search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-mbtcp.c
blob12aded6defa072a714c7d7e80adb9b000c9c1ea3
1 /* packet-mbtcp.c
2 * Routines for Modbus/TCP and Modbus/UDP dissection
3 * By Riaan Swart <rswart@cs.sun.ac.za>
4 * Copyright 2001, Institute for Applied Computer Science
5 * University of Stellenbosch
6 *
7 * See http://www.modbus.org/ for information on Modbus/TCP.
8 *
9 * Updated to v1.1b of the Modbus Application Protocol specification
10 * Michael Mann * Copyright 2011
11 *
12 *****************************************************************************************************
13 * A brief explanation of the distinction between Modbus/TCP and Modbus RTU over TCP:
14 *
15 * Consider a Modbus poll message: Unit 01, Scan Holding Register Address 0 for 30 Registers
16 *
17 * The Modbus/TCP message structure will follow the pattern below:
18 * 00 00 00 00 00 06 01 03 00 00 00 1E
19 * AA AA BB BB CC CC DD EE FF FF GG GG
20 *
21 * A = 16-bit Transaction Identifier (typically increments, or is locked at zero)
22 * B = 16-bit Protocol Identifier (typically zero)
23 * C = 16-bit Length of data payload following (and inclusive of) the length byte
24 * D = 8-bit Unit / Slave ID
25 * E = 8-bit Modbus Function Code
26 * F = 16-bit Reference Number / Register Base Address
27 * G = 16-bit Word Count / Number of Registers to scan
28 *
29 * A identical Modbus RTU (or Modbus RTU over TCP) message will overlay partially with the msg above
30 * and contain 16-bit CRC at the end:
31 * 00 00 00 00 00 06 01 03 00 00 00 1E -- -- (Modbus/TCP message, repeated from above)
32 * -- -- -- -- -- -- 01 03 00 00 00 1E C5 C2 (Modbus RTU over TCP message, includes 16-bit CRC footer)
33 * AA AA BB BB CC CC DD EE FF FF GG GG HH HH
34 *
35 * A = Not present in Modbus RTU message
36 * B = Not present in Modbus RTU message
37 * C = Not present in Modbus RTU message
38 * D = 8-bit Unit / Slave ID
39 * E = 8-bit Modbus Function Code
40 * F = 16-bit Reference Number / Register Base Address
41 * G = 16-bit Word Count / Number of Registers to scan
42 * H = 16-bit CRC
43 *
44 *****************************************************************************************************
45 * Wireshark - Network traffic analyzer
46 * By Gerald Combs <gerald@wireshark.org>
47 * Copyright 1998 Gerald Combs
48 *
49 * SPDX-License-Identifier: GPL-2.0-or-later
50 */
51
52 #include "config.h"
53
54 #include <epan/packet.h>
55 #include "packet-tcp.h"
56 #include "packet-mbtcp.h"
57 #include <epan/prefs.h>
58 #include <epan/expert.h>
59 #include <epan/crc16-tvb.h> /* For CRC verification */
60 #include <epan/proto_data.h>
61 #include <epan/tfs.h>
62 #include <wsutil/array.h>
63 #include "packet-tls.h"
64
65 void proto_register_modbus(void);
66 void proto_reg_handoff_mbtcp(void);
67 void proto_reg_handoff_mbrtu(void);
68
69 /* Initialize the protocol and registered fields */
70 static int proto_mbtcp;
71 static int proto_mbudp;
72 static int proto_mbrtu;
73 static int proto_modbus;
74 static int hf_mbtcp_transid;
75 static int hf_mbtcp_protid;
76 static int hf_mbtcp_len;
77 static int hf_mbtcp_unitid;
78 static int hf_modbus_request_frame;
79 static int hf_modbus_response_time;
80 static int hf_modbus_functioncode;
81 static int hf_modbus_reference;
82 static int hf_modbus_padding;
83 static int hf_modbus_lreference;
84 static int hf_modbus_reftype;
85 static int hf_modbus_readref;
86 static int hf_modbus_writeref;
87 static int hf_modbus_wordcnt;
88 static int hf_modbus_readwordcnt;
89 static int hf_modbus_writewordcnt;
90 static int hf_modbus_bytecnt;
91 static int hf_modbus_lbytecnt;
92 static int hf_modbus_bitcnt;
93 static int hf_modbus_exceptioncode;
94 static int hf_modbus_diag_sf;
95 static int hf_modbus_diag_return_query_data_request;
96 static int hf_modbus_diag_return_query_data_echo;
97 static int hf_modbus_diag_restart_communication_option;
98 static int hf_modbus_diag_return_diag_register;
99 static int hf_modbus_diag_ascii_input_delimiter;
100 static int hf_modbus_diag_clear_ctr_diag_reg;
101 static int hf_modbus_diag_return_bus_message_count;
102 static int hf_modbus_diag_return_bus_comm_error_count;
103 static int hf_modbus_diag_return_bus_exception_error_count;
104 static int hf_modbus_diag_return_slave_message_count;
105 static int hf_modbus_diag_return_no_slave_response_count;
106 static int hf_modbus_diag_return_slave_nak_count;
107 static int hf_modbus_diag_return_slave_busy_count;
108 static int hf_modbus_diag_return_bus_char_overrun_count;
109 static int hf_modbus_status;
110 static int hf_modbus_event;
111 static int hf_modbus_event_count;
112 static int hf_modbus_message_count;
113 static int hf_modbus_event_recv_comm_err;
114 static int hf_modbus_event_recv_char_over;
115 static int hf_modbus_event_recv_lo_mode;
116 static int hf_modbus_event_recv_broadcast;
117 static int hf_modbus_event_send_read_ex;
118 static int hf_modbus_event_send_slave_abort_ex;
119 static int hf_modbus_event_send_slave_busy_ex;
120 static int hf_modbus_event_send_slave_nak_ex;
121 static int hf_modbus_event_send_write_timeout;
122 static int hf_modbus_event_send_lo_mode;
123 static int hf_modbus_andmask;
124 static int hf_modbus_ormask;
125 static int hf_modbus_data;
126 static int hf_modbus_mei;
127 static int hf_modbus_read_device_id;
128 static int hf_modbus_object_id;
129 static int hf_modbus_num_objects;
130 static int hf_modbus_list_object_len;
131 static int hf_modbus_conformity_level;
132 static int hf_modbus_more_follows;
133 static int hf_modbus_next_object_id;
134 static int hf_modbus_object_str_value;
135 static int hf_modbus_object_value;
136 static int hf_modbus_bitnum;
137 static int hf_modbus_bitval;
138 static int hf_modbus_regnum16;
139 static int hf_modbus_regnum32;
140 static int hf_modbus_regval_uint16;
141 static int hf_modbus_regval_int16;
142 static int hf_modbus_regval_uint32;
143 static int hf_modbus_regval_int32;
144 static int hf_modbus_regval_ieee_float;
145 static int hf_modbus_regval_modicon_float;
146 static int hf_mbrtu_unitid;
147 static int hf_mbrtu_crc16;
148 static int hf_mbrtu_crc16_status;
149
150 /* Initialize the subtree pointers */
151 static int ett_mbtcp;
152 static int ett_mbrtu;
153 static int ett_modbus_hdr;
154 static int ett_group_hdr;
155 static int ett_events;
156 static int ett_events_recv;
157 static int ett_events_send;
158 static int ett_device_id_objects;
159 static int ett_device_id_object_items;
160 static int ett_bit;
161 static int ett_register;
162
163 static expert_field ei_mbrtu_crc16_incorrect;
164 static expert_field ei_modbus_data_decode;
165 static expert_field ei_mbtcp_cannot_classify;
166
167 static dissector_handle_t modbus_handle;
168 static dissector_handle_t mbtcp_handle;
169 static dissector_handle_t mbtls_handle;
170 static dissector_handle_t mbudp_handle;
171 static dissector_handle_t mbrtu_handle;
172
173 static dissector_table_t modbus_func_code_dissector_table;
174 static dissector_table_t modbus_data_dissector_table;
175 static dissector_table_t modbus_dissector_table;
176
177
178 /* Globals for Modbus/TCP Preferences */
179 static bool mbtcp_desegment = true;
180 static range_t *global_mbus_tcp_ports; /* Port 502, by default */
181 static range_t *global_mbus_udp_ports; /* Port 502, by default */
182 static range_t *global_mbus_tls_ports; /* Port 802, by default */
183
184 /* Globals for Modbus RTU over TCP Preferences */
185 static bool mbrtu_desegment = true;
186 static range_t *global_mbus_tcp_rtu_ports = PORT_MBRTU; /* 0, by default */
187 static range_t *global_mbus_udp_rtu_ports = PORT_MBRTU; /* 0, by default */
188 static bool mbrtu_crc;
189
190 /* Globals for Modbus Preferences */
191 static int global_mbus_register_format = MODBUS_PREF_REGISTER_FORMAT_UINT16;
192
193 typedef struct {
194 uint8_t function_code;
195 int register_format;
196 uint16_t reg_base;
197 uint16_t num_reg;
198 uint32_t req_frame_num;
199 nstime_t req_time;
200 bool request_found;
201 } modbus_pkt_info_t;
202
203 static int
204 classify_mbtcp_packet(packet_info *pinfo, range_t *ports)
205 {
206 /* see if nature of packets can be derived from src/dst ports */
207 /* if so, return as found */
208 /* */
209 /* XXX Update Oct 2012 - It can be difficult to determine if a packet is a query or response; some way to track */
210 /* the Modbus/TCP transaction ID for each pair of messages would allow for detection based on a new seq. number. */
211 /* Otherwise, we can stick with this method; a configurable port option has been added to allow for usage of */
212 /* user ports either than the default of 502. */
213 if ( (value_is_in_range(ports, pinfo->srcport)) && (!value_is_in_range(ports, pinfo->destport)) )
214 return RESPONSE_PACKET;
215 if ( (!value_is_in_range(ports, pinfo->srcport)) && (value_is_in_range(ports, pinfo->destport)) )
216 return QUERY_PACKET;
217
218 /* else, cannot classify */
219 return CANNOT_CLASSIFY;
220 }
221
222 static int
223 classify_mbrtu_packet(packet_info *pinfo, tvbuff_t *tvb, range_t *ports)
224 {
225 uint8_t func, len;
226
227 func = tvb_get_uint8(tvb, 1);
228 len = tvb_reported_length(tvb);
229
230 /* see if nature of packets can be derived from src/dst ports */
231 /* if so, return as found */
232 if ( (value_is_in_range(ports, pinfo->srcport)) && (!value_is_in_range(ports, pinfo->destport)) )
233 return RESPONSE_PACKET;
234 if ( (!value_is_in_range(ports, pinfo->srcport)) && (value_is_in_range(ports, pinfo->destport)) )
235 return QUERY_PACKET;
236
237 /* We may not have an Ethernet header or unique ports. */
238 /* Dig into these a little deeper to try to guess the message type */
239
240 /* The 'exception' bit is set, so this is a response */
241 if (func & 0x80) {
242 return RESPONSE_PACKET;
243 }
244 switch (func) {
245 case READ_COILS:
246 case READ_DISCRETE_INPUTS:
247 /* Only possible to get a response message of 8 bytes with Discrete or Coils */
248 if (len == 8) {
249 /* If this is, in fact, a response then the data byte count will be 3 */
250 /* This will correctly identify all messages except for those that are discrete or coil polls */
251 /* where the base address range happens to have 0x03 in the upper 16-bit address register */
252 if (tvb_get_uint8(tvb, 2) == 3) {
253 return RESPONSE_PACKET;
254 }
255 else {
256 return QUERY_PACKET;
257 }
258 }
259 else {
260 return RESPONSE_PACKET;
261 }
262 break;
263
264 case READ_HOLDING_REGS:
265 case READ_INPUT_REGS:
266 if (len == 8) {
267 return QUERY_PACKET;
268 }
269 else {
270 return RESPONSE_PACKET;
271 }
272 break;
273
274 case WRITE_SINGLE_COIL:
275 case WRITE_SINGLE_REG:
276 /* Normal response is echo of the request */
277 return CANNOT_CLASSIFY;
278
279 case WRITE_MULT_REGS:
280 case WRITE_MULT_COILS:
281 if (len == 8) {
282 return RESPONSE_PACKET;
283 }
284 else {
285 return QUERY_PACKET;
286 }
287 break;
288 }
289
290
291 /* else, cannot classify */
292 return CANNOT_CLASSIFY;
293 }
294
295 /* Translate function to string, as given on p6 of
296 * "Open Modbus/TCP Specification", release 1 by Andy Swales.
297 */
298 static const value_string function_code_vals[] = {
299 { READ_COILS, "Read Coils" },
300 { READ_DISCRETE_INPUTS, "Read Discrete Inputs" },
301 { READ_HOLDING_REGS, "Read Holding Registers" },
302 { READ_INPUT_REGS, "Read Input Registers" },
303 { WRITE_SINGLE_COIL, "Write Single Coil" },
304 { WRITE_SINGLE_REG, "Write Single Register" },
305 { READ_EXCEPT_STAT, "Read Exception Status" },
306 { DIAGNOSTICS, "Diagnostics" },
307 { GET_COMM_EVENT_CTRS, "Get Comm. Event Counters" },
308 { GET_COMM_EVENT_LOG, "Get Comm. Event Log" },
309 { WRITE_MULT_COILS, "Write Multiple Coils" },
310 { WRITE_MULT_REGS, "Write Multiple Registers" },
311 { REPORT_SLAVE_ID, "Report Slave ID" },
312 { READ_FILE_RECORD, "Read File Record" },
313 { WRITE_FILE_RECORD, "Write File Record" },
314 { MASK_WRITE_REG, "Mask Write Register" },
315 { READ_WRITE_REG, "Read Write Register" },
316 { READ_FIFO_QUEUE, "Read FIFO Queue" },
317 { ENCAP_INTERFACE_TRANSP, "Encapsulated Interface Transport" },
318 { UNITY_SCHNEIDER, "Unity (Schneider)" },
319 { 0, NULL }
320 };
321
322 /* Translate exception code to string */
323 static const value_string exception_code_vals[] = {
324 { ILLEGAL_FUNCTION, "Illegal function" },
325 { ILLEGAL_ADDRESS, "Illegal data address" },
326 { ILLEGAL_VALUE, "Illegal data value" },
327 { SLAVE_FAILURE, "Slave device failure" },
328 { ACKNOWLEDGE, "Acknowledge" },
329 { SLAVE_BUSY, "Slave device busy" },
330 { MEMORY_ERR, "Memory parity error" },
331 { GATEWAY_UNAVAILABLE, "Gateway path unavailable" },
332 { GATEWAY_TRGT_FAIL, "Gateway target device failed to respond" },
333 { 0, NULL }
334 };
335
336 /* Translate Modbus Encapsulation Interface (MEI) code to string */
337 static const value_string encap_interface_code_vals[] = {
338 { CANOPEN_REQ_RESP, "CANopen Request/Response " },
339 { READ_DEVICE_ID, "Read Device Identification" },
340 { 0, NULL }
341 };
342
343 /* Translate Modbus Diagnostic subfunction code to string */
344 static const value_string diagnostic_code_vals[] = {
345 { RETURN_QUERY_DATA, "Return Query Data" },
346 { RESTART_COMMUNICATION_OPTION, "Restart Communications Option" },
347 { RETURN_DIAGNOSTIC_REGISTER, "Return Diagnostic Register" },
348 { CHANGE_ASCII_INPUT_DELIMITER, "Change ASCII Input Delimiter" },
349 { FORCE_LISTEN_ONLY_MODE, "Force Listen Only Mode" },
350 { CLEAR_COUNTERS_AND_DIAG_REG, "Clear Counters and Diagnostic Register" },
351 { RETURN_BUS_MESSAGE_COUNT, "Return Bus Message Count" },
352 { RETURN_BUS_COMM_ERROR_COUNT, "Return Bus Communication Error Count" },
353 { RETURN_BUS_EXCEPTION_ERROR_COUNT, "Return Bus Exception Error Count" },
354 { RETURN_SLAVE_MESSAGE_COUNT, "Return Slave Message Count" },
355 { RETURN_SLAVE_NO_RESPONSE_COUNT, "Return Slave No Response Count" },
356 { RETURN_SLAVE_NAK_COUNT, "Return Slave NAK Count" },
357 { RETURN_SLAVE_BUSY_COUNT, "Return Slave Busy Count" },
358 { RETURN_BUS_CHAR_OVERRUN_COUNT, "Return Bus Character Overrun Count" },
359 { CLEAR_OVERRUN_COUNTER_AND_FLAG, "Clear Overrun Counter and Flag" },
360 { 0, NULL }
361 };
362
363 static const value_string diagnostic_restart_communication_option_vals[] = {
364 { 0, "Leave Log" },
365 { 0xFF, "Clear Log" },
366 { 0, NULL }
367 };
368
369 /* Translate read device code to string */
370 static const value_string read_device_id_vals[] = {
371 { 1, "Basic Device Identification" },
372 { 2, "Regular Device Identification" },
373 { 3, "Extended Device Identification" },
374 { 4, "Specific Identification Object" },
375
376 { 0, NULL }
377 };
378
379 /* Translate read device code to string */
380 static const value_string object_id_vals[] = {
381 { 0, "VendorName" },
382 { 1, "ProductCode" },
383 { 2, "MajorMinorRevision" },
384 { 3, "VendorURL" },
385 { 4, "ProductName" },
386 { 5, "ModelName" },
387 { 6, "UserApplicationName" },
388
389 { 0, NULL }
390 };
391
392 static const value_string conformity_level_vals[] = {
393 { 0x01, "Basic Device Identification (stream)" },
394 { 0x02, "Regular Device Identification (stream)" },
395 { 0x03, "Extended Device Identification (stream)" },
396 { 0x81, "Basic Device Identification (stream and individual)" },
397 { 0x82, "Regular Device Identification (stream and individual)" },
398 { 0x83, "Extended Device Identification (stream and individual)" },
399
400 { 0, NULL }
401 };
402
403 static const enum_val_t mbus_register_format[] = {
404 { "UINT16", "UINT16 ", MODBUS_PREF_REGISTER_FORMAT_UINT16 },
405 { "INT16", "INT16 ", MODBUS_PREF_REGISTER_FORMAT_INT16 },
406 { "UINT32", "UINT32 ", MODBUS_PREF_REGISTER_FORMAT_UINT32 },
407 { "INT32", "INT32 ", MODBUS_PREF_REGISTER_FORMAT_INT32 },
408 { "IEEE_FLT", "IEEE FLT ", MODBUS_PREF_REGISTER_FORMAT_IEEE_FLOAT },
409 { "MODICON_FLT", "MODICON FLT", MODBUS_PREF_REGISTER_FORMAT_MODICON_FLOAT },
410 { NULL, NULL, 0 }
411 };
412
413 /* Code to dissect Modbus/TCP packets */
414 static int
415 dissect_mbtcp_pdu_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int proto, range_t *ports)
416 {
417 /* Set up structures needed to add the protocol subtree and manage it */
418 proto_item *mi;
419 proto_tree *mbtcp_tree;
420 int offset;
421 tvbuff_t *next_tvb;
422 const char *func_string;
423 const char *pkt_type_str = "";
424 const char *err_str = "";
425 uint16_t transaction_id, protocol_id, len;
426 uint8_t unit_id, function_code, exception_code, subfunction_code;
427 modbus_data_t modbus_data;
428
429 transaction_id = tvb_get_ntohs(tvb, 0);
430 protocol_id = tvb_get_ntohs(tvb, 2);
431 len = tvb_get_ntohs(tvb, 4);
432
433 unit_id = tvb_get_uint8(tvb, 6);
434 function_code = tvb_get_uint8(tvb, 7) & 0x7F;
435
436 offset = 0;
437
438 /* "Request" or "Response" */
439 modbus_data.packet_type = classify_mbtcp_packet(pinfo, ports);
440 /* Save the transaction and unit id to find the request to a response */
441 modbus_data.mbtcp_transid = transaction_id;
442 modbus_data.unit_id = unit_id;
443
444 switch ( modbus_data.packet_type ) {
445 case QUERY_PACKET :
446 pkt_type_str="Query";
447 break;
448 case RESPONSE_PACKET :
449 pkt_type_str="Response";
450 break;
451 case CANNOT_CLASSIFY :
452 err_str="Unable to classify as query or response.";
453 pkt_type_str="unknown";
454 break;
455 default :
456 break;
457 }
458
459 /* Find exception - last bit set in function code */
460 if (tvb_get_uint8(tvb, 7) & 0x80) {
461 exception_code = tvb_get_uint8(tvb, offset + 8);
462 }
463 else {
464 exception_code = 0;
465 }
466
467 if ((function_code == ENCAP_INTERFACE_TRANSP) && (exception_code == 0)) {
468 func_string = val_to_str_const(tvb_get_uint8(tvb, offset + 8), encap_interface_code_vals, "Encapsulated Interface Transport");
469 subfunction_code = 1;
470 }
471 else if ((function_code == DIAGNOSTICS) && (exception_code == 0)) {
472 func_string = val_to_str_const(tvb_get_ntohs(tvb, offset + 8), diagnostic_code_vals, "Diagnostics");
473 subfunction_code = 1;
474 }
475 else {
476 func_string = val_to_str(function_code, function_code_vals, "Unknown function (%d)");
477 subfunction_code = 0;
478 }
479
480 if ( exception_code != 0 )
481 err_str="Exception returned ";
482
483 /* Make entries in Info column on summary display */
484 if (subfunction_code == 0) {
485 if (strlen(err_str) > 0) {
486 col_add_fstr(pinfo->cinfo, COL_INFO,
487 "%8s: Trans: %5u; Unit: %3u, Func: %3u: %s. %s",
488 pkt_type_str, transaction_id, unit_id,
489 function_code, func_string, err_str);
490 }
491 else {
492 col_add_fstr(pinfo->cinfo, COL_INFO,
493 "%8s: Trans: %5u; Unit: %3u, Func: %3u: %s",
494 pkt_type_str, transaction_id, unit_id,
495 function_code, func_string);
496 }
497 }
498 else {
499 if (strlen(err_str) > 0) {
500 col_add_fstr(pinfo->cinfo, COL_INFO,
501 "%8s: Trans: %5u; Unit: %3u, Func: %3u/%3u: %s. %s",
502 pkt_type_str, transaction_id, unit_id,
503 function_code, subfunction_code, func_string, err_str);
504 }
505 else {
506 col_add_fstr(pinfo->cinfo, COL_INFO,
507 "%8s: Trans: %5u; Unit: %3u, Func: %3u/%3u: %s",
508 pkt_type_str, transaction_id, unit_id,
509 function_code, subfunction_code, func_string);
510 }
511 }
512
513 /* Create protocol tree */
514 mi = proto_tree_add_item(tree, proto, tvb, offset, len+6, ENC_NA);
515 mbtcp_tree = proto_item_add_subtree(mi, ett_mbtcp);
516
517 if (modbus_data.packet_type == CANNOT_CLASSIFY)
518 expert_add_info(pinfo, mi, &ei_mbtcp_cannot_classify);
519
520 /* Add items to protocol tree specific to Modbus/TCP */
521 proto_tree_add_uint(mbtcp_tree, hf_mbtcp_transid, tvb, offset, 2, transaction_id);
522 proto_tree_add_uint(mbtcp_tree, hf_mbtcp_protid, tvb, offset + 2, 2, protocol_id);
523 proto_tree_add_uint(mbtcp_tree, hf_mbtcp_len, tvb, offset + 4, 2, len);
524 proto_tree_add_uint(mbtcp_tree, hf_mbtcp_unitid, tvb, offset + 6, 1, unit_id);
525
526 /* dissect the Modbus PDU */
527 next_tvb = tvb_new_subset_length( tvb, offset+7, len-1);
528
529 /* Continue with dissection of Modbus data payload following Modbus/TCP frame */
530 if( tvb_reported_length_remaining(tvb, offset) > 0 )
531 call_dissector_with_data(modbus_handle, next_tvb, pinfo, tree, &modbus_data);
532
533 return tvb_captured_length(tvb);
534 }
535
536 static int
537 dissect_mbtcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
538 {
539 /* Make entries in Protocol column on summary display */
540 col_set_str(pinfo->cinfo, COL_PROTOCOL, "Modbus/TCP");
541 col_clear(pinfo->cinfo, COL_INFO);
542
543 return dissect_mbtcp_pdu_common(tvb, pinfo, tree, proto_mbtcp, global_mbus_tcp_ports);
544 }
545
546 static int
547 dissect_mbtls_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
548 {
549 /* Make entries in Protocol column on summary display */
550 col_set_str(pinfo->cinfo, COL_PROTOCOL, "Modbus/TCP Security");
551 col_clear(pinfo->cinfo, COL_INFO);
552
553 return dissect_mbtcp_pdu_common(tvb, pinfo, tree, proto_mbtcp, global_mbus_tls_ports);
554 }
555
556 /* Code to dissect Modbus RTU */
557 static int
558 dissect_mbrtu_pdu_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, range_t *ports)
559 {
560 /* Set up structures needed to add the protocol subtree and manage it */
561 proto_item *mi;
562 proto_tree *mbrtu_tree;
563 int offset;
564 tvbuff_t *next_tvb;
565 const char *func_string;
566 const char *pkt_type_str = "";
567 const char *err_str = "";
568 uint16_t len, calc_crc16;
569 uint8_t unit_id, function_code, exception_code, subfunction_code;
570 modbus_data_t modbus_data;
571
572 /* Make entries in Protocol column on summary display */
573 col_set_str(pinfo->cinfo, COL_PROTOCOL, "Modbus RTU");
574 col_clear(pinfo->cinfo, COL_INFO);
575
576 len = tvb_reported_length(tvb);
577
578 unit_id = tvb_get_uint8(tvb, 0);
579 function_code = tvb_get_uint8(tvb, 1) & 0x7F;
580
581 offset = 0;
582
583 /* "Request" or "Response" */
584 modbus_data.packet_type = classify_mbrtu_packet(pinfo, tvb, ports);
585 /* Transaction ID is available only in Modbus TCP */
586 modbus_data.mbtcp_transid = 0;
587 modbus_data.unit_id = unit_id;
588
589 switch ( modbus_data.packet_type ) {
590 case QUERY_PACKET :
591 pkt_type_str="Query";
592 break;
593 case RESPONSE_PACKET :
594 pkt_type_str="Response";
595 break;
596 case CANNOT_CLASSIFY :
597 err_str="Unable to classify as query or response.";
598 pkt_type_str="unknown";
599 break;
600 default :
601 break;
602 }
603
604 /* Find exception - last bit set in function code */
605 if (tvb_get_uint8(tvb, 1) & 0x80) {
606 exception_code = tvb_get_uint8(tvb, offset + 2);
607 }
608 else {
609 exception_code = 0;
610 }
611
612 if ((function_code == ENCAP_INTERFACE_TRANSP) && (exception_code == 0)) {
613 func_string = val_to_str_const(tvb_get_uint8(tvb, offset + 2), encap_interface_code_vals, "Encapsulated Interface Transport");
614 subfunction_code = 1;
615 }
616 else if ((function_code == DIAGNOSTICS) && (exception_code == 0)) {
617 func_string = val_to_str_const(tvb_get_ntohs(tvb, offset + 2), diagnostic_code_vals, "Diagnostics");
618 subfunction_code = 1;
619 }
620 else {
621 func_string = val_to_str(function_code, function_code_vals, "Unknown function (%d)");
622 subfunction_code = 0;
623 }
624
625 if ( exception_code != 0 )
626 err_str="Exception returned ";
627
628 /* Make entries in Info column on summary display */
629 if (subfunction_code == 0) {
630 if (strlen(err_str) > 0) {
631 col_add_fstr(pinfo->cinfo, COL_INFO,
632 "%8s: Unit: %3u, Func: %3u: %s. %s",
633 pkt_type_str, unit_id,
634 function_code, func_string, err_str);
635 }
636 else {
637 col_add_fstr(pinfo->cinfo, COL_INFO,
638 "%8s: Unit: %3u, Func: %3u: %s",
639 pkt_type_str, unit_id,
640 function_code, func_string);
641 }
642 }
643 else {
644 if (strlen(err_str) > 0) {
645 col_add_fstr(pinfo->cinfo, COL_INFO,
646 "%8s: Unit: %3u, Func: %3u/%3u: %s. %s",
647 pkt_type_str, unit_id,
648 function_code, subfunction_code, func_string, err_str);
649 }
650 else {
651 col_add_fstr(pinfo->cinfo, COL_INFO,
652 "%8s: Unit: %3u, Func: %3u/%3u: %s",
653 pkt_type_str, unit_id,
654 function_code, subfunction_code, func_string);
655 }
656 }
657
658 /* Create protocol tree */
659 mi = proto_tree_add_protocol_format(tree, proto_mbrtu, tvb, offset,
660 len, "Modbus RTU");
661 mbrtu_tree = proto_item_add_subtree(mi, ett_mbrtu);
662
663 /* Add items to protocol tree specific to Modbus RTU */
664 proto_tree_add_uint(mbrtu_tree, hf_mbrtu_unitid, tvb, offset, 1, unit_id);
665
666 /* CRC validation */
667 if (mbrtu_crc)
668 {
669 calc_crc16 = crc16_plain_tvb_offset_seed(tvb, offset, len-2, 0xFFFF);
670 proto_tree_add_checksum(mbrtu_tree, tvb, len-2, hf_mbrtu_crc16, hf_mbrtu_crc16_status, &ei_mbrtu_crc16_incorrect, pinfo, g_htons(calc_crc16), ENC_BIG_ENDIAN, PROTO_CHECKSUM_VERIFY);
671 }
672 else
673 {
674 proto_tree_add_checksum(mbrtu_tree, tvb, len-2, hf_mbrtu_crc16, hf_mbrtu_crc16_status, &ei_mbrtu_crc16_incorrect, pinfo, 0, ENC_BIG_ENDIAN, PROTO_CHECKSUM_NO_FLAGS);
675 }
676
677 /* when determining payload length, make sure to ignore the unit ID header & CRC-16 footer bytes */
678 len = len - 3;
679
680 /* dissect the Modbus PDU */
681 next_tvb = tvb_new_subset_length( tvb, offset+1, len);
682
683 /* Continue with dissection of Modbus data payload following Modbus RTU frame */
684 if( tvb_reported_length_remaining(tvb, offset) > 0 )
685 call_dissector_with_data(modbus_handle, next_tvb, pinfo, tree, &modbus_data);
686
687 return tvb_captured_length(tvb);
688 }
689
690 /* Code to dissect Modbus RTU over TCP packets */
691 static int
692 dissect_mbrtu_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
693 {
694 return dissect_mbrtu_pdu_common(tvb, pinfo, tree, global_mbus_tcp_rtu_ports);
695 }
696
697 /* Return length of Modbus/TCP message */
698 static unsigned
699 get_mbtcp_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, void *data _U_)
700 {
701 uint16_t plen;
702
703 /*
704 * Get the length of the data from the encapsulation header.
