2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1980, 1993
5 * The Regents of the University of California. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 static const char copyright[] =
35 "@(#) Copyright (c) 1980, 1993\n\
36 The Regents of the University of California. All rights reserved.\n";
40 static char sccsid[] = "From: @(#)swapon.c 8.1 (Berkeley) 6/5/93";
43 #include <sys/cdefs.h>
44 __FBSDID("$FreeBSD$");
46 #include <sys/param.h>
47 #include <sys/capsicum.h>
49 #include <sys/socket.h>
50 #include <sys/sysctl.h>
67 #include <arpa/inet.h>
70 #include <net/if_dl.h>
71 #include <net/route.h>
73 #include <netinet/in.h>
74 #include <netinet/netdump/netdump.h>
77 #include <openssl/err.h>
78 #include <openssl/pem.h>
79 #include <openssl/rsa.h>
88 "usage: dumpon [-v] [-k <pubkey>] [-Zz] <device>\n"
89 " dumpon [-v] [-k <pubkey>] [-Zz]\n"
90 " [-g <gateway>|default] -s <server> -c <client> <iface>\n"
97 * Look for a default route on the specified interface.
100 find_gateway(const char *ifname)
102 struct ifaddrs *ifa, *ifap;
103 struct rt_msghdr *rtm;
105 struct sockaddr_dl *sdl;
106 struct sockaddr_in *dst, *mask, *gw;
107 char *buf, *next, *ret;
109 int error, i, ifindex, mib[7];
113 /* First look up the interface index. */
114 if (getifaddrs(&ifap) != 0)
115 err(EX_OSERR, "getifaddrs");
116 for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) {
117 if (ifa->ifa_addr->sa_family != AF_LINK)
119 if (strcmp(ifa->ifa_name, ifname) == 0) {
120 sdl = (struct sockaddr_dl *)(void *)ifa->ifa_addr;
121 ifindex = sdl->sdl_index;
126 errx(1, "couldn't find interface index for '%s'", ifname);
129 /* Now get the IPv4 routing table. */
134 mib[4] = NET_RT_DUMP;
136 mib[6] = -1; /* FIB */
139 if (sysctl(mib, nitems(mib), NULL, &sz, NULL, 0) != 0)
140 err(EX_OSERR, "sysctl(NET_RT_DUMP)");
142 error = sysctl(mib, nitems(mib), buf, &sz, NULL, 0);
146 err(EX_OSERR, "sysctl(NET_RT_DUMP)");
150 for (next = buf; next < buf + sz; next += rtm->rtm_msglen) {
151 rtm = (struct rt_msghdr *)(void *)next;
152 if (rtm->rtm_version != RTM_VERSION)
154 if ((rtm->rtm_flags & RTF_GATEWAY) == 0 ||
155 rtm->rtm_index != ifindex)
158 dst = gw = mask = NULL;
159 sa = (struct sockaddr *)(rtm + 1);
160 for (i = 0; i < RTAX_MAX; i++) {
161 if ((rtm->rtm_addrs & (1 << i)) != 0) {
174 sa = (struct sockaddr *)((char *)sa + SA_SIZE(sa));
177 if (dst->sin_addr.s_addr == INADDR_ANY &&
178 mask->sin_addr.s_addr == 0) {
179 ret = inet_ntoa(gw->sin_addr);
188 check_size(int fd, const char *fn)
190 int name[] = { CTL_HW, HW_PHYSMEM };
191 size_t namelen = nitems(name);
192 unsigned long physmem;
197 len = sizeof(minidump);
198 if (sysctlbyname("debug.minidump", &minidump, &len, NULL, 0) == 0 &&
201 len = sizeof(physmem);
202 if (sysctl(name, namelen, &physmem, &len, NULL, 0) != 0)
203 err(EX_OSERR, "can't get memory size");
