| draft-ietf-ipv6-rfc2013-update-02.txt | draft-ietf-ipv6-rfc2013-update-03.txt | |||
|---|---|---|---|---|
| IPv6 MIB Revision Design Team Bill Fenner | IPv6 MIB Revision Design Team Bill Fenner | |||
| INTERNET-DRAFT AT&T Research | INTERNET-DRAFT AT&T Research | |||
| Expires: May 2004 John Flick | Expires: October 2004 John Flick | |||
| Hewlett-Packard Company | Hewlett-Packard Company | |||
| November 2003 | April 2004 | |||
| Management Information Base | Management Information Base | |||
| for the User Datagram Protocol (UDP) | for the User Datagram Protocol (UDP) | |||
| draft-ietf-ipv6-rfc2013-update-02.txt | draft-ietf-ipv6-rfc2013-update-03.txt | |||
| Status of this Memo | Status of this Memo | |||
| This document is an Internet-Draft and is in full conformance with | This document is an Internet-Draft and is in full conformance with | |||
| all provisions of Section 10 of RFC2026. | all provisions of Section 10 of RFC2026. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as Internet- | other groups may also distribute working documents as Internet- | |||
| Drafts. | Drafts. | |||
| skipping to change at page 1, line 39 | skipping to change at page 1, line 40 | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This document is a product of the IPv6 MIB Revision Design Team. | This document is a product of the IPv6 MIB Revision Design Team. | |||
| Comments should be addressed to the authors, or to the mailing list | Comments should be addressed to the authors, or to the mailing list | |||
| at ipv6@ietf.org. | at ipv6@ietf.org. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (C) The Internet Society (2003). All Rights Reserved. | Copyright (C) The Internet Society (2004). All Rights Reserved. | |||
| Abstract | Abstract | |||
| This memo defines a portion of the Management Information Base (MIB) | This memo defines a portion of the Management Information Base (MIB) | |||
| for use with network management protocols in the Internet community. | for use with network management protocols in the Internet community. | |||
| In particular, it describes managed objects used for implementations | In particular, it describes managed objects used for implementations | |||
| of the User Datagram Protocol (UDP) in an IP version independent | of the User Datagram Protocol (UDP) in an IP version independent | |||
| manner. This memo obsoletes RFCs 2013 and 2454. | manner. This memo obsoletes RFCs 2013 and 2454. | |||
| Table of Contents | Table of Contents | |||
| 1. The Internet-Standard Management Framework ................. 4 | 1. The Internet-Standard Management Framework ................. 5 | |||
| 2. Overview ................................................... 5 | 2. Overview ................................................... 6 | |||
| 2.1. Relationship to Other MIBs ............................... 5 | 2.1. Relationship to Other MIBs ............................... 6 | |||
| 2.1.1. Relationship to RFC1213-MIB ............................ 5 | 2.1.1. Relationship to RFC1213-MIB ............................ 6 | |||
| 2.1.2. Relationship to the IPV6-UDP-MIB ....................... 6 | 2.1.2. Relationship to the IPV6-UDP-MIB ....................... 7 | |||
| 2.1.3. Relationship to HOST-RESOURCES-MIB and SYSAPPL-MIB ..... 6 | 2.1.3. Relationship to HOST-RESOURCES-MIB and SYSAPPL-MIB ..... 7 | |||
| 3. Definitions ................................................ 6 | 3. Definitions ................................................ 7 | |||
| 4. Intellectual Property ...................................... 15 | 4. Intellectual Property ...................................... 18 | |||
| 5. Acknowledgements ........................................... 16 | 5. Acknowledgements ........................................... 18 | |||
| 6. Contributers ............................................... 16 | 6. Contributers ............................................... 18 | |||
| 7. Normative References ....................................... 16 | 7. Normative References ....................................... 19 | |||
| 8. Informative References ..................................... 17 | 8. Informative References ..................................... 19 | |||
| 9. Security Considerations .................................... 17 | 9. Security Considerations .................................... 20 | |||
| 10. Editors Addresses ......................................... 18 | 10. Editors Addresses ......................................... 21 | |||
| 11. Full Copyright Statement .................................. 19 | 11. Full Copyright Statement .................................. 21 | |||
| Revision History | Revision History | |||
| [Note to RFC Editor: Please remove prior to publication] | [Note to RFC Editor: Please remove prior to publication] | |||
| Changes from draft-ietf-ipv6-rfc2013-update-02.txt | ||||
| 27 April 2004 | ||||
| Added text to section 2.1.2 to clarify why an equivalent to RFC | ||||
| 2454's ipv6UdpIfIndex is not required. | ||||
| Changed the text of the Security Considerations so that it no | ||||
| longer implies that udpEndpointLocalPort is readable, but is | ||||
| instead only returned as part of an index. | ||||
| Added an explicit reference to sysUpTime as a discontinuity | ||||
| indicator to the counter objects in the mib. | ||||
| Reworded the description of udpEndpointLocalAddress to indicate | ||||
| that it can be used to represent any address that the local | ||||
| system is listening to, not just addresses assigned to the | ||||
| system. | ||||
| Updated the description of InetAddress objects used as index | ||||
| elements to indicate the 128 octet limit. | ||||
| Added a note to the description of udpEndpointRemoteAddressType | ||||
| to indicate that some combinations of | ||||
| udpEndpointLocalAddressType and udpEndpointRemoteAddressType are | ||||
| not legal. | ||||
| Reverted udpEndpointInstance to not-accessible, since | ||||
| udpEndpointProcess is now a mandatory to implement object (to | ||||
| align with the TCP-MIB). | ||||
| Added text to the udpEndpointInstance description to describe | ||||
| why it is needed. | ||||
| Added pseudo OBJECT clauses to the description of | ||||
| udpMIBCompliance2 for udpEndpointLocalAddressType and | ||||
| udpEndpointRemoteAddressType. | ||||
| Removed udpEndpointInstance from the udpEndpointGroup, since it | ||||
| is now not-accessible, and added udpEndpointProcess to the | ||||
| udpEndpointGroup, since it is now mandatory. Removed the | ||||
| udpEndpointProcessGroup. | ||||
| Changes from draft-ietf-ipv6-rfc2013-update-00.txt | Changes from draft-ietf-ipv6-rfc2013-update-00.txt | |||
| 24 October 2003 | 24 October 2003 | |||
| Dropped udpEndpointInDatagrams, udpEndpointHCInDatagrams, | Dropped udpEndpointInDatagrams, udpEndpointHCInDatagrams, | |||
| udpEndpointOutDatagrams, udpEndpointHCOutDatagrams, | udpEndpointOutDatagrams, udpEndpointHCOutDatagrams, | |||
| udpEndpointInOctets, udpEndpointHCInOctets, | udpEndpointInOctets, udpEndpointHCInOctets, | |||
| udpEndpointOutOctets, udpEndpointHCOutOctets, and | udpEndpointOutOctets, udpEndpointHCOutOctets, and | |||
| udpEndpointStartTime. | udpEndpointStartTime. | |||
| skipping to change at page 5, line 28 | skipping to change at page 6, line 22 | |||
| udpHCOutDatagrams have been added to this group since the | udpHCOutDatagrams have been added to this group since the | |||
| publication of RFC 2013 in order to provide high-capacity | publication of RFC 2013 in order to provide high-capacity | |||
| counters for fast networks. | counters for fast networks. | |||
| - The udpEndpointTable provides access to status information for | - The udpEndpointTable provides access to status information for | |||
| all UDP endpoints handled by a UDP protocol engine. The table | all UDP endpoints handled by a UDP protocol engine. The table | |||
| provides for strictly listening endpoints, as with the | provides for strictly listening endpoints, as with the | |||
| historical udpTable, and also for "connected" UDP endpoints, | historical udpTable, and also for "connected" UDP endpoints, | |||
| which only accept packets from a given remote system. It also | which only accept packets from a given remote system. It also | |||
| reports identification of the operating system level processes | reports identification of the operating system level processes | |||
| which handles UDP connections. | which handle UDP connections. | |||
| 2.1. Relationship to Other MIBs | 2.1. Relationship to Other MIBs | |||
| This section discusses the relationship of this UDP-MIB module to | This section discusses the relationship of this UDP-MIB module to | |||
| other MIB modules. | other MIB modules. | |||
| 2.1.1. Relationship to RFC1213-MIB | 2.1.1. Relationship to RFC1213-MIB | |||
| UDP related MIB objects were originally defined as part of the | UDP related MIB objects were originally defined as part of the | |||
| RFC1213-MIB defined in RFC 1213 [RFC1213]. The UDP related objects of | RFC1213-MIB defined in RFC 1213 [RFC1213]. The UDP related objects of | |||
| skipping to change at page 6, line 23 | skipping to change at page 7, line 15 | |||
| udpEndpointTable thus allows for the addition of specific status | udpEndpointTable thus allows for the addition of specific status | |||
| and statistic objects for "connected" endpoints and connections. | and statistic objects for "connected" endpoints and connections. | |||
| 2.1.2. Relationship to the IPV6-UDP-MIB | 2.1.2. Relationship to the IPV6-UDP-MIB | |||
| The IPV6-UDP-MIB defined in RFC 2454 has been moved to Historic since | The IPV6-UDP-MIB defined in RFC 2454 has been moved to Historic since | |||
| the approach of having separate IP version specific tables is not | the approach of having separate IP version specific tables is not | |||
| followed anymore. Implementation of RFC 2454 is thus not suggested | followed anymore. Implementation of RFC 2454 is thus not suggested | |||
| anymore. | anymore. | |||
| Note that since scoped addresses are now represented using the ipv4z | ||||
| and ipv6z address types, there is no longer a need to explicitly | ||||
| include the ifIndex in the index clause of the udpEndpointTable. | ||||
| This is a change from the use of ipv6UdpIfIndex in RFC 2454. | ||||
| 2.1.3. Relationship to HOST-RESOURCES-MIB and SYSAPPL-MIB | 2.1.3. Relationship to HOST-RESOURCES-MIB and SYSAPPL-MIB | |||
| The udpEndpointTable reports the identification of the operating | The udpEndpointTable reports the identification of the operating | |||
| system level process which handles a connection or a listening | system level process which handles a connection or a listening | |||
| endpoint. The value is reported as an Unsigned32 which is expected to | endpoint. The value is reported as an Unsigned32 which is expected to | |||
| be the same as the hrSWRunIndex of the HOST-RESOURCES-MIB [RFC2790] | be the same as the hrSWRunIndex of the HOST-RESOURCES-MIB [RFC2790] | |||
| (if the value is smaller than 2147483647) or the sysApplElmtRunIndex | (if the value is smaller than 2147483647) or the sysApplElmtRunIndex | |||
| of the SYSAPPL-MIB [RFC2287]. This allows managment applications to | of the SYSAPPL-MIB [RFC2287]. This allows managment applications to | |||
| identify the UDP connections that belong to an operating system level | identify the UDP connections that belong to an operating system level | |||
| process, which has proven to be valuable in operational environments. | process, which has proven to be valuable in operational environments. | |||
| skipping to change at page 6, line 46 | skipping to change at page 7, line 43 | |||
| UDP-MIB DEFINITIONS ::= BEGIN | UDP-MIB DEFINITIONS ::= BEGIN | |||
| IMPORTS | IMPORTS | |||
| MODULE-IDENTITY, OBJECT-TYPE, Integer32, Counter32, Counter64, | MODULE-IDENTITY, OBJECT-TYPE, Integer32, Counter32, Counter64, | |||
| Unsigned32, IpAddress, mib-2 FROM SNMPv2-SMI | Unsigned32, IpAddress, mib-2 FROM SNMPv2-SMI | |||
| MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF | MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF | |||
| InetAddress, InetAddressType, | InetAddress, InetAddressType, | |||
| InetPortNumber FROM INET-ADDRESS-MIB; | InetPortNumber FROM INET-ADDRESS-MIB; | |||
| udpMIB MODULE-IDENTITY | udpMIB MODULE-IDENTITY | |||
| LAST-UPDATED "200310240000Z" -- October 24, 2003 | LAST-UPDATED "200404270000Z" -- April 27, 2004 | |||
| ORGANIZATION "IETF IPv6 Working Group | ORGANIZATION | |||
| http://www.ietf.org/htmp.charters/ipv6-charter.html" | "IETF IPv6 Working Group | |||
| http://www.ietf.org/htmp.lharters/ipv6-charter.html" | ||||
| CONTACT-INFO | CONTACT-INFO | |||
| "Bill Fenner (editor) | "Bill Fenner (editor) | |||
| AT&T Labs -- Research | AT&T Labs -- Research | |||
| 75 Willow Rd. | 75 Willow Rd. | |||
| Menlo Park, CA 94025 | Menlo Park, CA 94025 | |||
| Phone: +1 650 330-7893 | Phone: +1 650 330-7893 | |||
| Email: <fenner@research.att.com> | Email: <fenner@research.att.com> | |||
| John Flick (editor) | John Flick (editor) | |||
| Hewlett-Packard Company | Hewlett-Packard Company | |||
| skipping to change at page 7, line 18 | skipping to change at page 8, line 17 | |||
| Phone: +1 650 330-7893 | Phone: +1 650 330-7893 | |||
| Email: <fenner@research.att.com> | Email: <fenner@research.att.com> | |||
| John Flick (editor) | John Flick (editor) | |||
| Hewlett-Packard Company | Hewlett-Packard Company | |||
| 8000 Foothills Blvd. M/S 5557 | 8000 Foothills Blvd. M/S 5557 | |||
| Roseville, CA 95747 | Roseville, CA 95747 | |||
| Phone: +1 916 785 4018 | Phone: +1 916 785 4018 | |||
| Email: <johnf@rose.hp.com>" | Email: <johnf@rose.hp.com> | |||
| Send comments to <ipv6@ietf.org>" | ||||
| DESCRIPTION | DESCRIPTION | |||
| "The MIB module for managing UDP implementations. | "The MIB module for managing UDP implementations. | |||
| Copyright (C) The Internet Society (2003). This | Copyright (C) The Internet Society (2004). This | |||
| version of this MIB module is part of RFC XXXX; | version of this MIB module is part of RFC XXXX; | |||
| see the RFC itself for full legal notices. | see the RFC itself for full legal notices." | |||
| -- RFC Ed.: Replace XXXX with the actual RFC number & remove | -- RFC Ed.: Replace XXXX with actual RFC number & remove note | |||
| -- this note" | REVISION "200404270000Z" -- April 27, 2004 | |||
| REVISION "200310240000Z" -- October 24, 2003 | ||||
| DESCRIPTION | DESCRIPTION | |||
| "IP version neutral revision, published as RFC XXXX." | "IP version neutral revision, published as RFC XXXX." | |||
| -- RFC Ed.: Replace XXXX with the actual RFC number & remove | -- RFC Ed.: Replace XXXX with actual RFC number & remove note | |||
| -- this note" | ||||
| REVISION "199411010000Z" -- November 1, 1994 | REVISION "199411010000Z" -- November 1, 1994 | |||
| DESCRIPTION | DESCRIPTION | |||
| "Initial SMIv2 version, published as RFC 2013." | "Initial SMIv2 version, published as RFC 2013." | |||
| REVISION "199103310000Z" -- March 31, 1991 | REVISION "199103310000Z" -- March 31, 1991 | |||
| DESCRIPTION | DESCRIPTION | |||
| "The initial revision of this MIB module was part of MIB-II." | "The initial revision of this MIB module was part of | |||
| MIB-II." | ||||
| ::= { mib-2 50 } | ::= { mib-2 50 } | |||
| -- the UDP group | -- the UDP group | |||
| udp OBJECT IDENTIFIER ::= { mib-2 7 } | udp OBJECT IDENTIFIER ::= { mib-2 7 } | |||
| udpInDatagrams OBJECT-TYPE | udpInDatagrams OBJECT-TYPE | |||
| SYNTAX Counter32 | SYNTAX Counter32 | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The total number of UDP datagrams delivered to UDP users." | "The total number of UDP datagrams delivered to UDP | |||
| users. | ||||
| Discontinuities in the value of this counter can occur | ||||
| at re-initialization of the management system, and at | ||||
| other times as indicated by discontinuities in the | ||||
| value of sysUpTime." | ||||
| ::= { udp 1 } | ::= { udp 1 } | |||
| udpNoPorts OBJECT-TYPE | udpNoPorts OBJECT-TYPE | |||
| SYNTAX Counter32 | SYNTAX Counter32 | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The total number of received UDP datagrams for which there | "The total number of received UDP datagrams for which | |||
| was no application at the destination port." | there was no application at the destination port. | |||
| Discontinuities in the value of this counter can occur | ||||
| at re-initialization of the management system, and at | ||||
| other times as indicated by discontinuities in the | ||||
| value of sysUpTime." | ||||
| ::= { udp 2 } | ::= { udp 2 } | |||
| udpInErrors OBJECT-TYPE | udpInErrors OBJECT-TYPE | |||
| SYNTAX Counter32 | SYNTAX Counter32 | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The number of received UDP datagrams that could not be | "The number of received UDP datagrams that could not be | |||
| delivered for reasons other than the lack of an application | delivered for reasons other than the lack of an | |||
| at the destination port." | application at the destination port. | |||
| Discontinuities in the value of this counter can occur | ||||
| at re-initialization of the management system, and at | ||||
| other times as indicated by discontinuities in the | ||||
| value of sysUpTime." | ||||
| ::= { udp 3 } | ::= { udp 3 } | |||
| udpOutDatagrams OBJECT-TYPE | udpOutDatagrams OBJECT-TYPE | |||
| SYNTAX Counter32 | SYNTAX Counter32 | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The total number of UDP datagrams sent from this entity." | "The total number of UDP datagrams sent from this | |||
| ::= { udp 4 } | entity. | |||
| Discontinuities in the value of this counter can occur | ||||
| at re-initialization of the management system, and at | ||||
| other times as indicated by discontinuities in the | ||||
| value of sysUpTime." | ||||
| ::= { udp 4 } | ||||
| udpHCInDatagrams OBJECT-TYPE | udpHCInDatagrams OBJECT-TYPE | |||
| SYNTAX Counter64 | SYNTAX Counter64 | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The total number of UDP datagrams delivered to UDP users, | "The total number of UDP datagrams delivered to UDP | |||
| for devices which can receive more than 1 million UDP | users, for devices which can receive more than 1 | |||
| datagrams per second." | million UDP datagrams per second. | |||
| Discontinuities in the value of this counter can occur | ||||
| at re-initialization of the management system, and at | ||||
| other times as indicated by discontinuities in the | ||||
| value of sysUpTime." | ||||
| ::= { udp 8 } | ::= { udp 8 } | |||
| udpHCOutDatagrams OBJECT-TYPE | udpHCOutDatagrams OBJECT-TYPE | |||
| SYNTAX Counter64 | SYNTAX Counter64 | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The total number of UDP datagrams sent from this entity, for | "The total number of UDP datagrams sent from this | |||
| devices which can transmit more than 1 million UDP datagrams | entity, for devices which can transmit more than 1 | |||
| per second." | million UDP datagrams per second. | |||
| Discontinuities in the value of this counter can occur | ||||
| at re-initialization of the management system, and at | ||||
| other times as indicated by discontinuities in the | ||||
| value of sysUpTime." | ||||
| ::= { udp 9 } | ::= { udp 9 } | |||
| -- | -- | |||
| -- { udp 6 } was defined as the ipv6UdpTable in RFC2454's IPV6-UDP-MIB. | -- { udp 6 } was defined as the ipv6UdpTable in RFC2454's | |||
| -- This RFC obsoletes RFC 2454, so { udp 6 } is obsoleted. | -- IPV6-UDP-MIB. This RFC obsoletes RFC 2454, so { udp 6 } is | |||
| -- obsoleted. | ||||
| -- | -- | |||
| -- The UDP "Endpoint" table. | -- The UDP "Endpoint" table. | |||
| udpEndpointTable OBJECT-TYPE | udpEndpointTable OBJECT-TYPE | |||
| SYNTAX SEQUENCE OF UdpEndpointEntry | SYNTAX SEQUENCE OF UdpEndpointEntry | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "A table containing information about this entity's UDP | "A table containing information about this entity's UDP | |||
| endpoints on which a local application is currently | endpoints on which a local application is currently | |||
| accepting or sending datagrams. | accepting or sending datagrams. | |||
| The address type in this table represents the address type | The address type in this table represents the address | |||
| used for the communication, irrespective of the higher-layer | type used for the communication, irrespective of the | |||
| abstraction. For example, an application using IPv6 | higher-layer abstraction. For example, an application | |||
| 'sockets' to communicate via IPv4 between ::ffff:10.0.0.1 | using IPv6 'sockets' to communicate via IPv4 between | |||
| and ::ffff:10.0.0.2 would use InetAddressType ipv4(1). | ::ffff:10.0.0.1 and ::ffff:10.0.0.2 would use | |||
| InetAddressType ipv4(1). | ||||
| Unlike the udpTable in RFC 2013, this table also allows the | Unlike the udpTable in RFC 2013, this table also allows | |||
| representation of an application which completely specifies | the representation of an application which completely | |||
| both local and remote addresses and ports. A listening | specifies both local and remote addresses and ports. A | |||
| application is represented in three possible ways: | listening application is represented in three possible | |||
| ways: | ||||
| 1) an application which is willing to accept both IPv4 and | 1) an application which is willing to accept both IPv4 | |||
| IPv6 datagrams is represented by a | and IPv6 datagrams is represented by a | |||
| udpEndpointLocalAddressType of unknown(0) and | udpEndpointLocalAddressType of unknown(0) and | |||
| udpEndpointLocalAddress of ''h (a zero-length | udpEndpointLocalAddress of ''h (a zero-length | |||
| octet-string). | octet-string). | |||
| 2) an application which is willing to accept only IPv4 or | 2) an application which is willing to accept only IPv4 | |||
| only IPv6 datagrams is represented by a | or only IPv6 datagrams is represented by a | |||
| udpEndpointLocalAddressType of the appropriate address | udpEndpointLocalAddressType of the appropriate | |||
| type, and udpEndpointLocalAddress of ''h (a zero-length | address type, and udpEndpointLocalAddress of ''h (a | |||
| octet-string). | zero-length octet-string). | |||
| 3) an application which is listening for datagrams only for | 3) an application which is listening for datagrams only | |||
| a specific IP address, but from any remote system, is | for a specific IP address, but from any remote | |||
| repesented by a udpEndpointLocalAddressType of the | system, is repesented by a | |||
| appropriate address type, udpEndpointLocalAddress | udpEndpointLocalAddressType of the appropriate | |||
| specifying the local address. | address type, udpEndpointLocalAddress specifying the | |||
| local address. | ||||
| In all cases where the remote is a wildcard, the | In all cases where the remote is a wildcard, the | |||
| udpEndpointRemoteAddressType is unknown(0), the | udpEndpointRemoteAddressType is unknown(0), the | |||
| udpEndpointRemoteAdderess is ''h (a zero-length | udpEndpointRemoteAddress is ''h (a zero-length | |||
| octet-string), and the udpEndpointRemotePort is 0. | octet-string), and the udpEndpointRemotePort is 0. | |||
| If the operating system is demultiplexing UDP packets by | If the operating system is demultiplexing UDP packets | |||
| remote address and port, or if the application has | by remote address and port, or if the application has | |||
| 'connected' the socket specifying a default remote address | 'connected' the socket specifying a default remote | |||
| and port, the udpEndpointRemote* values should be used to | address and port, the udpEndpointRemote* values should | |||
| reflect this." | be used to reflect this." | |||
| ::= { udp 7 } | ::= { udp 7 } | |||
| udpEndpointEntry OBJECT-TYPE | udpEndpointEntry OBJECT-TYPE | |||
| SYNTAX UdpEndpointEntry | SYNTAX UdpEndpointEntry | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Information about a particular current UDP endpoint. | "Information about a particular current UDP endpoint. | |||
| Implementers need to be aware that if the total number | Implementers need to be aware that if the total number | |||
| skipping to change at page 10, line 50 | skipping to change at page 12, line 37 | |||
| udpEndpointRemotePort InetPortNumber, | udpEndpointRemotePort InetPortNumber, | |||
| udpEndpointInstance Unsigned32, | udpEndpointInstance Unsigned32, | |||
| udpEndpointProcess Unsigned32 | udpEndpointProcess Unsigned32 | |||
| } | } | |||
| udpEndpointLocalAddressType OBJECT-TYPE | udpEndpointLocalAddressType OBJECT-TYPE | |||
| SYNTAX InetAddressType | SYNTAX InetAddressType | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The address type of udpEndpointLocalAddress. Only IPv4, | "The address type of udpEndpointLocalAddress. Only | |||
| IPv4z, IPv6 and IPv6z addresses are expected, or | IPv4, IPv4z, IPv6 and IPv6z addresses are expected, or | |||
| unknown(0) if datagrams for all local IP addresses are | unknown(0) if datagrams for all local IP addresses are | |||
| accepted." | accepted." | |||
| ::= { udpEndpointEntry 1 } | ::= { udpEndpointEntry 1 } | |||
| udpEndpointLocalAddress OBJECT-TYPE | udpEndpointLocalAddress OBJECT-TYPE | |||
| SYNTAX InetAddress | SYNTAX InetAddress | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The local IP address for this UDP endpoint. This is either | "The local IP address for this UDP endpoint. This is | |||
| one of the IP addresses assigned to the system, or a null | either one of the IP addresses for which this node is | |||
| octet-string (''h) to represent that datagrams destined to | receiving packets, or a null octet-string (''h) to | |||
| any address assigned to the system of an IP version | represent that datagrams destined to any address to | |||
| which the system is listening of an IP version | ||||
| consistent with udpEndpointLocalAddressType (or any IP | consistent with udpEndpointLocalAddressType (or any IP | |||
| version, if udpEndpointLocalAddressType is unknown(0)) will | version, if udpEndpointLocalAddressType is unknown(0)) | |||
| be accepted." | will be accepted. | |||
| As this object is used in the index for the | ||||
| udpEndpointTable, implementors of this table should be | ||||
| careful not to create entries that would result in OIDs | ||||
| with more than 128 subidentifiers; else the information | ||||
| cannot be accessed using SNMPv1, SNMPv2c or SNMPv3." | ||||
| ::= { udpEndpointEntry 2 } | ::= { udpEndpointEntry 2 } | |||
| udpEndpointLocalPort OBJECT-TYPE | udpEndpointLocalPort OBJECT-TYPE | |||
| SYNTAX InetPortNumber | SYNTAX InetPortNumber | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The local port number for this UDP endpoint." | "The local port number for this UDP endpoint." | |||
| ::= { udpEndpointEntry 3 } | ::= { udpEndpointEntry 3 } | |||
| udpEndpointRemoteAddressType OBJECT-TYPE | udpEndpointRemoteAddressType OBJECT-TYPE | |||
| SYNTAX InetAddressType | SYNTAX InetAddressType | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The address type of udpEndpointRemoteAddress. Only IPv4, | "The address type of udpEndpointRemoteAddress. Only | |||
| IPv4z, IPv6 and IPv6 addresses are expected, or | IPv4, IPv4z, IPv6 and IPv6z addresses are expected, or | |||
| unknown(0) if datagrams for all remote IP addresses are | unknown(0) if datagrams for all remote IP addresses are | |||
| accepted." | accepted. Also, note that some combinations of | |||
| udpEndpointLocalAdressType and | ||||
| udpEndpointRemoteAddressType are not supported. In | ||||
| particular, if the value of this object is not | ||||
| unknown(0), it is expected to always refer to the | ||||
| same IP version as udpEndpointLocalAddressType." | ||||
| ::= { udpEndpointEntry 4 } | ::= { udpEndpointEntry 4 } | |||
| udpEndpointRemoteAddress OBJECT-TYPE | udpEndpointRemoteAddress OBJECT-TYPE | |||
| SYNTAX InetAddress | SYNTAX InetAddress | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The remote IP address for this UDP endpoint. If datagrams | "The remote IP address for this UDP endpoint. If | |||
| from any remote system are to be accepted, this value is ''h | datagrams from any remote system are to be accepted, | |||
| (a zero-length octet-string). Otherwise, it has the type | this value is ''h (a zero-length octet-string). | |||
| described by udpEndpointRemoteAddressType, and is the | Otherwise, it has the type described by | |||
| address of the remote system from which datagrams are to be | udpEndpointRemoteAddressType, and is the address of the | |||
| accepted (or to which all datagrams will be sent)." | remote system from which datagrams are to be accepted | |||
| (or to which all datagrams will be sent). | ||||
| As this object is used in the index for the | ||||
| udpEndpointTable, implementors of this table should be | ||||
| careful not to create entries that would result in OIDs | ||||
| with more than 128 subidentifiers; else the information | ||||
| cannot be accessed using SNMPv1, SNMPv2c or SNMPv3." | ||||
| ::= { udpEndpointEntry 5 } | ::= { udpEndpointEntry 5 } | |||
| udpEndpointRemotePort OBJECT-TYPE | udpEndpointRemotePort OBJECT-TYPE | |||
| SYNTAX InetPortNumber | SYNTAX InetPortNumber | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The remote port number for this UDP endpoint. If datagrams | "The remote port number for this UDP endpoint. If | |||
| from any remote system are to be accepted, this value is | datagrams from any remote system are to be accepted, | |||
| zero." | this value is zero." | |||
| ::= { udpEndpointEntry 6 } | ::= { udpEndpointEntry 6 } | |||
| udpEndpointInstance OBJECT-TYPE | udpEndpointInstance OBJECT-TYPE | |||
| SYNTAX Unsigned32 (1..'ffffffff'h) | SYNTAX Unsigned32 (1..'ffffffff'h) | |||
| MAX-ACCESS read-only | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The instance of this tuple. This object is used to | "The instance of this tuple. This object is used to | |||
| distinguish between multiple processes 'connected' to the | distinguish between multiple processes 'connected' to | |||
| same UDP endpoint." | the same UDP endpoint. For example, on a system | |||
| implementing the BSD sockets interface, this would be | ||||
| used to support the SO_REUSEADDR and SO_REUSEPORT | ||||
| socket options." | ||||
| ::= { udpEndpointEntry 7 } | ::= { udpEndpointEntry 7 } | |||
| udpEndpointProcess OBJECT-TYPE | udpEndpointProcess OBJECT-TYPE | |||
| SYNTAX Unsigned32 | SYNTAX Unsigned32 | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The system's process ID for the process associated with this | "The system's process ID for the process associated with | |||
| endpoint, or zero if there is no such process. This value | this endpoint, or zero if there is no such process. | |||
| is expected to be the same as | This value is expected to be the same as | |||
| HOST-RESOURCES-MIB::hrSWRunIndex or | HOST-RESOURCES-MIB::hrSWRunIndex or SYSAPPL-MIB:: | |||
| SYSAPPL-MIB::sysApplElmtRunIndex for some row in the | sysApplElmtRunIndex for some row in the appropriate | |||
| appropriate tables." | tables." | |||
| ::= { udpEndpointEntry 8 } | ::= { udpEndpointEntry 8 } | |||
| -- The deprecated UDP Listener table | -- The deprecated UDP Listener table | |||
| -- The deprecated UDP listener table only contains information about this | -- The deprecated UDP listener table only contains information | |||
| -- entity's IPv4 UDP end-points on which a local application is | -- about this entity's IPv4 UDP end-points on which a local | |||
| -- currently accepting datagrams. It does not provide more detailed | -- application is currently accepting datagrams. It does not | |||
| -- connection information, or information about IPv6 endpoints. | -- provide more detailed connection information, or information | |||
| -- about IPv6 endpoints. | ||||
| udpTable OBJECT-TYPE | udpTable OBJECT-TYPE | |||
| SYNTAX SEQUENCE OF UdpEntry | SYNTAX SEQUENCE OF UdpEntry | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS deprecated | STATUS deprecated | |||
| DESCRIPTION | DESCRIPTION | |||
| "A table containing IPv4-specific UDP listener information. | "A table containing IPv4-specific UDP listener | |||
| It contains information about all local IPv4 UDP end-points | information. It contains information about all local | |||
| on which an application is currently accepting datagrams. | IPv4 UDP end-points on which an application is | |||
| currently accepting datagrams. This table has been | ||||
| This table has been deprecated in favor of the version | deprecated in favor of the version neutral | |||
| neutral udpEndpointTable." | udpEndpointTable." | |||
| ::= { udp 5 } | ::= { udp 5 } | |||
| udpEntry OBJECT-TYPE | udpEntry OBJECT-TYPE | |||
| SYNTAX UdpEntry | SYNTAX UdpEntry | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS deprecated | STATUS deprecated | |||
| DESCRIPTION | DESCRIPTION | |||
| "Information about a particular current UDP listener." | "Information about a particular current UDP listener." | |||
| INDEX { udpLocalAddress, udpLocalPort } | INDEX { udpLocalAddress, udpLocalPort } | |||
| ::= { udpTable 1 } | ::= { udpTable 1 } | |||
| skipping to change at page 13, line 28 | skipping to change at page 15, line 39 | |||
| UdpEntry ::= SEQUENCE { | UdpEntry ::= SEQUENCE { | |||
| udpLocalAddress IpAddress, | udpLocalAddress IpAddress, | |||
| udpLocalPort Integer32 | udpLocalPort Integer32 | |||
| } | } | |||
| udpLocalAddress OBJECT-TYPE | udpLocalAddress OBJECT-TYPE | |||
| SYNTAX IpAddress | SYNTAX IpAddress | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS deprecated | STATUS deprecated | |||
| DESCRIPTION | DESCRIPTION | |||
| "The local IP address for this UDP listener. In the case of | "The local IP address for this UDP listener. In the | |||
| a UDP listener which is willing to accept datagrams for any | case of a UDP listener which is willing to accept | |||
| IP interface associated with the node, the value 0.0.0.0 is | datagrams for any IP interface associated with the | |||
| used." | node, the value 0.0.0.0 is used." | |||
| ::= { udpEntry 1 } | ::= { udpEntry 1 } | |||
| udpLocalPort OBJECT-TYPE | udpLocalPort OBJECT-TYPE | |||
| SYNTAX Integer32 (0..65535) | SYNTAX Integer32 (0..65535) | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS deprecated | STATUS deprecated | |||
| DESCRIPTION | DESCRIPTION | |||
| "The local port number for this UDP listener." | "The local port number for this UDP listener." | |||
| ::= { udpEntry 2 } | ::= { udpEntry 2 } | |||
| -- conformance information | -- conformance information | |||
| udpMIBConformance OBJECT IDENTIFIER ::= { udpMIB 2 } | udpMIBConformance OBJECT IDENTIFIER ::= { udpMIB 2 } | |||
| udpMIBCompliances OBJECT IDENTIFIER ::= { udpMIBConformance 1 } | udpMIBCompliances OBJECT IDENTIFIER ::= { udpMIBConformance 1 } | |||
| udpMIBGroups OBJECT IDENTIFIER ::= { udpMIBConformance 2 } | udpMIBGroups OBJECT IDENTIFIER ::= { udpMIBConformance 2 } | |||
| -- compliance statements | -- compliance statements | |||
| udpMIBCompliance2 MODULE-COMPLIANCE | udpMIBCompliance2 MODULE-COMPLIANCE | |||
| skipping to change at page 14, line 5 | skipping to change at page 16, line 16 | |||
| udpMIBConformance OBJECT IDENTIFIER ::= { udpMIB 2 } | udpMIBConformance OBJECT IDENTIFIER ::= { udpMIB 2 } | |||
| udpMIBCompliances OBJECT IDENTIFIER ::= { udpMIBConformance 1 } | udpMIBCompliances OBJECT IDENTIFIER ::= { udpMIBConformance 1 } | |||
| udpMIBGroups OBJECT IDENTIFIER ::= { udpMIBConformance 2 } | udpMIBGroups OBJECT IDENTIFIER ::= { udpMIBConformance 2 } | |||
| -- compliance statements | -- compliance statements | |||
| udpMIBCompliance2 MODULE-COMPLIANCE | udpMIBCompliance2 MODULE-COMPLIANCE | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The compliance statement for systems which implement UDP." | "The compliance statement for systems which implement | |||
| UDP. | ||||
| There are a number of INDEX objects that cannot be | ||||
| represented in the form of OBJECT clauses in SMIv2, but | ||||
| for which we have the following compliance | ||||
| requirements, expressed in OBJECT clause form in this | ||||
| description clause: | ||||
| -- OBJECT udpEndpointLocalAddressType | ||||
| -- SYNTAX InetAddressType { unknown(0), ipv4(1), | ||||
| -- ipv6(2), ipv4z(3), | ||||
| -- ipv6z(4) } | ||||
| -- DESCRIPTION | ||||
| -- Support for dns(5) is not required. | ||||
| -- OBJECT udpEndpointRemoteAddressType | ||||
| -- SYNTAX InetAddressType { unknown(0), ipv4(1), | ||||
| -- ipv6(2), ipv4z(3), | ||||
| -- ipv6z(4) } | ||||
| -- DESCRIPTION | ||||
| -- Support for dns(5) is not required. | ||||
| " | ||||
| MODULE -- this module | MODULE -- this module | |||
| MANDATORY-GROUPS { udpBaseGroup, udpEndpointGroup } | MANDATORY-GROUPS { udpBaseGroup, udpEndpointGroup } | |||
| GROUP udpHCGroup | GROUP udpHCGroup | |||
| DESCRIPTION | DESCRIPTION | |||
| "This group is mandatory for those systems which are | "This group is mandatory for those systems which | |||
| capable of receiving or transmitting more than 1 | are capable of receiving or transmitting more than | |||
| million UDP datagrams per second. 1 million datagrams | 1 million UDP datagrams per second. 1 million | |||
| per second will cause a Counter32 to wrap in just over | datagrams per second will cause a Counter32 to | |||
| an hour." | wrap in just over an hour." | |||
| GROUP udpEndpointProcessGroup | ||||
| DESCRIPTION | ||||
| "This group is mandatory for systems which implement a | ||||
| 'process ID' concept, in particular those that also | ||||
| implement the HOST-RESOURCES-MIB or SYSAPPL-MIB." | ||||
| ::= { udpMIBCompliances 2 } | ::= { udpMIBCompliances 2 } | |||
| udpMIBCompliance MODULE-COMPLIANCE | udpMIBCompliance MODULE-COMPLIANCE | |||
| STATUS deprecated | STATUS deprecated | |||
| DESCRIPTION | DESCRIPTION | |||
| "The compliance statement for IPv4-only systems which | "The compliance statement for IPv4-only systems which | |||
| implement UDP. For IP version independence, this compliance | implement UDP. For IP version independence, this | |||
| statement is deprecated in favor of udpMIBCompliance2. | compliance statement is deprecated in favor of | |||
| However, agents are still encouraged to implement these | udpMIBCompliance2. However, agents are still | |||
| objects in order to interoperate with the deployed base | encouraged to implement these objects in order to | |||
| of managers." | interoperate with the deployed base of managers." | |||
| MODULE -- this module | MODULE -- this module | |||
| MANDATORY-GROUPS { udpGroup } | MANDATORY-GROUPS { udpGroup } | |||
| ::= { udpMIBCompliances 1 } | ::= { udpMIBCompliances 1 } | |||
| -- units of conformance | -- units of conformance | |||
| udpGroup OBJECT-GROUP | udpGroup OBJECT-GROUP | |||
| OBJECTS { udpInDatagrams, udpNoPorts, | OBJECTS { udpInDatagrams, udpNoPorts, | |||
| udpInErrors, udpOutDatagrams, | udpInErrors, udpOutDatagrams, | |||
| udpLocalAddress, udpLocalPort } | udpLocalAddress, udpLocalPort } | |||
| STATUS deprecated | STATUS deprecated | |||
| DESCRIPTION | DESCRIPTION | |||
| "The deprecated group of objects providing for management of | "The deprecated group of objects providing for | |||
| UDP over IPv4." | management of UDP over IPv4." | |||
| ::= { udpMIBGroups 1 } | ::= { udpMIBGroups 1 } | |||
| udpBaseGroup OBJECT-GROUP | udpBaseGroup OBJECT-GROUP | |||
| OBJECTS { udpInDatagrams, udpNoPorts, udpInErrors, udpOutDatagrams } | OBJECTS { udpInDatagrams, udpNoPorts, udpInErrors, | |||
| udpOutDatagrams } | ||||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The group of objects providing for counters of UDP | "The group of objects providing for counters of UDP | |||
| statistics." | statistics." | |||
| ::= { udpMIBGroups 2 } | ::= { udpMIBGroups 2 } | |||
| udpHCGroup OBJECT-GROUP | udpHCGroup OBJECT-GROUP | |||
| OBJECTS { udpHCInDatagrams, udpHCOutDatagrams } | OBJECTS { udpHCInDatagrams, udpHCOutDatagrams } | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The group of objects providing for counters of high speed | "The group of objects providing for counters of high | |||
| UDP implementations." | speed UDP implementations." | |||
| ::= { udpMIBGroups 3 } | ::= { udpMIBGroups 3 } | |||
| udpEndpointGroup OBJECT-GROUP | udpEndpointGroup OBJECT-GROUP | |||
| OBJECTS { udpEndpointInstance } | OBJECTS { udpEndpointProcess } | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The group of objects providing for the IP version | "The group of objects providing for the IP version | |||
| independent management of UDP 'endpoints'." | independent management of UDP 'endpoints'." | |||
| ::= { udpMIBGroups 4 } | ::= { udpMIBGroups 4 } | |||
| udpEndpointProcessGroup OBJECT-GROUP | ||||
| OBJECTS { udpEndpointProcess } | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "The object mapping a UDP 'endpoint' to a system process." | ||||
| ::= { udpMIBGroups 5 } | ||||
| END | END | |||
| 4. Intellectual Property | 4. Intellectual Property | |||
| The IETF takes no position regarding the validity or scope of any | The IETF takes no position regarding the validity or scope of any | |||
| intellectual property or other rights that might be claimed to | intellectual property or other rights that might be claimed to | |||
| pertain to the implementation or use of the technology described in | pertain to the implementation or use of the technology described in | |||
| this document or the extent to which any license under such rights | this document or the extent to which any license under such rights | |||
| might or might not be available; neither does it represent that it | might or might not be available; neither does it represent that it | |||
| has made any effort to identify any such rights. Information on the | has made any effort to identify any such rights. Information on the | |||
| skipping to change at page 17, line 25 | skipping to change at page 19, line 42 | |||
| J., Rose, M. and S. Waldbusser, "Conformance Statements | J., Rose, M. and S. Waldbusser, "Conformance Statements | |||
| for SMIv2", STD 58, RFC 2580, April 1999. | for SMIv2", STD 58, RFC 2580, April 1999. | |||
| [RFC2790] Waldbusser, S. and P. Grillo, "Host Resources MIB", RFC | [RFC2790] Waldbusser, S. and P. Grillo, "Host Resources MIB", RFC | |||
| 2790, March 2000. | 2790, March 2000. | |||
| [RFC3291] Daniele, M., Haberman, B., Routhier, S., and J. | [RFC3291] Daniele, M., Haberman, B., Routhier, S., and J. | |||
| Schoenwaelder, "Textual Conventions for Internet Network | Schoenwaelder, "Textual Conventions for Internet Network | |||
| Addresses", RFC 3291, May 2002. | Addresses", RFC 3291, May 2002. | |||
| 8. Informative References | [RFC3418] Presuhn, R., "Management Information Base (MIB) for the | |||
| Simple Network Management Protocol (SNMP)", RFC 3418, | ||||
| December 2002. | ||||
| [RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, | 8. Informative References | |||
| "Introduction and Applicability Statements for Internet- | ||||
| Standard Management Framework", RFC 3410, December 2002. | ||||
| [RFC1213] McCloghrie, K. and M. Rose, Editors, "Management | [RFC1213] McCloghrie, K. and M. Rose, Editors, "Management | |||
| Information Base for Network Management of TCP/IP-based | Information Base for Network Management of TCP/IP-based | |||
| internets: MIB-II", STD 17, RFC 1213, March 1991. | internets: MIB-II", STD 17, RFC 1213, March 1991. | |||
| [RFC2013] McCloghrie, K., "Management Information Base for the | [RFC2013] McCloghrie, K., "Management Information Base for the | |||
| User Datagram Protocol using SMIv2", RFC 2013, November | User Datagram Protocol using SMIv2", RFC 2013, November | |||
| 1996. | 1996. | |||
| [RFC2454] Daniele, M., "IP Version 6 Management Information Base | [RFC2454] Daniele, M., "IP Version 6 Management Information Base | |||
| for the User Datagram Protocol", RFC 2454, December | for the User Datagram Protocol", RFC 2454, December | |||
| 1998. | 1998. | |||
| [RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, | ||||
| "Introduction and Applicability Statements for Internet- | ||||
| Standard Management Framework", RFC 3410, December 2002. | ||||
| 9. Security Considerations | 9. Security Considerations | |||
| There are no management objects defined in this MIB that have a MAX- | There are no management objects defined in this MIB that have a MAX- | |||
| ACCESS clause of read-write and/or read-create. So, if this MIB is | ACCESS clause of read-write and/or read-create. So, if this MIB is | |||
| implemented correctly, then there is no risk that an intruder can | implemented correctly, then there is no risk that an intruder can | |||
| alter or create any management objects of this MIB module via direct | alter or create any management objects of this MIB module via direct | |||
| SNMP SET operations. | SNMP SET operations. | |||
| Some of the readable objects in this MIB module (i.e., objects with a | Some of the readable objects in this MIB module (i.e., objects with a | |||
| MAX-ACCESS other than not-accessible) may be considered sensitive or | MAX-ACCESS other than not-accessible) may be considered sensitive or | |||
| vulnerable in some network environments. It is thus important to | vulnerable in some network environments. It is thus important to | |||
| control even GET and/or NOTIFY access to these objects and possibly | control even GET and/or NOTIFY access to these objects and possibly | |||
| to even encrypt the values of these objects when sending them over | to even encrypt the values of these objects when sending them over | |||
| the network via SNMP. These are the tables and objects and their | the network via SNMP. These are the tables and objects and their | |||
| sensitivity/vulnerability: | sensitivity/vulnerability: | |||
| The udpEndpointLocalPort and udpLocalPort objects can be used to | The indices of the udpEndpointTable and udpTable contain information | |||
| identify what ports are open on the machine and can thus what attacks | on the listeners on an entity. In particular, the | |||
| are likely to succeed, without the attacker having to run a port | udpEndpointLocalPort and udpLocalPort objects in the indices can be | |||
| scanner. | used to identify what ports are open on the machine and can thus what | |||
| attacks are likely to succeed, without the attacker having to run a | ||||
| port scanner. | ||||
| SNMP versions prior to SNMPv3 did not include adequate security. | SNMP versions prior to SNMPv3 did not include adequate security. | |||
| Even if the network itself is secure (for example by using IPSec), | Even if the network itself is secure (for example by using IPSec), | |||
| even then, there is no control as to who on the secure network is | even then, there is no control as to who on the secure network is | |||
| allowed to access and GET/SET (read/change/create/delete) the objects | allowed to access and GET/SET (read/change/create/delete) the objects | |||
| in this MIB module. | in this MIB module. | |||
| It is recommended that the implementors consider the security | It is recommended that the implementors consider the security | |||
| features as provided by the SNMPv3 framework (see [RFC3410], section | features as provided by the SNMPv3 framework (see [RFC3410], section | |||
| 8), including full support for the SNMPv3 cryptographic mechanisms | 8), including full support for the SNMPv3 cryptographic mechanisms | |||
| skipping to change at page 19, line 7 | skipping to change at page 21, line 30 | |||
| John Flick | John Flick | |||
| Hewlett-Packard Company | Hewlett-Packard Company | |||
| 8000 Foothills Blvd. M/S 5557 | 8000 Foothills Blvd. M/S 5557 | |||
| Roseville, CA 95747-5557 | Roseville, CA 95747-5557 | |||
| USA | USA | |||
| Email: johnf@rose.hp.com | Email: johnf@rose.hp.com | |||
| 11. Full Copyright Statement | 11. Full Copyright Statement | |||
| Copyright (C) The Internet Society (2003). All Rights Reserved. | Copyright (C) The Internet Society (2004). All Rights Reserved. | |||
| This document and translations of it may be copied and furnished to | This document and translations of it may be copied and furnished to | |||
| others, and derivative works that comment on or otherwise explain it | others, and derivative works that comment on or otherwise explain it | |||
| or assist in its implementation may be prepared, copied, published | or assist in its implementation may be prepared, copied, published | |||
| and distributed, in whole or in part, without restriction of any | and distributed, in whole or in part, without restriction of any | |||
| kind, provided that the above copyright notice and this paragraph are | kind, provided that the above copyright notice and this paragraph are | |||
| included on all such copies and derivative works. However, this | included on all such copies and derivative works. However, this | |||
| document itself may not be modified in any way, such as by removing | document itself may not be modified in any way, such as by removing | |||
| the copyright notice or references to the Internet Society or other | the copyright notice or references to the Internet Society or other | |||
| Internet organizations, except as needed for the purpose of | Internet organizations, except as needed for the purpose of | |||
| End of changes. | ||||
This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||