From owner-freebsd-current@FreeBSD.ORG Fri Jul 13 12:49:25 2007 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C201D16A4FE for ; Fri, 13 Jul 2007 12:49:25 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from server.baldwin.cx (66-23-211-162.clients.speedfactory.net [66.23.211.162]) by mx1.freebsd.org (Postfix) with ESMTP id 68AA013C491 for ; Fri, 13 Jul 2007 12:49:25 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from localhost.corp.yahoo.com (john@localhost [127.0.0.1]) (authenticated bits=0) by server.baldwin.cx (8.13.8/8.13.8) with ESMTP id l6DCnB4d003447; Fri, 13 Jul 2007 08:49:17 -0400 (EDT) (envelope-from jhb@freebsd.org) From: John Baldwin To: freebsd-current@freebsd.org Date: Fri, 13 Jul 2007 08:47:59 -0400 User-Agent: KMail/1.9.6 References: <2a41acea0705211617p17f74964oabdc88564376ada3@mail.gmail.com> In-Reply-To: <2a41acea0705211617p17f74964oabdc88564376ada3@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200707130848.01101.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-2.0.2 (server.baldwin.cx [127.0.0.1]); Fri, 13 Jul 2007 08:49:18 -0400 (EDT) X-Virus-Scanned: ClamAV 0.88.3/3656/Fri Jul 13 07:24:51 2007 on server.baldwin.cx X-Virus-Status: Clean X-Spam-Status: No, score=-4.4 required=4.2 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.1.3 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on server.baldwin.cx Cc: Ian FREISLICH , Jack Vogel Subject: Re: em0 hijacking traffic to port 623 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jul 2007 12:49:25 -0000 On Monday 21 May 2007 07:17:07 pm Jack Vogel wrote: > On 5/21/07, Sten Spans wrote: > > On Mon, 21 May 2007, Ian FREISLICH wrote: > > > > > Hi > > > > > > We've noticed an issue on our firewalls where the first em device > > > in the system hijacks inbound port 623 tcp and udp. The OS never > > > sees this traffic. Interestingly, em1 and em2 do not appear to be > > > afflicted by this problem. Some reading I've done points to a > > > similar conclusion: > > > > > > http://blogs.sun.com/shepler/entry/port_623_or_the_mount > > > > > > I've looked at the bios, but I can't find any settings that remotely > > > hint IPMI or RMCP+ or serial-over-lan. > > > > > > Does anyone know how I can stop the card or system from stealing > > > port 623 in hardware or must I just stop using em0 (and/or Intel NICS)? > > > > Does "ifconfig em0 promisc" help ? > > That fixed firmware related vanishing ipv6 packets on fxp and em. > > Is this happening even with the latest CURRENT driver, there is code in > it now that is supposed to stop the firmware from doing that, at least > that was the theory :) We still see this at work. We use this workaround in /etc/sysctl.conf: net.inet.ip.portrange.lowlast=665 It seems that the em0 interface always snoops 623 looking for RCMP packets for IPMI (or ASF). -- John Baldwin