idnits 2.17.1 draft-ietf-ipv6-rfc2012-update-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 519: '...e been obsoleted. It MUST not be used....' RFC 2119 keyword, line 1094: '...It is RECOMMENDED that implementers co...' RFC 2119 keyword, line 1100: '... Instead, it is RECOMMENDED to deploy...' -- The abstract seems to indicate that this document obsoletes RFC2012, but the header doesn't have an 'Obsoletes:' line to match this. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: -- { tcp 16 } was used to represent the ipv6TcpConnTable in RFC 2452, -- which has since been obsoleted. It MUST not be used. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (September 2003) is 7527 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC793' is defined on line 1007, but no explicit reference was found in the text == Unused Reference: 'RFC3291' is defined on line 1030, but no explicit reference was found in the text == Unused Reference: 'RFC2452' is defined on line 1044, but no explicit reference was found in the text ** Obsolete normative reference: RFC 793 (Obsoleted by RFC 9293) ** Obsolete normative reference: RFC 3291 (Obsoleted by RFC 4001) -- Obsolete informational reference (is this intentional?): RFC 2012 (Obsoleted by RFC 4022) -- Obsolete informational reference (is this intentional?): RFC 2452 (Obsoleted by RFC 4022, RFC 8096) Summary: 5 errors (**), 0 flaws (~~), 6 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 IPv6 MIB Revision Design Team Bill Fenner 2 INTERNET-DRAFT AT&T Research 3 Expires: March 2004 Keith McCloghrie 4 Rajiv Raghunarayan (Editor) 5 Cisco Systems 6 Juergen Schoenwalder 7 TU Braunschweig 8 September 2003 10 Management Information Base 11 for the Transmission Control Protocol (TCP) 12 draft-ietf-ipv6-rfc2012-update-04.txt 14 Status of this Document 16 This document is an Internet-Draft and is in full conformance with all 17 provisions of Section 10 of RFC2026. 19 Internet-Drafts are working documents of the Internet Engineering Task 20 Force (IETF), its areas, and its working groups. Note that other 21 groups may also distribute working documents as Internet-Drafts. 23 Internet-Drafts are draft documents valid for a maximum of six months 24 and may be updated, replaced, or obsoleted by other documents at any 25 time. It is inappropriate to use Internet-Drafts as reference material 26 or to cite them other than as "work in progress." 28 The list of current Internet-Drafts can be accessed at 29 http://www.ietf.org/ietf/1id-abstracts.txt 31 The list of Internet-Draft Shadow Directories can be accessed at 32 http://www.ietf.org/shadow.html. 34 This document is a product of the IPv6 MIB Revision Design Team. 35 Comments should be addressed to the editor/authors or the mailing 36 list at ipng@sunroof.eng.sun.com. 38 Copyright Notice 40 Copyright (C) The Internet Society (2001). All Rights Reserved. 42 Abstract 44 This memo defines a portion of the Management Information Base (MIB) 45 for use with network management protocols in the Internet community. 46 In particular, it describes managed objects used for implementations 47 of the Transmission Control Protocol (TCP) in an IP version 48 independent manner. This memo obsoletes RFCs 2012 and 2452. 50 Table of Contents 52 1. The Internet-Standard Management Framework . . . . . . . . . . 2 53 2. Revision History. . . . . . . . . . . . . . . . . . . . . . . . 2 54 3. Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 55 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . 7 56 5. Acknowledgements. . . . . . . . . . . . . . . . . . . . . . . . 22 57 6. Normative References. . . . . . . . . . . . . . . . . . . . . . 22 58 7. Informative References. . . . . . . . . . . . . . . . . . . . . 22 59 8. Security Considerations . . . . . . . . . . . . . . . . . . . . 23 60 9. Editor's Address. . . . . . . . . . . . . . . . . . . . . . . . 24 61 10. Authors. . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 62 11. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 25 64 1. The Internet-Standard Management Framework 66 For a detailed overview of the documents that describe the current 67 Internet-Standard Management Framework, please refer to section 7 of 68 RFC 3410 [RFC3410]. 70 Managed objects are accessed via a virtual information store, termed 71 the Management Information Base or MIB. MIB objects are generally 72 accessed through the Simple Network Management Protocol (SNMP). 73 Objects in the MIB are defined using the mechanisms defined in the 74 Structure of Management Information (SMI). This memo specifies a 75 MIB module that is compliant to the SMIv2, which is described in 76 STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, 77 RFC 2580 [RFC2580]. 79 2. Revision History 81 Changes from draft-ietf-ipv6-rfc2012-update-03.txt: 83 14th September 2003 85 Some editorial changes - correcting some spellings, and added a 86 statement to indicate the deprecation of RFC 2012 and RFC 2542. 88 Changes from draft-ietf-ipv6-rfc2012-update-02.txt: 90 16th June 2003 92 Added tcpHCInSegs and tcpHCOutSegs back to the mib, in order to 93 have the 64-bit counters along with the 32-bit counters. 