4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright (c) 2011, 2020 by Delphix. All rights reserved.
25 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
26 * Copyright (c) 2012 Pawel Jakub Dawidek <pawel@dawidek.net>.
28 * Copyright (c) 2013 Steven Hartland. All rights reserved.
29 * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved.
30 * Copyright 2016 Igor Kozhukhov <ikozhukhov@gmail.com>
31 * Copyright (c) 2018, loli10K <ezomori.nozomu@gmail.com>. All rights reserved.
32 * Copyright (c) 2019 Datto Inc.
45 #include <sys/mount.h>
46 #include <sys/mntent.h>
47 #include <sys/mnttab.h>
49 #include <sys/debug.h>
56 #include <libzfs_core.h>
59 #include "zfs_namecheck.h"
61 #include "zfs_fletcher.h"
62 #include "libzfs_impl.h"
65 #include <sys/zio_checksum.h>
66 #include <sys/dsl_crypt.h>
68 #include <sys/socket.h>
71 static int zfs_receive_impl(libzfs_handle_t *, const char *, const char *,
72 recvflags_t *, int, const char *, nvlist_t *, avl_tree_t *, char **,
73 const char *, nvlist_t *);
74 static int guid_to_name_redact_snaps(libzfs_handle_t *hdl, const char *parent,
75 uint64_t guid, boolean_t bookmark_ok, uint64_t *redact_snap_guids,
76 uint64_t num_redact_snaps, char *name);
77 static int guid_to_name(libzfs_handle_t *, const char *,
78 uint64_t, boolean_t, char *);
80 typedef struct progress_arg {
83 boolean_t pa_parsable;
84 boolean_t pa_estimate;
89 dump_record(dmu_replay_record_t *drr, void *payload, size_t payload_len,
90 zio_cksum_t *zc, int outfd)
92 ASSERT3U(offsetof(dmu_replay_record_t, drr_u.drr_checksum.drr_checksum),
93 ==, sizeof (dmu_replay_record_t) - sizeof (zio_cksum_t));
94 fletcher_4_incremental_native(drr,
95 offsetof(dmu_replay_record_t, drr_u.drr_checksum.drr_checksum), zc);
96 if (drr->drr_type != DRR_BEGIN) {
97 ASSERT(ZIO_CHECKSUM_IS_ZERO(&drr->drr_u.
98 drr_checksum.drr_checksum));
99 drr->drr_u.drr_checksum.drr_checksum = *zc;
101 fletcher_4_incremental_native(&drr->drr_u.drr_checksum.drr_checksum,
102 sizeof (zio_cksum_t), zc);
103 if (write(outfd, drr, sizeof (*drr)) == -1)
105 if (payload_len != 0) {
106 fletcher_4_incremental_native(payload, payload_len, zc);
107 if (write(outfd, payload, payload_len) == -1)
114 * Routines for dealing with the AVL tree of fs-nvlists
116 typedef struct fsavl_node {
124 fsavl_compare(const void *arg1, const void *arg2)
126 const fsavl_node_t *fn1 = (const fsavl_node_t *)arg1;
127 const fsavl_node_t *fn2 = (const fsavl_node_t *)arg2;
129 return (TREE_CMP(fn1->fn_guid, fn2->fn_guid));
133 * Given the GUID of a snapshot, find its containing filesystem and
137 fsavl_find(avl_tree_t *avl, uint64_t snapguid, char **snapname)
139 fsavl_node_t fn_find;
142 fn_find.fn_guid = snapguid;
144 fn = avl_find(avl, &fn_find, NULL);
147 *snapname = fn->fn_snapname;
148 return (fn->fn_nvfs);
154 fsavl_destroy(avl_tree_t *avl)
163 while ((fn = avl_destroy_nodes(avl, &cookie)) != NULL)
170 * Given an nvlist, produce an avl tree of snapshots, ordered by guid
173 fsavl_create(nvlist_t *fss)
176 nvpair_t *fselem = NULL;
178 if ((fsavl = malloc(sizeof (avl_tree_t))) == NULL)
181 avl_create(fsavl, fsavl_compare, sizeof (fsavl_node_t),
182 offsetof(fsavl_node_t, fn_node));
184 while ((fselem = nvlist_next_nvpair(fss, fselem)) != NULL) {
185 nvlist_t *nvfs, *snaps;
186 nvpair_t *snapelem = NULL;
188 nvfs = fnvpair_value_nvlist(fselem);
189 snaps = fnvlist_lookup_nvlist(nvfs, "snaps");
192 nvlist_next_nvpair(snaps, snapelem)) != NULL) {
195 if ((fn = malloc(sizeof (fsavl_node_t))) == NULL) {
196 fsavl_destroy(fsavl);
200 fn->fn_snapname = nvpair_name(snapelem);
201 fn->fn_guid = fnvpair_value_uint64(snapelem);
204 * Note: if there are multiple snaps with the
205 * same GUID, we ignore all but one.
207 avl_index_t where = 0;
208 if (avl_find(fsavl, fn, &where) == NULL)
209 avl_insert(fsavl, fn, where);
219 * Routines for dealing with the giant nvlist of fs-nvlists, etc.
221 typedef struct send_data {
223 * assigned inside every recursive call,
224 * restored from *_save on return:
226 * guid of fromsnap snapshot in parent dataset
227 * txg of fromsnap snapshot in current dataset
228 * txg of tosnap snapshot in current dataset
231 uint64_t parent_fromsnap_guid;
232 uint64_t fromsnap_txg;
235 /* the nvlists get accumulated during depth-first traversal */
236 nvlist_t *parent_snaps;
239 nvlist_t *snapholds; /* user holds */
241 /* send-receive configuration, does not change during traversal */
243 const char *fromsnap;
249 boolean_t skipmissing;
254 boolean_t holds; /* were holds requested with send -h */
258 * The header nvlist is of the following format:
261 * "fromsnap" -> string (if incremental)
265 * "name" -> string (full name; for debugging)
266 * "parentfromsnap" -> number (guid of fromsnap in parent)
268 * "props" -> { name -> value (only if set here) }
269 * "snaps" -> { name (lastname) -> number (guid) }
270 * "snapprops" -> { name (lastname) -> { name -> value } }
271 * "snapholds" -> { name (lastname) -> { holdname -> crtime } }
273 * "origin" -> number (guid) (if clone)
274 * "is_encroot" -> boolean
275 * "sent" -> boolean (not on-disk)
284 send_iterate_prop(zfs_handle_t *zhp, boolean_t received_only, nvlist_t *nv);
287 * Collect guid, valid props, optionally holds, etc. of a snapshot.
288 * This interface is intended for use as a zfs_iter_snapshots_sorted visitor.
291 send_iterate_snap(zfs_handle_t *zhp, void *arg)
293 send_data_t *sd = arg;
294 uint64_t guid = zhp->zfs_dmustats.dds_guid;
295 uint64_t txg = zhp->zfs_dmustats.dds_creation_txg;
296 boolean_t isfromsnap, istosnap, istosnapwithnofrom;
298 const char *from = sd->fromsnap;
299 const char *to = sd->tosnap;
301 snapname = strrchr(zhp->zfs_name, '@');
302 assert(snapname != NULL);
305 isfromsnap = (from != NULL && strcmp(from, snapname) == 0);
306 istosnap = (to != NULL && strcmp(to, snapname) == 0);
307 istosnapwithnofrom = (istosnap && from == NULL);
309 if (sd->tosnap_txg != 0 && txg > sd->tosnap_txg) {
311 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
312 "skipping snapshot %s because it was created "
313 "after the destination snapshot (%s)\n"),
320 fnvlist_add_uint64(sd->parent_snaps, snapname, guid);
323 * NB: if there is no fromsnap here (it's a newly created fs in
324 * an incremental replication), we will substitute the tosnap.
326 if (isfromsnap || (sd->parent_fromsnap_guid == 0 && istosnap))
327 sd->parent_fromsnap_guid = guid;
329 if (!sd->recursive) {
331 * To allow a doall stream to work properly
332 * with a NULL fromsnap
334 if (sd->doall && from == NULL && !sd->seenfrom)
335 sd->seenfrom = B_TRUE;
337 if (!sd->seenfrom && isfromsnap) {
338 sd->seenfrom = B_TRUE;
343 if ((sd->seento || !sd->seenfrom) && !istosnapwithnofrom) {
352 nvlist_t *nv = fnvlist_alloc();
353 send_iterate_prop(zhp, sd->backup, nv);
354 fnvlist_add_nvlist(sd->snapprops, snapname, nv);
359 if (lzc_get_holds(zhp->zfs_name, &holds) == 0) {
360 fnvlist_add_nvlist(sd->snapholds, snapname, holds);
370 * Collect all valid props from the handle snap into an nvlist.
373 send_iterate_prop(zfs_handle_t *zhp, boolean_t received_only, nvlist_t *nv)
378 props = zfs_get_recvd_props(zhp);
380 props = zhp->zfs_props;
382 nvpair_t *elem = NULL;
383 while ((elem = nvlist_next_nvpair(props, elem)) != NULL) {
384 char *propname = nvpair_name(elem);
385 zfs_prop_t prop = zfs_name_to_prop(propname);
387 if (!zfs_prop_user(propname)) {
389 * Realistically, this should never happen. However,
390 * we want the ability to add DSL properties without
391 * needing to make incompatible version changes. We
392 * need to ignore unknown properties to allow older
393 * software to still send datasets containing these
394 * properties, with the unknown properties elided.
396 if (prop == ZPROP_INVAL)
399 if (zfs_prop_readonly(prop))
403 nvlist_t *propnv = fnvpair_value_nvlist(elem);
405 boolean_t isspacelimit = (prop == ZFS_PROP_QUOTA ||
406 prop == ZFS_PROP_RESERVATION ||
407 prop == ZFS_PROP_REFQUOTA ||
408 prop == ZFS_PROP_REFRESERVATION);
409 if (isspacelimit && zhp->zfs_type == ZFS_TYPE_SNAPSHOT)
413 if (nvlist_lookup_string(propnv, ZPROP_SOURCE, &source) == 0) {
414 if (strcmp(source, zhp->zfs_name) != 0 &&
415 strcmp(source, ZPROP_SOURCE_VAL_RECVD) != 0)
419 * May have no source before SPA_VERSION_RECVD_PROPS,
420 * but is still modifiable.
426 if (zfs_prop_user(propname) ||
427 zfs_prop_get_type(prop) == PROP_TYPE_STRING) {
429 value = fnvlist_lookup_string(propnv, ZPROP_VALUE);
430 fnvlist_add_string(nv, propname, value);
433 value = fnvlist_lookup_uint64(propnv, ZPROP_VALUE);
434 fnvlist_add_uint64(nv, propname, value);
440 * returns snapshot creation txg
441 * and returns 0 if the snapshot does not exist
444 get_snap_txg(libzfs_handle_t *hdl, const char *fs, const char *snap)
446 char name[ZFS_MAX_DATASET_NAME_LEN];
449 if (fs == NULL || fs[0] == '\0' || snap == NULL || snap[0] == '\0')
452 (void) snprintf(name, sizeof (name), "%s@%s", fs, snap);
453 if (zfs_dataset_exists(hdl, name, ZFS_TYPE_SNAPSHOT)) {
454 zfs_handle_t *zhp = zfs_open(hdl, name, ZFS_TYPE_SNAPSHOT);
456 txg = zfs_prop_get_int(zhp, ZFS_PROP_CREATETXG);
465 * Recursively generate nvlists describing datasets. See comment
466 * for the data structure send_data_t above for description of contents
470 send_iterate_fs(zfs_handle_t *zhp, void *arg)
472 send_data_t *sd = arg;
473 nvlist_t *nvfs = NULL, *nv = NULL;
475 uint64_t min_txg = 0, max_txg = 0;
476 uint64_t txg = zhp->zfs_dmustats.dds_creation_txg;
477 uint64_t guid = zhp->zfs_dmustats.dds_guid;
478 uint64_t fromsnap_txg, tosnap_txg;
481 /* These fields are restored on return from a recursive call. */
482 uint64_t parent_fromsnap_guid_save = sd->parent_fromsnap_guid;
483 uint64_t fromsnap_txg_save = sd->fromsnap_txg;
484 uint64_t tosnap_txg_save = sd->tosnap_txg;
486 fromsnap_txg = get_snap_txg(zhp->zfs_hdl, zhp->zfs_name, sd->fromsnap);
487 if (fromsnap_txg != 0)
488 sd->fromsnap_txg = fromsnap_txg;
490 tosnap_txg = get_snap_txg(zhp->zfs_hdl, zhp->zfs_name, sd->tosnap);
492 sd->tosnap_txg = tosnap_txg;
495 * On the send side, if the current dataset does not have tosnap,
496 * perform two additional checks:
498 * - Skip sending the current dataset if it was created later than
500 * - Return error if the current dataset was created earlier than
501 * the parent tosnap, unless --skip-missing specified. Then
502 * just print a warning.
504 if (sd->tosnap != NULL && tosnap_txg == 0) {
505 if (sd->tosnap_txg != 0 && txg > sd->tosnap_txg) {
507 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
508 "skipping dataset %s: snapshot %s does "
509 "not exist\n"), zhp->zfs_name, sd->tosnap);
511 } else if (sd->skipmissing) {
512 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
513 "WARNING: skipping dataset %s and its children:"
514 " snapshot %s does not exist\n"),
515 zhp->zfs_name, sd->tosnap);
517 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
518 "cannot send %s@%s%s: snapshot %s@%s does not "
519 "exist\n"), sd->fsname, sd->tosnap, sd->recursive ?
520 dgettext(TEXT_DOMAIN, " recursively") : "",
521 zhp->zfs_name, sd->tosnap);
527 nvfs = fnvlist_alloc();
528 fnvlist_add_string(nvfs, "name", zhp->zfs_name);
529 fnvlist_add_uint64(nvfs, "parentfromsnap", sd->parent_fromsnap_guid);
531 if (zhp->zfs_dmustats.dds_origin[0] != '\0') {
532 zfs_handle_t *origin = zfs_open(zhp->zfs_hdl,
533 zhp->zfs_dmustats.dds_origin, ZFS_TYPE_SNAPSHOT);
534 if (origin == NULL) {
538 fnvlist_add_uint64(nvfs, "origin",
539 origin->zfs_dmustats.dds_guid);
543 /* Iterate over props. */
544 if (sd->props || sd->backup || sd->recursive) {
545 nv = fnvlist_alloc();
546 send_iterate_prop(zhp, sd->backup, nv);
547 fnvlist_add_nvlist(nvfs, "props", nv);
549 if (zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) != ZIO_CRYPT_OFF) {
552 /* Determine if this dataset is an encryption root. */
553 if (zfs_crypto_get_encryption_root(zhp, &encroot, NULL) != 0) {
559 fnvlist_add_boolean(nvfs, "is_encroot");
562 * Encrypted datasets can only be sent with properties if
563 * the raw flag is specified because the receive side doesn't
564 * currently have a mechanism for recursively asking the user
565 * for new encryption parameters.
568 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
569 "cannot send %s@%s: encrypted dataset %s may not "
570 "be sent with properties without the raw flag\n"),
571 sd->fsname, sd->tosnap, zhp->zfs_name);
579 * Iterate over snaps, and set sd->parent_fromsnap_guid.
581 * If this is a "doall" send, a replicate send or we're just trying
582 * to gather a list of previous snapshots, iterate through all the
583 * snaps in the txg range. Otherwise just look at the one we're
586 sd->parent_fromsnap_guid = 0;
587 sd->parent_snaps = fnvlist_alloc();
588 sd->snapprops = fnvlist_alloc();
590 sd->snapholds = fnvlist_alloc();
591 if (sd->doall || sd->replicate || sd->tosnap == NULL) {
592 if (!sd->replicate && fromsnap_txg != 0)
593 min_txg = fromsnap_txg;
594 if (!sd->replicate && tosnap_txg != 0)
595 max_txg = tosnap_txg;
596 (void) zfs_iter_snapshots_sorted(zhp, send_iterate_snap, sd,
599 char snapname[MAXPATHLEN];
602 (void) snprintf(snapname, sizeof (snapname), "%s@%s",
603 zhp->zfs_name, sd->tosnap);
604 if (sd->fromsnap != NULL)
605 sd->seenfrom = B_TRUE;
606 snap = zfs_open(zhp->zfs_hdl, snapname, ZFS_TYPE_SNAPSHOT);
608 (void) send_iterate_snap(snap, sd);
611 fnvlist_add_nvlist(nvfs, "snaps", sd->parent_snaps);
612 fnvlist_free(sd->parent_snaps);
613 fnvlist_add_nvlist(nvfs, "snapprops", sd->snapprops);
614 fnvlist_free(sd->snapprops);
616 fnvlist_add_nvlist(nvfs, "snapholds", sd->snapholds);
617 fnvlist_free(sd->snapholds);
620 /* Do not allow the size of the properties list to exceed the limit */
621 if ((fnvlist_size(nvfs) + fnvlist_size(sd->fss)) >
622 zhp->zfs_hdl->libzfs_max_nvlist) {
623 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
624 "warning: cannot send %s@%s: the size of the list of "
625 "snapshots and properties is too large to be received "
627 "Select a smaller number of snapshots to send.\n"),
628 zhp->zfs_name, sd->tosnap);
632 /* Add this fs to nvlist. */
633 (void) snprintf(guidstring, sizeof (guidstring),
634 "0x%llx", (longlong_t)guid);
635 fnvlist_add_nvlist(sd->fss, guidstring, nvfs);
637 /* Iterate over children. */
639 rv = zfs_iter_filesystems(zhp, send_iterate_fs, sd);
642 /* Restore saved fields. */
643 sd->parent_fromsnap_guid = parent_fromsnap_guid_save;
644 sd->fromsnap_txg = fromsnap_txg_save;
645 sd->tosnap_txg = tosnap_txg_save;
655 gather_nvlist(libzfs_handle_t *hdl, const char *fsname, const char *fromsnap,
656 const char *tosnap, boolean_t recursive, boolean_t raw, boolean_t doall,
657 boolean_t replicate, boolean_t skipmissing, boolean_t verbose,
658 boolean_t backup, boolean_t holds, boolean_t props, nvlist_t **nvlp,
662 send_data_t sd = { 0 };
665 zhp = zfs_open(hdl, fsname, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
667 return (EZFS_BADTYPE);
669 sd.fss = fnvlist_alloc();
671 sd.fromsnap = fromsnap;
673 sd.recursive = recursive;
676 sd.replicate = replicate;
677 sd.skipmissing = skipmissing;
678 sd.verbose = verbose;
683 if ((error = send_iterate_fs(zhp, &sd)) != 0) {
684 fnvlist_free(sd.fss);
691 if (avlp != NULL && (*avlp = fsavl_create(sd.fss)) == NULL) {
692 fnvlist_free(sd.fss);
702 * Routines specific to "zfs send"
704 typedef struct send_dump_data {
705 /* these are all just the short snapname (the part after the @) */
706 const char *fromsnap;
708 char prevsnap[ZFS_MAX_DATASET_NAME_LEN];
709 uint64_t prevsnap_obj;
710 boolean_t seenfrom, seento, replicate, doall, fromorigin;
711 boolean_t dryrun, parsable, progress, embed_data, std_out;
712 boolean_t large_block, compress, raw, holds;
718 snapfilter_cb_t *filter_cb;
721 char holdtag[ZFS_MAX_DATASET_NAME_LEN];
728 zfs_send_space(zfs_handle_t *zhp, const char *snapname, const char *from,
729 enum lzc_send_flags flags, uint64_t *spacep)
731 assert(snapname != NULL);
733 int error = lzc_send_space(snapname, from, flags, spacep);
738 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
739 "warning: cannot estimate space for '%s'"), snapname);
741 libzfs_handle_t *hdl = zhp->zfs_hdl;
744 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
745 "not an earlier snapshot from the same fs"));
746 return (zfs_error(hdl, EZFS_CROSSTARGET, errbuf));
749 if (zfs_dataset_exists(hdl, snapname,
750 ZFS_TYPE_SNAPSHOT)) {
751 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
752 "incremental source (%s) does not exist"),
755 return (zfs_error(hdl, EZFS_NOENT, errbuf));
769 zfs_error_aux(hdl, "%s", strerror(error));
770 return (zfs_error(hdl, EZFS_BADBACKUP, errbuf));
773 return (zfs_standard_error(hdl, error, errbuf));
778 * Dumps a backup of the given snapshot (incremental from fromsnap if it's not
779 * NULL) to the file descriptor specified by outfd.
782 dump_ioctl(zfs_handle_t *zhp, const char *fromsnap, uint64_t fromsnap_obj,
783 boolean_t fromorigin, int outfd, enum lzc_send_flags flags,
786 zfs_cmd_t zc = {"\0"};
787 libzfs_handle_t *hdl = zhp->zfs_hdl;
790 assert(zhp->zfs_type == ZFS_TYPE_SNAPSHOT);
791 assert(fromsnap_obj == 0 || !fromorigin);
793 (void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
794 zc.zc_cookie = outfd;
795 zc.zc_obj = fromorigin;
796 zc.zc_sendobj = zfs_prop_get_int(zhp, ZFS_PROP_OBJSETID);
797 zc.zc_fromobj = fromsnap_obj;
800 if (debugnv != NULL) {
801 thisdbg = fnvlist_alloc();
802 if (fromsnap != NULL && fromsnap[0] != '\0')
803 fnvlist_add_string(thisdbg, "fromsnap", fromsnap);
806 if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_SEND, &zc) != 0) {
810 (void) snprintf(errbuf, sizeof (errbuf), "%s '%s'",
811 dgettext(TEXT_DOMAIN, "warning: cannot send"),
814 if (debugnv != NULL) {
815 fnvlist_add_uint64(thisdbg, "error", error);
816 fnvlist_add_nvlist(debugnv, zhp->zfs_name, thisdbg);
817 fnvlist_free(thisdbg);
822 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
823 "not an earlier snapshot from the same fs"));
824 return (zfs_error(hdl, EZFS_CROSSTARGET, errbuf));
827 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
828 "source key must be loaded"));
829 return (zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf));
832 if (zfs_dataset_exists(hdl, zc.zc_name,
833 ZFS_TYPE_SNAPSHOT)) {
834 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
835 "incremental source (@%s) does not exist"),
838 return (zfs_error(hdl, EZFS_NOENT, errbuf));
852 zfs_error_aux(hdl, "%s", strerror(errno));
853 return (zfs_error(hdl, EZFS_BADBACKUP, errbuf));
856 return (zfs_standard_error(hdl, errno, errbuf));
860 if (debugnv != NULL) {
861 fnvlist_add_nvlist(debugnv, zhp->zfs_name, thisdbg);
862 fnvlist_free(thisdbg);
869 gather_holds(zfs_handle_t *zhp, send_dump_data_t *sdd)
871 assert(zhp->zfs_type == ZFS_TYPE_SNAPSHOT);
874 * zfs_send() only sets snapholds for sends that need them,
875 * e.g. replication and doall.
877 if (sdd->snapholds == NULL)
880 fnvlist_add_string(sdd->snapholds, zhp->zfs_name, sdd->holdtag);
884 zfs_send_progress(zfs_handle_t *zhp, int fd, uint64_t *bytes_written,
885 uint64_t *blocks_visited)
887 zfs_cmd_t zc = {"\0"};
889 if (bytes_written != NULL)
891 if (blocks_visited != NULL)
893 (void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
895 if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_SEND_PROGRESS, &zc) != 0)
897 if (bytes_written != NULL)
898 *bytes_written = zc.zc_cookie;
899 if (blocks_visited != NULL)
900 *blocks_visited = zc.zc_objset_type;
905 send_progress_thread(void *arg)
907 progress_arg_t *pa = arg;
908 zfs_handle_t *zhp = pa->pa_zhp;
916 if (!pa->pa_parsable) {
917 (void) fprintf(stderr,
918 "TIME %s %sSNAPSHOT %s\n",
919 pa->pa_estimate ? "BYTES" : " SENT",
920 pa->pa_verbosity >= 2 ? " BLOCKS " : "",
925 * Print the progress from ZFS_IOC_SEND_PROGRESS every second.
929 if ((err = zfs_send_progress(zhp, pa->pa_fd, &bytes,
931 if (err == EINTR || err == ENOENT)
933 return ((void *)(uintptr_t)err);
937 localtime_r(&t, &tm);
939 if (pa->pa_verbosity >= 2 && pa->pa_parsable) {
940 (void) fprintf(stderr,
941 "%02d:%02d:%02d\t%llu\t%llu\t%s\n",
942 tm.tm_hour, tm.tm_min, tm.tm_sec,
943 (u_longlong_t)bytes, (u_longlong_t)blocks,
945 } else if (pa->pa_verbosity >= 2) {
946 zfs_nicenum(bytes, buf, sizeof (buf));
947 (void) fprintf(stderr,
948 "%02d:%02d:%02d %5s %8llu %s\n",
949 tm.tm_hour, tm.tm_min, tm.tm_sec,
950 buf, (u_longlong_t)blocks, zhp->zfs_name);
951 } else if (pa->pa_parsable) {
952 (void) fprintf(stderr, "%02d:%02d:%02d\t%llu\t%s\n",
953 tm.tm_hour, tm.tm_min, tm.tm_sec,
954 (u_longlong_t)bytes, zhp->zfs_name);
956 zfs_nicebytes(bytes, buf, sizeof (buf));
957 (void) fprintf(stderr, "%02d:%02d:%02d %5s %s\n",
958 tm.tm_hour, tm.tm_min, tm.tm_sec,
965 send_progress_thread_exit(libzfs_handle_t *hdl, pthread_t ptid)
968 (void) pthread_cancel(ptid);
969 (void) pthread_join(ptid, &status);
970 int error = (int)(uintptr_t)status;
971 if (error != 0 && status != PTHREAD_CANCELED)
972 return (zfs_standard_error(hdl, error,
973 dgettext(TEXT_DOMAIN, "progress thread exited nonzero")));
979 send_print_verbose(FILE *fout, const char *tosnap, const char *fromsnap,
980 uint64_t size, boolean_t parsable)
983 if (fromsnap != NULL) {
984 (void) fprintf(fout, dgettext(TEXT_DOMAIN,
985 "incremental\t%s\t%s"), fromsnap, tosnap);
987 (void) fprintf(fout, dgettext(TEXT_DOMAIN,
988 "full\t%s"), tosnap);
990 (void) fprintf(fout, "\t%llu", (longlong_t)size);
992 if (fromsnap != NULL) {
993 if (strchr(fromsnap, '@') == NULL &&
994 strchr(fromsnap, '#') == NULL) {
995 (void) fprintf(fout, dgettext(TEXT_DOMAIN,
996 "send from @%s to %s"), fromsnap, tosnap);
998 (void) fprintf(fout, dgettext(TEXT_DOMAIN,
999 "send from %s to %s"), fromsnap, tosnap);
1002 (void) fprintf(fout, dgettext(TEXT_DOMAIN,
1003 "full send of %s"), tosnap);
1007 zfs_nicebytes(size, buf, sizeof (buf));
1008 (void) fprintf(fout, dgettext(TEXT_DOMAIN,
1009 " estimated size is %s"), buf);
1012 (void) fprintf(fout, "\n");
1016 * Send a single filesystem snapshot, updating the send dump data.
1017 * This interface is intended for use as a zfs_iter_snapshots_sorted visitor.
1020 dump_snapshot(zfs_handle_t *zhp, void *arg)
1022 send_dump_data_t *sdd = arg;
1023 progress_arg_t pa = { 0 };
1026 enum lzc_send_flags flags = 0;
1028 boolean_t isfromsnap, istosnap, fromorigin;
1029 boolean_t exclude = B_FALSE;
1030 FILE *fout = sdd->std_out ? stdout : stderr;
1033 thissnap = strchr(zhp->zfs_name, '@') + 1;
1034 isfromsnap = (sdd->fromsnap != NULL &&
1035 strcmp(sdd->fromsnap, thissnap) == 0);
1037 if (!sdd->seenfrom && isfromsnap) {
1038 gather_holds(zhp, sdd);
1039 sdd->seenfrom = B_TRUE;
1040 (void) strlcpy(sdd->prevsnap, thissnap, sizeof (sdd->prevsnap));
1041 sdd->prevsnap_obj = zfs_prop_get_int(zhp, ZFS_PROP_OBJSETID);
1046 if (sdd->seento || !sdd->seenfrom) {
1051 istosnap = (strcmp(sdd->tosnap, thissnap) == 0);
1053 sdd->seento = B_TRUE;
1055 if (sdd->large_block)
1056 flags |= LZC_SEND_FLAG_LARGE_BLOCK;
1057 if (sdd->embed_data)
1058 flags |= LZC_SEND_FLAG_EMBED_DATA;
1060 flags |= LZC_SEND_FLAG_COMPRESS;
1062 flags |= LZC_SEND_FLAG_RAW;
1064 if (!sdd->doall && !isfromsnap && !istosnap) {
1065 if (sdd->replicate) {
1067 nvlist_t *snapprops;
1069 * Filter out all intermediate snapshots except origin
1070 * snapshots needed to replicate clones.
1072 nvlist_t *nvfs = fsavl_find(sdd->fsavl,
1073 zhp->zfs_dmustats.dds_guid, &snapname);
1076 snapprops = fnvlist_lookup_nvlist(nvfs,
1078 snapprops = fnvlist_lookup_nvlist(snapprops,
1080 exclude = !nvlist_exists(snapprops,
1089 * If a filter function exists, call it to determine whether
1090 * this snapshot will be sent.
1092 if (exclude || (sdd->filter_cb != NULL &&
1093 sdd->filter_cb(zhp, sdd->filter_cb_arg) == B_FALSE)) {
1095 * This snapshot is filtered out. Don't send it, and don't
1096 * set prevsnap_obj, so it will be as if this snapshot didn't
1097 * exist, and the next accepted snapshot will be sent as
1098 * an incremental from the last accepted one, or as the
1099 * first (and full) snapshot in the case of a replication,
1100 * non-incremental send.
1106 gather_holds(zhp, sdd);
1107 fromorigin = sdd->prevsnap[0] == '\0' &&
1108 (sdd->fromorigin || sdd->replicate);
1110 if (sdd->verbosity != 0) {
1112 char fromds[ZFS_MAX_DATASET_NAME_LEN];
1114 if (sdd->prevsnap[0] != '\0') {
1115 (void) strlcpy(fromds, zhp->zfs_name, sizeof (fromds));
1116 *(strchr(fromds, '@') + 1) = '\0';
1117 (void) strlcat(fromds, sdd->prevsnap, sizeof (fromds));
1119 if (zfs_send_space(zhp, zhp->zfs_name,
1120 sdd->prevsnap[0] ? fromds : NULL, flags, &size) == 0) {
1121 send_print_verbose(fout, zhp->zfs_name,
1122 sdd->prevsnap[0] ? sdd->prevsnap : NULL,
1123 size, sdd->parsable);
1130 * If progress reporting is requested, spawn a new thread to
1131 * poll ZFS_IOC_SEND_PROGRESS at a regular interval.
1133 if (sdd->progress) {
1135 pa.pa_fd = sdd->outfd;
1136 pa.pa_parsable = sdd->parsable;
1137 pa.pa_estimate = B_FALSE;
1138 pa.pa_verbosity = sdd->verbosity;
1140 if ((err = pthread_create(&tid, NULL,
1141 send_progress_thread, &pa)) != 0) {
1147 err = dump_ioctl(zhp, sdd->prevsnap, sdd->prevsnap_obj,
1148 fromorigin, sdd->outfd, flags, sdd->debugnv);
1150 if (sdd->progress &&
1151 send_progress_thread_exit(zhp->zfs_hdl, tid))
1155 (void) strcpy(sdd->prevsnap, thissnap);
1156 sdd->prevsnap_obj = zfs_prop_get_int(zhp, ZFS_PROP_OBJSETID);
1162 * Send all snapshots for a filesystem, updating the send dump data.
1165 dump_filesystem(zfs_handle_t *zhp, send_dump_data_t *sdd)
1168 boolean_t missingfrom = B_FALSE;
1169 zfs_cmd_t zc = {"\0"};
1170 uint64_t min_txg = 0, max_txg = 0;
1173 * Make sure the tosnap exists.
1175 (void) snprintf(zc.zc_name, sizeof (zc.zc_name), "%s@%s",
1176 zhp->zfs_name, sdd->tosnap);
1177 if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_OBJSET_STATS, &zc) != 0) {
1178 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
1179 "WARNING: could not send %s@%s: does not exist\n"),
1180 zhp->zfs_name, sdd->tosnap);
1186 * If this fs does not have fromsnap, and we're doing
1187 * recursive, we need to send a full stream from the
1188 * beginning (or an incremental from the origin if this
1189 * is a clone). If we're doing non-recursive, then let
1190 * them get the error.
1192 if (sdd->replicate && sdd->fromsnap) {
1194 * Make sure the fromsnap exists.
1196 (void) snprintf(zc.zc_name, sizeof (zc.zc_name), "%s@%s",
1197 zhp->zfs_name, sdd->fromsnap);
1198 if (zfs_ioctl(zhp->zfs_hdl, ZFS_IOC_OBJSET_STATS, &zc) != 0)
1199 missingfrom = B_TRUE;
1202 sdd->seenfrom = sdd->seento = B_FALSE;
1203 sdd->prevsnap[0] = '\0';
1204 sdd->prevsnap_obj = 0;
1205 if (sdd->fromsnap == NULL || missingfrom)
1206 sdd->seenfrom = B_TRUE;
1209 * Iterate through all snapshots and process the ones we will be
1210 * sending. If we only have a "from" and "to" snapshot to deal
1211 * with, we can avoid iterating through all the other snapshots.
1213 if (sdd->doall || sdd->replicate || sdd->tosnap == NULL) {
1214 if (!sdd->replicate) {
1215 if (sdd->fromsnap != NULL) {
1216 min_txg = get_snap_txg(zhp->zfs_hdl,
1217 zhp->zfs_name, sdd->fromsnap);
1219 if (sdd->tosnap != NULL) {
1220 max_txg = get_snap_txg(zhp->zfs_hdl,
1221 zhp->zfs_name, sdd->tosnap);
1224 rv = zfs_iter_snapshots_sorted(zhp, dump_snapshot, sdd,
1227 char snapname[MAXPATHLEN] = { 0 };
1230 /* Dump fromsnap. */
1231 if (!sdd->seenfrom) {
1232 (void) snprintf(snapname, sizeof (snapname),
1233 "%s@%s", zhp->zfs_name, sdd->fromsnap);
1234 snap = zfs_open(zhp->zfs_hdl, snapname,
1237 rv = dump_snapshot(snap, sdd);
1244 (void) snprintf(snapname, sizeof (snapname),
1245 "%s@%s", zhp->zfs_name, sdd->tosnap);
1246 snap = zfs_open(zhp->zfs_hdl, snapname,
1249 rv = dump_snapshot(snap, sdd);
1255 if (!sdd->seenfrom) {
1256 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
1257 "WARNING: could not send %s@%s:\n"
1258 "incremental source (%s@%s) does not exist\n"),
1259 zhp->zfs_name, sdd->tosnap,
1260 zhp->zfs_name, sdd->fromsnap);
1262 } else if (!sdd->seento) {
1263 if (sdd->fromsnap) {
1264 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
1265 "WARNING: could not send %s@%s:\n"
1266 "incremental source (%s@%s) "
1267 "is not earlier than it\n"),
1268 zhp->zfs_name, sdd->tosnap,
1269 zhp->zfs_name, sdd->fromsnap);
1271 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
1273 "could not send %s@%s: does not exist\n"),
1274 zhp->zfs_name, sdd->tosnap);
1283 * Send all snapshots for all filesystems in sdd.
1286 dump_filesystems(zfs_handle_t *rzhp, send_dump_data_t *sdd)
1289 boolean_t needagain, progress;
1291 if (!sdd->replicate)
1292 return (dump_filesystem(rzhp, sdd));
1294 /* Mark the clone origin snapshots. */
1295 for (fspair = nvlist_next_nvpair(sdd->fss, NULL); fspair;
1296 fspair = nvlist_next_nvpair(sdd->fss, fspair)) {
1298 uint64_t origin_guid = 0;
1300 nvfs = fnvpair_value_nvlist(fspair);
1301 (void) nvlist_lookup_uint64(nvfs, "origin", &origin_guid);
1302 if (origin_guid != 0) {
1304 nvlist_t *origin_nv = fsavl_find(sdd->fsavl,
1305 origin_guid, &snapname);
1306 if (origin_nv != NULL) {
1307 nvlist_t *snapprops;
1308 snapprops = fnvlist_lookup_nvlist(origin_nv,
1310 snapprops = fnvlist_lookup_nvlist(snapprops,
1312 fnvlist_add_boolean(snapprops,
1318 needagain = progress = B_FALSE;
1319 for (fspair = nvlist_next_nvpair(sdd->fss, NULL); fspair;
1320 fspair = nvlist_next_nvpair(sdd->fss, fspair)) {
1321 nvlist_t *fslist, *parent_nv;
1325 uint64_t origin_guid = 0;
1326 uint64_t parent_guid = 0;
1328 fslist = fnvpair_value_nvlist(fspair);
1329 if (nvlist_lookup_boolean(fslist, "sent") == 0)
1332 fsname = fnvlist_lookup_string(fslist, "name");
1333 (void) nvlist_lookup_uint64(fslist, "origin", &origin_guid);
1334 (void) nvlist_lookup_uint64(fslist, "parentfromsnap",
1337 if (parent_guid != 0) {
1338 parent_nv = fsavl_find(sdd->fsavl, parent_guid, NULL);
1339 if (!nvlist_exists(parent_nv, "sent")) {
1340 /* Parent has not been sent; skip this one. */
1346 if (origin_guid != 0) {
1347 nvlist_t *origin_nv = fsavl_find(sdd->fsavl,
1349 if (origin_nv != NULL &&
1350 !nvlist_exists(origin_nv, "sent")) {
1352 * Origin has not been sent yet;
1360 zhp = zfs_open(rzhp->zfs_hdl, fsname, ZFS_TYPE_DATASET);
1363 err = dump_filesystem(zhp, sdd);
1364 fnvlist_add_boolean(fslist, "sent");
1375 /* Clean out the sent flags in case we reuse this fss. */
1376 for (fspair = nvlist_next_nvpair(sdd->fss, NULL); fspair;
1377 fspair = nvlist_next_nvpair(sdd->fss, fspair)) {
1380 fslist = fnvpair_value_nvlist(fspair);
1381 (void) nvlist_remove_all(fslist, "sent");
1388 zfs_send_resume_token_to_nvlist(libzfs_handle_t *hdl, const char *token)
1390 unsigned int version;
1392 unsigned long long checksum, packed_len;
1395 * Decode token header, which is:
1396 * <token version>-<checksum of payload>-<uncompressed payload length>
1397 * Note that the only supported token version is 1.
