1. RRC SetupComplete介绍
RRC SetupComplete是终端收到网络侧分配到无线资源的"RRC SETUP“消息的应答。UE在应答消息中对分配资源进行了确认,并回复了其5G_S_TMSI_Value Part2的内容,消息中携带selectedPLMN-Identity、registeredAMF、snssai-list和NAS,NAS信息为上下文建立和注册请求。基站(gNB)收到后根据其AMF标识,与核心网一同进行认证和注册流程。
1.1 发送目的
通知网络侧,终端与无线网之间RRC连接建立完成
1.2 传输信道
承载:SRB1;
信道:DCCH;
方向:UE->gNB,其中的NAS最终会到达5GC
1.3 信令内容抓包
rrcSetupComplete信令抓包
- selectedPLMN-Identity:PLMN选择标识,指示UE选择的哪个PLMN,此处是1,表示选择了SIB1中的第一个PLMN,如果是2,则表示选择了SIB1中第二个PLMN
- registeredAMF:注册的AMF标识
- guami-Type:guami类型
- S-NSSAI:切片类型
- Security protected NAS 5GS message:已经进行加密和完整性保护的NAS消息,到达核心网AMF进行解码后可以看到详细内容
2.rrcSetupComplete解析处理流程
nr_rrc_gNB_decode_dcch()解码rrcSetupComplete流程如下:
- 对于主函数传过来的buffer,调用uper_decode()进行per解码,获得消息ID为rrcSetupComplete。
- 根据rnti查找UE上下文rrc_gNB_get_ue_context(),如果无法找到上下文,说明该rnti未进行接入,直接break跳出;正常情况能够找到UE上下文。
- 对ng_5G_S_TMSI_Value类型进行判断,分两种情况:
- ng_5G_S_TMSI :此处是完整的5g_s_tmsi,长度为48bit,。
- ng_5G_S_TMSI_Part2 :在Rrc setup Request中存在是5G_S_TMSI_Part1,长度为39bit。此处Part2为5g_s_tmsi后9bit,两者合起来为48bit。
- 根据收到的TMSI,更新UE上下文;
- 进入rrc_gNB_process_RRCSetupComplete()函数,对解析后的rrcSetupComplete进行处理;
- 由于SRB1已经建立,因此将上下文中SRB1的Active设为1,Srb_id设为1,StatusRrc(RRC状态)设为NR_RRC_CONNECTED;
- 调用rrc_gNB_send_NGAP_NAS_FIRST_REQ()函数向NGAP模块发送初始NAS消息,该NAS信息通常为Register Request或Service Request,即UE开始向5GC进行注册。
3. 相关代码
3.1 rrcSetupComplete解析
switch (ul_dcch_msg->message.choice.c1->present) {
case NR_UL_DCCH_MessageType__c1_PR_rrcSetupComplete:
if(!ue_context_p) {
LOG_I(NR_RRC, "Processing NR_RRCSetupComplete UE %x, ue_context_p is NULL\n", ctxt_pP->rnti);
break;
}
LOG_DUMPMSG(NR_RRC, DEBUG_RRC,(char *)Rx_sdu,sdu_sizeP,
"[MSG] RRC SetupComplete\n");
MSC_LOG_RX_MESSAGE(
MSC_RRC_GNB,
MSC_RRC_UE,
Rx_sdu,
sdu_sizeP,
MSC_AS_TIME_FMT" NR_RRCSetupComplete UE %x size %u",
MSC_AS_TIME_ARGS(ctxt_pP),
ue_context_p->ue_context.rnti,
sdu_sizeP);
LOG_D(NR_RRC,
PROTOCOL_NR_RRC_CTXT_UE_FMT" RLC RB %02d --- RLC_DATA_IND %d bytes "
"(RRCSetupComplete) ---> RRC_gNB\n",
PROTOCOL_NR_RRC_CTXT_UE_ARGS(ctxt_pP),
DCCH,
sdu_sizeP);
if (ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->criticalExtensions.present ==
NR_RRCSetupComplete__criticalExtensions_PR_rrcSetupComplete) {
if (ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->criticalExtensions.choice.
rrcSetupComplete->ng_5G_S_TMSI_Value != NULL) {
if (ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->criticalExtensions.choice.
rrcSetupComplete->ng_5G_S_TMSI_Value->present == NR_RRCSetupComplete_IEs__ng_5G_S_TMSI_Value_PR_ng_5G_S_TMSI_Part2) {
// ng-5G-S-TMSI-Part2 BIT STRING (SIZE (9))
if (ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->criticalExtensions.choice.
