1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1980, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the University nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 #if 0 33 #ifndef lint 34 static const char copyright[] = 35 "@(#) Copyright (c) 1980, 1993\n\ 36 The Regents of the University of California. All rights reserved.\n"; 37 #endif /* not lint */ 38 39 #ifndef lint 40 static char sccsid[] = "From: @(#)swapon.c 8.1 (Berkeley) 6/5/93"; 41 #endif /* not lint */ 42 #endif 43 #include <sys/cdefs.h> 44 __FBSDID("$FreeBSD$"); 45 46 #include <sys/param.h> 47 #include <sys/capsicum.h> 48 #include <sys/disk.h> 49 #include <sys/socket.h> 50 #include <sys/sysctl.h> 51 #include <sys/wait.h> 52 53 #include <assert.h> 54 #include <capsicum_helpers.h> 55 #include <err.h> 56 #include <errno.h> 57 #include <fcntl.h> 58 #include <ifaddrs.h> 59 #include <netdb.h> 60 #include <paths.h> 61 #include <stdbool.h> 62 #include <stdint.h> 63 #include <stdio.h> 64 #include <stdlib.h> 65 #include <string.h> 66 #include <sysexits.h> 67 #include <unistd.h> 68 69 #include <arpa/inet.h> 70 71 #include <net/if.h> 72 #include <net/if_dl.h> 73 #include <net/route.h> 74 75 #include <netinet/in.h> 76 #include <netinet/netdump/netdump.h> 77 78 #ifdef HAVE_CRYPTO 79 #include <openssl/err.h> 80 #include <openssl/pem.h> 81 #include <openssl/rand.h> 82 #include <openssl/rsa.h> 83 #endif 84 85 static int verbose; 86 87 static void _Noreturn 88 usage(void) 89 { 90 fprintf(stderr, 91 "usage: dumpon [-i index] [-r] [-v] [-k <pubkey>] [-Zz] <device>\n" 92 " dumpon [-i index] [-r] [-v] [-k <pubkey>] [-Zz]\n" 93 " [-g <gateway>] -s <server> -c <client> <iface>\n" 94 " dumpon [-v] off\n" 95 " dumpon [-v] -l\n"); 96 exit(EX_USAGE); 97 } 98 99 /* 100 * Look for a default route on the specified interface. 101 */ 102 static char * 103 find_gateway(const char *ifname) 104 { 105 struct ifaddrs *ifa, *ifap; 106 struct rt_msghdr *rtm; 107 struct sockaddr *sa; 108 struct sockaddr_dl *sdl; 109 struct sockaddr_in *dst, *mask, *gw; 110 char *buf, *next, *ret; 111 size_t sz; 112 int error, i, ifindex, mib[7]; 113 114 /* First look up the interface index. */ 115 if (getifaddrs(&ifap) != 0) 116 err(EX_OSERR, "getifaddrs"); 117 for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) { 118 if (ifa->ifa_addr->sa_family != AF_LINK) 119 continue; 120 if (strcmp(ifa->ifa_name, ifname) == 0) { 121 sdl = (struct sockaddr_dl *)(void *)ifa->ifa_addr; 122 ifindex = sdl->sdl_index; 123 break; 124 } 125 } 126 if (ifa == NULL) 127 errx(1, "couldn't find interface index for '%s'", ifname); 128 freeifaddrs(ifap); 129 130 /* Now get the IPv4 routing table. */ 131 mib[0] = CTL_NET; 132 mib[1] = PF_ROUTE; 133 mib[2] = 0; 134 mib[3] = AF_INET; 135 mib[4] = NET_RT_DUMP; 136 mib[5] = 0; 137 mib[6] = -1; /* FIB */ 138 139 for (;;) { 140 if (sysctl(mib, nitems(mib), NULL, &sz, NULL, 0) != 0) 141 err(EX_OSERR, "sysctl(NET_RT_DUMP)"); 142 buf = malloc(sz); 143 error = sysctl(mib, nitems(mib), buf, &sz, NULL, 0); 144 if (error == 0) 145 break; 146 if (errno != ENOMEM) 147 err(EX_OSERR, "sysctl(NET_RT_DUMP)"); 148 free(buf); 149 } 150 151 ret = NULL; 152 for (next = buf; next < buf + sz; next += rtm->rtm_msglen) { 153 rtm = (struct rt_msghdr *)(void *)next; 154 if (rtm->rtm_version != RTM_VERSION) 155 continue; 156 if ((rtm->rtm_flags & RTF_GATEWAY) == 0 || 157 rtm->rtm_index != ifindex) 158 continue; 159 160 dst = gw = mask = NULL; 161 sa = (struct sockaddr *)(rtm + 1); 162 for (i = 0; i < RTAX_MAX; i++) { 163 if ((rtm->rtm_addrs & (1 << i)) != 0) { 164 switch (i) { 165 case RTAX_DST: 166 dst = (void *)sa; 167 break; 168 case RTAX_GATEWAY: 169 gw = (void *)sa; 170 break; 171 case RTAX_NETMASK: 172 mask = (void *)sa; 173 break; 174 } 175 } 176 sa = (struct sockaddr *)((char *)sa + SA_SIZE(sa)); 177 } 178 179 if (dst->sin_addr.s_addr == INADDR_ANY && 180 mask->sin_addr.s_addr == 0) { 181 ret = inet_ntoa(gw->sin_addr); 182 break; 183 } 184 } 185 free(buf); 186 return (ret); 187 } 188 189 static void 190 check_link_status(const char *ifname) 191 { 192 struct ifaddrs *ifap, *ifa; 193 194 if (getifaddrs(&ifap) != 0) 195 err(EX_OSERR, "getifaddrs"); 196 197 for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) { 198 if (strcmp(ifname, ifa->ifa_name) != 0) 199 continue; 200 if ((ifa->ifa_flags & IFF_UP) == 0) { 201 warnx("warning: %s's link is down", ifname); 202 } 203 break; 204 } 205 freeifaddrs(ifap); 206 } 207 208 static void 209 check_size(int fd, const char *fn) 210 { 211 int name[] = { CTL_HW, HW_PHYSMEM }; 212 size_t namelen = nitems(name); 213 unsigned long physmem; 214 size_t len; 215 off_t mediasize; 216 int minidump; 217 218 len = sizeof(minidump); 219 if (sysctlbyname("debug.minidump", &minidump, &len, NULL, 0) == 0 && 220 minidump == 1) 221 return; 222 len = sizeof(physmem); 223 if (sysctl(name, namelen, &physmem, &len, NULL, 0) != 0) 224 err(EX_OSERR, "can't get memory size"); 225 if (ioctl(fd, DIOCGMEDIASIZE, &mediasize) != 0) 226 err(EX_OSERR, "%s: can't get size", fn); 227 if ((uintmax_t)mediasize < (uintmax_t)physmem) 228 errx(EX_IOERR, "%s is smaller than physical memory", fn); 229 } 230 231 #ifdef HAVE_CRYPTO 232 static void 233 _genkey(const char *pubkeyfile, struct diocskerneldump_arg *kdap) 234 { 235 FILE *fp; 236 RSA *pubkey; 237 238 assert(pubkeyfile != NULL); 239 assert(kdap != NULL); 240 241 fp = NULL; 242 pubkey = NULL; 243 244 fp = fopen(pubkeyfile, "r"); 245 if (fp == NULL) 246 err(1, "Unable to open %s", pubkeyfile); 247 248 /* 249 * Obsolescent OpenSSL only knows about /dev/random, and needs to 250 * pre-seed before entering cap mode. For whatever reason, 251 * RSA_pub_encrypt uses the internal PRNG. 252 */ 253 #if OPENSSL_VERSION_NUMBER < 0x10100000L 254 { 255 unsigned char c[1]; 256 RAND_bytes(c, 1); 257 } 258 #endif 259 260 if (caph_enter() < 0) 261 err(1, "Unable to enter capability mode"); 262 263 pubkey = RSA_new(); 264 if (pubkey == NULL) { 265 errx(1, "Unable to allocate an RSA structure: %s", 266 ERR_error_string(ERR_get_error(), NULL)); 267 } 268 269 pubkey = PEM_read_RSA_PUBKEY(fp, &pubkey, NULL, NULL); 270 fclose(fp); 271 fp = NULL; 272 if (pubkey == NULL) 273 errx(1, "Unable to read data from %s: %s", pubkeyfile, 274 ERR_error_string(ERR_get_error(), NULL)); 275 276 /* 277 * RSA keys under ~1024 bits are trivially factorable (2018). OpenSSL 278 * provides an API for RSA keys to estimate the symmetric-cipher 279 * "equivalent" bits of security (defined in NIST SP800-57), which as 280 * of this writing equates a 2048-bit RSA key to 112 symmetric cipher 281 * bits. 282 * 283 * Use this API as a seatbelt to avoid suggesting to users that their 284 * privacy is protected by encryption when the key size is insufficient 285 * to prevent compromise via factoring. 286 * 287 * Future work: Sanity check for weak 'e', and sanity check for absence 288 * of 'd' (i.e., the supplied key is a public key rather than a full 289 * keypair). 290 */ 291 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 292 if (RSA_security_bits(pubkey) < 112) 293 #else 294 if (RSA_size(pubkey) * 8 < 2048) 295 #endif 296 errx(1, "Small RSA keys (you provided: %db) can be " 297 "factored cheaply. Please generate a larger key.", 298 RSA_size(pubkey) * 8); 299 300 kdap->kda_encryptedkeysize = RSA_size(pubkey); 301 if (kdap->kda_encryptedkeysize > KERNELDUMP_ENCKEY_MAX_SIZE) { 302 errx(1, "Public key has to be at most %db long.", 303 8 * KERNELDUMP_ENCKEY_MAX_SIZE); 304 } 305 306 kdap->kda_encryptedkey = calloc(1, kdap->kda_encryptedkeysize); 307 if (kdap->kda_encryptedkey == NULL) 308 err(1, "Unable to allocate encrypted key"); 309 310 /* 311 * If no cipher was specified, choose a reasonable default. 312 */ 313 if (kdap->kda_encryption == KERNELDUMP_ENC_NONE) 314 kdap->kda_encryption = KERNELDUMP_ENC_CHACHA20; 315 else if (kdap->kda_encryption == KERNELDUMP_ENC_AES_256_CBC && 316 kdap->kda_compression != KERNELDUMP_COMP_NONE) 317 errx(EX_USAGE, "Unpadded AES256-CBC mode cannot be used " 318 "with compression."); 319 320 arc4random_buf(kdap->kda_key, sizeof(kdap->kda_key)); 321 if (RSA_public_encrypt(sizeof(kdap->kda_key), kdap->kda_key, 322 kdap->kda_encryptedkey, pubkey, 323 RSA_PKCS1_OAEP_PADDING) != (int)kdap->kda_encryptedkeysize) { 324 errx(1, "Unable to encrypt the one-time key: %s", 325 ERR_error_string(ERR_get_error(), NULL)); 326 } 327 RSA_free(pubkey); 328 } 329 330 /* 331 * Run genkey() in a child so it can use capability mode without affecting 332 * the rest of the runtime. 333 */ 334 static void 335 genkey(const char *pubkeyfile, struct diocskerneldump_arg *kdap) 336 { 337 pid_t pid; 338 int error, filedes[2], status; 339 ssize_t bytes; 340 341 if (pipe2(filedes, O_CLOEXEC) != 0) 342 err(1, "pipe"); 343 pid = fork(); 344 switch (pid) { 345 case -1: 346 err(1, "fork"); 347 break; 348 case 0: 349 close(filedes[0]); 350 _genkey(pubkeyfile, kdap); 351 /* Write the new kdap back to the parent. */ 352 bytes = write(filedes[1], kdap, sizeof(*kdap)); 353 if (bytes != sizeof(*kdap)) 354 err(1, "genkey pipe write"); 355 bytes = write(filedes[1], kdap->kda_encryptedkey, 356 kdap->kda_encryptedkeysize); 357 if (bytes != (ssize_t)kdap->kda_encryptedkeysize) 358 err(1, "genkey pipe write kda_encryptedkey"); 359 _exit(0); 360 } 361 close(filedes[1]); 362 /* Read in the child's genkey() result into kdap. */ 363 bytes = read(filedes[0], kdap, sizeof(*kdap)); 364 if (bytes != sizeof(*kdap)) 365 errx(1, "genkey pipe read"); 366 if (kdap->kda_encryptedkeysize > KERNELDUMP_ENCKEY_MAX_SIZE) 367 errx(1, "Public key has to be at most %db long.", 368 8 * KERNELDUMP_ENCKEY_MAX_SIZE); 369 kdap->kda_encryptedkey = calloc(1, kdap->kda_encryptedkeysize); 370 if (kdap->kda_encryptedkey == NULL) 371 err(1, "Unable to allocate encrypted key"); 372 bytes = read(filedes[0], kdap->kda_encryptedkey, 373 kdap->kda_encryptedkeysize); 374 if (bytes != (ssize_t)kdap->kda_encryptedkeysize) 375 errx(1, "genkey pipe read kda_encryptedkey"); 376 error = waitpid(pid, &status, WEXITED); 377 if (error == -1) 378 err(1, "waitpid"); 379 if (WIFEXITED(status) && WEXITSTATUS(status) != 0) 380 errx(1, "genkey child exited with status %d", 381 WEXITSTATUS(status)); 382 else if (WIFSIGNALED(status)) 383 errx(1, "genkey child exited with signal %d", 384 WTERMSIG(status)); 385 close(filedes[0]); 386 } 387 #endif 388 389 static void 390 listdumpdev(void) 391 { 392 static char ip[200]; 393 394 char dumpdev[PATH_MAX]; 395 struct diocskerneldump_arg ndconf; 396 size_t len; 397 const char *sysctlname = "kern.shutdown.dumpdevname"; 398 int fd; 399 400 len = sizeof(dumpdev); 401 if (sysctlbyname(sysctlname, &dumpdev, &len, NULL, 0) != 0) { 402 if (errno == ENOMEM) { 403 err(EX_OSERR, "Kernel returned too large of a buffer for '%s'\n", 404 sysctlname); 405 } else { 406 err(EX_OSERR, "Sysctl get '%s'\n", sysctlname); 407 } 408 } 409 if (strlen(dumpdev) == 0) 410 (void)strlcpy(dumpdev, _PATH_DEVNULL, sizeof(dumpdev)); 411 412 if (verbose) { 413 char *ctx, *dd; 414 unsigned idx; 415 416 printf("kernel dumps on priority: device\n"); 417 idx = 0; 418 ctx = dumpdev; 419 while ((dd = strsep(&ctx, ",")) != NULL) 420 printf("%u: %s\n", idx++, dd); 421 } else 422 printf("%s\n", dumpdev); 423 424 /* If netdump is enabled, print the configuration parameters. */ 425 if (verbose) { 426 fd = open(_PATH_NETDUMP, O_RDONLY); 427 if (fd < 0) { 428 if (errno != ENOENT) 429 err(EX_OSERR, "opening %s", _PATH_NETDUMP); 430 return; 431 } 432 if (ioctl(fd, DIOCGKERNELDUMP, &ndconf) != 0) { 433 if (errno != ENXIO) 434 err(EX_OSERR, "ioctl(DIOCGKERNELDUMP)"); 435 (void)close(fd); 436 return; 437 } 438 439 printf("server address: %s\n", 440 inet_ntop(ndconf.kda_af, &ndconf.kda_server, ip, 441 sizeof(ip))); 442 printf("client address: %s\n", 443 inet_ntop(ndconf.kda_af, &ndconf.kda_client, ip, 444 sizeof(ip))); 445 printf("gateway address: %s\n", 446 inet_ntop(ndconf.kda_af, &ndconf.kda_gateway, ip, 447 sizeof(ip))); 448 (void)close(fd); 449 } 450 } 451 452 static int 453 opendumpdev(const char *arg, char *dumpdev) 454 { 455 int fd, i; 456 457 if (strncmp(arg, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) 458 strlcpy(dumpdev, arg, PATH_MAX); 459 else { 460 i = snprintf(dumpdev, PATH_MAX, "%s%s", _PATH_DEV, arg); 461 if (i < 0) 462 err(EX_OSERR, "%s", arg); 463 if (i >= PATH_MAX) 464 errc(EX_DATAERR, EINVAL, "%s", arg); 465 } 466 467 fd = open(dumpdev, O_RDONLY); 468 if (fd < 0) 469 err(EX_OSFILE, "%s", dumpdev); 470 return (fd); 471 } 472 473 int 474 main(int argc, char *argv[]) 475 { 476 char dumpdev[PATH_MAX]; 477 struct diocskerneldump_arg ndconf, *kdap; 478 struct addrinfo hints, *res; 479 const char *dev, *pubkeyfile, *server, *client, *gateway; 480 int ch, error, fd, cipher; 481 bool gzip, list, netdump, zstd, insert, rflag; 482 uint8_t ins_idx; 483 484 gzip = list = netdump = zstd = insert = rflag = false; 485 kdap = NULL; 486 pubkeyfile = NULL; 487 server = client = gateway = NULL; 488 ins_idx = KDA_APPEND; 489 cipher = KERNELDUMP_ENC_NONE; 490 491 while ((ch = getopt(argc, argv, "C:c:g:i:k:lrs:vZz")) != -1) 492 switch ((char)ch) { 493 case 'C': 494 if (strcasecmp(optarg, "chacha") == 0 || 495 strcasecmp(optarg, "chacha20") == 0) 496 cipher = KERNELDUMP_ENC_CHACHA20; 497 else if (strcasecmp(optarg, "aes-cbc") == 0 || 498 strcasecmp(optarg, "aes256-cbc") == 0) 499 cipher = KERNELDUMP_ENC_AES_256_CBC; 500 else 501 errx(EX_USAGE, "Unrecognized cipher algorithm " 502 "'%s'", optarg); 503 break; 504 case 'c': 505 client = optarg; 506 break; 507 case 'g': 508 gateway = optarg; 509 break; 510 case 'i': 511 { 512 int i; 513 514 i = atoi(optarg); 515 if (i < 0 || i >= KDA_APPEND - 1) 516 errx(EX_USAGE, 517 "-i index must be between zero and %d.", 518 (int)KDA_APPEND - 2); 519 insert = true; 520 ins_idx = i; 521 } 522 break; 523 case 'k': 524 pubkeyfile = optarg; 525 break; 526 case 'l': 527 list = true; 528 break; 529 case 'r': 530 rflag = true; 531 break; 532 case 's': 533 server = optarg; 534 break; 535 case 'v': 536 verbose = 1; 537 break; 538 case 'Z': 539 zstd = true; 540 break; 541 case 'z': 542 gzip = true; 543 break; 544 default: 545 usage(); 546 } 547 548 if (gzip && zstd) 549 errx(EX_USAGE, "The -z and -Z options are mutually exclusive."); 550 551 if (insert && rflag) 552 errx(EX_USAGE, "The -i and -r options are mutually exclusive."); 553 554 argc -= optind; 555 argv += optind; 556 557 if (list) { 558 listdumpdev(); 559 exit(EX_OK); 560 } 561 562 if (argc != 1) 563 usage(); 564 565 #ifdef HAVE_CRYPTO 566 if (cipher != KERNELDUMP_ENC_NONE && pubkeyfile == NULL) { 567 errx(EX_USAGE, "-C option requires a public key file."); 568 } else if (pubkeyfile != NULL) { 569 #if OPENSSL_VERSION_NUMBER < 0x10100000L 570 ERR_load_crypto_strings(); 571 #else 572 if (!OPENSSL_init_crypto(0, NULL)) 573 errx(EX_UNAVAILABLE, "Unable to initialize OpenSSL"); 574 #endif 575 } 576 #else 577 if (pubkeyfile != NULL) 578 errx(EX_UNAVAILABLE,"Unable to use the public key." 579 " Recompile dumpon with OpenSSL support."); 580 #endif 581 582 if (server != NULL && client != NULL) { 583 dev = _PATH_NETDUMP; 584 netdump = true; 585 } else if (server == NULL && client == NULL && argc > 0) { 586 if (strcmp(argv[0], "off") == 0) { 587 rflag = true; 588 dev = _PATH_DEVNULL; 589 } else 590 dev = argv[0]; 591 netdump = false; 592 593 if (strcmp(dev, _PATH_DEVNULL) == 0) { 594 /* 595 * Netdump has its own configuration tracking that 596 * is not removed when using /dev/null. 597 */ 598 fd = open(_PATH_NETDUMP, O_RDONLY); 599 if (fd != -1) { 600 bzero(&ndconf, sizeof(ndconf)); 601 ndconf.kda_index = KDA_REMOVE_ALL; 602 ndconf.kda_af = AF_INET; 603 error = ioctl(fd, DIOCSKERNELDUMP, &ndconf); 604 if (error != 0) 605 err(1, "ioctl(%s, DIOCSKERNELDUMP)", 606 _PATH_NETDUMP); 607 close(fd); 608 } 609 } 610 } else 611 usage(); 612 613 fd = opendumpdev(dev, dumpdev); 614 if (!netdump && !gzip && !zstd && !rflag) 615 check_size(fd, dumpdev); 616 617 kdap = &ndconf; 618 bzero(kdap, sizeof(*kdap)); 619 620 if (rflag) 621 kdap->kda_index = KDA_REMOVE; 622 else 623 kdap->kda_index = ins_idx; 624 625 kdap->kda_compression = KERNELDUMP_COMP_NONE; 626 if (zstd) 627 kdap->kda_compression = KERNELDUMP_COMP_ZSTD; 628 else if (gzip) 629 kdap->kda_compression = KERNELDUMP_COMP_GZIP; 630 631 if (netdump) { 632 memset(&hints, 0, sizeof(hints)); 633 hints.ai_family = AF_INET; 634 hints.ai_protocol = IPPROTO_UDP; 635 res = NULL; 636 error = getaddrinfo(server, NULL, &hints, &res); 637 if (error != 0) { 638 if (error == EAI_SYSTEM) 639 err(EX_OSERR, "%s", gai_strerror(error)); 640 errx(EX_NOHOST, "%s", gai_strerror(error)); 641 } 642 server = inet_ntoa( 643 ((struct sockaddr_in *)(void *)res->ai_addr)->sin_addr); 644 freeaddrinfo(res); 645 646 if (strlcpy(ndconf.kda_iface, argv[0], 647 sizeof(ndconf.kda_iface)) >= sizeof(ndconf.kda_iface)) 648 errx(EX_USAGE, "invalid interface name '%s'", argv[0]); 649 if (inet_aton(server, &ndconf.kda_server.in4) == 0) 650 errx(EX_USAGE, "invalid server address '%s'", server); 651 if (inet_aton(client, &ndconf.kda_client.in4) == 0) 652 errx(EX_USAGE, "invalid client address '%s'", client); 653 654 if (gateway == NULL) { 655 gateway = find_gateway(argv[0]); 656 if (gateway == NULL) { 657 if (verbose) 658 printf( 659 "failed to look up gateway for %s\n", 660 server); 661 gateway = server; 662 } 663 } 664 if (inet_aton(gateway, &ndconf.kda_gateway.in4) == 0) 665 errx(EX_USAGE, "invalid gateway address '%s'", gateway); 666 ndconf.kda_af = AF_INET; 667 } 668 669 #ifdef HAVE_CRYPTO 670 if (pubkeyfile != NULL) { 671 kdap->kda_encryption = cipher; 672 genkey(pubkeyfile, kdap); 673 } 674 #endif 675 error = ioctl(fd, DIOCSKERNELDUMP, kdap); 676 if (error != 0) 677 error = errno; 678 if (error == EINVAL && (gzip || zstd)) { 679 /* Retry without compression in case kernel lacks support. */ 680 kdap->kda_compression = KERNELDUMP_COMP_NONE; 681 error = ioctl(fd, DIOCSKERNELDUMP, kdap); 682 if (error == 0) 683 warnx("Compression disabled; kernel may lack gzip or zstd support."); 684 else 685 error = errno; 686 } 687 /* Emit a warning if the user configured a downed interface. */ 688 if (error == 0 && netdump) 689 check_link_status(kdap->kda_iface); 690 explicit_bzero(kdap->kda_encryptedkey, kdap->kda_encryptedkeysize); 691 free(kdap->kda_encryptedkey); 692 explicit_bzero(kdap, sizeof(*kdap)); 693 if (error != 0) { 694 if (netdump) { 695 /* 696 * Be slightly less user-hostile for some common 697 * errors, especially as users don't have any great 698 * discoverability into which NICs support netdump. 699 */ 700 if (error == ENODEV) 701 errx(EX_OSERR, "Unable to configure netdump " 702 "because the interface driver does not yet " 703 "support netdump."); 704 } 705 errc(EX_OSERR, error, "ioctl(DIOCSKERNELDUMP)"); 706 } 707 708 if (verbose) 709 listdumpdev(); 710 711 exit(EX_OK); 712 } 713