message_handler: Hold the session instance

The message_handler was using `getSession()` to get the session of the
handler.

The session instance is valid until the handler is completed, so in
realit

message_handler: Hold the session instance

The message_handler was using `getSession()` to get the session of the
handler.

The session instance is valid until the handler is completed, so in
reality, it is reasonable for the handler to own the session instance.

In the ipmi stress test, it's found an issue that the session is marked
as inactive and gets removed from sessions_manager before the handler is
completed, so the `getSession()` will throw in `~Handler()` and an error
log is printed:

Async RMCP+ reply failed

The session at that time is actually valid.
Let the handler hold the session instance and do not call `getSession()`
every time it uses the session, so that it does not need to call
session_manager's `getSession()` in `~Handler()`.

There are cases that the Handler is created without calling
`updSessionData()`, inititalize the session in its constructor in such
cases.

Note that there will be following commits to address the `getSession()`
issue in others places.

Tested: With the following commits, there is no "Async RMCP+ reply
failed" logs anymore.

Signed-off-by: Lei YU <yulei.sh@bytedance.com>
Change-Id: Ief4cbf0237605f7a9b38d59acae42c86f046f792

show more ...

Update to latest clang-format

Refer:https://github.com/openbmc/docs/blob/ac5d544553934f8083c61c5986a1420261bc8a4c/style/cpp/.clang-format

Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id:

Update to latest clang-format

Refer:https://github.com/openbmc/docs/blob/ac5d544553934f8083c61c5986a1420261bc8a4c/style/cpp/.clang-format

Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I1e06864afc29ce7de463e62fa2a0eb6f70e8fd93

show more ...

build: enable C++20

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I6dd538f892d08636d66415d930063276948afabc

net_ipmi: initialize ipmiNetworkInstance to zero as default value

Close session failed like

```
Close Session command failed: Unspecified error
```

due to using `closeOtherNetInstanceSession` inst

net_ipmi: initialize ipmiNetworkInstance to zero as default value

Close session failed like

```
Close Session command failed: Unspecified error
```

due to using `closeOtherNetInstanceSession` instead of
`closeMyNetInstanceSession`.

After initializing ipmiNetworkInstance to zero by default, the issue is
resolved.

Tested:
Ran the following multiple times
```
for ((i=0; i<10; i++)); do
./ipmitool -I lanplus -H $IP_ADDRESS%usb0 \
-U root -P 0penBmc fru &
done
...

Before the change it will failed to close the session and run out of
available sessions.

For example,
```
Close Session command failed: Unspecified error
```

```
Error: Unable to establish IPMI v2 / RMCP+ session
```

After this change, no more errors and all close/create sessions are
successful.

Change-Id: Ibaf26fb2e554fa530542587b380891ee6f60ec0d
Signed-off-by: Willy Tu <wltu@google.com>

show more ...

Ensure device to be ready before service

`phosphor-ipmi-net@.service` doesn't wait until
`sys-subsystem-net-devices-%i.device` to be ready so that it's possible
to fail to start the service.

Tested

Ensure device to be ready before service

`phosphor-ipmi-net@.service` doesn't wait until
`sys-subsystem-net-devices-%i.device` to be ready so that it's possible
to fail to start the service.

Tested:
The service now starts after the device is active and thus service now
is able to run into active(running) without any issue.

Change-Id: I28dd312bde5077d2ceb9c7d741095f297e63d178
Signed-off-by: Tom Tung <shes050117@gmail.com>

show more ...

net-ipmid: Add sol conf change callback

Add a callback when the properties in interface
/xyz/openbmc_project/ipmi/sol/<eth name> was changed, update the sol
conf in sol manager.

Tested:
busctl set-

net-ipmid: Add sol conf change callback

Add a callback when the properties in interface
/xyz/openbmc_project/ipmi/sol/<eth name> was changed, update the sol
conf in sol manager.

Tested:
busctl set-property xyz.openbmc_project.Settings /xyz/openbmc_project/ipmi/sol/bond1 xyz.openbmc_project.Ipmi.SOL Enable b false

The callback was successfully called, and updated the sol manager conf.

Change-Id: Ie5949f6f701441275b849ade5ed4a50ea894b737
Signed-off-by: Jian Zhang <zhangjian.3032@bytedance.com>

show more ...

net-ipmid: sol: Remove set/get sol conf command

Move set/get sol config parameter command from net-ipmid to
host-ipmid, these commands could be set by other interface,
not Lan only.
In ipmi-host, wi

net-ipmid: sol: Remove set/get sol conf command

Move set/get sol config parameter command from net-ipmid to
host-ipmid, these commands could be set by other interface,
not Lan only.
In ipmi-host, will be achieved in transporthandler.

Notice:
In host-ipmid, will get/set the dbus properties only, need sol
manager register the signal to update sol manager when properties
changed.

Tested: Build OK, for details will describe in ipmi-host commit
message.

Change-Id: Iae79aa02a483e983c212d8cd617685fc33c64c67
Signed-off-by: Jian Zhang <zhangjian.3032@bytedance.com>

show more ...

Fix calling sol info command immediately after sol set command issue

Problem:
ipmitool sol info command doesn't reflect the value set by ipmitool sol set command after being called consecutively aft

Fix calling sol info command immediately after sol set command issue

Problem:
ipmitool sol info command doesn't reflect the value set by ipmitool sol set command after being called consecutively after ipmitool sol set command

Root Cause:
Lack of updating the latest dbus property value to sol mananger

Solution:
Add updateSOLParameter() method in getConfParams() function.

Test:

ipmitool -I lanplus -H BMC-IP -U BMC-user -P BMC-password -C 17 sol info
Info: SOL parameter 'Nonvolatile Bitrate (5)' not supported
Info: SOL parameter 'Volatile Bitrate (6)' not supported
Set in progress : set-complete
Enabled : true
Force Encryption : true
Privilege Level : USER
Character Accumulate Level (ms) : 100
Character Send Threshold : 1
Retry Count : 7
Retry Interval (ms) : 100
Volatile Bit Rate (kbps) : IPMI-Over-Serial-Setting
Non-Volatile Bit Rate (kbps) : IPMI-Over-Serial-Setting
Payload Channel : 1 (0x01)
Payload Port : 623

ipmitool -I lanplus -H BMC-IP -U BMC-user -P BMC-password -C 17 sol set character-accumulate-level 0x5

ipmitool -I lanplus -H BMC-IP -U BMC-user -P BMC-password -C 17 sol info
Info: SOL parameter 'Nonvolatile Bitrate (5)' not supported
Info: SOL parameter 'Volatile Bitrate (6)' not supported
Set in progress : set-complete
Enabled : true
Force Encryption : true
Force Authentication : true
Privilege Level : USER
Character Accumulate Level (ms) : 25
Character Send Threshold : 1
Retry Count : 7
Retry Interval (ms) : 100
Volatile Bit Rate (kbps) : IPMI-Over-Serial-Setting
Non-Volatile Bit Rate (kbps) : IPMI-Over-Serial-Setting
Payload Channel : 1 (0x01)

Character Accumulate Level (ms) = 25ms = character-accumulate-leverl * accIntervalFactor = 5 * 5

Signed-off-by: Connie Yin <conniey@ami.com>
Change-Id: I987c2f36492418e70dedf4c4f6448821f3c95f79

show more ...

Session cleaner is active until sessions close

The session cleaner needs to be active as long as there are active
sessions. This is what culls stale sessions, whether fully set up or
only a partial

Session cleaner is active until sessions close

The session cleaner needs to be active as long as there are active
sessions. This is what culls stale sessions, whether fully set up or
only a partial set up. The timeout needed for the next cleanup depends
on how many active sessions there are, with a faster cleanup time when
the BMC is short on resources, hoping to close idle sessions sooner.

Previously there was a corner case that did not get caught, which is
that if there is only one session, the cleaner would fail to run unless
another session started. This is because the first session would call
cleanup prior to fully activating the session, but then because it was
not activated, the cleanup code would not reschedule the cleaner.

Now the new session calls cleanup and then also schedules a clean for
later. But with each new session doing that, code needed to be added so
that during times of stress, the new sessions did not increase the next
cleaning timeout. So a new cleanup is only scheduled if one is not
already scheduled or if it is sooner than the currently scheduled
timeout.

Tested:
ran a single RMCPP connection and waited for an idle timeout
ran many concurrent RMCPP connections to see that the idle timeout
decreased as the number of sessions increased.

Change-Id: I33347f62b8a14835e711bd0e7dbe6e50bb8bce64
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

show more ...

Fix for closeSession with invalid session ID

Issue: If user trying to closeSession with invalid session ID, response
is incorrect and getting as "Unspecified error" (0xff).

Fix: Handle invalid sess

Fix for closeSession with invalid session ID

Issue: If user trying to closeSession with invalid session ID, response
is incorrect and getting as "Unspecified error" (0xff).

Fix: Handle invalid session ID/Handle using separate try cache blocks
and correct the response. i.e. Return "invalid Session ID in request"
(0x87) if user requests to close invalid session ID. Return "invalid
Session Handle in request" (0x88) if user requests to close invalid
session Handle.

Tested:
Verified using RMCPP command.
Command : ipmitool -I lanplus -H <BMC-IP> -U <Username> -P <pwd> -C 17
raw 0x06 0x3C 0x87 0x00 0xEC 0x8E //Close session command
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x3c rsp=0x87): Unknown (0x87)
Command : ipmitool -I lanplus -H <BMC-IP> -U <Username> -P <pwd> -C 17
raw 0x06 0x3C 0x0 0x0 0x0 0x0 0x80
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x3c rsp=0x88): Unknown (0x88)

Signed-off-by: Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: I97f57c7cc48efb17e561985b1f4964a8a15bf30e

show more ...

session_cmds: Validate reserved field content

In "Set Session Privilege Level Command" byte-1’s [7-4] bits and
"CALLBACK" privilege level also reserved. So return
"InvalidFieldRequest" when reserved

session_cmds: Validate reserved field content

In "Set Session Privilege Level Command" byte-1’s [7-4] bits and
"CALLBACK" privilege level also reserved. So return
"InvalidFieldRequest" when reserved content is non-zero.

Tested:
Verified using IPMI Command: Set Session Privilege Level Command
Command: ipmitool -I lanplus -H <BMC-IP> -U <usename> -P <pwd> -C 17
raw 0x06 0x3B 0x14
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x3b rsp=0xcc): Invalid data field in request
Command: ipmitool -I lanplus -H <BMC-IP> -U <usename> -P <pwd> -C 17
raw 0x06 0x3B 0x4
Response: 04
Command: ipmitool -I lanplus -H <BMC-IP> -U <usename> -P <pwd> -C 17
raw 0x06 0x3B 0x01 //Set Session Privilege Level for CALLBACK
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x3b rsp=0xcc): Invalid data field in request
Command: ipmitool -I lanplus -H <BMC-IP> -U <usename> -P <pwd> -C 17
raw 0x06 0x3B 0x05 //Set Session Privilege Level for OEM
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x3b rsp=0x81): Unknown (0x81)
Command: ipmitool -I lanplus -H <BMC-IP> -U <usename> -P <pwd> -C 17
raw 0x06 0x3B 0x06
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x3b rsp=0xcc): Invalid data field in request

Signed-off-by: Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: Id76b137112486bb4c617cfa7c861403ce6f6c060

show more ...

Add OWNERS file

Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: I9213ad4ab2762c85830e82500e6ea132d9a862bb

catch exceptions as const

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: If18cc0293b52ce5f7f8e068688aa17d28ed27d50

exception: switch to public sdbus exception

SdBusError was intended to be a private error type inside sdbusplus.
Switch all catch locations to use the general sdbusplus::exception type.

Signed-off-

exception: switch to public sdbus exception

SdBusError was intended to be a private error type inside sdbusplus.
Switch all catch locations to use the general sdbusplus::exception type.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I2ed759771f89c1e2e70accb0bee1f5cf0d7ac2c5

show more ...

command_table: fix duplicate definition of Value

The ipmid/types.hpp already has a Value definition which is
effectively the same as the one defined here, except for a few
additional variant types.

command_table: fix duplicate definition of Value

The ipmid/types.hpp already has a Value definition which is
effectively the same as the one defined here, except for a few
additional variant types. Use that one instead.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ia67c03f14170a43e27d86c46421a6d012f08c5e1

show more ...

Fix Klocwork Issue:bitwise operation size mismatch

Bitwise operation on different bit sizes.
Fixed by static_cast to larger integer size.

Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kum

Fix Klocwork Issue:bitwise operation size mismatch

Bitwise operation on different bit sizes.
Fixed by static_cast to larger integer size.

Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
Change-Id: I1f225e487f1b9f3a06fb992aa949fe1a229b5e91

show more ...

rakp12: Clear security sensitive data

As password is sensitive data Clear after use.

Tested:
Verified using ipmitool command
Command: ipmitool -I lanplus -C 17 -p 623 -U root -P <password> -H

rakp12: Clear security sensitive data

As password is sensitive data Clear after use.

Tested:
Verified using ipmitool command
Command: ipmitool -I lanplus -C 17 -p 623 -U root -P <password> -H
<BMC-IP> user list 1
Response: Displayed user list successfully.

Signed-off-by: Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: I662572855fcdc083009a5217042b1018990be9b8

show more ...

Log Redfish event for invalid login via RMCPP interface

This commit adds support for logging RedFish event log while user tries
to attempt login with invalid credentials.
When user trying to login w

Log Redfish event for invalid login via RMCPP interface

This commit adds support for logging RedFish event log while user tries
to attempt login with invalid credentials.
When user trying to login with invalid credentials on RMCP+ session
interface event should be logged in RedFish event log.
This is a requirement for system events auditing purpose.

Tested:
1. Login with wrong credentials on RMCP+ interface.
2. Verified RedFish event logged successfully.

"Members": [
{
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/1622785246",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "2021-06-04T05:40:46+00:00",
"EntryType": "Event",
"Id": "1622785246",
"Message": "Invalid username or password attempted on RMCPP.",
"MessageArgs": [
"RMCP+"
],
"MessageId": "OpenBMC.0.1.InvalidLoginAttempted",
"Name": "System Event Log Entry",
"Severity": "Warning"
}
],
"Members@odata.count": 1,
"Name": "System Event Log Entries"
}

3. Verified RedFish validator passed

Signed-off-by: sunitakx <sunitax.kumari@linux.intel.com>
Change-Id: I40b37ff5dd518c52d01b00196e8607c9762a17bf

show more ...

Add Get Channel Cipher Suites Command

Get Channel Cipher Suites Command is already implemented in
phosphor-ipmi-host, but it needs to be implemented in phosphor-ipmi-net
to be able to provide it as

Add Get Channel Cipher Suites Command

Get Channel Cipher Suites Command is already implemented in
phosphor-ipmi-host, but it needs to be implemented in phosphor-ipmi-net
to be able to provide it as a pre-session command for discovering the
available cipher suites before initiating the session.

Without this, ipmitool will have a ten second timeout while attempting
to get the list of available cipher suites. At the same time, netipmid
will show the following messages in the journal:

netipmid[8261]: Table: refuse to forward session-zero command

Tested: ran ipmitool and saw that it did not require a timeout
ipmitool -U <user> -P <pw> -I lanplus -H <host> mc info

Change-Id: Iec1b6fc3262647b82acce0cba607b99e86b74985
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

show more ...

make internal command functor match external

The internal command functor was getting passed a
const message::Handler& instead of a std::shared_ptr<message::Handler>
which will not work with an upco

make internal command functor match external

The internal command functor was getting passed a
const message::Handler& instead of a std::shared_ptr<message::Handler>
which will not work with an upcoming patch that needs the functor to be
able to modify the Handler object. Also, it is convenient to have the
same signature for both types of handlers.

Tested: run ipmitool to see that behavior does not change.

Change-Id: Ie8660e4d16bd66eccc282aef2594b88c25b847db
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

show more ...

replace tuple-based singleton with individual singletons

The tuple-based singletons did not actually enforce singleton behavior
and the requirement of the accessor mechanism to include all of the
me

replace tuple-based singleton with individual singletons

The tuple-based singletons did not actually enforce singleton behavior
and the requirement of the accessor mechanism to include all of the
member types at once was starting to cause a header prerequisite
tangle. This removes the cross-dependencies and enforces actual
singletons by making a single way to access the class.

Tested: Run ipmitool to show that behavior has not changed

Change-Id: Ie966e1142363d279365b1095066380c8383e9f9b
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

show more ...

Fix Klocwork Issue:bitwise operation size mismatch

Bitwise operation on different integer sizes.
Fixed by static_cast to larger integer size.

Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan

Fix Klocwork Issue:bitwise operation size mismatch

Bitwise operation on different integer sizes.
Fixed by static_cast to larger integer size.

Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
Change-Id: I71be855cbf621d768efe1a36b59b1f14e2c9635c

show more ...

MAINTAINERS: Replace IRC by DISCORD

Discord is becoming the chat server of choice.

Signed-off-by: Tom Joseph <rushtotom@gmail.com>
Change-Id: I8fdf144e3cb9f9c17c214af1bc14bb10ba6b2283

MAINTAINERS: update email/discord ID for Tom

Signed-off-by: Tom Joseph <rushtotom@gmail.com>
Change-Id: If8cdd7c7a986c8ba300b420adbae2423ce832ebf

Be more proactive at removing stale sessions

The maximum number of sessions is set to limit total resources that
netipmid is allowed to use. But it also opens a door to DoS attacks that
would use up

Be more proactive at removing stale sessions

The maximum number of sessions is set to limit total resources that
netipmid is allowed to use. But it also opens a door to DoS attacks that
would use up all the sessions and then never close them. This new
mechanism will allow extra sessions, especially if they are short and
active. As the number of sessions grows beyond the desired maximum, the
reaping time becomes shorter and shorter to ensure that only actual
active sessions are kept.

This introduces a variable max idle time that starts at 60s, according
to the IPMI spec, for up to the desired maximum number of sessions per
channel (currently 15). Beyond 15 sessions, The idle time is reduced
proportionally to the inverse^3 of the number of sessions beyond the
desired maximum.

Some sample maximum idle times for active sessions this new scheme:
Idle time for up to 15 sessions stays at 60s
Idle time for 16 sessions is reduced to 7.5s
Idle time for 20 sessions is reduced to 277ms
Idle time for 24 sessions is reduced to 60ms

For sessions in setup, the idle times are calculated the same as for
active sessions, but use the full session count (active and setup) and
are limited to a maximum idle time of 3 seconds.

One other feature added is to schedule session cleaning when a Close
Session command is received. Without this, sessions that are in the
shutDownPending state would live on for much longer than needed. Really,
the session only needs to live long enough to prepare the response
message, but curretly there is no mechanism to remove just that one
session from that context.

Tested: Open lots of sessions and wait for them to get reaped
$ for ((i=0; i<16; i++)); do \
ipmitool -C 17 -I lanplus -H $HOST -U $USR -P $PW sensor list & \
done
$ for ((i=0; i<10; i++)); do \
ipmitool -C 17 -I lanplus -H $HOST -U $USR -P $PW mc info & \
done

In this case, the first 16 sessions will open just fine, but with
a slightly shorted idle time (no problems). The next ten sessions
may or may not all get to open, because the number of setup
sessions open simultaneously will severely limit the idle time of
the setup sessions, causing some of them to fail to fully open.

Change-Id: Iae2e68c7192f3f5a2cafa8e825aa025454405c84
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

show more ...