This commit removes the OPENTHREAD_CONFIG_TMF_PROXY_DUA_ENABLE feature
and all associated code, tests, CLI commands, and harness references.
Changes:
- Removed OPENTHREAD_CONFIG_TMF_PROXY_DUA_ENABLE definition and all
assert/preprocessor checks.
- Completely deleted dua_manager.cpp and dua_manager.hpp.
- Removed DUA registration notifying and request URI paths.
- Cleaned up all references to Domain Unicast Address (DUA) across
child management, notifier, time ticker, and MLE.
- Removed DUA commands and logic from the CLI and Python cert tests
(including packet verifier).
- Verified that the entire codebase compiles clean and all tests
successfully pass using the Nexus test suite.
This commit adds lease and remaining lease information to the output
of `srp server host` and `srp server service` CLI commands.
The information includes:
- `lease`: The total lease time in seconds.
- `key-lease`: The total key lease time in seconds.
- `remaining lease`: The remaining lease time in seconds (with
millisecond precision).
- `remaining key-lease`: The remaining key lease time in seconds
(with millisecond precision).
A new utility method `OutputMsecDurationInSec()` is added to `Utils`
class to format durations in milliseconds as seconds with a
fractional part.
The SRP server host and service output parsers in
`tests/scripts/thread-cert/node.py`, `tests/toranj/cli/cli.py`, and
`tools/otci/otci/otci.py` are updated to correctly handle the new
fields for both active and deleted entries.
This commit fixes and enhances `test_coap_block.py`. Previously, the
test masked failures by using multiple trials and suppressing
exceptions. It appeared to pass even though an incorrect regex match
in `coap_wait_request()` caused it to consistently fail.
The regex in `coap_wait_request()` is updated to correctly match CLI
output and capture the CoAP method (GET, PUT, POST, DELETE).
The test script is enhanced by:
- Removing trial/retry logic and exception suppression that masked
previous failures.
- Verifying both request and response messages for GET, PUT, and
POST.
- Validating source IPv6 addresses in requests and responses.
- Ensuring the payload presence matches the expected behavior for each
CoAP method.
This adds support for the TMF command to enable TCAT remotely. A test
is added that uses the 'UDP send' mechanism to send the new TMF
command to a target node.
Some fixes/additions to the test framework are made to support the new
test, including a new argument for udp_send() to send a specific byte
array and udp_rx() to receive data by a UDP client on a node.
The `test_publish_meshcop_service` is updated to explicitly disable
the border agent before stopping the `otbr-service`. This makes the
test more reliable by ensuring the MeshCoP service is unpublished
before stopping `otbr-service`.
This commit updates how the "ConnectionMode" field is set in the
Border Agent State Bitmap, which is advertised as the value of the
`sb` TXT key. In particular, when the Border Agent service is stopped
and therefore not accepting any connections, the value of this field
is now set to `kConnectionModeDisabled` to indicate this.
This commit also updates and enhances `test_border_agent` to validate
the State Bitmap entry in the TXT data, covering cases where the
device role changes or ePSKc support is enabled/disabled.
This commit enhances the OpenThread DNSSD name server/resolver and its
native Discovery Proxy to support queries for arbitrary record
types.
To enable this, a new set of `otPlatDnssd` APIs are introduced for
generic `RecordQuerier`. These APIs mirror the existing APIs in the
OpenThread native mDNS module, allowing direct use of the native mDNS
implementation.
The discovery proxy implementation is updated to start and stop the
mDNS `RecordQuerier` when receiving a query for an arbitrary record
type, passing the first response record back to the client.
The unit tests `test_dnssd_discovery_proxy` and `test_dns_client`
are updated to cover all the newly added behaviors in discovery proxy.
This commit adds the `srp server port` CLI command, which maps to the
`otSrpServerGetPort()` API. This new command is now used in
`thread-cert/node.py` to implement `get_srp_server_port()`, allowing
direct retrieval of the SRP server port instead of indirectly parsing
the network data entry.
This commit fixes `get_srp_server_port()` in `thread-cert/node.py`.
This function parses Network Data service entries, searching for an
SRP/DNS unicast (non-preferred) entry, and then attempts to parse the
published port number of the SRP server by examining the last bytes
of the "server data".
The SRP/DNS unicast entry was previously updated to optionally include
a "version" field at the end of the "server data". This update caused
the port number parsing to fail, as the code did not account for the
extra byte corresponding to the version field.
