search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
epan/dissectors/pidl/samr/samr.cnf cnf_dissect_lsa_BinaryString => lsarpc_dissect_str...
[wireshark-sm.git] / epan / dissectors / packet-mbtcp.c
blob0bed1c2099e5409fc38b6915a3959555d2d1c004
1 /* packet-mbtcp.c
2 * Routines for Modbus/TCP and Modbus/UDP dissection
3 * By Riaan Swart <rswart@cs.sun.ac.za>
4 * Copyright 2001, Institute for Applied Computer Science
5 * University of Stellenbosch
6 *
7 * See http://www.modbus.org/ for information on Modbus/TCP.
8 *
9 * Updated to v1.1b of the Modbus Application Protocol specification
10 * Michael Mann * Copyright 2011
11 *
12 *****************************************************************************************************
13 * A brief explanation of the distinction between Modbus/TCP and Modbus RTU over TCP:
14 *
15 * Consider a Modbus poll message: Unit 01, Scan Holding Register Address 0 for 30 Registers
16 *
17 * The Modbus/TCP message structure will follow the pattern below:
18 * 00 00 00 00 00 06 01 03 00 00 00 1E
19 * AA AA BB BB CC CC DD EE FF FF GG GG
20 *
21 * A = 16-bit Transaction Identifier (typically increments, or is locked at zero)
22 * B = 16-bit Protocol Identifier (typically zero)
23 * C = 16-bit Length of data payload following (and inclusive of) the length byte
24 * D = 8-bit Unit / Slave ID
25 * E = 8-bit Modbus Function Code
26 * F = 16-bit Reference Number / Register Base Address
27 * G = 16-bit Word Count / Number of Registers to scan
28 *
29 * A identical Modbus RTU (or Modbus RTU over TCP) message will overlay partially with the msg above
30 * and contain 16-bit CRC at the end:
31 * 00 00 00 00 00 06 01 03 00 00 00 1E -- -- (Modbus/TCP message, repeated from above)
32 * -- -- -- -- -- -- 01 03 00 00 00 1E C5 C2 (Modbus RTU over TCP message, includes 16-bit CRC footer)
33 * AA AA BB BB CC CC DD EE FF FF GG GG HH HH
34 *
35 * A = Not present in Modbus RTU message
36 * B = Not present in Modbus RTU message
37 * C = Not present in Modbus RTU message
38 * D = 8-bit Unit / Slave ID
39 * E = 8-bit Modbus Function Code
40 * F = 16-bit Reference Number / Register Base Address
41 * G = 16-bit Word Count / Number of Registers to scan
42 * H = 16-bit CRC
43 *
44 *****************************************************************************************************
45 * Wireshark - Network traffic analyzer
46 * By Gerald Combs <gerald@wireshark.org>
47 * Copyright 1998 Gerald Combs
48 *
49 * SPDX-License-Identifier: GPL-2.0-or-later
50 */
51
52 #include "config.h"
53
54 #include <epan/packet.h>
55 #include "packet-tcp.h"
56 #include "packet-mbtcp.h"
57 #include <epan/prefs.h>
58 #include <epan/expert.h>
59 #include <epan/crc16-tvb.h> /* For CRC verification */
60 #include <epan/proto_data.h>
61 #include <epan/tfs.h>
62 #include <wsutil/array.h>
63 #include "packet-tls.h"
64
65 void proto_register_modbus(void);
66 void proto_reg_handoff_mbtcp(void);
67 void proto_reg_handoff_mbrtu(void);
68
69 /* Initialize the protocol and registered fields */
70 static int proto_mbtcp;
71 static int proto_mbudp;
72 static int proto_mbrtu;
73 static int proto_modbus;
74 static int hf_mbtcp_transid;
75 static int hf_mbtcp_protid;
76 static int hf_mbtcp_len;
77 static int hf_mbtcp_unitid;
78 static int hf_modbus_request_frame;
79 static int hf_modbus_response_time;
80 static int hf_modbus_functioncode;
81 static int hf_modbus_reference;
82 static int hf_modbus_padding;
83 static int hf_modbus_lreference;
84 static int hf_modbus_reftype;
85 static int hf_modbus_readref;
86 static int hf_modbus_writeref;
87 static int hf_modbus_wordcnt;
88 static int hf_modbus_readwordcnt;
89 static int hf_modbus_writewordcnt;
90 static int hf_modbus_bytecnt;
91 static int hf_modbus_lbytecnt;
92 static int hf_modbus_bitcnt;
93 static int hf_modbus_exceptioncode;
94 static int hf_modbus_diag_sf;
95 static int hf_modbus_diag_return_query_data_request;
96 static int hf_modbus_diag_return_query_data_echo;
97 static int hf_modbus_diag_restart_communication_option;
98 static int hf_modbus_diag_return_diag_register;
99 static int hf_modbus_diag_ascii_input_delimiter;
100 static int hf_modbus_diag_clear_ctr_diag_reg;
101 static int hf_modbus_diag_return_bus_message_count;
102 static int hf_modbus_diag_return_bus_comm_error_count;
103 static int hf_modbus_diag_return_bus_exception_error_count;
104 static int hf_modbus_diag_return_slave_message_count;
105 static int hf_modbus_diag_return_no_slave_response_count;
106 static int hf_modbus_diag_return_slave_nak_count;
107 static int hf_modbus_diag_return_slave_busy_count;
108 static int hf_modbus_diag_return_bus_char_overrun_count;
109 static int hf_modbus_status;
110 static int hf_modbus_event;
111 static int hf_modbus_event_count;
112 static int hf_modbus_message_count;
113 static int hf_modbus_event_recv_comm_err;
114 static int hf_modbus_event_recv_char_over;
115 static int hf_modbus_event_recv_lo_mode;
116 static int hf_modbus_event_recv_broadcast;
117 static int hf_modbus_event_send_read_ex;
118 static int hf_modbus_event_send_slave_abort_ex;
119 static int hf_modbus_event_send_slave_busy_ex;
120 static int hf_modbus_event_send_slave_nak_ex;
121 static int hf_modbus_event_send_write_timeout;
122 static int hf_modbus_event_send_lo_mode;
123 static int hf_modbus_andmask;
124 static int hf_modbus_ormask;
125 static int hf_modbus_data;
126 static int hf_modbus_mei;
127 static int hf_modbus_read_device_id;
128 static int hf_modbus_object_id;
129 static int hf_modbus_num_objects;
130 static int hf_modbus_list_object_len;
131 static int hf_modbus_conformity_level;
132 static int hf_modbus_more_follows;
133 static int hf_modbus_next_object_id;
134 static int hf_modbus_object_str_value;
135 static int hf_modbus_object_value;
136 static int hf_modbus_bitnum;
137 static int hf_modbus_bitval;
138 static int hf_modbus_regnum16;
139 static int hf_modbus_regnum32;
140 static int hf_modbus_regval_uint16;
141 static int hf_modbus_regval_int16;
142 static int hf_modbus_regval_uint32;
143 static int hf_modbus_regval_int32;
144 static int hf_modbus_regval_ieee_float;
145 static int hf_modbus_regval_modicon_float;
146 static int hf_mbrtu_unitid;
147 static int hf_mbrtu_crc16;
148 static int hf_mbrtu_crc16_status;
149
150 /* Initialize the subtree pointers */
151 static int ett_mbtcp;
152 static int ett_mbrtu;
153 static int ett_modbus_hdr;
154 static int ett_group_hdr;
155 static int ett_events;
156 static int ett_events_recv;
157 static int ett_events_send;
158 static int ett_device_id_objects;
159 static int ett_device_id_object_items;
160 static int ett_bit;
161 static int ett_register;
162
163 static expert_field ei_mbrtu_crc16_incorrect;
164 static expert_field ei_modbus_data_decode;
165 static expert_field ei_mbtcp_cannot_classify;
166
167 static dissector_handle_t modbus_handle;
168 static dissector_handle_t mbtcp_handle;
169 static dissector_handle_t mbtls_handle;
170 static dissector_handle_t mbudp_handle;
171 static dissector_handle_t mbrtu_handle;
172
173 static dissector_table_t modbus_data_dissector_table;
174 static dissector_table_t modbus_dissector_table;
175
176
177 /* Globals for Modbus/TCP Preferences */
178 static bool mbtcp_desegment = true;
179 static range_t *global_mbus_tcp_ports; /* Port 502, by default */
180 static range_t *global_mbus_udp_ports; /* Port 502, by default */
181 static range_t *global_mbus_tls_ports; /* Port 802, by default */
182
183 /* Globals for Modbus RTU over TCP Preferences */
184 static bool mbrtu_desegment = true;
185 static range_t *global_mbus_tcp_rtu_ports = PORT_MBRTU; /* 0, by default */
186 static range_t *global_mbus_udp_rtu_ports = PORT_MBRTU; /* 0, by default */
187 static bool mbrtu_crc;
188
189 /* Globals for Modbus Preferences */
190 static int global_mbus_register_format = MODBUS_PREF_REGISTER_FORMAT_UINT16;
191
192 typedef struct {
193 uint8_t function_code;
194 int register_format;
195 uint16_t reg_base;
196 uint16_t num_reg;
197 uint32_t req_frame_num;
198 nstime_t req_time;
199 bool request_found;
200 } modbus_pkt_info_t;
201
202 static int
203 classify_mbtcp_packet(packet_info *pinfo, range_t *ports)
204 {
205 /* see if nature of packets can be derived from src/dst ports */
206 /* if so, return as found */
207 /* */
208 /* XXX Update Oct 2012 - It can be difficult to determine if a packet is a query or response; some way to track */
209 /* the Modbus/TCP transaction ID for each pair of messages would allow for detection based on a new seq. number. */
210 /* Otherwise, we can stick with this method; a configurable port option has been added to allow for usage of */
211 /* user ports either than the default of 502. */
212 if ( (value_is_in_range(ports, pinfo->srcport)) && (!value_is_in_range(ports, pinfo->destport)) )
213 return RESPONSE_PACKET;
214 if ( (!value_is_in_range(ports, pinfo->srcport)) && (value_is_in_range(ports, pinfo->destport)) )
215 return QUERY_PACKET;
216
217 /* else, cannot classify */
218 return CANNOT_CLASSIFY;
219 }
220
221 static int
222 classify_mbrtu_packet(packet_info *pinfo, tvbuff_t *tvb, range_t *ports)
223 {
224 uint8_t func, len;
225
226 func = tvb_get_uint8(tvb, 1);
227 len = tvb_reported_length(tvb);
228
229 /* see if nature of packets can be derived from src/dst ports */
230 /* if so, return as found */
231 if ( (value_is_in_range(ports, pinfo->srcport)) && (!value_is_in_range(ports, pinfo->destport)) )
232 return RESPONSE_PACKET;
233 if ( (!value_is_in_range(ports, pinfo->srcport)) && (value_is_in_range(ports, pinfo->destport)) )
234 return QUERY_PACKET;
235
236 /* We may not have an Ethernet header or unique ports. */
237 /* Dig into these a little deeper to try to guess the message type */
238
239 /* The 'exception' bit is set, so this is a response */
240 if (func & 0x80) {
241 return RESPONSE_PACKET;
242 }
243 switch (func) {
244 case READ_COILS:
245 case READ_DISCRETE_INPUTS:
246 /* Only possible to get a response message of 8 bytes with Discrete or Coils */
247 if (len == 8) {
248 /* If this is, in fact, a response then the data byte count will be 3 */
249 /* This will correctly identify all messages except for those that are discrete or coil polls */
250 /* where the base address range happens to have 0x03 in the upper 16-bit address register */
251 if (tvb_get_uint8(tvb, 2) == 3) {
252 return RESPONSE_PACKET;
253 }
254 else {
255 return QUERY_PACKET;
256 }
257 }
258 else {
259 return RESPONSE_PACKET;
260 }
261 break;
262
263 case READ_HOLDING_REGS:
264 case READ_INPUT_REGS:
265 if (len == 8) {
266 return QUERY_PACKET;
267 }
268 else {
269 return RESPONSE_PACKET;
270 }
271 break;
272
273 case WRITE_SINGLE_COIL:
274 case WRITE_SINGLE_REG:
275 /* Normal response is echo of the request */
276 return CANNOT_CLASSIFY;
277
278 case WRITE_MULT_REGS:
279 case WRITE_MULT_COILS:
280 if (len == 8) {
281 return RESPONSE_PACKET;
282 }
283 else {
284 return QUERY_PACKET;
285 }
286 break;
287 }
288
289
290 /* else, cannot classify */
291 return CANNOT_CLASSIFY;
292 }
293
294 /* Translate function to string, as given on p6 of
295 * "Open Modbus/TCP Specification", release 1 by Andy Swales.
296 */
297 static const value_string function_code_vals[] = {
298 { READ_COILS, "Read Coils" },
299 { READ_DISCRETE_INPUTS, "Read Discrete Inputs" },
300 { READ_HOLDING_REGS, "Read Holding Registers" },
301 { READ_INPUT_REGS, "Read Input Registers" },
302 { WRITE_SINGLE_COIL, "Write Single Coil" },
303 { WRITE_SINGLE_REG, "Write Single Register" },
304 { READ_EXCEPT_STAT, "Read Exception Status" },
305 { DIAGNOSTICS, "Diagnostics" },
306 { GET_COMM_EVENT_CTRS, "Get Comm. Event Counters" },
307 { GET_COMM_EVENT_LOG, "Get Comm. Event Log" },
308 { WRITE_MULT_COILS, "Write Multiple Coils" },
309 { WRITE_MULT_REGS, "Write Multiple Registers" },
310 { REPORT_SLAVE_ID, "Report Slave ID" },
311 { READ_FILE_RECORD, "Read File Record" },
312 { WRITE_FILE_RECORD, "Write File Record" },
313 { MASK_WRITE_REG, "Mask Write Register" },
314 { READ_WRITE_REG, "Read Write Register" },
315 { READ_FIFO_QUEUE, "Read FIFO Queue" },
316 { ENCAP_INTERFACE_TRANSP, "Encapsulated Interface Transport" },
317 { UNITY_SCHNEIDER, "Unity (Schneider)" },
318 { 0, NULL }
319 };
320
321 /* Translate exception code to string */
322 static const value_string exception_code_vals[] = {
323 { ILLEGAL_FUNCTION, "Illegal function" },
324 { ILLEGAL_ADDRESS, "Illegal data address" },
325 { ILLEGAL_VALUE, "Illegal data value" },
326 { SLAVE_FAILURE, "Slave device failure" },
327 { ACKNOWLEDGE, "Acknowledge" },
328 { SLAVE_BUSY, "Slave device busy" },
329 { MEMORY_ERR, "Memory parity error" },
330 { GATEWAY_UNAVAILABLE, "Gateway path unavailable" },
331 { GATEWAY_TRGT_FAIL, "Gateway target device failed to respond" },
332 { 0, NULL }
333 };
334
335 /* Translate Modbus Encapsulation Interface (MEI) code to string */
336 static const value_string encap_interface_code_vals[] = {
337 { CANOPEN_REQ_RESP, "CANopen Request/Response " },
338 { READ_DEVICE_ID, "Read Device Identification" },
339 { 0, NULL }
340 };
341
342 /* Translate Modbus Diagnostic subfunction code to string */
343 static const value_string diagnostic_code_vals[] = {
344 { RETURN_QUERY_DATA, "Return Query Data" },
345 { RESTART_COMMUNICATION_OPTION, "Restart Communications Option" },
346 { RETURN_DIAGNOSTIC_REGISTER, "Return Diagnostic Register" },
347 { CHANGE_ASCII_INPUT_DELIMITER, "Change ASCII Input Delimiter" },
348 { FORCE_LISTEN_ONLY_MODE, "Force Listen Only Mode" },
349 { CLEAR_COUNTERS_AND_DIAG_REG, "Clear Counters and Diagnostic Register" },
350 { RETURN_BUS_MESSAGE_COUNT, "Return Bus Message Count" },
351 { RETURN_BUS_COMM_ERROR_COUNT, "Return Bus Communication Error Count" },
352 { RETURN_BUS_EXCEPTION_ERROR_COUNT, "Return Bus Exception Error Count" },
353 { RETURN_SLAVE_MESSAGE_COUNT, "Return Slave Message Count" },
354 { RETURN_SLAVE_NO_RESPONSE_COUNT, "Return Slave No Response Count" },
355 { RETURN_SLAVE_NAK_COUNT, "Return Slave NAK Count" },
356 { RETURN_SLAVE_BUSY_COUNT, "Return Slave Busy Count" },
357 { RETURN_BUS_CHAR_OVERRUN_COUNT, "Return Bus Character Overrun Count" },
358 { CLEAR_OVERRUN_COUNTER_AND_FLAG, "Clear Overrun Counter and Flag" },
359 { 0, NULL }
360 };
361
362 static const value_string diagnostic_restart_communication_option_vals[] = {
363 { 0, "Leave Log" },
364 { 0xFF, "Clear Log" },
365 { 0, NULL }
366 };
367
368 /* Translate read device code to string */
369 static const value_string read_device_id_vals[] = {
370 { 1, "Basic Device Identification" },
371 { 2, "Regular Device Identification" },
372 { 3, "Extended Device Identification" },
373 { 4, "Specific Identification Object" },
374
375 { 0, NULL }
376 };
377
378 /* Translate read device code to string */
379 static const value_string object_id_vals[] = {
380 { 0, "VendorName" },
381 { 1, "ProductCode" },
382 { 2, "MajorMinorRevision" },
383 { 3, "VendorURL" },
384 { 4, "ProductName" },
385 { 5, "ModelName" },
386 { 6, "UserApplicationName" },
387
388 { 0, NULL }
389 };
390
391 static const value_string conformity_level_vals[] = {
392 { 0x01, "Basic Device Identification (stream)" },
393 { 0x02, "Regular Device Identification (stream)" },
394 { 0x03, "Extended Device Identification (stream)" },
395 { 0x81, "Basic Device Identification (stream and individual)" },
396 { 0x82, "Regular Device Identification (stream and individual)" },
397 { 0x83, "Extended Device Identification (stream and individual)" },
398
399 { 0, NULL }
400 };
401
402 static const enum_val_t mbus_register_format[] = {
403 { "UINT16", "UINT16 ", MODBUS_PREF_REGISTER_FORMAT_UINT16 },
404 { "INT16", "INT16 ", MODBUS_PREF_REGISTER_FORMAT_INT16 },
405 { "UINT32", "UINT32 ", MODBUS_PREF_REGISTER_FORMAT_UINT32 },
406 { "INT32", "INT32 ", MODBUS_PREF_REGISTER_FORMAT_INT32 },
407 { "IEEE_FLT", "IEEE FLT ", MODBUS_PREF_REGISTER_FORMAT_IEEE_FLOAT },
408 { "MODICON_FLT", "MODICON FLT", MODBUS_PREF_REGISTER_FORMAT_MODICON_FLOAT },
409 { NULL, NULL, 0 }
410 };
411
412 /* Code to dissect Modbus/TCP packets */
413 static int
414 dissect_mbtcp_pdu_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int proto, range_t *ports)
415 {
416 /* Set up structures needed to add the protocol subtree and manage it */
417 proto_item *mi;
418 proto_tree *mbtcp_tree;
419 int offset;
420 tvbuff_t *next_tvb;
421 const char *func_string;
422 const char *pkt_type_str = "";
423 const char *err_str = "";
424 uint16_t transaction_id, protocol_id, len;
425 uint8_t unit_id, function_code, exception_code, subfunction_code;
426 modbus_data_t modbus_data;
427
428 transaction_id = tvb_get_ntohs(tvb, 0);
429 protocol_id = tvb_get_ntohs(tvb, 2);
430 len = tvb_get_ntohs(tvb, 4);
431
432 unit_id = tvb_get_uint8(tvb, 6);
433 function_code = tvb_get_uint8(tvb, 7) & 0x7F;
434
435 offset = 0;
436
437 /* "Request" or "Response" */
438 modbus_data.packet_type = classify_mbtcp_packet(pinfo, ports);
439 /* Save the transaction and unit id to find the request to a response */
440 modbus_data.mbtcp_transid = transaction_id;
441 modbus_data.unit_id = unit_id;
442
443 switch ( modbus_data.packet_type ) {
444 case QUERY_PACKET :
445 pkt_type_str="Query";
446 break;
447 case RESPONSE_PACKET :
448 pkt_type_str="Response";
449 break;
450 case CANNOT_CLASSIFY :
451 err_str="Unable to classify as query or response.";
452 pkt_type_str="unknown";
453 break;
454 default :
455 break;
456 }
457
458 /* Find exception - last bit set in function code */
459 if (tvb_get_uint8(tvb, 7) & 0x80) {
460 exception_code = tvb_get_uint8(tvb, offset + 8);
461 }
462 else {
463 exception_code = 0;
464 }
465
466 if ((function_code == ENCAP_INTERFACE_TRANSP) && (exception_code == 0)) {
467 func_string = val_to_str_const(tvb_get_uint8(tvb, offset + 8), encap_interface_code_vals, "Encapsulated Interface Transport");
468 subfunction_code = 1;
469 }
470 else if ((function_code == DIAGNOSTICS) && (exception_code == 0)) {
471 func_string = val_to_str_const(tvb_get_ntohs(tvb, offset + 8), diagnostic_code_vals, "Diagnostics");
472 subfunction_code = 1;
473 }
474 else {
475 func_string = val_to_str(function_code, function_code_vals, "Unknown function (%d)");
476 subfunction_code = 0;
477 }
478
479 if ( exception_code != 0 )
480 err_str="Exception returned ";
481
482 /* Make entries in Info column on summary display */
483 if (subfunction_code == 0) {
484 if (strlen(err_str) > 0) {
485 col_add_fstr(pinfo->cinfo, COL_INFO,
486 "%8s: Trans: %5u; Unit: %3u, Func: %3u: %s. %s",
487 pkt_type_str, transaction_id, unit_id,
488 function_code, func_string, err_str);
489 }
490 else {
491 col_add_fstr(pinfo->cinfo, COL_INFO,
492 "%8s: Trans: %5u; Unit: %3u, Func: %3u: %s",
493 pkt_type_str, transaction_id, unit_id,
494 function_code, func_string);
495 }
496 }
497 else {
498 if (strlen(err_str) > 0) {
499 col_add_fstr(pinfo->cinfo, COL_INFO,
500 "%8s: Trans: %5u; Unit: %3u, Func: %3u/%3u: %s. %s",
501 pkt_type_str, transaction_id, unit_id,
502 function_code, subfunction_code, func_string, err_str);
503 }
504 else {
505 col_add_fstr(pinfo->cinfo, COL_INFO,
506 "%8s: Trans: %5u; Unit: %3u, Func: %3u/%3u: %s",
507 pkt_type_str, transaction_id, unit_id,
508 function_code, subfunction_code, func_string);
509 }
510 }
511
512 /* Create protocol tree */
513 mi = proto_tree_add_item(tree, proto, tvb, offset, len+6, ENC_NA);
514 mbtcp_tree = proto_item_add_subtree(mi, ett_mbtcp);
515
516 if (modbus_data.packet_type == CANNOT_CLASSIFY)
517 expert_add_info(pinfo, mi, &ei_mbtcp_cannot_classify);
518
519 /* Add items to protocol tree specific to Modbus/TCP */
520 proto_tree_add_uint(mbtcp_tree, hf_mbtcp_transid, tvb, offset, 2, transaction_id);
521 proto_tree_add_uint(mbtcp_tree, hf_mbtcp_protid, tvb, offset + 2, 2, protocol_id);
522 proto_tree_add_uint(mbtcp_tree, hf_mbtcp_len, tvb, offset + 4, 2, len);
523 proto_tree_add_uint(mbtcp_tree, hf_mbtcp_unitid, tvb, offset + 6, 1, unit_id);
524
525 /* dissect the Modbus PDU */
526 next_tvb = tvb_new_subset_length( tvb, offset+7, len-1);
527
528 /* Continue with dissection of Modbus data payload following Modbus/TCP frame */
529 if( tvb_reported_length_remaining(tvb, offset) > 0 )
530 call_dissector_with_data(modbus_handle, next_tvb, pinfo, tree, &modbus_data);
531
532 return tvb_captured_length(tvb);
533 }
534
535 static int
536 dissect_mbtcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
537 {
538 /* Make entries in Protocol column on summary display */
539 col_set_str(pinfo->cinfo, COL_PROTOCOL, "Modbus/TCP");
540 col_clear(pinfo->cinfo, COL_INFO);
541
542 return dissect_mbtcp_pdu_common(tvb, pinfo, tree, proto_mbtcp, global_mbus_tcp_ports);
543 }
544
545 static int
546 dissect_mbtls_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
547 {
548 /* Make entries in Protocol column on summary display */
549 col_set_str(pinfo->cinfo, COL_PROTOCOL, "Modbus/TCP Security");
550 col_clear(pinfo->cinfo, COL_INFO);
551
552 return dissect_mbtcp_pdu_common(tvb, pinfo, tree, proto_mbtcp, global_mbus_tls_ports);
553 }
554
555 /* Code to dissect Modbus RTU */
556 static int
557 dissect_mbrtu_pdu_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, range_t *ports)
558 {
559 /* Set up structures needed to add the protocol subtree and manage it */
560 proto_item *mi;
561 proto_tree *mbrtu_tree;
562 int offset;
563 tvbuff_t *next_tvb;
564 const char *func_string;
565 const char *pkt_type_str = "";
566 const char *err_str = "";
567 uint16_t len, calc_crc16;
568 uint8_t unit_id, function_code, exception_code, subfunction_code;
569 modbus_data_t modbus_data;
570
571 /* Make entries in Protocol column on summary display */
572 col_set_str(pinfo->cinfo, COL_PROTOCOL, "Modbus RTU");
573 col_clear(pinfo->cinfo, COL_INFO);
574
575 len = tvb_reported_length(tvb);
576
577 unit_id = tvb_get_uint8(tvb, 0);
578 function_code = tvb_get_uint8(tvb, 1) & 0x7F;
579
580 offset = 0;
581
582 /* "Request" or "Response" */
583 modbus_data.packet_type = classify_mbrtu_packet(pinfo, tvb, ports);
584 /* Transaction ID is available only in Modbus TCP */
585 modbus_data.mbtcp_transid = 0;
586 modbus_data.unit_id = unit_id;
587
588 switch ( modbus_data.packet_type ) {
589 case QUERY_PACKET :
590 pkt_type_str="Query";
591 break;
592 case RESPONSE_PACKET :
593 pkt_type_str="Response";
594 break;
595 case CANNOT_CLASSIFY :
596 err_str="Unable to classify as query or response.";
597 pkt_type_str="unknown";
598 break;
599 default :
600 break;
601 }
602
603 /* Find exception - last bit set in function code */
604 if (tvb_get_uint8(tvb, 1) & 0x80) {
605 exception_code = tvb_get_uint8(tvb, offset + 2);
606 }
607 else {
608 exception_code = 0;
609 }
610
611 if ((function_code == ENCAP_INTERFACE_TRANSP) && (exception_code == 0)) {
612 func_string = val_to_str_const(tvb_get_uint8(tvb, offset + 2), encap_interface_code_vals, "Encapsulated Interface Transport");
613 subfunction_code = 1;
614 }
615 else if ((function_code == DIAGNOSTICS) && (exception_code == 0)) {
616 func_string = val_to_str_const(tvb_get_ntohs(tvb, offset + 2), diagnostic_code_vals, "Diagnostics");
617 subfunction_code = 1;
618 }
619 else {
620 func_string = val_to_str(function_code, function_code_vals, "Unknown function (%d)");
621 subfunction_code = 0;
622 }
623
624 if ( exception_code != 0 )
625 err_str="Exception returned ";
626
627 /* Make entries in Info column on summary display */
628 if (subfunction_code == 0) {
629 if (strlen(err_str) > 0) {
630 col_add_fstr(pinfo->cinfo, COL_INFO,
631 "%8s: Unit: %3u, Func: %3u: %s. %s",
632 pkt_type_str, unit_id,
633 function_code, func_string, err_str);
634 }
635 else {
636 col_add_fstr(pinfo->cinfo, COL_INFO,
637 "%8s: Unit: %3u, Func: %3u: %s",
638 pkt_type_str, unit_id,
639 function_code, func_string);
640 }
641 }
642 else {
643 if (strlen(err_str) > 0) {
644 col_add_fstr(pinfo->cinfo, COL_INFO,
645 "%8s: Unit: %3u, Func: %3u/%3u: %s. %s",
646 pkt_type_str, unit_id,
647 function_code, subfunction_code, func_string, err_str);
648 }
649 else {
650 col_add_fstr(pinfo->cinfo, COL_INFO,
651 "%8s: Unit: %3u, Func: %3u/%3u: %s",
652 pkt_type_str, unit_id,
653 function_code, subfunction_code, func_string);
654 }
655 }
656
657 /* Create protocol tree */
658 mi = proto_tree_add_protocol_format(tree, proto_mbrtu, tvb, offset,
659 len, "Modbus RTU");
660 mbrtu_tree = proto_item_add_subtree(mi, ett_mbrtu);
661
662 /* Add items to protocol tree specific to Modbus RTU */
663 proto_tree_add_uint(mbrtu_tree, hf_mbrtu_unitid, tvb, offset, 1, unit_id);
664
665 /* CRC validation */
666 if (mbrtu_crc)
667 {
668 calc_crc16 = crc16_plain_tvb_offset_seed(tvb, offset, len-2, 0xFFFF);
669 proto_tree_add_checksum(mbrtu_tree, tvb, len-2, hf_mbrtu_crc16, hf_mbrtu_crc16_status, &ei_mbrtu_crc16_incorrect, pinfo, g_htons(calc_crc16), ENC_BIG_ENDIAN, PROTO_CHECKSUM_VERIFY);
670 }
671 else
672 {
673 proto_tree_add_checksum(mbrtu_tree, tvb, len-2, hf_mbrtu_crc16, hf_mbrtu_crc16_status, &ei_mbrtu_crc16_incorrect, pinfo, 0, ENC_BIG_ENDIAN, PROTO_CHECKSUM_NO_FLAGS);
674 }
675
676 /* when determining payload length, make sure to ignore the unit ID header & CRC-16 footer bytes */
677 len = len - 3;
678
679 /* dissect the Modbus PDU */
680 next_tvb = tvb_new_subset_length( tvb, offset+1, len);
681
682 /* Continue with dissection of Modbus data payload following Modbus RTU frame */
683 if( tvb_reported_length_remaining(tvb, offset) > 0 )
684 call_dissector_with_data(modbus_handle, next_tvb, pinfo, tree, &modbus_data);
685
686 return tvb_captured_length(tvb);
687 }
688
689 /* Code to dissect Modbus RTU over TCP packets */
690 static int
691 dissect_mbrtu_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
692 {
693 return dissect_mbrtu_pdu_common(tvb, pinfo, tree, global_mbus_tcp_rtu_ports);
694 }
695
696 /* Return length of Modbus/TCP message */
697 static unsigned
698 get_mbtcp_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, void *data _U_)
699 {
700 uint16_t plen;
701
702 /*
703 * Get the length of the data from the encapsulation header.
704 */
705 plen = tvb_get_ntohs(tvb, offset + 4);
706
707 /*
708 * That length doesn't include the encapsulation header itself;
709 * add that in.
710 */
711 return plen + 6;
712 }
713
714 /* Return length of Modbus RTU over TCP message */
715 static unsigned
716 get_mbrtu_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb,
717 int offset _U_, void *data _U_)
718 {
719 int packet_type;
720 uint8_t function_code;
721
722 function_code = tvb_get_uint8(tvb, 1);
723
724 /* Modbus RTU requests do not contain a length field but they are typically a consistent size.
725 Responses do contain a usable 'length' byte at offset 2
726 XXX - Note that only some function codes are supported by this lookup function;
727 the rest can be added as pcap examples are made available */
728
729 /* Determine "Query" or "Response" */
730 packet_type = classify_mbrtu_packet(pinfo, tvb, global_mbus_tcp_rtu_ports);
731
732 switch ( packet_type ) {
733 case QUERY_PACKET :
734 switch (function_code) {
735 case READ_COILS: /* Query messages of these types are always 8 bytes */
736 case READ_DISCRETE_INPUTS:
737 case READ_HOLDING_REGS:
738 case READ_INPUT_REGS:
739 case WRITE_SINGLE_COIL:
740 case WRITE_SINGLE_REG:
741 return 8;
742 case WRITE_MULT_REGS:
743 case WRITE_MULT_COILS:
744 return tvb_get_uint8(tvb, 6) + 9; /* Reported size does not include 2 header, 4 FC15/16-specific, 1 size byte or 2 CRC16 bytes */
745 default :
746 return tvb_captured_length(tvb); /* Fall back on tvb length */
747 }
748 case RESPONSE_PACKET :
749 /* The 'exception' bit is set, so this is a 5-byte response */
750 if (function_code & 0x80) {
751 return 5;
752 }
753
754 switch (function_code) {
755 case READ_COILS:
756 case READ_DISCRETE_INPUTS:
757 case READ_HOLDING_REGS:
758 case READ_INPUT_REGS:
759 return tvb_get_uint8(tvb, 2) + 5; /* Reported size does not include 2 header, 1 size byte, 2 CRC16 bytes */
760 case WRITE_SINGLE_COIL: /* Response messages of FC5/6/15/16 are always 8 bytes */
761 case WRITE_SINGLE_REG:
762 case WRITE_MULT_REGS:
763 case WRITE_MULT_COILS:
764 return 8;
765 default :
766 return tvb_captured_length(tvb); /* Fall back on tvb length */
767 }
768 case CANNOT_CLASSIFY :
769 default :
770 return tvb_captured_length(tvb); /* Fall back on tvb length */
771 }
772
773 }
774
775
776 /* Code to dissect Modbus/TCP messages */
777 static int
778 dissect_mbtcp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data, dissector_t dissect_pdu)
779 {
780
781 /* Make sure there's at least enough data to determine it's a Modbus TCP packet */
782 if (!tvb_bytes_exist(tvb, 0, 8))
783 return 0;
784
785 /* check that it actually looks like Modbus/TCP */
786 /* protocol id == 0 */
787 if(tvb_get_ntohs(tvb, 2) != 0 ){
788 return 0;
789 }
790 /* length is at least 2 (unit_id + function_code) */
791 if(tvb_get_ntohs(tvb, 4) < 2 ){
792 return 0;
793 }
794
795 /* build up protocol tree and iterate over multiple packets */
796 tcp_dissect_pdus(tvb, pinfo, tree, mbtcp_desegment, 6,
797 get_mbtcp_pdu_len, dissect_pdu, data);
798
799 return tvb_captured_length(tvb);
800 }
801
802 static int
803 dissect_mbtcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
804 {
805 return dissect_mbtcp_common(tvb, pinfo, tree, data, dissect_mbtcp_pdu);
806 }
807
808 static int
809 dissect_mbtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
810 {
811 return dissect_mbtcp_common(tvb, pinfo, tree, data, dissect_mbtls_pdu);
812 }
813
814 static int
815 dissect_mbudp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
816 {
817
818 /* Make sure there's at least enough data to determine it's a Modbus UDP packet */
819 if (!tvb_bytes_exist(tvb, 0, 8))
820 return 0;
821
822 /* check that it actually looks like Modbus/TCP */
823 /* protocol id == 0 */
824 if(tvb_get_ntohs(tvb, 2) != 0 ){
825 return 0;
826 }
827 /* length is at least 2 (unit_id + function_code) */
828 if(tvb_get_ntohs(tvb, 4) < 2 ){
829 return 0;
830 }
831
832 /* Make entries in Protocol column on summary display */
833 col_set_str(pinfo->cinfo, COL_PROTOCOL, "Modbus/UDP");
834 col_clear(pinfo->cinfo, COL_INFO);
835
836 return dissect_mbtcp_pdu_common(tvb, pinfo, tree, proto_mbudp, global_mbus_udp_ports);
837 }
838
839 /* Code to dissect Modbus RTU over TCP messages */
840 static int
841 dissect_mbrtu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
842 {
843
844 /* Make sure there's at least enough data to determine it's a Modbus packet */
845 /* 5 bytes is the smallest possible valid message (exception response) */
846 if (!tvb_bytes_exist(tvb, 0, 5))
847 return 0;
848
849 /* For Modbus RTU mode, confirm that the first byte is a valid address (non-zero), */
850 /* so we can eliminate false-positives on Modbus TCP messages loaded as RTU */
851 if(tvb_get_uint8(tvb, 0) == 0 )
852 return 0;
853
854 /* build up protocol tree and iterate over multiple packets */
855 tcp_dissect_pdus(tvb, pinfo, tree, mbrtu_desegment, 5,
856 get_mbrtu_pdu_len, dissect_mbrtu_pdu, data);
857
858 return tvb_captured_length(tvb);
859 }
860
861 static int
862 dissect_mbrtu_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
863 {
864
865 /* Make sure there's at least enough data to determine it's a Modbus packet */
866 /* 5 bytes is the smallest possible valid message (exception response) */
867 if (tvb_reported_length(tvb) < 5)
868 return 0;
869
870 return dissect_mbrtu_pdu_common(tvb, pinfo, tree, global_mbus_udp_rtu_ports);
871 }
872
873
874 /* Code to allow further dissection of Modbus data payload */
875 /* Common to both Modbus/TCP and Modbus RTU dissectors */
876 static void
877 dissect_modbus_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, uint8_t function_code,
878 int payload_start, int payload_len, int register_format, uint16_t reg_base, uint16_t num_reg)
879 {
880 int reported_len, data_offset;
881 uint8_t data8, ii;
882 bool data_bool;
883 int16_t data16s;
884 int32_t data32s;
885 uint16_t data16, modflt_lo, modflt_hi, reg_num=reg_base;
886 uint32_t data32, modflt_comb;
887 float data_float, modfloat;
888 proto_tree *bit_tree = NULL;
889 proto_item *bitnum_ti = NULL;
890 proto_item *regnum_ti = NULL;
891 proto_item *register_item = NULL;
892 proto_tree *register_tree = NULL;
893 tvbuff_t *next_tvb;
894
895 reported_len = tvb_reported_length_remaining(tvb, payload_start);
896 data_offset = 0;
897
898 if ( payload_start < 0 || ( payload_len + payload_start ) == 0 )
899 return;
900
901 /* If calculated length from remaining tvb data != bytes in packet, do not attempt to decode */
902 if ( payload_len != reported_len ) {
903 proto_tree_add_item(tree, hf_modbus_data, tvb, payload_start, reported_len, ENC_NA);
904 return;
905 }
906
907 /* If data type of payload is Holding or Input registers */
908 /* AND */
909 /* if payload length is not a multiple of 4, don't attempt to decode anything in 32-bit format */
910 if ((function_code == READ_HOLDING_REGS) || (function_code == READ_INPUT_REGS) || (function_code == WRITE_MULT_REGS)) {
911 if ((payload_len % 4 != 0) && ( (register_format == MODBUS_PREF_REGISTER_FORMAT_UINT32) ||
912 (register_format == MODBUS_PREF_REGISTER_FORMAT_IEEE_FLOAT) ||
913 (register_format == MODBUS_PREF_REGISTER_FORMAT_MODICON_FLOAT) ) ) {
914 register_item = proto_tree_add_item(tree, hf_modbus_data, tvb, payload_start, payload_len, ENC_NA);
915 expert_add_info(pinfo, register_item, &ei_modbus_data_decode);
916 return;
917 }
918 }
919
920 /* Build a new tvb containing just the data payload */
921 next_tvb = tvb_new_subset_length_caplen(tvb, payload_start, payload_len, reported_len);
922
923 switch ( function_code ) {
924 case READ_COILS:
925 case READ_DISCRETE_INPUTS:
926 case WRITE_MULT_COILS:
927 /* The bit data is packed, 8 bits per byte of data, loop over each bit */
