idnits 2.17.1 draft-ietf-ipngwg-rfc2012-update-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The abstract seems to contain references ([5]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (July 2001) is 8319 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Missing reference section? '5' on line 801 looks like a reference -- Missing reference section? '7' on line 807 looks like a reference -- Missing reference section? '8' on line 810 looks like a reference -- Missing reference section? '9' on line 814 looks like a reference -- Missing reference section? '10' on line 817 looks like a reference -- Missing reference section? '11' on line 820 looks like a reference -- Missing reference section? '12' on line 824 looks like a reference -- Missing reference section? '13' on line 828 looks like a reference -- Missing reference section? '14' on line 832 looks like a reference -- Missing reference section? '15' on line 835 looks like a reference -- Missing reference section? '16' on line 838 looks like a reference -- Missing reference section? '17' on line 842 looks like a reference -- Missing reference section? '18' on line 897 looks like a reference -- Missing reference section? '19' on line 850 looks like a reference -- Missing reference section? '20' on line 854 looks like a reference -- Missing reference section? '21' on line 898 looks like a reference -- Missing reference section? '22' on line 861 looks like a reference -- Missing reference section? '1' on line 205 looks like a reference -- Missing reference section? '2' on line 791 looks like a reference -- Missing reference section? '3' on line 794 looks like a reference -- Missing reference section? '4' on line 798 looks like a reference -- Missing reference section? '6' on line 804 looks like a reference Summary: 4 errors (**), 0 flaws (~~), 2 warnings (==), 24 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 IPv6 MIB Revision Design Team Bill Fenner 2 INTERNET-DRAFT AT&T Research 3 Expires: January 2002 Brian Haberman 4 Nortel Networks 5 Keith McCloghrie 6 Cisco Systems 7 Juergen Schoenwalder 8 TU Braunschweig 9 Dave Thaler 10 Microsoft 11 July 2001 13 Management Information Base 14 for the Transmission Control Protocol (TCP) 15 draft-ietf-ipngwg-rfc2012-update-00.txt 17 Status of this Document 19 This document is an Internet-Draft and is in full conformance with all 20 provisions of Section 10 of RFC2026. 22 Internet-Drafts are working documents of the Internet Engineering Task 23 Force (IETF), its areas, and its working groups. Note that other groups 24 may also distribute working documents as Internet-Drafts. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference material 29 or to cite them other than as "work in progress." 31 The list of current Internet-Drafts can be accessed at 32 http://www.ietf.org/ietf/1id-abstracts.txt 34 The list of Internet-Draft Shadow Directories can be accessed at 35 http://www.ietf.org/shadow.html. 37 This document is a product of the IPv6 MIB Revision Design Team. 38 Comments should be addressed to the authors, or the mailing list at 39 ipng@sunroof.eng.sun.com. 41 Copyright Notice 43 Copyright (C) The Internet Society (2001). All Rights Reserved. 45 Abstract 47 This memo defines a portion of the Management Information Base (MIB) for 48 use with network management protocols in the Internet community. In 49 particular, it describes managed objects used for implementations of the 50 Transmission Control Protocol (TCP) [5] in an IP version independent 51 manner. 53 Table of Contents 55 1. The SNMP Management Framework . . . . . . . . . . . . . . . . . . 3 56 2. Revision History. . . . . . . . . . . . . . . . . . . . . . . . . 4 57 3. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 58 4. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 59 5. Acknowledgements. . . . . . . . . . . . . . . . . . . . . . . . . 18 60 6. References. . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 61 7. Security Considerations . . . . . . . . . . . . . . . . . . . . . 20 62 8. Editor's Address. . . . . . . . . . . . . . . . . . . . . . . . . 21 63 9. Full Copyright Statement. . . . . . . . . . . . . . . . . . . . . 21 65 1. The SNMP Management Framework 67 The SNMP Management Framework presently consists of five major 68 components: 70 o An overall architecture, described in RFC 2571 [7]. 72 o Mechanisms for describing and naming objects and events for the 73 purpose of management. The first version of this Structure of 74 Management Information (SMI) is called SMIv1 and described in STD 16, 75 RFC 1155 [8], STD 16, RFC 1212 [9] and RFC 1215 [10]. The second 76 version, called SMIv2, is described in STD 58, RFC 2578 [11], STD 58, 77 RFC 2579 [12] and STD 58, RFC 2580 [13]. 79 o Message protocols for transferring management information. The first 80 version of the SNMP message protocol is called SNMPv1 and described in 81 STD 15, RFC 1157 [14]. A second version of the SNMP message protocol, 82 which is not an Internet standards track protocol, is called SNMPv2c 83 and described in RFC 1901 [15] and RFC 1906 [16]. The third version of 84 the message protocol is called SNMPv3 and described in RFC 1906 [16], 85 RFC 2572 [17] and RFC 2574 [18]. 87 o Protocol operations for accessing management information. The first 88 set of protocol operations and associated PDU formats is described in 89 STD 15, RFC 1157 [14]. A second set of protocol operations and 90 associated PDU formats is described in RFC 1905 [19]. 92 o A set of fundamental applications described in RFC 2573 [20] and the 93 view-based access control mechanism described in RFC 2575 [21]. 95 A more detailed introduction to the current SNMP Management Framework 96 can be found in RFC 2570 [22]. 98 Managed objects are accessed via a virtual information store, termed the 99 Management Information Base or MIB. Objects in the MIB are defined 100 using the mechanisms defined in the SMI. 102 This memo specifies a MIB module that is compliant to the SMIv2. A MIB 103 conforming to the SMIv1 can be produced through the appropriate 104 translations. The resulting translated MIB must be semantically 105 equivalent, except where objects or events are omitted because no 106 translation is possible (use of Counter64). Some machine readable 107 information in SMIv2 will be converted into textual descriptions in 108 SMIv1 during the translation process. However, this loss of machine 109 readable information is not considered to change the semantics of the 110 MIB. 112 2. Revision History 114 Changes from draft-ops-rfc2012-update-00.txt 116 12 Jul 2001 118 Turned into IPNG WG document 120 Added tcpCountersGroup for per-connection counters 122 Changes from first draft posted to v6mib mailing list: 124 23 Feb 2001 126 Made threshold for HC packet counters 1Mpps 128 Added copyright statements and table of contents 130 21 Feb 2001 -- Juergen's changes 132 Renamed tcpInetConn* to tcpConnection* 134 Updated Conformance info 136 Added missing tcpConnectionState and tcpConnState objects to 137 SEQUENCEs 139 6 Feb 2001 141 Removed v6-only objects. 143 Renamed inetTcp* to tcpInet* 144 Added SIZE restriction to InetAddress index objects. (36 = 32-byte 145 addresses plus 4-byte scope, but it's just a strawman) 147 Used InetPortNumber TC from updated INET-ADDRESS-MIB 149 Updated compliance statements. 151 Added Keith to authors 153 Added open issues section. 155 3. Definitions 157 TCP-MIB DEFINITIONS ::= BEGIN 159 IMPORTS 160 MODULE-IDENTITY, OBJECT-TYPE, Integer32, Gauge32, 161 Counter32, Counter64, IpAddress, mib-2 162 FROM SNMPv2-SMI 163 TimeStamp FROM SNMPv2-TC 164 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF 165 InetAddress, InetAddressType, 166 InetPortNumber FROM INET-ADDRESS-MIB; 168 tcpMIB MODULE-IDENTITY 169 LAST-UPDATED "200107120000Z" 170 ORGANIZATION "IETF IPv6 MIB Revision Team" 171 CONTACT-INFO 172 "Bill Fenner (editor) 174 AT&T Labs -- Research 175 75 Willow Rd. 176 Menlo Park, CA 94025 178 Phone: +1 650 330-7893 179 Email: " 180 DESCRIPTION 181 "The MIB module for managing TCP implementations." 182 REVISION "200107120000Z" 183 DESCRIPTION 184 "IP version neutral revision, published as RFC XXXX." 185 REVISION "9411010000Z" 186 DESCRIPTION 187 "Initial SMIv2 version, published as RFC 2012." 188 REVISION "9103310000Z" 189 DESCRIPTION 190 "The initial revision of this MIB module was part of MIB-II." 192 ::= { mib-2 49 } 194 -- the TCP base variables group 196 tcp OBJECT IDENTIFIER ::= { mib-2 6 } 198 -- Scalars 200 tcpRtoAlgorithm OBJECT-TYPE 201 SYNTAX INTEGER { 202 other(1), -- none of the following 203 constant(2), -- a constant rto 204 rsre(3), -- MIL-STD-1778, Appendix B 205 vanj(4) -- Van Jacobson's algorithm [1] 206 } 207 MAX-ACCESS read-only 208 STATUS current 209 DESCRIPTION 210 "The algorithm used to determine the timeout value used for 211 retransmitting unacknowledged octets." 212 ::= { tcp 1 } 214 tcpRtoMin OBJECT-TYPE 215 SYNTAX Integer32 216 UNITS "milliseconds" 217 MAX-ACCESS read-only 218 STATUS current 219 DESCRIPTION 220 "The minimum value permitted by a TCP implementation for the 221 retransmission timeout, measured in milliseconds. More 222 refined semantics for objects of this type depend upon the 223 algorithm used to determine the retransmission timeout. In 224 particular, when the timeout algorithm is rsre(3), an object 225 of this type has the semantics of the LBOUND quantity 226 described in RFC 793." 227 ::= { tcp 2 } 229 tcpRtoMax OBJECT-TYPE 230 SYNTAX Integer32 231 UNITS "milliseconds" 232 MAX-ACCESS read-only 233 STATUS current 234 DESCRIPTION 235 "The maximum value permitted by a TCP implementation for the 236 retransmission timeout, measured in milliseconds. More 237 refined semantics for objects of this type depend upon the 238 algorithm used to determine the retransmission timeout. In 239 particular, when the timeout algorithm is rsre(3), an object 240 of this type has the semantics of the UBOUND quantity 241 described in RFC 793." 242 ::= { tcp 3 } 244 tcpMaxConn OBJECT-TYPE 245 SYNTAX Integer32 246 MAX-ACCESS read-only 247 STATUS current 248 DESCRIPTION 249 "The limit on the total number of TCP connections the entity 250 can support. In entities where the maximum number of 251 connections is dynamic, this object should contain the value 252 -1." 253 ::= { tcp 4 } 255 tcpActiveOpens OBJECT-TYPE 256 SYNTAX Counter32 257 MAX-ACCESS read-only 258 STATUS current 259 DESCRIPTION 260 "The number of times TCP connections have made a direct 261 transition to the SYN-SENT state from the CLOSED state." 262 ::= { tcp 5 } 264 tcpPassiveOpens OBJECT-TYPE 265 SYNTAX Counter32 266 MAX-ACCESS read-only 267 STATUS current 268 DESCRIPTION 269 "The number of times TCP connections have made a direct 270 transition to the SYN-RCVD state from the LISTEN state." 271 ::= { tcp 6 } 273 tcpAttemptFails OBJECT-TYPE 274 SYNTAX Counter32 275 MAX-ACCESS read-only 276 STATUS current 277 DESCRIPTION 278 "The number of times TCP connections have made a direct 279 transition to the CLOSED state from either the SYN-SENT 280 state or the SYN-RCVD state, plus the number of times TCP 281 connections have made a direct transition to the LISTEN 282 state from the SYN-RCVD state." 283 ::= { tcp 7 } 285 tcpEstabResets OBJECT-TYPE 286 SYNTAX Counter32 287 MAX-ACCESS read-only 288 STATUS current 289 DESCRIPTION 290 "The number of times TCP connections have made a direct 291 transition to the CLOSED state from either the ESTABLISHED 292 state or the CLOSE-WAIT state." 293 ::= { tcp 8 } 295 tcpCurrEstab OBJECT-TYPE 296 SYNTAX Gauge32 297 MAX-ACCESS read-only 298 STATUS current 299 DESCRIPTION 300 "The number of TCP connections for which the current state is 301 either ESTABLISHED or CLOSE-WAIT." 302 ::= { tcp 9 } 304 tcpInSegs OBJECT-TYPE 305 SYNTAX Counter32 306 MAX-ACCESS read-only 307 STATUS current 308 DESCRIPTION 309 "The total number of segments received, including those 310 received in error. This count includes segments received on 311 currently established connections." 312 ::= { tcp 10 } 314 tcpOutSegs OBJECT-TYPE 315 SYNTAX Counter32 316 MAX-ACCESS read-only 317 STATUS current 318 DESCRIPTION 319 "The total number of segments sent, including those on 320 current connections but excluding those containing only 321 retransmitted octets." 