Date: Fri, 13 Jul 2007 08:47:59 -0400 From: John Baldwin <jhb@freebsd.org> To: freebsd-current@freebsd.org Cc: Ian FREISLICH <ianf@clue.co.za>, Jack Vogel <jfvogel@gmail.com> Subject: Re: em0 hijacking traffic to port 623 Message-ID: <200707130848.01101.jhb@freebsd.org> In-Reply-To: <2a41acea0705211617p17f74964oabdc88564376ada3@mail.gmail.com> References: <E1Hq8eK-0001RA-2f@clue.co.za> <Pine.LNX.4.64.0705220019390.17702@zaphod.blinkenlights.nl> <2a41acea0705211617p17f74964oabdc88564376ada3@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 21 May 2007 07:17:07 pm Jack Vogel wrote: > On 5/21/07, Sten Spans <sten@blinkenlights.nl> wrote: > > On Mon, 21 May 2007, Ian FREISLICH wrote: > > > > > Hi > > > > > > We've noticed an issue on our firewalls where the first em device > > > in the system hijacks inbound port 623 tcp and udp. The OS never > > > sees this traffic. Interestingly, em1 and em2 do not appear to be > > > afflicted by this problem. Some reading I've done points to a > > > similar conclusion: > > > > > > http://blogs.sun.com/shepler/entry/port_623_or_the_mount > > > > > > I've looked at the bios, but I can't find any settings that remotely > > > hint IPMI or RMCP+ or serial-over-lan. > > > > > > Does anyone know how I can stop the card or system from stealing > > > port 623 in hardware or must I just stop using em0 (and/or Intel NICS)? > > > > Does "ifconfig em0 promisc" help ? > > That fixed firmware related vanishing ipv6 packets on fxp and em. > > Is this happening even with the latest CURRENT driver, there is code in > it now that is supposed to stop the firmware from doing that, at least > that was the theory :) We still see this at work. We use this workaround in /etc/sysctl.conf: net.inet.ip.portrange.lowlast=665 It seems that the em0 interface always snoops 623 looking for RCMP packets for IPMI (or ASF). -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707130848.01101.jhb>