This commit resolves this issue by ensuring that the two bytes are
correctly read and interpreted as the port number, regardless of the
presence of the version field.
Key Changes:
* Server Prioritization: RDNSS-discovered servers are prioritized
based on their advertised lifetime. Servers with longer lifetimes
are preferred.
* Recursive DNS Server List: The resolver maintains a list of
recursive DNS servers, which now includes servers learned via RDNSS.
* DNS Query Integration: The resolver uses the RDNSS-learned servers
when forwarding DNS queries upstream.
* Border Routing Integration: The RDNSS callback is registered to the
border routing module.
Minor Changes:
* The unused function `Transaction *GetTransaction(int aFd)` is
removed.
Previously, the code relied on the return code of the `service radvd
status` command to determine if `radvd` was running. This was
unreliable because the command could succeed even if the service was
not actually active.
The `is_radvd_running` function now parses the output of `service
radvd status` and specifically checks for the line "running" to
confirm that the service is truly running.
This commit introduces the `BorderAgent::EphemeralKeyManager` class,
which manages the use of the ephemeral key by the Border Agent.
The `EphemeralKeyManager` uses its own DTLS transport and CoAP secure
sessions. This allows the `EphemeralKeyManager` and the `BorderAgent`
service (which uses PSKc) to be enabled and used in parallel.
Previously, a single transport and session was shared between these
functions, requiring the normal BA service (with PSKc) to be stopped
before the ephemeral key could be used.
This is a fundamental change and improvement to the ephemeral key and
Border Agent functionality. Therefore some existing `otBorderAgent`
APIs need to be modified. For example, `otBorderAgentGetState()`,
which returned the Border Agent state to indicate whether there were
any active sessions, is no longer meaningful, as different
sessions/transports are now used for PSKc and ephemeral key, and
there can be multiple sessions. This commit intentionally renames and
changes the `otBorderAgent` public APIs, specifically all those
related to ephemeral key use, to highlight the fundamental change in
behavior. While this can cause backward incompatibility, it requires
app layer code that used the previous APIs to be updated to take into
account the new behavior.
This commit also updates `nexus/test_border_agent`, adding new tests
to validate the new behavior (e.g., BA service and ephemeral key
parallel sessions). It also includes and validates the Border Agent
counter updates under different scenarios (this enhances and replaces
`test_ephemeral_key_counters.py`).
This commit adds a version field (`uint8_t`) to DNS/SRP Anycast and
Unicast Service entries in `NetworkData::Service::Manager`.
For Unicast entries, the version the version field is placed after
the existing fields, specifically after the IPv6 address and port number fields.
For Anycast entries it is added as the in server data as part of the
Server TLV.
When processing Network Data service entries, the version field is
optional and if absent, version number zero is assumed.
The `NetworkData::Publisher` now considers entries with the same or
higher version number when deciding whether to add or remove its own
entry, preferring those with a higher version.
In SRP client, when `AutoStart` mode is used and if there are multiple
Unicast, Service entries, the client prefers the one with larger
version number.
When selecting an anycast entry, the existing rules regarding sequence
numbers are still used. If multiple entries with the same sequence
number exist, the client will assume the minimum version number among
all such entries.
This commit also updates the `test_network_data` unit test, validating
the new format and related methods.
`test_netdata_publisher.py` is also updated to check service entries
with different version numbers.
This commit expects echo of diag commands to make sure the command is
received by the node when waiting for the expected output. This helps
make this test less flaky.
This commit fixes an issue in DNS recursive resolver that it didn't
bind its socket to the infra network interface. This may cause the DNS
message to be sent on an unexpected network interface, depending on
the routing table of the platform.
This commit also updates the test case `test_upstream_dns.py` to make
the upstream DNS server run on a different node. Previously the
upstream DNS server ran on the same node as the BR which is a
limitation of this test case.
This commit adds a new IDLE state to PdPrefixManager.
PdPrefixManager enters idle state when PD is enabled and there is
already a BR requesting PD prefix. When there are multiple BRs
publishing PD prefix at the same time, the one with lexcial smaller
prefix wins.
This commit updates the `RouteingManager` to set the newly
allocated "SNAC Router Flag" (bit 6) in emitted RA messages from
Thread BR. The flag is also parsed and tracked in received RA
messages.
