cndfs

QNX SDP8.0Utilities ReferenceUtilities

Condense, restore, or mirror filesystems or disks

Syntax:

cndfs [-c|-r|-M] [option...] src dst

Condense a disk structure src into a file dst:

cndfs -c [(general-option | condense-option)...] src dst

(QNX OS only) Restore a disk structure from the condensed image file src in the destination dst:

cndfs -r [(general-option | restore-option)...] src dst

(QNX OS only) Copy a disk structure from src to dst:

cndfs -M [(general-option | mirror-option)...] src dst

Runs on:

QNX OS, Linux, Microsoft Windows

Options:

General options:

-?
Print usage help.
-C dll
(QNX OS only) Specify the cache-control DLL to use with direct I/O.
-i
(QNX OS only) Display progress information.
-I
(QNX OS only) Don't attempt to use direct I/O for reading data.
-O
(QNX OS only) Don't attempt to use direct I/O for writing data.
-p name
(QNX OS only) Write progress information to a shared-memory object.
-t name[:name...]
(QNX OS only) Allocate memory for direct I/O from typed memory pool. The default is sysram&below4G.
-v
Increase verbosity.

Condense options:

-b num
Don't compress clusters if the ratio of compressed to original size is greater than the percentage value of num. The default value is 90.
-d num
Specify the data hashing method. The value of num must be in the range from 0 through 10. The default is 4.
-D
Compress the payload data using LZO compression.
-h num
Specify the header hashing method. The value of num must be in the range from 0 through 6. The default is 4.
-K dll[,args]
(QNX OS only) Specify a DLL with a user-defined function to provide the key to use for data decryption. Optionally, an arguments string can be added that is passed to the key provider function.
-m num
Specify the metadata hashing method. The value of num must be in the range from 0 through 6. The default is 4.
-P passwd
Specify the password to use for data encryption.
-R
Resort to raw mode if no supported input type is detected. Specify -RR to force raw mode.
-Q
Further interpret and condense contents of a QNX Trusted Disk (QTD).
-s size
Specify the cluster size in bytes. The default is 1MiB.

Restore options:

-K dll[,args]
Specify a DLL with a user-defined function to provide the key to use for data decryption. Optionally, an arguments string can be added that is passed to the key provider function.
-P passwd
Specify the password to use for data decryption.
-q
Assume streamed input. Doesn't support direct I/O.
-V
Verify written data during restoration.

Mirror options:

-R
Resort to raw mode if no supported input type is detected. Specify -RR to force raw mode.
-s size
Specify the copy chunk size in bytes. The default is 1MiB.
-V
Verify written data.

Description:

The cndfs utility condenses, restores, or mirrors individual filesystems or entire disks. It also allows:

  • compressing and/or encrypting the payload data
  • verification of data and metadata using one of the various hash methods

The types of disk structures that can be condensed are:

  • Power-Safe filesystem (fs-qnx6)
  • Linux EXT2 filesystem
  • MBR partition tables (currently only primary partitions)
  • QTD containers (refer to the "More information on certain options" section below)

Condensing

To condense a disk, the cndfs utility detects the input type (e.g. partitioning, filesystem). These container-type inputs recursively create subregions and interpret them individually. Each of the recognized input types determine and report the extents (actively used areas) to the condenser. The extents' data is treated as one large stream, which is cut into clusters that can be compressed, encrypted, and written to the file image.

Restoring

Restoring a disk structure is the opposite of condensation. The uncondenser reads each cluster, decrypts it, and then uncompresses its payload data. It combines this data into one logical stream. This stream is divided into extents which are written to the target medium.

Mirroring

Mirroring creates a copy of a disk structure without copying any currently unused areas. The mirror operation uses the condenser front-end to determine all relevant extents within the input, and then copies these directly onto the target device.

More information on certain options

By default, QTD input is treated as raw data, which cndfs doesn't condense. However, you can specify the -Q option so that cndfs interprets the contents of a QTD, but only stores its unused areas. When doing this, proceed with caution; ensure that the QTD's unused areas are identical on both the source and the target. To do so, you should create the input with a filesystem image creator tool (e.g. mksquashfsimg) and ensure that the target device is set to all zeroes.

If you use the -p option with cndfs, the shared memory object is created or opened and progress information is provided. The header file sys/cndfs.h defines structure types that contain the progress information. This header file also contains file information and inline functions to present the information while ensuring data integrity.

If you use the -K dll option, cndfs loads the shared object named dll and looks for the function cndfs_key_provider(). After it is called, this function retrieves a key to use in encryption or decryption. The prototype for this function is provided in sys/cndfs.h.

Hashing and encryption methods

The following hashing and encryption methods are currently supported by the cndfs utility:

Number Name Key length (bytes)
0 none 0
1 CRC32 0
2 MD5 0
3 SHA224 0
4 SHA256 0
5 SHA384 0
6 SHA512 0
7 AES256-GCM 32
8 AES256-CBC 32
9 AES128-GCM 16
10 AES128-CBC 16
Note:
The CBC modes 8 and 10 provide data encryption, but they don't provide authentication or integrity checking.

Examples:

Condense the filesystem on /dev/hd1t179 into the image file myimage.cd:

cndfs -c /dev/hd1t179 myimage.cd

Condense filesystem images:

mkqnx6fsimg myfsys.bld myfsys.fsi
cndfs -c myfsys.fsi myimage.cd

Condense /dev/hd1t179 into myimage.cd, using a cluster size of 2MB:

cndfs -c -s2m /dev/hd1t179 myimage.cd

Condense /dev/hd1t179 into myimage.cd and print some information:

cndfs -c -v /dev/hd1t179 myimage.cd

Condense /dev/hd1t179 into myimage.cd. Don't use direct I/O to read from the source partition:

cndfs -c -I /dev/hd1t179 myimage.cd

Condense /dev/hd1t179 into myimage.cd and compress the payload data:

cndfs -c -D /dev/hd1t179 myimage.cd

Condense, using CRC32 checksums for header and metadata:

cndfs -c -h1 -m1 /dev/hd1t179 myimage.cd

Condense, using AES256-GCM encryption for payload data. Retrieve the key via a callback into the key-provider DLL keydll.so, passing foobar as argument arg into cndfs_key_provider():

cndfs -c -d7 -K keydll.so,foobar /dev/hd1t179 myimage.cd

Condense and provide progress information in /dev/shmem/cdprg:

cndfs -c -p cdprg /dev/hd1t179 myimage.cd

Condense, using AES256-GCM encryption for payload data and foobar as the password:

cndfs -c -d7 -P foobar

Uncondense the image created in the previous example:

cndfs -r -P foobar myimage.cd /dev/hd2t178

Uncondense the filesystem in myimage.cd onto partition /dev/hd2t178:

cndfs -r myimage.cd /dev/hd2t178

Uncondense myimage.cd into partition /dev/hd2t178 without using direct I/O to write onto the target device:

cndfs -r -O myimage.cd /dev/hd2t178

Uncondense, reading back and verifying each block written:

cndfs -r -V myimage.cd /dev/hd2t178
Page updated: