S1AP View of LTE Attach & EPS Bearer Setup (2018-0326)

http://niviuk.free.fr/rrc_lte.
html
http://www.eventhelix.com/lte/attach/s1ap-lte-attach-eps-bearer-setup.pdf
* @details This function is used to build and send the S1 Setup Request to the
* MME.
*
* Function: wrEmmMmeSetup
*
* Processing steps:
* - Build and send S1 Setup Request to the MME.
* - Move the MME control block state to WR_MME_IN_PROG.
* - Start the Setup response timer to retransmit the setup request
* incase of reponse is not received with in the time.
* - This function is invoked EMM module when EMM Module ges trigger
* from Management intrerface ie., during cell config/setup.
*
* @param[in] mmeId: MME Id.
* @return S16
* -# Success : ROK
* -# Failure : RFAILED
*/
PUBLIC S16 wrEmmMmeSetup
(
WrMmeId mmeId
)
{
SztUDatEvnt uDatEvnt;
WrMmeCb *mmeCb;
RLOG0(L_DEBUG, "Building S1 SETUP");

mmeCb = WR_EMM_MME_GET_MME(mmeId);
if(mmeCb == NULLP)
{
RLOG1(L_ERROR, "Invalid MME ID [%d]", mmeId);
RETVALUE(RFAILED);
}
mmeCb->adminState = WR_MME_UNLOCKED;
if (wrEmmMmeBldSetupReq(&(uDatEvnt.pdu)) != ROK)
{
RLOG0(L_ERROR, "Building S1 SETUP Failed");
RETVALUE(RFAILED);
}
uDatEvnt.transId.pres = PRSNT_NODEF;
uDatEvnt.transId.val = 1;
uDatEvnt.peerId.pres = PRSNT_NODEF;
uDatEvnt.peerId.val = mmeCb->peerId;
RLOG1(L_INFO, "Sending S1 SETUP For Peer [%d]", mmeCb->peerId);
/* Send the pdu to the MME */
if((WrIfmS1apSndMgmtMsg(&uDatEvnt)) != ROK)
{
RLOG0(L_ERROR, "Sending S1 SETUP Failed");
RETVALUE(RFAILED);
}
/* update state of the s1 connection */
mmeCb->state = WR_MME_IN_PROG;
#if 0
#else
wrStartTmr((PTR)mmeCb, WR_TMR_MME_SETUP_RSP, wrEmmCb.tmrCfg.s1SetupTmr);
#endif
RETVALUE(ROK);
}
/// Szt_asn.h \ga1.3\src\cm)

#define Sztid_downlinkNASTport 11
#define Sztid_initialUEMsg 12
#define Sztid_uplinkNASTport 13
#define Sztid_Reset 14
#define Sztid_ErrInd 15
#define Sztid_NASNonDlvryInd 16
#define Sztid_S1Setup 17
//////
PUBLIC S16 wrEmmMmeBldSetupReq
(
S1apPdu **pdu
)
{
S1apPdu *setupReqPdu = NULLP;
U16 numComp;
S16 ret;
WrCellCb *cellCb = NULLP;
SztProtIE_Field_S1SetupRqstIEs *ie;
SztSuppTAs_Item *tACItem;
SztInitiatingMsg *initMsg;
U32 taIdx;
U32 idx;
SztCSG_IdLst_Item *csgItem = NULLP;
U32 ieIdx = 0;
WrEmmS1SetpSuppTAs suppTAs;
TRC2(wrEmmMmeSztBldSetupReq);
/* Any cell is representative of eNB for some of its parameters */

cellCb = wrEmmCb.cellCb[0];
RLOG0(L_DEBUG,"Constructing S1 setup message");
RLOG_ARG1(L_DEBUG, DBG_CELLID,cellCb->cellId,"eNodeB ID: [%d]",

wrEmmCb.enbId);
RLOG0(L_DEBUG,"PLMN ID: ");
RLOG3(L_DEBUG,"MCC [%d] [%d] [%d]",cellCb->sib1.plmns[0].plmnId.mcc[0],\
cellCb->sib1.plmns[0].plmnId.mcc[1],cellCb->sib1.plmns[0].plmnId.mcc[2]);
RLOG3(L_DEBUG,"MNC [%d] [%d] [%d]",cellCb->sib1.plmns[0].plmnId.mnc[0],\
cellCb->sib1.plmns[0].plmnId.mnc[1],cellCb->sib1.plmns[0].plmnId.mnc[2]);
RLOG1(L_DEBUG,"TAC : [%d]",cellCb->sib1.tac);
#ifdef SS_DIAG
wrDiagPrntPlmnId(&(cellCb->sib1.plmns[0].plmnId),3);
#endif
RLOG_ARG3(L_DEBUG, DBG_CELLID,cellCb->cellId,"SIB1 configured Q-RxLevMin[%d]"
" Q-RxLevMin offset[%d] cellBarred[%d]", cellCb->sib1.qRxLevMin,
cellCb->sib1.qRxLevMinOffset, cellCb->sib1.cellBarred);
RLOG_ARG4(L_DEBUG, DBG_CELLID,cellCb->cellId,"SIB2 configured "
"defaultPagingCycle[%d] nB[%d] rootSequenceIndx[%d] prach-ConfigIndex[%d]",
cellCb->sib2.pcchCfg.defaultPagingCycle, cellCb->sib2.pcchCfg.nB,
cellCb->sib2.prachCfg.rootSeqIdx, cellCb->sib2.prachCfg.prachCfgIdx);
/* Initialize memory control point */

ret = cmAllocEvnt(sizeof(S1apPdu), WR_SZ_MEM_SDU_SIZE, &wrCb.mem,
(Ptr *)&setupReqPdu);
if(ret != ROK)
{
RLOG0(L_FATAL,"Memory allocation failed "
"while constructing S1 setup message");
RETVALUE(RFAILED);
}
/*wrFillTkn functions will be referred from sz_utl.c file*/

wrFillTknU8(&(setupReqPdu->pdu.choice), SZT_TRGR_INTI_MSG);
initMsg = &(setupReqPdu->pdu.val.initiatingMsg);
wrFillTknU8(&(initMsg->pres),PRSNT_NODEF);
wrFillTknU32(&(initMsg->procedureCode), Sztid_S1Setup);
wrFillTknU32(&(initMsg->criticality), SztCriticalityrejectEnum);
wrFillTknU8(&(initMsg->value.u.sztS1SetupRqst.pres),PRSNT_NODEF);
/* Filling mandatory IEs */

if((wrEmmCb.enbType == WR_ENODEB_TYPE_HOME) &&
(cellCb->csgAccessMode == WR_ENB_CLOSED_ACCESS ||
cellCb->csgAccessMode == WR_ENB_HYBRID_ACCESS))
{
numComp = 5;
}
else
{
numComp = 4;
}
if ((cmGetMem(setupReqPdu,
numComp * sizeof(SztProtIE_Field_S1SetupRqstIEs),
(Ptr*)&initMsg->value.u.sztS1SetupRqst.protocolIEs.member)) !=ROK)
{
RLOG0(L_FATAL,"Memory allocation failed for S1 setup req IE's");
WR_FREE_EVNT(setupReqPdu);
RETVALUE(RFAILED);
}
/* IE1 - Filling ENB Global Id */

ie = &initMsg->value.u.sztS1SetupRqst.protocolIEs.member[ieIdx];
wrFillTknU8(&(ie->pres),PRSNT_NODEF);
wrFillTknU32(&(ie->id),Sztid_Global_ENB_ID);
wrFillTknU32(&(ie->criticality),SztCriticalityrejectEnum);
wrFillTknU8(&(ie->value.u.sztGlobal_ENB_ID.pres), PRSNT_NODEF);
wrEmmMmeSztFillS1eNBId(setupReqPdu, wrEmmCb.enbType,
wrEmmCb.enbId,
&wrEmmCb.plmns.plmns[0].plmnInfo.plmnId,
&(ie->value.u.sztGlobal_ENB_ID));
ieIdx++;
/* IE2 - Filling ENB Name */

wrFillTknU32(&(ie->id),Sztid_eNBname);
wrFillTknU32(&(ie->criticality),SztCriticalityignoreEnum);
WR_GET_MEM(setupReqPdu, wrEmmCb.enbNameLen, &(ie->value.u.sztENBname.val));
ie->value.u.sztENBname.len = wrEmmCb.enbNameLen;
if(wrEmmCb.enbNameLen <= WR_EMM_CB_ENB_NAME) /*KW Fix */
{
wrFillTknStrOSXL(&(ie->value.u.sztENBname), wrEmmCb.enbNameLen,
wrEmmCb.enbName, &(setupReqPdu->memCp));
}
else
{
wrFillTknStrOSXL(&(ie->value.u.sztENBname), WR_EMM_CB_ENB_NAME,
wrEmmCb.enbName, &(setupReqPdu->memCp));
}
ieIdx++;
/* IE3 - Filling Supported TAs */

wrFillTknU32(&(ie->id),Sztid_SuppTAs);
WR_SET_ZERO(&suppTAs, sizeof(WrEmmS1SetpSuppTAs));
wrEmmGetSuppTAs(&suppTAs);
wrFillTknU16(&(ie->value.u.sztSuppTAs.noComp), suppTAs.numTAs);
if ((cmGetMem(setupReqPdu, suppTAs.numTAs * sizeof(SztSuppTAs_Item),
(Ptr*)&(ie->value.u.sztSuppTAs.member))) !=ROK)
{
RLOG0(L_FATAL,"wrEmmMmeSztBldSetupReq: cmGetMem failed");
RETVALUE(RFAILED);
}
for( taIdx = 0; taIdx < suppTAs.numTAs; taIdx++)
{
tACItem = &ie->value.u.sztSuppTAs.member[taIdx];
wrFillTknU8(&(tACItem->pres), PRSNT_NODEF);
wrEmmMmeSztFillTAC(suppTAs.taInfo[taIdx].tac, setupReqPdu, &tACItem->tAC);
numComp = suppTAs.taInfo[taIdx].numPlmnIds;
/* Allocate memory for broadcast PLMNs */
if((cmGetMem(setupReqPdu, numComp * sizeof(SztPLMNidentity),
(Ptr*)&(tACItem->broadcastPLMNs.member))) !=ROK)
{
RLOG0(L_FATAL, "Memory allocation failed for PLMN identity");
RETVALUE(RFAILED);
}
wrFillTknU16(&(tACItem->broadcastPLMNs.noComp),numComp);
for(idx = 0; idx < numComp; idx++)
{
wrEmmMmeSztFillPLMNId(setupReqPdu, &(suppTAs.taInfo[taIdx].plmns[idx]),
&(tACItem->broadcastPLMNs.member[idx]));
RLOG2(L_EVENT, "[S1AP]:Sending S1 SETUP REQUEST [CGI:%d] [Supported TAI:%d]",
wrEmmCb.enbId, cellCb->sib1.tac);
}
}
ieIdx++;
wrFillTknU8(&(ie->pres), PRSNT_NODEF);
wrFillTknU32(&(ie->id), Sztid_DefaultPagDRX);
wrFillTknU32(&(ie->value.u.sztPagDRX), cellCb->sib2.pcchCfg.defaultPagingCycle);
wrFillTknU32(&(ie->criticality),SztCriticalityignoreEnum);
ieIdx++;
/* IE4 - Filling the CSGLst */

if((wrEmmCb.numCells == 1) &&
(cellCb->csgAccessMode == WR_ENB_CLOSED_ACCESS ||
cellCb->csgAccessMode == WR_ENB_HYBRID_ACCESS))
{
wrFillTknU8(&(ie->pres), PRSNT_NODEF);
wrFillTknU32(&(ie->id), Sztid_CSG_IdLst);
/* TODO : Handle the case of multiple CSG IDs */
wrFillTknU16(&(ie->value.u.sztCSG_IdLst.noComp), 1);
if((cmGetMem(setupReqPdu, sizeof(SztCSG_IdLst_Item),
(Ptr*)&(ie->value.u.sztCSG_IdLst.member))) !=ROK)
{
RLOG0(L_FATAL,"Memory allocation failed for IDlst item");
RETVALUE(RFAILED);
}
csgItem = &(ie->value.u.sztCSG_IdLst.member[0]);
wrFillTknU8(&(csgItem->pres), cellCb->sib1.csgId.pres);
wrFillTknBStr32(&(csgItem->cSG_Id), WR_S1AP_CSG_ID_LEN, cellCb->sib1.csgId.val);
csgItem->iE_Extns.noComp.pres = NOTPRSNT;
ieIdx++;
}
/* IE5 - Filling the PagDRX */

/* Fill in the number of IEs included in the message */
wrFillTknU16(&(initMsg->value.u.sztS1SetupRqst.protocolIEs.noComp), ieIdx);
/* Pass the constructed PDU back to the caller */

*pdu = setupReqPdu;
RETVALUE(ROK);
} /* wrEmmMmeSztBldSetupReq */
////Step 1 Initial UE Message (wireshark log)
s1ap S1 Application Protocol
 per.extension_bit 0... .... Extension Bit: False
 per.choice_index Choice Index: 0
 s1ap.S1AP_PDU S1AP-PDU: initiatingMessage (0)
o s1ap.initiatingMessage_element initiatingMessage
 s1ap.procedureCode procedureCode: id-initialUEMessage (12)
 per.enum_index Enumerated Index: 1
 s1ap.criticality criticality: ignore (1)
 per.open_type_length Open Type Length: 159
 s1ap.value_element value
 s1ap.InitialUEMessage_element InitialUEMessage
 per.extension_bit 0... .... Extension Bit: False
 per.sequence_of_length Sequence-Of Length: 5
 s1ap.protocolIEs protocolIEs: 5 items
 s1ap Item 0: id-eNB-UE-S1AP-ID
 s1ap.ProtocolIE_Field_element ProtocolIE-Field
 s1ap.id id: id-eNB-UE-S1AP-ID (8)
 s1ap.criticality criticality: reject (0)
 s1ap.ENB_UE_S1AP_ID ENB-UE-S1AP-ID: 1
 s1ap Item 1: id-NAS-PDU
 s1ap.id id: id-NAS-PDU (26)
 per.octet_string_length Octet String Length: 118
 s1ap.NAS_PDU NAS-PDU: 17c0c8102d0b0741020bf61300148001010000000105e060...
 nas-eps Non-Access-Stratum (NAS)PDU
 nas_eps.security_header_type 0001 .... = Security header type: Integrity protected (1)

 gsm_a.L3_protocol_discriminator .... 0111 = Protocol discriminator: EPS mobility management
messages (0x07)
 nas_eps.msg_auth_code Message authentication code: 0xc0c8102d
 nas_eps.seq_no Sequence number: 11
 nas_eps.security_header_type 0000 .... = Security header type: Plain NAS message, not security
protected (0)
messages (0x07)
 nas_eps.nas_msg_emm_type NAS EPS Mobility Management Message Type: Attach request
(0x41)
 nas_eps.emm.tsc 0... .... = Type of security context flag (TSC): Native security context (for
KSIasme)
 nas_eps.emm.nas_key_set_id .000 .... = NAS key set identifier: (0)
 nas_eps.spare_bits .... 0... = Spare bit(s): 0x00
 nas_eps.emm.eps_att_type .... .010 = EPS attach type: Combined EPS/IMSI attach (2)
 gsm_a EPS mobile identity
o gsm_a.len Length: 11
o nas_eps.emm.odd_even .... 0... = odd/even indic: 0
o nas_eps.emm.type_of_id .... .110 = Type of identity: GUTI (6)
o e212.mcc Mobile Country Code (MCC): United States of America (310)
o e212.mnc Mobile Network Code (MNC): Cingular Wireless (410)
o nas_eps.emm.mme_grp_id MME Group ID: 32769
o nas_eps.emm.mme_code MME Code: 1
o nas_eps.emm.m_tmsi M-TMSI: 0x00000001 //
 gsm_a UE network capability
o nas_eps.emm.eea0 1... .... = EEA0: Supported
o nas_eps.emm.128eea1 .1.. .... = 128-EEA1: Supported
o nas_eps.emm.128eea2 ..1. .... = 128-EEA2: Supported
o nas_eps.emm.eea3 ...0 .... = 128-EEA3: Not Supported
o nas_eps.emm.eea4 .... 0... = EEA4: Not Supported
o nas_eps.emm.eea5 .... .0.. = EEA5: Not Supported
o nas_eps.emm.eea6 .... ..0. = EEA6: Not Supported
o nas_eps.emm.eea7 .... ...0 = EEA7: Not Supported
o nas_eps.emm.eia0 0... .... = EIA0: Not Supported
o nas_eps.emm.128eia1 .1.. .... = 128-EIA1: Supported
o nas_eps.emm.128eia2 ..1. .... = 128-EIA2: Supported
o nas_eps.emm.eia3 ...0 .... = 128-EIA3: Not Supported
o nas_eps.emm.eia4 .... 0... = EIA4: Not Supported
o nas_eps.emm.eia5 .... .0.. = EIA5: Not Supported
o nas_eps.emm.eia6 .... ..0. = EIA6: Not Supported
o nas_eps.emm.eia7 .... ...0 = EIA7: Not Supported
o nas_eps.emm.uea0 1... .... = UEA0: Supported
o nas_eps.emm.uea1 .1.. .... = UEA1: Supported
o nas_eps.emm.uea2 ..0. .... = UEA2: Not Supported
o nas_eps.emm.uea3 ...0 .... = UEA3: Not Supported
o nas_eps.emm.uea4 .... 0... = UEA4: Not Supported
o nas_eps.emm.uea5 .... .0.. = UEA5: Not Supported
o nas_eps.emm.uea6 .... ..0. = UEA6: Not Supported
o nas_eps.emm.uea7 .... ...0 = UEA7: Not Supported
o nas_eps.emm.emm_ucs2_supp 0... .... = UCS2 support (UCS2): The UE has a preference
for the default alphabet
o nas_eps.emm.uia1 .1.. .... = UMTS integrity algorithm UIA1: Supported
o nas_eps.emm.uia2 ..0. .... = UMTS integrity algorithm UIA2: Not Supported
o nas_eps.emm.uia3 ...0 .... = UMTS integrity algorithm UIA3: Not Supported
o nas_eps.emm.uia4 .... 0... = UMTS integrity algorithm UIA4: Not Supported
o nas_eps.emm.uia5 .... .0.. = UMTS integrity algorithm UIA5: Not Supported
o nas_eps.emm.uia6 .... ..0. = UMTS integrity algorithm UIA6: Not Supported
o nas_eps.emm.uia7 .... ...0 = UMTS integrity algorithm UIA7: Not Supported
o nas_eps.spare_bits 00.. .... = Spare bit(s): 0x00
o nas_eps.emm.h245_ash_cap ..0. .... = H.245-ASH capability: H.245 after SRVCC
handover capability not supported
o nas_eps.emm.acc_csfb_cap ...1 .... = ACC-CSFB capability: eNodeB-based access class
control for CSFB supported
o nas_eps.emm.lpp_cap .... 1... = LPP capability: LTE Positioning Protocol supported
o nas_eps.emm.lcs_cap .... .0.. = LCS capability: Location services notification mechanisms
not supported
o nas_eps.emm.1xsrvcc_cap .... ..0. = 1xSRVCC capability: SRVCC from E-UTRAN to
cdma2000 1x CS not supported
o nas_eps.emm.nf_cap .... ...1 = NF capability: Notification procedure supported
 gsm_a ESM message container
o nas_eps.emm.esm_msg_cont ESM message container contents:
0204d011d1271d8080211001000010810600000000830600...
 nas_eps.bearer_id 0000 .... = EPS bearer identity: No EPS bearer identity
assigned (0)
 gsm_a.L3_protocol_discriminator .... 0010 = Protocol discriminator: EPS session
management messages (0x02)
 nas_eps.esm.proc_trans_id Procedure transaction identity: 4
 nas_eps.nas_msg_esm_type NAS EPS session management messages: PDN
connectivity request (0xd0)
 nas_eps.esm_pdn_type 0001 .... = PDN type: IPv4 (1)
 nas_eps.esm_request_type .... 0001 = Request type: initial request (1)
 ESM information transfer flag
 nas_eps 1101 .... = Element ID: 0xd-
 nas_eps.spare_bits .... 000. = Spare bit(s): 0x00
 nas_eps.emm.eit .... ...1 = EIT (ESM information transfer): Security
protected ESM information transfer required
 gsm_a.gm Protocol Configuration Options
 gsm_a.gm.elem_id Element ID: 0x27
 gsm_a.len Length: 29
 gsm_a.gm.sm.link_dir Link direction: MS to network (0)
 gsm_a.gm.sm.ext 1... .... = Extension: True
 gsm_a.gm.sm Configuration Protocol: PPP for use with IP PDP type or IP
PDN type (0)
 gsm_a.gm.sm.pco_pid Protocol or Container ID: Internet Protocol
Control Protocol (0x8021)
 Length: 0x10 (16)
 ipcp PPP IP Control Protocol
 ppp.code Code: Configuration Request (1)
 ppp.identifier Identifier: 0 (0x00)
 ppp.length Length: 16
 Options: (12 bytes), Primary DNS Server IP Address,
Secondary DNS Server IP Address
 ipcp.opt Primary DNS Server IP Address: 0.0.0.0
 ipcp.opt.type Type: Primary DNS Server IP
Address (129)
 ipcp.opt.length Length: 6
 ipcp.opt.pri_dns_address Primary DNS
Address: 0.0.0.0 (0.0.0.0)
 ipcp.opt Secondary DNS Server IP Address:
0.0.0.0
 ipcp.opt.type Type: Secondary DNS
Server IP Address (131)
 ipcp.opt.sec_dns_address Secondary DNS
Address: 0.0.0.0 (0.0.0.0)
 gsm_a.gm.sm.pco_pid Protocol or Container ID: DNS Server IPv4
Address Request (0x000d)
 gsm_a.gm.sm Length: 0x00 (0)
 gsm_a.gm.sm.pco_pid Protocol or Container ID: IP address allocation
via NAS signalling (0x000a)
 gsm_a.gm.sm.pco_pid Protocol or Container ID: IPv4 Link MTU Request
(0x0010)
 Length: 0x00 (0)
 nas_eps.emm Tracking area identity - Last visited registered TAI
o nas_eps.emm.elem_id Element ID: 0x52
o nas_eps.emm.tai_tac Tracking area code(TAC): 0x0001
 gsm_a.gm DRX Parameter
o gsm_a.gm.elem_id Element ID: 0x5c
o gsm_a.gm.gmm.split_pg_cycle_code SPLIT PG CYCLE CODE: 10 (10)
o gsm_a.gm.gmm.cn_spec_drx_cycle_len_coef 0000 .... = CN Specific DRX cycle length
coefficient: CN Specific DRX cycle length coefficient / value not specified by the MS (0)
o gsm_a.gm.gmm.split_on_ccch .... 0... = SPLIT on CCCH: Split pg cycle on CCCH is not
supported by the mobile station
o gsm_a.gm.gmm.non_drx_timer .... .000 = Non-DRX timer: no non-DRX mode after
transfer state (0)
 gsm_a.gm MS Network Capability
o gsm_a.gm.elem_id Element ID: 0x31
o gsm_a.gm.gmm.net_cap.gea1 1... .... = GEA/1: Encryption algorithm available
o gsm_a.gm.gmm.net_cap.smdch .1.. .... = SM capabilities via dedicated channels:
Mobile station supports mobile terminated point to point SMS via dedicated signalling
channels
o gsm_a.gm.gmm.net_cap.smgprs ..1. .... = SM capabilities via GPRS channels: Mobile
station supports mobile terminated point to point SMS via GPRS packet data channels
o gsm_a.gm.gmm.net_cap.ucs2 ...0 .... = UCS2 support: The ME has a preference for the
default alphabet (defined in 3GPP TS 23.038 [8b]) over UCS2
o gsm_a.gm.gmm.net_cap.ss_scr_ind .... 01.. = SS Screening Indicator: capability of
handling of ellipsis notation and phase 2 error handling (0x01)
o gsm_a.gm.gmm.net_cap.solsa .... ..0. = SoLSA Capability: The ME does not support
SoLSA
o gsm_a.gm.gmm.net_cap.rev .... ...1 = Revision level indicator: Used by a mobile station
supporting R99 or later versions of the protocol
o gsm_a.gm.gmm.net_cap.pfc 1... .... = PFC feature mode: Mobile station does support
BSS packet flow procedures
o gsm_a.gm.gmm.net_cap.ext_gea_bits .110 000. = Extended GEA bits: 0x30
 gsm_a.gm.gmm.net_cap.gea2 .1.. .... = GEA/2: Encryption algorithm available
 gsm_a.gm.gmm.net_cap.gea3 ..1. .... = GEA/3: Encryption algorithm available
 gsm_a.gm.gmm.net_cap.gea4 ...0 .... = GEA/4: Encryption algorithm not
available
 gsm_a.gm.gmm.net_cap.gea5 .... 0... = GEA/5: Encryption algorithm not
available
 gsm_a.gm.gmm.net_cap.gea6 .... .0.. = GEA/6: Encryption algorithm not
available
 gsm_a.gm.gmm.net_cap.gea7 .... ..0. = GEA/7: Encryption algorithm not
available
o gsm_a.gm.gmm.net_cap.lcs .... ...0 = LCS VA capability: LCS value added location
request notification capability not supported
o gsm_a.gm.gmm.net_cap.ps_irat_iu 0... .... = PS inter-RAT HO from GERAN to UTRAN Iu
mode capability: PS inter-RAT HO to UTRAN Iu mode not supported
o gsm_a.gm.gmm.net_cap.ps_irat_s1 .0.. .... = PS inter-RAT HO from GERAN to E-UTRAN
S1 mode capability: PS inter-RAT HO to E-UTRAN S1 mode not supported
o gsm_a.gm.gmm.net_cap.comb_proc ..1. .... = EMM Combined procedures capability:
Mobile station supports EMM combined procedures
o gsm_a.gm.gmm.net_cap.isr ...1 .... = ISR support: The mobile station supports ISR
o gsm_a.gm.gmm.net_cap.srvcc_to_geran .... 1... = SRVCC to GERAN/UTRAN capability:
SRVCC from UTRAN HSPA or E-UTRAN to GERAN/UTRAN supported
o gsm_a.gm.gmm.net_cap.epc .... .1.. = EPC capability: EPC supported
o gsm_a.gm.gmm.net_cap.nf .... ..1. = NF capability: Mobile station supports the
notification procedure
o gsm_a.gm.gmm.net_cap.geran_net_sharing .... ...0 = GERAN network sharing capability:
Mobile station does not support GERAN network sharing
 nas_eps.common Location area identification - Old location area identification
o nas_eps.common.elem_id Element ID: 0x13
o e212 Location Area Identification (LAI) - 310/410/1
 e212.mcc Mobile Country Code (MCC): United States of America (310)
 e212.mnc Mobile Network Code (MNC): Cingular Wireless (410)
 gsm_a.lac Location Area Code (LAC): 0x0001 (1)
 nas_eps.common Mobile station classmark 2
o gsm_a.spareb8 0... .... = Spare: 0
o gsm_a.MSC_rev .10. .... = Revision Level: Used by mobile stations supporting R99 or
later versions of the protocol (2)
o gsm_a.ES_IND ...1 .... = ES IND: Controlled Early Classmark Sending option is
implemented in the MS
o gsm_a.A5_1_algorithm_sup .... 0... = A5/1 algorithm supported: encryption algorithm
A5/1 available
o gsm_a.RF_power_capability .... .111 = RF Power Capability: RF Power capability is
irrelevant in this information element (7)
o gsm_a.spareb8 0... .... = Spare: 0
o gsm_a.ps_sup_cap .1.. .... = PS capability (pseudo-synchronization capability): PS
capability present
o gsm_a.SS_screening_indicator ..01 .... = SS Screening Indicator: Capability of handling
of ellipsis notation and phase 2 error handling (1)
o gsm_a.SM_cap .... 1... = SM capability (MT SMS pt to pt capability): Mobile station
supports mobile terminated point to point SMS
o gsm_a.VBS_notification_rec .... .0.. = VBS notification reception: no VBS capability or no
notifications wanted
o gsm_a.VGCS_notification_rec .... ..0. = VGCS notification reception: no VGCS capability
or no notifications wanted
o gsm_a.FC_frequency_cap .... ...0 = FC Frequency Capability: The MS does not support
the E-GSM or R-GSM band
o gsm_a.CM3 1... .... = CM3: The MS supports options that are indicated in classmark 3 IE
o gsm_a.spareb7 .0.. .... = Spare: 0
o gsm_a.LCS_VA_cap ..1. .... = LCS VA capability (LCS value added location request
notification capability): LCS value added location request notification capability
supported
o gsm_a.UCS2_treatment ...0 .... = UCS2 treatment: the ME has a preference for the
default alphabet
o gsm_a.SoLSA .... 0... = SoLSA: The ME does not support SoLSA
o gsm_a.CMSP .... .1.. = CMSP: CM Service Prompt: Network initiated MO CM connection
request supported for at least one CM protocol
o gsm_a.A5_3_algorithm_sup .... ..1. = A5/3 algorithm supported: encryption algorithm
A5/3 available
o gsm_a.A5_2_algorithm_sup .... ...0 = A5/2 algorithm supported: encryption algorithm
A5/2 not available
 nas_eps.common Mobile station classmark 3
o gsm_a.spare_bits 0... .... = Spare bit(s): 0
o gsm_a.multi_bnd_sup_fields .110 .... = Multiband supported field: 6
 gsm_a.classmark3.gsm1800Supported .1.. .... = GSM 1800 Supported: true
 gsm_a.classmark3.egsmSupported ..1. .... = E-GSM or R-GSM Supported: true
 gsm_a.classmark3.pgsmSupported ...0 .... = P-GSM Supported: false
o gsm_a.classmark3.a5_bits .... 0000 = A5 bits: 0x00
 gsm_a.A5_7_algorithm_sup .... 0... = A5/7 algorithm supported: encryption
algorithm A5/7 not available
 gsm_a.A5_6_algorithm_sup .... .0.. = A5/6 algorithm supported: encryption
 gsm_a.A5_5_algorithm_sup .... ..0. = A5/5 algorithm supported: encryption
 gsm_a.A5_4_algorithm_sup .... ...0 = A5/4 algorithm supported: encryption
o gsm_a.classmark3.ass_radio_cap2 0001 .... = Associated Radio Capability 2: 1
o gsm_a.classmark3.ass_radio_cap1 .... 0100 = Associated Radio Capability 1: 4
o gsm_a.classmark3.rsupport 0... .... = R Support: false
o gsm_a.classmark3.multislot_capabilities .0.. .... = HSCSD Multi Slot Capability: false
o gsm_a.UCS2_treatment ..0. .... = UCS2 treatment: the ME has a preference for the
default alphabet
o gsm_a.classmark3.ext_meas_cap ...0 .... = Extended Measurement Capability: false
o gsm_a.classmark3.ms_measurement_capability .... 0... = MS measurement capability:
false
o gsm_a.classmark3.ms_pos_method_cap_present .... .1.. = MS Positioning Method
Capability present: true
o gsm_a.classmark3.ms_pos_method .... ..00 011. .... = MS Positioning Method: 0x03
 gsm_a.classmark3.ms_assisted_e_otd .... ..0. = MS assisted E-OTD: MS assisted
E-OTD not supported
 gsm_a.classmark3.ms_based_e_otd .... ...0 = MS based E-OTD: MS based E-OTD
not supported
 gsm_a.classmark3.ms_assisted_gps 0... .... = MS assisted GPS: MS assisted GPS
not supported
 gsm_a.classmark3.ms_based_gps .1.. .... = MS based GPS: MS based GPS
supported
 gsm_a.classmark3.ms_conventional_gps ..1. .... = MS Conventional GPS:
Conventional GPS supported
o gsm_a.classmark3.ecsd_multi_slot_capability ...0 .... = ECSD Multi Slot Capability
present: false
o gsm_a.classmark3.8_psk_struct_present .... 1... = 8-PSK Struct present: true
o gsm_a.classmark3.8_psk_struct .... .111 0110 .... = 8-PSK Struct: 0x76
 gsm_a.classmark3.modulation_capability .... .1.. = Modulation Capability: 8-PSK
supported for uplink transmission and downlink reception
 gsm_a.classmark3.8_psk_rf_power_capability_1_present .... ..1. = 8-PSK RF
Power Capability 1 present: true
 gsm_a.classmark3.8_psk_rf_power_capability_1 .... ...1 0... .... = 8-PSK RF Power
Capability 1: Power class E2 (0x02)
 gsm_a.classmark3.8_psk_rf_power_capability_2_present .1.. .... = 8-PSK RF
Power Capability 2 present: true
 gsm_a.classmark3.8_psk_rf_power_capability_2 ..10 .... = 8-PSK RF Power
Capability 2: Power class E2 (0x02)
o gsm_a.classmark3.gsm_400_band_info_present .... 0... = GSM 400 Band Information
present: false
o gsm_a.classmark3.gsm_850_assoc_radio_cap_present .... .1.. = GSM 850 Associated
Radio Capability present: true
o gsm_a.classmark3.gsm_850_assoc_radio_cap .... ..01 00.. .... = GSM 850 Associated
Radio Capability: 0x04
o gsm_a.classmark3.gsm_1900_assoc_radio_cap_present ..1. .... = GSM 1900 Associated
Radio Capability present: true
o gsm_a.classmark3.gsm_1900_assoc_radio_cap ...0 001. = GSM 1900 Associated Radio
Capability: 0x01
o gsm_a.classmark3.umts_fdd_rat_cap .... ...1 = UMTS FDD Radio Access Technology
Capability: UMTS FDD supported
o gsm_a.classmark3.umts_384_mcps_tdd_rat_cap 0... .... = UMTS 3.84 Mcps TDD Radio
Access Technology Capability: UMTS 3.84 Mcps TDD not supported
o gsm_a.classmark3.cdma_2000_rat_cap .0.. .... = CDMA 2000 Radio Access Technology
Capability: CDMA 2000 not supported
o gsm_a.classmark3.dtm_e_gprs_multi_slot_info_present ..0. .... = DTM E/GPRS Multi
Slot Information present: false
o gsm_a.classmark3.single_band_support ...0 .... = Single Band Support: false
o gsm_a.classmark3.gsm_750_assoc_radio_cap_present .... 0... = GSM 750 Associated
Radio Capability present: false
o gsm_a.classmark3.umts_128_mcps_tdd_rat_cap .... .0.. = UMTS 1.28 Mcps TDD Radio
Access Technology Capability: UMTS 1.28 Mcps TDD not supported
o gsm_a.classmark3.geran_feature_package_1 .... ..1. = GERAN Feature Package 1:
GERAN feature package 1 supported
o gsm_a.classmark3.ext_dtm_e_gprs_info_present .... ...0 = Extended DTM E/GPRS Multi
Slot Information present: false
o gsm_a.classmark3.high_multislot_cap_present 0... .... = High Multislot Capability
present: false
o gsm_a.classmark3.geran_iu_mode_support .0.. .... = GERAN Iu Mode Support: false
o gsm_a.classmark3.geran_feature_package_2 ..0. .... = GERAN Feature Package 2:
GERAN feature package 2 not supported
o gsm_a.classmark3.gmsk_multislot_power_prof ...0 0... = GMSK Multislot Power Profile:
GMSK_MULTISLOT_POWER_PROFILE 0 (0)
o gsm_a.classmark3.8_psk_multislot_power_prof .... .00. = 8-PSK Multislot Power Profile:
8-PSK_MULTISLOT_POWER_PROFILE 0 (0)
o gsm_a.classmark3.gsm_400_band_info_present .... ...0 = T-GSM 400 Band Information
present: false
o gsm_a.classmark3.t_gsm_900_assoc_radio_cap_present 0... .... = T-GSM 900
Associated Radio Capability present: false
o gsm_a.classmark3.downlink_adv_receiver_perf .01. .... = Downlink Advanced Receiver
Performance: Downlink Advanced Receiver Performance - phase I supported (1)
o gsm_a.classmark3.dtm_enhancements_capability ...0 .... = DTM Enhancements
Capability: The mobile station does not support enhanced DTM CS establishment and
release procedures
o gsm_a.classmark3.dtm_e_gprs_high_mutli_slot_info_present .... 0... = DTM E/GPRS
High Multi Slot Information present: false
o gsm_a.classmark3.repeated_acch_cap .... .1.. = Repeated ACCH Capability: The mobile
station supports Repeated SACCH and Repeated Downlink FACCH
o gsm_a.classmark3.gsm_710_assoc_radio_cap_present .... ..0. = GSM 710 Associated
o gsm_a.classmark3.t_gsm_810_assoc_radio_cap_present .... ...0 = T-GSM 810 Associated
o gsm_a.classmark3.ciphering_mode_setting_cap 0... .... = Ciphering Mode Setting
Capability: The mobile station does not support the Ciphering Mode Setting IE in the
DTM ASSIGNMENT COMMAND message
o gsm_a.classmark3.additional_positioning_caps .0.. .... = Additional Positioning
Capabilities: The mobile station does not support additional positioning capabilities
which can be retrieved using RRLP
o gsm_a.classmark3.e_utra_fdd_support ..1. .... = E-UTRA FDD support: E-UTRA FDD
supported
o gsm_a.classmark3.e_utra_tdd_support ...1 .... = E-UTRA TDD support: E-UTRA TDD
supported
o gsm_a.classmark3.e_utra_meas_and_report_support .... 1... = E-UTRA Measurement
and Reporting support: E-UTRAN Neighbour Cell measurements and measurement
reporting while having an RR connection supported
o gsm_a.classmark3.prio_based_resel_support .... .1.. = Priority-based reselection
support: Priority-based cell reselection supported
o gsm_a.classmark3.utra_csg_cells_reporting .... ..0. = UTRA CSG Cells Reporting:
Reporting of UTRAN CSG cells not supported
o gsm_a.classmark3.vamos_level .... ...0 0... .... = VAMOS Level: VAMOS not supported (0)
o gsm_a.classmark3.tighter_cap .01. .... = TIGHTER Capability: TIGHTER supported for
speech and signalling channels only (1)
o gsm_a.classmark3.selective_ciph_down_sacch ...0 .... = Selective Ciphering of Downlink
SACCH: Not supported
o gsm_a.classmark3.cs_to_ps_srvcc_geran_to_utra .... 00.. = CS to PS SRVCC from GERAN
to UTRA: CS to PS SRVCC from GERAN to UMTS FDD and 1.28 Mcps TDD not
supported (0)
o gsm_a.classmark3.cs_to_ps_srvcc_geran_to_eutra .... ..00 = CS to PS SRVCC from
GERAN to E-UTRA: CS to PS SRVCC from GERAN to E-UTRA FDD and TDD not
supported (0)
 gsm_a.dtap Supported Codec List - Supported Codecs
o gsm_a.dtap.elem_id Element ID: 0x40
o gsm_a.dtap.sysid System Identification (SysID): UMTS (0x04)
o gsm_a.dtap.bitmap_length Bitmap Length: 2
o gsm_a.dtap.codec Codec Bitmap for SysID 1
 gsm_a.dtap.codec.tdma_efr 0... .... = TDMA EFR: False
 gsm_a.dtap.codec.umts_amr_2 .1.. .... = UMTS AMR 2: True
 gsm_a.dtap.codec.umts_amr ..1. .... = UMTS AMR: True
 gsm_a.dtap.codec.hr_amr ...0 .... = HR AMR: False
 gsm_a.dtap.codec.fr_amr .... 0... = FR AMR: False
 gsm_a.dtap.codec.gsm_efr .... .0.. = GSM EFR: False
 gsm_a.dtap.codec.gsm_hr .... ..0. = GSM HR: False
 gsm_a.dtap.codec.gsm_fr .... ...0 = GSM FR: False
 gsm_a.spare_bits 00.. .... = Spare bit(s): 0
 gsm_a.dtap.codec.ohr_amr_wb ..0. .... = OHR AMR-WB: False
 gsm_a.dtap.codec.ofr_amr_wb ...0 .... = OFR AMR-WB: False
 gsm_a.dtap.codec.ohr_amr .... 0... = OHR AMR: False
 gsm_a.dtap.codec.umts_amr_wb .... .0.. = UMTS AMR-WB: False
 gsm_a.dtap.codec.fr_amr_wb .... ..0. = FR AMR-WB: False
 gsm_a.dtap.codec.pdc_efr .... ...0 = PDC EFR: False
o gsm_a.dtap.sysid System Identification (SysID): GSM (0x00)
o gsm_a.dtap.bitmap_length Bitmap Length: 2
o gsm_a.dtap.codec Codec Bitmap for SysID 2
 gsm_a.dtap.codec.tdma_efr 0... .... = TDMA EFR: False
 gsm_a.dtap.codec.umts_amr_2 .0.. .... = UMTS AMR 2: False
 gsm_a.dtap.codec.umts_amr ..0. .... = UMTS AMR: False
 gsm_a.dtap.codec.hr_amr ...1 .... = HR AMR: True
 gsm_a.dtap.codec.fr_amr .... 1... = FR AMR: True
 gsm_a.dtap.codec.gsm_efr .... .1.. = GSM EFR: True
 gsm_a.dtap.codec.gsm_hr .... ..1. = GSM HR: True
 gsm_a.dtap.codec.gsm_fr .... ...1 = GSM FR: True
 gsm_a.spare_bits 00.. .... = Spare bit(s): 0
 gsm_a.dtap.codec.ohr_amr_wb ..0. .... = OHR AMR-WB: False
 gsm_a.dtap.codec.ofr_amr_wb ...0 .... = OFR AMR-WB: False
 gsm_a.dtap.codec.ohr_amr .... 0... = OHR AMR: False
 gsm_a.dtap.codec.umts_amr_wb .... .0.. = UMTS AMR-WB: False
 gsm_a.dtap.codec.fr_amr_wb .... ..0. = FR AMR-WB: False
 gsm_a.dtap.codec.pdc_efr .... ...0 = PDC EFR: False
 gsm_a.gm Voice domain preference and UE's usage setting
o gsm_a.gm.elem_id Element ID: 0x5d
o gsm_a.spare_bits 0000 0... = Spare bit(s): 0
o gsm_a.gm.gmm.ue_usage_setting .... .0.. = UE's usage setting: Voice centric
o gsm_a.gm.gmm.voice_domain_pref_for_eutran .... ..11 = Voice domain preference for
E-UTRAN: IMS PS voice preferred, CS Voice as secondary (3)
 GUTI type - Old GUTI type
o nas_eps 1110 .... = Element ID: 0xe-
o nas_eps.spare_bits .... 000. = Spare bit(s): 0x00
o nas_eps.emm.guti_type .... ...0 = GUTI type: Native GUTI
 MS network feature support
o gsm_a 1100 .... = Element ID: 0xc-
o gsm_a.spare_bits .... 000. = Spare bit(s): 0
o gsm_a.ext_periodic_timers .... ...1 = Extended periodic timers: MS supports the
extended periodic timer in this domain
 s1ap Item 2: id-TAI

 s1ap.id id: id-TAI (67)
 s1ap.TAI_element TAI

 per.optional_field_bit .0.. .... Optional Field Bit: False (iE-Extensions is NOT present)
 s1ap.pLMNidentity pLMNidentity: 134001
 e212.mcc Mobile Country Code (MCC): United States of America (310)
 e212.mnc Mobile Network Code (MNC): Cingular Wireless (410)
 s1ap.tAC tAC: 0001
 s1ap Item 3: id-EUTRAN-CGI

 s1ap.id id: id-EUTRAN-CGI (100)
 s1ap.EUTRAN_CGI_element EUTRAN-CGI

 s1ap.cell_ID cell-ID: 1a2d0010 [bit length 28, 4 LSB pad bits, 0001 1010 0010 1101 0000 0000
0001 .... decimal value 27447297]
 s1ap Item 4: id-RRC-Establishment-Cause

 s1ap.id id: id-RRC-Establishment-Cause (134)
 per.extension_present_bit 0... .... Extension Present Bit: False
 s1ap.RRC_Establishment_Cause RRC-Establishment-Cause: mo-Signalling (3)
//Step 1 Initial UE Message (TS36.331)
initialUEMessage S1AP-ELEMENTARY-PROCEDURE ::= {

INITIATING MESSAGE InitialUEMessage
PROCEDURE CODE id-initialUEMessage
CRITICALITY ignore
}
InitialUEMessage ::= SEQUENCE {

protocolIEs ProtocolIE-Container {{InitialUEMessage-IEs}},
...
}
InitialUEMessage-IEs S1AP-PROTOCOL-IES ::= {

{ ID id-eNB-UE-S1AP-ID CRITICALITY reject TYPE ENB-UE-S1AP-ID PRESENCE mandatory}|
{ ID id-NAS-PDU CRITICALITY reject TYPE NAS-PDU PRESENCE mandatory}| // 例如 attach request
{ ID id-TAI CRITICALITY reject TYPE TAI PRESENCE mandatory}|

{ ID id-EUTRAN-CGI CRITICALITY ignore TYPE EUTRAN-CGI PRESENCE mandatory}|
{ ID id-RRC-Establishment-Cause CRITICALITY ignore TYPE RRC-Establishment-Cause PRESENCE mandatory}|
{ ID id-S-TMSI CRITICALITY reject TYPE S-TMSI PRESENCE optional}|
{ ID id-CSG-Id CRITICALITY reject TYPE CSG-Id PRESENCE optional}|
{ ID id-GUMMEI-ID CRITICALITY reject TYPE GUMMEI PRESENCE optional}|
{ ID id-CellAccessMode CRITICALITY reject TYPE CellAccessMode PRESENCE optional}|
{ ID id-GW-TransportLayerAddress CRITICALITY ignore TYPE TransportLayerAddress PRESENCE optional}|
{ ID id-RelayNode-Indicator CRITICALITY reject TYPE RelayNode-Indicator PRESENCE optional}|
{ ID id-GUMMEIType CRITICALITY ignore TYPE GUMMEIType PRESENCE optional}|
-- Extension for Release 11 to support BBAI --
{ ID id-Tunnel-Information-for-BBF CRITICALITY ignore TYPE TunnelInformation PRESENCE optional}|
{ ID id-SIPTO-L-GW-TransportLayerAddress CRITICALITY ignore TYPE TransportLayerAddress PRESENCE optional}|
{ ID id-LHN-ID CRITICALITY ignore TYPE LHN-ID PRESENCE optional}|
{ ID id-MME-Group-ID CRITICALITY ignore TYPE MME-Group-ID PRESENCE optional}|
{ ID id-UE-Usage-Type CRITICALITY ignore TYPE UE-Usage-Type PRESENCE optional},
...
}
// Radisys code
/**
* @brief This function builds the S1AP initial UE message
*
PUBLIC S16 wrUmmS1apBldInitUePdu
/* List of IEs
* 1. UE ENB S1AP ID
* 2. NAS PDU
* 3. TAI
* 4. EUTRAN CGI
* 5. Establishment Cause
* 6. S-TMSI
*7 Csg Id
* 8. Registered MME
* 9. Cell Access Mode
*10. GUMMEI Type
* */
////Step2 Downlink NAS Transport {AUTHENTICATION REQUEST}

 s1ap.procedureCode procedureCode: id-downlinkNASTransport (11)
 s1ap.DownlinkNASTransport_element DownlinkNASTransport
 s1ap Item 0: id-MME-UE-S1AP-ID
 s1ap.id id: id-MME-UE-S1AP-ID (0)
 s1ap.MME_UE_S1AP_ID MME-UE-S1AP-ID: 211
 s1ap.NAS_PDU NAS-PDU: 075200e80526e22caab2fc9a4dda558c612e6a109113c6e1...
protected (0)
messages (0x07)
 nas_eps.nas_msg_emm_type NAS EPS Mobility Management Message Type: Authentication
request (0x52)
 nas_eps.emm.spare_half_octet 0000 .... = Spare half octet: 0
 nas_eps.emm.tsc .... 0... = Type of security context flag (TSC): Native security context (for
KSIasme)
 nas_eps.emm.nas_key_set_id .... .000 = NAS key set identifier: (0) ASME
 gsm_a.dtap Authentication Parameter RAND - EPS challenge
o gsm_a.dtap.rand RAND value: e80526e22caab2fc9a4dda558c612e6a
 gsm_a Authentication Parameter AUTN (UMTS and EPS authentication challenge) - EPS
challenge
o gsm_a.dtap.autn AUTN value: 9113c6e1085c9001df93421ca180ebe5
 gsm_a.dtap.autn.sqn_xor_ak SQN xor AK: 9113c6e1085c
 gsm_a.dtap.autn.amf AMF: 9001
 gsm_a.dtap.autn.mac MAC: df93421ca180ebe5
/////
//////Step3 Uplink NAS Transport {AUTHENTICATION RESPONSE}

 s1ap.procedureCode procedureCode: id-uplinkNASTransport (13)
 s1ap.UplinkNASTransport_element UplinkNASTransport
 s1ap.NAS_PDU NAS-PDU: 17662f85fa0c0753083158e212e3432930
 nas_eps.security_header_type 0001 .... = Security header type: Integrity

protected (1)
 gsm_a.L3_protocol_discriminator .... 0111 = Protocol discriminator: EPS
mobility management messages (0x07)
 nas_eps.msg_auth_code Message authentication code: 0x662f85fa
 nas_eps.security_header_type 0000 .... = Security header type: Plain NAS
message, not security protected (0)
 nas_eps.nas_msg_emm_type NAS EPS Mobility Management Message Type:
Authentication response (0x53)
 gsm_a Authentication response parameter
o nas_eps.emm.res RES: 3158e212e3432930


 per.optional_field_bit .0.. .... Optional Field Bit: False (iE-Extensions is NOT
present)
 s1ap.cell_ID cell-ID: 1a2d0010 [bit length 28, 4 LSB pad bits, 0001 1010 0010
1101 0000 0000 0001 .... decimal value 27447297]


present)
////// Step 4 Downlink NAS Transport {SECURITY MODE COMMAND}

 s1ap.NAS_PDU NAS-PDU: 377b99f3e300075d010005e060c04070c1
 nas_eps.security_header_type 0011 .... = Security header type: Integrity protected with new
EPS security context (3)
messages (0x07)
 nas_eps.msg_auth_code Message authentication code: 0x7b99f3e3
protected (0)
messages (0x07)
 nas_eps.nas_msg_emm_type NAS EPS Mobility Management Message Type: Security mode
command (0x5d)
 nas_eps NAS security algorithms - Selected NAS security algorithms
o nas_eps.spare_bits 0... .... = Spare bit(s): 0x00
o nas_eps.emm.toc .000 .... = Type of ciphering algorithm: EPS encryption algorithm
EEA0 (null ciphering algorithm) (0)
o nas_eps.spare_bits .... 0... = Spare bit(s): 0x00
o nas_eps.emm.toi .... .001 = Type of integrity protection algorithm: EPS integrity
algorithm 128-EIA1 (1)
 nas_eps.emm.spare_half_octet 0000 .... = Spare half octet: 0
 nas_eps.emm.tsc .... 0... = Type of security context flag (TSC): Native security context (for
KSIasme)
 nas_eps.emm.nas_key_set_id .... .000 = NAS key set identifier: (0) ASME
 gsm_a UE security capability - Replayed UE security capabilities
o nas_eps.emm.eea0 1... .... = EEA0: Supported
o nas_eps.emm.128eea1 .1.. .... = 128-EEA1: Supported
o nas_eps.emm.128eea2 ..1. .... = 128-EEA2: Supported
o nas_eps.emm.eea3 ...0 .... = 128-EEA3: Not Supported
o nas_eps.emm.eea4 .... 0... = EEA4: Not Supported
o nas_eps.emm.eea5 .... .0.. = EEA5: Not Supported
o nas_eps.emm.eea6 .... ..0. = EEA6: Not Supported
o nas_eps.emm.eea7 .... ...0 = EEA7: Not Supported
o nas_eps.emm.eia0 0... .... = EIA0: Not Supported
o nas_eps.emm.128eia1 .1.. .... = 128-EIA1: Supported
o nas_eps.emm.128eia2 ..1. .... = 128-EIA2: Supported
o nas_eps.emm.eia3 ...0 .... = 128-EIA3: Not Supported
o nas_eps.emm.eia4 .... 0... = EIA4: Not Supported
o nas_eps.emm.eia5 .... .0.. = EIA5: Not Supported
o nas_eps.emm.eia6 .... ..0. = EIA6: Not Supported
o nas_eps.emm.eia7 .... ...0 = EIA7: Not Supported
o nas_eps.emm.uea0 1... .... = UEA0: Supported
o nas_eps.emm.uea1 .1.. .... = UEA1: Supported
o nas_eps.emm.uea2 ..0. .... = UEA2: Not Supported
o nas_eps.emm.uea3 ...0 .... = UEA3: Not Supported
o nas_eps.emm.uea4 .... 0... = UEA4: Not Supported
o nas_eps.emm.uea5 .... .0.. = UEA5: Not Supported
o nas_eps.emm.uea6 .... ..0. = UEA6: Not Supported
o nas_eps.emm.uea7 .... ...0 = UEA7: Not Supported
o nas_eps.emm.uia1 .1.. .... = UMTS integrity algorithm UIA1: Supported
o nas_eps.emm.uia2 ..0. .... = UMTS integrity algorithm UIA2: Not Supported
o nas_eps.emm.uia3 ...0 .... = UMTS integrity algorithm UIA3: Not Supported
o nas_eps.emm.uia4 .... 0... = UMTS integrity algorithm UIA4: Not Supported
o nas_eps.emm.uia5 .... .0.. = UMTS integrity algorithm UIA5: Not Supported
o nas_eps.emm.uia6 .... ..0. = UMTS integrity algorithm UIA6: Not Supported
o nas_eps.emm.uia7 .... ...0 = UMTS integrity algorithm UIA7: Not Supported
o nas_eps.emm.gea1 .1.. .... = GPRS encryption algorithm GEA1: Supported
o nas_eps.emm.gea2 ..1. .... = GPRS encryption algorithm GEA2: Supported
o nas_eps.emm.gea3 ...1 .... = GPRS encryption algorithm GEA3: Supported
o nas_eps.emm.gea4 .... 0... = GPRS encryption algorithm GEA4: Not Supported
o nas_eps.emm.gea5 .... .0.. = GPRS encryption algorithm GEA5: Not Supported
o nas_eps.emm.gea6 .... ..0. = GPRS encryption algorithm GEA6: Not Supported
o nas_eps.emm.gea7 .... ...0 = GPRS encryption algorithm GEA7: Not Supported
 IMEISV request
o nas_eps 1100 .... = Element ID: 0xc-
o nas_eps.spare_bits .... 0... = Spare bit(s): 0x00
o nas_eps.emm.imeisv_req .... .001 = IMEISV request: IMEISV requested (1)
/// Step 5 Uplink NAS Transport {SECURITY MODE COMPLETE}


 s1ap.NAS_PDU NAS-PDU: 475edcb58300075e23093345240736324307f2

protected and ciphered with new EPS security context (4)
 nas_eps.msg_auth_code Message authentication code: 0x5edcb583
 nas_eps.security_header_type 0000 .... = Security header type: Plain NAS
message, not security protected (0)
 nas_eps.nas_msg_emm_type NAS EPS Mobility Management Message Type:
Security mode complete (0x5e)
 nas_eps.common Mobile identity - IMEISV - IMEISV (3544270632334702)
o gsm_a 0011 .... = Identity Digit 1: 3
o gsm_a.oddevenind .... 0... = Odd/even indication: Even number of identity
digits
o gsm_a.ie.mobileid.type .... .011 = Mobile Identity Type: IMEISV (3)
o gsm_a.imeisv BCD Digits: 3544270632334702
o 1111 .... = Filler


present)
1101 0000 0000 0001 .... decimal value 27447297]


present)
////////////////////////////////
//// Step 6 : Downlink NAS Transport {ESM INFORMATION REQUEST}

 s1ap.NAS_PDU NAS-PDU: 2795789852010204d9
 nas_eps.security_header_type 0010 .... = Security header type: Integrity protected and

ciphered (2)
messages (0x07)
 nas_eps.msg_auth_code Message authentication code: 0x95789852
 nas_eps.bearer_id 0000 .... = EPS bearer identity: No EPS bearer identity assigned (0)
 gsm_a.L3_protocol_discriminator .... 0010 = Protocol discriminator: EPS session management
messages (0x02)
 nas_eps.esm.proc_trans_id Procedure transaction identity: 4
 nas_eps.nas_msg_esm_type NAS EPS session management messages: ESM information
request (0xd9)
//// Step 7: Uplink NAS Transport {ESM INFORMATION RESPONSE}


 s1ap.NAS_PDU NAS-PDU: 27788398fa010204da280c0b6e787467656e70686f6e65

protected and ciphered (2)
 nas_eps.msg_auth_code Message authentication code: 0x788398fa
 nas_eps.bearer_id 0000 .... = EPS bearer identity: No EPS bearer identity
assigned (0)
 gsm_a.L3_protocol_discriminator .... 0010 = Protocol discriminator: EPS session
 nas_eps.nas_msg_esm_type NAS EPS session management messages: ESM
information response (0xda)
 gsm_a.gm Access Point Name
o gsm_a.gm.sm.apn APN: nxtgenphone

present)
1101 0000 0000 0001 .... decimal value 27447297]


present)
/////
//////Step 8: Initial Context Setup Request {ATTACH ACCEPT, ACTIVATE DEFAULT EPS BEARER CONTEXT REQUEST}

 s1ap.procedureCode procedureCode: id-InitialContextSetup (9)
 s1ap.InitialContextSetupRequest_element InitialContextSetupRequest
 s1ap Item 2: id-uEaggregateMaximumBitrate
 s1ap.id id: id-uEaggregateMaximumBitrate (66)
 s1ap.UEAggregateMaximumBitrate_element UEAggregateMaximumBitrate

 s1ap.uEaggregateMaximumBitRateDL uEaggregateMaximumBitRateDL: 100000000
 s1ap.uEaggregateMaximumBitRateUL uEaggregateMaximumBitRateUL: 50000000
 s1ap Item 3: id-E-RABToBeSetupListCtxtSUReq

 s1ap.id id: id-E-RABToBeSetupListCtxtSUReq (24)
 s1ap.E_RABToBeSetupListCtxtSUReq E-RABToBeSetupListCtxtSUReq: 1 item
 s1ap Item 0: id-E-RABToBeSetupItemCtxtSUReq

o s1ap.ProtocolIE_SingleContainer_element ProtocolIE-SingleContainer
 s1ap.id id: id-E-RABToBeSetupItemCtxtSUReq (52)
 s1ap.E_RABToBeSetupItemCtxtSUReq_element E-RABToBeSetupItemCtxtSUReq
 per.optional_field_bit .1.. .... Optional Field Bit: True (nAS-PDU is present)
 per.optional_field_bit ..0. .... Optional Field Bit: False (iE-Extensions is NOT
present)
 per.extension_present_bit ...0 .... Extension Present Bit: False
 s1ap.e_RAB_ID e-RAB-ID: 5
 s1ap.e_RABlevelQoSParameters_element e-RABlevelQoSParameters
 per.optional_field_bit .0.. .... Optional Field Bit: False
(gbrQosInformation is NOT present)
 per.optional_field_bit ..0. .... Optional Field Bit: False (iE-Extensions
is NOT present)
 s1ap.qCI qCI: 9
 s1ap.allocationRetentionPriority_element allocationRetentionPriori
ty
(iE-Extensions is NOT present)
 s1ap.priorityLevel priorityLevel: no-priority (15)
 s1ap.pre_emptionCapability pre-emptionCapability:
shall-not-trigger-pre-emption (0)
 s1ap.pre_emptionVulnerability pre-emptionVulnerability:
not-pre-emptable (0)
 per.bit_string_length Bit String Length: 32
 s1ap.transportLayerAddress transportLayerAddress: 7f000164 [bit length 32,
0111 1111 0000 0000 0000 0001 0110 0100 decimal value 2130706788]
 s1ap.transportLayerAddressIPv4 transportLayerAddress(IPv4):
127.0.1.100 (127.0.1.100)
 s1ap.gTP_TEID gTP-TEID: 7e10b568
 s1ap.nAS_PDU nAS-PDU:
27756d9fd702074202e00600130014000100285204c10109...
 nas_eps.security_header_type 0010 .... = Security header type:
Integrity protected and ciphered (2)
 gsm_a.L3_protocol_discriminator .... 0111 = Protocol discriminator:
EPS mobility management messages (0x07)
 nas_eps.msg_auth_code Message authentication code: 0x756d9fd7
 nas_eps.seq_no Sequence number: 2
 nas_eps.security_header_type 0000 .... = Security header type:
Plain NAS message, not security protected (0)
 gsm_a.L3_protocol_discriminator .... 0111 = Protocol discriminator:
EPS mobility management messages (0x07)
 nas_eps.nas_msg_emm_type NAS EPS Mobility Management
Message Type: Attach accept (0x42)
 nas_eps.emm.spare_half_octet 0000 .... = Spare half octet: 0
 nas_eps.spare_bits .... 0... = Spare bit(s): 0x00
 nas_eps.emm.EPS_attach_result .... .010 = Attach result: Combined
EPS/IMSI attach (2)
 GPRS Timer - T3412 value
 gsm_a.gm.gmm GPRS Timer: timer is deactivated
 gsm_a.gm.gmm.gprs_timer_unit 111. .... = Unit:
value indicates that the timer is deactivated (7)
 gsm_a.gm.gmm.gprs_timer_value ...0 0000 =
Timer value: 0
 gsm_a Tracking area identity list - TAI list
 nas_eps.spare_bits 0... .... = Spare bit(s): 0x00
 nas_eps.emm.tai_tol .00. .... = Type of list: list of TACs
belonging to one PLMN, with non-consecutive TAC values
(0)
 nas_eps.emm.tai_n_elem ...0 0000 = Number of elements:
0 [+1 = 1 element(s)]
 e212.mcc Mobile Country Code (MCC): United States of
America (310)
 e212.mnc Mobile Network Code (MNC): Cingular Wireless
(410)
 nas_eps.emm.tai_tac Tracking area code(TAC): 0x0001
 gsm_a ESM message container
 nas_eps.emm.esm_msg_cont ESM message container
contents:
5204c101090c0b6e787467656e70686f6e650501c0a80381
...
 nas_eps.bearer_id 0101 .... = EPS bearer identity:
EPS bearer identity value 5 (5)
 gsm_a.L3_protocol_discriminator .... 0010 =
Protocol discriminator: EPS session management
messages (0x02)
 nas_eps.esm.proc_trans_id Procedure transaction
identity: 4
 nas_eps.nas_msg_esm_type NAS EPS session
management messages: Activate default EPS
bearer context request (0xc1)
 gsm_a EPS quality of service
 nas_eps.emm.qci Quality of Service Class
Identifier (QCI): QCI 9 (9)
 gsm_a Access Point Name
 gsm_a.gm.sm.apn APN: nxtgenphone
 gsm_a PDN address
 nas_eps.spare_bits 0000 0... = Spare
bit(s): 0x00
 nas_eps.esm_pdn_type PDN type: IPv4
(1)
 nas_eps.esm.pdn_ipv4 PDN IPv4:
192.168.3.129 (192.168.3.129)
 gsm_a.gm.sm.link_dir Link direction:
Network to MS (1)
 gsm_a.gm.sm.ext 1... .... = Extension:
True
 gsm_a.gm.sm Configuration Protocol:
PPP for use with IP PDP type or IP PDN
type (0)
 gsm_a.gm.sm.pco_pid Protocol or
Container ID: Internet Protocol Control
Protocol (0x8021)
 Length: 0x0a (10)

 ipcp PPP IP Control Protocol
o ppp.code Code:
Configuration Nak (3)
o ppp.identifier Identifier:
0 (0x00)
o ppp.length Length: 10
o Options: (6 bytes),
Primary DNS Server IP
Address
 ipcp.opt Prima
ry DNS Server
IP Address:
192.168.168.1
 ipcp.
opt.ty
pe Ty
pe:
Prima
ry
DNS
Serve
r IP
Addr
ess
(129)
 ipcp.
opt.le
ngth
Lengt
h: 6
 ipcp.
opt.p
ri_dn
s_add
ress P
rimar
y DNS
Addr
ess:
192.1
68.16
8.1
(192.
168.1
68.1)
 nas_eps.emm EPS mobile identity - GUTI

 nas_eps.emm.elem_id Element ID: 0x50
 nas_eps.emm.odd_even .... 0... = odd/even indic: 0
 nas_eps.emm.type_of_id .... .110 = Type of identity: GUTI
(6)
 e212.mcc Mobile Country Code (MCC): United States of
America (310)
 e212.mnc Mobile Network Code (MNC): Cingular Wireless
(410)
 nas_eps.emm.mme_grp_id MME Group ID: 32769
 nas_eps.emm.mme_code MME Code: 1
 nas_eps.emm.m_tmsi M-TMSI: 0x00000001
 nas_eps.common Location area identification
 nas_eps.common.elem_id Element ID: 0x13
 e212 Location Area Identification (LAI) - 310/410/1
 e212.mcc Mobile Country Code (MCC): United
States of America (310)
 e212.mnc Mobile Network Code (MNC): Cingular
Wireless (410)
 gsm_a.lac Location Area Code (LAC): 0x0001 (1)
 nas_eps.common Mobile identity - MS identity - TMSI/P-TMSI
(0x0001)
 nas_eps.common.elem_id Element ID: 0x23
 gsm_a.unused 0000 .... = Unused: 0x00
 gsm_a.oddevenind .... 0... = Odd/even indication: Even
number of identity digits
 gsm_a.ie.mobileid.type .... .100 = Mobile Identity Type:
TMSI/P-TMSI/M-TMSI (4)
 gsm_a.tmsi TMSI/P-TMSI: 0x00000001
 nas_eps.emm EPS network feature support
 nas_eps.emm.elem_id Element ID: 0x64
 nas_eps.spare_bits 00.. .... = Spare bit(s): 0x00
 nas_eps.emm.esr_ps ..0. .... = ESRPS: network does not
support use of EXTENDED SERVICE REQUEST to request for
packet services
 nas_eps.emm.cs_lcs ...0 0... = CS-LCS: no information
about support of location services via CS domain is
available (0)
 nas_eps.emm.epc_lcs .... .0.. = EPC-LCS: location services
via EPC not supported
 nas_eps.emm.emc_bs .... ..0. = EMC BS: emergency bearer
services in S1 mode not supported
 nas_eps.emm.ims_vops .... ...1 = IMS VoPS: IMS voice over
PS session in S1 mode supported
 s1ap Item 4: id-UESecurityCapabilities

 s1ap.id id: id-UESecurityCapabilities (107)
 s1ap.UESecurityCapabilities_element UESecurityCapabilities

 per.extension_present_bit ..0. .... Extension Present Bit: False
 s1ap.encryptionAlgorithms encryptionAlgorithms: c000 [bit length 16, 1100 0000 0000 0000 decimal value
49152]
 per.extension_present_bit ...0 .... Extension Present Bit: False
 s1ap.integrityProtectionAlgorithms integrityProtectionAlgorithms: c000 [bit length 16, 1100 0000 0000 0000
decimal value 49152]
 s1ap Item 5: id-SecurityKey
 s1ap.id id: id-SecurityKey (73)
 s1ap.SecurityKey SecurityKey: 061787a33046218e9a58bb029aeff40d6e2ea1a1fe4f09af... [bit length 256]
 //////Step 9: UECapabilityInfoIndication
 s1ap S1 Application Protocol
o per.extension_bit 0... .... Extension Bit: False

o per.choice_index Choice Index: 0
o s1ap.S1AP_PDU S1AP-PDU: initiatingMessage (0)
 s1ap.initiatingMessage_element initiatingMessage
 s1ap.procedureCode procedureCode: id-UECapabilityInfoIndication (22)
 s1ap.UECapabilityInfoIndication_element UECapabilityInfoIndication
 s1ap.MME_UE_S1AP_ID MME-UE-S1AP-ID: 211

 s1ap.ENB_UE_S1AP_ID ENB-UE-S1AP-ID: 1
 s1ap Item 2: id-UERadioCapability

 s1ap.id id: id-UERadioCapability (74)
 per.octet_string_length Octet String Length: 364

 s1ap.UERadioCapability UERadioCapability:
040b480108165c99800d0008308308112460c9b4c9d40d9b...
o lte-rrc.UERadioAccessCapabilityInformation_element UERadioAccessCapabilityInform
ation
 per.choice_index Choice Index: 0
 lte-rrc.criticalExtensions criticalExtensions: c1 (0)
 per.choice_index Choice Index: 0
///Step 10: Initial Context Setup Response [E-RAB Setup List Res]

 s1ap.S1AP_PDU S1AP-PDU: successfulOutcome (1)
o s1ap.successfulOutcome_element successfulOutcome
 s1ap.procedureCode procedureCode: id-InitialContextSetup (9)
 s1ap.InitialContextSetupResponse_element InitialContextSetupResponse
 s1ap Item 2: id-E-RABSetupListCtxtSURes
 s1ap.id id: id-E-RABSetupListCtxtSURes (51)
 s1ap.E_RABSetupListCtxtSURes E-RABSetupListCtxtSURes: 1 item
 s1ap Item 0: id-E-RABSetupItemCtxtSURes

 s1ap.id id: id-E-RABSetupItemCtxtSURes (50)
 s1ap.E_RABSetupItemCtxtSURes_element E-RABSetupItemCtxtSURes
 per.extension_present_bit ..0. .... Extension Present Bit: False
 per.extension_present_bit .... ...0 Extension Present Bit: False
 s1ap.transportLayerAddress transportLayerAddress: 7f000101
[bit length 32, 0111 1111 0000 0000 0000 0001 0000 0001
 s1ap.transportLayerAddressIPv4 transportLayerAddress(
IPv4): 127.0.1.1 (127.0.1.1)
 s1ap.gTP_TEID gTP-TEID: 6f84e480
///// Step 11: Uplink NAS Transport {ATTACH COMPLETE, ACTIVATE DEFAULT EPS BEARER CONTEXT ACCEPT}

 s1ap.NAS_PDU NAS-PDU: 27412e302e02074300035200c2

ciphered (2)
messages (0x07)
 nas_eps.msg_auth_code Message authentication code: 0x412e302e
protected (0)
messages (0x07)
 nas_eps.nas_msg_emm_type NAS EPS Mobility Management Message Type: Attach complete
(0x43)
 gsm_a ESM message container
o nas_eps.emm.esm_msg_cont ESM message container contents: 5200c2
 nas_eps.bearer_id 0101 .... = EPS bearer identity: EPS bearer identity value 5 (5)
 gsm_a.L3_protocol_discriminator .... 0010 = Protocol discriminator: EPS session
 nas_eps.esm.proc_trans_id Procedure transaction identity: 0
 nas_eps.nas_msg_esm_type NAS EPS session management messages: Activate
default EPS bearer context accept (0xc2)


0001 .... decimal value 27447297]

/////
///// Step 12: Uplink NAS Transport {PDN CONNECTIVITY REQUEST}

 s1ap.NAS_PDU NAS-PDU: 27d0f44064030205d031280403696d732726808021100100...

ciphered (2)
messages (0x07)
 nas_eps.msg_auth_code Message authentication code: 0xd0f44064
 nas_eps.bearer_id 0000 .... = EPS bearer identity: No EPS bearer identity assigned (0)
messages (0x02)
 nas_eps.nas_msg_esm_type NAS EPS session management messages: PDN connectivity
request (0xd0)
 nas_eps.esm_pdn_type 0011 .... = PDN type: IPv4v6 (3)
 nas_eps.esm_request_type .... 0001 = Request type: initial request (1)
 gsm_a.gm Access Point Name
o gsm_a.gm.sm.apn APN: ims
 gsm_a.gm Protocol Configuration Options
o gsm_a.gm.sm.link_dir Link direction: MS to network (0)
o gsm_a.gm.sm.ext 1... .... = Extension: True
o gsm_a.gm.sm Configuration Protocol: PPP for use with IP PDP type or IP PDN type (0)
o gsm_a.gm.sm.pco_pid Protocol or Container ID: Internet Protocol Control Protocol
(0x8021)
 Length: 0x10 (16)
 ppp.code Code: Configuration Request (1)
 Options: (12 bytes), Primary DNS Server IP Address, Secondary DNS
Server IP Address
 ipcp.opt Primary DNS Server IP Address: 0.0.0.0
 ipcp.opt.type Type: Primary DNS Server IP Address (129)
 ipcp.opt.pri_dns_address Primary DNS Address: 0.0.0.0
(0.0.0.0)
 ipcp.opt Secondary DNS Server IP Address: 0.0.0.0
 ipcp.opt.type Type: Secondary DNS Server IP Address
(131)
 ipcp.opt.sec_dns_address Secondary DNS Address:
0.0.0.0 (0.0.0.0)
o gsm_a.gm.sm.pco_pid Protocol or Container ID: DNS Server IPv4 Address Request
(0x000d)
o gsm_a.gm.sm.pco_pid Protocol or Container ID: DNS Server IPv6 Address Request
(0x0003)
o gsm_a.gm.sm.pco_pid Protocol or Container ID: P-CSCF IPv6 Address Request
(0x0001)
o gsm_a.gm.sm.pco_pid Protocol or Container ID: P-CSCF IPv4 Address Request (0x000c)
o gsm_a.gm.sm.pco_pid Protocol or Container ID: IP address allocation via NAS
signalling (0x000a)
o gsm_a.gm.sm.pco_pid Protocol or Container ID: IPv4 Link MTU Request (0x0010)
 Length: 0x00 (0)


0001 .... decimal value 27447297]


// Step 13: E-RAB Setup Request {ACTIVATE DEFAULT EPS BEARER CONTEXT REQUEST}

 s1ap.procedureCode procedureCode: id-E-RABSetup (5)
 s1ap.E_RABSetupRequest_element E-RABSetupRequest
 s1ap Item 2: id-E-RABToBeSetupListBearerSUReq
 s1ap.id id: id-E-RABToBeSetupListBearerSUReq (16)
 s1ap.E_RABToBeSetupListBearerSUReq E-RABToBeSetupListBearerSUReq: 1 item
 s1ap Item 0: id-E-RABToBeSetupItemBearerSUReq

 s1ap.id id: id-E-RABToBeSetupItemBearerSUReq (17)
 s1ap.E_RABToBeSetupItemBearerSUReq_element E-RABToBeSetupIte
mBearerSUReq
 s1ap.e_RABlevelQoSParameters_element e-RABlevelQoSParam
eters
 per.extension_bit .... ...0 Extension Bit: False
 per.optional_field_bit 0... .... Optional Field Bit: False
(gbrQosInformation is NOT present)
 s1ap.qCI qCI: 5
 s1ap.allocationRetentionPriority_element allocationRete
ntionPriority
 per.optional_field_bit .0.. .... Optional Field Bit:
False (iE-Extensions is NOT present)
 s1ap.priorityLevel priorityLevel: highest (1)
 s1ap.pre_emptionCapability pre-emptionCapabili
ty: shall-not-trigger-pre-emption (0)
 s1ap.pre_emptionVulnerability pre-emptionVuln
erability: not-pre-emptable (0)
[bit length 32, 0111 1111 0000 0000 0000 0001 0110 0100
IPv4): 127.0.1.100 (127.0.1.100)
 s1ap.gTP_TEID gTP-TEID: 7e10b569
 s1ap.nAS_PDU nAS-PDU:
277def620a036205c101050403696d730d03fd0001830001...
 nas_eps.security_header_type 0010 .... = Security header
type: Integrity protected and ciphered (2)
 gsm_a.L3_protocol_discriminator .... 0111 = Protocol
discriminator: EPS mobility management messages
(0x07)
 nas_eps.msg_auth_code Message authentication code:
0x7def620a
 nas_eps.seq_no Sequence number: 3
 nas_eps.bearer_id 0110 .... = EPS bearer identity: EPS
bearer identity value 6 (6)
 gsm_a.L3_protocol_discriminator .... 0010 = Protocol
discriminator: EPS session management messages (0x02)
 nas_eps.esm.proc_trans_id Procedure transaction
identity: 5
 nas_eps.nas_msg_esm_type NAS EPS session
management messages: Activate default EPS bearer
context request (0xc1)
 gsm_a EPS quality of service
 nas_eps.emm.qci Quality of Service Class
Identifier (QCI): QCI 5 (5)
 gsm_a Access Point Name
 gsm_a.gm.sm.apn APN: ims
 gsm_a PDN address
 nas_eps.spare_bits 0000 0... = Spare bit(s): 0x00
 nas_eps.esm_pdn_type PDN type: IPv4v6 (3)
 nas_eps.esm.pdn_ipv6_if_id PDN IPv6 if id:
fd00018300010001
 nas_eps.esm.pdn_ipv4 PDN IPv4: 192.168.3.2
(192.168.3.2)
 gsm_a.gm.sm.link_dir Link direction: Network to
MS (1)
 gsm_a.gm.sm.ext 1... .... = Extension: True
 gsm_a.gm.sm Configuration Protocol: PPP for
use with IP PDP type or IP PDN type (0)
 gsm_a.gm.sm.pco_pid Protocol or Container ID:
Internet Protocol Control Protocol (0x8021)
 Length: 0x0a (10)
 ppp.code Code: Configuration
Nak (3)
 Options: (6 bytes), Primary DNS
Server IP Address
 ipcp.opt Primary DNS

Server IP Address:
192.168.168.1
o ipcp.opt.type Type:
Primary DNS Server
IP Address (129)
o ipcp.opt.length Len
gth: 6
o ipcp.opt.pri_dns_a
ddress Primary
DNS Address:
192.168.168.1
(192.168.168.1)

P-CSCF IPv4 Address (0x000c)
 Length: 0x04 (4)
 gsm_a.gm.sm IPv4: 192.168.168.183
P-CSCF IPv6 Address (0x0001)









 Length: 0x10 (16)
 IPv6: fd01::183
/// Step 14: E-RAB Setup Response

 s1ap.S1AP_PDU S1AP-PDU: successfulOutcome (1)
o s1ap.successfulOutcome_element successfulOutcome
 s1ap.procedureCode procedureCode: id-E-RABSetup (5)
 s1ap.E_RABSetupResponse_element E-RABSetupResponse
 s1ap Item 2: id-E-RABSetupListBearerSURes
 s1ap.id id: id-E-RABSetupListBearerSURes (28)
 s1ap.E_RABSetupListBearerSURes E-RABSetupListBearerSURes: 1 item
 s1ap Item 0: id-E-RABSetupItemBearerSURes

 s1ap.id id: id-E-RABSetupItemBearerSURes (39)
 s1ap.E_RABSetupItemBearerSURes_element E-RABSetupItemBearerSU
Res
 per.extension_present_bit .... ...0 Extension Present Bit: False
[bit length 32, 0111 1111 0000 0000 0000 0001 0000 0001
IPv4): 127.0.1.1 (127.0.1.1)
 s1ap.gTP_TEID gTP-TEID: 6f84e481
//////Step 15: Uplink NAS Transport {ACTIVATE DEFAULT EPS BEARER CONTEXT ACCEPT}

 s1ap.NAS_PDU NAS-PDU: 273df71ae5046200c2

ciphered (2)
messages (0x07)
 nas_eps.msg_auth_code Message authentication code: 0x3df71ae5
 nas_eps.bearer_id 0110 .... = EPS bearer identity: EPS bearer identity value 6 (6)
messages (0x02)
 nas_eps.nas_msg_esm_type NAS EPS session management messages: Activate default EPS
bearer context accept (0xc2)


0001 .... decimal value 27447297]


/////
/////Step 16:Initial UE Message {SERVICE REQUEST}
 s1ap S1 Application Protocol

o per.choice_index Choice Index: 0
o s1ap.S1AP_PDU S1AP-PDU: initiatingMessage (0)
 s1ap.initiatingMessage_element initiatingMessage
 s1ap.procedureCode procedureCode: id-initialUEMessage (12)
 s1ap.InitialUEMessage_element InitialUEMessage
 s1ap.ENB_UE_S1AP_ID ENB-UE-S1AP-ID: 2

 per.octet_string_length Octet String Length: 4

 s1ap.NAS_PDU NAS-PDU: c7055ac8
 nas-eps Non-Access-Stratum (NAS)PDU
o nas_eps.security_header_type 1100 .... = Security header type: Security header for the
SERVICE REQUEST message (12)
o gsm_a.L3_protocol_discriminator .... 0111 = Protocol discriminator: EPS mobility
o nas_eps.emm KSI and sequence number
 nas_eps.emm.nas_key_set_id 000. .... = NAS key set identifier: (0)
 nas_eps.seq_no_short ...0 0101 = Sequence number (short): 5
o nas_eps.emm Short MAC - Message authentication code (short)
 nas_eps.emm.short_mac Message authentication code (short): 0x5ac8

 s1ap.TAI_element TAI
o per.optional_field_bit .0.. .... Optional Field Bit: False (iE-Extensions is NOT present)
o s1ap.pLMNidentity pLMNidentity: 134001
o s1ap.tAC tAC: 0001

 s1ap.EUTRAN_CGI_element EUTRAN-CGI
o s1ap.pLMNidentity pLMNidentity: 134001
o s1ap.cell_ID cell-ID: 1a2d0010 [bit length 28, 4 LSB pad bits, 0001 1010 0010 1101 0000
0000 0001 .... decimal value 27447297]
 s1ap Item 4: id-RRC-Establishment-Cause

 s1ap.id id: id-RRC-Establishment-Cause (134)
 per.extension_present_bit 0... .... Extension Present Bit: False
 per.enum_index Enumerated Index: 4
 s1ap.RRC_Establishment_Cause RRC-Establishment-Cause: mo-Data (4)
 s1ap Item 5: id-S-TMSI

 s1ap.id id: id-S-TMSI (96)
 s1ap.S_TMSI_element S-TMSI
o s1ap.mMEC mMEC: 01
o s1ap.m_TMSI m-TMSI: 00000001

S1AP View of LTE Attach & EPS Bearer Setup (2018-0326)

Uploaded by

Copyright:

Available Formats

S1AP View of LTE Attach & EPS Bearer Setup (2018-0326)

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

S1AP View of LTE Attach & EPS Bearer Setup (2018-0326)

Uploaded by

Copyright:

Available Formats

What is the purpose of the S1 Setup Request message?

What is the purpose of the S1 Setup Request message?

What information is included in the S1 Setup Request message?

What information is included in the S1 Setup Request message?

http://niviuk.free.fr/rrc_lte.

RLOG0(L_DEBUG, "Building S1 SETUP");

/// Szt_asn.h \ga1.3\src\cm)

/* Any cell is representative of eNB for some of its parameters */

RLOG_ARG1(L_DEBUG, DBG_CELLID,cellCb->cellId,"eNodeB ID: [%d]",

/* Initialize memory control point */

/*wrFillTkn functions will be referred from sz_utl.c file*/

/* Filling mandatory IEs */

/* IE1 - Filling ENB Global Id */

/* IE2 - Filling ENB Name */

/* IE3 - Filling Supported TAs */

/* IE4 - Filling the CSGLst */

/* IE5 - Filling the PagDRX */

/* Pass the constructed PDU back to the caller */

 nas_eps.security_header_type 0001 .... = Security header type: Integrity protected (1)

 s1ap Item 2: id-TAI

 per.extension_bit 0... .... Extension Bit: False

 s1ap Item 3: id-EUTRAN-CGI

 per.extension_bit 0... .... Extension Bit: False

 s1ap Item 4: id-RRC-Establishment-Cause

//Step 1 Initial UE Message (TS36.331)

initialUEMessage S1AP-ELEMENTARY-PROCEDURE ::= {

InitialUEMessage ::= SEQUENCE {

InitialUEMessage-IEs S1AP-PROTOCOL-IES ::= {

{ ID id-NAS-PDU CRITICALITY reject TYPE NAS-PDU PRESENCE mandatory}| // 例如 attach request

{ ID id-TAI CRITICALITY reject TYPE TAI PRESENCE mandatory}|

 per.extension_bit 0... .... Extension Bit: False

s1ap S1 Application Protocol

 per.extension_bit 0... .... Extension Bit: False

 nas_eps.security_header_type 0001 .... = Security header type: Integrity

 s1ap Item 3: id-EUTRAN-CGI

 per.extension_bit 0... .... Extension Bit: False

 s1ap Item 4: id-TAI

 per.extension_bit 0... .... Extension Bit: False

 per.extension_bit 0... .... Extension Bit: False

/// Step 5 Uplink NAS Transport {SECURITY MODE COMPLETE}

 per.extension_bit 0... .... Extension Bit: False

 nas_eps.security_header_type 0100 .... = Security header type: Integrity

 s1ap Item 3: id-EUTRAN-CGI

 per.extension_bit 0... .... Extension Bit: False

 s1ap Item 4: id-TAI

 per.extension_bit 0... .... Extension Bit: False

 per.extension_bit 0... .... Extension Bit: False

 nas_eps.security_header_type 0010 .... = Security header type: Integrity protected and

//// Step 7: Uplink NAS Transport {ESM INFORMATION RESPONSE}

 per.extension_bit 0... .... Extension Bit: False

 nas_eps.security_header_type 0010 .... = Security header type: Integrity

 per.extension_bit 0... .... Extension Bit: False

 s1ap Item 4: id-TAI

 per.extension_bit 0... .... Extension Bit: False

 per.extension_bit 0... .... Extension Bit: False

 per.extension_bit 0... .... Extension Bit: False

 s1ap Item 3: id-E-RABToBeSetupListCtxtSUReq

 s1ap Item 0: id-E-RABToBeSetupItemCtxtSUReq

 Length: 0x0a (10)

/wrFillTkn functions will be referred from sz_utl.c file/