npm - @matter/protocol - Versions diffs - 0.16.8-alpha.0-20260123-dff2cae52 → 0.16.8-alpha.0-20260127-65e1b40e2 - Mend

@matter/protocol 0.16.8-alpha.0-20260123-dff2cae52 → 0.16.8-alpha.0-20260127-65e1b40e2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (201) hide show

package/dist/cjs/action/client/ClientInteraction.d.ts +4 -4
package/dist/cjs/action/client/ClientInteraction.d.ts.map +1 -1
package/dist/cjs/action/client/ClientInteraction.js +48 -6
package/dist/cjs/action/client/ClientInteraction.js.map +1 -1
package/dist/cjs/action/client/QueuedClientInteraction.d.ts +0 -1
package/dist/cjs/action/client/QueuedClientInteraction.d.ts.map +1 -1
package/dist/cjs/action/client/QueuedClientInteraction.js +0 -1
package/dist/cjs/action/client/QueuedClientInteraction.js.map +1 -1
package/dist/cjs/action/client/subscription/ClientSubscriptionHandler.d.ts.map +1 -1
package/dist/cjs/action/client/subscription/ClientSubscriptionHandler.js +5 -2
package/dist/cjs/action/client/subscription/ClientSubscriptionHandler.js.map +1 -1
package/dist/cjs/action/server/AttributeWriteResponse.d.ts +1 -1
package/dist/cjs/action/server/AttributeWriteResponse.d.ts.map +1 -1
package/dist/cjs/action/server/AttributeWriteResponse.js +0 -6
package/dist/cjs/action/server/AttributeWriteResponse.js.map +1 -1
package/dist/cjs/action/server/DataResponse.d.ts +5 -0
package/dist/cjs/action/server/DataResponse.d.ts.map +1 -1
package/dist/cjs/action/server/DataResponse.js +7 -0
package/dist/cjs/action/server/DataResponse.js.map +1 -1
package/dist/cjs/action/server/ServerInteraction.js.map +1 -1
package/dist/cjs/dcl/DclCertificateService.d.ts.map +1 -1
package/dist/cjs/dcl/DclCertificateService.js +3 -0
package/dist/cjs/dcl/DclCertificateService.js.map +1 -1
package/dist/cjs/dcl/DclOtaUpdateService.d.ts.map +1 -1
package/dist/cjs/dcl/DclOtaUpdateService.js +6 -4
package/dist/cjs/dcl/DclOtaUpdateService.js.map +1 -1
package/dist/cjs/interaction/InteractionMessenger.d.ts +30 -30
package/dist/cjs/interaction/InteractionMessenger.d.ts.map +1 -1
package/dist/cjs/interaction/InteractionMessenger.js +81 -12
package/dist/cjs/interaction/InteractionMessenger.js.map +1 -1
package/dist/cjs/mdns/MdnsClient.d.ts.map +1 -1
package/dist/cjs/mdns/MdnsClient.js +163 -102
package/dist/cjs/mdns/MdnsClient.js.map +1 -1
package/dist/cjs/mdns/MdnsServer.d.ts +2 -0
package/dist/cjs/mdns/MdnsServer.d.ts.map +1 -1
package/dist/cjs/mdns/MdnsServer.js +45 -5
package/dist/cjs/mdns/MdnsServer.js.map +1 -1
package/dist/cjs/peer/ControllerCommissioningFlow.d.ts.map +1 -1
package/dist/cjs/peer/ControllerCommissioningFlow.js +3 -1
package/dist/cjs/peer/ControllerCommissioningFlow.js.map +1 -1
package/dist/cjs/peer/Peer.d.ts +2 -1
package/dist/cjs/peer/Peer.d.ts.map +1 -1
package/dist/cjs/peer/Peer.js +20 -3
package/dist/cjs/peer/Peer.js.map +1 -1
package/dist/cjs/peer/PeerAddressStore.d.ts +1 -11
package/dist/cjs/peer/PeerAddressStore.d.ts.map +1 -1
package/dist/cjs/peer/PeerAddressStore.js +1 -4
package/dist/cjs/peer/PeerAddressStore.js.map +1 -1
package/dist/cjs/peer/PeerDescriptor.d.ts +1 -9
package/dist/cjs/peer/PeerDescriptor.d.ts.map +1 -1
package/dist/cjs/peer/PeerDescriptor.js +1 -6
package/dist/cjs/peer/PeerDescriptor.js.map +1 -1
package/dist/cjs/peer/PeerSet.d.ts +1 -1
package/dist/cjs/peer/PeerSet.d.ts.map +1 -1
package/dist/cjs/peer/PeerSet.js +55 -22
package/dist/cjs/peer/PeerSet.js.map +2 -2
package/dist/cjs/protocol/ExchangeManager.d.ts.map +1 -1
package/dist/cjs/protocol/ExchangeManager.js +2 -2
package/dist/cjs/protocol/ExchangeManager.js.map +1 -1
package/dist/cjs/protocol/ExchangeProvider.d.ts.map +1 -1
package/dist/cjs/protocol/ExchangeProvider.js +3 -3
package/dist/cjs/protocol/ExchangeProvider.js.map +1 -1
package/dist/cjs/protocol/MRP.d.ts +54 -0
package/dist/cjs/protocol/MRP.d.ts.map +1 -0
