Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
IPMI-PET(8)			System Commands			   IPMI-PET(8)

NAME
       IPMI - IPMI Platform Event Trap Interpreter

SYNOPSIS
       ipmi-pet	[OPTION...] [SPECIFIC TRAP] [VARIABLE BINDING HEX BYTES	...]

DESCRIPTION
       Ipmi-pet	interprets hex bytes from a platform event trap	(PET) and out-
       puts a string representing its contents.	Hex values may be input	on the
       command	line, a	file via the --file option, or via stdin if neither of
       the previous are	specified.

       Ipmi-pet	is commonly used in conjunction	with an	SNMP  trap  daemon  to
       intrepret  the  results	from  an IPMI PET trap captured	by the daemon.
       While ipmi-pet could be called directly from such a daemon, typically a
       script  is called to parse the SNMP daemon's output and convert it into
       a form that can be input	into ipmi-pet.	On some	systems, you may  wish
       to also send a PET acknowledge to a remote system to inform it the trap
       was received and	parsed.	One can	be sent	 using	the  --pet-acknowledge
       option.

       While an	IPMI session is	not required to	interpret a PET, data from the
       sensor data repository (SDR) is required	to properly  interpret	sensor
       names  and other	information in the PET.	IPMI session configuration be-
       low, such as driver, hostname, username,	etc. should be	configured  to
       load  the SDR of	the host where the trap	originated.  If	this is	diffi-
       cult to perform,	it may be wise to cache	and load a specific SDR	 cache
       using  the --sdr-cache-file option.  If the SDR is difficult to obtain,
       the --ignore-sdr-cache option can be specified so that an SDR will  not
       be  loaded,  and	 an IPMI session will not be required. The PET will be
       interpreted as best as possible given no	 SDR.  The  --ignore-sdr-cache
       option  may affect other	options	such as	--interpret-oem-data too. Some
       options,	such as	--manufacturer-id and --product-id may alleviate  some
       of these	issues.

       If  the	SNMP daemon does not output a SNMPv1 specific trap on its own,
       it is typically output as the last element of the OID  in  SNMPv2.   If
       for  some  reason a specific trap cannot	be determined, the value of NA
       may be input for	the specific trap to indicate  it  is  not  available.
       Ipmi-pet	will output as much as possible	based on the variable bindings
       information. Some of the	specific trap information may be obtained  via
       SDR information.

       Listed  below  are general IPMI options,	tool specific options, trouble
       shooting	information, workaround	information, examples, and  known  is-
       sues. For a general introduction	to FreeIPMI please see freeipmi(7).

GENERAL	OPTIONS
       The following options are general options for configuring IPMI communi-
       cation and executing general tool commands.

       -D IPMIDRIVER, --driver-type=IPMIDRIVER
	      Specify the driver type to use instead of	doing an  auto	selec-
	      tion.   The  currently  available	 outofband drivers are LAN and
	      LAN_2_0, which perform IPMI 1.5 and IPMI 2.0  respectively.  The
	      currently	 available  inband  drivers  are  KCS, SSIF, OPENIPMI,
	      SUNBMC, and INTELDCMI.

       --disable-auto-probe
	      Do not probe in-band IPMI	devices	for default settings.

       --driver-address=DRIVER-ADDRESS
	      Specify the in-band driver address to be	used  instead  of  the
	      probed  value. DRIVER-ADDRESS should be prefixed with "0x" for a
	      hex value	and '0'	for an octal value.

       --driver-device=DEVICE
	      Specify the in-band driver device	path to	be used	instead	of the
	      probed path.

       --register-spacing=REGISTER-SPACING
	      Specify  the  in-band  driver  register  spacing	instead	of the
	      probed value. Argument is	in bytes (i.e. 32bit register  spacing
	      =	4)

       --target-channel-number=CHANNEL-NUMBER
	      Specify  the  in-band  driver target channel number to send IPMI
	      requests to.

       --target-slave-address=SLAVE-ADDRESS
	      Specify the in-band driver target	slave number to	send IPMI  re-
	      quests to.

       -h IPMIHOST, --hostname=IPMIHOST[:PORT]
	      Specify  the  remote  host to communicate	with. An optional port
	      can be specified,	which may be useful in port forwarding or sim-
	      ilar situations. If specifying an	IPv6 address and port, use the
	      format [ADDRESS]:PORT.

       -u USERNAME, --username=USERNAME
	      Specify the username to use when authenticating with the	remote
	      host.  If	not specified, a null (i.e. anonymous) username	is as-
	      sumed. The user must have	atleast	OPERATOR privileges  in	 order
	      for this tool to operate fully.

       -p PASSWORD, --password=PASSWORD
	      Specify the password to use when authenticationg with the	remote
	      host.  If	not specified, a null  password	 is  assumed.  Maximum
	      password length is 16 for	IPMI 1.5 and 20	for IPMI 2.0.

       -P, --password-prompt
	      Prompt  for  password  to	 avoid	possibility  of	 listing it in
	      process lists.

       -k K_G, --k-g=K_G
	      Specify the K_g BMC key to use when authenticating with the  re-
	      mote host	for IPMI 2.0. If not specified,	a null key is assumed.
	      To input the key in hexadecimal form,  prefix  the  string  with
	      '0x'.  E.g.,  the	 key  'abc' can	be entered with	the either the
	      string 'abc' or the string '0x616263'

       -K, --k-g-prompt
	      Prompt for k-g to	avoid possibility of  listing  it  in  process
	      lists.

       --session-timeout=MILLISECONDS
	      Specify  the  session timeout in milliseconds. Defaults to 20000
	      milliseconds (20 seconds)	if not specified.

       --retransmission-timeout=MILLISECONDS
	      Specify the packet retransmission	timeout	in  milliseconds.  De-
	      faults to	1000 milliseconds (1 second) if	not specified. The re-
	      transmission timeout cannot be larger than the session timeout.

       -a AUTHENTICATION-TYPE, --authentication-type=AUTHENTICATION-TYPE
	      Specify the IPMI 1.5 authentication type to use.	The  currently
	      available	 authentication	types are NONE,	STRAIGHT_PASSWORD_KEY,
	      MD2, and MD5. Defaults to	MD5 if not specified.

       -I CIPHER-SUITE-ID, --cipher-suite-id=CIPHER-SUITE-ID
	      Specify the IPMI 2.0 cipher suite	ID to use. The Cipher Suite ID
	      identifies a set of authentication, integrity, and confidential-
	      ity algorithms to	use for	IPMI 2.0 communication.	The  authenti-
	      cation  algorithm	 identifies  the  algorithm to use for session
	      setup, the integrity algorithm identifies	the algorithm  to  use
	      for session packet signatures, and the confidentiality algorithm
	      identifies the algorithm to use for payload encryption. Defaults
	      to  cipher  suite	 ID  3	if not specified. The following	cipher
	      suite ids	are currently supported:

	      0	- Authentication Algorithm = None; Integrity Algorithm = None;
	      Confidentiality Algorithm	= None

	      1	 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm =
	      None; Confidentiality Algorithm =	None

	      2	- Authentication Algorithm = HMAC-SHA1;	Integrity Algorithm  =
	      HMAC-SHA1-96; Confidentiality Algorithm =	None

	      3	 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm =
	      HMAC-SHA1-96; Confidentiality Algorithm =	AES-CBC-128

	      6	- Authentication Algorithm = HMAC-MD5; Integrity  Algorithm  =
	      None; Confidentiality Algorithm =	None

	      7	 -  Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
	      HMAC-MD5-128; Confidentiality Algorithm =	None

	      8	- Authentication Algorithm = HMAC-MD5; Integrity  Algorithm  =
	      HMAC-MD5-128; Confidentiality Algorithm =	AES-CBC-128

	      11  - Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
	      MD5-128; Confidentiality Algorithm = None

	      12 - Authentication Algorithm = HMAC-MD5;	Integrity Algorithm  =
	      MD5-128; Confidentiality Algorithm = AES-CBC-128

	      15 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
	      =	None; Confidentiality Algorithm	= None

	      16 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
	      =	HMAC_SHA256_128; Confidentiality Algorithm = None

	      17 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
	      =	HMAC_SHA256_128; Confidentiality Algorithm = AES-CBC-128

       -l PRIVILEGE-LEVEL, --privilege-level=PRIVILEGE-LEVEL
	      Specify the privilege level to be	used. The currently  available
	      privilege	 levels	are USER, OPERATOR, and	ADMIN. Defaults	to OP-
	      ERATOR if	not specified.

