1 ; -*- fundamental -*- (asm-mode sucks)
2 ; ****************************************************************************
6 ; A program to boot Linux kernels off a TFTP server using the Intel PXE
7 ; network booting API. It is based on the SYSLINUX boot loader for
10 ; Copyright 1994-2008 H. Peter Anvin - All Rights Reserved
12 ; This program is free software; you can redistribute it and/or modify
13 ; it under the terms of the GNU General Public License as published by
14 ; the Free Software Foundation, Inc., 53 Temple Place Ste 330,
15 ; Boston MA 02111-1307, USA; either version 2 of the License, or
16 ; (at your option) any later version; incorporated herein by reference.
18 ; ****************************************************************************
25 ; Some semi-configurable constants... change on your own risk.
28 FILENAME_MAX_LG2
equ 7 ; log2(Max filename size Including final null)
29 FILENAME_MAX
equ (1 << FILENAME_MAX_LG2
)
30 NULLFILE
equ 0 ; Zero byte == null file name
31 NULLOFFSET
equ 4 ; Position in which to look
32 REBOOT_TIME
equ 5*60 ; If failure, time until full reset
33 %assign HIGHMEM_SLOP
128*1024 ; Avoid this much memory near the top
34 MAX_OPEN_LG2
equ 5 ; log2(Max number of open sockets)
35 MAX_OPEN
equ (1 << MAX_OPEN_LG2
)
36 PKTBUF_SIZE
equ (65536/MAX_OPEN
) ; Per-socket packet buffer size
37 TFTP_PORT
equ htons
(69) ; Default TFTP port
38 PKT_RETRY
equ 6 ; Packet transmit retry count
39 PKT_TIMEOUT
equ 12 ; Initial timeout, timer ticks @ 55 ms
40 ; Desired TFTP block size
41 ; For Ethernet MTU is normally 1500. Unfortunately there seems to
42 ; be a fair number of networks with "substandard" MTUs which break.
43 ; The code assumes TFTP_LARGEBLK <= 2K.
45 TFTP_LARGEBLK
equ (TFTP_MTU
-20-8-4) ; MTU - IP hdr - UDP hdr - TFTP hdr
46 ; Standard TFTP block size
47 TFTP_BLOCKSIZE_LG2
equ 9 ; log2(bytes/block)
48 TFTP_BLOCKSIZE
equ (1 << TFTP_BLOCKSIZE_LG2
)
49 %assign USE_PXE_PROVIDED_STACK
1 ; Use stack provided by PXE?
51 SECTOR_SHIFT
equ TFTP_BLOCKSIZE_LG2
52 SECTOR_SIZE
equ TFTP_BLOCKSIZE
55 ; This is what we need to do when idle
56 ; *** This is disabled because some PXE stacks wait for unacceptably
57 ; *** long if there are no packets receivable.
59 %define HAVE_IDLE
0 ; idle is not a noop
78 ; TFTP operation codes
80 TFTP_RRQ
equ htons
(1) ; Read request
81 TFTP_WRQ
equ htons
(2) ; Write request
82 TFTP_DATA
equ htons
(3) ; Data packet
83 TFTP_ACK
equ htons
(4) ; ACK packet
84 TFTP_ERROR
equ htons
(5) ; ERROR packet
85 TFTP_OACK
equ htons
(6) ; OACK packet
90 TFTP_EUNDEF
equ htons
(0) ; Unspecified error
91 TFTP_ENOTFOUND
equ htons
(1) ; File not found
92 TFTP_EACCESS
equ htons
(2) ; Access violation
93 TFTP_ENOSPACE
equ htons
(3) ; Disk full
94 TFTP_EBADOP
equ htons
(4) ; Invalid TFTP operation
95 TFTP_EBADID
equ htons
(5) ; Unknown transfer
96 TFTP_EEXISTS
equ htons
(6) ; File exists
97 TFTP_ENOUSER
equ htons
(7) ; No such user
98 TFTP_EOPTNEG
equ htons
(8) ; Option negotiation failure
101 ; The following structure is used for "virtual kernels"; i.e. LILO-style
102 ; option labels. The options we permit here are `kernel' and `append
103 ; Since there is no room in the bottom 64K for all of these, we
104 ; stick them in high memory and copy them down before we need them.
107 vk_vname: resb FILENAME_MAX
; Virtual name **MUST BE FIRST!**
108 vk_rname: resb FILENAME_MAX
; Real name
109 vk_ipappend: resb
1 ; "IPAPPEND" flag
110 vk_type: resb
1 ; Type of file
113 vk_append: resb max_cmd_len
+1 ; Command line
115 vk_end: equ $
; Should be <= vk_size
119 ; Segment assignments in the bottom 640K
120 ; 0000h - main code/data segment (and BIOS segment)
122 real_mode_seg
equ 3000h
123 pktbuf_seg
equ 2000h ; Packet buffers segments
124 xfer_buf_seg
equ 1000h ; Bounce buffer for I/O to high mem
125 comboot_seg
equ real_mode_seg
; COMBOOT image loading zone
128 ; BOOTP/DHCP packet pattern
132 .opcode resb
1 ; BOOTP/DHCP "opcode"
133 .hardware resb
1 ; ARP hardware type
134 .hardlen resb
1 ; Hardware address length
135 .gatehops resb
1 ; Used by forwarders
136 .ident resd
1 ; Transaction ID
137 .seconds resw
1 ; Seconds elapsed
138 .flags resw
1 ; Broadcast flags
139 .cip resd
1 ; Client IP
140 .yip resd
1 ; "Your" IP
141 .sip resd
1 ; Next server IP
142 .gip resd
1 ; Relay agent IP
143 .macaddr resb
16 ; Client MAC address
144 .sname resb
64 ; Server name (optional)
145 .bootfile resb
128 ; Boot file name
146 .option_magic resd
1 ; Vendor option magic cookie
147 .options resb
1260 ; Vendor options
150 BOOTP_OPTION_MAGIC
equ htonl
(0x63825363) ; See RFC 2132
153 ; TFTP connection data structure. Each one of these corresponds to a local
154 ; UDP port. The size of this structure must be a power of 2.