package/dist/cjs/protocol/MRP.js +96 -0
package/dist/cjs/protocol/MRP.js.map +6 -0
package/dist/cjs/protocol/MessageChannel.d.ts +0 -23
package/dist/cjs/protocol/MessageChannel.d.ts.map +1 -1
package/dist/cjs/protocol/MessageChannel.js +15 -47
package/dist/cjs/protocol/MessageChannel.js.map +2 -2
package/dist/cjs/protocol/MessageExchange.d.ts.map +1 -1
package/dist/cjs/protocol/MessageExchange.js +7 -7
package/dist/cjs/protocol/MessageExchange.js.map +1 -1
package/dist/cjs/protocol/index.d.ts +1 -0
package/dist/cjs/protocol/index.d.ts.map +1 -1
package/dist/cjs/protocol/index.js +1 -0
package/dist/cjs/protocol/index.js.map +1 -1
package/dist/cjs/session/NodeSession.js +2 -2
package/dist/cjs/session/NodeSession.js.map +1 -1
package/dist/cjs/session/Session.d.ts +1 -0
package/dist/cjs/session/Session.d.ts.map +1 -1
package/dist/cjs/session/case/CaseClient.d.ts.map +1 -1
package/dist/cjs/session/case/CaseClient.js +1 -1
package/dist/cjs/session/case/CaseClient.js.map +1 -1
package/dist/cjs/session/case/CaseServer.d.ts.map +1 -1
package/dist/cjs/session/case/CaseServer.js +4 -1
package/dist/cjs/session/case/CaseServer.js.map +1 -1
package/dist/esm/action/client/ClientInteraction.d.ts +4 -4
package/dist/esm/action/client/ClientInteraction.d.ts.map +1 -1
package/dist/esm/action/client/ClientInteraction.js +49 -6
package/dist/esm/action/client/ClientInteraction.js.map +1 -1
package/dist/esm/action/client/QueuedClientInteraction.d.ts +0 -1
package/dist/esm/action/client/QueuedClientInteraction.d.ts.map +1 -1
package/dist/esm/action/client/QueuedClientInteraction.js +0 -1
package/dist/esm/action/client/QueuedClientInteraction.js.map +1 -1
package/dist/esm/action/client/subscription/ClientSubscriptionHandler.d.ts.map +1 -1
package/dist/esm/action/client/subscription/ClientSubscriptionHandler.js +5 -2
package/dist/esm/action/client/subscription/ClientSubscriptionHandler.js.map +1 -1
package/dist/esm/action/server/AttributeWriteResponse.d.ts +1 -1
package/dist/esm/action/server/AttributeWriteResponse.d.ts.map +1 -1
package/dist/esm/action/server/AttributeWriteResponse.js +0 -6
package/dist/esm/action/server/AttributeWriteResponse.js.map +1 -1
package/dist/esm/action/server/DataResponse.d.ts +5 -0
package/dist/esm/action/server/DataResponse.d.ts.map +1 -1
package/dist/esm/action/server/DataResponse.js +7 -0
package/dist/esm/action/server/DataResponse.js.map +1 -1
package/dist/esm/action/server/ServerInteraction.js.map +1 -1
package/dist/esm/dcl/DclCertificateService.d.ts.map +1 -1
package/dist/esm/dcl/DclCertificateService.js +3 -0
package/dist/esm/dcl/DclCertificateService.js.map +1 -1
package/dist/esm/dcl/DclOtaUpdateService.d.ts.map +1 -1
package/dist/esm/dcl/DclOtaUpdateService.js +6 -4
package/dist/esm/dcl/DclOtaUpdateService.js.map +1 -1
package/dist/esm/interaction/InteractionMessenger.d.ts +30 -30
package/dist/esm/interaction/InteractionMessenger.d.ts.map +1 -1
package/dist/esm/interaction/InteractionMessenger.js +82 -12
package/dist/esm/interaction/InteractionMessenger.js.map +1 -1
package/dist/esm/mdns/MdnsClient.d.ts.map +1 -1
package/dist/esm/mdns/MdnsClient.js +163 -102
package/dist/esm/mdns/MdnsClient.js.map +1 -1
package/dist/esm/mdns/MdnsServer.d.ts +2 -0
package/dist/esm/mdns/MdnsServer.d.ts.map +1 -1
package/dist/esm/mdns/MdnsServer.js +45 -5
package/dist/esm/mdns/MdnsServer.js.map +1 -1
package/dist/esm/peer/ControllerCommissioningFlow.d.ts.map +1 -1
package/dist/esm/peer/ControllerCommissioningFlow.js +3 -1
package/dist/esm/peer/ControllerCommissioningFlow.js.map +1 -1
package/dist/esm/peer/Peer.d.ts +2 -1
package/dist/esm/peer/Peer.d.ts.map +1 -1
package/dist/esm/peer/Peer.js +20 -3
package/dist/esm/peer/Peer.js.map +1 -1
package/dist/esm/peer/PeerAddressStore.d.ts +1 -11
package/dist/esm/peer/PeerAddressStore.d.ts.map +1 -1
package/dist/esm/peer/PeerAddressStore.js +1 -4
