+		for(int i=0;i<64;++i)
+			printf("%s0x%.2x",((i > 0) ? "," : ""),(unsigned int)p1.pub.data[i]);
+		printf("},{");
+		for(int i=0;i<64;++i)
+			printf("%s0x%.2x",((i > 0) ? "," : ""),(unsigned int)p1.priv.data[i]);
+		printf("},{");
+		for(int i=0;i<64;++i)
+			printf("%s0x%.2x",((i > 0) ? "," : ""),(unsigned int)p2.pub.data[i]);
+		printf("},{");
+		for(int i=0;i<64;++i)
+			printf("%s0x%.2x",((i > 0) ? "," : ""),(unsigned int)p2.priv.data[i]);
+		printf("},{");
+		for(int i=0;i<64;++i)
+			printf("%s0x%.2x",((i > 0) ? "," : ""),(unsigned int)agg[i]);
+		printf("},{");
+		for(int i=0;i<96;++i)
+			printf("%s0x%.2x",((i > 0) ? "," : ""),(unsigned int)sig1.data[i]);
+		printf("},{");
+		for(int i=0;i<96;++i)
+			printf("%s0x%.2x",((i > 0) ? "," : ""),(unsigned int)sig2.data[i]);
+		printf("}}\n");
+	}
+	exit(0);
+	*/
+
+	std::cout << "[info] sizeof(void *) == " << sizeof(void *) << std::endl;
+	std::cout << "[info] sizeof(NetworkConfig) == " << sizeof(ZeroTier::NetworkConfig) << std::endl;
+
+	srand((unsigned int)time(0));
+
+	///*
+	r |= testOther();
+	r |= testCrypto();
+	r |= testPacket();
+	r |= testIdentity();
+	r |= testCertificate();
+	r |= testPhy();
+	r |= testResolver();
+	//r |= testHttp();
+	//*/
+
+	if (r)
+		std::cout << std::endl << "SOMETHING FAILED!" << std::endl;
+
+	/*
+#ifdef ZT_USE_MINIUPNPC
+	std::cout << std::endl;
+	std::cout << "[portmapper] Starting port mapper and waiting forever... use CTRL+C to exit. (enable ZT_PORTMAPPER_TRACE in PortMapper.cpp for output)" << std::endl;
+	PortMapper mapper(12345,"ZeroTier/__selftest");
+	Thread::sleep(0xffffffff);
+#endif
+	*/
+
+	return r;
+}
diff --git a/service/ClusterDefinition.hpp b/service/ClusterDefinition.hpp
new file mode 100644
index 0000000..441cc04
--- /dev/null
+++ b/service/ClusterDefinition.hpp
@@ -0,0 +1,160 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_CLUSTERDEFINITION_HPP
+#define ZT_CLUSTERDEFINITION_HPP
+
+#ifdef ZT_ENABLE_CLUSTER
+
+#include <vector>
+#include <algorithm>
+
+#include "../node/Constants.hpp"
+#include "../node/Utils.hpp"
+#include "../node/NonCopyable.hpp"
+#include "../osdep/OSUtils.hpp"
+
+#include "ClusterGeoIpService.hpp"
+
+namespace ZeroTier {
+
+/**
+ * Parser for cluster definition file
+ */
+class ClusterDefinition : NonCopyable
+{
+public:
+	struct MemberDefinition
+	{
+		MemberDefinition() : id(0),x(0),y(0),z(0) { name[0] = (char)0; }
+
+		unsigned int id;
+		int x,y,z;
+		char name[256];
+		InetAddress clusterEndpoint;
+		std::vector<InetAddress> zeroTierEndpoints;
+	};
+
+	/**
+	 * Load and initialize cluster definition and GeoIP data if any
+	 *
+	 * @param myAddress My ZeroTier address
+	 * @param pathToClusterFile Path to cluster definition file
+	 * @throws std::runtime_error Invalid cluster definition or unable to load data
+	 */
+	ClusterDefinition(uint64_t myAddress,const char *pathToClusterFile)
+	{
+		std::string cf;
+		if (!OSUtils::readFile(pathToClusterFile,cf))
+			return;
+
+		char myAddressStr[64];
+		Utils::snprintf(myAddressStr,sizeof(myAddressStr),"%.10llx",myAddress);
+
+		std::vector<std::string> lines(Utils::split(cf.c_str(),"\r\n","",""));
+		for(std::vector<std::string>::iterator l(lines.begin());l!=lines.end();++l) {
+			std::vector<std::string> fields(Utils::split(l->c_str()," \t","",""));
+			if ((fields.size() < 5)||(fields[0][0] == '#')||(fields[0] != myAddressStr))
+				continue;
+
+			// <address> geo <CSV path> <ip start column> <ip end column> <latitutde column> <longitude column>
+			if (fields[1] == "geo") {
+				if ((fields.size() >= 7)&&(OSUtils::fileExists(fields[2].c_str()))) {
+					int ipStartColumn = Utils::strToInt(fields[3].c_str());
+					int ipEndColumn = Utils::strToInt(fields[4].c_str());
+					int latitudeColumn = Utils::strToInt(fields[5].c_str());
+					int longitudeColumn = Utils::strToInt(fields[6].c_str());
+					if (_geo.load(fields[2].c_str(),ipStartColumn,ipEndColumn,latitudeColumn,longitudeColumn) <= 0)
+						throw std::runtime_error(std::string("failed to load geo-ip data from ")+fields[2]);
+				}
+				continue;
+			}
+
+			// <address> <ID> <name> <backplane IP/port(s)> <ZT frontplane IP/port(s)> <x,y,z>
+			int id = Utils::strToUInt(fields[1].c_str());
+			if ((id < 0)||(id > ZT_CLUSTER_MAX_MEMBERS))
+				throw std::runtime_error(std::string("invalid cluster member ID: ")+fields[1]);
+			MemberDefinition &md = _md[id];
+
+			md.id = (unsigned int)id;
+			if (fields.size() >= 6) {
+				std::vector<std::string> xyz(Utils::split(fields[5].c_str(),",","",""));
+				md.x = (xyz.size() > 0) ? Utils::strToInt(xyz[0].c_str()) : 0;
+				md.y = (xyz.size() > 1) ? Utils::strToInt(xyz[1].c_str()) : 0;
+				md.z = (xyz.size() > 2) ? Utils::strToInt(xyz[2].c_str()) : 0;
+			}
+			Utils::scopy(md.name,sizeof(md.name),fields[2].c_str());
+			md.clusterEndpoint.fromString(fields[3]);
+			if (!md.clusterEndpoint)
+				continue;
+			std::vector<std::string> zips(Utils::split(fields[4].c_str(),",","",""));
+			for(std::vector<std::string>::iterator zip(zips.begin());zip!=zips.end();++zip) {
+				InetAddress i;
+				i.fromString(*zip);
+				if (i)
+					md.zeroTierEndpoints.push_back(i);
+			}
+
+			_ids.push_back((unsigned int)id);
+		}
+
+		std::sort(_ids.begin(),_ids.end());
+	}
+
+	/**
+	 * @return All member definitions in this cluster by ID (ID is array index)
+	 */
+	inline const MemberDefinition &operator[](unsigned int id) const throw() { return _md[id]; }
+
+	/**
+	 * @return Number of members in this cluster
+	 */
+	inline unsigned int size() const throw() { return (unsigned int)_ids.size(); }
+
+	/**
+	 * @return IDs of members in this cluster sorted by ID
+	 */
+	inline const std::vector<unsigned int> &ids() const throw() { return _ids; }
+
+	/**
+	 * @return GeoIP service for this cluster
+	 */
+	inline ClusterGeoIpService &geo() throw() { return _geo; }
+
+	/**
+	 * @return A vector (new copy) containing all cluster members
+	 */
+	inline std::vector<MemberDefinition> members() const
+	{
+		std::vector<MemberDefinition> m;
+		for(std::vector<unsigned int>::const_iterator i(_ids.begin());i!=_ids.end();++i)
+			m.push_back(_md[*i]);
+		return m;
+	}
+
+private:
+	MemberDefinition _md[ZT_CLUSTER_MAX_MEMBERS];
+	std::vector<unsigned int> _ids;
+	ClusterGeoIpService _geo;
+};
+
+} // namespace ZeroTier
+
+#endif // ZT_ENABLE_CLUSTER
+
+#endif
diff --git a/service/ClusterGeoIpService.cpp b/service/ClusterGeoIpService.cpp
new file mode 100644
index 0000000..3ad6975
--- /dev/null
+++ b/service/ClusterGeoIpService.cpp
@@ -0,0 +1,235 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef ZT_ENABLE_CLUSTER
+
+#include <math.h>
+
+#include <cmath>
+
+#include "ClusterGeoIpService.hpp"
+
+#include "../node/Utils.hpp"
+#include "../osdep/OSUtils.hpp"
+
+#define ZT_CLUSTERGEOIPSERVICE_FILE_MODIFICATION_CHECK_EVERY 10000
+
+namespace ZeroTier {
+
+ClusterGeoIpService::ClusterGeoIpService() :
+	_pathToCsv(),
+	_ipStartColumn(-1),
+	_ipEndColumn(-1),
+	_latitudeColumn(-1),
+	_longitudeColumn(-1),
+	_lastFileCheckTime(0),
+	_csvModificationTime(0),
+	_csvFileSize(0)
+{
+}
+
+ClusterGeoIpService::~ClusterGeoIpService()
+{
+}
+
+bool ClusterGeoIpService::locate(const InetAddress &ip,int &x,int &y,int &z)
+{
+	Mutex::Lock _l(_lock);
+
+	if ((_pathToCsv.length() > 0)&&((OSUtils::now() - _lastFileCheckTime) > ZT_CLUSTERGEOIPSERVICE_FILE_MODIFICATION_CHECK_EVERY)) {
+		_lastFileCheckTime = OSUtils::now();
+		if ((_csvFileSize != OSUtils::getFileSize(_pathToCsv.c_str()))||(_csvModificationTime != OSUtils::getLastModified(_pathToCsv.c_str())))
+			_load(_pathToCsv.c_str(),_ipStartColumn,_ipEndColumn,_latitudeColumn,_longitudeColumn);
+	}
+
+	/* We search by looking up the upper bound of the sorted vXdb vectors
+	 * and then iterating down for a matching IP range. We stop when we hit
+	 * the beginning or an entry whose start and end are before the IP we
+	 * are searching. */
+
+	if ((ip.ss_family == AF_INET)&&(_v4db.size() > 0)) {
+		_V4E key;
+		key.start = Utils::ntoh((uint32_t)(reinterpret_cast<const struct sockaddr_in *>(&ip)->sin_addr.s_addr));
+		std::vector<_V4E>::const_iterator i(std::upper_bound(_v4db.begin(),_v4db.end(),key));
+		while (i != _v4db.begin()) {
+			--i;
+			if ((key.start >= i->start)&&(key.start <= i->end)) {
+				x = i->x;
+				y = i->y;
+				z = i->z;
+				//printf("%s : %f,%f %d,%d,%d\n",ip.toIpString().c_str(),i->lat,i->lon,x,y,z);
+				return true;
+			} else if ((key.start > i->start)&&(key.start > i->end))
+				break;
+		}
+	} else if ((ip.ss_family == AF_INET6)&&(_v6db.size() > 0)) {
+		_V6E key;
+		memcpy(key.start,reinterpret_cast<const struct sockaddr_in6 *>(&ip)->sin6_addr.s6_addr,16);
+		std::vector<_V6E>::const_iterator i(std::upper_bound(_v6db.begin(),_v6db.end(),key));
+		while (i != _v6db.begin()) {
+			--i;
+			const int s_vs_s = memcmp(key.start,i->start,16);
+			const int s_vs_e = memcmp(key.start,i->end,16);
+			if ((s_vs_s >= 0)&&(s_vs_e <= 0)) {
+				x = i->x;
+				y = i->y;
+				z = i->z;
+				//printf("%s : %f,%f %d,%d,%d\n",ip.toIpString().c_str(),i->lat,i->lon,x,y,z);
+				return true;
+			} else if ((s_vs_s > 0)&&(s_vs_e > 0))
+				break;
+		}
+	}
+
+	return false;
+}
+
+void ClusterGeoIpService::_parseLine(const char *line,std::vector<_V4E> &v4db,std::vector<_V6E> &v6db,int ipStartColumn,int ipEndColumn,int latitudeColumn,int longitudeColumn)
+{
+	std::vector<std::string> ls(Utils::split(line,",\t","\\","\"'"));
+	if ( ((ipStartColumn >= 0)&&(ipStartColumn < (int)ls.size()))&&
+	     ((ipEndColumn >= 0)&&(ipEndColumn < (int)ls.size()))&&
+	     ((latitudeColumn >= 0)&&(latitudeColumn < (int)ls.size()))&&
+	     ((longitudeColumn >= 0)&&(longitudeColumn < (int)ls.size())) ) {
+		InetAddress ipStart(ls[ipStartColumn].c_str(),0);
+		InetAddress ipEnd(ls[ipEndColumn].c_str(),0);
+		const double lat = strtod(ls[latitudeColumn].c_str(),(char **)0);
+		const double lon = strtod(ls[longitudeColumn].c_str(),(char **)0);
+
+		if ((ipStart.ss_family == ipEnd.ss_family)&&(ipStart)&&(ipEnd)&&(std::isfinite(lat))&&(std::isfinite(lon))) {
+			const double latRadians = lat * 0.01745329251994; // PI / 180
+			const double lonRadians = lon * 0.01745329251994; // PI / 180
+			const double cosLat = cos(latRadians);
+			const int x = (int)round((-6371.0) * cosLat * cos(lonRadians)); // 6371 == Earth's approximate radius in kilometers
+			const int y = (int)round(6371.0 * sin(latRadians));
+			const int z = (int)round(6371.0 * cosLat * sin(lonRadians));
+
+			if (ipStart.ss_family == AF_INET) {
+				v4db.push_back(_V4E());
+				v4db.back().start = Utils::ntoh((uint32_t)(reinterpret_cast<const struct sockaddr_in *>(&ipStart)->sin_addr.s_addr));
+				v4db.back().end = Utils::ntoh((uint32_t)(reinterpret_cast<const struct sockaddr_in *>(&ipEnd)->sin_addr.s_addr));
+				v4db.back().lat = (float)lat;
+				v4db.back().lon = (float)lon;
+				v4db.back().x = x;
+				v4db.back().y = y;
+				v4db.back().z = z;
+				//printf("%s - %s : %d,%d,%d\n",ipStart.toIpString().c_str(),ipEnd.toIpString().c_str(),x,y,z);
+			} else if (ipStart.ss_family == AF_INET6) {
+				v6db.push_back(_V6E());
+				memcpy(v6db.back().start,reinterpret_cast<const struct sockaddr_in6 *>(&ipStart)->sin6_addr.s6_addr,16);
+				memcpy(v6db.back().end,reinterpret_cast<const struct sockaddr_in6 *>(&ipEnd)->sin6_addr.s6_addr,16);
+				v6db.back().lat = (float)lat;
+				v6db.back().lon = (float)lon;
+				v6db.back().x = x;
+				v6db.back().y = y;
+				v6db.back().z = z;
+				//printf("%s - %s : %d,%d,%d\n",ipStart.toIpString().c_str(),ipEnd.toIpString().c_str(),x,y,z);
+			}
+		}
+	}
+}
+
+long ClusterGeoIpService::_load(const char *pathToCsv,int ipStartColumn,int ipEndColumn,int latitudeColumn,int longitudeColumn)
+{
+	// assumes _lock is locked
+
+	FILE *f = fopen(pathToCsv,"rb");
+	if (!f)
+		return -1;
+
+	std::vector<_V4E> v4db;
+	std::vector<_V6E> v6db;
+	v4db.reserve(16777216);
+	v6db.reserve(16777216);
+
+	char buf[4096];
+	char linebuf[1024];
+	unsigned int lineptr = 0;
+	for(;;) {
+		int n = (int)fread(buf,1,sizeof(buf),f);
+		if (n <= 0)
+			break;
+		for(int i=0;i<n;++i) {
+			if ((buf[i] == '\r')||(buf[i] == '\n')||(buf[i] == (char)0)) {
+				if (lineptr) {
+					linebuf[lineptr] = (char)0;
+					_parseLine(linebuf,v4db,v6db,ipStartColumn,ipEndColumn,latitudeColumn,longitudeColumn);
+				}
+				lineptr = 0;
+			} else if (lineptr < (unsigned int)sizeof(linebuf))
+				linebuf[lineptr++] = buf[i];
+		}
+	}
+	if (lineptr) {
+		linebuf[lineptr] = (char)0;
+		_parseLine(linebuf,v4db,v6db,ipStartColumn,ipEndColumn,latitudeColumn,longitudeColumn);
+	}
+
+	fclose(f);
+
+	if ((v4db.size() > 0)||(v6db.size() > 0)) {
+		std::sort(v4db.begin(),v4db.end());
+		std::sort(v6db.begin(),v6db.end());
+
+		_pathToCsv = pathToCsv;
+		_ipStartColumn = ipStartColumn;
+		_ipEndColumn = ipEndColumn;
+		_latitudeColumn = latitudeColumn;
+		_longitudeColumn = longitudeColumn;
+
+		_lastFileCheckTime = OSUtils::now();
+		_csvModificationTime = OSUtils::getLastModified(pathToCsv);
+		_csvFileSize = OSUtils::getFileSize(pathToCsv);
+
+		_v4db.swap(v4db);
+		_v6db.swap(v6db);
+
+		return (long)(_v4db.size() + _v6db.size());
+	} else {
+		return 0;
+	}
+}
+
+} // namespace ZeroTier
+
+#endif // ZT_ENABLE_CLUSTER
+
+/*
+int main(int argc,char **argv)
+{
+	char buf[1024];
+
+	ZeroTier::ClusterGeoIpService gip;
+	printf("loading...\n");
+	gip.load("/Users/api/Code/ZeroTier/Infrastructure/root-servers/zerotier-one/cluster-geoip.csv",0,1,5,6);
+	printf("... done!\n"); fflush(stdout);
+
+	while (gets(buf)) { // unsafe, testing only
+		ZeroTier::InetAddress addr(buf,0);
+		printf("looking up: %s\n",addr.toString().c_str()); fflush(stdout);
+		int x = 0,y = 0,z = 0;
+		if (gip.locate(addr,x,y,z)) {
+			//printf("%s: %d,%d,%d\n",addr.toString().c_str(),x,y,z); fflush(stdout);
+		} else {
+			printf("%s: not found!\n",addr.toString().c_str()); fflush(stdout);
+		}
+	}
+
+	return 0;
+}
+*/
diff --git a/service/ClusterGeoIpService.hpp b/service/ClusterGeoIpService.hpp
new file mode 100644
index 0000000..ff2fcdb
--- /dev/null
+++ b/service/ClusterGeoIpService.hpp
@@ -0,0 +1,143 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_CLUSTERGEOIPSERVICE_HPP
+#define ZT_CLUSTERGEOIPSERVICE_HPP
+
+#ifdef ZT_ENABLE_CLUSTER
+
+#include <stdint.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <vector>
+#include <string>
+#include <algorithm>
+
+#include "../node/Constants.hpp"
+#include "../node/Mutex.hpp"
+#include "../node/NonCopyable.hpp"
+#include "../node/InetAddress.hpp"
+
+namespace ZeroTier {
+
+/**
+ * Loads a GeoIP CSV into memory for fast lookup, reloading as needed
+ *
+ * This was designed around the CSV from https://db-ip.com but can be used
+ * with any similar GeoIP CSV database that is presented in the form of an
+ * IP range and lat/long coordinates.
+ *
+ * It loads the whole database into memory, which can be kind of large. If
+ * the CSV file changes, the changes are loaded automatically.
+ */
+class ClusterGeoIpService : NonCopyable
+{
+public:
+	ClusterGeoIpService();
+	~ClusterGeoIpService();
+
+	/**
+	 * Load or reload CSV file
+	 *
+	 * CSV column indexes start at zero. CSVs can be quoted with single or
+	 * double quotes. Whitespace before or after commas is ignored. Backslash
+	 * may be used for escaping whitespace as well.
+	 *
+	 * @param pathToCsv Path to (uncompressed) CSV file
+	 * @param ipStartColumn Column with IP range start
+	 * @param ipEndColumn Column with IP range end (inclusive)
+	 * @param latitudeColumn Column with latitude
+	 * @param longitudeColumn Column with longitude
+	 * @return Number of valid records loaded or -1 on error (invalid file, not found, etc.)
+	 */
+	inline long load(const char *pathToCsv,int ipStartColumn,int ipEndColumn,int latitudeColumn,int longitudeColumn)
+	{
+		Mutex::Lock _l(_lock);
+		return _load(pathToCsv,ipStartColumn,ipEndColumn,latitudeColumn,longitudeColumn);
+	}
+
+	/**
+	 * Attempt to locate an IP
+	 *
+	 * This returns true if x, y, and z are set. If the return value is false
+	 * the values of x, y, and z are undefined.
+	 *
+	 * @param ip IPv4 or IPv6 address
+	 * @param x Reference to variable to receive X
+	 * @param y Reference to variable to receive Y
+	 * @param z Reference to variable to receive Z
+	 * @return True if coordinates were set
+	 */
+	bool locate(const InetAddress &ip,int &x,int &y,int &z);
+
+	/**
+	 * @return True if IP database/service is available for queries (otherwise locate() will always be false)
+	 */
+	inline bool available() const
+	{
+		Mutex::Lock _l(_lock);
+		return ((_v4db.size() + _v6db.size()) > 0);
+	}
+
+private:
+	struct _V4E
+	{
+		uint32_t start;
+		uint32_t end;
+		float lat,lon;
+		int16_t x,y,z;
+
+		inline bool operator<(const _V4E &e) const { return (start < e.start); }
+	};
+
+	struct _V6E
+	{
+		uint8_t start[16];
+		uint8_t end[16];
+		float lat,lon;
+		int16_t x,y,z;
+
+		inline bool operator<(const _V6E &e) const { return (memcmp(start,e.start,16) < 0); }
+	};
+
+	static void _parseLine(const char *line,std::vector<_V4E> &v4db,std::vector<_V6E> &v6db,int ipStartColumn,int ipEndColumn,int latitudeColumn,int longitudeColumn);
+	long _load(const char *pathToCsv,int ipStartColumn,int ipEndColumn,int latitudeColumn,int longitudeColumn);
+
+	std::string _pathToCsv;
+	int _ipStartColumn;
+	int _ipEndColumn;
+	int _latitudeColumn;
+	int _longitudeColumn;
+
+	uint64_t _lastFileCheckTime;
+	uint64_t _csvModificationTime;
+	int64_t _csvFileSize;
+
+	std::vector<_V4E> _v4db;
+	std::vector<_V6E> _v6db;
+
+	Mutex _lock;
+};
+
+} // namespace ZeroTier
+
+#endif // ZT_ENABLE_CLUSTER
+
+#endif
diff --git a/service/ControlPlane.cpp b/service/ControlPlane.cpp
new file mode 100644
index 0000000..a10697a
--- /dev/null
+++ b/service/ControlPlane.cpp
@@ -0,0 +1,628 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "ControlPlane.hpp"
+#include "OneService.hpp"
+
+#include "../version.h"
+#include "../include/ZeroTierOne.h"
+
+#ifdef ZT_USE_SYSTEM_HTTP_PARSER
+#include <http_parser.h>
+#else
+#include "../ext/http-parser/http_parser.h"
+#endif
+
+#ifdef ZT_USE_SYSTEM_JSON_PARSER
+#include <json-parser/json.h>
+#else
+#include "../ext/json-parser/json.h"
+#endif
+
+#ifdef ZT_ENABLE_NETWORK_CONTROLLER
+#include "../controller/SqliteNetworkController.hpp"
+#endif
+
+#include "../node/InetAddress.hpp"
+#include "../node/Node.hpp"
+#include "../node/Utils.hpp"
+#include "../osdep/OSUtils.hpp"
+
+namespace ZeroTier {
+
+static std::string _jsonEscape(const char *s)
+{
+	std::string buf;
+	for(const char *p=s;(*p);++p) {
+		switch(*p) {
+			case '\t': buf.append("\\t");  break;
+			case '\b': buf.append("\\b");  break;
+			case '\r': buf.append("\\r");  break;
+			case '\n': buf.append("\\n");  break;
+			case '\f': buf.append("\\f");  break;
+			case '"':  buf.append("\\\""); break;
+			case '\\': buf.append("\\\\"); break;
+			case '/':  buf.append("\\/");  break;
+			default:   buf.push_back(*p);  break;
+		}
+	}
+	return buf;
+}
+static std::string _jsonEscape(const std::string &s) { return _jsonEscape(s.c_str()); }
+
+static std::string _jsonEnumerate(const struct sockaddr_storage *ss,unsigned int count)
+{
+	std::string buf;
+	buf.push_back('[');
+	for(unsigned int i=0;i<count;++i) {
+		if (i > 0)
+			buf.push_back(',');
+		buf.push_back('"');
+		buf.append(_jsonEscape(reinterpret_cast<const InetAddress *>(&(ss[i]))->toString()));
+		buf.push_back('"');
+	}
+	buf.push_back(']');
+	return buf;
+}
+static std::string _jsonEnumerate(const ZT_VirtualNetworkRoute *routes,unsigned int count)
+{
+	std::string buf;
+	buf.push_back('[');
+	for(unsigned int i=0;i<count;++i) {
+		if (i > 0)
+			buf.push_back(',');
+		buf.append("{\"target\":\"");
+		buf.append(_jsonEscape(reinterpret_cast<const InetAddress *>(&(routes[i].target))->toString()));
+		buf.append("\",\"via\":");
+		if (routes[i].via.ss_family == routes[i].target.ss_family) {
+			buf.push_back('"');
+			buf.append(_jsonEscape(reinterpret_cast<const InetAddress *>(&(routes[i].via))->toIpString()));
+			buf.append("\",");
+		} else buf.append("null,");
+		char tmp[1024];
+		Utils::snprintf(tmp,sizeof(tmp),"\"flags\":%u,\"metric\":%u}",(unsigned int)routes[i].flags,(unsigned int)routes[i].metric);
+		buf.append(tmp);
+	}
+	buf.push_back(']');
+	return buf;
+}
+
+static void _jsonAppend(unsigned int depth,std::string &buf,const ZT_VirtualNetworkConfig *nc,const std::string &portDeviceName,const OneService::NetworkSettings &localSettings)
+{
+	char json[4096];
+	char prefix[32];
+
+	if (depth >= sizeof(prefix)) // sanity check -- shouldn't be possible
+		return;
+	for(unsigned int i=0;i<depth;++i)
+		prefix[i] = '\t';
+	prefix[depth] = '\0';
+
+	const char *nstatus = "",*ntype = "";
+	switch(nc->status) {
+		case ZT_NETWORK_STATUS_REQUESTING_CONFIGURATION: nstatus = "REQUESTING_CONFIGURATION"; break;
+		case ZT_NETWORK_STATUS_OK:                       nstatus = "OK"; break;
+		case ZT_NETWORK_STATUS_ACCESS_DENIED:            nstatus = "ACCESS_DENIED"; break;
+		case ZT_NETWORK_STATUS_NOT_FOUND:                nstatus = "NOT_FOUND"; break;
+		case ZT_NETWORK_STATUS_PORT_ERROR:               nstatus = "PORT_ERROR"; break;
+		case ZT_NETWORK_STATUS_CLIENT_TOO_OLD:           nstatus = "CLIENT_TOO_OLD"; break;
+	}
+	switch(nc->type) {
+		case ZT_NETWORK_TYPE_PRIVATE:                    ntype = "PRIVATE"; break;
+		case ZT_NETWORK_TYPE_PUBLIC:                     ntype = "PUBLIC"; break;
+	}
+
+	Utils::snprintf(json,sizeof(json),
+		"%s{\n"
+		"%s\t\"nwid\": \"%.16llx\",\n"
+		"%s\t\"mac\": \"%.2x:%.2x:%.2x:%.2x:%.2x:%.2x\",\n"
+		"%s\t\"name\": \"%s\",\n"
+		"%s\t\"status\": \"%s\",\n"
+		"%s\t\"type\": \"%s\",\n"
+		"%s\t\"mtu\": %u,\n"
+		"%s\t\"dhcp\": %s,\n"
+		"%s\t\"bridge\": %s,\n"
+		"%s\t\"broadcastEnabled\": %s,\n"
+		"%s\t\"portError\": %d,\n"
+		"%s\t\"netconfRevision\": %lu,\n"
+		"%s\t\"assignedAddresses\": %s,\n"
+		"%s\t\"routes\": %s,\n"
+		"%s\t\"portDeviceName\": \"%s\",\n"
+		"%s\t\"allowManaged\": %s,\n"
+		"%s\t\"allowGlobal\": %s,\n"
+		"%s\t\"allowDefault\": %s\n"
+		"%s}",
+		prefix,
+		prefix,nc->nwid,
+		prefix,(unsigned int)((nc->mac >> 40) & 0xff),(unsigned int)((nc->mac >> 32) & 0xff),(unsigned int)((nc->mac >> 24) & 0xff),(unsigned int)((nc->mac >> 16) & 0xff),(unsigned int)((nc->mac >> 8) & 0xff),(unsigned int)(nc->mac & 0xff),
+		prefix,_jsonEscape(nc->name).c_str(),
+		prefix,nstatus,
+		prefix,ntype,
+		prefix,nc->mtu,
+		prefix,(nc->dhcp == 0) ? "false" : "true",
+		prefix,(nc->bridge == 0) ? "false" : "true",
+		prefix,(nc->broadcastEnabled == 0) ? "false" : "true",
+		prefix,nc->portError,
+		prefix,nc->netconfRevision,
+		prefix,_jsonEnumerate(nc->assignedAddresses,nc->assignedAddressCount).c_str(),
+		prefix,_jsonEnumerate(nc->routes,nc->routeCount).c_str(),
+		prefix,_jsonEscape(portDeviceName).c_str(),
+		prefix,(localSettings.allowManaged) ? "true" : "false",
+		prefix,(localSettings.allowGlobal) ? "true" : "false",
+		prefix,(localSettings.allowDefault) ? "true" : "false",
+		prefix);
+	buf.append(json);
+}
+
+static std::string _jsonEnumerate(unsigned int depth,const ZT_PeerPhysicalPath *pp,unsigned int count)
+{
+	char json[1024];
+	char prefix[32];
+
+	if (depth >= sizeof(prefix)) // sanity check -- shouldn't be possible
+		return std::string();
+	for(unsigned int i=0;i<depth;++i)
+		prefix[i] = '\t';
+	prefix[depth] = '\0';
+
+	std::string buf;
+	for(unsigned int i=0;i<count;++i) {
+		if (i > 0)
+			buf.push_back(',');
+		Utils::snprintf(json,sizeof(json),
+			"{\n"
+			"%s\t\"address\": \"%s\",\n"
+			"%s\t\"lastSend\": %llu,\n"
+			"%s\t\"lastReceive\": %llu,\n"
+			"%s\t\"active\": %s,\n"
+			"%s\t\"preferred\": %s,\n"
+			"%s\t\"trustedPathId\": %llu\n"
+			"%s}",
+			prefix,_jsonEscape(reinterpret_cast<const InetAddress *>(&(pp[i].address))->toString()).c_str(),
+			prefix,pp[i].lastSend,
+			prefix,pp[i].lastReceive,
+			prefix,(pp[i].active == 0) ? "false" : "true",
+			prefix,(pp[i].preferred == 0) ? "false" : "true",
+			prefix,pp[i].trustedPathId,
+			prefix);
+		buf.append(json);
+	}
+	return buf;
+}
+
+static void _jsonAppend(unsigned int depth,std::string &buf,const ZT_Peer *peer)
+{
+	char json[1024];
+	char prefix[32];
+
+	if (depth >= sizeof(prefix)) // sanity check -- shouldn't be possible
+		return;
+	for(unsigned int i=0;i<depth;++i)
+		prefix[i] = '\t';
+	prefix[depth] = '\0';
+
+	const char *prole = "";
+	switch(peer->role) {
+		case ZT_PEER_ROLE_LEAF:  prole = "LEAF"; break;
+		case ZT_PEER_ROLE_RELAY: prole = "RELAY"; break;
+		case ZT_PEER_ROLE_ROOT:  prole = "ROOT"; break;
+	}
+
+	Utils::snprintf(json,sizeof(json),
+		"%s{\n"
+		"%s\t\"address\": \"%.10llx\",\n"
+		"%s\t\"lastUnicastFrame\": %llu,\n"
+		"%s\t\"lastMulticastFrame\": %llu,\n"
+		"%s\t\"versionMajor\": %d,\n"
+		"%s\t\"versionMinor\": %d,\n"
+		"%s\t\"versionRev\": %d,\n"
+		"%s\t\"version\": \"%d.%d.%d\",\n"
+		"%s\t\"latency\": %u,\n"
+		"%s\t\"role\": \"%s\",\n"
+		"%s\t\"paths\": [%s]\n"
+		"%s}",
+		prefix,
+		prefix,peer->address,
+		prefix,peer->lastUnicastFrame,
+		prefix,peer->lastMulticastFrame,
+		prefix,peer->versionMajor,
+		prefix,peer->versionMinor,
+		prefix,peer->versionRev,
+		prefix,peer->versionMajor,peer->versionMinor,peer->versionRev,
+		prefix,peer->latency,
+		prefix,prole,
+		prefix,_jsonEnumerate(depth+1,peer->paths,peer->pathCount).c_str(),
+		prefix);
+	buf.append(json);
+}
+
+ControlPlane::ControlPlane(OneService *svc,Node *n,const char *uiStaticPath) :
+	_svc(svc),
+	_node(n),
+#ifdef ZT_ENABLE_NETWORK_CONTROLLER
+	_controller((SqliteNetworkController *)0),
+#endif
+	_uiStaticPath((uiStaticPath) ? uiStaticPath : "")
+{
+}
+
+ControlPlane::~ControlPlane()
+{
+}
+
+unsigned int ControlPlane::handleRequest(
+	const InetAddress &fromAddress,
+	unsigned int httpMethod,
+	const std::string &path,
+	const std::map<std::string,std::string> &headers,
+	const std::string &body,
+	std::string &responseBody,
+	std::string &responseContentType)
+{
+	char json[8194];
+	unsigned int scode = 404;
+	std::vector<std::string> ps(Utils::split(path.c_str(),"/","",""));
+	std::map<std::string,std::string> urlArgs;
+	Mutex::Lock _l(_lock);
+
+	if (!((fromAddress.ipsEqual(InetAddress::LO4))||(fromAddress.ipsEqual(InetAddress::LO6))))
+		return 403; // Forbidden: we only allow access from localhost right now
+
+	/* Note: this is kind of restricted in what it'll take. It does not support
+	 * URL encoding, and /'s in URL args will screw it up. But the only URL args
+	 * it really uses in ?jsonp=funcionName, and otherwise it just takes simple
+	 * paths to simply-named resources. */
+	if (ps.size() > 0) {
+		std::size_t qpos = ps[ps.size() - 1].find('?');
+		if (qpos != std::string::npos) {
+			std::string args(ps[ps.size() - 1].substr(qpos + 1));
+			ps[ps.size() - 1] = ps[ps.size() - 1].substr(0,qpos);
+			std::vector<std::string> asplit(Utils::split(args.c_str(),"&","",""));
+			for(std::vector<std::string>::iterator a(asplit.begin());a!=asplit.end();++a) {
+				std::size_t eqpos = a->find('=');
+				if (eqpos == std::string::npos)
+					urlArgs[*a] = "";
+				else urlArgs[a->substr(0,eqpos)] = a->substr(eqpos + 1);
+			}
+		}
+	} else {
+		ps.push_back(std::string("index.html"));
+	}
+
+	bool isAuth = false;
+	{
+		std::map<std::string,std::string>::const_iterator ah(headers.find("x-zt1-auth"));
+		if ((ah != headers.end())&&(_authTokens.count(ah->second) > 0)) {
+			isAuth = true;
+		} else {
+			ah = urlArgs.find("auth");
+			if ((ah != urlArgs.end())&&(_authTokens.count(ah->second) > 0))
+				isAuth = true;
+		}
+	}
+
+	if (httpMethod == HTTP_GET) {
+
+		std::string ext;
+		std::size_t dotIdx = ps[0].find_last_of('.');
+		if (dotIdx != std::string::npos)
+			ext = ps[0].substr(dotIdx);
+
+		if ((ps.size() == 1)&&(ext.length() >= 2)&&(ext[0] == '.')) {
+			/* Static web pages can be served without authentication to enable a simple web
+			 * UI. This is still only allowed from approved IP addresses. Anything with a
+			 * dot in the first path element (e.g. foo.html) is considered a static page,
+			 * as nothing in the API is so named. */
+
+			if (_uiStaticPath.length() > 0) {
+				if (ext == ".html")
+					responseContentType = "text/html";
+				else if (ext == ".js")
+					responseContentType = "application/javascript";
+				else if (ext == ".jsx")
+					responseContentType = "text/jsx";
+				else if (ext == ".json")
+					responseContentType = "application/json";
+				else if (ext == ".css")
+					responseContentType = "text/css";
+				else if (ext == ".png")
+					responseContentType = "image/png";
+				else if (ext == ".jpg")
+					responseContentType = "image/jpeg";
+				else if (ext == ".gif")
+					responseContentType = "image/gif";
+				else if (ext == ".txt")
+					responseContentType = "text/plain";
+				else if (ext == ".xml")
+					responseContentType = "text/xml";
+				else if (ext == ".svg")
+					responseContentType = "image/svg+xml";
+				else responseContentType = "application/octet-stream";
+				scode = OSUtils::readFile((_uiStaticPath + ZT_PATH_SEPARATOR_S + ps[0]).c_str(),responseBody) ? 200 : 404;
+			} else {
+				scode = 404;
+			}
+
+		} else if (isAuth) {
+			/* Things that require authentication -- a.k.a. everything but static web app pages. */
+
+			if (ps[0] == "status") {
+				responseContentType = "application/json";
+
+				ZT_NodeStatus status;
+				_node->status(&status);
+
+				std::string clusterJson;
+#ifdef ZT_ENABLE_CLUSTER
+				{
+					ZT_ClusterStatus cs;
+					_node->clusterStatus(&cs);
+
+					if (cs.clusterSize >= 1) {
+						char t[1024];
+						Utils::snprintf(t,sizeof(t),"{\n\t\t\"myId\": %u,\n\t\t\"clusterSize\": %u,\n\t\t\"members\": [",cs.myId,cs.clusterSize);
+						clusterJson.append(t);
+						for(unsigned int i=0;i<cs.clusterSize;++i) {
+							Utils::snprintf(t,sizeof(t),"%s\t\t\t{\n\t\t\t\t\"id\": %u,\n\t\t\t\t\"msSinceLastHeartbeat\": %u,\n\t\t\t\t\"alive\": %s,\n\t\t\t\t\"x\": %d,\n\t\t\t\t\"y\": %d,\n\t\t\t\t\"z\": %d,\n\t\t\t\t\"load\": %llu,\n\t\t\t\t\"peers\": %llu\n\t\t\t}",
+								((i == 0) ? "\n" : ",\n"),
+								cs.members[i].id,
+								cs.members[i].msSinceLastHeartbeat,
+								(cs.members[i].alive != 0) ? "true" : "false",
+								cs.members[i].x,
+								cs.members[i].y,
+								cs.members[i].z,
+								cs.members[i].load,
+								cs.members[i].peers);
+							clusterJson.append(t);
+						}
+						clusterJson.append(" ]\n\t\t}");
+					}
+				}
+#endif
+
+				Utils::snprintf(json,sizeof(json),
+					"{\n"
+					"\t\"address\": \"%.10llx\",\n"
+					"\t\"publicIdentity\": \"%s\",\n"
+					"\t\"worldId\": %llu,\n"
+					"\t\"worldTimestamp\": %llu,\n"
+					"\t\"online\": %s,\n"
+					"\t\"tcpFallbackActive\": %s,\n"
+					"\t\"versionMajor\": %d,\n"
+					"\t\"versionMinor\": %d,\n"
+					"\t\"versionRev\": %d,\n"
+					"\t\"version\": \"%d.%d.%d\",\n"
+					"\t\"clock\": %llu,\n"
+					"\t\"cluster\": %s\n"
+					"}\n",
+					status.address,
+					status.publicIdentity,
+					status.worldId,
+					status.worldTimestamp,
+					(status.online) ? "true" : "false",
+					(_svc->tcpFallbackActive()) ? "true" : "false",
+					ZEROTIER_ONE_VERSION_MAJOR,
+					ZEROTIER_ONE_VERSION_MINOR,
+					ZEROTIER_ONE_VERSION_REVISION,
+					ZEROTIER_ONE_VERSION_MAJOR,ZEROTIER_ONE_VERSION_MINOR,ZEROTIER_ONE_VERSION_REVISION,
+					(unsigned long long)OSUtils::now(),
+					((clusterJson.length() > 0) ? clusterJson.c_str() : "null"));
+				responseBody = json;
+				scode = 200;
+			} else if (ps[0] == "config") {
+				responseContentType = "application/json";
+				responseBody = "{}"; // TODO
+				scode = 200;
+			} else if (ps[0] == "network") {
+				ZT_VirtualNetworkList *nws = _node->networks();
+				if (nws) {
+					if (ps.size() == 1) {
+						// Return [array] of all networks
+						responseContentType = "application/json";
+						responseBody = "[\n";
+						for(unsigned long i=0;i<nws->networkCount;++i) {
+							if (i > 0)
+								responseBody.append(",");
+							OneService::NetworkSettings localSettings;
+							_svc->getNetworkSettings(nws->networks[i].nwid,localSettings);
+							_jsonAppend(1,responseBody,&(nws->networks[i]),_svc->portDeviceName(nws->networks[i].nwid),localSettings);
+						}
+						responseBody.append("\n]\n");
+						scode = 200;
+					} else if (ps.size() == 2) {
+						// Return a single network by ID or 404 if not found
+						uint64_t wantnw = Utils::hexStrToU64(ps[1].c_str());
+						for(unsigned long i=0;i<nws->networkCount;++i) {
+							if (nws->networks[i].nwid == wantnw) {
+								responseContentType = "application/json";
+								OneService::NetworkSettings localSettings;
+								_svc->getNetworkSettings(nws->networks[i].nwid,localSettings);
+								_jsonAppend(0,responseBody,&(nws->networks[i]),_svc->portDeviceName(nws->networks[i].nwid),localSettings);
+								responseBody.push_back('\n');
+								scode = 200;
+								break;
+							}
+						}
+					} // else 404
+					_node->freeQueryResult((void *)nws);
+				} else scode = 500;
+			} else if (ps[0] == "peer") {
+				ZT_PeerList *pl = _node->peers();
+				if (pl) {
+					if (ps.size() == 1) {
+						// Return [array] of all peers
+						responseContentType = "application/json";
+						responseBody = "[\n";
+						for(unsigned long i=0;i<pl->peerCount;++i) {
+							if (i > 0)
+								responseBody.append(",\n");
+							_jsonAppend(1,responseBody,&(pl->peers[i]));
+						}
+						responseBody.append("\n]\n");
+						scode = 200;
+					} else if (ps.size() == 2) {
+						// Return a single peer by ID or 404 if not found
+						uint64_t wantp = Utils::hexStrToU64(ps[1].c_str());
+						for(unsigned long i=0;i<pl->peerCount;++i) {
+							if (pl->peers[i].address == wantp) {
+								responseContentType = "application/json";
+								_jsonAppend(0,responseBody,&(pl->peers[i]));
+								responseBody.push_back('\n');
+								scode = 200;
+								break;
+							}
+						}
+					} // else 404
+					_node->freeQueryResult((void *)pl);
+				} else scode = 500;
+			} else if (ps[0] == "newIdentity") {
+				// Return a newly generated ZeroTier identity -- this is primarily for debugging
+				// and testing to make it easy for automated test scripts to generate test IDs.
+				Identity newid;
+				newid.generate();
+				responseBody = newid.toString(true);
+				responseContentType = "text/plain";
+				scode = 200;
+			} else {
+#ifdef ZT_ENABLE_NETWORK_CONTROLLER
+				if (_controller)
+					scode = _controller->handleControlPlaneHttpGET(std::vector<std::string>(ps.begin()+1,ps.end()),urlArgs,headers,body,responseBody,responseContentType);
+				else scode = 404;
+#else
+				scode = 404;
+#endif
+			}
+
+		} else scode = 401; // isAuth == false
+
+	} else if ((httpMethod == HTTP_POST)||(httpMethod == HTTP_PUT)) {
+
+		if (isAuth) {
+
+			if (ps[0] == "config") {
+				// TODO
+			} else if (ps[0] == "network") {
+				if (ps.size() == 2) {
+					uint64_t wantnw = Utils::hexStrToU64(ps[1].c_str());
+					_node->join(wantnw,(void *)0); // does nothing if we are a member
+					ZT_VirtualNetworkList *nws = _node->networks();
+					if (nws) {
+						for(unsigned long i=0;i<nws->networkCount;++i) {
+							if (nws->networks[i].nwid == wantnw) {
+								OneService::NetworkSettings localSettings;
+								_svc->getNetworkSettings(nws->networks[i].nwid,localSettings);
+
+								json_value *j = json_parse(body.c_str(),body.length());
+								if (j) {
+									if (j->type == json_object) {
+										for(unsigned int k=0;k<j->u.object.length;++k) {
+											if (!strcmp(j->u.object.values[k].name,"allowManaged")) {
+												if (j->u.object.values[k].value->type == json_boolean)
+													localSettings.allowManaged = (j->u.object.values[k].value->u.boolean != 0);
+											} else if (!strcmp(j->u.object.values[k].name,"allowGlobal")) {
+												if (j->u.object.values[k].value->type == json_boolean)
+													localSettings.allowGlobal = (j->u.object.values[k].value->u.boolean != 0);
+											} else if (!strcmp(j->u.object.values[k].name,"allowDefault")) {
+												if (j->u.object.values[k].value->type == json_boolean)
+													localSettings.allowDefault = (j->u.object.values[k].value->u.boolean != 0);
+											}
+										}
+									}
+									json_value_free(j);
+								}
+
+								_svc->setNetworkSettings(nws->networks[i].nwid,localSettings);
+
+								responseContentType = "application/json";
+								_jsonAppend(0,responseBody,&(nws->networks[i]),_svc->portDeviceName(nws->networks[i].nwid),localSettings);
+								responseBody.push_back('\n');
+								scode = 200;
+								break;
+							}
+						}
+						_node->freeQueryResult((void *)nws);
+					} else scode = 500;
+				}
+			} else {
+#ifdef ZT_ENABLE_NETWORK_CONTROLLER
+				if (_controller)
+					scode = _controller->handleControlPlaneHttpPOST(std::vector<std::string>(ps.begin()+1,ps.end()),urlArgs,headers,body,responseBody,responseContentType);
+				else scode = 404;
+#else
+				scode = 404;
+#endif
+			}
+
+		} else scode = 401; // isAuth == false
+
+	} else if (httpMethod == HTTP_DELETE) {
+
+		if (isAuth) {
+
+			if (ps[0] == "config") {
+				// TODO
+			} else if (ps[0] == "network") {
+				ZT_VirtualNetworkList *nws = _node->networks();
+				if (nws) {
+					if (ps.size() == 2) {
+						uint64_t wantnw = Utils::hexStrToU64(ps[1].c_str());
+						for(unsigned long i=0;i<nws->networkCount;++i) {
+							if (nws->networks[i].nwid == wantnw) {
+								_node->leave(wantnw,(void **)0);
+								responseBody = "true";
+								responseContentType = "application/json";
+								scode = 200;
+								break;
+							}
+						}
+					} // else 404
+					_node->freeQueryResult((void *)nws);
+				} else scode = 500;
+			} else {
+#ifdef ZT_ENABLE_NETWORK_CONTROLLER
+				if (_controller)
+					scode = _controller->handleControlPlaneHttpDELETE(std::vector<std::string>(ps.begin()+1,ps.end()),urlArgs,headers,body,responseBody,responseContentType);
+				else scode = 404;
+#else
+				scode = 404;
+#endif
+			}
+
+		} else {
+			scode = 401; // isAuth = false
+		}
+
+	} else {
+		scode = 400;
+		responseBody = "Method not supported.";
+	}
+
+	// Wrap result in jsonp function call if the user included a jsonp= url argument.
+	// Also double-check isAuth since forbidding this without auth feels safer.
+	std::map<std::string,std::string>::const_iterator jsonp(urlArgs.find("jsonp"));
+	if ((isAuth)&&(jsonp != urlArgs.end())&&(responseContentType == "application/json")) {
+		if (responseBody.length() > 0)
+			responseBody = jsonp->second + "(" + responseBody + ");";
+		else responseBody = jsonp->second + "(null);";
+		responseContentType = "application/javascript";
+	}
+
+	return scode;
+}
+
+} // namespace ZeroTier
diff --git a/service/ControlPlane.hpp b/service/ControlPlane.hpp
new file mode 100644
index 0000000..08a9d6e
--- /dev/null
+++ b/service/ControlPlane.hpp
@@ -0,0 +1,102 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_ONE_CONTROLPLANE_HPP
+#define ZT_ONE_CONTROLPLANE_HPP
+
+#include <string>
+#include <map>
+#include <set>
+
+#include "../include/ZeroTierOne.h"
+
+#include "../node/Mutex.hpp"
+
+namespace ZeroTier {
+
+class OneService;
+class Node;
+class SqliteNetworkController;
+struct InetAddress;
+
+/**
+ * HTTP control plane and static web server
+ */
+class ControlPlane
+{
+public:
+	ControlPlane(OneService *svc,Node *n,const char *uiStaticPath);
+	~ControlPlane();
+
+#ifdef ZT_ENABLE_NETWORK_CONTROLLER
+	/**
+	 * Set controller, which will be available under /controller
+	 *
+	 * @param c Network controller instance
+	 */
+	inline void setController(SqliteNetworkController *c)
+	{
+		Mutex::Lock _l(_lock);
+		_controller = c;
+	}
+#endif
+
+	/**
+	 * Add an authentication token for API access
+	 */
+	inline void addAuthToken(const char *tok)
+	{
+		Mutex::Lock _l(_lock);
+		_authTokens.insert(std::string(tok));
+	}
+
+	/**
+	 * Handle HTTP request
+	 *
+	 * @param fromAddress Originating IP address of request
+	 * @param httpMethod HTTP method (as defined in ext/http-parser/http_parser.h)
+	 * @param path Request path
+	 * @param headers Request headers
+	 * @param body Request body
+	 * @param responseBody Result parameter: fill with response data
+	 * @param responseContentType Result parameter: fill with content type
+	 * @return HTTP response code
+	 */
+	unsigned int handleRequest(
+		const InetAddress &fromAddress,
+		unsigned int httpMethod,
+		const std::string &path,
+		const std::map<std::string,std::string> &headers,
+		const std::string &body,
+		std::string &responseBody,
+		std::string &responseContentType);
+
+private:
+	OneService *const _svc;
+	Node *const _node;
+#ifdef ZT_ENABLE_NETWORK_CONTROLLER
+	SqliteNetworkController *_controller;
+#endif
+	std::string _uiStaticPath;
+	std::set<std::string> _authTokens;
+	Mutex _lock;
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/service/OneService.cpp b/service/OneService.cpp
new file mode 100644
index 0000000..13820f5
--- /dev/null
+++ b/service/OneService.cpp
@@ -0,0 +1,1993 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <string>
+#include <map>
+#include <set>
+#include <vector>
+#include <algorithm>
+#include <list>
+
+#include "../version.h"
+#include "../include/ZeroTierOne.h"
+
+#ifdef ZT_USE_SYSTEM_HTTP_PARSER
+#include <http_parser.h>
+#else
+#include "../ext/http-parser/http_parser.h"
+#endif
+
+#include "../node/Constants.hpp"
+#include "../node/Mutex.hpp"
+#include "../node/Node.hpp"
+#include "../node/Utils.hpp"
+#include "../node/InetAddress.hpp"
+#include "../node/MAC.hpp"
+#include "../node/Identity.hpp"
+
+#include "../osdep/Phy.hpp"
+#include "../osdep/Thread.hpp"
+#include "../osdep/OSUtils.hpp"
+#include "../osdep/Http.hpp"
+#include "../osdep/BackgroundResolver.hpp"
+#include "../osdep/PortMapper.hpp"
+#include "../osdep/Binder.hpp"
+#include "../osdep/ManagedRoute.hpp"
+
+#include "OneService.hpp"
+#include "ControlPlane.hpp"
+#include "ClusterGeoIpService.hpp"
+#include "ClusterDefinition.hpp"
+
+/**
+ * Uncomment to enable UDP breakage switch
+ *
+ * If this is defined, the presence of a file called /tmp/ZT_BREAK_UDP
+ * will cause direct UDP TX/RX to stop working. This can be used to
+ * test TCP tunneling fallback and other robustness features. Deleting
+ * this file will cause it to start working again.
+ */
+//#define ZT_BREAK_UDP
+
+#ifdef ZT_ENABLE_NETWORK_CONTROLLER
+#include "../controller/SqliteNetworkController.hpp"
+#else
+class SqliteNetworkController;
+#endif // ZT_ENABLE_NETWORK_CONTROLLER
+
+#ifdef __WINDOWS__
+#include <WinSock2.h>
+#include <Windows.h>
+#include <ShlObj.h>
+#include <netioapi.h>
+#include <iphlpapi.h>
+#else
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/wait.h>
+#include <unistd.h>
+#include <ifaddrs.h>
+#endif
+
+// Include the right tap device driver for this platform -- add new platforms here
+#ifdef ZT_SERVICE_NETCON
+
+// In network containers builds, use the virtual netcon endpoint instead of a tun/tap port driver
+#include "../netcon/NetconEthernetTap.hpp"
+namespace ZeroTier { typedef NetconEthernetTap EthernetTap; }
+
+#else // not ZT_SERVICE_NETCON so pick a tap driver
+
+#ifdef __APPLE__
+#include "../osdep/OSXEthernetTap.hpp"
+namespace ZeroTier { typedef OSXEthernetTap EthernetTap; }
+#endif // __APPLE__
+#ifdef __LINUX__
+#include "../osdep/LinuxEthernetTap.hpp"
+namespace ZeroTier { typedef LinuxEthernetTap EthernetTap; }
+#endif // __LINUX__
+#ifdef __WINDOWS__
+#include "../osdep/WindowsEthernetTap.hpp"
+namespace ZeroTier { typedef WindowsEthernetTap EthernetTap; }
+#endif // __WINDOWS__
+#ifdef __FreeBSD__
+#include "../osdep/BSDEthernetTap.hpp"
+namespace ZeroTier { typedef BSDEthernetTap EthernetTap; }
+#endif // __FreeBSD__
+
+#endif // ZT_SERVICE_NETCON
+
+// Sanity limits for HTTP
+#define ZT_MAX_HTTP_MESSAGE_SIZE (1024 * 1024 * 64)
+#define ZT_MAX_HTTP_CONNECTIONS 64
+
+// Interface metric for ZeroTier taps -- this ensures that if we are on WiFi and also
+// bridged via ZeroTier to the same LAN traffic will (if the OS is sane) prefer WiFi.
+#define ZT_IF_METRIC 5000
+
+// How often to check for new multicast subscriptions on a tap device
+#define ZT_TAP_CHECK_MULTICAST_INTERVAL 5000
+
+// Path under ZT1 home for controller database if controller is enabled
+#define ZT_CONTROLLER_DB_PATH "controller.db"
+
+// TCP fallback relay host -- geo-distributed using Amazon Route53 geo-aware DNS
+#define ZT_TCP_FALLBACK_RELAY "tcp-fallback.zerotier.com"
+#define ZT_TCP_FALLBACK_RELAY_PORT 443
+
+// Frequency at which we re-resolve the TCP fallback relay
+#define ZT_TCP_FALLBACK_RERESOLVE_DELAY 86400000
+
+// Attempt to engage TCP fallback after this many ms of no reply to packets sent to global-scope IPs
+#define ZT_TCP_FALLBACK_AFTER 60000
+
+// How often to check for local interface addresses
+#define ZT_LOCAL_INTERFACE_CHECK_INTERVAL 60000
+
+namespace ZeroTier {
+
+namespace {
+
+#ifdef ZT_AUTO_UPDATE
+#define ZT_AUTO_UPDATE_MAX_HTTP_RESPONSE_SIZE (1024 * 1024 * 64)
+#define ZT_AUTO_UPDATE_CHECK_PERIOD 21600000
+class BackgroundSoftwareUpdateChecker
+{
+public:
+	bool isValidSigningIdentity(const Identity &id)
+	{
+		return (
+			/* 0001 - 0004 : obsolete, used in old versions */
+		  /* 0005 */   (id == Identity("ba57ea350e:0:9d4be6d7f86c5660d5ee1951a3d759aa6e12a84fc0c0b74639500f1dbc1a8c566622e7d1c531967ebceb1e9d1761342f88324a8ba520c93c35f92f35080fa23f"))
+		  /* 0006 */ ||(id == Identity("5067b21b83:0:8af477730f5055c48135b84bed6720a35bca4c0e34be4060a4c636288b1ec22217eb22709d610c66ed464c643130c51411bbb0294eef12fbe8ecc1a1e2c63a7a"))
+		  /* 0007 */ ||(id == Identity("4f5e97a8f1:0:57880d056d7baeb04bbc057d6f16e6cb41388570e87f01492fce882485f65a798648595610a3ad49885604e7fb1db2dd3c2c534b75e42c3c0b110ad07b4bb138"))
+		  /* 0008 */ ||(id == Identity("580bbb8e15:0:ad5ef31155bebc6bc413991992387e083fed26d699997ef76e7c947781edd47d1997161fa56ba337b1a2b44b129fd7c7197ce5185382f06011bc88d1363b4ddd"))
+		);
+	}
+
+	void doUpdateCheck()
+	{
+		std::string url(OneService::autoUpdateUrl());
+		if ((url.length() <= 7)||(url.substr(0,7) != "http://"))
+			return;
+
+		std::string httpHost;
+		std::string httpPath;
+		{
+			std::size_t slashIdx = url.substr(7).find_first_of('/');
+			if (slashIdx == std::string::npos) {
+				httpHost = url.substr(7);
+				httpPath = "/";
+			} else {
+				httpHost = url.substr(7,slashIdx);
+				httpPath = url.substr(slashIdx + 7);
+			}
+		}
+		if (httpHost.length() == 0)
+			return;
+
+		std::vector<InetAddress> ips(OSUtils::resolve(httpHost.c_str()));
+		for(std::vector<InetAddress>::iterator ip(ips.begin());ip!=ips.end();++ip) {
+			if (!ip->port())
+				ip->setPort(80);
+			std::string nfoPath = httpPath + "LATEST.nfo";
+			std::map<std::string,std::string> requestHeaders,responseHeaders;
+			std::string body;
+			requestHeaders["Host"] = httpHost;
+			unsigned int scode = Http::GET(ZT_AUTO_UPDATE_MAX_HTTP_RESPONSE_SIZE,60000,reinterpret_cast<const struct sockaddr *>(&(*ip)),nfoPath.c_str(),requestHeaders,responseHeaders,body);
+			//fprintf(stderr,"UPDATE %s %s %u %lu\n",ip->toString().c_str(),nfoPath.c_str(),scode,body.length());
+			if ((scode == 200)&&(body.length() > 0)) {
+				/* NFO fields:
+				 *
+				 * file=<filename>
+				 * signedBy=<signing identity>
+				 * ed25519=<ed25519 ECC signature of archive in hex>
+				 * vMajor=<major version>
+				 * vMinor=<minor version>
+				 * vRevision=<revision> */
+				Dictionary<4096> nfo(body.c_str());
+				char tmp[2048];
+
+				if (nfo.get("vMajor",tmp,sizeof(tmp)) <= 0) return;
+				const unsigned int vMajor = Utils::strToUInt(tmp);
+				if (nfo.get("vMinor",tmp,sizeof(tmp)) <= 0) return;
+				const unsigned int vMinor = Utils::strToUInt(tmp);
+				if (nfo.get("vRevision",tmp,sizeof(tmp)) <= 0) return;
+				const unsigned int vRevision = Utils::strToUInt(tmp);
+				if (Utils::compareVersion(vMajor,vMinor,vRevision,ZEROTIER_ONE_VERSION_MAJOR,ZEROTIER_ONE_VERSION_MINOR,ZEROTIER_ONE_VERSION_REVISION) <= 0) {
+					//fprintf(stderr,"UPDATE %u.%u.%u is not newer than our version\n",vMajor,vMinor,vRevision);
+					return;
+				}
+
+				if (nfo.get("signedBy",tmp,sizeof(tmp)) <= 0) return;
+				Identity signedBy;
+				if ((!signedBy.fromString(tmp))||(!isValidSigningIdentity(signedBy))) {
+					//fprintf(stderr,"UPDATE invalid signedBy or not authorized signing identity.\n");
+					return;
+				}
+
+				if (nfo.get("file",tmp,sizeof(tmp)) <= 0) return;
+				std::string filePath(tmp);
+				if ((!filePath.length())||(filePath.find("..") != std::string::npos))
+					return;
+				filePath = httpPath + filePath;
+
+				std::string fileData;
+				if (Http::GET(ZT_AUTO_UPDATE_MAX_HTTP_RESPONSE_SIZE,60000,reinterpret_cast<const struct sockaddr *>(&(*ip)),filePath.c_str(),requestHeaders,responseHeaders,fileData) != 200) {
+					//fprintf(stderr,"UPDATE GET %s failed\n",filePath.c_str());
+					return;
+				}
+
+				if (nfo.get("ed25519",tmp,sizeof(tmp)) <= 0) return;
+				std::string ed25519(Utils::unhex(tmp));
+				if ((ed25519.length() == 0)||(!signedBy.verify(fileData.data(),(unsigned int)fileData.length(),ed25519.data(),(unsigned int)ed25519.length()))) {
+					//fprintf(stderr,"UPDATE %s failed signature check!\n",filePath.c_str());
+					return;
+				}
+
+				/* --------------------------------------------------------------- */
+				/* We made it! Begin OS-specific installation code. */
+
+#ifdef __APPLE__
+				/* OSX version is in the form of a MacOSX .pkg file, so we will
+				 * launch installer (normally in /usr/sbin) to install it. It will
+				 * then turn around and shut down the service, update files, and
+				 * relaunch. */
+				{
+					char bashp[128],pkgp[128];
+					Utils::snprintf(bashp,sizeof(bashp),"/tmp/ZeroTierOne-update-%u.%u.%u.sh",vMajor,vMinor,vRevision);
+					Utils::snprintf(pkgp,sizeof(pkgp),"/tmp/ZeroTierOne-update-%u.%u.%u.pkg",vMajor,vMinor,vRevision);
+					FILE *pkg = fopen(pkgp,"w");
+					if ((!pkg)||(fwrite(fileData.data(),fileData.length(),1,pkg) != 1)) {
+						fclose(pkg);
+						unlink(bashp);
+						unlink(pkgp);
+						fprintf(stderr,"UPDATE error writing %s\n",pkgp);
+						return;
+					}
+					fclose(pkg);
+					FILE *bash = fopen(bashp,"w");
+					if (!bash) {
+						fclose(pkg);
+						unlink(bashp);
+						unlink(pkgp);
+						fprintf(stderr,"UPDATE error writing %s\n",bashp);
+						return;
+					}
+					fprintf(bash,
+						"#!/bin/bash\n"
+						"export PATH=/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin\n"
+						"sleep 1\n"
+						"installer -pkg \"%s\" -target /\n"
+						"sleep 1\n"
+						"rm -f \"%s\" \"%s\"\n"
+						"exit 0\n",
+						pkgp,
+						pkgp,
+						bashp);
+					fclose(bash);
+					long pid = (long)vfork();
+					if (pid == 0) {
+						setsid(); // detach from parent so that shell isn't killed when parent is killed
+						signal(SIGHUP,SIG_IGN);
+						signal(SIGTERM,SIG_IGN);
+						signal(SIGQUIT,SIG_IGN);
+						execl("/bin/bash","/bin/bash",bashp,(char *)0);
+						exit(0);
+					}
+				}
+#endif // __APPLE__
+
+#ifdef __WINDOWS__
+				/* Windows version comes in the form of .MSI package that
+				 * takes care of everything. */
+				{
+					char tempp[512],batp[512],msip[512],cmdline[512];
+					if (GetTempPathA(sizeof(tempp),tempp) <= 0)
+						return;
+					CreateDirectoryA(tempp,(LPSECURITY_ATTRIBUTES)0);
+					Utils::snprintf(batp,sizeof(batp),"%s\\ZeroTierOne-update-%u.%u.%u.bat",tempp,vMajor,vMinor,vRevision);
+					Utils::snprintf(msip,sizeof(msip),"%s\\ZeroTierOne-update-%u.%u.%u.msi",tempp,vMajor,vMinor,vRevision);
+					FILE *msi = fopen(msip,"wb");
+					if ((!msi)||(fwrite(fileData.data(),(size_t)fileData.length(),1,msi) != 1)) {
+						fclose(msi);
+						return;
+					}
+					fclose(msi);
+					FILE *bat = fopen(batp,"wb");
+					if (!bat)
+						return;
+					fprintf(bat,
+						"TIMEOUT.EXE /T 1 /NOBREAK\r\n"
+						"NET.EXE STOP \"ZeroTierOneService\"\r\n"
+						"TIMEOUT.EXE /T 1 /NOBREAK\r\n"
+						"MSIEXEC.EXE /i \"%s\" /qn\r\n"
+						"TIMEOUT.EXE /T 1 /NOBREAK\r\n"
+						"NET.EXE START \"ZeroTierOneService\"\r\n"
+						"DEL \"%s\"\r\n"
+						"DEL \"%s\"\r\n",
+						msip,
+						msip,
+						batp);
+					fclose(bat);
+					STARTUPINFOA si;
+					PROCESS_INFORMATION pi;
+					memset(&si,0,sizeof(si));
+					memset(&pi,0,sizeof(pi));
+					Utils::snprintf(cmdline,sizeof(cmdline),"CMD.EXE /c \"%s\"",batp);
+					CreateProcessA(NULL,cmdline,NULL,NULL,FALSE,CREATE_NO_WINDOW|CREATE_NEW_PROCESS_GROUP,NULL,NULL,&si,&pi);
+				}
+#endif // __WINDOWS__
+
+				/* --------------------------------------------------------------- */
+
+				return;
+			} // else try to fetch from next IP address
+		}
+	}
+
+	void threadMain()
+		throw()
+	{
+		try {
+			this->doUpdateCheck();
+		} catch ( ... ) {}
+	}
+};
+static BackgroundSoftwareUpdateChecker backgroundSoftwareUpdateChecker;
+#endif // ZT_AUTO_UPDATE
+
+static bool isBlacklistedLocalInterfaceForZeroTierTraffic(const char *ifn)
+{
+#if defined(__linux__) || defined(linux) || defined(__LINUX__) || defined(__linux)
+	if ((ifn[0] == 'l')&&(ifn[1] == 'o')) return true; // loopback
+	if ((ifn[0] == 'z')&&(ifn[1] == 't')) return true; // sanity check: zt#
+	if ((ifn[0] == 't')&&(ifn[1] == 'u')&&(ifn[2] == 'n')) return true; // tun# is probably an OpenVPN tunnel or similar
+	if ((ifn[0] == 't')&&(ifn[1] == 'a')&&(ifn[2] == 'p')) return true; // tap# is probably an OpenVPN tunnel or similar
+#endif
+
+#ifdef __APPLE__
+	if ((ifn[0] == 'l')&&(ifn[1] == 'o')) return true; // loopback
+	if ((ifn[0] == 'z')&&(ifn[1] == 't')) return true; // sanity check: zt#
+	if ((ifn[0] == 't')&&(ifn[1] == 'u')&&(ifn[2] == 'n')) return true; // tun# is probably an OpenVPN tunnel or similar
+	if ((ifn[0] == 't')&&(ifn[1] == 'a')&&(ifn[2] == 'p')) return true; // tap# is probably an OpenVPN tunnel or similar
+	if ((ifn[0] == 'u')&&(ifn[1] == 't')&&(ifn[2] == 'u')&&(ifn[3] == 'n')) return true; // ... as is utun#
+#endif
+
+	return false;
+}
+
+static std::string _trimString(const std::string &s)
+{
+	unsigned long end = (unsigned long)s.length();
+	while (end) {
+		char c = s[end - 1];
+		if ((c == ' ')||(c == '\r')||(c == '\n')||(!c)||(c == '\t'))
+			--end;
+		else break;
+	}
+	unsigned long start = 0;
+	while (start < end) {
+		char c = s[start];
+		if ((c == ' ')||(c == '\r')||(c == '\n')||(!c)||(c == '\t'))
+			++start;
+		else break;
+	}
+	return s.substr(start,end - start);
+}
+
+class OneServiceImpl;
+
+static int SnodeVirtualNetworkConfigFunction(ZT_Node *node,void *uptr,uint64_t nwid,void **nuptr,enum ZT_VirtualNetworkConfigOperation op,const ZT_VirtualNetworkConfig *nwconf);
+static void SnodeEventCallback(ZT_Node *node,void *uptr,enum ZT_Event event,const void *metaData);
+static long SnodeDataStoreGetFunction(ZT_Node *node,void *uptr,const char *name,void *buf,unsigned long bufSize,unsigned long readIndex,unsigned long *totalSize);
+static int SnodeDataStorePutFunction(ZT_Node *node,void *uptr,const char *name,const void *data,unsigned long len,int secure);
+static int SnodeWirePacketSendFunction(ZT_Node *node,void *uptr,const struct sockaddr_storage *localAddr,const struct sockaddr_storage *addr,const void *data,unsigned int len,unsigned int ttl);
+static void SnodeVirtualNetworkFrameFunction(ZT_Node *node,void *uptr,uint64_t nwid,void **nuptr,uint64_t sourceMac,uint64_t destMac,unsigned int etherType,unsigned int vlanId,const void *data,unsigned int len);
+static int SnodePathCheckFunction(ZT_Node *node,void *uptr,const struct sockaddr_storage *localAddr,const struct sockaddr_storage *remoteAddr);
+
+#ifdef ZT_ENABLE_CLUSTER
+static void SclusterSendFunction(void *uptr,unsigned int toMemberId,const void *data,unsigned int len);
+static int SclusterGeoIpFunction(void *uptr,const struct sockaddr_storage *addr,int *x,int *y,int *z);
+#endif
+
+static void StapFrameHandler(void *uptr,uint64_t nwid,const MAC &from,const MAC &to,unsigned int etherType,unsigned int vlanId,const void *data,unsigned int len);
+
+static int ShttpOnMessageBegin(http_parser *parser);
+static int ShttpOnUrl(http_parser *parser,const char *ptr,size_t length);
+#if (HTTP_PARSER_VERSION_MAJOR >= 2) && (HTTP_PARSER_VERSION_MINOR >= 2)
+static int ShttpOnStatus(http_parser *parser,const char *ptr,size_t length);
+#else
+static int ShttpOnStatus(http_parser *parser);
+#endif
+static int ShttpOnHeaderField(http_parser *parser,const char *ptr,size_t length);
+static int ShttpOnValue(http_parser *parser,const char *ptr,size_t length);
+static int ShttpOnHeadersComplete(http_parser *parser);
+static int ShttpOnBody(http_parser *parser,const char *ptr,size_t length);
+static int ShttpOnMessageComplete(http_parser *parser);
+
+#if (HTTP_PARSER_VERSION_MAJOR >= 2) && (HTTP_PARSER_VERSION_MINOR >= 1)
+static const struct http_parser_settings HTTP_PARSER_SETTINGS = {
+	ShttpOnMessageBegin,
+	ShttpOnUrl,
+	ShttpOnStatus,
+	ShttpOnHeaderField,
+	ShttpOnValue,
+	ShttpOnHeadersComplete,
+	ShttpOnBody,
+	ShttpOnMessageComplete
+};
+#else
+static const struct http_parser_settings HTTP_PARSER_SETTINGS = {
+	ShttpOnMessageBegin,
+	ShttpOnUrl,
+	ShttpOnHeaderField,
+	ShttpOnValue,
+	ShttpOnHeadersComplete,
+	ShttpOnBody,
+	ShttpOnMessageComplete
+};
+#endif
+
+struct TcpConnection
+{
+	enum {
+		TCP_HTTP_INCOMING,
+		TCP_HTTP_OUTGOING, // not currently used
+		TCP_TUNNEL_OUTGOING // fale-SSL outgoing tunnel -- HTTP-related fields are not used
+	} type;
+
+	bool shouldKeepAlive;
+	OneServiceImpl *parent;
+	PhySocket *sock;
+	InetAddress from;
+	http_parser parser;
+	unsigned long messageSize;
+	uint64_t lastActivity;
+
+	std::string currentHeaderField;
+	std::string currentHeaderValue;
+
+	std::string url;
+	std::string status;
+	std::map< std::string,std::string > headers;
+	std::string body;
+
+	std::string writeBuf;
+	Mutex writeBuf_m;
+};
+
+// Used to pseudo-randomize local source port picking
+static volatile unsigned int _udpPortPickerCounter = 0;
+
+class OneServiceImpl : public OneService
+{
+public:
+	// begin member variables --------------------------------------------------
+
+	const std::string _homePath;
+	BackgroundResolver _tcpFallbackResolver;
+#ifdef ZT_ENABLE_NETWORK_CONTROLLER
+	SqliteNetworkController *_controller;
+#endif
+	Phy<OneServiceImpl *> _phy;
+	Node *_node;
+
+	/*
+	 * To attempt to handle NAT/gateway craziness we use three local UDP ports:
+	 *
+	 * [0] is the normal/default port, usually 9993
+	 * [1] is a port dervied from our ZeroTier address
+	 * [2] is a port computed from the normal/default for use with uPnP/NAT-PMP mappings
+	 *
+	 * [2] exists because on some gateways trying to do regular NAT-t interferes
+	 * destructively with uPnP port mapping behavior in very weird buggy ways.
+	 * It's only used if uPnP/NAT-PMP is enabled in this build.
+	 */
+
+	Binder _bindings[3];
+	unsigned int _ports[3];
+	uint16_t _portsBE[3]; // ports in big-endian network byte order as in sockaddr
+
+	// Sockets for JSON API -- bound only to V4 and V6 localhost
+	PhySocket *_v4TcpControlSocket;
+	PhySocket *_v6TcpControlSocket;
+
+	// JSON API handler
+	ControlPlane *_controlPlane;
+
+	// Time we last received a packet from a global address
+	uint64_t _lastDirectReceiveFromGlobal;
+#ifdef ZT_TCP_FALLBACK_RELAY
+	uint64_t _lastSendToGlobalV4;
+#endif
+
+	// Last potential sleep/wake event
+	uint64_t _lastRestart;
+
+	// Deadline for the next background task service function
+	volatile uint64_t _nextBackgroundTaskDeadline;
+
+	// Configured networks
+	struct NetworkState
+	{
+		NetworkState() :
+			tap((EthernetTap *)0)
+		{
+			// Real defaults are in network 'up' code in network event handler
+			settings.allowManaged = true;
+			settings.allowGlobal = false;
+			settings.allowDefault = false;
+		}
+
+		EthernetTap *tap;
+		ZT_VirtualNetworkConfig config; // memcpy() of raw config from core
+		std::vector<InetAddress> managedIps;
+		std::list<ManagedRoute> managedRoutes;
+		NetworkSettings settings;
+	};
+	std::map<uint64_t,NetworkState> _nets;
+	Mutex _nets_m;
+
+	// Active TCP/IP connections
+	std::set< TcpConnection * > _tcpConnections; // no mutex for this since it's done in the main loop thread only
+	TcpConnection *_tcpFallbackTunnel;
+
+	// Termination status information
+	ReasonForTermination _termReason;
+	std::string _fatalErrorMessage;
+	Mutex _termReason_m;
+
+	// uPnP/NAT-PMP port mapper if enabled
+#ifdef ZT_USE_MINIUPNPC
+	PortMapper *_portMapper;
+#endif
+
+	// Cluster management instance if enabled
+#ifdef ZT_ENABLE_CLUSTER
+	PhySocket *_clusterMessageSocket;
+	ClusterDefinition *_clusterDefinition;
+	unsigned int _clusterMemberId;
+#endif
+
+	// Set to false to force service to stop
+	volatile bool _run;
+	Mutex _run_m;
+
+	// end member variables ----------------------------------------------------
+
+	OneServiceImpl(const char *hp,unsigned int port) :
+		_homePath((hp) ? hp : ".")
+		,_tcpFallbackResolver(ZT_TCP_FALLBACK_RELAY)
+#ifdef ZT_ENABLE_NETWORK_CONTROLLER
+		,_controller((SqliteNetworkController *)0)
+#endif
+		,_phy(this,false,true)
+		,_node((Node *)0)
+		,_controlPlane((ControlPlane *)0)
+		,_lastDirectReceiveFromGlobal(0)
+#ifdef ZT_TCP_FALLBACK_RELAY
+		,_lastSendToGlobalV4(0)
+#endif
+		,_lastRestart(0)
+		,_nextBackgroundTaskDeadline(0)
+		,_tcpFallbackTunnel((TcpConnection *)0)
+		,_termReason(ONE_STILL_RUNNING)
+#ifdef ZT_USE_MINIUPNPC
+		,_portMapper((PortMapper *)0)
+#endif
+#ifdef ZT_ENABLE_CLUSTER
+		,_clusterMessageSocket((PhySocket *)0)
+		,_clusterDefinition((ClusterDefinition *)0)
+		,_clusterMemberId(0)
+#endif
+		,_run(true)
+	{
+		_ports[0] = 0;
+		_ports[1] = 0;
+		_ports[2] = 0;
+
+		// The control socket is bound to the default/static port on localhost. If we
+		// can do this, we have successfully allocated a port. The binders will take
+		// care of binding non-local addresses for ZeroTier traffic.
+		const int portTrials = (port == 0) ? 256 : 1; // if port is 0, pick random
+		for(int k=0;k<portTrials;++k) {
+			if (port == 0) {
+				unsigned int randp = 0;
+				Utils::getSecureRandom(&randp,sizeof(randp));
+				port = 20000 + (randp % 45500);
+			}
+
+			if (_trialBind(port)) {
+				struct sockaddr_in in4;
+				memset(&in4,0,sizeof(in4));
+				in4.sin_family = AF_INET;
+				in4.sin_addr.s_addr = Utils::hton((uint32_t)0x7f000001); // right now we just listen for TCP @127.0.0.1
+				in4.sin_port = Utils::hton((uint16_t)port);
+				_v4TcpControlSocket = _phy.tcpListen((const struct sockaddr *)&in4,this);
+
+				struct sockaddr_in6 in6;
+				memset((void *)&in6,0,sizeof(in6));
+				in6.sin6_family = AF_INET6;
+				in6.sin6_port = in4.sin_port;
+				in6.sin6_addr.s6_addr[15] = 1; // IPv6 localhost == ::1
+				_v6TcpControlSocket = _phy.tcpListen((const struct sockaddr *)&in6,this);
+
+				// We must bind one of IPv4 or IPv6 -- support either failing to support hosts that
+				// have only IPv4 or only IPv6 stacks.
+				if ((_v4TcpControlSocket)||(_v6TcpControlSocket)) {
+					_ports[0] = port;
+					break;
+				} else {
+					if (_v4TcpControlSocket)
+						_phy.close(_v4TcpControlSocket,false);
+					if (_v6TcpControlSocket)
+						_phy.close(_v6TcpControlSocket,false);
+					port = 0;
+				}
+			} else {
+				port = 0;
+			}
+		}
+
+		if (_ports[0] == 0)
+			throw std::runtime_error("cannot bind to local control interface port");
+
+		char portstr[64];
+		Utils::snprintf(portstr,sizeof(portstr),"%u",_ports[0]);
+		OSUtils::writeFile((_homePath + ZT_PATH_SEPARATOR_S + "zerotier-one.port").c_str(),std::string(portstr));
+	}
+
+	virtual ~OneServiceImpl()
+	{
+		for(int i=0;i<3;++i)
+			_bindings[i].closeAll(_phy);
+
+		_phy.close(_v4TcpControlSocket);
+		_phy.close(_v6TcpControlSocket);
+
+#ifdef ZT_ENABLE_CLUSTER
+		_phy.close(_clusterMessageSocket);
+#endif
+
+#ifdef ZT_USE_MINIUPNPC
+		delete _portMapper;
+#endif
+#ifdef ZT_ENABLE_NETWORK_CONTROLLER
+		delete _controller;
+#endif
+#ifdef ZT_ENABLE_CLUSTER
+		delete _clusterDefinition;
+#endif
+	}
+
+	virtual ReasonForTermination run()
+	{
+		try {
+			std::string authToken;
+			{
+				std::string authTokenPath(_homePath + ZT_PATH_SEPARATOR_S + "authtoken.secret");
+				if (!OSUtils::readFile(authTokenPath.c_str(),authToken)) {
+					unsigned char foo[24];
+					Utils::getSecureRandom(foo,sizeof(foo));
+					authToken = "";
+					for(unsigned int i=0;i<sizeof(foo);++i)
+						authToken.push_back("abcdefghijklmnopqrstuvwxyz0123456789"[(unsigned long)foo[i] % 36]);
+					if (!OSUtils::writeFile(authTokenPath.c_str(),authToken)) {
+						Mutex::Lock _l(_termReason_m);
+						_termReason = ONE_UNRECOVERABLE_ERROR;
+						_fatalErrorMessage = "authtoken.secret could not be written";
+						return _termReason;
+					} else {
+						OSUtils::lockDownFile(authTokenPath.c_str(),false);
+					}
+				}
+			}
+			authToken = _trimString(authToken);
+
+			_node = new Node(
+				OSUtils::now(),
+				this,
+				SnodeDataStoreGetFunction,
+				SnodeDataStorePutFunction,
+				SnodeWirePacketSendFunction,
+				SnodeVirtualNetworkFrameFunction,
+				SnodeVirtualNetworkConfigFunction,
+				SnodePathCheckFunction,
+				SnodeEventCallback);
+
+			// Attempt to bind to a secondary port chosen from our ZeroTier address.
+			// This exists because there are buggy NATs out there that fail if more
+			// than one device behind the same NAT tries to use the same internal
+			// private address port number.
+			_ports[1] = 20000 + ((unsigned int)_node->address() % 45500);
+			for(int i=0;;++i) {
+				if (i > 1000) {
+					_ports[1] = 0;
+					break;
+				} else if (++_ports[1] >= 65536) {
+					_ports[1] = 20000;
+				}
+				if (_trialBind(_ports[1]))
+					break;
+			}
+
+#ifdef ZT_USE_MINIUPNPC
+			// If we're running uPnP/NAT-PMP, bind a *third* port for that. We can't
+			// use the other two ports for that because some NATs do really funky
+			// stuff with ports that are explicitly mapped that breaks things.
+			if (_ports[1]) {
+				_ports[2] = _ports[1];
+				for(int i=0;;++i) {
+					if (i > 1000) {
+						_ports[2] = 0;
+						break;
+					} else if (++_ports[2] >= 65536) {
+						_ports[2] = 20000;
+					}
+					if (_trialBind(_ports[2]))
+						break;
+				}
+				if (_ports[2]) {
+					char uniqueName[64];
+					Utils::snprintf(uniqueName,sizeof(uniqueName),"ZeroTier/%.10llx@%u",_node->address(),_ports[2]);
+					_portMapper = new PortMapper(_ports[2],uniqueName);
+				}
+			}
+#endif
+
+			for(int i=0;i<3;++i)
+				_portsBE[i] = Utils::hton((uint16_t)_ports[i]);
+
+			{
+				FILE *trustpaths = fopen((_homePath + ZT_PATH_SEPARATOR_S + "trustedpaths").c_str(),"r");
+				uint64_t ids[ZT_MAX_TRUSTED_PATHS];
+				InetAddress addresses[ZT_MAX_TRUSTED_PATHS];
+				if (trustpaths) {
+					char buf[1024];
+					unsigned int count = 0;
+					while ((fgets(buf,sizeof(buf),trustpaths))&&(count < ZT_MAX_TRUSTED_PATHS)) {
+						int fno = 0;
+						char *saveptr = (char *)0;
+						uint64_t trustedPathId = 0;
+						InetAddress trustedPathNetwork;
+						for(char *f=Utils::stok(buf,"=\r\n \t",&saveptr);(f);f=Utils::stok((char *)0,"=\r\n \t",&saveptr)) {
+							if (fno == 0) {
+								trustedPathId = Utils::hexStrToU64(f);
+							} else if (fno == 1) {
+								trustedPathNetwork = InetAddress(f);
+							} else break;
+							++fno;
+						}
+						if ( (trustedPathId != 0) && ((trustedPathNetwork.ss_family == AF_INET)||(trustedPathNetwork.ss_family == AF_INET6)) && (trustedPathNetwork.ipScope() != InetAddress::IP_SCOPE_GLOBAL) && (trustedPathNetwork.netmaskBits() > 0) ) {
+							ids[count] = trustedPathId;
+							addresses[count] = trustedPathNetwork;
+							++count;
+						}
+					}
+					fclose(trustpaths);
+					if (count)
+						_node->setTrustedPaths(reinterpret_cast<const struct sockaddr_storage *>(addresses),ids,count);
+				}
+			}
+
+#ifdef ZT_ENABLE_NETWORK_CONTROLLER
+			_controller = new SqliteNetworkController(_node,(_homePath + ZT_PATH_SEPARATOR_S + ZT_CONTROLLER_DB_PATH).c_str(),(_homePath + ZT_PATH_SEPARATOR_S + "circuitTestResults.d").c_str());
+			_node->setNetconfMaster((void *)_controller);
+#endif
+
+#ifdef ZT_ENABLE_CLUSTER
+			if (OSUtils::fileExists((_homePath + ZT_PATH_SEPARATOR_S + "cluster").c_str())) {
+				_clusterDefinition = new ClusterDefinition(_node->address(),(_homePath + ZT_PATH_SEPARATOR_S + "cluster").c_str());
+				if (_clusterDefinition->size() > 0) {
+					std::vector<ClusterDefinition::MemberDefinition> members(_clusterDefinition->members());
+					for(std::vector<ClusterDefinition::MemberDefinition>::iterator m(members.begin());m!=members.end();++m) {
+						PhySocket *cs = _phy.udpBind(reinterpret_cast<const struct sockaddr *>(&(m->clusterEndpoint)));
+						if (cs) {
+							if (_clusterMessageSocket) {
+								_phy.close(_clusterMessageSocket,false);
+								_phy.close(cs,false);
+
+								Mutex::Lock _l(_termReason_m);
+								_termReason = ONE_UNRECOVERABLE_ERROR;
+								_fatalErrorMessage = "Cluster: can't determine my cluster member ID: able to bind more than one cluster message socket IP/port!";
+								return _termReason;
+							}
+							_clusterMessageSocket = cs;
+							_clusterMemberId = m->id;
+						}
+					}
+
+					if (!_clusterMessageSocket) {
+						Mutex::Lock _l(_termReason_m);
+						_termReason = ONE_UNRECOVERABLE_ERROR;
+						_fatalErrorMessage = "Cluster: can't determine my cluster member ID: unable to bind to any cluster message socket IP/port.";
+						return _termReason;
+					}
+
+					const ClusterDefinition::MemberDefinition &me = (*_clusterDefinition)[_clusterMemberId];
+					InetAddress endpoints[255];
+					unsigned int numEndpoints = 0;
+					for(std::vector<InetAddress>::const_iterator i(me.zeroTierEndpoints.begin());i!=me.zeroTierEndpoints.end();++i)
+						endpoints[numEndpoints++] = *i;
+
+					if (_node->clusterInit(_clusterMemberId,reinterpret_cast<const struct sockaddr_storage *>(endpoints),numEndpoints,me.x,me.y,me.z,&SclusterSendFunction,this,_clusterDefinition->geo().available() ? &SclusterGeoIpFunction : 0,this) == ZT_RESULT_OK) {
+						std::vector<ClusterDefinition::MemberDefinition> members(_clusterDefinition->members());
+						for(std::vector<ClusterDefinition::MemberDefinition>::iterator m(members.begin());m!=members.end();++m) {
+							if (m->id != _clusterMemberId)
+								_node->clusterAddMember(m->id);
+						}
+					}
+				} else {
+					delete _clusterDefinition;
+					_clusterDefinition = (ClusterDefinition *)0;
+				}
+			}
+#endif
+
+			_controlPlane = new ControlPlane(this,_node,(_homePath + ZT_PATH_SEPARATOR_S + "ui").c_str());
+			_controlPlane->addAuthToken(authToken.c_str());
+
+#ifdef ZT_ENABLE_NETWORK_CONTROLLER
+			_controlPlane->setController(_controller);
+#endif
+
+			{	// Remember networks from previous session
+				std::vector<std::string> networksDotD(OSUtils::listDirectory((_homePath + ZT_PATH_SEPARATOR_S + "networks.d").c_str()));
+				for(std::vector<std::string>::iterator f(networksDotD.begin());f!=networksDotD.end();++f) {
+					std::size_t dot = f->find_last_of('.');
+					if ((dot == 16)&&(f->substr(16) == ".conf"))
+						_node->join(Utils::hexStrToU64(f->substr(0,dot).c_str()),(void *)0);
+				}
+			}
+
+			// Start two background threads to handle expensive ops out of line
+			Thread::start(_node);
+			Thread::start(_node);
+
+			_nextBackgroundTaskDeadline = 0;
+			uint64_t clockShouldBe = OSUtils::now();
+			_lastRestart = clockShouldBe;
+			uint64_t lastTapMulticastGroupCheck = 0;
+			uint64_t lastTcpFallbackResolve = 0;
+			uint64_t lastBindRefresh = 0;
+			uint64_t lastLocalInterfaceAddressCheck = (OSUtils::now() - ZT_LOCAL_INTERFACE_CHECK_INTERVAL) + 15000; // do this in 15s to give portmapper time to configure and other things time to settle
+#ifdef ZT_AUTO_UPDATE
+			uint64_t lastSoftwareUpdateCheck = 0;
+#endif // ZT_AUTO_UPDATE
+			for(;;) {
+				_run_m.lock();
+				if (!_run) {
+					_run_m.unlock();
+					_termReason_m.lock();
+					_termReason = ONE_NORMAL_TERMINATION;
+					_termReason_m.unlock();
+					break;
+				} else {
+					_run_m.unlock();
+				}
+
+				const uint64_t now = OSUtils::now();
+
+				// Attempt to detect sleep/wake events by detecting delay overruns
+				bool restarted = false;
+				if ((now > clockShouldBe)&&((now - clockShouldBe) > 10000)) {
+					_lastRestart = now;
+					restarted = true;
+				}
+
+				// Refresh bindings in case device's interfaces have changed, and also sync routes to update any shadow routes (e.g. shadow default)
+				if (((now - lastBindRefresh) >= ZT_BINDER_REFRESH_PERIOD)||(restarted)) {
+					lastBindRefresh = now;
+					for(int i=0;i<3;++i) {
+						if (_ports[i]) {
+							_bindings[i].refresh(_phy,_ports[i],*this);
+						}
+					}
+					{
+						Mutex::Lock _l(_nets_m);
+						for(std::map<uint64_t,NetworkState>::iterator n(_nets.begin());n!=_nets.end();++n) {
+							if (n->second.tap)
+								syncManagedStuff(n->second,false,true);
+						}
+					}
+				}
+
+				uint64_t dl = _nextBackgroundTaskDeadline;
+				if (dl <= now) {
+					_node->processBackgroundTasks(now,&_nextBackgroundTaskDeadline);
+					dl = _nextBackgroundTaskDeadline;
+				}
+
+#ifdef ZT_AUTO_UPDATE
+				if ((now - lastSoftwareUpdateCheck) >= ZT_AUTO_UPDATE_CHECK_PERIOD) {
+					lastSoftwareUpdateCheck = now;
+					Thread::start(&backgroundSoftwareUpdateChecker);
+				}
+#endif // ZT_AUTO_UPDATE
+
+				if ((now - lastTcpFallbackResolve) >= ZT_TCP_FALLBACK_RERESOLVE_DELAY) {
+					lastTcpFallbackResolve = now;
+					_tcpFallbackResolver.resolveNow();
+				}
+
+				if ((_tcpFallbackTunnel)&&((now - _lastDirectReceiveFromGlobal) < (ZT_TCP_FALLBACK_AFTER / 2)))
+					_phy.close(_tcpFallbackTunnel->sock);
+
+				if ((now - lastTapMulticastGroupCheck) >= ZT_TAP_CHECK_MULTICAST_INTERVAL) {
+					lastTapMulticastGroupCheck = now;
+					Mutex::Lock _l(_nets_m);
+					for(std::map<uint64_t,NetworkState>::const_iterator n(_nets.begin());n!=_nets.end();++n) {
+						if (n->second.tap) {
+							std::vector<MulticastGroup> added,removed;
+							n->second.tap->scanMulticastGroups(added,removed);
+							for(std::vector<MulticastGroup>::iterator m(added.begin());m!=added.end();++m)
+								_node->multicastSubscribe(n->first,m->mac().toInt(),m->adi());
+							for(std::vector<MulticastGroup>::iterator m(removed.begin());m!=removed.end();++m)
+								_node->multicastUnsubscribe(n->first,m->mac().toInt(),m->adi());
+						}
+					}
+				}
+
+				if ((now - lastLocalInterfaceAddressCheck) >= ZT_LOCAL_INTERFACE_CHECK_INTERVAL) {
+					lastLocalInterfaceAddressCheck = now;
+
+					_node->clearLocalInterfaceAddresses();
+
+#ifdef ZT_USE_MINIUPNPC
+					if (_portMapper) {
+						std::vector<InetAddress> mappedAddresses(_portMapper->get());
+						for(std::vector<InetAddress>::const_iterator ext(mappedAddresses.begin());ext!=mappedAddresses.end();++ext)
+							_node->addLocalInterfaceAddress(reinterpret_cast<const struct sockaddr_storage *>(&(*ext)));
+					}
+#endif
+
+					std::vector<InetAddress> boundAddrs(_bindings[0].allBoundLocalInterfaceAddresses());
+					for(std::vector<InetAddress>::const_iterator i(boundAddrs.begin());i!=boundAddrs.end();++i)
+						_node->addLocalInterfaceAddress(reinterpret_cast<const struct sockaddr_storage *>(&(*i)));
+				}
+
+				const unsigned long delay = (dl > now) ? (unsigned long)(dl - now) : 100;
+				clockShouldBe = now + (uint64_t)delay;
+				_phy.poll(delay);
+			}
+		} catch (std::exception &exc) {
+			Mutex::Lock _l(_termReason_m);
+			_termReason = ONE_UNRECOVERABLE_ERROR;
+			_fatalErrorMessage = exc.what();
+		} catch ( ... ) {
+			Mutex::Lock _l(_termReason_m);
+			_termReason = ONE_UNRECOVERABLE_ERROR;
+			_fatalErrorMessage = "unexpected exception in main thread";
+		}
+
+		try {
+			while (!_tcpConnections.empty())
+				_phy.close((*_tcpConnections.begin())->sock);
+		} catch ( ... ) {}
+
+		{
+			Mutex::Lock _l(_nets_m);
+			for(std::map<uint64_t,NetworkState>::iterator n(_nets.begin());n!=_nets.end();++n)
+				delete n->second.tap;
+			_nets.clear();
+		}
+
+		delete _controlPlane;
+		_controlPlane = (ControlPlane *)0;
+		delete _node;
+		_node = (Node *)0;
+
+		return _termReason;
+	}
+
+	virtual ReasonForTermination reasonForTermination() const
+	{
+		Mutex::Lock _l(_termReason_m);
+		return _termReason;
+	}
+
+	virtual std::string fatalErrorMessage() const
+	{
+		Mutex::Lock _l(_termReason_m);
+		return _fatalErrorMessage;
+	}
+
+	virtual std::string portDeviceName(uint64_t nwid) const
+	{
+		Mutex::Lock _l(_nets_m);
+		std::map<uint64_t,NetworkState>::const_iterator n(_nets.find(nwid));
+		if ((n != _nets.end())&&(n->second.tap))
+			return n->second.tap->deviceName();
+		else return std::string();
+	}
+
+	virtual bool tcpFallbackActive() const
+	{
+		return (_tcpFallbackTunnel != (TcpConnection *)0);
+	}
+
+	virtual void terminate()
+	{
+		_run_m.lock();
+		_run = false;
+		_run_m.unlock();
+		_phy.whack();
+	}
+
+	virtual bool getNetworkSettings(const uint64_t nwid,NetworkSettings &settings) const
+	{
+		Mutex::Lock _l(_nets_m);
+		std::map<uint64_t,NetworkState>::const_iterator n(_nets.find(nwid));
+		if (n == _nets.end())
+			return false;
+		memcpy(&settings,&(n->second.settings),sizeof(NetworkSettings));
+		return true;
+	}
+
+	virtual bool setNetworkSettings(const uint64_t nwid,const NetworkSettings &settings)
+	{
+		Mutex::Lock _l(_nets_m);
+
+		std::map<uint64_t,NetworkState>::iterator n(_nets.find(nwid));
+		if (n == _nets.end())
+			return false;
+		memcpy(&(n->second.settings),&settings,sizeof(NetworkSettings));
+
+		char nlcpath[256];
+		Utils::snprintf(nlcpath,sizeof(nlcpath),"%s" ZT_PATH_SEPARATOR_S "networks.d" ZT_PATH_SEPARATOR_S "%.16llx.local.conf",_homePath.c_str(),nwid);
+		FILE *out = fopen(nlcpath,"w");
+		if (out) {
+			fprintf(out,"allowManaged=%d\n",(int)n->second.settings.allowManaged);
+			fprintf(out,"allowGlobal=%d\n",(int)n->second.settings.allowGlobal);
+			fprintf(out,"allowDefault=%d\n",(int)n->second.settings.allowDefault);
+			fclose(out);
+		}
+
+		if (n->second.tap)
+			syncManagedStuff(n->second,true,true);
+
+		return true;
+	}
+
+	// Begin private implementation methods
+
+	// Checks if a managed IP or route target is allowed
+	bool checkIfManagedIsAllowed(const NetworkState &n,const InetAddress &target)
+	{
+		if (!n.settings.allowManaged)
+			return false;
+		if (target.isDefaultRoute())
+			return n.settings.allowDefault;
+		switch(target.ipScope()) {
+			case InetAddress::IP_SCOPE_NONE:
+			case InetAddress::IP_SCOPE_MULTICAST:
+			case InetAddress::IP_SCOPE_LOOPBACK:
+			case InetAddress::IP_SCOPE_LINK_LOCAL:
+				return false;
+			case InetAddress::IP_SCOPE_GLOBAL:
+				return n.settings.allowGlobal;
+			default:
+				return true;
+		}
+	}
+
+	// Match only an IP from a vector of IPs -- used in syncManagedStuff()
+	bool matchIpOnly(const std::vector<InetAddress> &ips,const InetAddress &ip) const
+	{
+		for(std::vector<InetAddress>::const_iterator i(ips.begin());i!=ips.end();++i) {
+			if (i->ipsEqual(ip))
+				return true;
+		}
+		return false;
+	}
+
+	// Apply or update managed IPs for a configured network (be sure n.tap exists)
+	void syncManagedStuff(NetworkState &n,bool syncIps,bool syncRoutes)
+	{
+		// assumes _nets_m is locked
+		if (syncIps) {
+			std::vector<InetAddress> newManagedIps;
+			newManagedIps.reserve(n.config.assignedAddressCount);
+			for(unsigned int i=0;i<n.config.assignedAddressCount;++i) {
+				const InetAddress *ii = reinterpret_cast<const InetAddress *>(&(n.config.assignedAddresses[i]));
+				if (checkIfManagedIsAllowed(n,*ii))
+					newManagedIps.push_back(*ii);
+			}
+			std::sort(newManagedIps.begin(),newManagedIps.end());
+			newManagedIps.erase(std::unique(newManagedIps.begin(),newManagedIps.end()),newManagedIps.end());
+
+			for(std::vector<InetAddress>::iterator ip(n.managedIps.begin());ip!=n.managedIps.end();++ip) {
+				if (std::find(newManagedIps.begin(),newManagedIps.end(),*ip) == newManagedIps.end()) {
+					if (!n.tap->removeIp(*ip))
+						fprintf(stderr,"ERROR: unable to remove ip address %s"ZT_EOL_S, ip->toString().c_str());
+				}
+			}
+			for(std::vector<InetAddress>::iterator ip(newManagedIps.begin());ip!=newManagedIps.end();++ip) {
+				if (std::find(n.managedIps.begin(),n.managedIps.end(),*ip) == n.managedIps.end()) {
+					if (!n.tap->addIp(*ip))
+						fprintf(stderr,"ERROR: unable to add ip address %s"ZT_EOL_S, ip->toString().c_str());
+				}
+			}
+
+			n.managedIps.swap(newManagedIps);
+		}
+
+		if (syncRoutes) {
+			char tapdev[64];
+#ifdef __WINDOWS__
+			Utils::snprintf(tapdev,sizeof(tapdev),"%.16llx",(unsigned long long)n.tap->luid().Value);
+#else
+			Utils::scopy(tapdev,sizeof(tapdev),n.tap->deviceName().c_str());
+#endif
+
+			std::vector<InetAddress> myIps(n.tap->ips());
+
+			// Nuke applied routes that are no longer in n.config.routes[] and/or are not allowed
+			for(std::list<ManagedRoute>::iterator mr(n.managedRoutes.begin());mr!=n.managedRoutes.end();) {
+				bool haveRoute = false;
+				if ( (checkIfManagedIsAllowed(n,mr->target())) && ((mr->via().ss_family != mr->target().ss_family)||(!matchIpOnly(myIps,mr->via()))) ) {
+					for(unsigned int i=0;i<n.config.routeCount;++i) {
+						const InetAddress *const target = reinterpret_cast<const InetAddress *>(&(n.config.routes[i].target));
+						const InetAddress *const via = reinterpret_cast<const InetAddress *>(&(n.config.routes[i].via));
+						if ( (mr->target() == *target) && ( ((via->ss_family == target->ss_family)&&(mr->via() == *via)) || (tapdev == mr->device()) ) ) {
+							haveRoute = true;
+							break;
+						}
+					}
+				}
+				if (haveRoute) {
+					++mr;
+				} else {
+					n.managedRoutes.erase(mr++);
+				}
+			}
+
+			// Apply routes in n.config.routes[] that we haven't applied yet, and sync those we have in case shadow routes need to change
+			for(unsigned int i=0;i<n.config.routeCount;++i) {
+				const InetAddress *const target = reinterpret_cast<const InetAddress *>(&(n.config.routes[i].target));
+				const InetAddress *const via = reinterpret_cast<const InetAddress *>(&(n.config.routes[i].via));
+
+				if ( (!checkIfManagedIsAllowed(n,*target)) || ((via->ss_family == target->ss_family)&&(matchIpOnly(myIps,*via))) )
+					continue;
+
+				bool haveRoute = false;
+
+				// Ignore routes implied by local managed IPs since adding the IP adds the route
+				for(std::vector<InetAddress>::iterator ip(n.managedIps.begin());ip!=n.managedIps.end();++ip) {
+					if ((target->netmaskBits() == ip->netmaskBits())&&(target->containsAddress(*ip))) {
+						haveRoute = true;
+						break;
+					}
+				}
+				if (haveRoute)
+					continue;
+
+				// If we've already applied this route, just sync it and continue
+				for(std::list<ManagedRoute>::iterator mr(n.managedRoutes.begin());mr!=n.managedRoutes.end();++mr) {
+					if ( (mr->target() == *target) && ( ((via->ss_family == target->ss_family)&&(mr->via() == *via)) || (tapdev == mr->device()) ) ) {
+						haveRoute = true;
+						mr->sync();
+						break;
+					}
+				}
+				if (haveRoute)
+					continue;
+
+				// Add and apply new routes
+				n.managedRoutes.push_back(ManagedRoute());
+				if (!n.managedRoutes.back().set(*target,*via,tapdev))
+					n.managedRoutes.pop_back();
+			}
+		}
+	}
+
+	inline void phyOnDatagram(PhySocket *sock,void **uptr,const struct sockaddr *localAddr,const struct sockaddr *from,void *data,unsigned long len)
+	{
+#ifdef ZT_ENABLE_CLUSTER
+		if (sock == _clusterMessageSocket) {
+			_lastDirectReceiveFromGlobal = OSUtils::now();
+			_node->clusterHandleIncomingMessage(data,len);
+			return;
+		}
+#endif
+
+#ifdef ZT_BREAK_UDP
+		if (OSUtils::fileExists("/tmp/ZT_BREAK_UDP"))
+			return;
+#endif
+
+		if ((len >= 16)&&(reinterpret_cast<const InetAddress *>(from)->ipScope() == InetAddress::IP_SCOPE_GLOBAL))
+			_lastDirectReceiveFromGlobal = OSUtils::now();
+
+		const ZT_ResultCode rc = _node->processWirePacket(
+			OSUtils::now(),
+			reinterpret_cast<const struct sockaddr_storage *>(localAddr),
+			(const struct sockaddr_storage *)from, // Phy<> uses sockaddr_storage, so it'll always be that big
+			data,
+			len,
+			&_nextBackgroundTaskDeadline);
+		if (ZT_ResultCode_isFatal(rc)) {
+			char tmp[256];
+			Utils::snprintf(tmp,sizeof(tmp),"fatal error code from processWirePacket: %d",(int)rc);
+			Mutex::Lock _l(_termReason_m);
+			_termReason = ONE_UNRECOVERABLE_ERROR;
+			_fatalErrorMessage = tmp;
+			this->terminate();
+		}
+	}
+
+	inline void phyOnTcpConnect(PhySocket *sock,void **uptr,bool success)
+	{
+		if (!success)
+			return;
+
+		// Outgoing TCP connections are always TCP fallback tunnel connections.
+
+		TcpConnection *tc = new TcpConnection();
+		_tcpConnections.insert(tc);
+
+		tc->type = TcpConnection::TCP_TUNNEL_OUTGOING;
+		tc->shouldKeepAlive = true;
+		tc->parent = this;
+		tc->sock = sock;
+		// from and parser are not used
+		tc->messageSize = 0; // unused
+		tc->lastActivity = OSUtils::now();
+		// HTTP stuff is not used
+		tc->writeBuf = "";
+		*uptr = (void *)tc;
+
+		// Send "hello" message
+		tc->writeBuf.push_back((char)0x17);
+		tc->writeBuf.push_back((char)0x03);
+		tc->writeBuf.push_back((char)0x03); // fake TLS 1.2 header
+		tc->writeBuf.push_back((char)0x00);
+		tc->writeBuf.push_back((char)0x04); // mlen == 4
+		tc->writeBuf.push_back((char)ZEROTIER_ONE_VERSION_MAJOR);
+		tc->writeBuf.push_back((char)ZEROTIER_ONE_VERSION_MINOR);
+		tc->writeBuf.push_back((char)((ZEROTIER_ONE_VERSION_REVISION >> 8) & 0xff));
+		tc->writeBuf.push_back((char)(ZEROTIER_ONE_VERSION_REVISION & 0xff));
+		_phy.setNotifyWritable(sock,true);
+
+		_tcpFallbackTunnel = tc;
+	}
+
+	inline void phyOnTcpAccept(PhySocket *sockL,PhySocket *sockN,void **uptrL,void **uptrN,const struct sockaddr *from)
+	{
+		if ((!from)||(reinterpret_cast<const InetAddress *>(from)->ipScope() != InetAddress::IP_SCOPE_LOOPBACK)) {
+			// Non-Loopback: deny (for now)
+			_phy.close(sockN,false);
+			return;
+		} else {
+			// Loopback == HTTP JSON API request
+			TcpConnection *tc = new TcpConnection();
+			_tcpConnections.insert(tc);
+			tc->type = TcpConnection::TCP_HTTP_INCOMING;
+			tc->shouldKeepAlive = true;
+			tc->parent = this;
+			tc->sock = sockN;
+			tc->from = from;
+			http_parser_init(&(tc->parser),HTTP_REQUEST);
+			tc->parser.data = (void *)tc;
+			tc->messageSize = 0;
+			tc->lastActivity = OSUtils::now();
+			tc->currentHeaderField = "";
+			tc->currentHeaderValue = "";
+			tc->url = "";
+			tc->status = "";
+			tc->headers.clear();
+			tc->body = "";
+			tc->writeBuf = "";
+			*uptrN = (void *)tc;
+		}
+	}
+
+	inline void phyOnTcpClose(PhySocket *sock,void **uptr)
+	{
+		TcpConnection *tc = (TcpConnection *)*uptr;
+		if (tc) {
+			if (tc == _tcpFallbackTunnel)
+				_tcpFallbackTunnel = (TcpConnection *)0;
+			_tcpConnections.erase(tc);
+			delete tc;
+		}
+	}
+
+	inline void phyOnTcpData(PhySocket *sock,void **uptr,void *data,unsigned long len)
+	{
+		TcpConnection *tc = reinterpret_cast<TcpConnection *>(*uptr);
+		switch(tc->type) {
+
+			case TcpConnection::TCP_HTTP_INCOMING:
+			case TcpConnection::TCP_HTTP_OUTGOING:
+				http_parser_execute(&(tc->parser),&HTTP_PARSER_SETTINGS,(const char *)data,len);
+				if ((tc->parser.upgrade)||(tc->parser.http_errno != HPE_OK)) {
+					_phy.close(sock);
+					return;
+				}
+				break;
+
+			case TcpConnection::TCP_TUNNEL_OUTGOING:
+				tc->body.append((const char *)data,len);
+				while (tc->body.length() >= 5) {
+					const char *data = tc->body.data();
+					const unsigned long mlen = ( ((((unsigned long)data[3]) & 0xff) << 8) | (((unsigned long)data[4]) & 0xff) );
+					if (tc->body.length() >= (mlen + 5)) {
+						InetAddress from;
+
+						unsigned long plen = mlen; // payload length, modified if there's an IP header
+						data += 5; // skip forward past pseudo-TLS junk and mlen
+						if (plen == 4) {
+							// Hello message, which isn't sent by proxy and would be ignored by client
+						} else if (plen) {
+							// Messages should contain IPv4 or IPv6 source IP address data
+							switch(data[0]) {
+								case 4: // IPv4
+									if (plen >= 7) {
+										from.set((const void *)(data + 1),4,((((unsigned int)data[5]) & 0xff) << 8) | (((unsigned int)data[6]) & 0xff));
+										data += 7; // type + 4 byte IP + 2 byte port
+										plen -= 7;
+									} else {
+										_phy.close(sock);
+										return;
+									}
+									break;
+								case 6: // IPv6
+									if (plen >= 19) {
+										from.set((const void *)(data + 1),16,((((unsigned int)data[17]) & 0xff) << 8) | (((unsigned int)data[18]) & 0xff));
+										data += 19; // type + 16 byte IP + 2 byte port
+										plen -= 19;
+									} else {
+										_phy.close(sock);
+										return;
+									}
+									break;
+								case 0: // none/omitted
+									++data;
+									--plen;
+									break;
+								default: // invalid address type
+									_phy.close(sock);
+									return;
+							}
+
+							if (from) {
+								InetAddress fakeTcpLocalInterfaceAddress((uint32_t)0xffffffff,0xffff);
+								const ZT_ResultCode rc = _node->processWirePacket(
+									OSUtils::now(),
+									reinterpret_cast<struct sockaddr_storage *>(&fakeTcpLocalInterfaceAddress),
+									reinterpret_cast<struct sockaddr_storage *>(&from),
+									data,
+									plen,
+									&_nextBackgroundTaskDeadline);
+								if (ZT_ResultCode_isFatal(rc)) {
+									char tmp[256];
+									Utils::snprintf(tmp,sizeof(tmp),"fatal error code from processWirePacket: %d",(int)rc);
+									Mutex::Lock _l(_termReason_m);
+									_termReason = ONE_UNRECOVERABLE_ERROR;
+									_fatalErrorMessage = tmp;
+									this->terminate();
+									_phy.close(sock);
+									return;
+								}
+							}
+						}
+
+						if (tc->body.length() > (mlen + 5))
+							tc->body = tc->body.substr(mlen + 5);
+						else tc->body = "";
+					} else break;
+				}
+				break;
+
+		}
+	}
+
+	inline void phyOnTcpWritable(PhySocket *sock,void **uptr)
+	{
+		TcpConnection *tc = reinterpret_cast<TcpConnection *>(*uptr);
+		Mutex::Lock _l(tc->writeBuf_m);
+		if (tc->writeBuf.length() > 0) {
+			long sent = (long)_phy.streamSend(sock,tc->writeBuf.data(),(unsigned long)tc->writeBuf.length(),true);
+			if (sent > 0) {
+				tc->lastActivity = OSUtils::now();
+				if ((unsigned long)sent >= (unsigned long)tc->writeBuf.length()) {
+					tc->writeBuf = "";
+					_phy.setNotifyWritable(sock,false);
+					if (!tc->shouldKeepAlive)
+						_phy.close(sock); // will call close handler to delete from _tcpConnections
+				} else {
+					tc->writeBuf = tc->writeBuf.substr(sent);
+				}
+			}
+		} else {
+			_phy.setNotifyWritable(sock,false);
+		}
+	}
+
+	inline void phyOnFileDescriptorActivity(PhySocket *sock,void **uptr,bool readable,bool writable) {}
+	inline void phyOnUnixAccept(PhySocket *sockL,PhySocket *sockN,void **uptrL,void **uptrN) {}
+	inline void phyOnUnixClose(PhySocket *sock,void **uptr) {}
+	inline void phyOnUnixData(PhySocket *sock,void **uptr,void *data,unsigned long len) {}
+	inline void phyOnUnixWritable(PhySocket *sock,void **uptr,bool lwip_invoked) {}
+
+	inline int nodeVirtualNetworkConfigFunction(uint64_t nwid,void **nuptr,enum ZT_VirtualNetworkConfigOperation op,const ZT_VirtualNetworkConfig *nwc)
+	{
+		Mutex::Lock _l(_nets_m);
+		NetworkState &n = _nets[nwid];
+
+		switch(op) {
+
+			case ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_UP:
+				if (!n.tap) {
+					try {
+						char friendlyName[128];
+						Utils::snprintf(friendlyName,sizeof(friendlyName),"ZeroTier One [%.16llx]",nwid);
+						n.tap = new EthernetTap(
+							_homePath.c_str(),
+							MAC(nwc->mac),
+							nwc->mtu,
+							(unsigned int)ZT_IF_METRIC,
+							nwid,
+							friendlyName,
+							StapFrameHandler,
+							(void *)this);
+						*nuptr = (void *)&n;
+
+						char nlcpath[256];
+						Utils::snprintf(nlcpath,sizeof(nlcpath),"%s" ZT_PATH_SEPARATOR_S "networks.d" ZT_PATH_SEPARATOR_S "%.16llx.local.conf",_homePath.c_str(),nwid);
+						std::string nlcbuf;
+						if (OSUtils::readFile(nlcpath,nlcbuf)) {
+							Dictionary<4096> nc;
+							nc.load(nlcbuf.c_str());
+							n.settings.allowManaged = nc.getB("allowManaged",true);
+							n.settings.allowGlobal = nc.getB("allowGlobal",false);
+							n.settings.allowDefault = nc.getB("allowDefault",false);
+						}
+					} catch (std::exception &exc) {
+#ifdef __WINDOWS__
+						FILE *tapFailLog = fopen((_homePath + ZT_PATH_SEPARATOR_S"port_error_log.txt").c_str(),"a");
+						if (tapFailLog) {
+							fprintf(tapFailLog,"%.16llx: %s"ZT_EOL_S,(unsigned long long)nwid,exc.what());
+							fclose(tapFailLog);
+						}
+#else
+						fprintf(stderr,"ERROR: unable to configure virtual network port: %s"ZT_EOL_S,exc.what());
+#endif
+						_nets.erase(nwid);
+						return -999;
+					} catch ( ... ) {
+						return -999; // tap init failed
+					}
+				}
+				// After setting up tap, fall through to CONFIG_UPDATE since we also want to do this...
+
+			case ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_CONFIG_UPDATE:
+				memcpy(&(n.config),nwc,sizeof(ZT_VirtualNetworkConfig));
+				if (n.tap) { // sanity check
+					syncManagedStuff(n,true,true);
+				} else {
+					_nets.erase(nwid);
+					return -999; // tap init failed
+				}
+				break;
+
+			case ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_DOWN:
+			case ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_DESTROY:
+				if (n.tap) { // sanity check
+#ifdef __WINDOWS__
+					std::string winInstanceId(n.tap->instanceId());
+#endif
+					*nuptr = (void *)0;
+					delete n.tap;
+					_nets.erase(nwid);
+#ifdef __WINDOWS__
+					if ((op == ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_DESTROY)&&(winInstanceId.length() > 0))
+						WindowsEthernetTap::deletePersistentTapDevice(winInstanceId.c_str());
+#endif
+					if (op == ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_DESTROY) {
+						char nlcpath[256];
+						Utils::snprintf(nlcpath,sizeof(nlcpath),"%s" ZT_PATH_SEPARATOR_S "networks.d" ZT_PATH_SEPARATOR_S "%.16llx.local.conf",_homePath.c_str(),nwid);
+						OSUtils::rm(nlcpath);
+					}
+				} else {
+					_nets.erase(nwid);
+				}
+				break;
+
+		}
+		return 0;
+	}
+
+	inline void nodeEventCallback(enum ZT_Event event,const void *metaData)
+	{
+		switch(event) {
+			case ZT_EVENT_FATAL_ERROR_IDENTITY_COLLISION: {
+				Mutex::Lock _l(_termReason_m);
+				_termReason = ONE_IDENTITY_COLLISION;
+				_fatalErrorMessage = "identity/address collision";
+				this->terminate();
+			}	break;
+
+			case ZT_EVENT_TRACE: {
+				if (metaData) {
+					::fprintf(stderr,"%s"ZT_EOL_S,(const char *)metaData);
+					::fflush(stderr);
+				}
+			}	break;
+
+			default:
+				break;
+		}
+	}
+
+	inline long nodeDataStoreGetFunction(const char *name,void *buf,unsigned long bufSize,unsigned long readIndex,unsigned long *totalSize)
+	{
+		std::string p(_dataStorePrepPath(name));
+		if (!p.length())
+			return -2;
+
+		FILE *f = fopen(p.c_str(),"rb");
+		if (!f)
+			return -1;
+		if (fseek(f,0,SEEK_END) != 0) {
+			fclose(f);
+			return -2;
+		}
+		long ts = ftell(f);
+		if (ts < 0) {
+			fclose(f);
+			return -2;
+		}
+		*totalSize = (unsigned long)ts;
+		if (fseek(f,(long)readIndex,SEEK_SET) != 0) {
+			fclose(f);
+			return -2;
+		}
+		long n = (long)fread(buf,1,bufSize,f);
+		fclose(f);
+		return n;
+	}
+
+	inline int nodeDataStorePutFunction(const char *name,const void *data,unsigned long len,int secure)
+	{
+		std::string p(_dataStorePrepPath(name));
+		if (!p.length())
+			return -2;
+
+		if (!data) {
+			OSUtils::rm(p.c_str());
+			return 0;
+		}
+
+		FILE *f = fopen(p.c_str(),"wb");
+		if (!f)
+			return -1;
+		if (fwrite(data,len,1,f) == 1) {
+			fclose(f);
+			if (secure)
+				OSUtils::lockDownFile(p.c_str(),false);
+			return 0;
+		} else {
+			fclose(f);
+			OSUtils::rm(p.c_str());
+			return -1;
+		}
+	}
+
+	inline int nodeWirePacketSendFunction(const struct sockaddr_storage *localAddr,const struct sockaddr_storage *addr,const void *data,unsigned int len,unsigned int ttl)
+	{
+		unsigned int fromBindingNo = 0;
+
+		if (addr->ss_family == AF_INET) {
+			if (reinterpret_cast<const struct sockaddr_in *>(localAddr)->sin_port == 0) {
+				// If sender is sending from wildcard (null address), choose the secondary backup
+				// port 1/4 of the time. (but only for IPv4)
+				fromBindingNo = (++_udpPortPickerCounter & 0x4) >> 2;
+				if (!_ports[fromBindingNo])
+					fromBindingNo = 0;
+			} else {
+				const uint16_t lp = reinterpret_cast<const struct sockaddr_in *>(localAddr)->sin_port;
+				if (lp == _portsBE[1])
+					fromBindingNo = 1;
+				else if (lp == _portsBE[2])
+					fromBindingNo = 2;
+			}
+
+#ifdef ZT_TCP_FALLBACK_RELAY
+			// TCP fallback tunnel support, currently IPv4 only
+			if ((len >= 16)&&(reinterpret_cast<const InetAddress *>(addr)->ipScope() == InetAddress::IP_SCOPE_GLOBAL)) {
+				// Engage TCP tunnel fallback if we haven't received anything valid from a global
+				// IP address in ZT_TCP_FALLBACK_AFTER milliseconds. If we do start getting
+				// valid direct traffic we'll stop using it and close the socket after a while.
+				const uint64_t now = OSUtils::now();
+				if (((now - _lastDirectReceiveFromGlobal) > ZT_TCP_FALLBACK_AFTER)&&((now - _lastRestart) > ZT_TCP_FALLBACK_AFTER)) {
+					if (_tcpFallbackTunnel) {
+						Mutex::Lock _l(_tcpFallbackTunnel->writeBuf_m);
+						if (!_tcpFallbackTunnel->writeBuf.length())
+							_phy.setNotifyWritable(_tcpFallbackTunnel->sock,true);
+						unsigned long mlen = len + 7;
+						_tcpFallbackTunnel->writeBuf.push_back((char)0x17);
+						_tcpFallbackTunnel->writeBuf.push_back((char)0x03);
+						_tcpFallbackTunnel->writeBuf.push_back((char)0x03); // fake TLS 1.2 header
+						_tcpFallbackTunnel->writeBuf.push_back((char)((mlen >> 8) & 0xff));
+						_tcpFallbackTunnel->writeBuf.push_back((char)(mlen & 0xff));
+						_tcpFallbackTunnel->writeBuf.push_back((char)4); // IPv4
+						_tcpFallbackTunnel->writeBuf.append(reinterpret_cast<const char *>(reinterpret_cast<const void *>(&(reinterpret_cast<const struct sockaddr_in *>(addr)->sin_addr.s_addr))),4);
+						_tcpFallbackTunnel->writeBuf.append(reinterpret_cast<const char *>(reinterpret_cast<const void *>(&(reinterpret_cast<const struct sockaddr_in *>(addr)->sin_port))),2);
+						_tcpFallbackTunnel->writeBuf.append((const char *)data,len);
+					} else if (((now - _lastSendToGlobalV4) < ZT_TCP_FALLBACK_AFTER)&&((now - _lastSendToGlobalV4) > (ZT_PING_CHECK_INVERVAL / 2))) {
+						std::vector<InetAddress> tunnelIps(_tcpFallbackResolver.get());
+						if (tunnelIps.empty()) {
+							if (!_tcpFallbackResolver.running())
+								_tcpFallbackResolver.resolveNow();
+						} else {
+							bool connected = false;
+							InetAddress addr(tunnelIps[(unsigned long)now % tunnelIps.size()]);
+							addr.setPort(ZT_TCP_FALLBACK_RELAY_PORT);
+							_phy.tcpConnect(reinterpret_cast<const struct sockaddr *>(&addr),connected);
+						}
+					}
+				}
+				_lastSendToGlobalV4 = now;
+			}
+#endif // ZT_TCP_FALLBACK_RELAY
+		} else if (addr->ss_family == AF_INET6) {
+			if (reinterpret_cast<const struct sockaddr_in6 *>(localAddr)->sin6_port != 0) {
+				const uint16_t lp = reinterpret_cast<const struct sockaddr_in6 *>(localAddr)->sin6_port;
+				if (lp == _portsBE[1])
+					fromBindingNo = 1;
+				else if (lp == _portsBE[2])
+					fromBindingNo = 2;
+			}
+		} else {
+			return -1;
+		}
+
+#ifdef ZT_BREAK_UDP
+		if (OSUtils::fileExists("/tmp/ZT_BREAK_UDP"))
+			return 0; // silently break UDP
+#endif
+
+		return (_bindings[fromBindingNo].udpSend(_phy,*(reinterpret_cast<const InetAddress *>(localAddr)),*(reinterpret_cast<const InetAddress *>(addr)),data,len,ttl)) ? 0 : -1;
+	}
+
+	inline void nodeVirtualNetworkFrameFunction(uint64_t nwid,void **nuptr,uint64_t sourceMac,uint64_t destMac,unsigned int etherType,unsigned int vlanId,const void *data,unsigned int len)
+	{
+		NetworkState *n = reinterpret_cast<NetworkState *>(*nuptr);
+		if ((!n)||(!n->tap))
+			return;
+		n->tap->put(MAC(sourceMac),MAC(destMac),etherType,data,len);
+	}
+
+	inline int nodePathCheckFunction(const struct sockaddr_storage *localAddr,const struct sockaddr_storage *remoteAddr)
+	{
+		Mutex::Lock _l(_nets_m);
+	
+		for(std::map<uint64_t,NetworkState>::const_iterator n(_nets.begin());n!=_nets.end();++n) {
+			if (n->second.tap) {
+				std::vector<InetAddress> ips(n->second.tap->ips());
+				for(std::vector<InetAddress>::const_iterator i(ips.begin());i!=ips.end();++i) {
+					if (i->containsAddress(*(reinterpret_cast<const InetAddress *>(remoteAddr)))) {
+						return 0;
+					}
+				}
+			}
+		}
+	
+		/* Note: I do not think we need to scan for overlap with managed routes
+		 * because of the "route forking" and interface binding that we do. This
+		 * ensures (we hope) that ZeroTier traffic will still take the physical
+		 * path even if its managed routes override this for other traffic. Will
+		 * revisit if we see problems with this. */
+
+		return 1;
+	}
+
+	inline void tapFrameHandler(uint64_t nwid,const MAC &from,const MAC &to,unsigned int etherType,unsigned int vlanId,const void *data,unsigned int len)
+	{
+		_node->processVirtualNetworkFrame(OSUtils::now(),nwid,from.toInt(),to.toInt(),etherType,vlanId,data,len,&_nextBackgroundTaskDeadline);
+	}
+
+	inline void onHttpRequestToServer(TcpConnection *tc)
+	{
+		char tmpn[256];
+		std::string data;
+		std::string contentType("text/plain"); // default if not changed in handleRequest()
+		unsigned int scode = 404;
+
+		try {
+			if (_controlPlane)
+				scode = _controlPlane->handleRequest(tc->from,tc->parser.method,tc->url,tc->headers,tc->body,data,contentType);
+			else scode = 500;
+		} catch ( ... ) {
+			scode = 500;
+		}
+
+		const char *scodestr;
+		switch(scode) {
+			case 200: scodestr = "OK"; break;
+			case 400: scodestr = "Bad Request"; break;
+			case 401: scodestr = "Unauthorized"; break;
+			case 403: scodestr = "Forbidden"; break;
+			case 404: scodestr = "Not Found"; break;
+			case 500: scodestr = "Internal Server Error"; break;
+			case 501: scodestr = "Not Implemented"; break;
+			case 503: scodestr = "Service Unavailable"; break;
+			default: scodestr = "Error"; break;
+		}
+
+		Utils::snprintf(tmpn,sizeof(tmpn),"HTTP/1.1 %.3u %s\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n",scode,scodestr);
+		{
+			Mutex::Lock _l(tc->writeBuf_m);
+			tc->writeBuf.assign(tmpn);
+			tc->writeBuf.append("Content-Type: ");
+			tc->writeBuf.append(contentType);
+			Utils::snprintf(tmpn,sizeof(tmpn),"\r\nContent-Length: %lu\r\n",(unsigned long)data.length());
+			tc->writeBuf.append(tmpn);
+			if (!tc->shouldKeepAlive)
+				tc->writeBuf.append("Connection: close\r\n");
+			tc->writeBuf.append("\r\n");
+			if (tc->parser.method != HTTP_HEAD)
+				tc->writeBuf.append(data);
+		}
+
+		_phy.setNotifyWritable(tc->sock,true);
+	}
+
+	inline void onHttpResponseFromClient(TcpConnection *tc)
+	{
+		if (!tc->shouldKeepAlive)
+			_phy.close(tc->sock); // will call close handler, which deletes from _tcpConnections
+	}
+
+	bool shouldBindInterface(const char *ifname,const InetAddress &ifaddr)
+	{
+		if (isBlacklistedLocalInterfaceForZeroTierTraffic(ifname))
+			return false;
+
+		Mutex::Lock _l(_nets_m);
+		for(std::map<uint64_t,NetworkState>::const_iterator n(_nets.begin());n!=_nets.end();++n) {
+			if (n->second.tap) {
+				std::vector<InetAddress> ips(n->second.tap->ips());
+				for(std::vector<InetAddress>::const_iterator i(ips.begin());i!=ips.end();++i) {
+					if (i->ipsEqual(ifaddr))
+						return false;
+				}
+			}
+		}
+
+		return true;
+	}
+
+	std::string _dataStorePrepPath(const char *name) const
+	{
+		std::string p(_homePath);
+		p.push_back(ZT_PATH_SEPARATOR);
+		char lastc = (char)0;
+		for(const char *n=name;(*n);++n) {
+			if ((*n == '.')&&(lastc == '.'))
+				return std::string(); // don't allow ../../ stuff as a precaution
+			if (*n == '/') {
+				OSUtils::mkdir(p.c_str());
+				p.push_back(ZT_PATH_SEPARATOR);
+			} else p.push_back(*n);
+			lastc = *n;
+		}
+		return p;
+	}
+
+	bool _trialBind(unsigned int port)
+	{
+		struct sockaddr_in in4;
+		struct sockaddr_in6 in6;
+		PhySocket *tb;
+
+		memset(&in4,0,sizeof(in4));
+		in4.sin_family = AF_INET;
+		in4.sin_port = Utils::hton((uint16_t)port);
+		tb = _phy.udpBind(reinterpret_cast<const struct sockaddr *>(&in4),(void *)0,0);
+		if (tb) {
+			_phy.close(tb,false);
+			tb = _phy.tcpListen(reinterpret_cast<const struct sockaddr *>(&in4),(void *)0);
+			if (tb) {
+				_phy.close(tb,false);
+				return true;
+			}
+		}
+
+		memset(&in6,0,sizeof(in6));
+		in6.sin6_family = AF_INET6;
+		in6.sin6_port = Utils::hton((uint16_t)port);
+		tb = _phy.udpBind(reinterpret_cast<const struct sockaddr *>(&in6),(void *)0,0);
+		if (tb) {
+			_phy.close(tb,false);
+			tb = _phy.tcpListen(reinterpret_cast<const struct sockaddr *>(&in6),(void *)0);
+			if (tb) {
+				_phy.close(tb,false);
+				return true;
+			}
+		}
+
+		return false;
+	}
+};
+
+static int SnodeVirtualNetworkConfigFunction(ZT_Node *node,void *uptr,uint64_t nwid,void **nuptr,enum ZT_VirtualNetworkConfigOperation op,const ZT_VirtualNetworkConfig *nwconf)
+{ return reinterpret_cast<OneServiceImpl *>(uptr)->nodeVirtualNetworkConfigFunction(nwid,nuptr,op,nwconf); }
+static void SnodeEventCallback(ZT_Node *node,void *uptr,enum ZT_Event event,const void *metaData)
+{ reinterpret_cast<OneServiceImpl *>(uptr)->nodeEventCallback(event,metaData); }
+static long SnodeDataStoreGetFunction(ZT_Node *node,void *uptr,const char *name,void *buf,unsigned long bufSize,unsigned long readIndex,unsigned long *totalSize)
+{ return reinterpret_cast<OneServiceImpl *>(uptr)->nodeDataStoreGetFunction(name,buf,bufSize,readIndex,totalSize); }
+static int SnodeDataStorePutFunction(ZT_Node *node,void *uptr,const char *name,const void *data,unsigned long len,int secure)
+{ return reinterpret_cast<OneServiceImpl *>(uptr)->nodeDataStorePutFunction(name,data,len,secure); }
+static int SnodeWirePacketSendFunction(ZT_Node *node,void *uptr,const struct sockaddr_storage *localAddr,const struct sockaddr_storage *addr,const void *data,unsigned int len,unsigned int ttl)
+{ return reinterpret_cast<OneServiceImpl *>(uptr)->nodeWirePacketSendFunction(localAddr,addr,data,len,ttl); }
+static void SnodeVirtualNetworkFrameFunction(ZT_Node *node,void *uptr,uint64_t nwid,void **nuptr,uint64_t sourceMac,uint64_t destMac,unsigned int etherType,unsigned int vlanId,const void *data,unsigned int len)
+{ reinterpret_cast<OneServiceImpl *>(uptr)->nodeVirtualNetworkFrameFunction(nwid,nuptr,sourceMac,destMac,etherType,vlanId,data,len); }
+static int SnodePathCheckFunction(ZT_Node *node,void *uptr,const struct sockaddr_storage *localAddr,const struct sockaddr_storage *remoteAddr)
+{ return reinterpret_cast<OneServiceImpl *>(uptr)->nodePathCheckFunction(localAddr,remoteAddr); }
+
+#ifdef ZT_ENABLE_CLUSTER
+static void SclusterSendFunction(void *uptr,unsigned int toMemberId,const void *data,unsigned int len)
+{
+	OneServiceImpl *const impl = reinterpret_cast<OneServiceImpl *>(uptr);
+	const ClusterDefinition::MemberDefinition &md = (*(impl->_clusterDefinition))[toMemberId];
+	if (md.clusterEndpoint)
+		impl->_phy.udpSend(impl->_clusterMessageSocket,reinterpret_cast<const struct sockaddr *>(&(md.clusterEndpoint)),data,len);
+}
+static int SclusterGeoIpFunction(void *uptr,const struct sockaddr_storage *addr,int *x,int *y,int *z)
+{
+	OneServiceImpl *const impl = reinterpret_cast<OneServiceImpl *>(uptr);
+	return (int)(impl->_clusterDefinition->geo().locate(*(reinterpret_cast<const InetAddress *>(addr)),*x,*y,*z));
+}
+#endif
+
+static void StapFrameHandler(void *uptr,uint64_t nwid,const MAC &from,const MAC &to,unsigned int etherType,unsigned int vlanId,const void *data,unsigned int len)
+{ reinterpret_cast<OneServiceImpl *>(uptr)->tapFrameHandler(nwid,from,to,etherType,vlanId,data,len); }
+
+static int ShttpOnMessageBegin(http_parser *parser)
+{
+	TcpConnection *tc = reinterpret_cast<TcpConnection *>(parser->data);
+	tc->currentHeaderField = "";
+	tc->currentHeaderValue = "";
+	tc->messageSize = 0;
+	tc->url = "";
+	tc->status = "";
+	tc->headers.clear();
+	tc->body = "";
+	return 0;
+}
+static int ShttpOnUrl(http_parser *parser,const char *ptr,size_t length)
+{
+	TcpConnection *tc = reinterpret_cast<TcpConnection *>(parser->data);
+	tc->messageSize += (unsigned long)length;
+	if (tc->messageSize > ZT_MAX_HTTP_MESSAGE_SIZE)
+		return -1;
+	tc->url.append(ptr,length);
+	return 0;
+}
+#if (HTTP_PARSER_VERSION_MAJOR >= 2) && (HTTP_PARSER_VERSION_MINOR >= 2)
+static int ShttpOnStatus(http_parser *parser,const char *ptr,size_t length)
+#else
+static int ShttpOnStatus(http_parser *parser)
+#endif
+{
+	/*
+	TcpConnection *tc = reinterpret_cast<TcpConnection *>(parser->data);
+	tc->messageSize += (unsigned long)length;
+	if (tc->messageSize > ZT_MAX_HTTP_MESSAGE_SIZE)
+		return -1;
+	tc->status.append(ptr,length);
+	*/
+	return 0;
+}
+static int ShttpOnHeaderField(http_parser *parser,const char *ptr,size_t length)
+{
+	TcpConnection *tc = reinterpret_cast<TcpConnection *>(parser->data);
+	tc->messageSize += (unsigned long)length;
+	if (tc->messageSize > ZT_MAX_HTTP_MESSAGE_SIZE)
+		return -1;
+	if ((tc->currentHeaderField.length())&&(tc->currentHeaderValue.length())) {
+		tc->headers[tc->currentHeaderField] = tc->currentHeaderValue;
+		tc->currentHeaderField = "";
+		tc->currentHeaderValue = "";
+	}
+	for(size_t i=0;i<length;++i)
+		tc->currentHeaderField.push_back(OSUtils::toLower(ptr[i]));
+	return 0;
+}
+static int ShttpOnValue(http_parser *parser,const char *ptr,size_t length)
+{
+	TcpConnection *tc = reinterpret_cast<TcpConnection *>(parser->data);
+	tc->messageSize += (unsigned long)length;
+	if (tc->messageSize > ZT_MAX_HTTP_MESSAGE_SIZE)
+		return -1;
+	tc->currentHeaderValue.append(ptr,length);
+	return 0;
+}
+static int ShttpOnHeadersComplete(http_parser *parser)
+{
+	TcpConnection *tc = reinterpret_cast<TcpConnection *>(parser->data);
+	if ((tc->currentHeaderField.length())&&(tc->currentHeaderValue.length()))
+		tc->headers[tc->currentHeaderField] = tc->currentHeaderValue;
+	return 0;
+}
+static int ShttpOnBody(http_parser *parser,const char *ptr,size_t length)
+{
+	TcpConnection *tc = reinterpret_cast<TcpConnection *>(parser->data);
+	tc->messageSize += (unsigned long)length;
+	if (tc->messageSize > ZT_MAX_HTTP_MESSAGE_SIZE)
+		return -1;
+	tc->body.append(ptr,length);
+	return 0;
+}
+static int ShttpOnMessageComplete(http_parser *parser)
+{
+	TcpConnection *tc = reinterpret_cast<TcpConnection *>(parser->data);
+	tc->shouldKeepAlive = (http_should_keep_alive(parser) != 0);
+	tc->lastActivity = OSUtils::now();
+	if (tc->type == TcpConnection::TCP_HTTP_INCOMING) {
+		tc->parent->onHttpRequestToServer(tc);
+	} else {
+		tc->parent->onHttpResponseFromClient(tc);
+	}
+	return 0;
+}
+
+} // anonymous namespace
+
+std::string OneService::platformDefaultHomePath()
+{
+	return OSUtils::platformDefaultHomePath();
+}
+
+std::string OneService::autoUpdateUrl()
+{
+#ifdef ZT_AUTO_UPDATE
+
+/*
+#if defined(__LINUX__) && ( defined(__i386__) || defined(__x86_64) || defined(__x86_64__) || defined(__amd64) || defined(__i386) )
+	if (sizeof(void *) == 8)
+		return "http://download.zerotier.com/ZeroTierOneInstaller-linux-x64-LATEST.nfo";
+	else return "http://download.zerotier.com/ZeroTierOneInstaller-linux-x86-LATEST.nfo";
+#endif
+*/
+
+#if defined(__APPLE__) && ( defined(__i386__) || defined(__x86_64) || defined(__x86_64__) || defined(__amd64) || defined(__i386) )
+	return "http://download.zerotier.com/update/mac_intel/";
+#endif
+
+#ifdef __WINDOWS__
+	return "http://download.zerotier.com/update/win_intel/";
+#endif
+
+#endif // ZT_AUTO_UPDATE
+	return std::string();
+}
+
+OneService *OneService::newInstance(const char *hp,unsigned int port) { return new OneServiceImpl(hp,port); }
+OneService::~OneService() {}
+
+} // namespace ZeroTier
diff --git a/service/OneService.hpp b/service/OneService.hpp
new file mode 100644
index 0000000..cead381
--- /dev/null
+++ b/service/OneService.hpp
@@ -0,0 +1,187 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_ONESERVICE_HPP
+#define ZT_ONESERVICE_HPP
+
+#include <string>
+
+namespace ZeroTier {
+
+/**
+ * Local service for ZeroTier One as system VPN/NFV provider
+ *
+ * If built with ZT_ENABLE_NETWORK_CONTROLLER defined, this includes and
+ * runs controller/SqliteNetworkController with a database called
+ * controller.db in the specified home directory.
+ *
+ * If built with ZT_AUTO_UPDATE, an official ZeroTier update URL is
+ * periodically checked and updates are automatically downloaded, verified
+ * against a built-in list of update signing keys, and installed. This is
+ * only supported for certain platforms.
+ *
+ * If built with ZT_ENABLE_CLUSTER, a 'cluster' file is checked and if
+ * present is read to determine the identity of other cluster members.
+ */
+class OneService
+{
+public:
+	/**
+	 * Returned by node main if/when it terminates
+	 */
+	enum ReasonForTermination
+	{
+		/**
+		 * Instance is still running
+		 */
+		ONE_STILL_RUNNING = 0,
+
+		/**
+		 * Normal shutdown
+		 */
+		ONE_NORMAL_TERMINATION = 1,
+
+		/**
+		 * A serious unrecoverable error has occurred
+		 */
+		ONE_UNRECOVERABLE_ERROR = 2,
+
+		/**
+		 * Your identity has collided with another
+		 */
+		ONE_IDENTITY_COLLISION = 3
+	};
+
+	/**
+	 * Local settings for each network
+	 */
+	struct NetworkSettings
+	{
+		/**
+		 * Allow this network to configure IP addresses and routes?
+		 */
+		bool allowManaged;
+
+		/**
+		 * Allow configuration of IPs and routes within global (Internet) IP space?
+		 */
+		bool allowGlobal;
+
+		/**
+		 * Allow overriding of system default routes for "full tunnel" operation?
+		 */
+		bool allowDefault;
+	};
+
+	/**
+	 * @return Platform default home path or empty string if this platform doesn't have one
+	 */
+	static std::string platformDefaultHomePath();
+
+	/**
+	 * @return Auto-update URL or empty string if auto-updates unsupported or not enabled
+	 */
+	static std::string autoUpdateUrl();
+
+	/**
+	 * Create a new instance of the service
+	 *
+	 * Once created, you must call the run() method to actually start
+	 * processing.
+	 *
+	 * The port is saved to a file in the home path called zerotier-one.port,
+	 * which is used by the CLI and can be used to see which port was chosen if
+	 * 0 (random port) is picked.
+	 *
+	 * @param hp Home path
+	 * @param port TCP and UDP port for packets and HTTP control (if 0, pick random port)
+	 */
+	static OneService *newInstance(
+		const char *hp,
+		unsigned int port);
+
+	virtual ~OneService();
+
+	/**
+	 * Execute the service main I/O loop until terminated
+	 *
+	 * The terminate() method may be called from a signal handler or another
+	 * thread to terminate execution. Otherwise this will not return unless
+	 * another condition terminates execution such as a fatal error.
+	 */
+	virtual ReasonForTermination run() = 0;
+
+	/**
+	 * @return Reason for terminating or ONE_STILL_RUNNING if running
+	 */
+	virtual ReasonForTermination reasonForTermination() const = 0;
+
+	/**
+	 * @return Fatal error message or empty string if none
+	 */
+	virtual std::string fatalErrorMessage() const = 0;
+
+	/**
+	 * @return System device name corresponding with a given ZeroTier network ID or empty string if not opened yet or network ID not found
+	 */
+	virtual std::string portDeviceName(uint64_t nwid) const = 0;
+
+	/**
+	 * @return True if TCP fallback is currently active
+	 */
+	virtual bool tcpFallbackActive() const = 0;
+
+	/**
+	 * Terminate background service (can be called from other threads)
+	 */
+	virtual void terminate() = 0;
+
+	/**
+	 * Get local settings for a network
+	 *
+	 * @param nwid Network ID
+	 * @param settings Buffer to fill with local network settings
+	 * @return True if network was found and settings is filled
+	 */
+	virtual bool getNetworkSettings(const uint64_t nwid,NetworkSettings &settings) const = 0;
+
+	/**
+	 * Set local settings for a network
+	 *
+	 * @param nwid Network ID
+	 * @param settings New network local settings
+	 * @return True if network was found and setting modified
+	 */
+	virtual bool setNetworkSettings(const uint64_t nwid,const NetworkSettings &settings) = 0;
+
+	/**
+	 * @return True if service is still running
+	 */
+	inline bool isRunning() const { return (this->reasonForTermination() == ONE_STILL_RUNNING); }
+
+protected:
+	OneService() {}
+
+private:
+	OneService(const OneService &one) {}
+	inline OneService &operator=(const OneService &one) { return *this; }
+};
+
+} // namespace ZeroTier
+
+#endif
diff --git a/service/README.md b/service/README.md
new file mode 100644
index 0000000..75c437d
--- /dev/null
+++ b/service/README.md
@@ -0,0 +1,122 @@
+ZeroTier One Network Virtualization Service
+======
+
+This is the common background service implementation for ZeroTier One, the VPN-like OS-level network virtualization service.
+
+It provides a ready-made core I/O loop and a local HTTP-based JSON control bus for controlling the service. This control bus HTTP server can also serve the files in ui/ if this folder's contents are installed in the ZeroTier home folder. The ui/ implements a React-based HTML5 user interface which is then wrappered for various platforms via MacGap, Windows .NET WebControl, etc. It can also be used locally from scripts or via *curl*.
+
+### Network Virtualization Service API
+
+The JSON API supports GET, POST/PUT, and DELETE. PUT is treated as a synonym for POST. Other methods including HEAD are not supported.
+
+Values POSTed to the JSON API are *extremely* type sensitive. Things *must* be of the indicated type, otherwise they will be ignored or will generate an error. Anything quoted is a string so booleans and integers must lack quotes. Booleans must be *true* or *false* and nothing else. Integers cannot contain decimal points or they are floats (and vice versa). If something seems to be getting ignored or set to a strange value, or if you receive errors, check the type of all JSON fields you are submitting against the types listed below. Unrecognized fields in JSON objects are also ignored.
+
+API requests must be authenticated via an authentication token. ZeroTier One saves this token in the *authtoken.secret* file in its working directory. This token may be supplied via the *auth* URL parameter (e.g. '?auth=...') or via the *X-ZT1-Auth* HTTP request header. Static UI pages are the only thing the server will allow without authentication.
+
+A *jsonp* URL argument may be supplied to request JSONP encapsulation. A JSONP response is sent as a script with its JSON response payload wrapped in a call to the function name supplied as the argument to *jsonp*.
+
+#### /status
+
+ * Purpose: Get running node status and addressing info
+ * Methods: GET
+ * Returns: { object }
+
+<table>
+<tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Description</b></td><td><b>Writable</b></td></tr>
+<tr><td>address</td><td>string</td><td>10-digit hexadecimal ZeroTier address of this node</td><td>no</td></tr>
+<tr><td>publicIdentity</td><td>string</td><td>Full public ZeroTier identity of this node</td><td>no</td></tr>
+<tr><td>online</td><td>boolean</td><td>Does this node appear to have upstream network access?</td><td>no</td></tr>
+<tr><td>tcpFallbackActive</td><td>boolean</td><td>Is TCP fallback mode active?</td><td>no</td></tr>
+<tr><td>versionMajor</td><td>integer</td><td>ZeroTier major version</td><td>no</td></tr>
+<tr><td>versionMinor</td><td>integer</td><td>ZeroTier minor version</td><td>no</td></tr>
+<tr><td>versionRev</td><td>integer</td><td>ZeroTier revision</td><td>no</td></tr>
+<tr><td>version</td><td>string</td><td>Version in major.minor.rev format</td><td>no</td></tr>
+<tr><td>clock</td><td>integer</td><td>Node system clock in ms since epoch</td><td>no</td></tr>
+</table>
+
+#### /config
+
+ * Purpose: Get or set local configuration
+ * Methods: GET, POST
+ * Returns: { object }
+
+No local configuration options are exposed yet.
+
+<table>
+<tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Description</b></td><td><b>Writable</b></td></tr>
+</table>
+
+#### /network
+
+ * Purpose: Get all network memberships
+ * Methods: GET
+ * Returns: [ {object}, ... ]
+
+Getting /network returns an array of all networks that this node has joined. See below for network object format.
+
+#### /network/\<network ID\>
+
+ * Purpose: Get, join, or leave a network
+ * Methods: GET, POST, DELETE
+ * Returns: { object }
+
+To join a network, POST to it. Since networks have no mandatory writable parameters, POST data is optional and may be omitted. Example: POST to /network/8056c2e21c000001 to join the public "Earth" network. To leave a network, DELETE it e.g. DELETE /network/8056c2e21c000001.
+
+Most network settings are not writable, as they are defined by the network controller.
+
+<table>
+<tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Description</b></td><td><b>Writable</b></td></tr>
+<tr><td>nwid</td><td>string</td><td>16-digit hex network ID</td><td>no</td></tr>
+<tr><td>mac</td><td>string</td><td>Ethernet MAC address of virtual network port</td><td>no</td></tr>
+<tr><td>name</td><td>string</td><td>Network short name as configured on network controller</td><td>no</td></tr>
+<tr><td>status</td><td>string</td><td>Network status: OK, ACCESS_DENIED, PORT_ERROR, etc.</td><td>no</td></tr>
+<tr><td>type</td><td>string</td><td>Network type, currently PUBLIC or PRIVATE</td><td>no</td></tr>
+<tr><td>mtu</td><td>integer</td><td>Ethernet MTU</td><td>no</td></tr>
+<tr><td>dhcp</td><td>boolean</td><td>If true, DHCP may be used to obtain an IP address</td><td>no</td></tr>
+<tr><td>bridge</td><td>boolean</td><td>If true, this node may bridge in other Ethernet devices</td><td>no</td></tr>
+<tr><td>broadcastEnabled</td><td>boolean</td><td>Is Ethernet broadcast (ff:ff:ff:ff:ff:ff) allowed?</td><td>no</td></tr>
+<tr><td>portError</td><td>integer</td><td>Error code (if any) returned by underlying OS "tap" driver</td><td>no</td></tr>
+<tr><td>netconfRevision</td><td>integer</td><td>Network configuration revision ID</td><td>no</td></tr>
+<tr><td>multicastSubscriptions</td><td>[string]</td><td>Multicast memberships as array of MAC/ADI tuples</td><td>no</td></tr>
+<tr><td>assignedAddresses</td><td>[string]</td><td>ZeroTier-managed IP address assignments as array of IP/netmask bits tuples</td><td>no</td></tr>
+<tr><td>portDeviceName</td><td>string</td><td>OS-specific network device name (if available)</td><td>no</td></tr>
+</table>
+
+#### /peer
+
+ * Purpose: Get all peers
+ * Methods: GET
+ * Returns: [ {object}, ... ]
+
+Getting /peer returns an array of peer objects for all current peers. See below for peer object format.
+
+#### /peer/\<address\>
+
+ * Purpose: Get information about a peer
+ * Methods: GET
+ * Returns: { object }
+
+<table>
+<tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Description</b></td><td><b>Writable</b></td></tr>
+<tr><td>address</td><td>string</td><td>10-digit hex ZeroTier address</td><td>no</td></tr>
+<tr><td>lastUnicastFrame</td><td>integer</td><td>Time of last unicast frame in ms since epoch</td><td>no</td></tr>
+<tr><td>lastMulticastFrame</td><td>integer</td><td>Time of last multicast frame in ms since epoch</td><td>no</td></tr>
+<tr><td>versionMajor</td><td>integer</td><td>Major version of remote if known</td><td>no</td></tr>
+<tr><td>versionMinor</td><td>integer</td><td>Minor version of remote if known</td><td>no</td></tr>
+<tr><td>versionRev</td><td>integer</td><td>Revision of remote if known</td><td>no</td></tr>
+<tr><td>version</td><td>string</td><td>Version in major.minor.rev format</td><td>no</td></tr>
+<tr><td>latency</td><td>integer</td><td>Latency in milliseconds if known</td><td>no</td></tr>
+<tr><td>role</td><td>string</td><td>LEAF, HUB, or ROOTSERVER</td><td>no</td></tr>
+<tr><td>paths</td><td>[object]</td><td>Array of path objects (see below)</td><td>no</td></tr>
+</table>
+
+Path objects describe direct physical paths to peer. If no path objects are listed, peer is only reachable via indirect relay fallback. Path object format is:
+
+<table>
+<tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Description</b></td><td><b>Writable</b></td></tr>
+<tr><td>address</td><td>string</td><td>Physical socket address e.g. IP/port for UDP</td><td>no</td></tr>
+<tr><td>lastSend</td><td>integer</td><td>Last send via this path in ms since epoch</td><td>no</td></tr>
+<tr><td>lastReceive</td><td>integer</td><td>Last receive via this path in ms since epoch</td><td>no</td></tr>
+<tr><td>fixed</td><td>boolean</td><td>If true, this is a statically-defined "fixed" path</td><td>no</td></tr>
+<tr><td>preferred</td><td>boolean</td><td>If true, this is the current preferred path</td><td>no</td></tr>
+</table>
diff --git a/tcp-proxy/Makefile b/tcp-proxy/Makefile
new file mode 100644
index 0000000..af4e71e
--- /dev/null
+++ b/tcp-proxy/Makefile
@@ -0,0 +1,7 @@
+CXX=$(shell which clang++ g++ c++ 2>/dev/null | head -n 1)
+
+all:
+	$(CXX) -O3 -fno-rtti -o tcp-proxy tcp-proxy.cpp
+
+clean:
+	rm -f *.o tcp-proxy *.dSYM
diff --git a/tcp-proxy/README.md b/tcp-proxy/README.md
new file mode 100644
index 0000000..6f347d6
--- /dev/null
+++ b/tcp-proxy/README.md
@@ -0,0 +1,4 @@
+TCP Proxy Server
+======
+
+This is the TCP proxy server we run for TCP tunneling from peers behind fascist NATs. Regular users won't have much use for this.
diff --git a/tcp-proxy/tcp-proxy.cpp b/tcp-proxy/tcp-proxy.cpp
new file mode 100644
index 0000000..2fe500d
--- /dev/null
+++ b/tcp-proxy/tcp-proxy.cpp
@@ -0,0 +1,317 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+// HACK! Will eventually use epoll() or something in Phy<> instead of select().
+// Also be sure to change ulimit -n and fs.file-max in /etc/sysctl.conf on relays.
+#if defined(__linux__) || defined(__LINUX__) || defined(__LINUX) || defined(LINUX)
+#include <linux/posix_types.h>
+#include <bits/types.h>
+#undef __FD_SETSIZE
+#define __FD_SETSIZE 1048576
+#undef FD_SETSIZE
+#define FD_SETSIZE 1048576
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <stdint.h>
+#include <unistd.h>
+#include <signal.h>
+
+#include <map>
+#include <set>
+#include <string>
+#include <algorithm>
+#include <vector>
+
+#include "../osdep/Phy.hpp"
+
+#define ZT_TCP_PROXY_CONNECTION_TIMEOUT_SECONDS 300
+#define ZT_TCP_PROXY_TCP_PORT 443
+
+using namespace ZeroTier;
+
+/*
+ * ZeroTier TCP Proxy Server
+ *
+ * This implements a simple packet encapsulation that is designed to look like
+ * a TLS connection. It's not a TLS connection, but it sends TLS format record
+ * headers. It could be extended in the future to implement a fake TLS
+ * handshake.
+ *
+ * At the moment, each packet is just made to look like TLS application data:
+ *   <[1] TLS content type> - currently 0x17 for "application data"
+ *   <[1] TLS major version> - currently 0x03 for TLS 1.2
+ *   <[1] TLS minor version> - currently 0x03 for TLS 1.2
+ *   <[2] payload length> - 16-bit length of payload in bytes
+ *   <[...] payload> - Message payload
+ *
+ * TCP is inherently inefficient for encapsulating Ethernet, since TCP and TCP
+ * like protocols over TCP lead to double-ACKs. So this transport is only used
+ * to enable access when UDP or other datagram protocols are not available.
+ *
+ * Clients send a greeting, which is a four-byte message that contains:
+ *   <[1] ZeroTier major version>
+ *   <[1] minor version>
+ *   <[2] revision>
+ *
+ * If a client has sent a greeting, it uses the new version of this protocol
+ * in which every encapsulated ZT packet is prepended by an IP address where
+ * it should be forwarded (or where it came from for replies). This causes
+ * this proxy to act as a remote UDP socket similar to a socks proxy, which
+ * will allow us to move this function off the rootservers and onto dedicated
+ * proxy nodes.
+ *
+ * Older ZT clients that do not send this message get their packets relayed
+ * to/from 127.0.0.1:9993, which will allow them to talk to and relay via
+ * the ZT node on the same machine as the proxy. We'll only support this for
+ * as long as such nodes appear to be in the wild.
+ */
+
+struct TcpProxyService;
+struct TcpProxyService
+{
+	Phy<TcpProxyService *> *phy;
+	int udpPortCounter;
+	struct Client
+	{
+		char tcpReadBuf[131072];
+		char tcpWriteBuf[131072];
+		unsigned long tcpWritePtr;
+		unsigned long tcpReadPtr;
+		PhySocket *tcp;
+		PhySocket *udp;
+		time_t lastActivity;
+		bool newVersion;
+	};
+	std::map< PhySocket *,Client > clients;
+
+	PhySocket *getUnusedUdp(void *uptr)
+	{
+		for(int i=0;i<65535;++i) {
+			++udpPortCounter;
+			if (udpPortCounter > 0xfffe)
+				udpPortCounter = 1024;
+			struct sockaddr_in laddr;
+			memset(&laddr,0,sizeof(struct sockaddr_in));
+			laddr.sin_family = AF_INET;
+			laddr.sin_port = htons((uint16_t)udpPortCounter);
+			PhySocket *udp = phy->udpBind(reinterpret_cast<struct sockaddr *>(&laddr),uptr);
+			if (udp)
+				return udp;
+		}
+		return (PhySocket *)0;
+	}
+
+	void phyOnDatagram(PhySocket *sock,void **uptr,const struct sockaddr *from,void *data,unsigned long len)
+	{
+		if (!*uptr)
+			return;
+		if ((from->sa_family == AF_INET)&&(len >= 16)&&(len < 2048)) {
+			Client &c = *((Client *)*uptr);
+			c.lastActivity = time((time_t *)0);
+
+			unsigned long mlen = len;
+			if (c.newVersion)
+				mlen += 7; // new clients get IP info
+
+			if ((c.tcpWritePtr + 5 + mlen) <= sizeof(c.tcpWriteBuf)) {
+				if (!c.tcpWritePtr)
+					phy->tcpSetNotifyWritable(c.tcp,true);
+
+				c.tcpWriteBuf[c.tcpWritePtr++] = 0x17; // look like TLS data
+				c.tcpWriteBuf[c.tcpWritePtr++] = 0x03; // look like TLS 1.2
+				c.tcpWriteBuf[c.tcpWritePtr++] = 0x03; // look like TLS 1.2
+
+				c.tcpWriteBuf[c.tcpWritePtr++] = (char)((mlen >> 8) & 0xff);
+				c.tcpWriteBuf[c.tcpWritePtr++] = (char)(mlen & 0xff);
+
+				if (c.newVersion) {
+					c.tcpWriteBuf[c.tcpWritePtr++] = (char)4; // IPv4
+					*((uint32_t *)(c.tcpWriteBuf + c.tcpWritePtr)) = ((const struct sockaddr_in *)from)->sin_addr.s_addr;
+					c.tcpWritePtr += 4;
+					*((uint16_t *)(c.tcpWriteBuf + c.tcpWritePtr)) = ((const struct sockaddr_in *)from)->sin_port;
+					c.tcpWritePtr += 2;
+				}
+
+				for(unsigned long i=0;i<len;++i)
+					c.tcpWriteBuf[c.tcpWritePtr++] = ((const char *)data)[i];
+			}
+
+			//printf("<< UDP %s:%d -> %.16llx\n",inet_ntoa(reinterpret_cast<const struct sockaddr_in *>(from)->sin_addr),(int)ntohs(reinterpret_cast<const struct sockaddr_in *>(from)->sin_port),(unsigned long long)&c);
+		}
+	}
+
+	void phyOnTcpConnect(PhySocket *sock,void **uptr,bool success)
+	{
+		// unused, we don't initiate outbound connections
+	}
+
+	void phyOnTcpAccept(PhySocket *sockL,PhySocket *sockN,void **uptrL,void **uptrN,const struct sockaddr *from)
+	{
+		Client &c = clients[sockN];
+		PhySocket *udp = getUnusedUdp((void *)&c);
+		if (!udp) {
+			phy->close(sockN);
+			clients.erase(sockN);
+			//printf("** TCP rejected, no more UDP ports to assign\n");
+			return;
+		}
+		c.tcpWritePtr = 0;
+		c.tcpReadPtr = 0;
+		c.tcp = sockN;
+		c.udp = udp;
+		c.lastActivity = time((time_t *)0);
+		c.newVersion = false;
+		*uptrN = (void *)&c;
+		//printf("<< TCP from %s -> %.16llx\n",inet_ntoa(reinterpret_cast<const struct sockaddr_in *>(from)->sin_addr),(unsigned long long)&c);
+	}
+
+	void phyOnTcpClose(PhySocket *sock,void **uptr)
+	{
+		if (!*uptr)
+			return;
+		Client &c = *((Client *)*uptr);
+		phy->close(c.udp);
+		clients.erase(sock);
+		//printf("** TCP %.16llx closed\n",(unsigned long long)*uptr);
+	}
+
+	void phyOnTcpData(PhySocket *sock,void **uptr,void *data,unsigned long len)
+	{
+		Client &c = *((Client *)*uptr);
+		c.lastActivity = time((time_t *)0);
+
+		for(unsigned long i=0;i<len;++i) {
+			if (c.tcpReadPtr >= sizeof(c.tcpReadBuf)) {
+				phy->close(sock);
+				return;
+			}
+			c.tcpReadBuf[c.tcpReadPtr++] = ((const char *)data)[i];
+
+			if (c.tcpReadPtr >= 5) {
+				unsigned long mlen = ( ((((unsigned long)c.tcpReadBuf[3]) & 0xff) << 8) | (((unsigned long)c.tcpReadBuf[4]) & 0xff) );
+				if (c.tcpReadPtr >= (mlen + 5)) {
+					if (mlen == 4) {
+						// Right now just sending this means the client is 'new enough' for the IP header
+						c.newVersion = true;
+						//printf("<< TCP %.16llx HELLO\n",(unsigned long long)*uptr);
+					} else if (mlen >= 7) {
+						char *payload = c.tcpReadBuf + 5;
+						unsigned long payloadLen = mlen;
+
+						struct sockaddr_in dest;
+						memset(&dest,0,sizeof(dest));
+						if (c.newVersion) {
+							if (*payload == (char)4) {
+								// New clients tell us where their packets go.
+								++payload;
+								dest.sin_family = AF_INET;
+								dest.sin_addr.s_addr = *((uint32_t *)payload);
+								payload += 4;
+								dest.sin_port = *((uint16_t *)payload); // will be in network byte order already
+								payload += 2;
+								payloadLen -= 7;
+							}
+						} else {
+							// For old clients we will just proxy everything to a local ZT instance. The
+							// fact that this will come from 127.0.0.1 will in turn prevent that instance
+							// from doing unite() with us. It'll just forward. There will not be many of
+							// these.
+							dest.sin_family = AF_INET;
+							dest.sin_addr.s_addr = htonl(0x7f000001); // 127.0.0.1
+							dest.sin_port = htons(9993);
+						}
+
+						// Note: we do not relay to privileged ports... just an abuse prevention rule.
+						if ((ntohs(dest.sin_port) > 1024)&&(payloadLen >= 16)) {
+							phy->udpSend(c.udp,(const struct sockaddr *)&dest,payload,payloadLen);
+							//printf(">> TCP %.16llx to %s:%d\n",(unsigned long long)*uptr,inet_ntoa(dest.sin_addr),(int)ntohs(dest.sin_port));
+						}
+					}
+
+					memmove(c.tcpReadBuf,c.tcpReadBuf + (mlen + 5),c.tcpReadPtr -= (mlen + 5));
+				}
+			}
+		}
+	}
+
+	void phyOnTcpWritable(PhySocket *sock,void **uptr)
+	{
+		Client &c = *((Client *)*uptr);
+		if (c.tcpWritePtr) {
+			long n = phy->tcpSend(sock,c.tcpWriteBuf,c.tcpWritePtr);
+			if (n > 0) {
+				memmove(c.tcpWriteBuf,c.tcpWriteBuf + n,c.tcpWritePtr -= (unsigned long)n);
+				if (!c.tcpWritePtr)
+					phy->tcpSetNotifyWritable(sock,false);
+			}
+		} else phy->tcpSetNotifyWritable(sock,false);
+	}
+
+	void doHousekeeping()
+	{
+		std::vector<PhySocket *> toClose;
+		time_t now = time((time_t *)0);
+		for(std::map< PhySocket *,Client >::iterator c(clients.begin());c!=clients.end();++c) {
+			if ((now - c->second.lastActivity) >= ZT_TCP_PROXY_CONNECTION_TIMEOUT_SECONDS) {
+				toClose.push_back(c->first);
+				toClose.push_back(c->second.udp);
+			}
+		}
+		for(std::vector<PhySocket *>::iterator s(toClose.begin());s!=toClose.end();++s)
+			phy->close(*s);
+	}
+};
+
+int main(int argc,char **argv)
+{
+	signal(SIGPIPE,SIG_IGN);
+	signal(SIGHUP,SIG_IGN);
+	srand(time((time_t *)0));
+
+	TcpProxyService svc;
+	Phy<TcpProxyService *> phy(&svc,false,true);
+	svc.phy = &phy;
+	svc.udpPortCounter = 1023;
+
+	{
+		struct sockaddr_in laddr;
+		memset(&laddr,0,sizeof(laddr));
+		laddr.sin_family = AF_INET;
+		laddr.sin_port = htons(ZT_TCP_PROXY_TCP_PORT);
+		if (!phy.tcpListen((const struct sockaddr *)&laddr)) {
+			fprintf(stderr,"%s: fatal error: unable to bind TCP port %d\n",argv[0],ZT_TCP_PROXY_TCP_PORT);
+			return 1;
+		}
+	}
+
+	time_t lastDidHousekeeping = time((time_t *)0);
+	for(;;) {
+		phy.poll(120000);
+		time_t now = time((time_t *)0);
+		if ((now - lastDidHousekeeping) > 120) {
+			lastDidHousekeeping = now;
+			svc.doHousekeeping();
+		}
+	}
+
+	return 0;
+}
diff --git a/version.h b/version.h
new file mode 100644
index 0000000..1830011
--- /dev/null
+++ b/version.h
@@ -0,0 +1,37 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _ZT_VERSION_H
+#define _ZT_VERSION_H
+
+/**
+ * Major version
+ */
+#define ZEROTIER_ONE_VERSION_MAJOR 1
+
+/**
+ * Minor version
+ */
+#define ZEROTIER_ONE_VERSION_MINOR 1
+
+/**
+ * Revision
+ */
+#define ZEROTIER_ONE_VERSION_REVISION 14
+
+#endif
diff --git a/windows/README.md b/windows/README.md
new file mode 100644
index 0000000..9f3f48b
--- /dev/null
+++ b/windows/README.md
@@ -0,0 +1,3 @@
+This folder contains the Windows driver code, Windows-specific service code, and the Microsoft Visual Studio projects and "solution" for doing Windows builds.
+
+This code may also build with MinGW but this hasn't been tested.
diff --git a/windows/TapDriver6/TapDriver6.vcxproj b/windows/TapDriver6/TapDriver6.vcxproj
new file mode 100644
index 0000000..b1f9ae1
--- /dev/null
+++ b/windows/TapDriver6/TapDriver6.vcxproj
@@ -0,0 +1,375 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Win8 Debug|Win32">
+      <Configuration>Win8 Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Win8 Release|Win32">
+      <Configuration>Win8 Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Win7 Debug|Win32">
+      <Configuration>Win7 Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Win7 Release|Win32">
+      <Configuration>Win7 Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Vista Debug|Win32">
+      <Configuration>Vista Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Vista Release|Win32">
+      <Configuration>Vista Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Win8 Debug|x64">
+      <Configuration>Win8 Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Win8 Release|x64">
+      <Configuration>Win8 Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Win7 Debug|x64">
+      <Configuration>Win7 Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Win7 Release|x64">
+      <Configuration>Win7 Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Vista Debug|x64">
+      <Configuration>Vista Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Vista Release|x64">
+      <Configuration>Vista Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}</ProjectGuid>
+    <TemplateGuid>{1bc93793-694f-48fe-9372-81e2b05556fd}</TemplateGuid>
+    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <MinimumVisualStudioVersion>11.0</MinimumVisualStudioVersion>
+    <Configuration>Win8 Debug</Configuration>
+    <Platform Condition="'$(Platform)' == ''">Win32</Platform>
+  </PropertyGroup>
+  <PropertyGroup Label="Globals">
+    <RootNamespace>TapDriver6</RootNamespace>
+    <VCTargetsPath Condition="'$(VCTargetsPath11)' != '' and '$(VisualStudioVersion)' == '11.0'">$(VCTargetsPath11)</VCTargetsPath>
+  </PropertyGroup>
+  <PropertyGroup Label="PropertySheets">
+    <PlatformToolset>WindowsKernelModeDriver8.0</PlatformToolset>
+    <ConfigurationType>Driver</ConfigurationType>
+    <DriverType>KMDF</DriverType>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|Win32'" Label="Configuration">
+    <TargetVersion>Windows8</TargetVersion>
+    <UseDebugLibraries>true</UseDebugLibraries>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8 Release|Win32'" Label="Configuration">
+    <TargetVersion>Windows8</TargetVersion>
+    <UseDebugLibraries>false</UseDebugLibraries>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|Win32'" Label="Configuration">
+    <TargetVersion>Windows7</TargetVersion>
+    <UseDebugLibraries>true</UseDebugLibraries>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win7 Release|Win32'" Label="Configuration">
+    <TargetVersion>Windows7</TargetVersion>
+    <UseDebugLibraries>false</UseDebugLibraries>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Vista Debug|Win32'" Label="Configuration">
+    <TargetVersion>Vista</TargetVersion>
+    <UseDebugLibraries>true</UseDebugLibraries>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Vista Release|Win32'" Label="Configuration">
+    <TargetVersion>Vista</TargetVersion>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <KMDF_VERSION_MAJOR>1</KMDF_VERSION_MAJOR>
+    <KMDF_VERSION_MINOR>7</KMDF_VERSION_MINOR>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|x64'" Label="Configuration">
+    <TargetVersion>Windows8</TargetVersion>
+    <UseDebugLibraries>true</UseDebugLibraries>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8 Release|x64'" Label="Configuration">
+    <TargetVersion>Windows8</TargetVersion>
+    <UseDebugLibraries>false</UseDebugLibraries>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|x64'" Label="Configuration">
+    <TargetVersion>Windows7</TargetVersion>
+    <UseDebugLibraries>true</UseDebugLibraries>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win7 Release|x64'" Label="Configuration">
+    <TargetVersion>Windows7</TargetVersion>
+    <UseDebugLibraries>false</UseDebugLibraries>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Vista Debug|x64'" Label="Configuration">
+    <TargetVersion>Vista</TargetVersion>
+    <UseDebugLibraries>true</UseDebugLibraries>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Vista Release|x64'" Label="Configuration">
+    <TargetVersion>Vista</TargetVersion>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <KMDF_VERSION_MAJOR>1</KMDF_VERSION_MAJOR>
+    <KMDF_VERSION_MINOR>7</KMDF_VERSION_MINOR>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Vista Debug|Win32'">
+    <TargetName>zttap300</TargetName>
+  </PropertyGroup>
+  <PropertyGroup>
+    <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|Win32'">
+    <TargetName>zttap300</TargetName>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Vista Release|Win32'">
+    <TargetName>zttap300</TargetName>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|Win32'">
+    <TargetName>zttap300</TargetName>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win7 Release|Win32'">
+    <TargetName>zttap300</TargetName>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8 Release|Win32'">
+    <TargetName>zttap300</TargetName>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Vista Debug|x64'">
+    <TargetName>zttap300</TargetName>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|x64'">
+    <TargetName>zttap300</TargetName>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Vista Release|x64'">
+    <TargetName>zttap300</TargetName>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|x64'">
+    <TargetName>zttap300</TargetName>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win7 Release|x64'">
+    <TargetName>zttap300</TargetName>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Win8 Release|x64'">
+    <TargetName>zttap300</TargetName>
+  </PropertyGroup>
+  <ItemDefinitionGroup>
+    <ClCompile>
+      <WppEnabled>false</WppEnabled>
+      <WppScanConfigurationData Condition="'%(ClCompile. ScanConfigurationData)'  == ''">trace.h</WppScanConfigurationData>
+      <WppKernelMode>false</WppKernelMode>
+      <WppMinimalRebuildFromTracking Condition="'$(Configuration)|$(Platform)'=='Vista Debug|Win32'">false</WppMinimalRebuildFromTracking>
+      <WppMinimalRebuildFromTracking Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|Win32'">false</WppMinimalRebuildFromTracking>
+      <WppMinimalRebuildFromTracking Condition="'$(Configuration)|$(Platform)'=='Vista Release|Win32'">false</WppMinimalRebuildFromTracking>
+      <WppMinimalRebuildFromTracking Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|Win32'">false</WppMinimalRebuildFromTracking>
+      <WppMinimalRebuildFromTracking Condition="'$(Configuration)|$(Platform)'=='Win7 Release|Win32'">false</WppMinimalRebuildFromTracking>
+      <WppMinimalRebuildFromTracking Condition="'$(Configuration)|$(Platform)'=='Win8 Release|Win32'">false</WppMinimalRebuildFromTracking>
+      <WppMinimalRebuildFromTracking Condition="'$(Configuration)|$(Platform)'=='Vista Debug|x64'">false</WppMinimalRebuildFromTracking>
+      <WppMinimalRebuildFromTracking Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|x64'">false</WppMinimalRebuildFromTracking>
+      <WppMinimalRebuildFromTracking Condition="'$(Configuration)|$(Platform)'=='Vista Release|x64'">false</WppMinimalRebuildFromTracking>
+      <WppMinimalRebuildFromTracking Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|x64'">false</WppMinimalRebuildFromTracking>
+      <WppMinimalRebuildFromTracking Condition="'$(Configuration)|$(Platform)'=='Win7 Release|x64'">false</WppMinimalRebuildFromTracking>
+      <WppMinimalRebuildFromTracking Condition="'$(Configuration)|$(Platform)'=='Win8 Release|x64'">false</WppMinimalRebuildFromTracking>
+      <WarningLevel Condition="'$(Configuration)|$(Platform)'=='Vista Debug|Win32'">Level1</WarningLevel>
+      <WarningLevel Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|Win32'">Level1</WarningLevel>
+      <WarningLevel Condition="'$(Configuration)|$(Platform)'=='Vista Release|Win32'">Level1</WarningLevel>
+      <WarningLevel Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|Win32'">Level1</WarningLevel>
+      <WarningLevel Condition="'$(Configuration)|$(Platform)'=='Win7 Release|Win32'">Level1</WarningLevel>
+      <WarningLevel Condition="'$(Configuration)|$(Platform)'=='Win8 Release|Win32'">Level1</WarningLevel>
+      <WarningLevel Condition="'$(Configuration)|$(Platform)'=='Vista Debug|x64'">Level1</WarningLevel>
+      <WarningLevel Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|x64'">Level1</WarningLevel>
+      <WarningLevel Condition="'$(Configuration)|$(Platform)'=='Vista Release|x64'">Level1</WarningLevel>
+      <WarningLevel Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|x64'">Level1</WarningLevel>
+      <WarningLevel Condition="'$(Configuration)|$(Platform)'=='Win7 Release|x64'">Level1</WarningLevel>
+      <WarningLevel Condition="'$(Configuration)|$(Platform)'=='Win8 Release|x64'">Level1</WarningLevel>
+      <CompileAs Condition="'$(Configuration)|$(Platform)'=='Vista Debug|Win32'">Default</CompileAs>
+      <CompileAs Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|Win32'">Default</CompileAs>
+      <CompileAs Condition="'$(Configuration)|$(Platform)'=='Vista Release|Win32'">Default</CompileAs>
+      <CompileAs Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|Win32'">Default</CompileAs>
+      <CompileAs Condition="'$(Configuration)|$(Platform)'=='Win7 Release|Win32'">Default</CompileAs>
+      <CompileAs Condition="'$(Configuration)|$(Platform)'=='Win8 Release|Win32'">Default</CompileAs>
+      <CompileAs Condition="'$(Configuration)|$(Platform)'=='Vista Debug|x64'">Default</CompileAs>
+      <CompileAs Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|x64'">Default</CompileAs>
+      <CompileAs Condition="'$(Configuration)|$(Platform)'=='Vista Release|x64'">Default</CompileAs>
+      <CompileAs Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|x64'">Default</CompileAs>
+      <CompileAs Condition="'$(Configuration)|$(Platform)'=='Win7 Release|x64'">Default</CompileAs>
+      <CompileAs Condition="'$(Configuration)|$(Platform)'=='Win8 Release|x64'">Default</CompileAs>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Vista Debug|x64'">C:\WinDDK\7600.16385.1\lib\win7\amd64\ndis.lib;C:\WinDDK\7600.16385.1\lib\win7\amd64\ntstrsafe.lib;C:\WinDDK\7600.16385.1\lib\win7\amd64\wdmsec.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+    <Link>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|x64'">C:\WinDDK\7600.16385.1\lib\win7\amd64\ndis.lib;C:\WinDDK\7600.16385.1\lib\win7\amd64\ntstrsafe.lib;C:\WinDDK\7600.16385.1\lib\win7\amd64\wdmsec.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+    <Link>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Vista Release|x64'">C:\WinDDK\7600.16385.1\lib\win7\amd64\ndis.lib;C:\WinDDK\7600.16385.1\lib\win7\amd64\ntstrsafe.lib;C:\WinDDK\7600.16385.1\lib\win7\amd64\wdmsec.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+    <Link>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|x64'">C:\WinDDK\7600.16385.1\lib\win7\amd64\ndis.lib;C:\WinDDK\7600.16385.1\lib\win7\amd64\ntstrsafe.lib;C:\WinDDK\7600.16385.1\lib\win7\amd64\wdmsec.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+    <Link>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Win7 Release|x64'">C:\WinDDK\7600.16385.1\lib\win7\amd64\ndis.lib;C:\WinDDK\7600.16385.1\lib\win7\amd64\ntstrsafe.lib;C:\WinDDK\7600.16385.1\lib\win7\amd64\wdmsec.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+    <Link>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Win8 Release|x64'">C:\WinDDK\7600.16385.1\lib\win7\amd64\ndis.lib;C:\WinDDK\7600.16385.1\lib\win7\amd64\ntstrsafe.lib;C:\WinDDK\7600.16385.1\lib\win7\amd64\wdmsec.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+    <Link>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Vista Debug|Win32'">C:\WinDDK\7600.16385.1\lib\win7\i386\ndis.lib;C:\WinDDK\7600.16385.1\lib\win7\i386\ntstrsafe.lib;C:\WinDDK\7600.16385.1\lib\win7\i386\wdmsec.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+    <Link>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|Win32'">C:\WinDDK\7600.16385.1\lib\win7\i386\ndis.lib;C:\WinDDK\7600.16385.1\lib\win7\i386\ntstrsafe.lib;C:\WinDDK\7600.16385.1\lib\win7\i386\wdmsec.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+    <Link>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Vista Release|Win32'">C:\WinDDK\7600.16385.1\lib\win7\i386\ndis.lib;C:\WinDDK\7600.16385.1\lib\win7\i386\ntstrsafe.lib;C:\WinDDK\7600.16385.1\lib\win7\i386\wdmsec.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+    <Link>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|Win32'">C:\WinDDK\7600.16385.1\lib\win7\i386\ndis.lib;C:\WinDDK\7600.16385.1\lib\win7\i386\ntstrsafe.lib;C:\WinDDK\7600.16385.1\lib\win7\i386\wdmsec.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+    <Link>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Win7 Release|Win32'">C:\WinDDK\7600.16385.1\lib\win7\i386\ndis.lib;C:\WinDDK\7600.16385.1\lib\win7\i386\ntstrsafe.lib;C:\WinDDK\7600.16385.1\lib\win7\i386\wdmsec.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+    <Link>
+      <AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Win8 Release|Win32'">C:\WinDDK\7600.16385.1\lib\win7\i386\ndis.lib;C:\WinDDK\7600.16385.1\lib\win7\i386\ntstrsafe.lib;C:\WinDDK\7600.16385.1\lib\win7\i386\wdmsec.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+    <Inf>
+      <TimeStamp Condition="'$(Configuration)|$(Platform)'=='Vista Debug|Win32'">3.00.00.0</TimeStamp>
+      <SpecifyDriverVerDirectiveVersion Condition="'$(Configuration)|$(Platform)'=='Vista Debug|Win32'">false</SpecifyDriverVerDirectiveVersion>
+      <SpecifyDriverVerDirectiveDate Condition="'$(Configuration)|$(Platform)'=='Vista Debug|Win32'">false</SpecifyDriverVerDirectiveDate>
+    </Inf>
+    <Inf>
+      <TimeStamp Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|Win32'">3.00.00.0</TimeStamp>
+      <SpecifyDriverVerDirectiveVersion Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|Win32'">false</SpecifyDriverVerDirectiveVersion>
+      <SpecifyDriverVerDirectiveDate Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|Win32'">false</SpecifyDriverVerDirectiveDate>
+    </Inf>
+    <Inf>
+      <TimeStamp Condition="'$(Configuration)|$(Platform)'=='Vista Release|Win32'">3.00.00.0</TimeStamp>
+      <SpecifyDriverVerDirectiveVersion Condition="'$(Configuration)|$(Platform)'=='Vista Release|Win32'">false</SpecifyDriverVerDirectiveVersion>
+      <SpecifyDriverVerDirectiveDate Condition="'$(Configuration)|$(Platform)'=='Vista Release|Win32'">false</SpecifyDriverVerDirectiveDate>
+    </Inf>
+    <Inf>
+      <TimeStamp Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|Win32'">3.00.00.0</TimeStamp>
+      <SpecifyDriverVerDirectiveVersion Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|Win32'">false</SpecifyDriverVerDirectiveVersion>
+      <SpecifyDriverVerDirectiveDate Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|Win32'">false</SpecifyDriverVerDirectiveDate>
+    </Inf>
+    <Inf>
+      <TimeStamp Condition="'$(Configuration)|$(Platform)'=='Win7 Release|Win32'">3.00.00.0</TimeStamp>
+      <SpecifyDriverVerDirectiveVersion Condition="'$(Configuration)|$(Platform)'=='Win7 Release|Win32'">false</SpecifyDriverVerDirectiveVersion>
+      <SpecifyDriverVerDirectiveDate Condition="'$(Configuration)|$(Platform)'=='Win7 Release|Win32'">false</SpecifyDriverVerDirectiveDate>
+    </Inf>
+    <Inf>
+      <TimeStamp Condition="'$(Configuration)|$(Platform)'=='Win8 Release|Win32'">3.00.00.0</TimeStamp>
+      <SpecifyDriverVerDirectiveVersion Condition="'$(Configuration)|$(Platform)'=='Win8 Release|Win32'">false</SpecifyDriverVerDirectiveVersion>
+      <SpecifyDriverVerDirectiveDate Condition="'$(Configuration)|$(Platform)'=='Win8 Release|Win32'">false</SpecifyDriverVerDirectiveDate>
+    </Inf>
+    <Inf>
+      <TimeStamp Condition="'$(Configuration)|$(Platform)'=='Vista Debug|x64'">3.00.00.0</TimeStamp>
+      <SpecifyDriverVerDirectiveVersion Condition="'$(Configuration)|$(Platform)'=='Vista Debug|x64'">false</SpecifyDriverVerDirectiveVersion>
+      <SpecifyDriverVerDirectiveDate Condition="'$(Configuration)|$(Platform)'=='Vista Debug|x64'">false</SpecifyDriverVerDirectiveDate>
+    </Inf>
+    <Inf>
+      <TimeStamp Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|x64'">3.00.00.0</TimeStamp>
+      <SpecifyDriverVerDirectiveVersion Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|x64'">false</SpecifyDriverVerDirectiveVersion>
+      <SpecifyDriverVerDirectiveDate Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|x64'">false</SpecifyDriverVerDirectiveDate>
+    </Inf>
+    <Inf>
+      <TimeStamp Condition="'$(Configuration)|$(Platform)'=='Vista Release|x64'">3.00.00.0</TimeStamp>
+      <SpecifyDriverVerDirectiveVersion Condition="'$(Configuration)|$(Platform)'=='Vista Release|x64'">false</SpecifyDriverVerDirectiveVersion>
+      <SpecifyDriverVerDirectiveDate Condition="'$(Configuration)|$(Platform)'=='Vista Release|x64'">false</SpecifyDriverVerDirectiveDate>
+    </Inf>
+    <Inf>
+      <TimeStamp Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|x64'">3.00.00.0</TimeStamp>
+      <SpecifyDriverVerDirectiveVersion Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|x64'">false</SpecifyDriverVerDirectiveVersion>
+      <SpecifyDriverVerDirectiveDate Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|x64'">false</SpecifyDriverVerDirectiveDate>
+    </Inf>
+    <Inf>
+      <TimeStamp Condition="'$(Configuration)|$(Platform)'=='Win7 Release|x64'">3.00.00.0</TimeStamp>
+      <SpecifyDriverVerDirectiveVersion Condition="'$(Configuration)|$(Platform)'=='Win7 Release|x64'">false</SpecifyDriverVerDirectiveVersion>
+      <SpecifyDriverVerDirectiveDate Condition="'$(Configuration)|$(Platform)'=='Win7 Release|x64'">false</SpecifyDriverVerDirectiveDate>
+    </Inf>
+    <Inf>
+      <TimeStamp Condition="'$(Configuration)|$(Platform)'=='Win8 Release|x64'">3.00.00.0</TimeStamp>
+      <SpecifyDriverVerDirectiveVersion Condition="'$(Configuration)|$(Platform)'=='Win8 Release|x64'">false</SpecifyDriverVerDirectiveVersion>
+      <SpecifyDriverVerDirectiveDate Condition="'$(Configuration)|$(Platform)'=='Win8 Release|x64'">false</SpecifyDriverVerDirectiveDate>
+    </Inf>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <FilesToPackage Include="$(TargetPath)" />
+    <FilesToPackage Include="@(Inf->'%(CopyOutput)')" Condition="'@(Inf)'!=''" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="adapter.c" />
+    <ClCompile Include="device.c" />
+    <ClCompile Include="error.c" />
+    <ClCompile Include="macinfo.c" />
+    <ClCompile Include="mem.c" />
+    <ClCompile Include="oidrequest.c" />
+    <ClCompile Include="rxpath.c" />
+    <ClCompile Include="tapdrvr.c" />
+    <ClCompile Include="txpath.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="adapter.h" />
+    <ClInclude Include="config.h" />
+    <ClInclude Include="constants.h" />
+    <ClInclude Include="device.h" />
+    <ClInclude Include="endian.h" />
+    <ClInclude Include="error.h" />
+    <ClInclude Include="hexdump.h" />
+    <ClInclude Include="lock.h" />
+    <ClInclude Include="macinfo.h" />
+    <ClInclude Include="mem.h" />
+    <ClInclude Include="proto.h" />
+    <ClInclude Include="prototypes.h" />
+    <ClInclude Include="resource.h" />
+    <ClInclude Include="tap-windows.h" />
+    <ClInclude Include="tap.h" />
+    <ClInclude Include="types.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="resource.rc" />
+  </ItemGroup>
+  <ItemGroup>
+    <Inf Include="zttap300.inf">
+      <TimeStamp Condition="'$(Configuration)|$(Platform)'=='Win7 Release|x64'">3.00.00.0</TimeStamp>
+      <SpecifyDriverVerDirectiveVersion Condition="'$(Configuration)|$(Platform)'=='Vista Debug|Win32'">false</SpecifyDriverVerDirectiveVersion>
+      <TimeStamp Condition="'$(Configuration)|$(Platform)'=='Vista Debug|Win32'">3.00.00.0</TimeStamp>
+      <SpecifyDriverVerDirectiveVersion Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|Win32'">false</SpecifyDriverVerDirectiveVersion>
+      <TimeStamp Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|Win32'">3.00.00.0</TimeStamp>
+      <SpecifyDriverVerDirectiveVersion Condition="'$(Configuration)|$(Platform)'=='Vista Release|Win32'">false</SpecifyDriverVerDirectiveVersion>
+      <TimeStamp Condition="'$(Configuration)|$(Platform)'=='Vista Release|Win32'">3.00.00.0</TimeStamp>
+      <SpecifyDriverVerDirectiveVersion Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|Win32'">false</SpecifyDriverVerDirectiveVersion>
+      <TimeStamp Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|Win32'">3.00.00.0</TimeStamp>
+      <SpecifyDriverVerDirectiveVersion Condition="'$(Configuration)|$(Platform)'=='Win7 Release|Win32'">false</SpecifyDriverVerDirectiveVersion>
+      <TimeStamp Condition="'$(Configuration)|$(Platform)'=='Win7 Release|Win32'">3.00.00.0</TimeStamp>
+      <SpecifyDriverVerDirectiveVersion Condition="'$(Configuration)|$(Platform)'=='Win8 Release|Win32'">false</SpecifyDriverVerDirectiveVersion>
+      <TimeStamp Condition="'$(Configuration)|$(Platform)'=='Win8 Release|Win32'">3.00.00.0</TimeStamp>
+      <SpecifyDriverVerDirectiveVersion Condition="'$(Configuration)|$(Platform)'=='Vista Debug|x64'">false</SpecifyDriverVerDirectiveVersion>
+      <TimeStamp Condition="'$(Configuration)|$(Platform)'=='Vista Debug|x64'">3.00.00.0</TimeStamp>
+      <SpecifyDriverVerDirectiveVersion Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|x64'">false</SpecifyDriverVerDirectiveVersion>
+      <TimeStamp Condition="'$(Configuration)|$(Platform)'=='Win8 Debug|x64'">3.00.00.0</TimeStamp>
+      <SpecifyDriverVerDirectiveVersion Condition="'$(Configuration)|$(Platform)'=='Vista Release|x64'">false</SpecifyDriverVerDirectiveVersion>
+      <TimeStamp Condition="'$(Configuration)|$(Platform)'=='Vista Release|x64'">3.00.00.0</TimeStamp>
+      <SpecifyDriverVerDirectiveVersion Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|x64'">false</SpecifyDriverVerDirectiveVersion>
+      <TimeStamp Condition="'$(Configuration)|$(Platform)'=='Win7 Debug|x64'">3.00.00.0</TimeStamp>
+      <SpecifyDriverVerDirectiveVersion Condition="'$(Configuration)|$(Platform)'=='Win7 Release|x64'">false</SpecifyDriverVerDirectiveVersion>
+      <SpecifyDriverVerDirectiveVersion Condition="'$(Configuration)|$(Platform)'=='Win8 Release|x64'">false</SpecifyDriverVerDirectiveVersion>
+      <TimeStamp Condition="'$(Configuration)|$(Platform)'=='Win8 Release|x64'">3.00.00.0</TimeStamp>
+    </Inf>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/windows/TapDriver6/TapDriver6.vcxproj.filters b/windows/TapDriver6/TapDriver6.vcxproj.filters
new file mode 100644
index 0000000..14cbbde
--- /dev/null
+++ b/windows/TapDriver6/TapDriver6.vcxproj.filters
@@ -0,0 +1,110 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+    <Filter Include="Driver Files">
+      <UniqueIdentifier>{8E41214B-6785-4CFE-B992-037D68949A14}</UniqueIdentifier>
+      <Extensions>inf;inv;inx;mof;mc;</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="adapter.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="device.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="error.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="macinfo.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="mem.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="oidrequest.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="rxpath.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="tapdrvr.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="txpath.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="adapter.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="config.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="constants.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="device.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="endian.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="error.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="hexdump.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="lock.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="macinfo.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="mem.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="proto.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="prototypes.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="tap.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="tap-windows.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="types.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="resource.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="resource.rc">
+      <Filter>Resource Files</Filter>
+    </ResourceCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <Inf Include="zttap300.inf">
+      <Filter>Driver Files</Filter>
+    </Inf>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/windows/TapDriver6/adapter.c b/windows/TapDriver6/adapter.c
new file mode 100644
index 0000000..7ce4b31
--- /dev/null
+++ b/windows/TapDriver6/adapter.c
@@ -0,0 +1,1716 @@
+/*
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ *                 device functionality on Windows.
+ *
+ *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
+ *
+ *  This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
+ *  and is released under the GPL version 2 (see below).
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+//
+// Include files.
+//
+
+#include "tap.h"
+
+NDIS_OID TAPSupportedOids[] =
+{
+        OID_GEN_HARDWARE_STATUS,
+        OID_GEN_TRANSMIT_BUFFER_SPACE,
+        OID_GEN_RECEIVE_BUFFER_SPACE,
+        OID_GEN_TRANSMIT_BLOCK_SIZE,
+        OID_GEN_RECEIVE_BLOCK_SIZE,
+        OID_GEN_VENDOR_ID,
+        OID_GEN_VENDOR_DESCRIPTION,
+        OID_GEN_VENDOR_DRIVER_VERSION,
+        OID_GEN_CURRENT_PACKET_FILTER,
+        OID_GEN_CURRENT_LOOKAHEAD,
+        OID_GEN_DRIVER_VERSION,
+        OID_GEN_MAXIMUM_TOTAL_SIZE,
+        OID_GEN_XMIT_OK,
+        OID_GEN_RCV_OK,
+        OID_GEN_STATISTICS,
+#ifdef IMPLEMENT_OPTIONAL_OIDS
+        OID_GEN_TRANSMIT_QUEUE_LENGTH,       // Optional
+#endif // IMPLEMENT_OPTIONAL_OIDS
+        OID_GEN_LINK_PARAMETERS,
+        OID_GEN_INTERRUPT_MODERATION,
+        OID_GEN_MEDIA_SUPPORTED,
+        OID_GEN_MEDIA_IN_USE,
+        OID_GEN_MAXIMUM_SEND_PACKETS,
+        OID_GEN_XMIT_ERROR,
+        OID_GEN_RCV_ERROR,
+        OID_GEN_RCV_NO_BUFFER,
+        OID_802_3_PERMANENT_ADDRESS,
+        OID_802_3_CURRENT_ADDRESS,
+        OID_802_3_MULTICAST_LIST,
+        OID_802_3_MAXIMUM_LIST_SIZE,
+        OID_802_3_RCV_ERROR_ALIGNMENT,
+        OID_802_3_XMIT_ONE_COLLISION,
+        OID_802_3_XMIT_MORE_COLLISIONS,
+#ifdef IMPLEMENT_OPTIONAL_OIDS
+        OID_802_3_XMIT_DEFERRED,             // Optional
+        OID_802_3_XMIT_MAX_COLLISIONS,       // Optional
+        OID_802_3_RCV_OVERRUN,               // Optional
+        OID_802_3_XMIT_UNDERRUN,             // Optional
+        OID_802_3_XMIT_HEARTBEAT_FAILURE,    // Optional
+        OID_802_3_XMIT_TIMES_CRS_LOST,       // Optional
+        OID_802_3_XMIT_LATE_COLLISIONS,      // Optional
+        OID_PNP_CAPABILITIES,                // Optional
+#endif // IMPLEMENT_OPTIONAL_OIDS
+};
+
+//======================================================================
+// TAP NDIS 6 Miniport Callbacks
+//======================================================================
+
+// Returns with reference count initialized to one.
+PTAP_ADAPTER_CONTEXT
+tapAdapterContextAllocate(
+    __in NDIS_HANDLE        MiniportAdapterHandle
+)
+{
+    PTAP_ADAPTER_CONTEXT   adapter = NULL;
+
+    adapter = (PTAP_ADAPTER_CONTEXT )NdisAllocateMemoryWithTagPriority(
+        GlobalData.NdisDriverHandle,
+        sizeof(TAP_ADAPTER_CONTEXT),
+        TAP_ADAPTER_TAG,
+        NormalPoolPriority
+        );
+
+    if(adapter)
+    {
+        NET_BUFFER_LIST_POOL_PARAMETERS  nblPoolParameters = {0};
+
+        NdisZeroMemory(adapter,sizeof(TAP_ADAPTER_CONTEXT));
+
+        adapter->MiniportAdapterHandle = MiniportAdapterHandle;
+
+        // Initialize cancel-safe IRP queue
+        tapIrpCsqInitialize(&adapter->PendingReadIrpQueue);
+
+        // Initialize TAP send packet queue.
+        tapPacketQueueInitialize(&adapter->SendPacketQueue);
+
+        // Allocate the adapter lock.
+        NdisAllocateSpinLock(&adapter->AdapterLock);
+
+        // NBL pool for making TAP receive indications.
+        NdisZeroMemory(&nblPoolParameters, sizeof(NET_BUFFER_LIST_POOL_PARAMETERS));
+
+        // Initialize event used to determine when all receive NBLs have been returned.
+        NdisInitializeEvent(&adapter->ReceiveNblInFlightCountZeroEvent);
+
+        nblPoolParameters.Header.Type = NDIS_OBJECT_TYPE_DEFAULT;
+        nblPoolParameters.Header.Revision = NET_BUFFER_LIST_POOL_PARAMETERS_REVISION_1;
+        nblPoolParameters.Header.Size = NDIS_SIZEOF_NET_BUFFER_LIST_POOL_PARAMETERS_REVISION_1;
+        nblPoolParameters.ProtocolId = NDIS_PROTOCOL_ID_DEFAULT;
+        nblPoolParameters.ContextSize = 0;
+        //nblPoolParameters.ContextSize = sizeof(RX_NETBUFLIST_RSVD);
+        nblPoolParameters.fAllocateNetBuffer = TRUE;
+        nblPoolParameters.PoolTag = TAP_RX_NBL_TAG;
+
+#pragma warning( suppress : 28197 )
+        adapter->ReceiveNblPool = NdisAllocateNetBufferListPool(
+            adapter->MiniportAdapterHandle,
+            &nblPoolParameters); 
+
+        if (adapter->ReceiveNblPool == NULL)
+        {
+            DEBUGP (("[TAP] Couldn't allocate adapter receive NBL pool\n"));
+            NdisFreeMemory(adapter,0,0);
+        }
+
+        // Add initial reference. Normally removed in AdapterHalt.
+        adapter->RefCount = 1;
+
+        // Safe for multiple removes.
+        NdisInitializeListHead(&adapter->AdapterListLink);
+
+        //
+        // The miniport adapter is initially powered up
+        //
+        adapter->CurrentPowerState = NdisDeviceStateD0;
+    }
+
+    return adapter;
+}
+
+VOID
+tapReadPermanentAddress(
+    __in PTAP_ADAPTER_CONTEXT   Adapter,
+    __in NDIS_HANDLE            ConfigurationHandle,
+    __out MACADDR               PermanentAddress
+    )
+{
+    NDIS_STATUS status;
+    NDIS_CONFIGURATION_PARAMETER *configParameter;
+    NDIS_STRING macKey = NDIS_STRING_CONST("MAC");
+    ANSI_STRING macString;
+    BOOLEAN macFromRegistry = FALSE;
+
+    // Read MAC parameter from registry.
+    NdisReadConfiguration(
+        &status,
+        &configParameter,
+        ConfigurationHandle,
+        &macKey,
+        NdisParameterString
+        );
+
+    if (status == NDIS_STATUS_SUCCESS)
+    {
+        if( (configParameter->ParameterType == NdisParameterString)
+            && (configParameter->ParameterData.StringData.Length >= 12)
+            )
+        {
+            if (RtlUnicodeStringToAnsiString(
+                    &macString,
+                    &configParameter->ParameterData.StringData,
+                    TRUE) == STATUS_SUCCESS
+                    )
+            {
+                macFromRegistry = ParseMAC (PermanentAddress, macString.Buffer);
+                RtlFreeAnsiString (&macString);
+            }
+        }
+    }
+
+    if(!macFromRegistry)
+    {
+        //
+        // There is no (valid) address stashed in the registry parameter.
+        //
+        // Make up a dummy mac address based on the ANSI representation of the
+        // NetCfgInstanceId GUID.
+        //
+        GenerateRandomMac(PermanentAddress, MINIPORT_INSTANCE_ID(Adapter));
+    }
+}
+
+NDIS_STATUS
+tapReadConfiguration(
+    __in PTAP_ADAPTER_CONTEXT     Adapter
+    )
+{
+    NDIS_STATUS                 status = NDIS_STATUS_SUCCESS;
+    NDIS_CONFIGURATION_OBJECT   configObject;
+    NDIS_HANDLE                 configHandle;
+
+    DEBUGP (("[TAP] --> tapReadConfiguration\n"));
+
+    //
+    // Setup defaults in case configuration cannot be opened.
+    //
+    Adapter->MtuSize = ETHERNET_MTU;
+    Adapter->MediaStateAlwaysConnected = FALSE;
+    Adapter->LogicalMediaState = FALSE;
+    Adapter->AllowNonAdmin = FALSE;
+    //
+    // Open the registry for this adapter to read advanced
+    // configuration parameters stored by the INF file.
+    //
+    NdisZeroMemory(&configObject, sizeof(configObject));
+
+    {C_ASSERT(sizeof(configObject) >= NDIS_SIZEOF_CONFIGURATION_OBJECT_REVISION_1);}
+    configObject.Header.Type = NDIS_OBJECT_TYPE_CONFIGURATION_OBJECT;
+    configObject.Header.Size = NDIS_SIZEOF_CONFIGURATION_OBJECT_REVISION_1;
+    configObject.Header.Revision = NDIS_CONFIGURATION_OBJECT_REVISION_1;
+
+    configObject.NdisHandle = Adapter->MiniportAdapterHandle;
+    configObject.Flags = 0;
+
+    status = NdisOpenConfigurationEx(
+                &configObject,
+                &configHandle
+                );
+
+    // Read on the opened configuration handle.
+    if(status == NDIS_STATUS_SUCCESS)
+    {
+        NDIS_CONFIGURATION_PARAMETER *configParameter;
+        NDIS_STRING mkey = NDIS_STRING_CONST("NetCfgInstanceId");
+
+        //
+        // Read NetCfgInstanceId from the registry.
+        // ------------------------------------
+        // NetCfgInstanceId is required to create device and associated
+        // symbolic link for the adapter device.
+        //
+        // NetCfgInstanceId is  a GUID string provided by NDIS that identifies
+        // the adapter instance. An example is:
+        // 
+        //    NetCfgInstanceId={410EB49D-2381-4FE7-9B36-498E22619DF0}
+        //
+        // Other names are derived from NetCfgInstanceId. For example, MiniportName:
+        //
+        //    MiniportName=\DEVICE\{410EB49D-2381-4FE7-9B36-498E22619DF0}
+        //
+        NdisReadConfiguration (
+            &status,
+            &configParameter,
+            configHandle,
+            &mkey,
+            NdisParameterString
+            );
+
+        if (status == NDIS_STATUS_SUCCESS)
+        {
+            if (configParameter->ParameterType == NdisParameterString)
+            {
+                DEBUGP (("[TAP] NdisReadConfiguration (NetCfgInstanceId=%wZ)\n",
+                    &configParameter->ParameterData.StringData ));
+
+                // Save NetCfgInstanceId as UNICODE_STRING.
+                Adapter->NetCfgInstanceId.Length = Adapter->NetCfgInstanceId.MaximumLength
+                    = configParameter->ParameterData.StringData.Length;
+
+                Adapter->NetCfgInstanceId.Buffer = Adapter->NetCfgInstanceIdBuffer;
+
+                NdisMoveMemory(
+                    Adapter->NetCfgInstanceId.Buffer, 
+                    configParameter->ParameterData.StringData.Buffer,
+                    Adapter->NetCfgInstanceId.Length
+                    );
+
+                // Save NetCfgInstanceId as ANSI_STRING as well.
+                if (RtlUnicodeStringToAnsiString (
+                        &Adapter->NetCfgInstanceIdAnsi,
+                        &configParameter->ParameterData.StringData,
+                        TRUE) != STATUS_SUCCESS
+                    )
+                {
+                    DEBUGP (("[TAP] NetCfgInstanceId ANSI name conversion failed\n"));
+                    status = NDIS_STATUS_RESOURCES;
+                }
+            }
+            else
+            {
+                DEBUGP (("[TAP] NetCfgInstanceId has invalid type\n"));
+                status = NDIS_STATUS_INVALID_DATA;
+            }
+        }
+        else
+        {
+            DEBUGP (("[TAP] NetCfgInstanceId failed\n"));
+            status = NDIS_STATUS_INVALID_DATA;
+        }
+
+        if (status == NDIS_STATUS_SUCCESS)
+        {
+            NDIS_STATUS localStatus;    // Use default if these fail.
+            NDIS_CONFIGURATION_PARAMETER *configParameter;
+            NDIS_STRING mtuKey = NDIS_STRING_CONST("MTU");
+            NDIS_STRING mediaStatusKey = NDIS_STRING_CONST("MediaStatus");
+#if ENABLE_NONADMIN
+            NDIS_STRING allowNonAdminKey = NDIS_STRING_CONST("AllowNonAdmin");
+#endif
+
+            // Read MTU from the registry.
+            NdisReadConfiguration (
+                &localStatus,
+                &configParameter,
+                configHandle,
+                &mtuKey,
+                NdisParameterInteger
+                );
+
+            if (localStatus == NDIS_STATUS_SUCCESS)
+            {
+                if (configParameter->ParameterType == NdisParameterInteger)
+                {
+                    int mtu = configParameter->ParameterData.IntegerData;
+
+                    if(mtu == 0)
+                    {
+                        mtu = ETHERNET_MTU;
+                    }
+
+                    // Sanity check
+                    if (mtu < MINIMUM_MTU)
+                    {
+                        mtu = MINIMUM_MTU;
+                    }
+                    else if (mtu > MAXIMUM_MTU)
+                    {
+                        mtu = MAXIMUM_MTU;
+                    }
+
+                    Adapter->MtuSize = mtu;
+                }
+            }
+
+            DEBUGP (("[%s] Using MTU %d\n",
+                MINIPORT_INSTANCE_ID (Adapter),
+                Adapter->MtuSize
+                ));
+
+            // Read MediaStatus setting from registry.
+            NdisReadConfiguration (
+                &localStatus,
+                &configParameter,
+                configHandle,
+                &mediaStatusKey,
+                NdisParameterInteger
+                );
+
+            if (localStatus == NDIS_STATUS_SUCCESS)
+            {
+                if (configParameter->ParameterType == NdisParameterInteger)
+                {
+                    if(configParameter->ParameterData.IntegerData == 0)
+                    {
+                        // Connect state is appplication controlled.
+                        DEBUGP(("[%s] Initial MediaConnectState: Application Controlled\n",
+                            MINIPORT_INSTANCE_ID (Adapter)));
+
+                        Adapter->MediaStateAlwaysConnected = FALSE;
+                        Adapter->LogicalMediaState = FALSE;
+                    }
+                    else
+                    {
+                        // Connect state is always connected.
+                        DEBUGP(("[%s] Initial MediaConnectState: Always Connected\n",
+                            MINIPORT_INSTANCE_ID (Adapter)));
+
+                        Adapter->MediaStateAlwaysConnected = TRUE;
+                        Adapter->LogicalMediaState = TRUE;
+                    }
+                }
+            }
+
+            // Read MAC PermanentAddress setting from registry.
+            tapReadPermanentAddress(
+                Adapter,
+                configHandle,
+                Adapter->PermanentAddress
+                );
+
+            DEBUGP (("[%s] Using MAC PermanentAddress %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x\n",
+                MINIPORT_INSTANCE_ID (Adapter),
+                Adapter->PermanentAddress[0],
+                Adapter->PermanentAddress[1],
+                Adapter->PermanentAddress[2],
+                Adapter->PermanentAddress[3],
+                Adapter->PermanentAddress[4],
+                Adapter->PermanentAddress[5])
+                );
+
+            // Now seed the current MAC address with the permanent address.
+            ETH_COPY_NETWORK_ADDRESS(Adapter->CurrentAddress, Adapter->PermanentAddress);
+
+            DEBUGP (("[%s] Using MAC CurrentAddress %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x\n",
+                MINIPORT_INSTANCE_ID (Adapter),
+                Adapter->CurrentAddress[0],
+                Adapter->CurrentAddress[1],
+                Adapter->CurrentAddress[2],
+                Adapter->CurrentAddress[3],
+                Adapter->CurrentAddress[4],
+                Adapter->CurrentAddress[5])
+                );
+
+            // Read optional AllowNonAdmin setting from registry.
+#if ENABLE_NONADMIN
+            NdisReadConfiguration (
+                &localStatus,
+                &configParameter,
+                configHandle,
+                &allowNonAdminKey,
+                NdisParameterInteger
+                );
+
+            if (localStatus == NDIS_STATUS_SUCCESS)
+            {
+                if (configParameter->ParameterType == NdisParameterInteger)
+                {
+                    Adapter->AllowNonAdmin = TRUE;
+                }
+            }
+#endif
+        }
+
+        // Close the configuration handle.
+        NdisCloseConfiguration(configHandle);
+    }
+    else
+    {
+        DEBUGP (("[TAP] Couldn't open adapter registry\n"));
+    }
+
+    DEBUGP (("[TAP] <-- tapReadConfiguration; status = %8.8X\n",status));
+
+    return status;
+}
+
+VOID
+tapAdapterContextAddToGlobalList(
+    __in PTAP_ADAPTER_CONTEXT       Adapter
+    )
+{
+    LOCK_STATE      lockState;
+    PLIST_ENTRY     listEntry = &Adapter->AdapterListLink;
+
+    // Acquire global adapter list lock.
+    NdisAcquireReadWriteLock(
+        &GlobalData.Lock,
+        TRUE,      // Acquire for write
+        &lockState
+        );
+
+    // Adapter context should NOT be in any list.
+    ASSERT( (listEntry->Flink == listEntry) && (listEntry->Blink == listEntry ) );
+
+    // Add reference to persist until after removal.
+    tapAdapterContextReference(Adapter);
+
+    // Add the adapter context to the global list.
+    InsertTailList(&GlobalData.AdapterList,&Adapter->AdapterListLink);
+
+    // Release global adapter list lock.
+    NdisReleaseReadWriteLock(&GlobalData.Lock,&lockState);
+}
+
+VOID
+tapAdapterContextRemoveFromGlobalList(
+    __in PTAP_ADAPTER_CONTEXT       Adapter
+    )
+{
+    LOCK_STATE              lockState;
+
+    // Acquire global adapter list lock.
+    NdisAcquireReadWriteLock(
+        &GlobalData.Lock,
+        TRUE,      // Acquire for write
+        &lockState
+        );
+
+    // Remove the adapter context from the global list.
+    RemoveEntryList(&Adapter->AdapterListLink);
+
+    // Safe for multiple removes.
+    NdisInitializeListHead(&Adapter->AdapterListLink);
+
+    // Remove reference added in tapAdapterContextAddToGlobalList.
+    tapAdapterContextDereference(Adapter);
+
+    // Release global adapter list lock.
+    NdisReleaseReadWriteLock(&GlobalData.Lock,&lockState);
+}
+
+// Returns with added reference on adapter context.
+PTAP_ADAPTER_CONTEXT
+tapAdapterContextFromDeviceObject(
+    __in PDEVICE_OBJECT DeviceObject
+    )
+{
+    LOCK_STATE              lockState;
+
+    // Acquire global adapter list lock.
+    NdisAcquireReadWriteLock(
+        &GlobalData.Lock,
+        FALSE,      // Acquire for read
+        &lockState
+        );
+
+    if (!IsListEmpty(&GlobalData.AdapterList))
+    {
+        PLIST_ENTRY             entry = GlobalData.AdapterList.Flink;
+        PTAP_ADAPTER_CONTEXT    adapter;
+
+        while (entry != &GlobalData.AdapterList)
+        {
+            adapter = CONTAINING_RECORD(entry, TAP_ADAPTER_CONTEXT, AdapterListLink);
+
+            // Match on DeviceObject
+            if(adapter->DeviceObject == DeviceObject )
+            {
+                // Add reference to adapter context.
+                tapAdapterContextReference(adapter);
+
+                // Release global adapter list lock.
+                NdisReleaseReadWriteLock(&GlobalData.Lock,&lockState);
+
+                return adapter;
+            }
+
+            // Move to next entry
+            entry = entry->Flink;
+        }
+    }
+
+    // Release global adapter list lock.
+    NdisReleaseReadWriteLock(&GlobalData.Lock,&lockState);
+
+    return (PTAP_ADAPTER_CONTEXT )NULL;
+}
+
+NDIS_STATUS
+AdapterSetOptions(
+    __in  NDIS_HANDLE             NdisDriverHandle,
+    __in  NDIS_HANDLE             DriverContext
+    )
+/*++
+Routine Description:
+
+    The MiniportSetOptions function registers optional handlers.  For each
+    optional handler that should be registered, this function makes a call
+    to NdisSetOptionalHandlers.
+
+    MiniportSetOptions runs at IRQL = PASSIVE_LEVEL.
+
+Arguments:
+
+    DriverContext  The context handle
+
+Return Value:
+
+    NDIS_STATUS_xxx code
+
+--*/
+{
+    NDIS_STATUS status;
+
+    DEBUGP (("[TAP] --> AdapterSetOptions\n"));
+
+    //
+    // Set any optional handlers by filling out the appropriate struct and
+    // calling NdisSetOptionalHandlers here.
+    //
+
+    status = NDIS_STATUS_SUCCESS;
+
+    DEBUGP (("[TAP] <-- AdapterSetOptions; status = %8.8X\n",status));
+
+    return status;
+}
+
+NDIS_STATUS
+AdapterCreate(
+    __in  NDIS_HANDLE                         MiniportAdapterHandle,
+    __in  NDIS_HANDLE                         MiniportDriverContext,
+    __in  PNDIS_MINIPORT_INIT_PARAMETERS      MiniportInitParameters
+    )
+{
+    PTAP_ADAPTER_CONTEXT    adapter = NULL;
+    NDIS_STATUS             status;
+
+    UNREFERENCED_PARAMETER(MiniportDriverContext);
+    UNREFERENCED_PARAMETER(MiniportInitParameters);
+
+    DEBUGP (("[TAP] --> AdapterCreate\n"));
+
+    do
+    {
+        NDIS_MINIPORT_ADAPTER_REGISTRATION_ATTRIBUTES regAttributes = {0};
+        NDIS_MINIPORT_ADAPTER_GENERAL_ATTRIBUTES genAttributes = {0};
+        NDIS_PNP_CAPABILITIES pnpCapabilities = {0};
+
+        //
+        // Allocate adapter context structure and initialize all the
+        // memory resources for sending and receiving packets.
+        //
+        // Returns with reference count initialized to one.
+        //
+        adapter = tapAdapterContextAllocate(MiniportAdapterHandle);
+
+        if(adapter == NULL)
+        {
+            DEBUGP (("[TAP] Couldn't allocate adapter memory\n"));
+            status = NDIS_STATUS_RESOURCES;
+            break;
+        }
+
+        // Enter the Initializing state.
+        DEBUGP (("[TAP] Miniport State: Initializing\n"));
+
+        tapAdapterAcquireLock(adapter,FALSE);
+        adapter->Locked.AdapterState = MiniportInitializingState;
+        tapAdapterReleaseLock(adapter,FALSE);
+
+        //
+        // First read adapter configuration from registry.
+        // -----------------------------------------------
+        // Subsequent device registration will fail if NetCfgInstanceId
+        // has not been successfully read.
+        //
+        status = tapReadConfiguration(adapter);
+
+        //
+        // Set the registration attributes.
+        //
+        {C_ASSERT(sizeof(regAttributes) >= NDIS_SIZEOF_MINIPORT_ADAPTER_REGISTRATION_ATTRIBUTES_REVISION_1);}
+        regAttributes.Header.Type = NDIS_OBJECT_TYPE_MINIPORT_ADAPTER_REGISTRATION_ATTRIBUTES;
+        regAttributes.Header.Size = NDIS_SIZEOF_MINIPORT_ADAPTER_REGISTRATION_ATTRIBUTES_REVISION_1;
+        regAttributes.Header.Revision = NDIS_SIZEOF_MINIPORT_ADAPTER_REGISTRATION_ATTRIBUTES_REVISION_1;
+
+        regAttributes.MiniportAdapterContext = adapter;
+        regAttributes.AttributeFlags = TAP_ADAPTER_ATTRIBUTES_FLAGS;
+
+        regAttributes.CheckForHangTimeInSeconds = TAP_ADAPTER_CHECK_FOR_HANG_TIME_IN_SECONDS;
+        regAttributes.InterfaceType = TAP_INTERFACE_TYPE;
+
+        //NDIS_DECLARE_MINIPORT_ADAPTER_CONTEXT(TAP_ADAPTER_CONTEXT);
+        status = NdisMSetMiniportAttributes(
+                    MiniportAdapterHandle,
+                    (PNDIS_MINIPORT_ADAPTER_ATTRIBUTES)&regAttributes
+                    );
+
+        if (status != NDIS_STATUS_SUCCESS)
+        {
+            DEBUGP (("[TAP] NdisSetOptionalHandlers failed; Status 0x%08x\n",status));
+            break;
+        }
+
+        //
+        // Next, set the general attributes.
+        //
+        {C_ASSERT(sizeof(genAttributes) >= NDIS_SIZEOF_MINIPORT_ADAPTER_GENERAL_ATTRIBUTES_REVISION_1);}
+        genAttributes.Header.Type = NDIS_OBJECT_TYPE_MINIPORT_ADAPTER_GENERAL_ATTRIBUTES;
+        genAttributes.Header.Size = NDIS_SIZEOF_MINIPORT_ADAPTER_GENERAL_ATTRIBUTES_REVISION_1;
+        genAttributes.Header.Revision = NDIS_MINIPORT_ADAPTER_GENERAL_ATTRIBUTES_REVISION_1;
+
+        //
+        // Specify the medium type that the NIC can support but not
+        // necessarily the medium type that the NIC currently uses.
+        //
+        genAttributes.MediaType = TAP_MEDIUM_TYPE;
+
+        //
+        // Specifiy medium type that the NIC currently uses.
+        //
+        genAttributes.PhysicalMediumType = TAP_PHYSICAL_MEDIUM;
+
+        //
+        // Specifiy the maximum network frame size, in bytes, that the NIC
+        // supports excluding the header.
+        //
+        genAttributes.MtuSize = TAP_FRAME_MAX_DATA_SIZE;
+        genAttributes.MaxXmitLinkSpeed = TAP_XMIT_SPEED;
+        genAttributes.XmitLinkSpeed = TAP_XMIT_SPEED;
+        genAttributes.MaxRcvLinkSpeed = TAP_RECV_SPEED;
+        genAttributes.RcvLinkSpeed = TAP_RECV_SPEED;
+
+        if(adapter->MediaStateAlwaysConnected)
+        {
+            DEBUGP(("[%s] Initial MediaConnectState: Connected\n",
+                MINIPORT_INSTANCE_ID (adapter)));
+
+            genAttributes.MediaConnectState = MediaConnectStateConnected;
+        }
+        else
+        {
+            DEBUGP(("[%s] Initial MediaConnectState: Disconnected\n",
+                MINIPORT_INSTANCE_ID (adapter)));
+
+            genAttributes.MediaConnectState = MediaConnectStateDisconnected;
+        }
+
+        genAttributes.MediaDuplexState = MediaDuplexStateFull;
+
+        //
+        // The maximum number of bytes the NIC can provide as lookahead data.
+        // If that value is different from the size of the lookahead buffer
+        // supported by bound protocols, NDIS will call MiniportOidRequest to
+        // set the size of the lookahead buffer provided by the miniport driver
+        // to the minimum of the miniport driver and protocol(s) values. If the
+        // driver always indicates up full packets with
+        // NdisMIndicateReceiveNetBufferLists, it should set this value to the
+        // maximum total frame size, which excludes the header.
+        //
+        // Upper-layer drivers examine lookahead data to determine whether a
+        // packet that is associated with the lookahead data is intended for
+        // one or more of their clients. If the underlying driver supports
+        // multipacket receive indications, bound protocols are given full net
+        // packets on every indication. Consequently, this value is identical
+        // to that returned for OID_GEN_RECEIVE_BLOCK_SIZE.
+        //
+        genAttributes.LookaheadSize = TAP_MAX_LOOKAHEAD;
+        genAttributes.MacOptions = TAP_MAC_OPTIONS;
+        genAttributes.SupportedPacketFilters = TAP_SUPPORTED_FILTERS;
+
+        //
+        // The maximum number of multicast addresses the NIC driver can manage.
+        // This list is global for all protocols bound to (or above) the NIC.
+        // Consequently, a protocol can receive NDIS_STATUS_MULTICAST_FULL from
+        // the NIC driver when attempting to set the multicast address list,
+        // even if the number of elements in the given list is less than the
+        // number originally returned for this query.
+        //
+        genAttributes.MaxMulticastListSize = TAP_MAX_MCAST_LIST;
+        genAttributes.MacAddressLength = MACADDR_SIZE;
+
+        //
+        // Return the MAC address of the NIC burnt in the hardware.
+        //
+        ETH_COPY_NETWORK_ADDRESS(genAttributes.PermanentMacAddress, adapter->PermanentAddress);
+
+        //
+        // Return the MAC address the NIC is currently programmed to use. Note
+        // that this address could be different from the permananent address as
+        // the user can override using registry. Read NdisReadNetworkAddress
+        // doc for more info.
+        //
+        ETH_COPY_NETWORK_ADDRESS(genAttributes.CurrentMacAddress, adapter->CurrentAddress);
+
+        genAttributes.RecvScaleCapabilities = NULL;
+        genAttributes.AccessType = TAP_ACCESS_TYPE;
+        genAttributes.DirectionType = TAP_DIRECTION_TYPE;
+        genAttributes.ConnectionType = TAP_CONNECTION_TYPE;
+        genAttributes.IfType = TAP_IFTYPE;
+        genAttributes.IfConnectorPresent = TAP_HAS_PHYSICAL_CONNECTOR;
+        genAttributes.SupportedStatistics = TAP_SUPPORTED_STATISTICS;
+        genAttributes.SupportedPauseFunctions = NdisPauseFunctionsUnsupported; // IEEE 802.3 pause frames 
+        genAttributes.DataBackFillSize = 0;
+        genAttributes.ContextBackFillSize = 0;
+
+        //
+        // The SupportedOidList is an array of OIDs for objects that the
+        // underlying driver or its NIC supports.  Objects include general,
+        // media-specific, and implementation-specific objects. NDIS forwards a
+        // subset of the returned list to protocols that make this query. That
+        // is, NDIS filters any supported statistics OIDs out of the list
+        // because protocols never make statistics queries.
+        //
+        genAttributes.SupportedOidList = TAPSupportedOids;
+        genAttributes.SupportedOidListLength = sizeof(TAPSupportedOids);
+        genAttributes.AutoNegotiationFlags = NDIS_LINK_STATE_DUPLEX_AUTO_NEGOTIATED;
+
+        //
+        // Set power management capabilities
+        //
+        NdisZeroMemory(&pnpCapabilities, sizeof(pnpCapabilities));
+        pnpCapabilities.WakeUpCapabilities.MinMagicPacketWakeUp = NdisDeviceStateUnspecified;
+        pnpCapabilities.WakeUpCapabilities.MinPatternWakeUp = NdisDeviceStateUnspecified;
+        genAttributes.PowerManagementCapabilities = &pnpCapabilities;
+
+        status = NdisMSetMiniportAttributes(
+                    MiniportAdapterHandle,
+                    (PNDIS_MINIPORT_ADAPTER_ATTRIBUTES)&genAttributes
+                    );
+
+        if (status != NDIS_STATUS_SUCCESS)
+        {
+            DEBUGP (("[TAP] NdisMSetMiniportAttributes failed; Status 0x%08x\n",status));
+            break;
+        }
+
+        //
+        // Create the Win32 device I/O interface.
+        //
+        status = CreateTapDevice(adapter);
+
+        if (status == NDIS_STATUS_SUCCESS)
+        {
+            // Add this adapter to the global adapter list.
+            tapAdapterContextAddToGlobalList(adapter);
+        }
+        else
+        {
+            DEBUGP (("[TAP] CreateTapDevice failed; Status 0x%08x\n",status));
+            break;
+        }
+    } while(FALSE);
+
+    if(status == NDIS_STATUS_SUCCESS)
+    {
+        // Enter the Paused state if initialization is complete.
+        DEBUGP (("[TAP] Miniport State: Paused\n"));
+
+        tapAdapterAcquireLock(adapter,FALSE);
+        adapter->Locked.AdapterState = MiniportPausedState;
+        tapAdapterReleaseLock(adapter,FALSE);
+    }
+    else
+    {
+        if(adapter != NULL)
+        {
+            DEBUGP (("[TAP] Miniport State: Halted\n"));
+
+            //
+            // Remove reference when adapter context was allocated
+            // ---------------------------------------------------
+            // This should result in freeing adapter context memory
+            // and assiciated resources.
+            //
+            tapAdapterContextDereference(adapter);
+            adapter = NULL;
+        }
+    }
+
+    DEBUGP (("[TAP] <-- AdapterCreate; status = %8.8X\n",status));
+
+    return status;
+}
+
+VOID
+AdapterHalt(
+    __in  NDIS_HANDLE             MiniportAdapterContext,
+    __in  NDIS_HALT_ACTION        HaltAction
+    )
+/*++
+
+Routine Description:
+
+    Halt handler is called when NDIS receives IRP_MN_STOP_DEVICE,
+    IRP_MN_SUPRISE_REMOVE or IRP_MN_REMOVE_DEVICE requests from the PNP
+    manager. Here, the driver should free all the resources acquired in
+    MiniportInitialize and stop access to the hardware. NDIS will not submit
+    any further request once this handler is invoked.
+
+    1) Free and unmap all I/O resources.
+    2) Disable interrupt and deregister interrupt handler.
+    3) Deregister shutdown handler regsitered by
+        NdisMRegisterAdapterShutdownHandler .
+    4) Cancel all queued up timer callbacks.
+    5) Finally wait indefinitely for all the outstanding receive
+        packets indicated to the protocol to return.
+
+    MiniportHalt runs at IRQL = PASSIVE_LEVEL.
+
+
+Arguments:
+
+    MiniportAdapterContext  Pointer to the Adapter
+    HaltAction  The reason for halting the adapter
+
+Return Value:
+
+    None.
+
+--*/
+{
+    PTAP_ADAPTER_CONTEXT   adapter = (PTAP_ADAPTER_CONTEXT )MiniportAdapterContext;
+
+    UNREFERENCED_PARAMETER(HaltAction);
+
+    DEBUGP (("[TAP] --> AdapterHalt\n"));
+
+    // Enter the Halted state.
+    DEBUGP (("[TAP] Miniport State: Halted\n"));
+
+    tapAdapterAcquireLock(adapter,FALSE);
+    adapter->Locked.AdapterState = MiniportHaltedState;
+    tapAdapterReleaseLock(adapter,FALSE);
+
+    // Remove this adapter from the global adapter list.
+    tapAdapterContextRemoveFromGlobalList(adapter);
+
+    // BUGBUG!!! Call AdapterShutdownEx to do some of the work of stopping.
+
+    // TODO!!! More...
+
+    //
+    // Destroy the TAP Win32 device.
+    //
+    DestroyTapDevice(adapter);
+
+    //
+    // Remove initial reference added in AdapterCreate.
+    // ------------------------------------------------
+    // This should result in freeing adapter context memory
+    // and resources allocated in AdapterCreate.
+    //
+    tapAdapterContextDereference(adapter);
+    adapter = NULL;
+
+    DEBUGP (("[TAP] <-- AdapterHalt\n"));
+}
+
+VOID
+tapWaitForReceiveNblInFlightCountZeroEvent(
+    __in PTAP_ADAPTER_CONTEXT     Adapter
+    )
+{
+    LONG    nblCount;
+
+    //
+    // Wait until higher-level protocol has returned all NBLs
+    // to the driver.
+    //
+
+    // Add one NBL "bias" to insure allow event to be reset safely.
+    nblCount = NdisInterlockedIncrement(&Adapter->ReceiveNblInFlightCount);
+    ASSERT(nblCount > 0 );
+    NdisResetEvent(&Adapter->ReceiveNblInFlightCountZeroEvent);
+
+    //
+    // Now remove the bias and wait for the ReceiveNblInFlightCountZeroEvent
+    // if the count returned is not zero.
+    //
+    nblCount = NdisInterlockedDecrement(&Adapter->ReceiveNblInFlightCount);
+    ASSERT(nblCount >= 0);
+
+    if(nblCount)
+    {
+        LARGE_INTEGER   startTime, currentTime;
+
+        NdisGetSystemUpTimeEx(&startTime);
+
+        for (;;)
+        {
+            BOOLEAN waitResult = NdisWaitEvent(
+                &Adapter->ReceiveNblInFlightCountZeroEvent, 
+                TAP_WAIT_POLL_LOOP_TIMEOUT
+                );
+
+            NdisGetSystemUpTimeEx(&currentTime);
+
+            if (waitResult)
+            {
+                break;
+            }
+
+            DEBUGP (("[%s] Waiting for %d in-flight receive NBLs to be returned.\n",
+                MINIPORT_INSTANCE_ID (Adapter),
+                Adapter->ReceiveNblInFlightCount
+                ));
+        }
+
+        DEBUGP (("[%s] Waited %d ms for all in-flight NBLs to be returned.\n",
+            MINIPORT_INSTANCE_ID (Adapter),
+            (currentTime.LowPart - startTime.LowPart)
+            ));
+    }
+}
+
+NDIS_STATUS
+AdapterPause(
+    __in  NDIS_HANDLE                       MiniportAdapterContext,
+    __in  PNDIS_MINIPORT_PAUSE_PARAMETERS   PauseParameters
+    )
+/*++
+
+Routine Description:
+
+    When a miniport receives a pause request, it enters into a Pausing state.
+    The miniport should not indicate up any more network data.  Any pending
+    send requests must be completed, and new requests must be rejected with
+    NDIS_STATUS_PAUSED.
+
+    Once all sends have been completed and all recieve NBLs have returned to
+    the miniport, the miniport enters the Paused state.
+
+    While paused, the miniport can still service interrupts from the hardware
+    (to, for example, continue to indicate NDIS_STATUS_MEDIA_CONNECT
+    notifications).
+
+    The miniport must continue to be able to handle status indications and OID
+    requests.  MiniportPause is different from MiniportHalt because, in
+    general, the MiniportPause operation won't release any resources.
+    MiniportPause must not attempt to acquire any resources where allocation
+    can fail, since MiniportPause itself must not fail.
+
+
+    MiniportPause runs at IRQL = PASSIVE_LEVEL.
+
+Arguments:
+
+    MiniportAdapterContext  Pointer to the Adapter
+    MiniportPauseParameters  Additional information about the pause operation
+
+Return Value:
+
+    If the miniport is able to immediately enter the Paused state, it should
+    return NDIS_STATUS_SUCCESS.
+
+    If the miniport must wait for send completions or pending receive NBLs, it
+    should return NDIS_STATUS_PENDING now, and call NDISMPauseComplete when the
+    miniport has entered the Paused state.
+
+    No other return value is permitted.  The pause operation must not fail.
+
+--*/
+{
+    PTAP_ADAPTER_CONTEXT   adapter = (PTAP_ADAPTER_CONTEXT )MiniportAdapterContext;
+    NDIS_STATUS    status;
+
+    UNREFERENCED_PARAMETER(PauseParameters);
+
+    DEBUGP (("[TAP] --> AdapterPause\n"));
+
+    // Enter the Pausing state.
+    DEBUGP (("[TAP] Miniport State: Pausing\n"));
+
+    tapAdapterAcquireLock(adapter,FALSE);
+    adapter->Locked.AdapterState = MiniportPausingState;
+    tapAdapterReleaseLock(adapter,FALSE);
+
+    //
+    // Stop the flow of network data through the receive path
+    // ------------------------------------------------------
+    // In the Pausing and Paused state tapAdapterSendAndReceiveReady
+    // will prevent new calls to NdisMIndicateReceiveNetBufferLists
+    // to indicate additional receive NBLs to the host.
+    //
+    // However, there may be some in-flight NBLs owned by the driver
+    // that have been indicated to the host but have not yet been
+    // returned.
+    //
+    // Wait here for all in-flight receive indications to be returned.
+    //
+    tapWaitForReceiveNblInFlightCountZeroEvent(adapter);
+
+    //
+    // Stop the flow of network data through the send path
+    // ---------------------------------------------------
+    // The initial implementation of the NDIS 6 send path follows the
+    // NDIS 5 pattern. Under this approach every send packet is copied
+    // into a driver-owned TAP_PACKET structure and the NBL owned by
+    // higher-level protocol is immediatly completed.
+    //
+    // With this deep-copy approach the driver never claims ownership
+    // of any send NBL.
+    //
+    // A future implementation may queue send NBLs and thereby eliminate
+    // the need for the unnecessary allocation and deep copy of each packet.
+    //
+    // So, nothing to do here for the send path for now...
+
+    status = NDIS_STATUS_SUCCESS;
+
+    // Enter the Paused state.
+    DEBUGP (("[TAP] Miniport State: Paused\n"));
+
+    tapAdapterAcquireLock(adapter,FALSE);
+    adapter->Locked.AdapterState = MiniportPausedState;
+    tapAdapterReleaseLock(adapter,FALSE);
+
+    DEBUGP (("[TAP] <-- AdapterPause; status = %8.8X\n",status));
+
+    return status;
+}
+
+NDIS_STATUS
+AdapterRestart(
+    __in  NDIS_HANDLE                             MiniportAdapterContext,
+    __in  PNDIS_MINIPORT_RESTART_PARAMETERS       RestartParameters
+    )
+/*++
+
+Routine Description:
+
+    When a miniport receives a restart request, it enters into a Restarting
+    state.  The miniport may begin indicating received data (e.g., using
+    NdisMIndicateReceiveNetBufferLists), handling status indications, and
+    processing OID requests in the Restarting state.  However, no sends will be
+    requested while the miniport is in the Restarting state.
+
+    Once the miniport is ready to send data, it has entered the Running state.
+    The miniport informs NDIS that it is in the Running state by returning
+    NDIS_STATUS_SUCCESS from this MiniportRestart function; or if this function
+    has already returned NDIS_STATUS_PENDING, by calling NdisMRestartComplete.
+
+
+    MiniportRestart runs at IRQL = PASSIVE_LEVEL.
+
+Arguments:
+
+    MiniportAdapterContext  Pointer to the Adapter
+    RestartParameters  Additional information about the restart operation
+
+Return Value:
+
+    If the miniport is able to immediately enter the Running state, it should
+    return NDIS_STATUS_SUCCESS.
+
+    If the miniport is still in the Restarting state, it should return
+    NDIS_STATUS_PENDING now, and call NdisMRestartComplete when the miniport
+    has entered the Running state.
+
+    Other NDIS_STATUS codes indicate errors.  If an error is encountered, the
+    miniport must return to the Paused state (i.e., stop indicating receives).
+
+--*/
+{
+    PTAP_ADAPTER_CONTEXT   adapter = (PTAP_ADAPTER_CONTEXT )MiniportAdapterContext;
+    NDIS_STATUS    status;
+
+    UNREFERENCED_PARAMETER(RestartParameters);
+
+    DEBUGP (("[TAP] --> AdapterRestart\n"));
+
+    // Enter the Restarting state.
+    DEBUGP (("[TAP] Miniport State: Restarting\n"));
+
+    tapAdapterAcquireLock(adapter,FALSE);
+    adapter->Locked.AdapterState = MiniportRestartingState;
+    tapAdapterReleaseLock(adapter,FALSE);
+
+    status = NDIS_STATUS_SUCCESS;
+
+    if(status == NDIS_STATUS_SUCCESS)
+    {
+        // Enter the Running state.
+        DEBUGP (("[TAP] Miniport State: Running\n"));
+
+        tapAdapterAcquireLock(adapter,FALSE);
+        adapter->Locked.AdapterState = MiniportRunning;
+        tapAdapterReleaseLock(adapter,FALSE);
+    }
+    else
+    {
+        // Enter the Paused state if restart failed.
+        DEBUGP (("[TAP] Miniport State: Paused\n"));
+
+        tapAdapterAcquireLock(adapter,FALSE);
+        adapter->Locked.AdapterState = MiniportPausedState;
+        tapAdapterReleaseLock(adapter,FALSE);
+    }
+
+    DEBUGP (("[TAP] <-- AdapterRestart; status = %8.8X\n",status));
+
+    return status;
+}
+
+BOOLEAN
+tapAdapterReadAndWriteReady(
+    __in PTAP_ADAPTER_CONTEXT     Adapter
+    )
+/*++
+
+Routine Description:
+
+    This routine determines whether the adapter device interface can
+    accept read and write operations.
+
+Arguments:
+
+    Adapter              Pointer to our adapter context
+
+Return Value:
+
+    Returns TRUE if the adapter state allows it to queue IRPs passed to
+    the device read and write callbacks.
+--*/
+{
+    if(!Adapter->TapDeviceCreated)
+    {
+        // TAP device not created or is being destroyed.
+        return FALSE;
+    }
+
+    if(Adapter->TapFileObject == NULL)
+    {
+        // TAP application file object not open.
+        return FALSE;
+    }
+
+    if(!Adapter->TapFileIsOpen)
+    {
+        // TAP application file object may be closing.
+        return FALSE;
+    }
+
+    if(!Adapter->LogicalMediaState)
+    {
+        // Don't handle read/write if media not connected.
+        return FALSE;
+    }
+
+    if(Adapter->CurrentPowerState != NdisDeviceStateD0)
+    {
+        // Don't handle read/write if device is not fully powered.
+        return FALSE;
+    }
+
+    return TRUE;
+}
+
+NDIS_STATUS
+tapAdapterSendAndReceiveReady(
+    __in PTAP_ADAPTER_CONTEXT     Adapter
+    )
+/*++
+
+Routine Description:
+
+    This routine determines whether the adapter NDIS send and receive
+    paths are ready.
+
+    This routine examines various adapter state variables and returns
+    a value that indicates whether the adapter NDIS interfaces can
+    accept send packets or indicate receive packets.
+
+    In normal operation the adapter may temporarily enter and then exit
+    a not-ready condition. In particular, the adapter becomes not-ready
+    when in the Pausing/Paused states, but may become ready again when
+    Restarted.
+
+    Runs at IRQL <= DISPATCH_LEVEL
+
+Arguments:
+
+    Adapter              Pointer to our adapter context
+
+Return Value:
+
+    Returns NDIS_STATUS_SUCCESS if the adapter state allows it to
+    accept send packets and indicate receive packets.
+
+    Otherwise it returns a NDIS_STATUS value other than NDIS_STATUS_SUCCESS.
+    These status values can be used directly as the completion status for
+    packets that must be completed immediatly in the send path.
+--*/
+{
+    NDIS_STATUS status = NDIS_STATUS_SUCCESS;
+
+    //
+    // Check various state variables to insure adapter is ready.
+    //
+    tapAdapterAcquireLock(Adapter,FALSE);
+
+    if(!Adapter->LogicalMediaState)
+    {
+        status = NDIS_STATUS_MEDIA_DISCONNECTED;
+    }
+    else if(Adapter->CurrentPowerState != NdisDeviceStateD0)
+    {
+        status = NDIS_STATUS_LOW_POWER_STATE;
+    }
+    else if(Adapter->ResetInProgress)
+    {
+        status = NDIS_STATUS_RESET_IN_PROGRESS;
+    }
+    else
+    {
+        switch(Adapter->Locked.AdapterState)
+        {
+        case MiniportPausingState:
+        case MiniportPausedState:
+            status = NDIS_STATUS_PAUSED;
+            break;
+
+        case MiniportHaltedState:
+            status = NDIS_STATUS_INVALID_STATE;
+            break;
+
+        default:
+            status = NDIS_STATUS_SUCCESS;
+            break;
+        }
+    }
+
+    tapAdapterReleaseLock(Adapter,FALSE);
+
+    return status;
+}
+
+BOOLEAN
+AdapterCheckForHangEx(
+    __in  NDIS_HANDLE MiniportAdapterContext
+    )
+/*++
+
+Routine Description:
+
+    The MiniportCheckForHangEx handler is called to report the state of the
+    NIC, or to monitor the responsiveness of an underlying device driver.
+    This is an optional function. If this handler is not specified, NDIS
+    judges the driver unresponsive when the driver holds
+    MiniportQueryInformation or MiniportSetInformation requests for a
+    time-out interval (deafult 4 sec), and then calls the driver's
+    MiniportReset function. A NIC driver's MiniportInitialize function can
+    extend NDIS's time-out interval by calling NdisMSetAttributesEx to
+    avoid unnecessary resets.
+
+    MiniportCheckForHangEx runs at IRQL <= DISPATCH_LEVEL.
+
+Arguments:
+
+    MiniportAdapterContext  Pointer to our adapter
+
+Return Value:
+
+    TRUE    NDIS calls the driver's MiniportReset function.
+    FALSE   Everything is fine
+
+--*/
+{
+    PTAP_ADAPTER_CONTEXT   adapter = (PTAP_ADAPTER_CONTEXT )MiniportAdapterContext;
+
+    //DEBUGP (("[TAP] --> AdapterCheckForHangEx\n"));
+
+    //DEBUGP (("[TAP] <-- AdapterCheckForHangEx; status = FALSE\n"));
+
+    return FALSE;   // Everything is fine
+}
+
+NDIS_STATUS
+AdapterReset(
+    __in   NDIS_HANDLE            MiniportAdapterContext,
+    __out PBOOLEAN                AddressingReset
+    )
+/*++
+
+Routine Description:
+
+    MiniportResetEx is a required to issue a hardware reset to the NIC
+    and/or to reset the driver's software state.
+
+    1) The miniport driver can optionally complete any pending
+        OID requests. NDIS will submit no further OID requests
+        to the miniport driver for the NIC being reset until
+        the reset operation has finished. After the reset,
+        NDIS will resubmit to the miniport driver any OID requests
+        that were pending but not completed by the miniport driver
+        before the reset.
+
+    2) A deserialized miniport driver must complete any pending send
+        operations. NDIS will not requeue pending send packets for
+        a deserialized driver since NDIS does not maintain the send
+        queue for such a driver.
+
+    3) If MiniportReset returns NDIS_STATUS_PENDING, the driver must
+        complete the original request subsequently with a call to
+        NdisMResetComplete.
+
+    MiniportReset runs at IRQL <= DISPATCH_LEVEL.
+
+Arguments:
+
+AddressingReset - If multicast or functional addressing information
+                  or the lookahead size, is changed by a reset,
+                  MiniportReset must set the variable at AddressingReset
+                  to TRUE before it returns control. This causes NDIS to
+                  call the MiniportSetInformation function to restore
+                  the information.
+
+MiniportAdapterContext - Pointer to our adapter
+
+Return Value:
+
+    NDIS_STATUS
+
+--*/
+{
+    PTAP_ADAPTER_CONTEXT   adapter = (PTAP_ADAPTER_CONTEXT )MiniportAdapterContext;
+    NDIS_STATUS    status;
+
+    UNREFERENCED_PARAMETER(MiniportAdapterContext);
+    UNREFERENCED_PARAMETER(AddressingReset);
+
+    DEBUGP (("[TAP] --> AdapterReset\n"));
+
+    // Indicate that adapter reset is in progress.
+    adapter->ResetInProgress = TRUE;
+
+    // See note above...
+    *AddressingReset = FALSE;
+
+    // BUGBUG!!! TODO!!! Lots of work here...
+
+    // Indicate that adapter reset has completed.
+    adapter->ResetInProgress = FALSE;
+
+    status = NDIS_STATUS_SUCCESS;
+
+    DEBUGP (("[TAP] <-- AdapterReset; status = %8.8X\n",status));
+
+    return status;
+}
+
+VOID
+AdapterDevicePnpEventNotify(
+    __in  NDIS_HANDLE             MiniportAdapterContext,
+    __in  PNET_DEVICE_PNP_EVENT   NetDevicePnPEvent
+    )
+{
+    PTAP_ADAPTER_CONTEXT   adapter = (PTAP_ADAPTER_CONTEXT )MiniportAdapterContext;
+
+    DEBUGP (("[TAP] --> AdapterDevicePnpEventNotify\n"));
+
+/*
+    switch (NetDevicePnPEvent->DevicePnPEvent)
+    {
+        case NdisDevicePnPEventSurpriseRemoved:
+            //
+            // Called when NDIS receives IRP_MN_SUPRISE_REMOVAL.
+            // NDIS calls MiniportHalt function after this call returns.
+            //
+            MP_SET_FLAG(Adapter, fMP_ADAPTER_SURPRISE_REMOVED);
+            DEBUGP(MP_INFO, "[%p] MPDevicePnpEventNotify: NdisDevicePnPEventSurpriseRemoved\n", Adapter);
+            break;
+
+        case NdisDevicePnPEventPowerProfileChanged:
+            //
+            // After initializing a miniport driver and after miniport driver
+            // receives an OID_PNP_SET_POWER notification that specifies
+            // a device power state of NdisDeviceStateD0 (the powered-on state),
+            // NDIS calls the miniport's MiniportPnPEventNotify function with
+            // PnPEvent set to NdisDevicePnPEventPowerProfileChanged.
+            //
+            DEBUGP(MP_INFO, "[%p] MPDevicePnpEventNotify: NdisDevicePnPEventPowerProfileChanged\n", Adapter);
+
+            if (NetDevicePnPEvent->InformationBufferLength == sizeof(ULONG))
+            {
+                ULONG NdisPowerProfile = *((PULONG)NetDevicePnPEvent->InformationBuffer);
+
+                if (NdisPowerProfile == NdisPowerProfileBattery)
+                {
+                    DEBUGP(MP_INFO, "[%p] The host system is running on battery power\n", Adapter);
+                }
+                if (NdisPowerProfile == NdisPowerProfileAcOnLine)
+                {
+                    DEBUGP(MP_INFO, "[%p] The host system is running on AC power\n", Adapter);
+                }
+            }
+            break;
+
+        default:
+            DEBUGP(MP_ERROR, "[%p] MPDevicePnpEventNotify: unknown PnP event 0x%x\n", Adapter, NetDevicePnPEvent->DevicePnPEvent);
+    }
+*/
+    DEBUGP (("[TAP] <-- AdapterDevicePnpEventNotify\n"));
+}
+
+VOID
+AdapterShutdownEx(
+    __in  NDIS_HANDLE             MiniportAdapterContext,
+    __in  NDIS_SHUTDOWN_ACTION    ShutdownAction
+    )
+/*++
+
+Routine Description:
+
+    The MiniportShutdownEx handler restores hardware to its initial state when
+    the system is shut down, whether by the user or because an unrecoverable
+    system error occurred. This is to ensure that the NIC is in a known
+    state and ready to be reinitialized when the machine is rebooted after
+    a system shutdown occurs for any reason, including a crash dump.
+
+    Here just disable the interrupt and stop the DMA engine.  Do not free
+    memory resources or wait for any packet transfers to complete.  Do not call
+    into NDIS at this time.
+
+    This can be called at aribitrary IRQL, including in the context of a
+    bugcheck.
+
+Arguments:
+
+    MiniportAdapterContext  Pointer to our adapter
+    ShutdownAction  The reason why NDIS called the shutdown function
+
+Return Value:
+
+    None.
+
+--*/
+{
+    PTAP_ADAPTER_CONTEXT   adapter = (PTAP_ADAPTER_CONTEXT )MiniportAdapterContext;
+
+    UNREFERENCED_PARAMETER(ShutdownAction);
+    UNREFERENCED_PARAMETER(MiniportAdapterContext);
+
+    DEBUGP (("[TAP] --> AdapterShutdownEx\n"));
+
+    // Enter the Shutdown state.
+    DEBUGP (("[TAP] Miniport State: Shutdown\n"));
+
+    tapAdapterAcquireLock(adapter,FALSE);
+    adapter->Locked.AdapterState = MiniportShutdownState;
+    tapAdapterReleaseLock(adapter,FALSE);
+
+    //
+    // BUGBUG!!! FlushIrpQueues???
+    //
+
+    DEBUGP (("[TAP] <-- AdapterShutdownEx\n"));
+}
+
+
+// Free adapter context memory and associated resources.
+VOID
+tapAdapterContextFree(
+    __in PTAP_ADAPTER_CONTEXT     Adapter
+    )
+{
+    PLIST_ENTRY listEntry = &Adapter->AdapterListLink;
+
+    DEBUGP (("[TAP] --> tapAdapterContextFree\n"));
+
+    // Adapter context should already be removed.
+    ASSERT( (listEntry->Flink == listEntry) && (listEntry->Blink == listEntry ) );
+
+    // Insure that adapter context has been removed from global adapter list.
+    RemoveEntryList(&Adapter->AdapterListLink);
+
+    // Free the adapter lock.
+    NdisFreeSpinLock(&Adapter->AdapterLock);
+
+    // Free the ANSI NetCfgInstanceId buffer.
+    if(Adapter->NetCfgInstanceIdAnsi.Buffer != NULL)
+    {
+        RtlFreeAnsiString(&Adapter->NetCfgInstanceIdAnsi);
+    }
+
+    Adapter->NetCfgInstanceIdAnsi.Buffer = NULL;
+
+    // Free the receive NBL pool.
+    if(Adapter->ReceiveNblPool != NULL )
+    {
+        NdisFreeNetBufferListPool(Adapter->ReceiveNblPool);
+    }
+
+    Adapter->ReceiveNblPool = NULL;
+
+    NdisFreeMemory(Adapter,0,0);
+
+    DEBUGP (("[TAP] <-- tapAdapterContextFree\n"));
+}
+ULONG
+tapGetNetBufferFrameType(
+    __in PNET_BUFFER       NetBuffer
+    )
+/*++
+
+Routine Description:
+
+    Reads the network frame's destination address to determine the type
+    (broadcast, multicast, etc)
+
+    Runs at IRQL <= DISPATCH_LEVEL.
+
+Arguments:
+
+    NetBuffer                 The NB to examine
+
+Return Value:
+
+    NDIS_PACKET_TYPE_BROADCAST
+    NDIS_PACKET_TYPE_MULTICAST
+    NDIS_PACKET_TYPE_DIRECTED
+
+--*/
+{
+    PETH_HEADER ethernetHeader;
+
+    ethernetHeader = (PETH_HEADER )NdisGetDataBuffer(
+                        NetBuffer,
+                        sizeof(ETH_HEADER),
+                        NULL,
+                        1,
+                        0
+                        );
+
+    ASSERT(ethernetHeader);
+
+    if (ETH_IS_BROADCAST(ethernetHeader->dest))
+    {
+        return NDIS_PACKET_TYPE_BROADCAST;
+    }
+    else if(ETH_IS_MULTICAST(ethernetHeader->dest))
+    {
+        return NDIS_PACKET_TYPE_MULTICAST;
+    }
+    else
+    {
+        return NDIS_PACKET_TYPE_DIRECTED;
+    }
+
+}
+
+ULONG
+tapGetNetBufferCountsFromNetBufferList(
+    __in PNET_BUFFER_LIST   NetBufferList,
+    __inout_opt PULONG      TotalByteCount      // Of all linked NBs
+    )
+/*++
+
+Routine Description:
+
+    Returns the number of net buffers linked to the net buffer list.
+
+    Optionally retuens the total byte count of all net buffers linked
+    to the net buffer list
+
+    Runs at IRQL <= DISPATCH_LEVEL.
+
+Arguments:
+
+    NetBufferList                 The NBL to examine
+
+Return Value:
+
+    The number of net buffers linked to the net buffer list.
+
+--*/
+{
+    ULONG       netBufferCount = 0;
+    PNET_BUFFER currentNb;
+
+    if(TotalByteCount)
+    {
+        *TotalByteCount = 0;
+    }
+
+    currentNb = NET_BUFFER_LIST_FIRST_NB(NetBufferList);
+
+    while(currentNb)
+    {
+        ++netBufferCount;
+
+        if(TotalByteCount)
+        {
+            *TotalByteCount += NET_BUFFER_DATA_LENGTH(currentNb);
+        }
+
+        // Move to next NB
+        currentNb = NET_BUFFER_NEXT_NB(currentNb);
+    }
+
+    return netBufferCount;
+}
+
+VOID
+tapAdapterAcquireLock(
+    __in    PTAP_ADAPTER_CONTEXT    Adapter,
+    __in    BOOLEAN                 DispatchLevel
+    )
+{
+    ASSERT(!DispatchLevel || (DISPATCH_LEVEL == KeGetCurrentIrql()));
+   
+    if (DispatchLevel)
+    {
+        NdisDprAcquireSpinLock(&Adapter->AdapterLock);
+    }
+    else
+    {
+        NdisAcquireSpinLock(&Adapter->AdapterLock);
+    }
+}
+
+VOID
+tapAdapterReleaseLock(
+    __in    PTAP_ADAPTER_CONTEXT    Adapter,
+    __in    BOOLEAN                 DispatchLevel
+    )
+{
+    ASSERT(!DispatchLevel || (DISPATCH_LEVEL == KeGetCurrentIrql()));
+   
+    if (DispatchLevel)
+    {
+        NdisDprReleaseSpinLock(&Adapter->AdapterLock);
+    }
+    else
+    {
+        NdisReleaseSpinLock(&Adapter->AdapterLock);
+    }
+}
+
+
diff --git a/windows/TapDriver6/adapter.h b/windows/TapDriver6/adapter.h
new file mode 100644
index 0000000..0ebaaea
--- /dev/null
+++ b/windows/TapDriver6/adapter.h
@@ -0,0 +1,352 @@
+/*
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ *                 device functionality on Windows.
+ *
+ *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
+ *
+ *  This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
+ *  and is released under the GPL version 2 (see below).
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+#ifndef __TAP_ADAPTER_CONTEXT_H_
+#define __TAP_ADAPTER_CONTEXT_H_
+
+#include "tap.h"
+
+// Memory allocation tags.
+#define TAP_ADAPTER_TAG             ((ULONG)'ApaT')     // "TapA
+#define TAP_RX_NBL_TAG              ((ULONG)'RpaT')     // "TapR
+#define TAP_RX_INJECT_BUFFER_TAG    ((ULONG)'IpaT')     // "TapI
+
+#define TAP_MAX_NDIS_NAME_LENGTH     64     // 38 character GUID string plus extra..
+
+// TAP receive indication NBL flag definitions.
+#define TAP_RX_NBL_FLAGS                    NBL_FLAGS_MINIPORT_RESERVED
+#define TAP_RX_NBL_FLAGS_CLEAR_ALL(_NBL)    ((_NBL)->Flags &= ~TAP_RX_NBL_FLAGS)
+#define TAP_RX_NBL_FLAG_SET(_NBL, _F)       ((_NBL)->Flags |= ((_F) & TAP_RX_NBL_FLAGS))
+#define TAP_RX_NBL_FLAG_CLEAR(_NBL, _F)     ((_NBL)->Flags &= ~((_F) & TAP_RX_NBL_FLAGS))
+#define TAP_RX_NBL_FLAG_TEST(_NBL, _F)      (((_NBL)->Flags & ((_F) & TAP_RX_NBL_FLAGS)) != 0)
+
+#define TAP_RX_NBL_FLAGS_IS_P2P             0x00001000
+#define TAP_RX_NBL_FLAGS_IS_INJECTED        0x00002000
+
+// MSDN Ref: http://msdn.microsoft.com/en-us/library/windows/hardware/ff560490(v=vs.85).aspx
+typedef
+enum _TAP_MINIPORT_ADAPTER_STATE
+{
+    // The Halted state is the initial state of all adapters. When an
+    // adapter is in the Halted state, NDIS can call the driver's
+    // MiniportInitializeEx function to initialize the adapter.
+    MiniportHaltedState,
+
+    // In the Shutdown state, a system shutdown and restart must occur
+    // before the system can use the adapter again.
+    MiniportShutdownState,
+
+    // In the Initializing state, a miniport driver completes any
+    //operations that are required to initialize an adapter.
+    MiniportInitializingState,
+
+    // Entering the Paused state...
+    MiniportPausingState,
+
+    // In the Paused state, the adapter does not indicate received
+    // network data or accept send requests.
+    MiniportPausedState,
+
+    // In the Running state, a miniport driver performs send and
+    // receive processing for an adapter.
+    MiniportRunning,
+
+    // In the Restarting state, a miniport driver completes any
+    // operations that are required to restart send and receive
+    // operations for an adapter.
+    MiniportRestartingState
+} TAP_MINIPORT_ADAPTER_STATE, *PTAP_MINIPORT_ADAPTER_STATE;
+
+//
+// Each adapter managed by this driver has a TapAdapter struct.
+// ------------------------------------------------------------
+// Since there is a one-to-one relationship between adapter instances
+// and device instances this structure is the device extension as well.
+//
+typedef struct _TAP_ADAPTER_CONTEXT
+{
+    LIST_ENTRY                  AdapterListLink;
+
+    volatile LONG               RefCount;
+
+    NDIS_HANDLE                 MiniportAdapterHandle;
+
+    NDIS_SPIN_LOCK              AdapterLock;    // Lock for protection of state and outstanding sends and recvs
+
+    //
+    // All fields that are protected by the AdapterLock are included
+    // in the Locked structure to remind us to take the Lock
+    // before accessing them :)
+    //
+    struct
+    {
+        TAP_MINIPORT_ADAPTER_STATE  AdapterState;
+    } Locked;
+
+    BOOLEAN                     ResetInProgress;
+
+    //
+    // NetCfgInstanceId as UNICODE_STRING
+    // ----------------------------------
+    // This a GUID string provided by NDIS that identifies the adapter instance.
+    // An example is:
+    // 
+    //    NetCfgInstanceId={410EB49D-2381-4FE7-9B36-498E22619DF0}
+    //
+    // Other names are derived from NetCfgInstanceId. For example, MiniportName:
+    //
+    //    MiniportName=\DEVICE\{410EB49D-2381-4FE7-9B36-498E22619DF0}
+    //
+    NDIS_STRING                 NetCfgInstanceId;
+    WCHAR                       NetCfgInstanceIdBuffer[TAP_MAX_NDIS_NAME_LENGTH];
+
+# define MINIPORT_INSTANCE_ID(a) ((a)->NetCfgInstanceIdAnsi.Buffer)
+    ANSI_STRING                 NetCfgInstanceIdAnsi;   // Used occasionally
+
+    ULONG                       MtuSize;        // 1500 byte (typical)
+
+    // TRUE if adapter should always be "connected" even when device node
+    // is not open by a userspace process.
+    //
+    // FALSE if connection state is application controlled.
+    BOOLEAN                     MediaStateAlwaysConnected;
+
+    // TRUE if device is "connected".
+    BOOLEAN                     LogicalMediaState;
+
+    NDIS_DEVICE_POWER_STATE     CurrentPowerState;
+
+    BOOLEAN                     AllowNonAdmin;
+
+    MACADDR                     PermanentAddress;   // From registry, if available
+    MACADDR                     CurrentAddress;
+
+    // Device registration parameters from NdisRegisterDeviceEx.
+    NDIS_STRING                 DeviceName;
+    WCHAR                       DeviceNameBuffer[TAP_MAX_NDIS_NAME_LENGTH];
+
+    NDIS_STRING                 LinkName;
+    WCHAR                       LinkNameBuffer[TAP_MAX_NDIS_NAME_LENGTH];
+
+    NDIS_HANDLE                 DeviceHandle;
+    PDEVICE_OBJECT              DeviceObject;
+    BOOLEAN                     TapDeviceCreated;   // WAS: m_TapIsRunning
+
+    PFILE_OBJECT                TapFileObject;      // Exclusive access
+    BOOLEAN                     TapFileIsOpen;      // WAS: m_TapOpens
+    LONG                        TapFileOpenCount;   // WAS: m_NumTapOpens
+
+    // Cancel-Safe read IRP queue.
+    TAP_IRP_CSQ                 PendingReadIrpQueue;
+
+    // Queue containing TAP packets representing host send NBs. These are
+    // waiting to be read by user-mode application.
+    TAP_PACKET_QUEUE            SendPacketQueue;
+
+    // NBL pool for making TAP receive indications.
+    NDIS_HANDLE                 ReceiveNblPool;
+
+    volatile LONG               ReceiveNblInFlightCount;
+#define TAP_WAIT_POLL_LOOP_TIMEOUT  3000    // 3 seconds
+    NDIS_EVENT                  ReceiveNblInFlightCountZeroEvent;
+
+	/*
+    // Info for point-to-point mode
+    BOOLEAN                     m_tun;
+    IPADDR                      m_localIP;
+    IPADDR                      m_remoteNetwork;
+    IPADDR                      m_remoteNetmask;
+    ETH_HEADER                  m_TapToUser;
+    ETH_HEADER                  m_UserToTap;
+    ETH_HEADER                  m_UserToTap_IPv6; // same as UserToTap but proto=ipv6
+	*/
+
+	// Info for DHCP server masquerade
+	/*
+    BOOLEAN                     m_dhcp_enabled;
+    IPADDR                      m_dhcp_addr;
+    ULONG                       m_dhcp_netmask;
+    IPADDR                      m_dhcp_server_ip;
+    BOOLEAN                     m_dhcp_server_arp;
+    MACADDR                     m_dhcp_server_mac;
+    ULONG                       m_dhcp_lease_time;
+    UCHAR                       m_dhcp_user_supplied_options_buffer[DHCP_USER_SUPPLIED_OPTIONS_BUFFER_SIZE];
+    ULONG                       m_dhcp_user_supplied_options_buffer_len;
+    BOOLEAN                     m_dhcp_received_discover;
+    ULONG                       m_dhcp_bad_requests;
+	*/
+
+    // Multicast list. Fixed size.
+    ULONG                       ulMCListSize;
+    UCHAR                       MCList[TAP_MAX_MCAST_LIST][MACADDR_SIZE];
+
+    ULONG                       PacketFilter;
+    ULONG                       ulLookahead;
+
+    //
+    // Statistics
+    // -------------------------------------------------------------------------
+    //
+
+    // Packet counts
+    ULONG64                     FramesRxDirected;
+    ULONG64                     FramesRxMulticast;
+    ULONG64                     FramesRxBroadcast;
+    ULONG64                     FramesTxDirected;
+    ULONG64                     FramesTxMulticast;
+    ULONG64                     FramesTxBroadcast;
+
+    // Byte counts
+    ULONG64                     BytesRxDirected;
+    ULONG64                     BytesRxMulticast;
+    ULONG64                     BytesRxBroadcast;
+    ULONG64                     BytesTxDirected;
+    ULONG64                     BytesTxMulticast;
+    ULONG64                     BytesTxBroadcast;
+
+    // Count of transmit errors
+    ULONG                       TxAbortExcessCollisions;
+    ULONG                       TxLateCollisions;
+    ULONG                       TxDmaUnderrun;
+    ULONG                       TxLostCRS;
+    ULONG                       TxOKButDeferred;
+    ULONG                       OneRetry;
+    ULONG                       MoreThanOneRetry;
+    ULONG                       TotalRetries;
+    ULONG                       TransmitFailuresOther;
+
+    // Count of receive errors
+    ULONG                       RxCrcErrors;
+    ULONG                       RxAlignmentErrors;
+    ULONG                       RxResourceErrors;
+    ULONG                       RxDmaOverrunErrors;
+    ULONG                       RxCdtFrames;
+    ULONG                       RxRuntErrors;
+
+#if PACKET_TRUNCATION_CHECK
+    LONG                        m_RxTrunc, m_TxTrunc;
+#endif
+
+  BOOLEAN m_InterfaceIsRunning;
+  LONG m_Rx, m_RxErr;
+  NDIS_MEDIUM m_Medium;
+
+  // Help to tear down the adapter by keeping
+  // some state information on allocated
+  // resources.
+  BOOLEAN m_CalledAdapterFreeResources;
+  BOOLEAN m_RegisteredAdapterShutdownHandler;
+
+} TAP_ADAPTER_CONTEXT, *PTAP_ADAPTER_CONTEXT;
+
+FORCEINLINE
+LONG
+tapAdapterContextReference(
+    __in PTAP_ADAPTER_CONTEXT   Adapter
+    )
+{
+    LONG    refCount = NdisInterlockedIncrement(&Adapter->RefCount);
+
+    ASSERT(refCount>1);     // Cannot dereference a zombie.
+
+    return refCount;
+}
+
+VOID
+tapAdapterContextFree(
+    __in PTAP_ADAPTER_CONTEXT     Adapter
+    );
+
+FORCEINLINE
+LONG
+tapAdapterContextDereference(
+    IN PTAP_ADAPTER_CONTEXT     Adapter
+    )
+{
+    LONG    refCount = NdisInterlockedDecrement(&Adapter->RefCount);
+    ASSERT(refCount >= 0);
+    if (!refCount)
+    {
+        tapAdapterContextFree(Adapter);
+    }
+
+    return refCount;
+}
+
+VOID
+tapAdapterAcquireLock(
+    __in    PTAP_ADAPTER_CONTEXT    Adapter,
+    __in    BOOLEAN                 DispatchLevel
+    );
+
+VOID
+tapAdapterReleaseLock(
+    __in    PTAP_ADAPTER_CONTEXT    Adapter,
+    __in    BOOLEAN                 DispatchLevel
+    );
+
+// Returns with added reference on adapter context.
+PTAP_ADAPTER_CONTEXT
+tapAdapterContextFromDeviceObject(
+    __in PDEVICE_OBJECT DeviceObject
+    );
+
+BOOLEAN
+tapAdapterReadAndWriteReady(
+    __in PTAP_ADAPTER_CONTEXT     Adapter
+    );
+
+NDIS_STATUS
+tapAdapterSendAndReceiveReady(
+    __in PTAP_ADAPTER_CONTEXT     Adapter
+    );
+
+ULONG
+tapGetNetBufferFrameType(
+    __in PNET_BUFFER       NetBuffer
+    );
+
+ULONG
+tapGetNetBufferCountsFromNetBufferList(
+    __in PNET_BUFFER_LIST   NetBufferList,
+    __inout_opt PULONG      TotalByteCount      // Of all linked NBs
+    );
+
+// Prototypes for standard NDIS miniport entry points
+MINIPORT_SET_OPTIONS                AdapterSetOptions;
+MINIPORT_INITIALIZE                 AdapterCreate;
+MINIPORT_HALT                       AdapterHalt;
+MINIPORT_UNLOAD                     TapDriverUnload;
+MINIPORT_PAUSE                      AdapterPause;
+MINIPORT_RESTART                    AdapterRestart;
+MINIPORT_OID_REQUEST                AdapterOidRequest;
+MINIPORT_SEND_NET_BUFFER_LISTS      AdapterSendNetBufferLists;
+MINIPORT_RETURN_NET_BUFFER_LISTS    AdapterReturnNetBufferLists;
+MINIPORT_CANCEL_SEND                AdapterCancelSend;
+MINIPORT_CHECK_FOR_HANG             AdapterCheckForHangEx;
+MINIPORT_RESET                      AdapterReset;
+MINIPORT_DEVICE_PNP_EVENT_NOTIFY    AdapterDevicePnpEventNotify;
+MINIPORT_SHUTDOWN                   AdapterShutdownEx;
+MINIPORT_CANCEL_OID_REQUEST         AdapterCancelOidRequest;
+
+#endif // __TAP_ADAPTER_CONTEXT_H_
\ No newline at end of file
diff --git a/windows/TapDriver6/config.h b/windows/TapDriver6/config.h
new file mode 100644
index 0000000..4d36c5a
--- /dev/null
+++ b/windows/TapDriver6/config.h
@@ -0,0 +1,9 @@
+#define PRODUCT_NAME			"ZeroTier One Virtual Port"
+#define PRODUCT_VERSION			"3.0.0"
+#define PRODUCT_VERSION_RESOURCE	3,0,0,1
+#define PRODUCT_TAP_WIN_COMPONENT_ID	"zttap300"
+#define PRODUCT_TAP_WIN_MAJOR		3
+#define PRODUCT_TAP_WIN_MINOR		0
+#define PRODUCT_TAP_WIN_PROVIDER		"ZeroTier Networks"
+#define PRODUCT_TAP_WIN_DEVICE_DESCRIPTION	PRODUCT_NAME
+#define PRODUCT_TAP_WIN_RELDATE		"04/25/2015"
diff --git a/windows/TapDriver6/constants.h b/windows/TapDriver6/constants.h
new file mode 100644
index 0000000..91a876f
--- /dev/null
+++ b/windows/TapDriver6/constants.h
@@ -0,0 +1,196 @@
+/*
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ *                 device functionality on Windows.
+ *
+ *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
+ *
+ *  This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
+ *  and is released under the GPL version 2 (see below).
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+//====================================================================
+//                        Product and Version public settings
+//====================================================================
+
+#define PRODUCT_STRING PRODUCT_TAP_DEVICE_DESCRIPTION
+
+
+//
+// Update the driver version number every time you release a new driver
+// The high word is the major version. The low word is the minor version.
+// Also make sure that VER_FILEVERSION specified in the .RC file also
+// matches with the driver version because NDISTESTER checks for that.
+//
+#ifndef TAP_DRIVER_MAJOR_VERSION
+
+#define TAP_DRIVER_MAJOR_VERSION           0x04
+#define TAP_DRIVER_MINOR_VERSION           0x02
+
+#endif
+
+#define TAP_DRIVER_VENDOR_VERSION          ((TAP_DRIVER_MAJOR_VERSION << 16) | TAP_DRIVER_MINOR_VERSION)
+
+//
+// Define the NDIS miniport interface version that this driver targets.
+//
+#if defined(NDIS60_MINIPORT)
+#  define TAP_NDIS_MAJOR_VERSION    6
+#  define TAP_NDIS_MINOR_VERSION    0
+#elif defined(NDIS61_MINIPORT)
+#  define TAP_NDIS_MAJOR_VERSION    6
+#  define TAP_NDIS_MINOR_VERSION    1
+#elif defined(NDIS620_MINIPORT)
+#  define TAP_NDIS_MAJOR_VERSION    6
+#  define TAP_NDIS_MINOR_VERSION    20
+#elif defined(NDIS630_MINIPORT)
+#  define TAP_NDIS_MAJOR_VERSION    6
+#  define TAP_NDIS_MINOR_VERSION    30
+#else
+#define TAP_NDIS_MAJOR_VERSION      5
+#define TAP_NDIS_MINOR_VERSION      0
+#endif
+
+//===========================================================
+// Driver constants
+//===========================================================
+
+#define ETHERNET_HEADER_SIZE        (sizeof (ETH_HEADER))
+//#define ETHERNET_MTU                1500
+#define ETHERNET_MTU                2800
+#define ETHERNET_PACKET_SIZE        (ETHERNET_MTU + ETHERNET_HEADER_SIZE)
+#define DEFAULT_PACKET_LOOKAHEAD    (ETHERNET_PACKET_SIZE)
+#define VLAN_TAG_SIZE               4
+
+//===========================================================
+// Medium properties
+//===========================================================
+
+#define TAP_FRAME_HEADER_SIZE       ETHERNET_HEADER_SIZE
+#define TAP_FRAME_MAX_DATA_SIZE     ETHERNET_MTU
+#define TAP_MAX_FRAME_SIZE          (TAP_FRAME_HEADER_SIZE + TAP_FRAME_MAX_DATA_SIZE)
+#define TAP_MIN_FRAME_SIZE          60
+
+#define TAP_MEDIUM_TYPE             NdisMedium802_3
+
+//===========================================================
+// Physical adapter properties
+//===========================================================
+
+// The bus that connects the adapter to the PC.
+// (Example: PCI adapters should use NdisInterfacePci).
+#define TAP_INTERFACE_TYPE          NdisInterfaceInternal
+
+#define TAP_VENDOR_DESC             PRODUCT_TAP_WIN_DEVICE_DESCRIPTION
+
+// Highest byte is the NIC byte plus three vendor bytes. This is normally
+// obtained from the NIC.
+#define TAP_VENDOR_ID               0x00FFFFFF
+
+// If you have physical hardware on 802.3, use NdisPhysicalMedium802_3.
+#define TAP_PHYSICAL_MEDIUM         NdisPhysicalMediumUnspecified
+
+// Claim to be 100mbps duplex
+#define MEGABITS_PER_SECOND                1000000ULL
+#define TAP_XMIT_SPEED                     (100ULL*MEGABITS_PER_SECOND)
+#define TAP_RECV_SPEED                     (100ULL*MEGABITS_PER_SECOND)
+
+// Max number of multicast addresses supported in hardware
+#define TAP_MAX_MCAST_LIST                 128
+
+#define TAP_MAX_LOOKAHEAD                  TAP_FRAME_MAX_DATA_SIZE
+#define TAP_BUFFER_SIZE                    TAP_MAX_FRAME_SIZE
+
+// Set this value to TRUE if there is a physical adapter.
+#define TAP_HAS_PHYSICAL_CONNECTOR         FALSE
+#define TAP_ACCESS_TYPE                    NET_IF_ACCESS_BROADCAST
+#define TAP_DIRECTION_TYPE                 NET_IF_DIRECTION_SENDRECEIVE
+#define TAP_CONNECTION_TYPE                NET_IF_CONNECTION_DEDICATED
+
+// This value must match the *IfType in the driver .inf file
+#define TAP_IFTYPE                         IF_TYPE_ETHERNET_CSMACD
+
+//
+// This is a virtual device, so it can tolerate surprise removal and
+// suspend.  Ensure the correct flags are set for your hardware.
+//
+#define TAP_ADAPTER_ATTRIBUTES_FLAGS (\
+                NDIS_MINIPORT_ATTRIBUTES_SURPRISE_REMOVE_OK | NDIS_MINIPORT_ATTRIBUTES_NDIS_WDM)
+
+#define TAP_SUPPORTED_FILTERS ( \
+                NDIS_PACKET_TYPE_DIRECTED   | \
+                NDIS_PACKET_TYPE_MULTICAST  | \
+                NDIS_PACKET_TYPE_BROADCAST  | \
+                NDIS_PACKET_TYPE_ALL_LOCAL  | \
+                NDIS_PACKET_TYPE_PROMISCUOUS | \
+                NDIS_PACKET_TYPE_ALL_MULTICAST)
+
+//#define TAP_MAX_MCAST_LIST          128  // Max length of multicast address list
+
+//
+// Specify a bitmask that defines optional properties of the NIC.
+// This miniport indicates receive with NdisMIndicateReceiveNetBufferLists
+// function.  Such a driver should set this NDIS_MAC_OPTION_TRANSFERS_NOT_PEND
+// flag.
+//
+// NDIS_MAC_OPTION_NO_LOOPBACK tells NDIS that NIC has no internal
+// loopback support so NDIS will manage loopbacks on behalf of
+// this driver.
+//
+// NDIS_MAC_OPTION_COPY_LOOKAHEAD_DATA tells the protocol that
+// our receive buffer is not on a device-specific card. If
+// NDIS_MAC_OPTION_COPY_LOOKAHEAD_DATA is not set, multi-buffer
+// indications are copied to a single flat buffer.
+//
+
+#define TAP_MAC_OPTIONS (\
+                NDIS_MAC_OPTION_COPY_LOOKAHEAD_DATA | \
+                NDIS_MAC_OPTION_TRANSFERS_NOT_PEND  | \
+                NDIS_MAC_OPTION_NO_LOOPBACK)
+
+#define TAP_ADAPTER_CHECK_FOR_HANG_TIME_IN_SECONDS 4
+
+
+// NDIS 6.x miniports must support all counters in OID_GEN_STATISTICS.
+#define TAP_SUPPORTED_STATISTICS (\
+                NDIS_STATISTICS_FLAGS_VALID_DIRECTED_FRAMES_RCV    | \
+                NDIS_STATISTICS_FLAGS_VALID_MULTICAST_FRAMES_RCV   | \
+                NDIS_STATISTICS_FLAGS_VALID_BROADCAST_FRAMES_RCV   | \
+                NDIS_STATISTICS_FLAGS_VALID_BYTES_RCV              | \
+                NDIS_STATISTICS_FLAGS_VALID_RCV_DISCARDS           | \
+                NDIS_STATISTICS_FLAGS_VALID_RCV_ERROR              | \
+                NDIS_STATISTICS_FLAGS_VALID_DIRECTED_FRAMES_XMIT   | \
+                NDIS_STATISTICS_FLAGS_VALID_MULTICAST_FRAMES_XMIT  | \
+                NDIS_STATISTICS_FLAGS_VALID_BROADCAST_FRAMES_XMIT  | \
+                NDIS_STATISTICS_FLAGS_VALID_BYTES_XMIT             | \
+                NDIS_STATISTICS_FLAGS_VALID_XMIT_ERROR             | \
+                NDIS_STATISTICS_FLAGS_VALID_XMIT_DISCARDS          | \
+                NDIS_STATISTICS_FLAGS_VALID_DIRECTED_BYTES_RCV     | \
+                NDIS_STATISTICS_FLAGS_VALID_MULTICAST_BYTES_RCV    | \
+                NDIS_STATISTICS_FLAGS_VALID_BROADCAST_BYTES_RCV    | \
+                NDIS_STATISTICS_FLAGS_VALID_DIRECTED_BYTES_XMIT    | \
+                NDIS_STATISTICS_FLAGS_VALID_MULTICAST_BYTES_XMIT   | \
+                NDIS_STATISTICS_FLAGS_VALID_BROADCAST_BYTES_XMIT)
+
+
+#define MINIMUM_MTU                 576        // USE TCP Minimum MTU
+#define MAXIMUM_MTU                 65536      // IP maximum MTU
+
+#define PACKET_QUEUE_SIZE           64 // tap -> userspace queue size
+#define IRP_QUEUE_SIZE              16 // max number of simultaneous i/o operations from userspace
+#define INJECT_QUEUE_SIZE           16 // DHCP/ARP -> tap injection queue
+
+#define TAP_LITTLE_ENDIAN      // affects ntohs, htonl, etc. functions
diff --git a/windows/TapDriver6/device.c b/windows/TapDriver6/device.c
new file mode 100644
index 0000000..7367143
--- /dev/null
+++ b/windows/TapDriver6/device.c
@@ -0,0 +1,1209 @@
+/*
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ *                 device functionality on Windows.
+ *
+ *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
+ *
+ *  This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
+ *  and is released under the GPL version 2 (see below).
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+//
+// Include files.
+//
+
+#include "tap.h"
+#include <wdmsec.h> // for SDDLs
+
+//======================================================================
+// TAP Win32 Device I/O Callbacks
+//======================================================================
+
+#ifdef ALLOC_PRAGMA
+#pragma alloc_text( PAGE, TapDeviceCreate)
+#pragma alloc_text( PAGE, TapDeviceControl)
+#pragma alloc_text( PAGE, TapDeviceCleanup)
+#pragma alloc_text( PAGE, TapDeviceClose)
+#endif // ALLOC_PRAGMA
+
+//===================================================================
+// Go back to default TAP mode from Point-To-Point mode.
+// Also reset (i.e. disable) DHCP Masq mode.
+//===================================================================
+VOID tapResetAdapterState(
+    __in PTAP_ADAPTER_CONTEXT Adapter
+    )
+{
+  /*
+  // Point-To-Point
+  Adapter->m_tun = FALSE;
+  Adapter->m_localIP = 0;
+  Adapter->m_remoteNetwork = 0;
+  Adapter->m_remoteNetmask = 0;
+  NdisZeroMemory (&Adapter->m_TapToUser, sizeof (Adapter->m_TapToUser));
+  NdisZeroMemory (&Adapter->m_UserToTap, sizeof (Adapter->m_UserToTap));
+  NdisZeroMemory (&Adapter->m_UserToTap_IPv6, sizeof (Adapter->m_UserToTap_IPv6));
+  */
+
+  // DHCP Masq
+  /*
+  Adapter->m_dhcp_enabled = FALSE;
+  Adapter->m_dhcp_server_arp = FALSE;
+  Adapter->m_dhcp_user_supplied_options_buffer_len = 0;
+  Adapter->m_dhcp_addr = 0;
+  Adapter->m_dhcp_netmask = 0;
+  Adapter->m_dhcp_server_ip = 0;
+  Adapter->m_dhcp_lease_time = 0;
+  Adapter->m_dhcp_received_discover = FALSE;
+  Adapter->m_dhcp_bad_requests = 0;
+  NdisZeroMemory (Adapter->m_dhcp_server_mac, MACADDR_SIZE);
+  */
+}
+
+// IRP_MJ_CREATE
+NTSTATUS
+TapDeviceCreate(
+    PDEVICE_OBJECT DeviceObject,
+    PIRP Irp
+    )
+/*++
+
+Routine Description:
+
+    This routine is called by the I/O system when the device is opened.
+
+    No action is performed other than completing the request successfully.
+
+Arguments:
+
+    DeviceObject - a pointer to the object that represents the device
+    that I/O is to be done on.
+
+    Irp - a pointer to the I/O Request Packet for this request.
+
+Return Value:
+
+    NT status code
+
+--*/
+{
+    NDIS_STATUS             status;
+    PIO_STACK_LOCATION      irpSp;// Pointer to current stack location
+    PTAP_ADAPTER_CONTEXT    adapter = NULL;
+    PFILE_OBJECT            originalFileObject;
+
+    PAGED_CODE();
+
+    DEBUGP (("[TAP] --> TapDeviceCreate\n"));
+
+    irpSp = IoGetCurrentIrpStackLocation(Irp);
+
+    //
+    // Invalidate file context
+    //
+    irpSp->FileObject->FsContext = NULL;
+    irpSp->FileObject->FsContext2 = NULL;
+
+    //
+    // Find adapter context for this device.
+    // -------------------------------------
+    // Returns with added reference on adapter context.
+    //
+    adapter = tapAdapterContextFromDeviceObject(DeviceObject);
+
+    // Insure that adapter exists.
+    ASSERT(adapter);
+
+    if(adapter == NULL )
+    {
+        DEBUGP (("[TAP] release [%d.%d] open request; adapter not found\n",
+            TAP_DRIVER_MAJOR_VERSION,
+            TAP_DRIVER_MINOR_VERSION
+            ));
+
+        Irp->IoStatus.Status = STATUS_DEVICE_DOES_NOT_EXIST;
+        Irp->IoStatus.Information = 0;
+
+        IoCompleteRequest( Irp, IO_NO_INCREMENT );
+
+        return STATUS_DEVICE_DOES_NOT_EXIST;
+    }
+
+    DEBUGP(("[%s] [TAP] release [%d.%d] open request (TapFileIsOpen=%d)\n",
+        MINIPORT_INSTANCE_ID(adapter),
+        TAP_DRIVER_MAJOR_VERSION,
+        TAP_DRIVER_MINOR_VERSION,
+        adapter->TapFileIsOpen
+        ));
+
+    // Enforce exclusive access
+    originalFileObject = InterlockedCompareExchangePointer(
+                    &adapter->TapFileObject,
+                    irpSp->FileObject,
+                    NULL
+                    );
+
+    if(originalFileObject == NULL)
+    {
+        irpSp->FileObject->FsContext = adapter; // Quick reference
+
+        status = STATUS_SUCCESS;
+    }
+    else
+    {
+        status = STATUS_UNSUCCESSFUL;
+    }
+
+    // Release the lock.
+    //tapAdapterReleaseLock(adapter,FALSE);
+
+    if(status == STATUS_SUCCESS)
+    {
+        // Reset adapter state on successful open.
+        tapResetAdapterState(adapter);
+
+        adapter->TapFileIsOpen = 1;    // Legacy...
+
+        // NOTE!!! Reference added by tapAdapterContextFromDeviceObject
+        // will be removed when file is closed.
+    }
+    else
+    {
+        DEBUGP (("[%s] TAP is presently unavailable (TapFileIsOpen=%d)\n",
+            MINIPORT_INSTANCE_ID(adapter), adapter->TapFileIsOpen
+            ));
+
+        NOTE_ERROR();
+
+        // Remove reference added by tapAdapterContextFromDeviceObject.
+        tapAdapterContextDereference(adapter);
+    }
+
+    // Complete the IRP.
+    Irp->IoStatus.Status = status;
+    Irp->IoStatus.Information = 0;
+
+    IoCompleteRequest( Irp, IO_NO_INCREMENT );
+
+    DEBUGP (("[TAP] <-- TapDeviceCreate; status = %8.8X\n",status));
+
+    return status;
+}
+
+//===================================================
+// Tell Windows whether the TAP device should be
+// considered "connected" or "disconnected".
+//
+// Allows application control of media connect state.
+//===================================================
+VOID
+tapSetMediaConnectStatus(
+    __in PTAP_ADAPTER_CONTEXT   Adapter,
+    __in BOOLEAN                LogicalMediaState
+    )
+{
+    NDIS_STATUS_INDICATION  statusIndication;
+    NDIS_LINK_STATE         linkState;
+
+    NdisZeroMemory(&statusIndication, sizeof(NDIS_STATUS_INDICATION));
+    NdisZeroMemory(&linkState, sizeof(NDIS_LINK_STATE));
+
+    //
+    // Fill in object headers
+    //
+    statusIndication.Header.Type = NDIS_OBJECT_TYPE_STATUS_INDICATION;
+    statusIndication.Header.Revision = NDIS_STATUS_INDICATION_REVISION_1;
+    statusIndication.Header.Size = sizeof(NDIS_STATUS_INDICATION);
+
+    linkState.Header.Revision = NDIS_LINK_STATE_REVISION_1;
+    linkState.Header.Type = NDIS_OBJECT_TYPE_DEFAULT;
+    linkState.Header.Size = sizeof(NDIS_LINK_STATE);
+
+    //
+    // Link state buffer
+    //
+    if(Adapter->LogicalMediaState == TRUE)
+    {
+        linkState.MediaConnectState = MediaConnectStateConnected;
+    }
+
+    linkState.MediaDuplexState = MediaDuplexStateFull;
+    linkState.RcvLinkSpeed = TAP_RECV_SPEED;
+    linkState.XmitLinkSpeed = TAP_XMIT_SPEED;
+
+    //
+    // Fill in the status buffer
+    // 
+    statusIndication.StatusCode = NDIS_STATUS_LINK_STATE;
+    statusIndication.SourceHandle = Adapter->MiniportAdapterHandle;
+    statusIndication.DestinationHandle = NULL;
+    statusIndication.RequestId = 0;
+
+    statusIndication.StatusBuffer = &linkState;
+    statusIndication.StatusBufferSize = sizeof(NDIS_LINK_STATE);
+
+    // Fill in new media connect state.
+    if ( (Adapter->LogicalMediaState != LogicalMediaState) && !Adapter->MediaStateAlwaysConnected)
+    {
+        Adapter->LogicalMediaState = LogicalMediaState;
+
+        if (LogicalMediaState == TRUE)
+        {
+            linkState.MediaConnectState = MediaConnectStateConnected;
+
+            DEBUGP (("[TAP] Set MediaConnectState: Connected.\n"));
+        }
+        else
+        {
+            linkState.MediaConnectState = MediaConnectStateDisconnected;
+
+            DEBUGP (("[TAP] Set MediaConnectState: Disconnected.\n"));
+        }
+    }
+
+    // Make the status indication.
+    if(Adapter->Locked.AdapterState != MiniportHaltedState)
+    {
+        NdisMIndicateStatusEx(Adapter->MiniportAdapterHandle, &statusIndication);
+    }
+}
+
+/*
+//======================================================
+// If DHCP mode is used together with tun
+// mode, consider the fact that the P2P remote subnet
+// might enclose the DHCP masq server address.
+//======================================================
+VOID
+CheckIfDhcpAndTunMode (
+    __in PTAP_ADAPTER_CONTEXT   Adapter
+    )
+{
+    if (Adapter->m_tun && Adapter->m_dhcp_enabled)
+    {
+        if ((Adapter->m_dhcp_server_ip & Adapter->m_remoteNetmask) == Adapter->m_remoteNetwork)
+        {
+            ETH_COPY_NETWORK_ADDRESS (Adapter->m_dhcp_server_mac, Adapter->m_TapToUser.dest);
+            Adapter->m_dhcp_server_arp = FALSE;
+        }
+    }
+}
+*/
+
+// IRP_MJ_DEVICE_CONTROL callback.
+NTSTATUS
+TapDeviceControl(
+    PDEVICE_OBJECT DeviceObject,
+    PIRP Irp
+    )
+
+/*++
+
+Routine Description:
+
+    This routine is called by the I/O system to perform a device I/O
+    control function.
+
+Arguments:
+
+    DeviceObject - a pointer to the object that represents the device
+        that I/O is to be done on.
+
+    Irp - a pointer to the I/O Request Packet for this request.
+
+Return Value:
+
+    NT status code
+
+--*/
+
+{
+    NTSTATUS                ntStatus = STATUS_SUCCESS; // Assume success
+    PIO_STACK_LOCATION      irpSp; // Pointer to current stack location
+    PTAP_ADAPTER_CONTEXT    adapter = NULL;
+    ULONG                   inBufLength; // Input buffer length
+    ULONG                   outBufLength; // Output buffer length
+    PCHAR                   inBuf, outBuf; // pointer to Input and output buffer
+    PMDL                    mdl = NULL;
+    PCHAR                   buffer = NULL;
+
+    PAGED_CODE();
+
+    irpSp = IoGetCurrentIrpStackLocation( Irp );
+
+    //
+    // Fetch adapter context for this device.
+    // --------------------------------------
+    // Adapter pointer was stashed in FsContext when handle was opened.
+    //
+    adapter = (PTAP_ADAPTER_CONTEXT )(irpSp->FileObject)->FsContext;
+
+    ASSERT(adapter);
+
+    inBufLength = irpSp->Parameters.DeviceIoControl.InputBufferLength;
+    outBufLength = irpSp->Parameters.DeviceIoControl.OutputBufferLength;
+
+    if (!inBufLength || !outBufLength)
+    {
+        ntStatus = STATUS_INVALID_PARAMETER;
+        goto End;
+    }
+
+    //
+    // Determine which I/O control code was specified.
+    //
+    switch ( irpSp->Parameters.DeviceIoControl.IoControlCode )
+    {
+    case TAP_WIN_IOCTL_GET_MAC:
+        {
+            if (outBufLength >= MACADDR_SIZE )
+            {
+                ETH_COPY_NETWORK_ADDRESS(
+                    Irp->AssociatedIrp.SystemBuffer,
+                    adapter->CurrentAddress
+                    );
+
+                Irp->IoStatus.Information = MACADDR_SIZE;
+            }
+            else
+            {
+                NOTE_ERROR();
+                Irp->IoStatus.Status = ntStatus = STATUS_BUFFER_TOO_SMALL;
+            }
+        }
+        break;
+
+    case TAP_WIN_IOCTL_GET_VERSION:
+        {
+            const ULONG size = sizeof (ULONG) * 3;
+
+            if (outBufLength >= size)
+            {
+                ((PULONG) (Irp->AssociatedIrp.SystemBuffer))[0]
+                    = TAP_DRIVER_MAJOR_VERSION;
+
+                ((PULONG) (Irp->AssociatedIrp.SystemBuffer))[1]
+                    = TAP_DRIVER_MINOR_VERSION;
+
+                ((PULONG) (Irp->AssociatedIrp.SystemBuffer))[2]
+#if DBG
+                    = 1;
+#else
+                    = 0;
+#endif
+                Irp->IoStatus.Information = size;
+            }
+            else
+            {
+                NOTE_ERROR();
+                Irp->IoStatus.Status = ntStatus = STATUS_BUFFER_TOO_SMALL;
+            }
+        }
+        break;
+
+    case TAP_WIN_IOCTL_GET_MTU:
+        {
+            const ULONG size = sizeof (ULONG) * 1;
+
+            if (outBufLength >= size)
+            {
+                ((PULONG) (Irp->AssociatedIrp.SystemBuffer))[0]
+                    = adapter->MtuSize;
+
+                Irp->IoStatus.Information = size;
+            }
+            else
+            {
+                NOTE_ERROR();
+                Irp->IoStatus.Status = ntStatus = STATUS_BUFFER_TOO_SMALL;
+            }
+        }
+        break;
+
+			// Allow ZeroTier One to get multicast memberships at the L2 level in a
+			// protocol-neutral manner.
+			case TAP_WIN_IOCTL_GET_MULTICAST_MEMBERSHIPS:
+				{
+					if (outBufLength < TAP_WIN_IOCTL_GET_MULTICAST_MEMBERSHIPS_OUTPUT_BUF_SIZE) {
+						/* output buffer too small */
+						NOTE_ERROR ();
+		                Irp->IoStatus.Status = ntStatus = STATUS_BUFFER_TOO_SMALL;
+					} else {
+						char *out = (char *)Irp->AssociatedIrp.SystemBuffer;
+						char *end = out + TAP_WIN_IOCTL_GET_MULTICAST_MEMBERSHIPS_OUTPUT_BUF_SIZE;
+						unsigned long i,j;
+						for(i=0;i<adapter->ulMCListSize;++i) {
+							if (i >= TAP_MAX_MCAST_LIST)
+								break;
+							for(j=0;j<6;++j)
+								*(out++) = adapter->MCList[i][j];
+							if (out >= end)
+								break;
+						}
+						while (out < end)
+							*(out++) = (char)0;
+		                Irp->IoStatus.Information = TAP_WIN_IOCTL_GET_MULTICAST_MEMBERSHIPS_OUTPUT_BUF_SIZE;
+						Irp->IoStatus.Status = ntStatus = STATUS_SUCCESS;
+					}
+					break;
+				}
+
+
+#if 0
+    case TAP_WIN_IOCTL_CONFIG_TUN:
+        {
+            if(inBufLength >= sizeof(IPADDR)*3)
+            {
+                MACADDR dest;
+
+                adapter->m_tun = FALSE;
+
+                GenerateRelatedMAC (dest, adapter->CurrentAddress, 1);
+
+                adapter->m_localIP =       ((IPADDR*) (Irp->AssociatedIrp.SystemBuffer))[0];
+                adapter->m_remoteNetwork = ((IPADDR*) (Irp->AssociatedIrp.SystemBuffer))[1];
+                adapter->m_remoteNetmask = ((IPADDR*) (Irp->AssociatedIrp.SystemBuffer))[2];
+
+                // Sanity check on network/netmask
+                if ((adapter->m_remoteNetwork & adapter->m_remoteNetmask) != adapter->m_remoteNetwork)
+                {
+                    NOTE_ERROR();
+                    Irp->IoStatus.Status = ntStatus = STATUS_INVALID_PARAMETER;
+                    break;
+                }
+
+                ETH_COPY_NETWORK_ADDRESS (adapter->m_TapToUser.src, adapter->CurrentAddress);
+                ETH_COPY_NETWORK_ADDRESS (adapter->m_TapToUser.dest, dest);
+                ETH_COPY_NETWORK_ADDRESS (adapter->m_UserToTap.src, dest);
+                ETH_COPY_NETWORK_ADDRESS (adapter->m_UserToTap.dest, adapter->CurrentAddress);
+
+                adapter->m_TapToUser.proto = adapter->m_UserToTap.proto = htons (NDIS_ETH_TYPE_IPV4);
+                adapter->m_UserToTap_IPv6 = adapter->m_UserToTap;
+                adapter->m_UserToTap_IPv6.proto = htons(NDIS_ETH_TYPE_IPV6);
+
+                adapter->m_tun = TRUE;
+
+                CheckIfDhcpAndTunMode (adapter);
+
+                Irp->IoStatus.Information = 1; // Simple boolean value
+
+                DEBUGP (("[TAP] Set TUN mode.\n"));
+            }
+            else
+            {
+                NOTE_ERROR();
+                Irp->IoStatus.Status = ntStatus = STATUS_INVALID_PARAMETER;
+            }
+        }
+        break;
+
+    case TAP_WIN_IOCTL_CONFIG_POINT_TO_POINT:
+        {
+            if(inBufLength >= sizeof(IPADDR)*2)
+            {
+                MACADDR dest;
+
+                adapter->m_tun = FALSE;
+
+                GenerateRelatedMAC (dest, adapter->CurrentAddress, 1);
+
+                adapter->m_localIP =       ((IPADDR*) (Irp->AssociatedIrp.SystemBuffer))[0];
+                adapter->m_remoteNetwork = ((IPADDR*) (Irp->AssociatedIrp.SystemBuffer))[1];
+                adapter->m_remoteNetmask = ~0;
+
+                ETH_COPY_NETWORK_ADDRESS (adapter->m_TapToUser.src, adapter->CurrentAddress);
+                ETH_COPY_NETWORK_ADDRESS (adapter->m_TapToUser.dest, dest);
+                ETH_COPY_NETWORK_ADDRESS (adapter->m_UserToTap.src, dest);
+                ETH_COPY_NETWORK_ADDRESS (adapter->m_UserToTap.dest, adapter->CurrentAddress);
+
+                adapter->m_TapToUser.proto = adapter->m_UserToTap.proto = htons (NDIS_ETH_TYPE_IPV4);
+                adapter->m_UserToTap_IPv6 = adapter->m_UserToTap;
+                adapter->m_UserToTap_IPv6.proto = htons(NDIS_ETH_TYPE_IPV6);
+
+                adapter->m_tun = TRUE;
+
+                CheckIfDhcpAndTunMode (adapter);
+
+                Irp->IoStatus.Information = 1; // Simple boolean value
+
+                DEBUGP (("[TAP] Set P2P mode.\n"));
+            }
+            else
+            {
+                NOTE_ERROR();
+                Irp->IoStatus.Status = ntStatus = STATUS_INVALID_PARAMETER;
+            }
+        }
+        break;
+#endif
+
+#if 0
+    case TAP_WIN_IOCTL_CONFIG_DHCP_MASQ:
+        {
+            if(inBufLength >= sizeof(IPADDR)*4)
+            {
+                adapter->m_dhcp_enabled = FALSE;
+                adapter->m_dhcp_server_arp = FALSE;
+                adapter->m_dhcp_user_supplied_options_buffer_len = 0;
+
+                // Adapter IP addr / netmask
+                adapter->m_dhcp_addr =
+                    ((IPADDR*) (Irp->AssociatedIrp.SystemBuffer))[0];
+                adapter->m_dhcp_netmask =
+                    ((IPADDR*) (Irp->AssociatedIrp.SystemBuffer))[1];
+
+                // IP addr of DHCP masq server
+                adapter->m_dhcp_server_ip =
+                    ((IPADDR*) (Irp->AssociatedIrp.SystemBuffer))[2];
+
+                // Lease time in seconds
+                adapter->m_dhcp_lease_time =
+                    ((IPADDR*) (Irp->AssociatedIrp.SystemBuffer))[3];
+
+                GenerateRelatedMAC(
+                    adapter->m_dhcp_server_mac,
+                    adapter->CurrentAddress,
+                    2
+                    );
+
+                adapter->m_dhcp_enabled = TRUE;
+                adapter->m_dhcp_server_arp = TRUE;
+
+                CheckIfDhcpAndTunMode (adapter);
+
+                Irp->IoStatus.Information = 1; // Simple boolean value
+
+                DEBUGP (("[TAP] Configured DHCP MASQ.\n"));
+            }
+            else
+            {
+                NOTE_ERROR();
+                Irp->IoStatus.Status = ntStatus = STATUS_INVALID_PARAMETER;
+            }
+        }
+        break;
+
+    case TAP_WIN_IOCTL_CONFIG_DHCP_SET_OPT:
+        {
+            if (inBufLength <=  DHCP_USER_SUPPLIED_OPTIONS_BUFFER_SIZE
+                && adapter->m_dhcp_enabled)
+            {
+                adapter->m_dhcp_user_supplied_options_buffer_len = 0;
+
+                NdisMoveMemory(
+                    adapter->m_dhcp_user_supplied_options_buffer,
+                    Irp->AssociatedIrp.SystemBuffer,
+                    inBufLength
+                    );
+
+                adapter->m_dhcp_user_supplied_options_buffer_len = 
+                    inBufLength;
+
+                Irp->IoStatus.Information = 1; // Simple boolean value
+
+                DEBUGP (("[TAP] Set DHCP OPT.\n"));
+            }
+            else
+            {
+                NOTE_ERROR();
+                Irp->IoStatus.Status = ntStatus = STATUS_INVALID_PARAMETER;
+            }
+        }
+        break;
+#endif
+
+#if 0
+    case TAP_WIN_IOCTL_GET_INFO:
+        {
+            char state[16];
+
+            // Fetch adapter (miniport) state.
+            if (tapAdapterSendAndReceiveReady(adapter) == NDIS_STATUS_SUCCESS)
+                state[0] = 'A';
+            else
+                state[0] = 'a';
+
+            if (tapAdapterReadAndWriteReady(adapter))
+                state[1] = 'T';
+            else
+                state[1] = 't';
+
+            state[2] = '0' + adapter->CurrentPowerState;
+
+            if (adapter->MediaStateAlwaysConnected)
+                state[3] = 'C';
+            else
+                state[3] = 'c';
+
+            state[4] = '\0';
+
+            // BUGBUG!!! What follows, and is not yet implemented, is a real mess.
+            // BUGBUG!!! Tied closely to the NDIS 5 implementation. Need to map
+            //    as much as possible to the NDIS 6 implementation.
+            Irp->IoStatus.Status = ntStatus = RtlStringCchPrintfExA (
+                ((LPTSTR) (Irp->AssociatedIrp.SystemBuffer)),
+                outBufLength,
+                NULL,
+                NULL,
+                STRSAFE_FILL_BEHIND_NULL | STRSAFE_IGNORE_NULLS,
+#if PACKET_TRUNCATION_CHECK
+                "State=%s Err=[%s/%d] #O=%d Tx=[%d,%d,%d] Rx=[%d,%d,%d] IrpQ=[%d,%d,%d] PktQ=[%d,%d,%d] InjQ=[%d,%d,%d]",
+#else
+                "State=%s Err=[%s/%d] #O=%d Tx=[%d,%d] Rx=[%d,%d] IrpQ=[%d,%d,%d] PktQ=[%d,%d,%d] InjQ=[%d,%d,%d]",
+#endif
+                state,
+                g_LastErrorFilename,
+                g_LastErrorLineNumber,
+                (int)adapter->TapFileOpenCount,
+                (int)(adapter->FramesTxDirected + adapter->FramesTxMulticast + adapter->FramesTxBroadcast),
+                (int)adapter->TransmitFailuresOther,
+#if PACKET_TRUNCATION_CHECK
+                (int)adapter->m_TxTrunc,
+#endif
+                (int)adapter->m_Rx,
+                (int)adapter->m_RxErr,
+#if PACKET_TRUNCATION_CHECK
+                (int)adapter->m_RxTrunc,
+#endif
+                (int)adapter->PendingReadIrpQueue.Count,
+                (int)adapter->PendingReadIrpQueue.MaxCount,
+                (int)IRP_QUEUE_SIZE,        // Ignored in NDIS 6 driver...
+
+                (int)adapter->SendPacketQueue.Count,
+                (int)adapter->SendPacketQueue.MaxCount,
+                (int)PACKET_QUEUE_SIZE,
+
+                (int)0,         // adapter->InjectPacketQueue.Count - Unused
+                (int)0,         // adapter->InjectPacketQueue.MaxCount - Unused
+                (int)INJECT_QUEUE_SIZE
+                );
+
+            Irp->IoStatus.Information = outBufLength;
+
+            // BUGBUG!!! Fail because this is not completely implemented.
