From owner-freebsd-current@FreeBSD.ORG Mon May 21 14:35:34 2007 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5FD3116A468 for ; Mon, 21 May 2007 14:35:34 +0000 (UTC) (envelope-from ianf@clue.co.za) Received: from munchkin.clue.co.za (munchkin.clue.co.za [66.219.59.160]) by mx1.freebsd.org (Postfix) with ESMTP id 2D52513C46C for ; Mon, 21 May 2007 14:35:32 +0000 (UTC) (envelope-from ianf@clue.co.za) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=20070313; d=clue.co.za; h=Received:Received:Received:To:Subject:From:X-Attribution:Date:Message-Id; b=dOmM/fWBDjJuO7z4sPDhFRiu3Ty2769Dvyx825Tsprp1B/cnN53Zpfi+eYpreYVeSxBfq3SdZagCwF13AY9n3oT9Ezxk/uqR9xgdGuAdfov5vy5IZ84/ydg6sWRtEKz6TDxzIhgYo7PqB7o9Z0mYm8C6AYumH5XM8sjEB/c5CG9bfEfLn/KTSQyV4h9L/SuhuhEMOirQQ2rLaWIK9avvCTGdurXHOlKi6tiq/iVhf/Xi1an0XTVk2bdq+M0fO1tk; Received: from uucp by munchkin.clue.co.za with local (Exim 4.66) (envelope-from ) id 1Hq8g5-0002WA-Ei for freebsd-current@freebsd.org; Mon, 21 May 2007 14:16:01 +0000 Received: from cluetoy.clue.co.za ([10.0.0.19] helo=clue.co.za) by urchin.clue.co.za with esmtpa (Exim 4.66) (envelope-from ) id 1Hq8eL-0004kJ-0X for freebsd-current@freebsd.org; Mon, 21 May 2007 14:14:13 +0000 Received: from localhost ([127.0.0.1]) by clue.co.za with esmtp (Exim 4.66 (FreeBSD)) (envelope-from ) id 1Hq8eK-0001RA-2f for freebsd-current@freebsd.org; Mon, 21 May 2007 16:14:12 +0200 To: freebsd-current@freebsd.org From: Ian FREISLICH X-Attribution: BOFH Date: Mon, 21 May 2007 16:14:12 +0200 Message-Id: Subject: em0 hijacking traffic to port 623 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 May 2007 14:35:34 -0000 Hi We've noticed an issue on our firewalls where the first em device in the system hijacks inbound port 623 tcp and udp. The OS never sees this traffic. Interestingly, em1 and em2 do not appear to be afflicted by this problem. Some reading I've done points to a similar conclusion: http://blogs.sun.com/shepler/entry/port_623_or_the_mount I've looked at the bios, but I can't find any settings that remotely hint IPMI or RMCP+ or serial-over-lan. Does anyone know how I can stop the card or system from stealing port 623 in hardware or must I just stop using em0 (and/or Intel NICS)? Here's the pciconf output: em0@pci3:4:0: class=0x020000 card=0x10798086 chip=0x10798086 rev=0x03 hdr=0x00 vendor = 'Intel Corporation' device = '82546EB Dual Port Gigabit Ethernet Controller' class = network subclass = ethernet cap 01[dc] = powerspec 2 supports D0 D3 current D0 cap 07[e4] = PCI-X 64-bit supports 133MHz, 2048 burst read, 1 split transaction cap 05[f0] = MSI supports 1 message, 64 bit enabled with 1 message Ian -- Ian Freislich