package/dist/esm/peer/PeerAddressStore.js.map +1 -1
package/dist/esm/peer/PeerDescriptor.d.ts +1 -9
package/dist/esm/peer/PeerDescriptor.d.ts.map +1 -1
package/dist/esm/peer/PeerDescriptor.js +1 -6
package/dist/esm/peer/PeerDescriptor.js.map +1 -1
package/dist/esm/peer/PeerSet.d.ts +1 -1
package/dist/esm/peer/PeerSet.d.ts.map +1 -1
package/dist/esm/peer/PeerSet.js +60 -24
package/dist/esm/peer/PeerSet.js.map +2 -2
package/dist/esm/protocol/ExchangeManager.d.ts.map +1 -1
package/dist/esm/protocol/ExchangeManager.js +2 -2
package/dist/esm/protocol/ExchangeManager.js.map +1 -1
package/dist/esm/protocol/ExchangeProvider.d.ts.map +1 -1
package/dist/esm/protocol/ExchangeProvider.js +3 -3
package/dist/esm/protocol/ExchangeProvider.js.map +1 -1
package/dist/esm/protocol/MRP.d.ts +54 -0
package/dist/esm/protocol/MRP.d.ts.map +1 -0
package/dist/esm/protocol/MRP.js +76 -0
package/dist/esm/protocol/MRP.js.map +6 -0
package/dist/esm/protocol/MessageChannel.d.ts +0 -23
package/dist/esm/protocol/MessageChannel.d.ts.map +1 -1
package/dist/esm/protocol/MessageChannel.js +16 -54
package/dist/esm/protocol/MessageChannel.js.map +2 -2
package/dist/esm/protocol/MessageExchange.d.ts.map +1 -1
package/dist/esm/protocol/MessageExchange.js +3 -3
package/dist/esm/protocol/MessageExchange.js.map +1 -1
package/dist/esm/protocol/index.d.ts +1 -0
package/dist/esm/protocol/index.d.ts.map +1 -1
package/dist/esm/protocol/index.js +1 -0
package/dist/esm/protocol/index.js.map +1 -1
package/dist/esm/session/NodeSession.js +2 -2
package/dist/esm/session/NodeSession.js.map +1 -1
package/dist/esm/session/Session.d.ts +1 -0
package/dist/esm/session/Session.d.ts.map +1 -1
package/dist/esm/session/case/CaseClient.d.ts.map +1 -1
package/dist/esm/session/case/CaseClient.js +2 -2
package/dist/esm/session/case/CaseClient.js.map +1 -1
package/dist/esm/session/case/CaseServer.d.ts.map +1 -1
package/dist/esm/session/case/CaseServer.js +4 -1
package/dist/esm/session/case/CaseServer.js.map +1 -1
package/package.json +6 -6
package/src/action/client/ClientInteraction.ts +62 -6
package/src/action/client/QueuedClientInteraction.ts +0 -1
package/src/action/client/subscription/ClientSubscriptionHandler.ts +5 -2
package/src/action/server/AttributeWriteResponse.ts +4 -16
package/src/action/server/DataResponse.ts +8 -0
package/src/action/server/ServerInteraction.ts +2 -2
package/src/dcl/DclCertificateService.ts +3 -0
package/src/dcl/DclOtaUpdateService.ts +11 -5
package/src/interaction/InteractionMessenger.ts +113 -15
package/src/mdns/MdnsClient.ts +216 -104
package/src/mdns/MdnsServer.ts +79 -6
package/src/peer/ControllerCommissioningFlow.ts +5 -1
package/src/peer/Peer.ts +28 -5
package/src/peer/PeerAddressStore.ts +1 -19
package/src/peer/PeerDescriptor.ts +1 -15
package/src/peer/PeerSet.ts +82 -35
package/src/protocol/ExchangeManager.ts +5 -2
package/src/protocol/ExchangeProvider.ts +3 -3
package/src/protocol/MRP.ts +146 -0
package/src/protocol/MessageChannel.ts +16 -101
package/src/protocol/MessageExchange.ts +4 -3
package/src/protocol/index.ts +1 -0
package/src/session/NodeSession.ts +3 -3
package/src/session/Session.ts +1 -0
package/src/session/case/CaseClient.ts +8 -2
package/src/session/case/CaseServer.ts +4 -0

package/src/mdns/MdnsClient.ts CHANGED Viewed

@@ -63,6 +63,19 @@ const logger = Logger.get("MdnsClient");
 const MDNS_EXPIRY_GRACE_PERIOD_FACTOR = 1.05;
+/**
+ * Protection window for out-of-order goodbye packets (RFC 6762).
+ * If a record was discovered within this window, ignore TTL=0 goodbye packets
+ * as they likely arrived out of order (goodbye sent before an announcement but received after).
+ */
+const GOODBYE_PROTECTION_WINDOW = Millis(1000);
+/**
+ * Minimum TTL for PTR records to prevent DoS attacks with very short TTLs.
+ * Value based on python-zeroconf/bonjour implementation.
