Commit c5f4c7e1ab55f577d1284f1b7a4479b3cd9c77a9
1 parent
a33ff0a3
Update protocol.md
Showing
1 changed file
with
105 additions
and
13 deletions
documentation/protocol.md
| 1 | -# MODBUS Application Protocol SPecification V1.1b3 | |
| 2 | - | |
| 3 | -## Introduction | |
| 4 | - | |
| 5 | -MODBUS is an application layer messaging protocol for client/server communication between | |
| 6 | -devices connected on different types of buses or networks. | |
| 7 | - | |
| 8 | -It is currently implemented using: | |
| 9 | - | |
| 10 | -* TCP/IP over Ethernet. See MODBUS Messaging Implementation Guide V1.0a. | |
| 11 | -* Asynchronous serial transmission over a variety of media (wire : EIA/TIA -232-E, EIA-422, | |
| 12 | -EIA/TIA-485-A; fiber, radio, etc.) | |
| 13 | -* MODBUS PLUS, a high speed token passing network. | |
| 1 | +# MODBUS Application Protocol SPecification V1.1b3 | |
| 2 | + | |
| 3 | +## Introduction | |
| 4 | + | |
| 5 | +MODBUS is an application layer messaging protocol for client/server communication between | |
| 6 | +devices connected on different types of buses or networks. | |
| 7 | + | |
| 8 | +It is currently implemented using: | |
| 9 | + | |
| 10 | +* TCP/IP over Ethernet. See MODBUS Messaging Implementation Guide V1.0a. | |
| 11 | +* Asynchronous serial transmission over a variety of media (wire : EIA/TIA -232-E, EIA-422, | |
| 12 | +EIA/TIA-485-A; fiber, radio, etc.) | |
| 13 | +* MODBUS PLUS, a high speed token passing network. | |
| 14 | + | |
| 15 | +## Abbreviations | |
| 16 | + | |
| 17 | +|Abbreviation |Description | | |
| 18 | +|---|--------------------| | |
| 19 | +| ADU | Application Data Unit | |
| 20 | +| HDLC | High Level Data Link Control | | |
| 21 | +| HMI | Human Machine Interface | | |
| 22 | +| IETF | Internet Engineering Task Force | | |
| 23 | +| I/O | Input / Output | | |
| 24 | +| IP | Internet Protocol | | |
| 25 | +| MAC | Media Access Control | | |
| 26 | +| MB | MODBUS Protocol | | |
| 27 | +| MBAP | MODBUS Application Protocol | | |
| 28 | +| PDU | Protocol Data Unit | | |
| 29 | +| PLC | Programmable Logic Controller | | |
| 30 | +| TCP | Transmission Control Protocol | | |
| 31 | + | |
| 32 | +## Context | |
| 33 | +The MODBUS protocol allows an easy communication within all types of network architectures. Every type of devices (PLC, HMI, Control Panel, Driver, Motion control, I/O Device...) can use MODBUS protocol to initiate a remote operation. | |
| 34 | +The same communication can be done as well on serial line as on Ethernet TCP/IP networks. Gateways allow a communication between several types of buses or network using the MODBUS protocol. | |
| 35 | + | |
| 36 | +## General Description | |
| 37 | + | |
| 38 | +### Protocol description | |
| 39 | +The MODBUS protocol defines a simple protocol data unit (PDU) independent of the underlying communication layers. The mapping of MODBUS protocol on specific buses or network ccan introduce some additional fields on the Application Data Unit (ADU). | |
| 40 | + | |
| 41 | +``` | |
| 42 | + ADU | |
| 43 | +<--------------------------------------------------------------------------------> | |
| 44 | ++--------------------+ +---------------+ +---------------------+ +-------------+ | |
| 45 | +| Additional address | | Function code | | Data | | Error check | | |
| 46 | ++--------------------+ +---------------+ +---------------------+ +-------------+ | |
| 47 | + <---------------------------------------> | |
| 48 | + PDU | |
| 49 | +General MODBUS frame | |
| 50 | +``` | |
| 51 | + | |
| 52 | +The MODBUS application data unit is built by the client that initiates a MODBUS transaction. The function indicates to the server what kind of action to perform. The MODBUS application protocol establishes the format of a request initiated by a client. | |
| 53 | +The function code field of a MODBUS data unit is coded in one byte. Valid codes are in the range of 1..255 decimal ( where the range 128 - 255 is reserved and used for exception responses.) When a message is sent from a Client to a Server device the function code field tells the server what kind of action to perform. Function code "0" is not valid. | |
