1IPMI-PET(8) System Commands IPMI-PET(8)
2
3
4
6 IPMI - IPMI Platform Event Trap Interpreter
7
9 ipmi-pet [OPTION...] [SPECIFIC TRAP] [VARIABLE BINDING HEX BYTES ...]
10
12 Ipmi-pet interprets hex bytes from a platform event trap (PET) and out‐
13 puts a string representing its contents. Hex values may be input on the
14 command line, a file via the --file option, or via stdin if neither of
15 the previous are specified. Ipmi-pet is commonly used in conjunction
16 with an SNMP trap daemon to intrepret the results from an IPMI PET trap
17 captured by the daemon. While ipmi-pet could be called directly from
18 such a daemon, typically a script is called to parse the SNMP daemon's
19 output and convert it into a form that can be input into ipmi-pet. On
20 some systems, you may wish to also send a PET acknowledge to a remote
21 system to inform it the trap was received and parsed. One can be sent
22 using the --pet-acknowledge option. While an IPMI session is not
23 required to interpret a PET, data from the sensor data repository (SDR)
24 is required to properly interpret sensor names and other information in
25 the PET. IPMI session configuration below, such as driver, hostname,
26 username, etc. should be configured to load the SDR of the host where
27 the trap originated. If this is difficult to perform, it may be wise
28 to cache and load a specific SDR cache using the --sdr-cache-file
29 option. If the SDR is difficult to obtain, the --ignore-sdr-cache
30 option can be specified so that an SDR will not be loaded, and an IPMI
31 session will not be required. The PET will be interpreted as best as
32 possible given no SDR. The --ignore-sdr-cache option may affect other
33 options such as --interpret-oem-data too. Some options, such as --manu‐
34 facturer-id and --product-id may alleviate some of these issues. If
35 the SNMP daemon does not output a SNMPv1 specific trap on its own, it
36 is typically output as the last element of the OID in SNMPv2. If for
37 some reason a specific trap cannot be determined, the value of NA may
38 be input for the specific trap to indicate it is not available. Ipmi-
39 pet will output as much as possible based on the variable bindings
40 information. Some of the specific trap information may be obtained via
41 SDR information.
42
43 Listed below are general IPMI options, tool specific options, trouble
44 shooting information, workaround information, examples, and known
45 issues. For a general introduction to FreeIPMI please see freeipmi(7).
46
48 The following options are general options for configuring IPMI communi‐
49 cation and executing general tool commands.
50
51 -D IPMIDRIVER, --driver-type=IPMIDRIVER
52 Specify the driver type to use instead of doing an auto selec‐
53 tion. The currently available outofband drivers are LAN and
54 LAN_2_0, which perform IPMI 1.5 and IPMI 2.0 respectively. The
55 currently available inband drivers are KCS, SSIF, OPENIPMI,
56 SUNBMC, and INTELDCMI.
57
58 --disable-auto-probe
59 Do not probe in-band IPMI devices for default settings.
60
61 --driver-address=DRIVER-ADDRESS
62 Specify the in-band driver address to be used instead of the
63 probed value. DRIVER-ADDRESS should be prefixed with "0x" for a
64 hex value and '0' for an octal value.
65
66 --driver-device=DEVICE
67 Specify the in-band driver device path to be used instead of the
68 probed path.
69
70 --register-spacing=REGISTER-SPACING
71 Specify the in-band driver register spacing instead of the
72 probed value. Argument is in bytes (i.e. 32bit register spacing
73 = 4)
74
75 --target-channel-number=CHANNEL-NUMBER
76 Specify the in-band driver target channel number to send IPMI
77 requests to.
78
79 --target-slave-address=SLAVE-ADDRESS
80 Specify the in-band driver target slave number to send IPMI
81 requests to.
82
83 -h IPMIHOST, --hostname=IPMIHOST[:PORT]
84 Specify the remote host to communicate with. An optional port
85 can be specified, which may be useful in port forwarding or sim‐
86 ilar situations. If specifying an IPv6 address and port, use the
87 format [ADDRESS]:PORT.
88
89 -u USERNAME, --username=USERNAME
90 Specify the username to use when authenticating with the remote
91 host. If not specified, a null (i.e. anonymous) username is
92 assumed. The user must have atleast OPERATOR privileges in order
93 for this tool to operate fully.
94
95 -p PASSWORD, --password=PASSWORD
96 Specify the password to use when authenticationg with the remote
97 host. If not specified, a null password is assumed. Maximum
98 password length is 16 for IPMI 1.5 and 20 for IPMI 2.0.
99
100 -P, --password-prompt
101 Prompt for password to avoid possibility of listing it in
102 process lists.
103
104 -k K_G, --k-g=K_G
105 Specify the K_g BMC key to use when authenticating with the
106 remote host for IPMI 2.0. If not specified, a null key is
107 assumed. To input the key in hexadecimal form, prefix the string
108 with '0x'. E.g., the key 'abc' can be entered with the either
109 the string 'abc' or the string '0x616263'
110
111 -K, --k-g-prompt
112 Prompt for k-g to avoid possibility of listing it in process
113 lists.
114
115 --session-timeout=MILLISECONDS
116 Specify the session timeout in milliseconds. Defaults to 20000
117 milliseconds (20 seconds) if not specified.
118
119 --retransmission-timeout=MILLISECONDS
120 Specify the packet retransmission timeout in milliseconds.
121 Defaults to 1000 milliseconds (1 second) if not specified. The
122 retransmission timeout cannot be larger than the session time‐
123 out.
124
125 -a AUTHENTICATION-TYPE, --authentication-type=AUTHENTICATION-TYPE
126 Specify the IPMI 1.5 authentication type to use. The currently
127 available authentication types are NONE, STRAIGHT_PASSWORD_KEY,
128 MD2, and MD5. Defaults to MD5 if not specified.
129
130 -I CIPHER-SUITE-ID, --cipher-suite-id=CIPHER-SUITE-ID
131 Specify the IPMI 2.0 cipher suite ID to use. The Cipher Suite ID
132 identifies a set of authentication, integrity, and confidential‐
133 ity algorithms to use for IPMI 2.0 communication. The authenti‐
134 cation algorithm identifies the algorithm to use for session
135 setup, the integrity algorithm identifies the algorithm to use
136 for session packet signatures, and the confidentiality algorithm
137 identifies the algorithm to use for payload encryption. Defaults
138 to cipher suite ID 3 if not specified. The following cipher
139 suite ids are currently supported:
140
141 0 - Authentication Algorithm = None; Integrity Algorithm = None;
142 Confidentiality Algorithm = None
143
144 1 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm =
145 None; Confidentiality Algorithm = None
146
147 2 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm =
148 HMAC-SHA1-96; Confidentiality Algorithm = None
149
150 3 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm =
151 HMAC-SHA1-96; Confidentiality Algorithm = AES-CBC-128
152
153 6 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
154 None; Confidentiality Algorithm = None
155
156 7 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
157 HMAC-MD5-128; Confidentiality Algorithm = None
158
159 8 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
160 HMAC-MD5-128; Confidentiality Algorithm = AES-CBC-128
161
162 11 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
163 MD5-128; Confidentiality Algorithm = None
164
165 12 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
166 MD5-128; Confidentiality Algorithm = AES-CBC-128
167
168 15 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
169 = None; Confidentiality Algorithm = None
170
171 16 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
172 = HMAC_SHA256_128; Confidentiality Algorithm = None
173
174 17 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
175 = HMAC_SHA256_128; Confidentiality Algorithm = AES-CBC-128
176
177 -l PRIVILEGE-LEVEL, --privilege-level=PRIVILEGE-LEVEL
178 Specify the privilege level to be used. The currently available
179 privilege levels are USER, OPERATOR, and ADMIN. Defaults to
180 OPERATOR if not specified.
181
182 --config-file=FILE
183 Specify an alternate configuration file.
184
185 -W WORKAROUNDS, --workaround-flags=WORKAROUNDS
186 Specify workarounds to vendor compliance issues. Multiple work‐
187 arounds can be specified separated by commas. A special command
188 line flag of "none", will indicate no workarounds (may be useful
189 for overriding configured defaults). See WORKAROUNDS below for a
190 list of available workarounds.
191
192 --debug
193 Turn on debugging.
194
195 -?, --help
196 Output a help list and exit.
197
198 --usage
199 Output a usage message and exit.
200
201 -V, --version
202 Output the program version and exit.
203
205 The following options are specific to ipmi-pet.
206
207 -v Output verbose output. This option will output event direction
208 and OEM custom messages from the trap.
209
210 -vv Output very verbose output. This option will output additional
211 information available in the trap, such as GUID, manufacturer
212 ID, and system ID.
213
214 -vvv Output very very verbose output. This option will output addi‐
215 tional information than verbose output. Most notably it will
216 output additional hex codes to given information on ambiguous
217 events. For example, it will output Generator ID hex codes for
218 sensors without names.
219
220 --pet-acknowledge
221 Send PET acknowledge using inputted trap data instead of out‐
222 putting data. In some circumstances, this may be useful to
223 inform a remote system that a trap was received and parsed. If
224 specified, a hostname must be specified via -h or --hostname to
225 inform ipmi-pet where to send the acknowledge to. When this
226 option is specified, the SDR cache is not loaded and is not
227 required.
228
229 --file=CMD-FILE
230 Specify a file to read PET specific trap and variable bindings
231 hex from instead of command line.
232
233 --output-event-severity
234 Output event severity in output. This will add an additional
235 output of an event severity. The outputs may be Monitor, Infor‐
236 mation, OK, Non-critical condition, Critical condition, or Non-
237 recoverable condition. This differs from the output of --out‐
238 put-event-state, as event severity is not interpreted, it is a
239 value reported in the SNMP trap. However, not all events may
240 report a severity, or some manufacturers may not support the
241 report of a severity. Event severity will automatically be out‐
242 put under verbose output.
243
244 --output-event-state
245 Output event state in output. This will add an additional output
246 reporting if an event should be viewed as NOMINAL, WARNING, or
247 CRITICAL. This differs from the output of --output-event-sever‐
248 ity, as this output is an interpreted value that will be inter‐
249 preted identically to the --output-event-state output in ipmi-
250 sel(8). As long as an event interpretation is supported, all
251 events will have outputted state. The event state is an inter‐
252 preted value based on the configuration file
253 /etc/freeipmi//freeipmi_interpret_sel.conf and the event direc‐
254 tion. See freeipmi_interpret_sel.conf(5) for more information.
255
256 --event-state-config-file=FILE
257 Specify an alternate event state configuration file. Option
258 ignored if --output-event-state not specified.
259
260 --manufacturer-id=NUMBER
261 Specify a specific manufacturer id to assume. Useful if you wish
262 to specify --interpret-oem-data, but the manufacturer id cannot
263 be determined by IPMI access or is not available in the SNMP
264 trap. The manufacturer id of a motherboard can be determined
265 with bmc-info(8). If this option is specified, so must --prod‐
266 uct-id.
267
268 --product-id=NUMBER
269 Specify a specific product id to assume. Useful if you wish to
270 specify --interpret-oem-data, but the product id cannot be
271 determined by IPMI access or is not available in the SNMP trap.
272 The product id of a motherboard can be determined with bmc-
273 info(8). If this option is specified, so must --manufac‐
274 turer-id.
275
276 --interpret-oem-data
277 Attempt to interpret OEM data, such as event data, sensor read‐
278 ings, or general extra info, etc. If an OEM interpretation is
279 not available, the default output will be generated. Correctness
280 of OEM interpretations cannot be guaranteed due to potential
281 changes OEM vendors may make in products, firmware, etc. See OEM
282 INTERPRETATION below for confirmed supported motherboard inter‐
283 pretations.
284
285 --entity-sensor-names
286 Output sensor names prefixed with their entity id and instance
287 number when appropriate. This may be necessary on some mother‐
288 boards to help identify what sensors are referencing. For exam‐
289 ple, a motherboard may have multiple sensors named 'TEMP'. The
290 entity id and instance number may help clarify which sensor
291 refers to "Processor 1" vs. "Processor 2".
292
293 --no-sensor-type-output
294 Do not show sensor type output for each entry. On many systems,
295 the sensor type is redundant to the name of the sensor. This can
296 especially be true if --entity-sensor-names is specified. If
297 the sensor name is sufficient, or if the sensor type is of no
298 interest to the user, this option can be specified to condense
299 output.
300
301 --comma-separated-output
302 Output fields in comma separated format.
303
304 --no-header-output
305 Do not output column headers. May be useful in scripting.
306
307 --non-abbreviated-units
308 Output non-abbreviated units (e.g. 'Amps' instead of 'A'). May
309 aid in disambiguation of units (e.g. 'C' for Celsius or
310 Coulombs).
311
313 This tool requires access to the sensor data repository (SDR) cache for
314 general operation. By default, SDR data will be downloaded and cached
315 on the local machine. The following options apply to the SDR cache.
316
317 --flush-cache
318 Flush a cached version of the sensor data repository (SDR)
319 cache. The SDR is typically cached for faster subsequent access.
320 However, it may need to be flushed and re-generated if the SDR
321 has been updated on a system.
322
323 --quiet-cache
324 Do not output information about cache creation/deletion. May be
325 useful in scripting.
326
327 --sdr-cache-recreate
328 If the SDR cache is out of date or invalid, automatically recre‐
329 ate the sensor data repository (SDR) cache. This option may be
330 useful for scripting purposes.
331
332 --sdr-cache-file=FILE
333 Specify a specific sensor data repository (SDR) cache file to be
334 stored or read from. If this option is used when multiple hosts
335 are specified, the same SDR cache file will be used for all
336 hosts.
337
338 --sdr-cache-directory=DIRECTORY
339 Specify an alternate directory for sensor data repository (SDR)
340 caches to be stored or read from. Defaults to the home directory
341 if not specified.
342
343 --ignore-sdr-cache
344 Ignore SDR cache related processing. May lead to incomplete or
345 less useful information being output, however it will allow
346 functionality for systems without SDRs or when the correct SDR
347 cannot be loaded.
348
350 Most often, IPMI problems are due to configuration problems.
351
352 IPMI over LAN problems involve a misconfiguration of the remote
353 machine's BMC. Double check to make sure the following are configured
354 properly in the remote machine's BMC: IP address, MAC address, subnet
355 mask, username, user enablement, user privilege, password, LAN privi‐
356 lege, LAN enablement, and allowed authentication type(s). For IPMI 2.0
357 connections, double check to make sure the cipher suite privilege(s)
358 and K_g key are configured properly. The ipmi-config(8) tool can be
359 used to check and/or change these configuration settings.
360
361 Inband IPMI problems are typically caused by improperly configured
362 drivers or non-standard BMCs.
363
364 In addition to the troubleshooting tips below, please see WORKAROUNDS
365 below to also if there are any vendor specific bugs that have been dis‐
366 covered and worked around.
367
368 Listed below are many of the common issues for error messages. For
369 additional support, please e-mail the <freeipmi-users@gnu.org> mailing
370 list.
371
372 "username invalid" - The username entered (or a NULL username if none
373 was entered) is not available on the remote machine. It may also be
374 possible the remote BMC's username configuration is incorrect.
375
376 "password invalid" - The password entered (or a NULL password if none
377 was entered) is not correct. It may also be possible the password for
378 the user is not correctly configured on the remote BMC.
379
380 "password verification timeout" - Password verification has timed out.
381 A "password invalid" error (described above) or a generic "session
382 timeout" (described below) occurred. During this point in the protocol
383 it cannot be differentiated which occurred.
384
385 "k_g invalid" - The K_g key entered (or a NULL K_g key if none was
386 entered) is not correct. It may also be possible the K_g key is not
387 correctly configured on the remote BMC.
388
389 "privilege level insufficient" - An IPMI command requires a higher user
390 privilege than the one authenticated with. Please try to authenticate
391 with a higher privilege. This may require authenticating to a different
392 user which has a higher maximum privilege.
393
394 "privilege level cannot be obtained for this user" - The privilege
395 level you are attempting to authenticate with is higher than the maxi‐
396 mum allowed for this user. Please try again with a lower privilege. It
397 may also be possible the maximum privilege level allowed for a user is
398 not configured properly on the remote BMC.
399
400 "authentication type unavailable for attempted privilege level" - The
401 authentication type you wish to authenticate with is not available for
402 this privilege level. Please try again with an alternate authentication
403 type or alternate privilege level. It may also be possible the avail‐
404 able authentication types you can authenticate with are not correctly
405 configured on the remote BMC.
406
407 "cipher suite id unavailable" - The cipher suite id you wish to authen‐
408 ticate with is not available on the remote BMC. Please try again with
409 an alternate cipher suite id. It may also be possible the available
410 cipher suite ids are not correctly configured on the remote BMC.
411
412 "ipmi 2.0 unavailable" - IPMI 2.0 was not discovered on the remote
413 machine. Please try to use IPMI 1.5 instead.
414
415 "connection timeout" - Initial IPMI communication failed. A number of
416 potential errors are possible, including an invalid hostname specified,
417 an IPMI IP address cannot be resolved, IPMI is not enabled on the
418 remote server, the network connection is bad, etc. Please verify con‐
419 figuration and connectivity.
420
421 "session timeout" - The IPMI session has timed out. Please reconnect.
422 If this error occurs often, you may wish to increase the retransmission
423 timeout. Some remote BMCs are considerably slower than others.
424
425 "device not found" - The specified device could not be found. Please
426 check configuration or inputs and try again.
427
428 "driver timeout" - Communication with the driver or device has timed
429 out. Please try again.
430
431 "message timeout" - Communication with the driver or device has timed
432 out. Please try again.
433
434 "BMC busy" - The BMC is currently busy. It may be processing informa‐
435 tion or have too many simultaneous sessions to manage. Please wait and
436 try again.
437
438 "could not find inband device" - An inband device could not be found.
439 Please check configuration or specify specific device or driver on the
440 command line.
441
442 "driver timeout" - The inband driver has timed out communicating to the
443 local BMC or service processor. The BMC or service processor may be
444 busy or (worst case) possibly non-functioning.
445
446 "internal IPMI error" - An IPMI error has occurred that FreeIPMI does
447 not know how to handle. Please e-mail <freeipmi-users@gnu.org> to
448 report the issue.
449
451 With so many different vendors implementing their own IPMI solutions,
452 different vendors may implement their IPMI protocols incorrectly. The
453 following describes a number of workarounds currently available to han‐
454 dle discovered compliance issues. When possible, workarounds have been
455 implemented so they will be transparent to the user. However, some will
456 require the user to specify a workaround be used via the -W option.
457
458 The hardware listed below may only indicate the hardware that a problem
459 was discovered on. Newer versions of hardware may fix the problems
460 indicated below. Similar machines from vendors may or may not exhibit
461 the same problems. Different vendors may license their firmware from
462 the same IPMI firmware developer, so it may be worthwhile to try work‐
463 arounds listed below even if your motherboard is not listed.
464
465 If you believe your hardware has an additional compliance issue that
466 needs a workaround to be implemented, please contact the FreeIPMI main‐
467 tainers on <freeipmi-users@gnu.org> or <freeipmi-devel@gnu.org>.
468
469 assumeio - This workaround flag will assume inband interfaces communi‐
470 cate with system I/O rather than being memory-mapped. This will work
471 around systems that report invalid base addresses. Those hitting this
472 issue may see "device not supported" or "could not find inband device"
473 errors. Issue observed on HP ProLiant DL145 G1.
474
475 spinpoll - This workaround flag will inform some inband drivers (most
476 notably the KCS driver) to spin while polling rather than putting the
477 process to sleep. This may significantly improve the wall clock running
478 time of tools because an operating system scheduler's granularity may
479 be much larger than the time it takes to perform a single IPMI message
480 transaction. However, by spinning, your system may be performing less
481 useful work by not contexting out the tool for a more useful task.
482
483 authcap - This workaround flag will skip early checks for username
484 capabilities, authentication capabilities, and K_g support and allow
485 IPMI authentication to succeed. It works around multiple issues in
486 which the remote system does not properly report username capabilities,
487 authentication capabilities, or K_g status. Those hitting this issue
488 may see "username invalid", "authentication type unavailable for
489 attempted privilege level", or "k_g invalid" errors. Issue observed on
490 Asus P5M2/P5MT-R/RS162-E4/RX4, Intel SR1520ML/X38ML, and Sun Fire
491 2200/4150/4450 with ELOM.
492
493 nochecksumcheck - This workaround flag will tell FreeIPMI to not check
494 the checksums returned from IPMI command responses. It works around
495 systems that return invalid checksums due to implementation errors, but
496 the packet is otherwise valid. Users are cautioned on the use of this
497 option, as it removes validation of packet integrity in a number of
498 circumstances. However, it is unlikely to be an issue in most situa‐
499 tions. Those hitting this issue may see "connection timeout", "session
500 timeout", or "password verification timeout" errors. On IPMI 1.5 con‐
501 nections, the "noauthcodecheck" workaround may also needed too. Issue
502 observed on Supermicro X9SCM-iiF, Supermicro X9DRi-F, and Supermicro
503 X9DRFR.
504
505 idzero - This workaround flag will allow empty session IDs to be
506 accepted by the client. It works around IPMI sessions that report empty
507 session IDs to the client. Those hitting this issue may see "session
508 timeout" errors. Issue observed on Tyan S2882 with M3289 BMC.
509
510 unexpectedauth - This workaround flag will allow unexpected non-null
511 authcodes to be checked as though they were expected. It works around
512 an issue when packets contain non-null authentication data when they
513 should be null due to disabled per-message authentication. Those hit‐
514 ting this issue may see "session timeout" errors. Issue observed on
515 Dell PowerEdge 2850,SC1425. Confirmed fixed on newer firmware.
516
517 forcepermsg - This workaround flag will force per-message authentica‐
518 tion to be used no matter what is advertised by the remote system. It
519 works around an issue when per-message authentication is advertised as
520 disabled on the remote system, but it is actually required for the pro‐
521 tocol. Those hitting this issue may see "session timeout" errors.
522 Issue observed on IBM eServer 325.
523
524 endianseq - This workaround flag will flip the endian of the session
525 sequence numbers to allow the session to continue properly. It works
526 around IPMI 1.5 session sequence numbers that are the wrong endian.
527 Those hitting this issue may see "session timeout" errors. Issue
528 observed on some Sun ILOM 1.0/2.0 (depends on service processor
529 endian).
530
531 noauthcodecheck - This workaround flag will tell FreeIPMI to not check
532 the authentication codes returned from IPMI 1.5 command responses. It
533 works around systems that return invalid authentication codes due to
534 hashing or implementation errors. Users are cautioned on the use of
535 this option, as it removes an authentication check verifying the valid‐
536 ity of a packet. However, in most organizations, this is unlikely to be
537 a security issue. Those hitting this issue may see "connection time‐
538 out", "session timeout", or "password verification timeout" errors.
539 Issue observed on Xyratex FB-H8-SRAY, Intel Windmill, Quanta Winter‐
540 fell, and Wiwynn Windmill.
541
542 intel20 - This workaround flag will work around several Intel IPMI 2.0
543 authentication issues. The issues covered include padding of usernames,
544 and password truncation if the authentication algorithm is HMAC-
545 MD5-128. Those hitting this issue may see "username invalid", "password
546 invalid", or "k_g invalid" errors. Issue observed on Intel SE7520AF2
547 with Intel Server Management Module (Professional Edition).
548
549 supermicro20 - This workaround flag will work around several Supermicro
550 IPMI 2.0 authentication issues on motherboards w/ Peppercon IPMI
551 firmware. The issues covered include handling invalid length authenti‐
552 cation codes. Those hitting this issue may see "password invalid"
553 errors. Issue observed on Supermicro H8QME with SIMSO daughter card.
554 Confirmed fixed on newerver firmware.
555
556 sun20 - This workaround flag will work work around several Sun IPMI 2.0
557 authentication issues. The issues covered include invalid lengthed hash
558 keys, improperly hashed keys, and invalid cipher suite records. Those
559 hitting this issue may see "password invalid" or "bmc error" errors.
560 Issue observed on Sun Fire 4100/4200/4500 with ILOM. This workaround
561 automatically includes the "opensesspriv" workaround.
562
563 opensesspriv - This workaround flag will slightly alter FreeIPMI's IPMI
564 2.0 connection protocol to workaround an invalid hashing algorithm used
565 by the remote system. The privilege level sent during the Open Session
566 stage of an IPMI 2.0 connection is used for hashing keys instead of the
567 privilege level sent during the RAKP1 connection stage. Those hitting
568 this issue may see "password invalid", "k_g invalid", or "bad rmcpplus
569 status code" errors. Issue observed on Sun Fire 4100/4200/4500 with
570 ILOM, Inventec 5441/Dell Xanadu II, Supermicro X8DTH, Supermicro X8DTG,
571 Intel S5500WBV/Penguin Relion 700, Intel S2600JF/Appro 512X, Quanta
572 QSSC-S4R/Appro GB812X-CN, and Dell C5220. This workaround is automati‐
573 cally triggered with the "sun20" workaround.
574
575 integritycheckvalue - This workaround flag will work around an invalid
576 integrity check value during an IPMI 2.0 session establishment when
577 using Cipher Suite ID 0. The integrity check value should be 0 length,
578 however the remote motherboard responds with a non-empty field. Those
579 hitting this issue may see "k_g invalid" errors. Issue observed on
580 Supermicro X8DTG, Supermicro X8DTU, and Intel S5500WBV/Penguin Relion
581 700, and Intel S2600JF/Appro 512X.
582
583 assumemaxsdrrecordcount - This workaround will inform SDR reading to
584 stop reading after a known maximum number of SDR records have been
585 read. This will work around systems that have mis-implemented SDR read‐
586 ing functions. Those hitting this issue may see "SDR record count
587 invalid" errors. Issue observed on unspecified Inspur motherboard.
588
589 malformedack - This workaround flag will ignore malformed PET acknowl‐
590 edge responses and assume any PET acknowledge response from the remote
591 machine is valid. It works around remote systems that respond with PET
592 acknowledge requests with invalid/malformed IPMI payloads. Those hit‐
593 ting this issue may see "session timeout" errors when executing a PET
594 acknowledge. Issue observed on Dell Poweredge R610.
595
596 No IPMI 1.5 Support - Some motherboards that support IPMI 2.0 have been
597 found to not support IPMI 1.5. Those hitting this issue may see "ipmi
598 2.0 unavailable" or "connection timeout" errors. This issue can be
599 worked around by using IPMI 2.0 instead of IPMI 1.5 by specifying
600 --driver-type=LAN_2_0. Issue observed on a number of HP and Supermicro
601 motherboards.
602
604 The following motherboards are confirmed to have atleast some support
605 by the --interpret-oem-data option. While highly probable the OEM data
606 interpretations would work across other motherboards by the same manu‐
607 facturer, there are no guarantees. Some of the motherboards below may
608 be rebranded by vendors/distributors.
609
610 Currently None
611
613 Interpret a PET using the local SDR cache.
614
615 # ipmi-pet 356224 0x44 0x45 0x4c 0x4c 0x50 0x00 0x10 0x59 0x80 0x43
616 0xb2 0xc0 0x4f 0x33 0x33 0x58 0x00 0x02 0x19 0xe8 0x7e 0x26 0xff 0xff
617 0x20 0x20 0x04 0x20 0x73 0x18 0x00 0x80 0x01 0xff 0x00 0x00 0x00 0x00
618 0x00 0x19 0x00 0x00 0x02 0xa2 0x01 0x00 0xc1
619
620 Interpret a PET using a remote SDR cache.
621
622 # ipmi-pet -h ahost -u myusername -p mypassword 356224 0x44 0x45 0x4c
623 0x4c 0x50 0x00 0x10 0x59 0x80 0x43 0xb2 0xc0 0x4f 0x33 0x33 0x58 0x00
624 0x02 0x19 0xe8 0x7e 0x26 0xff 0xff 0x20 0x20 0x04 0x20 0x73 0x18 0x00
625 0x80 0x01 0xff 0x00 0x00 0x00 0x00 0x00 0x19 0x00 0x00 0x02 0xa2 0x01
626 0x00 0xc1
627
628 Interpret a PET using a previously stored SDR cache.
629
630 # ipmi-pet 356224 0x44 0x45 0x4c 0x4c 0x50 0x00 0x10 0x59 0x80 0x43
631 0xb2 0xc0 0x4f 0x33 0x33 0x58 0x00 0x02 0x19 0xe8 0x7e 0x26 0xff 0xff
632 0x20 0x20 0x04 0x20 0x73 0x18 0x00 0x80 0x01 0xff 0x00 0x00 0x00 0x00
633 0x00 0x19 0x00 0x00 0x02 0xa2 0x01 0x00 0xc1 --sdr-cache-file=/tmp/mys‐
634 drcache
635
636 Instead of outputting trap interpretation, send a PET acknowledge using
637 the trap data.
638
639 # ipmi-pet -h ahost --pet-acknowledge 356224 0x44 0x45 0x4c 0x4c 0x50
640 0x00 0x10 0x59 0x80 0x43 0xb2 0xc0 0x4f 0x33 0x33 0x58 0x00 0x02 0x19
641 0xe8 0x7e 0x26 0xff 0xff 0x20 0x20 0x04 0x20 0x73 0x18 0x00 0x80 0x01
642 0xff 0x00 0x00 0x00 0x00 0x00 0x19 0x00 0x00 0x02 0xa2 0x01 0x00 0xc1
643
645 Upon successful execution, exit status is 0. On error, exit status is
646 1.
647
649 On older operating systems, if you input your username, password, and
650 other potentially security relevant information on the command line,
651 this information may be discovered by other users when using tools like
652 the ps(1) command or looking in the /proc file system. It is generally
653 more secure to input password information with options like the -P or
654 -K options. Configuring security relevant information in the FreeIPMI
655 configuration file would also be an appropriate way to hide this infor‐
656 mation.
657
658 In order to prevent brute force attacks, some BMCs will temporarily
659 "lock up" after a number of remote authentication errors. You may need
660 to wait awhile in order to this temporary "lock up" to pass before you
661 may authenticate again.
662
664 Report bugs to <freeipmi-users@gnu.org> or <freeipmi-devel@gnu.org>.
665
667 Copyright © 2011-2015 FreeIPMI Core Team
668
669 This program is free software; you can redistribute it and/or modify it
670 under the terms of the GNU General Public License as published by the
671 Free Software Foundation; either version 3 of the License, or (at your
672 option) any later version.
673
675 freeipmi(7), bmc-info(8), ipmi-config(8), ipmi-sel(8), freeipmi_inter‐
676 pret_sel.conf(5)
677
678 http://www.gnu.org/software/freeipmi/
679
680
681
682IPMI-PET version 1.6.7 2021-02-12 IPMI-PET(8)