36 files changed, 9925 insertions, 0 deletions

diff --git a/src/service/core/.gitignore b/src/service/core/.gitignore
new file mode 100644
index 000000000..e985f5ff4
--- /dev/null
+++ b/src/service/core/.gitignore
@@ -0,0 +1,9 @@
+gnunet-service-core
+core.conf
+test_core_api
+test_core_api_reliability
+test_core_api_send_to_self
+test_core_api_start_only
+test_core_quota_compliance_asymmetric_recv_limited
+test_core_quota_compliance_asymmetric_send_limited
+test_core_quota_compliance_symmetric
diff --git a/src/service/core/Makefile.am b/src/service/core/Makefile.am
new file mode 100644
index 000000000..95f22c82c
--- /dev/null
+++ b/src/service/core/Makefile.am
@@ -0,0 +1,131 @@
+# This Makefile.am is in the public domain
+AM_CPPFLAGS = -I$(top_srcdir)/src/include
+
+pkgcfgdir= $(pkgdatadir)/config.d/
+
+plugindir = $(libdir)/gnunet
+
+libexecdir= $(pkglibdir)/libexec/
+
+pkgcfg_DATA = \
+  core.conf
+
+if USE_COVERAGE
+  AM_CFLAGS = --coverage -O0
+  XLIB = -lgcov
+endif
+
+plugin_LTLIBRARIES = \
+  libgnunet_test_core_plugin_cmd_just_run.la
+
+TESTING_LIBS = \
+  libgnunetcoretesting.la
+
+lib_LTLIBRARIES = \
+  libgnunetcore.la \
+  $(TESTING_LIBS)
+
+libgnunetcore_la_SOURCES = \
+  core_api.c core.h \
+  core_api_monitor_peers.c
+libgnunetcore_la_LIBADD = \
+  $(top_builddir)/src/lib/util/libgnunetutil.la \
+  $(GN_LIBINTL) $(XLIB)
+libgnunetcore_la_LDFLAGS = \
+  $(GN_LIB_LDFLAGS)  \
+  -version-info 0:1:0
+
+libgnunet_test_core_plugin_cmd_just_run_la_SOURCES = \
+ test_core_plugin_cmd_just_run.c
+libgnunet_test_core_plugin_cmd_just_run_la_LIBADD = \
+  libgnunetcoretesting.la \
+  $(top_builddir)/src/service/transport/libgnunettransportapplication.la \
+  $(top_builddir)/src/service/transport/libgnunettransportcore.la \
+  $(top_builddir)/src/lib/hello/libgnunethello.la \
+  $(top_builddir)/src/service/peerstore/libgnunetpeerstore.la \
+  $(top_builddir)/src/service/transport/libgnunettransporttesting2.la \
+  $(top_builddir)/src/lib/testing/libgnunettesting.la \
+  $(top_builddir)/src/service/statistics/libgnunetstatistics.la \
+  $(top_builddir)/src/service/arm/libgnunetarm.la \
+  $(top_builddir)/src/lib/util/libgnunetutil.la \
+  $(LTLIBINTL)
+libgnunet_test_core_plugin_cmd_just_run_la_LDFLAGS = \
+  $(GN_PLUGIN_LDFLAGS)
+
+libgnunetcoretesting_la_SOURCES = \
+  core_api_cmd_connecting_peers.c
+libgnunetcoretesting_la_LIBADD = \
+  $(top_builddir)/src/lib/testing/libgnunettesting.la \
+  $(top_builddir)/src/service/arm/libgnunetarm.la \
+  $(top_builddir)/src/service/transport/libgnunettransportapplication.la \
+  $(top_builddir)/src/service/transport/libgnunettransporttesting2.la \
+  $(top_builddir)/src/lib/hello/libgnunethello.la \
+  $(top_builddir)/src/service/peerstore/libgnunetpeerstore.la \
+  $(top_builddir)/src/service/transport/libgnunettransportcore.la \
+  $(top_builddir)/src/lib/util/libgnunetutil.la
+libgnunetcoretesting_la_LDFLAGS = \
+  $(GN_LIBINTL) \
+  $(GN_LIB_LDFLAGS) \
+  -version-info 0:0:0
+
+
+libexec_PROGRAMS = \
+ gnunet-service-core
+
+gnunet_service_core_SOURCES = \
+ gnunet-service-core.c gnunet-service-core.h \
+ gnunet-service-core_kx.c gnunet-service-core_kx.h \
+ gnunet-service-core_sessions.c gnunet-service-core_sessions.h \
+ gnunet-service-core_typemap.c gnunet-service-core_typemap.h
+gnunet_service_core_LDADD = \
+  $(top_builddir)/src/service/statistics/libgnunetstatistics.la \
+  $(top_builddir)/src/service/transport/libgnunettransportapplication.la \
+  $(top_builddir)/src/service/transport/libgnunettransportcore.la \
+  $(top_builddir)/src/lib/util/libgnunetutil.la \
+  $(GN_LIBINTL) $(Z_LIBS)
+
+
+TESTING_TESTS = \
+  test_core_api_send_to_self
+
+check_PROGRAMS = \
+ test_core_api_start_only \
+ $(TESTING_TESTS)
+
+# Only test TNG if we run experimental
+#check_SCRIPTS= \
+#  test_core_start_testcase.sh
+
+if ENABLE_TEST_RUN
+AM_TESTS_ENVIRONMENT=export GNUNET_PREFIX=$${GNUNET_PREFIX:-@libdir@};export PATH=$${GNUNET_PREFIX:-@prefix@}/bin:$$PATH;unset XDG_DATA_HOME;unset XDG_CONFIG_HOME;
+TESTS = $(check_PROGRAMS) \
+ $(check_SCRIPTS)
+endif
+
+test_core_api_send_to_self_SOURCES = \
+ test_core_api_send_to_self.c
+test_core_api_send_to_self_LDADD = \
+ libgnunetcore.la \
+ $(top_builddir)/src/lib/testing/libgnunettesting.la \
+ $(top_builddir)/src/lib/util/libgnunetutil.la
+
+test_core_api_start_only_SOURCES = \
+ test_core_api_start_only.c
+test_core_api_start_only_LDADD = \
+ $(top_builddir)/src/lib/testing/libgnunettesting.la \
+ libgnunetcore.la \
+ $(top_builddir)/src/lib/util/libgnunetutil.la
+
+EXTRA_DIST = \
+  test_core_start_testcase.sh \
+  test_core_defaults.conf \
+  test_core_api_data.conf \
+  test_core_api_peer1.conf \
+  test_core_api_peer2.conf \
+  test_core_api_send_to_self.conf \
+  test_core_quota_asymmetric_recv_limited_peer1.conf \
+  test_core_quota_asymmetric_recv_limited_peer2.conf \
+  test_core_quota_asymmetric_send_limit_peer1.conf \
+  test_core_quota_asymmetric_send_limit_peer2.conf \
+  test_core_quota_peer1.conf \
+  test_core_quota_peer2.conf
diff --git a/src/service/core/core.conf.in b/src/service/core/core.conf.in
new file mode 100644
index 000000000..00faf6079
--- /dev/null
+++ b/src/service/core/core.conf.in
@@ -0,0 +1,23 @@
+[core]
+START_ON_DEMAND = @START_ON_DEMAND@
+@JAVAPORT@PORT = 2092
+HOSTNAME = localhost
+BINARY = gnunet-service-core
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-core.sock
+UNIX_MATCH_UID = NO
+UNIX_MATCH_GID = YES
+# DISABLE_SOCKET_FORWARDING = NO
+# USERNAME =
+# MAXBUF =
+# TIMEOUT =
+# DISABLEV6 =
+# BINDTO =
+# REJECT_FROM =
+# REJECT_FROM6 =
+# PREFIX =
+
+# Note: this MUST be set to YES in production, only set to NO for testing
+# for performance (testbed/cluster-scale use!).
+USE_EPHEMERAL_KEYS = YES
diff --git a/src/service/core/core.h b/src/service/core/core.h
new file mode 100644
index 000000000..d4596f038
--- /dev/null
+++ b/src/service/core/core.h
@@ -0,0 +1,326 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2009-2014 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+
+/**
+ * @file core/core.h
+ * @brief common internal definitions for core service
+ * @author Christian Grothoff
+ */
+#ifndef CORE_H
+#define CORE_H
+
+#include "gnunet_util_lib.h"
+#include "gnunet_time_lib.h"
+
+/**
+ * General core debugging.
+ */
+#define DEBUG_CORE GNUNET_EXTRA_LOGGING
+
+/**
+ * Definition of bits in the InitMessage's options field that specify
+ * which events this client cares about.  Note that inbound messages
+ * for handlers that were specifically registered are always
+ * transmitted to the client.
+ */
+#define GNUNET_CORE_OPTION_NOTHING 0
+
+/**
+ * Client cares about connectivity changes.
+ */
+#define GNUNET_CORE_OPTION_SEND_STATUS_CHANGE 4
+
+/**
+ * Client wants all inbound messages in full.
+ */
+#define GNUNET_CORE_OPTION_SEND_FULL_INBOUND 8
+
+/**
+ * Client just wants the 4-byte message headers of
+ * all inbound messages.
+ */
+#define GNUNET_CORE_OPTION_SEND_HDR_INBOUND 16
+
+/**
+ * Client wants all outbound messages in full.
+ */
+#define GNUNET_CORE_OPTION_SEND_FULL_OUTBOUND 32
+
+/**
+ * Client just wants the 4-byte message headers of
+ * all outbound messages.
+ */
+#define GNUNET_CORE_OPTION_SEND_HDR_OUTBOUND 64
+
+
+GNUNET_NETWORK_STRUCT_BEGIN
+
+/**
+ * Message transmitted core clients to gnunet-service-core
+ * to start the interaction.  This header is followed by
+ * uint16_t type values specifying which messages this
+ * client is interested in.
+ */
+struct InitMessage
+{
+  /**
+   * Header with type #GNUNET_MESSAGE_TYPE_CORE_INIT.
+   */
+  struct GNUNET_MessageHeader header;
+
+  /**
+   * Options, see GNUNET_CORE_OPTION_ values.
+   */
+  uint32_t options GNUNET_PACKED;
+};
+
+
+/**
+ * Message transmitted by the gnunet-service-core process
+ * to its clients in response to an INIT message.
+ */
+struct InitReplyMessage
+{
+  /**
+   * Header with type #GNUNET_MESSAGE_TYPE_CORE_INIT_REPLY
+   */
+  struct GNUNET_MessageHeader header;
+
+  /**
+   * Always zero.
+   */
+  uint32_t reserved GNUNET_PACKED;
+
+  /**
+   * Public key of the local peer.
+   */
+  struct GNUNET_PeerIdentity my_identity;
+};
+
+
+/**
+ * Message sent by the service to clients to notify them
+ * about a peer connecting.
+ */
+struct ConnectNotifyMessage
+{
+  /**
+   * Header with type #GNUNET_MESSAGE_TYPE_CORE_NOTIFY_CONNECT
+   */
+  struct GNUNET_MessageHeader header;
+
+  /**
+   * Always zero.
+   */
+  uint32_t reserved GNUNET_PACKED;
+
+  /**
+   * Identity of the connecting peer.
+   */
+  struct GNUNET_PeerIdentity peer;
+};
+
+
+/**
+ * Message sent by the service to clients to notify them
+ * about a peer disconnecting.
+ */
+struct DisconnectNotifyMessage
+{
+  /**
+   * Header with type #GNUNET_MESSAGE_TYPE_CORE_NOTIFY_DISCONNECT.
+   */
+  struct GNUNET_MessageHeader header;
+
+  /**
+   * Always zero.
+   */
+  uint32_t reserved GNUNET_PACKED;
+
+  /**
+   * Identity of the connecting peer.
+   */
+  struct GNUNET_PeerIdentity peer;
+};
+
+
+/**
+ * Message sent by the service to clients to notify them about
+ * messages being received or transmitted.  This overall message is
+ * followed by the real message, or just the header of the real
+ * message (depending on the client's preferences).  The receiver can
+ * tell if it got the full message or only a partial message by
+ * looking at the size field in the header of NotifyTrafficMessage and
+ * checking it with the size field in the message that follows.
+ */
+struct NotifyTrafficMessage
+{
+  /**
+   * Header with type #GNUNET_MESSAGE_TYPE_CORE_NOTIFY_INBOUND
+   * or #GNUNET_MESSAGE_TYPE_CORE_NOTIFY_OUTBOUND.
+   */
+  struct GNUNET_MessageHeader header;
+
+  /**
+   * Identity of the receiver or sender.
+   */
+  struct GNUNET_PeerIdentity peer;
+
+  /* Followed by payload (message or just header), variable size */
+};
+
+
+/**
+ * Client notifying core about the maximum-priority
+ * message it has in the queue for a particular target.
+ */
+struct SendMessageRequest
+{
+  /**
+   * Header with type #GNUNET_MESSAGE_TYPE_CORE_SEND_REQUEST
+   */
+  struct GNUNET_MessageHeader header;
+
+  /**
+   * How important is this message?
+   */
+  uint32_t priority GNUNET_PACKED;
+
+  /**
+   * By what time would the sender really like to see this
+   * message transmitted?
+   */
+  struct GNUNET_TIME_AbsoluteNBO deadline;
+
+  /**
+   * Identity of the intended target.
+   */
+  struct GNUNET_PeerIdentity peer;
+
+  /**
+   * Always zero.
+   */
+  uint32_t reserved GNUNET_PACKED;
+
+  /**
+   * How large is the message?
+   */
+  uint16_t size GNUNET_PACKED;
+
+  /**
+   * Counter for this peer to match SMRs to replies.
+   */
+  uint16_t smr_id GNUNET_PACKED;
+};
+
+
+/**
+ * Core notifying client that it is allowed to now
+ * transmit a message to the given target
+ * (response to #GNUNET_MESSAGE_TYPE_CORE_SEND_REQUEST).
+ */
+struct SendMessageReady
+{
+  /**
+   * Header with type #GNUNET_MESSAGE_TYPE_CORE_SEND_READY
+   */
+  struct GNUNET_MessageHeader header;
+
+  /**
+   * How many bytes are allowed for transmission?
+   * Guaranteed to be at least as big as the requested size,
+   * or ZERO if the request is rejected (will timeout,
+   * peer disconnected, queue full, etc.).
+   */
+  uint16_t size GNUNET_PACKED;
+
+  /**
+   * smr_id from the request.
+   */
+  uint16_t smr_id GNUNET_PACKED;
+
+  /**
+   * Identity of the intended target.
+   */
+  struct GNUNET_PeerIdentity peer;
+};
+
+
+/**
+ * Client asking core to transmit a particular message to a particular
+ * target (response to #GNUNET_MESSAGE_TYPE_CORE_SEND_READY).
+ */
+struct SendMessage
+{
+  /**
+   * Header with type #GNUNET_MESSAGE_TYPE_CORE_SEND
+   */
+  struct GNUNET_MessageHeader header;
+
+  /**
+   * How important is this message? Contains a
+   * `enum GNUNET_MQ_PriorityPreferences` in NBO.
+   */
+  uint32_t priority GNUNET_PACKED;
+
+  /**
+   * By what time would the sender really like to see this
+   * message transmitted?
+   */
+  struct GNUNET_TIME_AbsoluteNBO deadline;
+
+  /**
+   * Identity of the intended receiver.
+   */
+  struct GNUNET_PeerIdentity peer;
+};
+
+
+/**
+ * Message sent by the service to monitor clients to notify them
+ * about a peer changing status.
+ */
+struct MonitorNotifyMessage
+{
+  /**
+   * Header with type #GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY
+   */
+  struct GNUNET_MessageHeader header;
+
+  /**
+   * New peer state, an `enum GNUNET_CORE_KxState` in NBO.
+   */
+  uint32_t state GNUNET_PACKED;
+
+  /**
+   * Identity of the peer.
+   */
+  struct GNUNET_PeerIdentity peer;
+
+  /**
+   * How long will we stay in this state (if nothing else happens)?
+   */
+  struct GNUNET_TIME_AbsoluteNBO timeout;
+};
+
+
+GNUNET_NETWORK_STRUCT_END
+#endif
+/* end of core.h */
diff --git a/src/service/core/core_api.c b/src/service/core/core_api.c
new file mode 100644
index 000000000..2e0bb1785
--- /dev/null
+++ b/src/service/core/core_api.c
@@ -0,0 +1,772 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2009-2016 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+/**
+ * @file core/core_api.c
+ * @brief core service; this is the main API for encrypted P2P
+ *        communications
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_constants.h"
+#include "gnunet_core_service.h"
+#include "core.h"
+
+#define LOG(kind, ...) GNUNET_log_from (kind, "core-api", __VA_ARGS__)
+
+
+/**
+ * Information we track for each peer.
+ */
+struct PeerRecord
+{
+  /**
+   * Corresponding CORE handle.
+   */
+  struct GNUNET_CORE_Handle *h;
+
+  /**
+   * Message queue for the peer.
+   */
+  struct GNUNET_MQ_Handle *mq;
+
+  /**
+   * Message we are currently trying to pass to the CORE service
+   * for this peer (from @e mq).
+   */
+  struct GNUNET_MQ_Envelope *env;
+
+  /**
+   * Value the client returned when we connected, used
+   * as the closure in various places.
+   */
+  void *client_cls;
+
+  /**
+   * Peer the record is about.
+   */
+  struct GNUNET_PeerIdentity peer;
+
+  /**
+   * SendMessageRequest ID generator for this peer.
+   */
+  uint16_t smr_id_gen;
+};
+
+
+/**
+ * Context for the core service connection.
+ */
+struct GNUNET_CORE_Handle
+{
+  /**
+   * Configuration we're using.
+   */
+  const struct GNUNET_CONFIGURATION_Handle *cfg;
+
+  /**
+   * Closure for the various callbacks.
+   */
+  void *cls;
+
+  /**
+   * Function to call once we've handshaked with the core service.
+   */
+  GNUNET_CORE_StartupCallback init;
+
+  /**
+   * Function to call whenever we're notified about a peer connecting.
+   */
+  GNUNET_CORE_ConnectEventHandler connects;
+
+  /**
+   * Function to call whenever we're notified about a peer disconnecting.
+   */
+  GNUNET_CORE_DisconnectEventHandler disconnects;
+
+  /**
+   * Function handlers for messages of particular type.
+   */
+  struct GNUNET_MQ_MessageHandler *handlers;
+
+  /**
+   * Our message queue for transmissions to the service.
+   */
+  struct GNUNET_MQ_Handle *mq;
+
+  /**
+   * Hash map listing all of the peers that we are currently
+   * connected to.
+   */
+  struct GNUNET_CONTAINER_MultiPeerMap *peers;
+
+  /**
+   * Identity of this peer.
+   */
+  struct GNUNET_PeerIdentity me;
+
+  /**
+   * ID of reconnect task (if any).
+   */
+  struct GNUNET_SCHEDULER_Task *reconnect_task;
+
+  /**
+   * Current delay we use for re-trying to connect to core.
+   */
+  struct GNUNET_TIME_Relative retry_backoff;
+
+  /**
+   * Number of entries in the handlers array.
+   */
+  unsigned int hcnt;
+
+  /**
+   * Did we ever get INIT?
+   */
+  int have_init;
+};
+
+
+/**
+ * Our current client connection went down.  Clean it up
+ * and try to reconnect!
+ *
+ * @param h our handle to the core service
+ */
+static void
+reconnect (struct GNUNET_CORE_Handle *h);
+
+
+/**
+ * Task schedule to try to re-connect to core.
+ *
+ * @param cls the `struct GNUNET_CORE_Handle`
+ */
+static void
+reconnect_task (void *cls)
+{
+  struct GNUNET_CORE_Handle *h = cls;
+
+  h->reconnect_task = NULL;
+  LOG (GNUNET_ERROR_TYPE_DEBUG, "Connecting to CORE service after delay\n");
+  reconnect (h);
+}
+
+
+/**
+ * Notify clients about disconnect and free the entry for connected
+ * peer.
+ *
+ * @param cls the `struct GNUNET_CORE_Handle *`
+ * @param key the peer identity (not used)
+ * @param value the `struct PeerRecord` to free.
+ * @return #GNUNET_YES (continue)
+ */
+static int
+disconnect_and_free_peer_entry (void *cls,
+                                const struct GNUNET_PeerIdentity *key,
+                                void *value)
+{
+  struct GNUNET_CORE_Handle *h = cls;
+  struct PeerRecord *pr = value;
+
+  GNUNET_assert (pr->h == h);
+  if (NULL != h->disconnects)
+    h->disconnects (h->cls, &pr->peer, pr->client_cls);
+  GNUNET_assert (GNUNET_YES ==
+                 GNUNET_CONTAINER_multipeermap_remove (h->peers, key, pr));
+  GNUNET_MQ_destroy (pr->mq);
+  GNUNET_assert (NULL == pr->mq);
+  if (NULL != pr->env)
+  {
+    GNUNET_MQ_discard (pr->env);
+    pr->env = NULL;
+  }
+  GNUNET_free (pr);
+  return GNUNET_YES;
+}
+
+
+/**
+ * Close down any existing connection to the CORE service and
+ * try re-establishing it later.
+ *
+ * @param h our handle
+ */
+static void
+reconnect_later (struct GNUNET_CORE_Handle *h)
+{
+  GNUNET_assert (NULL == h->reconnect_task);
+  if (NULL != h->mq)
+  {
+    GNUNET_MQ_destroy (h->mq);
+    h->mq = NULL;
+  }
+  GNUNET_assert (NULL == h->reconnect_task);
+  h->reconnect_task =
+    GNUNET_SCHEDULER_add_delayed (h->retry_backoff, &reconnect_task, h);
+  GNUNET_CONTAINER_multipeermap_iterate (h->peers,
+                                         &disconnect_and_free_peer_entry,
+                                         h);
+  h->retry_backoff = GNUNET_TIME_STD_BACKOFF (h->retry_backoff);
+}
+
+
+/**
+ * Error handler for the message queue to the CORE service.
+ * On errors, we reconnect.
+ *
+ * @param cls closure, a `struct GNUNET_CORE_Handle *`
+ * @param error error code
+ */
+static void
+handle_mq_error (void *cls, enum GNUNET_MQ_Error error)
+{
+  struct GNUNET_CORE_Handle *h = cls;
+
+  LOG (GNUNET_ERROR_TYPE_DEBUG, "MQ ERROR: %d\n", error);
+  reconnect_later (h);
+}
+
+
+/**
+ * Implement sending functionality of a message queue for
+ * us sending messages to a peer.
+ *
+ * @param mq the message queue
+ * @param msg the message to send
+ * @param impl_state state of the implementation
+ */
+static void
+core_mq_send_impl (struct GNUNET_MQ_Handle *mq,
+                   const struct GNUNET_MessageHeader *msg,
+                   void *impl_state)
+{
+  struct PeerRecord *pr = impl_state;
+  struct GNUNET_CORE_Handle *h = pr->h;
+  struct SendMessageRequest *smr;
+  struct SendMessage *sm;
+  struct GNUNET_MQ_Envelope *env;
+  uint16_t msize;
+  enum GNUNET_MQ_PriorityPreferences flags;
+
+  if (NULL == h->mq)
+  {
+    /* We're currently reconnecting, pretend this worked */
+    GNUNET_MQ_impl_send_continue (mq);
+    return;
+  }
+  GNUNET_assert (NULL == pr->env);
+  /* extract options from envelope */
+  env = GNUNET_MQ_get_current_envelope (mq);
+  flags = GNUNET_MQ_env_get_options (env);
+
+  /* check message size for sanity */
+  msize = ntohs (msg->size);
+  if (msize >= GNUNET_MAX_MESSAGE_SIZE - sizeof(struct SendMessage))
+  {
+    GNUNET_break (0);
+    GNUNET_MQ_impl_send_continue (mq);
+    return;
+  }
+
+  /* ask core for transmission */
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       "Asking core for transmission of %u bytes to `%s'\n",
+       (unsigned int) msize,
+       GNUNET_i2s (&pr->peer));
+  env = GNUNET_MQ_msg (smr, GNUNET_MESSAGE_TYPE_CORE_SEND_REQUEST);
+  smr->priority = htonl ((uint32_t) flags);
+  smr->peer = pr->peer;
+  smr->size = htons (msize);
+  smr->smr_id = htons (++pr->smr_id_gen);
+  GNUNET_MQ_send (h->mq, env);
+
+  /* prepare message with actual transmission data */
+  pr->env = GNUNET_MQ_msg_nested_mh (sm, GNUNET_MESSAGE_TYPE_CORE_SEND, msg);
+  sm->priority = htonl ((uint32_t) flags);
+  sm->peer = pr->peer;
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       "Calling get_message with buffer of %u bytes\n",
+       (unsigned int) msize);
+}
+
+
+/**
+ * Handle destruction of a message queue.  Implementations must not
+ * free @a mq, but should take care of @a impl_state.
+ *
+ * @param mq the message queue to destroy
+ * @param impl_state state of the implementation
+ */
+static void
+core_mq_destroy_impl (struct GNUNET_MQ_Handle *mq, void *impl_state)
+{
+  struct PeerRecord *pr = impl_state;
+
+  GNUNET_assert (mq == pr->mq);
+  pr->mq = NULL;
+}
+
+
+/**
+ * Implementation function that cancels the currently sent message.
+ * Should basically undo whatever #mq_send_impl() did.
+ *
+ * @param mq message queue
+ * @param impl_state state specific to the implementation
+ */
+static void
+core_mq_cancel_impl (struct GNUNET_MQ_Handle *mq, void *impl_state)
+{
+  struct PeerRecord *pr = impl_state;
+
+  (void) mq;
+  GNUNET_assert (NULL != pr->env);
+  GNUNET_MQ_discard (pr->env);
+  pr->env = NULL;
+}
+
+
+/**
+ * We had an error processing a message we forwarded from a peer to
+ * the CORE service.  We should just complain about it but otherwise
+ * continue processing.
+ *
+ * @param cls closure
+ * @param error error code
+ */
+static void
+core_mq_error_handler (void *cls, enum GNUNET_MQ_Error error)
+{
+  /* struct PeerRecord *pr = cls; */
+  (void) cls;
+  (void) error;
+  GNUNET_break_op (0);
+}
+
+
+/**
+ * Add the given peer to the list of our connected peers
+ * and create the respective data structures and notify
+ * the application.
+ *
+ * @param h the core handle
+ * @param peer the peer that is connecting to us
+ */
+static void
+connect_peer (struct GNUNET_CORE_Handle *h,
+              const struct GNUNET_PeerIdentity *peer)
+{
+  struct PeerRecord *pr;
+
+  pr = GNUNET_new (struct PeerRecord);
+  pr->peer = *peer;
+  pr->h = h;
+  GNUNET_assert (GNUNET_YES ==
+                 GNUNET_CONTAINER_multipeermap_put (
+                   h->peers,
+                   &pr->peer,
+                   pr,
+                   GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
+  pr->mq = GNUNET_MQ_queue_for_callbacks (&core_mq_send_impl,
+                                          &core_mq_destroy_impl,
+                                          &core_mq_cancel_impl,
+                                          pr,
+                                          h->handlers,
+                                          &core_mq_error_handler,
+                                          pr);
+  if (NULL != h->connects)
+  {
+    pr->client_cls = h->connects (h->cls, &pr->peer, pr->mq);
+    GNUNET_MQ_set_handlers_closure (pr->mq, pr->client_cls);
+  }
+}
+
+
+/**
+ * Handle  init  reply message  received  from  CORE service.   Notify
+ * application  that we  are now  connected  to the  CORE.  Also  fake
+ * loopback connection.
+ *
+ * @param cls the `struct GNUNET_CORE_Handle`
+ * @param m the init reply
+ */
+static void
+handle_init_reply (void *cls, const struct InitReplyMessage *m)
+{
+  struct GNUNET_CORE_Handle *h = cls;
+  GNUNET_CORE_StartupCallback init;
+
+  GNUNET_break (0 == ntohl (m->reserved));
+  h->retry_backoff = GNUNET_TIME_UNIT_MILLISECONDS;
+  if (NULL != (init = h->init))
+  {
+    /* mark so we don't call init on reconnect */
+    h->init = NULL;
+    h->me = m->my_identity;
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+         "Connected to core service of peer `%s'.\n",
+         GNUNET_i2s (&h->me));
+    h->have_init = GNUNET_YES;
+    init (h->cls, &h->me);
+  }
+  else
+  {
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+         "Successfully reconnected to core service.\n");
+    if (GNUNET_NO == h->have_init)
+    {
+      h->me = m->my_identity;
+      h->have_init = GNUNET_YES;
+    }
+    else
+    {
+      GNUNET_break (0 == memcmp (&h->me,
+                                 &m->my_identity,
+                                 sizeof(struct GNUNET_PeerIdentity)));
+    }
+  }
+  /* fake 'connect to self' */
+  connect_peer (h, &h->me);
+}
+
+
+/**
+ * Handle connect message received from CORE service.
+ * Notify the application about the new connection.
+ *
+ * @param cls the `struct GNUNET_CORE_Handle`
+ * @param cnm the connect message
+ */
+static void
+handle_connect_notify (void *cls, const struct ConnectNotifyMessage *cnm)
+{
+  struct GNUNET_CORE_Handle *h = cls;
+  struct PeerRecord *pr;
+
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       "Received notification about connection from `%s'.\n",
+       GNUNET_i2s (&cnm->peer));
+  if (0 == memcmp (&h->me, &cnm->peer, sizeof(struct GNUNET_PeerIdentity)))
+  {
+    /* connect to self!? */
+    GNUNET_break (0);
+    return;
+  }
+  pr = GNUNET_CONTAINER_multipeermap_get (h->peers, &cnm->peer);
+  if (NULL != pr)
+  {
+    GNUNET_break (0);
+    reconnect_later (h);
+    return;
+  }
+  connect_peer (h, &cnm->peer);
+}
+
+
+/**
+ * Handle disconnect message received from CORE service.
+ * Notify the application about the lost connection.
+ *
+ * @param cls the `struct GNUNET_CORE_Handle`
+ * @param dnm message about the disconnect event
+ */
+static void
+handle_disconnect_notify (void *cls, const struct DisconnectNotifyMessage *dnm)
+{
+  struct GNUNET_CORE_Handle *h = cls;
+  struct PeerRecord *pr;
+
+  if (0 == memcmp (&h->me, &dnm->peer, sizeof(struct GNUNET_PeerIdentity)))
+  {
+    /* disconnect from self!? */
+    GNUNET_break (0);
+    return;
+  }
+  GNUNET_break (0 == ntohl (dnm->reserved));
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       "Received notification about disconnect from `%s'.\n",
+       GNUNET_i2s (&dnm->peer));
+  pr = GNUNET_CONTAINER_multipeermap_get (h->peers, &dnm->peer);
+  if (NULL == pr)
+  {
+    GNUNET_break (0);
+    reconnect_later (h);
+    return;
+  }
+  disconnect_and_free_peer_entry (h, &pr->peer, pr);
+}
+
+
+/**
+ * Check that message received from CORE service is well-formed.
+ *
+ * @param cls the `struct GNUNET_CORE_Handle`
+ * @param ntm the message we got
+ * @return #GNUNET_OK if the message is well-formed
+ */
+static int
+check_notify_inbound (void *cls, const struct NotifyTrafficMessage *ntm)
+{
+  uint16_t msize;
+  const struct GNUNET_MessageHeader *em;
+
+  (void) cls;
+  msize = ntohs (ntm->header.size) - sizeof(struct NotifyTrafficMessage);
+  if (msize < sizeof(struct GNUNET_MessageHeader))
+  {
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  em = (const struct GNUNET_MessageHeader *) &ntm[1];
+  if (msize != ntohs (em->size))
+  {
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+}
+
+
+/**
+ * Handle inbound message received from CORE service.  If applicable,
+ * notify the application.
+ *
+ * @param cls the `struct GNUNET_CORE_Handle`
+ * @param ntm the message we got from CORE.
+ */
+static void
+handle_notify_inbound (void *cls, const struct NotifyTrafficMessage *ntm)
+{
+  struct GNUNET_CORE_Handle *h = cls;
+  const struct GNUNET_MessageHeader *em;
+  struct PeerRecord *pr;
+
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       "Received inbound message from `%s'.\n",
+       GNUNET_i2s (&ntm->peer));
+  em = (const struct GNUNET_MessageHeader *) &ntm[1];
+  pr = GNUNET_CONTAINER_multipeermap_get (h->peers, &ntm->peer);
+  if (NULL == pr)
+  {
+    GNUNET_break (0);
+    reconnect_later (h);
+    return;
+  }
+  GNUNET_MQ_inject_message (pr->mq, em);
+}
+
+
+/**
+ * Handle message received from CORE service notifying us that we are
+ * now allowed to send a message to a peer.  If that message is still
+ * pending, put it into the queue to be transmitted.
+ *
+ * @param cls the `struct GNUNET_CORE_Handle`
+ * @param smr the message we got
+ */
+static void
+handle_send_ready (void *cls, const struct SendMessageReady *smr)
+{
+  struct GNUNET_CORE_Handle *h = cls;
+  struct PeerRecord *pr;
+
+  pr = GNUNET_CONTAINER_multipeermap_get (h->peers, &smr->peer);
+  if (NULL == pr)
+  {
+    GNUNET_break (0);
+    reconnect_later (h);
+    return;
+  }
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       "Received notification about transmission readiness to `%s'.\n",
+       GNUNET_i2s (&smr->peer));
+  if (NULL == pr->env)
+  {
+    /* request must have been cancelled between the original request
+     * and the response from CORE, ignore CORE's readiness */
+    return;
+  }
+  if (ntohs (smr->smr_id) != pr->smr_id_gen)
+  {
+    /* READY message is for expired or cancelled message,
+     * ignore! (we should have already sent another request) */
+    return;
+  }
+
+  /* ok, all good, send message out! */
+  GNUNET_MQ_send (h->mq, pr->env);
+  pr->env = NULL;
+  GNUNET_MQ_impl_send_continue (pr->mq);
+}
+
+
+/**
+ * Our current client connection went down.  Clean it up and try to
+ * reconnect!
+ *
+ * @param h our handle to the core service
+ */
+static void
+reconnect (struct GNUNET_CORE_Handle *h)
+{
+  struct GNUNET_MQ_MessageHandler handlers[] =
+  { GNUNET_MQ_hd_fixed_size (init_reply,
+                             GNUNET_MESSAGE_TYPE_CORE_INIT_REPLY,
+                             struct InitReplyMessage,
+                             h),
+    GNUNET_MQ_hd_fixed_size (connect_notify,
+                             GNUNET_MESSAGE_TYPE_CORE_NOTIFY_CONNECT,
+                             struct ConnectNotifyMessage,
+                             h),
+    GNUNET_MQ_hd_fixed_size (disconnect_notify,
+                             GNUNET_MESSAGE_TYPE_CORE_NOTIFY_DISCONNECT,
+                             struct DisconnectNotifyMessage,
+                             h),
+    GNUNET_MQ_hd_var_size (notify_inbound,
+                           GNUNET_MESSAGE_TYPE_CORE_NOTIFY_INBOUND,
+                           struct NotifyTrafficMessage,
+                           h),
+    GNUNET_MQ_hd_fixed_size (send_ready,
+                             GNUNET_MESSAGE_TYPE_CORE_SEND_READY,
+                             struct SendMessageReady,
+                             h),
+    GNUNET_MQ_handler_end () };
+  struct InitMessage *init;
+  struct GNUNET_MQ_Envelope *env;
+  uint16_t *ts;
+
+  GNUNET_assert (NULL == h->mq);
+  h->mq = GNUNET_CLIENT_connect (h->cfg, "core", handlers, &handle_mq_error, h);
+  if (NULL == h->mq)
+  {
+    reconnect_later (h);
+    return;
+  }
+  env = GNUNET_MQ_msg_extra (init,
+                             sizeof(uint16_t) * h->hcnt,
+                             GNUNET_MESSAGE_TYPE_CORE_INIT);
+  LOG (GNUNET_ERROR_TYPE_INFO, "(Re)connecting to CORE service\n");
+  init->options = htonl (0);
+  ts = (uint16_t *) &init[1];
+  for (unsigned int hpos = 0; hpos < h->hcnt; hpos++)
+    ts[hpos] = htons (h->handlers[hpos].type);
+  GNUNET_MQ_send (h->mq, env);
+}
+
+
+/**
+ * Connect to the core service.  Note that the connection may complete
+ * (or fail) asynchronously.
+ *
+ * @param cfg configuration to use
+ * @param cls closure for the various callbacks that follow (including handlers in the handlers array)
+ * @param init callback to call once we have successfully
+ *        connected to the core service
+ * @param connects function to call on peer connect, can be NULL
+ * @param disconnects function to call on peer disconnect / timeout, can be NULL
+ * @param handlers callbacks for messages we care about, NULL-terminated
+ * @return handle to the core service (only useful for disconnect until @a init is called);
+ *                NULL on error (in this case, init is never called)
+ */
+struct GNUNET_CORE_Handle *
+GNUNET_CORE_connect (const struct GNUNET_CONFIGURATION_Handle *cfg,
+                     void *cls,
+                     GNUNET_CORE_StartupCallback init,
+                     GNUNET_CORE_ConnectEventHandler connects,
+                     GNUNET_CORE_DisconnectEventHandler disconnects,
+                     const struct GNUNET_MQ_MessageHandler *handlers)
+{
+  struct GNUNET_CORE_Handle *h;
+
+  h = GNUNET_new (struct GNUNET_CORE_Handle);
+  h->cfg = cfg;
+  h->cls = cls;
+  h->init = init;
+  h->connects = connects;
+  h->disconnects = disconnects;
+  h->peers = GNUNET_CONTAINER_multipeermap_create (128, GNUNET_NO);
+  h->handlers = GNUNET_MQ_copy_handlers (handlers);
+  h->hcnt = GNUNET_MQ_count_handlers (handlers);
+  GNUNET_assert (h->hcnt <
+                 (GNUNET_MAX_MESSAGE_SIZE - sizeof(struct InitMessage))
+                 / sizeof(uint16_t));
+  LOG (GNUNET_ERROR_TYPE_DEBUG, "Connecting to CORE service\n");
+  reconnect (h);
+  if (NULL == h->mq)
+  {
+    GNUNET_CORE_disconnect (h);
+    return NULL;
+  }
+  return h;
+}
+
+
+/**
+ * Disconnect from the core service.
+ *
+ * @param handle connection to core to disconnect
+ */
+void
+GNUNET_CORE_disconnect (struct GNUNET_CORE_Handle *handle)
+{
+  LOG (GNUNET_ERROR_TYPE_DEBUG, "Disconnecting from CORE service\n");
+  GNUNET_CONTAINER_multipeermap_iterate (handle->peers,
+                                         &disconnect_and_free_peer_entry,
+                                         handle);
+  GNUNET_CONTAINER_multipeermap_destroy (handle->peers);
+  handle->peers = NULL;
+  if (NULL != handle->reconnect_task)
+  {
+    GNUNET_SCHEDULER_cancel (handle->reconnect_task);
+    handle->reconnect_task = NULL;
+  }
+  if (NULL != handle->mq)
+  {
+    GNUNET_MQ_destroy (handle->mq);
+    handle->mq = NULL;
+  }
+  GNUNET_free (handle->handlers);
+  GNUNET_free (handle);
+}
+
+
+/**
+ * Obtain the message queue for a connected peer.
