draft-ietf-ipv6-rfc2013-update-02.txt | draft-ietf-ipv6-rfc2013-update-03.txt | |||
---|---|---|---|---|
IPv6 MIB Revision Design Team Bill Fenner | IPv6 MIB Revision Design Team Bill Fenner | |||
INTERNET-DRAFT AT&T Research | INTERNET-DRAFT AT&T Research | |||
Expires: May 2004 John Flick | Expires: October 2004 John Flick | |||
Hewlett-Packard Company | Hewlett-Packard Company | |||
November 2003 | April 2004 | |||
Management Information Base | Management Information Base | |||
for the User Datagram Protocol (UDP) | for the User Datagram Protocol (UDP) | |||
draft-ietf-ipv6-rfc2013-update-02.txt | draft-ietf-ipv6-rfc2013-update-03.txt | |||
Status of this Memo | Status of this Memo | |||
This document is an Internet-Draft and is in full conformance with | This document is an Internet-Draft and is in full conformance with | |||
all provisions of Section 10 of RFC2026. | all provisions of Section 10 of RFC2026. | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
other groups may also distribute working documents as Internet- | other groups may also distribute working documents as Internet- | |||
Drafts. | Drafts. | |||
skipping to change at page 1, line 39 | skipping to change at page 1, line 40 | |||
The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
This document is a product of the IPv6 MIB Revision Design Team. | This document is a product of the IPv6 MIB Revision Design Team. | |||
Comments should be addressed to the authors, or to the mailing list | Comments should be addressed to the authors, or to the mailing list | |||
at ipv6@ietf.org. | at ipv6@ietf.org. | |||
Copyright Notice | Copyright Notice | |||
Copyright (C) The Internet Society (2003). All Rights Reserved. | Copyright (C) The Internet Society (2004). All Rights Reserved. | |||
Abstract | Abstract | |||
This memo defines a portion of the Management Information Base (MIB) | This memo defines a portion of the Management Information Base (MIB) | |||
for use with network management protocols in the Internet community. | for use with network management protocols in the Internet community. | |||
In particular, it describes managed objects used for implementations | In particular, it describes managed objects used for implementations | |||
of the User Datagram Protocol (UDP) in an IP version independent | of the User Datagram Protocol (UDP) in an IP version independent | |||
manner. This memo obsoletes RFCs 2013 and 2454. | manner. This memo obsoletes RFCs 2013 and 2454. | |||
Table of Contents | Table of Contents | |||
1. The Internet-Standard Management Framework ................. 4 | 1. The Internet-Standard Management Framework ................. 5 | |||
2. Overview ................................................... 5 | 2. Overview ................................................... 6 | |||
2.1. Relationship to Other MIBs ............................... 5 | 2.1. Relationship to Other MIBs ............................... 6 | |||
2.1.1. Relationship to RFC1213-MIB ............................ 5 | 2.1.1. Relationship to RFC1213-MIB ............................ 6 | |||
2.1.2. Relationship to the IPV6-UDP-MIB ....................... 6 | 2.1.2. Relationship to the IPV6-UDP-MIB ....................... 7 | |||
2.1.3. Relationship to HOST-RESOURCES-MIB and SYSAPPL-MIB ..... 6 | 2.1.3. Relationship to HOST-RESOURCES-MIB and SYSAPPL-MIB ..... 7 | |||
3. Definitions ................................................ 6 | 3. Definitions ................................................ 7 | |||
4. Intellectual Property ...................................... 15 | 4. Intellectual Property ...................................... 18 | |||
5. Acknowledgements ........................................... 16 | 5. Acknowledgements ........................................... 18 | |||
6. Contributers ............................................... 16 | 6. Contributers ............................................... 18 | |||
7. Normative References ....................................... 16 | 7. Normative References ....................................... 19 | |||
8. Informative References ..................................... 17 | 8. Informative References ..................................... 19 | |||
9. Security Considerations .................................... 17 | 9. Security Considerations .................................... 20 | |||
10. Editors Addresses ......................................... 18 | 10. Editors Addresses ......................................... 21 | |||
11. Full Copyright Statement .................................. 19 | 11. Full Copyright Statement .................................. 21 | |||
Revision History | Revision History | |||
[Note to RFC Editor: Please remove prior to publication] | [Note to RFC Editor: Please remove prior to publication] | |||
Changes from draft-ietf-ipv6-rfc2013-update-02.txt | ||||
27 April 2004 | ||||
Added text to section 2.1.2 to clarify why an equivalent to RFC | ||||
2454's ipv6UdpIfIndex is not required. | ||||
Changed the text of the Security Considerations so that it no | ||||
longer implies that udpEndpointLocalPort is readable, but is | ||||
instead only returned as part of an index. | ||||
Added an explicit reference to sysUpTime as a discontinuity | ||||
indicator to the counter objects in the mib. | ||||
Reworded the description of udpEndpointLocalAddress to indicate | ||||
that it can be used to represent any address that the local | ||||
system is listening to, not just addresses assigned to the | ||||
system. | ||||
Updated the description of InetAddress objects used as index | ||||
elements to indicate the 128 octet limit. | ||||
Added a note to the description of udpEndpointRemoteAddressType | ||||
to indicate that some combinations of | ||||
udpEndpointLocalAddressType and udpEndpointRemoteAddressType are | ||||
not legal. | ||||
Reverted udpEndpointInstance to not-accessible, since | ||||
udpEndpointProcess is now a mandatory to implement object (to | ||||
align with the TCP-MIB). | ||||
Added text to the udpEndpointInstance description to describe | ||||
why it is needed. | ||||
Added pseudo OBJECT clauses to the description of | ||||
udpMIBCompliance2 for udpEndpointLocalAddressType and | ||||