+ */
+const RECORD_MIN_TTL = Seconds(15);
 type MatterServerRecordWithExpire = ServerAddressUdp & AddressLifespan;
 /** Type for commissionable Device records including Lifespan details. */
@@ -537,12 +550,19 @@ export class MdnsClient implements Scanner {
         }
         const deviceMatterQname = getOperationalDeviceQname(fabric.globalId, nodeId);
-        let storedDevice = ignoreExistingRecords ? undefined : this.#getOperationalDeviceRecords(deviceMatterQname);
-        if (storedDevice === undefined) {
+        let storedDevice = this.#getOperationalDeviceRecords(deviceMatterQname);
+        if (storedDevice === undefined || ignoreExistingRecords) {
             using _finding = this.#lifetime.join(
                 "finding peer",
                 PeerAddress({ fabricIndex: fabric.fabricIndex, nodeId }),
             );
+            if (storedDevice) {
+                // We know the device including IPs but want to query anew, so forget the addresses to ensure they get updated
+                const device = this.#operationalDeviceRecords.get(deviceMatterQname);
+                device?.addresses.clear();
+            }
             const promise = this.#registerWaiterPromise(deviceMatterQname, false, timeout, () =>
                 this.#getOperationalDeviceRecords(deviceMatterQname),
             );
@@ -891,6 +911,13 @@ export class MdnsClient implements Scanner {
         answersList.forEach(answers =>
             answers.forEach(answer => {
                 const { name, recordType } = answer;
+                // Enforce minimum TTL for records to prevent DoS attacks with very short TTLs
+                // But don't modify TTL=0 goodbye packets - those need to be processed for record removal
+                if (answer.ttl > 0 && answer.ttl < RECORD_MIN_TTL) {
+                    answer = { ...answer, ttl: RECORD_MIN_TTL };
+                }
                 if (name.endsWith(MATTER_SERVICE_QNAME)) {
                     structuredAnswers.operational = structuredAnswers.operational ?? {};
                     structuredAnswers.operational[recordType] = structuredAnswers.operational[recordType] ?? [];
@@ -926,8 +953,32 @@ export class MdnsClient implements Scanner {
         return structuredAnswers;
     }
+    /**
+     * Merge a record into a map with goodbye protection.
+     * Returns true if the record was processed (added or deleted), false if skipped due to protection.
+     */
+    #mergeRecordWithGoodbyeProtection(
+        targetMap: Map<string, AnyDnsRecordWithExpiry>,
+        key: string,
+        record: AnyDnsRecordWithExpiry,
+        now: number,
+    ): void {
+        const existingRecord = targetMap.get(key);
+        if (!existingRecord || existingRecord.discoveredAt < record.discoveredAt) {
+            if (record.ttl === 0) {
+                // Apply goodbye protection - ignore if the existing record is young
+                if (existingRecord && now - existingRecord.discoveredAt < GOODBYE_PROTECTION_WINDOW) {
+                    return;
+                }
+                targetMap.delete(key);
+            } else {
+                targetMap.set(key, record);
+            }
+        }
+    }
     #combineStructuredAnswers(...answersList: StructuredDnsAnswers[]): StructuredDnsAnswers {
-        // Special type for easier combination of answers
+        // Special type for an easier combination of answers
         const combinedAnswers: {
             operational?: Record<number, Map<string, AnyDnsRecordWithExpiry>>;
             commissionable?: Record<number, Map<string, AnyDnsRecordWithExpiry>>;
@@ -935,7 +986,9 @@ export class MdnsClient implements Scanner {
             addressesV6?: Record<string, Map<string, AnyDnsRecordWithExpiry>>;
         } = {};
+        const now = Time.nowMs;
         for (const answers of answersList) {
+            // Process operational records
             if (answers.operational) {
                 combinedAnswers.operational = combinedAnswers.operational ?? {};
                 for (const [recordType, records] of Object.entries(answers.operational) as unknown as [
@@ -943,18 +996,18 @@ export class MdnsClient implements Scanner {
                     AnyDnsRecordWithExpiry[],
                 ][]) {
                     combinedAnswers.operational[recordType] = combinedAnswers.operational[recordType] ?? new Map();
-                    records.forEach(record => {
-                        const existingRecord = combinedAnswers.operational![recordType].get(record.name);
-                        if (!existingRecord || existingRecord.discoveredAt < record.discoveredAt) {
-                            if (record.ttl === 0) {
-                                combinedAnswers.operational![recordType].delete(record.name);
-                            } else {
-                                combinedAnswers.operational![recordType].set(record.name, record);
-                            }
-                        }
-                    });
+                    for (const record of records) {
+                        this.#mergeRecordWithGoodbyeProtection(
+                            combinedAnswers.operational[recordType],
+                            record.name,
+                            record,
+                            now,
+                        );
+                    }
                 }
             }
+            // Process commissionable records
             if (answers.commissionable) {
                 combinedAnswers.commissionable = combinedAnswers.commissionable ?? {};
                 for (const [recordType, records] of Object.entries(answers.commissionable) as unknown as [
@@ -963,18 +1016,18 @@ export class MdnsClient implements Scanner {
                 ][]) {
                     combinedAnswers.commissionable[recordType] =
                         combinedAnswers.commissionable[recordType] ?? new Map();
-                    records.forEach(record => {
-                        const existingRecord = combinedAnswers.commissionable![recordType].get(record.name);
-                        if (!existingRecord || existingRecord.discoveredAt < record.discoveredAt) {
-                            if (record.ttl === 0) {
-                                combinedAnswers.commissionable![recordType].delete(record.name);
-                            } else {
-                                combinedAnswers.commissionable![recordType].set(record.name, record);
-                            }
-                        }
-                    });
+                    for (const record of records) {
+                        this.#mergeRecordWithGoodbyeProtection(
+                            combinedAnswers.commissionable[recordType],
+                            record.name,
+                            record,
+                            now,
+                        );
+                    }
                 }
             }
+            // Process IPv6 addresses
             if (answers.addressesV6) {
                 combinedAnswers.addressesV6 = combinedAnswers.addressesV6 ?? {};
                 for (const [name, records] of Object.entries(answers.addressesV6) as unknown as [
@@ -982,18 +1035,18 @@ export class MdnsClient implements Scanner {
                     Map<string, AnyDnsRecordWithExpiry>,
                 ][]) {
                     combinedAnswers.addressesV6[name] = combinedAnswers.addressesV6[name] ?? new Map();
-                    records.forEach(record => {
-                        const existingRecord = combinedAnswers.addressesV6![name].get(record.value);
-                        if (!existingRecord || existingRecord.discoveredAt < record.discoveredAt) {
-                            if (record.ttl === 0) {
-                                combinedAnswers.addressesV6![name].delete(record.value);
-                            } else {
-                                combinedAnswers.addressesV6![name].set(record.value, record);
-                            }
-                        }
-                    });
+                    for (const record of records.values()) {
+                        this.#mergeRecordWithGoodbyeProtection(
+                            combinedAnswers.addressesV6[name],
+                            record.value,
+                            record,
+                            now,
+                        );
+                    }
                 }
             }
+            // Process IPv4 addresses
             if (this.#socket.supportsIpv4 && answers.addressesV4) {
                 combinedAnswers.addressesV4 = combinedAnswers.addressesV4 ?? {};
                 for (const [name, records] of Object.entries(answers.addressesV4) as unknown as [
@@ -1001,16 +1054,14 @@ export class MdnsClient implements Scanner {
                     Map<string, AnyDnsRecordWithExpiry>,
                 ][]) {
                     combinedAnswers.addressesV4[name] = combinedAnswers.addressesV4[name] ?? new Map();
-                    records.forEach(record => {
-                        const existingRecord = combinedAnswers.addressesV4![name].get(record.value);
-                        if (!existingRecord || existingRecord.discoveredAt < record.discoveredAt) {
-                            if (record.ttl === 0) {
-                                combinedAnswers.addressesV4![name].delete(record.value);
-                            } else {
-                                combinedAnswers.addressesV4![name].set(record.value, record);
-                            }
-                        }
-                    });
+                    for (const record of records.values()) {
+                        this.#mergeRecordWithGoodbyeProtection(
+                            combinedAnswers.addressesV4[name],
+                            record.value,
+                            record,
+                            now,
+                        );
+                    }
                 }
             }
         }
@@ -1065,43 +1116,60 @@ export class MdnsClient implements Scanner {
     }
     /**
-     * Update the discovered matter relevant IP records with the new data from the DNS message.
+     * Update IP address records in a target map with goodbye protection.
+     * Returns true if any records were updated.
      */
-    #updateIpRecords(answers: StructuredDnsAnswers, netInterface: string) {
-        const interfaceRecords = this.#discoveredIpRecords.get(netInterface);
-        if (interfaceRecords === undefined) {
-            return;
+    #updateIpAddressRecords(
+        sourceAddresses: Record<string, Map<string, AnyDnsRecordWithExpiry>> | undefined,
+        targetAddresses: Record<string, Map<string, AnyDnsRecordWithExpiry>> | undefined,
+        now: number,
+    ): boolean {
+        if (!sourceAddresses || !targetAddresses) {
+            return false;
         }
         let updated = false;
-        if (answers.addressesV6) {
-            for (const [target, ipAddresses] of Object.entries(answers.addressesV6)) {
-                if (interfaceRecords.addressesV6?.[target] !== undefined) {
-                    for (const [ip, record] of Object.entries(ipAddresses)) {
-                        if (record.ttl === 0) {
-                            interfaceRecords.addressesV6[target].delete(ip);
-                        } else {
-                            interfaceRecords.addressesV6[target].set(ip, record);
-                        }
-                        updated = true;
-                    }
-                }
+        for (const [target, ipAddresses] of Object.entries(sourceAddresses)) {
+            const targetMap = targetAddresses[target];
+            if (targetMap === undefined) {
+                continue;
             }
-        }
-        if (this.#socket.supportsIpv4 && answers.addressesV4) {
-            for (const [target, ipAddresses] of Object.entries(answers.addressesV4)) {
-                if (interfaceRecords.addressesV4?.[target] !== undefined) {
-                    for (const [ip, record] of Object.entries(ipAddresses)) {
-                        if (record.ttl === 0) {
-                            interfaceRecords.addressesV4[target].delete(ip);
-                        } else {
-                            interfaceRecords.addressesV4[target].set(ip, record);
+            for (const [ip, record] of Object.entries(ipAddresses)) {
+                if (record.ttl === 0) {
+                    const existingRecord = targetMap.get(ip);
+                    if (existingRecord) {
+                        const recordAge = now - existingRecord.discoveredAt;
+                        if (recordAge < GOODBYE_PROTECTION_WINDOW) {
+                            // Record was recently added - ignore goodbye (likely out-of-order packet)
+                            continue;
                         }
+                        targetMap.delete(ip);
                         updated = true;
                     }
+                } else {
+                    targetMap.set(ip, record);
+                    updated = true;
                 }
             }
         }
-        if (updated) {
+        return updated;
+    }
+    /**
+     * Update the discovered matter relevant IP records with the new data from the DNS message.
