Validating MBAP Header on Client Response


Thread Starter


How to handle a invalid (protocol ID or PDU length) MBAP in Modbus TCP client response. What processing should be done by Modbus TCP client?

Options we have:

1. Should it close the connection.
If it should close the connection, what about the other messages the client has requested and waiting for response? Should we discard all transactions and give notification to application?

or any other suggestions.

2. If we need to discard only that transaction, we must first read the entire message from the link. But if the message length is more than 256 bytes then buffer overflow may happen.

If we put a condition and restrict to read the pdu, then in next iteration it reads the pdu first 7 bytes as MBAP header and continues till the message elapses. So this wastes our processing time and may even corrupt the next valid transactions.

So please suggest how to handle the invalid (protocol ID & PDU length) MBAP header response received on Modbus TCP client.

Fred Loveless

Typically in our server when we get malformed Modbus TCP packets we have several options.

1. If it is trailing bytes that are not part of the Modbus packet we discard them. This assumes that everything leading up to the trailing bytes is a well formed Modbus TCP Packet.

2. If it is an invalid packet, meaning that the transaction id or the protocol ID are incorrect or the packet length is incorrect then we discard that packet and most a message in our event log. The items that were requested are marked as bad for that request cycle.

3. the vast majority of the devices I have seen only use the Modbus Protocol identifier of 0. If you make a request with something other than 0 then they will respond with an error, or sometimes they will not respond at all. There are a couple of manufacturers of specialty devices that use a modified Modbus protocol with a different protocol ID and in some cases they support a larger request size(greater than 256) or will allow for 2 byte node id's ranging from 1 to 65535. Again they should respond with in kind MBAP header data.

Thanks for the Reply.

Ok if Server receive a invalid MBAP header then it will discard the request. Here, I want to handle the responses received by Client.

By any chance if Client receives a response with invalid MBAP header (protocol ID or PDU length (>253) bytes) then what should client do with the response?