lte网络注册流程(3)
lte网络注册流程(3)
本文介绍下下lte网络注册的附着和建立默认承载的过程之中消息分析.
1.attach request
消息中主要包括:
EPS attach type 数据业务附着类型
EPS Mobile identity 终端用户标识(IMSI or GUTI)
UE Network Capbility 终端支持哪些加密和完整性保护算法
Tracking Area Identity 最后访问跟踪区TA
DRX Parameter 不连续接受配置
voice domain preference and UE’S Usage setting 语音业务参数
注意:建立默认承载的请求也在其中,这里就是lte中的又一大特色,一条rrc信令上搭载两条nas消息。
下面为一个消息具体示例
22:52:12.665 [0xB0ED] LTE NAS EMM Plain OTA Outgoing Message
pkt_version = 1 (0x1)
rel_number = 9 (0x9)
rel_version_major = 5 (0x5)
rel_version_minor = 0 (0x0)
security_header_or_skip_ind = 0 (0x0)
prot_disc = 7 (0x7) (EPS mobility management messages)
msg_type = 65 (0x41) (Attach request)
lte_emm_msg
emm_attach_request
tsc = 0 (0x0) (cached sec context)
nas_key_set_id = 3 (0x3)
att_type = 2 (0x2) (combined EPS/IMSI attach) //附着类型
eps_mob_id //终端用户标识
id_type = 6 (0x6) (GUTI) //GUTI
odd_even_ind = 0 (0x0)
Guti_1111 = 15 (0xf)
mcc_1 = 3 (0x3) //MCC MNC
mcc_2 = 1 (0x1)
mcc_3 = 1 (0x1)
mnc_3 = 0 (0x0)
mnc_1 = 4 (0x4)
mnc_2 = 8 (0x8)
MME_group_id = 0 (0x0)
MME_code = 0 (0x0)
m_tmsi = 0 (0x0)
ue_netwk_cap //终端支持哪些加密和完整性保护算法
EEA0 = 1 (0x1) //lte加密算法支持能力
EEA1_128 = 1 (0x1)
EEA2_128 = 1 (0x1)
EEA3_128 = 1 (0x1)
EEA4 = 0 (0x0)
EEA5 = 0 (0x0)
EEA6 = 0 (0x0)
EEA7 = 0 (0x0)
EIA0 = 0 (0x0) //lte完整性保护算法支持能力
EIA1_128 = 1 (0x1)
EIA2_128 = 1 (0x1)
EIA3_128 = 1 (0x1)
EIA4 = 0 (0x0)
EIA5 = 0 (0x0)
EIA6 = 0 (0x0)
EIA7 = 0 (0x0)
oct5_incl = 1 (0x1)
UEA0 = 1 (0x1) //3g加密算法支持能力
UEA1 = 1 (0x1)
UEA2 = 0 (0x0)
UEA3 = 0 (0x0)
UEA4 = 0 (0x0)
UEA5 = 0 (0x0)
UEA6 = 0 (0x0)
UEA7 = 0 (0x0)
oct6_incl = 1 (0x1)
UCS2 = 0 (0x0)
UIA1 = 1 (0x1) //3G完整性保护算法的支持能力
UIA2 = 0 (0x0)
UIA3 = 0 (0x0)
UIA4 = 0 (0x0)
UIA5 = 0 (0x0)
UIA6 = 0 (0x0)
UIA7 = 0 (0x0)
oct7_incl = 1 (0x1)
ProSedd = 0 (0x0)
ProSe = 0 (0x0)
H_245_ASH = 0 (0x0)
ACC_CSFB = 1 (0x1)
LPP = 1 (0x1)
LCS = 0 (0x0)
vcc_1xsr = 0 (0x0)
NF = 1 (0x1)
oct8_incl = 0 (0x0)
oct9_incl = 0 (0x0)
oct10_incl = 0 (0x0)
oct11_incl = 0 (0x0)
oct12_incl = 0 (0x0)
oct13_incl = 0 (0x0)
oct14_incl = 0 (0x0)
oct15_incl = 0 (0x0)
esm_msg_container //激活默认承载
eps_bearer_id_or_skip_id = 0 (0x0)
prot_disc = 2 (0x2) (EPS session management messages)
trans_id = 1 (0x1)
msg_type = 208 (0xd0) (PDN connectivity request) //激活默认承载请求
lte_esm_msg
pdn_connectivity_req
pdn_type = 3 (0x3) (Ipv4v6) //PDN 类型
req_type = 1 (0x1) (initial request) //请求类型
info_trans_flag_incl = 1 (0x1)
esm_info_trans_flag = 1 (0x1)
