File | Date | Author | Commit |
---|---|---|---|
bin | 2021-12-19 | med7at69 | [d8efe2] reopen socket if connection failed |
images | 2021-12-17 | med7at69 | [d2e6c5] images |
LICENSE | 2021-11-08 | med7at69 | [131251] Initial commit |
README.md | 2021-12-17 | med7at69 | [d2e6c5] images |
iec104MM2SS.csv | 2021-12-17 | med7at69 | [8f28a3] Single port for all masters per group |
iec104MM2SS.pdf | 2021-12-17 | med7at69 | [8f28a3] Single port for all masters per group |
iec104MM2SS.py | 2021-12-19 | med7at69 | [d8efe2] reopen socket if connection failed |
IEC 104 Multiple-Masters to Single-Slave (IEC104MM2SS) – Ver 1.0
By M. Medhat
TOC \o "1-3" \h \z \u Introduction and why I wrote this program PAGEREF _Toc90581814 \h 2
Program arguments PAGEREF _Toc90581815 \h 4
Program operation PAGEREF _Toc90581816 \h 5
Initial file format PAGEREF _Toc90581817 \h 7
Program GUI PAGEREF _Toc90581818 \h 9
Using Windows “sc” tool to manipulate service PAGEREF _Toc90581819 \h 9
Troubleshooting PAGEREF _Toc90581820 \h 11
Appendix A - Sample initial file PAGEREF _Toc90581821 \h 12
Appendix B – GUI screenshots PAGEREF _Toc90581822 \h 16
Appendix C – Windows binary files PAGEREF _Toc90581823 \h 17
Appendix D - Other projects PAGEREF _Toc90581824 \h 17
If this project help you reduce time to develop, please spend some of your time to check link below:
The Fog is Lifting video
https://www.youtube.com/watch?v=bdH16Hz1naI
The Fog is Lifting' is one of the best holistic presentations a non Muslim can watch about Islam to learn about: its meaning, its beliefs and its concepts.
This program will connect multiple masters (SCADA master stations) to a single slave (RTU) as defined in protocol IEC 60870-5-104. Although the protocol IEC 104 itself doesn’t have a direct way to do that but the program will play the Man In The Middle role to achieve this connection.
Any number of masters connected to a slave is forming a group. You can create any number of groups and the program will establish the communication among each group members independent on the other groups. Each master in each group can receive IO status and send commands to the slave RTU independent on the other masters.
Why may anyone need the IEC104MM2SS program?
For cyber security reasons, the slave RTU is configured to accept connections from specific number of masters’ IPs. Some RTUs may have limited number of masters to be configured.
In my company, we were replacing our legacy SCADA system with new one. During the test period we need both two systems’ servers to communicate to the RTUs and station control systems (SCS) simultaneously. We have 2 old servers + 2 new servers at the main control center + 1 server at the backup control center. These total of 5 servers so here is the problem:
For the above reasons, I wrote the IEC104MM2SS program.
Program features:
Program is distributed under GPL license and could be found on GitHub:
https://github.com/med7at69/IEC104-MultipleMasters2SingleSlave
It is written in python3 language and code is supporting both Windows and Linux OS.
Package contains the following files:
iec104mm2ss.py: The code in python 3 language.
iec104mm2ss.csv: ini file in comma separated values. Must be in the same folder where program starts in.
Iec104mm2ss.pdf: Help file in pdf format.
Readme.md
LICENSE file.
There are two formats for the program arguments, one to provide parameters to run program normally (not as Windows service) and the other one is for manipulation of service operation. It is not possible to mix the two formats together.
-h or --help display help message.
-i or --ini specify init file name.
-t or --ntp_update_every_sec NTP update interval (seconds). Default = 900 sec.
-s or --ntp_server NTP server (may repeated for multiple servers).
-n or –nogui No GUI operation.
-c or –service Run as Windows service (no GUI operation).
Usage:
usage iec104mm2ss [[-h][--help]] [[-i][--ini] init-file] [[-t][--ntp_update_every_sec] sec] [[-s][--ntp_server] ntpserver]
example1:
iec104mm2ss -i iec104rs1.csv
example2:
iec104mm2ss --ntp_server pool.ntp.org --ntp_server time.windows.com
To install the program as Windows service run 'iec104mm2ss --startup auto install'
When the program run as Windows service it will use the default initial file ‘iec104mm2ss.csv’. To use another initial file, check the part in this file explaining using Windows “sc” tool,
Details of service arguments:
Usage: 'iec104mm2ss [options] install|update|remove|start [...]|stop|restart [...]|debug [...]'
Options for 'install' and 'update' commands only:
--username domain\username : The Username the service is to run under
--password password : The password for the username
--startup [manual|auto|disabled|delayed] : How the service starts, default = manual
--interactive : Allow the service to interact with the desktop.
--perfmonini file: .ini file to use for registering performance monitor data
--perfmondll file: .dll file to use when querying the service for
performance data, default = perfmondata.dll
Options for 'start' and 'stop' commands only:
--wait seconds: Wait for the service to actually start or stop.
If you specify --wait with the 'stop' option, the service
and all dependent services will be stopped, each waiting
the specified period.
Initial file (default name is iec104mm2ss.csv): It is a comma separated values file format or “.csv” which should be available in the same folder where program starts in. In the file you can define the following:
Log file for each RTU and each master are saved in folder “log”. Folder “log” will be created in the same folder where the program starts in.
When the program starts it will:
General notes:
Please check appendix A for sample initial file format.
Trying to make the graphical user interface as simple as possible:
More screenshots available in appendix “C”.
When using the program to connect multiple SCADA masters to the same slave (RTU/SCS) then usually you will run the program from the SCADA front end servers, and it should run all the time and start running even if no one logged on the server. So, we need to install the program to run as a service (or multiple services) under Windows.
The best way to install and start multiple instances of the program as multiple Windows services is to use the Windows “sc” tool came with Windows.
For example, if you copied the program to the folder “c:\iec104mm2ss_1”, to install the service you can run “sc” as follows:
sc create iec104mm2ss binPath=" c:\iec104mm2ss_1\iec104mm2ss.exe -c" start="auto" DisplayName="IEC104 Multiple Masters to Single Slave_1"
For old windows versions such as windows server 2003 and 2008 we have to leave a “space” between the option and its value:
sc create iec104mm2ss binPath= " c:\iec104mm2ss_1\iec104mm2ss.exe -c" start= "auto" DisplayName= "IEC104 Multiple Masters to Single Slave_1"
The “-c” is a must to tell the program to start as a service not in program normal operation.
Another example: if you want to specify initial file name other than the default name:
sc create iec104mm2ss_1 binPath=" c:\iec104mm2ss_1\iec104mm2ss.exe -c -i iec104mm2ss_1.csv" start="auto" DisplayName="IEC104 Multiple Masters to Single Slave_1"
The initial file “iec104mm2ss_1.csv” should also be in the same folder of the program which is here “c:\iec104mm2ss_1”
You can easily create another service instance in another folder as follows:
sc create iec104mm2ss_2 binPath=" c:\iec104mm2ss_2\iec104mm2ss.exe -c -i iec104mm2ss_2.csv" start="auto" DisplayName="IEC104 Multiple Masters to Single Slave_2"
For more information, please check the Windows “sc” help.
Program did not load one or more configured masters/slaves in the initial file:
Local time not updated although NTP servers configured, and it is tested normally.
Local time updated successfully.
No admin privilege so program cannot update the local time.
Program is trying but cannot connect to the NTP servers so please check the network connection and the availability of the configured servers.
iec104MM2SS-1port-v1.0 ini file,,,,,,,,,,,,,,,
# If first character of first column in any row of RTUs/System entries is ! Then program will cancel the rest of the rows.,,,,,,,,,,,,,,,
# The program will try connection to Slave/RTU host IPs sequentially and will listen to port no. accepting multiple connections from master SCADA systems.,,,,,,,,,,,,,,,
# Program will not accept connections from the master SCADA system until connected to the corresponding slave RTU.,,,,,,,,,,,,,,,
# Program will not accept master conection from same ip address the slave already connected to.,,,,,,,,,,,,,,,
# uncomment nogui to start the program without the GUI interface.,,,,,,,,,,,,,,,
# starting by general settings in comma separated values.,,,,,,,,,,,,,,,
# ,,,,,,,,,,,,,,,
# NTP server settings,,,,,,,,,,,,,,,
# parameter of ntp_server could be repeated multiple times in separated lines for multiple servers.,,,,,,,,,,,,,,,
# Masters/Clients settings in comma separated values.,,,,,,,,,,,,,,,
# Each entry contains information for Slave/Master connection.,,,,,,,,,,,,,,,
# port number should be unique for each entry.,,,,,,,,,,,,,,,
# rtu no could be repeated in different entries.,,,,,,,,,,,,,,,
# sys name is the system/station/RTU name for the entry.,,,,,,,,,,,,,,,
# sys name is 16 characters maximum.,,,,,,,,,,,,,,,
# id should be a unique number for each entry.,,,,,,,,,,,,,,,
# buffsize: Receive buffer size. Default is 1000 bytes.,,,,,,,,,,,,,,,
# logevents: if Y then a log file will be created in log folder for this Slave/Master entry.,,,,,,,,,,,,,,,
# keep connection from same master ip: Accept multiple master connections from same IP address. Default = all.,,,,,,,,,,,,,,,
"# keep connection from same master ip, old: reject new and keep old connection, new: accept new and close old connection.",,,,,,,,,,,,,,,
# hosts: a list of slave/RTU IP:Port separated by ; program will try them sequentially until one accept connection.,,,,,,,,,,,,,,,
# filter: a list of hosts/net separated by ; which the program will only accept connection from under this entry.,,,,,,,,,,,,,,,
# IEC 104 constants:,,,,,,,,,,,,,,,
# w: Max. number of APDUs the receiver should wait before ack. Default is 8 packets.,,,,,,,,,,,,,,,
# k: Max. number of APDUs the transmitter can send before receiving ack. Default is 12 packets.,,,,,,,,,,,,,,,
# idletime: time in seconds. If no data for idletime seconds the connection will be disconnected.,,,,,,,,,,,,,,,
"# t1, t2 and t3: IEC 104 time constant in seconds",,,,,,,,,,,,,,,
# t1: Time-Out of send or test APDU after which we must disconnect if no ack of I-Format packets. Default is 15 sec.,,,,,,,,,,,,,,,
# t2: Send S-Format if no receive I-format without sending I format for t2 seconds. Default is 10 sec.,,,,,,,,,,,,,,,
# t3: send testfr packet if no data for t3 seconds. Default is 20 sec.,,,,,,,,,,,,,,,
id,sys name,port no,rtu no,max conn,idletime,t1,t2,t3,w,k,buffsize,logevents,same ip,hosts,filter
111,RTU-ABB,2404,32,2,60,15,10,20,8,12,1000,Y,all,192.168.1.1:2413;192.168.1.1:2414;192.168.1.1:2415;127.0.0.1:2410,192.168.1.16;127.0.0.0/24;10.1.1.0/24
222,Dreez-SCS,2405,101,2,60,15,10,20,8,12,1000,Y,new,192.168.1.1:2413;192.168.1.1:2414;127.0.0.1:2411;192.168.1.1:2415,192.168.1.16;127.0.0.0/24;10.1.1.0/24
!,Dreez,,101,3,60,15,10,20,8,12,1000,Y,new,127.0.0.1:2405;192.168.1.1:2405,
444,ABB-2,2408,32,3,60,15,10,20,8,12,1000,Y,old,192.168.1.16;127.0.0.0/24;10.1.1.0/24,
555,OSI-2,2409,105,3,60,15,10,20,8,12,1000,Y,old,192.168.1.16;127.0.0.0/24;10.1.1.0/24,
Tab1 – Full master/slave list
![Graphical user interface, text, application
Description automatically generated](images/Aspose.Words.663244e5-f223-40f8-ac29-2063354725bd.009.png)
2 groups.
Tab2 – Comparisons and parameters editing.
![Graphical user interface, text, application
Description automatically generated](images/Aspose.Words.663244e5-f223-40f8-ac29-2063354725bd.010.png)
Windows binary file is generated by nuitka Python compiler:
By using the following command:
python -m nuitka --windows-file-description="IEC104 Multiple Masters to Single Slave" --windows-file-version="1.0" --windows-product-version="1.0" --windows-company-name="M.M" --onefile --plugin-enable=tk-inter --standalone --mingw64 iec104mm2ss.py
IEC 104 RTU Simulator
https://github.com/med7at69/IEC104-RTU-Simulator
IEC 104 RTU simulator is a program to simulate the operation of RTU (remote terminal unit) or server as defined by protocol IEC 60870-5-104. It can simulate any number of RTUs or servers. Simulated RTUs could be connected to different or same SCADA master station. IO signals are indexed and grouped by using index numbers. You can send IO signals from all RTUs to the connected SCADA master stations at once by using index number.
Program features: