iso14229 is an implementation of UDS (ISO14229) targeting embedded systems. It is tested with isotp-c as well as linux kernel ISO15765-2 (ISO-TP) transport layer implementations.
API status: not yet stable.
Using this library
Download iso14229.zip from the releases page, copy iso14229.c and iso14229.h into your source tree and build.
The server can't/won't transition to the specified diagnostic level at this time
UDS_SRV_EVT_ECUReset (0x11)
Arguments
typedefstruct {
constenumUDSECUResetTypetype; /**< reset type requested by client */uint8_tpowerDownTime; /**< Optional response: notify client of time until shutdown (0-254) 255 indicates that a time is not available. */
} UDSECUResetArgs_t;
Supported Responses
Value
enum
Meaning
0x00
kPositiveResponse
Request to reset ECU accepted.
0x12
kSubFunctionNotSupported
The server doesn't support the specified type of ECU reset
0x22
kConditionsNotCorrect
The server can't reset now
0x33
kSecurityAccessDenied
The current level of security access doesn't permit this type of ECU reset
UDS_SRV_EVT_ReadDataByIdent (0x22)
Arguments
typedefstruct {
constuint16_tdataId; /*! data identifier *//*! function for copying to the server send buffer. Returns `kPositiveResponse` on success and `kResponseTooLong` if the length of the data to be copied exceeds that of the server send buffer */constuint8_t (*copy)(UDSServer_t*srv, constvoid*src,
uint16_tcount);
} UDSRDBIArgs_t;
Supported Responses
Value
enum
Meaning
0x00
kPositiveResponse
Request to read data accepted (be sure to call copy(...))
0x14
kResponseTooLong
The total length of the response message exceeds the transport buffer size
0x31
kRequestOutOfRange
The requested data identifer isn't supported
0x33
kSecurityAccessDenied
The current level of security access doesn't permit reading the requested data identifier
typedefstruct {
constuint8_tlevel; /*! requested security level */constuint8_t*constdataRecord; /*! pointer to request data */constuint16_tlen; /*! size of request data *//*! function for copying to the server send buffer. Returns `kPositiveResponse` on success and `kResponseTooLong` if the length of the data to be copied exceeds that of the server send buffer */uint8_t (*copySeed)(UDSServer_t*srv, constvoid*src,
uint16_tlen);
} UDSSecAccessRequestSeedArgs_t;
typedefstruct {
constuint8_tlevel; /*! security level to be validated */constuint8_t*constkey; /*! key sent by client */constuint16_tlen; /*! length of key */
} UDSSecAccessValidateKeyArgs_t;
Supported Responses
Value
enum
Meaning
0x00
kPositiveResponse
Request accepted
0x12
kSubFunctionNotSupported
The requested security level is not supported
0x22
kConditionsNotCorrect
The server can't handle the request right now
0x31
kRequestOutOfRange
The dataRecord contains invalid data
0x35
kInvalidKey
The key doesn't match
0x36
kExceededNumberOfAttempts
False attempt limit reached
0x37
kRequiredTimeDelayNotExpired
RequestSeed request received and delay timer is still active
The server can't enable/disable the selected communication type now
0x31
kRequestOutOfRange
The requested control type or communication type is erroneous
UDS_SRV_EVT_WriteDataByIdent (0x2E)
Arguments
typedefstruct {
constuint16_tdataId; /*! WDBI Data Identifier */constuint8_t*constdata; /*! pointer to data */constuint16_tlen; /*! length of data */
} UDSWDBIArgs_t;
Supported Responses
Value
enum
Meaning
0x00
kPositiveResponse
Request to write data accepted
0x22
kConditionsNotCorrect
The server can't write this data now
0x31
kRequestOutOfRange
The requested data identifer isn't supported or the data is invalid
0x33
kSecurityAccessDenied
The current level of security access doesn't permit writing to the requested data identifier
0x72
kGeneralProgrammingFailure
Memory write failed
UDS_SRV_EVT_RoutineCtrl (0x31)
Arguments
typedefstruct {
constuint8_tctrlType; /*! routineControlType */constuint16_tid; /*! routineIdentifier */constuint8_t*optionRecord; /*! optional data */constuint16_tlen; /*! length of optional data *//*! function for copying to the server send buffer. Returns `kPositiveResponse` on success and `kResponseTooLong` if the length of the data to be copied exceeds that of the server send buffer */uint8_t (*copyStatusRecord)(UDSServer_t*srv, constvoid*src,
uint16_tlen);
} UDSRoutineCtrlArgs_t;
Supported Responses
Value
enum
Meaning
0x00
kPositiveResponse
Request accepted
0x22
kConditionsNotCorrect
The server can't perform this operation now
0x24
kRequestSequenceError
Stop requested but routine hasn't started. Start requested but routine has already started (optional). Results are not available becuase routine has never started.
0x31
kRequestOutOfRange
The requested routine identifer isn't supported or the optionRecord is invalid
0x33
kSecurityAccessDenied
The current level of security access doesn't permit this operation
typedefstruct {
constvoid*addr; /*! requested address */constsize_tsize; /*! requested download size */constuint8_tdataFormatIdentifier; /*! optional specifier for format of data */uint16_tmaxNumberOfBlockLength; /*! response: inform client how many data bytes to send in each `TransferData` request */
} UDSRequestDownloadArgs_t;
Supported Responses
Value
enum
Meaning
0x00
kPositiveResponse
Request accepted
0x22
kConditionsNotCorrect
The server can't perform this operation now
0x31
kRequestOutOfRange
dataFormatIdentifier invalid, addr or size invalid
0x33
kSecurityAccessDenied
The current level of security access doesn't permit this operation
0x34
kAuthenticationRequired
Client rights insufficient
0x70
kUploadDownloadNotAccepted
download cannot be accomplished due to fault
UDS_SRV_EVT_TransferData (0x36)
Arguments
typedefstruct {
constuint8_t*constdata; /*! transfer data */constuint16_tlen; /*! transfer data length *//*! function for copying to the server send buffer. Returns `kPositiveResponse` on success and `kResponseTooLong` if the length of the data to be copied exceeds that of the server send buffer */uint8_t (*copyResponse)(
UDSServer_t*srv, constvoid*src,
uint16_tlen);
} UDSTransferDataArgs_t;
Supported Responses
Value
enum
Meaning
0x00
kPositiveResponse
Request accepted
0x31
kRequestOutOfRange
data contents invalid, length incorrect
0x72
kGeneralProgrammingFailure
Memory write failed
0x92
kVoltageTooHigh
Can't write flash: voltage too high
0x93
kVoltageTooLow
Can't write flash: voltage too low
UDS_SRV_EVT_RequestTransferExit (0x37)
Arguments
typedefstruct {
constuint8_t*constdata; /*! request data */constuint16_tlen; /*! request data length *//*! function for copying to the server send buffer. Returns `kPositiveResponse` on success and `kResponseTooLong` if the length of the data to be copied exceeds that of the server send buffer */uint8_t (*copyResponse)(UDSServer_t*srv, constvoid*src,
uint16_tlen);
} UDSRequestTransferExitArgs_t;
amalgamated sources into iso14229.c and iso14229.h to ease integration
0.7.0
test refactoring. theme: test invariance across different transports and processor architectures
breaking API changes:
overhauled transport layer implementation
simplified client and server init
UDS_ARCH_ renamed to UDS_SYS_
0.6.0
breaking API changes:
UDSClientErr_t merged into UDSErr_t
TP_SEND_INPROGRESS renamed to UDS_TP_SEND_IN_PROGRESS
refactored UDSTpHandle_t to encourage struct inheritance
UDS_TP_LINUX_SOCKET renamed to UDS_TP_ISOTP_SOCKET
added server fuzz test and qemu tests
cleaned up example tests, added isotp-c on socketcan to examples
added UDS_SRV_EVT_DoScheduledReset
improve client error handling
0.5.0
usability: refactored into a single .c/.h module
usability: default transport layer configs are now built-in
API cleanup: use UDS prefix on all exported functions
API cleanup: use a single callback function for all server events
0.4.0
refactor RDBIHandler to pass a function pointer that implements safe memmove rather than requiring the user to keep valid data around for an indefinite time or risking a buffer overflow.
Prefer fixed-width. Avoid using enum types as return types and in structures.
Transport layer is now pluggable and supports the linux kernel ISO-TP driver in addition to isotp-c. See examples.
0.3.0
added iso14229ClientRunSequenceBlocking(...)
added server and client examples
simplified test flow, deleted opaque macros and switch statements
flattened client and server main structs
simplified usage by moving isotp-c initialization parameters into server/client config structs
remove redundant buffers in server
0.2.0
removed all instances of __attribute__((packed))
refactored server download functional unit API to simplify testing
refactored tests
ordered by service
documented macros
removed middleware
simplified server routine control API
removed redundant function iso14229ServerEnableService
A while ago you integrated my fork of the isotp-c library in this project.
I just wanted to inform you that several updates have been published since, and I thought it would be good to inform you.
Thanks for the library. I appreciate your effort into this report @driftregion .
