Yes, I know it’s kinda pointless as it’s horribly out of date, but I’m still having fun. Anyways now it’ll integrate with dynamips!
So yeah, in this example, instead of the usual “-net user” and the built in SLiRP stack, this uses UDP to talk to a stand-alone SLiRP stack. This will let you plug your Qemu into virtual Ethernet switches/hubs and interfaces of virtual routers. Even mixing and matching connections to different emulators that use UDP to exchange packets.
In this case I have a VMDK loaded with a NE2K-PCI driver, and QuakeWorld for MS-DOS. I also made the MPU401 external although it’s hanging on a secondary flag…
Continuing from my TACACS adventure, I also thought it would be nice to capture syslogs, and save them. Oddly enough this is a big business, with even low end products like Kiwi Syslog server costing some $295 USD!
Well that’s too much for me, so I figured that the most wide spread at the time must have been the 4.3BSD syslogd, so I’ll start with that.
Just as before this was a pretty straight forward port, I had to remove all the /dev/kmem and UNIX socket stuff, as they obviously don’t exist on Windows. Just as the same, you can’t “write to users” to send messages, so by default output is a file. I suppose I could use the net send functionality to pop up a message, but I find it just as annoying today as it was then.
At any rate in no time I was able to setup a simple config file, and then get my router to turn on full logging & enable full debugging to get a continuous stream of messages. The only ‘gotcha’ is that this sylogd wants to be able to do reverse lookups, so you really ought to have a DNS with reverse entries, or a good hosts file.
As you can see, running it in debug mode tells me what is going on. And the log.txt file contains a nicely formatted log file, just the way that it was done on BSD:
I’m sure it’s full of other bugs, but all I tested was that I could log to a file, and it’s doing that much just fine. If you feel so inclined you can download & compile it, the source is: syslogd_win32.c
So, in my fun and excitement I was putting together a ‘cisco’ network using dynamips that spans a few sites across the world. I’m using ancient copies of NT for some servers, although I plan on adding in some 386BSD, SunOS SPARC, and maybe even 68010 based, along with other stuff.
I have the routers running fine, but I felt like adding some kind of external authentication service, and TACACS certainly fits the bill! And to be all vintage as usual, I’m not going to use TACACS+ as it’s simply too new, and too big. So first things first, I need a copy of the source to TACACS as I’m certainly not going to write my own! I found this directory on ftp.funet.fi which has a bunch of old cisco related material, and sure enough there is a tacacsd.c
Even better it’s from 1989 which suits my need for something positively ancient, and simple enough to be a single C file.
/*
* TACACS daemon suitable for using on Un*x systems.
*
* Janruary 1989, Greg Satz
*
* Copyright (c) 1989 by cisco Systems, Inc.
* All rights reserved.
*/
Porting it to run on Winsock, really wasn’t all that hard, I had it running as a standalone program within a few minutes, however there is no password file in NT, so as a simple test, I had simply short circutied the username lookup to always suceeded, along with a password compare.
Since I have VMWare Player installed on my machine, I can use the VMNet 8 connection to talk to my host computer. The hard part of course is trying to figure out which NIC is which, but dynamips -e will give you a list like this:
Cisco Router Simulation Platform (version 0.2.16-experimental(merge uppc smips)Build-1-x86/MinGW stable)
Copyright (c) 2005-2011 Christophe Fillot.
Build date: Dec 15 2016 04:20:41
Pcap version [WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008)]
Network device list:
\Device\NPF_{D3DF08C4-7A33-4FE2-9351-000153705A30} : VMware Virtual Ethernet Adapter
\Device\NPF_{3FB194EF-F3A4-45F2-AFAB-A4ABA98E8FF7} : Qualcomm Atheros Ar81xx series PCI-E Ethernet Controller
\Device\NPF_{C46B48B8-74E1-4938-9BFE-E407949A7940} : Microsoft
\Device\NPF_{F72C65CD-C6BC-44FE-9019-C5057DB1D9AB} : VMware Virtual Ethernet Adapter
\Device\NPF_{CE75B9C1-8189-4C8F-8EF6-6CEB0C6D0329} : Microsoft
\Device\NPF_{737A8B62-9A87-4739-9CC2-BF05CDC315D0} : Microsoft
And with that information, we are good to go! Since I’m doing a simple test here, I don’t need anything other than a single ethernet to talk to my host, so here is a VERY simple cli to run dynamips:
Cisco Router Simulation Platform (version 0.2.16-experimental(merge uppc smips)Build-1-x86/MinGW stable)
Copyright (c) 2005-2011 Christophe Fillot.
