1IPMI-PET(8) System Commands IPMI-PET(8)
2
3
4
6 IPMI - IPMI Platform Event Trap Interpreter
7
9 ipmi-pet [OPTION...] [SPECIFIC TRAP] [VARIABLE BINDING HEX BYTES ...]
10
12 Ipmi-pet interprets hex bytes from a platform event trap (PET) and out‐
13 puts a string representing its contents. Hex values may be input on the
14 command line, a file via the --file option, or via stdin if neither of
15 the previous are specified. Ipmi-pet is commonly used in conjunction
16 with an SNMP trap daemon to intrepret the results from an IPMI PET trap
17 captured by the daemon. While ipmi-pet could be called directly from
18 such a daemon, typically a script is called to parse the SNMP daemon's
19 output and convert it into a form that can be input into ipmi-pet. On
20 some systems, you may wish to also send a PET acknowledge to a remote
21 system to inform it the trap was received and parsed. One can be sent
22 using the --pet-acknowledge option. While an IPMI session is not
23 required to interpret a PET, data from the sensor data repository (SDR)
24 is required to properly interpret sensor names and other information in
25 the PET. IPMI session configuration below, such as driver, hostname,
26 username, etc. should be configured to load the SDR of the host where
27 the trap originated. If this is difficult to perform, it may be wise
28 to cache and load a specific SDR cache using the --sdr-cache-file
29 option. If the SDR is difficult to obtain, the --ignore-sdr-cache
30 option can be specified so that an SDR will not be loaded, and an IPMI
31 session will not be required. The PET will be interpreted as best as
32 possible given no SDR. The --ignore-sdr-cache option may affect other
33 options such as --interpret-oem-data too. Some options, such as --manu‐
34 facturer-id and --product-id may alleviate some of these issues. If
35 the SNMP daemon does not output a SNMPv1 specific trap on its own, it
36 is typically output as the last element of the OID in SNMPv2. If for
37 some reason a specific trap cannot be determined, the value of NA may
38 be input for the specific trap to indicate it is not available. Ipmi-
39 pet will output as much as possible based on the variable bindings
40 information. Some of the specific trap information may be obtained via
41 SDR information.
42
43 Listed below are general IPMI options, tool specific options, trouble
44 shooting information, workaround information, examples, and known
45 issues. For a general introduction to FreeIPMI please see freeipmi(7).
46
48 The following options are general options for configuring IPMI communi‐
49 cation and executing general tool commands.
50
51 -D IPMIDRIVER, --driver-type=IPMIDRIVER
52 Specify the driver type to use instead of doing an auto selec‐
53 tion. The currently available outofband drivers are LAN and
54 LAN_2_0, which perform IPMI 1.5 and IPMI 2.0 respectively. The
55 currently available inband drivers are KCS, SSIF, OPENIPMI,
56 SUNBMC, and INTELDCMI.
57
58 --disable-auto-probe
59 Do not probe in-band IPMI devices for default settings.
60
61 --driver-address=DRIVER-ADDRESS
62 Specify the in-band driver address to be used instead of the
63 probed value. DRIVER-ADDRESS should be prefixed with "0x" for a
64 hex value and '0' for an octal value.
65
66 --driver-device=DEVICE
67 Specify the in-band driver device path to be used instead of the
68 probed path.
69
70 --register-spacing=REGISTER-SPACING
71 Specify the in-band driver register spacing instead of the
72 probed value. Argument is in bytes (i.e. 32bit register spacing
73 = 4)
74
75 --target-channel-number=CHANNEL-NUMBER
76 Specify the in-band driver target channel number to send IPMI
77 requests to.
78
79 --target-slave-address=SLAVE-ADDRESS
80 Specify the in-band driver target slave number to send IPMI
81 requests to.
82
83 -h IPMIHOST, --hostname=IPMIHOST[:PORT]
84 Specify the remote host to communicate with. An optional port
85 can be specified, which may be useful in port forwarding or sim‐
86 ilar situations.
87
88 -u USERNAME, --username=USERNAME
89 Specify the username to use when authenticating with the remote
90 host. If not specified, a null (i.e. anonymous) username is
91 assumed. The user must have atleast OPERATOR privileges in order
92 for this tool to operate fully.
93
94 -p PASSWORD, --password=PASSWORD
95 Specify the password to use when authenticationg with the remote
96 host. If not specified, a null password is assumed. Maximum
97 password length is 16 for IPMI 1.5 and 20 for IPMI 2.0.
98
99 -P, --password-prompt
100 Prompt for password to avoid possibility of listing it in
101 process lists.
102
103 -k K_G, --k-g=K_G
104 Specify the K_g BMC key to use when authenticating with the
105 remote host for IPMI 2.0. If not specified, a null key is
106 assumed. To input the key in hexadecimal form, prefix the string
107 with '0x'. E.g., the key 'abc' can be entered with the either
108 the string 'abc' or the string '0x616263'
109
110 -K, --k-g-prompt
111 Prompt for k-g to avoid possibility of listing it in process
112 lists.
113
114 --session-timeout=MILLISECONDS
115 Specify the session timeout in milliseconds. Defaults to 20000
116 milliseconds (20 seconds) if not specified.
117
118 --retransmission-timeout=MILLISECONDS
119 Specify the packet retransmission timeout in milliseconds.
120 Defaults to 1000 milliseconds (1 second) if not specified. The
121 retransmission timeout cannot be larger than the session time‐
122 out.
123
124 -a AUTHENTICATION-TYPE, --authentication-type=AUTHENTICATION-TYPE
125 Specify the IPMI 1.5 authentication type to use. The currently
126 available authentication types are NONE, STRAIGHT_PASSWORD_KEY,
127 MD2, and MD5. Defaults to MD5 if not specified.
128
129 -I CIPHER-SUITE-ID, --cipher-suite-id=CIPHER-SUITE-ID
130 Specify the IPMI 2.0 cipher suite ID to use. The Cipher Suite ID
131 identifies a set of authentication, integrity, and confidential‐
132 ity algorithms to use for IPMI 2.0 communication. The authenti‐
133 cation algorithm identifies the algorithm to use for session
134 setup, the integrity algorithm identifies the algorithm to use
135 for session packet signatures, and the confidentiality algorithm
136 identifies the algorithm to use for payload encryption. Defaults
137 to cipher suite ID 3 if not specified. The following cipher
138 suite ids are currently supported:
139
140 0 - Authentication Algorithm = None; Integrity Algorithm = None;
141 Confidentiality Algorithm = None
142
143 1 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm =
144 None; Confidentiality Algorithm = None
145
146 2 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm =
147 HMAC-SHA1-96; Confidentiality Algorithm = None
148
149 3 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm =
150 HMAC-SHA1-96; Confidentiality Algorithm = AES-CBC-128
151
152 6 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
153 None; Confidentiality Algorithm = None
154
155 7 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
156 HMAC-MD5-128; Confidentiality Algorithm = None
157
158 8 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
159 HMAC-MD5-128; Confidentiality Algorithm = AES-CBC-128
160
161 11 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
162 MD5-128; Confidentiality Algorithm = None
163
164 12 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
165 MD5-128; Confidentiality Algorithm = AES-CBC-128
166
167 15 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
168 = None; Confidentiality Algorithm = None
169
170 16 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
171 = HMAC_SHA256_128; Confidentiality Algorithm = None
172
173 17 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
174 = HMAC_SHA256_128; Confidentiality Algorithm = AES-CBC-128
175
176 -l PRIVILEGE-LEVEL, --privilege-level=PRIVILEGE-LEVEL
177 Specify the privilege level to be used. The currently available
178 privilege levels are USER, OPERATOR, and ADMIN. Defaults to
179 OPERATOR if not specified.
180
181 --config-file=FILE
182 Specify an alternate configuration file.
183
184 -W WORKAROUNDS, --workaround-flags=WORKAROUNDS
185 Specify workarounds to vendor compliance issues. Multiple work‐
186 arounds can be specified separated by commas. A special command
187 line flag of "none", will indicate no workarounds (may be useful
188 for overriding configured defaults). See WORKAROUNDS below for a
189 list of available workarounds.
