search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
comboot: fix shuffle_and_boot_rm (used by linux.c32)
[syslinux.git] / pxelinux.asm
blobeef55a2961277ce0756cd63f48d3540ab19b2df7
1 ; -*- fundamental -*- (asm-mode sucks)
2 ; ****************************************************************************
3 ;
4 ; pxelinux.asm
5 ;
6 ; A program to boot Linux kernels off a TFTP server using the Intel PXE
7 ; network booting API. It is based on the SYSLINUX boot loader for
8 ; MS-DOS floppies.
9 ;
10 ; Copyright (C) 1994-2007 H. Peter Anvin
11 ;
12 ; This program is free software; you can redistribute it and/or modify
13 ; it under the terms of the GNU General Public License as published by
14 ; the Free Software Foundation, Inc., 53 Temple Place Ste 330,
15 ; Boston MA 02111-1307, USA; either version 2 of the License, or
16 ; (at your option) any later version; incorporated herein by reference.
17 ;
18 ; ****************************************************************************
19
20 %define IS_PXELINUX 1
21 %include "head.inc"
22 %include "pxe.inc"
23
24 ;
25 ; Some semi-configurable constants... change on your own risk.
26 ;
27 my_id equ pxelinux_id
28 FILENAME_MAX_LG2 equ 7 ; log2(Max filename size Including final null)
29 FILENAME_MAX equ (1 << FILENAME_MAX_LG2)
30 NULLFILE equ 0 ; Zero byte == null file name
31 NULLOFFSET equ 4 ; Position in which to look
32 REBOOT_TIME equ 5*60 ; If failure, time until full reset
33 %assign HIGHMEM_SLOP 128*1024 ; Avoid this much memory near the top
34 MAX_OPEN_LG2 equ 5 ; log2(Max number of open sockets)
35 MAX_OPEN equ (1 << MAX_OPEN_LG2)
36 PKTBUF_SIZE equ (65536/MAX_OPEN) ; Per-socket packet buffer size
37 TFTP_PORT equ htons(69) ; Default TFTP port
38 PKT_RETRY equ 6 ; Packet transmit retry count
39 PKT_TIMEOUT equ 12 ; Initial timeout, timer ticks @ 55 ms
40 ; Desired TFTP block size
41 ; For Ethernet MTU is normally 1500. Unfortunately there seems to
42 ; be a fair number of networks with "substandard" MTUs which break.
43 ; The code assumes TFTP_LARGEBLK <= 2K.
44 TFTP_MTU equ 1440
45 TFTP_LARGEBLK equ (TFTP_MTU-20-8-4) ; MTU - IP hdr - UDP hdr - TFTP hdr
46 ; Standard TFTP block size
47 TFTP_BLOCKSIZE_LG2 equ 9 ; log2(bytes/block)
48 TFTP_BLOCKSIZE equ (1 << TFTP_BLOCKSIZE_LG2)
49 %assign USE_PXE_PROVIDED_STACK 1 ; Use stack provided by PXE?
50
51 SECTOR_SHIFT equ TFTP_BLOCKSIZE_LG2
52 SECTOR_SIZE equ TFTP_BLOCKSIZE
53
54 ;
55 ; This is what we need to do when idle
56 ; *** This is disabled because some PXE stacks wait for unacceptably
57 ; *** long if there are no packets receivable.
58
59 %define HAVE_IDLE 0 ; idle is not a noop
60
61 %if HAVE_IDLE
62 %macro RESET_IDLE 0
63 call reset_idle
64 %endmacro
65 %macro DO_IDLE 0
66 call check_for_arp
67 %endmacro
68 %else
69 %macro RESET_IDLE 0
70 ; Nothing
71 %endmacro
72 %macro DO_IDLE 0
73 ; Nothing
74 %endmacro
75 %endif
76
77 ;
78 ; TFTP operation codes
79 ;
80 TFTP_RRQ equ htons(1) ; Read request
81 TFTP_WRQ equ htons(2) ; Write request
82 TFTP_DATA equ htons(3) ; Data packet
83 TFTP_ACK equ htons(4) ; ACK packet
84 TFTP_ERROR equ htons(5) ; ERROR packet
85 TFTP_OACK equ htons(6) ; OACK packet
86
87 ;
88 ; TFTP error codes
89 ;
90 TFTP_EUNDEF equ htons(0) ; Unspecified error
91 TFTP_ENOTFOUND equ htons(1) ; File not found
92 TFTP_EACCESS equ htons(2) ; Access violation
93 TFTP_ENOSPACE equ htons(3) ; Disk full
94 TFTP_EBADOP equ htons(4) ; Invalid TFTP operation
95 TFTP_EBADID equ htons(5) ; Unknown transfer
96 TFTP_EEXISTS equ htons(6) ; File exists
97 TFTP_ENOUSER equ htons(7) ; No such user
98 TFTP_EOPTNEG equ htons(8) ; Option negotiation failure
99
100 ;
101 ; The following structure is used for "virtual kernels"; i.e. LILO-style
102 ; option labels. The options we permit here are `kernel' and `append
103 ; Since there is no room in the bottom 64K for all of these, we
104 ; stick them at vk_seg:0000 and copy them down before we need them.
105 ;
106 struc vkernel
107 vk_vname: resb FILENAME_MAX ; Virtual name **MUST BE FIRST!**
108 vk_rname: resb FILENAME_MAX ; Real name
109 vk_ipappend: resb 1 ; "IPAPPEND" flag
110 vk_type: resb 1 ; Type of file
111 vk_appendlen: resw 1
112 alignb 4
113 vk_append: resb max_cmd_len+1 ; Command line
114 alignb 4
115 vk_end: equ $ ; Should be <= vk_size
116 endstruc
117
118 ;
119 ; Segment assignments in the bottom 640K
120 ; 0000h - main code/data segment (and BIOS segment)
121 ;
122 real_mode_seg equ 4000h
123 pktbuf_seg equ 3000h ; Packet buffers segments
124 vk_seg equ 2000h ; Virtual kernels
125 xfer_buf_seg equ 1000h ; Bounce buffer for I/O to high mem
126 comboot_seg equ real_mode_seg ; COMBOOT image loading zone
127
128 ;
129 ; BOOTP/DHCP packet pattern
130 ;
131 struc bootp_t
132 bootp:
133 .opcode resb 1 ; BOOTP/DHCP "opcode"
134 .hardware resb 1 ; ARP hardware type
135 .hardlen resb 1 ; Hardware address length
136 .gatehops resb 1 ; Used by forwarders
137 .ident resd 1 ; Transaction ID
138 .seconds resw 1 ; Seconds elapsed
139 .flags resw 1 ; Broadcast flags
140 .cip resd 1 ; Client IP
141 .yip resd 1 ; "Your" IP
142 .sip resd 1 ; Next server IP
143 .gip resd 1 ; Relay agent IP
144 .macaddr resb 16 ; Client MAC address
145 .sname resb 64 ; Server name (optional)
146 .bootfile resb 128 ; Boot file name
147 .option_magic resd 1 ; Vendor option magic cookie
148 .options resb 1260 ; Vendor options
149 endstruc
150
151 BOOTP_OPTION_MAGIC equ htonl(0x63825363) ; See RFC 2132
152
153 ;
154 ; TFTP connection data structure. Each one of these corresponds to a local
155 ; UDP port. The size of this structure must be a power of 2.
156 ; HBO = host byte order; NBO = network byte order
157 ; (*) = written by options negotiation code, must be dword sized
158 ;
159 struc open_file_t
160 tftp_localport resw 1 ; Local port number (0 = not in use)
161 tftp_remoteport resw 1 ; Remote port number
162 tftp_remoteip resd 1 ; Remote IP address
163 tftp_filepos resd 1 ; Bytes downloaded (including buffer)
164 tftp_filesize resd 1 ; Total file size(*)
165 tftp_blksize resd 1 ; Block size for this connection(*)
166 tftp_bytesleft resw 1 ; Unclaimed data bytes
167 tftp_lastpkt resw 1 ; Sequence number of last packet (NBO)
168 tftp_dataptr resw 1 ; Pointer to available data
169 resw 2 ; Currently unusued
170 ; At end since it should not be zeroed on socked close
171 tftp_pktbuf resw 1 ; Packet buffer offset
172 endstruc
173 %ifndef DEPEND
174 %if (open_file_t_size & (open_file_t_size-1))
175 %error "open_file_t is not a power of 2"
176 %endif
177 %endif
178
179 ; ---------------------------------------------------------------------------
180 ; BEGIN CODE
181 ; ---------------------------------------------------------------------------
182
183 ;
184 ; Memory below this point is reserved for the BIOS and the MBR
185 ;
186 section .earlybss
187 trackbufsize equ 8192
188 trackbuf resb trackbufsize ; Track buffer goes here
189 getcbuf resb trackbufsize
190 ; ends at 4800h
191
192 ; Put some large buffers here, before RBFG_brainfuck,
193 ; where we can still carefully control the address
194 ; assignments...
195
196 alignb open_file_t_size
197 Files resb MAX_OPEN*open_file_t_size
198
199 alignb FILENAME_MAX
200 BootFile resb 256 ; Boot file from DHCP packet
201 PathPrefix resb 256 ; Path prefix derived from boot file
202 DotQuadBuf resb 16 ; Buffer for dotted-quad IP address
203 IPOption resb 80 ; ip= option buffer
204 InitStack resd 1 ; Pointer to reset stack (SS:SP)
205 PXEStack resd 1 ; Saved stack during PXE call
206
207 ; Warning here: RBFG build 22 randomly overwrites memory location
208 ; [0x5680,0x576c), possibly more. It seems that it gets confused and
209 ; screws up the pointer to its own internal packet buffer and starts
210 ; writing a received ARP packet into low memory.
211 RBFG_brainfuck resb 0E00h
212
213 section .bss
214 alignb 4
215 RebootTime resd 1 ; Reboot timeout, if set by option
216 StrucPtr resd 1 ; Pointer to PXENV+ or !PXE structure
217 APIVer resw 1 ; PXE API version found
218 IPOptionLen resw 1 ; Length of IPOption
219 IdleTimer resw 1 ; Time to check for ARP?
220 LocalBootType resw 1 ; Local boot return code
221 PktTimeout resw 1 ; Timeout for current packet
222 RealBaseMem resw 1 ; Amount of DOS memory after freeing
223 OverLoad resb 1 ; Set if DHCP packet uses "overloading"
224 DHCPMagic resb 1 ; PXELINUX magic flags
225
226 ; The relative position of these fields matter!
227 MAC_MAX equ 32 ; Handle hardware addresses this long
228 MACLen resb 1 ; MAC address len
229 MACType resb 1 ; MAC address type
230 MAC resb MAC_MAX+1 ; Actual MAC address
231 BOOTIFStr resb 7 ; Space for "BOOTIF="
232 MACStr resb 3*(MAC_MAX+1) ; MAC address as a string
233
234 ; The relative position of these fields matter!
235 UUIDType resb 1 ; Type byte from DHCP option
236 UUID resb 16 ; UUID, from the PXE stack
237 UUIDNull resb 1 ; dhcp_copyoption zero-terminates
238
239 ;
240 ; PXE packets which don't need static initialization
241 ;
242 alignb 4
243 pxe_unload_stack_pkt:
244 .status: resw 1 ; Status
245 .reserved: resw 10 ; Reserved
246 pxe_unload_stack_pkt_len equ $-pxe_unload_stack_pkt
247
248 alignb 16
249 ; BOOTP/DHCP packet buffer
250
251 alignb 16
252 packet_buf resb 2048 ; Transfer packet
253 packet_buf_size equ $-packet_buf
254
255 ;
256 ; Constants for the xfer_buf_seg
257 ;
258 ; The xfer_buf_seg is also used to store message file buffers. We
259 ; need two trackbuffers (text and graphics), plus a work buffer
260 ; for the graphics decompressor.
261 ;
262 xbs_textbuf equ 0 ; Also hard-coded, do not change
263 xbs_vgabuf equ trackbufsize
264 xbs_vgatmpbuf equ 2*trackbufsize
265
266 section .text
267 ;
268 ; PXELINUX needs more BSS than the other derivatives;
269 ; therefore we relocate it from 7C00h on startup.
270 ;
271 StackBuf equ $ ; Base of stack if we use our own
272
273 ;
274 ; Primary entry point.
275 ;
276 bootsec equ $
277 _start:
278 pushfd ; Paranoia... in case of return to PXE
279 pushad ; ... save as much state as possible
280 push ds
281 push es
282 push fs
283 push gs
284
285 xor ax,ax
286 mov ds,ax
287 mov es,ax
288
289 %ifndef DEPEND
290 %if TEXT_START != 0x7c00
291 ; This is uglier than it should be, but works around
292 ; some NASM 0.98.38 bugs.
293 mov di,section..bcopy32.start
294 add di,__bcopy_size-4
295 lea si,[di-(TEXT_START-7C00h)]
296 lea cx,[di-(TEXT_START-4)]
297 shr cx,2
298 std ; Overlapping areas, copy backwards
299 rep movsd
300 %endif
301 %endif
302 jmp 0:_start1 ; Canonicalize address
303 _start1:
304 mov bp,sp
305 les bx,[bp+48] ; ES:BX -> !PXE or PXENV+ structure
306
307 ; That is all pushed onto the PXE stack. Save the pointer
308 ; to it and switch to an internal stack.
309 mov [InitStack],sp
310 mov [InitStack+2],ss
311
312 %if USE_PXE_PROVIDED_STACK
313 ; Apparently some platforms go bonkers if we
314 ; set up our own stack...
315 mov [BaseStack],sp
316 mov [BaseStack+4],ss
317 %endif
318
319 cli ; Paranoia
320 lss esp,[BaseStack]
321
322 sti ; Stack set up and ready
323 cld ; Copy upwards
324
325 ;
326 ; Initialize screen (if we're using one)
327 ;
328 push es ; Save ES -> PXE entry structure
329 push ds
330 pop es ; ES <- DS
331 %include "init.inc"
332 pop es ; Restore ES -> PXE entry structure
333 ;
334 ; Tell the user we got this far
335 ;
336 mov si,syslinux_banner
337 call writestr
338
339 mov si,copyright_str
340 call writestr
341
342 ;
343 ; Assume API version 2.1, in case we find the !PXE structure without
344 ; finding the PXENV+ structure. This should really look at the Base
345 ; Code ROM ID structure in have_pxe, but this is adequate for now --
346 ; if we have !PXE, we have to be 2.1 or higher, and we don't care
347 ; about higher versions than that.
348 ;
349 mov word [APIVer],0201h
350
351 ;
352 ; Now we need to find the !PXE structure. It's *supposed* to be pointed
353 ; to by SS:[SP+4], but support INT 1Ah, AX=5650h method as well.
354 ; FIX: ES:BX should point to the PXENV+ structure on entry as well.
355 ; We should make that the second test, and not trash ES:BX...
356 ;
357 cmp dword [es:bx], '!PXE'
358 je have_pxe
359
360 ; Uh-oh, not there... try plan B
361 mov ax, 5650h
362 %if USE_PXE_PROVIDED_STACK == 0
363 lss sp,[InitStack]
364 %endif
365 int 1Ah ; May trash regs
366 %if USE_PXE_PROVIDED_STACK == 0
367 lss esp,[BaseStack]
368 %endif
369
370 jc no_pxe
371 cmp ax,564Eh
372 jne no_pxe
373
374 ; Okay, that gave us the PXENV+ structure, find !PXE
375 ; structure from that (if available)
376 cmp dword [es:bx], 'PXEN'
377 jne no_pxe
378 cmp word [es:bx+4], 'V+'
379 je have_pxenv
380
381 ; Nothing there either. Last-ditch: scan memory
382 call memory_scan_for_pxe_struct ; !PXE scan
383 jnc have_pxe
384 call memory_scan_for_pxenv_struct ; PXENV+ scan
385 jnc have_pxenv
386
387 no_pxe: mov si,err_nopxe
388 call writestr
389 jmp kaboom
390
391 have_pxenv:
392 mov [StrucPtr],bx
393 mov [StrucPtr+2],es
394
395 mov si,found_pxenv
396 call writestr
397
398 mov si,apiver_str
399 call writestr
400 mov ax,[es:bx+6]
401 mov [APIVer],ax
402 call writehex4
403 call crlf
404
405 cmp ax,0201h ; API version 2.1 or higher
406 jb old_api
407 mov si,bx
408 mov ax,es
409 les bx,[es:bx+28h] ; !PXE structure pointer
410 cmp dword [es:bx],'!PXE'
411 je have_pxe
412
413 ; Nope, !PXE structure missing despite API 2.1+, or at least
414 ; the pointer is missing. Do a last-ditch attempt to find it.
415 call memory_scan_for_pxe_struct
416 jnc have_pxe
417
418 ; Otherwise, no dice, use PXENV+ structure
419 mov bx,si
420 mov es,ax
421
422 old_api: ; Need to use a PXENV+ structure
423 mov si,using_pxenv_msg
424 call writestr
425
426 mov eax,[es:bx+0Ah] ; PXE RM API
427 mov [PXENVEntry],eax
428
429 mov si,undi_data_msg
430 call writestr
431 mov ax,[es:bx+20h]
432 call writehex4
433 call crlf
434 mov si,undi_data_len_msg
435 call writestr
436 mov ax,[es:bx+22h]
437 call writehex4
438 call crlf
439 mov si,undi_code_msg
440 call writestr
441 mov ax,[es:bx+24h]
442 call writehex4
443 call crlf
444 mov si,undi_code_len_msg
445 call writestr
446 mov ax,[es:bx+26h]
447 call writehex4
448 call crlf
449
450 ; Compute base memory size from PXENV+ structure
451 xor esi,esi
452 movzx eax,word [es:bx+20h] ; UNDI data seg
453 cmp ax,[es:bx+24h] ; UNDI code seg
454 ja .use_data
455 mov ax,[es:bx+24h]
456 mov si,[es:bx+26h]
457 jmp short .combine
458 .use_data:
459 mov si,[es:bx+22h]
460 .combine:
461 shl eax,4
462 add eax,esi
463 shr eax,10 ; Convert to kilobytes
464 mov [RealBaseMem],ax
465
466 mov si,pxenventry_msg
467 call writestr
468 mov ax,[PXENVEntry+2]
469 call writehex4
470 mov al,':'
471 call writechr
472 mov ax,[PXENVEntry]
473 call writehex4
474 call crlf
475 jmp have_entrypoint
476
477 have_pxe:
478 mov [StrucPtr],bx
479 mov [StrucPtr+2],es
480
481 mov eax,[es:bx+10h]
482 mov [PXEEntry],eax
483
484 mov si,undi_data_msg
485 call writestr
486 mov eax,[es:bx+2Ah]
487 call writehex8
488 call crlf
489 mov si,undi_data_len_msg
490 call writestr
491 mov ax,[es:bx+2Eh]
492 call writehex4
493 call crlf
494 mov si,undi_code_msg
495 call writestr
496 mov ax,[es:bx+32h]
497 call writehex8
498 call crlf
499 mov si,undi_code_len_msg
500 call writestr
501 mov ax,[es:bx+36h]
502 call writehex4
503 call crlf
504
505 ; Compute base memory size from !PXE structure
506 xor esi,esi
507 mov eax,[es:bx+2Ah]
508 cmp eax,[es:bx+32h]
509 ja .use_data
510 mov eax,[es:bx+32h]
511 mov si,[es:bx+36h]
512 jmp short .combine
513 .use_data:
514 mov si,[es:bx+2Eh]
515 .combine:
516 add eax,esi
517 shr eax,10
518 mov [RealBaseMem],ax
519
520 mov si,pxeentry_msg
521 call writestr
522 mov ax,[PXEEntry+2]
523 call writehex4
524 mov al,':'
525 call writechr
526 mov ax,[PXEEntry]
527 call writehex4
528 call crlf
529
530 have_entrypoint:
531 push cs
532 pop es ; Restore CS == DS == ES
533
534 ;
535 ; Network-specific initialization
536 ;
537 xor ax,ax
538 mov [LocalDomain],al ; No LocalDomain received
539
540 ;
541 ; The DHCP client identifiers are best gotten from the DHCPREQUEST
542 ; packet (query info 1).
543 ;
544 query_bootp_1:
545 mov dl,1
546 call pxe_get_cached_info
547 call parse_dhcp
548
549 ; We don't use flags from the request packet, so
550 ; this is a good time to initialize DHCPMagic...
551 mov byte [DHCPMagic],0
552
553 ;
554 ; Now attempt to get the BOOTP/DHCP packet that brought us life (and an IP
555 ; address). This lives in the DHCPACK packet (query info 2).
556 ;
557 query_bootp_2:
558 mov dl,2
559 call pxe_get_cached_info
560 call parse_dhcp ; Parse DHCP packet
561 ;
562 ; Save away MAC address (assume this is in query info 2. If this
563 ; turns out to be problematic it might be better getting it from
564 ; the query info 1 packet.)
565 ;
566 .save_mac:
567 movzx cx,byte [trackbuf+bootp.hardlen]
568 cmp cx,16
569 jna .mac_ok
570 xor cx,cx ; Bad hardware address length
571 .mac_ok:
572 mov [MACLen],cl
573 mov al,[trackbuf+bootp.hardware]
574 mov [MACType],al
575 mov si,trackbuf+bootp.macaddr
576 mov di,MAC
577 rep movsb
578
579 ; Enable this if we really need to zero-pad this field...
580 ; mov cx,MAC+MAC_MAX+1
581 ; sub cx,di
582 ; xor ax,ax
583 ; rep stosb
584
585 ;
586 ; Now, get the boot file and other info. This lives in the CACHED_REPLY
587 ; packet (query info 3).
588 ;
589 mov dl,3
590 call pxe_get_cached_info
591 call parse_dhcp ; Parse DHCP packet
592
593 ;
594 ; Generate the bootif string, and the hardware-based config string.
