Provided by: freeipmi-tools_1.4.11-1ubuntu1_amd64 bug

NAME

       IPMI - IPMI Platform Event Trap Interpreter

SYNOPSIS

       ipmi-pet [OPTION...] [SPECIFIC TRAP] [VARIABLE BINDING HEX BYTES ...]

DESCRIPTION

       Ipmi-pet  interprets  hex  bytes  from  a  platform  event trap (PET) and outputs a string
       representing its contents. Hex values may be input on the command line,  a  file  via  the
       --file  option,  or  via  stdin  if  neither  of  the previous are specified.  Ipmi-pet is
       commonly used in conjunction with an SNMP trap daemon to intrepret  the  results  from  an
       IPMI  PET trap captured by the daemon. While ipmi-pet could be called directly from such a
       daemon, typically a script is called to parse the SNMP daemon's output and convert it into
       a  form that can be input into ipmi-pet.  On some systems, you may wish to also send a PET
       acknowledge to a remote system to inform it the trap was received and parsed. One  can  be
       sent  using  the  --pet-acknowledge  option.   While  an  IPMI  session is not required to
       interpret a PET, data from the sensor  data  repository  (SDR)  is  required  to  properly
       interpret sensor names and other information in the PET. IPMI session configuration below,
       such as driver, hostname, username, etc. should be configured to load the SDR of the  host
       where  the  trap originated.  If this is difficult to perform, it may be wise to cache and
       load a specific SDR cache using the --sdr-cache-file option.  If the SDR is  difficult  to
       obtain,  the --ignore-sdr-cache option can be specified so that an SDR will not be loaded,
       and an IPMI session will not be required. The PET will be interpreted as best as  possible
       given   no   SDR.   The  --ignore-sdr-cache  option  may  affect  other  options  such  as
       --interpret-oem-data too. Some options, such as  --manufacturer-id  and  --product-id  may
       alleviate some of these issues.  If the SNMP daemon does not output a SNMPv1 specific trap
       on its own, it is typically output as the last element of the OID in SNMPv2.  If for  some
       reason a specific trap cannot be determined, the value of NA may be input for the specific
       trap to indicate it is not available.  Ipmi-pet will output as much as possible  based  on
       the  variable  bindings information. Some of the specific trap information may be obtained
       via SDR information.

       Listed  below  are  general  IPMI  options,  tool  specific  options,   trouble   shooting
       information,   workaround   information,   examples,  and  known  issues.  For  a  general
       introduction to FreeIPMI please see freeipmi(7).

GENERAL OPTIONS

       The following options are general options for configuring IPMI communication and executing
       general tool commands.

       -D IPMIDRIVER, --driver-type=IPMIDRIVER
              Specify  the  driver type to use instead of doing an auto selection.  The currently
              available outofband drivers are LAN and LAN_2_0, which perform IPMI  1.5  and  IPMI
              2.0  respectively.  The currently available inband drivers are KCS, SSIF, OPENIPMI,
              SUNBMC, and INTELDCMI.

       --disable-auto-probe
              Do not probe in-band IPMI devices for default settings.

       --driver-address=DRIVER-ADDRESS
              Specify the in-band driver address to be used instead of the probed value.  DRIVER-
              ADDRESS should be prefixed with "0x" for a hex value and '0' for an octal value.

       --driver-device=DEVICE
              Specify the in-band driver device path to be used instead of the probed path.

       --register-spacing=REGISTER-SPACING
              Specify  the  in-band driver register spacing instead of the probed value. Argument
              is in bytes (i.e. 32bit register spacing = 4)

       --target-channel-number=CHANNEL-NUMBER
              Specify the in-band driver target channel number to send IPMI requests to.

       --target-slave-address=SLAVE-ADDRESS
              Specify the in-band driver target slave number to send IPMI requests to.

       -h IPMIHOST, --hostname=IPMIHOST[:PORT]
              Specify the remote host to communicate with. An optional  port  can  be  specified,
              which may be useful in port forwarding or similar situations.

       -u USERNAME, --username=USERNAME
              Specify  the  username  to  use  when  authenticating with the remote host.  If not
              specified, a null (i.e. anonymous) username is assumed. The user must have  atleast
              OPERATOR privileges in order for this tool to operate fully.

       -p PASSWORD, --password=PASSWORD
              Specify  the  password  to  use  when authenticationg with the remote host.  If not
              specified, a null password is assumed. Maximum password length is 16 for  IPMI  1.5
              and 20 for IPMI 2.0.

       -P, --password-prompt
              Prompt for password to avoid possibility of listing it in process lists.

       -k K_G, --k-g=K_G
              Specify  the  K_g  BMC key to use when authenticating with the remote host for IPMI
              2.0. If not specified, a null key is assumed. To input the key in hexadecimal form,
              prefix the string with '0x'. E.g., the key 'abc' can be entered with the either the
              string 'abc' or the string '0x616263'

       -K, --k-g-prompt
              Prompt for k-g to avoid possibility of listing it in process lists.

       --session-timeout=MILLISECONDS
              Specify the session timeout in milliseconds. Defaults  to  20000  milliseconds  (20
              seconds) if not specified.

       --retransmission-timeout=MILLISECONDS
              Specify  the  packet  retransmission  timeout  in  milliseconds.  Defaults  to 1000
              milliseconds (1 second) if not specified.  The  retransmission  timeout  cannot  be
              larger than the session timeout.

       -a AUTHENTICATION-TYPE, --authentication-type=AUTHENTICATION-TYPE
              Specify   the  IPMI  1.5  authentication  type  to  use.  The  currently  available
              authentication types are NONE, STRAIGHT_PASSWORD_KEY, MD2, and MD5. Defaults to MD5
              if not specified.

       -I CIPHER-SUITE-ID, --cipher-suite-id=CIPHER-SUITE-ID
              Specify  the  IPMI 2.0 cipher suite ID to use. The Cipher Suite ID identifies a set
              of authentication, integrity, and confidentiality algorithms to use  for  IPMI  2.0
              communication.  The  authentication  algorithm  identifies the algorithm to use for
              session setup, the integrity algorithm identifies the algorithm to use for  session
              packet  signatures,  and  the confidentiality algorithm identifies the algorithm to
              use for payload encryption. Defaults to cipher suite ID 3  if  not  specified.  The
              following cipher suite ids are currently supported:

              0  -  Authentication  Algorithm = None; Integrity Algorithm = None; Confidentiality
              Algorithm = None

              1  -  Authentication  Algorithm  =   HMAC-SHA1;   Integrity   Algorithm   =   None;
              Confidentiality Algorithm = None

              2  -  Authentication  Algorithm  =  HMAC-SHA1;  Integrity Algorithm = HMAC-SHA1-96;
              Confidentiality Algorithm = None

              3 - Authentication Algorithm  =  HMAC-SHA1;  Integrity  Algorithm  =  HMAC-SHA1-96;
              Confidentiality Algorithm = AES-CBC-128

              6   -   Authentication   Algorithm   =   HMAC-MD5;   Integrity  Algorithm  =  None;
              Confidentiality Algorithm = None

              7 - Authentication  Algorithm  =  HMAC-MD5;  Integrity  Algorithm  =  HMAC-MD5-128;
              Confidentiality Algorithm = None

              8  -  Authentication  Algorithm  =  HMAC-MD5;  Integrity  Algorithm = HMAC-MD5-128;
              Confidentiality Algorithm = AES-CBC-128

              11  -  Authentication  Algorithm  =  HMAC-MD5;  Integrity  Algorithm   =   MD5-128;
              Confidentiality Algorithm = None

              12   -   Authentication  Algorithm  =  HMAC-MD5;  Integrity  Algorithm  =  MD5-128;
              Confidentiality Algorithm = AES-CBC-128

              15  -  Authentication  Algorithm  =  HMAC-SHA256;  Integrity  Algorithm   =   None;
              Confidentiality Algorithm = None

              16 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm = HMAC_SHA256_128;
              Confidentiality Algorithm = None

              17 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm = HMAC_SHA256_128;
              Confidentiality Algorithm = AES-CBC-128

       -l PRIVILEGE-LEVEL, --privilege-level=PRIVILEGE-LEVEL
              Specify  the  privilege  level to be used. The currently available privilege levels
              are USER, OPERATOR, and ADMIN. Defaults to OPERATOR if not specified.