+     */
+    #updateIpRecords(answers: StructuredDnsAnswers, netInterface: string) {
+        const interfaceRecords = this.#discoveredIpRecords.get(netInterface);
+        if (interfaceRecords === undefined) {
+            return;
+        }
+        const now = Time.nowMs;
+        const updatedV6 = this.#updateIpAddressRecords(answers.addressesV6, interfaceRecords.addressesV6, now);
+        const updatedV4 =
+            this.#socket.supportsIpv4 &&
+            this.#updateIpAddressRecords(answers.addressesV4, interfaceRecords.addressesV4, now);
+        if (updatedV6 || updatedV4) {
             this.#discoveredIpRecords.set(netInterface, interfaceRecords);
         }
     }
@@ -1197,20 +1265,37 @@ export class MdnsClient implements Scanner {
         );
     }
+    /**
+     * Handle goodbye (TTL=0) for an operational device record with protection against out-of-order packets.
+     * Returns true if the goodbye was processed (record deleted or protected), false if no action needed.
+     */
+    #handleOperationalDeviceGoodbye(matterName: string, netInterface: string, now: number): boolean {
+        const existingRecord = this.#operationalDeviceRecords.get(matterName);
+        if (!existingRecord) {
+            return false;
+        }
+        const recordAge = now - existingRecord.discoveredAt;
+        if (recordAge < GOODBYE_PROTECTION_WINDOW) {
+            // Record was recently added - ignore goodbye (likely out-of-order packet)
+            return true;
+        }
+        logger.debug(
+            `Removing operational device ${matterName} from cache (interface ${netInterface}) because of ttl=0`,
+        );
+        this.#operationalDeviceRecords.delete(matterName);
+        return true;
+    }
     #handleOperationalTxtRecord(record: DnsRecord<any>, netInterface: string) {
         const { name: matterName, value, ttl } = record as DnsRecord<string[]>;
-        const discoveredAt = Time.nowMs;
+        const now = Time.nowMs;
-        // we got an expiry info, so we can remove the record if we know it already and are done
+        // we got expiry info, so we can remove the record if we know it already and are done
         if (ttl === 0) {
-            if (this.#operationalDeviceRecords.has(matterName)) {
-                logger.debug(
-                    `Removing operational device ${matterName} from cache (interface ${netInterface}) because of ttl=0`,
-                );
-                this.#operationalDeviceRecords.delete(matterName);
-            }
+            this.#handleOperationalDeviceGoodbye(matterName, netInterface, now);
             return;
         }
+        const discoveredAt = now;
         if (!Array.isArray(value)) return;
         // Existing records are always updated if relevant, but no new are added if they are not matching the criteria
@@ -1256,14 +1341,11 @@ export class MdnsClient implements Scanner {
             value: { target, port },
         } = record;
+        const now = Time.nowMs;
         // We got device expiry info, so we can remove the record if we know it already and are done
         if (ttl === 0) {
-            if (this.#operationalDeviceRecords.has(matterName)) {
-                logger.debug(
-                    `Removing operational device ${matterName} from cache (interface ${netInterface}) because of ttl=0`,
-                );
-                this.#operationalDeviceRecords.delete(matterName);
-            }
+            this.#handleOperationalDeviceGoodbye(matterName, netInterface, now);
             return;
         }
@@ -1276,7 +1358,7 @@ export class MdnsClient implements Scanner {
             return;
         }
-        const discoveredAt = Time.nowMs;
+        const discoveredAt = now;
         const device = this.#operationalDeviceRecords.get(matterName) ?? {
             deviceIdentifier: matterName,
             addresses: new Map<string, MatterServerRecordWithExpire>(),
@@ -1288,10 +1370,18 @@ export class MdnsClient implements Scanner {
         if (ips.length > 0) {
             for (const { value: ip, ttl } of ips) {
                 if (ttl === 0) {
-                    logger.debug(
-                        `Removing IP ${ip} for operational device ${matterName} from cache (interface ${netInterface}) because of ttl=0`,
-                    );
-                    addresses.delete(ip);
+                    const existingAddress = addresses.get(ip);
+                    if (existingAddress) {
+                        const addressAge = now - existingAddress.discoveredAt;
+                        if (addressAge < GOODBYE_PROTECTION_WINDOW) {
+                            // Address was recently added - ignore goodbye (likely out-of-order packet)
+                            continue;
+                        }
+                        logger.debug(
+                            `Removing IP ${ip} for operational device ${matterName} from cache (interface ${netInterface}) because of ttl=0`,
+                        );
+                        addresses.delete(ip);
+                    }
                     continue;
                 }
                 const address = addresses.get(ip) ?? ({ ip, port, type: "udp" } as MatterServerRecordWithExpire);
@@ -1321,6 +1411,25 @@ export class MdnsClient implements Scanner {
         return;
     }
+    /**
+     * Handle goodbye (TTL=0) for a commissionable device record with protection against out-of-order packets.
+     * Returns true if the goodbye should be skipped (record is protected), false if processed or no record exists.
