/* packet-s7comm.c
*
* Author: Thomas Wiens, 2014 ([email protected])
* Description: Wireshark dissector for S7-Communication
*
* Wireshark - Network traffic analyzer
* By Gerald Combs
* Copyright 1998 Gerald Combs
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
#include "config.h"
#include
#include
#include
#include
#include "packet-s7comm.h"
#include "packet-s7comm_szl_ids.h"
#define PROTO_TAG_S7COMM "S7COMM"
/* Min. telegram length for heuristic check */
#define S7COMM_MIN_TELEGRAM_LENGTH 10
/* Protocol identifier */
#define S7COMM_PROT_ID 0x32
/* Wireshark ID of the S7COMM protocol */
static int proto_s7comm = -1;
/* Forward declarations */
void proto_reg_handoff_s7comm(void);
void proto_register_s7comm (void);
/**************************************************************************
* PDU types
*/
#define S7COMM_ROSCTR_JOB 0x01
#define S7COMM_ROSCTR_ACK 0x02
#define S7COMM_ROSCTR_ACK_DATA 0x03
#define S7COMM_ROSCTR_USERDATA 0x07
static const value_string rosctr_names[] = {
{ S7COMM_ROSCTR_JOB, "Job" }, /* Request: job with acknowledgement */
{ S7COMM_ROSCTR_ACK, "Ack" }, /* acknowledgement without additional field */
{ S7COMM_ROSCTR_ACK_DATA, "Ack_Data" }, /* Response: acknowledgement with additional field */
{ S7COMM_ROSCTR_USERDATA, "Userdata" },
{ 0, NULL }
};
/**************************************************************************
* Error classes in header
*/
#define S7COMM_ERRCLS_NONE 0x00
#define S7COMM_ERRCLS_APPREL 0x81
#define S7COMM_ERRCLS_OBJDEF 0x82
#define S7COMM_ERRCLS_RESOURCE 0x83
#define S7COMM_ERRCLS_SERVICE 0x84
#define S7COMM_ERRCLS_SUPPLIES 0x85
#define S7COMM_ERRCLS_ACCESS 0x87
static const value_string errcls_names[] = {
{ S7COMM_ERRCLS_NONE, "No error" },
{ S7COMM_ERRCLS_APPREL, "Application relationship" },
{ S7COMM_ERRCLS_OBJDEF, "Object definition" },
{ S7COMM_ERRCLS_RESOURCE, "No resources available" },
{ S7COMM_ERRCLS_SERVICE, "Error on service processing" },
{ S7COMM_ERRCLS_SUPPLIES, "Error on supplies" },
{ S7COMM_ERRCLS_ACCESS, "Access error" },
{ 0, NULL }
};
/**************************************************************************
* Error code in parameter part
*/
static const value_string param_errcode_names[] = {
{ 0x0000, "No error" },
{ 0x0110, "Invalid block number" },
{ 0x0111, "Invalid request length" },
{ 0x0112, "Invalid parameter" },
{ 0x0113, "Invalid block type" },
{ 0x0114, "Block not found" },
{ 0x0115, "Block already exists" },
{ 0x0116, "Block is write-protected" },
{ 0x0117, "The block/operating system update is too large" },
{ 0x0118, "Invalid block number" },
{ 0x0119, "Incorrect password entered" },
{ 0x011A, "PG resource error" },
{ 0x011B, "PLC resource error" },
{ 0x011C, "Protocol error" },
{ 0x011D, "Too many blocks (module-related restriction)" },
{ 0x011E, "There is no longer a connection to the database, or S7DOS handle is invalid" },
{ 0x011F, "Result buffer too small" },
{ 0x0120, "End of block list" },
{ 0x0140, "Insufficient memory available" },
{ 0x0141, "Job cannot be processed because of a lack of resources" },
{ 0x8001, "The requested service cannot be performed while the block is in the current status" },
{ 0x8003, "S7 protocol error: Error occurred while transferring the block" },
{ 0x8100, "Application, general error: Service unknown to remote module" },
{ 0x8104, "This service is not implemented on the module or a frame error was reported" },
{ 0x8204, "The type specification for the object is inconsistent" },
{ 0x8205, "A copied block already exists and is not linked" },
{ 0x8301, "Insufficient memory space or work memory on the module, or specified storage medium not accessible" },
{ 0x8302, "Too few resources available or the processor resources are not available" },
{ 0x8304, "No further parallel upload possible. There is a resource bottleneck" },
{ 0x8305, "Function not available" },
{ 0x8306, "Insufficient work memory (for copying, linking, loading AWP)" },
{ 0x8307, "Not enough retentive work memory (for copying, linking, loading AWP)" },
{ 0x8401, "S7 protocol error: Invalid service sequence (for example, loading or uploading a block)" },
{ 0x8402, "Service cannot execute owing to status of the addressed object" },
{ 0x8404, "S7 protocol: The function cannot be performed" },
{ 0x8405, "Remote block is in DISABLE state (CFB). The function cannot be performed" },
{ 0x8500, "S7 protocol error: Wrong frames" },
{ 0x8503, "Alarm from the module: Service canceled prematurely" },
{ 0x8701, "Error addressing the object on the communications partner (for example, area length error)" },
{ 0x8702, "The requested service is not supported by the module" },
{ 0x8703, "Access to object refused" },
{ 0x8704, "Access error: Object damaged" },
{ 0xD001, "Protocol error: Illegal job number" },
{ 0xD002, "Parameter error: Illegal job variant" },
{ 0xD003, "Parameter error: Debugging function not supported by module" },
{ 0xD004, "Parameter error: Illegal job status" },
{ 0xD005, "Parameter error: Illegal job termination" },
{ 0xD006, "Parameter error: Illegal link disconnection ID" },
{ 0xD007, "Parameter error: Illegal number of buffer elements" },
{ 0xD008, "Parameter error: Illegal scan rate" },
{ 0xD009, "Parameter error: Illegal number of executions" },
{ 0xD00A, "Parameter error: Illegal trigger event" },
{ 0xD00B, "Parameter error: Illegal trigger condition" },
{ 0xD011, "Parameter error in path of the call environment: Block does not exist" },
{ 0xD012, "Parameter error: Wrong address in block" },
{ 0xD014, "Parameter error: Block being deleted/overwritten" },
{ 0xD015, "Parameter error: Illegal tag address" },
{ 0xD016, "Parameter error: Test jobs not possible, because of errors in user program" },
{ 0xD017, "Parameter error: Illegal trigger number" },
{ 0xD025, "Parameter error: Invalid path" },
{ 0xD026, "Parameter error: Illegal access type" },
{ 0xD027, "Parameter error: This number of data blocks is not permitted" },
{ 0xD031, "Internal protocol error" },
{ 0xD032, "Parameter error: Wrong result buffer length" },
{ 0xD033, "Protocol error: Wrong job length" },
{ 0xD03F, "Coding error: Error in parameter section (for example, reserve bytes not equal to 0)" },
{ 0xD041, "Data error: Illegal status list ID" },
{ 0xD042, "Data error: Illegal tag address" },
{ 0xD043, "Data error: Referenced job not found, check job data" },
{ 0xD044, "Data error: Illegal tag value, check job data" },
{ 0xD045, "Data error: Exiting the ODIS control is not allowed in HOLD" },
{ 0xD046, "Data error: Illegal measuring stage during run-time measurement" },
{ 0xD047, "Data error: Illegal hierarchy in 'Read job list'" },
{ 0xD048, "Data error: Illegal deletion ID in 'Delete job'" },
{ 0xD049, "Invalid substitute ID in 'Replace job'" },
{ 0xD04A, "Error executing 'program status'" },
{ 0xD05F, "Coding error: Error in data section (for example, reserve bytes not equal to 0, ...)" },
{ 0xD061, "Resource error: No memory space for job" },
{ 0xD062, "Resource error: Job list full" },
{ 0xD063, "Resource error: Trigger event occupied" },
{ 0xD064, "Resource error: Not enough memory space for one result buffer element" },
{ 0xD065, "Resource error: Not enough memory space for several result buffer elements" },
{ 0xD066, "Resource error: The timer available for run-time measurement is occupied by another job" },
{ 0xD067, "Resource error: Too many 'modify tag' jobs active (in particular multi-processor operation)" },
{ 0xD081, "Function not permitted in current mode" },
{ 0xD082, "Mode error: Cannot exit HOLD mode" },
{ 0xD0A1, "Function not permitted in current protection level" },
{ 0xD0A2, "Function not possible at present, because a function is running that modifies memory" },
{ 0xD0A3, "Too many 'modify tag' jobs active on the I/O (in particular multi-processor operation)" },
{ 0xD0A4, "'Forcing' has already been established" },
{ 0xD0A5, "Referenced job not found" },
{ 0xD0A6, "Job cannot be disabled/enabled" },
{ 0xD0A7, "Job cannot be deleted, for example because it is currently being read" },
{ 0xD0A8, "Job cannot be replaced, for example because it is currently being read or deleted" },
{ 0xD0A9, "Job cannot be read, for example because it is currently being deleted" },
{ 0xD0AA, "Time limit exceeded in processing operation" },
{ 0xD0AB, "Invalid job parameters in process operation" },
{ 0xD0AC, "Invalid job data in process operation" },
{ 0xD0AD, "Operating mode already set" },
{ 0xD0AE, "The job was set up over a different connection and can only be handled over this connection" },
{ 0xD0C1, "At least one error has been detected while accessing the tag(s)" },
{ 0xD0C2, "Change to STOP/HOLD mode" },
{ 0xD0C3, "At least one error was detected while accessing the tag(s). Mode change to STOP/HOLD" },
{ 0xD0C4, "Timeout during run-time measurement" },
{ 0xD0C5, "Display of block stack inconsistent, because blocks were deleted/reloaded" },
{ 0xD0C6, "Job was automatically deleted as the jobs it referenced have been deleted" },
{ 0xD0C7, "The job was automatically deleted because STOP mode was exited" },
{ 0xD0C8, "'Block status' aborted because of inconsistencies between test job and running program" },
{ 0xD0C9, "Exit the status area by resetting OB90" },
{ 0xD0CA, "Exiting the status range by resetting OB90 and access error reading tags before exiting" },
{ 0xD0CB, "The output disable for the peripheral outputs has been activated again" },
{ 0xD0CC, "The amount of data for the debugging functions is restricted by the time limit" },
{ 0xD201, "Syntax error in block name" },
{ 0xD202, "Syntax error in function parameters" },
{ 0xD205, "Linked block already exists in RAM: Conditional copying is not possible" },
{ 0xD206, "Linked block already exists in EPROM: Conditional copying is not possible" },
{ 0xD208, "Maximum number of copied (not linked) blocks on module exceeded" },
{ 0xD209, "(At least) one of the given blocks not found on the module" },
{ 0xD20A, "The maximum number of blocks that can be linked with one job was exceeded" },
{ 0xD20B, "The maximum number of blocks that can be deleted with one job was exceeded" },
{ 0xD20C, "OB cannot be copied because the associated priority class does not exist" },
{ 0xD20D, "SDB cannot be interpreted (for example, unknown number)" },
{ 0xD20E, "No (further) block available" },
{ 0xD20F, "Module-specific maximum block size exceeded" },
{ 0xD210, "Invalid block number" },
{ 0xD212, "Incorrect header attribute (run-time relevant)" },
{ 0xD213, "Too many SDBs. Note the restrictions on the module being used" },
{ 0xD216, "Invalid user program - reset module" },
{ 0xD217, "Protection level specified in module properties not permitted" },
{ 0xD218, "Incorrect attribute (active/passive)" },
{ 0xD219, "Incorrect block lengths (for example, incorrect length of first section or of the whole block)" },
{ 0xD21A, "Incorrect local data length or write-protection code faulty" },
{ 0xD21B, "Module cannot compress or compression was interrupted early" },
{ 0xD21D, "The volume of dynamic project data transferred is illegal" },
{ 0xD21E, "Unable to assign parameters to a module (such as FM, CP). The system data could not be linked" },
{ 0xD220, "Invalid programming language. Note the restrictions on the module being used" },
{ 0xD221, "The system data for connections or routing are not valid" },
{ 0xD222, "The system data of the global data definition contain invalid parameters" },
{ 0xD223, "Error in instance data block for communication function block or maximum number of instance DBs exceeded" },
{ 0xD224, "The SCAN system data block contains invalid parameters" },
{ 0xD225, "The DP system data block contains invalid parameters" },
{ 0xD226, "A structural error occurred in a block" },
{ 0xD230, "A structural error occurred in a block" },
{ 0xD231, "At least one loaded OB cannot be copied because the associated priority class does not exist" },
{ 0xD232, "At least one block number of a loaded block is illegal" },
{ 0xD234, "Block exists twice in the specified memory medium or in the job" },
{ 0xD235, "The block contains an incorrect checksum" },
{ 0xD236, "The block does not contain a checksum" },
{ 0xD237, "You are about to load the block twice, i.e. a block with the same time stamp already exists on the CPU" },
{ 0xD238, "At least one of the blocks specified is not a DB" },
{ 0xD239, "At least one of the DBs specified is not available as a linked variant in the load memory" },
{ 0xD23A, "At least one of the specified DBs is considerably different from the copied and linked variant" },
{ 0xD240, "Coordination rules violated" },
{ 0xD241, "The function is not permitted in the current protection level" },
{ 0xD242, "Protection violation while processing F blocks" },
{ 0xD250, "Update and module ID or version do not match" },
{ 0xD251, "Incorrect sequence of operating system components" },
{ 0xD252, "Checksum error" },
{ 0xD253, "No executable loader available; update only possible using a memory card" },
{ 0xD254, "Storage error in operating system" },
{ 0xD280, "Error compiling block in S7-300 CPU" },
{ 0xD2A1, "Another block function or a trigger on a block is active" },
{ 0xD2A2, "A trigger is active on a block. Complete the debugging function first" },
{ 0xD2A3, "The block is not active (linked), the block is occupied or the block is currently marked for deletion" },
{ 0xD2A4, "The block is already being processed by another block function" },
{ 0xD2A6, "It is not possible to save and change the user program simultaneously" },
{ 0xD2A7, "The block has the attribute 'unlinked' or is not processed" },
{ 0xD2A8, "An active debugging function is preventing parameters from being assigned to the CPU" },
{ 0xD2A9, "New parameters are being assigned to the CPU" },
{ 0xD2AA, "New parameters are currently being assigned to the modules" },
{ 0xD2AB, "The dynamic configuration limits are currently being changed" },
{ 0xD2AC, "A running active or deactivate assignment (SFC 12) is temporarily preventing R-KiR process" },
{ 0xD2B0, "An error occurred while configuring in RUN (CiR)" },
{ 0xD2C0, "The maximum number of technological objects has been exceeded" },
{ 0xD2C1, "The same technology data block already exists on the module" },
{ 0xD2C2, "Downloading the user program or downloading the hardware configuration is not possible" },
{ 0xD401, "Information function unavailable" },
{ 0xD402, "Information function unavailable" },
{ 0xD403, "Service has already been logged on/off (Diagnostics/PMC)" },
{ 0xD404, "Maximum number of nodes reached. No more logons possible for diagnostics/PMC" },
{ 0xD405, "Service not supported or syntax error in function parameters" },
{ 0xD406, "Required information currently unavailable" },
{ 0xD407, "Diagnostics error occurred" },
{ 0xD408, "Update aborted" },
{ 0xD409, "Error on DP bus" },
{ 0xD601, "Syntax error in function parameter" },
{ 0xD602, "Incorrect password entered" },
{ 0xD603, "The connection has already been legitimized" },
{ 0xD604, "The connection has already been enabled" },
{ 0xD605, "Legitimization not possible because password does not exist" },
{ 0xD801, "At least one tag address is invalid" },
{ 0xD802, "Specified job does not exist" },
{ 0xD803, "Illegal job status" },
{ 0xD804, "Illegal cycle time (illegal time base or multiple)" },
{ 0xD805, "No more cyclic read jobs can be set up" },
{ 0xD806, "The referenced job is in a state in which the requested function cannot be performed" },
{ 0xD807, "Function aborted due to overload, meaning executing the read cycle takes longer than the set scan cycle time" },
{ 0xDC01, "Date and/or time invalid" },
{ 0xE201, "CPU is already the master" },
{ 0xE202, "Connect and update not possible due to different user program in flash module" },
{ 0xE203, "Connect and update not possible due to different firmware" },
{ 0xE204, "Connect and update not possible due to different memory configuration" },
{ 0xE205, "Connect/update aborted due to synchronization error" },
{ 0xE206, "Connect/update denied due to coordination violation" },
{ 0xEF01, "S7 protocol error: Error at ID2; only 00H permitted in job" },
{ 0xEF02, "S7 protocol error: Error at ID2; set of resources does not exist" },
{ 0, NULL }
};
static value_string_ext param_errcode_names_ext = VALUE_STRING_EXT_INIT(param_errcode_names);
/**************************************************************************
* Function codes in parameter part
*/
#define S7COMM_SERV_CPU 0x00
#define S7COMM_SERV_SETUPCOMM 0xF0
#define S7COMM_SERV_READVAR 0x04
#define S7COMM_SERV_WRITEVAR 0x05
#define S7COMM_FUNCREQUESTDOWNLOAD 0x1A
#define S7COMM_FUNCDOWNLOADBLOCK 0x1B
#define S7COMM_FUNCDOWNLOADENDED 0x1C
#define S7COMM_FUNCSTARTUPLOAD 0x1D
#define S7COMM_FUNCUPLOAD 0x1E
#define S7COMM_FUNCENDUPLOAD 0x1F
#define S7COMM_FUNCPISERVICE 0x28
#define S7COMM_FUNC_PLC_STOP 0x29
static const value_string param_functionnames[] = {
{ S7COMM_SERV_CPU, "CPU services" },
{ S7COMM_SERV_SETUPCOMM, "Setup communication" },
{ S7COMM_SERV_READVAR, "Read Var" },
{ S7COMM_SERV_WRITEVAR, "Write Var" },
/* Block management services */
{ S7COMM_FUNCREQUESTDOWNLOAD, "Request download" },
{ S7COMM_FUNCDOWNLOADBLOCK, "Download block" },
{ S7COMM_FUNCDOWNLOADENDED, "Download ended" },
{ S7COMM_FUNCSTARTUPLOAD, "Start upload" },
{ S7COMM_FUNCUPLOAD, "Upload" },
{ S7COMM_FUNCENDUPLOAD, "End upload" },
{ S7COMM_FUNCPISERVICE, "PI-Service" },
{ S7COMM_FUNC_PLC_STOP, "PLC Stop" },
{ 0, NULL }
};
/**************************************************************************
* Area names
*/
#define S7COMM_AREA_SYSINFO 0x03 /* System info of 200 family */
#define S7COMM_AREA_SYSFLAGS 0x05 /* System flags of 200 family */
#define S7COMM_AREA_ANAIN 0x06 /* analog inputs of 200 family */
#define S7COMM_AREA_ANAOUT 0x07 /* analog outputs of 200 family */
#define S7COMM_AREA_P 0x80 /* direct peripheral access */
#define S7COMM_AREA_INPUTS 0x81
#define S7COMM_AREA_OUTPUTS 0x82
#define S7COMM_AREA_FLAGS 0x83
#define S7COMM_AREA_DB 0x84 /* data blocks */
#define S7COMM_AREA_DI 0x85 /* instance data blocks */
#define S7COMM_AREA_LOCAL 0x86 /* local data (should not be accessible over network) */
#define S7COMM_AREA_V 0x87 /* previous (Vorgaenger) local data (should not be accessible over network) */
#define S7COMM_AREA_COUNTER 28 /* S7 counters */
#define S7COMM_AREA_TIMER 29 /* S7 timers */
#define S7COMM_AREA_COUNTER200 30 /* IEC counters (200 family) */
#define S7COMM_AREA_TIMER200 31 /* IEC timers (200 family) */
static const value_string item_areanames[] = {
{ S7COMM_AREA_SYSINFO, "System info of 200 family" },
{ S7COMM_AREA_SYSFLAGS, "System flags of 200 family" },
{ S7COMM_AREA_ANAIN, "Analog inputs of 200 family" },
{ S7COMM_AREA_ANAOUT, "Analog outputs of 200 family" },
{ S7COMM_AREA_P, "Direct peripheral access (P)" },
{ S7COMM_AREA_INPUTS, "Inputs (I)" },
{ S7COMM_AREA_OUTPUTS, "Outputs (Q)" },
{ S7COMM_AREA_FLAGS, "Flags (M)" },
{ S7COMM_AREA_DB, "Data blocks (DB)" },
{ S7COMM_AREA_DI, "Instance data blocks (DI)" },
{ S7COMM_AREA_LOCAL, "Local data (L)" },
{ S7COMM_AREA_V, "Unknown yet (V)" },
{ S7COMM_AREA_COUNTER, "S7 counters (C)" },
{ S7COMM_AREA_TIMER, "S7 timers (T)" },
{ S7COMM_AREA_COUNTER200, "IEC counters (200 family)" },
{ S7COMM_AREA_TIMER200, "IEC timers (200 family)" },
{ 0, NULL }
};
static const value_string item_areanames_short[] = {
{ S7COMM_AREA_SYSINFO, "SI200" },
{ S7COMM_AREA_SYSFLAGS, "SF200" },
{ S7COMM_AREA_ANAIN, "AI200" },
{ S7COMM_AREA_ANAOUT, "AO" },
{ S7COMM_AREA_P, "P" },
{ S7COMM_AREA_INPUTS, "I" },
{ S7COMM_AREA_OUTPUTS, "Q" },
{ S7COMM_AREA_FLAGS, "M" },
{ S7COMM_AREA_DB, "DB" },
{ S7COMM_AREA_DI, "DI" },
{ S7COMM_AREA_LOCAL, "L" },
{ S7COMM_AREA_V, "V" },
{ S7COMM_AREA_COUNTER, "C" },
{ S7COMM_AREA_TIMER, "T" },
{ S7COMM_AREA_COUNTER200, "C200" },
{ S7COMM_AREA_TIMER200, "T200" },
{ 0, NULL }
};
/**************************************************************************
* Transport sizes in item data
*/
/* types of 1 byte length */
#define S7COMM_TRANSPORT_SIZE_BIT 1
#define S7COMM_TRANSPORT_SIZE_BYTE 2
#define S7COMM_TRANSPORT_SIZE_CHAR 3
/* types of 2 bytes length */
#define S7COMM_TRANSPORT_SIZE_WORD 4
#define S7COMM_TRANSPORT_SIZE_INT 5
/* types of 4 bytes length */
#define S7COMM_TRANSPORT_SIZE_DWORD 6
#define S7COMM_TRANSPORT_SIZE_DINT 7
#define S7COMM_TRANSPORT_SIZE_REAL 8
/* Special types */
#define S7COMM_TRANSPORT_SIZE_DATE 9
#define S7COMM_TRANSPORT_SIZE_TOD 10
#define S7COMM_TRANSPORT_SIZE_TIME 11
#define S7COMM_TRANSPORT_SIZE_S5TIME 12
#define S7COMM_TRANSPORT_SIZE_DT 15
/* Timer or counter */
#define S7COMM_TRANSPORT_SIZE_COUNTER 28
#define S7COMM_TRANSPORT_SIZE_TIMER 29
#define S7COMM_TRANSPORT_SIZE_IEC_COUNTER 30
#define S7COMM_TRANSPORT_SIZE_IEC_TIMER 31
#define S7COMM_TRANSPORT_SIZE_HS_COUNTER 32
static const value_string item_transportsizenames[] = {
{ S7COMM_TRANSPORT_SIZE_BIT, "BIT" },
{ S7COMM_TRANSPORT_SIZE_BYTE, "BYTE" },
{ S7COMM_TRANSPORT_SIZE_CHAR, "CHAR" },
{ S7COMM_TRANSPORT_SIZE_WORD, "WORD" },
{ S7COMM_TRANSPORT_SIZE_INT, "INT" },
{ S7COMM_TRANSPORT_SIZE_DWORD, "DWORD" },
{ S7COMM_TRANSPORT_SIZE_DINT, "DINT" },
{ S7COMM_TRANSPORT_SIZE_REAL, "REAL" },
{ S7COMM_TRANSPORT_SIZE_TOD, "TOD" },
{ S7COMM_TRANSPORT_SIZE_TIME, "TIME" },
{ S7COMM_TRANSPORT_SIZE_S5TIME, "S5TIME" },
{ S7COMM_TRANSPORT_SIZE_DT, "DATE_AND_TIME" },
{ S7COMM_TRANSPORT_SIZE_COUNTER, "COUNTER" },
{ S7COMM_TRANSPORT_SIZE_TIMER, "TIMER" },
{ S7COMM_TRANSPORT_SIZE_IEC_COUNTER, "IEC TIMER" },
{ S7COMM_TRANSPORT_SIZE_IEC_TIMER, "IEC COUNTER" },
{ S7COMM_TRANSPORT_SIZE_HS_COUNTER, "HS COUNTER" },
{ 0, NULL }
};
/**************************************************************************
* Syntax Ids of variable specification
*/
#define S7COMM_SYNTAXID_S7ANY 0x10 /* Address data S7-Any pointer-like DB1.DBX10.2 */
#define S7COMM_SYNTAXID_PBC_ID 0x13 /* R_ID for PBC */
#define S7COMM_SYNTAXID_ALARM_LOCKFREESET 0x15 /* Alarm lock/free dataset */
#define S7COMM_SYNTAXID_ALARM_INDSET 0x16 /* Alarm indication dataset */
#define S7COMM_SYNTAXID_ALARM_ACKSET 0x19 /* Alarm acknowledge message dataset */
#define S7COMM_SYNTAXID_ALARM_QUERYREQSET 0x1a /* Alarm query request dataset */
#define S7COMM_SYNTAXID_NOTIFY_INDSET 0x1c /* Notify indication dataset */
#define S7COMM_SYNTAXID_DRIVEESANY 0xa2 /* seen on Drive ES Starter with routing over S7 */
#define S7COMM_SYNTAXID_1200SYM 0xb2 /* Symbolic address mode of S7-1200 */
#define S7COMM_SYNTAXID_DBREAD 0xb0 /* Kind of DB block read, seen only at an S7-400 */
#define S7COMM_SYNTAXID_NCK 0x82 /* Sinumerik NCK HMI access */
static const value_string item_syntaxid_names[] = {
{ S7COMM_SYNTAXID_S7ANY, "S7ANY" },
{ S7COMM_SYNTAXID_PBC_ID, "PBC-R_ID" },
{ S7COMM_SYNTAXID_ALARM_LOCKFREESET, "ALARM_LOCKFREE" },
{ S7COMM_SYNTAXID_ALARM_INDSET, "ALARM_IND" },
{ S7COMM_SYNTAXID_ALARM_ACKSET, "ALARM_ACK" },
{ S7COMM_SYNTAXID_ALARM_QUERYREQSET, "ALARM_QUERYREQ" },
{ S7COMM_SYNTAXID_NOTIFY_INDSET, "NOTIFY_IND" },
{ S7COMM_SYNTAXID_DRIVEESANY, "DRIVEESANY" },
{ S7COMM_SYNTAXID_1200SYM, "1200SYM" },
{ S7COMM_SYNTAXID_DBREAD, "DBREAD" },
{ S7COMM_SYNTAXID_NCK, "NCK" },
{ 0, NULL }
};
/**************************************************************************
* Transport sizes in data
*/
#define S7COMM_DATA_TRANSPORT_SIZE_NULL 0
#define S7COMM_DATA_TRANSPORT_SIZE_BBIT 3 /* bit access, len is in bits */
#define S7COMM_DATA_TRANSPORT_SIZE_BBYTE 4 /* byte/word/dword access, len is in bits */
#define S7COMM_DATA_TRANSPORT_SIZE_BINT 5 /* integer access, len is in bits */
#define S7COMM_DATA_TRANSPORT_SIZE_BDINT 6 /* integer access, len is in bytes */
#define S7COMM_DATA_TRANSPORT_SIZE_BREAL 7 /* real access, len is in bytes */
#define S7COMM_DATA_TRANSPORT_SIZE_BSTR 9 /* octet string, len is in bytes */
#define S7COMM_DATA_TRANSPORT_SIZE_NCKADDR1 17 /* NCK address description, fixed length */
#define S7COMM_DATA_TRANSPORT_SIZE_NCKADDR2 18 /* NCK address description, fixed length */
static const value_string data_transportsizenames[] = {
{ S7COMM_DATA_TRANSPORT_SIZE_NULL, "NULL" },
{ S7COMM_DATA_TRANSPORT_SIZE_BBIT, "BIT" },
{ S7COMM_DATA_TRANSPORT_SIZE_BBYTE, "BYTE/WORD/DWORD" },
{ S7COMM_DATA_TRANSPORT_SIZE_BINT, "INTEGER" },
{ S7COMM_DATA_TRANSPORT_SIZE_BDINT, "DINTEGER" },
{ S7COMM_DATA_TRANSPORT_SIZE_BREAL, "REAL" },
{ S7COMM_DATA_TRANSPORT_SIZE_BSTR, "OCTET STRING" },
{ S7COMM_DATA_TRANSPORT_SIZE_NCKADDR1, "NCK ADDRESS1" },
{ S7COMM_DATA_TRANSPORT_SIZE_NCKADDR2, "NCK ADDRESS2" },
{ 0, NULL }
};
/**************************************************************************
* Returnvalues of an item response
*/
const value_string s7comm_item_return_valuenames[] = {
{ S7COMM_ITEM_RETVAL_RESERVED, "Reserved" },
{ S7COMM_ITEM_RETVAL_DATA_HW_FAULT, "Hardware error" },
{ S7COMM_ITEM_RETVAL_DATA_ACCESS_FAULT, "Accessing the object not allowed" },
{ S7COMM_ITEM_RETVAL_DATA_OUTOFRANGE, "Invalid address" },
{ S7COMM_ITEM_RETVAL_DATA_NOT_SUP, "Data type not supported" },
{ S7COMM_ITEM_RETVAL_DATA_SIZEMISMATCH, "Data type inconsistent" },
{ S7COMM_ITEM_RETVAL_DATA_ERR, "Object does not exist" },
{ S7COMM_ITEM_RETVAL_DATA_OK, "Success" },
{ 0, NULL }
};
/**************************************************************************
* Block Types, used when blocktype is transfered as string
*/
#define S7COMM_BLOCKTYPE_OB 0x3038 /* '08' */
#define S7COMM_BLOCKTYPE_CMOD 0x3039 /* '09' */
#define S7COMM_BLOCKTYPE_DB 0x3041 /* '0A' */
#define S7COMM_BLOCKTYPE_SDB 0x3042 /* '0B' */
#define S7COMM_BLOCKTYPE_FC 0x3043 /* '0C' */
#define S7COMM_BLOCKTYPE_SFC 0x3044 /* '0D' */
#define S7COMM_BLOCKTYPE_FB 0x3045 /* '0E' */
#define S7COMM_BLOCKTYPE_SFB 0x3046 /* '0F' */
static const value_string blocktype_names[] = {
{ S7COMM_BLOCKTYPE_OB, "OB" },
{ S7COMM_BLOCKTYPE_CMOD, "CMod" },
{ S7COMM_BLOCKTYPE_DB, "DB" },
{ S7COMM_BLOCKTYPE_SDB, "SDB" },
{ S7COMM_BLOCKTYPE_FC, "FC" },
{ S7COMM_BLOCKTYPE_SFC, "SFC" },
{ S7COMM_BLOCKTYPE_FB, "FB" },
{ S7COMM_BLOCKTYPE_SFB, "SFB" },
{ 0, NULL }
};
static const value_string blocktype_attribute1_names[] = {
{ '_', "Complete Module" },
{ '$', "Module header for up-loading" },
{ 0, NULL }
};
static const value_string blocktype_attribute2_names[] = {
{ 'P', "Passive (copied, but not chained) module" },
{ 'A', "Active embedded module" },
{ 'B', "Active as well as passive module" },
{ 0, NULL }
};
/**************************************************************************
* Subblk types
*/
#define S7COMM_SUBBLKTYPE_OB 0x08
#define S7COMM_SUBBLKTYPE_DB 0x0a
#define S7COMM_SUBBLKTYPE_SDB 0x0b
#define S7COMM_SUBBLKTYPE_FC 0x0c
#define S7COMM_SUBBLKTYPE_SFC 0x0d
#define S7COMM_SUBBLKTYPE_FB 0x0e
#define S7COMM_SUBBLKTYPE_SFB 0x0f
static const value_string subblktype_names[] = {
{ S7COMM_SUBBLKTYPE_OB, "OB" },
{ S7COMM_SUBBLKTYPE_DB, "DB" },
{ S7COMM_SUBBLKTYPE_SDB, "SDB" },
{ S7COMM_SUBBLKTYPE_FC, "FC" },
{ S7COMM_SUBBLKTYPE_SFC, "SFC" },
{ S7COMM_SUBBLKTYPE_FB, "FB" },
{ S7COMM_SUBBLKTYPE_SFB, "SFB" },
{ 0, NULL }
};
/**************************************************************************
* Block security
*/
#define S7COMM_BLOCKSECURITY_OFF 0
#define S7COMM_BLOCKSECURITY_KNOWHOWPROTECT 3
static const value_string blocksecurity_names[] = {
{ S7COMM_BLOCKSECURITY_OFF, "None" },
{ S7COMM_BLOCKSECURITY_KNOWHOWPROTECT, "Know How Protect" },
{ 0, NULL }
};
/**************************************************************************
* Block Languages
*/
static const value_string blocklanguage_names[] = {
{ 0x00, "Not defined" },
{ 0x01, "AWL" },
{ 0x02, "KOP" },
{ 0x03, "FUP" },
{ 0x04, "SCL" },
{ 0x05, "DB" },
{ 0x06, "GRAPH" },
{ 0x07, "SDB" },
{ 0x08, "CPU-DB" }, /* DB was created from Plc programm (CREAT_DB) */
{ 0x11, "SDB (after overall reset)" }, /* another SDB, don't know what it means, in SDB 1 and SDB 2, uncertain*/
{ 0x12, "SDB (Routing)" }, /* another SDB, in SDB 999 and SDB 1000 (routing information), uncertain */
{ 0x29, "ENCRYPT" }, /* block is encrypted with S7-Block-Privacy */
{ 0, NULL }
};
/**************************************************************************
* Second request/response in userdata parameter part
*/
#define S7COMM_UD_REQRES2_UNDEF 0x00
#define S7COMM_UD_REQRES2_REQ 0x11
#define S7COMM_UD_REQRES2_RES 0x12
static const value_string userdata_reqres2_names[] = {
{ S7COMM_UD_REQRES2_UNDEF, "Undef" }, /* only seen in mode transition events */
{ S7COMM_UD_REQRES2_REQ, "Req" },
{ S7COMM_UD_REQRES2_RES, "Res" },
{ 0, NULL }
};
/**************************************************************************
* Names of types in userdata parameter part
*/
#define S7COMM_UD_TYPE_NCPUSH 0x3
#define S7COMM_UD_TYPE_NCREQ 0x7
#define S7COMM_UD_TYPE_NCRES 0xb
static const value_string userdata_type_names[] = {
{ S7COMM_UD_TYPE_PUSH, "Push" }, /* this type occurs when 2 telegrams follow after another from the same partner, or initiated from PLC */
{ S7COMM_UD_TYPE_REQ, "Request" },
{ S7COMM_UD_TYPE_RES, "Response" },
{ S7COMM_UD_TYPE_NCPUSH, "NC Push" }, /* used only by Sinumerik NC */
{ S7COMM_UD_TYPE_NCREQ, "NC Request" }, /* used only by Sinumerik NC */
{ S7COMM_UD_TYPE_NCRES, "NC Response" }, /* used only by Sinumerik NC */
{ 0, NULL }
};
/**************************************************************************
* Subfunctions only used in Sinumerik NC file download
*/
#define S7COMM_NCPRG_FUNCREQUESTDOWNLOAD 1
#define S7COMM_NCPRG_FUNCDOWNLOADBLOCK 2
#define S7COMM_NCPRG_FUNCCONTDOWNLOAD 3
#define S7COMM_NCPRG_FUNCDOWNLOADENDED 4
#define S7COMM_NCPRG_FUNCSTARTUPLOAD 6
#define S7COMM_NCPRG_FUNCUPLOAD 7
#define S7COMM_NCPRG_FUNCCONTUPLOAD 8
static const value_string userdata_ncprg_subfunc_names[] = {
{ S7COMM_NCPRG_FUNCREQUESTDOWNLOAD, "Request download" },
{ S7COMM_NCPRG_FUNCDOWNLOADBLOCK, "Download block" },
{ S7COMM_NCPRG_FUNCCONTDOWNLOAD, "Continue download" },
{ S7COMM_NCPRG_FUNCDOWNLOADENDED, "Download ended" },
{ S7COMM_NCPRG_FUNCSTARTUPLOAD, "Start upload" },
{ S7COMM_NCPRG_FUNCUPLOAD, "Upload" },
{ S7COMM_NCPRG_FUNCCONTUPLOAD, "Continue upload" },
{ 0, NULL }
};
/**************************************************************************
* Userdata Parameter, last data unit
*/
#define S7COMM_UD_LASTDATAUNIT_YES 0x00
#define S7COMM_UD_LASTDATAUNIT_NO 0x01
static const value_string userdata_lastdataunit_names[] = {
{ S7COMM_UD_LASTDATAUNIT_YES, "Yes" },
{ S7COMM_UD_LASTDATAUNIT_NO, "No" },
{ 0, NULL }
};
/**************************************************************************
* Names of Function groups in userdata parameter part
*/
#define S7COMM_UD_FUNCGROUP_MODETRANS 0x0
#define S7COMM_UD_FUNCGROUP_PROG 0x1
#define S7COMM_UD_FUNCGROUP_CYCLIC 0x2
#define S7COMM_UD_FUNCGROUP_BLOCK 0x3
#define S7COMM_UD_FUNCGROUP_CPU 0x4
#define S7COMM_UD_FUNCGROUP_SEC 0x5 /* Security functions e.g. plc password */
#define S7COMM_UD_FUNCGROUP_PBC 0x6 /* PBC = Programmable Block Communication (PBK in german) */
#define S7COMM_UD_FUNCGROUP_TIME 0x7
#define S7COMM_UD_FUNCGROUP_NCPRG 0xf
static const value_string userdata_functiongroup_names[] = {
{ S7COMM_UD_FUNCGROUP_MODETRANS, "Mode-transition" },
{ S7COMM_UD_FUNCGROUP_PROG, "Programmer commands" },
{ S7COMM_UD_FUNCGROUP_CYCLIC, "Cyclic data" }, /* to read data from plc without a request */
{ S7COMM_UD_FUNCGROUP_BLOCK, "Block functions" },
{ S7COMM_UD_FUNCGROUP_CPU, "CPU functions" },
{ S7COMM_UD_FUNCGROUP_SEC, "Security" },
{ S7COMM_UD_FUNCGROUP_PBC, "PBC BSEND/BRECV" },
{ S7COMM_UD_FUNCGROUP_TIME, "Time functions" },
{ S7COMM_UD_FUNCGROUP_NCPRG, "NC programming" },
{ 0, NULL }
};
/**************************************************************************
* Vartab: Typ of data in data part, first two bytes
*/
#define S7COMM_UD_SUBF_PROG_VARTAB_TYPE_REQ 0x14
#define S7COMM_UD_SUBF_PROG_VARTAB_TYPE_RES 0x04
static const value_string userdata_prog_vartab_type_names[] = {
{ S7COMM_UD_SUBF_PROG_VARTAB_TYPE_REQ, "Request" }, /* Request of data areas */
{ S7COMM_UD_SUBF_PROG_VARTAB_TYPE_RES, "Response" }, /* Response from plc with data */
{ 0, NULL }
};
/**************************************************************************
* Vartab: area of data request
*
* Low Hi
* 0=M 1=BYTE
* 1=E 2=WORD
* 2=A 3=DWORD
* 3=PEx
* 7=DB
* 54=TIMER
* 64=COUNTER
*/
#define S7COMM_UD_SUBF_PROG_VARTAB_AREA_MB 0x01
#define S7COMM_UD_SUBF_PROG_VARTAB_AREA_MW 0x02
#define S7COMM_UD_SUBF_PROG_VARTAB_AREA_MD 0x03
#define S7COMM_UD_SUBF_PROG_VARTAB_AREA_EB 0x11
#define S7COMM_UD_SUBF_PROG_VARTAB_AREA_EW 0x12
#define S7COMM_UD_SUBF_PROG_VARTAB_AREA_ED 0x13
#define S7COMM_UD_SUBF_PROG_VARTAB_AREA_AB 0x21
#define S7COMM_UD_SUBF_PROG_VARTAB_AREA_AW 0x22
#define S7COMM_UD_SUBF_PROG_VARTAB_AREA_AD 0x23
#define S7COMM_UD_SUBF_PROG_VARTAB_AREA_PEB 0x31
#define S7COMM_UD_SUBF_PROG_VARTAB_AREA_PEW 0x32
#define S7COMM_UD_SUBF_PROG_VARTAB_AREA_PED 0x33
#define S7COMM_UD_SUBF_PROG_VARTAB_AREA_DBB 0x71
#define S7COMM_UD_SUBF_PROG_VARTAB_AREA_DBW 0x72
#define S7COMM_UD_SUBF_PROG_VARTAB_AREA_DBD 0x73
#define S7COMM_UD_SUBF_PROG_VARTAB_AREA_T 0x54
#define S7COMM_UD_SUBF_PROG_VARTAB_AREA_C 0x64
static const value_string userdata_prog_vartab_area_names[] = {
{ S7COMM_UD_SUBF_PROG_VARTAB_AREA_MB, "MB" },
{ S7COMM_UD_SUBF_PROG_VARTAB_AREA_MW, "MW" },
{ S7COMM_UD_SUBF_PROG_VARTAB_AREA_MD, "MD" },
{ S7COMM_UD_SUBF_PROG_VARTAB_AREA_EB, "IB" },
{ S7COMM_UD_SUBF_PROG_VARTAB_AREA_EW, "IW" },
{ S7COMM_UD_SUBF_PROG_VARTAB_AREA_ED, "ID" },
{ S7COMM_UD_SUBF_PROG_VARTAB_AREA_AB, "QB" },
{ S7COMM_UD_SUBF_PROG_VARTAB_AREA_AW, "QW" },
{ S7COMM_UD_SUBF_PROG_VARTAB_AREA_AD, "QD" },
{ S7COMM_UD_SUBF_PROG_VARTAB_AREA_PEB, "PIB" },
{ S7COMM_UD_SUBF_PROG_VARTAB_AREA_PEW, "PIW" },
{ S7COMM_UD_SUBF_PROG_VARTAB_AREA_PED, "PID" },
{ S7COMM_UD_SUBF_PROG_VARTAB_AREA_DBB, "DBB" },
{ S7COMM_UD_SUBF_PROG_VARTAB_AREA_DBW, "DBW" },
{ S7COMM_UD_SUBF_PROG_VARTAB_AREA_DBD, "DBD" },
{ S7COMM_UD_SUBF_PROG_VARTAB_AREA_T, "TIMER" },
{ S7COMM_UD_SUBF_PROG_VARTAB_AREA_C, "COUNTER" },
{ 0, NULL }
};
/**************************************************************************
* Names of userdata subfunctions in group 1 (Programmer commands)
*/
#define S7COMM_UD_SUBF_PROG_REQDIAGDATA1 0x01
#define S7COMM_UD_SUBF_PROG_VARTAB1 0x02
#define S7COMM_UD_SUBF_PROG_ERASE 0x0c
#define S7COMM_UD_SUBF_PROG_READDIAGDATA 0x0e
#define S7COMM_UD_SUBF_PROG_REMOVEDIAGDATA 0x0f
#define S7COMM_UD_SUBF_PROG_FORCE 0x10
#define S7COMM_UD_SUBF_PROG_REQDIAGDATA2 0x13
static const value_string userdata_prog_subfunc_names[] = {
{ S7COMM_UD_SUBF_PROG_REQDIAGDATA1, "Request diag data (Type 1)" }, /* Start online block view */
{ S7COMM_UD_SUBF_PROG_VARTAB1, "VarTab" }, /* Variable table */
{ S7COMM_UD_SUBF_PROG_READDIAGDATA, "Read diag data" }, /* online block view */
{ S7COMM_UD_SUBF_PROG_REMOVEDIAGDATA, "Remove diag data" }, /* Stop online block view */
{ S7COMM_UD_SUBF_PROG_ERASE, "Erase" },
{ S7COMM_UD_SUBF_PROG_FORCE, "Forces" },
{ S7COMM_UD_SUBF_PROG_REQDIAGDATA2, "Request diag data (Type 2)" }, /* Start online block view */
{ 0, NULL }
};
/**************************************************************************
* Names of userdata subfunctions in group 2 (cyclic data)
*/
#define S7COMM_UD_SUBF_CYCLIC_MEM 0x01
#define S7COMM_UD_SUBF_CYCLIC_UNSUBSCRIBE 0x04
#define S7COMM_UD_SUBF_CYCLIC_MEM2 0x05
static const value_string userdata_cyclic_subfunc_names[] = {
{ S7COMM_UD_SUBF_CYCLIC_MEM, "Memory" }, /* read data from memory (DB/M/etc.) */
{ S7COMM_UD_SUBF_CYCLIC_UNSUBSCRIBE, "Unsubscribe" }, /* Unsubscribe (disable) cyclic data */
{ S7COMM_UD_SUBF_CYCLIC_MEM2, "Memory2" }, /* same as 0x01, but only S7-400 */
{ 0, NULL }
};
/**************************************************************************
* Names of userdata subfunctions in group 3 (Block functions)
*/
#define S7COMM_UD_SUBF_BLOCK_LIST 0x01
#define S7COMM_UD_SUBF_BLOCK_LISTTYPE 0x02
#define S7COMM_UD_SUBF_BLOCK_BLOCKINFO 0x03
static const value_string userdata_block_subfunc_names[] = {
{ S7COMM_UD_SUBF_BLOCK_LIST, "List blocks" },
{ S7COMM_UD_SUBF_BLOCK_LISTTYPE, "List blocks of type" },
{ S7COMM_UD_SUBF_BLOCK_BLOCKINFO, "Get block info" },
{ 0, NULL }
};
/**************************************************************************
* Names of userdata subfunctions in group 4 (CPU functions)
*/
#define S7COMM_UD_SUBF_CPU_SCAN_IND 0x09
static const value_string userdata_cpu_subfunc_names[] = {
{ S7COMM_UD_SUBF_CPU_READSZL, "Read SZL" },
{ S7COMM_UD_SUBF_CPU_MSGS, "Message service" }, /* Header constant is also different here */
{ S7COMM_UD_SUBF_CPU_DIAGMSG, "Diagnostic message" }, /* Diagnostic message from PLC */
{ S7COMM_UD_SUBF_CPU_ALARM8_IND, "ALARM_8 indication" }, /* PLC is indicating an ALARM message, using ALARM_8 SFBs */
{ S7COMM_UD_SUBF_CPU_NOTIFY_IND, "NOTIFY indication" }, /* PLC is indicating a NOTIFY message, using NOTIFY SFBs */
{ S7COMM_UD_SUBF_CPU_ALARM8LOCK, "ALARM_8 lock" }, /* Lock an ALARM message from HMI/SCADA */
{ S7COMM_UD_SUBF_CPU_ALARM8UNLOCK, "ALARM_8 unlock" }, /* Unlock an ALARM message from HMI/SCADA */
{ S7COMM_UD_SUBF_CPU_SCAN_IND, "SCAN indication" }, /* PLC is indicating a SCAN message */
{ S7COMM_UD_SUBF_CPU_ALARMS_IND, "ALARM_S indication" }, /* PLC is indicating an ALARM message, using ALARM_S/ALARM_D SFCs */
{ S7COMM_UD_SUBF_CPU_ALARMSQ_IND, "ALARM_SQ indication" }, /* PLC is indicating an ALARM message, using ALARM_SQ/ALARM_DQ SFCs */
{ S7COMM_UD_SUBF_CPU_ALARMQUERY, "ALARM query" }, /* HMI/SCADA query of ALARMs */
{ S7COMM_UD_SUBF_CPU_ALARMACK, "ALARM ack" }, /* Alarm was acknowledged in HMI/SCADA */
{ S7COMM_UD_SUBF_CPU_ALARMACK_IND, "ALARM ack indication" }, /* Alarm acknowledge indication from CPU to HMI */
{ S7COMM_UD_SUBF_CPU_ALARM8LOCK_IND, "ALARM lock indication" }, /* Alarm lock indication from CPU to HMI */
{ S7COMM_UD_SUBF_CPU_ALARM8UNLOCK_IND, "ALARM unlock indication" }, /* Alarm unlock indication from CPU to HMI */
{ S7COMM_UD_SUBF_CPU_NOTIFY8_IND, "NOTIFY_8 indication" },
{ 0, NULL }
};
/**************************************************************************
* Names of userdata subfunctions in group 5 (Security?)
*/
#define S7COMM_UD_SUBF_SEC_PASSWD 0x01
static const value_string userdata_sec_subfunc_names[] = {
{ S7COMM_UD_SUBF_SEC_PASSWD, "PLC password" },
{ 0, NULL }
};
/**************************************************************************
* Names of userdata subfunctions in group 7 (Time functions)
*/
#define S7COMM_UD_SUBF_TIME_READ 0x01
#define S7COMM_UD_SUBF_TIME_SET 0x02
#define S7COMM_UD_SUBF_TIME_READF 0x03
#define S7COMM_UD_SUBF_TIME_SET2 0x04
static const value_string userdata_time_subfunc_names[] = {
{ S7COMM_UD_SUBF_TIME_READ, "Read clock" },
{ S7COMM_UD_SUBF_TIME_SET, "Set clock" },
{ S7COMM_UD_SUBF_TIME_READF, "Read clock (following)" },
{ S7COMM_UD_SUBF_TIME_SET2, "Set clock" },
{ 0, NULL }
};
/*******************************************************************************************************
* Weekday names in DATE_AND_TIME
*/
static const value_string weekdaynames[] = {
{ 0, "Undefined" },
{ 1, "Sunday" },
{ 2, "Monday" },
{ 3, "Tuesday" },
{ 4, "Wednesday" },
{ 5, "Thursday" },
{ 6, "Friday" },
{ 7, "Saturday" },
{ 0, NULL }
};
/**************************************************************************
**************************************************************************/
/**************************************************************************
* Flags for LID access
*/
#define S7COMM_TIA1200_VAR_ENCAPS_LID 0x2
#define S7COMM_TIA1200_VAR_ENCAPS_IDX 0x3
#define S7COMM_TIA1200_VAR_OBTAIN_LID 0x4
#define S7COMM_TIA1200_VAR_OBTAIN_IDX 0x5
#define S7COMM_TIA1200_VAR_PART_START 0x6
#define S7COMM_TIA1200_VAR_PART_LEN 0x7
static const value_string tia1200_var_lid_flag_names[] = {
{ S7COMM_TIA1200_VAR_ENCAPS_LID, "Encapsulated LID" },
{ S7COMM_TIA1200_VAR_ENCAPS_IDX, "Encapsulated Index" },
{ S7COMM_TIA1200_VAR_OBTAIN_LID, "Obtain by LID" },
{ S7COMM_TIA1200_VAR_OBTAIN_IDX, "Obtain by Index" },
{ S7COMM_TIA1200_VAR_PART_START, "Part Start Address" },
{ S7COMM_TIA1200_VAR_PART_LEN, "Part Length" },
{ 0, NULL }
};
/**************************************************************************
* TIA 1200 Area Names for variable access
*/
#define S7COMM_TIA1200_VAR_ITEM_AREA1_DB 0x8a0e /* Reading DB, 2 byte DB-Number following */
#define S7COMM_TIA1200_VAR_ITEM_AREA1_IQMCT 0x0000 /* Reading I/Q/M/C/T, 2 Byte detail area following */
static const value_string tia1200_var_item_area1_names[] = {
{ S7COMM_TIA1200_VAR_ITEM_AREA1_DB, "DB" },
{ S7COMM_TIA1200_VAR_ITEM_AREA1_IQMCT, "IQMCT" },
{ 0, NULL }
};
#define S7COMM_TIA1200_VAR_ITEM_AREA2_I 0x50
#define S7COMM_TIA1200_VAR_ITEM_AREA2_Q 0x51
#define S7COMM_TIA1200_VAR_ITEM_AREA2_M 0x52
#define S7COMM_TIA1200_VAR_ITEM_AREA2_C 0x53
#define S7COMM_TIA1200_VAR_ITEM_AREA2_T 0x54
static const value_string tia1200_var_item_area2_names[] = {
{ S7COMM_TIA1200_VAR_ITEM_AREA2_I, "Inputs (I)" },
{ S7COMM_TIA1200_VAR_ITEM_AREA2_Q, "Outputs (Q)" },
{ S7COMM_TIA1200_VAR_ITEM_AREA2_M, "Flags (M)" },
{ S7COMM_TIA1200_VAR_ITEM_AREA2_C, "Counter (C)" },
{ S7COMM_TIA1200_VAR_ITEM_AREA2_T, "Timer (T)" },
{ 0, NULL }
};
/**************************************************************************
* NCK areas
*/
#define S7COMM_NCK_AREA_N_NCK 0
#define S7COMM_NCK_AREA_B_MODEGROUP 1
#define S7COMM_NCK_AREA_C_CHANNEL 2
#define S7COMM_NCK_AREA_A_AXIS 3
#define S7COMM_NCK_AREA_T_TOOL 4
#define S7COMM_NCK_AREA_V_FEEDDRIVE 5
#define S7COMM_NCK_AREA_H_MAINDRIVE 6
#define S7COMM_NCK_AREA_M_MMC 7
static const value_string nck_area_names[] = {
{ S7COMM_NCK_AREA_N_NCK, "N - NCK" },
{ S7COMM_NCK_AREA_B_MODEGROUP, "B - Mode group" },
{ S7COMM_NCK_AREA_C_CHANNEL, "C - Channel" },
{ S7COMM_NCK_AREA_A_AXIS, "A - Axis" },
{ S7COMM_NCK_AREA_T_TOOL, "T - Tool" },
{ S7COMM_NCK_AREA_V_FEEDDRIVE, "V - Feed drive" },
{ S7COMM_NCK_AREA_H_MAINDRIVE, "M - Main drive" },
{ S7COMM_NCK_AREA_M_MMC, "M - MMC" },
{ 0, NULL }
};
static const value_string nck_module_names[] = {
{ 0x10, "Y - Global system data" },
{ 0x11, "YNCFL - NCK instruction groups" },
{ 0x12, "FU - NCU global settable frames" },
{ 0x13, "FA - Active NCU global frames" },
{ 0x14, "TO - Tool data" },
{ 0x15, "RP - Arithmetic parameters" },
{ 0x16, "SE - Setting data" },
{ 0x17, "SGUD - SGUD-Block" },
{ 0x18, "LUD - Local userdata" },
{ 0x19, "TC - Toolholder parameters" },
{ 0x1a, "M - Machine data" },
{ 0x1c, "WAL - Working area limitation" },
{ 0x1e, "DIAG - Internal diagnostic data" },
{ 0x1f, "CC - Unknown" },
{ 0x20, "FE - Channel-specific external frame" },
{ 0x21, "TD - Tool data: General data" },
{ 0x22, "TS - Tool edge data: Monitoring data" },
{ 0x23, "TG - Tool data: Grinding-specific data" },
{ 0x24, "TU - Tool data" },
{ 0x25, "TUE - Tool edge data, userdefined data" },
{ 0x26, "TV - Tool data, directory" },
{ 0x27, "TM - Magazine data: General data" },
{ 0x28, "TP - Magazine data: Location data" },
{ 0x29, "TPM - Magazine data: Multiple assignment of location data" },
{ 0x2a, "TT - Magazine data: Location typ" },
{ 0x2b, "TMV - Magazine data: Directory" },
{ 0x2c, "TMC - Magazine data: Configuration data" },
{ 0x2d, "MGUD - MGUD-Block" },
{ 0x2e, "UGUD - UGUD-Block" },
{ 0x2f, "GUD4 - GUD4-Block" },
{ 0x30, "GUD5 - GUD5-Block" },
{ 0x31, "GUD6 - GUD6-Block" },
{ 0x32, "GUD7 - GUD7-Block" },
{ 0x33, "GUD8 - GUD8-Block" },
{ 0x34, "GUD9 - GUD9-Block" },
{ 0x35, "PA - Channel-specific protection zones" },
{ 0x36, "GD1 - SGUD-Block GD1" },
{ 0x37, "NIB - State data: Nibbling" },
{ 0x38, "ETP - Types of events" },
{ 0x39, "ETPD - Data lists for protocolling" },
{ 0x3a, "SYNACT - Channel-specific synchronous actions" },
{ 0x3b, "DIAGN - Diagnostic data" },
{ 0x3c, "VSYN - Channel-specific user variables for synchronous actions" },
{ 0x3d, "TUS - Tool data: user monitoring data" },
{ 0x3e, "TUM - Tool data: user magazine data" },
{ 0x3f, "TUP - Tool data: user magatine place data" },
{ 0x40, "TF - Parametrizing, return parameters of _N_TMGETT, _N_TSEARC" },
{ 0x41, "FB - Channel-specific base frames" },
{ 0x42, "SSP2 - State data: Spindle" },
{ 0x43, "PUD - programmglobale Benutzerdaten" },
{ 0x44, "TOS - Edge-related location-dependent fine total offsets" },
{ 0x45, "TOST - Edge-related location-dependent fine total offsets, transformed" },
{ 0x46, "TOE - Edge-related coarse total offsets, setup offsets" },
{ 0x47, "TOET - Edge-related coarse total offsets, transformed setup offsets" },
{ 0x48, "AD - Adapter data" },
{ 0x49, "TOT - Edge data: Transformed offset data" },
{ 0x4a, "AEV - Working offsets: Directory" },
{ 0x4b, "YFAFL - NCK instruction groups (Fanuc)" },
{ 0x4c, "FS - System-Frame" },
{ 0x4d, "SD - Servo data" },
{ 0x4e, "TAD - Application-specific data" },
{ 0x4f, "TAO - Aplication-specific cutting edge data" },
{ 0x50, "TAS - Application-specific monitoring data" },
{ 0x51, "TAM - Application-specific magazine data" },
{ 0x52, "TAP - Application-specific magazine location data" },
{ 0x53, "MEM - Unknown" },
{ 0x54, "SALUC - Alarm actions: List in reverse chronological order" },
{ 0x55, "AUXFU - Auxiliary functions" },
{ 0x56, "TDC - Tool/Tools" },
{ 0x57, "CP - Generic coupling" },
{ 0x6e, "SDME - Unknown" },
{ 0x6f, "SPARPI - Program pointer on interruption" },
{ 0x70, "SEGA - State data: Geometry axes in tool offset memory (extended)" },
{ 0x71, "SEMA - State data: Machine axes (extended)" },
{ 0x72, "SSP - State data: Spindle" },
{ 0x73, "SGA - State data: Geometry axes in tool offset memory" },
{ 0x74, "SMA - State data: Machine axes" },
{ 0x75, "SALAL - Alarms: List organized according to time" },
{ 0x76, "SALAP - Alarms: List organized according to priority" },
{ 0x77, "SALA - Alarms: List organized according to time" },
{ 0x78, "SSYNAC - Synchronous actions" },
{ 0x79, "SPARPF - Program pointers for block search and stop run" },
{ 0x7a, "SPARPP - Program pointer in automatic operation" },
{ 0x7b, "SNCF - Active G functions" },
{ 0x7d, "SPARP - Part program information" },
{ 0x7e, "SINF - Part-program-specific status data" },
{ 0x7f, "S - State data" },
{ 0x80, "0x80 - Unknown" },
{ 0x81, "0x81 - Unknown" },
{ 0x82, "0x82 - Unknown" },
{ 0x83, "0x83 - Unknown" },
{ 0x84, "0x84 - Unknown" },
{ 0x85, "0x85 - Unknown" },
{ 0xfd, "0 - Internal" },
{ 0, NULL }
};
static value_string_ext nck_module_names_ext = VALUE_STRING_EXT_INIT(nck_module_names);
static gint hf_s7comm_tia1200_item_reserved1 = -1; /* 1 Byte Reserved (always 0xff?) */
static gint hf_s7comm_tia1200_item_area1 = -1; /* 2 Byte2 Root area (DB or IQMCT) */
static gint hf_s7comm_tia1200_item_area2 = -1; /* 2 Bytes detail area (I/Q/M/C/T) */
static gint hf_s7comm_tia1200_item_area2unknown = -1; /* 2 Bytes detail area for possible unknown or not seen areas */
static gint hf_s7comm_tia1200_item_dbnumber = -1; /* 2 Bytes DB number */
static gint hf_s7comm_tia1200_item_crc = -1; /* 4 Bytes CRC */
static gint hf_s7comm_tia1200_substructure_item = -1; /* Substructure */
static gint hf_s7comm_tia1200_var_lid_flags = -1; /* LID Flags */
static gint hf_s7comm_tia1200_item_value = -1;
/**************************************************************************
**************************************************************************/
/* Header Block */
static gint hf_s7comm_header = -1;
static gint hf_s7comm_header_protid = -1; /* Header Byte 0 */
static gint hf_s7comm_header_rosctr = -1; /* Header Bytes 1 */
static gint hf_s7comm_header_redid = -1; /* Header Bytes 2, 3 */
static gint hf_s7comm_header_pduref = -1; /* Header Bytes 4, 5 */
static gint hf_s7comm_header_parlg = -1; /* Header Bytes 6, 7 */
static gint hf_s7comm_header_datlg = -1; /* Header Bytes 8, 9 */
static gint hf_s7comm_header_errcls = -1; /* Header Byte 10, only available at type 2 or 3 */
static gint hf_s7comm_header_errcod = -1; /* Header Byte 11, only available at type 2 or 3 */
/* Parameter Block */
static gint hf_s7comm_param = -1;
static gint hf_s7comm_param_errcod = -1; /* Parameter part: Error code */
static gint hf_s7comm_param_service = -1; /* Parameter part: service */
static gint hf_s7comm_param_itemcount = -1; /* Parameter part: item count */
static gint hf_s7comm_param_data = -1; /* Parameter part: data */
static gint hf_s7comm_param_neg_pdu_length = -1; /* Parameter part: Negotiate PDU length */
static gint hf_s7comm_param_setup_reserved1 = -1; /* Parameter part: Reserved byte in communication setup pdu*/
static gint hf_s7comm_param_maxamq_calling = -1; /* Parameter part: Max AmQ calling */
static gint hf_s7comm_param_maxamq_called = -1; /* Parameter part: Max AmQ called */
/* Item data */
static gint hf_s7comm_param_item = -1;
static gint hf_s7comm_param_subitem = -1; /* Substructure */
static gint hf_s7comm_item_varspec = -1; /* Variable specification */
static gint hf_s7comm_item_varspec_length = -1; /* Length of following address specification */
static gint hf_s7comm_item_syntax_id = -1; /* Syntax Id */
static gint hf_s7comm_item_transport_size = -1; /* Transport size, 1 Byte*/
static gint hf_s7comm_item_length = -1; /* length, 2 Bytes*/
static gint hf_s7comm_item_db = -1; /* DB/M/E/A, 2 Bytes */
static gint hf_s7comm_item_area = -1; /* Area code, 1 byte */
static gint hf_s7comm_item_address = -1; /* Bit address, 3 Bytes */
static gint hf_s7comm_item_address_byte = -1; /* address: Byte address */
static gint hf_s7comm_item_address_bit = -1; /* address: Bit address */
static gint hf_s7comm_item_address_nr = -1; /* address: Timer/Counter/block number */
/* Special variable read with Syntax-Id 0xb0 (DBREAD) */
static gint hf_s7comm_item_dbread_numareas = -1; /* Number of areas following, 1 Byte*/
static gint hf_s7comm_item_dbread_length = -1; /* length, 1 Byte*/
static gint hf_s7comm_item_dbread_db = -1; /* DB number, 2 Bytes*/
static gint hf_s7comm_item_dbread_startadr = -1; /* Start address, 2 Bytes*/
/* Reading frequency inverter parameters via routing */
static gint hf_s7comm_item_driveesany_unknown1 = -1; /* Unknown value 1, 1 Byte */
static gint hf_s7comm_item_driveesany_unknown2 = -1; /* Unknown value 2, 2 Bytes */
static gint hf_s7comm_item_driveesany_unknown3 = -1; /* Unknown value 3, 2 Bytes */
static gint hf_s7comm_item_driveesany_parameter_nr = -1; /* Parameter number, 2 Bytes */
static gint hf_s7comm_item_driveesany_parameter_idx = -1; /* Parameter index, 2 Bytes */
/* NCK access with Syntax-Id 0x82 */
static gint hf_s7comm_item_nck_areaunit = -1; /* Bitmask: aaauuuuu: a=area, u=unit */
static gint hf_s7comm_item_nck_area = -1;
static gint hf_s7comm_item_nck_unit = -1;
static gint hf_s7comm_item_nck_column = -1;
static gint hf_s7comm_item_nck_line = -1;
static gint hf_s7comm_item_nck_module = -1;
static gint hf_s7comm_item_nck_linecount = -1;
static gint hf_s7comm_data = -1;
static gint hf_s7comm_data_returncode = -1; /* return code, 1 byte */
static gint hf_s7comm_data_transport_size = -1; /* transport size 1 byte */
static gint hf_s7comm_data_length = -1; /* Length of data, 2 Bytes */
static gint hf_s7comm_data_item = -1;
static gint hf_s7comm_readresponse_data = -1;
static gint hf_s7comm_data_fillbyte = -1;
/* timefunction: s7 timestamp */
static gint hf_s7comm_data_ts = -1;
static gint hf_s7comm_data_ts_reserved = -1;
static gint hf_s7comm_data_ts_year1 = -1; /* first byte of BCD coded year, should be ignored */
static gint hf_s7comm_data_ts_year2 = -1; /* second byte of BCD coded year, if 00...89 then it's 2000...2089, else 1990...1999*/
static gint hf_s7comm_data_ts_month = -1;
static gint hf_s7comm_data_ts_day = -1;
static gint hf_s7comm_data_ts_hour = -1;
static gint hf_s7comm_data_ts_minute = -1;
static gint hf_s7comm_data_ts_second = -1;
static gint hf_s7comm_data_ts_millisecond = -1;
static gint hf_s7comm_data_ts_weekday = -1;
/* userdata, block services */
static gint hf_s7comm_userdata_data = -1;
static gint hf_s7comm_userdata_param_head = -1;
static gint hf_s7comm_userdata_param_len = -1;
static gint hf_s7comm_userdata_param_reqres2 = -1;
static gint hf_s7comm_userdata_param_type = -1;
static gint hf_s7comm_userdata_param_funcgroup = -1;
static gint hf_s7comm_userdata_param_subfunc_prog = -1;
static gint hf_s7comm_userdata_param_subfunc_cyclic = -1;
static gint hf_s7comm_userdata_param_subfunc_block = -1;
static gint hf_s7comm_userdata_param_subfunc_cpu = -1;
static gint hf_s7comm_userdata_param_subfunc_sec = -1;
static gint hf_s7comm_userdata_param_subfunc_time = -1;
static gint hf_s7comm_userdata_param_subfunc_ncprg = -1;
static gint hf_s7comm_userdata_param_subfunc = -1; /* for all other subfunctions */
static gint hf_s7comm_userdata_param_seq_num = -1;
static gint hf_s7comm_userdata_param_dataunitref = -1;
static gint hf_s7comm_userdata_param_dataunit = -1;
/* block functions, list blocks of type */
static gint hf_s7comm_ud_blockinfo_block_type = -1; /* Block type, 2 bytes */
static gint hf_s7comm_ud_blockinfo_block_num = -1; /* Block number, 2 bytes as int */
static gint hf_s7comm_ud_blockinfo_block_cnt = -1; /* Count, 2 bytes as int */
static gint hf_s7comm_ud_blockinfo_block_flags = -1; /* Block flags (unknown), 1 byte */
static gint hf_s7comm_ud_blockinfo_block_lang = -1; /* Block language, 1 byte, stringlist blocklanguage_names */
/* block functions, get block infos */
static gint hf_s7comm_ud_blockinfo_block_num_ascii = -1; /* Block number, 5 bytes, ASCII*/
static gint hf_s7comm_ud_blockinfo_filesys = -1; /* Filesystem, 1 byte, ASCII*/
static gint hf_s7comm_ud_blockinfo_res_infolength = -1; /* Length of Info, 2 bytes as int */
static gint hf_s7comm_ud_blockinfo_res_unknown2 = -1; /* Unknown blockinfo 2, 2 bytes, HEX*/
static gint hf_s7comm_ud_blockinfo_res_const3 = -1; /* Constant 3, 2 bytes, ASCII */
static gint hf_s7comm_ud_blockinfo_res_unknown = -1; /* Unknown byte(s) */
static gint hf_s7comm_ud_blockinfo_subblk_type = -1; /* Subblk type, 1 byte, stringlist subblktype_names */
static gint hf_s7comm_ud_blockinfo_load_mem_len = -1; /* Length load memory, 4 bytes, int */
static gint hf_s7comm_ud_blockinfo_blocksecurity = -1; /* Block Security, 4 bytes, stringlist blocksecurity_names*/
static gint hf_s7comm_ud_blockinfo_interface_timestamp = -1;/* Interface Timestamp, string */
static gint hf_s7comm_ud_blockinfo_code_timestamp = -1; /* Code Timestamp, string */
static gint hf_s7comm_ud_blockinfo_ssb_len = -1; /* SSB length, 2 bytes, int */
static gint hf_s7comm_ud_blockinfo_add_len = -1; /* ADD length, 2 bytes, int */
static gint hf_s7comm_ud_blockinfo_localdata_len = -1; /* Length localdata, 2 bytes, int */
static gint hf_s7comm_ud_blockinfo_mc7_len = -1; /* Length MC7 code, 2 bytes, int */
static gint hf_s7comm_ud_blockinfo_author = -1; /* Author, 8 bytes, ASCII */
static gint hf_s7comm_ud_blockinfo_family = -1; /* Family, 8 bytes, ASCII */
static gint hf_s7comm_ud_blockinfo_headername = -1; /* Name (Header), 8 bytes, ASCII */
static gint hf_s7comm_ud_blockinfo_headerversion = -1; /* Version (Header), 8 bytes, ASCII */
static gint hf_s7comm_ud_blockinfo_checksum = -1; /* Block checksum, 2 bytes, HEX */
static gint hf_s7comm_ud_blockinfo_reserved1 = -1; /* Reserved 1, 4 bytes, HEX */
static gint hf_s7comm_ud_blockinfo_reserved2 = -1; /* Reserved 2, 4 bytes, HEX */
static gint hf_s7comm_userdata_blockinfo_flags = -1; /* Some flags in Block info response */
static gint hf_s7comm_userdata_blockinfo_linked = -1; /* Some flags in Block info response */
static gint hf_s7comm_userdata_blockinfo_standard_block = -1;
static gint hf_s7comm_userdata_blockinfo_nonretain = -1; /* Some flags in Block info response */
static gint ett_s7comm_userdata_blockinfo_flags = -1;
static const int *s7comm_userdata_blockinfo_flags_fields[] = {
&hf_s7comm_userdata_blockinfo_linked,
&hf_s7comm_userdata_blockinfo_standard_block,
&hf_s7comm_userdata_blockinfo_nonretain,
NULL
};
/* Programmer commands, diagnostic data */
static gint hf_s7comm_diagdata_req_askheadersize = -1; /* Ask header size, 2 bytes as int */
static gint hf_s7comm_diagdata_req_asksize = -1; /* Ask size, 2 bytes as int */
static gint hf_s7comm_diagdata_req_unknown = -1; /* for all unknown bytes */
static gint hf_s7comm_diagdata_req_answersize = -1; /* Answer size, 2 bytes as int */
static gint hf_s7comm_diagdata_req_block_type = -1; /* Block type, 1 byte, stringlist subblktype_names */
static gint hf_s7comm_diagdata_req_block_num = -1; /* Block number, 2 bytes as int */
static gint hf_s7comm_diagdata_req_startaddr_awl = -1; /* Start address AWL, 2 bytes as int */
static gint hf_s7comm_diagdata_req_saz = -1; /* Step address counter (SAZ), 2 bytes as int */
static gint hf_s7comm_diagdata_req_number_of_lines = -1; /* Number of lines, 1 byte as int */
static gint hf_s7comm_diagdata_req_line_address = -1; /* Address, 2 bytes as int */
/* Flags for requested registers in diagnostic data telegrams */
static gint hf_s7comm_diagdata_registerflag = -1; /* Registerflags */
static gint hf_s7comm_diagdata_registerflag_stw = -1; /* STW = Status word */
static gint hf_s7comm_diagdata_registerflag_accu1 = -1; /* Accumulator 1 */
static gint hf_s7comm_diagdata_registerflag_accu2 = -1; /* Accumulator 2 */
static gint hf_s7comm_diagdata_registerflag_ar1 = -1; /* Addressregister 1 */
static gint hf_s7comm_diagdata_registerflag_ar2 = -1; /* Addressregister 2 */
static gint hf_s7comm_diagdata_registerflag_db1 = -1; /* Datablock register 1 */
static gint hf_s7comm_diagdata_registerflag_db2 = -1; /* Datablock register 2 */
static gint ett_s7comm_diagdata_registerflag = -1;
static const int *s7comm_diagdata_registerflag_fields[] = {
&hf_s7comm_diagdata_registerflag_stw,
&hf_s7comm_diagdata_registerflag_accu1,
&hf_s7comm_diagdata_registerflag_accu2,
&hf_s7comm_diagdata_registerflag_ar1,
&hf_s7comm_diagdata_registerflag_ar2,
&hf_s7comm_diagdata_registerflag_db1,
&hf_s7comm_diagdata_registerflag_db2,
NULL
};
static expert_field ei_s7comm_data_blockcontrol_block_num_invalid = EI_INIT;
static expert_field ei_s7comm_ud_blockinfo_block_num_ascii_invalid = EI_INIT;
/* PI service name IDs. Index represents the index in pi_service_names */
typedef enum
{
S7COMM_PI_UNKNOWN = 0,
S7COMM_PI_INSE,
S7COMM_PI_DELE,
S7COMM_PIP_PROGRAM,
S7COMM_PI_MODU,
S7COMM_PI_GARB,
S7COMM_PI_N_LOGIN_,
S7COMM_PI_N_LOGOUT,
S7COMM_PI_N_CANCEL,
S7COMM_PI_N_DASAVE,
S7COMM_PI_N_DIGIOF,
S7COMM_PI_N_DIGION,
S7COMM_PI_N_DZERO_,
S7COMM_PI_N_ENDEXT,
S7COMM_PI_N_F_OPER,
S7COMM_PI_N_OST_OF,
S7COMM_PI_N_OST_ON,
S7COMM_PI_N_SCALE_,
S7COMM_PI_N_SETUFR,
S7COMM_PI_N_STRTLK,
S7COMM_PI_N_STRTUL,
S7COMM_PI_N_TMRASS,
S7COMM_PI_N_F_DELE,
S7COMM_PI_N_EXTERN,
S7COMM_PI_N_EXTMOD,
S7COMM_PI_N_F_DELR,
S7COMM_PI_N_F_XFER,
S7COMM_PI_N_LOCKE_,
S7COMM_PI_N_SELECT,
S7COMM_PI_N_SRTEXT,
S7COMM_PI_N_F_CLOS,
S7COMM_PI_N_F_OPEN,
S7COMM_PI_N_F_SEEK,
S7COMM_PI_N_ASUP__,
S7COMM_PI_N_CHEKDM,
S7COMM_PI_N_CHKDNO,
S7COMM_PI_N_CONFIG,
S7COMM_PI_N_CRCEDN,
S7COMM_PI_N_DELECE,
S7COMM_PI_N_CREACE,
S7COMM_PI_N_CREATO,
S7COMM_PI_N_DELETO,
S7COMM_PI_N_CRTOCE,
S7COMM_PI_N_DELVAR,
S7COMM_PI_N_F_COPY,
S7COMM_PI_N_F_DMDA,
S7COMM_PI_N_F_PROT,
S7COMM_PI_N_F_RENA,
S7COMM_PI_N_FINDBL,
S7COMM_PI_N_IBN_SS,
S7COMM_PI_N_MMCSEM,
S7COMM_PI_N_NCKMOD,
S7COMM_PI_N_NEWPWD,
S7COMM_PI_N_SEL_BL,
S7COMM_PI_N_SETTST,
S7COMM_PI_N_TMAWCO,
S7COMM_PI_N_TMCRTC,
S7COMM_PI_N_TMCRTO,
S7COMM_PI_N_TMFDPL,
S7COMM_PI_N_TMFPBP,
S7COMM_PI_N_TMGETT,
S7COMM_PI_N_TMMVTL,
S7COMM_PI_N_TMPCIT,
S7COMM_PI_N_TMPOSM,
S7COMM_PI_N_TRESMO,
S7COMM_PI_N_TSEARC
} pi_service_e;
/* Description for PI service names */
static const string_string pi_service_names[] = {
{ "UNKNOWN", "PI-Service is currently unknown" },
{ "_INSE", "PI-Service _INSE (Activates a PLC module)" },
{ "_DELE", "PI-Service _DELE (Removes module from the PLC's passive file system)" },
{ "P_PROGRAM", "PI-Service P_PROGRAM (PLC Start / Stop)" },
{ "_MODU", "PI-Service _MODU (PLC Copy Ram to Rom)" },
{ "_GARB", "PI-Service _GARB (Compress PLC memory)" },
{ "_N_LOGIN_", "PI-Service _N_LOGIN_ (Login)" },
{ "_N_LOGOUT", "PI-Service _N_LOGOUT (Logout)" },
{ "_N_CANCEL", "PI-Service _N_CANCEL (Cancels NC alarm)" },
{ "_N_DASAVE", "PI-Service _N_DASAVE (PI-Service for copying data from SRAM to FLASH)" },
{ "_N_DIGIOF", "PI-Service _N_DIGIOF (Turns off digitizing)" },
{ "_N_DIGION", "PI-Service _N_DIGION (Turns on digitizing)" },
{ "_N_DZERO_", "PI-Service _N_DZERO_ (Set all D nos. invalid for function \"unique D no.\")" },
{ "_N_ENDEXT", "PI-Service _N_ENDEXT ()" },
{ "_N_F_OPER", "PI-Service _N_F_OPER (Opens a file read-only)" },
{ "_N_OST_OF", "PI-Service _N_OST_OF (Overstore OFF)" },
{ "_N_OST_ON", "PI-Service _N_OST_ON (Overstore ON)" },
{ "_N_SCALE_", "PI-Service _N_SCALE_ (Unit of measurement setting (metric<->INCH))" },
{ "_N_SETUFR", "PI-Service _N_SETUFR (Activates user frame)" },
{ "_N_STRTLK", "PI-Service _N_STRTLK (The global start disable is set)" },
{ "_N_STRTUL", "PI-Service _N_STRTUL (The global start disable is reset)" },
{ "_N_TMRASS", "PI-Service _N_TMRASS (Resets the Active status)" },
{ "_N_F_DELE", "PI-Service _N_F_DELE (Deletes file)" },
{ "_N_EXTERN", "PI-Service _N_EXTERN (Selects external program for execution)" },
{ "_N_EXTMOD", "PI-Service _N_EXTMOD (Selects external program for execution)" },
{ "_N_F_DELR", "PI-Service _N_F_DELR (Delete file even without access rights)" },
{ "_N_F_XFER", "PI-Service _N_F_XFER (Selects file for uploading)" },
{ "_N_LOCKE_", "PI-Service _N_LOCKE_ (Locks the active file for editing)" },
{ "_N_SELECT", "PI-Service _N_SELECT (Selects program for execution)" },
{ "_N_SRTEXT", "PI-Service _N_SRTEXT (A file is being marked in /_N_EXT_DIR)" },
{ "_N_F_CLOS", "PI-Service _N_F_CLOS (Closes file)" },
{ "_N_F_OPEN", "PI-Service _N_F_OPEN (Opens file)" },
{ "_N_F_SEEK", "PI-Service _N_F_SEEK (Position the file search pointer)" },
{ "_N_ASUP__", "PI-Service _N_ASUP__ (Assigns interrupt)" },
{ "_N_CHEKDM", "PI-Service _N_CHEKDM (Start uniqueness check on D numbers)" },
{ "_N_CHKDNO", "PI-Service _N_CHKDNO (Check whether the tools have unique D numbers)" },
{ "_N_CONFIG", "PI-Service _N_CONFIG (Reconfigures machine data)" },
{ "_N_CRCEDN", "PI-Service _N_CRCEDN (Creates a cutting edge by specifying an edge no.)" },
{ "_N_DELECE", "PI-Service _N_DELECE (Deletes a cutting edge)" },
{ "_N_CREACE", "PI-Service _N_CREACE (Creates a cutting edge)" },
{ "_N_CREATO", "PI-Service _N_CREATO (Creates a tool)" },
{ "_N_DELETO", "PI-Service _N_DELETO (Deletes tool)" },
{ "_N_CRTOCE", "PI-Service _N_CRTOCE (Generate tool with specified edge number)" },
{ "_N_DELVAR", "PI-Service _N_DELVAR (Delete data block)" },
{ "_N_F_COPY", "PI-Service _N_F_COPY (Copies file within the NCK)" },
{ "_N_F_DMDA", "PI-Service _N_F_DMDA (Deletes MDA memory)" },
{ "_N_F_PROT", "PI-Service _N_F_PROT (Assigns a protection level to a file)" },
{ "_N_F_RENA", "PI-Service _N_F_RENA (Renames file)" },
{ "_N_FINDBL", "PI-Service _N_FINDBL (Activates search)" },
{ "_N_IBN_SS", "PI-Service _N_IBN_SS (Sets the set-up switch)" },
{ "_N_MMCSEM", "PI-Service _N_MMCSEM (MMC-Semaphore)" },
{ "_N_NCKMOD", "PI-Service _N_NCKMOD (The mode in which the NCK will work is being set)" },
{ "_N_NEWPWD", "PI-Service _N_NEWPWD (New password)" },
{ "_N_SEL_BL", "PI-Service _N_SEL_BL (Selects a new block)" },
{ "_N_SETTST", "PI-Service _N_SETTST (Activate tools for replacement tool group)" },
{ "_N_TMAWCO", "PI-Service _N_TMAWCO (Set the active wear group in one magazine)" },
{ "_N_TMCRTC", "PI-Service _N_TMCRTC (Create tool with specified edge number)" },
{ "_N_TMCRTO", "PI-Service _N_TMCRTO (Creates tool in the tool management)" },
{ "_N_TMFDPL", "PI-Service _N_TMFDPL (Searches an empty place for loading)" },
{ "_N_TMFPBP", "PI-Service _N_TMFPBP (Searches for empty location)" },
{ "_N_TMGETT", "PI-Service _N_TMGETT (Determines T-number for specific toolID with Duplono)" },
{ "_N_TMMVTL", "PI-Service _N_TMMVTL (Loads or unloads a tool)" },
{ "_N_TMPCIT", "PI-Service _N_TMPCIT (Sets increment value of the piece counter)" },
{ "_N_TMPOSM", "PI-Service _N_TMPOSM (Positions a magazine or tool)" },
{ "_N_TRESMO", "PI-Service _N_TRESMO (Reset monitoring values)" },
{ "_N_TSEARC", "PI-Service _N_TSEARC (Complex search via search screenforms)" },
{ NULL, NULL }
};
/* Function 0x28 (PI Start) */
static gint hf_s7comm_piservice_unknown1 = -1; /* Unknown bytes */
static gint hf_s7comm_piservice_parameterblock = -1;
static gint hf_s7comm_piservice_parameterblock_len = -1;
static gint hf_s7comm_piservice_servicename = -1;
static gint ett_s7comm_piservice_parameterblock = -1;
static gint hf_s7comm_piservice_string_len = -1;
static gint hf_s7comm_pi_n_x_addressident = -1;
static gint hf_s7comm_pi_n_x_password = -1;
static gint hf_s7comm_pi_n_x_filename = -1;
static gint hf_s7comm_pi_n_x_editwindowname = -1;
static gint hf_s7comm_pi_n_x_seekpointer = -1;
static gint hf_s7comm_pi_n_x_windowsize = -1;
static gint hf_s7comm_pi_n_x_comparestring = -1;
static gint hf_s7comm_pi_n_x_skipcount = -1;
static gint hf_s7comm_pi_n_x_interruptnr = -1;
static gint hf_s7comm_pi_n_x_priority = -1;
static gint hf_s7comm_pi_n_x_liftfast = -1;
static gint hf_s7comm_pi_n_x_blsync = -1;
static gint hf_s7comm_pi_n_x_magnr = -1;
static gint hf_s7comm_pi_n_x_dnr = -1;
static gint hf_s7comm_pi_n_x_spindlenumber = -1;
static gint hf_s7comm_pi_n_x_wznr = -1;
static gint hf_s7comm_pi_n_x_class = -1;
static gint hf_s7comm_pi_n_x_tnr = -1;
static gint hf_s7comm_pi_n_x_toolnumber = -1;
static gint hf_s7comm_pi_n_x_cenumber = -1;
static gint hf_s7comm_pi_n_x_datablocknumber = -1;
static gint hf_s7comm_pi_n_x_firstcolumnnumber = -1;
static gint hf_s7comm_pi_n_x_lastcolumnnumber = -1;
static gint hf_s7comm_pi_n_x_firstrownumber = -1;
static gint hf_s7comm_pi_n_x_lastrownumber = -1;
static gint hf_s7comm_pi_n_x_direction = -1;
static gint hf_s7comm_pi_n_x_sourcefilename = -1;
static gint hf_s7comm_pi_n_x_destinationfilename = -1;
static gint hf_s7comm_pi_n_x_channelnumber = -1;
static gint hf_s7comm_pi_n_x_protection = -1;
static gint hf_s7comm_pi_n_x_oldfilename = -1;
static gint hf_s7comm_pi_n_x_newfilename = -1;
static gint hf_s7comm_pi_n_x_findmode = -1;
static gint hf_s7comm_pi_n_x_switch = -1;
static gint hf_s7comm_pi_n_x_functionnumber = -1;
static gint hf_s7comm_pi_n_x_semaphorvalue = -1;
static gint hf_s7comm_pi_n_x_onoff = -1;
static gint hf_s7comm_pi_n_x_mode = -1;
static gint hf_s7comm_pi_n_x_factor = -1;
static gint hf_s7comm_pi_n_x_passwordlevel = -1;
static gint hf_s7comm_pi_n_x_linenumber = -1;
static gint hf_s7comm_pi_n_x_weargroup = -1;
static gint hf_s7comm_pi_n_x_toolstatus = -1;
static gint hf_s7comm_pi_n_x_wearsearchstrat = -1;
static gint hf_s7comm_pi_n_x_toolid = -1;
static gint hf_s7comm_pi_n_x_duplonumber = -1;
static gint hf_s7comm_pi_n_x_edgenumber = -1;
static gint hf_s7comm_pi_n_x_placenr = -1;
static gint hf_s7comm_pi_n_x_placerefnr = -1;
static gint hf_s7comm_pi_n_x_magrefnr = -1;
static gint hf_s7comm_pi_n_x_magnrfrom = -1;
static gint hf_s7comm_pi_n_x_placenrfrom = -1;
static gint hf_s7comm_pi_n_x_magnrto = -1;
static gint hf_s7comm_pi_n_x_placenrto = -1;
static gint hf_s7comm_pi_n_x_halfplacesleft = -1;
static gint hf_s7comm_pi_n_x_halfplacesright = -1;
static gint hf_s7comm_pi_n_x_halfplacesup = -1;
static gint hf_s7comm_pi_n_x_halfplacesdown = -1;
static gint hf_s7comm_pi_n_x_placetype = -1;
static gint hf_s7comm_pi_n_x_searchdirection = -1;
static gint hf_s7comm_pi_n_x_toolname = -1;
static gint hf_s7comm_pi_n_x_placenrsource = -1;
static gint hf_s7comm_pi_n_x_magnrsource = -1;
static gint hf_s7comm_pi_n_x_placenrdestination = -1;
static gint hf_s7comm_pi_n_x_magnrdestination = -1;
static gint hf_s7comm_pi_n_x_incrementnumber = -1;
static gint hf_s7comm_pi_n_x_monitoringmode = -1;
static gint hf_s7comm_pi_n_x_kindofsearch = -1;
static gint hf_s7comm_data_plccontrol_argument = -1; /* Argument, 2 Bytes as char */
static gint hf_s7comm_data_plccontrol_block_cnt = -1; /* Number of blocks, 1 Byte as int */
static gint hf_s7comm_data_pi_inse_unknown = -1;
static gint hf_s7comm_data_plccontrol_part2_len = -1; /* Length part 2 in bytes, 1 Byte as Int */
/* block control functions */
static gint hf_s7comm_data_blockcontrol_unknown1 = -1; /* for all unknown bytes in blockcontrol */
static gint hf_s7comm_data_blockcontrol_errorcode = -1; /* Error code 2 bytes as int, 0 is no error */
static gint hf_s7comm_data_blockcontrol_uploadid = -1;
static gint hf_s7comm_data_blockcontrol_file_ident = -1; /* File identifier, as ASCII */
static gint hf_s7comm_data_blockcontrol_block_type = -1; /* Block type, 2 Byte */
static gint hf_s7comm_data_blockcontrol_block_num = -1; /* Block number, 5 Bytes, ASCII */
static gint hf_s7comm_data_blockcontrol_dest_filesys = -1; /* Destination filesystem, 1 Byte, ASCII */
static gint hf_s7comm_data_blockcontrol_part2_len = -1; /* Length part 2 in bytes, 1 Byte Int */
static gint hf_s7comm_data_blockcontrol_part2_unknown = -1; /* Unknown char, ASCII */
static gint hf_s7comm_data_blockcontrol_loadmem_len = -1; /* Length load memory in bytes, ASCII */
static gint hf_s7comm_data_blockcontrol_mc7code_len = -1; /* Length of MC7 code in bytes, ASCII */
static gint hf_s7comm_data_blockcontrol_filename_len = -1;
static gint hf_s7comm_data_blockcontrol_filename = -1;
static gint hf_s7comm_data_blockcontrol_upl_lenstring_len = -1;
static gint hf_s7comm_data_blockcontrol_upl_lenstring = -1;
static gint hf_s7comm_data_blockcontrol_functionstatus = -1;
static gint hf_s7comm_data_blockcontrol_functionstatus_more = -1;
static gint hf_s7comm_data_blockcontrol_functionstatus_error = -1;
static gint ett_s7comm_data_blockcontrol_status = -1;
static const int *s7comm_data_blockcontrol_status_fields[] = {
&hf_s7comm_data_blockcontrol_functionstatus_more,
&hf_s7comm_data_blockcontrol_functionstatus_error,
NULL
};
static gint ett_s7comm_plcfilename = -1;
static gint hf_s7comm_data_ncprg_unackcount = -1;
/* Variable table */
static gint hf_s7comm_vartab_data_type = -1; /* Type of data, 1 byte, stringlist userdata_prog_vartab_type_names */
static gint hf_s7comm_vartab_byte_count = -1; /* Byte count, 2 bytes, int */
static gint hf_s7comm_vartab_unknown = -1; /* Unknown byte(s), hex */
static gint hf_s7comm_vartab_item_count = -1; /* Item count, 2 bytes, int */
static gint hf_s7comm_vartab_req_memory_area = -1; /* Memory area, 1 byte, stringlist userdata_prog_vartab_area_names */
static gint hf_s7comm_vartab_req_repetition_factor = -1; /* Repetition factor, 1 byte as int */
static gint hf_s7comm_vartab_req_db_number = -1; /* DB number, 2 bytes as int */
static gint hf_s7comm_vartab_req_startaddress = -1; /* Startaddress, 2 bytes as int */
/* cyclic data */
static gint hf_s7comm_cycl_interval_timebase = -1; /* Interval timebase, 1 byte, int */
static gint hf_s7comm_cycl_interval_time = -1; /* Interval time, 1 byte, int */
/* PBC, Programmable Block Functions */
static gint hf_s7comm_pbc_unknown = -1; /* unknown, 1 byte */
static gint hf_s7comm_pbc_r_id = -1; /* Request ID R_ID, 4 bytes as hex */
/* Alarm messages */
static gint hf_s7comm_cpu_alarm_message_item = -1;
static gint hf_s7comm_cpu_alarm_message_obj_item = -1;
static gint hf_s7comm_cpu_alarm_message_function = -1;
static gint hf_s7comm_cpu_alarm_message_nr_objects = -1;
static gint hf_s7comm_cpu_alarm_message_nr_add_values = -1;
static gint hf_s7comm_cpu_alarm_message_eventid = -1;
static gint hf_s7comm_cpu_alarm_message_timestamp_coming = -1;
static gint hf_s7comm_cpu_alarm_message_timestamp_going = -1;
static gint hf_s7comm_cpu_alarm_message_associated_value = -1;
static gint hf_s7comm_cpu_alarm_message_eventstate = -1;
static gint hf_s7comm_cpu_alarm_message_state = -1;
static gint hf_s7comm_cpu_alarm_message_ackstate_coming = -1;
static gint hf_s7comm_cpu_alarm_message_ackstate_going = -1;
static gint hf_s7comm_cpu_alarm_message_event_coming = -1;
static gint hf_s7comm_cpu_alarm_message_event_going = -1;
static gint hf_s7comm_cpu_alarm_message_event_lastchanged = -1;
static gint hf_s7comm_cpu_alarm_message_event_reserved = -1;
static gint hf_s7comm_cpu_alarm_message_scan_unknown1 = -1;
static gint hf_s7comm_cpu_alarm_message_scan_unknown2 = -1;
static gint hf_s7comm_cpu_alarm_message_signal_sig1 = -1;
static gint hf_s7comm_cpu_alarm_message_signal_sig2 = -1;
static gint hf_s7comm_cpu_alarm_message_signal_sig3 = -1;
static gint hf_s7comm_cpu_alarm_message_signal_sig4 = -1;
static gint hf_s7comm_cpu_alarm_message_signal_sig5 = -1;
static gint hf_s7comm_cpu_alarm_message_signal_sig6 = -1;
static gint hf_s7comm_cpu_alarm_message_signal_sig7 = -1;
static gint hf_s7comm_cpu_alarm_message_signal_sig8 = -1;
static gint ett_s7comm_cpu_alarm_message_signal = -1;
static const int *s7comm_cpu_alarm_message_signal_fields[] = {
&hf_s7comm_cpu_alarm_message_signal_sig1,
&hf_s7comm_cpu_alarm_message_signal_sig2,
&hf_s7comm_cpu_alarm_message_signal_sig3,
&hf_s7comm_cpu_alarm_message_signal_sig4,
&hf_s7comm_cpu_alarm_message_signal_sig5,
&hf_s7comm_cpu_alarm_message_signal_sig6,
&hf_s7comm_cpu_alarm_message_signal_sig7,
&hf_s7comm_cpu_alarm_message_signal_sig8,
NULL
};
static gint hf_s7comm_cpu_alarm_query_unknown1 = -1;
static gint hf_s7comm_cpu_alarm_query_querytype = -1;
static gint hf_s7comm_cpu_alarm_query_unknown2 = -1;
static gint hf_s7comm_cpu_alarm_query_alarmtype = -1;
static gint hf_s7comm_cpu_alarm_query_completelen = -1;
static gint hf_s7comm_cpu_alarm_query_datasetlen = -1;
static gint hf_s7comm_cpu_alarm_query_resunknown1 = -1;
/* CPU diagnostic messages */
static gint hf_s7comm_cpu_diag_msg_item = -1;
static gint hf_s7comm_cpu_diag_msg_eventid = -1;
static gint hf_s7comm_cpu_diag_msg_eventid_class = -1;
static gint hf_s7comm_cpu_diag_msg_eventid_ident_entleave = -1;
static gint hf_s7comm_cpu_diag_msg_eventid_ident_diagbuf = -1;
static gint hf_s7comm_cpu_diag_msg_eventid_ident_interr = -1;
static gint hf_s7comm_cpu_diag_msg_eventid_ident_exterr = -1;
static gint hf_s7comm_cpu_diag_msg_eventid_nr = -1;
static gint hf_s7comm_cpu_diag_msg_prioclass = -1;
static gint hf_s7comm_cpu_diag_msg_obnumber = -1;
static gint hf_s7comm_cpu_diag_msg_datid = -1;
static gint hf_s7comm_cpu_diag_msg_info1 = -1;
static gint hf_s7comm_cpu_diag_msg_info2 = -1;
static gint ett_s7comm_cpu_diag_msg_eventid = -1;
static const int *s7comm_cpu_diag_msg_eventid_fields[] = {
&hf_s7comm_cpu_diag_msg_eventid_class,
&hf_s7comm_cpu_diag_msg_eventid_ident_entleave,
&hf_s7comm_cpu_diag_msg_eventid_ident_diagbuf,
&hf_s7comm_cpu_diag_msg_eventid_ident_interr,
&hf_s7comm_cpu_diag_msg_eventid_ident_exterr,
&hf_s7comm_cpu_diag_msg_eventid_nr,
NULL
};
static const true_false_string tfs_s7comm_cpu_diag_msg_eventid_ident_entleave = {
"Event entering",
"Event leaving"
};
static const value_string cpu_diag_msg_eventid_class_names[] = {
{ 0x01, "Standard OB events" },
{ 0x02, "Synchronous errors" },
{ 0x03, "Asynchronous errors" },
{ 0x04, "Mode transitions" },
{ 0x05, "Run-time events" },
{ 0x06, "Communication events" },
{ 0x07, "Events for fail-safe and fault-tolerant systems" },
{ 0x08, "Standardized diagnostic data on modules" },
{ 0x09, "Predefined user events" },
{ 0x0a, "Freely definable events" },
{ 0x0b, "Freely definable events" },
{ 0x0c, "Reserved" },
{ 0x0d, "Reserved" },
{ 0x0e, "Reserved" },
{ 0x0f, "Events for modules other than CPUs" },
{ 0, NULL }
};
static const value_string cpu_diag_eventid_fix_names[] = {
{ 0x113A, "Start request for cyclic interrupt OB with special handling (S7-300 only)" },
{ 0x1155, "Status alarm for PROFIBUS DP" },
{ 0x1156, "Update interrupt for PROFIBUS DP" },
{ 0x1157, "Manufacturer interrupt for PROFIBUS DP" },
{ 0x1158, "Status interrupt for PROFINET IO" },
{ 0x1159, "Update interrupt for PROFINET IO" },
{ 0x115A, "Manufacturer interrupt for PROFINET IO" },
{ 0x115B, "IO: Profile-specific interrupt" },
{ 0x116A, "Technology synchronization interrupt" },
{ 0x1381, "Request for manual warm restart" },
{ 0x1382, "Request for automatic warm restart" },
{ 0x1383, "Request for manual hot restart" },
{ 0x1384, "Request for automatic hot restart" },
{ 0x1385, "Request for manual cold restart" },
{ 0x1386, "Request for automatic cold restart" },
{ 0x1387, "Master CPU: request for manual cold restart" },
{ 0x1388, "Master CPU: request for automatic cold restart" },
{ 0x138A, "Master CPU: request for manual warm restart" },
{ 0x138B, "Master CPU: request for automatic warm restart" },
{ 0x138C, "Standby CPU: request for manual hot restart" },
{ 0x138D, "Standby CPU: request for automatic hot restart" },
{ 0x2521, "BCD conversion error" },
{ 0x2522, "Area length error when reading" },
{ 0x2523, "Area length error when writing" },
{ 0x2524, "Area error when reading" },
{ 0x2525, "Area error when writing" },
{ 0x2526, "Timer number error" },
{ 0x2527, "Counter number error" },
{ 0x2528, "Alignment error when reading" },
{ 0x2529, "Alignment error when writing" },
{ 0x2530, "Write error when accessing the DB" },
{ 0x2531, "Write error when accessing the DI" },
{ 0x2532, "Block number error when opening a DB" },
{ 0x2533, "Block number error when opening a DI" },
{ 0x2534, "Block number error when calling an FC" },
{ 0x2535, "Block number error when calling an FB" },
{ 0x253A, "DB not loaded" },
{ 0x253C, "FC not loaded" },
{ 0x253D, "SFC not loaded" },
{ 0x253E, "FB not loaded" },
{ 0x253F, "SFB not loaded" },
{ 0x2942, "I/O access error, reading" },
{ 0x2943, "I/O access error, writing" },
{ 0x3267, "End of module reconfiguration" },
{ 0x3367, "Start of module reconfiguration" },
{ 0x34A4, "PROFInet Interface DB can be addressed again" },
{ 0x3501, "Cycle time exceeded" },
{ 0x3502, "User interface (OB or FRB) request error" },
{ 0x3503, "Delay too long processing a priority class" },
{ 0x3505, "Time-of-day interrupt(s) skipped due to new clock setting" },
{ 0x3506, "Time-of-day interrupt(s) skipped when changing to RUN after HOLD" },
{ 0x3507, "Multiple OB request errors caused internal buffer overflow" },
{ 0x3508, "Synchronous cycle interrupt-timing error" },
{ 0x3509, "Interrupt loss due to excess interrupt load" },
{ 0x350A, "Resume RUN mode after CiR" },
{ 0x350B, "Technology synchronization interrupt - timing error" },
{ 0x3571, "Nesting depth too high in nesting levels" },
{ 0x3572, "Nesting depth for Master Control Relays too high" },
{ 0x3573, "Nesting depth too high after synchronous errors" },
{ 0x3574, "Nesting depth for block calls (U stack) too high" },
{ 0x3575, "Nesting depth for block calls (B stack) too high" },
{ 0x3576, "Local data allocation error" },
{ 0x3578, "Unknown instruction" },
{ 0x357A, "Jump instruction to target outside of the block" },
{ 0x3582, "Memory error detected and corrected by operating system" },
{ 0x3583, "Accumulation of detected and corrected memo errors" },
{ 0x3585, "Error in the PC operating system (only for LC RTX)" },
{ 0x3587, "Multi-bit memory error detected and corrected" },
{ 0x35A1, "User interface (OB or FRB) not found" },
{ 0x35A2, "OB not loaded (started by SFC or operating system due to configuration)" },
{ 0x35A3, "Error when operating system accesses a block" },
{ 0x35A4, "PROFInet Interface DB cannot be addressed" },
{ 0x35D2, "Diagnostic entries cannot be sent at present" },
{ 0x35D3, "Synchronization frames cannot be sent" },
{ 0x35D4, "Illegal time jump resulting from synchronization" },
{ 0x35D5, "Error adopting the synchronization time" },
{ 0x35E1, "Incorrect frame ID in GD" },
{ 0x35E2, "GD packet status cannot be entered in DB" },
{ 0x35E3, "Frame length error in GD" },
{ 0x35E4, "Illegal GD packet number received" },
{ 0x35E5, "Error accessing DB in communication SFBs for configured S7 connections" },
{ 0x35E6, "GD total status cannot be entered in DB" },
{ 0x3821, "BATTF: failure on at least one backup battery of the central rack, problem eliminated" },
{ 0x3822, "BAF: failure of backup voltage on central rack, problem eliminated" },
{ 0x3823, "24 volt supply failure on central rack, problem eliminated" },
{ 0x3825, "BATTF: failure on at least one backup battery of the redundant central rack, problem eliminated" },
{ 0x3826, "BAF: failure of backup voltage on redundant central rack, problem eliminated" },
{ 0x3827, "24 volt supply failure on redundant central rack, problem eliminated" },
{ 0x3831, "BATTF: failure of at least one backup battery of the expansion rack, problem eliminated" },
{ 0x3832, "BAF: failure of backup voltage on expansion rack, problem eliminated" },
{ 0x3833, "24 volt supply failure on at least one expansion rack, problem eliminated" },
{ 0x3842, "Module OK" },
{ 0x3854, "PROFINET IO interface submodule/submodule and matches the configured interface submodule/submodule" },
{ 0x3855, "PROFINET IO interface submodule/submodule inserted, but does not match the configured interface submodule/submodule" },
{ 0x3856, "PROFINET IO interface submodule/submodule inserted, but error in module parameter assignment" },
{ 0x3858, "PROFINET IO interface submodule access error corrected" },
{ 0x3861, "Module/interface module inserted, module type OK" },
{ 0x3863, "Module/interface module plugged in, but wrong module type" },
{ 0x3864, "Module/interface module plugged in, but causing problem (type ID unreadable)" },
{ 0x3865, "Module plugged in, but error in module parameter assignment" },
{ 0x3866, "Module can be addressed again, load voltage error removed" },
{ 0x3881, "Interface error leaving state" },
{ 0x3884, "Interface module plugged in" },
{ 0x38B3, "I/O access error when updating the process image input table" },
{ 0x38B4, "I/O access error when transferring the process image to the output modules" },
{ 0x38C1, "Expansion rack operational again (1 to 21), leaving state" },
{ 0x38C2, "Expansion rack operational again but mismatch between setpoint and actual configuration" },
{ 0x38C4, "Distributed I/Os: station failure, leaving state" },
{ 0x38C5, "Distributed I/Os: station fault, leaving state" },
{ 0x38C6, "Expansion rack operational again, but error(s) in module parameter assignment" },
{ 0x38C7, "DP: station operational again, but error(s) in module parameter assignment" },
{ 0x38C8, "DP: station operational again, but mismatch between setpoint and actual configuration" },
{ 0x38CB, "PROFINET IO station operational again" },
{ 0x38CC, "PROFINET IO station error corrected" },
{ 0x3921, "BATTF: failure on at least one backup battery of the central rack" },
{ 0x3922, "BAF: failure of backup voltage on central rack" },
{ 0x3923, "24 volt supply failure on central rack" },
{ 0x3925, "BATTF: failure on at least one backup battery of the redundant central rack" },
{ 0x3926, "BAF: failure of backup voltage on redundant central rack" },
{ 0x3927, "24 volt supply failure on redundant central rack" },
{ 0x3931, "BATTF: failure of at least one backup battery of the expansion rack" },
{ 0x3932, "BAF: failure of backup voltage on expansion rack" },
{ 0x3933, "24 volt supply failure on at least one expansion rack" },
{ 0x3942, "Module error" },
{ 0x3951, "PROFINET IO submodule removed" },
{ 0x3954, "PROFINET IO interface submodule/submodule removed" },
{ 0x3961, "Module/interface module removed, cannot be addressed" },
{ 0x3966, "Module cannot be addressed, load voltage error" },
{ 0x3968, "Module reconfiguration has ended with error" },
{ 0x3981, "Interface error entering state" },
{ 0x3984, "Interface module removed" },
{ 0x3986, "Performance of an H-Sync link negatively affected" },
{ 0x39B1, "I/O access error when updating the process image input table" },
{ 0x39B2, "I/O access error when transferring the process image to the output modules" },
{ 0x39B3, "I/O access error when updating the process image input table" },
{ 0x39B4, "I/O access error when transferring the process image to the output modules" },
{ 0x39C1, "Expansion rack failure (1 to 21), entering state" },
{ 0x39C3, "Distributed I/Os: master system failure entering state" },
{ 0x39C4, "Distributed I/Os: station failure, entering state" },
{ 0x39C5, "Distributed I/Os: station fault, entering state" },
{ 0x39CA, "PROFINET IO system failure" },
{ 0x39CB, "PROFINET IO station failure" },
{ 0x39CC, "PROFINET IO station error" },
{ 0x39CD, "PROFINET IO station operational again, but expected configuration does not match actual configuration" },
{ 0x39CE, "PROFINET IO station operational again, but error(s) in module parameter assignment" },
{ 0x42F3, "Checksum error detected and corrected by the operating system" },
{ 0x42F4, "Standby CPU: connection/update via SFC90 is locked in the master CPU" },
{ 0x4300, "Backed-up power on" },
{ 0x4301, "Mode transition from STOP to STARTUP" },
{ 0x4302, "Mode transition from STARTUP to RUN" },
{ 0x4303, "STOP caused by stop switch being activated" },
{ 0x4304, "STOP caused by PG STOP operation or by SFB 20 STOP" },
{ 0x4305, "HOLD: breakpoint reached" },
{ 0x4306, "HOLD: breakpoint exited" },
{ 0x4307, "Memory reset started by PG operation" },
{ 0x4308, "Memory reset started by switch setting" },
{ 0x4309, "Memory reset started automatically (power on not backed up)" },
{ 0x430A, "HOLD exited, transition to STOP" },
{ 0x430D, "STOP caused by other CPU in multicomputing" },
{ 0x430E, "Memory reset executed" },
{ 0x430F, "STOP on the module due to STOP on a CPU" },
{ 0x4318, "Start of CiR" },
{ 0x4319, "CiR completed" },
{ 0x4357, "Module watchdog started" },
{ 0x4358, "All modules are ready for operation" },
{ 0x43B0, "Firmware update was successful" },
{ 0x43B4, "Error in firmware fuse" },
{ 0x43B6, "Firmware updates canceled by redundant modules" },
{ 0x43D3, "STOP on standby CPU" },
{ 0x43DC, "Abort during link-up with switchover" },
{ 0x43DE, "Updating aborted due to monitoring time being exceeded during the n-th attempt, new update attempt initiated" },
{ 0x43DF, "Updating aborted for final time due to monitoring time being exceeded after completing the maximum amount of attempts. User intervention required" },
{ 0x43E0, "Change from solo mode after link-up" },
{ 0x43E1, "Change from link-up after updating" },
{ 0x43E2, "Change from updating to redundant mode" },
{ 0x43E3, "Master CPU: change from redundant mode to solo mode" },
{ 0x43E4, "Standby CPU: change from redundant mode after error-search mode" },
{ 0x43E5, "Standby CPU: change from error-search mode after link-up or STOP" },
{ 0x43E6, "Link-up aborted on the standby CPU" },
{ 0x43E7, "Updating aborted on the standby CPU" },
{ 0x43E8, "Standby CPU: change from link-up after startup" },
{ 0x43E9, "Standby CPU: change from startup after updating" },
{ 0x43F1, "Reserve-master switchover" },
{ 0x43F2, "Coupling of incompatible H-CPUs blocked by system program" },
{ 0x4510, "STOP violation of the CPU's data range" },
{ 0x4520, "DEFECTIVE: STOP not possible" },
{ 0x4521, "DEFECTIVE: failure of instruction processing processor" },
{ 0x4522, "DEFECTIVE: failure of clock chip" },
{ 0x4523, "DEFECTIVE: failure of clock pulse generator" },
{ 0x4524, "DEFECTIVE: failure of timer update function" },
{ 0x4525, "DEFECTIVE: failure of multicomputing synchronization" },
{ 0x4527, "DEFECTIVE: failure of I/O access monitoring" },
{ 0x4528, "DEFECTIVE: failure of scan time monitoring" },
{ 0x4530, "DEFECTIVE: memory test error in internal memory" },
{ 0x4532, "DEFECTIVE: failure of core resources" },
{ 0x4536, "DEFECTIVE: switch defective" },
{ 0x4540, "STOP: Memory expansion of the internal work memory has gaps. First memory expansion too small or missing" },
{ 0x4541, "STOP caused by priority class system" },
{ 0x4542, "STOP caused by object management system" },
{ 0x4543, "STOP caused by test functions" },
{ 0x4544, "STOP caused by diagnostic system" },
{ 0x4545, "STOP caused by communication system" },
{ 0x4546, "STOP caused by CPU memory management" },
{ 0x4547, "STOP caused by process image management" },
{ 0x4548, "STOP caused by I/O management" },
{ 0x454A, "STOP caused by configuration: an OB deselected with STEP 7 was being loaded into the CPU during STARTUP" },
{ 0x4550, "DEFECTIVE: internal system error" },
{ 0x4555, "No restart possible, monitoring time elapsed" },
{ 0x4556, "STOP: memory reset request from communication system / due to data inconsistency" },
{ 0x4562, "STOP caused by programming error (OB not loaded or not possible)" },
{ 0x4563, "STOP caused by I/O access error (OB not loaded or not possible)" },
{ 0x4567, "STOP caused by H event" },
{ 0x4568, "STOP caused by time error (OB not loaded or not possible)" },
{ 0x456A, "STOP caused by diagnostic interrupt (OB not loaded or not possible)" },
{ 0x456B, "STOP caused by removing/inserting module (OB not loaded or not possible)" },
{ 0x456C, "STOP caused by CPU hardware error (OB not loaded or not possible, or no FRB)" },
{ 0x456D, "STOP caused by program sequence error (OB not loaded or not possible)" },
{ 0x456E, "STOP caused by communication error (OB not loaded or not possible)" },
{ 0x456F, "STOP caused by rack failure OB (OB not loaded or not possible)" },
{ 0x4570, "STOP caused by process interrupt (OB not loaded or not possible)" },
{ 0x4571, "STOP caused by nesting stack error" },
{ 0x4572, "STOP caused by master control relay stack error" },
{ 0x4573, "STOP caused by exceeding the nesting depth for synchronous errors" },
{ 0x4574, "STOP caused by exceeding interrupt stack nesting depth in the priority class stack" },
{ 0x4575, "STOP caused by exceeding block stack nesting depth in the priority class stack" },
{ 0x4576, "STOP caused by error when allocating the local data" },
{ 0x4578, "STOP caused by unknown opcode" },
{ 0x457A, "STOP caused by code length error" },
{ 0x457B, "STOP caused by DB not being loaded on on-board I/Os" },
{ 0x457D, "Reset/clear request because the version of the internal interface to the integrated technology was changed" },
{ 0x457F, "STOP caused by STOP command" },
{ 0x4580, "STOP: back-up buffer contents inconsistent (no transition to RUN)" },
{ 0x4590, "STOP caused by overloading the internal functions" },
{ 0x45D5, "LINK-UP rejected due to mismatched CPU memory configuration of the sub-PLC" },
{ 0x45D6, "LINK-UP rejected due to mismatched system program of the sub-PLC" },
{ 0x45D8, "DEFECTIVE: hardware fault detected due to other error" },
{ 0x45D9, "STOP due to SYNC module error" },
{ 0x45DA, "STOP due to synchronization error between H CPUs" },
{ 0x45DD, "LINK-UP rejected due to running test or other online functions" },
{ 0x4926, "DEFECTIVE: failure of the watchdog for I/O access" },
{ 0x4931, "STOP or DEFECTIVE: memory test error in memory submodule" },
{ 0x4933, "Checksum error" },
{ 0x4934, "DEFECTIVE: memory not available" },
{ 0x4935, "DEFECTIVE: cancelled by watchdog/processor exceptions" },
{ 0x4949, "STOP caused by continuous hardware interrupt" },
{ 0x494D, "STOP caused by I/O error" },
{ 0x494E, "STOP caused by power failure" },
{ 0x494F, "STOP caused by configuration error" },
{ 0x4959, "One or more modules not ready for operation" },
{ 0x497C, "STOP caused by integrated technology" },
{ 0x49A0, "STOP caused by parameter assignment error or non-permissible variation of setpoint and actual extension: Start-up blocked" },
{ 0x49A1, "STOP caused by parameter assignment error: memory reset request" },
{ 0x49A2, "STOP caused by error in parameter modification: startup disabled" },
{ 0x49A3, "STOP caused by error in parameter modification: memory reset request" },
{ 0x49A4, "STOP: inconsistency in configuration data" },
{ 0x49A5, "STOP: distributed I/Os: inconsistency in the loaded configuration information" },
{ 0x49A6, "STOP: distributed I/Os: invalid configuration information" },
{ 0x49A7, "STOP: distributed I/Os: no configuration information" },
{ 0x49A8, "STOP: error indicated by the interface module for the distributed I/Os" },
{ 0x49B1, "Firmware update data incorrect" },
{ 0x49B2, "Firmware update: hardware version does not match firmware" },
{ 0x49B3, "Firmware update: module type does not match firmware" },
{ 0x49D0, "LINK-UP aborted due to violation of coordination rules" },
{ 0x49D1, "LINK-UP/UPDATE sequence aborted" },
{ 0x49D2, "Standby CPU changed to STOP due to STOP on the master CPU during link-up" },
{ 0x49D4, "STOP on a master, since partner CPU is also a master (link-up error)" },
{ 0x49D7, "LINK-UP rejected due to change in user program or in configuration" },
{ 0x510F, "A problem as occurred with WinLC. This problem has caused the CPU to go into STOP mode or has caused a fault in the CPU" },
{ 0x530D, "New startup information in the STOP mode" },
{ 0x5311, "Startup despite Not Ready message from module(s)" },
{ 0x5371, "Distributed I/Os: end of the synchronization with a DP master" },
{ 0x5380, "Diagnostic buffer entries of interrupt and asynchronous errors disabled" },
{ 0x5395, "Distributed I/Os: reset of a DP master" },
{ 0x53A2, "Download of technology firmware successful" },
{ 0x53A4, "Download of technology DB not successful" },
{ 0x53FF, "Reset to factory setting" },
{ 0x5445, "Start of System reconfiguration in RUN mode" },
{ 0x5481, "All licenses for runtime software are complete again" },
{ 0x5498, "No more inconsistency with DP master systems due to CiR" },
{ 0x5545, "Start of System reconfiguration in RUN mode" },
{ 0x5581, "One or several licenses for runtime software are missing" },
{ 0x558A, "Difference between the MLFB of the configured and inserted CPU" },
{ 0x558B, "Difference in the firmware version of the configured and inserted CPU" },
{ 0x5598, "Start of possible inconsistency with DP master systems due to CiR" },
{ 0x55A5, "Version conflict: internal interface with integrated technology" },
{ 0x55A6, "The maximum number of technology objects has been exceeded" },
{ 0x55A7, "A technology DB of this type is already present" },
{ 0x5879, "Diagnostic message from DP interface: EXTF LED off" },
{ 0x5960, "Parameter assignment error when switching" },
{ 0x5961, "Parameter assignment error" },
{ 0x5962, "Parameter assignment error preventing startup" },
{ 0x5963, "Parameter assignment error with memory reset request" },
{ 0x5966, "Parameter assignment error when switching" },
{ 0x5969, "Parameter assignment error with startup blocked" },
{ 0x596A, "PROFINET IO: IP address of an IO device already present" },
{ 0x596B, "IP address of an Ethernet interface already exists" },
{ 0x596C, "Name of an Ethernet interface already exists" },
{ 0x596D, "The existing network configuration does not mach the system requirements or configuration" },
{ 0x5979, "Diagnostic message from DP interface: EXTF LED on" },
{ 0x597C, "DP Global Control command failed or moved" },
{ 0x597C, "DP command Global Control failure or moved" },
{ 0x59A0, "The interrupt can not be associated in the CPU" },
{ 0x59A1, "Configuration error in the integrated technology" },
{ 0x59A3, "Error when downloading the integrated technology" },
{ 0x6253, "Firmware update: End of firmware download over the network" },
{ 0x6316, "Interface error when starting programmable controller" },
{ 0x6353, "Firmware update: Start of firmware download over the network" },
{ 0x6390, "Formatting of Micro Memory Card complete" },
{ 0x6500, "Connection ID exists twice on module" },
{ 0x6501, "Connection resources inadequate" },
{ 0x6502, "Error in the connection description" },
{ 0x6510, "CFB structure error detected in instance DB when evaluating EPROM" },
{ 0x6514, "GD packet number exists twice on the module" },
{ 0x6515, "Inconsistent length specifications in GD configuration information" },
{ 0x6521, "No memory submodule and no internal memory available" },
{ 0x6522, "Illegal memory submodule: replace submodule and reset memory" },
{ 0x6523, "Memory reset request due to error accessing submodule" },
{ 0x6524, "Memory reset request due to error in block header" },
{ 0x6526, "Memory reset request due to memory replacement" },
{ 0x6527, "Memory replaced, therefore restart not possible" },
{ 0x6528, "Object handling function in the STOP/HOLD mode, no restart possible" },
{ 0x6529, "No startup possible during the \"load user program\" function" },
{ 0x652A, "No startup because block exists twice in user memory" },
{ 0x652B, "No startup because block is too long for submodule - replace submodule" },
{ 0x652C, "No startup due to illegal OB on submodule" },
{ 0x6532, "No startup because illegal configuration information on submodule" },
{ 0x6533, "Memory reset request because of invalid submodule content" },
{ 0x6534, "No startup: block exists more than once on submodule" },
{ 0x6535, "No startup: not enough memory to transfer block from submodule" },
{ 0x6536, "No startup: submodule contains an illegal block number" },
{ 0x6537, "No startup: submodule contains a block with an illegal length" },
{ 0x6538, "Local data or write-protection ID (for DB) of a block illegal for CPU" },
{ 0x6539, "Illegal command in block (detected by compiler)" },
{ 0x653A, "Memory reset request because local OB data on submodule too short" },
{ 0x6543, "No startup: illegal block type" },
{ 0x6544, "No startup: attribute \"relevant for processing\" illegal" },
{ 0x6545, "Source language illegal" },
{ 0x6546, "Maximum amount of configuration information reached" },
{ 0x6547, "Parameter assignment error assigning parameters to modules (not on P bus, cancel download)" },
{ 0x6548, "Plausibility error during block check" },
{ 0x6549, "Structure error in block" },
{ 0x6550, "A block has an error in the CRC" },
{ 0x6551, "A block has no CRC" },
{ 0x6560, "SCAN overflow" },
{ 0x6805, "Resource problem on configured connections, eliminated" },
{ 0x6881, "Interface error leaving state" },
{ 0x6905, "Resource problem on configured connections" },
{ 0x6981, "Interface error entering state" },
{ 0x72A2, "Failure of a DP master or a DP master system" },
{ 0x72A3, "Redundancy restored on the DP slave" },
{ 0x72DB, "Safety program: safety mode disabled" },
{ 0x72E0, "Loss of redundancy in communication, problem eliminated" },
{ 0x7301, "Loss of redundancy (1 of 2) due to failure of a CPU" },
{ 0x7302, "Loss of redundancy (1 of 2) due to STOP on the standby triggered by user" },
{ 0x7303, "H system (1 of 2) changed to redundant mode" },
{ 0x7323, "Discrepancy found in operating system data" },
{ 0x7331, "Standby-master switchover due to master failure" },
{ 0x7333, "Standby-master switchover due to system modification during runtime" },
{ 0x7334, "Standby-master switchover due to communication error at the synchronization module" },
{ 0x7340, "Synchronization error in user program due to elapsed wait time" },
{ 0x7341, "Synchronization error in user program due to waiting at different synchronization points" },
{ 0x7342, "Synchronization error in operating system due to waiting at different synchronization points" },
{ 0x7343, "Synchronization error in operating system due to elapsed wait time" },
{ 0x7344, "Synchronization error in operating system due to incorrect data" },
{ 0x734A, "The \"Re-enable\" job triggered by SFC 90 \"H_CTRL\" was executed" },
{ 0x73A3, "Loss of redundancy on the DP slave" },
{ 0x73C1, "Update process canceled" },
{ 0x73C2, "Updating aborted due to monitoring time being exceeded during the n-th attempt (1 = n = max. possible number of update attempts after abort due to excessive monitoring time)" },
{ 0x73D8, "Safety mode disabled" },
{ 0x73DB, "Safety program: safety mode enabled" },
{ 0x73E0, "Loss of redundancy in communication" },
{ 0x74DD, "Safety program: Shutdown of a fail-save runtime group disabled" },
{ 0x74DE, "Safety program: Shutdown of the F program disabled" },
{ 0x74DF, "Start of F program initialization" },
{ 0x7520, "Error in RAM comparison" },
{ 0x7521, "Error in comparison of process image output value" },
{ 0x7522, "Error in comparison of memory bits, timers, or counters" },
{ 0x75D1, "Safety program: Internal CPU error" },
{ 0x75D2, "Safety program error: Cycle time time-out" },
{ 0x75D6, "Data corrupted in safety program prior to the output to F I/O" },
{ 0x75D7, "Data corrupted in safety program prior to the output to partner F-CPU" },
{ 0x75D9, "Invalid REAL number in a DB" },
{ 0x75DA, "Safety program: Error in safety data format" },
{ 0x75DC, "Runtime group, internal protocol error" },
{ 0x75DD, "Safety program: Shutdown of a fail-save runtime group enabled" },
{ 0x75DE, "Safety program: Shutdown of the F program enabled" },
{ 0x75DF, "End of F program initialization" },
{ 0x75E1, "Safety program: Error in FB \"F_PLK\" or \"F_PLK_O\" or \"F_CYC_CO\" or \"F_TEST\" or \"F_TESTC\"" },
{ 0x75E2, "Safety program: Area length error" },
{ 0x7852, "SYNC module inserted" },
{ 0x7855, "SYNC module eliminated" },
{ 0x78D3, "Communication error between PROFIsafe and F I/O" },
{ 0x78D4, "Error in safety relevant communication between F CPUs" },
{ 0x78D5, "Error in safety relevant communication between F CPUs" },
{ 0x78E3, "F-I/O device input channel depassivated" },
{ 0x78E4, "F-I/O device output channel depassivated" },
{ 0x78E5, "F-I/O device depassivated" },
{ 0x7934, "Standby-master switchover due to connection problem at the SYNC module" },
{ 0x7950, "Synchronization module missing" },
{ 0x7951, "Change at the SYNC module without Power On" },
{ 0x7952, "SYNC module removed" },
{ 0x7953, "Change at the SYNC-module without reset" },
{ 0x7954, "SYNC module: rack number assigned twice" },
{ 0x7955, "SYNC module error" },
{ 0x7956, "Illegal rack number set on SYNC module" },
{ 0x7960, "Redundant I/O: Time-out of discrepancy time at digital input, error is not yet localized" },
{ 0x7961, "Redundant I/O, digital input error: Signal change after expiration of the discrepancy time" },
{ 0x7962, "Redundant I/O: Digital input error" },
{ 0x796F, "Redundant I/O: The I/O was globally disabled" },
{ 0x7970, "Redundant I/O: Digital output error" },
{ 0x7980, "Redundant I/O: Time-out of discrepancy time at analog input" },
{ 0x7981, "Redundant I/O: Analog input error" },
{ 0x7990, "Redundant I/O: Analog output error" },
{ 0x79D3, "Communication error between PROFIsafe and F I/O" },
{ 0x79D4, "Error in safety relevant communication between F CPUs" },
{ 0x79D5, "Error in safety relevant communication between F CPUs" },
{ 0x79E3, "F-I/O device input channel passivated" },
{ 0x79E4, "F-I/O device output channel passivated" },
{ 0x79E5, "F-I/O device passivated" },
{ 0x79E6, "Inconsistent safety program" },
{ 0x79E7, "Simulation block (F system block) loaded" },
{ 0, NULL }
};
static value_string_ext cpu_diag_eventid_fix_names_ext = VALUE_STRING_EXT_INIT(cpu_diag_eventid_fix_names);
static const value_string cpu_diag_eventid_0x8_0x9_names[] = {
{ 0x8000, "Module fault/OK" },
{ 0x8001, "Internal error" },
{ 0x8002, "External error" },
{ 0x8003, "Channel error" },
{ 0x8004, "No external auxiliary voltage" },
{ 0x8005, "No front connector" },
{ 0x8006, "No parameter assignment" },
{ 0x8007, "Incorrect parameters in module" },
{ 0x8030, "User submodule incorrect/not found" },
{ 0x8031, "Communication problem" },
{ 0x8032, "Operating mode: RUN/STOP (STOP: entering state, RUN: leaving state)" },
