Preface

The following content is forwarded from the following link , You can read the original article , The original article is right 485 The serial interface is also introduced in detail , If you want to know, I recommend you to have a look , If you just want to know Modbus The agreement can be referred to in this article .

It's all sorted out ,RS485 The most detailed explanation of serial communication (qq.com)https://mp.weixin.qq.com/s/WJCWpWjG0nuM_uJwIuQAmA

This article is only for Modbus RTU Made a detailed explanation , Next we will add Modbus ICP, add to CRC16 Verification method .

One 、 Introduction

ModBus The network is an industrial communication system , It is composed of programmable controller with intelligent terminal and computer connected by public line or local special line . The system structure includes hardware 、 Software is also included . It can be applied to various data acquisition and process monitoring .

ModBus There is only one host on the network , All the communications were sent out by him . The network can support 247 Many remote slave controllers , But the actual number of slaves supported depends on the communication equipment used . With this system , various PC Can exchange information with the central host without affecting each other PC Perform its own control tasks .

understand Modbus What is the communication protocol , You can use all kinds of third-party software to do communication tests on site .

Modbus The agreement includes ASCII、RTU、TCP etc. , No physical layer is specified . This protocol defines the message structure that the controller can recognize and use , And no matter what kind of network they communicate through . The standard Modicon Controller use RS232C Realize serial Modbus.Modbus Of ASCII、RTU The message protocol 、 Structure of data 、 Command and answer , Data communication uses Maser/Slave The way ,Master The client sends a data request message ,Slave After receiving the correct message, the client can send data to Master In response to the request ;Master The client can also send a message directly to modify Slave End data , Realize bidirectional reading and writing .

Modbus The protocol needs to verify the data , In addition to parity check in serial protocol ,ASCII Mode adoption LRC check ,RTU Mode adoption 16 position CRC check , but TCP The mode has no additional requirements for validation , because TCP The protocol is a reliable connection oriented protocol . in addition ,Modbus Using master-slave mode to send and receive data regularly , In practical use, if Slave After the site is disconnected （ Such as malfunction or shutdown ）,Master You can diagnose , And when the fault is fixed , The network can be connected automatically . therefore ,Modbus The reliability of the protocol is good .

about Modbus Of ASCII、RTU and TCP Agreement for , among TCP and RTU The agreement is very similar , All we have to do is put RTU The two byte check code of the protocol is removed , And then in RTU The beginning of the agreement plus 5 individual 0 And a 6 And pass TCP/IP The network protocol can be sent out .

Two 、 Communication transmission mode

Communication transmission is divided into independent message headers , And the encoded data sent . The following definition of communication transmission mode is also related to ModBusRTU Compatible with communication protocols ：

The initial structure = ≥4 Byte time

Address code = 1 byte

Function code = 1 byte

Data area = N byte

Error checking = 16 position CRC code

End structure = ≥4 Byte time

Address code ： The address code is the first byte transmitted by communication . This byte indicates that the slave with the address code set by the user will receive the information sent by the host . And each slave has a unique address code , And the response loopback starts with their respective address codes . The address code sent by the host indicates the slave address to be sent to , The address code sent by the slave indicates the returned slave address .

Function code ： The second byte transmitted by communication .ModBus The communication protocol defines the function number as 1 To 127. This instrument only uses part of the function codes . Send as host request , Tell the slave what action to perform through the function code . As a slave response , The function code sent from the slave is the same as the function code sent from the host , It indicates that the slave has responded to the host for operation . If the highest bit of the function code sent from the slave is １( For example, the function code is large 127), It indicates that the slave does not respond to the operation or sends an error .

Data area ： The data area is different according to different function codes . The data area can be the actual value 、 Set point 、 The address that the host sends to the slave or the slave sends to the host .

CRC code ： Two byte error detection code .

3、 ... and 、 Communication protocol

When the communication command is sent to the instrument , The equipment conforming to the corresponding address code is connected to the communication command , And remove the address code , Read information , If there is no error , Then perform the corresponding task ; Then return the execution result to the sender . The returned information includes the address code 、 Function code for executing action 、 The data of the result after the action is executed and the error check code . If there is an error, no message is sent .

1． Information frame structure

Address code Function code Data area Error check code

8 position 8 position N × 8 position 16 position

Address code ： The address code is the first byte of the information frame (8 position ), from 0 To 255. This byte indicates that the slave with the address set by the user will receive the information sent by the host . Each slave must have a unique address code , And only the slave that meets the address code can respond to the loopback . When the slave returns the message , The equivalent address code indicates where the information comes from .

Function code ： The function code sent by the host tells the slave what task to perform . surface 1-1 The function codes listed have specific meanings and operations .

Data area ： The data area contains what actions need to be performed by the slave or the return information collected by the slave . This information can be numerical 、 Reference address, etc . for example , The function code tells the slave to read the value of the register , The data area must contain the starting address and reading length of the register to be read . For different slaves , The address and data information are different .

Error check code ： The host or slave can use the check code to judge whether the received information is wrong . Sometimes , Due to electronic noise or some other interference , Information will change slightly in the process of transmission , The error check code ensures that the master or slave has no effect on the wrong information in the transmission process . This increases the security and efficiency of the system . Error checking adopts CRC-16 Verification method .

notes ： The formats of information frames are basically the same ： Address code 、 Function code 、 Data area and error check code .

2． Error checking

Redundant cyclic codes （CRC） contain 2 Bytes , namely 16 Bit binary .CRC The code is calculated by the transmitting device , Placed at the end of the sending message . The device receiving the information recalculates the received information CRC code , Compare the calculated CRC Whether the code is consistent with the received , If the two don't match , It means that there is an error .

3、Modbus Supported function codes

1、01 Order number , Read read write digital register （ Coil state ）：

The computer sends commands ：[ Device address ] [ Command number 01] [ The starting register address is high 8 position ] [ low 8 position ] [ The number of registers read is high 8 position ] [ low 8 position ] [CRC The calibration is low 8 position ] [CRC The calibration is high 8 position ]

example ：[11][01][00][13][00][25][CRC low ][CRC high ]

The meaning is as follows ：

<1> Device address ： In a 485 Multiple devices can be attached to the bus , The device address here indicates which device you want to communicate with . In the example, I want to and 17 Number ( Decimal 17 It's hexadecimal 11) Communications .

<2> Command number 01： The command number to read the number is fixed to 01.

<3> The starting address is high 8 position 、 low 8 position ： Indicates the starting address of the switch value you want to read ( The starting address is 0). For example, the starting address in the example is 19.

<4> The number of registers is high 8 position 、 low 8 position ： Indicates how many switches are read from the start address . In the example is 37 Switch value .

<5>CRC check ： It's from the beginning to the end .

Device response ：[ Device address ] [ Command number 01] [ The number of bytes returned ][ data 1][ data 2]...[ data n] [CRC The calibration is high 8 position ] [CRC The calibration is low 8 position ]

example ：[11][01][05][CD][6B][B2][0E][1B] [CRC high ] [CRC low ]

The meaning is as follows ：

<1> The device address and command number are the same as above .

<2> The number of bytes returned ： Represents the number of bytes of data , That's data 1,2...n Medium n Value .

<3> data 1...n： Because every data is a 8 The number of bits , So each data represents 8 The value of the switch value , Everyone for 0 Indicates that the corresponding switch is off , by 1 It means closed . For example , Express 20 Number ( The index number is 19) Switch closed ,21 No. 1 is disconnected ,22 closed ,23 closed ,24 To break off ,25 To break off ,26 closed ,27 closed ... If the switch value asked is not 8 Integer multiple , Then the high part of the last byte is meaningless , Set as 0.

<4>CRC The calibration is the same as above .

2、05 Order number , Write numbers （ Coil state ）：

The computer sends commands ：[ Device address ] [ Command number 05] [ The register address to be set down is high 8 position ] [ low 8 position ] [ Lower data high 8 position ] [ low 8 position ] [CRC The calibration is low 8 position ] [CRC The calibration is high 8 position ]

example ：[11][05][00][AC][FF][00][CRC high ][CRC low ]

The meaning is as follows ：

<1> The device address is the same as above .

<2> Command number : The command number for writing numbers is fixed to 05.

<3> The register address to be set down is high 8 position , low 8 position ： Indicates the address of the switch that needs to be set down .

<4> Lower data high 8 position , low 8 position ： Set the required state of the switch . In the example, to close the switch . Be careful , It can only be [FF][00] It means closed [00][00] It means to disconnect , Other values are illegal .

