svn commit: r330551 - in user/markj/netdump: sbin/dumpon sys/netinet/netdump
Mark Johnston
markj at FreeBSD.org
Tue Mar 6 21:16:13 UTC 2018
Author: markj
Date: Tue Mar 6 21:16:12 2018
New Revision: 330551
URL: https://svnweb.freebsd.org/changeset/base/330551
Log:
Pass encryption and compression parameters when configuring netdump.
Modified:
user/markj/netdump/sbin/dumpon/dumpon.c
user/markj/netdump/sys/netinet/netdump/netdump.h
user/markj/netdump/sys/netinet/netdump/netdump_client.c
Modified: user/markj/netdump/sbin/dumpon/dumpon.c
==============================================================================
--- user/markj/netdump/sbin/dumpon/dumpon.c Tue Mar 6 21:15:35 2018 (r330550)
+++ user/markj/netdump/sbin/dumpon/dumpon.c Tue Mar 6 21:16:12 2018 (r330551)
@@ -212,13 +212,13 @@ check_size(int fd, const char *fn)
#ifdef HAVE_CRYPTO
static void
-genkey(const char *pubkeyfile, struct diocskerneldump_arg *kda)
+genkey(const char *pubkeyfile, struct diocskerneldump_arg *kdap)
{
FILE *fp;
RSA *pubkey;
assert(pubkeyfile != NULL);
- assert(kda != NULL);
+ assert(kdap != NULL);
fp = NULL;
pubkey = NULL;
@@ -242,21 +242,21 @@ genkey(const char *pubkeyfile, struct diocskerneldump_
if (pubkey == NULL)
errx(1, "Unable to read data from %s.", pubkeyfile);
- kda->kda_encryptedkeysize = RSA_size(pubkey);
- if (kda->kda_encryptedkeysize > KERNELDUMP_ENCKEY_MAX_SIZE) {
+ kdap->kda_encryptedkeysize = RSA_size(pubkey);
+ if (kdap->kda_encryptedkeysize > KERNELDUMP_ENCKEY_MAX_SIZE) {
errx(1, "Public key has to be at most %db long.",
8 * KERNELDUMP_ENCKEY_MAX_SIZE);
}
- kda->kda_encryptedkey = calloc(1, kda->kda_encryptedkeysize);
- if (kda->kda_encryptedkey == NULL)
+ kdap->kda_encryptedkey = calloc(1, kdap->kda_encryptedkeysize);
+ if (kdap->kda_encryptedkey == NULL)
err(1, "Unable to allocate encrypted key");
- kda->kda_encryption = KERNELDUMP_ENC_AES_256_CBC;
- arc4random_buf(kda->kda_key, sizeof(kda->kda_key));
- if (RSA_public_encrypt(sizeof(kda->kda_key), kda->kda_key,
- kda->kda_encryptedkey, pubkey,
- RSA_PKCS1_PADDING) != (int)kda->kda_encryptedkeysize) {
+ kdap->kda_encryption = KERNELDUMP_ENC_AES_256_CBC;
+ arc4random_buf(kdap->kda_key, sizeof(kdap->kda_key));
+ if (RSA_public_encrypt(sizeof(kdap->kda_key), kdap->kda_key,
+ kdap->kda_encryptedkey, pubkey,
+ RSA_PKCS1_PADDING) != (int)kdap->kda_encryptedkeysize) {
errx(1, "Unable to encrypt the one-time key.");
}
RSA_free(pubkey);
@@ -285,44 +285,70 @@ listdumpdev(void)
(void)strlcpy(dumpdev, _PATH_DEVNULL, sizeof(dumpdev));
if (verbose)
- printf("kernel dumps on %s\n", dumpdev);
+ printf("kernel dumps on ");
+ printf("%s\n", dumpdev);
/* If netdump is enabled, print the configuration parameters. */
- fd = open(_PATH_NETDUMP, O_RDONLY);
- if (fd < 0) {
- if (errno != ENOENT)
- err(EX_OSERR, "opening %s", _PATH_NETDUMP);
- return;
- }
- if (ioctl(fd, NETDUMPGCONF, &ndconf) != 0) {
- if (errno != ENXIO)
- err(EX_OSERR, "ioctl(NETDUMPGCONF)");
+ if (verbose) {
+ fd = open(_PATH_NETDUMP, O_RDONLY);
+ if (fd < 0) {
+ if (errno != ENOENT)
+ err(EX_OSERR, "opening %s", _PATH_NETDUMP);
+ return;
+ }
+ if (ioctl(fd, NETDUMPGCONF, &ndconf) != 0) {
+ if (errno != ENXIO)
+ err(EX_OSERR, "ioctl(NETDUMPGCONF)");
+ (void)close(fd);
+ return;
+ }
+
+ printf("server address: %s\n", inet_ntoa(ndconf.ndc_server));
+ printf("client address: %s\n", inet_ntoa(ndconf.ndc_client));
+ printf("gateway address: %s\n", inet_ntoa(ndconf.ndc_gateway));
(void)close(fd);
- return;
}
+}
- printf("server address: %s\n", inet_ntoa(ndconf.ndc_server));
- printf("client address: %s\n", inet_ntoa(ndconf.ndc_client));
- printf("gateway address: %s\n", inet_ntoa(ndconf.ndc_gateway));
- (void)close(fd);
+static int
+opendumpdev(const char *arg, char *dumpdev)
+{
+ int fd, i;
+
+ if (strncmp(arg, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0)
+ strlcpy(dumpdev, arg, PATH_MAX);
+ else {
+ i = snprintf(dumpdev, PATH_MAX, "%s%s", _PATH_DEV, arg);
+ if (i < 0)
+ err(EX_OSERR, "%s", arg);
+ if (i >= PATH_MAX)
+ errc(EX_DATAERR, EINVAL, "%s", arg);
+ }
+
+ fd = open(dumpdev, O_RDONLY);
+ if (fd < 0)
+ err(EX_OSFILE, "%s", dumpdev);
+ return (fd);
}
int
main(int argc, char *argv[])
{
+ char dumpdev[PATH_MAX];
+ struct diocskerneldump_arg _kda, *kdap;
struct netdump_conf ndconf;
- struct diocskerneldump_arg kda;
struct addrinfo hints, *res;
const char *dev, *pubkeyfile, *server, *client, *gateway;
- int ch, do_listdumpdev = 0, error, fd, i;
- bool enable, gzip, zstd;
+ int ch, error, fd;
+ bool enable, gzip, list, netdump, zstd;
- gzip = zstd = false;
+ gzip = list = netdump = zstd = false;
+ kdap = NULL;
pubkeyfile = NULL;
server = client = gateway = NULL;
while ((ch = getopt(argc, argv, "c:g:k:ls:vZz")) != -1)
- switch((char)ch) {
+ switch ((char)ch) {
case 'c':
client = optarg;
break;
@@ -333,7 +359,7 @@ main(int argc, char *argv[])
pubkeyfile = optarg;
break;
case 'l':
- do_listdumpdev = 1;
+ list = true;
break;
case 's':
server = optarg;
@@ -357,7 +383,7 @@ main(int argc, char *argv[])
argc -= optind;
argv += optind;
- if (do_listdumpdev) {
+ if (list) {
listdumpdev();
exit(EX_OK);
}
@@ -365,22 +391,44 @@ main(int argc, char *argv[])
if (argc != 1)
usage();
- if (server != NULL && client != NULL)
+#ifndef HAVE_CRYPTO
+ if (pubkeyfile != NULL)
+ errx("Unable to use the public key. Recompile dumpon with OpenSSL support.");
+#endif
+
+ if (server != NULL && client != NULL) {
+ enable = true;
dev = _PATH_NETDUMP;
- else if (server == NULL && client == NULL && argc > 0) {
- dev = argv[0];
- enable = strcmp(dev, "off") != 0;
+ netdump = true;
+ kdap = &ndconf.ndc_kda;
+ } else if (server == NULL && client == NULL && argc > 0) {
+ enable = strcmp(argv[0], "off") != 0;
+ dev = enable ? argv[0] : _PATH_DEVNULL;
+ netdump = false;
+ kdap = &_kda;
} else
usage();
-#ifndef HAVE_CRYPTO
- if (pubkeyfile != NULL) {
- enable = false;
- warnx("Unable to use the public key. Recompile dumpon with OpenSSL support.");
- }
-#endif
+ fd = opendumpdev(dev, dumpdev);
+ if (!netdump && !gzip)
+ check_size(fd, dumpdev);
- if (server != NULL) {
+ bzero(kdap, sizeof(*kdap));
+ kdap->kda_enable = 0;
+ if (ioctl(fd, DIOCSKERNELDUMP, kdap) != 0)
+ err(EX_OSERR, "ioctl(DIOCSKERNELDUMP)");
+ if (!enable)
+ exit(EX_OK);
+
+ explicit_bzero(kdap, sizeof(*kdap));
+ kdap->kda_enable = 1;
+ kdap->kda_compression = KERNELDUMP_COMP_NONE;
+ if (zstd)
+ kdap->kda_compression = KERNELDUMP_COMP_ZSTD;
+ else if (gzip)
+ kdap->kda_compression = KERNELDUMP_COMP_GZIP;
+
+ if (netdump) {
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_INET;
hints.ai_protocol = IPPROTO_UDP;
@@ -411,71 +459,36 @@ main(int argc, char *argv[])
if (inet_aton(gateway, &ndconf.ndc_gateway) == 0)
errx(EX_USAGE, "invalid gateway address '%s'", gateway);
- fd = open(dev, O_RDONLY);
- if (fd < 0)
- err(EX_OSFILE, "%s", dev);
- if (ioctl(fd, NETDUMPSCONF, &ndconf) != 0)
- err(EX_OSERR, "ioctl(NETDUMPSCONF)");
- } else if (enable) {
- char tmp[PATH_MAX];
- char *dumpdev;
-
- if (strncmp(argv[0], _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) {
- dumpdev = argv[0];
- } else {
- i = snprintf(tmp, PATH_MAX, "%s%s", _PATH_DEV, argv[0]);
- if (i < 0) {
- err(EX_OSERR, "%s", argv[0]);
- } else if (i >= PATH_MAX) {
- errno = EINVAL;
- err(EX_DATAERR, "%s", argv[0]);
- }
- dumpdev = tmp;
- }
- fd = open(dumpdev, O_RDONLY);
- if (fd < 0)
- err(EX_OSFILE, "%s", dumpdev);
-
- if (!gzip && !zstd)
- check_size(fd, dumpdev);
-
- bzero(&kda, sizeof(kda));
- kda.kda_enable = 0;
- i = ioctl(fd, DIOCSKERNELDUMP, &kda);
- explicit_bzero(&kda, sizeof(kda));
-
#ifdef HAVE_CRYPTO
if (pubkeyfile != NULL)
- genkey(pubkeyfile, &kda);
+ genkey(pubkeyfile, kdap);
#endif
-
- kda.kda_enable = 1;
- kda.kda_compression = KERNELDUMP_COMP_NONE;
- if (zstd)
- kda.kda_compression = KERNELDUMP_COMP_ZSTD;
- else if (gzip)
- kda.kda_compression = KERNELDUMP_COMP_GZIP;
- i = ioctl(fd, DIOCSKERNELDUMP, &kda);
- explicit_bzero(kda.kda_encryptedkey, kda.kda_encryptedkeysize);
- free(kda.kda_encryptedkey);
- explicit_bzero(&kda, sizeof(kda));
- if (i == 0 && verbose)
- printf("kernel dumps on %s\n", dumpdev);
- if (i < 0)
- err(EX_OSERR, "ioctl(DIOCSKERNELDUMP)");
+ error = ioctl(fd, NETDUMPSCONF, &ndconf);
+ if (error != 0)
+ error = errno;
+ explicit_bzero(kdap->kda_encryptedkey,
+ kdap->kda_encryptedkeysize);
+ free(kdap->kda_encryptedkey);
+ explicit_bzero(kdap, sizeof(*kdap));
+ if (error != 0)
+ errc(EX_OSERR, error, "ioctl(NETDUMPSCONF)");
} else {
- fd = open(_PATH_DEVNULL, O_RDONLY);
- if (fd < 0)
- err(EX_OSFILE, "%s", _PATH_DEVNULL);
-
- kda.kda_enable = 0;
- i = ioctl(fd, DIOCSKERNELDUMP, &kda);
- explicit_bzero(&kda, sizeof(kda));
- if (i == 0 && verbose)
- printf("kernel dumps disabled\n");
- if (i < 0)
- err(EX_OSERR, "ioctl(DIOCSKERNELDUMP)");
+#ifdef HAVE_CRYPTO
+ if (pubkeyfile != NULL)
+ genkey(pubkeyfile, kdap);
+#endif
+ error = ioctl(fd, DIOCSKERNELDUMP, kdap);
+ if (error != 0)
+ error = errno;
+ explicit_bzero(kdap->kda_encryptedkey,
+ kdap->kda_encryptedkeysize);
+ free(kdap->kda_encryptedkey);
+ explicit_bzero(kdap, sizeof(*kdap));
+ if (error != 0)
+ errc(EX_OSERR, error, "ioctl(DIOCSKERNELDUMP)");
}
+ if (verbose)
+ printf("kernel dumps on %s\n", dumpdev);
- exit (0);
+ exit(EX_OK);
}
Modified: user/markj/netdump/sys/netinet/netdump/netdump.h
==============================================================================
--- user/markj/netdump/sys/netinet/netdump/netdump.h Tue Mar 6 21:15:35 2018 (r330550)
+++ user/markj/netdump/sys/netinet/netdump/netdump.h Tue Mar 6 21:16:12 2018 (r330551)
@@ -31,6 +31,7 @@
#define _NETINET_NETDUMP_H_
#include <sys/types.h>
+#include <sys/disk.h>
#include <sys/ioccom.h>
#include <net/if.h>
@@ -59,6 +60,7 @@ struct netdump_ack {
} __packed;
struct netdump_conf {
+ struct diocskerneldump_arg ndc_kda;
char ndc_iface[IFNAMSIZ];
struct in_addr ndc_server;
struct in_addr ndc_client;
Modified: user/markj/netdump/sys/netinet/netdump/netdump_client.c
==============================================================================
--- user/markj/netdump/sys/netinet/netdump/netdump_client.c Tue Mar 6 21:15:35 2018 (r330550)
+++ user/markj/netdump/sys/netinet/netdump/netdump_client.c Tue Mar 6 21:16:12 2018 (r330551)
@@ -1140,6 +1140,14 @@ netdump_ioctl(struct cdev *dev __unused, u_long cmd, c
break;
conf = (struct netdump_conf *)addr;
+ if (conf->ndc_kda.kda_enable == 0) {
+ if (nd_enabled) {
+ nd_enabled = 0;
+ netdump_mbuf_drain();
+ }
+ break;
+ }
+
if (netdump_configure(conf) != 0) {
error = EINVAL;
break;
@@ -1153,8 +1161,10 @@ netdump_ioctl(struct cdev *dev __unused, u_long cmd, c
dumper.maxiosize = MAXDUMPPGS * PAGE_SIZE;
dumper.mediaoffset = 0;
dumper.mediasize = 0;
- error = set_dumper(&dumper, conf->ndc_iface, td, 0, 0, NULL, 0,
- NULL);
+ error = set_dumper(&dumper, conf->ndc_iface, td,
+ conf->ndc_kda.kda_compression, conf->ndc_kda.kda_encryption,
+ conf->ndc_kda.kda_key, conf->ndc_kda.kda_encryptedkeysize,
+ conf->ndc_kda.kda_encryptedkey);
if (error != 0) {
nd_enabled = 0;
netdump_mbuf_drain();
More information about the svn-src-user
mailing list