-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
six Network Layer messages should be implemented #12
Comments
@duffy-corelight, it would really help if you also have pcaps for verification |
@duffy-corelight, looking through code and various test pcaps. I do see these pop up. By "implemented", is it safe to assume that you mean parsing? If so, then pcaps would be appreciated for these messages |
Pkt#3 shows a correct one. And Pkt#4 shows a subtly incorrect one. |
Oh, I had formed an incorrect impression before I reported this, because the existing code:
missed all the other 62 values which convey network_layer_messages. That should be:
instead of
I mention 62 rather than 126 other values which can convey network_layer_messages, only because bit 4 is reserved and is always zero. |
The subtly wrong pkt#4 is in two aspects. A) the standard mandates (and behaviorally only expects implementations to be coded this way) ip.dest_h is a broadcast address if-and-only-if the Original-Broadcast-NPDU is used and if the Original-Unicast-NPDU is used, then the ip.dest_h is a non-broadcast address. B) there is no Network Number 0 which can be reached through a router. The 0 value is semantically: "the network which comprises devices which can be reached without passing through a router". So no BACnet Network Layer packet would ever see a zero in a network number parameter. |
Besides fixing the
I would hope to see in the resolution of this issue also, that after the
statement, the appending into data as string represented decimal (not hexadecimal, since decimal network numbers are the usual BACnet representation), of all the network number parameters (each is uint16) until the UDP/BVLC-Length. Don't be misled by Wireshark calling them Destination Network Address: They are not an address. They are a network number. |
@duffy-corelight, latest update partially addresses this issue. Like the others, I'll let the customer close the issue if deemed as satisfied. Edit: output looks like
|
Here are examples of a few of these messages, including a flawed implementation's pkt#5. |
There are six Network Layer messages:
X'00': Who-Is-Router-To-Network
X'01': I-Am-Router-To-Network
X'02': I-Could-Be-Router-To-Network
X'03': Reject-Message-To-Network
X'04': Router-Busy-To-Network
X'05': Router-Available-To-Network
which are in common use, and two more defined, which are deprecated:
X'06': Initialize-Routing-Table
X'07': Initialize-Routing-Table-Ack
These are at network level, thus below, so differently encoded from any APDU.
The text was updated successfully, but these errors were encountered: