Skip to content

Installation and Build Instructions

Jump to bottom
p1-martin edited this page Sep 24, 2018 · 17 revisions

SigFW

Pre-requisities

JDK

The latest code in master branch is using JDK 10

The SigFW v1.1-beta, SigFW v1.0-beta releases are using JDK 1.7

Dependancies

The latest code in master branch contains two maven projects.

The SigFW_interface project need to be built before SigFW project.

Installing pre-requirements

For Ubuntu and for SigFW master branch:

# Install Oracle JDK 10
sudo add-apt-repository ppa:linuxuprising/java
sudo apt-get install oracle-java10-installer
sudo apt install oracle-java10-set-default

# Download netbeans 
# from http://bits.netbeans.org/download/trunk/nightly/latest/
bash ./netbeans-trunk-nightly-201804200002-javase-linux.sh

# Install maven and jSS7, jDiameter pre-requirements
https://github.com/RestComm/jss7/wiki/Build-jSS7-from-Source

# Install lib sctp
sudo apt-get install libsctp-dev lksctp-tools

SS7FW

Build SS7FW

cd ./SigFW/sigfw/sigfw.sigfw/
mvn clean install -Dmaven.test.skip=true

Generate Jetty keystore

The ss7fw_keystore file is required in SigFW/sigfw/sigfw.sigfw directory (where is located pom.xml). The keystore can be generated according to following instructions https://www.eclipse.org/jetty/documentation/9.4.x/configuring-ssl.html.

Change the keystore password in setKeyStorePassword and setKeyManagerPassword in SS7Firewall.java.

Run SS7FW

To run SS7FW on the localhost all the following components need to be started SS7LiveClient/SS7Client -> SS7FW -> SS7Server

mvn exec:java -Dexec.mainClass="ss7fw.SS7Firewall"
mvn exec:java -Dexec.mainClass="ss7fw.SS7ClientLiveInput"
mvn exec:java -Dexec.mainClass="ss7fw.SS7Server"

To test the encryption/signatures on the localhost the following setup is recommended SS7LiveClient/SS7Client -> SS7FW#1 -> SS7FW#2 -> SS7Server

mvn exec:java -Dexec.mainClass="ss7fw.SS7FirewallFirstInstance"
mvn exec:java -Dexec.mainClass="ss7fw.SS7FirewallSecondInstance"
mvn exec:java -Dexec.mainClass="ss7fw.SS7ClientLiveInput"
mvn exec:java -Dexec.mainClass="ss7fw.SS7Server"

Check logs

tail -f ./SigFW/sigfw/sigfw.sigfw/ss7fw.log

Replay pcap

cd ./SigFW/sigfw/sigfw.sigfw/input
mkfifo pipe

tshark -r sigtran.pcap -T ek -x -j " " -l > sigtran.json

cat sigtran.json > pipe

Replay pcap in VM

sudo tcpreplay  --intf1=enp0s9 sigtran.pcap

Generate SigFW keys

Optionally modify EncryptionTest.java before

mvn exec:java -Dexec.mainClass="ss7fw.tests.EncryptionTest"

Copy paste Private Key and Public Key in Base64 encoding into sigfw.json

Edit config

Edit sigfw.json

Delete sigfw.last before starting SS7FW

SS7FW API

https://<host>:8443/ss7fw_api/1.0/get_status

DiameterFW

Located in diameterfw

Similar functionality and commands

Build DiameterFW

cd ./SigFW/sigfw/sigfw.sigfw/
mvn clean install -Dmaven.test.skip=true

Generate Jetty keystore

The diameterfw_keystore file is required in SigFW/sigfw/sigfw.sigfw directory (where is located pom.xml). The keystore can be generated according to following instructions https://www.eclipse.org/jetty/documentation/9.4.x/configuring-ssl.html.

Change the keystore password in setKeyStorePassword and setKeyManagerPassword in DiameterFirewall.java.

Run DiameterFW

To run DiameterFW on the localhost all the following components need to be started DiameterLiveClient/DiameterClient -> DiameterFW -> DiameterServer

mvn exec:java -Dexec.mainClass="diameterfw.DiameterFirewall"
mvn exec:java -Dexec.mainClass="diameterfw.DiameterClientLiveInput"
mvn exec:java -Dexec.mainClass="diameterfw.DiameterServer"

To test the encryption/signatures on the localhost the following setup is recommended DiameterLiveClient/DiameterClient -> DiameterFW#1 -> DiameterFW#2 -> DiameterServer

mvn exec:java -Dexec.mainClass="diameterfw.DiameterFirewalFirstInstance"
mvn exec:java -Dexec.mainClass="diameterfw.DiameterFirewalSecondInstance"
mvn exec:java -Dexec.mainClass="diameterfw.DiameterClientLiveInput"
mvn exec:java -Dexec.mainClass="diameterfw.DiameterServer"

Check logs

tail -f ./SigFW/sigfw/sigfw.sigfw/diameterfw.log

Replay pcap

cd ./SigFW/sigfw/sigfw.sigfw/input
mkfifo pipe

tshark -r diameter.pcap -T ek -x -j " " -l > diameter.json

cat diameter.json > pipe

Replay pcap in VM

sudo tcpreplay  --intf1=enp0s9 diameter.pcap

Generate DiameterFW keys

Optionally modify EncryptionTest.java before

mvn exec:java -Dexec.mainClass="diameterfw.tests.EncryptionTest"

Copy paste Private Key and Public Key in Base64 encoding into sigfw.json

Edit config

Edit sigfw.json

Delete sigfw.last before starting DiameterFW

DiameterFW API

https://<host>:8443/diameterfw_api/1.0/get_status

TCP instead of SCTP in the Diameter Firewall

The Diameter firewall by default uses SCTP. The TCP can be enabled by passing "tcp" argument to the DiameterFirewall program or by changing directly the code in the DiameterFirewall.java by setting ipChannelType = IpChannelType.TCP;.

For Client and Server implementation comment out the following SCTP extensions in the client-jdiameter-config.xml and server-jdiameter-config.xml files located in ./src/main/resources and re-build the project:

  • <!-- <Connection value="org.jdiameter.client.impl.transport.sctp.SCTPClientConnection" /> -->
  • <!-- <NetworkGuard value="org.jdiameter.server.impl.io.sctp.NetworkGuard" /> -->

Clone this wiki locally