1399 nread = sscanf(token, "%u-%llx-%llx-",
1400 &version, &checksum, &packed_len);
1402 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1403 "resume token is corrupt (invalid format)"));
1407 if (version != ZFS_SEND_RESUME_TOKEN_VERSION) {
1408 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1409 "resume token is corrupt (invalid version %u)"),
1414 /* Convert hexadecimal representation to binary. */
1415 token = strrchr(token, '-') + 1;
1416 int len = strlen(token) / 2;
1417 unsigned char *compressed = zfs_alloc(hdl, len);
1418 for (i = 0; i < len; i++) {
1419 nread = sscanf(token + i * 2, "%2hhx", compressed + i);
1422 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1423 "resume token is corrupt "
1424 "(payload is not hex-encoded)"));
1429 /* Verify checksum. */
1431 fletcher_4_native_varsize(compressed, len, &cksum);
1432 if (cksum.zc_word[0] != checksum) {
1434 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1435 "resume token is corrupt (incorrect checksum)"));
1440 void *packed = zfs_alloc(hdl, packed_len);
1441 uLongf packed_len_long = packed_len;
1442 if (uncompress(packed, &packed_len_long, compressed, len) != Z_OK ||
1443 packed_len_long != packed_len) {
1446 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1447 "resume token is corrupt (decompression failed)"));
1451 /* Unpack nvlist. */
1453 int error = nvlist_unpack(packed, packed_len, &nv, KM_SLEEP);
1457 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1458 "resume token is corrupt (nvlist_unpack failed)"));
1464 static enum lzc_send_flags
1465 lzc_flags_from_sendflags(const sendflags_t *flags)
1467 enum lzc_send_flags lzc_flags = 0;
1469 if (flags->largeblock)
1470 lzc_flags |= LZC_SEND_FLAG_LARGE_BLOCK;
1471 if (flags->embed_data)
1472 lzc_flags |= LZC_SEND_FLAG_EMBED_DATA;
1473 if (flags->compress)
1474 lzc_flags |= LZC_SEND_FLAG_COMPRESS;
1476 lzc_flags |= LZC_SEND_FLAG_RAW;
1478 lzc_flags |= LZC_SEND_FLAG_SAVED;
1484 estimate_size(zfs_handle_t *zhp, const char *from, int fd, sendflags_t *flags,
1485 uint64_t resumeobj, uint64_t resumeoff, uint64_t bytes,
1486 const char *redactbook, char *errbuf)
1489 FILE *fout = flags->dryrun ? stdout : stderr;
1490 progress_arg_t pa = { 0 };
1494 if (flags->progress) {
1497 pa.pa_parsable = flags->parsable;
1498 pa.pa_estimate = B_TRUE;
1499 pa.pa_verbosity = flags->verbosity;
1501 err = pthread_create(&ptid, NULL,
1502 send_progress_thread, &pa);
1504 zfs_error_aux(zhp->zfs_hdl, "%s", strerror(errno));
1505 return (zfs_error(zhp->zfs_hdl,
1506 EZFS_THREADCREATEFAILED, errbuf));
1510 err = lzc_send_space_resume_redacted(zhp->zfs_name, from,
1511 lzc_flags_from_sendflags(flags), resumeobj, resumeoff, bytes,
1512 redactbook, fd, &size);
1514 if (flags->progress && send_progress_thread_exit(zhp->zfs_hdl, ptid))
1518 zfs_error_aux(zhp->zfs_hdl, "%s", strerror(err));
1519 return (zfs_error(zhp->zfs_hdl, EZFS_BADBACKUP,
1522 send_print_verbose(fout, zhp->zfs_name, from, size,
1525 if (flags->parsable) {
1526 (void) fprintf(fout, "size\t%llu\n", (longlong_t)size);
1529 zfs_nicenum(size, buf, sizeof (buf));
1530 (void) fprintf(fout, dgettext(TEXT_DOMAIN,
1531 "total estimated size is %s\n"), buf);
1537 redact_snaps_contains(const uint64_t *snaps, uint64_t num_snaps, uint64_t guid)
1539 for (int i = 0; i < num_snaps; i++) {
1540 if (snaps[i] == guid)
1547 redact_snaps_equal(const uint64_t *snaps1, uint64_t num_snaps1,
1548 const uint64_t *snaps2, uint64_t num_snaps2)
1550 if (num_snaps1 != num_snaps2)
1552 for (int i = 0; i < num_snaps1; i++) {
1553 if (!redact_snaps_contains(snaps2, num_snaps2, snaps1[i]))
1560 get_bookmarks(const char *path, nvlist_t **bmarksp)
1562 nvlist_t *props = fnvlist_alloc();
1565 fnvlist_add_boolean(props, "redact_complete");
1566 fnvlist_add_boolean(props, zfs_prop_to_name(ZFS_PROP_REDACT_SNAPS));
1567 error = lzc_get_bookmarks(path, props, bmarksp);
1568 fnvlist_free(props);
1573 find_redact_pair(nvlist_t *bmarks, const uint64_t *redact_snap_guids,
1574 int num_redact_snaps)
1578 for (pair = nvlist_next_nvpair(bmarks, NULL); pair;
1579 pair = nvlist_next_nvpair(bmarks, pair)) {
1581 nvlist_t *bmark = fnvpair_value_nvlist(pair);
1582 nvlist_t *vallist = fnvlist_lookup_nvlist(bmark,
1583 zfs_prop_to_name(ZFS_PROP_REDACT_SNAPS));
1585 uint64_t *bmarksnaps = fnvlist_lookup_uint64_array(vallist,
1587 if (redact_snaps_equal(redact_snap_guids,
1588 num_redact_snaps, bmarksnaps, len)) {
1596 get_redact_complete(nvpair_t *pair)
1598 nvlist_t *bmark = fnvpair_value_nvlist(pair);
1599 nvlist_t *vallist = fnvlist_lookup_nvlist(bmark, "redact_complete");
1600 boolean_t complete = fnvlist_lookup_boolean_value(vallist,
1607 * Check that the list of redaction snapshots in the bookmark matches the send
1608 * we're resuming, and return whether or not it's complete.
1610 * Note that the caller needs to free the contents of *bookname with free() if
1611 * this function returns successfully.
1614 find_redact_book(libzfs_handle_t *hdl, const char *path,
1615 const uint64_t *redact_snap_guids, int num_redact_snaps,
1621 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
1622 "cannot resume send"));
1624 int error = get_bookmarks(path, &bmarks);
1626 if (error == ESRCH) {
1627 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1628 "nonexistent redaction bookmark provided"));
1629 } else if (error == ENOENT) {
1630 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1631 "dataset to be sent no longer exists"));
1633 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1634 "unknown error: %s"), strerror(error));
1636 return (zfs_error(hdl, EZFS_BADPROP, errbuf));
1638 nvpair_t *pair = find_redact_pair(bmarks, redact_snap_guids,
1641 fnvlist_free(bmarks);
1642 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1643 "no appropriate redaction bookmark exists"));
1644 return (zfs_error(hdl, EZFS_BADPROP, errbuf));
1646 boolean_t complete = get_redact_complete(pair);
1648 fnvlist_free(bmarks);
1649 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1650 "incomplete redaction bookmark provided"));
1651 return (zfs_error(hdl, EZFS_BADPROP, errbuf));
1653 *bookname = strndup(nvpair_name(pair), ZFS_MAX_DATASET_NAME_LEN);
1654 ASSERT3P(*bookname, !=, NULL);
1655 fnvlist_free(bmarks);
1659 static enum lzc_send_flags
1660 lzc_flags_from_resume_nvl(nvlist_t *resume_nvl)
1662 enum lzc_send_flags lzc_flags = 0;
1664 if (nvlist_exists(resume_nvl, "largeblockok"))
1665 lzc_flags |= LZC_SEND_FLAG_LARGE_BLOCK;
1666 if (nvlist_exists(resume_nvl, "embedok"))
1667 lzc_flags |= LZC_SEND_FLAG_EMBED_DATA;
1668 if (nvlist_exists(resume_nvl, "compressok"))
1669 lzc_flags |= LZC_SEND_FLAG_COMPRESS;
1670 if (nvlist_exists(resume_nvl, "rawok"))
1671 lzc_flags |= LZC_SEND_FLAG_RAW;
1672 if (nvlist_exists(resume_nvl, "savedok"))
1673 lzc_flags |= LZC_SEND_FLAG_SAVED;
1679 zfs_send_resume_impl_cb_impl(libzfs_handle_t *hdl, sendflags_t *flags,
1680 int outfd, nvlist_t *resume_nvl)
1684 char *fromname = NULL;
1685 uint64_t resumeobj, resumeoff, toguid, fromguid, bytes;
1688 char name[ZFS_MAX_DATASET_NAME_LEN];
1689 FILE *fout = (flags->verbosity > 0 && flags->dryrun) ? stdout : stderr;
1690 uint64_t *redact_snap_guids = NULL;
1691 int num_redact_snaps = 0;
1692 char *redact_book = NULL;
1694 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
1695 "cannot resume send"));
1697 if (flags->verbosity != 0) {
1698 (void) fprintf(fout, dgettext(TEXT_DOMAIN,
1699 "resume token contents:\n"));
1700 nvlist_print(fout, resume_nvl);
1703 if (nvlist_lookup_string(resume_nvl, "toname", &toname) != 0 ||
1704 nvlist_lookup_uint64(resume_nvl, "object", &resumeobj) != 0 ||
1705 nvlist_lookup_uint64(resume_nvl, "offset", &resumeoff) != 0 ||
1706 nvlist_lookup_uint64(resume_nvl, "bytes", &bytes) != 0 ||
1707 nvlist_lookup_uint64(resume_nvl, "toguid", &toguid) != 0) {
1708 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1709 "resume token is corrupt"));
1710 return (zfs_error(hdl, EZFS_FAULT, errbuf));
1713 (void) nvlist_lookup_uint64(resume_nvl, "fromguid", &fromguid);
1716 (void) strcpy(name, toname);
1718 error = guid_to_name(hdl, toname, toguid, B_FALSE, name);
1720 if (zfs_dataset_exists(hdl, toname, ZFS_TYPE_DATASET)) {
1721 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1722 "'%s' is no longer the same snapshot "
1723 "used in the initial send"), toname);
1725 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1726 "'%s' used in the initial send no "
1727 "longer exists"), toname);
1729 return (zfs_error(hdl, EZFS_BADPATH, errbuf));
1733 zhp = zfs_open(hdl, name, ZFS_TYPE_DATASET);
1735 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1736 "unable to access '%s'"), name);
1737 return (zfs_error(hdl, EZFS_BADPATH, errbuf));
1740 if (nvlist_lookup_uint64_array(resume_nvl, "book_redact_snaps",
1741 &redact_snap_guids, (uint_t *)&num_redact_snaps) != 0) {
1742 num_redact_snaps = -1;
1745 if (fromguid != 0) {
1746 if (guid_to_name_redact_snaps(hdl, toname, fromguid, B_TRUE,
1747 redact_snap_guids, num_redact_snaps, name) != 0) {
1748 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1749 "incremental source %#llx no longer exists"),
1750 (longlong_t)fromguid);
1751 return (zfs_error(hdl, EZFS_BADPATH, errbuf));
1756 redact_snap_guids = NULL;
1758 if (nvlist_lookup_uint64_array(resume_nvl,
1759 zfs_prop_to_name(ZFS_PROP_REDACT_SNAPS), &redact_snap_guids,
1760 (uint_t *)&num_redact_snaps) == 0) {
1761 char path[ZFS_MAX_DATASET_NAME_LEN];
1763 (void) strlcpy(path, toname, sizeof (path));
1764 char *at = strchr(path, '@');
1765 ASSERT3P(at, !=, NULL);
1769 if ((error = find_redact_book(hdl, path, redact_snap_guids,
1770 num_redact_snaps, &redact_book)) != 0) {
1775 enum lzc_send_flags lzc_flags = lzc_flags_from_sendflags(flags) |
1776 lzc_flags_from_resume_nvl(resume_nvl);
1778 if (flags->verbosity != 0) {
1780 * Some of these may have come from the resume token, set them
1781 * here for size estimate purposes.
1783 sendflags_t tmpflags = *flags;
1784 if (lzc_flags & LZC_SEND_FLAG_LARGE_BLOCK)
1785 tmpflags.largeblock = B_TRUE;
1786 if (lzc_flags & LZC_SEND_FLAG_COMPRESS)
1787 tmpflags.compress = B_TRUE;
1788 if (lzc_flags & LZC_SEND_FLAG_EMBED_DATA)
1789 tmpflags.embed_data = B_TRUE;
1790 if (lzc_flags & LZC_SEND_FLAG_RAW)
1791 tmpflags.raw = B_TRUE;
1792 if (lzc_flags & LZC_SEND_FLAG_SAVED)
1793 tmpflags.saved = B_TRUE;
1794 error = estimate_size(zhp, fromname, outfd, &tmpflags,
1795 resumeobj, resumeoff, bytes, redact_book, errbuf);
1798 if (!flags->dryrun) {
1799 progress_arg_t pa = { 0 };
1802 * If progress reporting is requested, spawn a new thread to
1803 * poll ZFS_IOC_SEND_PROGRESS at a regular interval.
1805 if (flags->progress) {
1808 pa.pa_parsable = flags->parsable;
1809 pa.pa_estimate = B_FALSE;
1810 pa.pa_verbosity = flags->verbosity;
1812 error = pthread_create(&tid, NULL,
1813 send_progress_thread, &pa);
1815 if (redact_book != NULL)
1822 error = lzc_send_resume_redacted(zhp->zfs_name, fromname, outfd,
1823 lzc_flags, resumeobj, resumeoff, redact_book);
1824 if (redact_book != NULL)
1827 if (flags->progress && send_progress_thread_exit(hdl, tid))
1831 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
1832 "warning: cannot send '%s'"), zhp->zfs_name);
1840 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1841 "source key must be loaded"));
1842 return (zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf));
1844 if (lzc_exists(zhp->zfs_name)) {
1845 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1846 "incremental source could not be found"));
1848 return (zfs_error(hdl, EZFS_NOENT, errbuf));
1863 zfs_error_aux(hdl, "%s", strerror(errno));
1864 return (zfs_error(hdl, EZFS_BADBACKUP, errbuf));
1867 return (zfs_standard_error(hdl, errno, errbuf));
1870 if (redact_book != NULL)
1879 struct zfs_send_resume_impl {
1880 libzfs_handle_t *hdl;
1882 nvlist_t *resume_nvl;
1886 zfs_send_resume_impl_cb(int outfd, void *arg)
1888 struct zfs_send_resume_impl *zsri = arg;
1889 return (zfs_send_resume_impl_cb_impl(zsri->hdl, zsri->flags, outfd,
1894 zfs_send_resume_impl(libzfs_handle_t *hdl, sendflags_t *flags, int outfd,
1895 nvlist_t *resume_nvl)
1897 struct zfs_send_resume_impl zsri = {
1900 .resume_nvl = resume_nvl,
1902 return (lzc_send_wrapper(zfs_send_resume_impl_cb, outfd, &zsri));
1906 zfs_send_resume(libzfs_handle_t *hdl, sendflags_t *flags, int outfd,
1907 const char *resume_token)
1911 nvlist_t *resume_nvl;
1913 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
1914 "cannot resume send"));
1916 resume_nvl = zfs_send_resume_token_to_nvlist(hdl, resume_token);
1917 if (resume_nvl == NULL) {
1919 * zfs_error_aux has already been set by
1920 * zfs_send_resume_token_to_nvlist()
1922 return (zfs_error(hdl, EZFS_FAULT, errbuf));
1925 ret = zfs_send_resume_impl(hdl, flags, outfd, resume_nvl);
1926 fnvlist_free(resume_nvl);
1932 zfs_send_saved(zfs_handle_t *zhp, sendflags_t *flags, int outfd,
1933 const char *resume_token)
1936 libzfs_handle_t *hdl = zhp->zfs_hdl;
1937 nvlist_t *saved_nvl = NULL, *resume_nvl = NULL;
1938 uint64_t saved_guid = 0, resume_guid = 0;
1939 uint64_t obj = 0, off = 0, bytes = 0;
1940 char token_buf[ZFS_MAXPROPLEN];
1943 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
1944 "saved send failed"));
1946 ret = zfs_prop_get(zhp, ZFS_PROP_RECEIVE_RESUME_TOKEN,
1947 token_buf, sizeof (token_buf), NULL, NULL, 0, B_TRUE);
1951 saved_nvl = zfs_send_resume_token_to_nvlist(hdl, token_buf);
1952 if (saved_nvl == NULL) {
1954 * zfs_error_aux has already been set by
1955 * zfs_send_resume_token_to_nvlist()
1957 ret = zfs_error(hdl, EZFS_FAULT, errbuf);
1962 * If a resume token is provided we use the object and offset
1963 * from that instead of the default, which starts from the
1966 if (resume_token != NULL) {
1967 resume_nvl = zfs_send_resume_token_to_nvlist(hdl,
1969 if (resume_nvl == NULL) {
1970 ret = zfs_error(hdl, EZFS_FAULT, errbuf);
1974 if (nvlist_lookup_uint64(resume_nvl, "object", &obj) != 0 ||
1975 nvlist_lookup_uint64(resume_nvl, "offset", &off) != 0 ||
1976 nvlist_lookup_uint64(resume_nvl, "bytes", &bytes) != 0 ||
1977 nvlist_lookup_uint64(resume_nvl, "toguid",
1978 &resume_guid) != 0) {
1979 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1980 "provided resume token is corrupt"));
1981 ret = zfs_error(hdl, EZFS_FAULT, errbuf);
1985 if (nvlist_lookup_uint64(saved_nvl, "toguid",
1987 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1988 "dataset's resume token is corrupt"));
1989 ret = zfs_error(hdl, EZFS_FAULT, errbuf);
1993 if (resume_guid != saved_guid) {
1994 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1995 "provided resume token does not match dataset"));
1996 ret = zfs_error(hdl, EZFS_BADBACKUP, errbuf);
2001 (void) nvlist_remove_all(saved_nvl, "object");
2002 fnvlist_add_uint64(saved_nvl, "object", obj);
2004 (void) nvlist_remove_all(saved_nvl, "offset");
2005 fnvlist_add_uint64(saved_nvl, "offset", off);
2007 (void) nvlist_remove_all(saved_nvl, "bytes");
2008 fnvlist_add_uint64(saved_nvl, "bytes", bytes);
2010 (void) nvlist_remove_all(saved_nvl, "toname");
2011 fnvlist_add_string(saved_nvl, "toname", zhp->zfs_name);
2013 ret = zfs_send_resume_impl(hdl, flags, outfd, saved_nvl);
2016 fnvlist_free(saved_nvl);
2017 fnvlist_free(resume_nvl);
2022 * This function informs the target system that the recursive send is complete.
2023 * The record is also expected in the case of a send -p.
2026 send_conclusion_record(int fd, zio_cksum_t *zc)
2028 dmu_replay_record_t drr = { 0 };
2029 drr.drr_type = DRR_END;
2031 drr.drr_u.drr_end.drr_checksum = *zc;
2032 if (write(fd, &drr, sizeof (drr)) == -1) {
2039 * This function is responsible for sending the records that contain the
2040 * necessary information for the target system's libzfs to be able to set the
2041 * properties of the filesystem being received, or to be able to prepare for
2042 * a recursive receive.
2044 * The "zhp" argument is the handle of the snapshot we are sending
2045 * (the "tosnap"). The "from" argument is the short snapshot name (the part
2046 * after the @) of the incremental source.
