Scenario: There are two slaves say Slave 2 and slave 1. Slave 2 receives a frame of Slave 1. Slave 1's frame data field has a sequence of 02 06 00 and so on which it might consider as its frame. How to detect this false frame condition

Slave 2 has its buffer for receiving Modbus Frames say a buffer of 256. The way it would scan for its message is by checking a condition "whether its slave number and its subsequent function code matches" by examining each byte from the start of the buffer. If match occurs it would further examine the subsequent fields like data fields and so on. This condition it would check in its buffer.

If in the buffer of Slave 2 suppose it comes across a frame of Slave 1 where after examining the first byte it comes to know the first byte is 01 so it would not consider that byte and it would increment further to examine the next byte for station no match. Now further going into this frame which it did not consider for a match of station number and function code. if in the data field of that slave 1 frame it finds out a match of station number 02 and its consecutive byte, there is a function code match as well then eventually it would land up considering all the fields in that frame of Slave 1 which is not for itself.

Thus it would consider a part of frame by Slave 1 as its frame which eventually may extract a frame of arbitrary structure and might loss any further subsequent information which might be for itself.

My question is how to detect this condition where i get 02 06 that is station number and its subsequent function match which is in the data field of a frame of Slave 1.

 

A slave must be able to tell where each message that it sees begins and ends.

So the slave must consume the full number of bytes of the message even if it decides it doesn't want the message.

Otherwise you have the situation you described where a slave begins reading a frame from part-way through, and as a consequence misinterprets the data that it sees.

Modbus/TCP is easy because each frame comes with a byte count telling you exactly how many bytes follow in the frame. So you can discard the rest without even knowing what it means.

For serial Modbus, I have no direct experience of this but offer the following thoughts:

The Modbus specification says that an entire Modbus RTU frame must be transmitted as a continuous stream of characters without gaps (in time) between them. If there is a silent interval of more than 1.5 character times then the message frame should be considered incomplete and discarded. Normal message boundaries are marked by silences of at least 3.5 character times.

So if your slave device starts to receive a message that it wants to ignore, it should continue to read and discard bytes from the serial line until it gets a silent interval of at least 1.5 character times. Only then should it start to try reading the next frame.

In ASCII mode, each message begins with a colon character and ends with a carriage-return linefeed pair. So to start listening for the next frame you have to discard bytes until you read a colon. If you get another colon before recieving the carriage-return linefeed pair, you have to discard what you already read and start again.