Build date: Dec 15 2016 04:20:41
Pcap version [WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008)]
Idle PC set to 0x604f1da0.
IOS image file: ..\c7200-is-mz.19991126.bin
ILT: loaded table "mips64j" from cache.
ILT: loaded table "mips64e" from cache.
ILT: loaded table "ppc32j" from cache.
ILT: loaded table "ppc32e" from cache.
vtty_term_init
CPU0: carved JIT exec zone of 64 Mb into 2048 pages of 32 Kb.
C7200 instance 'default' (id 0):
VM Status : 0
RAM size : 256 Mb
IOMEM size : 0 Mb
NVRAM size : 128 Kb
NPE model : npe-200
Midplane : vxr
IOS image : ..\c7200-is-mz.19991126.bin
Loading ELF file '..\c7200-is-mz.19991126.bin'...
ELF entry point: 0x80008000
C7200 'default': starting simulation (CPU0 PC=0xffffffffbfc00000), JIT enabled.
mips64_test.s ROMMON emulation microcode.
mips64_test.s Launching IOS image at 0x80008000...
Self decompressing the image : ####()## [OK]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating System Software
IOS (tm) 7200 Software (C7200-IS-M), Experimental Version 12.0(20000110:181554) [otroan-thanksgiving-rel 175]
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Thu 20-Jan-00 15:07 by otroan
Image text-base: 0x60008900, data-base: 0x613D0000
cisco 7206VXR (NPE200) processor with 253952K/8192K bytes of memory.
R5000 CPU at 200Mhz, Implementation 35, Rev 1.2
6 slot VXR midplane, Version 2.1
Last reset from power-on
Bridging software.
X.25 software, Version 3.0.0.
1 FastEthernet/IEEE 802.3 interface(s)
125K bytes of non-volatile configuration memory.
4096K bytes of packet SRAM memory.
65536K bytes of ATA PCMCIA card at slot 0 (Sector size 512 bytes).
8192K bytes of Flash internal SIMM (Sector size 256K).
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: no
Press RETURN to get started!
Next I need to take note of how VMWare & Windows have configured my VMNet8 adapter, and configure the router accordingly:
So Im using 192.168.254.1/24 so let’s setup the router. Let’s give it a .10 for the heck of it. Also I’m going to turn off DNS name resolution for the moment.
00:00:02: %DEC21140-3-DUPLEX_SPEED: FastEthernet0/0 doesn't support the configured duplexand speed combination
00:00:02: %DEC21140-3-DUPLEX_SPEED: FastEthernet0/0 doesn't support the configured duplexand speed combination
00:00:02: %DEC21140-3-DUPLEX_SPEED: FastEthernet0/0 doesn't support the configured duplexand speed combination
00:00:32: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
00:00:32: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating Sys
Router>
Router>tem Software
IOS (tm) 7200 Software (C7200-IS-M), Experimental Version 12.0(20000110:181554) [otroan-thanksgiving-rel 175]
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Thu 20-Jan-00 15:07 by otroan
00:00:33: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
Router>ena
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int fa0/0
Router(config-if)#ip address 192.168.254.10 255.255.255.0
Router(config-if)#no shut
Router(config-if)#exit
Router(config)#ip route 0.0.0.0 0.0.0.0 192.168.254.1
00:01:29: %DEC21140-3-DUPLEX_SPEED: FastEthernet0/0 doesn't support the configured duplexand speed combination
00:01:31: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
00:01:32: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
Router(config)#no ip domain-lookup
Router(config)#exit
Router#wr
Building configuration...
[OK]
Router#
00:01:39: %SYS-5-CONFIG_I: Configured from console by console
And if everything is going well, I can now ping from Windows!
Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.
C:\Users\neozeed>ping 192.168.254.10
Pinging 192.168.254.10 with 32 bytes of data:
Reply from 192.168.254.10: bytes=32 time=54ms TTL=255
Reply from 192.168.254.10: bytes=32 time=31ms TTL=255
Reply from 192.168.254.10: bytes=32 time=31ms TTL=255
Reply from 192.168.254.10: bytes=32 time=31ms TTL=255
Ping statistics for 192.168.254.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 31ms, Maximum = 54ms, Average = 36ms
C:\Users\neozeed>
Awesome! Pinging from the cisco however fails.
Router#ping 192.168.254.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.254.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
This fails as Windows by default has it’s firewall on, which then blocks all incoming traffic. However to see that the ICMP would have succeded, you can look at the arp table, and the .1 address should have been learned:
Router#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.254.1 0 0050.56c0.0008 ARPA FastEthernet0/0
Internet 192.168.254.10 - ca00.3730.0000 ARPA FastEthernet0/0
We can either diable the firewall, or we can add a rule to permit ICMP. To do either you need to go to the firewall control panel in Windows. In this quick example, I’m going to build a rule using the firewall control pannel.
So hit the advanced settings to the left.
Click on the ‘Inbound Rules’, and now we are going to create a new rule.
Select a Custom Rule
Allow ‘All Programs’
Then set the protocol to ICMPv4
Now we can select the scope of the rule, in this case we are going to allow the 192.168.254.0/24 network to pass icmp traffic to us. Add it as a source and destination.
In this quick example I’m applying it everywhere. I suppose a better setup would be to make sure the VMNet 8 adapter is a ‘Private’ network, and ONLY apply this to the Private domain.
Then give it a name, something like ‘ICMP for VMnet8’
Router#ping 192.168.254.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.254.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/30/36 ms
And now we can ping!
Now for the fun, I go ahead and compile my hacked up tacacsd.c, and run it, and then permit it to run on all networks:
And now I can configure the router to use TACACS. Keep in mind, once gain that this is *NOT* TACACS+ so this is done a little differently. I’m going to simply set TACACS for telnet connections.
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#tacacs-server host 192.168.254.1
Router(config)#line vty 0 4
Router(config-line)#login tacacs
Router(config-line)#exit
Router(config)#enable password 0 cisco
Router(config)#exit
Router#wr
Building configuration...
[OK]
Router#
00:01:28: %SYS-5-CONFIG_I: Configured from console by console
And now I’m ready to test!
User Access Verification
Username: user
Password:
Router>who
Line User Host(s) Idle Location
0 con 0 idle 00:01:11
* 2 vty 0 user idle 00:00:00 192.168.254.1
Interface User Mode Idle Peer Address
Router>
As you can see I logged in as ‘user’ … and keep in mind my TACACS simply permits anything. As for what tacacsd runs by default:
D:\dynamips\tacacs>tacacsd.exe
server starting
using port 12544
validation request from 192.168.254.10
query for user (pw->pw_gecos) accepted
It’s not exciting, but as you can see it is attempting to look through the gecos to verify the user, but in this case I just allow anything. And besides just granting anyone the ability to login, let’s take a look on the wire:
WireShark capture of TACACS traffic
As you can see the username & password go over the wire in plain text. Even the response is simple enough to decode:
Access granted!
Needless to say this is something that you would NEVER EVER EVER run in a real network. Of course a system that sits on telnet is vulnerable anyways, but I suppose a TACACS server that lets anyone log in, makes either a VERY trusting network, or a good honeypot. Against my better judgement, here is tacacsd_win32.c Naturally it could be easily made to verify passwords against pretty much anything.
Since there has been an update over on the github project, I thought this was a good time to take my existing port, and basically dump it, and make it integrate a lot better. So this time I did a lot of #ifdef’ing and the code should still compile on UNIX like systems.
I need to go through all the reboot/reload scenarios an try to either find out why it crashes, or just comment out dangerous paths.
So yes there is a good chance on a reload it’ll crash right now.
I also had issues with the new vty code, so I’m still using the old file from an ancient version of dynamips that I seem to have massaged well enough to behave for a primative console at the command prompt.
I put it on Sourceforge, because I’m rebellious like that.
Now what were the obstacles? Well for starters not having a full libc certainly hurts things. Things like a malloc. And without getting fancy with the memory map I did the lamest cheat ever, which is a 1MB static array I just handed out with a fake malloc (no free, I didn’t bother to track chunks), and you know it works enough.
Also I need to read files, and I need to look more into the hardware to see how to do that. There seems to be plenty of hooks for NVRAM, but the ROMMON substitute doesn’t seem to support them. Also there is no ROMMON hook for reading from the console! The MIPS cilo is more ROMMON dependent, while the PowerPC c1700 talks to the uart directly so this is a PowerPC thing for right now.
I also learned something exciting about ld, which is how it can absorb binary images into objects, that you can link and access directly into your program! No more having to convert it to hex, make these insane headders that CPP may or may not bomb over. No you can make them objects right away!
In this example I read the file planetfa.dat as BINARY, and encapsulate it in an object file called planetfa.o . It’ll now have a symbol name of _binary_planetfa_dat_start for where the image begins, _binary_planetfa_dat_size will tell me how big it is in memory, and _binary_planetfa_dat_end will mark the end of this ‘file’ in memory.
Now in the old days when it was a file I could access it like this:
But that won’t work. So now instead of calling fopen/fclose (which don’t exist in CILO), I set a counter to what my current offset is, change the ‘fseek’ to just set the global counter to where it should be, and when I fread I just memcpy:
Pcap version [WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008)]
Unsure if this file (c1700_i0_rommon_vars) needs to be in binary mode
Virtual RAM size set to 4 MB.
IOS image file: ciscoload.bin
ILT: loaded table “mips64j” from cache.
ILT: loaded table “mips64e” from cache.
ILT: loaded table “ppc32j” from cache.
ILT: loaded table “ppc32e” from cache.
vtty_term_init
CPU0: carved JIT exec zone of 64 Mb into 2048 pages of 32 Kb.
C1700 instance ‘default’ (id 0):
VM Status : 0
RAM size : 4 Mb
NVRAM size : 32 Kb
IOS image : ciscoload.bin
Launching IOS image at 0x8000d9c8…
CILO
CiscoLoader (CILO) – Linux bootloader for Cisco Routers
Available RAM: 4096 kB
Available commands:
queen
hanoi
horse
fib
planetfall
halt
Enter filename to boot:
malloc 64512 offset is 0 offset is now 64522
malloc 38912 offset is 64522 offset is now 103444
PLANETFALL
Infocom interactive fiction – a science fiction story
Copyright (c) 1983 by Infocom, Inc. All rights reserved.
PLANETFALL is a trademark of Infocom, Inc.
Release 37 / Serial number 851003
Another routine day of drudgery aboard the Stellar Patrol Ship Feinstein. This
morning’s assignment for a certain lowly Ensign Seventh Class: scrubbing the
filthy metal deck at the port end of Level Nine. With your Patrol-issue
self-contained multi-purpose all-weather scrub brush you shine the floor with a
diligence born of the knowledge that at any moment dreaded Ensign First Class
Blather, the bane of your shipboard existence, could appear.
Deck Nine
This is a featureless corridor similar to every other corridor on the ship. It
curves away to starboard, and a gangway leads up. To port is the entrance to
one of the ship’s primary escape pods. The pod bulkhead is closed.
Deck Nine Score: 0/4451
PLANETFALL
Infocom interactive fiction – a science fiction story
Copyright (c) 1983 by Infocom, Inc. All rights reserved.
PLANETFALL is a trademark of Infocom, Inc.
Release 37 / Serial number 851003
While I don’t want to write an OS for this, it is almost tempting. Or go the other route, and add in some non router based hardware… Like audio hardware, or a framebuffer.
Does anyone have a 1700 to test to see if any of this works? Or a 7200?! 😀
Launching IOS image at 0x8000cba0…
CIL
Error: Unable to find any valid flash! Aborting load.
Awesome!
Building this was a lot more fun. I thought I could sidestep building a Linux to PowerPC ELF cross compiler, but as it turns out, to bootstrap libgcc, you really need a compiler that can do this. But with the steps basically down, it was trivial to whip up.
Although I did keep on hitting this error with the Win32 tools that “-mstrict-align” is not supported, while trying to build the startup and libgcc sources using the MinGW targeted compiler through wine. But once I had a native Linux to PowerPC toolchain in place, not only could I build the Windows based compiler, but I can also use the flag -mstrict-align on Windows without it complaining. So lesson learned, have a cross compiler built to the final target to make life easier when building a Canadian cross.
As always, building the binutils package was a snap, just run:
As a minor addendum, The 1700 can run stuff that is far more complicated than the MIPS. I’m not sure why I get so many TLB violations for doing something more complicated but I (poorly) ported aclock to run on the cisco 1700!
Aclock on the cisco 1700 via Dynamips
The Dynamips ROMMON emulator doesn’t provide the keyboard input function call so it can’t read from the keyboard. Also it can’t read the clock so I have it running 250,000 dhrystones between clock ticks. Although I think that is far too many, maybe 125,000 would be more like it but it runs on the PowerPC. While on the MIPS I get nothing but this:
*** TLB (Load/Fetch) Exception ***
PC = 0x80008964, Cause = 0x00008008, Status Reg = 0x00408103
Oh well. Maybe it’s a stack problem I guess I’ll have to break down and do a memory map and write a malloc if I want to go down this road. Although back in 1999 this would be incredible but today I don’t think anyone would run anything but IOS on their cisco hardware.
I’ve tried to build a cross compiler on MinGW32 before, and despite there being obvious steps on how to do it, I’ve never gotten it to work. Now I’ve built cross compilers before so it’s not like I don’t have any clue on what I’m doing, but the problem is that Windows isn’t UNIX, and I don’t want to use Cygwin.
So that enters another fun possibility known as the Canadian Cross, which is using a machine in the middle to build a compiler. As we all know, Linux is great for building and running GNU software, so a Linux machine to build my cross compiler would be the best. Now the whole point of this is that I wanted to build a MIPS program to run on Dynamips. And through a LOT of googling, I managed to find this program called CILO the cisco Linux loader. Now as far as I can tell the people trying to port Linux the the MIPS based cisco routers (3600 and 7200) never succeed, but they did manage to leave this bootloader behind. And compiling it was very tricky as they gave no hints on what to use. So with a lot of trial and error I found that binutils 2.18 is the minimal version that will work as the code depends on being able to do register aliasing which isn’t present in previous versions. Also according to this, they were using gcc 4.1.2 in their Linux port. So with some luck I did mange to get CILO to build with a cross compiler on Linux. Which was pretty awesome to see Dynamips run a C program!
But that doesn’t help me on the Windows side.
Now the first thing that I’d normally do is install the default MinGW cross tools, but because I need ancient binutils and GCC support as newer versions not only won’t work for what I want, but won’t build older versions I tried to keep things in step. This meant on Linux I first had to build a Linux to Windows cross compiler using binutils version 2.25.1 and GCC version 4.1.2 . Configuring and building binutils was a snap with:
I thought I could just use a new mingwrt and w32api but that proved disastrous as the newer libs gave me this fun error on trying to link a Win32 execuatable:
undefined reference to `___chkstk_ms’
And googling that around the consensus is that your binutils, and gcc is too old, and upgrade, granpa! But I want old software so I naturally have to just use older versions, and for gcc 4.1.2 I wanted:
mingwrt-3.18-mingw32-dev.tar.gz
w32api-3.15-1.mingw32-dev.tar.lzma
Now I could build and link and test my Linux to Windows toolchain!
Now for the crazy part.
First I need a binutils, so I configured binutils 2.18 like this:
The fun part of course is that during the build, gcc will want to run the cross compiler and dump it’s host machine bit types by running ‘xgcc -dumpspecs’. Well thankfully via wine, Linux can run Win32 execuatables so I saved myself a few minutes by not having to copy over the partial compiler, and run the command, and transfer the results back.
So with a bit more hand holding on the build I finally got it to finish compiling by linking /bin/true to fix-headers . What a mission. Now I excitedly transfered my build to my Windows host, and setup some environment variables and built the hello world cisco application, and, it worked! (well crashes the same way as the pre-built one, but it does say:
Launching IOS image at 0x80008000…
Hello World!
Image returned to ROM.
Reset in progress…
Which is pretty cool!
I tried to merge in a make utility but that turned out to be kind of screwed up, so I just copied the cross steps from Linux, and now I can build cilo on Windows!
Launching IOS image at 0x8000d2e4…
CIL
Error: Unable to find any valid flash! Aborting load.
Image returned to ROM.
Reset in progress…
It may not look like much, but It is running the program! Dynamips is missing a bunch of hardware, like flash. Or I found out the ability to read from the console using the promlib. But it can print to it at least.
So for those who want to give it a try, here is my MIPS-ELF tool-chain for Win32, that includes the cisco loader!
So over in my work on porting Dynamips to MinGW, I’ve created a version of SLiRP that sends and receives data over UDP. In retrospect, something I should have done a long time ago, as it makes troubleshooting it easier as now if it were to crash it’s a stand alone program, so it won’t crash the emulator.
The good news is that I’ve been able to copy files into the virtual router using HTTP. I’ve even been able to access my OS/2 machine over FTP and load a file!
In addition, a 7200 with idle performs MUCH better than a 1700 without idle. There is something up with ptask, and only dispatching packets every so often. I’m guessing it’s done that way for a reason.
Also one other cool IOS trick I learned today is that you can redirect to a file resource! Say you want that ‘show tech-support’ as a file on the disk? No problem!
show tech-support | redirect disk0:tech.txt
And of course the newer versions of IOS have a ‘do’ command that you can run from config mode to execute user commands.
R1(config)#do who
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
2 vty 0 idle 15:24:11 10.0.2.2
3 vty 1 idle 14:59:56 10.0.2.2
4 vty 2 idle 13:43:44 10.0.2.2
5 vty 3 idle 11:23:44 10.0.2.2
This will listen on port 20001, and send traffic to 127.0.0.1 on port 20000. Easy right?
Manually interfacing from the hypervisor can be the ‘fun’ part. I haven’t tested with any of the tools, as I don’t know if they will let you leave something ‘listening’ that isn’t connected. For my tests I end up building something with their UI, then loading up my hypervisor that logs, and seeing what it is actually doing so I can inject stuff like this:
This creates a udp nio, and attaches it onto the virtual etherswitch S1, and puts it on VLAN 1. As you can see it listens on UDP port 20000, which is where slirp_rdr is setup to send it’s data to, and it’ll send to 20001 where slirp_rdr is listening.
I’ve hard coded port 42323 to telnet into 10.0.2.15. As always SLiRP is hard coded to have the following ip address schema:
Gateway 10.0.2.2
DNS 10.0.2.3
Netmask 255.255.255.0
Be sure to set your router to 10.0.2.15/24 for this to work, and add 10.0.2.2 as your default gateway.
The ONLY address that will respond to ping is 10.0.2.2 . This is just the way SLiRP is. HTTP and TCP based stuff works best, things like PPTP will not. It’s really hit and miss, but the cool thing is that it doesn’t require any device drivers, it’s all user mode code!
It’s always bugged me that the only way to build Dynamips for Windows was with Cygwin.
Well fear no more, I’ve mashed an old version (I would have tried newer, but of course Cmake fails spectacularly and with zero help as always!) and not only does it compile, but it can boot a 7200 version of IOS.
Dynamips on MinGW
JIT is broken. You have to telnet into the console. And the console is a little wonkey as I’m sure it’s doing a lot more UNIX translation vs being a Win32 program but it does work enough to login, save the config, and reload.
I started with Dynamips 0.2.8-RC7-community and started commenting out stuff to get it to compile. Luckily I found this ezwinports that includes mairix that includes some memory mapping functions, namely mmap and munmap ported to Win32 in an early glibc port. While I was trying to integrate libuuid, I got this fun error:
mingw “error: conflicting types” “UUID”
MinGW includes UUID support, since it’s a Microsoft thing. Unfortunately libuuid doesn’t include unique names, so I had to rename uuid_t to uu_uuid_t
in the uuid.h header file, along with all instances in Dynamips.
I also borrowed sendmsg/recvmsg along with the msg structures from VLC. inetaton.c from WSHelper, and finally telnet.h from NetBSD.
After that it was a matter of making sure Winsock starts up, and fixing some linking breakage.
For those who want to try, the binary package is here. I’ll have to setup git on this machine and upload all the changes. It shouldn’t require any DLL’s, although I haven’t looked at the pcap stuff, as I mentioned it’s largely untested, so I have no idea if any of it works other than the telnet console.
