[trel] require link-local for peer discovered by mDNS (#2709)

jwhui · web-flow · commit b8523883c469 · 2025-03-10T12:06:16.000-07:00
diff --git a/.github/workflows/border_router.yml b/.github/workflows/border_router.yml
@@ -73,14 +73,6 @@ jobs:
             otbr_mdns: "mDNSResponder"
             cert_scripts: ./tests/scripts/thread-cert/border_router/*.py
             packet_verification: 2
-          - name: "Border Router TREL (Avahi)"
-            otbr_options: "-DOT_DUA=ON -DOT_ECDSA=ON -DOT_MLR=ON -DOT_SERVICE=ON -DOT_SRP_SERVER=ON -DOTBR_COVERAGE=ON -DOTBR_DUA_ROUTING=ON -DOTBR_TREL=ON -DOTBR_DNS_UPSTREAM_QUERY=ON"
-            border_routing: 1
-            internet: 0
-            dnssd_plat: 0
-            otbr_mdns: "avahi"
-            cert_scripts: ./tests/scripts/thread-cert/border_router/*.py
-            packet_verification: 2
           - name: "Border Router MATN (mDNSResponder)"
             otbr_options: "-DOT_DUA=ON -DOT_ECDSA=ON -DOT_MLR=ON -DOT_SERVICE=ON -DOT_SRP_SERVER=ON -DOTBR_COVERAGE=ON -DOTBR_DUA_ROUTING=ON -DOTBR_TREL=OFF -DOTBR_DNS_UPSTREAM_QUERY=ON"
             border_routing: 1
@@ -105,24 +97,16 @@ jobs:
             otbr_mdns: "mDNSResponder"
             cert_scripts: ./tests/scripts/thread-cert/backbone/*.py
             packet_verification: 1
-          - name: "Border Router TREL with FEATURE_FLAG (avahi)"
-            otbr_options: "-DOT_DUA=ON -DOT_ECDSA=ON -DOT_MLR=ON -DOT_SERVICE=ON -DOT_SRP_SERVER=ON -DOTBR_COVERAGE=ON -DOTBR_DUA_ROUTING=ON -DOTBR_FEATURE_FLAGS=ON -DOTBR_TELEMETRY_DATA_API=ON -DOTBR_TREL=ON -DOTBR_DNS_UPSTREAM_QUERY=ON"
-            border_routing: 1
-            internet: 0
-            dnssd_plat: 0
-            otbr_mdns: "avahi"
-            cert_scripts: ./tests/scripts/thread-cert/border_router/*.py
-            packet_verification: 2
           - name: "Border Router with OT Core Advertising Proxy (avahi)"
-            otbr_options: "-DOT_DUA=ON -DOT_ECDSA=ON -DOT_MLR=ON -DOT_SERVICE=ON -DOT_SRP_SERVER=ON -DOTBR_COVERAGE=ON -DOTBR_DUA_ROUTING=ON -DOTBR_TREL=ON -DOTBR_DNS_UPSTREAM_QUERY=ON"
+            otbr_options: "-DOT_DUA=ON -DOT_ECDSA=ON -DOT_MLR=ON -DOT_SERVICE=ON -DOT_SRP_SERVER=ON -DOTBR_COVERAGE=ON -DOTBR_DUA_ROUTING=ON -DOTBR_TREL=OFF -DOTBR_DNS_UPSTREAM_QUERY=ON"
             border_routing: 1
             internet: 0
             dnssd_plat: 1
             otbr_mdns: "avahi"
             cert_scripts: ./tests/scripts/thread-cert/border_router/*.py
             packet_verification: 1
           - name: "Border Router with OT Core Advertising Proxy (mDNSResponder)"
-            otbr_options: "-DOT_DUA=ON -DOT_ECDSA=ON -DOT_MLR=ON -DOT_SERVICE=ON -DOT_SRP_SERVER=ON -DOTBR_COVERAGE=ON -DOTBR_DUA_ROUTING=ON -DOTBR_TREL=ON -DOTBR_DNS_UPSTREAM_QUERY=ON"
+            otbr_options: "-DOT_DUA=ON -DOT_ECDSA=ON -DOT_MLR=ON -DOT_SERVICE=ON -DOT_SRP_SERVER=ON -DOTBR_COVERAGE=ON -DOTBR_DUA_ROUTING=ON -DOTBR_TREL=OFF -DOTBR_DNS_UPSTREAM_QUERY=ON"
             border_routing: 1
             internet: 0
             dnssd_plat: 1
diff --git a/src/trel_dnssd/trel_dnssd.cpp b/src/trel_dnssd/trel_dnssd.cpp
@@ -301,25 +301,22 @@ void TrelDnssd::OnTrelServiceInstanceAdded(const Mdns::Publisher::DiscoveredInst
     {
         otbrLogDebug("Peer address: %s", addr.ToString().c_str());
 
