6.19. Modbus关键字

Modbus关键字可用于对Modbus请求的各种属性进行匹配。

使用此关键字有三种方法:

  • 函数属性与设置“函数”匹配;

  • 直接在数据访问上与设置“访问”匹配;

  • 在单元标识符上仅与设置“单元”匹配,或与以前的设置“功能”或“访问”匹配。

与设置 功能 ,您可以匹配:

  • 基于功能代码字段和子功能代码的操作(如果适用);

  • 三类Modbus功能之一;

  • 公共定义的公共功能(设置为“公共”)。

  • 用户定义函数(设置“用户”)

  • 专用于Modbus专有扩展的保留功能(关键字“reserved”)。

  • 公共职能的两个子组之一:

    • 已分配的功能,其定义已在Modbus规范中给出(关键字“assigned”);

    • 未分配的函数,保留供将来使用(关键字“unassigned”)。

语法::

modbus: function <value>
modbus: function <value>, subfunction <value>
modbus: function [!] <assigned | unassigned | public | user | reserved | all>

签名“!”是否定的

实例:

modbus: function 21                # Write File record function
modbus: function 4, subfunction 4  # Force Listen Only Mode (Diagnostics) function
modbus: function assigned          # defined by Modbus Application Protocol Specification V1.1b3
modbus: function public            # validated by the Modbus.org community
modbus: function user              # internal use and not supported by the specification
modbus: function reserved          # used by some companies for legacy products and not available for public use
modbus: function !reserved         # every function but reserved function

接近 设置,可以匹配:

  • 一种数据访问(读或写);

  • 一个主表访问(离散输入、线圈、输入寄存器和保持寄存器);

  • 地址访问范围;

  • 书面价值。

语法::

modbus: access <read | write>
modbus: access read <discretes | coils | input | holding>
modbus: access read <discretes | coils | input | holding>, address <value>
modbus: access write < coils | holding>
modbus: access write < coils | holding>, address <value>
modbus: access write < coils | holding>, address <value>, value <value>

用 _<value>_ 在访问或写入地址或值时设置匹配项,如下所示:

address 100      # exactly address 100
address 100<>200 # greater than address 100 and smaller than address 200
address >100     # greater than address 100
address <100     # smaller than address 100

实例:

modbus: access read                                    # Read access
modbus: access write                                   # Write access
modbus: access read input                              # Read access to Discretes Input table
modbus: access write coils                             # Write access to Coils table
modbus: access read discretes, address <100            # Read access at address smaller than 100 of Discretes Input table
modbus: access write holding, address 500, value >200  # Write value greater than 200 at address 500 of Holding Registers table

与设置 unit ,您可以匹配:

  • 连接在网桥或网关后的子网络上的远程设备的Modbus从机地址。目标IP地址标识网桥本身,网桥使用Modbus单元标识符将请求转发到右从设备。

语法::

modbus: unit <value>
modbus: unit <value>, function <value>
modbus: unit <value>, function <value>, subfunction <value>
modbus: unit <value>, function [!] <assigned | unassigned | public | user | reserved | all>
modbus: unit <value>, access <read | write>
modbus: unit <value>, access read <discretes | coils | input | holding>
modbus: unit <value>, access read <discretes | coils | input | holding>, address <value>
modbus: unit <value>, access write < coils | holding>
modbus: unit <value>, access write < coils | holding>, address <value>
modbus: unit <value>, access write < coils | holding>, address <value>, value <value>

用 _<value>_ 在访问或写入地址或值时设置匹配项,如下所示:

unit 10     # exactly unit identifier 10
unit 10<>20 # greater than unit identifier 10 and smaller than unit identifier 20
unit >10    # greater than unit identifier 10
unit <10    # smaller than unit identifier 10

实例:

modbus: unit 10                                                       # Unit identifier 10
modbus: unit 10, function 21                                          # Unit identifier 10 and write File record function
modbus: unit 10, function 4, subfunction 4                            # Unit identifier 10 and force Listen Only Mode (Diagnostics) function
modbus: unit 10, function assigned                                    # Unit identifier 10 and assigned function
modbus: unit 10, function !reserved                                   # Unit identifier 10 and every function but reserved function
modbus: unit 10, access read                                          # Unit identifier 10 and Read access
modbus: unit 10, access write coils                                   # Unit identifier 10 and Write access to Coils table
modbus: unit >10, access read discretes, address <100                 # Greater than unit identifier 10 and Read access at address smaller than 100 of Discretes Input table
modbus: unit 10<>20, access write holding, address 500, value >200    # Greater than unit identifier 10 and smaller than unit identifier 20 and Write value greater than 200 at address 500 of Holding Registers table

(参见http://www.modbus.org/docs/modbus_application_protocol_v1_1b3.pdf)

注: 读写地址从1开始。因此,如果系统使用的起始值为0,则需要将地址值加1。

注: 根据TCP/IP实施指南v1.0b中的Modbus消息传递,建议使用远程设备保持TCP连接打开,不要为每个Modbus/TCP事务打开和关闭它。在这种情况下,重要的是将流重新组合的深度设置为无限制(stream.reassembly.depth:0)

注: 根据TCP/IP实施指南v1.0b上的Modbus消息传递,串行线路上的Modbus从设备地址分配为1到247(十进制)。地址0用作广播地址。

(参见http://www.modbus.org/docs/modbus_messaging_implementation_guide_v1_0b.pdf)

有关Modbus支持的论文和演示(法语):http://www.ssi.gouv.fr/agence/publication/detection-dintrusion-dans-les-systemes-industriels-suricata-et-le-cas-modbus/