+ *
+ * @param h the core handle
+ * @param pid the identity of the peer to check if it has been connected to us
+ * @return NULL if peer is not connected
+ */
+struct GNUNET_MQ_Handle *
+GNUNET_CORE_get_mq (const struct GNUNET_CORE_Handle *h,
+                    const struct GNUNET_PeerIdentity *pid)
+{
+  struct PeerRecord *pr;
+
+  pr = GNUNET_CONTAINER_multipeermap_get (h->peers, pid);
+  if (NULL == pr)
+    return NULL;
+  return pr->mq;
+}
+
+
+/* end of core_api.c */
diff --git a/src/service/core/core_api_cmd_connecting_peers.c b/src/service/core/core_api_cmd_connecting_peers.c
new file mode 100644
index 000000000..0d177a8e9
--- /dev/null
+++ b/src/service/core/core_api_cmd_connecting_peers.c
@@ -0,0 +1,277 @@
+/*
+      This file is part of GNUnet
+      Copyright (C) 2021 GNUnet e.V.
+
+      GNUnet is free software: you can redistribute it and/or modify it
+      under the terms of the GNU Affero General Public License as published
+      by the Free Software Foundation, either version 3 of the License,
+      or (at your option) any later version.
+
+      GNUnet is distributed in the hope that it will be useful, but
+      WITHOUT ANY WARRANTY; without even the implied warranty of
+      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+      Affero General Public License for more details.
+
+      You should have received a copy of the GNU Affero General Public License
+      along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+
+/**
+ * @file core_api_cmd_connecting_peers.c
+ * @brief cmd to start a peer.
+ * @author t3sserakt
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_core_testing_lib.h"
+#include "gnunet_transport_testing_ng_lib.h"
+#include "gnunet_transport_application_service.h"
+#include "gnunet_transport_core_service.h"
+
+/**
+ * Generic logging shortcut
+ */
+#define LOG(kind, ...) GNUNET_log (kind, __VA_ARGS__)
+
+
+/**
+ * The run method of this cmd will connect to peers.
+ *
+ */
+static void
+connect_peers_run (void *cls,
+                   struct GNUNET_TESTING_Interpreter *is)
+{
+  struct GNUNET_TESTING_ConnectPeersState *cps = cls;
+  const struct GNUNET_TESTING_StartPeerState *sps;
+  const struct GNUNET_TESTING_Command *system_cmd;
+  const struct GNUNET_TESTING_System *tl_system;
+  const struct GNUNET_TESTING_Command *peer1_cmd;
+  struct GNUNET_PeerIdentity *peer;
+  enum GNUNET_NetworkType nt = 0;
+  struct GNUNET_TESTING_NodeConnection *pos_connection;
+  struct GNUNET_TESTING_AddressPrefix *pos_prefix;
+  const enum GNUNET_GenericReturnValue *broadcast;
+  unsigned int con_num = 0;
+  uint32_t num;
+  char *addr;
+  char *addr_and_port;
+  char *emsg = NULL;
+
+  cps->is = is;
+  peer1_cmd = GNUNET_TESTING_interpreter_lookup_command (is,
+                                                         cps->start_peer_label);
+  GNUNET_TRANSPORT_TESTING_get_trait_broadcast (peer1_cmd,
+                                                &broadcast);
+  GNUNET_TRANSPORT_TESTING_get_trait_state (peer1_cmd,
+                                            &sps);
+
+  system_cmd = GNUNET_TESTING_interpreter_lookup_command (is,
+                                                          cps->create_label);
+  GNUNET_TESTING_get_trait_test_system (system_cmd,
+                                        &tl_system);
+
+  cps->tl_system = tl_system;
+
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       "cps->num: %u \n",
+       cps->num);
+
+
+  cps->ah = GNUNET_TRANSPORT_application_init (sps->cfg);
+  if (NULL == cps->ah)
+  {
+    LOG (GNUNET_ERROR_TYPE_ERROR,
+         "Failed to initialize the TRANSPORT application suggestion client handle for peer `%s': `%s'\n",
+         sps->cfgname,
+         emsg);
+    GNUNET_free (emsg);
+    GNUNET_TESTING_interpreter_fail (is);
+    return;
+  }
+
+  cps->node_connections_head = GNUNET_TESTING_get_connections (cps->num,
+                                                               cps->topology);
+
+  for (pos_connection = cps->node_connections_head; NULL != pos_connection;
+       pos_connection = pos_connection->next)
+  {
+    con_num++;
+    num = GNUNET_TESTING_calculate_num (pos_connection, cps->topology);
+    for (pos_prefix = pos_connection->address_prefixes_head; NULL != pos_prefix;
+         pos_prefix =
+           pos_prefix->next)
+    {
+      addr = GNUNET_TESTING_get_address (pos_connection,
+                                         pos_prefix->address_prefix);
+      if (NULL != addr)
+      {
+        char *natted_p = strstr (pos_prefix->address_prefix, "_");
+
+        GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                    "0 validating peer number %s %s %s\n",
+                    natted_p,
+                    pos_prefix->address_prefix,
+                    addr);
+        if (0 == GNUNET_memcmp (pos_prefix->address_prefix, "udp"))
+          GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                      "validating memcmp\n");
+        if (GNUNET_YES == *broadcast)
+          GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                      "validating broadcast\n");
+        if ((0 == GNUNET_memcmp (pos_prefix->address_prefix, "udp")) &&
+            (GNUNET_YES == *broadcast) )
+          GNUNET_asprintf (&addr_and_port,
+                           "%s:2086",
+                           addr);
+        else if (NULL == natted_p)
+          GNUNET_asprintf (&addr_and_port,
+                           "%s:60002",
+                           addr);
+        else if (NULL != natted_p)
+        {
+          char *prefix;
+          char *rest;
+          char *address;
+
+          prefix = strtok (addr, "_");
+          rest = strtok (NULL, "_");
+          strtok (rest, "-");
+          address = strtok (NULL, "-");
+
+          GNUNET_asprintf (&addr_and_port,
+                           "%s-%s:0",
+                           prefix,
+                           address);
+
+        }
+        peer = GNUNET_TESTING_get_peer (num, tl_system);
+        GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                    "validating peer number %u with identity %s and address %s %u %s and handle %p\n",
+                    num,
+                    GNUNET_i2s (peer),
+                    addr_and_port,
+                    *broadcast,
+                    pos_prefix->address_prefix,
+                    cps->ah);
+        GNUNET_TRANSPORT_application_validate ((struct
+                                                GNUNET_TRANSPORT_ApplicationHandle
+                                                *) cps->ah,
+                                               peer,
+                                               nt,
+                                               addr_and_port);
+        GNUNET_free (peer);
+        GNUNET_free (addr);
+        GNUNET_free (addr_and_port);
+      }
+    }
+  }
+  cps->con_num = con_num;
+}
+
+
+/**
+ * The cleanup function of this cmd frees resources the cmd allocated.
+ *
+ */
+static void
+connect_peers_cleanup (void *cls)
+{
+  struct GNUNET_TESTING_ConnectPeersState *cps = cls;
+
+  GNUNET_free (cps->connected_peers_map);
+  GNUNET_free (cps);
+}
+
+
+/**
+ * This function prepares an array with traits.
+ *
+ */
+enum GNUNET_GenericReturnValue
+connect_peers_traits (void *cls,
+                      const void **ret,
+                      const char *trait,
+                      unsigned int index)
+{
+  struct GNUNET_TESTING_ConnectPeersState *cps = cls;
+  struct GNUNET_TESTING_Trait traits[] = {
+    GNUNET_CORE_TESTING_make_trait_connect_peer_state ((const void *) cps),
+    GNUNET_TESTING_trait_end ()
+  };
+  return GNUNET_TESTING_get_trait (traits,
+                                   ret,
+                                   trait,
+                                   index);
+}
+
+
+struct GNUNET_TESTING_Command
+GNUNET_CORE_cmd_connect_peers (
+  const char *label,
+  const char *start_peer_label,
+  const char *create_label,
+  uint32_t num,
+  struct GNUNET_TESTING_NetjailTopology *topology,
+  unsigned int additional_connects,
+  unsigned int wait_for_connect,
+  struct GNUNET_MQ_MessageHandler *handlers)
+{
+  struct GNUNET_TESTING_ConnectPeersState *cps;
+  unsigned int node_additional_connects;
+  struct GNUNET_CONTAINER_MultiShortmap *connected_peers_map =
+    GNUNET_CONTAINER_multishortmap_create (1,GNUNET_NO);
+  unsigned int i;
+
+  node_additional_connects = GNUNET_TESTING_get_additional_connects (num,
+                                                                     topology);
+
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       "global: %u and local: %u additional_connects\n",
+       additional_connects,
+       node_additional_connects);
+
+  if (0 != node_additional_connects)
+    additional_connects = node_additional_connects;
+
+  cps = GNUNET_new (struct GNUNET_TESTING_ConnectPeersState);
+  cps->start_peer_label = start_peer_label;
+  cps->num = num;
+  cps->create_label = create_label;
+  cps->topology = topology;
+  cps->additional_connects = additional_connects;
+  cps->wait_for_connect = wait_for_connect;
+  cps->connected_peers_map = connected_peers_map;
+
+  if (NULL != handlers)
+  {
+    for (i = 0; NULL != handlers[i].cb; i++)
+      ;
+    cps->handlers = GNUNET_new_array (i + 1,
+                                      struct GNUNET_MQ_MessageHandler);
+    GNUNET_memcpy (cps->handlers,
+                   handlers,
+                   i * sizeof(struct GNUNET_MQ_MessageHandler));
+  }
+  // FIXME: wrap with cmd_make_unblocking!
+  if (GNUNET_YES == wait_for_connect)
+    return GNUNET_TESTING_command_new_ac (cps,
+                                          label,
+                                          &connect_peers_run,
+                                          &connect_peers_cleanup,
+                                          &connect_peers_traits,
+                                          &cps->ac);
+  else
+    return GNUNET_TESTING_command_new (cps,
+                                       label,
+                                       &connect_peers_run,
+                                       &connect_peers_cleanup,
+                                       &connect_peers_traits);
+}
+
+
+// FIXME: likely not ideally placed here, move to its own file
+GNUNET_CORE_TESTING_SIMPLE_TRAITS (GNUNET_TESTING_MAKE_IMPL_SIMPLE_TRAIT,
+                                   GNUNET_CORE_TESTING)
diff --git a/src/service/core/core_api_monitor_peers.c b/src/service/core/core_api_monitor_peers.c
new file mode 100644
index 000000000..3be8e3859
--- /dev/null
+++ b/src/service/core/core_api_monitor_peers.c
@@ -0,0 +1,196 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2009-2014, 2016 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+
+/**
+ * @file core/core_api_monitor_peers.c
+ * @brief implementation of the peer_iterate function
+ * @author Christian Grothoff
+ * @author Nathan Evans
+ */
+#include "platform.h"
+#include "gnunet_core_service.h"
+#include "core.h"
+
+
+/**
+ * Handle to a CORE monitoring operation.
+ */
+struct GNUNET_CORE_MonitorHandle
+{
+  /**
+   * Our configuration.
+   */
+  const struct GNUNET_CONFIGURATION_Handle *cfg;
+
+  /**
+   * Our connection to the service.
+   */
+  struct GNUNET_MQ_Handle *mq;
+
+  /**
+   * Function called with the peer.
+   */
+  GNUNET_CORE_MonitorCallback peer_cb;
+
+  /**
+   * Closure for @e peer_cb.
+   */
+  void *peer_cb_cls;
+};
+
+
+/**
+ * Protocol error, reconnect to CORE service and notify
+ * client.
+ *
+ * @param mh monitoring session to reconnect to CORE
+ */
+static void
+reconnect (struct GNUNET_CORE_MonitorHandle *mh);
+
+
+/**
+ * Generic error handler, called with the appropriate error code and
+ * the same closure specified at the creation of the message queue.
+ * Not every message queue implementation supports an error handler.
+ *
+ * @param cls closure, a `struct GNUNET_CORE_MonitorHandle *`
+ * @param error error code
+ */
+static void
+handle_mq_error (void *cls, enum GNUNET_MQ_Error error)
+{
+  struct GNUNET_CORE_MonitorHandle *mh = cls;
+
+  (void) error;
+  reconnect (mh);
+}
+
+
+/**
+ * Receive reply from CORE service with information about a peer.
+ *
+ * @param cls our `struct  GNUNET_CORE_MonitorHandle *`
+ * @param mon_message monitor message
+ */
+static void
+handle_receive_info (void *cls, const struct MonitorNotifyMessage *mon_message)
+{
+  struct GNUNET_CORE_MonitorHandle *mh = cls;
+
+  mh->peer_cb (mh->peer_cb_cls,
+               &mon_message->peer,
+               (enum GNUNET_CORE_KxState) ntohl (mon_message->state),
+               GNUNET_TIME_absolute_ntoh (mon_message->timeout));
+}
+
+
+/**
+ * Protocol error, reconnect to CORE service and notify
+ * client.
+ *
+ * @param mh monitoring session to reconnect to CORE
+ */
+static void
+reconnect (struct GNUNET_CORE_MonitorHandle *mh)
+{
+  struct GNUNET_MQ_MessageHandler handlers[] =
+  { GNUNET_MQ_hd_fixed_size (receive_info,
+                             GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY,
+                             struct MonitorNotifyMessage,
+                             mh),
+    GNUNET_MQ_handler_end () };
+  struct GNUNET_MQ_Envelope *env;
+  struct GNUNET_MessageHeader *msg;
+
+  if (NULL != mh->mq)
+    GNUNET_MQ_destroy (mh->mq);
+  /* FIXME: use backoff? */
+  mh->mq =
+    GNUNET_CLIENT_connect (mh->cfg, "core", handlers, &handle_mq_error, mh);
+  if (NULL == mh->mq)
+    return;
+  /* notify callback about reconnect */
+  if (NULL != mh->peer_cb)
+    mh->peer_cb (mh->peer_cb_cls,
+                 NULL,
+                 GNUNET_CORE_KX_CORE_DISCONNECT,
+                 GNUNET_TIME_UNIT_FOREVER_ABS);
+  env = GNUNET_MQ_msg (msg, GNUNET_MESSAGE_TYPE_CORE_MONITOR_PEERS);
+  GNUNET_MQ_send (mh->mq, env);
+}
+
+
+/**
+ * Monitor connectivity and KX status of all peers known to CORE.
+ * Calls @a peer_cb with the current status for each connected peer,
+ * and then once with NULL to indicate that all peers that are
+ * currently active have been handled.  After that, the iteration
+ * continues until it is cancelled.  Normal users of the CORE API are
+ * not expected to use this function.  It is different in that it
+ * truly lists all connections (including those where the KX is in
+ * progress), not just those relevant to the application.  This
+ * function is used by special applications for diagnostics.
+ *
+ * @param cfg configuration handle
+ * @param peer_cb function to call with the peer information
+ * @param peer_cb_cls closure for @a peer_cb
+ * @return NULL on error
+ */
+struct GNUNET_CORE_MonitorHandle *
+GNUNET_CORE_monitor_start (const struct GNUNET_CONFIGURATION_Handle *cfg,
+                           GNUNET_CORE_MonitorCallback peer_cb,
+                           void *peer_cb_cls)
+{
+  struct GNUNET_CORE_MonitorHandle *mh;
+
+  GNUNET_assert (NULL != peer_cb);
+  mh = GNUNET_new (struct GNUNET_CORE_MonitorHandle);
+  mh->cfg = cfg;
+  reconnect (mh);
+  mh->peer_cb = peer_cb;
+  mh->peer_cb_cls = peer_cb_cls;
+  if (NULL == mh->mq)
+  {
+    GNUNET_free (mh);
+    return NULL;
+  }
+  return mh;
+}
+
+
+/**
+ * Stop monitoring CORE activity.
+ *
+ * @param mh monitor to stop
+ */
+void
+GNUNET_CORE_monitor_stop (struct GNUNET_CORE_MonitorHandle *mh)
+{
+  if (NULL != mh->mq)
+  {
+    GNUNET_MQ_destroy (mh->mq);
+    mh->mq = NULL;
+  }
+  GNUNET_free (mh);
+}
+
+
+/* end of core_api_monitor_peers.c */
diff --git a/src/service/core/gnunet-service-core.c b/src/service/core/gnunet-service-core.c
new file mode 100644
index 000000000..e387fecc9
--- /dev/null
+++ b/src/service/core/gnunet-service-core.c
@@ -0,0 +1,988 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2009, 2010, 2011, 2016 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+
+/**
+ * @file core/gnunet-service-core.c
+ * @brief high-level P2P messaging
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <gcrypt.h>
+#include "gnunet_util_lib.h"
+#include "gnunet-service-core.h"
+#include "gnunet-service-core_kx.h"
+#include "gnunet-service-core_sessions.h"
+#include "gnunet-service-core_typemap.h"
+#include "gnunet_constants.h"
+
+/**
+ * How many messages do we queue up at most for any client? This can
+ * cause messages to be dropped if clients do not process them fast
+ * enough!  Note that this is a soft limit; we try
+ * to keep a few larger messages above the limit.
+ */
+#define SOFT_MAX_QUEUE 128
+
+/**
+ * How many messages do we queue up at most for any client? This can
+ * cause messages to be dropped if clients do not process them fast
+ * enough!  Note that this is the hard limit.
+ */
+#define HARD_MAX_QUEUE 256
+
+
+/**
+ * Data structure for each client connected to the CORE service.
+ */
+struct GSC_Client
+{
+  /**
+   * Clients are kept in a linked list.
+   */
+  struct GSC_Client *next;
+
+  /**
+   * Clients are kept in a linked list.
+   */
+  struct GSC_Client *prev;
+
+  /**
+   * Handle for the client with the server API.
+   */
+  struct GNUNET_SERVICE_Client *client;
+
+  /**
+   * Message queue to talk to @e client.
+   */
+  struct GNUNET_MQ_Handle *mq;
+
+  /**
+   * Array of the types of messages this peer cares
+   * about (with @e tcnt entries).  Allocated as part
+   * of this client struct, do not free!
+   */
+  uint16_t *types;
+
+  /**
+   * Map of peer identities to active transmission requests of this
+   * client to the peer (of type `struct GSC_ClientActiveRequest`).
+   */
+  struct GNUNET_CONTAINER_MultiPeerMap *requests;
+
+  /**
+   * Map containing all peers that this client knows we're connected to.
+   */
+  struct GNUNET_CONTAINER_MultiPeerMap *connectmap;
+
+  /**
+   * Options for messages this client cares about,
+   * see GNUNET_CORE_OPTION_ values.
+   */
+  uint32_t options;
+
+  /**
+   * Have we gotten the #GNUNET_MESSAGE_TYPE_CORE_INIT message
+   * from this client already?
+   */
+  int got_init;
+
+  /**
+   * Number of types of incoming messages this client
+   * specifically cares about.  Size of the @e types array.
+   */
+  unsigned int tcnt;
+};
+
+
+/**
+ * Our identity.
+ */
+struct GNUNET_PeerIdentity GSC_my_identity;
+
+/**
+ * Our configuration.
+ */
+const struct GNUNET_CONFIGURATION_Handle *GSC_cfg;
+
+/**
+ * For creating statistics.
+ */
+struct GNUNET_STATISTICS_Handle *GSC_stats;
+
+/**
+ * Big "or" of all client options.
+ */
+static uint32_t all_client_options;
+
+/**
+ * Head of linked list of our clients.
+ */
+static struct GSC_Client *client_head;
+
+/**
+ * Tail of linked list of our clients.
+ */
+static struct GSC_Client *client_tail;
+
+
+/**
+ * Test if the client is interested in messages of the given type.
+ *
+ * @param type message type
+ * @param c client to test
+ * @return #GNUNET_YES if @a c is interested, #GNUNET_NO if not.
+ */
+static int
+type_match (uint16_t type, struct GSC_Client *c)
+{
+  if ((0 == c->tcnt) && (0 != c->options))
+    return GNUNET_YES; /* peer without handlers and inbound/outbond
+                                   callbacks matches ALL */
+  if (NULL == c->types)
+    return GNUNET_NO;
+  for (unsigned int i = 0; i < c->tcnt; i++)
+    if (type == c->types[i])
+      return GNUNET_YES;
+  return GNUNET_NO;
+}
+
+
+/**
+ * Check #GNUNET_MESSAGE_TYPE_CORE_INIT request.
+ *
+ * @param cls client that sent #GNUNET_MESSAGE_TYPE_CORE_INIT
+ * @param im the `struct InitMessage`
+ * @return #GNUNET_OK if @a im is well-formed
+ */
+static int
+check_client_init (void *cls, const struct InitMessage *im)
+{
+  return GNUNET_OK;
+}
+
+
+/**
+ * Handle #GNUNET_MESSAGE_TYPE_CORE_INIT request.
+ *
+ * @param cls client that sent #GNUNET_MESSAGE_TYPE_CORE_INIT
+ * @param im the `struct InitMessage`
+ */
+static void
+handle_client_init (void *cls, const struct InitMessage *im)
+{
+  struct GSC_Client *c = cls;
+  struct GNUNET_MQ_Envelope *env;
+  struct InitReplyMessage *irm;
+  uint16_t msize;
+  const uint16_t *types;
+
+  /* check that we don't have an entry already */
+  msize = ntohs (im->header.size) - sizeof(struct InitMessage);
+  types = (const uint16_t *) &im[1];
+  c->tcnt = msize / sizeof(uint16_t);
+  c->options = ntohl (im->options);
+  c->got_init = GNUNET_YES;
+  all_client_options |= c->options;
+  c->types = GNUNET_malloc (msize);
+  GNUNET_assert (GNUNET_YES ==
+                 GNUNET_CONTAINER_multipeermap_put (
+                   c->connectmap,
+                   &GSC_my_identity,
+                   NULL,
+                   GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
+  for (unsigned int i = 0; i < c->tcnt; i++)
+    c->types[i] = ntohs (types[i]);
+  GSC_TYPEMAP_add (c->types, c->tcnt);
+  GNUNET_log (
+    GNUNET_ERROR_TYPE_DEBUG,
+    "Client connecting to core service is interested in %u message types\n",
+    (unsigned int) c->tcnt);
+  /* send init reply message */
+  env = GNUNET_MQ_msg (irm, GNUNET_MESSAGE_TYPE_CORE_INIT_REPLY);
+  irm->reserved = htonl (0);
+  irm->my_identity = GSC_my_identity;
+  GNUNET_MQ_send (c->mq, env);
+  GSC_SESSIONS_notify_client_about_sessions (c);
+  GNUNET_SERVICE_client_continue (c->client);
+}
+
+
+/**
+ * We will never be ready to transmit the given message in (disconnect
+ * or invalid request).  Frees resources associated with @a car.  We
+ * don't explicitly tell the client, it'll learn with the disconnect
+ * (or violated the protocol).
+ *
+ * @param car request that now permanently failed; the
+ *        responsibility for the handle is now returned
+ *        to CLIENTS (SESSIONS is done with it).
+ * @param drop_client #GNUNET_YES if the client violated the protocol
+ *        and we should thus drop the connection
+ */
+void
+GSC_CLIENTS_reject_request (struct GSC_ClientActiveRequest *car,
+                            int drop_client)
+{
+  GNUNET_assert (
+    GNUNET_YES ==
+    GNUNET_CONTAINER_multipeermap_remove (car->client_handle->requests,
+                                          &car->target,
+                                          car));
+  if (GNUNET_YES == drop_client)
+    GNUNET_SERVICE_client_drop (car->client_handle->client);
+  GNUNET_free (car);
+}
+
+
+/**
+ * Tell a client that we are ready to receive the message.
+ *
+ * @param car request that is now ready; the responsibility
+ *        for the handle remains shared between CLIENTS
+ *        and SESSIONS after this call.
+ */
+void
+GSC_CLIENTS_solicit_request (struct GSC_ClientActiveRequest *car)
+{
+  struct GSC_Client *c;
+  struct GNUNET_MQ_Envelope *env;
+  struct SendMessageReady *smr;
+  struct GNUNET_TIME_Relative delay;
+  struct GNUNET_TIME_Relative left;
+
+  c = car->client_handle;
+  if (GNUNET_YES !=
+      GNUNET_CONTAINER_multipeermap_contains (c->connectmap, &car->target))
+  {
+    /* connection has gone down since, drop request */
+    GNUNET_assert (0 !=
+                   GNUNET_memcmp (&car->target,
+                                  &GSC_my_identity));
+    GSC_SESSIONS_dequeue_request (car);
+    GSC_CLIENTS_reject_request (car, GNUNET_NO);
+    return;
+  }
+  delay = GNUNET_TIME_absolute_get_duration (car->received_time);
+  left = GNUNET_TIME_absolute_get_duration (car->deadline);
+  if (delay.rel_value_us > GNUNET_CONSTANTS_LATENCY_WARN.rel_value_us)
+    GNUNET_log (
+      GNUNET_ERROR_TYPE_WARNING,
+      "Client waited %s for permission to transmit to `%s'%s (priority %u)\n",
+      GNUNET_STRINGS_relative_time_to_string (delay, GNUNET_YES),
+      GNUNET_i2s (&car->target),
+      (0 == left.rel_value_us) ? " (past deadline)" : "",
+      car->priority);
+  env = GNUNET_MQ_msg (smr, GNUNET_MESSAGE_TYPE_CORE_SEND_READY);
+  smr->size = htons (car->msize);
+  smr->smr_id = car->smr_id;
+  smr->peer = car->target;
+  GNUNET_MQ_send (c->mq, env);
+}
+
+
+/**
+ * Handle #GNUNET_MESSAGE_TYPE_CORE_SEND_REQUEST message.
+ *
+ * @param cls client that sent a #GNUNET_MESSAGE_TYPE_CORE_SEND_REQUEST
+ * @param req the `struct SendMessageRequest`
+ */
+static void
+handle_client_send_request (void *cls, const struct SendMessageRequest *req)
+{
+  struct GSC_Client *c = cls;
+  struct GSC_ClientActiveRequest *car;
+  int is_loopback;
+
+  if (NULL == c->requests)
+    c->requests = GNUNET_CONTAINER_multipeermap_create (16, GNUNET_NO);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Client asked for transmission to `%s'\n",
+              GNUNET_i2s (&req->peer));
+  is_loopback = (0 == GNUNET_memcmp (&req->peer,
+                                     &GSC_my_identity));
+  if ((! is_loopback) &&
+      (GNUNET_YES !=
+       GNUNET_CONTAINER_multipeermap_contains (c->connectmap, &req->peer)))
+  {
+    /* neighbour must have disconnected since request was issued,
+     * ignore (client will realize it once it processes the
+     * disconnect notification) */
+    GNUNET_STATISTICS_update (GSC_stats,
+                              gettext_noop (
+                                "# send requests dropped (disconnected)"),
+                              1,
+                              GNUNET_NO);
+    GNUNET_SERVICE_client_continue (c->client);
+    return;
+  }
+
+  car = GNUNET_CONTAINER_multipeermap_get (c->requests, &req->peer);
+  if (NULL == car)
+  {
+    /* create new entry */
+    car = GNUNET_new (struct GSC_ClientActiveRequest);
+    GNUNET_assert (GNUNET_OK ==
+                   GNUNET_CONTAINER_multipeermap_put (
+                     c->requests,
+                     &req->peer,
+                     car,
+                     GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_FAST));
+    car->client_handle = c;
+  }
+  else
+  {
+    /* dequeue and recycle memory from pending request, there can only
+       be at most one per client and peer */
+    GNUNET_STATISTICS_update (GSC_stats,
+                              gettext_noop (
+                                "# dequeuing CAR (duplicate request)"),
+                              1,
+                              GNUNET_NO);
+    GSC_SESSIONS_dequeue_request (car);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Transmission request to `%s' was a duplicate!\n",
+                GNUNET_i2s (&req->peer));
+  }
+  car->target = req->peer;
+  car->received_time = GNUNET_TIME_absolute_get ();
+  car->deadline = GNUNET_TIME_absolute_ntoh (req->deadline);
+  car->priority = (enum GNUNET_MQ_PriorityPreferences) ntohl (req->priority);
+  car->msize = ntohs (req->size);
+  car->smr_id = req->smr_id;
+  car->was_solicited = GNUNET_NO;
+  GNUNET_SERVICE_client_continue (c->client);
+  if (is_loopback)
+  {
+    /* loopback, satisfy immediately */
+    GSC_CLIENTS_solicit_request (car);
+    return;
+  }
+  GSC_SESSIONS_queue_request (car);
+}
+
+
+/**
+ * Closure for the #client_tokenizer_callback().
+ */
+struct TokenizerContext
+{
+  /**
+   * Active request handle for the message.
+   */
+  struct GSC_ClientActiveRequest *car;
+
+  /**
+   * How important is this message.
+   */
+  enum GNUNET_MQ_PriorityPreferences priority;
+};
+
+
+/**
+ * Functions with this signature are called whenever a complete
+ * message is received by the tokenizer.  Used by
+ * #handle_client_send() for dispatching messages from clients to
+ * either the SESSION subsystem or other CLIENT (for loopback).
+ *
+ * @param cls reservation request (`struct TokenizerContext`)
+ * @param message the actual message
+ * @return #GNUNET_OK on success,
+ *    #GNUNET_NO to stop further processing (no error)
+ *    #GNUNET_SYSERR to stop further processing with error
+ */
+static int
+tokenized_cb (void *cls, const struct GNUNET_MessageHeader *message)
+{
+  struct TokenizerContext *tc = cls;
+  struct GSC_ClientActiveRequest *car = tc->car;
+  char buf[92];
+
+  GNUNET_snprintf (buf,
+                   sizeof(buf),
+                   gettext_noop ("# bytes of messages of type %u received"),
+                   (unsigned int) ntohs (message->type));
+  GNUNET_STATISTICS_update (GSC_stats, buf, ntohs (message->size), GNUNET_NO);
+  if (0 == GNUNET_memcmp (&car->target,
+                          &GSC_my_identity))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Delivering message of type %u to myself\n",
+                ntohs (message->type));
+    GSC_CLIENTS_deliver_message (&GSC_my_identity,
+                                 message,
+                                 ntohs (message->size),
+                                 GNUNET_CORE_OPTION_SEND_FULL_OUTBOUND);
+    GSC_CLIENTS_deliver_message (&GSC_my_identity,
+                                 message,
+                                 sizeof(struct GNUNET_MessageHeader),
+                                 GNUNET_CORE_OPTION_SEND_HDR_OUTBOUND);
+    GSC_CLIENTS_deliver_message (&GSC_my_identity,
+                                 message,
+                                 ntohs (message->size),
+                                 GNUNET_CORE_OPTION_SEND_FULL_INBOUND);
+    GSC_CLIENTS_deliver_message (&GSC_my_identity,
+                                 message,
+                                 sizeof(struct GNUNET_MessageHeader),
+                                 GNUNET_CORE_OPTION_SEND_HDR_INBOUND);
+  }
+  else
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Delivering message of type %u and size %u to %s\n",
+                ntohs (message->type),
+                ntohs (message->size),
+                GNUNET_i2s (&car->target));
+    GSC_CLIENTS_deliver_message (&car->target,
+                                 message,
+                                 ntohs (message->size),
+                                 GNUNET_CORE_OPTION_SEND_FULL_OUTBOUND);
+    GSC_CLIENTS_deliver_message (&car->target,
+                                 message,
+                                 sizeof(struct GNUNET_MessageHeader),
+                                 GNUNET_CORE_OPTION_SEND_HDR_OUTBOUND);
+    GSC_SESSIONS_transmit (car, message, tc->priority);
+  }
+  return GNUNET_OK;
+}
+
+
+/**
+ * Check #GNUNET_MESSAGE_TYPE_CORE_SEND request.
+ *
+ * @param cls the `struct GSC_Client`
+ * @param sm the `struct SendMessage`
+ * @return #GNUNET_OK if @a sm is well-formed
+ */
+static int
+check_client_send (void *cls, const struct SendMessage *sm)
+{
+  return GNUNET_OK;
+}
+
+
+/**
+ * Handle #GNUNET_MESSAGE_TYPE_CORE_SEND request.
+ *
+ * @param cls the `struct GSC_Client`
+ * @param sm the `struct SendMessage`
+ */
+static void
+handle_client_send (void *cls, const struct SendMessage *sm)
+{
+  struct GSC_Client *c = cls;
+  struct TokenizerContext tc;
+  uint16_t msize;
+  struct GNUNET_TIME_Relative delay;
+  struct GNUNET_MessageStreamTokenizer *mst;
+
+  msize = ntohs (sm->header.size) - sizeof(struct SendMessage);
+  tc.car = GNUNET_CONTAINER_multipeermap_get (c->requests, &sm->peer);
+  if (NULL == tc.car)
+  {
+    /* Must have been that we first approved the request, then got disconnected
+     * (which triggered removal of the 'car') and now the client gives us a message
+     * just *before* the client learns about the disconnect.  Theoretically, we
+     * might also now be *again* connected.  So this can happen (but should be
+     * rare).  If it does happen, the message is discarded. */GNUNET_STATISTICS_update (GSC_stats,
+                              gettext_noop (
+                                "# messages discarded (session disconnected)"),
+                              1,
+                              GNUNET_NO);
+    GNUNET_SERVICE_client_continue (c->client);
+    return;
+  }
+  delay = GNUNET_TIME_absolute_get_duration (tc.car->received_time);
+  tc.priority = (enum GNUNET_MQ_PriorityPreferences) ntohl (sm->priority);
+  if (delay.rel_value_us > GNUNET_CONSTANTS_LATENCY_WARN.rel_value_us)
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                "Client waited %s for transmission of %u bytes to `%s'\n",
+                GNUNET_STRINGS_relative_time_to_string (delay, GNUNET_YES),
+                msize,
+                GNUNET_i2s (&sm->peer));
+  else
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Client waited %s for transmission of %u bytes to `%s'\n",
+                GNUNET_STRINGS_relative_time_to_string (delay, GNUNET_YES),
+                msize,
+                GNUNET_i2s (&sm->peer));
+
+  GNUNET_assert (
+    GNUNET_YES ==
+    GNUNET_CONTAINER_multipeermap_remove (c->requests, &sm->peer, tc.car));
+  mst = GNUNET_MST_create (&tokenized_cb, &tc);
+  GNUNET_MST_from_buffer (mst,
+                          (const char *) &sm[1],
+                          msize,
+                          GNUNET_YES,
+                          GNUNET_NO);
+  GNUNET_MST_destroy (mst);
+  GSC_SESSIONS_dequeue_request (tc.car);
+  GNUNET_free (tc.car);
+  GNUNET_SERVICE_client_continue (c->client);
+}
+
+
+/**
+ * Free client request records.
+ *
+ * @param cls NULL
+ * @param key identity of peer for which this is an active request
+ * @param value the `struct GSC_ClientActiveRequest` to free
+ * @return #GNUNET_YES (continue iteration)
+ */
+static int
+destroy_active_client_request (void *cls,
+                               const struct GNUNET_PeerIdentity *key,
+                               void *value)
+{
+  struct GSC_ClientActiveRequest *car = value;
+
+  GNUNET_assert (
+    GNUNET_YES ==
+    GNUNET_CONTAINER_multipeermap_remove (car->client_handle->requests,
+                                          &car->target,
+                                          car));
+  GSC_SESSIONS_dequeue_request (car);
+  GNUNET_free (car);
+  return GNUNET_YES;
+}
+
+
+/**
+ * A client connected, set up.
+ *
+ * @param cls closure
+ * @param client identification of the client
+ * @param mq message queue to talk to @a client
+ * @return our client handle
+ */
+static void *
+client_connect_cb (void *cls,
+                   struct GNUNET_SERVICE_Client *client,
+                   struct GNUNET_MQ_Handle *mq)
+{
+  struct GSC_Client *c;
+
+  c = GNUNET_new (struct GSC_Client);
+  c->client = client;
+  c->mq = mq;
+  c->connectmap = GNUNET_CONTAINER_multipeermap_create (16, GNUNET_NO);
+  GNUNET_CONTAINER_DLL_insert (client_head, client_tail, c);
+  return c;
+}
+
+
+/**
+ * A client disconnected, clean up.
+ *
+ * @param cls closure
+ * @param client identification of the client
+ * @param app_ctx our `struct GST_Client` for @a client
+ */
+static void
+client_disconnect_cb (void *cls,
+                      struct GNUNET_SERVICE_Client *client,
+                      void *app_ctx)
+{
+  struct GSC_Client *c = app_ctx;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Client %p has disconnected from core service.\n",
+              client);
+  GNUNET_CONTAINER_DLL_remove (client_head, client_tail, c);
+  if (NULL != c->requests)
+  {
+    GNUNET_CONTAINER_multipeermap_iterate (c->requests,
+                                           &destroy_active_client_request,
+                                           NULL);
+    GNUNET_CONTAINER_multipeermap_destroy (c->requests);
+  }
+  GNUNET_CONTAINER_multipeermap_destroy (c->connectmap);
+  c->connectmap = NULL;
+  if (NULL != c->types)
+  {
+    GSC_TYPEMAP_remove (c->types, c->tcnt);
+    GNUNET_free (c->types);
+  }
+  GNUNET_free (c);
+
+  /* recalculate 'all_client_options' */
+  all_client_options = 0;
+  for (c = client_head; NULL != c; c = c->next)
+    all_client_options |= c->options;
+}
+
+
+/**
+ * Notify a particular client about a change to existing connection to
+ * one of our neighbours (check if the client is interested).  Called
+ * from #GSC_SESSIONS_notify_client_about_sessions().
+ *
+ * @param client client to notify
+ * @param neighbour identity of the neighbour that changed status
+ * @param tmap_old previous type map for the neighbour, NULL for connect
+ * @param tmap_new updated type map for the neighbour, NULL for disconnect
+ */
+void
+GSC_CLIENTS_notify_client_about_neighbour (
+  struct GSC_Client *client,
+  const struct GNUNET_PeerIdentity *neighbour,
+  const struct GSC_TypeMap *tmap_old,
+  const struct GSC_TypeMap *tmap_new)
+{
+  struct GNUNET_MQ_Envelope *env;
+  int old_match;
+  int new_match;
+
+  if (GNUNET_YES != client->got_init)
+    return;
+  old_match = GSC_TYPEMAP_test_match (tmap_old, client->types, client->tcnt);
+  new_match = GSC_TYPEMAP_test_match (tmap_new, client->types, client->tcnt);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Notifying client about neighbour %s (%d/%d)\n",
+              GNUNET_i2s (neighbour),
+              old_match,
+              new_match);
+  if (old_match == new_match)
+  {
+    GNUNET_assert (
+      old_match ==
+      GNUNET_CONTAINER_multipeermap_contains (client->connectmap, neighbour));
+    return;   /* no change */
+  }
+  if (GNUNET_NO == old_match)
+  {
+    struct ConnectNotifyMessage *cnm;
+
+    /* send connect */
+    GNUNET_assert (
+      GNUNET_NO ==
+      GNUNET_CONTAINER_multipeermap_contains (client->connectmap, neighbour));
+    GNUNET_assert (GNUNET_YES ==
+                   GNUNET_CONTAINER_multipeermap_put (
+                     client->connectmap,
+                     neighbour,
+                     NULL,
+                     GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
+    env = GNUNET_MQ_msg (cnm, GNUNET_MESSAGE_TYPE_CORE_NOTIFY_CONNECT);
+    cnm->reserved = htonl (0);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Sending NOTIFY_CONNECT message about peer %s to client.\n",
+                GNUNET_i2s (neighbour));
+    cnm->peer = *neighbour;
+    GNUNET_MQ_send (client->mq, env);
+  }
+  else
+  {
+    struct DisconnectNotifyMessage *dcm;
+
+    /* send disconnect */
+    GNUNET_assert (
+      GNUNET_YES ==
+      GNUNET_CONTAINER_multipeermap_contains (client->connectmap, neighbour));
+    GNUNET_assert (GNUNET_YES ==
+                   GNUNET_CONTAINER_multipeermap_remove (client->connectmap,
+                                                         neighbour,
+                                                         NULL));
+    env = GNUNET_MQ_msg (dcm, GNUNET_MESSAGE_TYPE_CORE_NOTIFY_DISCONNECT);
+    dcm->reserved = htonl (0);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Sending NOTIFY_DISCONNECT message about peer %s to client.\n",
+                GNUNET_i2s (neighbour));
+    dcm->peer = *neighbour;
+    GNUNET_MQ_send (client->mq, env);
+  }
+}
+
+
+/**
+ * Notify all clients about a change to existing session.
+ * Called from SESSIONS whenever there is a change in sessions
+ * or types processed by the respective peer.
+ *
+ * @param neighbour identity of the neighbour that changed status
+ * @param tmap_old previous type map for the neighbour, NULL for connect
+ * @param tmap_new updated type map for the neighbour, NULL for disconnect
+ */
+void
+GSC_CLIENTS_notify_clients_about_neighbour (
+  const struct GNUNET_PeerIdentity *neighbour,
+  const struct GSC_TypeMap *tmap_old,
+  const struct GSC_TypeMap *tmap_new)
+{
+  struct GSC_Client *c;
+
+  for (c = client_head; NULL != c; c = c->next)
+    GSC_CLIENTS_notify_client_about_neighbour (c,
+                                               neighbour,
+                                               tmap_old,
+                                               tmap_new);
+}
+
+
+/**
+ * Deliver P2P message to interested clients.  Caller must have checked
+ * that the sending peer actually lists the given message type as one
+ * of its types.
+ *
+ * @param sender peer who sent us the message
+ * @param msg the message
+ * @param msize number of bytes to transmit
+ * @param options options for checking which clients should
+ *        receive the message
+ */
+void
+GSC_CLIENTS_deliver_message (const struct GNUNET_PeerIdentity *sender,
+                             const struct GNUNET_MessageHeader *msg,
+                             uint16_t msize,
+                             uint32_t options)
+{
+  size_t size = msize + sizeof(struct NotifyTrafficMessage);
+
+  if (size >= GNUNET_MAX_MESSAGE_SIZE)
+  {
+    GNUNET_break (0);
+    return;
+  }
+  if (! ((0 != (all_client_options & options)) ||
+         (0 != (options & GNUNET_CORE_OPTION_SEND_FULL_INBOUND))))
+    return; /* no client cares about this message notification */
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Core service passes message from `%s' of type %u to client.\n",
+              GNUNET_i2s (sender),
+              (unsigned int) ntohs (msg->type));
+  GSC_SESSIONS_add_to_typemap (sender, ntohs (msg->type));
+
+  for (struct GSC_Client *c = client_head; NULL != c; c = c->next)
+  {
+    struct GNUNET_MQ_Envelope *env;
+    struct NotifyTrafficMessage *ntm;
+    uint16_t mtype;
+    unsigned int qlen;
+    int tm;
+
+    tm = type_match (ntohs (msg->type), c);
+    if (! ((0 != (c->options & options)) ||
+           ((0 != (options & GNUNET_CORE_OPTION_SEND_FULL_INBOUND)) &&
+            (GNUNET_YES == tm))))
+      continue;   /* neither options nor type match permit the message */
+    if ((0 != (options & GNUNET_CORE_OPTION_SEND_HDR_INBOUND)) &&
+        ((0 != (c->options & GNUNET_CORE_OPTION_SEND_FULL_INBOUND)) ||
+         (GNUNET_YES == tm)))
+      continue;
+    if ((0 != (options & GNUNET_CORE_OPTION_SEND_HDR_OUTBOUND)) &&
+        (0 != (c->options & GNUNET_CORE_OPTION_SEND_FULL_OUTBOUND)))
+      continue;
+
+    /* Drop messages if:
+       1) We are above the hard limit, or
+       2) We are above the soft limit, and a coin toss limited
+          to the message size (giving larger messages a
+          proportionally higher chance of being queued) falls
+          below the threshold. The threshold is based on where
+          we are between the soft and the hard limit, scaled
+          to match the range of message sizes we usually encounter
+          (i.e. up to 32k); so a 64k message has a 50% chance of
+          being kept if we are just barely below the hard max,
+          and a 99% chance of being kept if we are at the soft max.
+       The reason is to make it more likely to drop control traffic
+       (ACK, queries) which may be cumulative or highly redundant,
+       and cheap to drop than data traffic.  */qlen = GNUNET_MQ_get_length (c->mq);
+    if ((qlen >= HARD_MAX_QUEUE) ||
+        ((qlen > SOFT_MAX_QUEUE) &&
+         ((GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
+                                     ntohs (msg->size))) <
+          (qlen - SOFT_MAX_QUEUE) * 0x8000
+          / (HARD_MAX_QUEUE - SOFT_MAX_QUEUE))))
+    {
+      char buf[1024];
+
+      GNUNET_log (
+        GNUNET_ERROR_TYPE_INFO | GNUNET_ERROR_TYPE_BULK,
+        "Dropping decrypted message of type %u as client is too busy (queue full)\n",
+        (unsigned int) ntohs (msg->type));
+      GNUNET_snprintf (buf,
+                       sizeof(buf),
+                       gettext_noop (
+                         "# messages of type %u discarded (client busy)"),
+                       (unsigned int) ntohs (msg->type));
+      GNUNET_STATISTICS_update (GSC_stats, buf, 1, GNUNET_NO);
+      continue;
+    }
+
+    GNUNET_log (
+      GNUNET_ERROR_TYPE_DEBUG,
+      "Sending %u message with %u bytes to client interested in messages of type %u.\n",
+      options,
+      ntohs (msg->size),
+      (unsigned int) ntohs (msg->type));
+
+    if (0 != (options & (GNUNET_CORE_OPTION_SEND_FULL_INBOUND
+                         | GNUNET_CORE_OPTION_SEND_HDR_INBOUND)))
+      mtype = GNUNET_MESSAGE_TYPE_CORE_NOTIFY_INBOUND;
+    else
+      mtype = GNUNET_MESSAGE_TYPE_CORE_NOTIFY_OUTBOUND;
+    env = GNUNET_MQ_msg_extra (ntm, msize, mtype);
+    ntm->peer = *sender;
+    GNUNET_memcpy (&ntm[1], msg, msize);
+
+    GNUNET_assert (
+      (0 == (c->options & GNUNET_CORE_OPTION_SEND_FULL_INBOUND)) ||
+      (GNUNET_YES != tm) ||
+      (GNUNET_YES ==
+       GNUNET_CONTAINER_multipeermap_contains (c->connectmap, sender)));
+    GNUNET_MQ_send (c->mq, env);
+  }
+}
+
+
+/**
+ * Last task run during shutdown.  Disconnects us from
+ * the transport.
+ *
+ * @param cls NULL, unused
+ */
+static void
+shutdown_task (void *cls)
+{
+  struct GSC_Client *c;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Core service shutting down.\n");
+  while (NULL != (c = client_head))
+    GNUNET_SERVICE_client_drop (c->client);
+  GSC_SESSIONS_done ();
+  GSC_KX_done ();
+  GSC_TYPEMAP_done ();
+  if (NULL != GSC_stats)
+  {
+    GNUNET_STATISTICS_destroy (GSC_stats, GNUNET_NO);
+    GSC_stats = NULL;
+  }
+  GSC_cfg = NULL;
+}
+
+
+/**
+ * Handle #GNUNET_MESSAGE_TYPE_CORE_MONITOR_PEERS request.  For this
+ * request type, the client does not have to have transmitted an INIT
+ * request.  All current peers are returned, regardless of which
+ * message types they accept.
+ *
+ * @param cls client sending the iteration request
+ * @param message iteration request message
+ */
+static void
+handle_client_monitor_peers (void *cls,
+                             const struct GNUNET_MessageHeader *message)
+{
+  struct GSC_Client *c = cls;
+
+  GNUNET_SERVICE_client_continue (c->client);
+  GSC_KX_handle_client_monitor_peers (c->mq);
+}
+
+
+/**
+ * Initiate core service.
+ *
+ * @param cls closure
+ * @param c configuration to use
+ * @param service the initialized service
+ */
+static void
+run (void *cls,
+     const struct GNUNET_CONFIGURATION_Handle *c,
+     struct GNUNET_SERVICE_Handle *service)
+{
+  struct GNUNET_CRYPTO_EddsaPrivateKey pk;
+  char *keyfile;
+
+  GSC_cfg = c;
+  if (GNUNET_OK !=
+      GNUNET_CONFIGURATION_get_value_filename (GSC_cfg,
+                                               "PEER",
+                                               "PRIVATE_KEY",
+                                               &keyfile))
+  {
+    GNUNET_log (
+      GNUNET_ERROR_TYPE_ERROR,
+      _ ("Core service is lacking HOSTKEY configuration setting.  Exiting.\n"));
+    GNUNET_SCHEDULER_shutdown ();
+    return;
+  }
+  GSC_stats = GNUNET_STATISTICS_create ("core", GSC_cfg);
+  GNUNET_SCHEDULER_add_shutdown (&shutdown_task, NULL);
+  GNUNET_SERVICE_suspend (service);
+  GSC_TYPEMAP_init ();
+  if (GNUNET_SYSERR ==
+      GNUNET_CRYPTO_eddsa_key_from_file (keyfile,
+                                         GNUNET_YES,
+                                         &pk))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to setup peer's private key\n");
+    GNUNET_SCHEDULER_shutdown ();
+    GNUNET_free (keyfile);
+    return;
+  }
+  GNUNET_free (keyfile);
+  if (GNUNET_OK != GSC_KX_init (&pk))
+  {
+    GNUNET_SCHEDULER_shutdown ();
+    return;
+  }
+  GSC_SESSIONS_init ();
+  GNUNET_SERVICE_resume (service);
+  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+              _ ("Core service of `%s' ready.\n"),
+              GNUNET_i2s (&GSC_my_identity));
+}
+
+
+/**
+ * Define "main" method using service macro.
+ */
+GNUNET_SERVICE_MAIN (
+  "core",
+  GNUNET_SERVICE_OPTION_NONE,
+  &run,
+  &client_connect_cb,
+  &client_disconnect_cb,
+  NULL,
+  GNUNET_MQ_hd_var_size (client_init,
+                         GNUNET_MESSAGE_TYPE_CORE_INIT,
+                         struct InitMessage,
+                         NULL),
+  GNUNET_MQ_hd_fixed_size (client_monitor_peers,
+                           GNUNET_MESSAGE_TYPE_CORE_MONITOR_PEERS,
+                           struct GNUNET_MessageHeader,
+                           NULL),
+  GNUNET_MQ_hd_fixed_size (client_send_request,
+                           GNUNET_MESSAGE_TYPE_CORE_SEND_REQUEST,
+                           struct SendMessageRequest,
+                           NULL),
+  GNUNET_MQ_hd_var_size (client_send,
+                         GNUNET_MESSAGE_TYPE_CORE_SEND,
+                         struct SendMessage,
+                         NULL),
+  GNUNET_MQ_handler_end ());
+
+
+/* end of gnunet-service-core.c */
diff --git a/src/service/core/gnunet-service-core.h b/src/service/core/gnunet-service-core.h
new file mode 100644
index 000000000..0f71f221a
--- /dev/null
+++ b/src/service/core/gnunet-service-core.h
@@ -0,0 +1,198 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2009, 2010, 2011 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+
+/**
+ * @file core/gnunet-service-core.h
+ * @brief Globals for gnunet-service-core
+ * @author Christian Grothoff
+ */
+#ifndef GNUNET_SERVICE_CORE_H
+#define GNUNET_SERVICE_CORE_H
+
+#include "gnunet_statistics_service.h"
+#include "gnunet_core_service.h"
+#include "core.h"
+#include "gnunet-service-core_typemap.h"
+
+
+/**
+ * Opaque handle to a client.
+ */
+struct GSC_Client;
+
+
+/**
+ * Record kept for each request for transmission issued by a
+ * client that is still pending. (This struct is used by
+ * both the 'CLIENTS' and 'SESSIONS' subsystems.)
+ */
+struct GSC_ClientActiveRequest
+{
+  /**
+   * Active requests are kept in a doubly-linked list of
+   * the respective target peer.
+   */
+  struct GSC_ClientActiveRequest *next;
+
+  /**
+   * Active requests are kept in a doubly-linked list of
+   * the respective target peer.
+   */
+  struct GSC_ClientActiveRequest *prev;
+
+  /**
+   * Handle to the client.
+   */
+  struct GSC_Client *client_handle;
+
+  /**
+   * Which peer is the message going to be for?
+   */
+  struct GNUNET_PeerIdentity target;
+
+  /**
+   * At what time did we first see this request?
+   */
+  struct GNUNET_TIME_Absolute received_time;
+
+  /**
+   * By what time would the client want to see this message out?
+   */
+  struct GNUNET_TIME_Absolute deadline;
+
+  /**
+   * How important is this request.
+   */
+  enum GNUNET_MQ_PriorityPreferences priority;
+
+  /**
+   * Has this request been solicited yet?
+   */
+  int was_solicited;
+
+  /**
+   * How many bytes does the client intend to send?
+   */
+  uint16_t msize;
+
+  /**
+   * Unique request ID (in big endian).
+   */
+  uint16_t smr_id;
+};
+
+
+/**
+ * Tell a client that we are ready to receive the message.
+ *
+ * @param car request that is now ready; the responsibility
+ *        for the handle remains shared between CLIENTS
+ *        and SESSIONS after this call.
+ */
+void
+GSC_CLIENTS_solicit_request (struct GSC_ClientActiveRequest *car);
+
+
+/**
+ * We will never be ready to transmit the given message in (disconnect
+ * or invalid request).  Frees resources associated with @a car.  We
+ * don't explicitly tell the client, it'll learn with the disconnect
+ * (or violated the protocol).
+ *
+ * @param car request that now permanently failed; the
+ *        responsibility for the handle is now returned
+ *        to CLIENTS (SESSIONS is done with it).
+ * @param drop_client #GNUNET_YES if the client violated the protocol
+ *        and we should thus drop the connection
+ */
+void
+GSC_CLIENTS_reject_request (struct GSC_ClientActiveRequest *car,
+                            int drop_client);
+
+
+/**
+ * Notify a particular client about a change to existing connection to
+ * one of our neighbours (check if the client is interested).  Called
+ * from #GSC_SESSIONS_notify_client_about_sessions().
+ *
+ * @param client client to notify
+ * @param neighbour identity of the neighbour that changed status
+ * @param tmap_old previous type map for the neighbour, NULL for connect
+ * @param tmap_new updated type map for the neighbour, NULL for disconnect
+ */
+void
+GSC_CLIENTS_notify_client_about_neighbour (
+  struct GSC_Client *client,
+  const struct GNUNET_PeerIdentity *neighbour,
+  const struct GSC_TypeMap *tmap_old,
+  const struct GSC_TypeMap *tmap_new);
+
+
+/**
+ * Deliver P2P message to interested clients.  Caller must have checked
+ * that the sending peer actually lists the given message type as one
+ * of its types.
+ *
+ * @param sender peer who sent us the message
+ * @param msg the message
+ * @param msize number of bytes to transmit
+ * @param options options for checking which clients should
+ *        receive the message
+ */
+void
+GSC_CLIENTS_deliver_message (const struct GNUNET_PeerIdentity *sender,
+                             const struct GNUNET_MessageHeader *msg,
+                             uint16_t msize,
+                             uint32_t options);
+
+
+/**
+ * Notify all clients about a change to existing session.
+ * Called from SESSIONS whenever there is a change in sessions
+ * or types processed by the respective peer.
+ *
+ * @param neighbour identity of the neighbour that changed status
+ * @param tmap_old previous type map for the neighbour, NULL for connect
+ * @param tmap_new updated type map for the neighbour, NULL for disconnect
+ */
+void
+GSC_CLIENTS_notify_clients_about_neighbour (
+  const struct GNUNET_PeerIdentity *neighbour,
+  const struct GSC_TypeMap *tmap_old,
+  const struct GSC_TypeMap *tmap_new);
+
+
+/**
+ * Our configuration.
+ */
+extern const struct GNUNET_CONFIGURATION_Handle *GSC_cfg;
+
+/**
+ * For creating statistics.
+ */
+extern struct GNUNET_STATISTICS_Handle *GSC_stats;
+
+/**
+ * Our identity.
+ */
+extern struct GNUNET_PeerIdentity GSC_my_identity;
+
+
+#endif
diff --git a/src/service/core/gnunet-service-core_kx.c b/src/service/core/gnunet-service-core_kx.c
new file mode 100644
index 000000000..c5a1de769
--- /dev/null
+++ b/src/service/core/gnunet-service-core_kx.c
@@ -0,0 +1,1945 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2009-2013, 2016 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+
+/**
+ * @file core/gnunet-service-core_kx.c
+ * @brief code for managing the key exchange (SET_KEY, PING, PONG) with other
+ * peers
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "gnunet-service-core_kx.h"
+#include "gnunet_transport_core_service.h"
+#include "gnunet-service-core_sessions.h"
+#include "gnunet-service-core.h"
+#include "gnunet_constants.h"
+#include "gnunet_signatures.h"
+#include "gnunet_protocols.h"
+
+/**
+ * Enable expensive (and possibly problematic for privacy!) logging of KX.
+ */
+#define DEBUG_KX 0
+
+/**
+ * How long do we wait for SET_KEY confirmation initially?
+ */
+#define INITIAL_SET_KEY_RETRY_FREQUENCY \
+  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 10)
+
+/**
+ * What is the minimum frequency for a PING message?
+ */
+#define MIN_PING_FREQUENCY \
+  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5)
+
+/**
+ * How often do we rekey?
+ */
+#define REKEY_FREQUENCY \
+  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12)
+
+/**
+ * What time difference do we tolerate?
+ */
+#define REKEY_TOLERANCE \
+  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)
+
+/**
+ * What is the maximum age of a message for us to consider processing
+ * it?  Note that this looks at the timestamp used by the other peer,
+ * so clock skew between machines does come into play here.  So this
+ * should be picked high enough so that a little bit of clock skew
+ * does not prevent peers from connecting to us.
+ */
+#define MAX_MESSAGE_AGE GNUNET_TIME_UNIT_DAYS
+
+
+GNUNET_NETWORK_STRUCT_BEGIN
+
+/**
+ * Encapsulation for encrypted messages exchanged between
+ * peers.  Followed by the actual encrypted data.
+ */
+struct EncryptedMessage
+{
+  /**
+   * Message type is #GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE.
+   */
+  struct GNUNET_MessageHeader header;
+
+  /**
+   * Random value used for IV generation.
+   */
+  uint32_t iv_seed GNUNET_PACKED;
+
+  /**
+   * MAC of the encrypted message (starting at @e sequence_number),
+   * used to verify message integrity. Everything after this value
+   * (excluding this value itself) will be encrypted and
+   * authenticated.  #ENCRYPTED_HEADER_SIZE must be set to the offset
+   * of the *next* field.
+   */
+  struct GNUNET_HashCode hmac;
+
+  /**
+   * Sequence number, in network byte order.  This field
+   * must be the first encrypted/decrypted field
+   */
+  uint32_t sequence_number GNUNET_PACKED;
+
+  /**
+   * Reserved, always zero.
+   */
+  uint32_t reserved GNUNET_PACKED;
+
+  /**
+   * Timestamp.  Used to prevent replay of ancient messages
+   * (recent messages are caught with the sequence number).
+   */
+  struct GNUNET_TIME_AbsoluteNBO timestamp;
+};
+GNUNET_NETWORK_STRUCT_END
+
+
+/**
+ * Number of bytes (at the beginning) of `struct EncryptedMessage`
+ * that are NOT encrypted.
+ */
+#define ENCRYPTED_HEADER_SIZE \
+  (offsetof (struct EncryptedMessage, sequence_number))
+
+
+/**
+ * Information about the status of a key exchange with another peer.
+ */
+struct GSC_KeyExchangeInfo
+{
+  /**
+   * DLL.
+   */
+  struct GSC_KeyExchangeInfo *next;
+
+  /**
+   * DLL.
+   */
+  struct GSC_KeyExchangeInfo *prev;
+
+  /**
+   * Identity of the peer.
+   */
+  const struct GNUNET_PeerIdentity *peer;
+
+  /**
+   * Message queue for sending messages to @a peer.
+   */
+  struct GNUNET_MQ_Handle *mq;
+
+  /**
+   * Our message stream tokenizer (for encrypted payload).
+   */
+  struct GNUNET_MessageStreamTokenizer *mst;
+
+  /**
+   * PING message we transmit to the other peer.
+   */
+  struct PingMessage ping;
+
+  /**
+   * Ephemeral public ECC key of the other peer.
+   */
+  struct GNUNET_CRYPTO_EcdhePublicKey other_ephemeral_key;
+
+  /**
+   * Key we use to encrypt our messages for the other peer
+   * (initialized by us when we do the handshake).
+   */
+  struct GNUNET_CRYPTO_SymmetricSessionKey encrypt_key;
+
+  /**
+   * Key we use to decrypt messages from the other peer
+   * (given to us by the other peer during the handshake).
+   */
+  struct GNUNET_CRYPTO_SymmetricSessionKey decrypt_key;
+
+  /**
+   * At what time did the other peer generate the decryption key?
+   */
+  struct GNUNET_TIME_Absolute foreign_key_expires;
+
+  /**
+   * When should the session time out (if there are no PONGs)?
+   */
+  struct GNUNET_TIME_Absolute timeout;
+
+  /**
+   * What was the last timeout we informed our monitors about?
+   */
+  struct GNUNET_TIME_Absolute last_notify_timeout;
+
+  /**
+   * At what frequency are we currently re-trying SET_KEY messages?
+   */
+  struct GNUNET_TIME_Relative set_key_retry_frequency;
+
+  /**
+   * ID of task used for re-trying SET_KEY and PING message.
+   */
+  struct GNUNET_SCHEDULER_Task *retry_set_key_task;
+
+  /**
+   * ID of task used for sending keep-alive pings.
+   */
+  struct GNUNET_SCHEDULER_Task *keep_alive_task;
+
+  /**
+   * Bit map indicating which of the 32 sequence numbers before the
+   * last were received (good for accepting out-of-order packets and
+   * estimating reliability of the connection)
+   */
+  uint32_t last_packets_bitmap;
+
+  /**
+   * last sequence number received on this connection (highest)
+   */
+  uint32_t last_sequence_number_received;
+
+  /**
+   * last sequence number transmitted
+   */
+  uint32_t last_sequence_number_sent;
+
+  /**
+   * What was our PING challenge number (for this peer)?
+   */
+  uint32_t ping_challenge;
+
+  /**
+   * #GNUNET_YES if this peer currently has excess bandwidth.
+   */
+  int has_excess_bandwidth;
+
+  /**
+   * What is our connection status?
+   */
+  enum GNUNET_CORE_KxState status;
+};
+
+
+/**
+ * Transport service.
+ */
+static struct GNUNET_TRANSPORT_CoreHandle *transport;
+
+/**
+ * Our private key.
+ */
+static struct GNUNET_CRYPTO_EddsaPrivateKey my_private_key;
+
+/**
+ * Our ephemeral private key.
+ */
+static struct GNUNET_CRYPTO_EcdhePrivateKey my_ephemeral_key;
+
+/**
+ * Current message we send for a key exchange.
+ */
+static struct EphemeralKeyMessage current_ekm;
+
+/**
+ * DLL head.
+ */
+static struct GSC_KeyExchangeInfo *kx_head;
+
+/**
+ * DLL tail.
+ */
+static struct GSC_KeyExchangeInfo *kx_tail;
+
+/**
+ * Task scheduled for periodic re-generation (and thus rekeying) of our
+ * ephemeral key.
+ */
+static struct GNUNET_SCHEDULER_Task *rekey_task;
+
+/**
+ * Notification context for broadcasting to monitors.
+ */
+static struct GNUNET_NotificationContext *nc;
+
+
+/**
+ * Calculate seed value we should use for a message.
+ *
+ * @param kx key exchange context
+ */
+static uint32_t
+calculate_seed (struct GSC_KeyExchangeInfo *kx)
+{
+  /* Note: may want to make this non-random and instead
+     derive from key material to avoid having an undetectable
+     side-channel */
+  return htonl (
+    GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX));
+}
+
+
+/**
+ * Inform all monitors about the KX state of the given peer.
+ *
+ * @param kx key exchange state to inform about
+ */
+static void
+monitor_notify_all (struct GSC_KeyExchangeInfo *kx)
+{
+  struct MonitorNotifyMessage msg;
+
+  msg.header.type = htons (GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY);
+  msg.header.size = htons (sizeof(msg));
+  msg.state = htonl ((uint32_t) kx->status);
+  msg.peer = *kx->peer;
+  msg.timeout = GNUNET_TIME_absolute_hton (kx->timeout);
+  GNUNET_notification_context_broadcast (nc, &msg.header, GNUNET_NO);
+  kx->last_notify_timeout = kx->timeout;
+}
+
+
+/**
+ * Derive an authentication key from "set key" information
+ *
+ * @param akey authentication key to derive
+ * @param skey session key to use
+ * @param seed seed to use
+ */
+static void
+derive_auth_key (struct GNUNET_CRYPTO_AuthKey *akey,
+                 const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
+                 uint32_t seed)
+{
+  static const char ctx[] = "authentication key";
+
+#if DEBUG_KX
+  struct GNUNET_HashCode sh;
+
+  GNUNET_CRYPTO_hash (skey, sizeof(*skey), &sh);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Deriving Auth key from SKEY %s and seed %u\n",
+              GNUNET_h2s (&sh),
+              (unsigned int) seed);
+#endif
+  GNUNET_CRYPTO_hmac_derive_key (akey,
+                                 skey,
+                                 &seed,
+                                 sizeof(seed),
+                                 skey,
+                                 sizeof(
+                                   struct GNUNET_CRYPTO_SymmetricSessionKey),
+                                 ctx,
+                                 sizeof(ctx),
+                                 NULL);
+}
+
+
+/**
+ * Derive an IV from packet information
+ *
+ * @param iv initialization vector to initialize
+ * @param skey session key to use
+ * @param seed seed to use
+ * @param identity identity of the other peer to use
+ */
+static void
+derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
+           const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
+           uint32_t seed,
+           const struct GNUNET_PeerIdentity *identity)
+{
+  static const char ctx[] = "initialization vector";
+
+#if DEBUG_KX
+  struct GNUNET_HashCode sh;
+
+  GNUNET_CRYPTO_hash (skey, sizeof(*skey), &sh);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Deriving IV from SKEY %s and seed %u for peer %s\n",
+              GNUNET_h2s (&sh),
+              (unsigned int) seed,
+              GNUNET_i2s (identity));
+#endif
+  GNUNET_CRYPTO_symmetric_derive_iv (iv,
+                                     skey,
+                                     &seed,
+                                     sizeof(seed),
+                                     identity,
+                                     sizeof(struct GNUNET_PeerIdentity),
+                                     ctx,
+                                     sizeof(ctx),
+                                     NULL);
+}
+
+
+/**
+ * Derive an IV from pong packet information
+ *
+ * @param iv initialization vector to initialize
+ * @param skey session key to use
+ * @param seed seed to use
+ * @param challenge nonce to use
+ * @param identity identity of the other peer to use
+ */
+static void
+derive_pong_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
+                const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
+                uint32_t seed,
+                uint32_t challenge,
+                const struct GNUNET_PeerIdentity *identity)
+{
+  static const char ctx[] = "pong initialization vector";
+
+#if DEBUG_KX
+  struct GNUNET_HashCode sh;
+
+  GNUNET_CRYPTO_hash (skey, sizeof(*skey), &sh);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Deriving PONG IV from SKEY %s and seed %u/%u for %s\n",
+              GNUNET_h2s (&sh),
+              (unsigned int) seed,
+              (unsigned int) challenge,
+              GNUNET_i2s (identity));
+#endif
+  GNUNET_CRYPTO_symmetric_derive_iv (iv,
+                                     skey,
+                                     &seed,
+                                     sizeof(seed),
+                                     identity,
+                                     sizeof(struct GNUNET_PeerIdentity),
+                                     &challenge,
+                                     sizeof(challenge),
+                                     ctx,
+                                     sizeof(ctx),
+                                     NULL);
+}
+
+
+/**
+ * Derive an AES key from key material
+ *
+ * @param sender peer identity of the sender
+ * @param receiver peer identity of the sender
+ * @param key_material high entropy key material to use
+ * @param skey set to derived session key
+ */
+static void
+derive_aes_key (const struct GNUNET_PeerIdentity *sender,
+                const struct GNUNET_PeerIdentity *receiver,
+                const struct GNUNET_HashCode *key_material,
+                struct GNUNET_CRYPTO_SymmetricSessionKey *skey)
+{
+  static const char ctx[] = "aes key generation vector";
+
+#if DEBUG_KX
+  struct GNUNET_HashCode sh;
+
+  GNUNET_CRYPTO_hash (skey, sizeof(*skey), &sh);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Deriving AES Keys for %s to %s from %s\n",
+              GNUNET_i2s (sender),
+              GNUNET_i2s2 (receiver),
+              GNUNET_h2s (key_material));
+#endif
+  GNUNET_CRYPTO_kdf (skey,
+                     sizeof(struct GNUNET_CRYPTO_SymmetricSessionKey),
+                     ctx,
+                     sizeof(ctx),
+                     key_material,
+                     sizeof(struct GNUNET_HashCode),
+                     sender,
+                     sizeof(struct GNUNET_PeerIdentity),
+                     receiver,
+                     sizeof(struct GNUNET_PeerIdentity),
+                     NULL);
+}
+
+
+/**
+ * Encrypt size bytes from @a in and write the result to @a out.  Use the
+ * @a kx key for outbound traffic of the given neighbour.
+ *
+ * @param kx key information context
+ * @param iv initialization vector to use
+ * @param in ciphertext
+ * @param out plaintext
+ * @param size size of @a in / @a out
+ *
+ * @return #GNUNET_OK on success
+ */
+static int
+do_encrypt (struct GSC_KeyExchangeInfo *kx,
+            const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
+            const void *in,
+            void *out,
+            size_t size)
+{
+  if (size != (uint16_t) size)
+  {
+    GNUNET_break (0);
+    return GNUNET_NO;
+  }
+  GNUNET_assert (size == GNUNET_CRYPTO_symmetric_encrypt (in,
+                                                          (uint16_t) size,
+                                                          &kx->encrypt_key,
+                                                          iv,
+                                                          out));
+  GNUNET_STATISTICS_update (GSC_stats,
+                            gettext_noop ("# bytes encrypted"),
+                            size,
+                            GNUNET_NO);
+  /* the following is too sensitive to write to log files by accident,
+     so we require manual intervention to get this one... */
+#if DEBUG_KX
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Encrypted %u bytes for `%s' using key %s, IV %u\n",
+              (unsigned int) size,
+              GNUNET_i2s (kx->peer),
+              kx->encrypt_key.aes_key,
+              GNUNET_CRYPTO_crc32_n (iv, sizeof(iv)));
+#endif
+  return GNUNET_OK;
+}
+
+
+/**
+ * Decrypt size bytes from @a in and write the result to @a out.  Use
+ * the @a kx key for inbound traffic of the given neighbour.  This
+ * function does NOT do any integrity-checks on the result.
+ *
+ * @param kx key information context
+ * @param iv initialization vector to use
+ * @param in ciphertext
+ * @param out plaintext
+ * @param size size of @a in / @a out
+ * @return #GNUNET_OK on success
+ */
+static int
+do_decrypt (struct GSC_KeyExchangeInfo *kx,
+            const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
+            const void *in,
+            void *out,
+            size_t size)
+{
+  if (size != (uint16_t) size)
+  {
+    GNUNET_break (0);
+    return GNUNET_NO;
+  }
+  if ((kx->status != GNUNET_CORE_KX_STATE_KEY_RECEIVED) &&
+      (kx->status != GNUNET_CORE_KX_STATE_UP) &&
+      (kx->status != GNUNET_CORE_KX_STATE_REKEY_SENT))
+  {
+    GNUNET_break_op (0);
+    return GNUNET_SYSERR;
+  }
+  if (size != GNUNET_CRYPTO_symmetric_decrypt (in,
+                                               (uint16_t) size,
+                                               &kx->decrypt_key,
+                                               iv,
+                                               out))
+  {
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  GNUNET_STATISTICS_update (GSC_stats,
+                            gettext_noop ("# bytes decrypted"),
+                            size,
+                            GNUNET_NO);
+  /* the following is too sensitive to write to log files by accident,
+     so we require manual intervention to get this one... */
+#if DEBUG_KX
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Decrypted %u bytes from `%s' using key %s, IV %u\n",
+              (unsigned int) size,
+              GNUNET_i2s (kx->peer),
+              kx->decrypt_key.aes_key,
+              GNUNET_CRYPTO_crc32_n (iv, sizeof(*iv)));
+#endif
+  return GNUNET_OK;
+}
+
+
+/**
+ * Send our key (and encrypted PING) to the other peer.
+ *
+ * @param kx key exchange context
+ */
+static void
+send_key (struct GSC_KeyExchangeInfo *kx);
+
+
+/**
+ * Task that will retry #send_key() if our previous attempt failed.
+ *
+ * @param cls our `struct GSC_KeyExchangeInfo`
+ */
+static void
+set_key_retry_task (void *cls)
+{
+  struct GSC_KeyExchangeInfo *kx = cls;
+
+  kx->retry_set_key_task = NULL;
+  kx->set_key_retry_frequency =
+    GNUNET_TIME_STD_BACKOFF (kx->set_key_retry_frequency);
+  GNUNET_assert (GNUNET_CORE_KX_STATE_DOWN != kx->status);
+  send_key (kx);
+}
+
+
+/**
+ * Create a fresh PING message for transmission to the other peer.
+ *
+ * @param kx key exchange context to create PING for
+ */
+static void
+setup_fresh_ping (struct GSC_KeyExchangeInfo *kx)
+{
+  struct PingMessage pp;
+  struct PingMessage *pm;
+  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
+
+  pm = &kx->ping;
+  kx->ping_challenge =
+    GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, UINT32_MAX);
+  pm->header.size = htons (sizeof(struct PingMessage));
+  pm->header.type = htons (GNUNET_MESSAGE_TYPE_CORE_PING);
+  pm->iv_seed = calculate_seed (kx);
+  derive_iv (&iv, &kx->encrypt_key, pm->iv_seed, kx->peer);
+  pp.challenge = kx->ping_challenge;
+  pp.target = *kx->peer;
+  do_encrypt (kx,
+              &iv,
+              &pp.target,
+              &pm->target,
+              sizeof(struct PingMessage)
+              - ((void *) &pm->target - (void *) pm));
+}
+
+
+/**
+ * Deliver P2P message to interested clients.  Invokes send twice,
+ * once for clients that want the full message, and once for clients
+ * that only want the header
+ *
+ * @param cls the `struct GSC_KeyExchangeInfo`
+ * @param m the message
+ * @return #GNUNET_OK on success,
+ *    #GNUNET_NO to stop further processing (no error)
+ *    #GNUNET_SYSERR to stop further processing with error
+ */
+static int
+deliver_message (void *cls, const struct GNUNET_MessageHeader *m)
+{
+  struct GSC_KeyExchangeInfo *kx = cls;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Decrypted message of type %d from %s\n",
+              ntohs (m->type),
+              GNUNET_i2s (kx->peer));
+  if (GNUNET_CORE_KX_STATE_UP != kx->status)
+  {
+    GNUNET_STATISTICS_update (GSC_stats,
+                              gettext_noop ("# PAYLOAD dropped (out of order)"),
+                              1,
+                              GNUNET_NO);
+    return GNUNET_OK;
+  }
+  switch (ntohs (m->type))
+  {
+  case GNUNET_MESSAGE_TYPE_CORE_BINARY_TYPE_MAP:
+  case GNUNET_MESSAGE_TYPE_CORE_COMPRESSED_TYPE_MAP:
+    GSC_SESSIONS_set_typemap (kx->peer, m);
+    return GNUNET_OK;
+
+  case GNUNET_MESSAGE_TYPE_CORE_CONFIRM_TYPE_MAP:
+    GSC_SESSIONS_confirm_typemap (kx->peer, m);
+    return GNUNET_OK;
+
+  default:
+    GSC_CLIENTS_deliver_message (kx->peer,
+                                 m,
+                                 ntohs (m->size),
+                                 GNUNET_CORE_OPTION_SEND_FULL_INBOUND);
+    GSC_CLIENTS_deliver_message (kx->peer,
+                                 m,
+                                 sizeof(struct GNUNET_MessageHeader),
+                                 GNUNET_CORE_OPTION_SEND_HDR_INBOUND);
+  }
+  return GNUNET_OK;
+}
+
+
+/**
+ * Function called by transport to notify us that
+ * a peer connected to us (on the network level).
+ * Starts the key exchange with the given peer.
+ *
+ * @param cls closure (NULL)
+ * @param pid identity of the peer to do a key exchange with
+ * @return key exchange information context
+ */
+static void *
+handle_transport_notify_connect (void *cls,
+                                 const struct GNUNET_PeerIdentity *pid,
+                                 struct GNUNET_MQ_Handle *mq)
+{
+  struct GSC_KeyExchangeInfo *kx;
+  struct GNUNET_HashCode h1;
+  struct GNUNET_HashCode h2;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Initiating key exchange with `%s'\n",
+              GNUNET_i2s (pid));
+  GNUNET_STATISTICS_update (GSC_stats,
+                            gettext_noop ("# key exchanges initiated"),
+                            1,
+                            GNUNET_NO);
+  
+  kx = GNUNET_new (struct GSC_KeyExchangeInfo);
+  kx->mst = GNUNET_MST_create (&deliver_message, kx);
+  kx->mq = mq;
+  kx->peer = pid;
+  kx->set_key_retry_frequency = INITIAL_SET_KEY_RETRY_FREQUENCY;
+  GNUNET_CONTAINER_DLL_insert (kx_head, kx_tail, kx);
+  kx->status = GNUNET_CORE_KX_STATE_KEY_SENT;
+  monitor_notify_all (kx);
+  GNUNET_CRYPTO_hash (pid, sizeof(struct GNUNET_PeerIdentity), &h1);
+  GNUNET_CRYPTO_hash (&GSC_my_identity,
+                      sizeof(struct GNUNET_PeerIdentity),
+                      &h2);
+  if (0 < GNUNET_CRYPTO_hash_cmp (&h1, &h2))
+  {
+    /* peer with "lower" identity starts KX, otherwise we typically end up
+       with both peers starting the exchange and transmit the 'set key'
+       message twice */
+    send_key (kx);
+  }
+  else
+  {
+    /* peer with "higher" identity starts a delayed KX, if the "lower" peer
+     * does not start a KX since it sees no reasons to do so  */
+    kx->retry_set_key_task =
+      GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS,
+                                    &set_key_retry_task,
+                                    kx);
+  }
+  return kx;
+}
+
+
+/**
+ * Function called by transport telling us that a peer
+ * disconnected.