+     */
+    #handleCommissionableDeviceGoodbye(name: string, netInterface: string, now: number): boolean {
+        const existingRecord = this.#commissionableDeviceRecords.get(name);
+        if (!existingRecord) {
+            return false;
+        }
+        const recordAge = now - existingRecord.discoveredAt;
+        if (recordAge < GOODBYE_PROTECTION_WINDOW) {
+            // Record was recently added - ignore goodbye (likely out-of-order packet)
+            return true;
+        }
+        logger.debug(`Removing commissionable device ${name} from cache (interface ${netInterface}) because of ttl=0`);
+        this.#commissionableDeviceRecords.delete(name);
+        return false;
+    }
     #handleCommissionableRecords(
         answers: StructuredDnsAnswers,
         formerAnswers: StructuredDnsAnswers,
@@ -1341,17 +1450,14 @@ export class MdnsClient implements Scanner {
         const queryMissingDataForInstances = new Set<string>();
+        const now = Time.nowMs;
         // First process the TXT records
         const txtRecords = commissionableRecords[DnsRecordType.TXT] ?? [];
         for (const record of txtRecords) {
             const { name, ttl } = record;
             if (ttl === 0) {
-                if (this.#commissionableDeviceRecords.has(name)) {
-                    logger.debug(
-                        `Removing commissionable device ${name} from cache (interface ${netInterface}) because of ttl=0`,
-                    );
-                    this.#commissionableDeviceRecords.delete(name);
-                }
+                this.#handleCommissionableDeviceGoodbye(name, netInterface, now);
                 continue;
             }
             const txtRecord = this.#parseCommissionableTxtRecord(record);
@@ -1392,10 +1498,8 @@ export class MdnsClient implements Scanner {
                 ttl,
             } = record as DnsRecord<SrvRecordValue>;
             if (ttl === 0) {
-                logger.debug(
-                    `Removing commissionable device ${record.name} from cache (interface ${netInterface}) because of ttl=0`,
-                );
-                this.#commissionableDeviceRecords.delete(record.name);
+                // Handle goodbye - either deletes or protects the record
+                this.#handleCommissionableDeviceGoodbye(record.name, netInterface, now);
                 continue;
             }
@@ -1405,15 +1509,23 @@ export class MdnsClient implements Scanner {
             if (ips.length > 0) {
                 for (const { value: ip, ttl } of ips) {
                     if (ttl === 0) {
-                        logger.debug(
-                            `Removing IP ${ip} for commissionable device ${record.name} from cache (interface ${netInterface}) because of ttl=0`,
-                        );
-                        storedRecord.addresses.delete(ip);
+                        const existingAddress = storedRecord.addresses.get(ip);
+                        if (existingAddress) {
+                            const addressAge = now - existingAddress.discoveredAt;
+                            if (addressAge < GOODBYE_PROTECTION_WINDOW) {
+                                // Address was recently added - ignore goodbye (likely out-of-order packet)
+                                continue;
+                            }
+                            logger.debug(
+                                `Removing IP ${ip} for commissionable device ${record.name} from cache (interface ${netInterface}) because of ttl=0`,
+                            );
+                            storedRecord.addresses.delete(ip);
+                        }
                         continue;
                     }
                     const matterServer =
                         storedRecord.addresses.get(ip) ?? ({ ip, port, type: "udp" } as MatterServerRecordWithExpire);
-                    matterServer.discoveredAt = Time.nowMs;
+                    matterServer.discoveredAt = now;
                     matterServer.ttl = ttl;
                     storedRecord.addresses.set(ip, matterServer);

package/src/mdns/MdnsServer.ts CHANGED Viewed

@@ -24,10 +24,14 @@ import {
     ObserverGroup,
     Time,
     Timer,
+    Timestamp,
 } from "#general";
 const logger = Logger.get("MdnsServer");
+/** RFC 6762 §7.3 - Window for duplicate question suppression (999ms per python-zeroconf) */
+export const QUESTION_SUPPRESSION_WINDOW = Millis(999);
 export class MdnsServer {
     #lifetime: Lifetime;
     #observers = new ObserverGroup();
@@ -51,6 +55,14 @@ export class MdnsServer {
     );
     readonly #recordLastSentAsMulticastAnswer = new Map<string, number>();
     readonly #truncatedQueryCache = new Map<string, { message: MdnsSocket.Message; timer: Timer }>();
+    /** RFC 6762 §7.3 - Tracks recently answered queries for duplicate suppression */
+    readonly #recentlyAnsweredQueries = new Map<
+        string,
+        {
+            knownAnswerHashes: Set<string>;
+            timestamp: Timestamp;
+        }
+    >();
     readonly #socket: MdnsSocket;
@@ -135,6 +147,11 @@ export class MdnsServer {
                 );
                 if (answers.length === 0) continue; // Nothing to send
+                // RFC 6762 §7.3 - Check for duplicate question suppression
+                if (this.#shouldSuppressResponse(queries, knownAnswers, sourceIntf, answers)) {
+                    continue; // Another responder already answered
+                }
                 answers.forEach(answer =>
                     this.#recordLastSentAsMulticastAnswer.set(this.buildDnsRecordKey(answer, sourceIntf), now),
                 );
@@ -181,7 +198,6 @@ export class MdnsServer {
                 for (const [service, serviceRecords] of records) {
                     if (services.length && !services.includes(service)) continue;
-                    // TODO: try to combine the messages to avoid sending multiple messages but keep under 1500 bytes per message