2049 send_prelim_records(zfs_handle_t *zhp, const char *from, int fd,
2050 boolean_t gather_props, boolean_t recursive, boolean_t verbose,
2051 boolean_t dryrun, boolean_t raw, boolean_t replicate, boolean_t skipmissing,
2052 boolean_t backup, boolean_t holds, boolean_t props, boolean_t doall,
2053 nvlist_t **fssp, avl_tree_t **fsavlp)
2056 char *packbuf = NULL;
2058 zio_cksum_t zc = { {0} };
2059 int featureflags = 0;
2060 /* name of filesystem/volume that contains snapshot we are sending */
2061 char tofs[ZFS_MAX_DATASET_NAME_LEN];
2062 /* short name of snap we are sending */
2066 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
2067 "warning: cannot send '%s'"), zhp->zfs_name);
2068 if (zhp->zfs_type == ZFS_TYPE_FILESYSTEM && zfs_prop_get_int(zhp,
2069 ZFS_PROP_VERSION) >= ZPL_VERSION_SA) {
2070 featureflags |= DMU_BACKUP_FEATURE_SA_SPILL;
2074 featureflags |= DMU_BACKUP_FEATURE_HOLDS;
2076 (void) strlcpy(tofs, zhp->zfs_name, ZFS_MAX_DATASET_NAME_LEN);
2077 char *at = strchr(tofs, '@');
2084 nvlist_t *hdrnv = fnvlist_alloc();
2085 nvlist_t *fss = NULL;
2088 fnvlist_add_string(hdrnv, "fromsnap", from);
2089 fnvlist_add_string(hdrnv, "tosnap", tosnap);
2091 fnvlist_add_boolean(hdrnv, "not_recursive");
2094 fnvlist_add_boolean(hdrnv, "raw");
2097 if ((err = gather_nvlist(zhp->zfs_hdl, tofs,
2098 from, tosnap, recursive, raw, doall, replicate, skipmissing,
2099 verbose, backup, holds, props, &fss, fsavlp)) != 0) {
2100 return (zfs_error(zhp->zfs_hdl, EZFS_BADBACKUP,
2104 * Do not allow the size of the properties list to exceed
2107 if ((fnvlist_size(fss) + fnvlist_size(hdrnv)) >
2108 zhp->zfs_hdl->libzfs_max_nvlist) {
2109 (void) snprintf(errbuf, sizeof (errbuf),
2110 dgettext(TEXT_DOMAIN, "warning: cannot send '%s': "
2111 "the size of the list of snapshots and properties "
2112 "is too large to be received successfully.\n"
2113 "Select a smaller number of snapshots to send.\n"),
2115 return (zfs_error(zhp->zfs_hdl, EZFS_NOSPC,
2118 fnvlist_add_nvlist(hdrnv, "fss", fss);
2119 VERIFY0(nvlist_pack(hdrnv, &packbuf, &buflen, NV_ENCODE_XDR,
2126 fnvlist_free(hdrnv);
2130 dmu_replay_record_t drr = { 0 };
2131 /* write first begin record */
2132 drr.drr_type = DRR_BEGIN;
2133 drr.drr_u.drr_begin.drr_magic = DMU_BACKUP_MAGIC;
2134 DMU_SET_STREAM_HDRTYPE(drr.drr_u.drr_begin.
2135 drr_versioninfo, DMU_COMPOUNDSTREAM);
2136 DMU_SET_FEATUREFLAGS(drr.drr_u.drr_begin.
2137 drr_versioninfo, featureflags);
2138 if (snprintf(drr.drr_u.drr_begin.drr_toname,
2139 sizeof (drr.drr_u.drr_begin.drr_toname), "%s@%s", tofs,
2140 tosnap) >= sizeof (drr.drr_u.drr_begin.drr_toname)) {
2141 return (zfs_error(zhp->zfs_hdl, EZFS_BADBACKUP,
2144 drr.drr_payloadlen = buflen;
2146 err = dump_record(&drr, packbuf, buflen, &zc, fd);
2149 zfs_error_aux(zhp->zfs_hdl, "%s", strerror(err));
2150 return (zfs_error(zhp->zfs_hdl, EZFS_BADBACKUP,
2153 err = send_conclusion_record(fd, &zc);
2155 zfs_error_aux(zhp->zfs_hdl, "%s", strerror(err));
2156 return (zfs_error(zhp->zfs_hdl, EZFS_BADBACKUP,
2164 * Generate a send stream. The "zhp" argument is the filesystem/volume
2165 * that contains the snapshot to send. The "fromsnap" argument is the
2166 * short name (the part after the '@') of the snapshot that is the
2167 * incremental source to send from (if non-NULL). The "tosnap" argument
2168 * is the short name of the snapshot to send.
2170 * The content of the send stream is the snapshot identified by
2171 * 'tosnap'. Incremental streams are requested in two ways:
2172 * - from the snapshot identified by "fromsnap" (if non-null) or
2173 * - from the origin of the dataset identified by zhp, which must
2174 * be a clone. In this case, "fromsnap" is null and "fromorigin"
2177 * The send stream is recursive (i.e. dumps a hierarchy of snapshots) and
2178 * uses a special header (with a hdrtype field of DMU_COMPOUNDSTREAM)
2179 * if "replicate" is set. If "doall" is set, dump all the intermediate
2180 * snapshots. The DMU_COMPOUNDSTREAM header is used in the "doall"
2181 * case too. If "props" is set, send properties.
2183 * Pre-wrapped (cf. lzc_send_wrapper()).
2186 zfs_send_cb_impl(zfs_handle_t *zhp, const char *fromsnap, const char *tosnap,
2187 sendflags_t *flags, int outfd, snapfilter_cb_t filter_func,
2188 void *cb_arg, nvlist_t **debugnvp)
2191 send_dump_data_t sdd = { 0 };
2193 nvlist_t *fss = NULL;
2194 avl_tree_t *fsavl = NULL;
2195 static uint64_t holdseq;
2199 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
2200 "cannot send '%s'"), zhp->zfs_name);
2202 if (fromsnap && fromsnap[0] == '\0') {
2203 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
2204 "zero-length incremental source"));
2205 return (zfs_error(zhp->zfs_hdl, EZFS_NOENT, errbuf));
2209 char full_fromsnap_name[ZFS_MAX_DATASET_NAME_LEN];
2210 if (snprintf(full_fromsnap_name, sizeof (full_fromsnap_name),
2211 "%s@%s", zhp->zfs_name, fromsnap) >=
2212 sizeof (full_fromsnap_name)) {
2216 zfs_handle_t *fromsnapn = zfs_open(zhp->zfs_hdl,
2217 full_fromsnap_name, ZFS_TYPE_SNAPSHOT);
2218 if (fromsnapn == NULL) {
2222 zfs_close(fromsnapn);
2225 if (flags->replicate || flags->doall || flags->props ||
2226 flags->holds || flags->backup) {
2227 char full_tosnap_name[ZFS_MAX_DATASET_NAME_LEN];
2228 if (snprintf(full_tosnap_name, sizeof (full_tosnap_name),
2229 "%s@%s", zhp->zfs_name, tosnap) >=
2230 sizeof (full_tosnap_name)) {
2234 zfs_handle_t *tosnap = zfs_open(zhp->zfs_hdl,
2235 full_tosnap_name, ZFS_TYPE_SNAPSHOT);
2236 if (tosnap == NULL) {
2240 err = send_prelim_records(tosnap, fromsnap, outfd,
2241 flags->replicate || flags->props || flags->holds,
2242 flags->replicate, flags->verbosity > 0, flags->dryrun,
2243 flags->raw, flags->replicate, flags->skipmissing,
2244 flags->backup, flags->holds, flags->props, flags->doall,
2251 /* dump each stream */
2252 sdd.fromsnap = fromsnap;
2253 sdd.tosnap = tosnap;
2255 sdd.replicate = flags->replicate;
2256 sdd.doall = flags->doall;
2257 sdd.fromorigin = flags->fromorigin;
2260 sdd.verbosity = flags->verbosity;
2261 sdd.parsable = flags->parsable;
2262 sdd.progress = flags->progress;
2263 sdd.dryrun = flags->dryrun;
2264 sdd.large_block = flags->largeblock;
2265 sdd.embed_data = flags->embed_data;
2266 sdd.compress = flags->compress;
2267 sdd.raw = flags->raw;
2268 sdd.holds = flags->holds;
2269 sdd.filter_cb = filter_func;
2270 sdd.filter_cb_arg = cb_arg;
2272 sdd.debugnv = *debugnvp;
2273 if (sdd.verbosity != 0 && sdd.dryrun)
2274 sdd.std_out = B_TRUE;
2275 fout = sdd.std_out ? stdout : stderr;
2278 * Some flags require that we place user holds on the datasets that are
2279 * being sent so they don't get destroyed during the send. We can skip
2280 * this step if the pool is imported read-only since the datasets cannot
2283 if (!flags->dryrun && !zpool_get_prop_int(zfs_get_pool_handle(zhp),
2284 ZPOOL_PROP_READONLY, NULL) &&
2285 zfs_spa_version(zhp, &spa_version) == 0 &&
2286 spa_version >= SPA_VERSION_USERREFS &&
2287 (flags->doall || flags->replicate)) {
2289 (void) snprintf(sdd.holdtag, sizeof (sdd.holdtag),
2290 ".send-%d-%llu", getpid(), (u_longlong_t)holdseq);
2291 sdd.cleanup_fd = open(ZFS_DEV, O_RDWR | O_CLOEXEC);
2292 if (sdd.cleanup_fd < 0) {
2296 sdd.snapholds = fnvlist_alloc();
2298 sdd.cleanup_fd = -1;
2299 sdd.snapholds = NULL;
2302 if (flags->verbosity != 0 || sdd.snapholds != NULL) {
2304 * Do a verbose no-op dry run to get all the verbose output
2305 * or to gather snapshot hold's before generating any data,
2306 * then do a non-verbose real run to generate the streams.
2308 sdd.dryrun = B_TRUE;
2309 err = dump_filesystems(zhp, &sdd);
2314 if (flags->verbosity != 0) {
2315 if (flags->parsable) {
2316 (void) fprintf(fout, "size\t%llu\n",
2317 (longlong_t)sdd.size);
2320 zfs_nicebytes(sdd.size, buf, sizeof (buf));
2321 (void) fprintf(fout, dgettext(TEXT_DOMAIN,
2322 "total estimated size is %s\n"), buf);
2326 /* Ensure no snaps found is treated as an error. */
2332 /* Skip the second run if dryrun was requested. */
2336 if (sdd.snapholds != NULL) {
2337 err = zfs_hold_nvl(zhp, sdd.cleanup_fd, sdd.snapholds);
2341 fnvlist_free(sdd.snapholds);
2342 sdd.snapholds = NULL;
2345 sdd.dryrun = B_FALSE;
2349 err = dump_filesystems(zhp, &sdd);
2350 fsavl_destroy(fsavl);
2353 /* Ensure no snaps found is treated as an error. */
2354 if (err == 0 && !sdd.seento)
2357 if (sdd.cleanup_fd != -1) {
2358 VERIFY(0 == close(sdd.cleanup_fd));
2359 sdd.cleanup_fd = -1;
2362 if (!flags->dryrun && (flags->replicate || flags->doall ||
2363 flags->props || flags->backup || flags->holds)) {
2365 * write final end record. NB: want to do this even if
2366 * there was some error, because it might not be totally
2369 err = send_conclusion_record(outfd, NULL);
2371 return (zfs_standard_error(zhp->zfs_hdl, err, errbuf));
2374 return (err || sdd.err);
2377 err = zfs_standard_error(zhp->zfs_hdl, err, errbuf);
2379 fsavl_destroy(fsavl);
2381 fnvlist_free(sdd.snapholds);
2383 if (sdd.cleanup_fd != -1)
2384 VERIFY(0 == close(sdd.cleanup_fd));
2390 const char *fromsnap;
2393 snapfilter_cb_t *filter_func;
2395 nvlist_t **debugnvp;
2399 zfs_send_cb(int outfd, void *arg)
2401 struct zfs_send *zs = arg;
2402 return (zfs_send_cb_impl(zs->zhp, zs->fromsnap, zs->tosnap, zs->flags,
2403 outfd, zs->filter_func, zs->cb_arg, zs->debugnvp));
2407 zfs_send(zfs_handle_t *zhp, const char *fromsnap, const char *tosnap,
2408 sendflags_t *flags, int outfd, snapfilter_cb_t filter_func,
2409 void *cb_arg, nvlist_t **debugnvp)
2411 struct zfs_send arg = {
2413 .fromsnap = fromsnap,
2416 .filter_func = filter_func,
2418 .debugnvp = debugnvp,
2420 return (lzc_send_wrapper(zfs_send_cb, outfd, &arg));
2424 static zfs_handle_t *
2425 name_to_dir_handle(libzfs_handle_t *hdl, const char *snapname)
2427 char dirname[ZFS_MAX_DATASET_NAME_LEN];
2428 (void) strlcpy(dirname, snapname, ZFS_MAX_DATASET_NAME_LEN);
2429 char *c = strchr(dirname, '@');
2432 return (zfs_open(hdl, dirname, ZFS_TYPE_DATASET));
2436 * Returns B_TRUE if earlier is an earlier snapshot in later's timeline; either
2437 * an earlier snapshot in the same filesystem, or a snapshot before later's
2438 * origin, or it's origin's origin, etc.
2441 snapshot_is_before(zfs_handle_t *earlier, zfs_handle_t *later)
2444 uint64_t later_txg =
2445 (later->zfs_type == ZFS_TYPE_FILESYSTEM ||
2446 later->zfs_type == ZFS_TYPE_VOLUME ?
2447 UINT64_MAX : zfs_prop_get_int(later, ZFS_PROP_CREATETXG));
2448 uint64_t earlier_txg = zfs_prop_get_int(earlier, ZFS_PROP_CREATETXG);
2450 if (earlier_txg >= later_txg)
2453 zfs_handle_t *earlier_dir = name_to_dir_handle(earlier->zfs_hdl,
2455 zfs_handle_t *later_dir = name_to_dir_handle(later->zfs_hdl,
2458 if (strcmp(earlier_dir->zfs_name, later_dir->zfs_name) == 0) {
2459 zfs_close(earlier_dir);
2460 zfs_close(later_dir);
2464 char clonename[ZFS_MAX_DATASET_NAME_LEN];
2465 if (zfs_prop_get(later_dir, ZFS_PROP_ORIGIN, clonename,
2466 ZFS_MAX_DATASET_NAME_LEN, NULL, NULL, 0, B_TRUE) != 0) {
2467 zfs_close(earlier_dir);
2468 zfs_close(later_dir);
2472 zfs_handle_t *origin = zfs_open(earlier->zfs_hdl, clonename,
2474 uint64_t origin_txg = zfs_prop_get_int(origin, ZFS_PROP_CREATETXG);
2477 * If "earlier" is exactly the origin, then
2478 * snapshot_is_before(earlier, origin) will return false (because
2479 * they're the same).
2481 if (origin_txg == earlier_txg &&
2482 strcmp(origin->zfs_name, earlier->zfs_name) == 0) {
2483 zfs_close(earlier_dir);
2484 zfs_close(later_dir);
2488 zfs_close(earlier_dir);
2489 zfs_close(later_dir);
2491 ret = snapshot_is_before(earlier, origin);
2497 * The "zhp" argument is the handle of the dataset to send (typically a
2498 * snapshot). The "from" argument is the full name of the snapshot or
2499 * bookmark that is the incremental source.
2501 * Pre-wrapped (cf. lzc_send_wrapper()).
2504 zfs_send_one_cb_impl(zfs_handle_t *zhp, const char *from, int fd,
2505 sendflags_t *flags, const char *redactbook)
2508 libzfs_handle_t *hdl = zhp->zfs_hdl;
2509 char *name = zhp->zfs_name;
2511 progress_arg_t pa = { 0 };
2514 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
2515 "warning: cannot send '%s'"), name);
2517 if (from != NULL && strchr(from, '@')) {
2518 zfs_handle_t *from_zhp = zfs_open(hdl, from,
2520 if (from_zhp == NULL)
2522 if (!snapshot_is_before(from_zhp, zhp)) {
2523 zfs_close(from_zhp);
2524 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2525 "not an earlier snapshot from the same fs"));
2526 return (zfs_error(hdl, EZFS_CROSSTARGET, errbuf));
2528 zfs_close(from_zhp);
2531 if (redactbook != NULL) {
2532 char bookname[ZFS_MAX_DATASET_NAME_LEN];
2533 nvlist_t *redact_snaps;
2534 zfs_handle_t *book_zhp;
2538 pound = strchr(redactbook, '#');
2540 redactbook = pound + 1;
2541 at = strchr(name, '@');
2543 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2544 "cannot do a redacted send to a filesystem"));
2545 return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
2547 dsnamelen = at - name;
2548 if (snprintf(bookname, sizeof (bookname), "%.*s#%s",
2549 dsnamelen, name, redactbook)
2550 >= sizeof (bookname)) {
2551 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2552 "invalid bookmark name"));
2553 return (zfs_error(hdl, EZFS_INVALIDNAME, errbuf));
2555 book_zhp = zfs_open(hdl, bookname, ZFS_TYPE_BOOKMARK);
2556 if (book_zhp == NULL)
2558 if (nvlist_lookup_nvlist(book_zhp->zfs_props,
2559 zfs_prop_to_name(ZFS_PROP_REDACT_SNAPS),
2560 &redact_snaps) != 0 || redact_snaps == NULL) {
2561 zfs_close(book_zhp);
2562 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2563 "not a redaction bookmark"));
2564 return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
2566 zfs_close(book_zhp);
2570 * Send fs properties
2572 if (flags->props || flags->holds || flags->backup) {
2574 * Note: the header generated by send_prelim_records()
2575 * assumes that the incremental source is in the same
2576 * filesystem/volume as the target (which is a requirement
2577 * when doing "zfs send -R"). But that isn't always the
2578 * case here (e.g. send from snap in origin, or send from
2579 * bookmark). We pass from=NULL, which will omit this
2580 * information from the prelim records; it isn't used
2581 * when receiving this type of stream.
2583 err = send_prelim_records(zhp, NULL, fd, B_TRUE, B_FALSE,
2584 flags->verbosity > 0, flags->dryrun, flags->raw,
2585 flags->replicate, B_FALSE, flags->backup, flags->holds,
2586 flags->props, flags->doall, NULL, NULL);
2592 * Perform size estimate if verbose was specified.
2594 if (flags->verbosity != 0) {
2595 err = estimate_size(zhp, from, fd, flags, 0, 0, 0, redactbook,
2605 * If progress reporting is requested, spawn a new thread to poll
2606 * ZFS_IOC_SEND_PROGRESS at a regular interval.
2608 if (flags->progress) {
2611 pa.pa_parsable = flags->parsable;
2612 pa.pa_estimate = B_FALSE;
2613 pa.pa_verbosity = flags->verbosity;
2615 err = pthread_create(&ptid, NULL,
2616 send_progress_thread, &pa);
2618 zfs_error_aux(zhp->zfs_hdl, "%s", strerror(errno));
2619 return (zfs_error(zhp->zfs_hdl,
2620 EZFS_THREADCREATEFAILED, errbuf));
2624 err = lzc_send_redacted(name, from, fd,
2625 lzc_flags_from_sendflags(flags), redactbook);
2627 if (flags->progress && send_progress_thread_exit(hdl, ptid))
2630 if (err == 0 && (flags->props || flags->holds || flags->backup)) {
2631 /* Write the final end record. */
2632 err = send_conclusion_record(fd, NULL);
2634 return (zfs_standard_error(hdl, err, errbuf));
2639 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2640 "not an earlier snapshot from the same fs"));
2641 return (zfs_error(hdl, EZFS_CROSSTARGET, errbuf));
2645 if (lzc_exists(name)) {
2646 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2647 "incremental source (%s) does not exist"),
2650 return (zfs_error(hdl, EZFS_NOENT, errbuf));
2653 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2654 "dataset key must be loaded"));
2655 return (zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf));
2658 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2659 "target is busy; if a filesystem, "
2660 "it must not be mounted"));
2661 return (zfs_error(hdl, EZFS_BUSY, errbuf));
2675 zfs_error_aux(hdl, "%s", strerror(errno));
2676 return (zfs_error(hdl, EZFS_BADBACKUP, errbuf));
2679 return (zfs_standard_error(hdl, errno, errbuf));
2685 struct zfs_send_one {
2689 const char *redactbook;
2693 zfs_send_one_cb(int fd, void *arg)
2695 struct zfs_send_one *zso = arg;
2696 return (zfs_send_one_cb_impl(zso->zhp, zso->from, fd, zso->flags,
2701 zfs_send_one(zfs_handle_t *zhp, const char *from, int fd, sendflags_t *flags,
2702 const char *redactbook)
2704 struct zfs_send_one zso = {
2708 .redactbook = redactbook,
2710 return (lzc_send_wrapper(zfs_send_one_cb, fd, &zso));
2714 * Routines specific to "zfs recv"
2718 recv_read(libzfs_handle_t *hdl, int fd, void *buf, int ilen,
2719 boolean_t byteswap, zio_cksum_t *zc)
2726 rv = read(fd, cp, len);
2731 if (rv < 0 || len != 0) {
2732 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
2733 "failed to read from stream"));
2734 return (zfs_error(hdl, EZFS_BADSTREAM, dgettext(TEXT_DOMAIN,
2735 "cannot receive")));
2740 fletcher_4_incremental_byteswap(buf, ilen, zc);
2742 fletcher_4_incremental_native(buf, ilen, zc);
2748 recv_read_nvlist(libzfs_handle_t *hdl, int fd, int len, nvlist_t **nvp,
2749 boolean_t byteswap, zio_cksum_t *zc)
2754 buf = zfs_alloc(hdl, len);
2756 if (len > hdl->libzfs_max_nvlist) {
2757 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "nvlist too large"));
2762 err = recv_read(hdl, fd, buf, len, byteswap, zc);
2768 err = nvlist_unpack(buf, len, nvp, 0);
2771 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid "
2772 "stream (malformed nvlist)"));
2779 * Returns the grand origin (origin of origin of origin...) of a given handle.
2780 * If this dataset is not a clone, it simply returns a copy of the original
2783 static zfs_handle_t *
2784 recv_open_grand_origin(zfs_handle_t *zhp)
2786 char origin[ZFS_MAX_DATASET_NAME_LEN];
2788 zfs_handle_t *ozhp = zfs_handle_dup(zhp);
2790 while (ozhp != NULL) {
2791 if (zfs_prop_get(ozhp, ZFS_PROP_ORIGIN, origin,
2792 sizeof (origin), &src, NULL, 0, B_FALSE) != 0)
2795 (void) zfs_close(ozhp);
2796 ozhp = zfs_open(zhp->zfs_hdl, origin, ZFS_TYPE_FILESYSTEM);
2803 recv_rename_impl(zfs_handle_t *zhp, const char *name, const char *newname)
2806 zfs_handle_t *ozhp = NULL;
2809 * Attempt to rename the dataset. If it fails with EACCES we have
2810 * attempted to rename the dataset outside of its encryption root.
2811 * Force the dataset to become an encryption root and try again.
2813 err = lzc_rename(name, newname);
2814 if (err == EACCES) {
2815 ozhp = recv_open_grand_origin(zhp);
2821 err = lzc_change_key(ozhp->zfs_name, DCP_CMD_FORCE_NEW_KEY,
2826 err = lzc_rename(name, newname);
2836 recv_rename(libzfs_handle_t *hdl, const char *name, const char *tryname,
2837 int baselen, char *newname, recvflags_t *flags)
2841 prop_changelist_t *clp = NULL;
2842 zfs_handle_t *zhp = NULL;
2844 zhp = zfs_open(hdl, name, ZFS_TYPE_DATASET);
2849 clp = changelist_gather(zhp, ZFS_PROP_NAME, 0,
2850 flags->force ? MS_FORCE : 0);
2855 err = changelist_prefix(clp);
2860 (void) strcpy(newname, tryname);
2861 if (flags->verbose) {
2862 (void) printf("attempting rename %s to %s\n",
2865 err = recv_rename_impl(zhp, name, newname);
2867 changelist_rename(clp, name, tryname);
2872 if (err != 0 && strncmp(name + baselen, "recv-", 5) != 0) {
2875 (void) snprintf(newname, ZFS_MAX_DATASET_NAME_LEN,
2876 "%.*srecv-%u-%u", baselen, name, getpid(), seq);
2878 if (flags->verbose) {
2879 (void) printf("failed - trying rename %s to %s\n",
2882 err = recv_rename_impl(zhp, name, newname);
2884 changelist_rename(clp, name, newname);
2885 if (err && flags->verbose) {
2886 (void) printf("failed (%u) - "
2887 "will try again on next pass\n", errno);
2890 } else if (flags->verbose) {
2892 (void) printf("success\n");
2894 (void) printf("failed (%u)\n", errno);
2897 (void) changelist_postfix(clp);
2901 changelist_free(clp);
2909 recv_promote(libzfs_handle_t *hdl, const char *fsname,
2910 const char *origin_fsname, recvflags_t *flags)
2913 zfs_cmd_t zc = {"\0"};
2914 zfs_handle_t *zhp = NULL, *ozhp = NULL;
2917 (void) printf("promoting %s\n", fsname);
2919 (void) strlcpy(zc.zc_value, origin_fsname, sizeof (zc.zc_value));
2920 (void) strlcpy(zc.zc_name, fsname, sizeof (zc.zc_name));
2923 * Attempt to promote the dataset. If it fails with EACCES the
2924 * promotion would cause this dataset to leave its encryption root.
2925 * Force the origin to become an encryption root and try again.
2927 err = zfs_ioctl(hdl, ZFS_IOC_PROMOTE, &zc);
2928 if (err == EACCES) {
2929 zhp = zfs_open(hdl, fsname, ZFS_TYPE_DATASET);
2935 ozhp = recv_open_grand_origin(zhp);
2941 err = lzc_change_key(ozhp->zfs_name, DCP_CMD_FORCE_NEW_KEY,
2946 err = zfs_ioctl(hdl, ZFS_IOC_PROMOTE, &zc);
2959 recv_destroy(libzfs_handle_t *hdl, const char *name, int baselen,
2960 char *newname, recvflags_t *flags)
2963 prop_changelist_t *clp;
2965 boolean_t defer = B_FALSE;
2968 zhp = zfs_open(hdl, name, ZFS_TYPE_DATASET);
2971 zfs_type_t type = zfs_get_type(zhp);
2972 if (type == ZFS_TYPE_SNAPSHOT &&
2973 zfs_spa_version(zhp, &spa_version) == 0 &&
2974 spa_version >= SPA_VERSION_USERREFS)
2976 clp = changelist_gather(zhp, ZFS_PROP_NAME, 0,
2977 flags->force ? MS_FORCE : 0);
2982 err = changelist_prefix(clp);
2987 (void) printf("attempting destroy %s\n", name);
2988 if (type == ZFS_TYPE_SNAPSHOT) {
2989 nvlist_t *nv = fnvlist_alloc();
2990 fnvlist_add_boolean(nv, name);
2991 err = lzc_destroy_snaps(nv, defer, NULL);
2994 err = lzc_destroy(name);
2998 (void) printf("success\n");
2999 changelist_remove(clp, name);
3002 (void) changelist_postfix(clp);
3003 changelist_free(clp);
3006 * Deferred destroy might destroy the snapshot or only mark it to be
3007 * destroyed later, and it returns success in either case.
3009 if (err != 0 || (defer && zfs_dataset_exists(hdl, name,
3010 ZFS_TYPE_SNAPSHOT))) {
3011 err = recv_rename(hdl, name, NULL, baselen, newname, flags);
3017 typedef struct guid_to_name_data {
3019 boolean_t bookmark_ok;
3022 uint64_t *redact_snap_guids;
3023 uint64_t num_redact_snaps;
3024 } guid_to_name_data_t;
3027 redact_snaps_match(zfs_handle_t *zhp, guid_to_name_data_t *gtnd)
3029 uint64_t *bmark_snaps;
3030 uint_t bmark_num_snaps;
3032 if (zhp->zfs_type != ZFS_TYPE_BOOKMARK)
3035 nvl = fnvlist_lookup_nvlist(zhp->zfs_props,
3036 zfs_prop_to_name(ZFS_PROP_REDACT_SNAPS));
3037 bmark_snaps = fnvlist_lookup_uint64_array(nvl, ZPROP_VALUE,
3039 if (bmark_num_snaps != gtnd->num_redact_snaps)
3042 for (; i < bmark_num_snaps; i++) {
3044 for (; j < bmark_num_snaps; j++) {
3045 if (bmark_snaps[i] == gtnd->redact_snap_guids[j])
3048 if (j == bmark_num_snaps)
3051 return (i == bmark_num_snaps);
3055 guid_to_name_cb(zfs_handle_t *zhp, void *arg)
3057 guid_to_name_data_t *gtnd = arg;
3061 if (gtnd->skip != NULL &&
3062 (slash = strrchr(zhp->zfs_name, '/')) != NULL &&
3063 strcmp(slash + 1, gtnd->skip) == 0) {
3068 if (zfs_prop_get_int(zhp, ZFS_PROP_GUID) == gtnd->guid &&
3069 (gtnd->num_redact_snaps == -1 || redact_snaps_match(zhp, gtnd))) {
3070 (void) strcpy(gtnd->name, zhp->zfs_name);
3075 err = zfs_iter_children(zhp, guid_to_name_cb, gtnd);
3076 if (err != EEXIST && gtnd->bookmark_ok)
3077 err = zfs_iter_bookmarks(zhp, guid_to_name_cb, gtnd);
3083 * Attempt to find the local dataset associated with this guid. In the case of
3084 * multiple matches, we attempt to find the "best" match by searching
3085 * progressively larger portions of the hierarchy. This allows one to send a
3086 * tree of datasets individually and guarantee that we will find the source
3087 * guid within that hierarchy, even if there are multiple matches elsewhere.
3089 * If num_redact_snaps is not -1, we attempt to find a redaction bookmark with
3090 * the specified number of redaction snapshots. If num_redact_snaps isn't 0 or
3091 * -1, then redact_snap_guids will be an array of the guids of the snapshots the
3092 * redaction bookmark was created with. If num_redact_snaps is -1, then we will
3093 * attempt to find a snapshot or bookmark (if bookmark_ok is passed) with the
3094 * given guid. Note that a redaction bookmark can be returned if
3095 * num_redact_snaps == -1.
3098 guid_to_name_redact_snaps(libzfs_handle_t *hdl, const char *parent,
3099 uint64_t guid, boolean_t bookmark_ok, uint64_t *redact_snap_guids,
3100 uint64_t num_redact_snaps, char *name)
3102 char pname[ZFS_MAX_DATASET_NAME_LEN];
3103 guid_to_name_data_t gtnd;
3106 gtnd.bookmark_ok = bookmark_ok;
3109 gtnd.redact_snap_guids = redact_snap_guids;
3110 gtnd.num_redact_snaps = num_redact_snaps;
3113 * Search progressively larger portions of the hierarchy, starting
3114 * with the filesystem specified by 'parent'. This will
3115 * select the "most local" version of the origin snapshot in the case
3116 * that there are multiple matching snapshots in the system.
3118 (void) strlcpy(pname, parent, sizeof (pname));
3119 char *cp = strrchr(pname, '@');
3121 cp = strchr(pname, '\0');
3122 for (; cp != NULL; cp = strrchr(pname, '/')) {
3123 /* Chop off the last component and open the parent */
3125 zfs_handle_t *zhp = make_dataset_handle(hdl, pname);
3129 int err = guid_to_name_cb(zfs_handle_dup(zhp), >nd);
3131 err = zfs_iter_children(zhp, guid_to_name_cb, >nd);
3132 if (err != EEXIST && bookmark_ok)
3133 err = zfs_iter_bookmarks(zhp, guid_to_name_cb, >nd);
3139 * Remember the last portion of the dataset so we skip it next
3140 * time through (as we've already searched that portion of the
3143 gtnd.skip = strrchr(pname, '/') + 1;
3150 guid_to_name(libzfs_handle_t *hdl, const char *parent, uint64_t guid,
3151 boolean_t bookmark_ok, char *name)
3153 return (guid_to_name_redact_snaps(hdl, parent, guid, bookmark_ok, NULL,
3158 * Return +1 if guid1 is before guid2, 0 if they are the same, and -1 if
3159 * guid1 is after guid2.
3162 created_before(libzfs_handle_t *hdl, avl_tree_t *avl,
3163 uint64_t guid1, uint64_t guid2)
3166 char *fsname = NULL, *snapname = NULL;
3167 char buf[ZFS_MAX_DATASET_NAME_LEN];
3169 zfs_handle_t *guid1hdl, *guid2hdl;
3170 uint64_t create1, create2;
3177 nvfs = fsavl_find(avl, guid1, &snapname);
3178 fsname = fnvlist_lookup_string(nvfs, "name");
3179 (void) snprintf(buf, sizeof (buf), "%s@%s", fsname, snapname);
3180 guid1hdl = zfs_open(hdl, buf, ZFS_TYPE_SNAPSHOT);
3181 if (guid1hdl == NULL)
3184 nvfs = fsavl_find(avl, guid2, &snapname);
3185 fsname = fnvlist_lookup_string(nvfs, "name");
3186 (void) snprintf(buf, sizeof (buf), "%s@%s", fsname, snapname);
3187 guid2hdl = zfs_open(hdl, buf, ZFS_TYPE_SNAPSHOT);
3188 if (guid2hdl == NULL) {
3189 zfs_close(guid1hdl);
3193 create1 = zfs_prop_get_int(guid1hdl, ZFS_PROP_CREATETXG);
3194 create2 = zfs_prop_get_int(guid2hdl, ZFS_PROP_CREATETXG);
3196 if (create1 < create2)
3198 else if (create1 > create2)
3203 zfs_close(guid1hdl);
3204 zfs_close(guid2hdl);
3210 * This function reestablishes the hierarchy of encryption roots after a
3211 * recursive incremental receive has completed. This must be done after the
3212 * second call to recv_incremental_replication() has renamed and promoted all
3213 * sent datasets to their final locations in the dataset hierarchy.
3216 recv_fix_encryption_hierarchy(libzfs_handle_t *hdl, const char *top_zfs,
3217 nvlist_t *stream_nv)
3220 nvpair_t *fselem = NULL;
3221 nvlist_t *stream_fss;
3223 stream_fss = fnvlist_lookup_nvlist(stream_nv, "fss");
3225 while ((fselem = nvlist_next_nvpair(stream_fss, fselem)) != NULL) {
3226 zfs_handle_t *zhp = NULL;
3228 nvlist_t *snaps, *props, *stream_nvfs = NULL;
3229 nvpair_t *snapel = NULL;
3230 boolean_t is_encroot, is_clone, stream_encroot;
3232 char *stream_keylocation = NULL;
3233 char keylocation[MAXNAMELEN];
3234 char fsname[ZFS_MAX_DATASET_NAME_LEN];
3236 keylocation[0] = '\0';
3237 stream_nvfs = fnvpair_value_nvlist(fselem);
3238 snaps = fnvlist_lookup_nvlist(stream_nvfs, "snaps");
3239 props = fnvlist_lookup_nvlist(stream_nvfs, "props");
3240 stream_encroot = nvlist_exists(stream_nvfs, "is_encroot");
3242 /* find a snapshot from the stream that exists locally */
3244 while ((snapel = nvlist_next_nvpair(snaps, snapel)) != NULL) {
3247 guid = fnvpair_value_uint64(snapel);
3248 err = guid_to_name(hdl, top_zfs, guid, B_FALSE,
3257 cp = strchr(fsname, '@');
3261 zhp = zfs_open(hdl, fsname, ZFS_TYPE_DATASET);
3267 crypt = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION);
3268 is_clone = zhp->zfs_dmustats.dds_origin[0] != '\0';
3269 (void) zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);
3271 /* we don't need to do anything for unencrypted datasets */
3272 if (crypt == ZIO_CRYPT_OFF) {
3278 * If the dataset is flagged as an encryption root, was not
3279 * received as a clone and is not currently an encryption root,
3280 * force it to become one. Fixup the keylocation if necessary.
3282 if (stream_encroot) {
3283 if (!is_clone && !is_encroot) {
3284 err = lzc_change_key(fsname,
3285 DCP_CMD_FORCE_NEW_KEY, NULL, NULL, 0);
3292 stream_keylocation = fnvlist_lookup_string(props,
3293 zfs_prop_to_name(ZFS_PROP_KEYLOCATION));
3296 * Refresh the properties in case the call to
3297 * lzc_change_key() changed the value.
3299 zfs_refresh_properties(zhp);
3300 err = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION,
3301 keylocation, sizeof (keylocation), NULL, NULL,
3308 if (strcmp(keylocation, stream_keylocation) != 0) {
3309 err = zfs_prop_set(zhp,
3310 zfs_prop_to_name(ZFS_PROP_KEYLOCATION),
3311 stream_keylocation);
3320 * If the dataset is not flagged as an encryption root and is
3321 * currently an encryption root, force it to inherit from its
3322 * parent. The root of a raw send should never be
3325 if (!stream_encroot && is_encroot &&
3326 strcmp(top_zfs, fsname) != 0) {
3327 err = lzc_change_key(fsname, DCP_CMD_FORCE_INHERIT,
3345 recv_incremental_replication(libzfs_handle_t *hdl, const char *tofs,
3346 recvflags_t *flags, nvlist_t *stream_nv, avl_tree_t *stream_avl,
3349 nvlist_t *local_nv, *deleted = NULL;
3350 avl_tree_t *local_avl;
3351 nvpair_t *fselem, *nextfselem;
3353 char newname[ZFS_MAX_DATASET_NAME_LEN];
3356 boolean_t needagain, progress, recursive;
3359 fromsnap = fnvlist_lookup_string(stream_nv, "fromsnap");
3361 recursive = (nvlist_lookup_boolean(stream_nv, "not_recursive") ==
3368 needagain = progress = B_FALSE;
3370 deleted = fnvlist_alloc();
3372 if ((error = gather_nvlist(hdl, tofs, fromsnap, NULL,
3373 recursive, B_TRUE, B_FALSE, recursive, B_FALSE, B_FALSE, B_FALSE,
3374 B_FALSE, B_TRUE, &local_nv, &local_avl)) != 0)
3378 * Process deletes and renames
3380 for (fselem = nvlist_next_nvpair(local_nv, NULL);
3381 fselem; fselem = nextfselem) {
3382 nvlist_t *nvfs, *snaps;
3383 nvlist_t *stream_nvfs = NULL;
3384 nvpair_t *snapelem, *nextsnapelem;
3385 uint64_t fromguid = 0;
3386 uint64_t originguid = 0;
3387 uint64_t stream_originguid = 0;
3388 uint64_t parent_fromsnap_guid, stream_parent_fromsnap_guid;
3389 char *fsname, *stream_fsname;
3391 nextfselem = nvlist_next_nvpair(local_nv, fselem);
3393 nvfs = fnvpair_value_nvlist(fselem);
3394 snaps = fnvlist_lookup_nvlist(nvfs, "snaps");
3395 fsname = fnvlist_lookup_string(nvfs, "name");
3396 parent_fromsnap_guid = fnvlist_lookup_uint64(nvfs,
3398 (void) nvlist_lookup_uint64(nvfs, "origin", &originguid);
3401 * First find the stream's fs, so we can check for
3402 * a different origin (due to "zfs promote")
3404 for (snapelem = nvlist_next_nvpair(snaps, NULL);
3405 snapelem; snapelem = nvlist_next_nvpair(snaps, snapelem)) {
3408 thisguid = fnvpair_value_uint64(snapelem);
3409 stream_nvfs = fsavl_find(stream_avl, thisguid, NULL);
3411 if (stream_nvfs != NULL)
3415 /* check for promote */
3416 (void) nvlist_lookup_uint64(stream_nvfs, "origin",
3417 &stream_originguid);
3418 if (stream_nvfs && originguid != stream_originguid) {
3419 switch (created_before(hdl, local_avl,
3420 stream_originguid, originguid)) {
3423 nvlist_t *origin_nvfs;
3424 char *origin_fsname;
3426 origin_nvfs = fsavl_find(local_avl, originguid,
3428 origin_fsname = fnvlist_lookup_string(
3429 origin_nvfs, "name");
3430 error = recv_promote(hdl, fsname, origin_fsname,
3439 fsavl_destroy(local_avl);
3440 fnvlist_free(local_nv);
3444 * We had/have the wrong origin, therefore our
3445 * list of snapshots is wrong. Need to handle
3446 * them on the next pass.
3452 for (snapelem = nvlist_next_nvpair(snaps, NULL);
3453 snapelem; snapelem = nextsnapelem) {
3455 char *stream_snapname;
3456 nvlist_t *found, *props;
3458 nextsnapelem = nvlist_next_nvpair(snaps, snapelem);
3460 thisguid = fnvpair_value_uint64(snapelem);
3461 found = fsavl_find(stream_avl, thisguid,
3464 /* check for delete */
3465 if (found == NULL) {
3466 char name[ZFS_MAX_DATASET_NAME_LEN];
3471 (void) snprintf(name, sizeof (name), "%s@%s",
3472 fsname, nvpair_name(snapelem));
3474 error = recv_destroy(hdl, name,
3475 strlen(fsname)+1, newname, flags);
3480 sprintf(guidname, "%llu",
3481 (u_longlong_t)thisguid);
3482 nvlist_add_boolean(deleted, guidname);
3486 stream_nvfs = found;
3488 if (0 == nvlist_lookup_nvlist(stream_nvfs, "snapprops",
3489 &props) && 0 == nvlist_lookup_nvlist(props,
3490 stream_snapname, &props)) {
3491 zfs_cmd_t zc = {"\0"};
3493 zc.zc_cookie = B_TRUE; /* received */
3494 (void) snprintf(zc.zc_name, sizeof (zc.zc_name),
3495 "%s@%s", fsname, nvpair_name(snapelem));
3496 zcmd_write_src_nvlist(hdl, &zc, props);
3497 (void) zfs_ioctl(hdl,
3498 ZFS_IOC_SET_PROP, &zc);
3499 zcmd_free_nvlists(&zc);
3502 /* check for different snapname */
3503 if (strcmp(nvpair_name(snapelem),
3504 stream_snapname) != 0) {
3505 char name[ZFS_MAX_DATASET_NAME_LEN];
3506 char tryname[ZFS_MAX_DATASET_NAME_LEN];
3508 (void) snprintf(name, sizeof (name), "%s@%s",
3509 fsname, nvpair_name(snapelem));
3510 (void) snprintf(tryname, sizeof (name), "%s@%s",
3511 fsname, stream_snapname);
3513 error = recv_rename(hdl, name, tryname,
3514 strlen(fsname)+1, newname, flags);
3521 if (strcmp(stream_snapname, fromsnap) == 0)
3522 fromguid = thisguid;
3525 /* check for delete */
3526 if (stream_nvfs == NULL) {
3530 error = recv_destroy(hdl, fsname, strlen(tofs)+1,
3536 sprintf(guidname, "%llu",
3537 (u_longlong_t)parent_fromsnap_guid);
3538 nvlist_add_boolean(deleted, guidname);
3542 if (fromguid == 0) {
3543 if (flags->verbose) {
3544 (void) printf("local fs %s does not have "
3545 "fromsnap (%s in stream); must have "
3546 "been deleted locally; ignoring\n",
3552 stream_fsname = fnvlist_lookup_string(stream_nvfs, "name");
3553 stream_parent_fromsnap_guid = fnvlist_lookup_uint64(
3554 stream_nvfs, "parentfromsnap");
3556 s1 = strrchr(fsname, '/');
3557 s2 = strrchr(stream_fsname, '/');
3560 * Check if we're going to rename based on parent guid change
3561 * and the current parent guid was also deleted. If it was then
3562 * rename will fail and is likely unneeded, so avoid this and
3563 * force an early retry to determine the new
3564 * parent_fromsnap_guid.
3566 if (stream_parent_fromsnap_guid != 0 &&
3567 parent_fromsnap_guid != 0 &&
3568 stream_parent_fromsnap_guid != parent_fromsnap_guid) {
3569 sprintf(guidname, "%llu",
3570 (u_longlong_t)parent_fromsnap_guid);
3571 if (nvlist_exists(deleted, guidname)) {
3579 * Check for rename. If the exact receive path is specified, it
3580 * does not count as a rename, but we still need to check the
3581 * datasets beneath it.
3583 if ((stream_parent_fromsnap_guid != 0 &&
3584 parent_fromsnap_guid != 0 &&
3585 stream_parent_fromsnap_guid != parent_fromsnap_guid) ||
3586 ((flags->isprefix || strcmp(tofs, fsname) != 0) &&
3587 (s1 != NULL) && (s2 != NULL) && strcmp(s1, s2) != 0)) {
3589 char tryname[ZFS_MAX_DATASET_NAME_LEN];
3591 parent = fsavl_find(local_avl,
3592 stream_parent_fromsnap_guid, NULL);
3594 * NB: parent might not be found if we used the
3595 * tosnap for stream_parent_fromsnap_guid,
3596 * because the parent is a newly-created fs;
3597 * we'll be able to rename it after we recv the
3600 if (parent != NULL) {
3603 pname = fnvlist_lookup_string(parent, "name");
3604 (void) snprintf(tryname, sizeof (tryname),
3605 "%s%s", pname, strrchr(stream_fsname, '/'));
3608 if (flags->verbose) {
3609 (void) printf("local fs %s new parent "
3610 "not found\n", fsname);
3616 error = recv_rename(hdl, fsname, tryname,
3617 strlen(tofs)+1, newname, flags);
3619 if (renamed != NULL && newname[0] != '\0') {
3620 fnvlist_add_boolean(renamed, newname);
3631 fsavl_destroy(local_avl);
3632 fnvlist_free(local_nv);
3633 fnvlist_free(deleted);
3635 if (needagain && progress) {
3636 /* do another pass to fix up temporary names */
3638 (void) printf("another pass:\n");
3642 return (needagain || error != 0);
3646 zfs_receive_package(libzfs_handle_t *hdl, int fd, const char *destname,
3647 recvflags_t *flags, dmu_replay_record_t *drr, zio_cksum_t *zc,
3648 char **top_zfs, nvlist_t *cmdprops)
3650 nvlist_t *stream_nv = NULL;
3651 avl_tree_t *stream_avl = NULL;
3652 char *fromsnap = NULL;
3653 char *sendsnap = NULL;
3655 char tofs[ZFS_MAX_DATASET_NAME_LEN];
3656 char sendfs[ZFS_MAX_DATASET_NAME_LEN];
3658 dmu_replay_record_t drre;
3660 boolean_t anyerr = B_FALSE;
3661 boolean_t softerr = B_FALSE;
3662 boolean_t recursive, raw;
3664 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3667 assert(drr->drr_type == DRR_BEGIN);
3668 assert(drr->drr_u.drr_begin.drr_magic == DMU_BACKUP_MAGIC);
3669 assert(DMU_GET_STREAM_HDRTYPE(drr->drr_u.drr_begin.drr_versioninfo) ==
3670 DMU_COMPOUNDSTREAM);
3673 * Read in the nvlist from the stream.
3675 if (drr->drr_payloadlen != 0) {
3676 error = recv_read_nvlist(hdl, fd, drr->drr_payloadlen,
3677 &stream_nv, flags->byteswap, zc);
3679 error = zfs_error(hdl, EZFS_BADSTREAM, errbuf);
3684 recursive = (nvlist_lookup_boolean(stream_nv, "not_recursive") ==
3686 raw = (nvlist_lookup_boolean(stream_nv, "raw") == 0);
3688 if (recursive && strchr(destname, '@')) {
3689 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3690 "cannot specify snapshot name for multi-snapshot stream"));
3691 error = zfs_error(hdl, EZFS_BADSTREAM, errbuf);
3696 * Read in the end record and verify checksum.
3698 if (0 != (error = recv_read(hdl, fd, &drre, sizeof (drre),
3699 flags->byteswap, NULL)))
3701 if (flags->byteswap) {
3702 drre.drr_type = BSWAP_32(drre.drr_type);
3703 drre.drr_u.drr_end.drr_checksum.zc_word[0] =
3704 BSWAP_64(drre.drr_u.drr_end.drr_checksum.zc_word[0]);
3705 drre.drr_u.drr_end.drr_checksum.zc_word[1] =
3706 BSWAP_64(drre.drr_u.drr_end.drr_checksum.zc_word[1]);
3707 drre.drr_u.drr_end.drr_checksum.zc_word[2] =
3708 BSWAP_64(drre.drr_u.drr_end.drr_checksum.zc_word[2]);
3709 drre.drr_u.drr_end.drr_checksum.zc_word[3] =
3710 BSWAP_64(drre.drr_u.drr_end.drr_checksum.zc_word[3]);
3712 if (drre.drr_type != DRR_END) {
3713 error = zfs_error(hdl, EZFS_BADSTREAM, errbuf);
3716 if (!ZIO_CHECKSUM_EQUAL(drre.drr_u.drr_end.drr_checksum, *zc)) {
3717 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3718 "incorrect header checksum"));
3719 error = zfs_error(hdl, EZFS_BADSTREAM, errbuf);
3723 (void) nvlist_lookup_string(stream_nv, "fromsnap", &fromsnap);
3725 if (drr->drr_payloadlen != 0) {
3726 nvlist_t *stream_fss;
3728 stream_fss = fnvlist_lookup_nvlist(stream_nv, "fss");
3729 if ((stream_avl = fsavl_create(stream_fss)) == NULL) {
3730 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3731 "couldn't allocate avl tree"));
3732 error = zfs_error(hdl, EZFS_NOMEM, errbuf);
3736 if (fromsnap != NULL && recursive) {
3737 nvlist_t *renamed = NULL;
3738 nvpair_t *pair = NULL;
3740 (void) strlcpy(tofs, destname, sizeof (tofs));
3741 if (flags->isprefix) {
3742 struct drr_begin *drrb = &drr->drr_u.drr_begin;
3745 if (flags->istail) {
3746 cp = strrchr(drrb->drr_toname, '/');
3748 (void) strlcat(tofs, "/",
3752 i = (cp - drrb->drr_toname);
3755 i = strcspn(drrb->drr_toname, "/@");
3757 /* zfs_receive_one() will create_parents() */
3758 (void) strlcat(tofs, &drrb->drr_toname[i],
3760 *strchr(tofs, '@') = '\0';
3763 if (!flags->dryrun && !flags->nomount) {
3764 renamed = fnvlist_alloc();
3767 softerr = recv_incremental_replication(hdl, tofs, flags,
3768 stream_nv, stream_avl, renamed);
3770 /* Unmount renamed filesystems before receiving. */
3771 while ((pair = nvlist_next_nvpair(renamed,
3774 prop_changelist_t *clp = NULL;
3776 zhp = zfs_open(hdl, nvpair_name(pair),
3777 ZFS_TYPE_FILESYSTEM);
3779 clp = changelist_gather(zhp,
3780 ZFS_PROP_MOUNTPOINT, 0,
3781 flags->forceunmount ? MS_FORCE : 0);
3785 changelist_prefix(clp);
3786 changelist_free(clp);
3791 fnvlist_free(renamed);
3796 * Get the fs specified by the first path in the stream (the top level
3797 * specified by 'zfs send') and pass it to each invocation of
3798 * zfs_receive_one().
3800 (void) strlcpy(sendfs, drr->drr_u.drr_begin.drr_toname,
3802 if ((cp = strchr(sendfs, '@')) != NULL) {
3805 * Find the "sendsnap", the final snapshot in a replication
3806 * stream. zfs_receive_one() handles certain errors
3807 * differently, depending on if the contained stream is the
3810 sendsnap = (cp + 1);
3813 /* Finally, receive each contained stream */
3816 * we should figure out if it has a recoverable
3817 * error, in which case do a recv_skip() and drive on.
3818 * Note, if we fail due to already having this guid,
3819 * zfs_receive_one() will take care of it (ie,
3820 * recv_skip() and return 0).
3822 error = zfs_receive_impl(hdl, destname, NULL, flags, fd,
3823 sendfs, stream_nv, stream_avl, top_zfs, sendsnap, cmdprops);
3824 if (error == ENODATA) {
3829 } while (error == 0);
3831 if (drr->drr_payloadlen != 0 && recursive && fromsnap != NULL) {
3833 * Now that we have the fs's they sent us, try the
3836 softerr = recv_incremental_replication(hdl, tofs, flags,
3837 stream_nv, stream_avl, NULL);
3840 if (raw && softerr == 0 && *top_zfs != NULL) {
3841 softerr = recv_fix_encryption_hierarchy(hdl, *top_zfs,
3846 fsavl_destroy(stream_avl);
3847 fnvlist_free(stream_nv);
3856 trunc_prop_errs(int truncated)
3858 ASSERT(truncated != 0);
3861 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
3862 "1 more property could not be set\n"));
3864 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
3865 "%d more properties could not be set\n"), truncated);
3869 recv_skip(libzfs_handle_t *hdl, int fd, boolean_t byteswap)
3871 dmu_replay_record_t *drr;
3872 void *buf = zfs_alloc(hdl, SPA_MAXBLOCKSIZE);
3873 uint64_t payload_size;
3876 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
3879 /* XXX would be great to use lseek if possible... */
3882 while (recv_read(hdl, fd, drr, sizeof (dmu_replay_record_t),
3883 byteswap, NULL) == 0) {
3885 drr->drr_type = BSWAP_32(drr->drr_type);
3887 switch (drr->drr_type) {
3889 if (drr->drr_payloadlen != 0) {
3890 (void) recv_read(hdl, fd, buf,
3891 drr->drr_payloadlen, B_FALSE, NULL);
3901 drr->drr_u.drr_object.drr_bonuslen =
3902 BSWAP_32(drr->drr_u.drr_object.
3904 drr->drr_u.drr_object.drr_raw_bonuslen =
3905 BSWAP_32(drr->drr_u.drr_object.
3910 DRR_OBJECT_PAYLOAD_SIZE(&drr->drr_u.drr_object);
3911 (void) recv_read(hdl, fd, buf, payload_size,
3917 drr->drr_u.drr_write.drr_logical_size =
3919 drr->drr_u.drr_write.drr_logical_size);
3920 drr->drr_u.drr_write.drr_compressed_size =
3922 drr->drr_u.drr_write.drr_compressed_size);
3925 DRR_WRITE_PAYLOAD_SIZE(&drr->drr_u.drr_write);
3926 assert(payload_size <= SPA_MAXBLOCKSIZE);
3927 (void) recv_read(hdl, fd, buf,
3928 payload_size, B_FALSE, NULL);
3932 drr->drr_u.drr_spill.drr_length =
3933 BSWAP_64(drr->drr_u.drr_spill.drr_length);
3934 drr->drr_u.drr_spill.drr_compressed_size =
3935 BSWAP_64(drr->drr_u.drr_spill.
3936 drr_compressed_size);
3940 DRR_SPILL_PAYLOAD_SIZE(&drr->drr_u.drr_spill);
3941 (void) recv_read(hdl, fd, buf, payload_size,
3944 case DRR_WRITE_EMBEDDED:
3946 drr->drr_u.drr_write_embedded.drr_psize =
3947 BSWAP_32(drr->drr_u.drr_write_embedded.
3950 (void) recv_read(hdl, fd, buf,
3951 P2ROUNDUP(drr->drr_u.drr_write_embedded.drr_psize,
3954 case DRR_OBJECT_RANGE:
3955 case DRR_WRITE_BYREF:
3956 case DRR_FREEOBJECTS:
3961 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3962 "invalid record type"));
3964 return (zfs_error(hdl, EZFS_BADSTREAM, errbuf));
3973 recv_ecksum_set_aux(libzfs_handle_t *hdl, const char *target_snap,
3974 boolean_t resumable, boolean_t checksum)
3976 char target_fs[ZFS_MAX_DATASET_NAME_LEN];
3978 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, (checksum ?
3979 "checksum mismatch" : "incomplete stream")));
3983 (void) strlcpy(target_fs, target_snap, sizeof (target_fs));
3984 *strchr(target_fs, '@') = '\0';
3985 zfs_handle_t *zhp = zfs_open(hdl, target_fs,
3986 ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
3990 char token_buf[ZFS_MAXPROPLEN];
3991 int error = zfs_prop_get(zhp, ZFS_PROP_RECEIVE_RESUME_TOKEN,
3992 token_buf, sizeof (token_buf),
3993 NULL, NULL, 0, B_TRUE);
3995 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
3996 "checksum mismatch or incomplete stream.\n"
3997 "Partially received snapshot is saved.\n"
3998 "A resuming stream can be generated on the sending "
3999 "system by running:\n"
4007 * Prepare a new nvlist of properties that are to override (-o) or be excluded
4008 * (-x) from the received dataset
4009 * recvprops: received properties from the send stream
4010 * cmdprops: raw input properties from command line
4011 * origprops: properties, both locally-set and received, currently set on the
4012 * target dataset if it exists, NULL otherwise.
4013 * oxprops: valid output override (-o) and excluded (-x) properties
4016 zfs_setup_cmdline_props(libzfs_handle_t *hdl, zfs_type_t type,
4017 char *fsname, boolean_t zoned, boolean_t recursive, boolean_t newfs,
4018 boolean_t raw, boolean_t toplevel, nvlist_t *recvprops, nvlist_t *cmdprops,
4019 nvlist_t *origprops, nvlist_t **oxprops, uint8_t **wkeydata_out,
4020 uint_t *wkeylen_out, const char *errbuf)
4023 nvlist_t *oprops, *voprops;
4024 zfs_handle_t *zhp = NULL;
4025 zpool_handle_t *zpool_hdl = NULL;
4028 char namebuf[ZFS_MAX_DATASET_NAME_LEN];
4030 if (nvlist_empty(cmdprops))
4031 return (0); /* No properties to override or exclude */
4033 *oxprops = fnvlist_alloc();
4034 oprops = fnvlist_alloc();
4036 strlcpy(namebuf, fsname, ZFS_MAX_DATASET_NAME_LEN);
4039 * Get our dataset handle. The target dataset may not exist yet.
4041 if (zfs_dataset_exists(hdl, namebuf, ZFS_TYPE_DATASET)) {
4042 zhp = zfs_open(hdl, namebuf, ZFS_TYPE_DATASET);
4049 /* open the zpool handle */
4050 cp = strchr(namebuf, '/');
4053 zpool_hdl = zpool_open(hdl, namebuf);
4054 if (zpool_hdl == NULL) {
4059 /* restore namebuf to match fsname for later use */
4064 * first iteration: process excluded (-x) properties now and gather
4065 * added (-o) properties to be later processed by zfs_valid_proplist()
4068 while ((nvp = nvlist_next_nvpair(cmdprops, nvp)) != NULL) {
4069 const char *name = nvpair_name(nvp);
4070 zfs_prop_t prop = zfs_name_to_prop(name);
4073 * It turns out, if we don't normalize "aliased" names
4074 * e.g. compress= against the "real" names (e.g. compression)
4075 * here, then setting/excluding them does not work as
4078 * But since user-defined properties wouldn't have a valid
4079 * mapping here, we do this conditional dance.
4081 const char *newname = name;
4082 if (prop >= ZFS_PROP_TYPE)
4083 newname = zfs_prop_to_name(prop);
4085 /* "origin" is processed separately, don't handle it here */
4086 if (prop == ZFS_PROP_ORIGIN)
4089 /* raw streams can't override encryption properties */
4090 if ((zfs_prop_encryption_key_param(prop) ||
4091 prop == ZFS_PROP_ENCRYPTION) && raw) {
4092 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4093 "encryption property '%s' cannot "
4094 "be set or excluded for raw streams."), name);
4095 ret = zfs_error(hdl, EZFS_BADPROP, errbuf);
4099 /* incremental streams can only exclude encryption properties */
4100 if ((zfs_prop_encryption_key_param(prop) ||
4101 prop == ZFS_PROP_ENCRYPTION) && !newfs &&
4102 nvpair_type(nvp) != DATA_TYPE_BOOLEAN) {
4103 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4104 "encryption property '%s' cannot "
4105 "be set for incremental streams."), name);
4106 ret = zfs_error(hdl, EZFS_BADPROP, errbuf);
4110 switch (nvpair_type(nvp)) {
4111 case DATA_TYPE_BOOLEAN: /* -x property */
4113 * DATA_TYPE_BOOLEAN is the way we're asked to "exclude"
4114 * a property: this is done by forcing an explicit
4115 * inherit on the destination so the effective value is
4116 * not the one we received from the send stream.
4118 if (!zfs_prop_valid_for_type(prop, type, B_FALSE) &&
4119 !zfs_prop_user(name)) {
4120 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
4121 "Warning: %s: property '%s' does not "
4122 "apply to datasets of this type\n"),
4127 * We do this only if the property is not already
4128 * locally-set, in which case its value will take
4129 * priority over the received anyway.
4131 if (nvlist_exists(origprops, newname)) {
4133 char *source = NULL;
4135 attrs = fnvlist_lookup_nvlist(origprops,
4137 if (nvlist_lookup_string(attrs,
4138 ZPROP_SOURCE, &source) == 0 &&
4139 strcmp(source, ZPROP_SOURCE_VAL_RECVD) != 0)
4143 * We can't force an explicit inherit on non-inheritable
4144 * properties: if we're asked to exclude this kind of
4145 * values we remove them from "recvprops" input nvlist.