322 ::= { tcp 11 } 324 tcpRetransSegs OBJECT-TYPE 325 SYNTAX Counter32 326 MAX-ACCESS read-only 327 STATUS current 328 DESCRIPTION 329 "The total number of segments retransmitted - that is, the 330 number of TCP segments transmitted containing one or more 331 previously transmitted octets." 332 ::= { tcp 12 } 334 tcpInErrs OBJECT-TYPE 335 SYNTAX Counter32 336 MAX-ACCESS read-only 337 STATUS current 338 DESCRIPTION 339 "The total number of segments received in error (e.g., bad 340 TCP checksums)." 341 ::= { tcp 14 } 343 tcpOutRsts OBJECT-TYPE 344 SYNTAX Counter32 345 MAX-ACCESS read-only 346 STATUS current 347 DESCRIPTION 348 "The number of TCP segments sent containing the RST flag." 349 ::= { tcp 15 } 351 tcpHCInSegs OBJECT-TYPE 352 SYNTAX Counter64 353 MAX-ACCESS read-only 354 STATUS current 355 DESCRIPTION 356 "The total number of segments received, including those 357 received in error, on systems that can receive more than 1 358 million TCP packets per second. This count includes 359 segments received on currently established connections." 360 ::= { tcp 17 } 362 tcpHCOutSegs OBJECT-TYPE 363 SYNTAX Counter64 364 MAX-ACCESS read-only 365 STATUS current 366 DESCRIPTION 367 "The total number of segments sent, including those on 368 current connections but excluding those containing only 369 retransmitted octets, on systems that can transmit more than 370 1 million TCP packets per second." 371 ::= { tcp 18 } 373 -- The TCP Connection table 375 tcpConnectionTable OBJECT-TYPE 376 SYNTAX SEQUENCE OF TcpConnectionEntry 377 MAX-ACCESS not-accessible 378 STATUS current 379 DESCRIPTION 380 "A table containing information about existing TCP 381 connections or listeners." 383 ::= { tcp 19 } 385 tcpConnectionEntry OBJECT-TYPE 386 SYNTAX TcpConnectionEntry 387 MAX-ACCESS not-accessible 388 STATUS current 389 DESCRIPTION 390 "A conceptual row of the tcpConnectionTable containing 391 information about a particular current TCP connection. Each 392 row of this table is transient, in that it ceases to exist 393 when (or soon after) the connection makes the transition to 394 the CLOSED state." 395 INDEX { tcpConnectionLocalAddressType, 396 tcpConnectionLocalAddress, 397 tcpConnectionLocalPort, 398 tcpConnectionRemAddressType, 399 tcpConnectionRemAddress, 400 tcpConnectionRemPort } 401 ::= { tcpConnectionTable 1 } 403 TcpConnectionEntry ::= SEQUENCE { 404 tcpConnectionLocalAddressType InetAddressType, 405 tcpConnectionLocalAddress InetAddress, 406 tcpConnectionLocalPort InetPortNumber, 407 tcpConnectionRemAddressType InetAddressType, 408 tcpConnectionRemAddress InetAddress, 409 tcpConnectionRemPort InetPortNumber, 410 tcpConnectionState INTEGER, 411 tcpConnectionInPackets Integer32, 412 tcpConnectionOutPackets Integer32, 413 tcpConnectionInOctets Integer32, 414 tcpConnectionOutOctets Integer32, 415 tcpConnectionStartTime TimeStamp 416 } 418 tcpConnectionLocalAddressType OBJECT-TYPE 419 SYNTAX InetAddressType 420 MAX-ACCESS not-accessible 421 STATUS current 422 DESCRIPTION 423 "The address type of tcpConnectionLocalAddress. Only IPv4 424 and IPv6 addresses are expected." 425 ::= { tcpConnectionEntry 1 } 427 tcpConnectionLocalAddress OBJECT-TYPE 428 SYNTAX InetAddress (SIZE(0..36)) 429 MAX-ACCESS not-accessible 430 STATUS current 431 DESCRIPTION 432 "The local IP address for this TCP connection. In the case 433 of a connection in the listen state which is willing to 434 accept connections for any IP interface associated with the 435 node, a value of all zeroes is used." 436 ::= { tcpConnectionEntry 2 } 438 tcpConnectionLocalPort OBJECT-TYPE 439 SYNTAX InetPortNumber 440 MAX-ACCESS not-accessible 441 STATUS current 442 DESCRIPTION 443 "The local port number for this TCP connection." 444 ::= { tcpConnectionEntry 3 } 446 tcpConnectionRemAddressType OBJECT-TYPE 447 SYNTAX InetAddressType 448 MAX-ACCESS not-accessible 449 STATUS current 450 DESCRIPTION 451 "The address type of tcpConnectionRemAddress. Only IPv4 and 452 IPv6 addresses are expected. Must be the same as 453 tcpConnectionLocalAddressType." 454 ::= { tcpConnectionEntry 4 } 456 tcpConnectionRemAddress OBJECT-TYPE 457 SYNTAX InetAddress (SIZE(0..36)) 458 MAX-ACCESS not-accessible 459 STATUS current 460 DESCRIPTION 461 "The remote IP address for this TCP connection." 