155 ; HBO = host byte order; NBO = network byte order
156 ; (*) = written by options negotiation code, must be dword sized
159 tftp_localport resw
1 ; Local port number (0 = not in use)
160 tftp_remoteport resw
1 ; Remote port number
161 tftp_remoteip resd
1 ; Remote IP address
162 tftp_filepos resd
1 ; Bytes downloaded (including buffer)
163 tftp_filesize resd
1 ; Total file size(*)
164 tftp_blksize resd
1 ; Block size for this connection(*)
165 tftp_bytesleft resw
1 ; Unclaimed data bytes
166 tftp_lastpkt resw
1 ; Sequence number of last packet (NBO)
167 tftp_dataptr resw
1 ; Pointer to available data
168 resw
2 ; Currently unusued
169 ; At end since it should not be zeroed on socked close
170 tftp_pktbuf resw
1 ; Packet buffer offset
173 %if
(open_file_t_size
& (open_file_t_size
-1))
174 %error
"open_file_t is not a power of 2"
178 ; ---------------------------------------------------------------------------
180 ; ---------------------------------------------------------------------------
183 ; Memory below this point is reserved for the BIOS and the MBR
186 trackbufsize
equ 8192
187 trackbuf resb trackbufsize
; Track buffer goes here
190 alignb open_file_t_size
191 Files resb MAX_OPEN
*open_file_t_size
194 BootFile resb
256 ; Boot file from DHCP packet
195 PathPrefix resb
256 ; Path prefix derived from boot file
196 DotQuadBuf resb
16 ; Buffer for dotted-quad IP address
197 IPOption resb
80 ; ip= option buffer
198 InitStack resd
1 ; Pointer to reset stack (SS:SP)
199 PXEStack resd
1 ; Saved stack during PXE call
203 RebootTime resd
1 ; Reboot timeout, if set by option
204 StrucPtr resd
1 ; Pointer to PXENV+ or !PXE structure
205 APIVer resw
1 ; PXE API version found
206 IPOptionLen resw
1 ; Length of IPOption
207 IdleTimer resw
1 ; Time to check for ARP?
208 LocalBootType resw
1 ; Local boot return code
209 PktTimeout resw
1 ; Timeout for current packet
210 RealBaseMem resw
1 ; Amount of DOS memory after freeing
211 OverLoad resb
1 ; Set if DHCP packet uses "overloading"
212 DHCPMagic resb
1 ; PXELINUX magic flags
214 ; The relative position of these fields matter!
215 MAC_MAX
equ 32 ; Handle hardware addresses this long
216 MACLen resb
1 ; MAC address len
217 MACType resb
1 ; MAC address type
218 MAC resb MAC_MAX
+1 ; Actual MAC address
219 BOOTIFStr resb
7 ; Space for "BOOTIF="
220 MACStr resb
3*(MAC_MAX
+1) ; MAC address as a string
222 ; The relative position of these fields matter!
223 UUIDType resb
1 ; Type byte from DHCP option
224 UUID resb
16 ; UUID, from the PXE stack
225 UUIDNull resb
1 ; dhcp_copyoption zero-terminates
228 ; PXE packets which don't need static initialization
231 pxe_unload_stack_pkt:
232 .
status: resw
1 ; Status
233 .
reserved: resw
10 ; Reserved
234 pxe_unload_stack_pkt_len
equ $
-pxe_unload_stack_pkt
237 ; BOOTP/DHCP packet buffer
241 packet_buf resb
2048 ; Transfer packet
242 packet_buf_size
equ $
-packet_buf
246 ; PXELINUX needs more BSS than the other derivatives;
247 ; therefore we relocate it from 7C00h on startup.
249 StackBuf
equ $
; Base of stack if we use our own
252 ; Primary entry point.
256 pushfd ; Paranoia... in case of return to PXE
257 pushad ; ... save as much state as possible
268 %if TEXT_START
!= 0x7c00
269 ; This is uglier than it should be, but works around
270 ; some NASM 0.98.38 bugs.
271 mov di,section..bcopy32.start
272 add di,__bcopy_size
-4
273 lea si,[di-(TEXT_START
-7C00h
)]
274 lea cx,[di-(TEXT_START
-4)]
276 std ; Overlapping areas, copy backwards
280 jmp 0:_start1
; Canonicalize address
283 les bx,[bp+48] ; ES:BX -> !PXE or PXENV+ structure
285 ; That is all pushed onto the PXE stack. Save the pointer
286 ; to it and switch to an internal stack.
290 %if USE_PXE_PROVIDED_STACK
291 ; Apparently some platforms go bonkers if we
292 ; set up our own stack...
300 sti ; Stack set up and ready
304 ; Initialize screen (if we're using one)
306 push es ; Save ES -> PXE entry structure
310 pop es ; Restore ES -> PXE entry structure
312 ; Tell the user we got this far
314 mov si,syslinux_banner
321 ; Assume API version 2.1, in case we find the !PXE structure without
322 ; finding the PXENV+ structure. This should really look at the Base
323 ; Code ROM ID structure in have_pxe, but this is adequate for now --
324 ; if we have !PXE, we have to be 2.1 or higher, and we don't care
325 ; about higher versions than that.
327 mov word [APIVer
],0201h
330 ; Now we need to find the !PXE structure. It's *supposed* to be pointed
331 ; to by SS:[SP+4], but support INT 1Ah, AX=5650h method as well.
332 ; FIX: ES:BX should point to the PXENV+ structure on entry as well.
333 ; We should make that the second test, and not trash ES:BX...
335 cmp dword [es:bx], '!PXE'
338 ; Uh-oh, not there... try plan B
340 %if USE_PXE_PROVIDED_STACK
== 0
343 int 1Ah ; May trash regs
344 %if USE_PXE_PROVIDED_STACK
== 0
352 ; Okay, that gave us the PXENV+ structure, find !PXE
353 ; structure from that (if available)
354 cmp dword [es:bx], 'PXEN'
356 cmp word [es:bx+4], 'V+'
359 ; Nothing there either. Last-ditch: scan memory
360 call memory_scan_for_pxe_struct
; !PXE scan
362 call memory_scan_for_pxenv_struct
; PXENV+ scan
365 no_pxe: mov si,err_nopxe
383 cmp ax,0201h ; API version 2.1 or higher
387 les bx,[es:bx+28h] ; !PXE structure pointer
388 cmp dword [es:bx],'!PXE'
391 ; Nope, !PXE structure missing despite API 2.1+, or at least
392 ; the pointer is missing. Do a last-ditch attempt to find it.
393 call memory_scan_for_pxe_struct
396 ; Otherwise, no dice, use PXENV+ structure
400 old_api: ; Need to use a PXENV+ structure
401 mov si,using_pxenv_msg
404 mov eax,[es:bx+0Ah] ; PXE RM API
412 mov si,undi_data_len_msg
422 mov si,undi_code_len_msg
428 ; Compute base memory size from PXENV+ structure
430 movzx eax,word [es:bx+20h] ; UNDI data seg
431 cmp ax,[es:bx+24h] ; UNDI code seg
441 shr eax,10 ; Convert to kilobytes
444 mov si,pxenventry_msg
446 mov ax,[PXENVEntry
+2]
467 mov si,undi_data_len_msg
477 mov si,undi_code_len_msg
483 ; Compute base memory size from !PXE structure
510 pop es ; Restore CS == DS == ES
513 ; Network-specific initialization
516 mov [LocalDomain
],al ; No LocalDomain received
519 ; The DHCP client identifiers are best gotten from the DHCPREQUEST
520 ; packet (query info 1).
524 call pxe_get_cached_info
527 ; We don't use flags from the request packet, so
528 ; this is a good time to initialize DHCPMagic...
529 ; Initialize it to 1 meaning we will accept options found;
530 ; in earlier versions of PXELINUX bit 0 was used to indicate
531 ; we have found option 208 with the appropriate magic number;
532 ; we no longer require that, but MAY want to re-introduce
533 ; it in the future for vendor encapsulated options.
