s7comm

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 9, 2026 License: BSD-3-Clause, GPL-3.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	COTPTypeCR = 0xE0 // Connection Request (type code 14 = 0xE in upper nibble)
	COTPTypeCC = 0xD0 // Connection Confirm (type code 13 = 0xD in upper nibble)
	COTPTypeDR = 0x80 // Disconnect Request (type code 8 = 0x8 in upper nibble)
	COTPTypeDC = 0xC0 // Disconnect Confirm (type code 12 = 0xC in upper nibble)
	COTPTypeDT = 0xF0 // Data Transfer (type code 15 = 0xF in upper nibble)
	COTPTypeED = 0x10 // Expedited Data (type code 1 = 0x1 in upper nibble)
	COTPTypeAK = 0x60 // Data Acknowledgement (type code 6 = 0x6 in upper nibble)
	COTPTypeEA = 0x20 // Expedited Data Acknowledgement (type code 2 = 0x2 in upper nibble)
	COTPTypeRJ = 0x50 // Reject (type code 5 = 0x5 in upper nibble)
	COTPTypeER = 0x70 // TPDU Error (type code 7 = 0x7 in upper nibble)
)

COTP PDU Types (ISO 8073) These are the upper nibble values after masking with 0xF0 The PDU type is encoded in the upper nibble of the COTP header byte

View Source 
const (
	S7CommMsgTypeJobRequest = 0x01 // Job Request (client -> PLC)
	S7CommMsgTypeAck        = 0x02 // Acknowledgement without data
	S7CommMsgTypeAckData    = 0x03 // Acknowledgement with data
	S7CommMsgTypeUserData   = 0x07 // UserData (e.g., block upload, CPU info)
)

S7comm Message Types (ROSCTR - Remote Operating Service Control)

View Source 
const (
	S7FuncCPUServices        = 0x00 // CPU services
	S7FuncSetupCommunication = 0xF0 // Setup communication
	S7FuncReadVar            = 0x04 // Read variable
	S7FuncWriteVar           = 0x05 // Write variable
	S7FuncRequestDownload    = 0x1A // Request download
	S7FuncDownloadBlock      = 0x1B // Download block
	S7FuncDownloadEnded      = 0x1C // Download ended
	S7FuncStartUpload        = 0x1D // Start upload
	S7FuncUpload             = 0x1E // Upload
	S7FuncEndUpload          = 0x1F // End upload
	S7FuncPIService          = 0x28 // PI (Program Invocation) service
	S7FuncPLCStop            = 0x29 // PLC stop
	S7FuncPLCControl         = 0x00 // PLC control (same as CPU services)
)

S7comm Function Codes

View Source 
const (
	S7SyntaxIDS7Any       = 0x10 // S7-Any pointer (classic addressing)
	S7SyntaxIDDriveESAny  = 0x11 // Drive ES Any
	S7SyntaxID1200Sym     = 0x12 // 1200 symbolic addressing
	S7SyntaxIDDBRead      = 0x13 // DB read (PBC ID)
	S7SyntaxIDNCK         = 0x82 // NCK addressing (Sinumerik)
	S7SyntaxIDDriveMCSync = 0xA2 // Drive motion control sync
)

S7comm Syntax IDs

View Source 
const (
	S7AreaSysInfo       = 0x03 // System info of 200 family
	S7AreaSysFlags      = 0x05 // System flags of 200 family
	S7AreaAnalogInputs  = 0x06 // Analog inputs of 200 family
	S7AreaAnalogOutputs = 0x07 // Analog outputs of 200 family
	S7AreaCounter       = 0x1C // Counter (200 family) / (S7-300/400)
	S7AreaTimer         = 0x1D // Timer (200 family) / (S7-300/400)
	S7AreaCounter200    = 0x1E // Counter (200 family IEC)
	S7AreaTimer200      = 0x1F // Timer (200 family IEC)
	S7AreaPeripheral    = 0x80 // Direct peripheral access (P) - critical for I/O
	S7AreaInputs        = 0x81 // Process inputs (I)
	S7AreaOutputs       = 0x82 // Process outputs (Q)
	S7AreaFlags         = 0x83 // Bit memory/Merker (M)
	S7AreaDB            = 0x84 // Data blocks (DB)
	S7AreaDI            = 0x85 // Instance data blocks (DI)
	S7AreaLocal         = 0x86 // Local data (L)
	S7AreaVMemory       = 0x87 // V-Memory (200 family)
)

S7comm Memory Areas (from Wireshark packet-s7comm.c)

View Source 
const (
	S7TransportSizeNull       = 0x00 // NULL
	S7TransportSizeBit        = 0x01 // BIT
	S7TransportSizeByte       = 0x02 // BYTE/CHAR
	S7TransportSizeChar       = 0x03 // CHAR
	S7TransportSizeWord       = 0x04 // WORD
	S7TransportSizeInt        = 0x05 // INT
	S7TransportSizeDWord      = 0x06 // DWORD
	S7TransportSizeDInt       = 0x07 // DINT
	S7TransportSizeReal       = 0x08 // REAL
	S7TransportSizeDate       = 0x09 // DATE
	S7TransportSizeTOD        = 0x0A // TOD (Time of Day)
	S7TransportSizeTime       = 0x0B // TIME
	S7TransportSizeS5Time     = 0x0C // S5TIME
	S7TransportSizeDT         = 0x0F // DATE_AND_TIME
	S7TransportSizeCounter    = 0x1C // COUNTER
	S7TransportSizeTimer      = 0x1D // TIMER
	S7TransportSizeIECCounter = 0x1E // IEC COUNTER (200 family)
	S7TransportSizeIECTimer   = 0x1F // IEC TIMER (200 family)
	S7TransportSizeHSCounter  = 0x20 // HS COUNTER (200 family)
)

S7comm Transport Sizes (in request)

View Source 
const (
	S7ReturnCodeReserved             = 0x00 // Reserved
	S7ReturnCodeHardwareError        = 0x01 // Hardware error
	S7ReturnCodeAccessingObject      = 0x03 // Accessing the object not allowed
	S7ReturnCodeAddressOutOfRange    = 0x05 // Address out of range
	S7ReturnCodeDataTypeNotSupported = 0x06 // Data type not supported
	S7ReturnCodeDataTypeInconsistent = 0x07 // Data type inconsistent
	S7ReturnCodeObjectNotExists      = 0x0A // Object does not exist
	S7ReturnCodeSuccess              = 0xFF // Success
)

S7comm Return Codes

View Source 
const (
	S7UserDataFGProgram   = 0x01 // Programmer commands
	S7UserDataFGCyclic    = 0x02 // Cyclic data
	S7UserDataFGBlock     = 0x03 // Block functions
	S7UserDataFGCPUFunc   = 0x04 // CPU functions
	S7UserDataFGSecurity  = 0x05 // Security
	S7UserDataFGPBCBSend  = 0x06 // PBC BSEND/BRECV
	S7UserDataFGTime      = 0x07 // Time functions
	S7UserDataFGNCProgram = 0x0F // NC Programming (Sinumerik)
)

UserData function groups (from Wireshark packet-s7comm.h)

View Source 
const (
	S7UserDataCPUReadSZL     = 0x01 // Read SZL (System Status List)
	S7UserDataCPUMsgService  = 0x02 // Message service
	S7UserDataCPUDiagMessage = 0x03 // Diagnostic message
	S7UserDataCPUAlarmQuery  = 0x13 // Alarm query
)

UserData subfunctions for CPU Functions (0x04)

View Source 
const (
	S7UserDataTimeRead  = 0x01 // Read clock
	S7UserDataTimeSet   = 0x02 // Set clock
	S7UserDataTimeReadF = 0x03 // Read clock (F)
	S7UserDataTimeSet2  = 0x04 // Set clock
)

UserData subfunctions for Time Functions (0x07)

View Source 
const (
	S7UserDataCyclicMem      = 0x01 // Memory
	S7UserDataCyclicUnsubscr = 0x04 // Unsubscribe
)

UserData subfunctions for Cyclic Data (0x02)

View Source 
const (
	S7PIServicePProgram = "_INSE"     // Insert program
	S7PIServiceModu     = "_MODU"     // Module
	S7PIServiceGarb     = "_GARB"     // Garbage collection
	S7PIServiceNStop    = "P_PROGRAM" // Stop program
)

PI Service names (Program Invocation)

View Source 
const (
	SZLIDModuleID        = 0x0011 // Module identification
	SZLIDCPUCharacter    = 0x0012 // CPU characteristics
	SZLIDMemoryAreas     = 0x0013 // Memory areas
	SZLIDSystemAreas     = 0x0014 // System areas
	SZLIDBlockTypes      = 0x0015 // Block types
	SZLIDCPUType         = 0x001C // CPU type
	SZLIDComponentID     = 0x001D // Component identification
	SZLIDInterruptStatus = 0x0022 // Interrupt status
	SZLIDAssignmentList  = 0x0025 // Assignment list
	SZLIDCPUStatus       = 0x0074 // CPU status
	SZLIDModeTransition  = 0x0090 // Mode transition
	SZLIDStartupInfo     = 0x0094 // Startup information
	SZLIDCommunication   = 0x0111 // Communication status
	SZLIDLEDStatus       = 0x0019 // LED status
	SZLIDRackStation     = 0x0091 // Rack/station status
	SZLIDDiagBuffer      = 0x00A0 // Diagnostic buffer
)

SZL ID classes (System Status List - from packet-s7comm_szl_ids.h)

View Source 
const (
	S7BlockTypeOB  = 0x08 // Organization Block
	S7BlockTypeDB  = 0x0A // Data Block
	S7BlockTypeSDB = 0x0B // System Data Block
	S7BlockTypeFC  = 0x0C // Function
	S7BlockTypeSFC = 0x0D // System Function
	S7BlockTypeFB  = 0x0E // Function Block
	S7BlockTypeSFB = 0x0F // System Function Block
)

Block types for block services

View Source 
const (
	S7AlarmTypeScan      = 0x01 // Scan alarm
	S7AlarmTypeAlarm8    = 0x02 // Alarm_8
	S7AlarmTypeAlarm8P   = 0x04 // Alarm_8P
	S7AlarmTypeNotify    = 0x05 // Notify
	S7AlarmTypeAlarmS    = 0x06 // Alarm_S (SQ)
	S7AlarmTypeAlarmSQ   = 0x07 // Alarm_SQ
	S7AlarmTypeAlarm     = 0x08 // Alarm
	S7AlarmTypeAlarmAck  = 0x09 // Alarm Ack
	S7AlarmTypeAlarmLock = 0x0A // Alarm Lock
)

Alarm types

View Source 
const (
	S7VarSpecTypeItem = 0x12 // Item specification
)

S7comm Variable Specification Types

Variables

View Source 
var Decoder = &decoder.StreamDecoder{
	Type:        types.Type_NC_S7Comm,
	Name:        serviceS7Comm,
	Description: "Siemens S7 Communication Protocol for ICS/SCADA PLC communication",
	PostInit: func(d *decoder.StreamDecoder) error {
		var err error
		s7commLog, _, err = logging.InitZapLogger(
			decoderconfig.Instance.Out,
			"s7comm",
			decoderconfig.Instance.Debug,
		)
		return err
	},
	CanDecode: func(client, server []byte) bool {

		return canDecodeS7Comm(client) || canDecodeS7Comm(server)
	},
	DeInit: func(sd *decoder.StreamDecoder) error {
		return s7commLog.Sync()
	},
	Factory: &s7commReader{},
	Typ:     core.TCP,
}

Decoder for protocol analysis and writing audit records to disk.

Functions

This section is empty.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.