Peter M. Groen / modbus-cpp

Commit aa8d24dc27e9fe390277360639ffb4ea208c6233

Authored by Peter M. Groen
1 parent c5f4c7e1

Update protocol.md

Inline Side-by-side
Showing 5 changed files with 154 additions and 14 deletions
documentation/graphics/08_modbus_addressing_model.png 0 → 100644
View file @aa8d24d

59.8 KB
documentation/graphics/09_modbus_state_diagram.png 0 → 100644
View file @aa8d24d

104 KB
documentation/graphics/originals/.~lock.modbus_drawings.odg# 0 → 100644
  View file @aa8d24d
  1 +Peter Groen,pgroen,nuc64.osdev.nl,24.09.2022 16:00,file:///home/pgroen/.config/.openoffice/4;
0 \ No newline at end of file 2 \ No newline at end of file
documentation/graphics/originals/modbus_drawings.odg 0 → 100644
View file @aa8d24d
No preview for this file type
documentation/protocol.md
  View file @aa8d24d
@@ -89,17 +89,156 @@ The MODBUS protocol defines three PDUs. They are :<br> @@ -89,17 +89,156 @@ The MODBUS protocol defines three PDUs. They are :<br>
89 89
90 90
91 ### Data Encoding 91 ### Data Encoding
92 -  
93 - MODBUS uses a ‘big-Endian’ representation for addresses and data items. This means  
94 -that when a numerical quantity larger than a single byte is transmitted, the most significant  
95 -byte is sent first. So for example  
96 -Register size  
97 - value  
98 -16 - bits  
99 - 0x1234  
100 - Note: For more details, see [1] .  
101 -April 26, 2012  
102 -the first byte sent is  
103 - 0x12  
104 -http://www.modbus.org  
105 -then 0x34  
106 \ No newline at end of file 92 \ No newline at end of file
  93 +
  94 +MODBUS uses a ‘big-Endian’ representation for addresses and data items. This means that when a numerical quantity larger than a single byte is transmitted, the most significant
  95 +byte is sent first. So for example :
  96 +
  97 +| Register size | value |
  98 +|---------------|--------|
  99 +| 16 - bits | 0x1234 |
  100 +
  101 +the first byte sent is 0x12 then 0x34. By bitshifting and adding, the original value can be compiled. ( 0x12 << 8u = 0x1200 + 0x34 = 0x1234 )
  102 +
  103 +## MODBUS Data Model
  104 +MODBUS bases its data model on a series of tables that have distinguishing characteristics. The four primary tables are:
  105 +
  106 +| Primary tables | Object type | Type of | Comments |
  107 +|----------------|-------------|---------|----------|
  108 +| Discretes Input | Single Bit | Read-Only | This type of data can be provided by an I/O system. |
  109 +| Coils | Single Bit | Read-Write | This type of data can be alterable by an application program. |
  110 +| Input Registers | 16-bit word | Read-Only | This type of data can be provided by an I/O system |
  111 +| Holding Registers | 16-bit word | Read-Write | This type of data can be alterable by an application program. |
  112 +
  113 +The distinctions between inputs and outputs, and between bit -addressable and word-
  114 +addressable data items, do not imply any application behavior. It is perfectly acceptable, and
  115 +very common, to regard all four tables as overlaying one another, if this is the most natural
  116 +interpretation on the target machine in question.
  117 +For each of the primary tables, the protocol allows individual selection of 65536 data items,
  118 +and the operations of read or write of those items are designed to span multiple consecutive
  119 +data items up to a data size limit which is dependent on the transaction function code.
  120 +It’s obvious that all the data handled via MODBUS (bits, registers) must be located in device
  121 +application memory. But physical address in memory should not be confused with data
  122 +reference. The only requirement is to link data reference with physical address.
  123 +MODBUS logical reference numbers, which are used in MODBUS funct ions, are unsigned
  124 +integer indices starting at zero.
  125 +
  126 +## MODBUS Adressing Model
  127 +The MODBUS application protocol defines precisely PDU addressing rules.
  128 +In a MODBUS PDU each data is addressed from 0 to 65535.
  129 +It also defines clearly a MODBUS data model composed of 4 blocks that comprises several
  130 +elements numbered from 1 to n.
  131 +In the MODBUS data Model each element within a data block is numbered from 1 to n.
  132 +Afterwards the MODBUS data model has to be bound to the device application ( IEC -61131
  133 +object, or other application model).
  134 +The pre-mapping between the MODBUS data model and the device application is totally
  135 +vendor device specific.
  136 +
  137 +![MODBUS Addressing Model](graphics/08_modbus_addressing_model.png)
  138 +
  139 +## Define MODBUS Transaction
  140 +The following state diagram describes the generic processing oif a MODBUS transaction in server side.
  141 +
  142 +![MODBUS Transaction State Diagram](graphics/09_modbus_state_diagram.png)
  143 +
  144 +Once the request has been processed by a server, a MODBUS response using the
  145 +adequate MODBUS server transaction is built.
  146 +Depending on the result of the processing two types of response are built :
  147 +
  148 + * A positive MODBUS response :
  149 + * the response function code = the request function code
  150 +
  151 + * A MODBUS Exception response ( see section 7 ):
  152 + * the objective is to provide to the client relevant information concerning the
  153 +error detected during the processing ;
  154 + * the exception function code = the request function code + 0x80 ;
  155 + * an exception code is provided to indicate the reason of the error.
  156 +
  157 +## Function Code Categories
  158 +
  159 +There are three categories of MODBUS Functions codes. They are :
  160 +
  161 +<strong>Public Function Codes</strong>
  162 +
  163 +* Are well defined function codes,
  164 +* guaranteed to be unique,
  165 +* validated by the MODBUS.org community,
  166 +* publicly documented
  167 +* have available conformance test,
  168 +* includes both defined public assigned function codes as well as unassigned function codes reserved for future use.
  169 +
  170 +<strong>User-Defined Function Codes</strong>
  171 +
  172 +* there are two ranges of user-defined function codes, i.e. 65 to 72 and from 100 to 110 decimal.
  173 +* user can select and implement a function code that is not supported by the specification.
  174 +* there is no guarantee that the use of the selected function code will be unique
  175 +* if the user wants to re-position the functionality as a public function code, he must
  176 +initiate an RFC to introduce the change into the public category and to have a new
  177 +public function code assigned.
  178 +* MODBUS Organization, Inc expressly reserves the right to develop the proposed RFC.
  179 +
  180 +<strong>Reserved Function Codes</strong>
  181 +
  182 +* Function Codes currently used by some companies for legacy products and that
  183 +are not available for public use.
  184 +
  185 +### Public Function Code Definition
  186 +
  187 +| Domain | #Bits | Type | Description | Function code | Sub code | (hex) |
  188 +|--------|-------|------|----------------------|---------------|----------|-------|
  189 +| Data Access | Bit Access | Physical Discrete Inputs | Read Discrete Inputs | 02 | | 0x02 |
  190 +| | | Internal Bits or Physical Coils| Read Coils | 01 | | 0x01 |
  191 +| | | | Write Single Coil | 05 | | 0x05 |
  192 +| | | | Write Multiple Coils | 15 | | 0x0F |
  193 +| | 16 bits access| Physical Input Registers | Read Input Register | 04 | | 0x04 |
  194 +| | | Internal Registers or Physical Ouput Registers| Read Holding Registers | 03 | | 0x03 |
  195 +| | | | Write Single Register | 06 | | 0x06 |
  196 +| | | | Write multiple Registers | 16 | | 0x10 |
  197 +| | | | Read/Write Multiple Registers | 23 | | 0x17 |
  198 +| | | | Mask Write Register | 22 | | 0x16 |
  199 +| | | | Read FIFO queue | 24 | | 0x18 |
  200 +| | | File Record Access | Read File record | 20 | | 0x14 |
  201 +| | | | Write File Record | 21 | | 0x15 |
  202 +| Diagnostics | | | Read Exception Status | 07 | | 0x07 |
  203 +| | | | Diagnostic | 08 | 00-18,20 | 0x08 |
  204 +| | | | Get Com event counter | 11 | | 0x0B |
  205 +| | | | Get Com Event Log | 12 | | 0x0C |
  206 +| | | | Report Server ID | 17 | | 0x11 |
  207 +| | | | Read device Identification | 43 | 14 | 0x2B |
  208 +| Other | | | Encapsulated Interface Transport | 43 | 13, 14 | 0x2B |
  209 +| | | | CANopen General Reference | 43 | 13 | 0x2B |
  210 +
  211 +## Function codes descriptions
  212 +
  213 +### 01 (0x01) Read Coils
  214 +This function code is used to read from 1 to 2000 contiguous status of coils in a remote
  215 +device. The Request PDU specifies the starting address, i.e. the address of the first coil
  216 +specified, and the number of coils. In the PDU Coils are addressed starting at zero. Therefore
  217 +coils numbered 1-16 are addressed as 0-15.<br>
  218 +The coils in the response message are packed as one coil per bit of the data field. Status is
  219 +indicated as 1= ON and 0= OFF. The LSB of the first data byte contains the output addressed
  220 +in the query. The other coils follow toward the high order end of this byte, and from low order
  221 +to high order in subsequent bytes.<br>
  222 +If the returned output quantity is not a multiple of eight, the remaining bits in the final data
  223 +byte will be padded with zeros (toward the high order end of the byte). The Byte Count field
  224 +specifies the quantity of complete bytes of data.
  225 +
  226 +#### Request
  227 +
  228 +| Description | #Bytes | Value |
  229 +|---|---|---|
  230 +| Function code | 1 Byte | <strong>0x01</strong> |
  231 +| Starting Address | 2 Bytes | 0x0000 to 0xFFFF |
  232 +| Quantity of coils | 2 Bytes | 1 to 2000 (0x7D0) |
  233 +
  234 +#### Response
  235 +
  236 +| Description | #Bytes | Value |
  237 +|---|---|---|
  238 +| Function code | 1 Byte | <strong>0x01</strong> |
  239 +| Byte count | 1 Byte | <strong>N*</strong> |
  240 +| Coil Status | <strong>n</strong> Byte | n = N or N + 1 |
  241 +
  242 +<strong>*N</strong> = Quantity of Outputs / 8, if the remainder is different of 0 => N = N+1
  243 +
  244 +#### Error
  245 +