While trying to use your library to send/receive CAN frames with a 29 bit CAN ID, I realized that they would be casted to a unit16_t and this would then, off course, be a wrong address. I realized that it is because of how you implemented static int LinuxSockBind(const char *if_name, uint16_t rxid, uint16_t txid) and static int LinuxSockTpOpen(UDSTpHandle_t *hdl, const char *if_name, uint16_t phys_rxid, uint16_t phys_txid, uint16_t func_rxid, uint16_t func_txid). The rxid and txid just allow for 16 bit IDs even though the physical and functional send and receive IDs of UDSClientConfig_t are uint32_t.
My question is: Is there a special reason for it? CAN allows for the EFF (Extended Frame Format) flag to be set on the MSB of the 32 bit CAN ID to allow 29 bits for the CAN ID of the CAN frame. I then changed the function definition to static int LinuxSockBind(const char *if_name, uint32_t rxid, uint32_t txid) and static int LinuxSockTpOpen(UDSTpHandle_t *hdl, const char *if_name, uint32_t phys_rxid, uint32_t phys_txid, uint32_t func_rxid, uint32_t func_txid) and it worked as needed. I was wondering if that is something that could be changed in the repo for future users or if the rxid and txid are uint16_t for a specific reason that I'm not able to deduce.
Thanks in advance and great job implementing the ISO14229 standard! It's been of great help.
after upgrading to the new release v0.6.0 and compiling with the flags -Wall and -Werror I get these two errors:
[-Werror=int-to-pointer-cast]
iso14229/iso14229.c:517:22: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast]
517 | *memoryAddress = (void *)tmp;
Regarding this error, does the tmp variable has to be of the type long long unsigned int? When I remove one long to make it long unsigned int, it compiles with no warnings (errors) - when using the -Werror flag warnings are made to errors. I would highly recommend to keep the standard of the library to compile with no warnings, no matter how "trivial".
hello, @driftregion very big follower of your work sir
Iam having a bit hard time figuring out how to make this 14299.c, 14299. h to work with PCAN,
1)I have pcan installed in my system but I don't know how to make it work with code 14299. c since it does not have main function.
2)My main Aim is to check the data send from PCAN with our code for the respective diagnostic services (UDS) .
3) I would appreciate any help you could give me on how to do it.
the following might not be a real issue, but i would like to discuss the observation. We have a situation in which we act as a tester and the other nodes go into reboot/health check after an update. We then poll repeatedly to be aware when the nodes have rebooted. We needed to request idle in this situation, otherwise the lib stayed in UDS_ERR_BUSY even after the nodes had been back - no issue this is according to the examples.
However when we repeatedly send SendRDBI requests to get the status of the nodes while they are still not present, we get an oscillating pattern of errors: UDS_ERR_TIMEOUT, UDS_ERR_TPORT, UDS_ERR_TIMEOUT, UDS_ERR_TPORT etc.
we tried to understand how this happens and enabled the debug outputs:
client state: AwaitSendComplete (2) -> AwaitResponse (3)
read failed: -1 with errno: 70
timeout: 1
client state: AwaitResponse (3) -> Idle (0)
client state: Idle (0) -> Sending (1)
Condition met: client->send_size (3, 3), == ret (3)
Sending (1) -> AwaitSendComplete (2)
client state: AwaitSendComplete (2) -> AwaitResponse (3)
timeout: 1
client state: AwaitResponse (3) -> Idle (0)
awaiting idle failed with err = 1 and msg = 'UDS_ERR_TIMEOUT'
client state: Idle (0) -> Sending (1)
tport err: -1, nsend=3 bytes
Condition met: client->send_size (3, 3), == ret (3)
client state: Sending (1) -> AwaitSendComplete (2)
awaiting idle failed with err = 6 and msg = 'UDS_ERR_TPORT'
in the code imho this happens in:
case kRequestStateSending: {
UDSTpAddr_t ta_type = client->_options_copy & UDS_FUNCTIONAL ? UDS_A_TA_TYPE_FUNCTIONAL
: UDS_A_TA_TYPE_PHYSICAL;
UDSSDU_t info = {
.A_Mtype = UDS_A_MTYPE_DIAG,
.A_TA_Type = ta_type,
};
ssize_t ret = UDSTpSend(client->tp, client->send_buf, client->send_size, &info); if (ret < 0) {
client->err = UDS_ERR_TPORT;
UDS_DBG_PRINT("tport err: %zd\n", ret);
} else if (0 == ret) {
UDS_DBG_PRINT("send in progress...\n");
; // 等待发送成功
} else if (client->send_size == ret) {
changeState(client, kRequestStateAwaitSendComplete);
} else {
client->err = UDS_ERR_BUFSIZ;
}
break;
and we are puzzled how ret < 0 can be true and shortly after client->send_size == ret??
Any idea from your experience?