       --config-file=FILE
              Specify an alternate configuration file.

       -W WORKAROUNDS, --workaround-flags=WORKAROUNDS
              Specify workarounds to  vendor  compliance  issues.  Multiple  workarounds  can  be
              specified separated by commas. A special command line flag of "none", will indicate
              no workarounds (may be useful for overriding configured defaults). See  WORKAROUNDS
              below for a list of available workarounds.

       --debug
              Turn on debugging.

       -?, --help
              Output a help list and exit.

       --usage
              Output a usage message and exit.

       -V, --version
              Output the program version and exit.

IPMI-PET OPTIONS

       The following options are specific to Ipmi-pet.

       -v     Output  verbose  output.  This  option  will  output event direction and OEM custom
              messages from the trap.

       -vv    Output  very  verbose  output.  This  option  will  output  additional  information
              available in the trap, such as GUID, manufacturer ID, and system ID.

       -vvv   Output  very  very  verbose  output. This option will output additional information
              than verbose output. Most notably it will output  additional  hex  codes  to  given
              information on ambiguous events. For example, it will output Generator ID hex codes
              for sensors without names.

       --pet-acknowledge
              Send PET acknowledge using inputted trap data instead of outputting data.  In  some
              circumstances,  this  may  be  useful  to  inform  a  remote system that a trap was
              received and parsed.  If  specified,  a  hostname  must  be  specified  via  -h  or
              --hostname to inform ipmi-pet where to send the acknowledge to. When this option is
              specified, the SDR cache is not loaded and is not required.

       --file=CMD-FILE
              Specify a file to read PET specific trap and variable bindings hex from instead  of
              command line.

       --output-event-severity
              Output  event  severity  in  output. This will add an additional output of an event
              severity. The outputs may be  Monitor,  Information,  OK,  Non-critical  condition,
              Critical  condition,  or Non-recoverable condition. This differs from the output of
              --output-event-state, as event severity is not interpreted, it is a value  reported
              in  the  SNMP  trap.  However,  not  all  events  may  report  a  severity, or some
              manufacturers may not support  the  report  of  a  severity.  Event  severity  will
              automatically be output under verbose output.

       --output-event-state
              Output  event  state  in output. This will add an additional output reporting if an
              event should be viewed as NOMINAL, WARNING, or  CRITICAL.  This  differs  from  the
              output of --output-event-severity, as this output is an interpreted value that will
              be interpreted identically to the --output-event-state output in  ipmi-sel(8).   As
              long as an event interpretation is supported, all events will have outputted state.
              The  event  state  is  an  interpreted  value  based  on  the  configuration   file
              /etc/freeipmi//freeipmi_interpret_sel.conf    and    the   event   direction.   See
              freeipmi_interpret_sel.conf(5) for more information.

       --event-state-config-file=FILE
              Specify  an  alternate  event  state  configuration   file.   Option   ignored   if
              --output-event-state not specified.

       --manufacturer-id=NUMBER
              Specify  a  specific  manufacturer  id  to  assume.  Useful  if you wish to specify
              --interpret-oem-data, but the manufacturer id cannot be determined by  IPMI  access
              or  is not available in the SNMP trap.  The manufacturer id of a motherboard can be
              determined with bmc-info(8).  If this option is specified, so must --product-id.

       --product-id=NUMBER
              Specify  a  specific  product  id  to  assume.  Useful  if  you  wish  to   specify
              --interpret-oem-data,  but the product id cannot be determined by IPMI access or is
              not available in the SNMP trap.  The product id of a motherboard can be  determined
              with bmc-info(8).  If this option is specified, so must --manufacturer-id.

