Files
Jędrzej Stuczyński 8a93bce32f feat: additional mixnet improvements and metrics (#6874)
* wip

* batch processing of forward packets

* tmp: additional metrics for remote node

* fixed incorrect prometheus metric registration

* unified runtime metrics

* unify mixnet client metrics

* packet forwarding cleanup

* add batching for emptying the delay queue

* cleanup client io loop

* feat(nym-node): reap idle mixnet connections (ingress + egress)

Close mixnet connections that sit with no traffic past a configurable idle period (mixnet.debug.connection_idle_timeout, default 5min, 0 disables) to bound lingering tokio tasks/sockets.

Ingress handle_stream is read-only, so a silently-gone peer (NAT drop, crash without FIN, half-open) never triggers FIN/RST and the task would block on .next() forever; a new idle select arm closes it (the post-loop replay flush still runs, so nothing is stranded). Egress run_io_loop gets the symmetric arm keyed on last_send; on close EvictOnDrop clears the cache entry and the next packet transparently reconnects.

Adds a cumulative nym_node_network_idle_closed_ingress_mixnet_connections counter; egress reaping is observed via the existing active-egress gauge plus an exit_reason=idle_timeout log.

* downgrade sysinfo

* refactor(nym-node): split PacketForwarder into router + delay-queue tasks

Split the single PacketForwarder task into two concurrently-scheduled tasks connected by a bounded handoff channel, so intake and delayed-release no longer block each other.

PacketRouter (router.rs) is the intake task: sole consumer of the ingress channel, it applies the routing filter and either forwards zero/already-elapsed-delay packets directly or hands delayed ones to the delay task. Its per-packet work is sub-µs, so new packets no longer wait behind delayed-release processing (collapses the ForwarderQueue tail).

DelayForwarder (delay.rs) owns the NonExhaustiveDelayQueue exclusively (it can't be shared by reference). Its run loop services BOTH branches on every wakeup - draining pending inserts first to bring the queue current, then flushing everything now due - so the biased select can't let releases and inserts starve each other, and a freshly-arrived-but-already-due packet releases in the same pass (marginally improving DelayQueueOverrun).

The mixnet client is shared as Arc<C>; handoff-channel overflow is dropped as an egress drop rather than blocking, keeping intake decoupled from release.

* feat(nym-node): bound egress flush with a write timeout

Cap how long a single egress batch flush may block on a congested peer socket (mixnet.debug.connection_write_timeout, default 500ms, 0 disables), so a slow peer can no longer back this connection's egress queue up into the multi-second range - the root of the EgressQueue and SocketWrite tails.

A single timeout is treated as transient congestion: the un-fed tail of the batch is abandoned but the connection is retained. This is sound because NoiseStream::poll_write encrypts and buffers each frame synchronously, so a cancelled flush leaves the noise transport nonce-consistent and a later flush resumes the byte stream in order - so a momentary spike costs no re-handshake. Only MAX_CONSECUTIVE_WRITE_TIMEOUTS (3) timeouts in a row, i.e. a persistently congested peer, tears the connection down (it reconnects on the next packet); a successful flush resets the counter.

Buffer-size tuning (maximum_connection_buffer_size) deliberately left for live data.

* revert PacketForwarder split in favour of a single task that clears both channels on wake
2026-06-12 10:31:54 +01:00
..
2026-06-09 15:04:40 +02:00
2026-05-22 20:29:51 +01:00
2026-06-08 19:19:59 +02:00
2026-06-09 09:54:35 +02:00
2021-11-11 10:25:51 +01:00
2022-08-11 12:21:19 +01:00
2026-05-22 20:29:51 +01:00
2022-03-12 22:17:33 +00:00
2023-07-18 12:15:20 +03:00
2026-06-09 09:54:35 +02:00
2026-06-09 09:54:35 +02:00
2026-04-17 19:41:13 +02:00
2022-03-12 22:17:33 +00:00

Nym Wallet

Nym is an open-source, decentralized and permissionless privacy system. It provides full-stack privacy, allowing other applications, services or blockchains to provide their users with strong metadata protection, at both the network level (mixnet), and the application level (anonymous credentials) without the need to build privacy from scratch.

The Nym desktop wallet enables you to use the Nym network and take advantage of its key capabilities

Installation prerequisites - Linux / Mac

  • Yarn
  • NodeJS >= v16.8.0
  • Rust & cargo >= v1.56

Linux: WebKit and EGL troubleshooting

Some rolling distributions (for example Arch-based) or Wayland compositors can hit WebKitGTK / EGL errors at startup (for example EGL_BAD_PARAMETER, EGL_BAD_ALLOC, or Could not create default EGL display).

Wayland (all Linux bundles, including AppImage): On startup, when WAYLAND_DISPLAY is set, the wallet sets GDK_BACKEND, GDK_SCALE, GDK_DPI_SCALE, and defaults WEBKIT_DISABLE_DMABUF_RENDERER=1 before the webview initializes. Override if needed: WEBKIT_DISABLE_DMABUF_RENDERER=0, or set your own GDK_* / LD_PRELOAD before launching. (Tauris AppImage bundler only copies paths under /usr/ into the image, so an apprun-hooks/ file in config would not be included; defaults live in main() instead.)

.deb, installed binary, or target/release binary: You can also set the same variables in a wrapper script or .desktop file, for example:

Exec=env WEBKIT_DISABLE_DMABUF_RENDERER=1 GDK_BACKEND=wayland GDK_SCALE=1 GDK_DPI_SCALE=0.8 /path/to/NymWallet

If problems persist on Wayland, try preloading the system client library (path may vary by distro):

LD_PRELOAD=/usr/lib/libwayland-client.so (or /usr/lib64/...).

Diagnostic (slow): LIBGL_ALWAYS_SOFTWARE=1 forces software GL to confirm a GPU / EGL stack mismatch.

Installation prerequisites - Windows

  • When running on Windows you will need to install c++ build tools
  • An easy guide to get rust up and running Installation
  • When installing NodeJS please use the current features version
  • Using a package manager like Chocolatey is recommended
  • The nym wallet requires you to have Webview2 installed, please head to the Installer, this will ensure a smooth app launch

Installation

Inside the nym-wallet directory, run the following command:

yarn install

Populate environment variables

The wallet requires you to supply a .env file, this populates values in the wallet once it's compiled.

In the project roots there's a .env.sample file, these values currently match what the .env file should be populated with. However, if you want to change these values you can do so accordingly.

  • In the root directory, create a new file named .env
  • Input the values against the variables

Terminal

The terminal is shown either in development mode, or by setting the SHOW_TERMINAL to any value, e.g. true.

When enabled, the terminal icon is shown in the nav and clicking it displays a modal that shows the inner state of the wallet. In the future, this will also allow interactions, e.g. queries or executing commands such as delegation or undelegating.

It is intended to be used during development and for troubleshooting.

Development mode

You can compile the wallet in development mode by running the following command inside the nym-wallet directory:

yarn dev

This will produce a binary in - nym-wallet/target/debug/ named nym-wallet

To launch the wallet, navigate to the directory and run the following command: ./nym-wallet

Production mode

Run the following command from the nym-wallet folder

yarn build

The output will compile different types of binaries dependent on your hardware / OS system. Once the binaries are built, they can be located as follows:

Admin mode

The admin screens can be shown by setting the environment variable ADMIN_ADDRESS. You'll need to know the admin account address for the network you are using.

QA mode

On built versions of the wallet, you can set the environment variable ENABLE_QA_MODE=true to add the QA network to the list of available networks.

Binary output directory structure

**macos**
|
└─── target/release
|   |─ nym-wallet
└───target/release/bundle/dmg
│   │─ bundle_dmg.sh
│   │─ nym-wallet.*.dmg
└───target/release/bundle/macos/MacOs
│   │─ nym-wallet
|
**Linux**
└─── target/release
|   │─  nym-wallet
└───target/release/bundle/appimage
│   │─  nym-wallet_*_.AppImage
│   │─  build_appimage.sh
└───target/release/bundle/deb
│   │─  nym-wallet_*_.deb
|
**Windows**
└─── target/release
|   │─  nym-wallet.exe
└───target/release/bundle/msi
│   │─  nym-wallet_*_.msi

For instructions on how to release the wallet, please see RELEASE.md.