190
191 --debug
192 Turn on debugging.
193
194 -?, --help
195 Output a help list and exit.
196
197 --usage
198 Output a usage message and exit.
199
200 -V, --version
201 Output the program version and exit.
202
204 The following options are specific to Ipmi-pet.
205
206 -v Output verbose output. This option will output event direction
207 and OEM custom messages from the trap.
208
209 -vv Output very verbose output. This option will output additional
210 information available in the trap, such as GUID, manufacturer
211 ID, and system ID.
212
213 -vvv Output very very verbose output. This option will output addi‐
214 tional information than verbose output. Most notably it will
215 output additional hex codes to given information on ambiguous
216 events. For example, it will output Generator ID hex codes for
217 sensors without names.
218
219 --pet-acknowledge
220 Send PET acknowledge using inputted trap data instead of out‐
221 putting data. In some circumstances, this may be useful to
222 inform a remote system that a trap was received and parsed. If
223 specified, a hostname must be specified via -h or --hostname to
224 inform ipmi-pet where to send the acknowledge to. When this
225 option is specified, the SDR cache is not loaded and is not
226 required.
227
228 --file=CMD-FILE
229 Specify a file to read PET specific trap and variable bindings
230 hex from instead of command line.
231
232 --output-event-severity
233 Output event severity in output. This will add an additional
234 output of an event severity. The outputs may be Monitor, Infor‐
235 mation, OK, Non-critical condition, Critical condition, or Non-
236 recoverable condition. This differs from the output of --out‐
237 put-event-state, as event severity is not interpreted, it is a
238 value reported in the SNMP trap. However, not all events may
239 report a severity, or some manufacturers may not support the
240 report of a severity. Event severity will automatically be out‐
241 put under verbose output.
242
243 --output-event-state
244 Output event state in output. This will add an additional output
245 reporting if an event should be viewed as NOMINAL, WARNING, or
246 CRITICAL. This differs from the output of --output-event-sever‐
247 ity, as this output is an interpreted value that will be inter‐
248 preted identically to the --output-event-state output in ipmi-
249 sel(8). As long as an event interpretation is supported, all
250 events will have outputted state. The event state is an inter‐
251 preted value based on the configuration file
252 /etc/freeipmi//freeipmi_interpret_sel.conf and the event direc‐
253 tion. See freeipmi_interpret_sel.conf(5) for more information.
254
255 --event-state-config-file=FILE
256 Specify an alternate event state configuration file. Option
257 ignored if --output-event-state not specified.
258
259 --manufacturer-id=NUMBER
260 Specify a specific manufacturer id to assume. Useful if you wish
261 to specify --interpret-oem-data, but the manufacturer id cannot
262 be determined by IPMI access or is not available in the SNMP
263 trap. The manufacturer id of a motherboard can be determined
264 with bmc-info(8). If this option is specified, so must --prod‐
265 uct-id.
266
267 --product-id=NUMBER
268 Specify a specific product id to assume. Useful if you wish to
269 specify --interpret-oem-data, but the product id cannot be
270 determined by IPMI access or is not available in the SNMP trap.
271 The product id of a motherboard can be determined with bmc-
272 info(8). If this option is specified, so must --manufac‐
273 turer-id.
274
275 --interpret-oem-data
276 Attempt to interpret OEM data, such as event data, sensor read‐
277 ings, or general extra info, etc. If an OEM interpretation is
278 not available, the default output will be generated. Correctness
279 of OEM interpretations cannot be guaranteed due to potential
280 changes OEM vendors may make in products, firmware, etc. See OEM
281 INTERPRETATION below for confirmed supported motherboard inter‐
282 pretations.