<5> Note that this command can only set one switch state .

Device response ： If the command sent by the computer is returned as it was , Otherwise no response .

3、03 Order number , Read read write analog registers （ Holding register ）：

The computer sends commands ：[ Device address ] [ Command number 03] [ The starting register address is high 8 position ] [ low 8 position ] [ The number of registers read is high 8 position ] [ low 8 position ] [CRC The calibration is high 8 position ] [CRC The calibration is low 8 position ]

example ：[11][03][00][6B][00][03] [CRC high ][CRC low ]

The meaning is as follows ：

<1> The device address is the same as above .

<2> Command number : The command number of reading analog quantity is fixed as 03.

<3> The starting address is high 8 position 、 low 8 position ： Indicates the starting address of the analog to be read ( The starting address is 0). For example, the starting address in the example is 107.

<4> The number of registers is high 8 position 、 low 8 position ： Indicates how many analog quantities are read from the start address . In the example is 3 Analog quantity . Be careful , In the returned information, an analog needs to return two bytes .

Device response ：[ Device address ] [ Command number 03] [ The number of bytes returned ][ data 1][ data 2]...[ data n] [CRC The calibration is high 8 position ] [CRC The calibration is low 8 position ]

example ：[11][03][06][02][2B][00][00][00][64] [CRC high ] [CRC low ]

The meaning is as follows ：

<1> The device address and command number are the same as above .

<2> The number of bytes returned ： Represents the number of bytes of data , That's data 1,2...n Medium n Value . The example returns 3 Analog data , Because an analog needs 2 Bytes, so total 6 Bytes .

<3> data 1...n： among [ data 1][ data 2] They are the first 1 The high of analog quantity 8 Bit and low 8 position ,[ data 3][ data 4] It's No 2 The high of analog quantity 8 Bit and low 8 position , And so on . The values returned in the example are 555,0,100.

<4>CRC The calibration is the same as above .

4、06 Order number , Write a single analog register （ Holding register ）：

The computer sends commands ：[ Device address ] [ Command number 06] [ The register address to be set down is high 8 position ] [ low 8 position ] [ Lower data high 8 position ] [ low 8 position ] [CRC The calibration is high 8 position ] [CRC The calibration is low 8 position ]

example ：[11][06][00][01][00][03] [CRC high ] [CRC low ]

The meaning is as follows ：

<1> The device address is the same as above .

<2> Command number : The command number is a fixed number 06.

<3> The register address to be set down is high 8 position , low 8 position ： Indicates the address of the analog register to be set down .

<4> Lower data high 8 position , low 8 position ： It indicates the analog data that needs to be set down . For example, in the example of 1 The value of the number register is set to 3.

<5> Note that this command can only set one analog state .

Device response ： If the command sent by the computer is returned as it was , Otherwise no response .

5、16 Order number , Write multiple analog registers （ Holding register ）：

The computer sends commands ：[ Device address ] [ Command number 16] [ The register address to be set down is high 8 position ] [ low 8 position ] [ High data quantity 8 position ] [ The amount of data is low 8 position ] [ Lower data high 8 position ] [ low 8 position ][……][……] [CRC The calibration is high 8 position ] [CRC The calibration is low 8 position ]

example ：[11][16][00][01][00][01][00][05] [CRC high ] [CRC low ]

The meaning is as follows ：

<1> The device address is the same as above .

<2> Command number : The command number is a fixed number 16.

<3> The register address to be set down is high 8 position , low 8 position ： Indicates the address of the analog register to be set down .

<4> The amount of data to be set is high 8 position , low 8 position ： Indicates the amount of data to be set , Here for 1.

<5> Lower data high 8 position , low 8 position ： It indicates the analog data that needs to be set down . For example, in the example of 1 The value of the number register is set to 5.

Device response ： If the computer is successfully returned with the following command , Otherwise no response .

Device response ：[ Device address ] [ Command number 16] [ The register address to be set down is high 8 position ] [ low 8 position ] [ High data quantity 8 position ] [ The amount of data is low 8 position ] [CRC The calibration is high 8 position ] [CRC The calibration is low 8 position ], As in the above example, it returns ：

[11][16][00][01][00][01] [CRC high ] [CRC low ]