{ 0x8033, "Time monitoring responded (watchdog)" },
{ 0x8034, "Internal module power failure" },
{ 0x8035, "BATTF: battery exhausted" },
{ 0x8036, "Total backup failed" },
{ 0x8040, "Expansion rack failed" },
{ 0x8041, "Processor failure" },
{ 0x8042, "EPROM error" },
{ 0x8043, "RAM error" },
{ 0x8044, "ADC/DAC error" },
{ 0x8045, "Fuse blown" },
{ 0x8046, "Hardware interrupt lost Any" },
{ 0x8050, "Configuration/parameter assignment error" },
{ 0x8051, "Common mode error" },
{ 0x8052, "Short circuit to phase" },
{ 0x8053, "Short circuit to ground" },
{ 0x8054, "Wire break" },
{ 0x8055, "Reference channel error" },
{ 0x8056, "Below measuring range" },
{ 0x8057, "Above measuring range Analog input" },
{ 0x8060, "Configuration/parameter assignment error" },
{ 0x8061, "Common mode error" },
{ 0x8062, "Short circuit to phase" },
{ 0x8063, "Short circuit to ground" },
{ 0x8064, "Wire break" },
{ 0x8066, "No load voltage" },
{ 0x8070, "Configuration/parameter assignment error" },
{ 0x8071, "Chassis ground fault" },
{ 0x8072, "Short circuit to phase (sensor)" },
{ 0x8073, "Short circuit to ground (sensor)" },
{ 0x8074, "Wire break" },
{ 0x8075, "No sensor power supply Digital input" },
{ 0x8080, "Configuration/parameter assignment error" },
{ 0x8081, "Chassis ground fault" },
{ 0x8082, "Short circuit to phase" },
{ 0x8083, "Short circuit to ground" },
{ 0x8084, "Wire break" },
{ 0x8085, "Fuse tripped" },
{ 0x8086, "No load voltage" },
{ 0x8087, "Excess temperature Digital output" },
{ 0x80B0, "Counter module, signal A faulty" },
{ 0x80B1, "Counter module, signal B faulty" },
{ 0x80B2, "Counter module, signal N faulty" },
{ 0x80B3, "Counter module, incorrect value passed between the channels" },
{ 0x80B4, "Counter module, 5.2 V sensor supply faulty" },
{ 0x80B5, "Counter module, 24 V sensor supply faulty" },
{ 0x9001, "Automatic/Manual mode (coming=man,going=auto)" },
{ 0x9002, "OPEN/CLOSED, ON/OFF" },
{ 0x9003, "Manual command enable" },
{ 0x9004, "Unit protective command (OPEN/CLOSED)" },
{ 0x9005, "Process enable" },
{ 0x9006, "System protection command" },
{ 0x9007, "Process value monitoring responded" },
{ 0x9008, "Manipulated variable monitoring responded" },
{ 0x9009, "System deviation greater than permitted" },
{ 0x900A, "Limit position error" },
{ 0x900B, "Runtime error" },
{ 0x900C, "Command execution error (sequencer)" },
{ 0x900D, "Operating status running > OPEN" },
{ 0x900E, "Operating status running > CLOSED" },
{ 0x900F, "Command blocking" },
{ 0x9011, "Process status OPEN/ON" },
{ 0x9012, "Process status CLOSED/OFF" },
{ 0x9013, "Process status intermediate position" },
{ 0x9014, "Process status ON via AUTO" },
{ 0x9015, "Process status ON via manual" },
{ 0x9016, "Process status ON via protective command" },
{ 0x9017, "Process status OFF via AUTO" },
{ 0x9018, "Process status OFF via manual" },
{ 0x9019, "Process status OFF via protective command" },
{ 0x9021, "Function error on approach" },
{ 0x9022, "Function error on leaving" },
{ 0x9031, "Actuator (DE/WE) limit position OPEN" },
{ 0x9032, "Actuator (DE/WE) limit position not OPEN" },
{ 0x9033, "Actuator (DE/WE) limit position CLOSED" },
{ 0x9034, "Actuator (DE/WE) limit position not CLOSED" },
{ 0x9041, "Illegal status, tolerance time elapsed" },
{ 0x9042, "Illegal status, tolerance time not elapsed" },
{ 0x9043, "Interlock error, tolerance time = 0" },
{ 0x9044, "Interlock error, tolerance time > 0" },
{ 0x9045, "No reaction" },
{ 0x9046, "Final status exited illegally, tolerance time = 0" },
{ 0x9047, "Final status exited illegally, tolerance time > 0" },
{ 0x9050, "Upper limit of signal range USR" },
{ 0x9051, "Upper limit of measuring range UMR" },
{ 0x9052, "Lower limit of signal range LSR" },
{ 0x9053, "Lower limit of measuring range LMR" },
{ 0x9054, "Upper alarm limit UAL" },
{ 0x9055, "Upper warning limit UWL" },
{ 0x9056, "Upper tolerance limit UTL" },
{ 0x9057, "Lower tolerance limit LTL" },
{ 0x9058, "Lower warning limit LWL" },
{ 0x9059, "Lower alarm limit LAL" },
{ 0x9060, "GRAPH7 step entering/leaving" },
{ 0x9061, "GRAPH7 interlock error" },
{ 0x9062, "GRAPH7 execution error" },
{ 0x9063, "GRAPH7 error noted" },
{ 0x9064, "GRAPH7 error acknowledged" },
{ 0x9070, "Trend exceeded in positive direction" },
{ 0x9071, "Trend exceeded in negative direction" },
{ 0x9072, "No reaction" },
{ 0x9073, "Final state exited illegally" },
{ 0x9080, "Limit value exceeded, tolerance time = 0" },
{ 0x9081, "Limit value exceeded, tolerance time > 0" },
{ 0x9082, "Below limit value, tolerance time = 0" },
{ 0x9083, "Below limit value, tolerance time > 0" },
{ 0x9084, "Gradient exceeded, tolerance time = 0" },
{ 0x9085, "Gradient exceeded, tolerance time > 0" },
{ 0x9086, "Below gradient, tolerance time = 0" },
{ 0x9087, "Below gradient, tolerance time > 0" },
{ 0x9090, "User parameter assignment error entering/leaving" },
{ 0x90F0, "Overflow" },
{ 0x90F1, "Underflow" },
{ 0x90F2, "Division by 0" },
{ 0x90F3, "Illegal calculation operation" },
{ 0, NULL }
};
static value_string_ext cpu_diag_eventid_0x8_0x9_names_ext = VALUE_STRING_EXT_INIT(cpu_diag_eventid_0x8_0x9_names);
/**************************************************************************
* Type of alarmquery in alarm query request
*/
#define S7COMM_ALARM_MESSAGE_QUERYTYPE_BYALARMTYPE 1
#define S7COMM_ALARM_MESSAGE_QUERYTYPE_BYEVENTID 3
static const value_string alarm_message_querytype_names[] = {
{ S7COMM_ALARM_MESSAGE_QUERYTYPE_BYALARMTYPE, "ByAlarmtype" },
{ S7COMM_ALARM_MESSAGE_QUERYTYPE_BYEVENTID, "ByEventID" },
{ 0, NULL }
};
/**************************************************************************
* Alarmtype in alarm query
*/
#define S7COMM_ALARM_MESSAGE_QUERY_ALARMTYPE_SCAN 1
#define S7COMM_ALARM_MESSAGE_QUERY_ALARMTYPE_ALARM_8 2
#define S7COMM_ALARM_MESSAGE_QUERY_ALARMTYPE_ALARM_S 4
static const value_string alarm_message_query_alarmtype_names[] = {
{ S7COMM_ALARM_MESSAGE_QUERY_ALARMTYPE_SCAN, "SCAN" },
{ S7COMM_ALARM_MESSAGE_QUERY_ALARMTYPE_ALARM_8, "ALARM_8" },
{ S7COMM_ALARM_MESSAGE_QUERY_ALARMTYPE_ALARM_S, "ALARM_S" },
{ 0, NULL }
};
/* CPU message service */
static gint hf_s7comm_cpu_msgservice_subscribe_events = -1;
static gint hf_s7comm_cpu_msgservice_subscribe_events_modetrans = -1;
static gint hf_s7comm_cpu_msgservice_subscribe_events_system = -1;
static gint hf_s7comm_cpu_msgservice_subscribe_events_userdefined = -1;
static gint hf_s7comm_cpu_msgservice_subscribe_events_alarms = -1;
static gint ett_s7comm_cpu_msgservice_subscribe_events = -1;
static const int *s7comm_cpu_msgservice_subscribe_events_fields[] = {
&hf_s7comm_cpu_msgservice_subscribe_events_modetrans,
&hf_s7comm_cpu_msgservice_subscribe_events_system,
&hf_s7comm_cpu_msgservice_subscribe_events_userdefined,
&hf_s7comm_cpu_msgservice_subscribe_events_alarms,
NULL
};
static gint hf_s7comm_cpu_msgservice_req_reserved1 = -1;
static gint hf_s7comm_cpu_msgservice_username = -1;
static gint hf_s7comm_cpu_msgservice_almtype = -1;
static gint hf_s7comm_cpu_msgservice_req_reserved2 = -1;
static gint hf_s7comm_cpu_msgservice_res_result = -1;
static gint hf_s7comm_cpu_msgservice_res_reserved1 = -1;
static gint hf_s7comm_cpu_msgservice_res_reserved2 = -1;
static gint hf_s7comm_cpu_msgservice_res_reserved3 = -1;
static const value_string cpu_msgservice_almtype_names[] = {
{ 0, "SCAN_ABORT" },
{ 1, "SCAN_INITIATE" },
{ 4, "ALARM_ABORT" },
{ 5, "ALARM_INITIATE" },
{ 8, "ALARM_S_ABORT" },
{ 9, "ALARM_S_INITIATE" },
{ 0, NULL }
};
static gint hf_s7comm_modetrans_param_subfunc = -1;
static const value_string modetrans_param_subfunc_names[] = {
{ 0, "STOP" },
{ 1, "Warm Restart" },
{ 2, "RUN" },
{ 3, "Hot Restart" },
{ 4, "HOLD" },
{ 6, "Cold Restart" },
{ 9, "RUN_R (H-System redundant)" },
{ 11, "LINK-UP" },
{ 12, "UPDATE" },
{ 0, NULL }
};
/* These are the ids of the subtrees that we are creating */
static gint ett_s7comm = -1; /* S7 communication tree, parent of all other subtree */
static gint ett_s7comm_header = -1; /* Subtree for header block */
static gint ett_s7comm_param = -1; /* Subtree for parameter block */
static gint ett_s7comm_param_item = -1; /* Subtree for items in parameter block */
static gint ett_s7comm_param_subitem = -1; /* Subtree for subitems under items in parameter block */
static gint ett_s7comm_data = -1; /* Subtree for data block */
static gint ett_s7comm_data_item = -1; /* Subtree for an item in data block */
static gint ett_s7comm_item_address = -1; /* Subtree for an address (byte/bit) */
static gint ett_s7comm_cpu_alarm_message = -1; /* Subtree for an alarm message */
static gint ett_s7comm_cpu_alarm_message_object = -1; /* Subtree for an alarm message block*/
static gint ett_s7comm_cpu_alarm_message_timestamp = -1; /* Subtree for an alarm message timestamp */
static gint ett_s7comm_cpu_alarm_message_associated_value = -1; /* Subtree for an alarm message associated value */
static gint ett_s7comm_cpu_diag_msg = -1; /* Subtree for a CPU diagnostic message */
static const char mon_names[][4] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
/*******************************************************************************************************
*
* Converts a siemens special timestamp to a string of 25+1 bytes length (e.g. "Apr 15, 2009 12:49:30.520").
* The timestamp is 6 bytes long, one word is the number of days since 1.1.1984, and 4 bytes milliseconds of the day
*
*******************************************************************************************************/
static void
s7comm_get_timestring_from_s7time(tvbuff_t *tvb, guint offset, char *str, gint max)
{
guint16 days;
guint32 day_msec;
struct tm *mt;
time_t t;
day_msec = tvb_get_ntohl(tvb, offset);
days = tvb_get_ntohs(tvb, offset + 4);
t = 441763200L; /* 1.1.1984 00:00:00 */
t += (guint32)days * (24*60*60);
t += day_msec / 1000;
mt = gmtime(&t);
str[0] = '\0';
if (mt != NULL) {
g_snprintf(str, max, "%s %2d, %d %02d:%02d:%02d.%03d", mon_names[mt->tm_mon], mt->tm_mday,
mt->tm_year + 1900, mt->tm_hour, mt->tm_min, mt->tm_sec, day_msec % 1000);
}
}
/*******************************************************************************************************
*
* Helper for time functions
* Get int from bcd
*
*******************************************************************************************************/
static guint8
s7comm_guint8_from_bcd(guint8 i)
{
return 10 * (i /16) + (i % 16);
}
/*******************************************************************************************************
*
* Helper for time functions
* Add a BCD coded timestamp (10/8 Bytes length) to tree
*
*******************************************************************************************************/
static guint32
s7comm_add_timestamp_to_tree(tvbuff_t *tvb,
proto_tree *tree,
guint32 offset,
gboolean append_text,
gboolean has_ten_bytes) /* if this is false the [0] reserved and [1] year bytes are missing */
{
guint8 timestamp[10];
guint8 i;
guint8 tmp;
guint8 year_org;
guint16 msec;
nstime_t tv;
proto_item *item = NULL;
proto_item *time_tree = NULL;
struct tm mt;
int timestamp_size = 10;
if (has_ten_bytes) {
/* The low nibble of byte 10 is weekday, the high nibble the LSD of msec */
for (i = 0; i < 9; i++) {
timestamp[i] = s7comm_guint8_from_bcd(tvb_get_guint8(tvb, offset + i));
}
tmp = tvb_get_guint8(tvb, offset + 9) >> 4;
} else {
/* this is a 8 byte timestamp, where the reserved and the year byte is missing */
timestamp_size = 8;
timestamp[0] = 0;
timestamp[1] = 19; /* start with 19.., will be corrected later */
for (i = 0; i < 7; i++) {
timestamp[i + 2] = s7comm_guint8_from_bcd(tvb_get_guint8(tvb, offset + i));
}
tmp = tvb_get_guint8(tvb, offset + 7) >> 4;
}
timestamp[9] = s7comm_guint8_from_bcd(tmp);
msec = (guint16)timestamp[8] * 10 + (guint16)timestamp[9];
year_org = timestamp[1];
/* year special: ignore the first byte, since some cpus give 1914 for 2014
* if second byte is below 89, it's 2000..2089, if over 90 it's 1990..1999
*/
if (timestamp[2] < 89) {
timestamp[1] = 20;
}
/* convert time to nstime_t */
mt.tm_year = (timestamp[1] * 100 + timestamp[2]) - 1900;
mt.tm_mon = timestamp[3] - 1;
mt.tm_mday = timestamp[4];
mt.tm_hour = timestamp[5];
mt.tm_min = timestamp[6];
mt.tm_sec = timestamp[7];
mt.tm_isdst = -1;
tv.secs = mktime(&mt);
tv.nsecs = msec * 1000000;
item = proto_tree_add_time_format(tree, hf_s7comm_data_ts, tvb, offset, timestamp_size, &tv,
"S7 Timestamp: %s %2d, %d %02d:%02d:%02d.%03d", mon_names[mt.tm_mon], mt.tm_mday,
mt.tm_year + 1900, mt.tm_hour, mt.tm_min, mt.tm_sec,
msec);
time_tree = proto_item_add_subtree(item, ett_s7comm_data_item);
/* timefunction: s7 timestamp */
if (has_ten_bytes) {
proto_tree_add_uint(time_tree, hf_s7comm_data_ts_reserved, tvb, offset, 1, timestamp[0]);
offset += 1;
proto_tree_add_uint(time_tree, hf_s7comm_data_ts_year1, tvb, offset, 1, year_org);
offset += 1;
}
proto_tree_add_uint(time_tree, hf_s7comm_data_ts_year2, tvb, offset, 1, timestamp[2]);
offset += 1;
proto_tree_add_uint(time_tree, hf_s7comm_data_ts_month, tvb, offset, 1, timestamp[3]);
offset += 1;
proto_tree_add_uint(time_tree, hf_s7comm_data_ts_day, tvb, offset, 1, timestamp[4]);
offset += 1;
proto_tree_add_uint(time_tree, hf_s7comm_data_ts_hour, tvb, offset, 1, timestamp[5]);
offset += 1;
proto_tree_add_uint(time_tree, hf_s7comm_data_ts_minute, tvb, offset, 1, timestamp[6]);
offset += 1;
proto_tree_add_uint(time_tree, hf_s7comm_data_ts_second, tvb, offset, 1, timestamp[7]);
offset += 1;
proto_tree_add_uint(time_tree, hf_s7comm_data_ts_millisecond, tvb, offset, 2, msec);
proto_tree_add_item(time_tree, hf_s7comm_data_ts_weekday, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
if (append_text == TRUE) {
proto_item_append_text(tree, "(Timestamp: %s %2d, %d %02d:%02d:%02d.%03d)", mon_names[mt.tm_mon], mt.tm_mday,
mt.tm_year + 1900, mt.tm_hour, mt.tm_min, mt.tm_sec,
msec);
}
return offset;
}
/*******************************************************************************************************
*
* Generate a comma separated string for registerflags
*
*******************************************************************************************************/
static void
make_registerflag_string(gchar *str, guint8 flags, gint max)
{
g_strlcpy(str, "", max);
if (flags & 0x01) g_strlcat(str, "STW, ", max);
if (flags & 0x02) g_strlcat(str, "ACCU1, ", max);
if (flags & 0x04) g_strlcat(str, "ACCU2, ", max);
if (flags & 0x08) g_strlcat(str, "AR1, ", max);
if (flags & 0x10) g_strlcat(str, "AR2, ", max);
if (flags & 0x20) g_strlcat(str, "DB1, ", max);
if (flags & 0x40) g_strlcat(str, "DB2, ", max);
if (strlen(str) > 2)
str[strlen(str) - 2 ] = '\0';
}
/*******************************************************************************************************
*
* Addressdefinition for Syntax ID S7-ANY (Step 7 Classic 300/400 or 1200/1500 not optimized)
* type == 0x12, length == 10, syntax-ID == 0x10
*
*******************************************************************************************************/
static guint32
s7comm_syntaxid_s7any(tvbuff_t *tvb,
guint32 offset,
proto_tree *tree)
{
guint32 t_size = 0;
guint32 len = 0;
guint32 db = 0;
guint32 area = 0;
guint32 a_address = 0;
guint32 bytepos = 0;
guint32 bitpos = 0;
proto_item *address_item = NULL;
proto_tree *address_item_tree = NULL;
/* Transport size, 1 byte */
proto_tree_add_item_ret_uint(tree, hf_s7comm_item_transport_size, tvb, offset, 1, ENC_BIG_ENDIAN, &t_size);
offset += 1;
/* Length, 2 bytes */
proto_tree_add_item_ret_uint(tree, hf_s7comm_item_length, tvb, offset, 2, ENC_BIG_ENDIAN, &len);
offset += 2;
/* DB number, 2 bytes */
proto_tree_add_item_ret_uint(tree, hf_s7comm_item_db, tvb, offset, 2, ENC_BIG_ENDIAN, &db);
offset += 2;
/* Area, 1 byte */
proto_tree_add_item_ret_uint(tree, hf_s7comm_item_area, tvb, offset, 1, ENC_BIG_ENDIAN, &area);
offset += 1;
/* Address, 3 bytes */
address_item = proto_tree_add_item_ret_uint(tree, hf_s7comm_item_address, tvb, offset, 3, ENC_BIG_ENDIAN, &a_address);
address_item_tree = proto_item_add_subtree(address_item, ett_s7comm_item_address);
bytepos = a_address / 8;
bitpos = a_address % 8;
/* build a full address to show item data directly beside the item */
proto_item_append_text(tree, " (%s", val_to_str(area, item_areanames_short, "unknown area 0x%02x"));
if (area == S7COMM_AREA_TIMER || area == S7COMM_AREA_COUNTER) {
proto_item_append_text(tree, " %d)", a_address);
proto_tree_add_uint(address_item_tree, hf_s7comm_item_address_nr, tvb, offset, 3, a_address);
} else {
proto_tree_add_uint(address_item_tree, hf_s7comm_item_address_byte, tvb, offset, 3, a_address);
proto_tree_add_uint(address_item_tree, hf_s7comm_item_address_bit, tvb, offset, 3, a_address);
if (area == S7COMM_AREA_DB) {
proto_item_append_text(tree, " %d.DBX", db);
} else if (area == S7COMM_AREA_DI) {
proto_item_append_text(tree, " %d.DIX", db);
}
proto_item_append_text(tree, " %d.%d %s %d)",
bytepos, bitpos, val_to_str(t_size, item_transportsizenames, "Unknown transport size: 0x%02x"), len);
}
offset += 3;
return offset;
}
/*******************************************************************************************************
*
* Addressdefinition to read a DB area (S7-400 special)
* type == 0x12, length >= 7, syntax-ID == 0xb0
*
*******************************************************************************************************/
static guint32
s7comm_syntaxid_dbread(tvbuff_t *tvb,
guint32 offset,
proto_tree *tree)
{
guint32 number_of_areas = 0;
guint32 len = 0;
guint32 db = 0;
guint32 bytepos = 0;
guint32 i;
proto_item *sub_item = NULL;
proto_tree *sub_item_tree = NULL;
proto_tree_add_item_ret_uint(tree, hf_s7comm_item_dbread_numareas, tvb, offset, 1, ENC_BIG_ENDIAN, &number_of_areas);
proto_item_append_text(tree, " (%d Data-Areas of Syntax-Id DBREAD)", number_of_areas);
offset += 1;
for (i = 0; i < number_of_areas; i++) {
sub_item = proto_tree_add_item(tree, hf_s7comm_param_subitem, tvb, offset, 5, ENC_NA);
sub_item_tree = proto_item_add_subtree(sub_item, ett_s7comm_param_subitem);
proto_tree_add_item_ret_uint(sub_item_tree, hf_s7comm_item_dbread_length, tvb, offset, 1, ENC_BIG_ENDIAN, &len);
offset += 1;
proto_tree_add_item_ret_uint(sub_item_tree, hf_s7comm_item_dbread_db, tvb, offset, 2, ENC_BIG_ENDIAN, &db);
offset += 2;
proto_tree_add_item_ret_uint(sub_item_tree, hf_s7comm_item_dbread_startadr, tvb, offset, 2, ENC_BIG_ENDIAN, &bytepos);
offset += 2;
/* Display in pseudo S7-Any Format */
proto_item_append_text(sub_item, " [%d]: (DB%d.DBB %d BYTE %d)", i+1, db, bytepos, len);
}
return offset;
}
/*******************************************************************************************************
*
* Addressdefinition for TIA S7 1200 symbolic address mode
* type == 0x12, length >= 14, syntax-ID == 0xb2
*
*******************************************************************************************************/
static guint32
s7comm_syntaxid_1200sym(tvbuff_t *tvb,
guint32 offset,
proto_tree *tree,
guint8 var_spec_length)
{
guint32 tia_var_area1 = 0;
guint32 tia_var_area2 = 0;
guint8 tia_lid_flags = 0;
guint32 tia_value = 0;
guint16 i;
proto_item *sub_item = NULL;
proto_tree *sub_item_tree = NULL;
proto_item_append_text(tree, " 1200 symbolic address");
/* first byte in address seems always to be 0xff */
proto_tree_add_item(tree, hf_s7comm_tia1200_item_reserved1, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
/* When Bytes 2/3 == 0, then Bytes 4/5 defines the area as known from classic 300/400 address mode.
* When Bytes 2/3 == 0x8a0e then Bytes 4/5 are containing the DB number.
*/
proto_tree_add_item_ret_uint(tree, hf_s7comm_tia1200_item_area1, tvb, offset, 2, ENC_BIG_ENDIAN, &tia_var_area1);
offset += 2;
tia_var_area2 = tvb_get_ntohs(tvb, offset);
if (tia_var_area1 == S7COMM_TIA1200_VAR_ITEM_AREA1_IQMCT) {
proto_tree_add_uint(tree, hf_s7comm_tia1200_item_area2, tvb, offset, 2, tia_var_area2);
proto_item_append_text(tree, " - Accessing %s", val_to_str(tia_var_area2, tia1200_var_item_area2_names, "Unknown IQMCT Area: 0x%04x"));
offset += 2;
} else if (tia_var_area1 == S7COMM_TIA1200_VAR_ITEM_AREA1_DB) {
proto_tree_add_uint(tree, hf_s7comm_tia1200_item_dbnumber, tvb, offset, 2, tia_var_area2);
proto_item_append_text(tree, " - Accessing DB%d", tia_var_area2);
offset += 2;
} else {
/* for current unknown areas */
proto_tree_add_uint(tree, hf_s7comm_tia1200_item_area2unknown, tvb, offset, 2, tia_var_area2);
proto_item_append_text(tree, " - Unknown area specification");
offset += 2;
}
proto_tree_add_item(tree, hf_s7comm_tia1200_item_crc, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
for (i = 0; i < (var_spec_length - 10) / 4; i++) {
sub_item = proto_tree_add_item(tree, hf_s7comm_tia1200_substructure_item, tvb, offset, 4, ENC_NA);
sub_item_tree = proto_item_add_subtree(sub_item, ett_s7comm_param_subitem);
tia_lid_flags = tvb_get_guint8(tvb, offset) >> 4;
proto_tree_add_item(sub_item_tree, hf_s7comm_tia1200_var_lid_flags, tvb, offset, 1, ENC_BIG_ENDIAN);
tia_value = tvb_get_ntohl(tvb, offset) & 0x0fffffff;
proto_item_append_text(sub_item, " [%d]: %s, Value: %u", i + 1,
val_to_str(tia_lid_flags, tia1200_var_lid_flag_names, "Unknown flags: 0x%02x"),
tia_value
);
proto_tree_add_item(sub_item_tree, hf_s7comm_tia1200_item_value, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
}
return offset;
}
/*******************************************************************************************************
*
* Addressdefinition for Sinumeric NCK access
* type == 0x12, length == 8, syntax-ID == 0x82
*
*******************************************************************************************************/
static guint32
s7comm_syntaxid_nck(tvbuff_t *tvb,
guint32 offset,
proto_tree *tree)
{
guint32 area = 0;
guint32 nck_area = 0;
guint32 nck_unit = 0;
guint32 nck_column = 0;
guint32 nck_line = 0;
guint32 nck_module = 0;
proto_tree_add_item_ret_uint(tree, hf_s7comm_item_nck_areaunit, tvb, offset, 1, ENC_BIG_ENDIAN, &area);
nck_area = area >> 5;
nck_unit = area & 0x1f;
proto_tree_add_item(tree, hf_s7comm_item_nck_area, tvb, offset, 1, ENC_BIG_ENDIAN);
proto_tree_add_item(tree, hf_s7comm_item_nck_unit, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item_ret_uint(tree, hf_s7comm_item_nck_column, tvb, offset, 2, ENC_BIG_ENDIAN, &nck_column);
offset += 2;
proto_tree_add_item_ret_uint(tree, hf_s7comm_item_nck_line, tvb, offset, 2, ENC_BIG_ENDIAN, &nck_line);
offset += 2;
proto_tree_add_item_ret_uint(tree, hf_s7comm_item_nck_module, tvb, offset, 1, ENC_BIG_ENDIAN, &nck_module);
offset += 1;
proto_tree_add_item(tree, hf_s7comm_item_nck_linecount, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_item_append_text(tree, " (NCK Area:%d Unit:%d Column:%d Line:%d Module:0x%02x)",
nck_area, nck_unit, nck_column, nck_line, nck_module);
return offset;
}
/*******************************************************************************************************
*
* Addressdefinition for accessing Multimaster / Sinamics frequency convertes via routing from DriveES.
* type == 0x12, length == 10, syntax-ID == 0x82
*
*******************************************************************************************************/
static guint32
s7comm_syntaxid_driveesany(tvbuff_t *tvb,
guint32 offset,
proto_tree *tree)
{
guint32 nr = 0;
guint32 idx = 0;
proto_tree_add_item(tree, hf_s7comm_item_driveesany_unknown1, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(tree, hf_s7comm_item_driveesany_unknown2, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
proto_tree_add_item(tree, hf_s7comm_item_driveesany_unknown3, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
proto_tree_add_item_ret_uint(tree, hf_s7comm_item_driveesany_parameter_nr, tvb, offset, 2, ENC_BIG_ENDIAN, &nr);
offset += 2;
proto_tree_add_item_ret_uint(tree, hf_s7comm_item_driveesany_parameter_idx, tvb, offset, 2, ENC_BIG_ENDIAN, &idx);
offset += 2;
proto_item_append_text(tree, " (DriveES Parameter: %d[%d])", nr, idx);
return offset;
}
/*******************************************************************************************************
*
* Dissect the parameter details of a read/write request (Items)
*
*******************************************************************************************************/
static guint32
s7comm_decode_param_item(tvbuff_t *tvb,
guint32 offset,
proto_tree *sub_tree,
guint8 item_no)
{
proto_item *item = NULL;
proto_tree *item_tree = NULL;
guint8 var_spec_type = 0;
guint8 var_spec_length = 0;
guint8 var_spec_syntax_id = 0;
var_spec_type = tvb_get_guint8(tvb, offset);
var_spec_length = tvb_get_guint8(tvb, offset + 1);
var_spec_syntax_id = tvb_get_guint8(tvb, offset + 2);
/* Insert a new tree for every item */
item = proto_tree_add_item(sub_tree, hf_s7comm_param_item, tvb, offset, var_spec_length + 2, ENC_NA);
item_tree = proto_item_add_subtree(item, ett_s7comm_param_item);
proto_item_append_text(item, " [%d]:", item_no + 1);
/* Item head, constant 3 bytes */
proto_tree_add_item(item_tree, hf_s7comm_item_varspec, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(item_tree, hf_s7comm_item_varspec_length, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(item_tree, hf_s7comm_item_syntax_id, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
if (var_spec_type == 0x12 && var_spec_length == 10 && var_spec_syntax_id == S7COMM_SYNTAXID_S7ANY) {
/* Step 7 Classic 300 400 */
offset = s7comm_syntaxid_s7any(tvb, offset, item_tree);
} else if (var_spec_type == 0x12 && var_spec_length >= 7 && var_spec_syntax_id == S7COMM_SYNTAXID_DBREAD) {
/* S7-400 special address mode (kind of cyclic read) */
offset = s7comm_syntaxid_dbread(tvb, offset, item_tree);
} else if (var_spec_type == 0x12 && var_spec_length >= 14 && var_spec_syntax_id == S7COMM_SYNTAXID_1200SYM) {
/* TIA S7 1200 symbolic address mode */
offset = s7comm_syntaxid_1200sym(tvb, offset, item_tree, var_spec_length);
} else if (var_spec_type == 0x12 && var_spec_length == 8 && var_spec_syntax_id == S7COMM_SYNTAXID_NCK) {
/* Sinumerik NCK access */
offset = s7comm_syntaxid_nck(tvb, offset, item_tree);
} else if (var_spec_type == 0x12 && var_spec_length == 10 && var_spec_syntax_id == S7COMM_SYNTAXID_DRIVEESANY) {
/* Accessing frequency inverter parameters (via routing) */
offset = s7comm_syntaxid_driveesany(tvb, offset, item_tree);
}
else {
/* var spec, length and syntax id are still added to tree here */
offset += var_spec_length - 1;
proto_item_append_text(item_tree, " Unknown variable specification");
}
return offset;
}
/*******************************************************************************************************
*
* Decode parameter part of a PDU for setup communication
*
*******************************************************************************************************/
static guint32
s7comm_decode_pdu_setup_communication(tvbuff_t *tvb,
proto_tree *tree,
guint32 offset)
{
proto_tree_add_item(tree, hf_s7comm_param_setup_reserved1, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(tree, hf_s7comm_param_maxamq_calling, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
proto_tree_add_item(tree, hf_s7comm_param_maxamq_called, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
proto_tree_add_item(tree, hf_s7comm_param_neg_pdu_length, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
return offset;
}
/*******************************************************************************************************
*
* PDU Type: Response -> Function Write -> Data part
*
*******************************************************************************************************/
static guint32
s7comm_decode_response_write_data(tvbuff_t *tvb,
proto_tree *tree,
guint8 item_count,
guint32 offset)
{
guint8 ret_val = 0;
guint8 i = 0;
proto_item *item = NULL;
proto_tree *item_tree = NULL;
for (i = 0; i < item_count; i++) {
ret_val = tvb_get_guint8(tvb, offset);
/* Insert a new tree for every item */
item = proto_tree_add_item(tree, hf_s7comm_data_item, tvb, offset, 1, ENC_NA);
item_tree = proto_item_add_subtree(item, ett_s7comm_data_item);
proto_item_append_text(item, " [%d]: (%s)", i+1, val_to_str(ret_val, s7comm_item_return_valuenames, "Unknown code: 0x%02x"));
proto_tree_add_uint(item_tree, hf_s7comm_data_returncode, tvb, offset, 1, ret_val);
offset += 1;
}
return offset;
}
/*******************************************************************************************************
*
* PDU Type: Response -> Function Read -> Data part
* Request -> Function Write -> Data part
*
*******************************************************************************************************/
static guint32
s7comm_decode_response_read_data(tvbuff_t *tvb,
proto_tree *tree,
guint8 item_count,
guint32 offset)
{
guint8 ret_val = 0;
guint8 tsize = 0;
guint16 len = 0, len2 = 0;
guint16 head_len = 4; /* 1 byte res-code, 1 byte transp-size, 2 bytes len */
guint8 i = 0;
proto_item *item = NULL;
proto_tree *item_tree = NULL;
/* Maybe this is only valid for Sinumerik NCK: Pre-check transport-size
* If transport size is 0x11 or 0x12, then an array with requested NCK areas will follow.
*/
tsize = tvb_get_guint8(tvb, offset + 1);
if (tsize == S7COMM_DATA_TRANSPORT_SIZE_NCKADDR1 || tsize == S7COMM_DATA_TRANSPORT_SIZE_NCKADDR2) {
proto_tree_add_item(tree, hf_s7comm_data_returncode, tvb, offset, 1, ENC_BIG_ENDIAN);
proto_tree_add_uint(tree, hf_s7comm_data_transport_size, tvb, offset + 1, 1, tsize);
offset += 2;
for (i = 0; i < item_count; i++) {
offset = s7comm_decode_param_item(tvb, offset, tree, i);
}
} else {
/* Standard */
for (i = 0; i < item_count; i++) {
ret_val = tvb_get_guint8(tvb, offset);
if (ret_val == S7COMM_ITEM_RETVAL_RESERVED ||
ret_val == S7COMM_ITEM_RETVAL_DATA_OK ||
ret_val == S7COMM_ITEM_RETVAL_DATA_ERR
) {
tsize = tvb_get_guint8(tvb, offset + 1);
len = tvb_get_ntohs(tvb, offset + 2);
/* calculate length in bytes */
if (tsize == S7COMM_DATA_TRANSPORT_SIZE_BBIT ||
tsize == S7COMM_DATA_TRANSPORT_SIZE_BBYTE ||
tsize == S7COMM_DATA_TRANSPORT_SIZE_BINT
) { /* given length is in number of bits */
if (len % 8) { /* len is not a multiple of 8, then round up to next number */
len /= 8;
len = len + 1;
} else {
len /= 8;
}
}
/* the PLC places extra bytes at the end of all but last result, if length is not a multiple of 2 */
if ((len % 2) && (i < (item_count-1))) {
len2 = len + 1;
} else {
len2 = len;
}
}
/* Insert a new tree for every item */
item = proto_tree_add_item(tree, hf_s7comm_data_item, tvb, offset, len + head_len, ENC_NA);
item_tree = proto_item_add_subtree(item, ett_s7comm_data_item);
proto_item_append_text(item, " [%d]: (%s)", i+1, val_to_str(ret_val, s7comm_item_return_valuenames, "Unknown code: 0x%02x"));
proto_tree_add_uint(item_tree, hf_s7comm_data_returncode, tvb, offset, 1, ret_val);
proto_tree_add_uint(item_tree, hf_s7comm_data_transport_size, tvb, offset + 1, 1, tsize);
proto_tree_add_uint(item_tree, hf_s7comm_data_length, tvb, offset + 2, 2, len);
offset += head_len;
if (ret_val == S7COMM_ITEM_RETVAL_DATA_OK || ret_val == S7COMM_ITEM_RETVAL_RESERVED) {
proto_tree_add_item(item_tree, hf_s7comm_readresponse_data, tvb, offset, len, ENC_NA);
offset += len;
if (len != len2) {
proto_tree_add_item(item_tree, hf_s7comm_data_fillbyte, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
}
}
}
}
return offset;
}
/*******************************************************************************************************
*
* PDU Type: Request or Response -> Function 0x29 (PLC control functions -> STOP)
*
*******************************************************************************************************/
static guint32
s7comm_decode_plc_controls_param_hex29(tvbuff_t *tvb,
proto_tree *tree,
guint32 offset)
{
guint8 len;
/* The first byte 0x29 is checked and inserted to tree outside, so skip it here */
offset += 1;
/* Meaning of first 5 bytes (Part 1) is unknown */
proto_tree_add_item(tree, hf_s7comm_piservice_unknown1, tvb, offset, 5, ENC_NA);
offset += 5;
/* Part 2 */
len = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(tree, hf_s7comm_data_plccontrol_part2_len, tvb, offset, 1, len);
offset += 1;
/* Function as string */
proto_tree_add_item(tree, hf_s7comm_piservice_servicename, tvb, offset, len, ENC_ASCII|ENC_NA);
offset += len;
return offset;
}
/*******************************************************************************************************
* PI_START Parameters: Decodes a parameter array with string values.
*******************************************************************************************************/
static guint32
s7comm_decode_pistart_parameters(tvbuff_t *tvb,
packet_info *pinfo,
proto_tree *tree,
proto_tree *param_tree,
const guint8 *servicename,
guint8 nfields, /* number of fields used */
guint hf[12], /* array with header fields */
guint32 offset)
{
guint8 i;
guint8 len;
wmem_strbuf_t *args_buf;
args_buf = wmem_strbuf_new_label(wmem_packet_scope());
for (i = 0; i < nfields; i++) {
len = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(param_tree, hf_s7comm_piservice_string_len, tvb, offset, 1, len);
offset += 1;
proto_tree_add_item(param_tree, hf[i], tvb, offset, len, ENC_ASCII|ENC_NA);
wmem_strbuf_append(args_buf, "\"");
wmem_strbuf_append(args_buf, tvb_format_text(tvb, offset, len));
if (i < nfields-1) {
wmem_strbuf_append(args_buf, "\", ");
} else {
wmem_strbuf_append(args_buf, "\"");
}
offset += len + (len % 2 == 0);
}
proto_item_append_text(param_tree, ": (%s)", wmem_strbuf_get_str(args_buf));
proto_item_append_text(tree, " -> %s(%s)", servicename, wmem_strbuf_get_str(args_buf));
col_append_fstr(pinfo->cinfo, COL_INFO, " -> %s(%s)", servicename, wmem_strbuf_get_str(args_buf));
return offset;
}
/*******************************************************************************************************
* PI-Service
*******************************************************************************************************/
static guint32
s7comm_decode_pi_service(tvbuff_t *tvb,
packet_info *pinfo,
proto_tree *tree,
guint16 plength,
guint32 offset)
{
guint16 len, paramlen;
guint32 startoffset;
guint32 paramoffset;
guint8 count;
guint8 i;
const guint8 *servicename;
const guint8 *str;
const guint8 *str1;
guint16 blocktype;
guint hf[13];
int pi_servicename_idx;
const gchar *pi_servicename_descr;
proto_item *item = NULL;
proto_item *itemadd = NULL;
proto_tree *param_tree = NULL;
proto_tree *file_tree = NULL;
gint32 num = -1;
gboolean num_valid;
startoffset = offset;
/* The first byte is checked and inserted to tree outside, so skip it here */
offset += 1;
/* First part is unknown, 7 bytes */
proto_tree_add_item(tree, hf_s7comm_piservice_unknown1, tvb, offset, 7, ENC_NA);
offset += 7;
if (offset - startoffset >= plength) {
return offset;
}
/* Parameter block */
paramlen = tvb_get_ntohs(tvb, offset);
proto_tree_add_uint(tree, hf_s7comm_piservice_parameterblock_len, tvb, offset, 2, paramlen);
offset += 2;
paramoffset = offset;
item = proto_tree_add_item(tree, hf_s7comm_piservice_parameterblock, tvb, offset, paramlen, ENC_NA);
param_tree = proto_item_add_subtree(item, ett_s7comm_piservice_parameterblock);
offset += paramlen;
/* PI servicename */
len = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(tree, hf_s7comm_piservice_string_len, tvb, offset, 1, len);
offset += 1;
item = proto_tree_add_item_ret_string(tree, hf_s7comm_piservice_servicename, tvb, offset, len, ENC_ASCII|ENC_NA, wmem_packet_scope(), &servicename);
offset += len;
/* get the index position in pi_service_names, and add infotext with description to the item */
pi_servicename_descr = try_str_to_str_idx(servicename, pi_service_names, &pi_servicename_idx);
if (pi_servicename_idx < 0) {
pi_servicename_idx = S7COMM_PI_UNKNOWN;
pi_servicename_descr = "Unknown PI Service";
}
proto_item_append_text(item, " [%s]", pi_servicename_descr);
/* Work parameter data, depending on servicename */
switch (pi_servicename_idx) {
case S7COMM_PI_INSE:
case S7COMM_PI_DELE:
count = tvb_get_guint8(tvb, paramoffset); /* number of blocks following */
proto_tree_add_uint(param_tree, hf_s7comm_data_plccontrol_block_cnt, tvb, paramoffset, 1, count);
paramoffset += 1;
/* Unknown, is always 0x00 */
proto_tree_add_item(param_tree, hf_s7comm_data_pi_inse_unknown, tvb, paramoffset, 1, ENC_BIG_ENDIAN);
paramoffset += 1;
col_append_fstr(pinfo->cinfo, COL_INFO, " -> %s(", servicename);
for (i = 0; i < count; i++) {
item = proto_tree_add_item(param_tree, hf_s7comm_data_blockcontrol_filename, tvb, paramoffset, 8, ENC_ASCII|ENC_NA);
file_tree = proto_item_add_subtree(item, ett_s7comm_plcfilename);
blocktype = tvb_get_ntohs(tvb, paramoffset);
itemadd = proto_tree_add_item(file_tree, hf_s7comm_data_blockcontrol_block_type, tvb, paramoffset, 2, ENC_ASCII|ENC_NA);
proto_item_append_text(itemadd, " (%s)", val_to_str(blocktype, blocktype_names, "Unknown Block type: 0x%04x"));
paramoffset += 2;
proto_tree_add_item_ret_string(file_tree, hf_s7comm_data_blockcontrol_block_num, tvb, paramoffset, 5, ENC_ASCII|ENC_NA, wmem_packet_scope(), &str);
paramoffset += 5;
num_valid = ws_strtoi32(str, NULL, &num);
proto_item_append_text(file_tree, " [%s ",
val_to_str(blocktype, blocktype_names, "Unknown Block type: 0x%04x"));
col_append_str(pinfo->cinfo, COL_INFO,
val_to_str(blocktype, blocktype_names, "Unknown Block type: 0x%04x"));
if (num_valid) {
proto_item_append_text(file_tree, "%d]", num);
col_append_fstr(pinfo->cinfo, COL_INFO, "%d", num);
} else {
expert_add_info(pinfo, file_tree, &ei_s7comm_data_blockcontrol_block_num_invalid);
proto_item_append_text(file_tree, "NaN]");
col_append_str(pinfo->cinfo, COL_INFO, "NaN");
}
if (i+1 < count) {
col_append_str(pinfo->cinfo, COL_INFO, ", ");
}
itemadd = proto_tree_add_item(file_tree, hf_s7comm_data_blockcontrol_dest_filesys, tvb, paramoffset, 1, ENC_ASCII|ENC_NA);
proto_item_append_text(itemadd, " (%s)", val_to_str(tvb_get_guint8(tvb, paramoffset), blocktype_attribute2_names, "Unknown filesys: %c"));
paramoffset += 1;
}
col_append_str(pinfo->cinfo, COL_INFO, ")");
break;
case S7COMM_PIP_PROGRAM:
case S7COMM_PI_MODU:
case S7COMM_PI_GARB:
if (paramlen == 0) {
proto_item_append_text(param_tree, ": ()");
proto_item_append_text(tree, " -> %s()", servicename);
col_append_fstr(pinfo->cinfo, COL_INFO, " -> %s()", servicename);
} else {
proto_tree_add_item_ret_string(param_tree, hf_s7comm_data_plccontrol_argument, tvb, paramoffset, paramlen, ENC_ASCII|ENC_NA, wmem_packet_scope(), &str1);
proto_item_append_text(param_tree, ": (\"%s\")", str1);
proto_item_append_text(tree, " -> %s(\"%s\")", servicename, str1);
col_append_fstr(pinfo->cinfo, COL_INFO, " -> %s(\"%s\")", servicename, str1);
}
break;
case S7COMM_PI_N_LOGIN_:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_password;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 2, hf, paramoffset);
break;
case S7COMM_PI_N_LOGOUT:
case S7COMM_PI_N_CANCEL:
case S7COMM_PI_N_DASAVE:
case S7COMM_PI_N_DIGIOF:
case S7COMM_PI_N_DIGION:
case S7COMM_PI_N_DZERO_:
case S7COMM_PI_N_ENDEXT:
case S7COMM_PI_N_F_OPER:
case S7COMM_PI_N_OST_OF:
case S7COMM_PI_N_OST_ON:
case S7COMM_PI_N_SCALE_:
case S7COMM_PI_N_SETUFR:
case S7COMM_PI_N_STRTLK:
case S7COMM_PI_N_STRTUL:
case S7COMM_PI_N_TMRASS:
hf[0] = hf_s7comm_pi_n_x_addressident;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 1, hf, paramoffset);
break;
case S7COMM_PI_N_F_DELE:
case S7COMM_PI_N_EXTERN:
case S7COMM_PI_N_EXTMOD:
case S7COMM_PI_N_F_DELR:
case S7COMM_PI_N_F_XFER:
case S7COMM_PI_N_LOCKE_:
case S7COMM_PI_N_SELECT:
case S7COMM_PI_N_SRTEXT:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_filename;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 2, hf, paramoffset);
break;
case S7COMM_PI_N_F_CLOS:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_editwindowname;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 2, hf, paramoffset);
break;
case S7COMM_PI_N_F_OPEN:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_filename;
hf[2] = hf_s7comm_pi_n_x_editwindowname;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 3, hf, paramoffset);
break;
case S7COMM_PI_N_F_SEEK:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_editwindowname;
hf[2] = hf_s7comm_pi_n_x_seekpointer;
hf[3] = hf_s7comm_pi_n_x_windowsize;
hf[4] = hf_s7comm_pi_n_x_comparestring;
hf[5] = hf_s7comm_pi_n_x_skipcount;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 6, hf, paramoffset);
break;
case S7COMM_PI_N_ASUP__:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_interruptnr;
hf[2] = hf_s7comm_pi_n_x_priority;
hf[3] = hf_s7comm_pi_n_x_liftfast;
hf[4] = hf_s7comm_pi_n_x_blsync;
hf[5] = hf_s7comm_pi_n_x_filename;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 6, hf, paramoffset);
break;
case S7COMM_PI_N_CHEKDM:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_magnr;
hf[2] = hf_s7comm_pi_n_x_dnr;
hf[3] = hf_s7comm_pi_n_x_spindlenumber;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 4, hf, paramoffset);
break;
case S7COMM_PI_N_CHKDNO:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_wznr;
hf[2] = hf_s7comm_pi_n_x_wznr;
hf[3] = hf_s7comm_pi_n_x_dnr;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 4, hf, paramoffset);
break;
case S7COMM_PI_N_CONFIG:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_class;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 2, hf, paramoffset);
break;
case S7COMM_PI_N_CRCEDN:
case S7COMM_PI_N_DELECE:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_tnr;
hf[2] = hf_s7comm_pi_n_x_dnr;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 3, hf, paramoffset);
break;
case S7COMM_PI_N_CREACE:
case S7COMM_PI_N_CREATO:
case S7COMM_PI_N_DELETO:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_toolnumber;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 2, hf, paramoffset);
break;
case S7COMM_PI_N_CRTOCE:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_toolnumber;
hf[2] = hf_s7comm_pi_n_x_cenumber;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 3, hf, paramoffset);
break;
case S7COMM_PI_N_DELVAR:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_datablocknumber;
hf[2] = hf_s7comm_pi_n_x_firstcolumnnumber;
hf[3] = hf_s7comm_pi_n_x_lastcolumnnumber;
hf[4] = hf_s7comm_pi_n_x_firstrownumber;
hf[5] = hf_s7comm_pi_n_x_lastrownumber;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 6, hf, paramoffset);
break;
case S7COMM_PI_N_F_COPY:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_direction;
hf[2] = hf_s7comm_pi_n_x_sourcefilename;
hf[3] = hf_s7comm_pi_n_x_destinationfilename;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 4, hf, paramoffset);
break;
case S7COMM_PI_N_F_DMDA:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_channelnumber;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 2, hf, paramoffset);
break;
case S7COMM_PI_N_F_PROT:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_filename;
hf[2] = hf_s7comm_pi_n_x_protection;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 3, hf, paramoffset);
break;
case S7COMM_PI_N_F_RENA:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_oldfilename;
hf[2] = hf_s7comm_pi_n_x_newfilename;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 3, hf, paramoffset);
break;
case S7COMM_PI_N_FINDBL:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_findmode;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 2, hf, paramoffset);
break;
case S7COMM_PI_N_IBN_SS:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_switch;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 2, hf, paramoffset);
break;
case S7COMM_PI_N_MMCSEM:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_functionnumber;
hf[2] = hf_s7comm_pi_n_x_semaphorvalue;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 3, hf, paramoffset);
break;
case S7COMM_PI_N_NCKMOD:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_onoff;
hf[2] = hf_s7comm_pi_n_x_mode;
hf[3] = hf_s7comm_pi_n_x_factor;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 4, hf, paramoffset);
break;
case S7COMM_PI_N_NEWPWD:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_password;
hf[2] = hf_s7comm_pi_n_x_passwordlevel;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 3, hf, paramoffset);
break;
case S7COMM_PI_N_SEL_BL:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_linenumber;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 2, hf, paramoffset);
break;
case S7COMM_PI_N_SETTST:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_magnr;
hf[2] = hf_s7comm_pi_n_x_weargroup;
hf[3] = hf_s7comm_pi_n_x_toolstatus;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 4, hf, paramoffset);
break;
case S7COMM_PI_N_TMAWCO:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_magnr;
hf[2] = hf_s7comm_pi_n_x_weargroup;
hf[3] = hf_s7comm_pi_n_x_wearsearchstrat;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 4, hf, paramoffset);
break;
case S7COMM_PI_N_TMCRTC:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_toolid;
hf[2] = hf_s7comm_pi_n_x_toolnumber;
hf[3] = hf_s7comm_pi_n_x_duplonumber;
hf[4] = hf_s7comm_pi_n_x_edgenumber;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 5, hf, paramoffset);
break;
case S7COMM_PI_N_TMCRTO:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_toolid;
hf[2] = hf_s7comm_pi_n_x_toolnumber;
hf[3] = hf_s7comm_pi_n_x_duplonumber;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 4, hf, paramoffset);
break;
case S7COMM_PI_N_TMFDPL:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_toolnumber;
hf[2] = hf_s7comm_pi_n_x_placenr;
hf[3] = hf_s7comm_pi_n_x_magnr;
hf[4] = hf_s7comm_pi_n_x_placerefnr;
hf[5] = hf_s7comm_pi_n_x_magrefnr;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 6, hf, paramoffset);
break;
case S7COMM_PI_N_TMFPBP:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_magnrfrom;
hf[2] = hf_s7comm_pi_n_x_placenrfrom;
hf[3] = hf_s7comm_pi_n_x_magnrto;
hf[4] = hf_s7comm_pi_n_x_placenrto;
hf[5] = hf_s7comm_pi_n_x_magrefnr;
hf[6] = hf_s7comm_pi_n_x_placerefnr;
hf[7] = hf_s7comm_pi_n_x_halfplacesleft;
hf[8] = hf_s7comm_pi_n_x_halfplacesright;
hf[9] = hf_s7comm_pi_n_x_halfplacesup;
hf[10] = hf_s7comm_pi_n_x_halfplacesdown;
hf[11] = hf_s7comm_pi_n_x_placetype;
hf[12] = hf_s7comm_pi_n_x_searchdirection;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 13, hf, paramoffset);
break;
case S7COMM_PI_N_TMGETT:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_toolname;
hf[2] = hf_s7comm_pi_n_x_duplonumber;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 3, hf, paramoffset);
break;
case S7COMM_PI_N_TMMVTL:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_toolnumber;
hf[2] = hf_s7comm_pi_n_x_placenrsource;
hf[3] = hf_s7comm_pi_n_x_magnrsource;
hf[4] = hf_s7comm_pi_n_x_placenrdestination;
hf[5] = hf_s7comm_pi_n_x_magnrdestination;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 6, hf, paramoffset);
break;
case S7COMM_PI_N_TMPCIT:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_spindlenumber;
hf[2] = hf_s7comm_pi_n_x_incrementnumber;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 3, hf, paramoffset);
break;
case S7COMM_PI_N_TMPOSM:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_toolnumber;
hf[2] = hf_s7comm_pi_n_x_toolid;
hf[3] = hf_s7comm_pi_n_x_duplonumber;
hf[4] = hf_s7comm_pi_n_x_placenrsource;
hf[5] = hf_s7comm_pi_n_x_magnrsource;
hf[6] = hf_s7comm_pi_n_x_placenrdestination;
hf[7] = hf_s7comm_pi_n_x_magnrdestination;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 8, hf, paramoffset);
break;
case S7COMM_PI_N_TRESMO:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_toolnumber;
hf[2] = hf_s7comm_pi_n_x_dnr;
hf[3] = hf_s7comm_pi_n_x_monitoringmode;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 4, hf, paramoffset);
break;
case S7COMM_PI_N_TSEARC:
hf[0] = hf_s7comm_pi_n_x_addressident;
hf[1] = hf_s7comm_pi_n_x_magnrfrom;
hf[2] = hf_s7comm_pi_n_x_placenrfrom;
hf[3] = hf_s7comm_pi_n_x_magnrto;
hf[4] = hf_s7comm_pi_n_x_placenrto;
hf[5] = hf_s7comm_pi_n_x_magrefnr;
hf[6] = hf_s7comm_pi_n_x_placerefnr;
hf[7] = hf_s7comm_pi_n_x_searchdirection;
hf[8] = hf_s7comm_pi_n_x_kindofsearch;
s7comm_decode_pistart_parameters(tvb, pinfo, tree, param_tree, servicename, 9, hf, paramoffset);
break;
default:
/* Don't know how to interpret the parameters, show only the PI servicename */
col_append_fstr(pinfo->cinfo, COL_INFO, " -> [%s]", servicename);
}
return offset;
}
/*******************************************************************************************************
*
* Decode a blockname/filename used in block/file upload/download
*
*******************************************************************************************************/
static guint32
s7comm_decode_plc_controls_filename(tvbuff_t *tvb,
packet_info *pinfo,
proto_tree *param_tree,
guint32 offset)
{
guint8 len;
const guint8 *str;
guint16 blocktype;
gboolean is_plcfilename;
proto_item *item = NULL;
proto_item *itemadd = NULL;
proto_tree *file_tree = NULL;
len = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(param_tree, hf_s7comm_data_blockcontrol_filename_len, tvb, offset, 1, len);
offset += 1;
item = proto_tree_add_item(param_tree, hf_s7comm_data_blockcontrol_filename, tvb, offset, len, ENC_ASCII|ENC_NA);
/* The filename when uploading from PLC has a well known structure, which can be further dissected.
* An upload from a NC is a simple filename string with no deeper structure.
* Check for PLC filename, by checking some fixed fields.
*/
is_plcfilename = FALSE;
if (len == 9) {
blocktype = tvb_get_ntohs(tvb, offset + 1);
if ((tvb_get_guint8(tvb, offset) == '_') && (blocktype >= S7COMM_BLOCKTYPE_OB) && (blocktype <= S7COMM_BLOCKTYPE_SFB)) {
gint32 num = 1;
gboolean num_valid;
is_plcfilename = TRUE;
file_tree = proto_item_add_subtree(item, ett_s7comm_plcfilename);
itemadd = proto_tree_add_item(file_tree, hf_s7comm_data_blockcontrol_file_ident, tvb, offset, 1, ENC_ASCII|ENC_NA);
proto_item_append_text(itemadd, " (%s)", val_to_str(tvb_get_guint8(tvb, offset), blocktype_attribute1_names, "Unknown identifier: %c"));
offset += 1;
itemadd = proto_tree_add_item(file_tree, hf_s7comm_data_blockcontrol_block_type, tvb, offset, 2, ENC_ASCII|ENC_NA);
proto_item_append_text(itemadd, " (%s)", val_to_str(blocktype, blocktype_names, "Unknown Block type: 0x%04x"));
offset += 2;
proto_tree_add_item_ret_string(file_tree, hf_s7comm_data_blockcontrol_block_num, tvb, offset, 5, ENC_ASCII|ENC_NA, wmem_packet_scope(), &str);
offset += 5;
num_valid = ws_strtoi32(str, NULL, &num);
proto_item_append_text(file_tree, " [%s",
val_to_str(blocktype, blocktype_names, "Unknown Block type: 0x%04x"));
col_append_fstr(pinfo->cinfo, COL_INFO, " -> Block:[%s",
val_to_str(blocktype, blocktype_names, "Unknown Block type: 0x%04x"));
if (num_valid) {
proto_item_append_text(file_tree, "%d]", num);
col_append_fstr(pinfo->cinfo, COL_INFO, "%d]", num);
} else {
expert_add_info(pinfo, file_tree, &ei_s7comm_data_blockcontrol_block_num_invalid);
proto_item_append_text(file_tree, "NaN]");
col_append_str(pinfo->cinfo, COL_INFO, "NaN]");
}
itemadd = proto_tree_add_item(file_tree, hf_s7comm_data_blockcontrol_dest_filesys, tvb, offset, 1, ENC_ASCII|ENC_NA);
proto_item_append_text(itemadd, " (%s)", val_to_str(tvb_get_guint8(tvb, offset), blocktype_attribute2_names, "Unknown filesys: %c"));
offset += 1;
}
}
if (is_plcfilename == FALSE) {
str = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, len, ENC_ASCII);
col_append_fstr(pinfo->cinfo, COL_INFO, " File:[%s]", str);
offset += len;
}
return offset;
}
/*******************************************************************************************************
*
* PDU Type: Request or Response -> Function 0x1d, 0x1e, 0x1f (block control functions) for upload
*
*******************************************************************************************************/
static guint32
s7comm_decode_plc_controls_updownload(tvbuff_t *tvb,
packet_info *pinfo,
proto_tree *tree,
proto_tree *param_tree,
guint16 plength,
guint16 dlength,
guint32 offset,
guint8 rosctr)
{
guint8 len;
guint8 function;
guint32 errorcode;
const gchar *errorcode_text;
proto_item *item = NULL;
proto_tree *data_tree = NULL;
function = tvb_get_guint8(tvb, offset);
offset += 1;
errorcode = 0;
switch (function) {
/*---------------------------------------------------------------------*/
case S7COMM_FUNCREQUESTDOWNLOAD:
if (rosctr == S7COMM_ROSCTR_JOB) {
proto_tree_add_bitmask(param_tree, tvb, offset, hf_s7comm_data_blockcontrol_functionstatus,
ett_s7comm_data_blockcontrol_status, s7comm_data_blockcontrol_status_fields, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(param_tree, hf_s7comm_data_blockcontrol_unknown1, tvb, offset, 2, ENC_NA);
offset += 2;
/* on upload this is the upload-id, here it is anything else (or not used ) */
proto_tree_add_item(param_tree, hf_s7comm_data_blockcontrol_unknown1, tvb, offset, 4, ENC_NA);
offset += 4;
offset = s7comm_decode_plc_controls_filename(tvb, pinfo, param_tree, offset);
if (plength > 18) {
len = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(param_tree, hf_s7comm_data_blockcontrol_part2_len, tvb, offset, 1, len);
offset += 1;
/* first byte unknown '1' */
proto_tree_add_item(param_tree, hf_s7comm_data_blockcontrol_part2_unknown, tvb, offset, 1, ENC_ASCII|ENC_NA);
offset += 1;
proto_tree_add_item(param_tree, hf_s7comm_data_blockcontrol_loadmem_len, tvb, offset, 6, ENC_ASCII|ENC_NA);
offset += 6;
proto_tree_add_item(param_tree, hf_s7comm_data_blockcontrol_mc7code_len, tvb, offset, 6, ENC_ASCII|ENC_NA);
offset += 6;
}
} else if (rosctr == S7COMM_ROSCTR_ACK_DATA) {
if (plength >= 2) {
proto_tree_add_bitmask(param_tree, tvb, offset, hf_s7comm_data_blockcontrol_functionstatus,
ett_s7comm_data_blockcontrol_status, s7comm_data_blockcontrol_status_fields, ENC_BIG_ENDIAN);
offset += 1;
}
}
break;
/*---------------------------------------------------------------------*/
case S7COMM_FUNCSTARTUPLOAD:
proto_tree_add_bitmask(param_tree, tvb, offset, hf_s7comm_data_blockcontrol_functionstatus,
ett_s7comm_data_blockcontrol_status, s7comm_data_blockcontrol_status_fields, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(param_tree, hf_s7comm_data_blockcontrol_unknown1, tvb, offset, 2, ENC_NA);
offset += 2;
proto_tree_add_item(param_tree, hf_s7comm_data_blockcontrol_uploadid, tvb, offset, 4, ENC_NA);
offset += 4;
if (rosctr == S7COMM_ROSCTR_JOB) {
offset = s7comm_decode_plc_controls_filename(tvb, pinfo, param_tree, offset);
} else if (rosctr == S7COMM_ROSCTR_ACK_DATA) {
if (plength > 8) {
/* If uploading from a PLC, the response has a string with the length
* of the complete module in bytes, which maybe transferred/split into many PDUs.
* On a NC file upload, there are no such fields.
*/
len = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(param_tree, hf_s7comm_data_blockcontrol_upl_lenstring_len, tvb, offset, 1, len);
offset += 1;
proto_tree_add_item(param_tree, hf_s7comm_data_blockcontrol_upl_lenstring, tvb, offset, len, ENC_ASCII|ENC_NA);
offset += len;
}
}
break;
/*---------------------------------------------------------------------*/
case S7COMM_FUNCUPLOAD:
case S7COMM_FUNCDOWNLOADBLOCK:
if (rosctr == S7COMM_ROSCTR_JOB) {
proto_tree_add_bitmask(param_tree, tvb, offset, hf_s7comm_data_blockcontrol_functionstatus,
ett_s7comm_data_blockcontrol_status, s7comm_data_blockcontrol_status_fields, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(param_tree, hf_s7comm_data_blockcontrol_unknown1, tvb, offset, 2, ENC_NA);
offset += 2;
if (function == S7COMM_FUNCUPLOAD) {
proto_tree_add_item(param_tree, hf_s7comm_data_blockcontrol_uploadid, tvb, offset, 4, ENC_NA);
offset += 4;
} else {
proto_tree_add_item(param_tree, hf_s7comm_data_blockcontrol_unknown1, tvb, offset, 4, ENC_NA);
offset += 4;
offset = s7comm_decode_plc_controls_filename(tvb, pinfo, param_tree, offset);
}
} else if (rosctr == S7COMM_ROSCTR_ACK_DATA) {
if (plength >= 2) {
proto_tree_add_bitmask(param_tree, tvb, offset, hf_s7comm_data_blockcontrol_functionstatus,
ett_s7comm_data_blockcontrol_status, s7comm_data_blockcontrol_status_fields, ENC_BIG_ENDIAN);
offset += 1;
}
if (dlength > 0) {
item = proto_tree_add_item(tree, hf_s7comm_data, tvb, offset, dlength, ENC_NA);
data_tree = proto_item_add_subtree(item, ett_s7comm_data);
proto_tree_add_item(data_tree, hf_s7comm_data_length, tvb, offset, 2, ENC_NA);
offset += 2;
proto_tree_add_item(data_tree, hf_s7comm_data_blockcontrol_unknown1, tvb, offset, 2, ENC_NA);
offset += 2;
proto_tree_add_item(data_tree, hf_s7comm_readresponse_data, tvb, offset, dlength - 4, ENC_NA);
offset += dlength - 4;
}
}
break;
/*---------------------------------------------------------------------*/
case S7COMM_FUNCENDUPLOAD:
case S7COMM_FUNCDOWNLOADENDED:
if (rosctr == S7COMM_ROSCTR_JOB) {
proto_tree_add_bitmask(param_tree, tvb, offset, hf_s7comm_data_blockcontrol_functionstatus,
ett_s7comm_data_blockcontrol_status, s7comm_data_blockcontrol_status_fields, ENC_BIG_ENDIAN);
offset += 1;
item = proto_tree_add_item_ret_uint(param_tree, hf_s7comm_data_blockcontrol_errorcode, tvb, offset, 2, ENC_BIG_ENDIAN, &errorcode);
/* here it uses the same errorcode from parameter part */
if ((errorcode_text = try_val_to_str_ext(errorcode, ¶m_errcode_names_ext))) {
proto_item_append_text(item, " (%s)", errorcode_text);
}
offset += 2;
if (function == S7COMM_FUNCENDUPLOAD) {
proto_tree_add_item(param_tree, hf_s7comm_data_blockcontrol_uploadid, tvb, offset, 4, ENC_NA);
offset += 4;
} else {
proto_tree_add_item(param_tree, hf_s7comm_data_blockcontrol_unknown1, tvb, offset, 4, ENC_NA);
offset += 4;
offset = s7comm_decode_plc_controls_filename(tvb, pinfo, param_tree, offset);
}
} else if (rosctr == S7COMM_ROSCTR_ACK_DATA) {
if (plength >= 2) {
proto_tree_add_bitmask(param_tree, tvb, offset, hf_s7comm_data_blockcontrol_functionstatus,
ett_s7comm_data_blockcontrol_status, s7comm_data_blockcontrol_status_fields, ENC_BIG_ENDIAN);
offset += 1;
}
}
break;
}
/* if an error occurred show in info column */
if (errorcode > 0) {
col_append_fstr(pinfo->cinfo, COL_INFO, " -> Errorcode:[0x%04x]", errorcode);
}
return offset;
}
/*******************************************************************************************************
*
* PDU Type: User Data -> Function group 1 -> Programmer commands -> Request diagnostic data (0x13 or 0x01)
*
*******************************************************************************************************/
static guint32
s7comm_decode_ud_prog_reqdiagdata(tvbuff_t *tvb,
proto_tree *data_tree,
guint8 subfunc, /* Subfunction */
guint32 offset) /* Offset on data part +4 */
{
proto_item *item = NULL;
proto_tree *item_tree = NULL;
guint16 line_nr;
guint16 line_cnt;
guint16 ask_size;
guint16 item_size = 4;
guint8 registerflags;
gchar str_flags[80];
proto_tree_add_item(data_tree, hf_s7comm_diagdata_req_askheadersize, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
ask_size = tvb_get_ntohs(tvb, offset);
proto_tree_add_uint(data_tree, hf_s7comm_diagdata_req_asksize, tvb, offset, 2, ask_size);
offset += 2;
proto_tree_add_item(data_tree, hf_s7comm_diagdata_req_unknown, tvb, offset, 6, ENC_NA);
offset += 6;
proto_tree_add_item(data_tree, hf_s7comm_diagdata_req_answersize, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
proto_tree_add_item(data_tree, hf_s7comm_diagdata_req_unknown, tvb, offset, 13, ENC_NA);
offset += 13;
proto_tree_add_item(data_tree, hf_s7comm_diagdata_req_block_type, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(data_tree, hf_s7comm_diagdata_req_block_num, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
proto_tree_add_item(data_tree, hf_s7comm_diagdata_req_startaddr_awl, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
proto_tree_add_item(data_tree, hf_s7comm_diagdata_req_saz, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
proto_tree_add_item(data_tree, hf_s7comm_diagdata_req_unknown, tvb, offset, 1, ENC_NA);
offset += 1;
if (subfunc == 0x13) {
line_cnt = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(data_tree, hf_s7comm_diagdata_req_number_of_lines, tvb, offset, 2, line_cnt);
offset += 1;
proto_tree_add_item(data_tree, hf_s7comm_diagdata_req_unknown, tvb, offset, 1, ENC_NA);
offset += 1;
} else {
line_cnt = (ask_size - 2) / 2;
}
proto_tree_add_bitmask(data_tree, tvb, offset, hf_s7comm_diagdata_registerflag,
ett_s7comm_diagdata_registerflag, s7comm_diagdata_registerflag_fields, ENC_BIG_ENDIAN);
offset += 1;
if (subfunc == 0x13) {
item_size = 4;
} else {
item_size = 2;
}
for (line_nr = 0; line_nr < line_cnt; line_nr++) {
item = proto_tree_add_item(data_tree, hf_s7comm_data_item, tvb, offset, item_size, ENC_NA);
item_tree = proto_item_add_subtree(item, ett_s7comm_data_item);
if (subfunc == 0x13) {
proto_tree_add_item(item_tree, hf_s7comm_diagdata_req_line_address, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
}
proto_tree_add_item(item_tree, hf_s7comm_diagdata_req_unknown, tvb, offset, 1, ENC_NA);
offset += 1;
registerflags = tvb_get_guint8(tvb, offset);
make_registerflag_string(str_flags, registerflags, sizeof(str_flags));
proto_item_append_text(item, " [%d]: (%s)", line_nr+1, str_flags);
proto_tree_add_bitmask(item_tree, tvb, offset, hf_s7comm_diagdata_registerflag,
ett_s7comm_diagdata_registerflag, s7comm_diagdata_registerflag_fields, ENC_BIG_ENDIAN);
offset += 1;
}
return offset;
}
/*******************************************************************************************************
*
* PDU Type: User Data -> Function group 1 -> Programmer commands -> Variable table -> request
*
*******************************************************************************************************/
static guint32
s7comm_decode_ud_prog_vartab_req_item(tvbuff_t *tvb,
guint32 offset,
proto_tree *sub_tree,
guint16 item_no)
{
guint32 bytepos = 0;
guint16 len = 0;
guint16 db = 0;
guint8 area = 0;
proto_item *item = NULL;
/* Insert a new tree with 6 bytes for every item */
item = proto_tree_add_item(sub_tree, hf_s7comm_param_item, tvb, offset, 6, ENC_NA);
sub_tree = proto_item_add_subtree(item, ett_s7comm_param_item);
proto_item_append_text(item, " [%d]:", item_no + 1);
/* Area, 1 byte */
area = tvb_get_guint8(tvb, offset);
proto_tree_add_item(sub_tree, hf_s7comm_vartab_req_memory_area, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
/* Length (repetition factor), 1 byte */
len = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(sub_tree, hf_s7comm_vartab_req_repetition_factor, tvb, offset, 1, len);
offset += 1;
/* DB number, 2 bytes */
db = tvb_get_ntohs(tvb, offset);
proto_tree_add_uint(sub_tree, hf_s7comm_vartab_req_db_number, tvb, offset, 2, db);
offset += 2;
/* byte offset, 2 bytes */
bytepos = tvb_get_ntohs(tvb, offset);
proto_tree_add_uint(sub_tree, hf_s7comm_vartab_req_startaddress, tvb, offset, 2, bytepos);
offset += 2;
/* build a full address to show item data directly beside the item */
switch (area) {
case S7COMM_UD_SUBF_PROG_VARTAB_AREA_MB:
proto_item_append_text(sub_tree, " (M%d.0 BYTE %d)", bytepos, len);
break;
case S7COMM_UD_SUBF_PROG_VARTAB_AREA_MW:
proto_item_append_text(sub_tree, " (M%d.0 WORD %d)", bytepos, len);
break;
case S7COMM_UD_SUBF_PROG_VARTAB_AREA_MD:
proto_item_append_text(sub_tree, " (M%d.0 DWORD %d)", bytepos, len);
break;
case S7COMM_UD_SUBF_PROG_VARTAB_AREA_EB:
proto_item_append_text(sub_tree, " (I%d.0 BYTE %d)", bytepos, len);
break;
case S7COMM_UD_SUBF_PROG_VARTAB_AREA_EW:
proto_item_append_text(sub_tree, " (I%d.0 WORD %d)", bytepos, len);
break;
case S7COMM_UD_SUBF_PROG_VARTAB_AREA_ED:
proto_item_append_text(sub_tree, " (I%d.0 DWORD %d)", bytepos, len);
break;
case S7COMM_UD_SUBF_PROG_VARTAB_AREA_AB:
proto_item_append_text(sub_tree, " (Q%d.0 BYTE %d)", bytepos, len);
break;
case S7COMM_UD_SUBF_PROG_VARTAB_AREA_AW:
proto_item_append_text(sub_tree, " (Q%d.0 WORD %d)", bytepos, len);
break;
case S7COMM_UD_SUBF_PROG_VARTAB_AREA_AD:
proto_item_append_text(sub_tree, " (Q%d.0 DWORD %d)", bytepos, len);
break;
case S7COMM_UD_SUBF_PROG_VARTAB_AREA_PEB:
proto_item_append_text(sub_tree, " (PI%d.0 BYTE %d)", bytepos, len);
break;
case S7COMM_UD_SUBF_PROG_VARTAB_AREA_PEW:
proto_item_append_text(sub_tree, " (PI%d.0 WORD %d)", bytepos, len);
break;
case S7COMM_UD_SUBF_PROG_VARTAB_AREA_PED:
proto_item_append_text(sub_tree, " (PI%d.0 DWORD %d)", bytepos, len);
break;
case S7COMM_UD_SUBF_PROG_VARTAB_AREA_DBB:
proto_item_append_text(sub_tree, " (DB%d.DX%d.0 BYTE %d)", db, bytepos, len);
break;
case S7COMM_UD_SUBF_PROG_VARTAB_AREA_DBW:
proto_item_append_text(sub_tree, " (DB%d.DX%d.0 WORD %d)", db, bytepos, len);
break;
case S7COMM_UD_SUBF_PROG_VARTAB_AREA_DBD:
proto_item_append_text(sub_tree, " (DB%d.DX%d.0 DWORD %d)", db, bytepos, len);
break;
case S7COMM_UD_SUBF_PROG_VARTAB_AREA_T:
/* it's possible to read multiple timers */
if (len >1)
proto_item_append_text(sub_tree, " (T %d..%d)", bytepos, bytepos + len - 1);
else
proto_item_append_text(sub_tree, " (T %d)", bytepos);
break;
case S7COMM_UD_SUBF_PROG_VARTAB_AREA_C:
/* it's possible to read multiple counters */
if (len >1)
proto_item_append_text(sub_tree, " (C %d..%d)", bytepos, bytepos + len - 1);
else
proto_item_append_text(sub_tree, " (C %d)", bytepos);
break;
}
return offset;
}
/*******************************************************************************************************
*
* PDU Type: User Data -> Function group 1 -> Programmer commands -> Variable table -> response
*
*******************************************************************************************************/
static guint32
s7comm_decode_ud_prog_vartab_res_item(tvbuff_t *tvb,
guint32 offset,
proto_tree *sub_tree,
guint16 item_no)
{
guint16 len = 0, len2 = 0;
guint8 ret_val = 0;
guint8 tsize = 0;
guint8 head_len = 4;
proto_item *item = NULL;
ret_val = tvb_get_guint8(tvb, offset);
if (ret_val == S7COMM_ITEM_RETVAL_RESERVED ||
ret_val == S7COMM_ITEM_RETVAL_DATA_OK ||
ret_val == S7COMM_ITEM_RETVAL_DATA_ERR
) {
tsize = tvb_get_guint8(tvb, offset + 1);
len = tvb_get_ntohs(tvb, offset + 2);
if (tsize == S7COMM_DATA_TRANSPORT_SIZE_BBYTE || tsize == S7COMM_DATA_TRANSPORT_SIZE_BINT) {
len /= 8;
}
/* the PLC places extra bytes at the end if length is not a multiple of 2 */
if (len % 2) {
len2 = len + 1;
}else {
len2 = len;
}
}
/* Insert a new tree for every item */
item = proto_tree_add_item(sub_tree, hf_s7comm_data_item, tvb, offset, len + head_len, ENC_NA);
sub_tree = proto_item_add_subtree(item, ett_s7comm_data_item);
proto_item_append_text(item, " [%d]: (%s)", item_no + 1, val_to_str(ret_val, s7comm_item_return_valuenames, "Unknown code: 0x%02x"));
proto_tree_add_uint(sub_tree, hf_s7comm_data_returncode, tvb, offset, 1, ret_val);
proto_tree_add_uint(sub_tree, hf_s7comm_data_transport_size, tvb, offset + 1, 1, tsize);
proto_tree_add_uint(sub_tree, hf_s7comm_data_length, tvb, offset + 2, 2, len);
offset += head_len;
if (ret_val == S7COMM_ITEM_RETVAL_DATA_OK || ret_val == S7COMM_ITEM_RETVAL_RESERVED) {
proto_tree_add_item(sub_tree, hf_s7comm_readresponse_data, tvb, offset, len, ENC_NA);
offset += len;
if (len != len2) {
proto_tree_add_item(sub_tree, hf_s7comm_data_fillbyte, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
}
}
return offset;
}
/*******************************************************************************************************
*
* PDU Type: User Data -> Function group 5 -> Security functions?
*
*******************************************************************************************************/
static guint32
s7comm_decode_ud_security_subfunc(tvbuff_t *tvb,
proto_tree *data_tree,
guint16 dlength, /* length of data part given in header */
guint32 offset) /* Offset on data part +4 */
{
/* Display dataset as raw bytes. Maybe this part can be extended with further knowledge. */
proto_tree_add_item(data_tree, hf_s7comm_userdata_data, tvb, offset, dlength - 4, ENC_NA);
offset += dlength;
return offset;
}
/*******************************************************************************************************
*
* PDU Type: User Data -> Function group 6 -> PBC, Programmable Block Functions (e.g. BSEND/BRECV)
*
*******************************************************************************************************/
static guint32
s7comm_decode_ud_pbc_subfunc(tvbuff_t *tvb,
proto_tree *data_tree,
guint16 dlength, /* length of data part given in header */
guint32 offset) /* Offset on data part +4 */
{
proto_tree_add_item(data_tree, hf_s7comm_item_varspec, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(data_tree, hf_s7comm_item_varspec_length, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(data_tree, hf_s7comm_item_syntax_id, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(data_tree, hf_s7comm_pbc_unknown, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(data_tree, hf_s7comm_pbc_r_id, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
/* Only in the first telegram of possible several segments, an int16 of full data length is following.
* As the dissector can't check this, don't display the information
* and display the data as payload bytes.
*/
dlength = dlength - 4 - 8; /* 4 bytes data header, 8 bytes varspec */
if (dlength > 0) {
proto_tree_add_item(data_tree, hf_s7comm_userdata_data, tvb, offset, dlength, ENC_NA);
offset += dlength;
}
return offset;
}
/*******************************************************************************************************
*
* PDU Type: User Data -> NC programming functions (file download/upload)
*
*******************************************************************************************************/
static guint32
s7comm_decode_ud_ncprg_subfunc(tvbuff_t *tvb,
packet_info *pinfo,
proto_tree *data_tree,
guint8 type, /* Type of data (request/response) */
guint8 subfunc, /* Subfunction */
guint16 dlength, /* length of data part given in header */
guint32 offset) /* Offset on data part +4 */
{
const guint8 *str_filename;
dlength -= 4; /* There are always 4 bytes header information in data part */
if (dlength >= 2) {
if (type == S7COMM_UD_TYPE_NCREQ && subfunc == S7COMM_NCPRG_FUNCREQUESTDOWNLOAD) {
proto_tree_add_item_ret_string(data_tree, hf_s7comm_data_blockcontrol_filename, tvb, offset, dlength,
ENC_ASCII|ENC_NA, wmem_packet_scope(), &str_filename);
col_append_fstr(pinfo->cinfo, COL_INFO, " File:[%s]", str_filename);
offset += dlength;
} else if (type == S7COMM_UD_TYPE_NCREQ && subfunc == S7COMM_NCPRG_FUNCSTARTUPLOAD) {
proto_tree_add_item(data_tree, hf_s7comm_data_ncprg_unackcount, tvb, offset, 1, ENC_NA);
offset += 1;
dlength -= 1;
proto_tree_add_item(data_tree, hf_s7comm_data_blockcontrol_unknown1, tvb, offset, 1, ENC_NA);
offset += 1;
dlength -= 1;
proto_tree_add_item_ret_string(data_tree, hf_s7comm_data_blockcontrol_filename, tvb, offset, dlength,
ENC_ASCII|ENC_NA, wmem_packet_scope(), &str_filename);
col_append_fstr(pinfo->cinfo, COL_INFO, " File:[%s]", str_filename);
offset += dlength;
} else if (type == S7COMM_UD_TYPE_NCRES && subfunc == S7COMM_NCPRG_FUNCREQUESTDOWNLOAD) {
proto_tree_add_item(data_tree, hf_s7comm_data_ncprg_unackcount, tvb, offset, 1, ENC_NA);
offset += 1;
proto_tree_add_item(data_tree, hf_s7comm_data_blockcontrol_unknown1, tvb, offset, 1, ENC_NA);
offset += 1;
} else if (type == S7COMM_UD_TYPE_NCPUSH && (subfunc == S7COMM_NCPRG_FUNCCONTUPLOAD || subfunc == S7COMM_NCPRG_FUNCCONTDOWNLOAD)) {
proto_tree_add_item(data_tree, hf_s7comm_data_ncprg_unackcount, tvb, offset, 1, ENC_NA);
offset += 1;
/* Guess: If 1, then this is the last telegram of up/download, otherwise 0 */
proto_tree_add_item(data_tree, hf_s7comm_data_blockcontrol_unknown1, tvb, offset, 1, ENC_NA);
offset += 1;
} else {
/* There is always a 2 bytes header before the data.