534 mov byte [DHCPMagic
],1
537 ; Now attempt to get the BOOTP/DHCP packet that brought us life (and an IP
538 ; address). This lives in the DHCPACK packet (query info 2).
542 call pxe_get_cached_info
543 call parse_dhcp
; Parse DHCP packet
545 ; Save away MAC address (assume this is in query info 2. If this
546 ; turns out to be problematic it might be better getting it from
547 ; the query info 1 packet.)
550 movzx cx,byte [trackbuf
+bootp.hardlen
]
553 xor cx,cx ; Bad hardware address length
556 mov al,[trackbuf
+bootp.hardware
]
558 mov si,trackbuf
+bootp.macaddr
562 ; Enable this if we really need to zero-pad this field...
563 ; mov cx,MAC+MAC_MAX+1
569 ; Now, get the boot file and other info. This lives in the CACHED_REPLY
570 ; packet (query info 3).
573 call pxe_get_cached_info
574 call parse_dhcp
; Parse DHCP packet
577 ; Generate the bootif string, and the hardware-based config string.
582 mov cx,bootif_str_len
585 movzx cx,byte [MACLen
]
590 mov cl,1 ; CH == 0 already
596 mov [di-1],cl ; Null-terminate and strip final dash
598 ; Generate ip= option
608 call gendotquad
; This takes network byte order input
610 xchg ah,al ; Convert to host byte order
611 ror eax,16 ; (BSWAP doesn't work on 386)
628 ; Check to see if we got any PXELINUX-specific DHCP options; in particular,
629 ; if we didn't get the magic enable, do not recognize any other options.
632 test byte [DHCPMagic
], 1 ; If we didn't get the magic enable...
634 mov byte [DHCPMagic
], 0 ; If not, kill all other options
639 ; Initialize UDP stack
643 mov [pxe_udp_open_pkt.sip
],eax
644 mov di,pxe_udp_open_pkt
645 mov bx,PXENV_UDP_OPEN
648 cmp word [pxe_udp_open_pkt.status
], byte 0
650 .
failed: mov si,err_udpinit
656 ; Common initialization code
658 %include "cpuinit.inc"
661 ; Now we're all set to start with our *real* business. First load the
662 ; configuration file (if any) and parse it.
664 ; In previous versions I avoided using 32-bit registers because of a
665 ; rumour some BIOSes clobbered the upper half of 32-bit registers at
666 ; random. I figure, though, that if there are any of those still left
667 ; they probably won't be trying to install Linux on them...
669 ; The code is still ripe with 16-bitisms, though. Not worth the hassle
670 ; to take'm out. In fact, we may want to put them back if we're going
671 ; to boot ELKS at some point.
675 ; Store standard filename prefix
677 prefix: test byte [DHCPMagic
], 04h ; Did we get a path prefix option
686 lea si,[di-2] ; Skip final null!
689 cmp al,'.' ; Count . or - as alphanum
701 .
alnum: loop .find_alnum
703 .
notalnum: mov byte [si+2],0 ; Zero-terminate after delimiter
706 mov si,tftpprefix_msg
713 ; Load configuration file
718 ; Begin looking for configuration file
721 test byte [DHCPMagic
], 02h
724 ; We got a DHCP option, try it first
734 ; Have to guess config file name...
736 ; Try loading by UUID.
737 cmp byte [HaveUUID
],0
752 mov [di-1],cl ; Remove last dash and zero-terminate
758 ; Try loading by MAC address
766 ; Nope, try hexadecimal IP prefixes...
770 call uchexbytes
; Convert to hex string
772 mov cx,8 ; Up to 8 attempts
774 mov byte [di],0 ; Zero-terminate string
777 dec di ; Drop one character
780 ; Final attempt: "default" string
781 mov si,default_str
; "default" string
799 mov di,KernelName
; Borrow this buffer for mangled name
809 ; Linux kernel loading code is common. However, we need to define
810 ; a couple of helper macros...
813 ; Handle "ipappend" option
814 %define HAVE_SPECIAL_APPEND
815 %macro SPECIAL_APPEND
0
816 test byte [IPAppend
],01h ; ip=
824 test byte [IPAppend
],02h
828 mov byte [es:di-1],' ' ; Replace null with space
833 %define HAVE_UNLOAD_PREP
839 ; Now we have the config file open. Parse the config file and
840 ; run the user interface.
845 ; Boot to the local disk by returning the appropriate PXE magic.
846 ; AX contains the appropriate return code.
851 mov [LocalBootType
],ax
855 ; Restore the environment we were called with
862 mov ax,[cs:LocalBootType
]
867 ; kaboom: write a message and bail out. Wait for quite a while,
868 ; or a user keypress, then do a hard reboot.
871 RESET_STACK_AND_SEGS
AX
872 .
patch: mov si,bailmsg
873 call writestr
; Returns with AL = 0
874 .
drain: call pollchar
881 and al,09h ; Magic+Timeout
889 .
wait2: mov dx,[BIOS_timer
]
890 .
wait3: call pollchar
901 mov word [BIOS_magic
],0 ; Cold reboot
902 jmp 0F000h:0FFF0h
; Reset vector address
905 ; memory_scan_for_pxe_struct:
907 ; If none of the standard methods find the !PXE structure, look for it
908 ; by scanning memory.
911 ; CF = 0, ES:BX -> !PXE structure
912 ; Otherwise CF = 1, all registers saved
914 memory_scan_for_pxe_struct:
921 mov ax,[BIOS_fbm
] ; Starting segment
922 shl ax,(10-4) ; Kilobytes -> paragraphs
923 ; mov ax,01000h ; Start to look here
924 dec ax ; To skip inc ax
927 cmp ax,0A000h
; End of memory
936 movzx cx,byte [es:4] ; Length of structure
937 cmp cl,08h ; Minimum length
946 jnz .mismatch
; Checksum must == 0
949 mov [bp+8],bx ; Save BX into stack frame (will be == 0)
957 .
not_found: mov si,notfound_msg
965 ; memory_scan_for_pxenv_struct:
967 ; If none of the standard methods find the PXENV+ structure, look for it
968 ; by scanning memory.
971 ; CF = 0, ES:BX -> PXENV+ structure
972 ; Otherwise CF = 1, all registers saved
974 memory_scan_for_pxenv_struct:
976 mov si,trymempxenv_msg
978 ; mov ax,[BIOS_fbm] ; Starting segment
979 ; shl ax,(10-4) ; Kilobytes -> paragraphs
980 mov ax,01000h ; Start to look here
981 dec ax ; To skip inc ax
984 cmp ax,0A000h
; End of memory
993 movzx cx,byte [es:8] ; Length of structure
994 cmp cl,26h ; Minimum length
1002 jnz .mismatch
; Checksum must == 0
1004 mov [bp+8],bx ; Save BX into stack frame
1010 .
not_found: mov si,notfound_msg
1018 ; Deallocates a file structure (pointer in SI)
1021 ; XXX: We should check to see if this file is still open on the server
1022 ; side and send a courtesy ERROR packet to the server.