rrcSetupComplete->ng_5G_S_TMSI_Value->choice.ng_5G_S_TMSI_Part2.size != 2) {
LOG_E(NR_RRC, "wrong ng_5G_S_TMSI_Part2 size, expected 2, provided %lu",
(long unsigned int)ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->
criticalExtensions.choice.rrcSetupComplete->
ng_5G_S_TMSI_Value->choice.ng_5G_S_TMSI_Part2.size);
return -1;
}
if (ue_context_p->ue_context.ng_5G_S_TMSI_Part1 != 0) {
ue_context_p->ue_context.ng_5G_S_TMSI_Part2 =
BIT_STRING_to_uint16(&ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->
criticalExtensions.choice.rrcSetupComplete->
ng_5G_S_TMSI_Value->choice.ng_5G_S_TMSI_Part2);
}
/* TODO */
} else if (ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->criticalExtensions.choice.
rrcSetupComplete->ng_5G_S_TMSI_Value->present == NR_RRCSetupComplete_IEs__ng_5G_S_TMSI_Value_PR_ng_5G_S_TMSI) {
// NG-5G-S-TMSI ::= BIT STRING (SIZE (48))
if (ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->criticalExtensions.choice.
rrcSetupComplete->ng_5G_S_TMSI_Value->choice.ng_5G_S_TMSI.size != 6) {
LOG_E(NR_RRC, "wrong ng_5G_S_TMSI size, expected 6, provided %lu",
(long unsigned int)ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->
criticalExtensions.choice.rrcSetupComplete->
ng_5G_S_TMSI_Value->choice.ng_5G_S_TMSI.size);
return -1;
}
uint64_t fiveg_s_TMSI = bitStr_to_uint64(&ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->
criticalExtensions.choice.rrcSetupComplete->ng_5G_S_TMSI_Value->choice.ng_5G_S_TMSI);
LOG_I(NR_RRC, "Received rrcSetupComplete, 5g_s_TMSI: 0x%lX, amf_set_id: 0x%lX(%ld), amf_pointer: 0x%lX(%ld), 5g TMSI: 0x%X \n",
fiveg_s_TMSI, fiveg_s_TMSI >> 38, fiveg_s_TMSI >> 38,
(fiveg_s_TMSI >> 32) & 0x3F, (fiveg_s_TMSI >> 32) & 0x3F,
(uint32_t)fiveg_s_TMSI);
if (ue_context_p->ue_context.Initialue_identity_5g_s_TMSI.presence == TRUE) {
ue_context_p->ue_context.Initialue_identity_5g_s_TMSI.amf_set_id = fiveg_s_TMSI >> 38;
ue_context_p->ue_context.Initialue_identity_5g_s_TMSI.amf_pointer = (fiveg_s_TMSI >> 32) & 0x3F;
ue_context_p->ue_context.Initialue_identity_5g_s_TMSI.fiveg_tmsi = (uint32_t)fiveg_s_TMSI;
}
}
}
rrc_gNB_process_RRCSetupComplete(
ctxt_pP,
ue_context_p,
ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->criticalExtensions.choice.rrcSetupComplete);
LOG_I(NR_RRC, PROTOCOL_NR_RRC_CTXT_UE_FMT" UE State = NR_RRC_CONNECTED \n",
PROTOCOL_NR_RRC_CTXT_UE_ARGS(ctxt_pP));
}
ue_context_p->ue_context.ue_release_timer = 0;
break;3.2 rrcSetupComplete处理
void
rrc_gNB_process_RRCSetupComplete(
const protocol_ctxt_t *const ctxt_pP,
rrc_gNB_ue_context_t *ue_context_pP,
NR_RRCSetupComplete_IEs_t *rrcSetupComplete
)
{
LOG_I(NR_RRC, PROTOCOL_NR_RRC_CTXT_UE_FMT" [RAPROC] Logical Channel UL-DCCH, " "processing NR_RRCSetupComplete from UE (SRB1 Active)\n",
PROTOCOL_NR_RRC_CTXT_UE_ARGS(ctxt_pP));
ue_context_pP->ue_context.Srb1.Active = 1;
ue_context_pP->ue_context.Srb1.Srb_info.Srb_id = 1;
ue_context_pP->ue_context.StatusRrc = NR_RRC_CONNECTED;
if (AMF_MODE_ENABLED) {
rrc_gNB_send_NGAP_NAS_FIRST_REQ(ctxt_pP, ue_context_pP, rrcSetupComplete);
} else {
rrc_gNB_generate_SecurityModeCommand(ctxt_pP, ue_context_pP);
}
}
