Merge branch 'master' of gnunet.org:gnunet

22 files changed, 1227 insertions, 414 deletions

diff --git a/src/abe/Makefile.am b/src/abe/Makefile.am
index 23a7ae68e..cccd3ccb0 100644
--- a/src/abe/Makefile.am
+++ b/src/abe/Makefile.am
@@ -20,6 +20,8 @@ libgnunetabe_la_LIBADD = \
   $(LTLIBICONV) \
   $(LTLIBINTL) \
         $(ABE_LIBADD) \
+        $(top_builddir)/src/util/libgnunetutil.la \
+        -lgmp \
         -lgabe \
         -lpbc \
         -lglib-2.0 \
diff --git a/src/include/gnunet_hello_lib.h b/src/include/gnunet_hello_lib.h
index fcd422701..5e2190cc6 100644
--- a/src/include/gnunet_hello_lib.h
+++ b/src/include/gnunet_hello_lib.h
@@ -495,11 +495,11 @@ GNUNET_HELLO_parse_uri (const char *uri,
  */
 void
 GNUNET_HELLO_sign_address (const char *address,
-                           enum GNUNET_NetworkType nt,
-                           struct GNUNET_TIME_Absolute expiration,
-                           const struct GNUNET_CRYPTO_EddsaPrivateKey *private_key,
-                           void **result,
-                           size_t *result_size);
+                           enum GNUNET_NetworkType nt,
+                           struct GNUNET_TIME_Absolute expiration,
+                           const struct GNUNET_CRYPTO_EddsaPrivateKey *private_key,
+                           void **result,
+                           size_t *result_size);
 
 
 /**
@@ -514,10 +514,10 @@ GNUNET_HELLO_sign_address (const char *address,
  */
 char *
 GNUNET_HELLO_extract_address (const void *raw,
-                              size_t raw_size,
-                              const struct GNUNET_PeerIdentity *pid,
-                              enum GNUNET_NetworkType *nt,
-                              struct GNUNET_TIME_Absolute *expiration);
+                              size_t raw_size,
+                              const struct GNUNET_PeerIdentity *pid,
+                              enum GNUNET_NetworkType *nt,
+                              struct GNUNET_TIME_Absolute *expiration);
 
 
 /**
diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h
index 7f1667d51..4f97d3078 100644
--- a/src/include/gnunet_protocols.h
+++ b/src/include/gnunet_protocols.h
@@ -3189,8 +3189,15 @@ extern "C"
  */
 #define GNUNET_MESSAGE_TYPE_TRANSPORT_SUGGEST_CANCEL 1301
 
+/**
+ * Type of the 'struct RequestHelloValidationMessage' send by clients to TRANSPORT
+ * to trigger validation of addresses.
+ */
+#define GNUNET_MESSAGE_TYPE_TRANSPORT_REQUEST_HELLO_VALIDATION 1302
+
 
 /* ************** NEW (NG) ATS Messages ************* */
+/* NOTE: it is not clear ATS will survive in TNG      */
 
 /**
  * Type of the 'struct ExpressPreferenceMessage' send by clients to ATS
diff --git a/src/include/gnunet_rps_service.h b/src/include/gnunet_rps_service.h
index b1dd1b5af..c88e75cc7 100644
--- a/src/include/gnunet_rps_service.h
+++ b/src/include/gnunet_rps_service.h
@@ -67,6 +67,21 @@ typedef void (* GNUNET_RPS_NotifyReadyCB) (void *cls,
 
 
 /**
+ * Callback called when requested random peer with additional information is
+ * available.
+ *
+ * @param cls the closure given with the request
+ * @param peer The Peer ID
+ * @param probability The probability with which all elements have been observed
+ * @param num_observed Number of IDs this sampler has observed
+ */
+typedef void (* GNUNET_RPS_NotifyReadySingleInfoCB) (void *cls,
+    const struct GNUNET_PeerIdentity *peer,
+    double probability,
+    uint32_t num_observed);
+
+
+/**
  * Connect to the rps service
  *
  * @param cfg configuration to use
@@ -117,6 +132,21 @@ GNUNET_RPS_request_peers (struct GNUNET_RPS_Handle *h, uint32_t n,
                           GNUNET_RPS_NotifyReadyCB ready_cb,
                           void *cls);
 
+
+/**
+ * Request one random peer, getting additional information.
+ *
+ * @param rps_handle handle to the rps service
+ * @param ready_cb the callback called when the peers are available
+ * @param cls closure given to the callback
+ * @return a handle to cancel this request
+ */
+struct GNUNET_RPS_Request_Handle_Single_Info *
+GNUNET_RPS_request_peer_info (struct GNUNET_RPS_Handle *rps_handle,
+                              GNUNET_RPS_NotifyReadySingleInfoCB ready_cb,
+                              void *cls);
+
+
 /**
  * Seed rps service with peerIDs.
  *
@@ -137,6 +167,16 @@ GNUNET_RPS_seed_ids (struct GNUNET_RPS_Handle *h, uint32_t n,
 GNUNET_RPS_request_cancel (struct GNUNET_RPS_Request_Handle *rh);
 
 
+/**
+ * Cancle an issued single info request.
+ *
+ * @param rhs request handle of request to cancle
+ */
+void
+GNUNET_RPS_request_single_info_cancel (
+    struct GNUNET_RPS_Request_Handle_Single_Info *rhs);
+
+
 #if ENABLE_MALICIOUS
 /**
  * Turn RPS service to act malicious.
diff --git a/src/include/gnunet_transport_application_service.h b/src/include/gnunet_transport_application_service.h
index 31097b88e..bbd4e3ddf 100644
--- a/src/include/gnunet_transport_application_service.h
+++ b/src/include/gnunet_transport_application_service.h
@@ -34,6 +34,7 @@
 
 #include "gnunet_constants.h"
 #include "gnunet_util_lib.h"
+#include "gnunet_nt_lib.h"
 
 /**
  * Handle to the TRANSPORT subsystem for making suggestions about
@@ -62,37 +63,28 @@ GNUNET_TRANSPORT_application_done (struct GNUNET_TRANSPORT_ApplicationHandle *ch
 
 
 /**
- * Handle for suggestion requests.
- */
-struct GNUNET_TRANSPORT_ApplicationSuggestHandle;
-
-
-/**
- * An application would like to communicate with a peer.  TRANSPORT should
- * allocate bandwith using a suitable address for requiremetns @a pk
- * to transport.
+ * An application (or a communicator) has received a HELLO (or other address
+ * data of another peer) and wants TRANSPORT to validate that the address is
+ * correct.  The result is NOT returned, in fact TRANSPORT may do nothing
+ * (i.e. if it has too many active validations or recently tried this one
+ * already).  If the @a addr validates, TRANSPORT will persist the address
+ * with PEERSTORE.
  *
  * @param ch handle
- * @param peer identity of the peer we need an address for
- * @param pk what kind of application will the application require (can be
- *         #GNUNET_MQ_PREFERENCE_NONE, we will still try to connect)
- * @param bw desired bandwith, can be zero (we will still try to connect)
- * @return suggestion handle, NULL if request is already pending
- */
-struct GNUNET_TRANSPORT_ApplicationSuggestHandle *
-GNUNET_TRANSPORT_application_suggest (struct GNUNET_TRANSPORT_ApplicationHandle *ch,
-                                      const struct GNUNET_PeerIdentity *peer,
-                                      enum GNUNET_MQ_PreferenceKind pk,
-                                      struct GNUNET_BANDWIDTH_Value32NBO bw);
-
-
-/**
- * We no longer care about communicating with a peer.
- *
- * @param sh handle
+ * @param peer identity of the peer we have an address for
+ * @param expiration when does @a addr expire; used by TRANSPORT to know when
+ *        to definitively give up attempting to validate
+ * @param nt network type of @a addr (as claimed by the other peer);
+ *        used by TRANSPORT to avoid trying @a addr's that really cannot work
+ *        due to network type missmatches
+ * @param addr address to validate
  */
 void
-GNUNET_TRANSPORT_application_suggest_cancel (struct GNUNET_TRANSPORT_ApplicationSuggestHandle *sh);
+GNUNET_TRANSPORT_application_validate (struct GNUNET_TRANSPORT_ApplicationHandle *ch,
+                                       const struct GNUNET_PeerIdentity *peer,
+                                       struct GNUNET_TIME_Absolute expiration,
+                                       enum GNUNET_NetworkType nt,
+                                       const char *addr);
 
 /** @} */  /* end of group */
 
diff --git a/src/nt/nt.c b/src/nt/nt.c
index 3b95738e8..45d24520f 100644
--- a/src/nt/nt.c
+++ b/src/nt/nt.c
@@ -200,15 +200,21 @@ interface_proc (void *cls,
     net->netmask = (struct sockaddr *) &tmp[1];
     net->length = addrlen;
 
-    memset (&network4, 0, sizeof (network4));
+    memset (&network4,
+            0,
+            sizeof (network4));
     network4.sin_family = AF_INET;
 #if HAVE_SOCKADDR_IN_SIN_LEN
     network4.sin_len = sizeof (network4);
 #endif
     network4.sin_addr.s_addr = (addr4->sin_addr.s_addr & netmask4->sin_addr.s_addr);
 
-    GNUNET_memcpy (net->netmask, netmask4, sizeof (struct sockaddr_in));
-    GNUNET_memcpy (net->network, &network4, sizeof (struct sockaddr_in));
+    GNUNET_memcpy (net->netmask,
+                   netmask4,
+                   sizeof (struct sockaddr_in));
+    GNUNET_memcpy (net->network,
+                   &network4,
+                   sizeof (struct sockaddr_in));
   }
 
   if (addr->sa_family == AF_INET6)
@@ -236,8 +242,12 @@ interface_proc (void *cls,
     for (c = 0; c < 4; c++)
       net_elem[c] = addr_elem[c] & mask_elem[c];
 
-    GNUNET_memcpy (net->netmask, netmask6, sizeof (struct sockaddr_in6));
-    GNUNET_memcpy (net->network, &network6, sizeof (struct sockaddr_in6));
+    GNUNET_memcpy (net->netmask,
+                   netmask6,
+                   sizeof (struct sockaddr_in6));
+    GNUNET_memcpy (net->network,
+                   &network6,
+                   sizeof (struct sockaddr_in6));
   }
   if (NULL == net)
     return GNUNET_OK; /* odd / unsupported address family */
@@ -291,8 +301,8 @@ get_addresses (void *cls)
  */
 enum GNUNET_NetworkType
 GNUNET_NT_scanner_get_type (struct GNUNET_NT_InterfaceScanner *is,
-                            const struct sockaddr *addr,
-                            socklen_t addrlen)
+                            const struct sockaddr *addr,
+                            socklen_t addrlen)
 {
   struct NT_Network *cur = is->net_head;
   enum GNUNET_NetworkType type = GNUNET_NT_UNSPECIFIED;
diff --git a/src/reclaim/Makefile.am b/src/reclaim/Makefile.am
index 13918508e..be50cce26 100644
--- a/src/reclaim/Makefile.am
+++ b/src/reclaim/Makefile.am
@@ -99,6 +99,7 @@ libgnunet_plugin_reclaim_sqlite_la_LIBADD = \
   libgnunetreclaim.la  \
   $(top_builddir)/src/sq/libgnunetsq.la \
   $(top_builddir)/src/statistics/libgnunetstatistics.la \
+        $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \
   $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) -lsqlite3 \
   $(LTLIBINTL)
 libgnunet_plugin_reclaim_sqlite_la_LDFLAGS = \
@@ -126,6 +127,7 @@ libgnunetreclaim_la_SOURCES = \
  reclaim.h
 libgnunetreclaim_la_LIBADD = \
   $(top_builddir)/src/util/libgnunetutil.la \
+        $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \
         $(GN_LIBINTL) $(XLIB)
 libgnunetreclaim_la_LDFLAGS = \
         $(GN_LIB_LDFLAGS)  $(WINFLAGS) \
diff --git a/src/rps/gnunet-rps-profiler.c b/src/rps/gnunet-rps-profiler.c
index a852d94b1..a13ee4078 100644
--- a/src/rps/gnunet-rps-profiler.c
+++ b/src/rps/gnunet-rps-profiler.c
@@ -429,7 +429,7 @@ struct PendingReply
   /**
    * Handle to the request we are waiting for
    */
-  struct GNUNET_RPS_Request_Handle *req_handle;
+  struct GNUNET_RPS_Request_Handle_Single_Info *req_handle;
 
   /**
    * The peer that requested
@@ -1040,7 +1040,7 @@ cancel_request (struct PendingReply *pending_rep)
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Cancelling rps get reply\n");
   GNUNET_assert (NULL != pending_rep->req_handle);
-  GNUNET_RPS_request_cancel (pending_rep->req_handle);
+  GNUNET_RPS_request_single_info_cancel (pending_rep->req_handle);
   pending_rep->req_handle = NULL;
   GNUNET_free (pending_rep);
   pending_rep = NULL;
@@ -1489,6 +1489,13 @@ default_reply_handle (void *cls,
   }
 }
 
+
+static void
+profiler_reply_handle_info (void *cls,
+                            const struct GNUNET_PeerIdentity *recv_peer,
+                            double probability,
+                            uint32_t num_observed);
+
 /**
  * Request random peers.
  */
@@ -1510,9 +1517,12 @@ request_peers (void *cls)
               "Requesting one peer\n");
   pending_rep = GNUNET_new (struct PendingReply);
   pending_rep->rps_peer = rps_peer;
-  pending_rep->req_handle = GNUNET_RPS_request_peers (rps_peer->rps_handle,
-      1,
-      cur_test_run.reply_handle,
+  //pending_rep->req_handle = GNUNET_RPS_request_peers (rps_peer->rps_handle,
+  //    1,
+  //    cur_test_run.reply_handle,
+  //    pending_rep);
+  pending_rep->req_handle = GNUNET_RPS_request_peer_info (rps_peer->rps_handle,
+      profiler_reply_handle_info,
       pending_rep);
   GNUNET_CONTAINER_DLL_insert_tail (rps_peer->pending_rep_head,
                                     rps_peer->pending_rep_tail,
@@ -1979,6 +1989,77 @@ profiler_reply_handle (void *cls,
 }
 
 
+/**
+ * Callback to call on receipt of a reply
+ *
+ * @param cls closure
+ * @param n number of peers
+ * @param recv_peers the received peers
+ */
+static void
+profiler_reply_handle_info (void *cls,
+                            const struct GNUNET_PeerIdentity *recv_peer,
+                            double probability,
+                            uint32_t num_observed)
+{
+  struct RPSPeer *rps_peer;
+  struct RPSPeer *rcv_rps_peer;
+  char file_name_buf[128];
+  char file_name_dh_buf[128];
+  char file_name_dhr_buf[128];
+  char file_name_dhru_buf[128];
+  char *file_name = file_name_buf;
+  char *file_name_dh = file_name_dh_buf;
+  char *file_name_dhr = file_name_dhr_buf;
+  char *file_name_dhru = file_name_dhru_buf;
+  unsigned int i;
+  struct PendingReply *pending_rep = (struct PendingReply *) cls;
+
+  pending_rep->req_handle = NULL;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "profiler_reply_handle()\n");
+  rps_peer = pending_rep->rps_peer;
+  (void) GNUNET_asprintf (&file_name,
+                                       "/tmp/rps/received_ids-%u",
+                                       rps_peer->index);
+
+  (void) GNUNET_asprintf (&file_name_dh,
+                                       "/tmp/rps/diehard_input-%u",
+                                       rps_peer->index);
+  (void) GNUNET_asprintf (&file_name_dhr,
+                                       "/tmp/rps/diehard_input_raw-%u",
+                                       rps_peer->index);
+  (void) GNUNET_asprintf (&file_name_dhru,
+                                       "/tmp/rps/diehard_input_raw_aligned-%u",
+                                       rps_peer->index);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "[%s] got peer with info:\n",
+              GNUNET_i2s (rps_peer->peer_id));
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "  %s\n",
+              GNUNET_i2s (recv_peer));
+  tofile (file_name,
+           "%s %d %" PRIu32 " \n",
+           GNUNET_i2s_full (recv_peer),
+           probability,
+           num_observed);
+  rcv_rps_peer = GNUNET_CONTAINER_multipeermap_get (peer_map, recv_peer);
+  GNUNET_assert (NULL != rcv_rps_peer);
+  tofile (file_name_dh,
+           "%" PRIu32 "\n",
+           (uint32_t) rcv_rps_peer->index);
+#ifdef TO_FILE
+  to_file_raw (file_name_dhr,
+              (char *) &rcv_rps_peer->index,
+               sizeof (uint32_t));
+  to_file_raw_unaligned (file_name_dhru,
+                        (char *) &rcv_rps_peer->index,
+                         sizeof (uint32_t),
+                         bits_needed);
+#endif /* TO_FILE */
+  default_reply_handle (cls, 1, recv_peer);
+}
+
+
 static void
 profiler_cb (struct RPSPeer *rps_peer)
 {
@@ -2141,7 +2222,7 @@ static void compute_probabilities (uint32_t peer_idx)
 {
   //double probs[num_peers] = { 0 };
   double probs[num_peers];
-  size_t probs_as_str_size = (num_peers * 10 + 1) * sizeof (char);
+  size_t probs_as_str_size = (num_peers * 10 + 2) * sizeof (char);
   char *probs_as_str = GNUNET_malloc (probs_as_str_size);
   char *probs_as_str_cpy;
   uint32_t i;
diff --git a/src/rps/gnunet-service-rps.c b/src/rps/gnunet-service-rps.c
index f6fe17589..e929c89de 100644
--- a/src/rps/gnunet-service-rps.c
+++ b/src/rps/gnunet-service-rps.c
@@ -2602,6 +2602,13 @@ insert_in_sampler (void *cls,
      * messages to it */
     //indicate_sending_intention (peer);
   }
+  if (sub == msub)
+  {
+    GNUNET_STATISTICS_update (stats,
+                              "# observed peers in gossip",
+                              1,
+                              GNUNET_NO);
+  }
 #ifdef TO_FILE
   sub->num_observed_peers++;
   GNUNET_CONTAINER_multipeermap_put
@@ -2611,6 +2618,10 @@ insert_in_sampler (void *cls,
      GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
   uint32_t num_observed_unique_peers =
     GNUNET_CONTAINER_multipeermap_size (sub->observed_unique_peers);
+  GNUNET_STATISTICS_set (stats,
+                         "# unique peers in gossip",
+                         num_observed_unique_peers,
+                         GNUNET_NO);
 #ifdef TO_FILE_FULL
   to_file (sub->file_name_observed_log,
           "%" PRIu32 " %" PRIu32 " %f\n",
diff --git a/src/rps/gnunet-service-rps_sampler.c b/src/rps/gnunet-service-rps_sampler.c
index a95ac82d4..e17b154ca 100644
--- a/src/rps/gnunet-service-rps_sampler.c
+++ b/src/rps/gnunet-service-rps_sampler.c
@@ -257,7 +257,7 @@ sampler_get_rand_peer (void *cls)
                                gpc->req_handle->gpc_tail,
                                gpc);
   *gpc->id = sampler->sampler_elements[r_index]->peer_id;
-  gpc->cont (gpc->cont_cls, gpc->id);
+  gpc->cont (gpc->cont_cls, gpc->id, 0, sampler->sampler_elements[r_index]->num_peers);
 
   GNUNET_free (gpc);
 }
diff --git a/src/rps/rps-sampler_client.c b/src/rps/rps-sampler_client.c
index 0de25df07..20cd9d0c4 100644
--- a/src/rps/rps-sampler_client.c
+++ b/src/rps/rps-sampler_client.c
@@ -158,6 +158,46 @@ struct RPS_SamplerRequestHandle
   void *cls;
 };
 
+
+/**
+ * Closure to _get_rand_peer_info()
+ */
+struct RPS_SamplerRequestHandleSingleInfo
+{
+  /**
+   * DLL
+   */
+  struct RPS_SamplerRequestHandleSingleInfo *next;
+  struct RPS_SamplerRequestHandleSingleInfo *prev;
+
+  /**
+   * Pointer to the id
+   */
+  struct GNUNET_PeerIdentity *id;
+
+  /**
+   * Head and tail for the DLL to store the tasks for single requests
+   */
+  struct GetPeerCls *gpc_head;
+  struct GetPeerCls *gpc_tail;
+
+  /**
+   * Sampler.
+   */
+  struct RPS_Sampler *sampler;
+
+  /**
+   * Callback to be called when all ids are available.
+   */
+  RPS_sampler_sinlge_info_ready_cb callback;
+
+  /**
+   * Closure given to the callback
+   */
+  void *cls;
+};
+
+
 ///**
 // * Global sampler variable.
 // */
@@ -266,10 +306,16 @@ sampler_mod_get_rand_peer (void *cls)
   struct GNUNET_TIME_Relative last_request_diff;
   struct RPS_Sampler *sampler;
   double prob_observed_n;
+  uint32_t num_observed;
 
   gpc->get_peer_task = NULL;
   gpc->notify_ctx = NULL;
-  sampler = gpc->req_handle->sampler;
+  GNUNET_assert ( (NULL != gpc->req_handle) ||
+                  (NULL != gpc->req_single_info_handle) );
+  if (NULL != gpc->req_handle)
+    sampler = gpc->req_handle->sampler;
+  else
+    sampler = gpc->req_single_info_handle->sampler;
 
   LOG (GNUNET_ERROR_TYPE_DEBUG, "Single peer was requested\n");
 
@@ -335,10 +381,10 @@ sampler_mod_get_rand_peer (void *cls)
                                            s_elem->num_peers,
                                            sampler->deficiency_factor);
   /* check if probability is above desired */
-  if (prob_observed_n >= sampler->desired_probability)
+  if (prob_observed_n < sampler->desired_probability)
   {
     LOG (GNUNET_ERROR_TYPE_DEBUG,
-        "Probability of having observed all peers (%d) too small ( < %d).\n",
+        "Probability of having observed all peers (%f) too small ( < %f).\n",
         prob_observed_n,
         sampler->desired_probability);
     GNUNET_assert (NULL == gpc->notify_ctx);
@@ -359,13 +405,23 @@ sampler_mod_get_rand_peer (void *cls)
 //                         s_elem->num_change,
 //                         GNUNET_NO);
 
+  num_observed = s_elem->num_peers;
   RPS_sampler_elem_reinit (s_elem);
   s_elem->last_client_request = GNUNET_TIME_absolute_get ();
 
-  GNUNET_CONTAINER_DLL_remove (gpc->req_handle->gpc_head,
-                               gpc->req_handle->gpc_tail,
-                               gpc);
-  gpc->cont (gpc->cont_cls, gpc->id);
+  if (NULL != gpc->req_handle)
+  {
+    GNUNET_CONTAINER_DLL_remove (gpc->req_handle->gpc_head,
+                                 gpc->req_handle->gpc_tail,
+                                 gpc);
+  }
+  else
+  {
+    GNUNET_CONTAINER_DLL_remove (gpc->req_single_info_handle->gpc_head,
+                                 gpc->req_single_info_handle->gpc_tail,
+                                 gpc);
+  }
+  gpc->cont (gpc->cont_cls, gpc->id, prob_observed_n, num_observed);
   GNUNET_free (gpc);
 }
 
diff --git a/src/rps/rps-sampler_client.h b/src/rps/rps-sampler_client.h
index 1b425b754..680fabfda 100644
--- a/src/rps/rps-sampler_client.h
+++ b/src/rps/rps-sampler_client.h
@@ -40,6 +40,11 @@ struct RPS_Sampler;
  */
 struct RPS_SamplerRequestHandle;
 
+/**
+ * Closure to _get_rand_peer_info()
+ */
+struct RPS_SamplerRequestHandleSingleInfo;
+
 
 /**
  * Get the size of the sampler.
@@ -108,8 +113,6 @@ RPS_sampler_reinitialise_by_value (struct RPS_Sampler *sampler,
  * @param sampler the sampler to get peers from.
  * @param cb callback that will be called once the ids are ready.
  * @param cls closure given to @a cb
- * @param for_client #GNUNET_YES if result is used for client,
- *                   #GNUNET_NO if used internally
  * @param num_peers the number of peers requested
  */
 struct RPS_SamplerRequestHandle *
@@ -118,6 +121,7 @@ RPS_sampler_get_n_rand_peers (struct RPS_Sampler *sampler,
                               RPS_sampler_n_rand_peers_ready_cb cb,
                               void *cls);
 
+
 /**
  * Cancle a request issued through #RPS_sampler_n_rand_peers_ready_cb.
  *
diff --git a/src/rps/rps-sampler_common.c b/src/rps/rps-sampler_common.c
index f54de9014..adb69e1b5 100644
--- a/src/rps/rps-sampler_common.c
+++ b/src/rps/rps-sampler_common.c
@@ -116,6 +116,45 @@ struct RPS_SamplerRequestHandle
 
 
 /**
+ * Closure to _get_rand_peer_info()
+ */
+struct RPS_SamplerRequestHandleSingleInfo
+{
+  /**
+   * DLL
+   */
+  struct RPS_SamplerRequestHandleSingleInfo *next;
+  struct RPS_SamplerRequestHandleSingleInfo *prev;
+
+  /**
+   * Pointer to the id
+   */
+  struct GNUNET_PeerIdentity *id;
+
+  /**
+   * Head and tail for the DLL to store the tasks for single requests
+   */
+  struct GetPeerCls *gpc_head;
+  struct GetPeerCls *gpc_tail;
+
+  /**
+   * Sampler.
+   */
+  struct RPS_Sampler *sampler;
+
+  /**
+   * Callback to be called when all ids are available.
+   */
+  RPS_sampler_sinlge_info_ready_cb callback;
+
+  /**
+   * Closure given to the callback
+   */
+  void *cls;
+};
+
+
+/**
  * @brief Update the current estimate of the network size stored at the sampler
  *
  * Used for computing the condition when to return elements to the client
@@ -415,12 +454,20 @@ sampler_empty (struct RPS_Sampler *sampler)
 /**
  * Callback to _get_rand_peer() used by _get_n_rand_peers().
  *
+ * Implements #RPS_sampler_rand_peer_ready_cont
+ *
  * Checks whether all n peers are available. If they are,
  * give those back.
+ * @param cls Closure
+ * @param id Peer ID
+ * @param probability The probability with which this sampler has seen all ids
+ * @param num_observed How many ids this sampler has observed
  */
 static void
 check_n_peers_ready (void *cls,
-                     const struct GNUNET_PeerIdentity *id)
+                     const struct GNUNET_PeerIdentity *id,
+                     double probability,
+                     uint32_t num_observed)
 {
   struct RPS_SamplerRequestHandle *req_handle = cls;
   (void) id;
@@ -428,6 +475,8 @@ check_n_peers_ready (void *cls,
   struct GNUNET_PeerIdentity *peers;
   uint32_t num_peers;
   void *cb_cls;
+  (void) probability;
+  (void) num_observed;
 
   req_handle->cur_num_peers++;
   LOG (GNUNET_ERROR_TYPE_DEBUG,
@@ -460,6 +509,53 @@ check_n_peers_ready (void *cls,
 
 
 /**
+ * Callback to _get_rand_peer() used by _get_rand_peer_info().
+ *
+ * Implements #RPS_sampler_rand_peer_ready_cont
+ *
+ * @param cls Closure
+ * @param id Peer ID
+ * @param probability The probability with which this sampler has seen all ids
+ * @param num_observed How many ids this sampler has observed
+ */
+static void
+check_peer_info_ready (void *cls,
+                       const struct GNUNET_PeerIdentity *id,
+                       double probability,
+                       uint32_t num_observed)
+{
+  struct RPS_SamplerRequestHandleSingleInfo *req_handle = cls;
+  (void) id;
+  RPS_sampler_sinlge_info_ready_cb tmp_cb;
+  struct GNUNET_PeerIdentity *peer;
+  void *cb_cls;
+  (void) probability;
+  (void) num_observed;
+
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+      "Got single peer with additional info\n");
+
+  GNUNET_assert (NULL != req_handle->callback);
+
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+      "returning single peer with info to the client\n");
+
+  /* Copy pointers and peers temporarily as they
+   * might be deleted from within the callback */
+  tmp_cb = req_handle->callback;
+  peer = GNUNET_new (struct GNUNET_PeerIdentity);
+  GNUNET_memcpy (peer,
+                 req_handle->id,
+                 sizeof (struct GNUNET_PeerIdentity));
+  cb_cls = req_handle->cls;
+  RPS_sampler_request_single_info_cancel (req_handle);
+  req_handle = NULL;
+  tmp_cb (peer, cb_cls, probability, num_observed);
+  GNUNET_free (peer);
+}
+
+
+/**
  * Get n random peers out of the sampled peers.
  *
  * We might want to reinitialise this sampler after giving the
@@ -469,8 +565,6 @@ check_n_peers_ready (void *cls,
  * @param sampler the sampler to get peers from.
  * @param cb callback that will be called once the ids are ready.
  * @param cls closure given to @a cb
- * @param for_client #GNUNET_YES if result is used for client,
- *                   #GNUNET_NO if used internally
  * @param num_peers the number of peers requested
  */
 struct RPS_SamplerRequestHandle *
@@ -506,6 +600,7 @@ RPS_sampler_get_n_rand_peers (struct RPS_Sampler *sampler,
   {
     gpc = GNUNET_new (struct GetPeerCls);
     gpc->req_handle = req_handle;
+    gpc->req_single_info_handle = NULL;
     gpc->cont = check_n_peers_ready;
     gpc->cont_cls = req_handle;
     gpc->id = &req_handle->ids[i];
@@ -515,11 +610,56 @@ RPS_sampler_get_n_rand_peers (struct RPS_Sampler *sampler,
                                  gpc);
     // maybe add a little delay
     gpc->get_peer_task = GNUNET_SCHEDULER_add_now (sampler->get_peers,
-                                                   gpc);
+                                                   gpc);
   }
   return req_handle;
 }
 
+
+/**
+ * Get one random peer with additional information.
+ *
+ * @param sampler the sampler to get peers from.
+ * @param cb callback that will be called once the ids are ready.
+ * @param cls closure given to @a cb
+ */
+struct RPS_SamplerRequestHandleSingleInfo *
+RPS_sampler_get_rand_peer_info (struct RPS_Sampler *sampler,
+                                RPS_sampler_sinlge_info_ready_cb cb,
+                                void *cls)
+{
+  struct RPS_SamplerRequestHandleSingleInfo *req_handle;
+  struct GetPeerCls *gpc;
+
+  GNUNET_assert (0 != sampler->sampler_size);
+
+  // TODO check if we have too much (distinct) sampled peers
+  req_handle = GNUNET_new (struct RPS_SamplerRequestHandleSingleInfo);
+  req_handle->id = GNUNET_malloc (sizeof (struct GNUNET_PeerIdentity));
+  req_handle->sampler = sampler;
+  req_handle->callback = cb;
+  req_handle->cls = cls;
+  GNUNET_CONTAINER_DLL_insert (sampler->req_handle_single_head,
+                               sampler->req_handle_single_tail,
+                               req_handle);
+
+  gpc = GNUNET_new (struct GetPeerCls);
+  gpc->req_handle = NULL;
+  gpc->req_single_info_handle = req_handle;
+  gpc->cont = check_peer_info_ready;
+  gpc->cont_cls = req_handle;
+  gpc->id = req_handle->id;
+
+  GNUNET_CONTAINER_DLL_insert (req_handle->gpc_head,
+                               req_handle->gpc_tail,
+                               gpc);
+  // maybe add a little delay
+  gpc->get_peer_task = GNUNET_SCHEDULER_add_now (sampler->get_peers,
+                                                 gpc);
+  return req_handle;
+}
+
+
 /**
  * Cancle a request issued through #RPS_sampler_n_rand_peers_ready_cb.
  *
@@ -559,6 +699,45 @@ RPS_sampler_request_cancel (struct RPS_SamplerRequestHandle *req_handle)
 
 
 /**
+ * Cancle a request issued through #RPS_sampler_sinlge_info_ready_cb.
+ *
+ * @param req_handle the handle to the request
+ */
+void
+RPS_sampler_request_single_info_cancel (
+    struct RPS_SamplerRequestHandleSingleInfo *req_single_info_handle)
+{
+  struct GetPeerCls *i;
+
+  while (NULL != (i = req_single_info_handle->gpc_head) )
+  {
+    GNUNET_CONTAINER_DLL_remove (req_single_info_handle->gpc_head,
+                                 req_single_info_handle->gpc_tail,
+                                 i);
+    if (NULL != i->get_peer_task)
+    {
+      GNUNET_SCHEDULER_cancel (i->get_peer_task);
+    }
+    if (NULL != i->notify_ctx)
+    {
+      GNUNET_CONTAINER_DLL_remove (req_single_info_handle->sampler->notify_ctx_head,
+                                   req_single_info_handle->sampler->notify_ctx_tail,
+                                   i->notify_ctx);
+      GNUNET_free (i->notify_ctx);
+      i->notify_ctx = NULL;
+    }
+    GNUNET_free (i);
+  }
+  GNUNET_free (req_single_info_handle->id);
+  req_single_info_handle->id = NULL;
+  GNUNET_CONTAINER_DLL_remove (req_single_info_handle->sampler->req_handle_single_head,
+                               req_single_info_handle->sampler->req_handle_single_tail,
+                               req_single_info_handle);
+  GNUNET_free (req_single_info_handle);
+}
+
+
+/**
  * Cleans the sampler.
  */
   void
diff --git a/src/rps/rps-sampler_common.h b/src/rps/rps-sampler_common.h
index 1abe43720..321efaf1e 100644
--- a/src/rps/rps-sampler_common.h
+++ b/src/rps/rps-sampler_common.h
@@ -44,10 +44,14 @@
  *
  * @param cls the closure given alongside this function.
  * @param id the PeerID that was returned
+ * @param probability The probability with which this sampler has seen all ids
+ * @param num_observed How many ids this sampler has observed
  */
 typedef void
 (*RPS_sampler_rand_peer_ready_cont) (void *cls,
-                                     const struct GNUNET_PeerIdentity *id);
+                                     const struct GNUNET_PeerIdentity *id,
+                                     double probability,
+                                     uint32_t num_observed);
 
 
 /**
@@ -72,6 +76,22 @@ typedef void
 
 
 /**
+ * Callback that is called from _get_n_rand_peers() when the PeerIDs are ready.
+ *
+ * @param cls the closure given alongside this function.
+ * @param probability Probability with which all IDs have been observed
+ * @param num_observed Number of observed IDs
+ * @param ids the PeerIDs that were returned
+ *        to be freed
+ */
+  typedef void
+(*RPS_sampler_sinlge_info_ready_cb) (const struct GNUNET_PeerIdentity *ids,
+                                     void *cls,
+                                     double probability,
+                                     uint32_t num_observed);
+
+
+/**
  * @brief Callback called each time a new peer was put into the sampler
  *
  * @param cls A possibly given closure
@@ -97,6 +117,11 @@ struct GetPeerCls
   struct RPS_SamplerRequestHandle *req_handle;
 
   /**
+   * The #RPS_SamplerRequestHandleSingleInfo this single request belongs to.
+   */
+  struct RPS_SamplerRequestHandleSingleInfo *req_single_info_handle;
+
+  /**
    * The task for this function.
    */
   struct GNUNET_SCHEDULER_Task *get_peer_task;
@@ -177,6 +202,12 @@ struct RPS_Sampler
   struct RPS_SamplerRequestHandle *req_handle_head;
   struct RPS_SamplerRequestHandle *req_handle_tail;
 
+  /**
+   * Head and tail for the DLL to store the #RPS_SamplerRequestHandleSingleInfo
+   */
+  struct RPS_SamplerRequestHandleSingleInfo *req_handle_single_head;
+  struct RPS_SamplerRequestHandleSingleInfo *req_handle_single_tail;
+
   struct SamplerNotifyUpdateCTX *notify_ctx_head;
   struct SamplerNotifyUpdateCTX *notify_ctx_tail;
 };
@@ -306,6 +337,19 @@ RPS_sampler_get_n_rand_peers (struct RPS_Sampler *sampler,
 
 
 /**
+ * Get one random peer with additional information.
+ *
+ * @param sampler the sampler to get peers from.
+ * @param cb callback that will be called once the ids are ready.
+ * @param cls closure given to @a cb
+ */
+struct RPS_SamplerRequestHandleSingleInfo *
+RPS_sampler_get_rand_peer_info (struct RPS_Sampler *sampler,
+                                RPS_sampler_sinlge_info_ready_cb cb,
+                                void *cls);
+
+
+/**
  * Counts how many Samplers currently hold a given PeerID.
  *
  * @param sampler the sampler to count ids in.
@@ -328,6 +372,16 @@ RPS_sampler_request_cancel (struct RPS_SamplerRequestHandle *req_handle);
 
 
 /**
+ * Cancle a request issued through #RPS_sampler_n_rand_peers_ready_cb.
+ *
+ * @param req_handle the handle to the request
+ */
+void
+RPS_sampler_request_single_info_cancel (
+    struct RPS_SamplerRequestHandleSingleInfo *req_single_info_handle);
+
+
+/**
  * Cleans the sampler.
  */
   void
diff --git a/src/rps/rps-test_util.h b/src/rps/rps-test_util.h
index 6b5f568d7..d5a2db9de 100644
--- a/src/rps/rps-test_util.h
+++ b/src/rps/rps-test_util.h
@@ -68,12 +68,15 @@ close_all_files ();
     if (NULL == file_name) break; \
     size = GNUNET_snprintf(tmp_buf,sizeof(tmp_buf),__VA_ARGS__);\
     if (0 > size)\
+    {\
       GNUNET_log (GNUNET_ERROR_TYPE_WARNING,\
            "Failed to create tmp_buf\n");\
-    else\
-      GNUNET_DISK_file_write (get_file_handle (file_name),\
-                              tmp_buf,\
-                              strnlen (tmp_buf, 512));\
+      break;\
+    }\
+    (void) strncat(tmp_buf,"\n",512);\
+    GNUNET_DISK_file_write (get_file_handle (file_name),\
+                            tmp_buf,\
+                            strnlen (tmp_buf, 512));\
   } while (0);
 
 
@@ -82,12 +85,15 @@ close_all_files ();
     memset (tmp_buf, 0, len);\
     size = GNUNET_snprintf(tmp_buf,sizeof(tmp_buf),__VA_ARGS__);\
     if (0 > size)\
+    {\
       GNUNET_log (GNUNET_ERROR_TYPE_WARNING,\
            "Failed to create tmp_buf\n");\
-    else\
-      GNUNET_DISK_file_write (get_file_handle (file_name),\
-                              tmp_buf,\
-                              strnlen (tmp_buf, 512));\
+      break;\
+    }\
+    (void) strncat(tmp_buf,"\n",len);\
+    GNUNET_DISK_file_write (get_file_handle (file_name),\
+                            tmp_buf,\
+                            strnlen (tmp_buf, len));\
   } while (0);
 #else /* TO_FILE */
 #  define to_file(file_name, ...)
diff --git a/src/rps/rps_api.c b/src/rps/rps_api.c
index 7a3adfa94..9e405fdef 100644
--- a/src/rps/rps_api.c
+++ b/src/rps/rps_api.c
@@ -128,6 +128,16 @@ struct GNUNET_RPS_Handle
   struct GNUNET_RPS_Request_Handle *rh_tail;
 
   /**
+   * @brief Pointer to the head element in DLL of single request handles
+   */
+  struct GNUNET_RPS_Request_Handle_Single_Info *rhs_head;
+
+  /**
+   * @brief Pointer to the tail element in DLL of single request handles
+   */
+  struct GNUNET_RPS_Request_Handle_Single_Info *rhs_tail;
+
+  /**
    * @brief The desired probability with which we want to have observed all
    * peers.
    */
@@ -197,6 +207,54 @@ struct GNUNET_RPS_Request_Handle
 
 
 /**
+ * Handler for a single request from a client.
+ */
+struct GNUNET_RPS_Request_Handle_Single_Info
+{
+  /**
+   * The client issuing the request.
+   */
+  struct GNUNET_RPS_Handle *rps_handle;
+
+  /**
+   * @brief The Sampler for the client request
+   */
+  struct RPS_Sampler *sampler;
+
+  /**
+   * @brief Request handle of the request to the sampler - needed to cancel the request
+   */
+  struct RPS_SamplerRequestHandleSingleInfo *sampler_rh;
+
+  /**
+   * @brief Request handle of the request of the biased stream of peers -
+   * needed to cancel the request
+   */
+  struct GNUNET_RPS_StreamRequestHandle *srh;
+
+  /**
+   * The callback to be called when we receive an answer.
+   */
+  GNUNET_RPS_NotifyReadySingleInfoCB ready_cb;
+
+  /**
+   * The closure for the callback.
+   */
+  void *ready_cb_cls;
+
+  /**
+   * @brief Pointer to next element in DLL
+   */
+  struct GNUNET_RPS_Request_Handle_Single_Info *next;
+
+  /**
+   * @brief Pointer to previous element in DLL
+   */
+  struct GNUNET_RPS_Request_Handle_Single_Info *prev;
+};
+
+
+/**
  * Struct used to pack the callback, its closure (provided by the caller)
  * and the connection handler to the service to pass it to a callback function.
  */
@@ -309,6 +367,34 @@ peers_ready_cb (const struct GNUNET_PeerIdentity *peers,
 
 
 /**
+ * @brief Called once the sampler has collected the requested peer.
+ *
+ * Calls the callback provided by the client with the corresponding cls.
+ *
+ * @param peers The array of @a num_peers that has been returned.
+ * @param num_peers The number of peers that have been returned
+ * @param cls The #GNUNET_RPS_Request_Handle
+ * @param probability Probability with which all IDs have been observed
+ * @param num_observed Number of observed IDs
+ */
+static void
+peer_info_ready_cb (const struct GNUNET_PeerIdentity *peers,
+                    void *cls,
+                    double probability,
+                    uint32_t num_observed)
+{
+  struct GNUNET_RPS_Request_Handle_Single_Info *rh = cls;
+
+  rh->sampler_rh = NULL;
+  rh->ready_cb (rh->ready_cb_cls,
+                peers,
+                probability,
+                num_observed);
+  GNUNET_RPS_request_single_info_cancel (rh);
+}
+
+
+/**
  * @brief Callback to collect the peers from the biased stream and put those
  * into the sampler.
  *
@@ -333,6 +419,33 @@ collect_peers_cb (void *cls,
 }
 
 
+/**
+ * @brief Callback to collect the peers from the biased stream and put those
+ * into the sampler.
+ *
+ * This version is for the modified #GNUNET_RPS_Request_Handle_Single_Info
+ *
+ * @param cls The #GNUNET_RPS_Request_Handle
+ * @param num_peers The number of peer that have been returned
+ * @param peers The array of @a num_peers that have been returned
+ */
+static void
+collect_peers_info_cb (void *cls,
+                       uint64_t num_peers,
+                       const struct GNUNET_PeerIdentity *peers)
+{
+  struct GNUNET_RPS_Request_Handle_Single_Info *rhs = cls;
+
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       "Service sent %" PRIu64 " peers from stream\n",
+       num_peers);
+  for (uint64_t i = 0; i < num_peers; i++)
+  {
+    RPS_sampler_update (rhs->sampler, &peers[i]);
+  }
+}
+
+
 /* Get internals for debugging/profiling purposes */
 
 /**
@@ -632,15 +745,15 @@ mq_error_handler (void *cls,
  */
 static void
 hash_from_share_val (const char *share_val,
-                     struct GNUNET_HashCode *hash)
+                     struct GNUNET_HashCode *hash)
 {
   GNUNET_CRYPTO_kdf (hash,
-                     sizeof (struct GNUNET_HashCode),
-                     "rps",
-                     strlen ("rps"),
-                     share_val,
-                     strlen (share_val),
-                     NULL, 0);
+                     sizeof (struct GNUNET_HashCode),
+                     "rps",
+                     strlen ("rps"),
+                     share_val,
+                     strlen (share_val),
+                     NULL, 0);
 }
 
 
@@ -672,6 +785,13 @@ nse_cb (void *cls,
     RPS_sampler_update_with_nw_size (rh_iter->sampler,
                                      GNUNET_NSE_log_estimate_to_n (logestimate));
   }
+  for (struct GNUNET_RPS_Request_Handle_Single_Info *rhs_iter = h->rhs_head;
+       NULL != rhs_iter && NULL != rhs_iter->next;
+       rhs_iter = rhs_iter->next)
+  {
+    RPS_sampler_update_with_nw_size (rhs_iter->sampler,
+                                     GNUNET_NSE_log_estimate_to_n (logestimate));
+  }
 }
 
 
@@ -857,6 +977,48 @@ GNUNET_RPS_request_peers (struct GNUNET_RPS_Handle *rps_handle,
 
 
 /**
+ * Request one random peer, getting additional information.
+ *
+ * @param rps_handle handle to the rps service
+ * @param ready_cb the callback called when the peers are available
+ * @param cls closure given to the callback
+ * @return a handle to cancel this request
+ */
+struct GNUNET_RPS_Request_Handle_Single_Info *
+GNUNET_RPS_request_peer_info (struct GNUNET_RPS_Handle *rps_handle,
+                              GNUNET_RPS_NotifyReadySingleInfoCB ready_cb,
+                              void *cls)
+{
+  struct GNUNET_RPS_Request_Handle_Single_Info *rhs;
+  uint32_t num_req_peers = 1;
+
+  LOG (GNUNET_ERROR_TYPE_INFO,
+       "Client requested peer with additional info\n");
+  rhs = GNUNET_new (struct GNUNET_RPS_Request_Handle_Single_Info);
+  rhs->rps_handle = rps_handle;
+  rhs->sampler = RPS_sampler_mod_init (num_req_peers,
+                                      GNUNET_TIME_UNIT_SECONDS); // TODO remove this time-stuff
+  RPS_sampler_set_desired_probability (rhs->sampler,
+                                       rps_handle->desired_probability);
+  RPS_sampler_set_deficiency_factor (rhs->sampler,
+                                     rps_handle->deficiency_factor);
+  rhs->sampler_rh = RPS_sampler_get_rand_peer_info (rhs->sampler,
+                                                   peer_info_ready_cb,
+                                                   rhs);
+  rhs->srh = GNUNET_RPS_stream_request (rps_handle,
+                                       collect_peers_info_cb,
+                                       rhs); /* cls */
+  rhs->ready_cb = ready_cb;
+  rhs->ready_cb_cls = cls;
+  GNUNET_CONTAINER_DLL_insert (rps_handle->rhs_head,
+                               rps_handle->rhs_tail,
+                               rhs);
+
+  return rhs;
+}
+
+
+/**
  * Seed rps service with peerIDs.
  *
  * @param h handle to the rps service
@@ -1047,6 +1209,37 @@ GNUNET_RPS_request_cancel (struct GNUNET_RPS_Request_Handle *rh)
 
 
 /**
+ * Cancle an issued single info request.
+ *
+ * @param rhs request handle of request to cancle
+ */
+void
+GNUNET_RPS_request_single_info_cancel (
+    struct GNUNET_RPS_Request_Handle_Single_Info *rhs)
+{
+  struct GNUNET_RPS_Handle *h;
+
+  h = rhs->rps_handle;
+  GNUNET_assert (NULL != rhs);
+  GNUNET_assert (NULL != rhs->srh);
+  GNUNET_assert (h == rhs->srh->rps_handle);
+  GNUNET_RPS_stream_cancel (rhs->srh);
+  rhs->srh = NULL;
+  if (NULL == h->stream_requests_head) cancel_stream(h);
+  if (NULL != rhs->sampler_rh)
+  {
+    RPS_sampler_request_single_info_cancel (rhs->sampler_rh);
+  }
+  RPS_sampler_destroy (rhs->sampler);
+  rhs->sampler = NULL;
+  GNUNET_CONTAINER_DLL_remove (h->rhs_head,
+                               h->rhs_tail,
+                               rhs);
+  GNUNET_free (rhs);
+}
+
+
+/**
  * Disconnect from the rps service
  *
  * @param h the handle to the rps service
@@ -1079,6 +1272,17 @@ GNUNET_RPS_disconnect (struct GNUNET_RPS_Handle *h)
       GNUNET_RPS_request_cancel (rh_iter);
     }
   }
+  if (NULL != h->rhs_head)
+  {
+    LOG (GNUNET_ERROR_TYPE_WARNING,
+         "Not all requests were cancelled!\n");
+    for (struct GNUNET_RPS_Request_Handle_Single_Info *rhs_iter = h->rhs_head;
+         h->rhs_head != NULL;
+         rhs_iter = h->rhs_head)
+    {
+      GNUNET_RPS_request_single_info_cancel (rhs_iter);
+    }
+  }
   if (NULL != srh_callback_peers)
   {
     GNUNET_free (srh_callback_peers);
diff --git a/src/transport/Makefile.am b/src/transport/Makefile.am
index 2865460fd..f83fa669c 100644
--- a/src/transport/Makefile.am
+++ b/src/transport/Makefile.am
@@ -285,6 +285,7 @@ gnunet_communicator_tcp_LDADD = \
 gnunet_communicator_udp_SOURCES = \
  gnunet-communicator-udp.c
 gnunet_communicator_udp_LDADD = \
+  libgnunettransportapplication.la \
   libgnunettransportcommunicator.la \
   $(top_builddir)/src/nat/libgnunetnatnew.la \
   $(top_builddir)/src/nt/libgnunetnt.la \
diff --git a/src/transport/gnunet-communicator-udp.c b/src/transport/gnunet-communicator-udp.c
index fa8eb6acb..f101d2d75 100644
--- a/src/transport/gnunet-communicator-udp.c
+++ b/src/transport/gnunet-communicator-udp.c
@@ -35,7 +35,7 @@
  *    where is the API for that!?!)
  * - support DNS names in BINDTO option (#5528)
  * - support NAT connection reversal method (#5529)
- * - support other UDP-specific NAT traversal methods (#) 
+ * - support other UDP-specific NAT traversal methods (#)
  */
 #include "platform.h"
 #include "gnunet_util_lib.h"
@@ -45,26 +45,27 @@
 #include "gnunet_nt_lib.h"
 #include "gnunet_nat_service.h"
 #include "gnunet_statistics_service.h"
+#include "gnunet_transport_application_service.h"
 #include "gnunet_transport_communication_service.h"
 
 /**
  * How often do we rekey based on time (at least)
- */ 
+ */
 #define REKEY_TIME_INTERVAL GNUNET_TIME_UNIT_DAYS
 
 /**
  * How long do we wait until we must have received the initial KX?
- */ 
+ */
 #define PROTO_QUEUE_TIMEOUT GNUNET_TIME_UNIT_MINUTES
 
 /**
  * How often do we broadcast our presence on the LAN?
- */ 
+ */
 #define BROADCAST_FREQUENCY GNUNET_TIME_UNIT_MINUTES
 
 /**
  * How often do we scan for changes to our network interfaces?
- */ 
+ */
 #define INTERFACE_SCAN_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)
 
 /**
@@ -88,7 +89,7 @@
  * #KCN_TARGET.
  * Should be large enough that we don't generate ACKs all
  * the time and still have enough time for the ACK to
- * arrive before the sender runs out. So really this 
+ * arrive before the sender runs out. So really this
  * should ideally be based on the RTT.
  */
 #define KCN_THRESHOLD 92
@@ -113,8 +114,8 @@
 #define MAX_SQN_DELTA 160
 
 /**
- * How many shared master secrets do we keep around 
- * at most per sender?  Should be large enough so 
+ * How many shared master secrets do we keep around
+ * at most per sender?  Should be large enough so
  * that we generally have a chance of sending an ACK
  * before the sender already rotated out the master
  * secret.  Generally values around #KCN_TARGET make
@@ -126,7 +127,7 @@
 /**
  * How often do we rekey based on number of bytes transmitted?
  * (additionally randomized).
- */ 
+ */
 #define REKEY_MAX_BYTES (1024LLU * 1024 * 1024 * 4LLU)
 
 /**
@@ -157,23 +158,23 @@ struct UdpHandshakeSignature
 
   /**
    * Identity of the inititor of the UDP connection (UDP client).
-   */ 
+   */
   struct GNUNET_PeerIdentity sender;
 
   /**
    * Presumed identity of the target of the UDP connection (UDP server)
-   */ 
+   */
   struct GNUNET_PeerIdentity receiver;
 
   /**
    * Ephemeral key used by the @e sender.
-   */ 
+   */
   struct GNUNET_CRYPTO_EcdhePublicKey ephemeral;
 
   /**
    * Monotonic time of @e sender, to possibly help detect replay attacks
    * (if receiver persists times by sender).
-   */ 
+   */
   struct GNUNET_TIME_AbsoluteNBO monotonic_time;
 };
 
@@ -187,13 +188,13 @@ struct InitialKX
 
   /**
    * Ephemeral key for KX.
-   */ 
+   */
   struct GNUNET_CRYPTO_EcdhePublicKey ephemeral;
 
   /**
    * HMAC for the following encrypted message, using GCM.  HMAC uses
    * key derived from the handshake with sequence number zero.
-   */ 
+   */
   char gcm_tag[GCM_TAG_SIZE];
 
 };
@@ -218,7 +219,7 @@ struct UDPConfirmation
   /**
    * Monotonic time of @e sender, to possibly help detect replay attacks
    * (if receiver persists times by sender).
-   */ 
+   */
   struct GNUNET_TIME_AbsoluteNBO monotonic_time;
 
   /* followed by messages */
@@ -230,24 +231,24 @@ struct UDPConfirmation
 /**
  * UDP key acknowledgement.  May be sent via backchannel. Allows the
  * sender to use `struct UDPBox` with the acknowledge key henceforth.
- */ 
+ */
 struct UDPAck
 {
 
   /**
    * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_ACK.
-   */ 
+   */
   struct GNUNET_MessageHeader header;
 
   /**
    * Sequence acknowledgement limit. Specifies current maximum sequence
    * number supported by receiver.
-   */ 
+   */
   uint32_t sequence_max GNUNET_PACKED;
-  
+
   /**
    * CMAC of the base key being acknowledged.
-   */ 
+   */
   struct GNUNET_HashCode cmac;
 
 };
@@ -257,7 +258,7 @@ struct UDPAck
  * Signature we use to verify that the broadcast was really made by
  * the peer that claims to have made it.  Basically, affirms that the
  * peer is really using this IP address (albeit possibly not in _our_
- * LAN).  Makes it difficult for peers in the LAN to claim to 
+ * LAN).  Makes it difficult for peers in the LAN to claim to
  * be just any global peer -- an attacker must have at least
  * shared a LAN with the peer they're pretending to be here.
  */
@@ -270,12 +271,12 @@ struct UdpBroadcastSignature
 
   /**
    * Identity of the inititor of the UDP broadcast.
-   */ 
+   */
   struct GNUNET_PeerIdentity sender;
 
   /**
    * Hash of the sender's UDP address.
-   */ 
+   */
   struct GNUNET_HashCode h_address;
 };
 
@@ -298,22 +299,22 @@ struct UDPBroadcast
    * Sender's signature of type
    * #GNUNET_SIGNATURE_COMMUNICATOR_UDP_BROADCAST
    */
-  struct GNUNET_CRYPTO_EddsaSignature sender_sig;  
-  
+  struct GNUNET_CRYPTO_EddsaSignature sender_sig;
+
 };
 
 
 /**
  * UDP message box.  Always sent encrypted, only allowed after
  * the receiver sent a `struct UDPAck` for the base key!
- */ 
+ */
 struct UDPBox
 {
 
   /**
    * Key and IV identification code. KDF applied to an acknowledged
    * base key and a sequence number.  Sequence numbers must be used
-   * monotonically increasing up to the maximum specified in 
+   * monotonically increasing up to the maximum specified in
    * `struct UDPAck`. Without further `struct UDPAck`s, the sender
    * must fall back to sending handshakes!
    */
@@ -325,9 +326,9 @@ struct UDPBox
    * extends until the end of the UDP payload.  If the @e hmac is
    * wrong, the receiver should check if the message might be a
    * `struct UdpHandshakeSignature`.
-   */ 
+   */
   char gcm_tag[GCM_TAG_SIZE];
-  
+
 };
 
 
@@ -350,7 +351,7 @@ struct KeyCacheEntry
    * Kept in a DLL.
    */
   struct KeyCacheEntry *next;
-  
+
   /**
    * Kept in a DLL.
    */
@@ -359,7 +360,7 @@ struct KeyCacheEntry
   /**
    * Key and IV identification code. KDF applied to an acknowledged
    * base key and a sequence number.  Sequence numbers must be used
-   * monotonically increasing up to the maximum specified in 
+   * monotonically increasing up to the maximum specified in
    * `struct UDPAck`. Without further `struct UDPAck`s, the sender
    * must fall back to sending handshakes!
    */
@@ -372,7 +373,7 @@ struct KeyCacheEntry
 
