idnits 2.17.1 draft-ietf-snmpv3-appl-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** The abstract seems to contain references ([SNMP-ARCH]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. == There are 5 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 622: '...P manageable, it MUST use the SNMP-TAR...' RFC 2119 keyword, line 889: '...table SNMP manageable, it MUST use the...' Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 3265 has weird spacing: '...tyLevel auth...' == Line 3266 has weird spacing: '...tDomain snmp...' == Line 3272 has weird spacing: '...tyLevel auth...' == Line 3275 has weird spacing: '...tDomain snmp...' == Line 3288 has weird spacing: '...for the purpo...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (28 October 1997) is 9676 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC1157' is defined on line 3094, but no explicit reference was found in the text == Unused Reference: 'RFC1213' is defined on line 3100, but no explicit reference was found in the text == Unused Reference: 'RFC1902' is defined on line 3106, but no explicit reference was found in the text == Unused Reference: 'RFC1903' is defined on line 3113, but no explicit reference was found in the text == Unused Reference: 'SNMP-MPD' is defined on line 3146, but no explicit reference was found in the text == Unused Reference: 'SNMP-ACM' is defined on line 3152, but no explicit reference was found in the text ** Downref: Normative reference to an Historic RFC: RFC 1157 ** Obsolete normative reference: RFC 1902 (Obsoleted by RFC 2578) ** Obsolete normative reference: RFC 1903 (Obsoleted by RFC 2579) ** Obsolete normative reference: RFC 1905 (Obsoleted by RFC 3416) -- Duplicate reference: RFC1905, mentioned in 'RFC1907', was also mentioned in 'RFC1905'. ** Obsolete normative reference: RFC 1905 (ref. 'RFC1907') (Obsoleted by RFC 3416) -- Duplicate reference: RFC1905, mentioned in 'RFC1908', was also mentioned in 'RFC1907'. ** Obsolete normative reference: RFC 1905 (ref. 'RFC1908') (Obsoleted by RFC 3416) Summary: 16 errors (**), 0 flaws (~~), 13 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT David B. Levi 3 SNMP Research, Inc. 4 Paul Meyer 5 Secure Computing Corporation 6 Bob Stewart 7 Cisco Systems 8 28 October 1997 10 SNMPv3 Applications 11 13 Status of this Memo 15 This document is an Internet-Draft. Internet-Drafts are working 16 documents of the Internet Engineering Task Force (IETF), its areas, 17 and its working groups. Note that other groups may also distribute 18 working documents as Internet-Drafts. 20 Internet-Drafts are draft documents valid for a maximum of six months 21 and may be updated, replaced, or obsoleted by other documents at any 22 time. It is inappropriate to use Internet-Drafts as reference 23 material or to cite them other than as ``work in progress.'' 25 To learn the current status of any Internet-Draft, please check the 26 ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow 27 Directories on ds.internic.net (US East Coast), nic.nordu.net 28 (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific 29 Rim). 31 Copyright Notice 33 Copyright (C) The Internet Society (date). All Rights Reserved. 35 Abstract 37 This memo describes five types of SNMP applications which make use of 38 an SNMP engine as described in [SNMP-ARCH]. The types of application 39 described are Command Generators, Command Responders, Notification 40 Originators, Notification Receivers, and Proxy Forwarders. 42 This memo also defines MIB modules for specifying targets of 43 management operations, for notification filtering, and for proxy 44 forwarding. 46 Table of Contents 48 1 Overview ..................................................... 3 49 1.1 Command Generator Applications ............................. 3 50 1.2 Command Responder Applications ............................. 3 51 1.3 Notification Originator Applications ....................... 4 52 1.4 Notification Receiver Applications ......................... 4 53 1.5 Proxy Forwarder Applications ............................... 4 54 2 Management Targets ........................................... 6 55 3 Elements Of Procedure ........................................ 6 56 3.1 Command Generator Applications ............................. 6 57 3.2 Command Responder Applications ............................. 10 58 3.3 Notification Originator Applications ....................... 15 59 3.4 Notification Receiver Applications ......................... 18 60 3.5 Proxy Forwarder Applications ............................... 20 61 3.5.1 Request Forwarding ....................................... 21 62 3.5.1.1 Processing an Incoming Request ......................... 21 63 3.5.1.2 Processing an Incoming Response ........................ 24 64 3.5.1.3 Processing an Incoming Report Indication ............... 25 65 3.5.2 Notification Forwarding .................................. 26 66 4 The Structure of the MIB Modules ............................. 30 67 4.1 The Management Target MIB Module ........................... 30 68 4.1.1 Tag Lists ................................................ 30 69 4.1.2 Definitions .............................................. 31 70 4.2 The Notification MIB Module ................................ 45 71 4.2.1 Definitions .............................................. 45 72 4.3 The Proxy MIB Module ....................................... 58 73 4.3.1 Definitions .............................................. 58 74 5 Identification of Management Targets in Notification Origi- 75 nators .................................................... 65 76 6 Notification Filtering ....................................... 66 77 7 Management Target Translation in Proxy Forwarder Applica- 78 tions ..................................................... 68 79 7.1 Management Target Translation for Request Forwarding ....... 68 80 7.2 Management Target Translation for Notification Forwarding 81 ........................................................... 69 82 8 Intellectual Property ........................................ 70 83 9 Acknowledgments .............................................. 70 84 10 Security Considerations ..................................... 71 85 11 References .................................................. 73 86 12 Editor's Address ............................................ 75 87 A. Trap Configuration Example .................................. 76 88 B. Full Copyright Statement .................................... 78 90 1. Overview 92 This document describes five types of SNMP applications: 94 - Applications which initiate SNMP Get, GetNext, GetBulk, and/or 95 Set requests, called 'command generators.' 97 - Applications which respond to SNMP Get, GetNext, GetBulk, 98 and/or Set requests, called 'command responders.' 100 - Applications which generate notifications, called 101 'notification originators.' 103 - Applications which receive notifications, called 'notification 104 receivers.' 106 - Applications which forward SNMP Get, GetNext, GetBulk, and/or 107 Set requests or notifications, called 'proxy forwarder.' 109 Note that there are no restrictions on which types of applications 110 may be associated with a particular SNMP engine. For example, a 111 single SNMP engine may, in fact, be associated with both command 112 generator and command responder applications. 114 1.1. Command Generator Applications 116 A command generator application initiates SNMP Get, GetNext, GetBulk, 117 and/or Set requests, as well as processing the response to a request 118 which it generated. 120 1.2. Command Responder Applications 122 A command responder application receives SNMP Get, GetNext, GetBulk, 123 and/or Set requests destined for the local system as indicated by the 124 fact that the contextEngineID in the received request is equal to 125 that of the local engine through which the request was received. The 126 command responder application will perform the appropriate protocol 127 operation, using access control, and will generate a response message 128 to be sent to the request's originator. 130 1.3. Notification Originator Applications 132 A notification originator application conceptually monitors a system 133 for particular events or conditions, and generates Trap and/or Inform 134 messages based on these events or conditions. A notification 135 originator must have a mechanism for determining where to send 136 messages, and what SNMP version and security parameters to use when 137 sending messages. A mechanism and MIB module for this purpose is 138 provided in this document. 140 1.4. Notification Receiver Applications 142 A notification receiver application listens for notification 143 messages, and generates response messages when a message containing 144 an Inform PDU is received. 146 1.5. Proxy Forwarder Applications 148 A proxy forwarder application forwards SNMP messages. Note that 149 implementation of a proxy forwarder application is optional. The 150 sections describing proxy (4.5, 5.3, and 8) may be skipped for 151 implementations that do not include a proxy forwarder application. 153 The term "proxy" has historically been used very loosely, with 154 multiple different meanings. These different meanings include (among 155 others): 157 (1) the forwarding of SNMP requests to other SNMP entities without 158 regard for what managed object types are being accessed; for 159 example, in order to forward an SNMP request from one transport 160 domain to another, or to translate SNMP requests of one version 161 into SNMP requests of another version; 163 (2) the translation of SNMP requests into operations of some non-SNMP 164 management protocol; and 166 (3) support for aggregated managed objects where the value of one 167 managed object instance depends upon the values of multiple other 168 (remote) items of management information. 170 Each of these scenarios can be advantageous; for example, support for 171 aggregation of management information can significantly reduce the 172 bandwidth requirements of large-scale management activities. 173 However, using a single term to cover multiple different scenarios 174 causes confusion. 176 To avoid such confusion, this document uses the term "proxy" with a 177 much more tightly defined meaning. The term "proxy" is used in this 178 document to refer to a proxy forwarder application which forwards 179 either SNMP requests, notifications, and responses without regard for 180 what managed objects are contained within requests or notifications. 181 This definition is most closely related to the first definition 182 above. Note, however, that in the SNMP architecture [SNMP-ARCH], a 183 proxy forwarder is actually an application, and need not be 184 associated with what is traditionally thought of as an SNMP agent. 186 Specifically, the distinction between a traditional SNMP agent and a 187 proxy forwarder application is simple: 189 - a proxy forwarder application forwards requests and/or 190 notifications to other SNMP engines according to the context, 191 and irrespective of the specific managed object types being 192 accessed, and forwards the response to such previously 193 forwarded messages back to the SNMP engine from which the 194 original message was received; 196 - in contrast, the command responder application that is part of 197 what is traditionally thought of as an SNMP agent, and which 198 processes SNMP requests according to the (names of the) 199 individual managed object types and instances being accessed, 200 is NOT a proxy forwarder application from the perspective of 201 this document. 203 Thus, when a proxy forwarder application forwards a request or 204 notification for a particular contextEngineID / contextName pair, not 205 only is the information on how to forward the request specifically 206 associated with that context, but the proxy forwarder application has 207 no need of a detailed definition of a MIB view (since the proxy 208 forwarder application forwards the request irrespective of the 209 managed object types). 211 In contrast, a command responder application must have the detailed 212 definition of the MIB view, and even if it needs to issue requests to 213 other entities, via SNMP or otherwise, that need is dependent on the 214 individual managed object instances being accessed (i.e., not only on 215 the context). 217 Note that it is a design goal of a proxy forwarder application to act 218 as an intermediary between the endpoints of a transaction. In 219 particular, when forwarding Inform requests, the associated response 220 is forwarded when it is received from the target to which the Inform 221 request was forwarded, rather than generating a response immediately 222 when an Inform request is received. 224 2. Management Targets 226 Some types of applications (notification generators and proxy 227 forwarders in particular) require a mechanism for determining where 228 and how to send generated messages. This document provides a 229 mechanism and MIB module for this purpose. The set of information 230 that describes where and how to send a message is called a 231 'Management Target', and consists of two kinds of information: 233 - Destination information, consisting of a transport domain and 234 a transport address. This is also termed a transport 235 endpoint. 237 - SNMP parameters, consisting of message processing model, 238 security model, security level, and security name information. 240 The SNMP-TARGET-MIB module described later in this document contains 241 one table for each of these types of information. There can be a 242 many-to-many relationship in the MIB between these two types of 243 information. That is, there may be multiple transport endpoints 244 associated with a particular set of SNMP parameters, or a particular 245 transport endpoint may be associated with several sets of SNMP 246 parameters. 248 3. Elements Of Procedure 250 The following sections describe the procedures followed by each type 251 of application when generating messages for transmission or when 252 processing received messages. Applications communicate with the 253 Dispatcher using the abstract service interfaces defined in [SNMP- 254 ARCH]. 256 3.1. Command Generator Applications 258 A command generator initiates an SNMP request by calling the 259 Dispatcher using the following abstract service interface: 261 statusInformation = -- sendPduHandle if success 262 -- errorIndication if failure 263 sendPdu( 264 IN transportDomain -- transport domain to be used 265 IN transportAddress -- destination network address 266 IN messageProcessingModel -- typically, SNMP version 267 IN securityModel -- Security Model to use 268 IN securityName -- on behalf of this principal 269 IN securityLevel -- Level of Security requested 270 IN contextEngineID -- data from/at this entity 271 IN contextName -- data from/in this context 272 IN pduVersion -- the version of the PDU 273 IN PDU -- SNMP Protocol Data Unit 274 IN expectResponse -- TRUE or FALSE 275 ) 277 Where: 279 - The transportDomain is that of the destination of the message. 281 - The transportAddress is that of the destination of the 282 message. 284 - The messageProcessingModel indicates which Message Processing 285 Model the application wishes to use. 287 - The securityModel is the security model that the application 288 wishes to use. 290 - The securityName is the security model independent name for 291 the principal on whose behalf the application wishes the 292 message is to be generated. 