fix(general): decode TXT records as raw bytes per RFC 6763 §6 (#3671)

Apollon77 · claude · web-flow · commit 07253043655c · 2026-04-28T23:39:09.000+02:00
* fix(general): decode TXT records as raw bytes per RFC 6763 §6 decodeTxtRecord/encodeTxtRecord/TxtRecord now operate on Bytes[] so arbitrary 8-bit values (Thread BR meshcop xa, xp, at, pt, sb, dd) survive encode/decode losslessly. encodeTxtRecord and the TxtRecord factory accept (Bytes | string)[] so ASCII-only senders pass strings as before. Internal Matter consumers are unchanged: TXT values are still surfaced as Map<string, string> via DnssdName.parameters, which now splits each entry on byte 0x3D and decodes both halves with Bytes.toString. DnssdName.keyOf projects entries via Bytes.toHex for content-stable dedup. A Phase B follow-up will introduce a DnssdParameters façade exposing the raw bytes via .raw(key) for non-Matter consumers (Thread Border Router enrichment in matterjs-server #406). Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(general): expose raw TXT bytes via DnssdParameters façade DnssdName.parameters and IpService.parameters now return a DnssdParameters instance — a ReadonlyMap<string, string> with a `.raw(key): Bytes` accessor that surfaces the original TXT byte sequence. Existing string consumers (DiscoveryData, CommissionableMdnsScanner, Peer) are unaffected because DnssdParameters implements ReadonlyMap<string, string>. The escape hatch enables external consumers to recover binary TXT values like the Thread MeshCoP xa, xp, at, pt, sb, dd fields (driver: matterjs-server #406 Thread Border Router enrichment). Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs(changelog): note TXT decode shape change and DnssdParameters.raw() Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(general): correct Uint8Array constructor argument order in Bytes.of Bytes.of swapped byteOffset and byteLength when wrapping a non-Uint8Array view, producing a slice into the wrong region of the underlying buffer. Latent because every existing call site passes a Uint8Array and hits the early-return branch — but Bytes.of accepts any AllowSharedBufferSource and the bug fires on DataView/Int8Array/etc. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(general): RFC 6763 §6.4/§6.5 conformance in DnssdName.parameters §6.4: Duplicate keys within or across TXT records now first-wins instead of the previous last-wins semantics from Map.set. §6.5: Zero-length TXT entries are now silently ignored on receive instead of producing a parameter with an empty key. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(general): post-greg-review polish - TxtRecord/encodeTxtRecord: document the (Bytes | string)[] dual shape so future readers don't unify the union and break ASCII senders. - DnssdName.parameters: ignore TXT entries with empty keys per RFC 6763 §6.4 (the spec requires "key MUST be at least one character"); add tests for empty-key and empty-value (key=) cases. - DnssdName.parameters: trim the RFC §6.4/§6.5 comments to one line each. - MdnsTest expectMessage: sort TXT entries by hex (lossless on binary) instead of round-tripping bytes → string → bytes; normalize string-array fixtures to Bytes[] before sorting so deep.equals matches actual decoded records. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(general): address Copilot review feedback on TXT record handling - encodeTxtRecord: warn and truncate to 255 bytes when an entry exceeds the RFC 6763 §6.1 length-octet limit, instead of silently wrapping via writeUInt8 and producing invalid wire data. - DnssdName.parameters: order TXT records newest-first (by installedAt) before applying RFC 6763 §6.4 first-wins so an updated record's keys take precedence over the not-yet-expired older copy. First-wins still applies to entries within each record in their wire order. - MdnsTest expectMessage sortKey: project TXT entries through Bytes.toHex (lossless) instead of Bytes.toString (lossy on binary), normalizing both string and Uint8Array fixtures to the same hex form. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs(general): drop broken {@link key} in DnssdParameters.raw JSDoc Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -22,7 +22,9 @@ The main work (all changes without a GitHub username in brackets in the below li
 
 - @matter/general
     - Breaking: Blob/File-related storage methods were removed from the normal Storage implementation
+    - Breaking: `DnsCodec.decodeTxtRecord`/`encodeTxtRecord` and the `TxtRecord` factory now operate on `Bytes[]` per RFC 6763 §6 so binary TXT values (e.g. Thread MeshCoP `xa`, `xp`, `at`, `pt`, `sb`, `dd`) survive encode/decode losslessly; `encodeTxtRecord` and `TxtRecord` accept `(Bytes | string)[]` so ASCII-only senders are unchanged
     - Feature: Added a new `wal`-based storage engine (not yet the default) to optimize persistence
+    - Feature: `DnssdName.parameters` and `IpService.parameters` now return a `DnssdParameters` instance — a `ReadonlyMap<string, string>` plus a `.raw(key): Bytes` accessor for binary TXT consumers (e.g. Thread Border Router enrichment)
     - Enhancement: Added locking to storage implementations to prevent concurrent access issues and data corruption
     - Enhancement: Split out Blob-Storage into its own `dir`-based BlobStorage implementation
     - Enhancement: Added Storage Migration logic that can generically migrate between different storage engines
diff --git a/packages/general/src/codec/DnsCodec.ts b/packages/general/src/codec/DnsCodec.ts
@@ -59,14 +59,21 @@ export const AAAARecord = (
     recordClass: DnsRecordClass.IN,
     flushCache,
 });
+
+/**
+ * Build a TXT {@link DnsRecord} (RFC 6763 §6).
+ *
+ * Accepts `(Bytes | string)[]` for ergonomic ASCII senders; entries are normalized to {@link Bytes} before storage so
+ * downstream consumers always see the spec-correct binary shape.
+ */
 export const TxtRecord = (
     name: string,
-    entries: string[],
+    entries: (Bytes | string)[],
     ttl = DEFAULT_MDNS_TTL,
     flushCache = false,
-): DnsRecord<string[]> => ({
+): DnsRecord<Bytes[]> => ({
     name,
-    value: entries,
+    value: entries.map(e => (typeof e === "string" ? Bytes.fromString(e) : Bytes.of(e))),
     ttl,
     recordType: DnsRecordType.TXT,
     recordClass: DnsRecordClass.IN,
@@ -312,13 +319,14 @@ export class DnsCodec {
         return { priority, weight, port, target };
     }
 
-    static decodeTxtRecord(valueBytes: Bytes): string[] {
+    static decodeTxtRecord(valueBytes: Bytes): Bytes[] {
         const reader = new DataReader(valueBytes);
-        const result = new Array<string>();
+        const result = new Array<Bytes>();
         let bytesRead = 0;
         while (bytesRead < valueBytes.byteLength) {
             const length = reader.readUInt8();
-            result.push(reader.readUtf8String(length));
+            // readByteArray returns a view; copy so retained entries don't alias the source buffer.
+            result.push(reader.readByteArray(length).slice());
             bytesRead += length + 1;
         }
         return result;
@@ -410,7 +418,7 @@ export class DnsCodec {
             case DnsRecordType.SRV:
                 return this.encodeSrvRecord(value as SrvRecordValue);
             case DnsRecordType.TXT:
-                return this.encodeTxtRecord(value as string[]);
+                return this.encodeTxtRecord(value as (Bytes | string)[]);
             case DnsRecordType.AAAA:
                 return this.encodeAaaaRecord(value as string);
             case DnsRecordType.A:
@@ -431,12 +439,26 @@ export class DnsCodec {
         return ipv6ToBytes(ip);
     }
 
