【OpenAirInterface5g】RRC NR解析之RrcSetupComplete

作者:柒号华仔 ​

个人信条:星光不问赶路人,岁月不负有心人。

个人方向:专注于4G/5G领域,同时兼顾其他网络协议,编解码协议,C/C++,linux等,感兴趣的小伙伴可以关注我,一起交流。

1. RRC SetupComplete介绍

RRC SetupComplete是终端收到网络侧分配到无线资源的"RRC SETUP“消息的应答。UE在应答消息中对分配资源进行了确认,并回复了其5G_S_TMSI_Value Part2的内容,消息中携带selectedPLMN-Identity、registeredAMF、snssai-list和NAS,NAS信息为上下文建立和注册请求。基站(gNB)收到后根据其AMF标识,与核心网一同进行认证和注册流程。

1.1 发送目的

通知网络侧,终端与无线网之间RRC连接建立完成

1.2 传输信道

承载:SRB1; 信道:DCCH; 方向:UE->gNB,其中的NAS最终会到达5GC

1.3 信令内容抓包

【OpenAirInterface5g】RRC NR解析之RrcSetupComplete

rrcSetupComplete信令抓包

  • selectedPLMN-Identity:PLMN选择标识,指示UE选择的哪个PLMN,此处是1,表示选择了SIB1中的第一个PLMN,如果是2,则表示选择了SIB1中第二个PLMN
  • registeredAMF:注册的AMF标识
  • guami-Type:guami类型
  • S-NSSAI:切片类型
  • Security protected NAS 5GS message:已经进行加密和完整性保护的NAS消息,到达核心网AMF进行解码后可以看到详细内容

2.rrcSetupComplete解析处理流程

nr_rrc_gNB_decode_dcch()解码rrcSetupComplete流程如下:

【OpenAirInterface5g】RRC NR解析之RrcSetupComplete

  1. 对于主函数传过来的buffer,调用uper_decode()进行per解码,获得消息ID为rrcSetupComplete。
  2. 根据rnti查找UE上下文rrc_gNB_get_ue_context(),如果无法找到上下文,说明该rnti未进行接入,直接break跳出;正常情况能够找到UE上下文。
  3. 对ng_5G_S_TMSI_Value类型进行判断,分两种情况:
  • ng_5G_S_TMSI :此处是完整的5g_s_tmsi,长度为48bit,。
  • ng_5G_S_TMSI_Part2 :在Rrc setup Request中存在是5G_S_TMSI_Part1,长度为39bit。此处Part2为5g_s_tmsi后9bit,两者合起来为48bit。
  1. 根据收到的TMSI,更新UE上下文;
  2. 进入rrc_gNB_process_RRCSetupComplete()函数,对解析后的rrcSetupComplete进行处理;
  3. 由于SRB1已经建立,因此将上下文中SRB1的Active设为1,Srb_id设为1,StatusRrc(RRC状态)设为NR_RRC_CONNECTED;
  4. 调用rrc_gNB_send_NGAP_NAS_FIRST_REQ()函数向NGAP模块发送初始NAS消息,该NAS信息通常为Register Request或Service Request,即UE开始向5GC进行注册。

3. 相关代码

3.1 rrcSetupComplete解析

switch (ul_dcch_msg->message.choice.c1->present) {
case NR_UL_DCCH_MessageType__c1_PR_rrcSetupComplete:
if(!ue_context_p) {
LOG_I(NR_RRC, "Processing NR_RRCSetupComplete UE %x, ue_context_p is NULLn", ctxt_pP->rnti);
break;
}

LOG_DUMPMSG(NR_RRC, DEBUG_RRC,(char *)Rx_sdu,sdu_sizeP,
"[MSG] RRC SetupCompleten");
MSC_LOG_RX_MESSAGE(
MSC_RRC_GNB,
MSC_RRC_UE,
Rx_sdu,
sdu_sizeP,
MSC_AS_TIME_FMT" NR_RRCSetupComplete UE %x size %u",
MSC_AS_TIME_ARGS(ctxt_pP),
ue_context_p->ue_context.rnti,
sdu_sizeP);
LOG_D(NR_RRC,
PROTOCOL_NR_RRC_CTXT_UE_FMT" RLC RB %02d --- RLC_DATA_IND %d bytes "
"(RRCSetupComplete) ---> RRC_gNBn",
PROTOCOL_NR_RRC_CTXT_UE_ARGS(ctxt_pP),
DCCH,
sdu_sizeP);

if (ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->criticalExtensions.present ==
NR_RRCSetupComplete__criticalExtensions_PR_rrcSetupComplete) {
if (ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->criticalExtensions.choice.
rrcSetupComplete->ng_5G_S_TMSI_Value != NULL) {
if (ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->criticalExtensions.choice.
rrcSetupComplete->ng_5G_S_TMSI_Value->present == NR_RRCSetupComplete_IEs__ng_5G_S_TMSI_Value_PR_ng_5G_S_TMSI_Part2) {
// ng-5G-S-TMSI-Part2 BIT STRING (SIZE (9))
if (ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->criticalExtensions.choice.
rrcSetupComplete->ng_5G_S_TMSI_Value->choice.ng_5G_S_TMSI_Part2.size != 2) {
LOG_E(NR_RRC, "wrong ng_5G_S_TMSI_Part2 size, expected 2, provided %lu",
(long unsigned int)ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->
criticalExtensions.choice.rrcSetupComplete->
ng_5G_S_TMSI_Value->choice.ng_5G_S_TMSI_Part2.size);
return -1;
}

if (ue_context_p->ue_context.ng_5G_S_TMSI_Part1 != 0) {
ue_context_p->ue_context.ng_5G_S_TMSI_Part2 =
BIT_STRING_to_uint16(&ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->
criticalExtensions.choice.rrcSetupComplete->
ng_5G_S_TMSI_Value->choice.ng_5G_S_TMSI_Part2);
}

/* TODO */
} else if (ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->criticalExtensions.choice.
rrcSetupComplete->ng_5G_S_TMSI_Value->present == NR_RRCSetupComplete_IEs__ng_5G_S_TMSI_Value_PR_ng_5G_S_TMSI) {
// NG-5G-S-TMSI ::= BIT STRING (SIZE (48))
if (ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->criticalExtensions.choice.
rrcSetupComplete->ng_5G_S_TMSI_Value->choice.ng_5G_S_TMSI.size != 6) {
LOG_E(NR_RRC, "wrong ng_5G_S_TMSI size, expected 6, provided %lu",
(long unsigned int)ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->
criticalExtensions.choice.rrcSetupComplete->
ng_5G_S_TMSI_Value->choice.ng_5G_S_TMSI.size);
return -1;
}

uint64_t fiveg_s_TMSI = bitStr_to_uint64(&ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->
criticalExtensions.choice.rrcSetupComplete->ng_5G_S_TMSI_Value->choice.ng_5G_S_TMSI);
LOG_I(NR_RRC, "Received rrcSetupComplete, 5g_s_TMSI: 0x%lX, amf_set_id: 0x%lX(%ld), amf_pointer: 0x%lX(%ld), 5g TMSI: 0x%X n",
fiveg_s_TMSI, fiveg_s_TMSI >> 38, fiveg_s_TMSI >> 38,
(fiveg_s_TMSI >> 32) & 0x3F, (fiveg_s_TMSI >> 32) & 0x3F,
(uint32_t)fiveg_s_TMSI);
if (ue_context_p->ue_context.Initialue_identity_5g_s_TMSI.presence == TRUE) {
ue_context_p->ue_context.Initialue_identity_5g_s_TMSI.amf_set_id = fiveg_s_TMSI >> 38;
ue_context_p->ue_context.Initialue_identity_5g_s_TMSI.amf_pointer = (fiveg_s_TMSI >> 32) & 0x3F;
ue_context_p->ue_context.Initialue_identity_5g_s_TMSI.fiveg_tmsi = (uint32_t)fiveg_s_TMSI;
}
}
}

rrc_gNB_process_RRCSetupComplete(
ctxt_pP,
ue_context_p,
ul_dcch_msg->message.choice.c1->choice.rrcSetupComplete->criticalExtensions.choice.rrcSetupComplete);
LOG_I(NR_RRC, PROTOCOL_NR_RRC_CTXT_UE_FMT" UE State = NR_RRC_CONNECTED n",
PROTOCOL_NR_RRC_CTXT_UE_ARGS(ctxt_pP));
}

ue_context_p->ue_context.ue_release_timer = 0;
break;

3.2 rrcSetupComplete处理

发表评论

相关文章