idnits 2.17.1 draft-ietf-ipv6-rfc2012-update-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** There is 1 instance of lines with control characters in the document. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 551: '...e been obsoleted. It MUST not be used....' RFC 2119 keyword, line 1149: '...It is RECOMMENDED that implementers co...' RFC 2119 keyword, line 1155: '... Instead, it is RECOMMENDED to deploy...' -- The abstract seems to indicate that this document obsoletes RFC2012, but the header doesn't have an 'Obsoletes:' line to match this. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: -- { tcp 16 } was used to represent the ipv6TcpConnTable in RFC 2452, -- which has since been obsoleted. It MUST not be used. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (November 2003) is 7462 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC793' is defined on line 1062, but no explicit reference was found in the text == Unused Reference: 'RFC3291' is defined on line 1085, but no explicit reference was found in the text == Unused Reference: 'RFC2452' is defined on line 1099, but no explicit reference was found in the text ** Obsolete normative reference: RFC 793 (Obsoleted by RFC 9293) ** Obsolete normative reference: RFC 3291 (Obsoleted by RFC 4001) -- Obsolete informational reference (is this intentional?): RFC 2012 (Obsoleted by RFC 4022) -- Obsolete informational reference (is this intentional?): RFC 2452 (Obsoleted by RFC 4022, RFC 8096) Summary: 6 errors (**), 0 flaws (~~), 6 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 IPv6 MIB Revision Design Team Rajiv Raghunarayan, Editor 2 INTERNET-DRAFT Cisco Systems 3 Expires: May 2004 November 2003 5 Management Information Base 6 for the Transmission Control Protocol (TCP) 7 draft-ietf-ipv6-rfc2012-update-05.txt 9 Status of this Document 11 This document is an Internet-Draft and is in full conformance with all 12 provisions of Section 10 of RFC2026. 14 Internet-Drafts are working documents of the Internet Engineering Task 15 Force (IETF), its areas, and its working groups. Note that other 16 groups may also distribute working documents as Internet-Drafts. 18 Internet-Drafts are draft documents valid for a maximum of six months 19 and may be updated, replaced, or obsoleted by other documents at any 20 time. It is inappropriate to use Internet-Drafts as reference material 21 or to cite them other than as "work in progress." 23 The list of current Internet-Drafts can be accessed at 24 http://www.ietf.org/ietf/1id-abstracts.txt 26 The list of Internet-Draft Shadow Directories can be accessed at 27 http://www.ietf.org/shadow.html. 29 This document is a product of the IPv6 MIB Revision Design Team. 30 Comments should be addressed to the editor/authors or the mailing 31 list at ipv6@ietf.org. 33 Copyright Notice 35 Copyright (C) The Internet Society (2003). All Rights Reserved. 37 Abstract 39 This memo defines a portion of the Management Information Base (MIB) 40 for use with network management protocols in the Internet community. 41 In particular, it describes managed objects used for implementations 42 of the Transmission Control Protocol (TCP) in an IP version 43 independent manner. This memo obsoletes RFCs 2012 and 2452. 45 Table of Contents 47 1. The Internet-Standard Management Framework . . . . . . . . . . 6 48 2. Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 49 3. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . 8 50 4. Acknowledgements. . . . . . . . . . . . . . . . . . . . . . . . 23 51 5. Normative References. . . . . . . . . . . . . . . . . . . . . . 23 52 6. Informative References. . . . . . . . . . . . . . . . . . . . . 24 53 7. Security Considerations . . . . . . . . . . . . . . . . . . . . 24 54 8. Intellectual Property . . . . . . . . . . . . . . . . . . . . . 26 55 9. Editor's Address. . . . . . . . . . . . . . . . . . . . . . . . 26 56 10. Authors. . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 57 11. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 27 59 Revision History 61 [Note to RFC Editor: Please remove prior to publication] 63 Changes from draft-ietf-ipv6-rfc2012-update-04.txt: 65 25th November 2003 67 As per consensus, removed the SIZE(0..36) restriction from 68 InetAddress objects. This has been stated as a part of the 69 compliance. 71 Added an IPR section and a copyright statement to DESCRIPTION 72 clause in MODULE-IDENTITY. 74 Added an RFC Editor's note to change XXXX to RFC publication 75 number. 77 Updated contact addresses for Brian Haberman, Shawn Routhier 78 and Dave Thaler. 80 Shortened the author list on the front page to editor only. 82 Changes from draft-ietf-ipv6-rfc2012-update-03.txt: 84 14th September 2003 86 Some editorial changes - correcting some spellings, and added a 87 statement to indicate the deprecation of RFC 2012 and RFC 2542. 89 Changes from draft-ietf-ipv6-rfc2012-update-02.txt: 91 16th June 2003 93 Added tcpHCInSegs and tcpHCOutSegs back to the mib, in order to 94 have the 64-bit counters along with the 32-bit counters. 96 Changes from draft-ietf-ipv6-rfc2012-update-01.txt: 98 23rd February 2003 100 Changes in this version mainly concentrate on reducing this mib 101 to a bare minimum update of RFC 2012, enough to satisfy the 102 needs of IPv6. The actual modifications are listed below. 104 Scalars tcpHCInSegs and tcpHCOutSegs dropped. 