udpEndpointRemoteAddressType. | ||||
Removed udpEndpointInstance from the udpEndpointGroup, since it | ||||
is now not-accessible, and added udpEndpointProcess to the | ||||
udpEndpointGroup, since it is now mandatory. Removed the | ||||
udpEndpointProcessGroup. | ||||
Changes from draft-ietf-ipv6-rfc2013-update-00.txt | Changes from draft-ietf-ipv6-rfc2013-update-00.txt | |||
24 October 2003 | 24 October 2003 | |||
Dropped udpEndpointInDatagrams, udpEndpointHCInDatagrams, | Dropped udpEndpointInDatagrams, udpEndpointHCInDatagrams, | |||
udpEndpointOutDatagrams, udpEndpointHCOutDatagrams, | udpEndpointOutDatagrams, udpEndpointHCOutDatagrams, | |||
udpEndpointInOctets, udpEndpointHCInOctets, | udpEndpointInOctets, udpEndpointHCInOctets, | |||
udpEndpointOutOctets, udpEndpointHCOutOctets, and | udpEndpointOutOctets, udpEndpointHCOutOctets, and | |||
udpEndpointStartTime. | udpEndpointStartTime. | |||
skipping to change at page 5, line 28 | skipping to change at page 6, line 22 | |||
udpHCOutDatagrams have been added to this group since the | udpHCOutDatagrams have been added to this group since the | |||
publication of RFC 2013 in order to provide high-capacity | publication of RFC 2013 in order to provide high-capacity | |||
counters for fast networks. | counters for fast networks. | |||
- The udpEndpointTable provides access to status information for | - The udpEndpointTable provides access to status information for | |||
all UDP endpoints handled by a UDP protocol engine. The table | all UDP endpoints handled by a UDP protocol engine. The table | |||
provides for strictly listening endpoints, as with the | provides for strictly listening endpoints, as with the | |||
historical udpTable, and also for "connected" UDP endpoints, | historical udpTable, and also for "connected" UDP endpoints, | |||
which only accept packets from a given remote system. It also | which only accept packets from a given remote system. It also | |||
reports identification of the operating system level processes | reports identification of the operating system level processes | |||
which handles UDP connections. | which handle UDP connections. | |||
2.1. Relationship to Other MIBs | 2.1. Relationship to Other MIBs | |||
This section discusses the relationship of this UDP-MIB module to | This section discusses the relationship of this UDP-MIB module to | |||
other MIB modules. | other MIB modules. | |||
2.1.1. Relationship to RFC1213-MIB | 2.1.1. Relationship to RFC1213-MIB | |||
UDP related MIB objects were originally defined as part of the | UDP related MIB objects were originally defined as part of the | |||
RFC1213-MIB defined in RFC 1213 [RFC1213]. The UDP related objects of | RFC1213-MIB defined in RFC 1213 [RFC1213]. The UDP related objects of | |||
skipping to change at page 6, line 23 | skipping to change at page 7, line 15 | |||
udpEndpointTable thus allows for the addition of specific status | udpEndpointTable thus allows for the addition of specific status | |||
and statistic objects for "connected" endpoints and connections. | and statistic objects for "connected" endpoints and connections. | |||
2.1.2. Relationship to the IPV6-UDP-MIB | 2.1.2. Relationship to the IPV6-UDP-MIB | |||
The IPV6-UDP-MIB defined in RFC 2454 has been moved to Historic since | The IPV6-UDP-MIB defined in RFC 2454 has been moved to Historic since | |||
the approach of having separate IP version specific tables is not | the approach of having separate IP version specific tables is not | |||
followed anymore. Implementation of RFC 2454 is thus not suggested | followed anymore. Implementation of RFC 2454 is thus not suggested | |||
anymore. | anymore. | |||
Note that since scoped addresses are now represented using the ipv4z | ||||
and ipv6z address types, there is no longer a need to explicitly | ||||
include the ifIndex in the index clause of the udpEndpointTable. | ||||
This is a change from the use of ipv6UdpIfIndex in RFC 2454. | ||||
2.1.3. Relationship to HOST-RESOURCES-MIB and SYSAPPL-MIB | 2.1.3. Relationship to HOST-RESOURCES-MIB and SYSAPPL-MIB | |||
The udpEndpointTable reports the identification of the operating | The udpEndpointTable reports the identification of the operating | |||
system level process which handles a connection or a listening | system level process which handles a connection or a listening | |||
endpoint. The value is reported as an Unsigned32 which is expected to | endpoint. The value is reported as an Unsigned32 which is expected to | |||
be the same as the hrSWRunIndex of the HOST-RESOURCES-MIB [RFC2790] | be the same as the hrSWRunIndex of the HOST-RESOURCES-MIB [RFC2790] | |||
(if the value is smaller than 2147483647) or the sysApplElmtRunIndex | (if the value is smaller than 2147483647) or the sysApplElmtRunIndex | |||
of the SYSAPPL-MIB [RFC2287]. This allows managment applications to | of the SYSAPPL-MIB [RFC2287]. This allows managment applications to | |||
identify the UDP connections that belong to an operating system level | identify the UDP connections that belong to an operating system level | |||
process, which has proven to be valuable in operational environments. | process, which has proven to be valuable in operational environments. | |||
skipping to change at page 6, line 46 | skipping to change at page 7, line 43 | |||
UDP-MIB DEFINITIONS ::= BEGIN | UDP-MIB DEFINITIONS ::= BEGIN | |||
IMPORTS | IMPORTS | |||
MODULE-IDENTITY, OBJECT-TYPE, Integer32, Counter32, Counter64, | MODULE-IDENTITY, OBJECT-TYPE, Integer32, Counter32, Counter64, | |||
Unsigned32, IpAddress, mib-2 FROM SNMPv2-SMI | Unsigned32, IpAddress, mib-2 FROM SNMPv2-SMI | |||
MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF | MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF | |||
InetAddress, InetAddressType, | InetAddress, InetAddressType, | |||
InetPortNumber FROM INET-ADDRESS-MIB; | InetPortNumber FROM INET-ADDRESS-MIB; | |||
udpMIB MODULE-IDENTITY | udpMIB MODULE-IDENTITY | |||
LAST-UPDATED "200310240000Z" -- October 24, 2003 | LAST-UPDATED "200404270000Z" -- April 27, 2004 | |||
ORGANIZATION "IETF IPv6 Working Group | ORGANIZATION | |||
http://www.ietf.org/htmp.charters/ipv6-charter.html" | "IETF IPv6 Working Group | |||