283
284 --entity-sensor-names
285 Output sensor names prefixed with their entity id and instance
286 number when appropriate. This may be necessary on some mother‐
287 boards to help identify what sensors are referencing. For exam‐
288 ple, a motherboard may have multiple sensors named 'TEMP'. The
289 entity id and instance number may help clarify which sensor
290 refers to "Processor 1" vs. "Processor 2".
291
292 --no-sensor-type-output
293 Do not show sensor type output for each entry. On many systems,
294 the sensor type is redundant to the name of the sensor. This can
295 especially be true if --entity-sensor-names is specified. If
296 the sensor name is sufficient, or if the sensor type is of no
297 interest to the user, this option can be specified to condense
298 output.
299
300 --comma-separated-output
301 Output fields in comma separated format.
302
303 --no-header-output
304 Do not output column headers. May be useful in scripting.
305
306 --non-abbreviated-units
307 Output non-abbreviated units (e.g. 'Amps' instead of 'A'). May
308 aid in disambiguation of units (e.g. 'C' for Celsius or
309 Coulombs).
310
312 This tool requires access to the sensor data repository (SDR) cache for
313 general operation. By default, SDR data will be downloaded and cached
314 on the local machine. The following options apply to the SDR cache.
315
316 -f, --flush-cache
317 Flush a cached version of the sensor data repository (SDR)
318 cache. The SDR is typically cached for faster subsequent access.
319 However, it may need to be flushed and re-generated if the SDR
320 has been updated on a system.
321
322 -Q, --quiet-cache
323 Do not output information about cache creation/deletion. May be
324 useful in scripting.
325
326 --sdr-cache-recreate
327 If the SDR cache is out of date or invalid, automatically recre‐
328 ate the sensor data repository (SDR) cache. This option may be
329 useful for scripting purposes.
330
331 --sdr-cache-file=FILE
332 Specify a specific sensor data repository (SDR) cache file to be
333 stored or read from. If this option is used when multiple hosts
334 are specified, the same SDR cache file will be used for all
335 hosts.
336
337 --sdr-cache-directory=DIRECTORY
338 Specify an alternate directory for sensor data repository (SDR)
339 caches to be stored or read from. Defaults to the home directory
340 if not specified.
341
342 --ignore-sdr-cache
343 Ignore SDR cache related processing. May lead to incomplete or
344 less useful information being output, however it will allow
345 functionality for systems without SDRs or when the correct SDR
346 cannot be loaded.
347
349 Most often, IPMI problems are due to configuration problems.
350
351 IPMI over LAN problems involve a misconfiguration of the remote
352 machine's BMC. Double check to make sure the following are configured
353 properly in the remote machine's BMC: IP address, MAC address, subnet
354 mask, username, user enablement, user privilege, password, LAN privi‐
355 lege, LAN enablement, and allowed authentication type(s). For IPMI 2.0
356 connections, double check to make sure the cipher suite privilege(s)
357 and K_g key are configured properly. The ipmi-config(8) tool can be
358 used to check and/or change these configuration settings.
359
360 Inband IPMI problems are typically caused by improperly configured
361 drivers or non-standard BMCs.
362
363 In addition to the troubleshooting tips below, please see WORKAROUNDS
364 below to also if there are any vendor specific bugs that have been dis‐
365 covered and worked around.
366
367 Listed below are many of the common issues for error messages. For
368 additional support, please e-mail the <freeipmi-users@gnu.org> mailing
369 list.
370
371 "username invalid" - The username entered (or a NULL username if none
372 was entered) is not available on the remote machine. It may also be
373 possible the remote BMC's username configuration is incorrect.
374
375 "password invalid" - The password entered (or a NULL password if none
376 was entered) is not correct. It may also be possible the password for
377 the user is not correctly configured on the remote BMC.
378
379 "password verification timeout" - Password verification has timed out.
380 A "password invalid" error (described above) or a generic "session
381 timeout" (described below) occurred. During this point in the protocol
382 it cannot be differentiated which occurred.