294 - The securityLevel is the security level that the application 295 wishes to use. 297 - The contextEngineID is provided by the command generator if it 298 wishes to explicitly specify the location of the management 299 information it is requesting. 301 - The contextName is provided by the command generator if it 302 wishes to explicitly specify the local context name for the 303 management information it is requesting. 305 - The pduVersion indicates the version of the PDU to be sent. 307 - The PDU is a value constructed by the command generator 308 containing the management operation that the command generator 309 wishes to perform. 311 - The expectResponse argument indicates that a response is 312 expected. 314 The result of the sendPdu interface indicates whether the PDU was 315 successfully sent. If it was successfully sent, the returned value 316 will be a sendPduHandle. The command generator should store the 317 sendPduHandle so that it can correlate a response to the original 318 request. 320 The Dispatcher is responsible for delivering the response to a 321 particular request to the correct command generator application. The 322 abstract service interface used is: 324 processResponsePdu( -- process Response PDU 325 IN messageProcessingModel -- typically, SNMP version 326 IN securityModel -- Security Model in use 327 IN securityName -- on behalf of this principal 328 IN securityLevel -- Level of Security 329 IN contextEngineID -- data from/at this SNMP entity 330 IN contextName -- data from/in this context 331 IN pduVersion -- the version of the PDU 332 IN PDU -- SNMP Protocol Data Unit 333 IN statusInformation -- success or errorIndication 334 IN sendPduHandle -- handle from sendPDU 335 ) 337 Where: 339 - The messageProcessingModel is the value from the received 340 response. 342 - The securityModel is the value from the received response. 344 - The securityName is the value from the received response. 346 - The securityLevel is the value from the received response. 348 - The contextEngineID is the value from the received response. 350 - The contextName is the value from the received response. 352 - The pduVersion indicates the version of the PDU in the 353 received response. 355 - The PDU is the value from the received response. 357 - The statusInformation indicates success or failure in 358 receiving the response. 360 - The sendPduHandle is the value returned by the sendPdu call 361 which generated the original request to which this is a 362 response. 364 The procedure when a command generator receives a message is as 365 follows: 367 (1) If the received values of messageProcessingModel, securityModel, 368 securityName, contextEngineID, contextName, and pduVersion are not 369 all equal to the values used in the original request, the response 370 is discarded. 372 (2) The operation type, request-id, error-status, error-index, and 373 variable-bindings are extracted from the PDU and saved. If the 374 request-id is not equal to the value used in the original request, 375 the response is discarded. 377 (3) At this point, it is up to the application to take an appropriate 378 action. The specific action is implementation dependent. If the 379 statusInformation indicates that the request failed, an appropriate 380 action might be to attempt to transmit the request again, or to 381 notify the person operating the application that a failure 382 occurred. 384 3.2. Command Responder Applications 386 Before a command responder application can process messages, it must 387 first associate itself with an SNMP engine. The abstract service 388 interface used for this purpose is: 390 statusInformation = -- success or errorIndication 391 registerContextEngineID( 392 IN contextEngineID -- take responsibility for this one 393 IN pduType -- the pduType(s) to be registered 394 ) 396 Where: 398 - The statusInformation indicates success or failure of the 399 registration attempt. 401 - The contextEngineID is equal to the snmpEngineID of the SNMP 402 engine with which the command responder is registering. 404 - The pduType indicates a Get, GetNext, GetBulk, or Set pdu. 406 Note that if another command responder application is already 407 registered with an SNMP engine, any further attempts to register with 408 the same contextEngineID and pduType will be denied. This implies 409 that separate command responder applications could register 410 separately for the various pdu types. However, in practice this is 411 undesirable, and only a single command responder application should 412 be registered with an SNMP engine at any given time. 414 A command responder application can disassociate with an SNMP engine 415 using the following abstract service interface: 417 unregisterContextEngineID( 418 IN contextEngineID -- give up responsibility for this one 419 IN pduType -- the pduType(s) to be unregistered 420 ) 422 Where: 424 - The contextEngineID is equal to the snmpEngineID of the SNMP 425 engine with which the command responder is cancelling the 426 registration. 428 - The pduType indicates a Get, GetNext, GetBulk, or Set pdu. 430 Once the command responder has registered with the SNMP engine, it 431 waits to receive SNMP messages. The abstract service interface used 432 for receiving messages is: 434 processPdu( -- process Request/Notification PDU 435 IN messageProcessingModel -- typically, SNMP version 436 IN securityModel -- Security Model in use 437 IN securityName -- on behalf of this principal 438 IN securityLevel -- Level of Security 439 IN contextEngineID -- data from/at this SNMP entity 440 IN contextName -- data from/in this context 441 IN pduVersion -- the version of the PDU 442 IN PDU -- SNMP Protocol Data Unit 443 IN maxSizeResponseScopedPDU -- maximum size of the Response PDU 444 IN stateReference -- reference to state information 445 ) -- needed when sending a response 447 Where: 449 - The messageProcessingModel indicates which Message Processing 450 Model received and processed the message. 452 - The securityModel is the value from the received message. 454 - The securityName is the value from the received message. 456 - The securityLevel is the value from the received message. 458 - The contextEngineID is the value from the received message. 460 - The contextName is the value from the received message. 462 - The pduVersion indicates the version of the PDU in the 463 received message. 465 - The PDU is the value from the received message. 467 - The maxSizeResponseScopedPDU is the maximum allowable size of 468 a ScopedPDU containing a Response PDU (based on the maximum 469 message size that the originator of the message can accept). 471 - The stateReference is a value which references cached 472 information about each received request message. This value 473 must be returned to the Dispatcher in order to generate a 474 response. 476 The procedure when a message is received is as follows. 478 (1) The operation type is determined from the ASN.1 tag value 479 associated with the PDU parameter. The operation type should 480 always be one of the types previously registered by the 481 application. 483 (2) The request-id is extracted from the PDU and saved. 485 (3) If the SNMPv2 operation type is GetBulk, the non-repeaters and 486 max-repetitions values are extracted from the PDU and saved. 488 (4) The variable-bindings are extracted from the PDU and saved. 490 (5) The management operation represented by the SNMPv2 operation type 491 is performed with respect to the relevant MIB view within the 492 context named by the contextName, according to the procedures set 493 forth in [RFC1905]. The relevant MIB view is determined by the 494 securityLevel, securityModel, contextName, securityName, and SNMPv2 495 operation type. To determine whether a particular object instance 496 is within the relevant MIB view, the following abstract service 497 interface is called: 499 statusInformation = -- success or errorIndication 500 isAccessAllowed( 501 IN securityModel -- Security Model in use 502 IN securityName -- principal who wants to access 503 IN securityLevel -- Level of Security 504 IN viewType -- read, write, or notify view 505 IN contextName -- context containing variableName 506 IN variableName -- OID for the managed object 507 ) 509 Where: 511 - The securityModel is the value from the received message. 513 - The securityName is the value from the received message. 515 - The securityLevel is the value from the received message. 517 - The viewType indicates whether the PDU type is a read or write 518 operation. 520 - The contextName is the value from the received message. 522 - The variableName is the object instance of the variable for 523 which access rights are to be checked. 525 Normally, the result of the management operation will be a new PDU 526 value, and processing will continue in step (6) below. However, at 527 any time during the processing of the management operation: 529 - If the isAccessAllowed ASI returns a noSuchView, 530 noAccessEntry, or noGroupName error, processing of the 531 management operation is halted, a PDU value is contructed 532 using the values from the originally received PDU, but 533 replacing the error_status with an authorizationError code, 534 and error_index value of 0, and control is passed to step (6) 535 below. 537 - If the isAccessAllowed ASI returns an otherError, processing 538 of the management operation is halted, a different PDU value 539 is contructed using the values from the originally received 540 PDU, but replacing the error_status with a genError code, and 541 control is passed to step (6) below. 543 - If the isAccessAllowed ASI returns a noSuchContext error, 544 processing of the management operation is halted, no result 545 PDU is generated, the snmpUnknownContexts counter is 546 incremented, and control is passed to step (6) below. 548 - If the context named by the contextName parameter is 549 unavailable, processing of the management operation is halted, 550 no result PDU is generated, the snmpUnavailableContexts 551 counter is incremented, and control is passed to step (6) 552 below. 554 (6) The Dispatcher is called to generate a response or report message. 555 The abstract service interface is: 557 returnResponsePdu( 558 IN messageProcessingModel -- typically, SNMP version 559 IN securityModel -- Security Model in use 560 IN securityName -- on behalf of this principal 561 IN securityLevel -- same as on incoming request 562 IN contextEngineID -- data from/at this SNMP entity 563 IN contextName -- data from/in this context 564 IN pduVersion -- the version of the PDU 565 IN PDU -- SNMP Protocol Data Unit 566 IN maxSizeResponseScopedPDU -- maximum size of the Response PDU 567 IN stateReference -- reference to state information 568 -- as presented with the request 569 IN statusInformation -- success or errorIndication 570 ) -- error counter OID/value if error 572 Where: 574 - The messageProcessingModel is the value from the processPdu 575 call. 577 - The securityModel is the value from the processPdu call. 579 - The securityName is the value from the processPdu call. 581 - The securityLevel is the value from the processPdu call. 583 - The contextEngineID is the value from the processPdu call. 585 - The contextName is the value from the processPdu call. 587 - The pduVersion indicates the version of the PDU to be 588 returned. If no result PDU was generated, the pduVersion is 589 an undefined value. 591 - The PDU is the result generated in step (5) above. If no 592 result PDU was generated, the PDU is an undefined value. 594 - The maxSizeResponseScopedPDU is a local value indicating the 595 maximum size of a ScopedPDU that the application can accept. 597 - The stateReference is the value from the processPdu call. 599 - The statusInformation either contains an indication that no 600 error occurred and that a response should be generated, or 601 contains an indication that an error occurred along with the 602 OID and counter value of the appropriate error counter object. 604 Note that a command responder application should always call the 605 returnResponsePdu abstract service interface, even in the event of an 606 error such as a resource allocation error. In the event of such an 607 error, the PDU value passed to returnResponsePdu should contain 608 appropriate values for errorStatus and errorIndex. 610 3.3. Notification Originator Applications 612 A notification originator application generates SNMP notification 613 messages. A notification message may, for example, contain an 614 SNMPv2-Trap PDU or an Inform PDU. However, a particular 615 implementation is not required to be capable of generating both types 616 of messages. 618 Notification originator applications require a mechanism for 619 identifying the management targets to which notifications should be 620 sent. The particular mechanism used is implementation dependent. 621 However, if an implementation makes the configuration of management 622 targets SNMP manageable, it MUST use the SNMP-TARGET-MIB module 623 described in this document. 625 When a notification originator wishes to generate a notification, it 626 must first determine in which context the information to be conveyed 627 in the notification exists, i.e., it must determine the 628 contextEngineID and contextName. It must then determine the set of 629 management targets to which the notification should be sent. The 630 application must also determine, for each management target, whether 631 the notification message should contain an SNMPv2-Trap PDU or Inform 632 PDU, and if it is to contain an Inform PDU, the number of retries and 633 retransmission algorithm. 635 The mechanism by which a notification originator determines this 636 information is implementation dependent. Once the application has 637 determined this information, the following procedure is performed for 638 each management target: 640 (1) Any appropriate filtering mechanisms are applied to determine 641 whether the notification should be sent to the management target. 642 If such filtering mechanisms determine that the notification should 643 not be sent, processing continues with the next management target. 644 Otherwise, 646 (2) The appropriate set of variable-bindings is retrieved from local 647 MIB instrumentation within the relevant MIB view. The relevant MIB 648 view is determined by the securityLevel, securityModel, 649 contextName, and securityName of the management target. To 650 determine whether a particular object instance is within the 651 relevant MIB view, the isAccessAllowed abstract service interface 652 is used, in the same manner as described in the preceding section. 653 If the statusInformation returned by isAccessAllowed does not 654 indicate accessAllowed, the notification is not sent to the 655 management target. 657 (3) A PDU is constructed using a locally unique request-id value, an 658 operation type of SNMPv2-Trap or Inform, an error-status and 659 error-index value of 0, and the variable-bindings supplied 660 previously in step (2). 662 (4) If the notification contains an SNMPv2-Trap PDU, the Dispatcher is 663 called using the following abstract service interface: 665 statusInformation = -- sendPduHandle if success 666 -- errorIndication if failure 667 sendPdu( 668 IN transportDomain -- transport domain to be used 669 IN transportAddress -- destination network address 670 IN messageProcessingModel -- typically, SNMP version 671 IN securityModel -- Security Model to use 672 IN securityName -- on behalf of this principal 673 IN securityLevel -- Level of Security requested 674 IN contextEngineID -- data from/at this entity 675 IN contextName -- data from/in this context 676 IN pduVersion -- the version of the PDU 677 IN PDU -- SNMP Protocol Data Unit 678 IN expectResponse -- TRUE or FALSE 679 ) 681 Where: 683 - The transportDomain is that of the management target. 