Solution to MSTP frame desynchronization

We had discussed BACnet MSTP weakness to frame desyncrhonization in below:

BACnet MSTP frame lost synchronization

Attack BACnet MSTP by frame desynchronization

But what is BACRouter’s solution to this problem, let’s looking for clue from standard 9.5.3:

Tframe_gap is “The maximum idle time a sending node may allow to elapse between octets of a frame the node is transmitting”, its value is 20 bits time. Almost every MSTP implementation have zero gap between octets in frame.

So BACRouter use a revised RSM:

  1. When there is a idle line longer than 20 bits time, the previous partial frame is aborted.
  2. Every valid frame should have prefixing 40bits idle line (The final version is slightly optimized to be compatible with devices not respecting to Tturnround).

In 115200bps, one bit time is only 8.7us. To precisely measure duration of idle line, the timer granularity of BACRouter is set to only 5us. It help to resist to frame desynchronization, and reach 98.8% bandwidth utilization on 115.2kbps because BACRouter no more waste time when 40 bits Tturnaround is over.