This replaces the previous model where an experimental flag bit
in "Flags Extension Option" indicated a "stub router". This commit
also removes the `STUB_ROUTER_FLAG_IN_EMITTED_RA_ENABLE` confg
(no longer optional/experimental) and renames `mStubRouterFlag` to
`mSnacRouterFlag`.
The test software for certification currently uses the mDNS packets of
trel service responses to find out the trel port, and then use the port
number to determine which packets in a capture should be decoded as TREL
packets. However this may not be reliable since it depends on when the
capture starts. Added a cli to get trel port, so this can be used by
a THCI function.
This commit adds functions to read peer BRs and routers on infra link by
wrapping the ot-ctl command `br peers` and `br routers`.
`test_multi_ail.py` is also updated to test the new added functions.
This commit targets to support getting infra link-local address of a
OtbrNode in docker test, which is usefully for future test cases.
The test_multi_ail.py is also updated to test the new method added.
### Background
https://github.com/openthread/openthread/pull/10550 introduced a new
way to support multiple backbone nework in otbr docker test. Though it
works good while running a single test, a bug exists when running
cert-suite, which runs a batch of tests in parallel.
cert-suite allocates the name of the backbone interfaces dynamically
by setting env PORT_OFFSET for each test, so there is potentially
conflict exists if we hard code the `backbone_network` name in
TOPOLOGY. This PR is targeting to fix this potential naming conflict.
### Fix
We fix it by assigning a number for `backbone_network_id` in each BR
definition in TOPOLOGY, instead of setting a fixed `backbone network`
name. The final backbone network name is decided by both `PORT_OFFSET`
env and the number of `backbone_network` (in
`backbone{PORT_OFFSET}.{backbone_network}` format)
For example, if `PORT_OFFSET` is 0 and `backbone_network_id` is 1,
then backbone network name will be `backbone0.1`. For the tests that
only use one backbone network and the `backbone_network_id` is not
given, the backbone network name is by default
`backbone{PORT_OFFSET}.0`.
### New test case format
```
class NewTestCase(thread_cert.TestCase):
...
BR = 1
...
TOPOLOGY = {
BR: {
...
'is_otbr': True,
'backbone_network_id': <backbone-id>,
...
}
...
}
...
```
`<backbone-id>` is any integer from 0, for each BR inside a single
test, if `<backbone-id>` is different, the BR use different backbone
interfaces; the same `<backbone-id>` inside a single test case means
the same backbone network interface.
`'backbone_network_id': <backbone-id>` is optional for single backbone
test cases, when it's not given while defining a otbr node, the
backbone is default as `backbone{PORT_OFFSET}.0`.
For developers, if you are defining a new test which has multiple
backbone interfaces, please ensure `backbone_network_id` is explicitly
defined in each BR, otherwize an error is reported.
In previous otbr docker tests, when creating docker containers, all the
containers(otbr nodes) are connected to the same docker network bridge `backbone0`
(when the env PORT_OFFSET is not set or set to 0), this means all the
otbr nodes are connected to the same infrastructures.
This commit adds support to enable user to config otbr instance
infrastructures seperately in `TOPOLOGY` when defining test cases, this
provides flexibility to run multi-ail related test cases.
The format to define backbone interface per node is:
```
class NewTestCase(thread_cert.TestCase):
...
BR = 1
...
TOPOLOGY = {
BR: {
...
'is_otbr': True,
'backbone': <backbone-name>,
...
}
...
}
...
```
`'backbone': <backbone-name>` is optional, when it's not given when
defining a otbr node, the backbone is default as
`BACKBONE_DOCKER_NETWORK_NAME`. The `<backbone-name>` is suggested to be
defined as `backbone[0-9]` to make it more easy to read and understand.
This commit also adds test_multi_ail.py as an example test case to use
this new method, this test case checks the two otbr nodes are connected
to the different infra and are in the same Thread mesh network.
This commit supresses the docker output unless verbose mode is enabled,
which helps preventing unnecessary output from cluttering the console.
docker output is enabled when:
* env VERBOSE is set to a non-zero value
docker output is suppressed (redirecting to /dev/null) when:
* VERBOSE is not explicitly set in env, or
* env VERBOSE is set to 0
The cli command `linkmetrics` only provides an asynchronous output
method. It is difficult for scripts to call the `ot-ctl` to capture
the results of asynchronous output.