383
384 "k_g invalid" - The K_g key entered (or a NULL K_g key if none was
385 entered) is not correct. It may also be possible the K_g key is not
386 correctly configured on the remote BMC.
387
388 "privilege level insufficient" - An IPMI command requires a higher user
389 privilege than the one authenticated with. Please try to authenticate
390 with a higher privilege. This may require authenticating to a different
391 user which has a higher maximum privilege.
392
393 "privilege level cannot be obtained for this user" - The privilege
394 level you are attempting to authenticate with is higher than the maxi‐
395 mum allowed for this user. Please try again with a lower privilege. It
396 may also be possible the maximum privilege level allowed for a user is
397 not configured properly on the remote BMC.
398
399 "authentication type unavailable for attempted privilege level" - The
400 authentication type you wish to authenticate with is not available for
401 this privilege level. Please try again with an alternate authentication
402 type or alternate privilege level. It may also be possible the avail‐
403 able authentication types you can authenticate with are not correctly
404 configured on the remote BMC.
405
406 "cipher suite id unavailable" - The cipher suite id you wish to authen‐
407 ticate with is not available on the remote BMC. Please try again with
408 an alternate cipher suite id. It may also be possible the available
409 cipher suite ids are not correctly configured on the remote BMC.
410
411 "ipmi 2.0 unavailable" - IPMI 2.0 was not discovered on the remote
412 machine. Please try to use IPMI 1.5 instead.
413
414 "connection timeout" - Initial IPMI communication failed. A number of
415 potential errors are possible, including an invalid hostname specified,
416 an IPMI IP address cannot be resolved, IPMI is not enabled on the
417 remote server, the network connection is bad, etc. Please verify con‐
418 figuration and connectivity.
419
420 "session timeout" - The IPMI session has timed out. Please reconnect.
421 If this error occurs often, you may wish to increase the retransmission
422 timeout. Some remote BMCs are considerably slower than others.
423
424 "device not found" - The specified device could not be found. Please
425 check configuration or inputs and try again.
426
427 "driver timeout" - Communication with the driver or device has timed
428 out. Please try again.
429
430 "message timeout" - Communication with the driver or device has timed
431 out. Please try again.
432
433 "BMC busy" - The BMC is currently busy. It may be processing informa‐
434 tion or have too many simultaneous sessions to manage. Please wait and
435 try again.
436
437 "could not find inband device" - An inband device could not be found.
438 Please check configuration or specify specific device or driver on the
439 command line.
440
441 "driver timeout" - The inband driver has timed out communicating to the
442 local BMC or service processor. The BMC or service processor may be
443 busy or (worst case) possibly non-functioning.
444
445 "internal IPMI error" - An IPMI error has occurred that FreeIPMI does
446 not know how to handle. Please e-mail <freeipmi-users@gnu.org> to
447 report the issue.
448
450 With so many different vendors implementing their own IPMI solutions,
451 different vendors may implement their IPMI protocols incorrectly. The
452 following describes a number of workarounds currently available to han‐
453 dle discovered compliance issues. When possible, workarounds have been
454 implemented so they will be transparent to the user. However, some will
455 require the user to specify a workaround be used via the -W option.
456
457 The hardware listed below may only indicate the hardware that a problem
458 was discovered on. Newer versions of hardware may fix the problems
459 indicated below. Similar machines from vendors may or may not exhibit
460 the same problems. Different vendors may license their firmware from
461 the same IPMI firmware developer, so it may be worthwhile to try work‐
462 arounds listed below even if your motherboard is not listed.
463
464 If you believe your hardware has an additional compliance issue that
465 needs a workaround to be implemented, please contact the FreeIPMI main‐
466 tainers on <freeipmi-users@gnu.org> or <freeipmi-devel@gnu.org>.
467
468 assumeio - This workaround flag will assume inband interfaces communi‐
469 cate with system I/O rather than being memory-mapped. This will work
470 around systems that report invalid base addresses. Those hitting this
471 issue may see "device not supported" or "could not find inband device"
472 errors. Issue observed on HP ProLiant DL145 G1.
473
474 spinpoll - This workaround flag will inform some inband drivers (most
475 notably the KCS driver) to spin while polling rather than putting the
476 process to sleep. This may significantly improve the wall clock running
477 time of tools because an operating system scheduler's granularity may
478 be much larger than the time it takes to perform a single IPMI message
479 transaction. However, by spinning, your system may be performing less
480 useful work by not contexting out the tool for a more useful task.
481
482 authcap - This workaround flag will skip early checks for username
483 capabilities, authentication capabilities, and K_g support and allow
484 IPMI authentication to succeed. It works around multiple issues in
485 which the remote system does not properly report username capabilities,
486 authentication capabilities, or K_g status. Those hitting this issue
487 may see "username invalid", "authentication type unavailable for
488 attempted privilege level", or "k_g invalid" errors. Issue observed on
489 Asus P5M2/P5MT-R/RS162-E4/RX4, Intel SR1520ML/X38ML, and Sun Fire
490 2200/4150/4450 with ELOM.
491
492 nochecksumcheck - This workaround flag will tell FreeIPMI to not check
493 the checksums returned from IPMI command responses. It works around
494 systems that return invalid checksums due to implementation errors, but
495 the packet is otherwise valid. Users are cautioned on the use of this
496 option, as it removes validation of packet integrity in a number of
497 circumstances. However, it is unlikely to be an issue in most situa‐
498 tions. Those hitting this issue may see "connection timeout", "session
499 timeout", or "password verification timeout" errors. On IPMI 1.5 con‐
500 nections, the "noauthcodecheck" workaround may also needed too. Issue
501 observed on Supermicro X9SCM-iiF, Supermicro X9DRi-F, and Supermicro
502 X9DRFR.
503
504 idzero - This workaround flag will allow empty session IDs to be
505 accepted by the client. It works around IPMI sessions that report empty
506 session IDs to the client. Those hitting this issue may see "session
507 timeout" errors. Issue observed on Tyan S2882 with M3289 BMC.
508
509 unexpectedauth - This workaround flag will allow unexpected non-null
510 authcodes to be checked as though they were expected. It works around
511 an issue when packets contain non-null authentication data when they
512 should be null due to disabled per-message authentication. Those hit‐
513 ting this issue may see "session timeout" errors. Issue observed on
514 Dell PowerEdge 2850,SC1425. Confirmed fixed on newer firmware.
515
516 forcepermsg - This workaround flag will force per-message authentica‐
517 tion to be used no matter what is advertised by the remote system. It
518 works around an issue when per-message authentication is advertised as
519 disabled on the remote system, but it is actually required for the pro‐
520 tocol. Those hitting this issue may see "session timeout" errors.
521 Issue observed on IBM eServer 325.
522
523 endianseq - This workaround flag will flip the endian of the session
524 sequence numbers to allow the session to continue properly. It works
525 around IPMI 1.5 session sequence numbers that are the wrong endian.
526 Those hitting this issue may see "session timeout" errors. Issue
527 observed on some Sun ILOM 1.0/2.0 (depends on service processor
528 endian).
529
530 noauthcodecheck - This workaround flag will tell FreeIPMI to not check
531 the authentication codes returned from IPMI 1.5 command responses. It
532 works around systems that return invalid authentication codes due to
533 hashing or implementation errors. Users are cautioned on the use of
534 this option, as it removes an authentication check verifying the valid‐
535 ity of a packet. However, in most organizations, this is unlikely to be
536 a security issue. Those hitting this issue may see "connection time‐
537 out", "session timeout", or "password verification timeout" errors.
538 Issue observed on Xyratex FB-H8-SRAY, Intel Windmill, Quanta Winter‐
539 fell, and Wiwynn Windmill.