       --interpret-oem-data
              Attempt  to  interpret  OEM  data,  such as event data, sensor readings, or general
              extra info, etc. If an OEM interpretation is not available, the default output will
              be  generated.  Correctness  of  OEM  interpretations  cannot  be guaranteed due to
              potential changes OEM  vendors  may  make  in  products,  firmware,  etc.  See  OEM
              INTERPRETATION below for confirmed supported motherboard interpretations.

       --entity-sensor-names
              Output  sensor  names  prefixed  with  their  entity  id  and  instance number when
              appropriate. This may be necessary on  some  motherboards  to  help  identify  what
              sensors are referencing. For example, a motherboard may have multiple sensors named
              'TEMP'. The entity id and instance number may help clarify which sensor  refers  to
              "Processor 1" vs. "Processor 2".

       --no-sensor-type-output
              Do  not show sensor type output for each entry. On many systems, the sensor type is
              redundant  to  the  name  of  the  sensor.  This  can   especially   be   true   if
              --entity-sensor-names  is  specified.   If the sensor name is sufficient, or if the
              sensor type is of no interest to the user, this option can be specified to condense
              output.

       --comma-separated-output
              Output fields in comma separated format.

       --no-header-output
              Do not output column headers. May be useful in scripting.

       --non-abbreviated-units
              Output   non-abbreviated   units   (e.g.   'Amps'  instead  of  'A').  May  aid  in
              disambiguation of units (e.g. 'C' for Celsius or Coulombs).

SDR CACHE OPTIONS

       This tool requires access to the sensor data repository (SDR) cache for general operation.
       By  default,  SDR  data  will be downloaded and cached on the local machine. The following
       options apply to the SDR cache.

       -f, --flush-cache
              Flush a cached version of the sensor  data  repository  (SDR)  cache.  The  SDR  is
              typically  cached  for faster subsequent access. However, it may need to be flushed
              and re-generated if the SDR has been updated on a system.

       -Q, --quiet-cache
              Do  not  output  information  about  cache  creation/deletion.  May  be  useful  in
              scripting.

       --sdr-cache-recreate
              If  the SDR cache is out of date or invalid, automatically recreate the sensor data
              repository (SDR) cache. This option may be useful for scripting purposes.

       --sdr-cache-file=FILE
              Specify a specific sensor data repository (SDR) cache file to  be  stored  or  read
              from.  If this option is used when multiple hosts are specified, the same SDR cache
              file will be used for all hosts.

       --sdr-cache-directory=DIRECTORY
              Specify an alternate directory for sensor data repository (SDR) caches to be stored
              or read from. Defaults to the home directory if not specified.

       --ignore-sdr-cache
              Ignore  SDR  cache  related  processing.  May  lead  to  incomplete  or less useful
              information being output, however it will allow functionality for  systems  without
              SDRs or when the correct SDR cannot be loaded.

GENERAL TROUBLESHOOTING

       Most often, IPMI problems are due to configuration problems.

       IPMI  over  LAN  problems  involve a misconfiguration of the remote machine's BMC.  Double
       check to make sure the following are configured properly in the remote machine's  BMC:  IP
       address,  MAC  address,  subnet mask, username, user enablement, user privilege, password,
       LAN  privilege,  LAN  enablement,  and  allowed  authentication  type(s).  For  IPMI   2.0
       connections,  double  check  to  make  sure  the cipher suite privilege(s) and K_g key are
       configured properly. The ipmi-config(8) tool can be used  to  check  and/or  change  these
       configuration settings.

       Inband IPMI problems are typically caused by improperly configured drivers or non-standard
       BMCs.

       In addition to the troubleshooting tips below, please see WORKAROUNDS  below  to  also  if
       there are any vendor specific bugs that have been discovered and worked around.

       Listed  below  are  many of the common issues for error messages.  For additional support,
       please e-mail the <freeipmi-users@gnu.org> mailing list.

       "username invalid" - The username entered (or a NULL username if none was entered) is  not
       available  on  the  remote  machine.  It  may  also  be possible the remote BMC's username
       configuration is incorrect.

       "password invalid" - The password entered (or a NULL password if none was entered) is  not
       correct.  It may also be possible the password for the user is not correctly configured on
       the remote BMC.

       "password verification timeout" -  Password  verification  has  timed  out.   A  "password
       invalid"  error  (described  above)  or  a  generic  "session  timeout"  (described below)
       occurred.  During this point in the protocol it cannot be differentiated which occurred.

       "k_g invalid" - The K_g key entered (or a NULL  K_g  key  if  none  was  entered)  is  not
       correct.  It  may  also  be possible the K_g key is not correctly configured on the remote
       BMC.

       "privilege level insufficient" - An IPMI command requires a higher user privilege than the
       one  authenticated  with.  Please  try  to  authenticate with a higher privilege. This may
       require authenticating to a different user which has a higher maximum privilege.

       "privilege level cannot be  obtained  for  this  user"  -  The  privilege  level  you  are
       attempting  to  authenticate with is higher than the maximum allowed for this user. Please
       try again with a lower privilege. It may also be  possible  the  maximum  privilege  level
       allowed for a user is not configured properly on the remote BMC.

       "authentication  type unavailable for attempted privilege level" - The authentication type
       you wish to authenticate with is not available for this privilege level. Please try  again
       with  an  alternate  authentication  type  or  alternate  privilege  level. It may also be
       possible the available authentication types you can authenticate with  are  not  correctly
       configured on the remote BMC.

       "cipher  suite  id unavailable" - The cipher suite id you wish to authenticate with is not
       available on the remote BMC. Please try again with an alternate cipher suite  id.  It  may
       also be possible the available cipher suite ids are not correctly configured on the remote
       BMC.

       "ipmi 2.0 unavailable" - IPMI 2.0 was not discovered on the remote machine. Please try  to
       use IPMI 1.5 instead.

       "connection timeout" - Initial IPMI communication failed. A number of potential errors are
       possible, including an invalid hostname specified, an IPMI IP address cannot be  resolved,
       IPMI  is  not  enabled  on  the  remote server, the network connection is bad, etc. Please
       verify configuration and connectivity.

       "session timeout" - The IPMI session has timed  out.  Please  reconnect.   If  this  error
       occurs  often,  you  may wish to increase the retransmission timeout. Some remote BMCs are
       considerably slower than others.

       "device not found" - The specified device could not be found. Please  check  configuration
       or inputs and try again.

       "driver  timeout"  -  Communication  with  the  driver or device has timed out. Please try
       again.

       "message timeout" - Communication with the driver or device  has  timed  out.  Please  try
       again.

       "BMC  busy" - The BMC is currently busy. It may be processing information or have too many
       simultaneous sessions to manage. Please wait and try again.

       "could not find inband device" - An inband  device  could  not  be  found.   Please  check
       configuration or specify specific device or driver on the command line.

       "driver  timeout"  -  The  inband  driver  has timed out communicating to the local BMC or
       service processor. The BMC or service processor may be busy or (worst case) possibly  non-
       functioning.

       "internal  IPMI  error"  -  An  IPMI error has occurred that FreeIPMI does not know how to
       handle. Please e-mail <freeipmi-users@gnu.org> to report the issue.

WORKAROUNDS

       With so many different vendors implementing their own IPMI  solutions,  different  vendors
       may  implement  their  IPMI  protocols  incorrectly.  The  following describes a number of
       workarounds currently available to handle discovered  compliance  issues.  When  possible,
       workarounds  have  been implemented so they will be transparent to the user. However, some
       will require the user to specify a workaround be used via the -W option.

       The hardware listed below may only indicate the hardware that a problem was discovered on.
       Newer  versions  of  hardware  may fix the problems indicated below. Similar machines from
       vendors may or may not exhibit the same problems.  Different  vendors  may  license  their
       firmware from the same IPMI firmware developer, so it may be worthwhile to try workarounds
       listed below even if your motherboard is not listed.

       If you believe your hardware has an additional compliance issue that needs a workaround to
       be  implemented,  please  contact  the FreeIPMI maintainers on <freeipmi-users@gnu.org> or
       <freeipmi-devel@gnu.org>.

       assumeio - This workaround flag will assume inband interfaces communicate with system  I/O
       rather  than  being  memory-mapped. This will work around systems that report invalid base
       addresses. Those hitting this issue may see "device not  supported"  or  "could  not  find
       inband device" errors.  Issue observed on HP ProLiant DL145 G1.

       spinpoll  -  This  workaround  flag  will inform some inband drivers (most notably the KCS
       driver) to spin while  polling  rather  than  putting  the  process  to  sleep.  This  may
       significantly  improve  the  wall  clock running time of tools because an operating system
       scheduler's granularity may be much larger than the time it takes to perform a single IPMI
       message  transaction. However, by spinning, your system may be performing less useful work
       by not contexting out the tool for a more useful task.

       authcap -  This  workaround  flag  will  skip  early  checks  for  username  capabilities,
       authentication  capabilities, and K_g support and allow IPMI authentication to succeed. It
       works around multiple issues in which the remote system does not properly report  username
       capabilities, authentication capabilities, or K_g status. Those hitting this issue may see
       "username invalid", "authentication type unavailable for attempted  privilege  level",  or
       "k_g   invalid"   errors.    Issue   observed   on  Asus  P5M2/P5MT-R/RS162-E4/RX4,  Intel
       SR1520ML/X38ML, and Sun Fire 2200/4150/4450 with ELOM.

       nochecksumcheck - This workaround flag will tell  FreeIPMI  to  not  check  the  checksums
       returned  from  IPMI  command  responses.  It  works  around  systems  that return invalid
       checksums due to implementation errors, but the  packet  is  otherwise  valid.  Users  are
       cautioned  on  the  use  of this option, as it removes validation of packet integrity in a
       number of circumstances. However, it is unlikely to be an issue in most situations.  Those
       hitting  this  issue  may  see  "connection  timeout",  "session  timeout",  or  "password
       verification timeout" errors. On IPMI 1.5 connections,  the  "noauthcodecheck"  workaround
       may  also  needed  too.  Issue  observed  on Supermicro X9SCM-iiF, Supermicro X9DRi-F, and
       Supermicro X9DRFR.

       idzero - This workaround flag will allow empty session IDs to be accepted by  the  client.
       It  works  around IPMI sessions that report empty session IDs to the client. Those hitting
       this issue may see "session timeout" errors. Issue observed on Tyan S2882 with M3289 BMC.

       unexpectedauth - This workaround flag will  allow  unexpected  non-null  authcodes  to  be
       checked  as  though they were expected. It works around an issue when packets contain non-
       null  authentication  data  when  they  should  be  null  due  to   disabled   per-message
       authentication.  Those hitting this issue may see "session timeout" errors. Issue observed
       on Dell PowerEdge 2850,SC1425. Confirmed fixed on newer firmware.

       forcepermsg - This workaround flag will force per-message authentication  to  be  used  no
       matter  what is advertised by the remote system. It works around an issue when per-message
       authentication is advertised as disabled on the remote system, but it is actually required
       for  the  protocol.  Those  hitting  this  issue  may see "session timeout" errors.  Issue
       observed on IBM eServer 325.

       endianseq - This workaround flag will flip the endian of the session sequence  numbers  to
       allow  the session to continue properly. It works around IPMI 1.5 session sequence numbers
       that are the wrong endian.  Those hitting this issue may  see  "session  timeout"  errors.
       Issue observed on some Sun ILOM 1.0/2.0 (depends on service processor endian).

       noauthcodecheck  - This workaround flag will tell FreeIPMI to not check the authentication
       codes returned from IPMI 1.5 command  responses.  It  works  around  systems  that  return
       invalid  authentication codes due to hashing or implementation errors. Users are cautioned
       on the use of this option, as it removes an authentication check verifying the validity of
       a  packet.  However, in most organizations, this is unlikely to be a security issue. Those
       hitting  this  issue  may  see  "connection  timeout",  "session  timeout",  or  "password
       verification  timeout"  errors.   Issue  observed  on  Xyratex FB-H8-SRAY, Intel Windmill,
       Quanta Winterfell, and Wiwynn Windmill.