95 Changes from draft-ietf-ipv6-rfc2012-update-01.txt: 97 23rd February 2003 98 Changes in this version mainly concentrate on reducing this mib 99 to a bare minimum update of RFC 2012, enough to satisfy the 100 needs of IPv6. The actual modifications are listed below. 102 Scalars tcpHCInSegs and tcpHCOutSegs dropped. 104 Objects dropped from the tcpConnectionTable include 105 tcpConnectionInSegs, tcpConnectionOutSegs, 106 tcpConnectionInOctets, tcpConnectionOutOctets, 107 tcpConnectionHCInSegs, tcpConnectionHCOutSegs, 108 tcpConnectionHCInOctets, tcpConnectionHCOutOctets, 109 tcpConnectionAge and tcpConnectionId. 111 Objects dropped from tcpListenerTable include 112 tcpListenerTimeOuts, tcpListenerEstablished and tcpListenerAge. 114 Updated compliance statements to reflect the aforementioned 115 changes. 117 Changes from draft-ietf-ipv6-rfc2012-update-00.txt: 119 4th November 2002 121 Replaced the tcpConnectionStartTime and tcpListenerStartTime 122 objects with tcpConnectionAge and tcpListenerAge respectively. 124 Added tcpConnectionRemAddressType as an auxiliary object into 125 the tcpConnectionTable. 127 Added new object, tcpConnectionId, to provide a link into the 128 TCP-ESTATS-MIB. 130 Included tcpConnectionAge and tcpConnectionProcess into the 131 tcpConnectionGroup. 133 Included tcpListenerAge and tcpListenerProcess into the 134 tcpListenerGroup. 136 tcpListenerGroup added to the mandatory list for compliance. 138 Changes from draft-ietf-ipngwg-rfc2012-update-01.txt: 140 27 June 2002 142 Replaced all occurrences of the term packets to segments, to be 143 consistent with the TCP specification. 145 Added limits to tcpRtoMin, tcpRtoMax and tcpMaxConn. 147 Added the scalar, tcpListenerTableLastChange. 149 Updated the description of tcpConnectionLocalAddress - removed 150 reference to 'listen' state. 152 Updated the description tcpConnection*Octets to explicitly 153 indicate whether the count includes the TCP header octets. 155 Updated the description of tcpConnectionStartTime and 156 tcpListenerStartTime - added clarifying text. 158 Renamed tcpConnectionProcessID to tcpConnectionProcess. 160 Updated the description of tcpListenerTable. 162 Updated the description of tcpListenerLocalAddressType to include 163 unknown (0) as a valid value. 165 Updated the description of tcpListenerLocalAddress - the value 166 ''h (zero-length octet-string) represents the case wherein an 167 application is will to accept connections for any IP interface 168 associated with the node. 170 Removed tcpListenerRemAddressType. 172 Removed tcpListenerHCConnectionsTimedOut and 173 tcpListenerHCConnectionsAccepted. Added them to open issues, to 174 be added iff deemed required after discussions. 176 Renamed tcpListenerConnectionsAccepted to tcpListenerEstablished 177 and tcpListenerConnectionsTimedOut to tcpListenerTimeOuts. 179 Renamed tcpListenerProcessID to tcpListenerProcess. 181 Updated compliance statement for the object tcpConnectionState - 182 support for the value 'deleteTCB (12)' deemed optional. 184 Added RFC 2790 and RFC 2287 to the References section. 186 Updated Contact-Info and Editor's address. 188 Added Authors section. 190 Changes from draft-ietf-ipngwg-rfc2012-update-00.txt: 192 14 November 2001 194 Added HC versions of connection counters. 196 Added Listener table, with counters for accepted and timed out 197 connection attempts. 199 Added tcp{Connection,Listener}ProcessID to index into SYSAPPL-MIB 200 or HOST-RESOURCES-MIB. 202 Removed tcpConnectionRemAddrType, it must be the same as 203 tcpConnectionLocalAddrType. 205 Changes from draft-ops-rfc2012-update-00.txt 207 12 Jul 2001 209 Turned into IPNG WG document 211 Added tcpCountersGroup for per-connection counters 213 Changes from first draft posted to v6mib mailing list: 215 23 Feb 2001 217 Made threshold for HC packet counters 1Mpps 219 Added copyright statements and table of contents 221 21 Feb 2001 -- Juergen's changes 223 Renamed tcpInetConn* to tcpConnection* 225 Updated Conformance info 227 Added missing tcpConnectionState and tcpConnState objects to 228 SEQUENCEs 230 6 Feb 2001 232 Removed v6-only objects. 234 Renamed inetTcp* to tcpInet* 236 Added SIZE restriction to InetAddress index objects. (36 = 237 32-byte addresses plus 4-byte scope, but it's just a strawman) 239 Used InetPortNumber TC from updated INET-ADDRESS-MIB 241 Updated compliance statements. 243 Added Keith to authors 245 Added open issues section. 247 Changes from RFC 2012 249 Deprecated tcpConnTable 250 Added tcpConnectionTable 252 3. Overview 254 The current TCP-MIB defined in this memo consists of two tables and 255 a group of scalars: 257 - The tcp group of scalars reports parameters and statistics of a 258 TCP protocol engine. 260 - The tcpConnectionTable provides access to status information for 261 all TCP connections handled by a TCP protocol engine. In addition 262 the table also reports identification of the operating system 263 level processes which handle the TCP connections. 