test's Introduction
ipmitool Duncan Laurie [email protected] Overview ======== ipmitool is a utility for managing and configuring devices that support the Intelligent Platform Management Interface. IPMI is an open standard for monitoring, logging, recovery, inventory, and control of hardware that is implemented independent of the main CPU, BIOS, and OS. The service processor (or Baseboard Management Controller, BMC) is the brain behind platform management and its primary purpose is to handle the autonomous sensor monitoring and event logging features. The ipmitool program provides a simple command-line interface to this BMC. It features the ability to read the sensor data repository (SDR) and print sensor values, display the contents of the System Event Log (SEL), print Field Replaceable Unit (FRU) inventory information, read and set LAN configuration parameters, and perform remote chassis power control. Background ========== I originally wrote ipmitool while between projects and employeed at Sun Microsystems. Sun had just embarked on a new line of general-purpose x86 servers that included an OEM Intel board with an IPMIv1.5 BMC on board. It started with an idea that remote chassis power control would be a handy feature for my systems in the lab and from there it grew into a multi- purpose tool that lots of people found useful. I decided to release it under a BSD license and give others the chance to make use of it. ipmitool was not written to provide large-scale (aka Enterprise) management application functionality. The functionality that ipmitool proivides is easily accomplished by sending simple IPMI request messages and parsing the returned response. It is intended to be used by system administrators who like the simplicity and scriptability of command-line utilities, as well as those debugging or developing their own BMC implementations. Requirements ============ Obviously the largest requirement is hardware with a service processor that supports the IPMI specification. Many x86-based servers are now coming with IPMI support, check with your preferred hardware vendor about available products. Once you are certain you have the required hardware, you then need to decide how you want to access the BMC. The most common case involve access through the System Interface or over the LAN. (or serial, but currently ipmitool does not support the serial interface) System Interface ---------------- There are multiple types of system interfaces, but they are all similar enough to allow a single well-designed driver to support them all. Different types of system interfaces include Keyboard Controller Style (KCS), Block Transfer (BT), System Management Interface Chip (SMIC) and SMBus. Different hardware vendors will have different preference and implementations. On Linux the OpenIPMI kernel driver should support all of these system interfaces and it should be a simple matter of loading the right kernel modules and setting up the device node to use it. The driver module names vary slightly in different kernel versions, but for all releases you need these two modules: ipmi_msghandler: incoming and outgoing message handler ipmi_devintf: character device interface to IPMI driver For 2.4.x and early 2.6.x kernels you need to choose a module based on the type of system interface your hardware supports. For example: ipmi_kcs_drv: Keyboard Controller Style driver More recent 2.6.x kernels have combined these into a single module: ipmi_si: a universal IPMI system interface driver See the documentation that comes with your distribution and/or kernel for more information on what kernel modules are required. Once the required modules are loaded and the driver has found a suitable system interface to the BMC then you need to ensure the device node at /dev/ipmi0 is pointing at the correct major number. This is because OpenIPMI is given a dynamically assigned major number when it is loaded, but depending on what other modules are present this number may be anywhere from 254 on down. The easiest way to tell is to check the output of /proc/devices and see what major number the "ipmidev" device is assigned to. There is a sample script included with ipmitool called ipmi.init that can be used to automate this process at bootup. LAN Interface ------------- This is often referred to as "IPMI-over-LAN" and defines how IPMI messages can be sent to and from the BMC encapsulated in Remote Management Control Protocol (RMCP) packets which are then transferred as UDP datagrams. IPMI-over-LAN is only supported with version 1.5 and higher of the IPMI specification. The RMCP packet format is defined by the Alert Standard Forum, and it has been followed up with the RMCP+ protocol that adds encryption and payload support. The IPMIv2 specification was updated accordingly to to support the RMCP+ protocol and brings with it enhanced security with encryption as well as support for Serial over LAN. There are different types of LAN interfaces as well. Some systems have shared management networks where the NIC will intercept UDP packets to port 623 and redirect them to the BMC over SMBUS. This type of LAN interface requires that the BMC be configured with the same settings that the system uses. It also suffers from an increased security risk just by the nature of sharing that interface with normal traffic. I have also seen bugs in some implementations that have rendered the IPMI-over-LAN feature "dangerous" to enable in some situations. (in particular there can be an issue with RPC because it will sometimes choose to use port 623 and you will lose response packets...) There is a sample shell script included with ipmitool called bmclanconf that can be used to simplify the LAN settings configuration process using the System Interface to configure the settings. In some cases the hardware will come with a utility (often a DOS bootable CD) for configuring enabling the LAN interface as well. In order to support the IPMIv2.0 interface you must have an OpenSSL library with the required encryption functions. Recent distributions should have no problems. The IPMIv1.5 interface will attempt to use OpenSSL for MD5 hash function at compile time but if that is not found it will use an internal library. IPMB Dual Bridging in IPMITOOL ------------------------------- IPMI offers a standard messaging interface. The following concepts are related to this messaging interface: Channel type : Communication channel type (SMS/KCS, IPMB, LAN) Channel number : Channel descriptor Requester : Address of the requester Responder : Address of the responder NetFN : The logical function for the request/response. Command : The command number Sequence : An ID identifiying the request/response pair Message tracking : The ability to match request/response pair. When a communication is issued through any of the channels, an application formats a request and expect a response. Direct Command -------------- The simplest form of communication is a "direct command" using SMS/KCS Example: ipmitool raw 6 4 55 00 This send raw command 4 (selftest) from netfn 6(application) to KCS, the driver takes care of 'message tracking' and provides the answer. Hopefully, the application also includes a "human readable" instance of the API: ipmitool mc selftest Selftest: passed Bridged Command --------------- One slightly more complicated communication mode is the so-called "bridged command" using IPMB. Example: ipmitool -m 0x94 -t 0x9a raw 6 4 55 00 or ipmitool -m 0x94 -t 0x9a mc selftest Selftest: passed This still sends the same command 4 (selftest) from netfn 6(application) to the target. However, to do so, the command is encapsulated (by the driver) and sent using the command 0x34 (send message) from netfn 6(application) to KCS. Then KCS is polled by the driver until a message has been received, then the driver uses command 0x33 (get message). The driver also tracks the message and makes sure the response matches the request. Then it decapsultates the message and gives the response back to the application. Dual Bridged Command -------------------- Things get a little more ugly when the application needs to reach a management controller sitting on an interface (or channel) not directly connected to the BMC/IPMC. In the case the application must encapsulate its message itself and request the IPMC to deal with message tracking itself. Its been working well with IPMITOOL on the LAN interface with: ipmitool -H <ip> -U <user> -P <password> -B 0 -T 0x8a -m 0x20 -t 0x7a -b 7 mc selftest However, trying to dual bridge commands locally with : ipmitool -B 0 -T 0x9a -m 0x94 -t 0x7a -b 7 mc selftest didn't work (it returned the same data as ipmitool -m 0x20 -t 0x7a -b 7 mc selftest ) The reason was that the "openipmi" interface pluging didn't encapsulate/decapsulate the message and didn't even detect the intent to double bridge the request. ./src/ipmitool -B 0 -T 0x8a -m 0x94 -t 0x7a -b 7 mc selftest -B 0 : transit channel for first bridge level (channel 0: IPMB-0) -T 0x8a : transit destination address (remote IPMC address) -m 0x94 : source address (local IPMC address on IPMB-0) -t 0x7a : remote target (AMC IPMB-L address) -b 7 : remote channel (channel 7: IPMB-L) The transit source address (remote IPMC address on remote channel) is automatically assigned by the remote IPMC. Payload Size Limit ------------------ Because some commands return a lot of data (fru read/get sdr) and because 2 levels of encapsulation are used, some command will fail. For instance this works. ipmitool -H <ip> -U <user> -P <password> -B 0 -T 0x8a -m 0x94 -t 0x7a -b 7 mc selftest but this does not: ipmitool -H <ip> -U <user> -P <password> -B 0 -T 0x8a -m 0x94 -t 0x7a -b 7 fru print. Usage ===== All invocations of ipmitool require specifying an interface to use, unless you want to use the default interface as set at compile time. Each call must also specify a command to run. You can see the list of supported interfaces and which is default as well as a list of top level commands in the usage output available with the -h option: usage: ipmitool [options...] <command> -h This help -V Show version information -v Verbose (can use multiple times) -c Display output in comma separated format -I intf Interface to use -H hostname Remote host name for LAN interface -p port Remote RMCP port [default=623] -L level Remote session privilege level [default=USER] -A authtype Force use of authtype NONE, PASSWORD, MD2 or MD5 -U username Remote session username -P password Remote session password -f file Read remote session password from file -a Prompt for remote password -E Read password from IPMI_PASSWORD environment variable -m address Set local IPMB address -t address Bridge request to remote target address Interfaces: open Linux OpenIPMI Interface [default] imb Intel IMB Interface lan IPMI v1.5 LAN Interface lanplus IPMI v2.0 RMCP+ LAN Interface Commands: raw Send a RAW IPMI request and print response lan Configure LAN Channels chassis Get chassis status and set power state event Send pre-defined events to BMC bmc Print BMC status and configure global enables sdr Print Sensor Data Repository entries and readings sensor Print detailed sensor information fru Print built-in FRU and scan SDR for FRU locators sel Print System Evelnt Log sol Configure IPMIv2.0 Serial-over-LAN user Configure BMC users channel Configure BMC channels session Print session information shell Launch interactive IPMI shell exec Run list of commands from file set Set runtime variable for shell and exec Commands ======== More help on the supported commands can be found by running them with the help argument, for example "chassis help". There are a few commands with special meaning: > shell: This command will launch an shell interface to the ipmitool command set. You can use this for interactively entering commands to monitor system status. An example session: # ipmitool -I open shell ipmitool> chassis status System Power : off Power Overload : false Power Interlock : inactive Main Power Fault : false Power Control Fault : false Power Restore Policy : always-off Last Power Event : command Chassis Intrusion : active Front-Panel Lockout : inactive Drive Fault : false Cooling/Fan Fault : false ipmitool> user list 7 ID Name Callin Link Auth IPMI Msg Channel Priv Limit 1 true false true ADMINISTRATOR ipmitool> exit > exec: This command will read a text file and execute ipmitool commands in sequence. It can be used for scriptable commands: # cat lansetup.scr lan set 7 ipsrc static lan set 7 ipaddr 10.1.1.10 lan set 7 netmask 255.255.255.0 lan set 7 defgw ipaddr 10.1.1.254 # ipmitool -I open exec lansetup.scr Setting LAN IP Address to 10.1.1.10 Setting Lan Subnet Mask to 255.255.255.0 Setting Lan Default Gateway IP to 10.1.1.254 > set: This command can be used by the shell and exec modes to configure various session parameters: hostname <host> Session hostname username <user> Session username password <pass> Session password privlvl <level> Session privilege level force authtype <type> Authentication type force