       intel20 - This workaround flag will work around  several  Intel  IPMI  2.0  authentication
       issues.  The  issues  covered include padding of usernames, and password truncation if the
       authentication algorithm is HMAC-MD5-128. Those  hitting  this  issue  may  see  "username
       invalid",  "password  invalid", or "k_g invalid" errors. Issue observed on Intel SE7520AF2
       with Intel Server Management Module (Professional Edition).

       supermicro20 -  This  workaround  flag  will  work  around  several  Supermicro  IPMI  2.0
       authentication  issues  on  motherboards  w/  Peppercon  IPMI firmware. The issues covered
       include handling invalid length authentication codes. Those hitting  this  issue  may  see
       "password  invalid"  errors.  Issue observed on Supermicro H8QME with SIMSO daughter card.
       Confirmed fixed on newerver firmware.

       sun20 - This workaround flag will work work around several  Sun  IPMI  2.0  authentication
       issues. The issues covered include invalid lengthed hash keys, improperly hashed keys, and
       invalid cipher suite records. Those hitting this issue may see "password invalid" or  "bmc
       error"  errors.   Issue  observed  on  Sun Fire 4100/4200/4500 with ILOM.  This workaround
       automatically includes the "opensesspriv" workaround.

       opensesspriv - This workaround flag will slightly alter  FreeIPMI's  IPMI  2.0  connection
       protocol  to  workaround  an  invalid  hashing  algorithm  used  by the remote system. The
       privilege level sent during the Open Session stage of an IPMI 2.0 connection is  used  for
       hashing  keys instead of the privilege level sent during the RAKP1 connection stage. Those
       hitting this issue may see "password invalid", "k_g  invalid",  or  "bad  rmcpplus  status
       code"  errors.   Issue  observed  on Sun Fire 4100/4200/4500 with ILOM, Inventec 5441/Dell
       Xanadu II, Supermicro X8DTH, Supermicro X8DTG, Intel S5500WBV/Penguin  Relion  700,  Intel
       S2600JF/Appro  512X, and Quanta QSSC-S4R/Appro GB812X-CN. This workaround is automatically
       triggered with the "sun20" workaround.

       integritycheckvalue - This workaround flag will work around  an  invalid  integrity  check
       value during an IPMI 2.0 session establishment when using Cipher Suite ID 0. The integrity
       check value should be 0 length, however the remote motherboard responds with  a  non-empty
       field. Those hitting this issue may see "k_g invalid" errors. Issue observed on Supermicro
       X8DTG, Supermicro X8DTU, and Intel S5500WBV/Penguin Relion 700,  and  Intel  S2600JF/Appro
       512X.

       assumemaxsdrrecordcount  - This workaround will inform SDR reading to stop reading after a
       known maximum numer of SDR records have been read. This will work around systems that have
       mis-implemented  SDR  reading functions that. Those hitting this issue may see "SDR record
       count invalid" errors. Issue observed on unspecified Inspur motherboard.

       malformedack - This workaround flag will ignore malformed PET  acknowledge  responses  and
       assume  any  PET  acknowledge  response  from the remote machine is valid. It works around
       remote systems that respond with PET  acknowledge  requests  with  invalid/malformed  IPMI
       payloads.   Those hitting this issue may see "session timeout" errors when executing a PET
       acknowledge. Issue observed on Dell Poweredge R610.

       No IPMI 1.5 Support - Some motherboards that support IPMI  2.0  have  been  found  to  not
       support  IPMI  1.5. Those hitting this issue may see "ipmi 2.0 unavailable" or "connection
       timeout" errors. This issue can be worked around by using IPMI 2.0 instead of IPMI 1.5  by
       specifying --driver-type=LAN_2_0. Issue observed on HP Proliant DL 145.

