Should a Modbus TCP client expect messages with no MBAP header?

0
votes

I am writing a Modbus TCP client program from scratch and use the Pymodslave simulator for testing. Pymodslave uses unit id 01. If I send a message with a different unit id, for example FF, Pymodslave responds with an exception message that consists of the PDU only and has no MBAP header.

Raw request data (Read Holding Registers, address 160, 1 register):

00 00 00 00 00 06 FF 03 00 A0 00 01

Raw response data:

83 04

This is the PDU of a Server Device Failure exception response.

My question is: Should my client program handle such a PDU-only message with no MBAP header, or does this look like a quirk of Pymodslave?

Here is a little more context.

If the unit id is what Pymodslave expects then it always sends a full ADU. Here are two examples:

If I change the unit id byte in the request from FF to 01 then the messages are:

Request:

00 00 00 00 00 06 FF 03 00 A0 00 01

Response (success, register value is zero):

00 00 00 00 00 05 01 03 02 00 00

If I use the correct unit id and an invalid register number FFFF then the exception response has an MBAP header: Request:

00 00 00 00 00 06 01 03 FF FF 00 01

Response (exception, Illegal Data Address):

00 00 00 00 00 03 01 83 02
1
modbusmodbus-tcp

1 Answers

0
votes

I'm not very familiar with the slave you're using but in my experience, most slaves ignore messages that are not addressed to them.

Quoting from the Modbus spec:

Slaves return a message (called a ‘response’) to queries that are addressed to them individually

So if the query is not directed to them they should simply ignore it. Which in your case means you should be getting a timeout error on the master.

Although I cannot guarantee they are fully compliant with the spec, I find Win-Tech tools very reliable if you have a Windows machine. I've also used pymodbus and libmodbus quite extensively and other than minor bugs I've never had any complaints. I'm not encouraging you to drop pymodslave but you might want to take a look at the code to see why you're getting that response.

Nothing that should worry you too much but according to the Modbus specification slave valid addresses range from 1 to 247 so you should not be using 0xFF as a slave ID if you want to comply. Most hardware vendors stick to this rule and won't allow addresses over 247.