685 - The transportAddress is that of the management target. 687 - The messageProcessingModel is that of the management target. 689 - The securityModel is that of the management target. 691 - The securityName is that of the management target. 693 - The securityLevel is that of the management target. 695 - The contextEngineID is the value originally determined for the 696 notification. 698 - The contextName is the value originally determined for the 699 notification. 701 - The pduVersion is the version of the PDU to be sent. 703 - The PDU is the value constructed in step (3) above. 705 - The expectResponse argument indicates that no response is 706 expected. 708 Otherwise, 710 (5) If the notification contains an Inform PDU, then: 712 a) The Dispatcher is called using the sendPdu abstract service 713 interface as described in step (4) above, except that the 714 expectResponse argument indicates that a response is expected. 716 b) The application caches information about the management 717 target. 719 c) If a response is received within an appropriate time interval 720 from the transport endpoint of the management target, the 721 notification is considered acknowledged and the cached 722 information is deleted. Otherwise, 724 d) If a response is not received within an appropriate time 725 period, or if a report indication is received, information 726 about the management target is retrieved from the cache, and 727 steps a) through d) are repeated. The number of times these 728 steps are repeated is equal to the previously determined retry 729 count. If this retry count is exceeded, the acknowledgement 730 of the notification is considered to have failed, and 731 processing of the notification for this management target is 732 halted. 734 Responses to Inform PDU notifications will be received via the 735 processResponsePDU abstract service interface. 737 3.4. Notification Receiver Applications 739 Notification receiver applications receive SNMP Notification messages 740 from the Dispatcher. Before any messages can be received, the 741 notification receiver must register with the Dispatcher using the 742 registerContextEngineID abstract service interface. The parameters 743 used are: 745 - The contextEngineID is an undefined 'wildcard' value. 746 Notifications are delivered to a registered notification 747 receiver regardless of the contextEngineID contained in the 748 notification message. 750 - The pduType indicates the type of notifications that the 751 application wishes to receive (for example, SNMPv2-Trap PDUs 752 or Inform PDUs). 754 Once the notification receiver has registered with the Dispatcher, 755 messages are received using the processPdu abstract service 756 interface. Parameters are: 758 - The messageProcessingModel indicates which Message Processing 759 Model received and processed the message. 761 - The securityModel is the value from the received message. 763 - The securityName is the value from the received message. 765 - The securityLevel is the value from the received message. 767 - The contextEngineID is the value from the received message. 769 - The contextName is the value from the received message. 771 - The pduVersion indicates the version of the PDU in the 772 received message. 774 - The PDU is the value from the received message. 776 - The maxSizeResponseScopedPDU is the maximum allowable size of 777 a ScopedPDU containing a Response PDU (based on the maximum 778 message size that the originator of the message can accept). 780 - If the message contains an SNMPv2-Trap PDU, the stateReference 781 is undefined and unused. Otherwise, the stateReference is a 782 value which references cached information about the 783 notification. This value must be returned to the Dispatcher 784 in order to generate a response. 786 When an SNMPv2-Trap PDU is delivered to a notification receiver 787 application, it first extracts the SNMP operation type, request-id, 788 error-status, error-index, and variable-bindings from the PDU. After 789 this, processing depends on the particular implementation. 791 When an Inform PDU is received, the notification receiver application 792 follows the following procedure: 794 (1) The SNMPv2 operation type, request-id, error-status, error-index, 795 and variable-bindings are extracted from the PDU. 797 (2) A Response PDU is constructed using the extracted request-id and 798 variable-bindings, and with error-status and error-index both set 799 to 0. 801 (3) The Dispatcher is called to generate a response message using the 802 returnResponsePdu abstract service interface. Parameters are: 804 - The messageProcessingModel is the value from the processPdu 805 call. 807 - The securityModel is the value from the processPdu call. 809 - The securityName is the value from the processPdu call. 811 - The securityLevel is the value from the processPdu call. 813 - The contextEngineID is the value from the processPdu call. 815 - The contextName is the value from the processPdu call. 817 - The pduVersion indicates the version of the PDU to be 818 returned. 820 - The PDU is the result generated in step (2) above. 822 - The maxSizeResponseScopedPDU is a local value indicating the 823 maximum size of a ScopedPDU that the application can accept. 825 - The stateReference is the value from the processPdu call. 827 - The statusInformation indicates that no error occurred and 828 that a response should be generated. 830 3.5. Proxy Forwarder Applications 832 A proxy forwarder application deals with forwarding SNMP messages. 833 There are four basic types of messages which a proxy forwarder 834 application may need to forward. These are grouped according to the 835 PDU type contained in a message, or according to whether a report 836 indication is contained in the message. The four basic types of 837 messages are: 839 - Those containing PDU types which were generated by a command 840 generator application (for example, Get, GetNext, GetBulk, and 841 Set PDU types). These deal with requesting or modifying 842 information located within a particular context. 844 - Those containing PDU types which were generated by a 845 notification originator application (for example, SNMPv2-Trap 846 and Inform PDU types). These deal with notifications 847 concerning information located within a particular context. 849 - Those containing a Response PDU type. Forwarding of Response 850 PDUs always occurs as a result of receiving a response to a 851 previously forwarded message. 853 - Those containing a report indication. Forwarding of report 854 indications always occurs as a result of receiving a report 855 indication for a previously forwarded message. 857 For the first type, the proxy forwarder's role is to deliver a 858 request for management information to an SNMP engine which is 859 "closer" or "downstream in the path" to the SNMP engine which has 860 access to that information, and to deliver the response containing 861 the information back to the SNMP engine from which the request was 862 received. The context information in a request is used to determine 863 which SNMP engine has access to the requested information, and this 864 is used to determine where and how to forward the request. 866 For the second type, the proxy forwarder's role is to determine which 867 SNMP engines should receive notifications about management 868 information from a particular location. The context information in a 869 notification message determines the location to which the information 870 contained in the notification applies. This is used to determine 871 which SNMP engines should receive notification about this 872 information. 874 For the third type, the proxy forwarder's role is to determine which 875 previously forwarded request or notification (if any) the response 876 matches, and to forward the response back to the initiator of the 877 request or notification. 879 For the fourth type, the proxy forwarder's role is to determine which 880 previously forwarded request or notification (if any) the report 881 indication matches, and to forward the report indication back to the 882 initiator of the request or notification. 884 When forwarding messages, a proxy forwarder application must perform 885 a translation of incoming management target information into outgoing 886 management target information. How this translation is performed is 887 implementation specific. In many cases, this will be driven by a 888 preconfigured translation table. If a proxy forwarder application 889 makes the contents of this table SNMP manageable, it MUST use the 890 SNMP-PROXY-MIB module defined in this document. 892 3.5.1. Request Forwarding 894 There are two phases for request forwarding. First, the incoming 895 request needs to be passed through the proxy application. Then, the 896 resulting response needs to be passed back. These phases are 897 described in the following two sections. 899 3.5.1.1. Processing an Incoming Request 901 A proxy forwarder application that wishes to forward request messages 902 must first register with the Dispatcher using the 903 registerContextEngineID abstract service interface. The proxy 904 forwarder must register each contextEngineID for which it wishes to 905 forward messages, as well as for each pduType. Note that as the 906 configuration of a proxy forwarder is changed, the particular 907 contextEngineID values for which it is forwarding may change. The 908 proxy forwarder should call the registerContextEngineID and 909 unregisterContextEngineID abstract service interfaces as needed to 910 reflect its current configuration. 912 A proxy forwarder application should never attempt to register a 913 value of contextEngineID which is equal to the snmpEngineID of the 914 SNMP engine to which the proxy forwarder is associated. 916 Once the proxy forwarder has registered for the appropriate 917 contextEngineId values, it can start processing messages. The 918 following procedure is used: 920 (1) A message is received using the processPdu abstract service 921 interface. The incoming management target information received 922 from the processPdu interface is translated into outgoing 923 management target information. Note that this translation may vary 924 for different values of contextEngineID and/or contextName. The 925 translation should result in a single management target. 927 (2) If appropriate outgoing management target information cannot be 928 found, the proxy forwarder increments the snmpProxyDrops counter 929 [RFC1907], and then calls the Dispatcher using the 930 returnResponsePdu abstract service interface. Parameters are: 932 - The messageProcessingModel is the value from the processPdu 933 call. 935 - The securityModel is the value from the processPdu call. 937 - The securityName is the value from the processPdu call. 939 - The securityLevel is the value from the processPdu call. 941 - The contextEngineID is the value from the processPdu call. 943 - The contextName is the value from the processPdu call. 945 - The pduVersion is the value from the processPdu call. 947 - The PDU is an undefined value. 949 - The maxSizeResponseScopedPDU is a local value indicating the 950 maximum size of a ScopedPDU that the application can accept. 952 - The stateReference is the value from the processPdu call. 954 - The statusInformation indicates that an error occurred and 955 includes the OID and value of the snmpProxyDrops object. 957 Processing of the message stops at this point. Otherwise, 959 (3) A new PDU is constructed. A unique value of request-id should be 960 used in the new PDU (this value will enable a subsequent response 961 message to be correlated with this request). The remainder of the 962 new PDU is identical to the received PDU, unless the incoming SNMP 963 version is SNMPv2 or SNMPv3 and the outgoing SNMP version is 964 SNMPv1, in which case the proxy forwarder must apply the 965 translation rules as documented in [RFC1908]. 967 (4) The proxy forwarder calls the Dispatcher to generate the forwarded 968 message, using the sendPdu abstract service interface. The 969 parameters are: 971 - The transportDomain is that of the outgoing management target. 973 - The transportAddress is that of the outgoing management 974 target. 976 - The messageProcessingModel is that of the outgoing management 977 target. 979 - The securityModel is that of the outgoing management target. 981 - The securityName is that of the outgoing management target. 983 - The securityLevel is that of the outgoing management target. 985 - The contextEngineID is the value originally received. 987 - The contextName is the value originally received. 989 - The pduVersion is the version of the PDU to be sent. 991 - The PDU is the value constructed in step (3) above. 993 - The expectResponse argument indicates that a response is 994 expected. If the sendPdu call is unsuccessful, the proxy 995 forwarder performs the steps described in (2) above. 996 Otherwise: 998 (5) The proxy forwarder caches the following information in order to 999 match an incoming response to the forwarded request: 1001 - The sendPduHandle returned from the call to sendPdu, 1003 - The request-id from the received PDU. 1005 - the contextEngineID, 1007 - the contextName, 1009 - the stateReference, 1011 - the incoming management target information, 1013 - the outgoing management information, 1014 - any other information needed to match an incoming response to 1015 the forwarded request. 1017 If this information cannot be cached (possibly due to a lack of 1018 resources), the proxy forwarder performs the steps described in (2) 1019 above. Otherwise: 1021 (6) Processing of the request stops until a response to the forwarded 1022 request is received, or until an appropriate time interval has 1023 expired. If this time interval expires before a response has been 1024 received, the cached information about this request is removed. 1026 3.5.1.2. Processing an Incoming Response 1028 A proxy forwarder follows the following procedure when an incoming 1029 response is received: 1031 (1) The incoming response is received using the processResponsePdu 1032 interface. The proxy forwarder uses the received parameters to 1033 locate an entry in its cache of pending forwarded requests. This 1034 is done by matching the received parameters with the cached values 1035 of sendPduHandle, contextEngineID, contextName, outgoing management 1036 target information, and the request-id contained in the received 1037 PDU (the proxy forwarder must extract the request-id for this 1038 purpose). If an appropriate cache entry cannot be found, 1039 processing of the response is halted. Otherwise: 1041 (2) The cache information is extracted, and removed from the cache. 1043 (3) A new Response PDU is constructed, using the request-id value from 1044 the original forwarded request (as extracted from the cache). All 1045 other values are identical to those in the received Response PDU. 1047 (4) If the incoming SNMP version is SNMPv1 and the outgoing SNMP 1048 version is SNMPv2 or SNMPv3, the proxy forwarder must apply the 1049 translation rules documented in [RFC1908]. 