-    static encodeTxtRecord(entries: string[]) {
+    /**
+     * Encode TXT record entries (RFC 6763 §6).
+     *
+     * Accepts `(Bytes | string)[]` for ergonomic ASCII senders; the `string` arm exists to spare callers a per-entry
+     * `Bytes.fromString` wrap.
+     */
+    static encodeTxtRecord(entries: (Bytes | string)[]) {
         const writer = new DataWriter();
         entries.forEach(entry => {
-            const entryData = Bytes.fromString(entry);
-            writer.writeUInt8(entryData.byteLength);
-            writer.writeByteArray(entryData);
+            let bytes = typeof entry === "string" ? Bytes.fromString(entry) : Bytes.of(entry);
+            if (bytes.byteLength > 0xff) {
+                // RFC 6763 §6.1: TXT entries are length-prefixed by a single octet — silently wrapping the length
+                // byte produces garbage on the wire, so warn loudly and truncate to the spec limit.
+                logger.warn(
+                    `TXT record entry length ${bytes.byteLength} exceeds the RFC 6763 §6.1 limit of 255 bytes; truncating.`,
+                );
+                bytes = Bytes.of(bytes).subarray(0, 0xff);
+            }
+            writer.writeUInt8(bytes.byteLength);
+            writer.writeByteArray(bytes);
         });
         return writer.toByteArray();
     }
diff --git a/packages/general/src/net/dns-sd/DnssdName.ts b/packages/general/src/net/dns-sd/DnssdName.ts
@@ -9,9 +9,11 @@ import { Logger } from "#log/Logger.js";
 import { Time } from "#time/Time.js";
 import type { Timestamp } from "#time/Timestamp.js";
 import { Millis } from "#time/TimeUnit.js";
+import { Bytes } from "#util/Bytes.js";
 import { AsyncObserver, BasicObservable } from "#util/Observable.js";
 import { MaybePromise } from "#util/Promises.js";
 import type { DnssdNames } from "./DnssdNames.js";
+import { DnssdParameters } from "./DnssdParameters.js";
 
 const logger = Logger.get("DnssdName");
 
@@ -36,7 +38,7 @@ export class DnssdName extends BasicObservable<[changes: DnssdName.Changes], May
     #changes?: Map<string, { kind: "update" | "delete"; record: DnssdName.Record }>;
     #notified?: Promise<void>;
     #maybeDeleting?: Promise<void>;
-    #parameters?: Map<string, string>;
+    #parameters?: DnssdParameters;
     #dependencies?: Map<string, DnssdName>;
     #nullObserver?: () => void;
 
@@ -66,22 +68,40 @@ export class DnssdName extends BasicObservable<[changes: DnssdName.Changes], May
         return this.#records.values();
     }
 
-    get parameters(): ReadonlyMap<string, string> {
+    get parameters(): DnssdParameters {
         if (this.#parameters === undefined) {
-            const parameters = (this.#parameters = new Map<string, string>());
+            const raw = new Map<string, Bytes>();
+            // Process newest TXT records first so an updated record's keys win over the not-yet-expired older copy;
+            // first-wins (RFC 6763 §6.4) then applies to entries within each record in their wire order.
+            const txtRecords = new Array<DnssdName.TextRecord>();
             for (const record of this.#records.values()) {
-                if (record.recordType !== DnsRecordType.TXT) {
-                    continue;
+                if (record.recordType === DnsRecordType.TXT) {
+                    txtRecords.push(record);
                 }
-                for (const entry of record.value as string[]) {
-                    const pos = entry.indexOf("=");
-                    if (pos === -1) {
-                        parameters.set(entry, "");
-                    } else {
-                        parameters.set(entry.slice(0, pos), entry.slice(pos + 1));
+            }
+            txtRecords.sort((a, b) => b.installedAt - a.installedAt);
+            for (const record of txtRecords) {
+                for (const entry of record.value) {
+                    const bytes = Bytes.of(entry);
+                    // RFC 6763 §6.5: ignore zero-length entry.
+                    if (bytes.byteLength === 0) {
+                        continue;
+                    }
+                    // 0x3D = '='. RFC 6763 §6.4: split on the first '=' (later '=' bytes, e.g. base64 padding, belong to the value).
+                    const eqIndex = bytes.indexOf(0x3d);
+                    // RFC 6763 §6.4: ignore entry with empty key.
+                    if (eqIndex === 0) {
+                        continue;
+                    }
+                    const key = eqIndex === -1 ? Bytes.toString(bytes) : Bytes.toString(bytes.subarray(0, eqIndex));
+                    // RFC 6763 §6.4: first occurrence wins on duplicates.
+                    if (raw.has(key)) {
+                        continue;
                     }
+                    raw.set(key, eqIndex === -1 ? new Uint8Array(0) : bytes.subarray(eqIndex + 1));
                 }
             }
+            this.#parameters = new DnssdParameters(raw);
         }
         return this.#parameters;
     }
@@ -259,8 +279,9 @@ function keyOf(record: DnsRecord): string | undefined {
 
         case DnsRecordType.TXT:
             if (Array.isArray(record.value)) {
-                // Spread before sort: keyOf must not mutate record.value (parameters recompute relies on wire order)
-                return `${record.recordType} ${[...record.value].sort().join(" ")}`;
+                const keys = (record.value as Bytes[]).map(entry => Bytes.toHex(entry));
+                keys.sort();
+                return `${record.recordType} ${keys.join(" ")}`;
             }
             break;
     }
@@ -307,7 +328,7 @@ export namespace DnssdName {
         recordType: DnsRecordType.SRV;
     }
 
