cndfs
Condense, restore, or mirror filesystems or disks
Syntax:
cndfs [-c|-r|-M] [option...] src dst
Condense a disk structure src into a file dst:
cndfs -c [(general-option | condense-option)...] src dst
(QNX OS only) Restore a disk structure from the condensed image file src in the destination dst:
cndfs -r [(general-option | restore-option)...] src dst
(QNX OS only) Copy a disk structure from src to dst:
cndfs -M [(general-option | mirror-option)...] src dst
Runs on:
QNX OS, Linux, Microsoft Windows
Options:
General options:
- -?
- Print usage help.
- -C dll
- (QNX OS only) Specify the cache-control DLL to use with direct I/O.
- -i
- (QNX OS only) Display progress information.
- -I
- (QNX OS only) Don't attempt to use direct I/O for reading data.
- -O
- (QNX OS only) Don't attempt to use direct I/O for writing data.
- -p name
- (QNX OS only) Write progress information to a shared-memory object.
- -t name[:name...]
- (QNX OS only) Allocate memory for direct I/O from typed memory pool. The default is
sysram&below4G
.
- -v
- Increase verbosity.
Condense options:
- -b num
- Don't compress clusters if the ratio of compressed to original size is greater than the percentage value of num. The default value is 90.
- -d num
- Specify the data hashing method. The value of num must be in the range from 0 through 10. The default is 4.
- -D
- Compress the payload data using LZO compression.
- -h num
- Specify the header hashing method. The value of num must be in the range from 0 through 6. The default is 4.
- -K dll[,args]
- (QNX OS only) Specify a DLL with a user-defined function to provide the key to use for data decryption. Optionally, an arguments string can be added that is passed to the key provider function.
- -m num
- Specify the metadata hashing method. The value of num must be in the range from 0 through 6. The default is 4.
- -P passwd
- Specify the password to use for data encryption.
- -R
- Resort to raw mode if no supported input type is detected. Specify -RR to force raw mode.
- -Q
- Further interpret and condense contents of a QNX Trusted Disk (QTD).
- -s size
- Specify the cluster size in bytes. The default is 1MiB.
Restore options:
- -K dll[,args]
- Specify a DLL with a user-defined function to provide the key to use for data decryption. Optionally, an arguments string can be added that is passed to the key provider function.
- -P passwd
- Specify the password to use for data decryption.
- -q
- Assume streamed input. Doesn't support direct I/O.
- -V
- Verify written data during restoration.
Mirror options:
- -R
- Resort to raw mode if no supported input type is detected. Specify -RR to force raw mode.
- -s size
- Specify the copy chunk size in bytes. The default is 1MiB.
- -V
- Verify written data.
Description:
The cndfs utility condenses, restores, or mirrors individual filesystems or entire disks. It also allows:
- compressing and/or encrypting the payload data
- verification of data and metadata using one of the various hash methods
The types of disk structures that can be condensed are:
- Power-Safe filesystem (fs-qnx6)
- Linux EXT2 filesystem
- MBR partition tables (currently only primary partitions)
- QTD containers (refer to the "More information on certain options" section below)
Condensing
To condense a disk, the cndfs utility detects the input type (e.g. partitioning, filesystem). These container-type inputs recursively create subregions and interpret them individually. Each of the recognized input types determine and report the extents (actively used areas) to the condenser. The extents' data is treated as one large stream, which is cut into clusters that can be compressed, encrypted, and written to the file image.
Restoring
Restoring a disk structure is the opposite of condensation. The uncondenser reads each cluster, decrypts it, and then uncompresses its payload data. It combines this data into one logical stream. This stream is divided into extents which are written to the target medium.
Mirroring
Mirroring creates a copy of a disk structure without copying any currently unused areas. The mirror operation uses the condenser front-end to determine all relevant extents within the input, and then copies these directly onto the target device.
More information on certain options
By default, QTD input is treated as raw data, which cndfs doesn't condense. However, you can specify the -Q option so that cndfs interprets the contents of a QTD, but only stores its unused areas. When doing this, proceed with caution; ensure that the QTD's unused areas are identical on both the source and the target. To do so, you should create the input with a filesystem image creator tool (e.g. mksquashfsimg) and ensure that the target device is set to all zeroes.
If you use the -p option with cndfs, the shared memory object is created or opened and progress information is provided. The header file sys/cndfs.h defines structure types that contain the progress information. This header file also contains file information and inline functions to present the information while ensuring data integrity.
If you use the -K dll option, cndfs
loads the shared object named dll and looks for the function
cndfs_key_provider()
. After it is called, this function retrieves a key to use in
encryption or decryption. The prototype for this function is provided in sys/cndfs.h.
Hashing and encryption methods
The following hashing and encryption methods are currently supported by the cndfs utility:
Number | Name | Key length (bytes) |
---|---|---|
0 | none | 0 |
1 | CRC32 | 0 |
2 | MD5 | 0 |
3 | SHA224 | 0 |
4 | SHA256 | 0 |
5 | SHA384 | 0 |
6 | SHA512 | 0 |
7 | AES256-GCM | 32 |
8 | AES256-CBC | 32 |
9 | AES128-GCM | 16 |
10 | AES128-CBC | 16 |
Examples:
Condense the filesystem on /dev/hd1t179 into the image file myimage.cd:
cndfs -c /dev/hd1t179 myimage.cd
Condense filesystem images:
mkqnx6fsimg myfsys.bld myfsys.fsi
cndfs -c myfsys.fsi myimage.cd
Condense /dev/hd1t179 into myimage.cd, using a cluster size of 2MB:
cndfs -c -s2m /dev/hd1t179 myimage.cd
Condense /dev/hd1t179 into myimage.cd and print some information:
cndfs -c -v /dev/hd1t179 myimage.cd
Condense /dev/hd1t179 into myimage.cd. Don't use direct I/O to read from the source partition:
cndfs -c -I /dev/hd1t179 myimage.cd
Condense /dev/hd1t179 into myimage.cd and compress the payload data:
cndfs -c -D /dev/hd1t179 myimage.cd
Condense, using CRC32 checksums for header and metadata:
cndfs -c -h1 -m1 /dev/hd1t179 myimage.cd
Condense, using AES256-GCM encryption for payload data. Retrieve the key via a callback into the key-provider DLL keydll.so, passing foobar as argument arg into cndfs_key_provider():
cndfs -c -d7 -K keydll.so,foobar /dev/hd1t179 myimage.cd
Condense and provide progress information in /dev/shmem/cdprg:
cndfs -c -p cdprg /dev/hd1t179 myimage.cd
Condense, using AES256-GCM encryption for payload data and foobar as the password:
cndfs -c -d7 -P foobar
Uncondense the image created in the previous example:
cndfs -r -P foobar myimage.cd /dev/hd2t178
Uncondense the filesystem in myimage.cd onto partition /dev/hd2t178:
cndfs -r myimage.cd /dev/hd2t178
Uncondense myimage.cd into partition /dev/hd2t178 without using direct I/O to write onto the target device:
cndfs -r -O myimage.cd /dev/hd2t178
Uncondense, reading back and verifying each block written:
cndfs -r -V myimage.cd /dev/hd2t178