F.e. 2xPLC connected over MPI (2+4), 2 has a Ethernet-CP (343), it is yet not possible to connect to PLC 4 with libnodave but with siemens original S7V5.3 Software (when using an Project).
Is it possible for you to change the sending of CR to get Source/Destination TSAP over Parameters, so the correct routing information could be transfered. There are 2 - 16 unsigned chars needed.
Sincerly yours
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I do not have 2 CPUs and a CP to test this situation.
Generally, routing is not yet supported by libnodave in any way.
>Is it possible for you to change the sending of CR..
What do you mean by CR?
> to get >Source/Destination TSAP over Parameters, so the >correct routing information could be transfered. There are 2 - >16 unsigned chars needed.
What chars?
Where to insert them?
Thomas
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
After you connect to the CP by TCP/IP you send a TCP/IP Packet to the CP, a TPKT (TCP/IP-Wrapper around the ISO 8073-Data). The Type of this packet is a ISO8073-Type with CR = Connection Request, in this connection request you specify the class/option and a source/destination TSAP (the C1 02 0102 and C2 02 0200).
C1/C2 are the type of the parameters (SRC/DST-TSAP ), next byte is the length and then the so called TSAP (transport service access point). for the S73/4xx you define here the slot/rack/function code for S72xx you insert "MW" (for MicroWin, the programming software from siemens)
For routing/connecting purposes you need an other TSAP (it is longer, the length of TSAP must be corrected and the length in the ISO and TPKT-Header must be corrected also)
I know it is not easy to understand it.
But when you chane it you are able to connect to PLC's connected over the same MPI/Profibus and
you are able to route further.
PS: I am doing the job from the CP-side
sincerly yours
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
>For routing/connecting purposes you need an other TSAP (it
> is longer, the length of TSAP must be corrected and the
> length in the ISO and TPKT-Header must be corrected also)
So this is needed only once when connecting to the CP?
If so, you could just change the constant b4 in line 3786 of nodave.c for a first test.
If that works for you let me know how your b4 looks like and, if possible, what has to be changed for different network adresses of the target CPU.
I should then look how to integrate it smoothly in into existing code.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
>So this is needed only once when connecting to the CP?
Yes exactly
>If so, you could just change the constant b4 in line >3786 of nodave.c for a first test.
>If that works for you let me know how your b4 looks like >and, if possible, what has to be changed for different >network adresses of the target CPU.
>I should then look how to integrate it smoothly in into >existing code.
I will try it out and send you the requested information (where is the PLC-Number, where the S7-SubnetID,function,IPAdress ...) in a few days (doing this in holidays). Problem is that there is a little bit "know how" inside.
PS: A customer of us will use your library to connect with our S7LAN (a interface to MPI / Profibus to Ethernet) to some PLC's in the same MPI/Profibus.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
>I will try it out and send you the requested information (where
> is the PLC-Number, where the >S7-SubnetID,function,IPAdress ...) in a few days (doing this >in holidays).
> Problem is that there is a little bit "know how" inside.
If you can do it this way, I thank you in advance and your contribution is very welcome. If, on the other hand, you feel you cannot give that know how away or cannot give it to free software, then I should prefer to wait until I or somebody else has the opportunity to find it out by reverse engineering.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
>If, on the other hand, you feel you cannot give that know >how away or cannot give it to free software, then I should >prefer to wait until I or somebody else has the opportunity >to find it out by reverse engineering.
I have done the reverse engineering already :-)
I think i will give you the information how to connect to a PLC in the same MPI-Net (not the information for a routing path to another MPI/Profibus)
Did you plan to communicate with the new profinet-PLC's ?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
>Did you plan to communicate with the new profinet-PLC's ?
Surely as soon as one might fall into my hands. But that may be years from now...
I think the specs for Profinet itself are open an publicly available, aren't they? So is ISO over TCP, but the secret is in the packet contents. After implementing MPI, then seeing the same PDUs going over PPI, it was no great deal to isolate the common part and put it into ISO packets (without reading the RFC1006, just imitating the packet format, hence "CR" wasn't known to me). So I should expect the send the same PDUs over Profinet?