       --config-file=FILE
	      Specify an alternate configuration file.

       -W WORKAROUNDS, --workaround-flags=WORKAROUNDS
	      Specify workarounds to vendor compliance issues. Multiple	 work-
	      arounds  can be specified	separated by commas. A special command
	      line flag	of "none", will	indicate no workarounds	(may be	useful
	      for overriding configured	defaults). See WORKAROUNDS below for a
	      list of available	workarounds.

       --debug
	      Turn on debugging.

       -?, --help
	      Output a help list and exit.

       --usage
	      Output a usage message and exit.

       -V, --version
	      Output the program version and exit.

IPMI-PET OPTIONS
       The following options are specific to ipmi-pet.

       -v     Output verbose output. This option will output  event  direction
	      and OEM custom messages from the trap.

       -vv    Output  very  verbose output. This option	will output additional
	      information available in the trap, such  as  GUID,  manufacturer
	      ID, and system ID.

       -vvv   Output  very  very verbose output. This option will output addi-
	      tional information than verbose output.  Most  notably  it  will
	      output  additional  hex  codes to	given information on ambiguous
	      events. For example, it will output Generator ID hex  codes  for
	      sensors without names.

       --pet-acknowledge
	      Send  PET	 acknowledge  using inputted trap data instead of out-
	      putting data. In some circumstances, this	may be useful  to  in-
	      form  a  remote  system  that a trap was received	and parsed. If
	      specified, a hostname must be specified via -h or	--hostname  to
	      inform  ipmi-pet where to	send the acknowledge to. When this op-
	      tion is specified, the SDR cache is not loaded and  is  not  re-
	      quired.

       --file=CMD-FILE
	      Specify  a  file to read PET specific trap and variable bindings
	      hex from instead of command line.

       --output-event-severity
	      Output event severity in output. This  will  add	an  additional
	      output  of an event severity. The	outputs	may be Monitor,	Infor-
	      mation, OK, Non-critical condition, Critical condition, or  Non-
	      recoverable  condition.  This  differs from the output of	--out-
	      put-event-state, as event	severity is not	interpreted, it	 is  a
	      value reported in	the SNMP trap. However,	not all	events may re-
	      port a severity, or some manufacturers may not support  the  re-
	      port  of a severity. Event severity will automatically be	output
	      under verbose output.

       --output-event-state
	      Output event state in output. This will add an additional	output
	      reporting	 if  an	event should be	viewed as NOMINAL, WARNING, or
	      CRITICAL.	This differs from the output of	 --output-event-sever-
	      ity,  as this output is an interpreted value that	will be	inter-
	      preted identically to the	--output-event-state output  in	 ipmi-
	      sel(8).	As  long  as an	event interpretation is	supported, all
	      events will have outputted state.	The event state	is  an	inter-
	      preted   value   based   on   the	 configuration	file  /usr/lo-
	      cal/etc/freeipmi/freeipmi_interpret_sel.conf and the  event  di-
	      rection.	See  freeipmi_interpret_sel.conf(5)  for more informa-
	      tion.

       --event-state-config-file=FILE
	      Specify an alternate event state configuration file. Option  ig-
	      nored if --output-event-state not	specified.

       --manufacturer-id=NUMBER
	      Specify a	specific manufacturer id to assume. Useful if you wish
	      to specify --interpret-oem-data, but the manufacturer id	cannot
	      be  determined  by  IPMI	access or is not available in the SNMP
	      trap.  The manufacturer id of a motherboard  can	be  determined
	      with  bmc-info(8).  If this option is specified, so must --prod-
	      uct-id.

       --product-id=NUMBER
	      Specify a	specific product id to assume. Useful if you  wish  to
	      specify  --interpret-oem-data,  but the product id cannot	be de-
	      termined by IPMI access or is not	available in  the  SNMP	 trap.
	      The  product  id	of  a  motherboard can be determined with bmc-
	      info(8).	If  this  option  is  specified,  so  must  --manufac-
	      turer-id.

       --interpret-oem-data
	      Attempt  to interpret OEM	data, such as event data, sensor read-
	      ings, or general extra info, etc.	If an  OEM  interpretation  is
	      not available, the default output	will be	generated. Correctness
	      of OEM interpretations cannot be	guaranteed  due	 to  potential
	      changes OEM vendors may make in products,	firmware, etc. See OEM
	      INTERPRETATION below for confirmed supported motherboard	inter-
	      pretations.

