2 * Routines for Modbus/TCP and Modbus/UDP dissection
3 * By Riaan Swart <rswart@cs.sun.ac.za>
4 * Copyright 2001, Institute for Applied Computer Science
5 * University of Stellenbosch
7 * See http://www.modbus.org/ for information on Modbus/TCP.
9 * Updated to v1.1b of the Modbus Application Protocol specification
10 * Michael Mann * Copyright 2011
12 * Updates Oct/Nov 2012 (Chris Bontje, cbontje[*at*]gmail.com)
13 * - Some re-factoring to include support for serial Modbus RTU encapsulated in TCP messages
14 * - Minor text/syntax clean-up
15 * - Include decoding of holding/input response register data
16 * - Optionally decode holding/input registers as UINT16, UINT32, 32-bit Float IEEE/Modicon
17 * - Add various register address formatting options as "Raw", "Modicon 5-digit", "Modicon 6-digit"
19 * Updates Aug 2013 (Chris Bontje)
20 * - Improved dissection support for serial Modbus RTU with detection of query or response messages
22 *****************************************************************************************************
23 * A brief explanation of the distinction between Modbus/TCP and Modbus RTU over TCP:
25 * Consider a Modbus poll message: Unit 01, Scan Holding Register Address 0 for 30 Registers
27 * The Modbus/TCP message structure will follow the pattern below:
28 * 00 00 00 00 00 06 01 03 00 00 00 1E
29 * AA AA BB BB CC CC DD EE FF FF GG GG
31 * A = 16-bit Transaction Identifier (typically increments, or is locked at zero)
32 * B = 16-bit Protocol Identifier (typically zero)
33 * C = 16-bit Length of data payload following (and inclusive of) the length byte
34 * D = 8-bit Unit / Slave ID
35 * E = 8-bit Modbus Function Code
36 * F = 16-bit Reference Number / Register Base Address
37 * G = 16-bit Word Count / Number of Registers to scan
39 * A identical Modbus RTU (or Modbus RTU over TCP) message will overlay partially with the msg above
40 * and contain 16-bit CRC at the end:
41 * 00 00 00 00 00 06 01 03 00 00 00 1E -- -- (Modbus/TCP message, repeated from above)
42 * -- -- -- -- -- -- 01 03 00 00 00 1E C5 C2 (Modbus RTU over TCP message, includes 16-bit CRC footer)
43 * AA AA BB BB CC CC DD EE FF FF GG GG HH HH
45 * A = Not present in Modbus RTU message
46 * B = Not present in Modbus RTU message
47 * C = Not present in Modbus RTU message
48 * D = 8-bit Unit / Slave ID
49 * E = 8-bit Modbus Function Code
50 * F = 16-bit Reference Number / Register Base Address
51 * G = 16-bit Word Count / Number of Registers to scan
54 *****************************************************************************************************
55 * Wireshark - Network traffic analyzer
56 * By Gerald Combs <gerald@wireshark.org>
57 * Copyright 1998 Gerald Combs
59 * This program is free software; you can redistribute it and/or
60 * modify it under the terms of the GNU General Public License
61 * as published by the Free Software Foundation; either version 2
62 * of the License, or (at your option) any later version.
64 * This program is distributed in the hope that it will be useful,
65 * but WITHOUT ANY WARRANTY; without even the implied warranty of
66 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
67 * GNU General Public License for more details.
69 * You should have received a copy of the GNU General Public License
70 * along with this program; if not, write to the Free Software
71 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
76 #include <epan/packet.h>
77 #include "packet-tcp.h"
78 #include "packet-mbtcp.h"
79 #include "packet-rtacser.h"
80 #include <epan/prefs.h>
81 #include <epan/expert.h>
82 #include <epan/crc16-tvb.h> /* For CRC verification */
84 void proto_register_modbus(void);
85 void proto_reg_handoff_mbtcp(void);
86 void proto_reg_handoff_mbrtu(void);
88 /* Initialize the protocol and registered fields */
89 static int proto_mbtcp = -1;
90 static int proto_mbrtu = -1;
91 static int proto_modbus = -1;
92 static int hf_mbtcp_transid = -1;
93 static int hf_mbtcp_protid = -1;
94 static int hf_mbtcp_len = -1;
95 static int hf_mbtcp_unitid = -1;
96 static int hf_mbtcp_functioncode = -1;
97 static int hf_modbus_reference = -1;
98 static int hf_modbus_padding = -1;
99 static int hf_modbus_lreference = -1;
100 static int hf_modbus_reftype = -1;
101 static int hf_modbus_readref = -1;
102 static int hf_modbus_writeref = -1;
103 static int hf_modbus_wordcnt = -1;
104 static int hf_modbus_readwordcnt = -1;
105 static int hf_modbus_writewordcnt = -1;
106 static int hf_modbus_bytecnt = -1;
107 static int hf_modbus_lbytecnt = -1;
108 static int hf_modbus_bitcnt = -1;
109 static int hf_modbus_exceptioncode = -1;
110 static int hf_modbus_diag_sf = -1;
111 static int hf_modbus_diag_return_query_data_request = -1;
112 static int hf_modbus_diag_return_query_data_echo = -1;
113 static int hf_modbus_diag_restart_communication_option = -1;
114 static int hf_modbus_diag_return_diag_register = -1;
115 static int hf_modbus_diag_ascii_input_delimiter = -1;
116 static int hf_modbus_diag_return_bus_message_count = -1;
117 static int hf_modbus_diag_return_bus_comm_error_count = -1;
118 static int hf_modbus_diag_return_bus_exception_error_count = -1;
119 static int hf_modbus_diag_return_slave_message_count = -1;
120 static int hf_modbus_diag_return_no_slave_response_count = -1;
121 static int hf_modbus_diag_return_slave_nak_count = -1;
122 static int hf_modbus_diag_return_slave_busy_count = -1;
123 static int hf_modbus_diag_return_bus_char_overrun_count = -1;
124 static int hf_modbus_status = -1;
125 static int hf_modbus_event = -1;
126 static int hf_modbus_event_count = -1;
127 static int hf_modbus_message_count = -1;
128 static int hf_modbus_event_recv_comm_err = -1;
129 static int hf_modbus_event_recv_char_over = -1;
130 static int hf_modbus_event_recv_lo_mode = -1;
131 static int hf_modbus_event_recv_broadcast = -1;
132 static int hf_modbus_event_send_read_ex = -1;
133 static int hf_modbus_event_send_slave_abort_ex = -1;
134 static int hf_modbus_event_send_slave_busy_ex = -1;
135 static int hf_modbus_event_send_slave_nak_ex = -1;
136 static int hf_modbus_event_send_write_timeout = -1;
137 static int hf_modbus_event_send_lo_mode = -1;
138 static int hf_modbus_andmask = -1;
139 static int hf_modbus_ormask = -1;
140 static int hf_modbus_data = -1;
141 static int hf_modbus_mei = -1;
142 static int hf_modbus_read_device_id = -1;
143 static int hf_modbus_object_id = -1;
144 static int hf_modbus_num_objects = -1;
145 static int hf_modbus_list_object_len = -1;
146 static int hf_modbus_conformity_level = -1;
147 static int hf_modbus_more_follows = -1;
148 static int hf_modbus_next_object_id = -1;
149 static int hf_modbus_object_str_value = -1;
150 static int hf_modbus_object_value = -1;
151 static int hf_modbus_reg_uint16 = -1;
152 static int hf_modbus_reg_uint32 = -1;
153 static int hf_modbus_reg_ieee_float = -1;
154 static int hf_modbus_reg_modicon_float = -1;
155 static int hf_mbrtu_unitid = -1;
156 static int hf_mbrtu_crc16 = -1;
158 /* Initialize the subtree pointers */
159 static gint ett_mbtcp = -1;
160 static gint ett_mbrtu = -1;
161 static gint ett_modbus_hdr = -1;
162 static gint ett_group_hdr = -1;
163 static gint ett_events = -1;
164 static gint ett_events_recv = -1;
165 static gint ett_events_send = -1;
166 static gint ett_device_id_objects = -1;
167 static gint ett_device_id_object_items = -1;
169 static expert_field ei_mbrtu_crc16_incorrect = EI_INIT;
170 static expert_field ei_modbus_data_decode = EI_INIT;
172 static dissector_handle_t modbus_handle;
173 static dissector_handle_t mbtcp_handle;
174 static dissector_handle_t mbrtu_handle;
176 static dissector_table_t modbus_data_dissector_table;
177 static dissector_table_t modbus_dissector_table;
180 /* Globals for Modbus/TCP Preferences */
181 static gboolean mbtcp_desegment = TRUE;
182 static guint global_mbus_tcp_port = PORT_MBTCP; /* Port 502, by default */
183 static gint global_mbus_tcp_register_format = MBTCP_PREF_REGISTER_FORMAT_UINT16;
184 static gint global_mbus_tcp_register_addr_type = MBTCP_PREF_REGISTER_ADDR_RAW;
186 /* Globals for Modbus RTU over TCP Preferences */
187 static gboolean mbrtu_desegment = TRUE;
188 static guint global_mbus_rtu_port = PORT_MBRTU; /* 0, by default */
189 static gint global_mbus_rtu_register_format = MBTCP_PREF_REGISTER_FORMAT_UINT16;
190 static gint global_mbus_rtu_register_addr_type = MBTCP_PREF_REGISTER_ADDR_RAW;
191 static gboolean mbrtu_crc = FALSE;
194 classify_mbtcp_packet(packet_info *pinfo)
196 /* see if nature of packets can be derived from src/dst ports */
197 /* if so, return as found */
199 /* XXX Update Oct 2012 - It can be difficult to determine if a packet is a query or response; some way to track */
200 /* the Modbus/TCP transaction ID for each pair of messages would allow for detection based on a new seq. number. */
201 /* Otherwise, we can stick with this method; a configurable port option has been added to allow for usage of */
202 /* user ports either than the default of 502. */
203 if (( pinfo->srcport == global_mbus_tcp_port ) && ( pinfo->destport != global_mbus_tcp_port ))
204 return RESPONSE_PACKET;
205 if (( pinfo->srcport != global_mbus_tcp_port ) && ( pinfo->destport == global_mbus_tcp_port ))
208 /* else, cannot classify */
209 return CANNOT_CLASSIFY;
213 classify_mbrtu_packet(packet_info *pinfo, tvbuff_t *tvb)
215 /* see if nature of packets can be derived from src/dst ports */
216 /* if so, return as found */
217 if (( pinfo->srcport == global_mbus_rtu_port ) && ( pinfo->destport != global_mbus_rtu_port ))
218 return RESPONSE_PACKET;
219 if (( pinfo->srcport != global_mbus_rtu_port ) && ( pinfo->destport == global_mbus_rtu_port ))
222 /* Special case for serial-captured packets that don't have an Ethernet header */
223 /* Dig into these a little deeper to try to guess the message type */
224 if (!pinfo->srcport) {
225 /* If length is 8, this is either a query or very short response */
226 if (tvb_length(tvb) == 8) {
227 /* Only possible to get a response message of 8 bytes with Discrete or Coils */
228 if ((tvb_get_guint8(tvb, 1) == READ_COILS) || (tvb_get_guint8(tvb, 1) == READ_DISCRETE_INPUTS)) {
229 /* If this is, in fact, a response then the data byte count will be 3 */
230 /* This will correctly identify all messages except for those that are discrete or coil polls */
231 /* where the base address range happens to have 0x03 in the upper 16-bit address register */
232 if (tvb_get_guint8(tvb, 2) == 3) {
233 return RESPONSE_PACKET;
244 return RESPONSE_PACKET;
248 /* else, cannot classify */
249 return CANNOT_CLASSIFY;
252 /* Translate function to string, as given on p6 of
253 * "Open Modbus/TCP Specification", release 1 by Andy Swales.
255 static const value_string function_code_vals[] = {
256 { READ_COILS, "Read Coils" },
257 { READ_DISCRETE_INPUTS, "Read Discrete Inputs" },
258 { READ_HOLDING_REGS, "Read Holding Registers" },
259 { READ_INPUT_REGS, "Read Input Registers" },
260 { WRITE_SINGLE_COIL, "Write Single Coil" },
261 { WRITE_SINGLE_REG, "Write Single Register" },
262 { READ_EXCEPT_STAT, "Read Exception Status" },
263 { DIAGNOSTICS, "Diagnostics" },
264 { GET_COMM_EVENT_CTRS, "Get Comm. Event Counters" },
265 { GET_COMM_EVENT_LOG, "Get Comm. Event Log" },
266 { WRITE_MULT_COILS, "Write Multiple Coils" },
267 { WRITE_MULT_REGS, "Write Multiple Registers" },
268 { REPORT_SLAVE_ID, "Report Slave ID" },
269 { READ_FILE_RECORD, "Read File Record" },
270 { WRITE_FILE_RECORD, "Write File Record" },
271 { MASK_WRITE_REG, "Mask Write Register" },
272 { READ_WRITE_REG, "Read Write Register" },
273 { READ_FIFO_QUEUE, "Read FIFO Queue" },
274 { ENCAP_INTERFACE_TRANSP, "Encapsulated Interface Transport" },
275 { UNITY_SCHNEIDER, "Unity (Schneider)" },
279 /* Translate exception code to string */
280 static const value_string exception_code_vals[] = {
281 { ILLEGAL_FUNCTION, "Illegal function" },
282 { ILLEGAL_ADDRESS, "Illegal data address" },
283 { ILLEGAL_VALUE, "Illegal data value" },
284 { SLAVE_FAILURE, "Slave device failure" },
285 { ACKNOWLEDGE, "Acknowledge" },
286 { SLAVE_BUSY, "Slave device busy" },
287 { MEMORY_ERR, "Memory parity error" },
288 { GATEWAY_UNAVAILABLE, "Gateway path unavailable" },
289 { GATEWAY_TRGT_FAIL, "Gateway target device failed to respond" },
293 /* Translate Modbus Encapsulation Interface (MEI) code to string */
294 static const value_string encap_interface_code_vals[] = {
295 { CANOPEN_REQ_RESP, "CANopen Request/Response " },
296 { READ_DEVICE_ID, "Read Device Identification" },
300 /* Translate Modbus Diagnostic subfunction code to string */
301 static const value_string diagnostic_code_vals[] = {
302 { RETURN_QUERY_DATA, "Return Query Data" },
303 { RESTART_COMMUNICATION_OPTION, "Restart Communications Option" },
304 { RETURN_DIAGNOSTIC_REGISTER, "Return Diagnostic Register" },
305 { CHANGE_ASCII_INPUT_DELIMITER, "Change ASCII Input Delimiter" },
306 { FORCE_LISTEN_ONLY_MODE, "Force Listen Only Mode" },
307 { CLEAR_COUNTERS_AND_DIAG_REG, "Clear Counters and Diagnostic Register" },
308 { RETURN_BUS_MESSAGE_COUNT, "Return Bus Message Count" },
309 { RETURN_BUS_COMM_ERROR_COUNT, "Return Bus Communication Error Count" },
310 { RETURN_BUS_EXCEPTION_ERROR_COUNT, "Return Bus Exception Error Count" },
311 { RETURN_SLAVE_MESSAGE_COUNT, "Return Slave Message Count" },
312 { RETURN_SLAVE_NO_RESPONSE_COUNT, "Return Slave No Response Count" },
313 { RETURN_SLAVE_NAK_COUNT, "Return Slave NAK Count" },
314 { RETURN_SLAVE_BUSY_COUNT, "Return Slave Busy Count" },
315 { RETURN_BUS_CHAR_OVERRUN_COUNT, "Return Bus Character Overrun Count" },
316 { CLEAR_OVERRUN_COUNTER_AND_FLAG, "Clear Overrun Counter and Flag" },
320 static const value_string diagnostic_restart_communication_option_vals[] = {
322 { 0xFF, "Clear Log" },
326 /* Translate read device code to string */
327 static const value_string read_device_id_vals[] = {
328 { 1, "Basic Device Identification" },
329 { 2, "Regular Device Identification" },
330 { 3, "Extended Device Identification" },
331 { 4, "Specific Identification Object" },
336 /* Translate read device code to string */
337 static const value_string object_id_vals[] = {
339 { 1, "ProductCode" },
340 { 2, "MajorMinorRevision" },
342 { 4, "ProductName" },
344 { 6, "UserApplicationName" },
349 static const value_string conformity_level_vals[] = {
350 { 0x01, "Basic Device Identification (stream)" },
351 { 0x02, "Regular Device Identification (stream)" },
352 { 0x03, "Extended Device Identification (stream)" },
353 { 0x81, "Basic Device Identification (stream and individual)" },
354 { 0x82, "Regular Device Identification (stream and individual)" },
355 { 0x83, "Extended Device Identification (stream and individual)" },
360 static const enum_val_t mbus_register_format[] = {
361 { "UINT16 ", "UINT16 ", MBTCP_PREF_REGISTER_FORMAT_UINT16 },
362 { "UINT32 ", "UINT32 ", MBTCP_PREF_REGISTER_FORMAT_UINT32 },
363 { "IEEE FLT ", "IEEE FLT ", MBTCP_PREF_REGISTER_FORMAT_IEEE_FLOAT },
364 { "MODICON FLT", "MODICON FLT", MBTCP_PREF_REGISTER_FORMAT_MODICON_FLOAT },
368 static const enum_val_t mbus_register_addr_type[] = {
369 { "RAW ", "RAW ", MBTCP_PREF_REGISTER_ADDR_RAW },
370 { "MODICON 5-DIGIT", "MODICON 5-DIGIT", MBTCP_PREF_REGISTER_ADDR_MOD5 },
371 { "MODICON 6-DIGIT", "MODICON 6-DIGIT", MBTCP_PREF_REGISTER_ADDR_MOD6 },
375 /* Code to dissect Modbus/TCP packets */
377 dissect_mbtcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
379 /* Set up structures needed to add the protocol subtree and manage it */
381 proto_tree *mbtcp_tree;
382 int offset, packet_type;
384 const char *func_string = "";
385 const char *pkt_type_str = "";
386 const char *err_str = "";
387 guint16 transaction_id, protocol_id, len;
388 guint8 unit_id, function_code, exception_code, subfunction_code;
389 void *p_save_proto_data;
390 modbus_request_info_t *request_info;
392 /* Make entries in Protocol column on summary display */
393 col_set_str(pinfo->cinfo, COL_PROTOCOL, "Modbus/TCP");
394 col_clear(pinfo->cinfo, COL_INFO);
396 transaction_id = tvb_get_ntohs(tvb, 0);
397 protocol_id = tvb_get_ntohs(tvb, 2);
398 len = tvb_get_ntohs(tvb, 4);
400 unit_id = tvb_get_guint8(tvb, 6);
401 function_code = tvb_get_guint8(tvb, 7) & 0x7F;
403 /* Make entries in Info column on summary display */
406 /* Find exception - last bit set in function code */
407 if (tvb_get_guint8(tvb, 7) & 0x80) {
408 exception_code = tvb_get_guint8(tvb, offset + 8);
414 if ((function_code == ENCAP_INTERFACE_TRANSP) && (exception_code == 0)) {
415 func_string = val_to_str_const(tvb_get_guint8(tvb, offset + 8), encap_interface_code_vals, "Encapsulated Interface Transport");
416 subfunction_code = 1;
418 else if ((function_code == DIAGNOSTICS) && (exception_code == 0)) {
419 func_string = val_to_str_const(tvb_get_ntohs(tvb, offset + 8), diagnostic_code_vals, "Diagnostics");
420 subfunction_code = 1;
423 func_string = val_to_str(function_code, function_code_vals, "Unknown function (%d)");
424 subfunction_code = 0;
427 /* "Request" or "Response" */
428 packet_type = classify_mbtcp_packet(pinfo);
430 switch ( packet_type ) {
432 pkt_type_str="Query";
434 case RESPONSE_PACKET :
435 pkt_type_str="Response";
437 case CANNOT_CLASSIFY :
438 err_str="Unable to classify as query or response.";
439 pkt_type_str="unknown";
444 if ( exception_code != 0 )
445 err_str="Exception returned ";
447 if (subfunction_code == 0) {
448 if (strlen(err_str) > 0) {
449 col_add_fstr(pinfo->cinfo, COL_INFO,
450 "%8s: Trans: %5u; Unit: %3u, Func: %3u: %s. %s",
451 pkt_type_str, transaction_id, unit_id,
452 function_code, func_string, err_str);
455 col_add_fstr(pinfo->cinfo, COL_INFO,
456 "%8s: Trans: %5u; Unit: %3u, Func: %3u: %s",
457 pkt_type_str, transaction_id, unit_id,
458 function_code, func_string);
462 if (strlen(err_str) > 0) {
463 col_add_fstr(pinfo->cinfo, COL_INFO,
464 "%8s: Trans: %5u; Unit: %3u, Func: %3u/%3u: %s. %s",
465 pkt_type_str, transaction_id, unit_id,
466 function_code, subfunction_code, func_string, err_str);
469 col_add_fstr(pinfo->cinfo, COL_INFO,
470 "%8s: Trans: %5u; Unit: %3u, Func: %3u/%3u: %s",
471 pkt_type_str, transaction_id, unit_id,
472 function_code, subfunction_code, func_string);
476 mi = proto_tree_add_protocol_format(tree, proto_mbtcp, tvb, offset,
477 len+6, "Modbus/TCP");
478 mbtcp_tree = proto_item_add_subtree(mi, ett_mbtcp);
480 /* Add items to protocol tree specific to Modbus/TCP */
481 proto_tree_add_uint(mbtcp_tree, hf_mbtcp_transid, tvb, offset, 2, transaction_id);
482 proto_tree_add_uint(mbtcp_tree, hf_mbtcp_protid, tvb, offset + 2, 2, protocol_id);
483 proto_tree_add_uint(mbtcp_tree, hf_mbtcp_len, tvb, offset + 4, 2, len);
484 proto_tree_add_uint(mbtcp_tree, hf_mbtcp_unitid, tvb, offset + 6, 1, unit_id);
486 /* dissect the Modbus PDU */
487 next_tvb = tvb_new_subset_length( tvb, offset+7, len-1);
489 /* keep existing context */
490 p_save_proto_data = p_get_proto_data(wmem_file_scope(), pinfo, proto_modbus, 0 );
491 p_remove_proto_data(wmem_file_scope(), pinfo, proto_modbus, 0);
493 /* Create enough context for Modbus dissector */
494 request_info = wmem_new(wmem_packet_scope(), modbus_request_info_t);
495 request_info->packet_type = (guint8)packet_type;
496 request_info->register_addr_type = (guint8)global_mbus_tcp_register_addr_type;
497 request_info->register_format = (guint8)global_mbus_tcp_register_format;
498 p_add_proto_data(wmem_file_scope(), pinfo, proto_modbus, 0, request_info);
500 /* Continue with dissection of Modbus data payload following Modbus/TCP frame */
501 if( tvb_length_remaining(tvb, offset) > 0 )
502 call_dissector(modbus_handle, next_tvb, pinfo, tree);
504 p_remove_proto_data(wmem_file_scope(), pinfo, proto_modbus, 0);
505 p_add_proto_data(wmem_file_scope(), pinfo, proto_modbus, 0, p_save_proto_data);
506 return tvb_length(tvb);
509 /* Code to dissect Modbus RTU over TCP packets */
511 dissect_mbrtu_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
513 /* Set up structures needed to add the protocol subtree and manage it */
514 proto_item *mi, *crc_item;
515 proto_tree *mbrtu_tree;
516 gint offset, packet_type;
518 const char *func_string = "";
519 const char *pkt_type_str = "";
520 const char *err_str = "";
521 guint16 len, crc16, calc_crc16;
522 guint8 unit_id, function_code, exception_code, subfunction_code;
523 void *p_save_proto_data;
524 modbus_request_info_t *request_info;
526 /* Make entries in Protocol column on summary display */
527 col_set_str(pinfo->cinfo, COL_PROTOCOL, "Modbus RTU");
528 col_clear(pinfo->cinfo, COL_INFO);
530 len = tvb_length(tvb);
532 unit_id = tvb_get_guint8(tvb, 0);
533 function_code = tvb_get_guint8(tvb, 1) & 0x7F;
534 crc16 = tvb_get_ntohs(tvb, len-2);
536 /* Make entries in Info column on summary display */
539 /* Find exception - last bit set in function code */
540 if (tvb_get_guint8(tvb, 1) & 0x80) {
541 exception_code = tvb_get_guint8(tvb, offset + 2);
547 if ((function_code == ENCAP_INTERFACE_TRANSP) && (exception_code == 0)) {
548 func_string = val_to_str_const(tvb_get_guint8(tvb, offset + 2), encap_interface_code_vals, "Encapsulated Interface Transport");
549 subfunction_code = 1;
551 else if ((function_code == DIAGNOSTICS) && (exception_code == 0)) {
552 func_string = val_to_str_const(tvb_get_ntohs(tvb, offset + 2), diagnostic_code_vals, "Diagnostics");
553 subfunction_code = 1;
556 func_string = val_to_str(function_code, function_code_vals, "Unknown function (%d)");
557 subfunction_code = 0;
560 /* "Request" or "Response" */
561 packet_type = classify_mbrtu_packet(pinfo, tvb);
563 switch ( packet_type ) {
565 pkt_type_str="Query";
567 case RESPONSE_PACKET :
568 pkt_type_str="Response";
570 case CANNOT_CLASSIFY :
571 err_str="Unable to classify as query or response.";
572 pkt_type_str="unknown";
577 if ( exception_code != 0 )
578 err_str="Exception returned ";
580 if (subfunction_code == 0) {
581 if (strlen(err_str) > 0) {
582 col_add_fstr(pinfo->cinfo, COL_INFO,
583 "%8s: Unit: %3u, Func: %3u: %s. %s",
584 pkt_type_str, unit_id,
585 function_code, func_string, err_str);
588 col_add_fstr(pinfo->cinfo, COL_INFO,
589 "%8s: Unit: %3u, Func: %3u: %s",
590 pkt_type_str, unit_id,
591 function_code, func_string);
595 if (strlen(err_str) > 0) {
596 col_add_fstr(pinfo->cinfo, COL_INFO,
597 "%8s: Unit: %3u, Func: %3u/%3u: %s. %s",
598 pkt_type_str, unit_id,
599 function_code, subfunction_code, func_string, err_str);
602 col_add_fstr(pinfo->cinfo, COL_INFO,
603 "%8s: Unit: %3u, Func: %3u/%3u: %s",
604 pkt_type_str, unit_id,
605 function_code, subfunction_code, func_string);
609 mi = proto_tree_add_protocol_format(tree, proto_mbrtu, tvb, offset,
611 mbrtu_tree = proto_item_add_subtree(mi, ett_mbrtu);
613 /* Add items to protocol tree specific to Modbus RTU */
614 proto_tree_add_uint(mbrtu_tree, hf_mbrtu_unitid, tvb, offset, 1, unit_id);
615 crc_item = proto_tree_add_uint(mbrtu_tree, hf_mbrtu_crc16, tvb, len-2, 2, crc16);
620 calc_crc16 = crc16_plain_tvb_offset_seed(tvb, offset, len-2, 0xFFFF);
621 if (g_htons(calc_crc16) != crc16)
622 expert_add_info_format(pinfo, crc_item, &ei_mbrtu_crc16_incorrect, "Incorrect CRC - should be 0x%04x", g_htons(calc_crc16));
625 /* make sure to ignore the CRC-16 footer bytes */
628 /* dissect the Modbus PDU */
629 next_tvb = tvb_new_subset_length( tvb, offset+1, len-1);
631 /* keep existing context */
632 p_save_proto_data = p_get_proto_data(wmem_file_scope(), pinfo, proto_modbus, 0 );
633 p_remove_proto_data(wmem_file_scope(), pinfo, proto_modbus, 0);
635 /* Create enough context for Modbus dissector */
636 request_info = wmem_new(wmem_packet_scope(), modbus_request_info_t);
637 request_info->packet_type = (guint8)packet_type;
638 request_info->register_addr_type = (guint8)global_mbus_rtu_register_addr_type;
639 request_info->register_format = (guint8)global_mbus_rtu_register_format;
640 p_add_proto_data(wmem_file_scope(), pinfo, proto_modbus, 0, request_info);
642 /* Continue with dissection of Modbus data payload following Modbus RTU frame */
643 if( tvb_length_remaining(tvb, offset) > 0 )
644 call_dissector(modbus_handle, next_tvb, pinfo, tree);
646 p_remove_proto_data(wmem_file_scope(), pinfo, proto_modbus, 0);
647 p_add_proto_data(wmem_file_scope(), pinfo, proto_modbus, 0, p_save_proto_data);
648 return tvb_length(tvb);
652 /* Return length of Modbus/TCP message */
654 get_mbtcp_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
659 * Get the length of the data from the encapsulation header.
661 plen = tvb_get_ntohs(tvb, offset + 4);
664 * That length doesn't include the encapsulation header itself;
670 /* Return length of Modbus RTU over TCP message */
672 get_mbrtu_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset _U_)
675 /* Modbus/TCP frames include a "length" word in each message; Modbus RTU over TCP does not, so don't attempt to get one */
676 return tvb_length(tvb);
680 /* Code to dissect Modbus/TCP messages */
682 dissect_mbtcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
685 /* Make sure there's at least enough data to determine it's a Modbus TCP packet */
686 if (!tvb_bytes_exist(tvb, 0, 8))
689 /* check that it actually looks like Modbus/TCP */
690 /* protocol id == 0 */
691 if(tvb_get_ntohs(tvb, 2) != 0 ){
694 /* length is at least 2 (unit_id + function_code) */
695 if(tvb_get_ntohs(tvb, 4) < 2 ){
699 /* build up protocol tree and iterate over multiple packets */
700 tcp_dissect_pdus(tvb, pinfo, tree, mbtcp_desegment, 6,
701 get_mbtcp_pdu_len, dissect_mbtcp_pdu, data);
703 return tvb_length(tvb);
706 /* Code to dissect Modbus RTU over TCP messages */
708 dissect_mbrtu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
711 /* Make sure there's at least enough data to determine it's a Modbus packet */
712 if (!tvb_bytes_exist(tvb, 0, 6))
715 /* For Modbus RTU mode, confirm that the first byte is a valid address (non-zero), */
716 /* so we can eliminate false-posititves on Modbus TCP messages loaded as RTU */
717 if(tvb_get_guint8(tvb, 0) == 0 )
720 /* build up protocol tree and iterate over multiple packets */
721 tcp_dissect_pdus(tvb, pinfo, tree, mbrtu_desegment, 6,
722 get_mbrtu_pdu_len, dissect_mbrtu_pdu, data);
724 return tvb_length(tvb);
728 /* Code to allow further dissection of Modbus data payload */
729 /* Common to both Modbus/TCP and Modbus RTU dissectors */
731 dissect_modbus_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 function_code,
732 gint payload_start, gint payload_len, guint8 register_format)
734 gint reported_len, data_offset, reg_num = 0;
735 guint16 data16, modflt_lo, modflt_hi;
736 guint32 data32, modflt_comb;
737 gfloat data_float, modfloat;
738 proto_item *register_item = NULL;
741 reported_len = tvb_reported_length_remaining(tvb, payload_start);
744 if ( payload_start < 0 || ( payload_len + payload_start ) == 0 )
747 /* If calculated length from remaining tvb data != bytes in packet, do not attempt to decode */
748 if ( payload_len != reported_len ) {
749 proto_tree_add_item(tree, hf_modbus_data, tvb, payload_start, reported_len, ENC_NA);
753 /* If data type of payload is Holding or Input registers */
755 /* if payload length is not a multiple of 4, don't attempt to decode anything in 32-bit format */
756 if ((function_code == READ_HOLDING_REGS) || (function_code == READ_INPUT_REGS) || (function_code == WRITE_MULT_REGS)) {
757 if ((payload_len % 4 != 0) && ( (register_format == MBTCP_PREF_REGISTER_FORMAT_UINT32) ||
758 (register_format == MBTCP_PREF_REGISTER_FORMAT_IEEE_FLOAT) ||
759 (register_format == MBTCP_PREF_REGISTER_FORMAT_MODICON_FLOAT) ) ) {
760 register_item = proto_tree_add_item(tree, hf_modbus_data, tvb, payload_start, payload_len, ENC_NA);
761 expert_add_info(pinfo, register_item, &ei_modbus_data_decode);
766 /* Build a new tvb containing just the data payload */
767 next_tvb = tvb_new_subset(tvb, payload_start, payload_len, reported_len);
769 switch ( function_code ) {
771 case READ_HOLDING_REGS:
772 case READ_INPUT_REGS:
773 case WRITE_MULT_REGS:
774 while (data_offset < payload_len) {
775 /* Use "Preferences" options to determine decoding format of register data, as no format is implied by the protocol itself. */
776 /* Based on a standard register size of 16-bits, use decoding format preference to step through each register and display */
777 /* it in an appropriate fashion. */
778 switch (register_format) {
779 case MBTCP_PREF_REGISTER_FORMAT_UINT16: /* Standard-size unsigned integer 16-bit register */
780 data16 = tvb_get_ntohs(next_tvb, data_offset);
781 register_item = proto_tree_add_uint(tree, hf_modbus_reg_uint16, next_tvb, data_offset, 2, data16);
782 proto_item_set_text(register_item, "Register %u (UINT16): %u", reg_num, data16);
787 case MBTCP_PREF_REGISTER_FORMAT_UINT32: /* Double-size unsigned integer 2 x 16-bit registers */
788 data32 = tvb_get_ntohl(next_tvb, data_offset);
789 register_item = proto_tree_add_uint(tree, hf_modbus_reg_uint32, next_tvb, data_offset, 4, data32);
790 proto_item_set_text(register_item, "Register %u (UINT32): %u", reg_num, data32);
795 case MBTCP_PREF_REGISTER_FORMAT_IEEE_FLOAT: /* IEEE Floating Point, 2 x 16-bit registers */
796 data_float = tvb_get_ntohieee_float(next_tvb, data_offset);
797 register_item = proto_tree_add_float(tree, hf_modbus_reg_ieee_float, next_tvb, data_offset, 4, data_float);
798 proto_item_set_text(register_item, "Register %u (IEEE Float): %f", reg_num, data_float);
803 case MBTCP_PREF_REGISTER_FORMAT_MODICON_FLOAT: /* Modicon Floating Point (word-swap), 2 x 16-bit registers */
804 /* Modicon-style Floating Point values are stored in reverse-word order. */
805 /* ie: a standard IEEE float value 59.991459 is equal to 0x426ff741 */
806 /* while the Modicon equivalent to this value is 0xf741426f */
807 /* To re-assemble a proper IEEE float, we must retrieve the 2 x 16-bit words, bit-shift the */
808 /* "hi" component by 16-bits and then OR them together into a combined 32-bit int. */
809 /* Following that operation, use some memcpy magic to copy the 4 raw data bytes from the */
810 /* 32-bit integer into a standard float. Not sure if there is a cleaner way possible using */
811 /* the Wireshark libaries, but this seems to work OK. */
813 modflt_lo = tvb_get_ntohs(next_tvb, data_offset);
814 modflt_hi = tvb_get_ntohs(next_tvb, data_offset+2);
815 modflt_comb = (guint32)(modflt_hi<<16) | modflt_lo;
816 memcpy(&modfloat, &modflt_comb, 4);
818 register_item = proto_tree_add_float(tree, hf_modbus_reg_modicon_float, next_tvb, data_offset, 4, modfloat);
819 proto_item_set_text(register_item, "Register %u (Modicon Float): %f", reg_num, modfloat);
825 /* Avoid any chance of an infinite loop */
826 data_offset = payload_len;
828 } /* register format switch */
835 if ( ! dissector_try_string(modbus_data_dissector_table, "data", next_tvb, pinfo, tree, NULL) )
836 proto_tree_add_item(tree, hf_modbus_data, tvb, payload_start, payload_len, ENC_NA);
841 /* Code to actually dissect the packets */
843 dissect_modbus(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
845 proto_tree *modbus_tree, *group_tree, *event_tree,
846 *event_item_tree, *device_objects_tree,
847 *device_objects_item_tree;
848 proto_item *mi, *mei;
849 int offset = 0, group_offset;
850 gint payload_start, payload_len, event_index,
851 ii, byte_cnt, len, num_objects, object_index,
853 guint32 group_byte_cnt, group_word_cnt;
854 guint8 function_code, exception_code, mei_code, event_code, object_type;
855 guint8 packet_type, register_format; /*register_addr_type*/
856 guint16 diagnostic_code;
857 modbus_request_info_t *request_info;
859 len = tvb_length_remaining(tvb, 0);
861 /* If the packet is zero-length, we should not attempt to dissect any further */
865 function_code = tvb_get_guint8(tvb, offset) & 0x7F;
867 /* Find exception - last bit set in function code */
868 if (tvb_get_guint8(tvb, offset) & 0x80 ) {
869 exception_code = tvb_get_guint8(tvb, offset+1);
875 /* See if we have any context */
876 request_info = (modbus_request_info_t *)p_get_proto_data(wmem_file_scope(), pinfo, proto_modbus, 0 );
877 if (request_info != NULL)
879 packet_type = request_info->packet_type;
880 register_format = request_info->register_format;
881 /*register_addr_type = request_info->register_addr_type;*/
885 /* Default to a response packet to at least attempt to decode a good chunk of data */
886 packet_type = RESPONSE_PACKET;
887 register_format = MBTCP_PREF_REGISTER_FORMAT_UINT16;
888 /* register_addr_type = MBTCP_PREF_REGISTER_ADDR_RAW;*/
891 /* Add items to protocol tree specific to Modbus generic */
892 modbus_tree = proto_tree_add_subtree(tree, tvb, offset, len, ett_modbus_hdr, NULL, "Modbus");
894 mi = proto_tree_add_uint(modbus_tree, hf_mbtcp_functioncode, tvb, offset, 1,
897 payload_start = offset + 1;
898 payload_len = len - 1;
899 if (exception_code != 0) {
900 proto_item_set_text(mi, "Function %u: %s. Exception: %s",
902 val_to_str_const(function_code, function_code_vals, "Unknown Function"),
903 val_to_str(exception_code,
905 "Unknown Exception Code (%u)"));
906 proto_tree_add_uint(modbus_tree, hf_modbus_exceptioncode, tvb, payload_start, 1,
910 switch (function_code) {
913 case READ_DISCRETE_INPUTS:
