IoTClient开发6 - S7-200SmarTcp协议客户端实现
程序员文章站
2022-06-24 09:36:02
环境和工具 服务端电脑IP:192.168.1.130 客户端电脑IP:192.168.1.120 1、在服务端电脑运行 "IoTClientTool" 2、运行 "Wireshark" 3、在客户端电脑运行 "IoTClientTool" 4、Wireshark得到如下报文 报文分析,plc的连接 ......
环境和工具
服务端电脑ip:192.168.1.130
客户端电脑ip:192.168.1.120
1、在服务端电脑运行iotclienttool
2、运行wireshark
3、在客户端电脑运行iotclienttool
4、wireshark得到如下报文
报文分析,plc的连接
我们看到上面连接西门子plc抓取到了八条报文。其中有tcp的三次握手、和对最后一次响应的回复,然后就是西门子特有的两次初始化指令的请求和响应。
两次初始化指令
不同型号的西门子plc有不同的初始化指令,同型号的指令固定不变。
代码实现对plc的连接
//直接是wireshark抓取到的报文数据 var command1 = new byte[22] { 0x03,0x00,0x00,0x16,0x11,0xe0,0x00,0x00, 0x00,0x01,0x00,0xc1,0x02,0x10,0x00,0xc2, 0x02,0x03,0x00,0xc0,0x01,0x0a }; var command2 = new byte[25] { 0x03,0x00,0x00,0x19,0x02,0xf0,0x80,0x32, 0x01,0x00,0x00,0xcc,0xc1,0x00,0x08,0x00, 0x00,0xf0,0x00,0x00,0x01,0x00,0x01,0x03,0xc0 }; socket socket = new socket(addressfamily.internetwork, sockettype.stream, protocoltype.tcp); socket.connect(new ipendpoint(ipaddress.parse(ip), port)); //第一次初始化指令交互 socket.send(command1); var head1 = socketread(socket, siemensconstant.initheadlength); socketread(socket, getcontentlength(head1)); //第二次初始化指令交互 socket.send(command2); var head2 = socketread(socket, siemensconstant.initheadlength); socketread(socket, getcontentlength(head2));
对寄存器的读取
我们在客户端电用iotclienttool读取地址v2634,抓取到包
我们可以看到其中很多都是固定的数据,如版本号、协议id等等。所以,我们可以以此规律获取对应的指令格式
protected byte[] getreadcommand(byte type, int beginaddress, ushort dbaddress, ushort length) { byte[] command = new byte[31]; command[0] = 0x03; command[1] = 0x00;//[0][1]固定报文头 command[2] = (byte)(command.length / 256); command[3] = (byte)(command.length % 256);//[2][3]整个读取请求长度为0x1f= 31 command[4] = 0x02; command[5] = 0xf0; command[6] = 0x80;//cotp command[7] = 0x32;//协议id command[8] = 0x01;//1 客户端发送命令 3 服务器回复命令 command[9] = 0x00; command[10] = 0x00;//[4]-[10]固定6个字节 command[11] = 0x00; command[12] = 0x01;//[11][12]两个字节,标识序列号,回复报文相同位置和这个完全一样;范围是0~65535 command[13] = 0x00; command[14] = 0x0e;//parameter length([17]-[30]都为parameter刚好14也就是0x0e) command[15] = 0x00; command[16] = 0x00;//data length command[17] = 0x04;//04读 05写 command[18] = 0x01;//读取数据块个数 command[19] = 0x12;//variable specification command[20] = 0x0a;//length of following address specification command[21] = 0x10;//syntax id: s7any command[22] = 0x02;//transport size: byte command[23] = (byte)(length / 256); command[24] = (byte)(length % 256);//[23][24]两个字节,访问数据的个数,以byte为单位; command[25] = (byte)(dbaddress / 256); command[26] = (byte)(dbaddress % 256);//[25][26]db块的编号 command[27] = type;//访问数据块的类型 command[28] = (byte)(beginaddress / 256 / 256); command[29] = (byte)(beginaddress / 256); command[30] = (byte)(beginaddress % 256);//[28][29][30]访问db块的偏移量 return command; }
读取数据
public result<byte[]> readstring(string address, ushort length) { connect(); var result = new result<byte[]>(); //发送读取信息 var arg = convertarg(address); byte[] command = getreadcommand(arg.typecode, arg.beginaddress, arg.dbblock, length); result.requst = string.join(" ", command.select(t => t.tostring("x2"))); var datapackage = sendpackage(command); byte[] requst = new byte[length]; array.copy(datapackage, 25, requst, 0, length); //array.copy(datapackage, datapackage.length - length, requst, 0, length); result.response = string.join(" ", datapackage.select(t => t.tostring("x2"))); result.value = requst; return result; }
对寄存器的写入
我们在客户端电用iotclienttool对地址v2634写入值666,抓取到包
我们可以以此规律获取对应的指令格式
protected byte[] getwritecommand(byte type, int beginaddress, ushort dbaddress, byte[] data) { byte[] command = new byte[35 + data.length]; command[0] = 0x03; command[1] = 0x00;//[0][1]固定报文头 command[2] = (byte)((35 + data.length) / 256); command[3] = (byte)((35 + data.length) % 256);//[2][3]整个读取请求长度 command[4] = 0x02; command[5] = 0xf0; command[6] = 0x80; command[7] = 0x32;//[4]-[7]固定数据 command[8] = 0x01;//1 客户端发送命令 3 服务器回复命令 command[9] = 0x00; command[10] = 0x00; command[11] = 0x00; command[12] = 0x01;//[9]-[12]标识序列号 command[13] = 0x00; command[14] = 0x0e; command[15] = (byte)((4 + data.length) / 256); command[16] = (byte)((4 + data.length) % 256);//[15][16]写入长度+4 command[17] = 0x05;//04读 05写 command[18] = 0x01;//写入数据块个数 command[19] = 0x12; command[20] = 0x0a; command[21] = 0x10;//[19]-[21]固定 command[22] = 0x02;//写入方式,1是按位,2是按字 command[23] = (byte)(data.length / 256); command[24] = (byte)(data.length % 256);//写入数据个数 command[25] = (byte)(dbaddress / 256); command[26] = (byte)(dbaddress % 256);//db块的编号 command[27] = type; command[28] = (byte)(beginaddress / 256 / 256 % 256); ; command[29] = (byte)(beginaddress / 256 % 256); command[30] = (byte)(beginaddress % 256);//[28][29][30]访问db块的偏移量 command[31] = 0x00; command[32] = 0x04;//04 byte(字节) 03bit(位) command[33] = (byte)(data.length * 8 / 256); command[34] = (byte)(data.length * 8 % 256);//按位计算出的长度 data.copyto(command, 35); return command; }
写入数据
public result write(string address, byte[] data) { if (!socket?.connected ?? true) connect(); result result = new result(); array.reverse(data); //发送写入信息 var arg = convertarg(address); byte[] command = getwritecommand(arg.typecode, arg.beginaddress, arg.dbblock, data); result.requst = string.join(" ", command.select(t => t.tostring("x2"))); var datapackage = sendpackage(command); result.response = string.join(" ", datapackage.select(t => t.tostring("x2"))); return result; }
iotclient中s7-200smartcp协议的使用
安装
nuget安装 install-package iotclient
或图形化安装
使用
//1、实例化客户端 - 输入正确的ip和端口 siemensclient client = new siemensclient(siemensversion.s7_200smart, "127.0.0.1",102); //2、写操作 client.write("q1.3", true); client.write("v2205", (short)11); client.write("v2209", 33); //3、读操作 var value1 = client.readboolean("q1.3").value; var value2 = client.readint16("v2205").value; var value3 = client.readint32("v2209").value; //4、如果没有主动open,则会每次读写操作的时候自动打开自动和关闭连接,这样会使读写效率大大减低。所以建议手动open和close。 client.open(); //5、读写操作都会返回操作结果对象result var result = client.readint16("v2205"); //5.1 读取是否成功(true或false) var issucceed = result.issucceed; //5.2 读取失败的异常信息 var errmsg = result.err; //5.3 读取操作实际发送的请求报文 var requst = result.requst; //5.4 读取操作服务端响应的报文 var response = result.response; //5.5 读取到的值 var value3 = result.value;
结束
- 同步至索引目录:《物联网基础组件iotclient开发系列》
- 参考:
- 完整实现:https://github.com/zhaopeiym/iotclient
上一篇: MySQL优化 - 索引优化