I'm sending a whois broadcast, but my <Debug/> isn't showing any information. Is there a basic .bfr file that I could test against to make sure my whois is getting from one machine to another? In my setup I have 2 virtual machines on an internal network. One of them has a second adapter to an external network and is bridge. At the moment I'm just trying to communicate on the internal network. I've tried the following 2 configs among other things.
I wanted to update this.
In my testing I was using the bacnet protocol stack, such at bacwi and bacwir, etc... I found that these tools only give a global broadcast (255.255.255.255) and seems like the packets are structured different than the VTS packets. All VTS packets work fine no matter the settings I give, local or global broadcast. VTS does handle packet properly from the Bacnet Protocol Stack fine though. So I don't know what is different about BFR. Is it more strict with the bacnet standard than VTS?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Another note, the settings I got to work with VTS are as follows.
<BFR>
<UDP address="192.168.200.254/24" server="udp1"/>
<BIP client="udp1" server="bip1"/>
In my testing I was using the bacnet protocol stack, such at bacwi and bacwir, etc... I found that these tools only give a global broadcast (255.255.255.255) and seems like the packets are structured different than the VTS packets.
There are sadly two kinds of broadcast messages, (a) all F's and (b) all one's in the host portion. The fact that these other tools are using the "special definition" of broadcast for the "zero network" is lazy in my opinion, and to be charitable, may appropriate broadcast addresses not be easily available in their implementation stack. To quote from Wikipedia (which I understand is just easy to find and not an authoritative source):
A special definition exists for the IP broadcast address
255.255.255.255. It is the broadcast address of the zero network
or 0.0.0.0, which in Internet Protocol standards stands for this
network, i.e. the local network. Transmission to this address is
limited by definition, in that it is never forwarded by the routers
connecting the local network to other networks.
More appropriately, quoting from the BACnet standard:
Where the "B/IP broadcast address" is referred to in this Annex,
it means an IP address with the subnet of the broadcasting device in
the network portion and all 1's in the host portion of the address
and the UDP port of the devices on the B/IP network in question.
So strictly speaking, the other tools are not following the standard. This point may be moot however, if the basic concept is to be generous in what you accept and strict in what you generate, a.k.a., the Robustness Principle.
All VTS packets work fine no matter the settings I give, local or global broadcast. VTS does handle packet properly from the Bacnet Protocol Stack fine though. So I don't know what is different about BFR. Is it more strict with the bacnet standard than VTS?
Yes, and if memory serve me correctly (it was a LONG time ago that I wrote VTS) there were limitations on the Microsoft Windows implementation of the socket library and I had to simply accept. I was originally going to implement enough UDP in the VTS application itself so that I would be using the WinPcap library for all incoming and outgoing packets and I would have complete control over the IP layer, but that never happened.
Getting into the weeds, if the bind() function in BACnetUDP::Init is given INADDR_ANY then the socket will receive both unicast and broadcast addresses, and both kinds of broadcast addresses. It's very generous. But this is not appropriate for a router that has to distinguish between packets received from two different interfaces, they will all land on one socket (or some unpredictable combination of them).
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks for your response, this helps a lot. I'm fairly new to the BACnet universe and some of the network standards. I'll will be working with this in my current role for years to come.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
hy, i have simlare probleme with BFR, i am trying to implemente BFR on an architeture with 3 virtuel machine with 2 different network, one of the VM play the role of gateway, and i try to put BFR on it to filter packets, but even with a reject all policy, i can send and recive packet from the two end.
i used this config:
I haven't figured out the filter or have a need at the moment. Maybe try rejecting both upstream and downstream. You might be best starting a new thread for this one so more people see it.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I also noticed that you have the router tag without the adapter. You don't need this. just use the router tag that uses the adapter. Your code would look like this:
hy, i have simlare probleme with BFR, i am trying to implemente BFR on an architeture with 3 virtuel machine with 2 different network, one of the VM play the role of gateway...
As a minor BACnet terminology clarification this is called a "router", the term "gateway" is used when you are translating between protocols like BACnet to/from MODBUS.
...and i try to put BFR on it to filter packets, but even with a reject all policy, i can send and receive packet from the two end.
This filter is written to accept those two types of packets, so your router VM should be recognized as a router to network 1 for all of the devices on network 2, and if there are other routers on network 2, it should accept their networks and forward the I-Am-Router-To-Network on to network 1. There is no filter from network 1 to network 2, so all packets will pass through.
This is going to reject everything coming in on network 2, but there are still no filters on network 1 so packets will pass through.
I also noticed that your debugging elements sit below your filter will print out their messages above the BIP element but below the filter, so they will print out everything that is received before it gets filtered on the upstream side. The downstream traffic should be exactly what you see being received by your other virtual machines on the two networks.
A long time ago I used to run Parallels Desktop for virtualization, but I'm hoping I can run VirtualBox and set up a similar test environment.
A long time ago I used to run Parallels Desktop for virtualization, but I'm hoping I can run VirtualBox and set up a similar test environment.
I'm crawling up the VirtualBox learning curve, so far there haven't been too many surprises. I should be able to reproduce your network environment and start throwing packets around in the next few days.
for Windows, kernel automatically forwards broadcasted packet to socket bound to unicast IP. Only one socket bound to unicast IP is needed. So there is not different between broadcasting to subnet broadcast IP or global broadcast IP.
for Linux, socket has to be bound to broadcast IP to receive broadcasted packet to that IP. So socket bound to subnet broadcast IP would not receive global broadcast packet.
Though it is mondatory by BACnet standard to broadcast on subnet, but there still many implementation ignoring it.
The solution for our BACnet router (http://www.hvacrcontrol.com/bacnet-router) is providing a option to accept those buggy broadcast. When it is enabled, besides unicast and subnet broadcast IP, global broadcast IP is monitored.
lin
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm sending a whois broadcast, but my <Debug/> isn't showing any information. Is there a basic .bfr file that I could test against to make sure my whois is getting from one machine to another? In my setup I have 2 virtual machines on an internal network. One of them has a second adapter to an external network and is bridge. At the moment I'm just trying to communicate on the internal network. I've tried the following 2 configs among other things.
config 1
<BFR>
<UDP address="192.168.200.1/24" server="a"/>
<Debug client="a" server="b"/>
<BBMD client="b" foreign="n">
<Peer address="192.168.200.1/24"/>
</BBMD>
</BFR>
config 2
<BFR>
<UDP address="192.168.200.1/24" server="lan2"/>
<Debug client="lan2" server="lan4"/>
</BFR>
Thanks for any help.
Yot1mb0
I wanted to update this.
In my testing I was using the bacnet protocol stack, such at bacwi and bacwir, etc... I found that these tools only give a global broadcast (255.255.255.255) and seems like the packets are structured different than the VTS packets. All VTS packets work fine no matter the settings I give, local or global broadcast. VTS does handle packet properly from the Bacnet Protocol Stack fine though. So I don't know what is different about BFR. Is it more strict with the bacnet standard than VTS?
Another note, the settings I got to work with VTS are as follows.
<BFR>
<UDP address="192.168.200.254/24" server="udp1"/>
<BIP client="udp1" server="bip1"/>
</BFR>
Thank you for your continuing efforts!
There are sadly two kinds of broadcast messages, (a) all F's and (b) all one's in the host portion. The fact that these other tools are using the "special definition" of broadcast for the "zero network" is lazy in my opinion, and to be charitable, may appropriate broadcast addresses not be easily available in their implementation stack. To quote from Wikipedia (which I understand is just easy to find and not an authoritative source):
A special definition exists for the IP broadcast address 255.255.255.255. It is the broadcast address of the zero network or 0.0.0.0, which in Internet Protocol standards stands for this network, i.e. the local network. Transmission to this address is limited by definition, in that it is never forwarded by the routers connecting the local network to other networks.More appropriately, quoting from the BACnet standard:
Where the "B/IP broadcast address" is referred to in this Annex, it means an IP address with the subnet of the broadcasting device in the network portion and all 1's in the host portion of the address and the UDP port of the devices on the B/IP network in question.So strictly speaking, the other tools are not following the standard. This point may be moot however, if the basic concept is to be generous in what you accept and strict in what you generate, a.k.a., the Robustness Principle.
Yes, and if memory serve me correctly (it was a LONG time ago that I wrote VTS) there were limitations on the Microsoft Windows implementation of the socket library and I had to simply accept. I was originally going to implement enough UDP in the VTS application itself so that I would be using the WinPcap library for all incoming and outgoing packets and I would have complete control over the IP layer, but that never happened.
Getting into the weeds, if the bind() function in BACnetUDP::Init is given INADDR_ANY then the socket will receive both unicast and broadcast addresses, and both kinds of broadcast addresses. It's very generous. But this is not appropriate for a router that has to distinguish between packets received from two different interfaces, they will all land on one socket (or some unpredictable combination of them).
Thanks for your response, this helps a lot. I'm fairly new to the BACnet universe and some of the network standards. I'll will be working with this in my current role for years to come.
hy, i have simlare probleme with BFR, i am trying to implemente BFR on an architeture with 3 virtuel machine with 2 different network, one of the VM play the role of gateway, and i try to put BFR on it to filter packets, but even with a reject all policy, i can send and recive packet from the two end.
i used this config:
can anyone help me with this.
Last edit: yassine 2016-03-18
I haven't figured out the filter or have a need at the moment. Maybe try rejecting both upstream and downstream. You might be best starting a new thread for this one so more people see it.
I also noticed that you have the router tag without the adapter. You don't need this. just use the router tag that uses the adapter. Your code would look like this:
Hi Yassine,
hy, i have simlare probleme with BFR, i am trying to implemente BFR on an architeture with 3 virtuel machine with 2 different network, one of the VM play the role of gateway...
As a minor BACnet terminology clarification this is called a "router", the term "gateway" is used when you are translating between protocols like BACnet to/from MODBUS.
...and i try to put BFR on it to filter packets, but even with a reject all policy, i can send and receive packet from the two end.
Humm...
This filter is written to accept those two types of packets, so your router VM should be recognized as a router to network 1 for all of the devices on network 2, and if there are other routers on network 2, it should accept their networks and forward the I-Am-Router-To-Network on to network 1. There is no filter from network 1 to network 2, so all packets will pass through.
Tim wrote:
This is going to reject everything coming in on network 2, but there are still no filters on network 1 so packets will pass through.
I also noticed that your debugging elements sit below your filter will print out their messages above the BIP element but below the filter, so they will print out everything that is received before it gets filtered on the upstream side. The downstream traffic should be exactly what you see being received by your other virtual machines on the two networks.
A long time ago I used to run Parallels Desktop for virtualization, but I'm hoping I can run VirtualBox and set up a similar test environment.
Joel
I wrote:
A long time ago I used to run Parallels Desktop for virtualization, but I'm hoping I can run VirtualBox and set up a similar test environment.
I'm crawling up the VirtualBox learning curve, so far there haven't been too many surprises. I should be able to reproduce your network environment and start throwing packets around in the next few days.
Joel
Last edit: Tim McManamey 2016-03-18
for Windows, kernel automatically forwards broadcasted packet to socket bound to unicast IP. Only one socket bound to unicast IP is needed. So there is not different between broadcasting to subnet broadcast IP or global broadcast IP.
for Linux, socket has to be bound to broadcast IP to receive broadcasted packet to that IP. So socket bound to subnet broadcast IP would not receive global broadcast packet.
Though it is mondatory by BACnet standard to broadcast on subnet, but there still many implementation ignoring it.
The solution for our BACnet router (http://www.hvacrcontrol.com/bacnet-router) is providing a option to accept those buggy broadcast. When it is enabled, besides unicast and subnet broadcast IP, global broadcast IP is monitored.
lin