   /**
    * Sequence number used to derive this entry from master key.
-   */ 
+   */
   uint32_t sequence_number;
 };
 
@@ -408,7 +409,7 @@ struct SharedSecret
    * Kept in a DLL, sorted by sequence number. Only if we are decrypting.
    */
   struct KeyCacheEntry *kce_head;
-  
+
   /**
    * Kept in a DLL, sorted by sequence number. Only if we are decrypting.
    */
@@ -423,21 +424,21 @@ struct SharedSecret
    * Receiver we use this shared secret with, or NULL.
    */
   struct ReceiverAddress *receiver;
-  
+
   /**
    * Master shared secret.
-   */ 
+   */
   struct GNUNET_HashCode master;
 
   /**
    * CMAC is used to identify @e master in ACKs.
-   */ 
+   */
   struct GNUNET_HashCode cmac;
 
   /**
    * Up to which sequence number did we use this @e master already?
    * (for encrypting only)
-   */ 
+   */
   uint32_t sequence_used;
 
   /**
@@ -449,7 +450,7 @@ struct SharedSecret
 
   /**
    * Number of active KCN entries.
-   */ 
+   */
   unsigned int active_kce_count;
 };
 
@@ -464,11 +465,11 @@ struct SenderAddress
   /**
    * To whom are we talking to.
    */
-  struct GNUNET_PeerIdentity target;  
+  struct GNUNET_PeerIdentity target;
 
   /**
    * Entry in sender expiration heap.
-   */ 
+   */
   struct GNUNET_CONTAINER_HeapNode *hn;
 
   /**
@@ -480,12 +481,12 @@ struct SenderAddress
    * Shared secrets we used with @e target, last used is tail.
    */
   struct SharedSecret *ss_tail;
-  
+
   /**
    * Address of the other peer.
    */
   struct sockaddr *address;
-  
+
   /**
    * Length of the address.
    */
@@ -498,14 +499,14 @@ struct SenderAddress
 
   /**
    * Length of the DLL at @a ss_head.
-   */ 
+   */
   unsigned int num_secrets;
-  
+
   /**
    * Which network type does this queue use?
    */
   enum GNUNET_NetworkType nt;
-  
+
 };
 
 
@@ -519,8 +520,8 @@ struct ReceiverAddress
   /**
    * To whom are we talking to.
    */
-  struct GNUNET_PeerIdentity target;  
-  
+  struct GNUNET_PeerIdentity target;
+
   /**
    * Shared secrets we received from @e target, first used is head.
    */
@@ -534,14 +535,14 @@ struct ReceiverAddress
   /**
    * Address of the receiver in the human-readable format
    * with the #COMMUNICATOR_ADDRESS_PREFIX.
-   */ 
+   */
   char *foreign_addr;
 
   /**
    * Address of the other peer.
    */
   struct sockaddr *address;
-  
+
   /**
    * Length of the address.
    */
@@ -549,7 +550,7 @@ struct ReceiverAddress
 
   /**
    * Entry in sender expiration heap.
-   */ 
+   */
   struct GNUNET_CONTAINER_HeapNode *hn;
 
   /**
@@ -571,23 +572,23 @@ struct ReceiverAddress
    * MTU we allowed transport for this receiver right now.
    */
   size_t mtu;
-  
+
   /**
    * Length of the DLL at @a ss_head.
-   */ 
+   */
   unsigned int num_secrets;
 
   /**
-   * Number of BOX keys from ACKs we have currently 
+   * Number of BOX keys from ACKs we have currently
    * available for this receiver.
-   */ 
+   */
   unsigned int acks_available;
-  
+
   /**
    * Which network type does this queue use?
    */
   enum GNUNET_NetworkType nt;
-  
+
 };
 
 
@@ -611,12 +612,12 @@ struct BroadcastInterface
    * Task for this broadcast interface.
    */
   struct GNUNET_SCHEDULER_Task *broadcast_task;
-  
+
   /**
    * Sender's address of the interface.
    */
   struct sockaddr *sa;
-  
+
   /**
    * Broadcast address to use on the interface.
    */
@@ -624,18 +625,18 @@ struct BroadcastInterface
 
   /**
    * Message we broadcast on this interface.
-   */ 
+   */
   struct UDPBroadcast bcm;
-  
+
   /**
    * If this is an IPv6 interface, this is the request
    * we use to join/leave the group.
    */
   struct ipv6_mreq mcreq;
-  
+
   /**
    * Number of bytes in @e sa.
-   */ 
+   */
   socklen_t salen;
 
   /**
@@ -710,9 +711,9 @@ static struct BroadcastInterface *bi_tail;
  */
 static struct GNUNET_NETWORK_Handle *udp_sock;
 
-/** 
+/**
  * #GNUNET_YES if #udp_sock supports IPv6.
- */ 
+ */
 static int have_v6_socket;
 
 /**
@@ -731,6 +732,11 @@ static struct GNUNET_CRYPTO_EddsaPrivateKey *my_private_key;
 static const struct GNUNET_CONFIGURATION_Handle *cfg;
 
 /**
+ * Our handle to report addresses for validation to TRANSPORT.
+ */
+static struct GNUNET_TRANSPORT_ApplicationHandle *ah;
+
+/**
  * Network scanner to determine network types.
  */
 static struct GNUNET_NT_InterfaceScanner *is;
@@ -742,7 +748,7 @@ static struct GNUNET_NAT_Handle *nat;
 
 /**
  * Port number to which we are actually bound.
- */ 
+ */
 static uint16_t my_port;
 
 
@@ -788,7 +794,7 @@ static void
 receiver_destroy (struct ReceiverAddress *receiver)
 {
   struct GNUNET_MQ_Handle *mq;
-  
+
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Disconnecting receiver for peer `%s'\n",
               GNUNET_i2s (&receiver->target));
@@ -822,7 +828,7 @@ receiver_destroy (struct ReceiverAddress *receiver)
  * Free memory used by key cache entry.
  *
  * @param kce the key cache entry
- */ 
+ */
 static void
 kce_destroy (struct KeyCacheEntry *kce)
 {
@@ -1048,7 +1054,7 @@ check_timeouts (void *cls)
   struct GNUNET_TIME_Relative delay;
   struct ReceiverAddress *receiver;
   struct SenderAddress *sender;
-  
+
   (void) cls;
   timeout_task = NULL;
   rt = GNUNET_TIME_UNIT_FOREVER_REL;
@@ -1072,9 +1078,9 @@ check_timeouts (void *cls)
   if (delay.rel_value_us < GNUNET_TIME_UNIT_FOREVER_REL.rel_value_us)
     timeout_task = GNUNET_SCHEDULER_add_delayed (delay,
                                                  &check_timeouts,
-                                                 NULL);  
+                                                 NULL);
 }
-                          
+
 
 /**
  * Calcualte cmac from master in @a ss.
@@ -1100,12 +1106,12 @@ calculate_cmac (struct SharedSecret *ss)
 
 /**
  * We received @a plaintext_len bytes of @a plaintext from a @a sender.
- * Pass it on to CORE.  
+ * Pass it on to CORE.
  *
  * @param queue the queue that received the plaintext
  * @param plaintext the plaintext that was received
  * @param plaintext_len number of bytes of plaintext received
- */ 
+ */
 static void
 pass_plaintext_to_core (struct SenderAddress *sender,
                         const void *plaintext,
@@ -1171,7 +1177,7 @@ setup_cipher (const struct GNUNET_HashCode *msec,
 
 
 /**
- * Try to decrypt @a buf using shared secret @a ss and key/iv 
+ * Try to decrypt @a buf using shared secret @a ss and key/iv
  * derived using @a serial.
  *
  * @param ss shared secret
@@ -1274,7 +1280,7 @@ setup_shared_secret_enc (const struct GNUNET_CRYPTO_EcdhePrivateKey *ephemeral,
  * recalculated and a fresh queue is initialized.
  *
  * @param receiver receiver to setup MQ for
- */ 
+ */
 static void
 setup_receiver_mq (struct ReceiverAddress *receiver);
 
@@ -1307,9 +1313,9 @@ handle_ack (void *cls,
                      sizeof (struct GNUNET_HashCode)))
     {
       uint32_t allowed;
-      
+
       allowed = ntohl (ack->sequence_max);
-                            
+
       if (allowed > ss->sequence_allowed)
       {
         receiver->acks_available += (allowed - ss->sequence_allowed);
@@ -1342,7 +1348,7 @@ handle_ack (void *cls,
  * @param sender peer to process inbound plaintext for
  * @param buf buffer we received
  * @param buf_size number of bytes in @a buf
- */ 
+ */
 static void
 try_handle_plaintext (struct SenderAddress *sender,
                       const void *buf,
@@ -1413,9 +1419,9 @@ consider_ss_ack (struct SharedSecret *ss)
     ack.sequence_max = htonl (ss->sequence_allowed);
     ack.cmac = ss->cmac;
     GNUNET_TRANSPORT_communicator_notify (ch,
-                                          &ss->sender->target,
-                                          COMMUNICATOR_ADDRESS_PREFIX,
-                                          &ack.header);
+                                          &ss->sender->target,
+                                          COMMUNICATOR_ADDRESS_PREFIX,
+                                          &ack.header);
   }
 }
 
@@ -1426,7 +1432,7 @@ consider_ss_ack (struct SharedSecret *ss)
  * @param box the data we received
  * @param box_len number of bytes in @a box
  * @param kce key index to decrypt @a box
- */ 
+ */
 static void
 decrypt_box (const struct UDPBox *box,
              size_t box_len,
@@ -1519,7 +1525,7 @@ find_sender_by_address (void *cls,
  * if one does not yet exist for @a address.
  *
  * @param target peer to generate address for
- * @param address target address 
+ * @param address target address
  * @param address_len number of bytes in @a address
  * @return data structure to keep track of key material for
  *         decrypting data from @a target
@@ -1582,10 +1588,10 @@ setup_sender (const struct GNUNET_PeerIdentity *target,
  */
 static int
 verify_confirmation (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral,
-                     const struct UDPConfirmation *uc)
+                     const struct UDPConfirmation *uc)
 {
   struct UdpHandshakeSignature uhs;
-                        
+
   uhs.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_UDP_HANDSHAKE);
   uhs.purpose.size = htonl (sizeof (uhs));
   uhs.sender = uc->sender;
@@ -1593,14 +1599,51 @@ verify_confirmation (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral,
   uhs.ephemeral = *ephemeral;
   uhs.monotonic_time = uc->monotonic_time;
   return GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_UDP_HANDSHAKE,
-                                     &uhs.purpose,
-                                     &uc->sender_sig,
-                                     &uc->sender.public_key);
+                                     &uhs.purpose,
+                                     &uc->sender_sig,
+                                     &uc->sender.public_key);
+}
+
+
+/**
+ * Converts @a address to the address string format used by this
+ * communicator in HELLOs.
+ *
+ * @param address the address to convert, must be AF_INET or AF_INET6.
+ * @param address_len number of bytes in @a address
+ * @return string representation of @a address
+ */
+static char *
+sockaddr_to_udpaddr_string (const struct sockaddr *address,
+                            socklen_t address_len)
+{
+  char *ret;
+
+  switch (address->sa_family)
+  {
+  case AF_INET:
+    GNUNET_asprintf (&ret,
+                     "%s-%s",
+                     COMMUNICATOR_ADDRESS_PREFIX,
+                     GNUNET_a2s (address,
+                                 address_len));
+    break;
+  case AF_INET6:
+    GNUNET_asprintf (&ret,
+                     "%s-%s",
+                     COMMUNICATOR_ADDRESS_PREFIX,
+                     GNUNET_a2s (address,
+                                 address_len));
+    break;
+  default:
+    GNUNET_assert (0);
+  }
+  return ret;
 }
 
 
 /**
- * Socket read task. 
+ * Socket read task.
  *
  * @param cls NULL
  */
@@ -1615,18 +1658,18 @@ sock_read (void *cls)
   (void) cls;
   read_task
       = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
-                                       udp_sock,
-                                       &sock_read,
-                                       NULL);
+                                       udp_sock,
+                                       &sock_read,
+                                       NULL);
   rcvd = GNUNET_NETWORK_socket_recvfrom (udp_sock,
-                                         buf,
-                                         sizeof (buf),
-                                         (struct sockaddr *) &sa,
-                                         &salen);
+                                         buf,
+                                         sizeof (buf),
+                                         (struct sockaddr *) &sa,
+                                         &salen);
   if (-1 == rcvd)
   {
     GNUNET_log_strerror (GNUNET_ERROR_TYPE_DEBUG,
-                         "recv");
+                         "recv");
     return;
   }
 
@@ -1638,12 +1681,12 @@ sock_read (void *cls)
 
     box = (const struct UDPBox *) buf;
     kce = GNUNET_CONTAINER_multishortmap_get (key_cache,
-                                              &box->kid);
+                                              &box->kid);
     if (NULL != kce)
     {
       decrypt_box (box,
-                   (size_t) rcvd,
-                   kce);
+                   (size_t) rcvd,
+                   kce);
       return;
     }
   }
@@ -1659,25 +1702,41 @@ sock_read (void *cls)
     uhs.purpose.size = htonl (sizeof (uhs));
     uhs.sender = ub->sender;
     GNUNET_CRYPTO_hash (&sa,
-                        salen,
-                        &uhs.h_address);
+                        salen,
+                        &uhs.h_address);
     if (GNUNET_OK ==
-        GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_UDP_BROADCAST,
-                                    &uhs.purpose,
-                                    &ub->sender_sig,
-                                    &ub->sender.public_key))
+        GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_UDP_BROADCAST,
+                                    &uhs.purpose,
+                                    &ub->sender_sig,
+                                    &ub->sender.public_key))
     {
+      char *addr_s;
+      struct GNUNET_TIME_Absolute expiration;
+      enum GNUNET_NetworkType nt;
+
+      addr_s = sockaddr_to_udpaddr_string ((const struct sockaddr *) &sa,
+                                           salen);
       GNUNET_STATISTICS_update (stats,
-                                "# broadcasts received",
-                                1,
-                                GNUNET_NO);
-      // FIXME #5551: we effectively just got a HELLO!
-      // trigger verification NOW!
+                                "# broadcasts received",
+                                1,
+                                GNUNET_NO);
+      /* expire at the broadcast frequency, as then we'll get the next one anyway */
+      expiration = GNUNET_TIME_relative_to_absolute (BROADCAST_FREQUENCY);
+      /* use our own mechanism to determine network type */
+      nt = GNUNET_NT_scanner_get_type (is,
+                                       (const struct sockaddr *) &sa,
+                                       salen);
+      GNUNET_TRANSPORT_application_validate (ah,
+                                             &ub->sender,
+                                             expiration,
+                                             nt,
+                                             addr_s);
+      GNUNET_free (addr_s);
       return;
     }
     /* continue with KX, mostly for statistics... */
   }
-  
+
 
   /* finally, test if it is a KX */
   if (rcvd < sizeof (struct UDPConfirmation) + sizeof (struct InitialKX))
@@ -1769,7 +1828,7 @@ udp_address_to_sockaddr (const char *bindto,
   char dummy[2];
   char *colon;
   char *cp;
-  
+
   if (1 == SSCANF (bindto,
                    "%u%1s",
                    &port,
@@ -1791,7 +1850,7 @@ udp_address_to_sockaddr (const char *bindto,
                                                 "DISABLE_V6")) )
     {
       struct sockaddr_in *i4;
-      
+
       i4 = GNUNET_malloc (sizeof (struct sockaddr_in));
       i4->sin_family = AF_INET;
       i4->sin_port = htons ((uint16_t) port);
@@ -1801,7 +1860,7 @@ udp_address_to_sockaddr (const char *bindto,
     else
     {
       struct sockaddr_in6 *i6;
-      
+
       i6 = GNUNET_malloc (sizeof (struct sockaddr_in6));
       i6->sin6_family = AF_INET6;
       i6->sin6_port = htons ((uint16_t) port);
@@ -1915,7 +1974,7 @@ do_pad (gcry_cipher_hd_t out_cipher,
       .size = htons (sizeof (pad)),
       .type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_PAD)
     };
-    
+
     memcpy (pad,
             &hdr,
             sizeof (hdr));
@@ -1953,7 +2012,7 @@ mq_send (struct GNUNET_MQ_Handle *mq,
     return;
   }
   reschedule_receiver_timeout (receiver);
-  
+
   if (0 == receiver->acks_available)
   {
     /* use KX encryption method */
@@ -2159,12 +2218,12 @@ mq_error (void *cls,
  * recalculated and a fresh queue is initialized.
  *
  * @param receiver receiver to setup MQ for
- */ 
+ */
 static void
 setup_receiver_mq (struct ReceiverAddress *receiver)
 {
   size_t base_mtu;
-  
+
   if (NULL != receiver->qh)
   {
     GNUNET_TRANSPORT_communicator_mq_del (receiver->qh);
@@ -2226,58 +2285,40 @@ setup_receiver_mq (struct ReceiverAddress *receiver)
 
 /**
  * Setup a receiver for transmission.  Setup the MQ processing and
- * inform transport that the queue is ready. 
+ * inform transport that the queue is ready.
  *
- * @param 
- */ 
+ * @param
+ */
 static struct ReceiverAddress *
 receiver_setup (const struct GNUNET_PeerIdentity *target,
-                const struct sockaddr *address,
-                socklen_t address_len)
+                const struct sockaddr *address,
+                socklen_t address_len)
 {
   struct ReceiverAddress *receiver;
 
   receiver = GNUNET_new (struct ReceiverAddress);
   receiver->address = GNUNET_memdup (address,
-                                     address_len);
+                                     address_len);
   receiver->address_len = address_len;
   receiver->target = *target;
   receiver->nt = GNUNET_NT_scanner_get_type (is,
                                              address,
                                              address_len);
   (void) GNUNET_CONTAINER_multipeermap_put (receivers,
-                                            &receiver->target,
-                                            receiver,
-                                            GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
+                                            &receiver->target,
+                                            receiver,
+                                            GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
   receiver->timeout
     = GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
   receiver->hn = GNUNET_CONTAINER_heap_insert (receivers_heap,
-                                               receiver,
-                                               receiver->timeout.abs_value_us);
+                                               receiver,
+                                               receiver->timeout.abs_value_us);
   GNUNET_STATISTICS_set (stats,
-                         "# receivers active",
-                         GNUNET_CONTAINER_multipeermap_size (receivers),
-                         GNUNET_NO);
-  switch (address->sa_family)
-  {
-  case AF_INET:
-    GNUNET_asprintf (&receiver->foreign_addr,
-                     "%s-%s",
-                     COMMUNICATOR_ADDRESS_PREFIX,
-                     GNUNET_a2s (receiver->address,
-                                 receiver->address_len));
-    break;
-  case AF_INET6:
-    GNUNET_asprintf (&receiver->foreign_addr,
-                     "%s-%s",
-                     COMMUNICATOR_ADDRESS_PREFIX,
-                     GNUNET_a2s (receiver->address,
-                                 receiver->address_len));
-    break;
-  default:
-    GNUNET_assert (0);
-  }
-
+                         "# receivers active",
+                         GNUNET_CONTAINER_multipeermap_size (receivers),
+                         GNUNET_NO);
+  receiver->foreign_addr = sockaddr_to_udpaddr_string (receiver->address,
+                                                       receiver->address_len);
   setup_receiver_mq (receiver);
 
   if (NULL == timeout_task)
@@ -2313,7 +2354,7 @@ mq_init (void *cls,
   const char *path;
   struct sockaddr *in;
   socklen_t in_len;
-  
+
   if (0 != strncmp (address,
                     COMMUNICATOR_ADDRESS_PREFIX "-",
                     strlen (COMMUNICATOR_ADDRESS_PREFIX "-")))
@@ -2323,12 +2364,12 @@ mq_init (void *cls,
   }
   path = &address[strlen (COMMUNICATOR_ADDRESS_PREFIX "-")];
   in = udp_address_to_sockaddr (path,
-                                &in_len);  
+                                &in_len);
   receiver = receiver_setup (peer,
                              in,
                              in_len);
   (void) receiver;
-  return GNUNET_OK;  
+  return GNUNET_OK;
 }
 
 
@@ -2423,6 +2464,11 @@ do_shutdown (void *cls)
     GNUNET_TRANSPORT_communicator_disconnect (ch);
     ch = NULL;
   }
+  if (NULL != ah)
+  {
+    GNUNET_TRANSPORT_application_done (ah);
+    ah = NULL;
+  }
   if (NULL != stats)
   {
     GNUNET_STATISTICS_destroy (stats,
@@ -2457,7 +2503,7 @@ enc_notify_cb (void *cls,
                const struct GNUNET_MessageHeader *msg)
 {
   const struct UDPAck *ack;
-  
+
   (void) cls;
   if ( (ntohs (msg->type) != GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_ACK) ||
        (ntohs (msg->size) != sizeof (struct UDPAck)) )
@@ -2480,7 +2526,7 @@ enc_notify_cb (void *cls,
  * @param cls closure
  * @param app_ctx[in,out] location where the app can store stuff
  *                  on add and retrieve it on remove
- * @param add_remove #GNUNET_YES to add a new public IP address, 
+ * @param add_remove #GNUNET_YES to add a new public IP address,
  *                   #GNUNET_NO to remove a previous (now invalid) one
  * @param ac address class the address belongs to
  * @param addr either the previous or the new public IP address
@@ -2502,13 +2548,13 @@ nat_address_cb (void *cls,
     enum GNUNET_NetworkType nt;
 
     GNUNET_asprintf (&my_addr,
-                     "%s-%s",
-                     COMMUNICATOR_ADDRESS_PREFIX,
-                     GNUNET_a2s (addr,
-                                 addrlen));
+                     "%s-%s",
+                     COMMUNICATOR_ADDRESS_PREFIX,
+                     GNUNET_a2s (addr,
+                                 addrlen));
     nt = GNUNET_NT_scanner_get_type (is,
-                                     addr,
-                                     addrlen); 
+                                     addr,
+                                     addrlen);
     ai = GNUNET_TRANSPORT_communicator_address_add (ch,
                                                     my_addr,
                                                     nt,
@@ -2543,14 +2589,14 @@ ifc_broadcast (void *cls)
     = GNUNET_SCHEDULER_add_delayed (INTERFACE_SCAN_FREQUENCY,
                                     &ifc_broadcast,
                                     bi);
-  
+
   switch (bi->sa->sa_family) {
   case AF_INET:
     {
       static int yes = 1;
       static int no = 0;
       ssize_t sent;
-    
+
       if (GNUNET_OK !=
           GNUNET_NETWORK_socket_setsockopt (udp_sock,
                                             SOL_SOCKET,
@@ -2660,7 +2706,7 @@ iface_proc (void *cls,
   if ( (AF_INET6 == addr->sa_family) &&
        (GNUNET_YES != have_v6_socket) )
     return GNUNET_OK; /* not using IPv6 */
-  
+
   bi = GNUNET_new (struct BroadcastInterface);
   bi->sa = GNUNET_memdup (addr,
                           addrlen);
@@ -2696,7 +2742,7 @@ iface_proc (void *cls,
                    inet_pton (AF_INET6,
                               "FF05::13B",
                               &bi->mcreq.ipv6mr_multiaddr));
-    
+
     /* http://tools.ietf.org/html/rfc2553#section-5.2:
      *
      * IPV6_JOIN_GROUP
@@ -2736,7 +2782,7 @@ static void
 do_broadcast (void *cls)
 {
   struct BroadcastInterface *bin;
-  
+
   (void) cls;
   for (struct BroadcastInterface *bi = bi_head;
        NULL != bi;
@@ -2778,7 +2824,7 @@ run (void *cls,
   socklen_t in_len;
   struct sockaddr_storage in_sto;
   socklen_t sto_len;
-  
+
   (void) cls;
   cfg = c;
   if (GNUNET_OK !=
@@ -2794,7 +2840,7 @@ run (void *cls,
   }
 
   in = udp_address_to_sockaddr (bindto,
-                                &in_len);
+                                &in_len);
   if (NULL == in)
   {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
@@ -2804,8 +2850,8 @@ run (void *cls,
     return;
   }
   udp_sock = GNUNET_NETWORK_socket_create (in->sa_family,
-                                           SOCK_DGRAM,
-                                           IPPROTO_UDP);
+                                           SOCK_DGRAM,
+                                           IPPROTO_UDP);
   if (NULL == udp_sock)
   {
     GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
@@ -2819,7 +2865,7 @@ run (void *cls,
   if (GNUNET_OK !=
       GNUNET_NETWORK_socket_bind (udp_sock,
                                   in,
-                                  in_len))
+                                  in_len))
   {
     GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
                               "bind",
@@ -2834,12 +2880,12 @@ run (void *cls,
      thus, get the real IN-address from the socket */
   sto_len = sizeof (in_sto);
   if (0 != getsockname (GNUNET_NETWORK_get_fd (udp_sock),
-                        (struct sockaddr *) &in_sto,
-                        &sto_len))
+                        (struct sockaddr *) &in_sto,
+                        &sto_len))
   {
     memcpy (&in_sto,
-            in,
-            in_len);
+            in,
+            in_len);
     sto_len = in_len;
   }
   GNUNET_free (in);
@@ -2847,9 +2893,9 @@ run (void *cls,
   in = (struct sockaddr *) &in_sto;
   in_len = sto_len;
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Bound to `%s'\n",
-              GNUNET_a2s ((const struct sockaddr *) &in_sto,
-                          sto_len));
+              "Bound to `%s'\n",
+              GNUNET_a2s ((const struct sockaddr *) &in_sto,
+                          sto_len));
   switch (in->sa_family)
   {
   case AF_INET:
@@ -2863,17 +2909,17 @@ run (void *cls,
     my_port = 0;
   }
   stats = GNUNET_STATISTICS_create ("C-UDP",
-                                    cfg);
+                                    cfg);
   senders = GNUNET_CONTAINER_multipeermap_create (32,
-                                                  GNUNET_YES);
+                                                  GNUNET_YES);
   receivers = GNUNET_CONTAINER_multipeermap_create (32,
-                                                    GNUNET_YES);
+                                                    GNUNET_YES);
   senders_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
   receivers_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
   key_cache = GNUNET_CONTAINER_multishortmap_create (1024,
-                                                     GNUNET_YES);
+                                                     GNUNET_YES);
   GNUNET_SCHEDULER_add_shutdown (&do_shutdown,
-                                 NULL);
+                                 NULL);
   is = GNUNET_NT_scanner_init ();
   my_private_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg);
   if (NULL == my_private_key)
@@ -2887,15 +2933,15 @@ run (void *cls,
                                       &my_identity.public_key);
   /* start reading */
   read_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
-                                             udp_sock,
-                                             &sock_read,
-                                             NULL);
+                                             udp_sock,
+                                             &sock_read,
+                                             NULL);
   ch = GNUNET_TRANSPORT_communicator_connect (cfg,
-                                              COMMUNICATOR_CONFIG_SECTION,
-                                              COMMUNICATOR_ADDRESS_PREFIX,
+                                              COMMUNICATOR_CONFIG_SECTION,
+                                              COMMUNICATOR_ADDRESS_PREFIX,
                                               GNUNET_TRANSPORT_CC_UNRELIABLE,
-                                              &mq_init,
-                                              NULL,
+                                              &mq_init,
+                                              NULL,
                                               &enc_notify_cb,
                                               NULL);
   if (NULL == ch)
@@ -2904,24 +2950,31 @@ run (void *cls,
     GNUNET_SCHEDULER_shutdown ();
     return;
   }
+  ah = GNUNET_TRANSPORT_application_init (cfg);
+  if (NULL == ah)
+  {
+    GNUNET_break (0);
+    GNUNET_SCHEDULER_shutdown ();
+    return;
+  }
   /* start broadcasting */
   if (GNUNET_YES !=
       GNUNET_CONFIGURATION_get_value_yesno (cfg,
-                                            COMMUNICATOR_CONFIG_SECTION,
-                                            "DISABLE_BROADCAST"))
+                                            COMMUNICATOR_CONFIG_SECTION,
+                                            "DISABLE_BROADCAST"))
   {
     broadcast_task = GNUNET_SCHEDULER_add_now (&do_broadcast,
-                                               NULL);
-  }  
+                                               NULL);
+  }
   nat = GNUNET_NAT_register (cfg,
-                             COMMUNICATOR_CONFIG_SECTION,
-                             IPPROTO_UDP,
-                             1 /* one address */,
-                             (const struct sockaddr **) &in,
-                             &in_len,
-                             &nat_address_cb,
-                             NULL /* FIXME: support reversal: #5529 */,
-                             NULL /* closure */);
+                             COMMUNICATOR_CONFIG_SECTION,
+                             IPPROTO_UDP,
+                             1 /* one address */,
+                             (const struct sockaddr **) &in,
+                             &in_len,
+                             &nat_address_cb,
+                             NULL /* FIXME: support reversal: #5529 */,
+                             NULL /* closure */);
 }
 
 
diff --git a/src/transport/gnunet-service-tng.c b/src/transport/gnunet-service-tng.c
index 6494a5dfd..4d4ac509a 100644
--- a/src/transport/gnunet-service-tng.c
+++ b/src/transport/gnunet-service-tng.c
@@ -35,19 +35,13 @@
  * Implement next:
  * - address validation: what is our plan here?
  *   #1 Peerstore only gets 'validated' addresses
- *   #2 transport needs another API to "trigger" validation!
- *      API may be used by core/application or communicators;
- *      => use yet another lib/MQ/connection?
- *   #3 transport should use validation to also establish
+ *   #2 transport should use validation to also establish
  *      effective flow control (for uni-directional transports!)
- *   #4 UDP broadcasting logic must be extended to use the new API
- *   #5 only validated addresses are selected for scheduling; that
+ *   #3 only validated addresses are selected for scheduling; that
  *      also ensures we know the RTT
- *   #6 to ensure flow control and RTT are OK, we always do the
+ *   #4 to ensure flow control and RTT are OK, we always do the
  *      'validation', even if address comes from PEERSTORE
- *   #7
  * - ACK handling / retransmission
- * - address verification
  * - track RTT, distance, loss, etc.
  * - DV data structures:
  *   + learning
@@ -56,10 +50,6 @@
  * - routing of messages (using DV data structures!)
  * - handling of DV-boxed messages that need to be forwarded
  * - backchannel message encryption & decryption
- * -
- *
- * Easy:
- * - figure out how to call XXX_suggestion_cb!
  *
  * Later:
  * - change transport-core API to provide proper flow control in both
@@ -1680,8 +1670,6 @@ notify_monitors (const struct GNUNET_PeerIdentity *peer,
                  enum GNUNET_NetworkType nt,
                  const struct MonitorEvent *me)
 {
-  static struct GNUNET_PeerIdentity zero;
-
   for (struct TransportClient *tc = clients_head;
        NULL != tc;
        tc = tc->next)
@@ -1690,12 +1678,9 @@ notify_monitors (const struct GNUNET_PeerIdentity *peer,
       continue;
     if (tc->details.monitor.one_shot)
       continue;
-    if ( (0 != memcmp (&tc->details.monitor.peer,
-                       &zero,
-                       sizeof (zero))) &&
-         (0 != memcmp (&tc->details.monitor.peer,
-                       peer,
-                       sizeof (*peer))) )
+    if ( (0 != GNUNET_is_zero (&tc->details.monitor.peer)) &&
+         (0 != GNUNET_memcmp (&tc->details.monitor.peer,
+                              peer)) )
       continue;
     notify_monitor (tc,
                     peer,
@@ -2220,9 +2205,8 @@ handle_client_start (void *cls,
   options = ntohl (start->options);
   if ( (0 != (1 & options)) &&
        (0 !=
-        memcmp (&start->self,
-                &GST_my_identity,
-                sizeof (struct GNUNET_PeerIdentity)) ) )
+        GNUNET_memcmp (&start->self,
+                       &GST_my_identity)) )
   {
     /* client thinks this is a different peer, reject */
     GNUNET_break (0);
@@ -2612,8 +2596,8 @@ expire_ephemerals (void *cls)
       continue;
     }
     ephemeral_task = GNUNET_SCHEDULER_add_at (ece->ephemeral_validity,
-                                              &expire_ephemerals,
-                                              NULL);
+                                              &expire_ephemerals,
+                                              NULL);
     return;
   }
 }
@@ -2640,7 +2624,7 @@ lookup_ephemeral (const struct GNUNET_PeerIdentity *pid,
   struct EphemeralConfirmation ec;
 
   ece = GNUNET_CONTAINER_multipeermap_get (ephemeral_map,
-                                           pid);
+                                           pid);
   if ( (NULL != ece) &&
        (0 == GNUNET_TIME_absolute_get_remaining (ece->ephemeral_validity).rel_value_us) )
   {
@@ -2652,27 +2636,27 @@ lookup_ephemeral (const struct GNUNET_PeerIdentity *pid,
     ece = GNUNET_new (struct EphemeralCacheEntry);
     ece->target = *pid;
     ece->ephemeral_validity = GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get_monotonic (GST_cfg),
-                                                        EPHEMERAL_VALIDITY);
+                                                        EPHEMERAL_VALIDITY);
     GNUNET_assert (GNUNET_OK ==
-                   GNUNET_CRYPTO_ecdhe_key_create2 (&ece->private_key));
+                   GNUNET_CRYPTO_ecdhe_key_create2 (&ece->private_key));
     GNUNET_CRYPTO_ecdhe_key_get_public (&ece->private_key,
-                                        &ece->ephemeral_key);
+                                        &ece->ephemeral_key);
     ec.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_EPHEMERAL);
     ec.purpose.size = htonl (sizeof (ec));
     ec.target = *pid;
     ec.ephemeral_key = ece->ephemeral_key;
     GNUNET_assert (GNUNET_OK ==
-                   GNUNET_CRYPTO_eddsa_sign (GST_my_private_key,
-                                             &ec.purpose,
-                                             &ece->sender_sig));
+                   GNUNET_CRYPTO_eddsa_sign (GST_my_private_key,
+                                             &ec.purpose,
+                                             &ece->sender_sig));
     ece->hn = GNUNET_CONTAINER_heap_insert (ephemeral_heap,
                                             ece,
                                             ece->ephemeral_validity.abs_value_us);
     GNUNET_assert (GNUNET_OK ==
-                   GNUNET_CONTAINER_multipeermap_put (ephemeral_map,
-                                                      &ece->target,
-                                                      ece,
-                                                      GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
+                   GNUNET_CONTAINER_multipeermap_put (ephemeral_map,
+                                                      &ece->target,
+                                                      ece,
+                                                      GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
     if (NULL == ephemeral_task)
       ephemeral_task = GNUNET_SCHEDULER_add_at (ece->ephemeral_validity,
                                                 &expire_ephemerals,
@@ -2726,34 +2710,34 @@ handle_communicator_backchannel (void *cls,
   enc->header.size = htons (sizeof (*enc) + msize);
   enc->target = cb->pid;
   lookup_ephemeral (&cb->pid,
-                    &private_key,
-                    &enc->ephemeral_key,
-                    &ppay.sender_sig,
-                    &ephemeral_validity);
+                    &private_key,
+                    &enc->ephemeral_key,
+                    &ppay.sender_sig,
+                    &ephemeral_validity);
   // FIXME: setup 'iv'
 #if FIXME
   dh_key_derive (&private_key,
-                 &cb->pid,
-                 &enc->iv,
-                 &key);
+                 &cb->pid,
+                 &enc->iv,
+                 &key);
 #endif
   ppay.ephemeral_validity = GNUNET_TIME_absolute_hton (ephemeral_validity);
   ppay.monotonic_time = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (GST_cfg));
   mpos = (char *) &enc[1];
 #if FIXME
   encrypt (key,
-           &ppay,
-           &mpos,
-           sizeof (ppay));
+           &ppay,
+           &mpos,
+           sizeof (ppay));
   encrypt (key,
-           &cb[1],
-           &mpos,
-           ntohs (cb->header.size) - sizeof (*cb));
+           &cb[1],
+           &mpos,
+           ntohs (cb->header.size) - sizeof (*cb));
   hmac (key,
-        &enc->hmac);
+        &enc->hmac);
 #endif
   route_message (&cb->pid,
-                 &enc->header);
+                 &enc->header);
   GNUNET_SERVICE_client_continue (tc->client);
 }
 
@@ -2802,14 +2786,14 @@ peerstore_store_cb (void *cls,
   ale->sc = NULL;
   if (GNUNET_YES != success)
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                "Failed to store our own address `%s' in peerstore!\n",
-                ale->address);
+                "Failed to store our own address `%s' in peerstore!\n",
+                ale->address);
   /* refresh period is 1/4 of expiration time, that should be plenty
      without being excessive. */
   ale->st = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_divide (ale->expiration,
-                                                                       4ULL),
-                                          &store_pi,
-                                          ale);
+                                                                       4ULL),
+                                          &store_pi,
+                                          ale);
 }
 
 
@@ -2829,30 +2813,30 @@ store_pi (void *cls)
   ale->st = NULL;
   expiration = GNUNET_TIME_relative_to_absolute (ale->expiration);
   GNUNET_HELLO_sign_address (ale->address,
-                             ale->nt,
-                             expiration,
-                             GST_my_private_key,
-                             &addr,
-                             &addr_len);
+                             ale->nt,
+                             expiration,
+                             GST_my_private_key,
+                             &addr,
+                             &addr_len);
   ale->sc = GNUNET_PEERSTORE_store (peerstore,
-                                    "transport",
-                                    &GST_my_identity,
-                                    GNUNET_HELLO_PEERSTORE_KEY,
-                                    addr,
-                                    addr_len,
-                                    expiration,
-                                    GNUNET_PEERSTORE_STOREOPTION_MULTIPLE,
-                                    &peerstore_store_cb,
-                                    ale);
+                                    "transport",
+                                    &GST_my_identity,
+                                    GNUNET_HELLO_PEERSTORE_KEY,
+                                    addr,
+                                    addr_len,
+                                    expiration,
+                                    GNUNET_PEERSTORE_STOREOPTION_MULTIPLE,
+                                    &peerstore_store_cb,
+                                    ale);
   GNUNET_free (addr);
   if (NULL == ale->sc)
   {
     GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
-                "Failed to store our address `%s' with peerstore\n",
-                ale->address);
+                "Failed to store our address `%s' with peerstore\n",
+                ale->address);
     ale->st = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS,
-                                            &store_pi,
-                                            ale);
+                                            &store_pi,
+                                            ale);
   }
 }
 
@@ -2885,7 +2869,7 @@ handle_add_address (void *cls,
                                tc->details.communicator.addr_tail,
                                ale);
   ale->st = GNUNET_SCHEDULER_add_now (&store_pi,
-                                      ale);
+                                      ale);
   GNUNET_SERVICE_client_continue (tc->client);
 }
 
@@ -2956,7 +2940,7 @@ struct CommunicatorMessageContext
  */
 static void
 demultiplex_with_cmc (struct CommunicatorMessageContext *cmc,
-                      const struct GNUNET_MessageHeader *msg);
+                      const struct GNUNET_MessageHeader *msg);
 
 
 /**
@@ -2974,12 +2958,12 @@ finish_cmc_handling (struct CommunicatorMessageContext *cmc)
     struct GNUNET_TRANSPORT_IncomingMessageAck *ack;
 
     env = GNUNET_MQ_msg (ack,
-                         GNUNET_MESSAGE_TYPE_TRANSPORT_INCOMING_MSG_ACK);
+                         GNUNET_MESSAGE_TYPE_TRANSPORT_INCOMING_MSG_ACK);
     ack->reserved = htonl (0);
     ack->fc_id = cmc->im.fc_id;
     ack->sender = cmc->im.sender;
     GNUNET_MQ_send (cmc->tc->mq,
-                    env);
+                    env);
   }
   GNUNET_SERVICE_client_continue (cmc->tc->client);
   GNUNET_free (cmc);
@@ -2995,7 +2979,7 @@ finish_cmc_handling (struct CommunicatorMessageContext *cmc)
  */
 static void
 handle_raw_message (void *cls,
-                    const struct GNUNET_MessageHeader *mh)
+                    const struct GNUNET_MessageHeader *mh)
 {
   struct CommunicatorMessageContext *cmc = cls;
   uint16_t size = ntohs (mh->size);
@@ -3021,14 +3005,14 @@ handle_raw_message (void *cls,
     if (CT_CORE != tc->type)
       continue;
     env = GNUNET_MQ_msg_extra (im,
-                               size,
-                               GNUNET_MESSAGE_TYPE_TRANSPORT_RECV);
+                               size,
+                               GNUNET_MESSAGE_TYPE_TRANSPORT_RECV);
     im->peer = cmc->im.sender;
     memcpy (&im[1],
-            mh,
-            size);
+            mh,
+            size);
     GNUNET_MQ_send (tc->mq,
-                    env);
+                    env);
   }
   /* FIXME: consider doing this _only_ once the message
      was drained from the CORE MQs to extend flow control to CORE!
@@ -3046,7 +3030,7 @@ handle_raw_message (void *cls,
  */
 static int
 check_fragment_box (void *cls,
-                    const struct TransportFragmentBox *fb)
+                    const struct TransportFragmentBox *fb)
 {
   uint16_t size = ntohs (fb->header.size);
   uint16_t bsize = size - sizeof (*fb);
@@ -3124,7 +3108,7 @@ handle_fragment_box (void *cls,
   int ack_now;
 
   n = GNUNET_CONTAINER_multipeermap_get (neighbours,
-                                         &cmc->im.sender);
+                                         &cmc->im.sender);
   if (NULL == n)
   {
     struct GNUNET_SERVICE_Client *client = cmc->tc->client;
@@ -3137,15 +3121,15 @@ handle_fragment_box (void *cls,
   if (NULL == n->reassembly_map)
   {
     n->reassembly_map = GNUNET_CONTAINER_multishortmap_create (8,
-                                                               GNUNET_YES);
+                                                               GNUNET_YES);
     n->reassembly_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
     n->reassembly_timeout_task = GNUNET_SCHEDULER_add_delayed (REASSEMBLY_EXPIRATION,
-                                                               &reassembly_cleanup_task,
-                                                               n);
+                                                               &reassembly_cleanup_task,
+                                                               n);
   }
   msize = ntohs (fb->msg_size);
   rc = GNUNET_CONTAINER_multishortmap_get (n->reassembly_map,
-                                           &fb->msg_uuid);
+                                           &fb->msg_uuid);
   if (NULL == rc)
   {
     rc = GNUNET_malloc (sizeof (*rc) +
@@ -3157,13 +3141,13 @@ handle_fragment_box (void *cls,
     rc->reassembly_timeout = GNUNET_TIME_relative_to_absolute (REASSEMBLY_EXPIRATION);
     rc->last_frag = GNUNET_TIME_absolute_get ();
     rc->hn = GNUNET_CONTAINER_heap_insert (n->reassembly_heap,
-                                           rc,
-                                           rc->reassembly_timeout.abs_value_us);
+                                           rc,
+                                           rc->reassembly_timeout.abs_value_us);
     GNUNET_assert (GNUNET_OK ==
                    GNUNET_CONTAINER_multishortmap_put (n->reassembly_map,
-                                                       &rc->msg_uuid,
-                                                       rc,
-                                                       GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
+                                               &rc->msg_uuid,
+                                               rc,
+                                               GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
     target = (char *) &rc[1];
     rc->bitfield = (uint8_t *) (target + rc->msg_size);
     rc->msg_missing = rc->msg_size;
@@ -3183,8 +3167,8 @@ handle_fragment_box (void *cls,
   fsize = ntohs (fb->header.size) - sizeof (*fb);
   frag_off = ntohs (fb->frag_off);
   memcpy (&target[frag_off],
-          &fb[1],
-          fsize);
+          &fb[1],
+          fsize);
   /* update bitfield and msg_missing */
   for (unsigned int i=frag_off;i<frag_off+fsize;i++)
   {
@@ -3199,10 +3183,10 @@ handle_fragment_box (void *cls,
   frag_uuid = ntohl (fb->frag_uuid);
   cdelay = GNUNET_TIME_absolute_get_duration (rc->last_frag);
   cdelay = GNUNET_TIME_relative_multiply (cdelay,
-                                          rc->num_acks);
+                                          rc->num_acks);
   rc->last_frag = GNUNET_TIME_absolute_get ();
   rc->avg_ack_delay = GNUNET_TIME_relative_add (rc->avg_ack_delay,
-                                                cdelay);
+                                                cdelay);
   ack_now = GNUNET_NO;
   if (0 == rc->num_acks)
   {
@@ -3266,7 +3250,7 @@ handle_fragment_box (void *cls,
   /* successful reassembly */
   send_fragment_ack (rc);
   demultiplex_with_cmc (cmc,
-                        msg);
+                        msg);
   /* FIXME: really free here? Might be bad if fragments are still
      en-route and we forget that we finished this reassembly immediately!
      -> keep around until timeout?
@@ -3304,7 +3288,7 @@ handle_fragment_ack (void *cls,
  */
 static int
 check_reliability_box (void *cls,
-                       const struct TransportReliabilityBox *rb)
+                       const struct TransportReliabilityBox *rb)
 {
   GNUNET_MQ_check_boxed_message (rb);
   return GNUNET_YES;
@@ -3319,7 +3303,7 @@ check_reliability_box (void *cls,
  */
 static void
 handle_reliability_box (void *cls,
-                        const struct TransportReliabilityBox *rb)
+                        const struct TransportReliabilityBox *rb)
 {
   struct CommunicatorMessageContext *cmc = cls;
   const struct GNUNET_MessageHeader *inbox = (const struct GNUNET_MessageHeader *) &rb[1];
@@ -3331,10 +3315,10 @@ handle_reliability_box (void *cls,
     /* FIXME: implement cummulative ACKs and ack_countdown,
        then setting the avg_ack_delay field below: */
     ack = GNUNET_malloc (sizeof (*ack) +
-                         sizeof (struct GNUNET_ShortHashCode));
+                         sizeof (struct GNUNET_ShortHashCode));
     ack->header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_RELIABILITY_ACK);
     ack->header.size = htons (sizeof (*ack) +
-                              sizeof (struct GNUNET_ShortHashCode));
+                              sizeof (struct GNUNET_ShortHashCode));
     memcpy (&ack[1],
             &rb->msg_uuid,
             sizeof (struct GNUNET_ShortHashCode));
@@ -3399,13 +3383,12 @@ handle_backchannel_encapsulation (void *cls,
 {
   struct CommunicatorMessageContext *cmc = cls;
 
-  if (0 != memcmp (&be->target,
-                   &GST_my_identity,
-                   sizeof (struct GNUNET_PeerIdentity)))
+  if (0 != GNUNET_memcmp (&be->target,
+                          &GST_my_identity))
   {
     /* not for me, try to route to target */
     route_message (&be->target,
-                   GNUNET_copy_message (&be->header));
+                   GNUNET_copy_message (&be->header));
     finish_cmc_handling (cmc);
     return;
   }
@@ -3440,16 +3423,14 @@ check_dv_learn (void *cls,
   }
   for (unsigned int i=0;i<num_hops;i++)
   {
-    if (0 == memcmp (&dvl->initiator,
-                     &hops[i],
-                     sizeof (struct GNUNET_PeerIdentity)))
+    if (0 == GNUNET_memcmp (&dvl->initiator,
+                            &hops[i]))
     {
       GNUNET_break_op (0);
       return GNUNET_SYSERR;
     }
-    if (0 == memcmp (&GST_my_identity,
-                     &hops[i],
-                     sizeof (struct GNUNET_PeerIdentity)))
+    if (0 == GNUNET_memcmp (&GST_my_identity,
+                            &hops[i]))
     {
       GNUNET_break_op (0);
       return GNUNET_SYSERR;
@@ -4249,9 +4230,8 @@ handle_del_queue_message (void *cls,
     struct Neighbour *neighbour = queue->neighbour;
 
     if ( (dqm->qid != queue->qid) ||
-         (0 != memcmp (&dqm->receiver,
-                       &neighbour->pid,
-                       sizeof (struct GNUNET_PeerIdentity))) )
+         (0 != GNUNET_memcmp (&dqm->receiver,
+                              &neighbour->pid)) )
       continue;
     free_queue (queue);
     GNUNET_SERVICE_client_continue (tc->client);
@@ -4288,9 +4268,8 @@ handle_send_message_ack (void *cls,
        NULL != queue;
        queue = queue->next_client)
   {
-    if (0 != memcmp (&queue->neighbour->pid,
-                     &sma->receiver,
-                     sizeof (struct GNUNET_PeerIdentity)))
+    if (0 != GNUNET_memcmp (&queue->neighbour->pid,
+                            &sma->receiver))
       continue;
     for (struct QueueEntry *qep = queue->queue_head;
          NULL != qep;
@@ -4490,10 +4469,10 @@ suggest_to_connect (const struct GNUNET_PeerIdentity *pid,
   cqm->request_id = htonl (idgen++);
   cqm->receiver = *pid;
   memcpy (&cqm[1],
-          address,
-          alen);
+          address,
+          alen);
   GNUNET_MQ_send (tc->mq,
-                  env);
+                  env);
 }
 
 
@@ -4642,7 +4621,7 @@ handle_suggest (void *cls,
   pr->wc = GNUNET_PEERSTORE_watch (peerstore,
                                    "transport",
                                    &pr->pid,
-                                   "hello",
+                                   GNUNET_HELLO_PEERSTORE_KEY,
                                    &handle_hello,
                                    pr);
   GNUNET_SERVICE_client_continue (tc->client);
@@ -4738,6 +4717,38 @@ handle_address_consider_verify (void *cls,
 
 
 /**
+ * Check #GNUNET_MESSAGE_TYPE_TRANSPORT_REQUEST_HELLO_VALIDATION
+ * messages.
+ *
+ * @param cls a `struct TransportClient *`
+ * @param m message to verify
+ * @return #GNUNET_OK on success
+ */
+static int
+check_request_hello_validation (void *cls,
+                                const struct RequestHelloValidationMessage *m)
+{
+  GNUNET_MQ_check_zero_termination (m);
+  return GNUNET_OK;
+}
+
+
+/**
+ * A client encountered an address of another peer. Consider validating it,
+ * and if validation succeeds, persist it to PEERSTORE.
+ *
+ * @param cls a `struct TransportClient *`
+ * @param m message to verify
+ */
+static void
+handle_request_hello_validation (void *cls,
+                                 const struct RequestHelloValidationMessage *m)
+{
+  // FIXME: implement validation!
+}
+
+
+/**
  * Free neighbour entry.
  *
  * @param cls NULL
@@ -4927,6 +4938,10 @@ GNUNET_SERVICE_MAIN
                           GNUNET_MESSAGE_TYPE_TRANSPORT_SUGGEST_CANCEL,
                           struct ExpressPreferenceMessage,
                           NULL),
+ GNUNET_MQ_hd_var_size (request_hello_validation,
+                        GNUNET_MESSAGE_TYPE_TRANSPORT_REQUEST_HELLO_VALIDATION,
+                        struct RequestHelloValidationMessage,
+                        NULL),
  /* communication with core */
  GNUNET_MQ_hd_fixed_size (client_start,
                           GNUNET_MESSAGE_TYPE_TRANSPORT_START,
diff --git a/src/transport/transport.h b/src/transport/transport.h
index b231ea8ae..fe1044383 100644
--- a/src/transport/transport.h
+++ b/src/transport/transport.h
@@ -1139,6 +1139,37 @@ struct ExpressPreferenceMessage
 };
 
 
+/**
+ * We got an address of another peer, TRANSPORT service
+ * should validate it.  There is no response.
+ */
+struct RequestHelloValidationMessage
+{
+
+    /**
+   * Type is #GNUNET_MESSAGE_TYPE_TRANSPORT_REQUEST_HELLO_VALIDATION.
+   */
+  struct GNUNET_MessageHeader header;
+
+  /**
+   * What type of network does the other peer claim this is?
+   * A `enum GNUNET_NetworkType` in NBO.
+   */
+  uint32_t nt GNUNET_PACKED;
+
+  /**
+   * Peer to the address is presumably for.
+   */
+  struct GNUNET_PeerIdentity peer;
+
+  /**
+   * When does the address expire?
+   */
+  struct GNUNET_TIME_AbsoluteNBO expiration;
+
+  /* followed by 0-terminated address to validate */
+};
+
 #endif
 
 GNUNET_NETWORK_STRUCT_END
diff --git a/src/transport/transport_api2_application.c b/src/transport/transport_api2_application.c
index 325438e11..414a21fe4 100644
--- a/src/transport/transport_api2_application.c
+++ b/src/transport/transport_api2_application.c
@@ -363,4 +363,56 @@ GNUNET_TRANSPORT_application_suggest_cancel (struct GNUNET_TRANSPORT_Application
 }
 
 
+
+/**
+ * An application (or a communicator) has received a HELLO (or other address
+ * data of another peer) and wants TRANSPORT to validate that the address is
+ * correct.  The result is NOT returned, in fact TRANSPORT may do nothing
+ * (i.e. if it has too many active validations or recently tried this one
+ * already).  If the @a addr validates, TRANSPORT will persist the address
+ * with PEERSTORE.
+ *
+ * @param ch handle
+ * @param peer identity of the peer we have an address for
+ * @param expiration when does @a addr expire; used by TRANSPORT to know when
+ *        to definitively give up attempting to validate
+ * @param nt network type of @a addr (as claimed by the other peer);
+ *        used by TRANSPORT to avoid trying @a addr's that really cannot work
+ *        due to network type missmatches
+ * @param addr address to validate
+ */
+void
+GNUNET_TRANSPORT_application_validate (struct GNUNET_TRANSPORT_ApplicationHandle *ch,
+                                       const struct GNUNET_PeerIdentity *peer,
+                                       struct GNUNET_TIME_Absolute expiration,
+                                       enum GNUNET_NetworkType nt,
+                                       const char *addr)
+{
+  struct GNUNET_MQ_Envelope *ev;
+  struct RequestHelloValidationMessage *m;
+  size_t alen;
+
+  if (NULL == ch->mq)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                "Address validation for %s:%s skipped as transport is not connected\n",
+                GNUNET_i2s (peer),
+                addr);
+    return;
+  }
+  alen = strlen (addr) + 1;
+  ev = GNUNET_MQ_msg_extra (m,
+                            alen,
+                            GNUNET_MESSAGE_TYPE_TRANSPORT_REQUEST_HELLO_VALIDATION);
+  m->peer = *peer;
+  m->expiration = GNUNET_TIME_absolute_hton (expiration);
+  m->nt = htonl ((uint32_t) nt);
+  memcpy (&m[1],
+          addr,
+          alen);
+  GNUNET_MQ_send (ch->mq,
+                  ev);
+}
+
+
 /* end of transport_api2_application.c */
diff --git a/src/util/common_logging.c b/src/util/common_logging.c
index 60f0b2e8b..de30cab3a 100644
--- a/src/util/common_logging.c
+++ b/src/util/common_logging.c
@@ -1462,11 +1462,17 @@ GNUNET_a2s (const struct sockaddr *addr,
     if (addrlen != sizeof (struct sockaddr_in))
       return "<invalid v4 address>";
     v4 = (const struct sockaddr_in *) addr;
-    inet_ntop (AF_INET, &v4->sin_addr, buf, INET_ADDRSTRLEN);
+    inet_ntop (AF_INET,
+               &v4->sin_addr,
+               buf,
+               INET_ADDRSTRLEN);
     if (0 == ntohs (v4->sin_port))
       return buf;
     strcat (buf, ":");
-    GNUNET_snprintf (b2, sizeof (b2), "%u", ntohs (v4->sin_port));
+    GNUNET_snprintf (b2,
+                     sizeof (b2),
+                     "%u",
+                     ntohs (v4->sin_port));
     strcat (buf, b2);
     return buf;
   case AF_INET6:
@@ -1474,12 +1480,19 @@ GNUNET_a2s (const struct sockaddr *addr,
       return "<invalid v4 address>";
     v6 = (const struct sockaddr_in6 *) addr;
     buf[0] = '[';
-    inet_ntop (AF_INET6, &v6->sin6_addr, &buf[1], INET6_ADDRSTRLEN);
+    inet_ntop (AF_INET6,
+               &v6->sin6_addr,
+               &buf[1],
+               INET6_ADDRSTRLEN);
     if (0 == ntohs (v6->sin6_port))
       return &buf[1];
     strcat (buf, "]:");
-    GNUNET_snprintf (b2, sizeof (b2), "%u", ntohs (v6->sin6_port));
-    strcat (buf, b2);
+    GNUNET_snprintf (b2,
+                     sizeof (b2),
+                     "%u",
+                     ntohs (v6->sin6_port));
+    strcat (buf,
+            b2);
     return buf;
   case AF_UNIX:
     if (addrlen <= sizeof (sa_family_t))