search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Assemble via ELF, to enable future linking
[syslinux.git] / pxelinux.asm
blobc4feee2e0787cac975a30e9804efa14c9bb9c53d
1 ; -*- fundamental -*- (asm-mode sucks)
2 ; ****************************************************************************
3 ;
4 ; pxelinux.asm
5 ;
6 ; A program to boot Linux kernels off a TFTP server using the Intel PXE
7 ; network booting API. It is based on the SYSLINUX boot loader for
8 ; MS-DOS floppies.
9 ;
10 ; Copyright 1994-2008 H. Peter Anvin - All Rights Reserved
11 ;
12 ; This program is free software; you can redistribute it and/or modify
13 ; it under the terms of the GNU General Public License as published by
14 ; the Free Software Foundation, Inc., 53 Temple Place Ste 330,
15 ; Boston MA 02111-1307, USA; either version 2 of the License, or
16 ; (at your option) any later version; incorporated herein by reference.
17 ;
18 ; ****************************************************************************
19
20 %define IS_PXELINUX 1
21 %include "head.inc"
22 %include "pxe.inc"
23
24 ; gPXE extensions support
25 %define GPXE 1
26
27 ;
28 ; Some semi-configurable constants... change on your own risk.
29 ;
30 my_id equ pxelinux_id
31 FILENAME_MAX_LG2 equ 7 ; log2(Max filename size Including final null)
32 FILENAME_MAX equ (1 << FILENAME_MAX_LG2)
33 NULLFILE equ 0 ; Zero byte == null file name
34 NULLOFFSET equ 4 ; Position in which to look
35 REBOOT_TIME equ 5*60 ; If failure, time until full reset
36 %assign HIGHMEM_SLOP 128*1024 ; Avoid this much memory near the top
37 MAX_OPEN_LG2 equ 5 ; log2(Max number of open sockets)
38 MAX_OPEN equ (1 << MAX_OPEN_LG2)
39 PKTBUF_SIZE equ (65536/MAX_OPEN) ; Per-socket packet buffer size
40 TFTP_PORT equ htons(69) ; Default TFTP port
41 PKT_RETRY equ 6 ; Packet transmit retry count
42 PKT_TIMEOUT equ 12 ; Initial timeout, timer ticks @ 55 ms
43 ; Desired TFTP block size
44 ; For Ethernet MTU is normally 1500. Unfortunately there seems to
45 ; be a fair number of networks with "substandard" MTUs which break.
46 ; The code assumes TFTP_LARGEBLK <= 2K.
47 TFTP_MTU equ 1440
48 TFTP_LARGEBLK equ (TFTP_MTU-20-8-4) ; MTU - IP hdr - UDP hdr - TFTP hdr
49 ; Standard TFTP block size
50 TFTP_BLOCKSIZE_LG2 equ 9 ; log2(bytes/block)
51 TFTP_BLOCKSIZE equ (1 << TFTP_BLOCKSIZE_LG2)
52 %assign USE_PXE_PROVIDED_STACK 1 ; Use stack provided by PXE?
53
54 SECTOR_SHIFT equ TFTP_BLOCKSIZE_LG2
55 SECTOR_SIZE equ TFTP_BLOCKSIZE
56
57 ;
58 ; This is what we need to do when idle
59 ; *** This is disabled because some PXE stacks wait for unacceptably
60 ; *** long if there are no packets receivable.
61
62 %define HAVE_IDLE 0 ; idle is not a noop
63
64 %if HAVE_IDLE
65 %macro RESET_IDLE 0
66 call reset_idle
67 %endmacro
68 %macro DO_IDLE 0
69 call check_for_arp
70 %endmacro
71 %else
72 %macro RESET_IDLE 0
73 ; Nothing
74 %endmacro
75 %macro DO_IDLE 0
76 ; Nothing
77 %endmacro
78 %endif
79
80 ;
81 ; TFTP operation codes
82 ;
83 TFTP_RRQ equ htons(1) ; Read request
84 TFTP_WRQ equ htons(2) ; Write request
85 TFTP_DATA equ htons(3) ; Data packet
86 TFTP_ACK equ htons(4) ; ACK packet
87 TFTP_ERROR equ htons(5) ; ERROR packet
88 TFTP_OACK equ htons(6) ; OACK packet
89
90 ;
91 ; TFTP error codes
92 ;
93 TFTP_EUNDEF equ htons(0) ; Unspecified error
94 TFTP_ENOTFOUND equ htons(1) ; File not found
95 TFTP_EACCESS equ htons(2) ; Access violation
96 TFTP_ENOSPACE equ htons(3) ; Disk full
97 TFTP_EBADOP equ htons(4) ; Invalid TFTP operation
98 TFTP_EBADID equ htons(5) ; Unknown transfer
99 TFTP_EEXISTS equ htons(6) ; File exists
100 TFTP_ENOUSER equ htons(7) ; No such user
101 TFTP_EOPTNEG equ htons(8) ; Option negotiation failure
102
103 ;
104 ; The following structure is used for "virtual kernels"; i.e. LILO-style
105 ; option labels. The options we permit here are `kernel' and `append
106 ; Since there is no room in the bottom 64K for all of these, we
107 ; stick them in high memory and copy them down before we need them.
108 ;
109 struc vkernel
110 vk_vname: resb FILENAME_MAX ; Virtual name **MUST BE FIRST!**
111 vk_rname: resb FILENAME_MAX ; Real name
112 vk_ipappend: resb 1 ; "IPAPPEND" flag
113 vk_type: resb 1 ; Type of file
114 vk_appendlen: resw 1
115 alignb 4
116 vk_append: resb max_cmd_len+1 ; Command line
117 alignb 4
118 vk_end: equ $ ; Should be <= vk_size
119 endstruc
120
121 ;
122 ; Segment assignments in the bottom 640K
123 ; 0000h - main code/data segment (and BIOS segment)
124 ;
125 real_mode_seg equ 3000h
126 pktbuf_seg equ 2000h ; Packet buffers segments
127 xfer_buf_seg equ 1000h ; Bounce buffer for I/O to high mem
128 comboot_seg equ real_mode_seg ; COMBOOT image loading zone
129
130 ;
131 ; BOOTP/DHCP packet pattern
132 ;
133 struc bootp_t
134 bootp:
135 .opcode resb 1 ; BOOTP/DHCP "opcode"
136 .hardware resb 1 ; ARP hardware type
137 .hardlen resb 1 ; Hardware address length
138 .gatehops resb 1 ; Used by forwarders
139 .ident resd 1 ; Transaction ID
140 .seconds resw 1 ; Seconds elapsed
141 .flags resw 1 ; Broadcast flags
142 .cip resd 1 ; Client IP
143 .yip resd 1 ; "Your" IP
144 .sip resd 1 ; Next server IP
145 .gip resd 1 ; Relay agent IP
146 .macaddr resb 16 ; Client MAC address
147 .sname resb 64 ; Server name (optional)
148 .bootfile resb 128 ; Boot file name
149 .option_magic resd 1 ; Vendor option magic cookie
150 .options resb 1260 ; Vendor options
151 endstruc
152
153 BOOTP_OPTION_MAGIC equ htonl(0x63825363) ; See RFC 2132
154
155 ;
156 ; TFTP connection data structure. Each one of these corresponds to a local
157 ; UDP port. The size of this structure must be a power of 2.
158 ; HBO = host byte order; NBO = network byte order
159 ; (*) = written by options negotiation code, must be dword sized
160 ;
161 ; For a gPXE connection, we set the local port number to -1 and the
162 ; remote port number contains the gPXE file handle.
163 ;
164 struc open_file_t
165 tftp_localport resw 1 ; Local port number (0 = not in use)
166 tftp_remoteport resw 1 ; Remote port number
167 tftp_remoteip resd 1 ; Remote IP address
168 tftp_filepos resd 1 ; Bytes downloaded (including buffer)
169 tftp_filesize resd 1 ; Total file size(*)
170 tftp_blksize resd 1 ; Block size for this connection(*)
171 tftp_bytesleft resw 1 ; Unclaimed data bytes
172 tftp_lastpkt resw 1 ; Sequence number of last packet (NBO)
173 tftp_dataptr resw 1 ; Pointer to available data
174 tftp_goteof resb 1 ; 1 if the EOF packet received
175 resb 3 ; Currently unusued
176 ; At end since it should not be zeroed on socked close
177 tftp_pktbuf resw 1 ; Packet buffer offset
178 endstruc
179 %ifndef DEPEND
180 %if (open_file_t_size & (open_file_t_size-1))
181 %error "open_file_t is not a power of 2"
182 %endif
183 %endif
184
185 ; ---------------------------------------------------------------------------
186 ; BEGIN CODE
187 ; ---------------------------------------------------------------------------
188
189 ;
190 ; Memory below this point is reserved for the BIOS and the MBR
191 ;
192 section .earlybss
193 trackbufsize equ 8192
194 trackbuf resb trackbufsize ; Track buffer goes here
195 ; ends at 2800h
196
197 alignb open_file_t_size
198 Files resb MAX_OPEN*open_file_t_size
199
200 alignb FILENAME_MAX
201 BootFile resb 256 ; Boot file from DHCP packet
202 PathPrefix resb 256 ; Path prefix derived from boot file
203 DotQuadBuf resb 16 ; Buffer for dotted-quad IP address
204 IPOption resb 80 ; ip= option buffer
205 InitStack resd 1 ; Pointer to reset stack (SS:SP)
206 PXEStack resd 1 ; Saved stack during PXE call
207
208 section .bss
209 alignb 4
210 RebootTime resd 1 ; Reboot timeout, if set by option
211 StrucPtr resd 1 ; Pointer to PXENV+ or !PXE structure
212 APIVer resw 1 ; PXE API version found
213 IPOptionLen resw 1 ; Length of IPOption
214 IdleTimer resw 1 ; Time to check for ARP?
215 LocalBootType resw 1 ; Local boot return code
216 PktTimeout resw 1 ; Timeout for current packet
217 RealBaseMem resw 1 ; Amount of DOS memory after freeing
218 OverLoad resb 1 ; Set if DHCP packet uses "overloading"
219 DHCPMagic resb 1 ; PXELINUX magic flags
220
221 ; The relative position of these fields matter!
222 MAC_MAX equ 32 ; Handle hardware addresses this long
223 MACLen resb 1 ; MAC address len
224 MACType resb 1 ; MAC address type
225 MAC resb MAC_MAX+1 ; Actual MAC address
226 BOOTIFStr resb 7 ; Space for "BOOTIF="
227 MACStr resb 3*(MAC_MAX+1) ; MAC address as a string
228
229 ; The relative position of these fields matter!
230 UUIDType resb 1 ; Type byte from DHCP option
231 UUID resb 16 ; UUID, from the PXE stack
232 UUIDNull resb 1 ; dhcp_copyoption zero-terminates
233
234 ;
235 ; PXE packets which don't need static initialization
236 ;
237 alignb 4
238 pxe_unload_stack_pkt:
239 .status: resw 1 ; Status
240 .reserved: resw 10 ; Reserved
241 pxe_unload_stack_pkt_len equ $-pxe_unload_stack_pkt
242
243 alignb 16
244 ; BOOTP/DHCP packet buffer
245
246 section .bss2
247 alignb 16
248 packet_buf resb 2048 ; Transfer packet
249 packet_buf_size equ $-packet_buf
250
251 section .text
252 ;
253 ; PXELINUX needs more BSS than the other derivatives;
254 ; therefore we relocate it from 7C00h on startup.
255 ;
256 StackBuf equ $ ; Base of stack if we use our own
257
258 ;
259 ; Primary entry point.
260 ;
261 bootsec equ $
262 _start:
263 pushfd ; Paranoia... in case of return to PXE
264 pushad ; ... save as much state as possible
265 push ds
266 push es
267 push fs
268 push gs
269
270 xor ax,ax
271 mov ds,ax
272 mov es,ax
273
274 %ifndef DEPEND
275 %if TEXT_START != 0x7c00
276 ; This is uglier than it should be, but works around
277 ; some NASM 0.98.38 bugs.
