scionproto · JordiSubira · Jun 18, 2025 · Jun 18, 2025 · Jun 18, 2025 · Jun 18, 2025
diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock
diff --git a/control/BUILD.bazel b/control/BUILD.bazel
@@ -37,6 +37,7 @@ go_library(
         "//pkg/scrypto:go_default_library",
         "//pkg/scrypto/cppki:go_default_library",
         "//pkg/segment:go_default_library",
+        "//pkg/segment/extensions/discovery:go_default_library",
         "//pkg/snet:go_default_library",
         "//pkg/snet/addrutil:go_default_library",
         "//pkg/snet/metrics:go_default_library",

diff --git a/control/beaconing/BUILD.bazel b/control/beaconing/BUILD.bazel
@@ -31,6 +31,7 @@ go_library(
         "//pkg/scrypto/cppki:go_default_library",
         "//pkg/segment:go_default_library",
         "//pkg/segment/extensions/digest:go_default_library",
+        "//pkg/segment/extensions/discovery:go_default_library",
         "//pkg/segment/extensions/epic:go_default_library",
         "//pkg/segment/extensions/staticinfo:go_default_library",
         "//pkg/segment/iface:go_default_library",
@@ -73,6 +74,7 @@ go_test(
         "//pkg/scrypto/cppki:go_default_library",
         "//pkg/scrypto/signed:go_default_library",
         "//pkg/segment:go_default_library",
+        "//pkg/segment/extensions/discovery:go_default_library",
         "//pkg/segment/extensions/staticinfo:go_default_library",
         "//pkg/segment/iface:go_default_library",
         "//pkg/slayers/path:go_default_library",

diff --git a/control/beaconing/extender.go b/control/beaconing/extender.go
@@ -30,6 +30,7 @@ import (
 	"github.com/scionproto/scion/pkg/scrypto/cppki"
 	seg "github.com/scionproto/scion/pkg/segment"
 	"github.com/scionproto/scion/pkg/segment/extensions/digest"
+	"github.com/scionproto/scion/pkg/segment/extensions/discovery"
 	"github.com/scionproto/scion/pkg/segment/extensions/epic"
 	"github.com/scionproto/scion/pkg/slayers/path"
 	"github.com/scionproto/scion/private/trust"
@@ -79,6 +80,9 @@ type DefaultExtender struct {
 	Task string
 	// StaticInfo contains the configuration used for the StaticInfo Extension.
 	StaticInfo func() *StaticInfoCfg
+	// DiscoveryInformation contains the discovery information to be added to
+	// the segment.
+	DiscoveryInformation func() *discovery.Extension
 	// EPIC defines whether the EPIC authenticators should be added when the segment is extended.
 	EPIC bool
 
@@ -176,6 +180,9 @@ func (s *DefaultExtender) Extend(
 	if static := s.StaticInfo(); static != nil {
 		asEntry.Extensions.StaticInfo = static.Generate(s.Intfs, ingress, egress)
 	}
+	if discovery := s.DiscoveryInformation(); discovery != nil {
+		asEntry.Extensions.Discovery = discovery
+	}
 
