| Main index | Section 8 | 日本語 | Options |
System administrators should typically configure dumpon in a persistent fashion using the rc.conf(5) variables dumpdev and dumpon_flags. For more information on this usage, see rc.conf(5).
Starting in FreeBSD 13.0, dumpon can configure a series of fallback dump devices. For example, an administrator may prefer netdump(4) by default, but if the netdump(4) service cannot be reached or some other failure occurs, they might choose a local disk dump as a second choice option.
| | |
|
Insert the specified dump configuration into the prioritized fallback dump
device list at the specified index, starting at zero.
If
| |
| |
Remove the specified dump device configuration or configurations from the
fallback dump device list rather than inserting or appending it.
In contrast,
"
dumpon
off
"
removes all configured devices.
Conflicts with
|
| | |
|
Configure encrypted kernel dumps.
A random, one-time symmetric key is automatically generated for bulk kernel dump encryption every time dumpon is used. The provided pubkey is used to encrypt a copy of the symmetric key. The encrypted dump contents consist of a standard dump header, the pubkey-encrypted symmetric key contents, and the symmetric key encrypted core dump contents. As a result, only someone with the corresponding private key can decrypt the symmetric key. The symmetric key is necessary to decrypt the kernel core. The goal of the mechanism is to provide confidentiality. The pubkey file should be a PEM-formatted RSA key of at least 2048 bits. | |
| | |
| Select the symmetric algorithm used for encrypted kernel crash dump. The default is "chacha20" but "aes256-cbc" is also available. (AES256-CBC mode does not work in conjunction with compression.) | |
| | List the currently configured dump device(s), or /dev/null if no devices are configured. |
| | Enable verbose mode. |
| | Enable compression (Zstandard). |
| |
Enable compression (gzip).
Only one compression method may be enabled at a time, so
Zstandard provides superior compression ratio and performance. |
netdump(4) specific options include:
| | |
| The local IP address of the netdump(4) client. | |
| | |
|
The first-hop router between
client
and
server.
If the
| |
| | |
| The IP address of the netdumpd(8) server. | |
All of these options can be specified in the rc.conf(5) variable dumpon_flags.
The loader(8) variable dumpdev may be used to enable early kernel core dumps for system panics which occur before userspace starts.
# openssl genrsa -out private.pem 4096
A public key can be extracted from the private key using the rsa(1) tool:
# openssl rsa -in private.pem -out public.pem -pubout
Once the RSA keys are created in a safe place, the public key may be moved to the untrusted netdump client machine. Now public.pem can be used by dumpon to configure encrypted kernel crash dumps:
# dumpon -k public.pem /dev/ada0s1b
It is recommended to test if the kernel saves encrypted crash dumps using the current configuration. The easiest way to do that is to cause a kernel panic using the ddb(4) debugger:
# sysctl debug.kdb.panic=1
In the debugger the following commands should be typed to write a core dump and reboot:
db> dump
db> reset
After reboot savecore(8) should be able to save the core dump in the "dumpdir" directory, which is /var/crash by default:
# savecore /dev/ada0s1b
Three files should be created in the core directory: info.#, key.# and vmcore_encrypted.# (where "#" is the number of the last core dump saved by savecore(8)). The vmcore_encrypted.# can be decrypted using the decryptcore(8) utility:
# decryptcore -p private.pem -k key.# -e vmcore_encrypted.# -c vmcore.#
or shorter:
# decryptcore -p private.pem -n #
The vmcore.# can be now examined using kgdb(1) ( ports/devel/gdb):
# kgdb /boot/kernel/kernel vmcore.#
or shorter:
# kgdb -n #
The core was decrypted properly if kgdb(1) ( ports/devel/gdb) does not print any errors. Note that the live kernel might be at a different path which can be examined by looking at the kern.bootfile sysctl(8).
The dumpon rc(8) script runs early during boot, typically before networking is configured. This makes it unsuitable for configuring netdump(4) when the client address is dynamic. To configure netdump(4) when dhclient(8) binds to a server, dhclient-script(8) can be used to run dumpon(8). For example, to automatically configure netdump(4) on the vtnet0 interface, add the following to /etc/dhclient-exit-hooks.
case $reason in
BOUND|REBIND|REBOOT|RENEW)
if [ "$interface" != vtnet0 ] || [ -n "$old_ip_address" -a \
"$old_ip_address" = "$new_ip_address" ]; then
break
fi
if [ -n "$new_routers" ]; then
# Take the first router in the list.
gateway_flag="-g ${new_routers%% *}"
fi
# Configure as the highest-priority dump device.
dumpon -i 0 -c $new_ip_address -s $server $gateway_flag vtnet0
;;
esac
Be sure to fill in the server IP address and change the interface name if needed.
Support for encrypted kernel core dumps and netdump was added in FreeBSD 12.0 .
Netdump does not automatically update the configured gateway if routing topology changes.
The size of a compressed dump or a minidump is not a fixed function of RAM size. Therefore, when at least one of these options is enabled, the dumpon utility cannot verify that the device has sufficient space for a dump. dumpon is also unable to verify that a configured netdumpd(8) server has sufficient space for a dump.
RSA keys smaller than 1024 bits are practical to factor and therefore weak.
Even 1024 bit keys may not be large enough to ensure privacy for many
years, so NIST recommends a minimum of 2048 bit RSA keys.
As a seatbelt,
dumpon
prevents users from configuring encrypted kernel dumps with extremely weak RSA
keys.
If you do not care for cryptographic privacy guarantees, just use
dumpon
without specifying a
This process is sandboxed using capsicum(4).
| DUMPON (8) | April 23, 2020 |
| Main index | Section 8 | 日本語 | Options |
Please direct any comments about this manual page service to Ben Bullock. Privacy policy.
