Only allow IPMI1.5 for non-session requests
Some IPMI messages must be sent out-of-session in order to set up the
session. In order to be counted as out-of-session, they must use the
0x00000000 session ID. And the only IPMI1.5 packets that are allowed in
OpenBMC are the out-of-session messages used to initiate the RMCP+
sessions. This commit enforces that all messages that contain a non-zero
session ID must be a part of a valid session, which means they must be
RMCP2.0 messages because RMCP1.5 sessions are not supported.
Tested: 1) establish a session; send an RMCP1.5 message with that same
session ID and see that it gets rejected.
2) establish a session; send an RMCP2.0 message with a 0 session
ID and see that it gets rejected.
Change-Id: I01e33f1d8ea9b9c6972238eaaf1b032493f46953
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
diff --git a/command_table.cpp b/command_table.cpp
index 3dc531a..6779d55 100644
--- a/command_table.cpp
+++ b/command_table.cpp
@@ -52,6 +52,16 @@
{
CommandID command(inCommand);
+ // Do not forward any session zero commands to ipmid
+ if (handler->sessionID == session::sessionZero)
+ {
+ log<level::INFO>("Table: refuse to forward session-zero command",
+ entry("LUN=%x", command.lun()),
+ entry("NETFN=%x", command.netFn()),
+ entry("CMD=%x", command.cmd()));
+ return;
+ }
+
auto bus = getSdBus();
// forward the request onto the main ipmi queue
using IpmiDbusRspType = std::tuple<uint8_t, uint8_t, uint8_t, uint8_t,