access_pt_name_incl = 0 (0x0)
prot_config_incl = 1 (0x1)
prot_config
ext = 1 (0x1)
conf_prot = 0 (0x0)
num_recs = 3 (0x3)
sm_prot[0]
protocol_id = 32801 (0x8021) (IPCP)
prot_len = 16 (0x10)
ipcp_prot
ipcp_prot_id = 1 (0x1) (CONF_REQ)
identifier = 0 (0x0)
rfc1332_conf_req
num_options = 2 (0x2)
conf_options[0]
type = 129 (0x81)
rfc1877_primary_dns_server_add
length = 6 (0x6)
ip_addr = 0 (0x0) (0.0.0.0)
conf_options[1]
type = 131 (0x83)
rfc1877_sec_dns_server_add
length = 6 (0x6)
ip_addr = 0 (0x0) (0.0.0.0)
sm_prot[1]
protocol_id = 13 (0xd) (DNS Server IPv4 Address Requestt)
prot_len = 0 (0x0)
sm_prot[2]
protocol_id = 3 (0x3) (DNS Server IPv6 Addr Req)
prot_len = 0 (0x0)
num_recs2 = 6 (0x6)
sm_container[0]
container_id = 65280 (0xff00) (unknown)
container_len = 3 (0x3)
container_contents[0] = 19 (0x13)
container_contents[1] = 1 (0x1)
container_contents[2] = 132 (0x84)
sm_container[1]
container_id = 1 (0x1) (P-CSCF IPv6 Address Request)
container_len = 0 (0x0)
sm_container[2]
container_id = 12 (0xc) (P-CSCF IPv4 Address Request)
container_len = 0 (0x0)
sm_container[3]
container_id = 10 (0xa) (IP address allocation via NAS signalling)
container_len = 0 (0x0)
sm_container[4]
container_id = 5 (0x5) (NWK Req Bearer Control indicator)
container_len = 0 (0x0)
sm_container[5]
container_id = 16 (0x10) (Ipv4 Link MTU Request)
container_len = 0 (0x0)
dev_properties_incl = 0 (0x0)
nbifom_incl = 0 (0x0)
header_compression_config_inclu = 0 (0x0)
ext_prot_config_incl = 0 (0x0)
p_tmsi_sig_incl = 0 (0x0)
add_guti_incl = 0 (0x0)
reg_tai_incl = 1 (0x1)
tracking_area_id
mcc_mnc
mcc_1 = 3 (0x3)
mcc_2 = 1 (0x1)
mcc_3 = 1 (0x1)
mnc_3 = 0 (0x0)
mnc_1 = 4 (0x4)
mnc_2 = 8 (0x8)
tracking_area_id = 11 (0xb)
drx_params_incl = 1 (0x1)
drx_params
split_pg_cycle_code = 10 (0xa)
cycle_len_coeff = 0 (0x0)
split_on_ccch = 0 (0x0)
non_drx_timer = 0 (0x0)
ms_netwk_cap_incl = 1 (0x1)
ms_netwk_cap
length = 3 (0x3)
r99 = 1 (0x1)
GEA1 bits
GEA/1 = 1 (0x1)
SM capabilities via dedicated channels = 1 (0x1)
SM capabilities via GPRS channels = 1 (0x1)
UCS2 support = 0 (0x0)
SS Screening Indicator = 1 (0x1)
SoLSA Capability = 0 (0x0)
Revision level indicator = 1 (0x1)
PFC feature mode = 1 (0x1)
Extended GEA bits
GEA/2 = 1 (0x1)
GEA/3 = 1 (0x1)
GEA/4 = 0 (0x0)
GEA/5 = 0 (0x0)
GEA/6 = 0 (0x0)
GEA/7 = 0 (0x0)
LCS VA capability = 0 (0x0)
PS inter-RAT HO from GERAN to UTRAN Iu mode capability = 0 (0x0)
PS inter-RAT HO from GERAN to E-UTRAN S1 mode capability = 0 (0x0)
EMM Combined procedures Capability = 1 (0x1)
ISR support = 1 (0x1)
SRVCC to GERAN/UTRAN capability = 1 (0x1)
EPC capability = 1 (0x1)
NF capability = 1 (0x1)
spare_bits0_count = 0 (0x0)
old_loc_area_id_incl = 0 (0x0)
tmsi_stat_incl = 1 (0x1)
tmsi_stat
tmsi_flag = 0 (0x0)
ms_class_mark2_incl = 1 (0x1)
ms_class_mark2
rev_level = 2 (0x2)
es_ind = 0 (0x0)
a5_1_alg_sup = 1 (0x1)
rf_power_cap = 7 (0x7)
pseudo_sync_cap = 0 (0x0)
ss_screen_ind = 1 (0x1)
sm_cap = 1 (0x1)
vbs = 0 (0x0)
vgcs = 0 (0x0)
freq_cap = 0 (0x0)
class_3_avail = 1 (0x1)
lcsva_cap = 1 (0x1)
ucs2 = 0 (0x0)
solsa = 0 (0x0)
cmsp = 1 (0x1)
a5_3_alg_sup = 0 (0x0)
a5_2_alg_sup = 0 (0x0)
ms_class_mark3_incl = 0 (0x0)
supp_codecs_incl = 1 (0x1)
supp_codecs
num_codecs = 2 (0x2)
codecs[0]
sysid = 4 (0x4)
length = 2 (0x2)
bitmap[0] = 96 (0x60)
bitmap[1] = 4 (0x4)
codecs[1]
sysid = 0 (0x0)
length = 2 (0x2)
bitmap[0] = 31 (0x1f)
bitmap[1] = 2 (0x2)
add_update_type_incl = 0 (0x0)
voice_domain_pref_incl = 1 (0x1)
voice_domain_pref //语音业务相关参数
length = 1 (0x1)
UE_usage_setting = 1 (0x1) (Data centric)
//volte 优先 cs语音
voice_domain_pref_for_EUTRAN = 3 (0x3) (IMS PS Voice preferred, CS Voice as secondary)
dev_properties_incl = 0 (0x0)
old_guti_incl = 0 (0x0)
ms_network_feature_incl = 1 (0x1)
ms_network_feature_support
ext_periodic_timers = 1 (0x1)
network_resource_id_container_incl = 0 (0x0)
t3324_incl = 0 (0x0)
t3412_ext_incl = 0 (0x0)
ext_drx_par_incl = 0 (0x0)
ue_add_security_cap_incl = 0 (0x0)
ue_status_incl = 0 (0x0)
2.获取终端id
//请求
22:52:12.897 [0xB0EC] LTE NAS EMM Plain OTA Incoming Message
pkt_version = 1 (0x1)
rel_number = 9 (0x9)
rel_version_major = 5 (0x5)
rel_version_minor = 0 (0x0)
security_header_or_skip_ind = 0 (0x0)
prot_disc = 7 (0x7) (EPS mobility management messages)
msg_type = 85 (0x55) (Identity request) //获取终端id请求
lte_emm_msg
emm_id_req
identity_type_2
type_of_identity = 1 (0x1) //终端id类型(imsi or guti)
//响应
22:52:12.897 [0xB0ED] LTE NAS EMM Plain OTA Outgoing Message
pkt_version = 1 (0x1)
rel_number = 9 (0x9)
rel_version_major = 5 (0x5)
rel_version_minor = 0 (0x0)
security_header_or_skip_ind = 0 (0x0)
prot_disc = 7 (0x7) (EPS mobility management messages)
msg_type = 86 (0x56) (Identity response)
lte_emm_msg
emm_id_resp
mobile_identity
id_type_check = 9 (0x9)
ident_type = 1 (0x1)
odd_even_ind = 1 (0x1)
num_ident = 15 (0xf) //获取到的Imsi 311480123456789
ident[0] = 3 (0x3)
ident[1] = 1 (0x1)
ident[2] = 1 (0x1)
ident[3] = 4 (0x4)
ident[4] = 8 (0x8)
ident[5] = 0 (0x0)
ident[6] = 1 (0x1)
ident[7] = 2 (0x2)
ident[8] = 3 (0x3)
ident[9] = 4 (0x4)
ident[10] = 5 (0x5)
ident[11] = 6 (0x6)
ident[12] = 7 (0x7)
ident[13] = 8 (0x8)
ident[14] = 9 (0x9)
3.鉴权和安全通信
这里消息就不列出来了
鉴权过程,是双向鉴权,首先mme 给ue 转发鉴权请求,ue收到鉴权消息后会对网络进行鉴权,确认网络身份后,利用鉴权算法获取响应消息返回给网络,网络在通过响应对ue进行鉴权,判断用户是否为合法用户。
安全通信其实就是ue和网络商量出一组加密算法,作为相互传递消息时使用的,最终建立起安全通信。
4.接受附着
这里注意里终端用户在成功附着的同时,也会发生位置更新。
下面接受attach accept消息,主要包括下面内容:跟踪区TA列表,MME为终端分配的guti标识,定时器餐宿,EPS网络配置参数。
22:52:13.806 [0xB0EC] LTE NAS EMM Plain OTA Incoming Message
pkt_version = 1 (0x1)
rel_number = 9 (0x9)
rel_version_major = 5 (0x5)
rel_version_minor = 0 (0x0)
security_header_or_skip_ind = 0 (0x0)
prot_disc = 7 (0x7) (EPS mobility management messages)
msg_type = 66 (0x42) (Attach accept)
lte_emm_msg
emm_attach_accept
attach_result = 1 (0x1) (EPS only) //附着结果
t3412
unit = 7 (0x7)
timer_value = 1 (0x1)
tai_list //TA列表
num_tai_list = 1 (0x1)
tai_list[0]
list_type = 0 (0x0)
num_element = 0 (0x0)
mcc_mnc //网络的mcc mnc
mcc_1 = 3 (0x3)
mcc_2 = 1 (0x1)
mcc_3 = 1 (0x1)
mnc_3 = 0 (0x0)
mnc_1 = 4 (0x4)
mnc_2 = 8 (0x8)
tac[0] = 11 (0xb)
esm_msg_container
eps_bearer_id_or_skip_id = 5 (0x5)
prot_disc = 2 (0x2) (EPS session management messages)
trans_id = 1 (0x1)
msg_type = 193 (0xc1) (Activate default EPS bearer context request)
lte_esm_msg
act_def_eps_bearer_context_req
eps_qos //qos服务质量
qci = 5 (0x5) (QC5)
oct4_incl = 0 (0x0)
oct5_incl = 0 (0x0)
oct6_incl = 0 (0x0)
oct7_incl = 0 (0x0)
oct8_incl = 0 (0x0)
oct9_incl = 0 (0x0)
oct10_incl = 0 (0x0)
oct11_incl = 0 (0x0)
oct12_incl = 0 (0x0)
oct13_incl = 0 (0x0)
oct14_incl = 0 (0x0)
oct15_incl = 0 (0x0)
access_point //接入方式,或者apn信息 apn 为ims
num_acc_pt_val = 4 (0x4)
acc_pt_name_val[0] = 3 (0x3) (length)
acc_pt_name_val[1] = 105 (0x69) (i)
acc_pt_name_val[2] = 109 (0x6d) (m)
acc_pt_name_val[3] = 115 (0x73) (s)
pdn_addr //pdn 地址
pdn_addr_len = 9 (0x9)
pdn_type = 2 (0x2) (IPv6)
ipv6_interface_id = 0x000000000000001 (0:0:0:1)
trans_id_incl = 1 (0x1)
trans_id
length = 1 (0x1)
ti_flag = 0 (0x0)
ti_value = 0 (0x0)
qos_incl = 0 (0x0)
llc_sapi_incl = 0 (0x0)
radio_priority_incl = 0 (0x0)
pkt_flow_id_incl = 0 (0x0)
apn_ambr_incl = 0 (0x0)
esm_cause_incl = 1 (0x1)
esm_cause
esm_cause = 51 (0x33) (PDN type IPv6 only allowed)
prot_config_incl = 1 (0x1)
prot_config
ext = 1 (0x1)
conf_prot = 0 (0x0)
num_recs = 0 (0x0)
num_recs2 = 2 (0x2)
sm_container[0]
container_id = 3 (0x3) (DNS Server IPv6 Address)
container_len = 16 (0x10)
address = 0xfc01ababcdcd6fee0000000000000001 (fc01:abab:cdcd:6fee:0:0:0:1)
sm_container[1]
container_id = 1 (0x1) (P-CSCF IPV6 Address)
container_len = 16 (0x10)
address = 0xfc01ababcdcd6fee0000000000000001 (fc01:abab:cdcd:6fee:0:0:0:1)
connectivity_type_incl = 0 (0x0)
wlan_offload_acceptability_incl = 0 (0x0)
nbifom_incl = 0 (0x0)
header_compression_config_inclu = 0 (0x0)
ctrl_plane_only_ind_incl = 0 (0x0)
ext_prot_config_incl = 0 (0x0)
serv_plmn_rate_ctrl_incl = 0 (0x0)
ext_apn_ambr_incl = 0 (0x0)
ext_eps_qos_incl = 0 (0x0)
guti_incl = 1 (0x1)
guti //guti标识
id_type = 6 (0x6) (GUTI)
odd_even_ind = 0 (0x0)
Guti_1111 = 15 (0xf)
mcc_1 = 3 (0x3)
mcc_2 = 1 (0x1)
mcc_3 = 1 (0x1)
mnc_3 = 0 (0x0)
mnc_1 = 4 (0x4)
mnc_2 = 8 (0x8)
MME_group_id = 0 (0x0)
MME_code = 0 (0x0)
m_tmsi = 0 (0x0)
loc_id_incl = 0 (0x0)
ms_id_incl = 0 (0x0)
emm_cause_incl = 1 (0x1)
emm_cause
cause_value = 18 (0x12) (CS domain not available)
T3402_incl = 0 (0x0)
T3423_incl = 0 (0x0)
equ_plmns_incl = 0 (0x0)
emergnecy_num_list_incl = 0 (0x0)
eps_netwk_feature_support_incl = 1 (0x1)
eps_netwk_feature_support //网络特性描述
length = 1 (0x1)
CPCIoT = 0 (0x0)
ERwoPDN = 0 (0x0)
ESRPS = 0 (0x0)
CS_LCS = 0 (0x0) (No info about support of loc service via cs is available)
EPC_LCS = 0 (0x0) (Location Services via EPC not supported)
EMC_BS = 1 (0x1) (Emergency bearer services in S1 Mode supported)
IMSVoPS = 1 (0x1) (IMS Vo PS Session in S1 Mode supported)
add_update_result_incl = 0 (0x0)
t3412_ext_incl = 0 (0x0)
t3324_incl = 0 (0x0)
ext_drx_par_incl = 0 (0x0)
dcn_id_incl = 0 (0x0)
sms_srvc_status_incl = 0 (0x0)
non_3gpp_access_emerg_num_policy_incl = 0 (0x0)
t3448_incl = 0 (0x0)
nwk_policy_incl = 0 (0x0)
t3447_ext_incl = 0 (0x0)
ext_emergency_number_incl = 0 (0x0)
cipher_ket_data_incl = 0 (0x0)
5.建立默认承载
消息中包括默认承载id,qos参数,分配的ip地址,dns地址,默认apn,来自hss的签约信息。
备注qci含义:
GBR
QCI=1: Example Services: Conversational voicemscbsc
QCI=2: Conversational Video (Live streaming)
QCI=3: Real Time Gaming
QCI=4: Non-conversational voice (buffered streaming)
Non-GBR
QCI=5: IMS signaling
QCI=6: Video (buffered streaming), TCP-based (e.g. www, email, chat, ftp, p2p file sharing, progressive video,etc)
QCI=7: Voice, Video (live streaming), interactive gaming
QCI=8: Video (buffered streaming), TCP-based (e.g. www, email, chat, ftp, p2p file sharing, progressive video,etc)
QCI=9: Video (buffered streaming), TCP-based (e.g. www, email, chat, ftp, p2p file sharing, progressive video,etc)
22:52:13.806 [0xB0E2] LTE NAS ESM Plain OTA Incoming Message
pkt_version = 1 (0x1)
rel_number = 9 (0x9)
rel_version_major = 5 (0x5)
rel_version_minor = 0 (0x0)
eps_bearer_id_or_skip_id = 5 (0x5)
prot_disc = 2 (0x2) (EPS session management messages)
trans_id = 1 (0x1)
msg_type = 193 (0xc1) (Activate default EPS bearer context request)
lte_esm_msg
act_def_eps_bearer_context_req
eps_qos //qos参数
qci = 5 (0x5) (QC5)
oct4_incl = 0 (0x0)
oct5_incl = 0 (0x0)
oct6_incl = 0 (0x0)
oct7_incl = 0 (0x0)
oct8_incl = 0 (0x0)
oct9_incl = 0 (0x0)
oct10_incl = 0 (0x0)
oct11_incl = 0 (0x0)
oct12_incl = 0 (0x0)
oct13_incl = 0 (0x0)
oct14_incl = 0 (0x0)
oct15_incl = 0 (0x0)
access_point //接入apn ims
num_acc_pt_val = 4 (0x4)
acc_pt_name_val[0] = 3 (0x3) (length)
acc_pt_name_val[1] = 105 (0x69) (i)
acc_pt_name_val[2] = 109 (0x6d) (m)
acc_pt_name_val[3] = 115 (0x73) (s)
pdn_addr //分配的ip地址
pdn_addr_len = 9 (0x9)
pdn_type = 2 (0x2) (IPv6)
ipv6_interface_id = 0x000000000000001 (0:0:0:1)
trans_id_incl = 1 (0x1)
trans_id
length = 1 (0x1)
ti_flag = 0 (0x0)
ti_value = 0 (0x0)
qos_incl = 0 (0x0)
llc_sapi_incl = 0 (0x0)
radio_priority_incl = 0 (0x0)
pkt_flow_id_incl = 0 (0x0)
apn_ambr_incl = 0 (0x0)
esm_cause_incl = 1 (0x1)
esm_cause
esm_cause = 51 (0x33) (PDN type IPv6 only allowed)
prot_config_incl = 1 (0x1)
prot_config
ext = 1 (0x1)
conf_prot = 0 (0x0)
num_recs = 0 (0x0)
num_recs2 = 2 (0x2)
sm_container[0]
container_id = 3 (0x3) (DNS Server IPv6 Address)
container_len = 16 (0x10)
address = 0xfc01ababcdcd6fee0000000000000001 (fc01:abab:cdcd:6fee:0:0:0:1)
sm_container[1]
container_id = 1 (0x1) (P-CSCF IPV6 Address)
container_len = 16 (0x10)
address = 0xfc01ababcdcd6fee0000000000000001 (fc01:abab:cdcd:6fee:0:0:0:1)
connectivity_type_incl = 0 (0x0)
wlan_offload_acceptability_incl = 0 (0x0)
nbifom_incl = 0 (0x0)
header_compression_config_inclu = 0 (0x0)
ctrl_plane_only_ind_incl = 0 (0x0)
ext_prot_config_incl = 0 (0x0)
serv_plmn_rate_ctrl_incl = 0 (0x0)
ext_apn_ambr_incl = 0 (0x0)
ext_eps_qos_incl = 0 (0x0)
最后终端给网络发送一个完成附着的响应,attach complete 消息中没有携带任何具体信息,可以理解为给Mme的礼貌性的回应。
至此,关于lte注册流程应该算是有个简单的了解了。