目录
1. RRC SetupComplete介绍
RRC SetupComplete是终端收到网络侧分配到无线资源的"RRC SETUP“消息的应答。UE在应答消息中对分配资源进行了确认,并回复了其5G_S_TMSI_Value Part2的内容,消息中携带selectedPLMN-Identity、registeredAMF、snssai-list和NAS,NAS信息为上下文建立和注册请求。基站(gNB)收到后根据其AMF标识,与核心网一同进行认证和注册流程。
1.1 发送目的
通知网络侧,终端与无线网之间RRC连接建立完成
1.2 传输信道
承载:SRB1;
信道:DCCH;
方向:UE->gNB,其中的NAS最终会到达5GC
1.3 信令内容抓包
rrcSetupComplete信令抓包
- selectedPLMN-Identity:PLMN选择标识,指示UE选择的哪个PLMN,此处是1,表示选择了SIB1中的第一个PLMN,如果是2,则表示选择了SIB1中第二个PLMN
- registeredAMF:注册的AMF标识
- guami-Type:guami类型
- S-NSSAI:切片类型
- Security protected NAS 5GS message:已经进行加密和完整性保护的NAS消息,到达核心网AMF进行解码后可以看到详细内容
2.rrcSetupComplete解析处理流程
nr_rrc_gNB_decode_dcch()解码rrcSetupComplete流程如下:
- 对于主函数传过来的buffer,调用uper_decode()进行per解码,获得消息ID为rrcSetupComplete。
- 根据rnti查找UE上下文rrc_gNB_get_ue_context(),如果无法找到上下文,说明该rnti未进行接入,直接break跳出;正常情况能够找到UE上下文。
- 对ng_5G_S_TMSI_Value类型进行判断,分两种情况:
- ng_5G_S_TMSI :此处是完整的5g_s_tmsi,长度为48bit,。
- ng_5G_S_TMSI_Part2 :在Rrc setup Request中存在是5G_S_TMSI_Part1,长度为39bit。此处Part2为5g_s_tmsi后9bit,两者合起来为48bit。
- 根据收到的TMSI,更新UE上下文;
- 进入rrc_gNB_process_RRCSetupComplete()函数,对解析后的rrcSetupComplete进行处理;
- 由于SRB1已经建立,因此将上下文中SRB1的Active设为1,Srb_id设为1,StatusRrc(RRC状态)设为NR_RRC_CONNECTED;
- 调用rrc_gNB_send_NGAP_NAS_FIRST_REQ()函数向NGAP模块发送初始NAS消息,该NAS信息通常为Register Request或Service Request,即UE开始向5GC进行注册。
3. 相关代码
3.1 rrcSetupComplete解析
switch(ul_dcch_msg->message.choice.c1->present){case NR_UL_DCCH_MessageType__c1_PR_rrcSetupComplete:if(!ue_context_p){LOG_I(NR_RRC,"Processing NR_RRCSetupComplete UE %x, ue_context_p is NULL\n", ctxt_pP->rnti);break;}LOG_DUMPMSG(NR_RRC, DEBUG_RRC,(char*)Rx_sdu,sdu_sizeP,"[MSG] RRC SetupComplete\n");MSC_LOG_RX_MESSAGE(
MSC_RRC_GNB,
MSC_RRC_UE,
Rx_sdu,
sdu_sizeP,
MSC_AS_TIME_FMT" NR_RRCSetupComplete UE %x size %u",MSC_AS_TIME_ARGS(ctxt_pP),
ue_context_p->ue_context.rnti,
sdu_sizeP);LOG_D(NR_RRC,
PROTOCOL_NR_RRC_CTXT_UE_FMT" RLC RB %02d --- RLC_DATA_IND %d bytes ""(RRCSetupComplete) ---> RRC_gNB\n",PROTOCOL_NR_RRC_CTXT_UE_ARGS(ctxt_pP),
DCCH,
sdu_sizeP);if(ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->criticalExtensions.present ==
NR_RRCSetupComplete__criticalExtensions_PR_rrcSetupComplete){if(ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->criticalExtensions.choice.
rrcSetupComplete->ng_5G_S_TMSI_Value !=NULL){if(ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->criticalExtensions.choice.
rrcSetupComplete->ng_5G_S_TMSI_Value->present == NR_RRCSetupComplete_IEs__ng_5G_S_TMSI_Value_PR_ng_5G_S_TMSI_Part2){// ng-5G-S-TMSI-Part2 BIT STRING (SIZE (9))if(ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->criticalExtensions.choice.
rrcSetupComplete->ng_5G_S_TMSI_Value->choice.ng_5G_S_TMSI_Part2.size !=2){LOG_E(NR_RRC,"wrong ng_5G_S_TMSI_Part2 size, expected 2, provided %lu",(longunsignedint)ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->
criticalExtensions.choice.rrcSetupComplete->
ng_5G_S_TMSI_Value->choice.ng_5G_S_TMSI_Part2.size);return-1;}if(ue_context_p->ue_context.ng_5G_S_TMSI_Part1 !=0){
ue_context_p->ue_context.ng_5G_S_TMSI_Part2 =BIT_STRING_to_uint16(&ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->
criticalExtensions.choice.rrcSetupComplete->
ng_5G_S_TMSI_Value->choice.ng_5G_S_TMSI_Part2);}/* TODO */}elseif(ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->criticalExtensions.choice.
rrcSetupComplete->ng_5G_S_TMSI_Value->present == NR_RRCSetupComplete_IEs__ng_5G_S_TMSI_Value_PR_ng_5G_S_TMSI){// NG-5G-S-TMSI ::= BIT STRING (SIZE (48))if(ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->criticalExtensions.choice.
rrcSetupComplete->ng_5G_S_TMSI_Value->choice.ng_5G_S_TMSI.size !=6){LOG_E(NR_RRC,"wrong ng_5G_S_TMSI size, expected 6, provided %lu",(longunsignedint)ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->
criticalExtensions.choice.rrcSetupComplete->
ng_5G_S_TMSI_Value->choice.ng_5G_S_TMSI.size);return-1;}uint64_t fiveg_s_TMSI =bitStr_to_uint64(&ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->
criticalExtensions.choice.rrcSetupComplete->ng_5G_S_TMSI_Value->choice.ng_5G_S_TMSI);LOG_I(NR_RRC,"Received rrcSetupComplete, 5g_s_TMSI: 0x%lX, amf_set_id: 0x%lX(%ld), amf_pointer: 0x%lX(%ld), 5g TMSI: 0x%X \n",
fiveg_s_TMSI, fiveg_s_TMSI >>38, fiveg_s_TMSI >>38,(fiveg_s_TMSI >>32)&0x3F,(fiveg_s_TMSI >>32)&0x3F,(uint32_t)fiveg_s_TMSI);if(ue_context_p->ue_context.Initialue_identity_5g_s_TMSI.presence == TRUE){
ue_context_p->ue_context.Initialue_identity_5g_s_TMSI.amf_set_id = fiveg_s_TMSI >>38;
ue_context_p->ue_context.Initialue_identity_5g_s_TMSI.amf_pointer =(fiveg_s_TMSI >>32)&0x3F;
ue_context_p->ue_context.Initialue_identity_5g_s_TMSI.fiveg_tmsi =(uint32_t)fiveg_s_TMSI;}}}rrc_gNB_process_RRCSetupComplete(
ctxt_pP,
ue_context_p,
ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->criticalExtensions.choice.rrcSetupComplete);LOG_I(NR_RRC, PROTOCOL_NR_RRC_CTXT_UE_FMT" UE State = NR_RRC_CONNECTED \n",PROTOCOL_NR_RRC_CTXT_UE_ARGS(ctxt_pP));}
ue_context_p->ue_context.ue_release_timer =0;break;
3.2 rrcSetupComplete处理
voidrrc_gNB_process_RRCSetupComplete(constprotocol_ctxt_t*const ctxt_pP,rrc_gNB_ue_context_t*ue_context_pP,
NR_RRCSetupComplete_IEs_t *rrcSetupComplete
){LOG_I(NR_RRC, PROTOCOL_NR_RRC_CTXT_UE_FMT" [RAPROC] Logical Channel UL-DCCH, ""processing NR_RRCSetupComplete from UE (SRB1 Active)\n",PROTOCOL_NR_RRC_CTXT_UE_ARGS(ctxt_pP));
ue_context_pP->ue_context.Srb1.Active =1;
ue_context_pP->ue_context.Srb1.Srb_info.Srb_id =1;
ue_context_pP->ue_context.StatusRrc = NR_RRC_CONNECTED;if(AMF_MODE_ENABLED){rrc_gNB_send_NGAP_NAS_FIRST_REQ(ctxt_pP, ue_context_pP, rrcSetupComplete);}else{rrc_gNB_generate_SecurityModeCommand(ctxt_pP, ue_context_pP);}}
本文转载自: https://blog.csdn.net/NoBack7/article/details/125436011
版权归原作者 柒号华仔 所有, 如有侵权,请联系我们删除。
版权归原作者 柒号华仔 所有, 如有侵权,请联系我们删除。