Wrong connection size for T-->O Network Parameters

[LucaSala91]

Dear Rossmann Engineering,

first of all thank you for your great work!

I would like to notify that in the definition of the connection Size for the T-->O parameters the variable is defined as a byte (instead of ushort) so for T-->O size greater than 256 bytes it leads to an error. For the O-->T side the variable is defined correctly as an ushort type.

Line Code 438 in EIPClient.cs:

`//----------------T->O Network Connection Parameters

        redundantOwner = (bool)T_O_OwnerRedundant;
        connectionType = (byte)T_O_ConnectionType; //1=Multicast, 2=P2P
        priority = (byte)T_O_Priority;
        variableLength = T_O_VariableLength;
        connectionSize = (byte)(T_O_Length  + t_o_headerOffset);`

Best Regards

Luca Sala

[holigo1]

Hello

This repository seem stall for quite a while. But I may have a solution.

I was able to correct a lot of issues in my fork like instance size limit, concurrent reading/writing, changing originator port. Some credit goes also to @ngbrown, see discussion in #16

[kimhegg]

Hey @holigo1 ,

I'm currently trying to establish a connection to an NX102-9000 PLC and facing similar issue to what you guys describe: Status: Connection failure, Extended: Invalid connection size during a Forward Open

I tried to implement your fix without any luck, so I'm wondering if you might have som more input to what might be wrong.

Forward Open:

Frame 293375: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits) on interface \Device\NPF_{1599324C-C957-45A3-93A9-64686E7EA644}, id 0
Ethernet II, Src: BelkinIn_b4:7a:7f (c4:41:1e:b4:7a:7f), Dst: OmronTat_fd:11:34 (00:00:0a:fd:11:34)
Internet Protocol Version 4, Src: 192.168.250.99, Dst: 192.168.250.1
Transmission Control Protocol, Src Port: 38910, Dst Port: 44818, Seq: 29, Ack: 29, Len: 110
EtherNet/IP (Industrial Protocol), Session: 0x0055016D, Send RR Data
    Encapsulation Header
        Command: Send RR Data (0x006f)
        Length: 86
        Session Handle: 0x0055016d
        Status: Success (0x00000000)
        Sender Context: 0000000000000000
        Options: 0x00000000
    Command Specific Data
        Interface Handle: CIP (0x00000000)
        Timeout: 0
        Item Count: 3
        [Response In: 293376]
Common Industrial Protocol
    Service: Unknown Service (0x54) (Request)
        0... .... = Request/Response: Request (0x0)
        .101 0100 = Service: Unknown (0x54)
    Request Path Size: 2 words
    Request Path: Connection Manager, Instance: 0x01
        Path Segment: 0x20 (8-Bit Class Segment)
            001. .... = Path Segment Type: Logical Segment (1)
            ...0 00.. = Logical Segment Type: Class ID (0)
            .... ..00 = Logical Segment Format: 8-bit Logical Segment (0)
            Class: Connection Manager (0x06)
        Path Segment: 0x24 (8-Bit Instance Segment)
            001. .... = Path Segment Type: Logical Segment (1)
            ...0 01.. = Logical Segment Type: Instance ID (1)
            .... ..00 = Logical Segment Format: 8-bit Logical Segment (0)
            Instance: 0x01
CIP Connection Manager
    Service: Forward Open (Request)
        0... .... = Request/Response: Request (0x0)
        .101 0100 = Service: Forward Open (0x54)
    Command Specific Data
        ...0 .... = Priority: 0
        .... 0011 = Tick time: 3
        Time-out ticks: 250
        Actual Time Out: 2000ms
        O->T Network Connection ID: 0x02a1e631
        T->O Network Connection ID: 0x01dd7b6b
        Connection Serial Number: 0xd646
        Originator Vendor ID: Bosch Rexroth (0x00ff)
        Originator Serial Number: 0xffffffff
        Connection Timeout Multiplier: *32 (3)
        Reserved: 0x000000
        O->T RPI: 500,000ms
        O->T Network Connection Parameters: 0xcbff
            1... .... .... .... = Redundant Owner: Redundant (1)
            .10. .... .... .... = Connection Type: Point to Point (2)
            .... 10.. .... .... = Priority: Scheduled (2)
            .... ..1. .... .... = Connection Size Type: Variable (1)
            .... ...1 1111 1111 = Connection Size: 511 bytes
        T->O RPI: 500,000ms
        T->O Network Connection Parameters: 0xabfb
            1... .... .... .... = Redundant Owner: Redundant (1)
            .01. .... .... .... = Connection Type: Multicast (1)
            .... 10.. .... .... = Priority: Scheduled (2)
            .... ..1. .... .... = Connection Size Type: Variable (1)
            .... ...1 1111 1011 = Connection Size: 507 bytes
        Transport Type/Trigger: 0x01, Direction: Client, Trigger: Cyclic, Class: 1
            0... .... = Direction: Client (0)
            .000 .... = Trigger: Cyclic (0)
            .... 0001 = Class: 1 (1)
        Connection Path Size: 4 words
        Connection Path: Assembly, Instance: 0x01, Connection Point: 0x64, Connection Point: 0x65
            Path Segment: 0x20 (8-Bit Class Segment)
                001. .... = Path Segment Type: Logical Segment (1)
                ...0 00.. = Logical Segment Type: Class ID (0)
                .... ..00 = Logical Segment Format: 8-bit Logical Segment (0)
                Class: Assembly (0x04)
            Path Segment: 0x24 (8-Bit Instance Segment)
                001. .... = Path Segment Type: Logical Segment (1)
                ...0 01.. = Logical Segment Type: Instance ID (1)
                .... ..00 = Logical Segment Format: 8-bit Logical Segment (0)
                Instance: 0x01
            Path Segment: 0x2c (8-Bit Connection Point Segment)
                001. .... = Path Segment Type: Logical Segment (1)
                ...0 11.. = Logical Segment Type: Connection Point (3)
                .... ..00 = Logical Segment Format: 8-bit Logical Segment (0)
                Connection Point: 0x64
            Path Segment: 0x2c (8-Bit Connection Point Segment)
                001. .... = Path Segment Type: Logical Segment (1)
                ...0 11.. = Logical Segment Type: Connection Point (3)
                .... ..00 = Logical Segment Format: 8-bit Logical Segment (0)
                Connection Point: 0x65

