In this video I’ll be covering the circa 1985 MIT PC/IP stack running on 86box trying to connect to a user mode network library, SLiRP. After that fails I’ll show how to break the stack apart so we can use WireShark to inspect the traffic, then how to replace the direct connection to SLiRP by using Dynamips to emulate a cisco 7200 router.
Caution it’s all command line!
I’ll cover adding a loop back adapter, installing WireShark, how to find the GUID’s of the interfaces, how to configure a HecNET bridge, and set it up to relay to a stand-alone version of SLiRP, then how to setup a virtual cisco router to do NAT, and also forward to SLiRP, along with taking network captures to show what is really going on!
In 86box, you have the ability to use the SLiRP library directly from the emulator. Which is all find and good, but sadly it gives you no visibility when things go wrong. And with MIT PC/IP things go wrong. Looking at the data through Wireshark sure would be nice, but how to we get it into there?
Well the simplest way is to just break it apart.
Adding in a KM TEST loopback adapter to Windows now gives us a private network we can now attach programs to via the pcap API. Hecnet is a l2 bridge that can inspect and look for l3 traffic and then forward it via udp to another program. In this case I had made a version of SLiRP that will communicate via UDP, perfect for stuff like this!
One thing to keep in mind is that the ‘GUIDS’ of the network interfaces are unique to each system, the ethlist program will show you which is which. It’s also why renaming interfaces only helps you when dealing with old libpcap stuff!
Becomes:
C:\hecnet>ethlist.exe
Network devices:
Number NAME (Description)
0 \Device\NPF_{E7EB72FA-7850-4864-B721-2A3B38737214} (KM-TEST)
1 \Device\NPF_{649448CA-969D-486E-AAC8-99F1993C701A} (Ethernet0)
Press Enter to continue...
C:\hecnet>
With this information in hand, creating the bridge configuration is quite simple:
The bridge is for an uncompressed normal bridge connection between the KM TEST loopback interface and a UDP connection listening on port 5001 on localhost. Of note it’ll be forwarding TCP/IP related packets. Since we want the bridge to listen on UDP port 5000 we simply run it like this:
hecnet.exe 5000
Running the SLiRP redirector is just a simple matter of telling it which port to listen on, and where to forward traffic. In this case we’ll listen on port 5001 and forward traffic to 5000 on the localhost
slirp_rdr.exe 5001 127.0.0.1 5000
Thankfully, it’s that simple!
Running a ping fails (yet again) but this time we can see that they are doing ARP but for some reason PC/IP does not acknowledge the SLiRP library.
Just to verify, the HecnetNT bridge does see the source and destination address, and the SLiRP does indicate traffic in and out as expected.
Clearly the fault is on the PC/IP side, and most likely because it’s so old.
I then decided to build another network, this time using Dynamips to add in a virtual router.
This complicates things as I’m not sure how to control the internal routing of the SLiRP library so the router has to NAT the PC/IP traffic to SLiRP, which in turn ‘NATs’ it to the internet. But rest assured double NAT (or even more) is quite common these days.
Configuring the router is somewhat straight forward, we are going to use pcap to listen on the KM TEST loopack, replacing the HecnetNT bridge. But it’s going to talk to the SLiRP redirector in the same manner:
set loopback=\Device\NPF_{E7EB72FA-7850-4864-B721-2A3B38737214}
set IOS=..\c7200-is-mz.19991126.bin
set NPE=npe-100
set RAM=64 -X
@attrib *.* -r
..\dynamips.exe -P 7200 %IOS% ^
-m %RAM% ^
-t %NPE% ^
-p 0:C7200-IO-FE ^
-p 1:PA-4E ^
-s1:0:gen_eth:%loopback% ^
-s1:1:udp:5000:127.0.0.1:5001
This creates a basic 7200 router with a 4 port ethernet card, with one port connected to the KM TEST loopback, and the other connected to the SLiRP library.
Configuration of the router is not very complicated either:
!
no ip domain-lookup
!
interface Ethernet1/0
ip address 192.168.1.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Ethernet1/1
ip address 10.0.2.15 255.255.255.0
no ip directed-broadcast
ip nat outside
!
ip default-gateway 10.0.2.2
ip nat inside source list 1 interface Ethernet1/1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.2.2
no ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
This defines our default route for both the routing table, and the management engine to the SLiRP library, defines the NAT inside/outside interfaces along with specifying the ‘overload’ address will be the 10.0.2.15 NAT’ing the PC/IP traffic behind the usual SLiRP user address.
This allows us to ping SLiRP, and get the expected response.
Checking the capture, we can see that yes ARP is working as expected, and the ping works without any issues.
On the router we can see the NAT translation.
Router#show ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 10.0.2.15:4376 192.168.1.5:4376 71.95.196.34:23 71.95.196.34:23
Router#
And we can also check the SLiRP redirector for information on the current session.
SLiRP redirector started!
Press 's' for SLiRP stats
Press 'e' to exit.
Sent: Recv:
stats! 4859
Proto[state] Sock Local Address, Port Remote Address, Port RecvQ SendQ
tcp[ESTABLISHED] 632 10.0.2.15 4376 71.95.196.34 23 0 600
tcp[REDIRECT] 616 10.0.2.15 23 10.0.2.2 42323 0 0
Plus, we also have the Wireshark capture going showing the start of the TCP conversation
So now we’ve connected to the internet and by breaking the process appart we can now inspect what is going on, and made modifications like adding a cisco router.
I figured that this may be something that other people may be interested in, as you can build far more complex virtual networks this way!
First thing to take care of, is if you have the old pcap on Windows running around. If you have it, you’ll know as you’ll get spammed with “FATAL Bad Memory Block.”, although things will continue to operate just fine.
C:\dynamips\netware\qemu-0.90-pcap-client>qemu -m 16 -L pc-bios -M isapc -hda client.disk -soundhw sb16,adlib -net nic,macaddr=52:24:00:22:00:01 -net pcap,devicename={BFA868ED-E508-4436-B085-EC815C4C544C}
Eth: opened {BFA868ED-E508-4436-B085-EC815C4C544C}
Could not open '\\.\kqemu' - QEMU acceleration layer not activated
FATAL Bad Memory Block.
FATAL Bad Memory Block.
FATAL Bad Memory Block.
FATAL Bad Memory Block.
So be sure to dump that for the one over on npcap!
There was a time when Windows NT didn’t dominate the 1990’s data centre. Instead as a carryover from the 1980’s the majority of corporate LANS were instead based on Netware. And the only way Windows NT was going to make space in this environment was to dress up in sheep’s clothes and mingle among them unnoticed. That brings us to this GEM:
This fun CD will let our NT 4.0 server emulate a NetWare server! The first thing in one of these stealth migrations was to just join the existing network.
In order to do this, the two bits of information we need is the frame type, since NetWare supports so many, and the network address. In this case its 0C0FFCAB.
By default the NT server will just listen to the network, and participate on what it sees. This is fine if you are just playing along as a dynamic node, but being a NetWare node requires you to step it up, and have these values set, as it is very possible that you could be the first one (or only one) live on the network, and you don’t want clients trying to think on their own.
I also gave mine an internal network number of 1381, because you know, it’s NT 4.0.
To add the FPNW, you need to add it as a new service. Just tell it you have a disk
You’ll then have to point it to the path of the install. This is honestly the hardest part.
Selecting the first option will install the NetWare Server emulation on the NT server.
I went ahead and named my NetWare emulation as SHEEP, as I NT to blend into the existing NetWare network, with nobody being the wiser.
indeed, on our client that was already connected to the Qemu server before I built WOLF, I ran an slist command to show all the servers on the network, and there is my Wolf in Sheep’s clothes.
Creating NetWare compatible volumes is done in the Server Manager, under the FPNW option. It’s pretty self explanatory, nothing too exciting there.
The truth is during the period where this was important the NT 3.51-40 timeframe, NetWare was still a dominant force. But once Windows 95 had launched, and the explosion of people wanting MORE, the natural interest of people going to NT was just amazing to see in corporate space. While there was an early beta of the newshell for NT 3.51, when NT 4.0 shipped it was just amazing as all the reservations for running NT had just evaporated. We’d gone from hiding among the sheep to full on eating them all. It was staggering how fast we were backing up NetWare volumes to only re-format the servers to NT, and get people converted to using them. Before NT 4, the consensus was that rolling out the client config was going to be a nightmare, and that being able to emulate NetWare was the way to go, as it would just work (see the MS-DOS VM talking to NT with an unmodified NetWare client). Instead we saw a massive drive to Windows 95, which ended up changing the client landscape and upending NetWare completly.
About the most difficult thing was user mappings, there was tools to do this kind of thing, and I believe we had something to even proxy passwords, but it was easier to make people just login to the NT side.
Of course this is ONE of the emulators, you might be asking, okay, what is the other?
Why, it’s WINDOWS 95.
YES.
I’m joining the NT domain for the full experence, but the NetWare emulation relies on NetWare servers for authentication. You could use an actual NetWare server, or of course a FPNW server.
Adding file and printer sharing for NetWare workgroups under Windows 95 is done by adding a Service to the network stack. It’s even on the floppy version.
To maximize the functionality and the pain, be sure to turn on SAP Advertising. This way it’ll appear in server lists.
So with all of this in place, yes you can map drives from the MS-DOS client to the Windows 95 workstation acting as a server.
And there we go, I can now see the Windows 95 workstation on the SLIST, and connect and map drives. My user account of course exists on the NT side.
While professionally I didn’t rely too much on this feature, but it was nice in that era where you still had MS-DOS/MacOS/OS2 desktops with NetWare clients to quickly share stuff. But in a large organisation this would lead to major issues.
The fundamental flaw in NetWare is that there is no directory service. Instead, all the servers have to broadcast that they exist, along with what services they provide.
On my tiny demo network this isn’t that much traffic. But on a larger network that spans continents this becomes a problem. With thousands of servers there can be an incredible amount of this SAP announcement traffic. Since there is no directory service, the other problem is that when a new client is booted up, it’ll do what is known as a GNS or Get Nearest Server request in order to find the closest server to attach to, in order to facilitate a login. And EVERY server will reply.
And as you can see some servers even will reply more than once. And this can have other effects where people reboot servers during the day, something that is very natural for a Windows 95 user, which could create issues for other users, even forcing them to reboot! And yes, anecdotally I ran into this so many times where people with laptops with this feature turned on, and they would screw up the local office building (impacting hundreds of people). Even when they weren’t winning the GNS elections.they are still generating extra traffic, and occasionally they will win. This was another problem we had with all these wolves hiding in sheep’s clothing.
In the end, NetWare was utterly removed from the data center’s by the end of 1997. Windows NT just scaled too well for SMP and large disks (I had one server with 1TB! It was using 4GB disks it was massive!), along with being able to easily install stuff like SQL Server & SNA Server, unlike NetWare where any NLM conflict will bring the entire thing down. Not having a name lookup server was a giant pain, but the final nail was also in 1997 with the rise of the internet, and normal people now getting involved the entire LAN/WAN was going TCP/IP, where it had only been a fringe protocol used for managing cisco routers, and tftp/ftp some files around, Windows NT’s ability to encapsulate named pipes, and NETBIOS over TCP/IP let them embrace this new world where the TCP/IP stack on NetWare 3.12/4.11 was only good for sending SNMP alerts.
But don’t cry for NetWare, they made so much money they were able to coast for decades before being bought out in 2010 by a Mainframe Terminal Emulation company of all things, The Attachmate Group, who was later in turn bought out by Micro Focus, a COBOL language company. I guess in the end, the Mainframes won?
There is a LOT going on in this image, and I’ll try to explain it, but yeah “it’s complicated”.
SNA networking & Hercules has always been a goal for a lot of people, including me as we always wanted to setup some SNA server of some kind. Especially on RISC platforms, as there is only so much fun on SQL server.
Okay I know the practical among you will say, doesn’t it support telnet 3270? Isn’t that good enough? Yes for day to day mundane stuff, absolutely. But I’m not all that interested in that, I wan’t to have the whole ancient network, and I wan’t it self contained and on my desk! Or on a laptop, as I see fit.
What started this whole adventure was a simple image from 9track.net, showing that being able to connect physical devices to Hercules was indeed possible!
This is a physical IBM 3178 & 3179 terminals talking to TK4- , a MVS3.8j pre-configured system!
The magic that makes this all possible, is a cisco router, running enterprise IOS, with dlsw support.
My setup is going to be inspired by this setup, but not exactly 100% But this is what I’m going to use on Windows 10
Dynamips for the cisco router, running JS-M 12.2(25)S8
Qemu 0.90 with PCAP running Windows NT 3.51 Server along with SNA Server 2.1
I had originally wanted to run the NT server on VMware but for some reason it just hangs trying to initialise the NT kernel. I didn’t bother trying to troubleshoot it, I just jumped to Qemu. Even service pack 5 didn’t help. VMware left me with the virtual network that will NAT if needed, and of course let me telnet to the Dynamips program. The SNA traffic is isolated to the MS Loopback adapter, which will let pcap programs talk to each other.
The first thing I did was run ‘hdwwiz’ on Windows 10, and added in the KM-TEST loopback adapter
We know what we want, so go to the manuall selection
Network adapters
And select the KM-TEST Loopback Adapter
Next I changed the protocols available on the loopback, as I don’t want my Windows 10 host interfering with the SNA network at all.
So the next thing to do is to get your network GUID’s. ethlist.exe from the Dynamips download will get you that:
C:\dynamips>ethlist.exe
Network devices:
Number NAME (Description)
0 \Device\NPF_{3DF0EC5D-7FBE-46DF-ACF8-EF5D8679A473} (loopback)
1 \Device\NPF_{D9FBD118-B9DF-4C3C-BD9E-07A0E34D8F75} (Local Area Connection* 8)
2 \Device\NPF_{F5057901-6A30-413A-80E4-4765DA794B7C} (Local Area Connection* 7)
3 \Device\NPF_{E3D3EC8D-29C3-4B70-B01C-600D3F9ED1D6} (Local Area Connection* 6)
4 \Device\NPF_{82EEDBC1-899D-416F-BD51-3DBE2287257F} (VMware Network Adapter VMnet8)
5 \Device\NPF_{3BC364F4-5A15-405D-926C-C594383F0323} (VMware Network Adapter VMnet1)
6 \Device\NPF_{DDF1FA94-7488-414F-A41A-EC88C1FB0DE4} (Ethernet)
7 \Device\NPF_{E7CA8F40-4639-410D-B5CA-F402FE69AF5D} (Ethernet 2)
I want the cisco router to have two interfaces, one with TCP/IP for me to be able to telnet into it (maybe other management as well?!) and the other one for the SNA traffic.
Setting up Dynamips
As mentioned above I’m going to use the VMnet1 for TCP/IP to the router, and the loopback adapter for SNA traffic. To try to make things a little easier to read I setup a small batch file that let’s me plug in variables to Dynamips:
set loopback=\Device\NPF_{3DF0EC5D-7FBE-46DF-ACF8-EF5D8679A473}
set vmnet1=\Device\NPF_{3BC364F4-5A15-405D-926C-C594383F0323}
set IOS=c7200-js-mz.122-25.S8.bin
set NPE=npe-200
..\dynamips.exe -P 7200 %IOS% ^
-t %NPE% ^
-p 0:C7200-IO-FE ^
-s0:0:gen_eth:%vmnet1% ^
-p 1:PA-4E ^
-s1:0:gen_eth:%loopback% ^
-p2:PA-4T+
The caret symbol will break up lines on NT, much like the ampersand will on Unix. And this let’s me use clear variables for the networks, IOS & NPE type so it’s nowhere near as complicated to edit.
This will create a cisco 7200 with an NPE-200, with the following cards:
So all my TCP/IP in this example will be using 192.168.199.0/24
As mentioned on the 9track page, all the magic happens on the cisco router. I’ve made a few changes as I may want to try the SDLC in the future to perhaps some other experiment if I can find an emulator that’ll drive it over serial, but for now let’s just get to the config:
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname dlsw
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
ip subnet-zero
!
!
no ip domain-lookup
!
ip cef
no mpls traffic-eng auto-bw timers frequency 0
call rsvp-sync
!
!
!
!
!
!
!
source-bridge ring-group 1
dlsw local-peer peer-id 192.168.199.10
dlsw remote-peer 0 tcp 192.168.199.1
dlsw mac-addr 4000.1020.0100 remote-peer ip-address 192.168.199.1
dlsw udp-disable
dlsw transparent switch-support
!
interface FastEthernet0/0
ip address 192.168.199.10 255.255.255.0
duplex half
no clns route-cache
!
interface Ethernet1/0
no ip address
duplex half
no clns route-cache
dlsw transparent redundancy-enable 5555.5555.5000
dlsw transparent map local-mac 4000.1020.0100 remote-mac 4000.0999.0100
!
interface Ethernet1/1
no ip address
shutdown
duplex half
no clns route-cache
!
interface Ethernet1/2
no ip address
shutdown
duplex half
no clns route-cache
!
interface Ethernet1/3
no ip address
shutdown
duplex half
no clns route-cache
!
interface Serial2/0
no ip address
encapsulation sdlc
no keepalive
serial restart-delay 0
clockrate 64000
no clns route-cache
sdlc role primary
sdlc vmac 4000.0999.0100
sdlc address C1
sdlc xid C1 01700019
sdlc partner 4000.1020.1000 C1
sdlc dlsw C1
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
no clns route-cache
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
no clns route-cache
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
no clns route-cache
!
ip classless
!
no ip http server
!
!
!
!
!
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
session-timeout 35791
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password cisco
login
!
!
end
This sets up the router so I can telnet to it from my desktop at 192.168.199.10, and allows it to talk to the base Windows machine on 192.168.199.1
All the magical MAC addresses come from 9track.net, as he wrote the dlsw hooks, so I just copied that. There is probably a great deal that could be cleaned up, but once I saw the two talking I kind of froze what I was doing.
With that much in place I then jumped to WSL,and built the emulator from github. I cloned it, and renamed that to herc-dlsw. At least for me this was pretty straightforward. The Hercules fork will build with Visual Studio as well, but I knew I was going to need some kind of tn3270 emulator, and I wanted to use x3270, and I had just recently bought this discounted copy of XVision, so of course I wanted to use that.
Despite this catastrophic defect that wasn’t disclosed in the auction.
I downloaded and extracted the TK4- latest distro on WSL. I just created a ‘herc’ directory in my home to house the tk4- release. The next thing to do is overlay your dlsw enabled exe’s and libraries.
cd ~/herc-dlsw/.libs
mkdir x
cp * x
cd x
rm *.o *.lai
cp *.so $HOME/herc/hercules/linux/64/lib/hercules
cp *.la $HOME/herc/hercules/linux/64/lib/hercules
rm *.so *.la
cp * $HOME/herc/hercules/linux/64
Now with the binaries in place, I do need to setup the Xvision VM so I can receive the X11. Of course there is so many other ways to do this, but this is mine:
The important thing is that tcp port 6000 is redirected inwards, and that I’m using the NE2000 card, which on my weird fork will print out the hardware config, so I know how to find the nic.
added SLIRP
adding a [GenuineIntelC♣] family 5 model 4 stepping 3 CPU
added 64 megabytes of RAM
trying to load video rom pc-bios/vgabios-cirrus.bin
added parallel port 0x378 7
added NE2000(isa) 0x320 10
pci_piix3_ide_init PIIX3 IDE
ide_init2 [0] s->cylinders 203 s->heads 16 s->sectors 63
ide_init2 [1] s->cylinders 0 s->heads 0 s->sectors 0
ide_init2 [0] s->cylinders 2 s->heads 16 s->sectors 63
ide_init2 [1] s->cylinders 0 s->heads 0 s->sectors 0
added PS/2 keyboard
ps2.c added PS/2 mouse handler
added Floppy Controller 0x3f0 irq 6 dma 2
installing PS/2 mouse in CMOS
Bus 0, device 0, function 0:
Host bridge: PCI device 8086:1237
Bus 0, device 1, function 0:
ISA bridge: PCI device 8086:7000
Bus 0, device 1, function 1:
IDE controller: PCI device 8086:7010
BAR4: I/O at 0xffffffff [0x000e].
Bus 0, device 1, function 3:
Class 0680: PCI device 8086:7113
IRQ 0.
Bus 0, device 2, function 0:
VGA controller: PCI device 1013:00b8
BAR0: 32 bit memory at 0xffffffff [0x01fffffe].
BAR1: 32 bit memory at 0xffffffff [0x00000ffe].
And in this case it’s 0x320 IRQ 10. XVision being it’s own level of disappointment, I’ll have to cover it further, and later but suffice to say it at least catches the x3270 so I can get onto the console.
Setting up Hercules
Editing conf/tk4-_default.cnf is pretty easy as it’s on Linux and you can use VI.
First get MVS up and running. You have to run the ‘console_mode’ script to see what is going on.
cd herc/unattended
./set_console_mode
cd ..
./mvs
It’s not all that difficult XVision is using SLiRP, so it’s listening on all my IP addresses so I just do a simple
export DISPLAY=192.168.1.72:0
nohup x3270 &
And the emulator will pop up in Qemu. Just connect to localhost:3270 and you’ll be greeted by the login pannel:
Credentials are HERC01 / CUL8TR
I would HIGHLY recommend following the tutorial to get used to submitting a simple COBOL program. It walks through the key concepts of locating a file, and viewing it on MVS. Something that up until yesterday was out of my league.
We need to edit the file S3705 on SYS1.VTAMLST
Basically it’s 1,3,4 from the main pannel:
or RFE, Utilities, DSLIST
Type in the Volume name, then tab over to the left of the volume and put in V to view
Now we will get a list of all the files. We want to edit S3705, so you can tab/arrow down, but sure to put an `E’ next to it, then hit enter so we can edit the file
F7/F8 will page down/page up as needed. As mentioned we are interested in Subarea 13, PU type 2.
The line we are changing is the MAXDATA or MTU size for this unit. Since we are doing dlsw, or an emulated serial link, we need to knock it down to 256. Notice all the plus signs on the right hand? THOSE ARE IMPORTANT! Not only do they need to exist, but they also have to be on the far right.
For those wondering the MTU sizes on the client side by media type are as follows: And notice that the host size is different, as this takes in account of packet headers.
Making sure to overtype the 3780, to a 256, and ensuring the + sign hasn’t moved you can hit enter, cursor to the top and type in SAVE.
We can then edit the N13 file, changing line 35 to have MAXLU=3
Hopefully this clears up editing VTAM files.
As mentioned the easiest way to regen the system is to delete the old object files. So hit f3 a few times and get back to the dataset list
This time we want the VTAMOBJ set. Go and ‘V’iew it like last time and we will get the list of files:
Now we are going to put a ‘d’ next to N13 and S3705. This will flag them for deletion. Hit enter!
The files are now gone! On the next boot they will be rebuilt.
I just hit F3 a bunch of times and it’ll drop to some TSO shell
From here you can shutdown the system. It’ll take a few minutes, but you can start it up again just the same way you brought it up. Remember to attach your console.
Setting up SNA Server
Just like Dynamips, I setup a batch file, as the default one is just far too long to read:
@echo you need to figure out your nic name..
@echo something like
@echo \Device\NPF_{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}
set loopback=\Device\NPF_{3DF0EC5D-7FBE-46DF-ACF8-EF5D8679A473}
set vmnet1=\Device\NPF_{3BC364F4-5A15-405D-926C-C594383F0323}
qemu -m 64 -L pc-bios ^
-hda SBS15.vmdk ^
-soundhw sb16,adlib ^
-net nic,model=pcnet,macaddr=52:24:00:22:00:01 ^
-net pcap,devicename=%loopback% ^
%1 %2 %3 %4 %5 %6
This will setup a small machine with 64MB of ram, a single AMD PCNet adapter on the loopback interface. I installed Windows NT 3.51 from the Small Business Server 1.5 setup. I don’t know why VMware + NT 3.51 didn’t get along, maybe it’s my Erying, Or maybe it just plain doesn’t work, I’m not sure, and far too impatient to troubleshoot it.
It’s very important that you do add the DLC Protocol during setup. It’s in the ‘Add Software’ part. I kept my NT very simple with only NetBEUI and DLC protocols. At the moment I’m not that interested in actually networking the NT, and if I was, I would add a second NIC, just like what I did for Dynamips.
Setting up NT isn’t that interesting, but SNA server is. I did use the 2.11 on the Back Office CD, but for completeness sake of testing I tried the oldest one I could find, and 2.1 beta from June, Build 2.1.0.216.
I left the network name & control point name blank as I just want terminal, I’m not even going to think that LU6.2 applications on such an ancient version of MVS was even possible.
This is pretty much default, the Link service basically sets itself up as we only have the one NIC.
Take note of the remote network address. 400010200100 which came from above the address we directly point to the dlsw. Also it’s form the 9track blog.
Insert a 3270 LU for us to try to talk to Hercules.
I’m pretty sure it was hard coded to be a model 2.
I turned off the ability for the model to be overwitten.
Create a pool, I called it swimming, because of ‘reasons’. I made it a type 2 pool and added the terminal to it.
Next I added the EVERYONE user, and gave them access to the SWIMMING pool
Finally we are ready to save the config, and do the hand holding and start up. If the stars aligned you will see them go ACTIVE/ACTIVE and the terminal will go Available.
Sadly the terminal won’t go live, it’s stuck in SSCP.
And this is as far as I can go. I have to think that with either something far older protocol wise for the PC, such as IBM Personal Communications/3270 for Windows V2.0 (v4 didnt work either), or a far newer Mainframe software version would support whatever it is SNA server wants to give us the crazy dream of running SNA self contained.
Running Wireshark on the loopback network I see this message:
UNSUPPORTED FUNCTION
Sadly this is as far as I can take you. I do want to give a special thanks to Vinatron & blackbit for trying to troubleshoot this with me. Best we can figure is that TK4- is just too old.
Troubleshooting
From the cisco router try dlsw commands like this:
dlsw>sho dlsw circuits
Index local addr(lsap) remote addr(dsap) state uptime
2281701660 4a24.0044.0080(04) 0200.9099.8000(04) CONNECTED 00:02:23
Total number of circuits connected: 1
This does show the connection. Notice that ‘show bridge’ will show nothing in this config.
Be sure to check peers as well:
dlsw>show dlsw peers
Peers: state pkts_rx pkts_tx type drops ckts TCP uptime
TCP 192.168.199.1 CONNECT 10 13 conf 0 1 0 00:05:07
Total number of connected peers: 1
Total number of connections: 1
Make sure your interfaces are ‘up/up’ and passing traffic
FastEthernet0/0 is up, line protocol is up
Hardware is DEC21140, address is ca00.48f4.0000 (bia ca00.48f4.0000)
Internet address is 192.168.199.10/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 1000 bits/sec, 2 packets/sec
5 minute output rate 2000 bits/sec, 2 packets/sec
12768 packets input, 1439279 bytes
Received 3609 broadcasts (0 IP multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
9999 packets output, 1037736 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
dlsw>show int eth1/0
Ethernet1/0 is up, line protocol is up
Hardware is AmdP2, address is ca00.48f4.001c (bia ca00.48f4.001c)
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:02, output 00:00:02, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
52426 packets input, 5148287 bytes, 0 no buffer
Received 12336 broadcasts (0 IP multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
36383 packets output, 2465490 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
dlsw>
And of course check WireShark to see if there is any handshake:
And of course check the Hercules logs to make sure your VTAM rebuilt, look for ERROR or anything related to S3705 or N13.
so I got it to “work” on OS X….. well 10.6 in VMWare. I have no idea if this means it will work on your setup.
If AppleTalk packets get passed early in the boot stage, it will crash.
If JIT is enabled, it will crash
Performance is horrible, I’m getting 150k/sec on my LAN, Basilisk II with no JIT blows this thing away.
Honestly I feel kind of hesitant releasing this, but I know it was desired, and I guess it’ll help someone somewhere being able to have an easier conversation… So I’m going to upload my source tree, including binaries built with GCC 4.0 & 4.2 with either O2 or Os flags. I’m not sure which is more stable/faster…So here is my source tree. Sorry you still have to deal with the changing password thing, but cancel it, and it’ll tell you the password.Other lessons learned… SheepShaver’s segfault model only works when the CPU thread is the main thread. Even though you “can” stuff the CPU into a subordinate thread, it doesn’t play nice once it segfaults, it’ll just spin waiting for something that clearly isn’t going to happen.In config.h I added in USEGLOBALvideo as a way for main to call the screen update to end the vast majority of pool leakage. I also added SHEEPSHAVER_CURSOR to enable the hardware cursor. I was having some issues installing OS 8.x when the ‘hand’ was drumming the fingers waiting for the OS to install it crashed many times, while disabling the hardware cursor made it play nicer. Maybe it’s my setup, I’m not sure.
Also in this version I don’t read .sheepshaver_prefs but rather sheepshaver_prefs in the current working directory. I didn’t want to trash any other prefs. I have to test again but I think this should work on 10.10 … As I found out the hard way x86_64 binaries can no longer mess with the zero page, so this is a 32bit only build, but I was running it with my SLiRP fixes ok on my macbook air.
This hasn’t been extensively tested. I hate to even call it tested, I just copied a few MB of stuff over an NT server running AppleTalk,a nd viewed some flash video with Internet Explorer 5.1 …. I’m sure there are PLENTY of things broken. JIT should work with these binaries (Quake 1 is quite playable), but DOOM crashes hard (isn’t it a 68k binary?). DOOM runs ok on Basilisk II so does it matter?
If you want speed, JIT + SLiRP is the way to go. Since this is basically the same as the version I was using with BasiliskII I think it’s more stable than the generic version as I could at least run all kinds of programs with some of my fixes vs the ‘stock’ github version.
I should add that I’ve been primarily testing with that PowerMac 9500 v1 ROM, along with MacOS 8.6. I found 8.0 and 8.1 too unstable, 7.x & 9.0.4 uninteresting.
To get around the early crashing while booting 8.6, I rigged it to drop the first 30 packets. I’ve successfully booted 10/10 times, so I’m almost OK with that. I’d rather know when the OS is ok, and go with that, but I’m not sure. I thought about a timer, and say ignore the network for the first 30 seconds, and maybe that is the better way to go. When you launch this you’ll see some message updating about packets and “wait for 30->” and a number… once it reads “wait for 30->30” , the message will no longer update, and it’ll start to forward packets into the machine. You probably will have to disable and re-enable AppleTalk from the chooser to see the network (or I had to). You may have to get creative to generate the needed packets on your network to get it over 30, as those are packets received. Broadcast packets work too, so maybe you can work with that… As long as Sheep Shaver isn’t alone something should be looking for other devices.
I’ve been busy at work, but I did get some stuff done on this over the weekend, and just wanted to push this version out while there is some momentum.
The big fixes are in SCSI to support the dynamic scatter gather buffers so you can format big (lol) disks. Â Then again I only tested a 2GB disk but it’s working fine as far as I can tell.
I also hard coded SCSI id #6 as a CD-ROM. Â It only reads HFS partitioned images, and only can boot from a handful of those. Â From some SCSI CD emulation packages with passthru it performs just as poorly, so it’s not just me. Â I tested with the ‘blessed’ Win32 build 142, with ForceASPIÂ in a Windows XP VM with emulated SCSI CD. Â There is a lot more ‘magic’ going on with the cdenable.sys driver on the Windows side, which mounts ISO’s without any hesitation.
This also includes my latest networking fixes as I moved more of the networking code to use queues, forced the 60Hz timer to hit the network card so it won’t stall anymore, and added in that timer patch, that more than doubled my LAN download speeds.
I’ve also added a simple PCAP filter as I noticed that my LAN was quite chatty, and I figured all this traffic wouldn’t be good as an emulator really shouldn’t be processing stuff it doesn’t need to. Â Something like this:
(((ether dst 09:00:07:ff:ff:ff) or (ether dst ff:ff:ff:ff:ff:ff) or (ether dst fe:fd:00:00:16:48)))
09:00:07:ff:ff:ff is the AppleTalk broadcast address, ff:ff:ff:ff:ff:ff is the typical all hosts broadcast, and I’m still generating a MAC based on PID which is good enough for me.
Feel the need for speed!
So while before downloading 124MB on my LAN took 8 minutes, now it’s about a minute.
I’ve updated the sourceforge page with source, Win32, Linux i386 and OS X (10.8) builds. I’ll add a 10.6 x86/PowerPC build later. Â On the sourceforge page I also added a utilities section with a simple ISO image with various utilities to get you started, including the A/UX partitioning tool to partition & format a virtual disk, a tool to try to mount ISO’s (remember HFS has the only hope right now), QuickTime, Flash, Internet Explorer and some other stuff.
Also, thanks to Peter, it’s also available on github, so my horrific edits are open for the world to see…
And it is quite frustrating.  The most I can do is about 100MB worth of AppleTalk traffic, or 1.5GB of TCP/IP then the receive function EtherReadPacket just stop being called, and then the whole thing stalls out.
I don’t really ‘like’ my solution, but it does work.  I went ahead and chained the EtherInterrupt function to the 60Hz timer to ensure it’ll fire, and it seems to be working. The good thing is now I’m getting ~200K/sec using pcap or SLiRP.  So things are faster!
Then after scanning the changelog, I found this interrupt patch, and it doubled my throughput on the network to over 400K/sec!
427K/sec via SLiRP
So now I can copy about 350MB worth of data in about 5-7 minutes, and it doesn’t stall out.
357MB worth of AppleTalk
I can now copy hundreds of MB worth of stuff from one AT server to another.
What is also surprising is that by using Internet Explorer 4.0.1 for MacOS, I get speeds of around 1.0Mb/sec(with as high as 1.6!)
Internet Explorer 4.0.1 screaming along
I know IE has always had a bum rap, but it really is a better legacy browser on MacOS.
I also merged the scsi driver’s buffer with BasiliskII’s buffer so the scatter/gather can now handle the absurd requests of 4MB++ worth of reads in one swoop.
Well I was shuffling files back and forth into Shoebill, and with the advent of Ethernet support, I decided I wanted to build an AppleTalk network. Â This endeavor seems to have taken a life of it’s own.
So, the first thing I did was tear into minivmac, as I figured it would be the easiest to modify, as ‘mini’ is in it’s name. Â But it’s more geared to LocalTalk. Â From it’s readme:
It does this by converting the LocalTalk packets between SDLC frames in the virtual machine to LocalTalk Over Ethernet (LTOE) packets. These LTOE packets will be sent out the host machines Ethernet interface and will reach any other machine on the LAN. LTOE packets are not routable and not recognized by EtherTalk devices.
Which is pretty creative, but I want to talk to A/UX, Windows NT and Cisco routers. Â So this isn’t going to work out for me.
The next other ‘big’ names in Macintosh emulation are Basilisk II and SheepShaver.  Both of which are from Christian Bauer which is a sizable download (or so I thought) and has a very confusing release versions for Windows. So I went ahead and tried BasiliskII, which only does some native networking via a TUN/TAP & bridge solution (which is really popular solution for plenty of UNIX based stuff), which personally I don’t really care for.  The Windows version does support SLiRP, but for some strange and annoying reason it always crashes when I try to download anything big.  As a matter of fact, the Windows version crashes, a lot!