http://www.ietf.org/htmp.lharters/ipv6-charter.html" | ||||
CONTACT-INFO | CONTACT-INFO | |||
"Bill Fenner (editor) | "Bill Fenner (editor) | |||
AT&T Labs -- Research | AT&T Labs -- Research | |||
75 Willow Rd. | 75 Willow Rd. | |||
Menlo Park, CA 94025 | Menlo Park, CA 94025 | |||
Phone: +1 650 330-7893 | Phone: +1 650 330-7893 | |||
Email: <fenner@research.att.com> | Email: <fenner@research.att.com> | |||
John Flick (editor) | John Flick (editor) | |||
Hewlett-Packard Company | Hewlett-Packard Company | |||
skipping to change at page 7, line 18 | skipping to change at page 8, line 17 | |||
Phone: +1 650 330-7893 | Phone: +1 650 330-7893 | |||
Email: <fenner@research.att.com> | Email: <fenner@research.att.com> | |||
John Flick (editor) | John Flick (editor) | |||
Hewlett-Packard Company | Hewlett-Packard Company | |||
8000 Foothills Blvd. M/S 5557 | 8000 Foothills Blvd. M/S 5557 | |||
Roseville, CA 95747 | Roseville, CA 95747 | |||
Phone: +1 916 785 4018 | Phone: +1 916 785 4018 | |||
Email: <johnf@rose.hp.com>" | Email: <johnf@rose.hp.com> | |||
Send comments to <ipv6@ietf.org>" | ||||
DESCRIPTION | DESCRIPTION | |||
"The MIB module for managing UDP implementations. | "The MIB module for managing UDP implementations. | |||
Copyright (C) The Internet Society (2003). This | Copyright (C) The Internet Society (2004). This | |||
version of this MIB module is part of RFC XXXX; | version of this MIB module is part of RFC XXXX; | |||
see the RFC itself for full legal notices. | see the RFC itself for full legal notices." | |||
-- RFC Ed.: Replace XXXX with the actual RFC number & remove | -- RFC Ed.: Replace XXXX with actual RFC number & remove note | |||
-- this note" | REVISION "200404270000Z" -- April 27, 2004 | |||
REVISION "200310240000Z" -- October 24, 2003 | ||||
DESCRIPTION | DESCRIPTION | |||
"IP version neutral revision, published as RFC XXXX." | "IP version neutral revision, published as RFC XXXX." | |||
-- RFC Ed.: Replace XXXX with the actual RFC number & remove | -- RFC Ed.: Replace XXXX with actual RFC number & remove note | |||
-- this note" | ||||
REVISION "199411010000Z" -- November 1, 1994 | REVISION "199411010000Z" -- November 1, 1994 | |||
DESCRIPTION | DESCRIPTION | |||
"Initial SMIv2 version, published as RFC 2013." | "Initial SMIv2 version, published as RFC 2013." | |||
REVISION "199103310000Z" -- March 31, 1991 | REVISION "199103310000Z" -- March 31, 1991 | |||
DESCRIPTION | DESCRIPTION | |||
"The initial revision of this MIB module was part of MIB-II." | "The initial revision of this MIB module was part of | |||
MIB-II." | ||||
::= { mib-2 50 } | ::= { mib-2 50 } | |||
-- the UDP group | -- the UDP group | |||
udp OBJECT IDENTIFIER ::= { mib-2 7 } | udp OBJECT IDENTIFIER ::= { mib-2 7 } | |||
udpInDatagrams OBJECT-TYPE | udpInDatagrams OBJECT-TYPE | |||
SYNTAX Counter32 | SYNTAX Counter32 | |||
MAX-ACCESS read-only | MAX-ACCESS read-only | |||
STATUS current | STATUS current | |||
DESCRIPTION | DESCRIPTION | |||
"The total number of UDP datagrams delivered to UDP users." | "The total number of UDP datagrams delivered to UDP | |||
users. | ||||
Discontinuities in the value of this counter can occur | ||||
at re-initialization of the management system, and at | ||||
other times as indicated by discontinuities in the | ||||
value of sysUpTime." | ||||
::= { udp 1 } | ::= { udp 1 } | |||
udpNoPorts OBJECT-TYPE | udpNoPorts OBJECT-TYPE | |||
SYNTAX Counter32 | SYNTAX Counter32 | |||
MAX-ACCESS read-only | MAX-ACCESS read-only | |||
STATUS current | STATUS current | |||
DESCRIPTION | DESCRIPTION | |||
"The total number of received UDP datagrams for which there | "The total number of received UDP datagrams for which | |||
was no application at the destination port." | there was no application at the destination port. | |||
Discontinuities in the value of this counter can occur | ||||
at re-initialization of the management system, and at | ||||
other times as indicated by discontinuities in the | ||||
value of sysUpTime." | ||||
::= { udp 2 } | ::= { udp 2 } | |||
udpInErrors OBJECT-TYPE | udpInErrors OBJECT-TYPE | |||
SYNTAX Counter32 | SYNTAX Counter32 | |||
MAX-ACCESS read-only | MAX-ACCESS read-only | |||
STATUS current | STATUS current | |||
DESCRIPTION | DESCRIPTION | |||
"The number of received UDP datagrams that could not be | "The number of received UDP datagrams that could not be | |||
delivered for reasons other than the lack of an application | delivered for reasons other than the lack of an | |||
at the destination port." | application at the destination port. | |||
Discontinuities in the value of this counter can occur | ||||
at re-initialization of the management system, and at | ||||
other times as indicated by discontinuities in the | ||||
value of sysUpTime." | ||||
::= { udp 3 } | ::= { udp 3 } | |||
udpOutDatagrams OBJECT-TYPE | udpOutDatagrams OBJECT-TYPE | |||
SYNTAX Counter32 | SYNTAX Counter32 | |||
MAX-ACCESS read-only | MAX-ACCESS read-only | |||
STATUS current | STATUS current | |||
DESCRIPTION | DESCRIPTION | |||
"The total number of UDP datagrams sent from this entity." | "The total number of UDP datagrams sent from this | |||
::= { udp 4 } | entity. | |||
Discontinuities in the value of this counter can occur | ||||
at re-initialization of the management system, and at | ||||
other times as indicated by discontinuities in the | ||||
value of sysUpTime." | ||||
::= { udp 4 } | ||||
udpHCInDatagrams OBJECT-TYPE | udpHCInDatagrams OBJECT-TYPE | |||
SYNTAX Counter64 | SYNTAX Counter64 | |||
MAX-ACCESS read-only | MAX-ACCESS read-only | |||
STATUS current | STATUS current | |||
DESCRIPTION | DESCRIPTION | |||
"The total number of UDP datagrams delivered to UDP users, | "The total number of UDP datagrams delivered to UDP | |||
for devices which can receive more than 1 million UDP | users, for devices which can receive more than 1 | |||
datagrams per second." | million UDP datagrams per second. | |||
Discontinuities in the value of this counter can occur | ||||
at re-initialization of the management system, and at | ||||
other times as indicated by discontinuities in the | ||||
value of sysUpTime." | ||||
::= { udp 8 } | ::= { udp 8 } | |||
udpHCOutDatagrams OBJECT-TYPE | udpHCOutDatagrams OBJECT-TYPE | |||
