A parsing exception is thrown when processing a NPDU Message of type 0 (Who-Is-Router-To-Network).
In the current implementation of the parser, processing of the NPDU Message is incomplete and assumes after parsing the 1 byte NPDU message type that 2 bytes for the destination address follow. According to the specification, the 2 bytes following a message type of 0 are optional. These 2 bytes are not present in the NPDU message packet and the exception is thrown when attempting to parse the non-existent 2 bytes. For other NPDU message types, there can be several bytes of additional information available depending on the message type. The current implementation of the parser does not log any of this information.
For now, logging of the detailed destination address has been removed. This allows processing of the NPDU message type 0 described above to complete without error. In the future additional logging of the various message type details can be implemented. See issue #40 for more information.
For a list of specified message types, see the table npdu_message_types in file consts.zeek
💠Motivation and context
Fix for issue #37
🧪 Testing
Verified no exceptions are thrown when processing bacnet_service.pcap
🗣 Description
A parsing exception is thrown when processing a NPDU Message of type 0 (Who-Is-Router-To-Network).
In the current implementation of the parser, processing of the NPDU Message is incomplete and assumes after parsing the 1 byte NPDU message type that 2 bytes for the destination address follow. According to the specification, the 2 bytes following a message type of 0 are optional. These 2 bytes are not present in the NPDU message packet and the exception is thrown when attempting to parse the non-existent 2 bytes. For other NPDU message types, there can be several bytes of additional information available depending on the message type. The current implementation of the parser does not log any of this information.
For now, logging of the detailed destination address has been removed. This allows processing of the NPDU message type 0 described above to complete without error. In the future additional logging of the various message type details can be implemented. See issue #40 for more information.
For a list of specified message types, see the table
npdu_message_typesin file consts.zeek💠Motivation and context
Fix for issue #37
🧪 Testing
Verified no exceptions are thrown when processing bacnet_service.pcap