While digging around for various builds of Basilisk II, I found the defunct sourceforge page, which is thankfully still up. Â And there I found the 0.8 and 0.9 release source code, which weighs in at a tiny 350kb in size. Â This is something I could probably dive into. Â So I went ahead and tried to build it on a Debian 7 x86 VM. Â And much to my surprise, after altering configure to accept GCC 4.7, and forcing it to turn X11 on (I don’t know why it kept failing to detect it), I was able to build a binary in no time. Â Even better, it worked!
So the first few goals were simple, I wanted to take 0.8 and remove it’s dependency on X11,and make it use SDL 1.2.  Why not SDL 2.0?  Well 2.0 is more about 3d space, and even to render a flat framebuffer it uses streaming textures.  Which is too heavy for me, so I’m sticking with 1.2.  I took a bunch of code from SDLQuake, and after a while of bashing it around, I was able to open a window, and capture some ouput from the framebuffer.  With even more bashing around I got it to work correctly.  I did make some small tweaks though, it only supports 8bit depth.  But I’m interested in networking, so 256 colours is fine by me.  Now that i could see what I was doing, I was able to then re-compile on OS X, and I was greeted with the Mac Boot screen.  The harder part was Windows, as the system code written by Lauri Pesonen who did an excellent job of porting BasiliskII to Windows, but to say their code took 100% advantage of the Win32 API would be an understatement.. And I wanted something more pure to being SDL so I really couldn’t use much of that code.  And what code I could find it was for far later versions.  However with enough pushing I did finally get BasiliskII to boot up on Windows.  I was once more again bitten by the fact that open on Windows defaults to being in ASCII mode.
The next thing to add was SDL input for the keyboard and mouse. Â And at this point googling around for an example of an input loop for SDL that is appropriate for an emulator I stumbled uppon the fact that there already was a SDL support built into the more current version of Basilisk II. Â But for some strange reason I kept going ahead, and incorporated some of the code into my 0.8 branch. Â And then I could finally send some keystrokes, move the mouse, and click on things! Â Things were looking up!
While looking at the SDL code, I did see they also have audio support, so I went ahead and borrowed the skeleton framework from there, although the initialization didn’t work at all as BasiliskII had drifted in how it hooked into the native sound support. Â So I once more again turned to SDLQuake, and I was able to initialize sound, and Even get QuickTime to play the old Quadra quicktime video, which was the first QuickTime thing I’d ever seen, back when they were still making Quadras.
So now with video and sound in place, it was finally time to tackle the networking. Â At first this seemed quite easy to do, and using SIMH for inspiration I was able to quickly replace the tun/tap code with some pcap code to open the interface, send packets, and receive packets. Â One more again I started on Linux, made it build on OS X, although my MacBook air doesn’t have anything I can really inject packets into so I don’t know if it actually works. Â The bigger test for me was on Windows with a GNS3 network, and with a few more minor changes I was happily sending AppleTalk to both Shoebill and Windows NT.
The next thing I wanted to tackle was SLiRP support.  Ironically to bring SLiRP to Shoebill I used the SLiRP from the github of Basilisk II.  At this point I figured this would be very simple, and I could wrap up later that day.  It ended up taking me three days.  Once more again my build would crash all the time, just like the later Basilisk II builds.  Using Internet Explorer 4.0.1 would seemingly crash the whole system within seconds with faults in SLiRP’s slirp_select_fill, and slirp_select_poll functions.  Now if you don’t call these functions SLiRP doesn’t process it’s TCP state and you end up with barely functioning UDP to only SLiRP which isn’t great beyond DHCP and DNS.  First I tried semaphores which only made things worse as the nature of Basilisk II’s threaded nature just made the requests stack up deadlocking within seconds.  I tried a mutex, timed mutexes and various other locking methods insdide of SLiRP and Basilisk II to no end.  Netscape would kind of work, but IE would crash the whole thing out after a few pages. Then a better solution hit me as I was playing with the system clock on the Windows build.  There is a 60Hz timer that calls a 1Hz timer once every 60 ticks.  What if I had the clock drive SLiRP?  And to my amazement not only did that work, but it worked great until I hit another problem that I had with Shoebill (that needs to be fixed now that I found away around it here).  There is a static buffer that passes data between SLiRP’s callback when it is going to send a packet to BasiliskII and when Basilisk II then feeds the packet to MacOS.  With enough traffic it will overwrite part of itself as they are on two different threads.  Once more again I tried semaphores, which of course is the wrong tool here as if something is stacking waiting for it to unstack is just crazy, and more mutexes.  The mutexes kind of worked but performance was horrible, as in 1992 dialup speed horrible.  And I didn’t want to simulate a 1992 internet experience 100%
So the obvious solution as a queue.  I took a simple queue implementation, added the ability to peek, changed it to accept a packet structure and I was set.  Now I only needed a mutex when I queued items, and dequeued them.  But I could hold 100 packets easily.
So with all that in place I can finally download files greater than 10MB, and even with Internet Explorer!
124MB in 8 minutes!
So the next was to make Pcap dynamically loaded, which for C++ is a bit of fun with __cdecl, GetProcAddress and all that fun.  But I had it working after a bit so now if the user doesn’t have WinPcap installed they don’t get an error message, and I don’t have to maintain two builds.  Nobody likes doing that kind of stuff.  Ever.
Multitasking.. Kind of.
There is still plenty of things broken afterall I’m using an ancient version of Basilisk to base this off of. I’ve also removed a bunch of features as I wanted to make this more of a ‘core’ product with again a focus on networking.
Will this interest the majority of people? Probably not. Â But for anyone who wants to actually download a file this may be somewhat useful.
Where to go from here?
Well there is still a lot of OS specific stuff in the code that I want to convert to SDL. Â I’d like to build from a 100% more generic code tree rather than having private files here and there. Â The CPUÂ optimization programs that re-read GCC’s assembly output don’t do anything. Â I want to try it through an older version of GCC and see if there is any difference in speed. Â I also recently received the source code to vc5opti.cpp and I’d like to try that to see if it speeds up the Windows Visual C++ based build. Â Long term I’d love to patch in the UAE CPU code from the newer versions that have a far more solid 68030/68881 and 68040 emulation. Â The price of standing on so many tall shoulders is that when I fall off I don’t know if the CPU exceptions I see are faults in the CPU emulation, Basilisk II or just plain crashes in MacOS which was certainly not the most stablest thing once you mixed in multimedia and networking. Â It was par with Windows 3.1, which honestly both of them were ‘saved’ with help from the older generation, ala BSD Unix for MacOS, and the VMS team for Windows.
So after all this I’m ready to release some binaries, and code. Â Although the last thing I wanted to do is add more confusion by calling this Basillisk II v0.8.SOMETHING … A quick google search on Basilisk gave me this:
In European bestiaries and legends, a basilisk is a legendary reptile reputed to be king of serpents and said to have the power to cause death with a single …
There are plenty of bugs, and plenty of things not working, but it works well enough to do things, and that is a credit to everyone who worked on Basilisk II before me.
I found this link where someone had implemented a virtual NE2000 for DosBOX, allowing you to run among other things DOOM!
This reminded me of my own work to add pcap into Qemu back in the 0.9.0 days… SO I figured I’d try to build the thing out and see how they interact!
So the first thing to do was build DosBOX, and add the patch. I found that 0.73 worked pretty well for this!
So after some hammering around, I got it to build, and launched it on two separate machines (one over terminal server) on my lan, and launched the oldest network doom version I could find to get things going.
Doom multiplayer IPX-SPX
And there we go. Now in the dosbox.conf you have to make sure that they have unique MAC addresses, and of course, that they are bound to the correct physical nic. in the config file, there is a list option that will print out the possible choices then you can just put the number, or the full name into the right spot on the ini file. I’ve build a prebuilt win32 version of this with all the DLL’s and the gravis ultrasound enabled… You can download it here.
The next thing I did was search high & lo for my patches to Qemu, and thankfully I’d emailed them to myself as it seems all the other places are dead… So with a little playing with Qemu 0.90 to enable the adlib, and remove some logging messages, I’d built a client machine again with Doom. Naturally I had the DosBOX & Qemu face each-other off.. Sadly this is a little SLOW.
DOSBox and qemu IPXSPX Doom
For those that wish to download, you can find the Qemu client & server files.
Now for Qemu, you’ll need to get that full NIC name… Dosbox provides a great way to see what it is, just paste it into the batch files, and you’ll be good to go.
Ok I wanted to do this eventually but now I’ve finally done it. I have constructed something a little complex but it works surprisingly well.
Let me draw a picture so it’ll be a little easier to follow:
proxmox Netware diagram
All of the machines in clouds are virtual…
Ok I’m going to assume you can install & configure OpenVPN on your own. I did a really simple install on Proxmox VE, just be sure to use the e1000 network adapters. All the others gave me tones of errors with any sizable traffic. Also I should point out that I’m using OpenBSD 4.3 which is the latest as of today.
dev tun0
dev-type tap
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
dh /etc/openvpn/dh1024.pem
key /etc/openvpn/server.key
server-bridge 192.168.6.33 255.255.255.224 192.168.6.50 192.168.6.62
push “route 192.168.6.0 255.255.255.0”
push “dhcp-option DNS 192.168.6.34”
client-to-client
duplicate-cn
keepalive 10 120
max-clients 100
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
tun-mtu 1500
fragment 1300
mssfix
float
Again I just followed the example from the OpenVPN site to set this up. What makes this different though is the fact that I’m using this in a bridge mode. As you can see I have told OpenVPN that it is to use the tun0 interface as a ‘tap’ driver.
My hostname.tun0 is this:
Link0 up
Likewise the bridgename.bridge0 is:
add em1
add tun0
up
And finally for this example my bridgename.em1 is:
inet 192.168.6.33 255.255.255.224 NONE
So using this setup I have a ‘private’ 192.168.6.32/27 network in which I’ve got a few virtual machines running and space for my laptop to VPN into. Now one of the virtual servers on my Proxmox server is Windows NT 4.0 Terminal Server… Yeah I know I got it cheap on ebay, and I kind of like it. Anyways I’m running Qemu on it, which is running Netware 3.12. I installed the libpcap then I had to find out what my Ethernet devices are called. I used wireshark (it was ethereal) and it’s a cool program to have around. The last version to run under Windows NT 4.0 was 0.99.4 so that’s the one I used. Once I have done this I found my device and was able to setup a string for Qemu (which was \Device\NPF_RTL80291)
This sets up an ISA computer with 16 megaybtes of ram and a single ISA nic that will utilize libpcap to send out frames on the rtl80291 that’s being emulated to my NT terminal server by proxmox.
dev tap
ca ca.crt
cert client1.crt
key client1.key
client
proto udp
remote 192.168.1.75 1194
resolv-retry infinite
nobind
persist-key
persist-tun
;comp-lzo
mssfix
tun-mtu 1500
fragment 1300
Ok, so far so good. Now I do have Virtual PC 2007 on my laptop, and I have made sure that the “Virtual Machine Network Services†were bound to the “TAP-Win32 Adapter V9†interface.
The it’s a simple matter of connecting to the VPN, then loading up the virtual PC with MS-DOS & the Novell Netware client.
Then you should be able to ‘bind’ to the server & login!
dos netware client
The ‘cool’ thing about this setup is that it will work over things like wifi, and easily allow you to add clients near & far. Oh and the best part for the wifi crowd is that it will use REAL encryption since WEP/WPA have all been shown to be useless. Oh yes, and it should allow you to host your DOOM, Quake 1, Rise of the Triad, Warcraft II, and Descent games…. Along with people playing at home! Using this you too can build your own IPX/Internet network!
I do hope this clears some of the uses & versility of Virtual servers, Qemu & Virtual Networking.