Skip to content

Installation and Build Instructions

p1-martin edited this page Apr 1, 2019 · 17 revisions

SigFW

Pre-requisities

JDK

The latest code in master branch is using JDK 11

  • The SigFW v1.3-beta, SigFW releases is using JDK 11
  • The SigFW v1.2-beta, SigFW releases is using JDK 10
  • The SigFW v1.1-beta, SigFW v1.0-beta releases are using JDK 1.7

Installing pre-requirements

For Ubuntu 18.04 LTS and for SigFW master branch:

# Install maven
sudo apt-get install maven

# Manually download the JDK11 from Oracle web page
https://www.oracle.com/technetwork/java/javase/downloads/jdk11-downloads-5066655.html
# Install the JDK 11
sudo dpkg -i jdk-11.0.2_linux-x64_bin.deb

# Download and install netbeans 
sudo snap install netbeans --classic

# Configure JDK path for netbeans desktop launcher
sudo vi /var/lib/snapd/desktop/applications/netbeans_netbeans.desktop
# add jdk home to the following line
Exec=env BAMF_DESKTOP_FILE_HINT=/var/lib/snapd/desktop/applications/netbeans_netbeans.desktop /snap/bin/netbeans --jdkhome /usr/lib/jvm/jdk-11.0.2/ -J-Xmx1G -J-Xms1G %F

# Alternatively run netbeans from CLI by using following command
netbeans --jdkhome /usr/lib/jvm/jdk-11.0.2/


# Install maven and jSS7, jDiameter pre-requirements (follow steps: 2, 3, 4, 5, 6)
https://github.com/RestComm/jss7/wiki/Build-jSS7-from-Source

# Install lib sctp
sudo apt-get install libsctp-dev lksctp-tools

Dependancies

The latest code in master branch contains two maven projects.

The SigFW_interface project need to be built before SigFW project:

cd ./SigFW/sigfw/sigfw_interface/
mvn clean install -Dmaven.test.skip=true

SS7FW

Build SS7FW

cd ./SigFW/sigfw/sigfw.sigfw/
mvn clean install -Dmaven.test.skip=true

Generate Jetty keystore

The ss7fw_keystore file is required in SigFW/sigfw/sigfw.sigfw directory (where is located pom.xml). The keystore can be generated according to following instructions https://www.eclipse.org/jetty/documentation/9.4.x/configuring-ssl.html.

Change the keystore password in setKeyStorePassword and setKeyManagerPassword in SS7Firewall.java.

Run SS7FW

To run SS7FW on the localhost all the following components need to be started SS7LiveClient/SS7Client -> SS7FW -> SS7Server

mvn exec:java -Dexec.mainClass="ss7fw.SS7Firewall"
mvn exec:java -Dexec.mainClass="ss7fw.SS7ClientLiveInput"
mvn exec:java -Dexec.mainClass="ss7fw.SS7Server"

To test the encryption/signatures on the localhost the following setup is recommended SS7LiveClient/SS7Client -> SS7FW#1 -> SS7FW#2 -> SS7Server

mvn exec:java -Dexec.mainClass="ss7fw.SS7FirewallFirstInstance"
mvn exec:java -Dexec.mainClass="ss7fw.SS7FirewallSecondInstance"
mvn exec:java -Dexec.mainClass="ss7fw.SS7ClientLiveInput"
mvn exec:java -Dexec.mainClass="ss7fw.SS7Server"

Check logs

tail -f ./SigFW/sigfw/sigfw.sigfw/ss7fw.log

Replay pcap

cd ./SigFW/sigfw/sigfw.sigfw/input
mkfifo pipe

tshark -r sigtran.pcap -T ek -x -j " " -l > sigtran.json

cat sigtran.json > pipe

Replay pcap in VM

sudo tcpreplay  --intf1=enp0s9 sigtran.pcap

Generate SigFW keys

Optionally modify EncryptionTest.java before

mvn exec:java -Dexec.mainClass="ss7fw.tests.EncryptionTest"

Copy paste Private Key and Public Key in Base64 encoding into ss7fw.json

Edit config

Edit ss7fw.json

Delete ss7fw.last before starting SS7FW

SS7FW API

https://<host>:8443/ss7fw_api/1.0/get_status

DiameterFW

Located in diameterfw

Similar functionality and commands

Build DiameterFW

cd ./SigFW/sigfw/sigfw.sigfw/
mvn clean install -Dmaven.test.skip=true

Generate Jetty keystore

The diameterfw_keystore file is required in SigFW/sigfw/sigfw.sigfw directory (where is located pom.xml). The keystore can be generated according to following instructions https://www.eclipse.org/jetty/documentation/9.4.x/configuring-ssl.html.

Change the keystore password in setKeyStorePassword and setKeyManagerPassword in DiameterFirewall.java.

Run DiameterFW

To run DiameterFW on the localhost all the following components need to be started DiameterLiveClient/DiameterClient -> DiameterFW -> DiameterServer

mvn exec:java -Dexec.mainClass="diameterfw.DiameterFirewall"
mvn exec:java -Dexec.mainClass="diameterfw.DiameterClientLiveInput"
mvn exec:java -Dexec.mainClass="diameterfw.DiameterServer"

To test the encryption/signatures on the localhost the following setup is recommended DiameterLiveClient/DiameterClient -> DiameterFW#1 -> DiameterFW#2 -> DiameterServer

mvn exec:java -Dexec.mainClass="diameterfw.DiameterFirewalFirstInstance"
mvn exec:java -Dexec.mainClass="diameterfw.DiameterFirewalSecondInstance"
mvn exec:java -Dexec.mainClass="diameterfw.DiameterClientLiveInput"
mvn exec:java -Dexec.mainClass="diameterfw.DiameterServer"

Check logs

tail -f ./SigFW/sigfw/sigfw.sigfw/diameterfw.log

Replay pcap

cd ./SigFW/sigfw/sigfw.sigfw/input
mkfifo pipe

tshark -r diameter.pcap -T ek -x -j " " -l > diameter.json

cat diameter.json > pipe

Replay pcap in VM

sudo tcpreplay  --intf1=enp0s9 diameter.pcap

Generate DiameterFW keys

Optionally modify EncryptionTest.java before

mvn exec:java -Dexec.mainClass="diameterfw.tests.EncryptionTest"

Copy paste Private Key and Public Key in Base64 encoding into diameterfw.json

Edit config

Edit diameterfw.json

Delete diameterfw.last before starting DiameterFW

DiameterFW API

https://<host>:8443/diameterfw_api/1.0/get_status

TCP instead of SCTP in the Diameter Firewall

The Diameter firewall by default uses SCTP. The TCP can be enabled by passing "tcp" argument to the DiameterFirewall program or by changing directly the code in the DiameterFirewall.java by setting ipChannelType = IpChannelType.TCP;.

For Client and Server implementation comment out the following SCTP extensions in the client-jdiameter-config.xml and server-jdiameter-config.xml files located in ./src/main/resources and re-build the project:

  • <!-- <Connection value="org.jdiameter.client.impl.transport.sctp.SCTPClientConnection" /> -->
  • <!-- <NetworkGuard value="org.jdiameter.server.impl.io.sctp.NetworkGuard" /> -->

Configuring Diameter Client Server

The Diameter Client and servers are configured differently than SS7 client and server and this is not done from the source code. For the configuration files client-jdiameter-config.xml and server-jdiameter-config.xml are located in ./src/main/resources. After the files modification re-build the project.

The files contain configuration of IP addresses, ports, Diameter links and Diameter realms. This is important to maintain proper configuration that the Client and Server is correctly sending the diameter CER/CEA messages.

Diameter Links consideration

Please note that the DiameterFW is transparent towards the CER/CEA messages and does not itself initiate or answer them. So the client and server should properly handle them.