928 while (data_offset < payload_len) {
929 data8 = tvb_get_uint8(next_tvb, data_offset);
930 for (ii = 0; ii < 8; ii++) {
931 data_bool = (data8 & (1 << ii)) > 0;
932 bit_tree = proto_tree_add_subtree_format(tree, next_tvb, data_offset, 1,
933 ett_bit, NULL, "Bit %u : %u", reg_num, data_bool);
934 bitnum_ti = proto_tree_add_uint(bit_tree, hf_modbus_bitnum, next_tvb, 0, 0, reg_num);
935 proto_item_set_generated(bitnum_ti);
936 proto_tree_add_boolean_bits_format_value(bit_tree, hf_modbus_bitval, next_tvb, 7 - ii, 1, data8, ENC_NA, "%s", tfs_get_true_false(data_bool));
937 reg_num++;
938
939 /* If all the requested bits have been read, stop now */
940 if ((reg_num - reg_base) >= num_reg) {
941 break;
942 }
943 }
944 data_offset++;
945 }
946 break;
947
948 case READ_HOLDING_REGS:
949 case READ_INPUT_REGS:
950 case WRITE_SINGLE_REG:
951 case WRITE_MULT_REGS:
952 while (data_offset < payload_len) {
953 /* Use "Preferences" options to determine decoding format of register data, as no format is implied by the protocol itself. */
954 /* Based on a standard register size of 16-bits, use decoding format preference to step through each register and display */
955 /* it in an appropriate fashion. */
956 switch (register_format) {
957 case MODBUS_PREF_REGISTER_FORMAT_UINT16: /* Standard-size unsigned integer 16-bit register */
958 data16 = tvb_get_ntohs(next_tvb, data_offset);
959 register_tree = proto_tree_add_subtree_format( tree, next_tvb, data_offset, 2,
960 ett_register, NULL, "Register %u (UINT16): %u", reg_num, data16);
961
962 regnum_ti = proto_tree_add_uint(register_tree, hf_modbus_regnum16, next_tvb, 0, 0, reg_num);
963 proto_item_set_generated(regnum_ti);
964 proto_tree_add_uint(register_tree, hf_modbus_regval_uint16, next_tvb, data_offset, 2, data16);
965
966 data_offset += 2;
967 reg_num += 1;
968 break;
969 case MODBUS_PREF_REGISTER_FORMAT_INT16: /* Standard-size signed integer 16-bit register */
970 data16s = tvb_get_ntohs(next_tvb, data_offset);
971 register_tree = proto_tree_add_subtree_format( tree, next_tvb, data_offset, 2,
972 ett_register, NULL, "Register %u (INT16): %d", reg_num, data16s);
973
974 regnum_ti = proto_tree_add_uint(register_tree, hf_modbus_regnum16, next_tvb, 0, 0, reg_num);
975 proto_item_set_generated(regnum_ti);
976 proto_tree_add_int(register_tree, hf_modbus_regval_int16, next_tvb, data_offset, 2, data16s);
977
978 data_offset += 2;
979 reg_num += 1;
980 break;
981 case MODBUS_PREF_REGISTER_FORMAT_UINT32: /* Double-size 32-bit unsigned integer (2 sequential 16-bit registers) */
982 data32 = tvb_get_ntohl(next_tvb, data_offset);
983 register_tree = proto_tree_add_subtree_format( tree, next_tvb, data_offset, 4,
984 ett_register, NULL, "Register %u (UINT32): %u", reg_num, data32);
985
986 regnum_ti = proto_tree_add_uint(register_tree, hf_modbus_regnum32, next_tvb, 0, 0, reg_num);
987 proto_item_set_generated(regnum_ti);
988 proto_tree_add_uint(register_tree, hf_modbus_regval_uint32, next_tvb, data_offset, 4, data32);
989
990 data_offset += 4;
991 reg_num += 2;
992 break;
993 case MODBUS_PREF_REGISTER_FORMAT_INT32: /* Double-size 32-bit signed integer (2 sequential 16-bit registers) */
994 data32s = tvb_get_ntohl(next_tvb, data_offset);
995 register_tree = proto_tree_add_subtree_format( tree, next_tvb, data_offset, 4,
996 ett_register, NULL, "Register %u (INT32): %d", reg_num, data32s);
997
998 regnum_ti = proto_tree_add_uint(register_tree, hf_modbus_regnum32, next_tvb, 0, 0, reg_num);
999 proto_item_set_generated(regnum_ti);
1000 proto_tree_add_int(register_tree, hf_modbus_regval_int32, next_tvb, data_offset, 4, data32s);
1001
1002 data_offset += 4;
1003 reg_num += 2;
1004 break;
1005 case MODBUS_PREF_REGISTER_FORMAT_IEEE_FLOAT: /* 32-bit IEEE Floating Point, (2 sequential 16-bit registers) */
1006 data_float = tvb_get_ntohieee_float(next_tvb, data_offset);
1007
1008 register_tree = proto_tree_add_subtree_format( tree, next_tvb, data_offset, 4,
1009 ett_register, NULL, "Register %u (IEEE Float): %f", reg_num, data_float);
1010
1011 regnum_ti = proto_tree_add_uint(register_tree, hf_modbus_regnum32, next_tvb, 0, 0, reg_num);
1012 proto_item_set_generated(regnum_ti);
1013 proto_tree_add_float(register_tree, hf_modbus_regval_ieee_float, next_tvb, data_offset, 4, data_float);
1014
1015 data_offset += 4;
1016 reg_num += 2;
1017 break;
1018 case MODBUS_PREF_REGISTER_FORMAT_MODICON_FLOAT: /* Modicon Floating Point (word-swapped, 2 sequential 16-bit registers) */
1019 /* Modicon-style Floating Point values are stored in reverse-word order. */
1020 /* ie: a standard IEEE float value 59.991459 is equal to 0x426ff741 */
1021 /* while the Modicon equivalent to this value is 0xf741426f */
1022 /* To re-assemble a proper IEEE float, we must retrieve the 2 x 16-bit words, bit-shift the */
1023 /* "hi" component by 16-bits and then OR them together into a combined 32-bit int. */
1024 /* Following that operation, use some memcpy magic to copy the 4 raw data bytes from the */
1025 /* 32-bit integer into a standard float. Not sure if there is a cleaner way possible using */
1026 /* the Wireshark libraries, but this seems to work OK. */
1027
1028 modflt_lo = tvb_get_ntohs(next_tvb, data_offset);
1029 modflt_hi = tvb_get_ntohs(next_tvb, data_offset+2);
1030 modflt_comb = (uint32_t)(modflt_hi<<16) | modflt_lo;
1031 memcpy(&modfloat, &modflt_comb, 4);
1032
1033 register_tree = proto_tree_add_subtree_format( tree, next_tvb, data_offset, 4,
1034 ett_register, NULL, "Register %u (Modicon Float): %f", reg_num, modfloat);
1035
1036 regnum_ti = proto_tree_add_uint(register_tree, hf_modbus_regnum32, next_tvb, 0, 0, reg_num);
1037 proto_item_set_generated(regnum_ti);
1038 proto_tree_add_float(register_tree, hf_modbus_regval_modicon_float, next_tvb, data_offset, 4, modfloat);
1039
1040 data_offset += 4;
1041 reg_num += 2;
1042 break;
1043 default:
1044 /* Avoid any chance of an infinite loop */
1045 data_offset = payload_len;
1046 break;
1047 } /* register format switch */
1048
1049 } /* while loop */
1050
1051 break;
1052
1053 default:
1054 if ( ! dissector_try_string(modbus_data_dissector_table, "data", next_tvb, pinfo, tree, NULL) )
1055 proto_tree_add_item(tree, hf_modbus_data, tvb, payload_start, payload_len, ENC_NA);
1056 break;
1057 }
1058 }
1059
1060 /* Code to dissect Modbus request message */
1061 static int
1062 dissect_modbus_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *modbus_tree, uint8_t function_code, int payload_start, int payload_len, modbus_pkt_info_t *pkt_info)
1063 {
1064 proto_tree *group_tree;
1065 int byte_cnt, num_reg, group_offset, ii;
1066 uint8_t mei_code;
1067 uint16_t reg_base=0, diagnostic_code;
1068 uint32_t group_byte_cnt, group_word_cnt;
1069
1070 if (!pkt_info) {
1071 return 0;
1072 }
1073
1074 switch (function_code) {
1075
1076 case READ_COILS:
1077 case READ_DISCRETE_INPUTS:
1078 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1079 proto_tree_add_item(modbus_tree, hf_modbus_bitcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1080 break;
1081
1082 case READ_HOLDING_REGS:
1083 case READ_INPUT_REGS:
1084 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1085 proto_tree_add_item(modbus_tree, hf_modbus_wordcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1086 break;
1087
1088 case WRITE_SINGLE_COIL:
1089 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1090 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 2, 1, pkt_info->register_format, reg_base, 0);
1091 proto_tree_add_item(modbus_tree, hf_modbus_padding, tvb, payload_start + 3, 1, ENC_NA);
1092 break;
1093
1094 case WRITE_SINGLE_REG:
1095 reg_base = tvb_get_ntohs(tvb, payload_start);
1096 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1097 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 2, 2, pkt_info->register_format, reg_base, 0);
1098 break;
1099
1100 case READ_EXCEPT_STAT:
1101 /* Do Nothing */
1102 break;
1103
1104 case DIAGNOSTICS:
1105 diagnostic_code = tvb_get_ntohs(tvb, payload_start);
1106 proto_tree_add_uint(modbus_tree, hf_modbus_diag_sf, tvb, payload_start, 2, diagnostic_code);
1107 switch(diagnostic_code)
1108 {
1109 case RETURN_QUERY_DATA:
1110 if (payload_len > 2)
1111 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_query_data_request, tvb, payload_start+2, payload_len-2, ENC_NA);
1112 break;
1113 case RESTART_COMMUNICATION_OPTION:
1114 proto_tree_add_item(modbus_tree, hf_modbus_diag_restart_communication_option, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1115 break;
1116 case CHANGE_ASCII_INPUT_DELIMITER:
1117 proto_tree_add_item(modbus_tree, hf_modbus_diag_ascii_input_delimiter, tvb, payload_start+2, 1, ENC_BIG_ENDIAN);
1118 break;
1119 case RETURN_DIAGNOSTIC_REGISTER: /* 00 00 Data Field */
1120 case FORCE_LISTEN_ONLY_MODE: /* 00 00 Data Field */
1121 case CLEAR_COUNTERS_AND_DIAG_REG: /* 00 00 Data Field */
1122 case RETURN_BUS_MESSAGE_COUNT: /* 00 00 Data Field */
1123 case RETURN_BUS_COMM_ERROR_COUNT: /* 00 00 Data Field */
1124 case RETURN_BUS_EXCEPTION_ERROR_COUNT: /* 00 00 Data Field */
1125 case RETURN_SLAVE_MESSAGE_COUNT: /* 00 00 Data Field */
1126 case RETURN_SLAVE_NO_RESPONSE_COUNT: /* 00 00 Data Field */
1127 case RETURN_SLAVE_NAK_COUNT: /* 00 00 Data Field */
1128 case RETURN_SLAVE_BUSY_COUNT: /* 00 00 Data Field */
1129 case RETURN_BUS_CHAR_OVERRUN_COUNT: /* 00 00 Data Field */
1130 case CLEAR_OVERRUN_COUNTER_AND_FLAG:
1131 default:
1132 if (payload_len > 2)
1133 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start+2, payload_len-2, pkt_info->register_format, reg_base, 0);
1134 break;
1135 }
1136 break;
1137 case WRITE_MULT_COILS:
1138 reg_base = tvb_get_ntohs(tvb, payload_start);
1139 num_reg = tvb_get_ntohs(tvb, payload_start + 2);
1140 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1141 proto_tree_add_item(modbus_tree, hf_modbus_bitcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1142 byte_cnt = (uint32_t)tvb_get_uint8(tvb, payload_start + 4);
1143 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start + 4, 1, byte_cnt);
1144 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 5, byte_cnt, pkt_info->register_format, reg_base, num_reg);
1145 break;
1146
1147 case WRITE_MULT_REGS:
1148 reg_base = tvb_get_ntohs(tvb, payload_start);
1149 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1150 proto_tree_add_item(modbus_tree, hf_modbus_wordcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1151 byte_cnt = (uint32_t)tvb_get_uint8(tvb, payload_start + 4);
1152 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start + 4, 1, byte_cnt);
1153 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 5, byte_cnt, pkt_info->register_format, reg_base, 0);
1154 break;
1155
1156 case READ_FILE_RECORD:
1157 byte_cnt = (uint32_t)tvb_get_uint8(tvb, payload_start);
1158 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1,
1159 byte_cnt);
1160
1161 /* add subtrees to describe each group of packet */
1162 group_offset = payload_start + 1;
1163 for (ii = 0; ii < byte_cnt / 7; ii++) {
1164 group_tree = proto_tree_add_subtree_format( modbus_tree, tvb, group_offset, 7,
1165 ett_group_hdr, NULL, "Group %u", ii);
1166 proto_tree_add_item(group_tree, hf_modbus_reftype, tvb, group_offset, 1, ENC_BIG_ENDIAN);