* Guess: first byte is used as "data unit reference"
*/
proto_tree_add_item(data_tree, hf_s7comm_data_blockcontrol_unknown1, tvb, offset, 2, ENC_NA);
offset += 2;
dlength -= 2;
if (dlength >= 4) {
proto_tree_add_item(data_tree, hf_s7comm_userdata_data, tvb, offset, dlength, ENC_NA);
offset += dlength;
}
}
}
return offset;
}
/*******************************************************************************************************
*
* PDU Type: User Data -> Message services
*
*******************************************************************************************************/
static guint32
s7comm_decode_message_service(tvbuff_t *tvb,
packet_info *pinfo,
proto_tree *data_tree,
guint8 type, /* Type of data (request/response) */
guint16 dlength, /* length of data part given in header */
guint32 offset) /* Offset on data part +4 */
{
guint8 events;
guint8 almtype;
gchar events_string[42];
switch (type) {
case S7COMM_UD_TYPE_REQ:
events = tvb_get_guint8(tvb, offset);
proto_tree_add_bitmask(data_tree, tvb, offset, hf_s7comm_cpu_msgservice_subscribe_events,
ett_s7comm_cpu_msgservice_subscribe_events, s7comm_cpu_msgservice_subscribe_events_fields, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(data_tree, hf_s7comm_cpu_msgservice_req_reserved1, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
g_strlcpy(events_string, "", sizeof(events_string));
if (events & 0x01) g_strlcat(events_string, "MODE,", sizeof(events_string)); /* Change in mode-transition: Stop, Run, by Push and Function-group=0, Subfunction: 0=Stop, 1=Warm Restart, 2=RUN */
if (events & 0x02) g_strlcat(events_string, "SYS,", sizeof(events_string)); /* System diagnostics */
if (events & 0x04) g_strlcat(events_string, "USR,", sizeof(events_string)); /* User-defined diagnostic messages */
if (events & 0x08) g_strlcat(events_string, "-4-,", sizeof(events_string)); /* currently unknown flag */
if (events & 0x10) g_strlcat(events_string, "-5-,", sizeof(events_string)); /* currently unknown flag */
if (events & 0x20) g_strlcat(events_string, "-6-,", sizeof(events_string)); /* currently unknown flag */
if (events & 0x40) g_strlcat(events_string, "-7-,", sizeof(events_string)); /* currently unknown flag */
if (events & 0x80) g_strlcat(events_string, "ALM,", sizeof(events_string)); /* Program block message, type of message in additional field */
if (strlen(events_string) > 2)
events_string[strlen(events_string) - 1 ] = '\0';
col_append_fstr(pinfo->cinfo, COL_INFO, " SubscribedEvents=(%s)", events_string);
proto_tree_add_item(data_tree, hf_s7comm_cpu_msgservice_username, tvb, offset, 8, ENC_ASCII|ENC_NA);
offset += 8;
if ((events & 0x80) && (dlength > 10)) {
almtype = tvb_get_guint8(tvb, offset);
proto_tree_add_item(data_tree, hf_s7comm_cpu_msgservice_almtype, tvb, offset, 1, ENC_BIG_ENDIAN);
col_append_fstr(pinfo->cinfo, COL_INFO, " AlmType=%s", val_to_str(almtype, cpu_msgservice_almtype_names, "Unknown type: 0x%02x"));
offset += 1;
proto_tree_add_item(data_tree, hf_s7comm_cpu_msgservice_req_reserved2, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
}
break;
case S7COMM_UD_TYPE_RES:
proto_tree_add_item(data_tree, hf_s7comm_cpu_msgservice_res_result, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(data_tree, hf_s7comm_cpu_msgservice_res_reserved1, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
if (dlength > 2) {
almtype = tvb_get_guint8(tvb, offset);
proto_tree_add_item(data_tree, hf_s7comm_cpu_msgservice_almtype, tvb, offset, 1, ENC_BIG_ENDIAN);
col_append_fstr(pinfo->cinfo, COL_INFO, " AlmType=%s", val_to_str(almtype, cpu_msgservice_almtype_names, "Unknown type: 0x%02x"));
offset += 1;
proto_tree_add_item(data_tree, hf_s7comm_cpu_msgservice_res_reserved2, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(data_tree, hf_s7comm_cpu_msgservice_res_reserved3, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
}
break;
}
return offset;
}
/*******************************************************************************************************
*
* PDU Type: User Data -> Function group 4 -> alarm, main tree for all except query response
*
*******************************************************************************************************/
static guint32
s7comm_decode_ud_cpu_alarm_main(tvbuff_t *tvb,
packet_info *pinfo,
proto_tree *data_tree,
guint8 type, /* Type of data (request/response) */
guint8 subfunc, /* Subfunction */
guint32 offset) /* Offset on data part +4 */
{
guint32 start_offset;
guint32 asc_start_offset;
guint32 msg_obj_start_offset;
guint32 ev_id;
proto_item *msg_item = NULL;
proto_tree *msg_item_tree = NULL;
proto_item *msg_obj_item = NULL;
proto_tree *msg_obj_item_tree = NULL;
proto_item *msg_work_item = NULL;
proto_tree *msg_work_item_tree = NULL;
guint8 nr_objects;
guint8 i;
guint8 syntax_id;
guint8 nr_of_additional_values;
guint8 signalstate;
guint8 sig_nr;
guint8 ret_val;
guint8 querytype;
guint8 varspec_length;
start_offset = offset;
msg_item = proto_tree_add_item(data_tree, hf_s7comm_cpu_alarm_message_item, tvb, offset, 0, ENC_NA);
msg_item_tree = proto_item_add_subtree(msg_item, ett_s7comm_cpu_alarm_message);
switch (subfunc) {
case S7COMM_UD_SUBF_CPU_SCAN_IND:
proto_tree_add_item(msg_item_tree, hf_s7comm_cpu_alarm_message_scan_unknown1, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
msg_work_item = proto_tree_add_item(msg_item_tree, hf_s7comm_cpu_alarm_message_timestamp_coming, tvb, offset, 8, ENC_NA);
msg_work_item_tree = proto_item_add_subtree(msg_work_item, ett_s7comm_cpu_alarm_message_timestamp);
offset = s7comm_add_timestamp_to_tree(tvb, msg_work_item_tree, offset, TRUE, FALSE);
proto_tree_add_item(msg_item_tree, hf_s7comm_cpu_alarm_message_scan_unknown2, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
break;
case S7COMM_UD_SUBF_CPU_ALARM8_IND:
case S7COMM_UD_SUBF_CPU_ALARMACK_IND:
case S7COMM_UD_SUBF_CPU_ALARMSQ_IND:
case S7COMM_UD_SUBF_CPU_ALARMS_IND:
case S7COMM_UD_SUBF_CPU_NOTIFY_IND:
case S7COMM_UD_SUBF_CPU_NOTIFY8_IND:
msg_work_item = proto_tree_add_item(msg_item_tree, hf_s7comm_cpu_alarm_message_timestamp_coming, tvb, offset, 8, ENC_NA);
msg_work_item_tree = proto_item_add_subtree(msg_work_item, ett_s7comm_cpu_alarm_message_timestamp);
offset = s7comm_add_timestamp_to_tree(tvb, msg_work_item_tree, offset, TRUE, FALSE);
break;
}
proto_tree_add_item(msg_item_tree, hf_s7comm_cpu_alarm_message_function, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
nr_objects = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(msg_item_tree, hf_s7comm_cpu_alarm_message_nr_objects, tvb, offset, 1, nr_objects);
offset += 1;
for (i = 0; i < nr_objects; i++) {
msg_obj_start_offset = offset;
msg_obj_item = proto_tree_add_item(msg_item_tree, hf_s7comm_cpu_alarm_message_obj_item, tvb, offset, 0, ENC_NA);
msg_obj_item_tree = proto_item_add_subtree(msg_obj_item, ett_s7comm_cpu_alarm_message_object);
proto_item_append_text(msg_obj_item_tree, " [%d]", i+1);
if (type == S7COMM_UD_TYPE_REQ || type == S7COMM_UD_TYPE_PUSH) {
proto_tree_add_item(msg_obj_item_tree, hf_s7comm_item_varspec, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
varspec_length = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(msg_obj_item_tree, hf_s7comm_item_varspec_length, tvb, offset, 1, varspec_length);
offset += 1;
syntax_id = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(msg_obj_item_tree, hf_s7comm_item_syntax_id, tvb, offset, 1, syntax_id);
offset += 1;
switch (syntax_id) {
case S7COMM_SYNTAXID_ALARM_LOCKFREESET:
case S7COMM_SYNTAXID_ALARM_INDSET:
case S7COMM_SYNTAXID_NOTIFY_INDSET:
case S7COMM_SYNTAXID_ALARM_ACKSET:
nr_of_additional_values = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(msg_obj_item_tree, hf_s7comm_cpu_alarm_message_nr_add_values, tvb, offset, 1, nr_of_additional_values);
offset += 1;
ev_id = tvb_get_ntohl(tvb, offset);
proto_tree_add_uint(msg_obj_item_tree, hf_s7comm_cpu_alarm_message_eventid, tvb, offset, 4, ev_id);
offset += 4;
proto_item_append_text(msg_obj_item_tree, ": EventID=0x%08x", ev_id);
col_append_fstr(pinfo->cinfo, COL_INFO, " EventID=0x%08x", ev_id);
if (syntax_id == S7COMM_SYNTAXID_ALARM_INDSET || syntax_id == S7COMM_SYNTAXID_NOTIFY_INDSET) {
signalstate = tvb_get_guint8(tvb, offset);
proto_tree_add_bitmask(msg_obj_item_tree, tvb, offset, hf_s7comm_cpu_alarm_message_eventstate,
ett_s7comm_cpu_alarm_message_signal, s7comm_cpu_alarm_message_signal_fields, ENC_BIG_ENDIAN);
offset += 1;
/* show SIG with True values for a quick overview in info-column */
if (signalstate > 0) {
col_append_str(pinfo->cinfo, COL_INFO, " On=[");
for (sig_nr = 0; sig_nr < 8; sig_nr++) {
if (signalstate & 0x01) {
signalstate >>= 1;
if (signalstate == 0) {
col_append_fstr(pinfo->cinfo, COL_INFO, "SIG_%d", sig_nr + 1);
} else {
col_append_fstr(pinfo->cinfo, COL_INFO, "SIG_%d,", sig_nr + 1);
}
} else {
signalstate >>= 1;
}
}
col_append_str(pinfo->cinfo, COL_INFO, "]");
}
proto_tree_add_bitmask(msg_obj_item_tree, tvb, offset, hf_s7comm_cpu_alarm_message_state,
ett_s7comm_cpu_alarm_message_signal, s7comm_cpu_alarm_message_signal_fields, ENC_BIG_ENDIAN);
offset += 1;
}
if (syntax_id == S7COMM_SYNTAXID_ALARM_INDSET || syntax_id == S7COMM_SYNTAXID_ALARM_ACKSET || syntax_id == S7COMM_SYNTAXID_NOTIFY_INDSET) {
proto_tree_add_bitmask(msg_obj_item_tree, tvb, offset, hf_s7comm_cpu_alarm_message_ackstate_going,
ett_s7comm_cpu_alarm_message_signal, s7comm_cpu_alarm_message_signal_fields, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_bitmask(msg_obj_item_tree, tvb, offset, hf_s7comm_cpu_alarm_message_ackstate_coming,
ett_s7comm_cpu_alarm_message_signal, s7comm_cpu_alarm_message_signal_fields, ENC_BIG_ENDIAN);
offset += 1;
}
if (syntax_id == S7COMM_SYNTAXID_NOTIFY_INDSET) {
proto_tree_add_bitmask(msg_obj_item_tree, tvb, offset, hf_s7comm_cpu_alarm_message_event_going,
ett_s7comm_cpu_alarm_message_signal, s7comm_cpu_alarm_message_signal_fields, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_bitmask(msg_obj_item_tree, tvb, offset, hf_s7comm_cpu_alarm_message_event_coming,
ett_s7comm_cpu_alarm_message_signal, s7comm_cpu_alarm_message_signal_fields, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_bitmask(msg_obj_item_tree, tvb, offset, hf_s7comm_cpu_alarm_message_event_lastchanged,
ett_s7comm_cpu_alarm_message_signal, s7comm_cpu_alarm_message_signal_fields, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(msg_obj_item_tree, hf_s7comm_cpu_alarm_message_event_reserved, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
}
if (syntax_id == S7COMM_SYNTAXID_ALARM_INDSET || syntax_id == S7COMM_SYNTAXID_NOTIFY_INDSET) {
if (nr_of_additional_values > 0) {
asc_start_offset = offset;
msg_work_item = proto_tree_add_item(msg_obj_item_tree, hf_s7comm_cpu_alarm_message_associated_value, tvb, offset, 0, ENC_NA);
msg_work_item_tree = proto_item_add_subtree(msg_work_item, ett_s7comm_cpu_alarm_message_associated_value);
offset = s7comm_decode_response_read_data(tvb, msg_work_item_tree, nr_of_additional_values, offset);
proto_item_set_len(msg_work_item_tree, offset - asc_start_offset);
}
}
break;
case S7COMM_SYNTAXID_ALARM_QUERYREQSET:
proto_tree_add_item(msg_obj_item_tree, hf_s7comm_cpu_alarm_query_unknown1, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
querytype = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(msg_obj_item_tree, hf_s7comm_cpu_alarm_query_querytype, tvb, offset, 1, querytype);
offset += 1;
proto_tree_add_item(msg_obj_item_tree, hf_s7comm_cpu_alarm_query_unknown2, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
ev_id = tvb_get_ntohl(tvb, offset);
/* there is a querytype=8, which only occurs when a previous SZL request 0x131 index 0x10 has a missing flag in funk_1 */
switch (querytype) {
case S7COMM_ALARM_MESSAGE_QUERYTYPE_BYALARMTYPE:
proto_tree_add_item(msg_obj_item_tree, hf_s7comm_cpu_alarm_query_alarmtype, tvb, offset, 4, ENC_BIG_ENDIAN);
col_append_fstr(pinfo->cinfo, COL_INFO, " ByAlarmtype=%s",
val_to_str(ev_id, alarm_message_query_alarmtype_names, "Unknown Alarmtype: %u"));
break;
case S7COMM_ALARM_MESSAGE_QUERYTYPE_BYEVENTID:
proto_tree_add_item(msg_obj_item_tree, hf_s7comm_cpu_alarm_message_eventid, tvb, offset, 4, ENC_BIG_ENDIAN);
col_append_fstr(pinfo->cinfo, COL_INFO, " ByEventID=0x%08x", ev_id);
break;
default:
break;
}
offset += 4;
break;
default:
/* for current unknown syntax id, set offset to end of dataset. The varspec_length includes
* the byte for the syntax_id, so minus one.
*/
offset += (varspec_length - 1);
break;
}
} else if (type == S7COMM_UD_TYPE_RES) {
ret_val = tvb_get_guint8(tvb, offset);
proto_item_append_text(msg_obj_item_tree, ": (%s)", val_to_str(ret_val, s7comm_item_return_valuenames, "Unknown code: 0x%02x"));
proto_tree_add_uint(msg_obj_item_tree, hf_s7comm_data_returncode, tvb, offset, 1, ret_val);
offset += 1;
}
proto_item_set_len(msg_obj_item_tree, offset - msg_obj_start_offset);
}
proto_item_set_len(msg_item_tree, offset - start_offset);
return offset;
}
/*******************************************************************************************************
*
* PDU Type: User Data -> Function group 4 -> alarm query response
*
*******************************************************************************************************/
static guint32
s7comm_decode_ud_cpu_alarm_query_response(tvbuff_t *tvb,
packet_info *pinfo,
proto_tree *data_tree,
guint32 offset) /* Offset on data part +4 */
{
proto_item *msg_item = NULL;
proto_tree *msg_item_tree = NULL;
proto_item *msg_obj_item = NULL;
proto_tree *msg_obj_item_tree = NULL;
proto_item *msg_work_item = NULL;
proto_tree *msg_work_item_tree = NULL;
guint32 start_offset;
guint32 msg_obj_start_offset;
guint32 asc_start_offset;
guint32 ev_id;
guint8 returncode;
guint8 alarmtype;
guint16 complete_length;
gint32 remaining_length;
guint8 n_blocks;
guint8 func;
start_offset = offset;
msg_item = proto_tree_add_item(data_tree, hf_s7comm_cpu_alarm_message_item, tvb, offset, 0, ENC_NA);
msg_item_tree = proto_item_add_subtree(msg_item, ett_s7comm_cpu_alarm_message);
/* An alarm response may take more that one response telegram. If it's split into many telegrams,
* then the inner telegrams begins with the dataset parts without any header.
* The last telegrams of this sequence has the first two bytes zero.
*/
func = tvb_get_guint8(tvb, offset);
n_blocks = tvb_get_guint8(tvb, offset + 1);
if (func == 0) {
proto_tree_add_item(msg_item_tree, hf_s7comm_cpu_alarm_message_function, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(msg_item_tree, hf_s7comm_cpu_alarm_message_nr_objects, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
if (n_blocks == 0) {
col_append_str(pinfo->cinfo, COL_INFO, " [Last]");
proto_item_set_len(msg_item_tree, offset - start_offset);
return offset;
}
}
if (func > 0) {
col_append_str(pinfo->cinfo, COL_INFO, " [Continuation]");
complete_length = func;
remaining_length = (gint32)complete_length;
returncode = S7COMM_ITEM_RETVAL_DATA_OK;
} else {
returncode = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(msg_item_tree, hf_s7comm_data_returncode, tvb, offset, 1, returncode);
offset += 1;
proto_tree_add_item(msg_item_tree, hf_s7comm_data_transport_size, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
/* As with ALARM_S it's only possible to send one alarm description in a single response telegram,
* they are split into many telegrams. Therefore the complete length field is set to 0xffff.
* To reuse the following dissect-loop, the remaining length is set to zero.
*/
complete_length = tvb_get_ntohs(tvb, offset);
proto_tree_add_uint(msg_item_tree, hf_s7comm_cpu_alarm_query_completelen, tvb, offset, 2, complete_length);
remaining_length = (gint32)complete_length;
if (remaining_length == 0xffff) {
remaining_length = 0;
}
offset += 2;
}
if (returncode == S7COMM_ITEM_RETVAL_DATA_OK) {
do {
msg_obj_start_offset = offset;
msg_obj_item = proto_tree_add_item(msg_item_tree, hf_s7comm_cpu_alarm_message_obj_item, tvb, offset, 0, ENC_NA);
msg_obj_item_tree = proto_item_add_subtree(msg_obj_item, ett_s7comm_cpu_alarm_message_object);
proto_tree_add_item(msg_obj_item_tree, hf_s7comm_cpu_alarm_query_datasetlen, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(msg_obj_item_tree, hf_s7comm_cpu_alarm_query_resunknown1, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
/* begin of count dataset length */
alarmtype = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(msg_obj_item_tree, hf_s7comm_cpu_alarm_query_alarmtype, tvb, offset, 1, alarmtype);
proto_item_append_text(msg_obj_item_tree, " (Alarmtype=%s)", val_to_str(alarmtype, alarm_message_query_alarmtype_names, "Unknown Alarmtype: %u"));
offset += 1;
ev_id = tvb_get_ntohl(tvb, offset);
proto_tree_add_uint(msg_obj_item_tree, hf_s7comm_cpu_alarm_message_eventid, tvb, offset, 4, ev_id);
proto_item_append_text(msg_obj_item_tree, ": EventID=0x%08x", ev_id);
offset += 4;
proto_tree_add_item(msg_obj_item_tree, hf_s7comm_cpu_alarm_query_resunknown1, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_bitmask(msg_obj_item_tree, tvb, offset, hf_s7comm_cpu_alarm_message_eventstate,
ett_s7comm_cpu_alarm_message_signal, s7comm_cpu_alarm_message_signal_fields, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_bitmask(msg_obj_item_tree, tvb, offset, hf_s7comm_cpu_alarm_message_ackstate_going,
ett_s7comm_cpu_alarm_message_signal, s7comm_cpu_alarm_message_signal_fields, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_bitmask(msg_obj_item_tree, tvb, offset, hf_s7comm_cpu_alarm_message_ackstate_coming,
ett_s7comm_cpu_alarm_message_signal, s7comm_cpu_alarm_message_signal_fields, ENC_BIG_ENDIAN);
offset += 1;
if (alarmtype == S7COMM_ALARM_MESSAGE_QUERY_ALARMTYPE_ALARM_S) {
/* 8 bytes timestamp (coming)*/
msg_work_item = proto_tree_add_item(msg_obj_item_tree, hf_s7comm_cpu_alarm_message_timestamp_coming, tvb, offset, 8, ENC_NA);
msg_work_item_tree = proto_item_add_subtree(msg_work_item, ett_s7comm_cpu_alarm_message_timestamp);
offset = s7comm_add_timestamp_to_tree(tvb, msg_work_item_tree, offset, TRUE, FALSE);
/* Associated value of coming alarm */
asc_start_offset = offset;
msg_work_item = proto_tree_add_item(msg_obj_item_tree, hf_s7comm_cpu_alarm_message_associated_value, tvb, offset, 0, ENC_NA);
msg_work_item_tree = proto_item_add_subtree(msg_work_item, ett_s7comm_cpu_alarm_message_associated_value);
offset = s7comm_decode_response_read_data(tvb, msg_work_item_tree, 1, offset);
proto_item_set_len(msg_work_item_tree, offset - asc_start_offset);
/* 8 bytes timestamp (going)
* If all bytes in timestamp are zero, then the message is still active. */
msg_work_item = proto_tree_add_item(msg_obj_item_tree, hf_s7comm_cpu_alarm_message_timestamp_going, tvb, offset, 8, ENC_NA);
msg_work_item_tree = proto_item_add_subtree(msg_work_item, ett_s7comm_cpu_alarm_message_timestamp);
offset = s7comm_add_timestamp_to_tree(tvb, msg_work_item_tree, offset, TRUE, FALSE);
/* Associated value of going alarm */
asc_start_offset = offset;
msg_work_item = proto_tree_add_item(msg_obj_item_tree, hf_s7comm_cpu_alarm_message_associated_value, tvb, offset, 0, ENC_NA);
msg_work_item_tree = proto_item_add_subtree(msg_work_item, ett_s7comm_cpu_alarm_message_associated_value);
offset = s7comm_decode_response_read_data(tvb, msg_work_item_tree, 1, offset);
proto_item_set_len(msg_work_item_tree, offset - asc_start_offset);
}
remaining_length = remaining_length - (offset - msg_obj_start_offset);
proto_item_set_len(msg_obj_item_tree, offset - msg_obj_start_offset);
} while (remaining_length > 0);
}
proto_item_set_len(msg_item_tree, offset - start_offset);
return offset;
}
/*******************************************************************************************************
*
* PDU Type: User Data -> Function group 4 -> diagnostic message
* Also used as a dataset in the diagnostic buffer, read with SZL-ID 0x00a0 index 0.
*
*******************************************************************************************************/
guint32
s7comm_decode_ud_cpu_diagnostic_message(tvbuff_t *tvb,
packet_info *pinfo,
gboolean add_info_to_col,
proto_tree *data_tree,
guint32 offset)
{
proto_item *msg_item = NULL;
proto_tree *msg_item_tree = NULL;
guint16 eventid;
guint16 eventid_masked;
const gchar *event_text;
gboolean has_text = FALSE;
msg_item = proto_tree_add_item(data_tree, hf_s7comm_cpu_diag_msg_item, tvb, offset, 20, ENC_NA);
msg_item_tree = proto_item_add_subtree(msg_item, ett_s7comm_cpu_diag_msg);
eventid = tvb_get_ntohs(tvb, offset);
if ((eventid >= 0x8000) && (eventid <= 0x9fff)) {
eventid_masked = eventid & 0xf0ff;
if ((event_text = try_val_to_str_ext(eventid_masked, &cpu_diag_eventid_0x8_0x9_names_ext))) {
if (add_info_to_col) {
col_append_fstr(pinfo->cinfo, COL_INFO, " Event='%s'", event_text);
}
has_text = TRUE;
} else {
if (add_info_to_col) {
col_append_fstr(pinfo->cinfo, COL_INFO, " EventID=0x%04x", eventid);
}
}
} else if ((eventid >= 0x1000) && (eventid < 0x8000)) {
if ((event_text = try_val_to_str_ext(eventid, &cpu_diag_eventid_fix_names_ext))) {
if (add_info_to_col) {
col_append_fstr(pinfo->cinfo, COL_INFO, " Event='%s'", event_text);
}
has_text = TRUE;
} else {
if (add_info_to_col) {
col_append_fstr(pinfo->cinfo, COL_INFO, " EventID=0x%04x", eventid);
}
}
} else {
if (add_info_to_col) {
col_append_fstr(pinfo->cinfo, COL_INFO, " EventID=0x%04x", eventid);
}
}
proto_tree_add_bitmask(msg_item_tree, tvb, offset, hf_s7comm_cpu_diag_msg_eventid,
ett_s7comm_cpu_diag_msg_eventid, s7comm_cpu_diag_msg_eventid_fields, ENC_BIG_ENDIAN);
if (has_text) {
proto_item_append_text(msg_item_tree, ": Event='%s'", event_text);
} else {
proto_item_append_text(msg_item_tree, ": EventID=0x%04x", eventid);
}
offset += 2;
proto_tree_add_item(msg_item_tree, hf_s7comm_cpu_diag_msg_prioclass, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(msg_item_tree, hf_s7comm_cpu_diag_msg_obnumber, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(msg_item_tree, hf_s7comm_cpu_diag_msg_datid, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
proto_tree_add_item(msg_item_tree, hf_s7comm_cpu_diag_msg_info1, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
proto_tree_add_item(msg_item_tree, hf_s7comm_cpu_diag_msg_info2, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
offset = s7comm_add_timestamp_to_tree(tvb, msg_item_tree, offset, FALSE, FALSE);
return offset;
}
/*******************************************************************************************************
*
* PDU Type: User Data -> Function group 7 -> time functions
*
*******************************************************************************************************/
static guint32
s7comm_decode_ud_time_subfunc(tvbuff_t *tvb,
proto_tree *data_tree,
guint8 type, /* Type of data (request/response) */
guint8 subfunc, /* Subfunction */
guint8 ret_val, /* Return value in data part */
guint16 dlength, /* length of data part given in header */
guint32 offset) /* Offset on data part +4 */
{
gboolean know_data = FALSE;
switch (subfunc) {
case S7COMM_UD_SUBF_TIME_READ:
case S7COMM_UD_SUBF_TIME_READF:
if (type == S7COMM_UD_TYPE_RES) { /*** Response ***/
if (ret_val == S7COMM_ITEM_RETVAL_DATA_OK) {
proto_item_append_text(data_tree, ": ");
offset = s7comm_add_timestamp_to_tree(tvb, data_tree, offset, TRUE, TRUE);
}
know_data = TRUE;
}
break;
case S7COMM_UD_SUBF_TIME_SET:
case S7COMM_UD_SUBF_TIME_SET2:
if (type == S7COMM_UD_TYPE_REQ) { /*** Request ***/
if (ret_val == S7COMM_ITEM_RETVAL_DATA_OK) {
proto_item_append_text(data_tree, ": ");
offset = s7comm_add_timestamp_to_tree(tvb, data_tree, offset, TRUE, TRUE);
}
know_data = TRUE;
}
break;
default:
break;
}
if (know_data == FALSE && dlength > 4) {
proto_tree_add_item(data_tree, hf_s7comm_userdata_data, tvb, offset, dlength - 4, ENC_NA);
offset += dlength;
}
return offset;
}
/*******************************************************************************************************
*
* PDU Type: User Data -> Function group 3 -> block functions
*
*******************************************************************************************************/
static guint32
s7comm_decode_ud_block_subfunc(tvbuff_t *tvb,
packet_info *pinfo,
proto_tree *data_tree,
guint8 type, /* Type of data (request/response) */
guint8 subfunc, /* Subfunction */
guint8 ret_val, /* Return value in data part */
guint8 tsize, /* transport size in data part */
guint16 len, /* length given in data part */
guint16 dlength, /* length of data part given in header */
guint32 offset) /* Offset on data part +4 */
{
guint16 count;
guint16 i;
const guint8 *pBlocknumber;
guint16 blocknumber;
guint8 blocktype;
guint16 blocktype16;
gboolean know_data = FALSE;
proto_item *item = NULL;
proto_tree *item_tree = NULL;
proto_item *itemadd = NULL;
char str_timestamp[30];
char str_version[10];
switch (subfunc) {
/*************************************************
* List blocks
*/
case S7COMM_UD_SUBF_BLOCK_LIST:
if (type == S7COMM_UD_TYPE_REQ) { /*** Request ***/
/* Is this a possible combination? Never seen it... */
} else if (type == S7COMM_UD_TYPE_RES) { /*** Response ***/
count = len / 4;
for(i = 0; i < count; i++) {
/* Insert a new tree of 4 byte length for every item */
item = proto_tree_add_item(data_tree, hf_s7comm_data_item, tvb, offset, 4, ENC_NA);
item_tree = proto_item_add_subtree(item, ett_s7comm_data_item);
blocktype16 = tvb_get_ntohs(tvb, offset);
proto_item_append_text(item, " [%d]: (Block type %s)", i+1, val_to_str(blocktype16, blocktype_names, "Unknown Block type: 0x%04x"));
itemadd = proto_tree_add_item(item_tree, hf_s7comm_ud_blockinfo_block_type, tvb, offset, 2, ENC_ASCII|ENC_NA);
proto_item_append_text(itemadd, " (%s)", val_to_str(blocktype16, blocktype_names, "Unknown Block type: 0x%04x"));
offset += 2;
proto_tree_add_item(item_tree, hf_s7comm_ud_blockinfo_block_cnt, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
}
know_data = TRUE;
}
break;
/*************************************************
* List blocks of type
*/
case S7COMM_UD_SUBF_BLOCK_LISTTYPE:
if (type == S7COMM_UD_TYPE_REQ) { /*** Request ***/
if (tsize != S7COMM_DATA_TRANSPORT_SIZE_NULL) {
blocktype16 = tvb_get_ntohs(tvb, offset);
itemadd = proto_tree_add_item(data_tree, hf_s7comm_ud_blockinfo_block_type, tvb, offset, 2, ENC_ASCII|ENC_NA);
proto_item_append_text(itemadd, " (%s)", val_to_str(blocktype16, blocktype_names, "Unknown Block type: 0x%04x"));
col_append_fstr(pinfo->cinfo, COL_INFO, " Type:[%s]",
val_to_str(blocktype16, blocktype_names, "Unknown Block type: 0x%04x"));
proto_item_append_text(data_tree, ": (%s)",
val_to_str(blocktype16, blocktype_names, "Unknown Block type: 0x%04x"));
offset += 2;
}
know_data = TRUE;
}else if (type == S7COMM_UD_TYPE_RES) { /*** Response ***/
if (tsize != S7COMM_DATA_TRANSPORT_SIZE_NULL) {
count = len / 4;
for(i = 0; i < count; i++) {
/* Insert a new tree of 4 byte length for every item */
item = proto_tree_add_item(data_tree, hf_s7comm_data_item, tvb, offset, 4, ENC_NA);
item_tree = proto_item_add_subtree(item, ett_s7comm_data_item);
proto_item_append_text(item, " [%d]: (Block number %d)", i+1, tvb_get_ntohs(tvb, offset));
proto_tree_add_item(item_tree, hf_s7comm_ud_blockinfo_block_num, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
/* The first Byte is unknown, kind of flags? */
proto_tree_add_item(item_tree, hf_s7comm_ud_blockinfo_block_flags, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(item_tree, hf_s7comm_ud_blockinfo_block_lang, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
}
}
know_data = TRUE;
}
break;
/*************************************************
* Get block infos
*/
case S7COMM_UD_SUBF_BLOCK_BLOCKINFO:
if (type == S7COMM_UD_TYPE_REQ) { /*** Request ***/
if (tsize != S7COMM_DATA_TRANSPORT_SIZE_NULL) {
gint32 num = -1;
gboolean num_valid;
/* 8 Bytes of Data follow, 1./ 2. type, 3-7 blocknumber as ascii number */
blocktype16 = tvb_get_ntohs(tvb, offset);
itemadd = proto_tree_add_item(data_tree, hf_s7comm_ud_blockinfo_block_type, tvb, offset, 2, ENC_ASCII|ENC_NA);
proto_item_append_text(itemadd, " (%s)", val_to_str(blocktype16, blocktype_names, "Unknown Block type: 0x%04x"));
offset += 2;
proto_tree_add_item_ret_string(data_tree, hf_s7comm_ud_blockinfo_block_num_ascii, tvb, offset, 5, ENC_ASCII|ENC_NA, wmem_packet_scope(), &pBlocknumber);
num_valid = ws_strtoi32(pBlocknumber, NULL, &num);
proto_item_append_text(data_tree, " [%s ",
val_to_str(blocktype16, blocktype_names, "Unknown Block type: 0x%04x"));
col_append_fstr(pinfo->cinfo, COL_INFO, " -> Block:[%s ",
val_to_str(blocktype16, blocktype_names, "Unknown Block type: 0x%04x"));
if (num_valid) {
proto_item_append_text(data_tree, "%d]", num);
col_append_fstr(pinfo->cinfo, COL_INFO, "%d]", num);
} else {
expert_add_info(pinfo, data_tree, &ei_s7comm_ud_blockinfo_block_num_ascii_invalid);
proto_item_append_text(data_tree, "NaN]");
col_append_str(pinfo->cinfo, COL_INFO, "NaN]");
}
offset += 5;
itemadd = proto_tree_add_item(data_tree, hf_s7comm_ud_blockinfo_filesys, tvb, offset, 1, ENC_ASCII|ENC_NA);
proto_item_append_text(itemadd, " (%s)", val_to_str(tvb_get_guint8(tvb, offset), blocktype_attribute2_names, "Unknown filesys: %c"));
offset += 1;
}
know_data = TRUE;
}else if (type == S7COMM_UD_TYPE_RES) { /*** Response ***/
/* 78 Bytes */
if (ret_val == S7COMM_ITEM_RETVAL_DATA_OK) {
itemadd = proto_tree_add_item(data_tree, hf_s7comm_ud_blockinfo_block_type, tvb, offset, 2, ENC_ASCII|ENC_NA);
proto_item_append_text(itemadd, " (%s)", val_to_str(tvb_get_ntohs(tvb, offset), blocktype_names, "Unknown Block type: 0x%04x"));
offset += 2;
proto_tree_add_item(data_tree, hf_s7comm_ud_blockinfo_res_infolength, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
proto_tree_add_item(data_tree, hf_s7comm_ud_blockinfo_res_unknown2, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
proto_tree_add_item(data_tree, hf_s7comm_ud_blockinfo_res_const3, tvb, offset, 2, ENC_ASCII|ENC_NA);
offset += 2;
proto_tree_add_item(data_tree, hf_s7comm_ud_blockinfo_res_unknown, tvb, offset, 1, ENC_NA);
offset += 1;
proto_tree_add_bitmask(data_tree, tvb, offset, hf_s7comm_userdata_blockinfo_flags,
ett_s7comm_userdata_blockinfo_flags, s7comm_userdata_blockinfo_flags_fields, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(data_tree, hf_s7comm_ud_blockinfo_block_lang, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
blocktype = tvb_get_guint8(tvb, offset);
proto_tree_add_item(data_tree, hf_s7comm_ud_blockinfo_subblk_type, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
blocknumber = tvb_get_ntohs(tvb, offset);
proto_tree_add_uint(data_tree, hf_s7comm_ud_blockinfo_block_num, tvb, offset, 2, blocknumber);
/* Add block type and number to info column */
col_append_fstr(pinfo->cinfo, COL_INFO, " -> Block:[%s %d]",
val_to_str(blocktype, subblktype_names, "Unknown Subblk type: 0x%02x"),
blocknumber);
proto_item_append_text(data_tree, ": (Block:[%s %d])",
val_to_str(blocktype, subblktype_names, "Unknown Subblk type: 0x%02x"),
blocknumber);
offset += 2;
/* "Length Load mem" -> the length in Step7 Manager seems to be this length +6 bytes */
proto_tree_add_item(data_tree, hf_s7comm_ud_blockinfo_load_mem_len, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(data_tree, hf_s7comm_ud_blockinfo_blocksecurity, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
s7comm_get_timestring_from_s7time(tvb, offset, str_timestamp, sizeof(str_timestamp));
proto_tree_add_string(data_tree, hf_s7comm_ud_blockinfo_code_timestamp, tvb, offset, 6, str_timestamp);
offset += 6;
s7comm_get_timestring_from_s7time(tvb, offset, str_timestamp, sizeof(str_timestamp));
proto_tree_add_string(data_tree, hf_s7comm_ud_blockinfo_interface_timestamp, tvb, offset, 6, str_timestamp);
offset += 6;
proto_tree_add_item(data_tree, hf_s7comm_ud_blockinfo_ssb_len, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
proto_tree_add_item(data_tree, hf_s7comm_ud_blockinfo_add_len, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
proto_tree_add_item(data_tree, hf_s7comm_ud_blockinfo_localdata_len, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
proto_tree_add_item(data_tree, hf_s7comm_ud_blockinfo_mc7_len, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
proto_tree_add_item(data_tree, hf_s7comm_ud_blockinfo_author, tvb, offset, 8, ENC_ASCII|ENC_NA);
offset += 8;
proto_tree_add_item(data_tree, hf_s7comm_ud_blockinfo_family, tvb, offset, 8, ENC_ASCII|ENC_NA);
offset += 8;
proto_tree_add_item(data_tree, hf_s7comm_ud_blockinfo_headername, tvb, offset, 8, ENC_ASCII|ENC_NA);
offset += 8;
g_snprintf(str_version, sizeof(str_version), "%d.%d", ((tvb_get_guint8(tvb, offset) & 0xf0) >> 4), tvb_get_guint8(tvb, offset) & 0x0f);
proto_tree_add_string(data_tree, hf_s7comm_ud_blockinfo_headerversion, tvb, offset, 1, str_version);
offset += 1;
proto_tree_add_item(data_tree, hf_s7comm_ud_blockinfo_res_unknown, tvb, offset, 1, ENC_NA);
offset += 1;
proto_tree_add_checksum(data_tree, tvb, offset, hf_s7comm_ud_blockinfo_checksum, -1, NULL, pinfo, 0, ENC_BIG_ENDIAN, PROTO_CHECKSUM_NO_FLAGS);
offset += 2;
proto_tree_add_item(data_tree, hf_s7comm_ud_blockinfo_reserved1, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
proto_tree_add_item(data_tree, hf_s7comm_ud_blockinfo_reserved2, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
}
know_data = TRUE;
}
break;
default:
break;
}
if (know_data == FALSE && dlength > 4) {
proto_tree_add_item(data_tree, hf_s7comm_userdata_data, tvb, offset, dlength - 4, ENC_NA);
offset += dlength;
}
return offset;
}
/*******************************************************************************************************
*
* PDU Type: User Data -> Function group 2 -> cyclic data
*
*******************************************************************************************************/
static guint32
s7comm_decode_ud_cyclic_subfunc(tvbuff_t *tvb,
proto_tree *data_tree,
guint8 type, /* Type of data (request/response) */
guint8 subfunc, /* Subfunction */
guint16 dlength, /* length of data part given in header */
guint32 offset) /* Offset on data part +4 */
{
gboolean know_data = FALSE;
guint32 offset_old;
guint32 len_item;
guint8 item_count;
guint8 i;
switch (subfunc)
{
case S7COMM_UD_SUBF_CYCLIC_MEM:
case S7COMM_UD_SUBF_CYCLIC_MEM2:
item_count = tvb_get_guint8(tvb, offset + 1); /* first byte reserved??? */
proto_tree_add_uint(data_tree, hf_s7comm_param_itemcount, tvb, offset, 2, item_count);
offset += 2;
if (type == S7COMM_UD_TYPE_REQ) { /* Request to PLC to send cyclic data */
proto_tree_add_item(data_tree, hf_s7comm_cycl_interval_timebase, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(data_tree, hf_s7comm_cycl_interval_time, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
/* parse item data */
for (i = 0; i < item_count; i++) {
offset_old = offset;
offset = s7comm_decode_param_item(tvb, offset, data_tree, i);
/* if length is not a multiple of 2 and this is not the last item, then add a fill-byte */
len_item = offset - offset_old;
if ((len_item % 2) && (i < (item_count-1))) {
offset += 1;
}
}
} else if (type == S7COMM_UD_TYPE_RES || type == S7COMM_UD_TYPE_PUSH) { /* Response from PLC with the requested data */
/* parse item data */
offset = s7comm_decode_response_read_data(tvb, data_tree, item_count, offset);
}
know_data = TRUE;
break;
}
if (know_data == FALSE && dlength > 4) {
proto_tree_add_item(data_tree, hf_s7comm_userdata_data, tvb, offset, dlength - 4, ENC_NA);
offset += dlength;
}
return offset;
}
/*******************************************************************************************************
*
* PDU Type: User Data -> Function group 1 -> Programmer commands
*
*******************************************************************************************************/
static guint32
s7comm_decode_ud_prog_subfunc(tvbuff_t *tvb,
proto_tree *data_tree,
guint8 type, /* Type of data (request/response) */
guint8 subfunc, /* Subfunction */
guint16 dlength, /* length of data part given in header */
guint32 offset) /* Offset on data part +4 */
{
gboolean know_data = FALSE;
guint8 data_type;
guint16 byte_count;
guint16 item_count;
guint16 i;
switch(subfunc)
{
case S7COMM_UD_SUBF_PROG_REQDIAGDATA1:
case S7COMM_UD_SUBF_PROG_REQDIAGDATA2:
/* start variable table or block online view */
/* TODO: Can only handle requests/response, not the "following" telegrams because it's necessary to correlate them
with the previous request */
if (type != S7COMM_UD_TYPE_PUSH) {
offset = s7comm_decode_ud_prog_reqdiagdata(tvb, data_tree, subfunc, offset);
know_data = TRUE;
}
break;
case S7COMM_UD_SUBF_PROG_VARTAB1:
/* online status in variable table */
offset += 1; /* 1 Byte const 0, skip */
data_type = tvb_get_guint8(tvb, offset); /* 1 Byte type: 0x14 = Request, 0x04 = Response */
proto_tree_add_uint(data_tree, hf_s7comm_vartab_data_type, tvb, offset, 1, data_type);
offset += 1;
byte_count = tvb_get_ntohs(tvb, offset); /* 2 Bytes: Number of bytes of item-data including item-count */
proto_tree_add_uint(data_tree, hf_s7comm_vartab_byte_count, tvb, offset, 2, byte_count);
offset += 2;
switch (data_type)
{
case S7COMM_UD_SUBF_PROG_VARTAB_TYPE_REQ:
/*** Request of data areas ***/
/* 20 Bytes unknown part */
proto_tree_add_item(data_tree, hf_s7comm_vartab_unknown, tvb, offset, 20, ENC_NA);
offset += 20;
item_count = tvb_get_ntohs(tvb, offset); /* 2 Bytes header: number of items following */
proto_tree_add_uint(data_tree, hf_s7comm_vartab_item_count, tvb, offset, 2, item_count);
offset += 2;
/* parse item data */
for (i = 0; i < item_count; i++) {
offset = s7comm_decode_ud_prog_vartab_req_item(tvb, offset, data_tree, i);
}
know_data = TRUE;
break;
case S7COMM_UD_SUBF_PROG_VARTAB_TYPE_RES:
/*** Response of PLC to requested data-areas ***/
/* 4 Bytes unknown part */
proto_tree_add_item(data_tree, hf_s7comm_vartab_unknown, tvb, offset, 4, ENC_NA);
offset += 4;
item_count = tvb_get_ntohs(tvb, offset); /* 2 Bytes: number of items following */
proto_tree_add_uint(data_tree, hf_s7comm_vartab_item_count, tvb, offset, 2, item_count);
offset += 2;
/* parse item data */
for (i = 0; i < item_count; i++) {
offset = s7comm_decode_ud_prog_vartab_res_item(tvb, offset, data_tree, i);
}
know_data = TRUE;
break;
}
}
if (know_data == FALSE && dlength > 4) {
proto_tree_add_item(data_tree, hf_s7comm_userdata_data, tvb, offset, dlength - 4, ENC_NA);
offset += dlength;
}
return offset;
}
/*******************************************************************************************************
*******************************************************************************************************
*
* PDU Type: User Data
*
*******************************************************************************************************
*******************************************************************************************************/
static guint32
s7comm_decode_ud(tvbuff_t *tvb,
packet_info *pinfo,
proto_tree *tree,
guint16 plength,
guint16 dlength,
guint32 offset)
{
proto_item *item = NULL;
proto_tree *param_tree = NULL;
proto_tree *data_tree = NULL;
guint8 ret_val;
guint8 tsize;
guint16 len;
guint32 errorcode;
guint32 offset_temp;
guint32 reqres2;
guint8 type;
guint8 funcgroup;
guint8 subfunc;
guint8 data_unit_ref = 0;
guint8 last_data_unit = 0;
/* Add parameter tree */
item = proto_tree_add_item(tree, hf_s7comm_param, tvb, offset, plength, ENC_NA);
param_tree = proto_item_add_subtree(item, ett_s7comm_param);
/* Try do decode some functions...
