search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
FIXUP: WIP: verification_trailer
[wireshark-wip.git] / epan / dissectors / packet-mbtcp.c
blob873fa834f3c7ec0907c4176fe6e349e4eec032ee
1 /* packet-mbtcp.c
2 * Routines for Modbus/TCP and Modbus/UDP dissection
3 * By Riaan Swart <rswart@cs.sun.ac.za>
4 * Copyright 2001, Institute for Applied Computer Science
5 * University of Stellenbosch
6 *
7 * See http://www.modbus.org/ for information on Modbus/TCP.
8 *
9 * Updated to v1.1b of the Modbus Application Protocol specification
10 * Michael Mann * Copyright 2011
11 *
12 * Updates Oct/Nov 2012 (Chris Bontje, cbontje[*at*]gmail.com)
13 * - Some re-factoring to include support for serial Modbus RTU encapsulated in TCP messages
14 * - Minor text/syntax clean-up
15 * - Include decoding of holding/input response register data
16 * - Optionally decode holding/input registers as UINT16, UINT32, 32-bit Float IEEE/Modicon
17 * - Add various register address formatting options as "Raw", "Modicon 5-digit", "Modicon 6-digit"
18 *
19 * Updates Aug 2013 (Chris Bontje)
20 * - Improved dissection support for serial Modbus RTU with detection of query or response messages
21 *
22 *****************************************************************************************************
23 * A brief explanation of the distinction between Modbus/TCP and Modbus RTU over TCP:
24 *
25 * Consider a Modbus poll message: Unit 01, Scan Holding Register Address 0 for 30 Registers
26 *
27 * The Modbus/TCP message structure will follow the pattern below:
28 * 00 00 00 00 00 06 01 03 00 00 00 1E
29 * AA AA BB BB CC CC DD EE FF FF GG GG
30 *
31 * A = 16-bit Transaction Identifier (typically increments, or is locked at zero)
32 * B = 16-bit Protocol Identifier (typically zero)
33 * C = 16-bit Length of data payload following (and inclusive of) the length byte
34 * D = 8-bit Unit / Slave ID
35 * E = 8-bit Modbus Function Code
36 * F = 16-bit Reference Number / Register Base Address
37 * G = 16-bit Word Count / Number of Registers to scan
38 *
39 * A identical Modbus RTU (or Modbus RTU over TCP) message will overlay partially with the msg above
40 * and contain 16-bit CRC at the end:
41 * 00 00 00 00 00 06 01 03 00 00 00 1E -- -- (Modbus/TCP message, repeated from above)
42 * -- -- -- -- -- -- 01 03 00 00 00 1E C5 C2 (Modbus RTU over TCP message, includes 16-bit CRC footer)
43 * AA AA BB BB CC CC DD EE FF FF GG GG HH HH
44 *
45 * A = Not present in Modbus RTU message
46 * B = Not present in Modbus RTU message
47 * C = Not present in Modbus RTU message
48 * D = 8-bit Unit / Slave ID
49 * E = 8-bit Modbus Function Code
50 * F = 16-bit Reference Number / Register Base Address
51 * G = 16-bit Word Count / Number of Registers to scan
52 * H = 16-bit CRC
53 *
54 *****************************************************************************************************
55 * $Id$
56 *
57 * Wireshark - Network traffic analyzer
58 * By Gerald Combs <gerald@wireshark.org>
59 * Copyright 1998 Gerald Combs
60 *
61 * This program is free software; you can redistribute it and/or
62 * modify it under the terms of the GNU General Public License
63 * as published by the Free Software Foundation; either version 2
64 * of the License, or (at your option) any later version.
65 *
66 * This program is distributed in the hope that it will be useful,
67 * but WITHOUT ANY WARRANTY; without even the implied warranty of
68 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
69 * GNU General Public License for more details.
70 *
71 * You should have received a copy of the GNU General Public License
72 * along with this program; if not, write to the Free Software
73 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
74 */
75
76 #include "config.h"
77
78 #include <epan/packet.h>
79 #include <epan/wmem/wmem.h>
80 #include "packet-tcp.h"
81 #include "packet-mbtcp.h"
82 #include <epan/prefs.h>
83 #include <epan/expert.h>
84 #include <epan/crc16-tvb.h> /* For CRC verification */\
85
86 /* Initialize the protocol and registered fields */
87 static int proto_mbtcp = -1;
88 static int proto_mbrtu = -1;
89 static int proto_modbus = -1;
90 static int hf_mbtcp_transid = -1;
91 static int hf_mbtcp_protid = -1;
92 static int hf_mbtcp_len = -1;
93 static int hf_mbtcp_unitid = -1;
94 static int hf_mbtcp_functioncode = -1;
95 static int hf_modbus_reference = -1;
96 static int hf_modbus_lreference = -1;
97 static int hf_modbus_reftype = -1;
98 static int hf_modbus_readref = -1;
99 static int hf_modbus_writeref = -1;
100 static int hf_modbus_wordcnt = -1;
101 static int hf_modbus_readwordcnt = -1;
102 static int hf_modbus_writewordcnt = -1;
103 static int hf_modbus_bytecnt = -1;
104 static int hf_modbus_lbytecnt = -1;
105 static int hf_modbus_bitcnt = -1;
106 static int hf_modbus_exceptioncode = -1;
107 static int hf_modbus_diag_sf = -1;
108 static int hf_modbus_diag_return_query_data_request = -1;
109 static int hf_modbus_diag_return_query_data_echo = -1;
110 static int hf_modbus_diag_restart_communication_option = -1;
111 static int hf_modbus_diag_return_diag_register = -1;
112 static int hf_modbus_diag_ascii_input_delimiter = -1;
113 static int hf_modbus_diag_return_bus_message_count = -1;
114 static int hf_modbus_diag_return_bus_comm_error_count = -1;
115 static int hf_modbus_diag_return_bus_exception_error_count = -1;
116 static int hf_modbus_diag_return_slave_message_count = -1;
117 static int hf_modbus_diag_return_no_slave_response_count = -1;
118 static int hf_modbus_diag_return_slave_nak_count = -1;
119 static int hf_modbus_diag_return_slave_busy_count = -1;
120 static int hf_modbus_diag_return_bus_char_overrun_count = -1;
121 static int hf_modbus_status = -1;
122 static int hf_modbus_event_count = -1;
123 static int hf_modbus_message_count = -1;
124 static int hf_modbus_event_recv_comm_err = -1;
125 static int hf_modbus_event_recv_char_over = -1;
126 static int hf_modbus_event_recv_lo_mode = -1;
127 static int hf_modbus_event_recv_broadcast = -1;
128 static int hf_modbus_event_send_read_ex = -1;
129 static int hf_modbus_event_send_slave_abort_ex = -1;
130 static int hf_modbus_event_send_slave_busy_ex = -1;
131 static int hf_modbus_event_send_slave_nak_ex = -1;
132 static int hf_modbus_event_send_write_timeout = -1;
133 static int hf_modbus_event_send_lo_mode = -1;
134 static int hf_modbus_andmask = -1;
135 static int hf_modbus_ormask = -1;
136 static int hf_modbus_data = -1;
137 static int hf_modbus_mei = -1;
138 static int hf_modbus_read_device_id = -1;
139 static int hf_modbus_object_id = -1;
140 static int hf_modbus_num_objects = -1;
141 static int hf_modbus_list_object_len = -1;
142 static int hf_modbus_conformity_level = -1;
143 static int hf_modbus_more_follows = -1;
144 static int hf_modbus_next_object_id = -1;
145 static int hf_modbus_object_str_value = -1;
146 static int hf_modbus_reg_uint16 = -1;
147 static int hf_modbus_reg_uint32 = -1;
148 static int hf_modbus_reg_ieee_float = -1;
149 static int hf_modbus_reg_modicon_float = -1;
150 static int hf_mbrtu_unitid = -1;
151 static int hf_mbrtu_crc16 = -1;
152
153 /* Initialize the subtree pointers */
154 static gint ett_mbtcp = -1;
155 static gint ett_mbrtu = -1;
156 static gint ett_modbus_hdr = -1;
157 static gint ett_group_hdr = -1;
158 static gint ett_events = -1;
159 static gint ett_events_recv = -1;
160 static gint ett_events_send = -1;
161 static gint ett_device_id_objects = -1;
162 static gint ett_device_id_object_items = -1;
163
164 static expert_field ei_mbrtu_crc16_incorrect = EI_INIT;
165 static expert_field ei_modbus_data_decode = EI_INIT;
166
167 static dissector_handle_t modbus_handle;
168 static dissector_handle_t mbtcp_handle;
169 static dissector_handle_t mbrtu_handle;
170
171 static dissector_table_t modbus_data_dissector_table;
172 static dissector_table_t modbus_dissector_table;
173
174
175 /* Globals for Modbus/TCP Preferences */
176 static gboolean mbtcp_desegment = TRUE;
177 static guint global_mbus_tcp_port = PORT_MBTCP; /* Port 502, by default */
178 static gint global_mbus_tcp_register_format = MBTCP_PREF_REGISTER_FORMAT_UINT16;
179 static gint global_mbus_tcp_register_addr_type = MBTCP_PREF_REGISTER_ADDR_RAW;
180
181 /* Globals for Modbus RTU over TCP Preferences */
182 static gboolean mbrtu_desegment = TRUE;
183 static guint global_mbus_rtu_port = PORT_MBRTU; /* 0, by default */
184 static gint global_mbus_rtu_register_format = MBTCP_PREF_REGISTER_FORMAT_UINT16;
185 static gint global_mbus_rtu_register_addr_type = MBTCP_PREF_REGISTER_ADDR_RAW;
186 static gboolean mbrtu_crc = FALSE;
187
188 static int
189 classify_mbtcp_packet(packet_info *pinfo)
190 {
191 /* see if nature of packets can be derived from src/dst ports */
192 /* if so, return as found */
193 /* */
194 /* XXX Update Oct 2012 - It can be difficult to determine if a packet is a query or response; some way to track */
195 /* the Modbus/TCP transaction ID for each pair of messages would allow for detection based on a new seq. number. */
196 /* Otherwise, we can stick with this method; a configurable port option has been added to allow for usage of */
197 /* user ports either than the default of 502. */
198 if (( pinfo->srcport == global_mbus_tcp_port ) && ( pinfo->destport != global_mbus_tcp_port ))
199 return RESPONSE_PACKET;
200 if (( pinfo->srcport != global_mbus_tcp_port ) && ( pinfo->destport == global_mbus_tcp_port ))
201 return QUERY_PACKET;
202
203 /* else, cannot classify */
204 return CANNOT_CLASSIFY;
205 }
206
207 static int
208 classify_mbrtu_packet(packet_info *pinfo, tvbuff_t *tvb)
209 {
210 /* see if nature of packets can be derived from src/dst ports */
211 /* if so, return as found */
212 if (( pinfo->srcport == global_mbus_rtu_port ) && ( pinfo->destport != global_mbus_rtu_port ))
213 return RESPONSE_PACKET;
214 if (( pinfo->srcport != global_mbus_rtu_port ) && ( pinfo->destport == global_mbus_rtu_port ))
215 return QUERY_PACKET;
216
217 /* Special case for serial-captured packets that don't have an Ethernet header */
218 /* Dig into these a little deeper to try to guess the message type */
219 if (!pinfo->srcport) {
220 /* If length is 8, this is either a query or very short response */
221 if (tvb_length(tvb) == 8) {
222 /* Only possible to get a response message of 8 bytes with Discrete or Coils */
223 if ((tvb_get_guint8(tvb, 1) == READ_COILS) || (tvb_get_guint8(tvb, 1) == READ_DISCRETE_INPUTS)) {
224 /* If this is, in fact, a response then the data byte count will be 3 */
225 /* This will correctly identify all messages except for those that are discrete or coil polls */
226 /* where the base address range happens to have 0x03 in the upper 16-bit address register */
227 if (tvb_get_guint8(tvb, 2) == 3) {
228 return RESPONSE_PACKET;
229 }
230 else {
231 return QUERY_PACKET;
232 }
233 }
234 else {
235 return QUERY_PACKET;
236 }
237 }
238 else {
239 return RESPONSE_PACKET;
240 }
241 }
242
243 /* else, cannot classify */
244 return CANNOT_CLASSIFY;
245 }
246
247 /* Translate function to string, as given on p6 of
248 * "Open Modbus/TCP Specification", release 1 by Andy Swales.
249 */
250 static const value_string function_code_vals[] = {
251 { READ_COILS, "Read Coils" },
252 { READ_DISCRETE_INPUTS, "Read Discrete Inputs" },
253 { READ_HOLDING_REGS, "Read Holding Registers" },
254 { READ_INPUT_REGS, "Read Input Registers" },
255 { WRITE_SINGLE_COIL, "Write Single Coil" },
256 { WRITE_SINGLE_REG, "Write Single Register" },
257 { READ_EXCEPT_STAT, "Read Exception Status" },
258 { DIAGNOSTICS, "Diagnostics" },
259 { GET_COMM_EVENT_CTRS, "Get Comm. Event Counters" },
260 { GET_COMM_EVENT_LOG, "Get Comm. Event Log" },
261 { WRITE_MULT_COILS, "Write Multiple Coils" },
262 { WRITE_MULT_REGS, "Write Multiple Registers" },
263 { REPORT_SLAVE_ID, "Report Slave ID" },
264 { READ_FILE_RECORD, "Read File Record" },
265 { WRITE_FILE_RECORD, "Write File Record" },
266 { MASK_WRITE_REG, "Mask Write Register" },
267 { READ_WRITE_REG, "Read Write Register" },
268 { READ_FIFO_QUEUE, "Read FIFO Queue" },
269 { ENCAP_INTERFACE_TRANSP, "Encapsulated Interface Transport" },
270 { 0, NULL }
271 };
272
273 /* Translate exception code to string */
274 static const value_string exception_code_vals[] = {
275 { ILLEGAL_FUNCTION, "Illegal function" },
276 { ILLEGAL_ADDRESS, "Illegal data address" },
277 { ILLEGAL_VALUE, "Illegal data value" },
278 { SLAVE_FAILURE, "Slave device failure" },
279 { ACKNOWLEDGE, "Acknowledge" },
280 { SLAVE_BUSY, "Slave device busy" },
281 { MEMORY_ERR, "Memory parity error" },
282 { GATEWAY_UNAVAILABLE, "Gateway path unavailable" },
283 { GATEWAY_TRGT_FAIL, "Gateway target device failed to respond" },
284 { 0, NULL }
285 };
286
287 /* Translate Modbus Encapsulation Interface (MEI) code to string */
288 static const value_string encap_interface_code_vals[] = {
289 { CANOPEN_REQ_RESP, "CANopen Request/Response " },
290 { READ_DEVICE_ID, "Read Device Identification" },
291 { 0, NULL }
292 };
293
294 /* Translate Modbus Diagnostic subfunction code to string */
295 static const value_string diagnostic_code_vals[] = {
296 { RETURN_QUERY_DATA, "Return Query Data" },
297 { RESTART_COMMUNICATION_OPTION, "Restart Communications Option" },
298 { RETURN_DIAGNOSTIC_REGISTER, "Return Diagnostic Register" },
299 { CHANGE_ASCII_INPUT_DELIMITER, "Change ASCII Input Delimiter" },
300 { FORCE_LISTEN_ONLY_MODE, "Force Listen Only Mode" },
301 { CLEAR_COUNTERS_AND_DIAG_REG, "Clear Counters and Diagnostic Register" },
302 { RETURN_BUS_MESSAGE_COUNT, "Return Bus Message Count" },
303 { RETURN_BUS_COMM_ERROR_COUNT, "Return Bus Communication Error Count" },
304 { RETURN_BUS_EXCEPTION_ERROR_COUNT, "Return Bus Exception Error Count" },
305 { RETURN_SLAVE_MESSAGE_COUNT, "Return Slave Message Count" },
306 { RETURN_SLAVE_NO_RESPONSE_COUNT, "Return Slave No Response Count" },
307 { RETURN_SLAVE_NAK_COUNT, "Return Slave NAK Count" },
308 { RETURN_SLAVE_BUSY_COUNT, "Return Slave Busy Count" },
309 { RETURN_BUS_CHAR_OVERRUN_COUNT, "Return Bus Character Overrun Count" },
310 { CLEAR_OVERRUN_COUNTER_AND_FLAG, "Clear Overrun Counter and Flag" },
311 { 0, NULL }
312 };
313
314 static const value_string diagnostic_restart_communication_option_vals[] = {
315 { 0, "Leave Log" },
316 { 0xFF, "Clear Log" },
317 { 0, NULL }
318 };
319
320 /* Translate read device code to string */
321 static const value_string read_device_id_vals[] = {
322 { 1, "Basic Device Identification" },
323 { 2, "Regular Device Identification" },
324 { 3, "Extended Device Identification" },
325 { 4, "Specific Identification Object" },
326
327 { 0, NULL }
328 };
329
330 /* Translate read device code to string */
331 static const value_string object_id_vals[] = {
332 { 0, "VendorName" },
333 { 1, "ProductCode" },
334 { 2, "MajorMinorRevision" },
335 { 3, "VendorURL" },
336 { 4, "ProductName" },
337 { 5, "ModelName" },
338 { 6, "UserApplicationName" },
339
340 { 0, NULL }
341 };
342
343 static const value_string conformity_level_vals[] = {
344 { 0x01, "Basic Device Identification (stream)" },
345 { 0x02, "Regular Device Identification (stream)" },
346 { 0x03, "Extended Device Identification (stream)" },
347 { 0x81, "Basic Device Identification (stream and individual)" },
348 { 0x82, "Regular Device Identification (stream and individual)" },
349 { 0x83, "Extended Device Identification (stream and individual)" },
350
351 { 0, NULL }
352 };
353
354 static const enum_val_t mbus_register_format[] = {
355 { "UINT16 ", "UINT16 ", MBTCP_PREF_REGISTER_FORMAT_UINT16 },
356 { "UINT32 ", "UINT32 ", MBTCP_PREF_REGISTER_FORMAT_UINT32 },
357 { "IEEE FLT ", "IEEE FLT ", MBTCP_PREF_REGISTER_FORMAT_IEEE_FLOAT },
358 { "MODICON FLT", "MODICON FLT", MBTCP_PREF_REGISTER_FORMAT_MODICON_FLOAT },
359 { NULL, NULL, 0 }
360 };
361
362 static const enum_val_t mbus_register_addr_type[] = {
363 { "RAW ", "RAW ", MBTCP_PREF_REGISTER_ADDR_RAW },
364 { "MODICON 5-DIGIT", "MODICON 5-DIGIT", MBTCP_PREF_REGISTER_ADDR_MOD5 },
365 { "MODICON 6-DIGIT", "MODICON 6-DIGIT", MBTCP_PREF_REGISTER_ADDR_MOD6 },
366 { NULL, NULL, 0 }
367 };
368
369 /* Code to dissect Modbus/TCP packets */
370 static int
371 dissect_mbtcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
372 {
373 /* Set up structures needed to add the protocol subtree and manage it */
374 proto_item *mi;
375 proto_tree *mbtcp_tree;
376 int offset, packet_type;
377 tvbuff_t *next_tvb;
378 const char *func_string = "";
379 const char *pkt_type_str = "";
380 const char *err_str = "";
381 guint16 transaction_id, protocol_id, len;
382 guint8 unit_id, function_code, exception_code, subfunction_code;
383 void *p_save_proto_data;
384 modbus_request_info_t *request_info;
385
386 /* Make entries in Protocol column on summary display */
387 col_set_str(pinfo->cinfo, COL_PROTOCOL, "Modbus/TCP");
388 col_clear(pinfo->cinfo, COL_INFO);
389
390 transaction_id = tvb_get_ntohs(tvb, 0);
391 protocol_id = tvb_get_ntohs(tvb, 2);
392 len = tvb_get_ntohs(tvb, 4);
393
394 unit_id = tvb_get_guint8(tvb, 6);
395 function_code = tvb_get_guint8(tvb, 7) & 0x7F;
396
397 /* Make entries in Info column on summary display */
398 offset = 0;
399
400 /* Find exception - last bit set in function code */
401 if (tvb_get_guint8(tvb, 7) & 0x80) {
402 exception_code = tvb_get_guint8(tvb, offset + 8);
403 }
404 else {
405 exception_code = 0;
406 }
407
408 if ((function_code == ENCAP_INTERFACE_TRANSP) && (exception_code == 0)) {
409 func_string = val_to_str_const(tvb_get_guint8(tvb, offset + 8), encap_interface_code_vals, "Encapsulated Interface Transport");
410 subfunction_code = 1;
411 }
412 else if ((function_code == DIAGNOSTICS) && (exception_code == 0)) {
413 func_string = val_to_str_const(tvb_get_ntohs(tvb, offset + 8), diagnostic_code_vals, "Diagnostics");
414 subfunction_code = 1;
415 }
416 else {
417 func_string = val_to_str(function_code, function_code_vals, "Unknown function (%d)");
418 subfunction_code = 0;
419 }
420
421 /* "Request" or "Response" */
422 packet_type = classify_mbtcp_packet(pinfo);
423
424 switch ( packet_type ) {
425 case QUERY_PACKET :
426 pkt_type_str="Query";
427 break;
428 case RESPONSE_PACKET :
429 pkt_type_str="Response";
430 break;
431 case CANNOT_CLASSIFY :
432 err_str="Unable to classify as query or response.";
433 pkt_type_str="unknown";
434 break;
435 default :
436 break;
437 }
438 if ( exception_code != 0 )
439 err_str="Exception returned ";
440
441 if (subfunction_code == 0) {
442 if (strlen(err_str) > 0) {
443 col_add_fstr(pinfo->cinfo, COL_INFO,
444 "%8s: Trans: %5u; Unit: %3u, Func: %3u: %s. %s",
445 pkt_type_str, transaction_id, unit_id,
446 function_code, func_string, err_str);
447 }
448 else {
449 col_add_fstr(pinfo->cinfo, COL_INFO,
450 "%8s: Trans: %5u; Unit: %3u, Func: %3u: %s",
451 pkt_type_str, transaction_id, unit_id,
452 function_code, func_string);
453 }
454 }
455 else {
456 if (strlen(err_str) > 0) {
457 col_add_fstr(pinfo->cinfo, COL_INFO,
458 "%8s: Trans: %5u; Unit: %3u, Func: %3u/%3u: %s. %s",
459 pkt_type_str, transaction_id, unit_id,
460 function_code, subfunction_code, func_string, err_str);
461 }
462 else {
463 col_add_fstr(pinfo->cinfo, COL_INFO,
464 "%8s: Trans: %5u; Unit: %3u, Func: %3u/%3u: %s",
465 pkt_type_str, transaction_id, unit_id,
466 function_code, subfunction_code, func_string);
467 }
468 }
469
470 mi = proto_tree_add_protocol_format(tree, proto_mbtcp, tvb, offset,
471 len+6, "Modbus/TCP");
472 mbtcp_tree = proto_item_add_subtree(mi, ett_mbtcp);
473
474 /* Add items to protocol tree specific to Modbus/TCP */
475 proto_tree_add_uint(mbtcp_tree, hf_mbtcp_transid, tvb, offset, 2, transaction_id);
476 proto_tree_add_uint(mbtcp_tree, hf_mbtcp_protid, tvb, offset + 2, 2, protocol_id);
477 proto_tree_add_uint(mbtcp_tree, hf_mbtcp_len, tvb, offset + 4, 2, len);
478 proto_tree_add_uint(mbtcp_tree, hf_mbtcp_unitid, tvb, offset + 6, 1, unit_id);
479
480 /* dissect the Modbus PDU */
481 next_tvb = tvb_new_subset( tvb, offset+7, len-1, len-1);
482
483 /* keep existing context */
484 p_save_proto_data = p_get_proto_data( pinfo->fd, proto_modbus, 0 );
485 p_remove_proto_data(pinfo->fd, proto_modbus, 0);
486
487 /* Create enough context for Modbus dissector */
488 request_info = wmem_new(wmem_packet_scope(), modbus_request_info_t);
489 request_info->packet_type = (guint8)packet_type;
490 request_info->register_addr_type = (guint8)global_mbus_tcp_register_addr_type;
491 request_info->register_format = (guint8)global_mbus_tcp_register_format;
492 p_add_proto_data(pinfo->fd, proto_modbus, 0, request_info);
493
494 /* Continue with dissection of Modbus data payload following Modbus/TCP frame */
495 if( tvb_length_remaining(tvb, offset) > 0 )
496 call_dissector(modbus_handle, next_tvb, pinfo, tree);
497
498 p_remove_proto_data(pinfo->fd, proto_modbus, 0);
499 p_add_proto_data(pinfo->fd, proto_modbus, 0, p_save_proto_data);
500 return tvb_length(tvb);
501 }
502
503 /* Code to dissect Modbus RTU over TCP packets */
504 static int
505 dissect_mbrtu_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
506 {
507 /* Set up structures needed to add the protocol subtree and manage it */
508 proto_item *mi, *crc_item;
509 proto_tree *mbrtu_tree;
510 gint offset, packet_type;
511 tvbuff_t *next_tvb;
512 const char *func_string = "";
513 const char *pkt_type_str = "";
514 const char *err_str = "";
515 guint16 len, crc16, calc_crc16;
516 guint8 unit_id, function_code, exception_code, subfunction_code;
517 void *p_save_proto_data;
518 modbus_request_info_t *request_info;
519
520 /* Make entries in Protocol column on summary display */
521 col_set_str(pinfo->cinfo, COL_PROTOCOL, "Modbus RTU");
522 col_clear(pinfo->cinfo, COL_INFO);
523
524 len = tvb_length(tvb);
525
526 unit_id = tvb_get_guint8(tvb, 0);
527 function_code = tvb_get_guint8(tvb, 1) & 0x7F;
528 crc16 = tvb_get_ntohs(tvb, len-2);
529
530 /* Make entries in Info column on summary display */
531 offset = 0;
532
533 /* Find exception - last bit set in function code */
534 if (tvb_get_guint8(tvb, 1) & 0x80) {
535 exception_code = tvb_get_guint8(tvb, offset + 2);
536 }
537 else {
538 exception_code = 0;
539 }
540
541 if ((function_code == ENCAP_INTERFACE_TRANSP) && (exception_code == 0)) {
542 func_string = val_to_str_const(tvb_get_guint8(tvb, offset + 2), encap_interface_code_vals, "Encapsulated Interface Transport");
543 subfunction_code = 1;
544 }
545 else if ((function_code == DIAGNOSTICS) && (exception_code == 0)) {
546 func_string = val_to_str_const(tvb_get_ntohs(tvb, offset + 2), diagnostic_code_vals, "Diagnostics");
547 subfunction_code = 1;
548 }
549 else {
550 func_string = val_to_str(function_code, function_code_vals, "Unknown function (%d)");
551 subfunction_code = 0;
552 }
553
554 /* "Request" or "Response" */
555 packet_type = classify_mbrtu_packet(pinfo, tvb);
556
557 switch ( packet_type ) {
558 case QUERY_PACKET :
559 pkt_type_str="Query";
560 break;
561 case RESPONSE_PACKET :
562 pkt_type_str="Response";
563 break;
564 case CANNOT_CLASSIFY :
565 err_str="Unable to classify as query or response.";
566 pkt_type_str="unknown";
567 break;
568 default :
569 break;
570 }
571 if ( exception_code != 0 )
572 err_str="Exception returned ";
573
574 if (subfunction_code == 0) {
575 if (strlen(err_str) > 0) {
576 col_add_fstr(pinfo->cinfo, COL_INFO,
577 "%8s: Unit: %3u, Func: %3u: %s. %s",
578 pkt_type_str, unit_id,
579 function_code, func_string, err_str);
580 }
581 else {
582 col_add_fstr(pinfo->cinfo, COL_INFO,
583 "%8s: Unit: %3u, Func: %3u: %s",
584 pkt_type_str, unit_id,
585 function_code, func_string);
586 }
587 }
588 else {
589 if (strlen(err_str) > 0) {
590 col_add_fstr(pinfo->cinfo, COL_INFO,
591 "%8s: Unit: %3u, Func: %3u/%3u: %s. %s",
592 pkt_type_str, unit_id,
593 function_code, subfunction_code, func_string, err_str);
594 }
595 else {
596 col_add_fstr(pinfo->cinfo, COL_INFO,
597 "%8s: Unit: %3u, Func: %3u/%3u: %s",
598 pkt_type_str, unit_id,
599 function_code, subfunction_code, func_string);
600 }
601 }
602
603 mi = proto_tree_add_protocol_format(tree, proto_mbrtu, tvb, offset,
604 len, "Modbus RTU");
605 mbrtu_tree = proto_item_add_subtree(mi, ett_mbrtu);
606
607 /* Add items to protocol tree specific to Modbus RTU */
608 proto_tree_add_uint(mbrtu_tree, hf_mbrtu_unitid, tvb, offset, 1, unit_id);
609 crc_item = proto_tree_add_uint(mbrtu_tree, hf_mbrtu_crc16, tvb, len-2, 2, crc16);
610
611 /* CRC validation */
612 if (mbrtu_crc)
613 {
614 calc_crc16 = crc16_plain_tvb_offset_seed(tvb, offset, len-2, 0xFFFF);
615 if (g_htons(calc_crc16) != crc16)
616 expert_add_info_format(pinfo, crc_item, &ei_mbrtu_crc16_incorrect, "Incorrect CRC - should be 0x%04x", g_htons(calc_crc16));
617 }
618
619 /* make sure to ignore the CRC-16 footer bytes */
620 len = len - 2;
621
622 /* dissect the Modbus PDU */
623 next_tvb = tvb_new_subset( tvb, offset+1, len-1, len-1);
624
625 /* keep existing context */
626 p_save_proto_data = p_get_proto_data( pinfo->fd, proto_modbus, 0 );
627 p_remove_proto_data(pinfo->fd, proto_modbus, 0);
628
629 /* Create enough context for Modbus dissector */
630 request_info = wmem_new(wmem_packet_scope(), modbus_request_info_t);
631 request_info->packet_type = (guint8)packet_type;
632 request_info->register_addr_type = (guint8)global_mbus_rtu_register_addr_type;
633 request_info->register_format = (guint8)global_mbus_rtu_register_format;
634 p_add_proto_data(pinfo->fd, proto_modbus, 0, request_info);
635
636 /* Continue with dissection of Modbus data payload following Modbus RTU frame */
637 if( tvb_length_remaining(tvb, offset) > 0 )
638 call_dissector(modbus_handle, next_tvb, pinfo, tree);
639
640 p_remove_proto_data(pinfo->fd, proto_modbus, 0);
641 p_add_proto_data(pinfo->fd, proto_modbus, 0, p_save_proto_data);
642 return tvb_length(tvb);
643 }
644
645
646 /* Return length of Modbus/TCP message */
647 static guint
648 get_mbtcp_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
649 {
650 guint16 plen;
651
652 /*
653 * Get the length of the data from the encapsulation header.
654 */
655 plen = tvb_get_ntohs(tvb, offset + 4);
656
657 /*
658 * That length doesn't include the encapsulation header itself;
659 * add that in.
660 */
661 return plen + 6;
662 }
663
664 /* Return length of Modbus RTU over TCP message */
665 static guint
666 get_mbrtu_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset _U_)
667 {
668
669 /* Modbus/TCP frames include a "length" word in each message; Modbus RTU over TCP does not, so don't attempt to get one */
670 return tvb_length(tvb);
671 }
672
673
674 /* Code to dissect Modbus/TCP messages */
675 static int
676 dissect_mbtcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
677 {
678
679 /* Make sure there's at least enough data to determine it's a Modbus TCP packet */
680 if (!tvb_bytes_exist(tvb, 0, 8))
681 return 0;
682
683 /* check that it actually looks like Modbus/TCP */
684 /* protocol id == 0 */
685 if(tvb_get_ntohs(tvb, 2) != 0 ){
686 return 0;
687 }
688 /* length is at least 2 (unit_id + function_code) */
689 if(tvb_get_ntohs(tvb, 4) < 2 ){
690 return 0;
691 }
692
693 /* build up protocol tree and iterate over multiple packets */
694 tcp_dissect_pdus(tvb, pinfo, tree, mbtcp_desegment, 6,
695 get_mbtcp_pdu_len, dissect_mbtcp_pdu, data);
696
697 return tvb_length(tvb);
698 }
699
700 /* Code to dissect Modbus RTU over TCP messages */
701 static int
702 dissect_mbrtu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
703 {
704
705 /* Make sure there's at least enough data to determine it's a Modbus packet */
706 if (!tvb_bytes_exist(tvb, 0, 6))
707 return 0;
708
709 /* For Modbus RTU mode, confirm that the first byte is a valid address (non-zero), */
710 /* so we can eliminate false-posititves on Modbus TCP messages loaded as RTU */
711 if(tvb_get_guint8(tvb, 0) == 0 )
712 return 0;
713
714 /* build up protocol tree and iterate over multiple packets */
715 tcp_dissect_pdus(tvb, pinfo, tree, mbrtu_desegment, 6,
716 get_mbrtu_pdu_len, dissect_mbrtu_pdu, data);
717
718 return tvb_length(tvb);
719 }
720
721
722 /* Code to allow further dissection of Modbus data payload */
723 /* Common to both Modbus/TCP and Modbus RTU dissectors */
724 static void
725 dissect_modbus_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 function_code,
726 gint payload_start, gint payload_len, guint8 register_format)
727 {
728 gint reported_len, data_offset, reg_num = 0;
729 guint16 data16, modflt_lo, modflt_hi;
730 guint32 data32, modflt_comb;
731 gfloat data_float, modfloat;
732 proto_item *register_item = NULL;
733 tvbuff_t *next_tvb;
734
735 reported_len = tvb_reported_length_remaining(tvb, payload_start);
736 data_offset = 0;
737
738 if ( payload_start < 0 || ( payload_len + payload_start ) == 0 )
739 return;
740
741 /* If calculated length from remaining tvb data != bytes in packet, do not attempt to decode */
742 if ( payload_len != reported_len ) {
743 proto_tree_add_item(tree, hf_modbus_data, tvb, payload_start, reported_len, ENC_NA);
744 return;
745 }
746
747 /* If data type of payload is Holding or Input registers */
748 /* AND */
749 /* if payload length is not a multiple of 4, don't attempt to decode anything in 32-bit format */
750 if ((function_code == READ_HOLDING_REGS) || (function_code == READ_INPUT_REGS) || (function_code == WRITE_MULT_REGS)) {
751 if ((payload_len % 4 != 0) && ( (register_format == MBTCP_PREF_REGISTER_FORMAT_UINT32) ||
752 (register_format == MBTCP_PREF_REGISTER_FORMAT_IEEE_FLOAT) ||
753 (register_format == MBTCP_PREF_REGISTER_FORMAT_MODICON_FLOAT) ) ) {
754 register_item = proto_tree_add_item(tree, hf_modbus_data, tvb, payload_start, payload_len, ENC_NA);
755 expert_add_info(pinfo, register_item, &ei_modbus_data_decode);
756 return;
757 }
758 }
759
760 /* Build a new tvb containing just the data payload */
761 next_tvb = tvb_new_subset(tvb, payload_start, payload_len, reported_len);
762
763 switch ( function_code ) {
764
765 case READ_HOLDING_REGS:
766 case READ_INPUT_REGS:
767 case WRITE_MULT_REGS:
768 while (data_offset < payload_len) {
769 /* Use "Preferences" options to determine decoding format of register data, as no format is implied by the protocol itself. */
770 /* Based on a standard register size of 16-bits, use decoding format preference to step through each register and display */
771 /* it in an appropriate fashion. */
772 switch (register_format) {
773 case MBTCP_PREF_REGISTER_FORMAT_UINT16: /* Standard-size unsigned integer 16-bit register */
774 data16 = tvb_get_ntohs(next_tvb, data_offset);
775 register_item = proto_tree_add_uint(tree, hf_modbus_reg_uint16, next_tvb, data_offset, 2, data16);
776 proto_item_set_text(register_item, "Register %u (UINT16): %u", reg_num, data16);
777
778 data_offset += 2;
779 reg_num += 1;
780 break;
781 case MBTCP_PREF_REGISTER_FORMAT_UINT32: /* Double-size unsigned integer 2 x 16-bit registers */
782 data32 = tvb_get_ntohl(next_tvb, data_offset);
783 register_item = proto_tree_add_uint(tree, hf_modbus_reg_uint32, next_tvb, data_offset, 4, data32);
784 proto_item_set_text(register_item, "Register %u (UINT32): %u", reg_num, data32);
785
786 data_offset += 4;
787 reg_num += 2;
788 break;
789 case MBTCP_PREF_REGISTER_FORMAT_IEEE_FLOAT: /* IEEE Floating Point, 2 x 16-bit registers */
790 data_float = tvb_get_ntohieee_float(next_tvb, data_offset);
791 register_item = proto_tree_add_float(tree, hf_modbus_reg_ieee_float, next_tvb, data_offset, 4, data_float);
792 proto_item_set_text(register_item, "Register %u (IEEE Float): %f", reg_num, data_float);
793
794 data_offset += 4;
795 reg_num += 2;
796 break;
797 case MBTCP_PREF_REGISTER_FORMAT_MODICON_FLOAT: /* Modicon Floating Point (word-swap), 2 x 16-bit registers */
798 /* Modicon-style Floating Point values are stored in reverse-word order. */
799 /* ie: a standard IEEE float value 59.991459 is equal to 0x426ff741 */
800 /* while the Modicon equivalent to this value is 0xf741426f */
801 /* To re-assemble a proper IEEE float, we must retrieve the 2 x 16-bit words, bit-shift the */
802 /* "hi" component by 16-bits and then OR them together into a combined 32-bit int. */
803 /* Following that operation, use some memcpy magic to copy the 4 raw data bytes from the */
804 /* 32-bit integer into a standard float. Not sure if there is a cleaner way possible using */
805 /* the Wireshark libaries, but this seems to work OK. */
806
807 modflt_lo = tvb_get_ntohs(next_tvb, data_offset);
808 modflt_hi = tvb_get_ntohs(next_tvb, data_offset+2);
809 modflt_comb = (guint32)(modflt_hi<<16) | modflt_lo;
810 memcpy(&modfloat, &modflt_comb, 4);
811
812 register_item = proto_tree_add_float(tree, hf_modbus_reg_modicon_float, next_tvb, data_offset, 4, modfloat);
813 proto_item_set_text(register_item, "Register %u (Modicon Float): %f", reg_num, modfloat);
814
815 data_offset += 4;
816 reg_num += 2;
817 break;
818 default:
819 /* Avoid any chance of an infinite loop */
820 data_offset = payload_len;
821 break;
822 } /* register format switch */
823
824 } /* while loop */
825
826 break;
827
828 default:
829 if ( ! dissector_try_string(modbus_data_dissector_table, "data", next_tvb, pinfo, tree, NULL) )
830 proto_tree_add_item(tree, hf_modbus_data, tvb, payload_start, payload_len, ENC_NA);
831 break;
832 }
833 }
834
835 /* Code to actually dissect the packets */
836 static int
837 dissect_modbus(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
838 {
839 proto_tree *modbus_tree, *group_tree, *event_tree,
840 *event_item_tree, *device_objects_tree,
841 *device_objects_item_tree;
842 proto_item *mi, *mf, *me, *mei, *doe, *doie;
843 int offset = 0, group_offset;
844 gint payload_start, payload_len, event_index,
845 ii, byte_cnt, len, num_objects, object_index,
846 object_len;
847 guint32 group_byte_cnt, group_word_cnt;
848 guint8 function_code, exception_code, mei_code, event_code, object_type;
849 guint8 packet_type, register_format; /*register_addr_type*/
850 guint16 diagnostic_code;
851 modbus_request_info_t *request_info;
852
853 /* Don't need to do anything if there's no tree */
854 if (tree == NULL)
855 return tvb_length(tvb);
856
857 len = tvb_length_remaining(tvb, 0);
858
859 /* If the packet is zero-length, we should not attempt to dissect any further */
860 if (len == 0)
861 return 0;
862
863 function_code = tvb_get_guint8(tvb, offset) & 0x7F;
864
865 /* Find exception - last bit set in function code */
866 if (tvb_get_guint8(tvb, offset) & 0x80 ) {
867 exception_code = tvb_get_guint8(tvb, offset+1);
868 }
869 else {
870 exception_code = 0;
871 }
872
873 /* See if we have any context */
874 request_info = (modbus_request_info_t *)p_get_proto_data( pinfo->fd, proto_modbus, 0 );
875 if (request_info != NULL)
876 {
877 packet_type = request_info->packet_type;
878 register_format = request_info->register_format;
879 /*register_addr_type = request_info->register_addr_type;*/
880 }
881 else
882 {
883 /* Default to a response packet to at least attempt to decode a good chunk of data */
884 packet_type = RESPONSE_PACKET;
885 register_format = MBTCP_PREF_REGISTER_FORMAT_UINT16;
886 /* register_addr_type = MBTCP_PREF_REGISTER_ADDR_RAW;*/
887 }
888
889 /* Add items to protocol tree specific to Modbus generic */
890 mf = proto_tree_add_text(tree, tvb, offset, len, "Modbus");
891 modbus_tree = proto_item_add_subtree(mf, ett_modbus_hdr);
892
893 mi = proto_tree_add_uint(modbus_tree, hf_mbtcp_functioncode, tvb, offset, 1,
894 function_code);
895
896 payload_start = offset + 1;
897 payload_len = len - 1;
898 if (exception_code != 0) {
899 proto_item_set_text(mi, "Function %u: %s. Exception: %s",
900 function_code,
901 val_to_str_const(function_code, function_code_vals, "Unknown Function"),
902 val_to_str(exception_code,
903 exception_code_vals,
904 "Unknown Exception Code (%u)"));
905 proto_tree_add_uint(modbus_tree, hf_modbus_exceptioncode, tvb, payload_start, 1,
906 exception_code);
907 }
908 else {
909 switch (function_code) {
910
911 case READ_COILS:
912 case READ_DISCRETE_INPUTS:
913
914 if (packet_type == QUERY_PACKET) {
915 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
916 proto_tree_add_item(modbus_tree, hf_modbus_bitcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
917 }
918 else if (packet_type == RESPONSE_PACKET) {
919 byte_cnt = (guint32)tvb_get_guint8(tvb, payload_start);
920 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1, byte_cnt);
921 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 1, byte_cnt, register_format);
922 }
923 break;
924
925 case READ_HOLDING_REGS:
926 case READ_INPUT_REGS:
927 if (packet_type == QUERY_PACKET) {
928 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
929 proto_tree_add_item(modbus_tree, hf_modbus_wordcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
930 }
931 else if (packet_type == RESPONSE_PACKET) {
932 byte_cnt = (guint32)tvb_get_guint8(tvb, payload_start);
933 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1, byte_cnt);
934 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 1, byte_cnt, register_format);
935 }
936 break;
937
938 case WRITE_SINGLE_COIL:
939 if (packet_type == QUERY_PACKET) {
940 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
941 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 2, 1, register_format);
942 proto_tree_add_text(modbus_tree, tvb, payload_start + 3, 1, "Padding");
943 }
944 else if (packet_type == RESPONSE_PACKET) {
945 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
946 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 2, 1, register_format);
947 proto_tree_add_text(modbus_tree, tvb, payload_start + 3, 1, "Padding");
948 }
949 break;
950
951 case WRITE_SINGLE_REG:
952 if (packet_type == QUERY_PACKET) {
953 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
954 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 2, 2, register_format);
955 }
956 else if (packet_type == RESPONSE_PACKET) {
957 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
958 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 2, 2, register_format);
959 }
960 break;
961
962 case READ_EXCEPT_STAT:
963 if (packet_type == RESPONSE_PACKET)
964 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start, 1, register_format);
965 break;
966
967 case DIAGNOSTICS:
968 if ((packet_type == QUERY_PACKET) || (packet_type == RESPONSE_PACKET)) {
969 diagnostic_code = tvb_get_ntohs(tvb, payload_start);
970 proto_tree_add_uint(modbus_tree, hf_modbus_diag_sf, tvb, payload_start, 2, diagnostic_code);
971 switch(diagnostic_code)
972 {
973 case RETURN_QUERY_DATA:
974 if (packet_type == QUERY_PACKET) {
975 if (payload_len > 2)
976 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_query_data_request, tvb, payload_start+2, payload_len-2, ENC_NA);
977 }
978 else if (packet_type == RESPONSE_PACKET) {
979 if (payload_len > 2)
980 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_query_data_echo, tvb, payload_start+2, payload_len-2, ENC_NA);
981 }
982 break;
983 case RESTART_COMMUNICATION_OPTION:
984 proto_tree_add_item(modbus_tree, hf_modbus_diag_restart_communication_option, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
985 break;
986 case RETURN_DIAGNOSTIC_REGISTER:
987 if (packet_type == QUERY_PACKET) {
988 if (payload_len > 2)
989 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start+2, payload_len-2, register_format);
990 }
991 else if (packet_type == RESPONSE_PACKET) {
992 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_diag_register, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
993 }
994 break;
995 case CHANGE_ASCII_INPUT_DELIMITER:
996 proto_tree_add_item(modbus_tree, hf_modbus_diag_ascii_input_delimiter, tvb, payload_start+2, 1, ENC_BIG_ENDIAN);
997 break;
998 case RETURN_BUS_MESSAGE_COUNT:
999 if (packet_type == QUERY_PACKET) {
1000 if (payload_len > 2)
1001 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start+2, payload_len-2, register_format);
1002 }
1003 else if (packet_type == RESPONSE_PACKET) {
1004 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_bus_message_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1005 }
1006 break;
1007 case RETURN_BUS_COMM_ERROR_COUNT:
1008 if (packet_type == QUERY_PACKET) {
1009 if (payload_len > 2)
1010 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start+2, payload_len-2, register_format);
1011 }
1012 else if (packet_type == RESPONSE_PACKET) {
1013 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_bus_comm_error_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1014 }
1015 break;
1016 case RETURN_BUS_EXCEPTION_ERROR_COUNT:
1017 if (packet_type == QUERY_PACKET) {
1018 if (payload_len > 2)
1019 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start+2, payload_len-2, register_format);
1020 }
1021 else if (packet_type == RESPONSE_PACKET) {
1022 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_bus_exception_error_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1023 }
1024 break;
1025 case RETURN_SLAVE_MESSAGE_COUNT:
1026 if (packet_type == QUERY_PACKET) {
1027 if (payload_len > 2)
1028 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start+2, payload_len-2, register_format);
1029 }
1030 else if (packet_type == RESPONSE_PACKET) {
1031 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_slave_message_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1032 }
1033 break;
1034 case RETURN_SLAVE_NO_RESPONSE_COUNT:
1035 if (packet_type == QUERY_PACKET) {
1036 if (payload_len > 2)
1037 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start+2, payload_len-2, register_format);
1038 }
1039 else if (packet_type == RESPONSE_PACKET) {
1040 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_no_slave_response_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1041 }
1042 break;
1043 case RETURN_SLAVE_NAK_COUNT:
1044 if (packet_type == QUERY_PACKET) {
1045 if (payload_len > 2)
1046 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start+2, payload_len-2, register_format);
1047 }
1048 else if (packet_type == RESPONSE_PACKET) {
1049 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_slave_nak_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1050 }
1051 break;
1052 case RETURN_SLAVE_BUSY_COUNT:
1053 if (packet_type == QUERY_PACKET) {
1054 if (payload_len > 2)
1055 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start+2, payload_len-2, register_format);
1056 }
1057 else if (packet_type == RESPONSE_PACKET) {
1058 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_slave_busy_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1059 }
1060 break;
1061 case RETURN_BUS_CHAR_OVERRUN_COUNT:
1062 if (packet_type == QUERY_PACKET) {
1063 if (payload_len > 2)
1064 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start+2, payload_len-2, register_format);
1065 }
1066 else if (packet_type == RESPONSE_PACKET) {
1067 proto_tree_add_item(modbus_tree, hf_modbus_diag_return_bus_char_overrun_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1068 }
1069 break;
1070 case CLEAR_OVERRUN_COUNTER_AND_FLAG:
1071 case FORCE_LISTEN_ONLY_MODE:
1072 case CLEAR_COUNTERS_AND_DIAG_REG:
1073 default:
1074 if (payload_len > 2)
1075 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start+2, payload_len-2, register_format);
1076 break;
1077 }
1078 }
1079 break;
1080
1081 case GET_COMM_EVENT_CTRS:
1082 if (packet_type == RESPONSE_PACKET) {
1083 proto_tree_add_item(modbus_tree, hf_modbus_status, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1084 proto_tree_add_item(modbus_tree, hf_modbus_event_count, tvb, payload_start+2, 2, ENC_BIG_ENDIAN);
1085 }
1086 break;
1087
1088 case GET_COMM_EVENT_LOG:
1089 if (packet_type == RESPONSE_PACKET) {
1090 byte_cnt = (guint32)tvb_get_guint8(tvb, payload_start);
1091 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1, byte_cnt);
1092 proto_tree_add_item(modbus_tree, hf_modbus_status, tvb, payload_start+1, 2, ENC_BIG_ENDIAN);
1093 proto_tree_add_item(modbus_tree, hf_modbus_event_count, tvb, payload_start+3, 2, ENC_BIG_ENDIAN);
1094 proto_tree_add_item(modbus_tree, hf_modbus_message_count, tvb, payload_start+5, 2, ENC_BIG_ENDIAN);
1095 if (byte_cnt-6 > 0) {
1096 byte_cnt -= 6;
1097 event_index = 0;
1098 me = proto_tree_add_text(modbus_tree, tvb, payload_start+7, byte_cnt, "Events");
1099 event_tree = proto_item_add_subtree(me, ett_events);
1100 while (byte_cnt > 0) {
1101 event_code = tvb_get_guint8(tvb, payload_start+7+event_index);
1102 if (event_code == 0) {
1103 proto_tree_add_text(event_tree, tvb, payload_start+7+event_index, 1, "Initiated Communication Restart");
1104 }
1105 else if (event_code == 4) {
1106 proto_tree_add_text(event_tree, tvb, payload_start+7+event_index, 1, "Entered Listen Only Mode");
1107 }
1108 else if (event_code & REMOTE_DEVICE_RECV_EVENT_MASK) {
1109 mei = proto_tree_add_text(event_tree, tvb, payload_start+7+event_index, 1, "Receive Event: 0x%02X", event_code);
1110 event_item_tree = proto_item_add_subtree(mei, ett_events_recv);
1111
1112 /* add subtrees to describe each event bit */
1113 proto_tree_add_item(event_item_tree, hf_modbus_event_recv_comm_err,
1114 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1115 proto_tree_add_item(event_item_tree, hf_modbus_event_recv_char_over,
1116 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1117 proto_tree_add_item(event_item_tree, hf_modbus_event_recv_lo_mode,
1118 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1119 proto_tree_add_item(event_item_tree, hf_modbus_event_recv_broadcast,
1120 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1121 }
1122 else if ((event_code & REMOTE_DEVICE_SEND_EVENT_MASK) == REMOTE_DEVICE_SEND_EVENT_VALUE) {
1123 mei = proto_tree_add_text(event_tree, tvb, payload_start+7+event_index, 1, "Send Event: 0x%02X", event_code);
1124 event_item_tree = proto_item_add_subtree(mei, ett_events_send);
1125
1126 /* add subtrees to describe each event bit */
1127 proto_tree_add_item(event_item_tree, hf_modbus_event_send_read_ex,
1128 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1129 proto_tree_add_item(event_item_tree, hf_modbus_event_send_slave_abort_ex,
1130 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1131 proto_tree_add_item(event_item_tree, hf_modbus_event_send_slave_busy_ex,
1132 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1133 proto_tree_add_item(event_item_tree, hf_modbus_event_send_slave_nak_ex,
1134 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1135 proto_tree_add_item(event_item_tree, hf_modbus_event_send_write_timeout,
1136 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1137 proto_tree_add_item(event_item_tree, hf_modbus_event_send_lo_mode,
1138 tvb, payload_start+7+event_index, 1, ENC_LITTLE_ENDIAN );
1139 }
1140 else {
1141 proto_tree_add_text(event_tree, tvb, payload_start+7+event_index, 1, "Unknown Event");
1142 }
1143
1144 byte_cnt--;
1145 event_index++;
1146 }
1147 }
1148 }
1149 break;
1150
1151 case WRITE_MULT_COILS:
1152 if (packet_type == QUERY_PACKET) {
1153 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1154 proto_tree_add_item(modbus_tree, hf_modbus_bitcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1155 byte_cnt = (guint32)tvb_get_guint8(tvb, payload_start + 4);
1156 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start + 4, 1,
1157 byte_cnt);
1158 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 5, byte_cnt, register_format);
1159 }
1160 else if (packet_type == RESPONSE_PACKET) {
1161 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1162 proto_tree_add_item(modbus_tree, hf_modbus_bitcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1163 }
1164 break;
1165
1166 case WRITE_MULT_REGS:
1167 if (packet_type == QUERY_PACKET) {
1168 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1169 proto_tree_add_item(modbus_tree, hf_modbus_wordcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1170 byte_cnt = (guint32)tvb_get_guint8(tvb, payload_start + 4);
1171 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start + 4, 1,
1172 byte_cnt);
1173 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 5, byte_cnt, register_format);
1174 }
1175 else if (packet_type == RESPONSE_PACKET) {
1176 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1177 proto_tree_add_item(modbus_tree, hf_modbus_wordcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1178 }
1179 break;
1180
1181 case READ_FILE_RECORD:
1182 if (packet_type == QUERY_PACKET) {
1183 byte_cnt = (guint32)tvb_get_guint8(tvb, payload_start);
1184 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1,
1185 byte_cnt);
1186
1187 /* add subtrees to describe each group of packet */
1188 group_offset = payload_start + 1;
1189 for (ii = 0; ii < byte_cnt / 7; ii++) {
1190 mi = proto_tree_add_text( modbus_tree, tvb, group_offset, 7,
1191 "Group %u", ii);
1192 group_tree = proto_item_add_subtree(mi, ett_group_hdr);
1193 proto_tree_add_item(group_tree, hf_modbus_reftype, tvb, group_offset, 1, ENC_BIG_ENDIAN);
1194 proto_tree_add_item(group_tree, hf_modbus_lreference, tvb, group_offset + 1, 4, ENC_BIG_ENDIAN);
1195 proto_tree_add_item(group_tree, hf_modbus_wordcnt, tvb, group_offset + 5, 2, ENC_BIG_ENDIAN);
1196 group_offset += 7;
1197 }
1198 }
1199 else if (packet_type == RESPONSE_PACKET) {
1200 byte_cnt = (guint32)tvb_get_guint8(tvb, payload_start);
1201 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1,
1202 byte_cnt);
1203
1204 /* add subtrees to describe each group of packet */
1205 group_offset = payload_start + 1;
1206 ii = 0;
1207 while (byte_cnt > 0) {
1208 group_byte_cnt = (guint32)tvb_get_guint8(tvb, group_offset);
1209 mi = proto_tree_add_text( modbus_tree, tvb, group_offset, group_byte_cnt + 1,
1210 "Group %u", ii);
1211 group_tree = proto_item_add_subtree(mi, ett_group_hdr);
1212 proto_tree_add_uint(group_tree, hf_modbus_bytecnt, tvb, group_offset, 1,
1213 group_byte_cnt);
1214 proto_tree_add_item(group_tree, hf_modbus_reftype, tvb, group_offset + 1, 1, ENC_BIG_ENDIAN);
1215 dissect_modbus_data(tvb, pinfo, group_tree, function_code, group_offset + 2, group_byte_cnt - 1, register_format);
1216 group_offset += (group_byte_cnt + 1);
1217 byte_cnt -= (group_byte_cnt + 1);
1218 ii++;
1219 }
1220 }
1221 break;
1222
1223 case WRITE_FILE_RECORD:
1224 if ((packet_type == QUERY_PACKET) || (packet_type == RESPONSE_PACKET)) {
1225 byte_cnt = (guint32)tvb_get_guint8(tvb, payload_start);
1226 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1,
1227 byte_cnt);
1228
1229 /* add subtrees to describe each group of packet */
1230 group_offset = payload_start + 1;
1231 ii = 0;
1232 while (byte_cnt > 0) {
1233 group_word_cnt = tvb_get_ntohs(tvb, group_offset + 5);
1234 group_byte_cnt = (2 * group_word_cnt) + 7;
1235 mi = proto_tree_add_text( modbus_tree, tvb, group_offset,
1236 group_byte_cnt, "Group %u", ii);
1237 group_tree = proto_item_add_subtree(mi, ett_group_hdr);
1238 proto_tree_add_item(group_tree, hf_modbus_reftype, tvb, group_offset, 1, ENC_BIG_ENDIAN);
1239 proto_tree_add_item(group_tree, hf_modbus_lreference, tvb, group_offset + 1, 4, ENC_BIG_ENDIAN);
1240 proto_tree_add_uint(group_tree, hf_modbus_wordcnt, tvb, group_offset + 5, 2,
1241 group_word_cnt);
1242 dissect_modbus_data(tvb, pinfo, group_tree, function_code, group_offset + 7, group_byte_cnt - 7, register_format);
1243 group_offset += group_byte_cnt;
1244 byte_cnt -= group_byte_cnt;
1245 ii++;
1246 }
1247 }
1248 break;
1249
1250 case MASK_WRITE_REG:
1251 if ((packet_type == QUERY_PACKET) || (packet_type == RESPONSE_PACKET)) {
1252 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1253 proto_tree_add_item(modbus_tree, hf_modbus_andmask, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1254 proto_tree_add_item(modbus_tree, hf_modbus_ormask, tvb, payload_start + 4, 2, ENC_BIG_ENDIAN);
1255 }
1256 break;
1257
1258 case READ_WRITE_REG:
1259 if (packet_type == QUERY_PACKET) {
1260 proto_tree_add_item(modbus_tree, hf_modbus_readref, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1261 proto_tree_add_item(modbus_tree, hf_modbus_readwordcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1262 proto_tree_add_item(modbus_tree, hf_modbus_writeref, tvb, payload_start + 4, 2, ENC_BIG_ENDIAN);
1263 proto_tree_add_item(modbus_tree, hf_modbus_writewordcnt, tvb, payload_start + 6, 2, ENC_BIG_ENDIAN);
1264 byte_cnt = (guint32)tvb_get_guint8(tvb, payload_start + 8);
1265 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start + 8, 1,
1266 byte_cnt);
1267 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 9, byte_cnt, register_format);
1268 }
1269 else if (packet_type == RESPONSE_PACKET) {
1270 byte_cnt = (guint32)tvb_get_guint8(tvb, payload_start);
1271 proto_tree_add_uint(modbus_tree, hf_modbus_bytecnt, tvb, payload_start, 1,
1272 byte_cnt);
1273 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 1, byte_cnt, register_format);
1274 }
1275 break;
1276
1277 case READ_FIFO_QUEUE:
1278 if (packet_type == QUERY_PACKET)
1279 proto_tree_add_item(modbus_tree, hf_modbus_reference, tvb, payload_start, 2, ENC_BIG_ENDIAN);
1280 else if (packet_type == RESPONSE_PACKET) {
1281 byte_cnt = (guint32)tvb_get_ntohs(tvb, payload_start);
1282 proto_tree_add_uint(modbus_tree, hf_modbus_lbytecnt, tvb, payload_start, 2,
1283 byte_cnt);
1284 proto_tree_add_item(modbus_tree, hf_modbus_wordcnt, tvb, payload_start + 2, 2, ENC_BIG_ENDIAN);
1285 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start + 4, byte_cnt - 2, register_format);
1286 }
1287 break;
1288
1289 case ENCAP_INTERFACE_TRANSP:
1290 if (packet_type == QUERY_PACKET) {
1291 proto_tree_add_item(modbus_tree, hf_modbus_mei, tvb, payload_start, 1, ENC_BIG_ENDIAN);
1292 mei_code = tvb_get_guint8(tvb, payload_start);
1293 switch (mei_code)
1294 {
1295 case READ_DEVICE_ID:
1296 proto_tree_add_item(modbus_tree, hf_modbus_read_device_id, tvb, payload_start+1, 1, ENC_BIG_ENDIAN);
1297 proto_tree_add_item(modbus_tree, hf_modbus_object_id, tvb, payload_start+2, 1, ENC_BIG_ENDIAN);
1298 break;
1299
1300 case CANOPEN_REQ_RESP:
1301 /* CANopen protocol not part of the Modbus/TCP specification */
1302 default:
1303 if (payload_len > 1)
1304 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start, payload_len-1, register_format);
1305 break;
1306 }
1307 }
1308 else if (packet_type == RESPONSE_PACKET) {
1309 proto_tree_add_item(modbus_tree, hf_modbus_mei, tvb, payload_start, 1, ENC_BIG_ENDIAN);
1310 mei_code = tvb_get_guint8(tvb, payload_start);
1311 switch (mei_code)
1312 {
1313 case READ_DEVICE_ID:
1314 proto_tree_add_item(modbus_tree, hf_modbus_read_device_id, tvb, payload_start+1, 1, ENC_BIG_ENDIAN);
1315 proto_tree_add_item(modbus_tree, hf_modbus_conformity_level, tvb, payload_start+2, 1, ENC_BIG_ENDIAN);
1316 proto_tree_add_item(modbus_tree, hf_modbus_more_follows, tvb, payload_start+3, 1, ENC_BIG_ENDIAN);
1317 proto_tree_add_item(modbus_tree, hf_modbus_next_object_id, tvb, payload_start+4, 1, ENC_BIG_ENDIAN);
1318 num_objects = tvb_get_guint8(tvb, payload_start+5);
1319 proto_tree_add_uint(modbus_tree, hf_modbus_num_objects, tvb, payload_start+5, 1, num_objects);
1320 doe = proto_tree_add_text(modbus_tree, tvb, payload_start+6, payload_len-6, "Objects");
1321
1322 object_index = 0;
1323 for (ii = 0; ii < num_objects; ii++)
1324 {
1325 device_objects_tree = proto_item_add_subtree(doe, ett_device_id_objects);
1326
1327 /* add each "object item" as its own subtree */
1328
1329 /* compute length of object */
1330 object_type = tvb_get_guint8(tvb, payload_start+6+object_index);
1331 object_len = tvb_get_guint8(tvb, payload_start+6+object_index+1);
1332
1333 doie = proto_tree_add_text(device_objects_tree, tvb, payload_start+6+object_index, 2+object_len, "Object #%d", ii+1);
1334 device_objects_item_tree = proto_item_add_subtree(doie, ett_device_id_object_items);
1335
1336 proto_tree_add_item(device_objects_item_tree, hf_modbus_object_id, tvb, payload_start+6+object_index, 1, ENC_BIG_ENDIAN);
1337 object_index++;
1338
1339 proto_tree_add_uint(device_objects_item_tree, hf_modbus_list_object_len, tvb, payload_start+6+object_index, 1, object_len);
1340 object_index++;
1341
1342 if (object_type < 7)
1343 {
1344 proto_tree_add_item(device_objects_item_tree, hf_modbus_object_str_value, tvb, payload_start+6+object_index, object_len, ENC_ASCII|ENC_NA);
1345 }
1346 else
1347 {
1348 if (object_len > 0)
1349 proto_tree_add_text(device_objects_item_tree, tvb, payload_start+6+object_index, object_len, "Object Value");
1350 }
1351 object_index += object_len;
1352 }
1353 break;
1354
1355 case CANOPEN_REQ_RESP:
1356 /* CANopen protocol not part of the Modbus/TCP specification */
1357 default:
1358 if (payload_len > 1)
1359 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start, payload_len-1, register_format);
1360 break;
1361 }
1362 }
1363 break;
1364
1365 case REPORT_SLAVE_ID:
1366 default:
1367 if (payload_len > 0)
1368 dissect_modbus_data(tvb, pinfo, modbus_tree, function_code, payload_start, payload_len, register_format);
1369 break;
1370 }
1371 }
1372
1373 return tvb_length(tvb);
1374 }
1375
1376
1377 /* Register the protocol with Wireshark */
1378
1379 void proto_reg_handoff_mbtcp(void);
1380 void proto_reg_handoff_mbrtu(void);
1381
1382 void
1383 proto_register_modbus(void)
1384 {
1385 /* Modbus/TCP header fields */
1386 static hf_register_info mbtcp_hf[] = {
1387 { &hf_mbtcp_transid,
1388 { "Transaction Identifier", "mbtcp.trans_id",
1389 FT_UINT16, BASE_DEC, NULL, 0x0,
1390 NULL, HFILL }
1391 },
1392 { &hf_mbtcp_protid,
1393 { "Protocol Identifier", "mbtcp.prot_id",
1394 FT_UINT16, BASE_DEC, NULL, 0x0,
1395 NULL, HFILL }
1396 },
1397 { &hf_mbtcp_len,
1398 { "Length", "mbtcp.len",
1399 FT_UINT16, BASE_DEC, NULL, 0x0,
1400 NULL, HFILL }
1401 },
1402 { &hf_mbtcp_unitid,
1403 { "Unit Identifier", "mbtcp.unit_id",
1404 FT_UINT8, BASE_DEC, NULL, 0x0,
1405 NULL, HFILL }
1406 },
1407 };
1408
1409 static hf_register_info mbrtu_hf[] = {
1410 { &hf_mbrtu_unitid,
1411 { "Unit ID", "mbrtu.unit_id",
1412 FT_UINT8, BASE_DEC, NULL, 0x0,
1413 NULL, HFILL }
1414 },
1415 { &hf_mbrtu_crc16,
1416 { "CRC-16", "mbrtu.crc16",
1417 FT_UINT16, BASE_HEX, NULL, 0x0,
1418 NULL, HFILL }
1419 },
1420 };
1421
1422 static ei_register_info mbrtu_ei[] = {
1423 { &ei_mbrtu_crc16_incorrect, { "mbrtu.crc16.incorrect", PI_CHECKSUM, PI_WARN, "Incorrect CRC", EXPFILL }},
1424 };
1425
1426 static hf_register_info hf[] = {
1427 /* Modbus header fields */
1428 { &hf_mbtcp_functioncode,
1429 { "Function Code", "modbus.func_code",
1430 FT_UINT8, BASE_DEC, VALS(function_code_vals), 0x0,
1431 NULL, HFILL }
1432 },
1433 { &hf_modbus_reference,
1434 { "Reference Number", "modbus.reference_num",
1435 FT_UINT16, BASE_DEC, NULL, 0x0,
1436 NULL, HFILL }
1437 },
1438 { &hf_modbus_lreference,
1439 { "Reference Number (32 bit)", "modbus.reference_num_32",
1440 FT_UINT32, BASE_DEC, NULL, 0x0,
1441 NULL, HFILL }
1442 },
1443 { &hf_modbus_reftype,
1444 { "Reference Type", "modbus.reference_type",
1445 FT_UINT8, BASE_DEC, NULL, 0x0,
1446 NULL, HFILL }
1447 },
1448 { &hf_modbus_readref,
1449 { "Read Reference Number", "modbus.read_reference_num",
1450 FT_UINT16, BASE_DEC, NULL, 0x0,
1451 NULL, HFILL }
1452 },
1453 { &hf_modbus_writeref,
1454 { "Write Reference Number", "modbus.write_reference_num",
1455 FT_UINT16, BASE_DEC, NULL, 0x0,
1456 NULL, HFILL }
1457 },
1458 { &hf_modbus_wordcnt,
1459 { "Word Count", "modbus.word_cnt",
1460 FT_UINT16, BASE_DEC, NULL, 0x0,
1461 NULL, HFILL }
1462 },
1463 { &hf_modbus_readwordcnt,
1464 { "Read Word Count", "modbus.read_word_cnt",
1465 FT_UINT16, BASE_DEC, NULL, 0x0,
1466 NULL, HFILL }
1467 },
1468 { &hf_modbus_writewordcnt,
1469 { "Write Word Count", "modbus.write_word_cnt",
1470 FT_UINT16, BASE_DEC, NULL, 0x0,
1471 NULL, HFILL }
1472 },
1473 { &hf_modbus_bitcnt,
1474 { "Bit Count", "modbus.bit_cnt",
1475 FT_UINT16, BASE_DEC, NULL, 0x0,
1476 NULL, HFILL }
1477 },
1478 { &hf_modbus_bytecnt,
1479 { "Byte Count", "modbus.byte_cnt",
1480 FT_UINT8, BASE_DEC, NULL, 0x0,
1481 NULL, HFILL }
1482 },
1483 { &hf_modbus_lbytecnt,
1484 { "Byte Count (16-bit)", "modbus.byte_cnt_16",
1485 FT_UINT8, BASE_DEC, NULL, 0x0,
1486 NULL, HFILL }
1487 },
1488 { &hf_modbus_exceptioncode,
1489 { "Exception Code", "modbus.exception_code",
1490 FT_UINT8, BASE_DEC, VALS(exception_code_vals), 0x0,
1491 NULL, HFILL }
1492 },
1493 { &hf_modbus_diag_sf,
1494 { "Diagnostic Code", "modbus.diagnostic_code",
1495 FT_UINT16, BASE_DEC, VALS(diagnostic_code_vals), 0x0,
1496 NULL, HFILL }
1497 },
1498 { &hf_modbus_diag_return_query_data_request,
1499 { "Request Data", "modbus.diagnostic.return_query_data.request",
1500 FT_BYTES, BASE_NONE, NULL, 0x0,
1501 NULL, HFILL }
1502 },
1503 { &hf_modbus_diag_return_query_data_echo,
1504 { "Echo Data", "modbus.diagnostic.return_query_data.echo",
1505 FT_BYTES, BASE_NONE, NULL, 0x0,
1506 NULL, HFILL }
1507 },
1508 { &hf_modbus_diag_restart_communication_option,
1509 { "Restart Communication Option", "modbus.diagnostic.restart_communication_option",
1510 FT_UINT16, BASE_HEX, VALS(diagnostic_restart_communication_option_vals), 0x0,
1511 NULL, HFILL }
1512 },
1513 { &hf_modbus_diag_return_diag_register,
1514 { "Diagnostic Register Contents", "modbus.diagnostic.return_diag_register",
1515 FT_UINT16, BASE_HEX, NULL, 0x0,
1516 NULL, HFILL }
1517 },
1518 { &hf_modbus_diag_ascii_input_delimiter,
1519 { "CHAR", "modbus.diagnostic.ascii_input_delimiter",
1520 FT_UINT8, BASE_HEX, NULL, 0x0,
1521 NULL, HFILL }
1522 },
1523 { &hf_modbus_diag_return_bus_message_count,
1524 { "Total Message Count", "modbus.diagnostic.bus_message_count",
1525 FT_UINT16, BASE_DEC, NULL, 0x0,
1526 NULL, HFILL }
1527 },
1528 { &hf_modbus_diag_return_bus_comm_error_count,
1529 { "CRC Error Count", "modbus.diagnostic.bus_comm_error_count",
1530 FT_UINT16, BASE_DEC, NULL, 0x0,
1531 NULL, HFILL }
1532 },
1533 { &hf_modbus_diag_return_bus_exception_error_count,
1534 { "Exception Error Count", "modbus.diagnostic.bus_exception_error_count",
1535 FT_UINT16, BASE_DEC, NULL, 0x0,
1536 NULL, HFILL }
1537 },
1538 { &hf_modbus_diag_return_slave_message_count,
1539 { "Slave Message Count", "modbus.diagnostic.slave_message_count",
1540 FT_UINT16, BASE_DEC, NULL, 0x0,
1541 NULL, HFILL }
1542 },
1543 { &hf_modbus_diag_return_no_slave_response_count,
1544 { "Slave No Response Count", "modbus.diagnostic.no_slave_response_count",
1545 FT_UINT16, BASE_DEC, NULL, 0x0,
1546 NULL, HFILL }
1547 },
1548 { &hf_modbus_diag_return_slave_nak_count,
1549 { "Slave NAK Count", "modbus.diagnostic.slave_nak_count",
1550 FT_UINT16, BASE_DEC, NULL, 0x0,
1551 NULL, HFILL }
1552 },
1553 { &hf_modbus_diag_return_slave_busy_count,
1554 { "Slave Device Busy Count", "modbus.diagnostic.slave_busy_count",
1555 FT_UINT16, BASE_DEC, NULL, 0x0,
1556 NULL, HFILL }
1557 },
1558 { &hf_modbus_diag_return_bus_char_overrun_count,
1559 { "Slave Character Overrun Count", "modbus.diagnostic.bus_char_overrun_count",
1560 FT_UINT16, BASE_DEC, NULL, 0x0,
1561 NULL, HFILL }
1562 },
1563 { &hf_modbus_status,
1564 { "Status", "modbus.ev_status",
1565 FT_UINT16, BASE_HEX, NULL, 0x0,
1566 NULL, HFILL }
1567 },
1568 { &hf_modbus_event_count,
1569 { "Event Vount", "modbus.ev_count",
1570 FT_UINT16, BASE_DEC, NULL, 0x0,
1571 NULL, HFILL }
1572 },
1573 { &hf_modbus_message_count,
1574 { "Message Count", "modbus.ev_msg_count",
1575 FT_UINT16, BASE_DEC, NULL, 0x0,
1576 NULL, HFILL }
1577 },
1578 { &hf_modbus_event_recv_comm_err,
1579 { "Communication Error", "modbus.ev_recv_comm_err",
1580 FT_UINT8, BASE_DEC, NULL, 0x02,
1581 NULL, HFILL }
1582 },
1583 { &hf_modbus_event_recv_char_over,
1584 { "Character Overrun", "modbus.ev_recv_char_over",
1585 FT_UINT8, BASE_DEC, NULL, 0x10,
1586 NULL, HFILL }
1587 },
1588 { &hf_modbus_event_recv_lo_mode,
1589 { "Currently in Listen Only Mode", "modbus.ev_recv_lo_mode",
1590 FT_UINT8, BASE_DEC, NULL, 0x20,
1591 NULL, HFILL }
1592 },
1593 { &hf_modbus_event_recv_broadcast,
1594 { "Broadcast Received", "modbus.ev_recv_broadcast",
1595 FT_UINT8, BASE_DEC, NULL, 0x40,
1596 NULL, HFILL }
1597 },
1598 { &hf_modbus_event_send_read_ex,
1599 { "Read Exception Sent", "modbus.ev_send_read_ex",
1600 FT_UINT8, BASE_DEC, NULL, 0x01,
1601 NULL, HFILL }
1602 },
1603 { &hf_modbus_event_send_slave_abort_ex,
1604 { "Slave Abort Exception Sent", "modbus.ev_send_slave_abort_ex",
1605 FT_UINT8, BASE_DEC, NULL, 0x02,
1606 NULL, HFILL }
1607 },
1608 { &hf_modbus_event_send_slave_busy_ex,
1609 { "Slave Busy Exception Sent", "modbus.ev_send_slave_busy_ex",
1610 FT_UINT8, BASE_DEC, NULL, 0x04,
1611 NULL, HFILL }
1612 },
1613 { &hf_modbus_event_send_slave_nak_ex,
1614 { "Slave Program NAK Exception Sent", "modbus.ev_send_slave_nak_ex",
1615 FT_UINT8, BASE_DEC, NULL, 0x08,
1616 NULL, HFILL }
1617 },
1618 { &hf_modbus_event_send_write_timeout,
1619 { "Write Timeout Error Occurred", "modbus.ev_send_write_timeout",
1620 FT_UINT8, BASE_DEC, NULL, 0x10,
1621 NULL, HFILL }
1622 },
1623 { &hf_modbus_event_send_lo_mode,