-    export interface TextRecord extends DnsRecord<string[]>, Expiration {
+    export interface TextRecord extends DnsRecord<Bytes[]>, Expiration {
         recordType: DnsRecordType.TXT;
     }
 
diff --git a/packages/general/src/net/dns-sd/DnssdParameters.ts b/packages/general/src/net/dns-sd/DnssdParameters.ts
@@ -0,0 +1,68 @@
+/**
+ * @license
+ * Copyright 2022-2026 Matter.js Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { Bytes } from "#util/Bytes.js";
+
+/**
+ * Parsed key/value pairs from a DNS-SD service's TXT records.
+ *
+ * Implements {@link ReadonlyMap}<string, string> with UTF-8 decoded values. Use {@link raw} for the original byte
+ * sequence — required for binary TXT fields such as the Thread MeshCoP `xa`, `xp`, `at`, `pt`, `sb`, and `dd` keys
+ * (RFC 6763 §6 — TXT values are opaque binary data; non-UTF-8 bytes mojibake to U+FFFD via the string accessors).
+ */
+export class DnssdParameters implements ReadonlyMap<string, string> {
+    readonly #raw: ReadonlyMap<string, Bytes>;
+
+    constructor(raw: ReadonlyMap<string, Bytes>) {
+        this.#raw = raw;
+    }
+
+    get(key: string): string | undefined {
+        const v = this.#raw.get(key);
+        return v === undefined ? undefined : Bytes.toString(v);
+    }
+
+    /**
+     * The original bytes for the given key, or `undefined` if absent.
+     */
+    raw(key: string): Bytes | undefined {
+        return this.#raw.get(key);
+    }
+
+    has(key: string): boolean {
+        return this.#raw.has(key);
+    }
+
+    get size(): number {
+        return this.#raw.size;
+    }
+
+    keys(): MapIterator<string> {
+        return this.#raw.keys();
+    }
+
+    *values(): MapIterator<string> {
+        for (const v of this.#raw.values()) {
+            yield Bytes.toString(v);
+        }
+    }
+
+    *entries(): MapIterator<[string, string]> {
+        for (const [k, v] of this.#raw) {
+            yield [k, Bytes.toString(v)];
+        }
+    }
+
+    [Symbol.iterator](): MapIterator<[string, string]> {
+        return this.entries();
+    }
+
+    forEach(cb: (value: string, key: string, map: ReadonlyMap<string, string>) => void, thisArg?: unknown): void {
+        for (const [k, v] of this.entries()) {
+            cb.call(thisArg, v, k, this);
+        }
+    }
+}
diff --git a/packages/general/src/net/dns-sd/IpService.ts b/packages/general/src/net/dns-sd/IpService.ts
@@ -14,6 +14,7 @@ import { Abort } from "#util/Abort.js";
 import { AsyncObservable, AsyncObservableValue, ObserverGroup } from "#util/Observable.js";
 import { DnssdName } from "./DnssdName.js";
 import { DnssdNames } from "./DnssdNames.js";
+import { DnssdParameters } from "./DnssdParameters.js";
 import { IpServiceStatus } from "./IpServiceStatus.js";
 