4147 if (!zfs_prop_user(name) && /* can be inherited too */
4148 !zfs_prop_inheritable(prop) &&
4149 nvlist_exists(recvprops, newname))
4150 fnvlist_remove(recvprops, newname);
4152 fnvlist_add_boolean(*oxprops, newname);
4154 case DATA_TYPE_STRING: /* -o property=value */
4156 * we're trying to override a property that does not
4157 * make sense for this type of dataset, but we don't
4158 * want to fail if the receive is recursive: this comes
4159 * in handy when the send stream contains, for
4160 * instance, a child ZVOL and we're trying to receive
4161 * it with "-o atime=on"
4163 if (!zfs_prop_valid_for_type(prop, type, B_FALSE) &&
4164 !zfs_prop_user(name)) {
4167 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4168 "property '%s' does not apply to datasets "
4169 "of this type"), name);
4170 ret = zfs_error(hdl, EZFS_BADPROP, errbuf);
4173 fnvlist_add_string(oprops, newname,
4174 fnvpair_value_string(nvp));
4177 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4178 "property '%s' must be a string or boolean"), name);
4179 ret = zfs_error(hdl, EZFS_BADPROP, errbuf);
4185 /* convert override strings properties to native */
4186 if ((voprops = zfs_valid_proplist(hdl, ZFS_TYPE_DATASET,
4187 oprops, zoned, zhp, zpool_hdl, B_FALSE, errbuf)) == NULL) {
4188 ret = zfs_error(hdl, EZFS_BADPROP, errbuf);
4193 * zfs_crypto_create() requires the parent name. Get it
4194 * by truncating the fsname copy stored in namebuf.
4196 cp = strrchr(namebuf, '/');
4200 if (!raw && zfs_crypto_create(hdl, namebuf, voprops, NULL,
4201 B_FALSE, wkeydata_out, wkeylen_out) != 0) {
4202 fnvlist_free(voprops);
4203 ret = zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf);
4207 /* second pass: process "-o" properties */
4208 fnvlist_merge(*oxprops, voprops);
4209 fnvlist_free(voprops);
4211 /* override props on child dataset are inherited */
4213 while ((nvp = nvlist_next_nvpair(oprops, nvp)) != NULL) {
4214 const char *name = nvpair_name(nvp);
4215 fnvlist_add_boolean(*oxprops, name);
4222 if (zpool_hdl != NULL)
4223 zpool_close(zpool_hdl);
4224 fnvlist_free(oprops);
4229 * Restores a backup of tosnap from the file descriptor specified by infd.
4232 zfs_receive_one(libzfs_handle_t *hdl, int infd, const char *tosnap,
4233 const char *originsnap, recvflags_t *flags, dmu_replay_record_t *drr,
4234 dmu_replay_record_t *drr_noswap, const char *sendfs, nvlist_t *stream_nv,
4235 avl_tree_t *stream_avl, char **top_zfs,
4236 const char *finalsnap, nvlist_t *cmdprops)
4238 struct timespec begin_time;
4239 int ioctl_err, ioctl_errno, err;
4241 struct drr_begin *drrb = &drr->drr_u.drr_begin;
4243 const char *chopprefix;
4244 boolean_t newfs = B_FALSE;
4245 boolean_t stream_wantsnewfs, stream_resumingnewfs;
4246 boolean_t newprops = B_FALSE;
4247 uint64_t read_bytes = 0;
4248 uint64_t errflags = 0;
4249 uint64_t parent_snapguid = 0;
4250 prop_changelist_t *clp = NULL;
4251 nvlist_t *snapprops_nvlist = NULL;
4252 nvlist_t *snapholds_nvlist = NULL;
4253 zprop_errflags_t prop_errflags;
4254 nvlist_t *prop_errors = NULL;
4255 boolean_t recursive;
4256 char *snapname = NULL;
4257 char destsnap[MAXPATHLEN * 2];
4258 char origin[MAXNAMELEN] = {0};
4259 char name[MAXPATHLEN];
4260 char tmp_keylocation[MAXNAMELEN] = {0};
4261 nvlist_t *rcvprops = NULL; /* props received from the send stream */
4262 nvlist_t *oxprops = NULL; /* override (-o) and exclude (-x) props */
4263 nvlist_t *origprops = NULL; /* original props (if destination exists) */
4264 zfs_type_t type = ZFS_TYPE_INVALID;
4265 boolean_t toplevel = B_FALSE;
4266 boolean_t zoned = B_FALSE;
4267 boolean_t hastoken = B_FALSE;
4269 uint8_t *wkeydata = NULL;
4272 #ifndef CLOCK_MONOTONIC_RAW
4273 #define CLOCK_MONOTONIC_RAW CLOCK_MONOTONIC
4275 clock_gettime(CLOCK_MONOTONIC_RAW, &begin_time);
4277 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
4280 recursive = (nvlist_lookup_boolean(stream_nv, "not_recursive") ==
4283 /* Did the user request holds be skipped via zfs recv -k? */
4284 boolean_t holds = flags->holds && !flags->skipholds;
4286 if (stream_avl != NULL) {
4287 char *keylocation = NULL;
4288 nvlist_t *lookup = NULL;
4289 nvlist_t *fs = fsavl_find(stream_avl, drrb->drr_toguid,
4292 (void) nvlist_lookup_uint64(fs, "parentfromsnap",
4294 err = nvlist_lookup_nvlist(fs, "props", &rcvprops);
4296 rcvprops = fnvlist_alloc();
4301 * The keylocation property may only be set on encryption roots,
4302 * but this dataset might not become an encryption root until
4303 * recv_fix_encryption_hierarchy() is called. That function
4304 * will fixup the keylocation anyway, so we temporarily unset
4305 * the keylocation for now to avoid any errors from the receive
4308 err = nvlist_lookup_string(rcvprops,
4309 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);
4311 strcpy(tmp_keylocation, keylocation);
4312 (void) nvlist_remove_all(rcvprops,
4313 zfs_prop_to_name(ZFS_PROP_KEYLOCATION));
4316 if (flags->canmountoff) {
4317 fnvlist_add_uint64(rcvprops,
4318 zfs_prop_to_name(ZFS_PROP_CANMOUNT), 0);
4319 } else if (newprops) { /* nothing in rcvprops, eliminate it */
4320 fnvlist_free(rcvprops);
4324 if (0 == nvlist_lookup_nvlist(fs, "snapprops", &lookup)) {
4325 snapprops_nvlist = fnvlist_lookup_nvlist(lookup,
4329 if (0 == nvlist_lookup_nvlist(fs, "snapholds",
4331 snapholds_nvlist = fnvlist_lookup_nvlist(
4340 * Determine how much of the snapshot name stored in the stream
4341 * we are going to tack on to the name they specified on the
4342 * command line, and how much we are going to chop off.
4344 * If they specified a snapshot, chop the entire name stored in
4347 if (flags->istail) {
4349 * A filesystem was specified with -e. We want to tack on only
4350 * the tail of the sent snapshot path.
4352 if (strchr(tosnap, '@')) {
4353 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid "
4354 "argument - snapshot not allowed with -e"));
4355 err = zfs_error(hdl, EZFS_INVALIDNAME, errbuf);
4359 chopprefix = strrchr(sendfs, '/');
4361 if (chopprefix == NULL) {
4363 * The tail is the poolname, so we need to
4364 * prepend a path separator.
4366 int len = strlen(drrb->drr_toname);
4367 cp = malloc(len + 2);
4369 (void) strcpy(&cp[1], drrb->drr_toname);
4372 chopprefix = drrb->drr_toname + (chopprefix - sendfs);
4374 } else if (flags->isprefix) {
4376 * A filesystem was specified with -d. We want to tack on
4377 * everything but the first element of the sent snapshot path
4378 * (all but the pool name).
4380 if (strchr(tosnap, '@')) {
4381 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid "
4382 "argument - snapshot not allowed with -d"));
4383 err = zfs_error(hdl, EZFS_INVALIDNAME, errbuf);
4387 chopprefix = strchr(drrb->drr_toname, '/');
4388 if (chopprefix == NULL)
4389 chopprefix = strchr(drrb->drr_toname, '@');
4390 } else if (strchr(tosnap, '@') == NULL) {
4392 * If a filesystem was specified without -d or -e, we want to
4393 * tack on everything after the fs specified by 'zfs send'.
4395 chopprefix = drrb->drr_toname + strlen(sendfs);
4397 /* A snapshot was specified as an exact path (no -d or -e). */
4399 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4400 "cannot specify snapshot name for multi-snapshot "
4402 err = zfs_error(hdl, EZFS_BADSTREAM, errbuf);
4405 chopprefix = drrb->drr_toname + strlen(drrb->drr_toname);
4408 ASSERT(strstr(drrb->drr_toname, sendfs) == drrb->drr_toname);
4409 ASSERT(chopprefix > drrb->drr_toname || strchr(sendfs, '/') == NULL);
4410 ASSERT(chopprefix <= drrb->drr_toname + strlen(drrb->drr_toname) ||
4411 strchr(sendfs, '/') == NULL);
4412 ASSERT(chopprefix[0] == '/' || chopprefix[0] == '@' ||
4413 chopprefix[0] == '\0');
4416 * Determine name of destination snapshot.
4418 (void) strlcpy(destsnap, tosnap, sizeof (destsnap));
4419 (void) strlcat(destsnap, chopprefix, sizeof (destsnap));
4421 if (!zfs_name_valid(destsnap, ZFS_TYPE_SNAPSHOT)) {
4422 err = zfs_error(hdl, EZFS_INVALIDNAME, errbuf);
4427 * Determine the name of the origin snapshot.
4430 (void) strlcpy(origin, originsnap, sizeof (origin));
4432 (void) printf("using provided clone origin %s\n",
4434 } else if (drrb->drr_flags & DRR_FLAG_CLONE) {
4435 if (guid_to_name(hdl, destsnap,
4436 drrb->drr_fromguid, B_FALSE, origin) != 0) {
4437 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4438 "local origin for clone %s does not exist"),
4440 err = zfs_error(hdl, EZFS_NOENT, errbuf);
4444 (void) printf("found clone origin %s\n", origin);
4447 if ((DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo) &
4448 DMU_BACKUP_FEATURE_DEDUP)) {
4449 (void) fprintf(stderr,
4450 gettext("ERROR: \"zfs receive\" no longer supports "
4451 "deduplicated send streams. Use\n"
4452 "the \"zstream redup\" command to convert this stream "
4454 "non-deduplicated stream.\n"));
4455 err = zfs_error(hdl, EZFS_NOTSUP, errbuf);
4459 boolean_t resuming = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo) &
4460 DMU_BACKUP_FEATURE_RESUMING;
4461 boolean_t raw = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo) &
4462 DMU_BACKUP_FEATURE_RAW;
4463 boolean_t embedded = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo) &
4464 DMU_BACKUP_FEATURE_EMBED_DATA;
4465 stream_wantsnewfs = (drrb->drr_fromguid == 0 ||
4466 (drrb->drr_flags & DRR_FLAG_CLONE) || originsnap) && !resuming;
4467 stream_resumingnewfs = (drrb->drr_fromguid == 0 ||
4468 (drrb->drr_flags & DRR_FLAG_CLONE) || originsnap) && resuming;
4470 if (stream_wantsnewfs) {
4472 * if the parent fs does not exist, look for it based on
4473 * the parent snap GUID
4475 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
4476 "cannot receive new filesystem stream"));
4478 (void) strcpy(name, destsnap);
4479 cp = strrchr(name, '/');
4483 !zfs_dataset_exists(hdl, name, ZFS_TYPE_DATASET)) {
4484 char suffix[ZFS_MAX_DATASET_NAME_LEN];
4485 (void) strcpy(suffix, strrchr(destsnap, '/'));
4486 if (guid_to_name(hdl, name, parent_snapguid,
4487 B_FALSE, destsnap) == 0) {
4488 *strchr(destsnap, '@') = '\0';
4489 (void) strcat(destsnap, suffix);
4494 * If the fs does not exist, look for it based on the
4498 (void) snprintf(errbuf, sizeof (errbuf),
4499 dgettext(TEXT_DOMAIN,
4500 "cannot receive resume stream"));
4502 (void) snprintf(errbuf, sizeof (errbuf),
4503 dgettext(TEXT_DOMAIN,
4504 "cannot receive incremental stream"));
4507 (void) strcpy(name, destsnap);
4508 *strchr(name, '@') = '\0';
4511 * If the exact receive path was specified and this is the
4512 * topmost path in the stream, then if the fs does not exist we
4513 * should look no further.
4515 if ((flags->isprefix || (*(chopprefix = drrb->drr_toname +
4516 strlen(sendfs)) != '\0' && *chopprefix != '@')) &&
4517 !zfs_dataset_exists(hdl, name, ZFS_TYPE_DATASET)) {
4518 char snap[ZFS_MAX_DATASET_NAME_LEN];
4519 (void) strcpy(snap, strchr(destsnap, '@'));
4520 if (guid_to_name(hdl, name, drrb->drr_fromguid,
4521 B_FALSE, destsnap) == 0) {
4522 *strchr(destsnap, '@') = '\0';
4523 (void) strcat(destsnap, snap);
4528 (void) strcpy(name, destsnap);
4529 *strchr(name, '@') = '\0';
4531 redacted = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo) &
4532 DMU_BACKUP_FEATURE_REDACTED;
4534 if (zfs_dataset_exists(hdl, name, ZFS_TYPE_DATASET)) {
4535 zfs_cmd_t zc = {"\0"};
4537 boolean_t encrypted;
4539 (void) strcpy(zc.zc_name, name);
4542 * Destination fs exists. It must be one of these cases:
4543 * - an incremental send stream
4544 * - the stream specifies a new fs (full stream or clone)
4545 * and they want us to blow away the existing fs (and
4546 * have therefore specified -F and removed any snapshots)
4547 * - we are resuming a failed receive.
4549 if (stream_wantsnewfs) {
4550 boolean_t is_volume = drrb->drr_type == DMU_OST_ZVOL;
4551 if (!flags->force) {
4552 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4553 "destination '%s' exists\n"
4554 "must specify -F to overwrite it"), name);
4555 err = zfs_error(hdl, EZFS_EXISTS, errbuf);
4558 if (zfs_ioctl(hdl, ZFS_IOC_SNAPSHOT_LIST_NEXT,
4560 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4561 "destination has snapshots (eg. %s)\n"
4562 "must destroy them to overwrite it"),
4564 err = zfs_error(hdl, EZFS_EXISTS, errbuf);
4567 if (is_volume && strrchr(name, '/') == NULL) {
4568 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4569 "destination %s is the root dataset\n"
4570 "cannot overwrite with a ZVOL"),
4572 err = zfs_error(hdl, EZFS_EXISTS, errbuf);
4576 zfs_ioctl(hdl, ZFS_IOC_DATASET_LIST_NEXT,
4578 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4579 "destination has children (eg. %s)\n"
4580 "cannot overwrite with a ZVOL"),
4582 err = zfs_error(hdl, EZFS_WRONG_PARENT, errbuf);
4587 if ((zhp = zfs_open(hdl, name,
4588 ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME)) == NULL) {
4593 if (stream_wantsnewfs &&
4594 zhp->zfs_dmustats.dds_origin[0]) {
4596 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4597 "destination '%s' is a clone\n"
4598 "must destroy it to overwrite it"), name);
4599 err = zfs_error(hdl, EZFS_EXISTS, errbuf);
4604 * Raw sends can not be performed as an incremental on top
4605 * of existing unencrypted datasets. zfs recv -F can't be
4606 * used to blow away an existing encrypted filesystem. This
4607 * is because it would require the dsl dir to point to the
4608 * new key (or lack of a key) and the old key at the same
4609 * time. The -F flag may still be used for deleting
4610 * intermediate snapshots that would otherwise prevent the
4611 * receive from working.
4613 encrypted = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) !=
4615 if (!stream_wantsnewfs && !encrypted && raw) {
4617 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4618 "cannot perform raw receive on top of "
4619 "existing unencrypted dataset"));
4620 err = zfs_error(hdl, EZFS_BADRESTORE, errbuf);
4624 if (stream_wantsnewfs && flags->force &&
4625 ((raw && !encrypted) || encrypted)) {
4627 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4628 "zfs receive -F cannot be used to destroy an "
4629 "encrypted filesystem or overwrite an "
4630 "unencrypted one with an encrypted one"));
4631 err = zfs_error(hdl, EZFS_BADRESTORE, errbuf);
4635 if (!flags->dryrun && zhp->zfs_type == ZFS_TYPE_FILESYSTEM &&
4636 (stream_wantsnewfs || stream_resumingnewfs)) {
4637 /* We can't do online recv in this case */
4638 clp = changelist_gather(zhp, ZFS_PROP_NAME, 0,
4639 flags->forceunmount ? MS_FORCE : 0);
4645 if (changelist_prefix(clp) != 0) {
4646 changelist_free(clp);
4654 * If we are resuming a newfs, set newfs here so that we will
4655 * mount it if the recv succeeds this time. We can tell
4656 * that it was a newfs on the first recv because the fs
4657 * itself will be inconsistent (if the fs existed when we
4658 * did the first recv, we would have received it into
4661 if (resuming && zfs_prop_get_int(zhp, ZFS_PROP_INCONSISTENT))
4664 /* we want to know if we're zoned when validating -o|-x props */
4665 zoned = zfs_prop_get_int(zhp, ZFS_PROP_ZONED);
4667 /* may need this info later, get it now we have zhp around */
4668 if (zfs_prop_get(zhp, ZFS_PROP_RECEIVE_RESUME_TOKEN, NULL, 0,
4669 NULL, NULL, 0, B_TRUE) == 0)
4672 /* gather existing properties on destination */
4673 origprops = fnvlist_alloc();
4674 fnvlist_merge(origprops, zhp->zfs_props);
4675 fnvlist_merge(origprops, zhp->zfs_user_props);
4682 * Destination filesystem does not exist. Therefore we better
4683 * be creating a new filesystem (either from a full backup, or
4684 * a clone). It would therefore be invalid if the user
4685 * specified only the pool name (i.e. if the destination name
4686 * contained no slash character).
4688 cp = strrchr(name, '/');
4690 if (!stream_wantsnewfs || cp == NULL) {
4691 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4692 "destination '%s' does not exist"), name);
4693 err = zfs_error(hdl, EZFS_NOENT, errbuf);
4698 * Trim off the final dataset component so we perform the
4699 * recvbackup ioctl to the filesystems's parent.
4703 if (flags->isprefix && !flags->istail && !flags->dryrun &&
4704 create_parents(hdl, destsnap, strlen(tosnap)) != 0) {
4705 err = zfs_error(hdl, EZFS_BADRESTORE, errbuf);
4709 /* validate parent */
4710 zhp = zfs_open(hdl, name, ZFS_TYPE_DATASET);
4712 err = zfs_error(hdl, EZFS_BADRESTORE, errbuf);
4715 if (zfs_get_type(zhp) != ZFS_TYPE_FILESYSTEM) {
4716 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4717 "parent '%s' is not a filesystem"), name);
4718 err = zfs_error(hdl, EZFS_WRONG_PARENT, errbuf);
4729 if (flags->verbose) {
4730 (void) printf("%s %s stream of %s into %s\n",
4731 flags->dryrun ? "would receive" : "receiving",
4732 drrb->drr_fromguid ? "incremental" : "full",
4733 drrb->drr_toname, destsnap);
4734 (void) fflush(stdout);
4738 * If this is the top-level dataset, record it so we can use it
4739 * for recursive operations later.