 	// Add the detachable Epic extension
 	if s.EPIC {

diff --git a/control/beaconing/extender_test.go b/control/beaconing/extender_test.go
@@ -35,6 +35,7 @@ import (
 	cryptopb "github.com/scionproto/scion/pkg/proto/crypto"
 	"github.com/scionproto/scion/pkg/scrypto"
 	seg "github.com/scionproto/scion/pkg/segment"
+	"github.com/scionproto/scion/pkg/segment/extensions/discovery"
 	"github.com/scionproto/scion/pkg/slayers/path"
 	"github.com/scionproto/scion/private/topology"
 	"github.com/scionproto/scion/private/trust"
@@ -104,10 +105,11 @@ func TestDefaultExtenderExtend(t *testing.T) {
 					require.NoError(t, err)
 					return mac
 				},
-				Intfs:      intfs,
-				MTU:        1337,
-				MaxExpTime: func() uint8 { return beacon.DefaultMaxExpTime },
-				StaticInfo: func() *beaconing.StaticInfoCfg { return nil },
+				Intfs:                intfs,
+				MTU:                  1337,
+				MaxExpTime:           func() uint8 { return beacon.DefaultMaxExpTime },
+				StaticInfo:           func() *beaconing.StaticInfoCfg { return nil },
+				DiscoveryInformation: func() *discovery.Extension { return nil },
 			}
 			pseg, err := seg.CreateSegment(time.Time{}, 0)
 			require.NoError(t, err)
@@ -175,10 +177,11 @@ func TestDefaultExtenderExtend(t *testing.T) {
 				require.NoError(t, err)
 				return mac
 			},
-			Intfs:      intfs,
-			MTU:        1337,
-			MaxExpTime: func() uint8 { return 1 },
-			StaticInfo: func() *beaconing.StaticInfoCfg { return nil },
+			Intfs:                intfs,
+			MTU:                  1337,
+			MaxExpTime:           func() uint8 { return 1 },
+			StaticInfo:           func() *beaconing.StaticInfoCfg { return nil },
+			DiscoveryInformation: func() *discovery.Extension { return nil },
 		}
 		require.NoError(t, err)
 		pseg, err := seg.CreateSegment(time.Now(), uint16(mrand.Int()))
@@ -267,10 +270,11 @@ func TestDefaultExtenderExtend(t *testing.T) {
 						require.NoError(t, err)
 						return mac
 					},
-					Intfs:      intfs,
-					MTU:        1337,
-					MaxExpTime: tc.MaxExpTime,
-					StaticInfo: func() *beaconing.StaticInfoCfg { return nil },
+					Intfs:                intfs,
+					MTU:                  1337,
+					MaxExpTime:           tc.MaxExpTime,
+					StaticInfo:           func() *beaconing.StaticInfoCfg { return nil },
+					DiscoveryInformation: func() *discovery.Extension { return nil },
 				}
 				pseg, err := seg.CreateSegment(ts, uint16(mrand.Int()))
 				require.NoError(t, err)
@@ -337,10 +341,11 @@ func TestDefaultExtenderExtend(t *testing.T) {
 						require.NoError(t, err)
 						return mac
 					},
-					Intfs:      intfs,
-					MTU:        1337,
-					MaxExpTime: func() uint8 { return beacon.DefaultMaxExpTime },
-					StaticInfo: func() *beaconing.StaticInfoCfg { return nil },
+					Intfs:                intfs,
+					MTU:                  1337,
+					MaxExpTime:           func() uint8 { return beacon.DefaultMaxExpTime },
+					StaticInfo:           func() *beaconing.StaticInfoCfg { return nil },
+					DiscoveryInformation: func() *discovery.Extension { return nil },
 				}
 				pseg, err := seg.CreateSegment(time.Now(), uint16(mrand.Int()))
 				require.NoError(t, err)

diff --git a/control/beaconing/handler.go b/control/beaconing/handler.go
@@ -16,6 +16,8 @@ package beaconing
 
 import (
 	"context"
+	"net"
+	"slices"
 	"strconv"
 
 	"github.com/opentracing/opentracing-go"
@@ -127,13 +129,32 @@ func (h Handler) verifySegment(ctx context.Context, segment *seg.PathSegment,
 	if err != nil {
 		return err
 	}
-	svcToQuery := &snet.SVCAddr{
+	var remoteAddr net.Addr = &snet.SVCAddr{
 		IA:      peer.IA,
 		Path:    peerPath.Dataplane(),
 		NextHop: peerPath.UnderlayNextHop(),
 		SVC:     addr.SvcCS,
 	}
-	return segverifier.VerifySegment(ctx, h.Verifier, svcToQuery, segment)
+
+	i := slices.IndexFunc(segment.ASEntries, func(e seg.ASEntry) bool {
+		return e.Local.Equal(peer.IA)
+	})
+	if i < 0 {
+		return serrors.New("no AS entry for peer in segment",
+			"peer", peer.IA, "segment", segment.ID(),
+			"ase_entries", segment.ASEntries)
+	}
+	if disco := segment.ASEntries[i].Extensions.Discovery; disco != nil &&
+		len(disco.ControlServices) > 0 {
+		remoteAddr = &snet.UDPAddr{
+			IA:      peer.IA,
+			Path:    peerPath.Dataplane(),
+			NextHop: peerPath.UnderlayNextHop(),
+			Host:    net.UDPAddrFromAddrPort(disco.ControlServices[0]),
+		}
+	}
+
+	return segverifier.VerifySegment(ctx, h.Verifier, remoteAddr, segment)
 }
 
 func (h Handler) updateMetric(span opentracing.Span, l handlerLabels, err error) {

diff --git a/control/beaconing/handler_test.go b/control/beaconing/handler_test.go
@@ -84,7 +84,7 @@ func TestHandlerHandleBeacon(t *testing.T) {
 			},
 			Peer: func() *snet.UDPAddr {
 				return &snet.UDPAddr{
-					IA:   0,
+					IA:   addr.MustParseIA("2-ff00:0:220"),
 					Path: path.SCION{},
 				}
 			},
@@ -108,7 +108,7 @@ func TestHandlerHandleBeacon(t *testing.T) {
 			},
 			Peer: func() *snet.UDPAddr {
 				return &snet.UDPAddr{
-					IA:   0,
+					IA:   addr.MustParseIA("2-ff00:0:220"),
 					Path: path.SCION{},
 				}
 			},
@@ -134,7 +134,7 @@ func TestHandlerHandleBeacon(t *testing.T) {
 			},
 			Peer: func() *snet.UDPAddr {
 				return &snet.UDPAddr{
-					IA:   0,
+					IA:   addr.MustParseIA("2-ff00:0:220"),
 					Path: path.SCION{},
 				}
 			},
@@ -160,6 +160,34 @@ func TestHandlerHandleBeacon(t *testing.T) {
 				b.Segment.ASEntries[b.Segment.MaxIdx()].Local = addr.MustParseIA("1-ff00:0:111")
 				return b
 			},
+			Peer: func() *snet.UDPAddr {
+				return &snet.UDPAddr{
+					IA:   addr.MustParseIA("2-ff00:0:220"),
+					Path: path.SCION{},
+				}
+			},
+			Assertion: assert.Error,
+		},
+		"invalid peer ISD-AS": {
+			Inserter: func(mctrl *gomock.Controller) *mock_beaconing.MockBeaconInserter {
+				inserter := mock_beaconing.NewMockBeaconInserter(mctrl)
+				inserter.EXPECT().PreFilter(gomock.Any()).Return(nil)
+				return inserter
+			},
+			Verifier: func(mctrl *gomock.Controller) *mock_infra.MockVerifier {
+				return mock_infra.NewMockVerifier(mctrl)
+			},
+			Beacon: func(t *testing.T, mctrl *gomock.Controller) beacon.Beacon {
+				g := graph.NewDefaultGraph(mctrl)
+				b := beacon.Beacon{
+					Segment: testSegment(g, []uint16{
+						graph.If_220_X_120_B, graph.If_120_A_110_X,
+					}),
+					InIfID: localIF,
+				}
+				b.Segment.ASEntries[b.Segment.MaxIdx()].Next = addr.MustParseIA("1-ff00:0:111")
+				return b
+			},
 			Peer: func() *snet.UDPAddr {
 				return &snet.UDPAddr{
 					IA:   0,
@@ -190,7 +218,7 @@ func TestHandlerHandleBeacon(t *testing.T) {
 			},
 			Peer: func() *snet.UDPAddr {
 				return &snet.UDPAddr{
-					IA:   0,
+					IA:   addr.MustParseIA("2-ff00:0:220"),
 					Path: path.SCION{},
 				}
 			},
@@ -216,7 +244,7 @@ func TestHandlerHandleBeacon(t *testing.T) {
 			},
 			Peer: func() *snet.UDPAddr {
 				return &snet.UDPAddr{
-					IA:   0,
+					IA:   addr.MustParseIA("2-ff00:0:220"),
 					Path: path.SCION{},
 				}
 			},
@@ -245,7 +273,7 @@ func TestHandlerHandleBeacon(t *testing.T) {
 			},
 			Peer: func() *snet.UDPAddr {
 				return &snet.UDPAddr{
-					IA:   0,
+					IA:   addr.MustParseIA("2-ff00:0:220"),
 					Path: path.SCION{},
 				}
 			},

diff --git a/control/beaconing/originator_test.go b/control/beaconing/originator_test.go
@@ -38,6 +38,7 @@ import (
 	cryptopb "github.com/scionproto/scion/pkg/proto/crypto"
 	"github.com/scionproto/scion/pkg/scrypto/signed"
 	seg "github.com/scionproto/scion/pkg/segment"
+	"github.com/scionproto/scion/pkg/segment/extensions/discovery"
 	"github.com/scionproto/scion/private/topology"
 	"github.com/scionproto/scion/private/trust"
 )
@@ -68,13 +69,14 @@ func TestOriginatorRun(t *testing.T) {
 		senderFactory := mock_beaconing.NewMockSenderFactory(mctrl)
 		o := beaconing.Originator{
 			Extender: &beaconing.DefaultExtender{
-				IA:         topo.IA(),
-				MTU:        topo.MTU(),
-				SignerGen:  testSignerGen{Signers: []trust.Signer{signer}},
-				Intfs:      intfs,
-				MAC:        macFactory,
-				MaxExpTime: func() uint8 { return beacon.DefaultMaxExpTime },
-				StaticInfo: func() *beaconing.StaticInfoCfg { return nil },
+				IA:                   topo.IA(),
+				MTU:                  topo.MTU(),
+				SignerGen:            testSignerGen{Signers: []trust.Signer{signer}},
+				Intfs:                intfs,
+				MAC:                  macFactory,
+				MaxExpTime:           func() uint8 { return beacon.DefaultMaxExpTime },
+				StaticInfo:           func() *beaconing.StaticInfoCfg { return nil },
+				DiscoveryInformation: func() *discovery.Extension { return nil },
 			},
 			SenderFactory: senderFactory,
 			IA:            topo.IA(),
@@ -131,13 +133,14 @@ func TestOriginatorRun(t *testing.T) {
 		sender := mock_beaconing.NewMockSender(mctrl)
 		o := beaconing.Originator{
 			Extender: &beaconing.DefaultExtender{
-				IA:         topo.IA(),
-				MTU:        topo.MTU(),
-				SignerGen:  testSignerGen{Signers: []trust.Signer{signer}},
-				Intfs:      intfs,
-				MAC:        macFactory,
-				MaxExpTime: func() uint8 { return beacon.DefaultMaxExpTime },
-				StaticInfo: func() *beaconing.StaticInfoCfg { return nil },
+				IA:                   topo.IA(),
+				MTU:                  topo.MTU(),
+				SignerGen:            testSignerGen{Signers: []trust.Signer{signer}},
+				Intfs:                intfs,
+				MAC:                  macFactory,
+				MaxExpTime:           func() uint8 { return beacon.DefaultMaxExpTime },
+				StaticInfo:           func() *beaconing.StaticInfoCfg { return nil },
+				DiscoveryInformation: func() *discovery.Extension { return nil },
 			},
 			SenderFactory: senderFactory,
 			IA:            topo.IA(),