       --entity-sensor-names
	      Output  sensor  names prefixed with their	entity id and instance
	      number when appropriate. This may	be necessary on	 some  mother-
	      boards  to help identify what sensors are	referencing. For exam-
	      ple, a motherboard may have multiple sensors named  'TEMP'.  The
	      entity  id  and  instance	 number	 may help clarify which	sensor
	      refers to	"Processor 1" vs. "Processor 2".

       --no-sensor-type-output
	      Do not show sensor type output for each entry. On	many  systems,
	      the sensor type is redundant to the name of the sensor. This can
	      especially be true if --entity-sensor-names  is  specified.   If
	      the  sensor  name	 is sufficient,	or if the sensor type is of no
	      interest to the user, this option	can be specified  to  condense
	      output.

       --comma-separated-output
	      Output fields in comma separated format.

       --no-header-output
	      Do not output column headers. May	be useful in scripting.

       --non-abbreviated-units
	      Output  non-abbreviated  units (e.g. 'Amps' instead of 'A'). May
	      aid  in  disambiguation  of  units  (e.g.	 'C'  for  Celsius  or
	      Coulombs).

SDR CACHE OPTIONS
       This tool requires access to the	sensor data repository (SDR) cache for
       general operation. By default, SDR data will be downloaded  and	cached
       on the local machine. The following options apply to the	SDR cache.

       --flush-cache
	      Flush  a	cached	version	 of  the  sensor data repository (SDR)
	      cache. The SDR is	typically cached for faster subsequent access.
	      However,	it  may	need to	be flushed and re-generated if the SDR
	      has been updated on a system.

       --quiet-cache
	      Do not output information	about cache creation/deletion. May  be
	      useful in	scripting.

       --sdr-cache-recreate
	      If the SDR cache is out of date or invalid, automatically	recre-
	      ate the sensor data repository (SDR) cache. This option  may  be
	      useful for scripting purposes.

       --sdr-cache-file=FILE
	      Specify a	specific sensor	data repository	(SDR) cache file to be
	      stored or	read from. If this option is used when multiple	 hosts
	      are  specified,  the  same  SDR  cache file will be used for all
	      hosts.

       --sdr-cache-directory=DIRECTORY
	      Specify an alternate directory for sensor	data repository	 (SDR)
	      caches to	be stored or read from.	Defaults to the	home directory
	      if not specified.

       --ignore-sdr-cache
	      Ignore SDR cache related processing. May lead to	incomplete  or
	      less  useful  information	 being	output,	 however it will allow
	      functionality for	systems	without	SDRs or	when the  correct  SDR
	      cannot be	loaded.

GENERAL	TROUBLESHOOTING
       Most often, IPMI	problems are due to configuration problems.

       IPMI  over  LAN	problems  involve a misconfiguration of	the remote ma-
       chine's BMC.  Double check to make sure the  following  are  configured
       properly	 in  the remote	machine's BMC: IP address, MAC address,	subnet
       mask, username, user enablement,	user privilege,	password,  LAN	privi-
       lege,  LAN enablement, and allowed authentication type(s). For IPMI 2.0
       connections, double check to make sure the  cipher  suite  privilege(s)
       and  K_g	 key  are  configured properly.	The ipmi-config(8) tool	can be
       used to check and/or change these configuration settings.

       Inband IPMI problems are	 typically  caused  by	improperly  configured
       drivers or non-standard BMCs.

       In  addition  to	the troubleshooting tips below,	please see WORKAROUNDS
       below to	also if	there are any vendor specific bugs that	have been dis-
       covered and worked around.

       Listed below are	many of	the common issues for error messages.  For ad-
       ditional	support, please	e-mail	the  <freeipmi-users@gnu.org>  mailing
       list.

       "username  invalid"  - The username entered (or a NULL username if none
       was entered) is not available on	the remote machine.  It	 may  also  be
       possible	the remote BMC's username configuration	is incorrect.

       "password  invalid"  - The password entered (or a NULL password if none
       was entered) is not correct. It may also	be possible the	 password  for
       the user	is not correctly configured on the remote BMC.

       "password  verification timeout"	- Password verification	has timed out.
       A "password invalid" error (described  above)  or  a  generic  "session
       timeout"	(described below) occurred.  During this point in the protocol
       it cannot be differentiated which occurred.

       "k_g invalid" - The K_g key entered (or a NULL K_g key if none was  en-
       tered)  is not correct. It may also be possible the K_g key is not cor-
       rectly configured on the	remote BMC.

       "privilege level	insufficient" -	An IPMI	command	requires a higher user
       privilege  than	the one	authenticated with. Please try to authenticate
       with a higher privilege.	This may require authenticating	to a different
       user which has a	higher maximum privilege.

       "privilege  level  cannot  be  obtained	for this user" - The privilege
       level you are attempting	to authenticate	with is	higher than the	 maxi-
       mum  allowed for	this user. Please try again with a lower privilege. It
       may also	be possible the	maximum	privilege level	allowed	for a user  is
       not configured properly on the remote BMC.

       "authentication	type  unavailable for attempted	privilege level" - The
       authentication type you wish to authenticate with is not	available  for
       this privilege level. Please try	again with an alternate	authentication
       type or alternate privilege level. It may also be possible  the	avail-
       able  authentication  types you can authenticate	with are not correctly
       configured on the remote	BMC.

       "cipher suite id	unavailable" - The cipher suite	id you wish to authen-
       ticate  with  is	not available on the remote BMC. Please	try again with
       an alternate cipher suite id. It	may also be possible the available ci-
       pher suite ids are not correctly	configured on the remote BMC.

       "ipmi  2.0 unavailable" - IPMI 2.0 was not discovered on	the remote ma-
       chine. Please try to use	IPMI 1.5 instead.

       "connection timeout" - Initial IPMI communication failed. A  number  of
       potential errors	are possible, including	an invalid hostname specified,
       an IPMI IP address cannot be resolved, IPMI is not enabled on  the  re-
       mote server, the	network	connection is bad, etc.	Please verify configu-
       ration and connectivity.

       "session	timeout" - The IPMI session has	timed out.  Please  reconnect.
       If this error occurs often, you may wish	to increase the	retransmission
       timeout.	Some remote BMCs are considerably slower than others.

       "device not found" - The	specified device could not  be	found.	Please
       check configuration or inputs and try again.

       "driver	timeout"  -  Communication with	the driver or device has timed
       out. Please try again.

       "message	timeout" - Communication with the driver or device  has	 timed
       out. Please try again.

       "BMC  busy"  - The BMC is currently busy. It may	be processing informa-
       tion or have too	many simultaneous sessions to manage. Please wait  and
       try again.

       "could  not  find inband	device"	- An inband device could not be	found.
       Please check configuration or specify specific device or	driver on  the
       command line.

       "driver timeout"	- The inband driver has	timed out communicating	to the
       local BMC or service processor. The BMC or  service  processor  may  be
       busy or (worst case) possibly non-functioning.

       "internal  IPMI	error" - An IPMI error has occurred that FreeIPMI does
       not know	how to handle. Please e-mail <freeipmi-users@gnu.org>  to  re-
       port the	issue.

WORKAROUNDS
       With  so	 many different	vendors	implementing their own IPMI solutions,
       different vendors may implement their IPMI protocols  incorrectly.  The
       following describes a number of workarounds currently available to han-
       dle discovered compliance issues. When possible,	workarounds have  been
       implemented so they will	be transparent to the user. However, some will
       require the user	to specify a workaround	be used	via the	-W option.

       The hardware listed below may only indicate the hardware	that a problem
       was  discovered on. Newer versions of hardware may fix the problems in-
       dicated below. Similar machines from vendors may	or may not exhibit the
       same  problems.	Different  vendors may license their firmware from the
       same IPMI firmware developer, so	it may	be  worthwhile	to  try	 work-
       arounds listed below even if your motherboard is	not listed.

       If  you	believe	 your hardware has an additional compliance issue that
       needs a workaround to be	implemented, please contact the	FreeIPMI main-
       tainers on <freeipmi-users@gnu.org> or <freeipmi-devel@gnu.org>.

       assumeio	 - This	workaround flag	will assume inband interfaces communi-
       cate with system	I/O rather than	being memory-mapped.  This  will  work
       around  systems	that report invalid base addresses. Those hitting this
       issue may see "device not supported" or "could not find inband  device"
       errors.	Issue observed on HP ProLiant DL145 G1.

       spinpoll	 -  This workaround flag will inform some inband drivers (most
       notably the KCS driver) to spin while polling rather than  putting  the
       process to sleep. This may significantly	improve	the wall clock running
       time of tools because an	operating system scheduler's  granularity  may
       be  much	larger than the	time it	takes to perform a single IPMI message
       transaction. However, by	spinning, your system may be  performing  less
       useful work by not contexting out the tool for a	more useful task.

       authcap	- This workaround flag will skip early checks for username ca-
       pabilities, authentication capabilities,	and K_g	support	and allow IPMI
       authentication to succeed. It works around multiple issues in which the
       remote system does not properly report username capabilities, authenti-
       cation  capabilities,  or  K_g status. Those hitting this issue may see
       "username invalid",  "authentication  type  unavailable	for  attempted
       privilege  level",  or  "k_g  invalid"  errors.	Issue observed on Asus
       P5M2/P5MT-R/RS162-E4/RX4,   Intel   SR1520ML/X38ML,   and   Sun	  Fire
       2200/4150/4450 with ELOM.

       nochecksumcheck	- This workaround flag will tell FreeIPMI to not check
       the checksums returned from IPMI	command	 responses.  It	 works	around
       systems that return invalid checksums due to implementation errors, but
       the packet is otherwise valid. Users are	cautioned on the use  of  this
       option,	as  it	removes	 validation of packet integrity	in a number of
       circumstances. However, it is unlikely to be an issue  in  most	situa-
       tions.  Those hitting this issue	may see	"connection timeout", "session
       timeout", or "password verification timeout" errors. On IPMI  1.5  con-
       nections,  the  "noauthcodecheck" workaround may	also needed too. Issue
       observed	on Supermicro X9SCM-iiF, Supermicro  X9DRi-F,  and  Supermicro
       X9DRFR.

       idzero  -  This	workaround flag	will allow empty session IDs to	be ac-
       cepted by the client. It	works around IPMI sessions that	 report	 empty
       session	IDs  to	 the client. Those hitting this	issue may see "session
       timeout"	errors.	Issue observed on Tyan S2882 with M3289	BMC.

       unexpectedauth -	This workaround	flag will  allow  unexpected  non-null
       authcodes  to  be checked as though they	were expected. It works	around
       an issue	when packets contain non-null authentication  data  when  they
       should  be  null	due to disabled	per-message authentication. Those hit-
       ting this issue may see "session	timeout"  errors.  Issue  observed  on
       Dell PowerEdge 2850,SC1425. Confirmed fixed on newer firmware.

       forcepermsg  -  This workaround flag will force per-message authentica-
       tion to be used no matter what is advertised by the remote  system.  It
       works  around an	issue when per-message authentication is advertised as
       disabled	on the remote system, but it is	actually required for the pro-
       tocol.  Those hitting this issue	may see	"session timeout" errors.  Is-
       sue observed on IBM eServer 325.

       endianseq - This	workaround flag	will flip the endian  of  the  session
       sequence	 numbers  to  allow the	session	to continue properly. It works
       around IPMI 1.5 session sequence	numbers	that  are  the	wrong  endian.
       Those  hitting  this  issue may see "session timeout" errors. Issue ob-
       served on some Sun ILOM 1.0/2.0 (depends	on service processor endian).

       noauthcodecheck - This workaround flag will tell	FreeIPMI to not	 check
       the  authentication  codes returned from	IPMI 1.5 command responses. It
       works around systems that return	invalid	authentication	codes  due  to
       hashing	or  implementation  errors.  Users are cautioned on the	use of
       this option, as it removes an authentication check verifying the	valid-
       ity of a	packet.	However, in most organizations,	this is	unlikely to be
       a security issue. Those hitting this issue may  see  "connection	 time-
       out",  "session	timeout",  or  "password verification timeout" errors.
       Issue observed on Xyratex FB-H8-SRAY, Intel  Windmill,  Quanta  Winter-
       fell, and Wiwynn	Windmill.

       intel20	- This workaround flag will work around	several	Intel IPMI 2.0
       authentication issues. The issues covered include padding of usernames,
       and  password  truncation  if  the  authentication  algorithm  is HMAC-
       MD5-128.	Those hitting this issue may see "username invalid", "password
       invalid",  or  "k_g  invalid" errors. Issue observed on Intel SE7520AF2
       with Intel Server Management Module (Professional Edition).

       supermicro20 - This workaround flag will	work around several Supermicro
       IPMI  2.0  authentication  issues  on  motherboards  w/	Peppercon IPMI
       firmware. The issues covered include handling invalid length  authenti-
       cation  codes.  Those hitting this issue	may see	"password invalid" er-
       rors.  Issue observed on	Supermicro H8QME  with	SIMSO  daughter	 card.
       Confirmed fixed on newerver firmware.

       sun20 - This workaround flag will work work around several Sun IPMI 2.0
       authentication issues. The issues covered include invalid lengthed hash
       keys,  improperly  hashed keys, and invalid cipher suite	records. Those
       hitting this issue may see "password invalid" or	 "bmc  error"  errors.
       Issue  observed	on Sun Fire 4100/4200/4500 with	ILOM.  This workaround
       automatically includes the "opensesspriv" workaround.

       opensesspriv - This workaround flag will	slightly alter FreeIPMI's IPMI
       2.0 connection protocol to workaround an	invalid	hashing	algorithm used
       by the remote system. The privilege level sent during the Open  Session
       stage of	an IPMI	2.0 connection is used for hashing keys	instead	of the
       privilege level sent during the RAKP1 connection	stage.	Those  hitting
       this  issue may see "password invalid", "k_g invalid", or "bad rmcpplus
       status code" errors.  Issue observed on Sun  Fire  4100/4200/4500  with
       ILOM, Inventec 5441/Dell	Xanadu II, Supermicro X8DTH, Supermicro	X8DTG,
       Intel S5500WBV/Penguin Relion 700,  Intel  S2600JF/Appro	 512X,	Quanta
       QSSC-S4R/Appro  GB812X-CN, and Dell C5220. This workaround is automati-
       cally triggered with the	"sun20"	workaround.

       integritycheckvalue - This workaround flag will work around an  invalid
       integrity check value during an IPMI 2.0	session	establishment when us-
       ing Cipher Suite	ID 0. The integrity check value	should	be  0  length,
       however	the  remote motherboard	responds with a	non-empty field. Those
       hitting this issue may see "k_g invalid"	errors.	Issue observed on  Su-
       permicro	 X8DTG,	 Supermicro  X8DTU,  and Intel S5500WBV/Penguin	Relion
       700, and	Intel S2600JF/Appro 512X.

       assumemaxsdrrecordcount - This workaround will inform  SDR  reading  to
       stop  reading  after  a	known  maximum number of SDR records have been
       read. This will work around systems that	have mis-implemented SDR read-
       ing  functions.	Those hitting this issue may see "SDR record count in-
       valid" errors. Issue observed on	unspecified Inspur motherboard.

       malformedack - This workaround flag will	ignore malformed PET  acknowl-
       edge  responses and assume any PET acknowledge response from the	remote
       machine is valid. It works around remote	systems	that respond with  PET
       acknowledge  requests with invalid/malformed IPMI payloads.  Those hit-
       ting this issue may see "session	timeout" errors	when executing	a  PET
       acknowledge. Issue observed on Dell Poweredge R610.

       No IPMI 1.5 Support - Some motherboards that support IPMI 2.0 have been
       found to	not support IPMI 1.5. Those hitting this issue may  see	 "ipmi
       2.0  unavailable"  or  "connection  timeout"  errors. This issue	can be
       worked around by	using IPMI 2.0	instead	 of  IPMI  1.5	by  specifying
       --driver-type=LAN_2_0. Issue observed on	HP Proliant DL 145.

OEM INTERPRETATION
       The  following  motherboards are	confirmed to have atleast some support
       by the --interpret-oem-data option. While highly	probable the OEM  data
       interpretations	would work across other	motherboards by	the same manu-
       facturer, there are no guarantees. Some of the motherboards  below  may
       be rebranded by vendors/distributors.

       Currently None

EXAMPLES
       Interpret a PET using the local SDR cache.

