1
\$\begingroup\$

I was wondering how the CANbus reacts to incomplete, irregular messages.

For example, lets say a node on the network was hacked or compromised and sends only the SOF bit and the 11-bit identifier but nothing else afterwards. How does the CANbus react?

My hypothesis (assuming the node wins arbitration) is that because you can only send either a '1' or '0', to stop transmitting really means you'll be sending a string of bits of the same level and then this will raise a bit stuffing error. Can anyone confirm if this is the case?

This leads me to my 2nd scenario, how does the CANbus react to a message whose data field's size is different than what the DLC indicates? I would imagine this would throw off the synchronization of the other nodes on the bus and result in an ACK error correct?

For now those are the only irregular, incomplete message scenarios I have. If I think of anymore I'll post them in this thread. Any help would be greatly appreciated. Thank you!

\$\endgroup\$

2 Answers 2

Reset to default
1
\$\begingroup\$

Scenario 1: This would raise the bit stuffing error, as you assumed.

bit stuff error from microchip

As for scenario 2, there is two options:

  • A shorter payload than specified would look like an ACK error to the rouge node only (who probably doesn't care) and will trigger a bit stuffing error on the other nodes, as the rogue has stopped transmitting at least 8 bits earlier than they're expecting, resulting in 6 or more recessive bits on the bus.

  • A longer DLC than specified will result in a CRC error most likely, as the rogue is still pushing payload while the receivers are expecting CRC, or in the unlikely event of a collision between payload and CRC data (or a carefully crafted packet from a very naughty rogue) the receivers would see transitions in the end of frame or interframe space and throw a framing (or form) error, or in this microchip's case, a "something bad happened, whatever" error:

error error from microchip

crc error from microchip

images sources from microchips can module data sheet for their dsPIC line here: http://ww1.microchip.com/downloads/en/DeviceDoc/70070b.pdf

As for what this would do to the bus: it would be upsetting for the honest nodes. They would start generating error frames and incrementing their receive error counters to the point where they stop generating active error frames. The good news is that they will never go bus-off due to receive errors.

\$\endgroup\$
0
0
\$\begingroup\$

From what i know every CAN-transiver has an error counter for sent and recieved messages. Every errors sent by this "hacked" transiver will increase the error-counter till a certain value where the transiver gets shut off.

\$\endgroup\$
1
  • 1
    \$\begingroup\$ Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center. \$\endgroup\$
    – Community Bot
    Commented Jun 27, 2022 at 4:15

Not the answer you're looking for? Browse other questions tagged or ask your own question.