595 ;
596 make_bootif_string:
597 mov si,bootif_str
598 mov di,BOOTIFStr
599 mov cx,bootif_str_len
600 rep movsb
601
602 movzx cx,byte [MACLen]
603 mov si,MACType
604 inc cx
605 .hexify_mac:
606 push cx
607 mov cl,1 ; CH == 0 already
608 call lchexbytes
609 mov al,'-'
610 stosb
611 pop cx
612 loop .hexify_mac
613 mov [di-1],cl ; Null-terminate and strip final dash
614 ;
615 ; Generate ip= option
616 ;
617 call genipopt
618
619 ;
620 ; Print IP address
621 ;
622 mov eax,[MyIP]
623 mov di,DotQuadBuf
624 push di
625 call gendotquad ; This takes network byte order input
626
627 xchg ah,al ; Convert to host byte order
628 ror eax,16 ; (BSWAP doesn't work on 386)
629 xchg ah,al
630
631 mov si,myipaddr_msg
632 call writestr
633 call writehex8
634 mov al,' '
635 call writechr
636 pop si ; DotQuadBuf
637 call writestr
638 call crlf
639
640 mov si,IPOption
641 call writestr
642 call crlf
643
644 ;
645 ; Check to see if we got any PXELINUX-specific DHCP options; in particular,
646 ; if we didn't get the magic enable, do not recognize any other options.
647 ;
648 check_dhcp_magic:
649 test byte [DHCPMagic], 1 ; If we didn't get the magic enable...
650 jnz .got_magic
651 mov byte [DHCPMagic], 0 ; If not, kill all other options
652 .got_magic:
653
654
655 ;
656 ; Initialize UDP stack
657 ;
658 udp_init:
659 mov eax,[MyIP]
660 mov [pxe_udp_open_pkt.sip],eax
661 mov di,pxe_udp_open_pkt
662 mov bx,PXENV_UDP_OPEN
663 call pxenv
664 jc .failed
665 cmp word [pxe_udp_open_pkt.status], byte 0
666 je .success
667 .failed: mov si,err_udpinit
668 call writestr
669 jmp kaboom
670 .success:
671
672 ;
673 ; Common initialization code
674 ;
675 %include "cpuinit.inc"
676
677 ;
678 ; Now we're all set to start with our *real* business. First load the
679 ; configuration file (if any) and parse it.
680 ;
681 ; In previous versions I avoided using 32-bit registers because of a
682 ; rumour some BIOSes clobbered the upper half of 32-bit registers at
683 ; random. I figure, though, that if there are any of those still left
684 ; they probably won't be trying to install Linux on them...
685 ;
686 ; The code is still ripe with 16-bitisms, though. Not worth the hassle
687 ; to take'm out. In fact, we may want to put them back if we're going
688 ; to boot ELKS at some point.
689 ;
690
691 ;
692 ; Store standard filename prefix
693 ;
694 prefix: test byte [DHCPMagic], 04h ; Did we get a path prefix option
695 jnz .got_prefix
696 mov si,BootFile
697 mov di,PathPrefix
698 cld
699 call strcpy
700 mov cx,di
701 sub cx,PathPrefix+1
702 std
703 lea si,[di-2] ; Skip final null!
704 .find_alnum: lodsb
705 or al,20h
706 cmp al,'.' ; Count . or - as alphanum
707 je .alnum
708 cmp al,'-'
709 je .alnum
710 cmp al,'0'
711 jb .notalnum
712 cmp al,'9'
713 jbe .alnum
714 cmp al,'a'
715 jb .notalnum
716 cmp al,'z'
717 ja .notalnum
718 .alnum: loop .find_alnum
719 dec si
720 .notalnum: mov byte [si+2],0 ; Zero-terminate after delimiter
721 cld
722 .got_prefix:
723 mov si,tftpprefix_msg
724 call writestr
725 mov si,PathPrefix
726 call writestr
727 call crlf
728
729 ;
730 ; Load configuration file
731 ;
732 find_config:
733
734 ;
735 ; Begin looking for configuration file
736 ;
737 config_scan:
738 test byte [DHCPMagic], 02h
739 jz .no_option
740
741 ; We got a DHCP option, try it first
742 call .try
743 jnz .success
744
745 .no_option:
746 mov di,ConfigName
747 mov si,cfgprefix
748 mov cx,cfgprefix_len
749 rep movsb
750
751 ; Have to guess config file name...
752
753 ; Try loading by UUID.
754 cmp byte [HaveUUID],0
755 je .no_uuid
756
757 push di
758 mov bx,uuid_dashes
759 mov si,UUID
760 .gen_uuid:
761 movzx cx,byte [bx]
762 jcxz .done_uuid
763 inc bx
764 call lchexbytes
765 mov al,'-'
766 stosb
767 jmp .gen_uuid
768 .done_uuid:
769 mov [di-1],cl ; Remove last dash and zero-terminate
770 pop di
771 call .try
772 jnz .success
773 .no_uuid:
774
775 ; Try loading by MAC address
776 push di
777 mov si,MACStr
778 call strcpy
779 pop di
780 call .try
781 jnz .success
782
783 ; Nope, try hexadecimal IP prefixes...
784 .scan_ip:
785 mov cx,4
786 mov si,MyIP
787 call uchexbytes ; Convert to hex string
788
789 mov cx,8 ; Up to 8 attempts
790 .tryagain:
791 mov byte [di],0 ; Zero-terminate string
792 call .try
793 jnz .success
794 dec di ; Drop one character
795 loop .tryagain
796
797 ; Final attempt: "default" string
798 mov si,default_str ; "default" string
799 call strcpy
800 call .try
801 jnz .success
802
803 mov si,err_noconfig
804 call writestr
805 jmp kaboom
806
807 .try:
808 pusha
809 mov si,trying_msg
810 call writestr
811 mov di,ConfigName
812 mov si,di
813 call writestr
814 call crlf
815 mov si,di
816 mov di,getcbuf
817 call mangle_name
818 call open
819 popa
820 ret
821
822
823 .success:
824
825 ;
826 ; Linux kernel loading code is common. However, we need to define
827 ; a couple of helper macros...
828 ;
829
830 ; Handle "ipappend" option
831 %define HAVE_SPECIAL_APPEND
832 %macro SPECIAL_APPEND 0
833 test byte [IPAppend],01h ; ip=
834 jz .noipappend1
835 mov si,IPOption
836 mov cx,[IPOptionLen]
837 rep movsb
838 mov al,' '
839 stosb
840 .noipappend1:
841 test byte [IPAppend],02h
842 jz .noipappend2
843 mov si,BOOTIFStr
844 call strcpy
845 mov byte [es:di-1],' ' ; Replace null with space
846 .noipappend2:
847 %endmacro
848
849 ; Unload PXE stack
850 %define HAVE_UNLOAD_PREP
851 %macro UNLOAD_PREP 0
852 call unload_pxe
853 %endmacro
854
855 ;
856 ; Now we have the config file open. Parse the config file and
857 ; run the user interface.
858 ;
859 %include "ui.inc"
860
861 ;
862 ; Boot to the local disk by returning the appropriate PXE magic.
863 ; AX contains the appropriate return code.
864 ;
865 local_boot:
866 push cs
867 pop ds
868 mov [LocalBootType],ax
869 call vgaclearmode
870 mov si,localboot_msg
871 call writestr
872 ; Restore the environment we were called with
873 lss sp,[InitStack]
874 pop gs
875 pop fs
876 pop es
877 pop ds
878 popad
879 mov ax,[cs:LocalBootType]
880 popfd
881 retf ; Return to PXE
882
883 ;
884 ; kaboom: write a message and bail out. Wait for quite a while,
885 ; or a user keypress, then do a hard reboot.
886 ;
887 kaboom:
888 RESET_STACK_AND_SEGS AX
889 .patch: mov si,bailmsg
890 call writestr ; Returns with AL = 0
891 .drain: call pollchar
892 jz .drained
893 call getchar
894 jmp short .drain
895 .drained:
896 mov edi,[RebootTime]
897 mov al,[DHCPMagic]
898 and al,09h ; Magic+Timeout
899 cmp al,09h
900 je .time_set
901 mov edi,REBOOT_TIME
902 .time_set:
903 mov cx,18
904 .wait1: push cx
905 mov ecx,edi
906 .wait2: mov dx,[BIOS_timer]
907 .wait3: call pollchar
908 jnz .keypress
909 cmp dx,[BIOS_timer]
910 je .wait3
911 loop .wait2,ecx
912 mov al,'.'
913 call writechr
914 pop cx
915 loop .wait1
916 .keypress:
917 call crlf
918 mov word [BIOS_magic],0 ; Cold reboot
919 jmp 0F000h:0FFF0h ; Reset vector address
920
921 ;
922 ; memory_scan_for_pxe_struct:
923 ;
924 ; If none of the standard methods find the !PXE structure, look for it
925 ; by scanning memory.
926 ;
927 ; On exit, if found:
928 ; CF = 0, ES:BX -> !PXE structure
929 ; Otherwise CF = 1, all registers saved
930 ;
931 memory_scan_for_pxe_struct:
932 push ds
933 pusha
934 mov ax,cs
935 mov ds,ax
936 mov si,trymempxe_msg
937 call writestr
938 mov ax,[BIOS_fbm] ; Starting segment
939 shl ax,(10-4) ; Kilobytes -> paragraphs
940 ; mov ax,01000h ; Start to look here
941 dec ax ; To skip inc ax
942 .mismatch:
943 inc ax
944 cmp ax,0A000h ; End of memory
945 jae .not_found
946 call writehex4
947 mov si,fourbs_msg
948 call writestr
949 mov es,ax
950 mov edx,[es:0]
951 cmp edx,'!PXE'
952 jne .mismatch
953 movzx cx,byte [es:4] ; Length of structure
954 cmp cl,08h ; Minimum length
955 jb .mismatch
956 push ax
957 xor ax,ax
958 xor si,si
959 .checksum: es lodsb
960 add ah,al
961 loop .checksum
962 pop ax
963 jnz .mismatch ; Checksum must == 0
964 .found: mov bp,sp
965 xor bx,bx
966 mov [bp+8],bx ; Save BX into stack frame (will be == 0)
967 mov ax,es
968 call writehex4
969 call crlf
970 popa
971 pop ds
972 clc
973 ret
974 .not_found: mov si,notfound_msg
975 call writestr
976 popa
977 pop ds
978 stc
979 ret
980
981 ;
982 ; memory_scan_for_pxenv_struct:
983 ;
984 ; If none of the standard methods find the PXENV+ structure, look for it
985 ; by scanning memory.
986 ;
987 ; On exit, if found:
988 ; CF = 0, ES:BX -> PXENV+ structure
989 ; Otherwise CF = 1, all registers saved
990 ;
991 memory_scan_for_pxenv_struct:
992 pusha
993 mov si,trymempxenv_msg
994 call writestr
995 ; mov ax,[BIOS_fbm] ; Starting segment
996 ; shl ax,(10-4) ; Kilobytes -> paragraphs
997 mov ax,01000h ; Start to look here
998 dec ax ; To skip inc ax
999 .mismatch:
1000 inc ax
1001 cmp ax,0A000h ; End of memory
1002 jae .not_found
1003 mov es,ax
1004 mov edx,[es:0]
1005 cmp edx,'PXEN'
1006 jne .mismatch
1007 mov dx,[es:4]
1008 cmp dx,'V+'
1009 jne .mismatch
1010 movzx cx,byte [es:8] ; Length of structure
1011 cmp cl,26h ; Minimum length
1012 jb .mismatch
1013 xor ax,ax
1014 xor si,si
1015 .checksum: es lodsb
1016 add ah,al
1017 loop .checksum
1018 and ah,ah
1019 jnz .mismatch ; Checksum must == 0
1020 .found: mov bp,sp
1021 mov [bp+8],bx ; Save BX into stack frame
1022 mov ax,bx
1023 call writehex4
1024 call crlf
1025 clc
1026 ret
1027 .not_found: mov si,notfound_msg
1028 call writestr
1029 popad
1030 stc
1031 ret
1032
1033 ;
1034 ; close_file:
1035 ; Deallocates a file structure (pointer in SI)
1036 ; Assumes CS == DS.
1037 ;
1038 ; XXX: We should check to see if this file is still open on the server
1039 ; side and send a courtesy ERROR packet to the server.
1040 ;
1041 close_file:
1042 and si,si
1043 jz .closed
1044 mov word [si],0 ; Not in use
1045 .closed: ret
1046
1047 ;
1048 ; searchdir:
1049 ;
1050 ; Open a TFTP connection to the server
1051 ;
1052 ; On entry:
1053 ; DS:DI = mangled filename
1054 ; If successful:
1055 ; ZF clear
1056 ; SI = socket pointer
1057 ; DX:AX = file length in bytes
1058 ; If unsuccessful
1059 ; ZF set
1060 ;
1061
1062 searchdir:
1063 push es
1064 push bx
1065 push cx
1066 mov ax,ds
1067 mov es,ax
1068 mov si,di
1069 push bp
1070 mov bp,sp
1071
1072 call allocate_socket
1073 jz .ret
1074
1075 mov ax,PKT_RETRY ; Retry counter
1076 mov word [PktTimeout],PKT_TIMEOUT ; Initial timeout
1077
1078 .sendreq: push ax ; [bp-2] - Retry counter
1079 push si ; [bp-4] - File name
1080
1081 mov di,packet_buf
1082 mov [pxe_udp_write_pkt.buffer],di
1083
1084 mov ax,TFTP_RRQ ; TFTP opcode
1085 stosw
1086
1087 lodsd ; EAX <- server override (if any)
1088 and eax,eax
1089 jnz .noprefix ; No prefix, and we have the server
1090
1091 push si ; Add common prefix
1092 mov si,PathPrefix
1093 call strcpy
1094 dec di
1095 pop si
1096
1097 mov eax,[ServerIP] ; Get default server
1098
1099 .noprefix:
1100 call strcpy ; Filename
1101
1102 mov [bx+tftp_remoteip],eax
1103
1104 push bx ; [bp-6] - TFTP block
1105 mov bx,[bx]
1106 push bx ; [bp-8] - TID (local port no)
1107
1108 mov [pxe_udp_write_pkt.status],byte 0
1109 mov [pxe_udp_write_pkt.sip],eax
1110 ; Now figure out the gateway
1111 xor eax,[MyIP]
1112 and eax,[Netmask]
1113 jz .nogwneeded
1114 mov eax,[Gateway]
1115 .nogwneeded:
1116 mov [pxe_udp_write_pkt.gip],eax
1117 mov [pxe_udp_write_pkt.lport],bx
1118 mov ax,[ServerPort]
1119 mov [pxe_udp_write_pkt.rport],ax
1120 mov si,tftp_tail
1121 mov cx,tftp_tail_len
1122 rep movsb
1123 sub di,packet_buf ; Get packet size
1124 mov [pxe_udp_write_pkt.buffersize],di
1125
1126 mov di,pxe_udp_write_pkt
1127 mov bx,PXENV_UDP_WRITE
1128 call pxenv
1129 jc .failure
1130 cmp word [pxe_udp_write_pkt.status],byte 0
1131 jne .failure
1132
1133 ;
1134 ; Danger, Will Robinson! We need to support timeout
1135 ; and retry lest we just lost a packet...
1136 ;
1137
1138 ; Packet transmitted OK, now we need to receive
1139 .getpacket: push word [PktTimeout] ; [bp-10]
1140 push word [BIOS_timer] ; [bp-12]
1141
1142 .pkt_loop: mov bx,[bp-8] ; TID
1143 mov di,packet_buf
1144 mov word [pxe_udp_read_pkt.status],0
1145 mov [pxe_udp_read_pkt.buffer],di
1146 mov [pxe_udp_read_pkt.buffer+2],ds
1147 mov word [pxe_udp_read_pkt.buffersize],packet_buf_size
1148 mov eax,[MyIP]
1149 mov [pxe_udp_read_pkt.dip],eax
1150 mov [pxe_udp_read_pkt.lport],bx
1151 mov di,pxe_udp_read_pkt
1152 mov bx,PXENV_UDP_READ
1153 call pxenv
1154 and ax,ax
1155 jz .got_packet ; Wait for packet
1156 .no_packet:
1157 mov dx,[BIOS_timer]
1158 cmp dx,[bp-12]
1159 je .pkt_loop
1160 mov [bp-12],dx
1161 dec word [bp-10] ; Timeout
1162 jnz .pkt_loop
1163 pop ax ; Adjust stack
1164 pop ax
1165 shl word [PktTimeout],1 ; Exponential backoff
1166 jmp .failure
1167
1168 .got_packet:
1169 mov si,[bp-6] ; TFTP pointer
1170 mov bx,[bp-8] ; TID
1171
1172 mov eax,[si+tftp_remoteip]
1173 cmp [pxe_udp_read_pkt.sip],eax ; This is technically not to the TFTP spec?
1174 jne .no_packet
1175
1176 ; Got packet - reset timeout
1177 mov word [PktTimeout],PKT_TIMEOUT
1178
1179 pop ax ; Adjust stack
1180 pop ax
1181
1182 mov ax,[pxe_udp_read_pkt.rport]
1183 mov [si+tftp_remoteport],ax
1184
1185 ; filesize <- -1 == unknown
1186 mov dword [si+tftp_filesize], -1
1187 ; Default blksize unless blksize option negotiated
1188 mov word [si+tftp_blksize], TFTP_BLOCKSIZE
1189
1190 mov cx,[pxe_udp_read_pkt.buffersize]
1191 sub cx,2 ; CX <- bytes after opcode
1192 jb .failure ; Garbled reply
1193
1194 mov si,packet_buf
1195 lodsw
1196
1197 cmp ax, TFTP_ERROR
1198 je .bailnow ; ERROR reply: don't try again
1199
1200 cmp ax, TFTP_OACK
1201 jne .no_tsize
1202
1203 ; Now we need to parse the OACK packet to get the transfer
1204 ; size. SI -> first byte of options; CX -> byte count
1205 .parse_oack:
1206 jcxz .no_tsize ; No options acked
1207 .get_opt_name:
1208 mov di,si
1209 mov bx,si
1210 .opt_name_loop: lodsb
1211 and al,al
1212 jz .got_opt_name
1213 or al,20h ; Convert to lowercase
1214 stosb
1215 loop .opt_name_loop
1216 ; We ran out, and no final null
1217 jmp .err_reply
1218 .got_opt_name: ; si -> option value
1219 dec cx ; bytes left in pkt
1220 jz .err_reply ; Option w/o value
1221
1222 ; Parse option pointed to by bx; guaranteed to be
1223 ; null-terminated.
1224 push cx
1225 push si
1226 mov si,bx ; -> option name
1227 mov bx,tftp_opt_table
1228 mov cx,tftp_opts
1229 .opt_loop:
1230 push cx
1231 push si
1232 mov di,[bx] ; Option pointer
1233 mov cx,[bx+2] ; Option len
1234 repe cmpsb
1235 pop si
1236 pop cx
1237 je .get_value ; OK, known option
1238 add bx,6
1239 loop .opt_loop
1240
1241 pop si
1242 pop cx
1243 jmp .err_reply ; Non-negotiated option returned
1244
1245 .get_value: pop si ; si -> option value
1246 pop cx ; cx -> bytes left in pkt
1247 mov bx,[bx+4] ; Pointer to data target
1248 add bx,[bp-6] ; TFTP socket pointer
1249 xor eax,eax
1250 xor edx,edx
1251 .value_loop: lodsb
1252 and al,al
1253 jz .got_value
1254 sub al,'0'
1255 cmp al, 9
1256 ja .err_reply ; Not a decimal digit
1257 imul edx,10
1258 add edx,eax
1259 mov [bx],edx
1260 loop .value_loop
1261 ; Ran out before final null, accept anyway
1262 jmp short .done_pkt
1263
1264 .got_value:
1265 dec cx
1266 jnz .get_opt_name ; Not end of packet
1267
1268 ; ZF == 1
1269
1270 ; Success, done!
1271 .done_pkt:
1272 pop si ; Junk
1273 pop si ; We want the packet ptr in SI
1274
1275 mov eax,[si+tftp_filesize]
1276 cmp eax,-1
1277 jz .no_tsize
1278 mov edx,eax
1279 shr edx,16 ; DX:AX == EAX
1280
1281 and eax,eax ; Set ZF depending on file size
1282 pop bp ; Junk
1283 pop bp ; Junk (retry counter)
1284 jz .error_si ; ZF = 1 need to free the socket
1285 .ret:
1286 pop bp
1287 pop cx
1288 pop bx
1289 pop es
1290 ret
1291
1292 .no_tsize:
1293 .err_reply: ; Option negotiation error. Send ERROR reply.
1294 ; ServerIP and gateway are already programmed in
1295 mov si,[bp-6]
1296 mov ax,[si+tftp_remoteport]
1297 mov word [pxe_udp_write_pkt.rport],ax
1298 mov word [pxe_udp_write_pkt.buffer],tftp_opt_err
1299 mov word [pxe_udp_write_pkt.buffersize],tftp_opt_err_len
1300 mov di,pxe_udp_write_pkt
1301 mov bx,PXENV_UDP_WRITE
1302 call pxenv
1303
1304 ; Write an error message and explode
1305 mov si,err_oldtftp
1306 call writestr
1307 jmp kaboom
1308
1309 .bailnow: mov word [bp-2],1 ; Immediate error - no retry
1310
1311 .failure: pop bx ; Junk
1312 pop bx
1313 pop si
1314 pop ax
1315 dec ax ; Retry counter
1316 jnz .sendreq ; Try again
1317
1318 .error: mov si,bx ; Socket pointer
1319 .error_si: ; Socket pointer already in SI
1320 call free_socket ; ZF <- 1, SI <- 0
1321 jmp .ret
1322
1323 ;
1324 ; allocate_socket: Allocate a local UDP port structure
1325 ;
1326 ; If successful:
1327 ; ZF set
1328 ; BX = socket pointer
1329 ; If unsuccessful:
1330 ; ZF clear
1331 ;
1332 allocate_socket:
1333 push cx
1334 mov bx,Files
1335 mov cx,MAX_OPEN
1336 .check: cmp word [bx], byte 0
1337 je .found
1338 add bx,open_file_t_size
1339 loop .check
1340 xor cx,cx ; ZF = 1
1341 pop cx
1342 ret
1343 ; Allocate a socket number. Socket numbers are made
1344 ; guaranteed unique by including the socket slot number
1345 ; (inverted, because we use the loop counter cx); add a
1346 ; counter value to keep the numbers from being likely to
1347 ; get immediately reused.
1348 ;
1349 ; The NextSocket variable also contains the top two bits
1350 ; set. This generates a value in the range 49152 to
1351 ; 57343.
1352 .found:
1353 dec cx
1354 push ax
1355 mov ax,[NextSocket]
1356 inc ax
1357 and ax,((1 << (13-MAX_OPEN_LG2))-1) | 0xC000
1358 mov [NextSocket],ax
1359 shl cx,13-MAX_OPEN_LG2
1360 add cx,ax ; ZF = 0
1361 xchg ch,cl ; Convert to network byte order
1362 mov [bx],cx ; Socket in use
1363 pop ax
1364 pop cx
1365 ret
1366
1367 ;
1368 ; Free socket: socket in SI; return SI = 0, ZF = 1 for convenience
1369 ;
1370 free_socket:
1371 push es
1372 pusha
1373 xor ax,ax
1374 mov es,ax
1375 mov di,si
1376 mov cx,tftp_pktbuf >> 1 ; tftp_pktbuf is not cleared
1377 rep stosw
1378 popa
1379 pop es
1380 xor si,si
1381 ret
1382
1383 ;
1384 ; parse_dotquad:
1385 ; Read a dot-quad pathname in DS:SI and output an IP
1386 ; address in EAX, with SI pointing to the first
1387 ; nonmatching character.
1388 ;
1389 ; Return CF=1 on error.
1390 ;
1391 parse_dotquad:
1392 push cx
1393 mov cx,4
1394 xor eax,eax
1395 .parseloop:
1396 mov ch,ah
1397 mov ah,al
1398 lodsb
1399 sub al,'0'
1400 jb .notnumeric
1401 cmp al,9
1402 ja .notnumeric
1403 aad ; AL += 10 * AH; AH = 0;
1404 xchg ah,ch
1405 jmp .parseloop
1406 .notnumeric:
1407 cmp al,'.'-'0'
1408 pushf
1409 mov al,ah
1410 mov ah,ch
1411 xor ch,ch
1412 ror eax,8
1413 popf
1414 jne .error
1415 loop .parseloop
1416 jmp .done
1417 .error:
1418 loop .realerror ; If CX := 1 then we're done
1419 clc
1420 jmp .done
1421 .realerror:
1422 stc
1423 .done:
1424 dec si ; CF unchanged!
1425 pop cx
1426 ret
1427 ;
1428 ; mangle_name: Mangle a filename pointed to by DS:SI into a buffer pointed
1429 ; to by ES:DI; ends on encountering any whitespace.
1430 ; DI is preserved.
1431 ;
1432 ; This verifies that a filename is < FILENAME_MAX characters
1433 ; and doesn't contain whitespace, and zero-pads the output buffer,
1434 ; so "repe cmpsb" can do a compare.
1435 ;
1436 ; The first four bytes of the manged name is the IP address of
1437 ; the download host.
1438 ;
1439 mangle_name:
1440 push di
1441 push si
1442 mov eax,[ServerIP]
1443 cmp byte [si],0
1444 je .noip ; Null filename?!?!
1445 cmp word [si],'::' ; Leading ::?
1446 je .gotprefix
1447
1448 .more:
1449 inc si
1450 cmp byte [si],0
1451 je .noip
1452 cmp word [si],'::'
1453 jne .more
1454
1455 ; We have a :: prefix of some sort, it could be either
1456 ; a DNS name or a dot-quad IP address. Try the dot-quad
1457 ; first...
1458 .here:
1459 pop si
1460 push si
1461 call parse_dotquad
1462 jc .notdq
1463 cmp word [si],'::'
1464 je .gotprefix
1465 .notdq:
1466 pop si
1467 push si
1468 call dns_resolv
1469 cmp word [si],'::'
1470 jne .noip
1471 and eax,eax
1472 jnz .gotprefix
1473
1474 .noip:
1475 pop si
1476 xor eax,eax
1477 jmp .prefix_done
1478
1479 .gotprefix:
1480 pop cx ; Adjust stack
1481 inc si ; Skip double colon
1482 inc si
1483
1484 .prefix_done:
1485 stosd ; Save IP address prefix
1486 mov cx,FILENAME_MAX-5
1487
1488 .mn_loop:
1489 lodsb
1490 cmp al,' ' ; If control or space, end
1491 jna .mn_end
1492 stosb
1493 loop .mn_loop
1494 .mn_end:
1495 inc cx ; At least one null byte
1496 xor ax,ax ; Zero-fill name
1497 rep stosb ; Doesn't do anything if CX=0
1498 pop di
1499 ret ; Done
1500
1501 ;
1502 ; unmangle_name: Does the opposite of mangle_name; converts a DOS-mangled
1503 ; filename to the conventional representation. This is needed
1504 ; for the BOOT_IMAGE= parameter for the kernel.
1505 ; NOTE: A 13-byte buffer is mandatory, even if the string is
1506 ; known to be shorter.
1507 ;
1508 ; DS:SI -> input mangled file name
1509 ; ES:DI -> output buffer
1510 ;
1511 ; On return, DI points to the first byte after the output name,
1512 ; which is set to a null byte.
1513 ;
1514 unmangle_name:
1515 push eax
1516 lodsd
1517 and eax,eax
1518 jz .noip
1519 call gendotquad
1520 mov ax,'::'
1521 stosw
1522 .noip:
1523 call strcpy
1524 dec di ; Point to final null byte
1525 pop eax
1526 ret
1527
1528 ;
1529 ; pxenv
1530 ;
1531 ; This is the main PXENV+/!PXE entry point, using the PXENV+
1532 ; calling convention. This is a separate local routine so
1533 ; we can hook special things from it if necessary. In particular,
1534 ; some PXE stacks seem to not like being invoked from anything but
1535 ; the initial stack, so humour it.
1536 ;
1537
1538 pxenv:
1539 %if USE_PXE_PROVIDED_STACK == 0
1540 mov [cs:PXEStack],sp
1541 mov [cs:PXEStack+2],ss
1542 lss sp,[cs:InitStack]
1543 %endif
1544 .jump: call 0:pxe_thunk ; Default to calling the thunk
1545 %if USE_PXE_PROVIDED_STACK == 0
1546 lss sp,[cs:PXEStack]
1547 %endif
1548 cld ; Make sure DF <- 0
1549 ret
1550
1551 ; Must be after function def due to NASM bug
1552 PXENVEntry equ pxenv.jump+1
1553
1554 ;
1555 ; pxe_thunk
1556 ;
1557 ; Convert from the PXENV+ calling convention (BX, ES, DI) to the !PXE
1558 ; calling convention (using the stack.)
1559 ;
1560 ; This is called as a far routine so that we can just stick it into
1561 ; the PXENVEntry variable.
1562 ;
1563 pxe_thunk: push es
1564 push di
1565 push bx
1566 .jump: call 0:0
1567 add sp,byte 6
1568 cmp ax,byte 1
1569 cmc ; Set CF unless ax == 0
1570 retf
1571
1572 ; Must be after function def due to NASM bug
1573 PXEEntry equ pxe_thunk.jump+1
1574
1575 ;
1576 ; getfssec: Get multiple clusters from a file, given the starting cluster.
1577 ;
1578 ; In this case, get multiple blocks from a specific TCP connection.
1579 ;
1580 ; On entry:
1581 ; ES:BX -> Buffer
1582 ; SI -> TFTP socket pointer
1583 ; CX -> 512-byte block count; 0FFFFh = until end of file
1584 ; On exit:
1585 ; SI -> TFTP socket pointer (or 0 on EOF)
1586 ; CF = 1 -> Hit EOF
1587 ;
1588 getfssec: push si
1589 push fs
1590 mov di,bx
1591 mov bx,si
1592 mov ax,pktbuf_seg
1593 mov fs,ax
1594
1595 movzx ecx,cx
1596 shl ecx,TFTP_BLOCKSIZE_LG2 ; Convert to bytes
1597 jz .hit_eof ; Nothing to do?
1598
1599 .need_more:
1600 push ecx
1601
1602 movzx eax,word [bx+tftp_bytesleft]
1603 cmp ecx,eax
1604 jna .ok_size
1605 mov ecx,eax
1606 jcxz .need_packet ; No bytes available?
1607 .ok_size:
1608
1609 mov ax,cx ; EAX<31:16> == ECX<31:16> == 0
1610 mov si,[bx+tftp_dataptr]
1611 sub [bx+tftp_bytesleft],cx
1612 fs rep movsb ; Copy from packet buffer
1613 mov [bx+tftp_dataptr],si
1614
1615 pop ecx
1616 sub ecx,eax
1617 jnz .need_more
1618
1619
1620 .hit_eof:
1621 pop fs
1622 pop si
1623
1624 ; Is there anything left of this?
1625 mov eax,[si+tftp_filesize]
1626 sub eax,[si+tftp_filepos]
1627 jnz .bytes_left ; CF <- 0
1628
1629 cmp [si+tftp_bytesleft],ax
1630 jnz .bytes_left ; CF <- 0
1631
1632 ; The socket is closed and the buffer drained
1633 ; Close socket structure and re-init for next user
1634 call free_socket
1635 stc
1636 .bytes_left:
1637 ret
1638
1639 ;
1640 ; No data in buffer, check to see if we can get a packet...
1641 ;
1642 .need_packet:
1643 pop ecx
1644 mov eax,[bx+tftp_filesize]
1645 cmp eax,[bx+tftp_filepos]
1646 je .hit_eof ; Already EOF'd; socket already closed
1647
1648 pushad
1649 push es
1650 mov si,bx
1651 call get_packet
1652 pop es
1653 popad
1654
1655 jmp .need_more
1656
1657 ;
1658 ; Get a fresh packet; expects fs -> pktbuf_seg and ds:si -> socket structure
1659 ;
1660 get_packet:
1661 mov ax,ds
1662 mov es,ax
1663
1664 .packet_loop:
1665 ; Start by ACKing the previous packet; this should cause the
1666 ; next packet to be sent.
1667 mov cx,PKT_RETRY
1668 mov word [PktTimeout],PKT_TIMEOUT
1669
1670 .send_ack: push cx ; <D> Retry count
1671
1672 mov ax,[si+tftp_lastpkt]
1673 call ack_packet ; Send ACK
1674
1675 ; We used to test the error code here, but sometimes
1676 ; PXE would return negative status even though we really
1677 ; did send the ACK. Now, just treat a failed send as
1678 ; a normally lost packet, and let it time out in due
1679 ; course of events.
1680
1681 .send_ok: ; Now wait for packet.
1682 mov dx,[BIOS_timer] ; Get current time
1683
1684 mov cx,[PktTimeout]
1685 .wait_data: push cx ; <E> Timeout
1686 push dx ; <F> Old time
1687
1688 mov bx,[si+tftp_pktbuf]
1689 mov [pxe_udp_read_pkt.buffer],bx
1690 mov [pxe_udp_read_pkt.buffer+2],fs
1691 mov [pxe_udp_read_pkt.buffersize],word PKTBUF_SIZE
1692 mov eax,[si+tftp_remoteip]
1693 mov [pxe_udp_read_pkt.sip],eax
1694 mov eax,[MyIP]
1695 mov [pxe_udp_read_pkt.dip],eax
1696 mov ax,[si+tftp_remoteport]
1697 mov [pxe_udp_read_pkt.rport],ax
1698 mov ax,[si+tftp_localport]
1699 mov [pxe_udp_read_pkt.lport],ax
1700 mov di,pxe_udp_read_pkt
1701 mov bx,PXENV_UDP_READ
1702 push si ; <G>
1703 call pxenv
1704 pop si ; <G>
1705 and ax,ax
1706 jz .recv_ok
1707
1708 ; No packet, or receive failure
1709 mov dx,[BIOS_timer]
1710 pop ax ; <F> Old time
1711 pop cx ; <E> Timeout
1712 cmp ax,dx ; Same time -> don't advance timeout
1713 je .wait_data ; Same clock tick
1714 loop .wait_data ; Decrease timeout
1715
1716 pop cx ; <D> Didn't get any, send another ACK
1717 shl word [PktTimeout],1 ; Exponential backoff
1718 loop .send_ack
1719 jmp kaboom ; Forget it...
1720
1721 .recv_ok: pop dx ; <F>
1722 pop cx ; <E>
1723
1724 cmp word [pxe_udp_read_pkt.buffersize],byte 4
1725 jb .wait_data ; Bad size for a DATA packet
1726
1727 mov bx,[si+tftp_pktbuf]
1728 cmp word [fs:bx],TFTP_DATA ; Not a data packet?
1729 jne .wait_data ; Then wait for something else
1730
1731 mov ax,[si+tftp_lastpkt]
1732 xchg ah,al ; Host byte order
1733 inc ax ; Which packet are we waiting for?
1734 xchg ah,al ; Network byte order
1735 cmp [fs:bx+2],ax
1736 je .right_packet
1737
1738 ; Wrong packet, ACK the packet and then try again
1739 ; This is presumably because the ACK got lost,
1740 ; so the server just resent the previous packet
1741 mov ax,[fs:bx+2]
1742 call ack_packet
1743 jmp .send_ok ; Reset timeout
1744
1745 .right_packet: ; It's the packet we want. We're also EOF if the size < blocksize
1746
1747 pop cx ; <D> Don't need the retry count anymore
1748
1749 mov [si+tftp_lastpkt],ax ; Update last packet number
1750
1751 movzx ecx,word [pxe_udp_read_pkt.buffersize]
1752 sub cx,byte 4 ; Skip TFTP header
1753
1754 ; If this is a zero-length block, don't mess with the pointers,
1755 ; since we may have just set up the previous block that way
1756 jz .last_block
1757
1758 ; Set pointer to data block
1759 lea ax,[bx+4] ; Data past TFTP header
1760 mov [si+tftp_dataptr],ax
1761
1762 add [si+tftp_filepos],ecx
1763 mov [si+tftp_bytesleft],cx
1764
1765 cmp cx,[si+tftp_blksize] ; Is it a full block?
1766 jb .last_block ; If so, it's not EOF
1767
1768 ; If we had the exact right number of bytes, always get
1769 ; one more packet to get the (zero-byte) EOF packet and
1770 ; close the socket.
1771 mov eax,[si+tftp_filepos]
1772 cmp [si+tftp_filesize],eax
1773 je .packet_loop
1774
1775 ret
1776
1777
1778 .last_block: ; Last block - ACK packet immediately
1779 mov ax,[fs:bx+2]
1780 call ack_packet
1781
1782 ; Make sure we know we are at end of file
1783 mov eax,[si+tftp_filepos]
1784 mov [si+tftp_filesize],eax
1785
1786 ret
1787
1788 ;
1789 ; ack_packet:
1790 ;
1791 ; Send ACK packet. This is a common operation and so is worth canning.
1792 ;
1793 ; Entry:
1794 ; SI = TFTP block
1795 ; AX = Packet # to ack (network byte order)
1796 ; Exit:
1797 ; ZF = 0 -> Error
1798 ; All registers preserved
1799 ;
1800 ; This function uses the pxe_udp_write_pkt but not the packet_buf.
1801 ;
1802 ack_packet:
1803 pushad
1804 mov [ack_packet_buf+2],ax ; Packet number to ack
1805 mov ax,[si]
1806 mov [pxe_udp_write_pkt.lport],ax
1807 mov ax,[si+tftp_remoteport]
1808 mov [pxe_udp_write_pkt.rport],ax
1809 mov eax,[si+tftp_remoteip]
1810 mov [pxe_udp_write_pkt.sip],eax
1811 xor eax,[MyIP]
1812 and eax,[Netmask]
1813 jz .nogw
1814 mov eax,[Gateway]
1815 .nogw:
1816 mov [pxe_udp_write_pkt.gip],eax
1817 mov [pxe_udp_write_pkt.buffer],word ack_packet_buf
1818 mov [pxe_udp_write_pkt.buffersize], word 4
1819 mov di,pxe_udp_write_pkt
1820 mov bx,PXENV_UDP_WRITE
1821 call pxenv
1822 cmp ax,byte 0 ; ZF = 1 if write OK
1823 popad
1824 ret
1825
1826 ;
1827 ; unload_pxe:
1828 ;
1829 ; This function unloads the PXE and UNDI stacks and unclaims
1830 ; the memory.
1831 ;
1832 unload_pxe:
1833 test byte [KeepPXE],01h ; Should we keep PXE around?
1834 jnz reset_pxe
1835
1836 push ds
1837 push es
1838
1839 mov ax,cs
1840 mov ds,ax
1841 mov es,ax
1842
1843 mov si,new_api_unload
1844 cmp byte [APIVer+1],2 ; Major API version >= 2?
1845 jae .new_api
1846 mov si,old_api_unload
1847 .new_api:
1848
1849 .call_loop: xor ax,ax
1850 lodsb
1851 and ax,ax
1852 jz .call_done
1853 xchg bx,ax
1854 mov di,pxe_unload_stack_pkt
1855 push di
1856 xor ax,ax
1857 mov cx,pxe_unload_stack_pkt_len >> 1
1858 rep stosw
1859 pop di
1860 call pxenv
1861 jc .cant_free
1862 mov ax,word [pxe_unload_stack_pkt.status]
1863 cmp ax,PXENV_STATUS_SUCCESS
1864 jne .cant_free
1865 jmp .call_loop
1866
1867 .call_done:
1868 mov bx,0FF00h
1869
1870 mov dx,[RealBaseMem]
1871 cmp dx,[BIOS_fbm] ; Sanity check
1872 jna .cant_free
1873 inc bx
1874
1875 ; Check that PXE actually unhooked the INT 1Ah chain
1876 movzx eax,word [4*0x1a]
1877 movzx ecx,word [4*0x1a+2]
1878 shl ecx,4
1879 add eax,ecx
1880 shr eax,10
1881 cmp ax,dx ; Not in range
1882 jae .ok
1883 cmp ax,[BIOS_fbm]
1884 jae .cant_free
1885 ; inc bx
1886
1887 .ok:
1888 mov [BIOS_fbm],dx
1889 .pop_ret:
1890 pop es
1891 pop ds
1892 ret
1893
1894 .cant_free:
1895 mov si,cant_free_msg
1896 call writestr
1897 push ax
1898 xchg bx,ax
1899 call writehex4
1900 mov al,'-'
1901 call writechr
1902 pop ax
1903 call writehex4
1904 mov al,'-'
1905 call writechr
1906 mov eax,[4*0x1a]
1907 call writehex8
1908 call crlf
1909 jmp .pop_ret
1910
1911 ; We want to keep PXE around, but still we should reset
1912 ; it to the standard bootup configuration
1913 reset_pxe:
1914 push es
1915 push cs
1916 pop es
1917 mov bx,PXENV_UDP_CLOSE
1918 mov di,pxe_udp_close_pkt
1919 call pxenv
1920 pop es
1921 ret
1922
1923 ;
1924 ; gendotquad
1925 ;
1926 ; Take an IP address (in network byte order) in EAX and
1927 ; output a dotted quad string to ES:DI.
1928 ; DI points to terminal null at end of string on exit.
1929 ;
1930 gendotquad:
1931 push eax
1932 push cx
1933 mov cx,4
1934 .genchar:
1935 push eax
1936 cmp al,10 ; < 10?
1937 jb .lt10 ; If so, skip first 2 digits
1938
1939 cmp al,100 ; < 100
1940 jb .lt100 ; If so, skip first digit
1941
1942 aam 100
1943 ; Now AH = 100-digit; AL = remainder
1944 add ah,'0'
1945 mov [es:di],ah
1946 inc di
1947
1948 .lt100:
1949 aam 10
1950 ; Now AH = 10-digit; AL = remainder
1951 add ah,'0'
1952 mov [es:di],ah
1953 inc di
1954
1955 .lt10:
1956 add al,'0'
1957 stosb
1958 mov al,'.'
1959 stosb
1960 pop eax
1961 ror eax,8 ; Move next char into LSB
1962 loop .genchar
1963 dec di
1964 mov [es:di], byte 0
1965 pop cx
1966 pop eax
1967 ret
1968 ;
1969 ; uchexbytes/lchexbytes
1970 ;
1971 ; Take a number of bytes in memory and convert to upper/lower-case
1972 ; hexadecimal
1973 ;
1974 ; Input:
1975 ; DS:SI = input bytes
1976 ; ES:DI = output buffer
1977 ; CX = number of bytes
1978 ; Output:
1979 ; DS:SI = first byte after
1980 ; ES:DI = first byte after
1981 ; CX = 0
1982 ;
1983 ; Trashes AX, DX
1984 ;
1985
1986 lchexbytes:
1987 mov dl,'a'-'9'-1
1988 jmp xchexbytes
1989 uchexbytes:
1990 mov dl,'A'-'9'-1
1991 xchexbytes:
1992 .loop:
1993 lodsb
1994 mov ah,al
1995 shr al,4
1996 call .outchar
1997 mov al,ah
1998 call .outchar
1999 loop .loop
2000 ret
2001 .outchar:
2002 and al,0Fh
2003 add al,'0'
2004 cmp al,'9'
2005 jna .done
2006 add al,dl
2007 .done:
2008 stosb
2009 ret
2010
2011 ;
2012 ; pxe_get_cached_info
2013 ;
2014 ; Get a DHCP packet from the PXE stack into the trackbuf.
2015 ;
2016 ; Input:
2017 ; DL = packet type
2018 ; Output:
2019 ; CX = buffer size
2020 ;
2021 ; Assumes CS == DS == ES.
2022 ;
2023 pxe_get_cached_info:
2024 pushad
2025 mov di,pxe_bootp_query_pkt
2026 push di
2027 xor ax,ax
2028 stosw ; Status
2029 movzx ax,dl
2030 stosw ; Packet type
2031 mov ax,trackbufsize
2032 stosw ; Buffer size
2033 mov ax,trackbuf
2034 stosw ; Buffer offset
2035 xor ax,ax
2036 stosw ; Buffer segment
2037
2038 pop di ; DI -> parameter set
2039 mov bx,PXENV_GET_CACHED_INFO
2040 call pxenv
2041 jc .err
2042 and ax,ax
2043 jnz .err
2044
2045 popad
2046 mov cx,[pxe_bootp_query_pkt.buffersize]
2047 ret
2048
2049 .err:
2050 mov si,err_pxefailed
2051 jmp kaboom
2052
2053 ;
2054 ; parse_dhcp
2055 ;
2056 ; Parse a DHCP packet. This includes dealing with "overloaded"
2057 ; option fields (see RFC 2132, section 9.3)
2058 ;
2059 ; This should fill in the following global variables, if the
2060 ; information is present:
2061 ;
2062 ; MyIP - client IP address
2063 ; ServerIP - boot server IP address
2064 ; Netmask - network mask
2065 ; Gateway - default gateway router IP
2066 ; BootFile - boot file name
2067 ; DNSServers - DNS server IPs
2068 ; LocalDomain - Local domain name
2069 ; MACLen, MAC - Client identifier, if MACLen == 0
2070 ;
2071 ; This assumes the DHCP packet is in "trackbuf" and the length
2072 ; of the packet in in CX on entry.
2073 ;
2074
2075 parse_dhcp:
2076 mov byte [OverLoad],0 ; Assume no overload
2077 mov eax, [trackbuf+bootp.yip]
2078 and eax, eax
2079 jz .noyip
2080 cmp al,224 ; Class D or higher -> bad
2081 jae .noyip
2082 mov [MyIP], eax
2083 .noyip:
2084 mov eax, [trackbuf+bootp.sip]
2085 and eax, eax
2086 jz .nosip
2087 cmp al,224 ; Class D or higher -> bad
2088 jae .nosip
2089 mov [ServerIP], eax
2090 .nosip:
2091 sub cx, bootp.options
2092 jbe .nooptions
2093 mov si, trackbuf+bootp.option_magic
2094 lodsd
2095 cmp eax, BOOTP_OPTION_MAGIC
2096 jne .nooptions
2097 call parse_dhcp_options
2098 .nooptions:
2099 mov si, trackbuf+bootp.bootfile
2100 test byte [OverLoad],1
2101 jz .nofileoverload
2102 mov cx,128
2103 call parse_dhcp_options
2104 jmp short .parsed_file
2105 .nofileoverload:
2106 cmp byte [si], 0
2107 jz .parsed_file ; No bootfile name
2108 mov di,BootFile
2109 mov cx,32
2110 rep movsd
2111 xor al,al
2112 stosb ; Null-terminate
2113 .parsed_file:
2114 mov si, trackbuf+bootp.sname
2115 test byte [OverLoad],2
2116 jz .nosnameoverload
2117 mov cx,64
2118 call parse_dhcp_options
2119 .nosnameoverload:
2120 ret
2121
2122 ;
2123 ; Parse a sequence of DHCP options, pointed to by DS:SI; the field
2124 ; size is CX -- some DHCP servers leave option fields unterminated
2125 ; in violation of the spec.
2126 ;
2127 ; For parse_some_dhcp_options, DH contains the minimum value for
2128 ; the option to recognize -- this is used to restrict parsing to
2129 ; PXELINUX-specific options only.
2130 ;
2131 parse_dhcp_options:
2132 xor dx,dx
2133
2134 parse_some_dhcp_options:
2135 .loop:
2136 and cx,cx
2137 jz .done
2138
2139 lodsb
2140 dec cx
2141 jz .done ; Last byte; must be PAD, END or malformed
2142 cmp al, 0 ; PAD option
2143 je .loop
2144 cmp al,255 ; END option
2145 je .done
2146
2147 ; Anything else will have a length field
2148 mov dl,al ; DL <- option number
2149 xor ax,ax
2150 lodsb ; AX <- option length
2151 dec cx
2152 sub cx,ax ; Decrement bytes left counter
2153 jb .done ; Malformed option: length > field size
2154
2155 cmp dl,dh ; Is the option value valid?
2156 jb .opt_done
2157
2158 mov bx,dhcp_option_list
2159 .find_option:
2160 cmp bx,dhcp_option_list_end
2161 jae .opt_done
2162 cmp dl,[bx]
2163 je .found_option
2164 add bx,3
2165 jmp .find_option
2166 .found_option:
2167 pushad
2168 call [bx+1]
2169 popad
2170
2171 ; Fall through
2172 ; Unknown option. Skip to the next one.
2173 .opt_done:
2174 add si,ax
2175 jmp .loop
2176 .done:
2177 ret
2178
2179 section .data
2180 dhcp_option_list:
2181 section .text
2182
2183 %macro dopt 2
2184 section .data
2185 db %1
2186 dw dopt_%2
2187 section .text
2188 dopt_%2:
2189 %endmacro
2190
2191 ;
2192 ; Parse individual DHCP options. SI points to the option data and
2193 ; AX to the option length. DL contains the option number.
2194 ; All registers are saved around the routine.
2195 ;
2196 dopt 1, subnet_mask
2197 mov ebx,[si]
2198 mov [Netmask],ebx
2199 ret
2200
2201 dopt 3, router
2202 mov ebx,[si]
2203 mov [Gateway],ebx
2204 ret
2205
2206 dopt 6, dns_servers
2207 mov cx,ax
2208 shr cx,2
2209 cmp cl,DNS_MAX_SERVERS
2210 jna .oklen
2211 mov cl,DNS_MAX_SERVERS
2212 .oklen:
2213 mov di,DNSServers
2214 rep movsd
2215 mov [LastDNSServer],di
2216 ret
2217
2218 dopt 16, local_domain
2219 mov bx,si
2220 add bx,ax
2221 xor ax,ax
2222 xchg [bx],al ; Zero-terminate option
2223 mov di,LocalDomain
2224 call dns_mangle ; Convert to DNS label set
2225 mov [bx],al ; Restore ending byte
2226 ret
2227
2228 dopt 43, vendor_encaps
2229 mov dh,208 ; Only recognize PXELINUX options
2230 mov cx,ax ; Length of option = max bytes to parse
2231 call parse_some_dhcp_options ; Parse recursive structure
2232 ret
2233
2234 dopt 52, option_overload
2235 mov bl,[si]
2236 mov [OverLoad],bl
2237 ret
2238
2239 dopt 54, server
2240 mov eax,[si]
2241 cmp dword [ServerIP],0
2242 jne .skip ; Already have a next server IP
2243 cmp al,224 ; Class D or higher
2244 jae .skip
2245 mov [ServerIP],eax
2246 .skip: ret
2247
2248 dopt 61, client_identifier
2249 cmp ax,MAC_MAX ; Too long?
2250 ja .skip
2251 cmp ax,2 ; Too short?
2252 jb .skip
2253 cmp [MACLen],ah ; Only do this if MACLen == 0
2254 jne .skip
2255 push ax
2256 lodsb ; Client identifier type
2257 cmp al,[MACType]
2258 pop ax
2259 jne .skip ; Client identifier is not a MAC
2260 dec ax
2261 mov [MACLen],al
2262 mov di,MAC
2263 jmp dhcp_copyoption
2264 .skip: ret
2265
2266 dopt 67, bootfile_name
2267 mov di,BootFile
2268 jmp dhcp_copyoption
2269
2270 dopt 97, uuid_client_identifier
2271 cmp ax,17 ; type byte + 16 bytes UUID
2272 jne .skip
2273 mov dl,[si] ; Must have type 0 == UUID
2274 or dl,[HaveUUID] ; Capture only the first instance
2275 jnz .skip
2276 mov byte [HaveUUID],1 ; Got UUID
2277 mov di,UUIDType
2278 jmp dhcp_copyoption
2279 .skip: ret
2280
2281 dopt 208, pxelinux_magic
2282 cmp al,4 ; Must have length == 4
2283 jne .done
2284 cmp dword [si], htonl(0xF100747E) ; Magic number
2285 jne .done
2286 or byte [DHCPMagic],1 ; Found magic #
2287 .done: ret
2288
2289 dopt 209, pxelinux_configfile
2290 mov di,ConfigName
2291 or byte [DHCPMagic],2 ; Got config file
2292 jmp dhcp_copyoption
2293
2294 dopt 210, pxelinux_pathprefix
2295 mov di,PathPrefix
2296 or byte [DHCPMagic],4 ; Got path prefix
2297 jmp dhcp_copyoption
2298
2299 dopt 211, pxelinux_reboottime
2300 cmp al,4
2301 jne .done
2302 mov ebx,[si]
2303 xchg bl,bh ; Convert to host byte order
2304 rol ebx,16
2305 xchg bl,bh
2306 mov [RebootTime],ebx
2307 or byte [DHCPMagic],8 ; Got RebootTime
2308 .done: ret
2309
2310 ; Common code for copying an option verbatim
2311 ; Copies the option into ES:DI and null-terminates it.
2312 ; Returns with AX=0 and SI past the option.
2313 dhcp_copyoption:
2314 xchg cx,ax ; CX <- option length
2315 rep movsb
2316 xchg cx,ax ; AX <- 0
2317 stosb ; Null-terminate
2318 ret
2319
2320 section .data
2321 dhcp_option_list_end:
2322 section .text
2323
2324 section .data
2325 HaveUUID db 0
2326 uuid_dashes db 4,2,2,2,6,0 ; Bytes per UUID dashed section
2327 section .text
2328
2329 ;
2330 ; genipopt
2331 ;
2332 ; Generate an ip=<client-ip>:<boot-server-ip>:<gw-ip>:<netmask>
2333 ; option into IPOption based on a DHCP packet in trackbuf.
2334 ; Assumes CS == DS == ES.
2335 ;
2336 genipopt:
2337 pushad
2338 mov di,IPOption
2339 mov eax,'ip='
2340 stosd
2341 dec di
2342 mov eax,[MyIP]
2343 call gendotquad
2344 mov al,':'
2345 stosb
2346 mov eax,[ServerIP]
2347 call gendotquad
2348 mov al,':'
2349 stosb
2350 mov eax,[Gateway]
2351 call gendotquad
2352 mov al,':'
2353 stosb
2354 mov eax,[Netmask]
2355 call gendotquad ; Zero-terminates its output
2356 sub di,IPOption
2357 mov [IPOptionLen],di
2358 popad
2359 ret
2360
2361 ;
2362 ; Call the receive loop while idle. This is done mostly so we can respond to
2363 ; ARP messages, but perhaps in the future this can be used to do network
2364 ; console.
2365 ;
2366 ; hpa sez: people using automatic control on the serial port get very
2367 ; unhappy if we poll for ARP too often (the PXE stack is pretty slow,
2368 ; typically.) Therefore, only poll if at least 4 BIOS timer ticks have
2369 ; passed since the last poll, and reset this when a character is
2370 ; received (RESET_IDLE).
2371 ;
2372 %if HAVE_IDLE
2373
2374 reset_idle:
2375 push ax
2376 mov ax,[cs:BIOS_timer]
2377 mov [cs:IdleTimer],ax
2378 pop ax
2379 ret
2380
2381 check_for_arp:
2382 push ax
2383 mov ax,[cs:BIOS_timer]
2384 sub ax,[cs:IdleTimer]
2385 cmp ax,4
2386 pop ax
2387 jae .need_poll
2388 ret
2389 .need_poll: pushad
2390 push ds
2391 push es
2392 mov ax,cs
2393 mov ds,ax
2394 mov es,ax
2395 mov di,packet_buf
2396 mov [pxe_udp_read_pkt.status],al ; 0
2397 mov [pxe_udp_read_pkt.buffer],di
2398 mov [pxe_udp_read_pkt.buffer+2],ds
2399 mov word [pxe_udp_read_pkt.buffersize],packet_buf_size
2400 mov eax,[MyIP]
2401 mov [pxe_udp_read_pkt.dip],eax
2402 mov word [pxe_udp_read_pkt.lport],htons(9) ; discard port
2403 mov di,pxe_udp_read_pkt
2404 mov bx,PXENV_UDP_READ
2405 call pxenv
2406 ; Ignore result...
2407 pop es
2408 pop ds
2409 popad
2410 RESET_IDLE
2411 ret
2412
2413 %endif ; HAVE_IDLE
2414
2415 ; -----------------------------------------------------------------------------
2416 ; Common modules
2417 ; -----------------------------------------------------------------------------
2418
2419 %include "getc.inc" ; getc et al
2420 %include "conio.inc" ; Console I/O
2421 %include "writestr.inc" ; String output
2422 writestr equ cwritestr
2423 %include "writehex.inc" ; Hexadecimal output
2424 %include "configinit.inc" ; Initialize configuration
2425 %include "parseconfig.inc" ; High-level config file handling
2426 %include "parsecmd.inc" ; Low-level config file handling
2427 %include "bcopy32.inc" ; 32-bit bcopy
2428 %include "loadhigh.inc" ; Load a file into high memory
2429 %include "font.inc" ; VGA font stuff
2430 %include "graphics.inc" ; VGA graphics
2431 %include "highmem.inc" ; High memory sizing
2432 %include "strcpy.inc" ; strcpy()
2433 %include "rawcon.inc" ; Console I/O w/o using the console functions
2434 %include "dnsresolv.inc" ; DNS resolver
2435
2436 ; -----------------------------------------------------------------------------
2437 ; Begin data section
2438 ; -----------------------------------------------------------------------------
2439
2440 section .data
2441
2442 copyright_str db ' Copyright (C) 1994-', year, ' H. Peter Anvin'
2443 db CR, LF, 0
2444 err_bootfailed db CR, LF, 'Boot failed: press a key to retry, or wait for reset...', CR, LF, 0
2445 bailmsg equ err_bootfailed
2446 err_nopxe db "No !PXE or PXENV+ API found; we're dead...", CR, LF, 0
2447 err_pxefailed db 'PXE API call failed, error ', 0
2448 err_udpinit db 'Failed to initialize UDP stack', CR, LF, 0
2449 err_noconfig db 'Unable to locate configuration file', CR, LF, 0
2450 err_oldtftp db 'TFTP server does not support the tsize option', CR, LF, 0
2451 found_pxenv db 'Found PXENV+ structure', CR, LF, 0
2452 using_pxenv_msg db 'Old PXE API detected, using PXENV+ structure', CR, LF, 0
2453 apiver_str db 'PXE API version is ',0
2454 pxeentry_msg db 'PXE entry point found (we hope) at ', 0
2455 pxenventry_msg db 'PXENV entry point found (we hope) at ', 0
2456 trymempxe_msg db 'Scanning memory for !PXE structure... ', 0
2457 trymempxenv_msg db 'Scanning memory for PXENV+ structure... ', 0
2458 undi_data_msg db 'UNDI data segment at: ',0
2459 undi_data_len_msg db 'UNDI data segment size: ',0
2460 undi_code_msg db 'UNDI code segment at: ',0
2461 undi_code_len_msg db 'UNDI code segment size: ',0
2462 cant_free_msg db 'Failed to free base memory, error ', 0
2463 notfound_msg db 'not found', CR, LF, 0
2464 myipaddr_msg db 'My IP address seems to be ',0
2465 tftpprefix_msg db 'TFTP prefix: ', 0
2466 localboot_msg db 'Booting from local disk...', CR, LF, 0
2467 trying_msg db 'Trying to load: ', 0
2468 fourbs_msg db BS, BS, BS, BS, 0
2469 default_str db 'default', 0
2470 syslinux_banner db CR, LF, 'PXELINUX ', version_str, ' ', date, ' ', 0
2471 cfgprefix db 'pxelinux.cfg/' ; No final null!
2472 cfgprefix_len equ ($-cfgprefix)
2473
2474 ;
2475 ; Command line options we'd like to take a look at
2476 ;
2477 ; mem= and vga= are handled as normal 32-bit integer values
2478 initrd_cmd db 'initrd='
2479 initrd_cmd_len equ $-initrd_cmd
2480
2481 ; This one we make ourselves
2482 bootif_str db 'BOOTIF='
2483 bootif_str_len equ $-bootif_str
2484 ;
2485 ; Config file keyword table
2486 ;
2487 %include "keywords.inc"
2488
2489 ;
2490 ; Extensions to search for (in *forward* order).
2491 ; (.bs and .bss are disabled for PXELINUX, since they are not supported)
2492 ;
2493 align 4, db 0
2494 exten_table: db '.cbt' ; COMBOOT (specific)
2495 db '.0', 0, 0 ; PXE bootstrap program
2496 db '.com' ; COMBOOT (same as DOS)
2497 db '.c32' ; COM32
2498 exten_table_end:
2499 dd 0, 0 ; Need 8 null bytes here
2500
2501 ;
2502 ; PXE unload sequences
2503 ;
2504 new_api_unload:
2505 db PXENV_UDP_CLOSE
2506 db PXENV_UNDI_SHUTDOWN
2507 db PXENV_UNLOAD_STACK
2508 db PXENV_STOP_UNDI
2509 db 0
2510 old_api_unload:
2511 db PXENV_UDP_CLOSE
2512 db PXENV_UNDI_SHUTDOWN
2513 db PXENV_UNLOAD_STACK
2514 db PXENV_UNDI_CLEANUP
2515 db 0
2516
2517 ;
2518 ; PXE query packets partially filled in
2519 ;
2520 section .bss
2521 pxe_bootp_query_pkt:
2522 .status: resw 1 ; Status
2523 .packettype: resw 1 ; Boot server packet type
2524 .buffersize: resw 1 ; Packet size
2525 .buffer: resw 2 ; seg:off of buffer
2526 .bufferlimit: resw 1 ; Unused
2527
2528 section .data
2529 pxe_udp_open_pkt:
2530 .status: dw 0 ; Status
2531 .sip: dd 0 ; Source (our) IP
2532
2533 pxe_udp_close_pkt:
2534 .status: dw 0 ; Status
2535
2536 pxe_udp_write_pkt:
2537 .status: dw 0 ; Status
2538 .sip: dd 0 ; Server IP
2539 .gip: dd 0 ; Gateway IP
2540 .lport: dw 0 ; Local port
2541 .rport: dw 0 ; Remote port
2542 .buffersize: dw 0 ; Size of packet
2543 .buffer: dw 0, 0 ; seg:off of buffer
2544
2545 pxe_udp_read_pkt:
2546 .status: dw 0 ; Status
2547 .sip: dd 0 ; Source IP
2548 .dip: dd 0 ; Destination (our) IP
2549 .rport: dw 0 ; Remote port
2550 .lport: dw 0 ; Local port
2551 .buffersize: dw 0 ; Max packet size
2552 .buffer: dw 0, 0 ; seg:off of buffer
2553
2554 ;
2555 ; Misc initialized (data) variables
2556 ;
2557 alignb 4, db 0
2558 BaseStack dd StackBuf ; ESP of base stack
2559 dw 0 ; SS of base stack
2560 NextSocket dw 49152 ; Counter for allocating socket numbers
2561 KeepPXE db 0 ; Should PXE be kept around?
2562
2563 ;
2564 ; TFTP commands
2565 ;
2566 tftp_tail db 'octet', 0 ; Octet mode
2567 tsize_str db 'tsize' ,0 ; Request size
2568 tsize_len equ ($-tsize_str)
2569 db '0', 0
2570 blksize_str db 'blksize', 0 ; Request large blocks
2571 blksize_len equ ($-blksize_str)
2572 asciidec TFTP_LARGEBLK
2573 db 0
2574 tftp_tail_len equ ($-tftp_tail)
2575
2576 alignb 2, db 0
2577 ;
2578 ; Options negotiation parsing table (string pointer, string len, offset
2579 ; into socket structure)
2580 ;
2581 tftp_opt_table:
2582 dw tsize_str, tsize_len, tftp_filesize
2583 dw blksize_str, blksize_len, tftp_blksize
2584 tftp_opts equ ($-tftp_opt_table)/6
2585
2586 ;
2587 ; Error packet to return on options negotiation error
2588 ;
2589 tftp_opt_err dw TFTP_ERROR ; ERROR packet
2590 dw TFTP_EOPTNEG ; ERROR 8: bad options
2591 db 'tsize option required', 0 ; Error message
2592 tftp_opt_err_len equ ($-tftp_opt_err)
2593
2594 alignb 4, db 0
2595 ack_packet_buf: dw TFTP_ACK, 0 ; TFTP ACK packet
2596
2597 ;
2598 ; IP information (initialized to "unknown" values)
2599 MyIP dd 0 ; My IP address
2600 ServerIP dd 0 ; IP address of boot server
2601 Netmask dd 0 ; Netmask of this subnet
2602 Gateway dd 0 ; Default router
2603 ServerPort dw TFTP_PORT ; TFTP server port
2604
2605 ;
2606 ; Variables that are uninitialized in SYSLINUX but initialized here
2607 ;
2608 alignb 4, db 0
2609 BufSafe dw trackbufsize/TFTP_BLOCKSIZE ; Clusters we can load into trackbuf
2610 BufSafeSec dw trackbufsize/512 ; = how many sectors?
2611 BufSafeBytes dw trackbufsize ; = how many bytes?
2612 %ifndef DEPEND
2613 %if ( trackbufsize % TFTP_BLOCKSIZE ) != 0
2614 %error trackbufsize must be a multiple of TFTP_BLOCKSIZE
2615 %endif
2616 %endif
The Syslinux boot loader collection