--- 1/draft-ietf-ipv6-rfc2013-update-02.txt 2006-02-05 00:03:33.000000000 +0100 +++ 2/draft-ietf-ipv6-rfc2013-update-03.txt 2006-02-05 00:03:33.000000000 +0100 @@ -1,19 +1,20 @@ + IPv6 MIB Revision Design Team Bill Fenner INTERNET-DRAFT AT&T Research -Expires: May 2004 John Flick +Expires: October 2004 John Flick Hewlett-Packard Company - November 2003 + April 2004 Management Information Base for the User Datagram Protocol (UDP) - draft-ietf-ipv6-rfc2013-update-02.txt + draft-ietf-ipv6-rfc2013-update-03.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. @@ -28,52 +29,95 @@ The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This document is a product of the IPv6 MIB Revision Design Team. Comments should be addressed to the authors, or to the mailing list at ipv6@ietf.org. Copyright Notice - Copyright (C) The Internet Society (2003). All Rights Reserved. + Copyright (C) The Internet Society (2004). All Rights Reserved. Abstract This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes managed objects used for implementations of the User Datagram Protocol (UDP) in an IP version independent manner. This memo obsoletes RFCs 2013 and 2454. Table of Contents - 1. The Internet-Standard Management Framework ................. 4 - 2. Overview ................................................... 5 - 2.1. Relationship to Other MIBs ............................... 5 - 2.1.1. Relationship to RFC1213-MIB ............................ 5 - 2.1.2. Relationship to the IPV6-UDP-MIB ....................... 6 - 2.1.3. Relationship to HOST-RESOURCES-MIB and SYSAPPL-MIB ..... 6 - 3. Definitions ................................................ 6 - 4. Intellectual Property ...................................... 15 - 5. Acknowledgements ........................................... 16 - 6. Contributers ............................................... 16 - 7. Normative References ....................................... 16 - 8. Informative References ..................................... 17 - 9. Security Considerations .................................... 17 - 10. Editors Addresses ......................................... 18 - 11. Full Copyright Statement .................................. 19 + 1. The Internet-Standard Management Framework ................. 5 + 2. Overview ................................................... 6 + 2.1. Relationship to Other MIBs ............................... 6 + 2.1.1. Relationship to RFC1213-MIB ............................ 6 + 2.1.2. Relationship to the IPV6-UDP-MIB ....................... 7 + 2.1.3. Relationship to HOST-RESOURCES-MIB and SYSAPPL-MIB ..... 7 + 3. Definitions ................................................ 7 + 4. Intellectual Property ...................................... 18 + 5. Acknowledgements ........................................... 18 + 6. Contributers ............................................... 18 + 7. Normative References ....................................... 19 + 8. Informative References ..................................... 19 + 9. Security Considerations .................................... 20 + 10. Editors Addresses ......................................... 21 + 11. Full Copyright Statement .................................. 21 Revision History [Note to RFC Editor: Please remove prior to publication] + Changes from draft-ietf-ipv6-rfc2013-update-02.txt + + 27 April 2004 + + Added text to section 2.1.2 to clarify why an equivalent to RFC + 2454's ipv6UdpIfIndex is not required. + + Changed the text of the Security Considerations so that it no + longer implies that udpEndpointLocalPort is readable, but is + instead only returned as part of an index. + + Added an explicit reference to sysUpTime as a discontinuity + indicator to the counter objects in the mib. + + Reworded the description of udpEndpointLocalAddress to indicate + that it can be used to represent any address that the local + system is listening to, not just addresses assigned to the + system. + + Updated the description of InetAddress objects used as index + elements to indicate the 128 octet limit. + + Added a note to the description of udpEndpointRemoteAddressType + to indicate that some combinations of + udpEndpointLocalAddressType and udpEndpointRemoteAddressType are + not