IoT Protocol -- Modbus

IoT Protocol -- Modbus

2021-02-20. Category & Tags: IoT, Modbus, RS232, RS485, RS422, Serial, COM, CAN1939, MQTT, Emulator, Simulator

OSI vs. Modbus Layers:

Tip:

  • RS-485/RS485’s new name is EIA-485.
  • UART usually (99%) means TTL in shops, not 232/485.
  • DB9 physical port usually (90%) means 232 electrical signals level standards.

Modbus Protocol #

See Also:

Each Modbus Slave has 4 tables with 9999 values in each table.

Coil/Register Number (//≈index) Data Addresses RW Type Table (//Abbreviation &) Name
1-9999 0000 ~ 270E Read-Write (DO) Discrete Output Coils
10001-19999 0000 ~ 270E Read-Only (DI) Discrete Input Contacts
30001-39999 0000 ~ 270E Read-Only (AI) Analog Input Registers
40001-49999 0000 ~ 270E Read-Write (AO) Analog Output Holding Registers

注意! Output is writable, input is read-only. This is master’s perspective!

2 tables for on/off discrete values (coils/contacts) 开关量离散值 (线圈/触点);
2 tables for numerical analog values (registers) 模拟量连续值 (保持寄存器).

1 coil/contact = 1 bit, addresses are from 0000 to 270E;
1 register = 1 word = 16 bits = 2 bytes, addresses are from 0000 to 270E.

Modbus Modes #

2 modes: ASCII (hex text string) vs. RTU (binary).

ascii #

Frame format (“冒号开始,回车结束”):

Start Address Function Data LRC End
: 2 Chars 2 Chars n Chars 2 Chars CR LF

rtu #

(i.e. remote terminal unit)

Frame format:

Start Silent Slave ID/Address Function Data CRC End Silent
3.5 char-time 1 Byte 1 Byte n Byte 2 Byte 3.5 char-time

DEF 从站地址 Slave ID: 【1st Byte】in Master’s requests, 1 ~ 247.

DEF 功能码 Function Code: 【2nd Byte】in Master’s requests, R/W Type & Table.

DEF 偏移量(Offset): Numbers (//≈index,点位地址) 与 Data Address (数据地址) 的差值是偏移量。四张表的(点位地址与数据地址的) 偏移量(offset)分别是 1, 10001, 30001 and 40001

DEF CRC 校验 Cyclic Redundancy Check: 【last 2 Byte】 in every message.

Function Code Action Table (//Abbreviation &) Name (区块)表 中文名
01 Read DO Discrete Output Coils 线圈状态/离散输出
02 Read DI Discrete Input Contacts 离散输入
03 Read AO Analog Output Holding Registers 保持寄存器
04 Read AI Analog Input Registers 输入寄存器
05 Write single DO Discrete Output Coil 线圈状态/离散输出
06 Write single AO Analog Output Holding Register 保持寄存器
0F (15 dec) Write multiple DO Discrete Output Coils 线圈状态/离散输出
10 (16 dec) Write multiple AO Analog Output Holding Registers 输入寄存器

special ones #

Change unit address to 2, unit will confrim with the old address and use new address from next message. (ref)

问询(修改地址为 2):

地址码 功能码 起始地址 修改数值 校验码低位 校验码高位
0xFF 0x06 0x07 0xD0 0x00 0x02 0x1D 0x58

应答(回应修改):

地址码 功能码 起始地址 修改数值 校验码低位 校验码高位
0x01 0x06 0x07 0xD0 0x00 0x02 0x08 0x86

ref

Serial Port/Line/Connection Simulator/Emulator Software/Tools #

  • Note: Setup / Use (Write & Read) Linux serial ports require root permission

com0com / Null-modem emulator (windows, free) [suggested for win] #

  • serial line/connections

a kernel-mode virtual serial port driver for Windows.

download from sourceforge

free virtual serial ports (windows, free & commercial) #

  • serial line/connections
  • free version limit: port not permanent
  • commercial version: support remote virtual paired ports (based on samba?)

free virtual serial ports

tty0tty (linux, free) [suggested for nix] #

  • serial line/connections (pair of searial ports)
  • need to compile (a bug is fixed by sunny)

https://gitcode.net/sino/tty0tty
The modem status lines are properly emulated, but the “termios” (行规程) settings are not.

virtual serial port driver /vspd (windows, commercial) #

  • serial line/connections (pair of searial ports)

Suports 3 modes: null-modem / loopback, standard, customed wire connections.
14 天试用。汉化版: 虚拟串口驱动

vtty (linux, free) #

  • serial line/connections (pair of searial ports) (not tested)

https://github.com/anszom/vtty

virtual serial port driver for linux / vspdl (linux, free) #

(having problems to install)
https://tibbo.com/support/downloads/vspdl.html

socat (linux, free, build-in) #

actually, not exactlly a good choice for my need.

Modbus Master & Slave Device Debug/Simulation/Emulation Software/Tools #

mthings (windows, free) [suggested for win] #

  • in-app serial line/connections (TCP/UDP only, NO RTU, inside the software only).
  • master & slave devices.

5 分钟入门 MThings 视频;
官方 B 站;
官方博客 CSDN;
基于 MThings 搭建模拟主机调试 MODBUS 从机设备.