+            ntStatus = STATUS_INVALID_DEVICE_REQUEST;
+        }
+#endif    
+
+#if DBG
+    case TAP_WIN_IOCTL_GET_LOG_LINE:
+        {
+            if (GetDebugLine( (LPTSTR)Irp->AssociatedIrp.SystemBuffer,outBufLength))
+            {
+                Irp->IoStatus.Status = ntStatus = STATUS_SUCCESS;
+            }
+            else
+            {
+                Irp->IoStatus.Status = ntStatus = STATUS_UNSUCCESSFUL;
+            }
+
+            Irp->IoStatus.Information = outBufLength;
+
+            break;
+        }
+#endif
+
+    case TAP_WIN_IOCTL_SET_MEDIA_STATUS:
+        {
+            if(inBufLength >= sizeof(ULONG))
+            {
+                ULONG parm = ((PULONG) (Irp->AssociatedIrp.SystemBuffer))[0];
+                tapSetMediaConnectStatus (adapter, (BOOLEAN) parm);
+                Irp->IoStatus.Information = 1;
+            }
+            else
+            {
+                NOTE_ERROR();
+                Irp->IoStatus.Status = ntStatus = STATUS_INVALID_PARAMETER;
+            }
+        }
+        break;
+
+    default:
+
+        //
+        // The specified I/O control code is unrecognized by this driver.
+        //
+        ntStatus = STATUS_INVALID_DEVICE_REQUEST;
+        break;
+    }
+
+End:
+
+    //
+    // Finish the I/O operation by simply completing the packet and returning
+    // the same status as in the packet itself.
+    //
+    Irp->IoStatus.Status = ntStatus;
+
+    IoCompleteRequest( Irp, IO_NO_INCREMENT );
+
+    return ntStatus;
+}
+
+// Flush the pending read IRP queue.
+VOID
+tapFlushIrpQueues(
+    __in PTAP_ADAPTER_CONTEXT   Adapter
+    )
+{
+
+    DEBUGP (("[TAP] tapFlushIrpQueues: Flushing %d pending read IRPs\n",
+        Adapter->PendingReadIrpQueue.Count));
+
+    tapIrpCsqFlush(&Adapter->PendingReadIrpQueue);
+}
+
+// IRP_MJ_CLEANUP
+NTSTATUS
+TapDeviceCleanup(
+    PDEVICE_OBJECT DeviceObject,
+    PIRP Irp
+    )
+/*++
+
+Routine Description:
+
+    Receipt of this request indicates that the last handle for a file
+    object that is associated with the target device object has been closed
+    (but, due to outstanding I/O requests, might not have been released).
+
+    A driver that holds pending IRPs internally must implement a routine for
+    IRP_MJ_CLEANUP. When the routine is called, the driver should cancel all
+    the pending IRPs that belong to the file object identified by the IRP_MJ_CLEANUP
+    call.
+    
+    In other words, it should cancel all the IRPs that have the same file-object
+    pointer as the one supplied in the current I/O stack location of the IRP for the
+    IRP_MJ_CLEANUP call. Of course, IRPs belonging to other file objects should
+    not be canceled. Also, if an outstanding IRP is completed immediately, the
+    driver does not have to cancel it.
+
+Arguments:
+
+    DeviceObject - a pointer to the object that represents the device
+    to be cleaned up.
+
+    Irp - a pointer to the I/O Request Packet for this request.
+
+Return Value:
+
+    NT status code
+
+--*/
+
+{
+    NDIS_STATUS             status = NDIS_STATUS_SUCCESS;   // Always succeed.
+    PIO_STACK_LOCATION      irpSp;  // Pointer to current stack location
+    PTAP_ADAPTER_CONTEXT    adapter = NULL;
+
+    PAGED_CODE();
+
+    DEBUGP (("[TAP] --> TapDeviceCleanup\n"));
+
+    irpSp = IoGetCurrentIrpStackLocation(Irp);
+
+    //
+    // Fetch adapter context for this device.
+    // --------------------------------------
+    // Adapter pointer was stashed in FsContext when handle was opened.
+    //
+    adapter = (PTAP_ADAPTER_CONTEXT )(irpSp->FileObject)->FsContext;
+
+    // Insure that adapter exists.
+    ASSERT(adapter);
+
+    if(adapter == NULL )
+    {
+        DEBUGP (("[TAP] release [%d.%d] cleanup request; adapter not found\n",
+            TAP_DRIVER_MAJOR_VERSION,
+            TAP_DRIVER_MINOR_VERSION
+            ));
+    }
+
+    if(adapter != NULL )
+    {
+        adapter->TapFileIsOpen = 0;    // Legacy...
+
+        // Disconnect from media.
+        tapSetMediaConnectStatus(adapter,FALSE);
+
+        // Reset adapter state when cleaning up;
+        tapResetAdapterState(adapter);
+
+        // BUGBUG!!! Use RemoveLock???
+
+        //
+        // Flush pending send TAP packet queue.
+        //
+        tapFlushSendPacketQueue(adapter);
+
+        ASSERT(adapter->SendPacketQueue.Count == 0);
+
+        //
+        // Flush the pending IRP queues
+        //
+        tapFlushIrpQueues(adapter);
+
+        ASSERT(adapter->PendingReadIrpQueue.Count == 0);
+    }
+
+    // Complete the IRP.
+    Irp->IoStatus.Status = status;
+    Irp->IoStatus.Information = 0;
+
+    IoCompleteRequest( Irp, IO_NO_INCREMENT );
+
+    DEBUGP (("[TAP] <-- TapDeviceCleanup; status = %8.8X\n",status));
+
+    return status;
+}
+
+// IRP_MJ_CLOSE
+NTSTATUS
+TapDeviceClose(
+    PDEVICE_OBJECT DeviceObject,
+    PIRP Irp
+    )
+/*++
+
+Routine Description:
+
+    Receipt of this request indicates that the last handle of the file
+    object that is associated with the target device object has been closed
+    and released.
+    
+    All outstanding I/O requests have been completed or canceled.
+
+Arguments:
+
+    DeviceObject - a pointer to the object that represents the device
+    to be closed.
+
+    Irp - a pointer to the I/O Request Packet for this request.
+
+Return Value:
+
+    NT status code
+
+--*/
+
+{
+    NDIS_STATUS             status = NDIS_STATUS_SUCCESS;   // Always succeed.
+    PIO_STACK_LOCATION      irpSp;  // Pointer to current stack location
+    PTAP_ADAPTER_CONTEXT    adapter = NULL;
+
+    PAGED_CODE();
+
+    DEBUGP (("[TAP] --> TapDeviceClose\n"));
+
+    irpSp = IoGetCurrentIrpStackLocation(Irp);
+
+    //
+    // Fetch adapter context for this device.
+    // --------------------------------------
+    // Adapter pointer was stashed in FsContext when handle was opened.
+    //
+    adapter = (PTAP_ADAPTER_CONTEXT )(irpSp->FileObject)->FsContext;
+
+    // Insure that adapter exists.
+    ASSERT(adapter);
+
+    if(adapter == NULL )
+    {
+        DEBUGP (("[TAP] release [%d.%d] close request; adapter not found\n",
+            TAP_DRIVER_MAJOR_VERSION,
+            TAP_DRIVER_MINOR_VERSION
+            ));
+    }
+
+    if(adapter != NULL )
+    {
+        if(adapter->TapFileObject == NULL)
+        {
+            // Should never happen!!!
+            ASSERT(FALSE);
+        }
+        else
+        {
+            ASSERT(irpSp->FileObject->FsContext == adapter);
+
+            ASSERT(adapter->TapFileObject == irpSp->FileObject);
+        }
+
+        adapter->TapFileObject = NULL;
+        irpSp->FileObject = NULL;
+
+        // Remove reference added by when handle was opened.
+        tapAdapterContextDereference(adapter);
+    }
+
+    // Complete the IRP.
+    Irp->IoStatus.Status = status;
+    Irp->IoStatus.Information = 0;
+
+    IoCompleteRequest( Irp, IO_NO_INCREMENT );
+
+    DEBUGP (("[TAP] <-- TapDeviceClose; status = %8.8X\n",status));
+
+    return status;
+}
+
+NTSTATUS
+tapConcatenateNdisStrings(
+    __inout     PNDIS_STRING    DestinationString,
+    __in_opt    PNDIS_STRING    SourceString1,
+    __in_opt    PNDIS_STRING    SourceString2,
+    __in_opt    PNDIS_STRING    SourceString3
+    )
+{
+    NTSTATUS status;
+
+    ASSERT(SourceString1 && SourceString2 && SourceString3);
+
+    status = RtlAppendUnicodeStringToString(
+                DestinationString,
+                SourceString1
+                );
+
+    if(status == STATUS_SUCCESS)
+    {
+        status = RtlAppendUnicodeStringToString(
+                    DestinationString,
+                    SourceString2
+                    );
+
+        if(status == STATUS_SUCCESS)
+        {
+            status = RtlAppendUnicodeStringToString(
+                        DestinationString,
+                        SourceString3
+                        );
+        }
+    }
+
+    return status;
+}
+
+NTSTATUS
+tapMakeDeviceNames(
+    __in PTAP_ADAPTER_CONTEXT   Adapter
+    )
+{
+    NDIS_STATUS     status;
+    NDIS_STRING     deviceNamePrefix = NDIS_STRING_CONST("\\Device\\");
+    NDIS_STRING     tapNameSuffix = NDIS_STRING_CONST(".tap");
+
+    // Generate DeviceName from NetCfgInstanceId.
+    Adapter->DeviceName.Buffer = Adapter->DeviceNameBuffer;
+    Adapter->DeviceName.MaximumLength = sizeof(Adapter->DeviceNameBuffer);
+
+    status = tapConcatenateNdisStrings(
+                &Adapter->DeviceName,
+                &deviceNamePrefix,
+                &Adapter->NetCfgInstanceId,
+                &tapNameSuffix
+                );
+
+    if(status == STATUS_SUCCESS)
+    {
+        NDIS_STRING     linkNamePrefix = NDIS_STRING_CONST("\\DosDevices\\Global\\");
+
+        Adapter->LinkName.Buffer = Adapter->LinkNameBuffer;
+        Adapter->LinkName.MaximumLength = sizeof(Adapter->LinkNameBuffer);
+
+        status = tapConcatenateNdisStrings(
+                    &Adapter->LinkName,
+                    &linkNamePrefix,
+                    &Adapter->NetCfgInstanceId,
+                    &tapNameSuffix
+                    );
+    }
+
+    return status;
+}
+
+NDIS_STATUS
+CreateTapDevice(
+    __in PTAP_ADAPTER_CONTEXT   Adapter
+   )
+{
+    NDIS_STATUS                     status;
+    NDIS_DEVICE_OBJECT_ATTRIBUTES   deviceAttribute;
+    PDRIVER_DISPATCH                dispatchTable[IRP_MJ_MAXIMUM_FUNCTION+1];
+
+    DEBUGP (("[TAP] version [%d.%d] creating tap device: %wZ\n",
+        TAP_DRIVER_MAJOR_VERSION,
+        TAP_DRIVER_MINOR_VERSION,
+        &Adapter->NetCfgInstanceId));
+
+    // Generate DeviceName and LinkName from NetCfgInstanceId.
+    status = tapMakeDeviceNames(Adapter);
+
+    if (NT_SUCCESS(status))
+    {
+        DEBUGP (("[TAP] DeviceName: %wZ\n",&Adapter->DeviceName));
+        DEBUGP (("[TAP] LinkName: %wZ\n",&Adapter->LinkName));
+
+        // Initialize dispatch table.
+        NdisZeroMemory(dispatchTable, (IRP_MJ_MAXIMUM_FUNCTION+1) * sizeof(PDRIVER_DISPATCH));
+
+        dispatchTable[IRP_MJ_CREATE] = TapDeviceCreate;
+        dispatchTable[IRP_MJ_CLEANUP] = TapDeviceCleanup;
+        dispatchTable[IRP_MJ_CLOSE] = TapDeviceClose;
+        dispatchTable[IRP_MJ_READ] = TapDeviceRead;
+        dispatchTable[IRP_MJ_WRITE] = TapDeviceWrite;
+        dispatchTable[IRP_MJ_DEVICE_CONTROL] = TapDeviceControl;
+
+        //
+        // Create a device object and register dispatch handlers
+        //
+        NdisZeroMemory(&deviceAttribute, sizeof(NDIS_DEVICE_OBJECT_ATTRIBUTES));
+
+        deviceAttribute.Header.Type = NDIS_OBJECT_TYPE_DEVICE_OBJECT_ATTRIBUTES;
+        deviceAttribute.Header.Revision = NDIS_DEVICE_OBJECT_ATTRIBUTES_REVISION_1;
+        deviceAttribute.Header.Size = sizeof(NDIS_DEVICE_OBJECT_ATTRIBUTES);
+
+        deviceAttribute.DeviceName = &Adapter->DeviceName;
+        deviceAttribute.SymbolicName = &Adapter->LinkName;
+        deviceAttribute.MajorFunctions = &dispatchTable[0];
+        //deviceAttribute.ExtensionSize = sizeof(FILTER_DEVICE_EXTENSION);
+
+#if ENABLE_NONADMIN
+        if(Adapter->AllowNonAdmin)
+        {
+            //
+            // SDDL_DEVOBJ_SYS_ALL_WORLD_RWX_RES_RWX allows the kernel and system complete
+            // control over the device. By default the admin can access the entire device,
+            // but cannot change the ACL (the admin must take control of the device first)
+            //
+            // Everyone else, including "restricted" or "untrusted" code can read or write
+            // to the device. Traversal beneath the device is also granted (removing it
+            // would only effect storage devices, except if the "bypass-traversal"
+            // privilege was revoked).
+            //
+            deviceAttribute.DefaultSDDLString = &SDDL_DEVOBJ_SYS_ALL_ADM_RWX_WORLD_RWX_RES_RWX;
+        }
+#endif
+
+        status = NdisRegisterDeviceEx(
+                    Adapter->MiniportAdapterHandle,
+                    &deviceAttribute,
+                    &Adapter->DeviceObject,
+                    &Adapter->DeviceHandle
+                    );
+    }
+
+    ASSERT(NT_SUCCESS(status));
+
+    if (NT_SUCCESS(status))
+    {
+        // Set TAP device flags.
+        (Adapter->DeviceObject)->Flags &= ~DO_BUFFERED_IO;
+        (Adapter->DeviceObject)->Flags |= DO_DIRECT_IO;;
+
+      //========================
+      // Finalize initialization
+      //========================
+
+      Adapter->TapDeviceCreated = TRUE;
+
+      DEBUGP (("[%wZ] successfully created TAP device [%wZ]\n",
+	        &Adapter->NetCfgInstanceId,
+            &Adapter->DeviceName
+            ));
+    }
+
+    DEBUGP (("[TAP] <-- CreateTapDevice; status = %8.8X\n",status));
+
+    return status;
+}
+
+//
+// DestroyTapDevice is called from AdapterHalt and NDIS miniport
+// is in Halted state. Prior to entering the Halted state the
+// miniport would have passed through the Pausing and Paused
+// states. These miniport states have responsibility for waiting
+// until NDIS network operations have completed.
+//
+VOID
+DestroyTapDevice(
+    __in PTAP_ADAPTER_CONTEXT   Adapter
+   )
+{
+    DEBUGP (("[TAP] --> DestroyTapDevice; Adapter: %wZ\n",
+        &Adapter->NetCfgInstanceId));
+
+    //
+    // Let clients know we are shutting down
+    //
+    Adapter->TapDeviceCreated = FALSE;
+
+    //
+    // Flush pending send TAP packet queue.
+    //
+    tapFlushSendPacketQueue(Adapter);
+
+    ASSERT(Adapter->SendPacketQueue.Count == 0);
+
+    //
+    // Flush IRP queues. Wait for pending I/O. Etc.
+    // --------------------------------------------
+    // Exhaust IRP and packet queues. Any pending IRPs will
+    // be cancelled, causing user-space to get this error
+    // on overlapped reads:
+    //
+    //   ERROR_OPERATION_ABORTED, code=995
+    //
+    //   "The I/O operation has been aborted because of either a
+    //   thread exit or an application request."
+    //
+    // It's important that user-space close the device handle
+    // when this code is returned, so that when we finally
+    // do a NdisMDeregisterDeviceEx, the device reference count
+    // is 0.  Otherwise the driver will not unload even if the
+    // the last adapter has been halted.
+    //
+    // The act of flushing the queues at this point should result in the user-mode
+    // application closing the adapter's device handle. Closing the handle will
+    // result in the TapDeviceCleanup call being made, followed by the a call to
+    // the TapDeviceClose callback.
+    //
+    tapFlushIrpQueues(Adapter);
+
+    ASSERT(Adapter->PendingReadIrpQueue.Count == 0);
+
+    //
+    // Deregister the Win32 device.
+    // ----------------------------
+    // When a driver calls NdisDeregisterDeviceEx, the I/O manager deletes the
+    // target device object if there are no outstanding references to it. However,
+    // if any outstanding references remain, the I/O manager marks the device
+    // object as "delete pending" and deletes the device object when the references
+    // are finally released.
+    //
+    if(Adapter->DeviceHandle)
+    {
+        DEBUGP (("[TAP] Calling NdisDeregisterDeviceEx\n"));
+        NdisDeregisterDeviceEx(Adapter->DeviceHandle);
+    }
+
+    Adapter->DeviceHandle = NULL;
+
+    DEBUGP (("[TAP] <-- DestroyTapDevice\n"));
+}
+
diff --git a/windows/TapDriver6/device.h b/windows/TapDriver6/device.h
new file mode 100644
index 0000000..93dae0d
--- /dev/null
+++ b/windows/TapDriver6/device.h
@@ -0,0 +1,50 @@
+/*
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ *                 device functionality on Windows.
+ *
+ *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
+ *
+ *  This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
+ *  and is released under the GPL version 2 (see below).
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#ifndef __TAP_DEVICE_H_
+#define __TAP_DEVICE_H_
+
+//======================================================================
+// TAP Prototypes for standard Win32 device I/O entry points
+//======================================================================
+
+__drv_dispatchType(IRP_MJ_CREATE)
+DRIVER_DISPATCH TapDeviceCreate;
+
+__drv_dispatchType(IRP_MJ_READ)
+DRIVER_DISPATCH TapDeviceRead;
+
+__drv_dispatchType(IRP_MJ_WRITE)
+DRIVER_DISPATCH TapDeviceWrite;
+
+__drv_dispatchType(IRP_MJ_DEVICE_CONTROL)
+DRIVER_DISPATCH TapDeviceControl;
+
+__drv_dispatchType(IRP_MJ_CLEANUP)
+DRIVER_DISPATCH TapDeviceCleanup;
+
+__drv_dispatchType(IRP_MJ_CLOSE)
+DRIVER_DISPATCH TapDeviceClose;
+
+#endif // __TAP_DEVICE_H_
\ No newline at end of file
diff --git a/windows/TapDriver6/endian.h b/windows/TapDriver6/endian.h
new file mode 100644
index 0000000..b7d3449
--- /dev/null
+++ b/windows/TapDriver6/endian.h
@@ -0,0 +1,35 @@
+/*
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ *                 device functionality on Windows.
+ *
+ *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
+ *
+ *  This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
+ *  and is released under the GPL version 2 (see below).
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#ifdef TAP_LITTLE_ENDIAN
+#define ntohs(x) RtlUshortByteSwap(x)
+#define htons(x) RtlUshortByteSwap(x)
+#define ntohl(x) RtlUlongByteSwap(x)
+#define htonl(x) RtlUlongByteSwap(x)
+#else
+#define ntohs(x) ((USHORT)(x))
+#define htons(x) ((USHORT)(x))
+#define ntohl(x) ((ULONG)(x))
+#define htonl(x) ((ULONG)(x))
+#endif
diff --git a/windows/TapDriver6/error.c b/windows/TapDriver6/error.c
new file mode 100644
index 0000000..1fad1d3
--- /dev/null
+++ b/windows/TapDriver6/error.c
@@ -0,0 +1,398 @@
+/*
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ *                 device functionality on Windows.
+ *
+ *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
+ *
+ *  This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
+ *  and is released under the GPL version 2 (see below).
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include "tap.h"
+
+//-----------------
+// DEBUGGING OUTPUT
+//-----------------
+
+const char *g_LastErrorFilename;
+int g_LastErrorLineNumber;
+
+#if DBG
+
+DebugOutput g_Debug;
+
+BOOLEAN
+NewlineExists (const char *str, int len)
+{
+    while (len-- > 0)
+    {
+        const char c = *str++;
+        if (c == '\n')
+            return TRUE;
+        else if (c == '\0')
+            break;
+    }
+    return FALSE;
+}
+
+VOID
+MyDebugInit (unsigned int bufsiz)
+{
+    NdisZeroMemory (&g_Debug, sizeof (g_Debug));
+    g_Debug.text = (char *) MemAlloc (bufsiz, FALSE);
+
+    if (g_Debug.text)
+    {
+        g_Debug.capacity = bufsiz;
+    }
+}
+
+VOID
+MyDebugFree ()
+{
+    if (g_Debug.text)
+    {
+        MemFree (g_Debug.text, g_Debug.capacity);
+    }
+
+    NdisZeroMemory (&g_Debug, sizeof (g_Debug));
+}
+
+VOID
+MyDebugPrint (const unsigned char* format, ...)
+{
+    if (g_Debug.text && g_Debug.capacity > 0 && CAN_WE_PRINT)
+    {
+        BOOLEAN owned;
+        ACQUIRE_MUTEX_ADAPTIVE (&g_Debug.lock, owned);
+        if (owned)
+        {
+            const int remaining = (int)g_Debug.capacity - (int)g_Debug.out;
+
+            if (remaining > 0)
+            {
+                va_list args;
+                NTSTATUS status;
+                char *end;
+
+#ifdef DBG_PRINT
+                va_start (args, format);
+                vDbgPrintEx (DPFLTR_IHVNETWORK_ID, DPFLTR_INFO_LEVEL, format, args);
+                va_end (args);
+#endif
+                va_start (args, format);
+                status = RtlStringCchVPrintfExA (g_Debug.text + g_Debug.out,
+                    remaining,
+                    &end,
+                    NULL,
+                    STRSAFE_NO_TRUNCATION | STRSAFE_IGNORE_NULLS,
+                    format,
+                    args);
+                va_end (args);
+                va_start (args, format);
+                vDbgPrintEx(DPFLTR_IHVDRIVER_ID , 1, format, args);
+                va_end (args);
+                if (status == STATUS_SUCCESS)
+                    g_Debug.out = (unsigned int) (end - g_Debug.text);
+                else
+                    g_Debug.error = TRUE;
+            }
+            else
+                g_Debug.error = TRUE;
+
+            RELEASE_MUTEX (&g_Debug.lock);
+        }
+        else
+            g_Debug.error = TRUE;
+    }
+}
+
+BOOLEAN
+GetDebugLine (
+    __in char *buf,
+    __in const int len
+    )
+{
+    static const char *truncated = "[OUTPUT TRUNCATED]\n";
+    BOOLEAN ret = FALSE;
+
+    NdisZeroMemory (buf, len);
+
+    if (g_Debug.text && g_Debug.capacity > 0)
+    {
+        BOOLEAN owned;
+        ACQUIRE_MUTEX_ADAPTIVE (&g_Debug.lock, owned);
+        if (owned)
+        {
+            int i = 0;
+
+            if (g_Debug.error || NewlineExists (g_Debug.text + g_Debug.in, (int)g_Debug.out - (int)g_Debug.in))
+            {
+                while (i < (len - 1) && g_Debug.in < g_Debug.out)
+                {
+                    const char c = g_Debug.text[g_Debug.in++];
+                    if (c == '\n')
+                        break;
+                    buf[i++] = c;
+                }
+                if (i < len)
+                    buf[i] = '\0';
+            }
+
+            if (!i)
+            {
+                if (g_Debug.in == g_Debug.out)
+                {
+                    g_Debug.in = g_Debug.out = 0;
+                    if (g_Debug.error)
+                    {
+                        const unsigned int tlen = strlen (truncated);
+                        if (tlen < g_Debug.capacity)
+                        {
+                            NdisMoveMemory (g_Debug.text, truncated, tlen+1);
+                            g_Debug.out = tlen;
+                        }
+                        g_Debug.error = FALSE;
+                    }
+                }
+            }
+            else
+                ret = TRUE;
+
+            RELEASE_MUTEX (&g_Debug.lock);
+        }      
+    }
+    return ret;
+}
+
+VOID
+PrMac (const MACADDR mac)
+{
+  DEBUGP (("%x:%x:%x:%x:%x:%x",
+	    mac[0], mac[1], mac[2],
+	    mac[3], mac[4], mac[5]));
+}
+
+VOID
+PrIP (IPADDR ip_addr)
+{
+  const unsigned char *ip = (const unsigned char *) &ip_addr;
+
+  DEBUGP (("%d.%d.%d.%d",
+	    ip[0], ip[1], ip[2], ip[3]));
+}
+
+const char *
+PrIPProto (int proto)
+{
+    switch (proto)
+    {
+    case IPPROTO_UDP:
+        return "UDP";
+
+    case IPPROTO_TCP:
+        return "TCP";
+
+    case IPPROTO_ICMP:
+        return "ICMP";
+
+    case IPPROTO_IGMP:
+        return "IGMP";
+
+    default:
+        return "???";
+    }
+}
+
+VOID
+DumpARP (const char *prefix, const ARP_PACKET *arp)
+{
+  DEBUGP (("%s ARP src=", prefix));
+  PrMac (arp->m_MAC_Source);
+  DEBUGP ((" dest="));
+  PrMac (arp->m_MAC_Destination);
+  DEBUGP ((" OP=0x%04x",
+	    (int)ntohs(arp->m_ARP_Operation)));
+  DEBUGP ((" M=0x%04x(%d)",
+	    (int)ntohs(arp->m_MAC_AddressType),
+	    (int)arp->m_MAC_AddressSize));
+  DEBUGP ((" P=0x%04x(%d)",
+	    (int)ntohs(arp->m_PROTO_AddressType),
+	    (int)arp->m_PROTO_AddressSize));
+
+  DEBUGP ((" MacSrc="));
+  PrMac (arp->m_ARP_MAC_Source);
+  DEBUGP ((" MacDest="));
+  PrMac (arp->m_ARP_MAC_Destination);
+
+  DEBUGP ((" IPSrc="));
+  PrIP (arp->m_ARP_IP_Source);
+  DEBUGP ((" IPDest="));
+  PrIP (arp->m_ARP_IP_Destination);
+
+  DEBUGP (("\n"));
+}
+
+struct ethpayload
+{
+  ETH_HEADER eth;
+  UCHAR payload[DEFAULT_PACKET_LOOKAHEAD];
+};
+
+#ifdef ALLOW_PACKET_DUMP
+
+VOID
+DumpPacket2(
+    __in const char *prefix,
+    __in const ETH_HEADER *eth,
+    __in const unsigned char *data,
+    __in unsigned int len
+    )
+{
+    struct ethpayload *ep = (struct ethpayload *) MemAlloc (sizeof (struct ethpayload), TRUE);
+    if (ep)
+    {
+        if (len > DEFAULT_PACKET_LOOKAHEAD)
+            len = DEFAULT_PACKET_LOOKAHEAD;
+        ep->eth = *eth;
+        NdisMoveMemory (ep->payload, data, len);
+        DumpPacket (prefix, (unsigned char *) ep, sizeof (ETH_HEADER) + len);
+        MemFree (ep, sizeof (struct ethpayload));
+    }
+}
+
+VOID
+DumpPacket(
+    __in const char *prefix,
+    __in const unsigned char *data,
+    __in unsigned int len
+    )
+{
+    const ETH_HEADER *eth = (const ETH_HEADER *) data;
+    const IPHDR *ip = (const IPHDR *) (data + sizeof (ETH_HEADER));
+
+    if (len < sizeof (ETH_HEADER))
+    {
+        DEBUGP (("%s TRUNCATED PACKET LEN=%d\n", prefix, len));
+        return;
+    }
+
+    // ARP Packet?
+    if (len >= sizeof (ARP_PACKET) && eth->proto == htons (ETH_P_ARP))
+    {
+        DumpARP (prefix, (const ARP_PACKET *) data);
+        return;
+    }
+
+    // IPv4 packet?
+    if (len >= (sizeof (IPHDR) + sizeof (ETH_HEADER))
+        && eth->proto == htons (ETH_P_IP)
+        && IPH_GET_VER (ip->version_len) == 4)
+    {
+        const int hlen = IPH_GET_LEN (ip->version_len);
+        const int blen = len - sizeof (ETH_HEADER);
+        BOOLEAN did = FALSE;
+
+        DEBUGP (("%s IPv4 %s[%d]", prefix, PrIPProto (ip->protocol), len));
+
+        if (!(ntohs (ip->tot_len) == blen && hlen <= blen))
+        {
+            DEBUGP ((" XXX"));
+            return;
+        }
+
+        // TCP packet?
+        if (ip->protocol == IPPROTO_TCP
+            && blen - hlen >= (sizeof (TCPHDR)))
+        {
+            const TCPHDR *tcp = (TCPHDR *) (data + sizeof (ETH_HEADER) + hlen);
+            DEBUGP ((" "));
+            PrIP (ip->saddr);
+            DEBUGP ((":%d", ntohs (tcp->source)));
+            DEBUGP ((" -> "));
+            PrIP (ip->daddr);
+            DEBUGP ((":%d", ntohs (tcp->dest)));
+            did = TRUE;
+        }
+
+        // UDP packet?
+        else if ((ntohs (ip->frag_off) & IP_OFFMASK) == 0
+            && ip->protocol == IPPROTO_UDP
+            && blen - hlen >= (sizeof (UDPHDR)))
+        {
+            const UDPHDR *udp = (UDPHDR *) (data + sizeof (ETH_HEADER) + hlen);
+
+            // DHCP packet?
+            if ((udp->dest == htons (BOOTPC_PORT) || udp->dest == htons (BOOTPS_PORT))
+                && blen - hlen >= (sizeof (UDPHDR) + sizeof (DHCP)))
+            {
+                const DHCP *dhcp = (DHCP *) (data
+                    + hlen
+                    + sizeof (ETH_HEADER)
+                    + sizeof (UDPHDR));
+
+                int optlen = len
+                    - sizeof (ETH_HEADER)
+                    - hlen
+                    - sizeof (UDPHDR)
+                    - sizeof (DHCP);
+
+                if (optlen < 0)
+                    optlen = 0;
+
+                DumpDHCP (eth, ip, udp, dhcp, optlen);
+                did = TRUE;
+            }
+
+            if (!did)
+            {
+                DEBUGP ((" "));
+                PrIP (ip->saddr);
+                DEBUGP ((":%d", ntohs (udp->source)));
+                DEBUGP ((" -> "));
+                PrIP (ip->daddr);
+                DEBUGP ((":%d", ntohs (udp->dest)));
+                did = TRUE;
+            }
+        }
+
+        if (!did)
+        {
+            DEBUGP ((" ipproto=%d ", ip->protocol));
+            PrIP (ip->saddr);
+            DEBUGP ((" -> "));
+            PrIP (ip->daddr);
+        }
+
+        DEBUGP (("\n"));
+        return;
+    }
+
+    {
+        DEBUGP (("%s ??? src=", prefix));
+        PrMac (eth->src);
+        DEBUGP ((" dest="));
+        PrMac (eth->dest);
+        DEBUGP ((" proto=0x%04x len=%d\n",
+            (int) ntohs(eth->proto),
+            len));
+    }
+}
+
+#endif // ALLOW_PACKET_DUMP
+
+#endif
diff --git a/windows/TapDriver6/error.h b/windows/TapDriver6/error.h
new file mode 100644
index 0000000..2ba39cc
--- /dev/null
+++ b/windows/TapDriver6/error.h
@@ -0,0 +1,114 @@
+/*
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ *                 device functionality on Windows.
+ *
+ *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
+ *
+ *  This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
+ *  and is released under the GPL version 2 (see below).
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+//-----------------
+// DEBUGGING OUTPUT
+//-----------------
+
+extern const char *g_LastErrorFilename;
+extern int g_LastErrorLineNumber;
+
+// Debug info output
+#define ALSO_DBGPRINT           1
+#define DEBUGP_AT_DISPATCH      1
+
+// Uncomment line below to allow packet dumps
+//#define ALLOW_PACKET_DUMP       1
+
+#define NOTE_ERROR() \
+{ \
+  g_LastErrorFilename = __FILE__; \
+  g_LastErrorLineNumber = __LINE__; \
+}
+
+#if DBG
+
+typedef struct
+{
+    unsigned int in;
+    unsigned int out;
+    unsigned int capacity;
+    char *text;
+    BOOLEAN error;
+    MUTEX lock;
+} DebugOutput;
+
+VOID MyDebugPrint (const unsigned char* format, ...);
+
+VOID PrMac (const MACADDR mac);
+
+VOID PrIP (IPADDR ip_addr);
+
+#ifdef ALLOW_PACKET_DUMP
+
+VOID
+DumpPacket(
+    __in const char *prefix,
+    __in const unsigned char *data,
+    __in unsigned int len
+    );
+
+DumpPacket2(
+    __in const char *prefix,
+    __in const ETH_HEADER *eth,
+    __in const unsigned char *data,
+    __in unsigned int len
+    );
+
+#else
+#define DUMP_PACKET(prefix, data, len)
+#define DUMP_PACKET2(prefix, eth, data, len)
+#endif
+
+#define CAN_WE_PRINT (DEBUGP_AT_DISPATCH || KeGetCurrentIrql () < DISPATCH_LEVEL)
+
+#if ALSO_DBGPRINT
+#define DEBUGP(fmt) { MyDebugPrint fmt; if (CAN_WE_PRINT) DbgPrint fmt; }
+#else
+#define DEBUGP(fmt) { MyDebugPrint fmt; }
+#endif
+
+#ifdef ALLOW_PACKET_DUMP
+
+#define DUMP_PACKET(prefix, data, len) \
+  DumpPacket (prefix, data, len)
+
+#define DUMP_PACKET2(prefix, eth, data, len) \
+  DumpPacket2 (prefix, eth, data, len)
+
+#endif
+
+BOOLEAN
+GetDebugLine (
+    __in char *buf,
+    __in const int len
+    );
+
+#else 
+
+#define DEBUGP(fmt)
+#define DUMP_PACKET(prefix, data, len)
+#define DUMP_PACKET2(prefix, eth, data, len)
+
+#endif
diff --git a/windows/TapDriver6/hexdump.h b/windows/TapDriver6/hexdump.h
new file mode 100644
index 0000000..d6275c1
--- /dev/null
+++ b/windows/TapDriver6/hexdump.h
@@ -0,0 +1,63 @@
+/*
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ *                 device functionality on Windows.
+ *
+ *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
+ *
+ *  This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
+ *  and is released under the GPL version 2 (see below).
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#ifndef HEXDUMP_DEFINED
+#define HEXDUMP_DEFINED
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+//=====================================================================================
+//                                   Debug Routines
+//=====================================================================================
+
+#ifndef NDIS_MINIPORT_DRIVER
+#   include <stdio.h>
+#   include <ctype.h>
+#   include <windows.h>
+#   include <winnt.h>
+#   include <memory.h>
+
+#   ifndef DEBUGP
+#      define DEBUGP(fmt) { DbgMessage fmt; }
+#   endif
+
+    extern VOID (*DbgMessage)(char *p_Format, ...);
+
+    VOID DisplayDebugString (char *p_Format, ...);
+#endif
+
+//===================================================================================
+//                              Reporting / Debugging
+//===================================================================================
+#define IfPrint(c) (c >= 32 && c < 127 ? c : '.')
+
+VOID HexDump (unsigned char *p_Buffer, unsigned long p_Size);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/windows/TapDriver6/lock.h b/windows/TapDriver6/lock.h
new file mode 100644
index 0000000..c80b164
--- /dev/null
+++ b/windows/TapDriver6/lock.h
@@ -0,0 +1,75 @@
+/*
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ *                 device functionality on Windows.
+ *
+ *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
+ *
+ *  This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
+ *  and is released under the GPL version 2 (see below).
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+typedef struct
+{
+  volatile long count;
+} MUTEX;
+
+#define MUTEX_SLEEP_TIME  10000 // microseconds
+
+#define INIT_MUTEX(m) { (m)->count = 0; }
+
+#define ACQUIRE_MUTEX_BLOCKING(m)                         \
+{                                                         \
+    while (NdisInterlockedIncrement (&((m)->count)) != 1) \
+    {                                                     \
+        NdisInterlockedDecrement(&((m)->count));          \
+        NdisMSleep(MUTEX_SLEEP_TIME);                     \
+    }                                                     \
+}
+
+#define RELEASE_MUTEX(m)                                  \
+{                                                         \
+        NdisInterlockedDecrement(&((m)->count));          \
+}
+
+#define ACQUIRE_MUTEX_NONBLOCKING(m, result)              \
+{                                                         \
+    if (NdisInterlockedIncrement (&((m)->count)) != 1)    \
+    {                                                     \
+        NdisInterlockedDecrement(&((m)->count));          \
+        result = FALSE;                                   \
+    }                                                     \
+    else                                                  \
+    {                                                     \
+	result = TRUE;                                    \
+    }                                                     \
+}
+
+#define ACQUIRE_MUTEX_ADAPTIVE(m, result)                 \
+{                                                         \
+    result = TRUE;                                        \
+    while (NdisInterlockedIncrement (&((m)->count)) != 1) \
+    {                                                     \
+        NdisInterlockedDecrement(&((m)->count));          \
+        if (KeGetCurrentIrql () < DISPATCH_LEVEL)         \
+            NdisMSleep(MUTEX_SLEEP_TIME);                 \
+        else                                              \
+        {                                                 \
+	    result = FALSE;                               \
+	    break;                                        \
+        }                                                 \
+    }                                                     \
+}
diff --git a/windows/TapDriver6/macinfo.c b/windows/TapDriver6/macinfo.c
new file mode 100644
index 0000000..dfd0a07
--- /dev/null
+++ b/windows/TapDriver6/macinfo.c
@@ -0,0 +1,164 @@
+/*
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ *                 device functionality on Windows.
+ *
+ *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
+ *
+ *  This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
+ *  and is released under the GPL version 2 (see below).
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+
+#include "tap.h"
+
+int
+HexStringToDecimalInt (const int p_Character)
+{
+    int l_Value = 0;
+
+    if (p_Character >= 'A' && p_Character <= 'F')
+        l_Value = (p_Character - 'A') + 10;
+    else if (p_Character >= 'a' && p_Character <= 'f')
+        l_Value = (p_Character - 'a') + 10;
+    else if (p_Character >= '0' && p_Character <= '9')
+        l_Value = p_Character - '0';
+
+    return l_Value;
+}
+
+BOOLEAN
+ParseMAC (MACADDR dest, const char *src)
+{
+    int c;
+    int mac_index = 0;
+    BOOLEAN high_digit = FALSE;
+    int delim_action = 1;
+
+    ASSERT (src);
+    ASSERT (dest);
+
+    CLEAR_MAC (dest);
+
+    while (c = *src++)
+    {
+        if (IsMacDelimiter (c))
+        {
+            mac_index += delim_action;
+            high_digit = FALSE;
+            delim_action = 1;
+        }
+        else if (IsHexDigit (c))
+        {
+            const int digit = HexStringToDecimalInt (c);
+            if (mac_index < sizeof (MACADDR))
+            {
+                if (!high_digit)
+                {
+                    dest[mac_index] = (char)(digit);
+                    high_digit = TRUE;
+                    delim_action = 1;
+                }
+                else
+                {
+                    dest[mac_index] = (char)(dest[mac_index] * 16 + digit);
+                    ++mac_index;
+                    high_digit = FALSE;
+                    delim_action = 0;
+                }
+            }
+            else
+                return FALSE;
+        }
+        else
+            return FALSE;
+    }
+
+    return (mac_index + delim_action) >= sizeof (MACADDR);
+}
+
+/*
+ * Generate a MAC using the GUID in the adapter name.
+ *
+ * The mac is constructed as 00:FF:xx:xx:xx:xx where
+ * the Xs are taken from the first 32 bits of the GUID in the
+ * adapter name.  This is similar to the Linux 2.4 tap MAC
+ * generator, except linux uses 32 random bits for the Xs.
+ *
+ * In general, this solution is reasonable for most
+ * applications except for very large bridged TAP networks,
+ * where the probability of address collisions becomes more
+ * than infintesimal.
+ *
+ * Using the well-known "birthday paradox", on a 1000 node
+ * network the probability of collision would be
+ * 0.000116292153.  On a 10,000 node network, the probability
+ * of collision would be 0.01157288998621678766.
+ */
+
+VOID
+GenerateRandomMac(
+    __in MACADDR mac,
+    __in const unsigned char *adapter_name
+    )
+{
+    unsigned const char *cp = adapter_name;
+    unsigned char c;
+    unsigned int i = 2;
+    unsigned int byte = 0;
+    int brace = 0;
+    int state = 0;
+
+    CLEAR_MAC (mac);
+
+    mac[0] = 0x00;
+    mac[1] = 0xFF;
+
+    while (c = *cp++)
+    {
+        if (i >= sizeof (MACADDR))
+            break;
+        if (c == '{')
+            brace = 1;
+        if (IsHexDigit (c) && brace)
+        {
+            const unsigned int digit = HexStringToDecimalInt (c);
+            if (state)
+            {
+                byte <<= 4;
+                byte |= digit;
+                mac[i++] = (unsigned char) byte;
+                state = 0;
+            }
+            else
+            {
+                byte = digit;
+                state = 1;
+            }
+        }
+    }
+}
+
+VOID
+GenerateRelatedMAC(
+    __in MACADDR dest,
+    __in const MACADDR src,
+    __in const int delta
+    )
+{
+    ETH_COPY_NETWORK_ADDRESS (dest, src);
+    dest[2] += (UCHAR) delta;
+}
diff --git a/windows/TapDriver6/macinfo.h b/windows/TapDriver6/macinfo.h
new file mode 100644
index 0000000..dd88b6f
--- /dev/null
+++ b/windows/TapDriver6/macinfo.h
@@ -0,0 +1,53 @@
+/*
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ *                 device functionality on Windows.
+ *
+ *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
+ *
+ *  This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
+ *  and is released under the GPL version 2 (see below).
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#ifndef MacInfoDefined
+#define MacInfoDefined
+
+//===================================================================================
+//                                      Macros
+//===================================================================================
+#define IsMacDelimiter(a) (a == ':' || a == '-' || a == '.')
+#define IsHexDigit(c) ((c >= '0' && c <= '9') || (c >= 'A' && c <= 'F') || (c >= 'a' && c <= 'f'))
+
+#define CLEAR_MAC(dest)     NdisZeroMemory ((dest), sizeof (MACADDR))
+#define MAC_EQUAL(a,b)      (memcmp ((a), (b), sizeof (MACADDR)) == 0)
+
+BOOLEAN
+ParseMAC (MACADDR dest, const char *src);
+
+VOID
+GenerateRandomMac(
+    __in MACADDR mac,
+    __in const unsigned char *adapter_name
+    );
+
+VOID
+GenerateRelatedMAC(
+    __in MACADDR dest,
+    __in const MACADDR src,
+    __in const int delta
+    );
+
+#endif
diff --git a/windows/TapDriver6/mem.c b/windows/TapDriver6/mem.c
new file mode 100644
index 0000000..ae2e3d4
--- /dev/null
+++ b/windows/TapDriver6/mem.c
@@ -0,0 +1,401 @@
+/*
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ *                 device functionality on Windows.
+ *
+ *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
+ *
+ *  This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
+ *  and is released under the GPL version 2 (see below).
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+//------------------
+// Memory Management
+//------------------
+
+#include "tap.h"
+
+PVOID
+MemAlloc(
+    __in ULONG p_Size,
+    __in BOOLEAN zero
+    )
+{
+    PVOID l_Return = NULL;
+
+    if (p_Size)
+    {
+        __try
+        {
+            if (NdisAllocateMemoryWithTag (&l_Return, p_Size, 'APAT')
+                == NDIS_STATUS_SUCCESS)
+            {
+                if (zero)
+                {
+                    NdisZeroMemory (l_Return, p_Size);
+                }
+            }
+            else
+            {
+                l_Return = NULL;
+            }
+        }
+        __except (EXCEPTION_EXECUTE_HANDLER)
+        {
+            l_Return = NULL;
+        }
+    }
+
+    return l_Return;
+}
+
+VOID
+MemFree(
+    __in PVOID p_Addr,
+    __in ULONG p_Size
+    )
+{
+    if (p_Addr && p_Size)
+    {
+        __try
+        {
+#if DBG
+            NdisZeroMemory (p_Addr, p_Size);
+#endif
+            NdisFreeMemory (p_Addr, p_Size, 0);
+        }
+        __except (EXCEPTION_EXECUTE_HANDLER)
+        {
+        }
+    }
+}
+
+//======================================================================
+// TAP Packet Queue Support
+//======================================================================
+
+VOID
+tapPacketQueueInsertTail(
+    __in PTAP_PACKET_QUEUE  TapPacketQueue,
+    __in PTAP_PACKET        TapPacket
+    )
+{
+    KIRQL  irql;
+
+    KeAcquireSpinLock(&TapPacketQueue->QueueLock,&irql);
+
+    InsertTailList(&TapPacketQueue->Queue,&TapPacket->QueueLink);
+
+    // BUGBUG!!! Enforce PACKET_QUEUE_SIZE queue count limit???
+    // For NDIS 6 there is no per-packet status, so this will need to
+    // be handled on per-NBL basis in AdapterSendNetBufferLists...
+
+    // Update counts
+    ++TapPacketQueue->Count;
+
+    if(TapPacketQueue->Count > TapPacketQueue->MaxCount)
+    {
+        TapPacketQueue->MaxCount = TapPacketQueue->Count;
+
+        DEBUGP (("[TAP] tapPacketQueueInsertTail: New MAX queued packet count = %d\n",
+            TapPacketQueue->MaxCount));
+    }
+
+    KeReleaseSpinLock(&TapPacketQueue->QueueLock,irql);
+}
+
+// Call with QueueLock held
+PTAP_PACKET
+tapPacketRemoveHeadLocked(
+    __in PTAP_PACKET_QUEUE  TapPacketQueue
+    )
+{
+    PTAP_PACKET     tapPacket = NULL;
+    PLIST_ENTRY     listEntry;
+
+    listEntry = RemoveHeadList(&TapPacketQueue->Queue);
+
+    if(listEntry != &TapPacketQueue->Queue)
+    {
+        tapPacket = CONTAINING_RECORD(listEntry, TAP_PACKET, QueueLink);
+
+        // Update counts
+        --TapPacketQueue->Count;
+    }
+
+    return tapPacket;
+}
+
+PTAP_PACKET
+tapPacketRemoveHead(
+    __in PTAP_PACKET_QUEUE  TapPacketQueue
+    )
+{
+    PTAP_PACKET     tapPacket = NULL;
+    KIRQL           irql;
+
+    KeAcquireSpinLock(&TapPacketQueue->QueueLock,&irql);
+
+    tapPacket = tapPacketRemoveHeadLocked(TapPacketQueue);
+
+    KeReleaseSpinLock(&TapPacketQueue->QueueLock,irql);
+
+    return tapPacket;
+}
+
+VOID
+tapPacketQueueInitialize(
+    __in PTAP_PACKET_QUEUE  TapPacketQueue
+    )
+{
+    KeInitializeSpinLock(&TapPacketQueue->QueueLock);
+
+    NdisInitializeListHead(&TapPacketQueue->Queue);
+}
+
+//======================================================================
+// TAP Cancel-Safe Queue Support
+//======================================================================
+
+VOID
+tapIrpCsqInsert (
+    __in struct _IO_CSQ    *Csq,
+    __in PIRP              Irp
+    )
+{
+    PTAP_IRP_CSQ          tapIrpCsq;
+
+    tapIrpCsq = (PTAP_IRP_CSQ )Csq;
+
+    InsertTailList(
+        &tapIrpCsq->Queue,
+        &Irp->Tail.Overlay.ListEntry
+        );
+
+    // Update counts
+    ++tapIrpCsq->Count;
+
+    if(tapIrpCsq->Count > tapIrpCsq->MaxCount)
+    {
+        tapIrpCsq->MaxCount = tapIrpCsq->Count;
+
+        DEBUGP (("[TAP] tapIrpCsqInsert: New MAX queued IRP count = %d\n",
+            tapIrpCsq->MaxCount));
+    }
+}
+
+VOID
+tapIrpCsqRemoveIrp(
+    __in PIO_CSQ Csq,
+    __in PIRP    Irp
+    )
+{
+    PTAP_IRP_CSQ          tapIrpCsq;
+
+    tapIrpCsq = (PTAP_IRP_CSQ )Csq;
+
+    // Update counts
+    --tapIrpCsq->Count;
+
+    RemoveEntryList(&Irp->Tail.Overlay.ListEntry);
+}
+
+
+PIRP
+tapIrpCsqPeekNextIrp(
+    __in PIO_CSQ Csq,
+    __in PIRP    Irp,
+    __in PVOID   PeekContext
+    )
+{
+    PTAP_IRP_CSQ          tapIrpCsq;
+    PIRP                    nextIrp = NULL;
+    PLIST_ENTRY             nextEntry;
+    PLIST_ENTRY             listHead;
+    PIO_STACK_LOCATION      irpStack;
+
+    tapIrpCsq = (PTAP_IRP_CSQ )Csq;
+
+    listHead = &tapIrpCsq->Queue;
+
+    //
+    // If the IRP is NULL, we will start peeking from the listhead, else
+    // we will start from that IRP onwards. This is done under the
+    // assumption that new IRPs are always inserted at the tail.
+    //
+
+    if (Irp == NULL)
+    {
+        nextEntry = listHead->Flink;
+    }
+    else
+    {
+        nextEntry = Irp->Tail.Overlay.ListEntry.Flink;
+    }
+
+    while(nextEntry != listHead)
+    {
+        nextIrp = CONTAINING_RECORD(nextEntry, IRP, Tail.Overlay.ListEntry);
+
+        irpStack = IoGetCurrentIrpStackLocation(nextIrp);
+
+        //
+        // If context is present, continue until you find a matching one.
+        // Else you break out as you got next one.
+        //
+        if (PeekContext)
+        {
+            if (irpStack->FileObject == (PFILE_OBJECT) PeekContext)
+            {
+                break;
+            }
+        }
+        else
+        {
+            break;
+        }
+
+        nextIrp = NULL;
+        nextEntry = nextEntry->Flink;
+    }
+
+    return nextIrp;
+}
+
+//
+// tapIrpCsqAcquireQueueLock modifies the execution level of the current processor.
+// 
+// KeAcquireSpinLock raises the execution level to Dispatch Level and stores
+// the current execution level in the Irql parameter to be restored at a later
+// time.  KeAcqurieSpinLock also requires us to be running at no higher than
+// Dispatch level when it is called.
+//
+// The annotations reflect these changes and requirments.
+//
+
+__drv_raisesIRQL(DISPATCH_LEVEL)
+__drv_maxIRQL(DISPATCH_LEVEL)
+VOID
+tapIrpCsqAcquireQueueLock(
+     __in PIO_CSQ Csq,
+     __out PKIRQL  Irql
+    )
+{
+    PTAP_IRP_CSQ          tapIrpCsq;
+
+    tapIrpCsq = (PTAP_IRP_CSQ )Csq;
+
+    //
+    // Suppressing because the address below csq is valid since it's
+    // part of TAP_ADAPTER_CONTEXT structure.
+    //
+#pragma prefast(suppress: __WARNING_BUFFER_UNDERFLOW, "Underflow using expression 'adapter->PendingReadCsqQueueLock'")
+    KeAcquireSpinLock(&tapIrpCsq->QueueLock, Irql);
+}
+
+//
+// tapIrpCsqReleaseQueueLock modifies the execution level of the current processor.
+// 
+// KeReleaseSpinLock assumes we already hold the spin lock and are therefore
+// running at Dispatch level.  It will use the Irql parameter saved in a
+// previous call to KeAcquireSpinLock to return the thread back to it's original
+// execution level.
+//
+// The annotations reflect these changes and requirments.
+//
+
+__drv_requiresIRQL(DISPATCH_LEVEL)
+VOID
+tapIrpCsqReleaseQueueLock(
+     __in PIO_CSQ Csq,
+     __in KIRQL   Irql
+    )
+{
+    PTAP_IRP_CSQ          tapIrpCsq;
+
+    tapIrpCsq = (PTAP_IRP_CSQ )Csq;
+
+    //
+    // Suppressing because the address below csq is valid since it's
+    // part of TAP_ADAPTER_CONTEXT structure.
+    //
+#pragma prefast(suppress: __WARNING_BUFFER_UNDERFLOW, "Underflow using expression 'adapter->PendingReadCsqQueueLock'")
+    KeReleaseSpinLock(&tapIrpCsq->QueueLock, Irql);
+}
+
+VOID
+tapIrpCsqCompleteCanceledIrp(
+    __in  PIO_CSQ             pCsq,
+    __in  PIRP                Irp
+    )
+{
+    UNREFERENCED_PARAMETER(pCsq);
+
+    Irp->IoStatus.Status = STATUS_CANCELLED;
+    Irp->IoStatus.Information = 0;
+    IoCompleteRequest(Irp, IO_NO_INCREMENT);
+}
+
+VOID
+tapIrpCsqInitialize(
+    __in PTAP_IRP_CSQ  TapIrpCsq
+    )
+{
+    KeInitializeSpinLock(&TapIrpCsq->QueueLock);
+
+    NdisInitializeListHead(&TapIrpCsq->Queue);
+
+    IoCsqInitialize(
+        &TapIrpCsq->CsqQueue,
+        tapIrpCsqInsert,
+        tapIrpCsqRemoveIrp,
+        tapIrpCsqPeekNextIrp,
+        tapIrpCsqAcquireQueueLock,
+        tapIrpCsqReleaseQueueLock,
+        tapIrpCsqCompleteCanceledIrp
+        );
+}
+
+VOID
+tapIrpCsqFlush(
+    __in PTAP_IRP_CSQ  TapIrpCsq
+    )
+{
+    PIRP    pendingIrp;
+
+    //
+    // Flush the pending read IRP queue.
+    //
+    pendingIrp = IoCsqRemoveNextIrp(
+                    &TapIrpCsq->CsqQueue,
+                    NULL
+                    );
+
+    while(pendingIrp) 
+    {
+        // Cancel the IRP
+        pendingIrp->IoStatus.Information = 0;
+        pendingIrp->IoStatus.Status = STATUS_CANCELLED;
+        IoCompleteRequest(pendingIrp, IO_NO_INCREMENT);
+
+        pendingIrp = IoCsqRemoveNextIrp(
+                        &TapIrpCsq->CsqQueue,
+                        NULL
+                        );
+    }
+
+    ASSERT(IsListEmpty(&TapIrpCsq->Queue));
+}
diff --git a/windows/TapDriver6/mem.h b/windows/TapDriver6/mem.h
new file mode 100644
index 0000000..a8359e1
--- /dev/null
+++ b/windows/TapDriver6/mem.h
@@ -0,0 +1,113 @@
+/*
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ *                 device functionality on Windows.
+ *
+ *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
+ *
+ *  This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
+ *  and is released under the GPL version 2 (see below).
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+//------------------
+// Memory Management
+//------------------
+
+PVOID
+MemAlloc(
+    __in ULONG p_Size,
+    __in BOOLEAN zero
+    );
+
+VOID
+MemFree(
+    __in PVOID p_Addr,
+    __in ULONG p_Size
+    );
+
+//======================================================================
+// TAP Packet Queue
+//======================================================================
+
+typedef
+struct _TAP_PACKET
+{
+    LIST_ENTRY                  QueueLink;
+
+#   define TAP_PACKET_SIZE(data_size) (sizeof (TAP_PACKET) + (data_size))
+#   define TP_TUN 0x80000000
+#   define TP_SIZE_MASK      (~TP_TUN)
+    ULONG                       m_SizeFlags;
+
+    // m_Data must be the last struct member
+    UCHAR                       m_Data [];
+} TAP_PACKET, *PTAP_PACKET;
+
+#define TAP_PACKET_TAG      '6PAT'  // "TAP6"
+
+typedef struct _TAP_PACKET_QUEUE
+{
+    KSPIN_LOCK      QueueLock;
+    LIST_ENTRY      Queue;
+    ULONG           Count;   // Count of currently queued items
+    ULONG           MaxCount;
+} TAP_PACKET_QUEUE, *PTAP_PACKET_QUEUE;
+
+VOID
+tapPacketQueueInsertTail(
+    __in PTAP_PACKET_QUEUE  TapPacketQueue,
+    __in PTAP_PACKET        TapPacket
+    );
+
+
+// Call with QueueLock held
+PTAP_PACKET
+tapPacketRemoveHeadLocked(
+    __in PTAP_PACKET_QUEUE  TapPacketQueue
+    );
+
+PTAP_PACKET
+tapPacketRemoveHead(
+    __in PTAP_PACKET_QUEUE  TapPacketQueue
+    );
+
+VOID
+tapPacketQueueInitialize(
+    __in PTAP_PACKET_QUEUE  TapPacketQueue
+    );
+
+//----------------------
+// Cancel-Safe IRP Queue
+//----------------------
+
+typedef struct _TAP_IRP_CSQ
+{
+    IO_CSQ          CsqQueue;
+    KSPIN_LOCK      QueueLock;
+    LIST_ENTRY      Queue;
+    ULONG           Count;   // Count of currently queued items
+    ULONG           MaxCount;
+} TAP_IRP_CSQ, *PTAP_IRP_CSQ;
+
+VOID
+tapIrpCsqInitialize(
+    __in PTAP_IRP_CSQ  TapIrpCsq
+    );
+
+VOID
+tapIrpCsqFlush(
+    __in PTAP_IRP_CSQ  TapIrpCsq
+    );
diff --git a/windows/TapDriver6/oidrequest.c b/windows/TapDriver6/oidrequest.c
new file mode 100644
index 0000000..a6882f8
--- /dev/null
+++ b/windows/TapDriver6/oidrequest.c
@@ -0,0 +1,1028 @@
+/*
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ *                 device functionality on Windows.
+ *
+ *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
+ *
+ *  This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
+ *  and is released under the GPL version 2 (see below).
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+//
+// Include files.
+//
+
+#include "tap.h"
+
+#ifndef DBG
+
+#define DBG_PRINT_OID_NAME
+
+#else
+
+VOID
+DBG_PRINT_OID_NAME(
+    __in  NDIS_OID  Oid
+    )
+{
+    PCHAR oidName = NULL;
+
+    switch (Oid){
+
+        #undef MAKECASE
+        #define MAKECASE(oidx) case oidx: oidName = #oidx "\n"; break;
+
+        /* Operational OIDs */
+        MAKECASE(OID_GEN_SUPPORTED_LIST)
+        MAKECASE(OID_GEN_HARDWARE_STATUS)
+        MAKECASE(OID_GEN_MEDIA_SUPPORTED)
+        MAKECASE(OID_GEN_MEDIA_IN_USE)
+        MAKECASE(OID_GEN_MAXIMUM_LOOKAHEAD)
+        MAKECASE(OID_GEN_MAXIMUM_FRAME_SIZE)
+        MAKECASE(OID_GEN_LINK_SPEED)
+        MAKECASE(OID_GEN_TRANSMIT_BUFFER_SPACE)
+        MAKECASE(OID_GEN_RECEIVE_BUFFER_SPACE)
+        MAKECASE(OID_GEN_TRANSMIT_BLOCK_SIZE)
+        MAKECASE(OID_GEN_RECEIVE_BLOCK_SIZE)
+        MAKECASE(OID_GEN_VENDOR_ID)
+        MAKECASE(OID_GEN_VENDOR_DESCRIPTION)
+        MAKECASE(OID_GEN_VENDOR_DRIVER_VERSION)
+        MAKECASE(OID_GEN_CURRENT_PACKET_FILTER)
+        MAKECASE(OID_GEN_CURRENT_LOOKAHEAD)
+        MAKECASE(OID_GEN_DRIVER_VERSION)
+        MAKECASE(OID_GEN_MAXIMUM_TOTAL_SIZE)
+        MAKECASE(OID_GEN_PROTOCOL_OPTIONS)
+        MAKECASE(OID_GEN_MAC_OPTIONS)
+        MAKECASE(OID_GEN_MEDIA_CONNECT_STATUS)
+        MAKECASE(OID_GEN_MAXIMUM_SEND_PACKETS)
+        MAKECASE(OID_GEN_SUPPORTED_GUIDS)
+        MAKECASE(OID_GEN_NETWORK_LAYER_ADDRESSES)
+        MAKECASE(OID_GEN_TRANSPORT_HEADER_OFFSET)
+        MAKECASE(OID_GEN_MEDIA_CAPABILITIES)
+        MAKECASE(OID_GEN_PHYSICAL_MEDIUM)
+        MAKECASE(OID_GEN_MACHINE_NAME)
+        MAKECASE(OID_GEN_VLAN_ID)
+        MAKECASE(OID_GEN_RNDIS_CONFIG_PARAMETER)
+
+        /* Operational OIDs for NDIS 6.0 */
+        MAKECASE(OID_GEN_MAX_LINK_SPEED)
+        MAKECASE(OID_GEN_LINK_STATE)
+        MAKECASE(OID_GEN_LINK_PARAMETERS)
+        MAKECASE(OID_GEN_MINIPORT_RESTART_ATTRIBUTES)
+        MAKECASE(OID_GEN_ENUMERATE_PORTS)
+        MAKECASE(OID_GEN_PORT_STATE)
+        MAKECASE(OID_GEN_PORT_AUTHENTICATION_PARAMETERS)
+        MAKECASE(OID_GEN_INTERRUPT_MODERATION)
+        MAKECASE(OID_GEN_PHYSICAL_MEDIUM_EX)
+
+        /* Statistical OIDs */
+        MAKECASE(OID_GEN_XMIT_OK)
+        MAKECASE(OID_GEN_RCV_OK)
+        MAKECASE(OID_GEN_XMIT_ERROR)
+        MAKECASE(OID_GEN_RCV_ERROR)
+        MAKECASE(OID_GEN_RCV_NO_BUFFER)
+        MAKECASE(OID_GEN_DIRECTED_BYTES_XMIT)
+        MAKECASE(OID_GEN_DIRECTED_FRAMES_XMIT)
+        MAKECASE(OID_GEN_MULTICAST_BYTES_XMIT)
+        MAKECASE(OID_GEN_MULTICAST_FRAMES_XMIT)
+        MAKECASE(OID_GEN_BROADCAST_BYTES_XMIT)
+        MAKECASE(OID_GEN_BROADCAST_FRAMES_XMIT)
+        MAKECASE(OID_GEN_DIRECTED_BYTES_RCV)
+        MAKECASE(OID_GEN_DIRECTED_FRAMES_RCV)
+        MAKECASE(OID_GEN_MULTICAST_BYTES_RCV)
+        MAKECASE(OID_GEN_MULTICAST_FRAMES_RCV)
+        MAKECASE(OID_GEN_BROADCAST_BYTES_RCV)
+        MAKECASE(OID_GEN_BROADCAST_FRAMES_RCV)
+        MAKECASE(OID_GEN_RCV_CRC_ERROR)
+        MAKECASE(OID_GEN_TRANSMIT_QUEUE_LENGTH)
+
+        /* Statistical OIDs for NDIS 6.0 */
+        MAKECASE(OID_GEN_STATISTICS)
+        MAKECASE(OID_GEN_BYTES_RCV)
+        MAKECASE(OID_GEN_BYTES_XMIT)
+        MAKECASE(OID_GEN_RCV_DISCARDS)
+        MAKECASE(OID_GEN_XMIT_DISCARDS)
+
+        /* Misc OIDs */
+        MAKECASE(OID_GEN_GET_TIME_CAPS)
+        MAKECASE(OID_GEN_GET_NETCARD_TIME)
+        MAKECASE(OID_GEN_NETCARD_LOAD)
+        MAKECASE(OID_GEN_DEVICE_PROFILE)
+        MAKECASE(OID_GEN_INIT_TIME_MS)
+        MAKECASE(OID_GEN_RESET_COUNTS)
+        MAKECASE(OID_GEN_MEDIA_SENSE_COUNTS)
+
+        /* PnP power management operational OIDs */
+        MAKECASE(OID_PNP_CAPABILITIES)
+        MAKECASE(OID_PNP_SET_POWER)
+        MAKECASE(OID_PNP_QUERY_POWER)
+        MAKECASE(OID_PNP_ADD_WAKE_UP_PATTERN)
+        MAKECASE(OID_PNP_REMOVE_WAKE_UP_PATTERN)
+        MAKECASE(OID_PNP_ENABLE_WAKE_UP)
+        MAKECASE(OID_PNP_WAKE_UP_PATTERN_LIST)
+
+        /* PnP power management statistical OIDs */
+        MAKECASE(OID_PNP_WAKE_UP_ERROR)
+        MAKECASE(OID_PNP_WAKE_UP_OK)
+
+        /* Ethernet operational OIDs */
+        MAKECASE(OID_802_3_PERMANENT_ADDRESS)
+        MAKECASE(OID_802_3_CURRENT_ADDRESS)
+        MAKECASE(OID_802_3_MULTICAST_LIST)
+        MAKECASE(OID_802_3_MAXIMUM_LIST_SIZE)
+        MAKECASE(OID_802_3_MAC_OPTIONS)
+
+        /* Ethernet operational OIDs for NDIS 6.0 */
+        MAKECASE(OID_802_3_ADD_MULTICAST_ADDRESS)
+        MAKECASE(OID_802_3_DELETE_MULTICAST_ADDRESS)
+
+        /* Ethernet statistical OIDs */
+        MAKECASE(OID_802_3_RCV_ERROR_ALIGNMENT)
+        MAKECASE(OID_802_3_XMIT_ONE_COLLISION)
+        MAKECASE(OID_802_3_XMIT_MORE_COLLISIONS)
+        MAKECASE(OID_802_3_XMIT_DEFERRED)
+        MAKECASE(OID_802_3_XMIT_MAX_COLLISIONS)
+        MAKECASE(OID_802_3_RCV_OVERRUN)
+        MAKECASE(OID_802_3_XMIT_UNDERRUN)
+        MAKECASE(OID_802_3_XMIT_HEARTBEAT_FAILURE)
+        MAKECASE(OID_802_3_XMIT_TIMES_CRS_LOST)
+        MAKECASE(OID_802_3_XMIT_LATE_COLLISIONS)
+
+        /*  TCP/IP OIDs */
+        MAKECASE(OID_TCP_TASK_OFFLOAD)
+        MAKECASE(OID_TCP_TASK_IPSEC_ADD_SA)
+        MAKECASE(OID_TCP_TASK_IPSEC_DELETE_SA)
+        MAKECASE(OID_TCP_SAN_SUPPORT)
+        MAKECASE(OID_TCP_TASK_IPSEC_ADD_UDPESP_SA)
+        MAKECASE(OID_TCP_TASK_IPSEC_DELETE_UDPESP_SA)
+        MAKECASE(OID_TCP4_OFFLOAD_STATS)
+        MAKECASE(OID_TCP6_OFFLOAD_STATS)
+        MAKECASE(OID_IP4_OFFLOAD_STATS)
+        MAKECASE(OID_IP6_OFFLOAD_STATS)
+
+        /* TCP offload OIDs for NDIS 6 */
+        MAKECASE(OID_TCP_OFFLOAD_CURRENT_CONFIG)
+        MAKECASE(OID_TCP_OFFLOAD_PARAMETERS)
+        MAKECASE(OID_TCP_OFFLOAD_HARDWARE_CAPABILITIES)
+        MAKECASE(OID_TCP_CONNECTION_OFFLOAD_CURRENT_CONFIG)
+        MAKECASE(OID_TCP_CONNECTION_OFFLOAD_HARDWARE_CAPABILITIES)
+        MAKECASE(OID_OFFLOAD_ENCAPSULATION)
+
+#if (NDIS_SUPPORT_NDIS620)
+        /* VMQ OIDs for NDIS 6.20 */
+        MAKECASE(OID_RECEIVE_FILTER_FREE_QUEUE)
+        MAKECASE(OID_RECEIVE_FILTER_CLEAR_FILTER)
+        MAKECASE(OID_RECEIVE_FILTER_ALLOCATE_QUEUE)
+        MAKECASE(OID_RECEIVE_FILTER_QUEUE_ALLOCATION_COMPLETE)
+        MAKECASE(OID_RECEIVE_FILTER_SET_FILTER)
+#endif
+
+#if (NDIS_SUPPORT_NDIS630)
+        /* NDIS QoS OIDs for NDIS 6.30 */
+        MAKECASE(OID_QOS_PARAMETERS)
+#endif
+    }
+
+    if (oidName)
+    {
+        DEBUGP(("OID: %s", oidName));
+    }
+    else
+    {
+        DEBUGP(("<** Unknown OID 0x%08x **>\n", Oid));
+    }
+}
+
+#endif // DBG
+
+//======================================================================
+// TAP NDIS 6 OID Request Callbacks
+//======================================================================
+
+NDIS_STATUS
+tapSetMulticastList(
+    __in PTAP_ADAPTER_CONTEXT   Adapter,
+    __in PNDIS_OID_REQUEST      OidRequest
+    )
+{
+    NDIS_STATUS   status = NDIS_STATUS_SUCCESS;
+
+    //
+    // Initialize.
+    //
+    OidRequest->DATA.SET_INFORMATION.BytesNeeded = MACADDR_SIZE;
+    OidRequest->DATA.SET_INFORMATION.BytesRead
+        = OidRequest->DATA.SET_INFORMATION.InformationBufferLength;
+
+
+    do
+    {
+        if (OidRequest->DATA.SET_INFORMATION.InformationBufferLength % MACADDR_SIZE)
+        {
+            status = NDIS_STATUS_INVALID_LENGTH;
+            break;
+        }
+
+        if (OidRequest->DATA.SET_INFORMATION.InformationBufferLength > (TAP_MAX_MCAST_LIST * MACADDR_SIZE))
+        {
+            status = NDIS_STATUS_MULTICAST_FULL;
+            OidRequest->DATA.SET_INFORMATION.BytesNeeded = TAP_MAX_MCAST_LIST * MACADDR_SIZE;
+            break;
+        }
+
+        // BUGBUG!!! Is lock needed??? If so, use NDIS_RW_LOCK. Also apply to packet filter.
+
+        NdisZeroMemory(Adapter->MCList,
+                       TAP_MAX_MCAST_LIST * MACADDR_SIZE);
+
+        NdisMoveMemory(Adapter->MCList,
+                       OidRequest->DATA.SET_INFORMATION.InformationBuffer,
+                       OidRequest->DATA.SET_INFORMATION.InformationBufferLength);
+
+        Adapter->ulMCListSize = OidRequest->DATA.SET_INFORMATION.InformationBufferLength / MACADDR_SIZE;
+
+    } while(FALSE);
+    return status;
+}
+
+NDIS_STATUS
+tapSetPacketFilter(
+    __in PTAP_ADAPTER_CONTEXT   Adapter,
+    __in ULONG                  PacketFilter
+    )
+{
+    NDIS_STATUS   status = NDIS_STATUS_SUCCESS;
+
+    // any bits not supported?
+    if (PacketFilter & ~(TAP_SUPPORTED_FILTERS))
+    {
+        DEBUGP (("[TAP] Unsupported packet filter: 0x%08x\n", PacketFilter));
+        status = NDIS_STATUS_NOT_SUPPORTED;
+    }
+    else
+    {
+        // Any actual filtering changes?
+        if (PacketFilter != Adapter->PacketFilter)
+        {
+            //
+            // Change the filtering modes on hardware
+            //
+
+            // Save the new packet filter value
+            Adapter->PacketFilter = PacketFilter;
+        }
+    }
+
+    return status;
+}
+
+NDIS_STATUS
+AdapterSetPowerD0(
+    __in PTAP_ADAPTER_CONTEXT   Adapter
+    )
+/*++
+Routine Description:
+
+    NIC power has been restored to the working power state (D0).
+    Prepare the NIC for normal operation:
+        - Restore hardware context (packet filters, multicast addresses, MAC address, etc.)
+        - Enable interrupts and the NIC's DMA engine.
+
+Arguments:
+
+    Adapter     - Pointer to adapter block
+
+Return Value:
+
+    NDIS_STATUS   
+
+--*/      
+{
+    NDIS_STATUS status = NDIS_STATUS_SUCCESS;
+
+    DEBUGP (("[TAP] PowerState: Fully powered\n"));
+
+    // Start data path...
+
+    return status;
+}
+
+NDIS_STATUS
+AdapterSetPowerLow(
+    __in PTAP_ADAPTER_CONTEXT       Adapter,
+    __in NDIS_DEVICE_POWER_STATE    PowerState
+    )
+/*++
+Routine Description:
+
+    The NIC is about to be transitioned to a low power state. 
+    Prepare the NIC for the sleeping state:
+        - Disable interrupts and the NIC's DMA engine, cancel timers.  
+        - Save any hardware context that the NIC cannot preserve in 
+          a sleeping state (packet filters, multicast addresses, 
+          the current MAC address, etc.)
+    A miniport driver cannot access the NIC hardware after 
+    the NIC has been set to the D3 state by the bus driver.
+
+    Miniport drivers NDIS v6.30 and above 
+        Do NOT wait for NDIS to return the ownership of all 
+        NBLs from outstanding receive indications
+        Retain ownership of all the receive descriptors and 
+        packet buffers previously owned by the hardware.
+
+Arguments:
+
+    Adapter         - Pointer to adapter block
+    PowerState      - New power state
+
+Return Value:
+
+    NDIS_STATUS   
+
+--*/      
+{
+    NDIS_STATUS status = NDIS_STATUS_SUCCESS;
+
+    DEBUGP (("[TAP] PowerState: Low-power\n"));
+
+    //
+    // Miniport drivers NDIS v6.20 and below are 
+    // paused prior the low power transition 
+    //
+
+    // Check for paused state...
+    // Verify data path stopped...
+
+    return status;
+}
+
+NDIS_STATUS
+tapSetInformation(
+    __in PTAP_ADAPTER_CONTEXT   Adapter,
+    __in PNDIS_OID_REQUEST      OidRequest
+    )
+/*++
+
+Routine Description:
+
+    Helper function to perform a set OID request
+
+Arguments:
+
+    Adapter         -
+    NdisSetRequest  - The OID to set
+
+Return Value:
+
+    NDIS_STATUS
+
+--*/
+{
+    NDIS_STATUS    status = NDIS_STATUS_SUCCESS;
+
+    DBG_PRINT_OID_NAME(OidRequest->DATA.SET_INFORMATION.Oid);
+
+    switch(OidRequest->DATA.SET_INFORMATION.Oid)
+    {
+    case OID_802_3_MULTICAST_LIST:
+        //
+        // Set the multicast address list on the NIC for packet reception.
+        // The NIC driver can set a limit on the number of multicast
+        // addresses bound protocol drivers can enable simultaneously.
+        // NDIS returns NDIS_STATUS_MULTICAST_FULL if a protocol driver
+        // exceeds this limit or if it specifies an invalid multicast
+        // address.
+        //
+        status = tapSetMulticastList(Adapter,OidRequest);
+        break;
+
+    case OID_GEN_CURRENT_LOOKAHEAD:
+        //
+        // A protocol driver can set a suggested value for the number
+        // of bytes to be used in its binding; however, the underlying
+        // NIC driver is never required to limit its indications to
+        // the value set.
+        //
+        if (OidRequest->DATA.SET_INFORMATION.InformationBufferLength != sizeof(ULONG))
+        {
+            OidRequest->DATA.SET_INFORMATION.BytesNeeded = sizeof(ULONG);
+            status = NDIS_STATUS_INVALID_LENGTH;
+            break;
+        }
+
+        Adapter->ulLookahead = *(PULONG)OidRequest->DATA.SET_INFORMATION.InformationBuffer;
+
+        OidRequest->DATA.SET_INFORMATION.BytesRead = sizeof(ULONG);
+        status = NDIS_STATUS_SUCCESS;
+        break;
+
+    case OID_GEN_CURRENT_PACKET_FILTER:
+            //
+            // Program the hardware to indicate the packets
+            // of certain filter types.
+            //
+            if(OidRequest->DATA.SET_INFORMATION.InformationBufferLength != sizeof(ULONG))
+            {
+                OidRequest->DATA.SET_INFORMATION.BytesNeeded = sizeof(ULONG);
+                status = NDIS_STATUS_INVALID_LENGTH;
+                break;
+            }
+
+            OidRequest->DATA.SET_INFORMATION.BytesRead
+                = OidRequest->DATA.SET_INFORMATION.InformationBufferLength;
+
+            status = tapSetPacketFilter(
+                            Adapter,
+                            *((PULONG)OidRequest->DATA.SET_INFORMATION.InformationBuffer)
+                            );
+
+            break;
+
+    case OID_PNP_SET_POWER:
+        {
+            // Sanity check.
+            if (OidRequest->DATA.SET_INFORMATION.InformationBufferLength
+                < sizeof(NDIS_DEVICE_POWER_STATE)
+                )
+            {
+                status = NDIS_STATUS_INVALID_LENGTH;
+            }
+            else
+            {
+                NDIS_DEVICE_POWER_STATE     PowerState;
+
+                PowerState = *(PNDIS_DEVICE_POWER_STATE UNALIGNED)OidRequest->DATA.SET_INFORMATION.InformationBuffer;
+                OidRequest->DATA.SET_INFORMATION.BytesRead = sizeof(NDIS_DEVICE_POWER_STATE);
+
+                if(PowerState < NdisDeviceStateD0  ||
+                    PowerState > NdisDeviceStateD3)
+                {
+                    status = NDIS_STATUS_INVALID_DATA;
+                }
+                else
+                {
+                    Adapter->CurrentPowerState = PowerState;
+
+                    if (PowerState == NdisDeviceStateD0)
+                    {
+                        status = AdapterSetPowerD0(Adapter);
+                    }
+                    else
+                    {
+                        status = AdapterSetPowerLow(Adapter, PowerState);
+                    }
+                }
+            }
+        }
+        break;
+
+#if (NDIS_SUPPORT_NDIS61)
+    case OID_PNP_ADD_WAKE_UP_PATTERN:
+    case OID_PNP_REMOVE_WAKE_UP_PATTERN:
+    case OID_PNP_ENABLE_WAKE_UP:
+#endif
+        ASSERT(!"NIC does not support wake on LAN OIDs"); 
+    default:
+        //
+        // The entry point may by used by other requests
+        //
+        status = NDIS_STATUS_NOT_SUPPORTED;
+        break;
+    }
+
+    return status;
+}
+
+NDIS_STATUS
+tapQueryInformation(
+    __in PTAP_ADAPTER_CONTEXT   Adapter,
+    __in PNDIS_OID_REQUEST      OidRequest
+    )
+/*++
+
+Routine Description:
+
+    Helper function to perform a query OID request
+
+Arguments:
+
+    Adapter         -
+    OidRequest  - The OID request that is being queried
+
+Return Value:
+
+    NDIS_STATUS
+
+--*/
+{
+    NDIS_STATUS             status = NDIS_STATUS_SUCCESS;
+    NDIS_MEDIUM             Medium = TAP_MEDIUM_TYPE;
+    NDIS_HARDWARE_STATUS    HardwareStatus = NdisHardwareStatusReady;
+    UCHAR                   VendorDesc[] = TAP_VENDOR_DESC;
+    ULONG                   ulInfo;
+    USHORT                  usInfo;
+    ULONG64                 ulInfo64;
+
+    // Default to returning the ULONG value
+    PVOID                   pInfo=NULL;
+    ULONG                   ulInfoLen = sizeof(ulInfo);
+
+    // ATTENTION!!! Ignore OIDs to noisy to print...
+    if((OidRequest->DATA.QUERY_INFORMATION.Oid != OID_GEN_STATISTICS)
+        && (OidRequest->DATA.QUERY_INFORMATION.Oid != OID_IP4_OFFLOAD_STATS)
+        && (OidRequest->DATA.QUERY_INFORMATION.Oid != OID_IP6_OFFLOAD_STATS)
+        )
+    {
+        DBG_PRINT_OID_NAME(OidRequest->DATA.QUERY_INFORMATION.Oid);
+    }
+
+    // Dispatch based on object identifier (OID).
+    switch(OidRequest->DATA.QUERY_INFORMATION.Oid)
+    {
+    case OID_GEN_HARDWARE_STATUS:
+        //
+        // Specify the current hardware status of the underlying NIC as
+        // one of the following NDIS_HARDWARE_STATUS-type values.
+        //
+        pInfo = (PVOID) &HardwareStatus;
+        ulInfoLen = sizeof(NDIS_HARDWARE_STATUS);
+        break;
+
+    case OID_802_3_PERMANENT_ADDRESS:
+        //
+        // Return the MAC address of the NIC burnt in the hardware.
+        //
+        pInfo = Adapter->PermanentAddress;
+        ulInfoLen = MACADDR_SIZE;
+        break;
+
+    case OID_802_3_CURRENT_ADDRESS:
+        //
+        // Return the MAC address the NIC is currently programmed to
+        // use. Note that this address could be different from the
+        // permananent address as the user can override using
+        // registry. Read NdisReadNetworkAddress doc for more info.
+        //
+        pInfo = Adapter->CurrentAddress;
+        ulInfoLen = MACADDR_SIZE;
+        break;
+
+    case OID_GEN_MEDIA_SUPPORTED:
+        //
+        // Return an array of media that are supported by the miniport.
+        // This miniport only supports one medium (Ethernet), so the OID
+        // returns identical results to OID_GEN_MEDIA_IN_USE.
+        //
+
+        __fallthrough;
+
+    case OID_GEN_MEDIA_IN_USE:
+        //
+        // Return an array of media that are currently in use by the
+        // miniport.  This array should be a subset of the array returned
+        // by OID_GEN_MEDIA_SUPPORTED.
+        //
+        pInfo = &Medium;
+        ulInfoLen = sizeof(Medium);
+        break;
+
+    case OID_GEN_MAXIMUM_TOTAL_SIZE:
+        //
+        // Specify the maximum total packet length, in bytes, the NIC
+        // supports including the header. A protocol driver might use
+        // this returned length as a gauge to determine the maximum
+        // size packet that a NIC driver could forward to the
+        // protocol driver. The miniport driver must never indicate
+        // up to the bound protocol driver packets received over the
+        // network that are longer than the packet size specified by
+        // OID_GEN_MAXIMUM_TOTAL_SIZE.
+        //
+
+        __fallthrough;
+
+    case OID_GEN_TRANSMIT_BLOCK_SIZE:
+        //
+        // The OID_GEN_TRANSMIT_BLOCK_SIZE OID specifies the minimum
+        // number of bytes that a single net packet occupies in the
+        // transmit buffer space of the NIC. In our case, the transmit
+        // block size is identical to its maximum packet size.
+        __fallthrough;
+
+    case OID_GEN_RECEIVE_BLOCK_SIZE:
+        //
+        // The OID_GEN_RECEIVE_BLOCK_SIZE OID specifies the amount of
+        // storage, in bytes, that a single packet occupies in the receive
+        // buffer space of the NIC.
+        //
+        ulInfo = (ULONG) TAP_MAX_FRAME_SIZE;
+        pInfo = &ulInfo;
+        break;
+
+    case OID_GEN_INTERRUPT_MODERATION:
+        {
+            PNDIS_INTERRUPT_MODERATION_PARAMETERS moderationParams
+                = (PNDIS_INTERRUPT_MODERATION_PARAMETERS)OidRequest->DATA.QUERY_INFORMATION.InformationBuffer;
+
+            moderationParams->Header.Type = NDIS_OBJECT_TYPE_DEFAULT; 
+            moderationParams->Header.Revision = NDIS_INTERRUPT_MODERATION_PARAMETERS_REVISION_1;
+            moderationParams->Header.Size = NDIS_SIZEOF_INTERRUPT_MODERATION_PARAMETERS_REVISION_1;
+            moderationParams->Flags = 0;
+            moderationParams->InterruptModeration = NdisInterruptModerationNotSupported;
+            ulInfoLen = NDIS_SIZEOF_INTERRUPT_MODERATION_PARAMETERS_REVISION_1;
+        }
+        break;
+
+    case OID_PNP_QUERY_POWER:
+        // Simply succeed this.
+        break;
+
+    case OID_GEN_VENDOR_ID:
+        //
+        // Specify a three-byte IEEE-registered vendor code, followed
+        // by a single byte that the vendor assigns to identify a
+        // particular NIC. The IEEE code uniquely identifies the vendor
+        // and is the same as the three bytes appearing at the beginning
+        // of the NIC hardware address. Vendors without an IEEE-registered
+        // code should use the value 0xFFFFFF.
+        //
+
+        ulInfo = TAP_VENDOR_ID;
+        pInfo = &ulInfo;
+        break;
+
+    case OID_GEN_VENDOR_DESCRIPTION:
+        //
+        // Specify a zero-terminated string describing the NIC vendor.
+        //
+        pInfo = VendorDesc;
+        ulInfoLen = sizeof(VendorDesc);
+        break;
+
+    case OID_GEN_VENDOR_DRIVER_VERSION:
+        //
+        // Specify the vendor-assigned version number of the NIC driver.
+        // The low-order half of the return value specifies the minor
+        // version; the high-order half specifies the major version.
+        //
+
+        ulInfo = TAP_DRIVER_VENDOR_VERSION;
+        pInfo = &ulInfo;
+        break;
+
+    case OID_GEN_DRIVER_VERSION:
+        //
+        // Specify the NDIS version in use by the NIC driver. The high
+        // byte is the major version number; the low byte is the minor
+        // version number.
+        //
+        usInfo = (USHORT) (TAP_NDIS_MAJOR_VERSION<<8) + TAP_NDIS_MINOR_VERSION;
+        pInfo = (PVOID) &usInfo;
+        ulInfoLen = sizeof(USHORT);
+        break;
+
+    case OID_802_3_MAXIMUM_LIST_SIZE:
+        //
+        // The maximum number of multicast addresses the NIC driver
+        // can manage. This list is global for all protocols bound
+        // to (or above) the NIC. Consequently, a protocol can receive
+        // NDIS_STATUS_MULTICAST_FULL from the NIC driver when
+        // attempting to set the multicast address list, even if
+        // the number of elements in the given list is less than
+        // the number originally returned for this query.
+        //
+
+        ulInfo = TAP_MAX_MCAST_LIST;
+        pInfo = &ulInfo;
+        break;
+
+    case OID_GEN_XMIT_ERROR:
+        ulInfo = (ULONG)
+            (Adapter->TxAbortExcessCollisions +
+            Adapter->TxDmaUnderrun +
+            Adapter->TxLostCRS +
+            Adapter->TxLateCollisions+
+            Adapter->TransmitFailuresOther);
+        pInfo = &ulInfo;
+        break;
+
+    case OID_GEN_RCV_ERROR:
+        ulInfo = (ULONG)
+            (Adapter->RxCrcErrors +
+            Adapter->RxAlignmentErrors +
+            Adapter->RxDmaOverrunErrors +
+            Adapter->RxRuntErrors);
+        pInfo = &ulInfo;
+        break;
+
+    case OID_GEN_RCV_DISCARDS:
+        ulInfo = (ULONG)Adapter->RxResourceErrors;
+        pInfo = &ulInfo;
+        break;
+
+    case OID_GEN_RCV_NO_BUFFER:
+        ulInfo = (ULONG)Adapter->RxResourceErrors;
+        pInfo = &ulInfo;
+        break;
+
+    case OID_GEN_XMIT_OK:
+        ulInfo64 = Adapter->FramesTxBroadcast
+            + Adapter->FramesTxMulticast
+            + Adapter->FramesTxDirected;
+        pInfo = &ulInfo64;
+        if (OidRequest->DATA.QUERY_INFORMATION.InformationBufferLength >= sizeof(ULONG64) ||
+            OidRequest->DATA.QUERY_INFORMATION.InformationBufferLength == 0)
+        {
+            ulInfoLen = sizeof(ULONG64);
+        }
+        else
+        {
+            ulInfoLen = sizeof(ULONG);
+        }
+
+        // We should always report that only 8 bytes are required to keep ndistest happy
+        OidRequest->DATA.QUERY_INFORMATION.BytesNeeded =  sizeof(ULONG64);
+        break;
+
+    case OID_GEN_RCV_OK:
+        ulInfo64 = Adapter->FramesRxBroadcast
+            + Adapter->FramesRxMulticast
+            + Adapter->FramesRxDirected;
+
+        pInfo = &ulInfo64;
+
+        if (OidRequest->DATA.QUERY_INFORMATION.InformationBufferLength >= sizeof(ULONG64) ||
+            OidRequest->DATA.QUERY_INFORMATION.InformationBufferLength == 0)
+        {
+            ulInfoLen = sizeof(ULONG64);
+        }
+        else
+        {
+            ulInfoLen = sizeof(ULONG);
+        }
+
+        // We should always report that only 8 bytes are required to keep ndistest happy
+        OidRequest->DATA.QUERY_INFORMATION.BytesNeeded =  sizeof(ULONG64);
+        break;
+
+    case OID_802_3_RCV_ERROR_ALIGNMENT:
+
+        ulInfo = Adapter->RxAlignmentErrors;
+        pInfo = &ulInfo;
+        break;
+
+    case OID_802_3_XMIT_ONE_COLLISION:
+
+        ulInfo = Adapter->OneRetry;
+        pInfo = &ulInfo;
+        break;
+
+    case OID_802_3_XMIT_MORE_COLLISIONS:
+
+        ulInfo = Adapter->MoreThanOneRetry;
+        pInfo = &ulInfo;
+        break;
+
+    case OID_802_3_XMIT_DEFERRED:
+
+        ulInfo = Adapter->TxOKButDeferred;
+        pInfo = &ulInfo;
+        break;
+
+    case OID_802_3_XMIT_MAX_COLLISIONS:
+
+        ulInfo = Adapter->TxAbortExcessCollisions;
+        pInfo = &ulInfo;
+        break;
+
+    case OID_802_3_RCV_OVERRUN:
+
+        ulInfo = Adapter->RxDmaOverrunErrors;
+        pInfo = &ulInfo;
+        break;
+
+    case OID_802_3_XMIT_UNDERRUN:
+
+        ulInfo = Adapter->TxDmaUnderrun;
+        pInfo = &ulInfo;
+        break;
+
+    case OID_GEN_STATISTICS:
+
+        if (OidRequest->DATA.QUERY_INFORMATION.InformationBufferLength < sizeof(NDIS_STATISTICS_INFO))
+        {
+            status = NDIS_STATUS_INVALID_LENGTH;
+            OidRequest->DATA.QUERY_INFORMATION.BytesNeeded = sizeof(NDIS_STATISTICS_INFO);
+            break;
+        }
+        else
+        {
+            PNDIS_STATISTICS_INFO Statistics
+                = (PNDIS_STATISTICS_INFO)OidRequest->DATA.QUERY_INFORMATION.InformationBuffer;
+
+            {C_ASSERT(sizeof(NDIS_STATISTICS_INFO) >= NDIS_SIZEOF_STATISTICS_INFO_REVISION_1);}
+            Statistics->Header.Type = NDIS_OBJECT_TYPE_DEFAULT;
+            Statistics->Header.Size = NDIS_SIZEOF_STATISTICS_INFO_REVISION_1;
+            Statistics->Header.Revision = NDIS_STATISTICS_INFO_REVISION_1;
+
+            Statistics->SupportedStatistics = TAP_SUPPORTED_STATISTICS;
+
+            /* Bytes in */
+            Statistics->ifHCInOctets =
+                Adapter->BytesRxDirected +
+                Adapter->BytesRxMulticast +
+                Adapter->BytesRxBroadcast;
+
+            Statistics->ifHCInUcastOctets =
+                Adapter->BytesRxDirected;
+
+            Statistics->ifHCInMulticastOctets =
+                Adapter->BytesRxMulticast;
+
+            Statistics->ifHCInBroadcastOctets =
+                Adapter->BytesRxBroadcast;
+
+            /* Packets in */
+            Statistics->ifHCInUcastPkts =
+                Adapter->FramesRxDirected;
+
+            Statistics->ifHCInMulticastPkts =
+                Adapter->FramesRxMulticast;
+
+            Statistics->ifHCInBroadcastPkts =
+                Adapter->FramesRxBroadcast;
+
+            /* Errors in */
+            Statistics->ifInErrors =
+                Adapter->RxCrcErrors +
+                Adapter->RxAlignmentErrors +
+                Adapter->RxDmaOverrunErrors +
+                Adapter->RxRuntErrors;
+
+            Statistics->ifInDiscards =
+                Adapter->RxResourceErrors;
+
+
+            /* Bytes out */
+            Statistics->ifHCOutOctets =
+                Adapter->BytesTxDirected +
+                Adapter->BytesTxMulticast +
+                Adapter->BytesTxBroadcast;
+
+            Statistics->ifHCOutUcastOctets =
+                Adapter->BytesTxDirected;
+
+            Statistics->ifHCOutMulticastOctets =
+                Adapter->BytesTxMulticast;
+
+            Statistics->ifHCOutBroadcastOctets =
+                Adapter->BytesTxBroadcast;
+
+            /* Packets out */
+            Statistics->ifHCOutUcastPkts =
+                Adapter->FramesTxDirected;
+
+            Statistics->ifHCOutMulticastPkts =
+                Adapter->FramesTxMulticast;
+
+            Statistics->ifHCOutBroadcastPkts =
+                Adapter->FramesTxBroadcast;
+
+            /* Errors out */
+            Statistics->ifOutErrors =
+                Adapter->TxAbortExcessCollisions +
+                Adapter->TxDmaUnderrun +
+                Adapter->TxLostCRS +
+                Adapter->TxLateCollisions+
+                Adapter->TransmitFailuresOther;
+
+            Statistics->ifOutDiscards = 0ULL;
+
+            ulInfoLen = NDIS_SIZEOF_STATISTICS_INFO_REVISION_1;
+        }
+
+        break;
+
+        // TODO: Inplement these query information requests.
+    case OID_GEN_RECEIVE_BUFFER_SPACE:
+    case OID_GEN_MAXIMUM_SEND_PACKETS:
+    case OID_GEN_TRANSMIT_QUEUE_LENGTH:
+    case OID_802_3_XMIT_HEARTBEAT_FAILURE:
+    case OID_802_3_XMIT_TIMES_CRS_LOST:
+    case OID_802_3_XMIT_LATE_COLLISIONS:
+
+    default:
+        //
+        // The entry point may by used by other requests
+        //
+        status = NDIS_STATUS_NOT_SUPPORTED;
+        break;
+    }
+
+    if (status == NDIS_STATUS_SUCCESS)
+    {
+        ASSERT(ulInfoLen > 0);
+
+        if (ulInfoLen <= OidRequest->DATA.QUERY_INFORMATION.InformationBufferLength)
+        {
+            if(pInfo)
+            {
+                // Copy result into InformationBuffer
+                NdisMoveMemory(
+                    OidRequest->DATA.QUERY_INFORMATION.InformationBuffer,
+                    pInfo,
+                    ulInfoLen
+                    );
+            }
+
+            OidRequest->DATA.QUERY_INFORMATION.BytesWritten = ulInfoLen;
+        }
+        else
+        {
+            // too short
+            OidRequest->DATA.QUERY_INFORMATION.BytesNeeded = ulInfoLen;
+            status = NDIS_STATUS_BUFFER_TOO_SHORT;
+        }
+    }
+
+    return status;
+}
+
+NDIS_STATUS
+AdapterOidRequest(
+    __in  NDIS_HANDLE             MiniportAdapterContext,
+    __in  PNDIS_OID_REQUEST       OidRequest
+    )
+/*++
+
+Routine Description:
+
+    Entry point called by NDIS to get or set the value of a specified OID.
+
+Arguments:
+
+    MiniportAdapterContext  - Our adapter handle
+    NdisRequest             - The OID request to handle
+
+Return Value:
+
+    Return code from the NdisRequest below.
+
+--*/
+{
+    PTAP_ADAPTER_CONTEXT   adapter = (PTAP_ADAPTER_CONTEXT )MiniportAdapterContext;
+    NDIS_STATUS    status;
+
+    // Dispatch based on request type.
+    switch (OidRequest->RequestType)
+    {
+    case NdisRequestSetInformation:
+        status = tapSetInformation(adapter,OidRequest);
+        break;
+
+    case NdisRequestQueryInformation:
+    case NdisRequestQueryStatistics:
+        status = tapQueryInformation(adapter,OidRequest);
+        break;
+
+    case NdisRequestMethod: // TAP doesn't need to respond to this request type.
+    default:
+        //
+        // The entry point may by used by other requests
+        //
+        status = NDIS_STATUS_NOT_SUPPORTED;
+        break;
+    }
+
+    return status;
+}
+
+VOID
+AdapterCancelOidRequest(
+    __in NDIS_HANDLE              MiniportAdapterContext,
+    __in PVOID                    RequestId
+    )
+{
+    PTAP_ADAPTER_CONTEXT   adapter = (PTAP_ADAPTER_CONTEXT )MiniportAdapterContext;
+
+    UNREFERENCED_PARAMETER(RequestId);
+
+    //
+    // This miniport sample does not pend any OID requests, so we don't have
+    // to worry about cancelling them.
+    //
+}
+
diff --git a/windows/TapDriver6/proto.h b/windows/TapDriver6/proto.h
new file mode 100644
index 0000000..cc23de6
--- /dev/null
+++ b/windows/TapDriver6/proto.h
@@ -0,0 +1,224 @@
+/*
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ *                 device functionality on Windows.
+ *
+ *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
+ *
+ *  This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
+ *  and is released under the GPL version 2 (see below).
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+//============================================================
+// MAC address, Ethernet header, and ARP
+//============================================================
+
+#pragma pack(1)
+
+#define IP_HEADER_SIZE 20
+#define IPV6_HEADER_SIZE 40
+
+#define MACADDR_SIZE    6
+typedef unsigned char MACADDR[MACADDR_SIZE];
+
+typedef unsigned long IPADDR;
+typedef unsigned char IPV6ADDR[16];
+
+//-----------------
+// Ethernet address
+//-----------------
+
+typedef struct {
+  MACADDR addr;
+} ETH_ADDR;
+
+typedef struct {
+  ETH_ADDR list[TAP_MAX_MCAST_LIST];
+} MC_LIST;
+
+
+// BUGBUG!!! Consider using ststem defines in netiodef.h!!!
+
+//----------------
+// Ethernet header
+//----------------
+typedef struct
+{
+    MACADDR dest;               /* destination eth addr	*/
+    MACADDR src;                /* source ether addr	*/
+    USHORT proto;               /* packet type ID field	*/
+} ETH_HEADER, *PETH_HEADER;
+
+//----------------
+// ARP packet
+//----------------
+
+typedef struct
+   {
+    MACADDR        m_MAC_Destination;        // Reverse these two
+    MACADDR        m_MAC_Source;             // to answer ARP requests
+    USHORT         m_Proto;                  // 0x0806
+
+#   define MAC_ADDR_TYPE 0x0001
+    USHORT         m_MAC_AddressType;        // 0x0001
+
+    USHORT         m_PROTO_AddressType;      // 0x0800
+    UCHAR          m_MAC_AddressSize;        // 0x06
+    UCHAR          m_PROTO_AddressSize;      // 0x04
+
+#   define ARP_REQUEST 0x0001
+#   define ARP_REPLY   0x0002
+    USHORT         m_ARP_Operation;          // 0x0001 for ARP request, 0x0002 for ARP reply
+
+    MACADDR        m_ARP_MAC_Source;
+    IPADDR         m_ARP_IP_Source;
+    MACADDR        m_ARP_MAC_Destination;
+    IPADDR         m_ARP_IP_Destination;
+   }
+ARP_PACKET, *PARP_PACKET;
+
+//----------
+// IP Header
+//----------
+
+typedef struct {
+# define IPH_GET_VER(v) (((v) >> 4) & 0x0F)
+# define IPH_GET_LEN(v) (((v) & 0x0F) << 2)
+  UCHAR    version_len;
+
+  UCHAR    tos;
+  USHORT   tot_len;
+  USHORT   id;
+
+# define IP_OFFMASK 0x1fff
+  USHORT   frag_off;
+
+  UCHAR    ttl;
+
+# define IPPROTO_UDP  17  /* UDP protocol */
+# define IPPROTO_TCP   6  /* TCP protocol */
+# define IPPROTO_ICMP  1  /* ICMP protocol */
+# define IPPROTO_IGMP  2  /* IGMP protocol */
+  UCHAR    protocol;
+
+  USHORT   check;
+  ULONG    saddr;
+  ULONG    daddr;
+  /* The options start here. */
+} IPHDR;
+
+//-----------
+// UDP header
+//-----------
+
+typedef struct {
+  USHORT   source;
+  USHORT   dest;
+  USHORT   len;
+  USHORT   check;
+} UDPHDR;
+
+//--------------------------
+// TCP header, per RFC 793.