SYNTAX Counter64 | SYNTAX Counter64 | |||
MAX-ACCESS read-only | MAX-ACCESS read-only | |||
STATUS current | STATUS current | |||
DESCRIPTION | DESCRIPTION | |||
"The total number of UDP datagrams sent from this entity, for | "The total number of UDP datagrams sent from this | |||
devices which can transmit more than 1 million UDP datagrams | entity, for devices which can transmit more than 1 | |||
per second." | million UDP datagrams per second. | |||
Discontinuities in the value of this counter can occur | ||||
at re-initialization of the management system, and at | ||||
other times as indicated by discontinuities in the | ||||
value of sysUpTime." | ||||
::= { udp 9 } | ::= { udp 9 } | |||
-- | -- | |||
-- { udp 6 } was defined as the ipv6UdpTable in RFC2454's IPV6-UDP-MIB. | -- { udp 6 } was defined as the ipv6UdpTable in RFC2454's | |||
-- This RFC obsoletes RFC 2454, so { udp 6 } is obsoleted. | -- IPV6-UDP-MIB. This RFC obsoletes RFC 2454, so { udp 6 } is | |||
-- obsoleted. | ||||
-- | -- | |||
-- The UDP "Endpoint" table. | -- The UDP "Endpoint" table. | |||
udpEndpointTable OBJECT-TYPE | udpEndpointTable OBJECT-TYPE | |||
SYNTAX SEQUENCE OF UdpEndpointEntry | SYNTAX SEQUENCE OF UdpEndpointEntry | |||
MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
STATUS current | STATUS current | |||
DESCRIPTION | DESCRIPTION | |||
"A table containing information about this entity's UDP | "A table containing information about this entity's UDP | |||
endpoints on which a local application is currently | endpoints on which a local application is currently | |||
accepting or sending datagrams. | accepting or sending datagrams. | |||
The address type in this table represents the address type | The address type in this table represents the address | |||
used for the communication, irrespective of the higher-layer | type used for the communication, irrespective of the | |||
abstraction. For example, an application using IPv6 | higher-layer abstraction. For example, an application | |||
'sockets' to communicate via IPv4 between ::ffff:10.0.0.1 | using IPv6 'sockets' to communicate via IPv4 between | |||
and ::ffff:10.0.0.2 would use InetAddressType ipv4(1). | ::ffff:10.0.0.1 and ::ffff:10.0.0.2 would use | |||
InetAddressType ipv4(1). | ||||
Unlike the udpTable in RFC 2013, this table also allows the | Unlike the udpTable in RFC 2013, this table also allows | |||
representation of an application which completely specifies | the representation of an application which completely | |||
both local and remote addresses and ports. A listening | specifies both local and remote addresses and ports. A | |||
application is represented in three possible ways: | listening application is represented in three possible | |||
ways: | ||||
1) an application which is willing to accept both IPv4 and | 1) an application which is willing to accept both IPv4 | |||
IPv6 datagrams is represented by a | and IPv6 datagrams is represented by a | |||
udpEndpointLocalAddressType of unknown(0) and | udpEndpointLocalAddressType of unknown(0) and | |||
udpEndpointLocalAddress of ''h (a zero-length | udpEndpointLocalAddress of ''h (a zero-length | |||
octet-string). | octet-string). | |||
2) an application which is willing to accept only IPv4 or | 2) an application which is willing to accept only IPv4 | |||
only IPv6 datagrams is represented by a | or only IPv6 datagrams is represented by a | |||
udpEndpointLocalAddressType of the appropriate address | udpEndpointLocalAddressType of the appropriate | |||
type, and udpEndpointLocalAddress of ''h (a zero-length | address type, and udpEndpointLocalAddress of ''h (a | |||
octet-string). | zero-length octet-string). | |||
3) an application which is listening for datagrams only for | 3) an application which is listening for datagrams only | |||
a specific IP address, but from any remote system, is | for a specific IP address, but from any remote | |||
repesented by a udpEndpointLocalAddressType of the | system, is repesented by a | |||
appropriate address type, udpEndpointLocalAddress | udpEndpointLocalAddressType of the appropriate | |||
specifying the local address. | address type, udpEndpointLocalAddress specifying the | |||
local address. | ||||
In all cases where the remote is a wildcard, the | In all cases where the remote is a wildcard, the | |||
udpEndpointRemoteAddressType is unknown(0), the | udpEndpointRemoteAddressType is unknown(0), the | |||
udpEndpointRemoteAdderess is ''h (a zero-length | udpEndpointRemoteAddress is ''h (a zero-length | |||
octet-string), and the udpEndpointRemotePort is 0. | octet-string), and the udpEndpointRemotePort is 0. | |||
If the operating system is demultiplexing UDP packets by | If the operating system is demultiplexing UDP packets | |||
remote address and port, or if the application has | by remote address and port, or if the application has | |||
'connected' the socket specifying a default remote address | 'connected' the socket specifying a default remote | |||
and port, the udpEndpointRemote* values should be used to | address and port, the udpEndpointRemote* values should | |||
reflect this." | be used to reflect this." | |||
::= { udp 7 } | ::= { udp 7 } | |||
udpEndpointEntry OBJECT-TYPE | udpEndpointEntry OBJECT-TYPE | |||
SYNTAX UdpEndpointEntry | SYNTAX UdpEndpointEntry | |||
MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
STATUS current | STATUS current | |||
DESCRIPTION | DESCRIPTION | |||
"Information about a particular current UDP endpoint. | "Information about a particular current UDP endpoint. | |||
Implementers need to be aware that if the total number | Implementers need to be aware that if the total number | |||
skipping to change at page 10, line 50 | skipping to change at page 12, line 37 | |||
udpEndpointRemotePort InetPortNumber, | udpEndpointRemotePort InetPortNumber, | |||
udpEndpointInstance Unsigned32, | udpEndpointInstance Unsigned32, | |||
udpEndpointProcess Unsigned32 | udpEndpointProcess Unsigned32 | |||
} | } | |||
udpEndpointLocalAddressType OBJECT-TYPE | udpEndpointLocalAddressType OBJECT-TYPE | |||
SYNTAX InetAddressType | SYNTAX InetAddressType | |||
MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
STATUS current | STATUS current | |||
DESCRIPTION | DESCRIPTION | |||
"The address type of udpEndpointLocalAddress. Only IPv4, | "The address type of udpEndpointLocalAddress. Only | |||
IPv4z, IPv6 and IPv6z addresses are expected, or | IPv4, IPv4z, IPv6 and IPv6z addresses are expected, or | |||
unknown(0) if datagrams for all local IP addresses are | unknown(0) if datagrams for all local IP addresses are | |||
accepted." | accepted." | |||
::= { udpEndpointEntry 1 } | ::= { udpEndpointEntry 1 } | |||
udpEndpointLocalAddress OBJECT-TYPE | udpEndpointLocalAddress OBJECT-TYPE | |||
SYNTAX InetAddress | SYNTAX InetAddress | |||
MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
STATUS current | STATUS current | |||
DESCRIPTION | DESCRIPTION | |||
"The local IP address for this UDP endpoint. This is either | "The local IP address for this UDP endpoint. This is | |||
one of the IP addresses assigned to the system, or a null | either one of the IP addresses for which this node is | |||
octet-string (''h) to represent that datagrams destined to | receiving packets, or a null octet-string (''h) to | |||
any address assigned to the system of an IP version | represent that datagrams destined to any address to | |||
which the system is listening of an IP version | ||||
consistent with udpEndpointLocalAddressType (or any IP | consistent with udpEndpointLocalAddressType (or any IP | |||
version, if udpEndpointLocalAddressType is unknown(0)) will | version, if udpEndpointLocalAddressType is unknown(0)) | |||
be accepted." | will be accepted. | |||
As this object is used in the index for the | ||||
udpEndpointTable, implementors of this table should be | ||||
careful not to create entries that would result in OIDs | ||||
with more than 128 subidentifiers; else the information | ||||
cannot be accessed using SNMPv1, SNMPv2c or SNMPv3." | ||||
::= { udpEndpointEntry 2 } | ::= { udpEndpointEntry 2 } | |||
udpEndpointLocalPort OBJECT-TYPE | udpEndpointLocalPort OBJECT-TYPE | |||
SYNTAX InetPortNumber | SYNTAX InetPortNumber | |||
MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
STATUS current | STATUS current | |||
DESCRIPTION | DESCRIPTION | |||
"The local port number for this UDP endpoint." | "The local port number for this UDP endpoint." | |||
::= { udpEndpointEntry 3 } | ::= { udpEndpointEntry 3 } | |||
udpEndpointRemoteAddressType OBJECT-TYPE | udpEndpointRemoteAddressType OBJECT-TYPE | |||
SYNTAX InetAddressType | SYNTAX InetAddressType | |||
MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
STATUS current | STATUS current | |||
DESCRIPTION | DESCRIPTION | |||
"The address type of udpEndpointRemoteAddress. Only IPv4, | "The address type of udpEndpointRemoteAddress. Only | |||
IPv4z, IPv6 and IPv6 addresses are expected, or | IPv4, IPv4z, IPv6 and IPv6z addresses are expected, or | |||
unknown(0) if datagrams for all remote IP addresses are | unknown(0) if datagrams for all remote IP addresses are | |||
accepted." | accepted. Also, note that some combinations of | |||
udpEndpointLocalAdressType and | ||||
udpEndpointRemoteAddressType are not supported. In | ||||
particular, if the value of this object is not | ||||
unknown(0), it is expected to always refer to the | ||||
same IP version as udpEndpointLocalAddressType." | ||||
::= { udpEndpointEntry 4 } | ::= { udpEndpointEntry 4 } | |||
udpEndpointRemoteAddress OBJECT-TYPE | udpEndpointRemoteAddress OBJECT-TYPE | |||
SYNTAX InetAddress | SYNTAX InetAddress | |||
MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
STATUS current | STATUS current | |||
DESCRIPTION | DESCRIPTION | |||
"The remote IP address for this UDP endpoint. If datagrams | "The remote IP address for this UDP endpoint. If | |||
from any remote system are to be accepted, this value is ''h | datagrams from any remote system are to be accepted, | |||
(a zero-length octet-string). Otherwise, it has the type | this value is ''h (a zero-length octet-string). | |||
described by udpEndpointRemoteAddressType, and is the | Otherwise, it has the type described by | |||
address of the remote system from which datagrams are to be | udpEndpointRemoteAddressType, and is the address of the | |||
accepted (or to which all datagrams will be sent)." | remote system from which datagrams are to be accepted | |||
(or to which all datagrams will be sent). | ||||
As this object is used in the index for the | ||||
udpEndpointTable, implementors of this table should be | ||||
careful not to create entries that would result in OIDs | ||||
with more than 128 subidentifiers; else the information | ||||
cannot be accessed using SNMPv1, SNMPv2c or SNMPv3." | ||||
::= { udpEndpointEntry 5 } | ::= { udpEndpointEntry 5 } | |||
udpEndpointRemotePort OBJECT-TYPE | udpEndpointRemotePort OBJECT-TYPE | |||
SYNTAX InetPortNumber | SYNTAX InetPortNumber | |||
MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
STATUS current | STATUS current | |||
DESCRIPTION | DESCRIPTION | |||
"The remote port number for this UDP endpoint. If datagrams | "The remote port number for this UDP endpoint. If | |||
from any remote system are to be accepted, this value is | datagrams from any remote system are to be accepted, | |||
zero." | this value is zero." | |||
::= { udpEndpointEntry 6 } | ::= { udpEndpointEntry 6 } | |||
udpEndpointInstance OBJECT-TYPE | udpEndpointInstance OBJECT-TYPE | |||
SYNTAX Unsigned32 (1..'ffffffff'h) | SYNTAX Unsigned32 (1..'ffffffff'h) | |||
MAX-ACCESS read-only | MAX-ACCESS not-accessible | |||
STATUS current | STATUS current | |||
DESCRIPTION | DESCRIPTION | |||
"The instance of this tuple. This object is used to | "The instance of this tuple. This object is used to | |||
distinguish between multiple processes 'connected' to the | distinguish between multiple processes 'connected' to | |||
same UDP endpoint." | the same UDP endpoint. For example, on a system | |||
implementing the BSD sockets interface, this would be | ||||
used to support the SO_REUSEADDR and SO_REUSEPORT | ||||
socket options." | ||||
::= { udpEndpointEntry 7 } | ::= { udpEndpointEntry 7 } | |||
udpEndpointProcess OBJECT-TYPE | udpEndpointProcess OBJECT-TYPE | |||
SYNTAX Unsigned32 | SYNTAX Unsigned32 | |||
MAX-ACCESS read-only | MAX-ACCESS read-only | |||
STATUS current | STATUS current | |||
