Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| ecd678a849 | |||
| 6c6e473607 | |||
| d52d728ab8 |
@@ -335,9 +335,36 @@ fn process_final_hop(
|
||||
packet_type: PacketType,
|
||||
key_rotation: SphinxKeyRotation,
|
||||
) -> Result<MixProcessingResultData, PacketProcessingError> {
|
||||
let payload_size = payload.len();
|
||||
debug!(
|
||||
"process_final_hop: payload_size={}, packet_size={:?}, packet_type={:?}, destination={}",
|
||||
payload_size, packet_size, packet_type, destination
|
||||
);
|
||||
|
||||
let (forward_ack, message) =
|
||||
split_into_ack_and_message(payload, packet_size, packet_type, key_rotation)?;
|
||||
|
||||
let message_size = message.len();
|
||||
let ack_present = forward_ack.is_some();
|
||||
debug!(
|
||||
"process_final_hop: after split - message_size={}, ack_present={}, payload_size={}",
|
||||
message_size, ack_present, payload_size
|
||||
);
|
||||
|
||||
// Verify expected message size
|
||||
if let PacketSize::RegularPacket = packet_size {
|
||||
use nym_sphinx_addressing::nodes::MAX_NODE_ADDRESS_UNPADDED_LEN;
|
||||
let sphinx_ack_overhead = PacketSize::AckPacket.size() + MAX_NODE_ADDRESS_UNPADDED_LEN;
|
||||
let expected_message_size = packet_size.plaintext_size() - sphinx_ack_overhead;
|
||||
if message_size != expected_message_size {
|
||||
use tracing::warn;
|
||||
warn!(
|
||||
"process_final_hop: MESSAGE SIZE MISMATCH! message_size={}, expected={}, payload_size={}, ack_present={}",
|
||||
message_size, expected_message_size, payload_size, ack_present
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
Ok(MixProcessingResultData::FinalHop {
|
||||
final_hop_data: ProcessedFinalHop {
|
||||
destination,
|
||||
|
||||
@@ -278,6 +278,31 @@ impl<R, S> FreshHandler<R, S> {
|
||||
where
|
||||
S: AsyncRead + AsyncWrite + Unpin,
|
||||
{
|
||||
// Log message sizes before sending to client
|
||||
for (idx, packet) in packets.iter().enumerate() {
|
||||
use nym_sphinx::addressing::nodes::MAX_NODE_ADDRESS_UNPADDED_LEN;
|
||||
use nym_sphinx::params::PacketSize;
|
||||
let sphinx_ack_overhead = PacketSize::AckPacket.size() + MAX_NODE_ADDRESS_UNPADDED_LEN;
|
||||
let expected_size = PacketSize::RegularPacket.plaintext_size() - sphinx_ack_overhead;
|
||||
|
||||
debug!(
|
||||
"push_packets_to_client: packet[{}] size={}, expected_regular_size={}, ack_overhead={}",
|
||||
idx,
|
||||
packet.len(),
|
||||
expected_size,
|
||||
sphinx_ack_overhead
|
||||
);
|
||||
|
||||
if packet.len() == PacketSize::RegularPacket.plaintext_size() {
|
||||
warn!(
|
||||
"push_packets_to_client: WARNING - packet[{}] has full plaintext size ({}), expected {} (after ACK removal)",
|
||||
idx,
|
||||
packet.len(),
|
||||
expected_size
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
// note: into_ws_message encrypts the requests and adds a MAC on it. Perhaps it should
|
||||
// be more explicit in the naming?
|
||||
let messages: Vec<Result<Message, WsError>> = packets
|
||||
@@ -496,8 +521,9 @@ impl<R, S> FreshHandler<R, S> {
|
||||
error!("{incompatible_err}");
|
||||
Err(incompatible_err)
|
||||
} else {
|
||||
// Return the client's version for backwards compatibility.. temporary solution.