localaddr <addr> Local IPMB address targetaddr <addr> Remote target IPMB address port <port> Remote RMCP port csv [level] enable output in comma separated format verbose [level] Verbose level # cat getstatus.scr set hostname sf-v20z-1 set password admin chassis status # ipmitool -I lan exec getstatus.scr Set session hostname to lx50 Set session password System Power : off Power Overload : false Power Interlock : inactive Main Power Fault : false Power Control Fault : false Power Restore Policy : always-off Last Power Event : command Chassis Intrusion : active Front-Panel Lockout : inactive Drive Fault : false Cooling/Fan Fault : false ipmievd ======= Included with ipmitool is another utility called ipmievd that is a daemon which will listen for events from the BMC that are being sent to the SEL and also log those messages to syslog. By default when run (as root) with no arguments it will daemonize and poll on the OpenIPMI device waiting for an event notification. Upon receipt of an event it will log it to syslog with the LOG_LOCAL4 facility. You can test ipmievd by sending test events over the LAN interface with ipmitool: remote# ipmievd local$ ipmitool -I lan -H lx50 -P admin event help usage: event <num> 1 : Temperature - Upper Critical - Going High 2 : Voltage Threshold - Lower Critical - Going Low 3 : Memory - Correctable ECC local$ ipmitool -I lan -H lx50 -P admin event 1 Sending Temperature - Upper Critical - Going High event to BMC local$ ipmitool -I lan -H lx50 -P admin event 2 Sending Voltage Threshold - Lower Critical - Going Low event to BMC local$ ipmitool -I lan -H lx50 -P admin event 3 Sending Memory - Correctable ECC event to BMC remote# tail /var/log/messages (timestamps removed) ipmievd: Waiting for events... ipmievd: Temperature Sensor 30 - Upper Critical - going high ipmievd: Voltage Sensor 60 - Lower Critical - going low ipmievd: Memory Sensor 01 - Correctable ECC Resources ========= IPMItool homepage http://github.com/ipmitool/ipmitool IPMItool manpage https://github.com/ipmitool/ipmitool/blob/master/doc/ipmitool.1.in Intelligent Platform Management Interface specification https://www.intel.com/content/www/us/en/servers/ipmi/ipmi-home.html OpenIPMI project: Linux IPMI kernel driver and userland library http://openipmi.sourceforge.net IPMItool commit archive https://lists.sourceforge.net/lists/listinfo/ipmitool-cvs
test's People
test's Issues
ipmi_lan_set() - help should be re-worked
Reported by: Zdenek Styblik
Original Ticket: ipmitool/bugs/208
There is one big help text in 'lib/ipmi_lanp.c' and then small portions of this help text duplicated in ipmi_lan_set() as well. And they're duplicated even more than once.
This is something that should be reworked.
Suggested fix is to break help text into smaller functions and then call them on demand or all of them if complete help text has to be printed out.
ipmievd not logging correctly for shared sensors
Reported by: Unknown User (*anonymous)
Original Ticket: ipmitool/bugs/275
I've noticed on our systems that ipmievd does not print the correct logging message for drive bay sensors. The drive bays are Compact Sensor (type 2) in the SDR, and indicate that this is a shared record (Share Count = 8).
The SDR has a single entry for drive slots, sensor #80 with share count = 8. The next sensor number in the SDR is #90. When a drive is pulled/inserted, the SEL will contain entries for sensor numbers #8x.
ipmievd will only print correctly for sensor #80 (Slot 0). I've traced this down to ipmi_sdr_find_sdr_by_numtype in lib/ipmi_sdr.c. This function only searches for an exact sensor number to SDR match.
I'm proposing to change ipmi_sdr.c to support reverse lookup of sensor range for shared compact sensors in ipmi_sdr_find_sdr_by_numtype().
Signed-off-by: Jordan Hargrave <[email protected]>
ipmi_fru_read_to_bin() needs a return value
Reported by: Zdenek Styblik
Original Ticket: ipmitool/bugs/134
Function ipmi_fru_read_to_bin() in 'lib/ipmi_fru.c' needs a return value. Since FS operation is involved and since this function is called straight away, return value is a must. As of now, there is no way to determine whether function ended with success or not.
'lib/ipmi_ekanalyzer.c' - is LOG_DEBUG intended?
Reported by: Zdenek Styblik
Original Ticket: ipmitool/bugs/231
There are several cases of ``if (verbose == LOG_DEBUG)'' and I'm wondering whether this intentionaly or not. Because it means user would have to give '-v' times seven to see debug output.
fru unreachable always false
Reported by: ledva
Original Ticket: ipmitool/bugs/213
always false. removing unreachable code.
ipmi_ek_display_board_info_area() - check return value
Reported by: Zdenek Styblik
Original Ticket: ipmitool/bugs/234
Return value of ipmi_ek_display_board_info_area() should be checked by caller as this function will return (-1) on error.
Command % ipmitool fru get ; is not documented
Reported by: Zdenek Styblik
Original Ticket: ipmitool/bugs/147
There is not much to say as subject says it all. % ipmitool fru get; is not documented anywhere - not in help output, not in man page. Its only evidence exists only in the code.
'chassis bootparam' help output should be improved
Reported by: Zdenek Styblik
Original Ticket: ipmitool/bugs/227
The following help output could and should be improved, resp. prefix "flags" with "param #", so it's obvious what has to be supplied to 'chassis bootparam get'.
\# ipmitool chassis bootparam get
bootparam get <param \#>
bootparam set bootflag <flag>
force\_pxe : Force PXE boot
force\_disk : Force boot from default Hard-drive
force\_safe : Force boot from default Hard-drive, request Safe Mode
force\_diag : Force boot from Diagnostic Partition
force\_cdrom : Force boot from CD/DVD
force\_bios : Force boot into BIOS Setup
doc - known issue - ipmitool memory leak
Reported by: Zdenek Styblik
Original Ticket: ipmitool/bugs/250
It should/has to be documented ipmitool leaks memory(ID#3613605) when multiple '-Y' and/or '-a' is/are specified. This can't be fixed without "breaking backwards compatibility"(whatever it means).
Anyway, the only way how to fix this is to limit how many '-Y'/'-a' can be specified/accepted on command line. Perhaps in 1.9 or 2.0? But until it's fixed, memory leak should be documented as a known issue.
replace scanf() with something appropriate
Reported by: Zdenek Styblik
Original Ticket: ipmitool/bugs/270
Replace scanf() calls with something more appropriate and safe. Until replaced, this is an open security hole with nice and lean buffer overflow.