204 if (ioctl(fd, DIOCGMEDIASIZE, &mediasize) != 0)
205 err(EX_OSERR, "%s: can't get size", fn);
206 if ((uintmax_t)mediasize < (uintmax_t)physmem) {
208 printf("%s is smaller than physical memory\n", fn);
215 genkey(const char *pubkeyfile, struct diocskerneldump_arg *kdap)
220 assert(pubkeyfile != NULL);
221 assert(kdap != NULL);
226 fp = fopen(pubkeyfile, "r");
228 err(1, "Unable to open %s", pubkeyfile);
230 if (cap_enter() < 0 && errno != ENOSYS)
231 err(1, "Unable to enter capability mode");
234 if (pubkey == NULL) {
235 errx(1, "Unable to allocate an RSA structure: %s",
236 ERR_error_string(ERR_get_error(), NULL));
239 pubkey = PEM_read_RSA_PUBKEY(fp, &pubkey, NULL, NULL);
243 errx(1, "Unable to read data from %s.", pubkeyfile);
245 kdap->kda_encryptedkeysize = RSA_size(pubkey);
246 if (kdap->kda_encryptedkeysize > KERNELDUMP_ENCKEY_MAX_SIZE) {
247 errx(1, "Public key has to be at most %db long.",
248 8 * KERNELDUMP_ENCKEY_MAX_SIZE);
251 kdap->kda_encryptedkey = calloc(1, kdap->kda_encryptedkeysize);
252 if (kdap->kda_encryptedkey == NULL)
253 err(1, "Unable to allocate encrypted key");
255 kdap->kda_encryption = KERNELDUMP_ENC_AES_256_CBC;
256 arc4random_buf(kdap->kda_key, sizeof(kdap->kda_key));
257 if (RSA_public_encrypt(sizeof(kdap->kda_key), kdap->kda_key,
258 kdap->kda_encryptedkey, pubkey,
259 RSA_PKCS1_PADDING) != (int)kdap->kda_encryptedkeysize) {
260 errx(1, "Unable to encrypt the one-time key.");
269 char dumpdev[PATH_MAX];
270 struct netdump_conf ndconf;
272 const char *sysctlname = "kern.shutdown.dumpdevname";
275 len = sizeof(dumpdev);
276 if (sysctlbyname(sysctlname, &dumpdev, &len, NULL, 0) != 0) {
277 if (errno == ENOMEM) {
278 err(EX_OSERR, "Kernel returned too large of a buffer for '%s'\n",
281 err(EX_OSERR, "Sysctl get '%s'\n", sysctlname);
284 if (strlen(dumpdev) == 0)
285 (void)strlcpy(dumpdev, _PATH_DEVNULL, sizeof(dumpdev));
288 printf("kernel dumps on ");
289 printf("%s\n", dumpdev);
291 /* If netdump is enabled, print the configuration parameters. */
293 fd = open(_PATH_NETDUMP, O_RDONLY);
296 err(EX_OSERR, "opening %s", _PATH_NETDUMP);
299 if (ioctl(fd, NETDUMPGCONF, &ndconf) != 0) {
301 err(EX_OSERR, "ioctl(NETDUMPGCONF)");
306 printf("server address: %s\n", inet_ntoa(ndconf.ndc_server));
307 printf("client address: %s\n", inet_ntoa(ndconf.ndc_client));
308 printf("gateway address: %s\n", inet_ntoa(ndconf.ndc_gateway));
314 opendumpdev(const char *arg, char *dumpdev)
318 if (strncmp(arg, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0)
319 strlcpy(dumpdev, arg, PATH_MAX);
321 i = snprintf(dumpdev, PATH_MAX, "%s%s", _PATH_DEV, arg);
323 err(EX_OSERR, "%s", arg);
325 errc(EX_DATAERR, EINVAL, "%s", arg);
328 fd = open(dumpdev, O_RDONLY);
330 err(EX_OSFILE, "%s", dumpdev);
335 main(int argc, char *argv[])
337 char dumpdev[PATH_MAX];