OEM INTERPRETATION

       The  following motherboards are confirmed to have atleast some support by the --interpret-
       oem-data option. While highly probable the OEM  data  interpretations  would  work  across
       other  motherboards  by  the  same  manufacturer,  there  are  no  guarantees. Some of the
       motherboards below may be rebranded by vendors/distributors.

       Currently None

EXAMPLES

       Interpret a PET using the local SDR cache.

       # ipmi-pet 356224 0x44 0x45 0x4c 0x4c 0x50 0x00 0x10 0x59 0x80 0x43 0xb2  0xc0  0x4f  0x33
       0x33  0x58 0x00 0x02 0x19 0xe8 0x7e 0x26 0xff 0xff 0x20 0x20 0x04 0x20 0x73 0x18 0x00 0x80
       0x01 0xff 0x00 0x00 0x00 0x00 0x00 0x19 0x00 0x00 0x02 0xa2 0x01 0x00 0xc1

       Interpret a PET using a remote SDR cache.

       # ipmi-pet -h ahost -u myusername -p mypassword 356224 0x44 0x45 0x4c 0x4c 0x50 0x00  0x10
       0x59  0x80 0x43 0xb2 0xc0 0x4f 0x33 0x33 0x58 0x00 0x02 0x19 0xe8 0x7e 0x26 0xff 0xff 0x20
       0x20 0x04 0x20 0x73 0x18 0x00 0x80 0x01 0xff 0x00 0x00 0x00 0x00 0x00 0x19 0x00 0x00  0x02
       0xa2 0x01 0x00 0xc1

       Interpret a PET using a previously stored SDR cache.

       #  ipmi-pet  356224  0x44 0x45 0x4c 0x4c 0x50 0x00 0x10 0x59 0x80 0x43 0xb2 0xc0 0x4f 0x33
       0x33 0x58 0x00 0x02 0x19 0xe8 0x7e 0x26 0xff 0xff 0x20 0x20 0x04 0x20 0x73 0x18 0x00  0x80
       0x01  0xff  0x00  0x00 0x00 0x00 0x00 0x19 0x00 0x00 0x02 0xa2 0x01 0x00 0xc1 --sdr-cache-
       file=/tmp/mysdrcache

       Instead of outputting trap interpretation, send a PET acknowledge using the trap data.

       # ipmi-pet -h ahost --pet-acknowledge 356224 0x44 0x45 0x4c 0x4c 0x50 0x00 0x10 0x59  0x80
       0x43  0xb2 0xc0 0x4f 0x33 0x33 0x58 0x00 0x02 0x19 0xe8 0x7e 0x26 0xff 0xff 0x20 0x20 0x04
       0x20 0x73 0x18 0x00 0x80 0x01 0xff 0x00 0x00 0x00 0x00 0x00 0x19 0x00 0x00 0x02 0xa2  0x01
       0x00 0xc1

DIAGNOSTICS

       Upon successful execution, exit status is 0. On error, exit status is 1.

KNOWN ISSUES

       On  older  operating  systems, if you input your username, password, and other potentially
       security relevant information on the command line, this information may be  discovered  by
       other  users  when using tools like the ps(1) command or looking in the /proc file system.
       It is generally more secure to input password information with options like the -P  or  -K
       options.  Configuring  security  relevant  information  in the FreeIPMI configuration file
       would also be an appropriate way to hide this information.

       In order to prevent brute force attacks, some BMCs will  temporarily  "lock  up"  after  a
       number  of  remote  authentication  errors.  You  may need to wait awhile in order to this
       temporary "lock up" to pass before you may authenticate again.

REPORTING BUGS

       Report bugs to <freeipmi-users@gnu.org> or <freeipmi-devel@gnu.org>.

COPYRIGHT

       Copyright © 2011-2014 FreeIPMI Core Team

       This program is free software; you can redistribute it and/or modify it under the terms of
       the  GNU  General  Public  License  as  published  by the Free Software Foundation; either
       version 3 of the License, or (at your option) any later version.

SEE ALSO

       freeipmi(7), bmc-info(8), ipmi-config(8), ipmi-sel(8), freeipmi_interpret_sel.conf(5)

       http://www.gnu.org/software/freeipmi/