Date: Fri, 13 Jul 2007 09:21:53 -0700 From: "Jack Vogel" <jfvogel@gmail.com> To: "Ian FREISLICH" <ianf@clue.co.za> Cc: freebsd-current@freebsd.org Subject: Re: em0 hijacking traffic to port 623 Message-ID: <2a41acea0707130921x38d35d3br62842ef118c93261@mail.gmail.com> In-Reply-To: <E1I9Kzu-0001lV-HJ@clue.co.za> References: <jhb@freebsd.org> <200707130848.01101.jhb@freebsd.org> <E1I9Kzu-0001lV-HJ@clue.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On 7/13/07, Ian FREISLICH <ianf@clue.co.za> wrote: > John Baldwin wrote: > > On Monday 21 May 2007 07:17:07 pm Jack Vogel wrote: > > > On 5/21/07, Sten Spans <sten@blinkenlights.nl> wrote: > > > > On Mon, 21 May 2007, Ian FREISLICH wrote: > > > > > > > > > Hi > > > > > > > > > > We've noticed an issue on our firewalls where the first em device > > > > > in the system hijacks inbound port 623 tcp and udp. The OS never > > > > > sees this traffic. Interestingly, em1 and em2 do not appear to be > > > > > afflicted by this problem. Some reading I've done points to a > > > > > similar conclusion: > > > > > > > > > > http://blogs.sun.com/shepler/entry/port_623_or_the_mount > > > > > > > > > > I've looked at the bios, but I can't find any settings that remotely > > > > > hint IPMI or RMCP+ or serial-over-lan. > > > > > > > > > > Does anyone know how I can stop the card or system from stealing > > > > > port 623 in hardware or must I just stop using em0 (and/or Intel NICS)? > > > > > > > > Does "ifconfig em0 promisc" help ? > > > > That fixed firmware related vanishing ipv6 packets on fxp and em. > > > > > > Is this happening even with the latest CURRENT driver, there is code in > > > it now that is supposed to stop the firmware from doing that, at least > > > that was the theory :) > > > > We still see this at work. We use this workaround in /etc/sysctl.conf: > > > > net.inet.ip.portrange.lowlast=665 > > > > It seems that the em0 interface always snoops 623 looking for RCMP > > packets for IPMI (or ASF). > > =================================================================== > RCS file: /home/ncvs/src/sys/dev/em/e1000_82540.c,v > retrieving revision 1.3 > diff -u -d -r1.3 e1000_82540.c > --- e1000_82540.c 16 May 2007 00:14:23 -0000 1.3 > +++ e1000_82540.c 25 May 2007 13:40:19 -0000 > @@ -316,6 +316,7 @@ > /* Disable HW ARPs on ASF enabled adapters */ > manc = E1000_READ_REG(hw, E1000_MANC); > manc &= ~E1000_MANC_ARP_EN; > + manc &= ~(E1000_MANC_RMCP_EN | E1000_MANC_0298_EN); > E1000_WRITE_REG(hw, E1000_MANC, manc); > > E1000_WRITE_REG(hw, E1000_IMC, 0xffffffff); > > Fixes it for me. But, of course, I'm not interested in ASF on my > gateway hosts. > > I didn't look further into the initalization of the chip. The > datasheet I downloaded suggests that you can filter these packets > on IP address as well and I suspect the option is turned on with > some default in the EEPROM register that equates to 0.0.0.0/0. Hardcoding this change into shared code is not the right place to do it, however I'll take a look at that and figure out a more appropriate approach. Jack
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2a41acea0707130921x38d35d3br62842ef118c93261>