106 Objects dropped from the tcpConnectionTable include 107 tcpConnectionInSegs, tcpConnectionOutSegs, 108 tcpConnectionInOctets, tcpConnectionOutOctets, 109 tcpConnectionHCInSegs, tcpConnectionHCOutSegs, 110 tcpConnectionHCInOctets, tcpConnectionHCOutOctets, 111 tcpConnectionAge and tcpConnectionId. 113 Objects dropped from tcpListenerTable include 114 tcpListenerTimeOuts, tcpListenerEstablished and tcpListenerAge. 116 Updated compliance statements to reflect the aforementioned 117 changes. 119 Changes from draft-ietf-ipv6-rfc2012-update-00.txt: 121 4th November 2002 123 Replaced the tcpConnectionStartTime and tcpListenerStartTime 124 objects with tcpConnectionAge and tcpListenerAge respectively. 126 Added tcpConnectionRemAddressType as an auxiliary object into 127 the tcpConnectionTable. 129 Added new object, tcpConnectionId, to provide a link into the 130 TCP-ESTATS-MIB. 132 Included tcpConnectionAge and tcpConnectionProcess into the 133 tcpConnectionGroup. 135 Included tcpListenerAge and tcpListenerProcess into the 136 tcpListenerGroup. 138 tcpListenerGroup added to the mandatory list for compliance. 140 Changes from draft-ietf-ipngwg-rfc2012-update-01.txt: 142 27 June 2002 144 Replaced all occurrences of the term packets to segments, to be 145 consistent with the TCP specification. 147 Added limits to tcpRtoMin, tcpRtoMax and tcpMaxConn. 149 Added the scalar, tcpListenerTableLastChange. 151 Updated the description of tcpConnectionLocalAddress - removed 152 reference to 'listen' state. 154 Updated the description tcpConnection*Octets to explicitly 155 indicate whether the count includes the TCP header octets. 157 Updated the description of tcpConnectionStartTime and 158 tcpListenerStartTime - added clarifying text. 160 Renamed tcpConnectionProcessID to tcpConnectionProcess. 162 Updated the description of tcpListenerTable. 164 Updated the description of tcpListenerLocalAddressType to include 165 unknown (0) as a valid value. 167 Updated the description of tcpListenerLocalAddress - the value 168 ''h (zero-length octet-string) represents the case wherein an 169 application is will to accept connections for any IP interface 170 associated with the node. 172 Removed tcpListenerRemAddressType. 174 Removed tcpListenerHCConnectionsTimedOut and 175 tcpListenerHCConnectionsAccepted. Added them to open issues, to 176 be added iff deemed required after discussions. 178 Renamed tcpListenerConnectionsAccepted to tcpListenerEstablished 179 and tcpListenerConnectionsTimedOut to tcpListenerTimeOuts. 181 Renamed tcpListenerProcessID to tcpListenerProcess. 183 Updated compliance statement for the object tcpConnectionState - 184 support for the value 'deleteTCB (12)' deemed optional. 186 Added RFC 2790 and RFC 2287 to the References section. 188 Updated Contact-Info and Editor's address. 190 Added Authors section. 192 Changes from draft-ietf-ipngwg-rfc2012-update-00.txt: 194 14 November 2001 196 Added HC versions of connection counters. 198 Added Listener table, with counters for accepted and timed out 199 connection attempts. 201 Added tcp{Connection,Listener}ProcessID to index into SYSAPPL-MIB 202 or HOST-RESOURCES-MIB. 204 Removed tcpConnectionRemAddrType, it must be the same as 205 tcpConnectionLocalAddrType. 207 Changes from draft-ops-rfc2012-update-00.txt 209 12 Jul 2001 211 Turned into IPNG WG document 213 Added tcpCountersGroup for per-connection counters 215 Changes from first draft posted to v6mib mailing list: 217 23 Feb 2001 219 Made threshold for HC packet counters 1Mpps 221 Added copyright statements and table of contents 223 21 Feb 2001 -- Juergen's changes 225 Renamed tcpInetConn* to tcpConnection* 227 Updated Conformance info 229 Added missing tcpConnectionState and tcpConnState objects to 230 SEQUENCEs 232 6 Feb 2001 234 Removed v6-only objects. 236 Renamed inetTcp* to tcpInet* 238 Added SIZE restriction to InetAddress index objects. (36 = 239 32-byte addresses plus 4-byte scope, but it's just a strawman) 241 Used InetPortNumber TC from updated INET-ADDRESS-MIB 243 Updated compliance statements. 245 Added Keith to authors 247 Added open issues section. 249 Changes from RFC 2012 251 Deprecated tcpConnTable 253 Added tcpConnectionTable 255 1. The Internet-Standard Management Framework 257 For a detailed overview of the documents that describe the current 258 Internet-Standard Management Framework, please refer to section 7 of 259 RFC 3410 [RFC3410]. 261 Managed objects are accessed via a virtual information store, termed 262 the Management Information Base or MIB. MIB objects are generally 263 accessed through the Simple Network Management Protocol (SNMP). 264 Objects in the MIB are defined using the mechanisms defined in the 265 Structure of Management Information (SMI). This memo specifies a 266 MIB module that is compliant to the SMIv2, which is described in 267 STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, 268 RFC 2580 [RFC2580]. 270 2. Overview 272 The current TCP-MIB defined in this memo consists of two tables and 273 a group of scalars: 275 - The tcp group of scalars reports parameters and statistics of a 276 TCP protocol engine. 278 - The tcpConnectionTable provides access to status information for 279 all TCP connections handled by a TCP protocol engine. In addition 280 the table also reports identification of the operating system 281 level processes which handle the TCP connections. 283 - The tcpListenerTable provides access to information about all TCP 284 listening endpoints known by a TCP protocol engine. And similar 285 to the case of the connection table, the tcpListenerTable also 286 reports the identification of the operating system level 287 processes which handle this listening TCP endpoint. 