4741 if (top_zfs != NULL &&
4742 (*top_zfs == NULL || strcmp(*top_zfs, name) == 0)) {
4744 if (*top_zfs == NULL)
4745 *top_zfs = zfs_strdup(hdl, name);
4748 if (drrb->drr_type == DMU_OST_ZVOL) {
4749 type = ZFS_TYPE_VOLUME;
4750 } else if (drrb->drr_type == DMU_OST_ZFS) {
4751 type = ZFS_TYPE_FILESYSTEM;
4753 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4754 "invalid record type: 0x%d"), drrb->drr_type);
4755 err = zfs_error(hdl, EZFS_BADSTREAM, errbuf);
4758 if ((err = zfs_setup_cmdline_props(hdl, type, name, zoned, recursive,
4759 stream_wantsnewfs, raw, toplevel, rcvprops, cmdprops, origprops,
4760 &oxprops, &wkeydata, &wkeylen, errbuf)) != 0)
4764 * When sending with properties (zfs send -p), the encryption property
4765 * is not included because it is a SETONCE property and therefore
4766 * treated as read only. However, we are always able to determine its
4767 * value because raw sends will include it in the DRR_BDEGIN payload
4768 * and non-raw sends with properties are not allowed for encrypted
4769 * datasets. Therefore, if this is a non-raw properties stream, we can
4770 * infer that the value should be ZIO_CRYPT_OFF and manually add that
4771 * to the received properties.
4773 if (stream_wantsnewfs && !raw && rcvprops != NULL &&
4774 !nvlist_exists(cmdprops, zfs_prop_to_name(ZFS_PROP_ENCRYPTION))) {
4775 if (oxprops == NULL)
4776 oxprops = fnvlist_alloc();
4777 fnvlist_add_uint64(oxprops,
4778 zfs_prop_to_name(ZFS_PROP_ENCRYPTION), ZIO_CRYPT_OFF);
4781 if (flags->dryrun) {
4782 void *buf = zfs_alloc(hdl, SPA_MAXBLOCKSIZE);
4785 * We have read the DRR_BEGIN record, but we have
4786 * not yet read the payload. For non-dryrun sends
4787 * this will be done by the kernel, so we must
4788 * emulate that here, before attempting to read
4791 err = recv_read(hdl, infd, buf, drr->drr_payloadlen,
4792 flags->byteswap, NULL);
4797 err = recv_skip(hdl, infd, flags->byteswap);
4801 err = ioctl_err = lzc_receive_with_cmdprops(destsnap, rcvprops,
4802 oxprops, wkeydata, wkeylen, origin, flags->force, flags->resumable,
4803 raw, infd, drr_noswap, -1, &read_bytes, &errflags,
4804 NULL, &prop_errors);
4805 ioctl_errno = ioctl_err;
4806 prop_errflags = errflags;
4809 nvpair_t *prop_err = NULL;
4811 while ((prop_err = nvlist_next_nvpair(prop_errors,
4812 prop_err)) != NULL) {
4817 prop = zfs_name_to_prop(nvpair_name(prop_err));
4818 (void) nvpair_value_int32(prop_err, &intval);
4819 if (strcmp(nvpair_name(prop_err),
4820 ZPROP_N_MORE_ERRORS) == 0) {
4821 trunc_prop_errs(intval);
4823 } else if (snapname == NULL || finalsnap == NULL ||
4824 strcmp(finalsnap, snapname) == 0 ||
4825 strcmp(nvpair_name(prop_err),
4826 zfs_prop_to_name(ZFS_PROP_REFQUOTA)) != 0) {
4828 * Skip the special case of, for example,
4829 * "refquota", errors on intermediate
4830 * snapshots leading up to a final one.
4831 * That's why we have all of the checks above.
4833 * See zfs_ioctl.c's extract_delay_props() for
4834 * a list of props which can fail on
4835 * intermediate snapshots, but shouldn't
4836 * affect the overall receive.
4838 (void) snprintf(tbuf, sizeof (tbuf),
4839 dgettext(TEXT_DOMAIN,
4840 "cannot receive %s property on %s"),
4841 nvpair_name(prop_err), name);
4842 zfs_setprop_error(hdl, prop, intval, tbuf);
4847 if (err == 0 && snapprops_nvlist) {
4848 zfs_cmd_t zc = {"\0"};
4850 (void) strcpy(zc.zc_name, destsnap);
4851 zc.zc_cookie = B_TRUE; /* received */
4852 zcmd_write_src_nvlist(hdl, &zc, snapprops_nvlist);
4853 (void) zfs_ioctl(hdl, ZFS_IOC_SET_PROP, &zc);
4854 zcmd_free_nvlists(&zc);
4856 if (err == 0 && snapholds_nvlist) {
4858 nvlist_t *holds, *errors = NULL;
4859 int cleanup_fd = -1;
4861 VERIFY(0 == nvlist_alloc(&holds, 0, KM_SLEEP));
4862 for (pair = nvlist_next_nvpair(snapholds_nvlist, NULL);
4864 pair = nvlist_next_nvpair(snapholds_nvlist, pair)) {
4865 fnvlist_add_string(holds, destsnap, nvpair_name(pair));
4867 (void) lzc_hold(holds, cleanup_fd, &errors);
4868 fnvlist_free(snapholds_nvlist);
4869 fnvlist_free(holds);
4872 if (err && (ioctl_errno == ENOENT || ioctl_errno == EEXIST)) {
4874 * It may be that this snapshot already exists,
4875 * in which case we want to consume & ignore it
4876 * rather than failing.
4878 avl_tree_t *local_avl;
4879 nvlist_t *local_nv, *fs;
4880 cp = strchr(destsnap, '@');
4883 * XXX Do this faster by just iterating over snaps in
4884 * this fs. Also if zc_value does not exist, we will
4885 * get a strange "does not exist" error message.
4888 if (gather_nvlist(hdl, destsnap, NULL, NULL, B_FALSE, B_TRUE,
4889 B_FALSE, B_FALSE, B_FALSE, B_FALSE, B_FALSE, B_FALSE,
4890 B_TRUE, &local_nv, &local_avl) == 0) {
4892 fs = fsavl_find(local_avl, drrb->drr_toguid, NULL);
4893 fsavl_destroy(local_avl);
4894 fnvlist_free(local_nv);
4897 if (flags->verbose) {
4898 (void) printf("snap %s already exists; "
4899 "ignoring\n", destsnap);
4901 err = ioctl_err = recv_skip(hdl, infd,
4908 if (ioctl_err != 0) {
4909 switch (ioctl_errno) {
4911 cp = strchr(destsnap, '@');
4913 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4914 "most recent snapshot of %s does not\n"
4915 "match incremental source"), destsnap);
4916 (void) zfs_error(hdl, EZFS_BADRESTORE, errbuf);
4920 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4921 "destination %s has been modified\n"
4922 "since most recent snapshot"), name);
4923 (void) zfs_error(hdl, EZFS_BADRESTORE, errbuf);
4926 if (raw && stream_wantsnewfs) {
4927 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4928 "failed to create encryption key"));
4929 } else if (raw && !stream_wantsnewfs) {
4930 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4931 "encryption key does not match "
4934 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4935 "inherited key must be loaded"));
4937 (void) zfs_error(hdl, EZFS_CRYPTOFAILED, errbuf);
4940 cp = strchr(destsnap, '@');
4942 /* it's the containing fs that exists */
4945 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4946 "destination already exists"));
4947 (void) zfs_error_fmt(hdl, EZFS_EXISTS,
4948 dgettext(TEXT_DOMAIN, "cannot restore to %s"),
4953 if (flags->resumable) {
4954 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4955 "kernel modules must be upgraded to "
4956 "receive this stream."));
4957 } else if (embedded && !raw) {
4958 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4959 "incompatible embedded data stream "
4960 "feature with encrypted receive."));
4962 (void) zfs_error(hdl, EZFS_BADSTREAM, errbuf);
4965 case ZFS_ERR_STREAM_TRUNCATED:
4966 recv_ecksum_set_aux(hdl, destsnap, flags->resumable,
4967 ioctl_err == ECKSUM);
4968 (void) zfs_error(hdl, EZFS_BADSTREAM, errbuf);
4970 case ZFS_ERR_STREAM_LARGE_BLOCK_MISMATCH:
4971 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4972 "incremental send stream requires -L "
4973 "(--large-block), to match previous receive."));
4974 (void) zfs_error(hdl, EZFS_BADSTREAM, errbuf);
4977 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4978 "pool must be upgraded to receive this stream."));
4979 (void) zfs_error(hdl, EZFS_BADVERSION, errbuf);
4982 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4983 "destination %s space quota exceeded."), name);
4984 (void) zfs_error(hdl, EZFS_NOSPC, errbuf);
4986 case ZFS_ERR_FROM_IVSET_GUID_MISSING:
4987 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4988 "IV set guid missing. See errata %u at "
4989 "https://openzfs.github.io/openzfs-docs/msg/"
4991 ZPOOL_ERRATA_ZOL_8308_ENCRYPTION);
4992 (void) zfs_error(hdl, EZFS_BADSTREAM, errbuf);
4994 case ZFS_ERR_FROM_IVSET_GUID_MISMATCH:
4995 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
4996 "IV set guid mismatch. See the 'zfs receive' "
4997 "man page section\n discussing the limitations "
4998 "of raw encrypted send streams."));
4999 (void) zfs_error(hdl, EZFS_BADSTREAM, errbuf);
5001 case ZFS_ERR_SPILL_BLOCK_FLAG_MISSING:
5002 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5003 "Spill block flag missing for raw send.\n"
5004 "The zfs software on the sending system must "
5006 (void) zfs_error(hdl, EZFS_BADSTREAM, errbuf);
5010 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5011 "destination %s contains "
5012 "partially-complete state from "
5013 "\"zfs receive -s\"."), name);
5014 (void) zfs_error(hdl, EZFS_BUSY, errbuf);
5019 (void) zfs_standard_error(hdl, ioctl_errno, errbuf);
5024 * Mount the target filesystem (if created). Also mount any
5025 * children of the target filesystem if we did a replication
5026 * receive (indicated by stream_avl being non-NULL).
5029 if (!flags->nomount)
5030 err |= changelist_postfix(clp);
5031 changelist_free(clp);
5034 if ((newfs || stream_avl) && type == ZFS_TYPE_FILESYSTEM && !redacted)
5035 flags->domount = B_TRUE;
5037 if (prop_errflags & ZPROP_ERR_NOCLEAR) {
5038 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, "Warning: "
5039 "failed to clear unreceived properties on %s"), name);
5040 (void) fprintf(stderr, "\n");
5042 if (prop_errflags & ZPROP_ERR_NORESTORE) {
5043 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, "Warning: "
5044 "failed to restore original properties on %s"), name);
5045 (void) fprintf(stderr, "\n");
5048 if (err || ioctl_err) {
5053 if (flags->verbose) {
5056 uint64_t bytes = read_bytes;
5057 struct timespec delta;
5058 clock_gettime(CLOCK_MONOTONIC_RAW, &delta);
5059 if (begin_time.tv_nsec > delta.tv_nsec) {
5061 1000000000 + delta.tv_nsec - begin_time.tv_nsec;
5064 delta.tv_nsec -= begin_time.tv_nsec;
5065 delta.tv_sec -= begin_time.tv_sec;
5066 if (delta.tv_sec == 0 && delta.tv_nsec == 0)
5068 double delta_f = delta.tv_sec + (delta.tv_nsec / 1e9);
5069 zfs_nicebytes(bytes, buf1, sizeof (buf1));
5070 zfs_nicebytes(bytes / delta_f, buf2, sizeof (buf2));
5072 (void) printf("received %s stream in %.2f seconds (%s/sec)\n",
5073 buf1, delta_f, buf2);
5078 if (prop_errors != NULL)
5079 fnvlist_free(prop_errors);
5081 if (tmp_keylocation[0] != '\0') {
5082 fnvlist_add_string(rcvprops,
5083 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), tmp_keylocation);
5087 fnvlist_free(rcvprops);
5089 fnvlist_free(oxprops);
5090 fnvlist_free(origprops);
5096 * Check properties we were asked to override (both -o|-x)
5099 zfs_receive_checkprops(libzfs_handle_t *hdl, nvlist_t *props,
5102 nvpair_t *nvp = NULL;
5106 while ((nvp = nvlist_next_nvpair(props, nvp)) != NULL) {
5107 name = nvpair_name(nvp);
5108 prop = zfs_name_to_prop(name);
5110 if (prop == ZPROP_INVAL) {
5111 if (!zfs_prop_user(name)) {
5112 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5113 "%s: invalid property '%s'"), errbuf, name);
5119 * "origin" is readonly but is used to receive datasets as
5120 * clones so we don't raise an error here
5122 if (prop == ZFS_PROP_ORIGIN)
5125 /* encryption params have their own verification later */
5126 if (prop == ZFS_PROP_ENCRYPTION ||
5127 zfs_prop_encryption_key_param(prop))
5131 * cannot override readonly, set-once and other specific
5132 * settable properties
5134 if (zfs_prop_readonly(prop) || prop == ZFS_PROP_VERSION ||
5135 prop == ZFS_PROP_VOLSIZE) {
5136 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5137 "%s: invalid property '%s'"), errbuf, name);
5146 zfs_receive_impl(libzfs_handle_t *hdl, const char *tosnap,
5147 const char *originsnap, recvflags_t *flags, int infd, const char *sendfs,
5148 nvlist_t *stream_nv, avl_tree_t *stream_avl, char **top_zfs,
5149 const char *finalsnap, nvlist_t *cmdprops)
5152 dmu_replay_record_t drr, drr_noswap;
5153 struct drr_begin *drrb = &drr.drr_u.drr_begin;
5155 zio_cksum_t zcksum = { { 0 } };
5156 uint64_t featureflags;
5159 (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
5162 /* check cmdline props, raise an error if they cannot be received */
5163 if (!zfs_receive_checkprops(hdl, cmdprops, errbuf))
5164 return (zfs_error(hdl, EZFS_BADPROP, errbuf));
5166 if (flags->isprefix &&
5167 !zfs_dataset_exists(hdl, tosnap, ZFS_TYPE_DATASET)) {
5168 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "specified fs "
5169 "(%s) does not exist"), tosnap);
5170 return (zfs_error(hdl, EZFS_NOENT, errbuf));
5173 !zfs_dataset_exists(hdl, originsnap, ZFS_TYPE_DATASET)) {
5174 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "specified origin fs "
5175 "(%s) does not exist"), originsnap);
5176 return (zfs_error(hdl, EZFS_NOENT, errbuf));
5179 /* read in the BEGIN record */
5180 if (0 != (err = recv_read(hdl, infd, &drr, sizeof (drr), B_FALSE,
5184 if (drr.drr_type == DRR_END || drr.drr_type == BSWAP_32(DRR_END)) {
5185 /* It's the double end record at the end of a package */
5189 /* the kernel needs the non-byteswapped begin record */
5192 flags->byteswap = B_FALSE;
5193 if (drrb->drr_magic == BSWAP_64(DMU_BACKUP_MAGIC)) {
5195 * We computed the checksum in the wrong byteorder in
5196 * recv_read() above; do it again correctly.
5198 memset(&zcksum, 0, sizeof (zio_cksum_t));
5199 fletcher_4_incremental_byteswap(&drr, sizeof (drr), &zcksum);
5200 flags->byteswap = B_TRUE;
5202 drr.drr_type = BSWAP_32(drr.drr_type);
5203 drr.drr_payloadlen = BSWAP_32(drr.drr_payloadlen);
5204 drrb->drr_magic = BSWAP_64(drrb->drr_magic);
5205 drrb->drr_versioninfo = BSWAP_64(drrb->drr_versioninfo);
5206 drrb->drr_creation_time = BSWAP_64(drrb->drr_creation_time);
5207 drrb->drr_type = BSWAP_32(drrb->drr_type);
5208 drrb->drr_flags = BSWAP_32(drrb->drr_flags);
5209 drrb->drr_toguid = BSWAP_64(drrb->drr_toguid);
5210 drrb->drr_fromguid = BSWAP_64(drrb->drr_fromguid);
5213 if (drrb->drr_magic != DMU_BACKUP_MAGIC || drr.drr_type != DRR_BEGIN) {
5214 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid "
5215 "stream (bad magic number)"));
5216 return (zfs_error(hdl, EZFS_BADSTREAM, errbuf));
5219 featureflags = DMU_GET_FEATUREFLAGS(drrb->drr_versioninfo);
5220 hdrtype = DMU_GET_STREAM_HDRTYPE(drrb->drr_versioninfo);
5222 if (!DMU_STREAM_SUPPORTED(featureflags) ||
5223 (hdrtype != DMU_SUBSTREAM && hdrtype != DMU_COMPOUNDSTREAM)) {
5225 * Let's be explicit about this one, since rather than
5226 * being a new feature we can't know, it's an old
5227 * feature we dropped.
5229 if (featureflags & DMU_BACKUP_FEATURE_DEDUP) {
5230 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5231 "stream has deprecated feature: dedup, try "
5232 "'zstream redup [send in a file] | zfs recv "
5235 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
5236 "stream has unsupported feature, feature flags = "
5237 "%llx (unknown flags = %llx)"),
5238 (u_longlong_t)featureflags,
5239 (u_longlong_t)((featureflags) &
5240 ~DMU_BACKUP_FEATURE_MASK));
5242 return (zfs_error(hdl, EZFS_BADSTREAM, errbuf));
5245 /* Holds feature is set once in the compound stream header. */
5246 if (featureflags & DMU_BACKUP_FEATURE_HOLDS)
5247 flags->holds = B_TRUE;
5249 if (strchr(drrb->drr_toname, '@') == NULL) {
5250 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "invalid "
5251 "stream (bad snapshot name)"));
5252 return (zfs_error(hdl, EZFS_BADSTREAM, errbuf));
5255 if (DMU_GET_STREAM_HDRTYPE(drrb->drr_versioninfo) == DMU_SUBSTREAM) {
5256 char nonpackage_sendfs[ZFS_MAX_DATASET_NAME_LEN];
5257 if (sendfs == NULL) {
5259 * We were not called from zfs_receive_package(). Get
5260 * the fs specified by 'zfs send'.
5263 (void) strlcpy(nonpackage_sendfs,
5264 drr.drr_u.drr_begin.drr_toname,
5265 sizeof (nonpackage_sendfs));
5266 if ((cp = strchr(nonpackage_sendfs, '@')) != NULL)
5268 sendfs = nonpackage_sendfs;
5269 VERIFY(finalsnap == NULL);
5271 return (zfs_receive_one(hdl, infd, tosnap, originsnap, flags,
5272 &drr, &drr_noswap, sendfs, stream_nv, stream_avl, top_zfs,
5273 finalsnap, cmdprops));
5275 assert(DMU_GET_STREAM_HDRTYPE(drrb->drr_versioninfo) ==
5276 DMU_COMPOUNDSTREAM);
5277 return (zfs_receive_package(hdl, infd, tosnap, flags, &drr,
5278 &zcksum, top_zfs, cmdprops));
5283 * Restores a backup of tosnap from the file descriptor specified by infd.
5284 * Return 0 on total success, -2 if some things couldn't be
5285 * destroyed/renamed/promoted, -1 if some things couldn't be received.
5286 * (-1 will override -2, if -1 and the resumable flag was specified the
5287 * transfer can be resumed if the sending side supports it).
5290 zfs_receive(libzfs_handle_t *hdl, const char *tosnap, nvlist_t *props,
5291 recvflags_t *flags, int infd, avl_tree_t *stream_avl)
5293 char *top_zfs = NULL;
5296 char *originsnap = NULL;
5299 * The only way fstat can fail is if we do not have a valid file
5302 if (fstat(infd, &sb) == -1) {
5308 err = nvlist_lookup_string(props, "origin", &originsnap);
5309 if (err && err != ENOENT)
5313 err = zfs_receive_impl(hdl, tosnap, originsnap, flags, infd, NULL, NULL,
5314 stream_avl, &top_zfs, NULL, props);
5316 if (err == 0 && !flags->nomount && flags->domount && top_zfs) {
5317 zfs_handle_t *zhp = NULL;
5318 prop_changelist_t *clp = NULL;
5320 zhp = zfs_open(hdl, top_zfs,
5321 ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
5326 if (zhp->zfs_type == ZFS_TYPE_VOLUME) {
5331 clp = changelist_gather(zhp, ZFS_PROP_MOUNTPOINT,
5332 CL_GATHER_MOUNT_ALWAYS,
5333 flags->forceunmount ? MS_FORCE : 0);
5340 /* mount and share received datasets */
5341 err = changelist_postfix(clp);
5342 changelist_free(clp);