[High][Correctness] Message try_duration is ignored by the retransmission loop #29

New issue

Open

opened 2026-03-19 22:43:21 +00:00 by thabeta · 0 comments

thabeta commented

2026-03-19 22:43:21 +00:00

Owner

Summary

Outbound messages accept a caller-provided try_duration, but the background retransmission loop does not use it. Instead, the loop always uses the fixed MESSAGE_SEND_WINDOW constant.

Why this matters

The API contract says callers can control how long the system should keep trying to send a message. That contract is currently false.

This affects:

API behavior
CLI behavior
any caller expecting shorter or longer retry windows
reply/socket forwarding flows that depend on bounded delivery attempts

Evidence

The requested deadline is computed and stored here:

mycelium/src/message.rs:982-989

But the spawned retransmission loop uses:

mycelium/src/message.rs:1031-1033

Specifically, it creates tokio::time::interval(MESSAGE_SEND_WINDOW) instead of using the per-message deadline or try_duration.

There is also a secondary consistency problem where socket-forwarded replies reuse the same fixed window at:

mycelium/src/message.rs:620-624

Expected behavior

The retransmission/abort logic should honor the requested deadline for each message.

Actual behavior

Messages are governed by a fixed 5-minute send window regardless of the requested duration.

Suggested fix

Base timeout handling on the stored per-message deadline rather than a global interval constant.
Replace the fixed deadline ticker with a sleep_until derived from the message-specific deadline.
Add tests that verify short and long try_duration values behave differently.

Risk

High correctness/API-contract issue. It makes timeout behavior unpredictable for callers and can cause messages to be retried far longer than requested.

## Summary Outbound messages accept a caller-provided `try_duration`, but the background retransmission loop does not use it. Instead, the loop always uses the fixed `MESSAGE_SEND_WINDOW` constant. ## Why this matters The API contract says callers can control how long the system should keep trying to send a message. That contract is currently false. This affects: - API behavior - CLI behavior - any caller expecting shorter or longer retry windows - reply/socket forwarding flows that depend on bounded delivery attempts ## Evidence The requested deadline is computed and stored here: - `mycelium/src/message.rs:982-989` But the spawned retransmission loop uses: - `mycelium/src/message.rs:1031-1033` Specifically, it creates `tokio::time::interval(MESSAGE_SEND_WINDOW)` instead of using the per-message deadline or `try_duration`. There is also a secondary consistency problem where socket-forwarded replies reuse the same fixed window at: - `mycelium/src/message.rs:620-624` ## Expected behavior The retransmission/abort logic should honor the requested deadline for each message. ## Actual behavior Messages are governed by a fixed 5-minute send window regardless of the requested duration. ## Suggested fix - Base timeout handling on the stored per-message deadline rather than a global interval constant. - Replace the fixed deadline ticker with a `sleep_until` derived from the message-specific deadline. - Add tests that verify short and long `try_duration` values behave differently. ## Risk High correctness/API-contract issue. It makes timeout behavior unpredictable for callers and can cause messages to be retried far longer than requested.

No labels

Urgent

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

geomind_code/mycelium_network#29

No description provided.

Rows
Columns