1027 mov word [si],0 ; Not in use
1033 ; Open a TFTP connection to the server
1036 ; DS:DI = mangled filename
1039 ; SI = socket pointer
1040 ; DX:AX = file length in bytes
1055 call allocate_socket
1058 mov ax,PKT_RETRY
; Retry counter
1059 mov word [PktTimeout
],PKT_TIMEOUT
; Initial timeout
1061 .
sendreq: push ax ; [bp-2] - Retry counter
1062 push si ; [bp-4] - File name
1065 mov [pxe_udp_write_pkt.buffer
],di
1067 mov ax,TFTP_RRQ
; TFTP opcode
1070 lodsd ; EAX <- server override (if any)
1072 jnz .noprefix
; No prefix, and we have the server
1074 push si ; Add common prefix
1080 mov eax,[ServerIP
] ; Get default server
1083 call strcpy
; Filename
1085 mov [bx+tftp_remoteip
],eax
1087 push bx ; [bp-6] - TFTP block
1089 push bx ; [bp-8] - TID (local port no)
1091 mov [pxe_udp_write_pkt.status
],byte 0
1092 mov [pxe_udp_write_pkt.sip
],eax
1093 ; Now figure out the gateway
1099 mov [pxe_udp_write_pkt.gip
],eax
1100 mov [pxe_udp_write_pkt.lport
],bx
1102 mov [pxe_udp_write_pkt.rport
],ax
1104 mov cx,tftp_tail_len
1106 sub di,packet_buf
; Get packet size
1107 mov [pxe_udp_write_pkt.buffersize
],di
1109 mov di,pxe_udp_write_pkt
1110 mov bx,PXENV_UDP_WRITE
1113 cmp word [pxe_udp_write_pkt.status
],byte 0
1117 ; Danger, Will Robinson! We need to support timeout
1118 ; and retry lest we just lost a packet...
1121 ; Packet transmitted OK, now we need to receive
1122 .
getpacket: push word [PktTimeout
] ; [bp-10]
1123 push word [BIOS_timer
] ; [bp-12]
1125 .
pkt_loop: mov bx,[bp-8] ; TID
1127 mov word [pxe_udp_read_pkt.status
],0
1128 mov [pxe_udp_read_pkt.buffer
],di
1129 mov [pxe_udp_read_pkt.buffer
+2],ds
1130 mov word [pxe_udp_read_pkt.buffersize
],packet_buf_size
1132 mov [pxe_udp_read_pkt.dip
],eax
1133 mov [pxe_udp_read_pkt.lport
],bx
1134 mov di,pxe_udp_read_pkt
1135 mov bx,PXENV_UDP_READ
1138 jz .got_packet
; Wait for packet
1144 dec word [bp-10] ; Timeout
1146 pop ax ; Adjust stack
1148 shl word [PktTimeout
],1 ; Exponential backoff
1152 mov si,[bp-6] ; TFTP pointer
1155 ; Make sure the packet actually came from the server
1156 ; This is technically not to the TFTP spec?
1157 mov eax,[si+tftp_remoteip
]
1158 cmp [pxe_udp_read_pkt.sip
],eax
1161 ; Got packet - reset timeout
1162 mov word [PktTimeout
],PKT_TIMEOUT
1164 pop ax ; Adjust stack
1167 mov ax,[pxe_udp_read_pkt.rport
]
1168 mov [si+tftp_remoteport
],ax
1170 ; filesize <- -1 == unknown
1171 mov dword [si+tftp_filesize
], -1
1172 ; Default blksize unless blksize option negotiated
1173 mov word [si+tftp_blksize
], TFTP_BLOCKSIZE
1175 movzx ecx,word [pxe_udp_read_pkt.buffersize
]
1176 sub cx,2 ; CX <- bytes after opcode
1177 jb .failure
; Garbled reply
1183 je .bailnow
; ERROR reply: don't try again
1185 ; If the server doesn't support any options, we'll get
1186 ; a DATA reply instead of OACK. Stash the data in
1187 ; the file buffer and go with the default value for
1193 jne .err_reply
; Unknown packet type
1195 ; Now we need to parse the OACK packet to get the transfer
1197 ; SI -> first byte of options; [E]CX -> byte count
1199 jcxz .done_pkt
; No options acked
1203 .
opt_name_loop: lodsb
1206 or al,20h ; Convert to lowercase
1209 ; We ran out, and no final null
1211 .
got_opt_name: ; si -> option value
1212 dec cx ; bytes left in pkt
1213 jz .err_reply
; Option w/o value
1215 ; Parse option pointed to by bx; guaranteed to be
1219 mov si,bx ; -> option name
1220 mov bx,tftp_opt_table
1225 mov di,[bx] ; Option pointer
1226 mov cx,[bx+2] ; Option len
1230 je .get_value
; OK, known option
1236 jmp .err_reply
; Non-negotiated option returned
1238 .
get_value: pop si ; si -> option value
1239 pop cx ; cx -> bytes left in pkt
1240 mov bx,[bx+4] ; Pointer to data target
1241 add bx,[bp-6] ; TFTP socket pointer
1249 ja .err_reply
; Not a decimal digit
1254 ; Ran out before final null, accept anyway
1259 jnz .get_opt_name
; Not end of packet
1266 pop si ; We want the packet ptr in SI
1268 mov eax,[si+tftp_filesize
]
1270 shr edx,16 ; DX:AX == EAX
1272 and eax,eax ; Set ZF depending on file size
1274 pop bp ; Junk (retry counter)
1275 jz .error_si
; ZF = 1 need to free the socket
1284 .
no_oack: ; We got a DATA packet, meaning no options are
1285 ; suported. Save the data away and consider the length
1286 ; undefined, *unless* this is the only data packet...
1287 mov bx,[bp-6] ; File pointer
1288 sub cx,2 ; Too short?
1290 lodsw ; Block number
1293 mov [bx+tftp_lastpkt
],ax
1294 cmp cx,TFTP_BLOCKSIZE
1295 ja .err_reply
; Corrupt...
1297 mov [bx+tftp_filesize
],ecx
1298 .
unknown_size: mov [bx+tftp_bytesleft
],cx
1303 mov [bx+tftp_dataptr
],di
1310 .
err_reply: ; Option negotiation error. Send ERROR reply.
1311 ; ServerIP and gateway are already programmed in
1313 mov ax,[si+tftp_remoteport
]
1314 mov word [pxe_udp_write_pkt.rport
],ax
1315 mov word [pxe_udp_write_pkt.buffer
],tftp_opt_err
1316 mov word [pxe_udp_write_pkt.buffersize
],tftp_opt_err_len
1317 mov di,pxe_udp_write_pkt
1318 mov bx,PXENV_UDP_WRITE
1321 ; Write an error message and explode
1326 .
bailnow: mov word [bp-2],1 ; Immediate error - no retry
1328 .
failure: pop bx ; Junk
1332 dec ax ; Retry counter
1333 jnz .sendreq
; Try again
1335 .
error: mov si,bx ; Socket pointer
1336 .
error_si: ; Socket pointer already in SI
1337 call free_socket
; ZF <- 1, SI <- 0
1341 ; allocate_socket: Allocate a local UDP port structure
1345 ; BX = socket pointer
1353 .
check: cmp word [bx], byte 0
1355 add bx,open_file_t_size
1360 ; Allocate a socket number. Socket numbers are made
1361 ; guaranteed unique by including the socket slot number
1362 ; (inverted, because we use the loop counter cx); add a
1363 ; counter value to keep the numbers from being likely to
1364 ; get immediately reused.