                     await this.#announceRecordsForInterface(netInterface, serviceRecords);
                     await Time.sleep("MDNS delay", Millis(20 + Math.floor(Math.random() * 100))); // as per DNS-SD spec wait 20-120ms before sending more packets
                 }
@@ -198,15 +214,12 @@ export class MdnsServer {
                 const records = await this.#records.get(netInterface);
                 for (const [service, serviceRecords] of records) {
                     if (services.length && !services.includes(service)) continue;
-                    const instanceSet = new Set<string>();
+                    // Set TTL to Instant for all records to expire them
                     serviceRecords.forEach(record => {
                         record.ttl = Instant;
-                        if (record.recordType === DnsRecordType.TXT) {
-                            instanceSet.add(record.name);
-                        }
                     });
-                    // TODO: try to combine the messages to avoid sending multiple messages but keep under 1500 bytes per message
                     await this.#announceRecordsForInterface(netInterface, serviceRecords);
                     this.#recordsGenerator.delete(service);
                     await Time.sleep("MDNS delay", Millis(20 + Math.floor(Math.random() * 100))); // as per DNS-SD spec wait 20-120ms before sending more packets
@@ -220,12 +233,14 @@ export class MdnsServer {
     async setRecordsGenerator(service: string, generator: MdnsServer.RecordGenerator) {
         await this.#records.clear();
         this.#recordLastSentAsMulticastAnswer.clear();
+        this.#recentlyAnsweredQueries.clear();
         this.#recordsGenerator.set(service, generator);
     }
     async #resetServices() {
         await this.#records.clear();
         this.#recordLastSentAsMulticastAnswer.clear();
+        this.#recentlyAnsweredQueries.clear();
     }
     async close() {
@@ -237,6 +252,7 @@ export class MdnsServer {
         }
         this.#truncatedQueryCache.clear();
         this.#recordLastSentAsMulticastAnswer.clear();
+        this.#recentlyAnsweredQueries.clear();
     }
     #getMulticastInterfacesForAnnounce() {
@@ -252,6 +268,63 @@ export class MdnsServer {
         }
     }
+    /**
+     * RFC 6762 §7.3 - Checks if we should suppress a response because another responder
+     * has recently answered the same question with answers that cover what we'd send.
+     * Also, lazily cleans up expired entries from the cache.
+     */
+    #shouldSuppressResponse(
+        queries: { name: string; recordType: DnsRecordType }[],
+        knownAnswers: DnsRecord<any>[],
+        sourceIntf: string,
+        answers: DnsRecord<any>[],
+    ): boolean {
+        const now = Time.nowMs;
+        // Clean up expired entries
+        for (const [key, entry] of this.#recentlyAnsweredQueries) {
+            if (now - entry.timestamp >= QUESTION_SUPPRESSION_WINDOW) {
+                this.#recentlyAnsweredQueries.delete(key);
+            }
+        }
+        // Build query signature
+        const queryKey =
+            queries
+                .map(q => `${q.name}-${q.recordType}`)
+                .sort()
+                .join("|") + `-${sourceIntf}`;
+        const cached = this.#recentlyAnsweredQueries.get(queryKey);
+        if (cached && now - cached.timestamp < QUESTION_SUPPRESSION_WINDOW) {
+            // Check if all our answers are already in the known answers from the cached response
+            const answerHashes = answers.map(a => this.buildDnsRecordKey(a, sourceIntf));
+            const allAnswersKnown = answerHashes.every(h => cached.knownAnswerHashes.has(h));
+            if (allAnswersKnown) {
+                return true; // Suppress - another responder already answered with our records
+            }
+        }
+        // Record that we're answering this question
+        const knownAnswerHashes = new Set<string>();
+        for (const answer of knownAnswers) {
+            knownAnswerHashes.add(this.buildDnsRecordKey(answer, sourceIntf));
+        }
+        // Also add our answers to the known set
+        for (const answer of answers) {
+            knownAnswerHashes.add(this.buildDnsRecordKey(answer, sourceIntf));
+        }
+        this.#recentlyAnsweredQueries.set(queryKey, {
+            knownAnswerHashes,
+            timestamp: now,
+        });
+        return false;
+    }
     async #processTruncatedQuery(key: string) {
         const { message, timer } = this.#truncatedQueryCache.get(key) ?? {};
         this.#truncatedQueryCache.delete(key);

package/src/peer/ControllerCommissioningFlow.ts CHANGED Viewed

@@ -6,6 +6,7 @@
 import { ClientInteraction } from "#action/client/ClientInteraction.js";
 import { ClientRead } from "#action/client/ClientRead.js";
+import { WriteResult } from "#action/index.js";
 import { Invoke } from "#action/request/Invoke.js";
 import { Read } from "#action/request/Read.js";
 import { Write } from "#action/request/Write.js";
@@ -1673,7 +1674,7 @@ export class ControllerCommissioningFlow {
         for (const requestorEndpoint of this.collectedCommissioningData.otaRequestorList) {
             try {
                 // Fabric scoped attribute, so we just overwrite our value
-                await this.interaction.write(
+                const writeResult = await this.interaction.write(
                     Write(
                         Write.Attribute({
                             endpoint: requestorEndpoint,
@@ -1689,6 +1690,9 @@ export class ControllerCommissioningFlow {
                         }),
                     ),
                 );
+                WriteResult.assertSuccess(writeResult);
                 success = true;
                 logger.debug(`Added default OTA provider on endpoint ${endpoint}`);
             } catch (error) {