-        // Skip anycast (Refer to https://datatracker.ietf.org/doc/html/rfc2373#section-2.6.1)
-        if (addr.m64[1] == 0)
+        // Require link-local. Thread requires TREL peers to advertise link-local via mDNS.
+        if (!addr.IsLinkLocal())
         {
             continue;
         }
 
-        // If there are multiple addresses, we prefer the address
-        // which is numerically smallest. This prefers GUA over ULA
-        // (`fc00::/7`) and then link-local (`fe80::/10`).
-
+        // Pick the smallest link-local to be robust to reorderings.
         if (selectedAddress.IsUnspecified() || (addr < selectedAddress))
         {
             selectedAddress = addr;
         }
     }
 
-    if (aInstanceInfo.mAddresses.empty())
+    if (selectedAddress.IsUnspecified())
     {
-        otbrLogWarning("Peer %s does not have any IPv6 address, ignored", aInstanceInfo.mName.c_str());
+        otbrLogWarning("Peer %s does not have any IPv6 link-local address, ignored", aInstanceInfo.mName.c_str());
         ExitNow();
     }
 

Original file line number	Diff line number	Diff line change
`@@ -301,25 +301,22 @@ void TrelDnssd::OnTrelServiceInstanceAdded(const Mdns::Publisher::DiscoveredInst`
`301`	`301`	`{`
`302`	`302`	`otbrLogDebug("Peer address: %s", addr.ToString().c_str());`
`303`	`303`
`304`		`- // Skip anycast (Refer to https://datatracker.ietf.org/doc/html/rfc2373#section-2.6.1)`
`305`		`- if (addr.m64[1] == 0)`
	`304`	`+ // Require link-local. Thread requires TREL peers to advertise link-local via mDNS.`
	`305`	`+ if (!addr.IsLinkLocal())`
`306`	`306`	`{`
`307`	`307`	`continue;`
`308`	`308`	`}`
`309`	`309`
`310`		`- // If there are multiple addresses, we prefer the address`
`311`		`- // which is numerically smallest. This prefers GUA over ULA`
`312`		- // (`fc00::/7`) and then link-local (`fe80::/10`).
`313`		`-`
	`310`	`+ // Pick the smallest link-local to be robust to reorderings.`
`314`	`311`	`if (selectedAddress.IsUnspecified() \|\| (addr < selectedAddress))`
`315`	`312`	`{`
`316`	`313`	`selectedAddress = addr;`
`317`	`314`	`}`
`318`	`315`	`}`
`319`	`316`
`320`		`- if (aInstanceInfo.mAddresses.empty())`
	`317`	`+ if (selectedAddress.IsUnspecified())`
`321`	`318`	`{`
`322`		`- otbrLogWarning("Peer %s does not have any IPv6 address, ignored", aInstanceInfo.mName.c_str());`
	`319`	`+ otbrLogWarning("Peer %s does not have any IPv6 link-local address, ignored", aInstanceInfo.mName.c_str());`
`323`	`320`	`ExitNow();`
`324`	`321`	`}`
`325`	`322`