1366 ; The NextSocket variable also contains the top two bits
1367 ; set. This generates a value in the range 49152 to
1374 and ax,((1 << (13-MAX_OPEN_LG2
))-1) |
0xC000
1376 shl cx,13-MAX_OPEN_LG2
1378 xchg ch,cl ; Convert to network byte order
1379 mov [bx],cx ; Socket in use
1385 ; Free socket: socket in SI; return SI = 0, ZF = 1 for convenience
1393 mov cx,tftp_pktbuf
>> 1 ; tftp_pktbuf is not cleared
1402 ; Read a dot-quad pathname in DS:SI and output an IP
1403 ; address in EAX, with SI pointing to the first
1404 ; nonmatching character.
1406 ; Return CF=1 on error.
1408 ; No segment assumptions permitted.
1422 aad ; AL += 10 * AH; AH = 0;
1437 loop .realerror
; If CX := 1 then we're done
1443 dec si ; CF unchanged!
1447 ; mangle_name: Mangle a filename pointed to by DS:SI into a buffer pointed
1448 ; to by ES:DI; ends on encountering any whitespace.
1451 ; This verifies that a filename is < FILENAME_MAX characters
1452 ; and doesn't contain whitespace, and zero-pads the output buffer,
1453 ; so "repe cmpsb" can do a compare.
1455 ; The first four bytes of the manged name is the IP address of
1456 ; the download host.
1458 ; No segment assumptions permitted.
1463 mov eax,[cs:ServerIP
]
1465 je .noip
; Null filename?!?!
1466 cmp word [si],'::' ; Leading ::?
1476 ; We have a :: prefix of some sort, it could be either
1477 ; a DNS name or a dot-quad IP address. Try the dot-quad
1501 pop cx ; Adjust stack
1502 inc si ; Skip double colon
1506 stosd ; Save IP address prefix
1507 mov cx,FILENAME_MAX
-5
1511 cmp al,' ' ; If control or space, end
1516 inc cx ; At least one null byte
1517 xor ax,ax ; Zero-fill name
1518 rep stosb ; Doesn't do anything if CX=0
1523 ; unmangle_name: Does the opposite of mangle_name; converts a DOS-mangled
1524 ; filename to the conventional representation. This is needed
1525 ; for the BOOT_IMAGE= parameter for the kernel.
1527 ; NOTE: The output buffer needs to be able to hold an
1528 ; expanded IP address.
1530 ; DS:SI -> input mangled file name
1531 ; ES:DI -> output buffer
1533 ; On return, DI points to the first byte after the output name,
1534 ; which is set to a null byte.
1546 dec di ; Point to final null byte
1553 ; This is the main PXENV+/!PXE entry point, using the PXENV+
1554 ; calling convention. This is a separate local routine so
1555 ; we can hook special things from it if necessary. In particular,
1556 ; some PXE stacks seem to not like being invoked from anything but
1557 ; the initial stack, so humour it.
1561 %if USE_PXE_PROVIDED_STACK
== 0
1562 mov [cs:PXEStack
],sp
1563 mov [cs:PXEStack
+2],ss
1564 lss sp,[cs:InitStack
]
1566 .
jump: call 0:pxe_thunk
; Default to calling the thunk
1567 %if USE_PXE_PROVIDED_STACK
== 0
1568 lss sp,[cs:PXEStack
]
1570 cld ; Make sure DF <- 0
1573 ; Must be after function def due to NASM bug
1574 PXENVEntry
equ pxenv.jump
+1
1579 ; Convert from the PXENV+ calling convention (BX, ES, DI) to the !PXE
1580 ; calling convention (using the stack.)
1582 ; This is called as a far routine so that we can just stick it into
1583 ; the PXENVEntry variable.
1591 cmc ; Set CF unless ax == 0
1594 ; Must be after function def due to NASM bug
1595 PXEEntry
equ pxe_thunk.jump
+1
1598 ; getfssec: Get multiple clusters from a file, given the starting cluster.
1600 ; In this case, get multiple blocks from a specific TCP connection.
1604 ; SI -> TFTP socket pointer
1605 ; CX -> 512-byte block count; 0FFFFh = until end of file
1607 ; SI -> TFTP socket pointer (or 0 on EOF)
1618 shl ecx,TFTP_BLOCKSIZE_LG2
; Convert to bytes
1619 jz .hit_eof
; Nothing to do?
1624 movzx eax,word [bx+tftp_bytesleft
]
1628 jcxz .need_packet
; No bytes available?
1631 mov ax,cx ; EAX<31:16> == ECX<31:16> == 0
1632 mov si,[bx+tftp_dataptr
]
1633 sub [bx+tftp_bytesleft
],cx
1634 fs rep movsb ; Copy from packet buffer
1635 mov [bx+tftp_dataptr
],si
1646 ; Is there anything left of this?
1647 mov eax,[si+tftp_filesize
]
1648 sub eax,[si+tftp_filepos
]
1649 jnz .bytes_left
; CF <- 0
1651 cmp [si+tftp_bytesleft
],ax
1652 jnz .bytes_left
; CF <- 0
1654 ; The socket is closed and the buffer drained
1655 ; Close socket structure and re-init for next user
1662 ; No data in buffer, check to see if we can get a packet...
1666 mov eax,[bx+tftp_filesize
]
1667 cmp eax,[bx+tftp_filepos
]
1668 je .hit_eof
; Already EOF'd; socket already closed
1680 ; Get a fresh packet; expects fs -> pktbuf_seg and ds:si -> socket structure
1687 ; Start by ACKing the previous packet; this should cause the
1688 ; next packet to be sent.
1690 mov word [PktTimeout
],PKT_TIMEOUT
1692 .
send_ack: push cx ; <D> Retry count
1694 mov ax,[si+tftp_lastpkt
]
1695 call ack_packet
; Send ACK
1697 ; We used to test the error code here, but sometimes
1698 ; PXE would return negative status even though we really
1699 ; did send the ACK. Now, just treat a failed send as
1700 ; a normally lost packet, and let it time out in due
1703 .
send_ok: ; Now wait for packet.
1704 mov dx,[BIOS_timer
] ; Get current time
1707 .
wait_data: push cx ; <E> Timeout
1708 push dx ; <F> Old time
1710 mov bx,[si+tftp_pktbuf
]
1711 mov [pxe_udp_read_pkt.buffer
],bx
1712 mov [pxe_udp_read_pkt.buffer
+2],fs
1713 mov [pxe_udp_read_pkt.buffersize
],word PKTBUF_SIZE
1714 mov eax,[si+tftp_remoteip
]
1715 mov [pxe_udp_read_pkt.sip
],eax
1717 mov [pxe_udp_read_pkt.dip
],eax
1718 mov ax,[si+tftp_remoteport
]
1719 mov [pxe_udp_read_pkt.rport
],ax
1720 mov ax,[si+tftp_localport
]
1721 mov [pxe_udp_read_pkt.lport
],ax
1722 mov di,pxe_udp_read_pkt
1723 mov bx,PXENV_UDP_READ
1730 ; No packet, or receive failure
1732 pop ax ; <F> Old time
1733 pop cx ; <E> Timeout
1734 cmp ax,dx ; Same time -> don't advance timeout
1735 je .wait_data
; Same clock tick
1736 loop .wait_data
; Decrease timeout
1738 pop cx ; <D> Didn't get any, send another ACK
1739 shl word [PktTimeout
],1 ; Exponential backoff
1741 jmp kaboom
; Forget it...
1743 .
recv_ok: pop dx ; <F>
1746 cmp word [pxe_udp_read_pkt.buffersize
],byte 4
1747 jb .wait_data
; Bad size for a DATA packet
1749 mov bx,[si+tftp_pktbuf
]
1750 cmp word [fs:bx],TFTP_DATA
; Not a data packet?
1751 jne .wait_data
; Then wait for something else
1753 mov ax,[si+tftp_lastpkt
]
1754 xchg ah,al ; Host byte order
1755 inc ax ; Which packet are we waiting for?
1756 xchg ah,al ; Network byte order
1760 ; Wrong packet, ACK the packet and then try again
1761 ; This is presumably because the ACK got lost,
1762 ; so the server just resent the previous packet
1765 jmp .send_ok
; Reset timeout
1767 .
right_packet: ; It's the packet we want. We're also EOF if the size < blocksize
1769 pop cx ; <D> Don't need the retry count anymore
1771 mov [si+tftp_lastpkt
],ax ; Update last packet number
1773 movzx ecx,word [pxe_udp_read_pkt.buffersize
]
1774 sub cx,byte 4 ; Skip TFTP header
1776 ; If this is a zero-length block, don't mess with the pointers,
1777 ; since we may have just set up the previous block that way
1780 ; Set pointer to data block
1781 lea ax,[bx+4] ; Data past TFTP header
1782 mov [si+tftp_dataptr
],ax
1784 add [si+tftp_filepos
],ecx
1785 mov [si+tftp_bytesleft
],cx
1787 cmp cx,[si+tftp_blksize
] ; Is it a full block?
1788 jb .last_block
; If so, it's not EOF
1790 ; If we had the exact right number of bytes, always get
1791 ; one more packet to get the (zero-byte) EOF packet and
1793 mov eax,[si+tftp_filepos
]
1794 cmp [si+tftp_filesize
],eax
1800 .
last_block: ; Last block - ACK packet immediately
1804 ; Make sure we know we are at end of file
1805 mov eax,[si+tftp_filepos
]
1806 mov [si+tftp_filesize
],eax
1813 ; Send ACK packet. This is a common operation and so is worth canning.
1817 ; AX = Packet # to ack (network byte order)
1820 ; All registers preserved
1822 ; This function uses the pxe_udp_write_pkt but not the packet_buf.
1826 mov [ack_packet_buf
+2],ax ; Packet number to ack
1828 mov [pxe_udp_write_pkt.lport
],ax
1829 mov ax,[si+tftp_remoteport
]
1830 mov [pxe_udp_write_pkt.rport
],ax
1831 mov eax,[si+tftp_remoteip
]
1832 mov [pxe_udp_write_pkt.sip
],eax
1838 mov [pxe_udp_write_pkt.gip
],eax
1839 mov [pxe_udp_write_pkt.buffer
],word ack_packet_buf
1840 mov [pxe_udp_write_pkt.buffersize
], word 4
1841 mov di,pxe_udp_write_pkt
1842 mov bx,PXENV_UDP_WRITE
1844 cmp ax,byte 0 ; ZF = 1 if write OK
1851 ; This function unloads the PXE and UNDI stacks and unclaims
1855 test byte [KeepPXE
],01h ; Should we keep PXE around?
1865 mov si,new_api_unload
1866 cmp byte [APIVer
+1],2 ; Major API version >= 2?
1868 mov si,old_api_unload
1871 .
call_loop: xor ax,ax
1876 mov di,pxe_unload_stack_pkt
1879 mov cx,pxe_unload_stack_pkt_len
>> 1
1884 mov ax,word [pxe_unload_stack_pkt.status
]
1885 cmp ax,PXENV_STATUS_SUCCESS
1892 mov dx,[RealBaseMem
]
1893 cmp dx,[BIOS_fbm
] ; Sanity check
1897 ; Check that PXE actually unhooked the INT 1Ah chain
1898 movzx eax,word [4*0x1a]
1899 movzx ecx,word [4*0x1a+2]
1903 cmp ax,dx ; Not in range
1917 mov si,cant_free_msg
1933 ; We want to keep PXE around, but still we should reset
1934 ; it to the standard bootup configuration
1939 mov bx,PXENV_UDP_CLOSE
1940 mov di,pxe_udp_close_pkt
1948 ; Take an IP address (in network byte order) in EAX and
1949 ; output a dotted quad string to ES:DI.
1950 ; DI points to terminal null at end of string on exit.
1959 jb .lt10
; If so, skip first 2 digits
1962 jb .lt100
; If so, skip first digit
1965 ; Now AH = 100-digit; AL = remainder
1972 ; Now AH = 10-digit; AL = remainder
1983 ror eax,8 ; Move next char into LSB
1991 ; uchexbytes/lchexbytes
1993 ; Take a number of bytes in memory and convert to upper/lower-case
1997 ; DS:SI = input bytes
1998 ; ES:DI = output buffer
1999 ; CX = number of bytes
2001 ; DS:SI = first byte after
2002 ; ES:DI = first byte after
2034 ; pxe_get_cached_info
2036 ; Get a DHCP packet from the PXE stack into the trackbuf.
2043 ; Assumes CS == DS == ES.
2045 pxe_get_cached_info:
2047 mov di,pxe_bootp_query_pkt
2056 stosw ; Buffer offset
2058 stosw ; Buffer segment
2060 pop di ; DI -> parameter set
2061 mov bx,PXENV_GET_CACHED_INFO
2068 mov cx,[pxe_bootp_query_pkt.buffersize
]
2072 mov si,err_pxefailed
2078 ; Parse a DHCP packet. This includes dealing with "overloaded"
2079 ; option fields (see RFC 2132, section 9.3)
2081 ; This should fill in the following global variables, if the
2082 ; information is present:
2084 ; MyIP - client IP address
2085 ; ServerIP - boot server IP address
2086 ; Netmask - network mask
2087 ; Gateway - default gateway router IP
2088 ; BootFile - boot file name
2089 ; DNSServers - DNS server IPs
2090 ; LocalDomain - Local domain name
2091 ; MACLen, MAC - Client identifier, if MACLen == 0
2093 ; This assumes the DHCP packet is in "trackbuf" and the length
2094 ; of the packet in in CX on entry.
2098 mov byte [OverLoad
],0 ; Assume no overload
2099 mov eax, [trackbuf
+bootp.yip
]
2102 cmp al,224 ; Class D or higher -> bad
2106 mov eax, [trackbuf
+bootp.sip
]
2109 cmp al,224 ; Class D or higher -> bad
2113 sub cx, bootp.options
2115 mov si, trackbuf
+bootp.option_magic
2117 cmp eax, BOOTP_OPTION_MAGIC
2119 call parse_dhcp_options
2121 mov si, trackbuf
+bootp.bootfile
2122 test byte [OverLoad
],1
2125 call parse_dhcp_options
2126 jmp short .parsed_file
2129 jz .parsed_file
; No bootfile name
2134 stosb ; Null-terminate
2136 mov si, trackbuf
+bootp.sname
2137 test byte [OverLoad
],2
2140 call parse_dhcp_options
2145 ; Parse a sequence of DHCP options, pointed to by DS:SI; the field
2146 ; size is CX -- some DHCP servers leave option fields unterminated
2147 ; in violation of the spec.
2149 ; For parse_some_dhcp_options, DH contains the minimum value for
2150 ; the option to recognize -- this is used to restrict parsing to
2151 ; PXELINUX-specific options only.
2156 parse_some_dhcp_options:
2163 jz .done
; Last byte; must be PAD, END or malformed
2164 cmp al, 0 ; PAD option
2166 cmp al,255 ; END option
2169 ; Anything else will have a length field
2170 mov dl,al ; DL <- option number
2172 lodsb ; AX <- option length
2174 sub cx,ax ; Decrement bytes left counter
2175 jb .done
; Malformed option: length > field size
2177 cmp dl,dh ; Is the option value valid?
2180 mov bx,dhcp_option_list
2182 cmp bx,dhcp_option_list_end
2194 ; Unknown option. Skip to the next one.
2214 ; Parse individual DHCP options. SI points to the option data and
2215 ; AX to the option length. DL contains the option number.
2216 ; All registers are saved around the routine.
2231 cmp cl,DNS_MAX_SERVERS
2233 mov cl,DNS_MAX_SERVERS
2237 mov [LastDNSServer
],di
2240 dopt
16, local_domain
2244 xchg [bx],al ; Zero-terminate option
2246 call dns_mangle
; Convert to DNS label set
2247 mov [bx],al ; Restore ending byte
2250 dopt
43, vendor_encaps
2251 mov dh,208 ; Only recognize PXELINUX options
2252 mov cx,ax ; Length of option = max bytes to parse
2253 call parse_some_dhcp_options
; Parse recursive structure
2256 dopt
52, option_overload
2263 cmp dword [ServerIP
],0
2264 jne .skip
; Already have a next server IP
2265 cmp al,224 ; Class D or higher
2270 dopt
61, client_identifier
2271 cmp ax,MAC_MAX
; Too long?
2273 cmp ax,2 ; Too short?
2275 cmp [MACLen
],ah ; Only do this if MACLen == 0
2278 lodsb ; Client identifier type
2281 jne .skip
; Client identifier is not a MAC
2288 dopt
67, bootfile_name
2292 dopt
97, uuid_client_identifier
2293 cmp ax,17 ; type byte + 16 bytes UUID
2295 mov dl,[si] ; Must have type 0 == UUID
2296 or dl,[HaveUUID
] ; Capture only the first instance
2298 mov byte [HaveUUID
],1 ; Got UUID
2303 dopt
209, pxelinux_configfile
2305 or byte [DHCPMagic
],2 ; Got config file
2308 dopt
210, pxelinux_pathprefix
2310 or byte [DHCPMagic
],4 ; Got path prefix
2313 dopt
211, pxelinux_reboottime
2317 xchg bl,bh ; Convert to host byte order
2320 mov [RebootTime
],ebx
2321 or byte [DHCPMagic
],8 ; Got RebootTime
2324 ; Common code for copying an option verbatim
2325 ; Copies the option into ES:DI and null-terminates it.
2326 ; Returns with AX=0 and SI past the option.
2328 xchg cx,ax ; CX <- option length
2330 xchg cx,ax ; AX <- 0
2331 stosb ; Null-terminate
2335 dhcp_option_list_end:
2340 uuid_dashes
db 4,2,2,2,6,0 ; Bytes per UUID dashed section
2346 ; Generate an ip=<client-ip>:<boot-server-ip>:<gw-ip>:<netmask>
2347 ; option into IPOption based on a DHCP packet in trackbuf.
2348 ; Assumes CS == DS == ES.
2369 call gendotquad
; Zero-terminates its output
2371 mov [IPOptionLen
],di
2376 ; Call the receive loop while idle. This is done mostly so we can respond to
2377 ; ARP messages, but perhaps in the future this can be used to do network
2380 ; hpa sez: people using automatic control on the serial port get very
2381 ; unhappy if we poll for ARP too often (the PXE stack is pretty slow,
2382 ; typically.) Therefore, only poll if at least 4 BIOS timer ticks have
2383 ; passed since the last poll, and reset this when a character is
2384 ; received (RESET_IDLE).
2390 mov ax,[cs:BIOS_timer
]
2391 mov [cs:IdleTimer
],ax
2397 mov ax,[cs:BIOS_timer
]
2398 sub ax,[cs:IdleTimer
]
2410 mov [pxe_udp_read_pkt.status
],al ; 0
2411 mov [pxe_udp_read_pkt.buffer
],di
2412 mov [pxe_udp_read_pkt.buffer
+2],ds
2413 mov word [pxe_udp_read_pkt.buffersize
],packet_buf_size
2415 mov [pxe_udp_read_pkt.dip
],eax
2416 mov word [pxe_udp_read_pkt.lport
],htons
(9) ; discard port
2417 mov di,pxe_udp_read_pkt
2418 mov bx,PXENV_UDP_READ
2429 ; -----------------------------------------------------------------------------
2431 ; -----------------------------------------------------------------------------
2433 %include "getc.inc" ; getc et al
2434 %include "conio.inc" ; Console I/O
2435 %include "writestr.inc" ; String output
2436 writestr
equ cwritestr
2437 %include "writehex.inc" ; Hexadecimal output
2438 %include "configinit.inc" ; Initialize configuration
2439 %include "parseconfig.inc" ; High-level config file handling
2440 %include "parsecmd.inc" ; Low-level config file handling
2441 %include "bcopy32.inc" ; 32-bit bcopy
2442 %include "loadhigh.inc" ; Load a file into high memory
2443 %include "font.inc" ; VGA font stuff
2444 %include "graphics.inc" ; VGA graphics
2445 %include "highmem.inc" ; High memory sizing
2446 %include "strcpy.inc" ; strcpy()
2447 %include "rawcon.inc" ; Console I/O w/o using the console functions
2448 %include "dnsresolv.inc" ; DNS resolver
2449 %include "adv.inc" ; Auxillary Data Vector
2451 ; -----------------------------------------------------------------------------
2452 ; Begin data section
2453 ; -----------------------------------------------------------------------------
2457 copyright_str
db ' Copyright (C) 1994-', year
, ' H. Peter Anvin'
2459 err_bootfailed
db CR
, LF
, 'Boot failed: press a key to retry, or wait for reset...', CR
, LF
, 0
2460 bailmsg
equ err_bootfailed
2461 err_nopxe
db "No !PXE or PXENV+ API found; we're dead...", CR
, LF
, 0
2462 err_pxefailed
db 'PXE API call failed, error ', 0
2463 err_udpinit
db 'Failed to initialize UDP stack', CR
, LF
, 0
2464 err_noconfig
db 'Unable to locate configuration file', CR
, LF
, 0
2465 err_oldtftp
db 'TFTP server does not support the tsize option', CR
, LF
, 0
2466 found_pxenv
db 'Found PXENV+ structure', CR
, LF
, 0
2467 using_pxenv_msg
db 'Old PXE API detected, using PXENV+ structure', CR
, LF
, 0
2468 apiver_str
db 'PXE API version is ',0
2469 pxeentry_msg
db 'PXE entry point found (we hope) at ', 0
2470 pxenventry_msg
db 'PXENV entry point found (we hope) at ', 0
2471 trymempxe_msg
db 'Scanning memory for !PXE structure... ', 0
2472 trymempxenv_msg
db 'Scanning memory for PXENV+ structure... ', 0
2473 undi_data_msg
db 'UNDI data segment at: ',0
2474 undi_data_len_msg
db 'UNDI data segment size: ',0
2475 undi_code_msg
db 'UNDI code segment at: ',0
2476 undi_code_len_msg
db 'UNDI code segment size: ',0
2477 cant_free_msg
db 'Failed to free base memory, error ', 0
2478 notfound_msg
db 'not found', CR
, LF
, 0
2479 myipaddr_msg
db 'My IP address seems to be ',0
2480 tftpprefix_msg
db 'TFTP prefix: ', 0
2481 localboot_msg
db 'Booting from local disk...', CR
, LF
, 0
2482 trying_msg
db 'Trying to load: ', 0
2483 fourbs_msg
db BS
, BS
, BS
, BS
, 0
2484 default_str
db 'default', 0
2485 syslinux_banner
db CR
, LF
, 'PXELINUX ', version_str
, ' ', date
, ' ', 0
2486 cfgprefix
db 'pxelinux.cfg/' ; No final null!
2487 cfgprefix_len
equ ($
-cfgprefix
)
2490 ; Command line options we'd like to take a look at
2492 ; mem= and vga= are handled as normal 32-bit integer values
2493 initrd_cmd
db 'initrd='
2494 initrd_cmd_len
equ $
-initrd_cmd
2496 ; This one we make ourselves
2497 bootif_str
db 'BOOTIF='
2498 bootif_str_len
equ $
-bootif_str
2500 ; Config file keyword table
2502 %include "keywords.inc"
2505 ; Extensions to search for (in *forward* order).
2506 ; (.bs and .bss are disabled for PXELINUX, since they are not supported)
2509 exten_table: db '.cbt' ; COMBOOT (specific)
2510 db '.0', 0, 0 ; PXE bootstrap program
2511 db '.com' ; COMBOOT (same as DOS)
2514 dd 0, 0 ; Need 8 null bytes here
2517 ; PXE unload sequences
2521 db PXENV_UNDI_SHUTDOWN
2522 db PXENV_UNLOAD_STACK
2527 db PXENV_UNDI_SHUTDOWN
2528 db PXENV_UNLOAD_STACK
2529 db PXENV_UNDI_CLEANUP
2533 ; PXE query packets partially filled in
2536 pxe_bootp_query_pkt:
2537 .
status: resw
1 ; Status
2538 .
packettype: resw
1 ; Boot server packet type
2539 .
buffersize: resw
1 ; Packet size
2540 .
buffer: resw
2 ; seg:off of buffer
2541 .
bufferlimit: resw
1 ; Unused
2545 .
status: dw 0 ; Status
2546 .
sip: dd 0 ; Source (our) IP
2549 .
status: dw 0 ; Status
2552 .
status: dw 0 ; Status
2553 .
sip: dd 0 ; Server IP
2554 .
gip: dd 0 ; Gateway IP
2555 .
lport: dw 0 ; Local port
2556 .
rport: dw 0 ; Remote port
2557 .
buffersize: dw 0 ; Size of packet
2558 .
buffer: dw 0, 0 ; seg:off of buffer
2561 .
status: dw 0 ; Status
2562 .
sip: dd 0 ; Source IP
2563 .
dip: dd 0 ; Destination (our) IP
2564 .
rport: dw 0 ; Remote port
2565 .
lport: dw 0 ; Local port
2566 .
buffersize: dw 0 ; Max packet size
2567 .
buffer: dw 0, 0 ; seg:off of buffer
2570 ; Misc initialized (data) variables
2573 BaseStack
dd StackBuf
; ESP of base stack
2574 dw 0 ; SS of base stack
2575 NextSocket
dw 49152 ; Counter for allocating socket numbers
2576 KeepPXE
db 0 ; Should PXE be kept around?
2581 tftp_tail
db 'octet', 0 ; Octet mode
2582 tsize_str
db 'tsize' ,0 ; Request size
2583 tsize_len
equ ($
-tsize_str
)
2585 blksize_str
db 'blksize', 0 ; Request large blocks
2586 blksize_len
equ ($
-blksize_str
)
2587 asciidec TFTP_LARGEBLK
2589 tftp_tail_len
equ ($
-tftp_tail
)
2593 ; Options negotiation parsing table (string pointer, string len, offset
2594 ; into socket structure)
2597 dw tsize_str
, tsize_len
, tftp_filesize
2598 dw blksize_str
, blksize_len
, tftp_blksize
2599 tftp_opts
equ ($
-tftp_opt_table
)/6
2602 ; Error packet to return on options negotiation error
2604 tftp_opt_err
dw TFTP_ERROR
; ERROR packet
2605 dw TFTP_EOPTNEG
; ERROR 8: bad options
2606 db 'tsize option required', 0 ; Error message
2607 tftp_opt_err_len
equ ($
-tftp_opt_err
)
2610 ack_packet_buf: dw TFTP_ACK
, 0 ; TFTP ACK packet
2613 ; IP information (initialized to "unknown" values)
2614 MyIP
dd 0 ; My IP address
2615 ServerIP
dd 0 ; IP address of boot server
2616 Netmask
dd 0 ; Netmask of this subnet
2617 Gateway
dd 0 ; Default router
2618 ServerPort
dw TFTP_PORT
; TFTP server port
2621 ; Variables that are uninitialized in SYSLINUX but initialized here
2624 BufSafe
dw trackbufsize
/TFTP_BLOCKSIZE
; Clusters we can load into trackbuf
2625 BufSafeBytes
dw trackbufsize
; = how many bytes?
2627 %if
( trackbufsize
% TFTP_BLOCKSIZE
) != 0
2628 %error trackbufsize must be a multiple of TFTP_BLOCKSIZE