d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a41b48ea12
freebsd-dev/sbin/dumpon/dumpon.c

601 lines
15 KiB
C
Raw Normal View History

General further adoption of SPDX licensing ID tags. Mainly focus on files that use BSD 3-Clause license. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. Special thanks to Wind River for providing access to "The Duke of Highlander" tool: an older (2014) run over FreeBSD tree was useful as a starting point.
2017-11-20 19:49:47 +00:00
/*-
* SPDX-License-Identifier: BSD-3-Clause
*
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
* Copyright (c) 1980, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
Renumber copyright clause 4 Renumber cluase 4 to 3, per what everybody else did when BSD granted them permission to remove clause 3. My insistance on keeping the same numbering for legal reasons is too pedantic, so give up on that point. Submitted by: Jan Schaumann <jschauma@stevens.edu> Pull Request: https://github.com/freebsd/freebsd/pull/96
2017-02-28 23:42:47 +00:00
* 3. Neither the name of the University nor the names of its contributors
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
Use __FBSDID() to quiet GCC 3.3 warnings.
2003-05-03 18:41:59 +00:00
#if 0
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
#ifndef lint
Capitalize at the start of sentence. Add rcsid. Remove unused #includes. Use `dumpon' instead of argv[0].
1998-06-15 07:03:47 +00:00
static const char copyright[] =
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
"@(#) Copyright (c) 1980, 1993\n\
The Regents of the University of California. All rights reserved.\n";
#endif /* not lint */
#ifndef lint
Capitalize at the start of sentence. Add rcsid. Remove unused #includes. Use `dumpon' instead of argv[0].
1998-06-15 07:03:47 +00:00
static char sccsid[] = "From: @(#)swapon.c 8.1 (Berkeley) 6/5/93";
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
#endif /* not lint */
Use __FBSDID() to quiet GCC 3.3 warnings.
2003-05-03 18:41:59 +00:00
#endif
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
Verify that the specified device is at least as large as hw.physmem.
2004-10-03 23:38:49 +00:00
#include <sys/param.h>
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
#include <sys/capsicum.h>
Verify that the specified device is at least as large as hw.physmem.
2004-10-03 23:38:49 +00:00
#include <sys/disk.h>
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
#include <sys/socket.h>
Verify that the specified device is at least as large as hw.physmem.
2004-10-03 23:38:49 +00:00
#include <sys/sysctl.h>
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
#include <assert.h>
Convert `cap_enter() < 0 && errno != ENOSYS` to `caph_enter() < 0`. No functional change intended.
2018-06-19 23:43:14 +00:00
#include <capsicum_helpers.h>
Capitalize at the start of sentence. Add rcsid. Remove unused #includes. Use `dumpon' instead of argv[0].
1998-06-15 07:03:47 +00:00
#include <err.h>
Add an option to display the current dump device via dumpon -l. MFC after: 2 weeks
2012-11-01 18:59:19 +00:00
#include <errno.h>
Here follows the new kernel dumping infrastructure. Caveats: The new savecore program is not complete in the sense that it emulates enough of the old savecores features to do the job, but implements none of the options yet. I would appreciate if a userland hacker could help me out getting savecore to do what we want it to do from a users point of view, compression, email-notification, space reservation etc etc. (send me email if you are interested). Currently, savecore will scan all devices marked as "swap" or "dump" in /etc/fstab _or_ any devices specified on the command-line. All architectures but i386 lack an implementation of dumpsys(), but looking at the i386 version it should be trivial for anybody familiar with the platform(s) to provide this function. Documentation is quite sparse at this time, more to come. Sponsored by: DARPA, NAI Labs Details: Dumpon now opens the device and uses ioctl(DIOCGKERNELDUMP) to set it to be the dumpdevice. When "off" is set, /dev/null is used.
2002-03-31 22:24:24 +00:00
#include <fcntl.h>
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
#include <ifaddrs.h>
#include <netdb.h>
Here follows the new kernel dumping infrastructure. Caveats: The new savecore program is not complete in the sense that it emulates enough of the old savecores features to do the job, but implements none of the options yet. I would appreciate if a userland hacker could help me out getting savecore to do what we want it to do from a users point of view, compression, email-notification, space reservation etc etc. (send me email if you are interested). Currently, savecore will scan all devices marked as "swap" or "dump" in /etc/fstab _or_ any devices specified on the command-line. All architectures but i386 lack an implementation of dumpsys(), but looking at the i386 version it should be trivial for anybody familiar with the platform(s) to provide this function. Documentation is quite sparse at this time, more to come. Sponsored by: DARPA, NAI Labs Details: Dumpon now opens the device and uses ioctl(DIOCGKERNELDUMP) to set it to be the dumpdevice. When "off" is set, /dev/null is used.
2002-03-31 22:24:24 +00:00
#include <paths.h>
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
#include <stdbool.h>
Verify that the specified device is at least as large as hw.physmem.
2004-10-03 23:38:49 +00:00
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
unbreak build: include string.h for strcmp prototype.
2002-05-11 03:07:38 +00:00
#include <string.h>
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
#include <sysexits.h>
Verify that the specified device is at least as large as hw.physmem.