This commit replaces the command `linkmetrics mgmt` and `linkmetrics
query` with commands `linkmetrics config` and `linkmetrics
request`. Both the commands `linkmetrics config` and `linkmetrics
request` are set to the `sync` mode by default, and an option `async`
is added to these commands to support `async` mode.
Unicast SRP dataset uses a ephemeral UDP port which could be taken by
another process. Currently SRP server creates the socket at the port
after the server is added into netdata. However, at that moment the
port may not be available on the platform so it may fail to create the
socket and start the server.
This commit adds the logic to restart the enabling process with
another port candidate if SRP server fails to create the socket.
This commit enables channel manager on SSED, together with channel monitor,
auto-selecting a better CSL channel for the link between child and its parent.
It also fixes tracking of CcaSuccessRate on CslChannel and adds toranj tests
for auto-channel selection and thread_cert test for autocsl-channel selection.
- Validates that key guard time is updated to 93% of key rotation
time when it changes.
- Checks for proper key sequence updates after key rotation
expiration.
- Confirms key guard mechanism blocks key sequence increments
while mesh nodes staying connected.
Config `OPENTHREAD_CONFIG_SRP_CLIENT_AUTO_START_DEFAULT_MODE` is
changed to use `1` by default (unless explicitly overridden in
project configs).
It also updates related test scripts to utilize auto-start mode or
explicitly disable it for manual SRP client control, reflecting this
default change.
Create OT API to support trel telemetry which is supported through
platform API and also add cli support to get/reset trel counters.
Metrics we are adding are:
- trel_frames_tx
- trel_bytes_tx
- trel_frames_rx
- trel_bytes_rx
- trel_frames_tx_failed
- num_trel_peers
Metrics already supported through API:
- trel_enabled
This commit updates the `AutoAddress` mode in `Srp::Client` to
exclude any deprecated (non-preferred) address when registering
host addresses.
It also updates `test_srp_auto_host_address` to validate the new
behavior.
This commit adds `otNetDataGetCommissioningDataset()` as a public
API to retrieve the Commissioning Dataset from the Network Data.
It also updates CLI `netdata show` command to output the Commissioning
Dataset information. The documentation in `README_NETDATA.md` and
in `cli_network_data` are also updated. The test scripts that parse
`netdata show` output are also updated.
This commit implements the packet logic in OT core. It aims to have
the same effect as what's already achieved by our iptables-based
firewall. Instead of leveraging iptables, this commit filters the
border routing packets in user space by checking the
source/destination addresses of a packet.
This commit also adds a job to do BR regression test when this feature
is enabled and iptables-based firewall is disabled.
This commit implements a new module LinkMetricsManager, which utilizes
the Link Metrics feature to get the Link Metrics data from neighboring
devices.
The commit also adds a few tests to the module:
- Unit Test: tests/unit/test_link_metrics_manager.cpp, will be run in
`unit-tests` in `unit.yml`.
- Expect Test: tests/scripts/expect/v1_2-linkmetricsmgr.exp, will be
run in `expects` in `simulation-1.2.yml`.
- Simulation Test:
tests/scripts/thread-cert/v1_2_LowPower_test_link_metrics_manager.py,
will be run in `packet-verification-low-power` in
`simulation-1.2.yml`.
This commit updates `Dns::ServiceDiscovery::Server` such that when
answering a PTR query with more than one answer, it does not include
additional records. This is to keep the size of the response small.
This commit also updates the test scripts validating browse (PTR
query) function to check the new behavior. In particular, a common
python function `_parse_dns_service_info()` is added to parse service
info in CLI output of "dns browse" or "dns service" commands and
handle if output of "dns browse" does not include service info.
This commit adds a mechanism to delay the downgrade of routers or
leader when the security policy TLV changes in the Active Operational
Dataset such that the device is no longer eligible to act as a
router.
If the decision to become a child is made due to a security policy
change, the device first delays a random period up to the "router
selection jitter" before downgrading. If the device is the leader, an
additional fixed delay of 10 seconds is added to the random period.
If the security policy changes again while the device is waiting to
downgrade such that it becomes router-eligible again, the downgrade
is cancelled and the device remains in its current role.
This commit adds a `test_router_downgrade_on_sec_policy_change` to
validate the behavior of newly added mechanism.
This commit also updates the CLI `dataset` sub-commands to allow
getting and setting the "version threshold for routing" (VR) field in
security policy.
Jonathan Hui