462 ::= { tcpConnectionEntry 5 } 464 tcpConnectionRemPort OBJECT-TYPE 465 SYNTAX InetPortNumber 466 MAX-ACCESS not-accessible 467 STATUS current 468 DESCRIPTION 469 "The remote port number for this TCP connection." 470 ::= { tcpConnectionEntry 6 } 472 tcpConnectionState OBJECT-TYPE 473 SYNTAX INTEGER { 474 closed(1), 475 listen(2), 476 synSent(3), 477 synReceived(4), 478 established(5), 479 finWait1(6), 480 finWait2(7), 481 closeWait(8), 482 lastAck(9), 483 closing(10), 484 timeWait(11), 485 deleteTCB(12) 486 } 487 MAX-ACCESS read-write 488 STATUS current 489 DESCRIPTION 490 "The state of this TCP connection. 492 The only value which may be set by a management station is 493 deleteTCB(12). Accordingly, it is appropriate for an agent 494 to return a `badValue' response if a management station 495 attempts to set this object to any other value. 497 If a management station sets this object to the value 498 deleteTCB(12), then this has the effect of deleting the TCB 499 (as defined in RFC 793) of the corresponding connection on 500 the managed node, resulting in immediate termination of the 501 connection. 503 As an implementation-specific option, a RST segment may be 504 sent from the managed node to the other TCP endpoint (note 505 however that RST segments are not sent reliably)." 506 ::= { tcpConnectionEntry 7 } 508 tcpConnectionInPackets OBJECT-TYPE 509 SYNTAX Integer32 510 MAX-ACCESS read-only 511 STATUS current 512 DESCRIPTION 513 "The number of packets received on this connection. This 514 count includes retransmitted data." 515 ::= { tcpConnectionEntry 8 } 517 tcpConnectionOutPackets OBJECT-TYPE 518 SYNTAX Integer32 519 MAX-ACCESS read-only 520 STATUS current 521 DESCRIPTION 522 "The number of packets transmitted on this connection. This 523 count includes retransmitted data." 524 ::= { tcpConnectionEntry 9 } 526 tcpConnectionInOctets OBJECT-TYPE 527 SYNTAX Integer32 528 MAX-ACCESS read-only 529 STATUS current 530 DESCRIPTION 531 "The number of octets received on this connection. This 532 count includes retransmitted data." 533 ::= { tcpConnectionEntry 10 } 535 tcpConnectionOutOctets OBJECT-TYPE 536 SYNTAX Integer32 537 MAX-ACCESS read-only 538 STATUS current 539 DESCRIPTION 540 "The number of octets transmitted on this connection. This 541 count includes retransmitted data." 542 ::= { tcpConnectionEntry 11 } 544 tcpConnectionStartTime OBJECT-TYPE 545 SYNTAX TimeStamp 546 MAX-ACCESS read-only 547 STATUS current 548 DESCRIPTION 549 "The value of sysUpTime at the time this connection was 550 established, or when this listening socket was opened." 551 ::= { tcpConnectionEntry 12 } 553 -- The deprecated TCP Connection table 555 tcpConnTable OBJECT-TYPE 556 SYNTAX SEQUENCE OF TcpConnEntry 557 MAX-ACCESS not-accessible 558 STATUS deprecated 559 DESCRIPTION 560 "A table containing information about existing IPv4-specific 561 TCP connections or listeners. This table has been 562 deprecated in favor of the version neutral 563 tcpConnectionTable." 564 ::= { tcp 13 } 566 tcpConnEntry OBJECT-TYPE 567 SYNTAX TcpConnEntry 568 MAX-ACCESS not-accessible 569 STATUS deprecated 570 DESCRIPTION 571 "A conceptual row of the tcpConnTable containing information 572 about a particular current IPv4 TCP connection. Each row of 573 this table is transient, in that it ceases to exist when (or 574 soon after) the connection makes the transition to the 575 CLOSED state." 576 INDEX { tcpConnLocalAddress, 577 tcpConnLocalPort, 578 tcpConnRemAddress, 579 tcpConnRemPort } 580 ::= { tcpConnTable 1 } 582 TcpConnEntry ::= SEQUENCE { 583 tcpConnState INTEGER, 584 tcpConnLocalAddress IpAddress, 585 tcpConnLocalPort INTEGER, 586 tcpConnRemAddress IpAddress, 587 tcpConnRemPort INTEGER 588 } 590 tcpConnState OBJECT-TYPE 591 SYNTAX INTEGER { 592 closed(1), 593 listen(2), 594 synSent(3), 595 synReceived(4), 596 established(5), 597 finWait1(6), 598 finWait2(7), 599 closeWait(8), 600 lastAck(9), 601 closing(10), 602 timeWait(11), 603 deleteTCB(12) 604 } 605 MAX-ACCESS read-write 606 STATUS deprecated 607 DESCRIPTION 608 "The state of this TCP connection. 610 The only value which may be set by a management station is 611 deleteTCB(12). Accordingly, it is appropriate for an agent 612 to return a `badValue' response if a management station 613 attempts to set this object to any other value. 615 If a management station sets this object to the value 616 deleteTCB(12), then this has the effect of deleting the TCB 617 (as defined in RFC 793) of the corresponding connection on 618 the managed node, resulting in immediate termination of the 619 connection. 621 As an implementation-specific option, a RST segment may be 622 sent from the managed node to the other TCP endpoint (note 623 however that RST segments are not sent reliably)." 624 ::= { tcpConnEntry 1 } 626 tcpConnLocalAddress OBJECT-TYPE 627 SYNTAX IpAddress 628 MAX-ACCESS read-only 629 STATUS deprecated 630 DESCRIPTION 631 "The local IP address for this TCP connection. In the case 632 of a connection in the listen state which is willing to 633 accept connections for any IP interface associated with the 634 node, the value 0.0.0.0 is used." 635 ::= { tcpConnEntry 2 } 637 tcpConnLocalPort OBJECT-TYPE 638 SYNTAX INTEGER (0..65535) 639 MAX-ACCESS read-only 640 STATUS deprecated 641 DESCRIPTION 642 "The local port number for this TCP connection." 643 ::= { tcpConnEntry 3 } 645 tcpConnRemAddress OBJECT-TYPE 646 SYNTAX IpAddress 647 MAX-ACCESS read-only 648 STATUS deprecated 649 DESCRIPTION 650 "The remote IP address for this TCP connection." 651 ::= { tcpConnEntry 4 } 653 tcpConnRemPort OBJECT-TYPE 654 SYNTAX INTEGER (0..65535) 655 MAX-ACCESS read-only 656 STATUS deprecated 657 DESCRIPTION 658 "The remote port number for this TCP connection." 659 ::= { tcpConnEntry 5 } 661 -- conformance information 663 tcpMIBConformance OBJECT IDENTIFIER ::= { tcpMIB 2 } 665 tcpMIBCompliances OBJECT IDENTIFIER ::= { tcpMIBConformance 1 } 666 tcpMIBGroups OBJECT IDENTIFIER ::= { tcpMIBConformance 2 } 668 -- compliance statements 670 tcpMIBCompliance2 MODULE-COMPLIANCE 671 STATUS current 672 DESCRIPTION 673 "The compliance statement for systems which implement TCP." 674 MODULE -- this module 675 MANDATORY-GROUPS { tcpBaseGroup, tcpConnectionGroup } 676 GROUP tcpHCGroup 677 DESCRIPTION 678 "This group is mandatory for those systems which are capable 679 of receiving or transmitting more than 1 million TCP 680 packets per second. 1 million packets per second will 681 cause a Counter32 to wrap in just over an hour." 682 GROUP tcpCountersGroup 683 DESCRIPTION 684 "This group is optional. It provides visibility for counters 685 that some systems already implement." 686 OBJECT tcpConnectionState 687 MIN-ACCESS read-only 688 DESCRIPTION 689 "Write access is not required." 690 ::= { tcpMIBCompliances 2 } 692 tcpMIBCompliance MODULE-COMPLIANCE 693 STATUS deprecated 694 DESCRIPTION 695 "The compliance statement for IPv4-only systems which 696 implement TCP. In order to be IP version independent, this 697 compliance statement is deprecated in favor of 698 tcpMIBCompliance2." 699 MODULE -- this module 700 MANDATORY-GROUPS { tcpGroup } 701 OBJECT tcpConnState 702 MIN-ACCESS read-only 703 DESCRIPTION 704 "Write access is not required." 705 ::= { tcpMIBCompliances 1 } 707 -- units of conformance 709 tcpGroup OBJECT-GROUP 710 OBJECTS { tcpRtoAlgorithm, tcpRtoMin, tcpRtoMax, 711 tcpMaxConn, tcpActiveOpens, 712 tcpPassiveOpens, tcpAttemptFails, 713 tcpEstabResets, tcpCurrEstab, tcpInSegs, 714 tcpOutSegs, tcpRetransSegs, tcpConnState, 715 tcpConnLocalAddress, tcpConnLocalPort, 716 tcpConnRemAddress, tcpConnRemPort, 717 tcpInErrs, tcpOutRsts } 718 STATUS deprecated 719 DESCRIPTION 720 "The tcp group of objects providing for management of TCP 721 entities." 722 ::= { tcpMIBGroups 1 } 724 tcpBaseGroup OBJECT-GROUP 725 OBJECTS { tcpRtoAlgorithm, tcpRtoMin, tcpRtoMax, 726 tcpMaxConn, tcpActiveOpens, 727 tcpPassiveOpens, tcpAttemptFails, 728 tcpEstabResets, tcpCurrEstab, tcpInSegs, 729 tcpOutSegs, tcpRetransSegs, 730 tcpInErrs, tcpOutRsts } 731 STATUS current 732 DESCRIPTION 733 "The group of counters common to TCP entities." 734 ::= { tcpMIBGroups 2 } 736 tcpHCGroup OBJECT-GROUP 737 OBJECTS { tcpHCInSegs, tcpHCOutSegs } 738 STATUS current 739 DESCRIPTION 740 "The group of objects providing for counters of high speed 741 TCP implementations." 742 ::= { tcpMIBGroups 3 } 744 tcpConnectionGroup OBJECT-GROUP 745 OBJECTS { tcpConnectionState } 746 STATUS current 747 DESCRIPTION 748 "The table of TCP connections." 749 ::= { tcpMIBGroups 4 } 751 tcpCountersGroup OBJECT-GROUP 752 OBJECTS { tcpConnectionInPackets, tcpConnectionOutPackets, 753 tcpConnectionInOctets, tcpConnectionOutOctets, 754 tcpConnectionStartTime } 755 STATUS current 756 DESCRIPTION 757 "The packet and octet counters specific to a TCP connection." 758 ::= { tcpMIBGroups 5 } 760 END 762 4. Open Issues 764 Are the current per-connection byte/segment counters appropriate? Other 765 stats? [in optional conformance group] ConnSRTT? 767 More HC counters? 769 Seperate listening vs. established connections? 771 IPV6_V6ONLY / ??? : does the tcpConnectionTable need something? (Erik 772 said: 774 But for the different types of wildcard listeners it would make sense 775 to be able to capture the difference between: 776 IPv4-only - bound to INADDR_ANY 777 IPv6-only - bound to in6addr_any with the IPV6_V6ONLY socket 778 option set 779 both - bound to in6addr_any and the above not set 781 [the last 2 could probably be differentiated by the remote address AF 782 being Unknown or IPv6 -- which would require changing the DESCRIPTION] 784 5. Acknowledgements 786 This document contains a modified subset of RFC 1213 and updates RFC 787 2012 and RFC 2452. 789 6. References 791 [2] Rose, M. and K. McCloghrie, "Management Information Base for Network 792 Management of TCP/IP-based internets", RFC 1213, March 1991. 794 [3] K. McCloghrie, "SNMPv2 Management Information Base for the 795 Transmission Control Protocol using SMIv2", RFC 2012, November 796 1996. 798 [4] Haskin, D. and S. Onishi, "IP Version 6 Management Information Base 799 for the Transmission Control Protocol", RFC 2452, December 1998. 801 [5] Postel, J., "Transmission Control Protocol - DARPA Internet Program 802 Protocol Specification", STD 7, RFC 793, DARPA, September 1981. 804 [6] Jacobson, V., "Congestion Avoidance and Control", SIGCOMM 1988, 805 Stanford, California. 807 [7] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for 808 Describing SNMP Management Frameworks", RFC 2571, April 1999. 810 [8] Rose, M., and K. McCloghrie, "Structure and Identification of 811 Management Information for TCP/IP-based Internets", STD 16, RFC 812 1155, May 1990. 814 [9] Rose, M., and K. McCloghrie, "Concise MIB Definitions", STD 16, RFC 815 1212, March 1991. 817 [10] Rose, M., "A Convention for Defining Traps for use with the SNMP", 818 RFC 1215, March 1991. 820 [11] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., 821 and S. Waldbusser, "Structure of Management Information Version 2 822 (SMIv2)", STD 58, RFC 2578, April 1999. 824 [12] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., 825 and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 826 2579, April 1999. 828 [13] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., 829 and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 830 2580, April 1999. 832 [14] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network 833 Management Protocol", STD 15, RFC 1157, May 1990. 835 [15] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 836 "Introduction to Community-based SNMPv2", RFC 1901, January 1996. 838 [16] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport 839 Mappings for Version 2 of the Simple Network Management Protocol 840 (SNMPv2)", RFC 1906, January 1996. 842 [17] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message 843 Processing and Dispatching for the Simple Network Management 844 Protocol (SNMP)", RFC 2572, April 1999. 846 [18] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for 847 version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 848 2574, April 1999. 850 [19] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol 851 Operations for Version 2 of the Simple Network Management Protocol 852 (SNMPv2)", RFC 1905, January 1996. 854 [20] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC 855 2573, April 1999. 857 [21] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access 858 Control Model (VACM) for the Simple Network Management Protocol 859 (SNMP)", RFC 2575, April 1999. 861 [22] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction to 862 Version 3 of the Internet-standard Network Management Framework", 863 RFC 2570, April 1999. 865 7. Security Considerations 867 There are a number of management objects defined in this MIB that have a 868 MAX-ACCESS clause of read-write and/or read-create. Such objects may be 869 considered sensitive or vulnerable in some network environments. The 870 support for SET operations in a non-secure environment without proper 871 protection can have a negative effect on network operations. 873 There are a number of managed objects in this MIB that may contain 874 sensitive information. These are: 876 o The tcpConnectionLocalPort and tcpConnLocalPort objects can be used to 877 identify what ports are open on the machine and can thus what attacks 878 are likely to succeed, without the attacker having to run a port 879 scanner. 881 o The tcpConnectionState and tcpConnState objects have a MAX-ACCESS 882 clause of read-write, which allows termination of an arbitrary 883 connection. Unauthorized access could cause a denial of service. 885 It is thus important to control even GET access to these objects and 886 possibly to even encrypt the values of these object when sending them 887 over the network via SNMP. Not all versions of SNMP provide features 888 for such a secure environment. 890 SNMPv1 by itself is not a secure environment. Even if the network 891 itself is secure (for example by using IPSec), even then, there is no 892 control as to who on the secure network is allowed to access and GET/SET 893 (read/change/create/delete) the objects in this MIB. 895 It is recommended that the implementers consider the security features 896 as provided by the SNMPv3 framework. Specifically, the use of the User- 897 based Security Model RFC 2574 [18] and the View-based Access Control 898 Model RFC 2575 [21] is recommended. 900 It is then a customer/user responsibility to ensure that the SNMP entity 901 giving access to an instance of this MIB, is properly configured to give 902 access to the objects only to those principals (users) that have 903 legitimate rights to indeed GET or SET (change/create/delete) them. 905 8. Editor's Address 907 Bill Fenner 908 AT&T Labs -- Research 909 75 Willow Rd 910 Menlo Park, CA 94025 911 USA 913 Email: fenner@research.att.com 915 9. Full Copyright Statement 917 Copyright (C) The Internet Society (2001). All Rights Reserved. 919 This document and translations of it may be copied and furnished to 920 others, and derivative works that comment on or otherwise explain it or 921 assist in its implementation may be prepared, copied, published and 922 distributed, in whole or in part, without restriction of any kind, 923 provided that the above copyright notice and this paragraph are included 924 on all such copies and derivative works. However, this document itself 925 may not be modified in any way, such as by removing the copyright notice 926 or references to the Internet Society or other Internet organizations, 927 except as needed for the purpose of developing Internet standards in 928 which case the procedures for copyrights defined in the Internet 929 Standards process must be followed, or as required to translate it into 930 languages other than English. 932 The limited permissions granted above are perpetual and will not be 933 revoked by the Internet Society or its successors or assigns. 935 This document and the information contained herein is provided on an "AS 936 IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK 937 FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT 938 LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT 939 INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR 940 FITNESS FOR A PARTICULAR PURPOSE.