1051 (5) The proxy forwarder calls the Dispatcher using the 1052 returnResponsePdu abstract service interface. Parameters are: 1054 - The messageProcessingModel indicates the Message Processing 1055 Model by which the original incoming message was processed. 1057 - The securityModel is that of the original incoming management 1058 target extracted from the cache. 1060 - The securityName is that of the original incoming management 1061 target extracted from the cache. 1063 - The securityLevel is that of the original incoming management 1064 target extracted from the cache. 1066 - The contextEngineID is the value extracted from the cache. 1068 - The contextName is the value extracted from the cache. 1070 - The pduVersion indicates the version of the PDU to be 1071 returned. 1073 - The PDU is the (possibly translated) Response PDU. 1075 - The maxSizeResponseScopedPDU is a local value indicating the 1076 maximum size of a ScopedPDU that the application can accept. 1078 - The stateReference is the value extracted from the cache. 1080 - The statusInformation indicates that no error occurred and 1081 that a Response PDU message should be generated. 1083 3.5.1.3. Processing an Incoming Report Indication 1085 A proxy forwarder follows the following procedure when an incoming 1086 report indication is received: 1088 (1) The incoming report indication is received using the 1089 processResponsePdu interface. The proxy forwarder uses the 1090 received parameters to locate an entry in its cache of pending 1091 forwarded requests. This is done by matching the received 1092 parameters with the cached values of sendPduHandle. If an 1093 appropriate cache entry cannot be found, processing of the report 1094 indication is halted. Otherwise: 1096 (2) The cache information is extracted, and removed from the cache. 1098 (3) If the original incoming management target information indicates 1099 SNMPv1, processing of the report indication is halted. 1101 (4) The proxy forwarder calls the Dispatcher using the 1102 returnResponsePdu abstract service interface. Parameters are: 1104 - The messageProcessingModel indicates the Message Processing 1105 Model by which the original incoming message was processed. 1107 - The securityModel is that of the original incoming management 1108 target extracted from the cache. 1110 - The securityName is that of the original incoming management 1111 target extracted from the cache. 1113 - The securityLevel is that of the original incoming management 1114 target extracted from the cache. 1116 - The contextEngineID is the value extracted from the cache. 1118 - The contextName is the value extracted from the cache. 1120 - The pduVersion indicates the version of the PDU to be 1121 returned. 1123 - The PDU is unused. 1125 - The maxSizeResponseScopedPDU is a local value indicating the 1126 maximum size of a ScopedPDU that the application can accept. 1128 - The stateReference is the value extracted from the cache. 1130 - The statusInformation contain the contextEngineID, 1131 contextName, counter OID, and counter value received in the 1132 report indication. 1134 3.5.2. Notification Forwarding 1136 A proxy forwarder receives notifications in the same manner as a 1137 notification receiver application, using the processPdu abstract 1138 service interface. The following procedure is used when a 1139 notification is received: 1141 (1) The incoming management target information received from the 1142 processPdu interface is translated into outgoing management target 1143 information. Note that this translation may vary for different 1144 values of contextEngineId and/or contextName. The translation may 1145 result in multiple management targets. 1147 (2) If appropriate outgoing management target information cannot be 1148 found and the notification was a Trap, processing of the 1149 notification is halted. If appropriate outgoing management target 1150 information cannot be found and the notification was an Inform, the 1151 proxy forwarder increments the snmpProxyDrops object, and calls the 1152 Dispatcher using the returnResponsePdu abstract service interface. 1154 The parameters are: 1156 - The messageProcessingModel is the received value. 1158 - The securityModel is the received value. 1160 - The securityName is the received value. 1162 - The securityLevel is the received value. 1164 - The contextEngineID is the received value. 1166 - The contextName is the received value. 1168 - The pduVersion is the received value. 1170 - The PDU is an undefined and unused value. 1172 - The maxSizeResponseScopedPDU is a local value indicating the 1173 maximum size of a ScopedPDU that the application can accept. 1175 - The stateReference is the received value. 1177 - The statusInformation indicates that an error occurred and 1178 that a Report message should be generated. 1180 Processing of the message stops at this point. Otherwise, 1182 (3) The proxy forwarder generates a notification using the procedures 1183 described in the preceding section on Notification Originators, 1184 with the following exceptions: 1186 - The contextEngineID and contextName values from the original 1187 received notification are used. 1189 - The outgoing management targets previously determined are 1190 used. 1192 - No filtering mechanisms are applied. 1194 - The variable-bindings from the original received notification 1195 are used, rather than retrieving variable-bindings from local 1196 MIB instrumentation. In particular, no access-control is 1197 applied to these variable-bindings. 1199 - If for any of the outgoing management targets, the incoming 1200 SNMP version is SNMPv1 and the outgoing SNMP version is SNMPv2 1201 or SNMPv3, the proxy forwarder must apply the translation 1202 rules as documented in [RFC1908]. 1204 - If for any of the outgoing management targets, the incoming 1205 SNMP version is SNMPv2 or SNMPv3, and the outgoing SNMP 1206 version is SNMPv1, this outgoing management target is not used 1207 when generating the forwarded notifications. 1209 (4) If the original received notification contains an SNMPv2-Trap PDU, 1210 processing of the notification is now completed. Otherwise, the 1211 original received notification must contain an Inform PDU, and 1212 processing continues. 1214 (5) If the forwarded notifications included any Inform PDUs, processing 1215 continues when the procedures described in the section for 1216 Notification Originators determine that either: 1218 - None of the generated notifications containing Inform PDUs 1219 have been successfully acknowledged within the longest of the 1220 time intervals, in which case processing of the original 1221 notification is halted, or, 1223 - At least one of the generated notifications containing Inform 1224 PDUs is successfully acknowledged, in which case a response to 1225 the original received notification containing an Inform PDU is 1226 generated as described in the following steps. 1228 (6) A Response PDU is constructed, using the values of request-id and 1229 variable-bindings from the original received Inform PDU, and 1230 error-status and error-index values of 0. 1232 (7) The Dispatcher is called using the returnResponsePdu abstract 1233 service interface. Parameters are: 1235 - The messageProcessingModel is the originally received value. 1237 - The securityModel is the originally received value. 1239 - The securityName is the originally received value. 1241 - The securityLevel is the originally received value. 1243 - The contextEngineID is the originally received value. 1245 - The contextName is the originally received value. 1247 - The pduVersion indicates the version of the PDU constructed in 1248 step (6) above. 1250 - The PDU is the value constructed in step (6) above. 1252 - The maxSizeResponseScopedPDU is a local value indicating the 1253 maximum size of a ScopedPDU that the application can accept. 1255 - The stateReference is the originally received value. 1257 - The statusInformation indicates that no error occurred and 1258 that a Response PDU message should be generated. 1260 4. The Structure of the MIB Modules 1262 There are three separate MIB modules described in this document, the 1263 management target MIB, the notification MIB, and the proxy MIB. The 1264 following sections describe the structure of these three MIB modules. 1266 The use of these MIBs by particular types of applications is 1267 described later in this document: 1269 - The use of the management target MIB and the notification MIB 1270 in notification originator applications is described in 1271 section 6. 1273 - The use of the notification MIB for filtering notifications in 1274 notification originator applications is described in section 1275 7. 1277 - The use of the management target MIB and the proxy MIB in 1278 proxy forwarding applications is described in section 8. 1280 4.1. The Management Target MIB Module 1282 The SNMP-TARGET-MIB module contains objects for defining management 1283 targets. It consists of two tables and conformance/compliance 1284 statements. 1286 The first table, the snmpTargetAddrTable, contains information about 1287 transport domains and addresses. It also contains an object, 1288 snmpTargetAddrTagList, which provides a mechanism for grouping 1289 entries. 1291 The second table, the snmpTargetParamsTable, contains information 1292 about SNMP version and security information to be used when sending 1293 messages to particular transport domains and addresses. 1295 4.1.1. Tag Lists 1297 The snmpTargetAddrTagList object is used for grouping entries in the 1298 snmpTargetAddrTable. The value of this object contains a list of tag 1299 values which are used to select target addresses to be used for a 1300 particular operation. 1302 A tag value, which may also be used in MIB objects other than 1303 snmpTargetAddrTagList, is an arbitrary string of octets, but may not 1304 contain a delimiter character. Delimiter characters are defined to 1305 be one of the following characters: 1307 - An ASCII space character (0x20). 1309 - An ASCII TAB character (0x09). 1311 - An ASCII carriage return (CR) character (0x0D). 1313 - An ASCII line feed (LF) character (0x0B). 1315 In addition, a tag value may not have a zero length. Generally, a 1316 particular MIB object may contain either 1318 - a single tag value, in which case the value of the MIB object 1319 may not contain a delimiter character, or: 1321 - a MIB object may contain a list of tag values, separated by 1322 single delimiter characters. 1324 For a list of tag values, these constraints imply certain 1325 restrictions on the value of a MIB object: 1327 - There cannot be a leading or trailing delimiter character. 1329 - There cannot be multiple adjacent delimiter charaters. 1331 4.1.2. Definitions 1333 SNMP-TARGET-MIB DEFINITIONS ::= BEGIN 1335 IMPORTS 1336 TEXTUAL-CONVENTION, 1337 MODULE-IDENTITY, 1338 OBJECT-TYPE, 1339 snmpModules, 1340 Integer32 1341 FROM SNMPv2-SMI 1343 TDomain, 1344 TAddress, 1345 TimeInterval, 1346 RowStatus, 1347 StorageType, 1348 TestAndIncr 1349 FROM SNMPv2-TC 1351 SnmpSecurityModel, 1352 SnmpMessageProcessingModel, 1353 SnmpSecurityLevel, 1354 SnmpAdminString 1355 FROM SNMP-FRAMEWORK-MIB 1357 OBJECT-GROUP 1358 FROM SNMPv2-CONF; 1360 snmpTargetMIB MODULE-IDENTITY 1361 LAST-UPDATED "9707140000Z" 1362 ORGANIZATION "IETF SNMPv3 Working Group" 1363 CONTACT-INFO 1364 "WG-email: snmpv3@tis.com 1365 Subscribe: majordomo@tis.com 1366 In message body: subscribe snmpv3 1368 Chair: Russ Mundy 1369 Trusted Information Systems 1370 Postal: 3060 Washington Rd 1371 Glenwood MD 21738 1372 USA 1373 Email: mundy@tis.com 1374 Phone: +1-301-854-6889 1376 Co-editor: David B. Levi 1377 SNMP Research, Inc. 1378 Postal: 3001 Kimberlin Heights Road 1379 Knoxville, TN 37920-9716 1380 E-mail: levi@snmp.com 1381 Phone: +1 423 573 1434 1383 Co-editor: Paul Meyer 1384 Secure Computing Corporation 1385 Postal: 2675 Long Lake Road 1386 Roseville, MN 55113 1387 E-mail: paul_meyer@securecomputing.com 1388 Phone: +1 612 628 1592 1390 Co-editor: Bob Stewart 1391 Cisco Systems, Inc. 1392 Postal: 170 West Tasman Drive 1393 San Jose, CA 95134-1706 1394 E-mail: bstewart@cisco.com 1395 Phone: +1 603 654 6923" 1396 DESCRIPTION 1397 "This MIB module defines MIB objects which provide 1398 mechanisms to remotely configure the parameters used 1399 by an SNMP entity for the generation of SNMP messages." 1400 REVISION "9707140000Z" 1401 DESCRIPTION 1402 "The initial revision." 1403 ::= { snmpModules 11 } -- TBD 1405 snmpTargetObjects OBJECT IDENTIFIER ::= { snmpTargetMIB 1 } 1406 snmpTargetConformance OBJECT IDENTIFIER ::= { snmpTargetMIB 3 } 1408 SnmpTagValue ::= TEXTUAL-CONVENTION 1409 DISPLAY-HINT "255a" 1410 STATUS current 1411 DESCRIPTION 1412 "An octet string containing a tag value. 1413 Tag values are preferably in human-readable form. 1415 To facilitate internationalization, this information 1416 is represented using the ISO/IEC IS 10646-1 character 1417 set, encoded as an octet string using the UTF-8 1418 character encoding scheme described in RFC 2044. 1420 Since additional code points are added by amendments 1421 to the 10646 standard from time to time, 1422 implementations must be prepared to encounter any code 1423 point from 0x00000000 to 0x7fffffff. 1425 The use of control codes should be avoided, and certain 1426 control codes are not allowed as described below. 1428 For code points not directly supported by user 1429 interface hardware or software, an alternative means 1430 of entry and display, such as hexadecimal, may be 1431 provided. 1433 For information encoded in 7-bit US-ASCII, the UTF-8 1434 representation is identical to the US-ASCII encoding. 1436 Note that when this TC is used for an object that 1437 is used or envisioned to be used as an index, then a 1438 SIZE restriction must be specified so that the number 1439 sub-identifiers for any object instance do not exceed 1440 the limit of 128, as defined by [RFC1905]. 1442 An object of this type contains a single tag value 1443 which is used to select a set of entries in a table. 1445 A tag value is an arbitrary string of octets, but 1446 may not contain a delimiter character. Delimiter 1447 characters are defined to be one of the following: 1449 - An ASCII space character (0x20). 1451 - An ASCII TAB character (0x09). 1453 - An ASCII carriage return (CR) character (0x0D). 1455 - An ASCII line feed (LF) character (0x0B). 1457 Delimiter characters are used to separate tag values 1458 in a tag list. An object of this type may only 1459 contain a single tag value, and so delimiter 1460 characters are not allowed in a value of this type. 1462 Some examples of valid tag values are: 1464 - 'acme' 1466 - 'router' 1468 - 'host' 1470 The use of a tag value to select table entries is 1471 application and MIB specific." 1472 SYNTAX OCTET STRING (SIZE (0..255)) 1474 SnmpTagList ::= TEXTUAL-CONVENTION 1475 DISPLAY-HINT "255a" 1476 STATUS current 1477 DESCRIPTION 1478 "An octet string containing a list of tag values. 1479 Tag values are preferably in human-readable form. 1481 To facilitate internationalization, this information 1482 is represented using the ISO/IEC IS 10646-1 character 1483 set, encoded as an octet string using the UTF-8 1484 character encoding scheme described in RFC 2044. 1486 Since additional code points are added by amendments 1487 to the 10646 standard from time to time, 1488 implementations must be prepared to encounter any code 1489 point from 0x00000000 to 0x7fffffff. 1491 The use of control codes should be avoided, except as 1492 described below. 