Modsak Manual - Settings
The settings panel (Figure 3, “General settings panel”) enables you to set the following items:
Mode. Modsak can be run in one of three modes. In Master mode, Modsak sends requests to a Modbus slave. In Slave mode, Modsak simulates a Modbus device, responding to requests from Modbus masters. In Monitor mode, Modsak relays messages between a master and a slave, displaying the register values that are transferred. See the section Setup overview for more details.
-
Slave ID. The Slave ID is what is called the "slave address" in the original Modbus specification, and is called the "unit identifier" in the Modbus/TCP specification. It should be in the range 0 to 255.
A zero slave identifier is used in write requests as a broadcast identifier (each slave that receives the message should store the values supplied in the request, but should not normally send a response). If Modsak is in slave mode and the Slave ID is set to 0, Modsak will act on all requests it receives, regardless of the slave identifier in the request. The serial specification limits the range of slave identifiers to 0 to 247, for no apparent reason. The Modbus/TCP implementation guide suggests that Modbus/TCP slaves that can be uniquely identified by their IP address should use slave identifier 255.
Number of Retries. The Number of Retries field specifies how many times Modsak should retry a request that it has not received a response to.
Response Timeout. The Response Timeout field specifies how long (in milliseconds) Modsak should wait for a response before re-trying the request or reporting a failure.
Request Delay. The Request Delay field is used to insert a time delay after each read or write request when polling and when sending a sequence of commands. This may be used to reduce the load on the slave, and maybe also on the computer running Modsak. The delay is measured in milliseconds. (Also see Pass Delay).
Response Delay. The Response Delay field is used in slave mode and monitor mode to insert a time delay before sending a response to a Modbus request. A delay may be necessary when using RS485 to give the master time to switch from transmitting to receiving. The delay is measured in milliseconds.
Max PDU size. This field specifies the maximum allowable number of bytes in the PDU (Protocol Data Unit) of Modbus messages. In master mode, Modsak will refuse to send any request that exceeds the PDU limit, or whose response would exceed the limit. In slave mode, Modsak will discard any request that exceeds the PDU limit, and will return an "Illegal Data Value" error response to any request that would require a response exceeding the limit. See the note on message size limits for more information.
-
Enforce Count Limits. The current Modbus specification specifies arbitrary limits on the counts in some Modbus requests (e.g. a maximum of 2000 coils in a Read Coils request). Select this checkbox if you want Modsak to enforce these limits.
Since Modsak can handle non-standard register sizes, count limits for holding and input registers are multiplied by 2 and then interpreted as byte count limits. In master mode, Modsak enforces a count limit by refusing to send any request that exceeds the limit, or whose response would exceed the limit. In slave mode, Modsak enforces a count limit by returning an "Illegal Data Value" error response to any request whose count exceeds the limit. See the note on message size limits for more information.
-
Strict Checking. Normally Modsak checks that received Modbus messages conform to the current Modbus specification, and rejects them if they do not. Some of these checks are not essential: messages that fail them can still be interpreted correctly. Deselect Strict Checking if you want Modsak to be more tolerant of non-conforming messages.
The checks enabled by the Strict Checking setting are:
The byte count in a response message must match the count in the request message (commands 1 Read Coils, 2 Read Discrete Inputs, 3 Read Holding Registers, 4 Read Input Registers, 23 Read/Write Multiple Holding Registers).
The byte count in a request message must match the count (commands 15 Write Multiple Coils, 16 Write Multiple Holding Registers, 23 Read/Write Multiple Holding Registers).
A response message must correctly echo data that was sent in the request (commands 5 Write Single Coil, 6 Write Single Holding Register, 8 Diagnostics, 15 Write Multiple Coils, 16 Write Multiple Holding Registers, 22 Mask Write Holding Register, 43/14 Read Device Identification).
The count in a request message must not be zero (commands 1 Read Coils, 2 Read Discrete Inputs, 3 Read Holding Registers, 4 Read Input Registers, 15 Write Multiple Coils, 16 Write Multiple Holding Registers, 23 Read/Write Multiple Holding Registers).
The value in a 5 Write Single Coil request must be 0000 or FF00.
Unused fields in messages must be correctly set (command 43/14 Read Device Identification).
A message must not contain excess data.
-
Allow Long Messages. Some Modbus messages contain a count of the number of data bytes in the message. This byte-count is in a one-byte field, and so has a maximum value of 255, which limits the quantity of data that can be sent in a single message. The byte-count is actually redundant: it is possible to determine the number of data bytes in a message from the overall size of the message.