 /**
@@ -95,7 +96,7 @@ export class IpService {
     /**
      * Values from TXT records.
      */
-    get parameters(): ReadonlyMap<string, string> {
+    get parameters(): DnssdParameters {
         return this.#name.parameters;
     }
 
diff --git a/packages/general/src/net/dns-sd/index.ts b/packages/general/src/net/dns-sd/index.ts
@@ -6,6 +6,7 @@
 
 export * from "./DnssdName.js";
 export * from "./DnssdNames.js";
+export * from "./DnssdParameters.js";
 export * from "./DnssdSolicitor.js";
 export * from "./IpService.js";
 export * from "./IpServiceResolution.js";
diff --git a/packages/general/src/util/Bytes.ts b/packages/general/src/util/Bytes.ts
@@ -77,7 +77,7 @@ export namespace Bytes {
         }
 
         if (ArrayBuffer.isView(source)) {
-            return new Uint8Array(source.buffer, source.byteLength, source.byteOffset);
+            return new Uint8Array(source.buffer, source.byteOffset, source.byteLength);
         }
 
         return new Uint8Array(source);
diff --git a/packages/general/test/codec/DnsCodecTest.ts b/packages/general/test/codec/DnsCodecTest.ts
@@ -16,7 +16,7 @@ import {
 } from "#codec/DnsCodec.js";
 import { Seconds } from "#time/TimeUnit.js";
 import { Bytes } from "#util/Bytes.js";
-import { DataReader } from "#util/index.js";
+import { DataReader, DataWriter } from "#util/index.js";
 
 const DNS_RESPONSE: DnsMessage = {
     transactionId: 0,
@@ -115,7 +115,7 @@ const DECODED_WITH_PRIVATE_TYPE = {
                 "RI=0900669ED4F3C8043FCD77A39EEBD96F672A",
                 "PH=36",
                 "PI=",
-            ],
+            ].map(Bytes.fromString),
         },
         {
             flushCache: false,
@@ -276,6 +276,33 @@ describe("DnsCodec", () => {
         }
     });
 
+    describe("encode and decode TXT records", () => {
+        it("round-trips a TXT entry containing high bytes losslessly", () => {
+            // xa = 0x5AAF359C0501A1B0 — real Apple HomePod border-router extended MAC
+            const rawXa = Bytes.fromHex("5aaf359c0501a1b0");
+            const entry = Bytes.concat(Bytes.fromString("xa="), rawXa);
+
+            const writer = new DataWriter();
+            writer.writeUInt8(entry.byteLength);
+            writer.writeByteArray(entry);
+            const wire = writer.toByteArray();
+
+            const decoded = DnsCodec.decodeTxtRecord(wire);
+            expect(decoded).to.have.length(1);
+            expect(Bytes.areEqual(decoded[0], entry)).to.equal(true);
+
+            const reEncoded = DnsCodec.encodeTxtRecord(decoded);
+            expect(Bytes.areEqual(reEncoded, wire)).to.equal(true);
+        });
+
+        it("truncates entries longer than 255 bytes per RFC 6763 §6.1", () => {
+            const oversize = new Uint8Array(300).fill(0x41);
+            const wire = DnsCodec.encodeTxtRecord([oversize]);
+            expect(wire[0]).equal(0xff);
+            expect(wire.byteLength).equal(0xff + 1);
+        });
+    });
+
     describe("encode and decode AAAA records", () => {
         it("encodes and decodes AAAA fe80 record", () => {
             const encoded = DnsCodec.encodeAaaaRecord("fe80::9580:b733:6f54:9f43");
diff --git a/packages/general/test/net/dns-sd/DnssdNamesTest.ts b/packages/general/test/net/dns-sd/DnssdNamesTest.ts
diff --git a/packages/general/test/net/dns-sd/DnssdParametersTest.ts b/packages/general/test/net/dns-sd/DnssdParametersTest.ts
diff --git a/packages/general/test/util/BytesTest.ts b/packages/general/test/util/BytesTest.ts
diff --git a/packages/protocol/test/mdns/MdnsTest.ts b/packages/protocol/test/mdns/MdnsTest.ts

Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,7 @@ export namespace Bytes {`
`77`	`77`	`}`
`78`	`78`
`79`	`79`	`if (ArrayBuffer.isView(source)) {`
`80`		`- return new Uint8Array(source.buffer, source.byteLength, source.byteOffset);`
	`80`	`+ return new Uint8Array(source.buffer, source.byteOffset, source.byteLength);`
`81`	`81`	`}`
`82`	`82`
`83`	`83`	`return new Uint8Array(source);`