915 if (packet_type == QUERY_PACKET) {
916 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
917 proto_tree_add_item(modbus_tree, hf_modbus_bitcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
919 else if (packet_type == RESPONSE_PACKET) {
920 byte_cnt = (guint32)tvb_get_guint8(tvb, payload_start);
921 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1, byte_cnt);
922 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 1, byte_cnt, register_format);
926 case READ_HOLDING_REGS:
927 case READ_INPUT_REGS:
928 if (packet_type == QUERY_PACKET) {
929 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
930 proto_tree_add_item(modbus_tree, hf_modbus_wordcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
932 else if (packet_type == RESPONSE_PACKET) {
933 byte_cnt = (guint32)tvb_get_guint8(tvb, payload_start);
934 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1, byte_cnt);
935 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 1, byte_cnt, register_format);
939 case WRITE_SINGLE_COIL:
940 if (packet_type == QUERY_PACKET) {
941 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
942 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 2, 1, register_format);
943 proto_tree_add_item(modbus_tree, hf_modbus_padding, tvb, payload_start + 3, 1, ENC_NA);
945 else if (packet_type == RESPONSE_PACKET) {
946 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
947 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 2, 1, register_format);
948 proto_tree_add_item(modbus_tree, hf_modbus_padding, tvb, payload_start + 3, 1, ENC_NA);
952 case WRITE_SINGLE_REG:
953 if (packet_type == QUERY_PACKET) {
954 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
955 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 2, 2, register_format);
957 else if (packet_type == RESPONSE_PACKET) {
958 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
959 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 2, 2, register_format);
963 case READ_EXCEPT_STAT:
964 if (packet_type == RESPONSE_PACKET)
965 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start, 1, register_format);
969 if ((packet_type == QUERY_PACKET) || (packet_type == RESPONSE_PACKET)) {
970 diagnostic_code = tvb_get_ntohs(tvb, payload_start);
971 proto_tree_add_uint(modbus_tree, hf_modbus_diag_sf, tvb, payload_start, 2, diagnostic_code);
972 switch(diagnostic_code)
974 case RETURN_QUERY_DATA:
975 if (packet_type == QUERY_PACKET) {
977 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_query_data_request, tvb, payload_start+2, payload_len-2, ENC_NA);
979 else if (packet_type == RESPONSE_PACKET) {
981 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_query_data_echo, tvb, payload_start+2, payload_len-2, ENC_NA);
984 case RESTART_COMMUNICATION_OPTION:
985 proto_tree_add_item(modbus_tree, hf_modbus_diag_restart_communication_option, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
987 case RETURN_DIAGNOSTIC_REGISTER:
988 if (packet_type == QUERY_PACKET) {
990 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start+2, payload_len-2, register_format);
992 else if (packet_type == RESPONSE_PACKET) {
993 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_diag_register, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
996 case CHANGE_ASCII_INPUT_DELIMITER:
997 proto_tree_add_item(modbus_tree, hf_modbus_diag_ascii_input_delimiter, tvb, payload_start+2, 1, ENC_BIG_ENDIAN);
999 case RETURN_BUS_MESSAGE_COUNT:
1000 if (packet_type == QUERY_PACKET) {
1001 if (payload_len > 2)
1002 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start+2, payload_len-2, register_format);
1004 else if (packet_type == RESPONSE_PACKET) {
1005 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_bus_message_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1008 case RETURN_BUS_COMM_ERROR_COUNT:
1009 if (packet_type == QUERY_PACKET) {
1010 if (payload_len > 2)
1011 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start+2, payload_len-2, register_format);
1013 else if (packet_type == RESPONSE_PACKET) {
1014 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_bus_comm_error_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1017 case RETURN_BUS_EXCEPTION_ERROR_COUNT:
1018 if (packet_type == QUERY_PACKET) {
1019 if (payload_len > 2)
1020 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start+2, payload_len-2, register_format);
1022 else if (packet_type == RESPONSE_PACKET) {
1023 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_bus_exception_error_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1026 case RETURN_SLAVE_MESSAGE_COUNT:
1027 if (packet_type == QUERY_PACKET) {
1028 if (payload_len > 2)
1029 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start+2, payload_len-2, register_format);
1031 else if (packet_type == RESPONSE_PACKET) {
1032 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_slave_message_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1035 case RETURN_SLAVE_NO_RESPONSE_COUNT:
1036 if (packet_type == QUERY_PACKET) {
1037 if (payload_len > 2)
1038 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start+2, payload_len-2, register_format);
1040 else if (packet_type == RESPONSE_PACKET) {
1041 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_no_slave_response_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1044 case RETURN_SLAVE_NAK_COUNT:
1045 if (packet_type == QUERY_PACKET) {
1046 if (payload_len > 2)
1047 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start+2, payload_len-2, register_format);
1049 else if (packet_type == RESPONSE_PACKET) {
1050 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_slave_nak_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1053 case RETURN_SLAVE_BUSY_COUNT:
1054 if (packet_type == QUERY_PACKET) {
1055 if (payload_len > 2)
1056 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start+2, payload_len-2, register_format);
1058 else if (packet_type == RESPONSE_PACKET) {
1059 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_slave_busy_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1062 case RETURN_BUS_CHAR_OVERRUN_COUNT:
1063 if (packet_type == QUERY_PACKET) {
1064 if (payload_len > 2)
1065 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start+2, payload_len-2, register_format);
1067 else if (packet_type == RESPONSE_PACKET) {
1068 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_bus_char_overrun_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1071 case CLEAR_OVERRUN_COUNTER_AND_FLAG:
1072 case FORCE_LISTEN_ONLY_MODE:
1073 case CLEAR_COUNTERS_AND_DIAG_REG:
1075 if (payload_len > 2)
1076 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start+2, payload_len-2, register_format);
1082 case GET_COMM_EVENT_CTRS:
1083 if (packet_type == RESPONSE_PACKET) {
1084 proto_tree_add_item(modbus_tree, hf_modbus_status, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1085 proto_tree_add_item(modbus_tree, hf_modbus_event_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1089 case GET_COMM_EVENT_LOG:
1090 if (packet_type == RESPONSE_PACKET) {
1091 byte_cnt = (guint32)tvb_get_guint8(tvb, payload_start);
1092 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1, byte_cnt);
1093 proto_tree_add_item(modbus_tree, hf_modbus_status, tvb, payload_start+1, 2, ENC_BIG_ENDIAN);
1094 proto_tree_add_item(modbus_tree, hf_modbus_event_count, tvb, payload_start+3, 2, ENC_BIG_ENDIAN);
1095 proto_tree_add_item(modbus_tree, hf_modbus_message_count, tvb, payload_start+5, 2, ENC_BIG_ENDIAN);
1096 if (byte_cnt-6 > 0) {
1099 event_tree = proto_tree_add_subtree(modbus_tree, tvb, payload_start+7, byte_cnt, ett_events, NULL, "Events");
1100 while (byte_cnt > 0) {
1101 event_code = tvb_get_guint8(tvb, payload_start+7+event_index);
1102 if (event_code == 0) {
1103 proto_tree_add_uint_format(event_tree, hf_modbus_event, tvb, payload_start+7+event_index, 1, event_code, "Initiated Communication Restart");
1105 else if (event_code == 4) {
1106 proto_tree_add_uint_format(event_tree, hf_modbus_event, tvb, payload_start+7+event_index, 1, event_code, "Entered Listen Only Mode");
1108 else if (event_code & REMOTE_DEVICE_RECV_EVENT_MASK) {
1109 mei = proto_tree_add_uint_format(event_tree, hf_modbus_event, tvb, payload_start+7+event_index, 1,
1110 event_code, "Receive Event: 0x%02X", event_code);
1111 event_item_tree = proto_item_add_subtree(mei, ett_events_recv);
1113 /* add subtrees to describe each event bit */
1114 proto_tree_add_item(event_item_tree, hf_modbus_event_recv_comm_err,
1115 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1116 proto_tree_add_item(event_item_tree, hf_modbus_event_recv_char_over,
1117 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1118 proto_tree_add_item(event_item_tree, hf_modbus_event_recv_lo_mode,
1119 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1120 proto_tree_add_item(event_item_tree, hf_modbus_event_recv_broadcast,
1121 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1123 else if ((event_code & REMOTE_DEVICE_SEND_EVENT_MASK) == REMOTE_DEVICE_SEND_EVENT_VALUE) {
1124 mei = proto_tree_add_uint_format(event_tree, hf_modbus_event, tvb, payload_start+7+event_index, 1,
1125 event_code, "Send Event: 0x%02X", event_code);
1126 event_item_tree = proto_item_add_subtree(mei, ett_events_send);
1128 /* add subtrees to describe each event bit */
1129 proto_tree_add_item(event_item_tree, hf_modbus_event_send_read_ex,
1130 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1131 proto_tree_add_item(event_item_tree, hf_modbus_event_send_slave_abort_ex,
1132 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1133 proto_tree_add_item(event_item_tree, hf_modbus_event_send_slave_busy_ex,
1134 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1135 proto_tree_add_item(event_item_tree, hf_modbus_event_send_slave_nak_ex,
1136 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1137 proto_tree_add_item(event_item_tree, hf_modbus_event_send_write_timeout,
1138 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1139 proto_tree_add_item(event_item_tree, hf_modbus_event_send_lo_mode,
1140 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1143 proto_tree_add_uint_format(event_tree, hf_modbus_event, tvb, payload_start+7+event_index, 1, event_code, "Unknown Event");
1153 case WRITE_MULT_COILS:
1154 if (packet_type == QUERY_PACKET) {
1155 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1156 proto_tree_add_item(modbus_tree, hf_modbus_bitcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1157 byte_cnt = (guint32)tvb_get_guint8(tvb, payload_start + 4);
1158 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start + 4, 1,
1160 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 5, byte_cnt, register_format);
1162 else if (packet_type == RESPONSE_PACKET) {
1163 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1164 proto_tree_add_item(modbus_tree, hf_modbus_bitcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1168 case WRITE_MULT_REGS:
1169 if (packet_type == QUERY_PACKET) {
1170 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1171 proto_tree_add_item(modbus_tree, hf_modbus_wordcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1172 byte_cnt = (guint32)tvb_get_guint8(tvb, payload_start + 4);
1173 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start + 4, 1,
1175 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 5, byte_cnt, register_format);
1177 else if (packet_type == RESPONSE_PACKET) {
1178 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1179 proto_tree_add_item(modbus_tree, hf_modbus_wordcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1183 case READ_FILE_RECORD:
1184 if (packet_type == QUERY_PACKET) {
1185 byte_cnt = (guint32)tvb_get_guint8(tvb, payload_start);
1186 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1,
1189 /* add subtrees to describe each group of packet */
1190 group_offset = payload_start + 1;
1191 for (ii = 0; ii < byte_cnt / 7; ii++) {
1192 group_tree = proto_tree_add_subtree_format( modbus_tree, tvb, group_offset, 7,
1193 ett_group_hdr, NULL, "Group %u", ii);
1194 proto_tree_add_item(group_tree, hf_modbus_reftype, tvb, group_offset, 1, ENC_BIG_ENDIAN);
1195 proto_tree_add_item(group_tree, hf_modbus_lreference, tvb, group_offset + 1, 4, ENC_BIG_ENDIAN);
1196 proto_tree_add_item(group_tree, hf_modbus_wordcnt, tvb, group_offset + 5, 2, ENC_BIG_ENDIAN);
1200 else if (packet_type == RESPONSE_PACKET) {
1201 byte_cnt = (guint32)tvb_get_guint8(tvb, payload_start);
1202 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1,
1205 /* add subtrees to describe each group of packet */
1206 group_offset = payload_start + 1;
1208 while (byte_cnt > 0) {
1209 group_byte_cnt = (guint32)tvb_get_guint8(tvb, group_offset);
1210 group_tree = proto_tree_add_subtree_format( modbus_tree, tvb, group_offset, group_byte_cnt + 1,
1211 ett_group_hdr, NULL, "Group %u", ii);
1212 proto_tree_add_uint(group_tree, hf_modbus_bytecnt, tvb, group_offset, 1,
1214 proto_tree_add_item(group_tree, hf_modbus_reftype, tvb, group_offset + 1, 1, ENC_BIG_ENDIAN);
1215 dissect_modbus_data(tvb, pinfo, group_tree, function_code, group_offset + 2, group_byte_cnt - 1, register_format);
1216 group_offset += (group_byte_cnt + 1);
1217 byte_cnt -= (group_byte_cnt + 1);
1223 case WRITE_FILE_RECORD:
1224 if ((packet_type == QUERY_PACKET) || (packet_type == RESPONSE_PACKET)) {
1225 byte_cnt = (guint32)tvb_get_guint8(tvb, payload_start);
1226 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1,
1229 /* add subtrees to describe each group of packet */
1230 group_offset = payload_start + 1;
1232 while (byte_cnt > 0) {
1233 group_word_cnt = tvb_get_ntohs(tvb, group_offset + 5);
1234 group_byte_cnt = (2 * group_word_cnt) + 7;
1235 group_tree = proto_tree_add_subtree_format( modbus_tree, tvb, group_offset,
1236 group_byte_cnt, ett_group_hdr, NULL, "Group %u", ii);
1237 proto_tree_add_item(group_tree, hf_modbus_reftype, tvb, group_offset, 1, ENC_BIG_ENDIAN);
1238 proto_tree_add_item(group_tree, hf_modbus_lreference, tvb, group_offset + 1, 4, ENC_BIG_ENDIAN);
1239 proto_tree_add_uint(group_tree, hf_modbus_wordcnt, tvb, group_offset + 5, 2,
1241 dissect_modbus_data(tvb, pinfo, group_tree, function_code, group_offset + 7, group_byte_cnt - 7, register_format);
1242 group_offset += group_byte_cnt;
1243 byte_cnt -= group_byte_cnt;
1249 case MASK_WRITE_REG:
1250 if ((packet_type == QUERY_PACKET) || (packet_type == RESPONSE_PACKET)) {
1251 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1252 proto_tree_add_item(modbus_tree, hf_modbus_andmask, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1253 proto_tree_add_item(modbus_tree, hf_modbus_ormask, tvb, payload_start + 4, 2, ENC_BIG_ENDIAN);
1257 case READ_WRITE_REG:
1258 if (packet_type == QUERY_PACKET) {
1259 proto_tree_add_item(modbus_tree, hf_modbus_readref, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1260 proto_tree_add_item(modbus_tree, hf_modbus_readwordcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1261 proto_tree_add_item(modbus_tree, hf_modbus_writeref, tvb, payload_start + 4, 2, ENC_BIG_ENDIAN);
1262 proto_tree_add_item(modbus_tree, hf_modbus_writewordcnt, tvb, payload_start + 6, 2, ENC_BIG_ENDIAN);
1263 byte_cnt = (guint32)tvb_get_guint8(tvb, payload_start + 8);
1264 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start + 8, 1,
1266 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 9, byte_cnt, register_format);
1268 else if (packet_type == RESPONSE_PACKET) {
1269 byte_cnt = (guint32)tvb_get_guint8(tvb, payload_start);
1270 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1,
1272 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 1, byte_cnt, register_format);
1276 case READ_FIFO_QUEUE:
1277 if (packet_type == QUERY_PACKET)
1278 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1279 else if (packet_type == RESPONSE_PACKET) {
1280 byte_cnt = (guint32)tvb_get_ntohs(tvb, payload_start);
1281 proto_tree_add_uint(modbus_tree, hf_modbus_lbytecnt, tvb, payload_start, 2,
1283 proto_tree_add_item(modbus_tree, hf_modbus_wordcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1284 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 4, byte_cnt - 2, register_format);
1288 case ENCAP_INTERFACE_TRANSP:
1289 if (packet_type == QUERY_PACKET) {
1290 proto_tree_add_item(modbus_tree, hf_modbus_mei, tvb, payload_start, 1, ENC_BIG_ENDIAN);
1291 mei_code = tvb_get_guint8(tvb, payload_start);
1294 case READ_DEVICE_ID:
1295 proto_tree_add_item(modbus_tree, hf_modbus_read_device_id, tvb, payload_start+1, 1, ENC_BIG_ENDIAN);
1296 proto_tree_add_item(modbus_tree, hf_modbus_object_id, tvb, payload_start+2, 1, ENC_BIG_ENDIAN);
1299 case CANOPEN_REQ_RESP:
1300 /* CANopen protocol not part of the Modbus/TCP specification */
1302 if (payload_len > 1)
1303 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start, payload_len-1, register_format);
1307 else if (packet_type == RESPONSE_PACKET) {
1308 proto_tree_add_item(modbus_tree, hf_modbus_mei, tvb, payload_start, 1, ENC_BIG_ENDIAN);
1309 mei_code = tvb_get_guint8(tvb, payload_start);
1312 case READ_DEVICE_ID:
1313 proto_tree_add_item(modbus_tree, hf_modbus_read_device_id, tvb, payload_start+1, 1, ENC_BIG_ENDIAN);
1314 proto_tree_add_item(modbus_tree, hf_modbus_conformity_level, tvb, payload_start+2, 1, ENC_BIG_ENDIAN);
1315 proto_tree_add_item(modbus_tree, hf_modbus_more_follows, tvb, payload_start+3, 1, ENC_BIG_ENDIAN);
1316 proto_tree_add_item(modbus_tree, hf_modbus_next_object_id, tvb, payload_start+4, 1, ENC_BIG_ENDIAN);
1317 num_objects = tvb_get_guint8(tvb, payload_start+5);
1318 proto_tree_add_uint(modbus_tree, hf_modbus_num_objects, tvb, payload_start+5, 1, num_objects);
1319 device_objects_tree = proto_tree_add_subtree(modbus_tree, tvb, payload_start+6, payload_len-6,
1320 ett_device_id_objects, NULL, "Objects");
1323 for (ii = 0; ii < num_objects; ii++)
1325 /* add each "object item" as its own subtree */
1327 /* compute length of object */
1328 object_type = tvb_get_guint8(tvb, payload_start+6+object_index);
1329 object_len = tvb_get_guint8(tvb, payload_start+6+object_index+1);
1331 device_objects_item_tree = proto_tree_add_subtree_format(device_objects_tree, tvb, payload_start+6+object_index, 2+object_len,
1332 ett_device_id_object_items, NULL, "Object #%d", ii+1);
1334 proto_tree_add_item(device_objects_item_tree, hf_modbus_object_id, tvb, payload_start+6+object_index, 1, ENC_BIG_ENDIAN);
1337 proto_tree_add_uint(device_objects_item_tree, hf_modbus_list_object_len, tvb, payload_start+6+object_index, 1, object_len);
1340 if (object_type < 7)
1342 proto_tree_add_item(device_objects_item_tree, hf_modbus_object_str_value, tvb, payload_start+6+object_index, object_len, ENC_ASCII|ENC_NA);
1347 proto_tree_add_item(device_objects_item_tree, hf_modbus_object_value, tvb, payload_start+6+object_index, object_len, ENC_NA);
1349 object_index += object_len;
1353 case CANOPEN_REQ_RESP:
1354 /* CANopen protocol not part of the Modbus/TCP specification */
1356 if (payload_len > 1)
1357 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start, payload_len-1, register_format);
1363 case REPORT_SLAVE_ID:
1365 if (payload_len > 0)
1366 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start, payload_len, register_format);
1371 return tvb_length(tvb);
1375 /* Register the protocol with Wireshark */
1378 proto_register_modbus(void)
1380 /* Modbus/TCP header fields */
1381 static hf_register_info mbtcp_hf[] = {
1382 { &hf_mbtcp_transid,
1383 { "Transaction Identifier", "mbtcp.trans_id",
1384 FT_UINT16, BASE_DEC, NULL, 0x0,
1388 { "Protocol Identifier", "mbtcp.prot_id",
1389 FT_UINT16, BASE_DEC, NULL, 0x0,
1393 { "Length", "mbtcp.len",
1394 FT_UINT16, BASE_DEC, NULL, 0x0,
1398 { "Unit Identifier", "mbtcp.unit_id",
1399 FT_UINT8, BASE_DEC, NULL, 0x0,
1404 static hf_register_info mbrtu_hf[] = {
1406 { "Unit ID", "mbrtu.unit_id",
1407 FT_UINT8, BASE_DEC, NULL, 0x0,
1411 { "CRC-16", "mbrtu.crc16",
1412 FT_UINT16, BASE_HEX, NULL, 0x0,
1417 static ei_register_info mbrtu_ei[] = {
1418 { &ei_mbrtu_crc16_incorrect,
1419 { "mbrtu.crc16.incorrect", PI_CHECKSUM, PI_WARN,
1420 "Incorrect CRC", EXPFILL }
1424 static hf_register_info hf[] = {
1425 /* Modbus header fields */
1426 { &hf_mbtcp_functioncode,
1427 { "Function Code", "modbus.func_code",
1428 FT_UINT8, BASE_DEC, VALS(function_code_vals), 0x0,
1431 { &hf_modbus_reference,
1432 { "Reference Number", "modbus.reference_num",
1433 FT_UINT16, BASE_DEC, NULL, 0x0,
1436 { &hf_modbus_padding,
1437 { "Padding", "modbus.padding",
1438 FT_UINT8, BASE_HEX, NULL, 0x0,
1441 { &hf_modbus_lreference,
1442 { "Reference Number (32 bit)", "modbus.reference_num_32",
1443 FT_UINT32, BASE_DEC, NULL, 0x0,
1446 { &hf_modbus_reftype,
1447 { "Reference Type", "modbus.reference_type",
1448 FT_UINT8, BASE_DEC, NULL, 0x0,
1451 { &hf_modbus_readref,
1452 { "Read Reference Number", "modbus.read_reference_num",
1453 FT_UINT16, BASE_DEC, NULL, 0x0,
1456 { &hf_modbus_writeref,
1457 { "Write Reference Number", "modbus.write_reference_num",
1458 FT_UINT16, BASE_DEC, NULL, 0x0,
1461 { &hf_modbus_wordcnt,
1462 { "Word Count", "modbus.word_cnt",
1463 FT_UINT16, BASE_DEC, NULL, 0x0,
1466 { &hf_modbus_readwordcnt,
1467 { "Read Word Count", "modbus.read_word_cnt",
1468 FT_UINT16, BASE_DEC, NULL, 0x0,
1471 { &hf_modbus_writewordcnt,
1472 { "Write Word Count", "modbus.write_word_cnt",
1473 FT_UINT16, BASE_DEC, NULL, 0x0,
1476 { &hf_modbus_bitcnt,
1477 { "Bit Count", "modbus.bit_cnt",
1478 FT_UINT16, BASE_DEC, NULL, 0x0,
1481 { &hf_modbus_bytecnt,
1482 { "Byte Count", "modbus.byte_cnt",
1483 FT_UINT8, BASE_DEC, NULL, 0x0,
1486 { &hf_modbus_lbytecnt,
1487 { "Byte Count (16-bit)", "modbus.byte_cnt_16",
1488 FT_UINT8, BASE_DEC, NULL, 0x0,
1491 { &hf_modbus_exceptioncode,
1492 { "Exception Code", "modbus.exception_code",
1493 FT_UINT8, BASE_DEC, VALS(exception_code_vals), 0x0,
1496 { &hf_modbus_diag_sf,
1497 { "Diagnostic Code", "modbus.diagnostic_code",
1498 FT_UINT16, BASE_DEC, VALS(diagnostic_code_vals), 0x0,
1501 { &hf_modbus_diag_return_query_data_request,
1502 { "Request Data", "modbus.diagnostic.return_query_data.request",
1503 FT_BYTES, BASE_NONE, NULL, 0x0,
1506 { &hf_modbus_diag_return_query_data_echo,
1507 { "Echo Data", "modbus.diagnostic.return_query_data.echo",
1508 FT_BYTES, BASE_NONE, NULL, 0x0,
1511 { &hf_modbus_diag_restart_communication_option,
1512 { "Restart Communication Option", "modbus.diagnostic.restart_communication_option",
1513 FT_UINT16, BASE_HEX, VALS(diagnostic_restart_communication_option_vals), 0x0,
1516 { &hf_modbus_diag_return_diag_register,
1517 { "Diagnostic Register Contents", "modbus.diagnostic.return_diag_register",
1518 FT_UINT16, BASE_HEX, NULL, 0x0,
1521 { &hf_modbus_diag_ascii_input_delimiter,
1522 { "CHAR", "modbus.diagnostic.ascii_input_delimiter",
1523 FT_UINT8, BASE_HEX, NULL, 0x0,
1526 { &hf_modbus_diag_return_bus_message_count,
1527 { "Total Message Count", "modbus.diagnostic.bus_message_count",
1528 FT_UINT16, BASE_DEC, NULL, 0x0,
1531 { &hf_modbus_diag_return_bus_comm_error_count,
1532 { "CRC Error Count", "modbus.diagnostic.bus_comm_error_count",
1533 FT_UINT16, BASE_DEC, NULL, 0x0,
1536 { &hf_modbus_diag_return_bus_exception_error_count,
1537 { "Exception Error Count", "modbus.diagnostic.bus_exception_error_count",
1538 FT_UINT16, BASE_DEC, NULL, 0x0,
1541 { &hf_modbus_diag_return_slave_message_count,
1542 { "Slave Message Count", "modbus.diagnostic.slave_message_count",
1543 FT_UINT16, BASE_DEC, NULL, 0x0,
1546 { &hf_modbus_diag_return_no_slave_response_count,
1547 { "Slave No Response Count", "modbus.diagnostic.no_slave_response_count",
1548 FT_UINT16, BASE_DEC, NULL, 0x0,
1551 { &hf_modbus_diag_return_slave_nak_count,
1552 { "Slave NAK Count", "modbus.diagnostic.slave_nak_count",
1553 FT_UINT16, BASE_DEC, NULL, 0x0,
1556 { &hf_modbus_diag_return_slave_busy_count,
1557 { "Slave Device Busy Count", "modbus.diagnostic.slave_busy_count",
1558 FT_UINT16, BASE_DEC, NULL, 0x0,
1561 { &hf_modbus_diag_return_bus_char_overrun_count,
1562 { "Slave Character Overrun Count", "modbus.diagnostic.bus_char_overrun_count",
1563 FT_UINT16, BASE_DEC, NULL, 0x0,
1566 { &hf_modbus_status,
1567 { "Status", "modbus.ev_status",
1568 FT_UINT16, BASE_HEX, NULL, 0x0,
1572 { "Event", "modbus.event",
1573 FT_UINT8, BASE_DEC, NULL, 0x0,
1576 { &hf_modbus_event_count,
1577 { "Event Count", "modbus.ev_count",
1578 FT_UINT16, BASE_DEC, NULL, 0x0,
1581 { &hf_modbus_message_count,
1582 { "Message Count", "modbus.ev_msg_count",
1583 FT_UINT16, BASE_DEC, NULL, 0x0,
1586 { &hf_modbus_event_recv_comm_err,
1587 { "Communication Error", "modbus.ev_recv_comm_err",
1588 FT_UINT8, BASE_DEC, NULL, 0x02,
1591 { &hf_modbus_event_recv_char_over,
1592 { "Character Overrun", "modbus.ev_recv_char_over",
1593 FT_UINT8, BASE_DEC, NULL, 0x10,
1596 { &hf_modbus_event_recv_lo_mode,
1597 { "Currently in Listen Only Mode", "modbus.ev_recv_lo_mode",
1598 FT_UINT8, BASE_DEC, NULL, 0x20,
1601 { &hf_modbus_event_recv_broadcast,
1602 { "Broadcast Received", "modbus.ev_recv_broadcast",
1603 FT_UINT8, BASE_DEC, NULL, 0x40,
1606 { &hf_modbus_event_send_read_ex,
1607 { "Read Exception Sent", "modbus.ev_send_read_ex",
1608 FT_UINT8, BASE_DEC, NULL, 0x01,
1611 { &hf_modbus_event_send_slave_abort_ex,
1612 { "Slave Abort Exception Sent", "modbus.ev_send_slave_abort_ex",
1613 FT_UINT8, BASE_DEC, NULL, 0x02,
1616 { &hf_modbus_event_send_slave_busy_ex,
1617 { "Slave Busy Exception Sent", "modbus.ev_send_slave_busy_ex",
1618 FT_UINT8, BASE_DEC, NULL, 0x04,
1621 { &hf_modbus_event_send_slave_nak_ex,
1622 { "Slave Program NAK Exception Sent", "modbus.ev_send_slave_nak_ex",
1623 FT_UINT8, BASE_DEC, NULL, 0x08,
1626 { &hf_modbus_event_send_write_timeout,
1627 { "Write Timeout Error Occurred", "modbus.ev_send_write_timeout",
1628 FT_UINT8, BASE_DEC, NULL, 0x10,
1631 { &hf_modbus_event_send_lo_mode,
1632 { "Currently in Listen Only Mode", "modbus.ev_send_lo_mode",
1633 FT_UINT8, BASE_DEC, NULL, 0x20,
1636 { &hf_modbus_andmask,
1637 { "AND mask", "modbus.and_mask",
1638 FT_UINT16, BASE_HEX, NULL, 0x0,
1641 { &hf_modbus_ormask,