289 3.1 Relationship to Other MIBs 291 This section discusses the relationship of this TCP-MIB module to 292 other MIB modules. 294 3.1.1 Relationship to RFC1213-MIB 296 TCP related MIB objects were originally defined as part of the 297 RFC1213-MIB defined in RFC 1213 [RFC1213]. The TCP related objects 298 of the RFC1213-MIB were later copied into a separate MIB module and 299 published in RFC 2012 [RFC2012] in SMIv2 format. 301 The previous versions of the TCP-MIB both defined the tcpConnTable, 302 which has been deprecated for basically two reasons: 304 (1) The tcpConnTable only supports IPv4. 306 The current approach in the IETF is to write IP version neutral 307 MIBs rather than having different definitions for various 308 version of IP. This reduces the amount of overhead when new 309 objects are introduced since there is only one place to add 310 them. Hence, the approach taken in RFC 2452 of having separate 311 tables is not continued. 313 (2) The tcpConnTable mixes listening endpoints with connections. 315 It turns out that connections tend to have a different behaviour 316 and management access pattern compared to listening endpoints. 317 Splitting the original tcpConnTable into two tables thus allows 318 for the addition of specific status and statistics objects for 319 listening endpoints and connections. 321 3.1.2 Relationship to IPV6-TCP-MIB 323 The IPV6-TCP-MIB defined in RFC 2452 has been moved to Historic 324 since the approach of having separate IP version specific tables is 325 not followed anymore. Implementation of RFC 2452 is thus not 326 suggested anymore. 328 3.1.3 Relationship to HOST-RESOURCES-MIB and SYSAPPL-MIB 330 The tcpConnectionTable and the tcpListenerTable report the 331 identification of the operating system level process which handles 332 a connection or a listening endpoint. The value is reported as an 333 Unsigned32 which is expected to be the same as the hrSWRunIndex of 334 the HOST-RESOURCES-MIB [RFC2790] (if the value is smaller than 335 2147483647) or the sysApplElmtRunIndex of the SYSAPPL-MIB [RFC2287]. 336 This allows managment applications to identify the TCP connections 337 that belong to an operating system level process which has proven 338 to be valuable in operational environments. 340 3. Definitions 342 TCP-MIB DEFINITIONS ::= BEGIN 344 IMPORTS 345 MODULE-IDENTITY, OBJECT-TYPE, Integer32, Unsigned32, 346 Gauge32, Counter32, Counter64, IpAddress, mib-2 347 FROM SNMPv2-SMI 348 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF 349 InetAddress, InetAddressType, 350 InetPortNumber FROM INET-ADDRESS-MIB; 352 tcpMIB MODULE-IDENTITY 353 LAST-UPDATED "200311250000Z" 354 ORGANIZATION 355 "IETF IPv6 MIB Revision Team 356 http://www.ietf.org/html.charters/ipv6-charter.html" 357 CONTACT-INFO 358 "Rajiv Raghunarayan (editor) 360 Cisco Systems Inc. 361 170 West Tasman Drive 362 San Jose, CA 95134 364 Phone: +1 408 853 9612 365 Email: 367 Send comments to " 368 -- RFC Ed: please verify mailing list address at publication 369 -- and delete this note 370 DESCRIPTION 371 "The MIB module for managing TCP implementations. 373 Copyright (C) The Internet Society (2003). This version 374 of this MIB module is a part of RFC xxxx; see the RFC 375 itself for full legal notices." 376 -- RFC Ed : replace xxxx with actual RFC number & remove note 378 REVISION "200311250000Z" 379 DESCRIPTION 380 "IP version neutral revision, published as RFC XXXX." 381 -- RFC Ed : replace xxxx with actual RFC number & remove note 383 REVISION "9411010000Z" 384 DESCRIPTION 385 "Initial SMIv2 version, published as RFC 2012." 387 REVISION "9103310000Z" 388 DESCRIPTION 389 "The initial revision of this MIB module was part of 390 MIB-II." 391 ::= { mib-2 49 } 393 -- the TCP base variables group 395 tcp OBJECT IDENTIFIER ::= { mib-2 6 } 397 -- Scalars 399 tcpRtoAlgorithm OBJECT-TYPE 400 SYNTAX INTEGER { 401 other(1), -- none of the following 402 constant(2), -- a constant rto 403 rsre(3), -- MIL-STD-1778, Appendix B 404 vanj(4) -- Van Jacobson's algorithm [VANJ] 405 } 406 MAX-ACCESS read-only 407 STATUS current 408 DESCRIPTION 409 "The algorithm used to determine the timeout value used for 410 retransmitting unacknowledged octets." 411 ::= { tcp 1 } 413 tcpRtoMin OBJECT-TYPE 414 SYNTAX Integer32 (0..2147483647) 415 UNITS "milliseconds" 416 MAX-ACCESS read-only 417 STATUS current 418 DESCRIPTION 419 "The minimum value permitted by a TCP implementation for the 420 retransmission timeout, measured in milliseconds. More 421 refined semantics for objects of this type depend upon the 422 algorithm used to determine the retransmission timeout. In 423 particular, when the timeout algorithm is rsre(3), an 424 object of this type has the semantics of the LBOUND 425 quantity described in RFC 793." 426 ::= { tcp 2 } 428 tcpRtoMax OBJECT-TYPE 429 SYNTAX Integer32 (0..2147483647) 430 UNITS "milliseconds" 431 MAX-ACCESS read-only 432 STATUS current 433 DESCRIPTION 434 "The maximum value permitted by a TCP implementation for the 435 retransmission timeout, measured in milliseconds. More 436 refined semantics for objects of this type depend upon the 437 algorithm used to determine the retransmission timeout. In 438 particular, when the timeout algorithm is rsre(3), an 439 object of this type has the semantics of the UBOUND 440 quantity described in RFC 793." 441 ::= { tcp 3 } 443 tcpMaxConn OBJECT-TYPE 444 SYNTAX Integer32 (-1 | 0..2147483647) 445 MAX-ACCESS read-only 446 STATUS current 447 DESCRIPTION 448 "The limit on the total number of TCP connections the entity 449 can support. In entities where the maximum number of 450 connections is dynamic, this object should contain the 451 value -1." 452 ::= { tcp 4 } 454 tcpActiveOpens OBJECT-TYPE 455 SYNTAX Counter32 456 MAX-ACCESS read-only 457 STATUS current 458 DESCRIPTION 459 "The number of times TCP connections have made a direct 460 transition to the SYN-SENT state from the CLOSED state." 461 ::= { tcp 5 } 463 tcpPassiveOpens OBJECT-TYPE 464 SYNTAX Counter32 465 MAX-ACCESS read-only 466 STATUS current 467 DESCRIPTION 468 "The number of times TCP connections have made a direct 469 transition to the SYN-RCVD state from the LISTEN state." 470 ::= { tcp 6 } 472 tcpAttemptFails OBJECT-TYPE 473 SYNTAX Counter32 474 MAX-ACCESS read-only 475 STATUS current 476 DESCRIPTION 477 "The number of times TCP connections have made a direct 478 transition to the CLOSED state from either the SYN-SENT 479 state or the SYN-RCVD state, plus the number of times TCP 480 connections have made a direct transition to the LISTEN 481 state from the SYN-RCVD state." 482 ::= { tcp 7 } 484 tcpEstabResets OBJECT-TYPE 485 SYNTAX Counter32 486 MAX-ACCESS read-only 487 STATUS current 488 DESCRIPTION 489 "The number of times TCP connections have made a direct 490 transition to the CLOSED state from either the ESTABLISHED 491 state or the CLOSE-WAIT state." 492 ::= { tcp 8 } 494 tcpCurrEstab OBJECT-TYPE 495 SYNTAX Gauge32 496 MAX-ACCESS read-only 497 STATUS current 498 DESCRIPTION 499 "The number of TCP connections for which the current state 500 is either ESTABLISHED or CLOSE-WAIT." 501 ::= { tcp 9 } 503 tcpInSegs OBJECT-TYPE 504 SYNTAX Counter32 505 MAX-ACCESS read-only 506 STATUS current 507 DESCRIPTION 508 "The total number of segments received, including those 509 received in error. This count includes segments received 510 on currently established connections." 511 ::= { tcp 10 } 513 tcpOutSegs OBJECT-TYPE 514 SYNTAX Counter32 515 MAX-ACCESS read-only 516 STATUS current 517 DESCRIPTION 518 "The total number of segments sent, including those on 519 current connections but excluding those containing only 520 retransmitted octets." 521 ::= { tcp 11 } 523 tcpRetransSegs OBJECT-TYPE 524 SYNTAX Counter32 525 MAX-ACCESS read-only 526 STATUS current 527 DESCRIPTION 528 "The total number of segments retransmitted - that is, the 529 number of TCP segments transmitted containing one or more 530 previously transmitted octets." 531 ::= { tcp 12 } 533 tcpInErrs OBJECT-TYPE 534 SYNTAX Counter32 535 MAX-ACCESS read-only 536 STATUS current 537 DESCRIPTION 538 "The total number of segments received in error (e.g., bad 539 TCP checksums)." 540 ::= { tcp 14 } 542 tcpOutRsts OBJECT-TYPE 543 SYNTAX Counter32 544 MAX-ACCESS read-only 545 STATUS current 546 DESCRIPTION 547 "The number of TCP segments sent containing the RST flag." 548 ::= { tcp 15 } 550 -- { tcp 16 } was used to represent the ipv6TcpConnTable in RFC 2452, 551 -- which has since been obsoleted. It MUST not be used. 553 tcpHCInSegs OBJECT-TYPE 554 SYNTAX Counter64 555 MAX-ACCESS read-only 556 STATUS current 557 DESCRIPTION 558 "The total number of segments received, including those 559 received in error. This count includes segments received 560 on currently established connections. This object is 561 the 64-bit equivalent of tcpInSegs." 562 ::= { tcp 17 } 564 tcpHCOutSegs OBJECT-TYPE 565 SYNTAX Counter64 566 MAX-ACCESS read-only 567 STATUS current 568 DESCRIPTION 569 "The total number of segments sent, including those on 570 current connections but excluding those containing only 571 retransmitted octets. This object is the 64-bit 572 equivalent of tcpOutSegs." 573 ::= { tcp 18 } 575 -- The TCP Connection table 577 tcpConnectionTable OBJECT-TYPE 578 SYNTAX SEQUENCE OF TcpConnectionEntry 579 MAX-ACCESS not-accessible 580 STATUS current 581 DESCRIPTION 582 "A table containing information about existing TCP 583 connections. Note that unlike earlier TCP MIBs, there 584 is a separate table for connections in the LISTEN state." 585 ::= { tcp 19 } 587 tcpConnectionEntry OBJECT-TYPE 588 SYNTAX TcpConnectionEntry 589 MAX-ACCESS not-accessible 590 STATUS current 591 DESCRIPTION 592 "A conceptual row of the tcpConnectionTable containing 593 information about a particular current TCP connection. 594 Each row of this table is transient, in that it ceases to 595 exist when (or soon after) the connection makes the 596 transition to the CLOSED state." 597 INDEX { tcpConnectionLocalAddressType, 598 tcpConnectionLocalAddress, 599 tcpConnectionLocalPort, 600 tcpConnectionRemAddressType, 601 tcpConnectionRemAddress, 602 tcpConnectionRemPort } 603 ::= { tcpConnectionTable 1 } 605 TcpConnectionEntry ::= SEQUENCE { 606 tcpConnectionLocalAddressType InetAddressType, 607 tcpConnectionLocalAddress InetAddress, 608 tcpConnectionLocalPort InetPortNumber, 609 tcpConnectionRemAddressType InetAddressType, 610 tcpConnectionRemAddress InetAddress, 611 tcpConnectionRemPort InetPortNumber, 612 tcpConnectionState INTEGER, 613 tcpConnectionProcess Unsigned32 614 } 616 tcpConnectionLocalAddressType OBJECT-TYPE 617 SYNTAX InetAddressType 618 MAX-ACCESS not-accessible 619 STATUS current 620 DESCRIPTION 621 "The address type of tcpConnectionLocalAddress." 622 ::= { tcpConnectionEntry 1 } 624 tcpConnectionLocalAddress OBJECT-TYPE 625 SYNTAX InetAddress 626 MAX-ACCESS not-accessible 627 STATUS current 628 DESCRIPTION 629 "The local IP address for this TCP connection." 630 ::= { tcpConnectionEntry 2 } 632 tcpConnectionLocalPort OBJECT-TYPE 633 SYNTAX InetPortNumber 634 MAX-ACCESS not-accessible 635 STATUS current 636 DESCRIPTION 637 "The local port number for this TCP connection." 638 ::= { tcpConnectionEntry 3 } 640 tcpConnectionRemAddressType OBJECT-TYPE 641 SYNTAX InetAddressType 642 MAX-ACCESS not-accessible 643 STATUS current 644 DESCRIPTION 645 "The address type of tcpConnectionRemAddress." 646 ::= { tcpConnectionEntry 4 } 648 tcpConnectionRemAddress OBJECT-TYPE 649 SYNTAX InetAddress 650 MAX-ACCESS not-accessible 651 STATUS current 652 DESCRIPTION 653 "The remote IP address for this TCP connection." 654 ::= { tcpConnectionEntry 5 } 656 tcpConnectionRemPort OBJECT-TYPE 657 SYNTAX InetPortNumber 658 MAX-ACCESS not-accessible 659 STATUS current 660 DESCRIPTION 661 "The remote port number for this TCP connection." 662 ::= { tcpConnectionEntry 6 } 664 tcpConnectionState OBJECT-TYPE 665 SYNTAX INTEGER { 666 closed(1), 667 listen(2), 668 synSent(3), 669 synReceived(4), 670 established(5), 671 finWait1(6), 672 finWait2(7), 673 closeWait(8), 674 lastAck(9), 675 closing(10), 676 timeWait(11), 677 deleteTCB(12) 678 } 679 MAX-ACCESS read-write 680 STATUS current 681 DESCRIPTION 682 "The state of this TCP connection. 684 The value listen(2) is included only for parallelism to the 685 old tcpConnTable, and should not be used. A connection in 686 LISTEN state should be present in the tcpListenerTable. 688 The only value which may be set by a management station is 689 deleteTCB(12). Accordingly, it is appropriate for an agent 690 to return a `badValue' response if a management station 691 attempts to set this object to any other value. 693 If a management station sets this object to the value 694 deleteTCB(12), then this has the effect of deleting the TCB 695 (as defined in RFC 793) of the corresponding connection on 696 the managed node, resulting in immediate termination of the 697 connection. 699 As an implementation-specific option, a RST segment may be 700 sent from the managed node to the other TCP endpoint (note 701 however that RST segments are not sent reliably)." 702 ::= { tcpConnectionEntry 7 } 704 tcpConnectionProcess OBJECT-TYPE 705 SYNTAX Unsigned32 706 MAX-ACCESS read-only 707 STATUS current 708 DESCRIPTION 709 "The system's process ID for the process associated with 710 this connection, or zero if there is no such process. This 711 value is expected to be the same as HOST-RESOURCES-MIB:: 712 hrSWRunIndex or SYSAPPL-MIB::sysApplElmtRunIndex for some 713 row in the appropriate tables." 714 ::= { tcpConnectionEntry 8 } 716 -- The TCP Listener table 718 tcpListenerTable OBJECT-TYPE 719 SYNTAX SEQUENCE OF TcpListenerEntry 720 MAX-ACCESS not-accessible 721 STATUS current 722 DESCRIPTION 723 "A table containing information about TCP listeners. A 724 listening application can be represented in three 725 possible ways: 727 1. An application that is willing to accept both IPv4 and 728 IPv6 datagrams is represented by 729 tcpListenerLocalAddressType of unknown (0) and 730 tcpListenerLocalAddress of ''h (a zero-length 731 octet-string). 733 2. An application which is willing to accept only IPv4 or 734 IPv6 datagrams is represented by a 735 tcpListenerLocalAddressType of the appropriate address 736 type and tcpListenerLocalAddress of ''h (a zero-length 737 octet-string). 739 3. An application which is a listening for data destined 740 only to a specific IP address, but from any remote 741 system, is represented by a tcpListenerLocalAddressType 742 of an appropriate address type, with 743 tcpListenerLocalAddress the specific local address. 745 NOTE: The address type in this table represents the 746 address type used for the communication, irrespective 747 of the higher-layer abstraction. For example, an 748 application using IPv6 'sockets' to communicate via 749 IPv4 between ::ffff:10.0.0.1 and ::ffff:10.0.0.2 would 750 use InetAddressType ipv4(1))." 751 ::= { tcp 20 } 753 tcpListenerEntry OBJECT-TYPE 754 SYNTAX TcpListenerEntry 755 MAX-ACCESS not-accessible 756 STATUS current 757 DESCRIPTION 758 "A conceptual row of the tcpListenerTable containing 759 information about a particular TCP listener." 760 INDEX { tcpListenerLocalAddressType, 761 tcpListenerLocalAddress, 762 tcpListenerLocalPort } 763 ::= { tcpListenerTable 1 } 765 TcpListenerEntry ::= SEQUENCE { 766 tcpListenerLocalAddressType InetAddressType, 767 tcpListenerLocalAddress InetAddress, 768 tcpListenerLocalPort InetPortNumber, 769 tcpListenerProcess Unsigned32 770 } 772 tcpListenerLocalAddressType OBJECT-TYPE 773 SYNTAX InetAddressType 774 MAX-ACCESS not-accessible 775 STATUS current 776 DESCRIPTION 777 "The address type of tcpListenerLocalAddress. The value 778 should be unknown (0) if connection initiation to all 779 local IP addresses are accepted." 780 ::= { tcpListenerEntry 1 } 782 tcpListenerLocalAddress OBJECT-TYPE 783 SYNTAX InetAddress 784 MAX-ACCESS not-accessible 785 STATUS current 786 DESCRIPTION 787 "The local IP address for this TCP connection. In the case 788 of a listener which is willing to accept connections for 789 any IP interface associated with the node, a value of ''h 790 (zero-length octet-string) is used." 791 ::= { tcpListenerEntry 2 } 793 tcpListenerLocalPort OBJECT-TYPE 794 SYNTAX InetPortNumber 795 MAX-ACCESS not-accessible 796 STATUS current 797 DESCRIPTION 798 "The local port number for this TCP connection." 799 ::= { tcpListenerEntry 3 } 801 tcpListenerProcess OBJECT-TYPE 802 SYNTAX Unsigned32 803 MAX-ACCESS read-only 804 STATUS current 805 DESCRIPTION 806 "The system's process ID for the process associated with 807 this listener, or zero if there is no such process. This 808 value is expected to be the same as HOST-RESOURCES-MIB:: 809 hrSWRunIndex or SYSAPPL-MIB::sysApplElmtRunIndex for some 810 row in the appropriate tables." 811 ::= { tcpListenerEntry 4 } 813 -- The deprecated TCP Connection table 815 tcpConnTable OBJECT-TYPE 816 SYNTAX SEQUENCE OF TcpConnEntry 817 MAX-ACCESS not-accessible 818 STATUS deprecated 819 DESCRIPTION 820 "A table containing information about existing IPv4-specific 821 TCP connections or listeners. This table has been 822 deprecated in favor of the version neutral 823 tcpConnectionTable." 824 ::= { tcp 13 } 826 tcpConnEntry OBJECT-TYPE 827 SYNTAX TcpConnEntry 828 MAX-ACCESS not-accessible 829 STATUS deprecated 830 DESCRIPTION 831 "A conceptual row of the tcpConnTable containing information 832 about a particular current IPv4 TCP connection. Each row 833 of this table is transient, in that it ceases to exist when 834 (or soon after) the connection makes the transition to the 835 CLOSED state." 836 INDEX { tcpConnLocalAddress, 837 tcpConnLocalPort, 838 tcpConnRemAddress, 839 tcpConnRemPort } 840 ::= { tcpConnTable 1 } 842 TcpConnEntry ::= SEQUENCE { 843 tcpConnState INTEGER, 844 tcpConnLocalAddress IpAddress, 845 tcpConnLocalPort Integer32, 846 tcpConnRemAddress IpAddress, 847 tcpConnRemPort Integer32 848 } 850 tcpConnState OBJECT-TYPE 851 SYNTAX INTEGER { 852 closed(1), 853 listen(2), 854 synSent(3), 855 synReceived(4), 856 established(5), 857 finWait1(6), 858 finWait2(7), 859 closeWait(8), 860 lastAck(9), 861 closing(10), 862 timeWait(11), 863 deleteTCB(12) 864 } 865 MAX-ACCESS read-write 866 STATUS deprecated 867 DESCRIPTION 868 "The state of this TCP connection. 870 The only value which may be set by a management station is 871 deleteTCB(12). Accordingly, it is appropriate for an agent 872 to return a `badValue' response if a management station 873 attempts to set this object to any other value. 875 If a management station sets this object to the value 876 deleteTCB(12), then this has the effect of deleting the TCB 877 (as defined in RFC 793) of the corresponding connection on 878 the managed node, resulting in immediate termination of the 879 connection. 881 As an implementation-specific option, a RST segment may be 882 sent from the managed node to the other TCP endpoint (note 883 however that RST segments are not sent reliably)." 884 ::= { tcpConnEntry 1 } 886 tcpConnLocalAddress OBJECT-TYPE 887 SYNTAX IpAddress 888 MAX-ACCESS read-only 889 STATUS deprecated 890 DESCRIPTION 891 "The local IP address for this TCP connection. In the case 892 of a connection in the listen state which is willing to 893 accept connections for any IP interface associated with the 894 node, the value 0.0.0.0 is used." 895 ::= { tcpConnEntry 2 } 897 tcpConnLocalPort OBJECT-TYPE 898 SYNTAX Integer32 (0..65535) 899 MAX-ACCESS read-only 900 STATUS deprecated 901 DESCRIPTION 902 "The local port number for this TCP connection." 903 ::= { tcpConnEntry 3 } 905 tcpConnRemAddress OBJECT-TYPE 906 SYNTAX IpAddress 907 MAX-ACCESS read-only 908 STATUS deprecated 909 DESCRIPTION 910 "The remote IP address for this TCP connection." 911 ::= { tcpConnEntry 4 } 913 tcpConnRemPort OBJECT-TYPE 914 SYNTAX Integer32 (0..65535) 915 MAX-ACCESS read-only 916 STATUS deprecated 917 DESCRIPTION 918 "The remote port number for this TCP connection." 919 ::= { tcpConnEntry 5 } 921 -- conformance information 923 tcpMIBConformance OBJECT IDENTIFIER ::= { tcpMIB 2 } 925 tcpMIBCompliances OBJECT IDENTIFIER ::= { tcpMIBConformance 1 } 926 tcpMIBGroups OBJECT IDENTIFIER ::= { tcpMIBConformance 2 } 927 -- compliance statements 929 tcpMIBCompliance2 MODULE-COMPLIANCE 930 STATUS current 931 DESCRIPTION 932 "The compliance statement for systems which implement TCP. 934 There are a number of INDEX objects that cannot be 935 represented in the form of OBJECT clauses in SMIv2, but 936 for which we have the following compliance requirements, 937 expressed in OBJECT clause form in this description 938 clause: 940 -- OBJECT tcpConnectionLocalAddressType 941 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 942 -- DESCRIPTION 943 -- This MIB requires support for only global IPv4 944 -- and IPv6 address types. 945 -- 946 -- OBJECT tcpConnectionRemAddressType 947 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 948 -- DESCRIPTION 949 -- This MIB requires support for only global IPv4 950 -- and IPv6 address types. 951 -- 952 -- OBJECT tcpListenerLocalAddressType 953 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 954 -- DESCRIPTION 955 -- This MIB requires support for only global IPv4 956 -- and IPv6 address types. 957 -- 958 " 959 MODULE -- this module 960 MANDATORY-GROUPS { tcpBaseGroup, tcpConnectionGroup, 961 tcpListenerGroup } 962 GROUP tcpHCGroup 963 DESCRIPTION 964 "This group is mandatory for those systems which are capable 965 of receiving or transmitting more than 1 million TCP 966 segments per second. 1 million segments per second will 967 cause a Counter32 to wrap in just over an hour." 968 OBJECT tcpConnectionState 969 SYNTAX INTEGER { closed(1), listen(2), synSent(3), 970 synReceived(4), established(5), 971 finWait1(6), finWait2(7), closeWait(8), 972 lastAck(9), closing(10), timeWait(11) } 973 MIN-ACCESS read-only 974 DESCRIPTION 975 "Write access is not required, nor is support for the value 976 deleteTCB (12)." 977 ::= { tcpMIBCompliances 2 } 979 tcpMIBCompliance MODULE-COMPLIANCE 980 STATUS deprecated 981 DESCRIPTION 982 "The compliance statement for IPv4-only systems which 983 implement TCP. In order to be IP version independent, this 984 compliance statement is deprecated in favor of 985 tcpMIBCompliance2. However, agents are still encouraged 986 to implement these objects in order to interoperate with 987 the deployed base of managers." 988 MODULE -- this module 989 MANDATORY-GROUPS { tcpGroup } 990 OBJECT tcpConnState 991 MIN-ACCESS read-only 992 DESCRIPTION 993 "Write access is not required." 994 ::= { tcpMIBCompliances 1 } 996 -- units of conformance 998 tcpGroup OBJECT-GROUP 999 OBJECTS { tcpRtoAlgorithm, tcpRtoMin, tcpRtoMax, 1000 tcpMaxConn, tcpActiveOpens, 1001 tcpPassiveOpens, tcpAttemptFails, 1002 tcpEstabResets, tcpCurrEstab, tcpInSegs, 1003 tcpOutSegs, tcpRetransSegs, tcpConnState, 1004 tcpConnLocalAddress, tcpConnLocalPort, 1005 tcpConnRemAddress, tcpConnRemPort, 1006 tcpInErrs, tcpOutRsts } 1007 STATUS deprecated 1008 DESCRIPTION 1009 "The tcp group of objects providing for management of TCP 1010 entities." 1011 ::= { tcpMIBGroups 1 } 1013 tcpBaseGroup OBJECT-GROUP 1014 OBJECTS { tcpRtoAlgorithm, tcpRtoMin, tcpRtoMax, 1015 tcpMaxConn, tcpActiveOpens, 1016 tcpPassiveOpens, tcpAttemptFails, 1017 tcpEstabResets, tcpCurrEstab, tcpInSegs, 1018 tcpOutSegs, tcpRetransSegs, 1019 tcpInErrs, tcpOutRsts } 1020 STATUS current 1021 DESCRIPTION 1022 "The group of counters common to TCP entities." 1023 ::= { tcpMIBGroups 2 } 1025 tcpConnectionGroup OBJECT-GROUP 1026 OBJECTS { tcpConnectionState, tcpConnectionProcess } 1027 STATUS current 1028 DESCRIPTION 1029 "The group provides general information about TCP 1030 connections." 1031 ::= { tcpMIBGroups 3 } 1033 tcpListenerGroup OBJECT-GROUP 1034 OBJECTS { tcpListenerProcess } 1035 STATUS current 1036 DESCRIPTION 1037 "This group has objects providing general information about 1038 TCP listeners." 1039 ::= { tcpMIBGroups 4 } 1041 tcpHCGroup OBJECT-GROUP 1042 OBJECTS { tcpHCInSegs, tcpHCOutSegs } 1043 STATUS current 1044 DESCRIPTION 1045 "The group of objects providing for counters of high speed 1046 TCP implementations." 1047 ::= { tcpMIBGroups 5 } 1049 END 1051 4. Acknowledgements 1053 This document contains a modified subset of RFC 1213 and updates RFC 1054 2012 and RFC 2452. Acknowledgements are therefore due to the authors 1055 and editors of these documents for their excellent work. Several 1056 useful comments regarding usability and design were also received 1057 from Kristine Adamson. The authors would like to like all these 1058 people for their contribution to this effort. 1060 5. Normative References 1062 [RFC793] Postel, J., "Transmission Control Protocol - DARPA Internet 1063 Program Protocol Specification", STD 7, RFC 793, DARPA, 1064 September 1981. 1066 [RFC2287] Krupczak, C., Saperia, J., "Definitions of System-Level 1067 Managed Objects for Applications", RFC 2287, February 1998. 1069 [RFC2790] Waldbusser, S., Grillo, P., "Host Resources MIB", RFC 2790, 1070 March 2000. 1072 [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1073 Rose, M. and S. Waldbusser, "Structure of Management 1074 Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1075 1999. 1077 [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1078 Rose, M. and S. Waldbusser, "Textual Conventions for SMIv2", 1079 STD 58, RFC 2579, April 1999. 1081 [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1082 Rose, M. and S. Waldbusser, "Conformance Statements for 1083 SMIv2", STD 58, RFC 2580, April 1999. 1085 [RFC3291] Daniele, M., Haberman, B., Routhier, S., and Schoenwaelder, 1086 J., "Textual Conventions for Internet Network Addresses", 1087 RFC 3291, May 2002. 1089 6. Informative References 1091 [RFC1213] Rose, M. and K. McCloghrie, "Management Information Base 1092 for Network Management of TCP/IP-based internets", RFC 1213, 1093 March 1991. 1095 [RFC2012] K. McCloghrie, "SNMPv2 Management Information Base for the 1096 Transmission Control Protocol using SMIv2", RFC 2012, 1097 November 1996. 1099 [RFC2452] Daniele, M., "IP Version 6 Management Information Base for 1100 the Transmission Control Protocol", RFC 2452, December 1998. 1102 [RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, 1103 "Introduction and Applicability Statements for Internet- 1104 Standard Management Framework", RFC 3410, December 2002. 1106 [VANJ] Jacobson, V., "Congestion Avoidance and Control", SIGCOMM 1107 1988, Stanford, California. 1109 7. Security Considerations 1111 There are management objects defined in this MIB that have a 1112 MAX-ACCESS clause of read-write. Such objects may be considered 1113 sensitive or vulnerable in some network environments. The support 1114 for SET operations in a non-secure environment without proper 1115 protection can have a negative effect on network operations. 1116 These are the tables and objects and their sensitivity/vulnerability: 1118 o The tcpConnectionState and tcpConnState objects have a MAX-ACCESS 1119 clause of read-write, which allows termination of an arbitrary 1120 connection. Unauthorized access could cause a denial of service. 1122 Some of the readable objects in this MIB module (i.e., objects with a 1123 MAX-ACCESS other than not-accessible) may be considered sensitive or 1124 vulnerable in some network environments. It is thus important to 1125 control even GET and/or NOTIFY access to these objects and possibly 1126 to even encrypt the values of these objects when sending them over 1127 the network via SNMP. These are the tables and objects and their 1128 sensitivity/vulnerability: 1130 o The tcpConnectionTable and the tcpConnTable contain objects 1131 providing information on the active connections on the device, 1132 the status of these connections and the associated processes. 1133 This information may be used by an attacker to launch attacks 1134 against known/unknown weakness in certain protocols/applications. 1136 o The tcpListenerTable and the tcpConnTable contain objects providing 1137 information on listeners on an entity. For e.g. the 1138 tcpListenerLocalPort and tcpConnLocalPort objects can be used 1139 to identify what ports are open on the machine and can thus what 1140 attacks are likely to succeed, without the attacker having to run a 1141 port scanner. 1143 SNMP versions prior to SNMPv3 did not include adequate security. 1144 Even if the network itself is secure (for example by using IPSec), 1145 even then, there is no control as to who on the secure network is 1146 allowed to access and GET/SET (read/change/create/delete) the objects 1147 in this MIB module. 1149 It is RECOMMENDED that implementers consider the security features as 1150 provided by the SNMPv3 framework (see [RFC3410], section 8), 1151 including full support for the SNMPv3 cryptographic mechanisms (for 1152 authentication and privacy). 1154 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1155 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1156 enable cryptographic security. It is then a customer/operator 1157 responsibility to ensure that the SNMP entity giving access to an 1158 instance of this MIB module is properly configured to give access to 1159 the objects only to those principals (users) that have legitimate 1160 rights to indeed GET or SET (change/create/delete) them. 1162 8. Intellectual Property 1164 The IETF takes no position regarding the validity or scope of any 1165 intellectual property or other rights that might be claimed to 1166 pertain to the implementation or use of the technology described in 1167 this document or the extent to which any license under such rights 1168 might or might not be available; neither does it represent that it 1169 has made any effort to identify any such rights. Information on 1170 the IETF's procedures with respect to rights in standards-track and 1171 standards-related documentation can be found in BCP-11. Copies of 1172 claims of rights made available for publication and any assurances 1173 of licenses to be made available, or the result of an attempt made 1174 to obtain a general license or permission for the use of such 1175 proprietary rights by implementors or users of this specification 1176 can be obtained from the IETF Secretariat. 1178 The IETF invites any interested party to bring to its attention any 1179 copyrights, patents or patent applications, or other proprietary 1180 rights which may cover technology that may be required to practice 1181 this standard. Please address the information to the IETF 1182 Executive Director. 1184 9. Editor's Address 1186 Rajiv Raghunarayan 1187 Cisco Systems Inc. 1188 170 West Tasman Drive 1189 San Jose, CA 95134 1190 USA 1192 Email: raraghun@cisco.com 1194 10. Authors 1196 This document is an output of the IPv6 MIB revision team, and 1197 contributors to earlier versions of this document include: 1199 Bill Fenner, AT&T Labs -- Research 1200 Email: fenner@research.att.com 1202 Brian Haberman 1203 Email: brian@innovationslab.net 1205 Shawn A. Routhier, Wind River 1206 Email: shawn.routhier@windriver.com 1208 Juergen Schoenwalder, TU Braunschweig 1209 Email: schoenw@ibr.cs.tu-bs.de 1210 Dave Thaler, Microsoft 1211 Email: dthaler@windows.microsoft.com 1213 This documents updates parts of the MIBs from several documents. RFC 1214 2012 has been the base document for these updations. RFC 2452 was 1215 the first document to define the managed objects for implementations 1216 of TCP over IPv6. 1218 RFC 2012: 1220 Keith McCloghrie, Cisco Systems (Editor) 1221 kzm@cisco.com 1223 RFC 2452: 1225 Mike Daniele, Compaq Computer Corporation 1226 daniele@zk3.dec.com 1228 11. Full Copyright Statement 1230 Copyright (C) The Internet Society (2002). All Rights Reserved. 1232 This document and translations of it may be copied and furnished to 1233 others, and derivative works that comment on or otherwise explain it or 1234 assist in its implementation may be prepared, copied, published and 1235 distributed, in whole or in part, without restriction of any kind, 1236 provided that the above copyright notice and this paragraph are 1237 included on all such copies and derivative works. However, this 1238 document itself may not be modified in any way, such as by removing the 1239 copyright notice or references to the Internet Society or other 1240 Internet organizations, except as needed for the purpose of developing 1241 Internet standards in which case the procedures for copyrights defined 1242 in the Internet Standards process must be followed, or as required to 1243 translate it into languages other than English. 1245 The limited permissions granted above are perpetual and will not be 1246 revoked by the Internet Society or its successors or assigns. 1248 This document and the information contained herein is provided on an 1249 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 1250 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT 1251 NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL 1252 NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY 1253 OR FITNESS FOR A PARTICULAR PURPOSE.