+ * Stop key exchange with the given peer.  Clean up key material.
+ *
+ * @param cls closure
+ * @param peer the peer that disconnected
+ * @param handler_cls the `struct GSC_KeyExchangeInfo` of the peer
+ */
+static void
+handle_transport_notify_disconnect (void *cls,
+                                    const struct GNUNET_PeerIdentity *peer,
+                                    void *handler_cls)
+{
+  struct GSC_KeyExchangeInfo *kx = handler_cls;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Peer `%s' disconnected from us.\n",
+              GNUNET_i2s (peer));
+  GSC_SESSIONS_end (kx->peer);
+  GNUNET_STATISTICS_update (GSC_stats,
+                            gettext_noop ("# key exchanges stopped"),
+                            1,
+                            GNUNET_NO);
+  if (NULL != kx->retry_set_key_task)
+  {
+    GNUNET_SCHEDULER_cancel (kx->retry_set_key_task);
+    kx->retry_set_key_task = NULL;
+  }
+  if (NULL != kx->keep_alive_task)
+  {
+    GNUNET_SCHEDULER_cancel (kx->keep_alive_task);
+    kx->keep_alive_task = NULL;
+  }
+  kx->status = GNUNET_CORE_KX_PEER_DISCONNECT;
+  monitor_notify_all (kx);
+  GNUNET_CONTAINER_DLL_remove (kx_head, kx_tail, kx);
+  GNUNET_MST_destroy (kx->mst);
+  GNUNET_free (kx);
+}
+
+
+/**
+ * Send our PING to the other peer.
+ *
+ * @param kx key exchange context
+ */
+static void
+send_ping (struct GSC_KeyExchangeInfo *kx)
+{
+  struct GNUNET_MQ_Envelope *env;
+
+  GNUNET_STATISTICS_update (GSC_stats,
+                            gettext_noop ("# PING messages transmitted"),
+                            1,
+                            GNUNET_NO);
+  env = GNUNET_MQ_msg_copy (&kx->ping.header);
+  GNUNET_MQ_send (kx->mq, env);
+}
+
+
+/**
+ * Derive fresh session keys from the current ephemeral keys.
+ *
+ * @param kx session to derive keys for
+ */
+static void
+derive_session_keys (struct GSC_KeyExchangeInfo *kx)
+{
+  struct GNUNET_HashCode key_material;
+
+  if (GNUNET_OK !=
+      GNUNET_CRYPTO_ecc_ecdh (&my_ephemeral_key,
+                              &kx->other_ephemeral_key,
+                              &key_material))
+  {
+    GNUNET_break (0);
+    return;
+  }
+  derive_aes_key (&GSC_my_identity, kx->peer, &key_material, &kx->encrypt_key);
+  derive_aes_key (kx->peer, &GSC_my_identity, &key_material, &kx->decrypt_key);
+  memset (&key_material, 0, sizeof(key_material));
+  /* fresh key, reset sequence numbers */
+  kx->last_sequence_number_received = 0;
+  kx->last_packets_bitmap = 0;
+  setup_fresh_ping (kx);
+}
+
+
+/**
+ * We received a #GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY message.
+ * Validate and update our key material and status.
+ *
+ * @param cls key exchange status for the corresponding peer
+ * @param m the set key message we received
+ */
+static void
+handle_ephemeral_key (void *cls, const struct EphemeralKeyMessage *m)
+{
+  struct GSC_KeyExchangeInfo *kx = cls;
+  struct GNUNET_TIME_Absolute start_t;
+  struct GNUNET_TIME_Absolute end_t;
+  struct GNUNET_TIME_Absolute now;
+  enum GNUNET_CORE_KxState sender_status;
+  enum GNUNET_GenericReturnValue do_verify = GNUNET_YES;
+
+  end_t = GNUNET_TIME_absolute_ntoh (m->expiration_time);
+  if (((GNUNET_CORE_KX_STATE_KEY_RECEIVED == kx->status) ||
+       (GNUNET_CORE_KX_STATE_UP == kx->status) ||
+       (GNUNET_CORE_KX_STATE_REKEY_SENT == kx->status)) &&
+      (end_t.abs_value_us < kx->foreign_key_expires.abs_value_us))
+  {
+    GNUNET_STATISTICS_update (GSC_stats,
+                              gettext_noop ("# old ephemeral keys ignored"),
+                              1,
+                              GNUNET_NO);
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                "Received expired EPHEMERAL_KEY from %s\n",
+                GNUNET_i2s (&m->origin_identity));
+    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+    return;
+  }
+  if (0 == memcmp (&m->ephemeral_key,
+                   &kx->other_ephemeral_key,
+                   sizeof(m->ephemeral_key)))
+  {
+    GNUNET_STATISTICS_update (GSC_stats,
+                              gettext_noop (
+                                "# duplicate ephemeral keys. Not verifying."),
+                              1,
+                              GNUNET_NO);
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                "Duplicate EPHEMERAL_KEY from %s, do not verify\n",
+                GNUNET_i2s (&m->origin_identity));
+    do_verify = GNUNET_NO;
+  }
+  if (0 != memcmp (&m->origin_identity,
+                   kx->peer,
+                   sizeof(struct GNUNET_PeerIdentity)))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                "Received EPHEMERAL_KEY from %s, but expected %s\n",
+                GNUNET_i2s (&m->origin_identity),
+                GNUNET_i2s_full (kx->peer));
+    GNUNET_break_op (0);
+    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+    return;
+  }
+  if (do_verify && ((ntohl (m->purpose.size) !=
+       sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
+       + sizeof(struct GNUNET_TIME_AbsoluteNBO)
+       + sizeof(struct GNUNET_TIME_AbsoluteNBO)
+       + sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)
+       + sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) ||
+      (GNUNET_OK !=
+       GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY,
+                                    &m->purpose,
+                                    &m->signature,
+                                    &m->origin_identity.public_key))))
+  {
+    /* invalid signature */
+    GNUNET_break_op (0);
+    GNUNET_STATISTICS_update (GSC_stats,
+                              gettext_noop (
+                                "# EPHEMERAL_KEYs rejected (bad signature)"),
+                              1,
+                              GNUNET_NO);
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                "Received EPHEMERAL_KEY from %s with bad signature\n",
+                GNUNET_i2s (&m->origin_identity));
+    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+    return;
+  }
+  now = GNUNET_TIME_absolute_get ();
+  start_t = GNUNET_TIME_absolute_ntoh (m->creation_time);
+  if ((end_t.abs_value_us <
+       GNUNET_TIME_absolute_subtract (now, REKEY_TOLERANCE).abs_value_us) ||
+      (start_t.abs_value_us >
+       GNUNET_TIME_absolute_add (now, REKEY_TOLERANCE).abs_value_us))
+  {
+    GNUNET_log (
+      GNUNET_ERROR_TYPE_WARNING,
+      _ (
+        "EPHEMERAL_KEY from peer `%s' rejected as its validity range does not match our system time (%llu not in [%llu,%llu]).\n"),
+      GNUNET_i2s (kx->peer),
+      (unsigned long long) now.abs_value_us,
+      (unsigned long long) start_t.abs_value_us,
+      (unsigned long long) end_t.abs_value_us);
+    GNUNET_STATISTICS_update (GSC_stats,
+                              gettext_noop (
+                                "# EPHEMERAL_KEY messages rejected due to time"),
+                              1,
+                              GNUNET_NO);
+    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+    return;
+  }
+#if DEBUG_KX
+  {
+    struct GNUNET_HashCode eh;
+
+    GNUNET_CRYPTO_hash (&m->ephemeral_key, sizeof(m->ephemeral_key), &eh);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Received valid EPHEMERAL_KEY `%s' from `%s' in state %d.\n",
+                GNUNET_h2s (&eh),
+                GNUNET_i2s (kx->peer),
+                kx->status);
+  }
+#endif
+  GNUNET_STATISTICS_update (GSC_stats,
+                            gettext_noop ("# valid ephemeral keys received"),
+                            1,
+                            GNUNET_NO);
+  kx->other_ephemeral_key = m->ephemeral_key;
+  kx->foreign_key_expires = end_t;
+  derive_session_keys (kx);
+
+  /* check if we still need to send the sender our key */
+  sender_status = (enum GNUNET_CORE_KxState) ntohl (m->sender_status);
+  switch (sender_status)
+  {
+  case GNUNET_CORE_KX_STATE_DOWN:
+    GNUNET_break_op (0);
+    break;
+
+  case GNUNET_CORE_KX_STATE_KEY_SENT:
+    /* fine, need to send our key after updating our status, see below */
+    GSC_SESSIONS_reinit (kx->peer);
+    break;
+
+  case GNUNET_CORE_KX_STATE_KEY_RECEIVED:
+    /* other peer already got our key, but typemap did go down */
+    GSC_SESSIONS_reinit (kx->peer);
+    break;
+
+  case GNUNET_CORE_KX_STATE_UP:
+    /* other peer already got our key, typemap NOT down */
+    break;
+
+  case GNUNET_CORE_KX_STATE_REKEY_SENT:
+    /* other peer already got our key, typemap NOT down */
+    break;
+
+  default:
+    GNUNET_break (0);
+    break;
+  }
+  /* check if we need to confirm everything is fine via PING + PONG */
+  switch (kx->status)
+  {
+  case GNUNET_CORE_KX_STATE_DOWN:
+    GNUNET_assert (NULL == kx->keep_alive_task);
+    kx->status = GNUNET_CORE_KX_STATE_KEY_RECEIVED;
+    monitor_notify_all (kx);
+    if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
+      send_key (kx);
+    else
+      send_ping (kx);
+    break;
+
+  case GNUNET_CORE_KX_STATE_KEY_SENT:
+    GNUNET_assert (NULL == kx->keep_alive_task);
+    kx->status = GNUNET_CORE_KX_STATE_KEY_RECEIVED;
+    monitor_notify_all (kx);
+    if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
+      send_key (kx);
+    else
+      send_ping (kx);
+    break;
+
+  case GNUNET_CORE_KX_STATE_KEY_RECEIVED:
+    GNUNET_assert (NULL == kx->keep_alive_task);
+    if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
+      send_key (kx);
+    else
+      send_ping (kx);
+    break;
+
+  case GNUNET_CORE_KX_STATE_UP:
+    kx->status = GNUNET_CORE_KX_STATE_REKEY_SENT;
+    monitor_notify_all (kx);
+    if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
+      send_key (kx);
+    else
+      send_ping (kx);
+    break;
+
+  case GNUNET_CORE_KX_STATE_REKEY_SENT:
+    if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
+      send_key (kx);
+    else
+      send_ping (kx);
+    break;
+
+  default:
+    GNUNET_break (0);
+    break;
+  }
+  GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+}
+
+
+static void
+send_keep_alive (void *cls);
+
+
+/**
+ * We received a PING message.  Validate and transmit
+ * a PONG message.
+ *
+ * @param cls key exchange status for the corresponding peer
+ * @param m the encrypted PING message itself
+ */
+static void
+handle_ping (void *cls, const struct PingMessage *m)
+{
+  struct GSC_KeyExchangeInfo *kx = cls;
+  struct PingMessage t;
+  struct PongMessage tx;
+  struct PongMessage *tp;
+  struct GNUNET_MQ_Envelope *env;
+  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
+
+  GNUNET_STATISTICS_update (GSC_stats,
+                            gettext_noop ("# PING messages received"),
+                            1,
+                            GNUNET_NO);
+  if ((kx->status != GNUNET_CORE_KX_STATE_KEY_RECEIVED) &&
+      (kx->status != GNUNET_CORE_KX_STATE_UP) &&
+      (kx->status != GNUNET_CORE_KX_STATE_REKEY_SENT))
+  {
+    /* ignore */
+    GNUNET_STATISTICS_update (GSC_stats,
+                              gettext_noop (
+                                "# PING messages dropped (out of order)"),
+                              1,
+                              GNUNET_NO);
+    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+    return;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Core service receives PING request from `%s'.\n",
+              GNUNET_i2s (kx->peer));
+  derive_iv (&iv, &kx->decrypt_key, m->iv_seed, &GSC_my_identity);
+  if (GNUNET_OK != do_decrypt (kx,
+                               &iv,
+                               &m->target,
+                               &t.target,
+                               sizeof(struct PingMessage)
+                               - ((void *) &m->target - (void *) m)))
+  {
+    GNUNET_break_op (0);
+    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+    return;
+  }
+  if (0 !=
+      memcmp (&t.target, &GSC_my_identity, sizeof(struct GNUNET_PeerIdentity)))
+  {
+    if (GNUNET_CORE_KX_STATE_REKEY_SENT != kx->status)
+      GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                  "Decryption of PING from peer `%s' failed, PING for `%s'?\n",
+                  GNUNET_i2s (kx->peer),
+                  GNUNET_i2s2 (&t.target));
+    else
+      GNUNET_log (
+        GNUNET_ERROR_TYPE_DEBUG,
+        "Decryption of PING from peer `%s' failed after rekey (harmless)\n",
+        GNUNET_i2s (kx->peer));
+    GNUNET_break_op (0);
+    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+    return;
+  }
+  /* construct PONG */
+  tx.reserved = 0;
+  tx.challenge = t.challenge;
+  tx.target = t.target;
+  env = GNUNET_MQ_msg (tp, GNUNET_MESSAGE_TYPE_CORE_PONG);
+  tp->iv_seed = calculate_seed (kx);
+  derive_pong_iv (&iv, &kx->encrypt_key, tp->iv_seed, t.challenge, kx->peer);
+  do_encrypt (kx,
+              &iv,
+              &tx.challenge,
+              &tp->challenge,
+              sizeof(struct PongMessage)
+              - ((void *) &tp->challenge - (void *) tp));
+  GNUNET_STATISTICS_update (GSC_stats,
+                            gettext_noop ("# PONG messages created"),
+                            1,
+                            GNUNET_NO);
+  GNUNET_MQ_send (kx->mq, env);
+  if (NULL != kx->keep_alive_task)
+  {
+    GNUNET_SCHEDULER_cancel (kx->keep_alive_task);
+    kx->keep_alive_task = GNUNET_SCHEDULER_add_delayed (MIN_PING_FREQUENCY, &send_keep_alive, kx);
+  }
+  GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+}
+
+
+/**
+ * Task triggered when a neighbour entry is about to time out
+ * (and we should prevent this by sending a PING).
+ *
+ * @param cls the `struct GSC_KeyExchangeInfo`
+ */
+static void
+send_keep_alive (void *cls)
+{
+  struct GSC_KeyExchangeInfo *kx = cls;
+  struct GNUNET_TIME_Relative retry;
+  struct GNUNET_TIME_Relative left;
+
+  kx->keep_alive_task = NULL;
+  left = GNUNET_TIME_absolute_get_remaining (kx->timeout);
+  if (0 == left.rel_value_us)
+  {
+    GNUNET_STATISTICS_update (GSC_stats,
+                              gettext_noop ("# sessions terminated by timeout"),
+                              1,
+                              GNUNET_NO);
+    GSC_SESSIONS_end (kx->peer);
+    kx->status = GNUNET_CORE_KX_STATE_KEY_SENT;
+    monitor_notify_all (kx);
+    send_key (kx);
+    return;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Sending KEEPALIVE to `%s'\n",
+              GNUNET_i2s (kx->peer));
+  GNUNET_STATISTICS_update (GSC_stats,
+                            gettext_noop ("# keepalive messages sent"),
+                            1,
+                            GNUNET_NO);
+  setup_fresh_ping (kx);
+  send_ping (kx);
+  retry = GNUNET_TIME_relative_max (GNUNET_TIME_relative_divide (left, 2),
+                                    MIN_PING_FREQUENCY);
+  kx->keep_alive_task =
+    GNUNET_SCHEDULER_add_delayed (retry, &send_keep_alive, kx);
+}
+
+
+/**
+ * We've seen a valid message from the other peer.
+ * Update the time when the session would time out
+ * and delay sending our keep alive message further.
+ *
+ * @param kx key exchange where we saw activity
+ */
+static void
+update_timeout (struct GSC_KeyExchangeInfo *kx)
+{
+  struct GNUNET_TIME_Relative delta;
+
+  kx->timeout =
+    GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
+  delta =
+    GNUNET_TIME_absolute_get_difference (kx->last_notify_timeout, kx->timeout);
+  if (delta.rel_value_us > 5LL * 1000LL * 1000LL)
+  {
+    /* we only notify monitors about timeout changes if those
+       are bigger than the threshold (5s) */
+    monitor_notify_all (kx);
+  }
+  if (NULL != kx->keep_alive_task)
+    GNUNET_SCHEDULER_cancel (kx->keep_alive_task);
+  kx->keep_alive_task = GNUNET_SCHEDULER_add_delayed (
+    GNUNET_TIME_relative_divide (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT, 2),
+    &send_keep_alive,
+    kx);
+}
+
+
+/**
+ * We received a PONG message.  Validate and update our status.
+ *
+ * @param kx key exchange context for the the PONG
+ * @param m the encrypted PONG message itself
+ */
+static void
+handle_pong (void *cls, const struct PongMessage *m)
+{
+  struct GSC_KeyExchangeInfo *kx = cls;
+  struct PongMessage t;
+  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
+
+  GNUNET_STATISTICS_update (GSC_stats,
+                            gettext_noop ("# PONG messages received"),
+                            1,
+                            GNUNET_NO);
+  switch (kx->status)
+  {
+  case GNUNET_CORE_KX_STATE_DOWN:
+    GNUNET_STATISTICS_update (GSC_stats,
+                              gettext_noop (
+                                "# PONG messages dropped (connection down)"),
+                              1,
+                              GNUNET_NO);
+    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+    return;
+
+  case GNUNET_CORE_KX_STATE_KEY_SENT:
+    GNUNET_STATISTICS_update (GSC_stats,
+                              gettext_noop (
+                                "# PONG messages dropped (out of order)"),
+                              1,
+                              GNUNET_NO);
+    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+    return;
+
+  case GNUNET_CORE_KX_STATE_KEY_RECEIVED:
+    break;
+
+  case GNUNET_CORE_KX_STATE_UP:
+    break;
+
+  case GNUNET_CORE_KX_STATE_REKEY_SENT:
+    break;
+
+  default:
+    GNUNET_break (0);
+    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+    return;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Core service receives PONG response from `%s'.\n",
+              GNUNET_i2s (kx->peer));
+  /* mark as garbage, just to be sure */
+  memset (&t, 255, sizeof(t));
+  derive_pong_iv (&iv,
+                  &kx->decrypt_key,
+                  m->iv_seed,
+                  kx->ping_challenge,
+                  &GSC_my_identity);
+  if (GNUNET_OK != do_decrypt (kx,
+                               &iv,
+                               &m->challenge,
+                               &t.challenge,
+                               sizeof(struct PongMessage)
+                               - ((void *) &m->challenge - (void *) m)))
+  {
+    GNUNET_break_op (0);
+    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+    return;
+  }
+  GNUNET_STATISTICS_update (GSC_stats,
+                            gettext_noop ("# PONG messages decrypted"),
+                            1,
+                            GNUNET_NO);
+  if ((0 !=
+       memcmp (&t.target, kx->peer, sizeof(struct GNUNET_PeerIdentity))) ||
+      (kx->ping_challenge != t.challenge))
+  {
+    /* PONG malformed */
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Received malformed PONG wanted sender `%s' with challenge %u\n",
+                GNUNET_i2s (kx->peer),
+                (unsigned int) kx->ping_challenge);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Received malformed PONG received from `%s' with challenge %u\n",
+                GNUNET_i2s (&t.target),
+                (unsigned int) t.challenge);
+    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+    return;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Received valid PONG from `%s'\n",
+              GNUNET_i2s (kx->peer));
+  /* no need to resend key any longer */
+  if (NULL != kx->retry_set_key_task)
+  {
+    GNUNET_SCHEDULER_cancel (kx->retry_set_key_task);
+    kx->retry_set_key_task = NULL;
+  }
+  switch (kx->status)
+  {
+  case GNUNET_CORE_KX_STATE_DOWN:
+    GNUNET_assert (0);  /* should be impossible */
+    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+    return;
+
+  case GNUNET_CORE_KX_STATE_KEY_SENT:
+    GNUNET_assert (0);  /* should be impossible */
+    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+    return;
+
+  case GNUNET_CORE_KX_STATE_KEY_RECEIVED:
+    GNUNET_STATISTICS_update (GSC_stats,
+                              gettext_noop (
+                                "# session keys confirmed via PONG"),
+                              1,
+                              GNUNET_NO);
+    kx->status = GNUNET_CORE_KX_STATE_UP;
+    monitor_notify_all (kx);
+    GSC_SESSIONS_create (kx->peer, kx);
+    GNUNET_assert (NULL == kx->keep_alive_task);
+    update_timeout (kx);
+    break;
+
+  case GNUNET_CORE_KX_STATE_UP:
+    GNUNET_STATISTICS_update (GSC_stats,
+                              gettext_noop ("# timeouts prevented via PONG"),
+                              1,
+                              GNUNET_NO);
+    update_timeout (kx);
+    break;
+
+  case GNUNET_CORE_KX_STATE_REKEY_SENT:
+    GNUNET_STATISTICS_update (GSC_stats,
+                              gettext_noop (
+                                "# rekey operations confirmed via PONG"),
+                              1,
+                              GNUNET_NO);
+    kx->status = GNUNET_CORE_KX_STATE_UP;
+    monitor_notify_all (kx);
+    update_timeout (kx);
+    break;
+
+  default:
+    GNUNET_break (0);
+    break;
+  }
+  GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+}
+
+
+/**
+ * Send our key to the other peer.
+ *
+ * @param kx key exchange context
+ */
+static void
+send_key (struct GSC_KeyExchangeInfo *kx)
+{
+  struct GNUNET_MQ_Envelope *env;
+
+  GNUNET_assert (GNUNET_CORE_KX_STATE_DOWN != kx->status);
+  if (NULL != kx->retry_set_key_task)
+  {
+    GNUNET_SCHEDULER_cancel (kx->retry_set_key_task);
+    kx->retry_set_key_task = NULL;
+  }
+  /* always update sender status in SET KEY message */
+#if DEBUG_KX
+  {
+    struct GNUNET_HashCode hc;
+
+    GNUNET_CRYPTO_hash (&current_ekm.ephemeral_key,
+                        sizeof(current_ekm.ephemeral_key),
+                        &hc);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Sending EPHEMERAL_KEY %s to `%s' (my status: %d)\n",
+                GNUNET_h2s (&hc),
+                GNUNET_i2s (kx->peer),
+                kx->status);
+  }
+#endif
+  current_ekm.sender_status = htonl ((int32_t) (kx->status));
+  env = GNUNET_MQ_msg_copy (&current_ekm.header);
+  GNUNET_MQ_send (kx->mq, env);
+  if (GNUNET_CORE_KX_STATE_KEY_SENT != kx->status)
+    send_ping (kx);
+  kx->retry_set_key_task =
+    GNUNET_SCHEDULER_add_delayed (kx->set_key_retry_frequency,
+                                  &set_key_retry_task,
+                                  kx);
+}
+
+
+void
+GSC_KX_encrypt_and_transmit (struct GSC_KeyExchangeInfo *kx,
+                             const void *payload,
+                             size_t payload_size)
+{
+  size_t used = payload_size + sizeof(struct EncryptedMessage);
+  char pbuf[used]; /* plaintext */
+  struct EncryptedMessage *em; /* encrypted message */
+  struct EncryptedMessage *ph; /* plaintext header */
+  struct GNUNET_MQ_Envelope *env;
+  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
+  struct GNUNET_CRYPTO_AuthKey auth_key;
+
+  ph = (struct EncryptedMessage *) pbuf;
+  ph->sequence_number = htonl (++kx->last_sequence_number_sent);
+  ph->iv_seed = calculate_seed (kx);
+  ph->reserved = 0;
+  ph->timestamp = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ());
+  GNUNET_memcpy (&ph[1], payload, payload_size);
+  env = GNUNET_MQ_msg_extra (em,
+                             payload_size,
+                             GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE);
+  em->iv_seed = ph->iv_seed;
+  derive_iv (&iv, &kx->encrypt_key, ph->iv_seed, kx->peer);
+  GNUNET_assert (GNUNET_OK == do_encrypt (kx,
+                                          &iv,
+                                          &ph->sequence_number,
+                                          &em->sequence_number,
+                                          used - ENCRYPTED_HEADER_SIZE));
+#if DEBUG_KX
+  {
+    struct GNUNET_HashCode hc;
+
+    GNUNET_CRYPTO_hash (&ph->sequence_number,
+                        used - ENCRYPTED_HEADER_SIZE,
+                        &hc);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Encrypted payload `%s' of %u bytes for %s\n",
+                GNUNET_h2s (&hc),
+                (unsigned int) (used - ENCRYPTED_HEADER_SIZE),
+                GNUNET_i2s (kx->peer));
+  }
+#endif
+  derive_auth_key (&auth_key, &kx->encrypt_key, ph->iv_seed);
+  GNUNET_CRYPTO_hmac (&auth_key,
+                      &em->sequence_number,
+                      used - ENCRYPTED_HEADER_SIZE,
+                      &em->hmac);
+#if DEBUG_KX
+  {
+    struct GNUNET_HashCode hc;
+
+    GNUNET_CRYPTO_hash (&auth_key, sizeof(auth_key), &hc);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "For peer %s, used AC %s to create hmac %s\n",
+                GNUNET_i2s (kx->peer),
+                GNUNET_h2s (&hc),
+                GNUNET_h2s2 (&em->hmac));
+  }
+#endif
+  kx->has_excess_bandwidth = GNUNET_NO;
+  GNUNET_MQ_send (kx->mq, env);
+}
+
+
+/**
+ * We received an encrypted message.  Check that it is
+ * well-formed (size-wise).
+ *
+ * @param cls key exchange context for encrypting the message
+ * @param m encrypted message
+ * @return #GNUNET_OK if @a msg is well-formed (size-wise)
+ */
+static int
+check_encrypted (void *cls, const struct EncryptedMessage *m)
+{
+  uint16_t size = ntohs (m->header.size) - sizeof(*m);
+
+  if (size < sizeof(struct GNUNET_MessageHeader))
+  {
+    GNUNET_break_op (0);
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+}
+
+
+/**
+ * We received an encrypted message.  Decrypt, validate and
+ * pass on to the appropriate clients.
+ *
+ * @param cls key exchange context for encrypting the message
+ * @param m encrypted message
+ */
+static void
+handle_encrypted (void *cls, const struct EncryptedMessage *m)
+{
+  struct GSC_KeyExchangeInfo *kx = cls;
+  struct EncryptedMessage *pt; /* plaintext */
+  struct GNUNET_HashCode ph;
+  uint32_t snum;
+  struct GNUNET_TIME_Absolute t;
+  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
+  struct GNUNET_CRYPTO_AuthKey auth_key;
+  uint16_t size = ntohs (m->header.size);
+  char buf[size] GNUNET_ALIGN;
+
+  if (GNUNET_CORE_KX_STATE_UP != kx->status)
+  {
+    GNUNET_STATISTICS_update (GSC_stats,
+                              gettext_noop (
+                                "# DATA message dropped (out of order)"),
+                              1,
+                              GNUNET_NO);
+    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+    return;
+  }
+  if (0 ==
+      GNUNET_TIME_absolute_get_remaining (kx->foreign_key_expires).rel_value_us)
+  {
+    GNUNET_log (
+      GNUNET_ERROR_TYPE_WARNING,
+      _ (
+        "Session to peer `%s' went down due to key expiration (should not happen)\n"),
+      GNUNET_i2s (kx->peer));
+    GNUNET_STATISTICS_update (GSC_stats,
+                              gettext_noop (
+                                "# sessions terminated by key expiration"),
+                              1,
+                              GNUNET_NO);
+    GSC_SESSIONS_end (kx->peer);
+    if (NULL != kx->keep_alive_task)
+    {
+      GNUNET_SCHEDULER_cancel (kx->keep_alive_task);
+      kx->keep_alive_task = NULL;
+    }
+    kx->status = GNUNET_CORE_KX_STATE_KEY_SENT;
+    monitor_notify_all (kx);
+    send_key (kx);
+    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+    return;
+  }
+
+  /* validate hash */
+#if DEBUG_KX
+  {
+    struct GNUNET_HashCode hc;
+
+    GNUNET_CRYPTO_hash (&m->sequence_number, size - ENCRYPTED_HEADER_SIZE, &hc);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Received encrypted payload `%s' of %u bytes from %s\n",
+                GNUNET_h2s (&hc),
+                (unsigned int) (size - ENCRYPTED_HEADER_SIZE),
+                GNUNET_i2s (kx->peer));
+  }
+#endif
+  derive_auth_key (&auth_key, &kx->decrypt_key, m->iv_seed);
+  GNUNET_CRYPTO_hmac (&auth_key,
+                      &m->sequence_number,
+                      size - ENCRYPTED_HEADER_SIZE,
+                      &ph);
+#if DEBUG_KX
+  {
+    struct GNUNET_HashCode hc;
+
+    GNUNET_CRYPTO_hash (&auth_key, sizeof(auth_key), &hc);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "For peer %s, used AC %s to verify hmac %s\n",
+                GNUNET_i2s (kx->peer),
+                GNUNET_h2s (&hc),
+                GNUNET_h2s2 (&m->hmac));
+  }
+#endif
+  if (0 != memcmp (&ph, &m->hmac, sizeof(struct GNUNET_HashCode)))
+  {
+    /* checksum failed */
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                "Failed checksum validation for a message from `%s'\n",
+                GNUNET_i2s (kx->peer));
+    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+    return;
+  }
+  derive_iv (&iv, &kx->decrypt_key, m->iv_seed, &GSC_my_identity);
+  /* decrypt */
+  if (GNUNET_OK != do_decrypt (kx,
+                               &iv,
+                               &m->sequence_number,
+                               &buf[ENCRYPTED_HEADER_SIZE],
+                               size - ENCRYPTED_HEADER_SIZE))
+  {
+    GNUNET_break_op (0);
+    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+    return;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Decrypted %u bytes from %s\n",
+              (unsigned int) (size - ENCRYPTED_HEADER_SIZE),
+              GNUNET_i2s (kx->peer));
+  pt = (struct EncryptedMessage *) buf;
+
+  /* validate sequence number */
+  snum = ntohl (pt->sequence_number);
+  if (kx->last_sequence_number_received == snum)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Received duplicate message, ignoring.\n");
+    /* duplicate, ignore */
+    GNUNET_STATISTICS_update (GSC_stats,
+                              gettext_noop ("# bytes dropped (duplicates)"),
+                              size,
+                              GNUNET_NO);
+    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+    return;
+  }
+  if ((kx->last_sequence_number_received > snum) &&
+      (kx->last_sequence_number_received - snum > 32))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Received ancient out of sequence message, ignoring.\n");
+    /* ancient out of sequence, ignore */
+    GNUNET_STATISTICS_update (GSC_stats,
+                              gettext_noop (
+                                "# bytes dropped (out of sequence)"),
+                              size,
+                              GNUNET_NO);
+    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+    return;
+  }
+  if (kx->last_sequence_number_received > snum)
+  {
+    uint32_t rotbit = 1U << (kx->last_sequence_number_received - snum - 1);
+
+    if ((kx->last_packets_bitmap & rotbit) != 0)
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                  "Received duplicate message, ignoring.\n");
+      GNUNET_STATISTICS_update (GSC_stats,
+                                gettext_noop ("# bytes dropped (duplicates)"),
+                                size,
+                                GNUNET_NO);
+      /* duplicate, ignore */
+      GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+      return;
+    }
+    kx->last_packets_bitmap |= rotbit;
+  }
+  if (kx->last_sequence_number_received < snum)
+  {
+    unsigned int shift = (snum - kx->last_sequence_number_received);
+
+    if (shift >= 8 * sizeof(kx->last_packets_bitmap))
+      kx->last_packets_bitmap = 0;
+    else
+      kx->last_packets_bitmap <<= shift;
+    kx->last_sequence_number_received = snum;
+  }
+
+  /* check timestamp */
+  t = GNUNET_TIME_absolute_ntoh (pt->timestamp);
+  if (GNUNET_TIME_absolute_get_duration (t).rel_value_us >
+      MAX_MESSAGE_AGE.rel_value_us)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Message received far too old (%s). Content ignored.\n",
+                GNUNET_STRINGS_relative_time_to_string (
+                  GNUNET_TIME_absolute_get_duration (t),
+                  GNUNET_YES));
+    GNUNET_STATISTICS_update (GSC_stats,
+                              gettext_noop (
+                                "# bytes dropped (ancient message)"),
+                              size,
+                              GNUNET_NO);
+    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+    return;
+  }
+
+  /* process decrypted message(s) */
+  update_timeout (kx);
+  GNUNET_STATISTICS_update (GSC_stats,
+                            gettext_noop ("# bytes of payload decrypted"),
+                            size - sizeof(struct EncryptedMessage),
+                            GNUNET_NO);
+  if (GNUNET_OK !=
+      GNUNET_MST_from_buffer (kx->mst,
+                              &buf[sizeof(struct EncryptedMessage)],
+                              size - sizeof(struct EncryptedMessage),
+                              GNUNET_YES,
+                              GNUNET_NO))
+    GNUNET_break_op (0);
+  
+  GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
+}
+
+
+/**
+ * Setup the message that links the ephemeral key to our persistent
+ * public key and generate the appropriate signature.
+ */
+static void
+sign_ephemeral_key ()
+{
+  current_ekm.header.size = htons (sizeof(struct EphemeralKeyMessage));
+  current_ekm.header.type = htons (GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY);
+  current_ekm.sender_status = 0; /* to be set later */
+  current_ekm.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY);
+  current_ekm.purpose.size =
+    htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
+           + sizeof(struct GNUNET_TIME_AbsoluteNBO)
+           + sizeof(struct GNUNET_TIME_AbsoluteNBO)
+           + sizeof(struct GNUNET_CRYPTO_EcdhePublicKey)
+           + sizeof(struct GNUNET_PeerIdentity));
+  current_ekm.creation_time =
+    GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ());
+  if (GNUNET_YES == GNUNET_CONFIGURATION_get_value_yesno (GSC_cfg,
+                                                          "core",
+                                                          "USE_EPHEMERAL_KEYS"))
+  {
+    current_ekm.expiration_time =
+      GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (
+                                   GNUNET_TIME_relative_add (REKEY_FREQUENCY,
+                                                             REKEY_TOLERANCE)));
+  }
+  else
+  {
+    current_ekm.expiration_time =
+      GNUNET_TIME_absolute_hton (GNUNET_TIME_UNIT_FOREVER_ABS);
+  }
+  GNUNET_CRYPTO_ecdhe_key_get_public (&my_ephemeral_key,
+                                      &current_ekm.ephemeral_key);
+  current_ekm.origin_identity = GSC_my_identity;
+  GNUNET_assert (GNUNET_OK ==
+                 GNUNET_CRYPTO_eddsa_sign_ (&my_private_key,
+                                            &current_ekm.purpose,
+                                            &current_ekm.signature));
+}
+
+
+/**
+ * Task run to trigger rekeying.
+ *
+ * @param cls closure, NULL
+ */
+static void
+do_rekey (void *cls)
+{
+  struct GSC_KeyExchangeInfo *pos;
+
+  (void) cls;
+  rekey_task = GNUNET_SCHEDULER_add_delayed (REKEY_FREQUENCY, &do_rekey, NULL);
+  GNUNET_CRYPTO_ecdhe_key_create (&my_ephemeral_key);
+  sign_ephemeral_key ();
+  {
+    struct GNUNET_HashCode eh;
+
+    GNUNET_CRYPTO_hash (&current_ekm.ephemeral_key,
+                        sizeof(current_ekm.ephemeral_key),
+                        &eh);
+    GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Rekeying to %s\n", GNUNET_h2s (&eh));
+  }
+  for (pos = kx_head; NULL != pos; pos = pos->next)
+  {
+    if (GNUNET_CORE_KX_STATE_UP == pos->status)
+    {
+      pos->status = GNUNET_CORE_KX_STATE_REKEY_SENT;
+      derive_session_keys (pos);
+    }
+    else if (GNUNET_CORE_KX_STATE_DOWN == pos->status)
+    {
+      pos->status = GNUNET_CORE_KX_STATE_KEY_SENT;
+    }
+    monitor_notify_all (pos);
+    send_key (pos);
+  }
+}
+
+
+/**
+ * Initialize KX subsystem.
+ *
+ * @param pk private key to use for the peer
+ * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure
+ */
+int
+GSC_KX_init (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
+{
+  struct GNUNET_MQ_MessageHandler handlers[] = {
+    GNUNET_MQ_hd_fixed_size (ephemeral_key,
+                             GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY,
+                             struct EphemeralKeyMessage,
+                             NULL),
+    GNUNET_MQ_hd_fixed_size (ping,
+                             GNUNET_MESSAGE_TYPE_CORE_PING,
+                             struct PingMessage,
+                             NULL),
+    GNUNET_MQ_hd_fixed_size (pong,
+                             GNUNET_MESSAGE_TYPE_CORE_PONG,
+                             struct PongMessage,
+                             NULL),
+    GNUNET_MQ_hd_var_size (encrypted,
+                           GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE,
+                           struct EncryptedMessage,
+                           NULL),
+    GNUNET_MQ_handler_end ()
+  };
+
+  my_private_key = *pk;
+  GNUNET_CRYPTO_eddsa_key_get_public (&my_private_key,
+                                      &GSC_my_identity.public_key);
+  GNUNET_CRYPTO_ecdhe_key_create (&my_ephemeral_key);
+  sign_ephemeral_key ();
+  {
+    struct GNUNET_HashCode eh;
+
+    GNUNET_CRYPTO_hash (&current_ekm.ephemeral_key,
+                        sizeof(current_ekm.ephemeral_key),
+                        &eh);
+    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+                "Starting with ephemeral key %s\n",
+                GNUNET_h2s (&eh));
+  }
+
+  nc = GNUNET_notification_context_create (1);
+  rekey_task = GNUNET_SCHEDULER_add_delayed (REKEY_FREQUENCY, &do_rekey, NULL);
+  transport =
+    GNUNET_TRANSPORT_core_connect (GSC_cfg,
+                                   &GSC_my_identity,
+                                   handlers,
+                                   NULL,
+                                   &handle_transport_notify_connect,
+                                   &handle_transport_notify_disconnect);
+  if (NULL == transport)
+  {
+    GSC_KX_done ();
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+}
+
+
+/**
+ * Shutdown KX subsystem.
+ */
+void
+GSC_KX_done ()
+{
+  if (NULL != transport)
+  {
+    GNUNET_TRANSPORT_core_disconnect (transport);
+    transport = NULL;
+  }
+  if (NULL != rekey_task)
+  {
+    GNUNET_SCHEDULER_cancel (rekey_task);
+    rekey_task = NULL;
+  }
+  memset (&my_ephemeral_key,
+          0,
+          sizeof (my_ephemeral_key));
+  memset (&my_private_key,
+          0,
+          sizeof (my_private_key));
+  if (NULL != nc)
+  {
+    GNUNET_notification_context_destroy (nc);
+    nc = NULL;
+  }
+}
+
+
+/**
+ * Check how many messages are queued for the given neighbour.
+ *
+ * @param kxinfo data about neighbour to check
+ * @return number of items in the message queue
+ */
+unsigned int
+GSC_NEIGHBOURS_get_queue_length (const struct GSC_KeyExchangeInfo *kxinfo)
+{
+  return GNUNET_MQ_get_length (kxinfo->mq);
+}
+
+
+int
+GSC_NEIGHBOURS_check_excess_bandwidth (const struct GSC_KeyExchangeInfo *kxinfo)
+{
+  return kxinfo->has_excess_bandwidth;
+}
+
+
+/**
+ * Handle #GNUNET_MESSAGE_TYPE_CORE_MONITOR_PEERS request.  For this
+ * request type, the client does not have to have transmitted an INIT
+ * request.  All current peers are returned, regardless of which
+ * message types they accept.
+ *
+ * @param mq message queue to add for monitoring
+ */
+void
+GSC_KX_handle_client_monitor_peers (struct GNUNET_MQ_Handle *mq)
+{
+  struct GNUNET_MQ_Envelope *env;
+  struct MonitorNotifyMessage *done_msg;
+  struct GSC_KeyExchangeInfo *kx;
+
+  GNUNET_notification_context_add (nc, mq);
+  for (kx = kx_head; NULL != kx; kx = kx->next)
+  {
+    struct GNUNET_MQ_Envelope *env;
+    struct MonitorNotifyMessage *msg;
+
+    env = GNUNET_MQ_msg (msg, GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY);
+    msg->state = htonl ((uint32_t) kx->status);
+    msg->peer = *kx->peer;
+    msg->timeout = GNUNET_TIME_absolute_hton (kx->timeout);
+    GNUNET_MQ_send (mq, env);
+  }
+  env = GNUNET_MQ_msg (done_msg, GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY);
+  done_msg->state = htonl ((uint32_t) GNUNET_CORE_KX_ITERATION_FINISHED);
+  done_msg->timeout = GNUNET_TIME_absolute_hton (GNUNET_TIME_UNIT_FOREVER_ABS);
+  GNUNET_MQ_send (mq, env);
+}
+
+
+/* end of gnunet-service-core_kx.c */
diff --git a/src/service/core/gnunet-service-core_kx.h b/src/service/core/gnunet-service-core_kx.h
new file mode 100644
index 000000000..8bcac3f68
--- /dev/null
+++ b/src/service/core/gnunet-service-core_kx.h
@@ -0,0 +1,102 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2009, 2010, 2011 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+
+/**
+ * @file core/gnunet-service-core_kx.h
+ * @brief code for managing the key exchange (SET_KEY, PING, PONG) with other peers
+ * @author Christian Grothoff
+ */
+#ifndef GNUNET_SERVICE_CORE_KX_H
+#define GNUNET_SERVICE_CORE_KX_H
+
+#include "gnunet_util_lib.h"
+
+
+/**
+ * Information about the status of a key exchange with another peer.
+ */
+struct GSC_KeyExchangeInfo;
+
+
+/**
+ * Encrypt and transmit a message with the given payload.
+ *
+ * @param kx key exchange context
+ * @param payload payload of the message
+ * @param payload_size number of bytes in 'payload'
+ */
+void
+GSC_KX_encrypt_and_transmit (struct GSC_KeyExchangeInfo *kx,
+                             const void *payload,
+                             size_t payload_size);
+
+
+/**
+ * Initialize KX subsystem.
+ *
+ * @param pk private key to use for the peer
+ * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure
+ */
+int
+GSC_KX_init (struct GNUNET_CRYPTO_EddsaPrivateKey *pk);
+
+
+/**
+ * Shutdown KX subsystem.
+ */
+void
+GSC_KX_done (void);
+
+
+/**
+ * Check if the given neighbour has excess bandwidth available.
+ *
+ * @param target neighbour to check
+ * @return #GNUNET_YES if excess bandwidth is available, #GNUNET_NO if not
+ */
+int
+GSC_NEIGHBOURS_check_excess_bandwidth (const struct
+                                       GSC_KeyExchangeInfo *target);
+
+
+/**
+ * Check how many messages are queued for the given neighbour.
+ *
+ * @param target neighbour to check
+ * @return number of items in the message queue
+ */
+unsigned int
+GSC_NEIGHBOURS_get_queue_length (const struct GSC_KeyExchangeInfo *target);
+
+
+/**
+ * Handle #GNUNET_MESSAGE_TYPE_CORE_MONITOR_PEERS request.  For this
+ * request type, the client does not have to have transmitted an INIT
+ * request.  All current peers are returned, regardless of which
+ * message types they accept.
+ *
+ * @param mq message queue to add for monitoring
+ */
+void
+GSC_KX_handle_client_monitor_peers (struct GNUNET_MQ_Handle *mq);
+
+
+#endif
+/* end of gnunet-service-core_kx.h */
diff --git a/src/service/core/gnunet-service-core_sessions.c b/src/service/core/gnunet-service-core_sessions.c
new file mode 100644
index 000000000..e103c89f5
--- /dev/null
+++ b/src/service/core/gnunet-service-core_sessions.c
@@ -0,0 +1,1028 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2009-2014, 2016 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+
+/**
+ * @file core/gnunet-service-core_sessions.c
+ * @brief code for managing of 'encrypted' sessions (key exchange done)
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "gnunet-service-core.h"
+#include "gnunet-service-core_kx.h"
+#include "gnunet-service-core_typemap.h"
+#include "gnunet-service-core_sessions.h"
+#include "gnunet_constants.h"
+#include "core.h"
+
+
+/**
+ * How many encrypted messages do we queue at most?
+ * Needed to bound memory consumption.
+ */
+#define MAX_ENCRYPTED_MESSAGE_QUEUE_SIZE 4
+
+
+/**
+ * Message ready for encryption.  This struct is followed by the
+ * actual content of the message.
+ */
+struct SessionMessageEntry
+{
+  /**
+   * We keep messages in a doubly linked list.
+   */
+  struct SessionMessageEntry *next;
+
+  /**
+   * We keep messages in a doubly linked list.
+   */
+  struct SessionMessageEntry *prev;
+
+  /**
+   * How important is this message.
+   */
+  enum GNUNET_MQ_PriorityPreferences priority;
+
+  /**
+   * Flag set to #GNUNET_YES if this is a typemap message.
+   */
+  int is_typemap;
+
+  /**
+   * Flag set to #GNUNET_YES if this is a typemap confirmation message.
+   */
+  int is_typemap_confirm;
+
+  /**
+   * Deadline for transmission, 1s after we received it (if we
+   * are not corking), otherwise "now".  Note that this message
+   * does NOT expire past its deadline.
+   */
+  struct GNUNET_TIME_Absolute deadline;
+
+  /**
+   * How long is the message? (number of bytes following the `struct
+   * MessageEntry`, but not including the size of `struct
+   * MessageEntry` itself!)
+   */
+  size_t size;
+};
+
+
+/**
+ * Data kept per session.
+ */
+struct Session
+{
+  /**
+   * Identity of the other peer.
+   */
+  const struct GNUNET_PeerIdentity *peer;
+
+  /**
+   * Key exchange state for this peer.
+   */
+  struct GSC_KeyExchangeInfo *kx;
+
+  /**
+   * Head of list of requests from clients for transmission to
+   * this peer.
+   */
+  struct GSC_ClientActiveRequest *active_client_request_head;
+
+  /**
+   * Tail of list of requests from clients for transmission to
+   * this peer.
+   */
+  struct GSC_ClientActiveRequest *active_client_request_tail;
+
+  /**
+   * Head of list of messages ready for encryption.
+   */
+  struct SessionMessageEntry *sme_head;
+
+  /**
+   * Tail of list of messages ready for encryption.
+   */
+  struct SessionMessageEntry *sme_tail;
+
+  /**
+   * Current type map for this peer.
+   */
+  struct GSC_TypeMap *tmap;
+
+  /**
+   * Task to transmit corked messages with a delay.
+   */
+  struct GNUNET_SCHEDULER_Task *cork_task;
+
+  /**
+   * Task to transmit our type map.
+   */
+  struct GNUNET_SCHEDULER_Task *typemap_task;
+
+  /**
+   * Retransmission delay we currently use for the typemap
+   * transmissions (if not confirmed).
+   */
+  struct GNUNET_TIME_Relative typemap_delay;
+
+  /**
+   * Is this the first time we're sending the typemap? If so,
+   * we want to send it a bit faster the second time.  0 if
+   * we are sending for the first time, 1 if not.
+   */
+  int first_typemap;
+};
+
+
+GNUNET_NETWORK_STRUCT_BEGIN
+
+/**
+ * Message sent to confirm that a typemap was received.
+ */
+struct TypeMapConfirmationMessage
+{
+  /**
+   * Header with type #GNUNET_MESSAGE_TYPE_CORE_CONFIRM_TYPE_MAP.
+   */
+  struct GNUNET_MessageHeader header;
+
+  /**
+   * Reserved, always zero.
+   */
+  uint32_t reserved GNUNET_PACKED;
+
+  /**
+   * Hash of the (decompressed) type map that was received.
+   */
+  struct GNUNET_HashCode tm_hash;
+};
+
+GNUNET_NETWORK_STRUCT_END
+
+
+/**
+ * Map of peer identities to `struct Session`.
+ */
+static struct GNUNET_CONTAINER_MultiPeerMap *sessions;
+
+
+/**
+ * Find the session for the given peer.
+ *
+ * @param peer identity of the peer
+ * @return NULL if we are not connected, otherwise the
+ *         session handle
+ */
+static struct Session *
+find_session (const struct GNUNET_PeerIdentity *peer)
+{
+  if (NULL == sessions)
+    return NULL;
+  return GNUNET_CONTAINER_multipeermap_get (sessions, peer);
+}
+
+
+/**
+ * End the session with the given peer (we are no longer
+ * connected).
+ *
+ * @param pid identity of peer to kill session with
+ */
+void
+GSC_SESSIONS_end (const struct GNUNET_PeerIdentity *pid)
+{
+  struct Session *session;
+  struct GSC_ClientActiveRequest *car;
+  struct SessionMessageEntry *sme;
+
+  session = find_session (pid);
+  if (NULL == session)
+    return;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Destroying session for peer `%s'\n",
+              GNUNET_i2s (session->peer));
+  if (NULL != session->cork_task)
+  {
+    GNUNET_SCHEDULER_cancel (session->cork_task);
+    session->cork_task = NULL;
+  }
+  while (NULL != (car = session->active_client_request_head))
+  {
+    GNUNET_CONTAINER_DLL_remove (session->active_client_request_head,
+                                 session->active_client_request_tail,
+                                 car);
+    GSC_CLIENTS_reject_request (car, GNUNET_NO);
+  }
+  while (NULL != (sme = session->sme_head))
+  {
+    GNUNET_CONTAINER_DLL_remove (session->sme_head, session->sme_tail, sme);
+    GNUNET_free (sme);
+  }
+  if (NULL != session->typemap_task)
+  {
+    GNUNET_SCHEDULER_cancel (session->typemap_task);
+    session->typemap_task = NULL;
+  }
+  GSC_CLIENTS_notify_clients_about_neighbour (session->peer,
+                                              session->tmap,
+                                              NULL);
+  GNUNET_assert (
+    GNUNET_YES ==
+    GNUNET_CONTAINER_multipeermap_remove (sessions, session->peer, session));
+  GNUNET_STATISTICS_set (GSC_stats,
+                         gettext_noop ("# peers connected"),
+                         GNUNET_CONTAINER_multipeermap_size (sessions),
+                         GNUNET_NO);
+  GSC_TYPEMAP_destroy (session->tmap);
+  session->tmap = NULL;
+  GNUNET_free (session);
+}
+
+
+/**
+ * Transmit our current typemap message to the other peer.
+ * (Done periodically until the typemap is confirmed).
+ *
+ * @param cls the `struct Session *`
+ */
+static void
+transmit_typemap_task (void *cls)
+{
+  struct Session *session = cls;
+  struct GNUNET_MessageHeader *hdr;
+  struct GNUNET_TIME_Relative delay;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Sending TYPEMAP to %s\n",
+              GNUNET_i2s (session->peer));
+  session->typemap_delay = GNUNET_TIME_STD_BACKOFF (session->typemap_delay);
+  delay = session->typemap_delay;
+  /* randomize a bit to avoid spont. sync */
+  delay.rel_value_us +=
+    GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, 1000 * 1000);
+  session->typemap_task =
+    GNUNET_SCHEDULER_add_delayed (delay, &transmit_typemap_task, session);
+  GNUNET_STATISTICS_update (GSC_stats,
+                            gettext_noop ("# type map refreshes sent"),
+                            1,
+                            GNUNET_NO);
+  hdr = GSC_TYPEMAP_compute_type_map_message ();
+  GSC_KX_encrypt_and_transmit (session->kx, hdr, ntohs (hdr->size));
+  GNUNET_free (hdr);
+}
+
+
+/**
+ * Restart the typemap task for the given session.
+ *
+ * @param session session to restart typemap transmission for
+ */
+static void
+start_typemap_task (struct Session *session)
+{
+  if (NULL != session->typemap_task)
+    GNUNET_SCHEDULER_cancel (session->typemap_task);
+  session->typemap_delay = GNUNET_TIME_UNIT_SECONDS;
+  session->typemap_task = GNUNET_SCHEDULER_add_delayed (session->typemap_delay,
+                                                        &transmit_typemap_task,
+                                                        session);
+}
+
+
+/**
+ * Create a session, a key exchange was just completed.
+ *
+ * @param peer peer that is now connected
+ * @param kx key exchange that completed
+ */
+void
+GSC_SESSIONS_create (const struct GNUNET_PeerIdentity *peer,
+                     struct GSC_KeyExchangeInfo *kx)
+{
+  struct Session *session;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Creating session for peer `%s'\n",
+              GNUNET_i2s (peer));
+  session = GNUNET_new (struct Session);
+  session->tmap = GSC_TYPEMAP_create ();
+  session->peer = peer;
+  session->kx = kx;
+  GNUNET_assert (GNUNET_OK ==
+                 GNUNET_CONTAINER_multipeermap_put (
+                   sessions,
+                   session->peer,
+                   session,
+                   GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
+  GNUNET_STATISTICS_set (GSC_stats,
+                         gettext_noop ("# peers connected"),
+                         GNUNET_CONTAINER_multipeermap_size (sessions),
+                         GNUNET_NO);
+  GSC_CLIENTS_notify_clients_about_neighbour (peer, NULL, session->tmap);
+  start_typemap_task (session);
+}
+
+
+/**
+ * The other peer has indicated that it 'lost' the session
+ * (KX down), reinitialize the session on our end, in particular
+ * this means to restart the typemap transmission.
+ *
+ * @param peer peer that is now connected
+ */
+void
+GSC_SESSIONS_reinit (const struct GNUNET_PeerIdentity *peer)
+{
+  struct Session *session;
+
+  session = find_session (peer);
+  if (NULL == session)
+  {
+    /* KX/session is new for both sides; thus no need to restart what
+       has not yet begun */
+    return;
+  }
+  start_typemap_task (session);
+}
+
+
+/**
+ * The other peer has confirmed receiving our type map,
+ * check if it is current and if so, stop retransmitting it.
+ *
+ * @param peer peer that confirmed the type map
+ * @param msg confirmation message we received
+ */
+void
+GSC_SESSIONS_confirm_typemap (const struct GNUNET_PeerIdentity *peer,
+                              const struct GNUNET_MessageHeader *msg)
+{
+  const struct TypeMapConfirmationMessage *cmsg;
+  struct Session *session;
+
+  session = find_session (peer);
+  if (NULL == session)
+  {
+    GNUNET_break (0);
+    return;
+  }
+  if (ntohs (msg->size) != sizeof(struct TypeMapConfirmationMessage))
+  {
+    GNUNET_break_op (0);
+    return;
+  }
+  cmsg = (const struct TypeMapConfirmationMessage *) msg;
+  if (GNUNET_YES != GSC_TYPEMAP_check_hash (&cmsg->tm_hash))
+  {
+    /* our typemap has changed in the meantime, do not
+       accept confirmation */
+    GNUNET_STATISTICS_update (GSC_stats,
+                              gettext_noop (
+                                "# outdated typemap confirmations received"),
+                              1,
+                              GNUNET_NO);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Got outdated typemap confirmated from peer `%s'\n",
+                GNUNET_i2s (session->peer));
+    return;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Got typemap confirmation from peer `%s'\n",
+              GNUNET_i2s (session->peer));
+  if (NULL != session->typemap_task)
+  {
+    GNUNET_SCHEDULER_cancel (session->typemap_task);
+    session->typemap_task = NULL;
+  }
+  GNUNET_STATISTICS_update (GSC_stats,
+                            gettext_noop (
+                              "# valid typemap confirmations received"),
+                            1,
+                            GNUNET_NO);
+}
+
+
+/**
+ * Notify the given client about the session (client is new).
+ *
+ * @param cls the `struct GSC_Client`
+ * @param key peer identity
+ * @param value the `struct Session`
+ * @return #GNUNET_OK (continue to iterate)
+ */
+static int
+notify_client_about_session (void *cls,
+                             const struct GNUNET_PeerIdentity *key,
+                             void *value)
+{
+  struct GSC_Client *client = cls;
+  struct Session *session = value;
+
+  GSC_CLIENTS_notify_client_about_neighbour (client,
+                                             session->peer,
+                                             NULL, /* old TMAP: none */
+                                             session->tmap);
+  return GNUNET_OK;
+}
+
+
+/**
+ * We have a new client, notify it about all current sessions.
+ *
+ * @param client the new client
+ */
+void
+GSC_SESSIONS_notify_client_about_sessions (struct GSC_Client *client)
+{
+  /* notify new client about existing sessions */
+  GNUNET_CONTAINER_multipeermap_iterate (sessions,
+                                         &notify_client_about_session,
+                                         client);
+}
+
+
+/**
+ * Try to perform a transmission on the given session.  Will solicit
+ * additional messages if the 'sme' queue is not full enough.
+ *
+ * @param session session to transmit messages from
+ */
+static void
+try_transmission (struct Session *session);
+
+
+/**
+ * Queue a request from a client for transmission to a particular peer.
+ *
+ * @param car request to queue; this handle is then shared between
+ *         the caller (CLIENTS subsystem) and SESSIONS and must not
+ *         be released by either until either #GSC_SESSIONS_dequeue(),
+ *         #GSC_SESSIONS_transmit() or #GSC_CLIENTS_failed()
+ *         have been invoked on it
+ */
+void
+GSC_SESSIONS_queue_request (struct GSC_ClientActiveRequest *car)
+{
+  struct Session *session;
+
+  session = find_session (&car->target);
+  if (NULL == session)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Dropped client request for transmission (am disconnected)\n");
+    GNUNET_break (0);  /* should have been rejected earlier */
+    GSC_CLIENTS_reject_request (car, GNUNET_NO);
+    return;
+  }
+  if (car->msize > GNUNET_CONSTANTS_MAX_ENCRYPTED_MESSAGE_SIZE)
+  {
+    GNUNET_break (0);
+    GSC_CLIENTS_reject_request (car, GNUNET_YES);
+    return;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Received client transmission request. queueing\n");
+  GNUNET_CONTAINER_DLL_insert_tail (session->active_client_request_head,
+                                    session->active_client_request_tail,
+                                    car);
+  try_transmission (session);
+}
+
+
+/**
+ * Dequeue a request from a client from transmission to a particular peer.
+ *
+ * @param car request to dequeue; this handle will then be 'owned' by
+ *        the caller (CLIENTS sysbsystem)
+ */
+void
+GSC_SESSIONS_dequeue_request (struct GSC_ClientActiveRequest *car)
+{
+  struct Session *session;
+
+  if (0 == memcmp (&car->target,
+                   &GSC_my_identity,
+                   sizeof(struct GNUNET_PeerIdentity)))
+    return;
+  session = find_session (&car->target);
+  GNUNET_assert (NULL != session);
+  GNUNET_CONTAINER_DLL_remove (session->active_client_request_head,
+                               session->active_client_request_tail,
+                               car);
+  /* dequeueing of 'high' priority messages may unblock
+     transmission for lower-priority messages, so we also
+     need to try in this case. */
+  try_transmission (session);
+}
+
+
+/**
+ * Solicit messages for transmission, starting with those of the highest
+ * priority.
+ *
+ * @param session session to solict messages for
+ * @param msize how many bytes do we have already
+ */
+static void
+solicit_messages (struct Session *session, size_t msize)
+{
+  struct GSC_ClientActiveRequest *car;
+  struct GSC_ClientActiveRequest *nxt;
+  size_t so_size;
+  enum GNUNET_MQ_PriorityPreferences pmax;
+
+  so_size = msize;
+  pmax = GNUNET_MQ_PRIO_BACKGROUND;
+  for (car = session->active_client_request_head; NULL != car; car = car->next)
+  {
+    if (GNUNET_YES == car->was_solicited)
+      continue;
+    pmax = GNUNET_MAX (pmax, car->priority & GNUNET_MQ_PRIORITY_MASK);
+  }
+  nxt = session->active_client_request_head;
+  while (NULL != (car = nxt))
+  {
+    nxt = car->next;
+    if (car->priority < pmax)
+      continue;
+    if (so_size + car->msize > GNUNET_CONSTANTS_MAX_ENCRYPTED_MESSAGE_SIZE)
+      break;
+    so_size += car->msize;
+    if (GNUNET_YES == car->was_solicited)
+      continue;
+    car->was_solicited = GNUNET_YES;
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Soliciting message with priority %u\n",
+                car->priority);
+    GSC_CLIENTS_solicit_request (car);
+    /* The above call may *dequeue* requests and thereby
+       clobber 'nxt'. Hence we need to restart from the
+       head of the list. */
+    nxt = session->active_client_request_head;
+    so_size = msize;
+  }
+}
+
+
+/**
+ * Some messages were delayed (corked), but the timeout has now expired.
+ * Send them now.
+ *
+ * @param cls `struct Session` with the messages to transmit now
+ */
+static void
+pop_cork_task (void *cls)
+{
+  struct Session *session = cls;
+
+  session->cork_task = NULL;
+  try_transmission (session);
+}
+
+
+/**
+ * Try to perform a transmission on the given session. Will solicit
+ * additional messages if the 'sme' queue is not full enough or has
+ * only low-priority messages.
+ *
+ * @param session session to transmit messages from
+ */
+static void
+try_transmission (struct Session *session)
+{
+  struct SessionMessageEntry *pos;
+  size_t msize;
+  struct GNUNET_TIME_Absolute now;
+  struct GNUNET_TIME_Absolute min_deadline;
+  enum GNUNET_MQ_PriorityPreferences maxp;
+  enum GNUNET_MQ_PriorityPreferences maxpc;
+  struct GSC_ClientActiveRequest *car;
+  int excess;
+
+  msize = 0;
+  min_deadline = GNUNET_TIME_UNIT_FOREVER_ABS;
+  /* if the peer has excess bandwidth, background traffic is allowed,
+     otherwise not */
+  if (MAX_ENCRYPTED_MESSAGE_QUEUE_SIZE <=
+      GSC_NEIGHBOURS_get_queue_length (session->kx))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Transmission queue already very long, waiting...\n");
+    return;   /* queue already too long */
+  }
+  excess = GSC_NEIGHBOURS_check_excess_bandwidth (session->kx);
+  if (GNUNET_YES == excess)
+    maxp = GNUNET_MQ_PRIO_BACKGROUND;
+  else
+    maxp = GNUNET_MQ_PRIO_BEST_EFFORT;
+  /* determine highest priority of 'ready' messages we already solicited from clients */
+  pos = session->sme_head;
+  while ((NULL != pos) &&
+         (msize + pos->size <= GNUNET_CONSTANTS_MAX_ENCRYPTED_MESSAGE_SIZE))
+  {
+    GNUNET_assert (pos->size < GNUNET_CONSTANTS_MAX_ENCRYPTED_MESSAGE_SIZE);
+    msize += pos->size;
+    maxp = GNUNET_MAX (maxp, pos->priority & GNUNET_MQ_PRIORITY_MASK);
+    min_deadline = GNUNET_TIME_absolute_min (min_deadline, pos->deadline);
+    pos = pos->next;
+  }
+  GNUNET_log (
+    GNUNET_ERROR_TYPE_DEBUG,
+    "Calculating transmission set with %u priority (%s) and %s earliest deadline\n",
+    maxp,
+    (GNUNET_YES == excess) ? "excess bandwidth" : "limited bandwidth",
+    GNUNET_STRINGS_relative_time_to_string (GNUNET_TIME_absolute_get_remaining (
+                                              min_deadline),
+                                            GNUNET_YES));
+
+  if (maxp < GNUNET_MQ_PRIO_CRITICAL_CONTROL)
+  {
+    /* if highest already solicited priority from clients is not critical,
+       check if there are higher-priority messages to be solicited from clients */
+    if (GNUNET_YES == excess)
+      maxpc = GNUNET_MQ_PRIO_BACKGROUND;
+    else
+      maxpc = GNUNET_MQ_PRIO_BEST_EFFORT;
+    for (car = session->active_client_request_head; NULL != car;
+         car = car->next)
+    {
+      if (GNUNET_YES == car->was_solicited)
+        continue;
+      maxpc = GNUNET_MAX (maxpc, car->priority & GNUNET_MQ_PRIORITY_MASK);
+    }
+    if (maxpc > maxp)
+    {
+      /* we have messages waiting for solicitation that have a higher
+         priority than those that we already accepted; solicit the
+         high-priority messages first */
+      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                  "Soliciting messages based on priority (%u > %u)\n",
+                  maxpc,
+                  maxp);
+      solicit_messages (session, 0);
+      return;
+    }
+  }
+  else
+  {
+    /* never solicit more, we have critical messages to process */
+    excess = GNUNET_NO;
+    maxpc = GNUNET_MQ_PRIO_BACKGROUND;
+  }
+  now = GNUNET_TIME_absolute_get ();
+  if (((GNUNET_YES == excess) || (maxpc >= GNUNET_MQ_PRIO_BEST_EFFORT)) &&
+      ((0 == msize) ||
+       ((msize < GNUNET_CONSTANTS_MAX_ENCRYPTED_MESSAGE_SIZE / 2) &&
+        (min_deadline.abs_value_us > now.abs_value_us))))
+  {
+    /* not enough ready yet (tiny message & cork possible), or no messages at all,
+       and either excess bandwidth or best-effort or higher message waiting at
+       client; in this case, we try to solicit more */
+    GNUNET_log (
+      GNUNET_ERROR_TYPE_DEBUG,
+      "Soliciting messages (excess %d, maxpc %d, message size %u, deadline %s)\n",
+      excess,
+      maxpc,
+      (unsigned int) msize,
+      GNUNET_STRINGS_relative_time_to_string (
+        GNUNET_TIME_absolute_get_remaining (
+          min_deadline),
+        GNUNET_YES));
+    solicit_messages (session, msize);
+    if (msize > 0)
+    {
+      /* if there is data to send, just not yet, make sure we do transmit
+       * it once the deadline is reached */
+      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                  "Corking until %s\n",
+                  GNUNET_STRINGS_relative_time_to_string (
+                    GNUNET_TIME_absolute_get_remaining (min_deadline),
+                    GNUNET_YES));
+      if (NULL != session->cork_task)
+        GNUNET_SCHEDULER_cancel (session->cork_task);
+      session->cork_task =
+        GNUNET_SCHEDULER_add_at (min_deadline, &pop_cork_task, session);
+    }
+    else
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                  "Queue empty, waiting for solicitations\n");
+    }
+    return;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Building combined plaintext buffer to transmit message!\n");
+  /* create plaintext buffer of all messages (that fit), encrypt and
+     transmit */
+  {
+    static unsigned long long total_bytes;
+    static unsigned int total_msgs;
+    char pbuf[msize]; /* plaintext */
+    size_t used;
+
+    used = 0;
+    while ((NULL != (pos = session->sme_head)) && (used + pos->size <= msize))
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                  "Adding message of type %d (%d/%d) to payload for %s\n",
+                  ntohs (((const struct GNUNET_MessageHeader *) &pos[1])->type),
+                  pos->is_typemap,
+                  pos->is_typemap_confirm,
+                  GNUNET_i2s (session->peer));
+      GNUNET_memcpy (&pbuf[used], &pos[1], pos->size);
+      used += pos->size;
+      GNUNET_CONTAINER_DLL_remove (session->sme_head, session->sme_tail, pos);
+      GNUNET_free (pos);
+    }
+    /* compute average payload size */
+    total_bytes += used;
+    total_msgs++;
+    if (0 == total_msgs)
+    {
+      /* 2^32 messages, wrap around... */
+      total_msgs = 1;
+      total_bytes = used;
+    }
+    GNUNET_STATISTICS_set (GSC_stats,
+                           "# avg payload per encrypted message",
+                           total_bytes / total_msgs,
+                           GNUNET_NO);
+    /* now actually transmit... */
+    GSC_KX_encrypt_and_transmit (session->kx, pbuf, used);
+  }
+}
+
+
+/**
+ * Send an updated typemap message to the neighbour now,
+ * and restart typemap transmissions.
+ *
+ * @param cls the message
+ * @param key neighbour's identity
+ * @param value `struct Neighbour` of the target
+ * @return always #GNUNET_OK
+ */
+static int
+do_restart_typemap_message (void *cls,
+                            const struct GNUNET_PeerIdentity *key,
+                            void *value)
+{
+  const struct GNUNET_MessageHeader *hdr = cls;
+  struct Session *session = value;
+  struct SessionMessageEntry *sme;
+  uint16_t size;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Restarting sending TYPEMAP to %s\n",
+              GNUNET_i2s (session->peer));
+  size = ntohs (hdr->size);
+  for (sme = session->sme_head; NULL != sme; sme = sme->next)
+  {
+    if (GNUNET_YES == sme->is_typemap)
+    {
+      GNUNET_CONTAINER_DLL_remove (session->sme_head, session->sme_tail, sme);
+      GNUNET_free (sme);
+      break;
+    }
+  }
+  sme = GNUNET_malloc (sizeof(struct SessionMessageEntry) + size);
+  sme->is_typemap = GNUNET_YES;
+  GNUNET_memcpy (&sme[1], hdr, size);
+  sme->size = size;
+  sme->priority = GNUNET_MQ_PRIO_CRITICAL_CONTROL;
+  GNUNET_CONTAINER_DLL_insert (session->sme_head, session->sme_tail, sme);
+  try_transmission (session);
+  start_typemap_task (session);
+  return GNUNET_OK;
+}
+
+
+/**
+ * Broadcast an updated typemap message to all neighbours.
+ * Restarts the retransmissions until the typemaps are confirmed.
+ *
+ * @param msg message to transmit
+ */
+void
+GSC_SESSIONS_broadcast_typemap (const struct GNUNET_MessageHeader *msg)
+{
+  if (NULL == sessions)
+    return;
+  GNUNET_CONTAINER_multipeermap_iterate (sessions,
+                                         &do_restart_typemap_message,
+                                         (void *) msg);
+}
+
+
+/**
+ * Traffic is being solicited for the given peer.  This means that the
+ * message queue on the transport-level (NEIGHBOURS subsystem) is now
+ * empty and it is now OK to transmit another (non-control) message.
+ *
+ * @param pid identity of peer ready to receive data
+ */
+void
+GSC_SESSIONS_solicit (const struct GNUNET_PeerIdentity *pid)
+{
+  struct Session *session;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Transport solicits for %s\n",
+              GNUNET_i2s (pid));
+  session = find_session (pid);
+  if (NULL == session)
+    return;
+  try_transmission (session);
+}
+
+
+void
+GSC_SESSIONS_transmit (struct GSC_ClientActiveRequest *car,
+                       const struct GNUNET_MessageHeader *msg,
+                       enum GNUNET_MQ_PriorityPreferences priority)
+{
+  struct Session *session;
+  struct SessionMessageEntry *sme;
+  struct SessionMessageEntry *pos;
+  size_t msize;
+
+  session = find_session (&car->target);
+  if (NULL == session)
+    return;
+  msize = ntohs (msg->size);
+  sme = GNUNET_malloc (sizeof(struct SessionMessageEntry) + msize);
+  GNUNET_memcpy (&sme[1], msg, msize);
+  sme->size = msize;
+  sme->priority = priority;
+  if (0 != (GNUNET_MQ_PREF_CORK_ALLOWED & priority))
+  {
+    sme->deadline =
+      GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_MAX_CORK_DELAY);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Message corked, delaying transmission\n");
+  }
+  pos = session->sme_head;
+  while ((NULL != pos) && (pos->priority >= sme->priority))
+    pos = pos->next;
+  if (NULL == pos)
+    GNUNET_CONTAINER_DLL_insert_tail (session->sme_head,
+                                      session->sme_tail,
+                                      sme);
+  else
+    GNUNET_CONTAINER_DLL_insert_after (session->sme_head,
+                                       session->sme_tail,
+                                       pos->prev,
+                                       sme);
+  try_transmission (session);
+}
+
+
+void
+GSC_SESSIONS_set_typemap (const struct GNUNET_PeerIdentity *peer,
+                          const struct GNUNET_MessageHeader *msg)
+{
+  struct Session *session;
+  struct GSC_TypeMap *nmap;
+  struct SessionMessageEntry *sme;
+  struct TypeMapConfirmationMessage *tmc;
+
+  nmap = GSC_TYPEMAP_get_from_message (msg);
+  if (NULL == nmap)
+  {
+    GNUNET_break_op (0);
+    return;   /* malformed */
+  }
+  session = find_session (peer);
+  if (NULL == session)
+  {
+    GSC_TYPEMAP_destroy (nmap);
+    GNUNET_break (0);
+    return;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Received TYPEMAP from %s\n",
+              GNUNET_i2s (session->peer));
+  for (sme = session->sme_head; NULL != sme; sme = sme->next)
+  {
+    if (GNUNET_YES == sme->is_typemap_confirm)
+    {
+      GNUNET_CONTAINER_DLL_remove (session->sme_head, session->sme_tail, sme);
+      GNUNET_free (sme);
+      break;
+    }
+  }
+  sme = GNUNET_malloc (sizeof(struct SessionMessageEntry)
+                       + sizeof(struct TypeMapConfirmationMessage));
+  sme->deadline = GNUNET_TIME_absolute_get ();
+  sme->size = sizeof(struct TypeMapConfirmationMessage);
+  sme->priority = GNUNET_MQ_PRIO_CRITICAL_CONTROL;
+  sme->is_typemap_confirm = GNUNET_YES;
+  tmc = (struct TypeMapConfirmationMessage *) &sme[1];
+  tmc->header.size = htons (sizeof(struct TypeMapConfirmationMessage));
+  tmc->header.type = htons (GNUNET_MESSAGE_TYPE_CORE_CONFIRM_TYPE_MAP);
+  tmc->reserved = htonl (0);
+  GSC_TYPEMAP_hash (nmap, &tmc->tm_hash);
+  GNUNET_CONTAINER_DLL_insert (session->sme_head, session->sme_tail, sme);
+  try_transmission (session);
+  GSC_CLIENTS_notify_clients_about_neighbour (peer, session->tmap, nmap);
+  GSC_TYPEMAP_destroy (session->tmap);
+  session->tmap = nmap;
+}
+
+
+/**
+ * The given peer send a message of the specified type.  Make sure the
+ * respective bit is set in its type-map and that clients are notified
+ * about the session.
+ *
+ * @param peer peer this is about
+ * @param type type of the message
+ */
+void
+GSC_SESSIONS_add_to_typemap (const struct GNUNET_PeerIdentity *peer,
+                             uint16_t type)
+{
+  struct Session *session;
+  struct GSC_TypeMap *nmap;
+
+  if (0 == memcmp (peer, &GSC_my_identity, sizeof(struct GNUNET_PeerIdentity)))
+    return;
+  session = find_session (peer);
+  GNUNET_assert (NULL != session);
+  if (GNUNET_YES == GSC_TYPEMAP_test_match (session->tmap, &type, 1))
+    return; /* already in it */
+  nmap = GSC_TYPEMAP_extend (session->tmap, &type, 1);
+  GSC_CLIENTS_notify_clients_about_neighbour (peer, session->tmap, nmap);
+  GSC_TYPEMAP_destroy (session->tmap);
+  session->tmap = nmap;
+}
+
+
+/**
+ * Initialize sessions subsystem.
+ */
+void
+GSC_SESSIONS_init ()
+{
+  sessions = GNUNET_CONTAINER_multipeermap_create (128, GNUNET_YES);
+}
+
+
+/**
+ * Helper function for #GSC_SESSIONS_done() to free all
+ * active sessions.
+ *
+ * @param cls NULL
+ * @param key identity of the connected peer
+ * @param value the `struct Session` for the peer
+ * @return #GNUNET_OK (continue to iterate)
+ */
+static int
+free_session_helper (void *cls,
+                     const struct GNUNET_PeerIdentity *key,
+                     void *value)
+{
+  /* struct Session *session = value; */
+
+  GSC_SESSIONS_end (key);
+  return GNUNET_OK;
+}
+
+
+/**
+ * Shutdown sessions subsystem.
+ */
+void
+GSC_SESSIONS_done ()
+{
+  if (NULL != sessions)
+  {
+    GNUNET_CONTAINER_multipeermap_iterate (sessions,
+                                           &free_session_helper,
+                                           NULL);
+    GNUNET_CONTAINER_multipeermap_destroy (sessions);
+    sessions = NULL;
+  }
+}
+
+
+/* end of gnunet-service-core_sessions.c */
diff --git a/src/service/core/gnunet-service-core_sessions.h b/src/service/core/gnunet-service-core_sessions.h
new file mode 100644
index 000000000..fda2cc32c
--- /dev/null
+++ b/src/service/core/gnunet-service-core_sessions.h
@@ -0,0 +1,183 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2009-2014 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+
+/**
+ * @file core/gnunet-service-core_neighbours.h
+ * @brief code for managing of 'encrypted' sessions (key exchange done)
+ * @author Christian Grothoff
+ */
+#ifndef GNUNET_SERVICE_CORE_SESSIONS_H
+#define GNUNET_SERVICE_CORE_SESSIONS_H
+
+#include "gnunet-service-core.h"
+#include "gnunet-service-core_kx.h"
+
+
+/**
+ * Create a session, a key exchange was just completed.
+ *
+ * @param peer peer that is now connected
+ * @param kx key exchange that completed
+ */
+void
+GSC_SESSIONS_create (const struct GNUNET_PeerIdentity *peer,
+                     struct GSC_KeyExchangeInfo *kx);
+
+
+/**
+ * The other peer has indicated that it 'lost' the session
+ * (KX down), reinitialize the session on our end, in particular
+ * this means to restart the typemap transmission.
+ *
+ * @param peer peer that is now connected
+ */
+void
+GSC_SESSIONS_reinit (const struct GNUNET_PeerIdentity *peer);
+
+
+/**
+ * The other peer has confirmed receiving our type map,
+ * check if it is current and if so, stop retransmitting it.
+ *
+ * @param peer peer that confirmed the type map
+ * @param msg confirmation message we received
+ */
+void
+GSC_SESSIONS_confirm_typemap (const struct GNUNET_PeerIdentity *peer,
+                              const struct GNUNET_MessageHeader *msg);
+
+
+/**
+ * End the session with the given peer (we are no longer
+ * connected).
+ *
+ * @param pid identity of peer to kill session with
+ */
+void
+GSC_SESSIONS_end (const struct GNUNET_PeerIdentity *pid);
+
+
+/**
+ * Traffic is being solicited for the given peer.  This means that the
+ * message queue on the transport-level (NEIGHBOURS subsystem) is now
+ * empty and it is now OK to transmit another (non-control) message.
+ *
+ * @param pid identity of peer ready to receive data
+ */
+void
+GSC_SESSIONS_solicit (const struct GNUNET_PeerIdentity *pid);
+
+
+/**
+ * Queue a request from a client for transmission to a particular peer.
+ *
+ * @param car request to queue; this handle is then shared between
+ *         the caller (CLIENTS subsystem) and SESSIONS and must not
+ *         be released by either until either 'GNUNET_SESSIONS_dequeue',
+ *         or 'GNUNET_CLIENTS_failed'
+ *         have been invoked on it
+ */
+void
+GSC_SESSIONS_queue_request (struct GSC_ClientActiveRequest *car);
+
+
+/**
+ * Dequeue a request from a client from transmission to a particular peer.
+ *
+ * @param car request to dequeue; this handle will then be 'owned' by
+ *        the caller (CLIENTS sysbsystem)
+ */
+void
+GSC_SESSIONS_dequeue_request (struct GSC_ClientActiveRequest *car);
+
+
+/**
+ * Transmit a message to a particular peer.
+ *
+ * @param car original request that was queued and then solicited,
+ *            ownership does not change (dequeue will be called soon).
+ * @param msg message to transmit
+ * @param priority how important is this message
+ */
+void
+GSC_SESSIONS_transmit (struct GSC_ClientActiveRequest *car,
+                       const struct GNUNET_MessageHeader *msg,
+                       enum GNUNET_MQ_PriorityPreferences priority);
+
+
+/**
+ * Broadcast an updated typemap message to all neighbours.
+ * Restarts the retransmissions until the typemaps are confirmed.
+ *
+ * @param msg message to transmit
+ */
+void
+GSC_SESSIONS_broadcast_typemap (const struct GNUNET_MessageHeader *msg);
+
+
+/**
+ * We have a new client, notify it about all current sessions.
+ *
+ * @param client the new client
+ */
+void
+GSC_SESSIONS_notify_client_about_sessions (struct GSC_Client *client);
+
+
+/**
+ * We've received a typemap message from a peer, update ours.
+ * Notifies clients about the session.
+ *
+ * @param peer peer this is about
+ * @param msg typemap update message
+ */
+void
+GSC_SESSIONS_set_typemap (const struct GNUNET_PeerIdentity *peer,
+                          const struct GNUNET_MessageHeader *msg);
+
+
+/**
+ * The given peer send a message of the specified type.  Make sure the
+ * respective bit is set in its type-map and that clients are notified
+ * about the session.
+ *
+ * @param peer peer this is about
+ * @param type type of the message
+ */
+void
+GSC_SESSIONS_add_to_typemap (const struct GNUNET_PeerIdentity *peer,
+                             uint16_t type);
+
+
+/**
+ * Initialize sessions subsystem.
+ */
+void
+GSC_SESSIONS_init (void);
+
+
+/**
+ * Shutdown sessions subsystem.
+ */
+void
+GSC_SESSIONS_done (void);
+
+
+#endif
diff --git a/src/service/core/gnunet-service-core_typemap.c b/src/service/core/gnunet-service-core_typemap.c
new file mode 100644
index 000000000..200a84b23
--- /dev/null
+++ b/src/service/core/gnunet-service-core_typemap.c
@@ -0,0 +1,370 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2011-2014 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+
+/**
+ * @file core/gnunet-service-core_typemap.c
+ * @brief management of map that specifies which message types this peer supports
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include "gnunet-service-core.h"
+#include "gnunet-service-core_sessions.h"
+#include "gnunet-service-core_typemap.h"
+#include <zlib.h>
+
+
+/**
+ * A type map describing which messages a given neighbour is able
+ * to process.
+ */
+struct GSC_TypeMap
+{
+  uint32_t bits[(UINT16_MAX + 1) / 32];
+};
+
+/**
+ * Bitmap of message types this peer is able to handle.
+ */
+static struct GSC_TypeMap my_type_map;
+
+/**
+ * Counters for message types this peer is able to handle.
+ */
+static uint8_t map_counters[UINT16_MAX + 1];
+
+/**
+ * Current hash of our (uncompressed) type map.
+ * Lazily computed when needed.
+ */
+static struct GNUNET_HashCode my_tm_hash;
+
+/**
+ * Is #my_tm_hash() current with respect to our type map?
+ */
+static int hash_current;
+
+
+/**
+ * Our type map changed, recompute its hash.
+ */
+static void
+rehash_typemap ()
+{
+  hash_current = GNUNET_NO;
+}
+
+
+/**
+ * Hash the contents of a type map.
+ *
+ * @param tm map to hash
+ * @param hc where to store the hash code
+ */
+void
+GSC_TYPEMAP_hash (const struct GSC_TypeMap *tm, struct GNUNET_HashCode *hc)
+{
+  GNUNET_CRYPTO_hash (tm, sizeof(struct GSC_TypeMap), hc);
+}
+
+
+/**
+ * Check if the given hash matches our current type map.
+ *
+ * @param hc hash code to check if it matches our type map
+ * @return #GNUNET_YES if the hash matches, #GNUNET_NO if not
+ */
+int
+GSC_TYPEMAP_check_hash (const struct GNUNET_HashCode *hc)
+{
+  if (GNUNET_NO == hash_current)
+  {
+    GSC_TYPEMAP_hash (&my_type_map, &my_tm_hash);
+    hash_current = GNUNET_YES;
+  }
+  return (0 == memcmp (hc, &my_tm_hash, sizeof(struct GNUNET_HashCode)))
+         ? GNUNET_YES
+         : GNUNET_NO;
+}
+
+
+/**
+ * Compute a type map message for this peer.
+ *
+ * @return this peers current type map message.
+ */
+struct GNUNET_MessageHeader *
+GSC_TYPEMAP_compute_type_map_message ()
+{
+  char *tmp;
+  uLongf dlen;
+  struct GNUNET_MessageHeader *hdr;
+
+#ifdef compressBound
+  dlen = compressBound (sizeof(my_type_map));
+#else
+  dlen = sizeof(my_type_map) + (sizeof(my_type_map) / 100) + 20;
+  /* documentation says 100.1% oldSize + 12 bytes, but we
+   * should be able to overshoot by more to be safe */
+#endif
+  hdr = GNUNET_malloc (dlen + sizeof(struct GNUNET_MessageHeader));
+  tmp = (char *) &hdr[1];
+  if ((Z_OK != compress2 ((Bytef *) tmp,
+                          &dlen,
+                          (const Bytef *) &my_type_map,
+                          sizeof(my_type_map),
+                          9)) ||
+      (dlen >= sizeof(my_type_map)))
+  {
+    /* compression failed, use uncompressed map */
+    dlen = sizeof(my_type_map);
+    GNUNET_memcpy (tmp, &my_type_map, sizeof(my_type_map));
+    hdr->type = htons (GNUNET_MESSAGE_TYPE_CORE_BINARY_TYPE_MAP);
+  }
+  else
+  {
+    /* compression worked, use compressed map */
+    hdr->type = htons (GNUNET_MESSAGE_TYPE_CORE_COMPRESSED_TYPE_MAP);
+  }
+  hdr->size = htons ((uint16_t) dlen + sizeof(struct GNUNET_MessageHeader));
+  return hdr;
+}
+
+
+/**
+ * Extract a type map from a TYPE_MAP message.
+ *
+ * @param msg a type map message
+ * @return NULL on error
+ */
+struct GSC_TypeMap *
+GSC_TYPEMAP_get_from_message (const struct GNUNET_MessageHeader *msg)
+{
+  struct GSC_TypeMap *ret;
+  uint16_t size;
+  uLongf dlen;
+
+  size = ntohs (msg->size);
+  switch (ntohs (msg->type))
+  {
+  case GNUNET_MESSAGE_TYPE_CORE_BINARY_TYPE_MAP:
+    GNUNET_STATISTICS_update (GSC_stats,
+                              gettext_noop ("# type maps received"),
+                              1,
+                              GNUNET_NO);
+    if (size != sizeof(struct GSC_TypeMap))
+    {
+      GNUNET_break_op (0);
+      return NULL;
+    }
+    ret = GNUNET_new (struct GSC_TypeMap);
+    GNUNET_memcpy (ret, &msg[1], sizeof(struct GSC_TypeMap));
+    return ret;
+
+  case GNUNET_MESSAGE_TYPE_CORE_COMPRESSED_TYPE_MAP:
+    GNUNET_STATISTICS_update (GSC_stats,
+                              gettext_noop ("# type maps received"),
+                              1,
+                              GNUNET_NO);
+    ret = GNUNET_new (struct GSC_TypeMap);
+    dlen = sizeof(struct GSC_TypeMap);
+    if ((Z_OK != uncompress ((Bytef *) ret,
+                             &dlen,
+                             (const Bytef *) &msg[1],
+                             (uLong) size)) ||
+        (dlen != sizeof(struct GSC_TypeMap)))
+    {
+      GNUNET_break_op (0);
+      GNUNET_free (ret);
+      return NULL;
+    }
+    return ret;
+
+  default:
+    GNUNET_break (0);
+    return NULL;
+  }
+}
+
+
+/**
+ * Send my type map to all connected peers (it got changed).
+ */
+static void
+broadcast_my_type_map ()
+{
+  struct GNUNET_MessageHeader *hdr;
+
+  hdr = GSC_TYPEMAP_compute_type_map_message ();
+  GNUNET_STATISTICS_update (GSC_stats,
+                            gettext_noop ("# updates to my type map"),
+                            1,
+                            GNUNET_NO);
+  GSC_SESSIONS_broadcast_typemap (hdr);
+  GNUNET_free (hdr);
+}
+
+
+/**
+ * Add a set of types to our type map.
+ *
+ * @param types array of message types supported by this peer
+ * @param tlen number of entries in @a types
+ */
+void
+GSC_TYPEMAP_add (const uint16_t *types, unsigned int tlen)
+{
+  unsigned int i;
+  int changed;
+
+  changed = GNUNET_NO;
+  for (i = 0; i < tlen; i++)
+  {
+    if (0 == map_counters[types[i]]++)
+    {
+      my_type_map.bits[types[i] / 32] |= (1 << (types[i] % 32));
+      changed = GNUNET_YES;
+    }
+  }
+  if (GNUNET_YES == changed)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Typemap changed, broadcasting!\n");
+    rehash_typemap ();
+    broadcast_my_type_map ();
+  }
+}
+
+
+void
+GSC_TYPEMAP_remove (const uint16_t *types, unsigned int tlen)
+{
+  int changed;
+
+  changed = GNUNET_NO;
+  for (unsigned int i = 0; i < tlen; i++)
+  {
+    if (0 == --map_counters[types[i]])
+    {
+      my_type_map.bits[types[i] / 32] &= ~(1 << (types[i] % 32));
+      changed = GNUNET_YES;
+    }
+  }
+  if (GNUNET_YES == changed)
+  {
+    rehash_typemap ();
+    broadcast_my_type_map ();
+  }
+}
+
+
+/**
+ * Test if any of the types from the types array is in the
+ * given type map.
+ *
+ * @param tmap map to test
+ * @param types array of types
+ * @param tcnt number of entries in @a types
+ * @return #GNUNET_YES if a type is in the map, #GNUNET_NO if not
+ */
+int
+GSC_TYPEMAP_test_match (const struct GSC_TypeMap *tmap,
+                        const uint16_t *types,
+                        unsigned int tcnt)
+{
+  if (NULL == tmap)
+    return GNUNET_NO;
+  if (0 == tcnt)
+    return GNUNET_YES; /* matches all */
+  for (unsigned int i = 0; i < tcnt; i++)
+    if (0 != (tmap->bits[types[i] / 32] & (1 << (types[i] % 32))))
+      return GNUNET_YES;
+  return GNUNET_NO;
+}
+
+
+/**
+ * Add additional types to a given typemap.
+ *
+ * @param tmap map to extend (not changed)
+ * @param types array of types to add
+ * @param tcnt number of entries in @a types
+ * @return updated type map (fresh copy)
+ */
+struct GSC_TypeMap *
+GSC_TYPEMAP_extend (const struct GSC_TypeMap *tmap,
+                    const uint16_t *types,
+                    unsigned int tcnt)
+{
+  struct GSC_TypeMap *ret;
+
+  ret = GNUNET_new (struct GSC_TypeMap);
+  if (NULL != tmap)
+    GNUNET_memcpy (ret, tmap, sizeof(struct GSC_TypeMap));
+  for (unsigned int i = 0; i < tcnt; i++)
+    ret->bits[types[i] / 32] |= (1 << (types[i] % 32));
+  return ret;
+}
+
+
+/**
+ * Create an empty type map.
+ *
+ * @return an empty type map
+ */
+struct GSC_TypeMap *
+GSC_TYPEMAP_create ()
+{
+  return GNUNET_new (struct GSC_TypeMap);
+}
+
+
+/**
+ * Free the given type map.
+ *
+ * @param tmap a type map
+ */
+void
+GSC_TYPEMAP_destroy (struct GSC_TypeMap *tmap)
+{
+  GNUNET_free (tmap);
+}
+
+
+/**
+ * Initialize typemap subsystem.
+ */
+void
+GSC_TYPEMAP_init ()
+{
+  /* nothing to do */
+}
+
+
+/**
+ * Shutdown typemap subsystem.
+ */
+void
+GSC_TYPEMAP_done ()
+{
+  /* nothing to do */
+}
+
+
+/* end of gnunet-service-core_typemap.c */
diff --git a/src/service/core/gnunet-service-core_typemap.h b/src/service/core/gnunet-service-core_typemap.h
new file mode 100644
index 000000000..de41f4220
--- /dev/null
+++ b/src/service/core/gnunet-service-core_typemap.h
@@ -0,0 +1,162 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2011 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+
+/**
+ * @file core/gnunet-service-core_typemap.h
+ * @brief management of map that specifies which message types this peer supports
+ * @author Christian Grothoff
+ */
+#ifndef GNUNET_SERVICE_CORE_TYPEMAP_H
+#define GNUNET_SERVICE_CORE_TYPEMAP_H
+
+#include "gnunet_util_lib.h"
+
+/**
+ * Map specifying which message types a peer supports.
+ */
+struct GSC_TypeMap;
+
+
+/**
+ * Add a set of types to our type map.
+ *
+ * @param types array of message types supported by this peer
+ * @param tlen number of entries in @a types
+ */
+void
+GSC_TYPEMAP_add (const uint16_t *types,
+                 unsigned int tlen);
+
+
+/**
+ * Remove a set of message types from our type map.
+ *
+ * @param types array of message types no longer supported by this peer
+ * @param tlen number of entries in @a types
+ */
+void
+GSC_TYPEMAP_remove (const uint16_t *types,
+                    unsigned int tlen);
+
+
+/**
+ * Compute a type map message for this peer.
+ *
+ * @return this peers current type map message.
+ */
+struct GNUNET_MessageHeader *
+GSC_TYPEMAP_compute_type_map_message (void);
+
+
+/**
+ * Check if the given hash matches our current type map.
+ *
+ * @param hc hash code to check if it matches our type map
+ * @return #GNUNET_YES if the hash matches, #GNUNET_NO if not
+ */
+int
+GSC_TYPEMAP_check_hash (const struct GNUNET_HashCode *hc);
+
+
+/**
+ * Hash the contents of a type map.
+ *
+ * @param tm map to hash
+ * @param hc where to store the hash code
+ */
+void
+GSC_TYPEMAP_hash (const struct GSC_TypeMap *tm,
+                  struct GNUNET_HashCode *hc);
+
+
+/**
+ * Extract a type map from a
+ * #GNUNET_MESSAGE_TYPE_CORE_COMRESSED_TYPE_MAP or
+ * #GNUNET_MESSAGE_TYPE_CORE_BINARY_TYPE_MAP message.
+ *
+ * @param msg a type map message
+ * @return NULL on error
+ */
+struct GSC_TypeMap *
+GSC_TYPEMAP_get_from_message (const struct GNUNET_MessageHeader *msg);
+
+
+/**
+ * Test if any of the types from the types array is in the
+ * given type map.
+ *
+ * @param tmap map to test
+ * @param types array of types
+ * @param tcnt number of entries in @a types
+ * @return #GNUNET_YES if a type is in the map, #GNUNET_NO if not
+ */
+int
+GSC_TYPEMAP_test_match (const struct GSC_TypeMap *tmap,
+                        const uint16_t *types,
+                        unsigned int tcnt);
+
+
+/**
+ * Add additional types to a given typemap.
+ *
+ * @param tmap map to extend (not changed)
+ * @param types array of types to add
+ * @param tcnt number of entries in @a types
+ * @return updated type map (fresh copy)
+ */
+struct GSC_TypeMap *
+GSC_TYPEMAP_extend (const struct GSC_TypeMap *tmap,
+                    const uint16_t *types,
+                    unsigned int tcnt);
+
+
+/**
+ * Create an empty type map.
+ *
+ * @return an empty type map
+ */
+struct GSC_TypeMap *
+GSC_TYPEMAP_create (void);
+
+
+/**
+ * Free the given type map.
+ *
+ * @param tmap a type map
+ */
+void
+GSC_TYPEMAP_destroy (struct GSC_TypeMap *tmap);
+
+
+/**
+ * Initialize typemap subsystem.
+ */
+void
+GSC_TYPEMAP_init (void);
+
+
+/**
+ * Shutdown typemap subsystem.
+ */
+void
+GSC_TYPEMAP_done (void);
+
+#endif
+/* end of gnunet-service-core_typemap.h */
diff --git a/src/service/core/meson.build b/src/service/core/meson.build
new file mode 100644
index 000000000..09fdc8dab
--- /dev/null
+++ b/src/service/core/meson.build
@@ -0,0 +1,113 @@
+libgnunetcore_src = ['core_api.c',
+                    'core_api_monitor_peers.c']
+
+gnunetservicecore_src = ['gnunet-service-core.c',
+                        'gnunet-service-core_kx.c',
+                        'gnunet-service-core_sessions.c',
+                        'gnunet-service-core_typemap.c']
+
+configure_file(input : 'core.conf.in',
+               output : 'core.conf',
+               configuration : cdata,
+               install: true,
+               install_dir: pkgcfgdir)
+
+
+if get_option('monolith')
+  foreach p : libgnunetcore_src + gnunetservicecore_src
+    gnunet_src += 'core/' + p
+  endforeach
+endif
+
+libgnunetcore = library('gnunetcore',
+          libgnunetcore_src,
+          dependencies: libgnunetutil_dep,
+          include_directories: [incdir, configuration_inc],
+          install: true,
+          soversion: '0',
+          version: '0.0.1',
+          install_dir: get_option('libdir'))
+libgnunetcore_dep = declare_dependency(link_with : libgnunetcore)
+pkg.generate(libgnunetcore, url: 'https://www.gnunet.org',
+             description : 'Provides API for (encrypted) P2P communication')
+
+libgnunetcoretesting = library('gnunetcoretesting',
+          ['core_api_cmd_connecting_peers.c'],
+          dependencies: [
+            libgnunetutil_dep,
+            libgnunettransporttesting2_dep,
+            libgnunettesting_dep,
+            libgnunetarm_dep,
+            libgnunettransportapplication_dep,
+            libgnunettransportcore_dep,
+          ],
+          include_directories: [incdir, configuration_inc],
+          install: true,
+          soversion: '0',
+          version: '0.0.0',
+          install_dir: get_option('libdir'))
+libgnunetcoretesting_dep = declare_dependency(link_with : libgnunetcoretesting)
+
+shared_module('gnunet_test_core_plugin_cmd_just_run',
+        ['test_core_plugin_cmd_just_run.c'],
+        dependencies: [libgnunetutil_dep,
+                       libgnunettesting_dep,
+                       libgnunetcoretesting_dep,
+                       libgnunettransporttesting2_dep,
+                       libgnunettransportcore_dep,
+                       libgnunettransportapplication_dep,
+                       libgnunettesting_dep,
+                       libgnunetpeerstore_dep,
+                       libgnunetstatistics_dep,
+                       libgnunethello_dep,
+                       libgnunetarm_dep
+                       ],
+        include_directories: [incdir, configuration_inc],
+        install: false)
+
+executable ('gnunet-service-core',
+            gnunetservicecore_src,
+            dependencies: [libgnunetcore_dep, libgnunetutil_dep,
+                           libgnunetstatistics_dep,
+                           libgnunettransportcore_dep,
+                           zlib_dep],
+            include_directories: [incdir, configuration_inc],
+            install: true,
+            install_dir: get_option('libdir') / 'gnunet' / 'libexec')
+
+configure_file(input : 'test_core_defaults.conf',
+               output : 'test_core_defaults.conf',
+               copy: true)
+
+configure_file(input : 'test_core_api_send_to_self.conf',
+               output : 'test_core_api_send_to_self.conf',
+               copy: true)
+
+configure_file(input : 'test_core_api_peer1.conf',
+               output : 'test_core_api_peer1.conf',
+               copy: true)
+
+testcore_api_send_self = executable ('test_core_api_send_to_self',
+            ['test_core_api_send_to_self.c'],
+            dependencies: [
+              libgnunetcore_dep,
+              libgnunetutil_dep,
+              libgnunettesting_dep
+              ],
+            include_directories: [incdir, configuration_inc],
+            install: false)
+
+testcore_api_start = executable ('test_core_api_start_only',
+            ['test_core_api_send_to_self.c'],
+            dependencies: [
+              libgnunetcore_dep,
+              libgnunetutil_dep,
+              libgnunettesting_dep
+              ],
+            include_directories: [incdir, configuration_inc],
+            install: false)
+
+test('test_core_api_send_to_self', testcore_api_send_self,
+  suite: 'core', workdir: meson.current_build_dir())
+test('test_core_api_start_only', testcore_api_start,
+  suite: 'core', workdir: meson.current_build_dir())
diff --git a/src/service/core/test_core_api.c b/src/service/core/test_core_api.c
new file mode 100644
index 000000000..653ce1aa0
--- /dev/null
+++ b/src/service/core/test_core_api.c
@@ -0,0 +1,348 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2009, 2010, 2015, 2016 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+/**
+ * @file core/test_core_api.c
+ * @brief testcase for core_api.c
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "gnunet_arm_service.h"
+#include "gnunet_core_service.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_transport_service.h"
+#include "gnunet_transport_hello_service.h"
+#include "gnunet_ats_service.h"
+
+#define MTYPE 12345
+
+struct PeerContext
+{
+  struct GNUNET_CONFIGURATION_Handle *cfg;
+  struct GNUNET_CORE_Handle *ch;
+  struct GNUNET_PeerIdentity id;
+  struct GNUNET_TRANSPORT_OfferHelloHandle *oh;
+  struct GNUNET_TRANSPORT_HelloGetHandle *ghh;
+  struct GNUNET_ATS_ConnectivityHandle *ats;
+  struct GNUNET_ATS_ConnectivitySuggestHandle *ats_sh;
+  struct GNUNET_MessageHeader *hello;
+  int connect_status;
+  struct GNUNET_OS_Process *arm_proc;
+};
+
+static struct PeerContext p1;
+
+static struct PeerContext p2;
+
+static struct GNUNET_SCHEDULER_Task *err_task;
+
+static int ok;
+
+#define OKPP                                  \
+  do                                          \
+  {                                           \
+    ok++;                                     \
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,      \
+                "Now at stage %u at %s:%u\n", \
+                ok,                           \
+                __FILE__,                     \
+                __LINE__);                    \
+  } while (0)
+
+
+static void
+offer_hello_done (void *cls)
+{
+  struct PeerContext *p = cls;
+
+  p->oh = NULL;
+}
+
+
+static void
+process_hello (void *cls, const struct GNUNET_MessageHeader *message)
+{
+  struct PeerContext *p = cls;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Received (my) HELLO from transport service\n");
+  GNUNET_assert (message != NULL);
+  if ((p == &p1) && (NULL == p2.oh))
+    p2.oh =
+      GNUNET_TRANSPORT_offer_hello (p2.cfg, message, &offer_hello_done, &p2);
+  if ((p == &p2) && (NULL == p1.oh))
+    p1.oh =
+      GNUNET_TRANSPORT_offer_hello (p1.cfg, message, &offer_hello_done, &p1);
+}
+
+
+static void
+terminate_peer (struct PeerContext *p)
+{
+  if (NULL != p->ch)
+  {
+    GNUNET_CORE_disconnect (p->ch);
+    p->ch = NULL;
+  }
+  if (NULL != p->ghh)
+  {
+    GNUNET_TRANSPORT_hello_get_cancel (p->ghh);
+    p->ghh = NULL;
+  }
+  if (NULL != p->oh)
+  {
+    GNUNET_TRANSPORT_offer_hello_cancel (p->oh);
+    p->oh = NULL;
+  }
+  if (NULL != p->ats_sh)
+  {
+    GNUNET_ATS_connectivity_suggest_cancel (p->ats_sh);
+    p->ats_sh = NULL;
+  }
+  if (NULL != p->ats)
+  {
+    GNUNET_ATS_connectivity_done (p->ats);
+    p->ats = NULL;
+  }
+}
+
+
+static void
+terminate_task (void *cls)
+{
+  GNUNET_assert (ok == 6);
+  terminate_peer (&p1);
+  terminate_peer (&p2);
+  ok = 0;
+}
+
+
+static void
+terminate_task_error (void *cls)
+{
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "ENDING ANGRILY %u\n", ok);
+  GNUNET_break (0);
+  terminate_peer (&p1);
+  terminate_peer (&p2);
+  ok = 42;
+}
+
+
+static void *
+connect_notify (void *cls,
+                const struct GNUNET_PeerIdentity *peer,
+                struct GNUNET_MQ_Handle *mq)
+{
+  struct PeerContext *pc = cls;
+  struct GNUNET_MQ_Envelope *env;
+  struct GNUNET_MessageHeader *msg;
+
+  if (0 == memcmp (&pc->id, peer, sizeof(struct GNUNET_PeerIdentity)))
+    return (void *) peer;
+  GNUNET_assert (pc->connect_status == 0);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Encrypted connection established to peer `%s'\n",
+              GNUNET_i2s (peer));
+  pc->connect_status = 1;
+  if (pc == &p1)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Asking core (1) for transmission to peer `%s'\n",
+                GNUNET_i2s (&p2.id));
+    env = GNUNET_MQ_msg (msg, MTYPE);
+    /* enable corking for this test */
+    GNUNET_MQ_env_set_options (env,
+                               GNUNET_MQ_PRIO_BEST_EFFORT
+                               | GNUNET_MQ_PREF_CORK_ALLOWED);
+    /* now actually transmit message */
+    GNUNET_assert (ok == 4);
+    OKPP;
+    GNUNET_MQ_send (mq, env);
+  }
+  return (void *) peer;
+}
+
+
+static void
+disconnect_notify (void *cls,
+                   const struct GNUNET_PeerIdentity *peer,
+                   void *internal_cls)
+{
+  struct PeerContext *pc = cls;
+
+  if (0 == memcmp (&pc->id, peer, sizeof(struct GNUNET_PeerIdentity)))
+    return;
+  pc->connect_status = 0;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Encrypted connection to `%s' cut\n",
+              GNUNET_i2s (peer));
+}
+
+
+static void
+handle_test (void *cls, const struct GNUNET_MessageHeader *message)
+{
+  const struct GNUNET_PeerIdentity *peer = cls;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Receiving message from `%s'.\n",
+              GNUNET_i2s (peer));
+  GNUNET_assert (ok == 5);
+  OKPP;
+  GNUNET_SCHEDULER_cancel (err_task);
+  err_task = GNUNET_SCHEDULER_add_now (&terminate_task, NULL);
+}
+
+
+static void
+init_notify (void *cls, const struct GNUNET_PeerIdentity *my_identity)
+{
+  struct PeerContext *p = cls;
+  struct GNUNET_MQ_MessageHandler handlers[] =
+  { GNUNET_MQ_hd_fixed_size (test, MTYPE, struct GNUNET_MessageHeader, NULL),
+    GNUNET_MQ_handler_end () };
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Core connection to `%s' established\n",
+              GNUNET_i2s (my_identity));
+  p->id = *my_identity;
+  if (cls == &p1)
+  {
+    GNUNET_assert (ok == 2);
+    OKPP;
+    /* connect p2 */
+    p2.ch = GNUNET_CORE_connect (p2.cfg,
+                                 &p2,
+                                 &init_notify,
+                                 &connect_notify,
+                                 &disconnect_notify,
+                                 handlers);
+  }
+  else
+  {
+    GNUNET_assert (ok == 3);
+    OKPP;
+    GNUNET_assert (cls == &p2);
+    p1.ats_sh = GNUNET_ATS_connectivity_suggest (p1.ats, &p2.id, 1);
+  }
+}
+
+
+static void
+setup_peer (struct PeerContext *p, const char *cfgname)
+{
+  char *binary;
+
+  binary = GNUNET_OS_get_libexec_binary_path ("gnunet-service-arm");
+  p->cfg = GNUNET_CONFIGURATION_create ();
+  p->arm_proc = GNUNET_OS_start_process (GNUNET_OS_INHERIT_STD_OUT_AND_ERR
+                                         | GNUNET_OS_USE_PIPE_CONTROL,
+                                         NULL,
+                                         NULL,
+                                         NULL,
+                                         binary,
+                                         "gnunet-service-arm",
+                                         "-c",
+                                         cfgname,
+                                         NULL);
+  GNUNET_assert (GNUNET_OK == GNUNET_CONFIGURATION_load (p->cfg, cfgname));
+  p->ats = GNUNET_ATS_connectivity_init (p->cfg);
+  GNUNET_assert (NULL != p->ats);
+  p->ghh = GNUNET_TRANSPORT_hello_get (p->cfg,
+                                       GNUNET_TRANSPORT_AC_ANY,
+                                       &process_hello,
+                                       p);
+  GNUNET_free (binary);
+}
+
+
+static void
+run (void *cls,
+     char *const *args,
+     const char *cfgfile,
+     const struct GNUNET_CONFIGURATION_Handle *cfg)
+{
+  struct GNUNET_MQ_MessageHandler handlers[] =
+  { GNUNET_MQ_hd_fixed_size (test, MTYPE, struct GNUNET_MessageHeader, NULL),
+    GNUNET_MQ_handler_end () };
+
+  GNUNET_assert (ok == 1);
+  OKPP;
+  setup_peer (&p1, "test_core_api_peer1.conf");
+  setup_peer (&p2, "test_core_api_peer2.conf");
+  err_task = GNUNET_SCHEDULER_add_delayed (
+    GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 300),
+    &terminate_task_error,
+    NULL);
+  p1.ch = GNUNET_CORE_connect (p1.cfg,
+                               &p1,
+                               &init_notify,
+                               &connect_notify,
+                               &disconnect_notify,
+                               handlers);
+}
+
+
+static void
+stop_arm (struct PeerContext *p)
+{
+  if (0 != GNUNET_OS_process_kill (p->arm_proc, GNUNET_TERM_SIG))
+    GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "kill");
+  if (GNUNET_OK != GNUNET_OS_process_wait (p->arm_proc))
+    GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "waitpid");
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "ARM process %u stopped\n",
+              GNUNET_OS_process_get_pid (p->arm_proc));
+  GNUNET_OS_process_destroy (p->arm_proc);
+  p->arm_proc = NULL;
+  GNUNET_CONFIGURATION_destroy (p->cfg);
+}
+
+
+int
+main (int argc, char *argv1[])
+{
+  char *const argv[] = { "test-core-api", "-c", "test_core_api_data.conf",
+                         NULL };
+  struct GNUNET_GETOPT_CommandLineOption options[] =
+  { GNUNET_GETOPT_OPTION_END };
+
+  ok = 1;
+  GNUNET_log_setup ("test-core-api", "WARNING", NULL);
+  GNUNET_PROGRAM_run ((sizeof(argv) / sizeof(char *)) - 1,
+                      argv,
+                      "test-core-api",
+                      "nohelp",
+                      options,
+                      &run,
+                      &ok);
+  stop_arm (&p1);
+  stop_arm (&p2);
+  GNUNET_DISK_purge_cfg_dir 
+      ("test_core_api_peer1.conf", 
+       "GNUNET_TEST_HOME");
+  GNUNET_DISK_purge_cfg_dir 
+      ("test_core_api_peer2.conf", 
+       "GNUNET_TEST_HOME");
+
+  return ok;
+}
+
+
+/* end of test_core_api.c */
diff --git a/src/service/core/test_core_api_data.conf b/src/service/core/test_core_api_data.conf
new file mode 100644
index 000000000..420849ba9
--- /dev/null
+++ b/src/service/core/test_core_api_data.conf
@@ -0,0 +1,11 @@
+@INLINE@ test_core_defaults.conf
+[PATHS]
+
+[ats]
+WAN_QUOTA_IN = 64 kiB
+WAN_QUOTA_OUT = 64 kiB
+
+[core]
+PORT = 52092
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-core.sock
+
diff --git a/src/service/core/test_core_api_peer1.conf b/src/service/core/test_core_api_peer1.conf
new file mode 100644
index 000000000..c3e8fb86c
--- /dev/null
+++ b/src/service/core/test_core_api_peer1.conf
@@ -0,0 +1,38 @@
+@INLINE@ test_core_defaults.conf
+[PATHS]
+GNUNET_TEST_HOME = $GNUNET_TMP/test-gnunet-core-peer-1/
+
+[arm]
+PORT = 12460
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-p1-service-arm.sock
+
+[statistics]
+PORT = 12461
+
+[resolver]
+PORT = 12462
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-p1-service-resolver.sock
+
+[peerstore]
+PORT = 12463
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-p1-service-peerstore.sock
+
+[transport]
+PORT = 12464
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-p1-service-transport.sock
+
+[core]
+PORT = 12475
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-p1-service-core.sock
+
+[communicator-tcp]
+PORT = 12467
+
+[communicator-udp]
+PORT = 12468
+
+[transport-unix]
+PORT = 12469
+
+[transport-http]
+PORT = 12470
diff --git a/src/service/core/test_core_api_peer2.conf b/src/service/core/test_core_api_peer2.conf
new file mode 100644
index 000000000..7cea78ae4
--- /dev/null
+++ b/src/service/core/test_core_api_peer2.conf
@@ -0,0 +1,39 @@
+@INLINE@ test_core_defaults.conf
+[PATHS]
+GNUNET_TEST_HOME = $GNUNET_TMP/test-gnunet-core-peer-2/
+
+[arm]
+PORT = 22460
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-p2-service-arm.sock
+
+[statistics]
+PORT = 22461
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-p2-service-statistics.sock
+
+[resolver]
+PORT = 22462
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-p2-service-resolver.sock
+
+[peerstore]
+PORT = 22463
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-p2-service-peerstore.sock
+
+[transport]
+PORT = 22464
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-p2-service-transport.sock
+
+[core]
+PORT = 22475
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-p2-service-core.sock
+
+[communicator-tcp]
+PORT = 22467
+
+[communicator-udp]
+PORT = 22468
+
+[transport-unix]
+PORT = 22469
+
+[transport-http]
+PORT = 22470
diff --git a/src/service/core/test_core_api_reliability.c b/src/service/core/test_core_api_reliability.c
new file mode 100644
index 000000000..d4b55a6b8
--- /dev/null
+++ b/src/service/core/test_core_api_reliability.c
@@ -0,0 +1,537 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2009, 2010, 2015, 2016 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+/**
+ * @file core/test_core_api_reliability.c
+ * @brief testcase for core_api.c focusing on reliable transmission (with TCP)
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "gnunet_arm_service.h"
+#include "gnunet_core_service.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_ats_service.h"
+#include "gnunet_transport_service.h"
+#include "gnunet_transport_hello_service.h"
+#include <gauger.h>
+
+/**
+ * Note that this value must not significantly exceed
+ * 'MAX_PENDING' in 'gnunet-service-transport.c', otherwise
+ * messages may be dropped even for a reliable transport.
+ */
+#define TOTAL_MSGS (600 * 10)
+
+/**
+ * How long until we give up on transmitting the message?