2004-10-03 23:38:49 +00:00
#include <unistd.h>
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
#include <arpa/inet.h>
#include <net/if.h>
#include <net/if_dl.h>
#include <net/route.h>
#include <netinet/in.h>
#include <netinet/netdump/netdump.h>
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
#ifdef HAVE_CRYPTO
#include <openssl/err.h>
#include <openssl/pem.h>
EKCD: Preload error strings, PRNG seed; use OAEP padding Preload OpenSSL ERR string data so that the formatted error messages are vaguely meaningful. Add OpenSSL error information to the RSA_public_encrypt() operation failure case in one-time key generation. For obsolescent OpenSSL versions (*cough* FIPS *cough*), pre-seed the PRNG before entering Cap mode, as old versions of OpenSSL are unaware of kernel RNG interfaces aside from /dev/random (such as the long-supported kern.arnd, or the slightly more recent getentropy(3) or getrandom(2)). (RSA_public_encrypt() wants a seeded PRNG to randomize the "PS" portion of PKCS 1.5 padding or the "MGF" pseudo-random function in OAEP padding.) Switch dumpon to encrypt the one-time key with OAEP padding (recommended since 1998; RFC2437) rather than the obsolescent PKCS 1.5 padding (1993; RFC2313). Switch decryptcore to attempt OAEP decryption first, and try PKCS 1.5 decryption on failure. This is intended only for transition convenience, and we should obsolete support for non-OAEP padding in a release or two. Reviewed by: markj MFC After: 2 weeks Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D24534
2020-04-23 17:56:48 +00:00
#include <openssl/rand.h>
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
#include <openssl/rsa.h>
#endif
Verify that the specified device is at least as large as hw.physmem.
2004-10-03 23:38:49 +00:00
static int verbose;
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
static void _Noreturn
Verify that the specified device is at least as large as hw.physmem.
2004-10-03 23:38:49 +00:00
usage(void)
{
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
fprintf(stderr,
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
"usage: dumpon [-i index] [-r] [-v] [-k <pubkey>] [-Zz] <device>\n"
" dumpon [-i index] [-r] [-v] [-k <pubkey>] [-Zz]\n"
Change dumpon(8)'s handling of -g. Rather than using a special value to denote "use the default router", treat the absence of the -g option to mean the same thing. The in-kernel netdump client will always attempt to reach the server directly before falling back to the configured gateway anyway. This change makes it cleaner to support a hostname value for -g. Reviewed by: cem MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D18025
2018-11-18 01:58:48 +00:00
" [-g <gateway>] -s <server> -c <client> <iface>\n"
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
" dumpon [-v] off\n"
" dumpon [-v] -l\n");
Verify that the specified device is at least as large as hw.physmem.
2004-10-03 23:38:49 +00:00
exit(EX_USAGE);
}
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
/*
* Look for a default route on the specified interface.
*/
static char *
find_gateway(const char *ifname)
{
struct ifaddrs *ifa, *ifap;
struct rt_msghdr *rtm;
struct sockaddr *sa;
struct sockaddr_dl *sdl;
struct sockaddr_in *dst, *mask, *gw;
char *buf, *next, *ret;
size_t sz;
int error, i, ifindex, mib[7];
/* First look up the interface index. */
if (getifaddrs(&ifap) != 0)
err(EX_OSERR, "getifaddrs");
for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) {
if (ifa->ifa_addr->sa_family != AF_LINK)
continue;
if (strcmp(ifa->ifa_name, ifname) == 0) {
sdl = (struct sockaddr_dl *)(void *)ifa->ifa_addr;
ifindex = sdl->sdl_index;
break;
}
}
if (ifa == NULL)
errx(1, "couldn't find interface index for '%s'", ifname);
freeifaddrs(ifap);
/* Now get the IPv4 routing table. */
mib[0] = CTL_NET;
mib[1] = PF_ROUTE;
mib[2] = 0;
mib[3] = AF_INET;
mib[4] = NET_RT_DUMP;
mib[5] = 0;
mib[6] = -1; /* FIB */
for (;;) {
if (sysctl(mib, nitems(mib), NULL, &sz, NULL, 0) != 0)
err(EX_OSERR, "sysctl(NET_RT_DUMP)");
buf = malloc(sz);
error = sysctl(mib, nitems(mib), buf, &sz, NULL, 0);
if (error == 0)
break;
if (errno != ENOMEM)
err(EX_OSERR, "sysctl(NET_RT_DUMP)");
free(buf);
}
Change dumpon(8)'s handling of -g. Rather than using a special value to denote "use the default router", treat the absence of the -g option to mean the same thing. The in-kernel netdump client will always attempt to reach the server directly before falling back to the configured gateway anyway. This change makes it cleaner to support a hostname value for -g. Reviewed by: cem MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D18025
2018-11-18 01:58:48 +00:00
ret = NULL;
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
for (next = buf; next < buf + sz; next += rtm->rtm_msglen) {
rtm = (struct rt_msghdr *)(void *)next;
if (rtm->rtm_version != RTM_VERSION)
continue;
if ((rtm->rtm_flags & RTF_GATEWAY) == 0 ||
rtm->rtm_index != ifindex)
continue;
dst = gw = mask = NULL;
sa = (struct sockaddr *)(rtm + 1);
for (i = 0; i < RTAX_MAX; i++) {
if ((rtm->rtm_addrs & (1 << i)) != 0) {
switch (i) {
case RTAX_DST:
dst = (void *)sa;
break;
case RTAX_GATEWAY:
gw = (void *)sa;
break;
case RTAX_NETMASK:
mask = (void *)sa;
break;
}
}
sa = (struct sockaddr *)((char *)sa + SA_SIZE(sa));
}
if (dst->sin_addr.s_addr == INADDR_ANY &&
mask->sin_addr.s_addr == 0) {
ret = inet_ntoa(gw->sin_addr);
break;
}
}
free(buf);
return (ret);
}
Verify that the specified device is at least as large as hw.physmem.
2004-10-03 23:38:49 +00:00
static void
check_size(int fd, const char *fn)
{
int name[] = { CTL_HW, HW_PHYSMEM };
Use nitems() instead of sizeof(name) / sizeof(*name). MFC after: 2 weeks.