DESCRIPTION | DESCRIPTION | |||
"The system's process ID for the process associated with this | "The system's process ID for the process associated with | |||
endpoint, or zero if there is no such process. This value | this endpoint, or zero if there is no such process. | |||
is expected to be the same as | This value is expected to be the same as | |||
HOST-RESOURCES-MIB::hrSWRunIndex or | HOST-RESOURCES-MIB::hrSWRunIndex or SYSAPPL-MIB:: | |||
SYSAPPL-MIB::sysApplElmtRunIndex for some row in the | sysApplElmtRunIndex for some row in the appropriate | |||
appropriate tables." | tables." | |||
::= { udpEndpointEntry 8 } | ::= { udpEndpointEntry 8 } | |||
-- The deprecated UDP Listener table | -- The deprecated UDP Listener table | |||
-- The deprecated UDP listener table only contains information about this | -- The deprecated UDP listener table only contains information | |||
-- entity's IPv4 UDP end-points on which a local application is | -- about this entity's IPv4 UDP end-points on which a local | |||
-- currently accepting datagrams. It does not provide more detailed | -- application is currently accepting datagrams. It does not | |||
-- connection information, or information about IPv6 endpoints. | -- provide more detailed connection information, or information | |||
-- about IPv6 endpoints. | ||||
udpTable OBJECT-TYPE | udpTable OBJECT-TYPE | |||
SYNTAX SEQUENCE OF UdpEntry | SYNTAX SEQUENCE OF UdpEntry | |||
MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
STATUS deprecated | STATUS deprecated | |||
DESCRIPTION | DESCRIPTION | |||
"A table containing IPv4-specific UDP listener information. | "A table containing IPv4-specific UDP listener | |||
It contains information about all local IPv4 UDP end-points | information. It contains information about all local | |||
on which an application is currently accepting datagrams. | IPv4 UDP end-points on which an application is | |||
currently accepting datagrams. This table has been | ||||
This table has been deprecated in favor of the version | deprecated in favor of the version neutral | |||
neutral udpEndpointTable." | udpEndpointTable." | |||
::= { udp 5 } | ::= { udp 5 } | |||
udpEntry OBJECT-TYPE | udpEntry OBJECT-TYPE | |||
SYNTAX UdpEntry | SYNTAX UdpEntry | |||
MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
STATUS deprecated | STATUS deprecated | |||
DESCRIPTION | DESCRIPTION | |||
"Information about a particular current UDP listener." | "Information about a particular current UDP listener." | |||
INDEX { udpLocalAddress, udpLocalPort } | INDEX { udpLocalAddress, udpLocalPort } | |||
::= { udpTable 1 } | ::= { udpTable 1 } | |||
skipping to change at page 13, line 28 | skipping to change at page 15, line 39 | |||
UdpEntry ::= SEQUENCE { | UdpEntry ::= SEQUENCE { | |||
udpLocalAddress IpAddress, | udpLocalAddress IpAddress, | |||
udpLocalPort Integer32 | udpLocalPort Integer32 | |||
} | } | |||
udpLocalAddress OBJECT-TYPE | udpLocalAddress OBJECT-TYPE | |||
SYNTAX IpAddress | SYNTAX IpAddress | |||
MAX-ACCESS read-only | MAX-ACCESS read-only | |||
STATUS deprecated | STATUS deprecated | |||
DESCRIPTION | DESCRIPTION | |||
"The local IP address for this UDP listener. In the case of | "The local IP address for this UDP listener. In the | |||
a UDP listener which is willing to accept datagrams for any | case of a UDP listener which is willing to accept | |||
IP interface associated with the node, the value 0.0.0.0 is | datagrams for any IP interface associated with the | |||
used." | node, the value 0.0.0.0 is used." | |||
::= { udpEntry 1 } | ::= { udpEntry 1 } | |||
udpLocalPort OBJECT-TYPE | udpLocalPort OBJECT-TYPE | |||
SYNTAX Integer32 (0..65535) | SYNTAX Integer32 (0..65535) | |||
MAX-ACCESS read-only | MAX-ACCESS read-only | |||
STATUS deprecated | STATUS deprecated | |||
DESCRIPTION | DESCRIPTION | |||
"The local port number for this UDP listener." | "The local port number for this UDP listener." | |||
::= { udpEntry 2 } | ::= { udpEntry 2 } | |||
-- conformance information | -- conformance information | |||
udpMIBConformance OBJECT IDENTIFIER ::= { udpMIB 2 } | udpMIBConformance OBJECT IDENTIFIER ::= { udpMIB 2 } | |||
udpMIBCompliances OBJECT IDENTIFIER ::= { udpMIBConformance 1 } | udpMIBCompliances OBJECT IDENTIFIER ::= { udpMIBConformance 1 } | |||
udpMIBGroups OBJECT IDENTIFIER ::= { udpMIBConformance 2 } | udpMIBGroups OBJECT IDENTIFIER ::= { udpMIBConformance 2 } | |||
-- compliance statements | -- compliance statements | |||
udpMIBCompliance2 MODULE-COMPLIANCE | udpMIBCompliance2 MODULE-COMPLIANCE | |||
skipping to change at page 14, line 5 | skipping to change at page 16, line 16 | |||
udpMIBConformance OBJECT IDENTIFIER ::= { udpMIB 2 } | udpMIBConformance OBJECT IDENTIFIER ::= { udpMIB 2 } | |||
udpMIBCompliances OBJECT IDENTIFIER ::= { udpMIBConformance 1 } | udpMIBCompliances OBJECT IDENTIFIER ::= { udpMIBConformance 1 } | |||
udpMIBGroups OBJECT IDENTIFIER ::= { udpMIBConformance 2 } | udpMIBGroups OBJECT IDENTIFIER ::= { udpMIBConformance 2 } | |||
-- compliance statements | -- compliance statements | |||
udpMIBCompliance2 MODULE-COMPLIANCE | udpMIBCompliance2 MODULE-COMPLIANCE | |||
STATUS current | STATUS current | |||
DESCRIPTION | DESCRIPTION | |||
"The compliance statement for systems which implement UDP." | "The compliance statement for systems which implement | |||
UDP. | ||||
There are a number of INDEX objects that cannot be | ||||
represented in the form of OBJECT clauses in SMIv2, but | ||||
for which we have the following compliance | ||||
requirements, expressed in OBJECT clause form in this | ||||
description clause: | ||||
-- OBJECT udpEndpointLocalAddressType | ||||
-- SYNTAX InetAddressType { unknown(0), ipv4(1), | ||||
-- ipv6(2), ipv4z(3), | ||||
-- ipv6z(4) } | ||||
-- DESCRIPTION | ||||
-- Support for dns(5) is not required. | ||||
-- OBJECT udpEndpointRemoteAddressType | ||||
-- SYNTAX InetAddressType { unknown(0), ipv4(1), | ||||
-- ipv6(2), ipv4z(3), | ||||
-- ipv6z(4) } | ||||
-- DESCRIPTION | ||||
-- Support for dns(5) is not required. | ||||
" | ||||
MODULE -- this module | MODULE -- this module | |||
MANDATORY-GROUPS { udpBaseGroup, udpEndpointGroup } | MANDATORY-GROUPS { udpBaseGroup, udpEndpointGroup } | |||
