lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 13 Dec 2022 08:41:44 -0800
From:   Alexander H Duyck <>
To:     Peter Delevoryas <>
Subject: Re: [PATCH] net/ncsi: Always use unicast source MAC address

On Mon, 2022-12-12 at 16:47 -0800, Peter Delevoryas wrote:
> I use QEMU for development, and I noticed that NC-SI packets get dropped by
> the Linux software bridge[1] because we use a broadcast source MAC address
> for the first few NC-SI packets.

Normally NC-SI packets should never be seen by a bridge. Isn't NC-SI
really supposed to just be between the BMC and the NIC firmware?
Depending on your setup it might make more sense to use something like
macvtap or a socket connection to just bypass the need for the bridge

> The spec requires that the destination MAC address is FF:FF:FF:FF:FF:FF,
> but it doesn't require anything about the source MAC address as far as I
> know. From testing on a few different NC-SI NIC's (Broadcom 57502, Nvidia
> CX4, CX6) I don't think it matters to the network card. I mean, Meta has
> been using this in mass production with millions of BMC's [2].
> In general, I think it's probably just a good idea to use a unicast MAC.

I'm not sure I agree there. What is the initial value of the address?
If I am not mistaken the gma_flag is used to indicate that the MAC
address has been acquired isn't it? If using the broadcast is an issue
the maybe an all 0's MAC address might be more appropriate. My main
concern would be that the dev_addr is not initialized for those first
few messages so you may be leaking information.

> This might have the effect of causing the NIC to learn 2 MAC addresses from
> an NC-SI link if the BMC uses OEM Get MAC Address commands to change its
> initial MAC address, but it shouldn't really matter. Who knows if NIC's
> even have MAC learning enabled from the out-of-band BMC link, lol.
> [1]:
> [2]:

The thing is the OpenBMC approach initializes the value themselves to
broadcast[3]. As a result the two code bases are essentially doing the
same thing since mac_addr is defaulted to the broadcast address when
the ncsi interface is registered.


> Signed-off-by: Peter Delevoryas <>
> ---
>  net/ncsi/ncsi-cmd.c | 10 +---------
>  1 file changed, 1 insertion(+), 9 deletions(-)
> diff --git a/net/ncsi/ncsi-cmd.c b/net/ncsi/ncsi-cmd.c
> index dda8b76b7798..fd090156cf0d 100644
> --- a/net/ncsi/ncsi-cmd.c
> +++ b/net/ncsi/ncsi-cmd.c
> @@ -377,15 +377,7 @@ int ncsi_xmit_cmd(struct ncsi_cmd_arg *nca)
>  	eh = skb_push(nr->cmd, sizeof(*eh));
>  	eh->h_proto = htons(ETH_P_NCSI);
>  	eth_broadcast_addr(eh->h_dest);
> -
> -	/* If mac address received from device then use it for
> -	 * source address as unicast address else use broadcast
> -	 * address as source address
> -	 */
> -	if (nca->ndp->gma_flag == 1)
> -		memcpy(eh->h_source, nca->ndp->>dev_addr, ETH_ALEN);
> -	else
> -		eth_broadcast_addr(eh->h_source);
> +	memcpy(eh->h_source, nca->ndp->>dev_addr, ETH_ALEN);
>  	/* Start the timer for the request that might not have
>  	 * corresponding response. Given NCSI is an internal

Powered by blists - more mailing lists