1642 { "OR mask", "modbus.or_mask",
1643 FT_UINT16, BASE_HEX, NULL, 0x0,
1647 { "Data", "modbus.data",
1648 FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }
1651 { "MEI type", "modbus.mei",
1652 FT_UINT8, BASE_DEC, VALS(encap_interface_code_vals), 0x0,
1655 { &hf_modbus_read_device_id,
1656 { "Read Device ID", "modbus.read_device_id",
1657 FT_UINT8, BASE_DEC, VALS(read_device_id_vals), 0x0,
1660 { &hf_modbus_object_id,
1661 { "Object ID", "modbus.object_id",
1662 FT_UINT8, BASE_DEC, VALS(object_id_vals), 0x0,
1665 { &hf_modbus_num_objects,
1666 { "Number of Objects", "modbus.num_objects",
1667 FT_UINT8, BASE_DEC, NULL, 0x0,
1670 { &hf_modbus_list_object_len,
1671 { "Object length", "modbus.objects_len",
1672 FT_UINT8, BASE_DEC, NULL, 0x0,
1675 { &hf_modbus_conformity_level,
1676 { "Conformity Level", "modbus.conformity_level",
1677 FT_UINT8, BASE_HEX, VALS(conformity_level_vals), 0x0,
1680 { &hf_modbus_more_follows,
1681 { "More Follows", "modbus.more_follows",
1682 FT_UINT8, BASE_HEX, NULL, 0x0,
1685 { &hf_modbus_next_object_id,
1686 { "Next Object ID", "modbus.next_object_id",
1687 FT_UINT8, BASE_DEC, NULL, 0x0,
1690 { &hf_modbus_object_str_value,
1691 { "Object String Value", "modbus.object_str_value",
1692 FT_STRING, BASE_NONE, NULL, 0x0,
1695 { &hf_modbus_object_value,
1696 { "Object Value", "modbus.object_value",
1697 FT_BYTES, BASE_NONE, NULL, 0x0,
1700 { &hf_modbus_reg_uint16,
1701 { "Register (UINT16)", "modbus.register.uint16",
1702 FT_UINT16, BASE_DEC, NULL, 0x0,
1705 { &hf_modbus_reg_uint32,
1706 { "Register (UINT32)", "modbus.register.uint32",
1707 FT_UINT32, BASE_DEC, NULL, 0x0,
1710 { &hf_modbus_reg_ieee_float,
1711 { "Register (IEEE Float)", "modbus.register.ieee_float",
1712 FT_FLOAT, BASE_NONE, NULL, 0x0,
1715 { &hf_modbus_reg_modicon_float,
1716 { "Register (Modicon Float)", "modbus.register.modicon_float",
1717 FT_FLOAT, BASE_NONE, NULL, 0x0,
1722 /* Setup protocol subtree array */
1723 static gint *ett[] = {
1731 &ett_device_id_objects,
1732 &ett_device_id_object_items
1735 static ei_register_info ei[] = {
1736 { &ei_modbus_data_decode,
1737 { "modbus.data.decode", PI_PROTOCOL, PI_WARN,
1738 "Invalid decoding options, register data not a multiple of 4!", EXPFILL }
1741 module_t *mbtcp_module;
1742 module_t *mbrtu_module;
1743 expert_module_t* expert_mbrtu;
1744 expert_module_t* expert_modbus;
1746 /* Register the protocol name and description */
1747 proto_mbtcp = proto_register_protocol("Modbus/TCP", "Modbus/TCP", "mbtcp");
1748 proto_mbrtu = proto_register_protocol("Modbus RTU", "Modbus RTU", "mbrtu");
1749 proto_modbus = proto_register_protocol("Modbus", "Modbus", "modbus");
1751 /* Registering protocol to be called by another dissector */
1752 modbus_handle = new_register_dissector("modbus", dissect_modbus, proto_modbus);
1753 mbtcp_handle = new_register_dissector("mbtcp", dissect_mbtcp, proto_mbtcp);
1754 mbrtu_handle = new_register_dissector("mbrtu", dissect_mbrtu, proto_mbrtu);
1756 /* Registering subdissectors table */
1757 modbus_data_dissector_table = register_dissector_table("modbus.data", "Modbus Data", FT_STRING, BASE_NONE);
1758 modbus_dissector_table = register_dissector_table("mbtcp.prot_id", "Modbus/TCP protocol identifier", FT_UINT16, BASE_DEC);
1760 /* Required function calls to register the header fields and subtrees used */
1761 proto_register_field_array(proto_mbtcp, mbtcp_hf, array_length(mbtcp_hf));
1762 proto_register_field_array(proto_mbrtu, mbrtu_hf, array_length(mbrtu_hf));
1763 proto_register_field_array(proto_modbus, hf, array_length(hf));
1764 proto_register_subtree_array(ett, array_length(ett));
1765 expert_mbrtu = expert_register_protocol(proto_mbrtu);
1766 expert_register_field_array(expert_mbrtu, mbrtu_ei, array_length(mbrtu_ei));
1767 expert_modbus = expert_register_protocol(proto_modbus);
1768 expert_register_field_array(expert_modbus, ei, array_length(ei));
1771 /* Register required preferences for Modbus Protocol register decoding */
1772 mbtcp_module = prefs_register_protocol(proto_mbtcp, proto_reg_handoff_mbtcp);
1773 mbrtu_module = prefs_register_protocol(proto_mbrtu, proto_reg_handoff_mbrtu);
1775 /* Modbus RTU Preference - Desegment, defaults to TRUE for TCP desegmentation */
1776 prefs_register_bool_preference(mbtcp_module, "desegment",
1777 "Desegment all Modbus RTU packets spanning multiple TCP segments",
1778 "Whether the Modbus RTU dissector should desegment all messages spanning multiple TCP segments",
1781 /* Modbus/TCP Preference - Default TCP Port, allows for "user" port either than 502. */
1782 prefs_register_uint_preference(mbtcp_module, "tcp.port", "Modbus/TCP Port",
1783 "Set the TCP port for Modbus/TCP packets (if other"
1784 " than the default of 502)",
1785 10, &global_mbus_tcp_port);
1787 /* Modbus/TCP Preference - Holding/Input Register format, this allows for deeper dissection of response data */
1788 prefs_register_enum_preference(mbtcp_module, "mbus_register_format",
1789 "Holding/Input Register Format",
1791 &global_mbus_tcp_register_format,
1792 mbus_register_format,
1795 /* Modbus/TCP Preference - Register addressing format, this allows for a configurable display option to determine addressing used */
1796 prefs_register_enum_preference(mbtcp_module, "mbus_register_addr_type",
1797 "Register Addressing Type",
1798 "Register Addressing Type (Raw, Modicon 5 or 6). This option has no effect on the underlying protocol, but changes the register address display format",
1799 &global_mbus_tcp_register_addr_type,
1800 mbus_register_addr_type,
1803 /* Modbus RTU Preference - Desegment, defaults to TRUE for TCP desegmentation */
1804 prefs_register_bool_preference(mbrtu_module, "desegment",
1805 "Desegment all Modbus RTU packets spanning multiple TCP segments",
1806 "Whether the Modbus RTU dissector should desegment all messages spanning multiple TCP segments",
1809 /* Modbus RTU Preference - CRC verification, defaults to FALSE (not do verification)*/
1810 prefs_register_bool_preference(mbrtu_module, "crc_verification",
1812 "Whether to validate the CRC",
1815 /* Modbus RTU Preference - Default TCP Port, defaults to zero, allows custom user port. */
1816 prefs_register_uint_preference(mbrtu_module, "tcp.port", "Modbus RTU Port",
1817 "Set the TCP port for encapsulated Modbus RTU packets",
1818 10, &global_mbus_rtu_port);
1820 /* Modbus RTU Preference - Holding/Input Register format, this allows for deeper dissection of response data */
1821 prefs_register_enum_preference(mbrtu_module, "mbus_register_format",
1822 "Holding/Input Register Format",
1824 &global_mbus_rtu_register_format,
1825 mbus_register_format,
1828 /* Modbus RTU Preference - Register addressing format, this allows for a configurable display option to determine addressing used */
1829 prefs_register_enum_preference(mbrtu_module, "mbus_register_addr_type",
1830 "Register Addressing Type",
1831 "Register Addressing Type (Raw, Modicon 5 or 6). This option has no effect on the underlying protocol, but changes the register address display format",
1832 &global_mbus_rtu_register_addr_type,
1833 mbus_register_addr_type,
1839 /* If this dissector uses sub-dissector registration add a registration routine.
1840 This format is required because a script is used to find these routines and
1841 create the code that calls these routines.
1844 proto_reg_handoff_mbtcp(void)
1846 static unsigned int mbtcp_port;
1848 /* Make sure to use Modbus/TCP Preferences field to determine default TCP port */
1850 if(mbtcp_port != 0 && mbtcp_port != global_mbus_tcp_port){
1851 dissector_delete_uint("tcp.port", mbtcp_port, mbtcp_handle);
1854 if(global_mbus_tcp_port != 0 && mbtcp_port != global_mbus_tcp_port) {
1855 dissector_add_uint("tcp.port", global_mbus_tcp_port, mbtcp_handle);
1858 mbtcp_port = global_mbus_tcp_port;
1860 dissector_add_uint("mbtcp.prot_id", MODBUS_PROTOCOL_ID, modbus_handle);
1865 proto_reg_handoff_mbrtu(void)
1867 static unsigned int mbrtu_port = 0;
1869 /* Make sure to use Modbus RTU Preferences field to determine default TCP port */
1871 if(mbrtu_port != 0 && mbrtu_port != global_mbus_rtu_port){
1872 dissector_delete_uint("tcp.port", mbrtu_port, mbrtu_handle);
1875 if(global_mbus_rtu_port != 0 && mbrtu_port != global_mbus_rtu_port) {
1876 dissector_add_uint("tcp.port", global_mbus_rtu_port, mbrtu_handle);
1879 mbrtu_port = global_mbus_rtu_port;
1881 dissector_add_uint("mbtcp.prot_id", MODBUS_PROTOCOL_ID, modbus_handle);
1882 dissector_add_uint("rtacser.data", RTACSER_PAYLOAD_MODBUS, modbus_handle);
1892 * indent-tabs-mode: nil
1895 * ex: set shiftwidth=4 tabstop=8 expandtab:
1896 * :indentSize=4:tabSize=8:noTabs=true:
git.samba.org / metze / wireshark / wip.git / blob