search

robinson / gos7

Implementation of Siemens S7 protocol in golang
BSD 3-Clause "New" or "Revised" License
315 stars 124 forks source link

Fix requested pdu length #56

Closed ermanimer closed 1 year ago

ermanimer commented 1 year ago

I also checked the source library "Sharp7".

Dave overwrites these bytes as follows in v1.0.0. Screenshot_20221203_115247

Screenshot_20221203_115643

Screenshot_20221203_115208

ermanimer commented 1 year ago

Is there any other problem @robinson?

robinson commented 1 year ago

@ermanimer let take some tests, I am not sure if it work. I did not used it

ermanimer commented 1 year ago

Ok i will let you know when i make tests with a s7 plc.

robinson commented 1 year ago

big thanks @ermanimer

ermanimer commented 1 year ago

@robinson I made a couple of tests with a S7 1200 CPU (1212C) yesterday.

Please check the bold bytes in the PDU request and response.

First I requested the maximum PDU length of 480 (0x01e0) and the device responded with a PDU length of 240 (0x00f0).

pdu negotiation request: [0x03 ,0x00 ,0x00 ,0x19 ,0x02 ,0xf0 ,0x80 ,0x32 ,0x01 ,0x00 ,0x00 ,0x04 ,0x00 ,0x00 ,0x08 ,0x00 ,0x00 ,0xf0 ,0x00 ,0x00 ,0x01 ,0x00 ,0x01 ,0x01 ,0xe0]

pdu negotiation response: [0x03 ,0x00 ,0x00 ,0x1b ,0x02 ,0xf0 ,0x80 ,0x32 ,0x03 ,0x00 ,0x00 ,0x04 ,0x00 ,0x00 ,0x08 ,0x00 ,0x00 ,0x00 ,0x00 ,0xf0 ,0x00 ,0x00 ,0x01 ,0x00 ,0x01 ,0x00 ,0xf0]

Then I requested the exact PDU length of 240 (0x00f0) and the device responded with the same length of 240 (0x00f0).

pdu negotiation request: [0x03 ,0x00 ,0x00 ,0x19 ,0x02 ,0xf0 ,0x80 ,0x32 ,0x01 ,0x00 ,0x00 ,0x04 ,0x00 ,0x00 ,0x08 ,0x00 ,0x00 ,0xf0 ,0x00 ,0x00 ,0x01 ,0x00 ,0x01 ,0x00 ,0xf0]

pdu negotiation response: [0x03 ,0x00 ,0x00 ,0x1b ,0x02 ,0xf0 ,0x80 ,0x32 ,0x03 ,0x00 ,0x00 ,0x04 ,0x00 ,0x00 ,0x08 ,0x00 ,0x00 ,0x00 ,0x00 ,0xf0 ,0x00 ,0x00 ,0x01 ,0x00 ,0x01 ,0x00 ,0xf0]

Finally I request a smaller PDU length of 120 (0X0078) and the devi responded with the same length of 120 (0X0078)

pdu negotiation request: [0x03 ,0x00 ,0x00 ,0x19 ,0x02 ,0xf0 ,0x80 ,0x32 ,0x01 ,0x00 ,0x00 ,0x04 ,0x00 ,0x00 ,0x08 ,0x00 ,0x00 ,0xf0 ,0x00 ,0x00 ,0x01 ,0x00 ,0x01 ,0x00 ,0x78]

pdu negotiation response: [0x03 ,0x00 ,0x00 ,0x1b ,0x02 ,0xf0 ,0x80 ,0x32 ,0x03 ,0x00 ,0x00 ,0x04 ,0x00 ,0x00 ,0x08 ,0x00 ,0x00 ,0x00 ,0x00 ,0xf0 ,0x00 ,0x00 ,0x01 ,0x00 ,0x01 ,0x00 ,0x78]

Proposal: IMHO requesting the maximum PDU length of 480 (0x01e0) will be the most practical way since the device will respond with its maximum PDU length as this PR addresses.

Note: On each test, I made a new connection and upgraded it to the ISO connection with the following request, as it should be.

iso connection request: [0x03 ,0x00 ,0x00 ,0x16 ,0x11 ,0xe0 ,0x00 ,0x00 ,0x00 ,0x01 ,0x00 ,0xc0 ,0x01 ,0x0a ,0xc1 ,0x02 ,0x01 ,0x00 ,0xc2 ,0x02 ,0x01 ,0x00]

iso connection response: [0x03 ,0x00 ,0x00 ,0x16 ,0x11 ,0xd0 ,0x00 ,0x01 ,0x00 ,0x01 ,0x00 ,0xc0 ,0x01 ,0x0a ,0xc1 ,0x02 ,0x01 ,0x00 ,0xc2 ,0x02 ,0x01 ,0x00]

robinson commented 1 year ago

great, highly appreciate that!

ermanimer commented 1 year ago

thank you!