2016-04-19 04:28:25 +00:00
size_t namelen = nitems(name);
Verify that the specified device is at least as large as hw.physmem.
2004-10-03 23:38:49 +00:00
unsigned long physmem;
With minidumps, the dumping partition could be smaller than physical memory, so checking the size of the partition is not necessary. Tested by: kris
2006-04-27 19:01:54 +00:00
size_t len;
Verify that the specified device is at least as large as hw.physmem.
2004-10-03 23:38:49 +00:00
off_t mediasize;
With minidumps, the dumping partition could be smaller than physical memory, so checking the size of the partition is not necessary. Tested by: kris
2006-04-27 19:01:54 +00:00
int minidump;
Verify that the specified device is at least as large as hw.physmem.
2004-10-03 23:38:49 +00:00
Whitespace and style nits.
2006-10-31 22:36:49 +00:00
len = sizeof(minidump);
With minidumps, the dumping partition could be smaller than physical memory, so checking the size of the partition is not necessary. Tested by: kris
2006-04-27 19:01:54 +00:00
if (sysctlbyname("debug.minidump", &minidump, &len, NULL, 0) == 0 &&
minidump == 1)
return;
Whitespace and style nits.
2006-10-31 22:36:49 +00:00
len = sizeof(physmem);
Verify that the specified device is at least as large as hw.physmem.
2004-10-03 23:38:49 +00:00
if (sysctl(name, namelen, &physmem, &len, NULL, 0) != 0)
err(EX_OSERR, "can't get memory size");
if (ioctl(fd, DIOCGMEDIASIZE, &mediasize) != 0)
err(EX_OSERR, "%s: can't get size", fn);
dumpon: skip size check if using zstd As with gzip, let the dump device be smaller than physical memory when using zstd and full dumps. Also print the error message if the size check fails, even if -v is not specified. Failing silently is not friendly. Reviewed by: cem markj MFC after: 2 weeks Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D23923
2020-03-03 22:14:23 +00:00
if ((uintmax_t)mediasize < (uintmax_t)physmem)
errx(EX_IOERR, "%s is smaller than physical memory", fn);
Verify that the specified device is at least as large as hw.physmem.
2004-10-03 23:38:49 +00:00
}
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
#ifdef HAVE_CRYPTO
static void
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
genkey(const char *pubkeyfile, struct diocskerneldump_arg *kdap)
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
{
FILE *fp;
RSA *pubkey;
assert(pubkeyfile != NULL);
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
assert(kdap != NULL);
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
fp = NULL;
pubkey = NULL;
fp = fopen(pubkeyfile, "r");
if (fp == NULL)
err(1, "Unable to open %s", pubkeyfile);
EKCD: Preload error strings, PRNG seed; use OAEP padding Preload OpenSSL ERR string data so that the formatted error messages are vaguely meaningful. Add OpenSSL error information to the RSA_public_encrypt() operation failure case in one-time key generation. For obsolescent OpenSSL versions (*cough* FIPS *cough*), pre-seed the PRNG before entering Cap mode, as old versions of OpenSSL are unaware of kernel RNG interfaces aside from /dev/random (such as the long-supported kern.arnd, or the slightly more recent getentropy(3) or getrandom(2)). (RSA_public_encrypt() wants a seeded PRNG to randomize the "PS" portion of PKCS 1.5 padding or the "MGF" pseudo-random function in OAEP padding.) Switch dumpon to encrypt the one-time key with OAEP padding (recommended since 1998; RFC2437) rather than the obsolescent PKCS 1.5 padding (1993; RFC2313). Switch decryptcore to attempt OAEP decryption first, and try PKCS 1.5 decryption on failure. This is intended only for transition convenience, and we should obsolete support for non-OAEP padding in a release or two. Reviewed by: markj MFC After: 2 weeks Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D24534
2020-04-23 17:56:48 +00:00
/*
* Obsolescent OpenSSL only knows about /dev/random, and needs to
* pre-seed before entering cap mode. For whatever reason,
* RSA_pub_encrypt uses the internal PRNG.
*/
#if OPENSSL_VERSION_NUMBER < 0x10100000L
{
unsigned char c[1];
RAND_bytes(c, 1);
}
#endif
Convert `cap_enter() < 0 && errno != ENOSYS` to `caph_enter() < 0`. No functional change intended.
2018-06-19 23:43:14 +00:00
if (caph_enter() < 0)
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
err(1, "Unable to enter capability mode");
pubkey = RSA_new();
if (pubkey == NULL) {
errx(1, "Unable to allocate an RSA structure: %s",
ERR_error_string(ERR_get_error(), NULL));
}
pubkey = PEM_read_RSA_PUBKEY(fp, &pubkey, NULL, NULL);
fclose(fp);
fp = NULL;
if (pubkey == NULL)
errx(1, "Unable to read data from %s.", pubkeyfile);
dumpon(8): Provide seatbelt against weak RSA keys The premise of dumpon -k foo.pem is that dump contents will be confidential except to anyone holding the corresponding RSA private key. This guarantee breaks down when weak RSA keys are used. Small RSA keys (e.g. 512 bits) can be broken on a single personal computer in tractible time. Marginal RSA keys (768 bits) can be broken by EC2 and a few dollars. Even 1024 bit keys can probably be broken by sophisticated and wealthy attackers. NIST SP800-57 (2016) recommends a minimum of 2048 bit RSA keys, and estimates this provides 112 bits of security. It would also be good to protect users from weak values of 'e' (i.e., 3) and perhaps sanity check that their public key .pem does not accidentally contain their private key as well. These considerations are left as future work. Reviewed by: markj, darius AT dons.net.au (previous version) Discussed with: bjk Differential Revision: https://reviews.freebsd.org/D17678
2018-10-26 19:53:59 +00:00
/*
* RSA keys under ~1024 bits are trivially factorable (2018). OpenSSL
* provides an API for RSA keys to estimate the symmetric-cipher
* "equivalent" bits of security (defined in NIST SP800-57), which as
* of this writing equates a 2048-bit RSA key to 112 symmetric cipher
* bits.
