dumpon: Move the _Noreturn keyword before the return type

This fixes a warning from GCC 14 when compiling with the native C11
_Noreturn rather than the older GNU C function attribute:

sbin/dumpon/d

dumpon: Move the _Noreturn keyword before the return type

This fixes a warning from GCC 14 when compiling with the native C11
_Noreturn rather than the older GNU C function attribute:

sbin/dumpon/dumpon.c:73:1: error: '_Noreturn' is not at beginning of declaration [-Werror=old-style-declaration]
73 | static void _Noreturn
| ^~~~~~

show more ...

dumpon: fix set but not used variable

Signed-off-by: inkeliz <inkeliz@inkeliz.com>

Reviewed by: markj
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/1178

Remove copyright strings ifdef'd out

We've ifdef'd out the copyright strings for some time now. Go ahead and
remove the ifdefs. Plus whatever other detritis was left over from other
recent removals.

Remove copyright strings ifdef'd out

We've ifdef'd out the copyright strings for some time now. Go ahead and
remove the ifdefs. Plus whatever other detritis was left over from other
recent removals. These copyright strings are present in the comments and
are largely from CSRG's attempt at adding their copyright to every
binary file (which modern interpretations of the license doesn't
require).

Sponsored by: Netflix

show more ...

sbin: Remove ancient SCCS tags.

Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl

sbin: Remove ancient SCCS tags.

Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl script.

Sponsored by: Netflix

show more ...

Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

dumpon: update OpenSSL initialization call

ERR_load_crypto_strings() was deprecated in OpenSSL 1.1.0, and explicit
initialization is generally not reqiured. In the case of dumpon however
we initial

dumpon: update OpenSSL initialization call

ERR_load_crypto_strings() was deprecated in OpenSSL 1.1.0, and explicit
initialization is generally not reqiured. In the case of dumpon however
we initialize prior to entering capability mode, so replace with an
OPENSSL_init_crypto call.

Reviewed by: def, Pierre Pronchery
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40353

show more ...

dumpon: provide diag info when `PEM_read_RSA_PUBKEY` fails

This change modifies dumpon to print out the last error from OpenSSL
when `PEM_read_RSA_PUBKEY` fails. This allows end-users to diagnose wh

dumpon: provide diag info when `PEM_read_RSA_PUBKEY` fails

This change modifies dumpon to print out the last error from OpenSSL
when `PEM_read_RSA_PUBKEY` fails. This allows end-users to diagnose why
reading in RSA pubkey files fails so they can adjust the usage to meet
the needs of the command.

MFC after: 1 week

show more ...

dumpon: warn if the configured netdump link is down

Previously we expected the DIOCSKERNELDUMP ioctl to return ENXIO if the
interface was down, but it does not actually do this. Grab the link
status

dumpon: warn if the configured netdump link is down

Previously we expected the DIOCSKERNELDUMP ioctl to return ENXIO if the
interface was down, but it does not actually do this. Grab the link
status using getifaddrs(3) instead, and downgrade this case from an
error to a warning; the user might bring the link back up at a later
time.

Reviewed by: cem
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D35196

show more ...

dumpon: proceed without compression if the kernel lacks support

PR: 252554
Reviewed by: markj
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.o

dumpon: proceed without compression if the kernel lacks support

PR: 252554
Reviewed by: markj
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34520

show more ...

dumpon: fix build on some architectures

Fix a -Wsign-compare issue on some architectures.

Fixes: 96f9bd46547d6dfbaf219ab449efacacb0dacccc
Pointy hat to: me
MFC after: 1 week
Sponsored by: Dell EMC

dumpon: fix build on some architectures

Fix a -Wsign-compare issue on some architectures.

Fixes: 96f9bd46547d6dfbaf219ab449efacacb0dacccc
Pointy hat to: me
MFC after: 1 week
Sponsored by: Dell EMC Isilon

show more ...

dumpon: fix encrypted dumps after commit 372557d8c3d

That commit moved key generation into a child process, including
a memory allocation referenced by a structure. The child wrote
the structure to

dumpon: fix encrypted dumps after commit 372557d8c3d

That commit moved key generation into a child process, including
a memory allocation referenced by a structure. The child wrote
the structure to the parent over a pipe, but did not write the
referenced allocation. The parent read the structure from the
child and used its pointer, which was bogus in the parent.

In the child, send both chunks of data to the parent. In the
parent, make a corresponding allocation and read both chunks.

Fixes: 372557d8c3d37dd0c1d9be56513a436393963848
Reviewed by: bdrewery, markj
MFC after: 1 week
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D31452

show more ...

dumpon: Fix unconfiguring netdump with "off" and "/dev/null".

Netdump has its own configuration tracking such that
ioctl(/dev/null, DIOCSKERNELDUMP) does a dumper_remove() but does not
notify netdum

dumpon: Fix unconfiguring netdump with "off" and "/dev/null".

Netdump has its own configuration tracking such that
ioctl(/dev/null, DIOCSKERNELDUMP) does a dumper_remove() but does not
notify netdump about the removal. Simply sending the same ioctl to
/dev/netdump handles the situation.

Reviewed by: markj, cem
Sponsored by: Dell EMC
Differential Revision: https://reviews.freebsd.org/D31300

show more ...

dumpon: Fix -v causing error when configuring an encrypted dump

If -v is specified when adding a new device then a full listing of
configured devices is displayed. This requires sysctl access which

dumpon: Fix -v causing error when configuring an encrypted dump

If -v is specified when adding a new device then a full listing of
configured devices is displayed. This requires sysctl access which
genkey()'s use of capability mode was blocking permission to access.
This leads to both confusing console spam but also incorrectly returning
an error status even if no other had been encountered.

dumpon: Sysctl get 'kern.shutdown.dumpdevname': Operation not permitted

Fix this by generating the key in a child process.