1624 { "Currently in Listen Only Mode", "modbus.ev_send_lo_mode",
1625 FT_UINT8, BASE_DEC, NULL, 0x20,
1626 NULL, HFILL }
1627 },
1628 { &hf_modbus_andmask,
1629 { "AND mask", "modbus.and_mask",
1630 FT_UINT16, BASE_HEX, NULL, 0x0,
1631 NULL, HFILL }
1632 },
1633 { &hf_modbus_ormask,
1634 { "OR mask", "modbus.or_mask",
1635 FT_UINT16, BASE_HEX, NULL, 0x0,
1636 NULL, HFILL }
1637 },
1638 { &hf_modbus_data,
1639 { "Data", "modbus.data",
1640 FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }
1641 },
1642 { &hf_modbus_mei,
1643 { "MEI type", "modbus.mei",
1644 FT_UINT8, BASE_DEC, VALS(encap_interface_code_vals), 0x0,
1645 NULL, HFILL }
1646 },
1647 { &hf_modbus_read_device_id,
1648 { "Read Device ID", "modbus.read_device_id",
1649 FT_UINT8, BASE_DEC, VALS(read_device_id_vals), 0x0,
1650 NULL, HFILL }
1651 },
1652 { &hf_modbus_object_id,
1653 { "Object ID", "modbus.object_id",
1654 FT_UINT8, BASE_DEC, VALS(object_id_vals), 0x0,
1655 NULL, HFILL }
1656 },
1657 { &hf_modbus_num_objects,
1658 { "Number of Objects", "modbus.num_objects",
1659 FT_UINT8, BASE_DEC, NULL, 0x0,
1660 NULL, HFILL }
1661 },
1662 { &hf_modbus_list_object_len,
1663 { "Object length", "modbus.objects_len",
1664 FT_UINT8, BASE_DEC, NULL, 0x0,
1665 NULL, HFILL }
1666 },
1667 { &hf_modbus_conformity_level,
1668 { "Conformity Level", "modbus.conformity_level",
1669 FT_UINT8, BASE_HEX, VALS(conformity_level_vals), 0x0,
1670 NULL, HFILL }
1671 },
1672 { &hf_modbus_more_follows,
1673 { "More Follows", "modbus.more_follows",
1674 FT_UINT8, BASE_HEX, NULL, 0x0,
1675 NULL, HFILL }
1676 },
1677 { &hf_modbus_next_object_id,
1678 { "Next Object ID", "modbus.next_object_id",
1679 FT_UINT8, BASE_DEC, NULL, 0x0,
1680 NULL, HFILL }
1681 },
1682 { &hf_modbus_object_str_value,
1683 { "Object String Value", "modbus.object_str_value",
1684 FT_STRING, BASE_NONE, NULL, 0x0,
1685 NULL, HFILL }
1686 },
1687 { &hf_modbus_reg_uint16,
1688 { "Register (UINT16)", "modbus.register.uint16",
1689 FT_UINT16, BASE_DEC, NULL, 0x0,
1690 NULL, HFILL }
1691 },
1692 { &hf_modbus_reg_uint32,
1693 { "Register (UINT32)", "modbus.register.uint32",
1694 FT_UINT32, BASE_DEC, NULL, 0x0,
1695 NULL, HFILL }
1696 },
1697 { &hf_modbus_reg_ieee_float,
1698 { "Register (IEEE Float)", "modbus.register.ieee_float",
1699 FT_FLOAT, BASE_NONE, NULL, 0x0,
1700 NULL, HFILL }
1701 },
1702 { &hf_modbus_reg_modicon_float,
1703 { "Register (Modicon Float)", "modbus.register.modicon_float",
1704 FT_FLOAT, BASE_NONE, NULL, 0x0,
1705 NULL, HFILL }
1706 },
1707 };
1708
1709 /* Setup protocol subtree array */
1710 static gint *ett[] = {
1711 &ett_mbtcp,
1712 &ett_mbrtu,
1713 &ett_modbus_hdr,
1714 &ett_group_hdr,
1715 &ett_events,
1716 &ett_events_recv,
1717 &ett_events_send,
1718 &ett_device_id_objects,
1719 &ett_device_id_object_items
1720 };
1721
1722 static ei_register_info ei[] = {
1723 { &ei_modbus_data_decode, { "modbus.data.decode", PI_PROTOCOL, PI_WARN, "Invalid decoding options, register data not a multiple of 4!", EXPFILL }},
1724 };
1725
1726 module_t *mbtcp_module;
1727 module_t *mbrtu_module;
1728 expert_module_t* expert_mbrtu;
1729 expert_module_t* expert_modbus;
1730
1731 /* Register the protocol name and description */
1732 proto_mbtcp = proto_register_protocol("Modbus/TCP", "Modbus/TCP", "mbtcp");
1733 proto_mbrtu = proto_register_protocol("Modbus RTU", "Modbus RTU", "mbrtu");
1734 proto_modbus = proto_register_protocol("Modbus", "Modbus", "modbus");
1735
1736 /* Registering protocol to be called by another dissector */
1737 modbus_handle = new_register_dissector("modbus", dissect_modbus, proto_modbus);
1738 mbtcp_handle = new_register_dissector("mbtcp", dissect_mbtcp, proto_mbtcp);
1739 mbrtu_handle = new_register_dissector("mbrtu", dissect_mbrtu, proto_mbrtu);
1740
1741 /* Registering subdissectors table */
1742 modbus_data_dissector_table = register_dissector_table("modbus.data", "Modbus Data", FT_STRING, BASE_NONE);
1743 modbus_dissector_table = register_dissector_table("mbtcp.prot_id", "Modbus/TCP protocol identifier", FT_UINT16, BASE_DEC);
1744
1745 /* Required function calls to register the header fields and subtrees used */
1746 proto_register_field_array(proto_mbtcp, mbtcp_hf, array_length(mbtcp_hf));
1747 proto_register_field_array(proto_mbrtu, mbrtu_hf, array_length(mbrtu_hf));
1748 proto_register_field_array(proto_modbus, hf, array_length(hf));
1749 proto_register_subtree_array(ett, array_length(ett));
1750 expert_mbrtu = expert_register_protocol(proto_mbrtu);
1751 expert_register_field_array(expert_mbrtu, mbrtu_ei, array_length(mbrtu_ei));
1752 expert_modbus = expert_register_protocol(proto_modbus);
1753 expert_register_field_array(expert_modbus, ei, array_length(ei));
1754
1755
1756 /* Register required preferences for Modbus Protocol register decoding */
1757 mbtcp_module = prefs_register_protocol(proto_mbtcp, proto_reg_handoff_mbtcp);
1758 mbrtu_module = prefs_register_protocol(proto_mbrtu, proto_reg_handoff_mbrtu);
1759
1760 /* Modbus RTU Preference - Desegment, defaults to TRUE for TCP desegmentation */
1761 prefs_register_bool_preference(mbtcp_module, "desegment",
1762 "Desegment all Modbus RTU packets spanning multiple TCP segments",
1763 "Whether the Modbus RTU dissector should desegment all messages spanning multiple TCP segments",
1764 &mbtcp_desegment);
1765
1766 /* Modbus/TCP Preference - Default TCP Port, allows for "user" port either than 502. */
1767 prefs_register_uint_preference(mbtcp_module, "tcp.port", "Modbus/TCP Port",
1768 "Set the TCP port for Modbus/TCP packets (if other"
1769 " than the default of 502)",
1770 10, &global_mbus_tcp_port);
1771
1772 /* Modbus/TCP Preference - Holding/Input Register format, this allows for deeper dissection of response data */
1773 prefs_register_enum_preference(mbtcp_module, "mbus_register_format",
1774 "Holding/Input Register Format",
1775 "Register Format",
1776 &global_mbus_tcp_register_format,
1777 mbus_register_format,
1778 TRUE);
1779
1780 /* Modbus/TCP Preference - Register addressing format, this allows for a configurable display option to determine addressing used */
1781 prefs_register_enum_preference(mbtcp_module, "mbus_register_addr_type",
1782 "Register Addressing Type",
1783 "Register Addressing Type (Raw, Modicon 5 or 6). This option has no effect on the underlying protocol, but changes the register address display format",
1784 &global_mbus_tcp_register_addr_type,
1785 mbus_register_addr_type,
1786 TRUE);
1787
1788 /* Modbus RTU Preference - Desegment, defaults to TRUE for TCP desegmentation */
1789 prefs_register_bool_preference(mbrtu_module, "desegment",
1790 "Desegment all Modbus RTU packets spanning multiple TCP segments",
1791 "Whether the Modbus RTU dissector should desegment all messages spanning multiple TCP segments",
1792 &mbrtu_desegment);
1793
1794 /* Modbus RTU Preference - CRC verification, defaults to FALSE (not do verification)*/
1795 prefs_register_bool_preference(mbrtu_module, "crc_verification",
1796 "Validate CRC",
1797 "Whether to validate the CRC",
1798 &mbrtu_crc);
1799
1800 /* Modbus RTU Preference - Default TCP Port, defaults to zero, allows custom user port. */
1801 prefs_register_uint_preference(mbrtu_module, "tcp.port", "Modbus RTU Port",
1802 "Set the TCP port for encapsulated Modbus RTU packets",
1803 10, &global_mbus_rtu_port);
1804
1805 /* Modbus RTU Preference - Holding/Input Register format, this allows for deeper dissection of response data */
1806 prefs_register_enum_preference(mbrtu_module, "mbus_register_format",
1807 "Holding/Input Register Format",
1808 "Register Format",
1809 &global_mbus_rtu_register_format,
1810 mbus_register_format,
1811 TRUE);
1812
1813 /* Modbus RTU Preference - Register addressing format, this allows for a configurable display option to determine addressing used */
1814 prefs_register_enum_preference(mbrtu_module, "mbus_register_addr_type",
1815 "Register Addressing Type",
1816 "Register Addressing Type (Raw, Modicon 5 or 6). This option has no effect on the underlying protocol, but changes the register address display format",
1817 &global_mbus_rtu_register_addr_type,
1818 mbus_register_addr_type,
1819 TRUE);
1820
1821 }
1822
1823
1824 /* If this dissector uses sub-dissector registration add a registration routine.
1825 This format is required because a script is used to find these routines and
1826 create the code that calls these routines.
1827 */
1828 void
1829 proto_reg_handoff_mbtcp(void)
1830 {
1831 static unsigned int mbtcp_port;
1832
1833 /* Make sure to use Modbus/TCP Preferences field to determine default TCP port */
1834
1835 if(mbtcp_port != 0 && mbtcp_port != global_mbus_tcp_port){
1836 dissector_delete_uint("tcp.port", mbtcp_port, mbtcp_handle);
1837 }
1838
1839 if(global_mbus_tcp_port != 0 && mbtcp_port != global_mbus_tcp_port) {
1840 dissector_add_uint("tcp.port", global_mbus_tcp_port, mbtcp_handle);
1841 }
1842
1843 mbtcp_port = global_mbus_tcp_port;
1844
1845 dissector_add_uint("mbtcp.prot_id", MODBUS_PROTOCOL_ID, modbus_handle);
1846
1847 }
1848
1849 void
1850 proto_reg_handoff_mbrtu(void)
1851 {
1852 static unsigned int mbrtu_port = 0;
1853
1854 /* Make sure to use Modbus RTU Preferences field to determine default TCP port */
1855
1856 if(mbrtu_port != 0 && mbrtu_port != global_mbus_rtu_port){
1857 dissector_delete_uint("tcp.port", mbrtu_port, mbrtu_handle);
1858 }
1859
1860 if(global_mbus_rtu_port != 0 && mbrtu_port != global_mbus_rtu_port) {
1861 dissector_add_uint("tcp.port", global_mbus_rtu_port, mbrtu_handle);
1862 }
1863
1864 mbrtu_port = global_mbus_rtu_port;
1865
1866 dissector_add_uint("mbtcp.prot_id", MODBUS_PROTOCOL_ID, modbus_handle);
1867
1868 }