+ */
+#define TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 600)
+
+#define MTYPE 12345
+
+
+static unsigned long long total_bytes;
+
+static struct GNUNET_TIME_Absolute start_time;
+
+static struct GNUNET_SCHEDULER_Task *err_task;
+
+
+struct PeerContext
+{
+  struct GNUNET_CONFIGURATION_Handle *cfg;
+  struct GNUNET_CORE_Handle *ch;
+  struct GNUNET_MQ_Handle *mq;
+  struct GNUNET_PeerIdentity id;
+  struct GNUNET_TRANSPORT_OfferHelloHandle *oh;
+  struct GNUNET_MessageHeader *hello;
+  struct GNUNET_TRANSPORT_HelloGetHandle *ghh;
+  struct GNUNET_ATS_ConnectivityHandle *ats;
+  struct GNUNET_ATS_ConnectivitySuggestHandle *ats_sh;
+  int connect_status;
+  struct GNUNET_OS_Process *arm_proc;
+};
+
+static struct PeerContext p1;
+
+static struct PeerContext p2;
+
+static int ok;
+
+static int32_t tr_n;
+
+
+#define OKPP do { ok++; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, \
+                                    "Now at stage %u at %s:%u\n", ok, __FILE__, \
+                                    __LINE__); } while (0)
+
+struct TestMessage
+{
+  struct GNUNET_MessageHeader header;
+  uint32_t num GNUNET_PACKED;
+};
+
+
+static unsigned int
+get_size (unsigned int iter)
+{
+  unsigned int ret;
+
+  if (iter < 60000)
+    return iter + sizeof(struct TestMessage);
+  ret = (iter * iter * iter);
+  return sizeof(struct TestMessage) + (ret % 60000);
+}
+
+
+static void
+terminate_peer (struct PeerContext *p)
+{
+  if (NULL != p->ch)
+  {
+    GNUNET_CORE_disconnect (p->ch);
+    p->ch = NULL;
+  }
+  if (NULL != p->ghh)
+  {
+    GNUNET_TRANSPORT_hello_get_cancel (p->ghh);
+    p->ghh = NULL;
+  }
+  if (NULL != p->oh)
+  {
+    GNUNET_TRANSPORT_offer_hello_cancel (p->oh);
+    p->oh = NULL;
+  }
+  if (NULL != p->ats_sh)
+  {
+    GNUNET_ATS_connectivity_suggest_cancel (p->ats_sh);
+    p->ats_sh = NULL;
+  }
+  if (NULL != p->ats)
+  {
+    GNUNET_ATS_connectivity_done (p->ats);
+    p->ats = NULL;
+  }
+}
+
+
+static void
+terminate_task_error (void *cls)
+{
+  err_task = NULL;
+  GNUNET_break (0);
+  GNUNET_SCHEDULER_shutdown ();
+  ok = 42;
+}
+
+
+static void
+do_shutdown (void *cls)
+{
+  unsigned long long delta;
+
+  delta = GNUNET_TIME_absolute_get_duration (start_time).rel_value_us;
+  if (0 == delta)
+    delta = 1;
+  fprintf (stderr,
+           "\nThroughput was %llu kb/s\n",
+           total_bytes * 1000000LL / 1024 / delta);
+  GAUGER ("CORE",
+          "Core throughput/s",
+          total_bytes * 1000000LL / 1024 / delta,
+          "kb/s");
+  if (NULL != err_task)
+  {
+    GNUNET_SCHEDULER_cancel (err_task);
+    err_task = NULL;
+  }
+  terminate_peer (&p1);
+  terminate_peer (&p2);
+}
+
+
+static void
+send_message (struct GNUNET_MQ_Handle *mq,
+              int32_t num)
+{
+  struct GNUNET_MQ_Envelope *env;
+  struct TestMessage *hdr;
+  unsigned int s;
+
+  GNUNET_assert (NULL != mq);
+  GNUNET_assert (tr_n < TOTAL_MSGS);
+  s = get_size (tr_n);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Sending message %u of size %u\n",
+              tr_n,
+              s);
+  env = GNUNET_MQ_msg_extra (hdr,
+                             s - sizeof(struct TestMessage),
+                             MTYPE);
+  hdr->num = htonl (tr_n);
+  memset (&hdr[1],
+          tr_n,
+          s - sizeof(struct TestMessage));
+  tr_n++;
+  GNUNET_SCHEDULER_cancel (err_task);
+  err_task =
+    GNUNET_SCHEDULER_add_delayed (TIMEOUT,
+                                  &terminate_task_error,
+                                  NULL);
+  total_bytes += s;
+  GNUNET_MQ_send (mq,
+                  env);
+}
+
+
+static void *
+connect_notify (void *cls,
+                const struct GNUNET_PeerIdentity *peer,
+                struct GNUNET_MQ_Handle *mq)
+{
+  struct PeerContext *pc = cls;
+
+  if (0 == memcmp (&pc->id,
+                   peer,
+                   sizeof(struct GNUNET_PeerIdentity)))
+    return (void *) peer;
+  pc->mq = mq;
+  GNUNET_assert (0 == pc->connect_status);
+  pc->connect_status = 1;
+  if (pc == &p1)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Encrypted connection established to peer `%s'\n",
+                GNUNET_i2s (peer));
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Asking core (1) for transmission to peer `%s'\n",
+                GNUNET_i2s (&p2.id));
+    GNUNET_SCHEDULER_cancel (err_task);
+    err_task =
+      GNUNET_SCHEDULER_add_delayed (TIMEOUT,
+                                    &terminate_task_error,
+                                    NULL);
+    start_time = GNUNET_TIME_absolute_get ();
+    send_message (mq,
+                  0);
+  }
+  return (void *) peer;
+}
+
+
+static void
+disconnect_notify (void *cls,
+                   const struct GNUNET_PeerIdentity *peer,
+                   void *internal_cls)
+{
+  struct PeerContext *pc = cls;
+
+  if (0 == memcmp (&pc->id,
+                   peer,
+                   sizeof(struct GNUNET_PeerIdentity)))
+    return;
+  pc->mq = NULL;
+  pc->connect_status = 0;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Encrypted connection to `%s' cut\n",
+              GNUNET_i2s (peer));
+}
+
+
+static int
+check_test (void *cls,
+            const struct TestMessage *hdr)
+{
+  return GNUNET_OK; /* accept all */
+}
+
+
+static void
+handle_test (void *cls,
+             const struct TestMessage *hdr)
+{
+  static int n;
+  unsigned int s;
+
+  s = get_size (n);
+  if (ntohs (hdr->header.size) != s)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Expected message %u of size %u, got %u bytes of message %u\n",
+                n,
+                s,
+                ntohs (hdr->header.size),
+                ntohl (hdr->num));
+    GNUNET_SCHEDULER_cancel (err_task);
+    err_task = GNUNET_SCHEDULER_add_now (&terminate_task_error,
+                                         NULL);
+    return;
+  }
+  if (ntohl (hdr->num) != n)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Expected message %u of size %u, got %u bytes of message %u\n",
+                n,
+                s,
+                (unsigned int) ntohs (hdr->header.size),
+                (unsigned int) ntohl (hdr->num));
+    GNUNET_SCHEDULER_cancel (err_task);
+    err_task = GNUNET_SCHEDULER_add_now (&terminate_task_error,
+                                         NULL);
+    return;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Got message %u of size %u\n",
+              (unsigned int) ntohl (hdr->num),
+              (unsigned int) ntohs (hdr->header.size));
+  n++;
+  if (0 == (n % (TOTAL_MSGS / 100)))
+    fprintf (stderr,
+             "%s",
+             ".");
+  if (n == TOTAL_MSGS)
+  {
+    ok = 0;
+    GNUNET_SCHEDULER_shutdown ();
+  }
+  else
+  {
+    if (n == tr_n)
+    {
+      send_message (p1.mq,
+                    tr_n);
+    }
+  }
+}
+
+
+static void
+init_notify (void *cls,
+             const struct GNUNET_PeerIdentity *my_identity)
+{
+  struct PeerContext *p = cls;
+  struct GNUNET_MQ_MessageHandler handlers[] = {
+    GNUNET_MQ_hd_var_size (test,
+                           MTYPE,
+                           struct TestMessage,
+                           NULL),
+    GNUNET_MQ_handler_end ()
+  };
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Connection to CORE service of `%s' established\n",
+              GNUNET_i2s (my_identity));
+  p->id = *my_identity;
+  if (cls == &p1)
+  {
+    GNUNET_assert (ok == 2);
+    OKPP;
+    /* connect p2 */
+    GNUNET_assert (NULL !=
+                   (p2.ch = GNUNET_CORE_connect (p2.cfg,
+                                                 &p2,
+                                                 &init_notify,
+                                                 &connect_notify,
+                                                 &disconnect_notify,
+                                                 handlers)));
+  }
+  else
+  {
+    GNUNET_assert (ok == 3);
+    OKPP;
+    GNUNET_assert (cls == &p2);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Asking transport (1) to connect to peer `%s'\n",
+                GNUNET_i2s (&p2.id));
+    p1.ats_sh = GNUNET_ATS_connectivity_suggest (p1.ats,
+                                                 &p2.id,
+                                                 1);
+  }
+}
+
+
+static void
+offer_hello_done (void *cls)
+{
+  struct PeerContext *p = cls;
+
+  p->oh = NULL;
+}
+
+
+static void
+process_hello (void *cls,
+               const struct GNUNET_MessageHeader *message)
+{
+  struct PeerContext *p = cls;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Received (my) `%s' from transport service\n", "HELLO");
+  GNUNET_assert (message != NULL);
+  GNUNET_free (p->hello);
+  p->hello = GNUNET_copy_message (message);
+  if ((p == &p1) && (NULL == p2.oh))
+    p2.oh = GNUNET_TRANSPORT_offer_hello (p2.cfg,
+                                          message,
+                                          &offer_hello_done,
+                                          &p2);
+  if ((p == &p2) && (NULL == p1.oh))
+    p1.oh = GNUNET_TRANSPORT_offer_hello (p1.cfg,
+                                          message,
+                                          &offer_hello_done,
+                                          &p1);
+
+  if ((p == &p1) && (p2.hello != NULL) && (NULL == p1.oh))
+    p1.oh = GNUNET_TRANSPORT_offer_hello (p1.cfg,
+                                          p2.hello,
+                                          &offer_hello_done,
+                                          &p1);
+  if ((p == &p2) && (p1.hello != NULL) && (NULL == p2.oh))
+    p2.oh = GNUNET_TRANSPORT_offer_hello (p2.cfg,
+                                          p1.hello,
+                                          &offer_hello_done,
+                                          &p2);
+}
+
+
+static void
+setup_peer (struct PeerContext *p,
+            const char *cfgname)
+{
+  char *binary;
+
+  binary = GNUNET_OS_get_libexec_binary_path ("gnunet-service-arm");
+  p->cfg = GNUNET_CONFIGURATION_create ();
+  p->arm_proc
+    = GNUNET_OS_start_process (GNUNET_OS_INHERIT_STD_OUT_AND_ERR
+                               | GNUNET_OS_USE_PIPE_CONTROL,
+                               NULL, NULL, NULL,
+                               binary,
+                               "gnunet-service-arm",
+                               "-c",
+                               cfgname,
+                               NULL);
+  GNUNET_assert (GNUNET_OK ==
+                 GNUNET_CONFIGURATION_load (p->cfg,
+                                            cfgname));
+  p->ats = GNUNET_ATS_connectivity_init (p->cfg);
+  GNUNET_assert (NULL != p->ats);
+  p->ghh = GNUNET_TRANSPORT_hello_get (p->cfg,
+                                       GNUNET_TRANSPORT_AC_ANY,
+                                       &process_hello,
+                                       p);
+  GNUNET_free (binary);
+}
+
+
+static void
+run (void *cls,
+     char *const *args,
+     const char *cfgfile,
+     const struct GNUNET_CONFIGURATION_Handle *cfg)
+{
+  struct GNUNET_MQ_MessageHandler handlers[] = {
+    GNUNET_MQ_hd_fixed_size (test,
+                             MTYPE,
+                             struct TestMessage,
+                             NULL),
+    GNUNET_MQ_handler_end ()
+  };
+
+  GNUNET_assert (ok == 1);
+  OKPP;
+  setup_peer (&p1,
+              "test_core_api_peer1.conf");
+  setup_peer (&p2,
+              "test_core_api_peer2.conf");
+  err_task =
+    GNUNET_SCHEDULER_add_delayed (TIMEOUT,
+                                  &terminate_task_error,
+                                  NULL);
+  GNUNET_SCHEDULER_add_shutdown (&do_shutdown,
+                                 NULL);
+
+  GNUNET_assert (NULL !=
+                 (p1.ch = GNUNET_CORE_connect (p1.cfg,
+                                               &p1,
+                                               &init_notify,
+                                               &connect_notify,
+                                               &disconnect_notify,
+                                               handlers)));
+}
+
+
+static void
+stop_arm (struct PeerContext *p)
+{
+  if (0 != GNUNET_OS_process_kill (p->arm_proc,
+                                   GNUNET_TERM_SIG))
+    GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
+                         "kill");
+  if (GNUNET_OK != GNUNET_OS_process_wait (p->arm_proc))
+    GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
+                         "waitpid");
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "ARM process %u stopped\n",
+              GNUNET_OS_process_get_pid (p->arm_proc));
+  GNUNET_OS_process_destroy (p->arm_proc);
+  p->arm_proc = NULL;
+  GNUNET_CONFIGURATION_destroy (p->cfg);
+}
+
+
+int
+main (int argc,
+      char *argv1[])
+{
+  char *const argv[] = {
+    "test-core-api-reliability",
+    "-c",
+    "test_core_api_data.conf",
+    NULL
+  };
+  struct GNUNET_GETOPT_CommandLineOption options[] = {
+    GNUNET_GETOPT_OPTION_END
+  };
+
+  ok = 1;
+  GNUNET_log_setup ("test-core-api-reliability",
+                    "WARNING",
+                    NULL);
+  GNUNET_PROGRAM_run ((sizeof(argv) / sizeof(char *)) - 1,
+                      argv,
+                      "test-core-api-reliability",
+                      "nohelp",
+                      options,
+                      &run,
+                      &ok);
+  stop_arm (&p1);
+  stop_arm (&p2);
+  GNUNET_free (p1.hello);
+  GNUNET_free (p2.hello);
+  GNUNET_DISK_purge_cfg_dir ("test_core_api_peer1.conf",
+                             "GNUNET_TEST_HOME");
+  GNUNET_DISK_purge_cfg_dir ("test_core_api_peer2.conf",
+                             "GNUNET_TEST_HOME");
+
+  return ok;
+}
+
+
+/* end of test_core_api_reliability.c */
diff --git a/src/service/core/test_core_api_send_to_self.c b/src/service/core/test_core_api_send_to_self.c
new file mode 100644
index 000000000..c2e39cd26
--- /dev/null
+++ b/src/service/core/test_core_api_send_to_self.c
@@ -0,0 +1,195 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2010, 2016 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+
+/**
+ * @file core/test_core_api_send_to_self.c
+ * @brief test that sending a message to ourselves via CORE works
+ * @author Philipp Toelke
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_testing_lib.h"
+#include "gnunet_protocols.h"
+#include "gnunet_core_service.h"
+#include "gnunet_constants.h"
+
+/**
+ * Final status code.
+ */
+static int ret;
+
+/**
+ * Handle to the cleanup task.
+ */
+static struct GNUNET_SCHEDULER_Task *die_task;
+
+/**
+ * Identity of this peer.
+ */
+static struct GNUNET_PeerIdentity myself;
+
+/**
+ * The handle to core
+ */
+static struct GNUNET_CORE_Handle *core;
+
+
+/**
+ * Function scheduled as very last function, cleans up after us
+ */
+static void
+cleanup (void *cls)
+{
+  if (NULL != die_task)
+  {
+    GNUNET_SCHEDULER_cancel (die_task);
+    die_task = NULL;
+  }
+  if (NULL != core)
+  {
+    GNUNET_CORE_disconnect (core);
+    core = NULL;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Ending test.\n");
+}
+
+
+/**
+ * Function scheduled as very last function, cleans up after us
+ */
+static void
+do_timeout (void *cls)
+{
+  GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+              "Test timeout.\n");
+  die_task = NULL;
+  GNUNET_SCHEDULER_shutdown ();
+}
+
+
+static void
+handle_test (void *cls,
+             const struct GNUNET_MessageHeader *message)
+{
+  GNUNET_SCHEDULER_shutdown ();
+  ret = 0;
+}
+
+
+static void
+init (void *cls,
+      const struct GNUNET_PeerIdentity *my_identity)
+{
+  if (NULL == my_identity)
+  {
+    GNUNET_break (0);
+    return;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Correctly connected to CORE; we are the peer %s.\n",
+              GNUNET_i2s (my_identity));
+  GNUNET_memcpy (&myself,
+                 my_identity,
+                 sizeof(struct GNUNET_PeerIdentity));
+}
+
+
+static void *
+connect_cb (void *cls,
+            const struct GNUNET_PeerIdentity *peer,
+            struct GNUNET_MQ_Handle *mq)
+{
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Connected to peer %s.\n",
+              GNUNET_i2s (peer));
+  if (0 == memcmp (peer,
+                   &myself,
+                   sizeof(struct GNUNET_PeerIdentity)))
+  {
+    struct GNUNET_MQ_Envelope *env;
+    struct GNUNET_MessageHeader *msg;
+
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Connected to myself; sending message!\n");
+    env = GNUNET_MQ_msg (msg,
+                         GNUNET_MESSAGE_TYPE_DUMMY);
+    GNUNET_MQ_send (mq,
+                    env);
+  }
+  return NULL;
+}
+
+
+/**
+ * Main function that will be run by the scheduler.
+ *
+ * @param cls closure
+ * @param cfg configuration
+ */
+static void
+run (void *cls,
+     const struct GNUNET_CONFIGURATION_Handle *cfg,
+     struct GNUNET_TESTING_Peer *peer)
+{
+  struct GNUNET_MQ_MessageHandler handlers[] = {
+    GNUNET_MQ_hd_fixed_size (test,
+                             GNUNET_MESSAGE_TYPE_DUMMY,
+                             struct GNUNET_MessageHeader,
+                             NULL),
+    GNUNET_MQ_handler_end ()
+  };
+
+  core =
+    GNUNET_CORE_connect (cfg,
+                         NULL,
+                         &init,
+                         &connect_cb,
+                         NULL,
+                         handlers);
+  GNUNET_SCHEDULER_add_shutdown (&cleanup,
+                                 NULL);
+  die_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_MINUTES,
+                                           &do_timeout,
+                                           NULL);
+}
+
+
+/**
+ * The main function to test sending a message to the local peer via core
+ *
+ * @param argc number of arguments from the command line
+ * @param argv command line arguments
+ * @return 0 ok, 1 on error
+ */
+int
+main (int argc, char *argv[])
+{
+  ret = 1;
+  if (0 != GNUNET_TESTING_peer_run ("test-core-api-send-to-self",
+                                    "test_core_api_peer1.conf",
+                                    &run, NULL))
+    return 1;
+  return ret;
+}
+
+
+/* end of test_core_api_send_to_self.c */
diff --git a/src/service/core/test_core_api_send_to_self.conf b/src/service/core/test_core_api_send_to_self.conf
new file mode 100644
index 000000000..fe8e69999
--- /dev/null
+++ b/src/service/core/test_core_api_send_to_self.conf
@@ -0,0 +1,19 @@
+@INLINE@ test_core_defaults.conf
+[PATHS]
+GNUNET_TEST_HOME = $GNUNET_TMP/test-core-api-send-to-self/
+
+[ats]
+WAN_QUOTA_IN = 104857600
+WAN_QUOTA_OUT = 104757600
+
+[test-sts]
+IMMEDIATE_START = YES
+PORT = 59252
+HOSTNAME = localhost
+BINARY = test_core_api_send_to_self
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+TOTAL_QUOTA_IN = 65536
+TOTAL_QUOTA_OUT = 65536
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-sts.sock
+
diff --git a/src/service/core/test_core_api_start_only.c b/src/service/core/test_core_api_start_only.c
new file mode 100644
index 000000000..e50d3b2ec
--- /dev/null
+++ b/src/service/core/test_core_api_start_only.c
@@ -0,0 +1,258 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2009, 2016 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+/**
+ * @file transport/test_core_api_start_only.c
+ * @brief testcase for core_api.c that only starts two peers,
+ *        connects to the core service and shuts down again
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "gnunet_arm_service.h"
+#include "gnunet_core_service.h"
+#include "gnunet_util_lib.h"
+
+#define TIMEOUT 5
+
+#define MTYPE 12345
+
+struct PeerContext
+{
+  struct GNUNET_CONFIGURATION_Handle *cfg;
+  struct GNUNET_CORE_Handle *ch;
+  struct GNUNET_PeerIdentity id;
+  struct GNUNET_OS_Process *arm_proc;
+};
+
+static struct PeerContext p1;
+
+static struct PeerContext p2;
+
+static struct GNUNET_SCHEDULER_Task *timeout_task_id;
+
+static int ok;
+
+
+static void *
+connect_notify (void *cls,
+                const struct GNUNET_PeerIdentity *peer,
+                struct GNUNET_MQ_Handle *mq)
+{
+  return NULL;
+}
+
+
+static void
+disconnect_notify (void *cls,
+                   const struct GNUNET_PeerIdentity *peer,
+                   void *internal_cls)
+{
+}
+
+
+static struct GNUNET_MQ_MessageHandler handlers[] = {
+  GNUNET_MQ_handler_end ()
+};
+
+
+static void
+shutdown_task (void *cls)
+{
+  GNUNET_CORE_disconnect (p1.ch);
+  p1.ch = NULL;
+  GNUNET_CORE_disconnect (p2.ch);
+  p2.ch = NULL;
+  ok = 0;
+}
+
+
+static void
+init_notify (void *cls,
+             const struct GNUNET_PeerIdentity *my_identity)
+{
+  struct PeerContext *p = cls;
+
+  if (p == &p1)
+  {
+    /* connect p2 */
+    p2.ch = GNUNET_CORE_connect (p2.cfg,
+                                 &p2,
+                                 &init_notify,
+                                 &connect_notify,
+                                 &disconnect_notify,
+                                 handlers);
+  }
+  else
+  {
+    GNUNET_assert (p == &p2);
+    GNUNET_SCHEDULER_cancel (timeout_task_id);
+    timeout_task_id = NULL;
+    GNUNET_SCHEDULER_add_now (&shutdown_task,
+                              NULL);
+  }
+}
+
+
+static void
+setup_peer (struct PeerContext *p,
+            const char *cfgname)
+{
+  char *binary;
+
+  binary = GNUNET_OS_get_libexec_binary_path ("gnunet-service-arm");
+  p->cfg = GNUNET_CONFIGURATION_create ();
+  p->arm_proc =
+    GNUNET_OS_start_process (GNUNET_OS_INHERIT_STD_OUT_AND_ERR
+                             | GNUNET_OS_USE_PIPE_CONTROL,
+                             NULL, NULL, NULL,
+                             binary,
+                             "gnunet-service-arm",
+                             "-c", cfgname,
+                             NULL);
+  GNUNET_assert (GNUNET_OK ==
+                 GNUNET_CONFIGURATION_load (p->cfg,
+                                            cfgname));
+  GNUNET_free (binary);
+}
+
+
+static void
+timeout_task (void *cls)
+{
+  fprintf (stderr,
+           "%s",
+           "Timeout.\n");
+  if (NULL != p1.ch)
+  {
+    GNUNET_CORE_disconnect (p1.ch);
+    p1.ch = NULL;
+  }
+  if (NULL != p2.ch)
+  {
+    GNUNET_CORE_disconnect (p2.ch);
+    p2.ch = NULL;
+  }
+  ok = 42;
+}
+
+
+static void
+run (void *cls,
+     char *const *args,
+     const char *cfgfile,
+     const struct GNUNET_CONFIGURATION_Handle *cfg)
+{
+  GNUNET_assert (ok == 1);
+  ok++;
+  setup_peer (&p1, "test_core_api_peer1.conf");
+  setup_peer (&p2, "test_core_api_peer2.conf");
+  timeout_task_id =
+    GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply
+                                    (GNUNET_TIME_UNIT_MINUTES,
+                                    TIMEOUT),
+                                  &timeout_task,
+                                  NULL);
+  p1.ch = GNUNET_CORE_connect (p1.cfg,
+                               &p1,
+                               &init_notify,
+                               &connect_notify,
+                               &disconnect_notify,
+                               handlers);
+}
+
+
+static void
+stop_arm (struct PeerContext *p)
+{
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Stopping peer\n");
+  if (0 != GNUNET_OS_process_kill (p->arm_proc,
+                                   GNUNET_TERM_SIG))
+    GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
+                         "kill");
+  if (GNUNET_OK !=
+      GNUNET_OS_process_wait (p->arm_proc))
+    GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
+                         "waitpid");
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "ARM process %u stopped\n",
+              (unsigned int) GNUNET_OS_process_get_pid (p->arm_proc));
+  GNUNET_OS_process_destroy (p->arm_proc);
+  p->arm_proc = NULL;
+  GNUNET_CONFIGURATION_destroy (p->cfg);
+}
+
+
+static int
+check ()
+{
+  char *const argv[] = {
+    "test-core-api-start-only",
+    "-c",
+    "test_core_api_data.conf",
+    NULL
+  };
+  struct GNUNET_GETOPT_CommandLineOption options[] = {
+    GNUNET_GETOPT_OPTION_END
+  };
+  
+  GNUNET_DISK_purge_cfg_dir 
+      ("test_core_api_peer1.conf", 
+       "GNUNET_TEST_HOME");
+  GNUNET_DISK_purge_cfg_dir 
+      ("test_core_api_peer2.conf", 
+       "GNUNET_TEST_HOME");
+
+  ok = 1;
+  GNUNET_PROGRAM_run ((sizeof(argv) / sizeof(char *)) - 1,
+                      argv,
+                      "test-core-api-start-only",
+                      "nohelp",
+                      options,
+                      &run,
+                      &ok);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Test finished\n");
+  stop_arm (&p1);
+  stop_arm (&p2);
+  return ok;
+}
+
+
+int
+main (int argc,
+      char *argv[])
+{
+  int ret;
+
+  GNUNET_log_setup ("test-core-api-start-only",
+                    "WARNING",
+                    NULL);
+  ret = check ();
+  GNUNET_DISK_purge_cfg_dir 
+      ("test_core_api_peer1.conf", 
+       "GNUNET_TEST_HOME");
+  GNUNET_DISK_purge_cfg_dir 
+      ("test_core_api_peer2.conf", 
+       "GNUNET_TEST_HOME");
+  return ret;
+}
+
+
+/* end of test_core_api_start_only.c */
diff --git a/src/service/core/test_core_defaults.conf b/src/service/core/test_core_defaults.conf
new file mode 100644
index 000000000..b098b7d63
--- /dev/null
+++ b/src/service/core/test_core_defaults.conf
@@ -0,0 +1,22 @@
+@INLINE@ ../../../contrib/conf/gnunet/no_forcestart.conf
+@INLINE@ ../../../contrib/conf/gnunet/no_autostart_above_core.conf
+
+[PATHS]
+GNUNET_TEST_HOME = $GNUNET_TMP/test-gnunet-core/
+
+[nat]
+ENABLE_UPNP = NO
+
+[ats]
+WAN_QUOTA_IN = 1 GB
+WAN_QUOTA_OUT = 1 GB
+
+[communicator-tcp]
+BINDTO = 127.0.0.1
+
+[communicator-udp]
+BROADCAST = NO
+
+[peerinfo]
+NO_IO = YES
+
diff --git a/src/service/core/test_core_just_run.conf b/src/service/core/test_core_just_run.conf
new file mode 100644
index 000000000..b7d22f102
--- /dev/null
+++ b/src/service/core/test_core_just_run.conf
@@ -0,0 +1,55 @@
+@INLINE@ ../transport/template_tng_cfg_peer1.conf
+[PATHS]
+GNUNET_TEST_HOME = $GNUNET_TMP/test-transport/api-tcp-p1/
+
+[transport]
+BINARY = gnunet-service-transport
+#PREFIX = valgrind --leak-check=full --track-origins=yes --trace-children=yes --log-file=$GNUNET_TEST_HOME/vg_peer1-%p 
+UNIXPATH = $GNUNET_RUNTIME_DIR/tng-p1.sock
+
+[PEER]
+PRIVATE_KEY = $GNUNET_RUNTIME_DIR/private.key
+
+[communicator-tcp]
+BINARY = gnunet-communicator-tcp
+BINDTO = 192.168.15.1:60002
+DISABLE_V6 = YES
+IMMEDIATE_START = YES
+UNIXPATH = $GNUNET_RUNTIME_DIR/tcp-comm-p1.sock
+#PREFIX = valgrind --leak-check=full --track-origins=yes --trace-children=yes --log-file=$GNUNET_TEST_HOME/vg_ctpeer1-%p
+#PREFIX = xterm -geometry 100x85 -T peer1 -e gdb --args
+
+[communicator-udp]
+#PREFIX = valgrind --leak-check=full --track-origins=yes --trace-children=yes --log-file=$GNUNET_TEST_HOME/vg_cupeer1-%p
+BINARY = gnunet-communicator-udp
+BINDTO = 192.168.15.1:60002
+DISABLE_V6 = YES
+IMMEDIATE_START = YES
+UNIXPATH = $GNUNET_RUNTIME_DIR/udp-comm-p1.sock
+
+[peerstore]
+IMMEDIATE_START = YES
+USE_INCLUDED_HELLOS = YES
+PREFIX = valgrind --leak-check=full --track-origins=yes --trace-children=yes --log-file=$GNUNET_TEST_HOME/vg_peer1-%p
+
+[topology]
+IMMEDIATE_START = YES
+PREFIX = valgrind --leak-check=full --track-origins=yes --trace-children=yes --log-file=$GNUNET_TEST_HOME/vg_peer1-transport-%p
+
+[dht]
+IMMEDIATE_START = YES
+PREFIX = valgrind --leak-check=full --track-origins=yes --trace-children=yes --log-file=$GNUNET_TEST_HOME/vg_peer1-%p
+
+[fs]
+IMMEDIATE_START = YES
+
+[hostlist]
+IMMEDIATE_START = YES
+SERVERS = http://192.168.15.1:8080/
+PREFIX = valgrind --leak-check=full --track-origins=yes --trace-children=yes --log-file=$GNUNET_TEST_HOME/vg_peer1-%p
+
+[core]
+PREFIX = valgrind --leak-check=full --track-origins=yes --trace-children=yes --log-file=$GNUNET_TEST_HOME/vg_peer1-transport-%p
+
+[cadet]
+PREFIX = valgrind --leak-check=full --track-origins=yes --trace-children=yes --log-file=$GNUNET_TEST_HOME/vg_peer1-transport-%p
diff --git a/src/service/core/test_core_just_run_host.conf b/src/service/core/test_core_just_run_host.conf
new file mode 100644
index 000000000..406b8dcc9
--- /dev/null
+++ b/src/service/core/test_core_just_run_host.conf
@@ -0,0 +1,45 @@
+@INLINE@ ../transport/template_tng_cfg_peer1.conf
+[PATHS]
+GNUNET_TEST_HOME = $GNUNET_TMP/test-transport/api-tcp-p1/
+
+[transport]
+BINARY = gnunet-service-transport
+#PREFIX = valgrind --leak-check=full --track-origins=yes --trace-children=yes --log-file=$GNUNET_TEST_HOME/vg_peer1-%p 
+UNIXPATH = $GNUNET_RUNTIME_DIR/tng-p1.sock
+
+[PEER]
+PRIVATE_KEY = $GNUNET_RUNTIME_DIR/private.key
+
+[communicator-tcp]
+BINARY = gnunet-communicator-tcp
+BINDTO = 192.168.15.1:60002
+DISABLE_V6 = YES
+IMMEDIATE_START = YES
+UNIXPATH = $GNUNET_RUNTIME_DIR/tcp-comm-p1.sock
+#PREFIX = valgrind --leak-check=full --track-origins=yes --trace-children=yes --log-file=$GNUNET_TEST_HOME/vg_ctpeer1-%p
+#PREFIX = xterm -geometry 100x85 -T peer1 -e gdb --args
+
+[communicator-udp]
+#PREFIX = valgrind --leak-check=full --track-origins=yes --trace-children=yes --log-file=$GNUNET_TEST_HOME/vg_cupeer1-%p
+BINARY = gnunet-communicator-udp
+BINDTO = 192.168.15.1:60002
+DISABLE_V6 = YES
+IMMEDIATE_START = YES
+UNIXPATH = $GNUNET_RUNTIME_DIR/udp-comm-p1.sock
+
+[peerstore]
+IMMEDIATE_START = YES
+USE_INCLUDED_HELLOS = YES
+
+[topology]
+IMMEDIATE_START = YES
+
+[dht]
+IMMEDIATE_START = YES
+
+[fs]
+IMMEDIATE_START = YES
+
+[hostlist]
+IMMEDIATE_START = YES
+OPTIONS = -p
\ No newline at end of file
diff --git a/src/service/core/test_core_plugin_cmd_just_run.c b/src/service/core/test_core_plugin_cmd_just_run.c
new file mode 100644
index 000000000..3c77c370d
--- /dev/null
+++ b/src/service/core/test_core_plugin_cmd_just_run.c
@@ -0,0 +1,391 @@
+/*
+      This file is part of GNUnet
+      Copyright (C) 2021 GNUnet e.V.
+
+      GNUnet is free software: you can redistribute it and/or modify it
+      under the terms of the GNU Affero General Public License as published
+      by the Free Software Foundation, either version 3 of the License,
+      or (at your option) any later version.
+
+      GNUnet is distributed in the hope that it will be useful, but
+      WITHOUT ANY WARRANTY; without even the implied warranty of
+      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+      Affero General Public License for more details.
+
+      You should have received a copy of the GNU Affero General Public License
+      along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+
+/**
+ * @file testbed/plugin_cmd_simple_send.c
+ * @brief a plugin to provide the API for running test cases.
+ * @author t3sserakt
+ */
+#include "platform.h"
+#include "gnunet_testing_barrier.h"
+#include "gnunet_testing_netjail_lib.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_transport_application_service.h"
+#include "gnunet_transport_core_service.h"
+#include "gnunet_testing_barrier.h"
+#include "gnunet_core_service.h"
+#include "gnunet_transport_testing_ng_lib.h"
+#include "gnunet_core_testing_lib.h"
+
+/**
+ * Generic logging shortcut
+ */
+#define LOG(kind, ...) GNUNET_log (kind, __VA_ARGS__)
+
+#define BASE_DIR "testdir"
+
+#define TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 600)
+
+#define MAX_RECEIVED 1000
+
+#define MESSAGE_SIZE 65000
+
+static struct GNUNET_TESTING_Command block_script;
+
+static struct GNUNET_TESTING_Command connect_peers;
+
+static struct GNUNET_TESTING_Command local_prepared;
+
+static struct GNUNET_TESTING_Command start_peer;
+
+static struct GNUNET_TESTING_Interpreter *is;
+
+struct TestState
+{
+  /**
+   * Callback to write messages to the master loop.
+   *
+   */
+  GNUNET_TESTING_cmd_helper_write_cb write_message;
+
+  /**
+   * Callback to notify the helper test case has finished.
+   */
+  GNUNET_TESTING_cmd_helper_finish_cb finished_cb;
+
+  /**
+   * The name for a specific test environment directory.
+   *
+   */
+  char *testdir;
+
+  /**
+   * The name for the configuration file of the specific node.
+   *
+   */
+  char *cfgname;
+
+  /**
+   * The complete topology information.
+   */
+  struct GNUNET_TESTING_NetjailTopology *topology;
+};
+
+struct Sender
+{
+  /**
+   * Number of received messages from sender.
+   */
+  unsigned long long num_received;
+
+  /**
+   * Sample mean time the message traveled.
+   */
+  struct GNUNET_TIME_Relative mean_time;
+
+  /**
+   * Time the first message was send.
+   */
+  struct GNUNET_TIME_Absolute time_first;
+};
+
+
+struct GNUNET_TESTING_BarrierList*
+get_waiting_for_barriers ()
+{
+  struct GNUNET_TESTING_BarrierList*barriers;
+  struct GNUNET_TESTING_BarrierListEntry *ble;
+
+  barriers = GNUNET_new (struct GNUNET_TESTING_BarrierList);
+  ble = GNUNET_new (struct GNUNET_TESTING_BarrierListEntry);
+  ble->barrier_name = "ready-to-connect";
+  ble->expected_reaches = 1;
+  GNUNET_CONTAINER_DLL_insert (barriers->head,
+                               barriers->tail,
+                               ble);
+
+  ble = GNUNET_new (struct GNUNET_TESTING_BarrierListEntry);
+  ble->barrier_name = "test-case-finished";
+  ble->expected_reaches = 1;
+  GNUNET_CONTAINER_DLL_insert (barriers->head,
+                               barriers->tail,
+                               ble);
+  return barriers;
+}
+
+
+/**
+ * Function called with the final result of the test.
+ *
+ * @param cls the `struct MainParams`
+ * @param rv #GNUNET_OK if the test passed
+ */
+static void
+handle_result (void *cls,
+               enum GNUNET_GenericReturnValue rv)
+{
+  struct TestState *ts = cls;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Local test exits with status %d\n",
+              rv);
+
+  ts->finished_cb (rv);
+  GNUNET_free (ts->testdir);
+  GNUNET_free (ts->cfgname);
+  GNUNET_TESTING_free_topology (ts->topology);
+  GNUNET_free (ts);
+}
+
+
+static void
+child_completed_callback (void *cls,
+                          enum GNUNET_OS_ProcessStatusType type,
+                          long unsigned int exit_code)
+{
+
+}
+
+
+/**
+ * Function to start a local test case.
+ *
+ * @param write_message Callback to send a message to the master loop.
+ * @param router_ip Global address of the network namespace.
+ * @param node_ip The IP address of the node.
+ * @param m The number of the node in a network namespace.
+ * @param n The number of the network namespace.
+ * @param local_m The number of nodes in a network namespace.
+ * @param topology_data A file name for the file containing the topology configuration, or a string containing
+ *        the topology configuration.
+ * @param read_file If read_file is GNUNET_YES this string is the filename for the topology configuration,
+ *        if read_file is GNUNET_NO the string contains the topology configuration.
+ * @param finish_cb Callback function which writes a message from the helper process running on a netjail
+ *                  node to the master process * signaling that the test case running on the netjail node finished.
+ * @return Returns the struct GNUNET_TESTING_Interpreter of the command loop running on this netjail node.
+ */
+static struct GNUNET_TESTING_Interpreter *
+start_testcase (GNUNET_TESTING_cmd_helper_write_cb write_message,
+                const char *router_ip,
+                const char *node_ip,
+                const char *m,
+                const char *n,
+                const char *local_m,
+                const char *topology_data,
+                unsigned int *read_file,
+                GNUNET_TESTING_cmd_helper_finish_cb finished_cb)
+{
+
+  unsigned int n_int;
+  unsigned int m_int;
+  unsigned int local_m_int;
+  unsigned int num;
+  struct TestState *ts = GNUNET_new (struct TestState);
+  struct GNUNET_TESTING_NetjailTopology *topology;
+  unsigned int sscanf_ret = 0;
+  char **argv = NULL;
+  int argc = 0;
+
+  ts->finished_cb = finished_cb;
+  LOG (GNUNET_ERROR_TYPE_ERROR,
+       "n %s m %s\n",
+       n,
+       m);
+
+  if (GNUNET_YES == *read_file)
+  {
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+         "read from file\n");
+    topology = GNUNET_TESTING_get_topo_from_file (topology_data);
+  }
+  else
+    topology = GNUNET_TESTING_get_topo_from_string (topology_data);
+
+  ts->topology = topology;
+
+  errno = 0;
+  sscanf_ret = sscanf (m, "%u", &m_int);
+  if (errno != 0)
+  {
+    GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "sscanf");
+  }
+  GNUNET_assert (0 < sscanf_ret);
+  errno = 0;
+  sscanf_ret = sscanf (n, "%u", &n_int);
+  if (errno != 0)
+  {
+    GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "sscanf");
+  }
+  GNUNET_assert (0 < sscanf_ret);
+  errno = 0;
+  sscanf_ret = sscanf (local_m, "%u", &local_m_int);
+  if (errno != 0)
+  {
+    GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "sscanf");
+  }
+  GNUNET_assert (0 < sscanf_ret);
+
+  if (0 == n_int)
+    num = m_int;
+  else
+    num = (n_int - 1) * local_m_int + m_int + topology->nodes_x;
+
+  block_script = GNUNET_TESTING_cmd_block_until_external_trigger (
+    "block-script");
+  connect_peers = GNUNET_CORE_cmd_connect_peers ("connect-peers",
+                                                      "start-peer",
+                                                      "system-create",
+                                                      num,
+                                                      topology,
+                                                      0,
+                                                 GNUNET_NO,
+                                                 NULL);
+  local_prepared = GNUNET_TESTING_cmd_local_test_prepared (
+    "local-test-prepared",
+    write_message);
+
+
+  if (1 == m_int)
+  {
+    GNUNET_asprintf (&ts->cfgname,
+                     "test_core_just_run_host.conf");
+  }
+  else
+  {
+    GNUNET_asprintf (&ts->cfgname,
+                   "test_core_just_run.conf");
+  }
+
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       "plugin cfgname: %s\n",
+       ts->cfgname);
+
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       "node ip: %s\n",
+       node_ip);
+
+  GNUNET_asprintf (&ts->testdir,
+                   "%s%s%s",
+                   BASE_DIR,
+                   m,
+                   n);
+
+  /*struct GNUNET_MQ_MessageHandler handlers[] = {
+    GNUNET_MQ_hd_fixed_size (ephemeral_key,
+                             GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY,
+                             struct EphemeralKeyMessage,
+                             NULL),
+    GNUNET_MQ_hd_fixed_size (ping,
+                             GNUNET_MESSAGE_TYPE_CORE_PING,
+                             struct PingMessage,
+                             NULL),
+    GNUNET_MQ_hd_fixed_size (pong,
+                             GNUNET_MESSAGE_TYPE_CORE_PONG,
+                             struct PongMessage,
+                             NULL),
+    GNUNET_MQ_handler_end ()
+  };*/
+
+  start_peer = GNUNET_TESTING_cmd_start_peer ("start-peer",
+                                              "system-create",
+                                              num,
+                                              node_ip,
+                                              ts->cfgname,
+                                              GNUNET_NO);
+
+  struct GNUNET_TESTING_Command commands[] = {
+    GNUNET_TESTING_cmd_system_create ("system-create",
+                                      ts->testdir),
+    start_peer,
+    GNUNET_TESTING_cmd_barrier_reached ("ready-to-connect-reached",
+                                        "ready-to-connect",
+                                        GNUNET_NO,
+                                        num,
+                                        GNUNET_NO,
+                                        write_message),
+    connect_peers,
+    GNUNET_TESTING_cmd_exec_bash_script ("script",
+                                         "block.sh",
+                                         argv,
+                                         argc,
+                                         &child_completed_callback),
+    block_script,
+    GNUNET_TESTING_cmd_barrier_reached ("test-case-finished-reached",
+                                        "test-case-finished",
+                                        GNUNET_NO,
+                                        num,
+                                        GNUNET_NO,
+                                        write_message),
+    GNUNET_TESTING_cmd_stop_peer ("stop-peer",
+                                    "start-peer"),
+    GNUNET_TESTING_cmd_system_destroy ("system-destroy",
+                                       "system-create"),
+    GNUNET_TESTING_cmd_end ()
+  };
+
+  ts->write_message = write_message;
+
+  is = GNUNET_TESTING_run (commands,
+                           TIMEOUT,
+                           &handle_result,
+                           ts);
+  return is;
+}
+
+
+/**
+ * Entry point for the plugin.