| 54 | + | |
| 55 | +Sub function codes are added to some function codes to define multiple actions. | |
| 56 | +The data field of messages sent from a client to server devices contains additional information that the server uses to take the action defined by the function code. This can include items like discrete and register addresses, the quantity of items to be handled, ad the count of actual data bytes in the field. The data field may be non-existent (of zero-length) in certain kinds of requests, in this case the server does not require any additional information. The function code alone specifies the action. | |
| 57 | + | |
| 58 | +If no error occurs related to the MODBUS function requested in a properly received MODBUS | |
| 59 | +ADU the data field of a response from a server to a client contains the data requested. If an | |
| 60 | +error related to the MODBUS function requested occurs, the field contains an exception code | |
| 61 | +that the server application can use to determine the next action to be taken. | |
| 62 | +For example a client can read the ON / OFF states of a group of discrete outputs or inputs or | |
| 63 | +it can read/write the data contents of a group of registers. | |
| 64 | +When the server responds to the client, it uses the function code field to indicate either a | |
| 65 | +normal (error-free) response or that some kind of error occurred (called an exception | |
| 66 | +response). For a normal response, the server simply echoes to the request the original | |
| 67 | +function code. | |
| 68 | + | |
| 69 | +For an exception response, the server returns a code that is equivalent to the original function | |
| 70 | +code from the request PDU with its most significant bit set to logic 1. | |
| 71 | + | |
| 72 | +The size of the MODBUS PDU is limited by the size constraint inherited from the first | |
| 73 | +MODBUS implementation on Serial Line network (max. RS485 ADU = 256 bytes). | |
| 74 | + | |
| 75 | +Therefore: <br> | |
| 76 | +MODBUS PDU for serial line communication = 256 - Server address (1 byte) - CRC (2 | |
| 77 | +bytes) = 253 bytes. | |
| 78 | + | |
| 79 | +Consequently:<br> | |
| 80 | +RS232 / RS485 ADU = 253 bytes + Server address (1 byte) + CRC (2 bytes) = 256 bytes. | |
| 81 | +TCP MODBUS ADU = 253 bytes + MBAP (7 bytes) = 260 bytes. | |
| 82 | +The MODBUS protocol defines three PDUs. They are :<br> | |
| 83 | + | |
| 84 | +| Full name | PDU | Definition | Description | | |
| 85 | +|-----------|-----|------------|-------------| | |
| 86 | +| MODBUS Request PDU | mb_req_pdu | {function_code, request_data} | function_code = [1 byte] MODBUS function code<br> request_data = [n bytes] This field is function code dependent and usually contains information such as variable references, variable counts, data offsets, sub-function codes etc | | |
| 87 | +| MODBUS Response PDU | mb_rsp_pdu | {function_code, response_data}| function_code = [1 byte] MODBUS function code <br> response_data = [n bytes] This field is function code dependent and usually contains information such as variable references, variable counts, data offsets, sub-function codes, etc. | | |
| 88 | +| MODBUS Exception Response PDU | mb_excep_rsp_pdu | {exception-function_code, request_data} | exception-function_code = [1 byte] MODBUS function code + 0x80 <br> exception_code = [1 byte] MODBUS Exception Code Defined in table "MODBUS Exception Codes" (see section 7 ). | | |
| 89 | + | |
| 90 | + | |
| 91 | +### Data Encoding | |
| 92 | + | |
| 93 | + MODBUS uses a ‘big-Endian’ representation for addresses and data items. This means | |
| 94 | +that when a numerical quantity larger than a single byte is transmitted, the most significant | |
| 95 | +byte is sent first. So for example | |
| 96 | +Register size | |
| 97 | + value | |
| 98 | +16 - bits | |
| 99 | + 0x1234 | |
| 100 | + Note: For more details, see [1] . | |
| 101 | +April 26, 2012 | |
| 102 | +the first byte sent is | |
| 103 | + 0x12 | |
| 104 | +http://www.modbus.org | |
| 105 | +then 0x34 | |
| 14 | 106 | \ No newline at end of file | ... | ... |