*
* Use this API as a seatbelt to avoid suggesting to users that their
* privacy is protected by encryption when the key size is insufficient
* to prevent compromise via factoring.
*
* Future work: Sanity check for weak 'e', and sanity check for absence
* of 'd' (i.e., the supplied key is a public key rather than a full
* keypair).
*/
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
if (RSA_security_bits(pubkey) < 112)
#else
if (RSA_size(pubkey) * 8 < 2048)
#endif
errx(1, "Small RSA keys (you provided: %db) can be "
"factored cheaply. Please generate a larger key.",
RSA_size(pubkey) * 8);
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
kdap->kda_encryptedkeysize = RSA_size(pubkey);
if (kdap->kda_encryptedkeysize > KERNELDUMP_ENCKEY_MAX_SIZE) {
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
errx(1, "Public key has to be at most %db long.",
8 * KERNELDUMP_ENCKEY_MAX_SIZE);
}
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
kdap->kda_encryptedkey = calloc(1, kdap->kda_encryptedkeysize);
if (kdap->kda_encryptedkey == NULL)
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
err(1, "Unable to allocate encrypted key");
EKCD: Add Chacha20 encryption mode Add Chacha20 mode to Encrypted Kernel Crash Dumps. Chacha20 does not require messages to be multiples of block size, so it is valid to use the cipher on non-block-sized messages without the explicit padding AES-CBC would require. Therefore, allow use with simultaneous dump compression. (Continue to disallow use of AES-CBC EKCD with compression.) dumpon(8) gains a -C cipher flag to select between chacha and aes-cbc. It defaults to chacha if no -C option is provided. The man page documents this behavior. Relnotes: sure Sponsored by: Dell EMC Isilon
2019-05-23 20:12:24 +00:00
/*
* If no cipher was specified, choose a reasonable default.
*/
if (kdap->kda_encryption == KERNELDUMP_ENC_NONE)
kdap->kda_encryption = KERNELDUMP_ENC_CHACHA20;
else if (kdap->kda_encryption == KERNELDUMP_ENC_AES_256_CBC &&
kdap->kda_compression != KERNELDUMP_COMP_NONE)
errx(EX_USAGE, "Unpadded AES256-CBC mode cannot be used "
"with compression.");
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
arc4random_buf(kdap->kda_key, sizeof(kdap->kda_key));
if (RSA_public_encrypt(sizeof(kdap->kda_key), kdap->kda_key,
kdap->kda_encryptedkey, pubkey,
EKCD: Preload error strings, PRNG seed; use OAEP padding Preload OpenSSL ERR string data so that the formatted error messages are vaguely meaningful. Add OpenSSL error information to the RSA_public_encrypt() operation failure case in one-time key generation. For obsolescent OpenSSL versions (*cough* FIPS *cough*), pre-seed the PRNG before entering Cap mode, as old versions of OpenSSL are unaware of kernel RNG interfaces aside from /dev/random (such as the long-supported kern.arnd, or the slightly more recent getentropy(3) or getrandom(2)). (RSA_public_encrypt() wants a seeded PRNG to randomize the "PS" portion of PKCS 1.5 padding or the "MGF" pseudo-random function in OAEP padding.) Switch dumpon to encrypt the one-time key with OAEP padding (recommended since 1998; RFC2437) rather than the obsolescent PKCS 1.5 padding (1993; RFC2313). Switch decryptcore to attempt OAEP decryption first, and try PKCS 1.5 decryption on failure. This is intended only for transition convenience, and we should obsolete support for non-OAEP padding in a release or two. Reviewed by: markj MFC After: 2 weeks Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D24534
2020-04-23 17:56:48 +00:00
RSA_PKCS1_OAEP_PADDING) != (int)kdap->kda_encryptedkeysize) {
errx(1, "Unable to encrypt the one-time key: %s",
ERR_error_string(ERR_get_error(), NULL));
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
}
RSA_free(pubkey);
}
#endif
Add an option to display the current dump device via dumpon -l. MFC after: 2 weeks
2012-11-01 18:59:19 +00:00
static void
listdumpdev(void)
{
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
static char ip[200];
Add an option to display the current dump device via dumpon -l. MFC after: 2 weeks
2012-11-01 18:59:19 +00:00
char dumpdev[PATH_MAX];
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
struct diocskerneldump_arg ndconf;
Add an option to display the current dump device via dumpon -l. MFC after: 2 weeks
2012-11-01 18:59:19 +00:00
size_t len;
const char *sysctlname = "kern.shutdown.dumpdevname";
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
int fd;
Add an option to display the current dump device via dumpon -l. MFC after: 2 weeks
2012-11-01 18:59:19 +00:00
len = sizeof(dumpdev);
if (sysctlbyname(sysctlname, &dumpdev, &len, NULL, 0) != 0) {
if (errno == ENOMEM) {
err(EX_OSERR, "Kernel returned too large of a buffer for '%s'\n",
sysctlname);
} else {
err(EX_OSERR, "Sysctl get '%s'\n", sysctlname);
}
}
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
if (strlen(dumpdev) == 0)
(void)strlcpy(dumpdev, _PATH_DEVNULL, sizeof(dumpdev));
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
if (verbose) {
char *ctx, *dd;
unsigned idx;
printf("kernel dumps on priority: device\n");
idx = 0;
ctx = dumpdev;
while ((dd = strsep(&ctx, ",")) != NULL)
printf("%u: %s\n", idx++, dd);
} else
printf("%s\n", dumpdev);
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
/* If netdump is enabled, print the configuration parameters. */
if (verbose) {
fd = open(_PATH_NETDUMP, O_RDONLY);
if (fd < 0) {
if (errno != ENOENT)
err(EX_OSERR, "opening %s", _PATH_NETDUMP);
return;
}
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
if (ioctl(fd, DIOCGKERNELDUMP, &ndconf) != 0) {
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
if (errno != ENXIO)
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
err(EX_OSERR, "ioctl(DIOCGKERNELDUMP)");
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
(void)close(fd);
return;
}
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
printf("server address: %s\n",
inet_ntop(ndconf.kda_af, &ndconf.kda_server, ip,
sizeof(ip)));
printf("client address: %s\n",
inet_ntop(ndconf.kda_af, &ndconf.kda_client, ip,
sizeof(ip)));
printf("gateway address: %s\n",
inet_ntop(ndconf.kda_af, &ndconf.kda_gateway, ip,
sizeof(ip)));
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
(void)close(fd);
Add an option to display the current dump device via dumpon -l. MFC after: 2 weeks
2012-11-01 18:59:19 +00:00
}
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
}
static int
opendumpdev(const char *arg, char *dumpdev)
{
int fd, i;
if (strncmp(arg, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0)
strlcpy(dumpdev, arg, PATH_MAX);
else {
i = snprintf(dumpdev, PATH_MAX, "%s%s", _PATH_DEV, arg);
if (i < 0)
err(EX_OSERR, "%s", arg);
if (i >= PATH_MAX)
errc(EX_DATAERR, EINVAL, "%s", arg);
Add an option to display the current dump device via dumpon -l. MFC after: 2 weeks
2012-11-01 18:59:19 +00:00
}
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
fd = open(dumpdev, O_RDONLY);
if (fd < 0)
err(EX_OSFILE, "%s", dumpdev);
return (fd);
Add an option to display the current dump device via dumpon -l. MFC after: 2 weeks
2012-11-01 18:59:19 +00:00
}
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
int
o __P o Strict ANSI declarations. o return (foo); o main (int, char *[])
2002-03-18 06:59:15 +00:00
main(int argc, char *argv[])
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
{
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
char dumpdev[PATH_MAX];
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
struct diocskerneldump_arg ndconf, *kdap;
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
struct addrinfo hints, *res;
const char *dev, *pubkeyfile, *server, *client, *gateway;
EKCD: Add Chacha20 encryption mode Add Chacha20 mode to Encrypted Kernel Crash Dumps. Chacha20 does not require messages to be multiples of block size, so it is valid to use the cipher on non-block-sized messages without the explicit padding AES-CBC would require. Therefore, allow use with simultaneous dump compression. (Continue to disallow use of AES-CBC EKCD with compression.) dumpon(8) gains a -C cipher flag to select between chacha and aes-cbc. It defaults to chacha if no -C option is provided. The man page documents this behavior. Relnotes: sure Sponsored by: Dell EMC Isilon
2019-05-23 20:12:24 +00:00
int ch, error, fd, cipher;
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
bool gzip, list, netdump, zstd, insert, rflag;
uint8_t ins_idx;
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
gzip = list = netdump = zstd = insert = rflag = false;
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
kdap = NULL;
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
pubkeyfile = NULL;
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
server = client = gateway = NULL;
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
ins_idx = KDA_APPEND;
EKCD: Add Chacha20 encryption mode Add Chacha20 mode to Encrypted Kernel Crash Dumps. Chacha20 does not require messages to be multiples of block size, so it is valid to use the cipher on non-block-sized messages without the explicit padding AES-CBC would require. Therefore, allow use with simultaneous dump compression. (Continue to disallow use of AES-CBC EKCD with compression.) dumpon(8) gains a -C cipher flag to select between chacha and aes-cbc. It defaults to chacha if no -C option is provided. The man page documents this behavior. Relnotes: sure Sponsored by: Dell EMC Isilon
2019-05-23 20:12:24 +00:00
cipher = KERNELDUMP_ENC_NONE;
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
EKCD: Add Chacha20 encryption mode Add Chacha20 mode to Encrypted Kernel Crash Dumps. Chacha20 does not require messages to be multiples of block size, so it is valid to use the cipher on non-block-sized messages without the explicit padding AES-CBC would require. Therefore, allow use with simultaneous dump compression. (Continue to disallow use of AES-CBC EKCD with compression.) dumpon(8) gains a -C cipher flag to select between chacha and aes-cbc. It defaults to chacha if no -C option is provided. The man page documents this behavior. Relnotes: sure Sponsored by: Dell EMC Isilon
2019-05-23 20:12:24 +00:00
while ((ch = getopt(argc, argv, "C:c:g:i:k:lrs:vZz")) != -1)
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
switch ((char)ch) {
EKCD: Add Chacha20 encryption mode Add Chacha20 mode to Encrypted Kernel Crash Dumps. Chacha20 does not require messages to be multiples of block size, so it is valid to use the cipher on non-block-sized messages without the explicit padding AES-CBC would require. Therefore, allow use with simultaneous dump compression. (Continue to disallow use of AES-CBC EKCD with compression.) dumpon(8) gains a -C cipher flag to select between chacha and aes-cbc. It defaults to chacha if no -C option is provided. The man page documents this behavior. Relnotes: sure Sponsored by: Dell EMC Isilon
2019-05-23 20:12:24 +00:00
case 'C':
if (strcasecmp(optarg, "chacha") == 0 ||
strcasecmp(optarg, "chacha20") == 0)
cipher = KERNELDUMP_ENC_CHACHA20;
else if (strcasecmp(optarg, "aes-cbc") == 0 ||
strcasecmp(optarg, "aes256-cbc") == 0)
cipher = KERNELDUMP_ENC_AES_256_CBC;
else
errx(EX_USAGE, "Unrecognized cipher algorithm "
"'%s'", optarg);
break;
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
case 'c':
client = optarg;
break;
case 'g':
gateway = optarg;
break;
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
case 'i':
{
int i;
i = atoi(optarg);
if (i < 0 || i >= KDA_APPEND - 1)
errx(EX_USAGE,
"-i index must be between zero and %d.",
(int)KDA_APPEND - 2);
insert = true;
ins_idx = i;
}
break;
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
case 'k':
pubkeyfile = optarg;
break;
Add an option to display the current dump device via dumpon -l. MFC after: 2 weeks
2012-11-01 18:59:19 +00:00
case 'l':
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
list = true;
break;
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
case 'r':
rflag = true;
break;
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
case 's':
server = optarg;
Add an option to display the current dump device via dumpon -l. MFC after: 2 weeks
2012-11-01 18:59:19 +00:00
break;
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
case 'v':
verbose = 1;
break;
Add support for zstd-compressed user and kernel core dumps. This works similarly to the existing gzip compression support, but zstd is typically faster and gives better compression ratios. Support for this functionality must be configured by adding ZSTDIO to one's kernel configuration file. dumpon(8)'s new -Z option is used to configure zstd compression for kernel dumps. savecore(8) now recognizes and saves zstd-compressed kernel dumps with a .zst extension. Submitted by: cem (original version) Relnotes: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D13101, https://reviews.freebsd.org/D13633
2018-02-13 19:28:02 +00:00
case 'Z':
zstd = true;
break;
Add support for compressed kernel dumps. When using a kernel built with the GZIO config option, dumpon -z can be used to configure gzip compression using the in-kernel copy of zlib. This is useful on systems with large amounts of RAM, which require a correspondingly large dump device. Recovery of compressed dumps is also faster since fewer bytes need to be copied from the dump device. Because we have no way of knowing the final size of a compressed dump until it is written, the kernel will always attempt to dump when compression is configured, regardless of the dump device size. If the dump is aborted because we run out of space, an error is reported on the console. savecore(8) is modified to handle compressed dumps and save them to vmcore.<index>.gz, as it does when given the -z option. A new rc.conf variable, dumpon_flags, is added. Its value is added to the boot-time dumpon(8) invocation that occurs when a dump device is configured in rc.conf. Reviewed by: cem (earlier version) Discussed with: def, rgrimes Relnotes: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D11723
2017-10-25 00:51:00 +00:00
case 'z':
gzip = true;
break;
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
default:
usage();
}
Verify that the specified device is at least as large as hw.physmem.
2004-10-03 23:38:49 +00:00
Add support for zstd-compressed user and kernel core dumps. This works similarly to the existing gzip compression support, but zstd is typically faster and gives better compression ratios. Support for this functionality must be configured by adding ZSTDIO to one's kernel configuration file. dumpon(8)'s new -Z option is used to configure zstd compression for kernel dumps. savecore(8) now recognizes and saves zstd-compressed kernel dumps with a .zst extension. Submitted by: cem (original version) Relnotes: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D13101, https://reviews.freebsd.org/D13633
2018-02-13 19:28:02 +00:00
if (gzip && zstd)
errx(EX_USAGE, "The -z and -Z options are mutually exclusive.");
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
if (insert && rflag)
errx(EX_USAGE, "The -i and -r options are mutually exclusive.");
Verify that the specified device is at least as large as hw.physmem.
2004-10-03 23:38:49 +00:00
argc -= optind;
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
argv += optind;
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
if (list) {
Add an option to display the current dump device via dumpon -l. MFC after: 2 weeks
2012-11-01 18:59:19 +00:00
listdumpdev();
exit(EX_OK);
}
Verify that the specified device is at least as large as hw.physmem.
2004-10-03 23:38:49 +00:00
if (argc != 1)
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
usage();
EKCD: Add Chacha20 encryption mode Add Chacha20 mode to Encrypted Kernel Crash Dumps. Chacha20 does not require messages to be multiples of block size, so it is valid to use the cipher on non-block-sized messages without the explicit padding AES-CBC would require. Therefore, allow use with simultaneous dump compression. (Continue to disallow use of AES-CBC EKCD with compression.) dumpon(8) gains a -C cipher flag to select between chacha and aes-cbc. It defaults to chacha if no -C option is provided. The man page documents this behavior. Relnotes: sure Sponsored by: Dell EMC Isilon
2019-05-23 20:12:24 +00:00
#ifdef HAVE_CRYPTO
EKCD: Preload error strings, PRNG seed; use OAEP padding Preload OpenSSL ERR string data so that the formatted error messages are vaguely meaningful. Add OpenSSL error information to the RSA_public_encrypt() operation failure case in one-time key generation. For obsolescent OpenSSL versions (*cough* FIPS *cough*), pre-seed the PRNG before entering Cap mode, as old versions of OpenSSL are unaware of kernel RNG interfaces aside from /dev/random (such as the long-supported kern.arnd, or the slightly more recent getentropy(3) or getrandom(2)). (RSA_public_encrypt() wants a seeded PRNG to randomize the "PS" portion of PKCS 1.5 padding or the "MGF" pseudo-random function in OAEP padding.) Switch dumpon to encrypt the one-time key with OAEP padding (recommended since 1998; RFC2437) rather than the obsolescent PKCS 1.5 padding (1993; RFC2313). Switch decryptcore to attempt OAEP decryption first, and try PKCS 1.5 decryption on failure. This is intended only for transition convenience, and we should obsolete support for non-OAEP padding in a release or two. Reviewed by: markj MFC After: 2 weeks Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D24534
2020-04-23 17:56:48 +00:00
if (cipher != KERNELDUMP_ENC_NONE && pubkeyfile == NULL) {
EKCD: Add Chacha20 encryption mode Add Chacha20 mode to Encrypted Kernel Crash Dumps. Chacha20 does not require messages to be multiples of block size, so it is valid to use the cipher on non-block-sized messages without the explicit padding AES-CBC would require. Therefore, allow use with simultaneous dump compression. (Continue to disallow use of AES-CBC EKCD with compression.) dumpon(8) gains a -C cipher flag to select between chacha and aes-cbc. It defaults to chacha if no -C option is provided. The man page documents this behavior. Relnotes: sure Sponsored by: Dell EMC Isilon
2019-05-23 20:12:24 +00:00
errx(EX_USAGE, "-C option requires a public key file.");
EKCD: Preload error strings, PRNG seed; use OAEP padding Preload OpenSSL ERR string data so that the formatted error messages are vaguely meaningful. Add OpenSSL error information to the RSA_public_encrypt() operation failure case in one-time key generation. For obsolescent OpenSSL versions (*cough* FIPS *cough*), pre-seed the PRNG before entering Cap mode, as old versions of OpenSSL are unaware of kernel RNG interfaces aside from /dev/random (such as the long-supported kern.arnd, or the slightly more recent getentropy(3) or getrandom(2)). (RSA_public_encrypt() wants a seeded PRNG to randomize the "PS" portion of PKCS 1.5 padding or the "MGF" pseudo-random function in OAEP padding.) Switch dumpon to encrypt the one-time key with OAEP padding (recommended since 1998; RFC2437) rather than the obsolescent PKCS 1.5 padding (1993; RFC2313). Switch decryptcore to attempt OAEP decryption first, and try PKCS 1.5 decryption on failure. This is intended only for transition convenience, and we should obsolete support for non-OAEP padding in a release or two. Reviewed by: markj MFC After: 2 weeks Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D24534
2020-04-23 17:56:48 +00:00
} else if (pubkeyfile != NULL) {
ERR_load_crypto_strings();
}
EKCD: Add Chacha20 encryption mode Add Chacha20 mode to Encrypted Kernel Crash Dumps. Chacha20 does not require messages to be multiples of block size, so it is valid to use the cipher on non-block-sized messages without the explicit padding AES-CBC would require. Therefore, allow use with simultaneous dump compression. (Continue to disallow use of AES-CBC EKCD with compression.) dumpon(8) gains a -C cipher flag to select between chacha and aes-cbc. It defaults to chacha if no -C option is provided. The man page documents this behavior. Relnotes: sure Sponsored by: Dell EMC Isilon
2019-05-23 20:12:24 +00:00
#else
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
if (pubkeyfile != NULL)
dumpon(8) - fix the WITHOUT_CRYPTO buildworld case. Its rare, but some of us do build this way. Sponsored by: Limelight Networks
2018-05-29 21:52:13 +00:00
errx(EX_UNAVAILABLE,"Unable to use the public key."
" Recompile dumpon with OpenSSL support.");
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
#endif
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
if (server != NULL && client != NULL) {
dev = _PATH_NETDUMP;
netdump = true;
} else if (server == NULL && client == NULL && argc > 0) {
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
if (strcmp(argv[0], "off") == 0) {
rflag = true;
dev = _PATH_DEVNULL;
} else
dev = argv[0];
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
netdump = false;
} else
usage();
Fix dumpon compatibility with dumpdev kenv The dumpdev kenv supports devices without the /dev/ prefix, fix dumpon to also support this which is required after r288153. MFC after: 1 week Sponsored by: Multiplay
2015-11-23 14:06:21 +00:00
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
fd = opendumpdev(dev, dumpdev);
dumpon: skip size check if using zstd As with gzip, let the dump device be smaller than physical memory when using zstd and full dumps. Also print the error message if the size check fails, even if -v is not specified. Failing silently is not friendly. Reviewed by: cem markj MFC after: 2 weeks Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D23923
2020-03-03 22:14:23 +00:00
if (!netdump && !gzip && !zstd && !rflag)
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
check_size(fd, dumpdev);
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
kdap = &ndconf;
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
bzero(kdap, sizeof(*kdap));
Add support for compressed kernel dumps. When using a kernel built with the GZIO config option, dumpon -z can be used to configure gzip compression using the in-kernel copy of zlib. This is useful on systems with large amounts of RAM, which require a correspondingly large dump device. Recovery of compressed dumps is also faster since fewer bytes need to be copied from the dump device. Because we have no way of knowing the final size of a compressed dump until it is written, the kernel will always attempt to dump when compression is configured, regardless of the dump device size. If the dump is aborted because we run out of space, an error is reported on the console. savecore(8) is modified to handle compressed dumps and save them to vmcore.<index>.gz, as it does when given the -z option. A new rc.conf variable, dumpon_flags, is added. Its value is added to the boot-time dumpon(8) invocation that occurs when a dump device is configured in rc.conf. Reviewed by: cem (earlier version) Discussed with: def, rgrimes Relnotes: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D11723
2017-10-25 00:51:00 +00:00
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
if (rflag)
kdap->kda_index = KDA_REMOVE;
else
kdap->kda_index = ins_idx;
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
kdap->kda_compression = KERNELDUMP_COMP_NONE;
if (zstd)
kdap->kda_compression = KERNELDUMP_COMP_ZSTD;
else if (gzip)
kdap->kda_compression = KERNELDUMP_COMP_GZIP;
if (netdump) {
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_INET;
hints.ai_protocol = IPPROTO_UDP;
res = NULL;
error = getaddrinfo(server, NULL, &hints, &res);
if (error != 0)
err(1, "%s", gai_strerror(error));
if (res == NULL)
errx(1, "failed to resolve '%s'", server);
server = inet_ntoa(
((struct sockaddr_in *)(void *)res->ai_addr)->sin_addr);
freeaddrinfo(res);
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
if (strlcpy(ndconf.kda_iface, argv[0],
sizeof(ndconf.kda_iface)) >= sizeof(ndconf.kda_iface))
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
errx(EX_USAGE, "invalid interface name '%s'", argv[0]);
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
if (inet_aton(server, &ndconf.kda_server.in4) == 0)
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
errx(EX_USAGE, "invalid server address '%s'", server);
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
if (inet_aton(client, &ndconf.kda_client.in4) == 0)
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
errx(EX_USAGE, "invalid client address '%s'", client);
Change dumpon(8)'s handling of -g. Rather than using a special value to denote "use the default router", treat the absence of the -g option to mean the same thing. The in-kernel netdump client will always attempt to reach the server directly before falling back to the configured gateway anyway. This change makes it cleaner to support a hostname value for -g. Reviewed by: cem MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D18025
2018-11-18 01:58:48 +00:00
if (gateway == NULL) {
Avoid clobbering a user-specified -g value after r340547. CID: 1396919 MFC with: r340547
2018-11-20 18:10:56 +00:00
gateway = find_gateway(argv[0]);
if (gateway == NULL) {
if (verbose)
printf(
"failed to look up gateway for %s\n",
server);
gateway = server;
}
Change dumpon(8)'s handling of -g. Rather than using a special value to denote "use the default router", treat the absence of the -g option to mean the same thing. The in-kernel netdump client will always attempt to reach the server directly before falling back to the configured gateway anyway. This change makes it cleaner to support a hostname value for -g. Reviewed by: cem MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D18025
2018-11-18 01:58:48 +00:00
}
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
if (inet_aton(gateway, &ndconf.kda_gateway.in4) == 0)
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
errx(EX_USAGE, "invalid gateway address '%s'", gateway);
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
ndconf.kda_af = AF_INET;
}
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
#ifdef HAVE_CRYPTO
EKCD: Add Chacha20 encryption mode Add Chacha20 mode to Encrypted Kernel Crash Dumps. Chacha20 does not require messages to be multiples of block size, so it is valid to use the cipher on non-block-sized messages without the explicit padding AES-CBC would require. Therefore, allow use with simultaneous dump compression. (Continue to disallow use of AES-CBC EKCD with compression.) dumpon(8) gains a -C cipher flag to select between chacha and aes-cbc. It defaults to chacha if no -C option is provided. The man page documents this behavior. Relnotes: sure Sponsored by: Dell EMC Isilon
2019-05-23 20:12:24 +00:00
if (pubkeyfile != NULL) {
kdap->kda_encryption = cipher;
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
genkey(pubkeyfile, kdap);
EKCD: Add Chacha20 encryption mode Add Chacha20 mode to Encrypted Kernel Crash Dumps. Chacha20 does not require messages to be multiples of block size, so it is valid to use the cipher on non-block-sized messages without the explicit padding AES-CBC would require. Therefore, allow use with simultaneous dump compression. (Continue to disallow use of AES-CBC EKCD with compression.) dumpon(8) gains a -C cipher flag to select between chacha and aes-cbc. It defaults to chacha if no -C option is provided. The man page documents this behavior. Relnotes: sure Sponsored by: Dell EMC Isilon
2019-05-23 20:12:24 +00:00
}
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
#endif
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
error = ioctl(fd, DIOCSKERNELDUMP, kdap);
if (error != 0)
error = errno;
explicit_bzero(kdap->kda_encryptedkey, kdap->kda_encryptedkeysize);
free(kdap->kda_encryptedkey);
explicit_bzero(kdap, sizeof(*kdap));
if (error != 0) {
if (netdump) {
/*
* Be slightly less user-hostile for some common
* errors, especially as users don't have any great
* discoverability into which NICs support netdump.
*/
if (error == ENXIO)
errx(EX_OSERR, "Unable to configure netdump "
"because the interface's link is down.");
else if (error == ENODEV)
errx(EX_OSERR, "Unable to configure netdump "
"because the interface driver does not yet "
"support netdump.");
}
errc(EX_OSERR, error, "ioctl(DIOCSKERNELDUMP)");
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
}
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
if (verbose)
List-ify kernel dump device configuration Allow users to specify multiple dump configurations in a prioritized list. This enables fallback to secondary device(s) if primary dump fails. E.g., one might configure a preference for netdump, but fallback to disk dump as a second choice if netdump is unavailable. This change does not list-ify netdump configuration, which is tracked separately from ordinary disk dumps internally; only one netdump configuration can be made at a time, for now. It also does not implement IPv6 netdump. savecore(8) is already capable of scanning and iterating multiple devices from /etc/fstab or passed on the command line. This change doesn't update the rc or loader variables 'dumpdev' in any way; it can still be set to configure a single dump device, and rc.d/savecore still uses it as a single device. Only dumpon(8) is updated to be able to configure the more complicated configurations for now. As part of revving the ABI, unify netdump and disk dump configuration ioctl / structure, and leave room for ipv6 netdump as a future possibility. Backwards-compatibility ioctls are added to smooth ABI transition, especially for developers who may not keep kernel and userspace perfectly synced. Reviewed by: markj, scottl (earlier version) Relnotes: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19996
2019-05-06 18:24:07 +00:00
listdumpdev();
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
exit(EX_OK);
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
}
Reference in New Issue Copy Permalink