+ *
+ * @param cls NULL
+ * @return the exported block API
+ */
+void *
+libgnunet_test_core_plugin_cmd_just_run_init (void *cls)
+{
+  struct GNUNET_TESTING_PluginFunctions *api;
+
+  GNUNET_log_setup ("simple-send",
+                    "DEBUG",
+                    NULL);
+
+  api = GNUNET_new (struct GNUNET_TESTING_PluginFunctions);
+  api->start_testcase = &start_testcase;
+  api->get_waiting_for_barriers = get_waiting_for_barriers;
+  return api;
+}
+
+
+/**
+ * Exit point from the plugin.
+ *
+ * @param cls the return value from #libgnunet_test_transport_plugin_just_run_init
+ * @return NULL
+ */
+void *
+libgnunet_test_core_plugin_cmd_just_run_done (void *cls)
+{
+  struct GNUNET_TESTING_PluginFunctions *api = cls;
+
+  GNUNET_free (api);
+  return NULL;
+}
+
+
+/* end of plugin_cmd_simple_send.c */
diff --git a/src/service/core/test_core_quota_asymmetric_recv_limited_peer1.conf b/src/service/core/test_core_quota_asymmetric_recv_limited_peer1.conf
new file mode 100644
index 000000000..766a2e73b
--- /dev/null
+++ b/src/service/core/test_core_quota_asymmetric_recv_limited_peer1.conf
@@ -0,0 +1,54 @@
+@INLINE@ test_core_defaults.conf
+[PATHS]
+GNUNET_TEST_HOME = $GNUNET_TMP/test-gnunet-core-quota-asym-recv-lim-peer-1/
+
+[transport-tcp]
+PORT = 12488
+
+[arm]
+PORT = 12486
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-recv-p1-service-arm.sock
+
+[statistics]
+PORT = 12487
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-recv-p1-service-statistics.sock
+
+[resolver]
+PORT = 12484
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-recv-1-service-resolver.sock
+
+[peerinfo]
+PORT = 12489
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-recv-p1-service-peerinfo.sock
+
+[transport]
+PORT = 12485
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-recv-p1-service-transport.sock
+
+[transport-udp]
+PORT = 12489
+
+[ats]
+PORT = 12491
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-recv-p1-service-ats.sock
+# UNSPECIFIED
+UNSPECIFIED_QUOTA_IN =  100 MiB
+UNSPECIFIED_QUOTA_OUT =  100 MiB
+# LOOPBACK
+LOOPBACK_QUOTA_IN =  100 MiB
+LOOPBACK_QUOTA_OUT =  100 MiB
+# LAN
+LAN_QUOTA_IN =  100 MiB
+LAN_QUOTA_OUT =  100 MiB
+# WAN
+WAN_QUOTA_IN = 100 MiB
+WAN_QUOTA_OUT = 100 MiB
+# WLAN
+WLAN_QUOTA_IN =  100 MiB
+WLAN_QUOTA_OUT =  100 MiB
+
+
+[core]
+PORT = 12490
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-recv-p1-service-core.sock
+
diff --git a/src/service/core/test_core_quota_asymmetric_recv_limited_peer2.conf b/src/service/core/test_core_quota_asymmetric_recv_limited_peer2.conf
new file mode 100644
index 000000000..30c0bb81f
--- /dev/null
+++ b/src/service/core/test_core_quota_asymmetric_recv_limited_peer2.conf
@@ -0,0 +1,57 @@
+@INLINE@ test_core_defaults.conf
+[PATHS]
+GNUNET_TEST_HOME = $GNUNET_TMP/test-gnunet-core-quota-asym-recv-lim-peer-2/
+
+
+[arm]
+PORT = 22486
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-recv-p2-service-arm.sock
+
+[statistics]
+PORT = 22487
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-recv-p2-service-statistics.sock
+
+[resolver]
+PORT = 22484
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-recv-p2-service-resolver.sock
+
+[peerinfo]
+PORT = 22489
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-recv-p2-service-peerinfo.sock
+
+[transport]
+PORT = 22485
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-recv-p2-service-transport.sock
+
+[core]
+PORT = 22490
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-recv-p2-service-core.sock
+
+[ats]
+PORT = 22491
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-recv-p2-service-ats.sock
+# UNSPECIFIED
+UNSPECIFIED_QUOTA_IN = 10 MiB
+UNSPECIFIED_QUOTA_OUT = 10 MiB
+# LOOPBACK
+LOOPBACK_QUOTA_IN = 10 MiB
+LOOPBACK_QUOTA_OUT = 10 MiB
+# LAN
+LAN_QUOTA_IN = 10 MiB
+LAN_QUOTA_OUT = 10 MiB
+# WAN
+WAN_QUOTA_IN = 10 MiB
+WAN_QUOTA_OUT = 10 MiB
+# WLAN
+WLAN_QUOTA_IN = 10 MiB
+WLAN_QUOTA_OUT = 10 MiB
+
+[transport-tcp]
+PORT = 22467
+
+[transport-http]
+PORT = 22469
+
+[transport-tcp]
+PORT = 22468
+
diff --git a/src/service/core/test_core_quota_asymmetric_send_limit_peer1.conf b/src/service/core/test_core_quota_asymmetric_send_limit_peer1.conf
new file mode 100644
index 000000000..4a9f483d6
--- /dev/null
+++ b/src/service/core/test_core_quota_asymmetric_send_limit_peer1.conf
@@ -0,0 +1,52 @@
+@INLINE@ test_core_defaults.conf
+[PATHS]
+GNUNET_TEST_HOME = $GNUNET_TMP/test-gnunet-core-quota-asym-send-lim-peer-1/
+
+[transport-tcp]
+PORT = 12488
+
+[transport-udp]
+PORT = 12492
+
+[arm]
+PORT = 12486
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-send-p1-service-arm.sock
+
+[statistics]
+PORT = 12487
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-send-p1-service-statistics.sock
+
+[resolver]
+PORT = 12484
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-send-1-service-resolver.sock
+
+[peerinfo]
+PORT = 12489
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-send-p1-service-peerinfo.sock
+
+[transport]
+PORT = 12485
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-send-p1-service-transport.sock
+
+[ats]
+PORT = 12491
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-send-p1-service-ats.sock
+# UNSPECIFIED
+UNSPECIFIED_QUOTA_IN = 10 MiB
+UNSPECIFIED_QUOTA_OUT = 10 MiB
+# LOOPBACK
+LOOPBACK_QUOTA_IN = 10 MiB
+LOOPBACK_QUOTA_OUT = 10 MiB
+# LAN
+LAN_QUOTA_IN = 10 MiB
+LAN_QUOTA_OUT = 10 MiB
+# WAN
+WAN_QUOTA_IN = 10 MiB
+WAN_QUOTA_OUT = 10 MiB
+# WLAN
+WLAN_QUOTA_IN = 10 MiB
+WLAN_QUOTA_OUT = 10 MiB
+
+[core]
+PORT = 12490
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-send-p1-service-core.sock
diff --git a/src/service/core/test_core_quota_asymmetric_send_limit_peer2.conf b/src/service/core/test_core_quota_asymmetric_send_limit_peer2.conf
new file mode 100644
index 000000000..36434461c
--- /dev/null
+++ b/src/service/core/test_core_quota_asymmetric_send_limit_peer2.conf
@@ -0,0 +1,61 @@
+@INLINE@ test_core_defaults.conf
+[PATHS]
+GNUNET_TEST_HOME = $GNUNET_TMP/test-gnunet-core-quota-asym-send-lim-peer-2/
+
+[arm]
+PORT = 22486
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-send-p2-service-arm.sock
+
+[statistics]
+PORT = 22487
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-send-p2-service-statistics.sock
+
+[resolver]
+PORT = 22484
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-send-p2-service-resolver.sock
+
+[peerinfo]
+PORT = 22489
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-send-p2-service-peerinfo.sock
+
+[transport]
+PORT = 22485
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-send-p2-service-transport.sock
+
+[core]
+PORT = 22490
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-send-p2-service-core.sock
+
+[ats]
+PORT = 22491
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-asym-send-p2-service-ats.sock
+WAN_QUOTA_IN = 100 MiB
+WAN_QUOTA_OUT = 100 MiB
+
+[ats]
+PORT = 12471
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-core-sym-p1-service-ats.sock
+# UNSPECIFIED
+UNSPECIFIED_QUOTA_IN =  100 MiB
+UNSPECIFIED_QUOTA_OUT =  100 MiB
+# LOOPBACK
+LOOPBACK_QUOTA_IN =  100 MiB
+LOOPBACK_QUOTA_OUT =  100 MiB
+# LAN
+LAN_QUOTA_IN =  100 MiB
+LAN_QUOTA_OUT =  100 MiB
+# WAN
+WAN_QUOTA_IN = 100 MiB
+WAN_QUOTA_OUT = 100 MiB
+# WLAN
+WLAN_QUOTA_IN =  100 MiB
+WLAN_QUOTA_OUT =  100 MiB
+
+[transport-tcp]
+PORT = 22467
+
+[transport-udp]
+PORT = 22468
+
+[transport-http]
+PORT = 22469
diff --git a/src/service/core/test_core_quota_compliance.c b/src/service/core/test_core_quota_compliance.c
new file mode 100644
index 000000000..099c6fa3b
--- /dev/null
+++ b/src/service/core/test_core_quota_compliance.c
@@ -0,0 +1,788 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2009, 2010, 2015, 2016 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+/**
+ * @file core/test_core_quota_compliance.c
+ * @brief testcase for core_api.c focusing quota compliance on core level
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "gnunet_arm_service.h"
+#include "gnunet_core_service.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_ats_service.h"
+#include "gnunet_transport_service.h"
+#include "gnunet_transport_hello_service.h"
+#include "gnunet_statistics_service.h"
+
+
+#define SYMMETRIC 0
+#define ASYMMETRIC_SEND_LIMITED 1
+#define ASYMMETRIC_RECV_LIMITED 2
+
+/**
+ * Note that this value must not significantly exceed
+ * 'MAX_PENDING' in 'gnunet-service-transport.c', otherwise
+ * messages may be dropped even for a reliable transport.
+ */
+#define TOTAL_MSGS (60000 * 10)
+
+/**
+ * How long until we give up on transmitting the message?
+ */
+#define TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 300)
+
+/**
+ * What delay do we request from the core service for transmission?
+ */
+#define FAST_TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, \
+                                                    150)
+
+#define MTYPE 12345
+#define MESSAGESIZE (1024 - 8)
+#define MEASUREMENT_LENGTH GNUNET_TIME_relative_multiply ( \
+    GNUNET_TIME_UNIT_SECONDS, 30)
+
+static unsigned long long total_bytes_sent;
+static unsigned long long total_bytes_recv;
+
+static struct GNUNET_TIME_Absolute start_time;
+
+static struct GNUNET_SCHEDULER_Task *err_task;
+
+static struct GNUNET_SCHEDULER_Task *measure_task;
+
+
+struct PeerContext
+{
+  struct GNUNET_CONFIGURATION_Handle *cfg;
+  struct GNUNET_CORE_Handle *ch;
+  struct GNUNET_MQ_Handle *mq;
+  struct GNUNET_TRANSPORT_OfferHelloHandle *oh;
+  struct GNUNET_PeerIdentity id;
+  struct GNUNET_MessageHeader *hello;
+  struct GNUNET_STATISTICS_Handle *stats;
+  struct GNUNET_TRANSPORT_HelloGetHandle *ghh;
+  struct GNUNET_ATS_ConnectivityHandle *ats;
+  struct GNUNET_ATS_ConnectivitySuggestHandle *ats_sh;
+  int connect_status;
+  struct GNUNET_OS_Process *arm_proc;
+};
+
+static struct PeerContext p1;
+static struct PeerContext p2;
+
+static unsigned long long current_quota_p1_in;
+static unsigned long long current_quota_p1_out;
+static unsigned long long current_quota_p2_in;
+static unsigned long long current_quota_p2_out;
+
+static int ok;
+static int test;
+static int32_t tr_n;
+
+static int running;
+
+
+#if VERBOSE
+#define OKPP do { ok++; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, \
+                                    "Now at stage %u at %s:%u\n", ok, __FILE__, \
+                                    __LINE__); } while (0)
+#else
+#define OKPP do { ok++; } while (0)
+#endif
+
+struct TestMessage
+{
+  struct GNUNET_MessageHeader header;
+  uint32_t num GNUNET_PACKED;
+  uint8_t pad[MESSAGESIZE];
+};
+
+
+static void
+terminate_peer (struct PeerContext *p)
+{
+  if (NULL != p->ch)
+  {
+    GNUNET_CORE_disconnect (p->ch);
+    p->ch = NULL;
+  }
+  if (NULL != p->ghh)
+  {
+    GNUNET_TRANSPORT_hello_get_cancel (p->ghh);
+    p->ghh = NULL;
+  }
+  if (NULL != p->oh)
+  {
+    GNUNET_TRANSPORT_offer_hello_cancel (p->oh);
+    p->oh = NULL;
+  }
+  if (NULL != p->ats_sh)
+  {
+    GNUNET_ATS_connectivity_suggest_cancel (p->ats_sh);
+    p->ats_sh = NULL;
+  }
+  if (NULL != p->ats)
+  {
+    GNUNET_ATS_connectivity_done (p->ats);
+    p->ats = NULL;
+  }
+  if (NULL != p->stats)
+  {
+    GNUNET_STATISTICS_destroy (p->stats, GNUNET_NO);
+    p->stats = NULL;
+  }
+  if (NULL != p->hello)
+  {
+    GNUNET_free (p->hello);
+    p->hello = NULL;
+  }
+}
+
+
+static void
+shutdown_task (void *cls)
+{
+  if (NULL != err_task)
+  {
+    GNUNET_SCHEDULER_cancel (err_task);
+    err_task = NULL;
+  }
+  if (NULL != measure_task)
+  {
+    GNUNET_SCHEDULER_cancel (measure_task);
+    measure_task = NULL;
+  }
+  terminate_peer (&p1);
+  terminate_peer (&p2);
+}
+
+
+static void
+terminate_task_error (void *cls)
+{
+  err_task = NULL;
+  GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+              "Testcase failed (timeout)!\n");
+  GNUNET_SCHEDULER_shutdown ();
+  ok = 42;
+}
+
+
+/**
+ * Callback function to process statistic values.
+ *
+ * @param cls closure
+ * @param subsystem name of subsystem that created the statistic
+ * @param name the name of the datum
+ * @param value the current value
+ * @param is_persistent #GNUNET_YES if the value is persistent, #GNUNET_NO if not
+ * @return #GNUNET_OK to continue, #GNUNET_SYSERR to abort iteration
+ */
+static int
+print_stat (void *cls,
+            const char *subsystem,
+            const char *name,
+            uint64_t value,
+            int is_persistent)
+{
+  if (cls == &p1)
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Peer1 %50s = %12llu\n",
+                name,
+                (unsigned long long) value);
+  if (cls == &p2)
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Peer2 %50s = %12llu\n",
+                name,
+                (unsigned long long) value);
+  return GNUNET_OK;
+}
+
+
+static void
+measurement_stop (void *cls)
+{
+  unsigned long long delta;
+  unsigned long long throughput_out;
+  unsigned long long throughput_in;
+  unsigned long long max_quota_in;
+  unsigned long long max_quota_out;
+  unsigned long long quota_delta;
+  enum GNUNET_ErrorType kind = GNUNET_ERROR_TYPE_DEBUG;
+
+  measure_task = NULL;
+  fprintf (stdout, "%s", "\n");
+  running = GNUNET_NO;
+
+  delta = GNUNET_TIME_absolute_get_duration (start_time).rel_value_us;
+  if (0 == delta)
+    delta = 1;
+  throughput_out = total_bytes_sent * 1000000LL / delta;     /* convert to bytes/s */
+  throughput_in = total_bytes_recv * 1000000LL / delta;      /* convert to bytes/s */
+
+  max_quota_in = GNUNET_MIN (current_quota_p1_in, current_quota_p2_in);
+  max_quota_out = GNUNET_MIN (current_quota_p1_out, current_quota_p2_out);
+  if (max_quota_out < max_quota_in)
+    quota_delta = max_quota_in / 3;
+  else
+    quota_delta = max_quota_out / 3;
+
+  if ((throughput_out > (max_quota_out + quota_delta)) ||
+      (throughput_in > (max_quota_in + quota_delta)))
+    ok = 1; /* fail */
+  else
+    ok = 0; /* pass */
+  GNUNET_STATISTICS_get (p1.stats,
+                         "core",
+                         "# discarded CORE_SEND requests",
+                         NULL,
+                         &print_stat,
+                         &p1);
+  GNUNET_STATISTICS_get (p1.stats,
+                         "core",
+                         "# discarded CORE_SEND request bytes",
+                         NULL,
+                         &print_stat,
+                         &p1);
+  GNUNET_STATISTICS_get (p1.stats,
+                         "core",
+                         "# discarded lower priority CORE_SEND requests",
+                         NULL,
+                         &print_stat,
+                         NULL);
+  GNUNET_STATISTICS_get (p1.stats,
+                         "core",
+                         "# discarded lower priority CORE_SEND request bytes",
+                         NULL,
+                         &print_stat,
+                         &p1);
+  GNUNET_STATISTICS_get (p2.stats,
+                         "core",
+                         "# discarded CORE_SEND requests",
+                         NULL,
+                         &print_stat,
+                         &p2);
+
+  GNUNET_STATISTICS_get (p2.stats,
+                         "core",
+                         "# discarded CORE_SEND request bytes",
+                         NULL,
+                         &print_stat,
+                         &p2);
+  GNUNET_STATISTICS_get (p2.stats,
+                         "core",
+                         "# discarded lower priority CORE_SEND requests",
+                         NULL,
+                         &print_stat,
+                         &p2);
+  GNUNET_STATISTICS_get (p2.stats,
+                         "core",
+                         "# discarded lower priority CORE_SEND request bytes",
+                         NULL,
+                         &print_stat,
+                         &p2);
+
+  if (ok != 0)
+    kind = GNUNET_ERROR_TYPE_ERROR;
+  switch (test)
+  {
+  case SYMMETRIC:
+    GNUNET_log (kind,
+                "Core quota compliance test with symmetric quotas: %s\n",
+                (0 == ok) ? "PASSED" : "FAILED");
+    break;
+
+  case ASYMMETRIC_SEND_LIMITED:
+    GNUNET_log (kind,
+                "Core quota compliance test with limited sender quota: %s\n",
+                (0 == ok) ? "PASSED" : "FAILED");
+    break;
+
+  case ASYMMETRIC_RECV_LIMITED:
+    GNUNET_log (kind,
+                "Core quota compliance test with limited receiver quota: %s\n",
+                (0 == ok) ? "PASSED" : "FAILED");
+    break;
+  }
+  ;
+  GNUNET_log (kind,
+              "Peer 1 send  rate: %llu b/s (%llu bytes in %llu ms)\n",
+              throughput_out,
+              total_bytes_sent,
+              delta);
+  GNUNET_log (kind,
+              "Peer 1 send quota: %llu b/s\n",
+              current_quota_p1_out);
+  GNUNET_log (kind,
+              "Peer 2 receive  rate: %llu b/s (%llu bytes in %llu ms)\n",
+              throughput_in,
+              total_bytes_recv,
+              delta);
+  GNUNET_log (kind,
+              "Peer 2 receive quota: %llu b/s\n",
+              current_quota_p2_in);
+/*
+   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,"Max. inbound  quota allowed: %llu b/s\n",max_quota_in );
+   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,"Max. outbound quota allowed: %llu b/s\n",max_quota_out);
+ */
+  GNUNET_SCHEDULER_shutdown ();
+}
+
+
+static void
+do_transmit (void *cls)
+{
+  struct TestMessage *hdr;
+  struct GNUNET_MQ_Envelope *env;
+
+  env = GNUNET_MQ_msg (hdr,
+                       MTYPE);
+  hdr->num = htonl (tr_n);
+  memset (&hdr->pad,
+          tr_n,
+          MESSAGESIZE);
+  tr_n++;
+  GNUNET_SCHEDULER_cancel (err_task);
+  err_task =
+    GNUNET_SCHEDULER_add_delayed (TIMEOUT,
+                                  &terminate_task_error,
+                                  NULL);
+  total_bytes_sent += sizeof(struct TestMessage);
+  GNUNET_MQ_send (p1.mq,
+                  env);
+}
+
+
+static void *
+connect_notify (void *cls,
+                const struct GNUNET_PeerIdentity *peer,
+                struct GNUNET_MQ_Handle *mq)
+{
+  struct PeerContext *pc = cls;
+
+  if (0 == memcmp (&pc->id,
+                   peer,
+                   sizeof(struct GNUNET_PeerIdentity)))
+    return NULL;                     /* loopback */
+  GNUNET_assert (0 == pc->connect_status);
+  pc->connect_status = 1;
+  pc->mq = mq;
+  if (pc == &p1)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Encrypted connection established to peer `%s'\n",
+                GNUNET_i2s (peer));
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Asking core (1) for transmission to peer `%s'\n",
+                GNUNET_i2s (&p2.id));
+    GNUNET_SCHEDULER_cancel (err_task);
+    err_task =
+      GNUNET_SCHEDULER_add_delayed (TIMEOUT,
+                                    &terminate_task_error,
+                                    NULL);
+    start_time = GNUNET_TIME_absolute_get ();
+    running = GNUNET_YES;
+    measure_task =
+      GNUNET_SCHEDULER_add_delayed (MEASUREMENT_LENGTH,
+                                    &measurement_stop,
+                                    NULL);
+    do_transmit (NULL);
+  }
+  return pc;
+}
+
+
+static void
+disconnect_notify (void *cls,
+                   const struct GNUNET_PeerIdentity *peer,
+                   void *internal_cls)
+{
+  struct PeerContext *pc = cls;
+
+  if (NULL == internal_cls)
+    return;                     /* loopback */
+  pc->connect_status = 0;
+  pc->mq = NULL;
+  if (NULL != measure_task)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Measurement aborted due to disconnect!\n");
+    GNUNET_SCHEDULER_cancel (measure_task);
+    measure_task = NULL;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Encrypted connection to `%s' cut\n",
+              GNUNET_i2s (peer));
+}
+
+
+static void
+handle_test (void *cls,
+             const struct TestMessage *hdr)
+{
+  static int n;
+
+  total_bytes_recv += sizeof(struct TestMessage);
+  if (ntohl (hdr->num) != n)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Expected message %u, got message %u\n",
+                n,
+                ntohl (hdr->num));
+    GNUNET_SCHEDULER_cancel (err_task);
+    err_task = GNUNET_SCHEDULER_add_now (&terminate_task_error,
+                                         NULL);
+    return;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Got message %u\n",
+              ntohl (hdr->num));
+  n++;
+  if (0 == (n % 10))
+    fprintf (stderr, "%s", ".");
+
+  if (GNUNET_YES == running)
+    do_transmit (NULL);
+}
+
+
+static void
+init_notify (void *cls,
+             const struct GNUNET_PeerIdentity *my_identity)
+{
+  struct PeerContext *p = cls;
+  struct GNUNET_MQ_MessageHandler handlers[] = {
+    GNUNET_MQ_hd_fixed_size (test,
+                             MTYPE,
+                             struct TestMessage,
+                             NULL),
+    GNUNET_MQ_handler_end ()
+  };
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Connection to CORE service of `%s' established\n",
+              GNUNET_i2s (my_identity));
+  GNUNET_assert (NULL != my_identity);
+  p->id = *my_identity;
+  if (cls == &p1)
+  {
+    GNUNET_assert (ok == 2);
+    OKPP;
+    /* connect p2 */
+    p2.ch = GNUNET_CORE_connect (p2.cfg,
+                                 &p2,
+                                 &init_notify,
+                                 &connect_notify,
+                                 &disconnect_notify,
+                                 handlers);
+  }
+  else
+  {
+    GNUNET_assert (ok == 3);
+    OKPP;
+    GNUNET_assert (cls == &p2);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Asking core (1) to connect to peer `%s' and vice-versa\n",
+                GNUNET_i2s (&p2.id));
+    p1.ats_sh = GNUNET_ATS_connectivity_suggest (p1.ats,
+                                                 &p2.id,
+                                                 1);
+    p2.ats_sh = GNUNET_ATS_connectivity_suggest (p2.ats,
+                                                 &p1.id,
+                                                 1);
+  }
+}
+
+
+static void
+offer_hello_done (void *cls)
+{
+  struct PeerContext *p = cls;
+
+  p->oh = NULL;
+}
+
+
+static void
+process_hello (void *cls,
+               const struct GNUNET_MessageHeader *message)
+{
+  struct PeerContext *p = cls;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Received (my) HELLO from transport service\n");
+  GNUNET_assert (message != NULL);
+  if (NULL != p->hello) GNUNET_free (p->hello);
+  p->hello = GNUNET_malloc (ntohs (message->size));
+  GNUNET_memcpy (p->hello, message, ntohs (message->size));
+  if ((p == &p1) &&
+      (NULL == p2.oh))
+    p2.oh = GNUNET_TRANSPORT_offer_hello (p2.cfg,
+                                          message,
+                                          &offer_hello_done,
+                                          &p2);
+  if ((p == &p2) &&
+      (NULL == p1.oh))
+    p1.oh = GNUNET_TRANSPORT_offer_hello (p1.cfg, message,
+                                          &offer_hello_done,
+                                          &p1);
+
+  if ((p == &p1) &&
+      (NULL != p2.hello) &&
+      (NULL == p1.oh))
+    p1.oh = GNUNET_TRANSPORT_offer_hello (p1.cfg,
+                                          p2.hello,
+                                          &offer_hello_done,
+                                          &p1);
+  if ((p == &p2) &&
+      (NULL != p1.hello) &&
+      (NULL == p2.oh))
+    p2.oh = GNUNET_TRANSPORT_offer_hello (p2.cfg,
+                                          p1.hello,
+                                          &offer_hello_done,
+                                          &p2);
+}
+
+
+static void
+setup_peer (struct PeerContext *p,
+            const char *cfgname)
+{
+  char *binary;
+
+  binary = GNUNET_OS_get_libexec_binary_path ("gnunet-service-arm");
+  p->cfg = GNUNET_CONFIGURATION_create ();
+  p->arm_proc =
+    GNUNET_OS_start_process (GNUNET_OS_INHERIT_STD_OUT_AND_ERR
+                             | GNUNET_OS_USE_PIPE_CONTROL,
+                             NULL, NULL, NULL,
+                             binary,
+                             "gnunet-service-arm",
+                             "-c",
+                             cfgname,
+                             NULL);
+  GNUNET_assert (GNUNET_OK ==
+                 GNUNET_CONFIGURATION_load (p->cfg,
+                                            cfgname));
+  p->stats = GNUNET_STATISTICS_create ("core",
+                                       p->cfg);
+  GNUNET_assert (NULL != p->stats);
+  p->ats = GNUNET_ATS_connectivity_init (p->cfg);
+  GNUNET_assert (NULL != p->ats);
+  p->ghh = GNUNET_TRANSPORT_hello_get (p->cfg,
+                                       GNUNET_TRANSPORT_AC_ANY,
+                                       &process_hello,
+                                       p);
+  GNUNET_free (binary);
+}
+
+
+static void
+run (void *cls,
+     char *const *args,
+     const char *cfgfile,
+     const struct GNUNET_CONFIGURATION_Handle *cfg)
+{
+  struct GNUNET_MQ_MessageHandler handlers[] = {
+    GNUNET_MQ_hd_fixed_size (test,
+                             MTYPE,
+                             struct TestMessage,
+                             NULL),
+    GNUNET_MQ_handler_end ()
+  };
+
+  GNUNET_assert (ok == 1);
+  OKPP;
+  err_task =
+    GNUNET_SCHEDULER_add_delayed (TIMEOUT,
+                                  &terminate_task_error,
+                                  NULL);
+  GNUNET_SCHEDULER_add_shutdown (&shutdown_task,
+                                 NULL);
+  if (test == SYMMETRIC)
+  {
+    setup_peer (&p1,
+                "test_core_quota_peer1.conf");
+    setup_peer (&p2,
+                "test_core_quota_peer2.conf");
+  }
+  else if (test == ASYMMETRIC_SEND_LIMITED)
+  {
+    setup_peer (&p1,
+                "test_core_quota_asymmetric_send_limit_peer1.conf");
+    setup_peer (&p2,
+                "test_core_quota_asymmetric_send_limit_peer2.conf");
+  }
+  else if (test == ASYMMETRIC_RECV_LIMITED)
+  {
+    setup_peer (&p1,
+                "test_core_quota_asymmetric_recv_limited_peer1.conf");
+    setup_peer (&p2,
+                "test_core_quota_asymmetric_recv_limited_peer2.conf");
+  }
+
+  GNUNET_assert (test != -1);
+  GNUNET_assert (GNUNET_SYSERR !=
+                 GNUNET_CONFIGURATION_get_value_size (p1.cfg,
+                                                      "ATS",
+                                                      "WAN_QUOTA_IN",
+                                                      &current_quota_p1_in));
+  GNUNET_assert (GNUNET_SYSERR !=
+                 GNUNET_CONFIGURATION_get_value_size (p2.cfg,
+                                                      "ATS",
+                                                      "WAN_QUOTA_IN",
+                                                      &current_quota_p2_in));
+  GNUNET_assert (GNUNET_SYSERR !=
+                 GNUNET_CONFIGURATION_get_value_size (p1.cfg,
+                                                      "ATS",
+                                                      "WAN_QUOTA_OUT",
+                                                      &current_quota_p1_out));
+  GNUNET_assert (GNUNET_SYSERR !=
+                 GNUNET_CONFIGURATION_get_value_size (p2.cfg,
+                                                      "ATS",
+                                                      "WAN_QUOTA_OUT",
+                                                      &current_quota_p2_out));
+
+  p1.ch = GNUNET_CORE_connect (p1.cfg,
+                               &p1,
+                               &init_notify,
+                               &connect_notify,
+                               &disconnect_notify,
+                               handlers);
+}
+
+
+static void
+stop_arm (struct PeerContext *p)
+{
+  if (0 != GNUNET_OS_process_kill (p->arm_proc,
+                                   GNUNET_TERM_SIG))
+    GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
+                         "kill");
+  if (GNUNET_OK !=
+      GNUNET_OS_process_wait (p->arm_proc))
+    GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
+                         "waitpid");
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "ARM process %u stopped\n",
+              GNUNET_OS_process_get_pid (p->arm_proc));
+  GNUNET_OS_process_destroy (p->arm_proc);
+  p->arm_proc = NULL;
+  GNUNET_CONFIGURATION_destroy (p->cfg);
+}
+
+
+static int
+check ()
+{
+  char *const argv[] = {
+    "test-core-quota-compliance",
+    "-c",
+    "test_core_api_data.conf",
+    NULL
+  };
+  struct GNUNET_GETOPT_CommandLineOption options[] = {
+    GNUNET_GETOPT_OPTION_END
+  };
+
+  ok = 1;
+  GNUNET_PROGRAM_run ((sizeof(argv) / sizeof(char *)) - 1,
+                      argv,
+                      "test-core-quota-compliance",
+                      "nohelp",
+                      options,
+                      &run,
+                      &ok);
+  stop_arm (&p1);
+  stop_arm (&p2);
+  return ok;
+}
+
+
+static void
+cleanup_directory (int test)
+{
+  switch (test)
+  {
+  case SYMMETRIC:
+    GNUNET_DISK_purge_cfg_dir 
+      ("test_core_quota_peer1.conf", 
+       "GNUNET_TEST_HOME");
+    GNUNET_DISK_purge_cfg_dir 
+      ("test_core_quota_peer2.conf", 
+       "GNUNET_TEST_HOME");
+    break;
+
+  case ASYMMETRIC_SEND_LIMITED:
+    GNUNET_DISK_purge_cfg_dir 
+      ("test_core_quota_asymmetric_send_limit_peer1.conf", 
+       "GNUNET_TEST_HOME");
+    GNUNET_DISK_purge_cfg_dir 
+      ("test_core_quota_asymmetric_send_limit_peer2.conf", 
+       "GNUNET_TEST_HOME");
+    break;
+
+  case ASYMMETRIC_RECV_LIMITED:
+    GNUNET_DISK_purge_cfg_dir 
+      ("test_core_quota_asymmetric_recv_limited_peer1.conf", 
+       "GNUNET_TEST_HOME");
+    GNUNET_DISK_purge_cfg_dir 
+      ("test_core_quota_asymmetric_recv_limited_peer2.conf", 
+       "GNUNET_TEST_HOME");
+    break;
+  }
+}
+
+
+int
+main (int argc,
+      char *argv[])
+{
+  int ret;
+
+  test = -1;
+  if (NULL != strstr (argv[0],
+                      "_symmetric"))
+  {
+    test = SYMMETRIC;
+  }
+  else if (NULL != strstr (argv[0],
+                           "_asymmetric_send"))
+  {
+    test = ASYMMETRIC_SEND_LIMITED;
+  }
+  else if (NULL != strstr (argv[0],
+                           "_asymmetric_recv"))
+  {
+    test = ASYMMETRIC_RECV_LIMITED;
+  }
+  GNUNET_assert (test != -1);
+  cleanup_directory (test);
+  GNUNET_log_setup ("test-core-quota-compliance",
+                    "WARNING",
+                    NULL);
+  ret = check ();
+  cleanup_directory (test);
+  return ret;
+}
+
+
+/* end of test_core_quota_compliance.c */
diff --git a/src/service/core/test_core_quota_peer1.conf b/src/service/core/test_core_quota_peer1.conf
new file mode 100644
index 000000000..ec592f778
--- /dev/null
+++ b/src/service/core/test_core_quota_peer1.conf
@@ -0,0 +1,58 @@
+@INLINE@ test_core_defaults.conf
+[PATHS]
+GNUNET_TEST_HOME = $GNUNET_TMP/test-gnunet-core-peer-1/
+
+[arm]
+PORT = 12460
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-p1-service-arm.sock
+
+[statistics]
+PORT = 12461
+
+[resolver]
+PORT = 12462
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-p1-service-resolver.sock
+
+[peerinfo]
+PORT = 12463
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-p1-service-peerinfo.sock
+
+[transport]
+PORT = 12464
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-p1-service-transport.sock
+
+[core]
+PORT = 12475
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-p1-service-core.sock
+
+[ats]
+PORT = 12476
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-p1-service-ats.sock
+# UNSPECIFIED
+UNSPECIFIED_QUOTA_IN = 10 MiB
+UNSPECIFIED_QUOTA_OUT = 10 MiB
+# LOOPBACK
+LOOPBACK_QUOTA_IN = 10 MiB
+LOOPBACK_QUOTA_OUT = 10 MiB
+# LAN
+LAN_QUOTA_IN = 10 MiB
+LAN_QUOTA_OUT = 10 MiB
+# WAN
+WAN_QUOTA_IN = 10 MiB
+WAN_QUOTA_OUT = 10 MiB
+# WLAN
+WLAN_QUOTA_IN = 10 MiB
+WLAN_QUOTA_OUT = 10 MiB
+
+
+[transport-tcp]
+PORT = 12467
+
+[transport-udp]
+PORT = 12468
+
+[transport-unix]
+PORT = 12469
+
+[transport-http]
+PORT = 12470
diff --git a/src/service/core/test_core_quota_peer2.conf b/src/service/core/test_core_quota_peer2.conf
new file mode 100644
index 000000000..65d0710bb
--- /dev/null
+++ b/src/service/core/test_core_quota_peer2.conf
@@ -0,0 +1,59 @@
+@INLINE@ test_core_defaults.conf
+[PATHS]
+GNUNET_TEST_HOME = $GNUNET_TMP/test-gnunet-core-peer-2/
+
+[arm]
+PORT = 22460
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-p2-service-arm.sock
+
+[statistics]
+PORT = 22461
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-p2-service-statistics.sock
+
+[resolver]
+PORT = 22462
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-p2-service-resolver.sock
+
+[peerinfo]
+PORT = 22463
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-p2-service-peerinfo.sock
+
+[transport]
+PORT = 22464
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-p2-service-transport.sock
+
+[core]
+PORT = 22475
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-p2-service-core.sock
+
+[ats]
+PORT = 22476
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-p2-service-ats.sock
+# UNSPECIFIED
+UNSPECIFIED_QUOTA_IN = 10 MiB
+UNSPECIFIED_QUOTA_OUT = 10 MiB
+# LOOPBACK
+LOOPBACK_QUOTA_IN = 10 MiB
+LOOPBACK_QUOTA_OUT = 10 MiB
+# LAN
+LAN_QUOTA_IN = 10 MiB
+LAN_QUOTA_OUT = 10 MiB
+# WAN
+WAN_QUOTA_IN = 10 MiB
+WAN_QUOTA_OUT = 10 MiB
+# WLAN
+WLAN_QUOTA_IN = 10 MiB
+WLAN_QUOTA_OUT = 10 MiB
+
+
+[transport-tcp]
+PORT = 22467
+
+[transport-udp]
+PORT = 22468
+
+[transport-unix]
+PORT = 22469
+
+[transport-http]
+PORT = 22470
diff --git a/src/service/core/test_core_start_testcase.sh b/src/service/core/test_core_start_testcase.sh
new file mode 100755
index 000000000..78e67dbf5
--- /dev/null
+++ b/src/service/core/test_core_start_testcase.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+echo gaga1 > gaga.txt
+read -p "Test case configuration to use:" conf
+if ! [ -d "/run/netns" ]; then
+    echo You have to create the directory /run/netns.
+fi
+if [ -f /proc/sys/kernel/unprivileged_userns_clone ]; then
+  if  [ "$(cat /proc/sys/kernel/unprivileged_userns_clone)" != 1 ]; then
+    echo -e "Error during test setup: The kernel parameter kernel.unprivileged_userns_clone has to be set to 1! One has to execute\n\n sysctl kernel.unprivileged_userns_clone=1\n"
+    exit 78
+  fi
+fi
+echo gaga2 >> gaga.txt
+exec unshare -r -nmU bash -c "mount -t tmpfs --make-rshared tmpfs /run/netns; /usr/local/lib/gnunet/libexec/test_testing_start_with_config $conf"
+echo gaga3 >> gaga.txt