Answer

Frame 293376: 130 bytes on wire (1040 bits), 130 bytes captured (1040 bits) on interface \Device\NPF_{1599324C-C957-45A3-93A9-64686E7EA644}, id 0
Ethernet II, Src: OmronTat_fd:11:34 (00:00:0a:fd:11:34), Dst: BelkinIn_b4:7a:7f (c4:41:1e:b4:7a:7f)
Internet Protocol Version 4, Src: 192.168.250.1, Dst: 192.168.250.99
Transmission Control Protocol, Src Port: 44818, Dst Port: 38910, Seq: 29, Ack: 139, Len: 76
EtherNet/IP (Industrial Protocol), Session: 0x0055016D, Send RR Data
    Encapsulation Header
        Command: Send RR Data (0x006f)
        Length: 52
        Session Handle: 0x0055016d
        Status: Success (0x00000000)
        Sender Context: 0000000000000000
        Options: 0x00000000
    Command Specific Data
        Interface Handle: CIP (0x00000000)
        Timeout: 0
        Item Count: 3
        [Request In: 293375]
        [Time: 0.003664000 seconds]
Common Industrial Protocol
    Service: Unknown Service (0x54) (Response)
        1... .... = Request/Response: Response (0x1)
        .101 0100 = Service: Unknown (0x54)
    Status: Connection failure: 
        General Status: Connection failure (0x01)
        Additional Status Size: 1 word
        Additional Status
            Additional Status: 0x0109
    [Request Path Size: 2 words]
    [Request Path: Connection Manager, Instance: 0x01]
        [Path Segment: 0x20 (8-Bit Class Segment)]
            [001. .... = Path Segment Type: Logical Segment (1)]
            [...0 00.. = Logical Segment Type: Class ID (0)]
            [.... ..00 = Logical Segment Format: 8-bit Logical Segment (0)]
            [Class: Connection Manager (0x06)]
        [Path Segment: 0x24 (8-Bit Instance Segment)]
            [001. .... = Path Segment Type: Logical Segment (1)]
            [...0 01.. = Logical Segment Type: Instance ID (1)]
            [.... ..00 = Logical Segment Format: 8-bit Logical Segment (0)]
            [Instance: 0x01]
CIP Connection Manager
    Service: Forward Open (Response)
        1... .... = Request/Response: Response (0x1)
        .101 0100 = Service: Forward Open (0x54)
    Status: Connection failure, Extended: Invalid connection size
        General Status: Connection failure (0x01)
        Additional Status Size: 1 word
        Extended Status: Invalid connection size (0x0109)
        Additional Status
    Command Specific Data
        Connection Serial Number: 0xd646
        Originator Vendor ID: Bosch Rexroth (0x00ff)
        Originator Serial Number: 0xffffffff
        Remaining Path Size: 4 words
        Reserved: 0x00
        [Connection Path Size: 4 words]
        [Route/Connection Path: Assembly, Instance: 0x01, Connection Point: 0x64, Connection Point: 0x65]
            [Path Segment: 0x20 (8-Bit Class Segment)]
                [001. .... = Path Segment Type: Logical Segment (1)]
                [...0 00.. = Logical Segment Type: Class ID (0)]
                [.... ..00 = Logical Segment Format: 8-bit Logical Segment (0)]
                [Class: Assembly (0x04)]
            [Path Segment: 0x24 (8-Bit Instance Segment)]
                [001. .... = Path Segment Type: Logical Segment (1)]
                [...0 01.. = Logical Segment Type: Instance ID (1)]
                [.... ..00 = Logical Segment Format: 8-bit Logical Segment (0)]
                [Instance: 0x01]
            [Path Segment: 0x2c (8-Bit Connection Point Segment)]
                [001. .... = Path Segment Type: Logical Segment (1)]
                [...0 11.. = Logical Segment Type: Connection Point (3)]
                [.... ..00 = Logical Segment Format: 8-bit Logical Segment (0)]
                [Connection Point: 0x64]
            [Path Segment: 0x2c (8-Bit Connection Point Segment)]
                [001. .... = Path Segment Type: Logical Segment (1)]
                [...0 11.. = Logical Segment Type: Connection Point (3)]
                [.... ..00 = Logical Segment Format: 8-bit Logical Segment (0)]
                [Connection Point: 0x65]