* Some functions may use data that doesn't fit one telegram
*/
offset_temp = offset; /* Save offset */
/* 3 bytes constant head */
proto_tree_add_item(param_tree, hf_s7comm_userdata_param_head, tvb, offset_temp, 3, ENC_BIG_ENDIAN);
offset_temp += 3;
/* 1 byte length of following parameter (8 or 12 bytes) */
proto_tree_add_item(param_tree, hf_s7comm_userdata_param_len, tvb, offset_temp, 1, ENC_BIG_ENDIAN);
offset_temp += 1;
/* 1 byte indicating request/response again, but useful in Push telegrams*/
proto_tree_add_item_ret_uint(param_tree, hf_s7comm_userdata_param_reqres2, tvb, offset, 1, ENC_BIG_ENDIAN, &reqres2);
offset_temp += 1;
/* High nibble (following/request/response) */
type = (tvb_get_guint8(tvb, offset_temp) & 0xf0) >> 4;
funcgroup = (tvb_get_guint8(tvb, offset_temp) & 0x0f);
proto_tree_add_item(param_tree, hf_s7comm_userdata_param_type, tvb, offset_temp, 1, ENC_BIG_ENDIAN);
if (type == S7COMM_UD_TYPE_PUSH || type == S7COMM_UD_TYPE_NCPUSH) {
col_append_fstr(pinfo->cinfo, COL_INFO, " Function:[%s-%s] -> [%s]",
val_to_str(type, userdata_type_names, "Unknown type: 0x%02x"),
val_to_str(reqres2, userdata_reqres2_names, "Unknown method: 0x%02x"),
val_to_str(funcgroup, userdata_functiongroup_names, "Unknown function: 0x%02x")
);
} else {
col_append_fstr(pinfo->cinfo, COL_INFO, " Function:[%s] -> [%s]",
val_to_str(type, userdata_type_names, "Unknown type: 0x%02x"),
val_to_str(funcgroup, userdata_functiongroup_names, "Unknown function: 0x%02x")
);
}
proto_item_append_text(param_tree, ": (%s)", val_to_str(type, userdata_type_names, "Unknown type: 0x%02x"));
proto_item_append_text(param_tree, " ->(%s)", val_to_str(funcgroup, userdata_functiongroup_names, "Unknown function: 0x%02x"));
/* Low nibble function group */
proto_tree_add_item(param_tree, hf_s7comm_userdata_param_funcgroup, tvb, offset_temp, 1, ENC_BIG_ENDIAN);
offset_temp += 1;
/* 1 Byte subfunction */
subfunc = tvb_get_guint8(tvb, offset_temp);
switch (funcgroup){
case S7COMM_UD_FUNCGROUP_PROG:
proto_tree_add_uint(param_tree, hf_s7comm_userdata_param_subfunc_prog, tvb, offset_temp, 1, subfunc);
col_append_fstr(pinfo->cinfo, COL_INFO, " -> [%s]",
val_to_str(subfunc, userdata_prog_subfunc_names, "Unknown subfunc: 0x%02x"));
proto_item_append_text(param_tree, " ->(%s)", val_to_str(subfunc, userdata_prog_subfunc_names, "Unknown subfunc: 0x%02x"));
break;
case S7COMM_UD_FUNCGROUP_CYCLIC:
proto_tree_add_uint(param_tree, hf_s7comm_userdata_param_subfunc_cyclic, tvb, offset_temp, 1, subfunc);
col_append_fstr(pinfo->cinfo, COL_INFO, " -> [%s]",
val_to_str(subfunc, userdata_cyclic_subfunc_names, "Unknown subfunc: 0x%02x"));
proto_item_append_text(param_tree, " ->(%s)", val_to_str(subfunc, userdata_cyclic_subfunc_names, "Unknown subfunc: 0x%02x"));
break;
case S7COMM_UD_FUNCGROUP_BLOCK:
proto_tree_add_uint(param_tree, hf_s7comm_userdata_param_subfunc_block, tvb, offset_temp, 1, subfunc);
col_append_fstr(pinfo->cinfo, COL_INFO, " -> [%s]",
val_to_str(subfunc, userdata_block_subfunc_names, "Unknown subfunc: 0x%02x"));
proto_item_append_text(param_tree, " ->(%s)", val_to_str(subfunc, userdata_block_subfunc_names, "Unknown subfunc: 0x%02x"));
break;
case S7COMM_UD_FUNCGROUP_CPU:
proto_tree_add_uint(param_tree, hf_s7comm_userdata_param_subfunc_cpu, tvb, offset_temp, 1, subfunc);
col_append_fstr(pinfo->cinfo, COL_INFO, " -> [%s]",
val_to_str(subfunc, userdata_cpu_subfunc_names, "Unknown subfunc: 0x%02x"));
proto_item_append_text(param_tree, " ->(%s)", val_to_str(subfunc, userdata_cpu_subfunc_names, "Unknown subfunc: 0x%02x"));
break;
case S7COMM_UD_FUNCGROUP_SEC:
proto_tree_add_uint(param_tree, hf_s7comm_userdata_param_subfunc_sec, tvb, offset_temp, 1, subfunc);
col_append_fstr(pinfo->cinfo, COL_INFO, " -> [%s]",
val_to_str(subfunc, userdata_sec_subfunc_names, "Unknown subfunc: 0x%02x"));
proto_item_append_text(param_tree, " ->(%s)", val_to_str(subfunc, userdata_sec_subfunc_names, "Unknown subfunc: 0x%02x"));
break;
case S7COMM_UD_FUNCGROUP_TIME:
proto_tree_add_uint(param_tree, hf_s7comm_userdata_param_subfunc_time, tvb, offset_temp, 1, subfunc);
col_append_fstr(pinfo->cinfo, COL_INFO, " -> [%s]",
val_to_str(subfunc, userdata_time_subfunc_names, "Unknown subfunc: 0x%02x"));
proto_item_append_text(param_tree, " ->(%s)", val_to_str(subfunc, userdata_time_subfunc_names, "Unknown subfunc: 0x%02x"));
break;
case S7COMM_UD_FUNCGROUP_MODETRANS:
proto_tree_add_uint(param_tree, hf_s7comm_modetrans_param_subfunc, tvb, offset_temp, 1, subfunc);
col_append_fstr(pinfo->cinfo, COL_INFO, " -> [%s]",
val_to_str(subfunc, modetrans_param_subfunc_names, "Unknown subfunc: 0x%02x"));
proto_item_append_text(param_tree, " ->(%s)", val_to_str(subfunc, modetrans_param_subfunc_names, "Unknown subfunc: 0x%02x"));
break;
case S7COMM_UD_FUNCGROUP_NCPRG:
proto_tree_add_uint(param_tree, hf_s7comm_userdata_param_subfunc_ncprg, tvb, offset_temp, 1, subfunc);
col_append_fstr(pinfo->cinfo, COL_INFO, " -> [%s]",
val_to_str(subfunc, userdata_ncprg_subfunc_names, "Unknown subfunc: 0x%02x"));
proto_item_append_text(param_tree, " ->(%s)", val_to_str(subfunc, userdata_ncprg_subfunc_names, "Unknown subfunc: 0x%02x"));
break;
default:
proto_tree_add_uint(param_tree, hf_s7comm_userdata_param_subfunc, tvb, offset_temp, 1, subfunc);
break;
}
offset_temp += 1;
/* 1 Byte sequence number */
proto_tree_add_item(param_tree, hf_s7comm_userdata_param_seq_num, tvb, offset_temp, 1, ENC_BIG_ENDIAN);
offset_temp += 1;
if (plength >= 12) {
/* 1 Byte data unit reference. If packet is fragmented, all packets with this number belong together */
data_unit_ref = tvb_get_guint8(tvb, offset_temp);
proto_tree_add_item(param_tree, hf_s7comm_userdata_param_dataunitref, tvb, offset_temp, 1, ENC_BIG_ENDIAN);
offset_temp += 1;
/* 1 Byte fragmented flag, if this is not the last data unit (telegram is fragmented) this is != 0 */
last_data_unit = tvb_get_guint8(tvb, offset_temp);
proto_tree_add_item(param_tree, hf_s7comm_userdata_param_dataunit, tvb, offset_temp, 1, ENC_BIG_ENDIAN);
offset_temp += 1;
proto_tree_add_item_ret_uint(param_tree, hf_s7comm_param_errcod, tvb, offset_temp, 2, ENC_BIG_ENDIAN, &errorcode);
if (errorcode > 0) {
col_append_fstr(pinfo->cinfo, COL_INFO, " -> Errorcode:[0x%04x]", errorcode);
}
}
/**********************************
* Add data tree
*/
offset += plength; /* set offset to the beginning of the data part */
/* The first 4 bytes of the data part of a userdata telegram are the same for all types.
* This is also the minumum length of the data part.
*/
if (dlength >= 4) {
item = proto_tree_add_item(tree, hf_s7comm_data, tvb, offset, dlength, ENC_NA);
data_tree = proto_item_add_subtree(item, ett_s7comm_data);
ret_val = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(data_tree, hf_s7comm_data_returncode, tvb, offset, 1, ret_val);
offset += 1;
/* Not definitely known part, kind of "transport size"? constant 0x09, 1 byte
* The position is the same as in a data response/write telegram,
*/
tsize = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(data_tree, hf_s7comm_data_transport_size, tvb, offset, 1, tsize);
offset += 1;
len = tvb_get_ntohs(tvb, offset);
proto_tree_add_uint(data_tree, hf_s7comm_data_length, tvb, offset, 2, len);
offset += 2;
/* Call function to decode the rest of the data part
* decode only when there is a data part length greater 4 bytes
*/
if (dlength > 4) {
switch (funcgroup) {
case S7COMM_UD_FUNCGROUP_PROG:
offset = s7comm_decode_ud_prog_subfunc(tvb, data_tree, type, subfunc, dlength, offset);
break;
case S7COMM_UD_FUNCGROUP_CYCLIC:
offset = s7comm_decode_ud_cyclic_subfunc(tvb, data_tree, type, subfunc, dlength, offset);
break;
case S7COMM_UD_FUNCGROUP_BLOCK:
offset = s7comm_decode_ud_block_subfunc(tvb, pinfo, data_tree, type, subfunc, ret_val, tsize, len, dlength, offset);
break;
case S7COMM_UD_FUNCGROUP_CPU:
switch (subfunc) {
case S7COMM_UD_SUBF_CPU_READSZL:
offset = s7comm_decode_ud_cpu_szl_subfunc(tvb, pinfo, data_tree, type, ret_val, len, dlength, data_unit_ref, last_data_unit, offset);
break;
case S7COMM_UD_SUBF_CPU_NOTIFY_IND:
case S7COMM_UD_SUBF_CPU_NOTIFY8_IND:
case S7COMM_UD_SUBF_CPU_ALARMSQ_IND:
case S7COMM_UD_SUBF_CPU_ALARMS_IND:
case S7COMM_UD_SUBF_CPU_SCAN_IND:
case S7COMM_UD_SUBF_CPU_ALARMACK:
case S7COMM_UD_SUBF_CPU_ALARMACK_IND:
case S7COMM_UD_SUBF_CPU_ALARM8_IND:
case S7COMM_UD_SUBF_CPU_ALARM8LOCK:
case S7COMM_UD_SUBF_CPU_ALARM8LOCK_IND:
case S7COMM_UD_SUBF_CPU_ALARM8UNLOCK:
case S7COMM_UD_SUBF_CPU_ALARM8UNLOCK_IND:
offset = s7comm_decode_ud_cpu_alarm_main(tvb, pinfo, data_tree, type, subfunc, offset);
break;
case S7COMM_UD_SUBF_CPU_ALARMQUERY:
if (type == S7COMM_UD_TYPE_RES) {
offset = s7comm_decode_ud_cpu_alarm_query_response(tvb, pinfo, data_tree, offset);
} else {
offset = s7comm_decode_ud_cpu_alarm_main(tvb, pinfo, data_tree, type, subfunc, offset);
}
break;
case S7COMM_UD_SUBF_CPU_DIAGMSG:
offset = s7comm_decode_ud_cpu_diagnostic_message(tvb, pinfo, TRUE, data_tree, offset);
break;
case S7COMM_UD_SUBF_CPU_MSGS:
offset = s7comm_decode_message_service(tvb, pinfo, data_tree, type, dlength - 4, offset);
break;
default:
/* print other currently unknown data as raw bytes */
proto_tree_add_item(data_tree, hf_s7comm_userdata_data, tvb, offset, dlength - 4, ENC_NA);
break;
}
break;
case S7COMM_UD_FUNCGROUP_SEC:
offset = s7comm_decode_ud_security_subfunc(tvb, data_tree, dlength, offset);
break;
case S7COMM_UD_FUNCGROUP_PBC:
offset = s7comm_decode_ud_pbc_subfunc(tvb, data_tree, dlength, offset);
break;
case S7COMM_UD_FUNCGROUP_TIME:
offset = s7comm_decode_ud_time_subfunc(tvb, data_tree, type, subfunc, ret_val, dlength, offset);
break;
case S7COMM_UD_FUNCGROUP_NCPRG:
offset = s7comm_decode_ud_ncprg_subfunc(tvb, pinfo, data_tree, type, subfunc, dlength, offset);
break;
default:
break;
}
}
}
return offset;
}
/*******************************************************************************************************
*
* PDU Type: Request or Response
*
*******************************************************************************************************/
static guint32
s7comm_decode_req_resp(tvbuff_t *tvb,
packet_info *pinfo,
proto_tree *tree,
guint16 plength,
guint16 dlength,
guint32 offset,
guint8 rosctr)
{
proto_item *item = NULL;
proto_tree *param_tree = NULL;
proto_tree *data_tree = NULL;
guint8 function = 0;
guint8 item_count = 0;
guint8 i;
guint32 offset_old;
guint32 len;
if (plength > 0) {
/* Add parameter tree */
item = proto_tree_add_item(tree, hf_s7comm_param, tvb, offset, plength, ENC_NA);
param_tree = proto_item_add_subtree(item, ett_s7comm_param);
/* Analyze function */
function = tvb_get_guint8(tvb, offset);
/* add param.function to info column */
col_append_fstr(pinfo->cinfo, COL_INFO, " Function:[%s]", val_to_str(function, param_functionnames, "Unknown function: 0x%02x"));
proto_tree_add_uint(param_tree, hf_s7comm_param_service, tvb, offset, 1, function);
/* show param.function code at the tree */
proto_item_append_text(param_tree, ": (%s)", val_to_str(function, param_functionnames, "Unknown function: 0x%02x"));
offset += 1;
if (rosctr == S7COMM_ROSCTR_JOB) {
switch (function){
case S7COMM_SERV_READVAR:
case S7COMM_SERV_WRITEVAR:
item_count = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(param_tree, hf_s7comm_param_itemcount, tvb, offset, 1, item_count);
offset += 1;
/* parse item data */
for (i = 0; i < item_count; i++) {
offset_old = offset;
offset = s7comm_decode_param_item(tvb, offset, param_tree, i);
/* if length is not a multiple of 2 and this is not the last item, then add a fill-byte */
len = offset - offset_old;
if ((len % 2) && (i < (item_count-1))) {
offset += 1;
}
}
/* in write-function there is a data part */
if ((function == S7COMM_SERV_WRITEVAR) && (dlength > 0)) {
item = proto_tree_add_item(tree, hf_s7comm_data, tvb, offset, dlength, ENC_NA);
data_tree = proto_item_add_subtree(item, ett_s7comm_data);
/* Add returned data to data-tree */
offset = s7comm_decode_response_read_data(tvb, data_tree, item_count, offset);
}
break;
case S7COMM_SERV_SETUPCOMM:
offset = s7comm_decode_pdu_setup_communication(tvb, param_tree, offset);
break;
/* Special functions */
case S7COMM_FUNCREQUESTDOWNLOAD:
case S7COMM_FUNCDOWNLOADBLOCK:
case S7COMM_FUNCDOWNLOADENDED:
case S7COMM_FUNCSTARTUPLOAD:
case S7COMM_FUNCUPLOAD:
case S7COMM_FUNCENDUPLOAD:
offset = s7comm_decode_plc_controls_updownload(tvb, pinfo, tree, param_tree, plength, dlength, offset -1, rosctr);
break;
case S7COMM_FUNCPISERVICE:
offset = s7comm_decode_pi_service(tvb, pinfo, param_tree, plength, offset -1);
break;
case S7COMM_FUNC_PLC_STOP:
offset = s7comm_decode_plc_controls_param_hex29(tvb, param_tree, offset -1);
break;
default:
/* Print unknown part as raw bytes */
if (plength > 1) {
proto_tree_add_item(param_tree, hf_s7comm_param_data, tvb, offset, plength - 1, ENC_NA);
}
offset += plength - 1; /* 1 byte function code */
if (dlength > 0) {
/* Add data tree
* First 2 bytes in data seem to be a length indicator of (dlength -4 ), so next 2 bytes
* seem to indicate something else. But I'm not sure, so leave it as it is.....
*/
item = proto_tree_add_item(tree, hf_s7comm_data, tvb, offset, dlength, ENC_NA);
data_tree = proto_item_add_subtree(item, ett_s7comm_data);
proto_tree_add_item(data_tree, hf_s7comm_readresponse_data, tvb, offset, dlength, ENC_NA);
offset += dlength;
}
break;
}
} else if (rosctr == S7COMM_ROSCTR_ACK_DATA) {
switch (function){
case S7COMM_SERV_READVAR:
case S7COMM_SERV_WRITEVAR:
/* This is a read-response, so the requested data may follow when address in request was ok */
item_count = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(param_tree, hf_s7comm_param_itemcount, tvb, offset, 1, item_count);
offset += 1;
/* Add data tree */
item = proto_tree_add_item(tree, hf_s7comm_data, tvb, offset, dlength, ENC_NA);
data_tree = proto_item_add_subtree(item, ett_s7comm_data);
/* Add returned data to data-tree */
if ((function == S7COMM_SERV_READVAR) && (dlength > 0)) {
offset = s7comm_decode_response_read_data(tvb, data_tree, item_count, offset);
} else if ((function == S7COMM_SERV_WRITEVAR) && (dlength > 0)) {
offset = s7comm_decode_response_write_data(tvb, data_tree, item_count, offset);
}
break;
case S7COMM_SERV_SETUPCOMM:
offset = s7comm_decode_pdu_setup_communication(tvb, param_tree, offset);
break;
case S7COMM_FUNCREQUESTDOWNLOAD:
case S7COMM_FUNCDOWNLOADBLOCK:
case S7COMM_FUNCDOWNLOADENDED:
case S7COMM_FUNCSTARTUPLOAD:
case S7COMM_FUNCUPLOAD:
case S7COMM_FUNCENDUPLOAD:
offset = s7comm_decode_plc_controls_updownload(tvb, pinfo, tree, param_tree, plength, dlength, offset -1, rosctr);
break;
case S7COMM_FUNCPISERVICE:
if (plength >= 2) {
proto_tree_add_bitmask(param_tree, tvb, offset, hf_s7comm_data_blockcontrol_functionstatus,
ett_s7comm_data_blockcontrol_status, s7comm_data_blockcontrol_status_fields, ENC_BIG_ENDIAN);
offset += 1;
}
break;
default:
/* Print unknown part as raw bytes */
if (plength > 1) {
proto_tree_add_item(param_tree, hf_s7comm_param_data, tvb, offset, plength - 1, ENC_NA);
}
offset += plength - 1; /* 1 byte function code */
if (dlength > 0) {
/* Add data tree
* First 2 bytes in data seem to be a length indicator of (dlength -4 ), so next 2 bytes
* seem to indicate something else. But I'm not sure, so leave it as it is.....
*/
item = proto_tree_add_item(tree, hf_s7comm_data, tvb, offset, dlength, ENC_NA);
data_tree = proto_item_add_subtree(item, ett_s7comm_data);
proto_tree_add_item(data_tree, hf_s7comm_readresponse_data, tvb, offset, dlength, ENC_NA);
offset += dlength;
}
break;
}
}
}
return offset;
}
/*******************************************************************************************************
*******************************************************************************************************
*
* S7-Protocol (main tree)
*
*******************************************************************************************************
*******************************************************************************************************/
static gboolean
dissect_s7comm(tvbuff_t *tvb,
packet_info *pinfo,
proto_tree *tree,
void *data _U_)
{
proto_item *s7comm_item = NULL;
proto_item *s7comm_sub_item = NULL;
proto_tree *s7comm_tree = NULL;
proto_tree *s7comm_header_tree = NULL;
guint32 offset = 0;
guint8 rosctr = 0;
guint8 hlength = 10; /* Header 10 Bytes, when type 2 or 3 (Response) -> 12 Bytes */
guint16 plength = 0;
guint16 dlength = 0;
guint16 errorcode = 0;
/*----------------- Heuristic Checks - Begin */
/* 1) check for minimum length */
if(tvb_captured_length(tvb) < S7COMM_MIN_TELEGRAM_LENGTH)
return FALSE;
/* 2) first byte must be 0x32 */
if (tvb_get_guint8(tvb, 0) != S7COMM_PROT_ID)
return FALSE;
/* 3) second byte is a type field and only can contain values between 0x01-0x07 (1/2/3/7) */
if (tvb_get_guint8(tvb, 1) < 0x01 || tvb_get_guint8(tvb, 1) > 0x07)
return FALSE;
/*----------------- Heuristic Checks - End */
col_set_str(pinfo->cinfo, COL_PROTOCOL, PROTO_TAG_S7COMM);
col_clear(pinfo->cinfo, COL_INFO);
col_append_sep_str(pinfo->cinfo, COL_INFO, " | ", "");
rosctr = tvb_get_guint8(tvb, 1); /* Get the type byte */
if (rosctr == 2 || rosctr == 3) hlength = 12; /* Header 10 Bytes, when type 2 or 3 (response) -> 12 Bytes */
/* display some infos in info-column of wireshark */
col_append_fstr(pinfo->cinfo, COL_INFO, "ROSCTR:[%-8s]", val_to_str(rosctr, rosctr_names, "Unknown: 0x%02x"));
s7comm_item = proto_tree_add_item(tree, proto_s7comm, tvb, 0, -1, ENC_NA);
s7comm_tree = proto_item_add_subtree(s7comm_item, ett_s7comm);
/* insert header tree */
s7comm_sub_item = proto_tree_add_item(s7comm_tree, hf_s7comm_header,
tvb, offset, hlength, ENC_NA);
/* insert sub-items in header tree */
s7comm_header_tree = proto_item_add_subtree(s7comm_sub_item, ett_s7comm_header);
/* Protocol Identifier, constant 0x32 */
proto_tree_add_item(s7comm_header_tree, hf_s7comm_header_protid, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
/* ROSCTR (Remote Operating Service Control) - PDU Type */
proto_tree_add_uint(s7comm_header_tree, hf_s7comm_header_rosctr, tvb, offset, 1, rosctr);
/* Show pdu type beside the header tree */
proto_item_append_text(s7comm_header_tree, ": (%s)", val_to_str(rosctr, rosctr_names, "Unknown ROSCTR: 0x%02x"));
offset += 1;
/* Redundancy ID, reserved */
proto_tree_add_item(s7comm_header_tree, hf_s7comm_header_redid, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
/* Protocol Data Unit Reference */
proto_tree_add_item(s7comm_header_tree, hf_s7comm_header_pduref, tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
/* Parameter length */
plength = tvb_get_ntohs(tvb, offset);
proto_tree_add_uint(s7comm_header_tree, hf_s7comm_header_parlg, tvb, offset, 2, plength);
offset += 2;
/* Data length */
dlength = tvb_get_ntohs(tvb, offset);
proto_tree_add_uint(s7comm_header_tree, hf_s7comm_header_datlg, tvb, offset, 2, dlength);
offset += 2;
/* when type is 2 or 3 there are 2 bytes with errorclass and errorcode */
if (hlength == 12) {
errorcode = tvb_get_ntohs(tvb, offset); /* this uses the same errorcodes (combined) from parameter part */
proto_tree_add_item(s7comm_header_tree, hf_s7comm_header_errcls, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
proto_tree_add_item(s7comm_header_tree, hf_s7comm_header_errcod, tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
/* when there is an error, use the errorcode from parameterpart*/
if (errorcode > 0) {
s7comm_item = proto_tree_add_item(s7comm_header_tree, hf_s7comm_param_errcod, tvb, offset-2, 2, ENC_BIG_ENDIAN);
PROTO_ITEM_SET_GENERATED (s7comm_item);
}
}
switch (rosctr) {
case S7COMM_ROSCTR_JOB:
case S7COMM_ROSCTR_ACK_DATA:
s7comm_decode_req_resp(tvb, pinfo, s7comm_tree, plength, dlength, offset, rosctr);
break;
case S7COMM_ROSCTR_USERDATA:
s7comm_decode_ud(tvb, pinfo, s7comm_tree, plength, dlength, offset);
break;
}
/* Add the errorcode from header as last entry in info column */
if (errorcode > 0) {
col_append_fstr(pinfo->cinfo, COL_INFO, " -> Errorcode:[0x%04x]", errorcode);
}
/* set fence as there may be more than one S7comm PDU in one frame */
col_set_fence(pinfo->cinfo, COL_INFO);
return TRUE;
}
/*******************************************************************************************************
*******************************************************************************************************/
void
proto_register_s7comm (void)
{
expert_module_t* expert_s7comm;
/* format:
* {&(field id), {name, abbrev, type, display, strings, bitmask, blurb, HFILL}}.
*/
static hf_register_info hf[] = {
{ &hf_s7comm_header,
{ "Header", "s7comm.header", FT_NONE, BASE_NONE, NULL, 0x0,
"This is the header of S7 communication", HFILL }},
{ &hf_s7comm_header_protid,
{ "Protocol Id", "s7comm.header.protid", FT_UINT8, BASE_HEX, NULL, 0x0,
"Protocol Identification, 0x32 for S7", HFILL }},
{ &hf_s7comm_header_rosctr,
{ "ROSCTR", "s7comm.header.rosctr", FT_UINT8, BASE_DEC, VALS(rosctr_names), 0x0,
"Remote Operating Service Control", HFILL }},
{ &hf_s7comm_header_redid,
{ "Redundancy Identification (Reserved)", "s7comm.header.redid", FT_UINT16, BASE_HEX, NULL, 0x0,
"Redundancy Identification (Reserved), should be always 0x0000", HFILL }},
{ &hf_s7comm_header_pduref,
{ "Protocol Data Unit Reference", "s7comm.header.pduref", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_header_parlg,
{ "Parameter length", "s7comm.header.parlg", FT_UINT16, BASE_DEC, NULL, 0x0,
"Specifies the entire length of the parameter block in bytes", HFILL }},
{ &hf_s7comm_header_datlg,
{ "Data length", "s7comm.header.datlg", FT_UINT16, BASE_DEC, NULL, 0x0,
"Specifies the entire length of the data block in bytes", HFILL }},
{ &hf_s7comm_header_errcls,
{ "Error class", "s7comm.header.errcls", FT_UINT8, BASE_HEX, VALS(errcls_names), 0x0,
NULL, HFILL }},
{ &hf_s7comm_header_errcod,
{ "Error code", "s7comm.header.errcod", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_param,
{ "Parameter", "s7comm.param", FT_NONE, BASE_NONE, NULL, 0x0,
"This is the parameter part of S7 communication", HFILL }},
{ &hf_s7comm_param_errcod,
{ "Error code", "s7comm.param.errcod", FT_UINT16, BASE_HEX | BASE_EXT_STRING, ¶m_errcode_names_ext, 0x0,
NULL, HFILL }},
{ &hf_s7comm_param_service,
{ "Function", "s7comm.param.func", FT_UINT8, BASE_HEX, VALS(param_functionnames), 0x0,
"Indicates the function of parameter/data", HFILL }},
{ &hf_s7comm_param_maxamq_calling,
{ "Max AmQ (parallel jobs with ack) calling", "s7comm.param.maxamq_calling", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_param_maxamq_called,
{ "Max AmQ (parallel jobs with ack) called", "s7comm.param.maxamq_called", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_param_setup_reserved1,
{ "Reserved", "s7comm.param.setup_reserved1", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_param_neg_pdu_length,
{ "PDU length", "s7comm.param.pdu_length", FT_UINT16, BASE_DEC, NULL, 0x0,
"Negotiated PDU length", HFILL }},
{ &hf_s7comm_param_itemcount,
{ "Item count", "s7comm.param.itemcount", FT_UINT8, BASE_DEC, NULL, 0x0,
"Number of Items in parameter/data part", HFILL }},
{ &hf_s7comm_param_data,
{ "Parameter data", "s7comm.param.data", FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_param_item,
{ "Item", "s7comm.param.item", FT_NONE, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_param_subitem,
{ "Subitem", "s7comm.param.subitem", FT_NONE, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_item_varspec,
{ "Variable specification", "s7comm.param.item.varspec", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_item_varspec_length,
{ "Length of following address specification", "s7comm.param.item.varspec_length", FT_UINT8, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_item_syntax_id,
{ "Syntax Id", "s7comm.param.item.syntaxid", FT_UINT8, BASE_HEX, VALS(item_syntaxid_names), 0x0,
"Syntax Id, format type of following address specification", HFILL }},
{ &hf_s7comm_item_transport_size,
{ "Transport size", "s7comm.param.item.transp_size", FT_UINT8, BASE_DEC, VALS(item_transportsizenames), 0x0,
NULL, HFILL }},
{ &hf_s7comm_item_length,
{ "Length", "s7comm.param.item.length", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_item_db,
{ "DB number", "s7comm.param.item.db", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_item_area,
{ "Area", "s7comm.param.item.area", FT_UINT8, BASE_HEX, VALS(item_areanames), 0x0,
NULL, HFILL }},
{ &hf_s7comm_item_address,
{ "Address", "s7comm.param.item.address", FT_UINT24, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_item_address_byte,
{ "Byte Address", "s7comm.param.item.address.byte", FT_UINT24, BASE_DEC, NULL, 0x7fff8,
NULL, HFILL }},
{ &hf_s7comm_item_address_bit,
{ "Bit Address", "s7comm.param.item.address.bit", FT_UINT24, BASE_DEC, NULL, 0x000007,
NULL, HFILL }},
{ &hf_s7comm_item_address_nr,
{ "Number (T/C/BLOCK)", "s7comm.param.item.address.number", FT_UINT24, BASE_DEC, NULL, 0x00ffff,
NULL, HFILL }},
/* Special variable read with Syntax-Id 0xb0 (DBREAD) */
{ &hf_s7comm_item_dbread_numareas,
{ "Number of areas", "s7comm.param.item.dbread.numareas", FT_UINT8, BASE_DEC, NULL, 0x0,
"Number of area specifications following", HFILL }},
{ &hf_s7comm_item_dbread_length,
{ "Bytes to read", "s7comm.param.item.dbread.length", FT_UINT8, BASE_DEC, NULL, 0x0,
"Number of bytes to read", HFILL }},
{ &hf_s7comm_item_dbread_db,
{ "DB number", "s7comm.param.item.dbread.db", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_item_dbread_startadr,
{ "Start address", "s7comm.param.item.dbread.startaddress", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
/* Reading frequency inverter parameters via routing */
{ &hf_s7comm_item_driveesany_unknown1,
{ "DriveES Unknown 1", "s7comm.param.item.driveesany.unknown1", FT_UINT8, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_item_driveesany_unknown2,
{ "DriveES Unknown 2", "s7comm.param.item.driveesany.unknown2", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_item_driveesany_unknown3,
{ "DriveES Unknown 3", "s7comm.param.item.driveesany.unknown3", FT_UINT16, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_item_driveesany_parameter_nr,
{ "DriveES Parameter number", "s7comm.param.item.driveesany.parameternr", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_item_driveesany_parameter_idx,
{ "DriveES Parameter index", "s7comm.param.item.driveesany.parameteridx", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
/* NCK access with Syntax-Id 0x82 */
{ &hf_s7comm_item_nck_areaunit,
{ "NCK Area/Unit", "s7comm.param.item.nck.area_unit", FT_UINT8, BASE_HEX, NULL, 0x0,
"NCK Area/Unit: Bitmask aaauuuuu: a=area, u=unit", HFILL }},
{ &hf_s7comm_item_nck_area,
{ "NCK Area", "s7comm.param.item.nck.area", FT_UINT8, BASE_DEC, VALS(nck_area_names), 0xe0,
NULL, HFILL }},
{ &hf_s7comm_item_nck_unit,
{ "NCK Unit", "s7comm.param.item.nck.unit", FT_UINT8, BASE_DEC, NULL, 0x1f,
NULL, HFILL }},
{ &hf_s7comm_item_nck_column,
{ "NCK Column number", "s7comm.param.item.nck.column", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_item_nck_line,
{ "NCK Line number", "s7comm.param.item.nck.line", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_item_nck_module,
{ "NCK Module", "s7comm.param.item.nck.module", FT_UINT8, BASE_HEX | BASE_EXT_STRING, &nck_module_names_ext, 0x0,
NULL, HFILL }},
{ &hf_s7comm_item_nck_linecount,
{ "NCK Linecount", "s7comm.param.item.nck.linecount", FT_UINT8, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_data,
{ "Data", "s7comm.data", FT_NONE, BASE_NONE, NULL, 0x0,
"This is the data part of S7 communication", HFILL }},
{ &hf_s7comm_data_returncode,
{ "Return code", "s7comm.data.returncode", FT_UINT8, BASE_HEX, VALS(s7comm_item_return_valuenames), 0x0,
NULL, HFILL }},
{ &hf_s7comm_data_transport_size,
{ "Transport size", "s7comm.data.transportsize", FT_UINT8, BASE_HEX, VALS(data_transportsizenames), 0x0,
"Data type / Transport size. If 3, 4 or 5 the following length gives the number of bits, otherwise the number of bytes.", HFILL }},
{ &hf_s7comm_data_length,
{ "Length", "s7comm.data.length", FT_UINT16, BASE_DEC, NULL, 0x0,
"Length of data", HFILL }},
{ &hf_s7comm_data_item,
{ "Item", "s7comm.data.item", FT_NONE, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_readresponse_data,
{ "Data", "s7comm.resp.data", FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_data_fillbyte,
{ "Fill byte", "s7comm.data.fillbyte", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_userdata_data,
{ "Data", "s7comm.data.userdata", FT_BYTES, BASE_NONE, NULL, 0x0,
"Userdata data", HFILL }},
/* Userdata parameter 8/12 Bytes len*/
{ &hf_s7comm_userdata_param_head,
{ "Parameter head", "s7comm.param.userdata.head", FT_UINT24, BASE_HEX, NULL, 0x0,
"Header before parameter (constant 0x000112)", HFILL }},
{ &hf_s7comm_userdata_param_len,
{ "Parameter length", "s7comm.param.userdata.length", FT_UINT8, BASE_DEC, NULL, 0x0,
"Length of following parameter data (without head)", HFILL }},
{ &hf_s7comm_userdata_param_reqres2,
{ "Method (Request/Response)", "s7comm.param.userdata.reqres1", FT_UINT8, BASE_HEX, VALS(userdata_reqres2_names), 0x0,
"Unknown part, second request/response (0x00, 0x11, 0x12)", HFILL }},
{ &hf_s7comm_userdata_param_type,
{ "Type", "s7comm.param.userdata.type", FT_UINT8, BASE_DEC, VALS(userdata_type_names), 0xf0,
"Type of parameter", HFILL }},
{ &hf_s7comm_userdata_param_funcgroup,
{ "Function group", "s7comm.param.userdata.funcgroup", FT_UINT8, BASE_DEC, VALS(userdata_functiongroup_names), 0x0f,
NULL, HFILL }},
{ &hf_s7comm_userdata_param_subfunc_prog,
{ "Subfunction", "s7comm.param.userdata.subfunc", FT_UINT8, BASE_DEC, VALS(userdata_prog_subfunc_names), 0x0,
NULL, HFILL }},
{ &hf_s7comm_userdata_param_subfunc_cyclic,
{ "Subfunction", "s7comm.param.userdata.subfunc", FT_UINT8, BASE_DEC, VALS(userdata_cyclic_subfunc_names), 0x0,
NULL, HFILL }},
{ &hf_s7comm_userdata_param_subfunc_block,
{ "Subfunction", "s7comm.param.userdata.subfunc", FT_UINT8, BASE_DEC, VALS(userdata_block_subfunc_names), 0x0,
NULL, HFILL }},
{ &hf_s7comm_userdata_param_subfunc_cpu,
{ "Subfunction", "s7comm.param.userdata.subfunc", FT_UINT8, BASE_DEC, VALS(userdata_cpu_subfunc_names), 0x0,
NULL, HFILL }},
{ &hf_s7comm_userdata_param_subfunc_sec,
{ "Subfunction", "s7comm.param.userdata.subfunc", FT_UINT8, BASE_DEC, VALS(userdata_sec_subfunc_names), 0x0,
NULL, HFILL }},
{ &hf_s7comm_userdata_param_subfunc_time,
{ "Subfunction", "s7comm.param.userdata.subfunc", FT_UINT8, BASE_DEC, VALS(userdata_time_subfunc_names), 0x0,
NULL, HFILL }},
{ &hf_s7comm_userdata_param_subfunc,
{ "Subfunction", "s7comm.param.userdata.subfunc", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_userdata_param_subfunc_ncprg,
{ "Subfunction", "s7comm.param.userdata.subfunc", FT_UINT8, BASE_DEC, VALS(userdata_ncprg_subfunc_names), 0x0,
NULL, HFILL }},
{ &hf_s7comm_userdata_param_seq_num,
{ "Sequence number", "s7comm.param.userdata.seq_num", FT_UINT8, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_userdata_param_dataunitref,
{ "Data unit reference number", "s7comm.param.userdata.dataunitref", FT_UINT8, BASE_DEC, NULL, 0x0,
"Data unit reference number if PDU is fragmented", HFILL }},
{ &hf_s7comm_userdata_param_dataunit,
{ "Last data unit", "s7comm.param.userdata.lastdataunit", FT_UINT8, BASE_HEX, VALS(userdata_lastdataunit_names), 0x0,
NULL, HFILL }},
/* block functions / info */
{ &hf_s7comm_ud_blockinfo_block_type,
{ "Block type", "s7comm.blockinfo.blocktype", FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_ud_blockinfo_block_cnt,
{ "Block count", "s7comm.blockinfo.block_count", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_ud_blockinfo_block_num,
{ "Block number", "s7comm.blockinfo.block_num", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_ud_blockinfo_block_flags,
{ "Block flags (unknown)", "s7comm.blockinfo.flags", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_ud_blockinfo_block_lang,
{ "Block language", "s7comm.blockinfo.block_lang", FT_UINT8, BASE_DEC, VALS(blocklanguage_names), 0x0,
NULL, HFILL }},
{ &hf_s7comm_ud_blockinfo_block_num_ascii,
{ "Block number", "s7comm.data.blockinfo.block_number", FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_ud_blockinfo_filesys,
{ "Filesystem", "s7comm.data.blockinfo.filesys", FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_ud_blockinfo_res_infolength,
{ "Length of Info", "s7comm.blockinfo.res_infolength", FT_UINT16, BASE_DEC, NULL, 0x0,
"Length of Info in bytes", HFILL }},
{ &hf_s7comm_ud_blockinfo_res_unknown2,
{ "Unknown blockinfo 2", "s7comm.blockinfo.res_unknown2", FT_UINT16, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_ud_blockinfo_res_const3,
{ "Constant 3", "s7comm.blockinfo.res_const3", FT_STRING, BASE_NONE, NULL, 0x0,
"Possible constant 3, seems to be always 'pp'", HFILL }},
{ &hf_s7comm_ud_blockinfo_res_unknown,
{ "Unknown byte(s) blockinfo", "s7comm.blockinfo.res_unknown", FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_ud_blockinfo_subblk_type,
{ "Subblk type", "s7comm.blockinfo.subblk_type", FT_UINT8, BASE_DEC, VALS(subblktype_names), 0x0,
NULL, HFILL }},
{ &hf_s7comm_ud_blockinfo_load_mem_len,
{ "Length load memory", "s7comm.blockinfo.load_mem_len", FT_UINT32, BASE_DEC, NULL, 0x0,
"Length of load memory in bytes", HFILL }},
{ &hf_s7comm_ud_blockinfo_blocksecurity,
{ "Block Security", "s7comm.blockinfo.blocksecurity", FT_UINT32, BASE_DEC, VALS(blocksecurity_names), 0x0,
NULL, HFILL }},
{ &hf_s7comm_ud_blockinfo_interface_timestamp,
{ "Interface timestamp", "s7comm.blockinfo.interface_timestamp", FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_ud_blockinfo_code_timestamp,
{ "Code timestamp", "s7comm.blockinfo.code_timestamp", FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_ud_blockinfo_ssb_len,
{ "SSB length", "s7comm.blockinfo.ssb_len", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_ud_blockinfo_add_len,
{ "ADD length", "s7comm.blockinfo.add_len", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_ud_blockinfo_localdata_len,
{ "Localdata length", "s7comm.blockinfo.localdata_len", FT_UINT16, BASE_DEC, NULL, 0x0,
"Length of localdata in bytes", HFILL }},
{ &hf_s7comm_ud_blockinfo_mc7_len,
{ "MC7 code length", "s7comm.blockinfo.mc7_len", FT_UINT16, BASE_DEC, NULL, 0x0,
"Length of MC7 code in bytes", HFILL }},
{ &hf_s7comm_ud_blockinfo_author,
{ "Author", "s7comm.blockinfo.author", FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_ud_blockinfo_family,
{ "Family", "s7comm.blockinfo.family", FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_ud_blockinfo_headername,
{ "Name (Header)", "s7comm.blockinfo.headername", FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_ud_blockinfo_headerversion,
{ "Version (Header)", "s7comm.blockinfo.headerversion", FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_ud_blockinfo_checksum,
{ "Block checksum", "s7comm.blockinfo.checksum", FT_UINT16, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_ud_blockinfo_reserved1,
{ "Reserved 1", "s7comm.blockinfo.reserved1", FT_UINT32, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_ud_blockinfo_reserved2,
{ "Reserved 2", "s7comm.blockinfo.reserved2", FT_UINT32, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
/* Flags in blockinfo response */
{ &hf_s7comm_userdata_blockinfo_flags,
{ "Block flags", "s7comm.param.userdata.blockinfo.flags", FT_UINT8, BASE_HEX, NULL, 0xff,
"Some block configuration flags", HFILL }},
/* Bit : 0 -> DB Linked = true */
{ &hf_s7comm_userdata_blockinfo_linked,
{ "Linked", "s7comm.param.userdata.blockinfo.linked", FT_BOOLEAN, 8, TFS(&tfs_yes_no), 0x01,
NULL, HFILL }},
/* Bit : 1 -> Standard block = true */
{ &hf_s7comm_userdata_blockinfo_standard_block,
{ "Standard block", "s7comm.param.userdata.blockinfo.standard_block", FT_BOOLEAN, 8, TFS(&tfs_yes_no), 0x02,
NULL, HFILL }},
/* Bit : 5 -> DB Non Retain = true */
{ &hf_s7comm_userdata_blockinfo_nonretain,
{ "Non Retain", "s7comm.param.userdata.blockinfo.nonretain", FT_BOOLEAN, 8, TFS(&tfs_yes_no), 0x08,
NULL, HFILL }},
/* Programmer commands, diagnostic data */
{ &hf_s7comm_diagdata_req_askheadersize,
{ "Ask header size", "s7comm.diagdata.req.askheadersize", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_diagdata_req_asksize,
{ "Ask size", "s7comm.diagdata.req.asksize", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_diagdata_req_unknown,
{ "Unknown byte(s) diagdata", "s7comm.diagdata.req.unknown", FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_diagdata_req_answersize,
{ "Answer size", "s7comm.diagdata.req.answersize", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_diagdata_req_block_type,
{ "Block type", "s7comm.diagdata.req.blocktype", FT_UINT8, BASE_DEC, VALS(subblktype_names), 0x0,
NULL, HFILL }},
{ &hf_s7comm_diagdata_req_block_num,
{ "Block number", "s7comm.diagdata.req.blocknumber", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_diagdata_req_startaddr_awl,
{ "Start address AWL", "s7comm.diagdata.req.startaddr_awl", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_diagdata_req_saz,
{ "Step address counter (SAZ)", "s7comm.diagdata.req.saz", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_diagdata_req_number_of_lines,
{ "Number of lines", "s7comm.diagdata.req.number_of_lines", FT_UINT8, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_diagdata_req_line_address,
{ "Address", "s7comm.diagdata.req.line_address", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
/* Flags for requested registers in diagnostic data telegrams */
{ &hf_s7comm_diagdata_registerflag,
{ "Registers", "s7comm.diagdata.register", FT_UINT8, BASE_HEX, NULL, 0x00,
"Requested registers", HFILL }},
{ &hf_s7comm_diagdata_registerflag_stw,
{ "STW", "s7comm.diagdata.register.stw", FT_BOOLEAN, 8, NULL, 0x01,
"STW / Status word", HFILL }},
{ &hf_s7comm_diagdata_registerflag_accu1,
{ "ACCU1", "s7comm.diagdata.register.accu1", FT_BOOLEAN, 8, NULL, 0x02,
"ACCU1 / Accumulator 1", HFILL }},
{ &hf_s7comm_diagdata_registerflag_accu2,
{ "ACCU2", "s7comm.diagdata.register.accu2", FT_BOOLEAN, 8, NULL, 0x04,
"ACCU2 / Accumulator 2", HFILL }},
{ &hf_s7comm_diagdata_registerflag_ar1,
{ "AR1", "s7comm.diagdata.register.ar1", FT_BOOLEAN, 8, NULL, 0x08,
"AR1 / Addressregister 1", HFILL }},
{ &hf_s7comm_diagdata_registerflag_ar2,
{ "AR2", "s7comm.diagdata.register.ar2", FT_BOOLEAN, 8, NULL, 0x10,
"AR2 / Addressregister 2", HFILL }},
{ &hf_s7comm_diagdata_registerflag_db1,
{ "DB1", "s7comm.diagdata.register.db1", FT_BOOLEAN, 8, NULL, 0x20,
"DB1 (global)/ Datablock register 1", HFILL }},
{ &hf_s7comm_diagdata_registerflag_db2,
{ "DB2", "s7comm.diagdata.register.db2", FT_BOOLEAN, 8, NULL, 0x40,
"DB2 (instance) / Datablock register 2", HFILL }},
/* timefunction: s7 timestamp */
{ &hf_s7comm_data_ts,
{ "S7 Timestamp", "s7comm.data.ts", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x00,
"S7 Timestamp, BCD coded", HFILL }},
{ &hf_s7comm_data_ts_reserved,
{ "S7 Timestamp - Reserved", "s7comm.data.ts_reserved", FT_UINT8, BASE_HEX, NULL, 0x00,
"S7 Timestamp: Reserved byte", HFILL }},
{ &hf_s7comm_data_ts_year1,
{ "S7 Timestamp - Year 1", "s7comm.data.ts_year1", FT_UINT8, BASE_DEC, NULL, 0x00,
"S7 Timestamp: BCD coded year thousands/hundreds, should be ignored (19 or 20)", HFILL }},
{ &hf_s7comm_data_ts_year2,
{ "S7 Timestamp - Year 2", "s7comm.data.ts_year2", FT_UINT8, BASE_DEC, NULL, 0x00,
"S7 Timestamp: BCD coded year, if 00...89 then it's 2000...2089, else 1990...1999", HFILL }},
{ &hf_s7comm_data_ts_month,
{ "S7 Timestamp - Month", "s7comm.data.ts_month", FT_UINT8, BASE_DEC, NULL, 0x00,
"S7 Timestamp: BCD coded month", HFILL }},
{ &hf_s7comm_data_ts_day,
{ "S7 Timestamp - Day", "s7comm.data.ts_day", FT_UINT8, BASE_DEC, NULL, 0x00,
"S7 Timestamp: BCD coded day", HFILL }},
{ &hf_s7comm_data_ts_hour,
{ "S7 Timestamp - Hour", "s7comm.data.ts_hour", FT_UINT8, BASE_DEC, NULL, 0x00,
"S7 Timestamp: BCD coded hour", HFILL }},
{ &hf_s7comm_data_ts_minute,
{ "S7 Timestamp - Minute", "s7comm.data.ts_minute", FT_UINT8, BASE_DEC, NULL, 0x00,
"S7 Timestamp: BCD coded minute", HFILL }},
{ &hf_s7comm_data_ts_second,
{ "S7 Timestamp - Second", "s7comm.data.ts_second", FT_UINT8, BASE_DEC, NULL, 0x00,
"S7 Timestamp: BCD coded second", HFILL }},
{ &hf_s7comm_data_ts_millisecond,
{ "S7 Timestamp - Milliseconds", "s7comm.data.ts_millisecond", FT_UINT16, BASE_DEC, NULL, 0x00,
"S7 Timestamp: BCD coded milliseconds (left 3 nibbles)", HFILL }},
{ &hf_s7comm_data_ts_weekday,
{ "S7 Timestamp - Weekday", "s7comm.data.ts_weekday", FT_UINT16, BASE_DEC, VALS(weekdaynames), 0x000f,
"S7 Timestamp: Weekday number (right nibble, 1=Su,2=Mo,..)", HFILL }},
/* Function 0x28 (PI service) and 0x29 */
{ &hf_s7comm_piservice_unknown1,
{ "Unknown bytes", "s7comm.param.pistart.unknown1", FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_piservice_parameterblock_len,
{ "Parameter block length", "s7comm.param.pistart.parameterblock_len", FT_UINT16, BASE_DEC, NULL, 0x0,
"Length of Parameter block in bytes", HFILL }},
{ &hf_s7comm_piservice_parameterblock,
{ "Parameter block", "s7comm.param.pistart.parameterblock", FT_NONE, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_piservice_servicename,
{ "PI (program invocation) Service", "s7comm.param.pistart.servicename", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
/* PI Service parameters for NC services */
{ &hf_s7comm_piservice_string_len,
{ "String length", "s7comm.param.pi.n_x.string_len", FT_UINT8, BASE_DEC, NULL, 0x0,
"Length of the following string. If LengthByte + Stringlen is uneven, a fillbyte is added", HFILL }},
{ &hf_s7comm_pi_n_x_addressident,
{ "Addressidentification", "s7comm.param.pi.n_x.addressident", FT_STRING, BASE_NONE, NULL, 0x0,
"Addressidentification (RangeID / Index)", HFILL }},
{ &hf_s7comm_pi_n_x_filename,
{ "Filename", "s7comm.param.pi.n_x.filename", FT_STRING, BASE_NONE, NULL, 0x0,
"Name of the file or directory", HFILL }},
{ &hf_s7comm_pi_n_x_editwindowname,
{ "Editor Window Name", "s7comm.param.pi.n_x.editwindowname", FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_pi_n_x_password,
{ "Password", "s7comm.param.pi.n_x.password", FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_pi_n_x_seekpointer,
{ "Seek pointer", "s7comm.param.pi.n_x.seekpointer", FT_STRING, BASE_NONE, NULL, 0x0,
"SeekPointer string with exact 9 digit/character(s)", HFILL }},
{ &hf_s7comm_pi_n_x_windowsize,
{ "Window size", "s7comm.param.pi.n_x.windowsize", FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_pi_n_x_comparestring,
{ "Compare String", "s7comm.param.pi.n_x.comparestring", FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_pi_n_x_skipcount,
{ "Skip Count", "s7comm.param.pi.n_x.skipcount", FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_pi_n_x_interruptnr,
{ "Interrupt Number", "s7comm.param.pi.n_x.interruptnr", FT_STRING, BASE_NONE, NULL, 0x0,
"Interrupt Number: Interrupt number corresponds to the input number which caused the interrupt" , HFILL }},
{ &hf_s7comm_pi_n_x_priority,
{ "Priority", "s7comm.param.pi.n_x.priority", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_liftfast,
{ "Liftfast", "s7comm.param.pi.n_x.liftfast", FT_STRING, BASE_NONE, NULL, 0x0,
"Liftfast: Indicates whether an interrupt routine should simultaneously cause a fast lift-off motion" , HFILL }},
{ &hf_s7comm_pi_n_x_blsync,
{ "Blsync", "s7comm.param.pi.n_x.blsync", FT_STRING, BASE_NONE, NULL, 0x0,
"Blsync: Indicates whether the interrupt has to be synchronized to the next block end" , HFILL }},
{ &hf_s7comm_pi_n_x_magnr,
{ "Magnr", "s7comm.param.pi.n_x.magnr", FT_STRING, BASE_NONE, NULL, 0x0,
"Magnr: Magazine number" , HFILL }},
{ &hf_s7comm_pi_n_x_dnr,
{ "DNr", "s7comm.param.pi.n_x.dnr", FT_STRING, BASE_NONE, NULL, 0x0,
"DNr: D number" , HFILL }},
{ &hf_s7comm_pi_n_x_spindlenumber,
{ "Spindle Number", "s7comm.param.pi.n_x.spindlenumber", FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_pi_n_x_wznr,
{ "WZ-Nr", "s7comm.param.pi.n_x.wznr", FT_STRING, BASE_NONE, NULL, 0x0,
"WZ-Nr: Tool number" , HFILL }},
{ &hf_s7comm_pi_n_x_class,
{ "Class", "s7comm.param.pi.n_x.class", FT_STRING, BASE_NONE, NULL, 0x0,
"Class: Classify machine data" , HFILL }},
{ &hf_s7comm_pi_n_x_tnr,
{ "TNr", "s7comm.param.pi.n_x.tnr", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_toolnumber,
{ "Tool Number", "s7comm.param.pi.n_x.toolnumber", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_cenumber,
{ "CE-Number", "s7comm.param.pi.n_x.cenumber", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_datablocknumber,
{ "Datablock Number", "s7comm.param.pi.n_x.datablocknumber", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_firstcolumnnumber,
{ "First Column Number", "s7comm.param.pi.n_x.firstcolumnnumber", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_lastcolumnnumber,
{ "Last Column Number", "s7comm.param.pi.n_x.lastcolumnnumber", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_firstrownumber,
{ "First Row Number", "s7comm.param.pi.n_x.firstrownnumber", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_lastrownumber,
{ "Last Row Number", "s7comm.param.pi.n_x.lastrownnumber", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_direction,
{ "Direction", "s7comm.param.pi.n_x.direction", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_sourcefilename,
{ "Source-Filename", "s7comm.param.pi.n_x.sourcefilename", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_destinationfilename,
{ "Destination-Filename", "s7comm.param.pi.n_x.destinationfilename", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_channelnumber,
{ "Channel Number", "s7comm.param.pi.n_x.channelnumber", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_protection,
{ "Protection", "s7comm.param.pi.n_x.protection", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_oldfilename,
{ "Old Filename", "s7comm.param.pi.n_x.oldfilename", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_newfilename,
{ "New Filename", "s7comm.param.pi.n_x.newfilename", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_findmode,
{ "Findmode", "s7comm.param.pi.n_x.findmode", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_switch,
{ "Switch", "s7comm.param.pi.n_x.switch", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_functionnumber,
{ "Function Number", "s7comm.param.pi.n_x.functionnumber", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_semaphorvalue,
{ "Semaphor Value", "s7comm.param.pi.n_x.semaphorvalue", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_onoff,
{ "OnOff", "s7comm.param.pi.n_x.onoff", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_mode,
{ "Mode", "s7comm.param.pi.n_x.mode", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_factor,
{ "Factor", "s7comm.param.pi.n_x.factor", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_passwordlevel,
{ "Password Level", "s7comm.param.pi.n_x.passwordlevel", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_linenumber,
{ "Line Number", "s7comm.param.pi.n_x.linenumber", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_weargroup,
{ "Wear Group", "s7comm.param.pi.n_x.weargroup", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_toolstatus,
{ "Tool Status", "s7comm.param.pi.n_x.toolstatus", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_wearsearchstrat,
{ "Search Strategie", "s7comm.param.pi.n_x.wearsearchstrat", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_toolid,
{ "Tool ID", "s7comm.param.pi.n_x.toolid", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_duplonumber,
{ "Duplo Number", "s7comm.param.pi.n_x.duplonumber", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_edgenumber,
{ "Edge Number", "s7comm.param.pi.n_x.edgenumber", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_placenr,
{ "Place Number", "s7comm.param.pi.n_x.placenr", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_placerefnr,
{ "Place Reference Number", "s7comm.param.pi.n_x.placerefnr", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_magrefnr,
{ "Magazine Reference Number", "s7comm.param.pi.n_x.magrefnr", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_placenrfrom,
{ "Place Number from", "s7comm.param.pi.n_x.placenrfrom", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_magnrfrom,
{ "Magazine Number from", "s7comm.param.pi.n_x.magnrfrom", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_placenrto,
{ "Place Number to", "s7comm.param.pi.n_x.placenrto", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_magnrto,
{ "Magazine Number to", "s7comm.param.pi.n_x.magnrto", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_halfplacesleft,
{ "Half places left", "s7comm.param.pi.n_x.halfplacesleft", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_halfplacesright,
{ "Half places right", "s7comm.param.pi.n_x.halfplacesright", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_halfplacesup,
{ "Half places up", "s7comm.param.pi.n_x.halfplacesup", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_halfplacesdown,
{ "Half places down", "s7comm.param.pi.n_x.halfplacesdown", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_placetype,
{ "Place type index", "s7comm.param.pi.n_x.placetype", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_searchdirection,
{ "Search direction", "s7comm.param.pi.n_x.searchdirection", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_toolname,
{ "Tool Name", "s7comm.param.pi.n_x.toolname", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_placenrsource,
{ "Place Number Source", "s7comm.param.pi.n_x.placenrsource", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_magnrsource,
{ "Magazine Number Source", "s7comm.param.pi.n_x.magnrsource", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_placenrdestination,
{ "Place Number Destination", "s7comm.param.pi.n_x.placenrdestination", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_magnrdestination,
{ "Magazine Number Destination", "s7comm.param.pi.n_x.magnrdestination", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_incrementnumber,
{ "Increment Number", "s7comm.param.pi.n_x.incrementnumber", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_monitoringmode,
{ "Monitoring mode", "s7comm.param.pi.n_x.monitoringmode", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_pi_n_x_kindofsearch,
{ "Kind of search", "s7comm.param.pi.n_x.kindofsearch", FT_STRING, BASE_NONE, NULL, 0x0,
NULL , HFILL }},
{ &hf_s7comm_data_pi_inse_unknown,
{ "Unknown byte", "s7comm.param.pi.inse.unknown", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_data_plccontrol_argument,
{ "Argument", "s7comm.param.pistart.argument", FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_data_plccontrol_block_cnt,
{ "Number of blocks", "s7comm.data.plccontrol.block_cnt", FT_UINT8, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_data_plccontrol_part2_len,
{ "Length part 2", "s7comm.data.plccontrol.part2_len", FT_UINT8, BASE_DEC, NULL, 0x0,
"Length of part 2 in bytes", HFILL }},
/* block control functions */
{ &hf_s7comm_data_blockcontrol_unknown1,
{ "Unknown byte(s) in blockcontrol", "s7comm.data.blockcontrol.unknown1", FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_data_blockcontrol_errorcode,
{ "Errorcode", "s7comm.data.blockcontrol.errorcode", FT_UINT16, BASE_HEX, NULL, 0x0,
"Errorcode, 0 on success", HFILL }},
{ &hf_s7comm_data_blockcontrol_uploadid,
{ "UploadID", "s7comm.data.blockcontrol.uploadid", FT_UINT32, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_data_blockcontrol_file_ident,
{ "File identifier", "s7comm.data.blockcontrol.file_identifier", FT_STRING, BASE_NONE, NULL, 0x0,
"File identifier: '_'=complete module; '$'=Module header for up-loading", HFILL }},
{ &hf_s7comm_data_blockcontrol_block_type,
{ "Block type", "s7comm.data.blockcontrol.block_type", FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_data_blockcontrol_block_num,
{ "Block number", "s7comm.data.blockcontrol.block_number", FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_data_blockcontrol_dest_filesys,
{ "Destination filesystem", "s7comm.data.blockcontrol.dest_filesys", FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_data_blockcontrol_part2_len,
{ "Length part 2", "s7comm.data.blockcontrol.part2_len", FT_UINT8, BASE_DEC, NULL, 0x0,
"Length of part 2 in bytes", HFILL }},
{ &hf_s7comm_data_blockcontrol_part2_unknown,
{ "Unknown char before load mem", "s7comm.data.blockcontrol.part2_unknown", FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_data_blockcontrol_loadmem_len,
{ "Length of load memory", "s7comm.data.blockcontrol.loadmem_len", FT_STRING, BASE_NONE, NULL, 0x0,
"Length of load memory in bytes", HFILL }},
{ &hf_s7comm_data_blockcontrol_mc7code_len,
{ "Length of MC7 code", "s7comm.data.blockcontrol.mc7code_len", FT_STRING, BASE_NONE, NULL, 0x0,
"Length of MC7 code in bytes", HFILL }},
{ &hf_s7comm_data_blockcontrol_filename_len,
{ "Filename Length", "s7comm.param.blockcontrol.filename_len", FT_UINT8, BASE_DEC, NULL, 0x0,
"Length following filename in bytes", HFILL }},
{ &hf_s7comm_data_blockcontrol_filename,
{ "Filename", "s7comm.param.blockcontrol.filename", FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_data_blockcontrol_upl_lenstring_len,
{ "Blocklengthstring Length", "s7comm.param.blockcontrol.upl_lenstring_len", FT_UINT8, BASE_DEC, NULL, 0x0,
"Length following blocklength string in bytes", HFILL }},
{ &hf_s7comm_data_blockcontrol_upl_lenstring,
{ "Blocklength", "s7comm.param.blockcontrol.upl_lenstring", FT_STRING, BASE_NONE, NULL, 0x0,
"Length of the complete uploadblock in bytes, may be split into many PDUs", HFILL }},
{ &hf_s7comm_data_blockcontrol_functionstatus,
{ "Function Status", "s7comm.param.blockcontrol.functionstatus", FT_UINT8, BASE_HEX, NULL, 0x0,
"0=no error, 1=more data, 2=error", HFILL }},
{ &hf_s7comm_data_blockcontrol_functionstatus_more,
{ "More data following", "s7comm.param.blockcontrol.functionstatus.more", FT_BOOLEAN, 8, NULL, 0x01,
"More data of the block/file can be retrieved with another request", HFILL }},
{ &hf_s7comm_data_blockcontrol_functionstatus_error,
{ "Error", "s7comm.param.blockcontrol.functionstatus.error", FT_BOOLEAN, 8, NULL, 0x02,
"An error occurred", HFILL }},
/* NC programming functions */
{ &hf_s7comm_data_ncprg_unackcount,
{ "Number of telegrams sent without acknowledge", "s7comm.data.ncprg.unackcount", FT_UINT8, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
/* Variable table */
{ &hf_s7comm_vartab_data_type,
{ "Type of data", "s7comm.vartab.data_type", FT_UINT8, BASE_DEC, VALS(userdata_prog_vartab_type_names), 0x0,
NULL, HFILL }},
{ &hf_s7comm_vartab_byte_count,
{ "Byte count", "s7comm.vartab.byte_count", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_vartab_unknown,
{ "Unknown byte(s) vartab", "s7comm.vartab.unknown", FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_vartab_item_count,
{ "Item count", "s7comm.vartab.item_count", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_vartab_req_memory_area,
{ "Memory area", "s7comm.vartab.req.memory_area", FT_UINT8, BASE_DEC, VALS(userdata_prog_vartab_area_names), 0x0,
NULL, HFILL }},
{ &hf_s7comm_vartab_req_repetition_factor,
{ "Repetition factor", "s7comm.vartab.req.repetition_factor", FT_UINT8, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_vartab_req_db_number,
{ "DB number", "s7comm.vartab.req.db_number", FT_UINT16, BASE_DEC, NULL, 0x0,
"DB number, when area is DB", HFILL }},
{ &hf_s7comm_vartab_req_startaddress,
{ "Startaddress", "s7comm.vartab.req.startaddress", FT_UINT16, BASE_DEC, NULL, 0x0,
"Startaddress / byteoffset", HFILL }},
/* cyclic data */
{ &hf_s7comm_cycl_interval_timebase,
{ "Interval timebase", "s7comm.cyclic.interval_timebase", FT_UINT8, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cycl_interval_time,
{ "Interval time", "s7comm.cyclic.interval_time", FT_UINT8, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
/* PBC, Programmable Block Functions */
{ &hf_s7comm_pbc_unknown,
{ "PBC BSEND/BRECV unknown", "s7comm.pbc.bsend.unknown", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_pbc_r_id,
{ "PBC BSEND/BRECV R_ID", "s7comm.pbc.req.bsend.r_id", FT_UINT32, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
/* CPU alarms */
{ &hf_s7comm_cpu_alarm_message_item,
{ "Alarm message", "s7comm.alarm.message", FT_NONE, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_alarm_message_obj_item,
{ "Message object", "s7comm.alarm.message_object", FT_NONE, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_alarm_message_function,
{ "Function identifier", "s7comm.alarm.function", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_alarm_message_nr_objects,
{ "Number of message objects", "s7comm.alarm.nr_objects", FT_UINT8, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_alarm_message_nr_add_values,
{ "Number of associated values", "s7comm.alarm.nr_add_values", FT_UINT8, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_alarm_message_eventid,
{ "EventID", "s7comm.alarm.event_id", FT_UINT32, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_alarm_message_timestamp_coming,
{ "Timestamp message coming", "s7comm.alarm.timestamp_coming", FT_NONE, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_alarm_message_timestamp_going,
{ "Timestamp message going", "s7comm.alarm.timestamp_going", FT_NONE, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_alarm_message_associated_value,
{ "Associated value(s)", "s7comm.alarm.associated_value", FT_NONE, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_alarm_message_eventstate,
{ "EventState", "s7comm.alarm.eventstate", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_alarm_message_signal_sig1,
{ "SIG_1", "s7comm.alarm.signal.sig1", FT_BOOLEAN, 8, NULL, 0x01,
"Current state of Signal SIG_1", HFILL }},
{ &hf_s7comm_cpu_alarm_message_signal_sig2,
{ "SIG_2", "s7comm.alarm.signal.sig2", FT_BOOLEAN, 8, NULL, 0x02,
"Current state of Signal SIG_2", HFILL }},
{ &hf_s7comm_cpu_alarm_message_signal_sig3,
{ "SIG_3", "s7comm.alarm.signal.sig3", FT_BOOLEAN, 8, NULL, 0x04,
"Current state of Signal SIG_3", HFILL }},
{ &hf_s7comm_cpu_alarm_message_signal_sig4,
{ "SIG_4", "s7comm.alarm.signal.sig4", FT_BOOLEAN, 8, NULL, 0x08,
"Current state of Signal SIG_4", HFILL }},
{ &hf_s7comm_cpu_alarm_message_signal_sig5,
{ "SIG_5", "s7comm.alarm.signal.sig5", FT_BOOLEAN, 8, NULL, 0x10,
"Current state of Signal SIG_5", HFILL }},
{ &hf_s7comm_cpu_alarm_message_signal_sig6,
{ "SIG_6", "s7comm.alarm.signal.sig6", FT_BOOLEAN, 8, NULL, 0x20,
"Current state of Signal SIG_6", HFILL }},
{ &hf_s7comm_cpu_alarm_message_signal_sig7,
{ "SIG_7", "s7comm.alarm.signal.sig7", FT_BOOLEAN, 8, NULL, 0x40,
"Current state of Signal SIG_7", HFILL }},
{ &hf_s7comm_cpu_alarm_message_signal_sig8,
{ "SIG_8", "s7comm.alarm.signal.sig8", FT_BOOLEAN, 8, NULL, 0x80,
"Current state of Signal SIG_8", HFILL }},
{ &hf_s7comm_cpu_alarm_message_state,
{ "State", "s7comm.alarm.state", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_alarm_message_ackstate_coming,
{ "AckState coming", "s7comm.alarm.ack_state.coming", FT_UINT8, BASE_HEX, NULL, 0x0,
"Acknowledge state coming (1=Event acknowledged, 0=Event not acknowledged)", HFILL }},
{ &hf_s7comm_cpu_alarm_message_ackstate_going,
{ "AckState going", "s7comm.alarm.ack_state.going", FT_UINT8, BASE_HEX, NULL, 0x0,
"Acknowledge state going (1=Event acknowledged, 0=Event not acknowledged)", HFILL }},
{ &hf_s7comm_cpu_alarm_message_event_coming,
{ "Event coming", "s7comm.alarm.event.coming", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_alarm_message_event_going,
{ "Event going", "s7comm.alarm.event.going", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_alarm_message_event_lastchanged,
{ "Event last changed", "s7comm.alarm.event.lastchanged", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_alarm_message_event_reserved,
{ "Reserved", "s7comm.alarm.event.reserved", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_alarm_message_scan_unknown1,
{ "SCAN unknown 1", "s7comm.alarm.scan.unknown1", FT_UINT16, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_alarm_message_scan_unknown2,
{ "SCAN unknown 2", "s7comm.alarm.scan.unknown2", FT_UINT16, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
/* Alarm message query */
{ &hf_s7comm_cpu_alarm_query_unknown1,
{ "Unknown/Reserved (1)", "s7comm.alarm.query.unknown1", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_alarm_query_querytype,
{ "Querytype", "s7comm.alarm.query.querytype", FT_UINT8, BASE_DEC, VALS(alarm_message_querytype_names), 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_alarm_query_unknown2,
{ "Unknown/Reserved (2)", "s7comm.alarm.query.unknown2", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_alarm_query_alarmtype,
{ "Alarmtype", "s7comm.alarm.query.alarmtype", FT_UINT32, BASE_DEC, VALS(alarm_message_query_alarmtype_names), 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_alarm_query_completelen,
{ "Complete data length", "s7comm.alarm.query.complete_length", FT_UINT32, BASE_DEC, NULL, 0x0,
"Complete data length (with ALARM_S this is 0xffff, as they might be split into many telegrams)", HFILL }},
{ &hf_s7comm_cpu_alarm_query_datasetlen,
{ "Length of dataset", "s7comm.alarm.query.dataset_length", FT_UINT8, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_alarm_query_resunknown1,
{ "Unknown", "s7comm.alarm.query.resunknown1", FT_UINT16, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
/* CPU diagnostic messages */
{ &hf_s7comm_cpu_diag_msg_item,
{ "CPU diagnostic message", "s7comm.cpu.diag_msg", FT_NONE, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_diag_msg_eventid,
{ "Event ID", "s7comm.cpu.diag_msg.eventid", FT_UINT16, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_diag_msg_eventid_class,
{ "Event class", "s7comm.cpu.diag_msg.eventid.class", FT_UINT16, BASE_HEX, VALS(cpu_diag_msg_eventid_class_names), 0xf000,
NULL, HFILL }},
{ &hf_s7comm_cpu_diag_msg_eventid_ident_entleave,
{ "Event entering state", "s7comm.cpu.diag_msg.eventid.ident.entleave", FT_BOOLEAN, 16, TFS(&tfs_s7comm_cpu_diag_msg_eventid_ident_entleave), 0x0100,
"Event identifier: 0=Event leaving state,1=Event entering state", HFILL }},
{ &hf_s7comm_cpu_diag_msg_eventid_ident_diagbuf,
{ "Entry in diagnostic buffer", "s7comm.cpu.diag_msg.eventid.ident.diagbuf", FT_BOOLEAN, 16, NULL, 0x0200,
"Event identifier: Entry in diagnostic buffer", HFILL }},
{ &hf_s7comm_cpu_diag_msg_eventid_ident_interr,
{ "Internal error", "s7comm.cpu.diag_msg.eventid.ident.interr", FT_BOOLEAN, 16, NULL, 0x0400,
"Event identifier: Internal error", HFILL }},
{ &hf_s7comm_cpu_diag_msg_eventid_ident_exterr,
{ "External error", "s7comm.cpu.diag_msg.eventid.ident.exterr", FT_BOOLEAN, 16, NULL, 0x0800,
"Event identifier: External error", HFILL }},
{ &hf_s7comm_cpu_diag_msg_eventid_nr,
{ "Event number", "s7comm.cpu.diag_msg.eventid.nr", FT_UINT16, BASE_HEX, NULL, 0x00ff,
NULL, HFILL }},
{ &hf_s7comm_cpu_diag_msg_prioclass,
{ "Priority class", "s7comm.cpu.diag_msg.prioclass", FT_UINT8, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_diag_msg_obnumber,
{ "OB number", "s7comm.cpu.diag_msg.obnumber", FT_UINT8, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_diag_msg_datid,
{ "DatID", "s7comm.cpu.diag_msg.datid", FT_UINT16, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_diag_msg_info1,
{ "INFO1 Additional information 1", "s7comm.cpu.diag_msg.info1", FT_UINT16, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_diag_msg_info2,
{ "INFO2 Additional information 2", "s7comm.cpu.diag_msg.info2", FT_UINT32, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
/* CPU message service */
{ &hf_s7comm_cpu_msgservice_subscribe_events,
{ "Subscribed events", "s7comm.cpu.msg.events", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_msgservice_subscribe_events_modetrans,
{ "Mode-transition", "s7comm.cpu.msg.events.modetrans", FT_BOOLEAN, 8, NULL, 0x01,
"MODE: Register for mode-transition events via func-group=0 and subfunction=state", HFILL }},
{ &hf_s7comm_cpu_msgservice_subscribe_events_system,
{ "System-diagnostics", "s7comm.cpu.msg.events.system", FT_BOOLEAN, 8, NULL, 0x02,
"SYS: Register for system diagnostic events", HFILL }},
{ &hf_s7comm_cpu_msgservice_subscribe_events_userdefined,
{ "Userdefined", "s7comm.cpu.msg.events.userdefined", FT_BOOLEAN, 8, NULL, 0x04,
"USR: Register system user-defined diagnostic messages", HFILL }},
{ &hf_s7comm_cpu_msgservice_subscribe_events_alarms,
{ "Alarms", "s7comm.cpu.msg.events.alarms", FT_BOOLEAN, 8, NULL, 0x80,
"ALM: Register alarm events (ALARM, SCAN, ALARM_S) type of event defined in additional field", HFILL }},
{ &hf_s7comm_cpu_msgservice_req_reserved1,
{ "Reserved/Unknown", "s7comm.cpu.msg.req_reserved1", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_msgservice_username,
{ "Username", "s7comm.cpu.msg.username", FT_STRING, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_msgservice_almtype,
{ "Alarm type", "s7comm.cpu.msg.almtype", FT_UINT8, BASE_DEC, VALS(cpu_msgservice_almtype_names), 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_msgservice_req_reserved2,
{ "Reserved/Unknown", "s7comm.cpu.msg.req_reserved2", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_msgservice_res_result,
{ "Result", "s7comm.cpu.msg.res_result", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_msgservice_res_reserved1,
{ "Reserved/Unknown", "s7comm.cpu.msg.res_reserved1", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_msgservice_res_reserved2,
{ "Reserved/Unknown", "s7comm.cpu.msg.res_reserved2", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_cpu_msgservice_res_reserved3,
{ "Reserved/Unknown", "s7comm.cpu.msg.res_reserved3", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_modetrans_param_subfunc,
{ "Current mode", "s7comm.param.modetrans.subfunc", FT_UINT8, BASE_DEC, VALS(modetrans_param_subfunc_names), 0x0,
NULL, HFILL }},
/* TIA Portal stuff */
{ &hf_s7comm_tia1200_item_reserved1,
{ "1200 sym Reserved", "s7comm.tiap.item.reserved1", FT_UINT8, BASE_HEX, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_tia1200_item_area1,
{ "1200 sym root area 1", "s7comm.tiap.item.area1", FT_UINT16, BASE_HEX, VALS(tia1200_var_item_area1_names), 0x0,
"Area from where to read: DB or Inputs, Outputs, etc.", HFILL }},
{ &hf_s7comm_tia1200_item_area2,
{ "1200 sym root area 2", "s7comm.tiap.item.area2", FT_UINT16, BASE_HEX, VALS(tia1200_var_item_area2_names), 0x0,
"Specifies the area from where to read", HFILL }},
{ &hf_s7comm_tia1200_item_area2unknown,
{ "1200 sym root area 2 unknown", "s7comm.tiap.item.area2unknown", FT_UINT16, BASE_HEX, NULL, 0x0,
"For current unknown areas", HFILL }},
{ &hf_s7comm_tia1200_item_dbnumber,
{ "1200 sym root DB number", "s7comm.tiap.item.dbnumber", FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_tia1200_item_crc,
{ "1200 sym CRC", "s7comm.tiap.item.crc", FT_UINT32, BASE_HEX, NULL, 0x0,
"CRC generated out of symbolic name with (x^32+x^31+x^30+x^29+x^28+x^26+x^23+x^21+x^19+x^18+x^15+x^14+x^13+x^12+x^9+x^8+x^4+x+1)", HFILL }},
{ &hf_s7comm_tia1200_var_lid_flags,
{ "LID flags", "s7comm.tiap.item.lid_flags", FT_UINT8, BASE_DEC, VALS(tia1200_var_lid_flag_names), 0xf0,
NULL, HFILL }},
{ &hf_s7comm_tia1200_substructure_item,
{ "Substructure", "s7comm.tiap.item.substructure", FT_NONE, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_s7comm_tia1200_item_value,
{ "Value", "s7comm.tiap.item.value", FT_UINT32, BASE_DEC, NULL, 0x0fffffff,
NULL, HFILL }},
};
static ei_register_info ei[] = {
{ &ei_s7comm_data_blockcontrol_block_num_invalid, { "s7comm.data.blockcontrol.block_number.invalid", PI_MALFORMED, PI_ERROR,
"Block number must be a string containing an integer", EXPFILL }},
{ &ei_s7comm_ud_blockinfo_block_num_ascii_invalid, { "s7comm.data.blockinfo.block_number.invalid", PI_MALFORMED, PI_ERROR,
"Block info must be a string containing an integer", EXPFILL }}
};
static gint *ett[] = {
&ett_s7comm,
&ett_s7comm_header,
&ett_s7comm_param,
&ett_s7comm_param_item,
&ett_s7comm_param_subitem,
&ett_s7comm_data,
&ett_s7comm_data_item,
&ett_s7comm_item_address,
&ett_s7comm_diagdata_registerflag,
&ett_s7comm_userdata_blockinfo_flags,
&ett_s7comm_cpu_alarm_message,
&ett_s7comm_cpu_alarm_message_object,
&ett_s7comm_cpu_alarm_message_signal,
&ett_s7comm_cpu_alarm_message_timestamp,
&ett_s7comm_cpu_alarm_message_associated_value,
&ett_s7comm_cpu_diag_msg,
&ett_s7comm_cpu_diag_msg_eventid,
&ett_s7comm_cpu_msgservice_subscribe_events,
&ett_s7comm_piservice_parameterblock,
&ett_s7comm_data_blockcontrol_status,
&ett_s7comm_plcfilename
};
proto_s7comm = proto_register_protocol (
"S7 Communication", /* name */
"S7COMM", /* short name */
"s7comm" /* abbrev */
);
proto_register_field_array(proto_s7comm, hf, array_length (hf));
s7comm_register_szl_types(proto_s7comm);
proto_register_subtree_array(ett, array_length (ett));
expert_s7comm = expert_register_protocol(proto_s7comm);
expert_register_field_array(expert_s7comm, ei, array_length(ei));
}
/* Register this protocol */
void
proto_reg_handoff_s7comm(void)
{
/* register ourself as an heuristic cotp (ISO 8073) payload dissector */
heur_dissector_add("cotp", dissect_s7comm, "S7 Communication over COTP", "s7comm_cotp", proto_s7comm, HEURISTIC_ENABLE);
heur_dissector_add("cotp_is", dissect_s7comm, "S7 Communication over COTP", "s7comm_cotp_is", proto_s7comm, HEURISTIC_ENABLE);
}
/*
* Editor modelines - http://www.wireshark.org/tools/modelines.html
*
* Local variables:
* c-basic-offset: 4
* tab-width: 8
* indent-tabs-mode: nil
* End:
*
* vi: set shiftwidth=4 tabstop=8 expandtab:
* :indentSize=4:tabSize=8:noTabs=true:
*/