-
Notifications
You must be signed in to change notification settings - Fork 58
Installation and Build Instructions
The latest code in master branch is using JDK 11
- The SigFW v1.3-beta, SigFW releases is using JDK 11
- The SigFW v1.2-beta, SigFW releases is using JDK 10
- The SigFW v1.1-beta, SigFW v1.0-beta releases are using JDK 1.7
For Ubuntu 18.04 LTS and for SigFW master branch:
# Install maven
sudo apt-get install maven
# Manually download the JDK11 from Oracle web page
https://www.oracle.com/technetwork/java/javase/downloads/jdk11-downloads-5066655.html
# Install the JDK 11
sudo dpkg -i jdk-11.0.2_linux-x64_bin.deb
# Download and install netbeans
sudo snap install netbeans --classic
# Configure JDK path for netbeans desktop launcher
sudo vi /var/lib/snapd/desktop/applications/netbeans_netbeans.desktop
# add jdk home to the following line
Exec=env BAMF_DESKTOP_FILE_HINT=/var/lib/snapd/desktop/applications/netbeans_netbeans.desktop /snap/bin/netbeans --jdkhome /usr/lib/jvm/jdk-11.0.2/ -J-Xmx1G -J-Xms1G %F
# Alternatively run netbeans from CLI by using following command
netbeans --jdkhome /usr/lib/jvm/jdk-11.0.2/
# Install maven and jSS7, jDiameter pre-requirements (follow steps: 2, 3, 4, 5, 6)
https://github.com/RestComm/jss7/wiki/Build-jSS7-from-Source
# Install lib sctp
sudo apt-get install libsctp-dev lksctp-tools
The latest code in master branch contains two maven projects.
The SigFW_interface project need to be built before SigFW project:
cd ./SigFW/sigfw/sigfw_interface/
mvn clean install -Dmaven.test.skip=true
cd ./SigFW/sigfw/sigfw.sigfw/
mvn clean install -Dmaven.test.skip=true
The ss7fw_keystore file is required in SigFW/sigfw/sigfw.sigfw directory (where is located pom.xml). The keystore can be generated according to following instructions https://www.eclipse.org/jetty/documentation/9.4.x/configuring-ssl.html.
Change the keystore password in setKeyStorePassword and setKeyManagerPassword in SS7Firewall.java.
To run SS7FW on the localhost all the following components need to be started SS7LiveClient/SS7Client -> SS7FW -> SS7Server
mvn exec:java -Dexec.mainClass="ss7fw.SS7Firewall"
mvn exec:java -Dexec.mainClass="ss7fw.SS7ClientLiveInput"
mvn exec:java -Dexec.mainClass="ss7fw.SS7Server"
To test the encryption/signatures on the localhost the following setup is recommended SS7LiveClient/SS7Client -> SS7FW#1 -> SS7FW#2 -> SS7Server
mvn exec:java -Dexec.mainClass="ss7fw.SS7FirewallFirstInstance"
mvn exec:java -Dexec.mainClass="ss7fw.SS7FirewallSecondInstance"
mvn exec:java -Dexec.mainClass="ss7fw.SS7ClientLiveInput"
mvn exec:java -Dexec.mainClass="ss7fw.SS7Server"
tail -f ./SigFW/sigfw/sigfw.sigfw/ss7fw.log
cd ./SigFW/sigfw/sigfw.sigfw/input
mkfifo pipe
tshark -r sigtran.pcap -T ek -x -j " " -l > sigtran.json
cat sigtran.json > pipe
sudo tcpreplay --intf1=enp0s9 sigtran.pcap
Optionally modify EncryptionTest.java before
mvn exec:java -Dexec.mainClass="ss7fw.tests.EncryptionTest"
Copy paste Private Key and Public Key in Base64 encoding into ss7fw.json
Edit ss7fw.json
Delete ss7fw.last before starting SS7FW
https://<host>:8443/ss7fw_api/1.0/get_status
Located in diameterfw
Similar functionality and commands
cd ./SigFW/sigfw/sigfw.sigfw/
mvn clean install -Dmaven.test.skip=true
The diameterfw_keystore file is required in SigFW/sigfw/sigfw.sigfw directory (where is located pom.xml). The keystore can be generated according to following instructions https://www.eclipse.org/jetty/documentation/9.4.x/configuring-ssl.html.
Change the keystore password in setKeyStorePassword and setKeyManagerPassword in DiameterFirewall.java.
To run DiameterFW on the localhost all the following components need to be started DiameterLiveClient/DiameterClient -> DiameterFW -> DiameterServer
mvn exec:java -Dexec.mainClass="diameterfw.DiameterFirewall"
mvn exec:java -Dexec.mainClass="diameterfw.DiameterClientLiveInput"
mvn exec:java -Dexec.mainClass="diameterfw.DiameterServer"
To test the encryption/signatures on the localhost the following setup is recommended DiameterLiveClient/DiameterClient -> DiameterFW#1 -> DiameterFW#2 -> DiameterServer
mvn exec:java -Dexec.mainClass="diameterfw.DiameterFirewalFirstInstance"
mvn exec:java -Dexec.mainClass="diameterfw.DiameterFirewalSecondInstance"
mvn exec:java -Dexec.mainClass="diameterfw.DiameterClientLiveInput"
mvn exec:java -Dexec.mainClass="diameterfw.DiameterServer"
tail -f ./SigFW/sigfw/sigfw.sigfw/diameterfw.log
cd ./SigFW/sigfw/sigfw.sigfw/input
mkfifo pipe
tshark -r diameter.pcap -T ek -x -j " " -l > diameter.json
cat diameter.json > pipe
sudo tcpreplay --intf1=enp0s9 diameter.pcap
Optionally modify EncryptionTest.java before
mvn exec:java -Dexec.mainClass="diameterfw.tests.EncryptionTest"
Copy paste Private Key and Public Key in Base64 encoding into diameterfw.json
Edit diameterfw.json
Delete diameterfw.last before starting DiameterFW
https://<host>:8443/diameterfw_api/1.0/get_status
The Diameter firewall by default uses SCTP. The TCP can be enabled by passing "tcp" argument to the DiameterFirewall program or by changing directly the code in the DiameterFirewall.java
by setting ipChannelType = IpChannelType.TCP;
.
For Client and Server implementation comment out the following SCTP extensions in the client-jdiameter-config.xml
and server-jdiameter-config.xml
files located in ./src/main/resources
and re-build the project:
<!-- <Connection value="org.jdiameter.client.impl.transport.sctp.SCTPClientConnection" /> -->
<!-- <NetworkGuard value="org.jdiameter.server.impl.io.sctp.NetworkGuard" /> -->
The Diameter Client and servers are configured differently than SS7 client and server and this is not done from the source code. For the configuration files client-jdiameter-config.xml
and server-jdiameter-config.xml
are located in ./src/main/resources
. After the files modification re-build the project.
The files contain configuration of IP addresses, ports, Diameter links and Diameter realms. This is important to maintain proper configuration that the Client and Server is correctly sending the diameter CER/CEA messages.
Please note that the DiameterFW is transparent towards the CER/CEA messages and does not itself initiate or answer them. So the client and server should properly handle them.