If you select Allow Long Messages, Modsak will ignore the byte-count field and determine the number of data bytes from the overall message size, and will set the byte-count to 0 when sending messages containing more than 255 data bytes. If you also increase the Max PDU Size, Modsak will be able to send and receive messages containing more than 255 data bytes.
Sending messages containing more than 255 data bytes is non-standard and not widely supported. It may affect the detection of the end of messages when using the RTU packet type, and may affect the ability of the CRC/LRC check to detect errors. However, it should be reliable when using a socket (TCP or UDP) connection. Note that UDP datagrams are limited in size, so this will limit the size of Modbus messages that can be sent using UDP.
Limits on the size of Modbus messages are confusing and have a chequered history. Take the Write Multiple Coils request (function code 15) as an example:
The Write Multiple Coils request contains a count of the number of bytes of data to be written. This byte count is stored in a single byte of the request, and so cannot exceed 255. Each byte of data can contain 8 bits (coils), so at most 2040 (255 * 8) coils can be written.
The original Modbus specification imposed no other limits on the size of a Write Multiple Coils request, and so implicitly allowed 2040 coils to be written. However, an appendix listed implementation limits for Modicon controllers, which varied from 32 to 800 coils.
The Modbus/TCP specification introduced arbitrary limits on the counts of some Modbus requests. It specified a limit of 800 coils in a Write Multiple Coils request.
-
Version 1 of the current Modbus specification introduced the term "PDU", and imposed arbitrary limits on the PDU size. The PDU for serial communications was limited to 253 bytes, and the PDU for TCP communications was limited to 249 bytes. The PDU for a Write Multiple Coils request requires 6 bytes for the function code, starting address, etc. For serial comms, this leaves 247 (253 - 6) bytes of coil data, which allows 1976 (247 * 8) coils to be written. For TCP comms, there could be 242 (249 - 6) bytes of coil data, which allows 1936 (242 * 8) coils to be written.
The arbitrary count limit on the Write Multiple Coils request was increased from 800 to 1968 coils.
Version 1.1b of the current Modbus specification changed the TCP PDU limit to 253 bytes, making it the same as the serial PDU limit. This would allow 1976 coils to be written using TCP, if it were not for the arbitrary count limit (still at 1968).
Some recommendations for dealing with this confusion:
If you want Modsak to conform to the current Modbus specification, set the Max PDU Size to 253, and select the Enforce Count Limits checkbox.
-
If you are designing a Modbus slave, ignore the arbitrary limits on counts and the PDU size (for example, you should allow 2040 coils to be written in a Write Multiple Coils request - if the device has that many coils). This will allow your slave to work with the maximum number of Modbus masters.
In order to test the slave, set Modsak's Max PDU Size to 265 or greater, and deselect the Enforce Count Limits checkbox.
If you are designing a Modbus master, you should, by default, conform to the arbitrary count and PDU limits of the current Modbus specification. You will probably also need to provide an option or options for reducing request sizes, since many slave devices cannot cope with large request sizes.
Modsak uses two communications interfaces: one to communicate with Modbus masters (in slave mode and monitor mode), and one to communicate with a Modbus slave (in master mode and monitor mode). Use the panel to configure the interface to the master(s), and the panel to configure the interface to the slave. Figure 4, “Interface to Slave panel” shows the Interface to Slave panel - the Interface to Master panel is almost identical.
The first four items in the panel must always be configured:
Interface Type. Select Serial for a RS232/485 serial interface. Select TCP Socket for a TCP/IP network interface. Select UDP Socket for a UDP/IP interface (use of UDP for Modbus is non-standard). Note that the Serial option will only be available if you have the Java Communications API package installed (the → window tells you whether it is installed).
Packet Type. You would normally select RTU if you are using a serial interface, and TCP if you are using a socket interface. You may have to use ASCII for some legacy serial interfaces or devices. It is possible to use RTU or ASCII packets over a socket interface - this is non-standard, but can be useful for software testing. It is also possible to use TCP packets over a serial interface, but there is no good reason to do so (and there would be no error-checking of the packets).
EOM Timeout. Enter the maximum delay (in milliseconds) expected within a message. The default value works fine in most situations, but you may need to increase the value if you are using a serial interface (or an operating system) that introduces large delays in the middle of messages.
Responses. When using Modbus RTU or ASCII over a serial interface, a slave should not respond to a broadcast request or to a request for a different slave ID (this is necessary for RS485 multi-drop to work). When using Modbus TCP over a TCP socket interface, the slave/bridge should respond to all requests, including broadcasts and requests to unknown/unreachable slaves (responding to the latter with an exception 10 or 11 response). When using non-standard protocol variants (such as RTU encapsulated in TCP), the behaviour in these situations is not defined. You should select Always responds if you want the Modbus TCP behaviour, or deselect it if you want the serial behaviour.