BTW, for people who want to experiment: Libnodave has the possibility to choose a "user defined transport". You can then define your own versions of connectPLC, exchange and friends, set the function pointers of your daveInterface to them and have your own transport functions called back from Libnodave. No need to change nodave.c or ecompile anything.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
In the meantime I have been told that they still use ISO over TCP. So there will be nothing special and Libnodave should yet be able to communicate to them.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
>If you want to access a PLC where no MAC/IP - Adress is
> known you need other Ethjernet-Frames as normally used
>(IP-Type 8892h).
Do you mean this is a way to detect CPUs on a network segment?
And after doing so, communication continues with such frames, or will the deteted CPU respond with it's IP or MAC address?
If so, the following communication could continue with ISO over TCP.
I heard that newer CPUs/CPs will use TCP without ISO. Do you know more about that?
Thomas
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
firstly, I stated a few days that i will send you the information about connecting to a plc in the same MPI-network, i sent you a snippet of working code to your email-address additional comments included, feel free to use it, i therefor use some information out of your work.
second,
>Do you mean this is a way to detect CPUs on a network segment?
Yes, the S7 Software sends a ethernet frame (type 8892) to a multicast-adedress on which ALL Profinet-IO capable Devices respond (even those which are newly attached and so have no ip-address).
The Device is accessed with some few protocols for identification (which IP/Gateway/Subnet mask/MAC-Adress is used, Name of PLC, Type of device etc)
But after that the PLC is accessed by ISO over TCP.
>I heard that newer CPUs/CPs will use TCP without ISO. Do you know more about that?
No sorry, but I fave a 317-2PN (a new Profinet-IO capable PLC) which connects with ISO over TCP/IP for programming purposes (i don't think siemens changes this)
For accessing the (decentral) peripheral the PLC uses an own type of Ethernet-frame (guess! yes it is 8892)
If you want more information about Profinet-(IO) download the latest ethereal it will decode the profinet-IO Data
I have also a book about profinet-IO (from Mr.Popp,The profinet-io book from www.huethig.de its a good overview of profinet including a description of the "special" ethernet frames)
sincerly yours
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
F.e. 2xPLC connected over MPI (2+4), 2 has a Ethernet-CP (343), it is yet not possible to connect to PLC 4 with libnodave but with siemens original S7V5.3 Software (when using an Project).
Is it possible for you to change the sending of CR to get Source/Destination TSAP over Parameters, so the correct routing information could be transfered. There are 2 - 16 unsigned chars needed.
Sincerly yours
I do not have 2 CPUs and a CP to test this situation.
Generally, routing is not yet supported by libnodave in any way.
>Is it possible for you to change the sending of CR..
What do you mean by CR?
> to get >Source/Destination TSAP over Parameters, so the >correct routing information could be transfered. There are 2 - >16 unsigned chars needed.
What chars?
Where to insert them?
Thomas
Ah, Sorry i thought that you know about RFC1006 (see http://www.rfc-editor.org/rfc.html for it) and ISO8073
(see http://isotc.iso.ch/livelink/livelink/fetch/2000/2489/Ittf_Home/PubliclyAvailableStandards.htm??Redirect=1
)
After you connect to the CP by TCP/IP you send a TCP/IP Packet to the CP, a TPKT (TCP/IP-Wrapper around the ISO 8073-Data). The Type of this packet is a ISO8073-Type with CR = Connection Request, in this connection request you specify the class/option and a source/destination TSAP (the C1 02 0102 and C2 02 0200).
C1/C2 are the type of the parameters (SRC/DST-TSAP ), next byte is the length and then the so called TSAP (transport service access point). for the S73/4xx you define here the slot/rack/function code for S72xx you insert "MW" (for MicroWin, the programming software from siemens)
For routing/connecting purposes you need an other TSAP (it is longer, the length of TSAP must be corrected and the length in the ISO and TPKT-Header must be corrected also)
I know it is not easy to understand it.
But when you chane it you are able to connect to PLC's connected over the same MPI/Profibus and
you are able to route further.
PS: I am doing the job from the CP-side
sincerly yours
>For routing/connecting purposes you need an other TSAP (it
> is longer, the length of TSAP must be corrected and the
> length in the ISO and TPKT-Header must be corrected also)
So this is needed only once when connecting to the CP?
If so, you could just change the constant b4 in line 3786 of nodave.c for a first test.
If that works for you let me know how your b4 looks like and, if possible, what has to be changed for different network adresses of the target CPU.
I should then look how to integrate it smoothly in into existing code.
>So this is needed only once when connecting to the CP?
Yes exactly
>If so, you could just change the constant b4 in line >3786 of nodave.c for a first test.
>If that works for you let me know how your b4 looks like >and, if possible, what has to be changed for different >network adresses of the target CPU.
>I should then look how to integrate it smoothly in into >existing code.
I will try it out and send you the requested information (where is the PLC-Number, where the S7-SubnetID,function,IPAdress ...) in a few days (doing this in holidays). Problem is that there is a little bit "know how" inside.
PS: A customer of us will use your library to connect with our S7LAN (a interface to MPI / Profibus to Ethernet) to some PLC's in the same MPI/Profibus.
>I will try it out and send you the requested information (where
> is the PLC-Number, where the >S7-SubnetID,function,IPAdress ...) in a few days (doing this >in holidays).
> Problem is that there is a little bit "know how" inside.
If you can do it this way, I thank you in advance and your contribution is very welcome. If, on the other hand, you feel you cannot give that know how away or cannot give it to free software, then I should prefer to wait until I or somebody else has the opportunity to find it out by reverse engineering.
>If, on the other hand, you feel you cannot give that know >how away or cannot give it to free software, then I should >prefer to wait until I or somebody else has the opportunity >to find it out by reverse engineering.
I have done the reverse engineering already :-)
I think i will give you the information how to connect to a PLC in the same MPI-Net (not the information for a routing path to another MPI/Profibus)
Did you plan to communicate with the new profinet-PLC's ?
>Did you plan to communicate with the new profinet-PLC's ?
Surely as soon as one might fall into my hands. But that may be years from now...
I think the specs for Profinet itself are open an publicly available, aren't they? So is ISO over TCP, but the secret is in the packet contents. After implementing MPI, then seeing the same PDUs going over PPI, it was no great deal to isolate the common part and put it into ISO packets (without reading the RFC1006, just imitating the packet format, hence "CR" wasn't known to me). So I should expect the send the same PDUs over Profinet?
BTW, for people who want to experiment: Libnodave has the possibility to choose a "user defined transport". You can then define your own versions of connectPLC, exchange and friends, set the function pointers of your daveInterface to them and have your own transport functions called back from Libnodave. No need to change nodave.c or ecompile anything.
In the meantime I have been told that they still use ISO over TCP. So there will be nothing special and Libnodave should yet be able to communicate to them.
Sorry, my fault - for an access to an (known) PLC with (known) IP Adress you don't need to change something.
I am working on a ProfiNet-IO compliant Device so i thought Profinet for access to PLC is the same.
If you want to access a PLC where no MAC/IP - Adress is known you need other Ethjernet-Frames as normally used (IP-Type 8892h).
sincerly yours
>If you want to access a PLC where no MAC/IP - Adress is
> known you need other Ethjernet-Frames as normally used
>(IP-Type 8892h).
Do you mean this is a way to detect CPUs on a network segment?
And after doing so, communication continues with such frames, or will the deteted CPU respond with it's IP or MAC address?
If so, the following communication could continue with ISO over TCP.
I heard that newer CPUs/CPs will use TCP without ISO. Do you know more about that?
Thomas
firstly, I stated a few days that i will send you the information about connecting to a plc in the same MPI-network, i sent you a snippet of working code to your email-address additional comments included, feel free to use it, i therefor use some information out of your work.
second,
>Do you mean this is a way to detect CPUs on a network segment?
Yes, the S7 Software sends a ethernet frame (type 8892) to a multicast-adedress on which ALL Profinet-IO capable Devices respond (even those which are newly attached and so have no ip-address).
The Device is accessed with some few protocols for identification (which IP/Gateway/Subnet mask/MAC-Adress is used, Name of PLC, Type of device etc)
But after that the PLC is accessed by ISO over TCP.
>I heard that newer CPUs/CPs will use TCP without ISO. Do you know more about that?
No sorry, but I fave a 317-2PN (a new Profinet-IO capable PLC) which connects with ISO over TCP/IP for programming purposes (i don't think siemens changes this)
For accessing the (decentral) peripheral the PLC uses an own type of Ethernet-frame (guess! yes it is 8892)
If you want more information about Profinet-(IO) download the latest ethereal it will decode the profinet-IO Data
I have also a book about profinet-IO (from Mr.Popp,The profinet-io book from www.huethig.de its a good overview of profinet including a description of the "special" ethernet frames)
sincerly yours