1494 For code points not directly supported by user 1495 interface hardware or software, an alternative means 1496 of entry and display, such as hexadecimal, may be 1497 provided. 1499 For information encoded in 7-bit US-ASCII, the UTF-8 1500 representation is identical to the US-ASCII encoding. 1502 An object of this type contains a list of tag values 1503 which are used to select a set of entries in a table. 1505 A tag value is an arbitrary string of octets, but 1506 may not contain a delimiter character. Delimiter 1507 characters are defined to be one of the following: 1509 - An ASCII space character (0x20). 1511 - An ASCII TAB character (0x09). 1513 - An ASCII carriage return (CR) character (0x0D). 1515 - An ASCII line feed (LF) character (0x0B). 1517 Delimiter characters are used to separate tag values 1518 in a tag list. Only a single delimiter character may 1519 occur between two tag values. A tag value may not 1520 have a zero length. These constraints imply certain 1521 restrictions on the contents of this object: 1523 - There cannot be a leading or trailing delimiter 1524 character. 1526 - There cannot be multiple adjacent delimiter 1527 characters. 1529 Some examples of valid tag lists are: 1531 - An empty string 1533 - 'acme router' 1535 - 'host managerStation' 1537 Note that although a tag value may not have a length of 1538 zero, an empty string is still valid. This indicates 1539 an empty list (i.e. there are no tag values in the list). 1541 The use of the tag list to select table entries is 1542 application and MIB specific. Typically, an application 1543 will provide one or more tag values, and any entry 1544 which contains some combination of these tag values 1545 will be selected." 1546 SYNTAX OCTET STRING (SIZE (0..255)) 1548 -- 1549 -- 1550 -- The snmpTargetObjects group 1551 -- 1552 -- 1554 snmpTargetSpinLock OBJECT-TYPE 1555 SYNTAX TestAndIncr 1556 MAX-ACCESS read-write 1557 STATUS current 1558 DESCRIPTION 1559 "This object is used to facilitate modification of table 1560 entries in the SNMP-TARGET-MIB module by multiple 1561 managers. In particular, it is useful when modifying 1562 the value of the snmpTargetAddrTagList object. 1564 The procedure for modifying the snmpTargetAddrTagList 1565 object is as follows: 1567 1. Retrieve the value of snmpTargetSpinLock and 1568 of snmpTargetAddrTagList. 1570 2. Generate a new value for snmpTargetAddrTagList. 1572 3. Set the value of snmpTargetSpinLock to the 1573 retrieved value, and the value of 1574 snmpTargetAddrTagList to the new value. If 1575 the set fails for the snmpTargetSpinLock 1576 object, go back to step 1." 1577 ::= { snmpTargetObjects 1 } 1579 snmpTargetAddrTable OBJECT-TYPE 1580 SYNTAX SEQUENCE OF SnmpTargetAddrEntry 1581 MAX-ACCESS not-accessible 1582 STATUS current 1583 DESCRIPTION 1584 "A table of transport addresses to be used in the generation 1585 of SNMP messages." 1587 ::= { snmpTargetObjects 2 } 1589 snmpTargetAddrEntry OBJECT-TYPE 1590 SYNTAX SnmpTargetAddrEntry 1591 MAX-ACCESS not-accessible 1592 STATUS current 1593 DESCRIPTION 1594 "A transport address to be used in the generation 1595 of SNMP operations. 1597 Entries in the snmpTargetAddrTable are created and 1598 deleted using the snmpTargetAddrRowStatus object." 1599 INDEX { IMPLIED snmpTargetAddrName } 1600 ::= { snmpTargetAddrTable 1 } 1602 SnmpTargetAddrEntry ::= SEQUENCE { 1603 snmpTargetAddrName SnmpAdminString, 1604 snmpTargetAddrTDomain TDomain, 1605 snmpTargetAddrTAddress TAddress, 1606 snmpTargetAddrTimeout TimeInterval, 1607 snmpTargetAddrRetryCount Integer32, 1608 snmpTargetAddrTagList SnmpTagList, 1609 snmpTargetAddrParams SnmpAdminString, 1610 snmpTargetAddrStorageType StorageType, 1611 snmpTargetAddrRowStatus RowStatus 1612 } 1614 snmpTargetAddrName OBJECT-TYPE 1615 SYNTAX SnmpAdminString (SIZE(1..32)) 1616 MAX-ACCESS not-accessible 1617 STATUS current 1618 DESCRIPTION 1619 "The locally arbitrary, but unique identifier associated 1620 with this snmpTargetAddrEntry." 1621 ::= { snmpTargetAddrEntry 1 } 1623 snmpTargetAddrTDomain OBJECT-TYPE 1624 SYNTAX TDomain 1625 MAX-ACCESS read-create 1626 STATUS current 1627 DESCRIPTION 1628 "This object indicates the transport type of the address 1629 contained in the snmpTargetAddrTAddress object." 1630 ::= { snmpTargetAddrEntry 2 } 1632 snmpTargetAddrTAddress OBJECT-TYPE 1633 SYNTAX TAddress 1634 MAX-ACCESS read-create 1635 STATUS current 1636 DESCRIPTION 1637 "This object contains a transport address. The format of 1638 this address depends on the value of the 1639 snmpTargetAddrTDomain object." 1640 ::= { snmpTargetAddrEntry 3 } 1642 snmpTargetAddrTimeout OBJECT-TYPE 1643 SYNTAX TimeInterval 1644 MAX-ACCESS read-create 1645 STATUS current 1646 DESCRIPTION 1647 "This object should reflect the expected maximum round 1648 trip time for communicating with the transport address 1649 defined by this row. When a message is sent to this 1650 address, and a response (if one is expected) is not 1651 received within this time period, an implementation 1652 may assume that the response will not be delivered. 1654 Note that the time interval that an application waits 1655 for a response may actually be derived from the value 1656 of this object. The method for deriving the actual time 1657 interval is implementation dependent. One such method 1658 is to derive the expected round trip time based on a 1659 particular retransmission algorithm and on the number 1660 of timeouts which have occurred. The type of message may 1661 also be considered when deriving expected round trip 1662 times for retransmissions. For example, if a message is 1663 being sent with a securityLevel that indicates both 1664 authentication and privacy, the derived value may be 1665 increased to compensate for extra processing time spent 1666 during authentication and encryption processing." 1667 DEFVAL { 1500 } 1668 ::= { snmpTargetAddrEntry 4 } 1670 snmpTargetAddrRetryCount OBJECT-TYPE 1671 SYNTAX Integer32 (0..255) 1672 MAX-ACCESS read-create 1673 STATUS current 1674 DESCRIPTION 1675 "This object specifies a default number of retries to be 1676 attempted when a response is not received for a generated 1677 message. An application may provide its own retry count, 1678 in which case the value of this object is ignored." 1679 DEFVAL { 3 } 1680 ::= { snmpTargetAddrEntry 5 } 1682 snmpTargetAddrTagList OBJECT-TYPE 1683 SYNTAX SnmpTagList 1684 MAX-ACCESS read-create 1685 STATUS current 1686 DESCRIPTION 1687 "This object contains a list of tag values which are 1688 used to select target addresses for a particular 1689 operation." 1690 ::= { snmpTargetAddrEntry 6 } 1692 snmpTargetAddrParams OBJECT-TYPE 1693 SYNTAX SnmpAdminString (SIZE(1..32)) 1694 MAX-ACCESS read-create 1695 STATUS current 1696 DESCRIPTION 1697 "The value of this object identifies an entry in the 1698 snmpTargetParamsTable. The identified entry 1699 contains SNMP parameters to be used when generating 1700 messages to be sent to this transport address." 1701 ::= { snmpTargetAddrEntry 7 } 1703 snmpTargetAddrStorageType OBJECT-TYPE 1704 SYNTAX StorageType 1705 MAX-ACCESS read-create 1706 STATUS current 1707 DESCRIPTION 1708 "The storage type for this conceptual row." 1709 ::= { snmpTargetAddrEntry 8 } 1711 snmpTargetAddrRowStatus OBJECT-TYPE 1712 SYNTAX RowStatus 1713 MAX-ACCESS read-create 1714 STATUS current 1715 DESCRIPTION 1716 "The status of this conceptual row. 1718 To create a row in this table, a manager must 1719 set this object to either createAndGo(4) or 1720 createAndWait(5). 1722 Until instances of all corresponding columns are 1723 appropriately configured, the value of the 1724 corresponding instance of the snmpTargetAddrRowStatus 1725 column is 'notReady'. 1727 In particular, a newly created row cannot be made 1728 active until the corresponding snmpTargetAddrTDomain 1729 and snmpTargetAddrTAddress have both been set. 1731 The following objects may not be modified while the 1732 value of this object is active(1): 1733 - snmpTargetAddrTDomain 1734 - snmpTargetAddrTAddress" 1735 ::= { snmpTargetAddrEntry 9 } 1737 snmpTargetParamsTable OBJECT-TYPE 1738 SYNTAX SEQUENCE OF SnmpTargetParamsEntry 1739 MAX-ACCESS not-accessible 1740 STATUS current 1741 DESCRIPTION 1742 "A table of SNMP target information to be used 1743 in the generation of SNMP messages." 1744 ::= { snmpTargetObjects 3 } 1746 snmpTargetParamsEntry OBJECT-TYPE 1747 SYNTAX SnmpTargetParamsEntry 1748 MAX-ACCESS not-accessible 1749 STATUS current 1750 DESCRIPTION 1751 "A set of SNMP target information. 1753 Entries in the snmpTargetParamsTable are created and 1754 deleted using the snmpTargetParamsRowStatus object." 1755 INDEX { IMPLIED snmpTargetParamsName } 1756 ::= { snmpTargetParamsTable 1 } 1758 SnmpTargetParamsEntry ::= SEQUENCE { 1759 snmpTargetParamsName SnmpAdminString, 1760 snmpTargetParamsMPModel SnmpMessageProcessingModel, 1761 snmpTargetParamsSecurityModel SnmpSecurityModel, 1762 snmpTargetParamsSecurityName SnmpAdminString, 1763 snmpTargetParamsSecurityLevel SnmpSecurityLevel, 1764 snmpTargetParamsStorageType StorageType, 1765 snmpTargetParamsRowStatus RowStatus 1766 } 1768 snmpTargetParamsName OBJECT-TYPE 1769 SYNTAX SnmpAdminString (SIZE(1..32)) 1770 MAX-ACCESS not-accessible 1771 STATUS current 1772 DESCRIPTION 1773 "The locally arbitrary, but unique identifier associated 1774 with this snmpTargetParamsEntry." 1775 ::= { snmpTargetParamsEntry 1 } 1777 snmpTargetParamsMPModel OBJECT-TYPE 1778 SYNTAX SnmpMessageProcessingModel 1779 MAX-ACCESS read-create 1780 STATUS current 1781 DESCRIPTION 1782 "The Message Processing Model to be used when generating 1783 SNMP messages using this entry." 1784 ::= { snmpTargetParamsEntry 2 } 1786 snmpTargetParamsSecurityModel OBJECT-TYPE 1787 SYNTAX SnmpSecurityModel (0..254 | 256..2147483647) 1788 MAX-ACCESS read-create 1789 STATUS current 1790 DESCRIPTION 1791 "The Security Model to be used when generating SNMP 1792 messages using this entry." 1793 ::= { snmpTargetParamsEntry 3 } 1795 snmpTargetParamsSecurityName OBJECT-TYPE 1796 SYNTAX SnmpAdminString 1797 MAX-ACCESS read-create 1798 STATUS current 1799 DESCRIPTION 1800 "The securityName which identifies the Principal on 1801 whose behalf SNMP messages will be generated using 1802 this entry." 1803 ::= { snmpTargetParamsEntry 4 } 1805 snmpTargetParamsSecurityLevel OBJECT-TYPE 1806 SYNTAX SnmpSecurityLevel 1807 MAX-ACCESS read-create 1808 STATUS current 1809 DESCRIPTION 1810 "The Level of Security to be used when generating 1811 SNMP messages using this entry." 1812 ::= { snmpTargetParamsEntry 5 } 1814 snmpTargetParamsStorageType OBJECT-TYPE 1815 SYNTAX StorageType 1816 MAX-ACCESS read-create 1817 STATUS current 1818 DESCRIPTION 1819 "The storage type for this conceptual row." 1820 ::= { snmpTargetParamsEntry 6 } 1822 snmpTargetParamsRowStatus OBJECT-TYPE 1823 SYNTAX RowStatus 1824 MAX-ACCESS read-create 1825 STATUS current 1826 DESCRIPTION 1827 "The status of this conceptual row. 1829 To create a row in this table, a manager must 1830 set this object to either createAndGo(4) or 1831 createAndWait(5). 1833 Until instances of all corresponding columns are 1834 appropriately configured, the value of the 1835 corresponding instance of the snmpTargetParamsRowStatus 1836 column is 'notReady'. 1838 In particular, a newly created row cannot be made 1839 active until the corresponding 1840 snmpTargetParamsMPModel, 1841 snmpTargetParamsSecurityModel, 1842 snmpTargetParamsSecurityName, 1843 and snmpTargetParamsSecurityLevel have all been set. 1845 The following objects may not be modified while the 1846 value of this object is active(1): 1847 - snmpTargetParamsMPModel 1848 - snmpTargetParamsSecurityModel 1849 - snmpTargetParamsSecurityName 1850 - snmpTargetParamsSecurityLevel" 1851 ::= { snmpTargetParamsEntry 7 } 1853 snmpUnavailableContexts OBJECT-TYPE 1854 SYNTAX Counter32 1855 MAX-ACCESS read-only 1856 STATUS current 1857 DESCRIPTION 1858 "The total number of packets received by the SNMP 1859 engine which were dropped because the context 1860 contained in the mesage was unavailable." 1861 ::= { snmpTargetObjects 4 } 1863 snmpUnknownContexts OBJECT-TYPE 1864 SYNTAX Counter32 1865 MAX-ACCESS read-only 1866 STATUS current 1867 DESCRIPTION 1868 "The total number of packets received by the SNMP 1869 engine which were dropped because the context 1870 contained in the mesage was unknown." 1872 ::= { snmpTargetObjects 5 } 1874 -- 1875 -- 1876 -- Conformance information 1877 -- 1878 -- 1880 snmpTargetCompliances OBJECT IDENTIFIER ::= 1881 { snmpTargetConformance 1 } 1882 snmpTargetGroups OBJECT IDENTIFIER ::= 1883 { snmpTargetConformance 2 } 1885 -- 1886 -- 1887 -- Compliance statements 1888 -- 1889 -- 1891 snmpTargetCommandResponderCompliance MODULE-COMPLIANCE 1892 STATUS current 1893 DESCRIPTION 1894 "The compliance statement for SNMP entities which include 1895 a command responder application." 1896 MODULE -- This Module 1897 MANDATORY-GROUPS { snmpTargetCommandResponderGroup } 1898 ::= { snmpTargetCompliances 1 } 1900 snmpTargetBasicGroup OBJECT-GROUP 1901 OBJECTS { 1902 snmpTargetSpinLock, 1903 snmpTargetAddrTDomain, 1904 snmpTargetAddrTAddress, 1905 snmpTargetAddrTagList, 1906 snmpTargetAddrParams, 1907 snmpTargetAddrStorageType, 1908 snmpTargetAddrRowStatus, 1909 snmpTargetParamsMPModel, 1910 snmpTargetParamsSecurityModel, 1911 snmpTargetParamsSecurityName, 1912 snmpTargetParamsSecurityLevel, 1913 snmpTargetParamsStorageType, 1914 snmpTargetParamsRowStatus 1915 } 1916 STATUS current 1917 DESCRIPTION 1918 "A collection of objects providing basic remote 1919 configuration of management targets." 1920 ::= { snmpTargetGroups 1 } 1922 snmpTargetResponseGroup OBJECT-GROUP 1923 OBJECTS { 1924 snmpTargetAddrTimeout, 1925 snmpTargetAddrRetryCount 1926 } 1927 STATUS current 1928 DESCRIPTION 1929 "A collection of objects providing remote configuration 1930 of management targets for applications which generate 1931 SNMP messages for which a response message would be 1932 expected." 1933 ::= { snmpTargetGroups 2 } 1935 snmpTargetCommandResponderGroup OBJECT-GROUP 1936 OBJECTS { 1937 snmpUnavailableContexts, 1938 snmpUnknownContexts 1939 } 1940 STATUS current 1941 DESCRIPTION 1942 "A collection of objects required for command responder 1943 applications, used for counting error conditions." 1944 ::= { snmpTargetGroups 3 } 1946 END 1948 4.2. The Notification MIB Module 1950 The SNMP-NOTIFICATION-MIB module contains objects for the remote 1951 configuration of the parameters used by an SNMP entity for the 1952 generation of notifications. It consists of three tables and 1953 conformance/compliance statements. The first table, the 1954 snmpNotifyTable, contains entries which select which entries in the 1955 snmpTargetAddrTable should be used for generating notifications, and 1956 the type of notifications to be generated. 1958 The second table sparsely augments the snmpTargetAddrTable with an 1959 object which is used to associate a set of filters with a particular 1960 management target. 1962 The third table defines filters which are used to limit the number of 1963 notifications which are generated using particular management 1964 targets. 1966 4.2.1. Definitions 1968 SNMP-NOTIFICATION-MIB DEFINITIONS ::= BEGIN 1970 IMPORTS 1971 MODULE-IDENTITY, 1972 OBJECT-TYPE, 1973 snmpModules 1974 FROM SNMPv2-SMI 1976 RowStatus, 1977 StorageType 1978 FROM SNMPv2-TC 1980 SnmpAdminString 1981 FROM SNMP-FRAMEWORK-MIB 1983 SnmpTagValue, 1984 snmpTargetParamsName 1985 FROM SNMP-TARGET-MIB 1987 MODULE-COMPLIANCE, 1988 OBJECT-GROUP 1989 FROM SNMPv2-CONF; 1991 snmpNotificationMIB MODULE-IDENTITY 1992 LAST-UPDATED "9707140000Z" 1993 ORGANIZATION "IETF SNMPv3 Working Group" 1994 CONTACT-INFO 1995 "WG-email: snmpv3@tis.com 1996 Subscribe: majordomo@tis.com 1997 In message body: subscribe snmpv3 1999 Chair: Russ Mundy 2000 Trusted Information Systems 2001 Postal: 3060 Washington Rd 2002 Glenwood MD 21738 2003 USA 2004 Email: mundy@tis.com 2005 Phone: +1-301-854-6889 2007 Co-editor: David B. Levi 2008 SNMP Research, Inc. 2009 Postal: 3001 Kimberlin Heights Road 2010 Knoxville, TN 37920-9716 2011 E-mail: levi@snmp.com 2012 Phone: +1 423 573 1434 2014 Co-editor: Paul Meyer 2015 Secure Computing Corporation 2016 Postal: 2675 Long Lake Road 2017 Roseville, MN 55113 2018 E-mail: paul_meyer@securecomputing.com 2019 Phone: +1 612 628 1592 2021 Co-editor: Bob Stewart 2022 Cisco Systems, Inc. 2023 Postal: 170 West Tasman Drive 2024 San Jose, CA 95134-1706 2025 E-mail: bstewart@cisco.com 2026 Phone: +1 603 654 6923" 2027 DESCRIPTION 2028 "This MIB module defines MIB objects which provide 2029 mechanisms to remotely configure the parameters 2030 used by an SNMP entity for the generation of 2031 notifications." 2032 REVISION "9707140000Z" 2033 DESCRIPTION 2034 "The initial revision." 2035 ::= { snmpModules 12 } -- TBD 2037 snmpNotifyObjects OBJECT IDENTIFIER ::= 2038 { snmpNotificationMIB 1 } 2039 snmpNotifyConformance OBJECT IDENTIFIER ::= 2040 { snmpNotificationMIB 3 } 2042 -- 2043 -- 2044 -- The snmpNotifyObjects group 2045 -- 2046 -- 2048 snmpNotifyTable OBJECT-TYPE 2049 SYNTAX SEQUENCE OF SnmpNotifyEntry 2050 MAX-ACCESS not-accessible 2051 STATUS current 2052 DESCRIPTION 2053 "This table is used to select management targets which should 2054 receive notifications, as well as the type of notification 2055 which should be sent to each selected management target." 2056 ::= { snmpNotifyObjects 1 } 2058 snmpNotifyEntry OBJECT-TYPE 2059 SYNTAX SnmpNotifyEntry 2060 MAX-ACCESS not-accessible 2061 STATUS current 2062 DESCRIPTION 2063 "An entry in this table selects a set of management targets 2064 which should receive notifications, as well as the type of 2065 notification which should be sent to each selected 2066 management target. 2068 Entries in the snmpNotifyTable are created and 2069 deleted using the snmpNotifyRowStatus object." 2070 INDEX { IMPLIED snmpNotifyName } 2071 ::= { snmpNotifyTable 1 } 2073 SnmpNotifyEntry ::= SEQUENCE { 2074 snmpNotifyName SnmpAdminString, 2075 snmpNotifyTag SnmpTagValue, 2076 snmpNotifyType INTEGER, 2077 snmpNotifyStorageType StorageType, 2078 snmpNotifyRowStatus RowStatus 2079 } 2081 snmpNotifyName OBJECT-TYPE 2082 SYNTAX SnmpAdminString (SIZE(1..32)) 2083 MAX-ACCESS not-accessible 2084 STATUS current 2085 DESCRIPTION 2086 "The locally arbitrary, but unique identifier associated 2087 with this snmpNotifyEntry." 2088 ::= { snmpNotifyEntry 1 } 2090 snmpNotifyTag OBJECT-TYPE 2091 SYNTAX SnmpTagValue 2092 MAX-ACCESS read-create 2093 STATUS current 2094 DESCRIPTION 2095 "This object contains a single tag value which is used 2096 to select entries in the snmpTargetAddrTable. Any entry 2097 in the snmpTargetAddrTable which contains a tag value 2098 which is equal to the value of an instance of this 2099 object is selected. If this object contains a value 2100 of zero length, no entries are selected." 2101 ::= { snmpNotifyEntry 2 } 2103 snmpNotifyType OBJECT-TYPE 2104 SYNTAX INTEGER { 2105 trap(1), 2106 inform(2) 2107 } 2108 MAX-ACCESS read-create 2109 STATUS current 2110 DESCRIPTION 2111 "This object determines the type of notification to 2112 be generated for entries in the snmpTargetAddrTable 2113 selected by the corresponding instance of 2114 snmpNotifyTag. 2116 If the value of this object is trap(1), then any 2117 messages generated for selected rows will contain 2118 SNMPv2-Trap PDUs. 2120 If the value of this object is inform(2), then any 2121 messages generated for selected rows will contain 2122 Inform PDUs. 2124 Note that if an SNMP entity only supports 2125 generation of traps (and not informs), then this 2126 object may be read-only." 2127 DEFVAL { trap } 2128 ::= { snmpNotifyEntry 3 } 2130 snmpNotifyStorageType OBJECT-TYPE 2131 SYNTAX StorageType 2132 MAX-ACCESS read-create 2133 STATUS current 2134 DESCRIPTION 2135 "The storage type for this conceptual row." 2136 ::= { snmpNotifyEntry 4 } 2138 snmpNotifyRowStatus OBJECT-TYPE 2139 SYNTAX RowStatus 2140 MAX-ACCESS read-create 2141 STATUS current 2142 DESCRIPTION 2143 "The status of this conceptual row. 2145 To create a row in this table, a manager must 2146 set this object to either createAndGo(4) or 2147 createAndWait(5). 2149 Until instances of all corresponding columns are 2150 appropriately configured, the value of the 2151 corresponding instance of the snmpNotifyRowStatus 2152 column is 'notReady'. 2154 In particular, a newly created row cannot be made 2155 active until the corresponding snmpNotifyTag has 2156 been set." 2157 ::= { snmpNotifyEntry 5 } 2159 snmpNotifyFilterProfileTable OBJECT-TYPE 2160 SYNTAX SEQUENCE OF SnmpNotifyFilterProfileEntry 2161 MAX-ACCESS not-accessible 2162 STATUS current 2163 DESCRIPTION 2164 "This table is used to associate a notification filter 2165 profile with a particular set of target parameters." 2166 ::= { snmpNotifyObjects 2 } 2168 snmpNotifyFilterProfileEntry OBJECT-TYPE 2169 SYNTAX SnmpNotifyFilterProfileEntry 2170 MAX-ACCESS not-accessible 2171 STATUS current 2172 DESCRIPTION 2173 "An entry in this table indicates the name of the filter 2174 profile to be used when generating notifications using 2175 the corresponding entry in the snmpTargetParamsTable. 2177 Entries in the snmpNotifyFilterProfileTable are created 2178 and deleted using the snmpNotifyFilterProfileRowStatus 2179 object." 2180 INDEX { IMPLIED snmpTargetParamsName } 2181 ::= { snmpNotifyFilterProfileTable 1 } 2183 SnmpNotifyFilterProfileEntry ::= SEQUENCE { 2184 snmpNotifyFilterProfileName SnmpAdminString, 2185 snmpNotifyFilterProfileStorType StorageType, 2186 snmpNotifyFilterProfileRowStatus RowStatus 2187 } 2189 snmpNotifyFilterProfileName OBJECT-TYPE 2190 SYNTAX SnmpAdminString (SIZE(1..32)) 2191 MAX-ACCESS read-create 2192 STATUS current 2193 DESCRIPTION 2194 "The name of the filter profile to be used when generating 2195 notifications using the corresponding entry in the 2196 snmpTargetAddrTable." 2197 ::= { snmpNotifyFilterProfileEntry 1 } 2199 snmpNotifyFilterProfileStorType OBJECT-TYPE 2200 SYNTAX StorageType 2201 MAX-ACCESS read-create 2202 STATUS current 2203 DESCRIPTION 2204 "The storage type of this conceptual row." 2205 ::= { snmpNotifyFilterProfileEntry 2 } 2207 snmpNotifyFilterProfileRowStatus OBJECT-TYPE 2208 SYNTAX RowStatus 2209 MAX-ACCESS read-create 2210 STATUS current 2211 DESCRIPTION 2212 "The status of this conceptual row. 2214 To create a row in this table, a manager must 2215 set this object to either createAndGo(4) or 2216 createAndWait(5)." 2217 ::= { snmpNotifyFilterProfileEntry 3 } 2219 snmpNotifyFilterTable OBJECT-TYPE 2220 SYNTAX SEQUENCE OF SnmpNotifyFilterEntry 2221 MAX-ACCESS not-accessible 2222 STATUS current 2223 DESCRIPTION 2224 "The table of filter profiles. Filter profiles are used 2225 to determine whether particular management targets should 2226 receive particular notifications. 2228 When a notification is generated, it must be compared 2229 with the filters associated with each management target 2230 which is configured to receive notifications. If the 2231 notification is matched by a filter, it is not sent to 2232 the management target with which the filter is 2233 associated." 2234 ::= { snmpNotifyObjects 3 } 2236 snmpNotifyFilterEntry OBJECT-TYPE 2237 SYNTAX SnmpNotifyFilterEntry 2238 MAX-ACCESS not-accessible 2239 STATUS current 2240 DESCRIPTION 2241 "An element of a filter profile. 2243 Entries in the snmpNotifyFilterTable are created and 2244 deleted using the snmpNotifyFilterRowStatus object." 2245 INDEX { snmpNotifyFilterProfileName, 2246 IMPLIED snmpNotifyFilterSubtree } 2247 ::= { snmpNotifyFilterTable 1 } 2249 SnmpNotifyFilterEntry ::= SEQUENCE { 2250 snmpNotifyFilterSubtree OBJECT IDENTIFIER, 2251 snmpNotifyFilterMask OCTET STRING, 2252 snmpNotifyFilterType INTEGER, 2253 snmpNotifyFilterStorageType StorageType, 2254 snmpNotifyFilterRowStatus RowStatus 2255 } 2257 snmpNotifyFilterSubtree OBJECT-TYPE 2258 SYNTAX OBJECT IDENTIFIER 2259 MAX-ACCESS not-accessible 2260 STATUS current 2261 DESCRIPTION 2262 "The MIB subtree which, when combined with the corresponding 2263 instance of snmpNotifyFilterMask, defines a family of 2264 subtrees which are included in or excluded from the 2265 filter profile." 2266 ::= { snmpNotifyFilterEntry 1 } 2268 snmpNotifyFilterMask OBJECT-TYPE 2269 SYNTAX OCTET STRING (SIZE(0..16)) 2270 MAX-ACCESS read-create 2271 STATUS current 2272 DESCRIPTION 2273 "The bit mask which, in combination with the corresponding 2274 instance of snmpNotifyFilterSubtree, defines a family of 2275 subtrees which are included in or excluded from the 2276 filter profile. 2278 Each bit of this bit mask corresponds to a 2279 sub-identifier of snmpNotifyFilterSubtree, with the 2280 most significant bit of the i-th octet of this octet 2281 string value (extended if necessary, see below) 2282 corresponding to the (8*i - 7)-th sub-identifier, and 2283 the least significant bit of the i-th octet of this 2284 octet string corresponding to the (8*i)-th 2285 sub-identifier, where i is in the range 1 through 16. 2287 Each bit of this bit mask specifies whether or not 2288 the corresponding sub-identifiers must match when 2289 determining if an OBJECT IDENTIFIER matches this 2290 family of filter subtrees; a '1' indicates that an 2291 exact match must occur; a '0' indicates 'wild card', 2292 i.e., any sub-identifier value matches. 2294 Thus, the OBJECT IDENTIFIER X of an object instance 2295 is contained in a family of filter subtrees if, for 2296 each sub-identifier of the value of 2297 snmpNotifyFilterSubtree, either: 2299 the i-th bit of snmpNotifyFilterMask is 0, or 2301 the i-th sub-identifier of X is equal to the i-th 2302 sub-identifier of the value of 2303 snmpNotifyFilterSubtree. 2305 If the value of this bit mask is M bits long and 2306 there are more than M sub-identifiers in the 2307 corresponding instance of snmpNotifyFilterSubtree, 2308 then the bit mask is extended with 1's to be the 2309 required length. 2311 Note that when the value of this object is the 2312 zero-length string, this extension rule results in 2313 a mask of all-1's being used (i.e., no 'wild card'), 2314 and the family of filter subtrees is the one 2315 subtree uniquely identified by the corresponding 2316 instance of snmpNotifyFilterSubtree." 2317 DEFVAL { ''H } 2318 ::= { snmpNotifyFilterEntry 2 } 2320 snmpNotifyFilterType OBJECT-TYPE 2321 SYNTAX INTEGER { 2322 included(1), 2323 excluded(2) 2324 } 2325 MAX-ACCESS read-create 2326 STATUS current 2327 DESCRIPTION 2328 "This object indicates whether the family of filter subtrees 2329 defined by this entry are included in or excluded from a 2330 filter." 2331 DEFVAL { included } 2332 ::= { snmpNotifyFilterEntry 3 } 2334 snmpNotifyFilterStorageType OBJECT-TYPE 2335 SYNTAX StorageType 2336 MAX-ACCESS read-create 2337 STATUS current 2338 DESCRIPTION 2339 "The storage type of this conceptual row." 2340 ::= { snmpNotifyFilterEntry 4 } 2342 snmpNotifyFilterRowStatus OBJECT-TYPE 2343 SYNTAX RowStatus 2344 MAX-ACCESS read-create 2345 STATUS current 2346 DESCRIPTION 2347 "The status of this conceptual row. 2349 To create a row in this table, a manager must 2350 set this object to either createAndGo(4) or 2351 createAndWait(5)." 2352 ::= { snmpNotifyFilterEntry 5 } 2354 -- 2355 -- 2356 -- Conformance information 2357 -- 2358 -- 2360 snmpNotifyCompliances OBJECT IDENTIFIER ::= 2361 { snmpNotifyConformance 1 } 2362 snmpNotifyGroups OBJECT IDENTIFIER ::= 2363 { snmpNotifyConformance 2 } 2365 -- 2366 -- 2367 -- Compliance statements 2368 -- 2369 -- 2371 snmpNotifyBasicCompliance MODULE-COMPLIANCE 2372 STATUS current 2373 DESCRIPTION 2374 "The compliance statement for minimal SNMP entities which 2375 implement only SNMP Traps and read-create operations on 2376 only the snmpTargetAddrTable." 2377 MODULE SNMP-TARGET-MIB 2378 MANDATORY-GROUPS { snmpTargetBasicGroup } 2380 OBJECT snmpTargetParamsMPModel 2381 MIN-ACCESS read-only 2382 DESCRIPTION 2383 "Create/delete/modify access is not required." 2385 OBJECT snmpTargetParamsSecurityModel 2386 MIN-ACCESS read-only 2387 DESCRIPTION 2388 "Create/delete/modify access is not required." 2390 OBJECT snmpTargetParamsSecurityName 2391 MIN-ACCESS read-only 2392 DESCRIPTION 2393 "Create/delete/modify access is not required." 2395 OBJECT snmpTargetParamsSecurityLevel 2396 MIN-ACCESS read-only 2397 DESCRIPTION 2398 "Create/delete/modify access is not required." 2400 OBJECT snmpTargetParamsStorageType 2401 SYNTAX INTEGER { 2402 readOnly(5) 2403 } 2404 MIN-ACCESS read-only 2405 DESCRIPTION 2406 "Create/delete/modify access is not required. 2407 Support of the values other(1), volatile(2), 2408 nonVolatile(3), and permanent(4) is not required." 2410 OBJECT snmpTargetParamsRowStatus 2411 SYNTAX INTEGER { 2412 active(1) 2413 } 2414 MIN-ACCESS read-only 2415 DESCRIPTION 2416 "Create/delete/modify access to the 2417 snmpTargetParamsTable is not required. 2418 Support of the values notInService(2), notReady(3), 2419 createAndGo(4), createAndWait(5), and destroy(6) is 2420 not required." 2422 MODULE -- This Module 2423 MANDATORY-GROUPS { snmpNotifyGroup } 2425 OBJECT snmpNotifyTag 2426 MIN-ACCESS read-only 2427 DESCRIPTION 2428 "Create/delete/modify access is not required." 2430 OBJECT snmpNotifyType 2431 SYNTAX INTEGER { 2432 trap(1) 2433 } 2434 MIN-ACCESS read-only 2435 DESCRIPTION 2436 "Create/delete/modify access is not required. 2437 Support of the value notify(2) is not required." 2439 OBJECT snmpNotifyStorageType 2440 SYNTAX INTEGER { 2441 readOnly(5) 2442 } 2443 MIN-ACCESS read-only 2444 DESCRIPTION 2445 "Create/delete/modify access is not required. 2446 Support of the values other(1), volatile(2), 2447 nonVolatile(3), and permanent(4) is not required." 2449 OBJECT snmpNotifyRowStatus 2450 SYNTAX INTEGER { 2451 active(1) 2452 } 2453 MIN-ACCESS read-only 2454 DESCRIPTION 2455 "Create/delete/modify access to the 2456 snmpNotifyTable is not required. 2457 Support of the values notInService(2), notReady(3), 2458 createAndGo(4), createAndWait(5), and destroy(6) is 2459 not required." 2461 ::= { snmpNotifyCompliances 1 } 2463 snmpNotifyBasicFiltersCompliance MODULE-COMPLIANCE 2464 STATUS current 2465 DESCRIPTION 2466 "The compliance statement for SNMP entities which implement 2467 SNMP Traps with filtering, and read-create operations on 2468 all related tables." 2469 MODULE SNMP-TARGET-MIB 2470 MANDATORY-GROUPS { snmpTargetBasicGroup } 2471 MODULE -- This Module 2472 MANDATORY-GROUPS { snmpNotifyGroup, 2473 snmpNotifyFilterGroup } 2474 ::= { snmpNotifyCompliances 2 } 2476 snmpNotifyFullCompliance MODULE-COMPLIANCE 2477 STATUS current 2478 DESCRIPTION 2479 "The compliance statement for SNMP entities which either 2480 implement only SNMP Informs, or both SNMP Traps and SNMP 2481 Informs, plus filtering and read-create operations on 2482 all related tables." 2483 MODULE SNMP-TARGET-MIB 2484 MANDATORY-GROUPS { snmpTargetBasicGroup, 2485 snmpTargetResponseGroup } 2486 MODULE -- This Module 2487 MANDATORY-GROUPS { snmpNotifyGroup, 2488 snmpNotifyFilterGroup } 2489 ::= { snmpNotifyCompliances 3 } 2491 snmpNotifyGroup OBJECT-GROUP 2492 OBJECTS { 2493 snmpNotifyTag, 2494 snmpNotifyType, 2495 snmpNotifyStorageType, 2496 snmpNotifyRowStatus 2497 } 2498 STATUS current 2499 DESCRIPTION 2500 "A collection of objects for selecting which management 2501 targets are used for generating notifications, and the 2502 type of notification to be generated for each selected 2503 management target." 2504 ::= { snmpNotifyGroups 1 } 2506 snmpNotifyFilterGroup OBJECT-GROUP 2507 OBJECTS { 2508 snmpNotifyFilterProfileName, 2509 snmpNotifyFilterProfileStorType, 2510 snmpNotifyFilterProfileRowStatus, 2511 snmpNotifyFilterMask, 2512 snmpNotifyFilterType, 2513 snmpNotifyFilterStorageType, 2514 snmpNotifyFilterRowStatus 2515 } 2516 STATUS current 2517 DESCRIPTION 2518 "A collection of objects providing remote configuration 2519 of notification filters." 2520 ::= { snmpNotifyGroups 2 } 2522 END 2524 4.3. The Proxy MIB Module 2526 The SNMP-PROXY-MIB module, which defines MIB objects that provide 2527 mechanisms to remotely configure the parameters used by an SNMP 2528 entity for proxy forwarding operations, contains a single table. 2529 This table, snmpProxyTable, is used to define translations between 2530 management targets for use when forwarding messages. 2532 4.3.1. Definitions 2534 SNMP-PROXY-MIB DEFINITIONS ::= BEGIN 2536 IMPORTS 2537 MODULE-IDENTITY, 2538 OBJECT-TYPE, 2539 snmpModules 2540 FROM SNMPv2-SMI 2542 RowStatus, 2543 StorageType 2544 FROM SNMPv2-TC 2546 SnmpEngineID, 2547 SnmpAdminString 2548 FROM SNMP-FRAMEWORK-MIB 2550 SnmpTagValue, 2551 FROM SNMP-TARGET-MIB 2553 MODULE-COMPLIANCE, 2554 OBJECT-GROUP 2555 FROM SNMPv2-CONF; 2557 snmpProxyMIB MODULE-IDENTITY 2558 LAST-UPDATED "9706140000Z" 2559 ORGANIZATION "IETF SNMPv3 Working Group" 2560 CONTACT-INFO 2561 "WG-email: snmpv3@tis.com 2562 Subscribe: majordomo@tis.com 2563 In message body: subscribe snmpv3 2565 Chair: Russ Mundy 2566 Trusted Information Systems 2567 Postal: 3060 Washington Rd 2568 Glenwood MD 21738 2569 USA 2571 Email: mundy@tis.com 2572 Phone: +1-301-854-6889 2574 Co-editor: David B. Levi 2575 SNMP Research, Inc. 2576 Postal: 3001 Kimberlin Heights Road 2577 Knoxville, TN 37920-9716 2578 E-mail: levi@snmp.com 2579 Phone: +1 423 573 1434 2581 Co-editor: Paul Meyer 2582 Secure Computing Corporation 2583 Postal: 2675 Long Lake Road 2584 Roseville, MN 55113 2585 E-mail: paul_meyer@securecomputing.com 2586 Phone: +1 612 628 1592 2588 Co-editor: Bob Stewart 2589 Cisco Systems, Inc. 2590 Postal: 170 West Tasman Drive 2591 San Jose, CA 95134-1706 2592 E-mail: bstewart@cisco.com 2593 Phone: +1 603 654 6923" 2594 DESCRIPTION 2595 "This MIB module defines MIB objects which provide 2596 mechanisms to remotely configure the parameters 2597 used by a proxy forwarding application." 2598 REVISION "9707140000Z" 2599 DESCRIPTION 2600 "The initial revision." 2601 ::= { snmpModules 13 } -- TBD 2603 snmpProxyObjects OBJECT IDENTIFIER ::= { snmpProxyMIB 1 } 2604 snmpProxyConformance OBJECT IDENTIFIER ::= { snmpProxyMIB 3 } 2606 -- 2607 -- 2608 -- The snmpProxyObjects group 2609 -- 2610 -- 2612 snmpProxyTable OBJECT-TYPE 2613 SYNTAX SEQUENCE OF SnmpProxyEntry 2614 MAX-ACCESS not-accessible 2615 STATUS current 2616 DESCRIPTION 2617 "The table of translation parameters used by proxy forwarder 2618 applications for forwarding SNMP messages." 2619 ::= { snmpProxyObjects 2 } 2621 snmpProxyEntry OBJECT-TYPE 2622 SYNTAX SnmpProxyEntry 2623 MAX-ACCESS not-accessible 2624 STATUS current 2625 DESCRIPTION 2626 "A set of translation parameters used by a proxy forwarder 2627 application for forwarding SNMP messages. 2629 Entries in the snmpProxyTable are created and deleted 2630 using the snmpProxyRowStatus object." 2631 INDEX { IMPLIED snmpProxyName } 2632 ::= { snmpProxyTable 1 } 2634 SnmpProxyEntry ::= SEQUENCE { 2635 snmpProxyName SnmpAdminString, 2636 snmpProxyType INTEGER, 2637 snmpProxyContextEngineID SnmpEngineID, 2638 snmpProxyContextName SnmpAdminString, 2639 snmpProxyTargetParamsIn SnmpAdminString, 2640 snmpProxySingleTargetOut SnmpAdminString, 2641 snmpProxyMultipleTargetOut SnmpTagValue, 2642 snmpProxyStorageType StorageType, 2643 snmpProxyRowStatus RowStatus 2644 } 2646 snmpProxyName OBJECT-TYPE 2647 SYNTAX SnmpAdminString (SIZE(1..32)) 2648 MAX-ACCESS not-accessible 2649 STATUS current 2650 DESCRIPTION 2651 "The locally arbitrary, but unique identifier associated 2652 with this snmpProxyEntry." 2653 ::= { snmpProxyEntry 1 } 2655 snmpProxyType OBJECT-TYPE 2656 SYNTAX INTEGER { 2657 read(1), 2658 write(2), 2659 trap(3), 2660 inform(4) 2661 } 2662 MAX-ACCESS read-create 2663 STATUS current 2664 DESCRIPTION 2665 "The type of message that may be forwarded using 2666 the translation parameters defined by this entry." 2667 ::= { snmpProxyEntry 2 } 2669 snmpProxyContextEngineID OBJECT-TYPE 2670 SYNTAX SnmpEngineID 2671 MAX-ACCESS read-create 2672 STATUS current 2673 DESCRIPTION 2674 "The contextEngineID contained in messages that 2675 may be forwarded using the translation parameters 2676 defined by this entry." 2677 ::= { snmpProxyEntry 3 } 2679 snmpProxyContextName OBJECT-TYPE 2680 SYNTAX SnmpAdminString 2681 MAX-ACCESS read-create 2682 STATUS current 2683 DESCRIPTION 2684 "The contextName contained in messages that may be 2685 forwarded using the translation parameters defined 2686 by this entry. 2688 This object is optional, and if not supported, the 2689 contextName contained in a message is ignored when 2690 selecting an entry in the snmpProxyTable." 2691 ::= { snmpProxyEntry 4 } 2693 snmpProxyTargetParamsIn OBJECT-TYPE 2694 SYNTAX SnmpAdminString 2695 MAX-ACCESS read-create 2696 STATUS current 2697 DESCRIPTION 2698 "This object selects an entry in the snmpTargetParamsTable. 2699 The selected entry is used to determine which row of the 2700 snmpProxyTable to use for forwarding received messages." 2701 ::= { snmpProxyEntry 5 } 2703 snmpProxySingleTargetOut OBJECT-TYPE 2704 SYNTAX SnmpAdminString 2705 MAX-ACCESS read-create 2706 STATUS current 2707 DESCRIPTION 2708 "This object selects a management target defined in the 2709 snmpTargetAddrTable (in the SNMP-TARGET-MIB). The 2710 selected target is defined by an entry in the 2711 snmpTargetAddrTable whose index value (snmpTargetAddrName) 2712 is equal to this object. 2714 This object is only used when selection of a single 2715 target is required (i.e. when forwarding an incoming 2716 read or write request)." 2717 ::= { snmpProxyEntry 6 } 2719 snmpProxyMultipleTargetOut OBJECT-TYPE 2720 SYNTAX SnmpTagValue 2721 MAX-ACCESS read-create 2722 STATUS current 2723 DESCRIPTION 2724 "This object selects a set of management targets defined 2725 in the snmpTargetAddrTable (in the SNMP-TARGET-MIB). 2727 This object is only used when selection of multiple 2728 targets is required (i.e. when forwarding an incoming 2729 notification)." 2730 ::= { snmpProxyEntry 7 } 2732 snmpProxyStorageType OBJECT-TYPE 2733 SYNTAX StorageType 2734 MAX-ACCESS read-create 2735 STATUS current 2736 DESCRIPTION 2737 "The storage type of this conceptual row." 2738 ::= { snmpProxyEntry 8 } 2740 snmpProxyRowStatus OBJECT-TYPE 2741 SYNTAX RowStatus 2742 MAX-ACCESS read-create 2743 STATUS current 2744 DESCRIPTION 2745 "The status of this conceptual row. 2747 To create a row in this table, a manager must 2748 set this object to either createAndGo(4) or 2749 createAndWait(5). 2751 The following objects may not be modified while the 2752 value of this object is active(1): 2753 - snmpProxyType 2754 - snmpProxyContextEngineID 2755 - snmpProxyContextName 2756 - snmpProxyTargetParamsIn 2757 - snmpProxySingleTargetOut 2758 - snmpProxyMultipleTargetOut" 2760 ::= { snmpProxyEntry 9 } 2762 -- 2763 -- 2764 -- Conformance information 2765 -- 2766 -- 2768 snmpProxyCompliances OBJECT IDENTIFIER ::= 2769 { snmpProxyConformance 1 } 2770 snmpProxyGroups OBJECT IDENTIFIER ::= 2771 { snmpProxyConformance 2 } 2773 -- 2774 -- 2775 -- Compliance statements 2776 -- 2777 -- 2779 snmpProxyCompliance MODULE-COMPLIANCE 2780 STATUS current 2781 DESCRIPTION 2782 "The compliance statement for SNMP entities which include 2783 a proxy forwarding application." 2784 MODULE SNMP-TARGET-MIB 2785 MANDATORY-GROUPS { snmpTargetBasicGroup, 2786 snmpTargetResponseGroup } 2787 MODULE -- This Module 2788 MANDATORY-GROUPS { snmpProxyGroup } 2789 ::= { snmpProxyCompliances 1 } 2791 snmpProxyGroup OBJECT-GROUP 2792 OBJECTS { 2793 snmpProxyType, 2794 snmpProxyContextEngineID, 2795 snmpProxyContextName, 2796 snmpProxyTargetParamsIn, 2797 snmpProxySingleTargetOut, 2798 snmpProxyMultipleTargetOut, 2799 snmpProxyStorageType, 2800 snmpProxyRowStatus 2801 } 2802 STATUS current 2803 DESCRIPTION 2804 "A collection of objects providing remote configuration of 2805 management target translation parameters for use by 2806 proxy forwarder applications." 2808 ::= { snmpProxyGroups 3 } 2810 END 2812 5. Identification of Management Targets in Notification Originators 2814 This section describes the mechanisms used by a notification 2815 originator application when using the MIB module described in this 2816 document to determine the set of management targets to be used when 2817 generating a notification. 2819 A notification originator uses the snmpNotifyTable to find the 2820 management targets to be used for generating notifications. Each 2821 active entry in this table identifies zero or more entries in the 2822 snmpTargetAddrTable. Any entry in the snmpTargetAddrTable whose 2823 snmpTargetAddrTagList object contains a tag value which is equal to a 2824 value of snmpNotifyTag is selected by the snmpNotifyEntry which 2825 contains that instance of snmpNotifyTag. Note that a particular 2826 snmpTargetAddrEntry may be selected by multiple entries in the 2827 snmpNotifyTable, resulting in multiple notifications being generated 2828 using that snmpTargetAddrEntry. 2830 Each snmpTargetAddrEntry contains a pointer to the 2831 snmpTargetParamsTable (snmpTargetAddrParams). This pointer selects a 2832 set of SNMP parameters to be used for generating notifications. If 2833 the selected entry in the snmpTargetParamsTable does not exist, the 2834 management target is not used to generate notifications. 2836 The decision as to whether a notification should contain an SNMPv2- 2837 Trap or Inform PDU is determined by the value of the snmpNotifyType 2838 object. If the value of this object is trap(1), the notification 2839 should contain an SNMPv2-Trap PDU. If the value of this object is 2840 inform(2), then the notification should contain an Inform PDU, and 2841 the timeout time and number of retries for the Inform are the value 2842 of snmpTargetAddrTimeout and snmpTargetAddrRetryCount. Note that the 2843 exception to these rules is when the snmpTargetParamsMPModel object 2844 indicates SNMPv1. In this case, the notification is sent as a Trap 2845 if the value of snmpNotifyTargetType is either trap(1) or inform(2). 2847 6. Notification Filtering 2849 This section describes the mechanisms used by a notification 2850 originator application when using the MIB module described in this 2851 document to filter generation of notifications. 2853 A notification originator uses the snmpNotifyFilterTable to filter 2854 notifications. A notification filter profile may be associated with 2855 a particular entry in the snmpTargetParamsTable. The associated 2856 filter profile is identified by an entry in the 2857 snmpNotifyFilterProfileTable whose index is equal to the index of the 2858 entry in the snmpTargetParamsTable. If no such entry exists in the 2859 snmpNotifyFilterProfileTable, no filtering is performed for that 2860 management target. 2862 If such an entry does exist, the value of snmpNotifyFilterProfileName 2863 of the entry is compared with the corresponding portion of the index 2864 of all active entries in the snmpNotifyFilterTable. All such entries 2865 for which this comparison results in an exact match are used for 2866 filtering a notification generated using the associated 2867 snmpTargetParamsEntry. If no such entries exist, no filtering is 2868 performed, and a notification may be sent to the management target. 2870 Otherwise, if matching entries do exist, a notification may be sent 2871 if the NOTIFICATION-TYPE OBJECT IDENTIFIER of the notification (this 2872 is the value of the element of the variable bindings whose name is 2873 snmpTrapOID.0, i.e., the second variable binding), and all of the 2874 object instances to be included in the variable-bindings of the 2875 notification, are not specifically excluded by the matching entries. 2877 Each set of snmpNotifyFilterTable entries is divided into two 2878 collections of filter subtrees: the included filter subtrees, and 2879 the excluded filter subtrees. The snmpNotifyFilterType object 2880 defines the collection to which each matching entry belongs. 2882 To determine whether a particular notification name or object 2883 instance is excluded by the set of matching entries, compare the 2884 notification name's or object instance's OBJECT IDENTIFIER with each 2885 of the matching entries. If none match, then the notification name 2886 or object instance is considered excluded, and the notification 2887 should not be sent to this management target. If one or more match, 2888 then the notification name or object instance is included or 2889 excluded, according to the value of snmpNotifyFilterType in the entry 2890 whose value of snmpNotifyFilterSubtree has the most sub-identifiers. 2891 If multiple entries match and have the same number of sub- 2892 identifiers, then the lexicographically greatest instance of 2893 snmpNotifyFilterType among those which match determines the inclusion 2894 or exclusion. 2896 A notification name's or object instance's OBJECT IDENTIFIER X 2897 matches an entry in the snmpNotifyFilterTable when the number of 2898 sub-identifiers in X is at least as many as in the value of 2899 snmpNotifyFilterSubtree for the entry, and each sub-identifier in the 2900 value of snmpNotifyFilterSubtree matches its corresponding sub- 2901 identifier in X. Two sub-identifiers match either if the 2902 corresponding bit of snmpNotifyFilterMask is zero (the 'wild card' 2903 value), or if the two sub-identifiers are equal. 2905 7. Management Target Translation in Proxy Forwarder Applications 2907 This section describes the mechanisms used by a proxy forwarder 2908 application when using the MIB module described in this document to 2909 translate incoming management target information into outgoing 2910 management target information for the purpose of forwarding messages. 2911 There are actually two mechanisms a proxy forwarder may use, one for 2912 forwarding request messages, and one for forwarding notification 2913 messages. 2915 7.1. Management Target Translation for Request Forwarding 2917 When forwarding request messages, the proxy forwarder will select a 2918 single entry in the snmpProxyTable. To select this entry, it will 2919 perform the following comparisons: 2921 - The snmpProxyType must be read(1) if the request is a Get, 2922 GetNext, or GetBulk request. The snmpProxyType must be 2923 write(2) if the request is a Set request. 2925 - The contextEngineId must equal the snmpProxyContextEngineID 2926 object. 2928 - If the snmpProxyContextName object is supported, it must equal 2929 the contextName. 2931 - The snmpProxyTargetParamsIn object identifies an entry in the 2932 snmpTargetParamsTable. The messageProcessingModel, 2933 securityLevel, security model, and securityName must match the 2934 values of snmpTargetParamsMPModel, 2935 snmpTargetParamsSecurityModel, snmpTargetParamsSecurityName, 2936 and snmpTargetParamsSecurityLevel of the identified entry in 2937 the snmpTargetParamsTable. 2939 There may be multiple entries in the snmpProxyTable for which these 2940 comparisons succeed. The entry whose snmpProxyName has the 2941 lexicographically smallest value and for which the comparisons 2942 succeed will be selected by the proxy forwarder. 2944 The outgoing management target information is identified by the value 2945 of the snmpProxySingleTargetOut object of the selected entry. This 2946 object identifies an entry in the snmpTargetAddrTable. The 2947 identified entry in the snmpTargetAddrTable also contains a reference 2948 to the snmpTargetParamsTable (snmpTargetAddrParams). If either the 2949 identified entry in the snmpTargetAddrTable does not exist, or the 2950 identified entry in the snmpTargetParamsTable does not exist, then 2951 this snmpProxyEntry does not identify valid forwarding information, 2952 and the proxy forwarder should attempt to identify another row. 2954 If there is no entry in the snmpProxyTable for which all of the 2955 conditions above may be met, then there is no appropriate forwarding 2956 information, and the proxy forwarder should take appropriate actions. 2958 Otherwise, The snmpTargetAddrTDomain, snmpTargetAddrTAddress, 2959 snmpTargetAddrTimeout, and snmpTargetRetryCount of the identified 2960 snmpTargetAddrEntry, and the snmpTargetParamsMPModel, 2961 snmpTargetParamsSecurityModel, snmpTargetParamsSecurityName, and 2962 snmpTargetParamsSecurityLevel of the identified snmpTargetParamsEntry 2963 are used as the destination management target. 2965 7.2. Management Target Translation for Notification Forwarding 2967 When forwarding notification messages, the proxy forwarder will 2968 select multiple entries in the snmpProxyTable. To select these 2969 entries, it will perform the following comparisons: 2971 - The snmpProxyType must be trap(3) if the notification is a 2972 Trap. The snmpProxyType must be inform(4) if the request is 2973 an Inform. 2975 - The contextEngineId must equal the snmpProxyContextEngineID 2976 object. 2978 - If the snmpProxyContextName object is supported, it must equal 2979 the contextName. 2981 - The snmpProxyTargetParamsIn object identifies an entry in the 2982 snmpTargetParamsTable. The messageProcessingModel, 2983 securityLevel, security model, and securityName must match the 2984 values of snmpTargetParamsMPModel, 2985 snmpTargetParamsSecurityModel, snmpTargetParamsSecurityName, 2986 and snmpTargetParamsSecurityLevel of the identified entry in 2987 the snmpTargetParamsTable. 2989 All entries for which these conditions are met are selected. The 2990 snmpProxyMultipleTargetOut object of each such entry is used to 2991 select a set of entries in the snmpTargetAddrTable. Any 2992 snmpTargetAddrEntry whose snmpTargetAddrTagList object contains a tag 2993 value equal to the value of snmpProxyMultipleTargetOut, and whose 2994 snmpTargetAddrParams object references an existing entry in the 2995 snmpTargetParamsTable, is selected as a destination for the forwarded 2996 notification. 2998 8. Intellectual Property 3000 The IETF takes no position regarding the validity or scope of any 3001 intellectual property or other rights that might be claimed to 3002 pertain to the implementation or use of the technology described in 3003 this document or the extent to which any license under such rights 3004 might or might not be available; neither does it represent that it 3005 has made any effort to identify any such rights. Information on the 3006 IETF's procedures with respect to rights in standards-track and 3007 standards-related documentation can be found in BCP-11. Copies of 3008 claims of rights made available for publication and any assurances of 3009 licenses to be made available, or the result of an attempt made to 3010 obtain a general license or permission for the use of such 3011 proprietary rights by implementors or users of this specification can 3012 be obtained from the IETF Secretariat. 3014 The IETF invites any interested party to bring to its attention any 3015 copyrights, patents or patent applications, or other proprietary 3016 rights which may cover technology that may be required to practice 3017 this standard. Please address the information to the IETF Executive 3018 Director. 3020 9. Acknowledgments 3022 This document is the result of the efforts of the SNMPv3 Working 3023 Group. Some special thanks are in order to the following SNMPv3 WG 3024 members: 3026 Dave Battle (SNMP Research, Inc.) 3027 Uri Blumenthal (IBM T.J. Watson Research Center) 3028 Jeff Case (SNMP Research, Inc.) 3029 John Curran (BBN) 3030 T. Max Devlin (Hi-TECH Connections) 3031 John Flick (Hewlett Packard) 3032 David Harrington (Cabletron Systems Inc.) 3033 N.C. Hien (IBM T.J. Watson Research Center) 3034 Dave Levi (SNMP Research, Inc.) 3035 Louis A Mamakos (UUNET Technologies Inc.) 3036 Paul Meyer (Secure Computing Corporation) 3037 Keith McCloghrie (Cisco Systems) 3038 Russ Mundy (Trusted Information Systems, Inc.) 3039 Bob Natale (ACE*COMM Corporation) 3040 Mike O'Dell (UUNET Technologies Inc.) 3041 Dave Perkins (DeskTalk) 3042 Peter Polkinghorne (Brunel University) 3043 Randy Presuhn (BMC Software, Inc.) 3044 David Reid (SNMP Research, Inc.) 3045 Shawn Routhier (Epilogue) 3046 Juergen Schoenwaelder (TU Braunschweig) 3047 Bob Stewart (Cisco Systems) 3048 Bert Wijnen (IBM T.J. Watson Research Center) 3050 The document is based on recommendations of the IETF Security and 3051 Administrative Framework Evolution for SNMP Advisory Team. Members of 3052 that Advisory Team were: 3054 David Harrington (Cabletron Systems Inc.) 3055 Jeff Johnson (Cisco Systems) 3056 David Levi (SNMP Research Inc.) 3057 John Linn (Openvision) 3058 Russ Mundy (Trusted Information Systems) chair 3059 Shawn Routhier (Epilogue) 3060 Glenn Waters (Nortel) 3061 Bert Wijnen (IBM T. J. Watson Research Center) 3063 As recommended by the Advisory Team and the SNMPv3 Working Group 3064 Charter, the design incorporates as much as practical from previous 3065 RFCs and drafts. As a result, special thanks are due to the authors 3066 of previous designs known as SNMPv2u and SNMPv2*: 3068 Jeff Case (SNMP Research, Inc.) 3069 David Harrington (Cabletron Systems Inc.) 3070 David Levi (SNMP Research, Inc.) 3071 Keith McCloghrie (Cisco Systems) 3072 Brian O'Keefe (Hewlett Packard) 3073 Marshall T. Rose (Dover Beach Consulting) 3074 Jon Saperia (BGS Systems Inc.) 3075 Steve Waldbusser (International Network Services) 3076 Glenn W. Waters (Bell-Northern Research Ltd.) 3078 10. Security Considerations 3080 The SNMP applications described in this document typically have 3081 direct access to MIB instrumentation. Thus, it is very important 3082 that these applications be strict in their application of access 3083 control as described in this document. 3085 In addition, there may be some types of notification generator 3086 applications which, rather than accessing MIB instrumentation using 3087 access control, will obtain MIB information through other means (such 3088 as from a command line). The implementors and users of such 3089 applications must be responsible for not divulging MIB information 3090 that normally would be inaccessible due to access control. 3092 11. References 3094 [RFC1157] 3095 Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network 3096 Management Protocol", RFC 1157, SNMP Research, Performance Systems 3097 International, Performance Systems International, MIT Laboratory 3098 for Computer Science, May 1990. 3100 [RFC1213] 3101 McCloghrie, K., and M. Rose, Editors, "Management Information Base 3102 for Network Management of TCP/IP-based internets: MIB-II", STD 17, 3103 RFC 1213, Hughes LAN Systems, Performance Systems International, 3104 March 1991. 3106 [RFC1902] 3107 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3108 Waldbusser, "Structure of Management Information for Version 2 of 3109 the Simple Network Management Protocol (SNMPv2)", RFC1902, SNMP 3110 Research,Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., 3111 International Network Services, January 1996. 3113 [RFC1903] 3114 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3115 Waldbusser, "Textual Conventions for Version 2 of the Simple 3116 Network Management Protocol (SNMPv2)", RFC1903, SNMP Research,Inc., 3117 Cisco Systems, Inc., Dover Beach Consulting, Inc., International 3118 Network Services, January 1996. 3120 [RFC1905] 3121 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3122 Waldbusser, "Protocol Operations for Version 2 of the Simple 3123 Network Management Protocol (SNMPv2)", RFC1905, SNMP Research,Inc., 3124 Cisco Systems, Inc., Dover Beach Consulting, Inc., International 3125 Network Services, January 1996. 3127 [RFC1907] 3128 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3129 Waldbusser, "Management Information Base for Version 2 of the 3130 Simple Network Management Protocol (SNMPv2)", RFC1905, SNMP 3131 Research,Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., 3132 International Network Services, January 1996. 3134 [RFC1908] 3135 SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 3136 Waldbusser, "Coexistence between Version 1 and Version 2 of the 3137 Internet-standard Network Management Framework", RFC1905, SNMP 3138 Research,Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., 3139 International Network Services, January 1996. 3141 [SNMP-ARCH] 3142 The SNMPv3 Working Group, Harrington, D., Wijnen, B., "An 3143 Architecture for Describing SNMP Management Frameworks", draft- 3144 ietf-snmpv3-next-gen-arch-06.txt, September 1997. 3146 [SNMP-MPD] 3147 The SNMPv3 Working Group, Case, J., Harrington, D., Wijnen, B., 3148 "Message Processing and Dispatching for the Simple Network 3149 Management Protocol (SNMP)", draft-ietf-snmpv3-v3mpc-model-06.txt, 3150 October 1997. 3152 [SNMP-ACM] 3153 The SNMPv3 Working Group, Wijnen, B., Presuhn, R., McCloghrie, K., 3154 "View-based Access Control Model for the Simple Network Management 3155 Protocol (SNMP)", draft-ietf-snmpv3-acm-04.txt, September 1997. 3157 12. Editor's Address 3159 David B. Levi 3160 SNMP Research, Inc. 3161 3001 Kimberlin Heights Road 3162 Knoxville, TN 37920-9716 3163 U.S.A. 3164 Phone: +1 423 573 1434 3165 EMail: levi@snmp.com 3167 Paul Meyer 3168 Secure Computing Corporation 3169 2675 Long Lake Road 3170 Roseville, MN 55113 3171 U.S.A. 3172 Phone: +1 612 628 1592 3173 EMail: paul_meyer@securecomputing.com 3175 Bob Stewart 3176 Cisco Systems, Inc. 3177 170 West Tasman Drive 3178 San Jose, CA 95134-1706 3179 U.S.A. 3180 Phone: +1 603 654 6923 3181 EMail: bstewart@cisco.com 3183 APPENDIX A - Trap Configuration Example 3185 This section describes an example configuration for a Notification 3186 Generator application which implements the snmpNotifyBasicCompliance 3187 level. The example configuration specifies that the Notification 3188 Generator should send notifications to 3 separate managers, using 3189 authentication and no privacy for the first 2 managers, and using 3190 both authentication and privacy for the third manager. 3192 The configuration consists of three rows in the snmpTargetAddrTable, 3193 and two rows in the snmpTargetTable. 3195 snmpTargetAddrName SnmpAdminString, 3196 snmpTargetAddrTDomain TDomain, 3197 snmpTargetAddrTAddress TAddress, 3198 snmpTargetAddrTimeout TimeInterval, 3199 snmpTargetAddrRetryCount Integer32, 3200 snmpTargetAddrTagList SnmpAdminString, 3201 snmpTargetAddrParams SnmpAdminString, 3202 snmpTargetAddrStorageType StorageType, 3203 snmpTargetAddrRowStatus RowStatus 3205 * snmpTargetAddrName = "addr1" 3206 snmpTargetAddrTDomain = snmpUDPDomain 3207 snmpTargetAddrTAddress = 128.1.2.3:162 3208 snmpTargetAddrTagList = "group1" 3209 snmpTargetAddrParams = "AuthNoPriv joe" 3210 snmpTargetAddrStorageType = readOnly(5) 3211 snmpTargetAddrRowStatus = active(1) 3213 * snmpTargetAddrName = "addr2" 3214 snmpTargetAddrTDomain = snmpUDPDomain 3215 snmpTargetAddrTAddress = 128.2.4.6:162 3216 snmpTargetAddrTagList = "group1" 3217 snmpTargetAddrParams = "AuthNoPriv-joe" 3218 snmpTargetAddrStorageType = readOnly(5) 3219 snmpTargetAddrRowStatus = active(1) 3221 * snmpTargetAddrName = "addr3" 3222 snmpTargetAddrTDomain = snmpUDPDomain 3223 snmpTargetAddrTAddress = 128.1.2.3:162 3224 snmpTargetAddrTagList = "group2" 3225 snmpTargetAddrParams = "AuthPriv-bob" 3226 snmpTargetAddrStorageType = readOnly(5) 3227 snmpTargetAddrRowStatus = active(1) 3229 * snmpTargetParamsName = "AuthNoPriv-joe" 3230 snmpTargetParamsMPModel = 3 3231 snmpTargetParamsSecurityModel = 3 (USM) 3232 snmpTargetParamsSecurityName = "joe" 3233 snmpTargetParamsSecurityLevel = authNoPriv(2) 3234 snmpTargetParamsStorageType = readOnly(5) 3235 snmpTargetParamsRowStatus = active(1) 3237 * snmpTargetParamsName = "AuthPriv-bob" 3238 snmpTargetParamsMPModel = 3 3239 snmpTargetParamsSecurityModel = 3 (USM) 3240 snmpTargetParamsSecurityName = "bob" 3241 snmpTargetParamsSecurityLevel = authPriv(3) 3242 snmpTargetParamsStorageType = readOnly(5) 3243 snmpTargetParamsRowStatus = active(1) 3245 * snmpNotifyName = "group1" 3246 snmpNotifyTag = "group1" 3247 snmpNotifyType = trap(1) 3248 snmpNotifyStorageType = readOnly(5) 3249 snmpNotifyRowStatus = active(1) 3251 * snmpNotifyName = "group2" 3252 snmpNotifyTag = "group2" 3253 snmpNotifyType = trap(1) 3254 snmpNotifyStorageType = readOnly(5) 3255 snmpNotifyRowStatus = active(1) 3257 These entries define two groups of management targets. The first 3258 group contains two management targets: 3260 first target second target 3261 ------------ ------------- 3262 messageProcessingModel SNMPv3 SNMPv3 3263 securityModel 3 (USM) 3 (USM) 3264 securityName "joe" "joe" 3265 securityLevel authNoPriv(2) authNoPriv(2) 3266 transportDomain snmpUDPDomain snmpUDPDomain 3267 transportAddress 128.1.2.3:162 128.2.4.6:162 3269 And the second group contains a single management target: 3271 messageProcessingModel SNMPv3 3272 securityLevel authPriv(3) 3273 securityModel 3 (USM) 3274 securityName "bob" 3275 transportDomain snmpUDPDomain 3276 transportAddress 128.1.5.9:162 3278 B. Full Copyright Statement 3280 This document and translations of it may be copied and furnished to 3281 others, and derivative works that comment on or otherwise explain it 3282 or assist in its implmentation may be prepared, copied, published and 3283 distributed, in whole or in part, without restriction of any kind, 3284 provided that the above copyright notice and this paragraph are 3285 included on all such copies and derivative works. However, this 3286 document itself may not be modified in any way, such as by removing 3287 the copyright notice or references to the Internet Society or other 3288 Internet organizations, except as needed for the purpose of 3289 developing Internet standards in which case the procedures for 3290 copyrights defined in the Internet Standards process must be 3291 followed, or as required to translate it into languages other than 3292 English. 3294 The limited permissions granted above are perpetual and will not be 3295 revoked by the Internet Society or its successors or assigns. 3297 This document and the information contained herein is provided on an 3298 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 3299 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 3300 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 3301 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 3302 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.