265 - The tcpListenerTable provides access to information about all TCP 266 listening endpoints known by a TCP protocol engine. And similar 267 to the case of the connection table, the tcpListenerTable also 268 reports the identification of the operating system level 269 processes which handle this listening TCP endpoint. 271 3.1 Relationship to Other MIBs 273 This section discusses the relationship of this TCP-MIB module to 274 other MIB modules. 276 3.1.1 Relationship to RFC1213-MIB 278 TCP related MIB objects were originally defined as part of the 279 RFC1213-MIB defined in RFC 1213 [RFC1213]. The TCP related objects 280 of the RFC1213-MIB were later copied into a separate MIB module and 281 published in RFC 2012 [RFC2012] in SMIv2 format. 283 The previous versions of the TCP-MIB both defined the tcpConnTable, 284 which has been deprecated for basically two reasons: 286 (1) The tcpConnTable only supports IPv4. 288 The current approach in the IETF is to write IP version neutral 289 MIBs rather than having different definitions for various 290 version of IP. This reduces the amount of overhead when new 291 objects are introduced since there is only one place to add 292 them. Hence, the approach taken in RFC 2452 of having separate 293 tables is not continued. 295 (2) The tcpConnTable mixes listening endpoints with connections. 297 It turns out that connections tend to have a different behaviour 298 and management access pattern compared to listening endpoints. 299 Splitting the original tcpConnTable into two tables thus allows 300 for the addition of specific status and statistics objects for 301 listening endpoints and connections. 303 3.1.2 Relationship to IPV6-TCP-MIB 305 The IPV6-TCP-MIB defined in RFC 2452 has been moved to Historic 306 since the approach of having separate IP version specific tables is 307 not followed anymore. Implementation of RFC 2452 is thus not 308 suggested anymore. 310 3.1.3 Relationship to HOST-RESOURCES-MIB and SYSAPPL-MIB 312 The tcpConnectionTable and the tcpListenerTable report the 313 identification of the operating system level process which handles 314 a connection or a listening endpoint. The value is reported as an 315 Unsigned32 which is expected to be the same as the hrSWRunIndex of 316 the HOST-RESOURCES-MIB [RFC2790] (if the value is smaller than 317 2147483647) or the sysApplElmtRunIndex of the SYSAPPL-MIB [RFC2287]. 318 This allows managment applications to identify the TCP connections 319 that belong to an operating system level process which has proven 320 to be valuable in operational environments. 322 4. Definitions 324 TCP-MIB DEFINITIONS ::= BEGIN 326 IMPORTS 327 MODULE-IDENTITY, OBJECT-TYPE, Integer32, Unsigned32, 328 Gauge32, Counter32, Counter64, IpAddress, mib-2 329 FROM SNMPv2-SMI 330 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF 331 InetAddress, InetAddressType, 332 InetPortNumber FROM INET-ADDRESS-MIB; 334 tcpMIB MODULE-IDENTITY 335 LAST-UPDATED "200309140000Z" 336 ORGANIZATION "IETF IPv6 MIB Revision Team" 337 CONTACT-INFO 338 "Rajiv Raghunarayan (editor) 340 Cisco Systems Inc. 341 170 West Tasman Drive 342 San Jose, CA 95134 344 Phone: +1 408 853 9612 345 Email: " 346 DESCRIPTION 347 "The MIB module for managing TCP implementations." 348 REVISION "200309140000Z" 349 DESCRIPTION 350 "IP version neutral revision, published as RFC XXXX." 351 REVISION "9411010000Z" 352 DESCRIPTION 353 "Initial SMIv2 version, published as RFC 2012." 355 REVISION "9103310000Z" 356 DESCRIPTION 357 "The initial revision of this MIB module was part of 358 MIB-II." 359 ::= { mib-2 49 } 361 -- the TCP base variables group 363 tcp OBJECT IDENTIFIER ::= { mib-2 6 } 365 -- Scalars 367 tcpRtoAlgorithm OBJECT-TYPE 368 SYNTAX INTEGER { 369 other(1), -- none of the following 370 constant(2), -- a constant rto 371 rsre(3), -- MIL-STD-1778, Appendix B 372 vanj(4) -- Van Jacobson's algorithm [VANJ] 373 } 374 MAX-ACCESS read-only 375 STATUS current 376 DESCRIPTION 377 "The algorithm used to determine the timeout value used for 378 retransmitting unacknowledged octets." 379 ::= { tcp 1 } 381 tcpRtoMin OBJECT-TYPE 382 SYNTAX Integer32 (0..2147483647) 383 UNITS "milliseconds" 384 MAX-ACCESS read-only 385 STATUS current 386 DESCRIPTION 387 "The minimum value permitted by a TCP implementation for the 388 retransmission timeout, measured in milliseconds. More 389 refined semantics for objects of this type depend upon the 390 algorithm used to determine the retransmission timeout. In 391 particular, when the timeout algorithm is rsre(3), an 392 object of this type has the semantics of the LBOUND 393 quantity described in RFC 793." 394 ::= { tcp 2 } 396 tcpRtoMax OBJECT-TYPE 397 SYNTAX Integer32 (0..2147483647) 398 UNITS "milliseconds" 399 MAX-ACCESS read-only 400 STATUS current 401 DESCRIPTION 402 "The maximum value permitted by a TCP implementation for the 403 retransmission timeout, measured in milliseconds. More 404 refined semantics for objects of this type depend upon the 405 algorithm used to determine the retransmission timeout. In 406 particular, when the timeout algorithm is rsre(3), an 407 object of this type has the semantics of the UBOUND 408 quantity described in RFC 793." 409 ::= { tcp 3 } 411 tcpMaxConn OBJECT-TYPE 412 SYNTAX Integer32 (-1 | 0..2147483647) 413 MAX-ACCESS read-only 414 STATUS current 415 DESCRIPTION 416 "The limit on the total number of TCP connections the entity 417 can support. In entities where the maximum number of 418 connections is dynamic, this object should contain the 419 value -1." 420 ::= { tcp 4 } 422 tcpActiveOpens OBJECT-TYPE 423 SYNTAX Counter32 424 MAX-ACCESS read-only 425 STATUS current 426 DESCRIPTION 427 "The number of times TCP connections have made a direct 428 transition to the SYN-SENT state from the CLOSED state." 429 ::= { tcp 5 } 431 tcpPassiveOpens OBJECT-TYPE 432 SYNTAX Counter32 433 MAX-ACCESS read-only 434 STATUS current 435 DESCRIPTION 436 "The number of times TCP connections have made a direct 437 transition to the SYN-RCVD state from the LISTEN state." 438 ::= { tcp 6 } 440 tcpAttemptFails OBJECT-TYPE 441 SYNTAX Counter32 442 MAX-ACCESS read-only 443 STATUS current 444 DESCRIPTION 445 "The number of times TCP connections have made a direct 446 transition to the CLOSED state from either the SYN-SENT 447 state or the SYN-RCVD state, plus the number of times TCP 448 connections have made a direct transition to the LISTEN 449 state from the SYN-RCVD state." 450 ::= { tcp 7 } 452 tcpEstabResets OBJECT-TYPE 453 SYNTAX Counter32 454 MAX-ACCESS read-only 455 STATUS current 456 DESCRIPTION 457 "The number of times TCP connections have made a direct 458 transition to the CLOSED state from either the ESTABLISHED 459 state or the CLOSE-WAIT state." 460 ::= { tcp 8 } 462 tcpCurrEstab OBJECT-TYPE 463 SYNTAX Gauge32 464 MAX-ACCESS read-only 465 STATUS current 466 DESCRIPTION 467 "The number of TCP connections for which the current state 468 is either ESTABLISHED or CLOSE-WAIT." 469 ::= { tcp 9 } 471 tcpInSegs OBJECT-TYPE 472 SYNTAX Counter32 473 MAX-ACCESS read-only 474 STATUS current 475 DESCRIPTION 476 "The total number of segments received, including those 477 received in error. This count includes segments received 478 on currently established connections." 479 ::= { tcp 10 } 481 tcpOutSegs OBJECT-TYPE 482 SYNTAX Counter32 483 MAX-ACCESS read-only 484 STATUS current 485 DESCRIPTION 486 "The total number of segments sent, including those on 487 current connections but excluding those containing only 488 retransmitted octets." 489 ::= { tcp 11 } 491 tcpRetransSegs OBJECT-TYPE 492 SYNTAX Counter32 493 MAX-ACCESS read-only 494 STATUS current 495 DESCRIPTION 496 "The total number of segments retransmitted - that is, the 497 number of TCP segments transmitted containing one or more 498 previously transmitted octets." 499 ::= { tcp 12 } 501 tcpInErrs OBJECT-TYPE 502 SYNTAX Counter32 503 MAX-ACCESS read-only 504 STATUS current 505 DESCRIPTION 506 "The total number of segments received in error (e.g., bad 507 TCP checksums)." 508 ::= { tcp 14 } 510 tcpOutRsts OBJECT-TYPE 511 SYNTAX Counter32 512 MAX-ACCESS read-only 513 STATUS current 514 DESCRIPTION 515 "The number of TCP segments sent containing the RST flag." 516 ::= { tcp 15 } 518 -- { tcp 16 } was used to represent the ipv6TcpConnTable in RFC 2452, 519 -- which has since been obsoleted. It MUST not be used. 521 tcpHCInSegs OBJECT-TYPE 522 SYNTAX Counter64 523 MAX-ACCESS read-only 524 STATUS current 525 DESCRIPTION 526 "The total number of segments received, including those 527 received in error. This count includes segments received 528 on currently established connections. This object is 529 the 64-bit equivalent of tcpInSegs." 530 ::= { tcp 17 } 532 tcpHCOutSegs OBJECT-TYPE 533 SYNTAX Counter64 534 MAX-ACCESS read-only 535 STATUS current 536 DESCRIPTION 537 "The total number of segments sent, including those on 538 current connections but excluding those containing only 539 retransmitted octets. This object is the 64-bit 540 equivalent of tcpOutSegs." 541 ::= { tcp 18 } 543 -- The TCP Connection table 545 tcpConnectionTable OBJECT-TYPE 546 SYNTAX SEQUENCE OF TcpConnectionEntry 547 MAX-ACCESS not-accessible 548 STATUS current 549 DESCRIPTION 550 "A table containing information about existing TCP 551 connections. Note that unlike earlier TCP MIBs, there 552 is a separate table for connections in the LISTEN state." 553 ::= { tcp 19 } 555 tcpConnectionEntry OBJECT-TYPE 556 SYNTAX TcpConnectionEntry 557 MAX-ACCESS not-accessible 558 STATUS current 559 DESCRIPTION 560 "A conceptual row of the tcpConnectionTable containing 561 information about a particular current TCP connection. 562 Each row of this table is transient, in that it ceases to 563 exist when (or soon after) the connection makes the 564 transition to the CLOSED state." 565 INDEX { tcpConnectionLocalAddressType, 566 tcpConnectionLocalAddress, 567 tcpConnectionLocalPort, 568 tcpConnectionRemAddressType, 569 tcpConnectionRemAddress, 570 tcpConnectionRemPort } 571 ::= { tcpConnectionTable 1 } 573 TcpConnectionEntry ::= SEQUENCE { 574 tcpConnectionLocalAddressType InetAddressType, 575 tcpConnectionLocalAddress InetAddress, 576 tcpConnectionLocalPort InetPortNumber, 577 tcpConnectionRemAddressType InetAddressType, 578 tcpConnectionRemAddress InetAddress, 579 tcpConnectionRemPort InetPortNumber, 580 tcpConnectionState INTEGER, 581 tcpConnectionProcess Unsigned32 582 } 584 tcpConnectionLocalAddressType OBJECT-TYPE 585 SYNTAX InetAddressType 586 MAX-ACCESS not-accessible 587 STATUS current 588 DESCRIPTION 589 "The address type of tcpConnectionLocalAddress. Only IPv4, 590 IPv4z, IPv6 and IPv6z address types are expected." 591 ::= { tcpConnectionEntry 1 } 593 tcpConnectionLocalAddress OBJECT-TYPE 594 SYNTAX InetAddress (SIZE(0..36)) 595 MAX-ACCESS not-accessible 596 STATUS current 597 DESCRIPTION 598 "The local IP address for this TCP connection." 599 ::= { tcpConnectionEntry 2 } 601 tcpConnectionLocalPort OBJECT-TYPE 602 SYNTAX InetPortNumber 603 MAX-ACCESS not-accessible 604 STATUS current 605 DESCRIPTION 606 "The local port number for this TCP connection." 607 ::= { tcpConnectionEntry 3 } 609 tcpConnectionRemAddressType OBJECT-TYPE 610 SYNTAX InetAddressType 611 MAX-ACCESS not-accessible 612 STATUS current 613 DESCRIPTION 614 "The address type of tcpConnectionRemAddress. Only IPv4, 615 IPv4z, IPv6 and IPv6z address types are expected." 616 ::= { tcpConnectionEntry 4 } 618 tcpConnectionRemAddress OBJECT-TYPE 619 SYNTAX InetAddress (SIZE(0..36)) 620 MAX-ACCESS not-accessible 621 STATUS current 622 DESCRIPTION 623 "The remote IP address for this TCP connection." 624 ::= { tcpConnectionEntry 5 } 626 tcpConnectionRemPort OBJECT-TYPE 627 SYNTAX InetPortNumber 628 MAX-ACCESS not-accessible 629 STATUS current 630 DESCRIPTION 631 "The remote port number for this TCP connection." 632 ::= { tcpConnectionEntry 6 } 634 tcpConnectionState OBJECT-TYPE 635 SYNTAX INTEGER { 636 closed(1), 637 listen(2), -- do we need this here??? 638 synSent(3), 639 synReceived(4), 640 established(5), 641 finWait1(6), 642 finWait2(7), 643 closeWait(8), 644 lastAck(9), 645 closing(10), 646 timeWait(11), 647 deleteTCB(12) 648 } 649 MAX-ACCESS read-write 650 STATUS current 651 DESCRIPTION 652 "The state of this TCP connection. 654 The value listen(2) is included only for parallelism to the 655 old tcpConnTable, and should not be used. A connection in 656 LISTEN state should be present in the tcpListenerTable. 658 The only value which may be set by a management station is 659 deleteTCB(12). Accordingly, it is appropriate for an agent 660 to return a `badValue' response if a management station 661 attempts to set this object to any other value. 663 If a management station sets this object to the value 664 deleteTCB(12), then this has the effect of deleting the TCB 665 (as defined in RFC 793) of the corresponding connection on 666 the managed node, resulting in immediate termination of the 667 connection. 669 As an implementation-specific option, a RST segment may be 670 sent from the managed node to the other TCP endpoint (note 671 however that RST segments are not sent reliably)." 672 ::= { tcpConnectionEntry 7 } 674 tcpConnectionProcess OBJECT-TYPE 675 SYNTAX Unsigned32 676 MAX-ACCESS read-only 677 STATUS current 678 DESCRIPTION 679 "The system's process ID for the process associated with 680 this connection, or zero if there is no such process. This 681 value is expected to be the same as HOST-RESOURCES-MIB:: 682 hrSWRunIndex or SYSAPPL-MIB::sysApplElmtRunIndex for some 683 row in the appropriate tables." 684 ::= { tcpConnectionEntry 8 } 686 -- The TCP Listener table 688 tcpListenerTable OBJECT-TYPE 689 SYNTAX SEQUENCE OF TcpListenerEntry 690 MAX-ACCESS not-accessible 691 STATUS current 692 DESCRIPTION 693 "A table containing information about TCP listeners. A 694 listening application can be represented in three 695 possible ways: 697 1. An application that is willing to accept both IPv4 and 698 IPv6 datagrams is represented by 699 tcpListenerLocalAddressType of unknown (0) and 700 tcpListenerLocalAddress of ''h (a zero-length 701 octet-string). 703 2. An application which is willing to accept only IPv4 or 704 IPv6 datagrams is represented by a 705 tcpListenerLocalAddressType of the appropriate address 706 type and tcpListenerLocalAddress of ''h (a zero-length 707 octet-string). 709 3. An application which is a listening for data destined 710 only to a specific IP address, but from any remote 711 system, is represented by a tcpListenerLocalAddressType 712 of an appropriate address type, with 713 tcpListenerLocalAddress the specific local address. 715 NOTE: that address type in this table represents the 716 address type used for the communication, irrespective 717 of the higher-layer abstraction. For example, an 718 application using IPv6 'sockets' to communicate via 719 IPv4 between ::ffff:10.0.0.1 and ::ffff:10.0.0.2 would 720 use InetAddressType ipv4(1))." 721 ::= { tcp 20 } 723 tcpListenerEntry OBJECT-TYPE 724 SYNTAX TcpListenerEntry 725 MAX-ACCESS not-accessible 726 STATUS current 727 DESCRIPTION 728 "A conceptual row of the tcpListenerTable containing 729 information about a particular TCP listener." 730 INDEX { tcpListenerLocalAddressType, 731 tcpListenerLocalAddress, 732 tcpListenerLocalPort } 733 ::= { tcpListenerTable 1 } 735 TcpListenerEntry ::= SEQUENCE { 736 tcpListenerLocalAddressType InetAddressType, 737 tcpListenerLocalAddress InetAddress, 738 tcpListenerLocalPort InetPortNumber, 739 tcpListenerProcess Unsigned32 740 } 742 tcpListenerLocalAddressType OBJECT-TYPE 743 SYNTAX InetAddressType 744 MAX-ACCESS not-accessible 745 STATUS current 746 DESCRIPTION 747 "The address type of tcpListenerLocalAddress. Only IPv4, 748 IPv4z, IPv6 and IPv6z address types are expected, or 749 unknown (0) if connection initiation to all local IP 750 addresses are accepted. " 751 ::= { tcpListenerEntry 1 } 753 tcpListenerLocalAddress OBJECT-TYPE 754 SYNTAX InetAddress (SIZE(0..36)) 755 MAX-ACCESS not-accessible 756 STATUS current 757 DESCRIPTION 758 "The local IP address for this TCP connection. In the case 759 of a listener which is willing to accept connections for 760 any IP interface associated with the node, a value of ''h 761 (zero-length octet-string) is used." 762 ::= { tcpListenerEntry 2 } 764 tcpListenerLocalPort OBJECT-TYPE 765 SYNTAX InetPortNumber 766 MAX-ACCESS not-accessible 767 STATUS current 768 DESCRIPTION 769 "The local port number for this TCP connection." 770 ::= { tcpListenerEntry 3 } 772 tcpListenerProcess OBJECT-TYPE 773 SYNTAX Unsigned32 774 MAX-ACCESS read-only 775 STATUS current 776 DESCRIPTION 777 "The system's process ID for the process associated with 778 this listener, or zero if there is no such process. This 779 value is expected to be the same as HOST-RESOURCES-MIB:: 780 hrSWRunIndex or SYSAPPL-MIB::sysApplElmtRunIndex for some 781 row in the appropriate tables." 782 ::= { tcpListenerEntry 4 } 784 -- The deprecated TCP Connection table 786 tcpConnTable OBJECT-TYPE 787 SYNTAX SEQUENCE OF TcpConnEntry 788 MAX-ACCESS not-accessible 789 STATUS deprecated 790 DESCRIPTION 791 "A table containing information about existing IPv4-specific 792 TCP connections or listeners. This table has been 793 deprecated in favor of the version neutral 794 tcpConnectionTable." 795 ::= { tcp 13 } 797 tcpConnEntry OBJECT-TYPE 798 SYNTAX TcpConnEntry 799 MAX-ACCESS not-accessible 800 STATUS deprecated 801 DESCRIPTION 802 "A conceptual row of the tcpConnTable containing information 803 about a particular current IPv4 TCP connection. Each row 804 of this table is transient, in that it ceases to exist when 805 (or soon after) the connection makes the transition to the 806 CLOSED state." 807 INDEX { tcpConnLocalAddress, 808 tcpConnLocalPort, 809 tcpConnRemAddress, 810 tcpConnRemPort } 811 ::= { tcpConnTable 1 } 813 TcpConnEntry ::= SEQUENCE { 814 tcpConnState INTEGER, 815 tcpConnLocalAddress IpAddress, 816 tcpConnLocalPort Integer32, 817 tcpConnRemAddress IpAddress, 818 tcpConnRemPort Integer32 819 } 821 tcpConnState OBJECT-TYPE 822 SYNTAX INTEGER { 823 closed(1), 824 listen(2), 825 synSent(3), 826 synReceived(4), 827 established(5), 828 finWait1(6), 829 finWait2(7), 830 closeWait(8), 831 lastAck(9), 832 closing(10), 833 timeWait(11), 834 deleteTCB(12) 835 } 836 MAX-ACCESS read-write 837 STATUS deprecated 838 DESCRIPTION 839 "The state of this TCP connection. 841 The only value which may be set by a management station is 842 deleteTCB(12). Accordingly, it is appropriate for an agent 843 to return a `badValue' response if a management station 844 attempts to set this object to any other value. 846 If a management station sets this object to the value 847 deleteTCB(12), then this has the effect of deleting the TCB 848 (as defined in RFC 793) of the corresponding connection on 849 the managed node, resulting in immediate termination of the 850 connection. 852 As an implementation-specific option, a RST segment may be 853 sent from the managed node to the other TCP endpoint (note 854 however that RST segments are not sent reliably)." 855 ::= { tcpConnEntry 1 } 857 tcpConnLocalAddress OBJECT-TYPE 858 SYNTAX IpAddress 859 MAX-ACCESS read-only 860 STATUS deprecated 861 DESCRIPTION 862 "The local IP address for this TCP connection. In the case 863 of a connection in the listen state which is willing to 864 accept connections for any IP interface associated with the 865 node, the value 0.0.0.0 is used." 866 ::= { tcpConnEntry 2 } 868 tcpConnLocalPort OBJECT-TYPE 869 SYNTAX Integer32 (0..65535) 870 MAX-ACCESS read-only 871 STATUS deprecated 872 DESCRIPTION 873 "The local port number for this TCP connection." 874 ::= { tcpConnEntry 3 } 876 tcpConnRemAddress OBJECT-TYPE 877 SYNTAX IpAddress 878 MAX-ACCESS read-only 879 STATUS deprecated 880 DESCRIPTION 881 "The remote IP address for this TCP connection." 882 ::= { tcpConnEntry 4 } 884 tcpConnRemPort OBJECT-TYPE 885 SYNTAX Integer32 (0..65535) 886 MAX-ACCESS read-only 887 STATUS deprecated 888 DESCRIPTION 889 "The remote port number for this TCP connection." 890 ::= { tcpConnEntry 5 } 892 -- conformance information 894 tcpMIBConformance OBJECT IDENTIFIER ::= { tcpMIB 2 } 896 tcpMIBCompliances OBJECT IDENTIFIER ::= { tcpMIBConformance 1 } 897 tcpMIBGroups OBJECT IDENTIFIER ::= { tcpMIBConformance 2 } 898 -- compliance statements 900 tcpMIBCompliance2 MODULE-COMPLIANCE 901 STATUS current 902 DESCRIPTION 903 "The compliance statement for systems which implement TCP." 904 MODULE -- this module 905 MANDATORY-GROUPS { tcpBaseGroup, tcpConnectionGroup, 906 tcpListenerGroup } 907 GROUP tcpHCGroup 908 DESCRIPTION 909 "This group is mandatory for those systems which are capable 910 of receiving or transmitting more than 1 million TCP 911 segments per second. 1 million segments per second will 912 cause a Counter32 to wrap in just over an hour." 913 OBJECT tcpConnectionState 914 SYNTAX INTEGER { closed(1), listen(2), synSent(3), 915 synReceived(4), established(5), 916 finWait1(6), finWait2(7), closeWait(8), 917 lastAck(9), closing(10), timeWait(11) } 918 MIN-ACCESS read-only 919 DESCRIPTION 920 "Write access is not required, nor is support for the value 921 deleteTCB (12)." 922 ::= { tcpMIBCompliances 2 } 924 tcpMIBCompliance MODULE-COMPLIANCE 925 STATUS deprecated 926 DESCRIPTION 927 "The compliance statement for IPv4-only systems which 928 implement TCP. In order to be IP version independent, this 929 compliance statement is deprecated in favor of 930 tcpMIBCompliance2. However, agents are still encouraged 931 to implement these objects in order to interoperate with 932 the deployed base of managers." 933 MODULE -- this module 934 MANDATORY-GROUPS { tcpGroup } 935 OBJECT tcpConnState 936 MIN-ACCESS read-only 937 DESCRIPTION 938 "Write access is not required." 939 ::= { tcpMIBCompliances 1 } 941 -- units of conformance 943 tcpGroup OBJECT-GROUP 944 OBJECTS { tcpRtoAlgorithm, tcpRtoMin, tcpRtoMax, 945 tcpMaxConn, tcpActiveOpens, 946 tcpPassiveOpens, tcpAttemptFails, 947 tcpEstabResets, tcpCurrEstab, tcpInSegs, 948 tcpOutSegs, tcpRetransSegs, tcpConnState, 949 tcpConnLocalAddress, tcpConnLocalPort, 950 tcpConnRemAddress, tcpConnRemPort, 951 tcpInErrs, tcpOutRsts } 952 STATUS deprecated 953 DESCRIPTION 954 "The tcp group of objects providing for management of TCP 955 entities." 956 ::= { tcpMIBGroups 1 } 958 tcpBaseGroup OBJECT-GROUP 959 OBJECTS { tcpRtoAlgorithm, tcpRtoMin, tcpRtoMax, 960 tcpMaxConn, tcpActiveOpens, 961 tcpPassiveOpens, tcpAttemptFails, 962 tcpEstabResets, tcpCurrEstab, tcpInSegs, 963 tcpOutSegs, tcpRetransSegs, 964 tcpInErrs, tcpOutRsts } 965 STATUS current 966 DESCRIPTION 967 "The group of counters common to TCP entities." 968 ::= { tcpMIBGroups 2 } 970 tcpConnectionGroup OBJECT-GROUP 971 OBJECTS { tcpConnectionState, tcpConnectionProcess } 972 STATUS current 973 DESCRIPTION 974 "The group provides general information about TCP 975 connections." 976 ::= { tcpMIBGroups 3 } 978 tcpListenerGroup OBJECT-GROUP 979 OBJECTS { tcpListenerProcess } 980 STATUS current 981 DESCRIPTION 982 "This group has objects providing general information about 983 TCP listeners." 984 ::= { tcpMIBGroups 4 } 986 tcpHCGroup OBJECT-GROUP 987 OBJECTS { tcpHCInSegs, tcpHCOutSegs } 988 STATUS current 989 DESCRIPTION 990 "The group of objects providing for counters of high speed 991 TCP implementations." 992 ::= { tcpMIBGroups 5 } 994 END 996 5. Acknowledgements 998 This document contains a modified subset of RFC 1213 and updates RFC 999 2012 and RFC 2452. Acknowledgements are therefore due to the authors 1000 and editors of these documents for their excellent work. Several 1001 useful comments regarding usability and design were also received 1002 from Kristine Adamson. The authors would like to like all these 1003 people for their contribution to this effort. 1005 6. Normative References 1007 [RFC793] Postel, J., "Transmission Control Protocol - DARPA Internet 1008 Program Protocol Specification", STD 7, RFC 793, DARPA, 1009 September 1981. 1011 [RFC2287] Krupczak, C., Saperia, J., "Definitions of System-Level 1012 Managed Objects for Applications", RFC 2287, February 1998. 1014 [RFC2790] Waldbusser, S., Grillo, P., "Host Resources MIB", RFC 2790, 1015 March 2000. 1017 [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1018 Rose, M. and S. Waldbusser, "Structure of Management 1019 Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1020 1999. 1022 [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1023 Rose, M. and S. Waldbusser, "Textual Conventions for SMIv2", 1024 STD 58, RFC 2579, April 1999. 1026 [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1027 Rose, M. and S. Waldbusser, "Conformance Statements for 1028 SMIv2", STD 58, RFC 2580, April 1999. 1030 [RFC3291] Daniele, M., Haberman, B., Routhier, S., and Schoenwaelder, 1031 J., "Textual Conventions for Internet Network Addresses", 1032 RFC 3291, May 2002. 1034 7. Informative References 1036 [RFC1213] Rose, M. and K. McCloghrie, "Management Information Base 1037 for Network Management of TCP/IP-based internets", RFC 1213, 1038 March 1991. 1040 [RFC2012] K. McCloghrie, "SNMPv2 Management Information Base for the 1041 Transmission Control Protocol using SMIv2", RFC 2012, 1042 November 1996. 1044 [RFC2452] Daniele, M., "IP Version 6 Management Information Base for 1045 the Transmission Control Protocol", RFC 2452, December 1998. 1047 [RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, 1048 "Introduction and Applicability Statements for Internet- 1049 Standard Management Framework", RFC 3410, December 2002. 1051 [VANJ] Jacobson, V., "Congestion Avoidance and Control", SIGCOMM 1052 1988, Stanford, California. 1054 8. Security Considerations 1056 There are management objects defined in this MIB that have a 1057 MAX-ACCESS clause of read-write. Such objects may be considered 1058 sensitive or vulnerable in some network environments. The support 1059 for SET operations in a non-secure environment without proper 1060 protection can have a negative effect on network operations. 1061 These are the tables and objects and their sensitivity/vulnerability: 1063 o The tcpConnectionState and tcpConnState objects have a MAX-ACCESS 1064 clause of read-write, which allows termination of an arbitrary 1065 connection. Unauthorized access could cause a denial of service. 1067 Some of the readable objects in this MIB module (i.e., objects with a 1068 MAX-ACCESS other than not-accessible) may be considered sensitive or 1069 vulnerable in some network environments. It is thus important to 1070 control even GET and/or NOTIFY access to these objects and possibly 1071 to even encrypt the values of these objects when sending them over 1072 the network via SNMP. These are the tables and objects and their 1073 sensitivity/vulnerability: 1075 o The tcpConnectionTable and the tcpConnTable contain objects 1076 providing information on the active connections on the device, 1077 the status of these connections and the associated processes. 1078 This information may be used by an attacker to launch attacks 1079 against known/unknown weakness in certain protocols/applications. 1081 o The tcpListenerTable and the tcpConnTable contain objects providing 1082 information on listeners on an entity. For e.g. the 1083 tcpListenerLocalPort and tcpConnLocalPort objects can be used 1084 to identify what ports are open on the machine and can thus what 1085 attacks are likely to succeed, without the attacker having to run a 1086 port scanner. 1088 SNMP versions prior to SNMPv3 did not include adequate security. 1089 Even if the network itself is secure (for example by using IPSec), 1090 even then, there is no control as to who on the secure network is 1091 allowed to access and GET/SET (read/change/create/delete) the objects 1092 in this MIB module. 1094 It is RECOMMENDED that implementers consider the security features as 1095 provided by the SNMPv3 framework (see [RFC3410], section 8), 1096 including full support for the SNMPv3 cryptographic mechanisms (for 1097 authentication and privacy). 1099 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1100 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1101 enable cryptographic security. It is then a customer/operator 1102 responsibility to ensure that the SNMP entity giving access to an 1103 instance of this MIB module is properly configured to give access to 1104 the objects only to those principals (users) that have legitimate 1105 rights to indeed GET or SET (change/create/delete) them. 1107 9. Editor's Address 1109 Rajiv Raghunarayan 1110 Cisco Systems Inc. 1111 170 West Tasman Drive 1112 San Jose, CA 95134 1113 USA 1115 Email: raraghun@cisco.com 1117 10. Authors 1119 This document is an output of the IPv6 MIB revision team, and 1120 contributors to earlier versions of this document include: 1122 Bill Fenner, AT&T Labs -- Research 1123 Email: fenner@research.att.com 1125 Brian Haberman 1126 Email: bkhabs@nc.rr.com 1128 Shawn A. Routhier, Wind River 1129 Email: sar@epilogue.com 1131 Juergen Schoenwalder, TU Braunschweig 1132 Email: schoenw@ibr.cs.tu-bs.de 1134 Dave Thaler, Microsoft 1135 Email: dthaler@windows.microsoft 1137 This documents updates parts of the MIBs from several documents. RFC 1138 2012 has been the base document for these updations. RFC 2452 was 1139 the first document to define the managed objects for implementations 1140 of TCP over IPv6. 1142 RFC 2012: 1144 Keith McCloghrie, Cisco Systems (Editor) 1145 kzm@cisco.com 1147 RFC 2452: 1149 Mike Daniele, Compaq Computer Corporation 1150 daniele@zk3.dec.com 1152 11. Full Copyright Statement 1154 Copyright (C) The Internet Society (2002). All Rights Reserved. 1156 This document and translations of it may be copied and furnished to 1157 others, and derivative works that comment on or otherwise explain it or 1158 assist in its implementation may be prepared, copied, published and 1159 distributed, in whole or in part, without restriction of any kind, 1160 provided that the above copyright notice and this paragraph are 1161 included on all such copies and derivative works. However, this 1162 document itself may not be modified in any way, such as by removing the 1163 copyright notice or references to the Internet Society or other 1164 Internet organizations, except as needed for the purpose of developing 1165 Internet standards in which case the procedures for copyrights defined 1166 in the Internet Standards process must be followed, or as required to 1167 translate it into languages other than English. 1169 The limited permissions granted above are perpetual and will not be 1170 revoked by the Internet Society or its successors or assigns. 1172 This document and the information contained herein is provided on an 1173 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 1174 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT 1175 NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL 1176 NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY 1177 OR FITNESS FOR A PARTICULAR PURPOSE.