  • 主窗口如图,左上角的菜单是控制右边显示的。
  • COM 口是从系统自动识别的,不需要“添加”,MODBUS-RTU 一般配置为无校验(无奇偶校验,因为已有 CRC)。
  • 设置完“设备起始地址”和“设备结束地址”后,点击“添加”,然后选择“模拟主机”还是“模拟从机”,点击确定会自动添加两个地址(含)中间范围内所有的地址 所对应的“主机/上位机”或“从机”到左侧边栏。
  • 中间左边,[M]表示 master/主机/上位机/client,[S]表示 slave/从机/server。


在数据界面,点击“批量读”后,“同步至其他设备”意思是其他设备也批量读,“循环”选项也会被“同步”。


在数据界面,如果在“批量读”过程中点击“配置”,会停止当前地址(设备)数据的读取,但是不影响其他地址(设备)。即,此停止没有自动“同步”到其他设备。

Ref: 面包板 eet-china, (bak)

modbus poll & modbus slave (windows, commercial) #

  • master (Modbus Poll) & slave (Modbus Slave) devices.

中文介绍很多,例如 cnblogs (bak), 知乎

developed by Witte Software (modbustools.com).

modbus mechanic (java jar, thus cross-platform) [suggested for nix] #

  • master & slave
  • GUI & headless CLI
  • RTU scanner

web & java JDK, github (gitee backup).

Requires: OpenJDK. Note: both jdk (tested openjdk 17.0.3, 2022-04-19) and modbusMechanic are pre-compiled.

Simple guide (requires two terminal windows):

# 1st terminal:
sudo java -jar ./ModbusMechanic.jar
# 2nd terminal:
./modpull -b 9600 -p none -m rtu -a 1 -r 1 -c 10 /dev/tnt6

Complete guide:

Add a slave/server with registers: select type (RTU is suggested, TCP also ok) & port & baud rate; Tools > Start Slave Simulator (can start many slave devices); setup a register & value type & a value and “Add” (can add many to one slave).

Read data:
Option 1. use ModbusMechanic: select type (RTU or TCP) & port & baud rate (canNOT be the port occupied by the slave simulator); set Slave-Node (station address) and Register; set value type; “Transmit Packet”.
Option 2. use other tools, such as modpoll from modbusdriver.com.

imgimage

modbus-utils / libmodbus-dev #

  • master & slave
cd ~
# download src & dev lib
sudo apt install libmodbus-dev
git clone https://github.com/Krzysztow/modbus-utils.git

# install option 1
$ cd modbus-utils
$ git submodule update --init
$ mkdir build
$ cd build
$ cmake ..
$ make

# OR:
# install option 2
cd modbus-utils/modbus_client
gcc -o modbus_client modbus_client.c -lmodbus -I/usr/include/modbus -I$HOME/modbus-utils/common
cd ../modbus_server
gcc -o modbus_server modbus_server.c -lmodbus -I/usr/include/modbus -I$HOME/modbus-utils/common

ref: CSDN, bak

mbpoll (linux, free) #

  • master only (not tested)
  • CLI-only
  • totally free but need to compile from source with some careness.

https://manpages.ubuntu.com/manpages/jammy/en/man1/mbpoll.1.html

lib: modbusdriver.com (cross-platform library, free & commercial) #

  • master (modpoll) & slave (diagslave) demo & library
  • commercial, 30-day free trial

Pro (free demo): for windows & linux; compile for multi-platforms.
Note: Slave (diagslave) provides fixed all-zero values.
Commercial lib with free master & slave demo:
imgimage

More Modebus Tools #

  • masters:
    • free: QModMaster, Modbus Tester, Modpoll from proconX, RMMS (Radzio! Modbus Master Simulator).
    • commercial: Simply Modbus Master (RTU and ASCII ), Modbus Poll from modbus tools, ModScan32 from WinTECH.
  • slaves:
    • free: ModRSsim2 was forked from MOD_RSSIM (Windows-based Modbus PLC Simulator), pyModSlave based on Qt (video tutorial).
    • commercial: WinModbus (www.winmodbus.com), UnSlave Modbus Slave Simulator.
  • libraries
    • FreeMODBUS: free with separated ASCII/RTU and TCP.
    • libmodbus: BSD 3-clause, for Linux, Mac OS X, FreeBSD, QNX and Win32.
  • another list of useful tools

ref

TTS vs. (EIA/TIA) RS 232 vs. 422 vs. 485 #

electrical signals level standards & common characteristics (电气电平规定和常见特性的区别) #

image

image

pic ref1, ref2

DB9 pin definition differences (DB9 物理接口定义区别) #

image

pic ref: 数据中心运维管理 in sohu, (bak)

232 485 422 电气标准、网络拓扑、速度速率 #

  1. 如下图, a b c 为典型错误接线方法,d e f 为(对应 a b c 情况时)典型正确接线方法。或采用集线器(aka 分配器)。 image
  2. 理论通信距离: RVSP 屏蔽双绞线(0.4 平) + 理想环境 + 100kbps (~115200bps) + 只有一台设备 = 1200 米。 距离乘以 n,速度除以 n (平衡双绞线的长度与传输速率成反比). ref (速度与距离关系,串口回环测试 etc.)bak

终端电阻 485 通信距离超过 300 米(尤其是总线上设备数量较少时),要在结束端(最远端)增加一个 120Ω 终端电阻(开始端可能也需要)。 (当设备数量较多时,例如超过 22 台,一般不需增加终端电阻,没有必要且降低负载能力)