'lib/ipmi_fru.c' - debug messages printed on STDOUT
Reported by: Zdenek Styblik
Original Ticket: ipmitool/bugs/132
Debug messages will end up on STDOUT if turned on. This doesn't look right. This is caused by use of printf() rather than using lprintf(LOG_DEBUG, ...);.
This has to be fixed.
ipmievd: no way to configure logging facility
Reported by: wferi
Original Ticket: ipmitool/bugs/362
Apparently the LOCAL4 syslog facility is hardwired in lib/log.c.
Please include a command line option for changing it.
Actually, I may even implement this if there's consensus on how it should be done, so that my work gets merged.
Does not validate trailing checksum of IPMI responses
Reported by: Rob Swindell
Original Ticket: ipmitool/bugs/142
(v1.8.12) ipmitool does not validate trailing checksum of IPMI responses (the checksum following the response data). E.g. if the MC always responds with a trailling checksum value of 0x00, ipmitool doesn't complain.
fru unsigned errors
Reported by: ledva
Original Ticket: ipmitool/bugs/215
size can't be negative - dead code
the the "-" result in the unsigned storage is never negative
Negotiated integrity/confidentiality algorithms not enforced
Reported by: Rob Swindell
Original Ticket: ipmitool/bugs/139
Ater creating an RMCP+ session with a succesfully negotiated cipher-suite containing an integrity and/or confidentiality (encryption) algorithm (e.g. "-C2 or -C3"), if the management controller responds with non-authenticated/integiryt-protected or non-encrypted IPMI/RMCP+ responses, ipmitool accepts the response as valid.
This is a security flaw in ipmitool but can only be observed with a non-conforming management controller or a malicious man-in-the-middle.
This is an old ipmitool bug, but still exists in v1.8.12.
Cannot clear DCMI asset tag
Reported by: Rob Swindell
Original Ticket: ipmitool/bugs/140
(v1.8.12) There is no mechanism for clearing the Asset Tag. The command 'ipmitool dcmi set_asset_tag ""' doesn't actually do anything". The 'ipmitool dcmi set_mc_id_string' command does not have this problem.
It stands to reason that ipmitool should provide a mechanism to clear (set to 0-length) the DCMI asset tag.
sdr and sensor difrent readings
ipmitool sdr -v
Sensor ID : Temp (0x1)
Entity ID : 3.1 (Processor)
Sensor Type (Analog) : Temperature
Sensor Reading : -69 (+/- 1) degrees C
Status : ok
Nominal Reading : 50.000
Normal Minimum : 11.000
Normal Maximum : 69.000
Upper critical : 90.000
Upper non-critical : 85.000
Positive Hysteresis : 1.000
Negative Hysteresis : 1.000
Minimum sensor range : Unspecified
Maximum sensor range : Unspecified
Event Message Control : Per-threshold
Readable Thresholds : unc ucr
Settable Thresholds :
Threshold Read Mask : unc ucr
Event Status : Event Messages Disabled
Assertion Events :
Event Enable : Event Messages Disabled
Assertions Enabled :
ipmitool sensor -v
Sensor ID : Temp (0x1)
Entity ID : 3.1
Sensor Type (Analog) : Temperature
Sensor Reading : READ ERROR: Device Not Present
Event Status : Event Messages Disabled
Assertion Events :
Event Enable : Event Messages Disabled
Assertions Enabled :
So sdr is reading the entity while sensor doesn't.
Reported by: costake
Original Ticket: "ipmitool/bugs/36":https://sourceforge.net/p/ipmitool/bugs/36
'lib/ipmi_ekanalyzer.c' needs a re-work
Reported by: Duncan Idaho
Original Ticket: ipmitool/bugs/103
There are couple things in 'lib/ipmi_ekanalyzer.c' that would use re-work. I've noticed only print-outs.
Why???
static void
ipmi\_ekanalyzer\_usage\( void \)
\{
char \* help\_message =
"Ekeying analyzer tool version 1.00 \n\
ekanalyzer Commands: \n\
print \[carrier | power | all\] <oc=filename1> <b1=filename2>... \n\
frushow <b2=filename> \n\
summary \[match | unmatch | all\] <oc=filename1> <b1=filename2>... \n\
";
printf\("%s",help\_message\);
fflush\(stdout\);
\}
Typo _argumentS_ + Repetitive -> create function:
printf\("Too few argument\! \n"\);
if \( strcmp\(argv\[argument\_offset\], "print"\) == 0 \)\{
lprintf\(LOG\_ERR, " ekanalyzer print \[carrier/power/all\]"
" <xx=frufile> <xx=frufile> \[xx=frufile\]"
\);
\}
else\{
lprintf\(LOG\_ERR, " ekanalyzer summary \[match/ unmatch/ all\]"
" <xx=frufile> <xx=frufile> \[xx=frufile\]"
\);
\}
Should be at STDERR:
printf\("Too few argument\! \n"\);
\[...\]
printf\("Invalid option '%s'\n", argv\[argument\_offset\]\);
\[...\]
if \( \!found\_flag \)\{
printf\("No carrier file has been found\n"\);
return\_value = ERROR\_STATUS;
\}
\[...\]
if \( amc\_file == FALSE \)\{
printf\("\nNo AMC FRU file is provided --->" \
" No possible ekeying match\!\n"\);
return\_value = ERROR\_STATUS;
\}
\[...\]
if \( \!oc\_file \)\{
printf\("\nNo Carrier FRU file is provided" \
" ---> No possible ekeying match\!\n"\);
return\_value = ERROR\_STATUS;
\}
\[...\]
else\{
printf\("No amc record is found\!\n"\);
\}
\[...\]
if \( record == NULL \)\{
printf\("NO Carrier p2p connectivity \!\n"\);
return\_status = ERROR\_STATUS;
\}
Perhaps there is more. There is some debug information passed straight to STDOUT; I think it should go to STDERR.
ipmi sol. keepalive not dropping the session
Reported by: ledva
Original Ticket: ipmitool/bugs/154
patch candidate in the bz. please comment.
https://bugzilla.redhat.com/show\_bug.cgi?id=857106
this is rfc on proposed fix to sol keepalives and related findings.
the current code contains comment that payload processor reboot may cause unwanted termination.
right now it does not tear down the session as long as there is no data to send.
when there are no commands pending then no command may fail and the session will persist.
the getdeviceid method is prone to hanging around even after interfering deactivation.
should not the default session live detection method be changed to activation (and quit after 2nd successful) or is there better method of detecting activity?
the retry and timeout are values used at the lanplus session command level
the solretry and soltime values are used for the live check while there is no valid command pending.
also the retry and timeout defaults but that's probably an enhancement.
keep it fixed or get the remote parameters using the info and have the defaults mimic the remote defaults?
also does anyone see why is there timeout = 1 setting?
and using the
'chassis bootparam get PARAM' should be limited
Reported by: Zdenek Styblik
Original Ticket: ipmitool/bugs/228
PARAM in 'chassis bootparam get PARAM' should be limited/locked to range <0..6> as per IPMIv2 specification, PDF, p. 392. There is no reason why ipmitool should accept other values.
lib/ipmi_sdradd.c - ipmi_sdr_add_record() has no response?
Reported by: Duncan Idaho
Original Ticket: ipmitool/bugs/124
ipmi_sdr_add_record() in 'lib/ipmi_sdradd.c' has no response and no check whether SDR add was successful or not which seems to be odd. There should be response as well as check of ccode; both are missing at the moment.
'lib/ipmi_fru.c' - error messages printed on STDOUT
Reported by: Zdenek Styblik
Original Ticket: ipmitool/bugs/131
(Some) error messages are printed out on STDOUT instead STDERR. This is because printf() is used, although lprintf() should be used for all printing in ipmitool. This has to be fixed.
Incorrect requested maximum privilege level in RAKP 1.
Reported by: Unknown User (*anonymous)
Original Ticket: ipmitool/bugs/351
The requested maximum privilege level in RAKP 1 should be depended on the open session response.
The byte 3 of the open session response indicates the "maximum" privilege level allowed for this session based on the cyphite suite.
It means the requested privilege level in RAKP 1 (byte 25) should not higher than the level in the open session response.
In the current implement of ipmitool 1.8.9, the administrator command can be executed in the user level session if requested level in RAKP 1 is ADMIN but the allowed maximum level is USER in open session response.
It is conflict betwenn IPMI definition.
According to the description of byte 25 bit 4 in RAKP 1, BMC will select the minimum level between "requested level", channel level and user level.
ex: ipmitool -I lanplus -H x.x.x.x -C 0 -U root -P root chassis power on
This command can be success executed even if the privilege level of cyphite suite '0' is USER and the level of user 'root' is ADMIN.
slow BMC session setup retransmit leak + possible stale authentication data use
Reported by: ledva
Original Ticket: ipmitool/bugs/281
https://sourceforge.net/p/ipmitool/mailman/message/31657636/
ipmi_picmg_fru_activation - return code on error
Reported by: Zdenek Styblik
Original Ticket: ipmitool/bugs/156
The following should return RC > 0 on error:
if \(rsp->data\[0\] \!= 0x00\) \{
lprintf\(LOG\_ERR, "Error activation/deactivation of FRU."\);
\}
return 0;
\}
"sel add" command does not work
Currently, the sel add from file command does not work for me.
When adding entries to SEL (from file), the tool must first reserve the SEL, and then use the returned reservation code in the sel add command.
Reported by: mdv
Original Ticket: "ipmitool/bugs/37":https://sourceforge.net/p/ipmitool/bugs/37
Raise session privilege level is not necessary.
Reported by: Unknown User (*anonymous)
Original Ticket: ipmitool/bugs/352
Raise session privilege level after the session established in revision 1.41 is not necessary for IPMI 2.0 session, but necessary in 1.5.
According to the IPMI 2.0 session establish flow, BMC creates the session with minimum privilege of requested maximum privilege level in RAKP 1, user maximum privilege and channel maximum privilege.
It means the privilege level is the maximum "allowed" level in the established session.
This command cannot be used to set a privilege level higher than the lowest of the privilege level of the user and the privilege limit of the channel.
Setting sensor thresholds with ipmitool has flaws
Reported by: Unknown User (*anonymous)
Original Ticket: ipmitool/bugs/48
Execute set sensor threshold command to change only one of the thresholds of a sensor. As per IPMI specification, the comparison of thresholds must be in the order LNR < LC < LNC < sensor's reading < UNC < UC < UNR.
So only after comparing the sensor's readings as above the status of the sensor is determined. But with the ipmitool 1.8.11, the status of the sensor changes even if one of the threshold changes.
Example:
1.[root@localhost ~]# ipmitool -H device_ip -U username -P password raw 4 0x26 1 0x20 1 2 3 0xf0 0xf1 4
2. [root@localhost ~]# ipmitool -H device_ip -U username -P password sdr
voltage_33SBV | 3.32 Volts | nr
Voltage_33V | 3.32 Volts | ok
voltage_5V | 4.99 Volts | ok
Voltage_VCC | 2.30 Volts | ok
Fan_Presence | 0x01 | ok
Temp_1 | 26 degrees C | ok
Temp_2 | 26 degrees C | ok
Fan_1 | 5000 RPM | ok
Fan_2 | 5000 RPM | ok
Fan_3 | 5000 RPM | ok
Chassis_Intr | 0x01 | ok
As you can see from the step1, the byte 0x20 indicates that I'm going to set only upper non recoverable threshold and not upper critical and upper non critical values. Still sdr command shows the status of the sensor as Non recoverable (nr) even though UC and UNC values are higher than sensor readings. This applies to all combinations of threholds.
sdr and sensor difrent readings
ipmitool sdr -v
Sensor ID : Temp (0x1)
Entity ID : 3.1 (Processor)
Sensor Type (Analog) : Temperature
Sensor Reading : -69 (+/- 1) degrees C
Status : ok
Nominal Reading : 50.000
Normal Minimum : 11.000
Normal Maximum : 69.000
Upper critical : 90.000
Upper non-critical : 85.000
Positive Hysteresis : 1.000
Negative Hysteresis : 1.000
Minimum sensor range : Unspecified
Maximum sensor range : Unspecified
Event Message Control : Per-threshold
Readable Thresholds : unc ucr
Settable Thresholds :
Threshold Read Mask : unc ucr
Event Status : Event Messages Disabled
Assertion Events :
Event Enable : Event Messages Disabled
Assertions Enabled :
ipmitool sensor -v
Sensor ID : Temp (0x1)
Entity ID : 3.1
Sensor Type (Analog) : Temperature
Sensor Reading : READ ERROR: Device Not Present
Event Status : Event Messages Disabled
Assertion Events :
Event Enable : Event Messages Disabled
Assertions Enabled :
So sdr is reading the entity while sensor doesn't.
Reported by: costake
Original Ticket: "ipmitool/bugs/36":https://sourceforge.net/p/ipmitool/bugs/36
The states of the sensor should be shown specifically
Reported by: Nirmal Kumar
Original Ticket: ipmitool/bugs/52
when the sensor is going high i.e upper critical or lower critical or whatever state, it is just showing that state not whether upper or lower, when we put sensor list
Command % ipmitool fru internaluse; not documented
Reported by: Zdenek Styblik
Original Ticket: ipmitool/bugs/148
Command % ipmitool fru internaluse; is not documented in man page. However, it's documented in % ipmitool fru help;, resp. % ipmitool fru internaluse help;.
ipmi_chassis - eval of 'boot info acknowledge' is incorrect
Reported by: Zdenek Styblik
Original Ticket: ipmitool/bugs/202
Code to blame in 'lib/ipmi_chassis.c':
case 4:
\{
printf\( " Boot Info Acknowledge :\n"\);
if\(\(rsp->data\[3\]&0x1f\) \!= 0\)
\{
if\(\(rsp->data\[3\]&0x10\) == 0x10\)
printf\(" - OEM has handled boot info\n"\);
if\(\(rsp->data\[3\]&0x08\) == 0x08\)
printf\(" - SMS has handled boot info\n"\);
if\(\(rsp->data\[3\]&0x04\) == 0x04\)
printf\(" - OS // service partition has handled boot info\n"\);
if\(\(rsp->data\[3\]&0x02\) == 0x02\)
printf\(" - OS Loader has handled boot info\n"\);
if\(\(rsp->data\[3\]&0x01\) == 0x01\)
printf\(" - BIOS/POST has handled boot info\n"\);
\}
else
\{
printf\(" No flag set\n"\);
\}
\}
IPMI v2 specification p.391 in PDF:
\[7\] - reserved. Write as 1b. Ignore on read.
\[6\] - reserved. Write as 1b. Ignore on read.
\[5\] - reserved. Write as 1b. Ignore on read.
\[4\] - 0b = OEM has handled boot info.
\[3\] - 0b = SMS has handled boot info.
\[2\] - 0b = OS / service partition has handled boot info.
\[1\] - 0b = OS Loader has handled boot info.
\[0\] - 0b = BIOS/POST has handled boot info.
Code in 'lib/ipmi_chassis.c' would be true if ``rsp->data[3]'' got inverted. But it doesn't, so the code in 'lib/ipmi_chassis.c' is invalid/doesn't work.
It also would be worth of checking the whole function and do a re-make/re-write.
fru unreachable
Reported by: ledva
Original Ticket: ipmitool/bugs/214
become dead code with fixed leaks
Special Timestamp Values not supported in DCMI power reading
Reported by: Rob Swindell
Original Ticket: ipmitool/bugs/243
ipmitool "dcmi power reading" command does not support IPMI "Special Timestamp Values" (IPMI 2.0 section 37.1). Timestamp values of 0xffffffff and between 0x00000000 between 0x20000000 should be treated "specially" and *not* parsed
/displayed as a "seconds since epoch" value.
'lib/ipmi_event.c' - return code for help/arguments
Reported by: Zdenek Styblik
Original Ticket: ipmitool/bugs/206
\- if \(argc == 0 || strncmp\(argv\[0\], "help", 4\) == 0\) \{
\- ipmi\_event\_usage\(\);
\- return 0;
\- \}
+ if (argc == 0) {
+ lprintf(LOG_ERR, "Not enough parameters given.");
+ ipmi_event_usage();
+ return (-1);
+ } else if (strncmp(argv[0], "help", 4) == 0) {
+ ipmi_event_usage();
+ return 0;
+ }
This is also wrong:
if (strncmp(argv[0], "file", 4) == 0) {
if (argc < 2) {
ipmi_event_usage();
return 0;
}
return ipmi_event_fromfile(intf, argv[1]);
}
__ipmi_fru_print() - wrong return value?
Reported by: Zdenek Styblik
Original Ticket: ipmitool/bugs/133
The following code looks a bit mixed up, doesn't it?
/\* \_\_ipmi\_fru\_print - Do actual work to print a FRU by its ID
\*
\* @intf: ipmi interface
\* @id: fru id
\*
\* returns -1 on error
\* returns 0 if successful
\* returns 1 if device not present
\*/
static int
\_\_ipmi\_fru\_print\(struct ipmi\_intf \* intf, uint8\_t id\)
\{
rsp = intf->sendrecv\(intf, &req\);
if \(rsp == NULL\) \{
printf\(" Device not present \(No Response\)\n"\);
return -1;
\}
if \(rsp->ccode > 0\) \{
printf\(" Device not present \(%s\)\n",
val2str\(rsp->ccode, completion\_code\_vals\)\);
return -1;
\}
\[...\]
rsp = intf->sendrecv\(intf, &req\);
if \(rsp == NULL\) \{
printf\(" Device not present \(No Response\)\n"\);
return 1;
\}
if \(rsp->ccode > 0\) \{
printf\(" Device not present \(%s\)\n",
val2str\(rsp->ccode, completion\_code\_vals\)\);
return 1;
\}
\[...\]
\}
sdr and sensor difrent readings
Reported by: costake
Original Ticket: ipmitool/bugs/36
ipmitool sdr -v
Sensor ID : Temp (0x1)
Entity ID : 3.1 (Processor)
Sensor Type (Analog) : Temperature
Sensor Reading : -69 (+/- 1) degrees C
Status : ok
Nominal Reading : 50.000
Normal Minimum : 11.000
Normal Maximum : 69.000
Upper critical : 90.000
Upper non-critical : 85.000
Positive Hysteresis : 1.000
Negative Hysteresis : 1.000
Minimum sensor range : Unspecified
Maximum sensor range : Unspecified
Event Message Control : Per-threshold
Readable Thresholds : unc ucr
Settable Thresholds :
Threshold Read Mask : unc ucr
Event Status : Event Messages Disabled
Assertion Events :
Event Enable : Event Messages Disabled
Assertions Enabled :
ipmitool sensor -v
Sensor ID : Temp (0x1)
Entity ID : 3.1
Sensor Type (Analog) : Temperature
Sensor Reading : READ ERROR: Device Not Present
Event Status : Event Messages Disabled
Assertion Events :
Event Enable : Event Messages Disabled
Assertions Enabled :
So sdr is reading the entity while sensor doesn't.
sdr and sensor difrent readings
ipmitool sdr -v
Sensor ID : Temp (0x1)
Entity ID : 3.1 (Processor)
Sensor Type (Analog) : Temperature
Sensor Reading : -69 (+/- 1) degrees C
Status : ok
Nominal Reading : 50.000
Normal Minimum : 11.000
Normal Maximum : 69.000
Upper critical : 90.000
Upper non-critical : 85.000
Positive Hysteresis : 1.000
Negative Hysteresis : 1.000
Minimum sensor range : Unspecified
Maximum sensor range : Unspecified
Event Message Control : Per-threshold
Readable Thresholds : unc ucr
Settable Thresholds :
Threshold Read Mask : unc ucr
Event Status : Event Messages Disabled
Assertion Events :
Event Enable : Event Messages Disabled
Assertions Enabled :
ipmitool sensor -v
Sensor ID : Temp (0x1)
Entity ID : 3.1
Sensor Type (Analog) : Temperature
Sensor Reading : READ ERROR: Device Not Present
Event Status : Event Messages Disabled
Assertion Events :
Event Enable : Event Messages Disabled
Assertions Enabled :
So sdr is reading the entity while sensor doesn't.
Reported by: costake
Original Ticket: "ipmitool/bugs/36":https://sourceforge.net/p/ipmitool/bugs/36
Problem with Send Message response (lan and lanplus)
Reported by: Unknown User (*anonymous)
Original Ticket: ipmitool/bugs/39
ipmi_lan_poll_recv assumes that the two "Send Message" responses will be consecutive. If this is not the case, the second response will be dropped. This was observed when a MicroTCA Shelf Manager sent a "Set Event Receiver" to ipmitool, assuming that it was a Carrier Manager. The "Set Event Receiver" would often appear between the "Send Message" ack and the bridged command response.
I have looked at the code, but I don't see an easy way to fix this.
ipmi_fru_write_from_bin() needs return value
Reported by: Zdenek Styblik
Original Ticket: ipmitool/bugs/135
Function ipmi_fru_write_from_bin() in 'lib/ipmi_fru.c' needs a return value. Since FS operation is involved and since this function is called straight away, return value is a must. As of now, there is no way to determine whether function ended with success or not.
sdr and sensor difrent readings
Reported by: costake
Original Ticket: ipmitool/bugs/36
ipmitool sdr -v
Sensor ID : Temp (0x1)
Entity ID : 3.1 (Processor)
Sensor Type (Analog) : Temperature
Sensor Reading : -69 (+/- 1) degrees C
Status : ok
Nominal Reading : 50.000
Normal Minimum : 11.000
Normal Maximum : 69.000
Upper critical : 90.000
Upper non-critical : 85.000
Positive Hysteresis : 1.000
Negative Hysteresis : 1.000
Minimum sensor range : Unspecified
Maximum sensor range : Unspecified
Event Message Control : Per-threshold
Readable Thresholds : unc ucr
Settable Thresholds :
Threshold Read Mask : unc ucr
Event Status : Event Messages Disabled
Assertion Events :
Event Enable : Event Messages Disabled
Assertions Enabled :
ipmitool sensor -v
Sensor ID : Temp (0x1)
Entity ID : 3.1
Sensor Type (Analog) : Temperature
Sensor Reading : READ ERROR: Device Not Present
Event Status : Event Messages Disabled
Assertion Events :
Event Enable : Event Messages Disabled
Assertions Enabled :
So sdr is reading the entity while sensor doesn't.
The display method of IPMITOOL MC GUID command doesn't match IPMI Spec table 20-10.
Reported by: Roger Hung
Original Ticket: ipmitool/bugs/288
In IPMI Spec table 20-10, GUID bytes are transmitted in ‘network order’ (most-significant byte first) starting with the time low field. But ipmitool display method doesn't match this table format. Also ipmitool uses int32 and int16 to define timestamp (time_low,time_mid,time_hi_and_version) impacted by little endian.
In ipmi_mc.c:519 (ipmitool-1.8.13):
/* Kipp - changed order of last field (node) to follow specification */
printf("System GUID : %08x-%04x-%04x-%04x-%02x%02x%02x%02x%02x%02x\n",
guid.time_low, guid.time_mid, guid.time_hi_and_version,
guid.clock_seq_hi_variant << 8 | guid.clock_seq_low,
guid.node[0], guid.node[1], guid.node[2],
guid.node[3], guid.node[4], guid.node[5]);
fru check return values
Reported by: ledva
Original Ticket: ipmitool/bugs/216
either the patch or maybe modify to tristate return value and the associated code?
Prevent buffer overflow with large ID strings
Reported by: jdelvare
Original Ticket: ipmitool/bugs/350
When IPMI records have ID strings larger than 16 bytes, we have to make sure we only read 16 bytes, because the structures used only have room for that many bytes, and so does the desc buffer.
Note: I made the changes minimal because I am not familiar with the code. But I am really curious why the structures only reserve only 16 bytes for id_string when the IPMI specification says the maximum valid length is 30.
sensor bitmask output incorrect
Reported by: Al Chu
Original Ticket: ipmitool/bugs/47
I believe the output of the sensor bitmasks is incorrect. data[2] represents state offsets 0-7 and data[3] represents state offsets 8-14. So semantically, I believe the output should be:
printf("0x%02x%02x", rsp->data[3], rsp->data[2]);
instead of what is currently done, which is:
printf("| 0x%-8x | %-10s | 0x%02x%02x",
val,
unitstr, rsp->data[2], rsp->data[3]);
It's possible that the original output wanted to output event bitmasks 0-14 in order left to right, but it's actually outputting "7-0,reserved(ie. bit 15),14-8".
Francois Isabelle responded on the mailing list:
"I personally agree but I'm afraid our users are used to this reversed notation."
Fair enough. But it should be documented as a "bug: will not fix" or something like that.
dcmi thermalpolicy help problems
Reported by: Rob Swindell
Original Ticket: ipmitool/bugs/145
1. "dcmi thermalpolicy" only shows "Get <entityID> <instanceID>" as valid argument in help output, when in fact, "Set" is also available.
2. "dcmi thermalpolicy set <entityID> <instanceID>" shows another help screen with all the required parameters and values. This should be shown in the "dcmi thermalpolicy" help output.
review all sscanf() and add return value checking etc.
Reported by: Zdenek Styblik
Original Ticket: ipmitool/bugs/271
Review all sscanf() calls and add return value/errno checks. The reason is security, of course.
ipmi_sdr - ipmi_sdr_print_sensor_oem_intel() needs a re-work
Reported by: Zdenek Styblik
Original Ticket: ipmitool/bugs/203
Code to blame follows. The code is wrong as has been discussed on mailing list:
case 8: /\* SR2300, redundant, PS1 & PS2 present \*/
if \(verbose\) \{
printf\("Power Redundancy : No\n"\);
printf\("Power Supply 2 Sensor : %x\n",
oem->data\[8\]\);
\} else if \(csv\_output\) \{
printf\("Power Redundancy,PS@%02xh,nr\n",
oem->data\[8\]\);
\} else \{
printf
\("Power Redundancy | PS@%02xh | nr\n",
oem->data\[8\]\);
\}
case 9: /\* SR2300, non-redundant, PSx present \*/
if \(verbose\) \{
printf\("Power Redundancy : Yes\n"\);
printf\("Power Supply Sensor : %x\n",
oem->data\[7\]\);
printf\("Power Supply Sensor : %x\n",
oem->data\[8\]\);
\} else if \(csv\_output\) \{
printf
\("Power Redundancy,PS@%02xh + PS@%02xh,ok\n",
oem->data\[7\], oem->data\[8\]\);
\} else \{
printf
\("Power Redundancy | PS@%02xh + PS@%02xh | ok\n",
oem->data\[7\], oem->data\[8\]\);
\}
break;
\}
if \(verbose\)
printf\("\n"\);
break;
Follows copy-paste from Liebig Holger:
\[Liebig, Holger\]
To answer this myself: in http://download.intel.com/support/motherboards/server/sb/imm\_tps\_12.pdf page 200 is a list and description of Intel OEM SDRs including the Power Unit Map SDR type. The same information can be found in a dusty yellow cover document from 2004 for the ESB2 BMC from Intel. A real world SDR including such an OEM SDR can be found on http://communities.intel.com/thread/11855?start=15&tstart=0, so this seems to be a common OEM SDR type for Intel systems.
Based on this information:
\- a break for the case 8 is indeed missing
\- case 8 should output the PSU sensor number from oem->data\[7\] instead of oem->data\[8\] since only one PSU sensor number is available.
\- the comments for case 8 and case 9 are misleading and should be swapped
\- references to specific system codes \(SR2300/SR1300\) could be removed
\- the "redundancy available" information should evaluate the "Power Supplies Required" field of the SDR and not simply rely on the number of PSU sensors being > 1. The sample in table 107 on page 200 requires 2 PSU for the system to work and has 3 PSU sensors \(2+1 redundancy\)
Holger
lib/ipmi_gendev.c - returns 0 on error
Reported by: Duncan Idaho
Original Ticket: ipmitool/bugs/119
It seems functions in 'lib/ipmi_gendev.c' do return 0 even on error. Some example follows:
ipmi\_gendev\_read\_file\(...\) \{
int rc = 0;
\[...\]
if\(counter == \(eeprom\_info.size\)\)
\{
printf\("\r%%100 percent completed\n"\);
\}
else
\{
printf\("\rError: %i percent completed, read not completed \n", percentCompleted\);
\}
fclose\(fp\);
\}
\}
else
\{
lprintf\(LOG\_ERR, "The selected generic device is not an eeprom"\);
\}
return rc;
\}
Check 'lib/ipmi_gendev.c' for similar cases. There is more than just one.
replace scattered fopen() with open()
Reported by: Zdenek Styblik
Original Ticket: ipmitool/bugs/360
This is due to the fact of possible race condition in fopen(). Also, ipmi_open_file() could double if there was a way how to pass mode or whatever. We'll see, but scattered use of fopen() and almost no use of ipmi_open_file(), which does some reasonable(?) FS checks, seems wrong.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.