540
541 intel20 - This workaround flag will work around several Intel IPMI 2.0
542 authentication issues. The issues covered include padding of usernames,
543 and password truncation if the authentication algorithm is HMAC-
544 MD5-128. Those hitting this issue may see "username invalid", "password
545 invalid", or "k_g invalid" errors. Issue observed on Intel SE7520AF2
546 with Intel Server Management Module (Professional Edition).
547
548 supermicro20 - This workaround flag will work around several Supermicro
549 IPMI 2.0 authentication issues on motherboards w/ Peppercon IPMI
550 firmware. The issues covered include handling invalid length authenti‐
551 cation codes. Those hitting this issue may see "password invalid"
552 errors. Issue observed on Supermicro H8QME with SIMSO daughter card.
553 Confirmed fixed on newerver firmware.
554
555 sun20 - This workaround flag will work work around several Sun IPMI 2.0
556 authentication issues. The issues covered include invalid lengthed hash
557 keys, improperly hashed keys, and invalid cipher suite records. Those
558 hitting this issue may see "password invalid" or "bmc error" errors.
559 Issue observed on Sun Fire 4100/4200/4500 with ILOM. This workaround
560 automatically includes the "opensesspriv" workaround.
561
562 opensesspriv - This workaround flag will slightly alter FreeIPMI's IPMI
563 2.0 connection protocol to workaround an invalid hashing algorithm used
564 by the remote system. The privilege level sent during the Open Session
565 stage of an IPMI 2.0 connection is used for hashing keys instead of the
566 privilege level sent during the RAKP1 connection stage. Those hitting
567 this issue may see "password invalid", "k_g invalid", or "bad rmcpplus
568 status code" errors. Issue observed on Sun Fire 4100/4200/4500 with
569 ILOM, Inventec 5441/Dell Xanadu II, Supermicro X8DTH, Supermicro X8DTG,
570 Intel S5500WBV/Penguin Relion 700, Intel S2600JF/Appro 512X, and Quanta
571 QSSC-S4R/Appro GB812X-CN. This workaround is automatically triggered
572 with the "sun20" workaround.
573
574 integritycheckvalue - This workaround flag will work around an invalid
575 integrity check value during an IPMI 2.0 session establishment when
576 using Cipher Suite ID 0. The integrity check value should be 0 length,
577 however the remote motherboard responds with a non-empty field. Those
578 hitting this issue may see "k_g invalid" errors. Issue observed on
579 Supermicro X8DTG, Supermicro X8DTU, and Intel S5500WBV/Penguin Relion
580 700, and Intel S2600JF/Appro 512X.
581
582 assumemaxsdrrecordcount - This workaround will inform SDR reading to
583 stop reading after a known maximum numer of SDR records have been read.
584 This will work around systems that have mis-implemented SDR reading
585 functions that. Those hitting this issue may see "SDR record count
586 invalid" errors. Issue observed on unspecified Inspur motherboard.
587
588 malformedack - This workaround flag will ignore malformed PET acknowl‐
589 edge responses and assume any PET acknowledge response from the remote
590 machine is valid. It works around remote systems that respond with PET
591 acknowledge requests with invalid/malformed IPMI payloads. Those hit‐
592 ting this issue may see "session timeout" errors when executing a PET
593 acknowledge. Issue observed on Dell Poweredge R610.
594
595 No IPMI 1.5 Support - Some motherboards that support IPMI 2.0 have been
596 found to not support IPMI 1.5. Those hitting this issue may see "ipmi
597 2.0 unavailable" or "connection timeout" errors. This issue can be
598 worked around by using IPMI 2.0 instead of IPMI 1.5 by specifying
599 --driver-type=LAN_2_0. Issue observed on HP Proliant DL 145.
600
602 The following motherboards are confirmed to have atleast some support
603 by the --interpret-oem-data option. While highly probable the OEM data
604 interpretations would work across other motherboards by the same manu‐
605 facturer, there are no guarantees. Some of the motherboards below may
606 be rebranded by vendors/distributors.
607
608 Currently None
609
611 Interpret a PET using the local SDR cache.
612
613 # ipmi-pet 356224 0x44 0x45 0x4c 0x4c 0x50 0x00 0x10 0x59 0x80 0x43
614 0xb2 0xc0 0x4f 0x33 0x33 0x58 0x00 0x02 0x19 0xe8 0x7e 0x26 0xff 0xff
615 0x20 0x20 0x04 0x20 0x73 0x18 0x00 0x80 0x01 0xff 0x00 0x00 0x00 0x00
616 0x00 0x19 0x00 0x00 0x02 0xa2 0x01 0x00 0xc1
617
618 Interpret a PET using a remote SDR cache.
619
620 # ipmi-pet -h ahost -u myusername -p mypassword 356224 0x44 0x45 0x4c
621 0x4c 0x50 0x00 0x10 0x59 0x80 0x43 0xb2 0xc0 0x4f 0x33 0x33 0x58 0x00
622 0x02 0x19 0xe8 0x7e 0x26 0xff 0xff 0x20 0x20 0x04 0x20 0x73 0x18 0x00
623 0x80 0x01 0xff 0x00 0x00 0x00 0x00 0x00 0x19 0x00 0x00 0x02 0xa2 0x01
624 0x00 0xc1
625
626 Interpret a PET using a previously stored SDR cache.
627
628 # ipmi-pet 356224 0x44 0x45 0x4c 0x4c 0x50 0x00 0x10 0x59 0x80 0x43
629 0xb2 0xc0 0x4f 0x33 0x33 0x58 0x00 0x02 0x19 0xe8 0x7e 0x26 0xff 0xff
630 0x20 0x20 0x04 0x20 0x73 0x18 0x00 0x80 0x01 0xff 0x00 0x00 0x00 0x00
631 0x00 0x19 0x00 0x00 0x02 0xa2 0x01 0x00 0xc1 --sdr-cache-file=/tmp/mys‐
632 drcache
633
634 Instead of outputting trap interpretation, send a PET acknowledge using
635 the trap data.
636
637 # ipmi-pet -h ahost --pet-acknowledge 356224 0x44 0x45 0x4c 0x4c 0x50
638 0x00 0x10 0x59 0x80 0x43 0xb2 0xc0 0x4f 0x33 0x33 0x58 0x00 0x02 0x19
639 0xe8 0x7e 0x26 0xff 0xff 0x20 0x20 0x04 0x20 0x73 0x18 0x00 0x80 0x01
640 0xff 0x00 0x00 0x00 0x00 0x00 0x19 0x00 0x00 0x02 0xa2 0x01 0x00 0xc1
641
643 Upon successful execution, exit status is 0. On error, exit status is
644 1.
645
647 On older operating systems, if you input your username, password, and
648 other potentially security relevant information on the command line,
649 this information may be discovered by other users when using tools like
650 the ps(1) command or looking in the /proc file system. It is generally
651 more secure to input password information with options like the -P or
652 -K options. Configuring security relevant information in the FreeIPMI
653 configuration file would also be an appropriate way to hide this infor‐
654 mation.
655
656 In order to prevent brute force attacks, some BMCs will temporarily
657 "lock up" after a number of remote authentication errors. You may need
658 to wait awhile in order to this temporary "lock up" to pass before you
659 may authenticate again.
660
662 Report bugs to <freeipmi-users@gnu.org> or <freeipmi-devel@gnu.org>.
663
665 Copyright © 2011-2015 FreeIPMI Core Team
666
667 This program is free software; you can redistribute it and/or modify it
668 under the terms of the GNU General Public License as published by the
669 Free Software Foundation; either version 3 of the License, or (at your
670 option) any later version.
671
673 freeipmi(7), bmc-info(8), ipmi-config(8), ipmi-sel(8), freeipmi_inter‐
674 pret_sel.conf(5)
675
676 http://www.gnu.org/software/freeipmi/
677
678
679
680IPMI-PET version 1.5.7 2018-04-11 IPMI-PET(8)