       #  ipmi-pet  356224  0x44  0x45 0x4c 0x4c 0x50 0x00 0x10	0x59 0x80 0x43
       0xb2 0xc0 0x4f 0x33 0x33	0x58 0x00 0x02 0x19 0xe8 0x7e 0x26  0xff  0xff
       0x20  0x20  0x04	0x20 0x73 0x18 0x00 0x80 0x01 0xff 0x00	0x00 0x00 0x00
       0x00 0x19 0x00 0x00 0x02	0xa2 0x01 0x00 0xc1

       Interpret a PET using a remote SDR cache.

       # ipmi-pet -h ahost -u myusername -p mypassword 356224 0x44  0x45  0x4c
       0x4c  0x50  0x00	0x10 0x59 0x80 0x43 0xb2 0xc0 0x4f 0x33	0x33 0x58 0x00
       0x02 0x19 0xe8 0x7e 0x26	0xff 0xff 0x20 0x20 0x04 0x20 0x73  0x18  0x00
       0x80  0x01  0xff	0x00 0x00 0x00 0x00 0x00 0x19 0x00 0x00	0x02 0xa2 0x01
       0x00 0xc1

       Interpret a PET using a previously stored SDR cache.

       # ipmi-pet 356224 0x44 0x45 0x4c	0x4c 0x50 0x00	0x10  0x59  0x80  0x43
       0xb2  0xc0  0x4f	0x33 0x33 0x58 0x00 0x02 0x19 0xe8 0x7e	0x26 0xff 0xff
       0x20 0x20 0x04 0x20 0x73	0x18 0x00 0x80 0x01 0xff 0x00 0x00  0x00  0x00
       0x00 0x19 0x00 0x00 0x02	0xa2 0x01 0x00 0xc1 --sdr-cache-file=/tmp/mys-
       drcache

       Instead of outputting trap interpretation, send a PET acknowledge using
       the trap	data.

       #  ipmi-pet  -h ahost --pet-acknowledge 356224 0x44 0x45	0x4c 0x4c 0x50
       0x00 0x10 0x59 0x80 0x43	0xb2 0xc0 0x4f 0x33 0x33 0x58 0x00  0x02  0x19
       0xe8  0x7e  0x26	0xff 0xff 0x20 0x20 0x04 0x20 0x73 0x18	0x00 0x80 0x01
       0xff 0x00 0x00 0x00 0x00	0x00 0x19 0x00 0x00 0x02 0xa2 0x01 0x00	0xc1

DIAGNOSTICS
       Upon successful execution, exit status is 0. On error, exit  status  is
       1.

KNOWN ISSUES
       On  older  operating systems, if	you input your username, password, and
       other potentially security relevant information on  the	command	 line,
       this information	may be discovered by other users when using tools like
       the ps(1) command or looking in the /proc file system. It is  generally
       more  secure  to	input password information with	options	like the -P or
       -K options. Configuring security	relevant information in	 the  FreeIPMI
       configuration file would	also be	an appropriate way to hide this	infor-
       mation.

       In order	to prevent brute force attacks,	 some  BMCs  will  temporarily
       "lock  up" after	a number of remote authentication errors. You may need
       to wait awhile in order to this temporary "lock up" to pass before  you
       may authenticate	again.

REPORTING BUGS
       Report bugs to <freeipmi-users@gnu.org> or <freeipmi-devel@gnu.org>.

COPYRIGHT
       Copyright (C) 2011-2015 FreeIPMI	Core Team

       This program is free software; you can redistribute it and/or modify it
       under the terms of the GNU General Public License as published  by  the
       Free  Software Foundation; either version 3 of the License, or (at your
       option) any later version.

SEE ALSO
       freeipmi(7), bmc-info(8), ipmi-config(8), ipmi-sel(8),  freeipmi_inter-
       pret_sel.conf(5)

       http://www.gnu.org/software/freeipmi/

IPMI-PET version 1.6.6		  2020-09-03			   IPMI-PET(8)

NAME | SYNOPSIS | DESCRIPTION | GENERAL OPTIONS | IPMI-PET OPTIONS | SDR CACHE OPTIONS | GENERAL TROUBLESHOOTING | WORKAROUNDS | OEM INTERPRETATION | EXAMPLES | DIAGNOSTICS | KNOWN ISSUES | REPORTING BUGS | COPYRIGHT | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=ipmi-pet&sektion=8&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help