278 mov di,section..bcopy32.start
279 add di,__bcopy_size-4
280 lea si,[di-(TEXT_START-7C00h)]
281 lea cx,[di-(TEXT_START-4)]
282 shr cx,2
283 std ; Overlapping areas, copy backwards
284 rep movsd
285 %endif
286 %endif
287 jmp 0:_start1 ; Canonicalize address
288 _start1:
289 mov bp,sp
290 les bx,[bp+48] ; ES:BX -> !PXE or PXENV+ structure
291
292 ; That is all pushed onto the PXE stack. Save the pointer
293 ; to it and switch to an internal stack.
294 mov [InitStack],sp
295 mov [InitStack+2],ss
296
297 %if USE_PXE_PROVIDED_STACK
298 ; Apparently some platforms go bonkers if we
299 ; set up our own stack...
300 mov [BaseStack],sp
301 mov [BaseStack+4],ss
302 %endif
303
304 cli ; Paranoia
305 lss esp,[BaseStack]
306
307 sti ; Stack set up and ready
308 cld ; Copy upwards
309
310 ;
311 ; Initialize screen (if we're using one)
312 ;
313 push es ; Save ES -> PXE entry structure
314 push ds
315 pop es ; ES <- DS
316 %include "init.inc"
317 pop es ; Restore ES -> PXE entry structure
318 ;
319 ; Tell the user we got this far
320 ;
321 mov si,syslinux_banner
322 call writestr
323
324 mov si,copyright_str
325 call writestr
326
327 ;
328 ; Assume API version 2.1, in case we find the !PXE structure without
329 ; finding the PXENV+ structure. This should really look at the Base
330 ; Code ROM ID structure in have_pxe, but this is adequate for now --
331 ; if we have !PXE, we have to be 2.1 or higher, and we don't care
332 ; about higher versions than that.
333 ;
334 mov word [APIVer],0201h
335
336 ;
337 ; Now we need to find the !PXE structure. It's *supposed* to be pointed
338 ; to by SS:[SP+4], but support INT 1Ah, AX=5650h method as well.
339 ; FIX: ES:BX should point to the PXENV+ structure on entry as well.
340 ; We should make that the second test, and not trash ES:BX...
341 ;
342 cmp dword [es:bx], '!PXE'
343 je have_pxe
344
345 ; Uh-oh, not there... try plan B
346 mov ax, 5650h
347 %if USE_PXE_PROVIDED_STACK == 0
348 lss sp,[InitStack]
349 %endif
350 int 1Ah ; May trash regs
351 %if USE_PXE_PROVIDED_STACK == 0
352 lss esp,[BaseStack]
353 %endif
354
355 jc no_pxe
356 cmp ax,564Eh
357 jne no_pxe
358
359 ; Okay, that gave us the PXENV+ structure, find !PXE
360 ; structure from that (if available)
361 cmp dword [es:bx], 'PXEN'
362 jne no_pxe
363 cmp word [es:bx+4], 'V+'
364 je have_pxenv
365
366 ; Nothing there either. Last-ditch: scan memory
367 call memory_scan_for_pxe_struct ; !PXE scan
368 jnc have_pxe
369 call memory_scan_for_pxenv_struct ; PXENV+ scan
370 jnc have_pxenv
371
372 no_pxe: mov si,err_nopxe
373 call writestr
374 jmp kaboom
375
376 have_pxenv:
377 mov [StrucPtr],bx
378 mov [StrucPtr+2],es
379
380 mov si,found_pxenv
381 call writestr
382
383 mov si,apiver_str
384 call writestr
385 mov ax,[es:bx+6]
386 mov [APIVer],ax
387 call writehex4
388 call crlf
389
390 cmp ax,0201h ; API version 2.1 or higher
391 jb old_api
392 mov si,bx
393 mov ax,es
394 les bx,[es:bx+28h] ; !PXE structure pointer
395 cmp dword [es:bx],'!PXE'
396 je have_pxe
397
398 ; Nope, !PXE structure missing despite API 2.1+, or at least
399 ; the pointer is missing. Do a last-ditch attempt to find it.
400 call memory_scan_for_pxe_struct
401 jnc have_pxe
402
403 ; Otherwise, no dice, use PXENV+ structure
404 mov bx,si
405 mov es,ax
406
407 old_api: ; Need to use a PXENV+ structure
408 mov si,using_pxenv_msg
409 call writestr
410
411 mov eax,[es:bx+0Ah] ; PXE RM API
412 mov [PXEEntry],eax
413
414 mov si,undi_data_msg
415 call writestr
416 mov ax,[es:bx+20h]
417 call writehex4
418 call crlf
419 mov si,undi_data_len_msg
420 call writestr
421 mov ax,[es:bx+22h]
422 call writehex4
423 call crlf
424 mov si,undi_code_msg
425 call writestr
426 mov ax,[es:bx+24h]
427 call writehex4
428 call crlf
429 mov si,undi_code_len_msg
430 call writestr
431 mov ax,[es:bx+26h]
432 call writehex4
433 call crlf
434
435 ; Compute base memory size from PXENV+ structure
436 xor esi,esi
437 movzx eax,word [es:bx+20h] ; UNDI data seg
438 cmp ax,[es:bx+24h] ; UNDI code seg
439 ja .use_data
440 mov ax,[es:bx+24h]
441 mov si,[es:bx+26h]
442 jmp short .combine
443 .use_data:
444 mov si,[es:bx+22h]
445 .combine:
446 shl eax,4
447 add eax,esi
448 shr eax,10 ; Convert to kilobytes
449 mov [RealBaseMem],ax
450
451 mov si,pxenventry_msg
452 call writestr
453 mov ax,[PXEEntry+2]
454 call writehex4
455 mov al,':'
456 call writechr
457 mov ax,[PXEEntry]
458 call writehex4
459 call crlf
460 jmp have_entrypoint
461
462 have_pxe:
463 mov [StrucPtr],bx
464 mov [StrucPtr+2],es
465
466 mov eax,[es:bx+10h]
467 mov [PXEEntry],eax
468
469 mov si,undi_data_msg
470 call writestr
471 mov eax,[es:bx+2Ah]
472 call writehex8
473 call crlf
474 mov si,undi_data_len_msg
475 call writestr
476 mov ax,[es:bx+2Eh]
477 call writehex4
478 call crlf
479 mov si,undi_code_msg
480 call writestr
481 mov ax,[es:bx+32h]
482 call writehex8
483 call crlf
484 mov si,undi_code_len_msg
485 call writestr
486 mov ax,[es:bx+36h]
487 call writehex4
488 call crlf
489
490 ; Compute base memory size from !PXE structure
491 xor esi,esi
492 mov eax,[es:bx+2Ah]
493 cmp eax,[es:bx+32h]
494 ja .use_data
495 mov eax,[es:bx+32h]
496 mov si,[es:bx+36h]
497 jmp short .combine
498 .use_data:
499 mov si,[es:bx+2Eh]
500 .combine:
501 add eax,esi
502 shr eax,10
503 mov [RealBaseMem],ax
504
505 mov si,pxeentry_msg
506 call writestr
507 mov ax,[PXEEntry+2]
508 call writehex4
509 mov al,':'
510 call writechr
511 mov ax,[PXEEntry]
512 call writehex4
513 call crlf
514
515 have_entrypoint:
516 push cs
517 pop es ; Restore CS == DS == ES
518
519 ;
520 ; Network-specific initialization
521 ;
522 xor ax,ax
523 mov [LocalDomain],al ; No LocalDomain received
524
525 ;
526 ; The DHCP client identifiers are best gotten from the DHCPREQUEST
527 ; packet (query info 1).
528 ;
529 query_bootp_1:
530 mov dl,1
531 call pxe_get_cached_info
532 call parse_dhcp
533
534 ; We don't use flags from the request packet, so
535 ; this is a good time to initialize DHCPMagic...
536 ; Initialize it to 1 meaning we will accept options found;
537 ; in earlier versions of PXELINUX bit 0 was used to indicate
538 ; we have found option 208 with the appropriate magic number;
539 ; we no longer require that, but MAY want to re-introduce
540 ; it in the future for vendor encapsulated options.
541 mov byte [DHCPMagic],1
542
543 ;
544 ; Now attempt to get the BOOTP/DHCP packet that brought us life (and an IP
545 ; address). This lives in the DHCPACK packet (query info 2).
546 ;
547 query_bootp_2:
548 mov dl,2
549 call pxe_get_cached_info
550 call parse_dhcp ; Parse DHCP packet
551 ;
552 ; Save away MAC address (assume this is in query info 2. If this
553 ; turns out to be problematic it might be better getting it from
554 ; the query info 1 packet.)
555 ;
556 .save_mac:
557 movzx cx,byte [trackbuf+bootp.hardlen]
558 cmp cx,16
559 jna .mac_ok
560 xor cx,cx ; Bad hardware address length
561 .mac_ok:
562 mov [MACLen],cl
563 mov al,[trackbuf+bootp.hardware]
564 mov [MACType],al
565 mov si,trackbuf+bootp.macaddr
566 mov di,MAC
567 rep movsb
568
569 ; Enable this if we really need to zero-pad this field...
570 ; mov cx,MAC+MAC_MAX+1
571 ; sub cx,di
572 ; xor ax,ax
573 ; rep stosb
574
575 ;
576 ; Now, get the boot file and other info. This lives in the CACHED_REPLY
577 ; packet (query info 3).
578 ;
579 mov dl,3
580 call pxe_get_cached_info
581 call parse_dhcp ; Parse DHCP packet
582
583 ;
584 ; Generate the bootif string, and the hardware-based config string.
585 ;
586 make_bootif_string:
587 mov si,bootif_str
588 mov di,BOOTIFStr
589 mov cx,bootif_str_len
590 rep movsb
591
592 movzx cx,byte [MACLen]
593 mov si,MACType
594 inc cx
595 .hexify_mac:
596 push cx
597 mov cl,1 ; CH == 0 already
598 call lchexbytes
599 mov al,'-'
600 stosb
601 pop cx
602 loop .hexify_mac
603 mov [di-1],cl ; Null-terminate and strip final dash
604 ;
605 ; Generate ip= option
606 ;
607 call genipopt
608
609 ;
610 ; Print IP address
611 ;
612 mov eax,[MyIP]
613 mov di,DotQuadBuf
614 push di
615 call gendotquad ; This takes network byte order input
616
617 xchg ah,al ; Convert to host byte order
618 ror eax,16 ; (BSWAP doesn't work on 386)
619 xchg ah,al
620
621 mov si,myipaddr_msg
622 call writestr
623 call writehex8
624 mov al,' '
625 call writechr
626 pop si ; DotQuadBuf
627 call writestr
628 call crlf
629
630 mov si,IPOption
631 call writestr
632 call crlf
633
634 ;
635 ; Check to see if we got any PXELINUX-specific DHCP options; in particular,
636 ; if we didn't get the magic enable, do not recognize any other options.
637 ;
638 check_dhcp_magic:
639 test byte [DHCPMagic], 1 ; If we didn't get the magic enable...
640 jnz .got_magic
641 mov byte [DHCPMagic], 0 ; If not, kill all other options
642 .got_magic:
643
644
645 ;
646 ; Initialize UDP stack
647 ;
648 udp_init:
649 mov eax,[MyIP]
650 mov [pxe_udp_open_pkt.sip],eax
651 mov di,pxe_udp_open_pkt
652 mov bx,PXENV_UDP_OPEN
653 call pxenv
654 jc .failed
655 cmp word [pxe_udp_open_pkt.status], byte 0
656 je .success
657 .failed: mov si,err_udpinit
658 call writestr
659 jmp kaboom
660 .success:
661
662 ;
663 ; Common initialization code
664 ;
665 %include "cpuinit.inc"
666
667 ;
668 ; Now we're all set to start with our *real* business. First load the
669 ; configuration file (if any) and parse it.
670 ;
671 ; In previous versions I avoided using 32-bit registers because of a
672 ; rumour some BIOSes clobbered the upper half of 32-bit registers at
673 ; random. I figure, though, that if there are any of those still left
674 ; they probably won't be trying to install Linux on them...
675 ;
676 ; The code is still ripe with 16-bitisms, though. Not worth the hassle
677 ; to take'm out. In fact, we may want to put them back if we're going
678 ; to boot ELKS at some point.
679 ;
680
681 ;
682 ; Store standard filename prefix
683 ;
684 prefix: test byte [DHCPMagic], 04h ; Did we get a path prefix option
685 jnz .got_prefix
686 mov si,BootFile
687 mov di,PathPrefix
688 cld
689 call strcpy
690 mov cx,di
691 sub cx,PathPrefix+1
692 std
693 lea si,[di-2] ; Skip final null!
694 .find_alnum: lodsb
695 or al,20h
696 cmp al,'.' ; Count . or - as alphanum
697 je .alnum
698 cmp al,'-'
699 je .alnum
700 cmp al,'0'
701 jb .notalnum
702 cmp al,'9'
703 jbe .alnum
704 cmp al,'a'
705 jb .notalnum
706 cmp al,'z'
707 ja .notalnum
708 .alnum: loop .find_alnum
709 dec si
710 .notalnum: mov byte [si+2],0 ; Zero-terminate after delimiter
711 cld
712 .got_prefix:
713 mov si,tftpprefix_msg
714 call writestr
715 mov si,PathPrefix
716 call writestr
717 call crlf
718
719 ;
720 ; Load configuration file
721 ;
722 find_config:
723
724 ;
725 ; Begin looking for configuration file
726 ;
727 config_scan:
728 test byte [DHCPMagic], 02h
729 jz .no_option
730
731 ; We got a DHCP option, try it first
732 call .try
733 jnz .success
734
735 .no_option:
736 mov di,ConfigName
737 mov si,cfgprefix
738 mov cx,cfgprefix_len
739 rep movsb
740
741 ; Have to guess config file name...
742
743 ; Try loading by UUID.
744 cmp byte [HaveUUID],0
745 je .no_uuid
746
747 push di
748 mov bx,uuid_dashes
749 mov si,UUID
750 .gen_uuid:
751 movzx cx,byte [bx]
752 jcxz .done_uuid
753 inc bx
754 call lchexbytes
755 mov al,'-'
756 stosb
757 jmp .gen_uuid
758 .done_uuid:
759 mov [di-1],cl ; Remove last dash and zero-terminate
760 pop di
761 call .try
762 jnz .success
763 .no_uuid:
764
765 ; Try loading by MAC address
766 push di
767 mov si,MACStr
768 call strcpy
769 pop di
770 call .try
771 jnz .success
772
773 ; Nope, try hexadecimal IP prefixes...
774 .scan_ip:
775 mov cx,4
776 mov si,MyIP
777 call uchexbytes ; Convert to hex string
778
779 mov cx,8 ; Up to 8 attempts
780 .tryagain:
781 mov byte [di],0 ; Zero-terminate string
782 call .try
783 jnz .success
784 dec di ; Drop one character
785 loop .tryagain
786
787 ; Final attempt: "default" string
788 mov si,default_str ; "default" string
789 call strcpy
790 call .try
791 jnz .success
792
793 mov si,err_noconfig
794 call writestr
795 jmp kaboom
796
797 .try:
798 pusha
799 mov si,trying_msg
800 call writestr
801 mov di,ConfigName
802 mov si,di
803 call writestr
804 call crlf
805 mov si,di
806 mov di,KernelName ; Borrow this buffer for mangled name
807 call mangle_name
808 call open
809 popa
810 ret
811
812
813 .success:
814
815 ;
816 ; Linux kernel loading code is common. However, we need to define
817 ; a couple of helper macros...
818 ;
819
820 ; Handle "ipappend" option
821 %define HAVE_SPECIAL_APPEND
822 %macro SPECIAL_APPEND 0
823 test byte [IPAppend],01h ; ip=
824 jz .noipappend1
825 mov si,IPOption
826 mov cx,[IPOptionLen]
827 rep movsb
828 mov al,' '
829 stosb
830 .noipappend1:
831 test byte [IPAppend],02h
832 jz .noipappend2
833 mov si,BOOTIFStr
834 call strcpy
835 mov byte [es:di-1],' ' ; Replace null with space
836 .noipappend2:
837 %endmacro
838
839 ; Unload PXE stack
840 %define HAVE_UNLOAD_PREP
841 %macro UNLOAD_PREP 0
842 call unload_pxe
843 %endmacro
844
845 ;
846 ; Now we have the config file open. Parse the config file and
847 ; run the user interface.
848 ;
849 %include "ui.inc"
850
851 ;
852 ; Boot to the local disk by returning the appropriate PXE magic.
853 ; AX contains the appropriate return code.
854 ;
855 %if HAS_LOCALBOOT
856
857 local_boot:
858 push cs
859 pop ds
860 mov [LocalBootType],ax
861 call vgaclearmode
862 mov si,localboot_msg
863 call writestr
864 ; Restore the environment we were called with
865 lss sp,[InitStack]
866 pop gs
867 pop fs
868 pop es
869 pop ds
870 popad
871 mov ax,[cs:LocalBootType]
872 popfd
873 retf ; Return to PXE
874
875 %endif
876
877 ;
878 ; kaboom: write a message and bail out. Wait for quite a while,
879 ; or a user keypress, then do a hard reboot.
880 ;
881 kaboom:
882 RESET_STACK_AND_SEGS AX
883 .patch: mov si,bailmsg
884 call writestr ; Returns with AL = 0
885 .drain: call pollchar
886 jz .drained
887 call getchar
888 jmp short .drain
889 .drained:
890 mov edi,[RebootTime]
891 mov al,[DHCPMagic]
892 and al,09h ; Magic+Timeout
893 cmp al,09h
894 je .time_set
895 mov edi,REBOOT_TIME
896 .time_set:
897 mov cx,18
898 .wait1: push cx
899 mov ecx,edi
900 .wait2: mov dx,[BIOS_timer]
901 .wait3: call pollchar
902 jnz .keypress
903 cmp dx,[BIOS_timer]
904 je .wait3
905 loop .wait2,ecx
906 mov al,'.'
907 call writechr
908 pop cx
909 loop .wait1
910 .keypress:
911 call crlf
912 mov word [BIOS_magic],0 ; Cold reboot
913 jmp 0F000h:0FFF0h ; Reset vector address
914
915 ;
916 ; memory_scan_for_pxe_struct:
917 ;
918 ; If none of the standard methods find the !PXE structure, look for it
919 ; by scanning memory.
920 ;
921 ; On exit, if found:
922 ; CF = 0, ES:BX -> !PXE structure
923 ; Otherwise CF = 1, all registers saved
924 ;
925 memory_scan_for_pxe_struct:
926 push ds
927 pusha
928 mov ax,cs
929 mov ds,ax
930 mov si,trymempxe_msg
931 call writestr
932 mov ax,[BIOS_fbm] ; Starting segment
933 shl ax,(10-4) ; Kilobytes -> paragraphs
934 ; mov ax,01000h ; Start to look here
935 dec ax ; To skip inc ax
936 .mismatch:
937 inc ax
938 cmp ax,0A000h ; End of memory
939 jae .not_found
940 call writehex4
941 mov si,fourbs_msg
942 call writestr
943 mov es,ax
944 mov edx,[es:0]
945 cmp edx,'!PXE'
946 jne .mismatch
947 movzx cx,byte [es:4] ; Length of structure
948 cmp cl,08h ; Minimum length
949 jb .mismatch
950 push ax
951 xor ax,ax
952 xor si,si
953 .checksum: es lodsb
954 add ah,al
955 loop .checksum
956 pop ax
957 jnz .mismatch ; Checksum must == 0
958 .found: mov bp,sp
959 xor bx,bx
960 mov [bp+8],bx ; Save BX into stack frame (will be == 0)
961 mov ax,es
962 call writehex4
963 call crlf
964 popa
965 pop ds
966 clc
967 ret
968 .not_found: mov si,notfound_msg
969 call writestr
970 popa
971 pop ds
972 stc
973 ret
974
975 ;
976 ; memory_scan_for_pxenv_struct:
977 ;
978 ; If none of the standard methods find the PXENV+ structure, look for it
979 ; by scanning memory.
980 ;
981 ; On exit, if found:
982 ; CF = 0, ES:BX -> PXENV+ structure
983 ; Otherwise CF = 1, all registers saved
984 ;
985 memory_scan_for_pxenv_struct:
986 pusha
987 mov si,trymempxenv_msg
988 call writestr
989 ; mov ax,[BIOS_fbm] ; Starting segment
990 ; shl ax,(10-4) ; Kilobytes -> paragraphs
991 mov ax,01000h ; Start to look here
992 dec ax ; To skip inc ax
993 .mismatch:
994 inc ax
995 cmp ax,0A000h ; End of memory
996 jae .not_found
997 mov es,ax
998 mov edx,[es:0]
999 cmp edx,'PXEN'
1000 jne .mismatch
1001 mov dx,[es:4]
1002 cmp dx,'V+'
1003 jne .mismatch
1004 movzx cx,byte [es:8] ; Length of structure
1005 cmp cl,26h ; Minimum length
1006 jb .mismatch
1007 xor ax,ax
1008 xor si,si
1009 .checksum: es lodsb
1010 add ah,al
1011 loop .checksum
1012 and ah,ah
1013 jnz .mismatch ; Checksum must == 0
1014 .found: mov bp,sp
1015 mov [bp+8],bx ; Save BX into stack frame
1016 mov ax,bx
1017 call writehex4
1018 call crlf
1019 clc
1020 ret
1021 .not_found: mov si,notfound_msg
1022 call writestr
1023 popad
1024 stc
1025 ret
1026
1027 ;
1028 ; close_file:
1029 ; Deallocates a file structure (pointer in SI)
1030 ; Assumes CS == DS.
1031 ;
1032 ; XXX: We should check to see if this file is still open on the server
1033 ; side and send a courtesy ERROR packet to the server.
1034 ;
1035 close_file:
1036 and si,si
1037 jz .closed
1038 mov word [si],0 ; Not in use
1039 .closed: ret
1040
1041 ;
1042 ; searchdir:
1043 ;
1044 ; Open a TFTP connection to the server
1045 ;
1046 ; On entry:
1047 ; DS:DI = mangled filename
1048 ; If successful:
1049 ; ZF clear
1050 ; SI = socket pointer
1051 ; EAX = file length in bytes, or -1 if unknown
1052 ; If unsuccessful
1053 ; ZF set
1054 ;
1055
1056 searchdir:
1057 push es
1058 push bx
1059 push cx
1060 mov ax,ds
1061 mov es,ax
1062 mov si,di
1063 push bp
1064 mov bp,sp
1065
1066 call allocate_socket
1067 jz .ret
1068
1069 mov ax,PKT_RETRY ; Retry counter
1070 mov word [PktTimeout],PKT_TIMEOUT ; Initial timeout
1071
1072 .sendreq: push ax ; [bp-2] - Retry counter
1073 push si ; [bp-4] - File name
1074
1075 mov di,packet_buf
1076 mov [pxe_udp_write_pkt.buffer],di
1077
1078 mov ax,TFTP_RRQ ; TFTP opcode
1079 stosw
1080
1081 lodsd ; EAX <- server override (if any)
1082 and eax,eax
1083 jnz .noprefix ; No prefix, and we have the server
1084
1085 push si ; Add common prefix
1086 mov si,PathPrefix
1087 call strcpy
1088 dec di
1089 pop si
1090
1091 mov eax,[ServerIP] ; Get default server
1092
1093 .noprefix:
1094 call strcpy ; Filename
1095 %if GPXE
1096 mov si,packet_buf+2
1097 call is_gpxe
1098 jnc .gpxe
1099 %endif
1100
1101 mov [bx+tftp_remoteip],eax
1102
1103 push bx ; [bp-6] - TFTP block
1104 mov bx,[bx]
1105 push bx ; [bp-8] - TID (local port no)
1106
1107 mov [pxe_udp_write_pkt.status],byte 0
1108 mov [pxe_udp_write_pkt.sip],eax
1109 ; Now figure out the gateway
1110 xor eax,[MyIP]
1111 and eax,[Netmask]
1112 jz .nogwneeded
1113 mov eax,[Gateway]
1114 .nogwneeded:
1115 mov [pxe_udp_write_pkt.gip],eax
1116 mov [pxe_udp_write_pkt.lport],bx
1117 mov ax,[ServerPort]
1118 mov [pxe_udp_write_pkt.rport],ax
1119 mov si,tftp_tail
1120 mov cx,tftp_tail_len
1121 rep movsb
1122 sub di,packet_buf ; Get packet size
1123 mov [pxe_udp_write_pkt.buffersize],di
1124
1125 mov di,pxe_udp_write_pkt
1126 mov bx,PXENV_UDP_WRITE
1127 call pxenv
1128 jc .failure
1129 cmp word [pxe_udp_write_pkt.status],byte 0
1130 jne .failure
1131
1132 ;
1133 ; Danger, Will Robinson! We need to support timeout
1134 ; and retry lest we just lost a packet...
1135 ;
1136
1137 ; Packet transmitted OK, now we need to receive
1138 .getpacket: push word [PktTimeout] ; [bp-10]
1139 push word [BIOS_timer] ; [bp-12]
1140
1141 .pkt_loop: mov bx,[bp-8] ; TID
1142 mov di,packet_buf
1143 mov word [pxe_udp_read_pkt.status],0
1144 mov [pxe_udp_read_pkt.buffer],di
1145 mov [pxe_udp_read_pkt.buffer+2],ds
1146 mov word [pxe_udp_read_pkt.buffersize],packet_buf_size
1147 mov eax,[MyIP]
1148 mov [pxe_udp_read_pkt.dip],eax
1149 mov [pxe_udp_read_pkt.lport],bx
1150 mov di,pxe_udp_read_pkt
1151 mov bx,PXENV_UDP_READ
1152 call pxenv
1153 jnc .got_packet ; Wait for packet
1154 .no_packet:
1155 mov dx,[BIOS_timer]
1156 cmp dx,[bp-12]
1157 je .pkt_loop
1158 mov [bp-12],dx
1159 dec word [bp-10] ; Timeout
1160 jnz .pkt_loop
1161 pop ax ; Adjust stack
1162 pop ax
1163 shl word [PktTimeout],1 ; Exponential backoff
1164 jmp .failure
1165
1166 .got_packet:
1167 mov si,[bp-6] ; TFTP pointer
1168 mov bx,[bp-8] ; TID
1169
1170 ; Make sure the packet actually came from the server
1171 ; This is technically not to the TFTP spec?
1172 mov eax,[si+tftp_remoteip]
1173 cmp [pxe_udp_read_pkt.sip],eax
1174 jne .no_packet
1175
1176 ; Got packet - reset timeout
1177 mov word [PktTimeout],PKT_TIMEOUT
1178
1179 pop ax ; Adjust stack
1180 pop ax
1181
1182 mov ax,[pxe_udp_read_pkt.rport]
1183 mov [si+tftp_remoteport],ax
1184
1185 ; filesize <- -1 == unknown
1186 mov dword [si+tftp_filesize], -1
1187 ; Default blksize unless blksize option negotiated
1188 mov word [si+tftp_blksize], TFTP_BLOCKSIZE
1189
1190 movzx ecx,word [pxe_udp_read_pkt.buffersize]
1191 sub cx,2 ; CX <- bytes after opcode
1192 jb .failure ; Garbled reply
1193
1194 mov si,packet_buf
1195 lodsw
1196
1197 cmp ax, TFTP_ERROR
1198 je .bailnow ; ERROR reply: don't try again
1199
1200 ; If the server doesn't support any options, we'll get
1201 ; a DATA reply instead of OACK. Stash the data in
1202 ; the file buffer and go with the default value for
1203 ; all options...
1204 cmp ax, TFTP_DATA
1205 je .no_oack
1206
1207 cmp ax, TFTP_OACK
1208 jne .err_reply ; Unknown packet type
1209
1210 ; Now we need to parse the OACK packet to get the transfer
1211 ; and packet sizes.
1212 ; SI -> first byte of options; [E]CX -> byte count
1213 .parse_oack:
1214 jcxz .done_pkt ; No options acked
1215 .get_opt_name:
1216 mov di,si
1217 mov bx,si
1218 .opt_name_loop: lodsb
1219 and al,al
1220 jz .got_opt_name
1221 or al,20h ; Convert to lowercase
1222 stosb
1223 loop .opt_name_loop
1224 ; We ran out, and no final null
1225 jmp .err_reply
1226 .got_opt_name: ; si -> option value
1227 dec cx ; bytes left in pkt
1228 jz .err_reply ; Option w/o value
1229
1230 ; Parse option pointed to by bx; guaranteed to be
1231 ; null-terminated.
1232 push cx
1233 push si
1234 mov si,bx ; -> option name
1235 mov bx,tftp_opt_table
1236 mov cx,tftp_opts
1237 .opt_loop:
1238 push cx
1239 push si
1240 mov di,[bx] ; Option pointer
1241 mov cx,[bx+2] ; Option len
1242 repe cmpsb
1243 pop si
1244 pop cx
1245 je .get_value ; OK, known option
1246 add bx,6
1247 loop .opt_loop
1248
1249 pop si
1250 pop cx
1251 jmp .err_reply ; Non-negotiated option returned
1252
1253 .get_value: pop si ; si -> option value
1254 pop cx ; cx -> bytes left in pkt
1255 mov bx,[bx+4] ; Pointer to data target
1256 add bx,[bp-6] ; TFTP socket pointer
1257 xor eax,eax
1258 xor edx,edx
1259 .value_loop: lodsb
1260 and al,al
1261 jz .got_value
1262 sub al,'0'
1263 cmp al, 9
1264 ja .err_reply ; Not a decimal digit
1265 imul edx,10
1266 add edx,eax
1267 mov [bx],edx
1268 loop .value_loop
1269 ; Ran out before final null, accept anyway
1270 jmp short .done_pkt
1271
1272 .got_value:
1273 dec cx
1274 jnz .get_opt_name ; Not end of packet
1275
1276 ; ZF == 1
1277
1278 ; Success, done!
1279 .done_pkt:
1280 pop si ; Junk
1281 pop si ; We want the packet ptr in SI
1282
1283 mov eax,[si+tftp_filesize]
1284 .got_file: ; SI->socket structure, EAX = size
1285 and eax,eax ; Set ZF depending on file size
1286 jz .error_si ; ZF = 1 need to free the socket
1287 .ret:
1288 leave ; SP <- BP, POP BP
1289 pop cx
1290 pop bx
1291 pop es
1292 ret
1293
1294
1295 .no_oack: ; We got a DATA packet, meaning no options are
1296 ; suported. Save the data away and consider the length
1297 ; undefined, *unless* this is the only data packet...
1298 mov bx,[bp-6] ; File pointer
1299 sub cx,2 ; Too short?
1300 jb .failure
1301 lodsw ; Block number
1302 cmp ax,htons(1)
1303 jne .failure
1304 mov [bx+tftp_lastpkt],ax
1305 cmp cx,TFTP_BLOCKSIZE
1306 ja .err_reply ; Corrupt...
1307 je .not_eof
1308 ; This was the final EOF packet, already...
1309 ; We know the filesize, but we also want to ack the
1310 ; packet and set the EOF flag.
1311 mov [bx+tftp_filesize],ecx
1312 mov byte [bx+tftp_goteof],1
1313 push si
1314 mov si,bx
1315 ; AX = htons(1) already
1316 call ack_packet
1317 pop si
1318 .not_eof:
1319 mov [bx+tftp_bytesleft],cx
1320 mov ax,pktbuf_seg
1321 push es
1322 mov es,ax
1323 mov di,tftp_pktbuf
1324 mov [bx+tftp_dataptr],di
1325 add cx,3
1326 shr cx,2
1327 rep movsd
1328 pop es
1329 jmp .done_pkt
1330
1331 .err_reply: ; Option negotiation error. Send ERROR reply.
1332 ; ServerIP and gateway are already programmed in
1333 mov si,[bp-6]
1334 mov ax,[si+tftp_remoteport]
1335 mov word [pxe_udp_write_pkt.rport],ax
1336 mov word [pxe_udp_write_pkt.buffer],tftp_opt_err
1337 mov word [pxe_udp_write_pkt.buffersize],tftp_opt_err_len
1338 mov di,pxe_udp_write_pkt
1339 mov bx,PXENV_UDP_WRITE
1340 call pxenv
1341
1342 ; Write an error message and explode
1343 mov si,err_damage
1344 call writestr
1345 jmp kaboom
1346
1347 .bailnow: mov word [bp-2],1 ; Immediate error - no retry
1348
1349 .failure: pop bx ; Junk
1350 pop bx
1351 pop si
1352 pop ax
1353 dec ax ; Retry counter
1354 jnz .sendreq ; Try again
1355
1356 .error: mov si,bx ; Socket pointer
1357 .error_si: ; Socket pointer already in SI
1358 call free_socket ; ZF <- 1, SI <- 0
1359 jmp .ret
1360
1361
1362 %if GPXE
1363 .gpxe:
1364 push bx ; Socket pointer
1365 mov di,gpxe_file_open
1366 mov word [di],2 ; PXENV_STATUS_BAD_FUNC
1367 mov word [di+4],packet_buf+2 ; Completed URL
1368 mov [di+6],ds
1369 mov bx,PXENV_FILE_OPEN
1370 call pxenv
1371 pop si ; Socket pointer in SI
1372 jc .error_si
1373
1374 mov ax,[di+2]
1375 mov word [si+tftp_localport],-1 ; gPXE URL
1376 mov [si+tftp_remoteport],ax
1377 mov di,gpxe_get_file_size
1378 mov [di+2],ax
1379
1380 %if 0
1381 ; Disable this for now since gPXE doesn't always
1382 ; return valid information in PXENV_GET_FILE_SIZE
1383 mov bx,PXENV_GET_FILE_SIZE
1384 call pxenv
1385 mov eax,[di+4] ; File size
1386 jnc .oksize
1387 %endif
1388 or eax,-1 ; Size unknown
1389 .oksize:
1390 mov [si+tftp_filesize],eax
1391 jmp .got_file
1392 %endif ; GPXE
1393
1394 ;
1395 ; allocate_socket: Allocate a local UDP port structure
1396 ;
1397 ; If successful:
1398 ; ZF set
1399 ; BX = socket pointer
1400 ; If unsuccessful:
1401 ; ZF clear
1402 ;
1403 allocate_socket:
1404 push cx
1405 mov bx,Files
1406 mov cx,MAX_OPEN
1407 .check: cmp word [bx], byte 0
1408 je .found
1409 add bx,open_file_t_size
1410 loop .check
1411 xor cx,cx ; ZF = 1
1412 pop cx
1413 ret
1414 ; Allocate a socket number. Socket numbers are made
1415 ; guaranteed unique by including the socket slot number
1416 ; (inverted, because we use the loop counter cx); add a
1417 ; counter value to keep the numbers from being likely to
1418 ; get immediately reused.
1419 ;
1420 ; The NextSocket variable also contains the top two bits
1421 ; set. This generates a value in the range 49152 to
1422 ; 57343.
1423 .found:
1424 dec cx
1425 push ax
1426 mov ax,[NextSocket]
1427 inc ax
1428 and ax,((1 << (13-MAX_OPEN_LG2))-1) | 0xC000
1429 mov [NextSocket],ax
1430 shl cx,13-MAX_OPEN_LG2
1431 add cx,ax ; ZF = 0
1432 xchg ch,cl ; Convert to network byte order
1433 mov [bx],cx ; Socket in use
1434 pop ax
1435 pop cx
1436 ret
1437
1438 ;
1439 ; Free socket: socket in SI; return SI = 0, ZF = 1 for convenience
1440 ;
1441 free_socket:
1442 push es
1443 pusha
1444 xor ax,ax
1445 mov es,ax
1446 mov di,si
1447 mov cx,tftp_pktbuf >> 1 ; tftp_pktbuf is not cleared
1448 rep stosw
1449 popa
1450 pop es
1451 xor si,si
1452 ret
1453
1454 ;
1455 ; parse_dotquad:
1456 ; Read a dot-quad pathname in DS:SI and output an IP
1457 ; address in EAX, with SI pointing to the first
1458 ; nonmatching character.
1459 ;
1460 ; Return CF=1 on error.
1461 ;
1462 ; No segment assumptions permitted.
1463 ;
1464 parse_dotquad:
1465 push cx
1466 mov cx,4
1467 xor eax,eax
1468 .parseloop:
1469 mov ch,ah
1470 mov ah,al
1471 lodsb
1472 sub al,'0'
1473 jb .notnumeric
1474 cmp al,9
1475 ja .notnumeric
1476 aad ; AL += 10 * AH; AH = 0;
1477 xchg ah,ch
1478 jmp .parseloop
1479 .notnumeric:
1480 cmp al,'.'-'0'
1481 pushf
1482 mov al,ah
1483 mov ah,ch
1484 xor ch,ch
1485 ror eax,8
1486 popf
1487 jne .error
1488 loop .parseloop
1489 jmp .done
1490 .error:
1491 loop .realerror ; If CX := 1 then we're done
1492 clc
1493 jmp .done
1494 .realerror:
1495 stc
1496 .done:
1497 dec si ; CF unchanged!
1498 pop cx
1499 ret
1500
1501 ;
1502 ; is_url: Return CF=0 if and only if the buffer pointed to by
1503 ; DS:SI is a URL (contains ://). No registers modified.
1504 ;
1505 %if GPXE
1506 is_url:
1507 push si
1508 push eax
1509 .loop:
1510 mov eax,[si]
1511 inc si
1512 and al,al
1513 jz .not_url
1514 and eax,0FFFFFFh
1515 cmp eax,'://'
1516 jne .loop
1517 .done:
1518 ; CF=0 here
1519 pop eax
1520 pop si
1521 ret
1522 .not_url:
1523 stc
1524 jmp .done
1525
1526 ;
1527 ; is_gpxe: Return CF=0 if and only if the buffer pointed to by
1528 ; DS:SI is a URL (contains ://) *and* the gPXE extensions
1529 ; API is available. No registers modified.
1530 ;
1531 is_gpxe:
1532 call is_url
1533 jc .ret ; Not a URL, don't bother
1534 .again:
1535 cmp byte [HasGPXE],1
1536 ja .unknown
1537 ; CF=1 if not available (0),
1538 ; CF=0 if known available (1).
1539 .ret: ret
1540
1541 .unknown:
1542 ; If we get here, the gPXE status is unknown.
1543 push es
1544 pushad
1545 push ds
1546 pop es
1547 mov di,gpxe_file_api_check
1548 mov bx,PXENV_FILE_API_CHECK ; BH = 0
1549 call pxenv
1550 jc .nogood
1551 cmp dword [di+4],0xe9c17b20
1552 jne .nogood
1553 mov ax,[di+12] ; Don't care about the upper half...
1554 not ax ; Set bits of *missing* functions...
1555 and ax,01001011b ; The functions we care about
1556 setz bh
1557 jz .done
1558 .nogood:
1559 mov si,gpxe_warning_msg
1560 call writestr
1561 .done:
1562 mov [HasGPXE],bh
1563 popad
1564 pop es
1565 jmp .again
1566
1567 section .data
1568 gpxe_warning_msg
1569 db 'URL syntax, but gPXE extensions not detected, '
1570 db 'trying plain TFTP...', CR, LF, 0
1571 HasGPXE db -1 ; Unknown
1572 section .text
1573
1574 %endif
1575
1576 ;
1577 ; mangle_name: Mangle a filename pointed to by DS:SI into a buffer pointed
1578 ; to by ES:DI; ends on encountering any whitespace.
1579 ; DI is preserved.
1580 ;
1581 ; This verifies that a filename is < FILENAME_MAX characters
1582 ; and doesn't contain whitespace, and zero-pads the output buffer,
1583 ; so "repe cmpsb" can do a compare.
1584 ;
1585 ; The first four bytes of the manged name is the IP address of
1586 ; the download host, 0 for no host, or -1 for a gPXE URL.
1587 ;
1588 ; No segment assumptions permitted.
1589 ;
1590 mangle_name:
1591 push di
1592 %if GPXE
1593 call is_url
1594 jc .not_url
1595 or eax,-1 ; It's a URL
1596 jmp .prefix_done
1597 .not_url:
1598 %endif ; GPXE
1599 push si
1600 mov eax,[cs:ServerIP]
1601 cmp byte [si],0
1602 je .noip ; Null filename?!?!
1603 cmp word [si],'::' ; Leading ::?
1604 je .gotprefix
1605
1606 .more:
1607 inc si
1608 cmp byte [si],0
1609 je .noip
1610 cmp word [si],'::'
1611 jne .more
1612
1613 ; We have a :: prefix of some sort, it could be either
1614 ; a DNS name or a dot-quad IP address. Try the dot-quad
1615 ; first...
1616 .here:
1617 pop si
1618 push si
1619 call parse_dotquad
1620 jc .notdq
1621 cmp word [si],'::'
1622 je .gotprefix
1623 .notdq:
1624 pop si
1625 push si
1626 call dns_resolv
1627 cmp word [si],'::'
1628 jne .noip
1629 and eax,eax
1630 jnz .gotprefix
1631
1632 .noip:
1633 pop si
1634 xor eax,eax
1635 jmp .prefix_done
1636
1637 .gotprefix:
1638 pop cx ; Adjust stack
1639 inc si ; Skip double colon
1640 inc si
1641
1642 .prefix_done:
1643 stosd ; Save IP address prefix
1644 mov cx,FILENAME_MAX-5
1645
1646 .mn_loop:
1647 lodsb
1648 cmp al,' ' ; If control or space, end
1649 jna .mn_end
1650 stosb
1651 loop .mn_loop
1652 .mn_end:
1653 inc cx ; At least one null byte
1654 xor ax,ax ; Zero-fill name
1655 rep stosb ; Doesn't do anything if CX=0
1656 pop di
1657 ret ; Done
1658
1659 ;
1660 ; unmangle_name: Does the opposite of mangle_name; converts a DOS-mangled
1661 ; filename to the conventional representation. This is needed
1662 ; for the BOOT_IMAGE= parameter for the kernel.
1663 ;
1664 ; NOTE: The output buffer needs to be able to hold an
1665 ; expanded IP address.
1666 ;
1667 ; DS:SI -> input mangled file name
1668 ; ES:DI -> output buffer
1669 ;
1670 ; On return, DI points to the first byte after the output name,
1671 ; which is set to a null byte.
1672 ;
1673 unmangle_name:
1674 push eax
1675 lodsd
1676 and eax,eax
1677 jz .noip
1678 cmp eax,-1
1679 jz .noip ; URL
1680 call gendotquad
1681 mov ax,'::'
1682 stosw
1683 .noip:
1684 call strcpy
1685 dec di ; Point to final null byte
1686 pop eax
1687 ret
1688
1689 ;
1690 ; pxenv
1691 ;
1692 ; This is the main PXENV+/!PXE entry point, using the PXENV+
1693 ; calling convention. This is a separate local routine so
1694 ; we can hook special things from it if necessary. In particular,
1695 ; some PXE stacks seem to not like being invoked from anything but
1696 ; the initial stack, so humour it.
1697 ;
1698 ; While we're at it, save and restore all registers.
1699 ;
1700 pxenv:
1701 pushad
1702 %if USE_PXE_PROVIDED_STACK == 0
1703 mov [cs:PXEStack],sp
1704 mov [cs:PXEStack+2],ss
1705 lss sp,[cs:InitStack]
1706 %endif
1707 ; This works either for the PXENV+ or the !PXE calling
1708 ; convention, as long as we ignore CF (which is redundant
1709 ; with AX anyway.)
1710 push es
1711 push di
1712 push bx
1713 .jump: call 0:0
1714 add sp,6
1715 mov [cs:PXEStatus],ax
1716 add ax,-1 ; Set CF unless AX was 0
1717
1718 %if USE_PXE_PROVIDED_STACK == 0
1719 lss sp,[cs:PXEStack]
1720 %endif
1721
1722 ; This clobbers the AX return, but we don't use it
1723 ; except for testing it against zero (and setting CF),
1724 ; which we did above. For anything else,
1725 ; use the Status field in the reply.
1726 ; For the COMBOOT function, the value is saved in
1727 ; the PXEStatus variable.
1728 popad
1729 cld ; Make sure DF <- 0
1730 ret
1731
1732 ; Must be after function def due to NASM bug
1733 PXEEntry equ pxenv.jump+1
1734
1735 section .bss
1736 alignb 2
1737 PXEStatus resb 2
1738
1739 section .text
1740
1741 ;
1742 ; getfssec: Get multiple clusters from a file, given the starting cluster.
1743 ;
1744 ; In this case, get multiple blocks from a specific TCP connection.
1745 ;
1746 ; On entry:
1747 ; ES:BX -> Buffer
1748 ; SI -> TFTP socket pointer
1749 ; CX -> 512-byte block count; 0FFFFh = until end of file
1750 ; On exit:
1751 ; SI -> TFTP socket pointer (or 0 on EOF)
1752 ; CF = 1 -> Hit EOF
1753 ; ECX -> number of bytes actually read
1754 ;
1755 getfssec:
1756 push eax
1757 push edi
1758 push bx
1759 push si
1760 push fs
1761 mov di,bx
1762 mov ax,pktbuf_seg
1763 mov fs,ax
1764
1765 xor eax,eax
1766 movzx ecx,cx
1767 shl ecx,TFTP_BLOCKSIZE_LG2 ; Convert to bytes
1768 push ecx ; Initial request size
1769 jz .hit_eof ; Nothing to do?
1770
1771 .need_more:
1772 call fill_buffer
1773 movzx eax,word [si+tftp_bytesleft]
1774 and ax,ax
1775 jz .hit_eof
1776
1777 push ecx
1778 cmp ecx,eax
1779 jna .ok_size
1780 mov ecx,eax
1781 .ok_size:
1782 mov ax,cx ; EAX<31:16> == ECX<31:16> == 0
1783 mov bx,[si+tftp_dataptr]
1784 sub [si+tftp_bytesleft],cx
1785 xchg si,bx
1786 fs rep movsb ; Copy from packet buffer
1787 xchg si,bx
1788 mov [si+tftp_dataptr],bx
1789
1790 pop ecx
1791 sub ecx,eax
1792 jnz .need_more
1793
1794 .hit_eof:
1795 call fill_buffer
1796
1797 pop eax ; Initial request amount
1798 xchg eax,ecx
1799 sub ecx,eax ; ... minus anything not gotten
1800
1801 pop fs
1802 pop si
1803
1804 ; Is there anything left of this?
1805 mov eax,[si+tftp_filesize]
1806 sub eax,[si+tftp_filepos]
1807 jnz .bytes_left
1808
1809 cmp [si+tftp_bytesleft],ax ; AX == 0
1810 jne .bytes_left
1811
1812 cmp byte [si+tftp_goteof],0
1813 je .done
1814 ; I'm 99% sure this can't happen, but...
1815 call fill_buffer ; Receive/ACK the EOF packet
1816 .done:
1817 ; The socket is closed and the buffer drained
1818 ; Close socket structure and re-init for next user
1819 call free_socket
1820 stc
1821 jmp .ret
1822 .bytes_left:
1823 clc
1824 .ret:
1825 pop bx
1826 pop edi
1827 pop eax
1828 ret
1829
1830 ;
1831 ; Get a fresh packet if the buffer is drained, and we haven't hit
1832 ; EOF yet. The buffer should be filled immediately after draining!
1833 ;
1834 ; expects fs -> pktbuf_seg and ds:si -> socket structure
1835 ;
1836 fill_buffer:
1837 cmp word [si+tftp_bytesleft],0
1838 je .empty
1839 ret ; Otherwise, nothing to do
1840
1841 .empty:
1842 push es
1843 pushad
1844 mov ax,ds
1845 mov es,ax
1846
1847 ; Note: getting the EOF packet is not the same thing
1848 ; as tftp_filepos == tftp_filesize; if the EOF packet
1849 ; is empty the latter condition can be true without
1850 ; having gotten the official EOF.
1851 cmp byte [si+tftp_goteof],0
1852 jne .ret ; Already EOF
1853
1854 %if GPXE
1855 cmp word [si+tftp_localport], -1
1856 jne .get_packet_tftp
1857 call get_packet_gpxe
1858 jmp .ret
1859 .get_packet_tftp:
1860 %endif ; GPXE
1861
1862 ; TFTP code...
1863 .packet_loop:
1864 ; Start by ACKing the previous packet; this should cause the
1865 ; next packet to be sent.
1866 mov cx,PKT_RETRY
1867 mov word [PktTimeout],PKT_TIMEOUT
1868
1869 .send_ack: push cx ; <D> Retry count
1870
1871 mov ax,[si+tftp_lastpkt]
1872 call ack_packet ; Send ACK
1873
1874 ; We used to test the error code here, but sometimes
1875 ; PXE would return negative status even though we really
1876 ; did send the ACK. Now, just treat a failed send as
1877 ; a normally lost packet, and let it time out in due
1878 ; course of events.
1879
1880 .send_ok: ; Now wait for packet.
1881 mov dx,[BIOS_timer] ; Get current time
1882
1883 mov cx,[PktTimeout]
1884 .wait_data: push cx ; <E> Timeout
1885 push dx ; <F> Old time
1886
1887 mov bx,[si+tftp_pktbuf]
1888 mov [pxe_udp_read_pkt.buffer],bx
1889 mov [pxe_udp_read_pkt.buffer+2],fs
1890 mov [pxe_udp_read_pkt.buffersize],word PKTBUF_SIZE
1891 mov eax,[si+tftp_remoteip]
1892 mov [pxe_udp_read_pkt.sip],eax
1893 mov eax,[MyIP]
1894 mov [pxe_udp_read_pkt.dip],eax
1895 mov ax,[si+tftp_remoteport]
1896 mov [pxe_udp_read_pkt.rport],ax
1897 mov ax,[si+tftp_localport]
1898 mov [pxe_udp_read_pkt.lport],ax
1899 mov di,pxe_udp_read_pkt
1900 mov bx,PXENV_UDP_READ
1901 call pxenv
1902 jnc .recv_ok
1903
1904 ; No packet, or receive failure
1905 mov dx,[BIOS_timer]
1906 pop ax ; <F> Old time
1907 pop cx ; <E> Timeout
1908 cmp ax,dx ; Same time -> don't advance timeout
1909 je .wait_data ; Same clock tick
1910 loop .wait_data ; Decrease timeout
1911
1912 pop cx ; <D> Didn't get any, send another ACK
1913 shl word [PktTimeout],1 ; Exponential backoff
1914 loop .send_ack
1915 jmp kaboom ; Forget it...
1916
1917 .recv_ok: pop dx ; <F>
1918 pop cx ; <E>
1919
1920 cmp word [pxe_udp_read_pkt.buffersize],byte 4
1921 jb .wait_data ; Bad size for a DATA packet
1922
1923 mov bx,[si+tftp_pktbuf]
1924 cmp word [fs:bx],TFTP_DATA ; Not a data packet?
1925 jne .wait_data ; Then wait for something else
1926
1927 mov ax,[si+tftp_lastpkt]
1928 xchg ah,al ; Host byte order
1929 inc ax ; Which packet are we waiting for?
1930 xchg ah,al ; Network byte order
1931 cmp [fs:bx+2],ax
1932 je .right_packet
1933
1934 ; Wrong packet, ACK the packet and then try again
1935 ; This is presumably because the ACK got lost,
1936 ; so the server just resent the previous packet
1937 mov ax,[fs:bx+2]
1938 call ack_packet
1939 jmp .send_ok ; Reset timeout
1940
1941 .right_packet: ; It's the packet we want. We're also EOF if the
1942 ; size < blocksize
1943
1944 pop cx ; <D> Don't need the retry count anymore
1945
1946 mov [si+tftp_lastpkt],ax ; Update last packet number
1947
1948 movzx ecx,word [pxe_udp_read_pkt.buffersize]
1949 sub cx,byte 4 ; Skip TFTP header
1950
1951 ; Set pointer to data block
1952 lea ax,[bx+4] ; Data past TFTP header
1953 mov [si+tftp_dataptr],ax
1954
1955 add [si+tftp_filepos],ecx
1956 mov [si+tftp_bytesleft],cx
1957
1958 cmp cx,[si+tftp_blksize] ; Is it a full block?
1959 jb .last_block ; If not, it's EOF
1960
1961 .ret:
1962 popad
1963 pop es
1964 ret
1965
1966
1967 .last_block: ; Last block - ACK packet immediately
1968 mov ax,[fs:bx+2]
1969 call ack_packet
1970
1971 ; Make sure we know we are at end of file
1972 mov eax,[si+tftp_filepos]
1973 mov [si+tftp_filesize],eax
1974 mov byte [si+tftp_goteof],1
1975
1976 jmp .ret
1977
1978 ;
1979 ; ack_packet:
1980 ;
1981 ; Send ACK packet. This is a common operation and so is worth canning.
1982 ;
1983 ; Entry:
1984 ; SI = TFTP block
1985 ; AX = Packet # to ack (network byte order)
1986 ; Exit:
1987 ; All registers preserved
1988 ;
1989 ; This function uses the pxe_udp_write_pkt but not the packet_buf.
1990 ;
1991 ack_packet:
1992 pushad
1993 mov [ack_packet_buf+2],ax ; Packet number to ack
1994 mov ax,[si]
1995 mov [pxe_udp_write_pkt.lport],ax
1996 mov ax,[si+tftp_remoteport]
1997 mov [pxe_udp_write_pkt.rport],ax
1998 mov eax,[si+tftp_remoteip]
1999 mov [pxe_udp_write_pkt.sip],eax
2000 xor eax,[MyIP]
2001 and eax,[Netmask]
2002 jz .nogw
2003 mov eax,[Gateway]
2004 .nogw:
2005 mov [pxe_udp_write_pkt.gip],eax
2006 mov [pxe_udp_write_pkt.buffer],word ack_packet_buf
2007 mov [pxe_udp_write_pkt.buffersize], word 4
2008 mov di,pxe_udp_write_pkt
2009 mov bx,PXENV_UDP_WRITE
2010 call pxenv
2011 popad
2012 ret
2013
2014 %if GPXE
2015 ;
2016 ; Get a fresh packet from a gPXE socket; expects fs -> pktbuf_seg
2017 ; and ds:si -> socket structure
2018 ;
2019 ; Assumes CS == DS == ES.
2020 ;
2021 get_packet_gpxe:
2022 mov di,gpxe_file_read
2023
2024 mov ax,[si+tftp_remoteport] ; gPXE filehandle
2025 mov [di+2],ax
2026 mov ax,[si+tftp_pktbuf]
2027 mov [di+6],ax
2028 mov [si+tftp_dataptr],ax
2029 mov [di+8],fs
2030
2031 .again:
2032 mov word [di+4],PKTBUF_SIZE
2033 mov bx,PXENV_FILE_READ
2034 call pxenv
2035 jnc .ok ; Got data or EOF
2036 cmp word [di],PXENV_STATUS_TFTP_OPEN ; == EWOULDBLOCK
2037 je .again
2038 jmp kaboom ; Otherwise error...
2039
2040 .ok:
2041 movzx eax,word [di+4] ; Bytes read
2042 mov [si+tftp_bytesleft],ax ; Bytes in buffer
2043 add [si+tftp_filepos],eax ; Position in file
2044
2045 and ax,ax ; EOF?
2046 mov eax,[si+tftp_filepos]
2047
2048 jnz .got_stuff
2049
2050 ; We got EOF here, make sure the upper layers know
2051 mov [si+tftp_filesize],eax
2052
2053 .got_stuff:
2054 ; If we're done here, close the file
2055 cmp [si+tftp_filesize],eax
2056 ja .done ; Not EOF, there is still data...
2057
2058 ; Reuse the previous [es:di] structure since the
2059 ; relevant fields are all the same
2060 mov byte [si+tftp_goteof],1
2061
2062 mov bx,PXENV_FILE_CLOSE
2063 call pxenv
2064 ; Ignore return...
2065 .done:
2066 ret
2067 %endif ; GPXE
2068
2069 ;
2070 ; unload_pxe:
2071 ;
2072 ; This function unloads the PXE and UNDI stacks and unclaims
2073 ; the memory.
2074 ;
2075 unload_pxe:
2076 test byte [KeepPXE],01h ; Should we keep PXE around?
2077 jnz reset_pxe
2078
2079 push ds
2080 push es
2081
2082 mov ax,cs
2083 mov ds,ax
2084 mov es,ax
2085
2086 mov si,new_api_unload
2087 cmp byte [APIVer+1],2 ; Major API version >= 2?
2088 jae .new_api
2089 mov si,old_api_unload
2090 .new_api:
2091
2092 .call_loop: xor ax,ax
2093 lodsb
2094 and ax,ax
2095 jz .call_done
2096 xchg bx,ax
2097 mov di,pxe_unload_stack_pkt
2098 push di
2099 xor ax,ax
2100 mov cx,pxe_unload_stack_pkt_len >> 1
2101 rep stosw
2102 pop di
2103 call pxenv
2104 jc .cant_free
2105 mov ax,word [pxe_unload_stack_pkt.status]
2106 cmp ax,PXENV_STATUS_SUCCESS
2107 jne .cant_free
2108 jmp .call_loop
2109
2110 .call_done:
2111 mov bx,0FF00h
2112
2113 mov dx,[RealBaseMem]
2114 cmp dx,[BIOS_fbm] ; Sanity check
2115 jna .cant_free
2116 inc bx
2117
2118 ; Check that PXE actually unhooked the INT 1Ah chain
2119 movzx eax,word [4*0x1a]
2120 movzx ecx,word [4*0x1a+2]
2121 shl ecx,4
2122 add eax,ecx
2123 shr eax,10
2124 cmp ax,dx ; Not in range
2125 jae .ok
2126 cmp ax,[BIOS_fbm]
2127 jae .cant_free
2128 ; inc bx
2129
2130 .ok:
2131 mov [BIOS_fbm],dx
2132 .pop_ret:
2133 pop es
2134 pop ds
2135 ret
2136
2137 .cant_free:
2138 mov si,cant_free_msg
2139 call writestr
2140 push ax
2141 xchg bx,ax
2142 call writehex4
2143 mov al,'-'
2144 call writechr
2145 pop ax
2146 call writehex4
2147 mov al,'-'
2148 call writechr
2149 mov eax,[4*0x1a]
2150 call writehex8
2151 call crlf
2152 jmp .pop_ret
2153
2154 ; We want to keep PXE around, but still we should reset
2155 ; it to the standard bootup configuration
2156 reset_pxe:
2157 push es
2158 push cs
2159 pop es
2160 mov bx,PXENV_UDP_CLOSE
2161 mov di,pxe_udp_close_pkt
2162 call pxenv
2163 pop es
2164 ret
2165
2166 ;
2167 ; gendotquad
2168 ;
2169 ; Take an IP address (in network byte order) in EAX and
2170 ; output a dotted quad string to ES:DI.
2171 ; DI points to terminal null at end of string on exit.
2172 ;
2173 gendotquad:
2174 push eax
2175 push cx
2176 mov cx,4
2177 .genchar:
2178 push eax
2179 cmp al,10 ; < 10?
2180 jb .lt10 ; If so, skip first 2 digits
2181
2182 cmp al,100 ; < 100
2183 jb .lt100 ; If so, skip first digit
2184
2185 aam 100
2186 ; Now AH = 100-digit; AL = remainder
2187 add ah,'0'
2188 mov [es:di],ah
2189 inc di
2190
2191 .lt100:
2192 aam 10
2193 ; Now AH = 10-digit; AL = remainder
2194 add ah,'0'
2195 mov [es:di],ah
2196 inc di
2197
2198 .lt10:
2199 add al,'0'
2200 stosb
2201 mov al,'.'
2202 stosb
2203 pop eax
2204 ror eax,8 ; Move next char into LSB
2205 loop .genchar
2206 dec di
2207 mov [es:di], byte 0
2208 pop cx
2209 pop eax
2210 ret
2211 ;
2212 ; uchexbytes/lchexbytes
2213 ;
2214 ; Take a number of bytes in memory and convert to upper/lower-case
2215 ; hexadecimal
2216 ;
2217 ; Input:
2218 ; DS:SI = input bytes
2219 ; ES:DI = output buffer
2220 ; CX = number of bytes
2221 ; Output:
2222 ; DS:SI = first byte after
2223 ; ES:DI = first byte after
2224 ; CX = 0
2225 ;
2226 ; Trashes AX, DX
2227 ;
2228
2229 lchexbytes:
2230 mov dl,'a'-'9'-1
2231 jmp xchexbytes
2232 uchexbytes:
2233 mov dl,'A'-'9'-1
2234 xchexbytes:
2235 .loop:
2236 lodsb
2237 mov ah,al
2238 shr al,4
2239 call .outchar
2240 mov al,ah
2241 call .outchar
2242 loop .loop
2243 ret
2244 .outchar:
2245 and al,0Fh
2246 add al,'0'
2247 cmp al,'9'
2248 jna .done
2249 add al,dl
2250 .done:
2251 stosb
2252 ret
2253
2254 ;
2255 ; pxe_get_cached_info
2256 ;
2257 ; Get a DHCP packet from the PXE stack into the trackbuf.
2258 ;
2259 ; Input:
2260 ; DL = packet type
2261 ; Output:
2262 ; CX = buffer size
2263 ;
2264 ; Assumes CS == DS == ES.
2265 ;
2266 pxe_get_cached_info:
2267 pushad
2268 mov si,get_packet_msg
2269 call writestr
2270 mov al,dl
2271 call writehex2
2272 call crlf
2273 mov di,pxe_bootp_query_pkt
2274 push di
2275 xor ax,ax
2276 stosw ; Status
2277 movzx ax,dl
2278 stosw ; Packet type
2279 mov ax,trackbufsize
2280 stosw ; Buffer size
2281 mov ax,trackbuf
2282 stosw ; Buffer offset
2283 xor ax,ax
2284 stosw ; Buffer segment
2285
2286 pop di ; DI -> parameter set
2287 mov bx,PXENV_GET_CACHED_INFO
2288 call pxenv
2289 jc .err
2290 and ax,ax
2291 jnz .err
2292
2293 popad
2294 mov cx,[pxe_bootp_query_pkt.buffersize]
2295 ret
2296
2297 .err:
2298 mov si,err_pxefailed
2299 call writestr
2300 call writehex4
2301 call crlf
2302 jmp kaboom
2303
2304 section .data
2305 get_packet_msg db 'Getting cached packet ', 0
2306
2307 section .text
2308 ;
2309 ; ip_ok
2310 ;
2311 ; Tests an IP address in EAX for validity; return with ZF=1 for bad.
2312 ; We used to refuse class E, but class E addresses are likely to become
2313 ; assignable unicast addresses in the near future.
2314 ;
2315 ip_ok:
2316 push ax
2317 cmp eax,-1 ; Refuse the all-ones address
2318 jz .out
2319 and al,al ; Refuse network zero
2320 jz .out
2321 cmp al,127 ; Refuse loopback
2322 jz .out
2323 and al,0F0h
2324 cmp al,224 ; Refuse class D
2325 .out:
2326 pop ax
2327 ret
2328
2329 ;
2330 ; parse_dhcp
2331 ;
2332 ; Parse a DHCP packet. This includes dealing with "overloaded"
2333 ; option fields (see RFC 2132, section 9.3)
2334 ;
2335 ; This should fill in the following global variables, if the
2336 ; information is present:
2337 ;
2338 ; MyIP - client IP address
2339 ; ServerIP - boot server IP address
2340 ; Netmask - network mask
2341 ; Gateway - default gateway router IP
2342 ; BootFile - boot file name
2343 ; DNSServers - DNS server IPs
2344 ; LocalDomain - Local domain name
2345 ; MACLen, MAC - Client identifier, if MACLen == 0
2346 ;
2347 ; This assumes the DHCP packet is in "trackbuf" and the length
2348 ; of the packet in in CX on entry.
2349 ;
2350
2351 parse_dhcp:
2352 mov byte [OverLoad],0 ; Assume no overload
2353 mov eax, [trackbuf+bootp.yip]
2354 call ip_ok
2355 jz .noyip
2356 mov [MyIP], eax
2357 .noyip:
2358 mov eax, [trackbuf+bootp.sip]
2359 and eax, eax
2360 call ip_ok
2361 jz .nosip
2362 mov [ServerIP], eax
2363 .nosip:
2364 sub cx, bootp.options
2365 jbe .nooptions
2366 mov si, trackbuf+bootp.option_magic
2367 lodsd
2368 cmp eax, BOOTP_OPTION_MAGIC
2369 jne .nooptions
2370 call parse_dhcp_options
2371 .nooptions:
2372 mov si, trackbuf+bootp.bootfile
2373 test byte [OverLoad],1
2374 jz .nofileoverload
2375 mov cx,128
2376 call parse_dhcp_options
2377 jmp short .parsed_file
2378 .nofileoverload:
2379 cmp byte [si], 0
2380 jz .parsed_file ; No bootfile name
2381 mov di,BootFile
2382 mov cx,32
2383 rep movsd
2384 xor al,al
2385 stosb ; Null-terminate
2386 .parsed_file:
2387 mov si, trackbuf+bootp.sname
2388 test byte [OverLoad],2
2389 jz .nosnameoverload
2390 mov cx,64
2391 call parse_dhcp_options
2392 .nosnameoverload:
2393 ret
2394
2395 ;
2396 ; Parse a sequence of DHCP options, pointed to by DS:SI; the field
2397 ; size is CX -- some DHCP servers leave option fields unterminated
2398 ; in violation of the spec.
2399 ;
2400 ; For parse_some_dhcp_options, DH contains the minimum value for
2401 ; the option to recognize -- this is used to restrict parsing to
2402 ; PXELINUX-specific options only.
2403 ;
2404 parse_dhcp_options:
2405 xor dx,dx
2406
2407 parse_some_dhcp_options:
2408 .loop:
2409 and cx,cx
2410 jz .done
2411
2412 lodsb
2413 dec cx
2414 jz .done ; Last byte; must be PAD, END or malformed
2415 cmp al, 0 ; PAD option
2416 je .loop
2417 cmp al,255 ; END option
2418 je .done
2419
2420 ; Anything else will have a length field
2421 mov dl,al ; DL <- option number
2422 xor ax,ax
2423 lodsb ; AX <- option length
2424 dec cx
2425 sub cx,ax ; Decrement bytes left counter
2426 jb .done ; Malformed option: length > field size
2427
2428 cmp dl,dh ; Is the option value valid?
2429 jb .opt_done
2430
2431 mov bx,dhcp_option_list
2432 .find_option:
2433 cmp bx,dhcp_option_list_end
2434 jae .opt_done
2435 cmp dl,[bx]
2436 je .found_option
2437 add bx,3
2438 jmp .find_option
2439 .found_option:
2440 pushad
2441 call [bx+1]
2442 popad
2443
2444 ; Fall through
2445 ; Unknown option. Skip to the next one.
2446 .opt_done:
2447 add si,ax
2448 jmp .loop
2449 .done:
2450 ret
2451
2452 section .data
2453 dhcp_option_list:
2454 section .text
2455
2456 %macro dopt 2
2457 section .data
2458 db %1
2459 dw dopt_%2
2460 section .text
2461 dopt_%2:
2462 %endmacro
2463
2464 ;
2465 ; Parse individual DHCP options. SI points to the option data and
2466 ; AX to the option length. DL contains the option number.
2467 ; All registers are saved around the routine.
2468 ;
2469 dopt 1, subnet_mask
2470 mov ebx,[si]
2471 mov [Netmask],ebx
2472 ret
2473
2474 dopt 3, router
2475 mov ebx,[si]
2476 mov [Gateway],ebx
2477 ret
2478
2479 dopt 6, dns_servers
2480 mov cx,ax
2481 shr cx,2
2482 cmp cl,DNS_MAX_SERVERS
2483 jna .oklen
2484 mov cl,DNS_MAX_SERVERS
2485 .oklen:
2486 mov di,DNSServers
2487 rep movsd
2488 mov [LastDNSServer],di
2489 ret
2490
2491 dopt 16, local_domain
2492 mov bx,si
2493 add bx,ax
2494 xor ax,ax
2495 xchg [bx],al ; Zero-terminate option
2496 mov di,LocalDomain
2497 call dns_mangle ; Convert to DNS label set
2498 mov [bx],al ; Restore ending byte
2499 ret
2500
2501 dopt 43, vendor_encaps
2502 mov dh,208 ; Only recognize PXELINUX options
2503 mov cx,ax ; Length of option = max bytes to parse
2504 call parse_some_dhcp_options ; Parse recursive structure
2505 ret
2506
2507 dopt 52, option_overload
2508 mov bl,[si]
2509 mov [OverLoad],bl
2510 ret
2511
2512 dopt 54, server
2513 mov eax,[si]
2514 cmp dword [ServerIP],0
2515 jne .skip ; Already have a next server IP
2516 call ip_ok
2517 jz .skip
2518 mov [ServerIP],eax
2519 .skip: ret
2520
2521 dopt 61, client_identifier
2522 cmp ax,MAC_MAX ; Too long?
2523 ja .skip
2524 cmp ax,2 ; Too short?
2525 jb .skip
2526 cmp [MACLen],ah ; Only do this if MACLen == 0
2527 jne .skip
2528 push ax
2529 lodsb ; Client identifier type
2530 cmp al,[MACType]
2531 pop ax
2532 jne .skip ; Client identifier is not a MAC
2533 dec ax
2534 mov [MACLen],al
2535 mov di,MAC
2536 jmp dhcp_copyoption
2537 .skip: ret
2538
2539 dopt 67, bootfile_name
2540 mov di,BootFile
2541 jmp dhcp_copyoption
2542
2543 dopt 97, uuid_client_identifier
2544 cmp ax,17 ; type byte + 16 bytes UUID
2545 jne .skip
2546 mov dl,[si] ; Must have type 0 == UUID
2547 or dl,[HaveUUID] ; Capture only the first instance
2548 jnz .skip
2549 mov byte [HaveUUID],1 ; Got UUID
2550 mov di,UUIDType
2551 jmp dhcp_copyoption
2552 .skip: ret
2553
2554 dopt 209, pxelinux_configfile
2555 mov di,ConfigName
2556 or byte [DHCPMagic],2 ; Got config file
2557 jmp dhcp_copyoption
2558
2559 dopt 210, pxelinux_pathprefix
2560 mov di,PathPrefix
2561 or byte [DHCPMagic],4 ; Got path prefix
2562 jmp dhcp_copyoption
2563
2564 dopt 211, pxelinux_reboottime
2565 cmp al,4
2566 jne .done
2567 mov ebx,[si]
2568 xchg bl,bh ; Convert to host byte order
2569 rol ebx,16
2570 xchg bl,bh
2571 mov [RebootTime],ebx
2572 or byte [DHCPMagic],8 ; Got RebootTime
2573 .done: ret
2574
2575 ; Common code for copying an option verbatim
2576 ; Copies the option into ES:DI and null-terminates it.
2577 ; Returns with AX=0 and SI past the option.
2578 dhcp_copyoption:
2579 xchg cx,ax ; CX <- option length
2580 rep movsb
2581 xchg cx,ax ; AX <- 0
2582 stosb ; Null-terminate
2583 ret
2584
2585 section .data
2586 dhcp_option_list_end:
2587 section .text
2588
2589 section .data
2590 HaveUUID db 0
2591 uuid_dashes db 4,2,2,2,6,0 ; Bytes per UUID dashed section
2592 section .text
2593
2594 ;
2595 ; genipopt
2596 ;
2597 ; Generate an ip=<client-ip>:<boot-server-ip>:<gw-ip>:<netmask>
2598 ; option into IPOption based on a DHCP packet in trackbuf.
2599 ; Assumes CS == DS == ES.
2600 ;
2601 genipopt:
2602 pushad
2603 mov di,IPOption
2604 mov eax,'ip='
2605 stosd
2606 dec di
2607 mov eax,[MyIP]
2608 call gendotquad
2609 mov al,':'
2610 stosb
2611 mov eax,[ServerIP]
2612 call gendotquad
2613 mov al,':'
2614 stosb
2615 mov eax,[Gateway]
2616 call gendotquad
2617 mov al,':'
2618 stosb
2619 mov eax,[Netmask]
2620 call gendotquad ; Zero-terminates its output
2621 sub di,IPOption
2622 mov [IPOptionLen],di
2623 popad
2624 ret
2625
2626 ;
2627 ; Call the receive loop while idle. This is done mostly so we can respond to
2628 ; ARP messages, but perhaps in the future this can be used to do network
2629 ; console.
2630 ;
2631 ; hpa sez: people using automatic control on the serial port get very
2632 ; unhappy if we poll for ARP too often (the PXE stack is pretty slow,
2633 ; typically.) Therefore, only poll if at least 4 BIOS timer ticks have
2634 ; passed since the last poll, and reset this when a character is
2635 ; received (RESET_IDLE).
2636 ;
2637 %if HAVE_IDLE
2638
2639 reset_idle:
2640 push ax
2641 mov ax,[cs:BIOS_timer]
2642 mov [cs:IdleTimer],ax
2643 pop ax
2644 ret
2645
2646 check_for_arp:
2647 push ax
2648 mov ax,[cs:BIOS_timer]
2649 sub ax,[cs:IdleTimer]
2650 cmp ax,4
2651 pop ax
2652 jae .need_poll
2653 ret
2654 .need_poll: pushad
2655 push ds
2656 push es
2657 mov ax,cs
2658 mov ds,ax
2659 mov es,ax
2660 mov di,packet_buf
2661 mov [pxe_udp_read_pkt.status],al ; 0
2662 mov [pxe_udp_read_pkt.buffer],di
2663 mov [pxe_udp_read_pkt.buffer+2],ds
2664 mov word [pxe_udp_read_pkt.buffersize],packet_buf_size
2665 mov eax,[MyIP]
2666 mov [pxe_udp_read_pkt.dip],eax
2667 mov word [pxe_udp_read_pkt.lport],htons(9) ; discard port
2668 mov di,pxe_udp_read_pkt
2669 mov bx,PXENV_UDP_READ
2670 call pxenv
2671 ; Ignore result...
2672 pop es
2673 pop ds
2674 popad
2675 RESET_IDLE
2676 ret
2677
2678 %endif ; HAVE_IDLE
2679
2680 ; -----------------------------------------------------------------------------
2681 ; Common modules
2682 ; -----------------------------------------------------------------------------
2683
2684 %include "getc.inc" ; getc et al
2685 %include "conio.inc" ; Console I/O
2686 %include "writestr.inc" ; String output
2687 writestr equ cwritestr
2688 %include "writehex.inc" ; Hexadecimal output
2689 %include "configinit.inc" ; Initialize configuration
2690 %include "parseconfig.inc" ; High-level config file handling
2691 %include "parsecmd.inc" ; Low-level config file handling
2692 %include "bcopy32.inc" ; 32-bit bcopy
2693 %include "loadhigh.inc" ; Load a file into high memory
2694 %include "font.inc" ; VGA font stuff
2695 %include "graphics.inc" ; VGA graphics
2696 %include "highmem.inc" ; High memory sizing
2697 %include "strcpy.inc" ; strcpy()
2698 %include "rawcon.inc" ; Console I/O w/o using the console functions
2699 %include "dnsresolv.inc" ; DNS resolver
2700 %include "adv.inc" ; Auxillary Data Vector
2701
2702 ; -----------------------------------------------------------------------------
2703 ; Begin data section
2704 ; -----------------------------------------------------------------------------
2705
2706 section .data
2707
2708 copyright_str db ' Copyright (C) 1994-', year, ' H. Peter Anvin'
2709 db CR, LF, 0
2710 err_bootfailed db CR, LF, 'Boot failed: press a key to retry, or wait for reset...', CR, LF, 0
2711 bailmsg equ err_bootfailed
2712 err_nopxe db "No !PXE or PXENV+ API found; we're dead...", CR, LF, 0
2713 err_pxefailed db 'PXE API call failed, error ', 0
2714 err_udpinit db 'Failed to initialize UDP stack', CR, LF, 0
2715 err_noconfig db 'Unable to locate configuration file', CR, LF, 0
2716 err_damage db 'TFTP server sent an incomprehesible reply', CR, LF, 0
2717 found_pxenv db 'Found PXENV+ structure', CR, LF, 0
2718 using_pxenv_msg db 'Old PXE API detected, using PXENV+ structure', CR, LF, 0
2719 apiver_str db 'PXE API version is ',0
2720 pxeentry_msg db 'PXE entry point found (we hope) at ', 0
2721 pxenventry_msg db 'PXENV entry point found (we hope) at ', 0
2722 trymempxe_msg db 'Scanning memory for !PXE structure... ', 0
2723 trymempxenv_msg db 'Scanning memory for PXENV+ structure... ', 0
2724 undi_data_msg db 'UNDI data segment at: ',0
2725 undi_data_len_msg db 'UNDI data segment size: ',0
2726 undi_code_msg db 'UNDI code segment at: ',0
2727 undi_code_len_msg db 'UNDI code segment size: ',0
2728 cant_free_msg db 'Failed to free base memory, error ', 0
2729 notfound_msg db 'not found', CR, LF, 0
2730 myipaddr_msg db 'My IP address seems to be ',0
2731 tftpprefix_msg db 'TFTP prefix: ', 0
2732 localboot_msg db 'Booting from local disk...', CR, LF, 0
2733 trying_msg db 'Trying to load: ', 0
2734 fourbs_msg db BS, BS, BS, BS, 0
2735 default_str db 'default', 0
2736 syslinux_banner db CR, LF, 'PXELINUX ', version_str, ' ', date, ' ', 0
2737 cfgprefix db 'pxelinux.cfg/' ; No final null!
2738 cfgprefix_len equ ($-cfgprefix)
2739
2740 ;
2741 ; Command line options we'd like to take a look at
2742 ;
2743 ; mem= and vga= are handled as normal 32-bit integer values
2744 initrd_cmd db 'initrd='
2745 initrd_cmd_len equ $-initrd_cmd
2746
2747 ; This one we make ourselves
2748 bootif_str db 'BOOTIF='
2749 bootif_str_len equ $-bootif_str
2750 ;
2751 ; Config file keyword table
2752 ;
2753 %include "keywords.inc"
2754
2755 ;
2756 ; Extensions to search for (in *forward* order).
2757 ; (.bs and .bss are disabled for PXELINUX, since they are not supported)
2758 ;
2759 align 4, db 0
2760 exten_table: db '.cbt' ; COMBOOT (specific)
2761 db '.0', 0, 0 ; PXE bootstrap program
2762 db '.com' ; COMBOOT (same as DOS)
2763 db '.c32' ; COM32
2764 exten_table_end:
2765 dd 0, 0 ; Need 8 null bytes here
2766
2767 ;
2768 ; PXE unload sequences
2769 ;
2770 new_api_unload:
2771 db PXENV_UDP_CLOSE
2772 db PXENV_UNDI_SHUTDOWN
2773 db PXENV_UNLOAD_STACK
2774 db PXENV_STOP_UNDI
2775 db 0
2776 old_api_unload:
2777 db PXENV_UDP_CLOSE
2778 db PXENV_UNDI_SHUTDOWN
2779 db PXENV_UNLOAD_STACK
2780 db PXENV_UNDI_CLEANUP
2781 db 0
2782
2783 ;
2784 ; PXE query packets partially filled in
2785 ;
2786 section .bss
2787 pxe_bootp_query_pkt:
2788 .status: resw 1 ; Status
2789 .packettype: resw 1 ; Boot server packet type
2790 .buffersize: resw 1 ; Packet size
2791 .buffer: resw 2 ; seg:off of buffer
2792 .bufferlimit: resw 1 ; Unused
2793
2794 section .data
2795 pxe_udp_open_pkt:
2796 .status: dw 0 ; Status
2797 .sip: dd 0 ; Source (our) IP
2798
2799 pxe_udp_close_pkt:
2800 .status: dw 0 ; Status
2801
2802 pxe_udp_write_pkt:
2803 .status: dw 0 ; Status
2804 .sip: dd 0 ; Server IP
2805 .gip: dd 0 ; Gateway IP
2806 .lport: dw 0 ; Local port
2807 .rport: dw 0 ; Remote port
2808 .buffersize: dw 0 ; Size of packet
2809 .buffer: dw 0, 0 ; seg:off of buffer
2810
2811 pxe_udp_read_pkt:
2812 .status: dw 0 ; Status
2813 .sip: dd 0 ; Source IP
2814 .dip: dd 0 ; Destination (our) IP
2815 .rport: dw 0 ; Remote port
2816 .lport: dw 0 ; Local port
2817 .buffersize: dw 0 ; Max packet size
2818 .buffer: dw 0, 0 ; seg:off of buffer
2819
2820 %if GPXE
2821
2822 gpxe_file_api_check:
2823 .status: dw 0 ; Status
2824 .size: dw 20 ; Size in bytes
2825 .magic: dd 0x91d447b2 ; Magic number
2826 .provider: dd 0
2827 .apimask: dd 0
2828 .flags: dd 0
2829
2830 gpxe_file_open:
2831 .status: dw 0 ; Status
2832 .filehandle: dw 0 ; FileHandle
2833 .filename: dd 0 ; seg:off of FileName
2834 .reserved: dd 0
2835
2836 gpxe_get_file_size:
2837 .status: dw 0 ; Status
2838 .filehandle: dw 0 ; FileHandle
2839 .filesize: dd 0 ; FileSize
2840
2841 gpxe_file_read:
2842 .status: dw 0 ; Status
2843 .filehandle: dw 0 ; FileHandle
2844 .buffersize: dw 0 ; BufferSize
2845 .buffer: dd 0 ; seg:off of buffer
2846
2847 %endif ; GPXE
2848
2849 ;
2850 ; Misc initialized (data) variables
2851 ;
2852 alignb 4, db 0
2853 BaseStack dd StackBuf ; ESP of base stack
2854 dw 0 ; SS of base stack
2855 NextSocket dw 49152 ; Counter for allocating socket numbers
2856 KeepPXE db 0 ; Should PXE be kept around?
2857
2858 ;
2859 ; TFTP commands
2860 ;
2861 tftp_tail db 'octet', 0 ; Octet mode
2862 tsize_str db 'tsize' ,0 ; Request size
2863 tsize_len equ ($-tsize_str)
2864 db '0', 0
2865 blksize_str db 'blksize', 0 ; Request large blocks
2866 blksize_len equ ($-blksize_str)
2867 asciidec TFTP_LARGEBLK
2868 db 0
2869 tftp_tail_len equ ($-tftp_tail)
2870
2871 alignb 2, db 0
2872 ;
2873 ; Options negotiation parsing table (string pointer, string len, offset
2874 ; into socket structure)
2875 ;
2876 tftp_opt_table:
2877 dw tsize_str, tsize_len, tftp_filesize
2878 dw blksize_str, blksize_len, tftp_blksize
2879 tftp_opts equ ($-tftp_opt_table)/6
2880
2881 ;
2882 ; Error packet to return on options negotiation error
2883 ;
2884 tftp_opt_err dw TFTP_ERROR ; ERROR packet
2885 dw TFTP_EOPTNEG ; ERROR 8: bad options
2886 db 'tsize option required', 0 ; Error message
2887 tftp_opt_err_len equ ($-tftp_opt_err)
2888
2889 alignb 4, db 0
2890 ack_packet_buf: dw TFTP_ACK, 0 ; TFTP ACK packet
2891
2892 ;
2893 ; IP information (initialized to "unknown" values)
2894 MyIP dd 0 ; My IP address
2895 ServerIP dd 0 ; IP address of boot server
2896 Netmask dd 0 ; Netmask of this subnet
2897 Gateway dd 0 ; Default router
2898 ServerPort dw TFTP_PORT ; TFTP server port
2899
2900 ;
2901 ; Variables that are uninitialized in SYSLINUX but initialized here
2902 ;
2903 alignb 4, db 0
2904 BufSafe dw trackbufsize/TFTP_BLOCKSIZE ; Clusters we can load into trackbuf
2905 BufSafeBytes dw trackbufsize ; = how many bytes?
2906 %ifndef DEPEND
2907 %if ( trackbufsize % TFTP_BLOCKSIZE ) != 0
2908 %error trackbufsize must be a multiple of TFTP_BLOCKSIZE
2909 %endif
2910 %endif
The Syslinux boot loader collection