Jędrzej Stuczyński 8a93bce32f feat: additional mixnet improvements and metrics (#6874)
* wip

* batch processing of forward packets

* tmp: additional metrics for remote node

* fixed incorrect prometheus metric registration

* unified runtime metrics

* unify mixnet client metrics

* packet forwarding cleanup

* add batching for emptying the delay queue

* cleanup client io loop

* feat(nym-node): reap idle mixnet connections (ingress + egress)

Close mixnet connections that sit with no traffic past a configurable idle period (mixnet.debug.connection_idle_timeout, default 5min, 0 disables) to bound lingering tokio tasks/sockets.

Ingress handle_stream is read-only, so a silently-gone peer (NAT drop, crash without FIN, half-open) never triggers FIN/RST and the task would block on .next() forever; a new idle select arm closes it (the post-loop replay flush still runs, so nothing is stranded). Egress run_io_loop gets the symmetric arm keyed on last_send; on close EvictOnDrop clears the cache entry and the next packet transparently reconnects.

Adds a cumulative nym_node_network_idle_closed_ingress_mixnet_connections counter; egress reaping is observed via the existing active-egress gauge plus an exit_reason=idle_timeout log.

* downgrade sysinfo

* refactor(nym-node): split PacketForwarder into router + delay-queue tasks

Split the single PacketForwarder task into two concurrently-scheduled tasks connected by a bounded handoff channel, so intake and delayed-release no longer block each other.

PacketRouter (router.rs) is the intake task: sole consumer of the ingress channel, it applies the routing filter and either forwards zero/already-elapsed-delay packets directly or hands delayed ones to the delay task. Its per-packet work is sub-µs, so new packets no longer wait behind delayed-release processing (collapses the ForwarderQueue tail).

DelayForwarder (delay.rs) owns the NonExhaustiveDelayQueue exclusively (it can't be shared by reference). Its run loop services BOTH branches on every wakeup - draining pending inserts first to bring the queue current, then flushing everything now due - so the biased select can't let releases and inserts starve each other, and a freshly-arrived-but-already-due packet releases in the same pass (marginally improving DelayQueueOverrun).

The mixnet client is shared as Arc<C>; handoff-channel overflow is dropped as an egress drop rather than blocking, keeping intake decoupled from release.

* feat(nym-node): bound egress flush with a write timeout

Cap how long a single egress batch flush may block on a congested peer socket (mixnet.debug.connection_write_timeout, default 500ms, 0 disables), so a slow peer can no longer back this connection's egress queue up into the multi-second range - the root of the EgressQueue and SocketWrite tails.

A single timeout is treated as transient congestion: the un-fed tail of the batch is abandoned but the connection is retained. This is sound because NoiseStream::poll_write encrypts and buffers each frame synchronously, so a cancelled flush leaves the noise transport nonce-consistent and a later flush resumes the byte stream in order - so a momentary spike costs no re-handshake. Only MAX_CONSECUTIVE_WRITE_TIMEOUTS (3) timeouts in a row, i.e. a persistently congested peer, tears the connection down (it reconnects on the next packet); a successful flush resets the counter.

Buffer-size tuning (maximum_connection_buffer_size) deliberately left for live data.

* revert PacketForwarder split in favour of a single task that clears both channels on wake
2026-06-12 10:31:54 +01:00
2026-05-28 15:57:10 +00:00
2026-06-08 20:02:37 +02:00
2026-06-04 12:15:20 +01:00
2026-04-17 09:23:55 +01:00
2026-03-12 14:46:00 +00:00
2026-06-09 15:04:40 +02:00
2026-04-17 09:23:55 +01:00
2024-12-20 12:18:45 +01:00
2026-06-04 12:15:20 +01:00
2026-06-04 12:15:21 +01:00
2026-06-02 13:15:13 +02:00
2026-04-17 09:23:55 +01:00
2026-05-21 09:13:31 +01:00
2026-06-10 16:32:12 +02:00
2026-06-09 13:31:08 +00:00
2026-06-04 12:15:20 +01:00
2026-05-28 15:57:10 +00:00
2026-06-08 12:23:00 +02:00
2026-06-05 10:36:36 +00:00
2026-02-16 14:45:05 +01:00
2026-06-09 13:31:08 +00:00
2026-05-22 20:29:51 +01:00
2023-12-19 09:24:44 +01:00
2023-12-19 09:24:44 +01:00
2026-06-08 16:30:10 +02:00
2026-05-11 14:50:14 +00:00
2026-05-22 20:29:51 +01:00
2026-05-22 20:29:51 +01:00
2026-03-24 15:08:07 +00:00
2026-06-05 10:36:36 +00:00
2026-06-05 10:36:36 +00:00
2026-06-09 13:31:08 +00:00
2026-05-22 20:29:51 +01:00

The Nym Privacy Platform

The platform is composed of multiple Rust crates. Top-level executable binary crates include:

  • nym-node - a tool for running a node within the Nym network. Nym Nodes containing functionality such as mixnode, entry-gateway and exit-gateway are fundamental components of Nym Mixnet architecture. Nym Nodes are ran by decentralised node operators. Read more about nym-node in Operators Guide documentation. Network functionality of nym-node (labeled with --mode flag) can be:
    • mixnode - shuffles Sphinx packets together to provide privacy against network-level attackers.
    • gateway - acts sort of like a mailbox for mixnet messages, which removes the need for direct delivery to potentially offline or firewalled devices. Gateways can be further categorized as entry-gateway and exit-gateway. The latter has an extra embedded IP packet router and Network requester to route data to the internet.
  • nym-client - an executable which you can build into your own applications. Use it for interacting with Nym nodes.
  • nym-socks5-client - a Socks5 proxy you can run on your machine and use with existing applications.
  • nym-explorer - a (projected) block explorer and (existing) mixnet viewer.
  • nym-wallet - a desktop wallet implemented using the Tauri) framework.
  • nym-cli - a tool for interacting with the network from the CLI.
                      ┌─►mix──┐  mix     mix
                      │       │
            Entry     │       │                   Exit
client ───► Gateway ──┘  mix  │  mix  ┌─►mix ───► Gateway ───► internet
                              │       │
                              │       │
                         mix  └─►mix──┘  mix

This project integrates with the Midnight Network

Building

Developing

References for developers:

Developer chat

You can chat to us in the #dev channel on Matrix or on the Nym Forum.

Tokenomics & Rewards

Nym network economic incentives, operator and validator rewards, and scalability of the network are determined according to the principles laid out in the section 6 of Nym Whitepaper. Initial reward pool is set to 250 million Nym, making the circulating supply 750 million Nym.

This is a monorepo and components that make up Nym as a system are licensed individually, so for accurate information, please check individual files.

As a general approach, licensing is as follows this pattern:

  • applications and binaries are GPLv3
  • libraries and components are Apache 2.0 or MIT
  • documentation is Apache 2.0 or CC0-1.0

Nym Node Operators and Validators Terms and Conditions can be found here.

Getting Started

pnpm install
pnpm build
S
Description
Nym provides strong network-level privacy against sophisticated end-to-end attackers, and anonymous transactions using blinded, re-randomizable, decentralized credentials.
Readme 377 MiB
Languages
Rust 65.9%
JavaScript 22.1%
TypeScript 9.1%
Shell 0.9%
Python 0.6%
Other 1.2%