legal. + + Reverted udpEndpointInstance to not-accessible, since + udpEndpointProcess is now a mandatory to implement object (to + align with the TCP-MIB). + + Added text to the udpEndpointInstance description to describe + why it is needed. + + Added pseudo OBJECT clauses to the description of + udpMIBCompliance2 for udpEndpointLocalAddressType and + udpEndpointRemoteAddressType. + + Removed udpEndpointInstance from the udpEndpointGroup, since it + is now not-accessible, and added udpEndpointProcess to the + udpEndpointGroup, since it is now mandatory. Removed the + udpEndpointProcessGroup. + Changes from draft-ietf-ipv6-rfc2013-update-00.txt 24 October 2003 Dropped udpEndpointInDatagrams, udpEndpointHCInDatagrams, udpEndpointOutDatagrams, udpEndpointHCOutDatagrams, udpEndpointInOctets, udpEndpointHCInOctets, udpEndpointOutOctets, udpEndpointHCOutOctets, and udpEndpointStartTime. @@ -206,21 +251,21 @@ udpHCOutDatagrams have been added to this group since the publication of RFC 2013 in order to provide high-capacity counters for fast networks. - The udpEndpointTable provides access to status information for all UDP endpoints handled by a UDP protocol engine. The table provides for strictly listening endpoints, as with the historical udpTable, and also for "connected" UDP endpoints, which only accept packets from a given remote system. It also reports identification of the operating system level processes - which handles UDP connections. + which handle UDP connections. 2.1. Relationship to Other MIBs This section discusses the relationship of this UDP-MIB module to other MIB modules. 2.1.1. Relationship to RFC1213-MIB UDP related MIB objects were originally defined as part of the RFC1213-MIB defined in RFC 1213 [RFC1213]. The UDP related objects of @@ -248,20 +293,25 @@ udpEndpointTable thus allows for the addition of specific status and statistic objects for "connected" endpoints and connections. 2.1.2. Relationship to the IPV6-UDP-MIB The IPV6-UDP-MIB defined in RFC 2454 has been moved to Historic since the approach of having separate IP version specific tables is not followed anymore. Implementation of RFC 2454 is thus not suggested anymore. + Note that since scoped addresses are now represented using the ipv4z + and ipv6z address types, there is no longer a need to explicitly + include the ifIndex in the index clause of the udpEndpointTable. + This is a change from the use of ipv6UdpIfIndex in RFC 2454. + 2.1.3. Relationship to HOST-RESOURCES-MIB and SYSAPPL-MIB The udpEndpointTable reports the identification of the operating system level process which handles a connection or a listening endpoint. The value is reported as an Unsigned32 which is expected to be the same as the hrSWRunIndex of the HOST-RESOURCES-MIB [RFC2790] (if the value is smaller than 2147483647) or the sysApplElmtRunIndex of the SYSAPPL-MIB [RFC2287]. This allows managment applications to identify the UDP connections that belong to an operating system level process, which has proven to be valuable in operational environments. @@ -271,25 +321,27 @@ UDP-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32, Counter32, Counter64, Unsigned32, IpAddress, mib-2 FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF InetAddress, InetAddressType, InetPortNumber FROM INET-ADDRESS-MIB; udpMIB MODULE-IDENTITY - LAST-UPDATED "200310240000Z" -- October 24, 2003 - ORGANIZATION "IETF IPv6 Working Group - http://www.ietf.org/htmp.charters/ipv6-charter.html" + LAST-UPDATED "200404270000Z" -- April 27, 2004 + ORGANIZATION + "IETF IPv6 Working Group + http://www.ietf.org/htmp.lharters/ipv6-charter.html" CONTACT-INFO "Bill Fenner (editor) + AT&T Labs -- Research 75 Willow Rd. Menlo Park, CA 94025 Phone: +1 650 330-7893 Email: John Flick (editor) Hewlett-Packard Company @@ -290,156 +342,192 @@ Phone: +1 650 330-7893 Email: John Flick (editor) Hewlett-Packard Company 8000 Foothills Blvd. M/S 5557 Roseville, CA 95747 Phone: +1 916 785 4018 - Email: " + Email: + Send comments to " DESCRIPTION "The MIB module for managing UDP implementations. - Copyright (C) The Internet Society (2003). This + Copyright (C) The Internet Society (2004). This version of this MIB module is part of RFC XXXX; - see the RFC itself for full legal notices. - -- RFC Ed.: Replace XXXX with the actual RFC number & remove - -- this note" - REVISION "200310240000Z" -- October 24, 2003 + see the RFC itself for full legal notices." + -- RFC Ed.: Replace XXXX with actual RFC number & remove note + REVISION "200404270000Z" -- April 27, 2004 DESCRIPTION "IP version neutral revision, published as RFC XXXX." - -- RFC Ed.: Replace XXXX with the actual RFC number & remove - -- this note" + -- RFC Ed.: Replace XXXX with actual RFC number & remove note REVISION "199411010000Z" -- November 1, 1994 DESCRIPTION "Initial SMIv2 version, published as RFC 2013." REVISION "199103310000Z" -- March 31, 1991 DESCRIPTION - "The initial revision of this MIB module was part of MIB-II." + "The initial revision of this MIB module was part of + MIB-II." ::= { mib-2 50 } -- the UDP group udp OBJECT IDENTIFIER ::= { mib-2 7 } udpInDatagrams OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION - "The total number of UDP datagrams delivered to UDP users." + "The total number of UDP datagrams delivered to UDP + users. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by discontinuities in the + value of sysUpTime." ::= { udp 1 } + udpNoPorts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION - "The total number of received UDP datagrams for which there - was no application at the destination port." + "The total number of received UDP datagrams for which + there was no application at the destination port. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by discontinuities in the + value of sysUpTime." ::= { udp 2 } udpInErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of received UDP datagrams that could not be - delivered for reasons other than the lack of an application - at the destination port." + delivered for reasons other than the lack of an + application at the destination port. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by discontinuities in the + value of sysUpTime." ::= { udp 3 } udpOutDatagrams OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION - "The total number of UDP datagrams sent from this entity." - ::= { udp 4 } + "The total number of UDP datagrams sent from this + entity. + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by discontinuities in the + value of sysUpTime." + ::= { udp 4 } udpHCInDatagrams OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION - "The total number of UDP datagrams delivered to UDP users, - for devices which can receive more than 1 million UDP - datagrams per second." + "The total number of UDP datagrams delivered to UDP + users, for devices which can receive more than 1 + million UDP datagrams per second. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by discontinuities in the + value of sysUpTime." ::= { udp 8 } udpHCOutDatagrams OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION - "The total number of UDP datagrams sent from this entity, for - devices which can transmit more than 1 million UDP datagrams - per second." + "The total number of UDP datagrams sent from this + entity, for devices which can transmit more than 1 + million UDP datagrams per second. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by discontinuities in the + value of sysUpTime." ::= { udp 9 } -- - -- { udp 6 } was defined as the ipv6UdpTable in RFC2454's IPV6-UDP-MIB. - -- This RFC obsoletes RFC 2454, so { udp 6 } is obsoleted. + -- { udp 6 } was defined as the ipv6UdpTable in RFC2454's + -- IPV6-UDP-MIB. This RFC obsoletes RFC 2454, so { udp 6 } is + -- obsoleted. -- -- The UDP "Endpoint" table. udpEndpointTable OBJECT-TYPE SYNTAX SEQUENCE OF UdpEndpointEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing information about this entity's UDP endpoints on which a local application is currently accepting or sending datagrams. - The address type in this table represents the address type - used for the communication, irrespective of the higher-layer - abstraction. For example, an application using IPv6 - 'sockets' to communicate via IPv4 between ::ffff:10.0.0.1 - and ::ffff:10.0.0.2 would use InetAddressType ipv4(1). + The address type in this table represents the address + type used for the communication, irrespective of the + higher-layer abstraction. For example, an application + using IPv6 'sockets' to communicate via IPv4 