|
||||
debug!("the client is using exactly the same (or older) protocol version as we are. We're good to continue!");
|
||||
Ok(CURRENT_PROTOCOL_VERSION)
|
||||
Ok(client_protocol_version)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -717,9 +743,9 @@ impl<R, S> FreshHandler<R, S> {
|
||||
}
|
||||
|
||||
pub(crate) fn handle_supported_protocol_request(&self) -> ServerResponse {
|
||||
debug!("returning gateway protocol version");
|
||||
use nym_gateway_requests::EMBEDDED_KEY_ROTATION_INFO_VERSION;
|
||||
ServerResponse::SupportedProtocol {
|
||||
version: CURRENT_PROTOCOL_VERSION,
|
||||
version: EMBEDDED_KEY_ROTATION_INFO_VERSION,
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -846,11 +846,23 @@ impl MixnetListener {
|
||||
| AuthenticatorVersion::V1
|
||||
| AuthenticatorVersion::V2
|
||||
| AuthenticatorVersion::V3
|
||||
| AuthenticatorVersion::V4
|
||||
| AuthenticatorVersion::V5 => {
|
||||
// pre v6 this message hasn't existed
|
||||
| AuthenticatorVersion::V4 => {
|
||||
// pre v5 this message hasn't existed
|
||||
return Err(AuthenticatorError::UnknownVersion);
|
||||
}
|
||||
AuthenticatorVersion::V5 => {
|
||||
// V5 clients shouldn't send this message, but for backward compatibility
|
||||
// with V5 clients connecting to V6 gateways, we allow it and return
|
||||
// a V6-style response (V5 clients won't understand it, but at least we don't error)
|
||||
// This enables V5 clients from mainnet (release/2026.1-kiwi) to work with
|
||||
// V6 gateways (release/2026.2-oscypek) during the transition period
|
||||
v6::response::AuthenticatorResponse::new_upgrade_mode_check(
|
||||
request_id,
|
||||
self.upgrade_mode_enabled(),
|
||||
)
|
||||
.to_bytes()
|
||||
.map_err(AuthenticatorError::response_serialisation)?
|
||||
}
|
||||
AuthenticatorVersion::V6 => {
|
||||
v6::response::AuthenticatorResponse::new_upgrade_mode_check(
|
||||
request_id,
|
||||
|
||||
@@ -151,6 +151,29 @@ impl ConnectionHandler {
|
||||
|
||||
let client = final_hop_data.destination;
|
||||
let message = final_hop_data.message;
|
||||
let message_size = message.len();
|
||||
|
||||
// Log message size for debugging
|
||||
use nym_sphinx_addressing::nodes::MAX_NODE_ADDRESS_UNPADDED_LEN;
|
||||
use nym_sphinx_params::PacketSize;
|
||||
let sphinx_ack_overhead = PacketSize::AckPacket.size() + MAX_NODE_ADDRESS_UNPADDED_LEN;
|
||||
let expected_size = PacketSize::RegularPacket.plaintext_size() - sphinx_ack_overhead;
|
||||
|
||||
debug!(
|
||||
"handle_final_hop: client={}, message_size={}, expected_regular_size={}, ack_overhead={}, forward_ack_present={}",
|
||||
client,
|
||||
message_size,
|
||||
expected_size,
|
||||
sphinx_ack_overhead,
|
||||
final_hop_data.forward_ack.is_some()
|
||||
);
|
||||
|
||||
if message_size == PacketSize::RegularPacket.plaintext_size() {
|
||||
warn!(
|
||||
"handle_final_hop: WARNING - message has full plaintext size ({}), expected {} (after ACK removal)",
|
||||
message_size, expected_size
|
||||
);
|
||||
}
|
||||
|
||||
// if possible attempt to push message directly to the client
|
||||
match self.shared.try_push_message_to_client(client, message) {
|
||||
|
||||
Reference in New Issue
Block a user