Reviewed by: markj
Sponsored by: Dell EMC
Differential Revision: https://reviews.freebsd.org/D31266

show more ...

dumpon: do not print errno for resolver failure

When the netdump host name fails to resolve, don't print errno, since
it's irrelevant. We might as well use a different exit status, too.

Sponsored

dumpon: do not print errno for resolver failure

When the netdump host name fails to resolve, don't print errno, since
it's irrelevant. We might as well use a different exit status, too.

Sponsored by: Dell EMC Isilon

show more ...

EKCD: Preload error strings, PRNG seed; use OAEP padding

Preload OpenSSL ERR string data so that the formatted error messages are
vaguely meaningful. Add OpenSSL error information to the RSA_public_

EKCD: Preload error strings, PRNG seed; use OAEP padding

Preload OpenSSL ERR string data so that the formatted error messages are
vaguely meaningful. Add OpenSSL error information to the RSA_public_encrypt()
operation failure case in one-time key generation.

For obsolescent OpenSSL versions (*cough* FIPS *cough*), pre-seed the PRNG
before entering Cap mode, as old versions of OpenSSL are unaware of kernel
RNG interfaces aside from /dev/random (such as the long-supported kern.arnd, or
the slightly more recent getentropy(3) or getrandom(2)). (RSA_public_encrypt()
wants a seeded PRNG to randomize the "PS" portion of PKCS 1.5 padding or the
"MGF" pseudo-random function in OAEP padding.)

Switch dumpon to encrypt the one-time key with OAEP padding (recommended since
1998; RFC2437) rather than the obsolescent PKCS 1.5 padding (1993; RFC2313).

Switch decryptcore to attempt OAEP decryption first, and try PKCS 1.5
decryption on failure. This is intended only for transition convenience, and
we should obsolete support for non-OAEP padding in a release or two.

Reviewed by: markj
MFC After: 2 weeks
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D24534

show more ...

Merge ^/head r358466 through r358677.

dumpon: skip size check if using zstd

As with gzip, let the dump device be smaller than physical memory
when using zstd and full dumps.

Also print the error message if the size check fails, even if

dumpon: skip size check if using zstd

As with gzip, let the dump device be smaller than physical memory
when using zstd and full dumps.

Also print the error message if the size check fails, even if -v
is not specified. Failing silently is not friendly.

Reviewed by: cem markj
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D23923

show more ...

MFHead @348740

Sponsored by: The FreeBSD Foundation

EKCD: Add Chacha20 encryption mode

Add Chacha20 mode to Encrypted Kernel Crash Dumps.

Chacha20 does not require messages to be multiples of block size, so it is
valid to use the cipher on non-block

EKCD: Add Chacha20 encryption mode

Add Chacha20 mode to Encrypted Kernel Crash Dumps.

Chacha20 does not require messages to be multiples of block size, so it is
valid to use the cipher on non-block-sized messages without the explicit
padding AES-CBC would require. Therefore, allow use with simultaneous dump
compression. (Continue to disallow use of AES-CBC EKCD with compression.)

dumpon(8) gains a -C cipher flag to select between chacha and aes-cbc.
It defaults to chacha if no -C option is provided. The man page documents this
behavior.

Relnotes: sure
Sponsored by: Dell EMC Isilon

show more ...

MFHead @347527

Sponsored by: The FreeBSD Foundation

List-ify kernel dump device configuration

Allow users to specify multiple dump configurations in a prioritized list.
This enables fallback to secondary device(s) if primary dump fails. E.g.,
one mi

List-ify kernel dump device configuration

Allow users to specify multiple dump configurations in a prioritized list.
This enables fallback to secondary device(s) if primary dump fails. E.g.,
one might configure a preference for netdump, but fallback to disk dump as a
second choice if netdump is unavailable.

This change does not list-ify netdump configuration, which is tracked
separately from ordinary disk dumps internally; only one netdump
configuration can be made at a time, for now. It also does not implement
IPv6 netdump.

savecore(8) is already capable of scanning and iterating multiple devices
from /etc/fstab or passed on the command line.

This change doesn't update the rc or loader variables 'dumpdev' in any way;
it can still be set to configure a single dump device, and rc.d/savecore
still uses it as a single device. Only dumpon(8) is updated to be able to
configure the more complicated configurations for now.

As part of revving the ABI, unify netdump and disk dump configuration ioctl
/ structure, and leave room for ipv6 netdump as a future possibility.
Backwards-compatibility ioctls are added to smooth ABI transition,
especially for developers who may not keep kernel and userspace perfectly
synced.

Reviewed by: markj, scottl (earlier version)
Relnotes: maybe
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D19996

show more ...

Merge ^/head r340427 through r340868.

Avoid clobbering a user-specified -g value after r340547.

CID: 1396919
MFC with: r340547

Change dumpon(8)'s handling of -g.

Rather than using a special value to denote "use the default router",
treat the absence of the -g option to mean the same thing. The
in-kernel netdump client will

Change dumpon(8)'s handling of -g.

Rather than using a special value to denote "use the default router",
treat the absence of the -g option to mean the same thing. The
in-kernel netdump client will always attempt to reach the server
directly before falling back to the configured gateway anyway. This
change makes it cleaner to support a hostname value for -g.

Reviewed by: cem
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D18025

show more ...

Merge ^/head r339670 through r339812.