between + ::ffff:10.0.0.1 and ::ffff:10.0.0.2 would use + InetAddressType ipv4(1). - Unlike the udpTable in RFC 2013, this table also allows the - representation of an application which completely specifies - both local and remote addresses and ports. A listening - application is represented in three possible ways: + Unlike the udpTable in RFC 2013, this table also allows + the representation of an application which completely + specifies both local and remote addresses and ports. A + listening application is represented in three possible + ways: - 1) an application which is willing to accept both IPv4 and - IPv6 datagrams is represented by a + 1) an application which is willing to accept both IPv4 + and IPv6 datagrams is represented by a udpEndpointLocalAddressType of unknown(0) and udpEndpointLocalAddress of ''h (a zero-length octet-string). - 2) an application which is willing to accept only IPv4 or - only IPv6 datagrams is represented by a - udpEndpointLocalAddressType of the appropriate address - type, and udpEndpointLocalAddress of ''h (a zero-length - octet-string). + 2) an application which is willing to accept only IPv4 + or only IPv6 datagrams is represented by a + udpEndpointLocalAddressType of the appropriate + address type, and udpEndpointLocalAddress of ''h (a + zero-length octet-string). - 3) an application which is listening for datagrams only for - a specific IP address, but from any remote system, is - repesented by a udpEndpointLocalAddressType of the - appropriate address type, udpEndpointLocalAddress - specifying the local address. + 3) an application which is listening for datagrams only + for a specific IP address, but from any remote + system, is repesented by a + udpEndpointLocalAddressType of the appropriate + address type, udpEndpointLocalAddress specifying the + local address. In all cases where the remote is a wildcard, the udpEndpointRemoteAddressType is unknown(0), the - udpEndpointRemoteAdderess is ''h (a zero-length + udpEndpointRemoteAddress is ''h (a zero-length octet-string), and the udpEndpointRemotePort is 0. - If the operating system is demultiplexing UDP packets by - remote address and port, or if the application has - 'connected' the socket specifying a default remote address - and port, the udpEndpointRemote* values should be used to - reflect this." + If the operating system is demultiplexing UDP packets + by remote address and port, or if the application has + 'connected' the socket specifying a default remote + address and port, the udpEndpointRemote* values should + be used to reflect this." ::= { udp 7 } udpEndpointEntry OBJECT-TYPE SYNTAX UdpEndpointEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a particular current UDP endpoint. Implementers need to be aware that if the total number @@ -466,122 +554,146 @@ udpEndpointRemotePort InetPortNumber, udpEndpointInstance Unsigned32, udpEndpointProcess Unsigned32 } udpEndpointLocalAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION - "The address type of udpEndpointLocalAddress. Only IPv4, - IPv4z, IPv6 and IPv6z addresses are expected, or + "The address type of udpEndpointLocalAddress. Only + IPv4, IPv4z, IPv6 and IPv6z addresses are expected, or unknown(0) if datagrams for all local IP addresses are accepted." ::= { udpEndpointEntry 1 } udpEndpointLocalAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION - "The local IP address for this UDP endpoint. This is either - one of the IP addresses assigned to the system, or a null - octet-string (''h) to represent that datagrams destined to - any address assigned to the system of an IP version + "The local IP address for this UDP endpoint. This is + either one of the IP addresses for which this node is + receiving packets, or a null octet-string (''h) to + represent that datagrams destined to any address to + which the system is listening of an IP version consistent with udpEndpointLocalAddressType (or any IP - version, if udpEndpointLocalAddressType is unknown(0)) will - be accepted." + version, if udpEndpointLocalAddressType is unknown(0)) + will be accepted. + + As this object is used in the index for the + udpEndpointTable, implementors of this table should be + careful not to create entries that would result in OIDs + with more than 128 subidentifiers; else the information + cannot be accessed using SNMPv1, SNMPv2c or SNMPv3." ::= { udpEndpointEntry 2 } udpEndpointLocalPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS not-accessible STATUS current DESCRIPTION "The local port number for this UDP endpoint." ::= { udpEndpointEntry 3 } udpEndpointRemoteAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION - "The address type of udpEndpointRemoteAddress. Only IPv4, - IPv4z, IPv6 and IPv6 addresses are expected, or + "The address type of udpEndpointRemoteAddress. Only + IPv4, IPv4z, IPv6 and IPv6z addresses are expected, or unknown(0) if datagrams for all remote IP addresses are - accepted." + accepted. Also, note that some combinations of + udpEndpointLocalAdressType and + udpEndpointRemoteAddressType are not supported. In + particular, if the value of this object is not + unknown(0), it is expected to always refer to the + same IP version as udpEndpointLocalAddressType." ::= { udpEndpointEntry 4 } udpEndpointRemoteAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION - "The remote IP address for this UDP endpoint. If datagrams - from any remote system are to be accepted, this value is ''h - (a zero-length octet-string). Otherwise, it has the type - described by udpEndpointRemoteAddressType, and is the - address of the remote system from which datagrams are to be - accepted (or to which all datagrams will be sent)." + "The remote IP address for this UDP endpoint. If + datagrams from any remote system are to be accepted, + this value is ''h (a zero-length octet-string). + Otherwise, it has the type described by + udpEndpointRemoteAddressType, and is the address of the + remote system from which datagrams are to be accepted + (or to which all datagrams will be sent). + + As this object is used in the index for the + udpEndpointTable, implementors of this table should be + careful not to create entries that would result in OIDs + with more than 128 subidentifiers; else the information + cannot be accessed using SNMPv1, SNMPv2c or SNMPv3." ::= { udpEndpointEntry 5 } + udpEndpointRemotePort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS not-accessible STATUS current DESCRIPTION - "The remote port number for this UDP endpoint. If datagrams - from any remote system are to be accepted, this value is - zero." + "The remote port number for this UDP endpoint. If + datagrams from any remote system are to be accepted, + this value is zero." ::= { udpEndpointEntry 6 } udpEndpointInstance OBJECT-TYPE SYNTAX Unsigned32 (1..'ffffffff'h) - MAX-ACCESS read-only + MAX-ACCESS not-accessible STATUS current DESCRIPTION "The instance of this tuple. This object is used to - distinguish between multiple processes 'connected' to the - same UDP endpoint." + distinguish between multiple processes 'connected' to + the same UDP endpoint. For example, on a system + implementing the BSD sockets interface, this would be + used to support the SO_REUSEADDR and SO_REUSEPORT + socket options." ::= { udpEndpointEntry 7 } udpEndpointProcess OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION - "The system's process ID for the process associated with this - endpoint, or zero if there is no such process. This value - is expected to be the same as - HOST-RESOURCES-MIB::hrSWRunIndex or - SYSAPPL-MIB::sysApplElmtRunIndex for some row in the - appropriate tables." + "The system's process ID for the process associated with + this endpoint, or zero if there is no such process. + This value is expected to be the same as + HOST-RESOURCES-MIB::hrSWRunIndex or SYSAPPL-MIB:: + sysApplElmtRunIndex for some row in the appropriate + tables." ::= { udpEndpointEntry 8 } -- The deprecated UDP Listener table - -- The deprecated UDP listener table only contains information about this - -- entity's IPv4 UDP end-points on which a local application is - -- currently accepting datagrams. It does not provide more detailed - -- connection information, or information about IPv6 endpoints. + -- The deprecated UDP listener table only contains information + -- about this entity's IPv4 UDP end-points on which a local + -- application is currently accepting datagrams. It does not + -- provide more detailed connection information, or information + -- about IPv6 endpoints. udpTable OBJECT-TYPE SYNTAX SEQUENCE OF UdpEntry MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION - "A table containing IPv4-specific UDP listener information. - It contains information about all local IPv4 UDP end-points - on which an application is currently accepting datagrams. - - This table has been deprecated in favor of the version - neutral udpEndpointTable." + "A table containing IPv4-specific UDP listener + information. It contains information about all local + IPv4 UDP end-points on which an application is + currently accepting datagrams. This table has been + deprecated in favor of the version neutral + udpEndpointTable." ::= { udp 5 } udpEntry OBJECT-TYPE SYNTAX UdpEntry MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "Information about a particular current UDP listener." INDEX { udpLocalAddress, udpLocalPort } ::= { udpTable 1 } @@ -589,34 +701,33 @@ UdpEntry ::= SEQUENCE { udpLocalAddress IpAddress, udpLocalPort Integer32 } udpLocalAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS deprecated DESCRIPTION - "The local IP address for this UDP listener. In the case of - a UDP listener which is willing to accept datagrams for any - IP interface associated with the node, the value 0.0.0.0 is - used." + "The local IP address for this UDP listener. In the + case of a UDP listener which is willing to accept + datagrams for any IP interface associated with the + node, the value 0.0.0.0 is used." ::= { udpEntry 1 } udpLocalPort OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The local port number for this UDP listener." ::= { udpEntry 2 } - -- conformance information udpMIBConformance OBJECT IDENTIFIER ::= { udpMIB 2 } udpMIBCompliances OBJECT IDENTIFIER ::= { udpMIBConformance 1 } udpMIBGroups OBJECT IDENTIFIER ::= { udpMIBConformance 2 } -- compliance statements udpMIBCompliance2 MODULE-COMPLIANCE @@ -615,93 +726,103 @@ udpMIBConformance OBJECT IDENTIFIER ::= { udpMIB 2 } udpMIBCompliances OBJECT IDENTIFIER ::= { udpMIBConformance 1 } udpMIBGroups OBJECT IDENTIFIER ::= { udpMIBConformance 2 } -- compliance statements udpMIBCompliance2 MODULE-COMPLIANCE STATUS current DESCRIPTION - "The compliance statement for systems which implement UDP." + "The compliance statement for systems which implement + UDP. + + There are a number of INDEX objects that cannot be + represented in the form of OBJECT clauses in SMIv2, but + for which we have the following compliance + requirements, expressed in OBJECT clause form in this + description clause: + + -- OBJECT udpEndpointLocalAddressType + -- SYNTAX InetAddressType { unknown(0), ipv4(1), + -- ipv6(2), ipv4z(3), + -- ipv6z(4) } + -- DESCRIPTION + -- Support for dns(5) is not required. + -- OBJECT udpEndpointRemoteAddressType + -- SYNTAX InetAddressType { unknown(0), ipv4(1), + -- ipv6(2), ipv4z(3), + -- ipv6z(4) } + -- DESCRIPTION + -- Support for dns(5) is not required. + " MODULE -- this module MANDATORY-GROUPS { udpBaseGroup, udpEndpointGroup } GROUP udpHCGroup DESCRIPTION - "This group is mandatory for those systems which are - capable of receiving or transmitting more than 1 - million UDP datagrams per second. 1 million datagrams - per second will cause a Counter32 to wrap in just over - an hour." - GROUP udpEndpointProcessGroup - DESCRIPTION - "This group is mandatory for systems which implement a - 'process ID' concept, in particular those that also - implement the HOST-RESOURCES-MIB or SYSAPPL-MIB." + "This group is mandatory for those systems which + are capable of receiving or transmitting more than + 1 million UDP datagrams per second. 1 million + datagrams per second will cause a Counter32 to + wrap in just over an hour." ::= { udpMIBCompliances 2 } udpMIBCompliance MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for IPv4-only systems which - implement UDP. For IP version independence, this compliance - statement is deprecated in favor of udpMIBCompliance2. - However, agents are still encouraged to implement these - objects in order to interoperate with the deployed base - of managers." + implement UDP. For IP version independence, this + compliance statement is deprecated in favor of + udpMIBCompliance2. However, agents are still + encouraged to implement these objects in order to + interoperate with the deployed base of managers." MODULE -- this module MANDATORY-GROUPS { udpGroup } ::= { udpMIBCompliances 1 } -- units of conformance udpGroup OBJECT-GROUP OBJECTS { udpInDatagrams, udpNoPorts, udpInErrors, udpOutDatagrams, udpLocalAddress, udpLocalPort } STATUS deprecated DESCRIPTION - "The deprecated group of objects providing for management of - UDP over IPv4." + "The deprecated group of objects providing for + management of UDP over IPv4." ::= { udpMIBGroups 1 } udpBaseGroup OBJECT-GROUP - OBJECTS { udpInDatagrams, udpNoPorts, udpInErrors, udpOutDatagrams } + OBJECTS { udpInDatagrams, udpNoPorts, udpInErrors, + udpOutDatagrams } STATUS current DESCRIPTION "The group of objects providing for counters of UDP statistics." ::= { udpMIBGroups 2 } udpHCGroup OBJECT-GROUP OBJECTS { udpHCInDatagrams, udpHCOutDatagrams } STATUS current DESCRIPTION - "The group of objects providing for counters of high speed - UDP implementations." + "The group of objects providing for counters of high + speed UDP implementations." ::= { udpMIBGroups 3 } udpEndpointGroup OBJECT-GROUP - OBJECTS { udpEndpointInstance } + OBJECTS { udpEndpointProcess } STATUS current DESCRIPTION "The group of objects providing for the IP version independent management of UDP 'endpoints'." ::= { udpMIBGroups 4 } - udpEndpointProcessGroup OBJECT-GROUP - OBJECTS { udpEndpointProcess } - STATUS current - DESCRIPTION - "The object mapping a UDP 'endpoint' to a system process." - ::= { udpMIBGroups 5 } - END 4. Intellectual Property The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the @@ -774,58 +895,64 @@ J., Rose, M. and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [RFC2790] Waldbusser, S. and P. Grillo, "Host Resources MIB", RFC 2790, March 2000. [RFC3291] Daniele, M., Haberman, B., Routhier, S., and J. Schoenwaelder, "Textual Conventions for Internet Network Addresses", RFC 3291, May 2002. -8. Informative References + [RFC3418] Presuhn, R., "Management Information Base (MIB) for the + Simple Network Management Protocol (SNMP)", RFC 3418, + December 2002. - [RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, - "Introduction and Applicability Statements for Internet- - Standard Management Framework", RFC 3410, December 2002. +8. Informative References [RFC1213] McCloghrie, K. and M. Rose, Editors, "Management Information Base for Network Management of TCP/IP-based internets: MIB-II", STD 17, RFC 1213, March 1991. [RFC2013] McCloghrie, K., "Management Information Base for the User Datagram Protocol using SMIv2", RFC 2013, November 1996. [RFC2454] Daniele, M., "IP Version 6 Management Information Base for the User Datagram Protocol", RFC 2454, December 1998. + [RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, + "Introduction and Applicability Statements for Internet- + Standard Management Framework", RFC 3410, December 2002. + 9. Security Considerations There are no management objects defined in this MIB that have a MAX- ACCESS clause of read-write and/or read-create. So, if this MIB is implemented correctly, then there is no risk that an intruder can alter or create any management objects of this MIB module via direct SNMP SET operations. Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability: - The udpEndpointLocalPort and udpLocalPort objects can be used to - identify what ports are open on the machine and can thus what attacks - are likely to succeed, without the attacker having to run a port - scanner. + The indices of the udpEndpointTable and udpTable contain information + on the listeners on an entity. In particular, the + udpEndpointLocalPort and udpLocalPort objects in the indices can be + used to identify what ports are open on the machine and can thus what + attacks are likely to succeed, without the attacker having to run a + port scanner. SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. It is recommended that the implementors consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms @@ -852,21 +979,21 @@ John Flick Hewlett-Packard Company 8000 Foothills Blvd. M/S 5557 Roseville, CA 95747-5557 USA Email: johnf@rose.hp.com 11. Full Copyright Statement - Copyright (C) The Internet Society (2003). All Rights Reserved. + Copyright (C) The Internet Society (2004). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of