The Interface Type and Packet Type together determine the variant of the Modbus protocol that will be used. The table below lists the possible combinations:
| Interface type | Packet type | Protocol variant |
|---|---|---|
| Serial | RTU | Modbus RTU |
| Serial | ASCII | Modbus ASCII |
| Serial | TCP | Not recommended since no error checking (non-standard) |
| TCP Socket | RTU | Modbus RTU encapsulated in TCP (non-standard) |
| TCP Socket | ASCII | Modbus ASCII encapsulated in TCP (non-standard) |
| TCP Socket | TCP | Modbus TCP |
| UDP Socket | RTU | Modbus RTU encapsulated in UDP (non-standard) |
| UDP Socket | ASCII | Modbus ASCII encapsulated in UDP (non-standard) |
| UDP Socket | TCP | Modbus UDP (also known as Modbus TCP encapsulated in UDP) (non-standard) |
The following items must be configured for a socket interface:
-
Host. For an interface to a slave, you should enter the host name or IP address of the slave (or Modbus bridge/gateway).
For an interface to a master, you would normally leave this field empty, which allows connections/requests to be accepted via any network interface. But if you enter a host name or IP address of a network interface on the machine running Modsak, then Modsak will only accept connections/requests via that network interface. For example, if you enter
localhost(or127.0.0.1) then Modsak will only accept connections/requests from processes running on the same machine. -
Port. For an interface to a slave, you should enter the port number that Modsak should connect to on the slave host (or Modbus gateway).
For an interface to a master, you should enter the port that Modsak should listen on for connections/requests. The standard Modbus port number is 502, but this is a "privileged" port and you will not be able to listen on this port on a Unix/Linux machine unless you are "superuser". This is not normally advisable, so it's better for testing purposes to use a non-privileged port (above 1023).
The following items must be configured for a serial interface (Figure 5, “Interface to Slave serial settings”):
Port. Name of the serial port that Modsak should use to talk to the master (for a master interface) or slave (for a slave interface). If (during testing) the connection between the master and slave is between two serial ports that are both on the same machine, then you must obviously use different port names for each. Don't forget to connect the two ports with a cable!
Parity. It's usual to use no parity, since the CRC in RTU packets is a good error check on its own, but some devices may require it. The serial specification requires even parity to be the default.
Data Bits. Must be 8 for RTU. Some ASCII devices may require 7 (the serial specification actually specifies 7 for ASCII).
Stop Bits. Usually 1, but some devices may require 2. The serial specification actually specifies 2 stop bits if parity is not being used, but this requirement is normally ignored.
-
RTS Control. The default setting of High will be OK for most purposes.
Selecting Flow Control will enable hardware flow control ("handshaking") using RTS and CTS. Since Modbus messages are short, flow control is not normally necessary.
Selecting RS485 will use RTS to control a RS232 to RS485 converter: Modsak will raise RTS when it is transmitting data, and lower RTS to receive data. Note that the lowering of RTS may be delayed by the operating system, and this may cause loss of data. For this reason, we recommend the use of RS232-RS485 converters that do not require RTS control.
As explained in section 4.3 of the current Modbus specification, the Modbus protocol uses four different address ranges (called "tables" in the specification): discrete inputs, coils, input registers, and holding registers. The function code of a message determines to which address range the address in the message belongs. The address ranges may be separate, or they may be overlaid so that a register may appear in more than one address range. Note that the specification says nothing about how the overlaying is done - in particular, there is no mention of the byte-ordering issues involved.
In this documentation, we use the term "message address" to refer to the address that is actually sent in a message. We use the term "model address" to refer to the address that you supply when you define a register in Modsak (see Defining registers).
Note that message addresses are restricted to the range 0..65535 since they are transmitted in a 16-bit field in Modbus messages, whereas model addesses are only used internally by Modsak and may be in the range 0..2147483647.
The panel (Figure 6, “Address mapping panel”) enables you to set up the mapping between message addresses and model addresses.
For each address range, you have to specify a "base address" and a "number of addresses".
The number of addresses is simply the number of message addresses in the range, i.e. for each message address:
message_address >= 0 and message_address < number_of_addresses
The base address is the model address that corresponds to message address 0. For holding registers and input registers this means that for each model address:
model_address = base_address + message_address
This also applies to coils and discrete-inputs, provided that you use 1-bit "discrete" registers. If the coil or discrete input address range does not overlay the holding register or input register address range, then it is simplest to use 1-bit registers for coils and discrete inputs.
If the same register appears in more than one address range, then the address ranges are said to be "overlaid". Overlaying of holding registers with input registers presents no particular problems, nor does overlaying of coils with discrete inputs. However, overlaying of coils/discrete-inputs with holding/input registers is tricky.
If you want to overlay the discrete input or coil address range with the input register or holding register address range, then you will probably want to use 16-bit or larger registers.
If you use 8-bit or larger registers for coils or discrete-inputs, the address mapping is more complicated because message addresses refer to individual bits, whereas model addresses refer to registers. In this case, Modsak uses the size of the registers in the address range to determine the number of bits in a register, and then uses the mapping:
model_address = base_address + message_address / bits_in_register
The remainder after dividing by bits_in_register (i.e. message_address modulo bits_in_register) is used to determine which bit in the register the address refers to. The bits are numbered "from right to left" (i.e. bit 0 is the least significant bit), unless you select the Reverse Bits checkbox, in which case they will be numbered "from left to right" (i.e. bit 0 will be the most significant bit).
Note that all the registers in the discrete input or coil address range must be the same size for this method of mapping to work.
If you use 16-bit or larger registers for discrete inputs or coils, then you will have to decide (or find out) what byte-ordering you are using and configure Modsak accordingly. Discrete inputs and coils are sent in messages in increasing address order; for example, if you are transferring coils 24..39 then coils 24..31 would be in the first byte and coils 32..39 would be in the second byte. However, 16-bit registers are transferred in MSB first (big-endian) order, so the first byte contains bits 8..15 of the value and the second byte contains bits 0..7. A straightforward mapping of the two bytes of coils to the two bytes of the 16-bit register therefore results in coils 24..31 mapping to bits 8..15 of the register, and coils 32..39 mapping to bits 0..7 of the register. If you want the bytes mapped the other (more intuitive?) way round, you should select the Swap Bytes for Coils/Discrete Inputs checkbox. If you use registers larger than 16-bits, the word-ordering configuration described in 32/64-bit Value Settings will also apply.
If the mapping of overlaid discrete inputs and coils seems complicated, that's because it is! If you are designing a new Modbus device, we strongly recommend that you avoid overlaying discrete inputs or coils onto input registers or holding registers. Better still, you could not use discrete inputs and coils at all, and instead use the Mask Write Register command for bit manipulation.
In addition to the four main address ranges, there are two special registers that have their own Modbus commands, and are therefore mapped separately. The Exception Status Register is used by the 'Read Exception Status' command (function code 7), and the Diagnostic Register is used by the 'Diagnostics - Return Diagnostic Register' command (function code 8, sub-function 2). You only need to configure these mappings if you are using Modsak in slave mode and your master uses these commands.
You should enter in the Exception Status Register or Diagnostic Register field the model address of the register to be used. This register may be one that is also used in one of the standard address ranges (i.e. it may be overlaid), or it may be a dedicated register. You may also use a group of 1-bit registers as the exception status or diagnostic register - in this case you should enter the model address of the first register in the group. Enter "-1" to disable the register.
-
The default address mapping used by Modsak is shown below:
Table 2. Default address mapping Base Address Number of Addresses Holding Register 0 65536 Input Register 0 65536 Coil 0 0 Discrete Input 0 0 This mapping overlays input registers and holding registers, and makes message addresses and model addresses identical. It effectively disables discrete inputs and coils by setting the sizes of these address ranges to zero.
-
Another example mapping is the traditional non-overlaid setup used by Modicon:
Table 3. Traditional address mapping Base Address Number of Addresses Holding Register 40001 9999 Input Register 30001 9999 Coil 1 9999 Discrete Input 10001 9999 -
The following table shows a "simple" example of overlaying coils with holding registers:
Table 4. Overlaid address mapping Base Address Number of Addresses Holding Register 0 65536 Coil 100 96 With this mapping, registers 100..105 would be accessible as holding registers 100..105 and also as coils 0..95 (assuming the use of 16-bit registers).
For example, using the overlaying rules coil 37 would map to bit 5 (37 modulo 16) of register 102 (100 + 37 / 16). Which bit of the register is "bit 5" would, of course, depend on the Swap Bytes and Reverse Bits settings.
The official Modbus protocol (in both the original Modbus specification and the current Modbus specification) only allows 1-bit and 16-bit integer values to be transferred. Many manufacturers have extended the protocol to allow 32-bit and 64-bit values, and also to allow floating-point values. Fortunately, everyone seems to have used the IEEE format for floating-point numbers, but that is where the agreement ends. The panel (Figure 7, “32/64-bit Value Settings panel”) enables you to configure Modsak to handle all implementations of 32/64-bit values that we know of.
Little Endian. Modbus is a "big-endian" protocol: that is, the more significant byte of a 16-bit value is sent before the less significant byte. It seems obvious that 32-bit and 64-bit values should also be transferred using big-endian order. However, some manufacturers have chosen to treat 32-bit and 64-bit values as being composed of 16-bit words, and to transfer the words in little-endian order. For example, the 32-bit value 0x12345678 would be transferred as 0x56 0x78 0x12 0x34. You should select the Little Endian checkbox to use this mixed ordering.
-
Word Registers. Each register in the Modbus protocol holds a single (16-bit) value. The simplest way to extend the protocol to handle 32-bit and 64-bit values is to allow registers that contain these larger values. However, some manufacturers have chosen to keep to the 16-bit register size, and use 2 registers to hold a 32-bit value, and 4 registers to hold a 64-bit value. For example, if a 32-bit value is stored at address 100, then register 100 would hold one half of the value and register 101 would hold the other half of the value. Some devices will actually allow you to access the halves of the value independently; others will only allow accesses that transfer the complete value (thus making address 101 in the example an invalid address).
You should select the Word Registers checkbox to use multiple registers to store large values, and leave the checkbox unselected to use a single register to hold each value. Note that when you use the Word Registers option, Modsak will only allow access to complete values, and you should add definitions only for the first register used for each value (in the above example, you should define register 100, but not register 101).
-
Word Count. Some Modbus requests (e.g function 3 Read Holding Registers, and function 16 Write Multiple Registers) include a count of how many registers/values are to be transferred. There are three possible interpretations for this count:
The number of values to be transferred.
The number of 16-bit words to be transferred.
The number of registers to be transferred.
In the official Modbus protocol, these three interpretations are equivalent, since all values and all registers are 16-bit. When 32-bit and 64-bit values and/or registers are allowed, the three interpretations become distinct. However, the third interpretation will be equivalent to one or other of the first two, depending on the Word Registers setting, so Modsak only deals directly with the first two interpretations.
You should select the Word Count checkbox if the count is to be interpreted as the number of 16-bit words to be transferred. You should leave the Word Count checkbox unselected if the count is to be interpreted as the number of values to be transferred.
These three options (Little-endian, Word-registers, and Word-count) allow 8 possible variations of 32/64-bit value handling. At least 5 of these variations have actually been used in devices, so you may need to carefully read documentation, or to experiment, to determine which variation a particular device uses. The default settings (all options deselected) should work with Enron/Daniel devices. For Modicon/Schneider devices you will probably need to select all the options.
The settings panel (Figure 8, “Polling panel”) is used to configure how Modsak polls registers (see Polling).
Grouping: Single Values. Normally, Modsak will try to transfer as many values as possible in each read or write request that it sends to the slave. If you select the Single Values checkbox, then it will transfer only one value in each request.
Error Handling: Continue Polling. Normally, Modsak will stop polling if it receives an error response from the slave. If you select the Continue Polling, then it will continue polling if it receives an error response.
Pass Delay. The Pass Delay field is used to insert a time delay into the polling sequence to reduce the load on the slave (and maybe also on the computer running Modsak). The delay is inserted after each complete pass through all the registers. The delay is measured in milliseconds. (Also see Request Delay).
The panel (Figure 9, “Device Identification panel”) is used in slave mode to configure the data sent in response to Read Device Identification (43/14) and Report Slave ID (17) Modbus commands.
The upper part of the panel is used to configure the data sent in response to a Read Device Identification (43/14) command.
The name and value of each identification object may edited in the table. The names are used simply as reminders of what each ID is used for - only the IDs and values are sent in Modbus response messages.
To add a new identification object, enter its ID in the Object ID field and click the Add button. Then enter the name and value in the table.
To delete an identification object, select it using the Object ID drop-down list (or by clicking on it in the table) and click the Delete button.
Object IDs are entered and displayed as 2-digit hex numbers.
Modsak uses UTF-8 encoding for the values in its responses to the Read Identification Command, whereas the current Modbus specification specifies ASCII encoding. If you want the responses to conform to the specification, be careful to use only the ASCII subset of UTF-8 when entering values.
The lower part of the panel is used to configure the data sent in response to a Report Slave ID (17) Modbus command.
The Report Slave ID command is not well defined in the current Modbus specification. Some devices return binary data in their responses, and some return text.
You may configure a binary response by entering the number of data bytes in the Count, and then entering the data in the table as hex bytes.
You may configure a text response by entering it in the Text field. The text will be sent using UTF-8 encoding.