43a1bd38e8
* Mod gitignore + license trimming + comment trimming
* Big rewrite
* SURB inputs + DNS button in internal-dev
* Make ipr addr optional
* Accidentatly omitted files from rewrite commit
* Makefile + readme
* Comment rewrite
* Optimisation comment
* Replace manual waker map with
smoltcp built-ins + adaptive poll
* Comments
* Extract socket creation helpers into stream.rs
* Cleanup comments
* Comment
* Comment notes and restrict ciphersuites wrt rustls-rustcrypto
* Dep. hack fix for demo + add clearnet fetch() for contrast
* Stripped down devtester
* Fix Clippy arg (fatfingered deletion)
* CodeRabbit catches
* Cargofmt
* Review nits: bridge logs, fetch early-return, static port counter, copyright years, README + Cargo + headless.js tidying
* PHONY + taskset override, switch internal-dev/tests to pnpm, fix wasm-pack out-dir
* Gate codec tests behind the codec feature for no-default-features builds
* IPv6 addr/route on smoltcp iface + configurable DNS resolvers via TunnelOpts
* DNS GUI inputs, close stale WS on reconnect, worker init guards + ws-send warning, Playwright listener cleanup, pnpm-lock in internal-dev
* Fix lp -> lp-data after rebase
* Revert nym-lp/nym-lp-data feature-gating left over from rebase
* Lift getrandom wasm_js cfg to workspace .cargo/config.toml so cargo check -p smolmix-wasm works from any CWD
* temp will amend git message
* Auto-discover IPR when none specified + 'Use random IPR' checkbox in internal-dev
* smolmix_tracker + State machine + ready_tunnel gate + getTunnelState JS surface
* Mirror red display() entries to console.error
* Add left out package-lock
* Reactor clock + yield_now + atomic seq + gateway-storage errors
* setupMixTunnel gate + MTU 1980 + http::Uri cleanup
* Review pass + fix test + clippy
* restore axum 0.8 bump from borked earlier merge
* Feature gating (dns/fetch/socket) + TunnelOptsBuilder + pnpm bypass
* Cont. with review comments
* tokio Nofity reactor wakes + cancellation + setup polishing
* Notify wakes + inner pattern + close_notify + util
* Tunable tunnelopts
* Fix tired commit
* CI prep
* Lint + Clippy
* coderabbit u32 fix
* nits + runtime debugging + expose in internal-dev
* remove redudant default-features
* Remove more redundant default-features
Nym Gateway Probe
Probe IPv4 and IPv6 interfaces of available gateways to check for the set that passes a set of minimum service guarantees.
Build
These instructions assume a debian based system. Adjust accordingly for your preferred platform.
Install required dependencies
sudo apt install libdbus-1-dev libmnl-dev libnftnl-dev protobuf-compiler llvm-dev libclang-dev clang
Build required libraries and executables
cargo build -p nym-gateway-probe
Test Modes
The probe supports different test modes via the --mode flag:
| Mode | Description |
|---|---|
mixnet |
Traditional mixnet testing - entry/exit pings + WireGuard via authenticator (default) |
single-hop |
LP registration + WireGuard on single gateway (no mixnet) |
two-hop |
Entry LP + Exit LP (nested forwarding) + WireGuard tunnel |
lp-only |
LP registration only - test handshake, skip WireGuard |
Usage
Standard Mode (via nym-api)
Test gateways registered in nym-api directory:
# Test a specific gateway (mixnet mode)
nym-gateway-probe -g "qj3GgGYgGZZ3HkFrtD1GU9UJ5oNXME9eD2xtmPLqYYw"
# Test with amnezia WireGuard
nym-gateway-probe -g "qj3GgGYg..." -a "jc=4\njmin=40\njmax=70\n"
# WireGuard only (skip entry/exit ping tests)
nym-gateway-probe -g "qj3GgGYg..." --only-wireguard
Localnet Mode (run-local)
Test gateways directly by IP/identity without nym-api:
# Single-hop: LP registration + WireGuard on one gateway
nym-gateway-probe run-local \
--entry-gateway-identity "8yGm5h2KgNwrPgRRxjT2DhXQFCnADkHVyE5FYS4LHWLC" \
--entry-lp-address "192.168.66.6:41264" \
--mode single-hop \
--use-mock-ecash
# Two-hop: Entry + Exit LP forwarding + WireGuard
nym-gateway-probe run-local \
--entry-gateway-identity "$ENTRY_ID" \
--entry-lp-address "192.168.66.6:41264" \
--exit-gateway-identity "$EXIT_ID" \
--exit-lp-address "192.168.66.7:41264" \
--mode two-hop \
--use-mock-ecash
# LP-only: Test handshake and registration only
nym-gateway-probe run-local \
--entry-gateway-identity "$GATEWAY_ID" \
--entry-lp-address "localhost:41264" \
--mode lp-only \
--use-mock-ecash
Note: --use-mock-ecash requires gateways started with --lp-use-mock-ecash.
Split Network Configuration
For docker/container setups where entry and exit are on different networks:
# Entry reachable from host, exit only reachable from entry's internal network
nym-gateway-probe run-local \
--entry-gateway-identity "$ENTRY_ID" \
--entry-lp-address "192.168.66.6:41264" \ # Host → Entry
--exit-gateway-identity "$EXIT_ID" \
--exit-lp-address "172.18.0.5:41264" \ # Entry → Exit (internal)
--mode two-hop \
--use-mock-ecash
CLI Reference
Usage: nym-gateway-probe [OPTIONS] [COMMAND]
Commands:
run-local Run probe in localnet mode (direct IP, no nym-api)
Options:
-c, --config-env-file <PATH> Path to env file describing the network
-g, --entry-gateway <ID> Entry gateway identity (base58)
-n, --node <ID> Node to test (defaults to entry gateway)
--gateway-ip <IP> Query gateway directly by IP (skip nym-api)
--exit-gateway-ip <IP> Exit gateway IP for two-hop testing
--mode <MODE> Test mode: mixnet, single-hop, two-hop, lp-only
--only-wireguard Skip ping tests, only test WireGuard
--only-lp-registration Test LP registration only (legacy flag)
--test-lp-wg Test LP + WireGuard (legacy flag)
-a, --amnezia-args <ARGS> Amnezia WireGuard config arguments
--no-log Disable logging
-h, --help Print help
-V, --version Print version
Localnet Options (run-local):
--entry-gateway-identity <ID> Entry gateway Ed25519 identity
--entry-lp-address <HOST:PORT> Entry gateway LP listener address
--exit-gateway-identity <ID> Exit gateway Ed25519 identity
--exit-lp-address <HOST:PORT> Exit gateway LP listener address
--use-mock-ecash Use mock credentials (dev only)
Output
The probe outputs JSON with test results:
{
"node": "gateway-identity",
"used_entry": "entry-gateway-identity",
"outcome": {
"as_entry": { "can_connect": true, "can_route": true },
"as_exit": { "can_connect": true, "can_route_ip_v4": true, "can_route_ip_v6": true },
"wg": { "can_register": true, "can_handshake_v4": true, "can_handshake_v6": true },
"lp": { "can_connect": true, "can_handshake": true, "can_register": true }
}
}