![[note]](../Images/noteicon.png)
This section gives specific details on the configuration and operation of the ModbusScanner. This implementation of the Modbus protocol, provides for Polled Report By Exception (PRBX) capabilities not defined as part of the Modbus documentation.
|
The Modbus protocol is as described in "Modicon Modbus Protocol Reference Guide, PI-MBUS-300 Rev.C January 1991". |
This version of the Modbus scan task allows for communications via a TCP/IP connection (for serial terminal servers) (see socket, socket info, and socket index). To switch between different sockets, send an rtUSER_MESSAGE message type to the scan task after the socket index has been changed to the new host/service record. This will cause the scan task to close the current socket connection, and re-open a socket connection to the specified host/service.
|
This is different than Modbus TCP/IP which also communicates via a TCP/IP connection, but has a different protocol header. |
The Modbus scan task; implements polled report by exception by polling the RTU for a register (16 bits) specified in the "prbx register" (see prbx register ) attribute in the scan device database point. The user can define the PRBX poll rate by setting the starting time and frequency in the "PRBX types" table in the communication port database point, and by setting the "device PRBX types" mask in the scan device database point. The returned register value will be used as a "poll type mask" (see scan input table ) for a forced poll to the RTU. All records in the scan input table that match the "poll type mask" returned and have the "exception record" (see scan input table ) field set to one, will be polled. Upon completion of the poll(s) the returned register value will be written back to the RTU to the register specified in the "prbx reset register" (see prbx reset register ) attribute in the scan device database point. It is the responsibility of the RTU to manage the prbx register.
It is recommended that the RTU maintain three separate registers. The first one will be used to indicate which poll type mask(s) are to be polled for. The host upon completion of the poll(s) will write to the second register. The third register will be used by the RTU to store additional poll type masks that need polling. This register should be used after the first register has been written to by the RTU. The RTU can then perform an exclusive OR operation on the first and second registers to determine if the host has completed the poll(s). When the result is zero, the RTU can then copy the contents of the third register into the first register, and delete the contents of the third register. This will start the next cycle.
Besides the function defined by the Modbus protocol, the following additional user defined functions have been implemented:
The "read floating point" request message is as follows:
| Addr | Func | Start Reg Hi | Start Reg Lo | # Reg Hi | # Reg Lo | CRC Hi | CRC Lo |
|---|---|---|---|---|---|---|---|
| 03 | 41 | 00 | 6B | 00 | 01 | 8C | 3B |
The "read floating point" response message is as follows:
| Addr | Func | Byte Cnt | Reg Byte Hi | Reg Byte Low | Reg Byte | Reg Byte | CRC Hi | CRC Lo |
|---|---|---|---|---|---|---|---|---|
| 03 | 41 | 04 | 41 | A0 | 00 | 00 | B4 | C4 |
The "write floating point" request message is as follows:
| Addr | Func | Start Reg Hi | Start Reg Lo | # Reg Hi | # Reg Lo | Reg Byte Hi | Reg Byte | Reg Byte |
|---|---|---|---|---|---|---|---|---|
| 03 | 42 | 00 | 6B | 00 | 03 | BF | 80 | 00 |
| Reg Byte Lo | Reg Byte Hi | Reg Byte | Reg Byte | Reg Byte Lo | Reg Byte Hi | Reg Byte | Reg Byte | Reg Byte Lo |
|---|---|---|---|---|---|---|---|---|
| 00 | 44 | F8 | E0 | 00 | 42 | 48 | 00 | 00 |
| CRC Hi | CRC Low |
|---|---|
| 3E | 12 |
The "write floating point" response message is as follows:
| Addr | Func | Start Reg Hi | Start Reg Lo | # Reg Hi | # Reg Lo | CRC Hi | CRC Lo |
|---|---|---|---|---|---|---|---|
| 03 | 42 | 00 | 6B | 00 | 03 | 49 | FA |
The "read text string" request message is as follows:
| Addr | Func | Start Reg Hi | Start Reg Lo | N/A | N/A | CRC Hi | CRC Lo |
|---|---|---|---|---|---|---|---|
| 03 | 43 | 00 | 32 | 00 | 00 | E4 | 28 |
The "read text string" response message is as follows:
| Addr | Func | # Data Bytes | Char 1 ‘S’ | Char 2 ‘T’ | Char 3 ‘R’ | Char 4 ‘I’ | Char 5 ‘N’ | Char 6 ‘G’ |
|---|---|---|---|---|---|---|---|---|
| 03 | 43 | 06 | 53 | 54 | 52 | 49 | 4E | 47 |
| Char 7 Null | CRC Hi | CRC Low |
|---|---|---|
| 00 | B7 | B7 |
The "write text string" request message is as follows:
| Addr | Func | Start Reg Hi | Start Reg Lo | # Bytes | Char 1 ‘R’ | Char 2 ‘I’ | Char 3 ‘N’ | Char 4 ‘G’ |
|---|---|---|---|---|---|---|---|---|
| 03 | 44 | 00 | 32 | 04 | 52 | 49 | 4E | 47 |
| Char 5 Null | CRC Hi | CRC Low |
|---|---|---|
| 00 | 6D | 3B |
The "write text string" response message is as follows:
| Addr | Func | Start Reg Hi | Start Reg Lo | N/A | N/A | CRC Hi | CRC Lo |
|---|---|---|---|---|---|---|---|
| 03 | 44 | 00 | 32 | 00 | 00 | 51 | E8 |
The "read long integer" request message is as follows:
| Addr | Func | Start Reg Hi | Start Reg Lo | # Reg Hi | # Reg Lo | CRC Hi | CRC Lo |
|---|---|---|---|---|---|---|---|
| 03 | 45 | 00 | 6B | 00 | 01 | 7D | FB |
The "read long integer" response message is as follows:
| Addr | Func | Byte Cnt | Int Byte Hi | Int Byte | Int Byte | Int Byte Lo | CRC Hi | CRC Lo |
|---|---|---|---|---|---|---|---|---|
| 03 | 45 | 04 | 00 | 18 | 36 | 22 | F2 | A4 |
The "write long integer" request message is as follows:
| Addr | Func | Start Reg Hi | Start Reg Lo | # Reg Hi | # Reg Lo | Int Byte Hi | Int Byte | Int Byte |
|---|---|---|---|---|---|---|---|---|
| 03 | 46 | 00 | 6B | 00 | 02 | 00 | 18 | 36 |
| Int Byte Lo | Int Byte Hi | Int Byte | Int Byte | Int Byte Lo | CRC Hi | CRC Lo |
|---|---|---|---|---|---|---|
| 22 | 00 | 18 | 36 | 22 | EF | 6F |
The "write long integer" response message is as follows:
| Addr | Func | Start Reg Hi | Start Reg Lo | # Reg Hi | # Reg Lo | CRC Hi | CRC Lo |
|---|---|---|---|---|---|---|---|
| 03 | 46 | 00 | 6B | 00 | 02 | 79 | FA |
The "read system time" request message is as follows:
| Addr | Func | N/A | N/A | N/A | N/A | CRC Hi | CRC Lo |
|---|---|---|---|---|---|---|---|
| 03 | 47 | 00 | 00 | 00 | 00 | B4 | 27 |
The "read system time" response message is as follows (the time returned is a long integer indicating the number of seconds since January 1, 1970):
| Addr | Func | Time Byte Hi | Time Byte | Time Byte | Time Byte Lo | CRC Hi | CRC Lo |
|---|---|---|---|---|---|---|---|
| 03 | 47 | 00 | 18 | 36 | 22 | A3 | 99 |
The "write system time" request message is as follows (the time sent is a long integer indicating the number of seconds since January 1, 1970):
| Addr | Func | Time Byte Hi | Time Byte | Time Byte | Time Byte Lo | CRC Hi | CRC Lo |
|---|---|---|---|---|---|---|---|
| 03 | 48 | 00 | 18 | 36 | 22 | F7 | 98 |
The "write system time" response message is as follows:
| Addr | Func | N/A | N/A | N/A | N/A | CRC Hi | CRC Lo |
|---|---|---|---|---|---|---|---|
| 03 | 48 | 00 | 00 | 00 | 00 | E1 | 6E |
The scan task also allows the specification of the data type being returned from the RTU (see modbus type field in the scan input table). For example, this would allow a 32 bit integer to be returned as a single register.
The ModbusScanner supports the rtDirectCmdSS(3) call. The caller should supply the request, the scan task will calculate the CRC/LRC checksum before the message is sent out. The following is checked on the response:
The request is assumed to be formatted in the mode specified by the transmission mode.
The RTU number is parsed from the request given to find the associated scan device point to retrieve the intercharacter TO value. If no RTU is found, the default as described in intercharacter TO will be used.
If the response fails for any of the above reasons, the scan task will return a failure back to the caller.
|
The following symbol indicates a reference to the
specified section in section 4 of the RTAP/Plus Integration
Manual§ |