Transcription
Oracle Communications SessionBorder ControllerTSCF SDK GuideRelease 2.0.0F23719-01October 2019
Oracle Communications Session Border Controller TSCF SDK Guide, Release 2.0.0F23719-01Copyright 2014, 2019, Oracle and/or its affiliates. All rights reserved.This software and related documentation are provided under a license agreement containing restrictions on use anddisclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement orallowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit,perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilationof this software, unless required by law for interoperability, is prohibited.The information contained herein is subject to change without notice and is not warranted to be error-free. If you findany errors, please report them to us in writing.If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf ofthe U.S. Government, then the following notice is applicable:U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, anyprograms installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercialcomputer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplementalregulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operatingsystem, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to licenseterms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.This software or hardware is developed for general use in a variety of information management applications. It is notdeveloped or intended for use in any inherently dangerous applications, including applications that may create a risk ofpersonal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take allappropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliatesdisclaim any liability for any damages caused by use of this software or hardware in dangerous applications.Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of theirrespective owners.Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used underlicense and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, andthe AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registeredtrademark of The Open Group.This software or hardware and documentation may provide access to or information about content, products, andservices from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim allwarranties of any kind with respect to third-party content, products, and services unless otherwise set forth in anapplicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss,costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth inan applicable agreement between you and Oracle.
ContentsAbout This GuideRevision History12OverviewTSM Tunnel1-2SDK Host Operating System Relationship1-3Provided Functionality1-3Compile the TSM Library and DocumentationSDK Directories2-1Download and Compile OpenSSL2-2Android Development2-2Install Android Build Environment Pre-Requisites2-2Build the TSC SDK Libraries for Android2-3Create the Android Application with Android Studio2-4iOS DevelopmentSet up iOS Environment2-8Build TSC SDK Libraries for iOS2-8Generate the API Documentation32-82-10Accessing and Using the TSM SDK APIsSample TSM SDK-based Applications3-1Using The SDK To Create A TSM Tunnel3-2Enabling Redundancy3-4Error Codes3-5iii
About This GuideAbout This GuideThe Oracle Communications Tunneled Session Controller SDK Guide describes the clientside SDK (software development kit) that facilitates the creation of secure tunnels between aclient application and the Tunneled Session Controller Function (TSCF) of the OracleCommunications Session Border Controller. A client is typically a softphone application thatutilizes the SDK software libraries and source code to create TLS tunnels to a TSCF service,thus achieving secure real time communications and ubiquitous firewall traversal.This document specifically describes the SDK, functional libraries, and source code suppliedwith the SDK Version 2.0.0.Documentation SetThe following table describes the documentation set for this release.Document NameDocument DescriptionAcme Packet 4600 Hardware InstallationGuideContains information about the components andinstallation of the Acme Packet 4600.Acme Packet 6100 Hardware InstallationGuideContains information about the components andinstallation of the Acme Packet 6100.Acme Packet 6300 Hardware InstallationGuideContains information about the components andinstallation of the Acme Packet 6300.Acme Packet 6350 Hardware InstallationGuideContains information about the components andinstallation of the Acme Packet 6350.Release NotesContains information about the current documentation setrelease, including new features and management changes.ACLI Configuration GuideContains information about the administration andsoftware configuration of the Service Provider OracleCommunications Session Border Controller.ACLI Reference GuideContains explanations of how to use the ACLI, as analphabetical listings and descriptions of all ACLIcommands and configuration parameters.Maintenance and Troubleshooting GuideContains information about Oracle CommunicationsSession Border Controller logs, performanceannouncements, system management, inventorymanagement, upgrades, working with configurations, andmanaging backups and archives.MIB Reference GuideContains information about Management Information Base(MIBs), Oracle Communication's enterprise MIBs, generaltrap information, including specific details about standardtraps and enterprise traps, Simple Network ManagementProtocol (SNMP) GET query information (includingstandard and enterprise SNMP GET query names, objectidentifier names and numbers, and descriptions), examplesof scalar and table objects.iv
About This GuideDocument NameDocument DescriptionAccounting GuideContains information about the Oracle CommunicationsSession Border Controller’s accounting support, includingdetails about RADIUS and Diameter accounting.HDR Resource GuideContains information about the Oracle CommunicationsSession Border Controller’s Historical Data Recording(HDR) feature. This guide includes HDR configurationand system-wide statistical information.Administrative Security EssentialsContains information about the Oracle CommunicationsSession Border Controller’s support for its AdministrativeSecurity license.SBC Family Security GuideContains information about security considerations andbest practices from a network and application securityperspective for the Oracle Communications SessionBorder Controller family of products.Installation and Platform Preparation Guide Contains information about upgrading system images andany pre-boot system provisioning.Call Traffic Monitoring GuideContains information about traffic monitoring and packettraces as collected on the system. This guide also includesWebGUI configuration used for the SIP Monitor and Traceapplication.HMR Resource GuideContains information about configuring and using HeaderManipulation Rules to manage service traffic.REST API GuideContains information about the supported REST APIs andhow to use the REST API interface.Revision HistoryDateDescriptionSeptember 2019 Initial releasev
Revision HistoryRevision HistoryDateDescriptionSeptember 2019 Initial releaseNovember 2019 Adds iOS support for 2.0.0m1vi
1OverviewTunnel Session Management (TSM) improves firewall traversal for real time communicationsfor OTT VoIP applications and reduces the dependency on SIP/TLS and SRTP by encryptingaccess-side VoIP within standardized VPN tunnels. As calls or sessions traverse a TSM tunnel,the Oracle Communications Session Border Controller (OCSBC) will route all SIP and RTPtraffic from within the TSM tunnel to the core (or appropriate destination).Oracle Communications is working with other telecom providers and vendors to standardizeTSM. Within the 3GPP, TSM is called a Tunneled Services Control Function (TSCF).Currently the 3GPP Technical Requirement draft is TR 33.8de V0.1.3 (2012-05) as astandardized approach for overcoming non-IMS aware firewall issues with supportingcompanies including China Mobile, Ericsson, Huawei, Intel, RIM, Vodafone, and ZTE. Beyondthe standard, we provide exceptional tunnel performance & capacity within the OCSBC as wellas high availability, DDoS protection and our patented TSM Tunnel Redundancy to improveaudio quality in lossy networks such as the Internet.Figure 1-1Basic TSM SetupTSM consists of two parts: the TSM server (often referred to as a TSCF or Tunneled Services Control Function) the TSM clientThe TSM server resides and runs on the OCSBC and the TSM client runs within applicationsthat reside on workstations, laptops, tablets, mobile devices and even network elements.1-1
Chapter 1TSM TunnelTo deploy TSM-enabled clients such as softphones, SIP-enabled applications or contact centeragent applications, customers and 3rd party ISVs will need to incorporate the open source TSMsoftware libraries into their applications which will establish tunnels to the TSM server.TSM TunnelThe following diagram briefly explains the various IP addresses utilized during the TSMsession. TSCF External IP—This IP address is visible to any endpoint on the Internet and is used toinitiate the TSM session between the TC and the TSCF. This may be configured undersecurity, and then tscf, and then tscf-interface. See the TSCF chapter in the ACLIConfiguration Guide to configure the TSCF function on the server. TC Source IP—This IP address corresponds to the source address of the TC in itsrespective access network or it could be the IP of the Proxy behind which it is located. Internal Tunnel IP—This IP address will be assigned to the TC (once TLS authentication issuccessful) from a configured pool of IP addresses on the TSCF. It will be used to facilitatecommunication with the core (P-CSCF). The address pool can be configured undersecurity, and then tscf, and then tscf-address-pool. TC Application IP—This is the IP address associated with the respective application (SIP /RTP / other) at the TC. This is the same as the Internal Tunnel IP.1-2
Chapter 1SDK Host Operating System RelationshipSDK Host Operating System RelationshipThe following illustrations depict the relationship between the SDK and the host operatingsystem:Figure 1-2SDK/Host OS Relationship (Simplified View)Provided FunctionalityOperating Systems SupportThis SDK release supports the following operating systems: Linux flavors (using GCC version 4.4.7 or 4.8.5) Android 9 Pie (64-bit) iOS 12Platform SupportThis SDK supports any platform running S-CZ8.3.0.1-3
Chapter 1Provided FunctionalityProxy SupportThis SDK release supports the following proxy authentication types: Basic Digest NTLMv2 SPNEGOIf proxy authentication is enabled, the SDK will try to use SPNEGO authentication. If that fails,the SDK tries to use NTLMv2.Additional FeaturesThis SDK release also supports: On-the-fly integration of downloaded OpenSSL with TSCF libraries. Server Assigned Configuration mode Security Traversing Gateway (STG) Payload multiplexing within a tunnel Each SDK instance can support: –Up to 3 concurrent voice calls–Up to 10 MSRP chat sessions–1 MSRP file transfer sessionTunnel Transport–TCP–UDP–TLS–DTLSIP version–IPv4–IPv6Note:When used in Decoupled Mode, the TSCF also supports mixing IPv4 and IPv6.For example, you can use an IPv6 external address outside the tunnel and an IPv4address inside the tunnel, or vice versa.1-4
2Compile the TSM Library and DocumentationRead the documentation that corresponds to your application's target operating system.Operating SystemDescriptionLocationThis file provides information sdk/lib/on how to compile the TSMREADME.androidSDK for Android.This file provides information sdk/lib/README.ioson how to compile the TSMSDK for iOS.This file provides information sdk/lib/READMEon how to compile the TSMSDK for Linux.WARNING:The OpenSSL library must be downloaded before proceeding with development.SDK DirectoriesSDK directories are shown below. Note that not all listed directories may be present (orsupported) in the current release.2-1
Chapter 2Download and Compile OpenSSLPathDescriptionappsSDK based applicationsapps/tsc sipReference demonstration/development guide app (tsc sip client.c)docsSDK Documentationdocs/htmlAuthoritative API HTML-based documentation. Access via “./html/index.html” after running make doxygen .extlibExternal, optional librarieslibSDK Library source – to be linked with the target applicationlib/android-ndkAndroid Specific library instructions and precompiled libslib/CSMTunneling Client State Machinelib/EIPEmbedded TCP/UDP/IP Stacklib/includeSDK API definitionslib/OSAAOperating System Application Adaptation APIslib/TAPITunnel Data and Control APIslib/TPLTunnel Control and Data Message Parsing LibrariestoolsDevelopment Toolstools/wiresharkTSCF protocol dissectorDownload and Compile OpenSSLThe default version of OpenSSL has been removed. Developers should download the desiredversion of OpenSSL and modify the build script to allow on-the-fly integration with the SDK.1.Download the version of OpenSSL you want to integrate into the SDK.The customer is responsible for selecting a secure version of OpenSSL from https://www.openssl.org/. Oracle can confirm OpenSSL version 1.1.1a works with the SDK.2.In the build script for your target operating system, set the VERSION variable to the versionnumber of OpenSSL.The build scripts are located in the sdk/extlib directory and the VERSION variable isfound at the top of the script.VERSION "1.1.1a"3.Run the build script for your target operating system.For example:./build androidlib.shAndroid DevelopmentUse the following method when developing for Android.Install Android Build Environment Pre-RequisitesBefore setting up the Android build environment, extract the SDK tar file and install thefollowing pre-requisites.1.Extract the TSM SDK 2.0 tar file.2-2
Chapter 2Android Developmenttar xvf nnTSC200.tar.gz2.Install the latest version of the Java Development Kit.3.Download and extract the latest Android Studio with the Android SDK.a.Navigate to Download the package for your operating system.c.Extract the downloaded package.tar xvf oad and extract the latest Android NDK.a.Navigate to load the package for your operating system.c.Extract the downloaded package.unzip android-ndk-r20-linux-x86 64.zip5.Download the desired version of OpenSSL into the sdk/extlib directory.TSM SDK 2.0 supports the 64-bit OpenSSL version 1.1.1a.cd sdk/extlib/curl -O .1.1a.tar.gzBuild the TSC SDK Libraries for Android1.In the sdk/extlib directory, update the android env.sh script based on the setup, andsource it to set the environment. Then run the build androidlib.sh script with theOpenSSL version as a parameter.source android env.sh./build androidlib.sh 1.1.1a2.Run an NDK build in the sdk/lib/android-ndk directory.a.Set the NDK PROJECT PATH variable to the sdk/lib/android-ndk directoryand navigate to that directory.cd .export NDK PROJECT PATH " PWD/lib/android-ndk"cd NDK PROJECT PATHb.Run the NDK build.ndk-build APP ABI arm64-v8a APP PLATFORM android-28 cleanndk-build APP ABI arm64-v8a APP PLATFORM android-28 build3.Run an NDK build in the sdk/apps/tsc sip/tsc sip client/ directory.a.Now set the NDK PROJECT PATH variable to the sdk/apps/tsc sip/tsc sip client/ directory and navigate to that directory.cd ./.export NDK PROJECT PATH " PWD/apps/tsc sip/tsc sip client"cd NDK PROJECT PATHb.Run the NDK build again.2-3
Chapter 2Android DevelopmentNote:Do not include build at the end of the second command.ndk-build APP ABI arm64-v8a APP PLATFORM android-28 cleanndk-build APP ABI arm64-v8a APP PLATFORM android-28Create the Android Application with Android StudioAfter following the steps in the sdk/lib/README.android file, follow these steps tocomplete the set up of the Android build environment.1.2.Start Android Studio and open the SDK Manager.a.Click File, then Settings.b.Expand Appearance & Behavior, then expand System Settings.c.Click Android SDK.From the SDK Manager, select Android 9.0 (Pie).If you plan to develop for more than one Android release, select that release as well.Figure 2-13.SDK ManagerConfirm the locations and versions of the Android SDK and Gradle.2-4
Chapter 2Android DevelopmentFigure 2-24.Android SDK and GradleCreate an Android project Tscsipclient using the Java files available in the sdk/apps/tsc sip/tsc sip client/android apk build/src/main/java.2-5
Chapter 2Android DevelopmentFigure 2-35.Add the JNI file sdk/apps/tsc sip/tsc sip client/jni/tsc sip client jni.c.Figure 2-46.Android ProjectJNI FileVerify your build.gradle file looks similar to the following:apply plugin: 'com.android.application'android {compileSdkVersion 28defaultConfig {applicationId "com.tsm.tscsipclient"minSdkVersion 26targetSdkVersion 28versionCode 1versionName "1.0"testInstrumentationRunner2-6
Chapter 2Android itRunner"}7.Update the location of the tsc sip client folder and set the ANDROID NDK variable topoint to sdk/apps/tsc sip/tsc sip client/jni/Android.mkFigure 2-5build.gradleexport ANDROID NDK sdk/apps/tsc sip/tsc sip client/jni/Android.mk8.Copy the following libraries into the jniLibs folder. libcryptotsc.so libssltsc.so libtsc.so libtscclient.socp sdk/apps/tsc sip/tsc sip client/libs/arm64-v8a/*.so android-ndk-r20/sources/third party/vulkan/src/build-android/jniLibs9.Build the SDK and then copy the generated APK file to an Android 9.x phone.NOT SUPPORTED:The Android phone should be set to 'Developer Mode' with 'USB debug mode'enabled.Note:View the Logcat in Android Studio to see process information from the connecteddevice.2-7
Chapter 2iOS DevelopmentiOS DevelopmentUse the following method when developing for iOS.Set up iOS Environment1.On your Mac machine, install XCode IDE and the iOS SDK for 12.x.Note:An Apple ID is required to develop iOS applications.2.Extract the nnTSC200m1.tar.gz file.3.Download OpenSSL 1.1.1a and place it in the extlib folder.Build TSC SDK Libraries for iOS1.Execute the sdk/exlib/build ioslib.sh script to compile the OpenSSL libraries.2.Execute the sdk/lib/build ioslib.sh script to compile the TSC SDK library.3.Verify libtsc.a compiled for the arm64 architecture.xcrun --sdk iphoneos lipo -info libtsc.a4.Open the project sdk/apps/tsc sip/tsc sip client/ios xcode app/tsc sip client.xcodeproj in XCode IDE.5.Click Target, and then General to provide credentials for certificate signing.Figure 2-66.General TabClick General, and then Development Info to set the build devices.2-8
Chapter 2iOS DevelopmentFigure 2-7Build Devices7.Copy the libssl.1.1.dylib , libcrypto.1.1.dylib and libtsc.a libraries, which are compiled inearlier steps, to the Libraries subfolder under the ios sdk app directory or the projectdirectory.8.Click Build Settings, and then All:a.Verify t
for OTT VoIP applications and reduces the dependency on SIP/TLS and SRTP by encrypting access-side VoIP within standardized VPN tunnels. As calls or sessions traverse a TSM tunnel, . SDK for iOS. sdk/lib/README.ios This file provides information