705 */
706 plen = tvb_get_ntohs(tvb, offset + 4);
707
708 /*
709 * That length doesn't include the encapsulation header itself;
710 * add that in.
711 */
712 return plen + 6;
713 }
714
715 /* Return length of Modbus RTU over TCP message */
716 static unsigned
717 get_mbrtu_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb,
718 int offset _U_, void *data _U_)
719 {
720 int packet_type;
721 uint8_t function_code;
722
723 function_code = tvb_get_uint8(tvb, 1);
724
725 /* Modbus RTU requests do not contain a length field but they are typically a consistent size.
726 Responses do contain a usable 'length' byte at offset 2
727 XXX - Note that only some function codes are supported by this lookup function;
728 the rest can be added as pcap examples are made available */
729
730 /* Determine "Query" or "Response" */
731 packet_type = classify_mbrtu_packet(pinfo, tvb, global_mbus_tcp_rtu_ports);
732
733 switch ( packet_type ) {
734 case QUERY_PACKET :
735 switch (function_code) {
736 case READ_COILS: /* Query messages of these types are always 8 bytes */
737 case READ_DISCRETE_INPUTS:
738 case READ_HOLDING_REGS:
739 case READ_INPUT_REGS:
740 case WRITE_SINGLE_COIL:
741 case WRITE_SINGLE_REG:
742 return 8;
743 case WRITE_MULT_REGS:
744 case WRITE_MULT_COILS:
745 return tvb_get_uint8(tvb, 6) + 9; /* Reported size does not include 2 header, 4 FC15/16-specific, 1 size byte or 2 CRC16 bytes */
746 default :
747 return tvb_captured_length(tvb); /* Fall back on tvb length */
748 }
749 case RESPONSE_PACKET :
750 /* The 'exception' bit is set, so this is a 5-byte response */
751 if (function_code & 0x80) {
752 return 5;
753 }
754
755 switch (function_code) {
756 case READ_COILS:
757 case READ_DISCRETE_INPUTS:
758 case READ_HOLDING_REGS:
759 case READ_INPUT_REGS:
760 return tvb_get_uint8(tvb, 2) + 5; /* Reported size does not include 2 header, 1 size byte, 2 CRC16 bytes */
761 case WRITE_SINGLE_COIL: /* Response messages of FC5/6/15/16 are always 8 bytes */
762 case WRITE_SINGLE_REG:
763 case WRITE_MULT_REGS:
764 case WRITE_MULT_COILS:
765 return 8;
766 default :
767 return tvb_captured_length(tvb); /* Fall back on tvb length */
768 }
769 case CANNOT_CLASSIFY :
770 default :
771 return tvb_captured_length(tvb); /* Fall back on tvb length */
772 }
773
774 }
775
776
777 /* Code to dissect Modbus/TCP messages */
778 static int
779 dissect_mbtcp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data, dissector_t dissect_pdu)
780 {
781
782 /* Make sure there's at least enough data to determine it's a Modbus TCP packet */
783 if (!tvb_bytes_exist(tvb, 0, 8))
784 return 0;
785
786 /* check that it actually looks like Modbus/TCP */
787 /* protocol id == 0 */
788 if(tvb_get_ntohs(tvb, 2) != 0 ){
789 return 0;
790 }
791 /* length is at least 2 (unit_id + function_code) */
792 if(tvb_get_ntohs(tvb, 4) < 2 ){
793 return 0;
794 }
795
796 /* build up protocol tree and iterate over multiple packets */
797 tcp_dissect_pdus(tvb, pinfo, tree, mbtcp_desegment, 6,
798 get_mbtcp_pdu_len, dissect_pdu, data);
799
800 return tvb_captured_length(tvb);
801 }
802
803 static int
804 dissect_mbtcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
805 {
806 return dissect_mbtcp_common(tvb, pinfo, tree, data, dissect_mbtcp_pdu);
807 }
808
809 static int
810 dissect_mbtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
811 {
812 return dissect_mbtcp_common(tvb, pinfo, tree, data, dissect_mbtls_pdu);
813 }
814
815 static int
816 dissect_mbudp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
817 {
818
819 /* Make sure there's at least enough data to determine it's a Modbus UDP packet */
820 if (!tvb_bytes_exist(tvb, 0, 8))
821 return 0;
822
823 /* check that it actually looks like Modbus/TCP */
824 /* protocol id == 0 */
825 if(tvb_get_ntohs(tvb, 2) != 0 ){
826 return 0;
827 }
828 /* length is at least 2 (unit_id + function_code) */
829 if(tvb_get_ntohs(tvb, 4) < 2 ){
830 return 0;
831 }
832
833 /* Make entries in Protocol column on summary display */
834 col_set_str(pinfo->cinfo, COL_PROTOCOL, "Modbus/UDP");
835 col_clear(pinfo->cinfo, COL_INFO);
836
837 return dissect_mbtcp_pdu_common(tvb, pinfo, tree, proto_mbudp, global_mbus_udp_ports);
838 }
839
840 /* Code to dissect Modbus RTU over TCP messages */
841 static int
842 dissect_mbrtu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
843 {
844
845 /* Make sure there's at least enough data to determine it's a Modbus packet */
846 /* 5 bytes is the smallest possible valid message (exception response) */
847 if (!tvb_bytes_exist(tvb, 0, 5))
848 return 0;
849
850 /* For Modbus RTU mode, confirm that the first byte is a valid address (non-zero), */
851 /* so we can eliminate false-positives on Modbus TCP messages loaded as RTU */
852 if(tvb_get_uint8(tvb, 0) == 0 )
853 return 0;
854
855 /* build up protocol tree and iterate over multiple packets */
856 tcp_dissect_pdus(tvb, pinfo, tree, mbrtu_desegment, 5,
857 get_mbrtu_pdu_len, dissect_mbrtu_pdu, data);
858
859 return tvb_captured_length(tvb);
860 }
861
862 static int
863 dissect_mbrtu_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
864 {
865
866 /* Make sure there's at least enough data to determine it's a Modbus packet */
867 /* 5 bytes is the smallest possible valid message (exception response) */
868 if (tvb_reported_length(tvb) < 5)
869 return 0;
870
871 return dissect_mbrtu_pdu_common(tvb, pinfo, tree, global_mbus_udp_rtu_ports);
872 }
873
874
875 /* Code to allow further dissection of Modbus data payload */
876 /* Common to both Modbus/TCP and Modbus RTU dissectors */
877 static void
878 dissect_modbus_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, uint8_t function_code,
879 int payload_start, int payload_len, int register_format, uint16_t reg_base, uint16_t num_reg)
880 {
881 int reported_len, data_offset;
882 uint8_t data8, ii;
883 bool data_bool;
884 int16_t data16s;
885 int32_t data32s;
886 uint16_t data16, modflt_lo, modflt_hi, reg_num=reg_base;
887 uint32_t data32, modflt_comb;
888 float data_float, modfloat;
889 proto_tree *bit_tree = NULL;
890 proto_item *bitnum_ti = NULL;
891 proto_item *regnum_ti = NULL;
892 proto_item *register_item = NULL;
893 proto_tree *register_tree = NULL;
894 tvbuff_t *next_tvb;
895
896 reported_len = tvb_reported_length_remaining(tvb, payload_start);
897 data_offset = 0;
898
899 if ( payload_start < 0 || ( payload_len + payload_start ) == 0 )
900 return;
901
902 /* If calculated length from remaining tvb data != bytes in packet, do not attempt to decode */
903 if ( payload_len != reported_len ) {
904 proto_tree_add_item(tree, hf_modbus_data, tvb, payload_start, reported_len, ENC_NA);
905 return;
906 }
907
908 /* If data type of payload is Holding or Input registers */
909 /* AND */
910 /* if payload length is not a multiple of 4, don't attempt to decode anything in 32-bit format */
911 if ((function_code == READ_HOLDING_REGS) || (function_code == READ_INPUT_REGS) || (function_code == WRITE_MULT_REGS)) {
912 if ((payload_len % 4 != 0) && ( (register_format == MODBUS_PREF_REGISTER_FORMAT_UINT32) ||
913 (register_format == MODBUS_PREF_REGISTER_FORMAT_IEEE_FLOAT) ||
914 (register_format == MODBUS_PREF_REGISTER_FORMAT_MODICON_FLOAT) ) ) {
915 register_item = proto_tree_add_item(tree, hf_modbus_data, tvb, payload_start, payload_len, ENC_NA);
916 expert_add_info(pinfo, register_item, &ei_modbus_data_decode);
917 return;
918 }
919 }
920
921 /* Build a new tvb containing just the data payload */
922 next_tvb = tvb_new_subset_length_caplen(tvb, payload_start, payload_len, reported_len);
923
924 switch ( function_code ) {
925 case READ_COILS:
926 case READ_DISCRETE_INPUTS:
927 case WRITE_MULT_COILS:
928 /* The bit data is packed, 8 bits per byte of data, loop over each bit */
929 while (data_offset < payload_len) {
930 data8 = tvb_get_uint8(next_tvb, data_offset);
931 for (ii = 0; ii < 8; ii++) {
932 data_bool = (data8 & (1 << ii)) > 0;
933 bit_tree = proto_tree_add_subtree_format(tree, next_tvb, data_offset, 1,
934 ett_bit, NULL, "Bit %u : %u", reg_num, data_bool);
935 bitnum_ti = proto_tree_add_uint(bit_tree, hf_modbus_bitnum, next_tvb, 0, 0, reg_num);
936 proto_item_set_generated(bitnum_ti);
937 proto_tree_add_bits_item(bit_tree, hf_modbus_bitval, next_tvb, (data_offset << 3) + 7 - ii,
938 1, ENC_NA);
939 reg_num++;
940
941 /* If all the requested bits have been read, stop now */
942 if ((reg_num - reg_base) >= num_reg) {
943 break;
944 }
945 }
946 data_offset++;
947 }
948 break;
949
950 case READ_HOLDING_REGS:
951 case READ_INPUT_REGS:
952 case WRITE_SINGLE_REG:
953 case WRITE_MULT_REGS:
954 while (data_offset < payload_len) {
955 /* Use "Preferences" options to determine decoding format of register data, as no format is implied by the protocol itself. */
956 /* Based on a standard register size of 16-bits, use decoding format preference to step through each register and display */
957 /* it in an appropriate fashion. */
958 switch (register_format) {
959 case MODBUS_PREF_REGISTER_FORMAT_UINT16: /* Standard-size unsigned integer 16-bit register */
960 data16 = tvb_get_ntohs(next_tvb, data_offset);
961 register_tree = proto_tree_add_subtree_format( tree, next_tvb, data_offset, 2,
962 ett_register, NULL, "Register %u (UINT16): %u", reg_num, data16);
963
964 regnum_ti = proto_tree_add_uint(register_tree, hf_modbus_regnum16, next_tvb, 0, 0, reg_num);
965 proto_item_set_generated(regnum_ti);
966 proto_tree_add_uint(register_tree, hf_modbus_regval_uint16, next_tvb, data_offset, 2, data16);
967
968 data_offset += 2;
969 reg_num += 1;
970 break;
971 case MODBUS_PREF_REGISTER_FORMAT_INT16: /* Standard-size signed integer 16-bit register */
972 data16s = tvb_get_ntohs(next_tvb, data_offset);
973 register_tree = proto_tree_add_subtree_format( tree, next_tvb, data_offset, 2,
974 ett_register, NULL, "Register %u (INT16): %d", reg_num, data16s);
975
976 regnum_ti = proto_tree_add_uint(register_tree, hf_modbus_regnum16, next_tvb, 0, 0, reg_num);
977 proto_item_set_generated(regnum_ti);
978 proto_tree_add_int(register_tree, hf_modbus_regval_int16, next_tvb, data_offset, 2, data16s);
979
980 data_offset += 2;
981 reg_num += 1;
982 break;
983 case MODBUS_PREF_REGISTER_FORMAT_UINT32: /* Double-size 32-bit unsigned integer (2 sequential 16-bit registers) */
984 data32 = tvb_get_ntohl(next_tvb, data_offset);
985 register_tree = proto_tree_add_subtree_format( tree, next_tvb, data_offset, 4,
986 ett_register, NULL, "Register %u (UINT32): %u", reg_num, data32);
987
988 regnum_ti = proto_tree_add_uint(register_tree, hf_modbus_regnum32, next_tvb, 0, 0, reg_num);
989 proto_item_set_generated(regnum_ti);
990 proto_tree_add_uint(register_tree, hf_modbus_regval_uint32, next_tvb, data_offset, 4, data32);
991
992 data_offset += 4;
993 reg_num += 2;
994 break;
995 case MODBUS_PREF_REGISTER_FORMAT_INT32: /* Double-size 32-bit signed integer (2 sequential 16-bit registers) */
996 data32s = tvb_get_ntohl(next_tvb, data_offset);
997 register_tree = proto_tree_add_subtree_format( tree, next_tvb, data_offset, 4,
998 ett_register, NULL, "Register %u (INT32): %d", reg_num, data32s);
999
1000 regnum_ti = proto_tree_add_uint(register_tree, hf_modbus_regnum32, next_tvb, 0, 0, reg_num);
1001 proto_item_set_generated(regnum_ti);
1002 proto_tree_add_int(register_tree, hf_modbus_regval_int32, next_tvb, data_offset, 4, data32s);
1003
1004 data_offset += 4;
1005 reg_num += 2;
1006 break;
1007 case MODBUS_PREF_REGISTER_FORMAT_IEEE_FLOAT: /* 32-bit IEEE Floating Point, (2 sequential 16-bit registers) */
1008 data_float = tvb_get_ntohieee_float(next_tvb, data_offset);
1009
1010 register_tree = proto_tree_add_subtree_format( tree, next_tvb, data_offset, 4,
1011 ett_register, NULL, "Register %u (IEEE Float): %f", reg_num, data_float);
1012
1013 regnum_ti = proto_tree_add_uint(register_tree, hf_modbus_regnum32, next_tvb, 0, 0, reg_num);
1014 proto_item_set_generated(regnum_ti);
1015 proto_tree_add_float(register_tree, hf_modbus_regval_ieee_float, next_tvb, data_offset, 4, data_float);
1016
1017 data_offset += 4;
1018 reg_num += 2;
1019 break;
1020 case MODBUS_PREF_REGISTER_FORMAT_MODICON_FLOAT: /* Modicon Floating Point (word-swapped, 2 sequential 16-bit registers) */
1021 /* Modicon-style Floating Point values are stored in reverse-word order. */
1022 /* ie: a standard IEEE float value 59.991459 is equal to 0x426ff741 */
1023 /* while the Modicon equivalent to this value is 0xf741426f */
1024 /* To re-assemble a proper IEEE float, we must retrieve the 2 x 16-bit words, bit-shift the */
1025 /* "hi" component by 16-bits and then OR them together into a combined 32-bit int. */
1026 /* Following that operation, use some memcpy magic to copy the 4 raw data bytes from the */
1027 /* 32-bit integer into a standard float. Not sure if there is a cleaner way possible using */
1028 /* the Wireshark libraries, but this seems to work OK. */
1029
1030 modflt_lo = tvb_get_ntohs(next_tvb, data_offset);
1031 modflt_hi = tvb_get_ntohs(next_tvb, data_offset+2);
1032 modflt_comb = (uint32_t)(modflt_hi<<16) | modflt_lo;
1033 memcpy(&modfloat, &modflt_comb, 4);
1034
1035 register_tree = proto_tree_add_subtree_format( tree, next_tvb, data_offset, 4,
1036 ett_register, NULL, "Register %u (Modicon Float): %f", reg_num, modfloat);
1037
1038 regnum_ti = proto_tree_add_uint(register_tree, hf_modbus_regnum32, next_tvb, 0, 0, reg_num);
1039 proto_item_set_generated(regnum_ti);
1040 proto_tree_add_float(register_tree, hf_modbus_regval_modicon_float, next_tvb, data_offset, 4, modfloat);
1041
1042 data_offset += 4;
1043 reg_num += 2;
1044 break;
1045 default:
1046 /* Avoid any chance of an infinite loop */
1047 data_offset = payload_len;
1048 break;
1049 } /* register format switch */
1050
1051 } /* while loop */
1052
1053 break;
1054
1055 default:
1056 // Dissect the data with another dissector
1057 if (!dissector_try_string_with_data(modbus_data_dissector_table, "data", next_tvb, pinfo, tree, true, NULL) &&
1058 !dissector_try_uint_with_data(modbus_func_code_dissector_table, function_code, next_tvb, pinfo, tree, true, NULL))
1059 proto_tree_add_item(tree, hf_modbus_data, tvb, payload_start, payload_len, ENC_NA);
1060 break;
1061 }
1062 }
1063
1064 /* Code to dissect Modbus request message */
1065 static int
1066 dissect_modbus_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *modbus_tree, uint8_t function_code, int payload_start, int payload_len, modbus_pkt_info_t *pkt_info)
1067 {
1068 proto_tree *group_tree;
1069 int byte_cnt, num_reg, group_offset, ii;
1070 uint8_t mei_code;
1071 uint16_t reg_base=0, diagnostic_code;
1072 uint32_t group_byte_cnt, group_word_cnt;
1073
1074 if (!pkt_info) {
1075 return 0;
1076 }
1077
1078 switch (function_code) {
1079
1080 case READ_COILS:
1081 case READ_DISCRETE_INPUTS:
1082 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1083 proto_tree_add_item(modbus_tree, hf_modbus_bitcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1084 break;
1085
1086 case READ_HOLDING_REGS:
1087 case READ_INPUT_REGS:
1088 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1089 proto_tree_add_item(modbus_tree, hf_modbus_wordcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1090 break;
1091
1092 case WRITE_SINGLE_COIL:
1093 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1094 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 2, 1, pkt_info->register_format, reg_base, 0);
1095 proto_tree_add_item(modbus_tree, hf_modbus_padding, tvb, payload_start + 3, 1, ENC_NA);
1096 break;
1097
1098 case WRITE_SINGLE_REG:
1099 reg_base = tvb_get_ntohs(tvb, payload_start);
1100 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1101 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 2, 2, pkt_info->register_format, reg_base, 0);
1102 break;
1103
1104 case READ_EXCEPT_STAT:
1105 /* Do Nothing */
1106 break;
1107
1108 case DIAGNOSTICS:
1109 diagnostic_code = tvb_get_ntohs(tvb, payload_start);
1110 proto_tree_add_uint(modbus_tree, hf_modbus_diag_sf, tvb, payload_start, 2, diagnostic_code);
1111 switch(diagnostic_code)
1112 {
1113 case RETURN_QUERY_DATA:
1114 if (payload_len > 2)
1115 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_query_data_request, tvb, payload_start+2, payload_len-2, ENC_NA);
1116 break;
1117 case RESTART_COMMUNICATION_OPTION:
1118 proto_tree_add_item(modbus_tree, hf_modbus_diag_restart_communication_option, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1119 break;
1120 case CHANGE_ASCII_INPUT_DELIMITER:
1121 proto_tree_add_item(modbus_tree, hf_modbus_diag_ascii_input_delimiter, tvb, payload_start+2, 1, ENC_BIG_ENDIAN);
1122 break;
1123 case RETURN_DIAGNOSTIC_REGISTER: /* 00 00 Data Field */
1124 case FORCE_LISTEN_ONLY_MODE: /* 00 00 Data Field */
1125 case CLEAR_COUNTERS_AND_DIAG_REG: /* 00 00 Data Field */
1126 case RETURN_BUS_MESSAGE_COUNT: /* 00 00 Data Field */
1127 case RETURN_BUS_COMM_ERROR_COUNT: /* 00 00 Data Field */
1128 case RETURN_BUS_EXCEPTION_ERROR_COUNT: /* 00 00 Data Field */
1129 case RETURN_SLAVE_MESSAGE_COUNT: /* 00 00 Data Field */
1130 case RETURN_SLAVE_NO_RESPONSE_COUNT: /* 00 00 Data Field */
1131 case RETURN_SLAVE_NAK_COUNT: /* 00 00 Data Field */
1132 case RETURN_SLAVE_BUSY_COUNT: /* 00 00 Data Field */
1133 case RETURN_BUS_CHAR_OVERRUN_COUNT: /* 00 00 Data Field */
1134 case CLEAR_OVERRUN_COUNTER_AND_FLAG:
1135 default:
1136 if (payload_len > 2)
1137 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start+2, payload_len-2, pkt_info->register_format, reg_base, 0);
1138 break;
1139 }
1140 break;
1141 case WRITE_MULT_COILS:
1142 reg_base = tvb_get_ntohs(tvb, payload_start);
1143 num_reg = tvb_get_ntohs(tvb, payload_start + 2);
1144 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1145 proto_tree_add_item(modbus_tree, hf_modbus_bitcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1146 byte_cnt = (uint32_t)tvb_get_uint8(tvb, payload_start + 4);
1147 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start + 4, 1, byte_cnt);
1148 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 5, byte_cnt, pkt_info->register_format, reg_base, num_reg);
1149 break;
1150
1151 case WRITE_MULT_REGS:
1152 reg_base = tvb_get_ntohs(tvb, payload_start);
1153 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1154 proto_tree_add_item(modbus_tree, hf_modbus_wordcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1155 byte_cnt = (uint32_t)tvb_get_uint8(tvb, payload_start + 4);
1156 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start + 4, 1, byte_cnt);
1157 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 5, byte_cnt, pkt_info->register_format, reg_base, 0);
1158 break;
1159
1160 case READ_FILE_RECORD:
1161 byte_cnt = (uint32_t)tvb_get_uint8(tvb, payload_start);
1162 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1,
1163 byte_cnt);
1164
1165 /* add subtrees to describe each group of packet */
1166 group_offset = payload_start + 1;
1167 for (ii = 0; ii < byte_cnt / 7; ii++) {
1168 group_tree = proto_tree_add_subtree_format( modbus_tree, tvb, group_offset, 7,
1169 ett_group_hdr, NULL, "Group %u", ii);
1170 proto_tree_add_item(group_tree, hf_modbus_reftype, tvb, group_offset, 1, ENC_BIG_ENDIAN);
1171 proto_tree_add_item(group_tree, hf_modbus_lreference, tvb, group_offset + 1, 4, ENC_BIG_ENDIAN);
1172 proto_tree_add_item(group_tree, hf_modbus_wordcnt, tvb, group_offset + 5, 2, ENC_BIG_ENDIAN);
1173 group_offset += 7;
1174 }
1175 break;
1176
1177 case WRITE_FILE_RECORD:
1178 byte_cnt = (uint32_t)tvb_get_uint8(tvb, payload_start);
1179 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1, byte_cnt);
1180
1181 /* add subtrees to describe each group of packet */
1182 group_offset = payload_start + 1;
1183 ii = 0;
1184 while (byte_cnt > 0) {
1185 group_word_cnt = tvb_get_ntohs(tvb, group_offset + 5);
1186 group_byte_cnt = (2 * group_word_cnt) + 7;
1187 group_tree = proto_tree_add_subtree_format( modbus_tree, tvb, group_offset,
1188 group_byte_cnt, ett_group_hdr, NULL, "Group %u", ii);
1189 proto_tree_add_item(group_tree, hf_modbus_reftype, tvb, group_offset, 1, ENC_BIG_ENDIAN);
1190 proto_tree_add_item(group_tree, hf_modbus_lreference, tvb, group_offset + 1, 4, ENC_BIG_ENDIAN);
1191 proto_tree_add_uint(group_tree, hf_modbus_wordcnt, tvb, group_offset + 5, 2, group_word_cnt);
1192 dissect_modbus_data(tvb, pinfo, group_tree, function_code, group_offset + 7, group_byte_cnt - 7, pkt_info->register_format, reg_base, 0);
1193 group_offset += group_byte_cnt;
1194 byte_cnt -= group_byte_cnt;
1195 ii++;
1196 }
1197 break;
1198
1199 case MASK_WRITE_REG:
1200 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1201 proto_tree_add_item(modbus_tree, hf_modbus_andmask, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1202 proto_tree_add_item(modbus_tree, hf_modbus_ormask, tvb, payload_start + 4, 2, ENC_BIG_ENDIAN);
1203 break;
1204
1205 case READ_WRITE_REG:
1206 proto_tree_add_item(modbus_tree, hf_modbus_readref, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1207 proto_tree_add_item(modbus_tree, hf_modbus_readwordcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1208 proto_tree_add_item(modbus_tree, hf_modbus_writeref, tvb, payload_start + 4, 2, ENC_BIG_ENDIAN);
1209 proto_tree_add_item(modbus_tree, hf_modbus_writewordcnt, tvb, payload_start + 6, 2, ENC_BIG_ENDIAN);
1210 byte_cnt = (uint32_t)tvb_get_uint8(tvb, payload_start + 8);
1211 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start + 8, 1, byte_cnt);
1212 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 9, byte_cnt, pkt_info->register_format, reg_base, 0);
1213 break;
1214
1215 case READ_FIFO_QUEUE:
1216 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1217 break;
1218
1219 case ENCAP_INTERFACE_TRANSP:
1220 proto_tree_add_item(modbus_tree, hf_modbus_mei, tvb, payload_start, 1, ENC_BIG_ENDIAN);
1221 mei_code = tvb_get_uint8(tvb, payload_start);
1222 switch (mei_code)
1223 {
1224 case READ_DEVICE_ID:
1225 proto_tree_add_item(modbus_tree, hf_modbus_read_device_id, tvb, payload_start+1, 1, ENC_BIG_ENDIAN);
1226 proto_tree_add_item(modbus_tree, hf_modbus_object_id, tvb, payload_start+2, 1, ENC_BIG_ENDIAN);
1227 break;
1228
1229 case CANOPEN_REQ_RESP:
1230 /* CANopen protocol not part of the Modbus/TCP specification */
1231 default:
1232 if (payload_len > 1)
1233 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start, payload_len-1, pkt_info->register_format, reg_base, 0);
1234 break;
1235 }
1236
1237 break;
1238
1239 case REPORT_SLAVE_ID:
1240 default:
1241 if (payload_len > 0)
1242 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start, payload_len, pkt_info->register_format, reg_base, 0);
1243 break;
1244
1245 } /* Function Code */
1246
1247 return tvb_captured_length(tvb);
1248 }
1249
1250 /* Code to dissect Modbus Response message */
1251 static int
1252 dissect_modbus_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *modbus_tree, uint8_t function_code, int payload_start, int payload_len, modbus_pkt_info_t *pkt_info)
1253 {
1254
1255 proto_tree *group_tree, *event_tree, *event_item_tree, *device_objects_tree, *device_objects_item_tree;
1256 proto_item *mei;
1257 int byte_cnt, group_offset, event_index, object_index, object_len, num_objects, ii;
1258 uint8_t object_type, mei_code, event_code;
1259 uint16_t diagnostic_code, num_reg;
1260 uint32_t group_byte_cnt, group_word_cnt;
1261
1262 nstime_t response_time;
1263 proto_item *request_frame_item, *response_time_item;
1264
1265 if (!pkt_info) {
1266 return 0;
1267 }
1268
1269 num_reg = pkt_info->num_reg;
1270
1271 if (pkt_info->request_found == true) {
1272 request_frame_item = proto_tree_add_uint(modbus_tree, hf_modbus_request_frame, tvb, 0, 0, pkt_info->req_frame_num);
1273 proto_item_set_generated(request_frame_item);
1274
1275 nstime_delta(&response_time, &pinfo->abs_ts, &pkt_info->req_time);
1276 response_time_item = proto_tree_add_time(modbus_tree, hf_modbus_response_time, tvb, 0, 0, &response_time);
1277 proto_item_set_generated(response_time_item);
1278 }
1279
1280 switch (function_code) {
1281
1282 case READ_COILS:
1283 case READ_DISCRETE_INPUTS:
1284 byte_cnt = (uint32_t)tvb_get_uint8(tvb, payload_start);
1285 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1, byte_cnt);
1286 //if the request wasn't found set number of coils based on byte count
1287 if (!pkt_info->request_found)
1288 num_reg = byte_cnt*8;
1289 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 1, byte_cnt, pkt_info->register_format, pkt_info->reg_base, num_reg);
1290 break;
1291
1292 case READ_HOLDING_REGS:
1293 case READ_INPUT_REGS:
1294 byte_cnt = (uint32_t)tvb_get_uint8(tvb, payload_start);
1295 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1, byte_cnt);
1296 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 1, byte_cnt, pkt_info->register_format, pkt_info->reg_base, 0);
1297 break;
1298
1299 case WRITE_SINGLE_COIL:
1300 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1301 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 2, 1, pkt_info->register_format, pkt_info->reg_base, 0);
1302 proto_tree_add_item(modbus_tree, hf_modbus_padding, tvb, payload_start + 3, 1, ENC_NA);
1303 break;
1304
1305 case WRITE_SINGLE_REG:
1306 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1307 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 2, 2, pkt_info->register_format, pkt_info->reg_base, 0);
1308 break;
1309
1310 case READ_EXCEPT_STAT:
1311 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start, 1, pkt_info->register_format, pkt_info->reg_base, 0);
1312 break;
1313
1314 case DIAGNOSTICS:
1315 diagnostic_code = tvb_get_ntohs(tvb, payload_start);
1316 proto_tree_add_uint(modbus_tree, hf_modbus_diag_sf, tvb, payload_start, 2, diagnostic_code);
1317 switch(diagnostic_code)
1318 {
1319 case RETURN_QUERY_DATA: /* Echo of Request */
1320 if (payload_len > 2)
1321 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_query_data_echo, tvb, payload_start+2, payload_len-2, ENC_NA);
1322 break;
1323 case RESTART_COMMUNICATION_OPTION: /* Echo of Request */
1324 proto_tree_add_item(modbus_tree, hf_modbus_diag_restart_communication_option, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1325 break;
1326 case RETURN_DIAGNOSTIC_REGISTER:
1327 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_diag_register, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1328 break;
1329 case CHANGE_ASCII_INPUT_DELIMITER: /* XXX - Do we expect this to ever be a response? */
1330 proto_tree_add_item(modbus_tree, hf_modbus_diag_ascii_input_delimiter, tvb, payload_start+2, 1, ENC_BIG_ENDIAN);
1331 break;
1332 case CLEAR_COUNTERS_AND_DIAG_REG: /* Echo of Request */
1333 proto_tree_add_item(modbus_tree, hf_modbus_diag_clear_ctr_diag_reg, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1334 break;
1335 case RETURN_BUS_MESSAGE_COUNT:
1336 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_bus_message_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1337 break;
1338 case RETURN_BUS_COMM_ERROR_COUNT:
1339 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_bus_comm_error_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1340 break;
1341 case RETURN_BUS_EXCEPTION_ERROR_COUNT:
1342 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_bus_exception_error_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1343 break;
1344 case RETURN_SLAVE_MESSAGE_COUNT:
1345 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_slave_message_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1346 break;
1347 case RETURN_SLAVE_NO_RESPONSE_COUNT:
1348 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_no_slave_response_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1349 break;
1350 case RETURN_SLAVE_NAK_COUNT:
1351 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_slave_nak_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1352 break;
1353 case RETURN_SLAVE_BUSY_COUNT:
1354 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_slave_busy_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1355 break;
1356 case RETURN_BUS_CHAR_OVERRUN_COUNT:
1357 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_bus_char_overrun_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1358 break;
1359 case CLEAR_OVERRUN_COUNTER_AND_FLAG: /* Echo of Request */
1360 case FORCE_LISTEN_ONLY_MODE: /* No response anticipated */
1361 default:
1362 if (payload_len > 2)
1363 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start+2, payload_len-2, pkt_info->register_format, pkt_info->reg_base, 0);
1364 break;
1365 } /* diagnostic_code */
1366 break;
1367
1368 case GET_COMM_EVENT_CTRS:
1369 proto_tree_add_item(modbus_tree, hf_modbus_status, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1370 proto_tree_add_item(modbus_tree, hf_modbus_event_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1371 break;
1372
1373 case GET_COMM_EVENT_LOG:
1374 byte_cnt = (uint32_t)tvb_get_uint8(tvb, payload_start);
1375 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1, byte_cnt);
1376 proto_tree_add_item(modbus_tree, hf_modbus_status, tvb, payload_start+1, 2, ENC_BIG_ENDIAN);
1377 proto_tree_add_item(modbus_tree, hf_modbus_event_count, tvb, payload_start+3, 2, ENC_BIG_ENDIAN);
1378 proto_tree_add_item(modbus_tree, hf_modbus_message_count, tvb, payload_start+5, 2, ENC_BIG_ENDIAN);
1379 if (byte_cnt-6 > 0) {
1380 byte_cnt -= 6;
1381 event_index = 0;
1382 event_tree = proto_tree_add_subtree(modbus_tree, tvb, payload_start+7, byte_cnt, ett_events, NULL, "Events");
1383 while (byte_cnt > 0) {
1384 event_code = tvb_get_uint8(tvb, payload_start+7+event_index);
1385 if (event_code == 0) {
1386 proto_tree_add_uint_format(event_tree, hf_modbus_event, tvb, payload_start+7+event_index, 1, event_code, "Initiated Communication Restart");
1387 }
1388 else if (event_code == 4) {
1389 proto_tree_add_uint_format(event_tree, hf_modbus_event, tvb, payload_start+7+event_index, 1, event_code, "Entered Listen Only Mode");
1390 }
1391 else if (event_code & REMOTE_DEVICE_RECV_EVENT_MASK) {
1392 mei = proto_tree_add_uint_format(event_tree, hf_modbus_event, tvb, payload_start+7+event_index, 1,
1393 event_code, "Receive Event: 0x%02X", event_code);
1394 event_item_tree = proto_item_add_subtree(mei, ett_events_recv);
1395
1396 /* add subtrees to describe each event bit */
1397 proto_tree_add_item(event_item_tree, hf_modbus_event_recv_comm_err,
1398 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1399 proto_tree_add_item(event_item_tree, hf_modbus_event_recv_char_over,
1400 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1401 proto_tree_add_item(event_item_tree, hf_modbus_event_recv_lo_mode,
1402 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1403 proto_tree_add_item(event_item_tree, hf_modbus_event_recv_broadcast,
1404 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1405 }
1406 else if ((event_code & REMOTE_DEVICE_SEND_EVENT_MASK) == REMOTE_DEVICE_SEND_EVENT_VALUE) {
1407 mei = proto_tree_add_uint_format(event_tree, hf_modbus_event, tvb, payload_start+7+event_index, 1,
1408 event_code, "Send Event: 0x%02X", event_code);
1409 event_item_tree = proto_item_add_subtree(mei, ett_events_send);
1410
1411 /* add subtrees to describe each event bit */
1412 proto_tree_add_item(event_item_tree, hf_modbus_event_send_read_ex,
1413 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1414 proto_tree_add_item(event_item_tree, hf_modbus_event_send_slave_abort_ex,
1415 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1416 proto_tree_add_item(event_item_tree, hf_modbus_event_send_slave_busy_ex,
1417 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1418 proto_tree_add_item(event_item_tree, hf_modbus_event_send_slave_nak_ex,
1419 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1420 proto_tree_add_item(event_item_tree, hf_modbus_event_send_write_timeout,
1421 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1422 proto_tree_add_item(event_item_tree, hf_modbus_event_send_lo_mode,
1423 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1424 }
1425 else {
1426 proto_tree_add_uint_format(event_tree, hf_modbus_event, tvb, payload_start+7+event_index, 1, event_code, "Unknown Event");
1427 }
1428
1429 byte_cnt--;
1430 event_index++;
1431 }
1432 }
1433 break;
1434
1435 case WRITE_MULT_COILS:
1436 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1437 proto_tree_add_item(modbus_tree, hf_modbus_bitcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1438 break;
1439
1440 case WRITE_MULT_REGS:
1441 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1442 proto_tree_add_item(modbus_tree, hf_modbus_wordcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1443 break;
1444
1445 case READ_FILE_RECORD:
1446 byte_cnt = (uint32_t)tvb_get_uint8(tvb, payload_start);
1447 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1,
1448 byte_cnt);
1449
1450 /* add subtrees to describe each group of packet */
1451 group_offset = payload_start + 1;
1452 ii = 0;
1453 while (byte_cnt > 0) {
1454 group_byte_cnt = (uint32_t)tvb_get_uint8(tvb, group_offset);
1455 group_tree = proto_tree_add_subtree_format( modbus_tree, tvb, group_offset, group_byte_cnt + 1,
1456 ett_group_hdr, NULL, "Group %u", ii);
1457 proto_tree_add_uint(group_tree, hf_modbus_bytecnt, tvb, group_offset, 1,
1458 group_byte_cnt);
1459 proto_tree_add_item(group_tree, hf_modbus_reftype, tvb, group_offset + 1, 1, ENC_BIG_ENDIAN);
1460 dissect_modbus_data(tvb, pinfo, group_tree, function_code, group_offset + 2, group_byte_cnt - 1, pkt_info->register_format, pkt_info->reg_base, 0);
1461 group_offset += (group_byte_cnt + 1);
1462 byte_cnt -= (group_byte_cnt + 1);
1463 ii++;
1464 }
1465 break;
1466
1467 case WRITE_FILE_RECORD: /* Normal response is echo of request */
1468 byte_cnt = (uint32_t)tvb_get_uint8(tvb, payload_start);
1469 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1, byte_cnt);
1470
1471 /* add subtrees to describe each group of packet */
1472 group_offset = payload_start + 1;
1473 ii = 0;
1474 while (byte_cnt > 0) {
1475 group_word_cnt = tvb_get_ntohs(tvb, group_offset + 5);
1476 group_byte_cnt = (2 * group_word_cnt) + 7;
1477 group_tree = proto_tree_add_subtree_format( modbus_tree, tvb, group_offset,
1478 group_byte_cnt, ett_group_hdr, NULL, "Group %u", ii);
1479 proto_tree_add_item(group_tree, hf_modbus_reftype, tvb, group_offset, 1, ENC_BIG_ENDIAN);
1480 proto_tree_add_item(group_tree, hf_modbus_lreference, tvb, group_offset + 1, 4, ENC_BIG_ENDIAN);
1481 proto_tree_add_uint(group_tree, hf_modbus_wordcnt, tvb, group_offset + 5, 2, group_word_cnt);
1482 dissect_modbus_data(tvb, pinfo, group_tree, function_code, group_offset + 7, group_byte_cnt - 7, pkt_info->register_format, pkt_info->reg_base, 0);
1483 group_offset += group_byte_cnt;
1484 byte_cnt -= group_byte_cnt;
1485 ii++;
1486 }
1487 break;
1488
1489 case MASK_WRITE_REG: /* Normal response is echo of request */
1490 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1491 proto_tree_add_item(modbus_tree, hf_modbus_andmask, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1492 proto_tree_add_item(modbus_tree, hf_modbus_ormask, tvb, payload_start + 4, 2, ENC_BIG_ENDIAN);
1493 break;
1494
1495 case READ_WRITE_REG:
1496 byte_cnt = (uint32_t)tvb_get_uint8(tvb, payload_start);
1497 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1, byte_cnt);
1498 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 1, byte_cnt, pkt_info->register_format, pkt_info->reg_base, 0);
1499 break;
1500
1501 case READ_FIFO_QUEUE:
1502 byte_cnt = (uint32_t)tvb_get_ntohs(tvb, payload_start);
1503 proto_tree_add_uint(modbus_tree, hf_modbus_lbytecnt, tvb, payload_start, 2, byte_cnt);
1504 proto_tree_add_item(modbus_tree, hf_modbus_wordcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1505 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 4, byte_cnt - 2, pkt_info->register_format, pkt_info->reg_base, 0);
1506 break;
1507
1508 case ENCAP_INTERFACE_TRANSP:
1509 proto_tree_add_item(modbus_tree, hf_modbus_mei, tvb, payload_start, 1, ENC_BIG_ENDIAN);
1510 mei_code = tvb_get_uint8(tvb, payload_start);
1511 switch (mei_code)
1512 {
1513 case READ_DEVICE_ID:
1514 proto_tree_add_item(modbus_tree, hf_modbus_read_device_id, tvb, payload_start+1, 1, ENC_BIG_ENDIAN);
1515 proto_tree_add_item(modbus_tree, hf_modbus_conformity_level, tvb, payload_start+2, 1, ENC_BIG_ENDIAN);
1516 proto_tree_add_item(modbus_tree, hf_modbus_more_follows, tvb, payload_start+3, 1, ENC_BIG_ENDIAN);
1517 proto_tree_add_item(modbus_tree, hf_modbus_next_object_id, tvb, payload_start+4, 1, ENC_BIG_ENDIAN);
1518 num_objects = tvb_get_uint8(tvb, payload_start+5);
1519 proto_tree_add_uint(modbus_tree, hf_modbus_num_objects, tvb, payload_start+5, 1, num_objects);
1520 device_objects_tree = proto_tree_add_subtree(modbus_tree, tvb, payload_start+6, payload_len-6,
1521 ett_device_id_objects, NULL, "Objects");
1522
1523 object_index = 0;
1524 for (ii = 0; ii < num_objects; ii++)
1525 {
1526 /* add each "object item" as its own subtree */
1527
1528 /* compute length of object */
1529 object_type = tvb_get_uint8(tvb, payload_start+6+object_index);
1530 object_len = tvb_get_uint8(tvb, payload_start+6+object_index+1);
1531
1532 device_objects_item_tree = proto_tree_add_subtree_format(device_objects_tree, tvb, payload_start+6+object_index, 2+object_len,
1533 ett_device_id_object_items, NULL, "Object #%d", ii+1);
1534
1535 proto_tree_add_item(device_objects_item_tree, hf_modbus_object_id, tvb, payload_start+6+object_index, 1, ENC_BIG_ENDIAN);
1536 object_index++;
1537
1538 proto_tree_add_uint(device_objects_item_tree, hf_modbus_list_object_len, tvb, payload_start+6+object_index, 1, object_len);
1539 object_index++;
1540
1541 if (object_type < 7)
1542 {
1543 proto_tree_add_item(device_objects_item_tree, hf_modbus_object_str_value, tvb, payload_start+6+object_index, object_len, ENC_ASCII);
1544 }
1545 else
1546 {
1547 if (object_len > 0)
1548 proto_tree_add_item(device_objects_item_tree, hf_modbus_object_value, tvb, payload_start+6+object_index, object_len, ENC_NA);
1549 }
1550 object_index += object_len;
1551 } /* for ii */
1552 break;
1553
1554 case CANOPEN_REQ_RESP:
1555 /* CANopen protocol not part of the Modbus/TCP specification */
1556 default:
1557 if (payload_len > 1)
1558 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start, payload_len-1, pkt_info->register_format, pkt_info->reg_base, 0);
1559 break;
1560 } /* mei_code */
1561 break;
1562
1563 case REPORT_SLAVE_ID:
1564 default:
1565 if (payload_len > 0)
1566 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start, payload_len, pkt_info->register_format, pkt_info->reg_base, 0);
1567 break;
1568
1569 } /* function code */
1570
1571 return tvb_captured_length(tvb);
1572 }
1573
1574
1575 /* Dissect the Modbus Payload. Called from either Modbus/TCP or Modbus RTU Dissector */
1576 static int
1577 dissect_modbus(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
1578 {
1579 proto_tree *modbus_tree;
1580 proto_item *mi;
1581 int offset = 0;
1582 modbus_data_t *modbus_data = (modbus_data_t*)data;
1583 int payload_start, payload_len, len;
1584 uint8_t function_code, exception_code;
1585 modbus_pkt_info_t *pkt_info;
1586 uint32_t conv_key;
1587
1588 /* Reject the packet if data passed from the mbrtu or mbtcp dissector is NULL */
1589 if (modbus_data == NULL)
1590 return 0;
1591
1592 len = tvb_captured_length(tvb);
1593
1594 /* If the packet is zero-length, we should not attempt to dissect any further */
1595 if (len == 0)
1596 return 0;
1597
1598 /* Add items to protocol tree specific to Modbus */
1599 mi = proto_tree_add_protocol_format(tree, proto_modbus, tvb, offset, len, "Modbus");
1600 modbus_tree = proto_item_add_subtree(mi, ett_modbus_hdr);
1601
1602 function_code = tvb_get_uint8(tvb, offset) & 0x7F;
1603 proto_tree_add_item(modbus_tree, hf_modbus_functioncode, tvb, offset, 1, ENC_BIG_ENDIAN);
1604
1605 /* Conversation support */
1606 /* Use a combination of unit and transaction-id as key for identifying a request to a response*/
1607 conv_key = (uint32_t)modbus_data->mbtcp_transid | ((uint32_t)modbus_data->unit_id << 16);
1608 if (!pinfo->fd->visited) {
1609 conversation_t *conversation = NULL;
1610 modbus_conversation *modbus_conv_data = NULL;
1611
1612 /* Find a conversation, create a new if no one exists */
1613 conversation = find_or_create_conversation(pinfo);
1614 modbus_conv_data = (modbus_conversation *)conversation_get_proto_data(conversation, proto_modbus);
1615 pkt_info = wmem_new0(wmem_file_scope(), modbus_pkt_info_t);
1616
1617 if (modbus_conv_data == NULL){
1618 modbus_conv_data = wmem_new(wmem_file_scope(), modbus_conversation);
1619 modbus_conv_data->modbus_request_frame_data = wmem_list_new(wmem_file_scope());
1620 modbus_conv_data->register_format = global_mbus_register_format;
1621 conversation_add_proto_data(conversation, proto_modbus, (void *)modbus_conv_data);
1622 }
1623
1624 pkt_info->register_format = modbus_conv_data->register_format;
1625
1626 if (modbus_data->packet_type == QUERY_PACKET) {
1627 /*create the modbus_request frame. It holds the request information.*/
1628 modbus_request_info_t *frame_ptr = wmem_new0(wmem_file_scope(), modbus_request_info_t);
1629 int captured_length = tvb_captured_length(tvb);
1630
1631 /* load information into the modbus request frame */
1632 frame_ptr->fnum = pinfo->num;
1633 frame_ptr->function_code = function_code;
1634 frame_ptr->mbtcp_transid = modbus_data->mbtcp_transid;
1635 frame_ptr->unit_id = modbus_data->unit_id;
1636 if (captured_length >= 3) {
1637 pkt_info->reg_base = frame_ptr->base_address = tvb_get_ntohs(tvb, 1);
1638 if (captured_length >= 5)
1639 pkt_info->num_reg = frame_ptr->num_reg = tvb_get_ntohs(tvb, 3);
1640 }
1641 frame_ptr->req_time = pinfo->abs_ts;
1642
1643 wmem_list_prepend(modbus_conv_data->modbus_request_frame_data, frame_ptr);
1644 }
1645 else if (modbus_data->packet_type == RESPONSE_PACKET) {
1646 uint8_t req_function_code;
1647 uint16_t req_transaction_id;
1648 uint8_t req_unit_id;
1649 uint32_t req_frame_num;
1650 modbus_request_info_t *request_data;
1651
1652 wmem_list_frame_t *frame = wmem_list_head(modbus_conv_data->modbus_request_frame_data);
1653 /* Step backward through all logged instances of request frames, looking for a request frame number that
1654 occurred immediately prior to current frame number that has a matching function code,
1655 unit-id and transaction identifier */
1656 while (frame && !pkt_info->request_found) {
1657 request_data = (modbus_request_info_t *)wmem_list_frame_data(frame);
1658 req_frame_num = request_data->fnum;
1659 req_function_code = request_data->function_code;
1660 req_transaction_id = request_data->mbtcp_transid;
1661 req_unit_id = request_data->unit_id;
1662 if ((pinfo->num > req_frame_num) && (req_function_code == function_code) &&
1663 (req_transaction_id == modbus_data->mbtcp_transid) && (req_unit_id == modbus_data->unit_id)) {
1664 pkt_info->function_code = req_function_code;
1665 pkt_info->reg_base = request_data->base_address;
1666 pkt_info->num_reg = request_data->num_reg;
1667 pkt_info->request_found = true;
1668 pkt_info->req_frame_num = req_frame_num;
1669 pkt_info->req_time = request_data->req_time;
1670 }
1671 frame = wmem_list_frame_next(frame);
1672 }
1673
1674
1675 }
1676 p_add_proto_data(wmem_file_scope(), pinfo, proto_modbus, conv_key, pkt_info);
1677
1678 }
1679 else { /* !visited */
1680 pkt_info = (modbus_pkt_info_t *)p_get_proto_data(wmem_file_scope(), pinfo, proto_modbus, conv_key);
1681 }
1682
1683
1684 /* Find exception - last bit set in function code */
1685 if (tvb_get_uint8(tvb, offset) & 0x80 ) {
1686 exception_code = tvb_get_uint8(tvb, offset+1);
1687 }
1688 else {
1689 exception_code = 0;
1690 }
1691
1692 payload_start = offset + 1;
1693 payload_len = len - 1;
1694
1695 if (exception_code != 0) {
1696 proto_item_set_text(mi, "Function %u: %s. Exception: %s",
1697 function_code,
1698 val_to_str_const(function_code, function_code_vals, "Unknown Function"),
1699 val_to_str(exception_code,
1700 exception_code_vals,
1701 "Unknown Exception Code (%u)"));
1702 proto_tree_add_uint(modbus_tree, hf_modbus_exceptioncode, tvb, payload_start, 1,
1703 exception_code);
1704 }
1705 else {
1706
1707 /* Follow different dissection path depending on whether packet is query or response */
1708 if (modbus_data->packet_type == QUERY_PACKET) {
1709 dissect_modbus_request(tvb, pinfo, modbus_tree, function_code, payload_start, payload_len, pkt_info);
1710 }
1711 else if (modbus_data->packet_type == RESPONSE_PACKET) {
1712 dissect_modbus_response(tvb, pinfo, modbus_tree, function_code, payload_start, payload_len, pkt_info);
1713 }
1714
1715 }
1716
1717 return tvb_captured_length(tvb);
1718 }
1719
1720 static void
1721 apply_mbtcp_prefs(void)
1722 {
1723 /* Modbus/RTU uses the port preference to determine request/response */
1724 global_mbus_tcp_ports = prefs_get_range_value("mbtcp", "tcp.port");
1725 global_mbus_udp_ports = prefs_get_range_value("mbudp", "udp.port");
1726 global_mbus_tls_ports = prefs_get_range_value("mbtcp", "tls.port");
1727 }
1728
1729 static void
1730 apply_mbrtu_prefs(void)
1731 {
1732 /* Modbus/RTU uses the port preference to determine request/response */
1733 global_mbus_tcp_rtu_ports = prefs_get_range_value("mbrtu", "tcp.port");
1734 global_mbus_udp_rtu_ports = prefs_get_range_value("mbrtu", "udp.port");
1735 }
1736
1737 /* Register the protocol with Wireshark */
1738 void
1739 proto_register_modbus(void)
1740 {
1741 /* Modbus/TCP header fields */
1742 static hf_register_info mbtcp_hf[] = {
1743 { &hf_mbtcp_transid,
1744 { "Transaction Identifier", "mbtcp.trans_id",
1745 FT_UINT16, BASE_DEC, NULL, 0x0,
1746 NULL, HFILL }
1747 },
1748 { &hf_mbtcp_protid,
1749 { "Protocol Identifier", "mbtcp.prot_id",
1750 FT_UINT16, BASE_DEC, NULL, 0x0,
1751 NULL, HFILL }
1752 },
1753 { &hf_mbtcp_len,
1754 { "Length", "mbtcp.len",
1755 FT_UINT16, BASE_DEC, NULL, 0x0,
1756 NULL, HFILL }
1757 },
1758 { &hf_mbtcp_unitid,
1759 { "Unit Identifier", "mbtcp.unit_id",
1760 FT_UINT8, BASE_DEC, NULL, 0x0,
1761 NULL, HFILL }
1762 },
1763 };
1764
1765 static ei_register_info mbtcp_ei[] = {
1766 { &ei_mbtcp_cannot_classify,
1767 { "mbtcp.cannot_classify", PI_PROTOCOL, PI_WARN,
1768 "Cannot classify packet type. Try setting Modbus/TCP Port preference to this destination or source port", EXPFILL }
1769 },
1770 };
1771
1772 /* Modbus RTU header fields */
1773 static hf_register_info mbrtu_hf[] = {
1774 { &hf_mbrtu_unitid,
1775 { "Unit ID", "mbrtu.unit_id",
1776 FT_UINT8, BASE_DEC, NULL, 0x0,
1777 NULL, HFILL }
1778 },
1779 { &hf_mbrtu_crc16,
1780 { "CRC-16", "mbrtu.crc16",
1781 FT_UINT16, BASE_HEX, NULL, 0x0,
1782 NULL, HFILL }
1783 },
1784 { &hf_mbrtu_crc16_status,
1785 { "CRC-16 Status", "mbrtu.crc16.status",
1786 FT_UINT8, BASE_NONE, VALS(proto_checksum_vals), 0x0,
1787 NULL, HFILL }
1788 },
1789 };
1790
1791 static ei_register_info mbrtu_ei[] = {
1792 { &ei_mbrtu_crc16_incorrect,
1793 { "mbrtu.crc16.incorrect", PI_CHECKSUM, PI_WARN,
1794 "Incorrect CRC", EXPFILL }
1795 },
1796 };
1797
1798 /* Modbus header fields */
1799 static hf_register_info hf[] = {
1800 { &hf_modbus_request_frame,
1801 { "Request Frame", "modbus.request_frame",
1802 FT_FRAMENUM, BASE_NONE,
1803 NULL, 0x0,
1804 NULL, HFILL }
1805 },
1806 { &hf_modbus_response_time,
1807 { "Time from request", "modbus.response_time",
1808 FT_RELATIVE_TIME, BASE_NONE,
1809 NULL, 0x0,
1810 "Time between request and reply", HFILL }
1811 },
1812 { &hf_modbus_functioncode,
1813 { "Function Code", "modbus.func_code",
1814 FT_UINT8, BASE_DEC, VALS(function_code_vals), 0x7F,
1815 NULL, HFILL }
1816 },
1817 { &hf_modbus_reference,
1818 { "Reference Number", "modbus.reference_num",
1819 FT_UINT16, BASE_DEC, NULL, 0x0,
1820 NULL, HFILL }
1821 },
1822 { &hf_modbus_padding,
1823 { "Padding", "modbus.padding",
1824 FT_UINT8, BASE_HEX, NULL, 0x0,
1825 NULL, HFILL }
1826 },
1827 { &hf_modbus_lreference,
1828 { "Reference Number (32 bit)", "modbus.reference_num_32",
1829 FT_UINT32, BASE_DEC, NULL, 0x0,
1830 NULL, HFILL }
1831 },
1832 { &hf_modbus_reftype,
1833 { "Reference Type", "modbus.reference_type",
1834 FT_UINT8, BASE_DEC, NULL, 0x0,
1835 NULL, HFILL }
1836 },
1837 { &hf_modbus_readref,
1838 { "Read Reference Number", "modbus.read_reference_num",
1839 FT_UINT16, BASE_DEC, NULL, 0x0,
1840 NULL, HFILL }
1841 },
1842 { &hf_modbus_writeref,
1843 { "Write Reference Number", "modbus.write_reference_num",
1844 FT_UINT16, BASE_DEC, NULL, 0x0,
1845 NULL, HFILL }
1846 },
1847 { &hf_modbus_wordcnt,
1848 { "Word Count", "modbus.word_cnt",
1849 FT_UINT16, BASE_DEC, NULL, 0x0,
1850 NULL, HFILL }
1851 },
1852 { &hf_modbus_readwordcnt,
1853 { "Read Word Count", "modbus.read_word_cnt",
1854 FT_UINT16, BASE_DEC, NULL, 0x0,
1855 NULL, HFILL }
1856 },
1857 { &hf_modbus_writewordcnt,
1858 { "Write Word Count", "modbus.write_word_cnt",
1859 FT_UINT16, BASE_DEC, NULL, 0x0,
1860 NULL, HFILL }
1861 },
1862 { &hf_modbus_bitcnt,
1863 { "Bit Count", "modbus.bit_cnt",
1864 FT_UINT16, BASE_DEC, NULL, 0x0,
1865 NULL, HFILL }
1866 },
1867 { &hf_modbus_bytecnt,
1868 { "Byte Count", "modbus.byte_cnt",
1869 FT_UINT8, BASE_DEC, NULL, 0x0,
1870 NULL, HFILL }
1871 },
1872 { &hf_modbus_lbytecnt,
1873 { "Byte Count (16-bit)", "modbus.byte_cnt_16",
1874 FT_UINT16, BASE_DEC, NULL, 0x0,
1875 NULL, HFILL }
1876 },
1877 { &hf_modbus_exceptioncode,
1878 { "Exception Code", "modbus.exception_code",
1879 FT_UINT8, BASE_DEC, VALS(exception_code_vals), 0x0,
1880 NULL, HFILL }
1881 },
1882 { &hf_modbus_diag_sf,
1883 { "Diagnostic Code", "modbus.diagnostic_code",
1884 FT_UINT16, BASE_DEC, VALS(diagnostic_code_vals), 0x0,
1885 NULL, HFILL }
1886 },
1887 { &hf_modbus_diag_return_query_data_request,
1888 { "Request Data", "modbus.diagnostic.return_query_data.request",
1889 FT_BYTES, BASE_NONE, NULL, 0x0,
1890 NULL, HFILL }
1891 },
1892 { &hf_modbus_diag_return_query_data_echo,
1893 { "Echo Data", "modbus.diagnostic.return_query_data.echo",
1894 FT_BYTES, BASE_NONE, NULL, 0x0,
1895 NULL, HFILL }
1896 },
1897 { &hf_modbus_diag_restart_communication_option,
1898 { "Restart Communication Option", "modbus.diagnostic.restart_communication_option",
1899 FT_UINT16, BASE_HEX, VALS(diagnostic_restart_communication_option_vals), 0x0,
1900 NULL, HFILL }
1901 },
1902 { &hf_modbus_diag_return_diag_register,
1903 { "Diagnostic Register Contents", "modbus.diagnostic.return_diag_register",
1904 FT_UINT16, BASE_HEX, NULL, 0x0,
1905 NULL, HFILL }
1906 },
1907 { &hf_modbus_diag_ascii_input_delimiter,
1908 { "CHAR", "modbus.diagnostic.ascii_input_delimiter",
1909 FT_UINT8, BASE_HEX, NULL, 0x0,
1910 NULL, HFILL }
1911 },
1912 { &hf_modbus_diag_clear_ctr_diag_reg,
1913 { "Clear Counters & Diag Register Echo", "modbus.diagnostic.clear_ctr_diag_reg",
1914 FT_UINT16, BASE_DEC, NULL, 0x0,
1915 NULL, HFILL }
1916 },
1917 { &hf_modbus_diag_return_bus_message_count,
1918 { "Total Message Count", "modbus.diagnostic.bus_message_count",
1919 FT_UINT16, BASE_DEC, NULL, 0x0,
1920 NULL, HFILL }
1921 },
1922 { &hf_modbus_diag_return_bus_comm_error_count,
1923 { "CRC Error Count", "modbus.diagnostic.bus_comm_error_count",
1924 FT_UINT16, BASE_DEC, NULL, 0x0,
1925 NULL, HFILL }
1926 },
1927 { &hf_modbus_diag_return_bus_exception_error_count,
1928 { "Exception Error Count", "modbus.diagnostic.bus_exception_error_count",
1929 FT_UINT16, BASE_DEC, NULL, 0x0,
1930 NULL, HFILL }
1931 },
1932 { &hf_modbus_diag_return_slave_message_count,
1933 { "Slave Message Count", "modbus.diagnostic.slave_message_count",
1934 FT_UINT16, BASE_DEC, NULL, 0x0,
1935 NULL, HFILL }
1936 },
1937 { &hf_modbus_diag_return_no_slave_response_count,
1938 { "Slave No Response Count", "modbus.diagnostic.no_slave_response_count",
1939 FT_UINT16, BASE_DEC, NULL, 0x0,
1940 NULL, HFILL }
1941 },
1942 { &hf_modbus_diag_return_slave_nak_count,
1943 { "Slave NAK Count", "modbus.diagnostic.slave_nak_count",
1944 FT_UINT16, BASE_DEC, NULL, 0x0,
1945 NULL, HFILL }
1946 },
1947 { &hf_modbus_diag_return_slave_busy_count,
1948 { "Slave Device Busy Count", "modbus.diagnostic.slave_busy_count",
1949 FT_UINT16, BASE_DEC, NULL, 0x0,
1950 NULL, HFILL }
1951 },
1952 { &hf_modbus_diag_return_bus_char_overrun_count,
1953 { "Slave Character Overrun Count", "modbus.diagnostic.bus_char_overrun_count",
1954 FT_UINT16, BASE_DEC, NULL, 0x0,
1955 NULL, HFILL }
1956 },
1957 { &hf_modbus_status,
1958 { "Status", "modbus.ev_status",
1959 FT_UINT16, BASE_HEX, NULL, 0x0,
1960 NULL, HFILL }
1961 },
1962 { &hf_modbus_event,
1963 { "Event", "modbus.event",
1964 FT_UINT8, BASE_DEC, NULL, 0x0,
1965 NULL, HFILL }
1966 },
1967 { &hf_modbus_event_count,
1968 { "Event Count", "modbus.ev_count",
1969 FT_UINT16, BASE_DEC, NULL, 0x0,
1970 NULL, HFILL }
1971 },
1972 { &hf_modbus_message_count,
1973 { "Message Count", "modbus.ev_msg_count",
1974 FT_UINT16, BASE_DEC, NULL, 0x0,
1975 NULL, HFILL }
1976 },
1977 { &hf_modbus_event_recv_comm_err,
1978 { "Communication Error", "modbus.ev_recv_comm_err",
1979 FT_UINT8, BASE_DEC, NULL, 0x02,
1980 NULL, HFILL }
1981 },
1982 { &hf_modbus_event_recv_char_over,
1983 { "Character Overrun", "modbus.ev_recv_char_over",
1984 FT_UINT8, BASE_DEC, NULL, 0x10,
1985 NULL, HFILL }
1986 },
1987 { &hf_modbus_event_recv_lo_mode,
1988 { "Currently in Listen Only Mode", "modbus.ev_recv_lo_mode",
1989 FT_UINT8, BASE_DEC, NULL, 0x20,
1990 NULL, HFILL }
1991 },
1992 { &hf_modbus_event_recv_broadcast,
1993 { "Broadcast Received", "modbus.ev_recv_broadcast",
1994 FT_UINT8, BASE_DEC, NULL, 0x40,
1995 NULL, HFILL }
1996 },
1997 { &hf_modbus_event_send_read_ex,
1998 { "Read Exception Sent", "modbus.ev_send_read_ex",
1999 FT_UINT8, BASE_DEC, NULL, 0x01,
2000 NULL, HFILL }
2001 },
2002 { &hf_modbus_event_send_slave_abort_ex,
2003 { "Slave Abort Exception Sent", "modbus.ev_send_slave_abort_ex",
2004 FT_UINT8, BASE_DEC, NULL, 0x02,
2005 NULL, HFILL }
2006 },
2007 { &hf_modbus_event_send_slave_busy_ex,
2008 { "Slave Busy Exception Sent", "modbus.ev_send_slave_busy_ex",
2009 FT_UINT8, BASE_DEC, NULL, 0x04,
2010 NULL, HFILL }
2011 },
2012 { &hf_modbus_event_send_slave_nak_ex,
2013 { "Slave Program NAK Exception Sent", "modbus.ev_send_slave_nak_ex",
2014 FT_UINT8, BASE_DEC, NULL, 0x08,
2015 NULL, HFILL }
2016 },
2017 { &hf_modbus_event_send_write_timeout,
2018 { "Write Timeout Error Occurred", "modbus.ev_send_write_timeout",
2019 FT_UINT8, BASE_DEC, NULL, 0x10,
2020 NULL, HFILL }
2021 },
2022 { &hf_modbus_event_send_lo_mode,
2023 { "Currently in Listen Only Mode", "modbus.ev_send_lo_mode",
2024 FT_UINT8, BASE_DEC, NULL, 0x20,
2025 NULL, HFILL }
2026 },
2027 { &hf_modbus_andmask,
2028 { "AND mask", "modbus.and_mask",
2029 FT_UINT16, BASE_HEX, NULL, 0x0,
2030 NULL, HFILL }
2031 },
2032 { &hf_modbus_ormask,
2033 { "OR mask", "modbus.or_mask",
2034 FT_UINT16, BASE_HEX, NULL, 0x0,
2035 NULL, HFILL }
2036 },
2037 { &hf_modbus_data,
2038 { "Data", "modbus.data",
2039 FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }
2040 },
2041 { &hf_modbus_mei,
2042 { "MEI type", "modbus.mei",
2043 FT_UINT8, BASE_DEC, VALS(encap_interface_code_vals), 0x0,
2044 NULL, HFILL }
2045 },
2046 { &hf_modbus_read_device_id,
2047 { "Read Device ID", "modbus.read_device_id",
2048 FT_UINT8, BASE_DEC, VALS(read_device_id_vals), 0x0,
2049 NULL, HFILL }
2050 },
2051 { &hf_modbus_object_id,
2052 { "Object ID", "modbus.object_id",
2053 FT_UINT8, BASE_DEC, VALS(object_id_vals), 0x0,
2054 NULL, HFILL }
2055 },
2056 { &hf_modbus_num_objects,
2057 { "Number of Objects", "modbus.num_objects",
2058 FT_UINT8, BASE_DEC, NULL, 0x0,
2059 NULL, HFILL }
2060 },
2061 { &hf_modbus_list_object_len,
2062 { "Object length", "modbus.objects_len",
2063 FT_UINT8, BASE_DEC, NULL, 0x0,
2064 NULL, HFILL }
2065 },
2066 { &hf_modbus_conformity_level,
2067 { "Conformity Level", "modbus.conformity_level",
2068 FT_UINT8, BASE_HEX, VALS(conformity_level_vals), 0x0,
2069 NULL, HFILL }
2070 },
2071 { &hf_modbus_more_follows,
2072 { "More Follows", "modbus.more_follows",
2073 FT_UINT8, BASE_HEX, NULL, 0x0,
2074 NULL, HFILL }
2075 },
2076 { &hf_modbus_next_object_id,
2077 { "Next Object ID", "modbus.next_object_id",
2078 FT_UINT8, BASE_DEC, NULL, 0x0,
2079 NULL, HFILL }
2080 },
2081 { &hf_modbus_object_str_value,
2082 { "Object String Value", "modbus.object_str_value",
2083 FT_STRING, BASE_NONE, NULL, 0x0,
2084 NULL, HFILL }
2085 },
2086 { &hf_modbus_object_value,
2087 { "Object Value", "modbus.object_value",
2088 FT_BYTES, BASE_NONE, NULL, 0x0,
2089 NULL, HFILL }
2090 },
2091 { &hf_modbus_bitnum,
2092 { "Bit Number", "modbus.bitnum",
2093 FT_UINT16, BASE_DEC, NULL, 0x0,
2094 NULL, HFILL }
2095 },
2096 { &hf_modbus_bitval,
2097 { "Bit Value", "modbus.bitval",
2098 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2099 NULL, HFILL }
2100 },
2101 { &hf_modbus_regnum16,
2102 { "Register Number", "modbus.regnum16",
2103 FT_UINT16, BASE_DEC, NULL, 0x0,
2104 NULL, HFILL }
2105 },
2106 { &hf_modbus_regnum32,
2107 { "Register Number", "modbus.regnum32",
2108 FT_UINT32, BASE_DEC, NULL, 0x0,
2109 NULL, HFILL }
2110 },
2111 { &hf_modbus_regval_uint16,
2112 { "Register Value (UINT16)", "modbus.regval_uint16",
2113 FT_UINT16, BASE_DEC, NULL, 0x0,
2114 NULL, HFILL }
2115 },
2116 { &hf_modbus_regval_int16,
2117 { "Register Value (INT16)", "modbus.regval_int16",
2118 FT_INT16, BASE_DEC, NULL, 0x0,
2119 NULL, HFILL }
2120 },
2121 { &hf_modbus_regval_uint32,
2122 { "Register Value (UINT32)", "modbus.regval_uint32",
2123 FT_UINT32, BASE_DEC, NULL, 0x0,
2124 NULL, HFILL }
2125 },
2126 { &hf_modbus_regval_int32,
2127 { "Register Value (INT32)", "modbus.regval_int32",
2128 FT_INT32, BASE_DEC, NULL, 0x0,
2129 NULL, HFILL }
2130 },
2131 { &hf_modbus_regval_ieee_float,
2132 { "Register Value (IEEE Float)", "modbus.regval_float",
2133 FT_FLOAT, BASE_NONE, NULL, 0x0,
2134 NULL, HFILL }
2135 },
2136 { &hf_modbus_regval_modicon_float,
2137 { "Register Value (Modicon Float)", "modbus.regval_float",
2138 FT_FLOAT, BASE_NONE, NULL, 0x0,
2139 NULL, HFILL }
2140 },
2141 };
2142
2143 /* Setup protocol subtree array */
2144 static int *ett[] = {
2145 &ett_mbtcp,
2146 &ett_mbrtu,
2147 &ett_modbus_hdr,
2148 &ett_group_hdr,
2149 &ett_events,
2150 &ett_events_recv,
2151 &ett_events_send,
2152 &ett_device_id_objects,
2153 &ett_device_id_object_items,
2154 &ett_bit,
2155 &ett_register
2156 };
2157
2158 static ei_register_info ei[] = {
2159 { &ei_modbus_data_decode,
2160 { "modbus.data.decode", PI_PROTOCOL, PI_WARN,
2161 "Invalid decoding options, register data not a multiple of 4!", EXPFILL }
2162 },
2163 };
2164 module_t *mbtcp_module;
2165 module_t *mbrtu_module;
2166 module_t *modbus_module;
2167 expert_module_t* expert_mbtcp;
2168 expert_module_t* expert_mbrtu;
2169 expert_module_t* expert_modbus;
2170
2171 /* Register the protocol name and description */
2172 proto_mbtcp = proto_register_protocol("Modbus/TCP", "Modbus/TCP", "mbtcp");
2173 proto_mbudp = proto_register_protocol("Modbus/UDP", "Modbus/UDP", "mbudp");
2174 proto_mbrtu = proto_register_protocol("Modbus RTU", "Modbus RTU", "mbrtu");
2175 proto_modbus = proto_register_protocol("Modbus", "Modbus", "modbus");
2176
2177 /* Registering protocol to be called by another dissector */
2178 modbus_handle = register_dissector("modbus", dissect_modbus, proto_modbus);
2179 mbtcp_handle = register_dissector("mbtcp", dissect_mbtcp, proto_mbtcp);
2180 mbtls_handle = register_dissector("mbtls", dissect_mbtls, proto_mbtcp);
2181 mbrtu_handle = register_dissector("mbrtu", dissect_mbrtu, proto_mbrtu);
2182 mbudp_handle = register_dissector("mbudp", dissect_mbudp, proto_mbudp);
2183
2184 /* Registering subdissectors table */
2185 modbus_func_code_dissector_table = register_dissector_table("modbus.func_code", "Modbus Function Code", proto_modbus, FT_UINT8, BASE_DEC);
2186 modbus_data_dissector_table = register_dissector_table("modbus.data", "Modbus Data", proto_modbus, FT_STRING, STRING_CASE_SENSITIVE);
2187 modbus_dissector_table = register_dissector_table("mbtcp.prot_id", "Modbus/TCP protocol identifier", proto_mbtcp, FT_UINT16, BASE_DEC);
2188
2189 /* Required function calls to register the header fields and subtrees used */
2190 proto_register_field_array(proto_mbtcp, mbtcp_hf, array_length(mbtcp_hf));
2191 proto_register_field_array(proto_mbrtu, mbrtu_hf, array_length(mbrtu_hf));
2192 proto_register_field_array(proto_modbus, hf, array_length(hf));
2193 proto_register_subtree_array(ett, array_length(ett));
2194 expert_mbtcp = expert_register_protocol(proto_mbtcp);
2195 expert_register_field_array(expert_mbtcp, mbtcp_ei, array_length(mbtcp_ei));
2196 expert_mbrtu = expert_register_protocol(proto_mbrtu);
2197 expert_register_field_array(expert_mbrtu, mbrtu_ei, array_length(mbrtu_ei));
2198 expert_modbus = expert_register_protocol(proto_modbus);
2199 expert_register_field_array(expert_modbus, ei, array_length(ei));
2200
2201
2202 /* Register required preferences for Modbus Protocol variants */
2203 mbtcp_module = prefs_register_protocol(proto_mbtcp, apply_mbtcp_prefs);
2204 mbrtu_module = prefs_register_protocol(proto_mbrtu, apply_mbrtu_prefs);
2205 modbus_module = prefs_register_protocol(proto_modbus, NULL);
2206
2207 /* Modbus RTU Preference - Desegment, defaults to true for TCP desegmentation */
2208 prefs_register_bool_preference(mbtcp_module, "desegment",
2209 "Desegment all Modbus RTU packets spanning multiple TCP segments",
2210 "Whether the Modbus RTU dissector should desegment all messages spanning multiple TCP segments",
2211 &mbtcp_desegment);
2212
2213 /* Modbus RTU Preference - Desegment, defaults to true for TCP desegmentation */
2214 prefs_register_bool_preference(mbrtu_module, "desegment",
2215 "Desegment all Modbus RTU packets spanning multiple TCP segments",
2216 "Whether the Modbus RTU dissector should desegment all messages spanning multiple TCP segments",
2217 &mbrtu_desegment);
2218
2219 /* Modbus RTU Preference - CRC verification, defaults to false (no verification)*/
2220 prefs_register_bool_preference(mbrtu_module, "crc_verification",
2221 "Validate CRC",
2222 "Whether to validate the CRC",
2223 &mbrtu_crc);
2224
2225 /* Modbus Preference - Holding/Input Register format, this allows for deeper dissection of response data */
2226 prefs_register_enum_preference(modbus_module, "mbus_register_format",
2227 "Holding/Input Register Format",
2228 "Register Format",
2229 &global_mbus_register_format,
2230 mbus_register_format,
2231 false);
2232
2233 /* Obsolete Preferences */
2234 prefs_register_obsolete_preference(mbtcp_module, "mbus_register_addr_type");
2235 prefs_register_obsolete_preference(mbtcp_module, "mbus_register_format");
2236 prefs_register_obsolete_preference(mbrtu_module, "mbus_register_addr_type");
2237 prefs_register_obsolete_preference(mbrtu_module, "mbus_register_format");
2238
2239 }
2240
2241
2242 /* If this dissector uses sub-dissector registration add a registration routine.
2243 This format is required because a script is used to find these routines and
2244 create the code that calls these routines.
2245 */
2246 void
2247 proto_reg_handoff_mbtcp(void)
2248 {
2249 dissector_add_uint_with_preference("tcp.port", PORT_MBTCP, mbtcp_handle);
2250 dissector_add_uint_with_preference("udp.port", PORT_MBTCP, mbudp_handle);
2251 dissector_add_uint_with_preference("tls.port", PORT_MBTLS, mbtls_handle);
2252 apply_mbtcp_prefs();
2253
2254 dissector_add_uint("mbtcp.prot_id", MODBUS_PROTOCOL_ID, modbus_handle);
2255
2256 ssl_dissector_add(PORT_MBTLS, mbtls_handle);
2257 }
2258
2259 void
2260 proto_reg_handoff_mbrtu(void)
2261 {
2262 dissector_handle_t mbrtu_udp_handle = create_dissector_handle(dissect_mbrtu_udp, proto_mbrtu);
2263
2264 /* Make sure to use Modbus RTU Preferences field to determine default TCP port */
2265 dissector_add_for_decode_as_with_preference("udp.port", mbrtu_udp_handle);
2266 dissector_add_for_decode_as_with_preference("tcp.port", mbrtu_handle);
2267 apply_mbrtu_prefs();
2268
2269 dissector_add_uint("mbtcp.prot_id", MODBUS_PROTOCOL_ID, modbus_handle);
2270 dissector_add_for_decode_as("rtacser.data", mbrtu_handle);
2271 dissector_add_for_decode_as("usb.device", mbrtu_handle);
2272 dissector_add_for_decode_as("usb.product", mbrtu_handle);
2273 dissector_add_for_decode_as("usb.protocol", mbrtu_handle);
2274
2275 }
2276
2277 /*
2278 * Editor modelines
2279 *
2280 * Local Variables:
2281 * c-basic-offset: 4
2282 * tab-width: 8
2283 * indent-tabs-mode: nil
2284 * End:
2285 *
2286 * ex: set shiftwidth=4 tabstop=8 expandtab:
2287 * :indentSize=4:tabSize=8:noTabs=true:
2288 */
Metzes wireshark repo