Hello again. I am using SequenceRunBlocking method, and I am trying the example codes.
Here are my sequences,
My problem is, I am sending DiagnosticSessionControl, awaitResponse is OK. But whenever I want to send CommunicationControl, It sends DiagnosticSessionControl again. I debugged the code row-by-row, it triggers CommunicationControl function, but it sends DiagnosticSessionControl.
Edit: Plase check CAN_MESSAGE_QUEUE_SIZE. Because in my code It was 1. Try to higher value.
I have a question about handling responses. Im currently sending uds data and it looks OK. But, How can I handle the response? I mean,
How can I use the mockClientCANRxPoll function?
I modified mockClientSendCAN with HAL library for sending data. But I can not manage mockClientCANRxPoll.
Hi.
I have a question about TransferData with blocksize 128. I want to send data from client to server 128 byte packets. But I could not manage to use kISO14229_CLIENT_CALLBACK_PENDING and kISO14229_CLIENT_CALLBACK_DONE. How can I handle 128 byte packet is sent? I want to see positive TransferData response but I could not see.
I'm using SD CARD with FATFS. But TransferDataStream is using iostream. I could not use TransferDataStream with FATFS.
My first question is, Is there any other else TransferData function with blocksize 128?
Second question is, how can I use TransferDataStream with FATFS ?
Edit1: I am using iso14229ClientSequenceRunBlocking.
Hi, I'm trying to receive responses to a functional request (Diagnostic Session Control = Programming Session and RDBI) from different ECUs.
I know it's possible to send a functional request by setting the FUNCTIONAL bit of the options byte of the client before sending a request:
client->options |= FUNCTIONAL;
I can also receive one response, but, how can I receive ALL responses from the different ECUs on the same CAN bus?
Let's say there is three ECUs and I send a functional RDBI request to know the hardware versions of all of them: How could I receive he responses from all of them? Would I have to manually set the state of the client to kRequestStateAwaitSendComplete and wait for it (UDSClientPoll) to be IDLE again after receiving from the socket?
I would highly appreciate some help with this question, thanks in advance!
when sending a physically addressed RDBI request to an ECU, that answers with a multi-frame RDBI response, the client sends two flow control frames, one that is physically addressed and the other functionally. Here is a log with candump:
(1688347721.008952) can0 18DAF140#103562FD13584355 /* response to RDBI request */
(1688347721.009126) can0 18DB00F1#301003 /* functionally addressed response even if the request was physically addressed */
(1688347721.009231) can0 18DA40F1#301003 /* physically addressed response */
(1688347721.012025) can0 18DAF140#215F544848000000
Sending two flow control frames makes the ECU answer twice, which is unnecessary and unwanted.
I'm not able to explain myself why this happens since in the function tp_recv the code for reading from the socket reads from the physical link first:
struct {
int fd;
UDSTpAddr_t ta_type;
} arr[] = {{impl->phys_fd, kTpAddrTypePhysical}, {impl->func_fd, kTpAddrTypeFunctional}};
for (size_t i = 0; i < sizeof(arr) / sizeof(arr[0]); i++) {
ret = read(arr[i].fd, buf, count);
...
...
After reading from the physical link, the socket should get the answer it needs and then not read another time from the functional link. Do you have an idea why this could be happening? If you need more info to the context or execute code, just let me know and thanks in advance!
Hi @driftregion iam facing an issue when working with the flexcan to uds currently this is how my initialization looks please guide me how to approach it :
1)Should i link the FLEXCAN to isotp-c to uds ?
2)i have made my custom flow control Should i directly link my flexcan to UDS ? [current approach]
i have been developing the code portable uds since last 6 months if possible can we connect and discuss ? please send me a mail to [email protected] so i can setup a teams meeting.
I tested creating some UDS clients with different interface names like "can2" or something like "can1234" to be surprised that the client could still be created and that it could send over the only available interface "can0". Then I realized that the variable struct ifreq ifr in the function static int LinuxSockBind() in the file iso14229.c is declared but its memory is not cleared before using it. After that, the return value of the call to ioctl() is not checked for errors like in the calls to socket(), setsockopt(), and bind() within the same function.
I think it did work because before I did these tests I had chosen the right interface name "can0" so the memory of the struct got the right index for interface but in another call with a wrong interface name, the call to ioctl was not successful but since the uncleared memory still uncleared the valid index for "can0" the client could still be bound to the right interface. I changed the code to:
and this prevents the problem and is a cleaner way of dealing with the struct and the call to ioctl. The warning message pattern was taken from the call to bind() after it.
I see that within the same function you use either perror or printf() to report errors, is there a reason for that? Wouldn't it be better to keep it consistent?