Fix: Traceroute through MQTT misses uplink node if MQTT is encrypted

[domusonline]

This PR fixes #9713

As described in the bug, a traceroute that goes through MQTT server will not show the gateway node.
This is caused by the code in Router.cpp which saves the original image of the packet (before TraceRoute module changes it) and uses that image to send to the MQTT server.

The solution proposed works, but I don't find it the best due to these reasons:

• It re-encrypts the packet which the code is already doing somewhere to send through RF. But I have no idea how to obtain a reference to that image back in Router.cpp
• The code releases the original encrypted packet from packetPool. Then it allocates a copy from the non-encrypted packet (changed by the TraceRoute module) and tries to encrypt it. If something fails the reference to the packet is not valid.

The second issues caused a lot of "repeated ELSE" structures which look weird. But I couldn't find a better way to avoid calling mqtt::onSend with an invalid reference.

In favor of the fix it only applies to the specific situation where the packet is a traceroute. So the impact is rather low (just one or two IFs) for all the other cases.

I didn't try to avoid the release at the end of the method, because it is done even if the pointer is "nullptr" if I understood the code correctly.

I've tested this in the following way:

1. Compiled a firmware based on current develop branch with this change applied
2. I forced a trace though the node and verified that the uploaded MQTT message contained the node itself (issue fixed in practice)
3. I left the node running for a cumulative period of around two days to make sure there were no memory leaks or other unexpected failures. I had 100% uptime on that node, and being connected to the local MQTT server it processed and rebroadcastd thousands of packets.

With this in mind, I just feel there would be more elegant ways to solve this, but I'm pretty confident it works and will only change the behavior when a node connected to MQTT receives and processes a traceroute. I'd be happy if anyone else can provide a better solution, but if that takes time I think this is a viable solution.

Appreciated the support and feedback I had on Discord and local mesh community.

🤝 Attestations

• I have tested that my proposed changes behave as described.
• I have tested that my proposed changes do not cause any obvious regressions on the following devices:
  • Heltec (Lora32) V3
  • LilyGo T-Deck
  • LilyGo T-Beam
  • RAK WisBlock 4631
  • Seeed Studio T-1000E tracker card
  • Other (please specify below)
    Heltec WSL V3

[github-actions]

@domusonline, Welcome to Meshtastic!

Thanks for opening your first pull request. We really appreciate it.

We discuss work as a team in discord, please join us in the #firmware channel.
There's a big backlog of patches at the moment. If you have time,
please help us with some code review and testing of other PRs!

Welcome to the team 😄

[CLAassistant]

All committers have signed the CLA.

[Copilot]

Pull request overview

Fixes Meshtastic traceroute packets published via encrypted MQTT so the gateway node appears in the route (by ensuring the MQTT-encrypted payload reflects traceroute module in-place modifications).

Changes:

• Rebuilds the encrypted MQTT copy for TRACEROUTE_APP packets after modules run, then re-encodes/encrypts it before publishing to MQTT.
• Skips MQTT publish for traceroute packets if re-encryption fails.

[domusonline]

I agree with the co-pilot suggested changes. Some were considered but I tried to follow what has been done previously in other parts of the code.
This being my first PR it's not really clear to me if the next steps are on my side, or if this needs to wait for a "human" review which I think would be good as some of my concerns are beyond the AI observations.
Thanks for your attention.

[GUVWAF]

Thanks for your PR! Indeed it looks a bit cumbersome, but I think it's OK. We could also always re-encrypt it, but I think checking for the traceroute app is a nice optimization as encrypting can take a while.

I responded to the AI's comments and I think indeed two of them are worth implementing.

[domusonline]

Thanks for your PR! Indeed it looks a bit cumbersome, but I think it's OK. We could also always re-encrypt it, but I think checking for the traceroute app is a nice optimization as encrypting can take a while.

I responded to the AI's comments and I think indeed two of them are worth implementing.

I updated the Router.cpp file with the following changes:
1- Added the condition to check that MQTT configuration has "encrypted" turned on. This will reduce the overload on cases where the MQTT server is not using encrypted messages
2- Checked the allocation of the new packet before releasing the original
3- Checked the encryption of the new packet before releasing the original
4- The code fallsback to sending the original if either 2) or 3) fails

I think it's more efficient, more resilient and looks a bit "cleaner" now.
I had some issues with git/commit (my fault for sure) which forced me to redo a new commit. But the differences in the file look good.
I tested the changes and left the node running for several hours to make sure it didn't show any memory issues.
Hope this is ok now. If not, please point the issues.
Thanks.

[GUVWAF]

Thanks for the effort!
Looks good to me.

[fifieldt]

@domusonline , are you familiar with the trunk code linter? We use it to keep all our formatting consistent.

[domusonline]

@domusonline , are you familiar with the trunk code linter? We use it to keep all our formatting consistent.

I installed it, tried to run it, but had some issues. Given the small ammount of lines changed I thought it followed the recommend formatting, but I noticed some automated test/validation apparently failed. I'm motivated to try more contributions and in case I do I'll make sure I clear the mentioned issues...

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.