1167 proto_tree_add_item(group_tree, hf_modbus_lreference, tvb, group_offset + 1, 4, ENC_BIG_ENDIAN);
1168 proto_tree_add_item(group_tree, hf_modbus_wordcnt, tvb, group_offset + 5, 2, ENC_BIG_ENDIAN);
1169 group_offset += 7;
1170 }
1171 break;
1172
1173 case WRITE_FILE_RECORD:
1174 byte_cnt = (uint32_t)tvb_get_uint8(tvb, payload_start);
1175 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1, byte_cnt);
1176
1177 /* add subtrees to describe each group of packet */
1178 group_offset = payload_start + 1;
1179 ii = 0;
1180 while (byte_cnt > 0) {
1181 group_word_cnt = tvb_get_ntohs(tvb, group_offset + 5);
1182 group_byte_cnt = (2 * group_word_cnt) + 7;
1183 group_tree = proto_tree_add_subtree_format( modbus_tree, tvb, group_offset,
1184 group_byte_cnt, ett_group_hdr, NULL, "Group %u", ii);
1185 proto_tree_add_item(group_tree, hf_modbus_reftype, tvb, group_offset, 1, ENC_BIG_ENDIAN);
1186 proto_tree_add_item(group_tree, hf_modbus_lreference, tvb, group_offset + 1, 4, ENC_BIG_ENDIAN);
1187 proto_tree_add_uint(group_tree, hf_modbus_wordcnt, tvb, group_offset + 5, 2, group_word_cnt);
1188 dissect_modbus_data(tvb, pinfo, group_tree, function_code, group_offset + 7, group_byte_cnt - 7, pkt_info->register_format, reg_base, 0);
1189 group_offset += group_byte_cnt;
1190 byte_cnt -= group_byte_cnt;
1191 ii++;
1192 }
1193 break;
1194
1195 case MASK_WRITE_REG:
1196 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1197 proto_tree_add_item(modbus_tree, hf_modbus_andmask, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1198 proto_tree_add_item(modbus_tree, hf_modbus_ormask, tvb, payload_start + 4, 2, ENC_BIG_ENDIAN);
1199 break;
1200
1201 case READ_WRITE_REG:
1202 proto_tree_add_item(modbus_tree, hf_modbus_readref, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1203 proto_tree_add_item(modbus_tree, hf_modbus_readwordcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1204 proto_tree_add_item(modbus_tree, hf_modbus_writeref, tvb, payload_start + 4, 2, ENC_BIG_ENDIAN);
1205 proto_tree_add_item(modbus_tree, hf_modbus_writewordcnt, tvb, payload_start + 6, 2, ENC_BIG_ENDIAN);
1206 byte_cnt = (uint32_t)tvb_get_uint8(tvb, payload_start + 8);
1207 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start + 8, 1, byte_cnt);
1208 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 9, byte_cnt, pkt_info->register_format, reg_base, 0);
1209 break;
1210
1211 case READ_FIFO_QUEUE:
1212 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1213 break;
1214
1215 case ENCAP_INTERFACE_TRANSP:
1216 proto_tree_add_item(modbus_tree, hf_modbus_mei, tvb, payload_start, 1, ENC_BIG_ENDIAN);
1217 mei_code = tvb_get_uint8(tvb, payload_start);
1218 switch (mei_code)
1219 {
1220 case READ_DEVICE_ID:
1221 proto_tree_add_item(modbus_tree, hf_modbus_read_device_id, tvb, payload_start+1, 1, ENC_BIG_ENDIAN);
1222 proto_tree_add_item(modbus_tree, hf_modbus_object_id, tvb, payload_start+2, 1, ENC_BIG_ENDIAN);
1223 break;
1224
1225 case CANOPEN_REQ_RESP:
1226 /* CANopen protocol not part of the Modbus/TCP specification */
1227 default:
1228 if (payload_len > 1)
1229 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start, payload_len-1, pkt_info->register_format, reg_base, 0);
1230 break;
1231 }
1232
1233 break;
1234
1235 case REPORT_SLAVE_ID:
1236 default:
1237 if (payload_len > 0)
1238 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start, payload_len, pkt_info->register_format, reg_base, 0);
1239 break;
1240
1241 } /* Function Code */
1242
1243 return tvb_captured_length(tvb);
1244 }
1245
1246 /* Code to dissect Modbus Response message */
1247 static int
1248 dissect_modbus_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *modbus_tree, uint8_t function_code, int payload_start, int payload_len, modbus_pkt_info_t *pkt_info)
1249 {
1250
1251 proto_tree *group_tree, *event_tree, *event_item_tree, *device_objects_tree, *device_objects_item_tree;
1252 proto_item *mei;
1253 int byte_cnt, group_offset, event_index, object_index, object_len, num_objects, ii;
1254 uint8_t object_type, mei_code, event_code;
1255 uint16_t diagnostic_code, num_reg;
1256 uint32_t group_byte_cnt, group_word_cnt;
1257
1258 nstime_t response_time;
1259 proto_item *request_frame_item, *response_time_item;
1260
1261 if (!pkt_info) {
1262 return 0;
1263 }
1264
1265 num_reg = pkt_info->num_reg;
1266
1267 if (pkt_info->request_found == true) {
1268 request_frame_item = proto_tree_add_uint(modbus_tree, hf_modbus_request_frame, tvb, 0, 0, pkt_info->req_frame_num);
1269 proto_item_set_generated(request_frame_item);
1270
1271 nstime_delta(&response_time, &pinfo->abs_ts, &pkt_info->req_time);
1272 response_time_item = proto_tree_add_time(modbus_tree, hf_modbus_response_time, tvb, 0, 0, &response_time);
1273 proto_item_set_generated(response_time_item);
1274 }
1275
1276 switch (function_code) {
1277
1278 case READ_COILS:
1279 case READ_DISCRETE_INPUTS:
1280 byte_cnt = (uint32_t)tvb_get_uint8(tvb, payload_start);
1281 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1, byte_cnt);
1282 //if the request wasn't found set number of coils based on byte count
1283 if (!pkt_info->request_found)
1284 num_reg = byte_cnt*8;
1285 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 1, byte_cnt, pkt_info->register_format, pkt_info->reg_base, num_reg);
1286 break;
1287
1288 case READ_HOLDING_REGS:
1289 case READ_INPUT_REGS:
1290 byte_cnt = (uint32_t)tvb_get_uint8(tvb, payload_start);
1291 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1, byte_cnt);
1292 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 1, byte_cnt, pkt_info->register_format, pkt_info->reg_base, 0);
1293 break;
1294
1295 case WRITE_SINGLE_COIL:
1296 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1297 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 2, 1, pkt_info->register_format, pkt_info->reg_base, 0);
1298 proto_tree_add_item(modbus_tree, hf_modbus_padding, tvb, payload_start + 3, 1, ENC_NA);
1299 break;
1300
1301 case WRITE_SINGLE_REG:
1302 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1303 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 2, 2, pkt_info->register_format, pkt_info->reg_base, 0);
1304 break;
1305
1306 case READ_EXCEPT_STAT:
1307 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start, 1, pkt_info->register_format, pkt_info->reg_base, 0);
1308 break;
1309
1310 case DIAGNOSTICS:
1311 diagnostic_code = tvb_get_ntohs(tvb, payload_start);
1312 proto_tree_add_uint(modbus_tree, hf_modbus_diag_sf, tvb, payload_start, 2, diagnostic_code);
1313 switch(diagnostic_code)
1314 {
1315 case RETURN_QUERY_DATA: /* Echo of Request */
1316 if (payload_len > 2)
1317 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_query_data_echo, tvb, payload_start+2, payload_len-2, ENC_NA);
1318 break;
1319 case RESTART_COMMUNICATION_OPTION: /* Echo of Request */
1320 proto_tree_add_item(modbus_tree, hf_modbus_diag_restart_communication_option, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1321 break;
1322 case RETURN_DIAGNOSTIC_REGISTER:
1323 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_diag_register, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1324 break;
1325 case CHANGE_ASCII_INPUT_DELIMITER: /* XXX - Do we expect this to ever be a response? */
1326 proto_tree_add_item(modbus_tree, hf_modbus_diag_ascii_input_delimiter, tvb, payload_start+2, 1, ENC_BIG_ENDIAN);
1327 break;
1328 case CLEAR_COUNTERS_AND_DIAG_REG: /* Echo of Request */
1329 proto_tree_add_item(modbus_tree, hf_modbus_diag_clear_ctr_diag_reg, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1330 break;
1331 case RETURN_BUS_MESSAGE_COUNT:
1332 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_bus_message_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1333 break;
1334 case RETURN_BUS_COMM_ERROR_COUNT:
1335 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_bus_comm_error_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1336 break;
1337 case RETURN_BUS_EXCEPTION_ERROR_COUNT:
1338 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_bus_exception_error_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1339 break;
1340 case RETURN_SLAVE_MESSAGE_COUNT:
1341 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_slave_message_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1342 break;
1343 case RETURN_SLAVE_NO_RESPONSE_COUNT:
1344 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_no_slave_response_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1345 break;
1346 case RETURN_SLAVE_NAK_COUNT:
1347 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_slave_nak_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1348 break;
1349 case RETURN_SLAVE_BUSY_COUNT:
1350 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_slave_busy_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1351 break;
1352 case RETURN_BUS_CHAR_OVERRUN_COUNT:
1353 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_bus_char_overrun_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1354 break;
1355 case CLEAR_OVERRUN_COUNTER_AND_FLAG: /* Echo of Request */
1356 case FORCE_LISTEN_ONLY_MODE: /* No response anticipated */
1357 default:
1358 if (payload_len > 2)
1359 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start+2, payload_len-2, pkt_info->register_format, pkt_info->reg_base, 0);
1360 break;
1361 } /* diagnostic_code */
1362 break;
1363
1364 case GET_COMM_EVENT_CTRS:
1365 proto_tree_add_item(modbus_tree, hf_modbus_status, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1366 proto_tree_add_item(modbus_tree, hf_modbus_event_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1367 break;
1368
1369 case GET_COMM_EVENT_LOG:
1370 byte_cnt = (uint32_t)tvb_get_uint8(tvb, payload_start);
1371 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1, byte_cnt);
1372 proto_tree_add_item(modbus_tree, hf_modbus_status, tvb, payload_start+1, 2, ENC_BIG_ENDIAN);
1373 proto_tree_add_item(modbus_tree, hf_modbus_event_count, tvb, payload_start+3, 2, ENC_BIG_ENDIAN);
1374 proto_tree_add_item(modbus_tree, hf_modbus_message_count, tvb, payload_start+5, 2, ENC_BIG_ENDIAN);
1375 if (byte_cnt-6 > 0) {
1376 byte_cnt -= 6;
1377 event_index = 0;
1378 event_tree = proto_tree_add_subtree(modbus_tree, tvb, payload_start+7, byte_cnt, ett_events, NULL, "Events");
1379 while (byte_cnt > 0) {
1380 event_code = tvb_get_uint8(tvb, payload_start+7+event_index);
1381 if (event_code == 0) {
1382 proto_tree_add_uint_format(event_tree, hf_modbus_event, tvb, payload_start+7+event_index, 1, event_code, "Initiated Communication Restart");
1383 }
1384 else if (event_code == 4) {
1385 proto_tree_add_uint_format(event_tree, hf_modbus_event, tvb, payload_start+7+event_index, 1, event_code, "Entered Listen Only Mode");
1386 }
1387 else if (event_code & REMOTE_DEVICE_RECV_EVENT_MASK) {
1388 mei = proto_tree_add_uint_format(event_tree, hf_modbus_event, tvb, payload_start+7+event_index, 1,
1389 event_code, "Receive Event: 0x%02X", event_code);
1390 event_item_tree = proto_item_add_subtree(mei, ett_events_recv);
1391
1392 /* add subtrees to describe each event bit */
1393 proto_tree_add_item(event_item_tree, hf_modbus_event_recv_comm_err,
1394 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1395 proto_tree_add_item(event_item_tree, hf_modbus_event_recv_char_over,
1396 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1397 proto_tree_add_item(event_item_tree, hf_modbus_event_recv_lo_mode,
1398 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1399 proto_tree_add_item(event_item_tree, hf_modbus_event_recv_broadcast,
1400 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1401 }
1402 else if ((event_code & REMOTE_DEVICE_SEND_EVENT_MASK) == REMOTE_DEVICE_SEND_EVENT_VALUE) {
1403 mei = proto_tree_add_uint_format(event_tree, hf_modbus_event, tvb, payload_start+7+event_index, 1,
1404 event_code, "Send Event: 0x%02X", event_code);
1405 event_item_tree = proto_item_add_subtree(mei, ett_events_send);
1406
1407 /* add subtrees to describe each event bit */
1408 proto_tree_add_item(event_item_tree, hf_modbus_event_send_read_ex,
1409 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1410 proto_tree_add_item(event_item_tree, hf_modbus_event_send_slave_abort_ex,
1411 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1412 proto_tree_add_item(event_item_tree, hf_modbus_event_send_slave_busy_ex,
1413 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1414 proto_tree_add_item(event_item_tree, hf_modbus_event_send_slave_nak_ex,
1415 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1416 proto_tree_add_item(event_item_tree, hf_modbus_event_send_write_timeout,
1417 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1418 proto_tree_add_item(event_item_tree, hf_modbus_event_send_lo_mode,
1419 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1420 }
1421 else {
1422 proto_tree_add_uint_format(event_tree, hf_modbus_event, tvb, payload_start+7+event_index, 1, event_code, "Unknown Event");
1423 }
1424
1425 byte_cnt--;
1426 event_index++;
1427 }
1428 }
1429 break;
1430
1431 case WRITE_MULT_COILS:
1432 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1433 proto_tree_add_item(modbus_tree, hf_modbus_bitcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1434 break;
1435
1436 case WRITE_MULT_REGS:
1437 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1438 proto_tree_add_item(modbus_tree, hf_modbus_wordcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1439 break;
1440
1441 case READ_FILE_RECORD:
1442 byte_cnt = (uint32_t)tvb_get_uint8(tvb, payload_start);
1443 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1,
1444 byte_cnt);
1445
1446 /* add subtrees to describe each group of packet */
1447 group_offset = payload_start + 1;
1448 ii = 0;
1449 while (byte_cnt > 0) {
1450 group_byte_cnt = (uint32_t)tvb_get_uint8(tvb, group_offset);
1451 group_tree = proto_tree_add_subtree_format( modbus_tree, tvb, group_offset, group_byte_cnt + 1,
1452 ett_group_hdr, NULL, "Group %u", ii);
1453 proto_tree_add_uint(group_tree, hf_modbus_bytecnt, tvb, group_offset, 1,
1454 group_byte_cnt);
1455 proto_tree_add_item(group_tree, hf_modbus_reftype, tvb, group_offset + 1, 1, ENC_BIG_ENDIAN);
1456 dissect_modbus_data(tvb, pinfo, group_tree, function_code, group_offset + 2, group_byte_cnt - 1, pkt_info->register_format, pkt_info->reg_base, 0);
1457 group_offset += (group_byte_cnt + 1);
1458 byte_cnt -= (group_byte_cnt + 1);
1459 ii++;
1460 }
1461 break;
1462
1463 case WRITE_FILE_RECORD: /* Normal response is echo of request */
1464 byte_cnt = (uint32_t)tvb_get_uint8(tvb, payload_start);
1465 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1, byte_cnt);
1466
1467 /* add subtrees to describe each group of packet */
1468 group_offset = payload_start + 1;
1469 ii = 0;
1470 while (byte_cnt > 0) {
1471 group_word_cnt = tvb_get_ntohs(tvb, group_offset + 5);
1472 group_byte_cnt = (2 * group_word_cnt) + 7;
1473 group_tree = proto_tree_add_subtree_format( modbus_tree, tvb, group_offset,
1474 group_byte_cnt, ett_group_hdr, NULL, "Group %u", ii);
1475 proto_tree_add_item(group_tree, hf_modbus_reftype, tvb, group_offset, 1, ENC_BIG_ENDIAN);
1476 proto_tree_add_item(group_tree, hf_modbus_lreference, tvb, group_offset + 1, 4, ENC_BIG_ENDIAN);
1477 proto_tree_add_uint(group_tree, hf_modbus_wordcnt, tvb, group_offset + 5, 2, group_word_cnt);
1478 dissect_modbus_data(tvb, pinfo, group_tree, function_code, group_offset + 7, group_byte_cnt - 7, pkt_info->register_format, pkt_info->reg_base, 0);
1479 group_offset += group_byte_cnt;
1480 byte_cnt -= group_byte_cnt;
1481 ii++;
1482 }
1483 break;
1484
1485 case MASK_WRITE_REG: /* Normal response is echo of request */
1486 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1487 proto_tree_add_item(modbus_tree, hf_modbus_andmask, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1488 proto_tree_add_item(modbus_tree, hf_modbus_ormask, tvb, payload_start + 4, 2, ENC_BIG_ENDIAN);
1489 break;
1490
1491 case READ_WRITE_REG:
1492 byte_cnt = (uint32_t)tvb_get_uint8(tvb, payload_start);
1493 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1, byte_cnt);
1494 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 1, byte_cnt, pkt_info->register_format, pkt_info->reg_base, 0);
1495 break;
1496
1497 case READ_FIFO_QUEUE:
1498 byte_cnt = (uint32_t)tvb_get_ntohs(tvb, payload_start);
1499 proto_tree_add_uint(modbus_tree, hf_modbus_lbytecnt, tvb, payload_start, 2, byte_cnt);
1500 proto_tree_add_item(modbus_tree, hf_modbus_wordcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1501 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 4, byte_cnt - 2, pkt_info->register_format, pkt_info->reg_base, 0);
1502 break;
1503
1504 case ENCAP_INTERFACE_TRANSP:
1505 proto_tree_add_item(modbus_tree, hf_modbus_mei, tvb, payload_start, 1, ENC_BIG_ENDIAN);
1506 mei_code = tvb_get_uint8(tvb, payload_start);
1507 switch (mei_code)
1508 {
1509 case READ_DEVICE_ID:
1510 proto_tree_add_item(modbus_tree, hf_modbus_read_device_id, tvb, payload_start+1, 1, ENC_BIG_ENDIAN);
1511 proto_tree_add_item(modbus_tree, hf_modbus_conformity_level, tvb, payload_start+2, 1, ENC_BIG_ENDIAN);
1512 proto_tree_add_item(modbus_tree, hf_modbus_more_follows, tvb, payload_start+3, 1, ENC_BIG_ENDIAN);
1513 proto_tree_add_item(modbus_tree, hf_modbus_next_object_id, tvb, payload_start+4, 1, ENC_BIG_ENDIAN);
1514 num_objects = tvb_get_uint8(tvb, payload_start+5);
1515 proto_tree_add_uint(modbus_tree, hf_modbus_num_objects, tvb, payload_start+5, 1, num_objects);
1516 device_objects_tree = proto_tree_add_subtree(modbus_tree, tvb, payload_start+6, payload_len-6,
1517 ett_device_id_objects, NULL, "Objects");
1518
1519 object_index = 0;
1520 for (ii = 0; ii < num_objects; ii++)
1521 {
1522 /* add each "object item" as its own subtree */
1523
1524 /* compute length of object */
1525 object_type = tvb_get_uint8(tvb, payload_start+6+object_index);
1526 object_len = tvb_get_uint8(tvb, payload_start+6+object_index+1);
1527
1528 device_objects_item_tree = proto_tree_add_subtree_format(device_objects_tree, tvb, payload_start+6+object_index, 2+object_len,
1529 ett_device_id_object_items, NULL, "Object #%d", ii+1);
1530
1531 proto_tree_add_item(device_objects_item_tree, hf_modbus_object_id, tvb, payload_start+6+object_index, 1, ENC_BIG_ENDIAN);
1532 object_index++;
1533
1534 proto_tree_add_uint(device_objects_item_tree, hf_modbus_list_object_len, tvb, payload_start+6+object_index, 1, object_len);
1535 object_index++;
1536
1537 if (object_type < 7)
1538 {
1539 proto_tree_add_item(device_objects_item_tree, hf_modbus_object_str_value, tvb, payload_start+6+object_index, object_len, ENC_ASCII);
1540 }
1541 else
1542 {
1543 if (object_len > 0)
1544 proto_tree_add_item(device_objects_item_tree, hf_modbus_object_value, tvb, payload_start+6+object_index, object_len, ENC_NA);
1545 }
1546 object_index += object_len;
1547 } /* for ii */
1548 break;
1549
1550 case CANOPEN_REQ_RESP:
1551 /* CANopen protocol not part of the Modbus/TCP specification */
1552 default:
1553 if (payload_len > 1)
1554 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start, payload_len-1, pkt_info->register_format, pkt_info->reg_base, 0);
1555 break;
1556 } /* mei_code */
1557 break;
1558
1559 case REPORT_SLAVE_ID:
1560 default:
1561 if (payload_len > 0)
1562 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start, payload_len, pkt_info->register_format, pkt_info->reg_base, 0);
1563 break;
1564
1565 } /* function code */
1566
1567 return tvb_captured_length(tvb);
1568 }
1569
1570
1571 /* Dissect the Modbus Payload. Called from either Modbus/TCP or Modbus RTU Dissector */
1572 static int
1573 dissect_modbus(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
1574 {
1575 proto_tree *modbus_tree;
1576 proto_item *mi;
1577 int offset = 0;
1578 modbus_data_t *modbus_data = (modbus_data_t*)data;
1579 int payload_start, payload_len, len;
1580 uint8_t function_code, exception_code;
1581 modbus_pkt_info_t *pkt_info;
1582 uint32_t conv_key;
1583
1584 /* Reject the packet if data passed from the mbrtu or mbtcp dissector is NULL */
1585 if (modbus_data == NULL)
1586 return 0;
1587
1588 len = tvb_captured_length(tvb);
1589
1590 /* If the packet is zero-length, we should not attempt to dissect any further */
1591 if (len == 0)
1592 return 0;
1593
1594 /* Add items to protocol tree specific to Modbus */
1595 mi = proto_tree_add_protocol_format(tree, proto_modbus, tvb, offset, len, "Modbus");
1596 modbus_tree = proto_item_add_subtree(mi, ett_modbus_hdr);
1597
1598 function_code = tvb_get_uint8(tvb, offset) & 0x7F;
1599 proto_tree_add_item(modbus_tree, hf_modbus_functioncode, tvb, offset, 1, ENC_BIG_ENDIAN);
1600
1601 /* Conversation support */
1602 /* Use a combination of unit and transaction-id as key for identifying a request to a response*/
1603 conv_key = (uint32_t)modbus_data->mbtcp_transid | ((uint32_t)modbus_data->unit_id << 16);
1604 if (!pinfo->fd->visited) {
1605 conversation_t *conversation = NULL;
1606 modbus_conversation *modbus_conv_data = NULL;
1607
1608 /* Find a conversation, create a new if no one exists */
1609 conversation = find_or_create_conversation(pinfo);
1610 modbus_conv_data = (modbus_conversation *)conversation_get_proto_data(conversation, proto_modbus);
1611 pkt_info = wmem_new0(wmem_file_scope(), modbus_pkt_info_t);
1612
1613 if (modbus_conv_data == NULL){
1614 modbus_conv_data = wmem_new(wmem_file_scope(), modbus_conversation);
1615 modbus_conv_data->modbus_request_frame_data = wmem_list_new(wmem_file_scope());
1616 modbus_conv_data->register_format = global_mbus_register_format;
1617 conversation_add_proto_data(conversation, proto_modbus, (void *)modbus_conv_data);
1618 }
1619
1620 pkt_info->register_format = modbus_conv_data->register_format;
1621
1622 if (modbus_data->packet_type == QUERY_PACKET) {
1623 /*create the modbus_request frame. It holds the request information.*/
1624 modbus_request_info_t *frame_ptr = wmem_new0(wmem_file_scope(), modbus_request_info_t);
1625 int captured_length = tvb_captured_length(tvb);
1626
1627 /* load information into the modbus request frame */
1628 frame_ptr->fnum = pinfo->num;
1629 frame_ptr->function_code = function_code;
1630 frame_ptr->mbtcp_transid = modbus_data->mbtcp_transid;
1631 frame_ptr->unit_id = modbus_data->unit_id;
1632 if (captured_length >= 3) {
1633 pkt_info->reg_base = frame_ptr->base_address = tvb_get_ntohs(tvb, 1);
1634 if (captured_length >= 5)
1635 pkt_info->num_reg = frame_ptr->num_reg = tvb_get_ntohs(tvb, 3);
1636 }
1637 frame_ptr->req_time = pinfo->abs_ts;
1638
1639 wmem_list_prepend(modbus_conv_data->modbus_request_frame_data, frame_ptr);
1640 }
1641 else if (modbus_data->packet_type == RESPONSE_PACKET) {
1642 uint8_t req_function_code;
1643 uint16_t req_transaction_id;
1644 uint8_t req_unit_id;
1645 uint32_t req_frame_num;
1646 modbus_request_info_t *request_data;
1647
1648 wmem_list_frame_t *frame = wmem_list_head(modbus_conv_data->modbus_request_frame_data);
1649 /* Step backward through all logged instances of request frames, looking for a request frame number that
1650 occurred immediately prior to current frame number that has a matching function code,
1651 unit-id and transaction identifier */
1652 while (frame && !pkt_info->request_found) {
1653 request_data = (modbus_request_info_t *)wmem_list_frame_data(frame);
1654 req_frame_num = request_data->fnum;
1655 req_function_code = request_data->function_code;
1656 req_transaction_id = request_data->mbtcp_transid;
1657 req_unit_id = request_data->unit_id;
1658 if ((pinfo->num > req_frame_num) && (req_function_code == function_code) &&
1659 (req_transaction_id == modbus_data->mbtcp_transid) && (req_unit_id == modbus_data->unit_id)) {
1660 pkt_info->reg_base = request_data->base_address;
1661 pkt_info->num_reg = request_data->num_reg;
1662 pkt_info->request_found = true;
1663 pkt_info->req_frame_num = req_frame_num;
1664 pkt_info->req_time = request_data->req_time;
1665 }
1666 frame = wmem_list_frame_next(frame);
1667 }
1668
1669
1670 }
1671 p_add_proto_data(wmem_file_scope(), pinfo, proto_modbus, conv_key, pkt_info);
1672
1673 }
1674 else { /* !visited */
1675 pkt_info = (modbus_pkt_info_t *)p_get_proto_data(wmem_file_scope(), pinfo, proto_modbus, conv_key);
1676 }
1677
1678
1679 /* Find exception - last bit set in function code */
1680 if (tvb_get_uint8(tvb, offset) & 0x80 ) {
1681 exception_code = tvb_get_uint8(tvb, offset+1);
1682 }
1683 else {
1684 exception_code = 0;
1685 }
1686
1687 payload_start = offset + 1;
1688 payload_len = len - 1;
1689
1690 if (exception_code != 0) {
1691 proto_item_set_text(mi, "Function %u: %s. Exception: %s",
1692 function_code,
1693 val_to_str_const(function_code, function_code_vals, "Unknown Function"),
1694 val_to_str(exception_code,
1695 exception_code_vals,
1696 "Unknown Exception Code (%u)"));
1697 proto_tree_add_uint(modbus_tree, hf_modbus_exceptioncode, tvb, payload_start, 1,
1698 exception_code);
1699 }
1700 else {
1701
1702 /* Follow different dissection path depending on whether packet is query or response */
1703 if (modbus_data->packet_type == QUERY_PACKET) {
1704 dissect_modbus_request(tvb, pinfo, modbus_tree, function_code, payload_start, payload_len, pkt_info);
1705 }
1706 else if (modbus_data->packet_type == RESPONSE_PACKET) {
1707 dissect_modbus_response(tvb, pinfo, modbus_tree, function_code, payload_start, payload_len, pkt_info);
1708 }
1709
1710 }
1711
1712 return tvb_captured_length(tvb);
1713 }
1714
1715 static void
1716 apply_mbtcp_prefs(void)
1717 {
1718 /* Modbus/RTU uses the port preference to determine request/response */
1719 global_mbus_tcp_ports = prefs_get_range_value("mbtcp", "tcp.port");
1720 global_mbus_udp_ports = prefs_get_range_value("mbudp", "udp.port");
1721 global_mbus_tls_ports = prefs_get_range_value("mbtcp", "tls.port");
1722 }
1723
1724 static void
1725 apply_mbrtu_prefs(void)
1726 {
1727 /* Modbus/RTU uses the port preference to determine request/response */
1728 global_mbus_tcp_rtu_ports = prefs_get_range_value("mbrtu", "tcp.port");
1729 global_mbus_udp_rtu_ports = prefs_get_range_value("mbrtu", "udp.port");
1730 }
1731
1732 /* Register the protocol with Wireshark */
1733 void
1734 proto_register_modbus(void)
1735 {
1736 /* Modbus/TCP header fields */
1737 static hf_register_info mbtcp_hf[] = {
1738 { &hf_mbtcp_transid,
1739 { "Transaction Identifier", "mbtcp.trans_id",
1740 FT_UINT16, BASE_DEC, NULL, 0x0,
1741 NULL, HFILL }
1742 },
1743 { &hf_mbtcp_protid,
1744 { "Protocol Identifier", "mbtcp.prot_id",
1745 FT_UINT16, BASE_DEC, NULL, 0x0,
1746 NULL, HFILL }
1747 },
1748 { &hf_mbtcp_len,
1749 { "Length", "mbtcp.len",
1750 FT_UINT16, BASE_DEC, NULL, 0x0,
1751 NULL, HFILL }
1752 },
1753 { &hf_mbtcp_unitid,
1754 { "Unit Identifier", "mbtcp.unit_id",
1755 FT_UINT8, BASE_DEC, NULL, 0x0,
1756 NULL, HFILL }
1757 },
1758 };
1759
1760 static ei_register_info mbtcp_ei[] = {
1761 { &ei_mbtcp_cannot_classify,
1762 { "mbtcp.cannot_classify", PI_PROTOCOL, PI_WARN,
1763 "Cannot classify packet type. Try setting Modbus/TCP Port preference to this destination or source port", EXPFILL }
1764 },
1765 };
1766
1767 /* Modbus RTU header fields */
1768 static hf_register_info mbrtu_hf[] = {
1769 { &hf_mbrtu_unitid,
1770 { "Unit ID", "mbrtu.unit_id",
1771 FT_UINT8, BASE_DEC, NULL, 0x0,
1772 NULL, HFILL }
1773 },
1774 { &hf_mbrtu_crc16,
1775 { "CRC-16", "mbrtu.crc16",
1776 FT_UINT16, BASE_HEX, NULL, 0x0,
1777 NULL, HFILL }
1778 },
1779 { &hf_mbrtu_crc16_status,
1780 { "CRC-16 Status", "mbrtu.crc16.status",
1781 FT_UINT8, BASE_NONE, VALS(proto_checksum_vals), 0x0,
1782 NULL, HFILL }
1783 },
1784 };
1785
1786 static ei_register_info mbrtu_ei[] = {
1787 { &ei_mbrtu_crc16_incorrect,
1788 { "mbrtu.crc16.incorrect", PI_CHECKSUM, PI_WARN,
1789 "Incorrect CRC", EXPFILL }
1790 },
1791 };
1792
1793 /* Modbus header fields */
1794 static hf_register_info hf[] = {
1795 { &hf_modbus_request_frame,
1796 { "Request Frame", "modbus.request_frame",
1797 FT_FRAMENUM, BASE_NONE,
1798 NULL, 0x0,
1799 NULL, HFILL }
1800 },
1801 { &hf_modbus_response_time,
1802 { "Time from request", "modbus.response_time",
1803 FT_RELATIVE_TIME, BASE_NONE,
1804 NULL, 0x0,
1805 "Time between request and reply", HFILL }
1806 },
1807 { &hf_modbus_functioncode,
1808 { "Function Code", "modbus.func_code",
1809 FT_UINT8, BASE_DEC, VALS(function_code_vals), 0x7F,
1810 NULL, HFILL }
1811 },
1812 { &hf_modbus_reference,
1813 { "Reference Number", "modbus.reference_num",
1814 FT_UINT16, BASE_DEC, NULL, 0x0,
1815 NULL, HFILL }
1816 },
1817 { &hf_modbus_padding,
1818 { "Padding", "modbus.padding",
1819 FT_UINT8, BASE_HEX, NULL, 0x0,
1820 NULL, HFILL }
1821 },
1822 { &hf_modbus_lreference,
1823 { "Reference Number (32 bit)", "modbus.reference_num_32",
1824 FT_UINT32, BASE_DEC, NULL, 0x0,
1825 NULL, HFILL }
1826 },
1827 { &hf_modbus_reftype,
1828 { "Reference Type", "modbus.reference_type",
1829 FT_UINT8, BASE_DEC, NULL, 0x0,
1830 NULL, HFILL }
1831 },
1832 { &hf_modbus_readref,
1833 { "Read Reference Number", "modbus.read_reference_num",
1834 FT_UINT16, BASE_DEC, NULL, 0x0,
1835 NULL, HFILL }
1836 },
1837 { &hf_modbus_writeref,
1838 { "Write Reference Number", "modbus.write_reference_num",
1839 FT_UINT16, BASE_DEC, NULL, 0x0,
1840 NULL, HFILL }
1841 },
1842 { &hf_modbus_wordcnt,
1843 { "Word Count", "modbus.word_cnt",
1844 FT_UINT16, BASE_DEC, NULL, 0x0,
1845 NULL, HFILL }
1846 },
1847 { &hf_modbus_readwordcnt,
1848 { "Read Word Count", "modbus.read_word_cnt",
1849 FT_UINT16, BASE_DEC, NULL, 0x0,
1850 NULL, HFILL }
1851 },
1852 { &hf_modbus_writewordcnt,
1853 { "Write Word Count", "modbus.write_word_cnt",
1854 FT_UINT16, BASE_DEC, NULL, 0x0,
1855 NULL, HFILL }
1856 },
1857 { &hf_modbus_bitcnt,
1858 { "Bit Count", "modbus.bit_cnt",
1859 FT_UINT16, BASE_DEC, NULL, 0x0,
1860 NULL, HFILL }
1861 },
1862 { &hf_modbus_bytecnt,
1863 { "Byte Count", "modbus.byte_cnt",
1864 FT_UINT8, BASE_DEC, NULL, 0x0,
1865 NULL, HFILL }
1866 },
1867 { &hf_modbus_lbytecnt,
1868 { "Byte Count (16-bit)", "modbus.byte_cnt_16",
1869 FT_UINT16, BASE_DEC, NULL, 0x0,
1870 NULL, HFILL }
1871 },
1872 { &hf_modbus_exceptioncode,
1873 { "Exception Code", "modbus.exception_code",
1874 FT_UINT8, BASE_DEC, VALS(exception_code_vals), 0x0,
1875 NULL, HFILL }
1876 },
1877 { &hf_modbus_diag_sf,
1878 { "Diagnostic Code", "modbus.diagnostic_code",
1879 FT_UINT16, BASE_DEC, VALS(diagnostic_code_vals), 0x0,
1880 NULL, HFILL }
1881 },
1882 { &hf_modbus_diag_return_query_data_request,
1883 { "Request Data", "modbus.diagnostic.return_query_data.request",
1884 FT_BYTES, BASE_NONE, NULL, 0x0,
1885 NULL, HFILL }
1886 },
1887 { &hf_modbus_diag_return_query_data_echo,
1888 { "Echo Data", "modbus.diagnostic.return_query_data.echo",
1889 FT_BYTES, BASE_NONE, NULL, 0x0,
1890 NULL, HFILL }
1891 },
1892 { &hf_modbus_diag_restart_communication_option,
1893 { "Restart Communication Option", "modbus.diagnostic.restart_communication_option",
1894 FT_UINT16, BASE_HEX, VALS(diagnostic_restart_communication_option_vals), 0x0,
1895 NULL, HFILL }
1896 },
1897 { &hf_modbus_diag_return_diag_register,
1898 { "Diagnostic Register Contents", "modbus.diagnostic.return_diag_register",
1899 FT_UINT16, BASE_HEX, NULL, 0x0,
1900 NULL, HFILL }
1901 },
1902 { &hf_modbus_diag_ascii_input_delimiter,
1903 { "CHAR", "modbus.diagnostic.ascii_input_delimiter",
1904 FT_UINT8, BASE_HEX, NULL, 0x0,
1905 NULL, HFILL }
1906 },
1907 { &hf_modbus_diag_clear_ctr_diag_reg,
1908 { "Clear Counters & Diag Register Echo", "modbus.diagnostic.clear_ctr_diag_reg",
1909 FT_UINT16, BASE_DEC, NULL, 0x0,
1910 NULL, HFILL }
1911 },
1912 { &hf_modbus_diag_return_bus_message_count,
1913 { "Total Message Count", "modbus.diagnostic.bus_message_count",
1914 FT_UINT16, BASE_DEC, NULL, 0x0,
1915 NULL, HFILL }
1916 },
1917 { &hf_modbus_diag_return_bus_comm_error_count,
1918 { "CRC Error Count", "modbus.diagnostic.bus_comm_error_count",
1919 FT_UINT16, BASE_DEC, NULL, 0x0,
1920 NULL, HFILL }
1921 },
1922 { &hf_modbus_diag_return_bus_exception_error_count,
1923 { "Exception Error Count", "modbus.diagnostic.bus_exception_error_count",
1924 FT_UINT16, BASE_DEC, NULL, 0x0,
1925 NULL, HFILL }
1926 },
1927 { &hf_modbus_diag_return_slave_message_count,
1928 { "Slave Message Count", "modbus.diagnostic.slave_message_count",
1929 FT_UINT16, BASE_DEC, NULL, 0x0,
1930 NULL, HFILL }
1931 },
1932 { &hf_modbus_diag_return_no_slave_response_count,
1933 { "Slave No Response Count", "modbus.diagnostic.no_slave_response_count",
1934 FT_UINT16, BASE_DEC, NULL, 0x0,
1935 NULL, HFILL }
1936 },
1937 { &hf_modbus_diag_return_slave_nak_count,
1938 { "Slave NAK Count", "modbus.diagnostic.slave_nak_count",
1939 FT_UINT16, BASE_DEC, NULL, 0x0,
1940 NULL, HFILL }
1941 },
1942 { &hf_modbus_diag_return_slave_busy_count,
1943 { "Slave Device Busy Count", "modbus.diagnostic.slave_busy_count",
1944 FT_UINT16, BASE_DEC, NULL, 0x0,
1945 NULL, HFILL }
1946 },
1947 { &hf_modbus_diag_return_bus_char_overrun_count,
1948 { "Slave Character Overrun Count", "modbus.diagnostic.bus_char_overrun_count",
1949 FT_UINT16, BASE_DEC, NULL, 0x0,
1950 NULL, HFILL }
1951 },
1952 { &hf_modbus_status,
1953 { "Status", "modbus.ev_status",
1954 FT_UINT16, BASE_HEX, NULL, 0x0,
1955 NULL, HFILL }
1956 },
1957 { &hf_modbus_event,
1958 { "Event", "modbus.event",
1959 FT_UINT8, BASE_DEC, NULL, 0x0,
1960 NULL, HFILL }
1961 },
1962 { &hf_modbus_event_count,
1963 { "Event Count", "modbus.ev_count",
1964 FT_UINT16, BASE_DEC, NULL, 0x0,
1965 NULL, HFILL }
1966 },
1967 { &hf_modbus_message_count,
1968 { "Message Count", "modbus.ev_msg_count",
1969 FT_UINT16, BASE_DEC, NULL, 0x0,
1970 NULL, HFILL }
1971 },
1972 { &hf_modbus_event_recv_comm_err,
1973 { "Communication Error", "modbus.ev_recv_comm_err",
1974 FT_UINT8, BASE_DEC, NULL, 0x02,
1975 NULL, HFILL }
1976 },
1977 { &hf_modbus_event_recv_char_over,
1978 { "Character Overrun", "modbus.ev_recv_char_over",
1979 FT_UINT8, BASE_DEC, NULL, 0x10,
1980 NULL, HFILL }
1981 },
1982 { &hf_modbus_event_recv_lo_mode,
1983 { "Currently in Listen Only Mode", "modbus.ev_recv_lo_mode",
1984 FT_UINT8, BASE_DEC, NULL, 0x20,
1985 NULL, HFILL }
1986 },
1987 { &hf_modbus_event_recv_broadcast,
1988 { "Broadcast Received", "modbus.ev_recv_broadcast",
1989 FT_UINT8, BASE_DEC, NULL, 0x40,
1990 NULL, HFILL }
1991 },
1992 { &hf_modbus_event_send_read_ex,
1993 { "Read Exception Sent", "modbus.ev_send_read_ex",
1994 FT_UINT8, BASE_DEC, NULL, 0x01,
1995 NULL, HFILL }
1996 },
1997 { &hf_modbus_event_send_slave_abort_ex,
1998 { "Slave Abort Exception Sent", "modbus.ev_send_slave_abort_ex",
1999 FT_UINT8, BASE_DEC, NULL, 0x02,
2000 NULL, HFILL }
2001 },
2002 { &hf_modbus_event_send_slave_busy_ex,
2003 { "Slave Busy Exception Sent", "modbus.ev_send_slave_busy_ex",
2004 FT_UINT8, BASE_DEC, NULL, 0x04,
2005 NULL, HFILL }
2006 },
2007 { &hf_modbus_event_send_slave_nak_ex,
2008 { "Slave Program NAK Exception Sent", "modbus.ev_send_slave_nak_ex",
2009 FT_UINT8, BASE_DEC, NULL, 0x08,
2010 NULL, HFILL }
2011 },
2012 { &hf_modbus_event_send_write_timeout,
2013 { "Write Timeout Error Occurred", "modbus.ev_send_write_timeout",
2014 FT_UINT8, BASE_DEC, NULL, 0x10,
2015 NULL, HFILL }
2016 },
2017 { &hf_modbus_event_send_lo_mode,
2018 { "Currently in Listen Only Mode", "modbus.ev_send_lo_mode",
2019 FT_UINT8, BASE_DEC, NULL, 0x20,
2020 NULL, HFILL }
2021 },
2022 { &hf_modbus_andmask,
2023 { "AND mask", "modbus.and_mask",
2024 FT_UINT16, BASE_HEX, NULL, 0x0,
2025 NULL, HFILL }
2026 },
2027 { &hf_modbus_ormask,
2028 { "OR mask", "modbus.or_mask",
2029 FT_UINT16, BASE_HEX, NULL, 0x0,
2030 NULL, HFILL }
2031 },
2032 { &hf_modbus_data,
2033 { "Data", "modbus.data",
2034 FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }
2035 },
2036 { &hf_modbus_mei,
2037 { "MEI type", "modbus.mei",
2038 FT_UINT8, BASE_DEC, VALS(encap_interface_code_vals), 0x0,
2039 NULL, HFILL }
2040 },
2041 { &hf_modbus_read_device_id,
2042 { "Read Device ID", "modbus.read_device_id",
2043 FT_UINT8, BASE_DEC, VALS(read_device_id_vals), 0x0,
2044 NULL, HFILL }
2045 },
2046 { &hf_modbus_object_id,
2047 { "Object ID", "modbus.object_id",
2048 FT_UINT8, BASE_DEC, VALS(object_id_vals), 0x0,
2049 NULL, HFILL }
2050 },
2051 { &hf_modbus_num_objects,
2052 { "Number of Objects", "modbus.num_objects",
2053 FT_UINT8, BASE_DEC, NULL, 0x0,
2054 NULL, HFILL }
2055 },
2056 { &hf_modbus_list_object_len,
2057 { "Object length", "modbus.objects_len",
2058 FT_UINT8, BASE_DEC, NULL, 0x0,
2059 NULL, HFILL }
2060 },
2061 { &hf_modbus_conformity_level,
2062 { "Conformity Level", "modbus.conformity_level",
2063 FT_UINT8, BASE_HEX, VALS(conformity_level_vals), 0x0,
2064 NULL, HFILL }
2065 },
2066 { &hf_modbus_more_follows,
2067 { "More Follows", "modbus.more_follows",
2068 FT_UINT8, BASE_HEX, NULL, 0x0,
2069 NULL, HFILL }
2070 },
2071 { &hf_modbus_next_object_id,
2072 { "Next Object ID", "modbus.next_object_id",
2073 FT_UINT8, BASE_DEC, NULL, 0x0,
2074 NULL, HFILL }
2075 },
2076 { &hf_modbus_object_str_value,
2077 { "Object String Value", "modbus.object_str_value",
2078 FT_STRING, BASE_NONE, NULL, 0x0,
2079 NULL, HFILL }
2080 },
2081 { &hf_modbus_object_value,
2082 { "Object Value", "modbus.object_value",
2083 FT_BYTES, BASE_NONE, NULL, 0x0,
2084 NULL, HFILL }
2085 },
2086 { &hf_modbus_bitnum,
2087 { "Bit Number", "modbus.bitnum",
2088 FT_UINT16, BASE_DEC, NULL, 0x0,
2089 NULL, HFILL }
2090 },
2091 { &hf_modbus_bitval,
2092 { "Bit Value", "modbus.bitval",
2093 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2094 NULL, HFILL }
2095 },
2096 { &hf_modbus_regnum16,
2097 { "Register Number", "modbus.regnum16",
2098 FT_UINT16, BASE_DEC, NULL, 0x0,
2099 NULL, HFILL }
2100 },
2101 { &hf_modbus_regnum32,
2102 { "Register Number", "modbus.regnum32",
2103 FT_UINT32, BASE_DEC, NULL, 0x0,
2104 NULL, HFILL }
2105 },
2106 { &hf_modbus_regval_uint16,
2107 { "Register Value (UINT16)", "modbus.regval_uint16",
2108 FT_UINT16, BASE_DEC, NULL, 0x0,
2109 NULL, HFILL }
2110 },
2111 { &hf_modbus_regval_int16,
2112 { "Register Value (INT16)", "modbus.regval_int16",
2113 FT_INT16, BASE_DEC, NULL, 0x0,
2114 NULL, HFILL }
2115 },
2116 { &hf_modbus_regval_uint32,
2117 { "Register Value (UINT32)", "modbus.regval_uint32",
2118 FT_UINT32, BASE_DEC, NULL, 0x0,
2119 NULL, HFILL }
2120 },
2121 { &hf_modbus_regval_int32,
2122 { "Register Value (INT32)", "modbus.regval_int32",
2123 FT_INT32, BASE_DEC, NULL, 0x0,
2124 NULL, HFILL }
2125 },
2126 { &hf_modbus_regval_ieee_float,
2127 { "Register Value (IEEE Float)", "modbus.regval_float",
2128 FT_FLOAT, BASE_NONE, NULL, 0x0,
2129 NULL, HFILL }
2130 },
2131 { &hf_modbus_regval_modicon_float,
2132 { "Register Value (Modicon Float)", "modbus.regval_float",
2133 FT_FLOAT, BASE_NONE, NULL, 0x0,
2134 NULL, HFILL }
2135 },
2136 };
2137
2138 /* Setup protocol subtree array */
2139 static int *ett[] = {
2140 &ett_mbtcp,
2141 &ett_mbrtu,
2142 &ett_modbus_hdr,
2143 &ett_group_hdr,
2144 &ett_events,
2145 &ett_events_recv,
2146 &ett_events_send,
2147 &ett_device_id_objects,
2148 &ett_device_id_object_items,
2149 &ett_bit,
2150 &ett_register
2151 };
2152
2153 static ei_register_info ei[] = {
2154 { &ei_modbus_data_decode,
2155 { "modbus.data.decode", PI_PROTOCOL, PI_WARN,
2156 "Invalid decoding options, register data not a multiple of 4!", EXPFILL }
2157 },
2158 };
2159 module_t *mbtcp_module;
2160 module_t *mbrtu_module;
2161 module_t *modbus_module;
2162 expert_module_t* expert_mbtcp;
2163 expert_module_t* expert_mbrtu;
2164 expert_module_t* expert_modbus;
2165
2166 /* Register the protocol name and description */
2167 proto_mbtcp = proto_register_protocol("Modbus/TCP", "Modbus/TCP", "mbtcp");
2168 proto_mbudp = proto_register_protocol("Modbus/UDP", "Modbus/UDP", "mbudp");
2169 proto_mbrtu = proto_register_protocol("Modbus RTU", "Modbus RTU", "mbrtu");
2170 proto_modbus = proto_register_protocol("Modbus", "Modbus", "modbus");
2171
2172 /* Registering protocol to be called by another dissector */
2173 modbus_handle = register_dissector("modbus", dissect_modbus, proto_modbus);
2174 mbtcp_handle = register_dissector("mbtcp", dissect_mbtcp, proto_mbtcp);
2175 mbtls_handle = register_dissector("mbtls", dissect_mbtls, proto_mbtcp);
2176 mbrtu_handle = register_dissector("mbrtu", dissect_mbrtu, proto_mbrtu);
2177 mbudp_handle = register_dissector("mbudp", dissect_mbudp, proto_mbudp);
2178
2179 /* Registering subdissectors table */
2180 modbus_data_dissector_table = register_dissector_table("modbus.data", "Modbus Data", proto_modbus, FT_STRING, STRING_CASE_SENSITIVE);
2181 modbus_dissector_table = register_dissector_table("mbtcp.prot_id", "Modbus/TCP protocol identifier", proto_mbtcp, FT_UINT16, BASE_DEC);
2182
2183 /* Required function calls to register the header fields and subtrees used */
2184 proto_register_field_array(proto_mbtcp, mbtcp_hf, array_length(mbtcp_hf));
2185 proto_register_field_array(proto_mbrtu, mbrtu_hf, array_length(mbrtu_hf));
2186 proto_register_field_array(proto_modbus, hf, array_length(hf));
2187 proto_register_subtree_array(ett, array_length(ett));
2188 expert_mbtcp = expert_register_protocol(proto_mbtcp);
2189 expert_register_field_array(expert_mbtcp, mbtcp_ei, array_length(mbtcp_ei));
2190 expert_mbrtu = expert_register_protocol(proto_mbrtu);
2191 expert_register_field_array(expert_mbrtu, mbrtu_ei, array_length(mbrtu_ei));
2192 expert_modbus = expert_register_protocol(proto_modbus);
2193 expert_register_field_array(expert_modbus, ei, array_length(ei));
2194
2195
2196 /* Register required preferences for Modbus Protocol variants */
2197 mbtcp_module = prefs_register_protocol(proto_mbtcp, apply_mbtcp_prefs);
2198 mbrtu_module = prefs_register_protocol(proto_mbrtu, apply_mbrtu_prefs);
2199 modbus_module = prefs_register_protocol(proto_modbus, NULL);
2200
2201 /* Modbus RTU Preference - Desegment, defaults to true for TCP desegmentation */
2202 prefs_register_bool_preference(mbtcp_module, "desegment",
2203 "Desegment all Modbus RTU packets spanning multiple TCP segments",
2204 "Whether the Modbus RTU dissector should desegment all messages spanning multiple TCP segments",
2205 &mbtcp_desegment);
2206
2207 /* Modbus RTU Preference - Desegment, defaults to true for TCP desegmentation */
2208 prefs_register_bool_preference(mbrtu_module, "desegment",
2209 "Desegment all Modbus RTU packets spanning multiple TCP segments",
2210 "Whether the Modbus RTU dissector should desegment all messages spanning multiple TCP segments",
2211 &mbrtu_desegment);
2212
2213 /* Modbus RTU Preference - CRC verification, defaults to false (no verification)*/
2214 prefs_register_bool_preference(mbrtu_module, "crc_verification",
2215 "Validate CRC",
2216 "Whether to validate the CRC",
2217 &mbrtu_crc);
2218
2219 /* Modbus Preference - Holding/Input Register format, this allows for deeper dissection of response data */
2220 prefs_register_enum_preference(modbus_module, "mbus_register_format",
2221 "Holding/Input Register Format",
2222 "Register Format",
2223 &global_mbus_register_format,
2224 mbus_register_format,
2225 false);
2226
2227 /* Obsolete Preferences */
2228 prefs_register_obsolete_preference(mbtcp_module, "mbus_register_addr_type");
2229 prefs_register_obsolete_preference(mbtcp_module, "mbus_register_format");
2230 prefs_register_obsolete_preference(mbrtu_module, "mbus_register_addr_type");
2231 prefs_register_obsolete_preference(mbrtu_module, "mbus_register_format");
2232
2233 }
2234
2235
2236 /* If this dissector uses sub-dissector registration add a registration routine.
2237 This format is required because a script is used to find these routines and
2238 create the code that calls these routines.
2239 */
2240 void
2241 proto_reg_handoff_mbtcp(void)
2242 {
2243 dissector_add_uint_with_preference("tcp.port", PORT_MBTCP, mbtcp_handle);
2244 dissector_add_uint_with_preference("udp.port", PORT_MBTCP, mbudp_handle);
2245 dissector_add_uint_with_preference("tls.port", PORT_MBTLS, mbtls_handle);
2246 apply_mbtcp_prefs();
2247
2248 dissector_add_uint("mbtcp.prot_id", MODBUS_PROTOCOL_ID, modbus_handle);
2249
2250 ssl_dissector_add(PORT_MBTLS, mbtls_handle);
2251 }
2252
2253 void
2254 proto_reg_handoff_mbrtu(void)
2255 {
2256 dissector_handle_t mbrtu_udp_handle = create_dissector_handle(dissect_mbrtu_udp, proto_mbrtu);
2257
2258 /* Make sure to use Modbus RTU Preferences field to determine default TCP port */
2259 dissector_add_for_decode_as_with_preference("udp.port", mbrtu_udp_handle);
2260 dissector_add_for_decode_as_with_preference("tcp.port", mbrtu_handle);
2261 apply_mbrtu_prefs();
2262
2263 dissector_add_uint("mbtcp.prot_id", MODBUS_PROTOCOL_ID, modbus_handle);
2264 dissector_add_for_decode_as("rtacser.data", mbrtu_handle);
2265 dissector_add_for_decode_as("usb.device", mbrtu_handle);
2266 dissector_add_for_decode_as("usb.product", mbrtu_handle);
2267 dissector_add_for_decode_as("usb.protocol", mbrtu_handle);
2268
2269 }
2270
2271 /*
2272 * Editor modelines
2273 *
2274 * Local Variables:
2275 * c-basic-offset: 4
2276 * tab-width: 8
2277 * indent-tabs-mode: nil
2278 * End:
2279 *
2280 * ex: set shiftwidth=4 tabstop=8 expandtab:
2281 * :indentSize=4:tabSize=8:noTabs=true:
2282 */
Metzes wireshark repo