GROUP udpHCGroup | GROUP udpHCGroup | |||
DESCRIPTION | DESCRIPTION | |||
"This group is mandatory for those systems which are | "This group is mandatory for those systems which | |||
capable of receiving or transmitting more than 1 | are capable of receiving or transmitting more than | |||
million UDP datagrams per second. 1 million datagrams | 1 million UDP datagrams per second. 1 million | |||
per second will cause a Counter32 to wrap in just over | datagrams per second will cause a Counter32 to | |||
an hour." | wrap in just over an hour." | |||
GROUP udpEndpointProcessGroup | ||||
DESCRIPTION | ||||
"This group is mandatory for systems which implement a | ||||
'process ID' concept, in particular those that also | ||||
implement the HOST-RESOURCES-MIB or SYSAPPL-MIB." | ||||
::= { udpMIBCompliances 2 } | ::= { udpMIBCompliances 2 } | |||
udpMIBCompliance MODULE-COMPLIANCE | udpMIBCompliance MODULE-COMPLIANCE | |||
STATUS deprecated | STATUS deprecated | |||
DESCRIPTION | DESCRIPTION | |||
"The compliance statement for IPv4-only systems which | "The compliance statement for IPv4-only systems which | |||
implement UDP. For IP version independence, this compliance | implement UDP. For IP version independence, this | |||
statement is deprecated in favor of udpMIBCompliance2. | compliance statement is deprecated in favor of | |||
However, agents are still encouraged to implement these | udpMIBCompliance2. However, agents are still | |||
objects in order to interoperate with the deployed base | encouraged to implement these objects in order to | |||
of managers." | interoperate with the deployed base of managers." | |||
MODULE -- this module | MODULE -- this module | |||
MANDATORY-GROUPS { udpGroup } | MANDATORY-GROUPS { udpGroup } | |||
::= { udpMIBCompliances 1 } | ::= { udpMIBCompliances 1 } | |||
-- units of conformance | -- units of conformance | |||
udpGroup OBJECT-GROUP | udpGroup OBJECT-GROUP | |||
OBJECTS { udpInDatagrams, udpNoPorts, | OBJECTS { udpInDatagrams, udpNoPorts, | |||
udpInErrors, udpOutDatagrams, | udpInErrors, udpOutDatagrams, | |||
udpLocalAddress, udpLocalPort } | udpLocalAddress, udpLocalPort } | |||
STATUS deprecated | STATUS deprecated | |||
DESCRIPTION | DESCRIPTION | |||
"The deprecated group of objects providing for management of | "The deprecated group of objects providing for | |||
UDP over IPv4." | management of UDP over IPv4." | |||
::= { udpMIBGroups 1 } | ::= { udpMIBGroups 1 } | |||
udpBaseGroup OBJECT-GROUP | udpBaseGroup OBJECT-GROUP | |||
OBJECTS { udpInDatagrams, udpNoPorts, udpInErrors, udpOutDatagrams } | OBJECTS { udpInDatagrams, udpNoPorts, udpInErrors, | |||
udpOutDatagrams } | ||||
STATUS current | STATUS current | |||
DESCRIPTION | DESCRIPTION | |||
"The group of objects providing for counters of UDP | "The group of objects providing for counters of UDP | |||
statistics." | statistics." | |||
::= { udpMIBGroups 2 } | ::= { udpMIBGroups 2 } | |||
udpHCGroup OBJECT-GROUP | udpHCGroup OBJECT-GROUP | |||
OBJECTS { udpHCInDatagrams, udpHCOutDatagrams } | OBJECTS { udpHCInDatagrams, udpHCOutDatagrams } | |||
STATUS current | STATUS current | |||
DESCRIPTION | DESCRIPTION | |||
"The group of objects providing for counters of high speed | "The group of objects providing for counters of high | |||
UDP implementations." | speed UDP implementations." | |||
::= { udpMIBGroups 3 } | ::= { udpMIBGroups 3 } | |||
udpEndpointGroup OBJECT-GROUP | udpEndpointGroup OBJECT-GROUP | |||
OBJECTS { udpEndpointInstance } | OBJECTS { udpEndpointProcess } | |||
STATUS current | STATUS current | |||
DESCRIPTION | DESCRIPTION | |||
"The group of objects providing for the IP version | "The group of objects providing for the IP version | |||
independent management of UDP 'endpoints'." | independent management of UDP 'endpoints'." | |||
::= { udpMIBGroups 4 } | ::= { udpMIBGroups 4 } | |||
udpEndpointProcessGroup OBJECT-GROUP | ||||
OBJECTS { udpEndpointProcess } | ||||
STATUS current | ||||
DESCRIPTION | ||||
"The object mapping a UDP 'endpoint' to a system process." | ||||
::= { udpMIBGroups 5 } | ||||
END | END | |||
4. Intellectual Property | 4. Intellectual Property | |||
The IETF takes no position regarding the validity or scope of any | The IETF takes no position regarding the validity or scope of any | |||
intellectual property or other rights that might be claimed to | intellectual property or other rights that might be claimed to | |||
pertain to the implementation or use of the technology described in | pertain to the implementation or use of the technology described in | |||
this document or the extent to which any license under such rights | this document or the extent to which any license under such rights | |||
might or might not be available; neither does it represent that it | might or might not be available; neither does it represent that it | |||
has made any effort to identify any such rights. Information on the | has made any effort to identify any such rights. Information on the | |||
skipping to change at page 17, line 25 | skipping to change at page 19, line 42 | |||
J., Rose, M. and S. Waldbusser, "Conformance Statements | J., Rose, M. and S. Waldbusser, "Conformance Statements | |||
for SMIv2", STD 58, RFC 2580, April 1999. | for SMIv2", STD 58, RFC 2580, April 1999. | |||
[RFC2790] Waldbusser, S. and P. Grillo, "Host Resources MIB", RFC | [RFC2790] Waldbusser, S. and P. Grillo, "Host Resources MIB", RFC | |||
2790, March 2000. | 2790, March 2000. | |||
[RFC3291] Daniele, M., Haberman, B., Routhier, S., and J. | [RFC3291] Daniele, M., Haberman, B., Routhier, S., and J. | |||
Schoenwaelder, "Textual Conventions for Internet Network | Schoenwaelder, "Textual Conventions for Internet Network | |||
Addresses", RFC 3291, May 2002. | Addresses", RFC 3291, May 2002. | |||
8. Informative References | [RFC3418] Presuhn, R., "Management Information Base (MIB) for the | |||
Simple Network Management Protocol (SNMP)", RFC 3418, | ||||
December 2002. | ||||
[RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, | 8. Informative References | |||
"Introduction and Applicability Statements for Internet- | ||||
Standard Management Framework", RFC 3410, December 2002. | ||||
[RFC1213] McCloghrie, K. and M. Rose, Editors, "Management | [RFC1213] McCloghrie, K. and M. Rose, Editors, "Management | |||
Information Base for Network Management of TCP/IP-based | Information Base for Network Management of TCP/IP-based | |||
internets: MIB-II", STD 17, RFC 1213, March 1991. | internets: MIB-II", STD 17, RFC 1213, March 1991. | |||
[RFC2013] McCloghrie, K., "Management Information Base for the | [RFC2013] McCloghrie, K., "Management Information Base for the | |||
User Datagram Protocol using SMIv2", RFC 2013, November | User Datagram Protocol using SMIv2", RFC 2013, November | |||
1996. | 1996. | |||
[RFC2454] Daniele, M., "IP Version 6 Management Information Base | [RFC2454] Daniele, M., "IP Version 6 Management Information Base | |||
for the User Datagram Protocol", RFC 2454, December | for the User Datagram Protocol", RFC 2454, December | |||
1998. | 1998. | |||
[RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, | ||||
"Introduction and Applicability Statements for Internet- | ||||
Standard Management Framework", RFC 3410, December 2002. | ||||
9. Security Considerations | 9. Security Considerations | |||
There are no management objects defined in this MIB that have a MAX- | There are no management objects defined in this MIB that have a MAX- | |||
ACCESS clause of read-write and/or read-create. So, if this MIB is | ACCESS clause of read-write and/or read-create. So, if this MIB is | |||
implemented correctly, then there is no risk that an intruder can | implemented correctly, then there is no risk that an intruder can | |||
alter or create any management objects of this MIB module via direct | alter or create any management objects of this MIB module via direct | |||
SNMP SET operations. | SNMP SET operations. | |||
Some of the readable objects in this MIB module (i.e., objects with a | Some of the readable objects in this MIB module (i.e., objects with a | |||
MAX-ACCESS other than not-accessible) may be considered sensitive or | MAX-ACCESS other than not-accessible) may be considered sensitive or | |||
vulnerable in some network environments. It is thus important to | vulnerable in some network environments. It is thus important to | |||
control even GET and/or NOTIFY access to these objects and possibly | control even GET and/or NOTIFY access to these objects and possibly | |||
to even encrypt the values of these objects when sending them over | to even encrypt the values of these objects when sending them over | |||
the network via SNMP. These are the tables and objects and their | the network via SNMP. These are the tables and objects and their | |||
sensitivity/vulnerability: | sensitivity/vulnerability: | |||
The udpEndpointLocalPort and udpLocalPort objects can be used to | The indices of the udpEndpointTable and udpTable contain information | |||
identify what ports are open on the machine and can thus what attacks | on the listeners on an entity. In particular, the | |||
are likely to succeed, without the attacker having to run a port | udpEndpointLocalPort and udpLocalPort objects in the indices can be | |||
scanner. | used to identify what ports are open on the machine and can thus what | |||
attacks are likely to succeed, without the attacker having to run a | ||||
port scanner. | ||||
SNMP versions prior to SNMPv3 did not include adequate security. | SNMP versions prior to SNMPv3 did not include adequate security. | |||
Even if the network itself is secure (for example by using IPSec), | Even if the network itself is secure (for example by using IPSec), | |||
even then, there is no control as to who on the secure network is | even then, there is no control as to who on the secure network is | |||
allowed to access and GET/SET (read/change/create/delete) the objects | allowed to access and GET/SET (read/change/create/delete) the objects | |||
in this MIB module. | in this MIB module. | |||
It is recommended that the implementors consider the security | It is recommended that the implementors consider the security | |||
features as provided by the SNMPv3 framework (see [RFC3410], section | features as provided by the SNMPv3 framework (see [RFC3410], section | |||
8), including full support for the SNMPv3 cryptographic mechanisms | 8), including full support for the SNMPv3 cryptographic mechanisms | |||
skipping to change at page 19, line 7 | skipping to change at page 21, line 30 | |||
John Flick | John Flick | |||
Hewlett-Packard Company | Hewlett-Packard Company | |||
8000 Foothills Blvd. M/S 5557 | 8000 Foothills Blvd. M/S 5557 | |||
Roseville, CA 95747-5557 | Roseville, CA 95747-5557 | |||
USA | USA | |||
Email: johnf@rose.hp.com | Email: johnf@rose.hp.com | |||
11. Full Copyright Statement | 11. Full Copyright Statement | |||
Copyright (C) The Internet Society (2003). All Rights Reserved. | Copyright (C) The Internet Society (2004). All Rights Reserved. | |||
This document and translations of it may be copied and furnished to | This document and translations of it may be copied and furnished to | |||
others, and derivative works that comment on or otherwise explain it | others, and derivative works that comment on or otherwise explain it | |||
or assist in its implementation may be prepared, copied, published | or assist in its implementation may be prepared, copied, published | |||
and distributed, in whole or in part, without restriction of any | and distributed, in whole or in part, without restriction of any | |||
kind, provided that the above copyright notice and this paragraph are | kind, provided that the above copyright notice and this paragraph are | |||
included on all such copies and derivative works. However, this | included on all such copies and derivative works. However, this | |||
document itself may not be modified in any way, such as by removing | document itself may not be modified in any way, such as by removing | |||
the copyright notice or references to the Internet Society or other | the copyright notice or references to the Internet Society or other | |||
Internet organizations, except as needed for the purpose of | Internet organizations, except as needed for the purpose of | |||
End of changes. | ||||
This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ |