BACnet通讯分析.pdf

大丈夫处世，不能立功建业，几与草木同腐乎？罗贯中志不强者智不达，言不信者行不果。墨翟 1、概述.系统实现基于 BACnet/IP（又称 B/IP）网络进行通讯。BACnet 虚拟链路层（BVLL）提供了 BACnet 网络层和某指定的通讯子系统的接口，本文指定了 BACnet 虚拟链路控制（BVLC）要求支持的定向和广播信息。本实现关于 BACnet 协议定义主要可分为三层：B/IP 网络虚拟层，BACnet 网络层和 BACnet 应用层。B/IP 提供了 TCP/IP 一样的通讯结构，采用 UDP 的通讯方式。本文接下来将对此三层结构进行详细的讲解。其文本协议的大致格式如下：BACnet/IP BACnet 网络层 BACnet 应用层 BVLC Type BVLC Function Length NPDU APDU NPDU：BACnet 网络层数据结构，下文进行详细的讲解 APDU：BACnet 应用层数据结构，下文进行详细的讲解 2、BACnet/IP.BVLC Type：0 x81，代表 BACnet/IP 网络 BVLC Function：指定报文的类型，何种作用；本应用使用的报文类型分为两种：0A：点对点通讯 0B：广播通信 Length：指定报文的长度，包括 BVLC Type、BVLC Function 以及本身在内 NPDU：根据不同情况，报文长短不同，见下文的解析。APDU：根据 NPDU 不同以及不同的请求，报文不同，见下文的解析。3、BACnet NPDU 结构.版本信息 1 Byte Version 控制字 1 Byte Control 目标网络号 2 Bytes DNET 目标网络长度 1 Byte DLEN 目标地址 可变长度 DADR 原网络号 2 Bytes SNET 原网络长度 1 Byte SLEN 原地址 可变 SNET 路由数目 1 Byte Hop Count 消息类型 1 Byte Message Type 卖方ID 2 Bytes Vendor ID 应用层信息 可变 APDU 版本信息：默认 0 x01 控制字 ：BIT7：1 表示 Message Type 存在，为 0 时 Message Type 不存在 BIT6：保留，为 0 BIT5：1 表示 DNET DLEN Hop Count 存在，当 DLEN 为 0 时表明广播网络 人人好公，则天下太平；人人营私，则天下大乱。刘鹗人不知而不愠，不亦君子乎？论语DADR 不存在；0 表示DNET DLEN DADR Hop Count 不存在 BIT4：保留，为 0 BIT3：1 表示 SNET SLEN 存在，当 SLEN 为 0 时表明无效 SADR 不存在；0 表示SNET SLEN SADR Hop Count 不存在 BIT2：1 表示为一个需确认的请求数据单元，一复杂 ACK 数据单元或一网络层 信息非 reply 的；0 表示除去上述情形的数据单元 BIT1、0：网络优先级 11=Life Safety message 10=Critical Equipment message 01=Urgent message 00=Normal message 目标网络号：FFFF 的时候表示广播 目标长度：表示 DADR 的长度 目标地址：目标网络 MAC 地址 原网络号：同目标网络号 原网络长度：表示 SADR 的长度 原地址：原网络的 MAC 地址 路由数目：数据需要经过的路由个数，当不存在 DNET 的时候，需设置为 FF 消息类型：X00:Who-Is-Router-To-Network X01:I-Am-Router-To-Network X02:I-Could-Be-Router-To-Network X03:Reject-Message-To-Network X04:Router-Busy-To-Network X05:Router-Available-To-Network X06:Initialize-Routing-Table X07:Initialize-Routing-Table-Ack X08:Establish-Connection-To-Network X09:Disconnect-Connection-To-Network X0A to X7F:Reserved for use by ASHRAE X80 to XFF:Available for vendor proprietary messages 卖方 ID：当控制字的 BIT7 为 1 并且消息类型为 X80 to XFF:的时候，才会存在 本次开发没有用到，不再解释 本次应用中控制字只用到 0 x20 和 0 x04 两种，前者为广播查询设备，后者微点对对取设备数据或属性。4、BACnet APDU 结构：（应用层协议数据单元）BACnet 网络层数据主要分为一下几种：BACnetPDU:=CHOICE confirmed-request-PDU 0 BACnet-Confirmed-Request-PDU,unconfirmed-request-PDU 1 BACnet-Unconfirmed-Request-PDU,simpleACK-PDU 2 BACnet-SimpleACK-PDU,丹青不知老将至，贫贱于我如浮云。杜甫勿以恶小而为之，勿以善小而不为。刘备complexACK-PDU 3 BACnet-ComplexACK-PDU,segmentAck-PDU 4 BACnet-SegmentACK-PDU,error-PDU 5 BACnet-Error-PDU,reject-PDU 6 BACnet-Reject-PDU,abort-PDU 7 BACnet-Abort-PDU 对于本次应用，主要用到了 BACnet-Confirmed-Request-PDU（需确认的请求协议数据单元）BACnet-Unconfirmed-Request-PDU（无需确认的请求协议数据单元）BACnet-ComplexACK-PDU（复杂的 ACK 命令）BACnet-Error-PDU（报错的协议数据单元）对于上述几种数据的分类主要根据 pdu type（下文进行讲解）进行判定。.BACnet-Confirmed-Request-PDU 的结构：BACnet-Confirmed-Request-PDU:=SEQUENCE pdu-type 0 Unsigned(0.15),-0 for this PDU type segmented-message 1 BOOLEAN,more-follows 2 BOOLEAN,segmented-response-accepted 3 BOOLEAN,reserved 4 Unsigned(0.3),-must be set to zero max-segments-accepted 5 Unsigned(0.7),-as per 20.1.2.4 max-APDU-length-accepted 6 Unsigned(0.15),-as per 20.1.2.5 invokeID 7 Unsigned(0.255),sequence-number 8 Unsigned(0.255)OPTIONAL,-only if segmented msg proposed-window-size 9 Unsigned(1.127)OPTIONAL,-only if segmented msg service-choice 10 BACnetConfirmedServiceChoice,service-request 11 BACnet-Confirmed-Service-Request OPTIONAL BIT7 BIT6 BIT5 BIT4 BIT3 BIT2 BIT1 BIT0 PDU TYPE SEG MOR SA 0 0 Max Segs Max Resp Invoke ID Sequence Number(only present by SEG=1)Proposed Window Size(only present by SEG=1)Service Chioce Service Request PDU Type 0 (BACnet-Confirmed-Service-Request-PDU)SEG 0 (Unsegmented Request)其身正，不令而行；其身不正，虽令不从。论语云路鹏程九万里，雪窗萤火二十年。王实甫1 (Segmented Request)MOR 0 (No More Segments Follow)1 (More Segments Follow)SA 0 (Segmented Response not accepted)1 (Segmented Response accepted)Max Segs (0.7)(Number of response segments accepted per 20.1.2.4)Max Resp (0.15)(Size of Maximum APDU accepted per 20.1.2.5)Invoke ID (0.255)Sequence Number (0.255)Only present if SEG=1 Proposed Window Size (1.127)Only present if SEG=1 Service Choice BACnetConfirmedServiceChoice Service Request Variable Encoding SEG：指出当前的数据单元是否为完整的还是为一部分分段信息 MOR：指出是否还有更多的分段信息 SA：为 1 时指出将收到一个复杂的回应（complex ack）Max Segs ：指出设备将要接收到多少分段信息 B000 Unspecified number of segments accepted.B001 2 segments accepted.B010 4 segments accepted.B011 8 segments accepted.B100 16 segments accepted.B101 32 segments accepted.B110 64 segments accepted.B111 Greater than 64 segments accepted.Max Resp：指出将收到的（APDU）最大长度 B0000 Up to MinimumMessageSize(50 octets)B0001 Up to 128 octets B0010 Up to 206 octets(fits in a LonTalk frame)B0011 Up to 480 octets(fits in an ARCNET frame)B0100 Up to 1024 octets B0101 Up to 1476 octets(fits in an ISO 8802-3 frame)Invoke ID：调用者 ID Service Chioce：此处表明次报文的作用，详见 BACnetConfirmedServiceChoice Service Request：根据 BACnetConfirmedServiceChoice 不同而结构不同，详见 BACnet-Confirmed-Service-Request BACnetConfirmedServiceChoice:=枚举类型 -Alarm and Event Services acknowledgeAlarm (0),confirmedCOVNotification (1),confirmedEventNotification (2),忍一句，息一怒，饶一着，退一步。增广贤文以铜为镜，可以正衣冠；以古为镜，可以知兴替；以人为镜，可以明得失。旧唐书魏征列传getAlarmSummary (3),getEnrollmentSummary (4),getEventInformation (29),subscribeCOV (5),subscribeCOVProperty (28),lifeSafetyOperation (27),-File Access Services atomicReadFile (6),atomicWriteFile (7),-Object Access Services addListElement (8),removeListElement (9),createObject (10),deleteObject (11),readProperty (12),readPropertyConditional (13),readPropertyMultiple (14),readRange (26),writeProperty (15),writePropertyMultiple (16),。上述标记为红色的表示本次应用中所用到的，所以只对这些进行讲解。可以根据 BACnetConfirmedServiceChoice 找到相对应的 Request 或者 Ack 的数据的结构 BACnet-Confirmed-Service-Request:=CHOICE 127)OPTIONAL,-required for MS/TP master,see max-info-frames 63 Unsigned OPTIONAL,-required for MS/TP master,see device-address-binding 30 SEQUENCE OF BACnetAddressBinding,database-revision 155 Unsigned,configuration-files 154 SEQUENCE OF BACnetObjectIdentifier,last-restore-time 157 BACnetTimeStamp,backup-failure-timeout 153 Unsigned16,active-cov-subscriptions 152 SEQUENCE OF BACnetCOVSubscription,max-segments-accepted 167 Unsigned,slave-proxy-enable 172 SEQUENCE OF BOOLEAN OPTIONAL,auto-slave-discovery 169 SEQUENCE OF BOOLEAN OPTIONAL,slave-address-binding 171SEQUENCE OF BACnetAddressBinding OPTIONAL,宠辱不惊，看庭前花开花落；去留无意，望天上云卷云舒。洪应明丈夫志四方，有事先悬弧，焉能钧三江，终年守菰蒲。顾炎武manual-slave-address-binding 170 SEQUENCE OF BACnetAddressBinding OPTIONAL,profile-name 168 CharacterString OPTIONAL 上述标记为红色者既是本次应用用到的设备属性对象 ANALOG-INPUT:=SEQUENCE object-identifier 75 BACnetObjectIdentifier,object-name 77 CharacterString,object-type 79 BACnetObjectType,present-value 85 REAL,description 28 CharacterString OPTIONAL,device-type 31 CharacterString OPTIONAL,status-flags 111 BACnetStatusFlags,event-state 36 BACnetEventState,reliability 103 BACnetReliability OPTIONAL,out-of-service 81 BOOLEAN,update-interval 118 Unsigned OPTIONAL,units 117 BACnetEngineeringUnits,min-pres-value 69 REAL OPTIONAL,max-pres-value 65 REAL OPTIONAL,resolution 106 REAL OPTIONAL,cov-increment 22 REAL OPTIONAL,time-delay 113 Unsigned OPTIONAL,notification-class 17 Unsigned OPTIONAL,high-limit 45 REAL OPTIONAL,low-limit 59 REAL OPTIONAL,deadband 25 REAL OPTIONAL,limit-enable 52 BACnetLimitEnable OPTIONAL,event-enable 35 BACnetEventTransitionBits OPTIONAL,acked-transitions 0 BACnetEventTransitionBits OPTIONAL,notify-type 72 BACnetNotifyType OPTIONAL,event-time-stamps 130 SEQUENCE OF BACnetTimeStamp OPTIONAL,-accessed as a BACnetARRAY profile-name 168 CharacterString OPTIONAL ANALOG-OUTPUT:=SEQUENCE object-identifier 75 BACnetObjectIdentifier,object-name 77 CharacterString,object-type 79 BACnetObjectType,present-value 85 REAL,description 28 CharacterString OPTIONAL,device-type 31 CharacterString OPTIONAL,百川东到海，何时复西归？少壮不尽力，老大徒伤悲。汉乐府长歌行以家为家，以乡为乡，以国为国，以天下为天下。管子牧民status-flags 111 BACnetStatusFlags,event-state 36 BACnetEventState,reliability 103 BACnetReliability OPTIONAL,out-of-service 81 BOOLEAN,units 117 BACnetEngineeringUnits,min-pres-value 69 REAL OPTIONAL,max-pres-value 65 REAL OPTIONAL,resolution 106 REAL OPTIONAL,priority-array 87 BACnetPriorityArray,relinquish-default 104 REAL,cov-increment 22 REAL OPTIONAL,time-delay 113 Unsigned OPTIONAL,notification-class 17 Unsigned OPTIONAL,high-limit 45 REAL OPTIONAL,low-limit 59 REAL OPTIONAL,deadband 25 REAL OPTIONAL,limit-enable 52 BACnetLimitEnable OPTIONAL,event-enable 35 BACnetEventTransitionBits OPTIONAL,acked-transitions 0 BACnetEventTransitionBits OPTIONAL,notify-type 72 BACnetNotifyType OPTIONAL,event-time-stamps 130 SEQUENCE OF BACnetTimeStamp OPTIONAL,-accessed as a BACnetARRAY profile-name 168 CharacterString OPTIONAL ANALOG-VALUE:=SEQUENCE object-identifier 75 BACnetObjectIdentifier,object-name 77 CharacterString,object-type 79 BACnetObjectType,present-value 85 REAL,description 28 CharacterString OPTIONAL,status-flags 111 BACnetStatusFlags,event-state 36 BACnetEventState,reliability 103 BACnetReliability OPTIONAL,out-of-service 81 BOOLEAN,units 117 BACnetEngineeringUnits,priority-array 87 BACnetPriorityArray OPTIONAL,relinquish-default 104 REAL OPTIONAL,cov-increment 22 REAL OPTIONAL,time-delay 113 Unsigned OPTIONAL,notification-class 17 Unsigned OPTIONAL,high-limit 45 REAL OPTIONAL,low-limit 59 REAL OPTIONAL,deadband 25 REAL OPTIONAL,非淡泊无以明志，非宁静无以致远。诸葛亮以家为家，以乡为乡，以国为国，以天下为天下。管子牧民limit-enable 52 BACnetLimitEnable OPTIONAL,event-enable 35 BACnetEventTransitionBits OPTIONAL,acked-transitions 0 BACnetEventTransitionBits OPTIONAL,notify-type 72 BACnetNotifyType OPTIONAL,event-time-stamps 130 SEQUENCE OF BACnetTimeStamp OPTIONAL,-accessed as a BACnetARRAY profile-name 168 CharacterString OPTIONAL BINARY-INPUT:=SEQUENCE object-identifier 75 BACnetObjectIdentifier,object-name 77 CharacterString,object-type 79 BACnetObjectType,present-value 85 BACnetBinaryPV,description 28 CharacterString OPTIONAL,device-type 31 CharacterString OPTIONAL,status-flags 111 BACnetStatusFlags,event-state 36 BACnetEventState,reliability 103 BACnetReliability OPTIONAL,out-of-service 81 BOOLEAN,polarity 84 BACnetPolarity,inactive-text 46 CharacterString OPTIONAL,active-text 4 CharacterString OPTIONAL,change-of-state-time 16 BACnetDateTime OPTIONAL,change-of-state-count 15 Unsigned OPTIONAL,time-of-state-count-reset 115 BACnetDateTime OPTIONAL,elapsed-active-time 33 Unsigned32 OPTIONAL,time-of-active-time-reset 114 BACnetDateTime OPTIONAL,time-delay 113 Unsigned OPTIONAL,notification-class 17 Unsigned OPTIONAL,alarm-value 6 BACnetBinaryPV OPTIONAL,event-enable 35 BACnetEventTransitionBits OPTIONAL,acked-transitions 0 BACnetEventTransitionBits OPTIONAL,notify-type 72 BACnetNotifyType OPTIONAL,event-time-stamps 130 SEQUENCE OF BACnetTimeStamp OPTIONAL,-accessed as a BACnetARRAY profile-name 168 CharacterString OPTIONAL BINARY-OUTPUT:=SEQUENCE object-identifier 75 BACnetObjectIdentifier,object-name 77 CharacterString,object-type 79 BACnetObjectType,穷则独善其身，达则兼善天下。孟子大丈夫处世，不能立功建业，几与草木同腐乎？罗贯中百学须先立志。朱熹丈夫志四方，有事先悬弧，焉能钧三江，终年守菰蒲。顾炎武time-of-state-count-reset 115 BACnetDateTime OPTIONAL,elapsed-active-time 33 Unsigned32 OPTIONAL,time-of-active-time-reset 114 BACnetDateTime OPTIONAL,minimum-off-time 66 Unsigned32 OPTIONAL,minimum-on-time 67 Unsigned32 OPTIONAL,priority-array 87 BACnetPriorityArray OPTIONAL,relinquish-default 104 BACnetBinaryPV OPTIONAL,time-delay 113 Unsigned OPTIONAL,notification-class 17 Unsigned OPTIONAL,alarm-value 6 BACnetBinaryPV OPTIONAL,event-enable 35 BACnetEventTransitionBits OPTIONAL,acked-transitions 0 BACnetEventTransitionBits OPTIONAL,notify-type 72 BACnetNotifyType OPTIONAL,event-time-stamps 130 SEQUENCE OF BACnetTimeStamp OPTIONAL,-accessed as a BACnetARRAY profile-name 168 CharacterString OPTIONAL MULTI-STATE-INPUT:=SEQUENCE object-identifier 75 BACnetObjectIdentifier,object-name 77 CharacterString,object-type 79 BACnetObjectType,present-value 85Unsigned,-maximum value is restricted by the number-of-states description 28 CharacterString OPTIONAL,device-type 31 CharacterString OPTIONAL,status-flags 111 BACnetStatusFlags,event-state 36 BACnetEventState,reliability 103 BACnetReliability OPTIONAL,out-of-service 81 BOOLEAN,number-of-states 74 Unsigned,state-text 110 SEQUENCE OF CharacterString OPTIONAL,-accessed as a BACnetARRAY time-delay 113 Unsigned OPTIONAL,notification-class 17 Unsigned OPTIONAL,alarm-values 7 SEQUENCE OF Unsigned OPTIONAL,fault-values 39 SEQUENCE OF Unsigned OPTIONAL,event-enable 35 BACnetEventTransitionBits OPTIONAL,acked-transitions 0 BACnetEventTransitionBits OPTIONAL,notify-type 72 BACnetNotifyType OPTIONAL,event-time-stamps 130 SEQUENCE OF BACnetTimeStamp OPTIONAL,-accessed as a BACnetARRAY 志不强者智不达，言不信者行不果。墨翟谋事在人，成事在天！增广贤文profile-name 168 CharacterString OPTIONAL MULTI-STATE-OUTPUT:=SEQUENCE object-identifier 75 BACnetObjectIdentifier,object-name 77 CharacterString,object-type 79 BACnetObjectType,present-value 85 Unsigned,-maximum value is restricted by the number-of-states description 28 CharacterString OPTIONAL,device-type 31 CharacterString OPTIONAL,status-flags 111 BACnetStatusFlags,event-state 36 BACnetEventState,reliability 103 BACnetReliability OPTIONAL,out-of-service 81 BOOLEAN,number-of-states 74 Unsigned,state-text 110 SEQUENCE OF CharacterString OPTIONAL,-accessed as a BACnetARRAY priority-array 87 BACnetPriorityArray,relinquish-default 104 Unsigned,time-delay 113 Unsigned OPTIONAL,notification-class 17 Unsigned OPTIONAL,feedback-value 40 Unsigned OPTIONAL,event-enable 35 BACnetEventTransitionBits OPTIONAL,acked-transitions 0 BACnetEventTransitionBits OPTIONAL,notify-type 72 BACnetNotifyType OPTIONAL,event-time-stamps 130 SEQUENCE OF BACnetTimeStamp OPTIONAL,-accessed as a BACnetARRAY profile-name 168 CharacterString OPTIONAL MULTI-STATE-VALUE:=SEQUENCE object-identifier 75 BACnetObjectIdentifier,object-name 77 CharacterString,object-type 79 BACnetObjectType,present-value 85 Unsigned,-maximum value is restricted by the number-of-states description 28 CharacterString OPTIONAL,status-flags 111 BACnetStatusFlags,event-state 36 BACnetEventState,reliability 103 BACnetReliability OPTIONAL,out-of-service 81 BOOLEAN,number-of-states 74 Unsigned,勿以恶小而为之，勿以善小而不为。刘备云路鹏程九万里，雪窗萤火二十年。王实甫state-text 110 SEQUENCE OF CharacterString OPTIONAL,-accessed as a BACnetARRAY priority-array 87 BACnetPriorityArray OPTIONAL,relinquish-default 104 Unsigned OPTIONAL,time-delay 113 Unsigned OPTIONAL,notification-class 17 Unsigned OPTIONAL,alarm-values 7 SEQUENCE OF Unsigned OPTIONAL,fault-values 39 SEQUENCE OF Unsigned OPTIONAL,event-enable 35 BACnetEventTransitionBits OPTIONAL,acked-transitions 0 BACnetEventTransitionBits OPTIONAL,notify-type 72 BACnetNotifyType OPTIONAL,event-time-stamps 130 SEQUENCE OF BACnetTimeStamp OPTIONAL,-accessed as a BACnetARRAY profile-name 168 CharacterString OPTIONAL BACnetObjectType:=ENUMERATED accumulator (23),analog-input (0),analog-output (1),analog-value (2),averaging (18),binary-input (3),binary-output (4),binary-value (5),calendar (6),command (7),device (8),event-enrollment (9),file (10),group (11),life-safety-point (21),life-safety-zone (22),loop (12),multi-state-input (13),multi-state-output (14),multi-state