1 ; -*- fundamental -*- (asm-mode sucks)
2 ; ****************************************************************************
6 ; A program to boot Linux kernels off a TFTP server using the Intel PXE
7 ; network booting API. It is based on the SYSLINUX boot loader for
10 ; Copyright (C) 1994-2006 H. Peter Anvin
12 ; This program is free software; you can redistribute it and/or modify
13 ; it under the terms of the GNU General Public License as published by
14 ; the Free Software Foundation, Inc., 53 Temple Place Ste 330,
15 ; Boston MA 02111-1307, USA; either version 2 of the License, or
16 ; (at your option) any later version; incorporated herein by reference.
18 ; ****************************************************************************
25 ; Some semi-configurable constants... change on your own risk.
28 FILENAME_MAX_LG2
equ 7 ; log2(Max filename size Including final null)
29 FILENAME_MAX
equ (1 << FILENAME_MAX_LG2
)
30 NULLFILE
equ 0 ; Zero byte == null file name
31 NULLOFFSET
equ 4 ; Position in which to look
32 REBOOT_TIME
equ 5*60 ; If failure, time until full reset
33 %assign HIGHMEM_SLOP
128*1024 ; Avoid this much memory near the top
34 MAX_OPEN_LG2
equ 5 ; log2(Max number of open sockets)
35 MAX_OPEN
equ (1 << MAX_OPEN_LG2
)
36 PKTBUF_SIZE
equ (65536/MAX_OPEN
) ; Per-socket packet buffer size
37 TFTP_PORT
equ htons
(69) ; Default TFTP port
38 PKT_RETRY
equ 6 ; Packet transmit retry count
39 PKT_TIMEOUT
equ 12 ; Initial timeout, timer ticks @ 55 ms
40 ; Desired TFTP block size
41 ; For Ethernet MTU is normally 1500. Unfortunately there seems to
42 ; be a fair number of networks with "substandard" MTUs which break.
43 ; The code assumes TFTP_LARGEBLK <= 2K.
45 TFTP_LARGEBLK
equ (TFTP_MTU
-20-8-4) ; MTU - IP hdr - UDP hdr - TFTP hdr
46 ; Standard TFTP block size
47 TFTP_BLOCKSIZE_LG2
equ 9 ; log2(bytes/block)
48 TFTP_BLOCKSIZE
equ (1 << TFTP_BLOCKSIZE_LG2
)
49 %assign USE_PXE_PROVIDED_STACK
1 ; Use stack provided by PXE?
51 SECTOR_SHIFT
equ TFTP_BLOCKSIZE_LG2
52 SECTOR_SIZE
equ TFTP_BLOCKSIZE
55 ; This is what we need to do when idle
57 %define HAVE_IDLE
1 ; idle is not a noop
67 ; TFTP operation codes
69 TFTP_RRQ
equ htons
(1) ; Read request
70 TFTP_WRQ
equ htons
(2) ; Write request
71 TFTP_DATA
equ htons
(3) ; Data packet
72 TFTP_ACK
equ htons
(4) ; ACK packet
73 TFTP_ERROR
equ htons
(5) ; ERROR packet
74 TFTP_OACK
equ htons
(6) ; OACK packet
79 TFTP_EUNDEF
equ htons
(0) ; Unspecified error
80 TFTP_ENOTFOUND
equ htons
(1) ; File not found
81 TFTP_EACCESS
equ htons
(2) ; Access violation
82 TFTP_ENOSPACE
equ htons
(3) ; Disk full
83 TFTP_EBADOP
equ htons
(4) ; Invalid TFTP operation
84 TFTP_EBADID
equ htons
(5) ; Unknown transfer
85 TFTP_EEXISTS
equ htons
(6) ; File exists
86 TFTP_ENOUSER
equ htons
(7) ; No such user
87 TFTP_EOPTNEG
equ htons
(8) ; Option negotiation failure
90 ; The following structure is used for "virtual kernels"; i.e. LILO-style
91 ; option labels. The options we permit here are `kernel' and `append
92 ; Since there is no room in the bottom 64K for all of these, we
93 ; stick them at vk_seg:0000 and copy them down before we need them.
96 vk_vname: resb FILENAME_MAX
; Virtual name **MUST BE FIRST!**
97 vk_rname: resb FILENAME_MAX
; Real name
98 vk_ipappend: resb
1 ; "IPAPPEND" flag
102 vk_append: resb max_cmd_len
+1 ; Command line
104 vk_end: equ $
; Should be <= vk_size
108 ; Segment assignments in the bottom 640K
109 ; 0000h - main code/data segment (and BIOS segment)
111 real_mode_seg
equ 4000h
112 vk_seg
equ 3000h ; Virtual kernels
113 xfer_buf_seg
equ 2000h ; Bounce buffer for I/O to high mem
114 pktbuf_seg
equ 1000h ; Packet buffers segments
115 comboot_seg
equ real_mode_seg
; COMBOOT image loading zone
118 ; BOOTP/DHCP packet pattern
122 .opcode resb
1 ; BOOTP/DHCP "opcode"
123 .hardware resb
1 ; ARP hardware type
124 .hardlen resb
1 ; Hardware address length
125 .gatehops resb
1 ; Used by forwarders
126 .ident resd
1 ; Transaction ID
127 .seconds resw
1 ; Seconds elapsed
128 .flags resw
1 ; Broadcast flags
129 .cip resd
1 ; Client IP
130 .yip resd
1 ; "Your" IP
131 .sip resd
1 ; Next server IP
132 .gip resd
1 ; Relay agent IP
133 .macaddr resb
16 ; Client MAC address
134 .sname resb
64 ; Server name (optional)
135 .bootfile resb
128 ; Boot file name
136 .option_magic resd
1 ; Vendor option magic cookie
137 .options resb
1260 ; Vendor options
140 BOOTP_OPTION_MAGIC
equ htonl
(0x63825363) ; See RFC 2132
143 ; TFTP connection data structure. Each one of these corresponds to a local
144 ; UDP port. The size of this structure must be a power of 2.
145 ; HBO = host byte order; NBO = network byte order
146 ; (*) = written by options negotiation code, must be dword sized
149 tftp_localport resw
1 ; Local port number (0 = not in use)
150 tftp_remoteport resw
1 ; Remote port number
151 tftp_remoteip resd
1 ; Remote IP address
152 tftp_filepos resd
1 ; Bytes downloaded (including buffer)
153 tftp_filesize resd
1 ; Total file size(*)
154 tftp_blksize resd
1 ; Block size for this connection(*)
155 tftp_bytesleft resw
1 ; Unclaimed data bytes
156 tftp_lastpkt resw
1 ; Sequence number of last packet (NBO)
157 tftp_dataptr resw
1 ; Pointer to available data
158 resw
2 ; Currently unusued
159 ; At end since it should not be zeroed on socked close
160 tftp_pktbuf resw
1 ; Packet buffer offset
163 %if
(open_file_t_size
& (open_file_t_size
-1))
164 %error
"open_file_t is not a power of 2"
168 ; ---------------------------------------------------------------------------
170 ; ---------------------------------------------------------------------------
173 ; Memory below this point is reserved for the BIOS and the MBR
176 trackbufsize
equ 8192
177 trackbuf resb trackbufsize
; Track buffer goes here
178 getcbuf resb trackbufsize
181 ; Put some large buffers here, before RBFG_brainfuck,
182 ; where we can still carefully control the address
185 alignb open_file_t_size
186 Files resb MAX_OPEN
*open_file_t_size
189 BootFile resb
256 ; Boot file from DHCP packet
190 ConfigServer resd
1 ; Null prefix for mangled config name
191 ConfigName resb
256-4 ; Configuration file from DHCP option
192 PathPrefix resb
256 ; Path prefix derived from boot file
193 DotQuadBuf resb
16 ; Buffer for dotted-quad IP address
194 IPOption resb
80 ; ip= option buffer
195 InitStack resd
1 ; Pointer to reset stack (SS:SP)
196 PXEStack resd
1 ; Saved stack during PXE call
198 ; Warning here: RBFG build 22 randomly overwrites memory location
199 ; [0x5680,0x576c), possibly more. It seems that it gets confused and
200 ; screws up the pointer to its own internal packet buffer and starts
201 ; writing a received ARP packet into low memory.
202 RBFG_brainfuck resb
0E00h
206 RebootTime resd
1 ; Reboot timeout, if set by option
207 StrucPtr resd
1 ; Pointer to PXENV+ or !PXE structure
208 APIVer resw
1 ; PXE API version found
209 IPOptionLen resw
1 ; Length of IPOption
210 IdleTimer resw
1 ; Time to check for ARP?
211 LocalBootType resw
1 ; Local boot return code
212 PktTimeout resw
1 ; Timeout for current packet
213 RealBaseMem resw
1 ; Amount of DOS memory after freeing
214 OverLoad resb
1 ; Set if DHCP packet uses "overloading"
216 ; The relative position of these fields matter!
217 MACLen resb
1 ; MAC address len
218 MACType resb
1 ; MAC address type
219 MAC resb
16 ; Actual MAC address
220 BOOTIFStr resb
7 ; Space for "BOOTIF="
221 MACStr resb
3*17 ; MAC address as a string
224 ; PXE packets which don't need static initialization
227 pxe_unload_stack_pkt:
228 .
status: resw
1 ; Status
229 .
reserved: resw
10 ; Reserved
230 pxe_unload_stack_pkt_len
equ $
-pxe_unload_stack_pkt
233 ; BOOTP/DHCP packet buffer
236 packet_buf resb
2048 ; Transfer packet
237 packet_buf_size
equ $
-packet_buf
240 ; Constants for the xfer_buf_seg
242 ; The xfer_buf_seg is also used to store message file buffers. We
243 ; need two trackbuffers (text and graphics), plus a work buffer
244 ; for the graphics decompressor.
246 xbs_textbuf
equ 0 ; Also hard-coded, do not change
247 xbs_vgabuf
equ trackbufsize
248 xbs_vgatmpbuf
equ 2*trackbufsize
252 ; PXELINUX needs more BSS than the other derivatives;
253 ; therefore we relocate it from 7C00h on startup.
255 StackBuf
equ $
; Base of stack if we use our own
258 ; Primary entry point.
262 pushfd ; Paranoia... in case of return to PXE
263 pushad ; ... save as much state as possible
274 %if TEXT_START
!= 0x7c00
275 ; This is uglier than it should be, but works around
276 ; some NASM 0.98.38 bugs.
277 mov di,section..bcopy32.start
278 add di,__bcopy_size
-4
279 lea si,[di-(TEXT_START
-7C00h
)]
280 lea cx,[di-(TEXT_START
-4)]
282 std ; Overlapping areas, copy backwards
286 jmp 0:_start1
; Canonicalize address
289 les bx,[bp+48] ; ES:BX -> !PXE or PXENV+ structure
291 ; That is all pushed onto the PXE stack. Save the pointer
292 ; to it and switch to an internal stack.
296 %if USE_PXE_PROVIDED_STACK
297 ; Apparently some platforms go bonkers if we
298 ; set up our own stack...
306 sti ; Stack set up and ready
310 ; Initialize screen (if we're using one)
312 ; Now set up screen parameters
315 ; Wipe the F-key area
318 mov cx,10*(1 << FILENAME_MAX_LG2
)
319 push es ; Save ES -> PXE structure
326 ; Tell the user we got this far
328 mov si,syslinux_banner
335 ; Assume API version 2.1, in case we find the !PXE structure without
336 ; finding the PXENV+ structure. This should really look at the Base
337 ; Code ROM ID structure in have_pxe, but this is adequate for now --
338 ; if we have !PXE, we have to be 2.1 or higher, and we don't care
339 ; about higher versions than that.
341 mov word [APIVer
],0201h
344 ; Now we need to find the !PXE structure. It's *supposed* to be pointed
345 ; to by SS:[SP+4], but support INT 1Ah, AX=5650h method as well.
346 ; FIX: ES:BX should point to the PXENV+ structure on entry as well.
347 ; We should make that the second test, and not trash ES:BX...
349 cmp dword [es:bx], '!PXE'
352 ; Uh-oh, not there... try plan B
354 %if USE_PXE_PROVIDED_STACK
== 0
357 int 1Ah ; May trash regs
358 %if USE_PXE_PROVIDED_STACK
== 0
366 ; Okay, that gave us the PXENV+ structure, find !PXE
367 ; structure from that (if available)
368 cmp dword [es:bx], 'PXEN'
370 cmp word [es:bx+4], 'V+'
373 ; Nothing there either. Last-ditch: scan memory
374 call memory_scan_for_pxe_struct
; !PXE scan
376 call memory_scan_for_pxenv_struct
; PXENV+ scan
379 no_pxe: mov si,err_nopxe
397 cmp ax,0201h ; API version 2.1 or higher
401 les bx,[es:bx+28h] ; !PXE structure pointer
402 cmp dword [es:bx],'!PXE'
405 ; Nope, !PXE structure missing despite API 2.1+, or at least
406 ; the pointer is missing. Do a last-ditch attempt to find it.
407 call memory_scan_for_pxe_struct
410 ; Otherwise, no dice, use PXENV+ structure
414 old_api: ; Need to use a PXENV+ structure
415 mov si,using_pxenv_msg
418 mov eax,[es:bx+0Ah] ; PXE RM API
426 mov si,undi_data_len_msg
436 mov si,undi_code_len_msg
442 ; Compute base memory size from PXENV+ structure
444 movzx eax,word [es:bx+20h] ; UNDI data seg
445 cmp ax,[es:bx+24h] ; UNDI code seg
455 shr eax,10 ; Convert to kilobytes
458 mov si,pxenventry_msg
460 mov ax,[PXENVEntry
+2]
481 mov si,undi_data_len_msg
491 mov si,undi_code_len_msg
497 ; Compute base memory size from !PXE structure
524 pop es ; Restore CS == DS == ES
527 ; Network-specific initialization
530 mov [LocalDomain
],al ; No LocalDomain received
533 ; Now attempt to get the BOOTP/DHCP packet that brought us life (and an IP
534 ; address). This lives in the DHCPACK packet (query info 2).
537 mov di,pxe_bootp_query_pkt_2
538 mov bx,PXENV_GET_CACHED_INFO
541 push word [pxe_bootp_query_pkt_2.status
]
546 mov di,pxe_bootp_size_query_pkt
547 mov bx,PXENV_GET_CACHED_INFO
552 mov ax,[pxe_bootp_size_query_pkt.buffersize
]
565 jmp kaboom
; We're dead
568 pop cx ; Forget status
569 mov cx,[pxe_bootp_query_pkt_2.buffersize
]
570 call parse_dhcp
; Parse DHCP packet
572 ; Save away MAC address (assume this is in query info 2. If this
573 ; turns out to be problematic it might be better getting it from
574 ; the query info 1 packet.)
577 movzx cx,byte [trackbuf
+bootp.hardlen
]
579 mov al,[trackbuf
+bootp.hardware
]
581 mov si,trackbuf
+bootp.macaddr
592 mov cx,bootif_str_len
612 mov [di-1],byte 0 ; Null-terminate and strip final colon
615 ; Now, get the boot file and other info. This lives in the CACHED_REPLY
616 ; packet (query info 3).
618 mov [pxe_bootp_size_query_pkt.packettype
], byte 3
620 mov di,pxe_bootp_query_pkt_3
621 mov bx,PXENV_GET_CACHED_INFO
624 push word [pxe_bootp_query_pkt_3.status
]
629 ; Packet loaded OK...
630 pop cx ; Forget status
631 mov cx,[pxe_bootp_query_pkt_3.buffersize
]
632 call parse_dhcp
; Parse DHCP packet
634 ; Generate ip= option
644 call gendotquad
; This takes network byte order input
646 xchg ah,al ; Convert to host byte order
647 ror eax,16 ; (BSWAP doesn't work on 386)
664 ; Check to see if we got any PXELINUX-specific DHCP options; in particular,
665 ; if we didn't get the magic enable, do not recognize any other options.
668 test byte [DHCPMagic
], 1 ; If we didn't get the magic enable...
670 mov byte [DHCPMagic
], 0 ; If not, kill all other options
675 ; Initialize UDP stack
679 mov [pxe_udp_open_pkt.sip
],eax
680 mov di,pxe_udp_open_pkt
681 mov bx,PXENV_UDP_OPEN
684 cmp word [pxe_udp_open_pkt.status
], byte 0
686 .
failed: mov si,err_udpinit
692 ; Common initialization code
695 %include "cpuinit.inc"
698 ; Now we're all set to start with our *real* business. First load the
699 ; configuration file (if any) and parse it.
701 ; In previous versions I avoided using 32-bit registers because of a
702 ; rumour some BIOSes clobbered the upper half of 32-bit registers at
703 ; random. I figure, though, that if there are any of those still left
704 ; they probably won't be trying to install Linux on them...
706 ; The code is still ripe with 16-bitisms, though. Not worth the hassle
707 ; to take'm out. In fact, we may want to put them back if we're going
708 ; to boot ELKS at some point.
712 ; Store standard filename prefix
714 prefix: test byte [DHCPMagic
], 04h ; Did we get a path prefix option
723 lea si,[di-2] ; Skip final null!
726 cmp al,'.' ; Count . or - as alphanum
738 .
alnum: loop .find_alnum
740 .
notalnum: mov byte [si+2],0 ; Zero-terminate after delimiter
743 mov si,tftpprefix_msg
750 ; Load configuration file
755 ; Begin looking for configuration file
760 stosd ; The config file is always from the server
762 test byte [DHCPMagic
], 02h
765 ; We got a DHCP option, try it first
768 ; mov di,ConfigName ; - already the case
782 ; Try loading by MAC address
783 ; Have to guess config file name
802 xchg ah,al ; Convert to host byte order
805 .
hexify_loop: rol eax,4
817 mov cx,9 ; Up to 9 attempts
819 .
tryagain: mov byte [di],0
825 rep movsb ; Copy "default" string
846 ; Now we have the config file open. Parse the config file and
847 ; run the user interface.
852 ; Linux kernel loading code is common. However, we need to define
853 ; a couple of helper macros...
856 ; Handle "ipappend" option
857 %define HAVE_SPECIAL_APPEND
858 %macro SPECIAL_APPEND
0
859 test byte [IPAppend
],01h ; ip=
867 test byte [IPAppend
],02h
871 mov byte [es:di-1],' ' ; Replace null with space
876 %define HAVE_UNLOAD_PREP
881 %include "runkernel.inc"
884 ; COMBOOT-loading code
886 %include "comboot.inc"
888 %include "cmdline.inc"
891 ; Boot sector loading code
893 %include "bootsect.inc"
896 ; Boot to the local disk by returning the appropriate PXE magic.
897 ; AX contains the appropriate return code.
902 mov [LocalBootType
],ax
906 ; Restore the environment we were called with
913 mov ax,[cs:LocalBootType
]
923 ; kaboom: write a message and bail out. Wait for quite a while,
924 ; or a user keypress, then do a hard reboot.
932 .
patch: mov si,bailmsg
933 call writestr
; Returns with AL = 0
934 .
drain: call pollchar
941 and al,09h ; Magic+Timeout
949 .
wait2: mov dx,[BIOS_timer
]
950 .
wait3: call pollchar
961 mov word [BIOS_magic
],0 ; Cold reboot
962 jmp 0F000h:0FFF0h
; Reset vector address
965 ; memory_scan_for_pxe_struct:
967 ; If none of the standard methods find the !PXE structure, look for it
968 ; by scanning memory.
971 ; CF = 0, ES:BX -> !PXE structure
972 ; Otherwise CF = 1, all registers saved
974 memory_scan_for_pxe_struct:
981 mov ax,[BIOS_fbm
] ; Starting segment
982 shl ax,(10-4) ; Kilobytes -> paragraphs
983 ; mov ax,01000h ; Start to look here
984 dec ax ; To skip inc ax
987 cmp ax,0A000h
; End of memory
996 movzx cx,byte [es:4] ; Length of structure
997 cmp cl,08h ; Minimum length
1006 jnz .mismatch
; Checksum must == 0
1009 mov [bp+8],bx ; Save BX into stack frame (will be == 0)
1017 .
not_found: mov si,notfound_msg
1025 ; memory_scan_for_pxenv_struct:
1027 ; If none of the standard methods find the PXENV+ structure, look for it
1028 ; by scanning memory.
1030 ; On exit, if found:
1031 ; CF = 0, ES:BX -> PXENV+ structure
1032 ; Otherwise CF = 1, all registers saved
1034 memory_scan_for_pxenv_struct:
1036 mov si,trymempxenv_msg
1038 ; mov ax,[BIOS_fbm] ; Starting segment
1039 ; shl ax,(10-4) ; Kilobytes -> paragraphs
1040 mov ax,01000h ; Start to look here
1041 dec ax ; To skip inc ax
1044 cmp ax,0A000h
; End of memory
1053 movzx cx,byte [es:8] ; Length of structure
1054 cmp cl,26h ; Minimum length
1062 jnz .mismatch
; Checksum must == 0
1064 mov [bp+8],bx ; Save BX into stack frame
1070 .
not_found: mov si,notfound_msg
1079 ; Open a TFTP connection to the server
1082 ; DS:DI = mangled filename
1085 ; SI = socket pointer
1086 ; DX:AX = file length in bytes
1101 call allocate_socket
1104 mov ax,PKT_RETRY
; Retry counter
1105 mov word [PktTimeout
],PKT_TIMEOUT
; Initial timeout
1107 .
sendreq: push ax ; [bp-2] - Retry counter
1108 push si ; [bp-4] - File name
1111 mov [pxe_udp_write_pkt.buffer
],di
1113 mov ax,TFTP_RRQ
; TFTP opcode
1116 lodsd ; EAX <- server override (if any)
1118 jnz .noprefix
; No prefix, and we have the server
1120 push si ; Add common prefix
1126 mov eax,[ServerIP
] ; Get default server
1129 call strcpy
; Filename
1131 mov [bx+tftp_remoteip
],eax
1133 push bx ; [bp-6] - TFTP block
1135 push bx ; [bp-8] - TID (local port no)
1137 mov [pxe_udp_write_pkt.status
],byte 0
1138 mov [pxe_udp_write_pkt.sip
],eax
1139 ; Now figure out the gateway
1145 mov [pxe_udp_write_pkt.gip
],eax
1146 mov [pxe_udp_write_pkt.lport
],bx
1148 mov [pxe_udp_write_pkt.rport
],ax
1150 mov cx,tftp_tail_len
1152 sub di,packet_buf
; Get packet size
1153 mov [pxe_udp_write_pkt.buffersize
],di
1155 mov di,pxe_udp_write_pkt
1156 mov bx,PXENV_UDP_WRITE
1159 cmp word [pxe_udp_write_pkt.status
],byte 0
1163 ; Danger, Will Robinson! We need to support timeout
1164 ; and retry lest we just lost a packet...
1167 ; Packet transmitted OK, now we need to receive
1168 .
getpacket: push word [PktTimeout
] ; [bp-10]
1169 push word [BIOS_timer
] ; [bp-12]
1171 .
pkt_loop: mov bx,[bp-8] ; TID
1173 mov word [pxe_udp_read_pkt.status
],0
1174 mov [pxe_udp_read_pkt.buffer
],di
1175 mov [pxe_udp_read_pkt.buffer
+2],ds
1176 mov word [pxe_udp_read_pkt.buffersize
],packet_buf_size
1178 mov [pxe_udp_read_pkt.dip
],eax
1179 mov [pxe_udp_read_pkt.lport
],bx
1180 mov di,pxe_udp_read_pkt
1181 mov bx,PXENV_UDP_READ
1184 jz .got_packet
; Wait for packet
1190 dec word [bp-10] ; Timeout
1192 pop ax ; Adjust stack
1194 shl word [PktTimeout
],1 ; Exponential backoff
1198 mov si,[bp-6] ; TFTP pointer
1201 mov eax,[si+tftp_remoteip
]
1202 cmp [pxe_udp_read_pkt.sip
],eax ; This is technically not to the TFTP spec?
1205 ; Got packet - reset timeout
1206 mov word [PktTimeout
],PKT_TIMEOUT
1208 pop ax ; Adjust stack
1211 mov ax,[pxe_udp_read_pkt.rport
]
1212 mov [si+tftp_remoteport
],ax
1214 ; filesize <- -1 == unknown
1215 mov dword [si+tftp_filesize
], -1
1216 ; Default blksize unless blksize option negotiated
1217 mov word [si+tftp_blksize
], TFTP_BLOCKSIZE
1219 mov cx,[pxe_udp_read_pkt.buffersize
]
1220 sub cx,2 ; CX <- bytes after opcode
1221 jb .failure
; Garbled reply
1227 je .bailnow
; ERROR reply: don't try again
1232 ; Now we need to parse the OACK packet to get the transfer
1233 ; size. SI -> first byte of options; CX -> byte count
1235 jcxz .no_tsize
; No options acked
1239 .
opt_name_loop: lodsb
1242 or al,20h ; Convert to lowercase
1245 ; We ran out, and no final null
1247 .
got_opt_name: ; si -> option value
1248 dec cx ; bytes left in pkt
1249 jz .err_reply
; Option w/o value
1251 ; Parse option pointed to by bx; guaranteed to be
1255 mov si,bx ; -> option name
1256 mov bx,tftp_opt_table
1261 mov di,[bx] ; Option pointer
1262 mov cx,[bx+2] ; Option len
1266 je .get_value
; OK, known option
1272 jmp .err_reply
; Non-negotiated option returned
1274 .
get_value: pop si ; si -> option value
1275 pop cx ; cx -> bytes left in pkt
1276 mov bx,[bx+4] ; Pointer to data target
1277 add bx,[bp-6] ; TFTP socket pointer
1285 ja .err_reply
; Not a decimal digit
1290 ; Ran out before final null, accept anyway
1295 jnz .get_opt_name
; Not end of packet
1302 pop si ; We want the packet ptr in SI
1304 mov eax,[si+tftp_filesize
]
1308 shr edx,16 ; DX:AX == EAX
1310 and eax,eax ; Set ZF depending on file size
1312 pop bp ; Junk (retry counter)
1313 jz .error_si
; ZF = 1 need to free the socket
1322 .
err_reply: ; Option negotiation error. Send ERROR reply.
1323 ; ServerIP and gateway are already programmed in
1325 mov ax,[si+tftp_remoteport
]
1326 mov word [pxe_udp_write_pkt.rport
],ax
1327 mov word [pxe_udp_write_pkt.buffer
],tftp_opt_err
1328 mov word [pxe_udp_write_pkt.buffersize
],tftp_opt_err_len
1329 mov di,pxe_udp_write_pkt
1330 mov bx,PXENV_UDP_WRITE
1333 ; Write an error message and explode
1338 .
bailnow: mov word [bp-2],1 ; Immediate error - no retry
1340 .
failure: pop bx ; Junk
1344 dec ax ; Retry counter
1345 jnz .sendreq
; Try again
1347 .
error: mov si,bx ; Socket pointer
1348 .
error_si: ; Socket pointer already in SI
1349 call free_socket
; ZF <- 1, SI <- 0
1353 ; allocate_socket: Allocate a local UDP port structure
1357 ; BX = socket pointer
1365 .
check: cmp word [bx], byte 0
1367 add bx,open_file_t_size
1372 ; Allocate a socket number. Socket numbers are made
1373 ; guaranteed unique by including the socket slot number
1374 ; (inverted, because we use the loop counter cx); add a
1375 ; counter value to keep the numbers from being likely to
1376 ; get immediately reused.
1378 ; The NextSocket variable also contains the top two bits
1379 ; set. This generates a value in the range 49152 to
1386 and ax,((1 << (13-MAX_OPEN_LG2
))-1) |
0xC000
1388 shl cx,13-MAX_OPEN_LG2
1390 xchg ch,cl ; Convert to network byte order
1391 mov [bx],cx ; Socket in use
1397 ; Free socket: socket in SI; return SI = 0, ZF = 1 for convenience
1405 mov cx,tftp_pktbuf
>> 1 ; tftp_pktbuf is not cleared
1414 ; Read a dot-quad pathname in DS:SI and output an IP
1415 ; address in EAX, with SI pointing to the first
1416 ; nonmatching character.
1418 ; Return CF=1 on error.
1432 aad ; AL += 10 * AH; AH = 0;
1447 loop .realerror
; If CX := 1 then we're done
1453 dec si ; CF unchanged!
1457 ; mangle_name: Mangle a filename pointed to by DS:SI into a buffer pointed
1458 ; to by ES:DI; ends on encountering any whitespace.
1460 ; This verifies that a filename is < FILENAME_MAX characters
1461 ; and doesn't contain whitespace, and zero-pads the output buffer,
1462 ; so "repe cmpsb" can do a compare.
1464 ; The first four bytes of the manged name is the IP address of
1465 ; the download host.
1471 je .noip
; Null filename?!?!
1472 cmp word [si],'::' ; Leading ::?
1482 ; We have a :: prefix of some sort, it could be either
1483 ; a DNS name or a dot-quad IP address. Try the dot-quad
1507 pop cx ; Adjust stack
1508 inc si ; Skip double colon
1512 stosd ; Save IP address prefix
1513 mov cx,FILENAME_MAX
-5
1517 cmp al,' ' ; If control or space, end
1522 inc cx ; At least one null byte
1523 xor ax,ax ; Zero-fill name
1524 rep stosb ; Doesn't do anything if CX=0
1528 ; unmangle_name: Does the opposite of mangle_name; converts a DOS-mangled
1529 ; filename to the conventional representation. This is needed
1530 ; for the BOOT_IMAGE= parameter for the kernel.
1531 ; NOTE: A 13-byte buffer is mandatory, even if the string is
1532 ; known to be shorter.
1534 ; DS:SI -> input mangled file name
1535 ; ES:DI -> output buffer
1537 ; On return, DI points to the first byte after the output name,
1538 ; which is set to a null byte.
1550 dec di ; Point to final null byte
1557 ; This is the main PXENV+/!PXE entry point, using the PXENV+
1558 ; calling convention. This is a separate local routine so
1559 ; we can hook special things from it if necessary. In particular,
1560 ; some PXE stacks seem to not like being invoked from anything but
1561 ; the initial stack, so humour it.
1565 %if USE_PXE_PROVIDED_STACK
== 0
1566 mov [cs:PXEStack
],sp
1567 mov [cs:PXEStack
+2],ss
1568 lss sp,[cs:InitStack
]
1570 .
jump: call 0:pxe_thunk
; Default to calling the thunk
1571 %if USE_PXE_PROVIDED_STACK
== 0
1572 lss sp,[cs:PXEStack
]
1574 cld ; Make sure DF <- 0
1577 ; Must be after function def due to NASM bug
1578 PXENVEntry
equ pxenv.jump
+1
1583 ; Convert from the PXENV+ calling convention (BX, ES, DI) to the !PXE
1584 ; calling convention (using the stack.)
1586 ; This is called as a far routine so that we can just stick it into
1587 ; the PXENVEntry variable.
1595 cmc ; Set CF unless ax == 0
1598 ; Must be after function def due to NASM bug
1599 PXEEntry
equ pxe_thunk.jump
+1
1602 ; getfssec: Get multiple clusters from a file, given the starting cluster.
1604 ; In this case, get multiple blocks from a specific TCP connection.
1608 ; SI -> TFTP socket pointer
1609 ; CX -> 512-byte block count; 0FFFFh = until end of file
1611 ; SI -> TFTP socket pointer (or 0 on EOF)
1622 shl ecx,TFTP_BLOCKSIZE_LG2
; Convert to bytes
1623 jz .hit_eof
; Nothing to do?
1628 movzx eax,word [bx+tftp_bytesleft
]
1632 jcxz .need_packet
; No bytes available?
1635 mov ax,cx ; EAX<31:16> == ECX<31:16> == 0
1636 mov si,[bx+tftp_dataptr
]
1637 sub [bx+tftp_bytesleft
],cx
1638 fs rep movsb ; Copy from packet buffer
1639 mov [bx+tftp_dataptr
],si
1650 ; Is there anything left of this?
1651 mov eax,[si+tftp_filesize
]
1652 sub eax,[si+tftp_filepos
]
1653 jnz .bytes_left
; CF <- 0
1655 cmp [si+tftp_bytesleft
],ax
1656 jnz .bytes_left
; CF <- 0
1658 ; The socket is closed and the buffer drained
1659 ; Close socket structure and re-init for next user
1666 ; No data in buffer, check to see if we can get a packet...
1670 mov eax,[bx+tftp_filesize
]
1671 cmp eax,[bx+tftp_filepos
]
1672 je .hit_eof
; Already EOF'd; socket already closed
1684 ; Get a fresh packet; expects fs -> pktbuf_seg and ds:si -> socket structure
1691 ; Start by ACKing the previous packet; this should cause the
1692 ; next packet to be sent.
1694 mov word [PktTimeout
],PKT_TIMEOUT
1696 .
send_ack: push cx ; <D> Retry count
1698 mov ax,[si+tftp_lastpkt
]
1699 call ack_packet
; Send ACK
1701 ; We used to test the error code here, but sometimes
1702 ; PXE would return negative status even though we really
1703 ; did send the ACK. Now, just treat a failed send as
1704 ; a normally lost packet, and let it time out in due
1707 .
send_ok: ; Now wait for packet.
1708 mov dx,[BIOS_timer
] ; Get current time
1711 .
wait_data: push cx ; <E> Timeout
1712 push dx ; <F> Old time
1714 mov bx,[si+tftp_pktbuf
]
1715 mov [pxe_udp_read_pkt.buffer
],bx
1716 mov [pxe_udp_read_pkt.buffer
+2],fs
1717 mov [pxe_udp_read_pkt.buffersize
],word PKTBUF_SIZE
1718 mov eax,[si+tftp_remoteip
]
1719 mov [pxe_udp_read_pkt.sip
],eax
1721 mov [pxe_udp_read_pkt.dip
],eax
1722 mov ax,[si+tftp_remoteport
]
1723 mov [pxe_udp_read_pkt.rport
],ax
1724 mov ax,[si+tftp_localport
]
1725 mov [pxe_udp_read_pkt.lport
],ax
1726 mov di,pxe_udp_read_pkt
1727 mov bx,PXENV_UDP_READ
1734 ; No packet, or receive failure
1736 pop ax ; <F> Old time
1737 pop cx ; <E> Timeout
1738 cmp ax,dx ; Same time -> don't advance timeout
1739 je .wait_data
; Same clock tick
1740 loop .wait_data
; Decrease timeout
1742 pop cx ; <D> Didn't get any, send another ACK
1743 shl word [PktTimeout
],1 ; Exponential backoff
1745 jmp kaboom
; Forget it...
1747 .
recv_ok: pop dx ; <F>
1750 cmp word [pxe_udp_read_pkt.buffersize
],byte 4
1751 jb .wait_data
; Bad size for a DATA packet
1753 mov bx,[si+tftp_pktbuf
]
1754 cmp word [fs:bx],TFTP_DATA
; Not a data packet?
1755 jne .wait_data
; Then wait for something else
1757 mov ax,[si+tftp_lastpkt
]
1758 xchg ah,al ; Host byte order
1759 inc ax ; Which packet are we waiting for?
1760 xchg ah,al ; Network byte order
1764 ; Wrong packet, ACK the packet and then try again
1765 ; This is presumably because the ACK got lost,
1766 ; so the server just resent the previous packet
1769 jmp .send_ok
; Reset timeout
1771 .
right_packet: ; It's the packet we want. We're also EOF if the size < blocksize
1773 pop cx ; <D> Don't need the retry count anymore
1775 mov [si+tftp_lastpkt
],ax ; Update last packet number
1777 movzx ecx,word [pxe_udp_read_pkt.buffersize
]
1778 sub cx,byte 4 ; Skip TFTP header
1780 ; If this is a zero-length block, don't mess with the pointers,
1781 ; since we may have just set up the previous block that way
1784 ; Set pointer to data block
1785 lea ax,[bx+4] ; Data past TFTP header
1786 mov [si+tftp_dataptr
],ax
1788 add [si+tftp_filepos
],ecx
1789 mov [si+tftp_bytesleft
],cx
1791 cmp cx,[si+tftp_blksize
] ; Is it a full block?
1792 jb .last_block
; If so, it's not EOF
1794 ; If we had the exact right number of bytes, always get
1795 ; one more packet to get the (zero-byte) EOF packet and
1797 mov eax,[si+tftp_filepos
]
1798 cmp [si+tftp_filesize
],eax
1804 .
last_block: ; Last block - ACK packet immediately
1808 ; Make sure we know we are at end of file
1809 mov eax,[si+tftp_filepos
]
1810 mov [si+tftp_filesize
],eax
1817 ; Send ACK packet. This is a common operation and so is worth canning.
1821 ; AX = Packet # to ack (network byte order)
1824 ; All registers preserved
1826 ; This function uses the pxe_udp_write_pkt but not the packet_buf.
1830 mov [ack_packet_buf
+2],ax ; Packet number to ack
1832 mov [pxe_udp_write_pkt.lport
],ax
1833 mov ax,[si+tftp_remoteport
]
1834 mov [pxe_udp_write_pkt.rport
],ax
1835 mov eax,[si+tftp_remoteip
]
1836 mov [pxe_udp_write_pkt.sip
],eax
1842 mov [pxe_udp_write_pkt.gip
],eax
1843 mov [pxe_udp_write_pkt.buffer
],word ack_packet_buf
1844 mov [pxe_udp_write_pkt.buffersize
], word 4
1845 mov di,pxe_udp_write_pkt
1846 mov bx,PXENV_UDP_WRITE
1848 cmp ax,byte 0 ; ZF = 1 if write OK
1855 ; This function unloads the PXE and UNDI stacks and unclaims
1859 test byte [KeepPXE
],01h ; Should we keep PXE around?
1869 mov si,new_api_unload
1870 cmp byte [APIVer
+1],2 ; Major API version >= 2?
1872 mov si,old_api_unload
1875 .
call_loop: xor ax,ax
1880 mov di,pxe_unload_stack_pkt
1883 mov cx,pxe_unload_stack_pkt_len
>> 1
1888 mov ax,word [pxe_unload_stack_pkt.status
]
1889 cmp ax,PXENV_STATUS_SUCCESS
1896 mov dx,[RealBaseMem
]
1897 cmp dx,[BIOS_fbm
] ; Sanity check
1901 ; Check that PXE actually unhooked the INT 1Ah chain
1902 movzx eax,word [4*0x1a]
1903 movzx ecx,word [4*0x1a+2]
1907 cmp ax,dx ; Not in range
1921 mov si,cant_free_msg
1937 ; We want to keep PXE around, but still we should reset
1938 ; it to the standard bootup configuration
1943 mov bx,PXENV_UDP_CLOSE
1944 mov di,pxe_udp_close_pkt
1952 ; Take an IP address (in network byte order) in EAX and
1953 ; output a dotted quad string to ES:DI.
1954 ; DI points to terminal null at end of string on exit.
1963 jb .lt10
; If so, skip first 2 digits
1966 jb .lt100
; If so, skip first digit
1969 ; Now AH = 100-digit; AL = remainder
1976 ; Now AH = 10-digit; AL = remainder
1987 ror eax,8 ; Move next char into LSB
1998 ; Parse a DHCP packet. This includes dealing with "overloaded"
1999 ; option fields (see RFC 2132, section 9.3)
2001 ; This should fill in the following global variables, if the
2002 ; information is present:
2004 ; MyIP - client IP address
2005 ; ServerIP - boot server IP address
2006 ; Netmask - network mask
2007 ; Gateway - default gateway router IP
2008 ; BootFile - boot file name
2009 ; DNSServers - DNS server IPs
2010 ; LocalDomain - Local domain name
2012 ; This assumes the DHCP packet is in "trackbuf" and the length
2013 ; of the packet in in CX on entry.
2017 mov byte [OverLoad
],0 ; Assume no overload
2018 mov eax, [trackbuf
+bootp.yip
]
2021 cmp al,224 ; Class D or higher -> bad
2025 mov eax, [trackbuf
+bootp.sip
]
2028 cmp al,224 ; Class D or higher -> bad
2032 sub cx, bootp.options
2034 mov si, trackbuf
+bootp.option_magic
2036 cmp eax, BOOTP_OPTION_MAGIC
2038 call parse_dhcp_options
2040 mov si, trackbuf
+bootp.bootfile
2041 test byte [OverLoad
],1
2044 call parse_dhcp_options
2045 jmp short .parsed_file
2048 jz .parsed_file
; No bootfile name
2053 stosb ; Null-terminate
2055 mov si, trackbuf
+bootp.sname
2056 test byte [OverLoad
],2
2059 call parse_dhcp_options
2064 ; Parse a sequence of DHCP options, pointed to by DS:SI; the field
2065 ; size is CX -- some DHCP servers leave option fields unterminated
2066 ; in violation of the spec.
2068 ; For parse_some_dhcp_options, DH contains the minimum value for
2069 ; the option to recognize -- this is used to restrict parsing to
2070 ; PXELINUX-specific options only.
2075 parse_some_dhcp_options:
2082 jz .done
; Last byte; must be PAD, END or malformed
2083 cmp al, 0 ; PAD option
2085 cmp al,255 ; END option
2088 ; Anything else will have a length field
2089 mov dl,al ; DL <- option number
2091 lodsb ; AX <- option length
2093 sub cx,ax ; Decrement bytes left counter
2094 jb .done
; Malformed option: length > field size
2096 cmp dl,dh ; Is the option value valid?
2099 cmp dl,1 ; SUBNET MASK option
2106 cmp dl,3 ; ROUTER option
2113 cmp dl,6 ; DNS SERVERS option
2118 cmp cl,DNS_MAX_SERVERS
2120 mov cl,DNS_MAX_SERVERS
2124 mov [LastDNSServer
],di
2129 cmp dl,15 ; DNS LOCAL DOMAIN option
2130 jne .not_localdomain
2135 xchg [bx],al ; Zero-terminate option
2137 call dns_mangle
; Convert to DNS label set
2138 mov [bx],al ; Restore ending byte
2143 cmp dl,43 ; VENDOR ENCAPSULATED option
2146 mov dh,208 ; Only recognize PXELINUX options
2147 mov cx,ax ; Length of option = max bytes to parse
2148 call parse_some_dhcp_options
; Parse recursive structure
2153 cmp dl,52 ; OPTION OVERLOAD option
2160 cmp dl,67 ; BOOTFILE NAME option
2163 jmp short .copyoption
2165 ret ; This is here to make short jumps easier
2168 cmp dl,208 ; PXELINUX MAGIC option
2170 cmp al,4 ; Must have length == 4
2172 cmp dword [si], htonl
(0xF100747E) ; Magic number
2174 or byte [DHCPMagic
], byte 1 ; Found magic #
2178 cmp dl,209 ; PXELINUX CONFIGFILE option
2181 or byte [DHCPMagic
], byte 2 ; Got config file
2182 jmp short .copyoption
2185 cmp dl,210 ; PXELINUX PATHPREFIX option
2188 or byte [DHCPMagic
], byte 4 ; Got path prefix
2189 jmp short .copyoption
2192 cmp dl,211 ; PXELINUX REBOOTTIME option
2197 xchg bl,bh ; Convert to host byte order
2200 mov [RebootTime
],ebx
2201 or byte [DHCPMagic
], byte 8 ; Got RebootTime
2202 ; jmp short .opt_done
2205 ; Unknown option. Skip to the next one.
2211 ; Common code for copying an option verbatim
2215 xchg cx,ax ; Now ax == 0
2216 stosb ; Null-terminate
2217 jmp short .opt_done_noskip
2222 ; Generate an ip=<client-ip>:<boot-server-ip>:<gw-ip>:<netmask>
2223 ; option into IPOption based on a DHCP packet in trackbuf.
2224 ; Assumes CS == DS == ES.
2245 call gendotquad
; Zero-terminates its output
2247 mov [IPOptionLen
],di
2252 ; Call the receive loop while idle. This is done mostly so we can respond to
2253 ; ARP messages, but perhaps in the future this can be used to do network
2256 ; hpa sez: people using automatic control on the serial port get very
2257 ; unhappy if we poll for ARP too often (the PXE stack is pretty slow,
2258 ; typically.) Therefore, only poll if at least 4 BIOS timer ticks have
2259 ; passed since the last poll, and reset this when a character is
2260 ; received (RESET_IDLE).
2264 mov ax,[cs:BIOS_timer
]
2265 mov [cs:IdleTimer
],ax
2271 mov ax,[cs:BIOS_timer
]
2272 sub ax,[cs:IdleTimer
]
2284 mov [pxe_udp_read_pkt.status
],al ; 0
2285 mov [pxe_udp_read_pkt.buffer
],di
2286 mov [pxe_udp_read_pkt.buffer
+2],ds
2287 mov word [pxe_udp_read_pkt.buffersize
],packet_buf_size
2289 mov [pxe_udp_read_pkt.dip
],eax
2290 mov word [pxe_udp_read_pkt.lport
],htons
(9) ; discard port
2291 mov di,pxe_udp_read_pkt
2292 mov bx,PXENV_UDP_READ
2301 ; -----------------------------------------------------------------------------
2303 ; -----------------------------------------------------------------------------
2305 %include "getc.inc" ; getc et al
2306 %include "conio.inc" ; Console I/O
2307 %include "writestr.inc" ; String output
2308 writestr
equ cwritestr
2309 %include "writehex.inc" ; Hexadecimal output
2310 %include "parseconfig.inc" ; High-level config file handling
2311 %include "parsecmd.inc" ; Low-level config file handling
2312 %include "bcopy32.inc" ; 32-bit bcopy
2313 %include "loadhigh.inc" ; Load a file into high memory
2314 %include "font.inc" ; VGA font stuff
2315 %include "graphics.inc" ; VGA graphics
2316 %include "highmem.inc" ; High memory sizing
2317 %include "strcpy.inc" ; strcpy()
2318 %include "rawcon.inc" ; Console I/O w/o using the console functions
2319 %include "dnsresolv.inc" ; DNS resolver
2321 ; -----------------------------------------------------------------------------
2322 ; Begin data section
2323 ; -----------------------------------------------------------------------------
2327 hextbl_lower
db '0123456789abcdef'
2328 copyright_str
db ' Copyright (C) 1994-', year
, ' H. Peter Anvin'
2330 boot_prompt
db 'boot: ', 0
2331 wipe_char
db BS
, ' ', BS
, 0
2332 err_notfound
db 'Could not find kernel image: ',0
2333 err_notkernel
db CR
, LF
, 'Invalid or corrupt kernel image.', CR
, LF
, 0
2334 err_noram
db 'It appears your computer has less than '
2336 db 'K of low ("DOS")'
2338 db 'RAM. Linux needs at least this amount to boot. If you get'
2340 db 'this message in error, hold down the Ctrl key while'
2342 db 'booting, and I will take your word for it.', CR
, LF
, 0
2343 err_badcfg
db 'Unknown keyword in config file.', CR
, LF
, 0
2344 err_noparm
db 'Missing parameter in config file.', CR
, LF
, 0
2345 err_noinitrd
db CR
, LF
, 'Could not find ramdisk image: ', 0
2346 err_nohighmem
db 'Not enough memory to load specified kernel.', CR
, LF
, 0
2347 err_highload
db CR
, LF
, 'Kernel transfer failure.', CR
, LF
, 0
2348 err_oldkernel
db 'Cannot load a ramdisk with an old kernel image.'
2350 err_notdos
db ': attempted DOS system call', CR
, LF
, 0
2351 err_comlarge
db 'COMBOOT image too large.', CR
, LF
, 0
2352 err_bssimage
db 'BSS images not supported.', CR
, LF
, 0
2353 err_a20
db CR
, LF
, 'A20 gate not responding!', CR
, LF
, 0
2354 err_bootfailed
db CR
, LF
, 'Boot failed: press a key to retry, or wait for reset...', CR
, LF
, 0
2355 bailmsg
equ err_bootfailed
2356 err_nopxe
db "No !PXE or PXENV+ API found; we're dead...", CR
, LF
, 0
2357 err_pxefailed
db 'PXE API call failed, error ', 0
2358 err_udpinit
db 'Failed to initialize UDP stack', CR
, LF
, 0
2359 err_oldtftp
db 'TFTP server does not support the tsize option', CR
, LF
, 0
2360 found_pxenv
db 'Found PXENV+ structure', CR
, LF
, 0
2361 using_pxenv_msg
db 'Old PXE API detected, using PXENV+ structure', CR
, LF
, 0
2362 apiver_str
db 'PXE API version is ',0
2363 pxeentry_msg
db 'PXE entry point found (we hope) at ', 0
2364 pxenventry_msg
db 'PXENV entry point found (we hope) at ', 0
2365 trymempxe_msg
db 'Scanning memory for !PXE structure... ', 0
2366 trymempxenv_msg
db 'Scanning memory for PXENV+ structure... ', 0
2367 undi_data_msg
db 'UNDI data segment at: ',0
2368 undi_data_len_msg
db 'UNDI data segment size: ',0
2369 undi_code_msg
db 'UNDI code segment at: ',0
2370 undi_code_len_msg
db 'UNDI code segment size: ',0
2371 cant_free_msg
db 'Failed to free base memory, error ', 0
2372 notfound_msg
db 'not found', CR
, LF
, 0
2373 myipaddr_msg
db 'My IP address seems to be ',0
2374 tftpprefix_msg
db 'TFTP prefix: ', 0
2375 localboot_msg
db 'Booting from local disk...', CR
, LF
, 0
2376 cmdline_msg
db 'Command line: ', CR
, LF
, 0
2377 ready_msg
db 'Ready.', CR
, LF
, 0
2378 trying_msg
db 'Trying to load: ', 0
2379 crlfloading_msg
db CR
, LF
; Fall through
2380 loading_msg
db 'Loading ', 0
2383 fourbs_msg
db BS
, BS
, BS
, BS
, 0
2384 aborted_msg
db ' aborted.' ; Fall through to crlf_msg!
2387 crff_msg
db CR
, FF
, 0
2388 default_str
db 'default', 0
2389 default_len
equ ($
-default_str
)
2390 syslinux_banner
db CR
, LF
, 'PXELINUX ', version_str
, ' ', date
, ' ', 0
2391 cfgprefix
db 'pxelinux.cfg/' ; No final null!
2392 cfgprefix_len
equ ($
-cfgprefix
)
2395 ; Command line options we'd like to take a look at
2397 ; mem= and vga= are handled as normal 32-bit integer values
2398 initrd_cmd
db 'initrd='
2399 initrd_cmd_len
equ $
-initrd_cmd
2401 ; This one we make ourselves
2402 bootif_str
db 'BOOTIF='
2403 bootif_str_len
equ $
-bootif_str
2405 ; Config file keyword table
2407 %include "keywords.inc"
2410 ; Extensions to search for (in *forward* order).
2411 ; (.bs and .bss are disabled for PXELINUX, since they are not supported)
2414 exten_table: db '.cbt' ; COMBOOT (specific)
2415 db '.0', 0, 0 ; PXE bootstrap program
2416 db '.com' ; COMBOOT (same as DOS)
2419 dd 0, 0 ; Need 8 null bytes here
2422 ; PXE unload sequences
2426 db PXENV_UNDI_SHUTDOWN
2427 db PXENV_UNLOAD_STACK
2432 db PXENV_UNDI_SHUTDOWN
2433 db PXENV_UNLOAD_STACK
2434 db PXENV_UNDI_CLEANUP
2438 ; PXE query packets partially filled in
2440 pxe_bootp_query_pkt_2:
2441 .
status: dw 0 ; Status
2442 .
packettype: dw 2 ; DHCPACK packet
2443 .
buffersize: dw trackbufsize
; Packet size
2444 .
buffer: dw trackbuf
, 0 ; seg:off of buffer
2445 .
bufferlimit: dw trackbufsize
; Unused
2447 pxe_bootp_query_pkt_3:
2448 .
status: dw 0 ; Status
2449 .
packettype: dw 3 ; Boot server packet
2450 .
buffersize: dw trackbufsize
; Packet size
2451 .
buffer: dw trackbuf
, 0 ; seg:off of buffer
2452 .
bufferlimit: dw trackbufsize
; Unused
2454 pxe_bootp_size_query_pkt:
2455 .
status: dw 0 ; Status
2456 .
packettype: dw 2 ; DHCPACK packet
2457 .
buffersize: dw 0 ; Packet size
2458 .
buffer: dw 0, 0 ; seg:off of buffer
2459 .
bufferlimit: dw 0 ; Unused
2462 .
status: dw 0 ; Status
2463 .
sip: dd 0 ; Source (our) IP
2466 .
status: dw 0 ; Status
2469 .
status: dw 0 ; Status
2470 .
sip: dd 0 ; Server IP
2471 .
gip: dd 0 ; Gateway IP
2472 .
lport: dw 0 ; Local port
2473 .
rport: dw 0 ; Remote port
2474 .
buffersize: dw 0 ; Size of packet
2475 .
buffer: dw 0, 0 ; seg:off of buffer
2478 .
status: dw 0 ; Status
2479 .
sip: dd 0 ; Source IP
2480 .
dip: dd 0 ; Destination (our) IP
2481 .
rport: dw 0 ; Remote port
2482 .
lport: dw 0 ; Local port
2483 .
buffersize: dw 0 ; Max packet size
2484 .
buffer: dw 0, 0 ; seg:off of buffer
2487 ; Misc initialized (data) variables
2490 BaseStack
dd StackBuf
; ESP of base stack
2491 dw 0 ; SS of base stack
2492 NextSocket
dw 49152 ; Counter for allocating socket numbers
2493 KeepPXE
db 0 ; Should PXE be kept around?
2498 tftp_tail
db 'octet', 0 ; Octet mode
2499 tsize_str
db 'tsize' ,0 ; Request size
2500 tsize_len
equ ($
-tsize_str
)
2502 blksize_str
db 'blksize', 0 ; Request large blocks
2503 blksize_len
equ ($
-blksize_str
)
2504 asciidec TFTP_LARGEBLK
2506 tftp_tail_len
equ ($
-tftp_tail
)
2510 ; Options negotiation parsing table (string pointer, string len, offset
2511 ; into socket structure)
2514 dw tsize_str
, tsize_len
, tftp_filesize
2515 dw blksize_str
, blksize_len
, tftp_blksize
2516 tftp_opts
equ ($
-tftp_opt_table
)/6
2519 ; Error packet to return on options negotiation error
2521 tftp_opt_err
dw TFTP_ERROR
; ERROR packet
2522 dw TFTP_EOPTNEG
; ERROR 8: bad options
2523 db 'tsize option required', 0 ; Error message
2524 tftp_opt_err_len
equ ($
-tftp_opt_err
)
2527 ack_packet_buf: dw TFTP_ACK
, 0 ; TFTP ACK packet
2530 ; IP information (initialized to "unknown" values)
2531 MyIP
dd 0 ; My IP address
2532 ServerIP
dd 0 ; IP address of boot server
2533 Netmask
dd 0 ; Netmask of this subnet
2534 Gateway
dd 0 ; Default router
2535 ServerPort
dw TFTP_PORT
; TFTP server port
2538 ; Variables that are uninitialized in SYSLINUX but initialized here
2541 BufSafe
dw trackbufsize
/TFTP_BLOCKSIZE
; Clusters we can load into trackbuf
2542 BufSafeSec
dw trackbufsize
/512 ; = how many sectors?
2543 BufSafeBytes
dw trackbufsize
; = how many bytes?
2544 EndOfGetCBuf
dw getcbuf
+trackbufsize
; = getcbuf+BufSafeBytes
2546 %if
( trackbufsize
% TFTP_BLOCKSIZE
) != 0
2547 %error trackbufsize must be a multiple of TFTP_BLOCKSIZE
2550 IPAppend
db 0 ; Default IPAPPEND option
2551 DHCPMagic
db 0 ; DHCP site-specific option info