+//--------------------------
+
+typedef struct {
+  USHORT      source;    /* source port */
+  USHORT      dest;      /* destination port */
+  ULONG       seq;       /* sequence number */
+  ULONG       ack_seq;   /* acknowledgement number */
+
+# define TCPH_GET_DOFF(d) (((d) & 0xF0) >> 2)
+  UCHAR       doff_res;
+
+# define TCPH_FIN_MASK (1<<0)
+# define TCPH_SYN_MASK (1<<1)
+# define TCPH_RST_MASK (1<<2)
+# define TCPH_PSH_MASK (1<<3)
+# define TCPH_ACK_MASK (1<<4)
+# define TCPH_URG_MASK (1<<5)
+# define TCPH_ECE_MASK (1<<6)
+# define TCPH_CWR_MASK (1<<7)
+  UCHAR       flags;
+
+  USHORT      window;
+  USHORT      check;
+  USHORT      urg_ptr;
+} TCPHDR;
+
+#define	TCPOPT_EOL     0
+#define	TCPOPT_NOP     1
+#define	TCPOPT_MAXSEG  2
+#define TCPOLEN_MAXSEG 4
+
+//------------
+// IPv6 Header
+//------------
+
+typedef struct {
+  UCHAR    version_prio;
+  UCHAR    flow_lbl[3];
+  USHORT   payload_len;
+# define IPPROTO_ICMPV6  0x3a  /* ICMP protocol v6 */
+  UCHAR    nexthdr;
+  UCHAR    hop_limit;
+  IPV6ADDR saddr;
+  IPV6ADDR daddr;
+} IPV6HDR;
+
+//--------------------------------------------
+// IPCMPv6 NS/NA Packets (RFC4443 and RFC4861)
+//--------------------------------------------
+
+// Neighbor Solictiation - RFC 4861, 4.3
+// (this is just the ICMPv6 part of the packet)
+typedef struct {
+  UCHAR    type;
+# define ICMPV6_TYPE_NS	135		// neighbour solicitation
+  UCHAR    code;
+# define ICMPV6_CODE_0	0		// no specific sub-code for NS/NA
+  USHORT   checksum;
+  ULONG    reserved;
+  IPV6ADDR target_addr;
+} ICMPV6_NS;
+
+// Neighbor Advertisement - RFC 4861, 4.4 + 4.6/4.6.1
+// (this is just the ICMPv6 payload)
+typedef struct {
+  UCHAR    type;
+# define ICMPV6_TYPE_NA	136		// neighbour advertisement
+  UCHAR    code;
+# define ICMPV6_CODE_0	0		// no specific sub-code for NS/NA
+  USHORT   checksum;
+  UCHAR    rso_bits;			// Router(0), Solicited(2), Ovrrd(4)
+  UCHAR	   reserved[3];
+  IPV6ADDR target_addr;
+// always include "Target Link-layer Address" option (RFC 4861 4.6.1)
+  UCHAR    opt_type;
+#define ICMPV6_OPTION_TLLA 2
+  UCHAR    opt_length;
+#define ICMPV6_LENGTH_TLLA 1		// multiplied by 8 -> 1 = 8 bytes
+  MACADDR  target_macaddr;
+} ICMPV6_NA;
+
+// this is the complete packet with Ethernet and IPv6 headers
+typedef struct {
+  ETH_HEADER eth;
+  IPV6HDR    ipv6;
+  ICMPV6_NA  icmpv6;
+} ICMPV6_NA_PKT;
+
+#pragma pack()
diff --git a/windows/TapDriver6/prototypes.h b/windows/TapDriver6/prototypes.h
new file mode 100644
index 0000000..a48d35e
--- /dev/null
+++ b/windows/TapDriver6/prototypes.h
@@ -0,0 +1,91 @@
+/*
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ *                 device functionality on Windows.
+ *
+ *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
+ *
+ *  This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
+ *  and is released under the GPL version 2 (see below).
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#ifndef TAP_PROTOTYPES_DEFINED
+#define TAP_PROTOTYPES_DEFINED
+
+DRIVER_INITIALIZE   DriverEntry;
+
+//VOID AdapterFreeResources
+//   (
+//    TapAdapterPointer p_Adapter
+//   );
+//
+
+//
+//NTSTATUS TapDeviceHook
+//   (
+//    IN PDEVICE_OBJECT p_DeviceObject,
+//    IN PIRP p_IRP
+//   );
+//
+
+NDIS_STATUS
+CreateTapDevice(
+    __in PTAP_ADAPTER_CONTEXT   Adapter
+   );
+
+VOID
+DestroyTapDevice(
+    __in PTAP_ADAPTER_CONTEXT   Adapter
+   );
+
+// Flush the pending send TAP packet queue.
+VOID
+tapFlushSendPacketQueue(
+    __in PTAP_ADAPTER_CONTEXT   Adapter
+    );
+
+VOID
+IndicateReceivePacket(
+    __in PTAP_ADAPTER_CONTEXT  Adapter,
+    __in PUCHAR packetData,
+    __in const unsigned int packetLength
+    );
+
+/*
+BOOLEAN
+ProcessDHCP(
+    __in PTAP_ADAPTER_CONTEXT   Adapter,
+    __in const ETH_HEADER *eth,
+    __in const IPHDR *ip,
+    __in const UDPHDR *udp,
+    __in const DHCP *dhcp,
+    __in int optlen
+    );
+*/
+
+/*
+BOOLEAN
+ProcessARP(
+    __in PTAP_ADAPTER_CONTEXT   Adapter,
+    __in const PARP_PACKET src,
+    __in const IPADDR adapter_ip,
+    __in const IPADDR ip_network,
+    __in const IPADDR ip_netmask,
+    __in const MACADDR mac
+   );
+*/
+
+#endif
diff --git a/windows/TapDriver6/resource.h b/windows/TapDriver6/resource.h
new file mode 100644
index 0000000..e736408
--- /dev/null
+++ b/windows/TapDriver6/resource.h
@@ -0,0 +1,1573 @@
+//{{NO_DEPENDENCIES}}
+// Microsoft Visual C++ generated include file.
+// Used by resource.rc
+//
+#define SW_HIDE                         0
+#define HIDE_WINDOW                     0
+#define WM_NULL                         0x0000
+#define WA_INACTIVE                     0
+#define HTNOWHERE                       0
+#define SMTO_NORMAL                     0x0000
+#define ICON_SMALL                      0
+#define SIZE_RESTORED                   0
+#define BN_CLICKED                      0
+#define BST_UNCHECKED                   0x0000
+#define HDS_HORZ                        0x0000
+#define TBSTYLE_BUTTON                  0x0000
+#define TBS_HORZ                        0x0000
+#define TBS_BOTTOM                      0x0000
+#define TBS_RIGHT                       0x0000
+#define LVS_ICON                        0x0000
+#define LVS_ALIGNTOP                    0x0000
+#define TCS_TABS                        0x0000
+#define TCS_SINGLELINE                  0x0000
+#define TCS_RIGHTJUSTIFY                0x0000
+#define DTS_SHORTDATEFORMAT             0x0000
+#define PGS_VERT                        0x00000000
+#define LANG_NEUTRAL                    0x00
+#define SUBLANG_NEUTRAL                 0x00
+#define SORT_DEFAULT                    0x0
+#define SORT_JAPANESE_XJIS              0x0
+#define SORT_CHINESE_BIG5               0x0
+#define SORT_CHINESE_PRCP               0x0
+#define SORT_KOREAN_KSC                 0x0
+#define SORT_HUNGARIAN_DEFAULT          0x0
+#define SORT_GEORGIAN_TRADITIONAL       0x0
+#define _USE_DECLSPECS_FOR_SAL          0
+#define _USE_ATTRIBUTES_FOR_SAL         0
+#define __drv_typeConst                 0
+#define VER_DEBUG                       0
+#define VER_PRERELEASE                  0
+#define PRODUCT_TAP_WIN_MINOR           0
+#define WINAPI_PARTITION_DESKTOP        0x00000001
+#define CREATEPROCESS_MANIFEST_RESOURCE_ID 1
+#define MINIMUM_RESERVED_MANIFEST_RESOURCE_ID 1
+#define SW_SHOWNORMAL                   1
+#define SW_NORMAL                       1
+#define SHOW_OPENWINDOW                 1
+#define SW_PARENTCLOSING                1
+#define VK_LBUTTON                      0x01
+#define WM_CREATE                       0x0001
+#define WA_ACTIVE                       1
+#define PWR_OK                          1
+#define PWR_SUSPENDREQUEST              1
+#define NFR_ANSI                        1
+#define UIS_SET                         1
+#define UISF_HIDEFOCUS                  0x1
+#define XBUTTON1                        0x0001
+#define WMSZ_LEFT                       1
+#define HTCLIENT                        1
+#define SMTO_BLOCK                      0x0001
+#define MA_ACTIVATE                     1
+#define ICON_BIG                        1
+#define SIZE_MINIMIZED                  1
+#define MK_LBUTTON                      0x0001
+#define TME_HOVER                       0x00000001
+#define CS_VREDRAW                      0x0001
+#define CF_TEXT                         1
+#define SCF_ISSECURE                    0x00000001
+#define IDOK                            1
+#define BN_PAINT                        1
+#define BST_CHECKED                     0x0001
+#define TBSTYLE_SEP                     0x0001
+#define TTS_ALWAYSTIP                   0x01
+#define TBS_AUTOTICKS                   0x0001
+#define UDS_WRAP                        0x0001
+#define PBS_SMOOTH                      0x01
+#define LWS_TRANSPARENT                 0x0001
+#define LVS_REPORT                      0x0001
+#define TVS_HASBUTTONS                  0x0001
+#define TVS_EX_NOSINGLECOLLAPSE         0x0001
+#define TCS_SCROLLOPPOSITE              0x0001
+#define ACS_CENTER                      0x0001
+#define MCS_DAYSTATE                    0x0001
+#define DTS_UPDOWN                      0x0001
+#define PGS_HORZ                        0x00000001
+#define NFS_EDIT                        0x0001
+#define BCSIF_GLYPH                     0x0001
+#define BCSS_NOSPLIT                    0x0001
+#define LANG_ARABIC                     0x01
+#define SUBLANG_DEFAULT                 0x01
+#define SUBLANG_AFRIKAANS_SOUTH_AFRICA  0x01
+#define SUBLANG_ALBANIAN_ALBANIA        0x01
+#define SUBLANG_ALSATIAN_FRANCE         0x01
+#define SUBLANG_AMHARIC_ETHIOPIA        0x01
+#define SUBLANG_ARABIC_SAUDI_ARABIA     0x01
+#define SUBLANG_ARMENIAN_ARMENIA        0x01
+#define SUBLANG_ASSAMESE_INDIA          0x01
+#define SUBLANG_AZERI_LATIN             0x01
+#define SUBLANG_AZERBAIJANI_AZERBAIJAN_LATIN 0x01
+#define SUBLANG_BANGLA_INDIA            0x01
+#define SUBLANG_BASHKIR_RUSSIA          0x01
+#define SUBLANG_BASQUE_BASQUE           0x01
+#define SUBLANG_BELARUSIAN_BELARUS      0x01
+#define SUBLANG_BENGALI_INDIA           0x01
+#define SUBLANG_BRETON_FRANCE           0x01
+#define SUBLANG_BULGARIAN_BULGARIA      0x01
+#define SUBLANG_CATALAN_CATALAN         0x01
+#define SUBLANG_CENTRAL_KURDISH_IRAQ    0x01
+#define SUBLANG_CHEROKEE_CHEROKEE       0x01
+#define SUBLANG_CHINESE_TRADITIONAL     0x01
+#define SUBLANG_CORSICAN_FRANCE         0x01
+#define SUBLANG_CZECH_CZECH_REPUBLIC    0x01
+#define SUBLANG_CROATIAN_CROATIA        0x01
+#define SUBLANG_DANISH_DENMARK          0x01
+#define SUBLANG_DARI_AFGHANISTAN        0x01
+#define SUBLANG_DIVEHI_MALDIVES         0x01
+#define SUBLANG_DUTCH                   0x01
+#define SUBLANG_ENGLISH_US              0x01
+#define SUBLANG_ESTONIAN_ESTONIA        0x01
+#define SUBLANG_FAEROESE_FAROE_ISLANDS  0x01
+#define SUBLANG_FILIPINO_PHILIPPINES    0x01
+#define SUBLANG_FINNISH_FINLAND         0x01
+#define SUBLANG_FRENCH                  0x01
+#define SUBLANG_FRISIAN_NETHERLANDS     0x01
+#define SUBLANG_GALICIAN_GALICIAN       0x01
+#define SUBLANG_GEORGIAN_GEORGIA        0x01
+#define SUBLANG_GERMAN                  0x01
+#define SUBLANG_GREEK_GREECE            0x01
+#define SUBLANG_GREENLANDIC_GREENLAND   0x01
+#define SUBLANG_GUJARATI_INDIA          0x01
+#define SUBLANG_HAUSA_NIGERIA_LATIN     0x01
+#define SUBLANG_HAWAIIAN_US             0x01
+#define SUBLANG_HEBREW_ISRAEL           0x01
+#define SUBLANG_HINDI_INDIA             0x01
+#define SUBLANG_HUNGARIAN_HUNGARY       0x01
+#define SUBLANG_ICELANDIC_ICELAND       0x01
+#define SUBLANG_IGBO_NIGERIA            0x01
+#define SUBLANG_INDONESIAN_INDONESIA    0x01
+#define SUBLANG_INUKTITUT_CANADA        0x01
+#define SUBLANG_ITALIAN                 0x01
+#define SUBLANG_JAPANESE_JAPAN          0x01
+#define SUBLANG_KANNADA_INDIA           0x01
+#define SUBLANG_KAZAK_KAZAKHSTAN        0x01
+#define SUBLANG_KHMER_CAMBODIA          0x01
+#define SUBLANG_KICHE_GUATEMALA         0x01
+#define SUBLANG_KINYARWANDA_RWANDA      0x01
+#define SUBLANG_KONKANI_INDIA           0x01
+#define SUBLANG_KOREAN                  0x01
+#define SUBLANG_KYRGYZ_KYRGYZSTAN       0x01
+#define SUBLANG_LAO_LAO                 0x01
+#define SUBLANG_LATVIAN_LATVIA          0x01
+#define SUBLANG_LITHUANIAN              0x01
+#define SUBLANG_LUXEMBOURGISH_LUXEMBOURG 0x01
+#define SUBLANG_MACEDONIAN_MACEDONIA    0x01
+#define SUBLANG_MALAY_MALAYSIA          0x01
+#define SUBLANG_MALAYALAM_INDIA         0x01
+#define SUBLANG_MALTESE_MALTA           0x01
+#define SUBLANG_MAORI_NEW_ZEALAND       0x01
+#define SUBLANG_MAPUDUNGUN_CHILE        0x01
+#define SUBLANG_MARATHI_INDIA           0x01
+#define SUBLANG_MOHAWK_MOHAWK           0x01
+#define SUBLANG_MONGOLIAN_CYRILLIC_MONGOLIA 0x01
+#define SUBLANG_NEPALI_NEPAL            0x01
+#define SUBLANG_NORWEGIAN_BOKMAL        0x01
+#define SUBLANG_OCCITAN_FRANCE          0x01
+#define SUBLANG_ODIA_INDIA              0x01
+#define SUBLANG_ORIYA_INDIA             0x01
+#define SUBLANG_PASHTO_AFGHANISTAN      0x01
+#define SUBLANG_PERSIAN_IRAN            0x01
+#define SUBLANG_POLISH_POLAND           0x01
+#define SUBLANG_PORTUGUESE_BRAZILIAN    0x01
+#define SUBLANG_PUNJABI_INDIA           0x01
+#define SUBLANG_QUECHUA_BOLIVIA         0x01
+#define SUBLANG_ROMANIAN_ROMANIA        0x01
+#define SUBLANG_ROMANSH_SWITZERLAND     0x01
+#define SUBLANG_RUSSIAN_RUSSIA          0x01
+#define SUBLANG_SAKHA_RUSSIA            0x01
+#define SUBLANG_SAMI_NORTHERN_NORWAY    0x01
+#define SUBLANG_SANSKRIT_INDIA          0x01
+#define SUBLANG_SCOTTISH_GAELIC         0x01
+#define SUBLANG_SERBIAN_CROATIA         0x01
+#define SUBLANG_SINDHI_INDIA            0x01
+#define SUBLANG_SINHALESE_SRI_LANKA     0x01
+#define SUBLANG_SOTHO_NORTHERN_SOUTH_AFRICA 0x01
+#define SUBLANG_SLOVAK_SLOVAKIA         0x01
+#define SUBLANG_SLOVENIAN_SLOVENIA      0x01
+#define SUBLANG_SPANISH                 0x01
+#define SUBLANG_SWAHILI_KENYA           0x01
+#define SUBLANG_SWEDISH                 0x01
+#define SUBLANG_SYRIAC_SYRIA            0x01
+#define SUBLANG_TAJIK_TAJIKISTAN        0x01
+#define SUBLANG_TAMIL_INDIA             0x01
+#define SUBLANG_TATAR_RUSSIA            0x01
+#define SUBLANG_TELUGU_INDIA            0x01
+#define SUBLANG_THAI_THAILAND           0x01
+#define SUBLANG_TIBETAN_PRC             0x01
+#define SUBLANG_TIGRINYA_ETHIOPIA       0x01
+#define SUBLANG_TSWANA_SOUTH_AFRICA     0x01
+#define SUBLANG_TURKISH_TURKEY          0x01
+#define SUBLANG_TURKMEN_TURKMENISTAN    0x01
+#define SUBLANG_UIGHUR_PRC              0x01
+#define SUBLANG_UKRAINIAN_UKRAINE       0x01
+#define SUBLANG_UPPER_SORBIAN_GERMANY   0x01
+#define SUBLANG_URDU_PAKISTAN           0x01
+#define SUBLANG_UZBEK_LATIN             0x01
+#define SUBLANG_VIETNAMESE_VIETNAM      0x01
+#define SUBLANG_WELSH_UNITED_KINGDOM    0x01
+#define SUBLANG_WOLOF_SENEGAL           0x01
+#define SUBLANG_XHOSA_SOUTH_AFRICA      0x01
+#define SUBLANG_YAKUT_RUSSIA            0x01
+#define SUBLANG_YI_PRC                  0x01
+#define SUBLANG_YORUBA_NIGERIA          0x01
+#define SUBLANG_ZULU_SOUTH_AFRICA       0x01
+#define SORT_INVARIANT_MATH             0x1
+#define SORT_JAPANESE_UNICODE           0x1
+#define SORT_CHINESE_UNICODE            0x1
+#define SORT_KOREAN_UNICODE             0x1
+#define SORT_GERMAN_PHONE_BOOK          0x1
+#define SORT_HUNGARIAN_TECHNICAL        0x1
+#define SORT_GEORGIAN_MODERN            0x1
+#define __drv_typeCond                  1
+#define VS_VERSION_INFO                 1
+#define VFFF_ISSHAREDFILE               0x0001
+#define VFF_CURNEDEST                   0x0001
+#define VIFF_FORCEINSTALL               0x0001
+#define WINAPI_PARTITION_APP            0x00000002
+#define ISOLATIONAWARE_MANIFEST_RESOURCE_ID 2
+#define SW_SHOWMINIMIZED                2
+#define SHOW_ICONWINDOW                 2
+#define SW_OTHERZOOM                    2
+#define VK_RBUTTON                      0x02
+#define WM_DESTROY                      0x0002
+#define WA_CLICKACTIVE                  2
+#define PWR_SUSPENDRESUME               2
+#define NFR_UNICODE                     2
+#define UIS_CLEAR                       2
+#define UISF_HIDEACCEL                  0x2
+#define XBUTTON2                        0x0002
+#define WMSZ_RIGHT                      2
+#define HTCAPTION                       2
+#define SMTO_ABORTIFHUNG                0x0002
+#define MA_ACTIVATEANDEAT               2
+#define ICON_SMALL2                     2
+#define SIZE_MAXIMIZED                  2
+#define MK_RBUTTON                      0x0002
+#define TME_LEAVE                       0x00000002
+#define CS_HREDRAW                      0x0002
+#define CF_BITMAP                       2
+#define IDCANCEL                        2
+#define BN_HILITE                       2
+#define BST_INDETERMINATE               0x0002
+#define HDS_BUTTONS                     0x0002
+#define TBSTYLE_CHECK                   0x0002
+#define TTS_NOPREFIX                    0x02
+#define TBS_VERT                        0x0002
+#define UDS_SETBUDDYINT                 0x0002
+#define LWS_IGNORERETURN                0x0002
+#define LVS_SMALLICON                   0x0002
+#define TVS_HASLINES                    0x0002
+#define TVS_EX_MULTISELECT              0x0002
+#define TCS_BOTTOM                      0x0002
+#define TCS_RIGHT                       0x0002
+#define ACS_TRANSPARENT                 0x0002
+#define MCS_MULTISELECT                 0x0002
+#define DTS_SHOWNONE                    0x0002
+#define PGS_AUTOSCROLL                  0x00000002
+#define NFS_STATIC                      0x0002
+#define BCSIF_IMAGE                     0x0002
+#define BCSS_STRETCH                    0x0002
+#define LANG_BULGARIAN                  0x02
+#define SUBLANG_SYS_DEFAULT             0x02
+#define SUBLANG_ARABIC_IRAQ             0x02
+#define SUBLANG_AZERI_CYRILLIC          0x02
+#define SUBLANG_AZERBAIJANI_AZERBAIJAN_CYRILLIC 0x02
+#define SUBLANG_BANGLA_BANGLADESH       0x02
+#define SUBLANG_BENGALI_BANGLADESH      0x02
+#define SUBLANG_CHINESE_SIMPLIFIED      0x02
+#define SUBLANG_DUTCH_BELGIAN           0x02
+#define SUBLANG_ENGLISH_UK              0x02
+#define SUBLANG_FRENCH_BELGIAN          0x02
+#define SUBLANG_FULAH_SENEGAL           0x02
+#define SUBLANG_GERMAN_SWISS            0x02
+#define SUBLANG_INUKTITUT_CANADA_LATIN  0x02
+#define SUBLANG_IRISH_IRELAND           0x02
+#define SUBLANG_ITALIAN_SWISS           0x02
+#define SUBLANG_KASHMIRI_SASIA          0x02
+#define SUBLANG_KASHMIRI_INDIA          0x02
+#define SUBLANG_LOWER_SORBIAN_GERMANY   0x02
+#define SUBLANG_MALAY_BRUNEI_DARUSSALAM 0x02
+#define SUBLANG_MONGOLIAN_PRC           0x02
+#define SUBLANG_NEPALI_INDIA            0x02
+#define SUBLANG_NORWEGIAN_NYNORSK       0x02
+#define SUBLANG_PORTUGUESE              0x02
+#define SUBLANG_PULAR_SENEGAL           0x02
+#define SUBLANG_PUNJABI_PAKISTAN        0x02
+#define SUBLANG_QUECHUA_ECUADOR         0x02
+#define SUBLANG_SAMI_NORTHERN_SWEDEN    0x02
+#define SUBLANG_SERBIAN_LATIN           0x02
+#define SUBLANG_SINDHI_PAKISTAN         0x02
+#define SUBLANG_SINDHI_AFGHANISTAN      0x02
+#define SUBLANG_SPANISH_MEXICAN         0x02
+#define SUBLANG_SWEDISH_FINLAND         0x02
+#define SUBLANG_TAMAZIGHT_ALGERIA_LATIN 0x02
+#define SUBLANG_TAMIL_SRI_LANKA         0x02
+#define SUBLANG_TIGRIGNA_ERITREA        0x02
+#define SUBLANG_TIGRINYA_ERITREA        0x02
+#define SUBLANG_TSWANA_BOTSWANA         0x02
+#define SUBLANG_URDU_INDIA              0x02
+#define SUBLANG_UZBEK_CYRILLIC          0x02
+#define SUBLANG_VALENCIAN_VALENCIA      0x02
+#define SORT_CHINESE_PRC                0x2
+#define __drv_typeBitset                2
+#define VFF_FILEINUSE                   0x0002
+#define VIFF_DONTDELETEOLD              0x0002
+#define VER_PRODUCTMINORVERSION         2
+#define ISOLATIONAWARE_NOSTATICIMPORT_MANIFEST_RESOURCE_ID 3
+#define SW_SHOWMAXIMIZED                3
+#define SW_MAXIMIZE                     3
+#define SHOW_FULLSCREEN                 3
+#define SW_PARENTOPENING                3
+#define VK_CANCEL                       0x03
+#define WM_MOVE                         0x0003
+#define PWR_CRITICALRESUME              3
+#define NF_QUERY                        3
+#define UIS_INITIALIZE                  3
+#define WMSZ_TOP                        3
+#define HTSYSMENU                       3
+#define MA_NOACTIVATE                   3
+#define SIZE_MAXSHOW                    3
+#define CF_METAFILEPICT                 3
+#define IDABORT                         3
+#define BN_UNHILITE                     3
+#define LVS_LIST                        0x0003
+#define LVS_TYPEMASK                    0x0003
+#define LANG_CATALAN                    0x03
+#define LANG_VALENCIAN                  0x03
+#define SUBLANG_CUSTOM_DEFAULT          0x03
+#define SUBLANG_ARABIC_EGYPT            0x03
+#define SUBLANG_CHINESE_HONGKONG        0x03
+#define SUBLANG_ENGLISH_AUS             0x03
+#define SUBLANG_FRENCH_CANADIAN         0x03
+#define SUBLANG_GERMAN_AUSTRIAN         0x03
+#define SUBLANG_QUECHUA_PERU            0x03
+#define SUBLANG_SAMI_NORTHERN_FINLAND   0x03
+#define SUBLANG_SERBIAN_CYRILLIC        0x03
+#define SUBLANG_SPANISH_MODERN          0x03
+#define SORT_CHINESE_BOPOMOFO           0x3
+#define __drv_typeExpr                  3
+#define PRODUCT_TAP_WIN_MAJOR           3
+#define SW_SHOWNOACTIVATE               4
+#define SHOW_OPENNOACTIVATE             4
+#define SW_OTHERUNZOOM                  4
+#define VK_MBUTTON                      0x04
+#define NF_REQUERY                      4
+#define UISF_ACTIVE                     0x4
+#define WMSZ_TOPLEFT                    4
+#define HTGROWBOX                       4
+#define MA_NOACTIVATEANDEAT             4
+#define SIZE_MAXHIDE                    4
+#define MK_SHIFT                        0x0004
+#define CF_SYLK                         4
+#define IDRETRY                         4
+#define BN_DISABLE                      4
+#define BST_PUSHED                      0x0004
+#define HDS_HOTTRACK                    0x0004
+#define TBSTYLE_GROUP                   0x0004
+#define TBS_TOP                         0x0004
+#define TBS_LEFT                        0x0004
+#define UDS_ALIGNRIGHT                  0x0004
+#define PBS_VERTICAL                    0x04
+#define LWS_NOPREFIX                    0x0004
+#define LVS_SINGLESEL                   0x0004
+#define TVS_LINESATROOT                 0x0004
+#define TVS_EX_DOUBLEBUFFER             0x0004
+#define TCS_MULTISELECT                 0x0004
+#define ACS_AUTOPLAY                    0x0004
+#define MCS_WEEKNUMBERS                 0x0004
+#define DTS_LONGDATEFORMAT              0x0004
+#define PGS_DRAGNDROP                   0x00000004
+#define NFS_LISTCOMBO                   0x0004
+#define BCSIF_STYLE                     0x0004
+#define BCSS_ALIGNLEFT                  0x0004
+#define LANG_CHINESE                    0x04
+#define LANG_CHINESE_SIMPLIFIED         0x04
+#define SUBLANG_CUSTOM_UNSPECIFIED      0x04
+#define SUBLANG_ARABIC_LIBYA            0x04
+#define SUBLANG_CHINESE_SINGAPORE       0x04
+#define SUBLANG_CROATIAN_BOSNIA_HERZEGOVINA_LATIN 0x04
+#define SUBLANG_ENGLISH_CAN             0x04
+#define SUBLANG_FRENCH_SWISS            0x04
+#define SUBLANG_GERMAN_LUXEMBOURG       0x04
+#define SUBLANG_SAMI_LULE_NORWAY        0x04
+#define SUBLANG_SPANISH_GUATEMALA       0x04
+#define SUBLANG_TAMAZIGHT_MOROCCO_TIFINAGH 0x04
+#define SORT_JAPANESE_RADICALSTROKE     0x4
+#define SORT_CHINESE_RADICALSTROKE      0x4
+#define VFF_BUFFTOOSMALL                0x0004
+#define SW_SHOW                         5
+#define VK_XBUTTON1                     0x05
+#define WM_SIZE                         0x0005
+#define WMSZ_TOPRIGHT                   5
+#define HTMENU                          5
+#define CF_DIF                          5
+#define IDIGNORE                        5
+#define BN_DOUBLECLICKED                5
+#define LANG_CZECH                      0x05
+#define SUBLANG_UI_CUSTOM_DEFAULT       0x05
+#define SUBLANG_ARABIC_ALGERIA          0x05
+#define SUBLANG_BOSNIAN_BOSNIA_HERZEGOVINA_LATIN 0x05
+#define SUBLANG_CHINESE_MACAU           0x05
+#define SUBLANG_ENGLISH_NZ              0x05
+#define SUBLANG_FRENCH_LUXEMBOURG       0x05
+#define SUBLANG_GERMAN_LIECHTENSTEIN    0x05
+#define SUBLANG_SAMI_LULE_SWEDEN        0x05
+#define SUBLANG_SPANISH_COSTA_RICA      0x05
+#define SW_MINIMIZE                     6
+#define VK_XBUTTON2                     0x06
+#define WM_ACTIVATE                     0x0006
+#define WMSZ_BOTTOM                     6
+#define HTHSCROLL                       6
+#define CF_TIFF                         6
+#define IDYES                           6
+#define BN_SETFOCUS                     6
+#define LANG_DANISH                     0x06
+#define SUBLANG_ARABIC_MOROCCO          0x06
+#define SUBLANG_ENGLISH_EIRE            0x06
+#define SUBLANG_FRENCH_MONACO           0x06
+#define SUBLANG_SAMI_SOUTHERN_NORWAY    0x06
+#define SUBLANG_SERBIAN_BOSNIA_HERZEGOVINA_LATIN 0x06
+#define SUBLANG_SPANISH_PANAMA          0x06
+#define VER_PRODUCTMAJORVERSION         6
+#define SW_SHOWMINNOACTIVE              7
+#define WM_SETFOCUS                     0x0007
+#define WMSZ_BOTTOMLEFT                 7
+#define HTVSCROLL                       7
+#define CF_OEMTEXT                      7
+#define IDNO                            7
+#define BN_KILLFOCUS                    7
+#define LANG_GERMAN                     0x07
+#define SUBLANG_ARABIC_TUNISIA          0x07
+#define SUBLANG_ENGLISH_SOUTH_AFRICA    0x07
+#define SUBLANG_SAMI_SOUTHERN_SWEDEN    0x07
+#define SUBLANG_SERBIAN_BOSNIA_HERZEGOVINA_CYRILLIC 0x07
+#define SUBLANG_SPANISH_DOMINICAN_REPUBLIC 0x07
+#define SW_SHOWNA                       8
+#define VK_BACK                         0x08
+#define WM_KILLFOCUS                    0x0008
+#define WMSZ_BOTTOMRIGHT                8
+#define HTMINBUTTON                     8
+#define SMTO_NOTIMEOUTIFNOTHUNG         0x0008
+#define MK_CONTROL                      0x0008
+#define CS_DBLCLKS                      0x0008
+#define CF_DIB                          8
+#define IDCLOSE                         8
+#define BST_FOCUS                       0x0008
+#define HDS_HIDDEN                      0x0008
+#define TBSTYLE_DROPDOWN                0x0008
+#define TBS_BOTH                        0x0008
+#define UDS_ALIGNLEFT                   0x0008
+#define PBS_MARQUEE                     0x08
+#define LWS_USEVISUALSTYLE              0x0008
+#define LVS_SHOWSELALWAYS               0x0008
+#define TVS_EDITLABELS                  0x0008
+#define TVS_EX_NOINDENTSTATE            0x0008
+#define TCS_FLATBUTTONS                 0x0008
+#define ACS_TIMER                       0x0008
+#define MCS_NOTODAYCIRCLE               0x0008
+#define NFS_BUTTON                      0x0008
+#define BCSIF_SIZE                      0x0008
+#define BCSS_IMAGE                      0x0008
+#define LANG_GREEK                      0x08
+#define SUBLANG_ARABIC_OMAN             0x08
+#define SUBLANG_BOSNIAN_BOSNIA_HERZEGOVINA_CYRILLIC 0x08
+#define SUBLANG_ENGLISH_JAMAICA         0x08
+#define SUBLANG_SAMI_SKOLT_FINLAND      0x08
+#define SUBLANG_SPANISH_VENEZUELA       0x08
+#define SW_RESTORE                      9
+#define VK_TAB                          0x09
+#define HTMAXBUTTON                     9
+#define CF_PALETTE                      9
+#define IDHELP                          9
+#define DTS_TIMEFORMAT                  0x0009
+#define LANG_ENGLISH                    0x09
+#define SUBLANG_ARABIC_YEMEN            0x09
+#define SUBLANG_ENGLISH_CARIBBEAN       0x09
+#define SUBLANG_SAMI_INARI_FINLAND      0x09
+#define SUBLANG_SERBIAN_SERBIA_LATIN    0x09
+#define SUBLANG_SPANISH_COLOMBIA        0x09
+#define SW_SHOWDEFAULT                  10
+#define WM_ENABLE                       0x000A
+#define HTLEFT                          10
+#define CF_PENDATA                      10
+#define IDTRYAGAIN                      10
+#define HELP_CONTEXTMENU                0x000a
+#define LANG_SPANISH                    0x0a
+#define SUBLANG_ARABIC_SYRIA            0x0a
+#define SUBLANG_ENGLISH_BELIZE          0x0a
+#define SUBLANG_SERBIAN_SERBIA_CYRILLIC 0x0a
+#define SUBLANG_SPANISH_PERU            0x0a
+#define SW_FORCEMINIMIZE                11
+#define SW_MAX                          11
+#define WM_SETREDRAW                    0x000B
+#define HTRIGHT                         11
+#define CF_RIFF                         11
+#define IDCONTINUE                      11
+#define HELP_FINDER                     0x000b
+#define LANG_FINNISH                    0x0b
+#define SUBLANG_ARABIC_JORDAN           0x0b
+#define SUBLANG_ENGLISH_TRINIDAD        0x0b
+#define SUBLANG_SERBIAN_MONTENEGRO_LATIN 0x0b
+#define SUBLANG_SPANISH_ARGENTINA       0x0b
+#define VK_CLEAR                        0x0C
+#define WM_SETTEXT                      0x000C
+#define HTTOP                           12
+#define CF_WAVE                         12
+#define HELP_WM_HELP                    0x000c
+#define DTS_SHORTDATECENTURYFORMAT      0x000C
+#define LANG_FRENCH                     0x0c
+#define SUBLANG_ARABIC_LEBANON          0x0c
+#define SUBLANG_ENGLISH_ZIMBABWE        0x0c
+#define SUBLANG_SERBIAN_MONTENEGRO_CYRILLIC 0x0c
+#define SUBLANG_SPANISH_ECUADOR         0x0c
+#define VK_RETURN                       0x0D
+#define WM_GETTEXT                      0x000D
+#define HTTOPLEFT                       13
+#define CF_UNICODETEXT                  13
+#define HELP_SETPOPUP_POS               0x000d
+#define LANG_HEBREW                     0x0d
+#define SUBLANG_ARABIC_KUWAIT           0x0d
+#define SUBLANG_ENGLISH_PHILIPPINES     0x0d
+#define SUBLANG_SPANISH_CHILE           0x0d
+#define WM_GETTEXTLENGTH                0x000E
+#define HTTOPRIGHT                      14
+#define CF_ENHMETAFILE                  14
+#define LANG_HUNGARIAN                  0x0e
+#define SUBLANG_ARABIC_UAE              0x0e
+#define SUBLANG_SPANISH_URUGUAY         0x0e
+#define WM_PAINT                        0x000F
+#define HTBOTTOM                        15
+#define CF_HDROP                        15
+#define LANG_ICELANDIC                  0x0f
+#define SUBLANG_ARABIC_BAHRAIN          0x0f
+#define SUBLANG_SPANISH_PARAGUAY        0x0f
+#define MAXIMUM_RESERVED_MANIFEST_RESOURCE_ID 16
+#define VK_SHIFT                        0x10
+#define WM_CLOSE                        0x0010
+#define HTBOTTOMLEFT                    16
+#define WVR_ALIGNTOP                    0x0010
+#define MK_MBUTTON                      0x0010
+#define TME_NONCLIENT                   0x00000010
+#define CF_LOCALE                       16
+#define HELP_TCARD_DATA                 0x0010
+#define TBSTYLE_AUTOSIZE                0x0010
+#define TTS_NOANIMATE                   0x10
+#define TBS_NOTICKS                     0x0010
+#define UDS_AUTOBUDDY                   0x0010
+#define PBS_SMOOTHREVERSE               0x10
+#define LWS_USECUSTOMTEXT               0x0010
+#define LVS_SORTASCENDING               0x0010
+#define TVS_DISABLEDRAGDROP             0x0010
+#define TVS_EX_RICHTOOLTIP              0x0010
+#define TCS_FORCEICONLEFT               0x0010
+#define MCS_NOTODAY                     0x0010
+#define DTS_APPCANPARSE                 0x0010
+#define NFS_ALL                         0x0010
+#define LANG_ITALIAN                    0x10
+#define SUBLANG_ARABIC_QATAR            0x10
+#define SUBLANG_ENGLISH_INDIA           0x10
+#define SUBLANG_SPANISH_BOLIVIA         0x10
+#define VK_CONTROL                      0x11
+#define WM_QUERYENDSESSION              0x0011
+#define HTBOTTOMRIGHT                   17
+#define CF_DIBV5                        17
+#define HELP_TCARD_OTHER_CALLER         0x0011
+#define LANG_JAPANESE                   0x11
+#define SUBLANG_ENGLISH_MALAYSIA        0x11
+#define SUBLANG_SPANISH_EL_SALVADOR     0x11
+#define VK_MENU                         0x12
+#define WM_QUIT                         0x0012
+#define HTBORDER                        18
+#define CF_MAX                          18
+#define LANG_KOREAN                     0x12
+#define SUBLANG_ENGLISH_SINGAPORE       0x12
+#define SUBLANG_SPANISH_HONDURAS        0x12
+#define VK_PAUSE                        0x13
+#define WM_QUERYOPEN                    0x0013
+#define HTOBJECT                        19
+#define LANG_DUTCH                      0x13
+#define SUBLANG_SPANISH_NICARAGUA       0x13
+#define VK_CAPITAL                      0x14
+#define WM_ERASEBKGND                   0x0014
+#define HTCLOSE                         20
+#define LANG_NORWEGIAN                  0x14
+#define SUBLANG_SPANISH_PUERTO_RICO     0x14
+#define _SAL_VERSION                    20
+#define VK_KANA                         0x15
+#define VK_HANGEUL                      0x15
+#define VK_HANGUL                       0x15
+#define WM_SYSCOLORCHANGE               0x0015
+#define HTHELP                          21
+#define LANG_POLISH                     0x15
+#define SUBLANG_SPANISH_US              0x15
+#define WM_ENDSESSION                   0x0016
+#define LANG_PORTUGUESE                 0x16
+#define VK_JUNJA                        0x17
+#define LANG_ROMANSH                    0x17
+#define RT_MANIFEST                     24
+#define VK_FINAL                        0x18
+#define WM_SHOWWINDOW                   0x0018
+#define LANG_ROMANIAN                   0x18
+#define VK_HANJA                        0x19
+#define VK_KANJI                        0x19
+#define LANG_RUSSIAN                    0x19
+#define WM_WININICHANGE                 0x001A
+#define LANG_BOSNIAN                    0x1a
+#define LANG_CROATIAN                   0x1a
+#define LANG_SERBIAN                    0x1a
+#define VK_ESCAPE                       0x1B
+#define WM_DEVMODECHANGE                0x001B
+#define LANG_SLOVAK                     0x1b
+#define VK_CONVERT                      0x1C
+#define WM_ACTIVATEAPP                  0x001C
+#define LANG_ALBANIAN                   0x1c
+#define VK_NONCONVERT                   0x1D
+#define WM_FONTCHANGE                   0x001D
+#define LANG_SWEDISH                    0x1d
+#define VK_ACCEPT                       0x1E
+#define WM_TIMECHANGE                   0x001E
+#define LANG_THAI                       0x1e
+#define VK_MODECHANGE                   0x1F
+#define WM_CANCELMODE                   0x001F
+#define LANG_TURKISH                    0x1f
+#define VK_SPACE                        0x20
+#define WM_SETCURSOR                    0x0020
+#define SMTO_ERRORONEXIT                0x0020
+#define WVR_ALIGNLEFT                   0x0020
+#define MK_XBUTTON1                     0x0020
+#define CS_OWNDC                        0x0020
+#define TBSTYLE_NOPREFIX                0x0020
+#define TTS_NOFADE                      0x20
+#define TBS_ENABLESELRANGE              0x0020
+#define UDS_ARROWKEYS                   0x0020
+#define LWS_RIGHT                       0x0020
+#define LVS_SORTDESCENDING              0x0020
+#define TVS_SHOWSELALWAYS               0x0020
+#define TVS_EX_AUTOHSCROLL              0x0020
+#define TCS_FORCELABELLEFT              0x0020
+#define DTS_RIGHTALIGN                  0x0020
+#define NFS_USEFONTASSOC                0x0020
+#define LANG_URDU                       0x20
+#define VK_PRIOR                        0x21
+#define WM_MOUSEACTIVATE                0x0021
+#define LANG_INDONESIAN                 0x21
+#define VK_NEXT                         0x22
+#define WM_CHILDACTIVATE                0x0022
+#define LANG_UKRAINIAN                  0x22
+#define VK_END                          0x23
+#define WM_QUEUESYNC                    0x0023
+#define LANG_BELARUSIAN                 0x23
+#define VK_HOME                         0x24
+#define WM_GETMINMAXINFO                0x0024
+#define LANG_SLOVENIAN                  0x24
+#define VK_LEFT                         0x25
+#define LANG_ESTONIAN                   0x25
+#define VK_UP                           0x26
+#define WM_PAINTICON                    0x0026
+#define LANG_LATVIAN                    0x26
+#define VK_RIGHT                        0x27
+#define WM_ICONERASEBKGND               0x0027
+#define LANG_LITHUANIAN                 0x27
+#define VK_DOWN                         0x28
+#define WM_NEXTDLGCTL                   0x0028
+#define LANG_TAJIK                      0x28
+#define VK_SELECT                       0x29
+#define LANG_FARSI                      0x29
+#define LANG_PERSIAN                    0x29
+#define VK_PRINT                        0x2A
+#define WM_SPOOLERSTATUS                0x002A
+#define LANG_VIETNAMESE                 0x2a
+#define VK_EXECUTE                      0x2B
+#define WM_DRAWITEM                     0x002B
+#define LANG_ARMENIAN                   0x2b
+#define VK_SNAPSHOT                     0x2C
+#define WM_MEASUREITEM                  0x002C
+#define LANG_AZERI                      0x2c
+#define LANG_AZERBAIJANI                0x2c
+#define VK_INSERT                       0x2D
+#define WM_DELETEITEM                   0x002D
+#define LANG_BASQUE                     0x2d
+#define VK_DELETE                       0x2E
+#define WM_VKEYTOITEM                   0x002E
+#define LANG_LOWER_SORBIAN              0x2e
+#define LANG_UPPER_SORBIAN              0x2e
+#define VK_HELP                         0x2F
+#define WM_CHARTOITEM                   0x002F
+#define LANG_MACEDONIAN                 0x2f
+#define WM_SETFONT                      0x0030
+#define WM_GETFONT                      0x0031
+#define WM_SETHOTKEY                    0x0032
+#define LANG_TSWANA                     0x32
+#define WM_GETHOTKEY                    0x0033
+#define LANG_XHOSA                      0x34
+#define LANG_ZULU                       0x35
+#define LANG_AFRIKAANS                  0x36
+#define WM_QUERYDRAGICON                0x0037
+#define LANG_GEORGIAN                   0x37
+#define LANG_FAEROESE                   0x38
+#define WM_COMPAREITEM                  0x0039
+#define LANG_HINDI                      0x39
+#define LANG_MALTESE                    0x3a
+#define LANG_SAMI                       0x3b
+#define LANG_IRISH                      0x3c
+#define WM_GETOBJECT                    0x003D
+#define LANG_MALAY                      0x3e
+#define LANG_KAZAK                      0x3f
+#define WVR_ALIGNBOTTOM                 0x0040
+#define MK_XBUTTON2                     0x0040
+#define CS_CLASSDC                      0x0040
+#define HDS_DRAGDROP                    0x0040
+#define BTNS_SHOWTEXT                   0x0040
+#define TTS_BALLOON                     0x40
+#define TBS_FIXEDLENGTH                 0x0040
+#define UDS_HORZ                        0x0040
+#define LVS_SHAREIMAGELISTS             0x0040
+#define TVS_RTLREADING                  0x0040
+#define TVS_EX_FADEINOUTEXPANDOS        0x0040
+#define TCS_HOTTRACK                    0x0040
+#define MCS_NOTRAILINGDATES             0x0040
+#define LANG_KYRGYZ                     0x40
+#define WM_COMPACTING                   0x0041
+#define LANG_SWAHILI                    0x41
+#define LANG_TURKMEN                    0x42
+#define LANG_UZBEK                      0x43
+#define WM_COMMNOTIFY                   0x0044
+#define LANG_TATAR                      0x44
+#define LANG_BANGLA                     0x45
+#define LANG_BENGALI                    0x45
+#define WM_WINDOWPOSCHANGING            0x0046
+#define LANG_PUNJABI                    0x46
+#define WM_WINDOWPOSCHANGED             0x0047
+#define LANG_GUJARATI                   0x47
+#define WM_POWER                        0x0048
+#define LANG_ODIA                       0x48
+#define LANG_ORIYA                      0x48
+#define LANG_TAMIL                      0x49
+#define WM_COPYDATA                     0x004A
+#define LANG_TELUGU                     0x4a
+#define WM_CANCELJOURNAL                0x004B
+#define LANG_KANNADA                    0x4b
+#define LANG_MALAYALAM                  0x4c
+#define LANG_ASSAMESE                   0x4d
+#define WM_NOTIFY                       0x004E
+#define LANG_MARATHI                    0x4e
+#define LANG_SANSKRIT                   0x4f
+#define WM_INPUTLANGCHANGEREQUEST       0x0050
+#define LANG_MONGOLIAN                  0x50
+#define WM_INPUTLANGCHANGE              0x0051
+#define LANG_TIBETAN                    0x51
+#define WM_TCARD                        0x0052
+#define LANG_WELSH                      0x52
+#define WM_HELP                         0x0053
+#define LANG_KHMER                      0x53
+#define WM_USERCHANGED                  0x0054
+#define LANG_LAO                        0x54
+#define WM_NOTIFYFORMAT                 0x0055
+#define LANG_GALICIAN                   0x56
+#define LANG_KONKANI                    0x57
+#define LANG_MANIPURI                   0x58
+#define LANG_SINDHI                     0x59
+#define LANG_SYRIAC                     0x5a
+#define VK_LWIN                         0x5B
+#define LANG_SINHALESE                  0x5b
+#define VK_RWIN                         0x5C
+#define LANG_CHEROKEE                   0x5c
+#define VK_APPS                         0x5D
+#define LANG_INUKTITUT                  0x5d
+#define LANG_AMHARIC                    0x5e
+#define VK_SLEEP                        0x5F
+#define LANG_TAMAZIGHT                  0x5f
+#define VK_NUMPAD0                      0x60
+#define LANG_KASHMIRI                   0x60
+#define VK_NUMPAD1                      0x61
+#define LANG_NEPALI                     0x61
+#define VK_NUMPAD2                      0x62
+#define LANG_FRISIAN                    0x62
+#define VK_NUMPAD3                      0x63
+#define LANG_PASHTO                     0x63
+#define VK_NUMPAD4                      0x64
+#define LANG_FILIPINO                   0x64
+#define VS_USER_DEFINED                 100
+#define VK_NUMPAD5                      0x65
+#define LANG_DIVEHI                     0x65
+#define VK_NUMPAD6                      0x66
+#define VK_NUMPAD7                      0x67
+#define LANG_FULAH                      0x67
+#define LANG_PULAR                      0x67
+#define VK_NUMPAD8                      0x68
+#define LANG_HAUSA                      0x68
+#define VK_NUMPAD9                      0x69
+#define VK_MULTIPLY                     0x6A
+#define LANG_YORUBA                     0x6a
+#define VK_ADD                          0x6B
+#define LANG_QUECHUA                    0x6b
+#define VK_SEPARATOR                    0x6C
+#define LANG_SOTHO                      0x6c
+#define VK_SUBTRACT                     0x6D
+#define LANG_BASHKIR                    0x6d
+#define VK_DECIMAL                      0x6E
+#define LANG_LUXEMBOURGISH              0x6e
+#define VK_DIVIDE                       0x6F
+#define LANG_GREENLANDIC                0x6f
+#define VK_F1                           0x70
+#define LANG_IGBO                       0x70
+#define VK_F2                           0x71
+#define VK_F3                           0x72
+#define VK_F4                           0x73
+#define LANG_TIGRIGNA                   0x73
+#define LANG_TIGRINYA                   0x73
+#define VK_F5                           0x74
+#define VK_F6                           0x75
+#define LANG_HAWAIIAN                   0x75
+#define VK_F7                           0x76
+#define VK_F8                           0x77
+#define VK_F9                           0x78
+#define WHEEL_DELTA                     120
+#define LANG_YI                         0x78
+#define VK_F10                          0x79
+#define VK_F11                          0x7A
+#define LANG_MAPUDUNGUN                 0x7a
+#define VK_F12                          0x7B
+#define WM_CONTEXTMENU                  0x007B
+#define VK_F13                          0x7C
+#define WM_STYLECHANGING                0x007C
+#define LANG_MOHAWK                     0x7c
+#define VK_F14                          0x7D
+#define WM_STYLECHANGED                 0x007D
+#define VK_F15                          0x7E
+#define WM_DISPLAYCHANGE                0x007E
+#define LANG_BRETON                     0x7e
+#define VK_F16                          0x7F
+#define WM_GETICON                      0x007F
+#define LANG_INVARIANT                  0x7f
+#define VK_F17                          0x80
+#define WM_SETICON                      0x0080
+#define WVR_ALIGNRIGHT                  0x0080
+#define CS_PARENTDC                     0x0080
+#define CF_OWNERDISPLAY                 0x0080
+#define HDS_FULLDRAG                    0x0080
+#define BTNS_WHOLEDROPDOWN              0x0080
+#define TTS_CLOSE                       0x80
+#define TBS_NOTHUMB                     0x0080
+#define UDS_NOTHOUSANDS                 0x0080
+#define LVS_NOLABELWRAP                 0x0080
+#define TVS_NOTOOLTIPS                  0x0080
+#define TVS_EX_PARTIALCHECKBOXES        0x0080
+#define TCS_VERTICAL                    0x0080
+#define MCS_SHORTDAYSOFWEEK             0x0080
+#define LANG_UIGHUR                     0x80
+#define VK_F18                          0x81
+#define WM_NCCREATE                     0x0081
+#define CF_DSPTEXT                      0x0081
+#define LANG_MAORI                      0x81
+#define VK_F19                          0x82
+#define WM_NCDESTROY                    0x0082
+#define CF_DSPBITMAP                    0x0082
+#define LANG_OCCITAN                    0x82
+#define VK_F20                          0x83
+#define WM_NCCALCSIZE                   0x0083
+#define CF_DSPMETAFILEPICT              0x0083
+#define LANG_CORSICAN                   0x83
+#define VK_F21                          0x84
+#define WM_NCHITTEST                    0x0084
+#define LANG_ALSATIAN                   0x84
+#define VK_F22                          0x85
+#define WM_NCPAINT                      0x0085
+#define LANG_SAKHA                      0x85
+#define LANG_YAKUT                      0x85
+#define VK_F23                          0x86
+#define WM_NCACTIVATE                   0x0086
+#define LANG_KICHE                      0x86
+#define VK_F24                          0x87
+#define WM_GETDLGCODE                   0x0087
+#define LANG_KINYARWANDA                0x87
+#define WM_SYNCPAINT                    0x0088
+#define LANG_WOLOF                      0x88
+#define LANG_DARI                       0x8c
+#define CF_DSPENHMETAFILE               0x008E
+#define VK_NUMLOCK                      0x90
+#define VK_SCROLL                       0x91
+#define LANG_SCOTTISH_GAELIC            0x91
+#define VK_OEM_NEC_EQUAL                0x92
+#define VK_OEM_FJ_JISHO                 0x92
+#define LANG_CENTRAL_KURDISH            0x92
+#define VK_OEM_FJ_MASSHOU               0x93
+#define VK_OEM_FJ_TOUROKU               0x94
+#define VK_OEM_FJ_LOYA                  0x95
+#define VK_OEM_FJ_ROYA                  0x96
+#define VK_LSHIFT                       0xA0
+#define WM_NCMOUSEMOVE                  0x00A0
+#define VK_RSHIFT                       0xA1
+#define WM_NCLBUTTONDOWN                0x00A1
+#define VK_LCONTROL                     0xA2
+#define WM_NCLBUTTONUP                  0x00A2
+#define VK_RCONTROL                     0xA3
+#define WM_NCLBUTTONDBLCLK              0x00A3
+#define VK_LMENU                        0xA4
+#define WM_NCRBUTTONDOWN                0x00A4
+#define VK_RMENU                        0xA5
+#define WM_NCRBUTTONUP                  0x00A5
+#define VK_BROWSER_BACK                 0xA6
+#define WM_NCRBUTTONDBLCLK              0x00A6
+#define VK_BROWSER_FORWARD              0xA7
+#define WM_NCMBUTTONDOWN                0x00A7
+#define VK_BROWSER_REFRESH              0xA8
+#define WM_NCMBUTTONUP                  0x00A8
+#define VK_BROWSER_STOP                 0xA9
+#define WM_NCMBUTTONDBLCLK              0x00A9
+#define VK_BROWSER_SEARCH               0xAA
+#define VK_BROWSER_FAVORITES            0xAB
+#define WM_NCXBUTTONDOWN                0x00AB
+#define VK_BROWSER_HOME                 0xAC
+#define WM_NCXBUTTONUP                  0x00AC
+#define VK_VOLUME_MUTE                  0xAD
+#define WM_NCXBUTTONDBLCLK              0x00AD
+#define VK_VOLUME_DOWN                  0xAE
+#define VK_VOLUME_UP                    0xAF
+#define VK_MEDIA_NEXT_TRACK             0xB0
+#define EM_GETSEL                       0x00B0
+#define VK_MEDIA_PREV_TRACK             0xB1
+#define EM_SETSEL                       0x00B1
+#define VK_MEDIA_STOP                   0xB2
+#define EM_GETRECT                      0x00B2
+#define VK_MEDIA_PLAY_PAUSE             0xB3
+#define EM_SETRECT                      0x00B3
+#define VK_LAUNCH_MAIL                  0xB4
+#define EM_SETRECTNP                    0x00B4
+#define VK_LAUNCH_MEDIA_SELECT          0xB5
+#define EM_SCROLL                       0x00B5
+#define VK_LAUNCH_APP1                  0xB6
+#define EM_LINESCROLL                   0x00B6
+#define VK_LAUNCH_APP2                  0xB7
+#define EM_SCROLLCARET                  0x00B7
+#define EM_GETMODIFY                    0x00B8
+#define EM_SETMODIFY                    0x00B9
+#define VK_OEM_1                        0xBA
+#define EM_GETLINECOUNT                 0x00BA
+#define VK_OEM_PLUS                     0xBB
+#define EM_LINEINDEX                    0x00BB
+#define VK_OEM_COMMA                    0xBC
+#define EM_SETHANDLE                    0x00BC
+#define VK_OEM_MINUS                    0xBD
+#define EM_GETHANDLE                    0x00BD
+#define VK_OEM_PERIOD                   0xBE
+#define EM_GETTHUMB                     0x00BE
+#define VK_OEM_2                        0xBF
+#define VK_OEM_3                        0xC0
+#define EM_LINELENGTH                   0x00C1
+#define EM_REPLACESEL                   0x00C2
+#define EM_GETLINE                      0x00C4
+#define EM_LIMITTEXT                    0x00C5
+#define EM_CANUNDO                      0x00C6
+#define EM_UNDO                         0x00C7
+#define EM_FMTLINES                     0x00C8
+#define EM_LINEFROMCHAR                 0x00C9
+#define EM_SETTABSTOPS                  0x00CB
+#define EM_SETPASSWORDCHAR              0x00CC
+#define EM_EMPTYUNDOBUFFER              0x00CD
+#define EM_GETFIRSTVISIBLELINE          0x00CE
+#define EM_SETREADONLY                  0x00CF
+#define EM_SETWORDBREAKPROC             0x00D0
+#define EM_GETWORDBREAKPROC             0x00D1
+#define EM_GETPASSWORDCHAR              0x00D2
+#define EM_SETMARGINS                   0x00D3
+#define EM_GETMARGINS                   0x00D4
+#define EM_GETLIMITTEXT                 0x00D5
+#define EM_POSFROMCHAR                  0x00D6
+#define EM_CHARFROMPOS                  0x00D7
+#define EM_SETIMESTATUS                 0x00D8
+#define EM_GETIMESTATUS                 0x00D9
+#define VK_OEM_4                        0xDB
+#define VK_OEM_5                        0xDC
+#define VK_OEM_6                        0xDD
+#define VK_OEM_7                        0xDE
+#define VK_OEM_8                        0xDF
+#define VK_OEM_AX                       0xE1
+#define VK_OEM_102                      0xE2
+#define VK_ICO_HELP                     0xE3
+#define VK_ICO_00                       0xE4
+#define VK_PROCESSKEY                   0xE5
+#define VK_ICO_CLEAR                    0xE6
+#define VK_PACKET                       0xE7
+#define VK_OEM_RESET                    0xE9
+#define VK_OEM_JUMP                     0xEA
+#define VK_OEM_PA1                      0xEB
+#define VK_OEM_PA2                      0xEC
+#define VK_OEM_PA3                      0xED
+#define VK_OEM_WSCTRL                   0xEE
+#define VK_OEM_CUSEL                    0xEF
+#define VK_OEM_ATTN                     0xF0
+#define BM_GETCHECK                     0x00F0
+#define VK_OEM_FINISH                   0xF1
+#define BM_SETCHECK                     0x00F1
+#define VK_OEM_COPY                     0xF2
+#define BM_GETSTATE                     0x00F2
+#define VK_OEM_AUTO                     0xF3
+#define BM_SETSTATE                     0x00F3
+#define VK_OEM_ENLW                     0xF4
+#define BM_SETSTYLE                     0x00F4
+#define VK_OEM_BACKTAB                  0xF5
+#define BM_CLICK                        0x00F5
+#define VK_ATTN                         0xF6
+#define BM_GETIMAGE                     0x00F6
+#define VK_CRSEL                        0xF7
+#define BM_SETIMAGE                     0x00F7
+#define VK_EXSEL                        0xF8
+#define BM_SETDONTCLICK                 0x00F8
+#define VK_EREOF                        0xF9
+#define VK_PLAY                         0xFA
+#define VK_ZOOM                         0xFB
+#define VK_NONAME                       0xFC
+#define VK_PA1                          0xFD
+#define VK_OEM_CLEAR                    0xFE
+#define WM_INPUT_DEVICE_CHANGE          0x00FE
+#define SUBVERSION_MASK                 0x000000FF
+#define WM_INPUT                        0x00FF
+#define WM_KEYFIRST                     0x0100
+#define WM_KEYDOWN                      0x0100
+#define WVR_HREDRAW                     0x0100
+#define HDS_FILTERBAR                   0x0100
+#define TBSTYLE_TOOLTIPS                0x0100
+#define RBS_TOOLTIPS                    0x00000100
+#define TTS_USEVISUALSTYLE              0x100
+#define SBARS_SIZEGRIP                  0x0100
+#define TBS_TOOLTIPS                    0x0100
+#define UDS_HOTTRACK                    0x0100
+#define LVS_AUTOARRANGE                 0x0100
+#define TVS_CHECKBOXES                  0x0100
+#define TVS_EX_EXCLUSIONCHECKBOXES      0x0100
+#define TCS_BUTTONS                     0x0100
+#define MCS_NOSELCHANGEONNAV            0x0100
+#define WM_KEYUP                        0x0101
+#define WM_CHAR                         0x0102
+#define WM_DEADCHAR                     0x0103
+#define WM_SYSKEYDOWN                   0x0104
+#define WM_SYSKEYUP                     0x0105
+#define WM_SYSCHAR                      0x0106
+#define WM_SYSDEADCHAR                  0x0107
+#define WM_UNICHAR                      0x0109
+#define WM_KEYLAST                      0x0109
+#define WM_IME_STARTCOMPOSITION         0x010D
+#define WM_IME_ENDCOMPOSITION           0x010E
+#define WM_IME_COMPOSITION              0x010F
+#define WM_IME_KEYLAST                  0x010F
+#define WM_INITDIALOG                   0x0110
+#define WM_COMMAND                      0x0111
+#define WM_SYSCOMMAND                   0x0112
+#define WM_TIMER                        0x0113
+#define WM_HSCROLL                      0x0114
+#define WM_VSCROLL                      0x0115
+#define WM_INITMENU                     0x0116
+#define WM_INITMENUPOPUP                0x0117
+#define WM_GESTURE                      0x0119
+#define WM_GESTURENOTIFY                0x011A
+#define WM_MENUSELECT                   0x011F
+#define WM_MENUCHAR                     0x0120
+#define WM_ENTERIDLE                    0x0121
+#define WM_MENURBUTTONUP                0x0122
+#define WM_MENUDRAG                     0x0123
+#define WM_MENUGETOBJECT                0x0124
+#define WM_UNINITMENUPOPUP              0x0125
+#define WM_MENUCOMMAND                  0x0126
+#define WM_CHANGEUISTATE                0x0127
+#define WM_UPDATEUISTATE                0x0128
+#define WM_QUERYUISTATE                 0x0129
+#define WM_CTLCOLORMSGBOX               0x0132
+#define WM_CTLCOLOREDIT                 0x0133
+#define WM_CTLCOLORLISTBOX              0x0134
+#define WM_CTLCOLORBTN                  0x0135
+#define WM_CTLCOLORDLG                  0x0136
+#define WM_CTLCOLORSCROLLBAR            0x0137
+#define WM_CTLCOLORSTATIC               0x0138
+#define MN_GETHMENU                     0x01E1
+#define _WIN32_IE_IE20                  0x0200
+#define WM_MOUSEFIRST                   0x0200
+#define WM_MOUSEMOVE                    0x0200
+#define WVR_VREDRAW                     0x0200
+#define CS_NOCLOSE                      0x0200
+#define CF_PRIVATEFIRST                 0x0200
+#define HDS_FLAT                        0x0200
+#define TBSTYLE_WRAPABLE                0x0200
+#define RBS_VARHEIGHT                   0x00000200
+#define TBS_REVERSED                    0x0200
+#define LVS_EDITLABELS                  0x0200
+#define TVS_TRACKSELECT                 0x0200
+#define TVS_EX_DIMMEDCHECKBOXES         0x0200
+#define TCS_MULTILINE                   0x0200
+#define WM_LBUTTONDOWN                  0x0201
+#define WM_LBUTTONUP                    0x0202
+#define WM_LBUTTONDBLCLK                0x0203
+#define WM_RBUTTONDOWN                  0x0204
+#define WM_RBUTTONUP                    0x0205
+#define WM_RBUTTONDBLCLK                0x0206
+#define WM_MBUTTONDOWN                  0x0207
+#define WM_MBUTTONUP                    0x0208
+#define WM_MBUTTONDBLCLK                0x0209
+#define WM_MOUSEWHEEL                   0x020A
+#define WM_XBUTTONDOWN                  0x020B
+#define WM_XBUTTONUP                    0x020C
+#define WM_XBUTTONDBLCLK                0x020D
+#define WM_MOUSEHWHEEL                  0x020E
+#define WM_MOUSELAST                    0x020E
+#define WM_PARENTNOTIFY                 0x0210
+#define WM_ENTERMENULOOP                0x0211
+#define WM_EXITMENULOOP                 0x0212
+#define WM_NEXTMENU                     0x0213
+#define WM_SIZING                       0x0214
+#define WM_CAPTURECHANGED               0x0215
+#define WM_MOVING                       0x0216
+#define WM_POWERBROADCAST               0x0218
+#define WM_DEVICECHANGE                 0x0219
+#define WM_MDICREATE                    0x0220
+#define WM_MDIDESTROY                   0x0221
+#define WM_MDIACTIVATE                  0x0222
+#define WM_MDIRESTORE                   0x0223
+#define WM_MDINEXT                      0x0224
+#define WM_MDIMAXIMIZE                  0x0225
+#define WM_MDITILE                      0x0226
+#define WM_MDICASCADE                   0x0227
+#define WM_MDIICONARRANGE               0x0228
+#define WM_MDIGETACTIVE                 0x0229
+#define WM_MDISETMENU                   0x0230
+#define WM_ENTERSIZEMOVE                0x0231
+#define WM_EXITSIZEMOVE                 0x0232
+#define WM_DROPFILES                    0x0233
+#define WM_MDIREFRESHMENU               0x0234
+#define WM_POINTERDEVICECHANGE          0x238
+#define WM_POINTERDEVICEINRANGE         0x239
+#define WM_POINTERDEVICEOUTOFRANGE      0x23A
+#define WM_TOUCH                        0x0240
+#define WM_NCPOINTERUPDATE              0x0241
+#define WM_NCPOINTERDOWN                0x0242
+#define WM_NCPOINTERUP                  0x0243
+#define WM_POINTERUPDATE                0x0245
+#define WM_POINTERDOWN                  0x0246
+#define WM_POINTERUP                    0x0247
+#define WM_POINTERENTER                 0x0249
+#define WM_POINTERLEAVE                 0x024A
+#define WM_POINTERACTIVATE              0x024B
+#define WM_POINTERCAPTURECHANGED        0x024C
+#define WM_TOUCHHITTESTING              0x024D
+#define WM_POINTERWHEEL                 0x024E
+#define WM_POINTERHWHEEL                0x024F
+#define WM_IME_SETCONTEXT               0x0281
+#define WM_IME_NOTIFY                   0x0282
+#define WM_IME_CONTROL                  0x0283
+#define WM_IME_COMPOSITIONFULL          0x0284
+#define WM_IME_SELECT                   0x0285
+#define WM_IME_CHAR                     0x0286
+#define WM_IME_REQUEST                  0x0288
+#define WM_IME_KEYDOWN                  0x0290
+#define WM_IME_KEYUP                    0x0291
+#define WM_NCMOUSEHOVER                 0x02A0
+#define WM_MOUSEHOVER                   0x02A1
+#define WM_NCMOUSELEAVE                 0x02A2
+#define WM_MOUSELEAVE                   0x02A3
+#define WM_WTSSESSION_CHANGE            0x02B1
+#define WM_TABLET_FIRST                 0x02c0
+#define WM_TABLET_LAST                  0x02df
+#define CF_PRIVATELAST                  0x02FF
+#define _WIN32_IE_IE30                  0x0300
+#define WM_CUT                          0x0300
+#define CF_GDIOBJFIRST                  0x0300
+#define WM_COPY                         0x0301
+#define _WIN32_IE_IE302                 0x0302
+#define WM_PASTE                        0x0302
+#define WM_CLEAR                        0x0303
+#define WM_UNDO                         0x0304
+#define WM_RENDERFORMAT                 0x0305
+#define WM_RENDERALLFORMATS             0x0306
+#define WM_DESTROYCLIPBOARD             0x0307
+#define WM_DRAWCLIPBOARD                0x0308
+#define WM_PAINTCLIPBOARD               0x0309
+#define WM_VSCROLLCLIPBOARD             0x030A
+#define WM_SIZECLIPBOARD                0x030B
+#define WM_ASKCBFORMATNAME              0x030C
+#define WM_CHANGECBCHAIN                0x030D
+#define WM_HSCROLLCLIPBOARD             0x030E
+#define WM_QUERYNEWPALETTE              0x030F
+#define WM_PALETTEISCHANGING            0x0310
+#define WM_PALETTECHANGED               0x0311
+#define WM_HOTKEY                       0x0312
+#define WM_PRINT                        0x0317
+#define WM_PRINTCLIENT                  0x0318
+#define WM_APPCOMMAND                   0x0319
+#define WM_THEMECHANGED                 0x031A
+#define WM_CLIPBOARDUPDATE              0x031D
+#define WM_DWMCOMPOSITIONCHANGED        0x031E
+#define WM_DWMNCRENDERINGCHANGED        0x031F
+#define WM_DWMCOLORIZATIONCOLORCHANGED  0x0320
+#define WM_DWMWINDOWMAXIMIZEDCHANGE     0x0321
+#define WM_DWMSENDICONICTHUMBNAIL       0x0323
+#define WM_DWMSENDICONICLIVEPREVIEWBITMAP 0x0326
+#define WM_GETTITLEBARINFOEX            0x033F
+#define WM_HANDHELDFIRST                0x0358
+#define WM_HANDHELDLAST                 0x035F
+#define WM_AFXFIRST                     0x0360
+#define WM_AFXLAST                      0x037F
+#define WM_PENWINFIRST                  0x0380
+#define WM_PENWINLAST                   0x038F
+#define WM_DDE_FIRST                    0x03E0
+#define CF_GDIOBJLAST                   0x03FF
+#define _WIN32_WINNT_NT4                0x0400
+#define _WIN32_IE_IE40                  0x0400
+#define WM_USER                         0x0400
+#define WVR_VALIDRECTS                  0x0400
+#define HDS_CHECKBOXES                  0x0400
+#define TBSTYLE_ALTDRAG                 0x0400
+#define RBS_BANDBORDERS                 0x00000400
+#define TBS_DOWNISLEFT                  0x0400
+#define LVS_OWNERDRAWFIXED              0x0400
+#define TVS_SINGLEEXPAND                0x0400
+#define TVS_EX_DRAWIMAGEASYNC           0x0400
+#define TCS_FIXEDWIDTH                  0x0400
+#define ctlFirst                        0x0400
+#define psh1                            0x0400
+#define _WIN32_IE_IE401                 0x0401
+#define psh2                            0x0401
+#define psh3                            0x0402
+#define psh4                            0x0403
+#define psh5                            0x0404
+#define psh6                            0x0405
+#define psh7                            0x0406
+#define psh8                            0x0407
+#define psh9                            0x0408
+#define psh10                           0x0409
+#define psh11                           0x040a
+#define psh12                           0x040b
+#define psh13                           0x040c
+#define psh14                           0x040d
+#define psh15                           0x040e
+#define psh16                           0x040f
+#define _WIN32_WINDOWS                  0x0410
+#define chx1                            0x0410
+#define chx2                            0x0411
+#define chx3                            0x0412
+#define chx4                            0x0413
+#define chx5                            0x0414
+#define chx6                            0x0415
+#define chx7                            0x0416
+#define chx8                            0x0417
+#define chx9                            0x0418
+#define chx10                           0x0419
+#define chx11                           0x041a
+#define chx12                           0x041b
+#define chx13                           0x041c
+#define chx14                           0x041d
+#define chx15                           0x041e
+#define chx16                           0x041f
+#define rad1                            0x0420
+#define rad2                            0x0421
+#define rad3                            0x0422
+#define rad4                            0x0423
+#define rad5                            0x0424
+#define rad6                            0x0425
+#define rad7                            0x0426
+#define rad8                            0x0427
+#define rad9                            0x0428
+#define rad10                           0x0429
+#define rad11                           0x042a
+#define rad12                           0x042b
+#define rad13                           0x042c
+#define rad14                           0x042d
+#define rad15                           0x042e
+#define rad16                           0x042f
+#define grp1                            0x0430
+#define grp2                            0x0431
+#define grp3                            0x0432
+#define grp4                            0x0433
+#define frm1                            0x0434
+#define frm2                            0x0435
+#define frm3                            0x0436
+#define frm4                            0x0437
+#define rct1                            0x0438
+#define rct2                            0x0439
+#define rct3                            0x043a
+#define rct4                            0x043b
+#define ico1                            0x043c
+#define ico2                            0x043d
+#define ico3                            0x043e
+#define ico4                            0x043f
+#define stc1                            0x0440
+#define stc2                            0x0441
+#define stc3                            0x0442
+#define stc4                            0x0443
+#define stc5                            0x0444
+#define stc6                            0x0445
+#define stc7                            0x0446
+#define stc8                            0x0447
+#define stc9                            0x0448
+#define stc10                           0x0449
+#define stc11                           0x044a
+#define stc12                           0x044b
+#define stc13                           0x044c
+#define stc14                           0x044d
+#define stc15                           0x044e
+#define stc16                           0x044f
+#define stc17                           0x0450
+#define stc18                           0x0451
+#define stc19                           0x0452
+#define stc20                           0x0453
+#define stc21                           0x0454
+#define stc22                           0x0455
+#define stc23                           0x0456
+#define stc24                           0x0457
+#define stc25                           0x0458
+#define stc26                           0x0459
+#define stc27                           0x045a
+#define stc28                           0x045b
+#define stc29                           0x045c
+#define stc30                           0x045d
+#define stc31                           0x045e
+#define stc32                           0x045f
+#define lst1                            0x0460
+#define lst2                            0x0461
+#define lst3                            0x0462
+#define lst4                            0x0463
+#define lst5                            0x0464
+#define lst6                            0x0465
+#define lst7                            0x0466
+#define lst8                            0x0467
+#define lst9                            0x0468
+#define lst10                           0x0469
+#define lst11                           0x046a
+#define lst12                           0x046b
+#define lst13                           0x046c
+#define lst14                           0x046d
+#define lst15                           0x046e
+#define lst16                           0x046f
+#define cmb1                            0x0470
+#define cmb2                            0x0471
+#define cmb3                            0x0472
+#define cmb4                            0x0473
+#define cmb5                            0x0474
+#define cmb6                            0x0475
+#define cmb7                            0x0476
+#define cmb8                            0x0477
+#define cmb9                            0x0478
+#define cmb10                           0x0479
+#define cmb11                           0x047a
+#define cmb12                           0x047b
+#define cmb13                           0x047c
+#define cmb14                           0x047d
+#define cmb15                           0x047e
+#define cmb16                           0x047f
+#define edt1                            0x0480
+#define edt2                            0x0481
+#define edt3                            0x0482
+#define edt4                            0x0483
+#define edt5                            0x0484
+#define edt6                            0x0485
+#define edt7                            0x0486
+#define edt8                            0x0487
+#define edt9                            0x0488
+#define edt10                           0x0489
+#define edt11                           0x048a
+#define edt12                           0x048b
+#define edt13                           0x048c
+#define edt14                           0x048d
+#define edt15                           0x048e
+#define edt16                           0x048f
+#define scr1                            0x0490
+#define scr2                            0x0491
+#define scr3                            0x0492
+#define scr4                            0x0493
+#define scr5                            0x0494
+#define scr6                            0x0495
+#define scr7                            0x0496
+#define scr8                            0x0497
+#define ctl1                            0x04A0
+#define ctlLast                         0x04ff
+#define _WIN32_WINNT_WIN2K              0x0500
+#define _WIN32_IE_IE50                  0x0500
+#define _WIN32_WINNT_WINXP              0x0501
+#define _WIN32_IE_IE501                 0x0501
+#define _WIN32_WINNT_WS03               0x0502
+#define _WIN32_IE_IE55                  0x0550
+#define _WIN32_WINNT_WIN6               0x0600
+#define _WIN32_WINNT_VISTA              0x0600
+#define _WIN32_WINNT_WS08               0x0600
+#define _WIN32_WINNT_LONGHORN           0x0600
+#define _WIN32_IE_IE60                  0x0600
+#define FILEOPENORD                     1536
+#define _WIN32_WINNT_WIN7               0x0601
+#define _WIN32_IE_IE60SP1               0x0601
+#define MULTIFILEOPENORD                1537
+#define _WIN32_WINNT_WIN8               0x0602
+#define _WIN32_IE_WS03                  0x0602
+#define _WIN32_WINNT                    0x0600
+#define PRINTDLGORD                     1538
+#define VER_PRODUCTVERSION_W            0x0602
+#define _WIN32_IE_IE60SP2               0x0603
+#define PRNSETUPDLGORD                  1539
+#define FINDDLGORD                      1540
+#define REPLACEDLGORD                   1541
+#define FONTDLGORD                      1542
+#define FORMATDLGORD31                  1543
+#define FORMATDLGORD30                  1544
+#define RUNDLGORD                       1545
+#define PAGESETUPDLGORD                 1546
+#define NEWFILEOPENORD                  1547
+#define PRINTDLGEXORD                   1549
+#define PAGESETUPDLGORDMOTIF            1550
+#define COLORMGMTDLGORD                 1551
+#define NEWFILEOPENV2ORD                1552
+#define NEWFILEOPENV3ORD                1553
+#define NEWFORMATDLGWITHLINK            1591
+#define IDC_MANAGE_LINK                 1592
+#define _WIN32_IE_IE70                  0x0700
+#define _WIN32_IE_IE80                  0x0800
+#define CS_SAVEBITS                     0x0800
+#define HDS_NOSIZING                    0x0800
+#define TBSTYLE_FLAT                    0x0800
+#define RBS_FIXEDORDER                  0x00000800
+#define SBARS_TOOLTIPS                  0x0800
+#define SBT_TOOLTIPS                    0x0800
+#define TBS_NOTIFYBEFOREMOVE            0x0800
+#define LVS_ALIGNLEFT                   0x0800
+#define TVS_INFOTIP                     0x0800
+#define TCS_RAGGEDRIGHT                 0x0800
+#define _WIN32_IE_IE90                  0x0900
+#define _WIN32_IE_IE100                 0x0A00
+#define LVS_ALIGNMASK                   0x0c00
+#define CS_BYTEALIGNCLIENT              0x1000
+#define HDS_OVERFLOW                    0x1000
+#define TBSTYLE_LIST                    0x1000
+#define RBS_REGISTERDROP                0x00001000
+#define TBS_TRANSPARENTBKGND            0x1000
+#define LVS_OWNERDATA                   0x1000
+#define TVS_FULLROWSELECT               0x1000
+#define TCS_FOCUSONBUTTONDOWN           0x1000
+#define CS_BYTEALIGNWINDOW              0x2000
+#define TBSTYLE_CUSTOMERASE             0x2000
+#define RBS_AUTOSIZE                    0x00002000
+#define LVS_NOSCROLL                    0x2000
+#define TVS_NOSCROLL                    0x2000
+#define TCS_OWNERDRAWFIXED              0x2000
+#define VER_PRODUCTBUILD                9200
+#define CS_GLOBALCLASS                  0x4000
+#define TBSTYLE_REGISTERDROP            0x4000
+#define RBS_VERTICALGRIPPER             0x00004000
+#define LVS_NOCOLUMNHEADER              0x4000
+#define TVS_NONEVENHEIGHT               0x4000
+#define TCS_TOOLTIPS                    0x4000
+#define VER_PRODUCTBUILD_QFE            20557
+#define VER_PACKAGEBUILD_QFE            20557
+#define IDH_NO_HELP                     28440
+#define IDH_MISSING_CONTEXT             28441
+#define IDH_GENERIC_HELP_BUTTON         28442
+#define IDH_OK                          28443
+#define IDH_CANCEL                      28444
+#define IDH_HELP                        28445
+#define LANG_BOSNIAN_NEUTRAL            0x781a
+#define LANG_CHINESE_TRADITIONAL        0x7c04
+#define LANG_SERBIAN_NEUTRAL            0x7c1a
+#define IDTIMEOUT                       32000
+#define OCR_NORMAL                      32512
+#define OIC_SAMPLE                      32512
+#define IDI_APPLICATION                 32512
+#define OCR_IBEAM                       32513
+#define OIC_HAND                        32513
+#define IDI_HAND                        32513
+#define OCR_WAIT                        32514
+#define OIC_QUES                        32514
+#define IDI_QUESTION                    32514
+#define OCR_CROSS                       32515
+#define OIC_BANG                        32515
+#define IDI_EXCLAMATION                 32515
+#define OCR_UP                          32516
+#define OIC_NOTE                        32516
+#define IDI_ASTERISK                    32516
+#define OIC_WINLOGO                     32517
+#define IDI_WINLOGO                     32517
+#define OIC_SHIELD                      32518
+#define IDI_SHIELD                      32518
+#define OCR_SIZE                        32640
+#define OCR_ICON                        32641
+#define OCR_SIZENWSE                    32642
+#define OCR_SIZENESW                    32643
+#define OCR_SIZEWE                      32644
+#define OCR_SIZENS                      32645
+#define OCR_SIZEALL                     32646
+#define OCR_ICOCUR                      32647
+#define OCR_NO                          32648
+#define OCR_HAND                        32649
+#define OCR_APPSTARTING                 32650
+#define OBM_LFARROWI                    32734
+#define OBM_RGARROWI                    32735
+#define OBM_DNARROWI                    32736
+#define OBM_UPARROWI                    32737
+#define OBM_COMBO                       32738
+#define OBM_MNARROW                     32739
+#define OBM_LFARROWD                    32740
+#define OBM_RGARROWD                    32741
+#define OBM_DNARROWD                    32742
+#define OBM_UPARROWD                    32743
+#define OBM_RESTORED                    32744
+#define OBM_ZOOMD                       32745
+#define OBM_REDUCED                     32746
+#define OBM_RESTORE                     32747
+#define OBM_ZOOM                        32748
+#define OBM_REDUCE                      32749
+#define OBM_LFARROW                     32750
+#define OBM_RGARROW                     32751
+#define OBM_DNARROW                     32752
+#define OBM_UPARROW                     32753
+#define OBM_CLOSE                       32754
+#define OBM_OLD_RESTORE                 32755
+#define OBM_OLD_ZOOM                    32756
+#define OBM_OLD_REDUCE                  32757
+#define OBM_BTNCORNERS                  32758
+#define OBM_CHECKBOXES                  32759
+#define OBM_CHECK                       32760
+#define OBM_BTSIZE                      32761
+#define OBM_OLD_LFARROW                 32762
+#define OBM_OLD_RGARROW                 32763
+#define OBM_OLD_DNARROW                 32764
+#define OBM_OLD_UPARROW                 32765
+#define OBM_SIZE                        32766
+#define OBM_OLD_CLOSE                   32767
+#define WM_APP                          0x8000
+#define HELP_TCARD                      0x8000
+#define TBSTYLE_TRANSPARENT             0x8000
+#define RBS_DBLCLKTOGGLE                0x00008000
+#define LVS_NOSORTHEADER                0x8000
+#define TVS_NOHSCROLL                   0x8000
+#define TCS_FOCUSNEVER                  0x8000
+#define SC_SIZE                         0xF000
+#define SC_SEPARATOR                    0xF00F
+#define SC_MOVE                         0xF010
+#define SC_MINIMIZE                     0xF020
+#define SC_MAXIMIZE                     0xF030
+#define SC_NEXTWINDOW                   0xF040
+#define SC_PREVWINDOW                   0xF050
+#define SC_CLOSE                        0xF060
+#define SC_VSCROLL                      0xF070
+#define SC_HSCROLL                      0xF080
+#define SC_MOUSEMENU                    0xF090
+#define SC_KEYMENU                      0xF100
+#define SC_ARRANGE                      0xF110
+#define SC_RESTORE                      0xF120
+#define SC_TASKLIST                     0xF130
+#define SC_SCREENSAVE                   0xF140
+#define SC_HOTKEY                       0xF150
+#define SC_DEFAULT                      0xF160
+#define SC_MONITORPOWER                 0xF170
+#define SC_CONTEXTHELP                  0xF180
+#define LVS_TYPESTYLEMASK               0xfc00
+#define SPVERSION_MASK                  0x0000FF00
+#define HTERROR                         -2
+#define PWR_FAIL                        -1
+#define UNICODE_NOCHAR                  0xFFFF
+#define HTTRANSPARENT                   -1
+
+// Next default values for new objects
+// 
+#ifdef APSTUDIO_INVOKED
+#ifndef APSTUDIO_READONLY_SYMBOLS
+#define _APS_NEXT_RESOURCE_VALUE        101
+#define _APS_NEXT_COMMAND_VALUE         40001
+#define _APS_NEXT_CONTROL_VALUE         1000
+#define _APS_NEXT_SYMED_VALUE           101
+#endif
+#endif
diff --git a/windows/TapDriver6/resource.rc b/windows/TapDriver6/resource.rc
new file mode 100644
index 0000000..2b65e2b
--- /dev/null
+++ b/windows/TapDriver6/resource.rc
@@ -0,0 +1,88 @@
+// Microsoft Visual C++ generated resource script.
+//
+#include "resource.h"
+/////////////////////////////////////////////////////////////////////////////
+// English (United States) resources
+
+#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
+LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
+#pragma code_page(1252)
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Version
+//
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION 3,0,0,0
+ PRODUCTVERSION 3,0,0,0
+ FILEFLAGSMASK 0x3fL
+#ifdef _DEBUG
+ FILEFLAGS 0x9L
+#else
+ FILEFLAGS 0x8L
+#endif
+ FILEOS 0x40004L
+ FILETYPE 0x3L
+ FILESUBTYPE 0x6L
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904b0"
+        BEGIN
+            VALUE "CompanyName", "ZeroTier Networks LLC"
+            VALUE "FileDescription", "ZeroTier One Virtual Network Port"
+            VALUE "FileVersion", "3.0.0 3/0"
+            VALUE "InternalName", "zttap300.sys"
+            VALUE "LegalCopyright", "ZeroTier, Inc., OpenVPN Technologies, Inc."
+            VALUE "OriginalFilename", "zttap300.sys"
+            VALUE "ProductName", "ZeroTier One Virtual Network Port"
+            VALUE "ProductVersion", "3.0.0 3/0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 1200
+    END
+END
+
+
+#ifdef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// TEXTINCLUDE
+//
+
+1 TEXTINCLUDE 
+BEGIN
+    "resource.h\0"
+END
+
+2 TEXTINCLUDE 
+BEGIN
+    "\0"
+END
+
+3 TEXTINCLUDE 
+BEGIN
+    "\r\n"
+    "\0"
+END
+
+#endif    // APSTUDIO_INVOKED
+
+#endif    // English (United States) resources
+/////////////////////////////////////////////////////////////////////////////
+
+
+
+#ifndef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 3 resource.
+//
+
+
+/////////////////////////////////////////////////////////////////////////////
+#endif    // not APSTUDIO_INVOKED
+
diff --git a/windows/TapDriver6/rxpath.c b/windows/TapDriver6/rxpath.c
new file mode 100644
index 0000000..318bc56
--- /dev/null
+++ b/windows/TapDriver6/rxpath.c
@@ -0,0 +1,669 @@
+/*
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ *                 device functionality on Windows.
+ *
+ *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
+ *
+ *  This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
+ *  and is released under the GPL version 2 (see below).
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+//
+// Include files.
+//
+
+#include "tap.h"
+
+//======================================================================
+// TAP Receive Path Support
+//======================================================================
+
+#ifdef ALLOC_PRAGMA
+#pragma alloc_text( PAGE, TapDeviceWrite)
+#endif // ALLOC_PRAGMA
+
+//===============================================================
+// Used in cases where internally generated packets such as
+// ARP or DHCP replies must be returned to the kernel, to be
+// seen as an incoming packet "arriving" on the interface.
+//===============================================================
+
+VOID
+IndicateReceivePacket(
+    __in PTAP_ADAPTER_CONTEXT  Adapter,
+    __in PUCHAR packetData,
+    __in const unsigned int packetLength
+    )
+{
+    PUCHAR  injectBuffer;
+
+    //
+    // Handle miniport Pause
+    // ---------------------
+    // NDIS 6 miniports implement a temporary "Pause" state normally followed
+    // by the Restart. While in the Pause state it is forbidden for the miniport
+    // to indicate receive NBLs.
+    //
+    // That is: The device interface may be "up", but the NDIS miniport send/receive
+    // interface may be temporarily "down".
+    //
+    // BUGBUG!!! In the initial implementation of the NDIS 6 TapOas inject path
+    // the code below will simply ignore inject packets passed to the driver while
+    // the miniport is in the Paused state.
+    //
+    // The correct implementation is to go ahead and build the NBLs corresponding
+    // to the inject packet - but queue them. When Restart is entered the
+    // queued NBLs would be dequeued and indicated to the host.
+    //
+    if(tapAdapterSendAndReceiveReady(Adapter) != NDIS_STATUS_SUCCESS)
+    {
+        DEBUGP (("[%s] Lying send in IndicateReceivePacket while adapter paused\n",
+            MINIPORT_INSTANCE_ID (Adapter)));
+
+        return;
+    }
+
+    // Allocate flat buffer for packet data.
+    injectBuffer = (PUCHAR )NdisAllocateMemoryWithTagPriority(
+                        Adapter->MiniportAdapterHandle,
+                        packetLength,
+                        TAP_RX_INJECT_BUFFER_TAG,
+                        NormalPoolPriority
+                        );
+
+    if( injectBuffer)
+    {
+        PMDL    mdl;
+
+        // Copy packet data to flat buffer.
+        NdisMoveMemory (injectBuffer, packetData, packetLength);
+
+        // Allocate MDL for flat buffer.
+        mdl = NdisAllocateMdl(
+                Adapter->MiniportAdapterHandle,
+                injectBuffer,
+                packetLength
+                );
+
+        if( mdl )
+        {
+            PNET_BUFFER_LIST    netBufferList;
+
+            mdl->Next = NULL;   // No next MDL
+
+            // Allocate the NBL and NB. Link MDL chain to NB.
+            netBufferList = NdisAllocateNetBufferAndNetBufferList(
+                                Adapter->ReceiveNblPool,
+                                0,                  // ContextSize
+                                0,                  // ContextBackFill
+                                mdl,                // MDL chain
+                                0,
+                                packetLength
+                                );
+
+            if(netBufferList != NULL)
+            {
+                ULONG       receiveFlags = 0;
+                LONG        nblCount;
+
+                NET_BUFFER_LIST_NEXT_NBL(netBufferList) = NULL; // Only one NBL
+
+                if(KeGetCurrentIrql() == DISPATCH_LEVEL)
+                {
+                    receiveFlags |= NDIS_RECEIVE_FLAGS_DISPATCH_LEVEL;
+                }
+
+                // Set flag indicating that this is an injected packet
+                TAP_RX_NBL_FLAGS_CLEAR_ALL(netBufferList);
+                TAP_RX_NBL_FLAG_SET(netBufferList,TAP_RX_NBL_FLAGS_IS_INJECTED);
+
+                netBufferList->MiniportReserved[0] = NULL;
+                netBufferList->MiniportReserved[1] = NULL;
+
+                // Increment in-flight receive NBL count.
+                nblCount = NdisInterlockedIncrement(&Adapter->ReceiveNblInFlightCount);
+                ASSERT(nblCount > 0 );
+
+                netBufferList->SourceHandle = Adapter->MiniportAdapterHandle;
+
+                //
+                // Indicate the packet
+                // -------------------
+                // Irp->AssociatedIrp.SystemBuffer with length irpSp->Parameters.Write.Length
+                // contains the complete packet including Ethernet header and payload.
+                //
+                NdisMIndicateReceiveNetBufferLists(
+                    Adapter->MiniportAdapterHandle,
+                    netBufferList,
+                    NDIS_DEFAULT_PORT_NUMBER,
+                    1,      // NumberOfNetBufferLists
+                    receiveFlags
+                    );
+
+                return;
+            }
+            else
+            {
+                DEBUGP (("[%s] NdisAllocateNetBufferAndNetBufferList failed in IndicateReceivePacket\n",
+                    MINIPORT_INSTANCE_ID (Adapter)));
+                NOTE_ERROR ();
+
+                NdisFreeMdl(mdl);
+                NdisFreeMemory(injectBuffer,0,0);
+            }
+        }
+        else
+        {
+            DEBUGP (("[%s] NdisAllocateMdl failed in IndicateReceivePacket\n",
+                MINIPORT_INSTANCE_ID (Adapter)));
+            NOTE_ERROR ();
+
+            NdisFreeMemory(injectBuffer,0,0);
+        }
+    }
+    else
+    {
+        DEBUGP (("[%s] NdisAllocateMemoryWithTagPriority failed in IndicateReceivePacket\n",
+            MINIPORT_INSTANCE_ID (Adapter)));
+        NOTE_ERROR ();
+    }
+}
+
+VOID
+tapCompleteIrpAndFreeReceiveNetBufferList(
+    __in  PTAP_ADAPTER_CONTEXT  Adapter,
+    __in  PNET_BUFFER_LIST      NetBufferList,  // Only one NB here...
+    __in  NTSTATUS              IoCompletionStatus
+    )
+{
+    PIRP    irp;
+    ULONG   frameType, netBufferCount, byteCount;
+    LONG    nblCount;
+
+    // Fetch NB frame type.
+    frameType = tapGetNetBufferFrameType(NET_BUFFER_LIST_FIRST_NB(NetBufferList));
+
+    // Fetch statistics for all NBs linked to the NB.
+    netBufferCount = tapGetNetBufferCountsFromNetBufferList(
+                        NetBufferList,
+                        &byteCount
+                        );
+
+    // Update statistics by frame type
+    if(IoCompletionStatus == STATUS_SUCCESS)
+    {
+        switch(frameType)
+        {
+        case NDIS_PACKET_TYPE_DIRECTED:
+            Adapter->FramesRxDirected += netBufferCount;
+            Adapter->BytesRxDirected += byteCount;
+            break;
+
+        case NDIS_PACKET_TYPE_BROADCAST:
+            Adapter->FramesRxBroadcast += netBufferCount;
+            Adapter->BytesRxBroadcast += byteCount;
+            break;
+
+        case NDIS_PACKET_TYPE_MULTICAST:
+            Adapter->FramesRxMulticast += netBufferCount;
+            Adapter->BytesRxMulticast += byteCount;
+            break;
+
+        default:
+            ASSERT(FALSE);
+            break;
+        }
+    }
+
+    //
+    // Handle P2P Packet
+    // -----------------
+    // Free MDL allocated for P2P Ethernet header.
+    //
+    if(TAP_RX_NBL_FLAG_TEST(NetBufferList,TAP_RX_NBL_FLAGS_IS_P2P))
+    {
+        PNET_BUFFER     netBuffer;
+        PMDL            mdl;
+
+        netBuffer = NET_BUFFER_LIST_FIRST_NB(NetBufferList);
+        mdl = NET_BUFFER_FIRST_MDL(netBuffer);
+        mdl->Next = NULL;
+
+        NdisFreeMdl(mdl);
+    }
+
+    //
+    // Handle Injected Packet
+    // -----------------------
+    // Free MDL and data buffer allocated for injected packet.
+    //
+    if(TAP_RX_NBL_FLAG_TEST(NetBufferList,TAP_RX_NBL_FLAGS_IS_INJECTED))
+    {
+        PNET_BUFFER     netBuffer;
+        PMDL            mdl;
+        PUCHAR          injectBuffer;
+
+        netBuffer = NET_BUFFER_LIST_FIRST_NB(NetBufferList);
+        mdl = NET_BUFFER_FIRST_MDL(netBuffer);
+
+        injectBuffer = (PUCHAR )MmGetSystemAddressForMdlSafe(mdl,NormalPagePriority);
+
+        if(injectBuffer)
+        {
+            NdisFreeMemory(injectBuffer,0,0);
+        }
+
+        NdisFreeMdl(mdl);
+    }
+
+    //
+    // Complete the IRP
+    //
+    irp = (PIRP )NetBufferList->MiniportReserved[0];
+
+    if(irp)
+    {
+        irp->IoStatus.Status = IoCompletionStatus;
+        IoCompleteRequest(irp, IO_NO_INCREMENT);
+    }
+
+    // Decrement in-flight receive NBL count.
+    nblCount = NdisInterlockedDecrement(&Adapter->ReceiveNblInFlightCount);
+    ASSERT(nblCount >= 0 );
+    if (0 == nblCount)
+    {
+        NdisSetEvent(&Adapter->ReceiveNblInFlightCountZeroEvent);
+    }
+
+    // Free the NBL
+    NdisFreeNetBufferList(NetBufferList);
+}
+
+VOID
+AdapterReturnNetBufferLists(
+    __in  NDIS_HANDLE             MiniportAdapterContext,
+    __in  PNET_BUFFER_LIST        NetBufferLists,
+    __in  ULONG                   ReturnFlags
+    )
+{
+    PTAP_ADAPTER_CONTEXT    adapter = (PTAP_ADAPTER_CONTEXT )MiniportAdapterContext;
+    PNET_BUFFER_LIST        currentNbl, nextNbl;
+
+    UNREFERENCED_PARAMETER(ReturnFlags);
+
+    //
+    // Process each NBL individually
+    //
+    currentNbl = NetBufferLists;
+    while (currentNbl)
+    {
+        PNET_BUFFER_LIST    nextNbl;
+
+        nextNbl = NET_BUFFER_LIST_NEXT_NBL(currentNbl);
+        NET_BUFFER_LIST_NEXT_NBL(currentNbl) = NULL;
+
+        // Complete write IRP and free NBL and associated resources.
+        tapCompleteIrpAndFreeReceiveNetBufferList(
+            adapter,
+            currentNbl,
+            STATUS_SUCCESS
+            );
+
+        // Move to next NBL
+        currentNbl = nextNbl;
+    }
+}
+
+// IRP_MJ_WRITE callback.
+NTSTATUS
+TapDeviceWrite(
+    PDEVICE_OBJECT DeviceObject,
+    PIRP Irp
+    )
+{
+    NTSTATUS                ntStatus = STATUS_SUCCESS;// Assume success
+    PIO_STACK_LOCATION      irpSp;// Pointer to current stack location
+    PTAP_ADAPTER_CONTEXT    adapter = NULL;
+    ULONG                   dataLength;
+
+    PAGED_CODE();
+
+    irpSp = IoGetCurrentIrpStackLocation( Irp );
+
+    //
+    // Fetch adapter context for this device.
+    // --------------------------------------
+    // Adapter pointer was stashed in FsContext when handle was opened.
+    //
+    adapter = (PTAP_ADAPTER_CONTEXT )(irpSp->FileObject)->FsContext;
+
+    ASSERT(adapter);
+
+    //
+    // Sanity checks on state variables
+    //
+    if (!tapAdapterReadAndWriteReady(adapter))
+    {
+        //DEBUGP (("[%s] Interface is down in IRP_MJ_WRITE\n",
+        //    MINIPORT_INSTANCE_ID (adapter)));
+        //NOTE_ERROR();
+
+        Irp->IoStatus.Status = ntStatus = STATUS_CANCELLED;
+        Irp->IoStatus.Information = 0;
+        IoCompleteRequest (Irp, IO_NO_INCREMENT);
+
+        return ntStatus;
+    }
+
+    // Save IRP-accessible copy of buffer length
+    Irp->IoStatus.Information = irpSp->Parameters.Write.Length;
+
+    if (Irp->MdlAddress == NULL)
+    {
+        DEBUGP (("[%s] MdlAddress is NULL for IRP_MJ_WRITE\n",
+            MINIPORT_INSTANCE_ID (adapter)));
+
+        NOTE_ERROR();
+        Irp->IoStatus.Status = ntStatus = STATUS_INVALID_PARAMETER;
+        Irp->IoStatus.Information = 0;
+        IoCompleteRequest (Irp, IO_NO_INCREMENT);
+
+        return ntStatus;
+    }
+
+    //
+    // Try to get a virtual address for the MDL.
+    //
+    NdisQueryMdl(
+        Irp->MdlAddress,
+        &Irp->AssociatedIrp.SystemBuffer,
+        &dataLength,
+        NormalPagePriority
+        );
+
+    if (Irp->AssociatedIrp.SystemBuffer == NULL)
+    {
+        DEBUGP (("[%s] Could not map address in IRP_MJ_WRITE\n",
+            MINIPORT_INSTANCE_ID (adapter)));
+
+        NOTE_ERROR();
+        Irp->IoStatus.Status = ntStatus = STATUS_INSUFFICIENT_RESOURCES;
+        Irp->IoStatus.Information = 0;
+        IoCompleteRequest (Irp, IO_NO_INCREMENT);
+
+        return ntStatus;
+    }
+
+    ASSERT(dataLength == irpSp->Parameters.Write.Length);
+
+    Irp->IoStatus.Information = irpSp->Parameters.Write.Length;
+
+    //
+    // Handle miniport Pause
+    // ---------------------
+    // NDIS 6 miniports implement a temporary "Pause" state normally followed
+    // by the Restart. While in the Pause state it is forbidden for the miniport
+    // to indicate receive NBLs.
+    //
+    // That is: The device interface may be "up", but the NDIS miniport send/receive
+    // interface may be temporarily "down".
+    //
+    // BUGBUG!!! In the initial implementation of the NDIS 6 TapOas receive path
+    // the code below will perform a "lying send" for write IRPs passed to the
+    // driver while the miniport is in the Paused state.
+    //
+    // The correct implementation is to go ahead and build the NBLs corresponding
+    // to the user-mode write - but queue them. When Restart is entered the
+    // queued NBLs would be dequeued and indicated to the host.
+    //
+    if(tapAdapterSendAndReceiveReady(adapter) == NDIS_STATUS_SUCCESS)
+    {
+        if (/*!adapter->m_tun &&*/ ((irpSp->Parameters.Write.Length) >= ETHERNET_HEADER_SIZE))
+        {
+            PNET_BUFFER_LIST    netBufferList;
+
+            DUMP_PACKET ("IRP_MJ_WRITE ETH",
+                (unsigned char *) Irp->AssociatedIrp.SystemBuffer,
+                irpSp->Parameters.Write.Length);
+
+            //=====================================================
+            // If IPv4 packet, check whether or not packet
+            // was truncated.
+            //=====================================================
+#if PACKET_TRUNCATION_CHECK
+            IPv4PacketSizeVerify (
+                (unsigned char *) Irp->AssociatedIrp.SystemBuffer,
+                irpSp->Parameters.Write.Length,
+                FALSE,
+                "RX",
+                &adapter->m_RxTrunc
+                );
+#endif
+            (Irp->MdlAddress)->Next = NULL; // No next MDL
+
+            // Allocate the NBL and NB. Link MDL chain to NB.
+            netBufferList = NdisAllocateNetBufferAndNetBufferList(
+                adapter->ReceiveNblPool,
+                0,                  // ContextSize
+                0,                  // ContextBackFill
+                Irp->MdlAddress,    // MDL chain
+                0,
+                dataLength
+                );
+
+            if(netBufferList != NULL)
+            {
+                LONG    nblCount;
+
+                NET_BUFFER_LIST_NEXT_NBL(netBufferList) = NULL; // Only one NBL
+
+                // Stash IRP pointer in NBL MiniportReserved[0] field.
+                netBufferList->MiniportReserved[0] = Irp;
+                netBufferList->MiniportReserved[1] = NULL;
+
+                // This IRP is pended.
+                IoMarkIrpPending(Irp);
+
+                // This IRP cannot be cancelled while in-flight.
+                IoSetCancelRoutine(Irp,NULL);
+
+                TAP_RX_NBL_FLAGS_CLEAR_ALL(netBufferList);
+
+                // Increment in-flight receive NBL count.
+                nblCount = NdisInterlockedIncrement(&adapter->ReceiveNblInFlightCount);
+                ASSERT(nblCount > 0 );
+
+                //
+                // Indicate the packet
+                // -------------------
+                // Irp->AssociatedIrp.SystemBuffer with length irpSp->Parameters.Write.Length
+                // contains the complete packet including Ethernet header and payload.
+                //
+                NdisMIndicateReceiveNetBufferLists(
+                    adapter->MiniportAdapterHandle,
+                    netBufferList,
+                    NDIS_DEFAULT_PORT_NUMBER,
+                    1,      // NumberOfNetBufferLists
+                    0       // ReceiveFlags
+                    );
+
+                ntStatus = STATUS_PENDING;
+            }
+            else
+            {
+                DEBUGP (("[%s] NdisMIndicateReceiveNetBufferLists failed in IRP_MJ_WRITE\n",
+                    MINIPORT_INSTANCE_ID (adapter)));
+                NOTE_ERROR ();
+
+                // Fail the IRP
+                Irp->IoStatus.Information = 0;
+                ntStatus = STATUS_INSUFFICIENT_RESOURCES;
+            }
+        }
+		/*
+        else if (adapter->m_tun && ((irpSp->Parameters.Write.Length) >= IP_HEADER_SIZE))
+        {
+            PETH_HEADER         p_UserToTap = &adapter->m_UserToTap;
+            PMDL                mdl;    // Head of MDL chain.
+
+            // For IPv6, need to use Ethernet header with IPv6 proto
+            if ( IPH_GET_VER( ((IPHDR*) Irp->AssociatedIrp.SystemBuffer)->version_len) == 6 )
+            {
+                p_UserToTap = &adapter->m_UserToTap_IPv6;
+            }
+
+            DUMP_PACKET2 ("IRP_MJ_WRITE P2P",
+                p_UserToTap,
+                (unsigned char *) Irp->AssociatedIrp.SystemBuffer,
+                irpSp->Parameters.Write.Length);
+
+            //=====================================================
+            // If IPv4 packet, check whether or not packet
+            // was truncated.
+            //=====================================================
+#if PACKET_TRUNCATION_CHECK
+            IPv4PacketSizeVerify (
+                (unsigned char *) Irp->AssociatedIrp.SystemBuffer,
+                irpSp->Parameters.Write.Length,
+                TRUE,
+                "RX",
+                &adapter->m_RxTrunc
+                );
+#endif
+
+            //
+            // Allocate MDL for Ethernet header
+            // --------------------------------
+            // Irp->AssociatedIrp.SystemBuffer with length irpSp->Parameters.Write.Length
+            // contains the only the Ethernet payload. Prepend the user-mode provided
+            // payload with the Ethernet header pointed to by p_UserToTap.
+            //
+            mdl = NdisAllocateMdl(
+                adapter->MiniportAdapterHandle,
+                p_UserToTap,
+                sizeof(ETH_HEADER)
+                );
+
+            if(mdl != NULL)
+            {
+                PNET_BUFFER_LIST    netBufferList;
+
+                // Chain user's Ethernet payload behind Ethernet header.
+                mdl->Next = Irp->MdlAddress;
+                (Irp->MdlAddress)->Next = NULL; // No next MDL
+
+                // Allocate the NBL and NB. Link MDL chain to NB.
+                netBufferList = NdisAllocateNetBufferAndNetBufferList(
+                    adapter->ReceiveNblPool,
+                    0,          // ContextSize
+                    0,          // ContextBackFill
+                    mdl,        // MDL chain
+                    0,
+                    sizeof(ETH_HEADER) + dataLength
+                    );
+
+                if(netBufferList != NULL)
+                {
+                    LONG        nblCount;
+
+                    NET_BUFFER_LIST_NEXT_NBL(netBufferList) = NULL; // Only one NBL
+
+                    // This IRP is pended.
+                    IoMarkIrpPending(Irp);
+
+                    // This IRP cannot be cancelled while in-flight.
+                    IoSetCancelRoutine(Irp,NULL);
+
+                    // Stash IRP pointer in NBL MiniportReserved[0] field.
+                    netBufferList->MiniportReserved[0] = Irp;
+                    netBufferList->MiniportReserved[1] = NULL;
+
+                    // Set flag indicating that this is P2P packet
+                    TAP_RX_NBL_FLAGS_CLEAR_ALL(netBufferList);
+                    TAP_RX_NBL_FLAG_SET(netBufferList,TAP_RX_NBL_FLAGS_IS_P2P);
+
+                    // Increment in-flight receive NBL count.
+                    nblCount = NdisInterlockedIncrement(&adapter->ReceiveNblInFlightCount);
+                    ASSERT(nblCount > 0 );
+
+                    //
+                    // Indicate the packet
+                    //
+                    NdisMIndicateReceiveNetBufferLists(
+                        adapter->MiniportAdapterHandle,
+                        netBufferList,
+                        NDIS_DEFAULT_PORT_NUMBER,
+                        1,      // NumberOfNetBufferLists
+                        0       // ReceiveFlags
+                        );
+
+                    ntStatus = STATUS_PENDING;
+                }
+                else
+                {
+                    mdl->Next = NULL;
+                    NdisFreeMdl(mdl);
+
+                    DEBUGP (("[%s] NdisMIndicateReceiveNetBufferLists failed in IRP_MJ_WRITE\n",
+                        MINIPORT_INSTANCE_ID (adapter)));
+                    NOTE_ERROR ();
+
+                    // Fail the IRP
+                    Irp->IoStatus.Information = 0;
+                    ntStatus = STATUS_INSUFFICIENT_RESOURCES;
+                }
+            }
+            else
+            {
+                DEBUGP (("[%s] NdisAllocateMdl failed in IRP_MJ_WRITE\n",
+                    MINIPORT_INSTANCE_ID (adapter)));
+                NOTE_ERROR ();
+
+                // Fail the IRP
+                Irp->IoStatus.Information = 0;
+                ntStatus = STATUS_INSUFFICIENT_RESOURCES;
+            }
+        }
+		*/
+        else
+        {
+            DEBUGP (("[%s] Bad buffer size in IRP_MJ_WRITE, len=%d\n",
+                MINIPORT_INSTANCE_ID (adapter),
+                irpSp->Parameters.Write.Length));
+            NOTE_ERROR ();
+
+            Irp->IoStatus.Information = 0;	// ETHERNET_HEADER_SIZE;
+            Irp->IoStatus.Status = ntStatus = STATUS_BUFFER_TOO_SMALL;
+        }
+    }
+    else
+    {
+        DEBUGP (("[%s] Lying send in IRP_MJ_WRITE while adapter paused\n",
+            MINIPORT_INSTANCE_ID (adapter)));
+
+        ntStatus = STATUS_SUCCESS;
+    }
+
+    if (ntStatus != STATUS_PENDING)
+    {
+        Irp->IoStatus.Status = ntStatus;
+        IoCompleteRequest(Irp, IO_NO_INCREMENT);
+    }
+
+    return ntStatus;
+}
+
diff --git a/windows/TapDriver6/tap-windows.h b/windows/TapDriver6/tap-windows.h
new file mode 100644
index 0000000..7e01846
--- /dev/null
+++ b/windows/TapDriver6/tap-windows.h
@@ -0,0 +1,81 @@
+/*
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ *                 device functionality on Windows.
+ *
+ *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
+ *
+ *  This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
+ *  and is released under the GPL version 2 (see below).
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+#ifndef __TAP_WIN_H
+#define __TAP_WIN_H
+
+/*
+ * =============
+ * TAP IOCTLs
+ * =============
+ */
+
+#define TAP_WIN_CONTROL_CODE(request,method) \
+  CTL_CODE (FILE_DEVICE_UNKNOWN, request, method, FILE_ANY_ACCESS)
+
+/* Present in 8.1 */
+
+#define TAP_WIN_IOCTL_GET_MAC               TAP_WIN_CONTROL_CODE (1, METHOD_BUFFERED)
+#define TAP_WIN_IOCTL_GET_VERSION           TAP_WIN_CONTROL_CODE (2, METHOD_BUFFERED)
+#define TAP_WIN_IOCTL_GET_MTU               TAP_WIN_CONTROL_CODE (3, METHOD_BUFFERED)
+//#define TAP_WIN_IOCTL_GET_INFO              TAP_WIN_CONTROL_CODE (4, METHOD_BUFFERED)
+//#define TAP_WIN_IOCTL_CONFIG_POINT_TO_POINT TAP_WIN_CONTROL_CODE (5, METHOD_BUFFERED)
+#define TAP_WIN_IOCTL_SET_MEDIA_STATUS      TAP_WIN_CONTROL_CODE (6, METHOD_BUFFERED)
+//#define TAP_WIN_IOCTL_CONFIG_DHCP_MASQ      TAP_WIN_CONTROL_CODE (7, METHOD_BUFFERED)
+//#define TAP_WIN_IOCTL_GET_LOG_LINE          TAP_WIN_CONTROL_CODE (8, METHOD_BUFFERED)
+//#define TAP_WIN_IOCTL_CONFIG_DHCP_SET_OPT   TAP_WIN_CONTROL_CODE (9, METHOD_BUFFERED)
+
+/* Added in 8.2 */
+
+/* obsoletes TAP_WIN_IOCTL_CONFIG_POINT_TO_POINT */
+//#define TAP_WIN_IOCTL_CONFIG_TUN            TAP_WIN_CONTROL_CODE (10, METHOD_BUFFERED)
+
+// Used by ZT1 to get multicast memberships at the L2 level -- Windows provides no native way to do this that I know of
+#define TAP_WIN_IOCTL_GET_MULTICAST_MEMBERSHIPS TAP_WIN_CONTROL_CODE (11, METHOD_BUFFERED)
+// Must be the same as NIC_MAX_MCAST_LIST in constants.h
+#define TAP_MAX_MCAST_LIST 128
+// Amount of memory that must be provided to ioctl TAP_WIN_IOCTL_GET_MULTICAST_MEMBERSHIPS
+#define TAP_WIN_IOCTL_GET_MULTICAST_MEMBERSHIPS_OUTPUT_BUF_SIZE (TAP_MAX_MCAST_LIST * 6)
+
+/*
+ * =================
+ * Registry keys
+ * =================
+ */
+
+#define ADAPTER_KEY "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}"
+
+#define NETWORK_CONNECTIONS_KEY "SYSTEM\\CurrentControlSet\\Control\\Network\\{4D36E972-E325-11CE-BFC1-08002BE10318}"
+
+/*
+ * ======================
+ * Filesystem prefixes
+ * ======================
+ */
+
+#define USERMODEDEVICEDIR "\\\\.\\Global\\"
+#define SYSDEVICEDIR      "\\Device\\"
+#define USERDEVICEDIR     "\\DosDevices\\Global\\"
+#define TAP_WIN_SUFFIX    ".tap"
+
+#endif // __TAP_WIN_H
diff --git a/windows/TapDriver6/tap.h b/windows/TapDriver6/tap.h
new file mode 100644
index 0000000..079b279
--- /dev/null
+++ b/windows/TapDriver6/tap.h
@@ -0,0 +1,88 @@
+/*
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ *                 device functionality on Windows.
+ *
+ *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
+ *
+ *  This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
+ *  and is released under the GPL version 2 (see below).
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+#ifndef __TAP_H
+#define __TAP_H
+
+#ifndef NDIS_SUPPORT_NDIS6
+#define NDIS_SUPPORT_NDIS6 1
+#define NDIS_SUPPORT_NDIS61 1
+#define NDIS_WDM1 1
+#define NDIS61_MINIPORT 1
+#endif
+
+#include <ntifs.h>
+#include <ndis.h>
+#include <ntstrsafe.h>
+#include <netioapi.h>
+
+#include "config.h"
+#include "lock.h"
+#include "constants.h"
+#include "proto.h"
+#include "mem.h"
+#include "macinfo.h"
+#include "error.h"
+#include "endian.h"
+#include "types.h"
+#include "adapter.h"
+#include "device.h"
+#include "prototypes.h"
+#include "tap-windows.h"
+
+//========================================================
+// Check for truncated IPv4 packets, log errors if found.
+//========================================================
+#define PACKET_TRUNCATION_CHECK 0
+
+//========================================================
+// EXPERIMENTAL -- Configure TAP device object to be
+// accessible from non-administrative accounts, based
+// on an advanced properties setting.
+//
+// Duplicates the functionality of OpenVPN's
+// --allow-nonadmin directive.
+//========================================================
+#define ENABLE_NONADMIN 1
+
+//
+// The driver has exactly one instance of the TAP_GLOBAL structure.  NDIS keeps
+// an opaque handle to this data, (it doesn't attempt to read or interpret this
+// data), and it passes the handle back to the miniport in MiniportSetOptions
+// and MiniportInitializeEx.
+//
+typedef struct _TAP_GLOBAL
+{
+    LIST_ENTRY          AdapterList;
+
+    NDIS_RW_LOCK        Lock;
+
+    NDIS_HANDLE         NdisDriverHandle;   // From NdisMRegisterMiniportDriver
+
+} TAP_GLOBAL, *PTAP_GLOBAL;
+
+
+// Global data
+extern TAP_GLOBAL      GlobalData;
+
+#endif // __TAP_H
diff --git a/windows/TapDriver6/tapdrvr.c b/windows/TapDriver6/tapdrvr.c
new file mode 100644
index 0000000..6c537f1
--- /dev/null
+++ b/windows/TapDriver6/tapdrvr.c
@@ -0,0 +1,232 @@
+/*
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ *                 device functionality on Windows.
+ *
+ *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
+ *
+ *  This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
+ *  and is released under the GPL version 2 (see below).
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+//======================================================
+// This driver is designed to work on Windows Vista or higher
+// versions of Windows.
+//
+// It is SMP-safe and handles power management.
+//
+// By default we operate as a "tap" virtual ethernet
+// 802.3 interface, but we can emulate a "tun"
+// interface (point-to-point IPv4) through the
+// TAP_WIN_IOCTL_CONFIG_POINT_TO_POINT or
+// TAP_WIN_IOCTL_CONFIG_TUN ioctl.
+//======================================================
+
+//
+// Include files.
+//
+
+#include <string.h>
+
+#include "tap.h"
+
+
+// Global data
+TAP_GLOBAL      GlobalData;
+
+
+#ifdef ALLOC_PRAGMA
+#pragma alloc_text( INIT, DriverEntry )
+#pragma alloc_text( PAGE, TapDriverUnload)
+#endif // ALLOC_PRAGMA
+
+NTSTATUS
+DriverEntry(
+    __in PDRIVER_OBJECT   DriverObject,
+    __in PUNICODE_STRING  RegistryPath
+    )
+/*++
+Routine Description:
+
+    In the context of its DriverEntry function, a miniport driver associates
+    itself with NDIS, specifies the NDIS version that it is using, and
+    registers its entry points.
+
+
+Arguments:
+    PVOID DriverObject - pointer to the driver object.
+    PVOID RegistryPath - pointer to the driver registry path.
+
+    Return Value:
+
+    NTSTATUS code
+
+--*/
+{
+    NTSTATUS                                status;
+
+    UNREFERENCED_PARAMETER(RegistryPath);
+
+    DEBUGP (("[TAP] --> DriverEntry; version [%d.%d] %s %s\n",
+        TAP_DRIVER_MAJOR_VERSION,
+        TAP_DRIVER_MINOR_VERSION,
+        __DATE__,
+        __TIME__));
+
+    DEBUGP (("[TAP] Registry Path: '%wZ'\n", RegistryPath));
+
+    //
+    // Initialize any driver-global variables here.
+    //
+    NdisZeroMemory(&GlobalData, sizeof(GlobalData));
+
+    //
+    // The ApaterList in the GlobalData structure is used to track multiple
+    // adapters controlled by this miniport.
+    //
+    NdisInitializeListHead(&GlobalData.AdapterList);
+
+    //
+    // This lock protects the AdapterList.
+    //
+    NdisInitializeReadWriteLock(&GlobalData.Lock);
+
+    do
+    {
+        NDIS_MINIPORT_DRIVER_CHARACTERISTICS    miniportCharacteristics;
+
+        NdisZeroMemory(&miniportCharacteristics, sizeof(miniportCharacteristics));
+
+        {C_ASSERT(sizeof(miniportCharacteristics) >= NDIS_SIZEOF_MINIPORT_DRIVER_CHARACTERISTICS_REVISION_2);}
+        miniportCharacteristics.Header.Type = NDIS_OBJECT_TYPE_MINIPORT_DRIVER_CHARACTERISTICS;
+        miniportCharacteristics.Header.Size = NDIS_SIZEOF_MINIPORT_DRIVER_CHARACTERISTICS_REVISION_2;
+        miniportCharacteristics.Header.Revision = NDIS_MINIPORT_DRIVER_CHARACTERISTICS_REVISION_2;
+
+        miniportCharacteristics.MajorNdisVersion = TAP_NDIS_MAJOR_VERSION;
+        miniportCharacteristics.MinorNdisVersion = TAP_NDIS_MINOR_VERSION;
+
+        miniportCharacteristics.MajorDriverVersion = TAP_DRIVER_MAJOR_VERSION;
+        miniportCharacteristics.MinorDriverVersion = TAP_DRIVER_MINOR_VERSION;
+
+        miniportCharacteristics.Flags = 0;
+
+        //miniportCharacteristics.SetOptionsHandler = MPSetOptions; // Optional
+        miniportCharacteristics.InitializeHandlerEx = AdapterCreate;
+        miniportCharacteristics.HaltHandlerEx = AdapterHalt;
+        miniportCharacteristics.UnloadHandler = TapDriverUnload;
+        miniportCharacteristics.PauseHandler = AdapterPause;
+        miniportCharacteristics.RestartHandler = AdapterRestart;
+        miniportCharacteristics.OidRequestHandler = AdapterOidRequest;
+        miniportCharacteristics.SendNetBufferListsHandler = AdapterSendNetBufferLists;
+        miniportCharacteristics.ReturnNetBufferListsHandler = AdapterReturnNetBufferLists;
+        miniportCharacteristics.CancelSendHandler = AdapterCancelSend;
+        miniportCharacteristics.CheckForHangHandlerEx = AdapterCheckForHangEx;
+        miniportCharacteristics.ResetHandlerEx = AdapterReset;
+        miniportCharacteristics.DevicePnPEventNotifyHandler = AdapterDevicePnpEventNotify;
+        miniportCharacteristics.ShutdownHandlerEx = AdapterShutdownEx;
+        miniportCharacteristics.CancelOidRequestHandler = AdapterCancelOidRequest;
+
+        //
+        // Associate the miniport driver with NDIS by calling the
+        // NdisMRegisterMiniportDriver. This function returns an NdisDriverHandle.
+        // The miniport driver must retain this handle but it should never attempt
+        // to access or interpret this handle.
+        //
+        // By calling NdisMRegisterMiniportDriver, the driver indicates that it
+        // is ready for NDIS to call the driver's MiniportSetOptions and
+        // MiniportInitializeEx handlers.
+        //
+        DEBUGP (("[TAP] Calling NdisMRegisterMiniportDriver...\n"));
+        //NDIS_DECLARE_MINIPORT_DRIVER_CONTEXT(TAP_GLOBAL);
+        status = NdisMRegisterMiniportDriver(
+                    DriverObject,
+                    RegistryPath,
+                    &GlobalData,
+                    &miniportCharacteristics,
+                    &GlobalData.NdisDriverHandle
+                    );
+
+        if (NDIS_STATUS_SUCCESS == status)
+        {
+            DEBUGP (("[TAP] Registered miniport successfully\n"));
+        }
+        else
+        {
+            DEBUGP(("[TAP] NdisMRegisterMiniportDriver failed: %8.8X\n", status));
+            TapDriverUnload(DriverObject);
+            status = NDIS_STATUS_FAILURE;
+            break;
+        }
+    } while(FALSE);
+
+    DEBUGP (("[TAP] <-- DriverEntry; status = %8.8X\n",status));
+
+    return status;
+}
+
+VOID
+TapDriverUnload(
+    __in PDRIVER_OBJECT DriverObject
+    )
+/*++
+
+Routine Description:
+
+    The unload handler is called during driver unload to free up resources
+    acquired in DriverEntry. This handler is registered in DriverEntry through
+    NdisMRegisterMiniportDriver. Note that an unload handler differs from
+    a MiniportHalt function in that this unload handler releases resources that
+    are global to the driver, while the halt handler releases resource for a
+    particular adapter.
+
+    Runs at IRQL = PASSIVE_LEVEL.
+
+Arguments:
+
+    DriverObject        Not used
+
+Return Value:
+
+    None.
+
+--*/
+{
+    PDEVICE_OBJECT deviceObject = DriverObject->DeviceObject;
+    UNICODE_STRING uniWin32NameString;
+
+    DEBUGP (("[TAP] --> TapDriverUnload; version [%d.%d] %s %s unloaded\n",
+        TAP_DRIVER_MAJOR_VERSION,
+        TAP_DRIVER_MINOR_VERSION,
+        __DATE__,
+        __TIME__
+        ));
+
+    PAGED_CODE();
+
+    //
+    // Clean up all globals that were allocated in DriverEntry
+    //
+
+    ASSERT(IsListEmpty(&GlobalData.AdapterList));
+
+    if(GlobalData.NdisDriverHandle != NULL )
+    {
+        NdisMDeregisterMiniportDriver(GlobalData.NdisDriverHandle);
+    }
+
+    DEBUGP (("[TAP] <-- TapDriverUnload\n"));
+}
+
diff --git a/windows/TapDriver6/txpath.c b/windows/TapDriver6/txpath.c
new file mode 100644
index 0000000..7993ca4
--- /dev/null
+++ b/windows/TapDriver6/txpath.c
@@ -0,0 +1,1175 @@
+/*
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ *                 device functionality on Windows.
+ *
+ *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
+ *
+ *  This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
+ *  and is released under the GPL version 2 (see below).
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+//
+// Include files.
+//
+
+#include "tap.h"
+
+//======================================================================
+// TAP Send Path Support
+//======================================================================
+
+#ifdef ALLOC_PRAGMA
+#pragma alloc_text( PAGE, TapDeviceRead)
+#endif // ALLOC_PRAGMA
+
+// checksum code for ICMPv6 packet, taken from dhcp.c / udp_checksum
+// see RFC 4443, 2.3, and RFC 2460, 8.1
+USHORT
+icmpv6_checksum(
+    __in const UCHAR *buf,
+    __in const int len_icmpv6,
+    __in const UCHAR *saddr6,
+    __in const UCHAR *daddr6
+    )
+{
+    USHORT word16;
+    ULONG sum = 0;
+    int i;
+
+    // make 16 bit words out of every two adjacent 8 bit words and
+    // calculate the sum of all 16 bit words
+    for (i = 0; i < len_icmpv6; i += 2)
+    {
+        word16 = ((buf[i] << 8) & 0xFF00) + ((i + 1 < len_icmpv6) ? (buf[i+1] & 0xFF) : 0);
+        sum += word16;
+    }
+
+    // add the IPv6 pseudo header which contains the IP source and destination addresses
+    for (i = 0; i < 16; i += 2)
+    {
+        word16 =((saddr6[i] << 8) & 0xFF00) + (saddr6[i+1] & 0xFF);
+        sum += word16;
+    }
+
+    for (i = 0; i < 16; i += 2)
+    {
+        word16 =((daddr6[i] << 8) & 0xFF00) + (daddr6[i+1] & 0xFF);
+        sum += word16;
+    }
+
+    // the next-header number and the length of the ICMPv6 packet
+    sum += (USHORT) IPPROTO_ICMPV6 + (USHORT) len_icmpv6;
+
+    // keep only the last 16 bits of the 32 bit calculated sum and add the carries
+    while (sum >> 16)
+        sum = (sum & 0xFFFF) + (sum >> 16);
+
+    // Take the one's complement of sum
+    return ((USHORT) ~sum);
+}
+
+/*
+
+// check IPv6 packet for "is this an IPv6 Neighbor Solicitation that
+// the tap driver needs to answer?"
+// see RFC 4861 4.3 for the different cases
+static IPV6ADDR IPV6_NS_TARGET_MCAST =
+	{ 0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+          0x00, 0x00, 0x00, 0x01, 0xff, 0x00, 0x00, 0x08 };
+static IPV6ADDR IPV6_NS_TARGET_UNICAST =
+	{ 0xfe, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08 };
+
+BOOLEAN
+HandleIPv6NeighborDiscovery(
+    __in PTAP_ADAPTER_CONTEXT   Adapter,
+    __in UCHAR * m_Data
+    )
+{
+    const ETH_HEADER * e = (ETH_HEADER *) m_Data;
+    const IPV6HDR *ipv6 = (IPV6HDR *) (m_Data + sizeof (ETH_HEADER));
+    const ICMPV6_NS * icmpv6_ns = (ICMPV6_NS *) (m_Data + sizeof (ETH_HEADER) + sizeof (IPV6HDR));
+    ICMPV6_NA_PKT *na;
+    USHORT icmpv6_len, icmpv6_csum;
+
+    // we don't really care about the destination MAC address here
+    // - it's either a multicast MAC, or the userland destination MAC
+    // but since the TAP driver is point-to-point, all packets are "for us"
+
+    // IPv6 target address must be ff02::1::ff00:8 (multicast for
+    // initial NS) or fe80::1 (unicast for recurrent NUD)
+    if ( memcmp( ipv6->daddr, IPV6_NS_TARGET_MCAST,
+        sizeof(IPV6ADDR) ) != 0 &&
+        memcmp( ipv6->daddr, IPV6_NS_TARGET_UNICAST,
+        sizeof(IPV6ADDR) ) != 0 )
+    {
+        return FALSE;				// wrong target address
+    }
+
+    // IPv6 Next-Header must be ICMPv6
+    if ( ipv6->nexthdr != IPPROTO_ICMPV6 )
+    {
+        return FALSE;				// wrong next-header
+    }
+
+    // ICMPv6 type+code must be 135/0 for NS
+    if ( icmpv6_ns->type != ICMPV6_TYPE_NS ||
+        icmpv6_ns->code != ICMPV6_CODE_0 )
+    {
+        return FALSE;				// wrong ICMPv6 type
+    }
+
+    // ICMPv6 target address must be fe80::8 (magic)
+    if ( memcmp( icmpv6_ns->target_addr, IPV6_NS_TARGET_UNICAST,
+        sizeof(IPV6ADDR) ) != 0 )
+    {
+        return FALSE;				// not for us
+    }
+
+    // packet identified, build magic response packet
+
+    na = (ICMPV6_NA_PKT *) MemAlloc (sizeof (ICMPV6_NA_PKT), TRUE);
+    if ( !na ) return FALSE;
+
+    //------------------------------------------------
+    // Initialize Neighbour Advertisement reply packet
+    //------------------------------------------------
+
+    // ethernet header
+    na->eth.proto = htons(NDIS_ETH_TYPE_IPV6);
+    ETH_COPY_NETWORK_ADDRESS(na->eth.dest, Adapter->PermanentAddress);
+    ETH_COPY_NETWORK_ADDRESS(na->eth.src, Adapter->m_TapToUser.dest);
+
+    // IPv6 header
+    na->ipv6.version_prio = ipv6->version_prio;
+    NdisMoveMemory( na->ipv6.flow_lbl, ipv6->flow_lbl,
+        sizeof(na->ipv6.flow_lbl) );
+    icmpv6_len = sizeof(ICMPV6_NA_PKT) - sizeof(ETH_HEADER) - sizeof(IPV6HDR);
+    na->ipv6.payload_len = htons(icmpv6_len);
+    na->ipv6.nexthdr = IPPROTO_ICMPV6;
+    na->ipv6.hop_limit = 255;
+    NdisMoveMemory( na->ipv6.saddr, IPV6_NS_TARGET_UNICAST,
+        sizeof(IPV6ADDR) );
+    NdisMoveMemory( na->ipv6.daddr, ipv6->saddr,
+        sizeof(IPV6ADDR) );
+
+    // ICMPv6
+    na->icmpv6.type = ICMPV6_TYPE_NA;
+    na->icmpv6.code = ICMPV6_CODE_0;
+    na->icmpv6.checksum = 0;
+    na->icmpv6.rso_bits = 0x60;		// Solicited + Override
+    NdisZeroMemory( na->icmpv6.reserved, sizeof(na->icmpv6.reserved) );
+    NdisMoveMemory( na->icmpv6.target_addr, IPV6_NS_TARGET_UNICAST,
+        sizeof(IPV6ADDR) );
+
+    // ICMPv6 option "Target Link Layer Address"
+    na->icmpv6.opt_type = ICMPV6_OPTION_TLLA;
+    na->icmpv6.opt_length = ICMPV6_LENGTH_TLLA;
+    ETH_COPY_NETWORK_ADDRESS( na->icmpv6.target_macaddr, Adapter->m_TapToUser.dest );
+
+    // calculate and set checksum
+    icmpv6_csum = icmpv6_checksum (
+                    (UCHAR*) &(na->icmpv6),
+                    icmpv6_len,
+                    na->ipv6.saddr,
+                    na->ipv6.daddr
+                    );
+
+    na->icmpv6.checksum = htons( icmpv6_csum );
+
+    DUMP_PACKET ("HandleIPv6NeighborDiscovery",
+        (unsigned char *) na,
+        sizeof (ICMPV6_NA_PKT));
+
+    IndicateReceivePacket (Adapter, (UCHAR *) na, sizeof (ICMPV6_NA_PKT));
+
+    MemFree (na, sizeof (ICMPV6_NA_PKT));
+
+    return TRUE;				// all fine
+}
+
+//===================================================
+// Generate an ARP reply message for specific kinds
+// ARP queries.
+//===================================================
+BOOLEAN
+ProcessARP(
+    __in PTAP_ADAPTER_CONTEXT   Adapter,
+    __in const PARP_PACKET src,
+    __in const IPADDR adapter_ip,
+    __in const IPADDR ip_network,
+    __in const IPADDR ip_netmask,
+    __in const MACADDR mac
+    )
+{
+    //-----------------------------------------------
+    // Is this the kind of packet we are looking for?
+    //-----------------------------------------------
+    if (src->m_Proto == htons (NDIS_ETH_TYPE_ARP)
+        && MAC_EQUAL (src->m_MAC_Source, Adapter->PermanentAddress)
+        && MAC_EQUAL (src->m_ARP_MAC_Source, Adapter->PermanentAddress)
+        && ETH_IS_BROADCAST(src->m_MAC_Destination)
+        && src->m_ARP_Operation == htons (ARP_REQUEST)
+        && src->m_MAC_AddressType == htons (MAC_ADDR_TYPE)
+        && src->m_MAC_AddressSize == sizeof (MACADDR)
+        && src->m_PROTO_AddressType == htons (NDIS_ETH_TYPE_IPV4)
+        && src->m_PROTO_AddressSize == sizeof (IPADDR)
+        && src->m_ARP_IP_Source == adapter_ip
+        && (src->m_ARP_IP_Destination & ip_netmask) == ip_network
+        && src->m_ARP_IP_Destination != adapter_ip)
+    {
+        ARP_PACKET *arp = (ARP_PACKET *) MemAlloc (sizeof (ARP_PACKET), TRUE);
+        if (arp)
+        {
+            //----------------------------------------------
+            // Initialize ARP reply fields
+            //----------------------------------------------
+            arp->m_Proto = htons (NDIS_ETH_TYPE_ARP);
+            arp->m_MAC_AddressType = htons (MAC_ADDR_TYPE);
+            arp->m_PROTO_AddressType = htons (NDIS_ETH_TYPE_IPV4);
+            arp->m_MAC_AddressSize = sizeof (MACADDR);
+            arp->m_PROTO_AddressSize = sizeof (IPADDR);
+            arp->m_ARP_Operation = htons (ARP_REPLY);
+
+            //----------------------------------------------
+            // ARP addresses
+            //----------------------------------------------      
+            ETH_COPY_NETWORK_ADDRESS (arp->m_MAC_Source, mac);
+            ETH_COPY_NETWORK_ADDRESS (arp->m_MAC_Destination, Adapter->PermanentAddress);
+            ETH_COPY_NETWORK_ADDRESS (arp->m_ARP_MAC_Source, mac);
+            ETH_COPY_NETWORK_ADDRESS (arp->m_ARP_MAC_Destination, Adapter->PermanentAddress);
+            arp->m_ARP_IP_Source = src->m_ARP_IP_Destination;
+            arp->m_ARP_IP_Destination = adapter_ip;
+
+            DUMP_PACKET ("ProcessARP",
+                (unsigned char *) arp,
+                sizeof (ARP_PACKET));
+
+            IndicateReceivePacket (Adapter, (UCHAR *) arp, sizeof (ARP_PACKET));
+
+            MemFree (arp, sizeof (ARP_PACKET));
+        }
+
+        return TRUE;
+    }
+    else
+        return FALSE;
+}
+*/
+
+//=============================================================
+// CompleteIRP is normally called with an adapter -> userspace
+// network packet and an IRP (Pending I/O request) from userspace.
+//
+// The IRP will normally represent a queued overlapped read
+// operation from userspace that is in a wait state.
+//
+// Use the ethernet packet to satisfy the IRP.
+//=============================================================
+
+VOID
+tapCompletePendingReadIrp(
+    __in PIRP Irp,
+    __in PTAP_PACKET TapPacket
+    )
+{
+    int offset;
+    int len;
+    NTSTATUS    status = STATUS_UNSUCCESSFUL;
+
+    ASSERT(Irp);
+    ASSERT(TapPacket);
+
+    //-------------------------------------------
+    // While TapPacket always contains a
+    // full ethernet packet, including the
+    // ethernet header, in point-to-point mode,
+    // we only want to return the IPv4
+    // component.
+    //-------------------------------------------
+
+    if (TapPacket->m_SizeFlags & TP_TUN)
+    {
+        offset = ETHERNET_HEADER_SIZE;
+        len = (int) (TapPacket->m_SizeFlags & TP_SIZE_MASK) - ETHERNET_HEADER_SIZE;
+    }
+    else
+    {
+        offset = 0;
+        len = (TapPacket->m_SizeFlags & TP_SIZE_MASK);
+    }
+
+    if (len < 0 || (int) Irp->IoStatus.Information < len)
+    {
+        Irp->IoStatus.Information = 0;
+        Irp->IoStatus.Status = status = STATUS_BUFFER_OVERFLOW;
+        NOTE_ERROR ();
+    }
+    else
+    {
+        Irp->IoStatus.Information = len;
+        Irp->IoStatus.Status = status = STATUS_SUCCESS;
+
+        // Copy packet data
+        NdisMoveMemory(
+            Irp->AssociatedIrp.SystemBuffer,
+            TapPacket->m_Data + offset,
+            len
+            );
+    }
+
+    // Free the TAP packet
+    NdisFreeMemory(TapPacket,0,0);
+
+    // Complete the IRP
+    IoCompleteRequest (Irp, IO_NETWORK_INCREMENT);
+}
+
+VOID
+tapProcessSendPacketQueue(
+    __in PTAP_ADAPTER_CONTEXT   Adapter
+    )
+{
+    KIRQL  irql;
+
+    // Process the send packet queue
+    KeAcquireSpinLock(&Adapter->SendPacketQueue.QueueLock,&irql);
+
+    while(Adapter->SendPacketQueue.Count > 0 )
+    {
+        PIRP            irp;
+        PTAP_PACKET     tapPacket;
+
+        // Fetch a read IRP
+        irp = IoCsqRemoveNextIrp(
+                &Adapter->PendingReadIrpQueue.CsqQueue,
+                NULL
+                );
+
+        if( irp == NULL )
+        {
+            // No IRP to satisfy
+            break;
+        }
+
+        // Fetch a queued TAP send packet
+        tapPacket = tapPacketRemoveHeadLocked(
+                        &Adapter->SendPacketQueue
+                        );
+
+        ASSERT(tapPacket);
+
+        // BUGBUG!!! Investigate whether release/reacquire can cause
+        // out-of-order IRP completion. Also, whether user-mode can
+        // tolerate out-of-order packets.
+
+        // Release packet queue lock while completing the IRP
+        //KeReleaseSpinLock(&Adapter->SendPacketQueue.QueueLock,irql);
+
+        // Complete the read IRP from queued TAP send packet.
+        tapCompletePendingReadIrp(irp,tapPacket);
+
+        // Reqcquire packet queue lock after completing the IRP
+        //KeAcquireSpinLock(&Adapter->SendPacketQueue.QueueLock,&irql);
+    }
+
+    KeReleaseSpinLock(&Adapter->SendPacketQueue.QueueLock,irql);
+}
+
+// Flush the pending send TAP packet queue.
+VOID
+tapFlushSendPacketQueue(
+    __in PTAP_ADAPTER_CONTEXT   Adapter
+    )
+{
+    KIRQL  irql;
+
+    // Process the send packet queue
+    KeAcquireSpinLock(&Adapter->SendPacketQueue.QueueLock,&irql);
+
+    DEBUGP (("[TAP] tapFlushSendPacketQueue: Flushing %d TAP packets\n",
+        Adapter->SendPacketQueue.Count));
+
+    while(Adapter->SendPacketQueue.Count > 0 )
+    {
+        PTAP_PACKET     tapPacket;
+
+        // Fetch a queued TAP send packet
+        tapPacket = tapPacketRemoveHeadLocked(
+                        &Adapter->SendPacketQueue
+                        );
+
+        ASSERT(tapPacket);
+
+        // Free the TAP packet
+        NdisFreeMemory(tapPacket,0,0);
+    }
+
+    KeReleaseSpinLock(&Adapter->SendPacketQueue.QueueLock,irql);
+}
+
+VOID
+tapAdapterTransmit(
+    __in PTAP_ADAPTER_CONTEXT   Adapter,
+    __in PNET_BUFFER            NetBuffer,
+    __in  BOOLEAN               DispatchLevel
+    )
+/*++
+
+Routine Description:
+
+    This routine is called to transmit an individual net buffer using a
+    style similar to the previous NDIS 5 AdapterTransmit function.
+
+    In this implementation adapter state and NB length checks have already
+    been done before this function has been called.
+
+    The net buffer will be completed by the calling routine after this
+    routine exits. So, under this design it is necessary to make a deep
+    copy of frame data in the net buffer.
+
+    This routine creates a flat buffer copy of NB frame data. This is an
+    unnecessary performance bottleneck. However, the bottleneck is probably
+    not significant or measurable except for adapters running at 1Gbps or
+    greater speeds. Since this adapter is currently running at 100Mbps this
+    defect can be ignored.
+
+    Runs at IRQL <= DISPATCH_LEVEL
+
+Arguments:
+
+    Adapter                     Pointer to our adapter context
+    NetBuffer                   Pointer to the net buffer to transmit
+    DispatchLevel               TRUE if called at IRQL == DISPATCH_LEVEL
+
+Return Value:
+
+    None.
+
+    In the Microsoft NDIS 6 architecture there is no per-packet status.
+
+--*/
+{
+    NDIS_STATUS     status;
+    ULONG           packetLength;
+    PTAP_PACKET     tapPacket;
+    PVOID           packetData;
+
+    packetLength = NET_BUFFER_DATA_LENGTH(NetBuffer);
+
+    // Allocate TAP packet memory
+    tapPacket = (PTAP_PACKET )NdisAllocateMemoryWithTagPriority(
+                    Adapter->MiniportAdapterHandle,
+                    TAP_PACKET_SIZE (packetLength),
+                    TAP_PACKET_TAG,
+                    NormalPoolPriority
+                    );
+
+    if(tapPacket == NULL)
+    {
+        DEBUGP (("[TAP] tapAdapterTransmit: TAP packet allocation failed\n"));
+        return;
+    }
+
+    tapPacket->m_SizeFlags = (packetLength & TP_SIZE_MASK);
+
+    //
+    // Reassemble packet contents
+    // --------------------------
+    // NdisGetDataBuffer does most of the work. There are two cases:
+    //
+    //    1.) If the NB data was not contiguous it will copy the entire
+    //        NB's data to m_data and return pointer to m_data.
+    //    2.) If the NB data was contiguous it returns a pointer to the
+    //        first byte of the contiguous data instead of a pointer to m_Data.
+    //        In this case the data will not have been copied to m_Data. Copy
+    //        to m_Data will need to be done in an extra step.
+    //
+    // Case 1.) is the most likely in normal operation.
+    //
+    packetData = NdisGetDataBuffer(NetBuffer,packetLength,tapPacket->m_Data,1,0);
+
+    if(packetData == NULL)
+    {
+        DEBUGP (("[TAP] tapAdapterTransmit: Could not get packet data\n"));
+
+        NdisFreeMemory(tapPacket,0,0);
+
+        return;
+    }
+
+    if(packetData != tapPacket->m_Data)
+    {
+        // Packet data was contiguous and not yet copied to m_Data.
+        NdisMoveMemory(tapPacket->m_Data,packetData,packetLength);
+    }
+    
+    DUMP_PACKET ("AdapterTransmit", tapPacket->m_Data, packetLength);
+
+    //=====================================================
+    // If IPv4 packet, check whether or not packet
+    // was truncated.
+    //=====================================================
+#if PACKET_TRUNCATION_CHECK
+    IPv4PacketSizeVerify(
+        tapPacket->m_Data,
+        packetLength,
+        FALSE,
+        "TX",
+        &Adapter->m_TxTrunc
+        );
+#endif
+
+    //=====================================================
+    // Are we running in DHCP server masquerade mode?
+    //
+    // If so, catch both DHCP requests and ARP queries
+    // to resolve the address of our virtual DHCP server.
+    //=====================================================
+#if 0
+	if (Adapter->m_dhcp_enabled)
+    {
+        const ETH_HEADER *eth = (ETH_HEADER *) tapPacket->m_Data;
+        const IPHDR *ip = (IPHDR *) (tapPacket->m_Data + sizeof (ETH_HEADER));
+        const UDPHDR *udp = (UDPHDR *) (tapPacket->m_Data + sizeof (ETH_HEADER) + sizeof (IPHDR));
+
+        // ARP packet?
+        if (packetLength == sizeof (ARP_PACKET)
+            && eth->proto == htons (NDIS_ETH_TYPE_ARP)
+            && Adapter->m_dhcp_server_arp
+            )
+        {
+            if (ProcessARP(
+                    Adapter,
+                    (PARP_PACKET) tapPacket->m_Data,
+                    Adapter->m_dhcp_addr,
+                    Adapter->m_dhcp_server_ip,
+                    ~0,
+                    Adapter->m_dhcp_server_mac)
+                    )
+            {
+                goto no_queue;
+            }
+        }
+
+        // DHCP packet?
+        else if (packetLength >= sizeof (ETH_HEADER) + sizeof (IPHDR) + sizeof (UDPHDR) + sizeof (DHCP)
+            && eth->proto == htons (NDIS_ETH_TYPE_IPV4)
+            && ip->version_len == 0x45 // IPv4, 20 byte header
+            && ip->protocol == IPPROTO_UDP
+            && udp->dest == htons (BOOTPS_PORT)
+            )
+        {
+            const DHCP *dhcp = (DHCP *) (tapPacket->m_Data
+                + sizeof (ETH_HEADER)
+                + sizeof (IPHDR)
+                + sizeof (UDPHDR));
+
+            const int optlen = packetLength
+                - sizeof (ETH_HEADER)
+                - sizeof (IPHDR)
+                - sizeof (UDPHDR)
+                - sizeof (DHCP);
+
+            if (optlen > 0) // we must have at least one DHCP option
+            {
+                if (ProcessDHCP (Adapter, eth, ip, udp, dhcp, optlen))
+                {
+                    goto no_queue;
+                }
+            }
+            else
+            {
+                goto no_queue;
+            }
+        }
+    }
+#endif
+
+	//===============================================
+    // In Point-To-Point mode, check to see whether
+    // packet is ARP (handled) or IPv4 (sent to app).
+    // IPv6 packets are inspected for neighbour discovery
+    // (to be handled locally), and the rest is forwarded
+    // all other protocols are dropped
+    //===============================================
+#if 0
+	if (Adapter->m_tun)
+    {
+        ETH_HEADER *e;
+
+        e = (ETH_HEADER *) tapPacket->m_Data;
+
+        switch (ntohs (e->proto))
+        {
+        case NDIS_ETH_TYPE_ARP:
+
+            // Make sure that packet is the right size for ARP.
+            if (packetLength != sizeof (ARP_PACKET))
+            {
+                goto no_queue;
+            }
+
+            ProcessARP (
+                Adapter,
+                (PARP_PACKET) tapPacket->m_Data,
+                Adapter->m_localIP,
+                Adapter->m_remoteNetwork,
+                Adapter->m_remoteNetmask,
+                Adapter->m_TapToUser.dest
+                );
+
+        default:
+            goto no_queue;
+
+        case NDIS_ETH_TYPE_IPV4:
+
+            // Make sure that packet is large enough to be IPv4.
+            if (packetLength < (ETHERNET_HEADER_SIZE + IP_HEADER_SIZE))
+            {
+                goto no_queue;
+            }
+
+            // Only accept directed packets, not broadcasts.
+            if (memcmp (e, &Adapter->m_TapToUser, ETHERNET_HEADER_SIZE))
+            {
+                goto no_queue;
+            }
+
+            // Packet looks like IPv4, queue it. :-)
+            tapPacket->m_SizeFlags |= TP_TUN;
+            break;
+
+        case NDIS_ETH_TYPE_IPV6:
+            // Make sure that packet is large enough to be IPv6.
+            if (packetLength < (ETHERNET_HEADER_SIZE + IPV6_HEADER_SIZE))
+            {
+                goto no_queue;
+            }
+
+            // Broadcasts and multicasts are handled specially
+            // (to be implemented)
+
+            // Neighbor discovery packets to fe80::8 are special
+            // OpenVPN sets this next-hop to signal "handled by tapdrv"
+            if ( HandleIPv6NeighborDiscovery(Adapter,tapPacket->m_Data) )
+            {
+                goto no_queue;
+            }
+
+            // Packet looks like IPv6, queue it. :-)
+            tapPacket->m_SizeFlags |= TP_TUN;
+        }
+    }
+#endif
+
+	//===============================================
+    // Push packet onto queue to wait for read from
+    // userspace.
+    //===============================================
+    if(tapAdapterReadAndWriteReady(Adapter))
+    {
+        tapPacketQueueInsertTail(&Adapter->SendPacketQueue,tapPacket);
+    }
+    else
+    {
+        //
+        // Tragedy. All this work and the packet is of no use... 
+        //
+        NdisFreeMemory(tapPacket,0,0);
+    }
+
+    // Return after queuing or freeing TAP packet.
+    return;
+
+    // Free TAP packet without queuing.
+no_queue:
+    if(tapPacket != NULL )
+    {
+        NdisFreeMemory(tapPacket,0,0);
+    }
+  
+exit_success:
+    return;
+}
+
+VOID
+tapSendNetBufferListsComplete(
+    __in PTAP_ADAPTER_CONTEXT   Adapter,
+    __in PNET_BUFFER_LIST       NetBufferLists,
+    __in NDIS_STATUS            SendCompletionStatus,
+    __in BOOLEAN                DispatchLevel
+    )
+{
+    PNET_BUFFER_LIST    currentNbl;
+    PNET_BUFFER_LIST    nextNbl = NULL;
+    ULONG               sendCompleteFlags = 0;
+
+    for (
+        currentNbl = NetBufferLists;
+        currentNbl != NULL;
+        currentNbl = nextNbl
+        )
+    {
+        ULONG       frameType;
+        ULONG       netBufferCount;
+        ULONG       byteCount;
+
+        nextNbl = NET_BUFFER_LIST_NEXT_NBL(currentNbl);
+
+        // Set NBL completion status.
+        NET_BUFFER_LIST_STATUS(currentNbl) = SendCompletionStatus;
+
+        // Fetch first NBs frame type. All linked NBs will have same type.
+        frameType = tapGetNetBufferFrameType(NET_BUFFER_LIST_FIRST_NB(currentNbl));
+
+        // Fetch statistics for all NBs linked to the NB.
+        netBufferCount = tapGetNetBufferCountsFromNetBufferList(
+                            currentNbl,
+                            &byteCount
+                            );
+
+        // Update statistics by frame type
+        if(SendCompletionStatus == NDIS_STATUS_SUCCESS)
+        {
+            switch(frameType)
+            {
+            case NDIS_PACKET_TYPE_DIRECTED:
+                Adapter->FramesTxDirected += netBufferCount;
+                Adapter->BytesTxDirected += byteCount;
+                break;
+
+            case NDIS_PACKET_TYPE_BROADCAST:
+                Adapter->FramesTxBroadcast += netBufferCount;
+                Adapter->BytesTxBroadcast += byteCount;
+                break;
+
+            case NDIS_PACKET_TYPE_MULTICAST:
+                Adapter->FramesTxMulticast += netBufferCount;
+                Adapter->BytesTxMulticast += byteCount;
+                break;
+
+            default:
+                ASSERT(FALSE);
+                break;
+            }
+        }
+        else
+        {
+            // Transmit error.
+            Adapter->TransmitFailuresOther += netBufferCount;
+        }
+
+        currentNbl = nextNbl;
+    }
+
+    if(DispatchLevel)
+    {
+        sendCompleteFlags |= NDIS_SEND_COMPLETE_FLAGS_DISPATCH_LEVEL;
+    }
+
+    // Complete the NBLs
+    NdisMSendNetBufferListsComplete(
+        Adapter->MiniportAdapterHandle,
+        NetBufferLists,
+        sendCompleteFlags
+        );
+}
+
+BOOLEAN
+tapNetBufferListNetBufferLengthsValid(
+    __in PTAP_ADAPTER_CONTEXT   Adapter,
+    __in  PNET_BUFFER_LIST      NetBufferLists
+    )
+/*++
+
+Routine Description:
+
+    Scan all NBLs and their linked NBs for valid lengths.
+
+    Fairly absurd to find and packets with bogus lengths, but wise
+    to check anyway. If ANY packet has a bogus length, then abort the
+    entire send.
+
+    The only time that one might see this check fail might be during
+    HCK driver testing. The HKC test might send oversize packets to
+    determine if the miniport can gracefully deal with them.
+
+    This check is fairly fast. Unlike NDIS 5 packets, fetching NDIS 6
+    packets lengths do not require any computation.
+
+Arguments:
+
+    Adapter                 Pointer to our adapter context
+    NetBufferLists          Head of a list of NBLs to examine
+
+Return Value:
+
+    Returns TRUE if all NBs have reasonable lengths.
+    Otherwise, returns FALSE.
+
+--*/
+{
+    PNET_BUFFER_LIST        currentNbl;
+
+    currentNbl = NetBufferLists;
+
+    while (currentNbl)
+    {
+        PNET_BUFFER_LIST    nextNbl;
+        PNET_BUFFER         currentNb;
+
+        // Locate next NBL
+        nextNbl = NET_BUFFER_LIST_NEXT_NBL(currentNbl);
+
+        // Locate first NB (aka "packet")
+        currentNb = NET_BUFFER_LIST_FIRST_NB(currentNbl);
+
+        //
+        // Process all NBs linked to this NBL
+        //
+        while(currentNb)
+        {
+            PNET_BUFFER nextNb;
+            ULONG       packetLength;
+
+            // Locate next NB
+            nextNb = NET_BUFFER_NEXT_NB(currentNb);
+
+            packetLength = NET_BUFFER_DATA_LENGTH(currentNb);
+
+            // Minimum packet size is size of Ethernet plus IPv4 headers.
+            ASSERT(packetLength >= (ETHERNET_HEADER_SIZE + IP_HEADER_SIZE));
+
+            if(packetLength < (ETHERNET_HEADER_SIZE + IP_HEADER_SIZE))
+            {
+                return FALSE;
+            }
+
+            // Maximum size should be Ethernet header size plus MTU plus modest pad for
+            // VLAN tag.
+            ASSERT( packetLength <= (ETHERNET_HEADER_SIZE + VLAN_TAG_SIZE + Adapter->MtuSize));
+
+            if(packetLength > (ETHERNET_HEADER_SIZE + VLAN_TAG_SIZE + Adapter->MtuSize))
+            {
+                return FALSE;
+            }
+
+            // Move to next NB
+            currentNb = nextNb;
+        }
+
+        // Move to next NBL
+        currentNbl = nextNbl;
+    }
+
+    return TRUE;
+}
+
+VOID
+AdapterSendNetBufferLists(
+    __in  NDIS_HANDLE             MiniportAdapterContext,
+    __in  PNET_BUFFER_LIST        NetBufferLists,
+    __in  NDIS_PORT_NUMBER        PortNumber,
+    __in  ULONG                   SendFlags
+    )
+/*++
+
+Routine Description:
+
+    Send Packet Array handler. Called by NDIS whenever a protocol
+    bound to our miniport sends one or more packets.
+
+    The input packet descriptor pointers have been ordered according
+    to the order in which the packets should be sent over the network
+    by the protocol driver that set up the packet array. The NDIS
+    library preserves the protocol-determined ordering when it submits
+    each packet array to MiniportSendPackets
+
+    As a deserialized driver, we are responsible for holding incoming send
+    packets in our internal queue until they can be transmitted over the
+    network and for preserving the protocol-determined ordering of packet
+    descriptors incoming to its MiniportSendPackets function.
+    A deserialized miniport driver must complete each incoming send packet
+    with NdisMSendComplete, and it cannot call NdisMSendResourcesAvailable.
+
+    Runs at IRQL <= DISPATCH_LEVEL
+
+Arguments:
+
+    MiniportAdapterContext      Pointer to our adapter
+    NetBufferLists              Head of a list of NBLs to send
+    PortNumber                  A miniport adapter port.  Default is 0.
+    SendFlags                   Additional flags for the send operation
+
+Return Value:
+
+    None.  Write status directly into each NBL with the NET_BUFFER_LIST_STATUS
+    macro.
+
+--*/
+{
+    NDIS_STATUS             status;
+    PTAP_ADAPTER_CONTEXT    adapter = (PTAP_ADAPTER_CONTEXT )MiniportAdapterContext;
+    BOOLEAN                 DispatchLevel = (SendFlags & NDIS_SEND_FLAGS_DISPATCH_LEVEL);
+    PNET_BUFFER_LIST        currentNbl;
+    BOOLEAN                 validNbLengths;
+
+    UNREFERENCED_PARAMETER(NetBufferLists);
+    UNREFERENCED_PARAMETER(PortNumber);
+    UNREFERENCED_PARAMETER(SendFlags);
+
+    ASSERT(PortNumber == 0); // Only the default port is supported
+
+    //
+    // Can't process sends if TAP device is not open.
+    // ----------------------------------------------
+    // Just perform a "lying send" and return packets as if they
+    // were successfully sent.
+    //
+    if(adapter->TapFileObject == NULL)
+    {
+        //
+        // Complete all NBLs and return if adapter not ready.
+        //
+        tapSendNetBufferListsComplete(
+            adapter,
+            NetBufferLists,
+            NDIS_STATUS_SUCCESS,
+            DispatchLevel
+            );
+
+        return;
+    }
+
+    //
+    // Check Adapter send/receive ready state.
+    //
+    status = tapAdapterSendAndReceiveReady(adapter);
+
+    if(status != NDIS_STATUS_SUCCESS)
+    {
+        //
+        // Complete all NBLs and return if adapter not ready.
+        //
+        tapSendNetBufferListsComplete(
+            adapter,
+            NetBufferLists,
+            status,
+            DispatchLevel
+            );
+
+        return;
+    }
+
+    //
+    // Scan all NBLs and linked packets for valid lengths.
+    // ---------------------------------------------------
+    // If _ANY_ NB length is invalid, then fail the entire send operation.
+    //
+    //    BUGBUG!!! Perhaps this should be less agressive. Fail only individual
+    //    NBLs...
+    //    
+    // If length check is valid, then TAP_PACKETS can be safely allocated
+    // and processed for all NBs being sent.
+    //
+    validNbLengths = tapNetBufferListNetBufferLengthsValid(
+                        adapter,
+                        NetBufferLists
+                        );
+
+    if(!validNbLengths)
+    {
+        //
+        // Complete all NBLs and return if and NB length is invalid.
+        //
+        tapSendNetBufferListsComplete(
+            adapter,
+            NetBufferLists,
+            NDIS_STATUS_INVALID_LENGTH,
+            DispatchLevel
+            );
+
+        return;
+    }
+
+    //
+    // Process each NBL individually
+    //
+    currentNbl = NetBufferLists;
+
+    while (currentNbl)
+    {
+        PNET_BUFFER_LIST    nextNbl;
+        PNET_BUFFER         currentNb;
+
+        // Locate next NBL
+        nextNbl = NET_BUFFER_LIST_NEXT_NBL(currentNbl);
+
+        // Locate first NB (aka "packet")
+        currentNb = NET_BUFFER_LIST_FIRST_NB(currentNbl);
+
+        // Transmit all NBs linked to this NBL
+        while(currentNb)
+        {
+            PNET_BUFFER nextNb;
+
+            // Locate next NB
+            nextNb = NET_BUFFER_NEXT_NB(currentNb);
+
+            // Transmit the NB
+            tapAdapterTransmit(adapter,currentNb,DispatchLevel);
+
+            // Move to next NB
+            currentNb = nextNb;
+        }
+
+        // Move to next NBL
+        currentNbl = nextNbl;
+    }
+
+    // Complete all NBLs
+    tapSendNetBufferListsComplete(
+        adapter,
+        NetBufferLists,
+        NDIS_STATUS_SUCCESS,
+        DispatchLevel
+        );
+
+    // Attempt to complete pending read IRPs from pending TAP 
+    // send packet queue.
+    tapProcessSendPacketQueue(adapter);
+}
+
+VOID
+AdapterCancelSend(
+    __in  NDIS_HANDLE             MiniportAdapterContext,
+    __in  PVOID                   CancelId
+    )
+{
+    PTAP_ADAPTER_CONTEXT   adapter = (PTAP_ADAPTER_CONTEXT )MiniportAdapterContext;
+
+    //
+    // This miniport completes its sends quickly, so it isn't strictly
+    // neccessary to implement MiniportCancelSend.
+    //
+    // If we did implement it, we'd have to walk the Adapter->SendWaitList
+    // and look for any NB that points to a NBL where the CancelId matches
+    // NDIS_GET_NET_BUFFER_LIST_CANCEL_ID(Nbl).  For any NB that so matches,
+    // we'd remove the NB from the SendWaitList and set the NBL's status to
+    // NDIS_STATUS_SEND_ABORTED, then complete the NBL.
+    //
+}
+
+// IRP_MJ_READ callback.
+NTSTATUS
+TapDeviceRead(
+    PDEVICE_OBJECT DeviceObject,
+    PIRP Irp
+    )
+{
+    NTSTATUS                ntStatus = STATUS_SUCCESS;// Assume success
+    PIO_STACK_LOCATION      irpSp;// Pointer to current stack location
+    PTAP_ADAPTER_CONTEXT    adapter = NULL;
+
+    PAGED_CODE();
+
+    irpSp = IoGetCurrentIrpStackLocation( Irp );
+
+    //
+    // Fetch adapter context for this device.
+    // --------------------------------------
+    // Adapter pointer was stashed in FsContext when handle was opened.
+    //
+    adapter = (PTAP_ADAPTER_CONTEXT )(irpSp->FileObject)->FsContext;
+
+    ASSERT(adapter);
+
+    //
+    // Sanity checks on state variables
+    //
+    if (!tapAdapterReadAndWriteReady(adapter))
+    {
+        //DEBUGP (("[%s] Interface is down in IRP_MJ_READ\n",
+        //    MINIPORT_INSTANCE_ID (adapter)));
+        //NOTE_ERROR();
+
+        Irp->IoStatus.Status = ntStatus = STATUS_CANCELLED;
+        Irp->IoStatus.Information = 0;
+        IoCompleteRequest (Irp, IO_NO_INCREMENT);
+
+        return ntStatus;
+    }
+
+    // Save IRP-accessible copy of buffer length
+    Irp->IoStatus.Information = irpSp->Parameters.Read.Length;
+
+    if (Irp->MdlAddress == NULL)
+    {
+        DEBUGP (("[%s] MdlAddress is NULL for IRP_MJ_READ\n",
+            MINIPORT_INSTANCE_ID (adapter)));
+
+        NOTE_ERROR();
+        Irp->IoStatus.Status = ntStatus = STATUS_INVALID_PARAMETER;
+        Irp->IoStatus.Information = 0;
+        IoCompleteRequest (Irp, IO_NO_INCREMENT);
+
+        return ntStatus;
+    }
+
+    if ((Irp->AssociatedIrp.SystemBuffer
+            = MmGetSystemAddressForMdlSafe(
+                Irp->MdlAddress,
+                NormalPagePriority
+                ) ) == NULL
+        )
+    {
+        DEBUGP (("[%s] Could not map address in IRP_MJ_READ\n",
+            MINIPORT_INSTANCE_ID (adapter)));
+
+        NOTE_ERROR();
+        Irp->IoStatus.Status = ntStatus = STATUS_INSUFFICIENT_RESOURCES;
+        Irp->IoStatus.Information = 0;
+        IoCompleteRequest (Irp, IO_NO_INCREMENT);
+
+        return ntStatus;
+    }
+
+    // BUGBUG!!! Use RemoveLock???
+
+    //
+    // Queue the IRP and return STATUS_PENDING.
+    // ----------------------------------------
+    // Note: IoCsqInsertIrp marks the IRP pending.
+    //
+
+    // BUGBUG!!! NDIS 5 implementation has IRP_QUEUE_SIZE of 16 and 
+    // does not queue IRP if this capacity is exceeded.
+    //
+    // Is this needed???
+    //
+    IoCsqInsertIrp(&adapter->PendingReadIrpQueue.CsqQueue, Irp, NULL);
+
+    // Attempt to complete pending read IRPs from pending TAP 
+    // send packet queue.
+    tapProcessSendPacketQueue(adapter);
+
+    ntStatus = STATUS_PENDING;
+
+    return ntStatus;
+}
+
diff --git a/windows/TapDriver6/types.h b/windows/TapDriver6/types.h
new file mode 100644
index 0000000..acea175
--- /dev/null
+++ b/windows/TapDriver6/types.h
@@ -0,0 +1,90 @@
+/*
+ *  TAP-Windows -- A kernel driver to provide virtual tap
+ *                 device functionality on Windows.
+ *
+ *  This code was inspired by the CIPE-Win32 driver by Damion K. Wilson.
+ *
+ *  This source code is Copyright (C) 2002-2014 OpenVPN Technologies, Inc.,
+ *  and is released under the GPL version 2 (see below).
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#ifndef TAP_TYPES_DEFINED
+#define TAP_TYPES_DEFINED
+
+//typedef
+//struct _Queue
+//{
+//    ULONG base;
+//    ULONG size;
+//    ULONG capacity;
+//    ULONG max_size;
+//    PVOID data[];
+//} Queue;
+
+//typedef struct _TAP_PACKET;
+
+//typedef struct _TapExtension
+//{
+//  // TAP device object and packet queues
+//  Queue *m_PacketQueue, *m_IrpQueue;
+//  PDEVICE_OBJECT m_TapDevice;
+//  NDIS_HANDLE m_TapDeviceHandle;
+//  ULONG TapFileIsOpen;
+//
+//  // Used to lock packet queues
+//  NDIS_SPIN_LOCK m_QueueLock;
+//  BOOLEAN m_AllocatedSpinlocks;
+//
+//  // Used to bracket open/close
+//  // state changes.
+//  MUTEX m_OpenCloseMutex;
+//
+//  // True if device has been permanently halted
+//  BOOLEAN m_Halt;
+//
+//  // TAP device name
+//  unsigned char *m_TapName;
+//  UNICODE_STRING m_UnicodeLinkName;
+//  BOOLEAN m_CreatedUnicodeLinkName;
+//
+//  // Used for device status ioctl only
+//  const char *m_LastErrorFilename;
+//  int m_LastErrorLineNumber;
+//  LONG TapFileOpenCount;
+//
+//  // Flags
+//  BOOLEAN TapDeviceCreated;
+//  BOOLEAN m_CalledTapDeviceFreeResources;
+//
+//  // DPC queue for deferred packet injection
+//  BOOLEAN m_InjectDpcInitialized;
+//  KDPC m_InjectDpc;
+//  NDIS_SPIN_LOCK m_InjectLock;
+//  Queue *m_InjectQueue;
+//}
+//TapExtension, *TapExtensionPointer;
+
+typedef struct _InjectPacket
+   {
+#   define INJECT_PACKET_SIZE(data_size) (sizeof (InjectPacket) + (data_size))
+#   define INJECT_PACKET_FREE(ib)  NdisFreeMemory ((ib), INJECT_PACKET_SIZE ((ib)->m_Size), 0)
+    ULONG m_Size;
+    UCHAR m_Data []; // m_Data must be the last struct member
+   }
+InjectPacket, *InjectPacketPointer;
+
+#endif
diff --git a/windows/TapDriver6/zttap300.inf b/windows/TapDriver6/zttap300.inf
new file mode 100644
index 0000000..f901b13
--- /dev/null
+++ b/windows/TapDriver6/zttap300.inf
@@ -0,0 +1,143 @@
+;
+; ZeroTier One Virtual Network Port NDIS6 Driver
+;
+; Based on the OpenVPN tap-windows6 driver version 9.21.1 git
+; commit 48f027cfca52b16b5fd23d82e6016ed8a91fc4d3.
+; See: https://github.com/OpenVPN/tap-windows6
+;
+; Modified by ZeroTier, Inc. - https://www.zerotier.com/
+;
+; (1) Comment out 'tun' functionality and related features such as DHCP
+;     emulation, since we don't use any of that. Just want straight 'tap'.
+; (2) Added custom IOCTL to enumerate L2 multicast memberships.
+; (3) Increase maximum number of multicast memberships to 128.
+; (4) Set default and max device MTU to 2800.
+; (5) Rename/rebrand driver as ZeroTier network port driver.
+;
+; Original copyright below. Modifications released under GPLv2 as well.
+;
+; ****************************************************************************
+; * Copyright (C) 2002-2014 OpenVPN Technologies, Inc.                       *
+; *  This program is free software; you can redistribute it and/or modify    *
+; *  it under the terms of the GNU General Public License version 2          *
+; *  as published by the Free Software Foundation.                           *
+; ****************************************************************************
+;
+
+[Version]
+Signature = "$Windows NT$"
+CatalogFile = zttap300.cat
+ClassGUID = {4d36e972-e325-11ce-bfc1-08002be10318}
+Provider = %Provider%
+Class = Net
+DriverVer=04/25/2015,3.00.00.0
+
+[Strings]
+DeviceDescription = "ZeroTier One Virtual Port"
+Provider = "ZeroTier Networks LLC" ; We're ZeroTier, Inc. now but kernel mode certs are $300+ so fuqdat.
+
+; To build for x86, take NTamd64 off this and off the named section manually, build, then put it back!
+[Manufacturer]
+%Provider%=zttap300,NTamd64
+
+[zttap300]
+%DeviceDescription% = zttap300.ndi, root\zttap300 ; Root enumerated
+%DeviceDescription% = zttap300.ndi, zttap300      ; Legacy
+
+[zttap300.NTamd64]
+%DeviceDescription% = zttap300.ndi, root\zttap300 ; Root enumerated
+%DeviceDescription% = zttap300.ndi, zttap300      ; Legacy
+
+;----------------- Characteristics ------------
+;    NCF_PHYSICAL = 0x04
+;    NCF_VIRTUAL = 0x01
+;    NCF_SOFTWARE_ENUMERATED = 0x02
+;    NCF_HIDDEN = 0x08
+;    NCF_NO_SERVICE = 0x10
+;    NCF_HAS_UI = 0x80
+;----------------- Characteristics ------------
+[zttap300.ndi]
+CopyFiles       = zttap300.driver, zttap300.files
+AddReg          = zttap300.reg
+AddReg          = zttap300.params.reg
+Characteristics = 0x81
+*IfType            = 0x6 ; IF_TYPE_ETHERNET_CSMACD
+*MediaType         = 0x0 ; NdisMedium802_3
+*PhysicalMediaType = 14  ; NdisPhysicalMedium802_3
+
+[zttap300.ndi.Services]
+AddService = zttap300,        2, zttap300.service
+
+[zttap300.reg]
+HKR, Ndi,            Service,      0, "zttap300"
+HKR, Ndi\Interfaces, UpperRange,   0, "ndis5" ; yes, 'ndis5' is correct... yup, Windows.
+HKR, Ndi\Interfaces, LowerRange,   0, "ethernet"
+HKR, ,               Manufacturer, 0, "%Provider%"
+HKR, ,               ProductName,  0, "%DeviceDescription%"
+
+[zttap300.params.reg]
+HKR, Ndi\params\MTU,                  ParamDesc, 0, "MTU"
+HKR, Ndi\params\MTU,                  Type,      0, "int"
+HKR, Ndi\params\MTU,                  Default,   0, "2800"
+HKR, Ndi\params\MTU,                  Optional,  0, "0"
+HKR, Ndi\params\MTU,                  Min,       0, "100"
+HKR, Ndi\params\MTU,                  Max,       0, "2800"
+HKR, Ndi\params\MTU,                  Step,      0, "1"
+HKR, Ndi\params\MediaStatus,          ParamDesc, 0, "Media Status"
+HKR, Ndi\params\MediaStatus,          Type,      0, "enum"
+HKR, Ndi\params\MediaStatus,          Default,   0, "0"
+HKR, Ndi\params\MediaStatus,          Optional,  0, "0"
+HKR, Ndi\params\MediaStatus\enum,     "0",       0, "Application Controlled"
+HKR, Ndi\params\MediaStatus\enum,     "1",       0, "Always Connected"
+HKR, Ndi\params\MAC,                  ParamDesc, 0, "MAC Address"
+HKR, Ndi\params\MAC,                  Type,      0, "edit"
+HKR, Ndi\params\MAC,                  Optional,  0, "1"
+HKR, Ndi\params\AllowNonAdmin,        ParamDesc, 0, "Non-Admin Access"
+HKR, Ndi\params\AllowNonAdmin,        Type,      0, "enum"
+HKR, Ndi\params\AllowNonAdmin,        Default,   0, "0"
+HKR, Ndi\params\AllowNonAdmin,        Optional,  0, "0"
+HKR, Ndi\params\AllowNonAdmin\enum,   "0",       0, "Not Allowed"
+HKR, Ndi\params\AllowNonAdmin\enum,   "1",       0, "Allowed"
+
+;---------- Service Type -------------
+;    SERVICE_KERNEL_DRIVER     = 0x01
+;    SERVICE_WIN32_OWN_PROCESS = 0x10
+;---------- Service Type -------------
+
+;---------- Start Mode ---------------
+;    SERVICE_BOOT_START   = 0x0
+;    SERVICE_SYSTEM_START = 0x1
+;    SERVICE_AUTO_START   = 0x2
+;    SERVICE_DEMAND_START = 0x3
+;    SERVICE_DISABLED     = 0x4
+;---------- Start Mode ---------------
+
+[zttap300.service]
+DisplayName = %DeviceDescription%
+ServiceType = 1
+StartType = 3
+ErrorControl = 1
+LoadOrderGroup = NDIS
+ServiceBinary = %12%\zttap300.sys
+
+;----------------- Copy Flags ------------
+;    COPYFLG_NOSKIP = 0x02
+;    COPYFLG_NOVERSIONCHECK = 0x04
+;----------------- Copy Flags ------------
+
+[SourceDisksNames]
+1 = %DeviceDescription%, zttap300.sys
+
+[SourceDisksFiles]
+zttap300.sys = 1
+
+[DestinationDirs]
+zttap300.files  = 11
+zttap300.driver = 12
+
+[zttap300.files]
+;
+
+[zttap300.driver]
+zttap300.sys,,,6     ; COPYFLG_NOSKIP | COPYFLG_NOVERSIONCHECK
+
diff --git a/windows/WinUI/APIHandler.cs b/windows/WinUI/APIHandler.cs
new file mode 100644
index 0000000..92b8302
--- /dev/null
+++ b/windows/WinUI/APIHandler.cs
@@ -0,0 +1,208 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Net;
+using System.IO;
+using System.Windows;
+using Newtonsoft.Json;
+
+namespace WinUI
+{
+    
+
+    public class APIHandler
+    {
+        private string authtoken;
+
+        private string url = null;
+
+        public APIHandler()
+        {
+            url = "http://127.0.0.1:9993";
+        }
+
+        public APIHandler(int port, string authtoken)
+        {
+            url = "http://localhost:" + port;
+            this.authtoken = authtoken;
+        }
+
+        public ZeroTierStatus GetStatus()
+        {
+            var request = WebRequest.Create(url + "/status" + "?auth=" + authtoken) as HttpWebRequest;
+            if (request != null)
+            {
+                request.Method = "GET";
+                request.ContentType = "application/json";
+            }
+
+            try
+            {
+                var httpResponse = (HttpWebResponse)request.GetResponse();
+                using (var streamReader = new StreamReader(httpResponse.GetResponseStream()))
+                {
+                    var responseText = streamReader.ReadToEnd();
+
+                    ZeroTierStatus status = null;
+                    try
+                    {
+                        status = JsonConvert.DeserializeObject<ZeroTierStatus>(responseText);
+                    }
+                    catch (JsonReaderException e)
+                    {
+                        Console.WriteLine(e.ToString());
+                    }
+                    return status;
+                }
+            }
+            catch (System.Net.Sockets.SocketException)
+            {
+                return null;
+            }
+            catch (System.Net.WebException)
+            {
+                return null;
+            }
+        }
+
+        public List<ZeroTierNetwork> GetNetworks()
+        {
+            var request = WebRequest.Create(url + "/network" + "?auth=" + authtoken) as HttpWebRequest;
+            if (request == null)
+            {
+                return null;
+            }
+
+            request.Method = "GET";
+            request.ContentType = "application/json";
+
+            try
+            {
+                var httpResponse = (HttpWebResponse)request.GetResponse();
+                using (var streamReader = new StreamReader(httpResponse.GetResponseStream()))
+                {
+                    var responseText = streamReader.ReadToEnd();
+
+                    List<ZeroTierNetwork> networkList = null;
+                    try
+                    {
+                        networkList = JsonConvert.DeserializeObject<List<ZeroTierNetwork>>(responseText);
+                    }
+                    catch (JsonReaderException e)
+                    {
+                        Console.WriteLine(e.ToString());
+                    }
+                    return networkList;
+                }
+            }
+            catch (System.Net.Sockets.SocketException)
+            {
+                return null;
+            }
+            catch (System.Net.WebException)
+            {
+                return null;
+            }
+        }
+
+        public void JoinNetwork(string nwid)
+        {
+            var request = WebRequest.Create(url + "/network/" + nwid + "?auth=" + authtoken) as HttpWebRequest;
+            if (request == null)
+            {
+                return;
+            }
+
+            request.Method = "POST";
+
+            try
+            {
+                var httpResponse = (HttpWebResponse)request.GetResponse();
+
+                if (httpResponse.StatusCode != HttpStatusCode.OK)
+                {
+                    Console.WriteLine("Error sending join network message");
+                }
+            }
+            catch (System.Net.Sockets.SocketException)
+            {
+                MessageBox.Show("Error Joining Network: Cannot connect to ZeroTier service.");
+            }
+            catch (System.Net.WebException)
+            {
+                MessageBox.Show("Error Joining Network: Cannot connect to ZeroTier service.");
+            }
+        }
+
+        public void LeaveNetwork(string nwid)
+        {
+            var request = WebRequest.Create(url + "/network/" + nwid + "?auth=" + authtoken) as HttpWebRequest;
+            if (request == null)
+            {
+                return;
+            }
+
+            request.Method = "DELETE";
+
+            try
+            {
+                var httpResponse = (HttpWebResponse)request.GetResponse();
+
+                if (httpResponse.StatusCode != HttpStatusCode.OK)
+                {
+                    Console.WriteLine("Error sending leave network message");
+                }
+            }
+            catch (System.Net.Sockets.SocketException)
+            {
+                MessageBox.Show("Error Leaving Network: Cannot connect to ZeroTier service.");
+            }
+            catch (System.Net.WebException)
+            {
+                MessageBox.Show("Error Leaving Network: Cannot connect to ZeroTier service.");
+            }
+        }
+
+        public List<ZeroTierPeer> GetPeers()
+        {
+            var request = WebRequest.Create(url + "/peer" + "?auth=" + authtoken) as HttpWebRequest;
+            if (request == null)
+            {
+                return null;
+            }
+
+            request.Method = "GET";
+            request.ContentType = "application/json";
+
+            try
+            {
+                var httpResponse = (HttpWebResponse)request.GetResponse();
+                using (var streamReader = new StreamReader(httpResponse.GetResponseStream()))
+                {
+                    var responseText = streamReader.ReadToEnd();
+                    //Console.WriteLine(responseText);
+                    List<ZeroTierPeer> peerList = null;
+                    try
+                    {
+                        peerList = JsonConvert.DeserializeObject<List<ZeroTierPeer>>(responseText);
+                    }
+                    catch (JsonReaderException e)
+                    {
+                        Console.WriteLine(e.ToString());
+                    }
+                    return peerList;
+                }
+            }
+            catch (System.Net.Sockets.SocketException)
+            {
+                return null;
+            }
+            catch (System.Net.WebException)
+            {
+                return null;
+            }
+        }
+    }
+}
diff --git a/windows/WinUI/App.config b/windows/WinUI/App.config
new file mode 100644
index 0000000..8e15646
--- /dev/null
+++ b/windows/WinUI/App.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+    <startup> 
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
+    </startup>
+</configuration>
\ No newline at end of file
diff --git a/windows/WinUI/App.xaml b/windows/WinUI/App.xaml
new file mode 100644
index 0000000..08b9b79
--- /dev/null
+++ b/windows/WinUI/App.xaml
@@ -0,0 +1,14 @@
+<Application x:Class="WinUI.App"
+             xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
+             xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
+             StartupUri="MainWindow.xaml">
+    <Application.Resources>
+         
+    	<ResourceDictionary>
+    		<ResourceDictionary.MergedDictionaries>
+    			<ResourceDictionary Source="Simple Styles.xaml"/>
+    		</ResourceDictionary.MergedDictionaries>
+    	</ResourceDictionary>
+         
+    </Application.Resources>
+</Application>
diff --git a/windows/WinUI/App.xaml.cs b/windows/WinUI/App.xaml.cs
new file mode 100644
index 0000000..a97edde
--- /dev/null
+++ b/windows/WinUI/App.xaml.cs
@@ -0,0 +1,17 @@
+using System;
+using System.Collections.Generic;
+using System.Configuration;
+using System.Data;
+using System.Linq;
+using System.Threading.Tasks;
+using System.Windows;
+
+namespace WinUI
+{
+    /// <summary>
+    /// Interaction logic for App.xaml
+    /// </summary>
+    public partial class App : Application
+    {
+    }
+}
diff --git a/windows/WinUI/Fonts/segoeui.ttf b/windows/WinUI/Fonts/segoeui.ttf
new file mode 100644
index 0000000..fc18ebd
Binary files /dev/null and b/windows/WinUI/Fonts/segoeui.ttf differ
diff --git a/windows/WinUI/Fonts/segoeuib.ttf b/windows/WinUI/Fonts/segoeuib.ttf
new file mode 100644
index 0000000..5f31e0c
Binary files /dev/null and b/windows/WinUI/Fonts/segoeuib.ttf differ
diff --git a/windows/WinUI/Fonts/segoeuii.ttf b/windows/WinUI/Fonts/segoeuii.ttf
new file mode 100644
index 0000000..7efb70d
Binary files /dev/null and b/windows/WinUI/Fonts/segoeuii.ttf differ
diff --git a/windows/WinUI/Fonts/segoeuiz.ttf b/windows/WinUI/Fonts/segoeuiz.ttf
new file mode 100644
index 0000000..d7bb186
Binary files /dev/null and b/windows/WinUI/Fonts/segoeuiz.ttf differ
diff --git a/windows/WinUI/MainWindow.xaml b/windows/WinUI/MainWindow.xaml
new file mode 100644
index 0000000..d71a90d
--- /dev/null
+++ b/windows/WinUI/MainWindow.xaml
@@ -0,0 +1,132 @@
+<Window
+        xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
+        xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
+        xmlns:d="http://schemas.microsoft.com/expression/blend/2008" 
+        xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" 
+        xmlns:local="clr-namespace:WinUI"
+        mc:Ignorable="d" x:Class="WinUI.MainWindow"
+        Title="ZeroTier One" Height="500" Width="425" Icon="ZeroTierIcon.ico">
+	
+    <Window.Resources>
+        <SolidColorBrush x:Key="GreenBrush" Color="#ff91a2a3"/>
+
+        <SolidColorBrush x:Key="SolidBorderBrush" Color="#888" />
+
+        <SolidColorBrush x:Key="GreenDisabledBrush" Color="#FF234447" />
+
+        <SolidColorBrush x:Key="DisabledBackgroundBrush" Color="#EEE" />
+
+        <SolidColorBrush x:Key="DisabledBorderBrush" Color="#AAA" />
+
+        <SolidColorBrush x:Key="DisabledForegroundBrush" Color="#888" />
+        
+        <Style TargetType="{x:Type DataGrid}">
+            <Setter Property="Background" Value="#FFF" />
+            <Setter Property="AlternationCount" Value="2" />
+        </Style>
+
+        <Style TargetType="{x:Type DataGridRow}">
+            <Style.Triggers>
+                <Trigger Property="ItemsControl.AlternationIndex" Value="0">
+                    <Setter Property="Background" Value="#EEE"></Setter>
+                </Trigger>
+                <Trigger Property="ItemsControl.AlternationIndex" Value="1">
+                    <Setter Property="Background" Value="#FFF"></Setter>
+                </Trigger>
+            </Style.Triggers>
+        </Style>
+        
+        <Style TargetType="{x:Type TabItem}">
+            <Setter Property="Template">
+                <Setter.Value>
+                    <ControlTemplate TargetType="{x:Type TabItem}">
+                        <Grid>
+                            <Border 
+                                Name="Border"
+                                Margin="0,0,-4,0" 
+                                Background="{StaticResource GreenBrush}"
+                                BorderBrush="{StaticResource  SolidBorderBrush}" 
+                                BorderThickness="1,1,1,1" 
+                                CornerRadius="2,12,0,0" >
+                                <ContentPresenter x:Name="ContentSite"
+                                    VerticalAlignment="Center"
+                                    HorizontalAlignment="Center"
+                                    ContentSource="Header"
+                                    Margin="12,2,12,2"
+                                    RecognizesAccessKey="True"/>
+                            </Border>
+                        </Grid>
+                        <ControlTemplate.Triggers>
+                            <Trigger Property="IsSelected" Value="True">
+                                <Setter Property="Panel.ZIndex" Value="100" />
+                                <Setter TargetName="Border" Property="Background" Value="{StaticResource GreenDisabledBrush}" />
+                                <Setter TargetName="Border" Property="BorderThickness" Value="1,1,1,0" />
+                            </Trigger>
+                            <Trigger Property="IsEnabled" Value="False">
+                                <Setter TargetName="Border" Property="Background" Value="{StaticResource DisabledBackgroundBrush}" />
+                                <Setter TargetName="Border" Property="BorderBrush" Value="{StaticResource DisabledBorderBrush}" />
+                                <Setter Property="Foreground" Value="{StaticResource DisabledForegroundBrush}" />
+                            </Trigger>
+                        </ControlTemplate.Triggers>
+                    </ControlTemplate>
+                </Setter.Value>
+            </Setter>
+        </Style>
+    </Window.Resources>
+    
+    <DockPanel>
+		<StatusBar DockPanel.Dock="Bottom" Height="26" Background="#FF234447" Margin="0">
+			<StatusBar.ItemsPanel>
+                <ItemsPanelTemplate>
+                    <Grid>
+                        <Grid.RowDefinitions>
+                            <RowDefinition Height="*"/>
+                        </Grid.RowDefinitions>
+                        <Grid.ColumnDefinitions>
+							<ColumnDefinition Width="Auto"/>
+                            <ColumnDefinition Width="Auto"/>
+                            <ColumnDefinition Width="Auto"/>
+                            <ColumnDefinition Width="*"/>
+                            <ColumnDefinition Width="Auto"/>
+							<ColumnDefinition Width="Auto"/>
+                        </Grid.ColumnDefinitions>
+                    </Grid>
+                </ItemsPanelTemplate>
+            </StatusBar.ItemsPanel>
+			<StatusBarItem Grid.Column="0" x:Name="networkId" Content="deadbeef00" Foreground="White" FontFamily="Lucida Console"/>
+            <StatusBarItem Grid.Column="1" x:Name="onlineStatus" Content="ONLINE" Foreground="White" FontFamily="Lucida Console"/>
+            <StatusBarItem Grid.Column="2" x:Name="versionString" Content="1.0.5" Foreground="White" FontFamily="Lucida Console"/>
+			<StatusBarItem Grid.Column="3" x:Name="blank" Content="" Height="43" Foreground="White"/>
+			<StatusBarItem Grid.Column="4">
+				<TextBox x:Name="joinNetworkID" TextWrapping="Wrap" Width="140" HorizontalAlignment="Right" ToolTip="Enter Network ID" PreviewTextInput="OnNetworkEntered" MaxLength="16" FontFamily="Lucida Console" FontSize="12" BorderThickness="1"/>
+			</StatusBarItem>
+			<StatusBarItem Grid.Column="5" x:Name="statusBarButton" Foreground="White" RenderTransformOrigin="0.789,0.442">
+				<Button x:Name="joinButton" Content="Join" Background="#FFFFB354" Width="76" Click="joinButton_Click"/>
+			</StatusBarItem>
+		</StatusBar>
+		<!--<TabControl Margin="0,0,0,0">
+            <TabItem x:Name="Networks" Header="Networks" Foreground="White" IsSelected="True" IsManipulationEnabled="True">-->
+                <Grid Background="LightGray" HorizontalAlignment="Stretch" VerticalAlignment="Stretch">
+                    <Grid.ColumnDefinitions>
+                        <ColumnDefinition Width="*"/>
+                    </Grid.ColumnDefinitions>
+                    <Grid.RowDefinitions>
+                        <RowDefinition Height="*"/>
+                    </Grid.RowDefinitions>
+                    <local:NetworksPage x:Name="networksPage" HorizontalAlignment="Stretch" VerticalAlignment="Stretch" Grid.Column="0" Grid.Row="0" Margin="0,0,0,0"/>
+                </Grid>
+            <!--</TabItem>-->
+            <!--<TabItem x:Name="Peers" Header="Peers" Foreground="White">
+                <Grid Background="#FFE5E5E5" HorizontalAlignment="Left" VerticalAlignment="Top">
+                    <Grid.ColumnDefinitions>
+                        <ColumnDefinition Width="*"/>
+                    </Grid.ColumnDefinitions>
+                    <Grid.RowDefinitions>
+                        <RowDefinition Height="*"/>
+                    </Grid.RowDefinitions>
+                    <local:PeersPage x:Name="peersPage" HorizontalAlignment="Left" VerticalAlignment="Top" Grid.Column="0" Grid.Row="0"/>
+                </Grid>
+            </TabItem>-->
+		<!--</TabControl>-->
+	</DockPanel>
+</Window>
diff --git a/windows/WinUI/MainWindow.xaml.cs b/windows/WinUI/MainWindow.xaml.cs
new file mode 100644
index 0000000..47f00bf
--- /dev/null
+++ b/windows/WinUI/MainWindow.xaml.cs
@@ -0,0 +1,195 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Text.RegularExpressions;
+using System.Timers;
+using System.Threading.Tasks;
+using System.Windows;
+using System.Windows.Controls;
+using System.Windows.Data;
+using System.Windows.Documents;
+using System.Windows.Input;
+using System.Windows.Media;
+using System.Windows.Media.Imaging;
+using System.Windows.Navigation;
+using System.Windows.Shapes;
+using System.Windows.Threading;
+
+namespace WinUI
+{
+    /// <summary>
+    /// Interaction logic for MainWindow.xaml
+    /// </summary>
+    public partial class MainWindow : Window
+    {
+        APIHandler handler;
+        Regex charRegex = new Regex("[0-9a-fxA-FX]");
+        Regex wholeStringRegex = new Regex("^[0-9a-fxA-FX]+$");
+
+        Timer timer = new Timer();
+
+        bool connected = false;
+
+        public MainWindow()
+        {
+            InitializeComponent();
+
+            if (InitAPIHandler())
+            {
+                networksPage.SetAPIHandler(handler);
+
+                updateStatus();
+                if (!connected)
+                {
+                    MessageBox.Show("Unable to connect to ZeroTier Service.");
+                }
+
+                updateNetworks();
+                //updatePeers();
+
+                DataObject.AddPastingHandler(joinNetworkID, OnPaste);
+
+                timer.Elapsed += new ElapsedEventHandler(OnUpdateTimer);
+                timer.Interval = 2000;
+                timer.Enabled = true;
+            }
+        }
+
+        private bool InitAPIHandler()
+        {
+            String ztDir = Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData) + "\\ZeroTier\\One";
+            String authToken = "";
+            Int32 port = 9993;
+            try
+            {
+                byte[] tmp = File.ReadAllBytes(ztDir + "\\authtoken.secret");
+                authToken = System.Text.Encoding.ASCII.GetString(tmp).Trim();
+            }
+            catch
+            {
+                MessageBox.Show("Unable to read ZeroTier One authtoken.secret from:\r\n" + ztDir, "ZeroTier One");
+                this.Close();
+                return false;
+            }
+
+            if ((authToken == null) || (authToken.Length <= 0))
+            {
+                MessageBox.Show("Unable to read ZeroTier One authtoken.secret from:\r\n" + ztDir, "ZeroTier One");
+                this.Close();
+                return false;
+            }
+            try
+            {
+                byte[] tmp = File.ReadAllBytes(ztDir + "\\zerotier-one.port");
+                port = Int32.Parse(System.Text.Encoding.ASCII.GetString(tmp).Trim());
+                if ((port <= 0) || (port > 65535))
+                    port = 9993;
+            }
+            catch
+            {
+            }
+
+            handler = new APIHandler(port, authToken);
+            return true;
+        }
+
+        private void updateStatus()
+        {
+            var status = handler.GetStatus();
+
+            if (status != null)
+            {
+                connected = true;
+
+                networkId.Dispatcher.BeginInvoke(DispatcherPriority.Normal, new Action(() =>
+                {
+                    this.networkId.Content = status.Address;
+                }));
+                versionString.Dispatcher.BeginInvoke(DispatcherPriority.Normal, new Action(() =>
+                {
+                    this.versionString.Content = status.Version;
+                }));
+                onlineStatus.Dispatcher.BeginInvoke(DispatcherPriority.Normal, new Action(() =>
+                {
+                    this.onlineStatus.Content = (status.Online ? "ONLINE" : "OFFLINE");
+                }));
+            }
+            else
+            {
+                connected = false;
+
+                networkId.Dispatcher.BeginInvoke(DispatcherPriority.Normal, new Action(() =>
+                {
+                    this.networkId.Content = "";
+                }));
+                versionString.Dispatcher.BeginInvoke(DispatcherPriority.Normal, new Action(() =>
+                {
+                    this.versionString.Content = "0";
+                }));
+                onlineStatus.Dispatcher.BeginInvoke(DispatcherPriority.Normal, new Action(() =>
+                {
+                    this.onlineStatus.Content = "OFFLINE";
+                }));
+            }
+        }
+
+        private void updateNetworks()
+        {
+            var networks = handler.GetNetworks();
+
+            networksPage.Dispatcher.BeginInvoke(DispatcherPriority.Normal, new Action(() =>
+            {
+                networksPage.setNetworks(networks);
+            }));
+        }
+
+        private void updatePeers()
+        {
+            //var peers = handler.GetPeers();
+
+            //peersPage.Dispatcher.BeginInvoke(DispatcherPriority.Normal, new Action(() =>
+            //{
+            //    peersPage.SetPeers(peers);
+            //}));
+        }
+
+        private void OnUpdateTimer(object source, ElapsedEventArgs e)
+        {
+            updateStatus();
+            updateNetworks();
+            //updatePeers();
+        }
+
+        private void joinButton_Click(object sender, RoutedEventArgs e)
+        {
+            if (joinNetworkID.Text.Length < 16)
+            {
+                MessageBox.Show("Invalid Network ID");
+            }
+            else
+            {
+                handler.JoinNetwork(joinNetworkID.Text);
+            }
+        }
+
+        private void OnNetworkEntered(object sender, TextCompositionEventArgs e)
+        {
+            e.Handled = !charRegex.IsMatch(e.Text);
+        }
+
+        private void OnPaste(object sender, DataObjectPastingEventArgs e)
+        {
+            var isText = e.SourceDataObject.GetDataPresent(DataFormats.UnicodeText, true);
+            if (!isText) return;
+
+            var text = e.SourceDataObject.GetData(DataFormats.UnicodeText) as string;
+
+            if (!wholeStringRegex.IsMatch(text))
+            {
+                e.CancelCommand();
+            }
+        }
+    }
+}
diff --git a/windows/WinUI/NetworkInfoView.xaml b/windows/WinUI/NetworkInfoView.xaml
new file mode 100644
index 0000000..54ff037
--- /dev/null
+++ b/windows/WinUI/NetworkInfoView.xaml
@@ -0,0 +1,73 @@
+<UserControl Background="LightGray" x:Class="WinUI.NetworkInfoView"
+      xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
+      xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
+      xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" 
+      xmlns:d="http://schemas.microsoft.com/expression/blend/2008" 
+      mc:Ignorable="d"
+	>
+    
+    <Border Background="GhostWhite" BorderBrush="Gainsboro" BorderThickness="1" CornerRadius="8,8,8,8">
+        <Grid Background="GhostWhite" Margin="10,10,10,10">
+            <Grid.ColumnDefinitions>
+                <ColumnDefinition Width="auto"/>
+                <ColumnDefinition Width="10"/>
+                <ColumnDefinition Width="*"/>
+            </Grid.ColumnDefinitions>
+            <Grid.RowDefinitions>
+                <RowDefinition Height="auto"/>
+                <RowDefinition Height="auto"/>
+                <RowDefinition Height="auto"/>
+                <RowDefinition Height="auto"/>
+                <RowDefinition Height="auto"/>
+                <RowDefinition Height="auto"/>
+                <RowDefinition Height="auto"/>
+                <RowDefinition Height="auto"/>
+                <RowDefinition Height="auto"/>
+                <RowDefinition Height="auto"/>
+                <RowDefinition Height="auto"/>
+                <RowDefinition Height="auto"/>
+            </Grid.RowDefinitions>
+
+            <Grid Grid.Column="0" Grid.Row="0" Grid.ColumnSpan="3">
+                <Grid.ColumnDefinitions>
+                    <ColumnDefinition Width="auto"/>
+                    <ColumnDefinition Width="*"/>
+                </Grid.ColumnDefinitions>
+
+                <TextBox x:Name="networkId" Text="8056c2e21c000001" HorizontalAlignment="Left" Grid.Column="0" Foreground="#FF91A2A3" FontFamily="Lucida Console" BorderThickness="0" IsReadOnly="true" Background="Transparent"/>
+                <TextBox x:Name="networkName" Text="earth.zerotier.net" HorizontalAlignment="Right" Grid.Column="1" Foreground="#FF000000" BorderThickness="0" IsReadOnly="true" Background="Transparent"/>
+            </Grid>
+            
+            <Separator Grid.Column="0" Grid.Row="1" Grid.ColumnSpan="3"/>
+            
+            <TextBlock TextWrapping="Wrap" Text="Status" HorizontalAlignment="Right" Grid.Column="0" Grid.Row="2" Foreground="#FF000000"/>
+            <TextBlock TextWrapping="Wrap" Text="Type" HorizontalAlignment="Right" Grid.Column="0" Grid.Row="3" Foreground="#FF000000"/>
+            <TextBlock TextWrapping="Wrap" Text="MAC" HorizontalAlignment="Right" Grid.Column="0" Grid.Row="4" Foreground="#FF000000"/>
+            <TextBlock TextWrapping="Wrap" Text="MTU" HorizontalAlignment="Right" Grid.Column="0" Grid.Row="5" Foreground="#FF000000"/>
+            <TextBlock TextWrapping="Wrap" Text="Broadcast" HorizontalAlignment="Right" Grid.Column="0" Grid.Row="6" Foreground="#FF000000"/>
+            <TextBlock TextWrapping="Wrap" Text="Bridging" HorizontalAlignment="Right" Grid.Column="0" Grid.Row="7" Foreground="#FF000000"/>
+            <TextBlock TextWrapping="Wrap" Text="Device" HorizontalAlignment="Right" Grid.Column="0" Grid.Row="8" Foreground="#FF000000"/>
+            <TextBlock TextWrapping="Wrap" Text="Managed IPs" HorizontalAlignment="Right" Grid.Column="0" Grid.Row="9" Foreground="#FF000000"/>
+            
+            <Rectangle Grid.Column="2" Grid.Row="2" Grid.RowSpan="8" Fill="#FFEEEEEE"/>
+
+            <TextBlock x:Name="networkStatus" FontFamily="Lucida Console" TextWrapping="Wrap" HorizontalAlignment="Right" Text="OK" TextAlignment="Right"  Grid.Column="2" Grid.Row="2" Foreground="#FF000000"/>
+            <TextBlock x:Name="networkType" FontFamily="Lucida Console" TextWrapping="Wrap" Text="PUBLIC" HorizontalAlignment="Right"  Grid.Column="2" Grid.Row="3" Foreground="#FF000000"/>
+            <TextBlock x:Name="macAddress" FontFamily="Lucida Console" TextWrapping="Wrap" HorizontalAlignment="Right"  Grid.Column="2" Grid.Row="4" Foreground="#FF000000"><Span><Run Text="02:83:4a:1e:4b:3a"/></Span></TextBlock>
+            <TextBlock x:Name="mtu" FontFamily="Lucida Console" TextWrapping="Wrap" Text="2800" HorizontalAlignment="Right"  Grid.Column="2" Grid.Row="5" Foreground="#FF000000"/>
+            <TextBlock x:Name="broadcastEnabled" FontFamily="Lucida Console" TextWrapping="Wrap" Text="ENABLED" HorizontalAlignment="Right"  Grid.Column="2" Grid.Row="6" Foreground="#FF000000"/>
+            <TextBlock x:Name="bridgingEnabled" FontFamily="Lucida Console" TextWrapping="Wrap" Text="DISABLED" HorizontalAlignment="Right"  Grid.Column="2" Grid.Row="7" Background="#FFEEEEEE" Foreground="#FF000000"/>
+            <TextBlock x:Name="deviceName" FontFamily="Lucida Console" TextWrapping="Wrap" HorizontalAlignment="Right"  Grid.Column="2" Grid.Row="8" Foreground="#FF000000"><Span><Run Text="ethernet_32771"/></Span></TextBlock>
+            <TextBlock x:Name="managedIps" TextWrapping="Wrap" FontFamily="Lucida Console" HorizontalAlignment="Right" TextAlignment="Right"  Grid.Column="2" Grid.Row="9" Foreground="#FF000000"><Span><Run Text="28.2.169.248/7 "/></Span><LineBreak/><Span><Run Text="fd80:56c2:e21c:0000:0199:9383:4a02:a9f8/88"/></Span></TextBlock>
+
+            <Separator Grid.Column="0" Grid.Row="10" Grid.ColumnSpan="3"/>
+            
+            <Grid Grid.Column="0" Grid.Row="11" Grid.ColumnSpan="3" Background="GhostWhite">
+                <Grid.ColumnDefinitions>
+                    <ColumnDefinition Width="*"/>
+                </Grid.ColumnDefinitions>
+                <Button x:Name="leaveButton" Content="Leave" HorizontalAlignment="Right" VerticalAlignment="Bottom" Width="75" Background="#FFFFB354" Click="leaveButton_Click"/>
+            </Grid>
+        </Grid>
+    </Border>
+</UserControl>
diff --git a/windows/WinUI/NetworkInfoView.xaml.cs b/windows/WinUI/NetworkInfoView.xaml.cs
new file mode 100644
index 0000000..ccdec28
--- /dev/null
+++ b/windows/WinUI/NetworkInfoView.xaml.cs
@@ -0,0 +1,72 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows;
+using System.Windows.Controls;
+using System.Windows.Data;
+using System.Windows.Documents;
+using System.Windows.Input;
+using System.Windows.Media;
+using System.Windows.Media.Imaging;
+using System.Windows.Navigation;
+using System.Windows.Shapes;
+
+namespace WinUI
+{
+    /// <summary>
+    /// Interaction logic for NetworkInfoView.xaml
+    /// </summary>
+    public partial class NetworkInfoView : UserControl
+    {
+        private APIHandler handler;
+        private ZeroTierNetwork network;
+
+        public NetworkInfoView(APIHandler handler, ZeroTierNetwork network)
+        {
+            InitializeComponent();
+
+            this.handler = handler;
+            this.network = network;
+
+            UpdateNetworkData();
+        }
+
+        private void UpdateNetworkData()
+        {
+            this.networkId.Text = network.NetworkId;
+            this.networkName.Text = network.NetworkName;
+            this.networkStatus.Text = network.NetworkStatus;
+            this.networkType.Text = network.NetworkType;
+            this.macAddress.Text = network.MacAddress;
+            this.mtu.Text = network.MTU.ToString();
+            this.broadcastEnabled.Text = (network.BroadcastEnabled ? "ENABLED" : "DISABLED");
+            this.bridgingEnabled.Text = (network.Bridge ? "ENABLED" : "DISABLED");
+            this.deviceName.Text = network.DeviceName;
+
+            string iplist = "";
+            for (int i = 0; i < network.AssignedAddresses.Length; ++i)
+            {
+                iplist += network.AssignedAddresses[i];
+                if (i < (network.AssignedAddresses.Length - 1))
+                    iplist += "\n";
+            }
+
+            this.managedIps.Text = iplist;
+        }
+
+        public bool HasNetwork(ZeroTierNetwork network)
+        {
+            if (this.network.NetworkId.Equals(network.NetworkId))
+                return true;
+
+            return false;
+        }
+
+        private void leaveButton_Click(object sender, RoutedEventArgs e)
+        {
+            handler.LeaveNetwork(network.NetworkId);
+        }
+    }
+}
diff --git a/windows/WinUI/NetworksPage.xaml b/windows/WinUI/NetworksPage.xaml
new file mode 100644
index 0000000..6f95bc0
--- /dev/null
+++ b/windows/WinUI/NetworksPage.xaml
@@ -0,0 +1,13 @@
+<UserControl x:Class="WinUI.NetworksPage"
+             xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
+             xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
+             xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" 
+             xmlns:d="http://schemas.microsoft.com/expression/blend/2008" 
+             mc:Ignorable="d" 
+             d:DesignHeight="300" d:DesignWidth="300">
+    <ScrollViewer x:Name="MyScrollViewer" HorizontalScrollBarVisibility="Disabled" VerticalScrollBarVisibility="Auto"  HorizontalAlignment="Stretch" VerticalAlignment="Stretch">
+        <UniformGrid x:Name="wrapPanel" Background="#FFDDDDDD"  HorizontalAlignment="Stretch" VerticalAlignment="Top" Columns="1">
+
+        </UniformGrid>
+    </ScrollViewer>
+</UserControl>
diff --git a/windows/WinUI/NetworksPage.xaml.cs b/windows/WinUI/NetworksPage.xaml.cs
new file mode 100644
index 0000000..5a0dc19
--- /dev/null
+++ b/windows/WinUI/NetworksPage.xaml.cs
@@ -0,0 +1,52 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows;
+using System.Windows.Controls;
+using System.Windows.Data;
+using System.Windows.Documents;
+using System.Windows.Input;
+using System.Windows.Media;
+using System.Windows.Media.Imaging;
+using System.Windows.Navigation;
+using System.Windows.Shapes;
+
+namespace WinUI
+{
+    /// <summary>
+    /// Interaction logic for NetworksPage.xaml
+    /// </summary>
+    public partial class NetworksPage : UserControl
+    {
+        private APIHandler handler;
+
+        public NetworksPage()
+        {
+            InitializeComponent();
+        }
+
+        public void SetAPIHandler(APIHandler handler)
+        {
+            this.handler = handler;
+        }
+
+        public void setNetworks(List<ZeroTierNetwork> networks)
+        {
+            this.wrapPanel.Children.Clear();
+            if (networks == null)
+            {
+                return;
+            }
+
+            for (int i = 0; i < networks.Count; ++i)
+            {
+                this.wrapPanel.Children.Add(
+                    new NetworkInfoView(
+                        handler,
+                        networks.ElementAt<ZeroTierNetwork>(i)));
+            }
+        }
+    }
+}
diff --git a/windows/WinUI/PeersPage.xaml b/windows/WinUI/PeersPage.xaml
new file mode 100644
index 0000000..57b11ed
--- /dev/null
+++ b/windows/WinUI/PeersPage.xaml
@@ -0,0 +1,26 @@
+<UserControl x:Class="WinUI.PeersPage"
+             xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
+             xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
+             xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" 
+             xmlns:d="http://schemas.microsoft.com/expression/blend/2008" 
+             mc:Ignorable="d" 
+             d:DesignHeight="300" d:DesignWidth="300" Background="White" Foreground="Black">
+
+    <DataGrid x:Name="dataGrid" GridLinesVisibility="None" AutoGenerateColumns="False" CanUserResizeColumns="True" Margin="0,0,0,0" CanUserReorderColumns="False" HorizontalAlignment="Stretch" VerticalScrollBarVisibility="Auto" CanUserSortColumns="False">
+        <DataGrid.CellStyle>
+            <Style TargetType="DataGridCell">
+                <Setter Property="BorderThickness" Value="0"/>
+                <Setter Property="FocusVisualStyle" Value="{x:Null}"/>
+            </Style>
+        </DataGrid.CellStyle>
+        <DataGrid.Columns>
+            <DataGridTextColumn Header="Address" Binding="{Binding Address}"/>
+            <DataGridTextColumn Header="Version" Binding="{Binding VersionString}"/>
+            <DataGridTextColumn Header="Latency" Binding="{Binding Latency}"/>
+            <DataGridTextColumn Header="Data Paths" Binding="{Binding DataPaths}"/>
+            <DataGridTextColumn Header="Last Unicast" Binding="{Binding LastUnicastFrame}"/>
+            <DataGridTextColumn Header="Last Multicast" Binding="{Binding LastMulticastFrame}"/>
+            <DataGridTextColumn Width="*" Header="Role" Binding="{Binding Role}"/>
+        </DataGrid.Columns>
+    </DataGrid>
+</UserControl>
diff --git a/windows/WinUI/PeersPage.xaml.cs b/windows/WinUI/PeersPage.xaml.cs
new file mode 100644
index 0000000..fac22a4
--- /dev/null
+++ b/windows/WinUI/PeersPage.xaml.cs
@@ -0,0 +1,54 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows;
+using System.Windows.Controls;
+using System.Windows.Data;
+using System.Windows.Documents;
+using System.Windows.Input;
+using System.Windows.Media;
+using System.Windows.Media.Imaging;
+using System.Windows.Navigation;
+using System.Windows.Shapes;
+
+namespace WinUI
+{
+    /// <summary>
+    /// Interaction logic for PeersPage.xaml
+    /// </summary>
+    public partial class PeersPage : UserControl
+    {
+        private List<ZeroTierPeer> peersList = new List<ZeroTierPeer>();
+
+        public PeersPage()
+        {
+            InitializeComponent();
+
+            dataGrid.ItemsSource = peersList;
+        }
+
+        public void SetPeers(List<ZeroTierPeer> list)
+        {
+            if (list == null)
+                return;
+
+            
+            foreach(ZeroTierPeer p in list)
+            {
+                ZeroTierPeer curPeer = peersList.Find(peer => peer.Equals(p));
+                if (curPeer == null)
+                {
+                    peersList.Add(p);                    
+                }
+                else
+                {
+                    curPeer.Update(p);
+                }
+            }
+
+            dataGrid.Items.Refresh();
+        }
+    }
+}
diff --git a/windows/WinUI/Properties/AssemblyInfo.cs b/windows/WinUI/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000..9c7cd13
--- /dev/null
+++ b/windows/WinUI/Properties/AssemblyInfo.cs
@@ -0,0 +1,56 @@
+using System.Reflection;
+using System.Resources;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+using System.Windows;
+
+// General Information about an assembly is controlled through the following 
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("ZeroTier One")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("ZeroTier, Inc")]
+[assembly: AssemblyProduct("ZeroTier One")]
+[assembly: AssemblyCopyright("Copyright ©  2015")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible 
+// to COM components.  If you need to access a type in this assembly from 
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+//In order to begin building localizable applications, set 
+//<UICulture>CultureYouAreCodingWith</UICulture> in your .csproj file
+//inside a <PropertyGroup>.  For example, if you are using US english
+//in your source files, set the <UICulture> to en-US.  Then uncomment
+//the NeutralResourceLanguage attribute below.  Update the "en-US" in
+//the line below to match the UICulture setting in the project file.
+
+//[assembly: NeutralResourcesLanguage("en-US", UltimateResourceFallbackLocation.Satellite)]
+
+
+[assembly: ThemeInfo(
+    ResourceDictionaryLocation.None, //where theme specific resource dictionaries are located
+    //(used if a resource is not found in the page, 
+    // or application resource dictionaries)
+    ResourceDictionaryLocation.SourceAssembly //where the generic resource dictionary is located
+    //(used if a resource is not found in the page, 
+    // app, or any theme specific resource dictionaries)
+)]
+
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version 
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers 
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
+[assembly: NeutralResourcesLanguageAttribute("en-US")]
diff --git a/windows/WinUI/Properties/Resources.Designer.cs b/windows/WinUI/Properties/Resources.Designer.cs
new file mode 100644
index 0000000..57a56f7
--- /dev/null
+++ b/windows/WinUI/Properties/Resources.Designer.cs
@@ -0,0 +1,71 @@
+//------------------------------------------------------------------------------
+// <auto-generated>
+//     This code was generated by a tool.
+//     Runtime Version:4.0.30319.42000
+//
+//     Changes to this file may cause incorrect behavior and will be lost if
+//     the code is regenerated.
+// </auto-generated>
+//------------------------------------------------------------------------------
+
+namespace WinUI.Properties
+{
+
+
+    /// <summary>
+    ///   A strongly-typed resource class, for looking up localized strings, etc.
+    /// </summary>
+    // This class was auto-generated by the StronglyTypedResourceBuilder
+    // class via a tool like ResGen or Visual Studio.
+    // To add or remove a member, edit your .ResX file then rerun ResGen
+    // with the /str option, or rebuild your VS project.
+    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
+    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
+    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
+    internal class Resources
+    {
+
+        private static global::System.Resources.ResourceManager resourceMan;
+
+        private static global::System.Globalization.CultureInfo resourceCulture;
+
+        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
+        internal Resources()
+        {
+        }
+
+        /// <summary>
+        ///   Returns the cached ResourceManager instance used by this class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Resources.ResourceManager ResourceManager
+        {
+            get
+            {
+                if ((resourceMan == null))
+                {
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("WinUI.Properties.Resources", typeof(Resources).Assembly);
+                    resourceMan = temp;
+                }
+                return resourceMan;
+            }
+        }
+
+        /// <summary>
+        ///   Overrides the current thread's CurrentUICulture property for all
+        ///   resource lookups using this strongly typed resource class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Globalization.CultureInfo Culture
+        {
+            get
+            {
+                return resourceCulture;
+            }
+            set
+            {
+                resourceCulture = value;
+            }
+        }
+    }
+}
diff --git a/windows/WinUI/Properties/Resources.resx b/windows/WinUI/Properties/Resources.resx
new file mode 100644
index 0000000..af7dbeb
--- /dev/null
+++ b/windows/WinUI/Properties/Resources.resx
@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+</root>
\ No newline at end of file
diff --git a/windows/WinUI/Properties/Settings.Designer.cs b/windows/WinUI/Properties/Settings.Designer.cs
new file mode 100644
index 0000000..6812ccc
--- /dev/null
+++ b/windows/WinUI/Properties/Settings.Designer.cs
@@ -0,0 +1,30 @@
+//------------------------------------------------------------------------------
+// <auto-generated>
+//     This code was generated by a tool.
+//     Runtime Version:4.0.30319.42000
+//
+//     Changes to this file may cause incorrect behavior and will be lost if
+//     the code is regenerated.
+// </auto-generated>
+//------------------------------------------------------------------------------
+
+namespace WinUI.Properties
+{
+
+
+    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
+    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "11.0.0.0")]
+    internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase
+    {
+
+        private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings())));
+
+        public static Settings Default
+        {
+            get
+            {
+                return defaultInstance;
+            }
+        }
+    }
+}
diff --git a/windows/WinUI/Properties/Settings.settings b/windows/WinUI/Properties/Settings.settings
new file mode 100644
index 0000000..033d7a5
--- /dev/null
+++ b/windows/WinUI/Properties/Settings.settings
@@ -0,0 +1,7 @@
+<?xml version='1.0' encoding='utf-8'?>
+<SettingsFile xmlns="uri:settings" CurrentProfile="(Default)">
+  <Profiles>
+    <Profile Name="(Default)" />
+  </Profiles>
+  <Settings />
+</SettingsFile>
\ No newline at end of file
diff --git a/windows/WinUI/Simple Styles.xaml b/windows/WinUI/Simple Styles.xaml
new file mode 100644
index 0000000..f2ddedf
--- /dev/null
+++ b/windows/WinUI/Simple Styles.xaml	
@@ -0,0 +1,1121 @@
+<ResourceDictionary xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns:d="http://schemas.microsoft.com/expression/interactivedesigner/2006" xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" mc:Ignorable="d">
+	
+	<!-- SimpleStyles.XAML defines a set of control styles which are simplified starting points for creating your own controls -->
+	
+	<!-- Brushes : These are used to define the color for background, foreground, selection, enabled etc of all controls
+	If you want to change the color of a control you can just chnage the brush; if you want to add a new shape or change arrangement then also edit the template -->
+	
+	<!-- NormalBrush is used as the Background for SimpleButton, SimpleRepeatButton -->
+	<LinearGradientBrush x:Key="NormalBrush" EndPoint="0,1" StartPoint="0,0">
+		<GradientStop Color="#EEE" Offset="0.0"/>
+		<GradientStop Color="#CCC" Offset="1.0"/>
+	</LinearGradientBrush>
+	<LinearGradientBrush x:Key="NormalBorderBrush" EndPoint="0,1" StartPoint="0,0">
+		<GradientStop Color="#CCC" Offset="0.0"/>
+		<GradientStop Color="#444" Offset="1.0"/>
+	</LinearGradientBrush>
+	
+	<!-- LightBrush is used for content areas such as Menu, Tab Control background -->
+	<LinearGradientBrush x:Key="LightBrush" EndPoint="0,1" StartPoint="0,0">
+		<GradientStop Color="#FFF" Offset="0.0"/>
+		<GradientStop Color="#EEE" Offset="1.0"/>
+	</LinearGradientBrush>
+	
+	<!-- MouseOverBrush is used for MouseOver in Button, Radio Button, CheckBox -->
+	<LinearGradientBrush x:Key="MouseOverBrush" EndPoint="0,1" StartPoint="0,0">
+		<GradientStop Color="#FFF" Offset="0.0"/>
+		<GradientStop Color="#AAA" Offset="1.0"/>
+	</LinearGradientBrush>
+	
+	<!-- PressedBrush is used for Pressed in Button, Radio Button, CheckBox -->
+	<LinearGradientBrush x:Key="PressedBrush" EndPoint="0,1" StartPoint="0,0">
+		<GradientStop Color="#BBB" Offset="0.0"/>
+		<GradientStop Color="#EEE" Offset="0.1"/>
+		<GradientStop Color="#EEE" Offset="0.9"/>
+		<GradientStop Color="#FFF" Offset="1.0"/>
+	</LinearGradientBrush>
+	<LinearGradientBrush x:Key="PressedBorderBrush" EndPoint="0,1" StartPoint="0,0">
+		<GradientStop Color="#444" Offset="0.0"/>
+		<GradientStop Color="#888" Offset="1.0"/>
+	</LinearGradientBrush>
+
+	<!-- SelectedBackgroundBrush is used for the Selected item in ListBoxItem, ComboBoxItem-->
+	<SolidColorBrush x:Key="SelectedBackgroundBrush" Color="#DDD"/>	
+
+	<!-- Disabled Brushes are used for the Disabled look of each control -->
+	<SolidColorBrush x:Key="DisabledForegroundBrush" Color="#888"/>
+	<SolidColorBrush x:Key="DisabledBackgroundBrush" Color="#EEE"/>
+	<SolidColorBrush x:Key="DisabledBorderBrush" Color="#AAA"/>
+
+	<!-- Used for background of ScrollViewer, TreeView, ListBox, Expander, TextBox, Tab Control -->
+	<SolidColorBrush x:Key="WindowBackgroundBrush" Color="#FFF"/>
+	
+	<!-- DefaultedBorderBrush is used to show KeyBoardFocus -->
+	<LinearGradientBrush x:Key="DefaultedBorderBrush" EndPoint="0,1" StartPoint="0,0">
+		<GradientStop Color="#777" Offset="0.0"/>
+		<GradientStop Color="#000" Offset="1.0"/>
+	</LinearGradientBrush>
+
+	<SolidColorBrush x:Key="SolidBorderBrush" Color="#888"/>
+	<SolidColorBrush x:Key="LightBorderBrush" Color="#AAA"/>
+	<SolidColorBrush x:Key="LightColorBrush" Color="#DDD"/>
+	
+	<!-- Used for Checkmark, Radio button, TreeViewItem, Expander ToggleButton glyphs -->
+	<SolidColorBrush x:Key="GlyphBrush" Color="#444"/>
+	
+	
+	<!-- Style and Template pairs are used to define each control Part -->
+	<!-- The Style provides default values on the control; the Template gives the elements for each control -->
+	
+	<!-- SimpleButtonFocusVisual is used to show keyboard focus around a SimpleButton control -->
+	<Style x:Key="SimpleButtonFocusVisual">
+		<Setter Property="Control.Template">
+			<Setter.Value>
+				<ControlTemplate>
+					<Border>
+						<Rectangle Margin="2" Stroke="#60000000" StrokeThickness="1" StrokeDashArray="1 2"/>
+					</Border>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!-- Simple Button - This control sets brushes on each state. Note that these brushes must be listed above since they are static resources -->
+	<Style x:Key="SimpleButton" TargetType="{x:Type Button}" BasedOn="{x:Null}">
+		<Setter Property="FocusVisualStyle" Value="{DynamicResource SimpleButtonFocusVisual}"/>
+		<Setter Property="Background" Value="{DynamicResource NormalBrush}"/>
+		<Setter Property="BorderBrush" Value="{DynamicResource NormalBorderBrush}"/>
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type Button}">
+					
+					<!-- We use Grid as a root because it is easy to add more elements to customize the button -->
+					<Grid x:Name="Grid">
+						<Border x:Name="Border" Background="{TemplateBinding Background}" BorderBrush="{TemplateBinding BorderBrush}" BorderThickness="{TemplateBinding BorderThickness}" Padding="{TemplateBinding Padding}"/>
+						
+						<!-- Content Presenter is where the text content etc is placed by the control -->
+						<!-- The bindings are useful so that the control can be parameterized without editing the template -->
+						<ContentPresenter HorizontalAlignment="{TemplateBinding HorizontalContentAlignment}" Margin="{TemplateBinding Padding}" VerticalAlignment="{TemplateBinding VerticalContentAlignment}" RecognizesAccessKey="True"/>
+					</Grid>
+					
+					<!--Each state sets a brush on the Border in the template -->
+					<ControlTemplate.Triggers>
+						<Trigger Property="IsKeyboardFocused" Value="true">
+							<Setter Property="BorderBrush" Value="{DynamicResource DefaultedBorderBrush}" TargetName="Border"/>
+						</Trigger>
+						<Trigger Property="IsMouseOver" Value="true">
+							<Setter Property="Background" Value="{DynamicResource MouseOverBrush}" TargetName="Border"/>
+						</Trigger>
+						<Trigger Property="IsPressed" Value="true">
+							<Setter Property="Background" Value="{DynamicResource PressedBrush}" TargetName="Border"/>
+							<Setter Property="BorderBrush" Value="{DynamicResource PressedBorderBrush}" TargetName="Border"/>
+						</Trigger>
+						<Trigger Property="IsEnabled" Value="true"/>
+						<Trigger Property="IsEnabled" Value="false">
+							<Setter Property="Background" Value="{DynamicResource DisabledBackgroundBrush}" TargetName="Border"/>
+							<Setter Property="BorderBrush" Value="{DynamicResource DisabledBorderBrush}" TargetName="Border"/>
+							<Setter Property="Foreground" Value="{DynamicResource DisabledForegroundBrush}"/>
+						</Trigger>
+					</ControlTemplate.Triggers>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<Style x:Key="RadioButtonFocusVisual">
+		<Setter Property="Control.Template">
+			<Setter.Value>
+				<ControlTemplate>
+					<Border>
+						<Rectangle Margin="15,0,0,0" Stroke="#60000000" StrokeThickness="1" StrokeDashArray="1 2"/>
+					</Border>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<Style x:Key="CheckBoxFocusVisual">
+		<Setter Property="Control.Template">
+			<Setter.Value>
+				<ControlTemplate>
+					<Border>
+						<Rectangle Margin="15,0,0,0" Stroke="#60000000" StrokeThickness="1" StrokeDashArray="1 2"/>
+					</Border>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!-- Simple CheckBox -->
+	<Style x:Key="SimpleCheckBox" TargetType="{x:Type CheckBox}">
+		<Setter Property="SnapsToDevicePixels" Value="true"/>
+		<Setter Property="FocusVisualStyle" Value="{DynamicResource CheckBoxFocusVisual}"/>
+		<Setter Property="Background" Value="{DynamicResource NormalBrush}"/>
+		<Setter Property="BorderBrush" Value="{DynamicResource NormalBorderBrush}"/>
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type CheckBox}">
+					
+					<!-- BulletDecorator is used to provide baseline alignment between the checkmark and the Content -->
+					<BulletDecorator Background="Transparent">
+						<BulletDecorator.Bullet>
+							<Grid Width="13" Height="13">
+								<Border x:Name="Border" Background="{TemplateBinding Background}" BorderBrush="{TemplateBinding BorderBrush}" BorderThickness="{TemplateBinding BorderThickness}"/>
+								<Path x:Name="CheckMark" Stroke="{DynamicResource GlyphBrush}" StrokeThickness="2" SnapsToDevicePixels="False" Data="M 0 0 L 13 13 M 0 13 L 13 0"/>
+							</Grid>
+						</BulletDecorator.Bullet>
+						<ContentPresenter HorizontalAlignment="{TemplateBinding HorizontalContentAlignment}" Margin="{TemplateBinding Padding}" VerticalAlignment="{TemplateBinding VerticalContentAlignment}" RecognizesAccessKey="True"/>
+					</BulletDecorator>
+					
+					<!-- This uses Visibility to hide and show the CheckMark on IsChecked -->
+					<ControlTemplate.Triggers>
+						<Trigger Property="IsChecked" Value="false">
+							<Setter Property="Visibility" Value="Collapsed" TargetName="CheckMark"/>
+						</Trigger>
+						<Trigger Property="IsMouseOver" Value="true">
+							<Setter Property="Background" Value="{DynamicResource MouseOverBrush}" TargetName="Border"/>
+						</Trigger>
+						<Trigger Property="IsPressed" Value="true">
+							<Setter Property="Background" Value="{DynamicResource PressedBrush}" TargetName="Border"/>
+							<Setter Property="BorderBrush" Value="{DynamicResource PressedBorderBrush}" TargetName="Border"/>
+						</Trigger>
+						<Trigger Property="IsEnabled" Value="false">
+							<Setter Property="Background" Value="{DynamicResource DisabledBackgroundBrush}" TargetName="Border"/>
+							<Setter Property="BorderBrush" Value="{DynamicResource DisabledBorderBrush}" TargetName="Border"/>
+						</Trigger>
+					</ControlTemplate.Triggers>
+					
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!-- Simple Radio Button -->
+	<Style x:Key="SimpleRadioButton" TargetType="{x:Type RadioButton}">
+		<Setter Property="SnapsToDevicePixels" Value="true"/>
+		<Setter Property="FocusVisualStyle" Value="{DynamicResource RadioButtonFocusVisual}"/>
+		<Setter Property="Background" Value="{DynamicResource NormalBrush}"/>
+		<Setter Property="BorderBrush" Value="{DynamicResource NormalBorderBrush}"/>
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type RadioButton}">
+				
+					<!-- BulletDecorator is used to provide baseline alignment between the checkmark and the Content -->
+					<BulletDecorator Background="Transparent">
+						<BulletDecorator.Bullet>
+							<Grid Width="13" Height="13">
+								<Ellipse x:Name="Ellipse_Border" Fill="{TemplateBinding Background}" Stroke="{TemplateBinding BorderBrush}" StrokeThickness="1"/>
+								<Ellipse Margin="4" x:Name="CheckMark" Fill="{DynamicResource GlyphBrush}"/>
+							</Grid>
+						</BulletDecorator.Bullet>
+						<ContentPresenter HorizontalAlignment="{TemplateBinding HorizontalContentAlignment}" Margin="{TemplateBinding Padding}" VerticalAlignment="{TemplateBinding VerticalContentAlignment}" RecognizesAccessKey="True"/>
+					</BulletDecorator>
+					
+					<ControlTemplate.Triggers>
+						<Trigger Property="IsChecked" Value="false">
+							<Setter Property="Visibility" Value="Collapsed" TargetName="CheckMark"/>
+						</Trigger>
+						<Trigger Property="IsMouseOver" Value="true">
+							<Setter Property="Fill" Value="{DynamicResource MouseOverBrush}" TargetName="Ellipse_Border"/>
+						</Trigger>
+						<Trigger Property="IsPressed" Value="true">
+							<Setter Property="Fill" Value="{DynamicResource PressedBrush}" TargetName="Ellipse_Border"/>
+							<Setter Property="Stroke" Value="{DynamicResource GlyphBrush}" TargetName="Ellipse_Border"/>
+						</Trigger>
+						<Trigger Property="IsEnabled" Value="false">
+							<Setter Property="Fill" Value="{DynamicResource DisabledBackgroundBrush}" TargetName="Ellipse_Border"/>
+							<Setter Property="Stroke" Value="#40000000" TargetName="Ellipse_Border"/>
+							<Setter Property="Foreground" Value="#80000000"/>
+						</Trigger>
+						
+					</ControlTemplate.Triggers>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!-- Simple Repeat Button - This is used by Simple ScrollBar for the up and down buttons -->
+	<Style x:Key="SimpleRepeatButton" d:IsControlPart="True" TargetType="{x:Type RepeatButton}" BasedOn="{x:Null}">
+		<Setter Property="Background" Value="{DynamicResource NormalBrush}"/>
+		<Setter Property="BorderBrush" Value="{DynamicResource NormalBorderBrush}"/>
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type RepeatButton}">
+					<Grid>
+						<Border x:Name="Border" Background="{TemplateBinding Background}" BorderBrush="{TemplateBinding BorderBrush}" BorderThickness="{TemplateBinding BorderThickness}"/>
+						<ContentPresenter HorizontalAlignment="Center" x:Name="ContentPresenter" VerticalAlignment="Center" Content="{TemplateBinding Content}" ContentTemplate="{TemplateBinding ContentTemplate}" ContentTemplateSelector="{TemplateBinding ContentTemplateSelector}"/>
+					</Grid>
+					<ControlTemplate.Triggers>
+						<Trigger Property="IsKeyboardFocused" Value="true">
+							<Setter Property="BorderBrush" Value="{DynamicResource DefaultedBorderBrush}" TargetName="Border"/>
+						</Trigger>
+						<Trigger Property="IsMouseOver" Value="true">
+							<Setter Property="Background" Value="{DynamicResource MouseOverBrush}" TargetName="Border"/>
+						</Trigger>
+						<Trigger Property="IsPressed" Value="true">
+							<Setter Property="Background" Value="{DynamicResource PressedBrush}" TargetName="Border"/>
+							<Setter Property="BorderBrush" Value="{DynamicResource PressedBorderBrush}" TargetName="Border"/>
+						</Trigger>
+						<Trigger Property="IsEnabled" Value="false">
+							<Setter Property="Background" Value="{DynamicResource DisabledBackgroundBrush}" TargetName="Border"/>
+							<Setter Property="BorderBrush" Value="{DynamicResource DisabledBorderBrush}" TargetName="Border"/>
+							<Setter Property="Foreground" Value="{DynamicResource DisabledForegroundBrush}"/>
+						</Trigger>
+					</ControlTemplate.Triggers>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!-- Simple Thumb - The Thumb is the draggable part of the Scrollbar -->
+	<Style x:Key="SimpleThumbStyle" d:IsControlPart="True" TargetType="{x:Type Thumb}" BasedOn="{x:Null}">
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type Thumb}">
+					<Grid Margin="0,0,0,0" x:Name="Grid">
+						<Rectangle HorizontalAlignment="Stretch" x:Name="Rectangle" VerticalAlignment="Stretch" Width="Auto" Height="Auto" RadiusX="2" RadiusY="2" Fill="{DynamicResource NormalBrush}" Stroke="{DynamicResource NormalBorderBrush}"/>
+					</Grid>
+					<ControlTemplate.Triggers>
+						<Trigger Property="IsFocused" Value="True"/>
+						<Trigger Property="IsMouseOver" Value="True"/>
+						<Trigger Property="IsEnabled" Value="False"/>
+						<Trigger Property="IsDragging" Value="True"/>
+					</ControlTemplate.Triggers>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!-- Simple ScrollRepeatButton Style - This RepeatButton is used above and below the Thumb in the Scrollbar. They are set to transparent si that they do not show over the scrollbar -->
+	<Style x:Key="SimpleScrollRepeatButtonStyle" d:IsControlPart="True" TargetType="{x:Type RepeatButton}">
+		<Setter Property="Background" Value="Transparent"/>
+		<Setter Property="BorderBrush" Value="Transparent"/>
+		<Setter Property="IsTabStop" Value="false"/>
+		<Setter Property="Focusable" Value="false"/>
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type RepeatButton}">
+					<Grid>
+						<Rectangle Fill="{TemplateBinding Background}" Stroke="{TemplateBinding BorderBrush}" StrokeThickness="{TemplateBinding BorderThickness}"/>
+					</Grid>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!-- Simple ScrollBar  This makes use of SimpleThumb, SimpleRepeatButton and SimpleScrollRepeatButton -->
+	
+	<Style x:Key="SimpleScrollBar" TargetType="{x:Type ScrollBar}">
+		<Setter Property="Stylus.IsFlicksEnabled" Value="false"/>
+		<Setter Property="Foreground" Value="{DynamicResource {x:Static SystemColors.ControlTextBrushKey}}"/>
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type ScrollBar}">
+					<Grid x:Name="GridRoot" Width="{DynamicResource {x:Static SystemParameters.VerticalScrollBarWidthKey}}" Background="{TemplateBinding Background}">
+						<Grid.RowDefinitions>
+							<RowDefinition MaxHeight="18"/>
+							<RowDefinition Height="0.00001*"/>
+							<RowDefinition MaxHeight="18"/>
+						</Grid.RowDefinitions>
+						
+						<RepeatButton x:Name="DecreaseRepeat" Style="{DynamicResource SimpleRepeatButton}" Command="ScrollBar.LineUpCommand">
+							<Grid>
+								<Path x:Name="DecreaseArrow" Stroke="{TemplateBinding Foreground}" StrokeThickness="1" Data="M 0 4 L 8 4 L 4 0 Z"/>
+							</Grid>
+						</RepeatButton>
+						
+						<!-- Track is a special layout container which sizes the thumb and the repeat button which do jump scrolling either side of it -->
+						<Track Grid.Row="1" x:Name="PART_Track" Orientation="Vertical" IsDirectionReversed="true">
+							<Track.Thumb>
+								<Thumb Style="{DynamicResource SimpleThumbStyle}"/>
+							</Track.Thumb>
+							<Track.IncreaseRepeatButton>
+								<RepeatButton x:Name="PageUp" Style="{DynamicResource SimpleScrollRepeatButtonStyle}" Command="ScrollBar.PageDownCommand"/>
+							</Track.IncreaseRepeatButton>
+							<Track.DecreaseRepeatButton>
+								<RepeatButton x:Name="PageDown" Style="{DynamicResource SimpleScrollRepeatButtonStyle}" Command="ScrollBar.PageUpCommand"/>
+							</Track.DecreaseRepeatButton>
+						</Track>
+						
+						<RepeatButton Grid.Row="2" x:Name="IncreaseRepeat" Style="{DynamicResource SimpleRepeatButton}" Command="ScrollBar.LineDownCommand">
+							<Grid>
+								<Path x:Name="IncreaseArrow" Stroke="{TemplateBinding Foreground}" StrokeThickness="1" Data="M 0 0 L 4 4 L 8 0 Z"/>
+							</Grid>
+						</RepeatButton>
+					</Grid>
+					
+					<!-- This uses a single template for ScrollBar and rotate it to be Horizontal
+					It also changes the commands so that the it does Left and Right instead of Up and Down Commands -->
+					<ControlTemplate.Triggers>
+						<Trigger Property="Orientation" Value="Horizontal">
+
+							<!-- Rotate the ScrollBar from Vertical to Horizontal -->
+							<Setter Property="LayoutTransform" TargetName="GridRoot">
+								<Setter.Value>
+									<RotateTransform Angle="-90"/>
+								</Setter.Value>
+							</Setter>
+							
+							<!-- Track is bound to Orientation internally, so we need to rotate it back to Vertical -->
+							<Setter TargetName="PART_Track" Property="Orientation" Value="Vertical"/>
+					
+							<!-- Change the commands to do Horizontal commands -->
+							<Setter Property="Command" Value="ScrollBar.LineLeftCommand" TargetName="DecreaseRepeat"/>
+							<Setter Property="Command" Value="ScrollBar.LineRightCommand" TargetName="IncreaseRepeat"/>
+							<Setter Property="Command" Value="ScrollBar.PageLeftCommand" TargetName="PageDown"/>
+							<Setter Property="Command" Value="ScrollBar.PageRightCommand" TargetName="PageUp"/>
+						</Trigger>
+					</ControlTemplate.Triggers>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!-- Simple ScrollViewer 
+	ScrollViewer is a Grid control which has a ContentPresenter and a Horizontal and Vertical ScrollBar 
+	It is used by ListBox, MenuItem, ComboBox, and TreeView -->
+	<Style x:Key="SimpleScrollViewer" TargetType="{x:Type ScrollViewer}" BasedOn="{x:Null}">
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type ScrollViewer}">
+					<Grid Background="{TemplateBinding Background}">
+						<Grid.ColumnDefinitions>
+							<ColumnDefinition Width="*"/>
+							<ColumnDefinition Width="Auto"/>
+						</Grid.ColumnDefinitions>
+						<Grid.RowDefinitions>
+							<RowDefinition Height="*"/>
+							<RowDefinition Height="Auto"/>
+						</Grid.RowDefinitions>
+						<ScrollContentPresenter Grid.Column="0" Grid.Row="0" Margin="{TemplateBinding Padding}" Content="{TemplateBinding Content}" ContentTemplate="{TemplateBinding ContentTemplate}" CanContentScroll="{TemplateBinding CanContentScroll}"/>
+						
+						<!-- The visibility of the ScrollBars is controlled by the implementation fo the control -->
+						<ScrollBar Visibility="{TemplateBinding ComputedHorizontalScrollBarVisibility}" Grid.Column="0" Grid.Row="1" x:Name="PART_HorizontalScrollBar" Style="{DynamicResource SimpleScrollBar}" Orientation="Horizontal" Value="{Binding Path=HorizontalOffset, Mode=OneWay, RelativeSource={RelativeSource TemplatedParent}}" ViewportSize="{TemplateBinding ViewportWidth}" Minimum="0" Maximum="{TemplateBinding ScrollableWidth}" />
+						<ScrollBar Visibility="{TemplateBinding ComputedVerticalScrollBarVisibility}" Grid.Column="1" Grid.Row="0" x:Name="PART_VerticalScrollBar" Style="{DynamicResource SimpleScrollBar}" Orientation="Vertical" Value="{Binding Path=VerticalOffset, Mode=OneWay, RelativeSource={RelativeSource TemplatedParent}}" ViewportSize="{TemplateBinding ViewportHeight}" Minimum="0" Maximum="{TemplateBinding ScrollableHeight}" />
+					</Grid>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!-- Simple ListBox - This uses SimpleScrollViewer to allow items to be scrolled and SimpleListBoxItem to define the look of each item -->
+	<Style x:Key="SimpleListBox" TargetType="{x:Type ListBox}">
+		<Setter Property="SnapsToDevicePixels" Value="true"/>
+		<Setter Property="Background" Value="{DynamicResource WindowBackgroundBrush}"/>
+		<Setter Property="BorderBrush" Value="{DynamicResource SolidBorderBrush}"/>
+		<Setter Property="ScrollViewer.HorizontalScrollBarVisibility" Value="Auto"/>
+		<Setter Property="ScrollViewer.VerticalScrollBarVisibility" Value="Auto"/>
+		<Setter Property="ScrollViewer.CanContentScroll" Value="True"/>
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type ListBox}">
+					<Grid>
+						<Border x:Name="Border" BorderBrush="{TemplateBinding BorderBrush}" BorderThickness="{TemplateBinding BorderThickness}"/>
+						<ScrollViewer Margin="1" Style="{DynamicResource SimpleScrollViewer}" Focusable="false" Background="{TemplateBinding Background}">
+							
+							<!-- The StackPanel is used to display the children by setting IsItemsHost to be Trus -->
+							<StackPanel Margin="2" IsItemsHost="true"/>
+							
+						</ScrollViewer>
+					</Grid>
+					<ControlTemplate.Triggers>
+						<Trigger Property="IsEnabled" Value="false">
+							<Setter Property="Background" Value="{DynamicResource DisabledBackgroundBrush}" TargetName="Border"/>
+							<Setter Property="BorderBrush" Value="{DynamicResource DisabledBorderBrush}" TargetName="Border"/>
+						</Trigger>
+						<Trigger Property="IsGrouping" Value="true">
+							<Setter Property="ScrollViewer.CanContentScroll" Value="false"/>
+						</Trigger>
+					</ControlTemplate.Triggers>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!-- Simple ListBoxItem - This is used for each Item in a ListBox. The item's content is placed in the ContentPresenter -->
+	
+	<Style x:Key="SimpleListBoxItem" d:IsControlPart="True" TargetType="{x:Type ListBoxItem}">
+		<Setter Property="SnapsToDevicePixels" Value="true"/>
+		<Setter Property="OverridesDefaultStyle" Value="true"/>
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type ListBoxItem}">
+					<Grid SnapsToDevicePixels="true">
+						<Border x:Name="Border" Background="{TemplateBinding Background}" BorderBrush="{TemplateBinding BorderBrush}" BorderThickness="{TemplateBinding BorderThickness}"/>
+						<ContentPresenter HorizontalAlignment="{TemplateBinding HorizontalContentAlignment}" VerticalAlignment="{TemplateBinding VerticalContentAlignment}"/>
+					</Grid>
+					<ControlTemplate.Triggers>
+						
+						<!-- Change IsSelected SelectedBackgroundBrush to set the selection color for the items -->
+						<Trigger Property="IsSelected" Value="true">
+							<Setter Property="Background" Value="{DynamicResource SelectedBackgroundBrush}" TargetName="Border"/>
+						</Trigger>
+						
+						<Trigger Property="IsEnabled" Value="false">
+							<Setter Property="Foreground" Value="{DynamicResource DisabledForegroundBrush}"/>
+						</Trigger>
+					</ControlTemplate.Triggers>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!-- Simple Expander ToggleButton - This Button is used by the Expander control. When it is toggled it switches visibility on the Up_Arrow and Down_Arrow -->
+	<ControlTemplate x:Key="ExpanderToggleButton" TargetType="{x:Type ToggleButton}">
+		<Grid>
+			<Rectangle Margin="0,0,0,0" x:Name="Rectangle" Fill="Transparent" Stroke="{DynamicResource NormalBorderBrush}"/>
+			<Path HorizontalAlignment="Center" x:Name="Up_Arrow" VerticalAlignment="Center" Fill="{DynamicResource GlyphBrush}" Data="M 0 0 L 4 4 L 8 0 Z"/>
+			<Path Visibility="Collapsed" HorizontalAlignment="Center" x:Name="Down_Arrow" VerticalAlignment="Center" Fill="{DynamicResource GlyphBrush}" Data="M 0 4 L 4 0 L 8 4 Z"/>
+		</Grid>
+		<ControlTemplate.Triggers>
+			<Trigger Property="IsMouseOver" Value="true">
+				<Setter Property="Fill" Value="{DynamicResource MouseOverBrush}" TargetName="Rectangle"/>
+			</Trigger>
+			<Trigger Property="IsPressed" Value="true">
+				<Setter Property="Fill" Value="{DynamicResource PressedBrush}" TargetName="Rectangle"/>
+			</Trigger>
+			<Trigger Property="IsChecked" Value="true">
+				<Setter Property="Visibility" Value="Visible" TargetName="Down_Arrow"/>
+				<Setter Property="Visibility" Value="Collapsed" TargetName="Up_Arrow"/>
+			</Trigger>
+			<Trigger Property="IsEnabled" Value="False">
+				<Setter Property="Fill" Value="{DynamicResource DisabledBackgroundBrush}" TargetName="Rectangle"/>
+				<Setter Property="Stroke" Value="{DynamicResource DisabledBorderBrush}" TargetName="Rectangle"/>
+				<Setter Property="Foreground" Value="{DynamicResource DisabledForegroundBrush}"/>
+				<Setter Property="Fill" Value="{DynamicResource DisabledForegroundBrush}" TargetName="Up_Arrow"/>
+			</Trigger>
+		</ControlTemplate.Triggers>
+	</ControlTemplate>
+	
+	<!-- Simple Expander 
+	 This uses the Simpler ExpanderToggleButton. It sets Visibility on the ContentPresenter to expand
+	 Limitations : The Simple Expander only expands down -->
+	<Style x:Key="SimpleExpander" TargetType="{x:Type Expander}">
+		<Setter Property="Background" Value="{DynamicResource LightBrush}"/>
+		<Setter Property="BorderBrush" Value="{DynamicResource NormalBorderBrush}"/>
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type Expander}">
+					<Grid>
+						<Grid.RowDefinitions>
+							<RowDefinition Height="Auto"/>
+							<RowDefinition Height="*" x:Name="ContentRow"/>
+						</Grid.RowDefinitions>
+						<Border Grid.Row="0" x:Name="Border" Background="{TemplateBinding Background}" BorderBrush="{TemplateBinding BorderBrush}" BorderThickness="{TemplateBinding BorderThickness}" CornerRadius="2,2,0,0">
+							<Grid>
+								<Grid.ColumnDefinitions>
+									<ColumnDefinition Width="20"/>
+									<ColumnDefinition Width="*"/>
+								</Grid.ColumnDefinitions>
+								<ToggleButton Template="{DynamicResource ExpanderToggleButton}" Background="{DynamicResource NormalBrush}" IsChecked="{Binding Path=IsExpanded, Mode=TwoWay, RelativeSource={RelativeSource TemplatedParent}}" OverridesDefaultStyle="True"/>
+								<ContentPresenter Grid.Column="1" Margin="4" RecognizesAccessKey="True" ContentSource="Header"/>
+							</Grid>
+						</Border>
+						<Border Visibility="Collapsed" Grid.Row="1" x:Name="ExpandSite" Background="{DynamicResource WindowBackgroundBrush}" BorderBrush="{DynamicResource SolidBorderBrush}" BorderThickness="1,0,1,1" CornerRadius="0,0,2,2">
+							<ContentPresenter HorizontalAlignment="{TemplateBinding HorizontalContentAlignment}" Margin="{TemplateBinding Padding}" VerticalAlignment="{TemplateBinding VerticalContentAlignment}" Focusable="false"/>
+						</Border>
+					</Grid>
+					<ControlTemplate.Triggers>
+						<Trigger Property="IsExpanded" Value="True">
+							<Setter Property="Visibility" Value="Visible" TargetName="ExpandSite"/>
+						</Trigger>
+						<Trigger Property="IsEnabled" Value="False">
+							<Setter Property="Background" Value="{DynamicResource DisabledBackgroundBrush}" TargetName="Border"/>
+							<Setter Property="BorderBrush" Value="{DynamicResource DisabledBorderBrush}" TargetName="Border"/>
+							<Setter Property="Foreground" Value="{DynamicResource DisabledForegroundBrush}"/>
+						</Trigger>
+					</ControlTemplate.Triggers>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!-- Simple ComboBox Toggle Button - This is used in ComboBox to expand and collapse the ComboBox Popup-->
+	<ControlTemplate x:Key="ComboBoxToggleButton" TargetType="{x:Type ToggleButton}">
+		<Grid>
+			<Grid.ColumnDefinitions>
+				<ColumnDefinition/>
+				<ColumnDefinition Width="20"/>
+			</Grid.ColumnDefinitions>
+			<Rectangle Grid.ColumnSpan="2" HorizontalAlignment="Stretch" x:Name="Rectangle" VerticalAlignment="Stretch" Width="Auto" Height="Auto" RadiusX="5" RadiusY="5" Fill="{DynamicResource NormalBrush}" Stroke="{DynamicResource NormalBorderBrush}"/>
+			<Rectangle Grid.Column="0" HorizontalAlignment="Stretch" VerticalAlignment="Stretch" Width="Auto" Height="Auto" RadiusX="5" RadiusY="5" Fill="{DynamicResource WindowBackgroundBrush}" Stroke="{DynamicResource NormalBorderBrush}"/>
+			<Path Grid.Column="1" HorizontalAlignment="Center" x:Name="Arrow" VerticalAlignment="Center" Fill="{DynamicResource GlyphBrush}" Data="M 0 0 L 4 4 L 8 0 Z"/>
+		</Grid>
+		<ControlTemplate.Triggers>
+			<Trigger Property="IsMouseOver" Value="true">
+				<Setter Property="Fill" Value="{DynamicResource MouseOverBrush}" TargetName="Rectangle"/>
+			</Trigger>
+			<Trigger Property="IsChecked" Value="true">
+				<Setter Property="Fill" Value="{DynamicResource PressedBrush}" TargetName="Rectangle"/>
+			</Trigger>
+			<Trigger Property="IsEnabled" Value="False">
+				<Setter Property="Fill" Value="{DynamicResource DisabledBackgroundBrush}" TargetName="Rectangle"/>
+				<Setter Property="Stroke" Value="{DynamicResource DisabledBorderBrush}" TargetName="Rectangle"/>
+				<Setter Property="Foreground" Value="{DynamicResource DisabledForegroundBrush}"/>
+				<Setter Property="Fill" Value="{DynamicResource DisabledForegroundBrush}" TargetName="Arrow"/>
+			</Trigger>
+		</ControlTemplate.Triggers>
+	</ControlTemplate>
+	
+	<!-- This is the area which contains the selected item in the ComboBox -->
+	
+	<ControlTemplate x:Key="ComboBoxTextBox" TargetType="{x:Type TextBox}">
+		<!-- This must be named as PART_ContentHost -->
+		<Border x:Name="PART_ContentHost" Focusable="False" Background="{TemplateBinding Background}"/>
+	</ControlTemplate>
+	
+	<!-- Simple ComboBox 
+	This uses the ComboBoxToggleButton to expand and collapse a Popup control
+	SimpleScrollViewer to allow items to be scrolled and SimpleComboBoxItem to define the look of each item 
+	The Popup shows a list of items in a StackPanel-->
+	
+	<Style x:Key="SimpleComboBox" TargetType="{x:Type ComboBox}">
+		<Setter Property="SnapsToDevicePixels" Value="true"/>
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type ComboBox}">
+					<Grid>
+						<!-- The ToggleButton is databound to the ComboBox itself to toggle IsDropDownOpen -->
+						<ToggleButton Grid.Column="2" Template="{DynamicResource ComboBoxToggleButton}" x:Name="ToggleButton" Focusable="false" IsChecked="{Binding Path=IsDropDownOpen, Mode=TwoWay, RelativeSource={RelativeSource TemplatedParent}}" ClickMode="Press"/>
+						<ContentPresenter HorizontalAlignment="Left" Margin="3,3,23,3" x:Name="ContentSite" VerticalAlignment="Center" Content="{TemplateBinding SelectionBoxItem}" ContentTemplate="{TemplateBinding SelectionBoxItemTemplate}" ContentTemplateSelector="{TemplateBinding ItemTemplateSelector}" IsHitTestVisible="False"/>
+						
+						<!-- The TextBox must be named PART_EditableTextBox or ComboBox will not recognize it -->
+						<TextBox Visibility="Hidden" Template="{DynamicResource ComboBoxTextBox}" HorizontalAlignment="Left" Margin="3,3,23,3" x:Name="PART_EditableTextBox" Style="{x:Null}" VerticalAlignment="Center" Focusable="True" Background="Transparent" IsReadOnly="{TemplateBinding IsReadOnly}"/>
+						
+						<!-- The Popup shows the list of items in the ComboBox. IsOpen is databound to IsDropDownOpen which is toggled via the ComboBoxToggleButton -->
+						<Popup IsOpen="{TemplateBinding IsDropDownOpen}" Placement="Bottom" x:Name="Popup" Focusable="False" AllowsTransparency="True" PopupAnimation="Slide">
+							<Grid MaxHeight="{TemplateBinding MaxDropDownHeight}" MinWidth="{TemplateBinding ActualWidth}" x:Name="DropDown" SnapsToDevicePixels="True">
+								<Border x:Name="DropDownBorder" Background="{DynamicResource WindowBackgroundBrush}" BorderBrush="{DynamicResource SolidBorderBrush}" BorderThickness="1"/>
+								<ScrollViewer Margin="4,6,4,6" Style="{DynamicResource SimpleScrollViewer}" SnapsToDevicePixels="True" HorizontalScrollBarVisibility="Auto" VerticalScrollBarVisibility="Auto" CanContentScroll="True">
+							
+									<!-- The StackPanel is used to display the children by setting IsItemsHost to be True -->
+									<StackPanel IsItemsHost="True" KeyboardNavigation.DirectionalNavigation="Contained"/>
+								
+								</ScrollViewer>
+							</Grid>
+						</Popup>
+					</Grid>
+					<ControlTemplate.Triggers>						
+						<!-- This forces the DropDown to have a minimum size if it is empty -->
+						<Trigger Property="HasItems" Value="false">
+							<Setter Property="MinHeight" Value="95" TargetName="DropDownBorder"/>
+						</Trigger>
+						<Trigger Property="IsEnabled" Value="false">
+							<Setter Property="Foreground" Value="{DynamicResource DisabledForegroundBrush}"/>
+						</Trigger>
+						<Trigger Property="IsGrouping" Value="true">
+							<Setter Property="ScrollViewer.CanContentScroll" Value="false"/>
+						</Trigger>
+						<Trigger Property="AllowsTransparency" SourceName="Popup" Value="true">
+							<Setter Property="CornerRadius" Value="4" TargetName="DropDownBorder"/>
+							<Setter Property="Margin" Value="0,2,0,0" TargetName="DropDownBorder"/>
+						</Trigger>
+						<Trigger Property="IsEditable" Value="true">
+							<Setter Property="IsTabStop" Value="false"/>
+							<Setter Property="Visibility" Value="Visible" TargetName="PART_EditableTextBox"/>
+							<Setter Property="Visibility" Value="Hidden" TargetName="ContentSite"/>
+						</Trigger>
+					</ControlTemplate.Triggers>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!-- Simple ComboBoxItem - This is used for each item inside of the ComboBox. You can change the selected color of each item below-->
+	<Style x:Key="SimpleComboBoxItem" d:IsControlPart="True" TargetType="{x:Type ComboBoxItem}">
+		<Setter Property="SnapsToDevicePixels" Value="true"/>
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type ComboBoxItem}">
+					<Grid SnapsToDevicePixels="true">
+						<Border x:Name="Border" Background="{TemplateBinding Background}" BorderBrush="{TemplateBinding BorderBrush}" BorderThickness="{TemplateBinding BorderThickness}"/>
+						<ContentPresenter HorizontalAlignment="{TemplateBinding HorizontalContentAlignment}" VerticalAlignment="{TemplateBinding VerticalContentAlignment}"/>
+					</Grid>
+					<ControlTemplate.Triggers>
+					
+						<!-- Change IsHighlighted SelectedBackgroundBrush to set the selection color for the items -->
+						<Trigger Property="IsHighlighted" Value="true">
+							<Setter Property="Background" Value="{DynamicResource SelectedBackgroundBrush}" TargetName="Border"/>
+						</Trigger>
+						
+						<Trigger Property="IsEnabled" Value="false">
+							<Setter Property="Foreground" Value="{DynamicResource DisabledForegroundBrush}"/>
+						</Trigger>
+					</ControlTemplate.Triggers>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!-- Simple SimpleProgressBar
+	 The template uses two Border controls to show the Track and Progress 
+	 Limitations : It only supports a horizontal orientated ProgressBar -->
+	<Style x:Key="SimpleProgressBar" TargetType="{x:Type ProgressBar}">
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type ProgressBar}">
+					<Grid>
+					
+						<!-- This Border is the track. It must be named PART_Track -->
+						<Border x:Name="PART_Track" Background="{DynamicResource PressedBrush}" BorderBrush="{DynamicResource SolidBorderBrush}" BorderThickness="1" CornerRadius="2"/>
+						
+						<!-- This Border shows progress. It must be named PART_Indicator for the control to function -->
+						<Border HorizontalAlignment="Left" x:Name="PART_Indicator" Background="{DynamicResource MouseOverBrush}" BorderBrush="{DynamicResource NormalBorderBrush}" BorderThickness="1" CornerRadius="2"/>
+					
+					</Grid>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!-- Simple TextBox -->
+	<Style x:Key="SimpleTextBox" TargetType="{x:Type TextBox}">
+		<Setter Property="KeyboardNavigation.TabNavigation" Value="None"/>
+		<Setter Property="FocusVisualStyle" Value="{x:Null}"/>
+		<Setter Property="AllowDrop" Value="true"/>
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type TextBox}">
+					<Grid>
+						<Border x:Name="Border" Background="{DynamicResource WindowBackgroundBrush}" BorderBrush="{DynamicResource SolidBorderBrush}" BorderThickness="1" Padding="2" CornerRadius="2">
+							
+							<!-- The implementation places the Content into the ScrollViewer. It must be named PART_ContentHost for the control to function -->
+							<ScrollViewer Margin="0" x:Name="PART_ContentHost" Style="{DynamicResource SimpleScrollViewer}" Background="{TemplateBinding Background}"/>
+						
+						</Border>
+					</Grid>
+					<ControlTemplate.Triggers>
+						<Trigger Property="IsEnabled" Value="False">
+							<Setter Property="Background" Value="{DynamicResource DisabledBackgroundBrush}" TargetName="Border"/>
+							<Setter Property="BorderBrush" Value="{DynamicResource DisabledBackgroundBrush}" TargetName="Border"/>
+							<Setter Property="Foreground" Value="{DynamicResource DisabledForegroundBrush}"/>
+						</Trigger>
+					</ControlTemplate.Triggers>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!-- Simple Label - This template is just a ContentPresenter that shows the content of the Label -->
+	<Style x:Key="SimpleLabel" TargetType="{x:Type Label}">
+		<Setter Property="HorizontalContentAlignment" Value="Left"/>
+		<Setter Property="VerticalContentAlignment" Value="Top"/>
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type Label}">
+					<Grid>
+						<ContentPresenter HorizontalAlignment="{TemplateBinding HorizontalContentAlignment}" VerticalAlignment="{TemplateBinding VerticalContentAlignment}" RecognizesAccessKey="True"/>
+					</Grid>
+					<ControlTemplate.Triggers>
+						<Trigger Property="IsEnabled" Value="false"/>
+					</ControlTemplate.Triggers>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!-- Simple Menu - This template uses a StackPanel to layout MenuItems --> 
+	<Style x:Key="SimpleMenu" TargetType="{x:Type Menu}">
+		<Setter Property="Background" Value="{DynamicResource LightBrush}"/>
+		<Setter Property="BorderBrush" Value="{DynamicResource NormalBorderBrush}"/>
+		<Setter Property="SnapsToDevicePixels" Value="True"/>
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type Menu}">
+					<Grid>
+						<Border Margin="1" x:Name="Border" BorderBrush="{TemplateBinding BorderBrush}" BorderThickness="{TemplateBinding BorderThickness}"/>
+						<StackPanel Background="{TemplateBinding Background}" IsItemsHost="True" ClipToBounds="True" Orientation="Horizontal"/>
+					</Grid>
+					<ControlTemplate.Triggers>
+						<Trigger Property="IsEnabled" Value="False">
+							<Setter Property="Background" Value="{DynamicResource DisabledBackgroundBrush}" TargetName="Border"/>
+							<Setter Property="BorderBrush" Value="{DynamicResource DisabledBorderBrush}" TargetName="Border"/>
+						</Trigger>
+					</ControlTemplate.Triggers>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!-- This BitmapEffect is used by the Simple MenuItem -->
+	<DropShadowBitmapEffect x:Key="PopupDropShadow" ShadowDepth="1.5" Softness="0.15"/>
+	
+	<!-- Simple MenuItem - The template uses triggers to provide four different arrangements of menu item which are set via the Role property --> 
+	<Style x:Key="SimpleMenuItem" TargetType="{x:Type MenuItem}">
+		<Setter Property="HorizontalContentAlignment" Value="{Binding Path=HorizontalContentAlignment, RelativeSource={RelativeSource AncestorType={x:Type ItemsControl}}}"/>
+		<Setter Property="VerticalContentAlignment" Value="{Binding Path=VerticalContentAlignment, RelativeSource={RelativeSource AncestorType={x:Type ItemsControl}}}"/>
+		<Setter Property="Background" Value="Transparent"/>
+		<Setter Property="Foreground" Value="{DynamicResource {x:Static SystemColors.MenuTextBrushKey}}"/>
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type MenuItem}">
+					<Border x:Name="Border" Background="{TemplateBinding Background}" BorderBrush="{TemplateBinding BorderBrush}" BorderThickness="{TemplateBinding BorderThickness}">
+						<Grid>
+							
+							<!-- The Grid is used to hold together columns for an Icon, Content, Glyph checkmark and Arrow to show the next level
+							 Size sharing is used in Grid so that the Icon, Content, Arrow for each MenuItem align together -->
+							<Grid.ColumnDefinitions>
+								<ColumnDefinition MinWidth="17" Width="Auto" SharedSizeGroup="MenuItemIconColumnGroup"/>
+								<ColumnDefinition Width="*"/>
+								<ColumnDefinition Width="Auto" SharedSizeGroup="MenuItemIGTColumnGroup"/>
+								<ColumnDefinition Width="14"/>
+							</Grid.ColumnDefinitions>
+							
+							<!-- ContentPresenter to show an Icon if needed -->
+							<ContentPresenter Margin="4,0,6,0" x:Name="Icon" VerticalAlignment="Center" ContentSource="Icon"/>
+							
+							<!-- Glyph is a checkmark if needed for a checkable menu -->
+							<Grid Visibility="Hidden" Margin="4,0,6,0" x:Name="GlyphPanel" VerticalAlignment="Center">
+								<Path x:Name="GlyphPanelpath" VerticalAlignment="Center" Fill="{TemplateBinding Foreground}" Data="M0,2 L0,4.8 L2.5,7.4 L7.1,2.8 L7.1,0 L2.5,4.6 z" FlowDirection="LeftToRight"/>
+							</Grid>
+							
+							<!-- Content for the menu text etc -->
+							<ContentPresenter Grid.Column="1" Margin="{TemplateBinding Padding}" x:Name="HeaderHost" RecognizesAccessKey="True" ContentSource="Header"/>
+							
+							<!-- Arrow drawn path which points to the next level of the menu -->
+							<Grid Grid.Column="3" Margin="4,0,6,0" x:Name="ArrowPanel" VerticalAlignment="Center">
+								<Path x:Name="ArrowPanelPath" VerticalAlignment="Center" Fill="{TemplateBinding Foreground}" Data="M0,0 L0,8 L4,4 z"/>
+							</Grid>
+							
+							<!-- The Popup is the body of the menu which expands down or across depending on the level of the item -->
+							<Popup IsOpen="{Binding Path=IsSubmenuOpen, RelativeSource={RelativeSource TemplatedParent}}" Placement="Right" x:Name="SubMenuPopup" Focusable="false" AllowsTransparency="true" PopupAnimation="{DynamicResource {x:Static SystemParameters.MenuPopupAnimationKey}}" VerticalOffset="-3">
+								<Grid x:Name="SubMenu">
+									<Border x:Name="SubMenuBorder" Background="{DynamicResource WindowBackgroundBrush}" BorderBrush="{DynamicResource SolidBorderBrush}" BorderThickness="1"/>
+									
+									<!-- StackPanel holds children of the menu. This is set bu IsItemsHost=True -->
+									<StackPanel IsItemsHost="True" KeyboardNavigation.DirectionalNavigation="Cycle"/>
+								</Grid>
+							</Popup>
+							
+						</Grid>
+					</Border>
+					
+					<!-- These triggers re-configure the four arrangements of MenuItem to show different levels of menu via Role -->
+					<ControlTemplate.Triggers>
+					
+						<!-- Role = TopLevelHeader : this is the root menu item in a menu; the Popup expands down -->
+						<Trigger Property="Role" Value="TopLevelHeader">
+							<Setter Property="Margin" Value="0,1,0,1"/>
+							<Setter Property="Padding" Value="6,3,6,3"/>
+							<Setter Property="Grid.IsSharedSizeScope" Value="true"/>
+							<Setter Property="Placement" Value="Bottom" TargetName="SubMenuPopup"/>
+							<Setter Property="Visibility" Value="Collapsed" TargetName="ArrowPanel"/>
+						</Trigger>
+						
+						<!-- Role = TopLevelItem :  this is a child menu item from the top level without any child items-->
+						<Trigger Property="Role" Value="TopLevelItem">
+							<Setter Property="Margin" Value="0,1,0,1"/>
+							<Setter Property="Padding" Value="6,3,6,3"/>
+							<Setter Property="Visibility" Value="Collapsed" TargetName="ArrowPanel"/>
+						</Trigger>
+						
+						<!-- Role = SubMenuHeader : this is a child menu item which does not have children -->
+						<Trigger Property="Role" Value="SubmenuHeader">
+							<Setter Property="DockPanel.Dock" Value="Top"/>
+							<Setter Property="Padding" Value="0,2,0,2"/>
+							<Setter Property="Grid.IsSharedSizeScope" Value="true"/>
+						</Trigger>
+						
+						<!-- Role = SubMenuItem : this is a child menu item which has children-->
+						<Trigger Property="Role" Value="SubmenuItem">
+							<Setter Property="DockPanel.Dock" Value="Top"/>
+							<Setter Property="Padding" Value="0,2,0,2"/>
+							<Setter Property="Visibility" Value="Collapsed" TargetName="ArrowPanel"/>
+						</Trigger>
+						<Trigger Property="IsSuspendingPopupAnimation" Value="true">
+							<Setter Property="PopupAnimation" Value="None" TargetName="SubMenuPopup"/>
+						</Trigger>
+						
+						<!-- If no Icon is present the we collapse the Icon Content -->
+						<Trigger Property="Icon" Value="{x:Null}">
+							<Setter Property="Visibility" Value="Collapsed" TargetName="Icon"/>
+						</Trigger>
+						
+						<!-- The GlyphPanel contains the CheckMark -->
+						<Trigger Property="IsChecked" Value="true">
+							<Setter Property="Visibility" Value="Visible" TargetName="GlyphPanel"/>
+							<Setter Property="Visibility" Value="Collapsed" TargetName="Icon"/>
+						</Trigger>
+						
+						<Trigger Property="AllowsTransparency" SourceName="SubMenuPopup" Value="true">
+							<Setter Property="Margin" Value="0,0,3,3" TargetName="SubMenu"/>
+							<Setter Property="SnapsToDevicePixels" Value="true" TargetName="SubMenu"/>
+							<Setter Property="BitmapEffect" Value="{DynamicResource PopupDropShadow}" TargetName="SubMenuBorder"/>
+						</Trigger>
+						
+						<!-- Using the system colors for the Menu Highlight and IsEnabled-->
+						<Trigger Property="IsHighlighted" Value="true">
+							<Setter Property="Background" Value="{DynamicResource {x:Static SystemColors.HighlightBrushKey}}" TargetName="Border"/>
+							<Setter Property="Foreground" Value="{DynamicResource {x:Static SystemColors.HighlightTextBrushKey}}"/>
+						</Trigger>
+						<Trigger Property="IsEnabled" Value="false">
+							<Setter Property="Foreground" Value="{DynamicResource {x:Static SystemColors.GrayTextBrushKey}}"/>
+						</Trigger>
+					</ControlTemplate.Triggers>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!-- Simple Separator - This template is used for a Separator in a menu --> 
+	<Style x:Key="SimpleSeparator" TargetType="{x:Type Separator}">
+		<Setter Property="Height" Value="1"/>
+		<Setter Property="Margin" Value="0,2,0,2"/>
+		<Setter Property="Focusable" Value="false"/>
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type Separator}">
+					<Border BorderBrush="{DynamicResource SolidBorderBrush}" BorderThickness="1"/>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+
+	<!-- Simple TabControl 
+	This template uses Simple TabItem for each Tab. The TabItems are placed in the TabPanel
+	Limitations : The Simple TabControl only allow the Tabs to be shown at the top of the Tab control. You can re-position the TabPanel to change this-->
+	
+	<Style x:Key="SimpleTabControl" TargetType="{x:Type TabControl}">
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type TabControl}">
+					<Grid KeyboardNavigation.TabNavigation="Local">
+						<Grid.RowDefinitions>
+							<RowDefinition Height="Auto"/>
+							<RowDefinition Height="*"/>
+						</Grid.RowDefinitions>
+						
+						<!-- TabPanel is a layout container which allows the TabItems to wrap and re-order when selected
+						The implementation knows to use this control because it is marked IsItemsHost = True -->
+						<TabPanel Grid.Row="0" Margin="0,0,4,-1" x:Name="HeaderPanel" Background="Transparent" IsItemsHost="True" Panel.ZIndex="1" KeyboardNavigation.TabIndex="1"/>
+						
+						<Border Grid.Row="1" x:Name="Border" Background="{DynamicResource WindowBackgroundBrush}" BorderBrush="{DynamicResource SolidBorderBrush}" BorderThickness="1" CornerRadius="2" KeyboardNavigation.DirectionalNavigation="Contained" KeyboardNavigation.TabNavigation="Local" KeyboardNavigation.TabIndex="2">
+							
+							<!-- The implementation switches the content. This control must be named PART_SelectedContentHost -->
+							<ContentPresenter Margin="4" x:Name="PART_SelectedContentHost" ContentSource="SelectedContent"/>
+							
+						</Border>
+					</Grid>
+					
+					<ControlTemplate.Triggers>
+						<Trigger Property="IsEnabled" Value="False">
+							<Setter Property="Foreground" Value="{DynamicResource DisabledForegroundBrush}"/>
+							<Setter Property="BorderBrush" Value="{DynamicResource DisabledBorderBrush}" TargetName="Border"/>
+						</Trigger>
+					</ControlTemplate.Triggers>
+				
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!--Simple TabItem -->
+	<Style x:Key="SimpleTabItem" d:IsControlPart="True" TargetType="{x:Type TabItem}">
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type TabItem}">
+					<Grid>
+						<Border Margin="0,0,-4,0" x:Name="Border" Background="{DynamicResource LightBrush}" BorderBrush="{DynamicResource SolidBorderBrush}" BorderThickness="1,1,1,1" CornerRadius="2,12,0,0">
+							<ContentPresenter HorizontalAlignment="Center" Margin="12,2,12,2" x:Name="ContentSite" VerticalAlignment="Center" RecognizesAccessKey="True" ContentSource="Header"/>
+						</Border>
+					</Grid>
+					<ControlTemplate.Triggers>
+						<Trigger Property="IsSelected" Value="True">
+							<Setter Property="Panel.ZIndex" Value="100"/>
+							<Setter Property="Background" Value="{DynamicResource WindowBackgroundBrush}" TargetName="Border"/>
+							<Setter Property="BorderThickness" Value="1,1,1,0" TargetName="Border"/>
+						</Trigger>
+						<Trigger Property="IsEnabled" Value="False">
+							<Setter Property="Background" Value="{DynamicResource DisabledBackgroundBrush}" TargetName="Border"/>
+							<Setter Property="BorderBrush" Value="{DynamicResource DisabledBorderBrush}" TargetName="Border"/>
+							<Setter Property="Foreground" Value="{DynamicResource DisabledForegroundBrush}"/>
+						</Trigger>
+					</ControlTemplate.Triggers>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!--Simple Simple SliderThumb - The Thumb is the draggable part of a Slider-->
+	<Style x:Key="SimpleSliderThumb" d:IsControlPart="True" TargetType="{x:Type Thumb}">
+		<Setter Property="SnapsToDevicePixels" Value="true"/>
+		<Setter Property="Height" Value="14"/>
+		<Setter Property="Width" Value="14"/>
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type Thumb}">
+					<Grid>
+						<Ellipse x:Name="Ellipse" Fill="{DynamicResource NormalBrush}" Stroke="{DynamicResource NormalBorderBrush}" StrokeThickness="1"/>
+					</Grid>
+					<ControlTemplate.Triggers>
+						<Trigger Property="IsMouseOver" Value="True">
+							<Setter Property="Fill" Value="{DynamicResource MouseOverBrush}" TargetName="Ellipse"/>
+						</Trigger>
+						<Trigger Property="IsEnabled" Value="false">
+							<Setter Property="Fill" Value="{DynamicResource DisabledBackgroundBrush}" TargetName="Ellipse"/>
+						</Trigger>
+					</ControlTemplate.Triggers>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!--Simple Simple Slider
+	Similiar to ScrollBar this template uses Track to layout the draggable Thumb which has an up and down repeat button
+	It uses Simple SliderThumb and SimpleScrollRepeatButtonStyle for the page up and down repeat buttons -->
+	<Style x:Key="SimpleSlider" TargetType="{x:Type Slider}">
+		<Setter Property="Background" Value="{DynamicResource LightBrush}"/>
+		<Setter Property="BorderBrush" Value="{DynamicResource NormalBorderBrush}"/>
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type Slider}">
+					<Grid x:Name="GridRoot">
+						<Grid.RowDefinitions>
+							<RowDefinition Height="Auto"/>
+							<RowDefinition Height="Auto" MinHeight="{TemplateBinding MinHeight}"/>
+							<RowDefinition Height="Auto"/>
+						</Grid.RowDefinitions>
+						
+						<!-- TickBar shows the ticks for Slider -->
+						<TickBar Visibility="Collapsed" x:Name="TopTick" Height="4" SnapsToDevicePixels="True" Placement="Top" Fill="{DynamicResource GlyphBrush}"/>
+						<Border Grid.Row="1" Margin="0" x:Name="Border" Height="4" Background="{TemplateBinding Background}" BorderBrush="{TemplateBinding BorderBrush}" BorderThickness="{TemplateBinding BorderThickness}" CornerRadius="2"/>
+						
+						<!-- The Track lays out the repeat buttons and thumb -->
+						<Track Grid.Row="1" x:Name="PART_Track">
+							<Track.Thumb>
+								<Thumb Style="{DynamicResource SimpleSliderThumb}"/>
+							</Track.Thumb>
+							<Track.IncreaseRepeatButton>
+								<RepeatButton Style="{DynamicResource SimpleScrollRepeatButtonStyle}" Command="Slider.IncreaseLarge"/>
+							</Track.IncreaseRepeatButton>
+							<Track.DecreaseRepeatButton>
+								<RepeatButton Style="{DynamicResource SimpleScrollRepeatButtonStyle}" Command="Slider.DecreaseLarge"/>
+							</Track.DecreaseRepeatButton>
+						</Track>
+						
+						<TickBar Visibility="Collapsed" Grid.Row="2" x:Name="BottomTick" Height="4" SnapsToDevicePixels="True" Placement="Bottom" Fill="{TemplateBinding Foreground}"/>
+					</Grid>
+					<ControlTemplate.Triggers>
+						<Trigger Property="TickPlacement" Value="TopLeft">
+							<Setter Property="Visibility" Value="Visible" TargetName="TopTick"/>
+						</Trigger>
+						<Trigger Property="TickPlacement" Value="BottomRight">
+							<Setter Property="Visibility" Value="Visible" TargetName="BottomTick"/>
+						</Trigger>
+						<Trigger Property="TickPlacement" Value="Both">
+							<Setter Property="Visibility" Value="Visible" TargetName="TopTick"/>
+							<Setter Property="Visibility" Value="Visible" TargetName="BottomTick"/>
+						</Trigger>
+						<Trigger Property="IsEnabled" Value="false">
+							<Setter Property="Background" Value="{DynamicResource DisabledBackgroundBrush}" TargetName="Border"/>
+							<Setter Property="BorderBrush" Value="{DynamicResource DisabledBorderBrush}" TargetName="Border"/>
+						</Trigger>
+						
+						<!-- Use a rotation to create a Vertical Slider form the default Horizontal -->
+						<Trigger Property="Orientation" Value="Vertical">
+							<Setter Property="LayoutTransform" TargetName="GridRoot">
+								<Setter.Value>
+									<RotateTransform Angle="-90"/>
+								</Setter.Value>
+							</Setter>
+							<!-- Track rotates itself based on orientation so need to force it back -->
+							<Setter TargetName="PART_Track" Property="Orientation" Value="Horizontal"/>
+						</Trigger>
+						
+					</ControlTemplate.Triggers>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!--Simple Tree View - This lays out TreeViewItems within a ScrollViewer -->
+	<Style x:Key="SimpleTreeView" TargetType="{x:Type TreeView}">
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type TreeView}">
+					<Grid>
+						<Border x:Name="Border" Background="{DynamicResource WindowBackgroundBrush}" BorderBrush="{DynamicResource SolidBorderBrush}" BorderThickness="1" CornerRadius="1">
+							<ScrollViewer Style="{DynamicResource SimpleScrollViewer}" Focusable="False" Background="{TemplateBinding Background}" Padding="4" HorizontalScrollBarVisibility="Auto" VerticalScrollBarVisibility="Auto" CanContentScroll="False">
+								<ItemsPresenter/>
+							</ScrollViewer>
+						</Border>
+					</Grid>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!--Simple TreeViewItem ToggleButton - + and - button to expand and collapse a TreeViewItem -->
+	<Style x:Key="SimpleTreeViewItemToggleButton" d:IsControlPart="True" TargetType="{x:Type ToggleButton}">
+		<Setter Property="Focusable" Value="False"/>
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type ToggleButton}">
+					<Grid Width="15" Height="13" Background="Transparent">
+						<Path Visibility="Collapsed" HorizontalAlignment="Left" Margin="1,1,1,1" x:Name="IsExpandedPath" VerticalAlignment="Center" Fill="{DynamicResource GlyphBrush}" Data="M 0 4 L 8 4 L 4 8 Z"/>
+						<Path HorizontalAlignment="Left" Margin="1,1,1,1" x:Name="ExpandPath" VerticalAlignment="Center" Fill="{DynamicResource GlyphBrush}" Data="M 4 0 L 8 4 L 4 8 Z"/>
+					</Grid>
+					<ControlTemplate.Triggers>
+						<Trigger Property="IsChecked" Value="True">
+							<Setter Property="Visibility" Value="Visible" TargetName="IsExpandedPath"/>
+							<Setter Property="Visibility" Value="Collapsed" TargetName="ExpandPath"/>
+						</Trigger>
+					</ControlTemplate.Triggers>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+	
+	<!--Simple TreeViewItem - The TreeViewItem template has a header which shows the Item and a Body which is an ItemsHost control which expands to show child items-->
+	<Style x:Key="SimpleTreeViewItem" d:IsControlPart="True" TargetType="{x:Type TreeViewItem}">
+		<Setter Property="Background" Value="Transparent"/>
+		<Setter Property="HorizontalContentAlignment" Value="{Binding Path=HorizontalContentAlignment, RelativeSource={RelativeSource AncestorType={x:Type ItemsControl}}}"/>
+		<Setter Property="VerticalContentAlignment" Value="{Binding Path=VerticalContentAlignment, RelativeSource={RelativeSource AncestorType={x:Type ItemsControl}}}"/>
+		<Setter Property="Padding" Value="1,0,0,0"/>
+		<Setter Property="Template">
+			<Setter.Value>
+				<ControlTemplate TargetType="{x:Type TreeViewItem}">
+					<Grid>
+						<Grid.ColumnDefinitions>
+							<ColumnDefinition MinWidth="19" Width="Auto"/>
+							<ColumnDefinition Width="Auto"/>
+							<ColumnDefinition Width="*"/>
+						</Grid.ColumnDefinitions>
+						<Grid.RowDefinitions>
+							<RowDefinition Height="Auto"/>
+							<RowDefinition/>
+						</Grid.RowDefinitions>
+						<ToggleButton x:Name="Expander" Style="{DynamicResource SimpleTreeViewItemToggleButton}" IsChecked="{Binding Path=IsExpanded, RelativeSource={RelativeSource TemplatedParent}}" ClickMode="Press"/>
+						<Border Grid.Column="1" x:Name="Selection_Border" Background="{TemplateBinding Background}" BorderBrush="{TemplateBinding BorderBrush}" BorderThickness="{TemplateBinding BorderThickness}" Padding="{TemplateBinding Padding}">
+							<ContentPresenter HorizontalAlignment="{TemplateBinding HorizontalContentAlignment}" x:Name="PART_Header" ContentSource="Header"/>
+						</Border>
+						<ItemsPresenter Grid.Column="1" Grid.ColumnSpan="2" Grid.Row="1" x:Name="ItemsHost"/>
+					</Grid>
+					<ControlTemplate.Triggers>
+						<Trigger Property="IsExpanded" Value="false">
+							<Setter Property="Visibility" Value="Collapsed" TargetName="ItemsHost"/>
+						</Trigger>
+						<Trigger Property="HasItems" Value="false">
+							<Setter Property="Visibility" Value="Hidden" TargetName="Expander"/>
+						</Trigger>
+						<Trigger Property="IsSelected" Value="true">
+							<Setter Property="Background" Value="{DynamicResource {x:Static SystemColors.HighlightBrushKey}}" TargetName="Selection_Border"/>
+							<Setter Property="Foreground" Value="{DynamicResource {x:Static SystemColors.HighlightTextBrushKey}}"/>
+						</Trigger>
+						<MultiTrigger>
+							<MultiTrigger.Conditions>
+								<Condition Property="IsSelected" Value="true"/>
+								<Condition Property="IsSelectionActive" Value="false"/>
+							</MultiTrigger.Conditions>
+							<Setter Property="Background" Value="{DynamicResource {x:Static SystemColors.ControlBrushKey}}" TargetName="Selection_Border"/>
+							<Setter Property="Foreground" Value="{DynamicResource {x:Static SystemColors.ControlTextBrushKey}}"/>
+						</MultiTrigger>
+						<Trigger Property="IsEnabled" Value="false">
+							<Setter Property="Foreground" Value="{DynamicResource {x:Static SystemColors.GrayTextBrushKey}}"/>
+						</Trigger>
+					</ControlTemplate.Triggers>
+				</ControlTemplate>
+			</Setter.Value>
+		</Setter>
+	</Style>
+</ResourceDictionary>
diff --git a/windows/WinUI/Themes/Generic.xaml b/windows/WinUI/Themes/Generic.xaml
new file mode 100644
index 0000000..2b47588
--- /dev/null
+++ b/windows/WinUI/Themes/Generic.xaml
@@ -0,0 +1,7 @@
+<ResourceDictionary
+    xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
+    xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
+    xmlns:local="clr-namespace:WinUI">
+
+
+</ResourceDictionary>
diff --git a/windows/WinUI/WinUI.csproj b/windows/WinUI/WinUI.csproj
new file mode 100644
index 0000000..c3eeaba
--- /dev/null
+++ b/windows/WinUI/WinUI.csproj
@@ -0,0 +1,227 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}</ProjectGuid>
+    <OutputType>WinExe</OutputType>
+    <AppDesignerFolder>Properties</AppDesignerFolder>
+    <RootNamespace>WinUI</RootNamespace>
+    <AssemblyName>ZeroTier One</AssemblyName>
+    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <ProjectTypeGuids>{60dc8134-eba5-43b8-bcc9-bb4bc16c2548};{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}</ProjectTypeGuids>
+    <WarningLevel>4</WarningLevel>
+    <ExpressionBlendVersion>5.0.40218.0</ExpressionBlendVersion>
+    <IsWebBootstrapper>false</IsWebBootstrapper>
+    <PublishUrl>publish\</PublishUrl>
+    <Install>true</Install>
+    <InstallFrom>Disk</InstallFrom>
+    <UpdateEnabled>false</UpdateEnabled>
+    <UpdateMode>Foreground</UpdateMode>
+    <UpdateInterval>7</UpdateInterval>
+    <UpdateIntervalUnits>Days</UpdateIntervalUnits>
+    <UpdatePeriodically>false</UpdatePeriodically>
+    <UpdateRequired>false</UpdateRequired>
+    <MapFileExtensions>true</MapFileExtensions>
+    <AutorunEnabled>true</AutorunEnabled>
+    <ApplicationRevision>0</ApplicationRevision>
+    <ApplicationVersion>1.0.0.0</ApplicationVersion>
+    <UseApplicationTrust>false</UseApplicationTrust>
+    <BootstrapperEnabled>true</BootstrapperEnabled>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <Prefer32Bit>true</Prefer32Bit>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup>
+    <StartupObject>WinUI.App</StartupObject>
+  </PropertyGroup>
+  <PropertyGroup>
+    <ApplicationIcon>ZeroTierIcon.ico</ApplicationIcon>
+  </PropertyGroup>
+  <PropertyGroup>
+    <SignAssembly>false</SignAssembly>
+  </PropertyGroup>
+  <PropertyGroup>
+    <SignManifests>false</SignManifests>
+  </PropertyGroup>
+  <PropertyGroup>
+    <ApplicationManifest>app.manifest</ApplicationManifest>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="Accessibility" />
+    <Reference Include="Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
+      <HintPath>..\packages\Newtonsoft.Json.7.0.1\lib\net45\Newtonsoft.Json.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="PresentationUI, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL" />
+    <Reference Include="ReachFramework" />
+    <Reference Include="System" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Deployment" />
+    <Reference Include="System.Drawing" />
+    <Reference Include="System.Printing" />
+    <Reference Include="System.Windows.Forms" />
+    <Reference Include="System.Xml" />
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="System.Xaml">
+      <RequiredTargetFramework>4.0</RequiredTargetFramework>
+    </Reference>
+    <Reference Include="UIAutomationProvider" />
+    <Reference Include="UIAutomationTypes" />
+    <Reference Include="WindowsBase" />
+    <Reference Include="PresentationCore" />
+    <Reference Include="PresentationFramework" />
+  </ItemGroup>
+  <ItemGroup>
+    <ApplicationDefinition Include="App.xaml">
+      <Generator>MSBuild:Compile</Generator>
+      <SubType>Designer</SubType>
+    </ApplicationDefinition>
+    <Compile Include="NetworksPage.xaml.cs">
+      <DependentUpon>NetworksPage.xaml</DependentUpon>
+    </Compile>
+    <Compile Include="PeersPage.xaml.cs">
+      <DependentUpon>PeersPage.xaml</DependentUpon>
+    </Compile>
+    <Compile Include="ZeroTierPeerPhysicalPath.cs" />
+    <Compile Include="ZeroTierPeer.cs" />
+    <Compile Include="ZeroTierNetwork.cs" />
+    <Compile Include="ZeroTierStatus.cs" />
+    <Page Include="MainWindow.xaml">
+      <Generator>MSBuild:Compile</Generator>
+      <SubType>Designer</SubType>
+    </Page>
+    <Compile Include="APIHandler.cs" />
+    <Compile Include="App.xaml.cs">
+      <DependentUpon>App.xaml</DependentUpon>
+      <SubType>Code</SubType>
+    </Compile>
+    <Compile Include="MainWindow.xaml.cs">
+      <DependentUpon>MainWindow.xaml</DependentUpon>
+      <SubType>Code</SubType>
+    </Compile>
+    <Page Include="NetworkInfoView.xaml">
+      <SubType>Designer</SubType>
+      <Generator>MSBuild:Compile</Generator>
+    </Page>
+    <Page Include="NetworksPage.xaml">
+      <SubType>Designer</SubType>
+      <Generator>MSBuild:Compile</Generator>
+    </Page>
+    <Page Include="PeersPage.xaml">
+      <SubType>Designer</SubType>
+      <Generator>MSBuild:Compile</Generator>
+    </Page>
+    <Page Include="Simple Styles.xaml">
+      <Generator>MSBuild:Compile</Generator>
+      <SubType>Designer</SubType>
+    </Page>
+    <Page Include="Themes\Generic.xaml">
+      <Generator>MSBuild:Compile</Generator>
+      <SubType>Designer</SubType>
+    </Page>
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="NetworkInfoView.xaml.cs">
+      <DependentUpon>NetworkInfoView.xaml</DependentUpon>
+    </Compile>
+    <Compile Include="Properties\AssemblyInfo.cs">
+      <SubType>Code</SubType>
+    </Compile>
+    <Compile Include="Properties\Resources.Designer.cs">
+      <AutoGen>True</AutoGen>
+      <DesignTime>True</DesignTime>
+      <DependentUpon>Resources.resx</DependentUpon>
+    </Compile>
+    <Compile Include="Properties\Settings.Designer.cs">
+      <AutoGen>True</AutoGen>
+      <DependentUpon>Settings.settings</DependentUpon>
+      <DesignTimeSharedInput>True</DesignTimeSharedInput>
+    </Compile>
+    <EmbeddedResource Include="Properties\Resources.resx">
+      <Generator>ResXFileCodeGenerator</Generator>
+      <LastGenOutput>Resources.Designer.cs</LastGenOutput>
+    </EmbeddedResource>
+    <None Include="app.manifest" />
+    <None Include="packages.config" />
+    <None Include="Properties\Settings.settings">
+      <Generator>SettingsSingleFileGenerator</Generator>
+      <LastGenOutput>Settings.Designer.cs</LastGenOutput>
+    </None>
+    <AppDesigner Include="Properties\" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="App.config" />
+  </ItemGroup>
+  <ItemGroup>
+    <BootstrapperPackage Include=".NETFramework,Version=v4.5">
+      <Visible>False</Visible>
+      <ProductName>Microsoft .NET Framework 4.5 %28x86 and x64%29</ProductName>
+      <Install>true</Install>
+    </BootstrapperPackage>
+    <BootstrapperPackage Include="Microsoft.Net.Client.3.5">
+      <Visible>False</Visible>
+      <ProductName>.NET Framework 3.5 SP1 Client Profile</ProductName>
+      <Install>false</Install>
+    </BootstrapperPackage>
+    <BootstrapperPackage Include="Microsoft.Net.Framework.3.5.SP1">
+      <Visible>False</Visible>
+      <ProductName>.NET Framework 3.5 SP1</ProductName>
+      <Install>false</Install>
+    </BootstrapperPackage>
+  </ItemGroup>
+  <ItemGroup>
+    <BlendEmbeddedFont Include="Fonts\segoeui.ttf">
+      <IsSystemFont>True</IsSystemFont>
+      <All>True</All>
+      <AutoFill>True</AutoFill>
+    </BlendEmbeddedFont>
+    <BlendEmbeddedFont Include="Fonts\segoeuib.ttf">
+      <IsSystemFont>True</IsSystemFont>
+      <All>True</All>
+      <AutoFill>True</AutoFill>
+    </BlendEmbeddedFont>
+    <BlendEmbeddedFont Include="Fonts\segoeuii.ttf">
+      <IsSystemFont>True</IsSystemFont>
+      <All>True</All>
+      <AutoFill>True</AutoFill>
+    </BlendEmbeddedFont>
+    <BlendEmbeddedFont Include="Fonts\segoeuiz.ttf">
+      <IsSystemFont>True</IsSystemFont>
+      <All>True</All>
+      <AutoFill>True</AutoFill>
+    </BlendEmbeddedFont>
+    <Resource Include="ZeroTierIcon.ico" />
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+  <Import Project="$(MSBuildExtensionsPath)\Microsoft\Expression\Blend\.NETFramework\v4.5\Microsoft.Expression.Blend.WPF.targets" />
+  <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
+       Other similar extension points exist, see Microsoft.Common.targets.
+  <Target Name="BeforeBuild">
+  </Target>
+  <Target Name="AfterBuild">
+  </Target>
+  -->
+</Project>
\ No newline at end of file
diff --git a/windows/WinUI/ZeroTierIcon.ico b/windows/WinUI/ZeroTierIcon.ico
new file mode 100644
index 0000000..2d190c4
Binary files /dev/null and b/windows/WinUI/ZeroTierIcon.ico differ
diff --git a/windows/WinUI/ZeroTierNetwork.cs b/windows/WinUI/ZeroTierNetwork.cs
new file mode 100644
index 0000000..cce6544
--- /dev/null
+++ b/windows/WinUI/ZeroTierNetwork.cs
@@ -0,0 +1,54 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using Newtonsoft.Json;
+
+namespace WinUI
+{
+    public class ZeroTierNetwork
+    {
+        [JsonProperty("nwid")]
+        public string NetworkId { get; set; }
+
+        [JsonProperty("mac")]
+        public string MacAddress { get; set; }
+
+        [JsonProperty("name")]
+        public string NetworkName { get; set; }
+
+        [JsonProperty("status")]
+        public string NetworkStatus { get; set; }
+
+        [JsonProperty("type")]
+        public string NetworkType { get; set; }
+
+        [JsonProperty("mtu")]
+        public int MTU { get; set; }
+
+        [JsonProperty("dhcp")]
+        public bool DHCP { get; set; }
+
+        [JsonProperty("bridge")]
+        public bool Bridge { get; set ; }
+
+        [JsonProperty("broadcastEnabled")]
+        public bool BroadcastEnabled { get ; set; }
+
+        [JsonProperty("portError")]
+        public int PortError { get; set; }
+
+        [JsonProperty("netconfRevision")]
+        public int NetconfRevision { get; set; }
+
+        [JsonProperty("multicastSubscriptions")]
+        public string[] MulticastSubscriptions { get; set; }
+
+        [JsonProperty("assignedAddresses")]
+        public string[] AssignedAddresses { get; set; }
+
+        [JsonProperty("portDeviceName")]
+        public string DeviceName { get; set; }
+    }
+}
diff --git a/windows/WinUI/ZeroTierPeer.cs b/windows/WinUI/ZeroTierPeer.cs
new file mode 100644
index 0000000..1597cf2
--- /dev/null
+++ b/windows/WinUI/ZeroTierPeer.cs
@@ -0,0 +1,116 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using Newtonsoft.Json;
+
+namespace WinUI
+{
+    public class ZeroTierPeer : IEquatable<ZeroTierPeer>
+    {
+        [JsonProperty("address")]
+        public string Address { get; set; }
+
+        private Int64 _lastUnicast;
+        [JsonProperty("lastUnicastFrame")]
+        public Int64 LastUnicastFrame
+        {
+            get
+            {
+                if (_lastUnicast == 0)
+                    return 0;
+
+                TimeSpan t = DateTime.UtcNow - new DateTime(1970, 1, 1);
+                Int64 millisecondsSinceEpoch = (Int64)t.TotalMilliseconds;
+                return (millisecondsSinceEpoch - _lastUnicast) / 1000;
+            }
+            set
+            {
+                _lastUnicast = value;
+            }
+        }
+
+        private Int64 _lastMulticast;
+        [JsonProperty("lastMulticastFrame")]
+        public Int64 LastMulticastFrame 
+        {
+            get
+            {
+                if (_lastMulticast == 0)
+                    return 0;
+
+                TimeSpan t = DateTime.UtcNow - new DateTime(1970, 1, 1);
+                Int64 millisecondsSinceEpoch = (Int64)t.TotalMilliseconds;
+                return (millisecondsSinceEpoch - _lastMulticast) / 1000;
+            }
+            set
+            {
+                _lastMulticast = value;
+            }
+        }
+
+        [JsonProperty("versionMajor")]
+        public int VersionMajor { get; set; }
+
+        [JsonProperty("versionMinor")]
+        public int VersionMinor { get; set; }
+
+        [JsonProperty("versionRev")]
+        public int VersionRev { get; set; }
+
+        [JsonProperty("version")]
+        public string Version { get; set; }
+
+        public string VersionString
+        {
+            get
+            {
+                if (Version == "-1.-1.-1")
+                    return "-";
+                else
+                    return Version;
+            }
+        }
+
+        [JsonProperty("latency")]
+        public string Latency { get; set; }
+
+        [JsonProperty("role")]
+        public string Role { get; set; }
+
+        [JsonProperty("paths")]
+        public List<ZeroTierPeerPhysicalPath> Paths { get; set; }
+
+        public string DataPaths
+        {
+            get
+            {
+                string pathStr = "";
+                foreach(ZeroTierPeerPhysicalPath path in Paths)
+                {
+                    pathStr += path.Address + "\n";
+                }
+                return pathStr;
+            }
+        }
+
+        public bool Equals(ZeroTierPeer other)
+        {
+            return this.Address.Equals(other.Address, StringComparison.InvariantCultureIgnoreCase);
+        }
+
+        public void Update(ZeroTierPeer other)
+        {
+            _lastUnicast = other._lastUnicast;
+            _lastMulticast = other._lastMulticast;
+            VersionMajor = other.VersionMajor;
+            VersionMinor = other.VersionMinor;
+            VersionRev = other.VersionRev;
+            Version = other.Version;
+            Latency = other.Latency;
+            Role = other.Role;
+            Paths = other.Paths;
+        }
+    }
+}
diff --git a/windows/WinUI/ZeroTierPeerPhysicalPath.cs b/windows/WinUI/ZeroTierPeerPhysicalPath.cs
new file mode 100644
index 0000000..3eaa802
--- /dev/null
+++ b/windows/WinUI/ZeroTierPeerPhysicalPath.cs
@@ -0,0 +1,27 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using Newtonsoft.Json;
+
+namespace WinUI
+{
+    public class ZeroTierPeerPhysicalPath
+    {
+        [JsonProperty("address")]
+        public string Address { get; set; }
+
+        [JsonProperty("lastSend")]
+        public UInt64 LastSend { get; set; }
+
+        [JsonProperty("lastReceive")]
+        public UInt64 LastReceive { get; set; }
+
+        [JsonProperty("fixed")]
+        public bool Fixed { get; set; }
+
+        [JsonProperty("preferred")]
+        public bool Preferred { get; set; }
+    }
+}
diff --git a/windows/WinUI/ZeroTierStatus.cs b/windows/WinUI/ZeroTierStatus.cs
new file mode 100644
index 0000000..2851d01
--- /dev/null
+++ b/windows/WinUI/ZeroTierStatus.cs
@@ -0,0 +1,39 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using Newtonsoft.Json;
+
+namespace WinUI
+{
+    public class ZeroTierStatus
+    {
+        [JsonProperty("address")]
+        public string Address { get; set; }
+
+        [JsonProperty("publicIdentity")]
+        public string PublicIdentity { get; set; }
+
+        [JsonProperty("online")]
+        public bool Online { get; set; }
+
+        [JsonProperty("tcpFallbackActive")]
+        public bool TcpFallbackActive { get; set; }
+
+        [JsonProperty("versionMajor")]
+        public int VersionMajor { get; set; }
+
+        [JsonProperty("versionMinor")]
+        public int VersionMinor { get; set; }
+
+        [JsonProperty("versionRev")]
+        public int VersionRev { get; set; }
+
+        [JsonProperty("version")]
+        public string Version { get; set; }
+
+        [JsonProperty("clock")]
+        public UInt64 Clock { get; set; }
+    }
+}
diff --git a/windows/WinUI/app.manifest b/windows/WinUI/app.manifest
new file mode 100644
index 0000000..b537bf4
--- /dev/null
+++ b/windows/WinUI/app.manifest
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="utf-8"?>
+<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
+  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
+    <security>
+      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
+        <!-- UAC Manifest Options
+            If you want to change the Windows User Account Control level replace the 
+            requestedExecutionLevel node with one of the following.
+
+        <requestedExecutionLevel  level="asInvoker" uiAccess="false" />
+        <requestedExecutionLevel  level="requireAdministrator" uiAccess="false" />
+        <requestedExecutionLevel  level="highestAvailable" uiAccess="false" />
+
+            Specifying requestedExecutionLevel node will disable file and registry virtualization.
+            If you want to utilize File and Registry Virtualization for backward 
+            compatibility then delete the requestedExecutionLevel node.
+        -->
+        <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
+      </requestedPrivileges>
+    </security>
+  </trustInfo>
+
+  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
+    <application>
+      <!-- A list of all Windows versions that this application is designed to work with. 
+      Windows will automatically select the most compatible environment.-->
+
+      <!-- If your application is designed to work with Windows Vista, uncomment the following supportedOS node-->
+      <!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>-->
+
+      <!-- If your application is designed to work with Windows 7, uncomment the following supportedOS node-->
+      <!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>-->
+
+      <!-- If your application is designed to work with Windows 8, uncomment the following supportedOS node-->
+      <!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>-->
+
+    </application>
+  </compatibility>
+
+  <!-- Enable themes for Windows common controls and dialogs (Windows XP and later) -->
+  <!-- <dependency>
+    <dependentAssembly>
+      <assemblyIdentity
+          type="win32"
+          name="Microsoft.Windows.Common-Controls"
+          version="6.0.0.0"
+          processorArchitecture="*"
+          publicKeyToken="6595b64144ccf1df"
+          language="*"
+        />
+    </dependentAssembly>
+  </dependency>-->
+
+</asmv1:assembly>
diff --git a/windows/WinUI/packages.config b/windows/WinUI/packages.config
new file mode 100644
index 0000000..505e588
--- /dev/null
+++ b/windows/WinUI/packages.config
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<packages>
+  <package id="Newtonsoft.Json" version="7.0.1" targetFramework="net45" />
+</packages>
\ No newline at end of file
diff --git a/windows/ZeroTierOne.sln b/windows/ZeroTierOne.sln
new file mode 100644
index 0000000..6859618
--- /dev/null
+++ b/windows/ZeroTierOne.sln
@@ -0,0 +1,421 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2012
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ZeroTierOne", "ZeroTierOne\ZeroTierOne.vcxproj", "{B00A4957-5977-4AC1-9EF4-571DC27EADA2}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TapDriver6", "TapDriver6\TapDriver6.vcxproj", "{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "WinUI", "WinUI\WinUI.csproj", "{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		CD_ROM|Any CPU = CD_ROM|Any CPU
+		CD_ROM|Mixed Platforms = CD_ROM|Mixed Platforms
+		CD_ROM|Win32 = CD_ROM|Win32
+		CD_ROM|x64 = CD_ROM|x64
+		CD_ROM|x86 = CD_ROM|x86
+		Debug|Any CPU = Debug|Any CPU
+		Debug|Mixed Platforms = Debug|Mixed Platforms
+		Debug|Win32 = Debug|Win32
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		DVD-5|Any CPU = DVD-5|Any CPU
+		DVD-5|Mixed Platforms = DVD-5|Mixed Platforms
+		DVD-5|Win32 = DVD-5|Win32
+		DVD-5|x64 = DVD-5|x64
+		DVD-5|x86 = DVD-5|x86
+		Release|Any CPU = Release|Any CPU
+		Release|Mixed Platforms = Release|Mixed Platforms
+		Release|Win32 = Release|Win32
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+		SingleImage|Any CPU = SingleImage|Any CPU
+		SingleImage|Mixed Platforms = SingleImage|Mixed Platforms
+		SingleImage|Win32 = SingleImage|Win32
+		SingleImage|x64 = SingleImage|x64
+		SingleImage|x86 = SingleImage|x86
+		Vista Debug|Any CPU = Vista Debug|Any CPU
+		Vista Debug|Mixed Platforms = Vista Debug|Mixed Platforms
+		Vista Debug|Win32 = Vista Debug|Win32
+		Vista Debug|x64 = Vista Debug|x64
+		Vista Debug|x86 = Vista Debug|x86
+		Vista Release|Any CPU = Vista Release|Any CPU
+		Vista Release|Mixed Platforms = Vista Release|Mixed Platforms
+		Vista Release|Win32 = Vista Release|Win32
+		Vista Release|x64 = Vista Release|x64
+		Vista Release|x86 = Vista Release|x86
+		Win7 Debug|Any CPU = Win7 Debug|Any CPU
+		Win7 Debug|Mixed Platforms = Win7 Debug|Mixed Platforms
+		Win7 Debug|Win32 = Win7 Debug|Win32
+		Win7 Debug|x64 = Win7 Debug|x64
+		Win7 Debug|x86 = Win7 Debug|x86
+		Win7 Release|Any CPU = Win7 Release|Any CPU
+		Win7 Release|Mixed Platforms = Win7 Release|Mixed Platforms
+		Win7 Release|Win32 = Win7 Release|Win32
+		Win7 Release|x64 = Win7 Release|x64
+		Win7 Release|x86 = Win7 Release|x86
+		Win8 Debug|Any CPU = Win8 Debug|Any CPU
+		Win8 Debug|Mixed Platforms = Win8 Debug|Mixed Platforms
+		Win8 Debug|Win32 = Win8 Debug|Win32
+		Win8 Debug|x64 = Win8 Debug|x64
+		Win8 Debug|x86 = Win8 Debug|x86
+		Win8 Release|Any CPU = Win8 Release|Any CPU
+		Win8 Release|Mixed Platforms = Win8 Release|Mixed Platforms
+		Win8 Release|Win32 = Win8 Release|Win32
+		Win8 Release|x64 = Win8 Release|x64
+		Win8 Release|x86 = Win8 Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.CD_ROM|Any CPU.ActiveCfg = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.CD_ROM|Mixed Platforms.ActiveCfg = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.CD_ROM|Mixed Platforms.Build.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.CD_ROM|Mixed Platforms.Deploy.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.CD_ROM|Win32.ActiveCfg = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.CD_ROM|Win32.Build.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.CD_ROM|Win32.Deploy.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.CD_ROM|x64.ActiveCfg = Release|x64
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.CD_ROM|x64.Build.0 = Release|x64
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.CD_ROM|x64.Deploy.0 = Release|x64
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.CD_ROM|x86.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.CD_ROM|x86.Build.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.CD_ROM|x86.Deploy.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Debug|Any CPU.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Debug|Mixed Platforms.Deploy.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Debug|Win32.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Debug|Win32.Build.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Debug|Win32.Deploy.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Debug|x64.ActiveCfg = Debug|x64
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Debug|x64.Build.0 = Debug|x64
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Debug|x86.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Debug|x86.Build.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Debug|x86.Deploy.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.DVD-5|Any CPU.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.DVD-5|Mixed Platforms.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.DVD-5|Mixed Platforms.Build.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.DVD-5|Mixed Platforms.Deploy.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.DVD-5|Win32.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.DVD-5|Win32.Build.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.DVD-5|Win32.Deploy.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.DVD-5|x64.ActiveCfg = Debug|x64
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.DVD-5|x64.Build.0 = Debug|x64
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.DVD-5|x64.Deploy.0 = Debug|x64
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.DVD-5|x86.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.DVD-5|x86.Build.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.DVD-5|x86.Deploy.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Release|Any CPU.ActiveCfg = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Release|Mixed Platforms.Build.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Release|Mixed Platforms.Deploy.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Release|Win32.ActiveCfg = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Release|Win32.Build.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Release|Win32.Deploy.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Release|x64.ActiveCfg = Release|x64
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Release|x86.ActiveCfg = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Release|x86.Build.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Release|x86.Deploy.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.SingleImage|Any CPU.ActiveCfg = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.SingleImage|Mixed Platforms.ActiveCfg = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.SingleImage|Mixed Platforms.Build.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.SingleImage|Mixed Platforms.Deploy.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.SingleImage|Win32.ActiveCfg = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.SingleImage|Win32.Build.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.SingleImage|Win32.Deploy.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.SingleImage|x64.ActiveCfg = Release|x64
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.SingleImage|x64.Build.0 = Release|x64
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.SingleImage|x64.Deploy.0 = Release|x64
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.SingleImage|x86.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.SingleImage|x86.Build.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.SingleImage|x86.Deploy.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Vista Debug|Any CPU.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Vista Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Vista Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Vista Debug|Mixed Platforms.Deploy.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Vista Debug|Win32.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Vista Debug|Win32.Build.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Vista Debug|Win32.Deploy.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Vista Debug|x64.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Vista Debug|x86.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Vista Debug|x86.Build.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Vista Debug|x86.Deploy.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Vista Release|Any CPU.ActiveCfg = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Vista Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Vista Release|Mixed Platforms.Build.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Vista Release|Mixed Platforms.Deploy.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Vista Release|Win32.ActiveCfg = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Vista Release|Win32.Build.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Vista Release|Win32.Deploy.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Vista Release|x64.ActiveCfg = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Vista Release|x86.ActiveCfg = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Vista Release|x86.Build.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Vista Release|x86.Deploy.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win7 Debug|Any CPU.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win7 Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win7 Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win7 Debug|Mixed Platforms.Deploy.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win7 Debug|Win32.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win7 Debug|Win32.Build.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win7 Debug|Win32.Deploy.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win7 Debug|x64.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win7 Debug|x86.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win7 Debug|x86.Build.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win7 Debug|x86.Deploy.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win7 Release|Any CPU.ActiveCfg = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win7 Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win7 Release|Mixed Platforms.Build.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win7 Release|Mixed Platforms.Deploy.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win7 Release|Win32.ActiveCfg = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win7 Release|Win32.Build.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win7 Release|Win32.Deploy.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win7 Release|x64.ActiveCfg = Release|x64
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win7 Release|x86.ActiveCfg = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win7 Release|x86.Build.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win7 Release|x86.Deploy.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win8 Debug|Any CPU.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win8 Debug|Mixed Platforms.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win8 Debug|Mixed Platforms.Build.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win8 Debug|Mixed Platforms.Deploy.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win8 Debug|Win32.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win8 Debug|Win32.Build.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win8 Debug|Win32.Deploy.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win8 Debug|x64.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win8 Debug|x86.ActiveCfg = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win8 Debug|x86.Build.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win8 Debug|x86.Deploy.0 = Debug|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win8 Release|Any CPU.ActiveCfg = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win8 Release|Mixed Platforms.ActiveCfg = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win8 Release|Mixed Platforms.Build.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win8 Release|Mixed Platforms.Deploy.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win8 Release|Win32.ActiveCfg = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win8 Release|Win32.Build.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win8 Release|Win32.Deploy.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win8 Release|x64.ActiveCfg = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win8 Release|x86.ActiveCfg = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win8 Release|x86.Build.0 = Release|Win32
+		{B00A4957-5977-4AC1-9EF4-571DC27EADA2}.Win8 Release|x86.Deploy.0 = Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.CD_ROM|Any CPU.ActiveCfg = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.CD_ROM|Mixed Platforms.ActiveCfg = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.CD_ROM|Mixed Platforms.Build.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.CD_ROM|Mixed Platforms.Deploy.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.CD_ROM|Win32.ActiveCfg = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.CD_ROM|Win32.Build.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.CD_ROM|Win32.Deploy.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.CD_ROM|x64.ActiveCfg = Win8 Release|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.CD_ROM|x64.Build.0 = Win8 Release|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.CD_ROM|x64.Deploy.0 = Win8 Release|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.CD_ROM|x86.ActiveCfg = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.CD_ROM|x86.Build.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.CD_ROM|x86.Deploy.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Debug|Any CPU.ActiveCfg = Win7 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Debug|Mixed Platforms.ActiveCfg = Win7 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Debug|Mixed Platforms.Build.0 = Win7 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Debug|Mixed Platforms.Deploy.0 = Win7 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Debug|Win32.ActiveCfg = Win7 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Debug|Win32.Build.0 = Win7 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Debug|Win32.Deploy.0 = Win7 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Debug|x64.ActiveCfg = Win7 Debug|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Debug|x64.Build.0 = Win7 Debug|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Debug|x64.Deploy.0 = Win7 Debug|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Debug|x86.ActiveCfg = Win7 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Debug|x86.Build.0 = Win7 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Debug|x86.Deploy.0 = Win7 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.DVD-5|Any CPU.ActiveCfg = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.DVD-5|Mixed Platforms.ActiveCfg = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.DVD-5|Mixed Platforms.Build.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.DVD-5|Mixed Platforms.Deploy.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.DVD-5|Win32.ActiveCfg = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.DVD-5|Win32.Build.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.DVD-5|Win32.Deploy.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.DVD-5|x64.ActiveCfg = Win8 Release|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.DVD-5|x64.Build.0 = Win8 Release|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.DVD-5|x64.Deploy.0 = Win8 Release|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.DVD-5|x86.ActiveCfg = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.DVD-5|x86.Build.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.DVD-5|x86.Deploy.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Release|Any CPU.ActiveCfg = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Release|Mixed Platforms.ActiveCfg = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Release|Mixed Platforms.Build.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Release|Mixed Platforms.Deploy.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Release|Win32.ActiveCfg = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Release|Win32.Build.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Release|Win32.Deploy.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Release|x64.ActiveCfg = Win8 Release|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Release|x64.Build.0 = Win8 Release|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Release|x64.Deploy.0 = Win8 Release|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Release|x86.ActiveCfg = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Release|x86.Build.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Release|x86.Deploy.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.SingleImage|Any CPU.ActiveCfg = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.SingleImage|Mixed Platforms.ActiveCfg = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.SingleImage|Mixed Platforms.Build.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.SingleImage|Mixed Platforms.Deploy.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.SingleImage|Win32.ActiveCfg = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.SingleImage|Win32.Build.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.SingleImage|Win32.Deploy.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.SingleImage|x64.ActiveCfg = Win8 Release|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.SingleImage|x64.Build.0 = Win8 Release|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.SingleImage|x64.Deploy.0 = Win8 Release|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.SingleImage|x86.ActiveCfg = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.SingleImage|x86.Build.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.SingleImage|x86.Deploy.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Debug|Any CPU.ActiveCfg = Vista Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Debug|Mixed Platforms.ActiveCfg = Vista Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Debug|Mixed Platforms.Build.0 = Vista Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Debug|Mixed Platforms.Deploy.0 = Vista Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Debug|Win32.ActiveCfg = Vista Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Debug|Win32.Build.0 = Vista Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Debug|Win32.Deploy.0 = Vista Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Debug|x64.ActiveCfg = Vista Debug|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Debug|x64.Build.0 = Vista Debug|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Debug|x64.Deploy.0 = Vista Debug|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Debug|x86.ActiveCfg = Vista Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Debug|x86.Build.0 = Vista Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Debug|x86.Deploy.0 = Vista Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Release|Any CPU.ActiveCfg = Vista Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Release|Mixed Platforms.ActiveCfg = Vista Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Release|Mixed Platforms.Build.0 = Vista Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Release|Mixed Platforms.Deploy.0 = Vista Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Release|Win32.ActiveCfg = Vista Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Release|Win32.Build.0 = Vista Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Release|Win32.Deploy.0 = Vista Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Release|x64.ActiveCfg = Vista Release|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Release|x64.Build.0 = Vista Release|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Release|x64.Deploy.0 = Vista Release|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Release|x86.ActiveCfg = Vista Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Release|x86.Build.0 = Vista Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Vista Release|x86.Deploy.0 = Vista Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Debug|Any CPU.ActiveCfg = Win7 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Debug|Mixed Platforms.ActiveCfg = Win7 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Debug|Mixed Platforms.Build.0 = Win7 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Debug|Mixed Platforms.Deploy.0 = Win7 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Debug|Win32.ActiveCfg = Win7 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Debug|Win32.Build.0 = Win7 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Debug|Win32.Deploy.0 = Win7 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Debug|x64.ActiveCfg = Win7 Debug|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Debug|x64.Build.0 = Win7 Debug|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Debug|x64.Deploy.0 = Win7 Debug|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Debug|x86.ActiveCfg = Win7 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Debug|x86.Build.0 = Win7 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Debug|x86.Deploy.0 = Win7 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Release|Any CPU.ActiveCfg = Win7 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Release|Mixed Platforms.ActiveCfg = Win7 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Release|Mixed Platforms.Build.0 = Win7 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Release|Mixed Platforms.Deploy.0 = Win7 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Release|Win32.ActiveCfg = Win7 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Release|Win32.Build.0 = Win7 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Release|Win32.Deploy.0 = Win7 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Release|x64.ActiveCfg = Win7 Release|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Release|x64.Build.0 = Win7 Release|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Release|x64.Deploy.0 = Win7 Release|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Release|x86.ActiveCfg = Win7 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Release|x86.Build.0 = Win7 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win7 Release|x86.Deploy.0 = Win7 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Debug|Any CPU.ActiveCfg = Win8 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Debug|Mixed Platforms.ActiveCfg = Win8 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Debug|Mixed Platforms.Build.0 = Win8 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Debug|Mixed Platforms.Deploy.0 = Win8 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Debug|Win32.ActiveCfg = Win8 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Debug|Win32.Build.0 = Win8 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Debug|Win32.Deploy.0 = Win8 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Debug|x64.ActiveCfg = Win8 Debug|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Debug|x64.Build.0 = Win8 Debug|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Debug|x64.Deploy.0 = Win8 Debug|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Debug|x86.ActiveCfg = Win8 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Debug|x86.Build.0 = Win8 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Debug|x86.Deploy.0 = Win8 Debug|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Release|Any CPU.ActiveCfg = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Release|Mixed Platforms.ActiveCfg = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Release|Mixed Platforms.Build.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Release|Mixed Platforms.Deploy.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Release|Win32.ActiveCfg = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Release|Win32.Build.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Release|Win32.Deploy.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Release|x64.ActiveCfg = Win8 Release|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Release|x64.Build.0 = Win8 Release|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Release|x64.Deploy.0 = Win8 Release|x64
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Release|x86.ActiveCfg = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Release|x86.Build.0 = Win8 Release|Win32
+		{43BA7584-D4DB-4F7C-90FC-E2B18A68A213}.Win8 Release|x86.Deploy.0 = Win8 Release|Win32
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.CD_ROM|Any CPU.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.CD_ROM|Any CPU.Build.0 = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.CD_ROM|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.CD_ROM|Mixed Platforms.Build.0 = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.CD_ROM|Win32.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.CD_ROM|x64.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.CD_ROM|x86.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Debug|Win32.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.DVD-5|Any CPU.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.DVD-5|Any CPU.Build.0 = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.DVD-5|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.DVD-5|Mixed Platforms.Build.0 = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.DVD-5|Win32.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.DVD-5|x64.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.DVD-5|x86.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Release|Any CPU.Build.0 = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Release|Win32.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Release|x64.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Release|x86.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.SingleImage|Any CPU.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.SingleImage|Any CPU.Build.0 = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.SingleImage|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.SingleImage|Mixed Platforms.Build.0 = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.SingleImage|Win32.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.SingleImage|x64.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.SingleImage|x86.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Vista Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Vista Debug|Any CPU.Build.0 = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Vista Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Vista Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Vista Debug|Win32.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Vista Debug|x64.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Vista Debug|x86.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Vista Release|Any CPU.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Vista Release|Any CPU.Build.0 = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Vista Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Vista Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Vista Release|Win32.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Vista Release|x64.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Vista Release|x86.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win7 Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win7 Debug|Any CPU.Build.0 = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win7 Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win7 Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win7 Debug|Win32.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win7 Debug|x64.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win7 Debug|x86.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win7 Release|Any CPU.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win7 Release|Any CPU.Build.0 = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win7 Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win7 Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win7 Release|Win32.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win7 Release|x64.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win7 Release|x86.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win8 Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win8 Debug|Any CPU.Build.0 = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win8 Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win8 Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win8 Debug|Win32.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win8 Debug|x64.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win8 Debug|x86.ActiveCfg = Debug|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win8 Release|Any CPU.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win8 Release|Any CPU.Build.0 = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win8 Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win8 Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win8 Release|Win32.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win8 Release|x64.ActiveCfg = Release|Any CPU
+		{4CCA6B98-5E64-45BF-AC34-19B3E2570DB1}.Win8 Release|x86.ActiveCfg = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
diff --git a/windows/ZeroTierOne/ServiceBase.cpp b/windows/ZeroTierOne/ServiceBase.cpp
new file mode 100644
index 0000000..59d384c
--- /dev/null
+++ b/windows/ZeroTierOne/ServiceBase.cpp
@@ -0,0 +1,563 @@
+/****************************** Module Header ******************************\
+* Module Name:  ServiceBase.cpp
+* Project:      CppWindowsService
+* Copyright (c) Microsoft Corporation.
+* 
+* Provides a base class for a service that will exist as part of a service 
+* application. CServiceBase must be derived from when creating a new service 
+* class.
+* 
+* This source is subject to the Microsoft Public License.
+* See http://www.microsoft.com/en-us/openness/resources/licenses.aspx#MPL.
+* All other rights reserved.
+* 
+* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, 
+* EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED 
+* WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
+\***************************************************************************/
+
+#pragma region Includes
+#include "ServiceBase.h"
+#include <assert.h>
+#include <strsafe.h>
+#include <string>
+#pragma endregion
+
+
+#pragma region Static Members
+
+// Initialize the singleton service instance.
+CServiceBase *CServiceBase::s_service = NULL;
+
+
+//
+//   FUNCTION: CServiceBase::Run(CServiceBase &)
+//
+//   PURPOSE: Register the executable for a service with the Service Control 
+//   Manager (SCM). After you call Run(ServiceBase), the SCM issues a Start 
+//   command, which results in a call to the OnStart method in the service. 
+//   This method blocks until the service has stopped.
+//
+//   PARAMETERS:
+//   * service - the reference to a CServiceBase object. It will become the 
+//     singleton service instance of this service application.
+//
+//   RETURN VALUE: If the function succeeds, the return value is TRUE. If the 
+//   function fails, the return value is FALSE. To get extended error 
+//   information, call GetLastError.
+//
+BOOL CServiceBase::Run(CServiceBase &service)
+{
+    s_service = &service;
+
+    SERVICE_TABLE_ENTRYA serviceTable[] = 
+    {
+        { service.m_name, ServiceMain },
+        { NULL, NULL }
+    };
+
+    // Connects the main thread of a service process to the service control 
+    // manager, which causes the thread to be the service control dispatcher 
+    // thread for the calling process. This call returns when the service has 
+    // stopped. The process should simply terminate when the call returns.
+    return StartServiceCtrlDispatcher(serviceTable);
+}
+
+
+//
+//   FUNCTION: CServiceBase::ServiceMain(DWORD, PWSTR *)
+//
+//   PURPOSE: Entry point for the service. It registers the handler function 
+//   for the service and starts the service.
+//
+//   PARAMETERS:
+//   * dwArgc   - number of command line arguments
+//   * lpszArgv - array of command line arguments
+//
+void WINAPI CServiceBase::ServiceMain(DWORD dwArgc, PSTR *pszArgv)
+{
+    assert(s_service != NULL);
+
+    // Register the handler function for the service
+    s_service->m_statusHandle = RegisterServiceCtrlHandler(
+        s_service->m_name, ServiceCtrlHandler);
+    if (s_service->m_statusHandle == NULL)
+    {
+        throw GetLastError();
+    }
+
+    // Start the service.
+    s_service->Start(dwArgc, pszArgv);
+}
+
+
+//
+//   FUNCTION: CServiceBase::ServiceCtrlHandler(DWORD)
+//
+//   PURPOSE: The function is called by the SCM whenever a control code is 
+//   sent to the service. 
+//
+//   PARAMETERS:
+//   * dwCtrlCode - the control code. This parameter can be one of the 
+//   following values: 
+//
+//     SERVICE_CONTROL_CONTINUE
+//     SERVICE_CONTROL_INTERROGATE
+//     SERVICE_CONTROL_NETBINDADD
+//     SERVICE_CONTROL_NETBINDDISABLE
+//     SERVICE_CONTROL_NETBINDREMOVE
+//     SERVICE_CONTROL_PARAMCHANGE
+//     SERVICE_CONTROL_PAUSE
+//     SERVICE_CONTROL_SHUTDOWN
+//     SERVICE_CONTROL_STOP
+//
+//   This parameter can also be a user-defined control code ranges from 128 
+//   to 255.
+//
+void WINAPI CServiceBase::ServiceCtrlHandler(DWORD dwCtrl)
+{
+    switch (dwCtrl)
+    {
+    case SERVICE_CONTROL_STOP: s_service->Stop(); break;
+    case SERVICE_CONTROL_PAUSE: s_service->Pause(); break;
+    case SERVICE_CONTROL_CONTINUE: s_service->Continue(); break;
+    case SERVICE_CONTROL_SHUTDOWN: s_service->Shutdown(); break;
+    case SERVICE_CONTROL_INTERROGATE: break;
+    default: break;
+    }
+}
+
+#pragma endregion
+
+
+#pragma region Service Constructor and Destructor
+
+//
+//   FUNCTION: CServiceBase::CServiceBase(PWSTR, BOOL, BOOL, BOOL)
+//
+//   PURPOSE: The constructor of CServiceBase. It initializes a new instance 
+//   of the CServiceBase class. The optional parameters (fCanStop, 
+///  fCanShutdown and fCanPauseContinue) allow you to specify whether the 
+//   service can be stopped, paused and continued, or be notified when system 
+//   shutdown occurs.
+//
+//   PARAMETERS:
+//   * pszServiceName - the name of the service
+//   * fCanStop - the service can be stopped
+//   * fCanShutdown - the service is notified when system shutdown occurs
+//   * fCanPauseContinue - the service can be paused and continued
+//
+CServiceBase::CServiceBase(PSTR pszServiceName, 
+                           BOOL fCanStop, 
+                           BOOL fCanShutdown, 
+                           BOOL fCanPauseContinue)
+{
+    // Service name must be a valid string and cannot be NULL.
+    m_name = (pszServiceName == NULL) ? "" : pszServiceName;
+
+    m_statusHandle = NULL;
+
+    // The service runs in its own process.
+    m_status.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
+
+    // The service is starting.
+    m_status.dwCurrentState = SERVICE_START_PENDING;
+
+    // The accepted commands of the service.
+    DWORD dwControlsAccepted = 0;
+    if (fCanStop) 
+        dwControlsAccepted |= SERVICE_ACCEPT_STOP;
+    if (fCanShutdown) 
+        dwControlsAccepted |= SERVICE_ACCEPT_SHUTDOWN;
+    if (fCanPauseContinue) 
+        dwControlsAccepted |= SERVICE_ACCEPT_PAUSE_CONTINUE;
+    m_status.dwControlsAccepted = dwControlsAccepted;
+
+    m_status.dwWin32ExitCode = NO_ERROR;
+    m_status.dwServiceSpecificExitCode = 0;
+    m_status.dwCheckPoint = 0;
+    m_status.dwWaitHint = 0;
+}
+
+
+//
+//   FUNCTION: CServiceBase::~CServiceBase()
+//
+//   PURPOSE: The virtual destructor of CServiceBase. 
+//
+CServiceBase::~CServiceBase(void)
+{
+}
+
+#pragma endregion
+
+
+#pragma region Service Start, Stop, Pause, Continue, and Shutdown
+
+//
+//   FUNCTION: CServiceBase::Start(DWORD, PWSTR *)
+//
+//   PURPOSE: The function starts the service. It calls the OnStart virtual 
+//   function in which you can specify the actions to take when the service 
+//   starts. If an error occurs during the startup, the error will be logged 
+//   in the Application event log, and the service will be stopped.
+//
+//   PARAMETERS:
+//   * dwArgc   - number of command line arguments
+//   * lpszArgv - array of command line arguments
+//
+void CServiceBase::Start(DWORD dwArgc, PSTR *pszArgv)
+{
+    try
+    {
+        // Tell SCM that the service is starting.
+        SetServiceStatus(SERVICE_START_PENDING);
+
+        // Perform service-specific initialization.
+        OnStart(dwArgc, pszArgv);
+
+        // Tell SCM that the service is started.
+        SetServiceStatus(SERVICE_RUNNING);
+    }
+    catch (DWORD dwError)
+    {
+        // Log the error.
+        WriteErrorLogEntry("Service Start", dwError);
+
+        // Set the service status to be stopped.
+        SetServiceStatus(SERVICE_STOPPED, dwError);
+    }
+    catch (...)
+    {
+        // Log the error.
+        WriteEventLogEntry("Service failed to start.", EVENTLOG_ERROR_TYPE);
+
+        // Set the service status to be stopped.
+        SetServiceStatus(SERVICE_STOPPED);
+    }
+}
+
+
+//
+//   FUNCTION: CServiceBase::OnStart(DWORD, PWSTR *)
+//
+//   PURPOSE: When implemented in a derived class, executes when a Start 
+//   command is sent to the service by the SCM or when the operating system 
+//   starts (for a service that starts automatically). Specifies actions to 
+//   take when the service starts. Be sure to periodically call 
+//   CServiceBase::SetServiceStatus() with SERVICE_START_PENDING if the 
+//   procedure is going to take long time. You may also consider spawning a 
+//   new thread in OnStart to perform time-consuming initialization tasks.
+//
+//   PARAMETERS:
+//   * dwArgc   - number of command line arguments
+//   * lpszArgv - array of command line arguments
+//
+void CServiceBase::OnStart(DWORD dwArgc, PSTR *pszArgv)
+{
+}
+
+
+//
+//   FUNCTION: CServiceBase::Stop()
+//
+//   PURPOSE: The function stops the service. It calls the OnStop virtual 
+//   function in which you can specify the actions to take when the service 
+//   stops. If an error occurs, the error will be logged in the Application 
+//   event log, and the service will be restored to the original state.
+//
+void CServiceBase::Stop()
+{
+    DWORD dwOriginalState = m_status.dwCurrentState;
+    try
+    {
+        // Tell SCM that the service is stopping.
+        SetServiceStatus(SERVICE_STOP_PENDING);
+
+        // Perform service-specific stop operations.
+        OnStop();
+
+        // Tell SCM that the service is stopped.
+        SetServiceStatus(SERVICE_STOPPED);
+    }
+    catch (DWORD dwError)
+    {
+        // Log the error.
+        WriteErrorLogEntry("Service Stop", dwError);
+
+        // Set the orginal service status.
+        SetServiceStatus(dwOriginalState);
+    }
+    catch (...)
+    {
+        // Log the error.
+        WriteEventLogEntry("Service failed to stop.", EVENTLOG_ERROR_TYPE);
+
+        // Set the orginal service status.
+        SetServiceStatus(dwOriginalState);
+    }
+}
+
+
+//
+//   FUNCTION: CServiceBase::OnStop()
+//
+//   PURPOSE: When implemented in a derived class, executes when a Stop 
+//   command is sent to the service by the SCM. Specifies actions to take 
+//   when a service stops running. Be sure to periodically call 
+//   CServiceBase::SetServiceStatus() with SERVICE_STOP_PENDING if the 
+//   procedure is going to take long time. 
+//
+void CServiceBase::OnStop()
+{
+}
+
+
+//
+//   FUNCTION: CServiceBase::Pause()
+//
+//   PURPOSE: The function pauses the service if the service supports pause 
+//   and continue. It calls the OnPause virtual function in which you can 
+//   specify the actions to take when the service pauses. If an error occurs, 
+//   the error will be logged in the Application event log, and the service 
+//   will become running.
+//
+void CServiceBase::Pause()
+{
+    try
+    {
+        // Tell SCM that the service is pausing.
+        SetServiceStatus(SERVICE_PAUSE_PENDING);
+
+        // Perform service-specific pause operations.
+        OnPause();
+
+        // Tell SCM that the service is paused.
+        SetServiceStatus(SERVICE_PAUSED);
+    }
+    catch (DWORD dwError)
+    {
+        // Log the error.
+        WriteErrorLogEntry("Service Pause", dwError);
+
+        // Tell SCM that the service is still running.
+        SetServiceStatus(SERVICE_RUNNING);
+    }
+    catch (...)
+    {
+        // Log the error.
+        WriteEventLogEntry("Service failed to pause.", EVENTLOG_ERROR_TYPE);
+
+        // Tell SCM that the service is still running.
+        SetServiceStatus(SERVICE_RUNNING);
+    }
+}
+
+
+//
+//   FUNCTION: CServiceBase::OnPause()
+//
+//   PURPOSE: When implemented in a derived class, executes when a Pause 
+//   command is sent to the service by the SCM. Specifies actions to take 
+//   when a service pauses.
+//
+void CServiceBase::OnPause()
+{
+}
+
+
+//
+//   FUNCTION: CServiceBase::Continue()
+//
+//   PURPOSE: The function resumes normal functioning after being paused if
+//   the service supports pause and continue. It calls the OnContinue virtual 
+//   function in which you can specify the actions to take when the service 
+//   continues. If an error occurs, the error will be logged in the 
+//   Application event log, and the service will still be paused.
+//
+void CServiceBase::Continue()
+{
+    try
+    {
+        // Tell SCM that the service is resuming.
+        SetServiceStatus(SERVICE_CONTINUE_PENDING);
+
+        // Perform service-specific continue operations.
+        OnContinue();
+
+        // Tell SCM that the service is running.
+        SetServiceStatus(SERVICE_RUNNING);
+    }
+    catch (DWORD dwError)
+    {
+        // Log the error.
+        WriteErrorLogEntry("Service Continue", dwError);
+
+        // Tell SCM that the service is still paused.
+        SetServiceStatus(SERVICE_PAUSED);
+    }
+    catch (...)
+    {
+        // Log the error.
+        WriteEventLogEntry("Service failed to resume.", EVENTLOG_ERROR_TYPE);
+
+        // Tell SCM that the service is still paused.
+        SetServiceStatus(SERVICE_PAUSED);
+    }
+}
+
+
+//
+//   FUNCTION: CServiceBase::OnContinue()
+//
+//   PURPOSE: When implemented in a derived class, OnContinue runs when a 
+//   Continue command is sent to the service by the SCM. Specifies actions to 
+//   take when a service resumes normal functioning after being paused.
+//
+void CServiceBase::OnContinue()
+{
+}
+
+
+//
+//   FUNCTION: CServiceBase::Shutdown()
+//
+//   PURPOSE: The function executes when the system is shutting down. It 
+//   calls the OnShutdown virtual function in which you can specify what 
+//   should occur immediately prior to the system shutting down. If an error 
+//   occurs, the error will be logged in the Application event log.
+//
+void CServiceBase::Shutdown()
+{
+    try
+    {
+        // Perform service-specific shutdown operations.
+        OnShutdown();
+
+        // Tell SCM that the service is stopped.
+        SetServiceStatus(SERVICE_STOPPED);
+    }
+    catch (DWORD dwError)
+    {
+        // Log the error.
+        WriteErrorLogEntry("Service Shutdown", dwError);
+    }
+    catch (...)
+    {
+        // Log the error.
+        WriteEventLogEntry("Service failed to shut down.", EVENTLOG_ERROR_TYPE);
+    }
+}
+
+
+//
+//   FUNCTION: CServiceBase::OnShutdown()
+//
+//   PURPOSE: When implemented in a derived class, executes when the system 
+//   is shutting down. Specifies what should occur immediately prior to the 
+//   system shutting down.
+//
+void CServiceBase::OnShutdown()
+{
+}
+
+#pragma endregion
+
+
+#pragma region Helper Functions
+
+//
+//   FUNCTION: CServiceBase::SetServiceStatus(DWORD, DWORD, DWORD)
+//
+//   PURPOSE: The function sets the service status and reports the status to 
+//   the SCM.
+//
+//   PARAMETERS:
+//   * dwCurrentState - the state of the service
+//   * dwWin32ExitCode - error code to report
+//   * dwWaitHint - estimated time for pending operation, in milliseconds
+//
+void CServiceBase::SetServiceStatus(DWORD dwCurrentState, 
+                                    DWORD dwWin32ExitCode, 
+                                    DWORD dwWaitHint)
+{
+    static DWORD dwCheckPoint = 1;
+
+    // Fill in the SERVICE_STATUS structure of the service.
+
+    m_status.dwCurrentState = dwCurrentState;
+    m_status.dwWin32ExitCode = dwWin32ExitCode;
+    m_status.dwWaitHint = dwWaitHint;
+
+    m_status.dwCheckPoint = 
+        ((dwCurrentState == SERVICE_RUNNING) ||
+        (dwCurrentState == SERVICE_STOPPED)) ? 
+        0 : dwCheckPoint++;
+
+    // Report the status of the service to the SCM.
+    ::SetServiceStatus(m_statusHandle, &m_status);
+}
+
+
+//
+//   FUNCTION: CServiceBase::WriteEventLogEntry(PWSTR, WORD)
+//
+//   PURPOSE: Log a message to the Application event log.
+//
+//   PARAMETERS:
+//   * pszMessage - string message to be logged.
+//   * wType - the type of event to be logged. The parameter can be one of 
+//     the following values.
+//
+//     EVENTLOG_SUCCESS
+//     EVENTLOG_AUDIT_FAILURE
+//     EVENTLOG_AUDIT_SUCCESS
+//     EVENTLOG_ERROR_TYPE
+//     EVENTLOG_INFORMATION_TYPE
+//     EVENTLOG_WARNING_TYPE
+//
+void CServiceBase::WriteEventLogEntry(PSTR pszMessage, WORD wType)
+{
+    HANDLE hEventSource = NULL;
+    LPCSTR lpszStrings[2] = { NULL, NULL };
+
+    hEventSource = RegisterEventSource(NULL, m_name);
+    if (hEventSource)
+    {
+        lpszStrings[0] = m_name;
+        lpszStrings[1] = pszMessage;
+
+        ReportEvent(hEventSource,  // Event log handle
+            wType,                 // Event type
+            0,                     // Event category
+            0,                     // Event identifier
+            NULL,                  // No security identifier
+            2,                     // Size of lpszStrings array
+            0,                     // No binary data
+            lpszStrings,           // Array of strings
+            NULL                   // No binary data
+            );
+
+        DeregisterEventSource(hEventSource);
+    }
+}
+
+
+//
+//   FUNCTION: CServiceBase::WriteErrorLogEntry(PWSTR, DWORD)
+//
+//   PURPOSE: Log an error message to the Application event log.
+//
+//   PARAMETERS:
+//   * pszFunction - the function that gives the error
+//   * dwError - the error code
+//
+void CServiceBase::WriteErrorLogEntry(PSTR pszFunction, DWORD dwError)
+{
+    char szMessage[260];
+    StringCchPrintf(szMessage, ARRAYSIZE(szMessage), 
+        "%s failed w/err 0x%08lx", pszFunction, dwError);
+    WriteEventLogEntry(szMessage, EVENTLOG_ERROR_TYPE);
+}
+
+#pragma endregion
\ No newline at end of file
diff --git a/windows/ZeroTierOne/ServiceBase.h b/windows/ZeroTierOne/ServiceBase.h
new file mode 100644
index 0000000..6d62b1f
--- /dev/null
+++ b/windows/ZeroTierOne/ServiceBase.h
@@ -0,0 +1,122 @@
+/****************************** Module Header ******************************\
+* Module Name:  ServiceBase.h
+* Project:      CppWindowsService
+* Copyright (c) Microsoft Corporation.
+* 
+* Provides a base class for a service that will exist as part of a service 
+* application. CServiceBase must be derived from when creating a new service 
+* class.
+* 
+* This source is subject to the Microsoft Public License.
+* See http://www.microsoft.com/en-us/openness/resources/licenses.aspx#MPL.
+* All other rights reserved.
+* 
+* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, 
+* EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED 
+* WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
+\***************************************************************************/
+
+#pragma once
+
+#include <WinSock2.h>
+#include <windows.h>
+
+class CServiceBase
+{
+public:
+
+    // Register the executable for a service with the Service Control Manager 
+    // (SCM). After you call Run(ServiceBase), the SCM issues a Start command, 
+    // which results in a call to the OnStart method in the service. This 
+    // method blocks until the service has stopped.
+    static BOOL Run(CServiceBase &service);
+
+    // Service object constructor. The optional parameters (fCanStop, 
+    // fCanShutdown and fCanPauseContinue) allow you to specify whether the 
+    // service can be stopped, paused and continued, or be notified when 
+    // system shutdown occurs.
+    CServiceBase(LPSTR pszServiceName, 
+        BOOL fCanStop = TRUE, 
+        BOOL fCanShutdown = TRUE, 
+        BOOL fCanPauseContinue = FALSE);
+
+    // Service object destructor. 
+    virtual ~CServiceBase(void);
+
+    // Stop the service.
+    void Stop();
+
+protected:
+
+    // When implemented in a derived class, executes when a Start command is 
+    // sent to the service by the SCM or when the operating system starts 
+    // (for a service that starts automatically). Specifies actions to take 
+    // when the service starts.
+    virtual void OnStart(DWORD dwArgc, PSTR *pszArgv);
+
+    // When implemented in a derived class, executes when a Stop command is 
+    // sent to the service by the SCM. Specifies actions to take when a 
+    // service stops running.
+    virtual void OnStop();
+
+    // When implemented in a derived class, executes when a Pause command is 
+    // sent to the service by the SCM. Specifies actions to take when a 
+    // service pauses.
+    virtual void OnPause();
+
+    // When implemented in a derived class, OnContinue runs when a Continue 
+    // command is sent to the service by the SCM. Specifies actions to take 
+    // when a service resumes normal functioning after being paused.
+    virtual void OnContinue();
+
+    // When implemented in a derived class, executes when the system is 
+    // shutting down. Specifies what should occur immediately prior to the 
+    // system shutting down.
+    virtual void OnShutdown();
+
+    // Set the service status and report the status to the SCM.
+    void SetServiceStatus(DWORD dwCurrentState, 
+        DWORD dwWin32ExitCode = NO_ERROR, 
+        DWORD dwWaitHint = 0);
+
+    // Log a message to the Application event log.
+    void WriteEventLogEntry(PSTR pszMessage, WORD wType);
+
+    // Log an error message to the Application event log.
+    void WriteErrorLogEntry(PSTR pszFunction, 
+        DWORD dwError = GetLastError());
+
+private:
+
+    // Entry point for the service. It registers the handler function for the 
+    // service and starts the service.
+    static void WINAPI ServiceMain(DWORD dwArgc, LPSTR *lpszArgv);
+
+    // The function is called by the SCM whenever a control code is sent to 
+    // the service.
+    static void WINAPI ServiceCtrlHandler(DWORD dwCtrl);
+
+    // Start the service.
+    void Start(DWORD dwArgc, PSTR *pszArgv);
+    
+    // Pause the service.
+    void Pause();
+
+    // Resume the service after being paused.
+    void Continue();
+
+    // Execute when the system is shutting down.
+    void Shutdown();
+
+    // The singleton service instance.
+    static CServiceBase *s_service;
+
+    // The name of the service
+    LPSTR m_name;
+
+    // The status of the service
+    SERVICE_STATUS m_status;
+
+    // The service status handle
+    SERVICE_STATUS_HANDLE m_statusHandle;
+};
\ No newline at end of file
diff --git a/windows/ZeroTierOne/ServiceInstaller.cpp b/windows/ZeroTierOne/ServiceInstaller.cpp
new file mode 100644
index 0000000..d302d9f
--- /dev/null
+++ b/windows/ZeroTierOne/ServiceInstaller.cpp
@@ -0,0 +1,186 @@
+/****************************** Module Header ******************************\
+* Module Name:  ServiceInstaller.cpp
+* Project:      CppWindowsService
+* Copyright (c) Microsoft Corporation.
+* 
+* The file implements functions that install and uninstall the service.
+* 
+* This source is subject to the Microsoft Public License.
+* See http://www.microsoft.com/en-us/openness/resources/licenses.aspx#MPL.
+* All other rights reserved.
+* 
+* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, 
+* EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED 
+* WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
+\***************************************************************************/
+
+#pragma region "Includes"
+#include <stdio.h>
+#include <windows.h>
+#include "ServiceInstaller.h"
+#pragma endregion
+
+
+//
+//   FUNCTION: InstallService
+//
+//   PURPOSE: Install the current application as a service to the local 
+//   service control manager database.
+//
+//   PARAMETERS:
+//   * pszServiceName - the name of the service to be installed
+//   * pszDisplayName - the display name of the service
+//   * dwStartType - the service start option. This parameter can be one of 
+//     the following values: SERVICE_AUTO_START, SERVICE_BOOT_START, 
+//     SERVICE_DEMAND_START, SERVICE_DISABLED, SERVICE_SYSTEM_START.
+//   * pszDependencies - a pointer to a double null-terminated array of null-
+//     separated names of services or load ordering groups that the system 
+//     must start before this service.
+//   * pszAccount - the name of the account under which the service runs.
+//   * pszPassword - the password to the account name.
+//
+//   NOTE: If the function fails to install the service, it prints the error 
+//   in the standard output stream for users to diagnose the problem.
+//
+std::string InstallService(PSTR pszServiceName, 
+                    PSTR pszDisplayName, 
+                    DWORD dwStartType,
+                    PSTR pszDependencies, 
+                    PSTR pszAccount, 
+                    PSTR pszPassword)
+{
+	std::string ret;
+    char szPathTmp[MAX_PATH],szPath[MAX_PATH];
+    SC_HANDLE schSCManager = NULL;
+    SC_HANDLE schService = NULL;
+
+    if (GetModuleFileName(NULL, szPathTmp, ARRAYSIZE(szPath)) == 0)
+    {
+		ret = "GetModuleFileName failed, unable to get path to self";
+        goto Cleanup;
+    }
+
+	// Quote path in case it contains spaces
+	_snprintf_s(szPath,sizeof(szPath),"\"%s\"",szPathTmp);
+
+    // Open the local default service control manager database
+    schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_CONNECT | 
+        SC_MANAGER_CREATE_SERVICE);
+    if (schSCManager == NULL)
+    {
+		ret = "OpenSCManager failed";
+        goto Cleanup;
+    }
+
+    // Install the service into SCM by calling CreateService
+    schService = CreateService(
+        schSCManager,                   // SCManager database
+        pszServiceName,                 // Name of service
+        pszDisplayName,                 // Name to display
+        SERVICE_QUERY_STATUS,           // Desired access
+        SERVICE_WIN32_OWN_PROCESS,      // Service type
+        dwStartType,                    // Service start type
+        SERVICE_ERROR_NORMAL,           // Error control type
+        szPath,                         // Service's binary
+        NULL,                           // No load ordering group
+        NULL,                           // No tag identifier
+        pszDependencies,                // Dependencies
+        pszAccount,                     // Service running account
+        pszPassword                     // Password of the account
+        );
+    if (schService == NULL)
+    {
+		ret = "CreateService failed";
+        goto Cleanup;
+    }
+
+Cleanup:
+    // Centralized cleanup for all allocated resources.
+    if (schSCManager)
+    {
+        CloseServiceHandle(schSCManager);
+        schSCManager = NULL;
+    }
+    if (schService)
+    {
+        CloseServiceHandle(schService);
+        schService = NULL;
+    }
+
+	return ret;
+}
+
+
+//
+//   FUNCTION: UninstallService
+//
+//   PURPOSE: Stop and remove the service from the local service control 
+//   manager database.
+//
+//   PARAMETERS: 
+//   * pszServiceName - the name of the service to be removed.
+//
+//   NOTE: If the function fails to uninstall the service, it prints the 
+//   error in the standard output stream for users to diagnose the problem.
+//
+std::string UninstallService(PSTR pszServiceName)
+{
+	std::string ret;
+    SC_HANDLE schSCManager = NULL;
+    SC_HANDLE schService = NULL;
+    SERVICE_STATUS ssSvcStatus = {};
+
+    // Open the local default service control manager database
+    schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_CONNECT);
+    if (schSCManager == NULL)
+    {
+		ret = "OpenSCManager failed";
+        goto Cleanup;
+    }
+
+    // Open the service with delete, stop, and query status permissions
+    schService = OpenService(schSCManager, pszServiceName, SERVICE_STOP | 
+        SERVICE_QUERY_STATUS | DELETE);
+    if (schService == NULL)
+    {
+		ret = "OpenService failed (is service installed?)";
+        goto Cleanup;
+    }
+
+    // Try to stop the service
+    if (ControlService(schService, SERVICE_CONTROL_STOP, &ssSvcStatus))
+    {
+        Sleep(500);
+
+        while (QueryServiceStatus(schService, &ssSvcStatus))
+        {
+            if (ssSvcStatus.dwCurrentState == SERVICE_STOP_PENDING)
+            {
+                Sleep(500);
+            }
+            else break;
+        }
+    }
+
+    // Now remove the service by calling DeleteService.
+    if (!DeleteService(schService))
+    {
+		ret = "DeleteService failed (is service running?)";
+        goto Cleanup;
+    }
+
+Cleanup:
+    // Centralized cleanup for all allocated resources.
+    if (schSCManager)
+    {
+        CloseServiceHandle(schSCManager);
+        schSCManager = NULL;
+    }
+    if (schService)
+    {
+        CloseServiceHandle(schService);
+        schService = NULL;
+    }
+
+	return ret;
+}
diff --git a/windows/ZeroTierOne/ServiceInstaller.h b/windows/ZeroTierOne/ServiceInstaller.h
new file mode 100644
index 0000000..ee9856d
--- /dev/null
+++ b/windows/ZeroTierOne/ServiceInstaller.h
@@ -0,0 +1,64 @@
+/****************************** Module Header ******************************\
+* Module Name:  ServiceInstaller.h
+* Project:      CppWindowsService
+* Copyright (c) Microsoft Corporation.
+* 
+* The file declares functions that install and uninstall the service.
+* 
+* This source is subject to the Microsoft Public License.
+* See http://www.microsoft.com/en-us/openness/resources/licenses.aspx#MPL.
+* All other rights reserved.
+* 
+* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, 
+* EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED 
+* WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
+\***************************************************************************/
+
+#pragma once
+
+#include <string>
+
+//
+//   FUNCTION: InstallService
+//
+//   PURPOSE: Install the current application as a service to the local 
+//   service control manager database.
+//
+//   PARAMETERS:
+//   * pszServiceName - the name of the service to be installed
+//   * pszDisplayName - the display name of the service
+//   * dwStartType - the service start option. This parameter can be one of 
+//     the following values: SERVICE_AUTO_START, SERVICE_BOOT_START, 
+//     SERVICE_DEMAND_START, SERVICE_DISABLED, SERVICE_SYSTEM_START.
+//   * pszDependencies - a pointer to a double null-terminated array of null-
+//     separated names of services or load ordering groups that the system 
+//     must start before this service.
+//   * pszAccount - the name of the account under which the service runs.
+//   * pszPassword - the password to the account name.
+//
+//   NOTE: If the function fails to install the service, it prints the error 
+//   in the standard output stream for users to diagnose the problem.
+//
+// modified for ZT1 to return an error or empty string on success
+std::string InstallService(PSTR pszServiceName, 
+                    PSTR pszDisplayName, 
+                    DWORD dwStartType,
+                    PSTR pszDependencies, 
+                    PSTR pszAccount, 
+                    PSTR pszPassword);
+
+
+//
+//   FUNCTION: UninstallService
+//
+//   PURPOSE: Stop and remove the service from the local service control 
+//   manager database.
+//
+//   PARAMETERS: 
+//   * pszServiceName - the name of the service to be removed.
+//
+//   NOTE: If the function fails to uninstall the service, it prints the 
+//   error in the standard output stream for users to diagnose the problem.
+//
+// Also modified to return rather than print errors
+std::string UninstallService(PSTR pszServiceName);
diff --git a/windows/ZeroTierOne/ZeroTierOne.aps b/windows/ZeroTierOne/ZeroTierOne.aps
new file mode 100644
index 0000000..1de4112
Binary files /dev/null and b/windows/ZeroTierOne/ZeroTierOne.aps differ
diff --git a/windows/ZeroTierOne/ZeroTierOne.rc b/windows/ZeroTierOne/ZeroTierOne.rc
new file mode 100644
index 0000000..0d7c7a7
Binary files /dev/null and b/windows/ZeroTierOne/ZeroTierOne.rc differ
diff --git a/windows/ZeroTierOne/ZeroTierOne.vcxproj b/windows/ZeroTierOne/ZeroTierOne.vcxproj
new file mode 100644
index 0000000..ed02213
--- /dev/null
+++ b/windows/ZeroTierOne/ZeroTierOne.vcxproj
@@ -0,0 +1,330 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\ext\http-parser\http_parser.c" />
+    <ClCompile Include="..\..\ext\json-parser\json.c" />
+    <ClCompile Include="..\..\ext\libnatpmp\getgateway.c" />
+    <ClCompile Include="..\..\ext\libnatpmp\natpmp.c" />
+    <ClCompile Include="..\..\ext\libnatpmp\wingettimeofday.c" />
+    <ClCompile Include="..\..\ext\lz4\lz4.c" />
+    <ClCompile Include="..\..\ext\miniupnpc\connecthostport.c" />
+    <ClCompile Include="..\..\ext\miniupnpc\igd_desc_parse.c" />
+    <ClCompile Include="..\..\ext\miniupnpc\minisoap.c" />
+    <ClCompile Include="..\..\ext\miniupnpc\minissdpc.c" />
+    <ClCompile Include="..\..\ext\miniupnpc\miniupnpc.c" />
+    <ClCompile Include="..\..\ext\miniupnpc\miniwget.c" />
+    <ClCompile Include="..\..\ext\miniupnpc\minixml.c" />
+    <ClCompile Include="..\..\ext\miniupnpc\portlistingparse.c" />
+    <ClCompile Include="..\..\ext\miniupnpc\receivedata.c" />
+    <ClCompile Include="..\..\ext\miniupnpc\upnpcommands.c" />
+    <ClCompile Include="..\..\ext\miniupnpc\upnpdev.c" />
+    <ClCompile Include="..\..\ext\miniupnpc\upnperrors.c" />
+    <ClCompile Include="..\..\ext\miniupnpc\upnpreplyparse.c" />
+    <ClCompile Include="..\..\node\C25519.cpp" />
+    <ClCompile Include="..\..\node\CertificateOfMembership.cpp" />
+    <ClCompile Include="..\..\node\Cluster.cpp" />
+    <ClCompile Include="..\..\node\DeferredPackets.cpp" />
+    <ClCompile Include="..\..\node\Identity.cpp" />
+    <ClCompile Include="..\..\node\IncomingPacket.cpp" />
+    <ClCompile Include="..\..\node\InetAddress.cpp" />
+    <ClCompile Include="..\..\node\Multicaster.cpp" />
+    <ClCompile Include="..\..\node\Network.cpp" />
+    <ClCompile Include="..\..\node\NetworkConfig.cpp" />
+    <ClCompile Include="..\..\node\Node.cpp" />
+    <ClCompile Include="..\..\node\OutboundMulticast.cpp" />
+    <ClCompile Include="..\..\node\Packet.cpp" />
+    <ClCompile Include="..\..\node\Path.cpp" />
+    <ClCompile Include="..\..\node\Peer.cpp" />
+    <ClCompile Include="..\..\node\Poly1305.cpp" />
+    <ClCompile Include="..\..\node\Salsa20.cpp" />
+    <ClCompile Include="..\..\node\SelfAwareness.cpp" />
+    <ClCompile Include="..\..\node\SHA512.cpp" />
+    <ClCompile Include="..\..\node\Switch.cpp" />
+    <ClCompile Include="..\..\node\Topology.cpp" />
+    <ClCompile Include="..\..\node\Utils.cpp" />
+    <ClCompile Include="..\..\one.cpp">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+    </ClCompile>
+    <ClCompile Include="..\..\osdep\BackgroundResolver.cpp" />
+    <ClCompile Include="..\..\osdep\Http.cpp" />
+    <ClCompile Include="..\..\osdep\ManagedRoute.cpp" />
+    <ClCompile Include="..\..\osdep\OSUtils.cpp" />
+    <ClCompile Include="..\..\osdep\PortMapper.cpp" />
+    <ClCompile Include="..\..\osdep\WindowsEthernetTap.cpp" />
+    <ClCompile Include="..\..\service\ControlPlane.cpp" />
+    <ClCompile Include="..\..\service\OneService.cpp" />
+    <ClCompile Include="ServiceBase.cpp" />
+    <ClCompile Include="ServiceInstaller.cpp" />
+    <ClCompile Include="ZeroTierOneService.cpp" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\codelength.h" />
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\connecthostport.h" />
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\igd_desc_parse.h" />
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\minisoap.h" />
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\minissdpc.h" />
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\miniupnpc.h" />
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\miniupnpcstrings.h" />
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\miniupnpctypes.h" />
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\miniupnpc_declspec.h" />
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\miniwget.h" />
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\minixml.h" />
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\portlistingparse.h" />
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\receivedata.h" />
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\upnpcommands.h" />
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\upnperrors.h" />
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\upnpreplyparse.h" />
+    <ClInclude Include="..\..\ext\http-parser\http_parser.h" />
+    <ClInclude Include="..\..\ext\json-parser\json.h" />
+    <ClInclude Include="..\..\ext\libnatpmp\getgateway.h" />
+    <ClInclude Include="..\..\ext\libnatpmp\natpmp.h" />
+    <ClInclude Include="..\..\ext\libnatpmp\wingettimeofday.h" />
+    <ClInclude Include="..\..\ext\lz4\lz4.h" />
+    <ClInclude Include="..\..\ext\miniupnpc\codelength.h" />
+    <ClInclude Include="..\..\ext\miniupnpc\connecthostport.h" />
+    <ClInclude Include="..\..\ext\miniupnpc\igd_desc_parse.h" />
+    <ClInclude Include="..\..\ext\miniupnpc\minisoap.h" />
+    <ClInclude Include="..\..\ext\miniupnpc\minissdpc.h" />
+    <ClInclude Include="..\..\ext\miniupnpc\miniupnpc.h" />
+    <ClInclude Include="..\..\ext\miniupnpc\miniupnpctypes.h" />
+    <ClInclude Include="..\..\ext\miniupnpc\miniupnpc_declspec.h" />
+    <ClInclude Include="..\..\ext\miniupnpc\miniwget.h" />
+    <ClInclude Include="..\..\ext\miniupnpc\minixml.h" />
+    <ClInclude Include="..\..\ext\miniupnpc\portlistingparse.h" />
+    <ClInclude Include="..\..\ext\miniupnpc\receivedata.h" />
+    <ClInclude Include="..\..\ext\miniupnpc\upnpcommands.h" />
+    <ClInclude Include="..\..\ext\miniupnpc\upnpdev.h" />
+    <ClInclude Include="..\..\ext\miniupnpc\upnperrors.h" />
+    <ClInclude Include="..\..\ext\miniupnpc\upnpreplyparse.h" />
+    <ClInclude Include="..\..\include\ZeroTierOne.h" />
+    <ClInclude Include="..\..\node\Address.hpp" />
+    <ClInclude Include="..\..\node\Array.hpp" />
+    <ClInclude Include="..\..\node\AtomicCounter.hpp" />
+    <ClInclude Include="..\..\node\BandwidthAccount.hpp" />
+    <ClInclude Include="..\..\node\BinarySemaphore.hpp" />
+    <ClInclude Include="..\..\node\Buffer.hpp" />
+    <ClInclude Include="..\..\node\C25519.hpp" />
+    <ClInclude Include="..\..\node\CertificateOfMembership.hpp" />
+    <ClInclude Include="..\..\node\Cluster.hpp" />
+    <ClInclude Include="..\..\node\CMWC4096.hpp" />
+    <ClInclude Include="..\..\node\Constants.hpp" />
+    <ClInclude Include="..\..\node\DeferredPackets.hpp" />
+    <ClInclude Include="..\..\node\Dictionary.hpp" />
+    <ClInclude Include="..\..\node\Hashtable.hpp" />
+    <ClInclude Include="..\..\node\Identity.hpp" />
+    <ClInclude Include="..\..\node\IncomingPacket.hpp" />
+    <ClInclude Include="..\..\node\InetAddress.hpp" />
+    <ClInclude Include="..\..\node\MAC.hpp" />
+    <ClInclude Include="..\..\node\Multicaster.hpp" />
+    <ClInclude Include="..\..\node\MulticastGroup.hpp" />
+    <ClInclude Include="..\..\node\Mutex.hpp" />
+    <ClInclude Include="..\..\node\Network.hpp" />
+    <ClInclude Include="..\..\node\NetworkConfig.hpp" />
+    <ClInclude Include="..\..\node\NetworkController.hpp" />
+    <ClInclude Include="..\..\node\Node.hpp" />
+    <ClInclude Include="..\..\node\NonCopyable.hpp" />
+    <ClInclude Include="..\..\node\OutboundMulticast.hpp" />
+    <ClInclude Include="..\..\node\Packet.hpp" />
+    <ClInclude Include="..\..\node\Path.hpp" />
+    <ClInclude Include="..\..\node\Peer.hpp" />
+    <ClInclude Include="..\..\node\Poly1305.hpp" />
+    <ClInclude Include="..\..\node\RuntimeEnvironment.hpp" />
+    <ClInclude Include="..\..\node\Salsa20.hpp" />
+    <ClInclude Include="..\..\node\SelfAwareness.hpp" />
+    <ClInclude Include="..\..\node\SHA512.hpp" />
+    <ClInclude Include="..\..\node\SharedPtr.hpp" />
+    <ClInclude Include="..\..\node\Switch.hpp" />
+    <ClInclude Include="..\..\node\Topology.hpp" />
+    <ClInclude Include="..\..\node\Utils.hpp" />
+    <ClInclude Include="..\..\node\World.hpp" />
+    <ClInclude Include="..\..\osdep\BackgroundResolver.hpp" />
+    <ClInclude Include="..\..\osdep\Binder.hpp" />
+    <ClInclude Include="..\..\osdep\Http.hpp" />
+    <ClInclude Include="..\..\osdep\ManagedRoute.hpp" />
+    <ClInclude Include="..\..\osdep\OSUtils.hpp" />
+    <ClInclude Include="..\..\osdep\Phy.hpp" />
+    <ClInclude Include="..\..\osdep\PortMapper.hpp" />
+    <ClInclude Include="..\..\osdep\Thread.hpp" />
+    <ClInclude Include="..\..\osdep\WindowsEthernetTap.hpp" />
+    <ClInclude Include="..\..\service\ControlPlane.hpp" />
+    <ClInclude Include="..\..\service\ControlPlaneSubsystem.hpp" />
+    <ClInclude Include="..\..\service\OneService.hpp" />
+    <ClInclude Include="..\..\version.h" />
+    <ClInclude Include="resource.h" />
+    <ClInclude Include="ServiceBase.h" />
+    <ClInclude Include="ServiceInstaller.h" />
+    <ClInclude Include="ZeroTierOneService.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="ZeroTierOne.rc" />
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{B00A4957-5977-4AC1-9EF4-571DC27EADA2}</ProjectGuid>
+    <RootNamespace>ZeroTierOne</RootNamespace>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v110</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v110</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <TargetExt>.exe</TargetExt>
+    <OutDir>$(SolutionDir)\Build\$(Platform)\$(Configuration)\</OutDir>
+    <TargetName>zerotier-one_x86</TargetName>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <TargetExt>.exe</TargetExt>
+    <OutDir>$(SolutionDir)\Build\$(Platform)\$(Configuration)\</OutDir>
+    <TargetName>zerotier-one_x86</TargetName>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <TargetExt>.exe</TargetExt>
+    <OutDir>$(SolutionDir)\Build\$(Platform)\$(Configuration)\</OutDir>
+    <TargetName>zerotier-one_x64</TargetName>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <TargetExt>.exe</TargetExt>
+    <OutDir>$(SolutionDir)\Build\$(Platform)\$(Configuration)\</OutDir>
+    <TargetName>zerotier-one_x64</TargetName>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <AdditionalIncludeDirectories>
+      </AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>NOMINMAX;STATICLIB;WIN32;ZT_TRACE;ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>wsock32.lib;ws2_32.lib;Iphlpapi.lib;Rpcrt4.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <AdditionalIncludeDirectories>
+      </AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>NOMINMAX;STATICLIB;WIN32;ZT_TRACE;ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MultiProcessorCompilation>false</MultiProcessorCompilation>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>wsock32.lib;ws2_32.lib;Iphlpapi.lib;Rpcrt4.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <AdditionalIncludeDirectories>
+      </AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>STATICLIB;ZT_OFFICIAL_RELEASE;ZT_AUTO_UPDATE;ZT_SALSA20_SSE;ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;WIN32;NOMINMAX;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <EnableEnhancedInstructionSet>NoExtensions</EnableEnhancedInstructionSet>
+      <StringPooling>true</StringPooling>
+      <InlineFunctionExpansion>AnySuitable</InlineFunctionExpansion>
+      <FavorSizeOrSpeed>Speed</FavorSizeOrSpeed>
+      <OmitFramePointers>true</OmitFramePointers>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <AdditionalDependencies>wsock32.lib;ws2_32.lib;Iphlpapi.lib;Rpcrt4.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <AdditionalIncludeDirectories>
+      </AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>STATICLIB;ZT_OFFICIAL_RELEASE;ZT_AUTO_UPDATE;ZT_SALSA20_SSE;ZT_USE_MINIUPNPC;MINIUPNP_STATICLIB;WIN32;NOMINMAX;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <EnableEnhancedInstructionSet>NotSet</EnableEnhancedInstructionSet>
+      <StringPooling>true</StringPooling>
+      <InlineFunctionExpansion>AnySuitable</InlineFunctionExpansion>
+      <FavorSizeOrSpeed>Speed</FavorSizeOrSpeed>
+      <OmitFramePointers>true</OmitFramePointers>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <AdditionalDependencies>wsock32.lib;ws2_32.lib;Iphlpapi.lib;Rpcrt4.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+    </Link>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/windows/ZeroTierOne/ZeroTierOne.vcxproj.filters b/windows/ZeroTierOne/ZeroTierOne.vcxproj.filters
new file mode 100644
index 0000000..eeeb8d2
--- /dev/null
+++ b/windows/ZeroTierOne/ZeroTierOne.vcxproj.filters
@@ -0,0 +1,551 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+    <Filter Include="Source Files\node">
+      <UniqueIdentifier>{67b1c0f8-b018-4169-9c14-7032ed12c786}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Header Files\include">
+      <UniqueIdentifier>{40761a4c-e8db-4a91-9cab-7afef332f4a8}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Header Files\node">
+      <UniqueIdentifier>{da3b8126-840c-45db-8abe-9d7e7976f8be}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Source Files\osdep">
+      <UniqueIdentifier>{6054dfae-4ed2-4d69-8cf5-d6f27646f2d7}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Source Files\service">
+      <UniqueIdentifier>{9944293a-4a1a-40e9-b92a-eff31fe87e2c}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Header Files\osdep">
+      <UniqueIdentifier>{ca21bd6b-ff4e-4f9e-bedd-c9f603d2d0d6}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Header Files\service">
+      <UniqueIdentifier>{e1743b3c-1d18-47f1-ab5a-f5703c19f1df}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Header Files\ext">
+      <UniqueIdentifier>{71865460-d693-4c73-84f6-dbff42f49df6}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Header Files\ext\http-parser">
+      <UniqueIdentifier>{17ae9a01-d39f-4c6d-a800-8f2cd0804c96}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Header Files\ext\json-parser">
+      <UniqueIdentifier>{736aad7f-8d95-4602-88df-3bb970869c6f}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Header Files\ext\lz4">
+      <UniqueIdentifier>{3636527c-bc03-4852-bd3c-20ee25e56d82}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Source Files\ext">
+      <UniqueIdentifier>{7784af31-5b60-4300-b07e-44cf864c54db}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Source Files\ext\lz4">
+      <UniqueIdentifier>{29164186-10fc-45f5-b253-6d03f0ddd4db}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Source Files\ext\http-parser">
+      <UniqueIdentifier>{f8a1c208-15b8-4d85-a4cb-11d2b82f2d1e}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Source Files\ext\json-parser">
+      <UniqueIdentifier>{da28e961-1761-41d8-9a59-65b00dfb1302}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Source Files\windows">
+      <UniqueIdentifier>{43f75f84-c70d-4d44-a0ef-28a7a399abd4}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Source Files\windows\ZeroTierOne">
+      <UniqueIdentifier>{0da07a2f-8922-4827-ac51-29ca3f30f881}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Header Files\windows">
+      <UniqueIdentifier>{b74916eb-bb6c-4449-a2a2-fa0b17f60121}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Header Files\windows\ZeroTierOne">
+      <UniqueIdentifier>{bf604491-14c4-4a74-81a6-6105d07c5c7c}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Header Files\ext\bin">
+      <UniqueIdentifier>{5939db69-ab17-47c6-97fb-185e2c678737}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Header Files\ext\bin\miniupnpc">
+      <UniqueIdentifier>{3666f510-b6da-47cb-8039-56441f2dac3e}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Header Files\ext\bin\miniupnpc\include">
+      <UniqueIdentifier>{1a47071e-e51b-4535-89ae-858946f03118}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Header Files\ext\miniupnpc">
+      <UniqueIdentifier>{5423fb64-896b-432e-a19d-88d4467f89f9}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Source Files\ext\miniupnpc">
+      <UniqueIdentifier>{56cc3ab8-3336-4a22-9471-c267ee46cd54}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Header Files\ext\libnatpmp">
+      <UniqueIdentifier>{d7292d0d-72a0-4ed6-b717-21debb120737}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Source Files\ext\libnatpmp">
+      <UniqueIdentifier>{409ec37e-ff36-4c13-b18d-52d6052e0ca2}</UniqueIdentifier>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\service\ControlPlane.cpp">
+      <Filter>Source Files\service</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\service\OneService.cpp">
+      <Filter>Source Files\service</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\osdep\WindowsEthernetTap.cpp">
+      <Filter>Source Files\osdep</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\osdep\Http.cpp">
+      <Filter>Source Files\osdep</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\osdep\OSUtils.cpp">
+      <Filter>Source Files\osdep</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\node\C25519.cpp">
+      <Filter>Source Files\node</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\node\CertificateOfMembership.cpp">
+      <Filter>Source Files\node</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\node\Identity.cpp">
+      <Filter>Source Files\node</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\node\IncomingPacket.cpp">
+      <Filter>Source Files\node</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\node\InetAddress.cpp">
+      <Filter>Source Files\node</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\node\Multicaster.cpp">
+      <Filter>Source Files\node</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\node\Network.cpp">
+      <Filter>Source Files\node</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\node\NetworkConfig.cpp">
+      <Filter>Source Files\node</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\node\Node.cpp">
+      <Filter>Source Files\node</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\node\OutboundMulticast.cpp">
+      <Filter>Source Files\node</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\node\Packet.cpp">
+      <Filter>Source Files\node</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\node\Peer.cpp">
+      <Filter>Source Files\node</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\node\Poly1305.cpp">
+      <Filter>Source Files\node</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\node\Salsa20.cpp">
+      <Filter>Source Files\node</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\node\SelfAwareness.cpp">
+      <Filter>Source Files\node</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\node\SHA512.cpp">
+      <Filter>Source Files\node</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\node\Switch.cpp">
+      <Filter>Source Files\node</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\node\Topology.cpp">
+      <Filter>Source Files\node</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\node\Utils.cpp">
+      <Filter>Source Files\node</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\ext\lz4\lz4.c">
+      <Filter>Source Files\ext\lz4</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\ext\http-parser\http_parser.c">
+      <Filter>Source Files\ext\http-parser</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\ext\json-parser\json.c">
+      <Filter>Source Files\ext\json-parser</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\one.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="ServiceBase.cpp">
+      <Filter>Source Files\windows\ZeroTierOne</Filter>
+    </ClCompile>
+    <ClCompile Include="ServiceInstaller.cpp">
+      <Filter>Source Files\windows\ZeroTierOne</Filter>
+    </ClCompile>
+    <ClCompile Include="ZeroTierOneService.cpp">
+      <Filter>Source Files\windows\ZeroTierOne</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\osdep\BackgroundResolver.cpp">
+      <Filter>Source Files\osdep</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\node\Path.cpp">
+      <Filter>Source Files\node</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\node\DeferredPackets.cpp">
+      <Filter>Source Files\node</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\node\Cluster.cpp">
+      <Filter>Source Files\node</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\ext\miniupnpc\connecthostport.c">
+      <Filter>Source Files\ext\miniupnpc</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\ext\miniupnpc\igd_desc_parse.c">
+      <Filter>Source Files\ext\miniupnpc</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\ext\miniupnpc\minisoap.c">
+      <Filter>Source Files\ext\miniupnpc</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\ext\miniupnpc\minissdpc.c">
+      <Filter>Source Files\ext\miniupnpc</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\ext\miniupnpc\miniupnpc.c">
+      <Filter>Source Files\ext\miniupnpc</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\ext\miniupnpc\miniwget.c">
+      <Filter>Source Files\ext\miniupnpc</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\ext\miniupnpc\minixml.c">
+      <Filter>Source Files\ext\miniupnpc</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\ext\miniupnpc\portlistingparse.c">
+      <Filter>Source Files\ext\miniupnpc</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\ext\miniupnpc\receivedata.c">
+      <Filter>Source Files\ext\miniupnpc</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\ext\miniupnpc\upnpcommands.c">
+      <Filter>Source Files\ext\miniupnpc</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\ext\miniupnpc\upnpdev.c">
+      <Filter>Source Files\ext\miniupnpc</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\ext\miniupnpc\upnperrors.c">
+      <Filter>Source Files\ext\miniupnpc</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\ext\miniupnpc\upnpreplyparse.c">
+      <Filter>Source Files\ext\miniupnpc</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\osdep\PortMapper.cpp">
+      <Filter>Source Files\osdep</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\ext\libnatpmp\getgateway.c">
+      <Filter>Source Files\ext\libnatpmp</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\ext\libnatpmp\natpmp.c">
+      <Filter>Source Files\ext\libnatpmp</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\ext\libnatpmp\wingettimeofday.c">
+      <Filter>Source Files\ext\libnatpmp</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\osdep\ManagedRoute.cpp">
+      <Filter>Source Files\osdep</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="resource.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\version.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\include\ZeroTierOne.h">
+      <Filter>Header Files\include</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\osdep\Http.hpp">
+      <Filter>Header Files\osdep</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\osdep\OSUtils.hpp">
+      <Filter>Header Files\osdep</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\osdep\Phy.hpp">
+      <Filter>Header Files\osdep</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\osdep\Thread.hpp">
+      <Filter>Header Files\osdep</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\osdep\WindowsEthernetTap.hpp">
+      <Filter>Header Files\osdep</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\service\ControlPlane.hpp">
+      <Filter>Header Files\service</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\service\ControlPlaneSubsystem.hpp">
+      <Filter>Header Files\service</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\service\OneService.hpp">
+      <Filter>Header Files\service</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\Address.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\Array.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\AtomicCounter.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\BandwidthAccount.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\Buffer.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\C25519.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\CertificateOfMembership.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\CMWC4096.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\Constants.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\Dictionary.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\Identity.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\IncomingPacket.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\InetAddress.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\MAC.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\Multicaster.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\MulticastGroup.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\Mutex.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\Network.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\NetworkConfig.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\NetworkController.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\Node.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\NonCopyable.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\OutboundMulticast.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\Packet.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\Path.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\Peer.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\Poly1305.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\RuntimeEnvironment.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\Salsa20.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\SelfAwareness.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\SHA512.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\SharedPtr.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\Switch.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\Topology.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\Utils.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\lz4\lz4.h">
+      <Filter>Header Files\ext\lz4</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\json-parser\json.h">
+      <Filter>Header Files\ext\json-parser</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\http-parser\http_parser.h">
+      <Filter>Header Files\ext\http-parser</Filter>
+    </ClInclude>
+    <ClInclude Include="ServiceBase.h">
+      <Filter>Header Files\windows\ZeroTierOne</Filter>
+    </ClInclude>
+    <ClInclude Include="ServiceInstaller.h">
+      <Filter>Header Files\windows\ZeroTierOne</Filter>
+    </ClInclude>
+    <ClInclude Include="ZeroTierOneService.h">
+      <Filter>Header Files\windows\ZeroTierOne</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\osdep\BackgroundResolver.hpp">
+      <Filter>Header Files\osdep</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\codelength.h">
+      <Filter>Header Files\ext\bin\miniupnpc\include</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\connecthostport.h">
+      <Filter>Header Files\ext\bin\miniupnpc\include</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\igd_desc_parse.h">
+      <Filter>Header Files\ext\bin\miniupnpc\include</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\minisoap.h">
+      <Filter>Header Files\ext\bin\miniupnpc\include</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\minissdpc.h">
+      <Filter>Header Files\ext\bin\miniupnpc\include</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\miniupnpc.h">
+      <Filter>Header Files\ext\bin\miniupnpc\include</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\miniupnpc_declspec.h">
+      <Filter>Header Files\ext\bin\miniupnpc\include</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\miniupnpcstrings.h">
+      <Filter>Header Files\ext\bin\miniupnpc\include</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\miniupnpctypes.h">
+      <Filter>Header Files\ext\bin\miniupnpc\include</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\miniwget.h">
+      <Filter>Header Files\ext\bin\miniupnpc\include</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\minixml.h">
+      <Filter>Header Files\ext\bin\miniupnpc\include</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\portlistingparse.h">
+      <Filter>Header Files\ext\bin\miniupnpc\include</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\receivedata.h">
+      <Filter>Header Files\ext\bin\miniupnpc\include</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\upnpcommands.h">
+      <Filter>Header Files\ext\bin\miniupnpc\include</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\upnperrors.h">
+      <Filter>Header Files\ext\bin\miniupnpc\include</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\bin\miniupnpc\include\miniupnpc\upnpreplyparse.h">
+      <Filter>Header Files\ext\bin\miniupnpc\include</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\BinarySemaphore.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\Cluster.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\Hashtable.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\DeferredPackets.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\node\World.hpp">
+      <Filter>Header Files\node</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\miniupnpc\codelength.h">
+      <Filter>Header Files\ext\miniupnpc</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\miniupnpc\connecthostport.h">
+      <Filter>Header Files\ext\miniupnpc</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\miniupnpc\igd_desc_parse.h">
+      <Filter>Header Files\ext\miniupnpc</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\miniupnpc\minisoap.h">
+      <Filter>Header Files\ext\miniupnpc</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\miniupnpc\minissdpc.h">
+      <Filter>Header Files\ext\miniupnpc</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\miniupnpc\miniupnpc.h">
+      <Filter>Header Files\ext\miniupnpc</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\miniupnpc\miniupnpc_declspec.h">
+      <Filter>Header Files\ext\miniupnpc</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\miniupnpc\miniupnpctypes.h">
+      <Filter>Header Files\ext\miniupnpc</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\miniupnpc\miniwget.h">
+      <Filter>Header Files\ext\miniupnpc</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\miniupnpc\minixml.h">
+      <Filter>Header Files\ext\miniupnpc</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\miniupnpc\portlistingparse.h">
+      <Filter>Header Files\ext\miniupnpc</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\miniupnpc\receivedata.h">
+      <Filter>Header Files\ext\miniupnpc</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\miniupnpc\upnpcommands.h">
+      <Filter>Header Files\ext\miniupnpc</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\miniupnpc\upnpdev.h">
+      <Filter>Header Files\ext\miniupnpc</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\miniupnpc\upnperrors.h">
+      <Filter>Header Files\ext\miniupnpc</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\miniupnpc\upnpreplyparse.h">
+      <Filter>Header Files\ext\miniupnpc</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\osdep\PortMapper.hpp">
+      <Filter>Header Files\osdep</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\libnatpmp\getgateway.h">
+      <Filter>Header Files\ext\libnatpmp</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\libnatpmp\natpmp.h">
+      <Filter>Header Files\ext\libnatpmp</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\ext\libnatpmp\wingettimeofday.h">
+      <Filter>Header Files\ext\libnatpmp</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\osdep\Binder.hpp">
+      <Filter>Header Files\osdep</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\osdep\ManagedRoute.hpp">
+      <Filter>Header Files\osdep</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="ZeroTierOne.rc">
+      <Filter>Resource Files</Filter>
+    </ResourceCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/windows/ZeroTierOne/ZeroTierOneService.cpp b/windows/ZeroTierOne/ZeroTierOneService.cpp
new file mode 100644
index 0000000..8e0b9c3
--- /dev/null
+++ b/windows/ZeroTierOne/ZeroTierOneService.cpp
@@ -0,0 +1,157 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#pragma region Includes
+
+#include <WinSock2.h>
+#include <Windows.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "ZeroTierOneService.h"
+
+#include "../../version.h"
+#include "../../include/ZeroTierOne.h"
+
+#include "../../node/Constants.hpp"
+#include "../../node/Utils.hpp"
+#include "../../osdep/OSUtils.hpp"
+#include "../../service/OneService.hpp"
+
+#pragma endregion // Includes
+
+#ifdef ZT_DEBUG_SERVICE
+FILE *SVCDBGfile = (FILE *)0;
+ZeroTier::Mutex SVCDBGfile_m;
+#endif
+
+ZeroTierOneService::ZeroTierOneService() :
+	CServiceBase(ZT_SERVICE_NAME,TRUE,TRUE,FALSE),
+	_service((ZeroTier::OneService *)0)
+{
+#ifdef ZT_DEBUG_SERVICE
+	SVCDBGfile_m.lock();
+	if (!SVCDBGfile)
+		SVCDBGfile = fopen(ZT_DEBUG_SERVICE,"a");
+	SVCDBGfile_m.unlock();
+#endif
+
+	ZT_SVCDBG("ZeroTierOneService::ZeroTierOneService()\r\n");
+}
+
+ZeroTierOneService::~ZeroTierOneService(void)
+{
+	ZT_SVCDBG("ZeroTierOneService::~ZeroTierOneService()\r\n");
+
+#ifdef ZT_DEBUG_SERVICE
+	SVCDBGfile_m.lock();
+	if (SVCDBGfile) {
+		fclose(SVCDBGfile);
+		SVCDBGfile = (FILE *)0;
+	}
+	SVCDBGfile_m.unlock();
+#endif
+}
+
+void ZeroTierOneService::threadMain()
+	throw()
+{
+	ZT_SVCDBG("ZeroTierOneService::threadMain()\r\n");
+
+restart_node:
+	try {
+		{
+			ZeroTier::Mutex::Lock _l(_lock);
+			delete _service;
+			_service = (ZeroTier::OneService *)0; // in case newInstance() fails
+			_service = ZeroTier::OneService::newInstance(
+				ZeroTier::OneService::platformDefaultHomePath().c_str(),
+				ZT_DEFAULT_PORT);
+		}
+		switch(_service->run()) {
+			case ZeroTier::OneService::ONE_UNRECOVERABLE_ERROR: {
+				std::string err("ZeroTier One encountered an unrecoverable error: ");
+				err.append(_service->fatalErrorMessage());
+				err.append(" (restarting in 5 seconds)");
+				WriteEventLogEntry(const_cast <PSTR>(err.c_str()),EVENTLOG_ERROR_TYPE);
+				Sleep(5000);
+			}	goto restart_node;
+
+			case ZeroTier::OneService::ONE_IDENTITY_COLLISION: {
+				std::string homeDir(ZeroTier::OneService::platformDefaultHomePath());
+				delete _service;
+				_service = (ZeroTier::OneService *)0;
+				std::string oldid;
+				ZeroTier::OSUtils::readFile((homeDir + ZT_PATH_SEPARATOR_S + "identity.secret").c_str(),oldid);
+				if (oldid.length()) {
+					ZeroTier::OSUtils::writeFile((homeDir + ZT_PATH_SEPARATOR_S + "identity.secret.saved_after_collision").c_str(),oldid);
+					ZeroTier::OSUtils::rm((homeDir + ZT_PATH_SEPARATOR_S + "identity.secret").c_str());
+					ZeroTier::OSUtils::rm((homeDir + ZT_PATH_SEPARATOR_S + "identity.public").c_str());
+				}
+			}	goto restart_node;
+
+			default: // normal termination
+				break;
+		}
+	} catch ( ... ) {
+		// sanity check, shouldn't happen since Node::run() should catch all its own errors
+		// could also happen if we're out of memory though!
+		WriteEventLogEntry("unexpected exception (out of memory?) (trying again in 5 seconds)",EVENTLOG_ERROR_TYPE);
+		Sleep(5000);
+		goto restart_node;
+	}
+
+	{
+		ZeroTier::Mutex::Lock _l(_lock);
+		delete _service;
+		_service = (ZeroTier::OneService *)0;
+	}
+}
+
+void ZeroTierOneService::OnStart(DWORD dwArgc, LPSTR *lpszArgv)
+{
+	ZT_SVCDBG("ZeroTierOneService::OnStart()\r\n");
+
+	try {
+		_thread = ZeroTier::Thread::start(this);
+	} catch ( ... ) {
+		throw (DWORD)ERROR_EXCEPTION_IN_SERVICE;
+	}
+}
+
+void ZeroTierOneService::OnStop()
+{
+	ZT_SVCDBG("ZeroTierOneService::OnStop()\r\n");
+
+	_lock.lock();
+	ZeroTier::OneService *s = _service;
+	_lock.unlock();
+
+	if (s) {
+		s->terminate();
+		ZeroTier::Thread::join(_thread);
+	}
+}
+
+void ZeroTierOneService::OnShutdown()
+{
+	ZT_SVCDBG("ZeroTierOneService::OnShutdown()\r\n");
+
+	// stop thread on system shutdown (if it hasn't happened already)
+	OnStop();
+}
diff --git a/windows/ZeroTierOne/ZeroTierOneService.h b/windows/ZeroTierOne/ZeroTierOneService.h
new file mode 100644
index 0000000..9c23d0f
--- /dev/null
+++ b/windows/ZeroTierOne/ZeroTierOneService.h
@@ -0,0 +1,71 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#pragma once
+
+#include <stdio.h>
+
+#include "ServiceBase.h"
+
+#include <string>
+
+#include "../../node/Mutex.hpp"
+#include "../../osdep/Thread.hpp"
+#include "../../service/OneService.hpp"
+
+// Uncomment to make debugging Windows services suck slightly less hard.
+//#define ZT_DEBUG_SERVICE "C:\\ZeroTierOneServiceDebugLog.txt"
+
+#ifdef ZT_DEBUG_SERVICE
+extern FILE *SVCDBGfile;
+extern ZeroTier::Mutex SVCDBGfile_m;
+#define ZT_SVCDBG(f,...) { SVCDBGfile_m.lock(); fprintf(SVCDBGfile,f,##__VA_ARGS__); fflush(SVCDBGfile); SVCDBGfile_m.unlock(); }
+#else
+#define ZT_SVCDBG(f,...) {}
+#endif
+
+#define ZT_SERVICE_NAME "ZeroTierOneService"
+#define ZT_SERVICE_DISPLAY_NAME "ZeroTier One"
+#define ZT_SERVICE_START_TYPE SERVICE_AUTO_START
+#define ZT_SERVICE_DEPENDENCIES ""
+//#define ZT_SERVICE_ACCOUNT "NT AUTHORITY\\LocalService"
+#define ZT_SERVICE_ACCOUNT NULL
+#define ZT_SERVICE_PASSWORD NULL
+
+class ZeroTierOneService : public CServiceBase
+{
+public:
+    ZeroTierOneService();
+    virtual ~ZeroTierOneService(void);
+
+	/**
+	 * Thread main method; do not call elsewhere
+	 */
+	void threadMain()
+		throw();
+
+protected:
+    virtual void OnStart(DWORD dwArgc, PSTR *pszArgv);
+    virtual void OnStop();
+	virtual void OnShutdown();
+
+private:
+	ZeroTier::OneService *volatile _service;
+	ZeroTier::Mutex _lock;
+	ZeroTier::Thread _thread;
+};
diff --git a/windows/ZeroTierOne/resource.h b/windows/ZeroTierOne/resource.h
new file mode 100644
index 0000000..1aad215
--- /dev/null
+++ b/windows/ZeroTierOne/resource.h
@@ -0,0 +1,14 @@
+//{{NO_DEPENDENCIES}}
+// Microsoft Visual C++ generated include file.
+// Used by ZeroTierOne.rc
+
+// Next default values for new objects
+// 
+#ifdef APSTUDIO_INVOKED
+#ifndef APSTUDIO_READONLY_SYMBOLS
+#define _APS_NEXT_RESOURCE_VALUE        101
+#define _APS_NEXT_COMMAND_VALUE         40001
+#define _APS_NEXT_CONTROL_VALUE         1001
+#define _APS_NEXT_SYMED_VALUE           101
+#endif
+#endif
diff --git a/windows/packages/.gitignore b/windows/packages/.gitignore
new file mode 100644
index 0000000..0acda71
--- /dev/null
+++ b/windows/packages/.gitignore
@@ -0,0 +1,3 @@
+*
+!repositories.config
+!.gitignore
\ No newline at end of file
diff --git a/windows/packages/repositories.config b/windows/packages/repositories.config
new file mode 100644
index 0000000..f819765
--- /dev/null
+++ b/windows/packages/repositories.config
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<repositories>
+  <repository path="..\WinUI\packages.config" />
+</repositories>
\ No newline at end of file
diff --git a/world/README.md b/world/README.md
new file mode 100644
index 0000000..dda4920
--- /dev/null
+++ b/world/README.md
@@ -0,0 +1,7 @@
+World Definitions and Generator Code
+======
+
+This little bit of code is used to generate world updates. Ordinary users probably will never need this unless they want to test or experiment.
+
+See mkworld.cpp for documentation. To build from this directory use 'source ./build.sh'.
+
diff --git a/world/build.sh b/world/build.sh
new file mode 100755
index 0000000..b783702
--- /dev/null
+++ b/world/build.sh
@@ -0,0 +1 @@
+c++ -I.. -o mkworld ../node/C25519.cpp ../node/Salsa20.cpp ../node/SHA512.cpp ../node/Identity.cpp ../node/Utils.cpp ../node/InetAddress.cpp ../osdep/OSUtils.cpp mkworld.cpp
diff --git a/world/earth-2016-01-13.bin b/world/earth-2016-01-13.bin
new file mode 100644
index 0000000..5dea4d2
Binary files /dev/null and b/world/earth-2016-01-13.bin differ
diff --git a/world/mkworld.cpp b/world/mkworld.cpp
new file mode 100644
index 0000000..061d634
--- /dev/null
+++ b/world/mkworld.cpp
@@ -0,0 +1,168 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * This utility makes the World from the configuration specified below.
+ * It probably won't be much use to anyone outside ZeroTier, Inc. except
+ * for testing and experimentation purposes.
+ *
+ * If you want to make your own World you must edit this file.
+ *
+ * When run, it expects two files in the current directory:
+ *
+ * previous.c25519 - key pair to sign this world (key from previous world)
+ * current.c25519 - key pair whose public key should be embedded in this world
+ *
+ * If these files do not exist, they are both created with the same key pair
+ * and a self-signed initial World is born.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <string>
+#include <vector>
+#include <algorithm>
+
+#include <node/Constants.hpp>
+#include <node/World.hpp>
+#include <node/C25519.hpp>
+#include <node/Identity.hpp>
+#include <node/InetAddress.hpp>
+#include <osdep/OSUtils.hpp>
+
+using namespace ZeroTier;
+
+class WorldMaker : public World
+{
+public:
+	static inline World make(uint64_t id,uint64_t ts,const C25519::Public &sk,const std::vector<World::Root> &roots,const C25519::Pair &signWith)
+	{
+		WorldMaker w;
+		w._id = id;
+		w._ts = ts;
+		w._updateSigningKey = sk;
+		w._roots = roots;
+
+		Buffer<ZT_WORLD_MAX_SERIALIZED_LENGTH> tmp;
+		w.serialize(tmp,true);
+		w._signature = C25519::sign(signWith,tmp.data(),tmp.size());
+
+		return w;
+	}
+};
+
+int main(int argc,char **argv)
+{
+	std::string previous,current;
+	if ((!OSUtils::readFile("previous.c25519",previous))||(!OSUtils::readFile("current.c25519",current))) {
+		C25519::Pair np(C25519::generate());
+		previous = std::string();
+		previous.append((const char *)np.pub.data,ZT_C25519_PUBLIC_KEY_LEN);
+		previous.append((const char *)np.priv.data,ZT_C25519_PRIVATE_KEY_LEN);
+		current = previous;
+		OSUtils::writeFile("previous.c25519",previous);
+		OSUtils::writeFile("current.c25519",current);
+		fprintf(stderr,"INFO: created initial world keys: previous.c25519 and current.c25519 (both initially the same)"ZT_EOL_S);
+	}
+
+	if ((previous.length() != (ZT_C25519_PUBLIC_KEY_LEN + ZT_C25519_PRIVATE_KEY_LEN))||(current.length() != (ZT_C25519_PUBLIC_KEY_LEN + ZT_C25519_PRIVATE_KEY_LEN))) {
+		fprintf(stderr,"FATAL: previous.c25519 or current.c25519 empty or invalid"ZT_EOL_S);
+		return 1;
+	}
+	C25519::Pair previousKP;
+	memcpy(previousKP.pub.data,previous.data(),ZT_C25519_PUBLIC_KEY_LEN);
+	memcpy(previousKP.priv.data,previous.data() + ZT_C25519_PUBLIC_KEY_LEN,ZT_C25519_PRIVATE_KEY_LEN);
+	C25519::Pair currentKP;
+	memcpy(currentKP.pub.data,current.data(),ZT_C25519_PUBLIC_KEY_LEN);
+	memcpy(currentKP.priv.data,current.data() + ZT_C25519_PUBLIC_KEY_LEN,ZT_C25519_PRIVATE_KEY_LEN);
+
+	// =========================================================================
+	// EDIT BELOW HERE
+
+	std::vector<World::Root> roots;
+
+	const uint64_t id = ZT_WORLD_ID_EARTH;
+	const uint64_t ts = 1452708876314ULL; // January 13th, 2016
+
+	// Alice
+	roots.push_back(World::Root());
+	roots.back().identity = Identity("9d219039f3:0:01f0922a98e3b34ebcbff333269dc265d7a020aab69d72be4d4acc9c8c9294785771256cd1d942a90d1bd1d2dca3ea84ef7d85afe6611fb43ff0b74126d90a6e");
+	roots.back().stableEndpoints.push_back(InetAddress("188.166.94.177/9993")); // Amsterdam
+	roots.back().stableEndpoints.push_back(InetAddress("2a03:b0c0:2:d0::7d:1/9993")); // Amsterdam
+	roots.back().stableEndpoints.push_back(InetAddress("154.66.197.33/9993")); // Johannesburg
+	roots.back().stableEndpoints.push_back(InetAddress("2c0f:f850:154:197::33/9993")); // Johannesburg
+	roots.back().stableEndpoints.push_back(InetAddress("159.203.97.171/9993")); // New York
+	roots.back().stableEndpoints.push_back(InetAddress("2604:a880:800:a1::54:6001/9993")); // New York
+	roots.back().stableEndpoints.push_back(InetAddress("169.57.143.104/9993")); // Sao Paolo
+	roots.back().stableEndpoints.push_back(InetAddress("2607:f0d0:1d01:57::2/9993")); // Sao Paolo
+	roots.back().stableEndpoints.push_back(InetAddress("107.170.197.14/9993")); // San Francisco
+	roots.back().stableEndpoints.push_back(InetAddress("2604:a880:1:20::200:e001/9993")); // San Francisco
+	roots.back().stableEndpoints.push_back(InetAddress("128.199.197.217/9993")); // Singapore
+	roots.back().stableEndpoints.push_back(InetAddress("2400:6180:0:d0::b7:4001/9993")); // Singapore
+
+	// Bob
+	roots.push_back(World::Root());
+	roots.back().identity = Identity("8841408a2e:0:bb1d31f2c323e264e9e64172c1a74f77899555ed10751cd56e86405cde118d02dffe555d462ccf6a85b5631c12350c8d5dc409ba10b9025d0f445cf449d92b1c");
+	roots.back().stableEndpoints.push_back(InetAddress("45.32.198.130/9993")); // Dallas
+	roots.back().stableEndpoints.push_back(InetAddress("2001:19f0:6400:81c3:5400:00ff:fe18:1d61/9993")); // Dallas
+	roots.back().stableEndpoints.push_back(InetAddress("46.101.160.249/9993")); // Frankfurt
+	roots.back().stableEndpoints.push_back(InetAddress("2a03:b0c0:3:d0::6a:3001/9993")); // Frankfurt
+	roots.back().stableEndpoints.push_back(InetAddress("107.191.46.210/9993")); // Paris
+	roots.back().stableEndpoints.push_back(InetAddress("2001:19f0:6800:83a4::64/9993")); // Paris
+	roots.back().stableEndpoints.push_back(InetAddress("45.32.246.179/9993")); // Sydney
+	roots.back().stableEndpoints.push_back(InetAddress("2001:19f0:5800:8bf8:5400:ff:fe15:b39a/9993")); // Sydney
+	roots.back().stableEndpoints.push_back(InetAddress("45.32.248.87/9993")); // Tokyo
+	roots.back().stableEndpoints.push_back(InetAddress("2001:19f0:7000:9bc9:5400:00ff:fe15:c4f5/9993")); // Tokyo
+	roots.back().stableEndpoints.push_back(InetAddress("159.203.2.154/9993")); // Toronto
+	roots.back().stableEndpoints.push_back(InetAddress("2604:a880:cad:d0::26:7001/9993")); // Toronto
+
+	// END WORLD DEFINITION
+	// =========================================================================
+
+	fprintf(stderr,"INFO: generating and signing id==%llu ts==%llu"ZT_EOL_S,(unsigned long long)id,(unsigned long long)ts);
+
+	World nw = WorldMaker::make(id,ts,currentKP.pub,roots,previousKP);
+
+	Buffer<ZT_WORLD_MAX_SERIALIZED_LENGTH> outtmp;
+	nw.serialize(outtmp,false);
+	World testw;
+	testw.deserialize(outtmp,0);
+	if (testw != nw) {
+		fprintf(stderr,"FATAL: serialization test failed!"ZT_EOL_S);
+		return 1;
+	}
+
+	OSUtils::writeFile("world.bin",std::string((const char *)outtmp.data(),outtmp.size()));
+	fprintf(stderr,"INFO: world.bin written with %u bytes of binary world data."ZT_EOL_S,outtmp.size());
+
+	fprintf(stdout,ZT_EOL_S);
+	fprintf(stdout,"#define ZT_DEFAULT_WORLD_LENGTH %u"ZT_EOL_S,outtmp.size());
+	fprintf(stdout,"static const unsigned char ZT_DEFAULT_WORLD[ZT_DEFAULT_WORLD_LENGTH] = {");
+	for(unsigned int i=0;i<outtmp.size();++i) {
+		const unsigned char *d = (const unsigned char *)outtmp.data();
+		if (i > 0)
+			fprintf(stdout,",");
+		fprintf(stdout,"0x%.2x",(unsigned int)d[i]);
+	}
+	fprintf(stdout,"};"ZT_EOL_S);
+
+	return 0;
+}
diff --git a/world/old/earth-2015-11-16.bin b/world/old/earth-2015-11-16.bin
new file mode 100644
index 0000000..910ff14
Binary files /dev/null and b/world/old/earth-2015-11-16.bin differ
diff --git a/world/old/earth-2015-11-20.bin b/world/old/earth-2015-11-20.bin
new file mode 100644
index 0000000..198682e
Binary files /dev/null and b/world/old/earth-2015-11-20.bin differ
diff --git a/world/old/earth-2015-12-17.bin b/world/old/earth-2015-12-17.bin
new file mode 100644
index 0000000..20fadb5
Binary files /dev/null and b/world/old/earth-2015-12-17.bin differ
diff --git a/zerotier-one.spec b/zerotier-one.spec
new file mode 100644
index 0000000..9f242ee
--- /dev/null
+++ b/zerotier-one.spec
@@ -0,0 +1,168 @@
+Name:           zerotier-one
+Version:        1.1.14
+Release:        0.1%{?dist}
+Summary:        ZeroTier One network virtualization service
+
+License:        GPLv3
+URL:            https://www.zerotier.com
+Source0:        %{name}-%{version}.tar.gz
+
+%if 0%{?rhel} >= 7
+BuildRequires:  systemd
+%endif
+
+%if 0%{?fedora} >= 21
+BuildRequires:  lz4-devel
+BuildRequires:  libnatpmp-devel
+BuildRequires:  systemd
+BuildRequires:  json-parser-devel
+%endif
+
+Requires:       iproute
+
+%if 0%{?rhel} >= 7
+Requires:       systemd
+%endif
+
+%if 0%{?rhel} <= 6
+Requires:       chkconfig
+%endif
+
+%if 0%{?fedora} >= 21
+Requires:       lz4
+Requires:       libnatpmp
+Requires:       systemd
+Requires:       json-parser
+%endif
+
+Provides:       bundled(http-parser) = 2.7.0
+Provides:       bundled(miniupnpc) = 2.0
+
+%if 0%{?rhel} >= 6
+Provides:       bundled(json-parser) = 1.1.0
+Provides:       bundled(lz4) = 1.7.1
+Provides:       bundled(libnatpmp) = 20131126
+%endif
+
+%description
+ZeroTier is a software defined networking layer for Earth.
+
+It can be used for on-premise network virtualization, as a peer to peer VPN 
+for mobile teams, for hybrid or multi-data-center cloud deployments, or just 
+about anywhere else secure software defined virtual networking is useful.
+
+ZeroTier One is our OS-level client service. It allows Mac, Linux, Windows, 
+FreeBSD, and soon other types of clients to join ZeroTier virtual networks 
+like conventional VPNs or VLANs. It can run on native systems, VMs, or 
+containers (Docker, OpenVZ, etc.).
+
+%prep
+rm -rf *
+ln -s %{getenv:PWD} %{name}-%{version}
+tar --exclude=%{name}-%{version}/.git --exclude=%{name}-%{version}/%{name}-%{version} -czf %{_sourcedir}/%{name}-%{version}.tar.gz %{name}-%{version}/*
+rm -f %{name}-%{version}
+cp -a %{getenv:PWD}/* .
+
+%build
+%if 0%{?rhel} <= 7
+make CFLAGS="`echo %{optflags} | sed s/stack-protector-strong/stack-protector/`" CXXFLAGS="`echo %{optflags} | sed s/stack-protector-strong/stack-protector/`" ZT_USE_MINIUPNPC=1 %{?_smp_mflags} one manpages selftest
+%else
+make CFLAGS="%{optflags}" CXXFLAGS="%{optflags}" ZT_USE_MINIUPNPC=1 %{?_smp_mflags} one manpages selftest
+%endif
+
+%install
+rm -rf $RPM_BUILD_ROOT
+make install DESTDIR=$RPM_BUILD_ROOT
+%if 0%{?rhel} >= 7
+mkdir -p $RPM_BUILD_ROOT%{_unitdir}
+cp debian/zerotier-one.service $RPM_BUILD_ROOT%{_unitdir}/%{name}.service
+%endif
+%if 0%{?fedora} >= 21
+mkdir -p $RPM_BUILD_ROOT%{_unitdir}
+cp debian/zerotier-one.service $RPM_BUILD_ROOT%{_unitdir}/%{name}.service
+%endif
+%if 0%{?rhel} <= 6
+mkdir -p $RPM_BUILD_ROOT/etc/init.d
+cp ext/installfiles/linux/zerotier-one.init.rhel6 $RPM_BUILD_ROOT/etc/init.d/zerotier-one
+chmod 0755 $RPM_BUILD_ROOT/etc/init.d/zerotier-one
+%endif
+
+%files
+%{_sbindir}/*
+%{_mandir}/*
+%{_localstatedir}/*
+%if 0%{?rhel} >= 7
+%{_unitdir}/%{name}.service
+%endif
+%if 0%{?fedora} >= 21
+%{_unitdir}/%{name}.service
+%endif
+%if 0%{?rhel} <= 6
+/etc/init.d/zerotier-one
+%endif
+
+%post
+%if 0%{?rhel} >= 7
+%systemd_post zerotier-one.service
+%endif
+%if 0%{?fedora} >= 21
+%systemd_post zerotier-one.service
+%endif
+%if 0%{?rhel} <= 6
+case "$1" in
+  1)
+    chkconfig --add zerotier-one
+  ;;
+  2)
+    chkconfig --del newservice
+    chkconfig --add newservice
+  ;;
+esac
+%endif
+
+%preun
+%if 0%{?rhel} >= 7
+%systemd_preun zerotier-one.service
+%endif
+%if 0%{?fedora} >= 21
+%systemd_preun zerotier-one.service
+%endif
+%if 0%{?rhel} <= 6
+case "$1" in
+  0)
+    service zerotier-one stop
+    chkconfig --del zerotier-one
+  ;;
+  1)
+    # This is an upgrade.
+    :
+  ;;
+esac
+%endif
+
+%postun
+%if 0%{?rhel} >= 7
+%systemd_postun_with_restart zerotier-one.service
+%endif
+%if 0%{?fedora} >= 21
+%systemd_postun_with_restart zerotier-one.service
+%endif
+
+%changelog
+* Tue Jul 12 2016 Adam Ierymenko <adam.ierymenko@zerotier.com> - 1.1.10-0.1
+- see https://github.com/zerotier/ZeroTierOne for release notes
+
+* Fri Jul 08 2016 Adam Ierymenko <adam.ierymenko@zerotier.com> - 1.1.8-0.1
+- see https://github.com/zerotier/ZeroTierOne for release notes
+
+* Sat Jun 25 2016 Adam Ierymenko <adam.ierymenko@zerotier.com> - 1.1.6-0.1
+- now builds on CentOS 6 as well as newer distros, and some cleanup
+
+* Wed Jun 08 2016 François Kooman <fkooman@tuxed.net> - 1.1.5-0.3
+- include systemd unit file
+
+* Wed Jun 08 2016 François Kooman <fkooman@tuxed.net> - 1.1.5-0.2
+- add libnatpmp as (build)dependency
+
+* Wed Jun 08 2016 François Kooman <fkooman@tuxed.net> - 1.1.5-0.1
+- initial package