338 struct diocskerneldump_arg _kda, *kdap;
339 struct netdump_conf ndconf;
340 struct addrinfo hints, *res;
341 const char *dev, *pubkeyfile, *server, *client, *gateway;
343 bool enable, gzip, list, netdump, zstd;
345 gzip = list = netdump = zstd = false;
348 server = client = gateway = NULL;
350 while ((ch = getopt(argc, argv, "c:g:k:ls:vZz")) != -1)
381 errx(EX_USAGE, "The -z and -Z options are mutually exclusive.");
395 if (pubkeyfile != NULL)
396 errx("Unable to use the public key. Recompile dumpon with OpenSSL support.");
399 if (server != NULL && client != NULL) {
403 kdap = &ndconf.ndc_kda;
404 } else if (server == NULL && client == NULL && argc > 0) {
405 enable = strcmp(argv[0], "off") != 0;
406 dev = enable ? argv[0] : _PATH_DEVNULL;
412 fd = opendumpdev(dev, dumpdev);
413 if (!netdump && !gzip)
414 check_size(fd, dumpdev);
416 bzero(kdap, sizeof(*kdap));
417 kdap->kda_enable = 0;
418 if (ioctl(fd, DIOCSKERNELDUMP, kdap) != 0)
419 err(EX_OSERR, "ioctl(DIOCSKERNELDUMP)");
423 explicit_bzero(kdap, sizeof(*kdap));
424 kdap->kda_enable = 1;
425 kdap->kda_compression = KERNELDUMP_COMP_NONE;
427 kdap->kda_compression = KERNELDUMP_COMP_ZSTD;
429 kdap->kda_compression = KERNELDUMP_COMP_GZIP;
432 memset(&hints, 0, sizeof(hints));
433 hints.ai_family = AF_INET;
434 hints.ai_protocol = IPPROTO_UDP;
436 error = getaddrinfo(server, NULL, &hints, &res);
438 err(1, "%s", gai_strerror(error));
440 errx(1, "failed to resolve '%s'", server);
442 ((struct sockaddr_in *)(void *)res->ai_addr)->sin_addr);
445 if (strlcpy(ndconf.ndc_iface, argv[0],
446 sizeof(ndconf.ndc_iface)) >= sizeof(ndconf.ndc_iface))
447 errx(EX_USAGE, "invalid interface name '%s'", argv[0]);
448 if (inet_aton(server, &ndconf.ndc_server) == 0)
449 errx(EX_USAGE, "invalid server address '%s'", server);
450 if (inet_aton(client, &ndconf.ndc_client) == 0)
451 errx(EX_USAGE, "invalid client address '%s'", client);
455 else if (strcmp(gateway, "default") == 0 &&
456 (gateway = find_gateway(argv[0])) == NULL)
458 "failed to look up next-hop router for %s", server);
459 if (inet_aton(gateway, &ndconf.ndc_gateway) == 0)
460 errx(EX_USAGE, "invalid gateway address '%s'", gateway);
463 if (pubkeyfile != NULL)
464 genkey(pubkeyfile, kdap);
466 error = ioctl(fd, NETDUMPSCONF, &ndconf);
469 explicit_bzero(kdap->kda_encryptedkey,
470 kdap->kda_encryptedkeysize);
471 free(kdap->kda_encryptedkey);
472 explicit_bzero(kdap, sizeof(*kdap));
474 errc(EX_OSERR, error, "ioctl(NETDUMPSCONF)");
477 if (pubkeyfile != NULL)
478 genkey(pubkeyfile, kdap);
480 error = ioctl(fd, DIOCSKERNELDUMP, kdap);
483 explicit_bzero(kdap->kda_encryptedkey,
484 kdap->kda_encryptedkeysize);
485 free(kdap->kda_encryptedkey);
486 explicit_bzero(kdap, sizeof(*kdap));
488 errc(EX_OSERR, error, "ioctl(DIOCSKERNELDUMP)");
491 printf("kernel dumps on %s\n", dumpdev);